Android/redroid-patches
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

android-8.1.0_r81 patches

Browse Source
This commit is contained in:
Ziyang Zhou
2023-10-05 22:44:10 +08:00
parent da422ab6de
commit 81ef272d21
20 changed files with 1232 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
android-8.1.0_r81/system/core/0001-fix-booting.patch Normal file
View File

@@ -0,0 +1,177 @@
From 4da2528fa5774e0313b3e98e703cf49d181cfa48 Mon Sep 17 00:00:00 2001
From: Ziyang Zhou <ziyang.zhou@outlook.com>
Date: Sun, 9 May 2021 23:27:12 +0800
Subject: [PATCH 1/6] fix booting
---
init/init.cpp | 15 +++++++++++++--
init/log.cpp | 2 ++
init/property_service.cpp | 1 +
init/service.cpp | 2 +-
init/util.cpp | 3 ++-
rootdir/init.rc | 21 ++++++++++-----------
6 files changed, 29 insertions(+), 15 deletions(-)
mode change 100644 => 100755 init/init.cpp
mode change 100644 => 100755 init/property_service.cpp
diff --git a/init/init.cpp b/init/init.cpp
old mode 100644
new mode 100755
index f65bfe08c..9114c4b04
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -873,6 +873,8 @@ static bool selinux_load_policy() {
}
static void selinux_initialize(bool in_kernel_domain) {
+ setenv("INIT_SELINUX_TOOK", "0", 1);
+ se_hack();
Timer t;
selinux_callback cb;
@@ -1016,6 +1018,7 @@ int main(int argc, char** argv) {
mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755");
mkdir("/dev/pts", 0755);
mkdir("/dev/socket", 0755);
+ unshare(CLONE_NEWCGROUP);
mount("devpts", "/dev/pts", "devpts", 0, NULL);
#define MAKE_STR(x) __STRING(x)
mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC));
@@ -1059,8 +1062,16 @@ int main(int argc, char** argv) {
setenv("INIT_STARTED_AT", std::to_string(start_ms).c_str(), 1);
char* path = argv[0];
- char* args[] = { path, nullptr };
- execv(path, args);
+ std::vector<const char *> args = {};
+ std::string cmdline;
+ android::base::ReadFileToString("/proc/self/cmdline", &cmdline);
+ std::replace(cmdline.begin(), cmdline.end(), '\0', ' ');
+ auto cmd_vector = android::base::Split(android::base::Trim(cmdline), " ");
+ for (const auto& entry : cmd_vector) {
+ args.push_back(entry.c_str());
+ }
+ args.push_back(nullptr);
+ execv(path, const_cast<char**>(args.data()));
// execv() only returns if an error happened, in which case we
// panic and never fall through this conditional.
diff --git a/init/log.cpp b/init/log.cpp
index 1830077e1..de2af6bae 100644
--- a/init/log.cpp
+++ b/init/log.cpp
@@ -27,6 +27,7 @@ namespace android {
namespace init {
void InitKernelLogging(char* argv[]) {
+#if 0 // HACKED
// Make stdin/stdout/stderr all point to /dev/null.
int fd = open("/sys/fs/selinux/null", O_RDWR);
if (fd == -1) {
@@ -40,6 +41,7 @@ void InitKernelLogging(char* argv[]) {
dup2(fd, 2);
if (fd > 2) close(fd);
+#endif
android::base::InitLogging(argv, &android::base::KernelLogger);
}
diff --git a/init/property_service.cpp b/init/property_service.cpp
old mode 100644
new mode 100755
index fd14bd66f..2b75834fd
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -77,6 +77,7 @@ void property_init() {
static bool check_mac_perms(const std::string& name, char* sctx, struct ucred* cr) {
+ se_hack1(true);
if (!sctx) {
return false;
}
diff --git a/init/service.cpp b/init/service.cpp
index f5e54dfda..5f017c12a 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -59,6 +59,7 @@ namespace init {
