* Remove the Parser singleton (Hooray!)
* Rename parser.* to tokenizer.* as this is actually a tokenizer
* Rename init_parser.* to parser.* as this is a generic parser
* Move contents of init_parser_test.cpp to service_test.cpp as this
actually is a test of the parsing in MakeExecOneshotService() and
nothing related to (init_)parser.cpp
Test: boot bullhead
Test: bool sailfish
Test: init unit tests
Change-Id: I4fe39e6483f58ebd3ce5ee715a45dbba0acf5d91
prctl(PR_SET_SECUREBITS, ...) expects an unsigned long as its 2nd argument.
Passing in a int64_t happens to work with a 64-bit kernel, but does not
work with a 32-bit kernel.
Bug: 63680332
Test: boot 32-bit kernel; verify services with capabilities can successfully
set those capabilties
Change-Id: I60250d107a77b54b2e9fe3419b4480b921c7e2f8
Signed-off-by: Ben Fennema <fennema@google.com>
Currently, the order that we kill to services during shutdown is the
order of services_ in ServiceManager and that is defacto the order in
which they were parsed, which is not a very useful ordering.
Related to this, we have seen a few issues during shutdown that may be
related to services with dependencies on other services, where the
dependency is killed first and the dependent service then misbehaves.
This change allows services to keep track of the order in which they
were started and shutdown then uses that information to kill running
services in the opposite order that they were started.
Bug: 64067984
Test: Boot and reboot bullhead
Change-Id: I6b4cacb03aed2a72ae98a346bce41ed5434a09c2
We've blown up twice in init due to the unsigned integer overflow
sanitizer despite the overflows in question being both defined and
intentional.
Test: boot
Change-Id: I08effe3202ac1367d858982ff5478b3a088bab37
Latest device has rootfs instead of "/system" mount point
Bug: 37737296
Test: adb remount, reboot, and check log
Change-Id: I315ecf71e85255fc55c3a80619920b456bad0956
clang is the default compiler since Android nougat
Test: mma & verified it´s still build with clang
Change-Id: I34adaeef2f6558a09f26027271222bad94780507
Signed-off-by: Lennart Wieboldt <lennart.1997@gmx.de>
Setting androidboot.seccomp=global on the kernel command line shall
enable seccomp for all processes rather than just in zygote. Doing
this has a performance impact, for now it shall just be used to audit
syscall usage during testing.
Bug: 37960259
Change-Id: I6b9fc95e9bec5e2bcfe6ef0b4343a5b422e30152
Recent change in init has bring normal shutdown sequence in
thermal-shutdown condition. This CL will make sure init fire shutdown
trigger where holds custom shutdown actions for vendor SoC/platform.
Bug: 63686426
Test: adb shell setprop sys.powerctl thermal-shutdown
Change-Id: Ieb8579fdf9c30c1a81d60466a7375c9784f3ca98
* changes:
fastboot: add mke2fs and e2fsdroid to build package
fastboot: call mke2fs tools to generate ext4 image
fs_mgr: call format_f2fs correctly with -f
init: require e2fsdroid and mke2fs when building init
init: rename mke2fs tools with _static suffix
init calls fs_mgr to format ext4 partitions. This requires
e2fsdroid and mke2fs in /system/bin/
Bug: 35219933
Change-Id: Ia32fe438cd9b9332f8e18e0cbe7f61bd050adcb1
(cherry picked from commit 041f849548)
We build a static version for recovery mode. Give them
different names to avoid conflicts with regular version
in /system/bin/
Bug: 35219933
Change-Id: I738655ad9b9ad71c63ae604d9a4d659b0b671121
(cherry picked from commit a2421041bf)
- Skipping SIGTERM / SIGKILL / umount brings race between block
device driver and fs layer. Do umount before shutting down.
- Reduce timeout to 1 sec for thermal shutdown and skip other time
taking part like fsck.
