It's been a long standing issue that init cannot respond to property
set messages when it is running a builtin command. This is
particularly problematic when the commands involve IPC to vold or
other daemons, as it prevents them from being able to set properties.
This change has init run property service in a thread, which
eliminates the above issue.
This change may also serve as a starting block to running property
service in an entirely different process to better isolate init from
handling property requests.
Test: CF boots, walleye boots, properties are set appropriately
Change-Id: I13b8bf240c9fcb1d2d5890a8be2f0ef74efd4adf
It's been a long standing issue that init cannot respond to property
set messages when it is running a builtin command. This is
particularly problematic when the commands involve IPC to vold or
other daemons, as it prevents them from being able to set properties.
This change has init run property service in a thread, which
eliminates the above issue.
This change may also serve as a starting block to running property
service in an entirely different process to better isolate init from
handling property requests.
Test: CF boots, walleye boots, properties are set appropriately
Change-Id: Id9534a5916abb2f7d2a49cda54e33c1b69c50c2f
By moving it into builtins.cpp..., but that's less bad than it is
now, especially since this is defunct in code targeting Q+. Remove
the guards that init.h isn't being included by other files too as it's
not useful anymore.
Test: build
Change-Id: Ic564fcff9e8716ec924098b07a8c9d94ca25f960
There's no fundamental reason to store this aside. That property can
only be written by init, so it's not likely that we're going to
corrupt it.
Test: boot and use serial console
Change-Id: I9248fbaf959ea913d09add829d4cb509af99d570
The first split of 1st/2nd stage init went a bit overboard, since it
split these even in the case of the recovery image and system-as-root,
which don't actually need the split. This change simplifies this a
bit:
system-as-root and recovery have a single combined /system/bin/init
and a symlink from /init to it.
non-system-as-root has a separate first stage init at /init on the
first stage ramdisk and a combined /system/bin/init on system.img.
Two particular benefits from this:
1) Removal of the rsync of TARGET_RAMDISK_OUT to the recovery image
2) Decrease of overall space on the recovery image since it won't have
a statically linked first stage init
This also unified the various entry points of init to depend entirely
on the arguments passed to it, instead of the hybrid of arguments and
environment variable used previously.
Bug: 80395578
Test: boot both system-as-root and non-system-as-root
Change-Id: Ic2f29b6f56b7defc80eaa0e7cd0c9107e978816f
Init now parses *.rc files from the APEXs when the apexd notifies the
mount event via apexd.status sysprop.
Bug: 117403679
Test: m apex.test; adb root; adb push <builtfile> /data/apex; adb reboot
adb root; adb shell setprop ctl.start apex.test; dmesg shows that init
tries to start the service which doesn't exist.
[ 47.979657] init: Could not ctl.start for 'apex.test': Cannot find '/apex/com.android.example.apex/bin/test': No such file or directory
Change-Id: I3f12355346eeb212eca4de85b6b73257283fa054
We're moving past a world where static executables are needed,
including watchdogd, so treat this like any other executable and place
it in /system/bin.
Bug: 73660730
Test: watchdogd still runs
Change-Id: I1f7508fd55dce6e9ee72a6ab7a085011a76c0053
It's currently not clear that init stops processes due to being sent a
control message nor who sent that message.
Bug: 73343913
Test: send control messages and see the logs
Change-Id: I9e9eff2001e649814107ea961b3b747a1f6da598
I'd be not doing this for a while since some of this code doesn't
compile on host and libinit previously did. But after realizing
the property_service.cpp (libinit) references symbols in init.cpp
(init) and seeing a new linker error crop up due to that, it's time to
make the fix.
My only hold out previously was that libinit compiled on host bionic
and some of init (builtins.cpp, etc) do not, however given that we
don't actually have host bionic support or host bionic init tests,
that isn't a good reason. We can and should mock out the libraries
that aren't available with host bionic when ready.
Test: build, unit tests, boot
Change-Id: Ie49362ddb637924efc272540a4f32b693643fcdc
Init keep its own copy of the environment that it uses for execve when
starting services. This is unnecessary however as libc already has
functions that mutate the environment and the environment that init
uses is clean for starting services. This change removes init's copy
of the environment and uses the libc functions instead.
This also makes small clean-up to the way the Service class stores
service specific environment variables.
Test: boot bullhead
Change-Id: I7c98a0b7aac9fa8f195ae33bd6a7515bb56faf78
This change splits out the selinux initialization and supporting
functionality into selinux.cpp and splits the security related
initialization of the rng, etc to security.cpp. It also provides
additional documentation for SEPolicy loading as this has been
requested by some teams.
It additionally cleans up sehandle and sehandle_prop. The former is
static within selinux.cpp and new wrapper functions are created around
selabel_lookup*() to better serve the users. The latter is moved to
property_service.cpp as it is isolated to that file for its usage.
Test: boot bullhead
Merged-In: Idc95d493cebc681fbe686b5160502f36af149f60
Change-Id: Idc95d493cebc681fbe686b5160502f36af149f60
(cherry picked from commit 9afb86b25d8675927cb37c86119a7ecf19f74819)
ServiceManager is essentially just a list now that the rest of its
functionality has been moved elsewhere, so the class is renamed
appropriately.
The ServiceList::Find* functions have been cleaned up into a single
smaller interface.
The ServiceList::ForEach functions have been removed in favor of
ServiceList itself being directly iterable.
Test: boot bullhead
Change-Id: Ibd57c103338f03b83d81e8b48ea0e46cd48fd8f0
* Remove the Parser singleton (Hooray!)
* Rename parser.* to tokenizer.* as this is actually a tokenizer
* Rename init_parser.* to parser.* as this is a generic parser
* Move contents of init_parser_test.cpp to service_test.cpp as this
actually is a test of the parsing in MakeExecOneshotService() and
nothing related to (init_)parser.cpp
Test: boot bullhead
Test: bool sailfish
Test: init unit tests
Change-Id: I4fe39e6483f58ebd3ce5ee715a45dbba0acf5d91
We have been seeing panics and errors during shutdown sequence in
some vendor's platform, and it is required to disable error handling
during shutdown.
This CL separates the shutdown request to execute another "shutdown"
trigger at the beginning of shutdown stage. And vendor can use this
trigger to add custom commands needed for shutting down gracefully.
Bug: 38203024
Bug: 62084631
Test: device reboot/shutdown
Change-Id: I3fac4ed59f06667d86e477ee55ed391cf113717f
Init exposes a global 'sehandle' that ueventd references as part of
devices.cpp and util.cpp. This is particularly dangerous in
device_init() in which both uevent and init write to this global.
This change creates a separate local copy for devices.cpp and puts
restrictions on where init.h can be included to make sure the global
used by init is not reference by non-init code. Future changes to
init should remove this global.
Test: Boot bullhead
Change-Id: Ifefa9e1932e9d647d06cca2618f5c8e5a7a85460
Remove the dependency on Action and Service from what should be a
generic Parser class.
Make ActionParser, ImportParser, and ServiceParser take a pointer to
their associated classes instead of accessing them through a
singleton.
Misc fixes to SectionParser Interface:
1) Make SectionParser::ParseLineSection() non-const as it always should
have been.
2) Use Rvalue references where appropriate
3) Remove extra std::string& filename in SectionParser::EndFile()
4) Only have SectionParser::ParseSection() as pure virtual
Document SectionParser.
Make ImportParser report the filename and line number of failed imports.
Make ServiceParser report the filename and line number of duplicated services.
Test: Boot bullhead
Change-Id: I86568a5b375fb4f27f4cb235ed1e37635f01d630
Currently if a process sets the sys.powerctl property, init adds this
property change into the event queue, just like any other property.
The actual logic to shutdown the device is not executed until init
gets to the action associated with the property change.
This is bad for multiple reasons, but explicitly causes deadlock in
the follow scenario:
A service is started with `exec` or `exec_start`
The same service sets sys.powerctl indicating to the system to
shutdown
The same service then waits infinitely
In this case, init doesn't process any further commands until the exec
service completes, including the command to reboot the device.
This change causes init to immediately handle sys.powerctl and reboot
the device regardless of the state of the event queue, wait for exec,
or wait for property conditions.
Bug: 37209359
Bug: 37415192
Test: Init reboots normally
Test: Update verifier can reboot the system
Change-Id: Iff2295aed970840f47e56c4bacc93001b791fa35
Exec services may also want to set other service flags such as
priority. Instead of expanding the exec syntax to handle this, create
a new command, exec_start, that will treat an existing service
definition as an exec service. The new exec_start command will start
the service then halt init from executing further commands until the
service has exited.
This change additionally encapsulates the waiting_for_exec logic into
ServiceManager and removes the ambiguous 'bool' return value from
Reap() which previously indicated if a Reaped service was an exec
service or not.
Bug: 36511808
Bug: 36102163
Test: Bullhead boots, services run with exec_start as they do exec.
Change-Id: I44f775cf1c1dd81d5c715f44fdc150c651a2c80a
Add wait time log for exec service execution time
Fix memory leak when exec service failed to start
Test: on marlin
Bug: 34518530
Change-Id: I01736bd9b1429414f3dc91dd5d02d88a681f0985
There are many use cases from vendors to exec service in background and then
use a shell scriprt to wait for the command done.
This CL is to add a wait_for_prop command to suppor those use cases.
Bug: 34746108
Test: on marlin
Change-Id: Ia81290b0928f9d375710d2daa546714f0cd65b72
With this change, init sets a property "init.start" to show the
CLOCK_BOOTTIME time at which init itself started, and for each service
an "init.svc.<name>.start" property to show the CLOCK_BOOTTIME time at
which that service was most recently started.
These times can be used by tools like bootstat to track boot time.
As part of this change, move init over to std::chrono. Also, rather than
make the command-line argument handling more complex, I've switched to
using an environment variable for communication between first- and
second-stage init, and added another environment variable to pass the
start time of the first stage through to the second stage.
Bug: http://b/32780225
Test: manual
Change-Id: Ia65a623e1866ea688b9a5433d6507926ce301dfe
This CL allows enabling of multiple consoles. A service can be
mapped to a specific console by providing the optional argument,
IE "tty0", to "console" service attribute as follows:
service fbconsole /system/bin/sh
class core
console tty0
disabled
user shell
group shell log readproc
seclabel u:r:shell:s0
Bug: None
Change-Id: I3b24e7f6848bbe5c6475f11334c04ec536e6af88
Tracked-On: https://jira01.devtools.intel.com/browse/BP-289
Signed-off-by: Viorel Suman <viorel.suman@intel.com>
This CL allows enabling of multiple consoles. The expected format
of "androidboot.console" kernel parameter is a list of available
consoles, as follows:
androidboot.console=tty0:ttyS0
A service can be mapped to a specific console by providing the
optional argument, IE "tty0", to "console" service attribute as follows:
service fbconsole /system/bin/sh
class core
console tty0
disabled
user shell
group shell log readproc
seclabel u:r:shell:s0
Bug: None
Change-Id: I3f8556425c8651bd121995869700f18b23365d55
Tracked-On: https://jira01.devtools.intel.com/browse/BP-289
Remove references to SELinux policy files in /data/security
from libselinux/android.c. In the process all code that is
apparently related to handling an alternate policy and/or
reloading the policy has been removed.
Bug: 26544104
Change-Id: I47bf76ac3c26c5d71f92a21ffac2b17ba14262ea
This creates the concept of 'event_trigger' vs 'property_trigger'
Previously these were merged into one, such that 'on property:a=b &&
property:b=c' is triggered when properties a=b and b=c as expected,
however combinations such as 'on early-boot && boot' would trigger
during both early-boot and boot. Similarly, 'on early-boot &&
property:a=b' would trigger on both early-boot and again when property
a equals b.
The event trigger distinction ensures that the first example fails to
parse and the second example only triggers on early-boot if
property a equals b.
This coalesces Actions with the same triggers into a single Action object
Change-Id: I8f661d96e8a2d40236f252301bfe10979d663ea6
It is only a temporary fix. I hope the code can be moved into a member
function of class Command.
Bug: 22654233
Change-Id: I38c24fb624e54986a953f44d398b3b80c3795d24
This adds the "writepid" option that instructs init to write the child's
pid to the given filenames (such as /dev/cpuctl/bg_non_interactive/cgroup.procs
and/or /dev/cpuset/foreground/cgroup.procs).
Bug: http://b/21163745
Change-Id: I121bb22aa208bc99c4fb334eb552fdd5bcc47c1a
Not just because it's what the cool kids are doing --- it also lets us
simplify the inner loop and decouple it from whatever systems want to
be woken to perform some activity if there's data to be read on some fd.
Currently this is just used to clean up the existing signal handling,
keychord, and property service code.
Change-Id: I4d7541a2c4386957ad877df69e3be08b96a7dec5
"&&" operator can now be used to test the validity
of two of more properties.
For example:
on property:test.a=1 && property:test.b=1
setprop test.c 1
The above stub sets the test.c to 1 only when
both test.a=1 and test.b=1
(cherry-pick of 162f7d797c67019a7a3f08c3b0f0ffc91d548ddc.)
Change-Id: I72c19f7aa92231372a416193618ee6c7fd368141
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
+ Make prints of rc commands significantly more verbose. All commands
will log all arguments, file/line number of the command, return value,
and parent action which triggered the command.
init: command 'mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000' action=init
status=0 (/init.rc:89)
init: command 'setprop net.tcp.default_init_rwnd 60' action=boot status=0
(/init.rc:403)
Change-Id: I5498c7258e4891706be4a12546df4231d14d86c4
enable <servicename>
Turns a disabled service into an enabled one as if the service did not
specify disabled in the rc file.
It will also start the service if needed.
Bug: 14472973
Change-Id: Id0b49cc687a2bc74f6f92e066c617724cc94908d
Signed-off-by: JP Abgrall <jpa@google.com>
Obsolete RLE 565 logo is used nowhere,
because 565 framebuffer isn't used for years.
It's not necessary to keep this thing alive anymore.
Change-Id: Ie61e168790f791230530cd3eb1c68b1f7344c9a7
Add an optional argument to the socket option for specifying
a SELinux security context for the socket. Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.
2) Situations where a service has multiple sockets and we want to
label them distinctly.
Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Tom Cherry