Add a wrapper binary that configures the process and executes a command.
artd needs to configure the child process before it executes a command.
However, this cannot be done between `fork` and `exec` because artd is a
multi-threaded program, and doing things between `fork` and `exec` has a
risk of deadlock. The wrapper binary is a workaround to this problem.
Bug: 229268202
Test: adb shell pm art optimize-package -m speed-profile -f \
com.google.android.youtube
Test: atest art_standalone_libarttools_tests
Test: art/tools/run-gtests.sh \
/apex/com.android.art/bin/art/x86_64/art_libarttools_tests
Test: atest ArtGtestsTargetChroot:ArtExecTest
Ignore-AOSP-First: ART Services.
Change-Id: Ifa32518afcb3802e2c9b893e9b4afba2f19572ba
diff --git a/build/apex/Android.bp b/build/apex/Android.bp
index 80acd81..d40f512 100644
--- a/build/apex/Android.bp
+++ b/build/apex/Android.bp
@@ -270,6 +270,7 @@
"libartservice",
],
binaries: [
+ "art_exec",
"artd",
],
multilib: {
diff --git a/build/apex/art_apex_test.py b/build/apex/art_apex_test.py
index 1813913..efb4c3f 100755
--- a/build/apex/art_apex_test.py
+++ b/build/apex/art_apex_test.py
@@ -549,6 +549,7 @@
# removed in Android R.
# Check binaries for ART.
+ self._checker.check_executable('art_exec')
self._checker.check_executable('artd')
self._checker.check_executable('oatdump')
self._checker.check_executable("odrefresh")
diff --git a/libarttools/Android.bp b/libarttools/Android.bp
index 6746c8e..5353285 100644
--- a/libarttools/Android.bp
+++ b/libarttools/Android.bp
@@ -49,6 +49,7 @@
art_cc_defaults {
name: "art_libarttools_tests_defaults",
srcs: [
+ "tools/art_exec_test.cc",
"tools/cmdline_builder_test.cc",
"tools/system_properties_test.cc",
"tools/tools_test.cc",
@@ -81,3 +82,38 @@
"art_libarttools_tests_defaults",
],
}
+
+// A defaults that contains libprocessgroup and all its dependencies.
+cc_defaults {
+ name: "art_libprocessgroup_defaults",
+ shared_libs: [
+ "libbase",
+ "libcgrouprc",
+ ],
+ static_libs: [
+ "libjsoncpp",
+ "libprocessgroup",
+ ],
+}
+
+cc_binary {
+ name: "art_exec",
+ defaults: [
+ "art_defaults",
+ "art_libprocessgroup_defaults",
+ ],
+ srcs: [
+ "tools/art_exec.cc",
+ ],
+ shared_libs: [
+ "libartbase",
+ "libbase",
+ ],
+ static_libs: [
+ "libcap",
+ ],
+ apex_available: [
+ "com.android.art",
+ "com.android.art.debug",
+ ],
+}
diff --git a/libarttools/tools/art_exec.cc b/libarttools/tools/art_exec.cc
new file mode 100644
index 0000000..48dadb5
--- /dev/null
+++ b/libarttools/tools/art_exec.cc
@@ -0,0 +1,155 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <sys/capability.h>
+#include <sys/resource.h>
+#include <unistd.h>
+
+#include <iostream>
+#include <iterator>
+#include <optional>
+#include <string>
+#include <string_view>
+#include <vector>
+
+#include "android-base/logging.h"
+#include "android-base/result.h"
+#include "android-base/strings.h"
+#include "base/macros.h"
+#include "base/scoped_cap.h"
+#include "processgroup/processgroup.h"
+#include "system/thread_defs.h"
+
+namespace {
+
+using ::android::base::ConsumePrefix;
+using ::android::base::Join;
+using ::android::base::Result;
+using ::android::base::Split;
+
+constexpr const char* kUsage =
+ R"(A wrapper binary that configures the process and executes a command.
+
+Usage: art_exec [OPTIONS]... -- [COMMAND]...
+
+Supported options:
+ --help: Print this text.
+ --set-task-profile=PROFILES: Apply a set of task profiles (see
+ https://source.android.com/devices/tech/perf/cgroups). Requires root access. PROFILES can be a
+ comma-separated list of task profile names.
+ --set-priority=PRIORITY: Apply the process priority. Currently, the only supported value of
+ PRIORITY is "background".
+ --drop-capabilities: Drop all root capabilities. Note that this has effect only if `art_exec` runs
+ with some root capabilities but not as the root user.
