1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 //#define LOG_NDEBUG 0
18 #define LOG_TAG "libprocessgroup"
19
20 #include <dirent.h>
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <grp.h>
24 #include <pwd.h>
25 #include <sys/mman.h>
26 #include <sys/mount.h>
27 #include <sys/stat.h>
28 #include <sys/types.h>
29 #include <time.h>
30 #include <unistd.h>
31
32 #include <regex>
33
34 #include <android-base/file.h>
35 #include <android-base/logging.h>
36 #include <android-base/properties.h>
37 #include <android-base/stringprintf.h>
38 #include <android-base/unique_fd.h>
39 #include <android/cgrouprc.h>
40 #include <json/reader.h>
41 #include <json/value.h>
42 #include <processgroup/format/cgroup_file.h>
43 #include <processgroup/processgroup.h>
44 #include <processgroup/setup.h>
45
46 #include "cgroup_descriptor.h"
47
48 using android::base::GetBoolProperty;
49 using android::base::StringPrintf;
50 using android::base::unique_fd;
51
52 namespace android {
53 namespace cgrouprc {
54
55 static constexpr const char* CGROUPS_DESC_FILE = "/etc/cgroups.json";
56 static constexpr const char* CGROUPS_DESC_VENDOR_FILE = "/vendor/etc/cgroups.json";
57
ChangeDirModeAndOwner(const std::string & path,mode_t mode,const std::string & uid,const std::string & gid,bool permissive_mode=false)58 static bool ChangeDirModeAndOwner(const std::string& path, mode_t mode, const std::string& uid,
59 const std::string& gid, bool permissive_mode = false) {
60 uid_t pw_uid = -1;
61 gid_t gr_gid = -1;
62
63 if (!uid.empty()) {
64 passwd* uid_pwd = getpwnam(uid.c_str());
65 if (!uid_pwd) {
66 PLOG(ERROR) << "Unable to decode UID for '" << uid << "'";
67 return false;
68 }
69
70 pw_uid = uid_pwd->pw_uid;
71 gr_gid = -1;
72
73 if (!gid.empty()) {
74 group* gid_pwd = getgrnam(gid.c_str());
75 if (!gid_pwd) {
76 PLOG(ERROR) << "Unable to decode GID for '" << gid << "'";
77 return false;
78 }
79 gr_gid = gid_pwd->gr_gid;
80 }
81 }
82
83 auto dir = std::unique_ptr<DIR, decltype(&closedir)>(opendir(path.c_str()), closedir);
84
85 if (dir == NULL) {
86 PLOG(ERROR) << "opendir failed for " << path;
87 return false;
88 }
89
90 struct dirent* dir_entry;
91 while ((dir_entry = readdir(dir.get()))) {
92 if (!strcmp("..", dir_entry->d_name)) {
93 continue;
94 }
95
96 std::string file_path = path + "/" + dir_entry->d_name;
97
98 if (pw_uid != -1 && lchown(file_path.c_str(), pw_uid, gr_gid) < 0) {
99 PLOG(ERROR) << "lchown() failed for " << file_path;
100 return false;
101 }
102
103 if (fchmodat(AT_FDCWD, file_path.c_str(), mode, AT_SYMLINK_NOFOLLOW) != 0 &&
104 (errno != EROFS || !permissive_mode)) {
105 PLOG(ERROR) << "fchmodat() failed for " << path;
106 return false;
107 }
108 }
109
110 return true;
111 }
112
Mkdir(const std::string & path,mode_t mode,const std::string & uid,const std::string & gid)113 static bool Mkdir(const std::string& path, mode_t mode, const std::string& uid,
114 const std::string& gid) {
115 bool permissive_mode = false;
116
117 if (mode == 0) {
118 /* Allow chmod to fail */
119 permissive_mode = true;
120 mode = 0755;
121 }
122
123 if (mkdir(path.c_str(), mode) != 0) {
124 // /acct is a special case when the directory already exists
125 if (errno != EEXIST) {
126 PLOG(ERROR) << "mkdir() failed for " << path;
127 return false;
128 } else {
