-
Notifications
You must be signed in to change notification settings - Fork 20
diff: kernel CONFIG_SAMSUNG_FREECESS
The additional code in cgroup/legacy_freezer.c that Samsung added under #ifdef CONFIG_SAMSUNG_FREECESS seems to introduce custom permission checks for adding tasks to the freezer cgroup. Here's an explanation of what's going on:
-
Custom Permission Check (
freezer_can_attach):- Purpose: Samsung is adding an extra layer of control over which tasks (processes) can be added to the "freezer" cgroup. The freezer cgroup allows freezing (suspending) and thawing (resuming) processes, which is useful for power management and system control.
-
Admin Control: The logic in
freezer_can_attachenforces that only tasks with specific privileges—either the system user (EUID 1000) or root/admin (CAP_SYS_ADMIN)—are allowed to add tasks to the freezer group. If the current process (current) is not the same as the task being added and the effective user ID (EUID) isn't1000(typically the Android system user), or the task doesn't have admin privileges, the attachment is denied with an error (-EACCES). - Justification: This additional check ensures that only trusted, system-level processes can control which tasks are frozen, likely to prevent abuse or accidental suspension of critical tasks by unprivileged users or apps.
-
freezer_cancel_attach:- This function seems to act as a placeholder for error recovery in case the
freezer_can_attachfunction fails, but Samsung's implementation assumes that attaching a task to the freezer will always succeed once permission is granted. Hence, there is no need for complex restore actions here.
- This function seems to act as a placeholder for error recovery in case the
-
Samsung-Specific Control: This code introduces a Samsung-specific configuration (
CONFIG_SAMSUNG_FREECESS) that provides stricter control over the freezer cgroup than what is present in the standard kernel or GKI branches. Samsung likely wants to ensure that only authorized system processes (like Android system services) and the root user can control freezing tasks. -
Power and Resource Management: Freezing tasks is critical for managing system power and resources, especially on mobile devices like the Samsung Tab S9. By limiting which processes can be frozen (or added to the freezer group), Samsung is likely trying to prevent any untrusted or low-privilege app from suspending critical processes and causing instability or resource exhaustion.
-
Security Enhancement: This can also be viewed as a security measure, ensuring that only privileged entities (system user or admin) can manage task freezing, preventing abuse from malicious apps or unauthorized users.
Like the RKP modification you previously mentioned, this change is specific to Samsung's kernel, reflecting their customizations for device management, security, and performance optimization. The GKI kernel is intended to be a more generic, one-size-fits-all kernel for Android devices, whereas manufacturers like Samsung build upon it with features tailored to their devices' hardware and software ecosystem.
In this case, the freezer control enhancement would be unnecessary in the more generalized GKI kernel, as it is specific to how Samsung manages cgroups and tasks on their devices.