+)";
+
+constexpr int kErrorUsage = 100;
+constexpr int kErrorOther = 101;
+
+struct Options {
+ int command_pos = -1;
+ std::vector<std::string> task_profiles;
+ std::optional<int> priority = std::nullopt;
+ bool drop_capabilities = false;
+};
+
+[[noreturn]] void Usage(const std::string& error_msg) {
+ LOG(ERROR) << error_msg;
+ std::cerr << error_msg << "\n" << kUsage << "\n";
+ exit(kErrorUsage);
+}
+
+Options ParseOptions(int argc, char** argv) {
+ Options options;
+ for (int i = 1; i < argc; i++) {
+ std::string_view arg = argv[i];
+ if (arg == "--help") {
+ std::cerr << kUsage << "\n";
+ exit(0);
+ } else if (ConsumePrefix(&arg, "--set-task-profile=")) {
+ options.task_profiles = Split(std::string(arg), ",");
+ if (options.task_profiles.empty()) {
+ Usage("Empty task profile list");
+ }
+ } else if (ConsumePrefix(&arg, "--set-priority=")) {
+ if (arg == "background") {
+ options.priority = ANDROID_PRIORITY_BACKGROUND;
+ } else {
+ Usage("Unknown priority " + std::string(arg));
+ }
+ } else if (arg == "--drop-capabilities") {
+ options.drop_capabilities = true;
+ } else if (arg == "--") {
+ if (i + 1 >= argc) {
+ Usage("Missing command after '--'");
+ }
+ options.command_pos = i + 1;
+ return options;
+ } else {
+ Usage("Unknown option " + std::string(arg));
+ }
+ }
+ Usage("Missing '--'");
+}
+
+Result<void> DropInheritableCaps() {
+ art::ScopedCap cap(cap_get_proc());
+ if (cap.Get() == nullptr) {
+ return ErrnoErrorf("Failed to call cap_get_proc");
+ }
+ if (cap_clear_flag(cap.Get(), CAP_INHERITABLE) != 0) {
+ return ErrnoErrorf("Failed to call cap_clear_flag");
+ }
+ if (cap_set_proc(cap.Get()) != 0) {
+ return ErrnoErrorf("Failed to call cap_set_proc");
+ }
+ return {};
+}
+
+} // namespace
+
+int main(int argc, char** argv) {
+ android::base::InitLogging(argv);
+
+ Options options = ParseOptions(argc, argv);
+
+ if (!options.task_profiles.empty()) {
+ if (!SetTaskProfiles(/*tid=*/0, options.task_profiles)) {
+ LOG(ERROR) << "Failed to set task profile";
+ return kErrorOther;
+ }
+ }
+
+ if (options.priority.has_value()) {
+ if (setpriority(PRIO_PROCESS, /*who=*/0, options.priority.value()) != 0) {
+ PLOG(ERROR) << "Failed to setpriority";
+ return kErrorOther;
+ }
+ }
+
+ if (options.drop_capabilities) {
+ if (auto result = DropInheritableCaps(); !result.ok()) {
+ LOG(ERROR) << "Failed to drop inheritable capabilities: " << result.error();
+ return kErrorOther;
+ }
+ }
+
+ execv(argv[options.command_pos], argv + options.command_pos);
+
+ std::vector<const char*> command_args(argv + options.command_pos, argv + argc);
+ PLOG(FATAL) << "Failed to execute (" << Join(command_args, ' ') << ")";
+ UNREACHABLE();
+}
diff --git a/libarttools/tools/art_exec_test.cc b/libarttools/tools/art_exec_test.cc
new file mode 100644
index 0000000..ca55393
--- /dev/null
+++ b/libarttools/tools/art_exec_test.cc
@@ -0,0 +1,180 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <sys/capability.h>
+#include <sys/resource.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#include <csignal>
+#include <filesystem>
+#include <functional>
+#include <string>
+#include <utility>
+
+#include "android-base/file.h"
+#include "android-base/logging.h"
+#include "android-base/scopeguard.h"
+#include "base/common_art_test.h"
+#include "base/file_utils.h"
+#include "base/globals.h"
+#include "base/macros.h"
+#include "base/os.h"
+#include "base/scoped_cap.h"
+#include "exec_utils.h"
+#include "fmt/format.h"
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
+#include "system/thread_defs.h"
+
+namespace art {
+namespace {
+
+using ::android::base::make_scope_guard;
+using ::android::base::ScopeGuard;
+using ::testing::HasSubstr;
+
+// clang-tidy incorrectly complaints about the using declaration while the user-defined literal is
+// actually being used.
+using ::fmt::literals::operator""_format; // NOLINT
+
+constexpr uid_t kRoot = 0;
+constexpr uid_t kNobody = 9999;
+
+std::string GetArtBin(const std::string& name) { return "{}/bin/{}"_format(GetArtRoot(), name); }
+
+std::string GetBin(const std::string& name) { return "{}/bin/{}"_format(GetAndroidRoot(), name); }
+
+// Executes the command, waits for it to finish, and keeps it in a waitable state until the current
+// scope exits.
