2009-03-04 04:32:55 +01:00
|
|
|
/*
|
|
|
|
|
* Copyright (C) 2008 The Android Open Source Project
|
|
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
2017-04-07 01:30:22 +02:00
|
|
|
#include "util.h"
|
|
|
|
|
|
2016-10-27 16:45:34 +02:00
|
|
|
#include <ctype.h>
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <fcntl.h>
|
|
|
|
|
#include <pwd.h>
|
2019-10-08 03:16:23 +02:00
|
|
|
#include <signal.h>
|
2009-03-04 04:32:55 +01:00
|
|
|
#include <stdarg.h>
|
|
|
|
|
#include <stdio.h>
|
2017-04-07 01:30:22 +02:00
|
|
|
#include <stdlib.h>
|
2009-03-04 04:32:55 +01:00
|
|
|
#include <string.h>
|
2016-10-27 16:45:34 +02:00
|
|
|
#include <sys/socket.h>
|
2009-03-04 04:32:55 +01:00
|
|
|
#include <sys/un.h>
|
2017-04-07 01:30:22 +02:00
|
|
|
#include <time.h>
|
|
|
|
|
#include <unistd.h>
|
2009-03-04 04:32:55 +01:00
|
|
|
|
2016-11-15 02:08:47 +01:00
|
|
|
#include <thread>
|
|
|
|
|
|
2015-12-05 07:00:26 +01:00
|
|
|
#include <android-base/file.h>
|
2016-06-25 00:12:21 +02:00
|
|
|
#include <android-base/logging.h>
|
2018-05-25 03:00:39 +02:00
|
|
|
#include <android-base/properties.h>
|
2019-07-09 22:33:36 +02:00
|
|
|
#include <android-base/scopeguard.h>
|
2015-12-05 07:00:26 +01:00
|
|
|
#include <android-base/strings.h>
|
2016-11-07 19:16:53 +01:00
|
|
|
#include <android-base/unique_fd.h>
|
2009-03-04 04:32:55 +01:00
|
|
|
#include <cutils/sockets.h>
|
2017-04-07 01:30:22 +02:00
|
|
|
#include <selinux/android.h>
|
2009-03-04 04:32:55 +01:00
|
|
|
|
2018-02-14 01:50:08 +01:00
|
|
|
#if defined(__ANDROID__)
|
2019-07-31 22:59:15 +02:00
|
|
|
#include <android/api-level.h>
|
2019-07-30 18:34:41 +02:00
|
|
|
#include <sys/system_properties.h>
|
2019-07-31 22:59:15 +02:00
|
|
|
|
2019-05-28 19:19:44 +02:00
|
|
|
#include "reboot_utils.h"
|
2019-05-29 00:58:35 +02:00
|
|
|
#include "selabel.h"
|
2019-07-31 22:59:15 +02:00
|
|
|
#include "selinux.h"
|
2018-02-14 01:50:08 +01:00
|
|
|
#else
|
|
|
|
|
#include "host_init_stubs.h"
|
|
|
|
|
#endif
|
2009-03-04 04:32:55 +01:00
|
|
|
|
2017-03-24 19:43:02 +01:00
|
|
|
using android::base::boot_clock;
|
2019-07-30 18:34:41 +02:00
|
|
|
using android::base::StartsWith;
|
2017-05-05 02:40:33 +02:00
|
|
|
using namespace std::literals::string_literals;
|
2017-03-24 19:43:02 +01:00
|
|
|
|
2017-06-22 21:53:17 +02:00
|
|
|
namespace android {
|
|
|
|
|
namespace init {
|
|
|
|
|
|
Allow the use of a custom Android DT directory
On platforms that use ACPI instead of Device Tree (DT), such as
Ranchu x86/x86_64, /proc/device-tree/firmware/android/ does not
exist. As a result, Android O is unable to mount /system, etc.
at the first stage of init:
init: First stage mount skipped (missing/incompatible fstab in
device tree)
Those platforms may create another directory that mimics the layout
of the standard DT directory in procfs, and store early mount
configuration there. E.g., Ranchu x86/x86_64 creates one in sysfs
using information encoded in the ACPI tables:
https://android-review.googlesource.com/442472
https://android-review.googlesource.com/443432
https://android-review.googlesource.com/442393
https://android-review.googlesource.com/442395
Therefore, instead of hardcoding the Android DT path, load it from
the kernel command line using a new Android-specific property key
("androidboot.android_dt_dir"). If no such property exists, fall
back to the standard procfs path (so no change is needed for DT-
aware platforms).
Note that init/ and fs_mgr/ each have their own copy of the Android
DT path, because they do not share any global state. A future CL
should remove the duplication by refactoring.
With this CL as well as the above ones, the said warning is gone,
but early mount fails. That is a separate bug, though, and will be
addressed by another CL.
Test: Boot patched sdk_phone_x86-userdebug system image with patched
Goldfish 3.18 x86 kernel in patched Android Emulator, verify
the "init: First stage mount skipped" warning no longer shows
in dmesg.
Change-Id: Ib6df577319503ec1ca778de2b5458cc72ce07415
Signed-off-by: Yu Ning <yu.ning@intel.com>
2017-07-26 11:54:08 +02:00
|
|
|
const std::string kDefaultAndroidDtDir("/proc/device-tree/firmware/android/");
|
|
|
|
|
|
2019-11-13 01:21:20 +01:00
|
|
|
void (*trigger_shutdown)(const std::string& command) = nullptr;
|
|
|
|
|
|
2017-05-05 02:40:33 +02:00
|
|
|
// DecodeUid() - decodes and returns the given string, which can be either the
|
2017-08-03 21:54:07 +02:00
|
|
|
// numeric or name representation, into the integer uid or gid.
|
|
|
|
|
Result<uid_t> DecodeUid(const std::string& name) {
|
2017-05-05 02:40:33 +02:00
|
|
|
if (isalpha(name[0])) {
|
|
|
|
|
passwd* pwd = getpwnam(name.c_str());
|
2017-08-03 21:54:07 +02:00
|
|
|
if (!pwd) return ErrnoError() << "getpwnam failed";
|
|
|
|
|
|
|
|
|
|
return pwd->pw_uid;
|
2016-04-07 04:18:50 +02:00
|
|
|
}
|
2009-03-04 04:32:55 +01:00
|
|
|
|
|
|
|
|
errno = 0;
|
2017-05-05 02:40:33 +02:00
|
|
|
uid_t result = static_cast<uid_t>(strtoul(name.c_str(), 0, 0));
|
2017-08-03 21:54:07 +02:00
|
|
|
if (errno) return ErrnoError() << "strtoul failed";
|
|
|
|
|
|
|
|
|
|
return result;
|
2009-03-04 04:32:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2017-05-05 23:44:35 +02:00
|
|
|
* CreateSocket - creates a Unix domain socket in ANDROID_SOCKET_DIR
|
2009-03-04 04:32:55 +01:00
|
|
|
* ("/dev/socket") as dictated in init.rc. This socket is inherited by the
|
|
|
|
|
* daemon. We communicate the file descriptor's value via the environment
|
|
|
|
|
* variable ANDROID_SOCKET_ENV_PREFIX<name> ("ANDROID_SOCKET_foo").
