tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_core/rootdir/init.rc

843 lines
32 KiB
Text
Raw Normal View History

init.rc: Add documentation Android developers should never place files in /data/local/tmp. Files or directories in /data/local/tmp can be minipulated by the shell user. Android developers should never create world-writable files or directories. This is a common source of security vulnerabilities. Change-Id: I6d2cd620ab49d8ca3f39282f7d2ed682a9ba91c3
2012-03-14 23:22:54 +01:00
# Copyright (C) 2012 The Android Open Source Project
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#
Generate init.environ.rc by populating BOOTCLASSPATH - BOOTCLASSPATH now is derived from PRODUCT_BOOT_JARS, which is a product configuration variable set up by the core build system. - Moved files from the legacy ALL_PREBUILT to PRODUCT_COPY_FILES in build/target/product/embedded.mk. Bug: 9990214 Change-Id: I98bac36c1ca8c779dda572a0a5e0a22b7e4c4a7a
2013-07-24 03:03:37 +02:00
import /init.environ.rc
init.rc: Add support for new USB accessory configurations Also moved USB scripts to new file init.usb.rc Change-Id: I98e099fbd8de3eb3e1e18c9ef69312608033a50c Signed-off-by: Mike Lockwood <lockwood@google.com>
2012-04-04 20:26:59 +02:00
import /init.usb.rc
import init.${ro.hardware}.rc last to allow overriding default USB configuration Change-Id: I2194466fb7cf7ff5313d146601155ebe6043fd42
2012-08-28 19:25:13 +02:00
import /init.${ro.hardware}.rc
init.rc: import /vendor/etc/init/hw/init.${ro.hardware}.rc /init.${ro.hardware}.rc would sometime rely on being parsed before other .rc files. In this case all vendors are still able to have a .rc file included before all the ones in /vendor/etc/init. Bug: 38301110 Change-Id: I3fb6df13a39204a516874ea94f5e5ad84bca42c6
2017-05-18 21:46:34 +02:00
import /vendor/etc/init/hw/init.${ro.hardware}.rc
init: usb: Add init scripts for configfs commands This CL adds a new init script init.usb.configfs.rc to add generic configfs commands. Setting sys.usb.configfs in init.usb.{hardware}.rc enables executing commands in this script Bug=23633457 Change-Id: Iaae844a7957d6c9bf510648aaff86d56aa0c6243
2015-08-29 04:32:45 +02:00
import /init.usb.configfs.rc
Move zygote init config to its own file. This allows us to choose different configs depending on whether or not the target is 64 capable, and what its preferred default is. bug: 13647418 Change-Id: Ie1ce4245a3add7544c87d27c635ee390f4062523
2014-03-31 12:08:02 +02:00
import /init.${ro.zygote}.rc
init: import the hardware specific init file in init.rc This removes the hardcoding of the file import in init and instead allows the init.rc file to fully control what is loaded. Change-Id: I933e5bbab57f1e8705a370d660f92c6508da94d2 Signed-off-by: Dima Zavin <dima@android.com>
2011-12-16 23:23:22 +01:00
libprocessgroup: Add support for task profiles Abstract usage of cgroups into task profiles that allows for changes in cgroup hierarchy and version without affecting framework codebase. Rework current processgroup and sched_policy API function implementations to use task profiles instead of hardcoded paths and attributes. Mount cgroups using information from cgroups.json rather than from init.rc Exempt-From-Owner-Approval: already approved in internal master Bug: 111307099 Test: builds, boots Change-Id: If5532d6dc570add825cebd5b5148e00c7d688e32 Merged-In: If5532d6dc570add825cebd5b5148e00c7d688e32 Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2018-12-21 20:41:50 +01:00
# Cgroups are mounted right before early-init using list from /etc/cgroups.json
init: Move uevent handling to an external ueventd process Change-Id: Iea6c56013062ade633a1754f7bcf8cf09b3dedc1
2010-04-21 21:04:20 +02:00
on early-init
init.rc: Disable sysrq from the keyboard Don't allow the accidental triggering of sysrq functionality from the keyboard. The only expected use of sysrq functionality is via /proc/sysrq-trigger Please see https://www.kernel.org/doc/Documentation/sysrq.txt for additional information on /proc/sys/kernel/sysrq Bug: 13435961 Change-Id: I60dc92a4b2b4706e8fa34a6cead9abd449f7375f
2015-10-10 02:09:10 +02:00
# Disable sysrq from keyboard
write /proc/sys/kernel/sysrq 0
Set security context of /adb_keys and /data/misc/adb/adb_keys. I97b3d86a69681330bba549491a2fb39df6cf20ef introduced a separate type for the adb_keys file. Set the security context of the adb_keys file accordingly by adding restorecon commands to init.rc. Change-Id: I30e4d2a1ae223a03eadee58a883c79932fff59fe Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-01 15:21:47 +02:00
# Set the security context of /adb_keys if present.
restorecon /adb_keys
Add /postinstall partition when using the A/B updater. The new top level directory /postinstall is used by the A/B updater to mount the new partition and run a post-install program before rebooting into that new system. init.rc was extended to label this new directory since the initrd has no extended attributes. Bug: 27177071 TEST=`ls -laZ /` shows the /postinstall directory on edison-eng Change-Id: I6cdee7eb1d61ac7d447528962a4fad1a7bbf138d
2016-03-01 02:23:36 +01:00
# Set the security context of /postinstall if present.
restorecon /postinstall
cgroups used by init must be mounted before any services start init uses /acct and optionally /dev/memcg for tracking services and therefore these must be started before any services start. Test: check that cgroups are mounted appropriately. Change-Id: Ice095287963181fe687dbe6b7d291076e674d1cc
2017-06-01 01:07:53 +02:00
mkdir /acct/uid
lmkd: limit capability set to minimum Set F() capability set and 'drop' lmkd from AID_ROOT to AID_LMKD uid and from AID_ROOT to AID_LMKD and AID_SYSTEM gid. /dev/memcg/memory.pressure defaults to root.root mode 0000, set it up as root.system mode 0040 to allow lmkd read access. Instrument failure to set SCHED_FIFO. Annotate access points that require elevated capabilities. Test: check /proc/`pidof lmkd`/status for capability set Test: lmkd_unit_test Bug: 77650566 Change-Id: I986081a0434cf6e842b63a55726380205b30a3ea
2018-04-09 18:50:32 +02:00
# memory.pressure_level used by lmkd
chown root system /dev/memcg/memory.pressure_level
chmod 0040 /dev/memcg/memory.pressure_level
cgroups used by init must be mounted before any services start init uses /acct and optionally /dev/memcg for tracking services and therefore these must be started before any services start. Test: check that cgroups are mounted appropriately. Change-Id: Ice095287963181fe687dbe6b7d291076e674d1cc
2017-06-01 01:07:53 +02:00
# app mem cgroups, used by activity manager, lmkd and zygote
mkdir /dev/memcg/apps/ 0755 system system
Use mem cgroups in libprocessgroup if they're available Use mem cgroups if the kernel is built with CONFIG_MEMCG=y, additionally add system group. test: verified on both kernel with/without memcg enabled Change-Id: Ia2ae89efa3905e9da68fa77adac1225c667864d1
2017-06-28 08:09:03 +02:00
# cgroup for system_server and surfaceflinger
mkdir /dev/memcg/system 0550 system system
cgroups used by init must be mounted before any services start init uses /acct and optionally /dev/memcg for tracking services and therefore these must be started before any services start. Test: check that cgroups are mounted appropriately. Change-Id: Ice095287963181fe687dbe6b7d291076e674d1cc
2017-06-01 01:07:53 +02:00
init: Move uevent handling to an external ueventd process Change-Id: Iea6c56013062ade633a1754f7bcf8cf09b3dedc1
2010-04-21 21:04:20 +02:00
start ueventd
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
Activate system APEXes early Summary: Boot sequence around apexd is changed to make it possible for pre-apexd processes to use libraries from APEXes. They no longer need to wait for the apexd to finish activating APEXes, which again can be done only after /data/ is mounted. This improves overall boot performance. Detail: This change fixes the problem that processes that are started before apexd (so called pre-apexd processes) can't access libraries that are provided only by the APEXes but are not found in the system partition (e.g. libdexfile_external.so, etc.). Main idea is to activate system APEXes (/system/apex/*.apex) before /data is mounted and then activate the updated APEXes (/data/apex/*.apex) after the /data mount. Detailed boot sequence is as follows. 1) init prepares the bootstrap and default mount namespaces. A tmpfs is mounted on /apex and the propagation type of the mountpoint is set to private. 2) before any other process is started, apexd is started in bootstrap mode. When executed in the mode, apexd only activates APEXes under /system/apex. Note that APEXes activated in this phase are mounted in the bootstrap mount namespace only. 3) other pre-apexd processes are started. They are in the bootstrap mount namespace and thus are provided with the libraries from the system APEXes. 4) /data is mounted. init switches into the default mount namespace and starts apexd as a daemon as usual. 5) apexd scans both /data/apex and /system/apex, and activate latest APEXes from the directories. Note that APEXes activated in this phase are mounted in the default namespaces only and thus are not visible to the pre-apexd processes. Bug: 125549215 Test: m; device boots Change-Id: I21c60d0ebe188fa4f24d6e6861f85ca204843069
2019-02-22 14:15:25 +01:00
# Run apexd-bootstrap so that APEXes that provide critical libraries
# become available. Note that this is executed as exec_start to ensure that
# the libraries are available to the processes started after this statement.
exec_start apexd-bootstrap
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
on init
Make indentation sane in init.rc Change-Id: Ic632fbe1423eeef7ec958877d74db7b87fc385c6
2014-06-19 05:35:40 +02:00
sysclktz 0
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
init.rc: mix device-specific data into the Linux RNG Mix the contents of /proc/cmdline and /default.prop into /dev/urandom. /proc/cmdline often contains androidboot.serialno, a device-specific unique identifier. Similarly, /default.prop contains the build fingerprint and timestamp, which vary between device families. Change-Id: I8803b38c7089b2a1217b99a7c1808b29a3b138cf
2016-01-23 03:02:29 +01:00
# Mix device-specific information into the entropy pool
copy /proc/cmdline /dev/urandom
Fix path for default prop Bug: 123407630 Test: boot Change-Id: Ia10ac6ad141e980abb07d7b37487f9de9ef64796
2019-01-25 18:31:28 +01:00
copy /system/etc/prop.default /dev/urandom
init.rc: mix device-specific data into the Linux RNG Mix the contents of /proc/cmdline and /default.prop into /dev/urandom. /proc/cmdline often contains androidboot.serialno, a device-specific unique identifier. Similarly, /default.prop contains the build fingerprint and timestamp, which vary between device families. Change-Id: I8803b38c7089b2a1217b99a7c1808b29a3b138cf
2016-01-23 03:02:29 +01:00
Add /dev/stdin, /dev/stdout, and /dev/stderr. Bug: http://b/31824379 Test: `adb shell ls -l /dev/std*` Change-Id: I6af7ff205e12c10e958be263c3f1c429d48c0bbc
2018-08-22 22:21:21 +02:00
symlink /proc/self/fd/0 /dev/stdin
symlink /proc/self/fd/1 /dev/stdout
symlink /proc/self/fd/2 /dev/stderr
Add a /bin symlink for convenience. We already have /etc and /sbin. As the Android world moves towards / being on the system partition, the circumstances under which a /bin symlink won't work are reduced. This should already be usable most of the time. Bug: http://b/63142920 Test: `adb shell /bin/date` Change-Id: I81c2209ae808ced186d05fbe1d5417ce8dd93ea7
2017-12-06 17:59:02 +01:00
symlink /system/bin /bin
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
symlink /system/etc /etc
Add a /bin symlink for convenience. We already have /etc and /sbin. As the Android world moves towards / being on the system partition, the circumstances under which a /bin symlink won't work are reduced. This should already be usable most of the time. Bug: http://b/63142920 Test: `adb shell /bin/date` Change-Id: I81c2209ae808ced186d05fbe1d5417ce8dd93ea7
2017-12-06 17:59:02 +01:00
# Backward compatibility.
init.rc: mount debugfs for debugging - put it at /sys/kernel/debug so Arve will be happy - symlink /d to /sys/kernel/debug so Brian will be happy.
2009-09-19 00:31:23 +02:00
symlink /sys/kernel/debug /d
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
/vendor is sometimes on a separate partition now. Change-Id: I3217c272ea38ab8212056e0432d0ededacd362f6
2015-02-14 01:47:02 +01:00
# Link /vendor to /system/vendor for devices without a vendor partition.
Moved symlink back up. Moving the vendor symlink down was causing issues with some devices. Moved it back up, and adjusted mount to remove symlinks if necessary. Change-Id: I77126d77cfbef32250012bea3960c99b55db4cbb Signed-off-by: Daniel Rosenberg <drosen@google.com>
2014-06-26 23:55:04 +02:00
symlink /system/vendor /vendor
Actively mangage EAS schedtune nodes Move foreground tasks to /sys/fs/cgroup/stune/boost/tasks (boosted weight in EAS scheduler). Move background tasks to /sys/fs/cgroup/stune/tasks (default weight). For services started with init, set "foreground" services to boosted. Change-Id: I0e489fad9510727c13e6754dabaf311c2391f395
2015-10-27 00:22:11 +01:00
# Create energy-aware scheduler tuning nodes
Mount schedTune cgroup as /dev/stune Make stune consistent with the other cgroups mounted under /dev Change-Id: I0fe7120ad2afbe8e6a3c9f72cc3f465de618d344
2016-02-23 18:00:36 +01:00
mkdir /dev/stune/foreground
Add support for background stune group. bug 29512132 Change-Id: If8144bfee0fb30cf11f2bb26494ca5e83c11d4d7
2016-07-11 22:57:31 +02:00
mkdir /dev/stune/background
Add support for top-app stune group. bug 29512132 Change-Id: I41ec2dd80a469309f48dbb59fc27fbe43fcd67b3
2016-07-11 20:40:15 +02:00
mkdir /dev/stune/top-app
init.rc: Add a new schedtune group 'rt' for rt tasks Add a new boost group for rt tasks. Device specific changes will be in the device init rc. Bug: 33085313 Change-Id: I99ca085d0933d878795bb0eda639bb2075419415 Signed-off-by: Joel Fernandes <joelaf@google.com>
2016-12-19 20:01:55 +01:00
mkdir /dev/stune/rt
Mount schedTune cgroup as /dev/stune Make stune consistent with the other cgroups mounted under /dev Change-Id: I0fe7120ad2afbe8e6a3c9f72cc3f465de618d344
2016-02-23 18:00:36 +01:00
chown system system /dev/stune
chown system system /dev/stune/foreground
Add support for background stune group. bug 29512132 Change-Id: If8144bfee0fb30cf11f2bb26494ca5e83c11d4d7
2016-07-11 22:57:31 +02:00
chown system system /dev/stune/background
Add support for top-app stune group. bug 29512132 Change-Id: I41ec2dd80a469309f48dbb59fc27fbe43fcd67b3
2016-07-11 20:40:15 +02:00
chown system system /dev/stune/top-app
init.rc: Add a new schedtune group 'rt' for rt tasks Add a new boost group for rt tasks. Device specific changes will be in the device init rc. Bug: 33085313 Change-Id: I99ca085d0933d878795bb0eda639bb2075419415 Signed-off-by: Joel Fernandes <joelaf@google.com>
2016-12-19 20:01:55 +01:00
chown system system /dev/stune/rt
Mount schedTune cgroup as /dev/stune Make stune consistent with the other cgroups mounted under /dev Change-Id: I0fe7120ad2afbe8e6a3c9f72cc3f465de618d344
2016-02-23 18:00:36 +01:00
chown system system /dev/stune/tasks
chown system system /dev/stune/foreground/tasks
Add support for background stune group. bug 29512132 Change-Id: If8144bfee0fb30cf11f2bb26494ca5e83c11d4d7
2016-07-11 22:57:31 +02:00
chown system system /dev/stune/background/tasks
Add support for top-app stune group. bug 29512132 Change-Id: I41ec2dd80a469309f48dbb59fc27fbe43fcd67b3
2016-07-11 20:40:15 +02:00
chown system system /dev/stune/top-app/tasks
init.rc: Add a new schedtune group 'rt' for rt tasks Add a new boost group for rt tasks. Device specific changes will be in the device init rc. Bug: 33085313 Change-Id: I99ca085d0933d878795bb0eda639bb2075419415 Signed-off-by: Joel Fernandes <joelaf@google.com>
2016-12-19 20:01:55 +01:00
chown system system /dev/stune/rt/tasks
Mount schedTune cgroup as /dev/stune Make stune consistent with the other cgroups mounted under /dev Change-Id: I0fe7120ad2afbe8e6a3c9f72cc3f465de618d344
2016-02-23 18:00:36 +01:00
chmod 0664 /dev/stune/tasks
chmod 0664 /dev/stune/foreground/tasks
Add support for background stune group. bug 29512132 Change-Id: If8144bfee0fb30cf11f2bb26494ca5e83c11d4d7
2016-07-11 22:57:31 +02:00
chmod 0664 /dev/stune/background/tasks
Add support for top-app stune group. bug 29512132 Change-Id: I41ec2dd80a469309f48dbb59fc27fbe43fcd67b3
2016-07-11 20:40:15 +02:00
chmod 0664 /dev/stune/top-app/tasks
init.rc: Add a new schedtune group 'rt' for rt tasks Add a new boost group for rt tasks. Device specific changes will be in the device init rc. Bug: 33085313 Change-Id: I99ca085d0933d878795bb0eda639bb2075419415 Signed-off-by: Joel Fernandes <joelaf@google.com>
2016-12-19 20:01:55 +01:00
chmod 0664 /dev/stune/rt/tasks
Actively mangage EAS schedtune nodes Move foreground tasks to /sys/fs/cgroup/stune/boost/tasks (boosted weight in EAS scheduler). Move background tasks to /sys/fs/cgroup/stune/tasks (default weight). For services started with init, set "foreground" services to boosted. Change-Id: I0e489fad9510727c13e6754dabaf311c2391f395
2015-10-27 00:22:11 +01:00
Apply initial settings for blkio cgroup Bug: 111422845 Test: values are applied Change-Id: Id28d9619fc2fd2287fe656b8032025184ae7f631