- Refactor waiting part to check time in ms so that 1 sec can
have enough resolution.
bug: 63686426
Test: adb shell setprop sys.powerctl thermal-shutdown, adb shell setprop sys.powerctl reboot and check dmesg
Change-Id: I048bac767b328c8d656a97fe65dde5f2b5bf4ae5
Use ASSERT_EQ() instead of EXPECT_EQ() to prevent segfaults after
failed API calls.
Do not run setfscreatecon_IsPerThread unless we're in permissive mode
as it will not pass otherwise.
Test: init unit tests
Change-Id: I70525d438e89f1ec036255890169a50b5007b4c4
- If problematic process is from user, kill all kills
it and dump does not show problematic process.
bug: 37737296
Test: reboot and check log
Change-Id: Iaa4f7d12f5a40fa7528c6672567c36e30b140372
Allow configuring memory.swappiness, memory.soft_limit_in_bytes
and memory.limit_in_bytes by init; by doing so there is better
control of memory consumption per native app.
Test: tested on gobo branch.
bug: 63765067
Change-Id: I8906f3ff5ef77f75a0f4cdfbf9d424a579ed52bb
Modified Android.mk to define cflag "USER_MODE_LINUX" if
TARGET_USER_MODE_LINUX := true in BoardCofig.mk.
Modified set_mmap_rnd_bits_action to return 0 if "USER_MODE_LINUX" is
defined. This is needed since uml does not support the mmap_rnd_bits
sysctl, and init would otherwise crash without this check.
Test: manual
Bug: 32523022
Change-Id: I409ef64a1fa253bfb3f9fb59d0267be159819bb8
Signed-off-by: Quang Luong <qal@google.com>
- /vendor, /system, /oem can be remounted to R/W for development
purpose.
- In such case, umounting these partitions can lead into some processes
not running properly during shutdown or blocking umount of fs.
- So skip them. As it is dev feature, it is up to each developer to
understand the risk. But for normal adb sync - reboot should be ok
as shutdown involves sync operations.
bug: 37737296
Test: adb remount,reboot, and check last kmsg
Change-Id: Iab6a6374bc558375d359b3b49b14db93d363b1ad
setegid() and setfscreatecon() on Android both operate on a per-thread
basis, not a per-process basis.
Ueventd may take advantage of this in the future, so this CL
introduces tests that ensure that this functionality remains
consistent.
Bug: 63441941
Test: newly added unit tests
Change-Id: I8b1c62cc322b6fe44b748550a4cea8658d9efd88
init calls fs_mgr to format ext4 partitions. This requires
e2fsdroid and mke2fs in /system/bin/
Bug: 35219933
Change-Id: Ia32fe438cd9b9332f8e18e0cbe7f61bd050adcb1
It's not a error case if we do not find a device that we're attempting
to regenerate uevents for during first stage mount, but it is likely
to increase boot time, so we log a message to attribute this delay.
Bug: 63327193
Test: Boot bullhead, sailfish
Merged-In: I97c2e5aefd218bbdd87717ff3c375381f725de08
Change-Id: I97c2e5aefd218bbdd87717ff3c375381f725de08
(cherry picked from commit 322e176f6a)
- "shutdown critical" prevents killing the service during
shutdown. And the service will be started if not running.
- Without it, services will be killed by SIGTERM / SIGKILL during shutdown.
- Even services with "shutdown critical" will be killed if shutdown
times out.
- Removes ueventd and vold from hard coded list. Each service's rc will
be updated to add "shutdown critical". watchdogd is still kept in the list.
bug: 37626581
Test: reboot and check last kmsg
(cherry picked from commit cccb34fce8)
Change-Id: I3c6aeb7151e64beca4b435f843ae64455217262d
ueventd may be asked to handle firmware during the time critical
coldboot process. If we double fork to avoid needing to reap the
firmware handler, then we may add significant delay to this process,
as the first child may not get scheduled quickly enough for waitpid()
to complete without delay.
Bug: 63081260
Test: boot bullhead and sailfish, check that firmwares are loaded,
no zombie ueventd processes remain, and no new errors are shown
Change-Id: I2bac3b1fbc3a58557a00326e491c104656db27ae
- "shutdown critical" prevents killing the service during
shutdown. And the service will be started if not running.
