Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
Opening /proc/zoneinfo may return -ENOMEM under memory pressure,
assume something needs to be killed if that happens.
Bug: 16236289
Change-Id: I25aab09f4c3f2b9e176eaaeca94fd6bd790dad4e
The task selected to die may be small, add its approximate size
to other_free and other_file and keep killing until all thresholds
are met.
Bug: 16236289
Change-Id: Iceeca4c63fec98cae2bf53e258f7707cea408b07
If kswapd runs more than lmkd it may throw away all page cache pages
before lmkd gets a chance to kill a process. Make lmkd SCHED_FIFO
so it can react quickly to kernel low memory notifications.
Bug: 16236289
Change-Id: I46767b4ec81ef8638d0c9e47d168a68b62e3cac5
Use mlockall(MCL_FUTURE) to lock all lmkd pages in memory. This
avoids lmkd thrashing when the system is low on memory.
As a side effect, it will also keep the .text sections of liblog, libm,
libc, and libprocessgroup in memory at all times.
Bug: 16236289
Change-Id: Idd70557efa4b1e14bc86f14220672a30f6c956e3
While lmkd does technically use libcutils' socket.h, it only
uses a static inline. Remove libcutils from LOCAL_SHARED_LIBRARIES
so it doesn't end up mlock'd in memory in the next patch.
Bug: 16236289
Change-Id: I744d69bfff06cb904836f64e1d5f6e530604bff4
After sending sigkill to the main process, also call into
libprocessgroup to kill any processes that were forked.
Bug: 15313911
Change-Id: I05577c6f5b70800ce0a01f480c8870c2c601afda
Statically linked binaries cannot take advantage of ASLR,
making them less secure.
In addition, statically linked binaries consume more ram,
because shared libraries cannot be reused.
executable size before: 87728
executable size after: 13656
Change-Id: I9d02d865f9beeaaaadcd5009f64ac015931d4b11
Use oom_score_adj for setting OOM score adjustment values instead
of the older, deprecated oom_adj interface.
Change-Id: I5ba7801d4b8971be092b31ae0fd8af8c3001d613
Move kernel low memory killer logic to new daemon lmkd. ActivityManager
communicates with this daemon over a named socket.
Change-Id: Ie957da7e9b1f7150e23c689fdadf23ff260b47be