2019-04-23 15:33:56 +02:00
# Create blkio group and apply initial settings.
# This feature needs kernel to support it, and the
# device's init.rc must actually set the correct values.
Add blkio cgroup to libprocessgroup To differentiate IO priority for different groups. Bug: 111422845 Bug: 117857342 Test: tasks are assigned to the group as expected Change-Id: Ibb108d1b8e0f720f7ac4cab248b3c33d35e5483d
2019-02-21 07:37:36 +01:00
mkdir /dev/blkio/background
chown system system /dev/blkio
chown system system /dev/blkio/background
chown system system /dev/blkio/tasks
chown system system /dev/blkio/background/tasks
chmod 0664 /dev/blkio/tasks
chmod 0664 /dev/blkio/background/tasks
Apply initial settings for blkio cgroup Bug: 111422845 Test: values are applied Change-Id: Id28d9619fc2fd2287fe656b8032025184ae7f631
2019-04-23 15:33:56 +02:00
write /dev/blkio/blkio.weight 1000
write /dev/blkio/background/blkio.weight 500
write /dev/blkio/blkio.group_idle 0
write /dev/blkio/background/blkio.group_idle 0
Add blkio cgroup to libprocessgroup To differentiate IO priority for different groups. Bug: 111422845 Bug: 117857342 Test: tasks are assigned to the group as expected Change-Id: Ibb108d1b8e0f720f7ac4cab248b3c33d35e5483d
2019-02-21 07:37:36 +01:00
Progress towards dynamic storage support. To support external storage devices that are dynamically added and removed at runtime, we're changing /mnt and /storage to be tmpfs that are managed by vold. To support primary storage being inserted/ejected at runtime in a multi-user environment, we can no longer bind-mount each user into place. Instead, we have a new /storage/self/primary symlink which is resolved through /mnt/user/n/primary, and which vold updates at runtime. Fix small mode bugs in FUSE daemon so it can be safely mounted visible to all users on device. Bug: 19993667 Change-Id: I0ebf4d10aba03d73d9a6fa37d4d43766be8a173b
2015-03-16 18:17:47 +01:00
restorecon_recursive /mnt
Migrate sdcard0 to shell-accessible location. Also remove mount() from adb, since it can come online long before data partition is ready. Set EXTERNAL_STORAGE environment variable to point to owner for backwards compatibility. Bug: 7005701 Change-Id: I63444f6636624eb7ad89f053daa289663424639e
2012-08-18 01:01:16 +02:00
init.rc: Add nodev,noexec,nosuid to /config This change adds some additional flags to the /config mount. This is to reduce the number of mounts with unnecessary privileges. Bug: 73255020 Test: aosp_sailfish still boots Test: CtsAppSecurityHostTestCases {ExternalStorageHostTest,StorageHostTest} Merged-In: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f Change-Id: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f
2018-02-14 17:35:01 +01:00
mount configfs none /config nodev noexec nosuid
Change /configfs/sdcardfs to 0770 Change-Id: I0a66f6b3ebc3dee398e4f23f5a58ebf7d62cc4c3 Bug: 69929297 Test: setenforce 0 su mkdir /config/sdcardfs/test su u0_a0,u0_a0,u0_a0 echo 10000 > /config/sdcardfs/test/appid Write should fail Signed-off-by: Daniel Rosenberg <drosen@google.com>
2017-11-29 23:49:08 +01:00
chmod 0770 /config/sdcardfs
Set up configfs Bug: 19160983 Change-Id: I8fddf11fb6124950dfa2528a4f420abd9d461df6 Signed-off-by: Daniel Rosenberg <drosen@google.com>
2016-02-19 04:48:31 +01:00
chown system package_info /config/sdcardfs
rootdir: init.rc: Create secure staging directories, and a compat symlink Signed-off-by: San Mehat <san@google.com>
2010-02-20 03:25:22 +01:00
mkdir /mnt/secure 0700 root root
Progress towards dynamic storage support. To support external storage devices that are dynamically added and removed at runtime, we're changing /mnt and /storage to be tmpfs that are managed by vold. To support primary storage being inserted/ejected at runtime in a multi-user environment, we can no longer bind-mount each user into place. Instead, we have a new /storage/self/primary symlink which is resolved through /mnt/user/n/primary, and which vold updates at runtime. Fix small mode bugs in FUSE daemon so it can be safely mounted visible to all users on device. Bug: 19993667 Change-Id: I0ebf4d10aba03d73d9a6fa37d4d43766be8a173b
2015-03-16 18:17:47 +01:00
mkdir /mnt/secure/asec 0700 root root
mkdir /mnt/asec 0755 root system
mkdir /mnt/obb 0755 root system
mkdir /mnt/media_rw 0750 root media_rw
mkdir /mnt/user 0755 root root
mkdir /mnt/user/0 0755 root root
Mount point for expanded storage. Managed by vold. Bug: 19993667 Change-Id: I7957b44d37d6a1f572cbec515d03856a8ed54391
2015-04-06 23:08:54 +02:00
mkdir /mnt/expand 0771 system system
Add /mnt/appfuse mount point to init.rc. BUG=25755834 Change-Id: I00b1185aec7a95baa6ef2f345a49761f3d006c4d
2015-12-11 05:29:04 +01:00
mkdir /mnt/appfuse 0711 root root
Progress towards dynamic storage support. To support external storage devices that are dynamically added and removed at runtime, we're changing /mnt and /storage to be tmpfs that are managed by vold. To support primary storage being inserted/ejected at runtime in a multi-user environment, we can no longer bind-mount each user into place. Instead, we have a new /storage/self/primary symlink which is resolved through /mnt/user/n/primary, and which vold updates at runtime. Fix small mode bugs in FUSE daemon so it can be safely mounted visible to all users on device. Bug: 19993667 Change-Id: I0ebf4d10aba03d73d9a6fa37d4d43766be8a173b
2015-03-16 18:17:47 +01:00
Let's reinvent storage, yet again! Now that we're treating storage as a runtime permission, we need to grant read/write access without killing the app. This is really tricky, since we had been using GIDs for access control, and they're set in stone once Zygote drops privileges. The only thing left that can change dynamically is the filesystem itself, so let's do that. This means changing the FUSE daemon to present itself as three different views: /mnt/runtime_default/foo - view for apps with no access /mnt/runtime_read/foo - view for apps with read access /mnt/runtime_write/foo - view for apps with write access There is still a single location for all the backing files, and filesystem permissions are derived the same way for each view, but the file modes are masked off differently for each mountpoint. During Zygote fork, it wires up the appropriate storage access into an isolated mount namespace based on the current app permissions. When the app is granted permissions dynamically at runtime, the system asks vold to jump into the existing mount namespace and bind mount the newly granted access model into place. Bug: 21858077 Change-Id: I5a016f0958a92fd390c02b5ae159f8008bd4f4b7
2015-06-23 23:30:37 +02:00
# Storage views to support runtime permissions
Protect runtime storage mount points. We have a bunch of magic that mounts the correct view of storage access based on the runtime permissions of an app, but we forgot to protect the real underlying data sources; oops. This series of changes just bumps the directory heirarchy one level to give us /mnt/runtime which we can mask off as 0700 to prevent people from jumping to the exposed internals. Also add CTS tests to verify that we're protecting access to internal mount points like this. Bug: 22964288 Change-Id: I32068e63a3362b37e8ebca1418f900bb8537b498
2015-08-06 20:39:44 +02:00
mkdir /mnt/runtime 0700 root root
mkdir /mnt/runtime/default 0755 root root
mkdir /mnt/runtime/default/self 0755 root root
mkdir /mnt/runtime/read 0755 root root
mkdir /mnt/runtime/read/self 0755 root root
mkdir /mnt/runtime/write 0755 root root
mkdir /mnt/runtime/write/self 0755 root root
Reland "Create new mount directory /mnt/runtime/full." This will be used for system internals to access secondary volumes without having to bypass sdcardfs. This reverts commit 54b8844b1307ce64069861f8213c8bfed34b69d7 Bug: 121277410 Test: manual Change-Id: Id5b995dc5899b5999f1dea662ba1c3ee475a0e46
2019-01-17 08:25:28 +01:00
mkdir /mnt/runtime/full 0755 root root
mkdir /mnt/runtime/full/self 0755 root root
rootdir: init.rc: Create secure staging directories, and a compat symlink Signed-off-by: San Mehat <san@google.com>
2010-02-20 03:25:22 +01:00
Progress towards dynamic storage support. To support external storage devices that are dynamically added and removed at runtime, we're changing /mnt and /storage to be tmpfs that are managed by vold. To support primary storage being inserted/ejected at runtime in a multi-user environment, we can no longer bind-mount each user into place. Instead, we have a new /storage/self/primary symlink which is resolved through /mnt/user/n/primary, and which vold updates at runtime. Fix small mode bugs in FUSE daemon so it can be safely mounted visible to all users on device. Bug: 19993667 Change-Id: I0ebf4d10aba03d73d9a6fa37d4d43766be8a173b
2015-03-16 18:17:47 +01:00
# Symlink to keep legacy apps working in multi-user world
symlink /storage/self/primary /sdcard
init.rc: Restore the /mnt/sdcard symlink "You are in a maze of twisty little symlinks, all alike." Restore the /mnt/sdcard symlink, for compatibility with older Android apps. This symlink was suppose to have been removed in the Gingerbread time frame, but lives on. Note: The /mnt/sdcard symlink was originally created in device specific *.rc files in the device/vendor/hardware/* directory. This change moves the creation of the symlink into the common init.rc file. Bug: 25801877 Bug: 28108983 Change-Id: I2f9bf71bddffadb587d7376dfdfc8a546c84ec28
2016-04-13 05:36:01 +02:00
symlink /storage/self/primary /mnt/sdcard
Protect runtime storage mount points. We have a bunch of magic that mounts the correct view of storage access based on the runtime permissions of an app, but we forgot to protect the real underlying data sources; oops. This series of changes just bumps the directory heirarchy one level to give us /mnt/runtime which we can mask off as 0700 to prevent people from jumping to the exposed internals. Also add CTS tests to verify that we're protecting access to internal mount points like this. Bug: 22964288 Change-Id: I32068e63a3362b37e8ebca1418f900bb8537b498
2015-08-06 20:39:44 +02:00
symlink /mnt/user/0/primary /mnt/runtime/default/self/primary
Add directories for OBB mounting Change-Id: Ib73e9bca50fb168ab5d147cc260666a770092961
2010-07-15 21:14:44 +02:00
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/cpu/alignment 4
Disable scaling of the cfs tunables. The cfs tunables auto-scale with the number of active cpus by default. Given that the tunable settings are in device-independent code and it's not known how many cores are currently active when the init.rc file runs, the cfs tunables can vary pretty significantly across devices depending on the state at boot. Disable scaling of the the tunables so that we can get more consistent behavior of cfs across devices. If we want to do per-device tuning of these values, we can override what's written here in device specific files. Bug: 22634118 Change-Id: Id19b24ef819fef762521e75af55e6d4378cfc949
2015-07-21 01:01:48 +02:00
# scheduler tunables
# Disable auto-scaling of scheduler tunables with hotplug. The tunables
# will vary across devices in unpredictable ways if allowed to scale with
# cpu cores.
write /proc/sys/kernel/sched_tunable_scaling 0
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
rootdir: init.rc: tweak cfs scheduler - disable child_runs_first Signed-off-by: San Mehat <san@google.com>
2009-09-16 22:32:23 +02:00
write /proc/sys/kernel/sched_child_runs_first 0
Disable scaling of the cfs tunables. The cfs tunables auto-scale with the number of active cpus by default. Given that the tunable settings are in device-independent code and it's not known how many cores are currently active when the init.rc file runs, the cfs tunables can vary pretty significantly across devices depending on the state at boot. Disable scaling of the the tunables so that we can get more consistent behavior of cfs across devices. If we want to do per-device tuning of these values, we can override what's written here in device specific files. Bug: 22634118 Change-Id: Id19b24ef819fef762521e75af55e6d4378cfc949
2015-07-21 01:01:48 +02:00
enable heap randomization. Bug: 5250555 Change-Id: I7acb0645402611875c481aec33ece85fced7a336
2011-10-06 20:47:11 +02:00
write /proc/sys/kernel/randomize_va_space 2
set mmap_min_addr to 32768 Bug: 5712789 Change-Id: I586a99cd63d8fba06bc2562b1cfce531ee4f554c
2011-12-05 23:48:08 +01:00
write /proc/sys/vm/mmap_min_addr 32768
init.rc: allow IPPROTO_ICMP support Allow userspace programs to create IPPROTO_ICMP sockets. This socket type allows an unprivileged program to safely send ICMP_ECHO messages and receive the corresponding ICMP_ECHOREPLY messages, without relying on raw sockets or setuid programs. Please see http://lwn.net/Articles/443051/ for details. In particular, this allows us to use a version of ping which doesn't have any capabilities (https://android-review.googlesource.com/52072). In addition, this allows us to safely implement an IPv4 ICMP based version of InetAddress.isReachable() (https://code.google.com/p/android/issues/detail?id=20106) Change-Id: I876718151efa8219c4f34f573e35e21256fe2316
2013-02-22 03:36:43 +01:00
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
logd: increase dgram_max_qlen to 600 Seeing liblog messages on system_server runtime restart (too much system_server spam, 566 messages in 72ms) Bug: 23788621 Change-Id: I5171f2c19a3538da190fc6c2b40e978d89bf0e20
2015-09-08 20:24:07 +02:00
write /proc/sys/net/unix/max_dgram_qlen 600
Update cgroups Change-Id: If4488944e8a1c8af7b13847069d03b7ea4a30785
2012-04-20 01:18:37 +02:00
write /proc/sys/kernel/sched_rt_runtime_us 950000
write /proc/sys/kernel/sched_rt_period_us 1000000
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
socket: uevent: use SO_RCVBUF instead of SO_RCVBUFFORCE The SO_RCVBUFFORCE option requires the caller of uevent_create_socket() to have net_admin capabilities. Set platform default rcv/snd buffer sizes to 256kb that will always be overridden by the device/target. However, it will allow ueventd / healthd to use the uevent_create_socket() API w/o requiring the net_admin capability. Note: All devices override the buffer sizes according to the technology maximum to at least ~8MB. So, the init.rc change here is to make sure platform code can work w/o any overrides. Test: no SELinux failures for healthd with 'net_admin' removed. Bug: https://b/32733887 Change-Id: Ida346468cd550ad07901bf3a78ad508939849906 Signed-off-by: Sandeep Patil <sspatil@google.com>
2016-12-07 19:55:45 +01:00
# Assign reasonable ceiling values for socket rcv/snd buffers.
# These should almost always be overridden by the target per the
# the corresponding technology maximums.
write /proc/sys/net/core/rmem_max 262144
write /proc/sys/net/core/wmem_max 262144
Set kernel proc files for fwmark reflection and table numbers for RAs. (cherry picked from commit 2c2807ac1041751583e0c3b6892ca56eae423fa2) Change-Id: I5f0d759cb9b8590555af7f5503f00d3e455ece54
2014-04-10 02:44:56 +02:00
# reflect fwmark from incoming packets onto generated replies
write /proc/sys/net/ipv4/fwmark_reflect 1
write /proc/sys/net/ipv6/fwmark_reflect 1
# set fwmark on accepted sockets
write /proc/sys/net/ipv4/tcp_fwmark_accept 1
init.rc: disable ICMP redirects Bug: 18604139 Change-Id: I4bf22d0029f8b03b0ef4329b7b8632d8e116c8e1 Signed-off-by: Greg Hackmann <ghackmann@google.com>
2014-12-03 18:57:00 +01:00
# disable icmp redirects
write /proc/sys/net/ipv4/conf/all/accept_redirects 0
write /proc/sys/net/ipv6/conf/all/accept_redirects 0
init.rc: Lock down access to /proc/net/fib_trie Make /proc/net/fib_trie only readable to root. Bug: 31269937 Test: Device boots, file has appropriate permissions. Change-Id: I0d01ce5c043d576344a6732b0b9ff93d62fcaa34
2017-08-25 21:55:52 +02:00
# /proc/net/fib_trie leaks interface IP addresses
chmod 0400 /proc/net/fib_trie
Make indentation sane in init.rc Change-Id: Ic632fbe1423eeef7ec958877d74db7b87fc385c6
2014-06-19 05:35:40 +02:00
# Create cgroup mount points for process groups
rootdir: init.rc: Fix typo in chown of /dev/cpuctl Signed-off-by: San Mehat <san@google.com>
2010-01-17 21:21:42 +01:00
chown system system /dev/cpuctl
Revert "rootdir: init.rc: *LATENCY EXPERIMENT* - Disable cgroups in favor of new scheduler policy support" This reverts commit 35ad5f41c39c5f3af7a8f00185a13366f4901e69.
2009-10-06 20:22:55 +02:00
chown system system /dev/cpuctl/tasks
Make the default cgroup, the foreground cgroup. All kernel services will now be in the same cgroup as foreground applications. This will now make kernel threads not implicitly higher priority than android foreground services. Bug 17681097 Change-Id: I28e81c7aade50428d5395df86f00ce01c1e7af02
2014-10-04 02:02:53 +02:00
chmod 0666 /dev/cpuctl/tasks
Update cgroups Change-Id: If4488944e8a1c8af7b13847069d03b7ea4a30785
2012-04-20 01:18:37 +02:00
write /dev/cpuctl/cpu.rt_period_us 1000000
Update FIFO settings for new uses of FIFO. Adjust FIFO timings as well as allow SurfaceFlinger to use FIFO. bug 24503801 Change-Id: I2c21d4c1788777c2d0d77227bb872701b35c4ff6
2016-06-17 23:02:16 +02:00
write /dev/cpuctl/cpu.rt_runtime_us 950000
Revert "rootdir: init.rc: *LATENCY EXPERIMENT* - Disable cgroups in favor of new scheduler policy support" This reverts commit 35ad5f41c39c5f3af7a8f00185a13366f4901e69.
2009-10-06 20:22:55 +02:00
add cpuset support to libcutils bug 21782794 Change-Id: I249531754fb29442dc3c7434d77dbb103f4220a7
2015-06-08 23:56:29 +02:00
# sets up initial cpusets for ActivityManager
Reorder init.rc to avoid a kernel warning. 3.18 has a warning in dmesg that appears when the parent cpuset's cpus and mems are changed to something other than what the child has. Reorder init.rc to prevent this warning from appearing. bug 24941443 Change-Id: I49d8394063b23dce03222dcc9ddccdc32bb97ea2
2015-10-15 21:38:15 +02:00
# this ensures that the cpusets are present and usable, but the device's
# init.rc must actually set the correct cpus
add cpuset support to libcutils bug 21782794 Change-Id: I249531754fb29442dc3c7434d77dbb103f4220a7
2015-06-08 23:56:29 +02:00
mkdir /dev/cpuset/foreground
init.rc: set initial cpuset to all cores Starting zygote early requires cpuset to be initialized to all cores for foreground cpuset. Change to expolit all cores by default at boot and let device manufacturers override to proper values in device specific init script. Bug: 36576280 Test: marlin boot fast and checked cpuset during early boot Change-Id: I2c1ce0630e58a7b04d1a453c6740d3f0bce9de9f (cherry picked from commit 2e83b86a8a10c825799062770ed8c85878e5b4e1)
2017-04-14 03:27:35 +02:00
copy /dev/cpuset/cpus /dev/cpuset/foreground/cpus
copy /dev/cpuset/mems /dev/cpuset/foreground/mems
add cpuset support to libcutils bug 21782794 Change-Id: I249531754fb29442dc3c7434d77dbb103f4220a7
2015-06-08 23:56:29 +02:00
mkdir /dev/cpuset/background
init.rc: set initial cpuset to all cores Starting zygote early requires cpuset to be initialized to all cores for foreground cpuset. Change to expolit all cores by default at boot and let device manufacturers override to proper values in device specific init script. Bug: 36576280 Test: marlin boot fast and checked cpuset during early boot Change-Id: I2c1ce0630e58a7b04d1a453c6740d3f0bce9de9f (cherry picked from commit 2e83b86a8a10c825799062770ed8c85878e5b4e1)
2017-04-14 03:27:35 +02:00
copy /dev/cpuset/cpus /dev/cpuset/background/cpus
copy /dev/cpuset/mems /dev/cpuset/background/mems
Reorder init.rc to avoid a kernel warning. 3.18 has a warning in dmesg that appears when the parent cpuset's cpus and mems are changed to something other than what the child has. Reorder init.rc to prevent this warning from appearing. bug 24941443 Change-Id: I49d8394063b23dce03222dcc9ddccdc32bb97ea2
2015-10-15 21:38:15 +02:00
add system-background cpuset add a new cpuset for system services that should not run on larger cores bug 24144797 Change-Id: I21a54f0d6b46b3b8bd8c4564b8685c88cfc4a57d
2015-09-18 22:18:49 +02:00
# system-background is for system tasks that should only run on
# little cores, not on bigs
Reorder init.rc to avoid a kernel warning. 3.18 has a warning in dmesg that appears when the parent cpuset's cpus and mems are changed to something other than what the child has. Reorder init.rc to prevent this warning from appearing. bug 24941443 Change-Id: I49d8394063b23dce03222dcc9ddccdc32bb97ea2
2015-10-15 21:38:15 +02:00
# to be used only by init, so don't change system-bg permissions
add system-background cpuset add a new cpuset for system services that should not run on larger cores bug 24144797 Change-Id: I21a54f0d6b46b3b8bd8c4564b8685c88cfc4a57d
2015-09-18 22:18:49 +02:00
mkdir /dev/cpuset/system-background
init.rc: set initial cpuset to all cores Starting zygote early requires cpuset to be initialized to all cores for foreground cpuset. Change to expolit all cores by default at boot and let device manufacturers override to proper values in device specific init script. Bug: 36576280 Test: marlin boot fast and checked cpuset during early boot Change-Id: I2c1ce0630e58a7b04d1a453c6740d3f0bce9de9f (cherry picked from commit 2e83b86a8a10c825799062770ed8c85878e5b4e1)
2017-04-14 03:27:35 +02:00
copy /dev/cpuset/cpus /dev/cpuset/system-background/cpus
copy /dev/cpuset/mems /dev/cpuset/system-background/mems
Reorder init.rc to avoid a kernel warning. 3.18 has a warning in dmesg that appears when the parent cpuset's cpus and mems are changed to something other than what the child has. Reorder init.rc to prevent this warning from appearing. bug 24941443 Change-Id: I49d8394063b23dce03222dcc9ddccdc32bb97ea2
2015-10-15 21:38:15 +02:00
cutils: add restricted cpuset Bug 78197570 Test: CTS Exempt-From-Owner-Approval: owner OOO, build cop says it's fine Change-Id: I6df972950b75a839caa463ae282ad000b959e8ae