- Without it, services will be killed by SIGTERM / SIGKILL during shutdown.
- Even services with "shutdown critical" will be killed if shutdown
times out.
- Removes ueventd and vold from hard coded list. Each service's rc will
be updated to add "shutdown critical". watchdogd is still kept in the list.
bug: 37626581
Test: reboot and check last kmsg
Change-Id: Ie8cc699d1efbc59b9a2561bdd40fec64aed5a4bb
We have been seeing panics and errors during shutdown sequence in
some vendor's platform, and it is required to disable error handling
during shutdown.
This CL separates the shutdown request to execute another "shutdown"
trigger at the beginning of shutdown stage. And vendor can use this
trigger to add custom commands needed for shutting down gracefully.
Bug: 38203024
Bug: 62084631
Test: device reboot/shutdown
Change-Id: I3fac4ed59f06667d86e477ee55ed391cf113717f
It's not a error case if we do not find a device that we're attempting
to regenerate uevents for during first stage mount, but it is likely
to increase boot time, so we log a message to attribute this delay.
Bug: 63327193
Test: Boot bullhead, sailfish
Change-Id: I97c2e5aefd218bbdd87717ff3c375381f725de08
When Android is running in a container, some of the securebits might be
locked, which makes prctl(PR_SET_SECUREBITS) fail.
This change gets the previous state of the process' securebits and adds
the desired bits.
Bug: 62388055
Test: aosp_bullhead-eng boots
Test: If init has non-zero securebits, it can also boot
Change-Id: Ie03bf2538f9dca40955bc58314d269246f5731bd
When init gets SIGCHLD, it uses waitpid() to get the pid of an exited
process. It then calls kill(-pid, ...) to ensure that all processes
in the process group started by that process are killed as well.
There is a bug here however as waitpid() reaps the pid when it
returns, meaning that the call to kill(-pid, ...) may fail with ESRCH
as there are no remaining references to that pid. Or worse, if the
pid is reused, the wrong processes may get the signal.
This fixes the bug by using waitid() with WNOWAIT to get the pid of an
exited process, which does not reap the pid. It then uses waitpid()
with the returned pid to do the reap only after the above kill(-pid,
...) and other operations have completed.
Bug: 38164998
Test: kill surfaceflinger and see that processes exit and are reaped
appropriately
Test: `adb reboot` and observe that the extraneous kill() failed
messages do not appear
Change-Id: Ic0213e1c97e0141e6c13129dc2abbfed86de138b
This change homogenizes the use of std::unique_ptr for storing
capabilities in system/core/.
Bug: None
Test: m
Change-Id: I0a95f87a27b0261e9d321841d5140fc000473293
This change makes it possible for Android running in a container to
terminate cleanly instead of calling abort() when requested to shut
down.
Bug: 62388055
Test: `adb reboot` on bullhead causes no kernel panics
Test: `adb reboot` on a system without CAP_SYS_BOOT makes init terminate
nicely
Change-Id: I36b2298610f5b4a2bf8b05103d04804883df2c88
This change makes it possible for Android running in a container to
terminate cleanly instead of calling abort() when requested to shut
down.
Bug: 62388055
Test: setprop sys.powerctl reboot makes init terminate nicely
Change-Id: I31c7b475d89d7cbd665e135d9b8951dfd4bca80d
We build a static version for recovery mode. Give them
different names to avoid conflicts with regular version
in /system/bin/
Bug: 35219933
Change-Id: I738655ad9b9ad71c63ae604d9a4d659b0b671121
Merged-In: I738655ad9b9ad71c63ae604d9a4d659b0b671121
While refactoring ueventd, I was looking for code the character device
symlinks (/dev/usb/*) that ueventd creates, such that I could test it
on a real device. I found none in our tree, and history showing Xoom,
which was last supported years ago, was the last user. If this code
is in fact obsolete, let's remove it.
Test: boot bullhead
Test: init unit tests
Change-Id: I601f7165eb06d36b31b6dcf69ee9e0a449d81a96
/default.prop is moved to /system/etc/prop.default for full Treblized
devices. Modifies property_service to load it from there first.