129 permissive_mode = true;
130 }
131 }
132
133 if (uid.empty() && permissive_mode) {
134 return true;
135 }
136
137 if (!ChangeDirModeAndOwner(path, mode, uid, gid, permissive_mode)) {
138 PLOG(ERROR) << "change of ownership or mode failed for " << path;
139 return false;
140 }
141
142 return true;
143 }
144
MergeCgroupToDescriptors(std::map<std::string,CgroupDescriptor> * descriptors,const Json::Value & cgroup,const std::string & name,const std::string & root_path,int cgroups_version)145 static void MergeCgroupToDescriptors(std::map<std::string, CgroupDescriptor>* descriptors,
146 const Json::Value& cgroup, const std::string& name,
147 const std::string& root_path, int cgroups_version) {
148 std::string path;
149
150 if (!root_path.empty()) {
151 path = root_path + "/" + cgroup["Path"].asString();
152 } else {
153 path = cgroup["Path"].asString();
154 }
155
156 uint32_t controller_flags = 0;
157
158 if (cgroup["NeedsActivation"].isBool() && cgroup["NeedsActivation"].asBool()) {
159 controller_flags |= CGROUPRC_CONTROLLER_FLAG_NEEDS_ACTIVATION;
160 }
161
162 CgroupDescriptor descriptor(
163 cgroups_version, name, path, std::strtoul(cgroup["Mode"].asString().c_str(), 0, 8),
164 cgroup["UID"].asString(), cgroup["GID"].asString(), controller_flags);
165
166 auto iter = descriptors->find(name);
167 if (iter == descriptors->end()) {
168 descriptors->emplace(name, descriptor);
169 } else {
170 iter->second = descriptor;
171 }
172 }
173
ReadDescriptorsFromFile(const std::string & file_name,std::map<std::string,CgroupDescriptor> * descriptors)174 static bool ReadDescriptorsFromFile(const std::string& file_name,
175 std::map<std::string, CgroupDescriptor>* descriptors) {
176 std::vector<CgroupDescriptor> result;
177 std::string json_doc;
178
179 if (!android::base::ReadFileToString(file_name, &json_doc)) {
180 PLOG(ERROR) << "Failed to read task profiles from " << file_name;
181 return false;
182 }
183
184 Json::Reader reader;
185 Json::Value root;
186 if (!reader.parse(json_doc, root)) {
187 LOG(ERROR) << "Failed to parse cgroups description: " << reader.getFormattedErrorMessages();
188 return false;
189 }
190
191 if (root.isMember("Cgroups")) {
192 const Json::Value& cgroups = root["Cgroups"];
193 for (Json::Value::ArrayIndex i = 0; i < cgroups.size(); ++i) {
194 std::string name = cgroups[i]["Controller"].asString();
195 MergeCgroupToDescriptors(descriptors, cgroups[i], name, "", 1);
196 }
197 }
198
199 if (root.isMember("Cgroups2")) {
200 const Json::Value& cgroups2 = root["Cgroups2"];
201 std::string root_path = cgroups2["Path"].asString();
202 MergeCgroupToDescriptors(descriptors, cgroups2, CGROUPV2_CONTROLLER_NAME, "", 2);
203
204 const Json::Value& childGroups = cgroups2["Controllers"];
205 for (Json::Value::ArrayIndex i = 0; i < childGroups.size(); ++i) {
206 std::string name = childGroups[i]["Controller"].asString();
207 MergeCgroupToDescriptors(descriptors, childGroups[i], name, root_path, 2);
208 }
209 }
210
211 return true;
212 }
213
ReadDescriptors(std::map<std::string,CgroupDescriptor> * descriptors)214 static bool ReadDescriptors(std::map<std::string, CgroupDescriptor>* descriptors) {
215 // load system cgroup descriptors
216 if (!ReadDescriptorsFromFile(CGROUPS_DESC_FILE, descriptors)) {
217 return false;
218 }
219
220 // load vendor cgroup descriptors if the file exists
