Conversation

GrapheneOS 2021.04.22.20 release: grapheneos.org/releases#2021.. See the linked release notes for an overview of the changes since the previous release.

1

9

They switched to eBPF to work around not being able to land that kind of functionality upstream. There's something to be said for being able to define those policies in userspace rather than hard-wiring them in the kernel but the code to manage it is complicated and has bugs...

1

6

1:47 AM · Apr 24, 2021Twitter Web App

Android restricts BPF to only being usable by a bpfloader domain and only a few very privileged processes can make use of that domain. Issue isn't attack surface but rather that the userspace code for managing it is complex. It has issues and solving them is proving difficult.

Replying to

Even once we resolve the issues, we'll probably keep the redundant kernel code around. AOSP is meant to fully work with mainline kernels, so what they did makes sense. However, that's irrelevant to us, and keeping around 6 lines of code to avoid trusting 15k LOC makes sense.

1

4

Revert "ANDROID: Remove Android paranoid check for socket creation" · GrapheneOS/kernel_google_co...

Restoring the traditional approach: github.com/GrapheneOS/ker Modern approach avoiding out-of-tree kernel code is eBPF via android.googlesource.com/platform/syste + netd code to manage to mapping + permission monitoring code in system_server giving netd the permission state and keep it updated.

github.com

This reverts commit 317336de579f9ffd608709728732b064e78df403.

1

3