|
|
|
|
|
*/
|
2019-07-09 22:33:36 +02:00
|
|
|
Result<int> CreateSocket(const std::string& name, int type, bool passcred, mode_t perm, uid_t uid,
|
|
|
|
|
gid_t gid, const std::string& socketcon) {
|
|
|
|
|
if (!socketcon.empty()) {
|
|
|
|
|
if (setsockcreatecon(socketcon.c_str()) == -1) {
|
|
|
|
|
return ErrnoError() << "setsockcreatecon(\"" << socketcon << "\") failed";
|
2015-11-24 01:26:42 +01:00
|
|
|
}
|
|
|
|
|
}
|
2009-03-04 04:32:55 +01:00
|
|
|
|
2016-11-07 19:16:53 +01:00
|
|
|
android::base::unique_fd fd(socket(PF_UNIX, type, 0));
|
2009-03-04 04:32:55 +01:00
|
|
|
if (fd < 0) {
|
2019-07-09 22:33:36 +02:00
|
|
|
return ErrnoError() << "Failed to open socket '" << name << "'";
|
2009-03-04 04:32:55 +01:00
|
|
|
}
|
|
|
|
|
|
2019-07-09 22:33:36 +02:00
|
|
|
if (!socketcon.empty()) setsockcreatecon(nullptr);
|
2013-05-13 18:37:04 +02:00
|
|
|
|
2016-11-07 19:16:53 +01:00
|
|
|
struct sockaddr_un addr;
|
2009-03-04 04:32:55 +01:00
|
|
|
memset(&addr, 0 , sizeof(addr));
|
|
|
|
|
addr.sun_family = AF_UNIX;
|
2019-07-09 22:33:36 +02:00
|
|
|
snprintf(addr.sun_path, sizeof(addr.sun_path), ANDROID_SOCKET_DIR "/%s", name.c_str());
|
2009-03-04 04:32:55 +01:00
|
|
|
|
2016-11-07 19:16:53 +01:00
|
|
|
if ((unlink(addr.sun_path) != 0) && (errno != ENOENT)) {
|
2019-07-09 22:33:36 +02:00
|
|
|
return ErrnoError() << "Failed to unlink old socket '" << name << "'";
|
2009-03-04 04:32:55 +01:00
|
|
|
}
|
|
|
|
|
|
2017-08-10 21:22:44 +02:00
|
|
|
std::string secontext;
|
|
|
|
|
if (SelabelLookupFileContext(addr.sun_path, S_IFSOCK, &secontext) && !secontext.empty()) {
|
|
|
|
|
setfscreatecon(secontext.c_str());
|
2012-01-13 14:48:47 +01:00
|
|
|
}
|
|
|
|
|
|
2017-05-05 23:44:35 +02:00
|
|
|
if (passcred) {
|
|
|
|
|
int on = 1;
|
|
|
|
|
if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on))) {
|
2019-07-09 22:33:36 +02:00
|
|
|
return ErrnoError() << "Failed to set SO_PASSCRED '" << name << "'";
|
2017-05-05 23:44:35 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-07 19:16:53 +01:00
|
|
|
int ret = bind(fd, (struct sockaddr *) &addr, sizeof (addr));
|
|
|
|
|
int savederrno = errno;
|
2009-03-04 04:32:55 +01:00
|
|
|
|
2017-08-10 21:22:44 +02:00
|
|
|
if (!secontext.empty()) {
|
|
|
|
|
setfscreatecon(nullptr);
|
|
|
|
|
}
|
2012-01-13 14:48:47 +01:00
|
|
|
|
2019-07-09 22:33:36 +02:00
|
|
|
auto guard = android::base::make_scope_guard([&addr] { unlink(addr.sun_path); });
|
|
|
|
|
|
2016-02-25 00:50:52 +01:00
|
|
|
if (ret) {
|
2016-11-07 19:16:53 +01:00
|
|
|
errno = savederrno;
|
2019-07-09 22:33:36 +02:00
|
|
|
return ErrnoError() << "Failed to bind socket '" << name << "'";
|
2016-02-25 00:50:52 +01:00
|
|
|
}
|
|
|
|
|
|
2016-11-07 19:16:53 +01:00
|
|
|
if (lchown(addr.sun_path, uid, gid)) {
|
2019-07-09 22:33:36 +02:00
|
|
|
return ErrnoError() << "Failed to lchown socket '" << addr.sun_path << "'";
|
2016-02-25 00:50:52 +01:00
|
|
|
}
|
2016-11-07 19:16:53 +01:00
|
|
|
if (fchmodat(AT_FDCWD, addr.sun_path, perm, AT_SYMLINK_NOFOLLOW)) {
|
2019-07-09 22:33:36 +02:00
|
|
|
return ErrnoError() << "Failed to fchmodat socket '" << addr.sun_path << "'";
|
2016-02-25 00:50:52 +01:00
|
|
|
}
|
2009-03-04 04:32:55 +01:00
|
|
|
|
2016-06-25 00:12:21 +02:00
|
|
|
LOG(INFO) << "Created socket '" << addr.sun_path << "'"
|
|
|
|
|
<< ", mode " << std::oct << perm << std::dec
|
|
|
|
|
<< ", user " << uid
|
|
|
|
|
<< ", group " << gid;
|
2009-03-04 04:32:55 +01:00
|
|
|
|
2019-07-09 22:33:36 +02:00
|
|
|
guard.Disable();
|
2016-11-07 19:16:53 +01:00
|
|
|
return fd.release();
|
2009-03-04 04:32:55 +01:00
|
|
|
}
|
|
|
|
|
|
2017-08-03 21:54:07 +02:00
|
|
|
Result<std::string> ReadFile(const std::string& path) {
|
2017-04-01 00:47:33 +02:00
|
|
|
android::base::unique_fd fd(
|
|
|
|
|
TEMP_FAILURE_RETRY(open(path.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC)));
|
2015-02-06 21:19:48 +01:00
|
|
|
if (fd == -1) {
|
2017-08-03 21:54:07 +02:00
|
|
|
return ErrnoError() << "open() failed";
|
2015-02-06 21:19:48 +01:00
|
|
|
}
|
2009-03-04 04:32:55 +01:00
|
|
|
|
2015-02-06 21:19:48 +01:00
|
|
|
// For security reasons, disallow world-writable
|
|
|
|
|
// or group-writable files.
