This change splits out the selinux initialization and supporting
functionality into selinux.cpp and splits the security related
initialization of the rng, etc to security.cpp. It also provides
additional documentation for SEPolicy loading as this has been
requested by some teams.
It additionally cleans up sehandle and sehandle_prop. The former is
static within selinux.cpp and new wrapper functions are created around
selabel_lookup*() to better serve the users. The latter is moved to
property_service.cpp as it is isolated to that file for its usage.
Test: boot bullhead
Merged-In: Idc95d493cebc681fbe686b5160502f36af149f60
Change-Id: Idc95d493cebc681fbe686b5160502f36af149f60
Inspired by ag/2659809/, this CL add readahead built-in command in init
to let files be prefetched into pagecache for faster reading.
Readahead happens in background but due to filesystem limitation it
might take small amount of time in it reading the filesystem metadata
needed to locate the requested blocks. So the command is executed in a
forked process to not block init execution.
Bug: 62413151
Test: boottime, dumpcache
Change-Id: I56c86e2ebc20efda4aa509e6efb736bd1d92baa5
service.cpp, which is part of libinit, references symbols in
property_service.cpp, which causes the linker to complain when linking
libinit.a in some situations.
Therefore, we move property_service.cpp to libinit.
Separately, this will make it easier to write tests for
property_service.cpp, which we will want to do in the future.
Test: build, init unit tests
Change-Id: If1cffa8510b97e9436efed3c8ea0724272383eba
The shared libselinux library does not export all of the symbols that
we use in init and the linker is now complaining about this, so let's
use the static libselinux library in init_tests to match init itself.
Test: build, init unit tests
Change-Id: I9011a959a7c49446b3529740e606140a4ee8c32d
selabel_lookup() must be threadsafe, but had failed in the past.
Bug: 63861738
Test: this newly added test
Change-Id: I78bdb8e555433e8217ac6d4be112ba91de9f03bb
* changes:
init: rename ServiceManager to ServiceList and clean it up
init: move reaping from ServiceManager to signal_handler.cpp
init: move exec operations out of ServiceManager
ServiceManager is essentially just a list now that the rest of its
functionality has been moved elsewhere, so the class is renamed
appropriately.
The ServiceList::Find* functions have been cleaned up into a single
smaller interface.
The ServiceList::ForEach functions have been removed in favor of
ServiceList itself being directly iterable.
Test: boot bullhead
Change-Id: Ibd57c103338f03b83d81e8b48ea0e46cd48fd8f0
signal_handler.cpp itself needs to be cleaned up, but this is a step
to clean up ServiceManager.
Test: boot bullhead
Change-Id: I81f1e8ac4d09692cfb364bc702cbd3deb61aa55a
These can be implemented without ServiceManager, so we remove them and
make ServiceManager slightly less of a God class.
Test: boot bullhead
Test: init unit tests
Change-Id: Ia6e546fe5292255412245256f7d230af4ece135f
The time data types associated with restarting processes halfway moved
to std::chrono and halfway didn't. In this intermediate state, the
times would get converted from nanoseconds to seconds then to
milliseconds. The precision lost when converting to seconds would
cause the main loop of init to spin whenever a process was within a
second of being restarted.
This patch cleans up this logic and uses nanoseconds and milliseconds
explicitly, with a ceiling to milliseconds to prevent unneeded
spinning.
Test: boot bullhead, kill processes, see that they restart sanely.
Change-Id: I0b017ba0e50c09704b0c5cdfcde1dba461804593
On platforms that use ACPI instead of Device Tree (DT), such as
Ranchu x86/x86_64, /proc/device-tree/firmware/android/ does not
exist. As a result, Android O is unable to mount /system, etc.
at the first stage of init:
init: First stage mount skipped (missing/incompatible fstab in
device tree)
Those platforms may create another directory that mimics the layout
of the standard DT directory in procfs, and store early mount
configuration there. E.g., Ranchu x86/x86_64 creates one in sysfs
using information encoded in the ACPI tables:
https://android-review.googlesource.com/442472https://android-review.googlesource.com/443432https://android-review.googlesource.com/442393https://android-review.googlesource.com/442395
Therefore, instead of hardcoding the Android DT path, load it from
the kernel command line using a new Android-specific property key
("androidboot.android_dt_dir"). If no such property exists, fall
back to the standard procfs path (so no change is needed for DT-
aware platforms).
Note that init/ and fs_mgr/ each have their own copy of the Android
DT path, because they do not share any global state. A future CL
should remove the duplication by refactoring.
With this CL as well as the above ones, the said warning is gone,
but early mount fails. That is a separate bug, though, and will be
addressed by another CL.
Test: Boot patched sdk_phone_x86-userdebug system image with patched
Goldfish 3.18 x86 kernel in patched Android Emulator, verify
the "init: First stage mount skipped" warning no longer shows
in dmesg.
Change-Id: Ib6df577319503ec1ca778de2b5458cc72ce07415
Signed-off-by: Yu Ning <yu.ning@intel.com>
* Remove the Parser singleton (Hooray!)
* Rename parser.* to tokenizer.* as this is actually a tokenizer
* Rename init_parser.* to parser.* as this is a generic parser
* Move contents of init_parser_test.cpp to service_test.cpp as this
actually is a test of the parsing in MakeExecOneshotService() and
nothing related to (init_)parser.cpp
Test: boot bullhead
Test: bool sailfish
Test: init unit tests
Change-Id: I4fe39e6483f58ebd3ce5ee715a45dbba0acf5d91
prctl(PR_SET_SECUREBITS, ...) expects an unsigned long as its 2nd argument.
Passing in a int64_t happens to work with a 64-bit kernel, but does not
work with a 32-bit kernel.