static std::string ComputeContextFromExecutable(std::string& service_name,
const std::string& service_path) {
+ se_hack1("HACKED");
std::string computed_context;
char* raw_con = nullptr;
@@ -326,7 +327,6 @@ void Service::Reap() {
if (now < time_crashed_ + 4min) {
if (++crash_count_ > 4) {
LOG(ERROR) << "critical process '" << name_ << "' exited 4 times in 4 minutes";
- panic();
}
} else {
time_crashed_ = now;
diff --git a/init/util.cpp b/init/util.cpp
index fdcb22d1c..6d2a24593 100644
--- a/init/util.cpp
+++ b/init/util.cpp
@@ -239,7 +239,8 @@ int wait_for_file(const char* filename, std::chrono::nanoseconds timeout) {
void import_kernel_cmdline(bool in_qemu,
const std::function<void(const std::string&, const std::string&, bool)>& fn) {
std::string cmdline;
- android::base::ReadFileToString("/proc/cmdline", &cmdline);
+ android::base::ReadFileToString("/proc/self/cmdline", &cmdline); // HACKED
+ std::replace(cmdline.begin(), cmdline.end(), '\0', ' '); // HACKED
for (const auto& entry : android::base::Split(android::base::Trim(cmdline), " ")) {
std::vector<std::string> pieces = android::base::Split(entry, "=");
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 2a7333563..9e61bbcdf 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -167,25 +167,25 @@ on init
# this ensures that the cpusets are present and usable, but the device's
# init.rc must actually set the correct cpus
mkdir /dev/cpuset/foreground
- copy /dev/cpuset/cpus /dev/cpuset/foreground/cpus
- copy /dev/cpuset/mems /dev/cpuset/foreground/mems
+ copy /dev/cpuset/cpuset.cpus /dev/cpuset/foreground/cpuset.cpus
+ copy /dev/cpuset/cpuset.mems /dev/cpuset/foreground/cpuset.mems
mkdir /dev/cpuset/foreground/boost
- copy /dev/cpuset/cpus /dev/cpuset/foreground/boost/cpus
- copy /dev/cpuset/mems /dev/cpuset/foreground/boost/mems
+ copy /dev/cpuset/cpuset.cpus /dev/cpuset/foreground/boost/cpuset.cpus
+ copy /dev/cpuset/cpuset.mems /dev/cpuset/foreground/boost/cpuset.mems
mkdir /dev/cpuset/background
- copy /dev/cpuset/cpus /dev/cpuset/background/cpus
- copy /dev/cpuset/mems /dev/cpuset/background/mems
+ copy /dev/cpuset/cpuset.cpus /dev/cpuset/background/cpuset.cpus
+ copy /dev/cpuset/cpuset.mems /dev/cpuset/background/cpuset.mems
# system-background is for system tasks that should only run on
# little cores, not on bigs
# to be used only by init, so don't change system-bg permissions
mkdir /dev/cpuset/system-background
- copy /dev/cpuset/cpus /dev/cpuset/system-background/cpus
- copy /dev/cpuset/mems /dev/cpuset/system-background/mems
+ copy /dev/cpuset/cpuset.cpus /dev/cpuset/system-background/cpuset.cpus
+ copy /dev/cpuset/cpuset.mems /dev/cpuset/system-background/cpuset.mems
mkdir /dev/cpuset/top-app
- copy /dev/cpuset/cpus /dev/cpuset/top-app/cpus
- copy /dev/cpuset/mems /dev/cpuset/top-app/mems
+ copy /dev/cpuset/cpuset.cpus /dev/cpuset/top-app/cpuset.cpus
+ copy /dev/cpuset/cpuset.mems /dev/cpuset/top-app/cpuset.mems
# change permissions for all cpusets we'll touch at runtime
chown system system /dev/cpuset
@@ -314,7 +314,6 @@ on post-fs
start vndservicemanager
# once everything is setup, no need to modify /
- mount rootfs rootfs / ro remount
# Mount shared so changes propagate into child namespaces
mount rootfs rootfs / shared rec
# Mount default storage into root namespace
--
2.34.1

