1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 //#define LOG_NDEBUG 0
18 #define LOG_TAG "libprocessgroup"
19
20 #include <task_profiles.h>
21
22 #include <map>
23 #include <optional>
24 #include <string>
25
26 #include <dirent.h>
27 #include <fcntl.h>
28 #include <sched.h>
29 #include <sys/resource.h>
30 #include <unistd.h>
31
32 #include <android-base/file.h>
33 #include <android-base/logging.h>
34 #include <android-base/properties.h>
35 #include <android-base/stringprintf.h>
36 #include <android-base/strings.h>
37 #include <android-base/threads.h>
38
39 #include <build_flags.h>
40
41 #include <cutils/android_filesystem_config.h>
42
43 #include <json/reader.h>
44 #include <json/value.h>
45
46 using android::base::GetThreadId;
47 using android::base::GetUintProperty;
48 using android::base::StringPrintf;
49 using android::base::StringReplace;
50 using android::base::unique_fd;
51 using android::base::WriteStringToFile;
52
53 static constexpr const char* TASK_PROFILE_DB_FILE = "/etc/task_profiles.json";
54 static constexpr const char* TASK_PROFILE_DB_VENDOR_FILE = "/vendor/etc/task_profiles.json";
55
56 static constexpr const char* TEMPLATE_TASK_PROFILE_API_FILE =
57 "/etc/task_profiles/task_profiles_%u.json";
58 namespace {
59
60 class FdCacheHelper {
61 public:
62 enum FdState {
63 FDS_INACCESSIBLE = -1,
64 FDS_APP_DEPENDENT = -2,
65 FDS_NOT_CACHED = -3,
66 };
67
68 static void Cache(const std::string& path, android::base::unique_fd& fd);
69
70 static void Drop(android::base::unique_fd& fd);
71
72 static void Init(const std::string& path, android::base::unique_fd& fd);
73
IsCached(const android::base::unique_fd & fd)74 static bool IsCached(const android::base::unique_fd& fd) { return fd > FDS_INACCESSIBLE; }
75
76 private:
77 static bool IsAppDependentPath(const std::string& path);
78 };
79
Init(const std::string & path,android::base::unique_fd & fd)80 void FdCacheHelper::Init(const std::string& path, android::base::unique_fd& fd) {
81 // file descriptors for app-dependent paths can't be cached
82 if (IsAppDependentPath(path)) {
83 // file descriptor is not cached
84 fd.reset(FDS_APP_DEPENDENT);
85 return;
86 }
87 // file descriptor can be cached later on request
88 fd.reset(FDS_NOT_CACHED);
89 }
90
Cache(const std::string & path,android::base::unique_fd & fd)91 void FdCacheHelper::Cache(const std::string& path, android::base::unique_fd& fd) {
92 if (fd != FDS_NOT_CACHED) {
93 return;
94 }
95
96 if (access(path.c_str(), W_OK) != 0) {
97 // file is not accessible
98 fd.reset(FDS_INACCESSIBLE);
99 return;
100 }
101
102 unique_fd tmp_fd(TEMP_FAILURE_RETRY(open(path.c_str(), O_WRONLY | O_CLOEXEC)));
103 if (tmp_fd < 0) {
104 PLOG(ERROR) << "Failed to cache fd '" << path << "'";
105 fd.reset(FDS_INACCESSIBLE);
106 return;
107 }
108
109 fd = std::move(tmp_fd);
110 }
111
Drop(android::base::unique_fd & fd)112 void FdCacheHelper::Drop(android::base::unique_fd& fd) {
113 if (fd == FDS_NOT_CACHED) {
114 return;
115 }
116
117 fd.reset(FDS_NOT_CACHED);
118 }
119
IsAppDependentPath(const std::string & path)120 bool FdCacheHelper::IsAppDependentPath(const std::string& path) {
121 return path.find("<uid>", 0) != std::string::npos || path.find("<pid>", 0) != std::string::npos;
122 }
123
readLong(const std::string & str)124 std::optional<long> readLong(const std::string& str) {
125 char* end;
126 const long result = strtol(str.c_str(), &end, 10);
127 if (end > str.c_str()) {
128 return result;
129 }
130 return std::nullopt;
131 }
132
133 } // namespace
134
135 IProfileAttribute::~IProfileAttribute() = default;
136
file_name() const137 const std::string& ProfileAttribute::file_name() const {
138 if (controller()->version() == 2 && !file_v2_name_.empty()) return file_v2_name_;
139 return file_name_;
140 }
141
Reset(const CgroupControllerWrapper & controller,const std::string & file_name,const std::string & file_v2_name)142 void ProfileAttribute::Reset(const CgroupControllerWrapper& controller,
143 const std::string& file_name, const std::string& file_v2_name) {
144 controller_ = controller;
145 file_name_ = file_name;
146 file_v2_name_ = file_v2_name;
147 }
148
isSystemApp(uid_t uid)149 static bool isSystemApp(uid_t uid) {
150 return uid < AID_APP_START;
151 }
152
ConvertUidToPath(const char * root_cgroup_path,uid_t uid)153 std::string ConvertUidToPath(const char* root_cgroup_path, uid_t uid) {
154 if (android::libprocessgroup_flags::cgroup_v2_sys_app_isolation()) {
155 if (isSystemApp(uid))
156 return StringPrintf("%s/system/uid_%u", root_cgroup_path, uid);
157 else
158 return StringPrintf("%s/apps/uid_%u", root_cgroup_path, uid);
159 }
160 return StringPrintf("%s/uid_%u", root_cgroup_path, uid);
161 }
162
ConvertUidPidToPath(const char * root_cgroup_path,uid_t uid,pid_t pid)163 std::string ConvertUidPidToPath(const char* root_cgroup_path, uid_t uid, pid_t pid) {
164 const std::string uid_path = ConvertUidToPath(root_cgroup_path, uid);
165 return StringPrintf("%s/pid_%d", uid_path.c_str(), pid);