2018-04-13 19:15:49 +02:00
# restricted is for system tasks that are being throttled
# due to screen off.
mkdir /dev/cpuset/restricted
copy /dev/cpuset/cpus /dev/cpuset/restricted/cpus
copy /dev/cpuset/mems /dev/cpuset/restricted/mems
Enable top-app cpuset support. Allows ActivityManager to use the top-app cpuset to grant the currently focused app exclusive access to a CPU core. Change-Id: I45bca5170477e413dec6e5889338399d0859706c
2016-01-12 01:16:35 +01:00
mkdir /dev/cpuset/top-app
init.rc: set initial cpuset to all cores Starting zygote early requires cpuset to be initialized to all cores for foreground cpuset. Change to expolit all cores by default at boot and let device manufacturers override to proper values in device specific init script. Bug: 36576280 Test: marlin boot fast and checked cpuset during early boot Change-Id: I2c1ce0630e58a7b04d1a453c6740d3f0bce9de9f (cherry picked from commit 2e83b86a8a10c825799062770ed8c85878e5b4e1)
2017-04-14 03:27:35 +02:00
copy /dev/cpuset/cpus /dev/cpuset/top-app/cpus
copy /dev/cpuset/mems /dev/cpuset/top-app/mems
Enable top-app cpuset support. Allows ActivityManager to use the top-app cpuset to grant the currently focused app exclusive access to a CPU core. Change-Id: I45bca5170477e413dec6e5889338399d0859706c
2016-01-12 01:16:35 +01:00
Reorder init.rc to avoid a kernel warning. 3.18 has a warning in dmesg that appears when the parent cpuset's cpus and mems are changed to something other than what the child has. Reorder init.rc to prevent this warning from appearing. bug 24941443 Change-Id: I49d8394063b23dce03222dcc9ddccdc32bb97ea2
2015-10-15 21:38:15 +02:00
# change permissions for all cpusets we'll touch at runtime
add cpuset support to libcutils bug 21782794 Change-Id: I249531754fb29442dc3c7434d77dbb103f4220a7
2015-06-08 23:56:29 +02:00
chown system system /dev/cpuset
chown system system /dev/cpuset/foreground
chown system system /dev/cpuset/background
Actively mangage EAS schedtune nodes Move foreground tasks to /sys/fs/cgroup/stune/boost/tasks (boosted weight in EAS scheduler). Move background tasks to /sys/fs/cgroup/stune/tasks (default weight). For services started with init, set "foreground" services to boosted. Change-Id: I0e489fad9510727c13e6754dabaf311c2391f395
2015-10-27 00:22:11 +01:00
chown system system /dev/cpuset/system-background
Enable top-app cpuset support. Allows ActivityManager to use the top-app cpuset to grant the currently focused app exclusive access to a CPU core. Change-Id: I45bca5170477e413dec6e5889338399d0859706c
2016-01-12 01:16:35 +01:00
chown system system /dev/cpuset/top-app
cutils: add restricted cpuset Bug 78197570 Test: CTS Exempt-From-Owner-Approval: owner OOO, build cop says it's fine Change-Id: I6df972950b75a839caa463ae282ad000b959e8ae
2018-04-13 19:15:49 +02:00
chown system system /dev/cpuset/restricted
add cpuset support to libcutils bug 21782794 Change-Id: I249531754fb29442dc3c7434d77dbb103f4220a7
2015-06-08 23:56:29 +02:00
chown system system /dev/cpuset/tasks
chown system system /dev/cpuset/foreground/tasks
chown system system /dev/cpuset/background/tasks
Actively mangage EAS schedtune nodes Move foreground tasks to /sys/fs/cgroup/stune/boost/tasks (boosted weight in EAS scheduler). Move background tasks to /sys/fs/cgroup/stune/tasks (default weight). For services started with init, set "foreground" services to boosted. Change-Id: I0e489fad9510727c13e6754dabaf311c2391f395
2015-10-27 00:22:11 +01:00
chown system system /dev/cpuset/system-background/tasks
Enable top-app cpuset support. Allows ActivityManager to use the top-app cpuset to grant the currently focused app exclusive access to a CPU core. Change-Id: I45bca5170477e413dec6e5889338399d0859706c
2016-01-12 01:16:35 +01:00
chown system system /dev/cpuset/top-app/tasks
cutils: add restricted cpuset Bug 78197570 Test: CTS Exempt-From-Owner-Approval: owner OOO, build cop says it's fine Change-Id: I6df972950b75a839caa463ae282ad000b959e8ae
2018-04-13 19:15:49 +02:00
chown system system /dev/cpuset/restricted/tasks
Improve cpuset support for surfaceflinger. SurfaceFlinger needs some of its threads in the system-background cpuset and some of its threads (the binder pool) outside of the system-background cpuset in order to improve UI perf/power consumption. Remove surfaceflinger from the system-background cpuset in init.rc and allow a thread to place itself in the system-background cpuset given enough permissions. bug 25745866 Change-Id: I85f7e41c5439e6ad7cc2d355e51f5dfb3a0c7088
2015-11-10 23:31:09 +01:00
# set system-background to 0775 so SurfaceFlinger can touch it
chmod 0775 /dev/cpuset/system-background
logd: allow logd to write to /dev/cpuset files Required by logd on devices with USE_CPUSETS defined. Make /dev/cpuset/background, /dev/cpuset/foreground and /dev/cpuset/task writeable by system gid. Add logd to system group for writing to cpuset files and to root group to avoid regressions. When dropping privs, also drop supplementary groups. Bug: 22699101 Change-Id: Icc01769b18b5e1f1649623da8325a8bfabc3a3f0
2015-07-24 00:18:36 +02:00
chmod 0664 /dev/cpuset/foreground/tasks
chmod 0664 /dev/cpuset/background/tasks
Actively mangage EAS schedtune nodes Move foreground tasks to /sys/fs/cgroup/stune/boost/tasks (boosted weight in EAS scheduler). Move background tasks to /sys/fs/cgroup/stune/tasks (default weight). For services started with init, set "foreground" services to boosted. Change-Id: I0e489fad9510727c13e6754dabaf311c2391f395
2015-10-27 00:22:11 +01:00
chmod 0664 /dev/cpuset/system-background/tasks
Enable top-app cpuset support. Allows ActivityManager to use the top-app cpuset to grant the currently focused app exclusive access to a CPU core. Change-Id: I45bca5170477e413dec6e5889338399d0859706c
2016-01-12 01:16:35 +01:00
chmod 0664 /dev/cpuset/top-app/tasks
cutils: add restricted cpuset Bug 78197570 Test: CTS Exempt-From-Owner-Approval: owner OOO, build cop says it's fine Change-Id: I6df972950b75a839caa463ae282ad000b959e8ae
2018-04-13 19:15:49 +02:00
chmod 0664 /dev/cpuset/restricted/tasks
logd: allow logd to write to /dev/cpuset files Required by logd on devices with USE_CPUSETS defined. Make /dev/cpuset/background, /dev/cpuset/foreground and /dev/cpuset/task writeable by system gid. Add logd to system group for writing to cpuset files and to root group to avoid regressions. When dropping privs, also drop supplementary groups. Bug: 22699101 Change-Id: Icc01769b18b5e1f1649623da8325a8bfabc3a3f0
2015-07-24 00:18:36 +02:00
chmod 0664 /dev/cpuset/tasks
add cpuset support to libcutils bug 21782794 Change-Id: I249531754fb29442dc3c7434d77dbb103f4220a7
2015-06-08 23:56:29 +02:00
Set /proc/pressure/memory file permissions Change access mode and ownership for /proc/pressure/memory file to allow system components access memory pressure information. Bug: 129476847 Change-Id: I25b6bc9d47aee857936f050b66e7bee6363b53be Signed-off-by: Tim Murray <timmurray@google.com>
2019-02-15 20:51:09 +01:00
# make the PSI monitor accessible to others
chown system system /proc/pressure/memory
chmod 0664 /proc/pressure/memory
add cpuset support to libcutils bug 21782794 Change-Id: I249531754fb29442dc3c7434d77dbb103f4220a7
2015-06-08 23:56:29 +02:00
Make indentation sane in init.rc Change-Id: Ic632fbe1423eeef7ec958877d74db7b87fc385c6
2014-06-19 05:35:40 +02:00
# qtaguid will limit access to specific data based on group memberships.
# net_bw_acct grants impersonation of socket owners.
# net_bw_stats grants access to other apps' detailed tagged-socket stats.
init.rc: setup qtaguid group ownership of ctrl and stat files This will help get rid of android_aid.h in the kernel. The group of the proc entries will be used in place of the default values picked up by the xt_qtaguid netfilter module (AID_NET_BW_STATS, AID_NET_BW_ACCT). This change has no effect until the matching kernel changes are submitted. Change-Id: I3c177e7b5caf9c59300eba6bd4a976634b333674
2013-01-04 23:34:58 +01:00
chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
chown root net_bw_stats /proc/net/xt_qtaguid/stats
Make indentation sane in init.rc Change-Id: Ic632fbe1423eeef7ec958877d74db7b87fc385c6
2014-06-19 05:35:40 +02:00
# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# This is needed by any process that uses socket tagging.
init.rc: allow all users to open the qtaguid misc dev The netfilter xt_qtaguid module uses a misc dev so that processes that use the module can be tracked. Every process that does socket tagging must open that dev. Change-Id: I6af3e0f0180637b14455dd9607724523f142c402
2011-09-12 01:12:27 +02:00
chmod 0644 /dev/xt_qtaguid
Mount eBPF file system and cgroupv2 root directory Mount the eBPF file system under /sys/fs/bpf to allow netd to pin and retrieve persistent eBPF map object from the file system. It helps the system to maintain a consistent eBPF data store when netd crashed and restart. Mount the cgroupv2 module and use the root folder of it to monitor network statistics through eBPF program attached. Test: eBPF map object show up under /sys/fs/bpf after netd start. Bug: 30950746 Change-Id: Ie475112116603798fe75a75c5a84f4bbe5b942ec
2017-10-23 20:57:59 +02:00
chown root root /dev/cg2_bpf
chmod 0600 /dev/cg2_bpf
init.rc: Perform some mounts with nodev,nosuid,noexec This change adds some additional flags to some mounts. This is to reduce the number of mounts with these flags. Bug: 73255020 Test: aosp_sailfish still boots Change-Id: I285e6d7b3dcc19f691a3d6780e7d3a3a5d7cb3de
2018-02-12 20:30:46 +01:00
mount bpf bpf /sys/fs/bpf nodev noexec nosuid
Mount eBPF file system and cgroupv2 root directory Mount the eBPF file system under /sys/fs/bpf to allow netd to pin and retrieve persistent eBPF map object from the file system. It helps the system to maintain a consistent eBPF data store when netd crashed and restart. Mount the cgroupv2 module and use the root folder of it to monitor network statistics through eBPF program attached. Test: eBPF map object show up under /sys/fs/bpf after netd start. Bug: 30950746 Change-Id: Ie475112116603798fe75a75c5a84f4bbe5b942ec
2017-10-23 20:57:59 +02:00
Make indentation sane in init.rc Change-Id: Ic632fbe1423eeef7ec958877d74db7b87fc385c6
2014-06-19 05:35:40 +02:00
# Create location for fs_mgr to store abbreviated output from filesystem
# checker programs.
Create a separate copy of the fsck logs The log_target parameter of android_fork_execvp_ext() is now a bit field, and multiple targets can be set to log to multiple places at the same time. The new target LOG_FILE will log to a file specified by the new parameter file_path. Set LOG_FILE and log to a file in /dev (the only writable filesystem avilable when e2fsck runs) when invoking e2fsck in fs_mgr. Bug: 10021342 Change-Id: I63baf644cc8c3afccc8345df27a74203b44d0400
2013-09-19 02:49:21 +02:00
mkdir /dev/fscklogs 0770 root system
Make indentation sane in init.rc Change-Id: Ic632fbe1423eeef7ec958877d74db7b87fc385c6
2014-06-19 05:35:40 +02:00
# pstore/ramoops previous console log
init.rc: Perform some mounts with nodev,nosuid,noexec This change adds some additional flags to some mounts. This is to reduce the number of mounts with these flags. Bug: 73255020 Test: aosp_sailfish still boots Change-Id: I285e6d7b3dcc19f691a3d6780e7d3a3a5d7cb3de
2018-02-12 20:30:46 +01:00
mount pstore pstore /sys/fs/pstore nodev noexec nosuid
rootdir: access to pstore denied to bootstat Test: boot_reason_test.sh Bug: 110925971 Change-Id: Iba7b7325fe8c9ad18a7f8dbda550d6008400693e
2018-06-29 19:32:11 +02:00
chown system log /sys/fs/pstore
chmod 0550 /sys/fs/pstore
init.rc: mount pstore fs, set console-ramoops permissions Change-Id: I44cb00f9123c6044a03de926b6a616da753bb549
2013-11-22 05:23:54 +01:00
chown system log /sys/fs/pstore/console-ramoops
chmod 0440 /sys/fs/pstore/console-ramoops
init.rc: setup console-ramoops-0 On later kernels /sys/fs/pstore/console-ramoops becomes /sys/fs/pstore/console-ramoops-0 Test: none Bug: 63058217 Change-Id: Ibe1feb39ef9081b1ab2316510674bf181bdc7b0c
2017-06-27 18:32:32 +02:00
chown system log /sys/fs/pstore/console-ramoops-0
chmod 0440 /sys/fs/pstore/console-ramoops-0
rootdir: add pstore /dev/pmsg0 used to record the Android log messages, then on reboot /sys/fs/pstore/pmsg-ramoops-0 provides a means to pull and triage user-space activities leading up to a panic. A companion to the pstore console logs. Change-Id: Id92cacb8a30339ae10b8bf9e5d46bb0bd4a284c4
2014-12-15 16:52:19 +01:00
chown system log /sys/fs/pstore/pmsg-ramoops-0
chmod 0440 /sys/fs/pstore/pmsg-ramoops-0
init.rc: mount pstore fs, set console-ramoops permissions Change-Id: I44cb00f9123c6044a03de926b6a616da753bb549
2013-11-22 05:23:54 +01:00
rootdir: enable armv8_deprecated swp hook The upstream kernel now includes support for emulating legacy AArch32 instructions on ARMv8 devices. By default this framework emulates deprecated instructions but not obsolete instructions. Android requires support for the obsolete SWP and SWPB instructions on all ARM devices, so override this default for the swp emulation hook. Change-Id: I82b9bdb564413ec7c1a101da75a9928aebe1606b Signed-off-by: Greg Hackmann <ghackmann@google.com>
2015-01-26 19:40:29 +01:00
# enable armv8_deprecated instruction hooks
write /proc/sys/abi/swp 1
init.rc: add missing /dev/fd symlink The Linux kernel implicitly expects /dev/fd to symlink to /proc/self/fd. This change fixes the exec/execveat.c kernel selftest. Change-Id: Ia08d50023336fdbfc098527299c326d9d59039a9 Signed-off-by: Greg Hackmann <ghackmann@google.com>
2016-02-01 18:59:44 +01:00
# Linux's execveat() syscall may construct paths containing /dev/fd
# expecting it to point to /proc/self/fd
symlink /proc/self/fd /dev/fd
core/init.rc: Add /data/cache/* directory creation Bug: 28845422 Change-Id: I2abcc67176cf94f34706f8f005a24ef5f70e0494
2016-06-21 21:04:54 +02:00
export DOWNLOAD_CACHE /data/cache
Split fstab mount into 2 phases This will make it possible to start some key services before mounting data partition Bug: 30118894 Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
2016-08-23 20:58:09 +02:00
# set RLIMIT_NICE to allow priorities from 19 to -20
Globally allow up to 32K FDs open per process We've seen crashes due to processes exceeding the current soft limit for open FDs of 1024, mainly due to increases in using FDs for shared memory and gralloc memory objects. There is not a compelling reason to keep this limit artificially low, so we raise it to 32K. This matches my desktop linux limit, so it is with precedent. Bug: 64894637 Test: open 32K FDs in a process without failure then fail after 32K Change-Id: Ibecfc486e9c61f273a432a108893137d2d13a530
2017-08-28 21:53:56 +02:00
setrlimit nice 40 40
# Allow up to 32K FDs per process
setrlimit nofile 32768 32768
Split fstab mount into 2 phases This will make it possible to start some key services before mounting data partition Bug: 30118894 Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
2016-08-23 20:58:09 +02:00
init.rc: enable ledtrig-transient support for vibrator This change makes the init process to always attempts to enable transient trigger for vibrator. This allows the exported properties to change the ownership later at the on boot stage. Test: device vibrates with the driver supports ledtrig-transient Change-Id: If5eb7b7feaefe803f2ead634fbe4fc7b48da84ea Signed-off-by: David Lin <dtwlin@google.com>
2017-03-09 02:36:18 +01:00
# This allows the ledtrig-transient properties to be created here so
# that they can be chown'd to system:system later on boot
write /sys/class/leds/vibrator/trigger "transient"
Writes cpu variant information to dev/ This change adds a command to init.rc to write cpu variant information to a file under dev/ Test: sync to device and make sure corresponding files are created. Change-Id: Ibf90967f13f72af925c82ff79bd973ef4cdc4068
2018-11-04 18:50:05 +01:00
# This is used by Bionic to select optimized routines.
write /dev/cpu_variant:${ro.bionic.arch} ${ro.bionic.cpu_variant}
chmod 0444 /dev/cpu_variant:${ro.bionic.arch}
write /dev/cpu_variant:${ro.bionic.2nd_arch} ${ro.bionic.2nd_cpu_variant}
chmod 0444 /dev/cpu_variant:${ro.bionic.2nd_arch}
charger: Allow to rw /sys/power/[state,wakeup_count] charger needs to suspend the device when the power goes away when it doesn't have root. These two files are marked with group system, user system, mode 0600 in 'on boot', but it is not executed in charger. Hence, move these actions to 'on init'. Test: no failure in libsuspend in charger Bug: 129138950 Change-Id: I787b935b4ff6177601329aeedccdac361b119ca3 Merged-In: I787b935b4ff6177601329aeedccdac361b119ca3
