cgroup: refactor allow_attach function into common code (16474253) · Commits · e / devices / android_kernel_xiaomi_markw

include/linux/cgroup.h

+16 −0

Original line number	Diff line number	Diff line
		@@ -911,6 +911,17 @@ int cgroup_transfer_tasks(struct cgroup to, struct cgroup from);
		struct cgroup_subsys_state css_tryget_online_from_dir(struct dentry dentry,
		struct cgroup_subsys *ss);

		/*
		* Default Android check for whether the current process is allowed to move a
		* task across cgroups, either because CAP_SYS_NICE is set or because the uid
		* of the calling process is the same as the moved task or because we are
		* running as root.
		* Returns 0 if this is allowed, or -EACCES otherwise.
		*/
		int subsys_cgroup_allow_attach(struct cgroup_subsys_state *css,
		struct cgroup_taskset *tset);


		#else /* !CONFIG_CGROUPS */

		static inline int cgroup_init_early(void) { return 0; }
		@@ -932,6 +943,11 @@ static inline int cgroup_attach_task_all(struct task_struct *from,
		return 0;
		}

		static inline int subsys_cgroup_allow_attach(struct cgroup_subsys_state *css,
		struct cgroup_taskset *tset)
		{
		return 0;
		}
		#endif /* !CONFIG_CGROUPS */

		#endif /* _LINUX_CGROUP_H */

+19 −0

Original line number	Diff line number	Diff line
		@@ -2327,6 +2327,25 @@ static int cgroup_attach_task(struct cgroup *dst_cgrp,
		return ret;
		}

		int subsys_cgroup_allow_attach(struct cgroup_subsys_state css, struct cgroup_taskset tset)
		{
		const struct cred cred = current_cred(), tcred;
		struct task_struct *task;

		if (capable(CAP_SYS_NICE))
		return 0;

		cgroup_taskset_for_each(task, css, tset) {
		tcred = __task_cred(task);

		if (current != task && !uid_eq(cred->euid, tcred->uid) &&
		!uid_eq(cred->euid, tcred->suid))
		return -EACCES;
		}

		return 0;
		}

		/*
		* Find the task_struct of the task to attach by vpid and pass it along to the
		* function to attach either it or all tasks in its threadgroup. Will lock