166 }
167
GetPathForProcess(uid_t uid,pid_t pid,std::string * path) const168 bool ProfileAttribute::GetPathForProcess(uid_t uid, pid_t pid, std::string* path) const {
169 if (controller()->version() == 2) {
170 const std::string cgroup_path = ConvertUidPidToPath(controller()->path(), uid, pid);
171 *path = cgroup_path + "/" + file_name();
172 return true;
173 }
174 return GetPathForTask(pid, path);
175 }
176
GetPathForTask(pid_t tid,std::string * path) const177 bool ProfileAttribute::GetPathForTask(pid_t tid, std::string* path) const {
178 std::string subgroup;
179 if (!controller()->GetTaskGroup(tid, &subgroup)) {
180 return false;
181 }
182
183 if (path == nullptr) {
184 return true;
185 }
186
187 if (subgroup.empty()) {
188 *path = StringPrintf("%s/%s", controller()->path(), file_name().c_str());
189 } else {
190 *path = StringPrintf("%s/%s/%s", controller()->path(), subgroup.c_str(),
191 file_name().c_str());
192 }
193 return true;
194 }
195
196 // NOTE: This function is for cgroup v2 only
GetPathForUID(uid_t uid,std::string * path) const197 bool ProfileAttribute::GetPathForUID(uid_t uid, std::string* path) const {
198 if (path == nullptr) {
199 return true;
200 }
201
202 const std::string cgroup_path = ConvertUidToPath(controller()->path(), uid);
203 *path = cgroup_path + "/" + file_name();
204 return true;
205 }
206
ExecuteForTask(pid_t tid) const207 bool SetTimerSlackAction::ExecuteForTask(pid_t tid) const {
208 const auto file = StringPrintf("/proc/%d/timerslack_ns", tid);
209 if (!WriteStringToFile(std::to_string(slack_), file)) {
210 if (errno == ENOENT) {
211 // This happens when process is already dead
212 return true;
213 }
214 PLOG(ERROR) << "set_timerslack_ns write failed";
215 return false;
216 }
217
218 return true;
219 }
220
WriteValueToFile(const std::string & path) const221 bool SetAttributeAction::WriteValueToFile(const std::string& path) const {
222 if (!WriteStringToFile(value_, path)) {
223 if (access(path.c_str(), F_OK) < 0) {
224 if (optional_) {
225 return true;
226 } else {
227 LOG(ERROR) << "No such cgroup attribute: " << path;
228 return false;
229 }
230 }
231 // The PLOG() statement below uses the error code stored in `errno` by
232 // WriteStringToFile() because access() only overwrites `errno` if it fails
233 // and because this code is only reached if the access() function returns 0.
234 PLOG(ERROR) << "Failed to write '" << value_ << "' to " << path;
235 return false;
236 }
237
238 return true;
239 }
240
ExecuteForProcess(uid_t uid,pid_t pid) const241 bool SetAttributeAction::ExecuteForProcess(uid_t uid, pid_t pid) const {
242 std::string path;
243
244 if (!attribute_->GetPathForProcess(uid, pid, &path)) {
245 LOG(ERROR) << "Failed to find cgroup for uid " << uid << " pid " << pid;
246 return false;
247 }
248
249 return WriteValueToFile(path);
250 }
251
ExecuteForTask(pid_t tid) const252 bool SetAttributeAction::ExecuteForTask(pid_t tid) const {
253 std::string path;
254
255 if (!attribute_->GetPathForTask(tid, &path)) {
256 LOG(ERROR) << "Failed to find cgroup for tid " << tid;
257 return false;
258 }
259
260 return WriteValueToFile(path);
261 }
262
ExecuteForUID(uid_t uid) const263 bool SetAttributeAction::ExecuteForUID(uid_t uid) const {
264 std::string path;
265
266 if (!attribute_->GetPathForUID(uid, &path)) {
267 LOG(ERROR) << "Failed to find cgroup for uid " << uid;
268 return false;
269 }
270
271 if (!WriteStringToFile(value_, path)) {
272 if (access(path.c_str(), F_OK) < 0) {
273 if (optional_) {
274 return true;
275 } else {
276 LOG(ERROR) << "No such cgroup attribute: " << path;
277 return false;
278 }
279 }
280 PLOG(ERROR) << "Failed to write '" << value_ << "' to " << path;
281 return false;
282 }
283 return true;
284 }
285
IsValidForProcess(uid_t,pid_t pid) const286 bool SetAttributeAction::IsValidForProcess(uid_t, pid_t pid) const {
287 return IsValidForTask(pid);
288 }
289
IsValidForTask(pid_t tid) const290 bool SetAttributeAction::IsValidForTask(pid_t tid) const {
291 std::string path;
292
293 if (!attribute_->GetPathForTask(tid, &path)) {
294 return false;
295 }
296
297 if (!access(path.c_str(), W_OK)) {
298 // operation will succeed
299 return true;
300 }
301
302 if (!access(path.c_str(), F_OK)) {
303 // file exists but not writable
304 return false;
305 }
306
307 // file does not exist, ignore if optional
308 return optional_;
309 }
310
SetCgroupAction(const CgroupControllerWrapper & c,const std::string & p)311 SetCgroupAction::SetCgroupAction(const CgroupControllerWrapper& c, const std::string& p)
312 : controller_(c), path_(p) {
313 FdCacheHelper::Init(controller_.GetTasksFilePath(path_), fd_[ProfileAction::RCT_TASK]);
314 // uid and pid don't matter because IsAppDependentPath ensures the path doesn't use them
315 FdCacheHelper::Init(controller_.GetProcsFilePath(path_, 0, 0), fd_[ProfileAction::RCT_PROCESS]);
316 }
317
AddTidToCgroup(pid_t tid,int fd,ResourceCacheType cache_type) const318 bool SetCgroupAction::AddTidToCgroup(pid_t tid, int fd, ResourceCacheType cache_type) const {