2019-04-08 22:29:07 +02:00
# Allow system processes to read / write power state.
chown system system /sys/power/state
chown system system /sys/power/wakeup_count
chmod 0660 /sys/power/state
Start logd and service managers during the 'init' trigger Now that we mount partitions early, services can be started before the 'fs' trigger. We therefore start the service managers as early as possible to ensure their transports are online, without device specific rc files needing to handle that. We also start logd even one step earlier to ensure that we capture all possible logd. Bug: 89689596 Test: logging works for early services, include the servicemanagers Change-Id: I75dbfcd26eb6fa77f002de10afd00f085c93aa07
2018-10-17 22:14:55 +02:00
# Start logd before any other services run to ensure we capture all of their logs.
start logd
apexd is started much earlier to create loopback devices This change fixes the problem that apexd is delaying the entire boot sequence while waiting for the loopback devices to be created. The delay was as big as 50 ms per a loopback device. With this change, apexd is started much earlier: from "on post-fs-data" to "on init". When it is first started, it scans /system/apex to determine the number of APEXes and creates that number of loopback devices priori. Since then it enters into the binder loop. When the data partition is mounted, init lets apexd to initiate the apexd boot sequence where APEXes in /data is scanned, verified, and activated. Since the creation of the loopback devices were requested far before, it is very likely that dev nodes for the devices are ready at this moment (even if not, this isn't a lose). Bug: 123404717 Bug: 123772265 Test: compare boot times. init_zygote_START_TIME_avg is improved from 2831ms to 2622ms on blueline Change-Id: I12450cee44aa4d17a11def62261c2f82d3f2c718
2019-02-02 11:45:23 +01:00
Start logd and service managers during the 'init' trigger Now that we mount partitions early, services can be started before the 'fs' trigger. We therefore start the service managers as early as possible to ensure their transports are online, without device specific rc files needing to handle that. We also start logd even one step earlier to ensure that we capture all possible logd. Bug: 89689596 Test: logging works for early services, include the servicemanagers Change-Id: I75dbfcd26eb6fa77f002de10afd00f085c93aa07
2018-10-17 22:14:55 +02:00
# Start essential services.
start servicemanager
start hwservicemanager
start vndservicemanager
Add ability to boot from charger mode. Add the ability to boot up directly from charger mode, instead of forcing charger mode to initiate a full restart to launch 'full' android. This should shave a few seconds off of boot time on supported devices (just manta for now). Change-Id: Ieec4494d929e92806e039f834d78b9002afd15c4
2014-06-17 00:06:21 +02:00
# Healthd can trigger a full boot from charger mode by signaling this
# property when the power button is held.
on property:sys.boot_from_charger_mode=1
class_stop charger
trigger late-init
Change init sequence to support file level encryption File level encryption must get the key between mounting userdata and calling post_fs_data when the directories are created. This requires access to keymaster, which in turn is found from a system property. Split property loaded into system and data, and load in right order. Bug: 22233063
2015-07-01 23:40:56 +02:00
on load_persist_props_action
load_persist_props
rootfs: init.rc start logd parse error init: /init.rc: 490: invalid option 'start' Change-Id: Ica985e45d4652dab0ebd434803344f14cc73d834
2015-04-20 17:55:02 +02:00
start logd
init.rc: logd --reinit on changes to persistent properties Bug: 19681572 Change-Id: I3187aa348dae79fa5822ffb7ee9566919a7a04e6
2015-03-11 22:45:05 +01:00
start logd-reinit
Add ability to boot from charger mode. Add the ability to boot up directly from charger mode, instead of forcing charger mode to initiate a full restart to launch 'full' android. This should shave a few seconds off of boot time on supported devices (just manta for now). Change-Id: Ieec4494d929e92806e039f834d78b9002afd15c4
2014-06-17 00:06:21 +02:00
Move unlink("/dev/.booting") until after filesystems are mounted. Move the unlink out of init.c and into init.rc, so that the file will be removed after all the filesystems with firmware are up. Change-Id: Ifdd5dd1e95d7e064dde5c80b70198882d949a710
2014-07-12 00:05:23 +02:00
# Indicate to fw loaders that the relevant mounts are up.
on firmware_mounts_complete
rm /dev/.booting
Add ability to boot from charger mode. Add the ability to boot up directly from charger mode, instead of forcing charger mode to initiate a full restart to launch 'full' android. This should shave a few seconds off of boot time on supported devices (just manta for now). Change-Id: Ieec4494d929e92806e039f834d78b9002afd15c4
2014-06-17 00:06:21 +02:00
# Mount filesystems and start core system services.
on late-init
trigger early-fs
Split fstab mount into 2 phases This will make it possible to start some key services before mounting data partition Bug: 30118894 Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
2016-08-23 20:58:09 +02:00
# Mount fstab in init.{$device}.rc by mount_all command. Optional parameter
# '--early' can be specified to skip entries with 'latemount'.
# /system and /vendor must be mounted by the end of the fs stage,
# while /data is optional.
Add ability to boot from charger mode. Add the ability to boot up directly from charger mode, instead of forcing charger mode to initiate a full restart to launch 'full' android. This should shave a few seconds off of boot time on supported devices (just manta for now). Change-Id: Ieec4494d929e92806e039f834d78b9002afd15c4
2014-06-17 00:06:21 +02:00
trigger fs
trigger post-fs
Split fstab mount into 2 phases This will make it possible to start some key services before mounting data partition Bug: 30118894 Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
2016-08-23 20:58:09 +02:00
# Mount fstab in init.{$device}.rc by mount_all with '--late' parameter
# to only mount entries with 'latemount'. This is needed if '--early' is
# specified in the previous mount_all command on the fs stage.
# With /system mounted and properties form /system + /factory available,
# some services can be started.
trigger late-fs
Change init sequence to support file level encryption File level encryption must get the key between mounting userdata and calling post_fs_data when the directories are created. This requires access to keymaster, which in turn is found from a system property. Split property loaded into system and data, and load in right order. Bug: 22233063
2015-07-01 23:40:56 +02:00
# Now we can mount /data. File encryption requires keymaster to decrypt
Split fstab mount into 2 phases This will make it possible to start some key services before mounting data partition Bug: 30118894 Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
2016-08-23 20:58:09 +02:00
# /data, which in turn can only be loaded when system properties are present.
Change init sequence to support file level encryption File level encryption must get the key between mounting userdata and calling post_fs_data when the directories are created. This requires access to keymaster, which in turn is found from a system property. Split property loaded into system and data, and load in right order. Bug: 22233063
2015-07-01 23:40:56 +02:00
trigger post-fs-data
Split fstab mount into 2 phases This will make it possible to start some key services before mounting data partition Bug: 30118894 Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
2016-08-23 20:58:09 +02:00
# Load persist properties and override properties (if enabled) from /data.
Change init sequence to support file level encryption File level encryption must get the key between mounting userdata and calling post_fs_data when the directories are created. This requires access to keymaster, which in turn is found from a system property. Split property loaded into system and data, and load in right order. Bug: 22233063
2015-07-01 23:40:56 +02:00
trigger load_persist_props_action
Add ability to boot from charger mode. Add the ability to boot up directly from charger mode, instead of forcing charger mode to initiate a full restart to launch 'full' android. This should shave a few seconds off of boot time on supported devices (just manta for now). Change-Id: Ieec4494d929e92806e039f834d78b9002afd15c4
2014-06-17 00:06:21 +02:00
Move zygote start after loading persist properties Currently zygote is started before loading persistent properties which stops ART honor experiment flags planned landed as persistent properties. The original motivation is we would like zygote be started as early as possible and loading persistent properties taking time, but after fix of b/64392887 loading persist properties is now only taking 3ms on P18, 6ms on P16 respectively. Bug: 114044733 Test: Boot Change-Id: Ibc118966e975c741ee8ea47091b14d691692bf2c
2018-09-05 19:12:40 +02:00
# Now we can start zygote for devices with file based encryption
trigger zygote-start
Remove the /dev/.booting file before triggering boot. On mako only, there is a race condition such that core + main services must be started after releasing ueventd (by removing /dev/.booting). bug 16304711 bug 16333352
2014-07-16 05:39:41 +02:00
# Remove a file to wake up anything waiting for firmware.
trigger firmware_mounts_complete
Add ability to boot from charger mode. Add the ability to boot up directly from charger mode, instead of forcing charger mode to initiate a full restart to launch 'full' android. This should shave a few seconds off of boot time on supported devices (just manta for now). Change-Id: Ieec4494d929e92806e039f834d78b9002afd15c4
2014-06-17 00:06:21 +02:00
trigger early-boot
trigger boot
Move filesystem mounting into a new "fs" init level Devices with non-MTD storage need to override the filesystem mounting commands in init.rc. Moving them to a new "fs" init level allows a custom init.<device>.rc to handle the mounting. Change-Id: If0e655139b9734650fb798b6eb0a90e2241fc29b
2010-04-09 21:26:06 +02:00
on post-fs
Call markBootAttempt when serice manager available This causes adds a call the fucntion to decrement the checkpoint's retry count as soon as service manager is available. Test: vdc setCheckpoint 2 then reboot 3 times checking state Bug: 112901762 Change-Id: Ie0a78b1eb05b340718e76175509d1ebefae68017
2018-10-12 00:35:07 +02:00
start vold
exec - system system -- /system/bin/vdc checkpoint markBootAttempt
Revert "Revert "Start hwservicemanager earlier."" This reverts commit 5011270225b7b61cd485cb67f694d15d8570a0e1. Now starting even earlier. Reason for revert: Needed change, reverted b/c broken device. Bug: 36278706 Test: original DOA device boots Test: angler, bullhead, fugu, marlin, ryu Test: all these devices boot with wipe Test: all these devices boot with w/o wipe Test: lshal shows all included services Change-Id: Ic639aedf7834b1bd3a26d23d109727f5559317e9
2017-03-24 17:23:07 +01:00
init.rc: Remount / with MS_REMOUNT|MS_BIND Since we only want to change the ro flag on / (and leave all other mount flags alone), this can also be achieved by passing MS_REMOUNT|MS_BIND, even if the mount is not a bind-mount. This aims to make running Android within a user namespace easier, since remounts without the MS_BIND flag are forbidden. Bug: 73255020 Test: aosp_sailfish still boots Test: rootfs on / type rootfs (rw,seclabel) /dev/root on / type ext4 (ro,seclabel,relatime,data=ordered) Change-Id: I2f89a8badfc467db47304c9355648e8fd8ad1272
2018-02-14 17:36:16 +01:00
# Once everything is setup, no need to modify /.
init.rc: Remount / with MS_REMOUNT|MS_BIND|MS_NODEV / should not have any character/block devices, so might as well pass in the nodev flag. Bug: 73255020 Test: aosp_sailfish still boots Test: sailfish:/ # find / -xdev -a \( -type b -o -type c -o -type p -o -type s \) sailfish:/ # Test: rootfs on / type rootfs (rw,seclabel) /dev/root on / type ext4 (ro,seclabel,nodevrelatime) Change-Id: Ia73e04b53a47506892d9d3cb61b471b81bb72dc3
2018-07-11 17:13:34 +02:00
# The bind+remount combination allows this to work in containers.
mount rootfs rootfs / remount bind ro nodev
Let's reinvent storage, yet again! Now that we're treating storage as a runtime permission, we need to grant read/write access without killing the app. This is really tricky, since we had been using GIDs for access control, and they're set in stone once Zygote drops privileges. The only thing left that can change dynamically is the filesystem itself, so let's do that. This means changing the FUSE daemon to present itself as three different views: /mnt/runtime_default/foo - view for apps with no access /mnt/runtime_read/foo - view for apps with read access /mnt/runtime_write/foo - view for apps with write access There is still a single location for all the backing files, and filesystem permissions are derived the same way for each view, but the file modes are masked off differently for each mountpoint. During Zygote fork, it wires up the appropriate storage access into an isolated mount namespace based on the current app permissions. When the app is granted permissions dynamically at runtime, the system asks vold to jump into the existing mount namespace and bind mount the newly granted access model into place. Bug: 21858077 Change-Id: I5a016f0958a92fd390c02b5ae159f8008bd4f4b7
2015-06-23 23:30:37 +02:00
# Mount default storage into root namespace
Split slave-bind mount into two. mount(2) does not work with MS_BIND | MS_SLAVE at a time. Instead, this CL calls mount twice. Change-Id: I36b2eb2853f19efc2b0677fb07b6822392aac37c
2016-03-09 08:41:50 +01:00
mount none /mnt/runtime/default /storage bind rec
mount none none /storage slave rec
remount / as read-only only on post-fs to allow per-target config of / Change-Id: Ia89dd2021e0f960201b4cee573227f0addd48431
2010-09-09 00:06:45 +02:00
init.rc: restorecon_recursive /sys/kernel/debug If /sys/kernel/debug is present, make sure it has all the appropriate SELinux labels. Labeling of /sys/kernel/debug depends on kernel support added in commit https://android-review.googlesource.com/122130 This patch depends on an external/sepolicy change with the same Change-Id as this patch. Change-Id: Id1d6a9ad6d0759d6de839458890e8cb24685db6d
2015-12-08 01:57:08 +01:00
# Make sure /sys/kernel/debug (if present) is labeled properly
Add flags to restorecon_recursive to traverse filesystems Use to solve the problem of tracefs conditionally being mounted under debugfs and needing restorecon'd without boot performance penalty. Also move skip-ce to a flag for consistency. Test: Check that trace_mount has correct attributes after boot Bug: 32849675 Change-Id: Ib6731f502b6afc393ea5ada96fa95b339f14da49
2016-11-15 00:40:18 +01:00
# Note that tracefs may be mounted under debug, so we need to cross filesystems
restorecon --recursive --cross-filesystems /sys/kernel/debug
Fix selinux warning on tracefs systems restorecon_recursive doesn't traverse filesystem boundaries. On tracefs systems, tracing is a separate filesystem, so restorecon this as well Bug: 30963384 Test: Boot hikey, and check that there are no debugfs_tracing denials in dmesg Change-Id: I24abd3ad80d2cfdab4f64fecee799fc0c24ed238
2016-11-02 22:23:31 +01:00
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
# We chown/chmod /cache again so because mount is run as root + defaults
chown system cache /cache
chmod 0770 /cache
Modify init.rc and init.goldfish.rc for SE Android. Set the security context for the init process. Restore the security contexts of /cache and /data in case they were reset. Specify the security context for services launched from the rootfs since we cannot label their executables. If on the emulator, set a policy boolean and restore the context of /sys/qemu_trace to allow accesses not normally permitted on a device. Change-Id: I166ffc267e8e0543732e7118eb0fd4b031efac3b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-01-13 14:54:34 +01:00
# We restorecon /cache in case the cache partition has been reset.
restorecon_recursive /cache Make sure all files / directories within /cache are properly labeled, not just the directory itself. Addresses the following denial: type=1400 audit(0.0:26): avc: denied { getattr } for comm="Thread-85" path="/cache/lost+found" dev="mmcblk0p27" ino=11 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir Change-Id: I5937b30043efeb696ffaa77258b7294d20d1494e
2014-07-09 21:39:21 +02:00
restorecon_recursive /cache
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
Change pre-recovery into two services /system/bin/uncrypt needs to be triggered to prepare the OTA package before rebooting into the recovery. Separate pre-recovery (uncrypt) into two services: uncrypt that does the uncryption work and pre-recovery that actually reboots the device into recovery. Also create /cache/recovery on post-fs in case it doesn't exist. Bug: 20012567 Bug: 20949086 Change-Id: If67fe1e9ee6279593d2788452febcd3f0fe714c2
2015-05-11 23:08:18 +02:00
# Create /cache/recovery in case it's not there. It'll also fix the odd
# permissions if created by the recovery system.
mkdir /cache/recovery 0770 system cache
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
Have init set up the backup stage dir on /cache Bug 26834865 Change-Id: Idc63c1706f68d42b2a9cee05997c63a9bbcb0fb9
2016-01-29 02:09:42 +01:00
# Backup/restore mechanism uses the cache partition
mkdir /cache/backup_stage 0700 system system
mkdir /cache/backup 0700 system system
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
#change permissions on vmallocinfo so we can grab it from bugreports
chown root log /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo
init.rc: chmod slabinfo to 440 to capture slabinfo in BRs Bug: 7232205 Change-Id: I0d785302818a37b722e79bf740644ede52c60148 Signed-off-by: Dima Zavin <dima@android.com>
2012-09-25 23:22:02 +02:00
chown root log /proc/slabinfo
chmod 0440 /proc/slabinfo
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
chown root system /proc/kmsg
chmod 0440 /proc/kmsg
chown root system /proc/sysrq-trigger
chmod 0220 /proc/sysrq-trigger
init.rc: make last_kmsg readable only by user system and group log chown /proc/last_kmsg to user system group log during init, and chmod it to readable only by user and group. Bug: 6925227 Change-Id: I645b6a2d4fecc01a2bd4b7fa7ed6aae3ef638cb9
2012-08-03 03:14:33 +02:00
chown system log /proc/last_kmsg
chmod 0440 /proc/last_kmsg
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
Enable world-readable selinuxfs policy binary. Change-Id: I1eefb457cea1164a8aa9eeb7683b3d99ee56ca99
2014-03-26 00:31:07 +01:00
# make the selinux kernel policy world-readable
chmod 0444 /sys/fs/selinux/policy
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
# create the lost+found directories, so as to enforce our permissions
init: clean up init.rc as now mkdir handles EEXIST. Change-Id: I3fa2a618ef27197315fc128738a284ac644e86c0
2011-07-09 01:52:18 +02:00
mkdir /cache/lost+found 0770 root root
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
Add option to create metadata mount point Test: booted metadata-encrypted device Bug: 79781913 Change-Id: Ie922db20314c04409c98700bfb1aff3d111275f0
2018-05-17 19:12:34 +02:00
restorecon_recursive /metadata
mkdir /metadata/vold
chmod 0700 /metadata/vold
Create /metadata/password_slots during boot. This directory is used to store the Weaver/GateKeeper slot map so GSIs do not overwrite host keys in secure storage. Bug: 123716647 Test: /metadata/password_slots exists after boot Change-Id: Ib0ca13edec38e68cba1fc2124465571feedc4be7
2019-03-06 07:16:36 +01:00
mkdir /metadata/password_slots 0771 root system
Add option to create metadata mount point Test: booted metadata-encrypted device Bug: 79781913 Change-Id: Ie922db20314c04409c98700bfb1aff3d111275f0
2018-05-17 19:12:34 +02:00
Create /metadata/apex/[sessions]. For storing persistent apex session state. Bug: 126740531 Test: builds Change-Id: Ibf280764977768956b5512b2252d22ceaba31c1e
2019-03-12 22:05:20 +01:00
mkdir /metadata/apex 0700 root system
mkdir /metadata/apex/sessions 0700 root system
Move early_hal start to late-fs trigger action The class early_hal is essentially for the keymaster hal which needs to be up before vold tries to unlock a storage encryption key (FDE or FBE). The current position is too early in the boot process, because on devices with legacy HAL the wrapper service uses system properties to find the legacy HAL. This patch moves the start of the early_hal class to the late-fs trigger action which runs right after the system property action. Test: Manually tested and update tested on bullhead, sailfish, and another device. Bug: 35764921 Change-Id: I34b45b85f8450e9ef18861535fdb2ee963df8c9b
2017-04-06 21:44:59 +02:00
on late-fs
Move chmod of /sys/kernel/debug/tracing to fix tracing. This is a temporary fix, since we're still not sure exactly what the bug is. Bug: 62547086 Test: Built, flashed, and booted Sailfish. Verified that the file has the correct permission and that wifi and atrace work. Change-Id: I43275e974a11754eca274f1b77d15cdd03a3b365 (cherry picked from commit 62962dd5b7a37478da2bad786e084345d366f984)
