Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / core / 64d97d87611a39163aa121f17214f4a846954cee^! / .
commit64d97d87611a39163aa121f17214f4a846954cee[log] [tgz]
authorMark Salyzyn <salyzyn@google.com>Mon Apr 09 09:50:32 2018 -0700
committerMark Salyzyn <salyzyn@google.com>Mon Apr 16 14:51:56 2018 -0700
tree2aadfbf34c59d3107bd9030f4f635e8ab1829493
parent22dc27b9fa46b20aca4f5982979681a858a97284 [diff]
lmkd: limit capability set to minimum

Set F() capability set and 'drop' lmkd from AID_ROOT to AID_LMKD uid
and from AID_ROOT to AID_LMKD and AID_SYSTEM gid.

/dev/memcg/memory.pressure defaults to root.root mode 0000, set it up
as root.system mode 0040 to allow lmkd read access.

Instrument failure to set SCHED_FIFO.

Annotate access points that require elevated capabilities.

Test: check /proc/`pidof lmkd`/status for capability set
Test: lmkd_unit_test
Bug: 77650566
Change-Id: I986081a0434cf6e842b63a55726380205b30a3ea

diff --git a/libcutils/include/private/android_filesystem_config.h b/libcutils/include/private/android_filesystem_config.h
index 5d17698..8209167 100644
--- a/libcutils/include/private/android_filesystem_config.h
+++ b/libcutils/include/private/android_filesystem_config.h

@@ -129,6 +129,7 @@
 #define AID_STATSD 1066          /* statsd daemon */
 #define AID_INCIDENTD 1067       /* incidentd daemon */
 #define AID_SECURE_ELEMENT 1068  /* secure element subsystem */
+#define AID_LMKD 1069            /* low memory killer daemon */
 /* Changes to this file must be made in AOSP, *not* in internal branches. */
 
 #define AID_SHELL 2000 /* adb and debug shell user */

diff --git a/lmkd/lmkd.c b/lmkd/lmkd.c
index 151e1dc..80711bc 100644
--- a/lmkd/lmkd.c
+++ b/lmkd/lmkd.c

@@ -68,6 +68,7 @@
 #define MEMINFO_PATH "/proc/meminfo"
 #define LINE_MAX 128
 
+/* gid containing AID_SYSTEM required */
 #define INKERNEL_MINFREE_PATH "/sys/module/lowmemorykiller/parameters/minfree"
 #define INKERNEL_ADJ_PATH "/sys/module/lowmemorykiller/parameters/adj"
 
@@ -455,6 +456,9 @@
         return;
     }
 
+    /* gid containing AID_READPROC required */
+    /* CAP_SYS_RESOURCE required */
+    /* CAP_DAC_OVERRIDE required */
     snprintf(path, sizeof(path), "/proc/%d/oom_score_adj", params.pid);
     snprintf(val, sizeof(val), "%d", params.oomadj);
     if (!writefilestring(path, val, false)) {
@@ -496,8 +500,7 @@
         soft_limit_mult = 64;
     }
 
-    snprintf(path, sizeof(path),
-             "/dev/memcg/apps/uid_%d/pid_%d/memory.soft_limit_in_bytes",
+    snprintf(path, sizeof(path), MEMCG_SYSFS_PATH "apps/uid_%d/pid_%d/memory.soft_limit_in_bytes",
              params.uid, params.pid);
     snprintf(val, sizeof(val), "%d", soft_limit_mult * EIGHT_MEGA);
 
@@ -859,6 +862,7 @@
     int total;
     ssize_t ret;
 
+    /* gid containing AID_READPROC required */
     snprintf(path, PATH_MAX, "/proc/%d/statm", pid);
     fd = open(path, O_RDONLY | O_CLOEXEC);
     if (fd == -1)
@@ -882,6 +886,7 @@
     char *cp;
     ssize_t ret;
 
+    /* gid containing AID_READPROC required */
     snprintf(path, PATH_MAX, "/proc/%d/cmdline", pid);
     fd = open(path, O_RDONLY | O_CLOEXEC);
     if (fd == -1)
@@ -949,6 +954,7 @@
 
     TRACE_KILL_START(pid);
 
+    /* CAP_KILL required */
     r = kill(pid, SIGKILL);
     ALOGI(
         "Killing '%s' (%d), uid %d, adj %d\n"
@@ -1267,6 +1273,7 @@
     int level_idx = (int)level;
     const char *levelstr = level_name[level_idx];
 
+    /* gid containing AID_SYSTEM required */
     mpfd = open(MEMCG_SYSFS_PATH "memory.pressure_level", O_RDONLY | O_CLOEXEC);
     if (mpfd < 0) {
         ALOGI("No kernel memory.pressure_level support (errno=%d)", errno);
@@ -1478,11 +1485,15 @@
              * pins ⊆ MCL_CURRENT, converging to just MCL_CURRENT as we fault
              * in pages.
              */
+            /* CAP_IPC_LOCK required */
             if (mlockall(MCL_CURRENT | MCL_FUTURE | MCL_ONFAULT) && (errno != EINVAL)) {
                 ALOGW("mlockall failed %s", strerror(errno));
             }
 
-            sched_setscheduler(0, SCHED_FIFO, &param);
+            /* CAP_NICE required */
+            if (sched_setscheduler(0, SCHED_FIFO, &param)) {
+                ALOGW("set SCHED_FIFO failed %s", strerror(errno));
+            }
         }
 
         mainloop();

diff --git a/lmkd/lmkd.rc b/lmkd/lmkd.rc
index 3bb84ab..76b6055 100644
--- a/lmkd/lmkd.rc
+++ b/lmkd/lmkd.rc

@@ -1,6 +1,8 @@
 service lmkd /system/bin/lmkd
     class core
-    group root readproc
+    user lmkd
+    group lmkd system readproc
+    capabilities DAC_OVERRIDE KILL IPC_LOCK SYS_NICE SYS_RESOURCE
     critical
     socket lmkd seqpacket 0660 system system
     writepid /dev/cpuset/system-background/tasks

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 1462570..4f008ac 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -34,6 +34,9 @@
     # root memory control cgroup, used by lmkd
     mkdir /dev/memcg 0700 root system
     mount cgroup none /dev/memcg nodev noexec nosuid memory
+    # memory.pressure_level used by lmkd
+    chown root system /dev/memcg/memory.pressure_level
+    chmod 0040 /dev/memcg/memory.pressure_level
     # app mem cgroups, used by activity manager, lmkd and zygote
     mkdir /dev/memcg/apps/ 0755 system system
     # cgroup for system_server and surfaceflinger