319 if (tid <= 0) {
320 return true;
321 }
322
323 std::string value = std::to_string(tid);
324
325 if (TEMP_FAILURE_RETRY(write(fd, value.c_str(), value.length())) == value.length()) {
326 return true;
327 }
328
329 // If the thread is in the process of exiting, don't flag an error
330 if (errno == ESRCH) {
331 return true;
332 }
333
334 const char* controller_name = controller()->name();
335 // ENOSPC is returned when cpuset cgroup that we are joining has no online cpus
336 if (errno == ENOSPC && !strcmp(controller_name, "cpuset")) {
337 // This is an abnormal case happening only in testing, so report it only once
338 static bool empty_cpuset_reported = false;
339
340 if (empty_cpuset_reported) {
341 return true;
342 }
343
344 LOG(ERROR) << "Failed to add task '" << value
345 << "' into cpuset because all cpus in that cpuset are offline";
346 empty_cpuset_reported = true;
347 } else {
348 PLOG(ERROR) << "AddTidToCgroup failed to write '" << value << "'; path=" << path_ << "; "
349 << (cache_type == RCT_TASK ? "task" : "process");
350 }
351
352 return false;
353 }
354
UseCachedFd(ResourceCacheType cache_type,int id) const355 ProfileAction::CacheUseResult SetCgroupAction::UseCachedFd(ResourceCacheType cache_type,
356 int id) const {
357 std::lock_guard<std::mutex> lock(fd_mutex_);
358 if (FdCacheHelper::IsCached(fd_[cache_type])) {
359 // fd is cached, reuse it
360 if (!AddTidToCgroup(id, fd_[cache_type], cache_type)) {
361 LOG(ERROR) << "Failed to add task into cgroup";
362 return ProfileAction::FAIL;
363 }
364 return ProfileAction::SUCCESS;
365 }
366
367 if (fd_[cache_type] == FdCacheHelper::FDS_INACCESSIBLE) {
368 // no permissions to access the file, ignore
369 return ProfileAction::SUCCESS;
370 }
371
372 if (cache_type == ResourceCacheType::RCT_TASK &&
373 fd_[cache_type] == FdCacheHelper::FDS_APP_DEPENDENT) {
374 // application-dependent path can't be used with tid
375 LOG(ERROR) << Name() << ": application profile can't be applied to a thread";
376 return ProfileAction::FAIL;
377 }
378
379 return ProfileAction::UNUSED;
380 }
381
ExecuteForProcess(uid_t uid,pid_t pid) const382 bool SetCgroupAction::ExecuteForProcess(uid_t uid, pid_t pid) const {
383 CacheUseResult result = UseCachedFd(ProfileAction::RCT_PROCESS, pid);
384 if (result != ProfileAction::UNUSED) {
385 return result == ProfileAction::SUCCESS;
386 }
387
388 // fd was not cached or cached fd can't be used
389 std::string procs_path = controller()->GetProcsFilePath(path_, uid, pid);
390 unique_fd tmp_fd(TEMP_FAILURE_RETRY(open(procs_path.c_str(), O_WRONLY | O_CLOEXEC)));
391 if (tmp_fd < 0) {
392 PLOG(WARNING) << Name() << "::" << __func__ << ": failed to open " << procs_path;
393 return false;
394 }
395 if (!AddTidToCgroup(pid, tmp_fd, RCT_PROCESS)) {
396 LOG(ERROR) << "Failed to add task into cgroup";
397 return false;
398 }
399
400 return true;
401 }
402
ExecuteForTask(pid_t tid) const403 bool SetCgroupAction::ExecuteForTask(pid_t tid) const {
404 CacheUseResult result = UseCachedFd(ProfileAction::RCT_TASK, tid);
405 if (result != ProfileAction::UNUSED) {
406 return result == ProfileAction::SUCCESS;
407 }
408
409 // fd was not cached or cached fd can't be used
410 std::string tasks_path = controller()->GetTasksFilePath(path_);
411 unique_fd tmp_fd(TEMP_FAILURE_RETRY(open(tasks_path.c_str(), O_WRONLY | O_CLOEXEC)));
412 if (tmp_fd < 0) {
413 PLOG(WARNING) << Name() << "::" << __func__ << ": failed to open " << tasks_path;
414 return false;
415 }
416 if (!AddTidToCgroup(tid, tmp_fd, RCT_TASK)) {
417 LOG(ERROR) << "Failed to add task into cgroup";
418 return false;
419 }
420
421 return true;
422 }
423
EnableResourceCaching(ResourceCacheType cache_type)424 void SetCgroupAction::EnableResourceCaching(ResourceCacheType cache_type) {
425 std::lock_guard<std::mutex> lock(fd_mutex_);
426 // Return early to prevent unnecessary calls to controller_.Get{Tasks|Procs}FilePath() which
427 // include regex evaluations
428 if (fd_[cache_type] != FdCacheHelper::FDS_NOT_CACHED) {
429 return;
430 }
431 switch (cache_type) {
432 case (ProfileAction::RCT_TASK):
433 FdCacheHelper::Cache(controller_.GetTasksFilePath(path_), fd_[cache_type]);
434 break;
435 case (ProfileAction::RCT_PROCESS):
436 // uid and pid don't matter because IsAppDependentPath ensures the path doesn't use them
437 FdCacheHelper::Cache(controller_.GetProcsFilePath(path_, 0, 0), fd_[cache_type]);
438 break;
439 default:
440 LOG(ERROR) << "Invalid cache type is specified!";
441 break;
442 }
443 }
444
DropResourceCaching(ResourceCacheType cache_type)445 void SetCgroupAction::DropResourceCaching(ResourceCacheType cache_type) {
446 std::lock_guard<std::mutex> lock(fd_mutex_);
447 FdCacheHelper::Drop(fd_[cache_type]);
448 }
449
IsValidForProcess(uid_t uid,pid_t pid) const450 bool SetCgroupAction::IsValidForProcess(uid_t uid, pid_t pid) const {
451 std::lock_guard<std::mutex> lock(fd_mutex_);
