Loading libprocessgroup/processgroup.cpp +12 −11 Original line number Diff line number Diff line Loading @@ -85,7 +85,8 @@ static bool CgroupKillAvailable() { CgroupGetControllerPath(CGROUPV2_HIERARCHY_NAME, &cg_kill); // cgroup.kill is not on the root cgroup, so check a non-root cgroup that should always // exist cg_kill = ConvertUidToPath(cg_kill.c_str(), AID_ROOT) + '/' + PROCESSGROUP_CGROUP_KILL_FILE; cg_kill = ConvertUidToPath(cg_kill.c_str(), AID_ROOT, true) + '/' + PROCESSGROUP_CGROUP_KILL_FILE; cgroup_kill_available = access(cg_kill.c_str(), F_OK) == 0; }); Loading Loading @@ -241,14 +242,14 @@ bool SetUserProfiles(uid_t uid, const std::vector<std::string>& profiles) { false); } static int RemoveCgroup(const char* cgroup, uid_t uid, pid_t pid) { auto path = ConvertUidPidToPath(cgroup, uid, pid); static int RemoveCgroup(const char* cgroup, uid_t uid, pid_t pid, bool v2_path) { auto path = ConvertUidPidToPath(cgroup, uid, pid, v2_path); int ret = TEMP_FAILURE_RETRY(rmdir(path.c_str())); if (!ret && uid >= AID_ISOLATED_START && uid <= AID_ISOLATED_END) { // Isolated UIDs are unlikely to be reused soon after removal, // so free up the kernel resources for the UID level cgroup. path = ConvertUidToPath(cgroup, uid); path = ConvertUidToPath(cgroup, uid, v2_path); ret = TEMP_FAILURE_RETRY(rmdir(path.c_str())); } Loading Loading @@ -385,7 +386,7 @@ bool sendSignalToProcessGroup(uid_t uid, pid_t initialPid, int signal) { if (CgroupsAvailable()) { std::string hierarchy_root_path, cgroup_v2_path; CgroupGetControllerPath(CGROUPV2_HIERARCHY_NAME, &hierarchy_root_path); cgroup_v2_path = ConvertUidPidToPath(hierarchy_root_path.c_str(), uid, initialPid); cgroup_v2_path = ConvertUidPidToPath(hierarchy_root_path.c_str(), uid, initialPid, true); if (signal == SIGKILL && CgroupKillAvailable()) { LOG(VERBOSE) << "Using " << PROCESSGROUP_CGROUP_KILL_FILE << " to SIGKILL " Loading Loading @@ -556,7 +557,7 @@ static int KillProcessGroup( CgroupGetControllerPath(CGROUPV2_HIERARCHY_NAME, &hierarchy_root_path); const std::string cgroup_v2_path = ConvertUidPidToPath(hierarchy_root_path.c_str(), uid, initialPid); ConvertUidPidToPath(hierarchy_root_path.c_str(), uid, initialPid, true); const std::string eventsfile = cgroup_v2_path + '/' + PROCESSGROUP_CGROUP_EVENTS_FILE; android::base::unique_fd events_fd(open(eventsfile.c_str(), O_RDONLY)); Loading Loading @@ -622,7 +623,7 @@ static int KillProcessGroup( << " after " << kill_duration.count() << " ms"; } ret = RemoveCgroup(hierarchy_root_path.c_str(), uid, initialPid); ret = RemoveCgroup(hierarchy_root_path.c_str(), uid, initialPid, true); if (ret) PLOG(ERROR) << "Unable to remove cgroup " << cgroup_v2_path; else Loading @@ -633,9 +634,9 @@ static int KillProcessGroup( // memcg v2. std::string memcg_apps_path; if (CgroupGetMemcgAppsPath(&memcg_apps_path) && (ret = RemoveCgroup(memcg_apps_path.c_str(), uid, initialPid)) < 0) { (ret = RemoveCgroup(memcg_apps_path.c_str(), uid, initialPid, false)) < 0) { const auto memcg_v1_cgroup_path = ConvertUidPidToPath(memcg_apps_path.c_str(), uid, initialPid); ConvertUidPidToPath(memcg_apps_path.c_str(), uid, initialPid, false); PLOG(ERROR) << "Unable to remove memcg v1 cgroup " << memcg_v1_cgroup_path; } } Loading @@ -657,7 +658,7 @@ int killProcessGroupOnce(uid_t uid, pid_t initialPid, int signal) { static int createProcessGroupInternal(uid_t