diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2020-06-25 01:02:43 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2020-06-25 01:02:43 +0000 |
| commit | b1cefe2668b0c5a4364bdbb1c89b53ad136293a2 (patch) | |
| tree | d69000a3f845dd9ef34e9c57599ce5476192e993 | |
| parent | d5ce32796bf4941fa78b0b6a70faee2edbcf7f11 (diff) | |
| parent | 5a0fdfa8e81b15af4b2b10f9220b3279182f9223 (diff) | |
| download | platform_system_bpf-android11-release.tar.gz platform_system_bpf-android11-release.tar.bz2 platform_system_bpf-android11-release.zip | |
Snap for 6626121 from 5a0fdfa8e81b15af4b2b10f9220b3279182f9223 to rvc-releaseandroid-vts-11.0_r5android-vts-11.0_r4android-vts-11.0_r3android-vts-11.0_r2android-vts-11.0_r1android-security-11.0.0_r1android-cts-11.0_r5android-cts-11.0_r4android-cts-11.0_r3android-cts-11.0_r2android-cts-11.0_r1android-11.0.0_r5android-11.0.0_r4android-11.0.0_r3android-11.0.0_r25android-11.0.0_r2android-11.0.0_r17android-11.0.0_r1android11-tests-releaseandroid11-security-releaseandroid11-s1-releaseandroid11-release
Change-Id: I2fb73fbd89ef2e0b2f1ed50ac96004f09789aeb7
| -rw-r--r-- | bpfloader/bpfloader.rc | 39 |
1 files changed, 30 insertions, 9 deletions
diff --git a/bpfloader/bpfloader.rc b/bpfloader/bpfloader.rc index 836ec63..04d9b81 100644 --- a/bpfloader/bpfloader.rc +++ b/bpfloader/bpfloader.rc @@ -1,5 +1,31 @@ +# zygote-start is what officially starts netd (see //system/core/rootdir/init.rc) +# However, on some hardware it's started from post-fs-data as well, which is just +# a tad earlier. There's no benefit to that though, since on 4.9+ P+ devices netd +# will just block until bpfloader finishes and sets the bpf.progs_loaded property. +# +# It is important that we start bpfloader after: +# - /sys/fs/bpf is already mounted, +# - apex (incl. rollback) is initialized (so that in the future we can load bpf +# programs shipped as part of apex mainline modules) +# - system properties have been set, this is because isBpfSupported() calls +# getUncachedBpfSupportLevel() which depends on +# ro.kernel.ebpf.supported, ro.product.first_api_level & ro.build.version.sdk +# - logd is ready for us to log stuff +# +# At the same time we want to be as early as possible to reduce races and thus +# failures (before memory is fragmented, and cpu is busy running tons of other +# stuff) and we absolutely want to be before netd and the system boot slot is +# considered to have booted successfully. +# +on load_bpf_programs + # Enable the eBPF JIT -- but do note that on 64-bit kernels it is likely + # already force enabled by the kernel config option BPF_JIT_ALWAYS_ON + write /proc/sys/net/core/bpf_jit_enable 1 + # Enable JIT kallsyms export for privileged users only + write /proc/sys/net/core/bpf_jit_kallsyms 1 + start bpfloader + service bpfloader /system/bin/bpfloader - class main capabilities CHOWN SYS_ADMIN # # Set RLIMIT_MEMLOCK to 1GiB for bpfloader @@ -31,11 +57,6 @@ service bpfloader /system/bin/bpfloader # rlimit memlock 1073741824 1073741824 oneshot - -# Need to make sure this runs *before* the bpfloader. -on early-init - # Enable the eBPF JIT -- but do note that it is likely already force enabled - # by the kernel config option BPF_JIT_ALWAYS_ON - write /proc/sys/net/core/bpf_jit_enable 1 - # Enable JIT kallsyms export for privileged users only - write /proc/sys/net/core/bpf_jit_kallsyms 1 + reboot_on_failure reboot,bpfloader-failed + # we're not really updatable, but want to be able to load bpf programs shipped in apexes + updatable |