452 if (FdCacheHelper::IsCached(fd_[ProfileAction::RCT_PROCESS])) {
453 return true;
454 }
455
456 if (fd_[ProfileAction::RCT_PROCESS] == FdCacheHelper::FDS_INACCESSIBLE) {
457 return false;
458 }
459
460 std::string procs_path = controller()->GetProcsFilePath(path_, uid, pid);
461 return access(procs_path.c_str(), W_OK) == 0;
462 }
463
IsValidForTask(int) const464 bool SetCgroupAction::IsValidForTask(int) const {
465 std::lock_guard<std::mutex> lock(fd_mutex_);
466 if (FdCacheHelper::IsCached(fd_[ProfileAction::RCT_TASK])) {
467 return true;
468 }
469
470 if (fd_[ProfileAction::RCT_TASK] == FdCacheHelper::FDS_INACCESSIBLE) {
471 return false;
472 }
473
474 if (fd_[ProfileAction::RCT_TASK] == FdCacheHelper::FDS_APP_DEPENDENT) {
475 // application-dependent path can't be used with tid
476 return false;
477 }
478
479 std::string tasks_path = controller()->GetTasksFilePath(path_);
480 return access(tasks_path.c_str(), W_OK) == 0;
481 }
482
WriteFileAction(const std::string & task_path,const std::string & proc_path,const std::string & value,bool logfailures)483 WriteFileAction::WriteFileAction(const std::string& task_path, const std::string& proc_path,
484 const std::string& value, bool logfailures)
485 : task_path_(task_path), proc_path_(proc_path), value_(value), logfailures_(logfailures) {
486 FdCacheHelper::Init(task_path_, fd_[ProfileAction::RCT_TASK]);
487 if (!proc_path_.empty()) FdCacheHelper::Init(proc_path_, fd_[ProfileAction::RCT_PROCESS]);
488 }
489
WriteValueToFile(const std::string & value_,ResourceCacheType cache_type,uid_t uid,pid_t pid,bool logfailures) const490 bool WriteFileAction::WriteValueToFile(const std::string& value_, ResourceCacheType cache_type,
491 uid_t uid, pid_t pid, bool logfailures) const {
492 std::string value(value_);
493
494 value = StringReplace(value, "<uid>", std::to_string(uid), true);
495 value = StringReplace(value, "<pid>", std::to_string(pid), true);
496
497 CacheUseResult result = UseCachedFd(cache_type, value);
498
499 if (result != ProfileAction::UNUSED) {
500 return result == ProfileAction::SUCCESS;
501 }
502
503 std::string path;
504 if (cache_type == ProfileAction::RCT_TASK || proc_path_.empty()) {
505 path = task_path_;
506 } else {
507 path = proc_path_;
508 }
509
510 // Use WriteStringToFd instead of WriteStringToFile because the latter will open file with
511 // O_TRUNC which causes kernfs_mutex contention
512 unique_fd tmp_fd(TEMP_FAILURE_RETRY(open(path.c_str(), O_WRONLY | O_CLOEXEC)));
513
514 if (tmp_fd < 0) {
515 if (logfailures) PLOG(WARNING) << Name() << "::" << __func__ << ": failed to open " << path;
516 return false;
517 }
518
519 if (!WriteStringToFd(value, tmp_fd)) {
520 if (logfailures) PLOG(ERROR) << "Failed to write '" << value << "' to " << path;
521 return false;
522 }
523
524 return true;
525 }
526
UseCachedFd(ResourceCacheType cache_type,const std::string & value) const527 ProfileAction::CacheUseResult WriteFileAction::UseCachedFd(ResourceCacheType cache_type,
528 const std::string& value) const {
529 std::lock_guard<std::mutex> lock(fd_mutex_);
530 if (FdCacheHelper::IsCached(fd_[cache_type])) {
531 // fd is cached, reuse it
532 bool ret = WriteStringToFd(value, fd_[cache_type]);
533
534 if (!ret && logfailures_) {
535 if (cache_type == ProfileAction::RCT_TASK || proc_path_.empty()) {
536 PLOG(ERROR) << "Failed to write '" << value << "' to " << task_path_;
537 } else {
538 PLOG(ERROR) << "Failed to write '" << value << "' to " << proc_path_;
539 }
540 }
541 return ret ? ProfileAction::SUCCESS : ProfileAction::FAIL;
542 }
543
544 if (fd_[cache_type] == FdCacheHelper::FDS_INACCESSIBLE) {
545 // no permissions to access the file, ignore
546 return ProfileAction::SUCCESS;
547 }
548
549 if (cache_type == ResourceCacheType::RCT_TASK &&
550 fd_[cache_type] == FdCacheHelper::FDS_APP_DEPENDENT) {
551 // application-dependent path can't be used with tid
552 LOG(ERROR) << Name() << ": application profile can't be applied to a thread";
553 return ProfileAction::FAIL;
554 }
555 return ProfileAction::UNUSED;
556 }
557
ExecuteForProcess(uid_t uid,pid_t pid) const558 bool WriteFileAction::ExecuteForProcess(uid_t uid, pid_t pid) const {
559 if (!proc_path_.empty()) {
560 return WriteValueToFile(value_, ProfileAction::RCT_PROCESS, uid, pid, logfailures_);
561 }
562
563 DIR* d;
564 struct dirent* de;
565 char proc_path[255];
566 pid_t t_pid;
567
568 sprintf(proc_path, "/proc/%d/task", pid);
569 if (!(d = opendir(proc_path))) {
570 return false;
571 }
572
573 while ((de = readdir(d))) {
574 if (de->d_name[0] == '.') {
575 continue;
576 }
577
578 t_pid = atoi(de->d_name);
579
580 if (!t_pid) {
581 continue;
582 }
583
584 WriteValueToFile(value_, ProfileAction::RCT_TASK, uid, t_pid, logfailures_);
585 }
586
587 closedir(d);
588
589 return true;
590 }
591
ExecuteForTask(pid_t tid) const592 bool WriteFileAction::ExecuteForTask(pid_t tid) const {
593 return WriteValueToFile(value_, ProfileAction::RCT_TASK, getuid(), tid, logfailures_);
594 }
595