uid, pid_t initialPid, std::string cgroup, bool activate_controllers) { auto uid_path = ConvertUidToPath(cgroup.c_str(), uid); auto uid_path = ConvertUidToPath(cgroup.c_str(), uid, activate_controllers); struct stat cgroup_stat; mode_t cgroup_mode = 0750; Loading @@ -684,7 +685,7 @@ static int createProcessGroupInternal(uid_t uid, pid_t initialPid, std::string c } } auto uid_pid_path = ConvertUidPidToPath(cgroup.c_str(), uid, initialPid); auto uid_pid_path = ConvertUidPidToPath(cgroup.c_str(), uid, initialPid, activate_controllers); if (!MkdirAndChown(uid_pid_path, cgroup_mode, cgroup_uid, cgroup_gid)) { PLOG(ERROR) << "Failed to make and chown " << uid_pid_path; Loading libprocessgroup/task_profiles.cpp +6 −6 Original line number Diff line number Diff line Loading @@ -150,8 +150,8 @@ static bool isSystemApp(uid_t uid) { return uid < AID_APP_START; } std::string ConvertUidToPath(const char* root_cgroup_path, uid_t uid) { if (android::libprocessgroup_flags::cgroup_v2_sys_app_isolation()) { std::string ConvertUidToPath(const char* root_cgroup_path, uid_t uid, bool v2_path) { if (android::libprocessgroup_flags::cgroup_v2_sys_app_isolation() && v2_path) { if (isSystemApp(uid)) return StringPrintf("%s/system/uid_%u", root_cgroup_path, uid); else Loading @@ -160,14 +160,14 @@ std::string ConvertUidToPath(const char* root_cgroup_path, uid_t uid) { return StringPrintf("%s/uid_%u", root_cgroup_path, uid); } std::string ConvertUidPidToPath(const char* root_cgroup_path, uid_t uid, pid_t pid) { const std::string uid_path = ConvertUidToPath(root_cgroup_path, uid); std::string ConvertUidPidToPath(const char* root_cgroup_path, uid_t uid, pid_t pid, bool v2_path) { const std::string uid_path = ConvertUidToPath(root_cgroup_path, uid, v2_path); return StringPrintf("%s/pid_%d", uid_path.c_str(), pid); } bool ProfileAttribute::GetPathForProcess(uid_t uid, pid_t pid, std::string* path) const { if (controller()->version() == 2) { const std::string cgroup_path = ConvertUidPidToPath(controller()->path(), uid, pid); const std::string cgroup_path = ConvertUidPidToPath(controller()->path(), uid, pid, true); *path = cgroup_path + "/" + file_name(); return true; } Loading Loading @@ -199,7 +199,7 @@ bool ProfileAttribute::GetPathForUID(uid_t uid, std::string* path) const { return true; } const std::string cgroup_path = ConvertUidToPath(controller()->path(), uid); const std::string cgroup_path = ConvertUidToPath(controller()->path(), uid, true); *path = cgroup_path + "/" + file_name(); return true; } Loading libprocessgroup/task_profiles.h +2 −2 Original line number Diff line number Diff line Loading @@ -258,5 +258,5 @@ class TaskProfiles { std::map<std::string, std::unique_ptr<IProfileAttribute>, std::less<>> attributes_; }; std::string ConvertUidToPath(const char* root_cgroup_path, uid_t uid); std::string ConvertUidPidToPath(const char* root_cgroup_path, uid_t uid, pid_t pid); std::string ConvertUidToPath(const char* root_cgroup_path, uid_t uid, bool v2_path); std::string ConvertUidPidToPath(const char* root_cgroup_path, uid_t uid, pid_t pid, bool v2_path); rootdir/init.rc +3 −0 Original line number Diff line number Diff line Loading @@ -569,6 +569,9 @@ on post-fs chown root log /proc/vmallocinfo chmod 0440 /proc/vmallocinfo chown root log /proc/allocinfo chmod 0440 /proc/allocinfo chown root log /proc/slabinfo chmod 0440 /proc/slabinfo Loading Loading
