android: Check all scheduling features for restricting sched_*affinity

Also return EPERM from the calls rather than using baseline policy's
"watched" disposition and crashing the process.

Bug: 1271302, 1272481
Change-Id: Id445544e2a67b373ee5c7239dc26d8b077cd7440
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3295904
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Eric Seckler <eseckler@chromium.org>
Cr-Commit-Position: refs/heads/main@{#944698}

content/renderer/renderer_main_platform_delegate_android.cc

@@ -5,6 +5,7 @@
 #include "content/renderer/renderer_main_platform_delegate.h"
 
 #include "base/android/build_info.h"
+#include "base/cpu_affinity_posix.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/trace_event/trace_event.h"
 #include "components/power_scheduler/power_scheduler_features.h"
@@ -39,7 +40,21 @@ bool RendererMainPlatformDelegate::EnableSandbox() {
 #if BUILDFLAG(USE_SECCOMP_BPF)
   bool allow_sched_affinity =
       base::FeatureList::IsEnabled(features::kBigLittleScheduling) ||
-      base::FeatureList::IsEnabled(power_scheduler::features::kPowerScheduler);
+      (base::HasBigCpuCores() &&
+       (base::FeatureList::IsEnabled(
+            power_scheduler::features::kPowerScheduler) ||
+        base::FeatureList::IsEnabled(
+            power_scheduler::features::kCpuAffinityRestrictToLittleCores) ||
+        base::FeatureList::IsEnabled(
+            power_scheduler::features::kPowerSchedulerThrottleIdle) ||
+        base::FeatureList::IsEnabled(
+            power_scheduler::features::
+                kPowerSchedulerThrottleIdleAndNopAnimation) ||
+        base::FeatureList::IsEnabled(
+            power_scheduler::features::
+                kWebViewCpuAffinityRestrictToLittleCores) ||
+        base::FeatureList::IsEnabled(
+            power_scheduler::features::kWebViewPowerSchedulerThrottleIdle)));
   starter.set_policy(
       std::make_unique<sandbox::BaselinePolicyAndroid>(allow_sched_affinity));
 #endif

sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc

@@ -157,7 +157,7 @@ ResultExpr BaselinePolicyAndroid::EvaluateSyscall(int sysno) const {
   if (sysno == __NR_sched_setaffinity || sysno == __NR_sched_getaffinity) {
     if (allow_sched_affinity_)
       return Allow();
-    // Otherwise, fall back to the baseline policy.
+    return Error(EPERM);
   }
 
   // Ptrace is allowed so the crash reporter can fork in a renderer

sandbox/linux/seccomp-bpf-helpers/baseline_policy_android_unittest.cc

@@ -40,20 +40,22 @@ BPF_TEST_C(BaselinePolicyAndroid, Membarrier, BaselinePolicyAndroid) {
   syscall(__NR_membarrier, 32 /* cmd */, 0 /* flags */);
 }
 
-BPF_DEATH_TEST_C(BaselinePolicyAndroid,
-                 SchedGetAffinity_Blocked,
-                 DEATH_SEGV_MESSAGE(GetErrorMessageContentForTests()),
-                 BaselinePolicyAndroid) {
+BPF_TEST_C(BaselinePolicyAndroid,
+           SchedGetAffinity_Blocked,
+           BaselinePolicyAndroid) {
   cpu_set_t set{};
+  errno = 0;
   BPF_ASSERT_EQ(-1, sched_getaffinity(0, sizeof(set), &set));
+  BPF_ASSERT_EQ(EPERM, errno);
 }
 
-BPF_DEATH_TEST_C(BaselinePolicyAndroid,
-                 SchedSetAffinity_Blocked,
-                 DEATH_SEGV_MESSAGE(GetErrorMessageContentForTests()),
-                 BaselinePolicyAndroid) {
+BPF_TEST_C(BaselinePolicyAndroid,
+           SchedSetAffinity_Blocked,
+           BaselinePolicyAndroid) {
   cpu_set_t set{};
+  errno = 0;
   BPF_ASSERT_EQ(-1, sched_setaffinity(0, sizeof(set), &set));
+  BPF_ASSERT_EQ(EPERM, errno);
 }
 
 class AllowSchedSetaffinityBaselinePoliyAndroid : public BaselinePolicyAndroid {