commit 86df959afaa6794c995a51220217d6e57cc9ac2f
author Connor O'Brien <connoro@google.com> Fri Jan 03 18:44:32 2020 -0800
committer Connor O'Brien <connoro@google.com> Tue Jan 14 12:24:33 2020 -0800
tree 1221f2d9371d46f0cdc3613efe372acd93610b0b
parent 8e7f193ba70d892e1fe8f46c0311d499cd5eab8d

libtimeinstate: open maps write-only

Userspace never reads from these maps, so we can reduce the needed
permissions by opening them write-only

Test: libtimeinstate_test passes
Bug: 138317993
Change-Id: Icbd87b35dc93992e6542ae04ac1ea733b274d28a
Signed-off-by: Connor O'Brien <connoro@google.com>

libs/cputimeinstate/cputimeinstate.cpp

diff --git a/libs/cputimeinstate/cputimeinstate.cpp b/libs/cputimeinstate/cputimeinstate.cpp
index 45fea85..1590e2c 100644
--- a/libs/cputimeinstate/cputimeinstate.cpp
+++ b/libs/cputimeinstate/cputimeinstate.cpp
@@ -85,6 +85,16 @@
     return policyN1 - policyN2;
 }
 
+static int bpf_obj_get_wronly(const char *pathname) {
+    union bpf_attr attr;
+
+    memset(&attr, 0, sizeof(attr));
+    attr.pathname = ptr_to_u64((void *)pathname);
+    attr.file_flags = BPF_F_WRONLY;
+
+    return syscall(__NR_bpf, BPF_OBJ_GET, &attr, sizeof(attr));
+}
+
 static bool initGlobals() {
     std::lock_guard<std::mutex> guard(gInitializedMutex);
     if (gInitialized) return true;
@@ -153,7 +163,7 @@
 bool startTrackingUidTimes() {
     if (!initGlobals()) return false;
 
-    unique_fd fd(bpf_obj_get(BPF_FS_PATH "map_time_in_state_cpu_policy_map"));
+    unique_fd fd(bpf_obj_get_wronly(BPF_FS_PATH "map_time_in_state_cpu_policy_map"));
     if (fd < 0) return false;
 
     for (uint32_t i = 0; i < gPolicyCpus.size(); ++i) {
@@ -162,7 +172,7 @@
         }
     }
 
-    unique_fd fd2(bpf_obj_get(BPF_FS_PATH "map_time_in_state_freq_to_idx_map"));
+    unique_fd fd2(bpf_obj_get_wronly(BPF_FS_PATH "map_time_in_state_freq_to_idx_map"));
     if (fd2 < 0) return false;
     freq_idx_key_t key;
     for (uint32_t i = 0; i < gNPolicies; ++i) {