Merge "Set memlock rlimit to 64KB"
diff --git a/init/init_test.cpp b/init/init_test.cpp
index 18a08c7..1ab69ac 100644
--- a/init/init_test.cpp
+++ b/init/init_test.cpp
@@ -21,8 +21,10 @@
#include <android-base/file.h>
#include <android-base/logging.h>
#include <android-base/properties.h>
+#include <android/api-level.h>
#include <gtest/gtest.h>
#include <selinux/selinux.h>
+#include <sys/resource.h>
#include "action.h"
#include "action_manager.h"
@@ -626,6 +628,20 @@
ASSERT_EQ(1u, parser.parse_error_count());
}
+TEST(init, MemLockLimit) {
+ // Test is enforced only for U+ devices
+ if (android::base::GetIntProperty("ro.vendor.api_level", 0) < __ANDROID_API_U__) {
+ GTEST_SKIP();
+ }
+
+ // Verify we are running memlock at, or under, 64KB
+ const unsigned long max_limit = 65536;
+ struct rlimit curr_limit;
+ ASSERT_EQ(getrlimit(RLIMIT_MEMLOCK, &curr_limit), 0);
+ ASSERT_LE(curr_limit.rlim_cur, max_limit);
+ ASSERT_LE(curr_limit.rlim_max, max_limit);
+}
+
class TestCaseLogger : public ::testing::EmptyTestEventListener {
void OnTestStart(const ::testing::TestInfo& test_info) override {
#ifdef __ANDROID__
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 881564c..efad37c 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -47,6 +47,9 @@
# Allow up to 32K FDs per process
setrlimit nofile 32768 32768
+ # set RLIMIT_MEMLOCK to 64KB
+ setrlimit memlock 65536 65536
+
# Set up linker config subdirectories based on mount namespaces
mkdir /linkerconfig/bootstrap 0755
mkdir /linkerconfig/default 0755