diff options
| author | Mark Salyzyn <salyzyn@google.com> | 2018-04-17 15:34:06 -0700 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2018-04-17 15:34:06 -0700 |
| commit | 7977e3d24d65d39fbaf62c2d1cb71519bfcbcefc (patch) | |
| tree | 923ca94c6ec2863c47156d2b704a4e9cf0dfca25 /lmkd/lmkd.c | |
| parent | 9bb6564c95ce8e297e4d29b7afe06374056332e0 (diff) | |
| parent | c2d4d08be2d8f0f7a2b1cacd05900c64496021bc (diff) | |
| download | system_core-7977e3d24d65d39fbaf62c2d1cb71519bfcbcefc.tar.gz system_core-7977e3d24d65d39fbaf62c2d1cb71519bfcbcefc.tar.bz2 system_core-7977e3d24d65d39fbaf62c2d1cb71519bfcbcefc.zip | |
Merge "lmkd: limit capability set to minimum" am: 01ce44b734
am: c2d4d08be2
Change-Id: Ic97ab3c4312d260c2aa8c7a30e203564cd72f61a
Diffstat (limited to 'lmkd/lmkd.c')
| -rw-r--r-- | lmkd/lmkd.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/lmkd/lmkd.c b/lmkd/lmkd.c index fc9e0aa6a..63a9bc603 100644 --- a/lmkd/lmkd.c +++ b/lmkd/lmkd.c @@ -72,6 +72,7 @@ #define MEMINFO_PATH "/proc/meminfo" #define LINE_MAX 128 +/* gid containing AID_SYSTEM required */ #define INKERNEL_MINFREE_PATH "/sys/module/lowmemorykiller/parameters/minfree" #define INKERNEL_ADJ_PATH "/sys/module/lowmemorykiller/parameters/adj" @@ -464,6 +465,9 @@ static void cmd_procprio(LMKD_CTRL_PACKET packet) { return; } + /* gid containing AID_READPROC required */ + /* CAP_SYS_RESOURCE required */ + /* CAP_DAC_OVERRIDE required */ snprintf(path, sizeof(path), "/proc/%d/oom_score_adj", params.pid); snprintf(val, sizeof(val), "%d", params.oomadj); if (!writefilestring(path, val, false)) { @@ -505,8 +509,7 @@ static void cmd_procprio(LMKD_CTRL_PACKET packet) { soft_limit_mult = 64; } - snprintf(path, sizeof(path), - "/dev/memcg/apps/uid_%d/pid_%d/memory.soft_limit_in_bytes", + snprintf(path, sizeof(path), MEMCG_SYSFS_PATH "apps/uid_%d/pid_%d/memory.soft_limit_in_bytes", params.uid, params.pid); snprintf(val, sizeof(val), "%d", soft_limit_mult * EIGHT_MEGA); @@ -913,6 +916,7 @@ static int proc_get_size(int pid) { int total; ssize_t ret; + /* gid containing AID_READPROC required */ snprintf(path, PATH_MAX, "/proc/%d/statm", pid); fd = open(path, O_RDONLY | O_CLOEXEC); if (fd == -1) @@ -936,6 +940,7 @@ static char *proc_get_name(int pid) { char *cp; ssize_t ret; + /* gid containing AID_READPROC required */ snprintf(path, PATH_MAX, "/proc/%d/cmdline", pid); fd = open(path, O_RDONLY | O_CLOEXEC); if (fd == -1) @@ -1014,6 +1019,7 @@ static int kill_one_process(struct proc* procp, int min_score_adj, TRACE_KILL_START(pid); + /* CAP_KILL required */ r = kill(pid, SIGKILL); ALOGI( "Killing '%s' (%d), uid %d, adj %d\n" @@ -1360,6 +1366,7 @@ static bool init_mp_common(enum vmpressure_level level) { int level_idx = (int)level; const char *levelstr = level_name[level_idx]; + /* gid containing AID_SYSTEM required */ mpfd = open(MEMCG_SYSFS_PATH "memory.pressure_level", O_RDONLY | O_CLOEXEC); if (mpfd < 0) { ALOGI("No kernel memory.pressure_level support (errno=%d)", errno); @@ -1575,11 +1582,15 @@ int main(int argc __unused, char **argv __unused) { * pins ⊆ MCL_CURRENT, converging to just MCL_CURRENT as we fault * in pages. */ + /* CAP_IPC_LOCK required */ if (mlockall(MCL_CURRENT | MCL_FUTURE | MCL_ONFAULT) && (errno != EINVAL)) { ALOGW("mlockall failed %s", strerror(errno)); } - sched_setscheduler(0, SCHED_FIFO, ¶m); + /* CAP_NICE required */ + if (sched_setscheduler(0, SCHED_FIFO, ¶m)) { + ALOGW("set SCHED_FIFO failed %s", strerror(errno)); + } } mainloop(); |