221 if (!access(CGROUPS_DESC_VENDOR_FILE, F_OK) &&
222 !ReadDescriptorsFromFile(CGROUPS_DESC_VENDOR_FILE, descriptors)) {
223 return false;
224 }
225
226 return true;
227 }
228
229 // To avoid issues in sdk_mac build
230 #if defined(__ANDROID__)
231
SetupCgroup(const CgroupDescriptor & descriptor)232 static bool SetupCgroup(const CgroupDescriptor& descriptor) {
233 const format::CgroupController* controller = descriptor.controller();
234
235 int result;
236 if (controller->version() == 2) {
237 result = 0;
238 if (!strcmp(controller->name(), CGROUPV2_CONTROLLER_NAME)) {
239 // /sys/fs/cgroup is created by cgroup2 with specific selinux permissions,
240 // try to create again in case the mount point is changed
241 if (!Mkdir(controller->path(), 0, "", "")) {
242 LOG(ERROR) << "Failed to create directory for " << controller->name() << " cgroup";
243 return false;
244 }
245
246 result = mount("none", controller->path(), "cgroup2", MS_NODEV | MS_NOEXEC | MS_NOSUID,
247 nullptr);
248
249 // selinux permissions change after mounting, so it's ok to change mode and owner now
250 if (!ChangeDirModeAndOwner(controller->path(), descriptor.mode(), descriptor.uid(),
251 descriptor.gid())) {
252 LOG(ERROR) << "Failed to create directory for " << controller->name() << " cgroup";
253 result = -1;
254 } else {
255 LOG(ERROR) << "restored ownership for " << controller->name() << " cgroup";
256 }
257 } else {
258 if (!Mkdir(controller->path(), descriptor.mode(), descriptor.uid(), descriptor.gid())) {
259 LOG(ERROR) << "Failed to create directory for " << controller->name() << " cgroup";
260 return false;
261 }
262
263 if (controller->flags() & CGROUPRC_CONTROLLER_FLAG_NEEDS_ACTIVATION) {
264 std::string str = std::string("+") + controller->name();
265 std::string path = std::string(controller->path()) + "/cgroup.subtree_control";
266
267 if (!base::WriteStringToFile(str, path)) {
268 LOG(ERROR) << "Failed to activate controller " << controller->name();
269 return false;
270 }
271 }
272 }
273 } else {
274 // mkdir <path> [mode] [owner] [group]
275 if (!Mkdir(controller->path(), descriptor.mode(), descriptor.uid(), descriptor.gid())) {
276 LOG(ERROR) << "Failed to create directory for " << controller->name() << " cgroup";
277 return false;
278 }
279
280 // Unfortunately historically cpuset controller was mounted using a mount command
281 // different from all other controllers. This results in controller attributes not
282 // to be prepended with controller name. For example this way instead of
283 // /dev/cpuset/cpuset.cpus the attribute becomes /dev/cpuset/cpus which is what
284 // the system currently expects.
285 if (!strcmp(controller->name(), "cpuset")) {
286 // mount cpuset none /dev/cpuset nodev noexec nosuid
287 result = mount("none", controller->path(), controller->name(),
288 MS_NODEV | MS_NOEXEC | MS_NOSUID, nullptr);
289 } else {
290 // mount cgroup none <path> nodev noexec nosuid <controller>
291 result = mount("none", controller->path(), "cgroup", MS_NODEV | MS_NOEXEC | MS_NOSUID,
292 controller->name());
293 }
294 }
295
296 if (result < 0) {
297 PLOG(ERROR) << "Failed to mount " << controller->name() << " cgroup";
298 return false;
299 }
300
301 return true;
302 }
303
304 #else
305
306 // Stubs for non-Android targets.