In recovery mode, the file is renamed as /prop.default. This path is
tried if /system/etc/prop.default is not available.
Bug: 37815285
Test: Tested with ag/2419001. Booted pixel phones, checked the location
of prop.default, verified the symlink at /default.prop, checked a
few properties via adb shell and manually tested a few apps.
Booted to recovery and ran 'adb sideload' successfully.
Change-Id: I485231f21fc86b0aec58edf867e229a31e77d85e
Merged-In: I485231f21fc86b0aec58edf867e229a31e77d85e
(cherry-picked from 527d80d945)
The generic system.img released from project Treble can't contain any verity
metadata (e.g., vboot 1.0, AVB, or any other implementation) because it's
*generic*. To make any device can boot with it, `avbctl disable-verification`
is introduced to set a new flag AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED
in the top-level vbmeta to disable the entire AVB verification process. This
should be done prior to flash the generic system.img. See the following link
for details:
https://android-review.googlesource.com/#/c/418399/
This CL checks whether AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED is
set in the top-level vbmeta. When set, skip verifying the vbmeta structs
against androidboot.vbmeta.{hash_alg, size, digest} because it will be
absent in kernel cmdline. Also, only top-level vbmeta struct is read then
returned by libavb in this case.
Note that another flag AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED, usually
set by `adb disable-verity`, is used to signal fs_mgr to skip setting up
dm-verity, but libavb still verifies all vbmeta structs. fs_mgr will
also verify all vbmeta structs against androidboot.vbmeta.{hash_alg,
size, digest} from kernel cmdline as well.
Also rename SetUpAvb() to SetUpAvbHashtree() to better fit its usage.
This function will return kDisabled when any of the above two flags is set.
Finally, regardless of which flag is set or not set, we still only allow two
return values from avb_slot_verify():
- AVB_SLOT_VERIFY_RESULT_OK: it's still possible to get this value
when any of these flags are set in build time. e.g.,
BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS=--flags 2
- AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: in most cases we should
get this value, because the flags are likely set at run time.
Bug: 62523303
Test: boot device with 'avbctl disable-verification'.
Test: boot device with 'avbctl enable-verification'.
Test: boot device with 'adb disable-verity'.
Test: boot device with 'adb enable-verity'.
Test: build image with BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS=--flags 2, then boot device.
repeat the above steps to boot device again.
Merged-In: Ie8436f3e0e82c78490208f3b85eac5238a9fdfdb
Change-Id: Ie8436f3e0e82c78490208f3b85eac5238a9fdfdb
(cherry picked from commit 60f19a0792)
The generic system.img released from project Treble can't contain any verity
metadata (e.g., vboot 1.0, AVB, or any other implementation) because it's
*generic*. To make any device can boot with it, `avbctl disable-verification`
is introduced to set a new flag AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED
in the top-level vbmeta to disable the entire AVB verification process. This
should be done prior to flash the generic system.img. See the following link
for details:
https://android-review.googlesource.com/#/c/418399/
This CL checks whether AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED is
set in the top-level vbmeta. When set, skip verifying the vbmeta structs
against androidboot.vbmeta.{hash_alg, size, digest} because it will be
absent in kernel cmdline. Also, only top-level vbmeta struct is read then
returned by libavb in this case.
Note that another flag AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED, usually
set by `adb disable-verity`, is used to signal fs_mgr to skip setting up
dm-verity, but libavb still verifies all vbmeta structs. fs_mgr will
also verify all vbmeta structs against androidboot.vbmeta.{hash_alg,
size, digest} from kernel cmdline as well.
Also rename SetUpAvb() to SetUpAvbHashtree() to better fit its usage.
This function will return kDisabled when any of the above two flags is set.
Finally, regardless of which flag is set or not set, we still only allow two
return values from avb_slot_verify():
- AVB_SLOT_VERIFY_RESULT_OK: it's still possible to get this value
when any of these flags are set in build time. e.g.,
BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS=--flags 2
- AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: in most cases we should
get this value, because the flags are likely set at run time.