|
|
|
|
|
struct stat sb;
|
|
|
|
|
if (fstat(fd, &sb) == -1) {
|
2017-08-03 21:54:07 +02:00
|
|
|
return ErrnoError() << "fstat failed()";
|
2012-01-18 19:39:01 +01:00
|
|
|
}
|
|
|
|
|
if ((sb.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
|
2017-08-03 21:54:07 +02:00
|
|
|
return Error() << "Skipping insecure file";
|
2012-01-18 19:39:01 +01:00
|
|
|
}
|
|
|
|
|
|
2017-08-03 21:54:07 +02:00
|
|
|
std::string content;
|
|
|
|
|
if (!android::base::ReadFdToString(fd, &content)) {
|
|
|
|
|
return ErrnoError() << "Unable to read file contents";
|
2017-05-05 03:17:33 +02:00
|
|
|
}
|
2017-08-03 21:54:07 +02:00
|
|
|
return content;
|
2015-02-06 21:19:48 +01:00
|
|
|
}
|
2009-03-04 04:32:55 +01:00
|
|
|
|
2017-11-27 23:45:26 +01:00
|
|
|
static int OpenFile(const std::string& path, int flags, mode_t mode) {
|
|
|
|
|
std::string secontext;
|
|
|
|
|
if (SelabelLookupFileContext(path, mode, &secontext) && !secontext.empty()) {
|
|
|
|
|
setfscreatecon(secontext.c_str());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int rc = open(path.c_str(), flags, mode);
|
|
|
|
|
|
|
|
|
|
if (!secontext.empty()) {
|
|
|
|
|
int save_errno = errno;
|
|
|
|
|
setfscreatecon(nullptr);
|
|
|
|
|
errno = save_errno;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-10 20:08:01 +02:00
|
|
|
Result<void> WriteFile(const std::string& path, const std::string& content) {
|
2016-12-28 09:06:19 +01:00
|
|
|
android::base::unique_fd fd(TEMP_FAILURE_RETRY(
|
2017-11-27 23:45:26 +01:00
|
|
|
OpenFile(path, O_WRONLY | O_CREAT | O_NOFOLLOW | O_TRUNC | O_CLOEXEC, 0600)));
|
2015-02-06 21:19:48 +01:00
|
|
|
if (fd == -1) {
|
2017-08-03 21:54:07 +02:00
|
|
|
return ErrnoError() << "open() failed";
|
2015-04-25 23:10:03 +02:00
|
|
|
}
|
2017-05-05 03:17:33 +02:00
|
|
|
if (!android::base::WriteStringToFd(content, fd)) {
|
2017-08-03 21:54:07 +02:00
|
|
|
return ErrnoError() << "Unable to write file contents";
|
2015-02-06 21:19:48 +01:00
|
|
|
}
|
2019-06-10 20:08:01 +02:00
|
|
|
return {};
|
2009-03-04 04:32:55 +01:00
|
|
|
}
|
|
|
|
|
|
2017-08-10 21:22:44 +02:00
|
|
|
bool mkdir_recursive(const std::string& path, mode_t mode) {
|
2017-04-12 23:27:51 +02:00
|
|
|
std::string::size_type slash = 0;
|
|
|
|
|
while ((slash = path.find('/', slash + 1)) != std::string::npos) {
|
|
|
|
|
auto directory = path.substr(0, slash);
|
|
|
|
|
struct stat info;
|
|
|
|
|
if (stat(directory.c_str(), &info) != 0) {
|
2017-08-10 21:22:44 +02:00
|
|
|
auto ret = make_dir(directory, mode);
|
|
|
|
|
if (!ret && errno != EEXIST) return false;
|
2010-04-09 01:16:20 +02:00
|
|
|
}
|
|
|
|
|
}
|
2017-08-10 21:22:44 +02:00
|
|
|
auto ret = make_dir(path, mode);
|
|
|
|
|
if (!ret && errno != EEXIST) return false;
|
|
|
|
|
return true;
|
2010-04-09 01:16:20 +02:00
|
|
|
}
|
|
|
|
|
|
2016-11-11 02:43:47 +01:00
|
|
|
int wait_for_file(const char* filename, std::chrono::nanoseconds timeout) {
|
2017-08-22 21:07:37 +02:00
|
|
|
android::base::Timer t;
|
|
|
|
|
while (t.duration() < timeout) {
|
2016-11-11 02:43:47 +01:00
|
|
|
struct stat sb;
|
2017-08-22 21:07:37 +02:00
|
|
|
if (stat(filename, &sb) != -1) {
|
|
|
|
|
LOG(INFO) << "wait for '" << filename << "' took " << t;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-11-15 02:08:47 +01:00
|
|
|
std::this_thread::sleep_for(10ms);
|
2016-11-11 02:43:47 +01:00
|
|
|
}
|
2017-08-22 21:07:37 +02:00
|
|
|
LOG(WARNING) << "wait for '" << filename << "' timed out and took " << t;
|
2016-11-11 02:43:47 +01:00
|
|
|
return -1;
|
2010-04-20 02:10:24 +02:00
|
|
|
}
|
2010-04-21 21:04:20 +02:00
|
|
|
|
2019-08-20 00:21:25 +02:00
|
|
|
void ImportKernelCmdline(const std::function<void(const std::string&, const std::string&)>& fn) {
|
2015-05-07 04:19:24 +02:00
|
|
|
std::string cmdline;
|
|
|
|
|
android::base::ReadFileToString("/proc/cmdline", &cmdline);
|
2011-09-28 18:55:31 +02:00
|
|
|
|
2015-05-07 04:19:24 +02:00
|
|
|
for (const auto& entry : android::base::Split(android::base::Trim(cmdline), " ")) {
|
|
|
|
|
std::vector<std::string> pieces = android::base::Split(entry, "=");
|
|
|
|
|
if (pieces.size() == 2) {
|
2019-08-20 00:21:25 +02:00
|
|
|
fn(pieces[0], pieces[1]);
|
2015-05-07 04:19:24 +02:00
|
|
|
}
|
2011-09-28 18:55:31 +02:00
|
|
|
}
|
|
|
|
|
}
|
2012-06-11 19:37:39 +02:00
|
|
|
|
2017-08-10 21:22:44 +02:00
|
|
|
bool make_dir(const std::string& path, mode_t mode) {
|
|
|
|
|
std::string secontext;
|
|
|
|
|
if (SelabelLookupFileContext(path, mode, &secontext) && !secontext.empty()) {
|
|
|
|
|
setfscreatecon(secontext.c_str());
|
2012-06-11 19:37:39 +02:00
|
|
|
}
|
|
|
|
|
|
2017-08-10 21:22:44 +02:00
|
|
|
int rc = mkdir(path.c_str(), mode);
|
2012-06-11 19:37:39 +02:00
|
|
|
|
2017-08-10 21:22:44 +02:00
|
|
|
if (!secontext.empty()) {
|
2012-06-11 19:37:39 +02:00
|
|
|
int save_errno = errno;
|
2017-08-10 21:22:44 +02:00
|
|
|
setfscreatecon(nullptr);
|
2012-06-11 19:37:39 +02:00
|
|
|
errno = save_errno;
|
|
|
|
|
}
|
2012-10-17 08:07:05 +02:00
|
|
|
|
2017-08-10 21:22:44 +02:00
|
|
|
return rc == 0;
|
2012-06-11 19:37:39 +02:00
|
|
|
}
|
|
|
|
|
|
2015-07-25 01:57:14 +02:00
|
|
|
/*
|
|
|
|
|
* Returns true is pathname is a directory
|
|
|
|
|
*/
|
|
|
|
|
bool is_dir(const char* pathname) {
|
|
|
|
|
struct stat info;
|
|
|
|
|
if (stat(pathname, &info) == -1) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return S_ISDIR(info.st_mode);
|
|
|
|
|
}
|
2015-08-26 20:43:36 +02:00
|
|
|
|
2019-07-31 22:59:15 +02:00
|
|
|
Result<std::string> ExpandProps(const std::string& src) {
|
2015-08-26 20:43:36 +02:00
|
|
|
const char* src_ptr = src.c_str();
|
|
|
|
|
|
2019-07-31 22:59:15 +02:00
|
|
|
std::string dst;
|
2015-08-26 20:43:36 +02:00
|
|
|
|
|
|
|
|
/* - variables can either be $x.y or ${x.y}, in case they are only part
|
|
|
|
|
* of the string.
