New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 776291 link

Starred by 1 user
Status: Fixed
Owner:
bashi@chromium.org
Closed: Feb 2018
Cc:
picksi@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug
Hotlist-MemoryInfra



Sign in to add a comment

Reading /proc/vmstat can be denied by SELinux on Android

Project Member Reported by bashi@chromium.org, Oct 19 2017 
Chrome Version: ToT
OS: Android O

What steps will reproduce the problem?
(1) Use base::GetSystemMemoryInfoKB() somewhere in browser process.
(2) Build chrome_public_apk and install it on an Android device
(3) Launch the Chromium.app and check logcat

What is the expected result?
No SELinux warning logs.

What happens instead?
There could be following warning, depending on SELinux policy:

10-19 15:07:41.904 13644 13644 W chromium.chrome: type=1400 audit(0.0:5478): avc: denied { read } for name="vmstat" dev="proc" ino=4026533632 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc:s0 tclass=file permissive=0

Please use labels and text to provide additional information.

I want to use data from /proc/meminfo but don't need data from /proc/vmstat.
Context: https://chromium-review.googlesource.com/c/chromium/src/+/722479/2/chrome/browser/android/oom_intervention/near_oom_monitor.cc#42

Reading both /proc/meminfo and /proc/vmstat in a single function is problematic in this case. It would be nice to separate them.

For graphics-related bugs, please copy/paste the contents of the about:gpu
page at the end of this report.

Comment 1 by primiano@chromium.org, Oct 20 2017 

Thanks for reporting I filed b/68031427 against Android/Selinux.
I am quite nervous about not being able to read /proc/vmstats anymore, even if I understand that for this specific case you might not care about it.
Project Member

Comment 2 by bugdroid1@chromium.org, Oct 23 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/44871528e18ddccb978b3eb45c21f52475d7236c

commit 44871528e18ddccb978b3eb45c21f52475d7236c
Author: Kenichi Ishibashi <bashi@chromium.org>
Date: Mon Oct 23 07:12:19 2017

Separate vmstat data from SystemMemoryInfoKB

Before this CL GetSystemMemoryInfoKB() read /proc/meminfo
and /proc/vmstat. Reading these files may be denied by SELinux
policy and GetSystemMemoryInfoKB() returns true only when both
reading succeeded. For clients which only need data from one file,
this behavior is redundant and difficult to check result. This CL
separates data from /proc/vmstat into another struct.

Bug:  776291 
Change-Id: I1b32bc9cc118b6bc78d776c6dcba099fff605e90
Reviewed-on: https://chromium-review.googlesource.com/727581
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Commit-Queue: Kenichi Ishibashi <bashi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#510725}
[modify] https://crrev.com/44871528e18ddccb978b3eb45c21f52475d7236c/base/process/process_metrics.cc
[modify] https://crrev.com/44871528e18ddccb978b3eb45c21f52475d7236c/base/process/process_metrics.h
[modify] https://crrev.com/44871528e18ddccb978b3eb45c21f52475d7236c/base/process/process_metrics_linux.cc
[modify] https://crrev.com/44871528e18ddccb978b3eb45c21f52475d7236c/base/process/process_metrics_unittest.cc
[modify] https://crrev.com/44871528e18ddccb978b3eb45c21f52475d7236c/chrome/browser/ui/webui/chromeos/sys_internals/sys_internals_message_handler.cc
[modify] https://crrev.com/44871528e18ddccb978b3eb45c21f52475d7236c/content/browser/memory/swap_metrics_driver_impl_linux.cc

Comment 3 by bashi@chromium.org, Feb 20 2018

Status: Fixed (was: Assigned)
Primiano's concern totally makes sense but let me close this as the Android team thinks this WAI. We may want to open another bug for seeking alternatives.

Sign in to add a comment