1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 //#define LOG_NDEBUG 0
18 #define LOG_TAG "libprocessgroup"
19
20 #include <dirent.h>
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <grp.h>
24 #include <pwd.h>
25 #include <sys/mman.h>
26 #include <sys/mount.h>
27 #include <sys/stat.h>
28 #include <sys/types.h>
29 #include <time.h>
30 #include <unistd.h>
31
32 #include <regex>
33
34 #include <android-base/file.h>
35 #include <android-base/logging.h>
36 #include <android-base/properties.h>
37 #include <android-base/stringprintf.h>
38 #include <android-base/unique_fd.h>
39 #include <android/cgrouprc.h>
40 #include <json/reader.h>
41 #include <json/value.h>
42 #include <processgroup/format/cgroup_file.h>
43 #include <processgroup/processgroup.h>
44 #include <processgroup/setup.h>
45
46 #include "cgroup_descriptor.h"
47
48 using android::base::GetUintProperty;
49 using android::base::StringPrintf;
50 using android::base::unique_fd;
51
52 namespace android {
53 namespace cgrouprc {
54
55 static constexpr const char* CGROUPS_DESC_FILE = "/etc/cgroups.json";
56 static constexpr const char* CGROUPS_DESC_VENDOR_FILE = "/vendor/etc/cgroups.json";
57
58 static constexpr const char* TEMPLATE_CGROUPS_DESC_API_FILE = "/etc/task_profiles/cgroups_%u.json";
59
ChangeDirModeAndOwner(const std::string & path,mode_t mode,const std::string & uid,const std::string & gid,bool permissive_mode=false)60 static bool ChangeDirModeAndOwner(const std::string& path, mode_t mode, const std::string& uid,
61 const std::string& gid, bool permissive_mode = false) {
62 uid_t pw_uid = -1;
63 gid_t gr_gid = -1;
64
65 if (!uid.empty()) {
66 passwd* uid_pwd = getpwnam(uid.c_str());
67 if (!uid_pwd) {
68 PLOG(ERROR) << "Unable to decode UID for '" << uid << "'";
69 return false;
70 }
71
72 pw_uid = uid_pwd->pw_uid;
73 gr_gid = -1;
74
75 if (!gid.empty()) {
76 group* gid_pwd = getgrnam(gid.c_str());
77 if (!gid_pwd) {
78 PLOG(ERROR) << "Unable to decode GID for '" << gid << "'";
79 return false;
80 }
81 gr_gid = gid_pwd->gr_gid;
82 }
83 }
84
85 auto dir = std::unique_ptr<DIR, decltype(&closedir)>(opendir(path.c_str()), closedir);
86
87 if (dir == NULL) {
88 PLOG(ERROR) << "opendir failed for " << path;
89 return false;
90 }
91
92 struct dirent* dir_entry;
93 while ((dir_entry = readdir(dir.get()))) {
94 if (!strcmp("..", dir_entry->d_name)) {
95 continue;
96 }
97
98 std::string file_path = path + "/" + dir_entry->d_name;
99
100 if (pw_uid != -1 && lchown(file_path.c_str(), pw_uid, gr_gid) < 0) {
101 PLOG(ERROR) << "lchown() failed for " << file_path;
102 return false;
103 }
104
105 if (fchmodat(AT_FDCWD, file_path.c_str(), mode, AT_SYMLINK_NOFOLLOW) != 0 &&
106 (errno != EROFS || !permissive_mode)) {
107 PLOG(ERROR) << "fchmodat() failed for " << path;
108 return false;
109 }
110 }
111
112 return true;
113 }
114
Mkdir(const std::string & path,mode_t mode,const std::string & uid,const std::string & gid)115 static bool Mkdir(const std::string& path, mode_t mode, const std::string& uid,
