A symlink for TARGET_ROOT_OUT as a post install command of a package
that is also installed to TARGET_ROOT_OUT. We hijack init.rc which
satisfies this requirement for this symlink.
Bug: 120402274
Bug: 120460755
Bug: 120509320
Bug: 120554662
Test: symlink is created
Test: make bootimage && ls -la $OUT/root/init
Change-Id: I6f1ac06ef152c36d7d7db4618d49a008338da39b
Asan requires /proc to be mounted, which means it fundamentally cannot
be used with first stage init. Given that second stage init now
contains the logic for first stage init, asan must be disabled on all
of init until this can be resolved.
Bug: 120424438
Bug: 120561310
Test: Asan builds boot
Change-Id: I24d1a0c8ecb5eb3f77435e6e36432c7b4cb97c6a
In the non-retrofit case, the metadata source partition will be
hardcoded as "super", but such a partition may not exist or may have
been overridden by super_partition=<something>. Make this work reliably
by plumbing the resolved metadata block device through, and using it any
time a partition called "super" is requested.
This also fixes a case in the first_stage_mount code that assumed that
detected a non-A/B, non-retrofit case by assuming the metadata source
partition would be called "super".
Bug: 113175337
Test: boot test on cuttlefish
Change-Id: I8ce1defb902e257eeb7170d697b378eba31faee3
Now that we have a first stage ramdisk (or use recovery in its place),
it's possible to place a vendor specific fstab along with first stage
init, removing the need for device tree modifications to have an
fstab.
Bug: 117933812
Test: hikey boots with only an fstab in first stage ramdisk
Test: blueline mainline boots with a disabled DT fstab and an fstab in recovery
Change-Id: I4460b88851557a75ba06ff795cd842e7dfb6da46
Increase size of the NETLINK_KOBJECT_UEVENT socket receive buffer to
16M. Also, use SO_RCVBUFFORCE to override any limits set by
/proc/sys/net/core/rmem_max.
We had a couple of instances, where we lost critical uevent messages due
to receive buffer overflows.
Bug: 119933843
Change-Id: I6aab183aa0194e173f9175b47c6beb0835cf6675
init add support for picking up partitions if specified by
fs_mgr_overlayfs_required_devices() as /dev/block/by-name/<partition>
Test: adb-remount-test.sh
Bug: 119885423
Change-Id: I6a4c3d9b5c2b406178f0acf0a86c52ab17209537
Even though it isn't strictly needed when not system-as-root, for
backwards compatibility, it is desired to keep this symlink.
Bug: 119851742
Test: tree-hugger
Change-Id: I47bc25ab257336f56ef09b5db6ebaf6b17daad35
This CL also adds namespace android::fs_mgr and remove FsManager* prefix
for class names. Note that android::fs_mgr::FsManagerAvbOps will be removed
in later CLs when fs_mgr doesn't rely on libavb->avb_slot_verify() to
parse vbmeta structs.
Some lingering sources for by_name_symlink_map_ are also removed.
Bug: 112103720
Test: boot crosshatch_mainline-userdebug
Change-Id: I2d1a5cc39bcd5a699da8d5539f191d8c7737c4af
NIAP certification requires that all cryptographic functions
undergo a self-test during startup to demonstrate correct
operation. This change adds such a check.
If the check fails, it will prevent the device from booting
by rebooting into the bootloader.
Bug: 119826244
Test: Built for walleye. After device booted examined dmesg and
observed logs from init showing that the new task did
start. Further, when BoringSSL is built to fail its self
check the device did stop during a normal boot and enter
the bootloader, and did so before the boot animation stopped.
Change-Id: I07a5dc73a314502c87de566bb26f4d73499d2675
This reverts commit 055347e564.
Reason for revert:
init boots with XOM now. I think this was fixed when this boringssl patch got merged in earlier this week (init has a static dependency on libcrypto):
https://boringssl-review.googlesource.com/c/boringssl/+/33245
Change-Id: I70e15fad4a194c0d2087941bba70dfcd38abe8b5
Follow up to the change made for AVB2 devices in
I19371b05912240480dc50864a2c04131258a7103.
The same consideration must be made in the fall through case, which
is taken either if AVB is completely disabled, or the dm-verity / AVB1
mechanism is used.
Bug: 113175337
Test: boot test on cuttlefish
Change-Id: I99d46a2c2630c40f5f5c02279b11e423998a1e05
init doesn't cooperate with execute-only memory just yet, so disable it
until we can determine the root cause.
Bug: 77958880
Test: Device boots.
Change-Id: Ieb78315ba1e48c9cd0d047a42951bd3fbd36641b
There can be no match when there is no APEX installed or no APEX is
providing *.rc file. Don't fail in that case.
Bug: 117403679
Test: m apex.test; m; device is is bootable
Change-Id: Ib1c607ee2c156dc236da1df7df0c6663e8d899b2
With the addition of the /dev/block/by-name/ symlinks created for the
boot_device, we no longer need to use a map to track the symlinks for
the partitions AVB needs to access.
This will help us in removing the requirement to specify which
partitions contain AVB metadata.