libprocessgroup/processgroup.cpp +12 −11 Original line number Diff line number Diff line Loading @@ -85,7 +85,8 @@ static bool CgroupKillAvailable() { CgroupGetControllerPath(CGROUPV2_HIERARCHY_NAME, &cg_kill); // cgroup.kill is not on the root cgroup, so check a non-root cgroup that should always // exist cg_kill = ConvertUidToPath(cg_kill.c_str(), AID_ROOT) + '/' + PROCESSGROUP_CGROUP_KILL_FILE; cg_kill = ConvertUidToPath(cg_kill.c_str(), AID_ROOT, true) + '/' + PROCESSGROUP_CGROUP_KILL_FILE; cgroup_kill_available = access(cg_kill.c_str(), F_OK) == 0; }); Loading Loading @@ -241,14 +242,14 @@ bool SetUserProfiles(uid_t uid, const std::vector<std::string>& profiles) { false); } static int RemoveCgroup(const char* cgroup, uid_t uid, pid_t pid) { auto path = ConvertUidPidToPath(cgroup, uid, pid); static int RemoveCgroup(const char* cgroup, uid_t uid, pid_t pid, bool v2_path) { auto path = ConvertUidPidToPath(cgroup, uid, pid, v2_path); int ret = TEMP_FAILURE_RETRY(rmdir(path.c_str())); if (!ret && uid >= AID_ISOLATED_START && uid <= AID_ISOLATED_END) { // Isolated UIDs are unlikely to be reused soon after removal, // so free up the kernel resources for the UID level cgroup. path = ConvertUidToPath(cgroup, uid); path = ConvertUidToPath(cgroup, uid, v2_path); ret = TEMP_FAILURE_RETRY(rmdir(path.c_str())); } Loading Loading @@ -385,7 +386,7 @@ bool sendSignalToProcessGroup(uid_t uid, pid_t initialPid, int signal) { if (CgroupsAvailable()) { std::string hierarchy_root_path, cgroup_v2_path; CgroupGetControllerPath(CGROUPV2_HIERARCHY_NAME, &hierarchy_root_path); cgroup_v2_path = ConvertUidPidToPath(hierarchy_root_path.c_str(), uid, initialPid); cgroup_v2_path = ConvertUidPidToPath(hierarchy_root_path.c_str(), uid, initialPid, true); if (signal == SIGKILL && CgroupKillAvailable()) { LOG(VERBOSE) << "Using " << PROCESSGROUP_CGROUP_KILL_FILE << " to SIGKILL " Loading Loading @@ -556,7 +557,7 @@ static int KillProcessGroup( CgroupGetControllerPath(CGROUPV2_HIERARCHY_NAME, &hierarchy_root_path); const std::string cgroup_v2_path = ConvertUidPidToPath(hierarchy_root_path.c_str(), uid, initialPid); ConvertUidPidToPath(hierarchy_root_path.c_str(), uid, initialPid, true); const std::string eventsfile = cgroup_v2_path + '/' + PROCESSGROUP_CGROUP_EVENTS_FILE; android::base::unique_fd events_fd(open(eventsfile.c_str(), O_RDONLY)); Loading Loading @@ -622,7 +623,7 @@ static int KillProcessGroup( << " after " << kill_duration.count() << " ms"; } ret = RemoveCgroup(hierarchy_root_path.c_str(), uid, initialPid); ret = RemoveCgroup(hierarchy_root_path.c_str(), uid, initialPid, true); if (ret) PLOG(ERROR) << "Unable to remove cgroup " << cgroup_v2_path; else Loading @@ -633,9 +634,9 @@ static int KillProcessGroup( // memcg v2. std::string memcg_apps_path; if (CgroupGetMemcgAppsPath(&memcg_apps_path) && (ret = RemoveCgroup(memcg_apps_path.c_str(), uid, initialPid)) < 0) { (ret = RemoveCgroup(memcg_apps_path.c_str(), uid, initialPid, false)) < 0) { const auto memcg_v1_cgroup_path = ConvertUidPidToPath(memcg_apps_path.c_str(), uid, initialPid); ConvertUidPidToPath(memcg_apps_path.c_str(), uid, initialPid, false); PLOG(ERROR) << "Unable to remove memcg v1 cgroup " << memcg_v1_cgroup_path; } } Loading @@ -657,7 +658,7 @@ int killProcessGroupOnce(uid_t uid, pid_t initialPid, int signal) { static int createProcessGroupInternal(uid_t