116 const std::string& gid) {
117 bool permissive_mode = false;
118
119 if (mode == 0) {
120 /* Allow chmod to fail */
121 permissive_mode = true;
122 mode = 0755;
123 }
124
125 if (mkdir(path.c_str(), mode) != 0) {
126 // /acct is a special case when the directory already exists
127 if (errno != EEXIST) {
128 PLOG(ERROR) << "mkdir() failed for " << path;
129 return false;
130 } else {
131 permissive_mode = true;
132 }
133 }
134
135 if (uid.empty() && permissive_mode) {
136 return true;
137 }
138
139 if (!ChangeDirModeAndOwner(path, mode, uid, gid, permissive_mode)) {
140 PLOG(ERROR) << "change of ownership or mode failed for " << path;
141 return false;
142 }
143
144 return true;
145 }
146
MergeCgroupToDescriptors(std::map<std::string,CgroupDescriptor> * descriptors,const Json::Value & cgroup,const std::string & name,const std::string & root_path,int cgroups_version)147 static void MergeCgroupToDescriptors(std::map<std::string, CgroupDescriptor>* descriptors,
148 const Json::Value& cgroup, const std::string& name,
149 const std::string& root_path, int cgroups_version) {
150 const std::string cgroup_path = cgroup["Path"].asString();
151 std::string path;
152
153 if (!root_path.empty()) {
154 path = root_path;
155 if (cgroup_path != ".") {
156 path += "/";
157 path += cgroup_path;
158 }
159 } else {
160 path = cgroup_path;
161 }
162
163 uint32_t controller_flags = 0;
164
165 if (cgroup["NeedsActivation"].isBool() && cgroup["NeedsActivation"].asBool()) {
166 controller_flags |= CGROUPRC_CONTROLLER_FLAG_NEEDS_ACTIVATION;
167 }
168
169 if (cgroup["Optional"].isBool() && cgroup["Optional"].asBool()) {
170 controller_flags |= CGROUPRC_CONTROLLER_FLAG_OPTIONAL;
171 }
172
173 CgroupDescriptor descriptor(
174 cgroups_version, name, path, std::strtoul(cgroup["Mode"].asString().c_str(), 0, 8),
175 cgroup["UID"].asString(), cgroup["GID"].asString(), controller_flags);
176
177 auto iter = descriptors->find(name);
178 if (iter == descriptors->end()) {
179 descriptors->emplace(name, descriptor);
180 } else {
181 iter->second = descriptor;
182 }
183 }
184
ReadDescriptorsFromFile(const std::string & file_name,std::map<std::string,CgroupDescriptor> * descriptors)185 static bool ReadDescriptorsFromFile(const std::string& file_name,
186 std::map<std::string, CgroupDescriptor>* descriptors) {
187 std::vector<CgroupDescriptor> result;
188 std::string json_doc;
189
190 if (!android::base::ReadFileToString(file_name, &json_doc)) {
191 PLOG(ERROR) << "Failed to read task profiles from " << file_name;
192 return false;
193 }
194
195 Json::CharReaderBuilder builder;
196 std::unique_ptr<Json::CharReader> reader(builder.newCharReader());
197 Json::Value root;
198 std::string errorMessage;
199 if (!reader->parse(&*json_doc.begin(), &*json_doc.end(), &root, &errorMessage)) {
200 LOG(ERROR) << "Failed to parse cgroups description: " << errorMessage;
201 return false;
202 }
203
