cpuset: Add allow_attach hook for cpusets on android.

This patch provides a allow_attach hook for cpusets,
which resolves lots of the following logcat noise.

W SchedPolicy: add_tid_to_cgroup failed to write '2816' (Permission denied); fd=29
W ActivityManager: Failed setting process group of 2816 to 0
W System.err: java.lang.IllegalArgumentException
W System.err:    at android.os.Process.setProcessGroup(Native Method)
W System.err:    at com.android.server.am.ActivityManagerService.applyOomAdjLocked(ActivityManagerService.java:18763)
W System.err:    at com.android.server.am.ActivityManagerService.updateOomAdjLocked(ActivityManagerService.java:19028)
W System.err:    at com.android.server.am.ActivityManagerService.updateOomAdjLocked(ActivityManagerService.java:19106)
W System.err:    at com.android.server.am.ActiveServices.serviceDoneExecutingLocked(ActiveServices.java:2015)
W System.err:    at com.android.server.am.ActiveServices.publishServiceLocked(ActiveServices.java:905)
W System.err:    at com.android.server.am.ActivityManagerService.publishService(ActivityManagerService.java:16065)
W System.err:    at android.app.ActivityManagerNative.onTransact(ActivityManagerNative.java:1007)
W System.err:    at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2493)
W System.err:    at android.os.Binder.execTransact(Binder.java:453)

Bug 200260900

Change-Id: Ic1b61b2bbb7ce74c9e9422b5e22ee9078251de21
[Ported to 4.4, added commit message]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Reviewed-on: http://git-master/r/1269274
(cherry picked from commit 5554a30e1b623e14b14ae4a78e6fc0c2d84072ad)
Reviewed-on: http://git-master/r/1281179
Tested-by: Sumit Gupta <sumitg@nvidia.com>
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
Tested-by: Bibek Basu <bbasu@nvidia.com>

diff --git a/kernel/cpuset.c b/kernel/cpuset.c
index f9ec617b95c7b6a34301c540e9025e486ff2c4c0..e2e294d997e0c9b8b5f26b5626649c984ffa44db 100644 (file)
--- a/kernel/cpuset.c
+++ b/kernel/cpuset.c
@@ -2084,12 +2084,30 @@ static void cpuset_bind(struct cgroup_subsys_state *root_css)
        mutex_unlock(&cpuset_mutex);
 }
 
+static int cpuset_allow_attach(struct cgroup_taskset *tset)
+{
+       const struct cred *cred = current_cred(), *tcred;
+       struct task_struct *task;
+       struct cgroup_subsys_state *css;
+
+       cgroup_taskset_for_each(task, css, tset) {
+               tcred = __task_cred(task);
+
+               if ((current != task) && !capable(CAP_SYS_ADMIN) &&
+                    cred->euid.val != tcred->uid.val && cred->euid.val != tcred->suid.val)
+                       return -EACCES;
+       }
+
+       return 0;
+}
+
 struct cgroup_subsys cpuset_cgrp_subsys = {
        .css_alloc      = cpuset_css_alloc,
        .css_online     = cpuset_css_online,
        .css_offline    = cpuset_css_offline,
        .css_free       = cpuset_css_free,
        .can_attach     = cpuset_can_attach,
+       .allow_attach   = cpuset_allow_attach,
        .cancel_attach  = cpuset_cancel_attach,
        .attach         = cpuset_attach,
        .post_attach    = cpuset_post_attach,