25
android-8.1.0_r81/system/core/0002-allow-override-ro.-prop.patch Normal file
View File

@@ -0,0 +1,25 @@
From f93616ae0ec45a7c6f7efb08e3c0a98c9310743a Mon Sep 17 00:00:00 2001
From: Ziyang Zhou <ziyang.zhou@outlook.com>
Date: Sun, 9 May 2021 23:29:12 +0800
Subject: [PATCH 2/6] allow override ro.* prop
---
init/init.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/init/init.cpp b/init/init.cpp
index 9114c4b04..32186044a 100755
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -483,6 +483,8 @@ static void import_kernel_nv(const std::string& key, const std::string& value, b
strlcpy(qemu, value.c_str(), sizeof(qemu));
} else if (android::base::StartsWith(key, "androidboot.")) {
property_set("ro.boot." + key.substr(12), value);
+ } else if (android::base::StartsWith(key, "ro.")) {
+ property_set(key, value);
}
}
--
2.34.1

26
android-8.1.0_r81/system/core/0003-remove-input-subsystem.patch Normal file
View File

@@ -0,0 +1,26 @@
From 334c600f7b10f789840d5a074f51d9fc43b86552 Mon Sep 17 00:00:00 2001
From: Ziyang Zhou <ziyang.zhou@outlook.com>
Date: Thu, 24 Jun 2021 15:26:57 +0000
Subject: [PATCH 3/6] remove input subsystem
---
rootdir/ueventd.rc | 3 ---
1 file changed, 3 deletions(-)
diff --git a/rootdir/ueventd.rc b/rootdir/ueventd.rc
index eadf219b5..88e20952f 100644
--- a/rootdir/ueventd.rc
+++ b/rootdir/ueventd.rc
@@ -21,9 +21,6 @@ subsystem msm_camera
devname uevent_devpath
dirname /dev/msm_camera
-subsystem input
- devname uevent_devpath
- dirname /dev/input
subsystem mtd
devname uevent_devpath
--
2.34.1

37
android-8.1.0_r81/system/core/0004-disable-ueventd-coldboot.patch Normal file
View File

@@ -0,0 +1,37 @@
From 301aaabfeb86948ad222cf1cc37144dcced0d53e Mon Sep 17 00:00:00 2001
From: Ziyang Zhou <ziyang.zhou@outlook.com>
Date: Fri, 17 Dec 2021 22:44:33 +0800
Subject: [PATCH 4/6] disable ueventd coldboot
---
init/init.cpp | 1 -
rootdir/init.rc | 1 +
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/init/init.cpp b/init/init.cpp
index 32186044a..925e3243b 100755
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -1017,7 +1017,6 @@ int main(int argc, char** argv) {
// Get the basic filesystem setup we need put together in the initramdisk
// on / and then we'll let the rc file figure out the rest.
- mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755");
mkdir("/dev/pts", 0755);
mkdir("/dev/socket", 0755);
unshare(CLONE_NEWCGROUP);
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 9e61bbcdf..c46190d1f 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -39,6 +39,7 @@ on early-init
# cgroup for system_server and surfaceflinger
mkdir /dev/memcg/system 0550 system system
+ write /dev/.coldboot_done 1
start ueventd
on init
--
2.34.1