204 if (root.isMember("Cgroups")) {
205 const Json::Value& cgroups = root["Cgroups"];
206 for (Json::Value::ArrayIndex i = 0; i < cgroups.size(); ++i) {
207 std::string name = cgroups[i]["Controller"].asString();
208 MergeCgroupToDescriptors(descriptors, cgroups[i], name, "", 1);
209 }
210 }
211
212 if (root.isMember("Cgroups2")) {
213 const Json::Value& cgroups2 = root["Cgroups2"];
214 std::string root_path = cgroups2["Path"].asString();
215 MergeCgroupToDescriptors(descriptors, cgroups2, CGROUPV2_CONTROLLER_NAME, "", 2);
216
217 const Json::Value& childGroups = cgroups2["Controllers"];
218 for (Json::Value::ArrayIndex i = 0; i < childGroups.size(); ++i) {
219 std::string name = childGroups[i]["Controller"].asString();
220 MergeCgroupToDescriptors(descriptors, childGroups[i], name, root_path, 2);
221 }
222 }
223
224 return true;
225 }
226
ReadDescriptors(std::map<std::string,CgroupDescriptor> * descriptors)227 static bool ReadDescriptors(std::map<std::string, CgroupDescriptor>* descriptors) {
228 // load system cgroup descriptors
229 if (!ReadDescriptorsFromFile(CGROUPS_DESC_FILE, descriptors)) {
230 return false;
231 }
232
233 // load API-level specific system cgroups descriptors if available
234 unsigned int api_level = GetUintProperty<unsigned int>("ro.product.first_api_level", 0);
235 if (api_level > 0) {
236 std::string api_cgroups_path =
237 android::base::StringPrintf(TEMPLATE_CGROUPS_DESC_API_FILE, api_level);
238 if (!access(api_cgroups_path.c_str(), F_OK) || errno != ENOENT) {
239 if (!ReadDescriptorsFromFile(api_cgroups_path, descriptors)) {
240 return false;
241 }
242 }
243 }
244
245 // load vendor cgroup descriptors if the file exists
246 if (!access(CGROUPS_DESC_VENDOR_FILE, F_OK) &&
247 !ReadDescriptorsFromFile(CGROUPS_DESC_VENDOR_FILE, descriptors)) {
248 return false;
249 }
250
251 return true;
252 }
253
254 // To avoid issues in sdk_mac build
255 #if defined(__ANDROID__)
256
IsOptionalController(const format::CgroupController * controller)257 static bool IsOptionalController(const format::CgroupController* controller) {
258 return controller->flags() & CGROUPRC_CONTROLLER_FLAG_OPTIONAL;
259 }
260
MountV2CgroupController(const CgroupDescriptor & descriptor)261 static bool MountV2CgroupController(const CgroupDescriptor& descriptor) {
262 const format::CgroupController* controller = descriptor.controller();
263
264 // /sys/fs/cgroup is created by cgroup2 with specific selinux permissions,
265 // try to create again in case the mount point is changed
266 if (!Mkdir(controller->path(), 0, "", "")) {
267 LOG(ERROR) << "Failed to create directory for " << controller->name() << " cgroup";
268 return false;
269 }
270
271 // The memory_recursiveprot mount option has been introduced by kernel commit
272 // 8a931f801340 ("mm: memcontrol: recursive memory.low protection"; v5.7). Try first to
273 // mount with that option enabled. If mounting fails because the kernel is too old,
274 // retry without that mount option.