Bug: 62523303
Test: boot device with 'avbctl disable-verification'.
Test: boot device with 'avbctl enable-verification'.
Test: boot device with 'adb disable-verity'.
Test: boot device with 'adb enable-verity'.
Test: build image with BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS=--flags 2, then boot device.
repeat the above steps to boot device again.
Change-Id: Ie8436f3e0e82c78490208f3b85eac5238a9fdfdb
1) property_set() takes const std::string& for both of its arguments,
so stop using .c_str() with its parameters
2) Simplify a few places where StringPrintf() is used to concatenate strings
3) Use std::to_string() instead of StringPrintf() where it's better suited
Test: Boot bullhead
Test: init unit tests
Change-Id: I68ebda0e469f6230c8f9ad3c8d5f9444e0c4fdfd
In case of non-secure builds (eng variant) fs_mgr_setup_verity() skips
verity checks regardless of fstab options. This is slightly different
than 'adb disable-verity' where it would first read the verity metadata
to check if verity is disabled.
So, this change adds a new return value of FS_MGR_SETUP_VERITY_SKIPPED
instead of piggy backing on the FS_MGR_SETUP_VERITY_DISABLED.
Bug: 62864413
Test: Boot sailfish
Merged-In: I42bf2bdce0ecb18b4c3b568e2bc96bf1590dfb35
Change-Id: I42bf2bdce0ecb18b4c3b568e2bc96bf1590dfb35
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit 95366e97dd)
In case of non-secure builds (eng variant) fs_mgr_setup_verity() skips
verity checks regardless of fstab options. This is slightly different
than 'adb disable-verity' where it would first read the verity metadata
to check if verity is disabled.
So, this change adds a new return value of FS_MGR_SETUP_VERITY_SKIPPED
instead of piggy backing on the FS_MGR_SETUP_VERITY_DISABLED.
Bug: 62864413
Test: Boot sailfish
Change-Id: I42bf2bdce0ecb18b4c3b568e2bc96bf1590dfb35
Signed-off-by: Sandeep Patil <sspatil@google.com>
First stage mount in init currently attempts to regenerate uevents for
specific devices to create the corresponding dev nodes. However, this
is racy as first stage mount happens early in the boot process and
it's possible that some of these devices have not yet been created by
the kernel.
To fix this issue, init will poll on the uevent socket for up to 10
seconds waiting for the kernel to create the required device. It will
return false and panic if this 10 second timeout passes.
Note that the same uevent socket is used in the uevent regeneration
and the polling code, so there is no race if the device is created
after the uevent regeneration and before polling starts; the first
poll will pick up the device.
Bug: 62681642
Bug: 62682821
Test: Boot bullhead
Test: Boot sailfish
Test: Boot hikey + hotplug/unplug sdcard
Merged-In: I4a6ff043eb7115b729ca4954ebc6c9e000132993
Change-Id: I4a6ff043eb7115b729ca4954ebc6c9e000132993
(cherry picked from commit c4ff5e803917f04574fe98f846875db77d0fd8f5)
In order to create symlinks for USB and block devices, the path for
their parent platform device must be known.
Previously, ueventd would save each platform device that it encounters
to a list and query this list when creating the symlinks. That,
however, is racy because the uevent socket does not differentiate
uevents from RegenerateUevents() and uevents sent by the kernel when
probing a device first the first time. The below scenario is the
faulty case:
1) Kernel probes parent platform device for a block device
2) ueventd calls RegenerateUevents() and starts processing uevents
3) Kernel probes block device and sends its uevents
4) ueventd picks up the block device uevent during its uevent processing,
without yet regenerating the platform device uevent, causing improper
symlinks to be created.
This change stops storing the platform devices in a list, and instead
traverses up the directory structure for each USB or block device
until it reaches a platform device, defined as one whose subsystem is
the platform bus. This fixes the race and simplifies the ueventd
code.