EnableResourceCaching(ResourceCacheType cache_type)596 void WriteFileAction::EnableResourceCaching(ResourceCacheType cache_type) {
597 std::lock_guard<std::mutex> lock(fd_mutex_);
598 if (fd_[cache_type] != FdCacheHelper::FDS_NOT_CACHED) {
599 return;
600 }
601 switch (cache_type) {
602 case (ProfileAction::RCT_TASK):
603 FdCacheHelper::Cache(task_path_, fd_[cache_type]);
604 break;
605 case (ProfileAction::RCT_PROCESS):
606 if (!proc_path_.empty()) FdCacheHelper::Cache(proc_path_, fd_[cache_type]);
607 break;
608 default:
609 LOG(ERROR) << "Invalid cache type is specified!";
610 break;
611 }
612 }
613
DropResourceCaching(ResourceCacheType cache_type)614 void WriteFileAction::DropResourceCaching(ResourceCacheType cache_type) {
615 std::lock_guard<std::mutex> lock(fd_mutex_);
616 FdCacheHelper::Drop(fd_[cache_type]);
617 }
618
IsValidForProcess(uid_t,pid_t) const619 bool WriteFileAction::IsValidForProcess(uid_t, pid_t) const {
620 std::lock_guard<std::mutex> lock(fd_mutex_);
621 if (FdCacheHelper::IsCached(fd_[ProfileAction::RCT_PROCESS])) {
622 return true;
623 }
624
625 if (fd_[ProfileAction::RCT_PROCESS] == FdCacheHelper::FDS_INACCESSIBLE) {
626 return false;
627 }
628
629 return access(proc_path_.empty() ? task_path_.c_str() : proc_path_.c_str(), W_OK) == 0;
630 }
631
IsValidForTask(int) const632 bool WriteFileAction::IsValidForTask(int) const {
633 std::lock_guard<std::mutex> lock(fd_mutex_);
634 if (FdCacheHelper::IsCached(fd_[ProfileAction::RCT_TASK])) {
635 return true;
636 }
637
638 if (fd_[ProfileAction::RCT_TASK] == FdCacheHelper::FDS_INACCESSIBLE) {
639 return false;
640 }
641
642 if (fd_[ProfileAction::RCT_TASK] == FdCacheHelper::FDS_APP_DEPENDENT) {
643 // application-dependent path can't be used with tid
644 return false;
645 }
646
647 return access(task_path_.c_str(), W_OK) == 0;
648 }
649
isNormalPolicy(int policy)650 bool SetSchedulerPolicyAction::isNormalPolicy(int policy) {
651 return policy == SCHED_OTHER || policy == SCHED_BATCH || policy == SCHED_IDLE;
652 }
653
toPriority(int policy,int virtual_priority,int & priority_out)654 bool SetSchedulerPolicyAction::toPriority(int policy, int virtual_priority, int& priority_out) {
655 constexpr int VIRTUAL_PRIORITY_MIN = 1;
656 constexpr int VIRTUAL_PRIORITY_MAX = 99;
657
658 if (virtual_priority < VIRTUAL_PRIORITY_MIN || virtual_priority > VIRTUAL_PRIORITY_MAX) {
659 LOG(WARNING) << "SetSchedulerPolicy: invalid priority (" << virtual_priority
660 << ") for policy (" << policy << ")";
661 return false;
662 }
663
664 const int min = sched_get_priority_min(policy);
665 if (min == -1) {
666 PLOG(ERROR) << "SetSchedulerPolicy: Cannot get min sched priority for policy " << policy;
667 return false;
668 }
669
670 const int max = sched_get_priority_max(policy);
671 if (max == -1) {
672 PLOG(ERROR) << "SetSchedulerPolicy: Cannot get max sched priority for policy " << policy;
673 return false;
674 }
675
676 priority_out = min + (virtual_priority - VIRTUAL_PRIORITY_MIN) * (max - min) /
677 (VIRTUAL_PRIORITY_MAX - VIRTUAL_PRIORITY_MIN);
678
679 return true;
680 }
681
ExecuteForTask(pid_t tid) const682 bool SetSchedulerPolicyAction::ExecuteForTask(pid_t tid) const {
683 struct sched_param param = {};
684 param.sched_priority = isNormalPolicy(policy_) ? 0 : *priority_or_nice_;
685 if (sched_setscheduler(tid, policy_, ¶m) == -1) {
686 PLOG(WARNING) << "SetSchedulerPolicy: Failed to apply scheduler policy (" << policy_
687 << ") with priority (" << *priority_or_nice_ << ") to tid " << tid;
688 return false;
689 }
690
691 if (isNormalPolicy(policy_) && priority_or_nice_ &&
692 setpriority(PRIO_PROCESS, tid, *priority_or_nice_) == -1) {
693 PLOG(WARNING) << "SetSchedulerPolicy: Failed to apply nice (" << *priority_or_nice_
694 << ") to tid " << tid;
695 return false;
696 }
697
698 return true;
699 }
700
ExecuteForProcess(uid_t uid,pid_t pid) const701 bool ApplyProfileAction::ExecuteForProcess(uid_t uid, pid_t pid) const {
702 for (const auto& profile : profiles_) {
703 profile->ExecuteForProcess(uid, pid);
704 }
705 return true;
706 }
707
ExecuteForTask(pid_t tid) const708 bool ApplyProfileAction::ExecuteForTask(pid_t tid) const {
709 for (const auto& profile : profiles_) {
710 profile->ExecuteForTask(tid);
711 }
712 return true;
713 }
714
EnableResourceCaching(ResourceCacheType cache_type)715 void ApplyProfileAction::EnableResourceCaching(ResourceCacheType cache_type) {
716 for (const auto& profile : profiles_) {
717 profile->EnableResourceCaching(cache_type);
718 }
719 }
720
DropResourceCaching(ResourceCacheType cache_type)721 void ApplyProfileAction::DropResourceCaching(ResourceCacheType cache_type) {
722 for (const auto& profile : profiles_) {
723 profile->DropResourceCaching(cache_type);
724 }
725 }
726
IsValidForProcess(uid_t uid,pid_t pid) const727 bool ApplyProfileAction::IsValidForProcess(uid_t uid, pid_t pid) const {
728 for (const auto& profile : profiles_) {
729 if (!profile->IsValidForProcess(uid, pid)) {
730 return false;
731 }
732 }
