A process can give up the permission to set cgroup. If we still
keep the fd that was cached before losing the permission, when
the process sets scheduling group, it will write to the cached
fd without checking if is accessible and lead to sepolicy denied.
Bug: 123043091
Test: Build and boot.
Test: A new process from zygote set cgroup and drop fd cache, and
then specializes to app domain. There is no sepolicy denied
when the process creates new thread.
(android::thread_data_t::trampoline)
Change-Id: I285ee91424ea965ea9c670fc0f6662948e3e2ce5
while enable fdsan (file descriptor sanitizer),
fdsan report use-after-close error after boot complete (sedom).
Because, in SetCgroupAction::EnableResourceCaching() currently has a data race against all the
use fd_ functions like SetCgroupAction::ExecuteForProcess(uid_t uid, pid_t pid) etc.
ThreadA | ThreadB
-------------------------------------------------------------------------------------------------
in SetCgroupAction::EnableResourceCaching() | in SetCgroupAction::ExecuteForProcess(...)
-------------------------------------------------------------------------------------------------
| in SetCgroupAction::AddTidToCgroup(int tid, int fd)
-------------------------------------------------------------------------------------------------
fd_ = std::move(fd); /*modified fd_ value*/ |
-------------------------------------------------------------------------------------------------
| write(fd) /* crash here, fd is closed by ThreadA*/
-------------------------------------------------------------------------------------------------
So, add mutex lock to protect fd_ data race.
Bug: 134120826
Test: auto test, run the adb reboot test 100 times and no fdsan error report on libprocessgroup
Change-Id: Iccf2f705e030f79324f1164509e715dc5be825de
This reverts commit bee9f5718b
"libprocessgroup: Disable file descriptor caching temporarily" and adds
option to use SetTaskProfiles and SetProcessProfiles without file caching.
This option is used from JNI to avoid access denials because cached files
are not whitelisted for JNI usage.
Bug: 123868658
Bug: 123043091
Test: boot using svelte target
Change-Id: I76b9d6af8a1dd4464cb3cf3e6dc327980efdf361
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Use the LL-NDK library to read cgroup.rc.
As a side-effect, the CgroupController class is changed
to a wrapper of ACgroupController* from the library. The
class itself essentially becomes the pointer, and can be
trivially copied. Modify all client code for this change.
Test: builds and boots
Bug: 123664216
Change-Id: I635d9885db62e82f37421f6d20f59c84a6f4cbb2
Merged-In: I635d9885db62e82f37421f6d20f59c84a6f4cbb2
This avoids a race between destruction on process exit and concurrent
access from another thread.
Bug: 129023204
Change-Id: Iecafa67a78e2cce53687156e7f91547b4a23ec13
Convert Json::Value to const refs to prevent creation of a null member
if specified element does not exist. Fix variable naming in the parser
while we are at it.
Change-Id: I7dabfd1c73983b465984dd6c411c9fe48743a348
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Vendors should be able to specify additional cgroups and task profiles
without changing system files. Add support for /vendor/etc/cgroups.json
and /vendor/etc/task_profiles.json files which will augment cgroups and
task profiles specified in /etc/cgroups.json and /etc/task_profiles.json
system files.
Bug: 124960615
Change-Id: I548c2e866b65c19856a3617d75b75dcd06f7d5b7
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
lmkd uses set_sched_priority to expedite killing of its victims and this
sometimes results in timerslack_ns writes for an process which is already
dead. These messages are detrimental during troubleshooting and do not
indicate a real problem, therefore need to be suppressed.
Bug: 124324891
Test: lmkd_unit_test
Change-Id: I5bc071b47d386c279dd9a56eee51dba7797f4520
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
File descriptor caching breaks boot on Android Go and Svelte targets.
Disable it temporarily to fix the builds and investigate the root cause
further.
Bug: 123868658
Test: Android Go device boots after this change
Change-Id: Idd0209029cde8454ea99b9de030f7a317c2988d7
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Non-Android build targets are missing sys/prctl.h header and functionality
should be disabled for them like it was done previously inside
sched_policy.cpp. Also make the set_sched_policy/get_sched_policy
functionality backward compatible by creating stubs for non-Android
targets.
Bug: 111307099
Test: built sdk_gphone_x86-sdk_addon_mac target using forrest
Change-Id: I1c195267e287a84a21c588bd61d7c452bff6cfbe
Merged-In: I1c195267e287a84a21c588bd61d7c452bff6cfbe
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Abstract usage of cgroups into task profiles that allows for changes
in cgroup hierarchy and version without affecting framework codebase.
Rework current processgroup and sched_policy API function implementations
to use task profiles instead of hardcoded paths and attributes.
Mount cgroups using information from cgroups.json rather than from init.rc
Exempt-From-Owner-Approval: already approved in internal master
Bug: 111307099
Test: builds, boots
Change-Id: If5532d6dc570add825cebd5b5148e00c7d688e32
Merged-In: If5532d6dc570add825cebd5b5148e00c7d688e32
Signed-off-by: Suren Baghdasaryan <surenb@google.com>