318
android-8.1.0_r81/system/core/0005-memfd-support.patch Normal file
View File

@@ -0,0 +1,318 @@
From 5f3272be10ea27866e5e0b30bfc921befde70ab2 Mon Sep 17 00:00:00 2001
From: Ziyang Zhou <ziyang.zhou@outlook.com>
Date: Sun, 3 Jul 2022 11:22:31 +0800
Subject: [PATCH 5/6] memfd support
---
libcutils/Android.bp | 4 +-
libcutils/{ashmem-dev.c => ashmem-dev.cpp} | 51 +++++-
libcutils/ashmem-hack.inc | 172 +++++++++++++++++++++
3 files changed, 223 insertions(+), 4 deletions(-)
rename libcutils/{ashmem-dev.c => ashmem-dev.cpp} (79%)
create mode 100644 libcutils/ashmem-hack.inc
diff --git a/libcutils/Android.bp b/libcutils/Android.bp
index d00ff5f96..93f2658c7 100644
--- a/libcutils/Android.bp
+++ b/libcutils/Android.bp
@@ -106,7 +106,7 @@ cc_library {
android: {
srcs: libcutils_nonwindows_sources + [
"android_reboot.c",
- "ashmem-dev.c",
+ "ashmem-dev.cpp",
"klog.cpp",
"partition_utils.c",
"properties.cpp",
@@ -148,7 +148,7 @@ cc_library {
},
},
- shared_libs: ["liblog"],
+ shared_libs: ["liblog", "libbase"],
header_libs: [
"libcutils_headers",
"libutils_headers",
diff --git a/libcutils/ashmem-dev.c b/libcutils/ashmem-dev.cpp
similarity index 79%
rename from libcutils/ashmem-dev.c
rename to libcutils/ashmem-dev.cpp
index b4abb79d8..137c0280c 100644
--- a/libcutils/ashmem-dev.c
+++ b/libcutils/ashmem-dev.cpp
@@ -135,8 +135,14 @@ static int __ashmem_is_ashmem(int fd, int fatal)
return -1;
}
+#include "ashmem-hack.inc"
+
int ashmem_valid(int fd)
{
+ if (has_memfd_support() && !memfd_is_ashmem(fd)) {
+ return 1;
+ }
+
return __ashmem_is_ashmem(fd, 0) >= 0;
}
@@ -151,6 +157,10 @@ int ashmem_create_region(const char *name, size_t size)
{
int ret, save_errno;
+ if (has_memfd_support()) {
+ return memfd_create_region(name ? name : "none", size);
+ }
+
int fd = __ashmem_open();
if (fd < 0) {
return fd;
@@ -182,6 +192,10 @@ error:
int ashmem_set_prot_region(int fd, int prot)
{
+ if (has_memfd_support() && !memfd_is_ashmem(fd)) {
+ return memfd_set_prot_region(fd, prot);
+ }
+
int ret = __ashmem_is_ashmem(fd, 1);
if (ret < 0) {
return ret;
@@ -192,7 +206,16 @@ int ashmem_set_prot_region(int fd, int prot)
int ashmem_pin_region(int fd, size_t offset, size_t len)
{
- struct ashmem_pin pin = { offset, len };
+ if (!pin_deprecation_warn || debug_log) {
+ ALOGE("Pinning is deprecated since Android Q. Please use trim or other methods.\n");
+ pin_deprecation_warn = true;
+ }
+
+ if (has_memfd_support() && !memfd_is_ashmem(fd)) {
+ return 0;
+ }
+
+ struct ashmem_pin pin = { static_cast<uint32_t>(offset), static_cast<uint32_t>(len) };
int ret = __ashmem_is_ashmem(fd, 1);
if (ret < 0) {
@@ -204,7 +227,16 @@ int ashmem_pin_region(int fd, size_t offset, size_t len)
int ashmem_unpin_region(int fd, size_t offset, size_t len)
{
- struct ashmem_pin pin = { offset, len };
+ if (!pin_deprecation_warn || debug_log) {
+ ALOGE("Pinning is deprecated since Android Q. Please use trim or other methods.\n");
+ pin_deprecation_warn = true;
+ }
+
+ if (has_memfd_support() && !memfd_is_ashmem(fd)) {
+ return 0;
+ }
+
+ struct ashmem_pin pin = { static_cast<uint32_t>(offset), static_cast<uint32_t>(len) };
int ret = __ashmem_is_ashmem(fd, 1);
if (ret < 0) {
@@ -216,6 +248,21 @@ int ashmem_unpin_region(int fd, size_t offset, size_t len)
int ashmem_get_size_region(int fd)
{
