Add system_server to net_admin group
This allows system_server to search/read skfilter BPF programs. Skfilter BPF programs status were previously dumped by Netd. In Android T, the related code are mainlined and dumped by system_server process. system_server needs to be in net_admin group so that it can read program status. $ adb root; adb shell ls -l /sys/fs/bpf/ -r--r----- 1 root net_admin ... prog_netd_skfilter_allowlist_xtbpf -r--r----- 1 root net_admin ... prog_netd_skfilter_denylist_xtbpf -r--r----- 1 root net_admin ... prog_netd_skfilter_egress_xtbpf -r--r----- 1 root net_admin ... prog_netd_skfilter_ingress_xtbpf Bug: 202086915 Test: test in Ib0e935ee2b714ac61daceba6d13fa7a20f97f68f Change-Id: I8c48230a5da6873eee7d0ba183cb83e1d92cd8f6
Loading
Please register or sign in to comment