Bug: 63680332
Test: boot 32-bit kernel; verify services with capabilities can successfully
set those capabilties
Change-Id: I60250d107a77b54b2e9fe3419b4480b921c7e2f8
Signed-off-by: Ben Fennema <fennema@google.com>
Currently, the order that we kill to services during shutdown is the
order of services_ in ServiceManager and that is defacto the order in
which they were parsed, which is not a very useful ordering.
Related to this, we have seen a few issues during shutdown that may be
related to services with dependencies on other services, where the
dependency is killed first and the dependent service then misbehaves.
This change allows services to keep track of the order in which they
were started and shutdown then uses that information to kill running
services in the opposite order that they were started.
Bug: 64067984
Test: Boot and reboot bullhead
Change-Id: I6b4cacb03aed2a72ae98a346bce41ed5434a09c2
We've blown up twice in init due to the unsigned integer overflow
sanitizer despite the overflows in question being both defined and
intentional.
Test: boot
Change-Id: I08effe3202ac1367d858982ff5478b3a088bab37
Latest device has rootfs instead of "/system" mount point
Bug: 37737296
Test: adb remount, reboot, and check log
Change-Id: I315ecf71e85255fc55c3a80619920b456bad0956
clang is the default compiler since Android nougat
Test: mma & verified it´s still build with clang
Change-Id: I34adaeef2f6558a09f26027271222bad94780507
Signed-off-by: Lennart Wieboldt <lennart.1997@gmx.de>
Setting androidboot.seccomp=global on the kernel command line shall
enable seccomp for all processes rather than just in zygote. Doing
this has a performance impact, for now it shall just be used to audit
syscall usage during testing.
Bug: 37960259
Change-Id: I6b9fc95e9bec5e2bcfe6ef0b4343a5b422e30152
Recent change in init has bring normal shutdown sequence in
thermal-shutdown condition. This CL will make sure init fire shutdown
trigger where holds custom shutdown actions for vendor SoC/platform.
Bug: 63686426
Test: adb shell setprop sys.powerctl thermal-shutdown
Change-Id: Ieb8579fdf9c30c1a81d60466a7375c9784f3ca98
* changes:
fastboot: add mke2fs and e2fsdroid to build package
fastboot: call mke2fs tools to generate ext4 image
fs_mgr: call format_f2fs correctly with -f
init: require e2fsdroid and mke2fs when building init
init: rename mke2fs tools with _static suffix
init calls fs_mgr to format ext4 partitions. This requires
e2fsdroid and mke2fs in /system/bin/
Bug: 35219933
Change-Id: Ia32fe438cd9b9332f8e18e0cbe7f61bd050adcb1
(cherry picked from commit 041f849548)
We build a static version for recovery mode. Give them
different names to avoid conflicts with regular version
in /system/bin/
Bug: 35219933
Change-Id: I738655ad9b9ad71c63ae604d9a4d659b0b671121
(cherry picked from commit a2421041bf)
- Skipping SIGTERM / SIGKILL / umount brings race between block
device driver and fs layer. Do umount before shutting down.
- Reduce timeout to 1 sec for thermal shutdown and skip other time
taking part like fsck.
- Refactor waiting part to check time in ms so that 1 sec can
have enough resolution.
bug: 63686426
Test: adb shell setprop sys.powerctl thermal-shutdown, adb shell setprop sys.powerctl reboot and check dmesg
Change-Id: I048bac767b328c8d656a97fe65dde5f2b5bf4ae5
Use ASSERT_EQ() instead of EXPECT_EQ() to prevent segfaults after
failed API calls.
Do not run setfscreatecon_IsPerThread unless we're in permissive mode
as it will not pass otherwise.
Test: init unit tests
Change-Id: I70525d438e89f1ec036255890169a50b5007b4c4
- If problematic process is from user, kill all kills
it and dump does not show problematic process.
bug: 37737296
Test: reboot and check log
Change-Id: Iaa4f7d12f5a40fa7528c6672567c36e30b140372
Allow configuring memory.swappiness, memory.soft_limit_in_bytes
and memory.limit_in_bytes by init; by doing so there is better
control of memory consumption per native app.
Test: tested on gobo branch.
bug: 63765067
Change-Id: I8906f3ff5ef77f75a0f4cdfbf9d424a579ed52bb
Modified Android.mk to define cflag "USER_MODE_LINUX" if
TARGET_USER_MODE_LINUX := true in BoardCofig.mk.
Modified set_mmap_rnd_bits_action to return 0 if "USER_MODE_LINUX" is
defined. This is needed since uml does not support the mmap_rnd_bits
sysctl, and init would otherwise crash without this check.
Test: manual
Bug: 32523022
Change-Id: I409ef64a1fa253bfb3f9fb59d0267be159819bb8
Signed-off-by: Quang Luong <qal@google.com>
- /vendor, /system, /oem can be remounted to R/W for development
purpose.
- In such case, umounting these partitions can lead into some processes
not running properly during shutdown or blocking umount of fs.
- So skip them. As it is dev feature, it is up to each developer to
understand the risk. But for normal adb sync - reboot should be ok
as shutdown involves sync operations.
bug: 37737296
Test: adb remount,reboot, and check last kmsg
Change-Id: Iab6a6374bc558375d359b3b49b14db93d363b1ad
setegid() and setfscreatecon() on Android both operate on a per-thread
basis, not a per-process basis.
Ueventd may take advantage of this in the future, so this CL
introduces tests that ensure that this functionality remains
consistent.
Bug: 63441941
Test: newly added unit tests
Change-Id: I8b1c62cc322b6fe44b748550a4cea8658d9efd88
Tom Cherry