Commit c986346d authored Jul 28, 2025 by Kyriakos Ispoglou

ANDROID: SPED: Add vendor hooks in Scheduler



SPED (Scheduler-based Privilege Elevation Detection) a Pixel protection
that blocks privilege elevation attacks. Before scheduling a task for
execution, it checks if there is a transition to uid/euid 0 (root) and
if so, it blocks the execution.

We need to register 3 vendor hooks:
 * When a task is created in copy_process()
 * Before a task is selected for execution in __pick_next_task()
 * When a task is terminated in __put_task_struct()

The rationale on why we are using these functions can be found in the "Understanding the Linux Scheduler" tab of go/sped-cookbook

NOTE: There is already the trace_task_newtask() hook in copy_process() so we will reuse it for process creation. Therefore we will add only 2 new hooks.

1p: go/hyp-sched-lpe-detection
design (detailed): go/sped-cookbook

Bug: 403623944
Test: None

Change-Id: Iae0f223488e8c9c5050f69f11d8930ad9b14871f
Signed-off-by: Kyriakos Ispoglou <ispo@google.com>

parent bbf416a0

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 1d2171e7
· Nov 05, 2025

mentioned in commit 1d2171e7

mentioned in commit 1d2171e7cdd2d773c2468df26c9a3535a9a559f2

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 89fce139
· Nov 05, 2025

mentioned in commit 89fce139

mentioned in commit 89fce139eac2c724339595c89e1eb781eae3d6dd

Toggle commit list

Please to comment