2017-06-13 19:15:05 +02:00
# Ensure that tracefs has the correct permissions.
# This does not work correctly if it is called in post-fs.
chmod 0755 /sys/kernel/debug/tracing
Move early_hal start to late-fs trigger action The class early_hal is essentially for the keymaster hal which needs to be up before vold tries to unlock a storage encryption key (FDE or FBE). The current position is too early in the boot process, because on devices with legacy HAL the wrapper service uses system properties to find the legacy HAL. This patch moves the start of the early_hal class to the late-fs trigger action which runs right after the system property action. Test: Manually tested and update tested on bullhead, sailfish, and another device. Bug: 35764921 Change-Id: I34b45b85f8450e9ef18861535fdb2ee963df8c9b
2017-04-06 21:44:59 +02:00
# HALs required before storage encryption can get unlocked (FBE/FDE)
class_start early_hal
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
on post-fs-data
Support for stopping/starting post-data-mount class subsets. On devices that use FDE and APEX at the same time, we need to bring up a minimal framework to be able to mount the /data partition. During this period, a tmpfs /data filesystem is created, which doesn't contain any of the updated APEXEs. As a consequence, all those processes will be using the APEXes from the /system partition. This is obviously not desired, as APEXes in /system may be old and/or contain security issues. Additionally, it would create a difference between FBE and FDE devices at runtime. Ideally, we restart all processes that have started after we created the tmpfs /data. We can't (re)start based on class names alone, because some classes (eg 'hal') contain services that are required to start apexd itself and that shouldn't be killed (eg the graphics HAL). To address this, keep track of which processes are started after /data is mounted, with a new 'mark_post_data' keyword. Additionally, create 'class_reset_post_data', which resets all services in the class that were created after the initial /data mount, and 'class_start_post_data', which starts all services in the class that were started after /data was mounted. On a device with FBE, these keywords wouldn't be used; on a device with FDE, we'd use them to bring down the right processes after the user has entered the correct secret, and restart them. Bug: 118485723 Test: manually verified process list Change-Id: I16adb776dacf1dd1feeaff9e60639b99899905eb
2019-04-23 16:26:01 +02:00
mark_post_data
Handle retry count correctly Test: vdc startCheckpoint 2 then reboot 3 times checking state Change-Id: I4eeda7f73d82a7c8b2469571fa558df2fac47354
2018-10-04 17:37:17 +02:00
# Start checkpoint before we touch data
start vold
exec - system system -- /system/bin/vdc checkpoint prepareCheckpoint
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
# We chown/chmod /data again so because mount is run as root + defaults
chown system system /data
chmod 0771 /data
Modify init.rc and init.goldfish.rc for SE Android. Set the security context for the init process. Restore the security contexts of /cache and /data in case they were reset. Specify the security context for services launched from the rootfs since we cannot label their executables. If on the emulator, set a policy boolean and restore the context of /sys/qemu_trace to allow accesses not normally permitted on a device. Change-Id: I166ffc267e8e0543732e7118eb0fd4b031efac3b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-01-13 14:54:34 +01:00
# We restorecon /data in case the userdata partition has been reset.
restorecon /data
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
Start debuggerd as soon as logd is up. Makes debugging early boot crashes easier. Bug: http://b/26918597 Change-Id: I5bb883f1350ea5f7a545cb0e9f1034ecfcf47cdb
2016-02-02 18:15:59 +01:00
# Make sure we have the device encryption key.
Securely encrypt the master key Move all key management into vold Reuse vold's existing key management through the crypto footer to manage the device wide keys. Use ro.crypto.type flag to determine crypto type, which prevents any issues when running in block encrypted mode, as well as speeding up boot in block or no encryption. This is one of four changes to enable this functionality: https://android-review.googlesource.com/#/c/148586/ https://android-review.googlesource.com/#/c/148604/ https://android-review.googlesource.com/#/c/148606/ https://android-review.googlesource.com/#/c/148607/ Bug: 18151196 Change-Id: I6a8a18f43ae837e330e2785bd26c2c306ae1816b
2015-04-29 00:07:10 +02:00
installkey /data
bootchart: fix bootchart can not be triggered problem bootchart uses a file on the data partition to decide if it should collect data for bootchart, but the data partition will be mounted by the mount_all command in the "on fs" section, and it will be only added into the action queue when command "trigger fs" is executed, but that's after the bootchart_init action (late_init). This change makes bootchart_init a builtin command of init, and make it executed as the first command of "on post-fs" section which will be triggered after the "on fs" section. This change also refactors the bootchart code to all be in bootchart.cpp. Change-Id: Ia74aa34ca5b785f51fcffdd383075a549b2a99d9 Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
2014-12-05 06:45:02 +01:00
# Start bootcharting as soon as possible after the data partition is
# mounted to collect more data.
mkdir /data/bootchart 0755 shell shell
Improve init bootcharting. Most notably, there's no longer any need to guess an end time. Bug: http://b/23478578 Bug: http://b/33450491 Test: rebooted with bootcharting on/off Change-Id: Icb7d6859581da5526d77dfc5aa4d57c9bfbfd7e2
2016-11-11 02:43:47 +01:00
bootchart start
bootchart: fix bootchart can not be triggered problem bootchart uses a file on the data partition to decide if it should collect data for bootchart, but the data partition will be mounted by the mount_all command in the "on fs" section, and it will be only added into the action queue when command "trigger fs" is executed, but that's after the bootchart_init action (late_init). This change makes bootchart_init a builtin command of init, and make it executed as the first command of "on post-fs" section which will be triggered after the "on fs" section. This change also refactors the bootchart code to all be in bootchart.cpp. Change-Id: Ia74aa34ca5b785f51fcffdd383075a549b2a99d9 Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
2014-12-05 06:45:02 +01:00
Init: Load fsverity keys earlier Keys may be required for apex updates (post-installs), so load them before starting apexd. Bug: 125474642 Test: m Test: manual Change-Id: I32ddb6ae6854334e8ee7e195173ecfaed565d783
2019-03-15 22:22:04 +01:00
# Load fsverity keys. This needs to happen before apexd, as post-install of
# APEXes may rely on keys.
Initialize fs-verity keys in shell script This gives us two benefits: - Better compatibility to keyctl(1), which doesn't have "dadd" - Pave the way to specify key's security labels, since keyctl(1) doesn't support, and we want to avoid adding incompatible option. Test: See keys loaded in /proc/keys Bug: 128607724 Change-Id: Ia45f6e9dea80d037c0820cf1fd2bc9d7c8bb6302
2019-03-20 23:52:45 +01:00
exec -- /system/bin/fsverity_init
Init: Load fsverity keys earlier Keys may be required for apex updates (post-installs), so load them before starting apexd. Bug: 125474642 Test: m Test: manual Change-Id: I32ddb6ae6854334e8ee7e195173ecfaed565d783
2019-03-15 22:22:04 +01:00
Activate system APEXes early Summary: Boot sequence around apexd is changed to make it possible for pre-apexd processes to use libraries from APEXes. They no longer need to wait for the apexd to finish activating APEXes, which again can be done only after /data/ is mounted. This improves overall boot performance. Detail: This change fixes the problem that processes that are started before apexd (so called pre-apexd processes) can't access libraries that are provided only by the APEXes but are not found in the system partition (e.g. libdexfile_external.so, etc.). Main idea is to activate system APEXes (/system/apex/*.apex) before /data is mounted and then activate the updated APEXes (/data/apex/*.apex) after the /data mount. Detailed boot sequence is as follows. 1) init prepares the bootstrap and default mount namespaces. A tmpfs is mounted on /apex and the propagation type of the mountpoint is set to private. 2) before any other process is started, apexd is started in bootstrap mode. When executed in the mode, apexd only activates APEXes under /system/apex. Note that APEXes activated in this phase are mounted in the bootstrap mount namespace only. 3) other pre-apexd processes are started. They are in the bootstrap mount namespace and thus are provided with the libraries from the system APEXes. 4) /data is mounted. init switches into the default mount namespace and starts apexd as a daemon as usual. 5) apexd scans both /data/apex and /system/apex, and activate latest APEXes from the directories. Note that APEXes activated in this phase are mounted in the default namespaces only and thus are not visible to the pre-apexd processes. Bug: 125549215 Test: m; device boots Change-Id: I21c60d0ebe188fa4f24d6e6861f85ca204843069
2019-02-22 14:15:25 +01:00
# Make sure that apexd is started in the default namespace
enter_default_mount_ns
# /data/apex is now available. Start apexd to scan and activate APEXes.
mkdir /data/apex 0750 root system
mkdir /data/apex/active 0750 root system
mkdir /data/apex/backup 0700 root system
mkdir /data/apex/sessions 0700 root system
Rename data/pkg_staging to data/app-staging. Test: atest apex_e2e_tests Bug: 126330086 Change-Id: Ic5729d60046e8825a2a94e3c3483ea8232a69ed2 Merged-In: Ic5729d60046e8825a2a94e3c3483ea8232a69ed2
2019-02-27 13:04:47 +01:00
mkdir /data/app-staging 0750 system system
Activate system APEXes early Summary: Boot sequence around apexd is changed to make it possible for pre-apexd processes to use libraries from APEXes. They no longer need to wait for the apexd to finish activating APEXes, which again can be done only after /data/ is mounted. This improves overall boot performance. Detail: This change fixes the problem that processes that are started before apexd (so called pre-apexd processes) can't access libraries that are provided only by the APEXes but are not found in the system partition (e.g. libdexfile_external.so, etc.). Main idea is to activate system APEXes (/system/apex/*.apex) before /data is mounted and then activate the updated APEXes (/data/apex/*.apex) after the /data mount. Detailed boot sequence is as follows. 1) init prepares the bootstrap and default mount namespaces. A tmpfs is mounted on /apex and the propagation type of the mountpoint is set to private. 2) before any other process is started, apexd is started in bootstrap mode. When executed in the mode, apexd only activates APEXes under /system/apex. Note that APEXes activated in this phase are mounted in the bootstrap mount namespace only. 3) other pre-apexd processes are started. They are in the bootstrap mount namespace and thus are provided with the libraries from the system APEXes. 4) /data is mounted. init switches into the default mount namespace and starts apexd as a daemon as usual. 5) apexd scans both /data/apex and /system/apex, and activate latest APEXes from the directories. Note that APEXes activated in this phase are mounted in the default namespaces only and thus are not visible to the pre-apexd processes. Bug: 125549215 Test: m; device boots Change-Id: I21c60d0ebe188fa4f24d6e6861f85ca204843069
2019-02-22 14:15:25 +01:00
start apexd
init: start apexd as early as we can. apexd needs to run right after mounting /data. Bug: 112455435 Test: apexd is running Change-Id: I71c834bcaf26a3133aef57bb1d1953010a6d137c
2018-08-17 13:52:25 +02:00
Initialize /dev/urandom earlier in boot. It's a security best practice to carry entropy across reboots. (see "man 4 random"). Currently, entropy saving and mixing occur in the system_server, via the EntropyMixer code. Unfortunately, the EntropyMixer code runs fairly late in the boot process, which means early boot doesn't have high quality entropy. This has caused security problems in the past. Load entropy data as soon as we can in the early boot process, so that we can get /dev/random / /dev/urandom into a "random" state earlier. Bug: 9983133 Change-Id: Id4a6f39e9060f30fe7497bd8f8085a9bec851e80
2013-09-18 01:18:23 +02:00
# Avoid predictable entropy pool. Carry over entropy from previous boot.
copy /data/system/entropy.dat /dev/urandom
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
# create basic filesystem structure
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
mkdir /data/misc 01771 system misc
rootdir: record last build signature and kernel version Rotate /default.prop and /proc/version into /data/misc/recovery/ as an aid in determining the vintage of the LAST_LOGCAT and LAST_DMESG in the bugreport collection. Signed-off-by: Mark Salyzyn <salyzyn@google.com> Test: manually confirm content rotation through reboots Bug: 62793047 Change-Id: Ibbe546c76041f20e308e58e5548939afac75db97
2017-07-14 19:37:57 +02:00
mkdir /data/misc/recovery 0770 system log
rootdir: record last build fingerprint We can't copy /default.prop so just write the value of $(ro.build.fingerprint) to /data/misc/recovery/ro.build.fingerprint and rotate it after reboot instead. Bug: 62793047 Test: manual - reboot phone and check /data/misc/recovery Change-Id: I130a4b7a01d9e1bfe9baecde2781626eb72e768b
2017-07-26 22:18:15 +02:00
copy /data/misc/recovery/ro.build.fingerprint /data/misc/recovery/ro.build.fingerprint.1
chmod 0440 /data/misc/recovery/ro.build.fingerprint.1
chown system log /data/misc/recovery/ro.build.fingerprint.1
write /data/misc/recovery/ro.build.fingerprint ${ro.build.fingerprint}
chmod 0440 /data/misc/recovery/ro.build.fingerprint
chown system log /data/misc/recovery/ro.build.fingerprint
rootdir: record last build signature and kernel version Rotate /default.prop and /proc/version into /data/misc/recovery/ as an aid in determining the vintage of the LAST_LOGCAT and LAST_DMESG in the bugreport collection. Signed-off-by: Mark Salyzyn <salyzyn@google.com> Test: manually confirm content rotation through reboots Bug: 62793047 Change-Id: Ibbe546c76041f20e308e58e5548939afac75db97
2017-07-14 19:37:57 +02:00
mkdir /data/misc/recovery/proc 0770 system log
copy /data/misc/recovery/proc/version /data/misc/recovery/proc/version.1
chmod 0440 /data/misc/recovery/proc/version.1
chown system log /data/misc/recovery/proc/version.1
copy /proc/version /data/misc/recovery/proc/version
chmod 0440 /data/misc/recovery/proc/version
chown system log /data/misc/recovery/proc/version
Remove net_bt_stack group and replace it with bluetooth Bug: 31549206 Change-Id: I667963e5f9fd1a5dc9ad74378b318e3b782e6883
2016-09-20 20:52:14 +02:00
mkdir /data/misc/bluedroid 02770 bluetooth bluetooth
Fix the file permissions of /data/misc/bluedroid/bt_config.conf Fix the file access permissions and group ownership of "/data/misc/bluedroid/bt_config.conf" so the file can be reused when switching users on the device. For that purpose, we need to do the following: 1. Set the set-group-ID (bit 02000) flag for directory "/data/misc/bluedroid" so the files created in that directory will have group-id of "net_bt_stack" . 2. Change the file's permissions of file "/data/misc/bluedroid/bt_config.conf" to Read/Write by User and Group. Bug: 21493919 Change-Id: Ie00ab4695198ef2aa299b484ef9d4f17bd41b98a
2015-06-20 04:12:46 +02:00
# Fix the access permissions and group ownership for 'bt_config.conf'
chmod 0660 /data/misc/bluedroid/bt_config.conf
Remove net_bt_stack group and replace it with bluetooth Bug: 31549206 Change-Id: I667963e5f9fd1a5dc9ad74378b318e3b782e6883
2016-09-20 20:52:14 +02:00
chown bluetooth bluetooth /data/misc/bluedroid/bt_config.conf
mkdir /data/misc/bluetooth 0770 bluetooth bluetooth
mkdir /data/misc/bluetooth/logs 0770 bluetooth bluetooth
init.rc: specify keystore directory and fix permissions.
2009-09-18 04:35:26 +02:00
mkdir /data/misc/keystore 0700 keystore keystore
Implement SID API Change-Id: Id11632a6b4b9cab6f08f97026dd65fdf49a46491
2015-04-16 22:16:24 +02:00
mkdir /data/misc/gatekeeper 0700 system system
Revert "Add keychain user" This reverts commit 6541ef1562ccf93e498d653598330a7fc80ad2b2. Bug:4970237 Change-Id: I23a90eb89c1d19893d2ba7065fc624c0521cb06e
2011-07-01 07:50:29 +02:00
mkdir /data/misc/keychain 0771 system system
Create a data directory for netd and other network-related files. Allows the 'shell' group (which is what dumpstate uses) to read the files in this directory. Change-Id: I69deb1a64d5d6647470823405bf0cc55b24b22de
2014-07-08 07:09:54 +02:00
mkdir /data/misc/net 0750 root shell
Add writable data space for radio. Storing carrier provisioning urls updates in /data/misc/radio. bug:9623159 Change-Id: I8d62d4638229733dea0f11f1729c4d22ae2295d1 I36697ed341353b7a3dbec5afe20241102e76f6f1
2013-07-16 18:46:17 +02:00
mkdir /data/misc/radio 0770 system radio
Add writable data space for radio. Storing Premium SMS regex's in /data/misc/sms. bug:7221402 Change-Id: Ica8ba7be8aa5321f3e6ed820a0dddc01f77d2cfb
2012-09-27 01:04:27 +02:00
mkdir /data/misc/sms 0770 system radio
a new folder to store OTA carrier id update Bug:64131637 Test: Build Change-Id: I0ce4322f297bab427d70aed3c329345c899786bb (cherry picked from commit 45713ff62159c90e1627af0eb970641ad33dade2)
2017-11-21 21:31:57 +01:00
mkdir /data/misc/carrierid 0770 system radio
Add a new directory to store downloaded apns downloaded apns-conf.xml will be stored in the folder /data/misc/apns/ to make sure TelephonyProvider gets access. Bug: 79948106 Test: Manual Change-Id: I4ba0596fa6523c0eb96328dbe46ead02587bd9b8
2018-05-21 16:53:00 +02:00
mkdir /data/misc/apns 0770 system radio
Add a directory for tzdata updates. Bug: 7012465 Change-Id: I7e2c9965a4bcad125ca4fb788b842bd114b5619c
2012-10-20 03:10:05 +02:00
mkdir /data/misc/zoneinfo 0775 system system
Create Network Watchlist data folder for ConfigUpdater Bug: 63908748 Test: Able to boot Change-Id: I8db6b5706cce17a60e2a7db9be80020f8681531d
2017-10-27 17:35:35 +02:00
mkdir /data/misc/network_watchlist 0774 system system
Initialize textclassifier model update directory Test: Builds successfully. Directory is initialized on install. Tests pass. bit FrameworksCoreTests:android.view.textclassifier.TextClassificationManagerTest Bug: 34780396 Merged-In: Icbf7962f11b66579931f48053132da6e03e62c61 Change-Id: Icbf7962f11b66579931f48053132da6e03e62c61
2017-04-27 19:46:59 +02:00
mkdir /data/misc/textclassifier 0771 system system
init: update permissions for VPN. VPN no longer uses system properties to keep network parameters. Besides, profiles are now stored and encrypted by keystore. Change-Id: I7575f04f350b7d8d5ba7008eb874a72180d057e8
2011-07-09 05:03:03 +02:00
mkdir /data/misc/vpn 0770 system vpn
Add UID and directory for RELRO sharing support. Define a UID to be used by the process responsible for creating shared RELRO files for the WebView native library, and create a directory owned by that UID to use to store the files. Bug: 13005501 Change-Id: I5bbb1e1035405e5534b2681f554fe16f74e3da1a
2014-05-22 19:40:21 +02:00
mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
Apps on SD project. Small change to support apps on SD file system key storage.