uid, pid_t initialPid, std::string cgroup, bool activate_controllers) { auto uid_path = ConvertUidToPath(cgroup.c_str(), uid); auto uid_path = ConvertUidToPath(cgroup.c_str(), uid, activate_controllers); struct stat cgroup_stat; mode_t cgroup_mode = 0750; Loading @@ -684,7 +685,7 @@ static int createProcessGroupInternal(uid_t uid, pid_t initialPid, std::string c } } auto uid_pid_path = ConvertUidPidToPath(cgroup.c_str(), uid, initialPid); auto uid_pid_path = ConvertUidPidToPath(cgroup.c_str(), uid, initialPid, activate_controllers); if (!MkdirAndChown(uid_pid_path, cgroup_mode, cgroup_uid, cgroup_gid)) { PLOG(ERROR) << "Failed to make and chown " << uid_pid_path; Loading
libprocessgroup/task_profiles.cpp +6 −6 Original line number Diff line number Diff line Loading @@ -150,8 +150,8 @@ static bool isSystemApp(uid_t uid) { return uid < AID_APP_START; } std::string ConvertUidToPath(const char* root_cgroup_path, uid_t uid) { if (android::libprocessgroup_flags::cgroup_v2_sys_app_isolation()) { std::string ConvertUidToPath(const char* root_cgroup_path, uid_t uid, bool v2_path) { if (android::libprocessgroup_flags::cgroup_v2_sys_app_isolation() && v2_path) { if (isSystemApp(uid)) return StringPrintf("%s/system/uid_%u", root_cgroup_path, uid); else Loading @@ -160,14 +160,14 @@ std::string ConvertUidToPath(const char* root_cgroup_path, uid_t uid) { return StringPrintf("%s/uid_%u", root_cgroup_path, uid); } std::string ConvertUidPidToPath(const char* root_cgroup_path, uid_t uid, pid_t pid) { const std::string uid_path = ConvertUidToPath(root_cgroup_path, uid); std::string ConvertUidPidToPath(const char* root_cgroup_path, uid_t uid, pid_t pid, bool v2_path) { const std::string uid_path = ConvertUidToPath(root_cgroup_path, uid, v2_path); return StringPrintf("%s/pid_%d", uid_path.c_str(), pid); } bool ProfileAttribute::GetPathForProcess(uid_t uid, pid_t pid, std::string* path) const { if (controller()->version() == 2) { const std::string cgroup_path = ConvertUidPidToPath(controller()->path(), uid, pid); const std::string cgroup_path = ConvertUidPidToPath(controller()->path(), uid, pid, true); *path = cgroup_path + "/" + file_name(); return true; } Loading Loading @@ -199,7 +199,7 @@ bool ProfileAttribute::GetPathForUID(uid_t uid, std::string* path) const { return true; } const std::string cgroup_path = ConvertUidToPath(controller()->path(), uid); const std::string cgroup_path = ConvertUidToPath(controller()->path(), uid, true); *path = cgroup_path + "/" + file_name(); return true; } Loading
libprocessgroup/task_profiles.h +2 −2 Original line number Diff line number Diff line Loading @@ -258,5 +258,5 @@ class TaskProfiles { std::map<std::string, std::unique_ptr<IProfileAttribute>, std::less<>> attributes_; }; std::string ConvertUidToPath(const char* root_cgroup_path, uid_t uid); std::string ConvertUidPidToPath(const char* root_cgroup_path, uid_t uid, pid_t pid); std::string ConvertUidToPath(const char* root_cgroup_path, uid_t uid, bool v2_path); std::string ConvertUidPidToPath(const char* root_cgroup_path, uid_t uid, pid_t pid, bool v2_path);
rootdir/init.rc +3 −0 Original line number Diff line number Diff line Loading @@ -569,6 +569,9 @@ on post-fs chown root log /proc/vmallocinfo chmod 0440 /proc/vmallocinfo chown root log /proc/allocinfo chmod 0440 /proc/allocinfo chown root log /proc/slabinfo chmod 0440 /proc/slabinfo Loading
