init: Fix the implementation of the task_profiles keyword
The documentation added by commit c9c0bbac5383 ("init: Add task_profiles
init command") mentions that the task_profiles keyword sets process
attributes. Make the implementation of that keyword match the
documentation.
Change-Id: Ia080132f16bfc2488f8c25176d6aed37a2c42780
Signed-off-by: Bart Van Assche <bvanassche@google.com>
diff --git a/init/README.md b/init/README.md
index 7b3d32a..6596528 100644
--- a/init/README.md
+++ b/init/README.md
@@ -368,8 +368,9 @@
given console.
`task_profiles <profile> [ <profile>\* ]`
-> Set task profiles for the process when it forks. This is designed to replace the use of
- writepid option for moving a process into a cgroup.
+> Set task profiles. Before Android U, the profiles are applied to the main thread of the service.
+ For Android U and later, the profiles are applied to the entire service process. This is designed
+ to replace the use of writepid option for moving a process into a cgroup.
`timeout_period <seconds>`
> Provide a timeout after which point the service will be killed. The oneshot keyword is respected
diff --git a/init/service.cpp b/init/service.cpp
index a633048..26b3b42 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -546,8 +546,18 @@
_exit(EXIT_FAILURE);
}
- if (task_profiles_.size() > 0 && !SetTaskProfiles(getpid(), task_profiles_)) {
- LOG(ERROR) << "failed to set task profiles";
+ if (task_profiles_.size() > 0) {
+ bool succeeded = SelinuxGetVendorAndroidVersion() < __ANDROID_API_U__
+ ?
+ // Compatibility mode: apply the task profiles to the current
+ // thread.
+ SetTaskProfiles(getpid(), task_profiles_)
+ :
+ // Apply the task profiles to the current process.
+ SetProcessProfiles(getuid(), getpid(), task_profiles_);
+ if (!succeeded) {
+ LOG(ERROR) << "failed to set task profiles";
+ }
}
// As requested, set our gid, supplemental gids, uid, context, and