v811_spc009/frameworks/native/services/vr/performanced/main.cpp

#include <errno.h>
#include <sys/capability.h>
#include <sys/prctl.h>
#include <sys/stat.h>

#include <cutils/properties.h>
#include <cutils/sched_policy.h>
#include <log/log.h>
#include <sys/resource.h>
#include <utils/threads.h>

#include <pdx/service_dispatcher.h>
#include <private/android_filesystem_config.h>

#include "performance_service.h"

namespace {

// Annoying that sys/capability.h doesn't define this directly.
constexpr int kMaxCapNumber = (CAP_TO_INDEX(CAP_LAST_CAP) + 1);

}  // anonymous namespace

int main(int /*argc*/, char** /*argv*/) {
  int ret = -1;

  struct __user_cap_header_struct capheader;
  struct __user_cap_data_struct capdata[kMaxCapNumber];

  std::shared_ptr<android::pdx::Service> service;
  std::unique_ptr<android::pdx::ServiceDispatcher> dispatcher;

  ALOGI("Starting up...");

  // We need to be able to create endpoints with full perms.
  umask(0000);

  // Keep capabilities when switching UID to AID_SYSTEM.
  ret = prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
  CHECK_ERROR(ret < 0, error, "Failed to set KEEPCAPS: %s", strerror(errno));

  // Set UID and GID to system.
  ret = setresgid(AID_SYSTEM, AID_SYSTEM, AID_SYSTEM);
  CHECK_ERROR(ret < 0, error, "Failed to set GID: %s", strerror(errno));
  ret = setresuid(AID_SYSTEM, AID_SYSTEM, AID_SYSTEM);
  CHECK_ERROR(ret < 0, error, "Failed to set UID: %s", strerror(errno));

  // Keep CAP_SYS_NICE, allowing control of scheduler class, priority, and
  // cpuset for other tasks in the system.
  memset(&capheader, 0, sizeof(capheader));
  memset(&capdata, 0, sizeof(capdata));
  capheader.version = _LINUX_CAPABILITY_VERSION_3;
  capdata[CAP_TO_INDEX(CAP_SYS_NICE)].effective |= CAP_TO_MASK(CAP_SYS_NICE);
  capdata[CAP_TO_INDEX(CAP_SYS_NICE)].permitted |= CAP_TO_MASK(CAP_SYS_NICE);

  // Drop all caps but the ones configured above.
  ret = capset(&capheader, capdata);
  CHECK_ERROR(ret < 0, error, "Could not set capabilities: %s",
              strerror(errno));

  dispatcher = android::pdx::ServiceDispatcher::Create();
  CHECK_ERROR(!dispatcher, error, "Failed to create service dispatcher.");

  service = android::dvr::PerformanceService::Create();
  CHECK_ERROR(!service, error, "Failed to create performance service service.");
  dispatcher->AddService(service);

  ALOGI("Entering message loop.");

  ret = dispatcher->EnterDispatchLoop();
  CHECK_ERROR(ret < 0, error, "Dispatch loop exited because: %s\n",
              strerror(-ret));

error:
  return ret;
}
v811_spc009_project 4 months ago			`#include <errno.h>`
			`#include <sys/capability.h>`
			`#include <sys/prctl.h>`
			`#include <sys/stat.h>`

			`#include <cutils/properties.h>`
			`#include <cutils/sched_policy.h>`
			`#include <log/log.h>`
			`#include <sys/resource.h>`
			`#include <utils/threads.h>`

			`#include <pdx/service_dispatcher.h>`
			`#include <private/android_filesystem_config.h>`

			`#include "performance_service.h"`

			`namespace {`

			`// Annoying that sys/capability.h doesn't define this directly.`
			`constexpr int kMaxCapNumber = (CAP_TO_INDEX(CAP_LAST_CAP) + 1);`

			`} // anonymous namespace`

			`int main(int /argc/, char** /argv/) {`
			`int ret = -1;`

			`struct __user_cap_header_struct capheader;`
			`struct __user_cap_data_struct capdata[kMaxCapNumber];`

			`std::shared_ptr<android::pdx::Service> service;`
			`std::unique_ptr<android::pdx::ServiceDispatcher> dispatcher;`

			`ALOGI("Starting up...");`

			`// We need to be able to create endpoints with full perms.`
			`umask(0000);`

			`// Keep capabilities when switching UID to AID_SYSTEM.`
			`ret = prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);`
			`CHECK_ERROR(ret < 0, error, "Failed to set KEEPCAPS: %s", strerror(errno));`

			`// Set UID and GID to system.`
			`ret = setresgid(AID_SYSTEM, AID_SYSTEM, AID_SYSTEM);`
			`CHECK_ERROR(ret < 0, error, "Failed to set GID: %s", strerror(errno));`
			`ret = setresuid(AID_SYSTEM, AID_SYSTEM, AID_SYSTEM);`
			`CHECK_ERROR(ret < 0, error, "Failed to set UID: %s", strerror(errno));`

			`// Keep CAP_SYS_NICE, allowing control of scheduler class, priority, and`
			`// cpuset for other tasks in the system.`
			`memset(&capheader, 0, sizeof(capheader));`
			`memset(&capdata, 0, sizeof(capdata));`
			`capheader.version = _LINUX_CAPABILITY_VERSION_3;`
			`capdata[CAP_TO_INDEX(CAP_SYS_NICE)].effective \|= CAP_TO_MASK(CAP_SYS_NICE);`
			`capdata[CAP_TO_INDEX(CAP_SYS_NICE)].permitted \|= CAP_TO_MASK(CAP_SYS_NICE);`

			`// Drop all caps but the ones configured above.`
			`ret = capset(&capheader, capdata);`
			`CHECK_ERROR(ret < 0, error, "Could not set capabilities: %s",`
			`strerror(errno));`

			`dispatcher = android::pdx::ServiceDispatcher::Create();`
			`CHECK_ERROR(!dispatcher, error, "Failed to create service dispatcher.");`

			`service = android::dvr::PerformanceService::Create();`
			`CHECK_ERROR(!service, error, "Failed to create performance service service.");`
			`dispatcher->AddService(service);`

			`ALOGI("Entering message loop.");`

			`ret = dispatcher->EnterDispatchLoop();`
			`CHECK_ERROR(ret < 0, error, "Dispatch loop exited because: %s\n",`
			`strerror(-ret));`

			`error:`
			`return ret;`
			`}`