733 return true;
734 }
735
IsValidForTask(pid_t tid) const736 bool ApplyProfileAction::IsValidForTask(pid_t tid) const {
737 for (const auto& profile : profiles_) {
738 if (!profile->IsValidForTask(tid)) {
739 return false;
740 }
741 }
742 return true;
743 }
744
MoveTo(TaskProfile * profile)745 void TaskProfile::MoveTo(TaskProfile* profile) {
746 profile->elements_ = std::move(elements_);
747 profile->res_cached_ = res_cached_;
748 }
749
ExecuteForProcess(uid_t uid,pid_t pid) const750 bool TaskProfile::ExecuteForProcess(uid_t uid, pid_t pid) const {
751 for (const auto& element : elements_) {
752 if (!element->ExecuteForProcess(uid, pid)) {
753 LOG(VERBOSE) << "Applying profile action " << element->Name() << " failed";
754 return false;
755 }
756 }
757 return true;
758 }
759
ExecuteForTask(pid_t tid) const760 bool TaskProfile::ExecuteForTask(pid_t tid) const {
761 if (tid == 0) {
762 tid = GetThreadId();
763 }
764 for (const auto& element : elements_) {
765 if (!element->ExecuteForTask(tid)) {
766 LOG(VERBOSE) << "Applying profile action " << element->Name() << " failed";
767 return false;
768 }
769 }
770 return true;
771 }
772
ExecuteForUID(uid_t uid) const773 bool TaskProfile::ExecuteForUID(uid_t uid) const {
774 for (const auto& element : elements_) {
775 if (!element->ExecuteForUID(uid)) {
776 LOG(VERBOSE) << "Applying profile action " << element->Name() << " failed";
777 return false;
778 }
779 }
780 return true;
781 }
782
EnableResourceCaching(ProfileAction::ResourceCacheType cache_type)783 void TaskProfile::EnableResourceCaching(ProfileAction::ResourceCacheType cache_type) {
784 if (res_cached_) {
785 return;
786 }
787
788 for (auto& element : elements_) {
789 element->EnableResourceCaching(cache_type);
790 }
791
792 res_cached_ = true;
793 }
794
DropResourceCaching(ProfileAction::ResourceCacheType cache_type)795 void TaskProfile::DropResourceCaching(ProfileAction::ResourceCacheType cache_type) {
796 if (!res_cached_) {
797 return;
798 }
799
800 for (auto& element : elements_) {
801 element->DropResourceCaching(cache_type);
802 }
803
804 res_cached_ = false;
805 }
806
IsValidForProcess(uid_t uid,pid_t pid) const807 bool TaskProfile::IsValidForProcess(uid_t uid, pid_t pid) const {
808 for (const auto& element : elements_) {
809 if (!element->IsValidForProcess(uid, pid)) return false;
810 }
811 return true;
812 }
813
IsValidForTask(pid_t tid) const814 bool TaskProfile::IsValidForTask(pid_t tid) const {
815 for (const auto& element : elements_) {
816 if (!element->IsValidForTask(tid)) return false;
817 }
818 return true;
819 }
820
DropResourceCaching(ProfileAction::ResourceCacheType cache_type) const821 void TaskProfiles::DropResourceCaching(ProfileAction::ResourceCacheType cache_type) const {
822 for (auto& iter : profiles_) {
823 iter.second->DropResourceCaching(cache_type);
824 }
825 }
826
GetInstance()827 TaskProfiles& TaskProfiles::GetInstance() {
828 // Deliberately leak this object to avoid a race between destruction on
829 // process exit and concurrent access from another thread.
830 static auto* instance = new TaskProfiles;
831 return *instance;
832 }
833
TaskProfiles()834 TaskProfiles::TaskProfiles() {
835 // load system task profiles
836 if (!Load(CgroupMap::GetInstance(), TASK_PROFILE_DB_FILE)) {
837 LOG(ERROR) << "Loading " << TASK_PROFILE_DB_FILE << " for [" << getpid() << "] failed";
838 }
839
840 // load API-level specific system task profiles if available
841 unsigned int api_level = GetUintProperty<unsigned int>("ro.product.first_api_level", 0);
842 if (api_level > 0) {
843 std::string api_profiles_path =
844 android::base::StringPrintf(TEMPLATE_TASK_PROFILE_API_FILE, api_level);
845 if (!access(api_profiles_path.c_str(), F_OK) || errno != ENOENT) {
846 if (!Load(CgroupMap::GetInstance(), api_profiles_path)) {
847 LOG(ERROR) << "Loading " << api_profiles_path << " for [" << getpid() << "] failed";
848 }
849 }
850 }
851
852 // load vendor task profiles if the file exists
853 if (!access(TASK_PROFILE_DB_VENDOR_FILE, F_OK) &&
854 !Load(CgroupMap::GetInstance(), TASK_PROFILE_DB_VENDOR_FILE)) {
855 LOG(ERROR) << "Loading " << TASK_PROFILE_DB_VENDOR_FILE << " for [" << getpid()
856 << "] failed";
857 }
858 }
859
Load(const CgroupMap & cg_map,const std::string & file_name)860 bool TaskProfiles::Load(const CgroupMap& cg_map, const std::string& file_name) {
861 std::string json_doc;
862
863 if (!android::base::ReadFileToString(file_name, &json_doc)) {
864 LOG(ERROR) << "Failed to read task profiles from " << file_name;
865 return false;
866 }
867
868 Json::CharReaderBuilder builder;
869 std::unique_ptr<Json::CharReader> reader(builder.newCharReader());
870 Json::Value root;
871 std::string errorMessage;
872 if (!reader->parse(&*json_doc.begin(), &*json_doc.end(), &root, &errorMessage)) {
873 LOG(ERROR) << "Failed to parse task profiles: " << errorMessage;
874 return false;
875 }
876
877 const Json::Value& attr = root["Attributes"];
878 for (Json::Value::ArrayIndex i = 0; i < attr.size(); ++i) {
