Merge "lmkd: limit capability set to minimum" am: 01ce44b734
am: c2d4d08be2
Change-Id: Ic97ab3c4312d260c2aa8c7a30e203564cd72f61a
This commit is contained in:
Mark Salyzyn
android-build-merger
commit
7977e3d24d
4 changed files with 21 additions and 4 deletions
|
|
@ -129,6 +129,7 @@
|
||||||
#define AID_STATSD 1066 /* statsd daemon */
|
#define AID_STATSD 1066 /* statsd daemon */
|
||||||
#define AID_INCIDENTD 1067 /* incidentd daemon */
|
#define AID_INCIDENTD 1067 /* incidentd daemon */
|
||||||
#define AID_SECURE_ELEMENT 1068 /* secure element subsystem */
|
#define AID_SECURE_ELEMENT 1068 /* secure element subsystem */
|
||||||
|
#define AID_LMKD 1069 /* low memory killer daemon */
|
||||||
/* Changes to this file must be made in AOSP, *not* in internal branches. */
|
/* Changes to this file must be made in AOSP, *not* in internal branches. */
|
||||||
|
|
||||||
#define AID_SHELL 2000 /* adb and debug shell user */
|
#define AID_SHELL 2000 /* adb and debug shell user */
|
||||||
|
|
|
||||||
17
lmkd/lmkd.c
17
lmkd/lmkd.c
|
|
@ -72,6 +72,7 @@
|
||||||
#define MEMINFO_PATH "/proc/meminfo"
|
#define MEMINFO_PATH "/proc/meminfo"
|
||||||
#define LINE_MAX 128
|
#define LINE_MAX 128
|
||||||
|
|
||||||
|
/* gid containing AID_SYSTEM required */
|
||||||
#define INKERNEL_MINFREE_PATH "/sys/module/lowmemorykiller/parameters/minfree"
|
#define INKERNEL_MINFREE_PATH "/sys/module/lowmemorykiller/parameters/minfree"
|
||||||
#define INKERNEL_ADJ_PATH "/sys/module/lowmemorykiller/parameters/adj"
|
#define INKERNEL_ADJ_PATH "/sys/module/lowmemorykiller/parameters/adj"
|
||||||
|
|
||||||
|
|
@ -464,6 +465,9 @@ static void cmd_procprio(LMKD_CTRL_PACKET packet) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* gid containing AID_READPROC required */
|
||||||
|
/* CAP_SYS_RESOURCE required */
|
||||||
|
/* CAP_DAC_OVERRIDE required */
|
||||||
snprintf(path, sizeof(path), "/proc/%d/oom_score_adj", params.pid);
|
snprintf(path, sizeof(path), "/proc/%d/oom_score_adj", params.pid);
|
||||||
snprintf(val, sizeof(val), "%d", params.oomadj);
|
snprintf(val, sizeof(val), "%d", params.oomadj);
|
||||||
if (!writefilestring(path, val, false)) {
|
if (!writefilestring(path, val, false)) {
|
||||||
|
|
@ -505,8 +509,7 @@ static void cmd_procprio(LMKD_CTRL_PACKET packet) {
|
||||||
soft_limit_mult = 64;
|
soft_limit_mult = 64;
|
||||||
}
|
}
|
||||||
|
|
||||||
snprintf(path, sizeof(path),
|
snprintf(path, sizeof(path), MEMCG_SYSFS_PATH "apps/uid_%d/pid_%d/memory.soft_limit_in_bytes",
|
||||||
"/dev/memcg/apps/uid_%d/pid_%d/memory.soft_limit_in_bytes",
|
|
||||||
params.uid, params.pid);
|
params.uid, params.pid);
|
||||||
snprintf(val, sizeof(val), "%d", soft_limit_mult * EIGHT_MEGA);
|
snprintf(val, sizeof(val), "%d", soft_limit_mult * EIGHT_MEGA);
|
||||||
|
|
||||||
|
|
@ -913,6 +916,7 @@ static int proc_get_size(int pid) {
|
||||||
int total;
|
int total;
|
||||||
ssize_t ret;
|
ssize_t ret;
|
||||||
|
|
||||||
|
/* gid containing AID_READPROC required */
|
||||||
snprintf(path, PATH_MAX, "/proc/%d/statm", pid);
|
snprintf(path, PATH_MAX, "/proc/%d/statm", pid);
|
||||||
fd = open(path, O_RDONLY | O_CLOEXEC);
|
fd = open(path, O_RDONLY | O_CLOEXEC);
|
||||||
if (fd == -1)
|
if (fd == -1)
|
||||||
|
|
@ -936,6 +940,7 @@ static char *proc_get_name(int pid) {
|
||||||
char *cp;
|
char *cp;
|
||||||
ssize_t ret;
|
ssize_t ret;
|
||||||
|
|
||||||
|
/* gid containing AID_READPROC required */
|
||||||
snprintf(path, PATH_MAX, "/proc/%d/cmdline", pid);
|
snprintf(path, PATH_MAX, "/proc/%d/cmdline", pid);
