Commit da5fbaa2 authored Jul 28, 2025 by Kyriakos Ispoglou Committed by Treehugger Robot Oct 29, 2025

ANDROID: SPED: Add vendor hooks in Scheduler



SPED (Scheduler-based Privilege Elevation Detection) a Kernel protection
that blocks privilege elevation attacks. Before scheduling a task for
execution, it checks if there is a transition to uid/euid 0 (root) and
if so, it blocks the execution.

We need to register 3 vendor hooks:
 * When a task is created in copy_process()
 * Before a task is selected for execution in __pick_next_task()
 * When a task is terminated in __put_task_struct()

The rationale on why we are using these functions can be found in the "Understanding the Linux Scheduler" tab of go/sped-cookbook

NOTE: There is already the trace_task_newtask() hook in copy_process() so we will reuse it for process creation. Therefore we will add only 2 new hooks.

1p: go/hyp-sched-lpe-detection
design (detailed): go/sped-bluedoc

Bug: 403623944
Test: None

Change-Id: Iae0f223488e8c9c5050f69f11d8930ad9b14871f
Signed-off-by: Kyriakos Ispoglou <ispo@google.com>

parent 315d114c

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit bdc81b76
· Nov 05, 2025

mentioned in commit bdc81b76

mentioned in commit bdc81b76cc3e91b2a805bff546c72244ef2504fd

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 0740c125
· Nov 05, 2025

mentioned in commit 0740c125

mentioned in commit 0740c125fc3d6da805ed6bb56c8e8750e9833c09

Toggle commit list

Please to comment