|
|
|
|
|
* - will accept $$ as a literal $.
|
|
|
|
|
* - no nested property expansion, i.e. ${foo.${bar}} is not supported,
|
|
|
|
|
* bad things will happen
|
2016-06-07 17:49:01 +02:00
|
|
|
* - ${x.y:-default} will return default value if property empty.
|
2015-08-26 20:43:36 +02:00
|
|
|
*/
|
|
|
|
|
while (*src_ptr) {
|
|
|
|
|
const char* c;
|
|
|
|
|
|
|
|
|
|
c = strchr(src_ptr, '$');
|
|
|
|
|
if (!c) {
|
2019-07-31 22:59:15 +02:00
|
|
|
dst.append(src_ptr);
|
|
|
|
|
return dst;
|
2015-08-26 20:43:36 +02:00
|
|
|
}
|
|
|
|
|
|
2019-07-31 22:59:15 +02:00
|
|
|
dst.append(src_ptr, c);
|
2015-08-26 20:43:36 +02:00
|
|
|
c++;
|
|
|
|
|
|
|
|
|
|
if (*c == '$') {
|
2019-07-31 22:59:15 +02:00
|
|
|
dst.push_back(*(c++));
|
2015-08-26 20:43:36 +02:00
|
|
|
src_ptr = c;
|
|
|
|
|
continue;
|
|
|
|
|
} else if (*c == '\0') {
|
2019-07-31 22:59:15 +02:00
|
|
|
return dst;
|
2015-08-26 20:43:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::string prop_name;
|
2016-06-07 17:49:01 +02:00
|
|
|
std::string def_val;
|
2015-08-26 20:43:36 +02:00
|
|
|
if (*c == '{') {
|
|
|
|
|
c++;
|
|
|
|
|
const char* end = strchr(c, '}');
|
|
|
|
|
if (!end) {
|
|
|
|
|
// failed to find closing brace, abort.
|
2019-07-31 22:59:15 +02:00
|
|
|
return Error() << "unexpected end of string in '" << src << "', looking for }";
|
2015-08-26 20:43:36 +02:00
|
|
|
}
|
|
|
|
|
prop_name = std::string(c, end);
|
|
|
|
|
c = end + 1;
|
2016-06-07 17:49:01 +02:00
|
|
|
size_t def = prop_name.find(":-");
|
|
|
|
|
if (def < prop_name.size()) {
|
|
|
|
|
def_val = prop_name.substr(def + 2);
|
|
|
|
|
prop_name = prop_name.substr(0, def);
|
|
|
|
|
}
|
2015-08-26 20:43:36 +02:00
|
|
|
} else {
|
|
|
|
|
prop_name = c;
|
2019-07-31 22:59:15 +02:00
|
|
|
if (SelinuxGetVendorAndroidVersion() >= __ANDROID_API_R__) {
|
|
|
|
|
return Error() << "using deprecated syntax for specifying property '" << c
|
|
|
|
|
<< "', use ${name} instead";
|
|
|
|
|
} else {
|
|
|
|
|
LOG(ERROR) << "using deprecated syntax for specifying property '" << c
|
|
|
|
|
<< "', use ${name} instead";
|
|
|
|
|
}
|
2015-08-26 20:43:36 +02:00
|
|
|
c += prop_name.size();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (prop_name.empty()) {
|
2019-07-31 22:59:15 +02:00
|
|
|
return Error() << "invalid zero-length property name in '" << src << "'";
|
2015-08-26 20:43:36 +02:00
|
|
|
}
|
|
|
|
|
|
2017-03-29 01:40:41 +02:00
|
|
|
std::string prop_val = android::base::GetProperty(prop_name, "");
|
2015-08-26 20:43:36 +02:00
|
|
|
if (prop_val.empty()) {
|
2016-06-07 17:49:01 +02:00
|
|
|
if (def_val.empty()) {
|
2019-07-31 22:59:15 +02:00
|
|
|
return Error() << "property '" << prop_name << "' doesn't exist while expanding '"
|
|
|
|
|
<< src << "'";
|
2016-06-07 17:49:01 +02:00
|
|
|
}
|
|
|
|
|
prop_val = def_val;
|
2015-08-26 20:43:36 +02:00
|
|
|
}
|
|
|
|
|
|
2019-07-31 22:59:15 +02:00
|
|
|
dst.append(prop_val);
|
2015-08-26 20:43:36 +02:00
|
|
|
src_ptr = c;
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-31 22:59:15 +02:00
|
|
|
return dst;
|
2015-08-26 20:43:36 +02:00
|
|
|
}
|
2016-11-29 20:20:58 +01:00
|
|
|
|
Allow the use of a custom Android DT directory
On platforms that use ACPI instead of Device Tree (DT), such as
Ranchu x86/x86_64, /proc/device-tree/firmware/android/ does not
exist. As a result, Android O is unable to mount /system, etc.
at the first stage of init:
init: First stage mount skipped (missing/incompatible fstab in
device tree)
Those platforms may create another directory that mimics the layout
of the standard DT directory in procfs, and store early mount
configuration there. E.g., Ranchu x86/x86_64 creates one in sysfs
using information encoded in the ACPI tables:
https://android-review.googlesource.com/442472
https://android-review.googlesource.com/443432
https://android-review.googlesource.com/442393
https://android-review.googlesource.com/442395
Therefore, instead of hardcoding the Android DT path, load it from
the kernel command line using a new Android-specific property key
("androidboot.android_dt_dir"). If no such property exists, fall
back to the standard procfs path (so no change is needed for DT-
aware platforms).
