1This directory contains comment stripped versions of
2  //system/bpf/bpfloader/bpfloader.rc
3or
4  //packages/modules/Connectivity/bpf/loader/netbpfload.rc
5(as appropriate) from previous versions of Android.
6
7Generated via:
8  (cd ../../../../../../system/bpf && git cat-file -p remotes/aosp/android11-release:bpfloader/bpfloader.rc; ) | egrep -v '^ *#' > bpfloader-sdk30-11-R.rc
9  (cd ../../../../../../system/bpf && git cat-file -p remotes/aosp/android12-release:bpfloader/bpfloader.rc; ) | egrep -v '^ *#' > bpfloader-sdk31-12-S.rc
10  (cd ../../../../../../system/bpf && git cat-file -p remotes/aosp/android13-release:bpfloader/bpfloader.rc; ) | egrep -v '^ *#' > bpfloader-sdk33-13-T.rc
11  (cd ../../../../../../system/bpf && git cat-file -p remotes/aosp/android14-release:bpfloader/bpfloader.rc; ) | egrep -v '^ *#' > bpfloader-sdk34-14-U.rc
12  git cat-file -p remotes/aosp/android14-qpr2-release:netbpfload/netbpfload.rc | egrep -v '^ *#' > bpfloader-sdk34-14-U-QPR2-24Q1.rc
13  git cat-file -p remotes/aosp/android14-qpr3-release:netbpfload/netbpfload.rc | egrep -v '^ *#' > bpfloader-sdk34-14-U-QPR3-24Q2.rc
14  git cat-file -p remotes/aosp/android15-release:netbpfload/netbpfload.rc      | egrep -v '^ *#' > bpfloader-sdk35-15-V-24Q3.rc
15  git cat-file -p remotes/aosp/main:bpf/loader/netbpfload.rc                   | egrep -v '^ *#' > bpfloader-sdk35-15-V-QPR1-24Q4.rc
16
17see also:
18  https://android.googlesource.com/platform/system/bpf/+/refs/heads/android11-release/bpfloader/bpfloader.rc
19  https://android.googlesource.com/platform/system/bpf/+/refs/heads/android12-release/bpfloader/bpfloader.rc
20  https://android.googlesource.com/platform/system/bpf/+/refs/heads/android13-release/bpfloader/bpfloader.rc
21  https://android.googlesource.com/platform/system/bpf/+/refs/heads/android14-release/bpfloader/bpfloader.rc
22  https://android.googlesource.com/platform/system/bpf/+/refs/heads/android14-qpr1-release/bpfloader/bpfloader.rc
23  https://android.googlesource.com/platform/system/bpf/+/refs/heads/android14-qpr2-release/bpfloader/ (rc file is gone in QPR2)
24  https://android.googlesource.com/platform/packages/modules/Connectivity/+/refs/heads/android14-qpr2-release/netbpfload/netbpfload.rc
25  https://android.googlesource.com/platform/packages/modules/Connectivity/+/refs/heads/android14-qpr3-release/netbpfload/netbpfload.rc
26  https://android.googlesource.com/platform/packages/modules/Connectivity/+/refs/heads/android15-release/netbpfload/netbpfload.rc
27  https://android.googlesource.com/platform/packages/modules/Connectivity/+/refs/heads/android15-qpr1-release/netbpfload/netbpfload.rc
28  https://android.googlesource.com/platform/packages/modules/Connectivity/+/refs/heads/main/netbpfload/netbpfload.rc
29or:
30  https://googleplex-android.googlesource.com/platform/packages/modules/Connectivity/+/refs/heads/24Q1-release/netbpfload/netbpfload.rc
31  https://googleplex-android.googlesource.com/platform/packages/modules/Connectivity/+/refs/heads/24Q2-release/netbpfload/netbpfload.rc
32  https://googleplex-android.googlesource.com/platform/packages/modules/Connectivity/+/refs/heads/24Q3-release/netbpfload/netbpfload.rc
33  https://googleplex-android.googlesource.com/platform/packages/modules/Connectivity/+/refs/heads/24Q4-release/bpf/loader/netbpfload.rc
34
35this is entirely equivalent to:
36  (cd /android1/system/bpf && git cat-file -p remotes/goog/rvc-dev:bpfloader/bpfloader.rc; ) | egrep -v '^ *#' > bpfloader-sdk30-11-R.rc
37  (cd /android1/system/bpf && git cat-file -p remotes/goog/sc-dev:bpfloader/bpfloader.rc;  ) | egrep -v '^ *#' > bpfloader-sdk31-12-S.rc
38  (cd /android1/system/bpf && git cat-file -p remotes/goog/tm-dev:bpfloader/bpfloader.rc;  ) | egrep -v '^ *#' > bpfloader-sdk33-13-T.rc
39  (cd /android1/system/bpf && git cat-file -p remotes/goog/udc-dev:bpfloader/bpfloader.rc; ) | egrep -v '^ *#' > bpfloader-sdk34-14-U.rc
40
41it is also equivalent to:
42  (cd /android1/system/bpf && git cat-file -p remotes/goog/rvc-qpr-dev:bpfloader/bpfloader.rc; ) | egrep -v '^ *#' > bpfloader-sdk30-11-R.rc
43  (cd /android1/system/bpf && git cat-file -p remotes/goog/sc-v2-dev:bpfloader/bpfloader.rc;   ) | egrep -v '^ *#' > bpfloader-sdk31-12-S.rc
44  (cd /android1/system/bpf && git cat-file -p remotes/goog/tm-qpr-dev:bpfloader/bpfloader.rc;  ) | egrep -v '^ *#' > bpfloader-sdk33-13-T.rc
45  (cd /android1/system/bpf && git cat-file -p remotes/goog/udc-qpr-dev:bpfloader/bpfloader.rc; ) | egrep -v '^ *#' > bpfloader-sdk34-14-U.rc
46
47ie. there were no changes between R/S/T and R/S/T QPR3, and no change between U and U QPR1.
