From f508ede763e8298387c4c7385c049625d7941ce6 Mon Sep 17 00:00:00 2001 From: Bart Van Assche Date: Wed, 9 Mar 2022 00:48:34 +0000 Subject: [PATCH 1/3] Simplify cgroups.json cgroups.json causes the following changes to be applied twice to /sys/fs/cgroup: change user ID to system, change group ID to system and change mode to 0755. Apply these settings once instead of twice. Bug: 213617178 Test: Ran ls -ld /sys/fs/cgroup in Cuttlefish. Change-Id: Ieb953c186c027b989599cbbaa70a9c9324678cdf Signed-off-by: Bart Van Assche --- libprocessgroup/profiles/cgroups.json | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libprocessgroup/profiles/cgroups.json b/libprocessgroup/profiles/cgroups.json index 063422091..1c833d86f 100644 --- a/libprocessgroup/profiles/cgroups.json +++ b/libprocessgroup/profiles/cgroups.json @@ -38,10 +38,7 @@ "Controllers": [ { "Controller": "freezer", - "Path": ".", - "Mode": "0755", - "UID": "system", - "GID": "system" + "Path": "." } ] } From 990194fe2fce44496ad8e9f9031d47bf9557127e Mon Sep 17 00:00:00 2001 From: Bart Van Assche Date: Thu, 10 Mar 2022 21:43:22 +0000 Subject: [PATCH 2/3] Fix cgroup directory permissions Cgroup attributes are set from three different contexts: (1) From the process that creates the cgroup directories. These processes are /system/bin/init, zygote and zygote64. (2) From the created process. Some but not all created processes have user ID and/or group ID 'system'. (3) The system_server process modifies certain cgroup attributes from other processes. Allow all processes from the system group, including system_server, to modify cgroup attributes from other processes. As one can see in init.rc, that file includes commands for granting the system group write permission for blkcg attributes. See also https://cs.android.com/android/platform/superproject/+/master:system/core/rootdir/init.rc Bug: 213617178 Test: Verified in the Cuttlefish emulator that this patch makes the Test: io.bfq.weight write errors disappear from logcat. Change-Id: Idbfb49c25afec12b21daea7a17db5322bc981ff0 Signed-off-by: Bart Van Assche --- libprocessgroup/profiles/cgroups.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libprocessgroup/profiles/cgroups.json b/libprocessgroup/profiles/cgroups.json index 1c833d86f..3e4393df2 100644 --- a/libprocessgroup/profiles/cgroups.json +++ b/libprocessgroup/profiles/cgroups.json @@ -3,7 +3,7 @@ { "Controller": "blkio", "Path": "/dev/blkio", - "Mode": "0755", + "Mode": "0775", "UID": "system", "GID": "system" }, @@ -32,7 +32,7 @@ ], "Cgroups2": { "Path": "/sys/fs/cgroup", - "Mode": "0755", + "Mode": "0775", "UID": "system", "GID": "system", "Controllers": [ From 32a9b1c320d7da18459cf8a49d2d40a29150dc1f Mon Sep 17 00:00:00 2001 From: Bart Van Assche Date: Thu, 10 Mar 2022 21:42:40 +0000 Subject: [PATCH 3/3] Use uid_t for user IDs and gid_t for group IDs This patch makes the intent of the code more clear without changing any functionality since uid_t and gid_t are both aliases for uint32_t on Android systems. See also https://cs.android.com/android/platform/superproject/+/master:bionic/libc/include/sys/types.h Bug: 213617178 Test: Compile-tested only. Change-Id: Ib5012456a7357e79368f00e71e9a280fd6f96063 Signed-off-by: Bart Van Assche --- libprocessgroup/processgroup.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libprocessgroup/processgroup.cpp b/libprocessgroup/processgroup.cpp index 76d5e138f..96b5537c9 100644 --- a/libprocessgroup/processgroup.cpp +++ b/libprocessgroup/processgroup.cpp @@ -442,8 +442,8 @@ static int createProcessGroupInternal(uid_t uid, int initialPid, std::string cgr struct stat cgroup_stat; mode_t cgroup_mode = 0750; - gid_t cgroup_uid = AID_SYSTEM; - uid_t cgroup_gid = AID_SYSTEM; + uid_t cgroup_uid = AID_SYSTEM; + gid_t cgroup_gid = AID_SYSTEM; int ret = 0; if (stat(cgroup.c_str(), &cgroup_stat) == 1) {