SetupCgroup(const CgroupDescriptor &)307 static bool SetupCgroup(const CgroupDescriptor&) {
308 return false;
309 }
310
311 #endif
312
WriteRcFile(const std::map<std::string,CgroupDescriptor> & descriptors)313 static bool WriteRcFile(const std::map<std::string, CgroupDescriptor>& descriptors) {
314 unique_fd fd(TEMP_FAILURE_RETRY(open(CGROUPS_RC_PATH, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC,
315 S_IRUSR | S_IRGRP | S_IROTH)));
316 if (fd < 0) {
317 PLOG(ERROR) << "open() failed for " << CGROUPS_RC_PATH;
318 return false;
319 }
320
321 format::CgroupFile fl;
322 fl.version_ = format::CgroupFile::FILE_CURR_VERSION;
323 fl.controller_count_ = descriptors.size();
324 int ret = TEMP_FAILURE_RETRY(write(fd, &fl, sizeof(fl)));
325 if (ret < 0) {
326 PLOG(ERROR) << "write() failed for " << CGROUPS_RC_PATH;
327 return false;
328 }
329
330 for (const auto& [name, descriptor] : descriptors) {
331 ret = TEMP_FAILURE_RETRY(
332 write(fd, descriptor.controller(), sizeof(format::CgroupController)));
333 if (ret < 0) {
334 PLOG(ERROR) << "write() failed for " << CGROUPS_RC_PATH;
335 return false;
336 }
337 }
338
339 return true;
340 }
341
CgroupDescriptor(uint32_t version,const std::string & name,const std::string & path,mode_t mode,const std::string & uid,const std::string & gid,uint32_t flags=0)342 CgroupDescriptor::CgroupDescriptor(uint32_t version, const std::string& name,
343 const std::string& path, mode_t mode, const std::string& uid,
344 const std::string& gid, uint32_t flags = 0)
345 : controller_(version, flags, name, path), mode_(mode), uid_(uid), gid_(gid) {}
346
set_mounted(bool mounted)347 void CgroupDescriptor::set_mounted(bool mounted) {
348 uint32_t flags = controller_.flags();
349 if (mounted) {
350 flags |= CGROUPRC_CONTROLLER_FLAG_MOUNTED;
351 } else {
352 flags &= ~CGROUPRC_CONTROLLER_FLAG_MOUNTED;
353 }
354 controller_.set_flags(flags);
355 }
356
357 } // namespace cgrouprc
358 } // namespace android
359
CgroupSetup()360 bool CgroupSetup() {
361 using namespace android::cgrouprc;
362
363 std::map<std::string, CgroupDescriptor> descriptors;
364
365 if (getpid() != 1) {
366 LOG(ERROR) << "Cgroup setup can be done only by init process";
367 return false;
368 }
369
370 // Make sure we do this only one time. No need for std::call_once because
371 // init is a single-threaded process
372 if (access(CGROUPS_RC_PATH, F_OK) == 0) {
373 LOG(WARNING) << "Attempt to call SetupCgroups more than once";
374 return true;
375 }
376
377 // load cgroups.json file
378 if (!ReadDescriptors(&descriptors)) {
379 LOG(ERROR) << "Failed to load cgroup description file";
380 return false;
381 }
382
383 // setup cgroups
384 for (auto& [name, descriptor] : descriptors) {
385 if (SetupCgroup(descriptor)) {
386 descriptor.set_mounted(true);
387 } else {
388 // issue a warning and proceed with the next cgroup
389 LOG(WARNING) << "Failed to setup " << name << " cgroup";
390 }
391 }
392
393 // mkdir <CGROUPS_RC_DIR> 0711 system system
394 if (!Mkdir(android::base::Dirname(CGROUPS_RC_PATH), 0711, "system", "system")) {
395 LOG(ERROR) << "Failed to create directory for " << CGROUPS_RC_PATH << " file";
396 return false;
397 }
398
399 // Generate <CGROUPS_RC_FILE> file which can be directly mmapped into
400 // process memory. This optimizes performance, memory usage
401 // and limits infrormation shared with unprivileged processes
402 // to the minimum subset of information from cgroups.json
403 if (!WriteRcFile(descriptors)) {
404 LOG(ERROR) << "Failed to write " << CGROUPS_RC_PATH << " file";
405 return false;
406 }
407
408 // chmod 0644 <CGROUPS_RC_PATH>
409 if (fchmodat(AT_FDCWD, CGROUPS_RC_PATH, 0644, AT_SYMLINK_NOFOLLOW) < 0) {
410 PLOG(ERROR) << "fchmodat() failed";
411 return false;
412 }
413
414 return true;
415 }
416