Commit Graph

16 Commits

Author SHA1 Message Date
Nick Kralevich c39ba5ae32 Enable hidepid=2 on /proc
Add the following mount options to the /proc filesystem:

  hidepid=2,gid=3009

This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).

Please see
  https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.

hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.

Add AID_READPROC to processes which need to access /proc entries for
other UIDs.

Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
2015-11-09 09:08:46 -08:00
Tom Cherry 984bd8323d resolved conflicts for 5caca3dd to mnc-dr-dev-plus-aosp
Change-Id: I773e514a8232b77cdd566dc36c9efc4e15f206f0
2015-09-21 14:25:34 -07:00
Tom Cherry 20391b1de5 bundle init.rc contents with its service
Bug: 23186545
Change-Id: I52616b8ab1165fdef716f9b8f958665f2308c12e
2015-08-21 10:14:43 -07:00
Andreas Gampe c165b01a8b Lmkd: Fix unused variables
For build-system CFLAGS clean-up, fix unused variables.

Change-Id: I841192e92585814b8691d544cc48433b2ca1b3d3
2014-11-24 20:32:42 -08:00
Colin Cross f8857cc24a lmkd: kill a process if zoneinfo can't be read
Opening /proc/zoneinfo may return -ENOMEM under memory pressure,
assume something needs to be killed if that happens.

Bug: 16236289
Change-Id: I25aab09f4c3f2b9e176eaaeca94fd6bd790dad4e
2014-07-14 17:41:17 -07:00
Colin Cross 16b0946da1 lmkd: kill multiple tasks
The task selected to die may be small, add its approximate size
to other_free and other_file and keep killing until all thresholds
are met.

Bug: 16236289
Change-Id: Iceeca4c63fec98cae2bf53e258f7707cea408b07
2014-07-14 17:41:17 -07:00
Colin Cross ce85d955a3 lmkd: use open instead of fopen
fopen and fgets require allocations, switch to open/read with
stack allocated buffers.

Bug: 16236289
Change-Id: I10586883fe78caf59d309eff7f7989b3e45beb7d
2014-07-14 17:41:17 -07:00
Colin Cross 1a0d9be53e lmkd: make lmkd SCHED_FIFO
If kswapd runs more than lmkd it may throw away all page cache pages
before lmkd gets a chance to kill a process.  Make lmkd SCHED_FIFO
so it can react quickly to kernel low memory notifications.

Bug: 16236289
Change-Id: I46767b4ec81ef8638d0c9e47d168a68b62e3cac5
2014-07-14 17:41:17 -07:00
Colin Cross b28ff91313 lmkd: mlock all memory
Use mlockall(MCL_FUTURE) to lock all lmkd pages in memory.  This
avoids lmkd thrashing when the system is low on memory.

As a side effect, it will also keep the .text sections of liblog, libm,
libc, and libprocessgroup in memory at all times.

Bug: 16236289
Change-Id: Idd70557efa4b1e14bc86f14220672a30f6c956e3
2014-07-14 16:39:56 -07:00
Colin Cross 9d9e62cf37 lmkd: remove libcutils from LOCAL_SHARED_LIBRARIES
While lmkd does technically use libcutils' socket.h, it only
uses a static inline.  Remove libcutils from LOCAL_SHARED_LIBRARIES
so it doesn't end up mlock'd in memory in the next patch.

Bug: 16236289
Change-Id: I744d69bfff06cb904836f64e1d5f6e530604bff4
2014-07-14 16:39:56 -07:00
Colin Cross fef9522d9b lmkd: use libprocessgroup to kill forked processes
After sending sigkill to the main process, also call into
libprocessgroup to kill any processes that were forked.

Bug: 15313911
Change-Id: I05577c6f5b70800ce0a01f480c8870c2c601afda
2014-07-09 17:24:39 -07:00
Colin Cross fbb78c6fee lmkd: pass uid from ActivityManager to lmkd
lmkd will use the uid to find processgroups and kill forked processes.

Bug: 15313911
Change-Id: I3f7bb003ccf15650cae6ebc2c042ddeb4cc796fc
2014-07-09 11:30:52 -07:00
Nick Kralevich 7d7f5e58db Make lmkd dynamically linked
Statically linked binaries cannot take advantage of ASLR,
making them less secure.

In addition, statically linked binaries consume more ram,
because shared libraries cannot be reused.

  executable size before: 87728
  executable size after:  13656

Change-Id: I9d02d865f9beeaaaadcd5009f64ac015931d4b11
2014-05-07 23:59:11 +00:00
Mark Salyzyn e6ed68bdf3 lmkd: turn on -Werror
- Deal with some -Wunused issues

Change-Id: Id037c44a0ca2d00ae10a939fb001bc24a3e9410c
2014-05-07 12:27:29 -07:00
Todd Poynor 16b6099476 low memory killer: switch to kernel oom_score_adj interface
Use oom_score_adj for setting OOM score adjustment values instead
of the older, deprecated oom_adj interface.

Change-Id: I5ba7801d4b8971be092b31ae0fd8af8c3001d613
2013-09-23 18:32:02 +00:00
Todd Poynor 3948f80f2a Add lmkd low memory killer daemon
Move kernel low memory killer logic to new daemon lmkd.  ActivityManager
communicates with this daemon over a named socket.

Change-Id: Ie957da7e9b1f7150e23c689fdadf23ff260b47be
2013-08-30 15:32:09 -07:00