cgroup/timer_slack: fix cgroup permission errors

Since the common mounting of cpu and timer_slack into /dev/cpuctl in commit boype/kernel_tuna_jb42@f23ab45 the Android OS cannot move processes across cgoups anymore: W/SchedPolicy( 1180): add_tid_to_cgroup failed to write '5949' (Permission denied); policy=0 Fix this by implementing an 'allow_attach' handler, according to this commit: boype/kernel_tuna_jb42@bb5b603 Signed-off-by: Boy Petersen <[email protected]> Signed-off-by: Francisco Franco <[email protected]>
AirOne70 · Oct 2, 2017 · 5c0fcef · 5c0fcef
1 parent 4ea3b93
commit 5c0fcef
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/kernel/cgroup_timer_slack.c b/kernel/cgroup_timer_slack.c
@@ -58,6 +58,19 @@ static void tslack_destroy(struct cgroup_subsys *tslack_cgroup,
 	kfree(cgroup_to_tslack(cgroup));
 }
 
+static int tslack_allow_attach(struct cgroup *cgrp, struct task_struct *tsk)
+{
+	const struct cred *cred = current_cred(), *tcred;
+
+	tcred = __task_cred(tsk);
+
+	if ((current != tsk) && !capable(CAP_SYS_NICE) &&
+			cred->euid != tcred->uid && cred->euid != tcred->suid)
+		return -EACCES;
+
+	return 0;
+}
+
 static u64 tslack_read_min(struct cgroup *cgroup, struct cftype *cft)
 {
 	return cgroup_to_tslack(cgroup)->min_slack_ns;
@@ -108,6 +121,7 @@ struct cgroup_subsys timer_slack_subsys = {
 	.subsys_id	= timer_slack_subsys_id,
 	.create		= tslack_create,
 	.destroy	= tslack_destroy,
+	.allow_attach	= tslack_allow_attach,
 	.populate	= tslack_populate,
 };