aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Stultz <john.stultz@linaro.org>2017-09-07 11:47:17 -0700
committerJohn Stultz <john.stultz@linaro.org>2021-05-10 19:53:26 +0000
commitc4c21d4f61abd3e5749638bc7e79aacf6b5697a3 (patch)
tree85ebbc23fe789b492acc75b3964a2654c92071a7
parentd5ea068c6037ae62593ec4ae1e8ed8964234d809 (diff)
downloadandroid-dev-c4c21d4f61abd3e5749638bc7e79aacf6b5697a3.tar.gz
HACK: ANDROID: Allow CAP_SYS_NICE tasks to migrate processes between cgroups
This hack allows CAP_SYS_NICE tasks to have privledge to migrate other tasks between cgroups. This is used by the system_service to migrate processes between top-app, foreground, background cgroups for cputime and schedtune groups. Signed-off-by: John Stultz <john.stultz@linaro.org>
-rw-r--r--kernel/cgroup/cgroup-v1.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
index 391aa570369b..5f864be98c04 100644
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -510,7 +510,8 @@ static ssize_t __cgroup1_procs_write(struct kernfs_open_file *of,
tcred = get_task_cred(task);
if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
!uid_eq(cred->euid, tcred->uid) &&
- !uid_eq(cred->euid, tcred->suid))
+ !uid_eq(cred->euid, tcred->suid) &&
+ !ns_capable(tcred->user_ns, CAP_SYS_NICE))
ret = -EACCES;
put_cred(tcred);
if (ret)