+ if (has_memfd_support() && !memfd_is_ashmem(fd)) {
+ struct stat sb;
+
+ if (fstat(fd, &sb) == -1) {
+ ALOGE("ashmem_get_size_region(%d): fstat failed: %s\n", fd, strerror(errno));
+ return -1;
+ }
+
+ if (debug_log) {
+ ALOGD("ashmem_get_size_region(%d): %d\n", fd, static_cast<int>(sb.st_size));
+ }
+
+ return sb.st_size;
+ }
+
int ret = __ashmem_is_ashmem(fd, 1);
if (ret < 0) {
return ret;
diff --git a/libcutils/ashmem-hack.inc b/libcutils/ashmem-hack.inc
new file mode 100644
index 000000000..8526c85be
--- /dev/null
+++ b/libcutils/ashmem-hack.inc
@@ -0,0 +1,172 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cutils/ashmem.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/ashmem.h>
+#include <linux/memfd.h>
+#include <log/log.h>
+#include <pthread.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/syscall.h>
+#include <sys/sysmacros.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <android-base/file.h>
+#include <android-base/properties.h>
+#include <android-base/strings.h>
+#include <android-base/unique_fd.h>
+
+/* Will be added to UAPI once upstream change is merged */
+#define F_SEAL_FUTURE_WRITE 0x0010
+
+/*
+ * The minimum vendor API level at and after which it is safe to use memfd.
+ * This is to facilitate deprecation of ashmem.
+ */
+#define MIN_MEMFD_VENDOR_API_LEVEL 29
+#define MIN_MEMFD_VENDOR_API_LEVEL_CHAR 'Q'
+
+/*
+ * has_memfd_support() determines if the device can use memfd. memfd support
+ * has been there for long time, but certain things in it may be missing. We
+ * check for needed support in it. Also we check if the VNDK version of
+ * libcutils being used is new enough, if its not, then we cannot use memfd
+ * since the older copies may be using ashmem so we just use ashmem. Once all
+ * Android devices that are getting updates are new enough (ex, they were
+ * originally shipped with Android release > P), then we can just use memfd and
+ * delete all ashmem code from libcutils (while preserving the interface).
+ *
+ * NOTE:
+ * The sys.use_memfd property is set by default to false in Android
+ * to temporarily disable memfd, till vendor and apps are ready for it.
+ * The main issue: either apps or vendor processes can directly make ashmem
+ * IOCTLs on FDs they receive by assuming they are ashmem, without going
+ * through libcutils. Such fds could have very well be originally created with
+ * libcutils hence they could be memfd. Thus the IOCTLs will break.
+ *
+ * Set default value of sys.use_memfd property to true once the issue is
+ * resolved, so that the code can then self-detect if kernel support is present
+ * on the device. The property can also set to true from adb shell, for
+ * debugging.
+ */
+
+static bool debug_log = false; /* set to true for verbose logging and other debug */
+static bool pin_deprecation_warn = true; /* Log the pin deprecation warning only once */
+
+
+/* Determine if memfd can be supported. This is just one-time hardwork
+ * which will be cached by the caller.
+ */
+static bool __has_memfd_support() {
+ /* Used to turn on/off the detection at runtime, in the future this
+ * property will be removed once we switch everything over to ashmem.
+ * Currently it is used only for debugging to switch the system over.
+ */
+ if (!android::base::GetBoolProperty("sys.use_memfd", false)) {