Bug: 62436493
Bug: 62681642
Test: Boot bullhead
Test: Boot sailfish
Test: Init unit tests
Test: Boot hikey + hotplug/unplug sdcard
Merged-In: I21636355d8e434f30e0cba568598a6cf139e67f9
Change-Id: I21636355d8e434f30e0cba568598a6cf139e67f9
(cherry picked from commit c94ce7b130)
First stage mount in init currently attempts to regenerate uevents for
specific devices to create the corresponding dev nodes. However, this
is racy as first stage mount happens early in the boot process and
it's possible that some of these devices have not yet been created by
the kernel.
To fix this issue, init will poll on the uevent socket for up to 10
seconds waiting for the kernel to create the required device. It will
return false and panic if this 10 second timeout passes.
Note that the same uevent socket is used in the uevent regeneration
and the polling code, so there is no race if the device is created
after the uevent regeneration and before polling starts; the first
poll will pick up the device.
Bug: 62681642
Bug: 62682821
Test: Boot bullhead
Test: Boot sailfish
Test: Boot hikey + hotplug/unplug sdcard
Change-Id: I4a6ff043eb7115b729ca4954ebc6c9e000132993
In order to create symlinks for USB and block devices, the path for
their parent platform device must be known.
Previously, ueventd would save each platform device that it encounters
to a list and query this list when creating the symlinks. That,
however, is racy because the uevent socket does not differentiate
uevents from RegenerateUevents() and uevents sent by the kernel when
probing a device first the first time. The below scenario is the
faulty case:
1) Kernel probes parent platform device for a block device
2) ueventd calls RegenerateUevents() and starts processing uevents
3) Kernel probes block device and sends its uevents
4) ueventd picks up the block device uevent during its uevent processing,
without yet regenerating the platform device uevent, causing improper
symlinks to be created.
This change stops storing the platform devices in a list, and instead
traverses up the directory structure for each USB or block device
until it reaches a platform device, defined as one whose subsystem is
the platform bus. This fixes the race and simplifies the ueventd
code.
Bug: 62436493
Bug: 62681642
Test: Boot bullhead
Test: Boot sailfish
Test: Init unit tests
Test: Boot hikey + hotplug/unplug sdcard
Change-Id: I21636355d8e434f30e0cba568598a6cf139e67f9
ueventd already does restorecon() for /sys/{block,class,devices}, so
instead of duplicating this effort with init, move the restorecon()
that init does for all of /sys to ueventd.
Bug: 62420036
Change-Id: I6125f8ff5316a0cf45872d1100d089d71802958f
Merged-In: I6125f8ff5316a0cf45872d1100d089d71802958f
Test: Boot sailfish, bullhead
ueventd already does restorecon() for /sys/{block,class,devices}, so
instead of duplicating this effort with init, move the restorecon()
that init does for all of /sys to ueventd.
Bug: 62420036
Change-Id: I6125f8ff5316a0cf45872d1100d089d71802958f
Test: Boot sailfish, bullhead
restorecon_recursive may take a long time if there are a lot of files on
the volume. This can trigger a watchdog timeout in any process that
tries to set a property while it is running. Fix this by running
restorecon_recursive in its own process.
See https://jira.lineageos.org/browse/BUGBASH-555
Change-Id: I2ce26ff2b5bfc9a133ea42f4dbac50a3ac289c04
/default.prop is moved to /system/etc/prop.default for full Treblized
devices. Modifies property_service to load it from there first.
In recovery mode, the file is renamed as /prop.default. This path is
tried if /system/etc/prop.default is not available.
Bug: 37815285
Test: Tested with ag/2419001. Booted pixel phones, checked the location
of prop.default, verified the symlink at /default.prop, checked a
few properties via adb shell and manually tested a few apps.
Booted to recovery and ran 'adb sideload' successfully.
Change-Id: I485231f21fc86b0aec58edf867e229a31e77d85e
libprocessgroup kills the cgroup associated with a given pid and uid,
but not the POSIX process group associated with it. This means that
to kill both, two of the same signals must be sent, which may cause
some issues.