275 if (mount("none", controller->path(), "cgroup2", MS_NODEV | MS_NOEXEC | MS_NOSUID,
276 "memory_recursiveprot") < 0) {
277 LOG(INFO) << "Mounting memcg with memory_recursiveprot failed. Retrying without.";
278 if (mount("none", controller->path(), "cgroup2", MS_NODEV | MS_NOEXEC | MS_NOSUID,
279 nullptr) < 0) {
280 PLOG(ERROR) << "Failed to mount cgroup v2";
281 return IsOptionalController(controller);
282 }
283 }
284
285 // selinux permissions change after mounting, so it's ok to change mode and owner now
286 if (!ChangeDirModeAndOwner(controller->path(), descriptor.mode(), descriptor.uid(),
287 descriptor.gid())) {
288 PLOG(ERROR) << "Change of ownership or mode failed for controller " << controller->name();
289 return IsOptionalController(controller);
290 }
291
292 return true;
293 }
294
ActivateV2CgroupController(const CgroupDescriptor & descriptor)295 static bool ActivateV2CgroupController(const CgroupDescriptor& descriptor) {
296 const format::CgroupController* controller = descriptor.controller();
297
298 if (!Mkdir(controller->path(), descriptor.mode(), descriptor.uid(), descriptor.gid())) {
299 LOG(ERROR) << "Failed to create directory for " << controller->name() << " cgroup";
300 return false;
301 }
302
303 if (controller->flags() & CGROUPRC_CONTROLLER_FLAG_NEEDS_ACTIVATION) {
304 std::string str = "+";
305 str += controller->name();
306 std::string path = controller->path();
307 path += "/cgroup.subtree_control";
308
309 if (!base::WriteStringToFile(str, path)) {
310 if (IsOptionalController(controller)) {
311 PLOG(INFO) << "Failed to activate optional controller " << controller->name();
312 return true;
313 }
314 PLOG(ERROR) << "Failed to activate controller " << controller->name();
315 return false;
316 }
317 }
318
319 return true;
320 }
321
MountV1CgroupController(const CgroupDescriptor & descriptor)322 static bool MountV1CgroupController(const CgroupDescriptor& descriptor) {
323 const format::CgroupController* controller = descriptor.controller();
324
325 // mkdir <path> [mode] [owner] [group]
326 if (!Mkdir(controller->path(), descriptor.mode(), descriptor.uid(), descriptor.gid())) {
327 LOG(ERROR) << "Failed to create directory for " << controller->name() << " cgroup";
328 return false;
329 }
330
331 // Unfortunately historically cpuset controller was mounted using a mount command
332 // different from all other controllers. This results in controller attributes not
333 // to be prepended with controller name. For example this way instead of
334 // /dev/cpuset/cpuset.cpus the attribute becomes /dev/cpuset/cpus which is what
335 // the system currently expects.
336 int res;
337 if (!strcmp(controller->name(), "cpuset")) {
338 // mount cpuset none /dev/cpuset nodev noexec nosuid
339 res = mount("none", controller->path(), controller->name(),
340 MS_NODEV | MS_NOEXEC | MS_NOSUID, nullptr);
341 } else {
342 // mount cgroup none <path> nodev noexec nosuid <controller>
343 res = mount("none", controller->path(), "cgroup", MS_NODEV | MS_NOEXEC | MS_NOSUID,
344 controller->name());
345 }
346 if (res != 0) {
347 if (IsOptionalController(controller)) {
348 PLOG(INFO) << "Failed to mount optional controller " << controller->name();
349 return true;
350 }
351 PLOG(ERROR) << "Failed to mount controller " << controller->name();
352 return false;
353 }
354 return true;
355 }
356
SetupCgroup(const CgroupDescriptor & descriptor)357 static bool SetupCgroup(const CgroupDescriptor& descriptor) {
358 const format::CgroupController* controller = descriptor.controller();
359
360 if (controller->version() == 2) {
361 if (!strcmp(controller->name(), CGROUPV2_CONTROLLER_NAME)) {
362 return MountV2CgroupController(descriptor);
363 } else {
364 return ActivateV2CgroupController(descriptor);
365 }
366 } else {
367 return MountV1CgroupController(descriptor);
368 }
369 }
370
371 #else
372
373 // Stubs for non-Android targets.