Note that init/ and fs_mgr/ each have their own copy of the Android
DT path, because they do not share any global state. A future CL
should remove the duplication by refactoring.
With this CL as well as the above ones, the said warning is gone,
but early mount fails. That is a separate bug, though, and will be
addressed by another CL.
Test: Boot patched sdk_phone_x86-userdebug system image with patched
Goldfish 3.18 x86 kernel in patched Android Emulator, verify
the "init: First stage mount skipped" warning no longer shows
in dmesg.
Change-Id: Ib6df577319503ec1ca778de2b5458cc72ce07415
Signed-off-by: Yu Ning <yu.ning@intel.com>
2017-07-26 11:54:08 +02:00
|
|
|
static std::string init_android_dt_dir() {
|
|
|
|
|
// Use the standard procfs-based path by default
|
|
|
|
|
std::string android_dt_dir = kDefaultAndroidDtDir;
|
|
|
|
|
// The platform may specify a custom Android DT path in kernel cmdline
|
2019-08-20 00:21:25 +02:00
|
|
|
ImportKernelCmdline([&](const std::string& key, const std::string& value) {
|
|
|
|
|
if (key == "androidboot.android_dt_dir") {
|
|
|
|
|
android_dt_dir = value;
|
|
|
|
|
}
|
|
|
|
|
});
|
Allow the use of a custom Android DT directory
On platforms that use ACPI instead of Device Tree (DT), such as
Ranchu x86/x86_64, /proc/device-tree/firmware/android/ does not
exist. As a result, Android O is unable to mount /system, etc.
at the first stage of init:
init: First stage mount skipped (missing/incompatible fstab in
device tree)
Those platforms may create another directory that mimics the layout
of the standard DT directory in procfs, and store early mount
configuration there. E.g., Ranchu x86/x86_64 creates one in sysfs
using information encoded in the ACPI tables:
https://android-review.googlesource.com/442472
https://android-review.googlesource.com/443432
https://android-review.googlesource.com/442393
https://android-review.googlesource.com/442395
Therefore, instead of hardcoding the Android DT path, load it from
the kernel command line using a new Android-specific property key
("androidboot.android_dt_dir"). If no such property exists, fall
back to the standard procfs path (so no change is needed for DT-
aware platforms).
Note that init/ and fs_mgr/ each have their own copy of the Android
DT path, because they do not share any global state. A future CL
should remove the duplication by refactoring.
With this CL as well as the above ones, the said warning is gone,
but early mount fails. That is a separate bug, though, and will be
addressed by another CL.
Test: Boot patched sdk_phone_x86-userdebug system image with patched
Goldfish 3.18 x86 kernel in patched Android Emulator, verify
the "init: First stage mount skipped" warning no longer shows
in dmesg.
Change-Id: Ib6df577319503ec1ca778de2b5458cc72ce07415
Signed-off-by: Yu Ning <yu.ning@intel.com>
2017-07-26 11:54:08 +02:00
|
|
|
LOG(INFO) << "Using Android DT directory " << android_dt_dir;
|
|
|
|
|
return android_dt_dir;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// FIXME: The same logic is duplicated in system/core/fs_mgr/
|
|
|
|
|
const std::string& get_android_dt_dir() {
|
|
|
|
|
// Set once and saves time for subsequent calls to this function
|
|
|
|
|
static const std::string kAndroidDtDir = init_android_dt_dir();
|
|
|
|
|
return kAndroidDtDir;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Reads the content of device tree file under the platform's Android DT directory.
|
2017-04-17 16:17:09 +02:00
|
|
|
// Returns true if the read is success, false otherwise.
|
|
|
|
|
bool read_android_dt_file(const std::string& sub_path, std::string* dt_content) {
|
Allow the use of a custom Android DT directory
On platforms that use ACPI instead of Device Tree (DT), such as
Ranchu x86/x86_64, /proc/device-tree/firmware/android/ does not
exist. As a result, Android O is unable to mount /system, etc.
at the first stage of init:
init: First stage mount skipped (missing/incompatible fstab in
device tree)
Those platforms may create another directory that mimics the layout
of the standard DT directory in procfs, and store early mount
configuration there. E.g., Ranchu x86/x86_64 creates one in sysfs
using information encoded in the ACPI tables:
https://android-review.googlesource.com/442472
https://android-review.googlesource.com/443432
https://android-review.googlesource.com/442393
https://android-review.googlesource.com/442395
Therefore, instead of hardcoding the Android DT path, load it from
the kernel command line using a new Android-specific property key
("androidboot.android_dt_dir"). If no such property exists, fall
back to the standard procfs path (so no change is needed for DT-
aware platforms).
Note that init/ and fs_mgr/ each have their own copy of the Android
DT path, because they do not share any global state. A future CL
should remove the duplication by refactoring.
With this CL as well as the above ones, the said warning is gone,
but early mount fails. That is a separate bug, though, and will be
addressed by another CL.
Test: Boot patched sdk_phone_x86-userdebug system image with patched
Goldfish 3.18 x86 kernel in patched Android Emulator, verify
the "init: First stage mount skipped" warning no longer shows
in dmesg.
Change-Id: Ib6df577319503ec1ca778de2b5458cc72ce07415
Signed-off-by: Yu Ning <yu.ning@intel.com>
2017-07-26 11:54:08 +02:00
|
|
|
const std::string file_name = get_android_dt_dir() + sub_path;
|
2017-04-17 16:17:09 +02:00
|
|
|
if (android::base::ReadFileToString(file_name, dt_content)) {
|
|
|
|
|
if (!dt_content->empty()) {
|
|
|
|
|
dt_content->pop_back(); // Trims the trailing '\0' out.
