1 /* 2 * Copyright 2014 Google, Inc 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <sys/types.h> 20 #include <initializer_list> 21 #include <span> 22 #include <string> 23 #include <string_view> 24 #include <vector> 25 26 static constexpr std::string CGROUPV2_HIERARCHY_NAME = "cgroup2"; 27 28 bool CgroupsAvailable(); 29 bool CgroupGetControllerPath(const std::string& cgroup_name, std::string* path); 30 bool CgroupGetControllerFromPath(const std::string& path, std::string* cgroup_name); 31 bool CgroupGetAttributePath(const std::string& attr_name, std::string* path); 32 // Provides the path for an attribute in a specific process group 33 // Returns false in case of error, true in case of success 34 bool CgroupGetAttributePathForTask(const std::string& attr_name, pid_t tid, std::string* path); 35 bool CgroupGetAttributePathForProcess(std::string_view attr_name, uid_t uid, pid_t pid, 36 std::string &path); 37 38 bool SetTaskProfiles(pid_t tid, const std::vector<std::string>& profiles, 39 bool use_fd_cache = false); 40 bool SetProcessProfiles(uid_t uid, pid_t pid, const std::vector<std::string>& profiles); 41 bool SetUserProfiles(uid_t uid, const std::vector<std::string>& profiles); 42 43 bool SetTaskProfiles(pid_t tid, std::initializer_list<std::string_view> profiles, 44 bool use_fd_cache = false); 45 bool SetProcessProfiles(uid_t uid, pid_t pid, std::initializer_list<std::string_view> profiles); 46 #if _LIBCPP_STD_VER > 17 47 bool SetTaskProfiles(pid_t tid, std::span<const std::string_view> profiles, 48 bool use_fd_cache = false); 49 bool SetProcessProfiles(uid_t uid, pid_t pid, std::span<const std::string_view> profiles); 50 #endif 51 52 53 #ifndef __ANDROID_VNDK__ 54 55 bool SetProcessProfilesCached(uid_t uid, pid_t pid, const std::vector<std::string>& profiles); 56 57 bool UsePerAppMemcg(); 58 59 // Drop the fd cache of cgroup path. It is used for when resource caching is enabled and a process 60 // loses the access to the path, the access checking (See SetCgroupAction::EnableResourceCaching) 61 // should be active again. E.g. Zygote specialization for child process. 62 void DropTaskProfilesResourceCaching(); 63 64 // Return 0 if all processes were killed and the cgroup was successfully removed. 65 // Returns -1 in the case of an error occurring or if there are processes still running. 66 int killProcessGroup(uid_t uid, pid_t initialPid, int signal); 67 68 // Returns the same as killProcessGroup(), however it does not retry, which means 69 // that it only returns 0 in the case that the cgroup exists and it contains no processes. 70 int killProcessGroupOnce(uid_t uid, pid_t initialPid, int signal); 71 72 // Sends the provided signal to all members of a process group, but does not wait for processes to 73 // exit, or for the cgroup to be removed. Callers should also ensure that killProcessGroup is called 74 // later to ensure the cgroup is fully removed, otherwise system resources will leak. 75 // Returns true if no errors are encountered sending signals, otherwise false. 76 bool sendSignalToProcessGroup(uid_t uid, pid_t initialPid, int signal); 77 78 int createProcessGroup(uid_t uid, pid_t initialPid, bool memControl = false); 79 80 // Set various properties of a process group. For these functions to work, the process group must 81 // have been created by passing memControl=true to createProcessGroup. 82 [[deprecated("Unsupported in memcg v2")]] 83 bool setProcessGroupSwappiness(uid_t uid, pid_t initialPid, int swappiness); 84 bool setProcessGroupSoftLimit(uid_t uid, pid_t initialPid, int64_t softLimitInBytes); 85 bool setProcessGroupLimit(uid_t uid, pid_t initialPid, int64_t limitInBytes); 86 87 void removeAllEmptyProcessGroups(void); 88 89 // Check if a profile can be applied without failing. 90 // Returns true if it can be applied without failing, false otherwise 91 bool isProfileValidForProcess(const std::string& profile_name, uid_t uid, pid_t pid); 92 93 #endif // __ANDROID_VNDK__ 94