Bug: 117933812
Test: boot blueline_mainline with AVB
Change-Id: I1d46dba5b2fc16b2a14f861b34225ac0f2995b60
The first split of 1st/2nd stage init went a bit overboard, since it
split these even in the case of the recovery image and system-as-root,
which don't actually need the split. This change simplifies this a
bit:
system-as-root and recovery have a single combined /system/bin/init
and a symlink from /init to it.
non-system-as-root has a separate first stage init at /init on the
first stage ramdisk and a combined /system/bin/init on system.img.
Two particular benefits from this:
1) Removal of the rsync of TARGET_RAMDISK_OUT to the recovery image
2) Decrease of overall space on the recovery image since it won't have
a statically linked first stage init
This also unified the various entry points of init to depend entirely
on the arguments passed to it, instead of the hybrid of arguments and
environment variable used previously.
Bug: 80395578
Test: boot both system-as-root and non-system-as-root
Change-Id: Ic2f29b6f56b7defc80eaa0e7cd0c9107e978816f
A service with 'updatable' option can be overriden by the same service
definition in APEXes.
/system/etc/init/foo.rc:
service foo /system/bin/foo
updatable
/apex/myapex/etc/init.rc:
service foo /apex/myapex/bin/foo
override
Overriding a non-updatable (i.e. without updatable option) service
from APEXes is prohibited.
When an updatable service is started before APEXes are all activated,
the execution is delayed until when the APEXes are all activated.
Bug: 117403679
Test: m apex.test; adb push <built_apex> /data/apex; adb reboot
adb shell, then lsof -p $(pidof surfaceflinger) shows that
the process is executing
/apex/com.android.example.apex@1/bin/surfaceflinger instead of
/system/bin/surfaceflinger
Change-Id: I8a57b8e7f6da81b4d2843e261a9a935dd279067c
The following message creates unnecessary alarm:
init: Partition system_a already existed in the by-name symlink map \
with a value of \
/dev/block/platform/soc/1d84000.ufshc/by-name/system_a, new value \
/dev/block/platform/soc/1d84000.ufshc/by-name/system_a will be \
ignored.
and in the code is cited as an ERROR. The message admittedly does
point out an inefficiency by reporting multiple updates.
Test: compile
Change-Id: I388a76fa078cf9de5840930247f732d16ccb0719
When using the recovery image as a trampoline to boot the system,
first chroot from the recovery image to /first_stage_ramdisk, to
minimize differences between these two boot paths.
Primary motivation is due to the fact that the basename of each mount
point is used by device-manager to name its nodes, and the previous
code that created used /system_recovery_mount as the mount point for
system.img broke AVB. Instead of hacking around that issue, this
change unified mounting for the recovery trampoline and true first
stage ramdisk paths.
Change when relanding: the original change skipped the move mount from
/first_stage_ramdisk to / and only did a chroot instead. This was a
mistake that resulted in the subsequent move mount of /system to / to
mount over the '/' directory instead of moving that mount. This
change uses a bind mount of /first_stage_ramdisk to itself instead of
skipping the first move mount.
Bug: 114062208
Test: AVB works with blueline_mainline
Change-Id: I65207edfe98531892da2eafcbff19b438c9c64fe
Init now parses *.rc files from the APEXs when the apexd notifies the
mount event via apexd.status sysprop.
Bug: 117403679
Test: m apex.test; adb root; adb push <builtfile> /data/apex; adb reboot
adb root; adb shell setprop ctl.start apex.test; dmesg shows that init
tries to start the service which doesn't exist.
[ 47.979657] init: Could not ctl.start for 'apex.test': Cannot find '/apex/com.android.example.apex/bin/test': No such file or directory
Change-Id: I3f12355346eeb212eca4de85b6b73257283fa054
This reverts commit 56999b41af.
Reason for revert: Something is broken here; we're not switching to /system properly.
Change-Id: I777fedcfb545c11275c9cc12f99b99a2423959a0
When using the recovery image as a trampoline to boot the system,
first chroot from the recovery image to /first_stage_ramdisk, to
minimize differences between these two boot paths.
Primary motivation is due to the fact that the basename of each mount
point is used by device-manager to name its nodes, and the previous
code that created used /system_recovery_mount as the mount point for
system.img broke AVB. Instead of hacking around that issue, this
change unified mounting for the recovery trampoline and true first
stage ramdisk paths.
Bug: 114062208
Test: AVB works with blueline_mainline
Change-Id: Iffb154962b6e160150917e068f1e7d0bf7cb84e7
This patch adds another uevent-regeneration pass to the first stage
mount. When the super partition spans multiple block devices, we need
/dev/block/by-name symlinks to have been created before we begin mapping
dynamic partitions.
Bug: 116802789
Test: retrofit device boots
Change-Id: I00bb277e1d81385a457c5b4205a95d8fbe365bb2
We need to do restorecon after the cold boot, otherwise the newly
created sysfs nodes won't be labelled.
Bug: 118861992
Test: manual - do insmod, check sysfs nodes are properly labelled
Change-Id: I4bdfb4a68206724a568d8cbb6c644ba8764b5fa7
Current hwasan implementation breaks when stderr (fd 2) is missing.
Bug: 118776698
Test: hwasan boots without serial console
Change-Id: Id095a87212096526a497563adab3d7f2f9fe8ab0
Tom Cherry