+ if (debug_log) {
+ ALOGD("sys.use_memfd=false so memfd disabled\n");
+ }
+ return false;
+ }
+
+ // Check if kernel support exists, otherwise fall back to ashmem.
+ // This code needs to build on old API levels, so we can't use the libc
+ // wrapper.
+ android::base::unique_fd fd(
+ syscall(__NR_memfd_create, "test_android_memfd", MFD_CLOEXEC | MFD_ALLOW_SEALING));
+ if (fd == -1) {
+ ALOGE("memfd_create failed: %s, no memfd support.\n", strerror(errno));
+ return false;
+ }
+
+ if (fcntl(fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE) == -1) {
+ ALOGE("fcntl(F_ADD_SEALS) failed: %s, no memfd support.\n", strerror(errno));
+ return false;
+ }
+
+ if (debug_log) {
+ ALOGD("memfd: device has memfd support, using it\n");
+ }
+ return true;
+}
+
+static bool has_memfd_support() {
+ /* memfd_supported is the initial global per-process state of what is known
+ * about memfd.
+ */
+ static bool memfd_supported = __has_memfd_support();
+
+ return memfd_supported;
+}
+
+static bool memfd_is_ashmem(int fd) {
+ static bool fd_check_error_once = false;
+
+ if (__ashmem_is_ashmem(fd, 0) == 0) {
+ if (!fd_check_error_once) {
+ ALOGE("memfd: memfd expected but ashmem fd used - please use libcutils.\n");
+ fd_check_error_once = true;
+ }
+
+ return true;
+ }
+
+ return false;
+}
+
+static int memfd_create_region(const char* name, size_t size) {
+ // This code needs to build on old API levels, so we can't use the libc
+ // wrapper.
+ android::base::unique_fd fd(syscall(__NR_memfd_create, name, MFD_CLOEXEC | MFD_ALLOW_SEALING));
+
+ if (fd == -1) {
+ ALOGE("memfd_create(%s, %zd) failed: %s\n", name, size, strerror(errno));
+ return -1;
+ }
+
+ if (ftruncate(fd, size) == -1) {
+ ALOGE("ftruncate(%s, %zd) failed for memfd creation: %s\n", name, size, strerror(errno));
+ return -1;
+ }
+
+ if (debug_log) {
+ ALOGE("memfd_create(%s, %zd) success. fd=%d\n", name, size, fd.get());
+ }
+ return fd.release();
+}
+
+static int memfd_set_prot_region(int fd, int prot) {
+ /* Only proceed if an fd needs to be write-protected */
+ if (prot & PROT_WRITE) {
+ return 0;
+ }
+
+ if (fcntl(fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE) == -1) {
+ ALOGE("memfd_set_prot_region(%d, %d): F_SEAL_FUTURE_WRITE seal failed: %s\n", fd, prot,
+ strerror(errno));
+ return -1;
+ }
+
+ return 0;
+}
--
2.34.1

32
android-8.1.0_r81/system/core/0006-fix-cpu-cgroup-mount.patch Normal file
View File

@@ -0,0 +1,32 @@
From e7d905b53f72bceafeffd5e7e3948f25bc313038 Mon Sep 17 00:00:00 2001
From: Ziyang Zhou <ziyang.zhou@outlook.com>
Date: Sun, 21 Aug 2022 11:24:11 +0800
Subject: [PATCH 6/6] fix cpu cgroup mount
---
rootdir/init.rc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/rootdir/init.rc b/rootdir/init.rc
index c46190d1f..fef98f000 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -29,6 +29,7 @@ on early-init
# Mount cgroup mount point for cpu accounting
mount cgroup none /acct cpuacct
+ mount cgroup none /acct cpu,cpuacct
mkdir /acct/uid
# root memory control cgroup, used by lmkd
@@ -155,6 +156,7 @@ on init
# Create cgroup mount points for process groups
mkdir /dev/cpuctl
mount cgroup none /dev/cpuctl cpu
+ mount cgroup none /dev/cpuctl cpu,cpuacct
chown system system /dev/cpuctl
chown system system /dev/cpuctl/tasks
chmod 0666 /dev/cpuctl/tasks
--
2.34.1