1 /* 2 * Copyright 2014 Google, Inc 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <sys/cdefs.h> 20 #include <sys/types.h> 21 #include <initializer_list> 22 #include <span> 23 #include <string> 24 #include <string_view> 25 #include <vector> 26 27 __BEGIN_DECLS 28 29 static constexpr const char* CGROUPV2_HIERARCHY_NAME = "cgroup2"; 30 [[deprecated]] static constexpr const char* CGROUPV2_CONTROLLER_NAME = "cgroup2"; 31 32 bool CgroupsAvailable(); 33 bool CgroupGetControllerPath(const std::string& cgroup_name, std::string* path); 34 bool CgroupGetControllerFromPath(const std::string& path, std::string* cgroup_name); 35 bool CgroupGetAttributePath(const std::string& attr_name, std::string* path); 36 bool CgroupGetAttributePathForTask(const std::string& attr_name, pid_t tid, std::string* path); 37 38 bool SetTaskProfiles(pid_t tid, const std::vector<std::string>& profiles, 39 bool use_fd_cache = false); 40 bool SetProcessProfiles(uid_t uid, pid_t pid, const std::vector<std::string>& profiles); 41 bool SetUserProfiles(uid_t uid, const std::vector<std::string>& profiles); 42 43 __END_DECLS 44 45 bool SetTaskProfiles(pid_t tid, std::initializer_list<std::string_view> profiles, 46 bool use_fd_cache = false); 47 bool SetProcessProfiles(uid_t uid, pid_t pid, std::initializer_list<std::string_view> profiles); 48 #if _LIBCPP_STD_VER > 17 49 bool SetTaskProfiles(pid_t tid, std::span<const std::string_view> profiles, 50 bool use_fd_cache = false); 51 bool SetProcessProfiles(uid_t uid, pid_t pid, std::span<const std::string_view> profiles); 52 #endif 53 54 __BEGIN_DECLS 55 56 #ifndef __ANDROID_VNDK__ 57 58 bool SetProcessProfilesCached(uid_t uid, pid_t pid, const std::vector<std::string>& profiles); 59 60 static constexpr const char* CGROUPS_RC_PATH = "/dev/cgroup_info/cgroup.rc"; 61 62 bool UsePerAppMemcg(); 63 64 // Drop the fd cache of cgroup path. It is used for when resource caching is enabled and a process 65 // loses the access to the path, the access checking (See SetCgroupAction::EnableResourceCaching) 66 // should be active again. E.g. Zygote specialization for child process. 67 void DropTaskProfilesResourceCaching(); 68 69 // Return 0 if all processes were killed and the cgroup was successfully removed. 70 // Returns -1 in the case of an error occurring or if there are processes still running. 71 int killProcessGroup(uid_t uid, pid_t initialPid, int signal); 72 73 // Returns the same as killProcessGroup(), however it does not retry, which means 74 // that it only returns 0 in the case that the cgroup exists and it contains no processes. 75 int killProcessGroupOnce(uid_t uid, pid_t initialPid, int signal); 76 77 // Sends the provided signal to all members of a process group, but does not wait for processes to 78 // exit, or for the cgroup to be removed. Callers should also ensure that killProcessGroup is called 79 // later to ensure the cgroup is fully removed, otherwise system resources will leak. 80 // Returns true if no errors are encountered sending signals, otherwise false. 81 bool sendSignalToProcessGroup(uid_t uid, pid_t initialPid, int signal); 82 83 int createProcessGroup(uid_t uid, pid_t initialPid, bool memControl = false); 84 85 // Set various properties of a process group. For these functions to work, the process group must 86 // have been created by passing memControl=true to createProcessGroup. 87 bool setProcessGroupSwappiness(uid_t uid, pid_t initialPid, int swappiness); 88 bool setProcessGroupSoftLimit(uid_t uid, pid_t initialPid, int64_t softLimitInBytes); 89 bool setProcessGroupLimit(uid_t uid, pid_t initialPid, int64_t limitInBytes); 90 91 void removeAllEmptyProcessGroups(void); 92 93 // Provides the path for an attribute in a specific process group 94 // Returns false in case of error, true in case of success 95 bool getAttributePathForTask(const std::string& attr_name, pid_t tid, std::string* path); 96 97 // Check if a profile can be applied without failing. 98 // Returns true if it can be applied without failing, false otherwise 99 bool isProfileValidForProcess(const std::string& profile_name, uid_t uid, pid_t pid); 100 101 #endif // __ANDROID_VNDK__ 102 103 __END_DECLS 104