This change kills all POSIX process groups whose group leaders are
found within a cgroup. It only then kills processes in the cgroup
that are not part of the POSIX process groups that have been killed.
Bug: 37853905
Bug: 62418791
Test: Boot, kill zygote, reboot
Change-Id: Id1d96935745899b4c454c36c351ec16a0b1d3827
(cherry picked from commit 70a5ed49ef)
Current first stage mount only allows three mount points: system, vendor
and/or odm. This was introduced by project Treble to mount those
verified partitions early. However, there might be some other custom
partitions needs to be mounted early as well. This CL removes the
restriction and does first stage mount for whatever specified in
fstab-dt.
Bug: 62423887
Test: first stage mount /vendor with vboot 1.0
Test: first stage mount /vendor with vboot 2.0 (AVB)
Change-Id: I6c146c64e673c35c2823523ccbde193590430c48
Merged-In: I6c146c64e673c35c2823523ccbde193590430c48
(cherry picked from commit 06ed613e73)
Current first stage mount only allows three mount points: system, vendor
and/or odm. This was introduced by project Treble to mount those
verified partitions early. However, there might be some other custom
partitions needs to be mounted early as well. This CL removes the
restriction and does first stage mount for whatever specified in
fstab-dt.
Bug: 62423887
Test: first stage mount /vendor with vboot 1.0
Test: first stage mount /vendor with vboot 2.0 (AVB)
Change-Id: I6c146c64e673c35c2823523ccbde193590430c48
libprocessgroup kills the cgroup associated with a given pid and uid,
but not the POSIX process group associated with it. This means that
to kill both, two of the same signals must be sent, which may cause
some issues.
This change kills all POSIX process groups whose group leaders are
found within a cgroup. It only then kills processes in the cgroup
that are not part of the POSIX process groups that have been killed.
Bug: 37853905
Bug: 62418791
Test: Boot, kill zygote, reboot
Change-Id: Id1d96935745899b4c454c36c351ec16a0b1d3827
fork() subprocesses to handle uevents in parallel.
This reduces coldboot time on bullhead from ~446ms to ~230ms.
This reduces coldboot time on sailfish from ~690ms to ~360ms.
This reduces coldboot time on ryu from ~187ms to ~122ms.
Bug: 33785894
Test: boot bullhead x40, observe no major differences in /dev and /sys
Test: boot sailfish x40, observe no major differences in /dev and /sys
Test: boot ryu x40, observe no major differences in /dev and /sys
Test: boottime tests on bullhead and sailfish
Test: init unit tests
Change-Id: Ie2f63e000b8af78d187477d31fe109f20304d749
Bug: 62114389
Test: boot bullhead, get/set properties with ':' via command line
Test: trigger an init trigger with a property containing a ':'
Change-Id: Ib51853a1ef9d4f79d510c8175c0d9684e2025e23
devices.cpp handles too many things for creating one class. This
change breaks it up into various files and classes.
* Parsing is moved to ueventd_parser.cpp
* Reading from the uevent socket and Cold booting is moved to a
UeventListener class, in uevent_listener.cpp
* Firmware handling is moved to firmware_handler.cpp
* The remaining contents form a DeviceHandler class within devices.cpp
Bug: 33785894
Test: boot bullhead x40, observe no major differences in /dev and /sys
Test: boot sailfish x40, observe no major differences in /dev and /sys
Test: init unit tests
Change-Id: I846a2e5995fbb344c7a8e349065c18a934fa6aba
/default.prop may be moved to /system/etc/ and renamed as prop.default.
/{system,vendor,odm}/build.prop may be moved to /{system,vendor,odm}/etc/
and renamed as prop.build.
This patch makes property_service load prop.* from the new locations
first. Also replaces NULL with nullptr for C++ cleanup.
Bug: 37815285
Test: Booted pixel phones, checked the locations of prop.*, verified
symlinks, checked a few properties (via adb shell getprop)
and manually tested a few apps (Camera, Maps etc).
ODM is not tested as it does not exist on the tested device.
