2 * Copyright (c) 2017 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
24 #import "SecdWatchdog.h"
25 #include <utilities/debugging.h>
26 #include <xpc/private.h>
29 #import <CrashReporterSupport/CrashReporterSupport.h>
32 #define CPU_RUNTIME_SECONDS_BEFORE_WATCHDOG (60 * 20)
33 #define WATCHDOG_RESET_PERIOD (60 * 60 * 24)
34 #define WATCHDOG_CHECK_PERIOD (60 * 60)
35 #define WATCHDOG_CHECK_PERIOD_LEEWAY (60 * 10)
36 #define WATCHDOG_GRACEFUL_EXIT_LEEWAY (60 * 5)
38 NSString* const SecdWatchdogAllowedRuntime = @"allowed-runtime";
39 NSString* const SecdWatchdogResetPeriod = @"reset-period";
40 NSString* const SecdWatchdogCheckPeriod = @"check-period";
41 NSString* const SecdWatchdogGracefulExitTime = @"graceful-exit-time";
43 void SecdLoadWatchDog()
45 (void)[SecdWatchdog watchdog];
48 @implementation SecdWatchdog {
50 CFTimeInterval _lastCheckTime;
51 dispatch_source_t _timer;
53 long _runtimeSecondsBeforeWatchdog;
56 long _checkPeriodLeeway;
57 long _gracefulExitLeeway;
60 + (instancetype)watchdog
62 static SecdWatchdog* watchdog = nil;
63 static dispatch_once_t onceToken;
64 dispatch_once(&onceToken, ^{
65 watchdog = [[self alloc] init];
73 if (self = [super init]) {
74 _runtimeSecondsBeforeWatchdog = CPU_RUNTIME_SECONDS_BEFORE_WATCHDOG;
75 _resetPeriod = WATCHDOG_RESET_PERIOD;
76 _checkPeriod = WATCHDOG_CHECK_PERIOD;
77 _checkPeriodLeeway = WATCHDOG_CHECK_PERIOD_LEEWAY;
78 _gracefulExitLeeway = WATCHDOG_GRACEFUL_EXIT_LEEWAY;
88 @synchronized (self) {
89 struct rusage initialRusage;
90 getrusage(RUSAGE_SELF, &initialRusage);
91 _rusageBaseline = initialRusage.ru_utime.tv_sec;
92 _lastCheckTime = CFAbsoluteTimeGetCurrent();
94 __weak __typeof(self) weakSelf = self;
95 _timer = dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, 0, 0, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0));
96 dispatch_source_set_timer(_timer, DISPATCH_TIME_NOW, _checkPeriod * NSEC_PER_SEC, _checkPeriodLeeway * NSEC_PER_SEC); // run once every hour, but give the timer lots of leeway to be power friendly
97 dispatch_source_set_event_handler(_timer, ^{
98 __strong __typeof(self) strongSelf = weakSelf;
103 struct rusage currentRusage;
104 getrusage(RUSAGE_SELF, ¤tRusage);
106 @synchronized (self) {
107 if (currentRusage.ru_utime.tv_sec > strongSelf->_rusageBaseline + strongSelf->_runtimeSecondsBeforeWatchdog) {
108 seccritical("SecWatchdog: watchdog has detected securityd/secd is using too much CPU - attempting to exit gracefully");
110 WriteStackshotReport(@"securityd watchdog triggered", __sec_exception_code_Watchdog);
112 xpc_transaction_exit_clean(); // we've used too much CPU - try to exit gracefully
114 dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(strongSelf->_gracefulExitLeeway * NSEC_PER_SEC)), dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0), ^{
115 // if we still haven't exited gracefully after 5 minutes, time to die unceremoniously
116 seccritical("SecWatchdog: watchdog has failed to exit securityd/secd gracefully - exiting ungracefully");
121 CFTimeInterval currentTime = CFAbsoluteTimeGetCurrent();
122 if (currentTime > strongSelf->_lastCheckTime + strongSelf->_resetPeriod) {
123 // we made it through a 24 hour period - reset our timeout to 24 hours from now, and our cpu usage threshold to another 20 minutes
124 secinfo("SecWatchdog", "resetting watchdog monitoring interval ahead another 24 hours");
125 strongSelf->_lastCheckTime = currentTime;
126 strongSelf->_rusageBaseline = currentRusage.ru_utime.tv_sec;
131 dispatch_resume(_timer);
135 - (NSDictionary*)watchdogParameters
137 @synchronized (self) {
138 return @{ SecdWatchdogAllowedRuntime : @(_runtimeSecondsBeforeWatchdog),
139 SecdWatchdogResetPeriod : @(_resetPeriod),
140 SecdWatchdogCheckPeriod : @(_checkPeriod),
141 SecdWatchdogGracefulExitTime : @(_gracefulExitLeeway) };
145 - (BOOL)setWatchdogParameters:(NSDictionary*)parameters error:(NSError**)error
147 NSMutableArray* failedParameters = [NSMutableArray array];
148 @synchronized (self) {
149 __weak __typeof(self) weakSelf = self;
150 [parameters enumerateKeysAndObjectsUsingBlock:^(NSString* parameter, NSNumber* value, BOOL* stop) {
151 __strong __typeof(self) strongSelf = weakSelf;
156 if ([parameter isEqualToString:SecdWatchdogAllowedRuntime] && [value isKindOfClass:[NSNumber class]]) {
157 strongSelf->_runtimeSecondsBeforeWatchdog = value.longValue;
159 else if ([parameter isEqualToString:SecdWatchdogResetPeriod] && [value isKindOfClass:[NSNumber class]]) {
160 strongSelf->_resetPeriod = value.longValue;
162 else if ([parameter isEqualToString:SecdWatchdogCheckPeriod] && [value isKindOfClass:[NSNumber class]]) {
163 strongSelf->_checkPeriod = value.longValue;
165 else if ([parameter isEqualToString:SecdWatchdogGracefulExitTime] && [value isKindOfClass:[NSNumber class]]) {
166 strongSelf->_gracefulExitLeeway = value.longValue;
169 [failedParameters addObject:parameter];
173 dispatch_source_cancel(_timer);
177 [self activateTimer];
179 if (failedParameters.count > 0) {
181 *error = [NSError errorWithDomain:@"com.apple.securityd.watchdog" code:0 userInfo:@{NSLocalizedDescriptionKey : [NSString stringWithFormat:@"failed to set parameters: %@", failedParameters]}];
projects / apple / security.git / blob