2010-01-06 22:18:12 +01:00
mkdir /data/misc/systemkeys 0700 system system
init.rc: Fix commands for allowing the system_server to access wpa_supplicant.conf The touch command does not exist, and the chown commands are unnecessary because the system_server is in the WIFI group. Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-07-09 00:42:08 +02:00
mkdir /data/misc/wifi 0770 wifi wifi
Move creation of /data/misc/wifi and /data/misc/dhcp to main init.rc file. mkdir /data/misc/wifi subdirectories and /data/misc/dhcp is performed in the various device-specific init*.rc files but seems generic. Move it to the main init.rc file. Drop the separate chown for /data/misc/dhcp as this is handled by mkdir built-in if the directory already exists. Add a restorecon_recursive /data/misc/wifi/sockets. Change-Id: I51b09c5e40946673a38732ea9f601b2d047d3b62 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-01-29 19:53:03 +01:00
mkdir /data/misc/wifi/sockets 0770 wifi wifi
mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
Support static IP config on Ethernet Bug: 7606609 Bug: 8687763 Change-Id: I1d76b5783e8511a8e3f5d981e6b4b9fb4fbecdf4
2014-03-10 09:13:07 +01:00
mkdir /data/misc/ethernet 0770 system system
Move creation of /data/misc/wifi and /data/misc/dhcp to main init.rc file. mkdir /data/misc/wifi subdirectories and /data/misc/dhcp is performed in the various device-specific init*.rc files but seems generic. Move it to the main init.rc file. Drop the separate chown for /data/misc/dhcp as this is handled by mkdir built-in if the directory already exists. Add a restorecon_recursive /data/misc/wifi/sockets. Change-Id: I51b09c5e40946673a38732ea9f601b2d047d3b62 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-01-29 19:53:03 +01:00
mkdir /data/misc/dhcp 0770 dhcp dhcp
Create world-searchable /data/misc/user directory installd will create a separate subdirectory for each user. Change-Id: I95ec09169ea70f35443bbb3209237611e174ca29
2014-04-25 16:21:35 +02:00
mkdir /data/misc/user 0771 root root
Add /data/misc/perfprofd to store perf profile. BUG: 19483574 (cherry picked from commit 30c401fa92f5a32a9a41024d9d1daddd1bc37ea5) Change-Id: Ibf96db9f7e5db625b395db20b73572acc240b1f9
2015-05-06 00:05:39 +02:00
mkdir /data/misc/perfprofd 0775 root root
Move creation of /data/misc/wifi and /data/misc/dhcp to main init.rc file. mkdir /data/misc/wifi subdirectories and /data/misc/dhcp is performed in the various device-specific init*.rc files but seems generic. Move it to the main init.rc file. Drop the separate chown for /data/misc/dhcp as this is handled by mkdir built-in if the directory already exists. Add a restorecon_recursive /data/misc/wifi/sockets. Change-Id: I51b09c5e40946673a38732ea9f601b2d047d3b62 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-01-29 19:53:03 +01:00
# give system access to wpa_supplicant.conf for backup and restore
Set the permissions of wifi supplicant file so that system can access it. Create the required directories and set the correct owner and permissions.
2009-07-02 21:08:13 +02:00
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
init.rc: update the permission of /data/local. Bug: 6131945 Change-Id: I3094a471dcfb02b786f47b6778c8fed3726325ec
2012-03-07 23:52:10 +01:00
mkdir /data/local 0751 root root
Add directory for mediaserver Bug: 8223560 Change-Id: Iccc6d439a848445cac0f5b30d1d663aed3f5344e
2013-02-22 23:54:45 +01:00
mkdir /data/misc/media 0700 media media
Restore audio tee sink Bug: 27323882 Change-Id: I1131c0537942c8f7cbf9ff6cc6847ab7e93e6187
2016-02-24 00:23:46 +01:00
mkdir /data/misc/audioserver 0700 audioserver audioserver
mkdir /data/misc/cameraserver for AVD's camera HALs cameraserver from nyc uses cameraserver as its username. thus this change is needed for AVD (android virtual device)'s camera HAL which is attached to cameraserver to work as that HAL writes some files to /data/misc/media. the backward compatibility issue should be handled as separate changes. this approach is preferred for finer-grained security isolation. Change-Id: If028667d62df8fcac634ff1001759c39703b00dd
2016-03-01 21:45:27 +01:00
mkdir /data/misc/cameraserver 0700 cameraserver cameraserver
Restore creation of /data/misc/vold erroneously rolled back Rollback commit: 9f403450bcce9ef0ef99ff58b65eb3b1eedc6979 Bug: 19704432 Change-Id: I1a73a2e1d3f4d5441df4d686d420d3a79b3e95bc
2015-06-03 14:33:43 +02:00
mkdir /data/misc/vold 0700 root root
Introduce a mechanism to trace boot sequence. This CL adds a trigger and a service so that Systrace can be used for tracing events during boot. persist.debug.atrace.boottrace property is used for switching on and off tracing during boot. /data/misc/boottrace/categories file is used for specifying the categories to be traced. These property and file are rewritten by Systrace when the newly added option --boot is specified. Here is an example of tracing events of am and wm catetories during boot. $ external/chromium-trace/systrace am wm --boot This command will cause the device to reboot. Once the device has booted up, the trace report is created by hitting Ctrl+C. As written in readme.txt, this mechanism relies on persistent property, so tracing events that are emitted before that are not recorded. This is enough for tracing events after zygote is launched though. This only works on userdebug or eng build for security reason. BUG: 21739901 Change-Id: I03f2963d77a678f47eab5e3e29fc7e91bc9ca3a4
2015-06-15 11:49:35 +02:00
mkdir /data/misc/boottrace 0771 system shell
init.rc: mkdir /data/misc/update_engine 0700 root root Ensure that /data/misc/update_engine exists since it will be referenced by selinux policy. Bug: 23186405 Change-Id: I96e4ff341086da6474ef7f7c934f1f35bffc1439
2015-10-07 20:00:55 +02:00
mkdir /data/misc/update_engine 0700 root root
Create a new directory on boot for update_engine logs Partners require to access update_engine's logs on the file system with non-root permission. Bug: 65568605 Test: directory created with the correct permission on boot Change-Id: I1c1fb4acb8b0f2e7352ffa9e7d05a864940b5986
2017-11-03 18:59:36 +01:00
mkdir /data/misc/update_engine_log 02750 root log
Create a folder to store method traces activated with -Xmethod-trace Bug: 25612377 Change-Id: I370b858594ccc88c12099b23a0d1aac22acd4969
2015-11-10 20:16:43 +01:00
mkdir /data/misc/trace 0700 root root
Create location to store surface and window trace files on init Bug: 64831661 Test: adb shell su root rm /data/misc/wmtrace && adb reboot && adb shell su ls /data/misc/wmtrace Change-Id: I60979c26a9226534df534abd3d59df309f6ea6ad
2017-11-27 18:54:31 +01:00
# create location to store surface and window trace files
mkdir /data/misc/wmtrace 0700 system system
Create profiles folders Current profiles (the ones which have not been used for compilation) are stored in /data/misc/profiles/cur/0/pkgname/. Reference profiles (the merged of all user profiles, used for compilation) are stored in /data/misc/profiles/ref/pkgname/. Add a method to get the shared app gid from an uid or appid. Bug: 26719109 Bug: 26563023 Change-Id: I89601d7dbeb3041df882c141a9127dac200a645e
2016-02-01 20:27:01 +01:00
# profile file layout
mkdir /data/misc/profiles 0771 system system
mkdir /data/misc/profiles/cur 0771 system system
mkdir /data/misc/profiles/ref 0771 system system
add /data/misc/profman for output Bug: 28748264 Change-Id: Ib57ccc570de446e03ea8c27ce8e404929138b213
2016-05-28 23:10:38 +02:00
mkdir /data/misc/profman 0770 system shell
Add global GCOV_PREFIX option. When native coverage is enabled, add a global GCOV_PREFIX environment variable specifying that gcda files be output with path prefix /data/local/tmp. Bug: 35635587 Test: make NATIVE_COVERAGE=true; check init.environ.rc Change-Id: I40972aea3ca3168d0687bdc93e9d4b7b3a1071b9
2017-02-22 02:27:02 +01:00
mkdir /data/misc/gcov 0770 root root
Set security context of /adb_keys and /data/misc/adb/adb_keys. I97b3d86a69681330bba549491a2fb39df6cf20ef introduced a separate type for the adb_keys file. Set the security context of the adb_keys file accordingly by adding restorecon commands to init.rc. Change-Id: I30e4d2a1ae223a03eadee58a883c79932fff59fe Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-01 15:21:47 +02:00
Create /data/preloads on post-fs-data This directory is used for preloads that are typically placed in the system_other image and copied to /data on first boot if the cppreopts script is installed. Bug: 80508492 Test: make Change-Id: I4121b07ee2fc96d533075d1907557de7e4be4ee0
2018-10-24 16:29:16 +02:00
mkdir /data/preloads 0775 system system
Create dir in /data for vendor customization Vendor owns /data/vendor. HAL data must go in /data/vendor/hardware/. Bug: 34980020 Test: build and boot AOSP Marlin. Observe /data/vendor and /data/vendor/hardware exist and are empty. Change-Id: I6fe96e3c76a10a5eb480ba10e10d4d006de56c12
2017-03-23 17:23:50 +01:00
mkdir /data/vendor 0771 root root
Fingerprint data is now stored in one of two ways depending on the shipping API version: For devices shipped before Android P nothing changes, data is stored under /data/system/users/<user-id>/fpdata/... Devices shipped from now on will instead store fingerprint data under /data/vendor_de/<user-id>/fpdata. Support for /data/vendor_de and /data/vendor_ce has been added to vold. Bug: 36997597 Change-Id: I83f87e88d1731e515b459a3d6d5bf3104afe6cfe Test: manually
2018-01-22 21:14:51 +01:00
mkdir /data/vendor_ce 0771 root root
mkdir /data/vendor_de 0771 root root
Create dir in /data for vendor customization Vendor owns /data/vendor. HAL data must go in /data/vendor/hardware/. Bug: 34980020 Test: build and boot AOSP Marlin. Observe /data/vendor and /data/vendor/hardware exist and are empty. Change-Id: I6fe96e3c76a10a5eb480ba10e10d4d006de56c12
2017-03-23 17:23:50 +01:00
mkdir /data/vendor/hardware 0771 root root
init.rc: Add documentation Android developers should never place files in /data/local/tmp. Files or directories in /data/local/tmp can be minipulated by the shell user. Android developers should never create world-writable files or directories. This is a common source of security vulnerabilities. Change-Id: I6d2cd620ab49d8ca3f39282f7d2ed682a9ba91c3
2012-03-14 23:22:54 +01:00
# For security reasons, /data/local/tmp should always be empty.
# Do not place files or directories in /data/local/tmp
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
mkdir /data/local/tmp 0771 shell shell
Adding /data/local/traces for traceur app Traceur app is being split out of shell user. Previously it logged to shell's bugreports directory. It no longer has access, so it needs a new, user-friendly file location to store trace data. Bug:68126425 Test: Traceur can write and shell can read from this directory Change-Id: I9e344973fd43eb5699f7a848524e20b06458fb77
2018-01-18 23:23:51 +01:00
mkdir /data/local/traces 0777 shell shell
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system
Create new ephemeral app directory Bug: 25119046 Change-Id: Ie005430700a73ef1ba492dae4101419a41da4071
2015-11-24 00:24:13 +01:00
mkdir /data/app-ephemeral 0771 system system
Add directory for forward locked apps in ASECs Forward locked apps on internal storage will be stored in ASEC containers using ext4. This way permissions can be preserved whether on internal or external storage. Change-Id: I942f8f0743c210330a11e2b1d0204df7a5ddb2ae
2012-04-13 00:01:52 +02:00
mkdir /data/app-asec 0700 root root
Add /data/app-lib for native library sharing Change-Id: I7419676d987178fd2422c50d74f966e27af9f62e
2012-09-09 07:39:25 +02:00
mkdir /data/app-lib 0771 system system
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
mkdir /data/app 0771 system system
mkdir /data/property 0700 root root
ensure /data/tombstones exists on all Android devices /data/tombstones is referenced by core platform code, but is not guaranteed to exist on all Android devices. Move the directory creation out of device specific files and into the core init.rc file. Bug: https://code.google.com/p/android/issues/detail?id=93207 Change-Id: I94ae5199a6a32c4fe555ca994fc4a8345e0c9690
2015-01-31 02:38:06 +01:00
mkdir /data/tombstones 0771 system system
Firmware dump create directory Setting up infanstructure for vendor tombstone in dir: /data/vendor/tombstones Wifi specific dumps will go into: /data/vendor/tombstones/wifi Bug: 70170285 Test: compile, run on device. Change-Id: Ie16dd8236d9b5df19adb9818b4c62ce01e0d0b10
2017-12-18 20:26:06 +01:00
mkdir /data/vendor/tombstones 0771 root root
mkdir /data/vendor/tombstones/wifi 0771 wifi wifi
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
init: clean up init.rc as now mkdir handles EEXIST. Change-Id: I3fa2a618ef27197315fc128738a284ac644e86c0
2011-07-09 01:52:18 +02:00
# create dalvik-cache, so as to enforce our permissions
Change /dalvik-cache to be owned by root. Bug: 16875245 Change-Id: I29a70215a2207bc4e0db02ab751d32a68edf4b66
2014-08-28 00:40:05 +02:00
mkdir /data/dalvik-cache 0771 root root
Init: add OTA directory Add /data/ota in init so that the right selinux labels are applied. Bug: 25612095 Change-Id: I8fd093147f8e0a5c3bd1a4007a61b0b759911cf2
2015-12-08 18:33:07 +01:00
# create the A/B OTA directory, so as to enforce our permissions
mkdir /data/ota 0771 root root
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
Create /data/ota_package for OTA packages. We will store OTA packages there for both A/B and non-A/B OTAs. The directory will be accessed by GMSCore (for both), uncrypt (non-A/B), update_engine (A/B), update_verifier (A/B) and possibly system server (for non-A/B OTAs to clean up half-way uncrypt'd packages). Bug: 28944800 Change-Id: I5aa8156ec5052bd15dfadd4d8c28925d464e4401
2016-05-26 01:41:08 +02:00
# create the OTA package directory. It will be accessed by GmsCore (cache
# group), update_engine and update_verifier.
mkdir /data/ota_package 0770 system cache
Create world readable, system writeable /data/resource-cache. /data/resource-cache is used to store idmap files. Change-Id: I9b1dbc8d607333b71c05f55a4a402ae92193c36c
2011-05-30 10:24:54 +02:00
# create resource-cache and double-check the perms
mkdir /data/resource-cache 0771 system system
chown system system /data/resource-cache
chmod 0771 /data/resource-cache
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
# create the lost+found directories, so as to enforce our permissions
init: clean up init.rc as now mkdir handles EEXIST. Change-Id: I3fa2a618ef27197315fc128738a284ac644e86c0
2011-07-09 01:52:18 +02:00
mkdir /data/lost+found 0770 root root
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
Close a security hole - do not give world readable/writable access to /data/drm o related-to-bug: 5834297 Change-Id: I8e459610b4f69999be37364c2359b2bac82d4a2a
2012-01-07 00:19:26 +01:00
# create directory for DRM plug-ins - give drm the read/write access to
# the following directory.
mkdir /data/drm 0770 drm drm
- Add drm and drmio service - Add /data/drm directory for storing DRM related data Change-Id: Ifd8922a3de109dbf5cd3f9cabbf4e5689b16c1d7
2010-07-27 01:38:35 +02:00
Add a new group for MediaDrm engine plugins bug: 8702754 Change-Id: I3b7988b64b1dcf4685624e4c1af938e132b82696
2013-04-24 04:54:17 +02:00
# create directory for MediaDrm plug-ins - give drm the read/write access to
# the following directory.
mkdir /data/mediadrm 0770 mediadrm mediadrm
init.rc: mkdir /data/anr 0775 system system Ensure that /data/anr always exists. This allows us to eliminate some code in system_server and dumpstate. In addition, this change solves a common problem where people would create the directory manually but fail to set the SELinux label, which would cause subsequent failures when they used the directory for ANRs. Bug: 22385254 Change-Id: I29eb3deb21a0504aed07570fee3c2f87e41f53a0
2015-07-26 06:06:20 +02:00
mkdir /data/anr 0775 system system
Ensure /data/adb exists Ensure that /data/adb always exists. This directory is used for writing adb debugging information when persist.adb.trace_mask is set. Bug: https://code.google.com/p/android/issues/detail?id=72895 Change-Id: I9cee2a0202417ff72a5ede7742e25877f51732dd
2014-10-21 06:53:56 +02:00
Move mkdir /data/nfc/... to rootdir init.rc These are directories used by the system so they should be created by the system. Test: treehugger Change-Id: I2a721ef7871c8842fa912497f5ec6988fcec9e58
2017-11-21 19:40:25 +01:00
# NFC: create data/nfc for nv storage
mkdir /data/nfc 0770 nfc nfc
mkdir /data/nfc/param 0770 nfc nfc
Revert "Revert "Adding e4crypt support"" Fix build break caused by original change This reverts commit 84b0bab58fcc7f225e9a17a15c531b0c2fc509c5. (cherry picked from commit bbb4c85bdcc9a1bce315ed9d61a228bb1b992a1c) Change-Id: If0ead0f2656b69f33f72c64b03a05784455a4143
2015-03-26 16:49:42 +01:00
# Create all remaining /data root dirs so that they are made through init
# and get proper encryption policy installed
mkdir /data/backup 0700 system system
mkdir /data/ss 0700 system system
Create some new encryption paths. Bug: 22358539 Change-Id: I2e7533cd3dbd18e9ae115f611c5714b0c7ba4917
2015-11-10 02:07:35 +01:00
Revert "Revert "Adding e4crypt support"" Fix build break caused by original change This reverts commit 84b0bab58fcc7f225e9a17a15c531b0c2fc509c5. (cherry picked from commit bbb4c85bdcc9a1bce315ed9d61a228bb1b992a1c) Change-Id: If0ead0f2656b69f33f72c64b03a05784455a4143
2015-03-26 16:49:42 +01:00
mkdir /data/system 0775 system system
init.rc: create /data/system/dropbox Ensure dropbox has the new dropbox_data_file label. Bug: 31681871 Test: ls -dZ /data/system/dropbox u:object_r:dropbox_data_file:s0 /data/system/dropbox Change-Id: Ia67646f4a789155e20650c33fe4412cae7f930d2
2018-04-17 01:04:38 +02:00
mkdir /data/system/dropbox 0700 system system
Create /data/system/heapdump for system_server Bug: 20073185 Change-Id: I6fd83d33da33d048fdd6b07fa1f675ecb4f4eb2c
2015-04-08 01:44:08 +02:00
mkdir /data/system/heapdump 0700 system system
Create legacy /data/system/user directory. We create per-user directories under this location, so it should only be created once by init, similar to all the other user-specific directories. Bug: 27896918 Change-Id: I9ec55e4fd763c0eda6c6e50483694a6377344586
2016-04-15 05:09:34 +02:00
mkdir /data/system/users 0775 system system
User 0 directories are created by vold now. This ensures that all users on device follow a consistent path for setup and validation of encryption policy. Also add remaining user-specific directories and fix linking order. Bug: 25796509 Change-Id: I8c2e42a78569817f7f5ea03f54b743a6661fdb9c
2016-02-03 22:44:44 +01:00
mkdir /data/system_de 0770 system system
Create some new encryption paths. Bug: 22358539 Change-Id: I2e7533cd3dbd18e9ae115f611c5714b0c7ba4917
2015-11-10 02:07:35 +01:00
mkdir /data/system_ce 0770 system system
User 0 directories are created by vold now. This ensures that all users on device follow a consistent path for setup and validation of encryption policy. Also add remaining user-specific directories and fix linking order. Bug: 25796509 Change-Id: I8c2e42a78569817f7f5ea03f54b743a6661fdb9c
2016-02-03 22:44:44 +01:00
mkdir /data/misc_de 01771 system misc
mkdir /data/misc_ce 01771 system misc
Create some new encryption paths. Bug: 22358539 Change-Id: I2e7533cd3dbd18e9ae115f611c5714b0c7ba4917
2015-11-10 02:07:35 +01:00
Revert "Revert "Adding e4crypt support"" Fix build break caused by original change This reverts commit 84b0bab58fcc7f225e9a17a15c531b0c2fc509c5. (cherry picked from commit bbb4c85bdcc9a1bce315ed9d61a228bb1b992a1c) Change-Id: If0ead0f2656b69f33f72c64b03a05784455a4143
2015-03-26 16:49:42 +01:00
mkdir /data/user 0711 system system
Create some new encryption paths. Bug: 22358539 Change-Id: I2e7533cd3dbd18e9ae115f611c5714b0c7ba4917
2015-11-10 02:07:35 +01:00
mkdir /data/user_de 0711 system system
User 0 directories are created by vold now. This ensures that all users on device follow a consistent path for setup and validation of encryption policy. Also add remaining user-specific directories and fix linking order. Bug: 25796509 Change-Id: I8c2e42a78569817f7f5ea03f54b743a6661fdb9c
2016-02-03 22:44:44 +01:00
symlink /data/data /data/user/0
Revert "Revert "Adding e4crypt support"" Fix build break caused by original change This reverts commit 84b0bab58fcc7f225e9a17a15c531b0c2fc509c5. (cherry picked from commit bbb4c85bdcc9a1bce315ed9d61a228bb1b992a1c) Change-Id: If0ead0f2656b69f33f72c64b03a05784455a4143
2015-03-26 16:49:42 +01:00
Move some directory creation out of installd. Core system directories should be created here in init.rc instead of making installd do the creation. Bug: 26466827 Change-Id: I313a332e74699641872c41fce5a7ca35bfce8f82
2016-01-13 17:37:08 +01:00
mkdir /data/media 0770 media_rw media_rw
mkdir /data/media/obb 0770 media_rw media_rw
core/init.rc: Add /data/cache/* directory creation Bug: 28845422 Change-Id: I2abcc67176cf94f34706f8f005a24ef5f70e0494
2016-06-21 21:04:54 +02:00
mkdir /data/cache 0770 system cache
mkdir /data/cache/recovery 0770 system cache
mkdir /data/cache/backup_stage 0700 system system
mkdir /data/cache/backup 0700 system system
Activate system APEXes early Summary: Boot sequence around apexd is changed to make it possible for pre-apexd processes to use libraries from APEXes. They no longer need to wait for the apexd to finish activating APEXes, which again can be done only after /data/ is mounted. This improves overall boot performance. Detail: This change fixes the problem that processes that are started before apexd (so called pre-apexd processes) can't access libraries that are provided only by the APEXes but are not found in the system partition (e.g. libdexfile_external.so, etc.). Main idea is to activate system APEXes (/system/apex/*.apex) before /data is mounted and then activate the updated APEXes (/data/apex/*.apex) after the /data mount. Detailed boot sequence is as follows. 1) init prepares the bootstrap and default mount namespaces. A tmpfs is mounted on /apex and the propagation type of the mountpoint is set to private. 2) before any other process is started, apexd is started in bootstrap mode. When executed in the mode, apexd only activates APEXes under /system/apex. Note that APEXes activated in this phase are mounted in the bootstrap mount namespace only. 3) other pre-apexd processes are started. They are in the bootstrap mount namespace and thus are provided with the libraries from the system APEXes. 4) /data is mounted. init switches into the default mount namespace and starts apexd as a daemon as usual. 5) apexd scans both /data/apex and /system/apex, and activate latest APEXes from the directories. Note that APEXes activated in this phase are mounted in the default namespaces only and thus are not visible to the pre-apexd processes. Bug: 125549215 Test: m; device boots Change-Id: I21c60d0ebe188fa4f24d6e6861f85ca204843069