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool is_android_dt_value_expected(const std::string& sub_path, const std::string& expected_content) {
|
|
|
|
|
std::string dt_content;
|
|
|
|
|
if (read_android_dt_file(sub_path, &dt_content)) {
|
|
|
|
|
if (dt_content == expected_content) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2017-06-22 21:53:17 +02:00
|
|
|
|
2018-02-14 01:50:08 +01:00
|
|
|
bool IsLegalPropertyName(const std::string& name) {
|
|
|
|
|
size_t namelen = name.size();
|
|
|
|
|
|
|
|
|
|
if (namelen < 1) return false;
|
|
|
|
|
if (name[0] == '.') return false;
|
|
|
|
|
if (name[namelen - 1] == '.') return false;
|
|
|
|
|
|
|
|
|
|
/* Only allow alphanumeric, plus '.', '-', '@', ':', or '_' */
|
|
|
|
|
/* Don't allow ".." to appear in a property name */
|
|
|
|
|
for (size_t i = 0; i < namelen; i++) {
|
|
|
|
|
if (name[i] == '.') {
|
|
|
|
|
// i=0 is guaranteed to never have a dot. See above.
|
|
|
|
|
if (name[i - 1] == '.') return false;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if (name[i] == '_' || name[i] == '-' || name[i] == '@' || name[i] == ':') continue;
|
|
|
|
|
if (name[i] >= 'a' && name[i] <= 'z') continue;
|
|
|
|
|
if (name[i] >= 'A' && name[i] <= 'Z') continue;
|
|
|
|
|
if (name[i] >= '0' && name[i] <= '9') continue;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-30 18:34:41 +02:00
|
|
|
Result<void> IsLegalPropertyValue(const std::string& name, const std::string& value) {
|
|
|
|
|
if (value.size() >= PROP_VALUE_MAX && !StartsWith(name, "ro.")) {
|
|
|
|
|
return Error() << "Property value too long";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (mbstowcs(nullptr, value.data(), 0) == static_cast<std::size_t>(-1)) {
|
|
|
|
|
return Error() << "Value is not a UTF8 encoded string";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return {};
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-28 15:55:03 +01:00
|
|
|
static FscryptAction FscryptInferAction(const std::string& dir) {
|
|
|
|
|
const std::string prefix = "/data/";
|
|
|
|
|
|
|
|
|
|
if (!android::base::StartsWith(dir, prefix)) {
|
|
|
|
|
return FscryptAction::kNone;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Special-case /data/media/obb per b/64566063
|
|
|
|
|
if (dir == "/data/media/obb") {
|
|
|
|
|
// Try to set policy on this directory, but if it is non-empty this may fail.
|
|
|
|
|
return FscryptAction::kAttempt;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Only set policy on first level /data directories
|
|
|
|
|
// To make this less restrictive, consider using a policy file.
|
|
|
|
|
// However this is overkill for as long as the policy is simply
|
|
|
|
|
// to apply a global policy to all /data folders created via makedir
|
|
|
|
|
if (dir.find_first_of('/', prefix.size()) != std::string::npos) {
|
|
|
|
|
return FscryptAction::kNone;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Special case various directories that must not be encrypted,
|
|
|
|
|
// often because their subdirectories must be encrypted.
|
|
|
|
|
// This isn't a nice way to do this, see b/26641735
|
|
|
|
|
std::vector<std::string> directories_to_exclude = {
|
|
|
|
|
"lost+found", "system_ce", "system_de", "misc_ce", "misc_de",
|
|
|
|
|
"vendor_ce", "vendor_de", "media", "data", "user",
|
|
|
|
|
"user_de", "apex", "preloads", "app-staging", "gsi",
|
|
|
|
|
};
|
|
|
|
|
for (const auto& d : directories_to_exclude) {
|
|
|
|
|
if ((prefix + d) == dir) {
|
|
|
|
|
return FscryptAction::kNone;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// Empty these directories if policy setting fails.
|
|
|
|
|
std::vector<std::string> wipe_on_failure = {
|
|
|
|
|
"rollback", "rollback-observer", // b/139193659
|
|
|
|
|
};
|
|
|
|
|
for (const auto& d : wipe_on_failure) {
|
|
|
|
|
if ((prefix + d) == dir) {
|
|
|
|
|
return FscryptAction::kDeleteIfNecessary;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return FscryptAction::kRequire;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Result<MkdirOptions> ParseMkdir(const std::vector<std::string>& args) {
|
|
|
|
|
mode_t mode = 0755;
|
|
|
|
|
Result<uid_t> uid = -1;
|
|
|
|
|
Result<gid_t> gid = -1;
|
|
|
|
|
FscryptAction fscrypt_inferred_action = FscryptInferAction(args[1]);
|
|
|
|
|
FscryptAction fscrypt_action = fscrypt_inferred_action;
|
|
|
|
|
std::string ref_option = "ref";
|
|
|
|
|
bool set_option_encryption = false;
|
|
|
|
|
bool set_option_key = false;
|
|
|
|
|
|
|
|
|
|
for (size_t i = 2; i < args.size(); i++) {
|
|
|
|
|
switch (i) {
|
|
|
|
|
case 2:
|
|
|
|
|
mode = std::strtoul(args[2].c_str(), 0, 8);
|
|
|
|
|
break;
|
|
|
|
|
case 3:
|
|
|
|
|
uid = DecodeUid(args[3]);
|
|
|
|
|
if (!uid) {
|
|
|
|
|
return Error()
|
|
|
|
|
<< "Unable to decode UID for '" << args[3] << "': " << uid.error();
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case 4:
|
|
|
|
|
gid = DecodeUid(args[4]);
|
|
|
|
|
if (!gid) {
|
|
|
|
|
return Error()
|
|
|
|
|
<< "Unable to decode GID for '" << args[4] << "': " << gid.error();
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
auto parts = android::base::Split(args[i], "=");
|
|
|
|
|
if (parts.size() != 2) {
|
|
|
|
|
return Error() << "Can't parse option: '" << args[i] << "'";
|
|
|
|
|
}
|
|
|
|
|
auto optname = parts[0];
|
|
|
|
|
auto optval = parts[1];
|
|
|
|
|
if (optname == "encryption") {
|
|
|
|
|
if (set_option_encryption) {
|
|
|
|
|
return Error() << "Duplicated option: '" << optname << "'";
|
|
|
|
|
}
|
|
|
|
|
if (optval == "Require") {
|
|
|
|
|
fscrypt_action = FscryptAction::kRequire;
|
|
|
|
|
} else if (optval == "None") {
|
|
|
|
|
fscrypt_action = FscryptAction::kNone;
|
|
|
|
|
} else if (optval == "Attempt") {
|
|
|
|
|
fscrypt_action = FscryptAction::kAttempt;
|
|
|
|
|
} else if (optval == "DeleteIfNecessary") {
|
|
|
|
|
fscrypt_action = FscryptAction::kDeleteIfNecessary;
|
|
|
|
|
} else {
|
|
|
|
|
return Error() << "Unknown encryption option: '" << optval << "'";
|
|
|
|
|
}
|
|
|
|
|
set_option_encryption = true;
|
|
|
|
|
} else if (optname == "key") {
|
|
|
|
|
if (set_option_key) {
|
|
|
|
|
return Error() << "Duplicated option: '" << optname << "'";
|
|
|
|
|
}
|
|
|
|
|
if (optval == "ref" || optval == "per_boot_ref") {
|
|
|
|
|
ref_option = optval;
|
|
|
|
|
} else {
|
|
|
|
|
return Error() << "Unknown key option: '" << optval << "'";
|
|
|
|
|
}
|
|
|
|
|
set_option_key = true;
|
|
|
|
|
} else {
|
|
|
|
|
return Error() << "Unknown option: '" << args[i] << "'";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (set_option_key && fscrypt_action == FscryptAction::kNone) {
|
|
|
|
|
return Error() << "Key option set but encryption action is none";
|
|
|
|
|
}
|
|
|
|
|
const std::string prefix = "/data/";
|
|
|
|
|
if (StartsWith(args[1], prefix) &&
|
|
|
|
|
args[1].find_first_of('/', prefix.size()) == std::string::npos) {
|
|
|
|
|
if (!set_option_encryption) {
|
|
|
|
|
LOG(WARNING) << "Top-level directory needs encryption action, eg mkdir " << args[1]
|
|
|
|
|
<< " <mode> <uid> <gid> encryption=Require";
|
|
|
|
|
}
|
|
|
|
|
if (fscrypt_action == FscryptAction::kNone) {
|
|
|
|
|
LOG(INFO) << "Not setting encryption policy on: " << args[1];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (fscrypt_action != fscrypt_inferred_action) {
|
|
|
|
|
LOG(WARNING) << "Inferred action different from explicit one, expected "
|
|
|
|
|
<< static_cast<int>(fscrypt_inferred_action) << " but got "
|
|
|
|
|
<< static_cast<int>(fscrypt_action);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return MkdirOptions{args[1], mode, *uid, *gid, fscrypt_action, ref_option};
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-30 18:34:41 +02:00
|
|
|
Result<std::pair<int, std::vector<std::string>>> ParseRestorecon(
|
|
|
|
|
const std::vector<std::string>& args) {
|
|
|
|
|
struct flag_type {
|
|
|
|
|
const char* name;
|
|
|
|
|
int value;
|
|
|
|
|
};
|
|
|
|
|
static const flag_type flags[] = {
|
|
|
|
|
{"--recursive", SELINUX_ANDROID_RESTORECON_RECURSE},
|
|
|
|
|
{"--skip-ce", SELINUX_ANDROID_RESTORECON_SKIPCE},
|
|
|
|
|
{"--cross-filesystems", SELINUX_ANDROID_RESTORECON_CROSS_FILESYSTEMS},
|
|
|
|
|
{0, 0}};
|
|
|
|
|
|
|
|
|
|
int flag = 0;
|
|
|
|
|
std::vector<std::string> paths;
|
|
|
|
|
|
|
|
|
|
bool in_flags = true;
|
|
|
|
|
for (size_t i = 1; i < args.size(); ++i) {
|
|
|
|
|
if (android::base::StartsWith(args[i], "--")) {
|
|
|
|
|
if (!in_flags) {
|
|
|
|
|
return Error() << "flags must precede paths";
|
|
|
|
|
}
|
|
|
|
|
bool found = false;
|
|
|
|
|
for (size_t j = 0; flags[j].name; ++j) {
|
|
|
|
|
if (args[i] == flags[j].name) {
|
|
|
|
|
flag |= flags[j].value;
|
|
|
|
|
found = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!found) {
|
|
|
|
|
return Error() << "bad flag " << args[i];
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
in_flags = false;
|
|
|
|
|
paths.emplace_back(args[i]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return std::pair(flag, paths);
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-28 19:19:44 +02:00
|
|
|
static void InitAborter(const char* abort_message) {
|
|
|
|
|
// When init forks, it continues to use this aborter for LOG(FATAL), but we want children to
|
|
|
|
|
// simply abort instead of trying to reboot the system.
|
|
|
|
|
if (getpid() != 1) {
|
|
|
|
|
android::base::DefaultAborter(abort_message);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-08 03:16:23 +02:00
|
|
|
InitFatalReboot(SIGABRT);
|
2019-05-28 19:19:44 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The kernel opens /dev/console and uses that fd for stdin/stdout/stderr if there is a serial
|
|
|
|
|
// console enabled and no initramfs, otherwise it does not provide any fds for stdin/stdout/stderr.
|
|
|
|
|
// SetStdioToDevNull() is used to close these existing fds if they exist and replace them with
|
|
|
|
|
// /dev/null regardless.
|
|
|
|
|
//
|
|
|
|
|
// In the case that these fds are provided by the kernel, the exec of second stage init causes an
|
|
|
|
|
// SELinux denial as it does not have access to /dev/console. In the case that they are not
|
|
|
|
|
// provided, exec of any further process is potentially dangerous as the first fd's opened by that
|
|
|
|
|
// process will take the stdin/stdout/stderr fileno's, which can cause issues if printf(), etc is
|
|
|
|
|
// then used by that process.
|
|
|
|
|
//
|
|
|
|
|
// Lastly, simply calling SetStdioToDevNull() in first stage init is not enough, since first
|
|
|
|
|
// stage init still runs in kernel context, future child processes will not have permissions to
|
|
|
|
|
// access any fds that it opens, including the one opened below for /dev/null. Therefore,
|
|
|
|
|
// SetStdioToDevNull() must be called again in second stage init.
|
|
|
|
|
void SetStdioToDevNull(char** argv) {
|
init: move InitKernelLogging() to first stage init
The kernel opens /dev/console and uses that fd for stdin/stdout/stderr
if there is a serial console enabled and no initramfs, otherwise it
does not provide any fds for stdin/stdout/stderr. InitKernelLogging()
is used to close these existing fds if they exist and replace them
with /dev/null.
Currently, InitKernelLogging() is only called in second stage init,
which means that processes exec'ed from first stage init will inherit
the kernel provided fds if any are provided.
In the case that they are provided, the exec of second stage init
causes an SELinux denial as it does not have access to /dev/console.
In the case that they are not provided, exec of any further process is
potentially dangerous as the first fd's opened by that process will
take the stdin/stdout/stderr fileno's, which can cause issues if
printf(), etc is then used by that process.
Lastly, simply moving InitKernelLogging() to first stage init is not
enough, since first stage init still runs in kernel context and future
child processes will not have permissions to access kernel context
resources. Therefore, it must be done for a second time in second
stage init.
Bug: 117281017
Test: no audits when booting marlin.
Change-Id: If27edab5c32b27765e24c32fbed506ef625889de
2018-10-04 22:14:14 +02:00
|
|
|
// Make stdin/stdout/stderr all point to /dev/null.
|
2019-07-09 00:09:36 +02:00
|
|
|
int fd = open("/dev/null", O_RDWR); // NOLINT(android-cloexec-open)
|
init: move InitKernelLogging() to first stage init
The kernel opens /dev/console and uses that fd for stdin/stdout/stderr
if there is a serial console enabled and no initramfs, otherwise it
does not provide any fds for stdin/stdout/stderr. InitKernelLogging()
is used to close these existing fds if they exist and replace them
with /dev/null.
Currently, InitKernelLogging() is only called in second stage init,
which means that processes exec'ed from first stage init will inherit
the kernel provided fds if any are provided.
In the case that they are provided, the exec of second stage init
causes an SELinux denial as it does not have access to /dev/console.
In the case that they are not provided, exec of any further process is
potentially dangerous as the first fd's opened by that process will
take the stdin/stdout/stderr fileno's, which can cause issues if
printf(), etc is then used by that process.
Lastly, simply moving InitKernelLogging() to first stage init is not
enough, since first stage init still runs in kernel context and future
child processes will not have permissions to access kernel context
resources. Therefore, it must be done for a second time in second
stage init.
Bug: 117281017
Test: no audits when booting marlin.
Change-Id: If27edab5c32b27765e24c32fbed506ef625889de
2018-10-04 22:14:14 +02:00
|
|
|
if (fd == -1) {
|
|
|
|
|
int saved_errno = errno;
|
2019-05-28 19:19:44 +02:00
|
|
|
android::base::InitLogging(argv, &android::base::KernelLogger, InitAborter);
|
init: move InitKernelLogging() to first stage init
The kernel opens /dev/console and uses that fd for stdin/stdout/stderr
if there is a serial console enabled and no initramfs, otherwise it
does not provide any fds for stdin/stdout/stderr. InitKernelLogging()
is used to close these existing fds if they exist and replace them
with /dev/null.
Currently, InitKernelLogging() is only called in second stage init,
which means that processes exec'ed from first stage init will inherit
the kernel provided fds if any are provided.
In the case that they are provided, the exec of second stage init
causes an SELinux denial as it does not have access to /dev/console.
In the case that they are not provided, exec of any further process is
potentially dangerous as the first fd's opened by that process will
take the stdin/stdout/stderr fileno's, which can cause issues if
printf(), etc is then used by that process.
Lastly, simply moving InitKernelLogging() to first stage init is not
enough, since first stage init still runs in kernel context and future
child processes will not have permissions to access kernel context
resources. Therefore, it must be done for a second time in second
stage init.
Bug: 117281017
Test: no audits when booting marlin.
Change-Id: If27edab5c32b27765e24c32fbed506ef625889de
2018-10-04 22:14:14 +02:00
|
|
|
errno = saved_errno;
|
|
|
|
|
PLOG(FATAL) << "Couldn't open /dev/null";
|
|
|
|
|
}
|
2019-05-28 19:19:44 +02:00
|
|
|
dup2(fd, STDIN_FILENO);
|
|
|
|
|
dup2(fd, STDOUT_FILENO);
|
|
|
|
|
dup2(fd, STDERR_FILENO);
|
|
|
|
|
if (fd > STDERR_FILENO) close(fd);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void InitKernelLogging(char** argv) {
|
2019-05-21 22:53:05 +02:00
|
|
|
SetFatalRebootTarget();
|
2019-05-28 19:19:44 +02:00
|
|
|
android::base::InitLogging(argv, &android::base::KernelLogger, InitAborter);
|
init: move InitKernelLogging() to first stage init
The kernel opens /dev/console and uses that fd for stdin/stdout/stderr
if there is a serial console enabled and no initramfs, otherwise it
does not provide any fds for stdin/stdout/stderr. InitKernelLogging()
is used to close these existing fds if they exist and replace them
with /dev/null.
Currently, InitKernelLogging() is only called in second stage init,
which means that processes exec'ed from first stage init will inherit
the kernel provided fds if any are provided.
In the case that they are provided, the exec of second stage init
causes an SELinux denial as it does not have access to /dev/console.
In the case that they are not provided, exec of any further process is
potentially dangerous as the first fd's opened by that process will
take the stdin/stdout/stderr fileno's, which can cause issues if
printf(), etc is then used by that process.
Lastly, simply moving InitKernelLogging() to first stage init is not
enough, since first stage init still runs in kernel context and future
child processes will not have permissions to access kernel context
resources. Therefore, it must be done for a second time in second
stage init.
Bug: 117281017
Test: no audits when booting marlin.
Change-Id: If27edab5c32b27765e24c32fbed506ef625889de
2018-10-04 22:14:14 +02:00
|
|
|
}
|
|
|
|
|
|
Proper mount namespace configuration for bionic
This CL fixes the design problem of the previous mechanism for providing
the bootstrap bionic and the runtime bionic to the same path.
Previously, bootstrap bionic was self-bind-mounted; i.e.
/system/bin/libc.so is bind-mounted to itself. And the runtime bionic
was bind-mounted on top of the bootstrap bionic. This has not only caused
problems like `adb sync` not working(b/122737045), but also is quite
difficult to understand due to the double-and-self mounting.
This is the new design:
Most importantly, these four are all distinct:
1) bootstrap bionic (/system/lib/bootstrap/libc.so)
2) runtime bionic (/apex/com.android.runtime/lib/bionic/libc.so)
3) mount point for 1) and 2) (/bionic/lib/libc.so)
4) symlink for 3) (/system/lib/libc.so -> /bionic/lib/libc.so)
Inside the mount namespace of the pre-apexd processes, 1) is
bind-mounted to 3). Likewise, inside the mount namespace of the
post-apexd processes, 2) is bind-mounted to 3). In other words, there is
no self-mount, and no double-mount.
Another change is that mount points are under /bionic and the legacy
paths become symlinks to the mount points. This is to make sure that
there is no bind mounts under /system, which is breaking some apps.
Finally, code for creating mount namespaces, mounting bionic, etc are
refactored to mount_namespace.cpp
Bug: 120266448
Bug: 123275379
Test: m, device boots, adb sync/push/pull works,
especially with following paths:
/bionic/lib64/libc.so
/bionic/bin/linker64
/system/lib64/bootstrap/libc.so
/system/bin/bootstrap/linker64
Change-Id: Icdfbdcc1efca540ac854d4df79e07ee61fca559f
2019-01-16 15:00:59 +01:00
|
|
|
bool IsRecoveryMode() {
|
|
|
|
|
return access("/system/bin/recovery", F_OK) == 0;
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-22 21:53:17 +02:00
|
|
|
} // namespace init
|
|
|
|
|
} // namespace android
|