+std::pair<pid_t, ScopeGuard<std::function<void()>>> ScopedExecAndWait(
+ std::vector<std::string>& args) {
+ std::vector<char*> execv_args;
+ execv_args.reserve(args.size() + 1);
+ for (std::string& arg : args) {
+ execv_args.push_back(arg.data());
+ }
+ execv_args.push_back(nullptr);
+
+ pid_t pid = fork();
+ if (pid == 0) {
+ execv(execv_args[0], execv_args.data());
+ UNREACHABLE();
+ } else if (pid > 0) {
+ siginfo_t info;
+ CHECK_EQ(TEMP_FAILURE_RETRY(waitid(P_PID, pid, &info, WEXITED | WNOWAIT)), 0);
+ CHECK_EQ(info.si_code, CLD_EXITED);
+ CHECK_EQ(info.si_status, 0);
+ std::function<void()> cleanup([=] {
+ siginfo_t info;
+ CHECK_EQ(TEMP_FAILURE_RETRY(waitid(P_PID, pid, &info, WEXITED)), 0);
+ });
+ return std::make_pair(pid, make_scope_guard(std::move(cleanup)));
+ } else {
+ LOG(FATAL) << "Failed to call fork";
+ UNREACHABLE();
+ }
+}
+
+// Grants the current process the given root capability.
+void SetCap(cap_flag_t flag, cap_value_t value) {
+ ScopedCap cap(cap_get_proc());
+ CHECK_NE(cap.Get(), nullptr);
+ cap_value_t caps[]{value};
+ CHECK_EQ(cap_set_flag(cap.Get(), flag, /*ncap=*/1, caps, CAP_SET), 0);
+ CHECK_EQ(cap_set_proc(cap.Get()), 0);
+}
+
+// Returns true if the given process has the given root capability.
+bool GetCap(pid_t pid, cap_flag_t flag, cap_value_t value) {
+ ScopedCap cap(cap_get_pid(pid));
+ CHECK_NE(cap.Get(), nullptr);
+ cap_flag_value_t flag_value;
+ CHECK_EQ(cap_get_flag(cap.Get(), value, flag, &flag_value), 0);
+ return flag_value == CAP_SET;
+}
+
+class ArtExecTest : public testing::Test {
+ protected:
+ void SetUp() override {
+ testing::Test::SetUp();
+ if (!kIsTargetAndroid) {
+ GTEST_SKIP() << "art_exec is for device only";
+ }
+ if (getuid() != kRoot) {
+ GTEST_SKIP() << "art_exec requires root";
+ }
+ art_exec_bin_ = GetArtBin("art_exec");
+ }
+
+ std::string art_exec_bin_;
+};
+
+TEST_F(ArtExecTest, Command) {
+ std::string error_msg;
+ int ret = ExecAndReturnCode({art_exec_bin_, "--", GetBin("sh"), "-c", "exit 123"}, &error_msg);
+ ASSERT_EQ(ret, 123) << error_msg;
+}
+
+TEST_F(ArtExecTest, SetTaskProfiles) {
+ std::string filename = "/data/local/tmp/art-exec-test-XXXXXX";
+ ScratchFile scratch_file(new File(mkstemp(filename.data()), filename, /*check_usage=*/false));
+ ASSERT_GE(scratch_file.GetFd(), 0);
+
+ std::vector<std::string> args{art_exec_bin_,
+ "--set-task-profile=Dex2oatPerformance",
+ "--",
+ GetBin("sh"),
+ "-c",
+ "cat /proc/self/cgroup > " + filename};
+ auto [pid, scope_guard] = ScopedExecAndWait(args);
+ std::string cgroup;
+ ASSERT_TRUE(android::base::ReadFileToString(filename, &cgroup));
+ EXPECT_THAT(cgroup, HasSubstr(":cpu:/dex2oat\n"));
+}
+
+TEST_F(ArtExecTest, SetPriority) {
+ std::vector<std::string> args{art_exec_bin_, "--set-priority=background", "--", GetBin("true")};
+ auto [pid, scope_guard] = ScopedExecAndWait(args);
+ EXPECT_EQ(getpriority(PRIO_PROCESS, pid), ANDROID_PRIORITY_BACKGROUND);
+}
+
+TEST_F(ArtExecTest, DropCapabilities) {
+ // Switch to a non-root user, but still keep the CAP_FOWNER capability available and inheritable.
+ // The order of the following calls matters.
+ CHECK_EQ(cap_setuid(kNobody), 0);
+ SetCap(CAP_INHERITABLE, CAP_FOWNER);
+ SetCap(CAP_EFFECTIVE, CAP_FOWNER);
+ ASSERT_EQ(cap_set_ambient(CAP_FOWNER, CAP_SET), 0);
+
+ // Make sure the test is set up correctly (i.e., the child process should normally have the
+ // inherited root capability: CAP_FOWNER).
+ {
+ std::vector<std::string> args{art_exec_bin_, "--", GetBin("true")};
+ auto [pid, scope_guard] = ScopedExecAndWait(args);
+ ASSERT_TRUE(GetCap(pid, CAP_EFFECTIVE, CAP_FOWNER));
+ }
+
+ {
+ std::vector<std::string> args{art_exec_bin_, "--drop-capabilities", "--", GetBin("true")};
+ auto [pid, scope_guard] = ScopedExecAndWait(args);
+ EXPECT_FALSE(GetCap(pid, CAP_EFFECTIVE, CAP_FOWNER));
+ }
+}
+
+} // namespace
+} // namespace art