879 std::string name = attr[i]["Name"].asString();
880 std::string controller_name = attr[i]["Controller"].asString();
881 std::string file_attr = attr[i]["File"].asString();
882 std::string file_v2_attr = attr[i]["FileV2"].asString();
883
884 if (!file_v2_attr.empty() && file_attr.empty()) {
885 LOG(ERROR) << "Attribute " << name << " has FileV2 but no File property";
886 return false;
887 }
888
889 auto controller = cg_map.FindController(controller_name);
890 if (controller.HasValue()) {
891 auto iter = attributes_.find(name);
892 if (iter == attributes_.end()) {
893 attributes_[name] =
894 std::make_unique<ProfileAttribute>(controller, file_attr, file_v2_attr);
895 } else {
896 iter->second->Reset(controller, file_attr, file_v2_attr);
897 }
898 } else {
899 LOG(WARNING) << "Controller " << controller_name << " is not found";
900 }
901 }
902
903 const Json::Value& profiles_val = root["Profiles"];
904 for (Json::Value::ArrayIndex i = 0; i < profiles_val.size(); ++i) {
905 const Json::Value& profile_val = profiles_val[i];
906
907 std::string profile_name = profile_val["Name"].asString();
908 const Json::Value& actions = profile_val["Actions"];
909 auto profile = std::make_shared<TaskProfile>(profile_name);
910
911 for (Json::Value::ArrayIndex act_idx = 0; act_idx < actions.size(); ++act_idx) {
912 const Json::Value& action_val = actions[act_idx];
913 std::string action_name = action_val["Name"].asString();
914 const Json::Value& params_val = action_val["Params"];
915 if (action_name == "JoinCgroup") {
916 std::string controller_name = params_val["Controller"].asString();
917 std::string path = params_val["Path"].asString();
918
919 auto controller = cg_map.FindController(controller_name);
920 if (controller.HasValue()) {
921 if (controller.version() == 1) {
922 profile->Add(std::make_unique<SetCgroupAction>(controller, path));
923 } else {
924 LOG(WARNING) << "A JoinCgroup action in the " << profile_name
925 << " profile is used for controller " << controller_name
926 << " in the cgroup v2 hierarchy and will be ignored";
927 }
928 } else {
929 LOG(WARNING) << "JoinCgroup: controller " << controller_name << " is not found";
930 }
931 } else if (action_name == "SetTimerSlack") {
932 const std::string slack_string = params_val["Slack"].asString();
933 std::optional<long> slack = readLong(slack_string);
934 if (slack && *slack >= 0) {
935 profile->Add(std::make_unique<SetTimerSlackAction>(*slack));
936 } else {
937 LOG(WARNING) << "SetTimerSlack: invalid parameter: " << slack_string;
938 }
939 } else if (action_name == "SetAttribute") {
940 std::string attr_name = params_val["Name"].asString();
941 std::string attr_value = params_val["Value"].asString();
942 bool optional = strcmp(params_val["Optional"].asString().c_str(), "true") == 0;
943
944 auto iter = attributes_.find(attr_name);
945 if (iter != attributes_.end()) {
946 profile->Add(std::make_unique<SetAttributeAction>(iter->second.get(),
947 attr_value, optional));
948 } else {
949 LOG(WARNING) << "SetAttribute: unknown attribute: " << attr_name;
950 }
951 } else if (action_name == "WriteFile") {
952 std::string attr_filepath = params_val["FilePath"].asString();
953 std::string attr_procfilepath = params_val["ProcFilePath"].asString();
954 std::string attr_value = params_val["Value"].asString();
955 // FilePath and Value are mandatory
956 if (!attr_filepath.empty() && !attr_value.empty()) {
957 std::string attr_logfailures = params_val["LogFailures"].asString();
958 bool logfailures = attr_logfailures.empty() || attr_logfailures == "true";
959 profile->Add(std::make_unique<WriteFileAction>(attr_filepath, attr_procfilepath,
960 attr_value, logfailures));
961 } else if (attr_filepath.empty()) {
962 LOG(WARNING) << "WriteFile: invalid parameter: "
963 << "empty filepath";
964 } else if (attr_value.empty()) {
965 LOG(WARNING) << "WriteFile: invalid parameter: "
966 << "empty value";
967 }
968 } else if (action_name == "SetSchedulerPolicy") {
969 const std::map<std::string, int> POLICY_MAP = {
970 {"SCHED_OTHER", SCHED_OTHER},
971 {"SCHED_BATCH", SCHED_BATCH},
972 {"SCHED_IDLE", SCHED_IDLE},
973 {"SCHED_FIFO", SCHED_FIFO},
974 {"SCHED_RR", SCHED_RR},
975 };
976 const std::string policy_str = params_val["Policy"].asString();
977
978 const auto it = POLICY_MAP.find(policy_str);
979 if (it == POLICY_MAP.end()) {
980 LOG(WARNING) << "SetSchedulerPolicy: invalid policy " << policy_str;
981 continue;
982 }
983
984 const int policy = it->second;
985
986 if (SetSchedulerPolicyAction::isNormalPolicy(policy)) {
987 if (params_val.isMember("Priority")) {
988 LOG(WARNING) << "SetSchedulerPolicy: Normal policies (" << policy_str
989 << ") use Nice values, not Priority values";
990 }
991
992 if (params_val.isMember("Nice")) {
993 // If present, this optional value will be passed in an additional syscall
994 // to setpriority(), since the sched_priority value must be 0 for calls to
995 // sched_setscheduler() with "normal" policies.