|
||||||
fd = open(path, O_RDONLY | O_CLOEXEC);
|
fd = open(path, O_RDONLY | O_CLOEXEC);
|
||||||
if (fd == -1)
|
if (fd == -1)
|
||||||
|
|
@ -1014,6 +1019,7 @@ static int kill_one_process(struct proc* procp, int min_score_adj,
|
||||||
|
|
||||||
TRACE_KILL_START(pid);
|
TRACE_KILL_START(pid);
|
||||||
|
|
||||||
|
/* CAP_KILL required */
|
||||||
r = kill(pid, SIGKILL);
|
r = kill(pid, SIGKILL);
|
||||||
ALOGI(
|
ALOGI(
|
||||||
"Killing '%s' (%d), uid %d, adj %d\n"
|
"Killing '%s' (%d), uid %d, adj %d\n"
|
||||||
|
|
@ -1360,6 +1366,7 @@ static bool init_mp_common(enum vmpressure_level level) {
|
||||||
int level_idx = (int)level;
|
int level_idx = (int)level;
|
||||||
const char *levelstr = level_name[level_idx];
|
const char *levelstr = level_name[level_idx];
|
||||||
|
|
||||||
|
/* gid containing AID_SYSTEM required */
|
||||||
mpfd = open(MEMCG_SYSFS_PATH "memory.pressure_level", O_RDONLY | O_CLOEXEC);
|
mpfd = open(MEMCG_SYSFS_PATH "memory.pressure_level", O_RDONLY | O_CLOEXEC);
|
||||||
if (mpfd < 0) {
|
if (mpfd < 0) {
|
||||||
ALOGI("No kernel memory.pressure_level support (errno=%d)", errno);
|
ALOGI("No kernel memory.pressure_level support (errno=%d)", errno);
|
||||||
|
|
@ -1575,11 +1582,15 @@ int main(int argc __unused, char **argv __unused) {
|
||||||
* pins ⊆ MCL_CURRENT, converging to just MCL_CURRENT as we fault
|
* pins ⊆ MCL_CURRENT, converging to just MCL_CURRENT as we fault
|
||||||
* in pages.
|
* in pages.
|
||||||
*/
|
*/
|
||||||
|
/* CAP_IPC_LOCK required */
|
||||||
if (mlockall(MCL_CURRENT | MCL_FUTURE | MCL_ONFAULT) && (errno != EINVAL)) {
|
if (mlockall(MCL_CURRENT | MCL_FUTURE | MCL_ONFAULT) && (errno != EINVAL)) {
|
||||||
ALOGW("mlockall failed %s", strerror(errno));
|
ALOGW("mlockall failed %s", strerror(errno));
|
||||||
}
|
}
|
||||||
|
|
||||||
sched_setscheduler(0, SCHED_FIFO, ¶m);
|
/* CAP_NICE required */
|
||||||
|
if (sched_setscheduler(0, SCHED_FIFO, ¶m)) {
|
||||||
|
ALOGW("set SCHED_FIFO failed %s", strerror(errno));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
mainloop();
|
mainloop();
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
service lmkd /system/bin/lmkd
|
service lmkd /system/bin/lmkd
|
||||||
class core
|
class core
|
||||||
group root readproc
|
user lmkd
|
||||||
|
group lmkd system readproc
|
||||||
|
capabilities DAC_OVERRIDE KILL IPC_LOCK SYS_NICE SYS_RESOURCE
|
||||||
critical
|
critical
|
||||||
socket lmkd seqpacket 0660 system system
|
socket lmkd seqpacket 0660 system system
|
||||||
writepid /dev/cpuset/system-background/tasks
|
writepid /dev/cpuset/system-background/tasks
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,9 @@ on early-init
|
||||||
# root memory control cgroup, used by lmkd
|
# root memory control cgroup, used by lmkd
|
||||||
mkdir /dev/memcg 0700 root system
|
mkdir /dev/memcg 0700 root system
|
||||||
mount cgroup none /dev/memcg nodev noexec nosuid memory
|
mount cgroup none /dev/memcg nodev noexec nosuid memory
|
||||||
|
# memory.pressure_level used by lmkd
|
||||||
|
chown root system /dev/memcg/memory.pressure_level
|
||||||
|
chmod 0040 /dev/memcg/memory.pressure_level
|
||||||
# app mem cgroups, used by activity manager, lmkd and zygote
|
# app mem cgroups, used by activity manager, lmkd and zygote
|
||||||
mkdir /dev/memcg/apps/ 0755 system system
|
mkdir /dev/memcg/apps/ 0755 system system
|
||||||
# cgroup for system_server and surfaceflinger
|
# cgroup for system_server and surfaceflinger
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue