* commit '2fb90dc8b2b590e674c5e433e8bf3d3f08a887c8':
debuggerd: audit pid, uid and gid on SE Linux denial
property_service: log pid,uid and gid of setprop client
The cost of generating and throwing away a bunch of stuff that no one
normally sees is high enough to be worth avoiding.
Here's AOSP ToT on N9...
init: (Parsing /system/etc/init/atrace.rc took 0.0112s.)
init: (Parsing /system/etc/init/bootanim.rc took 0.0094s.)
init: (Parsing /system/etc/init/crash_reporter.rc took 0.0103s.)
init: (Parsing /system/etc/init/debuggerd.rc took 0.0090s.)
init: (Parsing /system/etc/init/debuggerd64.rc took 0.0085s.)
init: (Parsing /system/etc/init/drmserver.rc took 0.0078s.)
init: (Parsing /system/etc/init/dumpstate.rc took 0.0073s.)
init: (Parsing /system/etc/init/gatekeeperd.rc took 0.0063s.)
init: (Parsing /system/etc/init/installd.rc took 0.0067s.)
init: (Parsing /system/etc/init/keystore.rc took 0.0060s.)
init: (Parsing /system/etc/init/lmkd.rc took 0.0060s.)
init: (Parsing /system/etc/init/logcatd.rc took 0.0059s.)
init: (Parsing /system/etc/init/logd.rc took 0.0068s.)
init: (Parsing /system/etc/init/mdnsd.rc took 0.0057s.)
init: (Parsing /system/etc/init/mediaserver.rc took 0.0064s.)
init: (Parsing /system/etc/init/metrics_daemon.rc took 0.0063s.)
init: (Parsing /system/etc/init/mtpd.rc took 0.0055s.)
init: (Parsing /system/etc/init/netd.rc took 0.0066s.)
init: (Parsing /system/etc/init/perfprofd.rc took 0.0057s.)
init: (Parsing /system/etc/init/racoon.rc took 0.0054s.)
init: (Parsing /system/etc/init/rild.rc took 0.0061s.)
init: (Parsing /system/etc/init/servicemanager.rc took 0.0063s.)
init: (Parsing /system/etc/init/surfaceflinger.rc took 0.0061s.)
init: (Parsing /system/etc/init/uncrypt.rc took 0.0068s.)
init: (Parsing /system/etc/init/vdc.rc took 0.0065s.)
init: (Parsing /system/etc/init/vold.rc took 0.0063s.)
0.0112+0.0094+0.0103+0.0090+0.0085+0.0078+0.0073+0.0063+0.0067+0.0060+
0.0060+0.0059+0.0068+0.0057+0.0064+0.0063+0.0055+0.0066+0.0057+0.0054+
0.0061+0.0063+0.0061+0.0068+0.0065+0.0063 = 0.1809
And here it is again with the logging disabled:
init: (Parsing /system/etc/init/atrace.rc took 0.0021s.)
init: (Parsing /system/etc/init/bootanim.rc took 0.0006s.)
init: (Parsing /system/etc/init/crash_reporter.rc took 0.0007s.)
init: (Parsing /system/etc/init/debuggerd.rc took 0.0004s.)
init: (Parsing /system/etc/init/debuggerd64.rc took 0.0005s.)
init: (Parsing /system/etc/init/drmserver.rc took 0.0005s.)
init: (Parsing /system/etc/init/dumpstate.rc took 0.0005s.)
init: (Parsing /system/etc/init/gatekeeperd.rc took 0.0005s.)
init: (Parsing /system/etc/init/installd.rc took 0.0005s.)
init: (Parsing /system/etc/init/keystore.rc took 0.0013s.)
init: (Parsing /system/etc/init/lmkd.rc took 0.0006s.)
init: (Parsing /system/etc/init/logcatd.rc took 0.0013s.)
init: (Parsing /system/etc/init/logd.rc took 0.0007s.)
init: (Parsing /system/etc/init/mdnsd.rc took 0.0005s.)
init: (Parsing /system/etc/init/mediaserver.rc took 0.0009s.)
init: (Parsing /system/etc/init/metrics_daemon.rc took 0.0008s.)
init: (Parsing /system/etc/init/mtpd.rc took 0.0011s.)
init: (Parsing /system/etc/init/netd.rc took 0.0005s.)
init: (Parsing /system/etc/init/perfprofd.rc took 0.0005s.)
init: (Parsing /system/etc/init/racoon.rc took 0.0005s.)
init: (Parsing /system/etc/init/rild.rc took 0.0005s.)
init: (Parsing /system/etc/init/servicemanager.rc took 0.0005s.)
init: (Parsing /system/etc/init/surfaceflinger.rc took 0.0005s.)
init: (Parsing /system/etc/init/uncrypt.rc took 0.0005s.)
init: (Parsing /system/etc/init/vdc.rc took 0.0005s.)
init: (Parsing /system/etc/init/vold.rc took 0.0006s.)
0.0021+0.0006+0.0007+0.0004+0.0005+0.0005+0.0005+0.0005+0.0005+0.0013+
0.0006+0.0013+0.0007+0.0005+0.0009+0.0008+0.0011+0.0005+0.0005+0.0005+
0.0005+0.0005+0.0005+0.0005+0.0005+0.0006 = 0.0181
It's less than a second, but one problem is that the cost of the current
dumping is proportional to the number of init.rc files, so the more
cleanly you factor things, the more it would cost.
Change-Id: Id96f59e7d0b082d8cfdba4bdbff43a922ba4eeee
When auditing setprop denials, it is often unclear of who the process is
in a multi-process domain. To help identify the invoker, log the pid, uid,
and gid of the caller.
Before:
avc: denied { set } for property=wifi.xxx ...
After:
avc: denied { set } for property=wifi.xxx pid=30691 uid=123 gid=345 ...
Change-Id: I5cdcb3d18fbd52e0987b5e1497b9f6620c6c742a
Signed-off-by: William Roberts <william.c.roberts@intel.com>
device.shell() was changed to return a (stdout, stderr) tuple in
the following CL.
https://android-review.googlesource.com/170420
This CL fixes perfboot.py to work with the return value.
Change-Id: I85d72fc63c1f96257fb19c3051482991a7b4049d
Updates are as follows:
A detailed explanation of event triggers and property triggers
including how they can now be used
A new section describing .rc files, their locations, and the
intentions for each of these locations
A new section describing the import keyword and how it is not a
command but rather its own section
Removal of deprecated or incorrect text
Change-Id: If0a37375ac92a857900f3303ada4ba742360daff
Create a Parser class that uses multiple SectionParser interfaces to
handle parsing the different sections of an init rc.
Create an ActionParser and ServiceParser that implement SectionParser
and parse the sections corresponding to Action and Service
classes.
Remove the legacy keyword structure and replace it with std::map's
that map keyword -> (minimum args, maximum args, function pointer) for
Commands and Service Options.
Create an ImportParser that implements SectionParser and handles the
import 'section'.
Clean up the unsafe memory handling of the Action class by using
std::unique_ptr.
Change-Id: Ic5ea5510cb956dbc3f78745a35096ca7d6da7085
When init queues a trigger, it actually enqueues all of the Actions
that match with that given trigger. This works currently because
all init scripts are loaded and therefore all Actions are available
before init starts queueing any triggers.
To support loading init scripts after init has started queueing
triggers, this change enqueues Trigger objects instead of their
matching Actions. Each Trigger object then matches its associated
Actions during its execution.
Additionally, this makes a few cosmetic clean ups related to triggers.
Bug: 23186545
Change-Id: I5d177458e6df1c4b32b1072cf77e87ef952c87e4
The current behavior, which is to use tags[-1] for end_tag, is good
enough in most cases, but sometime it makes more sense to use a
different one as end_tag.
For example, when optimizing APK scanning code in package manager,
using 'boot_progress_pms_scan_end' as end_tag would give us quicker
benchmark iterations as well as more relevant numbers possibly with
a smaller standard deviation.
Change-Id: Ic6371c936b36d1d87e9742502fd8958682a3b7d5
Previously, the action, command, and service structs contained char*s
that referenced memory within the buffer returned by the strdup() of
the input buffer of parse_config. This prevented this entire memory
region from being freed, leaking contents that would never be referenced again.
The changes to convert the previous action, command, and service
structs to C++ classes created explicit ownership of the contents within
each class in the form of std::strings. With these changes, there are
no remaining references to the memory allocated by this strdup(), which
can now be freed.
This commit replaces the strdup() with std::vector<char> to allow for
the copied string to be freed when it goes out of scope instead of
relying on the C strdup() and free() functions.
Change-Id: Id0a5f711e33363082ba201afda6b26043998cb1c
This CL adds --apk-dir option, which specifies the directory
that contains APK files to be installed before measuring
boot time.
BUG: 22207911
Change-Id: Ifeacf34c779248686443a9ef02485272c140a456
'sf_stop_bootanim' is useful for tracking the time wasted by
showing the 'outro' part of the boot animation.
'wm_boot_animation_done' is also useful for tracking user
perceived boot time.
(cherry-pick of cbcf2778c3)
Bug: 22207911
Change-Id: I3549338a2161fa29675993c239f57809270797f8
This creates the concept of 'event_trigger' vs 'property_trigger'
Previously these were merged into one, such that 'on property:a=b &&
property:b=c' is triggered when properties a=b and b=c as expected,
however combinations such as 'on early-boot && boot' would trigger
during both early-boot and boot. Similarly, 'on early-boot &&
property:a=b' would trigger on both early-boot and again when property
a equals b.
The event trigger distinction ensures that the first example fails to
parse and the second example only triggers on early-boot if
property a equals b.
This coalesces Actions with the same triggers into a single Action object
Change-Id: I8f661d96e8a2d40236f252301bfe10979d663ea6
Adds a C++ tokenizer along with unit tests.
This tokenizer will replace the current C implementation
which does a poor job of keeping track of pointers.
This CL is a prerequisite for up coming changes to
the parser. This CL does not wire up this tokenizer and
changes no exsiting code. All that builds is the unit tests.
Change-Id: Iec3740bce7153640adc5e5bbdc57e644cedf0038
TEST: Unit tests all pass. No leaks under valgrind
BUG: 22843198
perfboot.py repeats the record of each event log during Android
boot specified times. By default, interval between measurements
is adjusted in such a way that CPUs are cooled down sufficiently
to avoid boot time slowdown caused by CPU thermal throttling.
This script also works around the issue of dropbox slowing down
boot time on userdebug build (http://b/20890386) by limiting
the number of files to be created by dropbox.
The result is output in a tab-separated value format.
BUG: 22207911
Change-Id: I0ddbac5d1c941efda87bc6db6388d8194d4bb3dd
This CL adds a trigger and a service so that Systrace can be used
for tracing events during boot.
persist.debug.atrace.boottrace property is used for switching on
and off tracing during boot. /data/misc/boottrace/categories
file is used for specifying the categories to be traced.
These property and file are rewritten by Systrace when the newly
added option --boot is specified.
Here is an example of tracing events of am and wm catetories
during boot.
$ external/chromium-trace/systrace am wm --boot
This command will cause the device to reboot. Once the device has
booted up, the trace report is created by hitting Ctrl+C.
As written in readme.txt, this mechanism relies on persistent
property, so tracing events that are emitted before that are not
recorded. This is enough for tracing events after zygote is
launched though.
This only works on userdebug or eng build for security reason.
BUG: 21739901
Change-Id: I03f2963d77a678f47eab5e3e29fc7e91bc9ca3a4
Support added so init scripts can now import directories.
BUG: 22721249
Change-Id: I02b566bfb50ea84469f1ea0c6ad205435a1df286
TEST: Tested importing a folder on arm64 emulator
It is only a temporary fix. I hope the code can be moved into a member
function of class Command.
Bug: 22654233
Change-Id: I38c24fb624e54986a953f44d398b3b80c3795d24
Instead, run the command only when sys.powerctl is set to
"shutdown,userrequested". This way, we can avoid running
fsck when shutdown is triggered due to a low power state.
This is a follow-up CL for http://r.android.com/158525.
Bug: 21853106
Change-Id: Ie57c23cd25162cc2a8726f876a9ba212080105fb
- Get rid of log stutter, tag (executable basename) is added by
the logging routines
Bug: 17914575
Change-Id: If00eb1b915065fb52c9311648b7ada4c9e2696bd
When SELinux is in enforcing mode, any process executed by
init must have a domain transition defined. See
https://android-review.googlesource.com/108640 for details. This
prevents an executable spawned by init from remaining in init's
(very powerful) SELinux domain.
However, this is only enforced when SELinux is in enforcing mode.
During new device bringup, it's common to run an Android device
in globally permissive mode. In globally permissive mode, SELinux
denials are logged only, but otherwise ignored. If appropriate
SELinux domain transitions are not defined from init to init spawned
processes, this could cause misleading SELinux denials attributed
to init instead of the child process.
To help address these misleading denials, modify init to not spawn
processes unless a domain transition is defined. This essentially
enforces the rules in https://android-review.googlesource.com/108640
on both permissive and enforcing kernels.
While I'm here, change some "freecon()" calls to "free()", with the
long term goal of deleting freecon() entirely.
Change-Id: I3ef3a372bb85df61a3f6234cb1113cc25fc6506a
and run fsck with -f on clean shutdown instead.
With -f, fsck.f2fs always performs a full scan of the /data
partition regardless of whether the partition is clean or not.
The full scan takes more than 2 seconds on volantis-userdebug
and delays the OS boot.
With -a, the command does almost nothing when the partition
is clean and finishes within 20-30ms on volantis-userdebug.
When the partition has an error or its check point has
CP_FSCK_FLAG (aka "need_fsck"), the command does exactly the
same full scan as -f to fix it.
Bug: 21853106
Change-Id: I126263caf34c0f5bb8f5e6794454d4e72526ce38
When launched with "-bootchart <timeout>", the Android emulator appends
"androidboot.bootchart=<timeout>" to the kernel command line, which
signals /init to start bootcharting. However, the current implementation
of bootchart_init() in init/bootchart.cpp does not parse the timeout
value correctly, preventing bootcharting to be enabled on the emulator.
This bug was introduced by commit 841b263 ("Further refactoring of the
bootchart code"). Fix it to honor the "androidboot.bootchart" trigger.
Change-Id: I221fe2c2f40a3a04bd478c3a083f7723bc309c8c
Signed-off-by: Yu Ning <yu.ning@intel.com>
* commit 'ee923139c346e6751203fc7d2a341388e01c7b19':
Set up user directory crypto in init.
logd: switch to unordered_map from BasicHashtable
rootdir: make sure the /oem mountpoint is always available
File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.
Split property loaded into system and data, and load in right order.
Bug: 22233063
File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.
Split property loaded into system and data, and load in right order.
Bug: 22233063
Change-Id: I8a6c40d44e17de386417a443c9dfc3b4e7fe59a5
android_name_to_id() returns -1U on error, which causes a
crash when the following clang options are enabled:
-fsanitize=signed-integer-overflow,unsigned-integer-overflow
-ftrap-function=abort
-fsanitize-undefined-trap-on-error
Rather than returning a negative unsigned value (which doesn't
make a lot of sense, IMHO), return a positive unsigned value.
While we're here, add logging on decode_uid failures.
Bug: 21880301
Change-Id: I652e4c1daa07c7494cceca2b4e1656b9158f2604
This adds the "writepid" option that instructs init to write the child's
pid to the given filenames (such as /dev/cpuctl/bg_non_interactive/cgroup.procs
and/or /dev/cpuset/foreground/cgroup.procs).
Bug: http://b/21163745
Change-Id: I121bb22aa208bc99c4fb334eb552fdd5bcc47c1a
(cherry picked from commit d62f0608d9)
This adds the "writepid" option that instructs init to write the child's
pid to the given filenames (such as /dev/cpuctl/bg_non_interactive/cgroup.procs
and/or /dev/cpuset/foreground/cgroup.procs).
Bug: http://b/21163745
Change-Id: I121bb22aa208bc99c4fb334eb552fdd5bcc47c1a
Shamu boots, but hammerhead doesn't. Likely cause is this change.
This reverts commit 18ae44bf3d.
Bug: 21880301
Change-Id: I490816060209c15aa07c783d05fe5b141c7c9023
Usage: system/core/init/compare-bootcharts.py base_bootchart_dir
exp_bootchart_dir
For example, here is the output where the bootanimation is changed
from "d 0 0 part2" to "c 0 0 part2":
--
process: baseline experiment (delta)
- Unit is ms (a jiffy is 10 ms on the system)
------------------------------------
/init: 50 40 (-10)
/system/bin/surfaceflinger: 4320 4470 (+150)
/system/bin/bootanimation: 6980 6990 (+10)
zygote64: 10410 10640 (+230)
zygote: 10410 10640 (+230)
system_server: 15350 15150 (-200)
bootanimation ends at: 33790 31230 (-2560)
--
In this example bootanimation is finished (estimated) 2.56 seconds sooner.
Change-Id: I39d59897c8c53d7d662676813e884b9d58feec3c
d34e407aeb removed support for
running with SELinux completely disabled. SELinux must either be
in permissive or enforcing mode now.
Remove unnecessary calls to is_selinux_enabled(). It always returns
true now.
Change-Id: Ife3156b74b13b2e590afe4accf716fc7776567e5
This new property is used as a control verb for running a recursive
restorecon at the path contained in the property value.
Shifts both SELinux actions to occur before the actual property set
occurs, so setters can watch for completion.
Bug: 21121357
Change-Id: I3db3eb876ae66e144b3bfd648349b66a028511fd
* commit 'e0e565635a7c6c36a05282622c01203afbec5ca5':
init.rc: logd: Add logpersistd (nee logcatd)
init: change exec parsing to make SECLABEL optional
logcat: -f run in background
logcat: -f flag to continue
As 1s timeout can be requested, using second resolution time to check
for timeout prevent from being accurate on the actual time we wait.
Use available gettime_ns instead.
Bug: 21374269
Change-Id: I8be1b69e02beacc7196427f97855e036addf54d1
Signed-off-by: Thierry Strudel <tstrudel@google.com>
read_file() used to append a new line character to the end of the buffer it
returns, because parse_config() isn't able to cope with input that's not
'\n'-terminated. Fix read_file() to be less insane, and push the workarounds
into the parse_config() callers.
Longer term we should rewrite parse_config().
Bug: http://b/21079470
Change-Id: Ie9d9a7adcd33b66621726aef20c4b8cc51c08be7
(cherry picked from commit eaa3b4ec6f)
read_file() used to append a new line character to the end of the buffer it
returns, because parse_config() isn't able to cope with input that's not
'\n'-terminated. Fix read_file() to be less insane, and push the workarounds
into the parse_config() callers.
Longer term we should rewrite parse_config().
Change-Id: Ie9d9a7adcd33b66621726aef20c4b8cc51c08be7
Helped debug a problem where the N9 bootloader incorrectly
concatenated the various command lines.
Bug: http://b/20906691
Change-Id: I0580b06f4185129c7eedf0bdf74b5ce17f88bf9c
Remove support for androidboot.selinux=disabled. Running with SELinux
disabled is not a supported configuration anymore. SELinux must be
in enforcing in shipping devices, but we also support permissive for
userdebug/eng builds.
Don't try security_setenforce() if we're already in enforcing mode.
A kernel compiled without CONFIG_SECURITY_SELINUX_DEVELOP does
not have a permissive mode, so the kernel will already be enforcing
once the policy is loaded.
Bug: 19702273
Change-Id: I07525a017ddb682020ec0d42e56a2702c053bdeb
Sami Tolvanen