996 const std::string nice_string = params_val["Nice"].asString();
997 const std::optional<int> nice = readLong(nice_string);
998
999 if (!nice) {
1000 LOG(FATAL) << "Invalid nice value specified: " << nice_string;
1001 }
1002 const int LINUX_MIN_NICE = -20;
1003 const int LINUX_MAX_NICE = 19;
1004 if (*nice < LINUX_MIN_NICE || *nice > LINUX_MAX_NICE) {
1005 LOG(WARNING) << "SetSchedulerPolicy: Provided nice (" << *nice
1006 << ") appears out of range.";
1007 }
1008 profile->Add(std::make_unique<SetSchedulerPolicyAction>(policy, *nice));
1009 } else {
1010 profile->Add(std::make_unique<SetSchedulerPolicyAction>(policy));
1011 }
1012 } else {
1013 if (params_val.isMember("Nice")) {
1014 LOG(WARNING) << "SetSchedulerPolicy: Real-time policies (" << policy_str
1015 << ") use Priority values, not Nice values";
1016 }
1017
1018 // This is a "virtual priority" as described by `man 2 sched_get_priority_min`
1019 // that will be mapped onto the following range for the provided policy:
1020 // [sched_get_priority_min(), sched_get_priority_max()]
1021
1022 const std::string priority_string = params_val["Priority"].asString();
1023 std::optional<long> virtual_priority = readLong(priority_string);
1024 if (virtual_priority && *virtual_priority > 0) {
1025 int priority;
1026 if (SetSchedulerPolicyAction::toPriority(policy, *virtual_priority,
1027 priority)) {
1028 profile->Add(
1029 std::make_unique<SetSchedulerPolicyAction>(policy, priority));
1030 }
1031 } else {
1032 LOG(WARNING) << "Invalid priority value: " << priority_string;
1033 }
1034 }
1035 } else {
1036 LOG(WARNING) << "Unknown profile action: " << action_name;
1037 }
1038 }
1039 auto iter = profiles_.find(profile_name);
1040 if (iter == profiles_.end()) {
1041 profiles_[profile_name] = profile;
1042 } else {
1043 // Move the content rather that replace the profile because old profile might be
1044 // referenced from an aggregate profile if vendor overrides task profiles
1045 profile->MoveTo(iter->second.get());
1046 profile.reset();
1047 }
1048 }
1049
1050 const Json::Value& aggregateprofiles_val = root["AggregateProfiles"];
1051 for (Json::Value::ArrayIndex i = 0; i < aggregateprofiles_val.size(); ++i) {
1052 const Json::Value& aggregateprofile_val = aggregateprofiles_val[i];
1053
1054 std::string aggregateprofile_name = aggregateprofile_val["Name"].asString();
1055 const Json::Value& aggregateprofiles = aggregateprofile_val["Profiles"];
1056 std::vector<std::shared_ptr<TaskProfile>> profiles;
1057 bool ret = true;
1058
1059 for (Json::Value::ArrayIndex pf_idx = 0; pf_idx < aggregateprofiles.size(); ++pf_idx) {
1060 std::string profile_name = aggregateprofiles[pf_idx].asString();
1061
1062 if (profile_name == aggregateprofile_name) {
1063 LOG(WARNING) << "AggregateProfiles: recursive profile name: " << profile_name;
1064 ret = false;
1065 break;
1066 } else if (profiles_.find(profile_name) == profiles_.end()) {
1067 LOG(WARNING) << "AggregateProfiles: undefined profile name: " << profile_name;
1068 ret = false;
1069 break;
1070 } else {
1071 profiles.push_back(profiles_[profile_name]);
1072 }
1073 }
1074 if (ret) {
1075 auto profile = std::make_shared<TaskProfile>(aggregateprofile_name);
1076 profile->Add(std::make_unique<ApplyProfileAction>(profiles));
1077 profiles_[aggregateprofile_name] = profile;
1078 }
1079 }
1080
1081 return true;
1082 }
1083
GetProfile(std::string_view name) const1084 TaskProfile* TaskProfiles::GetProfile(std::string_view name) const {
1085 auto iter = profiles_.find(name);
1086
1087 if (iter != profiles_.end()) {
1088 return iter->second.get();
1089 }
1090 return nullptr;
1091 }
1092
GetAttribute(std::string_view name) const1093 const IProfileAttribute* TaskProfiles::GetAttribute(std::string_view name) const {
1094 auto iter = attributes_.find(name);
1095
1096 if (iter != attributes_.end()) {
1097 return iter->second.get();
1098 }
1099 return nullptr;
1100 }
1101
1102 template <typename T>
SetUserProfiles(uid_t uid,std::span<const T> profiles,bool use_fd_cache)1103 bool TaskProfiles::SetUserProfiles(uid_t uid, std::span<const T> profiles, bool use_fd_cache) {
1104 for (const auto& name : profiles) {
1105 TaskProfile* profile = GetProfile(name);
1106 if (profile != nullptr) {
1107 if (use_fd_cache) {
1108 profile->EnableResourceCaching(ProfileAction::RCT_PROCESS);
1109 }
1110 if (!profile->ExecuteForUID(uid)) {
1111 PLOG(WARNING) << "Failed to apply " << name << " process profile";
1112 }
1113 } else {
1114 PLOG(WARNING) << "Failed to find " << name << "process profile";
1115 }
1116 }
1117 return true;
1118 }
1119
1120 template <typename T>
SetProcessProfiles(uid_t uid,pid_t pid,std::span<const T> profiles,bool use_fd_cache)1121 bool TaskProfiles::SetProcessProfiles(uid_t uid, pid_t pid, std::span<const T> profiles,
1122 bool use_fd_cache) {
1123 bool success = true;
1124 for (const auto& name : profiles) {
1125 TaskProfile* profile = GetProfile(name);
1126 if (profile != nullptr) {
1127 if (use_fd_cache) {
1128 profile->EnableResourceCaching(ProfileAction::RCT_PROCESS);
1129 }
1130 if (!profile->ExecuteForProcess(uid, pid)) {
1131 LOG(WARNING) << "Failed to apply " << name << " process profile";
1132 success = false;
1133 }
1134 } else {
1135 LOG(WARNING) << "Failed to find " << name << " process profile";
1136 success = false;
1137 }
1138 }
1139 return success;
1140 }
1141
1142 template <typename T>
SetTaskProfiles(pid_t tid,std::span<const T> profiles,bool use_fd_cache)1143 bool TaskProfiles::SetTaskProfiles(pid_t tid, std::span<const T> profiles, bool use_fd_cache) {
1144 bool success = true;
1145 for (const auto& name : profiles) {
1146 TaskProfile* profile = GetProfile(name);
1147 if (profile != nullptr) {
1148 if (use_fd_cache) {
1149 profile->EnableResourceCaching(ProfileAction::RCT_TASK);
1150 }
1151 if (!profile->ExecuteForTask(tid)) {
1152 LOG(WARNING) << "Failed to apply " << name << " task profile";
1153 success = false;
1154 }
1155 } else {
1156 LOG(WARNING) << "Failed to find " << name << " task profile";
1157 success = false;
1158 }
1159 }
1160 return success;
1161 }
1162
1163 template bool TaskProfiles::SetProcessProfiles(uid_t uid, pid_t pid,
1164 std::span<const std::string> profiles,
1165 bool use_fd_cache);
1166 template bool TaskProfiles::SetProcessProfiles(uid_t uid, pid_t pid,
1167 std::span<const std::string_view> profiles,
1168 bool use_fd_cache);
1169 template bool TaskProfiles::SetTaskProfiles(pid_t tid, std::span<const std::string> profiles,
1170 bool use_fd_cache);
1171 template bool TaskProfiles::SetTaskProfiles(pid_t tid, std::span<const std::string_view> profiles,
1172 bool use_fd_cache);
1173 template bool TaskProfiles::SetUserProfiles(uid_t uid, std::span<const std::string> profiles,
1174 bool use_fd_cache);
1175