Allow system server and networkstack to write to stats BPF maps.
BPF traffic accounting is moving to the system server, so the
system server needs to be able to write to them. For simplicity,
use the NET_BW_ACCT group: while this group contains lots of
other things (e.g., anything that has the UPDATE_DEVICE_STATS
permission), access to the maps will be further restricted to
system server and networkstack by selinux.
Netd will continue to be able to read and write these maps via
DAC_OVERRIDE. Before T, direct netd access to all these maps
except the cookie_tag_map will be removed.
Test: m
Test: builds, boots
Test: atest android.net.cts.TrafficStatsTest
Change-Id: I4b54a1969b62440afbd8d47c3072f442d75e9baa
1 file changed