48
49Note: Sv2 sdk/api level is actually 32, it just didn't change anything wrt. bpf, so doesn't matter.
50
51
52Key takeaways:
53
54= R bpfloader (platform)
55  - CHOWN + SYS_ADMIN
56  - asynchronous startup
57  - platform only
58  - proc file setup handled by initrc
59
60= S bpfloader (platform)
61  - adds NET_ADMIN
62  - synchronous startup
63  - platform + mainline tethering offload
64
65= T bpfloader (platform)
66  - platform + mainline networking (including tethering offload)
67  - supported btf for maps via exec of btfloader
68
69= U bpfloader (platform)
70  - proc file setup moved into bpfloader binary
71  - explicitly specified user and groups:
72    group root graphics network_stack net_admin net_bw_acct net_bw_stats net_raw system
73    user root
74
75= U QPR2 [24Q1] bpfloader (platform netbpfload -> platform bpfloader)
76  - drops support of btf for maps
77  - invocation of /system/bin/netbpfload binary, which after handling *all*
78    networking bpf related things executes the platform /system/bin/bpfloader
79    which handles non-networking bpf.
80  - Note: this does not (by itself) call into apex NetBpfLoad
81
82= U QPR3 [24Q2] bpfloader (platform netbpfload -> apex netbpfload -> platform bpfloader)
83  - platform NetBpfload *always* execs into apex NetBpfLoad,
84  - shipped with mainline tethering apex that includes NetBpfLoad binary.
85
86= V [24Q3] bpfloader (apex netbpfload -> platform bpfloader)
87  - no significant changes, though it does hard require the apex NetBpfLoad
88    by virtue of the platform NetBpfLoad no longer being present.
89    ie. the apex must override the platform 'bpfloader' service for 35+:
90    the V FRC M-2024-08+ tethering apex does this.
91
92= V QPR1 [24Q4] bpfloader (apex netbpfload -> platform bpfloader)
93  - made netd start earlier (previously happened in parallel to zygote)
94  - renamed and moved the trigger out of netbpload.rc into
95    //system/core/rootdir/init.rc
96  - the new sequence is:
97      trigger post-fs-data        (logd available, starts apexd)
98      trigger load-bpf-programs   (does: exec_start bpfloader)
99      trigger bpf-progs-loaded    (does: start netd)
100      trigger zygote-start
101  - this is more or less irrelevant from the point of view of the bpfloader,
102    but it does mean netd init could fail and abort the boot earlier,
103    before 'A/B update_verifier marks a successful boot'.
104    Though note that due to netd being started asynchronously, it is racy.
105
106Note that there is now a copy of 'netbpfload' provided by the tethering apex
107mainline module at /apex/com.android.tethering/bin/netbpfload, which due
108to the use of execve("/system/bin/bpfloader") relies on T+ selinux which was
109added for btf map support (specifically the ability to exec the "btfloader").
110
111= mainline tethering apex M-2024-08+ overrides the platform service for V+
112  thus loading mainline (ie. networking) bpf programs from mainline 'NetBpfLoad'
113  and platform ones from platform 'bpfloader'.
114
115= mainline tethering apex M-2024-09+ changes T+ behaviour (U QPR3+ unaffected)
116  netd -> netd_updatable.so -> ctl.start=mdnsd_netbpfload -> load net bpf programs
117