SetupCgroup(const CgroupDescriptor &)374 static bool SetupCgroup(const CgroupDescriptor&) {
375 return false;
376 }
377
378 #endif
379
WriteRcFile(const std::map<std::string,CgroupDescriptor> & descriptors)380 static bool WriteRcFile(const std::map<std::string, CgroupDescriptor>& descriptors) {
381 unique_fd fd(TEMP_FAILURE_RETRY(open(CGROUPS_RC_PATH, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC,
382 S_IRUSR | S_IRGRP | S_IROTH)));
383 if (fd < 0) {
384 PLOG(ERROR) << "open() failed for " << CGROUPS_RC_PATH;
385 return false;
386 }
387
388 format::CgroupFile fl;
389 fl.version_ = format::CgroupFile::FILE_CURR_VERSION;
390 fl.controller_count_ = descriptors.size();
391 int ret = TEMP_FAILURE_RETRY(write(fd, &fl, sizeof(fl)));
392 if (ret < 0) {
393 PLOG(ERROR) << "write() failed for " << CGROUPS_RC_PATH;
394 return false;
395 }
396
397 for (const auto& [name, descriptor] : descriptors) {
398 ret = TEMP_FAILURE_RETRY(
399 write(fd, descriptor.controller(), sizeof(format::CgroupController)));
400 if (ret < 0) {
401 PLOG(ERROR) << "write() failed for " << CGROUPS_RC_PATH;
402 return false;
403 }
404 }
405
406 return true;
407 }
408
CgroupDescriptor(uint32_t version,const std::string & name,const std::string & path,mode_t mode,const std::string & uid,const std::string & gid,uint32_t flags=0)409 CgroupDescriptor::CgroupDescriptor(uint32_t version, const std::string& name,
410 const std::string& path, mode_t mode, const std::string& uid,
411 const std::string& gid, uint32_t flags = 0)
412 : controller_(version, flags, name, path), mode_(mode), uid_(uid), gid_(gid) {}
413
set_mounted(bool mounted)414 void CgroupDescriptor::set_mounted(bool mounted) {
415 uint32_t flags = controller_.flags();
416 if (mounted) {
417 flags |= CGROUPRC_CONTROLLER_FLAG_MOUNTED;
418 } else {
419 flags &= ~CGROUPRC_CONTROLLER_FLAG_MOUNTED;
420 }
421 controller_.set_flags(flags);
422 }
423
424 } // namespace cgrouprc
425 } // namespace android
426
CgroupSetup()427 bool CgroupSetup() {
428 using namespace android::cgrouprc;
429
430 std::map<std::string, CgroupDescriptor> descriptors;
431
432 if (getpid() != 1) {
433 LOG(ERROR) << "Cgroup setup can be done only by init process";
434 return false;
435 }
436
437 // Make sure we do this only one time. No need for std::call_once because
438 // init is a single-threaded process
439 if (access(CGROUPS_RC_PATH, F_OK) == 0) {
440 LOG(WARNING) << "Attempt to call CgroupSetup() more than once";
441 return true;
442 }
443
444 // load cgroups.json file
445 if (!ReadDescriptors(&descriptors)) {
446 LOG(ERROR) << "Failed to load cgroup description file";
447 return false;
448 }
449
450 // setup cgroups
451 for (auto& [name, descriptor] : descriptors) {
452 if (SetupCgroup(descriptor)) {
453 descriptor.set_mounted(true);
454 } else {
455 // issue a warning and proceed with the next cgroup
456 LOG(WARNING) << "Failed to setup " << name << " cgroup";
457 }
458 }
459
460 // mkdir <CGROUPS_RC_DIR> 0711 system system
461 if (!Mkdir(android::base::Dirname(CGROUPS_RC_PATH), 0711, "system", "system")) {
462 LOG(ERROR) << "Failed to create directory for " << CGROUPS_RC_PATH << " file";
463 return false;
464 }
465
466 // Generate <CGROUPS_RC_FILE> file which can be directly mmapped into
467 // process memory. This optimizes performance, memory usage
468 // and limits infrormation shared with unprivileged processes
469 // to the minimum subset of information from cgroups.json
470 if (!WriteRcFile(descriptors)) {
471 LOG(ERROR) << "Failed to write " << CGROUPS_RC_PATH << " file";
472 return false;
473 }
474
475 // chmod 0644 <CGROUPS_RC_PATH>
476 if (fchmodat(AT_FDCWD, CGROUPS_RC_PATH, 0644, AT_SYMLINK_NOFOLLOW) < 0) {
477 PLOG(ERROR) << "fchmodat() failed";
478 return false;
479 }
480
481 return true;
482 }
483