Change-Id: Id8eeb3c1a5728dd04005dfad4733b8e6336f9093
Move libinit, init_tests, and test_service to Android.bp
Leave init in Android.mk as it has unfulfilled dependencies, but
create a comment in Android.bp for future use.
Remove libinit_parser and init_parser_tests as that code was never
used in init.
Bug: 36970783
Bug: 37512442
Test: Build, boot bullhead, init unit tests
Change-Id: Id81cd10ea09453a5fd762ba9189276aad79d5444
This reverts commit bdfd395e47.
We want to keep AOSP and internal master in sync and since this isn't
being used, instead of cherry-picking to AOSP, we'll revert from internal.
Test: Build
Change-Id: I161b4c7187ec260841605149b7eee7df64434246
- In some devices, some drivers still try to load firmware while shutting
down, and crashes the kernel. So keep ueventd to prevent such case.
bug: 38203024
Test: reboots
Change-Id: I4f1910723254ccb69f8e9c78e8727fbd8c7eed3e
* changes:
init: change kill order and fix error reporting in KillProcessGroup()
Better logging in libprocessgroup and make resources clean up themselves
Current first stage mount for AVB requires specifying a common prefix of
by-name symlink for all AVB partitions. It limits all AVB partitions to be on
the same block device.
firmware {
android {
compatible = "android,firmware";
vbmeta {
compatible = "android,vbmeta";
parts = "vbmeta,boot,system,vendor";
by_name_prefix="/dev/block/platform/soc.0/f9824900.sdhci/by-name" <-- *removing this*
};
fstab {
compatible = "android,fstab";
vendor {
compatible = "android,vendor";
dev = "/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor";
type = "ext4";
mnt_flags = "ro,barrier=1,inode_readahead_blks=8";
fsmgr_flags = "wait,avb";
};
};
};
};
For normal mount with AVB, it extracts the by-name prefix of /misc
partition and use it as the prefix for all other partitions:
- /dev/block/platform/soc.0/f9824900.sdhci/by-name/misc ->
- /dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor_a
Fix this by adding an internal map in FsManagerAvbOps to record the mapping
from partition name to its by-name symlink:
ByNameSymlinkMap["vendor_a"] = "/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor_a"
Two overloaded factory methods are then provided for FsManagerAvbUniquePtr:
- FsManagerAvbUniquePtr Open(ByNameSymlinkMap&& by_name_symlink_map):
for first stage mount, where the by-name symlink map will be
constructed externally, from the uevents processed by init, before
invoking this factory method.
- FsManagerAvbUniquePtr Open(const fstab& fstab): for normal mount,
where the by-name symlink map will be constructed from the input fstab
internally.
Bug: 37552224
Test: first stage mount /vendor with vboot 1.0
Test: first stage mount /vendor with vboot 2.0 (AVB)
Test: normal mount /vendor with vboot 2.0 (AVB)
Change-Id: Id17e8566da87ea22b8923fcd6e47db8d45bc7d6a
restorecon() has become nothing more than a small wrapper around
selinux_android_restore(). This itself isn't super problematic, but
it is an obstacle for compiling util.cpp on the host as that function
is not available on the host.
Bug: 36970783
Test: Boot bullhead
Merged-In: I7e209ece6898f9a0d5eb9e5d5d8155c2f1ba9faf
Change-Id: I7e209ece6898f9a0d5eb9e5d5d8155c2f1ba9faf
restorecon() has become nothing more than a small wrapper around
selinux_android_restore(). This itself isn't super problematic, but
it is an obstacle for compiling util.cpp on the host as that function
is not available on the host.
Bug: 36970783
Test: Boot bullhead
Change-Id: I7e209ece6898f9a0d5eb9e5d5d8155c2f1ba9faf
In the init scripts for socket, the type can have a suffix of
"+passcred" to request that the socket be bound to report SO_PASSCRED
credentials as part of socket transactions.
Test: gTest logd-unit-tests --gtest_filter=logd.statistics right after boot
(fails without logd.rc change)
Bug: 37985222
Change-Id: Ie5b50e99fb92fa9bec9a32463a0e6df26a968bfd
Tom Cherry