2019-02-22 14:15:25 +01:00
# Wait for apexd to finish activating APEXes before starting more processes.
wait_for_prop apexd.status ready
parse_apex_configs
On FDE devices, initialize user 0 Fix ugly special cases for user 0: initialize them explicitly. Bug: 26704408 Change-Id: I1b8536b9e5e87ea98b4009a309f2e22c56006651
2016-02-01 17:37:13 +01:00
init_user0
Apply restorecon_recursive to all of /data. With the following prior changes: I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1 I698b1b2c3f00f31fbb2015edf23d33b51aa5bba1 I8dd915d9bb80067339621b905ea2b4ea0fa8d71e it should now be safe (will correctly label all files) and reasonably performant (will skip processing unless file_contexts has changed since the last call) to call restorecon_recursive /data from init.rc. The call is placed after the setprop selinux.policy_reload 1 so that we use any policy update under /data/security if present. Change-Id: Ib8d9751a47c8e0238cf499fcec61898937945d9d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-02-06 19:52:52 +01:00
# Set SELinux security contexts on upgrade or policy update.
Add flags to restorecon_recursive to traverse filesystems Use to solve the problem of tracefs conditionally being mounted under debugfs and needing restorecon'd without boot performance penalty. Also move skip-ce to a flag for consistency. Test: Check that trace_mount has correct attributes after boot Bug: 32849675 Change-Id: Ib6731f502b6afc393ea5ada96fa95b339f14da49
2016-11-15 00:40:18 +01:00
restorecon --recursive --skip-ce /data
Apply restorecon_recursive to all of /data. With the following prior changes: I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1 I698b1b2c3f00f31fbb2015edf23d33b51aa5bba1 I8dd915d9bb80067339621b905ea2b4ea0fa8d71e it should now be safe (will correctly label all files) and reasonably performant (will skip processing unless file_contexts has changed since the last call) to call restorecon_recursive /data from init.rc. The call is placed after the setprop selinux.policy_reload 1 so that we use any policy update under /data/security if present. Change-Id: Ib8d9751a47c8e0238cf499fcec61898937945d9d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-02-06 19:52:52 +01:00
Switch tzdatacheck to comparing tzdata module file The old "time zone updates via APK" feature installs time zone data files in /data. tzdatacheck is run during boot to guard against an OTA leaving the data in /data older, or in a different format, than the files that exist elsewhere on device. If such files existed the system could use old versions of tzdb (and related) data or even end up unstable. Soon, the time zone data mainline module will be made "functionally mandatory" by the removal of most time zone data files from the runtime module APEX, i.e. the time zone data module cannot be absent, and the runtime module won't have files to compare against. This change modifies the command line args for tzdatacheck to reference the contents of time zone data module instead of the runtime module. Bug: 132168458 Test: Build / boot / inspect logcat Change-Id: Iac8023b7cbb72213df344d603c121caa867a196f
2019-06-06 16:18:36 +02:00
# Check any timezone data in /data is newer than the copy in the time zone data
# module, delete if not.
exec - system system -- /system/bin/tzdatacheck /apex/com.android.tzdata/etc/tz /data/misc/zoneinfo
Move tzdatacheck execution after apex is mounted tzdatacheck references files in the runtime apex so should not be executed before the apex mounts are ready. Test: Manual tests (see b/123270813); observed tzdatacheck running after apex files are mounted Bug: 123270813 Bug: 116191025 Bug: 119293618 Bug: 113373927 Change-Id: I249d127c1d568bc5025d81b0bb4187c81363d897
2019-02-22 15:05:40 +01:00
init.rc, typo: fs-post-data -> post-fs-data Test: pass Change-Id: Icafdb7ec61935b35db85096b49e7f232a456f620
2017-01-25 19:52:15 +01:00
# If there is no post-fs-data action in the init.<device>.rc file, you
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
# must uncomment this line, otherwise encrypted filesystems
# won't work.
# Set indication (checked by vold) that we have finished this action
#setprop vold.post_fs_data_done 1
init: set the sys.use_memfd property to false The sys.use_memfd property is set by default to false in Android to temporarily disable memfd, till vendor and apps are ready for it. The main issue: either apps or vendor processes can directly make ashmem IOCTLs on FDs they receive by assuming they are ashmem, without going through libcutils. Such fds could have very well be originally created with libcutils hence they could be memfd. Thus the IOCTLs will break. Set default value of sys.use_memfd property to true once the issue is resolved, so that the code can then self-detect if kernel support is present on the device. The property can also set to true from adb shell, for debugging. Bug: 113362644 Change-Id: I0f572ef36cac2a58fe308ddb90bbeffbecdaed3b Signed-off-by: Joel Fernandes <joelaf@google.com>
2019-02-01 01:27:23 +01:00
# sys.memfd_use set to false by default, which keeps it disabled
# until it is confirmed that apps and vendor processes don't make
# IOCTLs on ashmem fds any more.
setprop sys.use_memfd false
init.rc: set fsck log permission on post-fs-data Fixes: 130829745 Test: build and trigger fsck crosshatch:/ # ls -l /dev/fscklogs/log -rwxrwx--- 1 root system 1584 1970-04-08 14:48 /dev/fscklogs/log Change-Id: Ifd0734e121d07b941a73d7cabde04928ce5e5c59
2019-04-19 19:58:39 +02:00
# Set fscklog permission
chown root system /dev/fscklogs/log
chmod 0770 /dev/fscklogs/log
Ensure update_verifier run before zygote Currently zygote is started early for FBE device but update_verifier is run later which creates a potential risk. This CL ensures update_verifier run before zygote touches anything within data/ partition. With this change, we also start zygote early for unencrypted/unsupported encryption state device. Bug: 37543411 Test: marlin boots (cherry picked from commit 5dc05effecca88f06da090dbcdd257666e69c2c7) Change-Id: I97cde0c20f74b1b17c995d84c2e31c86fe006395
2017-04-20 23:37:55 +02:00
# It is recommended to put unnecessary data/ initialization from post-fs-data
# to start-zygote in device's init.rc to unblock zygote start.
on zygote-start && property:ro.crypto.state=unencrypted
# A/B update verifier that marks a successful boot.
exec_start update_verifier_nonencrypted
start netd
start zygote
start zygote_secondary
on zygote-start && property:ro.crypto.state=unsupported
# A/B update verifier that marks a successful boot.
exec_start update_verifier_nonencrypted
start netd
start zygote
start zygote_secondary
init.rc: make sure netd start after post-fs-data Current init doesn't order the triggeres it scaned, and there is no guarantee that general event trigger exec first and then event+property triggers. This CL will make sure netd started after post-fs-data trigger is done. Bug: 35110957 Test: marlin boots Change-Id: I7bb55af4e00f336682388abfa8a06eac2136b7d4
2017-03-09 21:35:02 +01:00
on zygote-start && property:ro.crypto.state=encrypted && property:ro.crypto.type=file
Ensure update_verifier run before zygote Currently zygote is started early for FBE device but update_verifier is run later which creates a potential risk. This CL ensures update_verifier run before zygote touches anything within data/ partition. With this change, we also start zygote early for unencrypted/unsupported encryption state device. Bug: 37543411 Test: marlin boots (cherry picked from commit 5dc05effecca88f06da090dbcdd257666e69c2c7) Change-Id: I97cde0c20f74b1b17c995d84c2e31c86fe006395
2017-04-20 23:37:55 +02:00
# A/B update verifier that marks a successful boot.
exec_start update_verifier_nonencrypted
start netd
start zygote
start zygote_secondary
init.rc: make sure netd start after post-fs-data Current init doesn't order the triggeres it scaned, and there is no guarantee that general event trigger exec first and then event+property triggers. This CL will make sure netd started after post-fs-data trigger is done. Bug: 35110957 Test: marlin boots Change-Id: I7bb55af4e00f336682388abfa8a06eac2136b7d4
2017-03-09 21:35:02 +01:00
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
on boot
Make indentation sane in init.rc Change-Id: Ic632fbe1423eeef7ec958877d74db7b87fc385c6
2014-06-19 05:35:40 +02:00
# basic network init
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
ifup lo
hostname localhost
domainname localdomain
Set SPI Allocation Timeout to One Hour This change increases the default expiration length of an SA to 1h. The IPsec API expects that SPIs are allocated indefinitely, but potential for instability requires that these get cleaned up automatically. As such, the duration was chosen as a sane, but long timeout value. Bug: 72316671 Test: Added CTS tests to enforce this behavior Change-Id: I47aef9cea4a09da253b2ec048a8797af5fa25529
2018-03-13 03:00:50 +01:00
# IPsec SA default expiration length
write /proc/sys/net/core/xfrm_acq_expires 3600
Make indentation sane in init.rc Change-Id: Ic632fbe1423eeef7ec958877d74db7b87fc385c6
2014-06-19 05:35:40 +02:00
# Memory management. Basic kernel parameters, and allow the high
# level system server to be able to adjust the kernel OOM driver
# parameters to match how it is managing things.
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
write /proc/sys/vm/overcommit_memory 1
auto import from //branches/cupcake_rel/...@138607
2009-03-13 21:04:37 +01:00
write /proc/sys/vm/min_free_order_shift 4
Activity Manager now takes care of setting OOM values. All init needs to do is make these files writeable so that the activity manager can set them. Change-Id: Ieea43208fadc01504d813be379aecbafcadf0d34
2011-08-08 01:30:24 +02:00
chown root system /sys/module/lowmemorykiller/parameters/adj
Revert "lowmemorykiller: make perms 0220" This reverts commit b3739735b84a88cccfe08c0d69b1017a07004470. Values are helpful to inspect during memory performance tuning. b/19847626 Change-Id: I004ed37d5cc67e466c1fd1a84e47348524056e87
2015-03-20 01:07:57 +01:00
chmod 0664 /sys/module/lowmemorykiller/parameters/adj
Activity Manager now takes care of setting OOM values. All init needs to do is make these files writeable so that the activity manager can set them. Change-Id: Ieea43208fadc01504d813be379aecbafcadf0d34
2011-08-08 01:30:24 +02:00
chown root system /sys/module/lowmemorykiller/parameters/minfree
Revert "lowmemorykiller: make perms 0220" This reverts commit b3739735b84a88cccfe08c0d69b1017a07004470. Values are helpful to inspect during memory performance tuning. b/19847626 Change-Id: I004ed37d5cc67e466c1fd1a84e47348524056e87
2015-03-20 01:07:57 +01:00
chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
rootdir: init.rc: Adjust background dirty writeout policy Signed-off-by: San Mehat <san@google.com>
2009-10-13 21:24:47 +02:00
# Tweak background writeout
write /proc/sys/vm/dirty_expire_centisecs 200
write /proc/sys/vm/dirty_background_ratio 5
init.rc: tune F2FS to be aligned to system settings Android sets /proc/sys/vm/dirty_expire_centisecs to 200, so f2fs doesn't need to do checkpoint in 60 seconds. Bug: 127511432 Change-Id: I2ba0623053d4480b82003eb1cca85ff03c61fc0f Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2019-03-29 17:16:51 +01:00
# F2FS tuning. Set cp_interval larger than dirty_expire_centisecs
# to avoid power consumption when system becomes mostly idle. Be careful
# to make it too large, since it may bring userdata loss, if they
# are not aware of using fsync()/sync() to prepare sudden power-cut.
write /sys/fs/f2fs/${dev.mnt.blk.data}/cp_interval 200
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
# Permissions for System Server and daemons.
chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock
init.rc: Set owner for /sys/power/autosleep Change-Id: Ia18cce973c71e7561ca84b23e37b0b8e056a7143
2012-05-03 02:57:50 +02:00
chown system system /sys/power/autosleep
Use GID "wakelock" to control access to kernel wakelock * Added new kernel GID named "wakelock" (AID_WAKELOCK = 3010) * Changed the group access for /sys/power/wake_lock and /sys/power/wake_unlock from "system" to "wakelock" * Added "wakelock" to the list of groups for the healthd process/service Bug: 25864142 Change-Id: Ieabee9964cccec3107971a361a43aa9805164aa9
2015-11-24 02:18:31 +01:00
chown radio wakelock /sys/power/wake_lock
chown radio wakelock /sys/power/wake_unlock
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
init.rc: Set owner and permissions for cpufreq files Change-Id: Iaaf8491915567dbe22cab1798081a00fed4fb2e2
2012-04-11 23:48:51 +02:00
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
rootdir: init.rc: set perms for new interactive governor attrs /sys/devices/system/cpu/cpufreq/interactive/timer_slack /sys/devices/system/cpu/cpufreq/interactive/target_loads Change-Id: Ia5d5c3d615ad64bab3a1317e5de2ac9a6d61679e
2012-12-21 03:52:03 +01:00
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
init.rc: Set owner and permissions for cpufreq files Change-Id: Iaaf8491915567dbe22cab1798081a00fed4fb2e2
2012-04-11 23:48:51 +02:00
chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
rootdir: init.rc: set perms for new interactive governor attrs /sys/devices/system/cpu/cpufreq/interactive/timer_slack /sys/devices/system/cpu/cpufreq/interactive/target_loads Change-Id: Ia5d5c3d615ad64bab3a1317e5de2ac9a6d61679e
2012-12-21 03:52:03 +01:00
chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
init.rc: Set owner and permissions for cpufreq files Change-Id: Iaaf8491915567dbe22cab1798081a00fed4fb2e2
2012-04-11 23:48:51 +02:00
chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
init.rc: Set perms for cpufreq interactive governor above_hispeed_delay Change-Id: Ib9c3fb4e43759af590a6e033b8ba04c0023d5f07
2012-04-19 22:17:24 +02:00
chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
init: set perms for cpufreq interactive governor boost -- DO NOT MERGE Change-Id: I6509cda358b4a75706afd01a5b5a36eabe492554 Signed-off-by: Todd Poynor <toddpoynor@google.com>
2012-04-25 00:37:13 +02:00
chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
init: Set perms for interactive cpufreq governor boostpulse Change-Id: Ia4b028f58f9d48bad2525744497f10884d11c5d6
2012-05-04 00:20:48 +02:00
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
init: Set perms for cpufreq interactive governor input boost sysfs Change-Id: Ie475c95d81635a068db11e7018895024247878b4
2012-04-28 05:21:18 +02:00
chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
rootdir: init.rc: set perms for cpufreq governor boostpulse_duration Change-Id: I09b9a1ed548e4ffe1232f583e8ff5f026760f616
2012-12-20 02:43:06 +01:00
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
init.rc: Set owner/perm for interactive governor io_is_busy Change-Id: I7537d56a23ca787daf92a9d91778056f987097bd
2013-03-25 21:17:13 +01:00
chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
init.rc: Set owner and permissions for cpufreq files Change-Id: Iaaf8491915567dbe22cab1798081a00fed4fb2e2
2012-04-11 23:48:51 +02:00
# Assume SMP uses shared cpufreq policy for all CPUs
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
init.rc: enable ledtrig-transient support for vibrator This change makes the init process to always attempts to enable transient trigger for vibrator. This allows the exported properties to change the ownership later at the on boot stage. Test: device vibrates with the driver supports ledtrig-transient Change-Id: If5eb7b7feaefe803f2ead634fbe4fc7b48da84ea Signed-off-by: David Lin <dtwlin@google.com>
2017-03-09 02:36:18 +01:00
chown system system /sys/class/leds/vibrator/trigger
chown system system /sys/class/leds/vibrator/activate
chown system system /sys/class/leds/vibrator/brightness
chown system system /sys/class/leds/vibrator/duration
chown system system /sys/class/leds/vibrator/state
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness
auto import from //branches/cupcake_rel/...@140373
2009-03-19 01:39:49 +01:00
chown system system /sys/class/leds/jogball-backlight/brightness
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
Make indentation sane in init.rc Change-Id: Ic632fbe1423eeef7ec958877d74db7b87fc385c6
2014-06-19 05:35:40 +02:00
# Define default initial receive window size in segments.
init.rc: prep tcp_default_init_rwnd, set the default to 60 The kernel's default is between 4~20. Prepare for javaland to modify the value at runtime. It can be done via setprop sys.sysctl.tcp_def_init_rwnd <value> Bug: 12020135 Change-Id: Id34194b085206fd02e316401c0fbbb9eb52522d2
2014-02-21 21:05:01 +01:00
setprop net.tcp.default_init_rwnd 60
Revert "Revert "Start hwservicemanager earlier."" This reverts commit 5011270225b7b61cd485cb67f694d15d8570a0e1. Now starting even earlier. Reason for revert: Needed change, reverted b/c broken device. Bug: 36278706 Test: original DOA device boots Test: angler, bullhead, fugu, marlin, ryu Test: all these devices boot with wipe Test: all these devices boot with w/o wipe Test: lshal shows all included services Change-Id: Ic639aedf7834b1bd3a26d23d109727f5559317e9
2017-03-24 17:23:07 +01:00
# Start standard binderized HAL daemons
class_start hal
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
class_start core
on nonencrypted
Mount default encrypted devices at boot If userdata is default encrypted, we should mount it at boot to avoid bringing the framework up and then down unnecessarily. Needs matching vold changes from https://googleplex-android-review.googlesource.com/#/c/412649/ Bug: 8769627 Change-Id: I4b8276befd832cd788e15c36edfbf8f0e18d7e6b
2014-01-30 19:43:52 +01:00
class_start main
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
class_start late_start
Add ability to adjust init log level at runtime. + Add a new property, sys.init_log_level, which can be set after init bootstrap. This will control the level at which init does prints to klog. Change-Id: Ia15b2110157b5e6b713785ece9b0fb94889be6c8
2014-06-26 22:55:03 +02:00
on property:sys.init_log_level=*
loglevel ${sys.init_log_level}
init: add charge mode handling Introduces a 'charger' section that is processed when androidboot.mode supplied on the kernel commandline is "charger". In this mode, sections such as fs, post-fs, etc are skipped. Only the 'early-init' and 'init' sections of the init rc files are processed before processing the 'charger' section. Change-Id: If9eb6334de18f04cbcf2aab784578e2993615242 Signed-off-by: Dima Zavin <dima@android.com>
2011-08-25 00:28:23 +02:00
on charger
class_start charger
Load the persistent properties after decrypting the /data partition Fix for bug 3415286. The persistent properties are normally read early in the boot process after /data is mounted. However, for an encrypted system, at that point /data is a tmpfs ramdisk. This change adds a new command to init (load_persist_props) to read the persistent properties, and adds an action to init.rc to load the persistent properties. This action is triggered by setting a property in vold, but that's in a different CL. Change-Id: I74b3057974ee6029c29d956b76fef5566700d471
2011-03-09 02:01:29 +01:00
on property:vold.decrypt=trigger_load_persist_props
load_persist_props
rootfs: init.rc start logd parse error init: /init.rc: 490: invalid option 'start' Change-Id: Ica985e45d4652dab0ebd434803344f14cc73d834
2015-04-20 17:55:02 +02:00
start logd
init.rc: logd --reinit on changes to persistent properties Bug: 19681572 Change-Id: I3187aa348dae79fa5822ffb7ee9566919a7a04e6
2015-03-11 22:45:05 +01:00
start logd-reinit
Load the persistent properties after decrypting the /data partition Fix for bug 3415286. The persistent properties are normally read early in the boot process after /data is mounted. However, for an encrypted system, at that point /data is a tmpfs ramdisk. This change adds a new command to init (load_persist_props) to read the persistent properties, and adds an action to init.rc to load the persistent properties. This action is triggered by setting a property in vold, but that's in a different CL. Change-Id: I74b3057974ee6029c29d956b76fef5566700d471
2011-03-09 02:01:29 +01:00
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
on property:vold.decrypt=trigger_post_fs_data
trigger post-fs-data
Fix FDE Need a larger tmpfs to stop crashes Need to run start-zygote after mounting the real data Test: Cherry-pick ag/3898232. System boots, can set pattern, system reboots. Wifi works at all points. Bug: 76452634 Change-Id: Id24241db940d352fd3bcdef594b5358854c6f71d
2018-04-13 21:28:42 +02:00
trigger zygote-start
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
Add a new trigger to support a progress bar UI for encrypt in place. Change-Id: I6a14eb43462505cb7fecfee9fd1ecdea50065963
2011-01-17 23:26:34 +01:00
on property:vold.decrypt=trigger_restart_min_framework
rootdir: Execute update_verifier for A/B update. update_verifier verifies the updated partitions and marks the current slot as having booted successfully. It needs to be triggered prior to the start of the framework, otherwise it won't be able to fall back to the old system without a data wipe. Bug: 26039641 Change-Id: I6fd183cdd3dfcc72feff2a896368158875b28591
2015-12-05 02:45:43 +01:00
# A/B update verifier that marks a successful boot.
init.rc: launch update_verifier with exec_start This allows update_verifier to raise it's priority and ioprio. Bug: 36511808 Bug: 36102163 Test: Boot bullhead Test: Verify boottime decrease on sailfish Change-Id: I5710c6a98dc7acee9063d1fa1d1c80668f0f1528 (cherry picked from commit 1e2d8c7fce132773da8058f7210c0d990c4cb1a9)
2017-03-28 22:28:38 +02:00
exec_start update_verifier
Add a new trigger to support a progress bar UI for encrypt in place. Change-Id: I6a14eb43462505cb7fecfee9fd1ecdea50065963
2011-01-17 23:26:34 +01:00
class_start main
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
on property:vold.decrypt=trigger_restart_framework
rootdir: Execute update_verifier for A/B update. update_verifier verifies the updated partitions and marks the current slot as having booted successfully. It needs to be triggered prior to the start of the framework, otherwise it won't be able to fall back to the old system without a data wipe. Bug: 26039641 Change-Id: I6fd183cdd3dfcc72feff2a896368158875b28591
2015-12-05 02:45:43 +01:00
# A/B update verifier that marks a successful boot.
init.rc: launch update_verifier with exec_start This allows update_verifier to raise it's priority and ioprio. Bug: 36511808 Bug: 36102163 Test: Boot bullhead Test: Verify boottime decrease on sailfish Change-Id: I5710c6a98dc7acee9063d1fa1d1c80668f0f1528 (cherry picked from commit 1e2d8c7fce132773da8058f7210c0d990c4cb1a9)
2017-03-28 22:28:38 +02:00
exec_start update_verifier
Support for stopping/starting post-data-mount class subsets. On devices that use FDE and APEX at the same time, we need to bring up a minimal framework to be able to mount the /data partition. During this period, a tmpfs /data filesystem is created, which doesn't contain any of the updated APEXEs. As a consequence, all those processes will be using the APEXes from the /system partition. This is obviously not desired, as APEXes in /system may be old and/or contain security issues. Additionally, it would create a difference between FBE and FDE devices at runtime. Ideally, we restart all processes that have started after we created the tmpfs /data. We can't (re)start based on class names alone, because some classes (eg 'hal') contain services that are required to start apexd itself and that shouldn't be killed (eg the graphics HAL). To address this, keep track of which processes are started after /data is mounted, with a new 'mark_post_data' keyword. Additionally, create 'class_reset_post_data', which resets all services in the class that were created after the initial /data mount, and 'class_start_post_data', which starts all services in the class that were started after /data was mounted. On a device with FBE, these keywords wouldn't be used; on a device with FDE, we'd use them to bring down the right processes after the user has entered the correct secret, and restart them. Bug: 118485723 Test: manually verified process list Change-Id: I16adb776dacf1dd1feeaff9e60639b99899905eb
2019-04-23 16:26:01 +02:00
class_start_post_data hal
class_start_post_data core
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
class_start main
class_start late_start
Show bootanimation after decrypt Because the original modification (restart SF which is added for display bootanimation) from O to P causes bootanimation NPE, we remove the part of restart SF and add other flow to show bootanimation. Test: manual, ran the test 10 times and it cause no NPE and display BootAnimation after decrypt Test: boot aosp_sailfish Bug: 79547653 Change-Id: I355ccdbb2e2f27d897e2e0ee00f9300ef38ede03
2018-07-26 11:07:25 +02:00
setprop service.bootanim.exit 0
start bootanim
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
on property:vold.decrypt=trigger_shutdown_framework
class_reset late_start
class_reset main
Support for stopping/starting post-data-mount class subsets. On devices that use FDE and APEX at the same time, we need to bring up a minimal framework to be able to mount the /data partition. During this period, a tmpfs /data filesystem is created, which doesn't contain any of the updated APEXEs. As a consequence, all those processes will be using the APEXes from the /system partition. This is obviously not desired, as APEXes in /system may be old and/or contain security issues. Additionally, it would create a difference between FBE and FDE devices at runtime. Ideally, we restart all processes that have started after we created the tmpfs /data. We can't (re)start based on class names alone, because some classes (eg 'hal') contain services that are required to start apexd itself and that shouldn't be killed (eg the graphics HAL). To address this, keep track of which processes are started after /data is mounted, with a new 'mark_post_data' keyword. Additionally, create 'class_reset_post_data', which resets all services in the class that were created after the initial /data mount, and 'class_start_post_data', which starts all services in the class that were started after /data was mounted. On a device with FBE, these keywords wouldn't be used; on a device with FDE, we'd use them to bring down the right processes after the user has entered the correct secret, and restart them. Bug: 118485723 Test: manually verified process list Change-Id: I16adb776dacf1dd1feeaff9e60639b99899905eb
2019-04-23 16:26:01 +02:00
class_reset_post_data core
class_reset_post_data hal
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
Improve init bootcharting. Most notably, there's no longer any need to guess an end time. Bug: http://b/23478578 Bug: http://b/33450491 Test: rebooted with bootcharting on/off Change-Id: Icb7d6859581da5526d77dfc5aa4d57c9bfbfd7e2
2016-11-11 02:43:47 +01:00
on property:sys.boot_completed=1
bootchart stop
init.rc: prep tcp_default_init_rwnd, set the default to 60 The kernel's default is between 4~20. Prepare for javaland to modify the value at runtime. It can be done via setprop sys.sysctl.tcp_def_init_rwnd <value> Bug: 12020135 Change-Id: Id34194b085206fd02e316401c0fbbb9eb52522d2
2014-02-21 21:05:01 +01:00
# system server cannot write to /proc/sys files,
# and chown/chmod does not work for /proc/sys/ entries.
# So proxy writes through init.
add property to adjust extra_free_kbytes kernel vm tunable ActivityManager can't directly write to extra_free_kbytes because /proc/sys rejects all chown and chmod syscalls. Proxy the writes through init by using the sys.sysctl.extra_free_kbytes property. Bug: 10024467 Change-Id: I441e00478421254355fcafb252bc878166483d4c
2013-07-25 19:34:30 +02:00
on property:sys.sysctl.extra_free_kbytes=*
write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
Make indentation sane in init.rc Change-Id: Ic632fbe1423eeef7ec958877d74db7b87fc385c6
2014-06-19 05:35:40 +02:00
init.rc: prep tcp_default_init_rwnd, set the default to 60 The kernel's default is between 4~20. Prepare for javaland to modify the value at runtime. It can be done via setprop sys.sysctl.tcp_def_init_rwnd <value> Bug: 12020135 Change-Id: Id34194b085206fd02e316401c0fbbb9eb52522d2
2014-02-21 21:05:01 +01:00
# "tcp_default_init_rwnd" Is too long!
on property:sys.sysctl.tcp_def_init_rwnd=*
write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
add a property for controlling perf_event_paranoid This adds a system property for controlling unprivileged access to perf_event_paranoid. It depends on adding kernel support for perf_event_paranoid=3 based on grsecurity's PERF_HARDEN feature to completely disable unprivileged access to perf. A minimal port of this feature is used in the vanilla Debian kernel by default. It hides the non-hardened value as an implementation detail, since while it is currently 1, it will probably become 2 in the future. Bug: 29054680 Change-Id: I6e3ae3cf18d8c76df94f879c34fb6fde519b89a9
2015-09-04 22:23:01 +02:00
on property:security.perf_harden=0
write /proc/sys/kernel/perf_event_paranoid 1
Add debug system properties to control profiling limits. When security.perf_harden is disabled through adb, use some debug system properties to set profiling limits in the kernel, including cpu percentage, memory, and max sample rate. Bug: 110706031 Test: boot hikey960 and manually set system properties to make Test: sure it works. Change-Id: I44c0adf3a000bb393905233f2a097c97b5fe91ec
2018-06-29 23:52:47 +02:00
write /proc/sys/kernel/perf_event_max_sample_rate ${debug.perf_event_max_sample_rate:-100000}
write /proc/sys/kernel/perf_cpu_time_max_percent ${debug.perf_cpu_time_max_percent:-25}
write /proc/sys/kernel/perf_event_mlock_kb ${debug.perf_event_mlock_kb:-516}
add a property for controlling perf_event_paranoid This adds a system property for controlling unprivileged access to perf_event_paranoid. It depends on adding kernel support for perf_event_paranoid=3 based on grsecurity's PERF_HARDEN feature to completely disable unprivileged access to perf. A minimal port of this feature is used in the vanilla Debian kernel by default. It hides the non-hardened value as an implementation detail, since while it is currently 1, it will probably become 2 in the future. Bug: 29054680 Change-Id: I6e3ae3cf18d8c76df94f879c34fb6fde519b89a9
2015-09-04 22:23:01 +02:00
on property:security.perf_harden=1
write /proc/sys/kernel/perf_event_paranoid 3
add property to adjust extra_free_kbytes kernel vm tunable ActivityManager can't directly write to extra_free_kbytes because /proc/sys rejects all chown and chmod syscalls. Proxy the writes through init by using the sys.sysctl.extra_free_kbytes property. Bug: 10024467 Change-Id: I441e00478421254355fcafb252bc878166483d4c
2013-07-25 19:34:30 +02:00
init: Support custom shutdown actions We have been seeing panics and errors during shutdown sequence in some vendor's platform, and it is required to disable error handling during shutdown. This CL separates the shutdown request to execute another "shutdown" trigger at the beginning of shutdown stage. And vendor can use this trigger to add custom commands needed for shutting down gracefully. Bug: 38203024 Bug: 62084631 Test: device reboot/shutdown Change-Id: I3fac4ed59f06667d86e477ee55ed391cf113717f
2017-06-28 07:08:45 +02:00
# on shutdown
# In device's init.rc, this trigger can be used to do device-specific actions
# before shutdown. e.g disable watchdog and mask error handling
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
## Daemon processes to be run by init.
##
split first stage init into a separate executable In the future, systems with dm-linear will require a ramdisk to set up the mount for system. In this world, first stage init will be a part of this ramdisk and handle setting up dm-linear, mounting the necessary partitions, then pivoting to the system image, which will become the root partition. This also enables previous devices without system-as-root, to be unified with system-as-root devices for all aspects of boot after the pivot_root. Bug: 79758715 Test: boot hikey Test: boot sailfish, boot sailfish into recovery Change-Id: Iefa88a3ec5994e7989aa9f26f2de0351ffa5468b
2018-07-20 23:57:00 +02:00
service ueventd /system/bin/ueventd
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
class core
disable console in user builds Also, run console as shell/log instead of root/root. Change-Id: I6104f1edddfd5e11843ff41d7839d0c296e6a6f9
2010-10-28 00:40:23 +02:00
critical
Modify init.rc and init.goldfish.rc for SE Android. Set the security context for the init process. Restore the security contexts of /cache and /data in case they were reset. Specify the security context for services launched from the rootfs since we cannot label their executables. If on the emulator, set a policy boolean and restore the context of /sys/qemu_trace to allow accesses not normally permitted on a device. Change-Id: I166ffc267e8e0543732e7118eb0fd4b031efac3b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-01-13 14:54:34 +01:00
seclabel u:r:ueventd:s0
add "shutdown critical" to service - "shutdown critical" prevents killing the service during shutdown. And the service will be started if not running. - Without it, services will be killed by SIGTERM / SIGKILL during shutdown. - Even services with "shutdown critical" will be killed if shutdown times out. - Removes ueventd and vold from hard coded list. Each service's rc will be updated to add "shutdown critical". watchdogd is still kept in the list. bug: 37626581 Test: reboot and check last kmsg Change-Id: Ie8cc699d1efbc59b9a2561bdd40fec64aed5a4bb
2017-07-05 20:38:44 +02:00
shutdown critical
disable console in user builds Also, run console as shell/log instead of root/root. Change-Id: I6104f1edddfd5e11843ff41d7839d0c296e6a6f9
2010-10-28 00:40:23 +02:00
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
service console /system/bin/sh
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
class core
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
console
disable console in user builds Also, run console as shell/log instead of root/root. Change-Id: I6104f1edddfd5e11843ff41d7839d0c296e6a6f9
2010-10-28 00:40:23 +02:00
disabled
user shell
Enable hidepid=2 on /proc Add the following mount options to the /proc filesystem: hidepid=2,gid=3009 This change blocks /proc access unless you're in group 3009 (aka AID_READPROC). Please see https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt for documentation on the hidepid option. hidepid=2 is preferred over hidepid=1 since it leaks less information and doesn't generate SELinux ptrace denials when trying to access /proc without being in the proper group. Add AID_READPROC to processes which need to access /proc entries for other UIDs. Bug: 23310674 Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
2015-11-08 01:52:17 +01:00
group shell log readproc
Run the console service shell in the shell domain. This allows it to be permissive in userdebug/eng builds but confined/enforcing in user builds. Change-Id: Ie322eaa0acdbefea2de4e71ae386778c929d042b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-23 20:11:02 +01:00
seclabel u:r:shell:s0
console: Add setenv HOSTNAME console Bug: 67678999 Test: Run serial console on Hikey Change-Id: Ia5fa9c2af4771508d96545f6a8814a81d5ccee3c Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2017-10-11 20:18:51 +02:00
setenv HOSTNAME console
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
init.rc: Allow console in userdebug builds Change-Id: Ib5734c6d3e2bf5a9da3d44721c529971f2345120 Signed-off-by: Mike Lockwood <lockwood@android.com>
2010-11-19 15:12:27 +01:00
on property:ro.debuggable=1
Create a folder to store method traces activated with -Xmethod-trace Bug: 25612377 Change-Id: I370b858594ccc88c12099b23a0d1aac22acd4969
2015-11-10 20:16:43 +01:00
# Give writes to anyone for the trace folder on debug builds.
# The folder is used to store method traces.
chmod 0773 /data/misc/trace
Create location to store surface and window trace files on init Bug: 64831661 Test: adb shell su root rm /data/misc/wmtrace && adb reboot && adb shell su ls /data/misc/wmtrace Change-Id: I60979c26a9226534df534abd3d59df309f6ea6ad
2017-11-27 18:54:31 +01:00
# Give reads to anyone for the window trace folder on debug builds.
chmod 0775 /data/misc/wmtrace
disable console in user builds Also, run console as shell/log instead of root/root. Change-Id: I6104f1edddfd5e11843ff41d7839d0c296e6a6f9
2010-10-28 00:40:23 +02:00
start console
init: Move uevent handling to an external ueventd process Change-Id: Iea6c56013062ade633a1754f7bcf8cf09b3dedc1
2010-04-21 21:04:20 +02:00
set permissions of recovery install script The script that writes the recovery partition after a successful update of system needs to be made executable. This change also moves it from /system/etc to /system/bin. Bug: 12893978 Change-Id: I686e2392a2392515a6859a7381b735de1007b7ea
2014-02-04 21:15:14 +01:00
service flash_recovery /system/bin/install-recovery.sh
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 01:33:31 +01:00
class main
auto import from //depot/cupcake/@135843
2009-03-04 04:32:55 +01:00
oneshot
Reference in a new issue Copy permalink