platform_system_core/init/Android.mk

171 lines
4 KiB
Makefile
Raw Normal View History

# Copyright 2005 The Android Open Source Project
LOCAL_PATH:= $(call my-dir)
# --
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
init_options += -DALLOW_LOCAL_PROP_OVERRIDE=1 -DALLOW_PERMISSIVE_SELINUX=1
else
init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_PERMISSIVE_SELINUX=0
endif
init_options += -DLOG_UEVENTS=0
init_cflags += \
$(init_options) \
-Wall -Wextra \
-Wno-unused-parameter \
-Werror \
# --
# If building on Linux, then build unit test for the host.
ifeq ($(HOST_OS),linux)
include $(CLEAR_VARS)
LOCAL_CPPFLAGS := $(init_cflags)
LOCAL_SRC_FILES:= \
parser/tokenizer.cpp \
LOCAL_MODULE := libinit_parser
LOCAL_CLANG := true
include $(BUILD_HOST_STATIC_LIBRARY)
include $(CLEAR_VARS)
LOCAL_MODULE := init_parser_tests
LOCAL_SRC_FILES := \
parser/tokenizer_test.cpp \
LOCAL_STATIC_LIBRARIES := libinit_parser
LOCAL_CLANG := true
include $(BUILD_HOST_NATIVE_TEST)
endif
include $(CLEAR_VARS)
LOCAL_CPPFLAGS := $(init_cflags)
LOCAL_SRC_FILES:= \
action.cpp \
init: Add support for ambient capabilities. Ambient capabilities are inherited in a straightforward way across execve(2): " If you are nonroot but you have a capability, you can add it to pA. If you do so, your children get that capability in pA, pP, and pE. For example, you can set pA = CAP_NET_BIND_SERVICE, and your children can automatically bind low-numbered ports. " This will allow us to get rid of the special meaning for AID_NET_ADMIN and AID_NET_RAW, and if desired, to reduce the use of file capabilities (which grant capabilities to any process that can execute the file). An additional benefit of the latter is that a single .rc file can specify all properties for a service, without having to rely on a separate file for file capabilities. Ambient capabilities are supported starting with kernel 4.3 and have been backported to all Android common kernels back to 3.10. I chose to not use Minijail here (though I'm still using libcap) for two reasons: 1-The Minijail code is designed to work in situations where the process is holding any set of capabilities, so it's more complex. The situation when forking from init allows for simpler code. 2-The way Minijail is structured right now, we would not be able to make the required SELinux calls between UID/GID dropping and other priv dropping code. In the future, it will make sense to add some sort of "hook" to Minijail so that it can be used in situations where we want to do other operations between some of the privilege-dropping operations carried out by Minijail. Bug: 32438163 Test: Use sample service. Change-Id: I3226cc95769d1beacbae619cb6c6e6a5425890fb
2016-10-27 16:33:03 +02:00
capabilities.cpp \
descriptors.cpp \
import_parser.cpp \
init_parser.cpp \
log.cpp \
parser.cpp \
service.cpp \
util.cpp \
LOCAL_STATIC_LIBRARIES := libbase libselinux liblog libprocessgroup libnl
init: Add support for ambient capabilities. Ambient capabilities are inherited in a straightforward way across execve(2): " If you are nonroot but you have a capability, you can add it to pA. If you do so, your children get that capability in pA, pP, and pE. For example, you can set pA = CAP_NET_BIND_SERVICE, and your children can automatically bind low-numbered ports. " This will allow us to get rid of the special meaning for AID_NET_ADMIN and AID_NET_RAW, and if desired, to reduce the use of file capabilities (which grant capabilities to any process that can execute the file). An additional benefit of the latter is that a single .rc file can specify all properties for a service, without having to rely on a separate file for file capabilities. Ambient capabilities are supported starting with kernel 4.3 and have been backported to all Android common kernels back to 3.10. I chose to not use Minijail here (though I'm still using libcap) for two reasons: 1-The Minijail code is designed to work in situations where the process is holding any set of capabilities, so it's more complex. The situation when forking from init allows for simpler code. 2-The way Minijail is structured right now, we would not be able to make the required SELinux calls between UID/GID dropping and other priv dropping code. In the future, it will make sense to add some sort of "hook" to Minijail so that it can be used in situations where we want to do other operations between some of the privilege-dropping operations carried out by Minijail. Bug: 32438163 Test: Use sample service. Change-Id: I3226cc95769d1beacbae619cb6c6e6a5425890fb
2016-10-27 16:33:03 +02:00
LOCAL_WHOLE_STATIC_LIBRARIES := libcap
LOCAL_MODULE := libinit
LOCAL_SANITIZE := integer
LOCAL_CLANG := true
include $(BUILD_STATIC_LIBRARY)
include $(CLEAR_VARS)
LOCAL_CPPFLAGS := $(init_cflags)
LOCAL_SRC_FILES:= \
bootchart.cpp \
builtins.cpp \
devices.cpp \
init.cpp \
keychords.cpp \
property_service.cpp \
signal_handler.cpp \
ueventd.cpp \
ueventd_parser.cpp \
watchdogd.cpp \
LOCAL_MODULE:= init
LOCAL_C_INCLUDES += \
system/core/mkbootimg
LOCAL_FORCE_STATIC_EXECUTABLE := true
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED)
LOCAL_STATIC_LIBRARIES := \
libinit \
libbootloader_message \
libfs_mgr \
libfec \
libfec_rs \
libsquashfs_utils \
liblogwrap \
libcutils \
libext4_utils \
libbase \
libc \
libselinux \
liblog \
libcrypto_utils \
libcrypto \
libc++_static \
libdl \
libsparse \
libz \
libprocessgroup \
libnl \
libavb
# Include SELinux policy. We do this here because different modules
# need to be included based on the value of PRODUCT_FULL_TREBLE. This
# type of conditional inclusion cannot be done in top-level files such
# as build/target/product/embedded.mk.
# This conditional inclusion closely mimics the conditional logic
# inside init/init.cpp for loading SELinux policy from files.
ifeq ($(PRODUCT_FULL_TREBLE),true)
# Use split SELinux policy
LOCAL_REQUIRED_MODULES += \
mapping_sepolicy.cil \
nonplat_sepolicy.cil \
plat_sepolicy.cil \
Use precompiled sepolicy when available NOTE: This change affects only devices which use SELinux kernel policy split over system and vendor directories/partitions. Prior to this change, init compiled sepolicy from *.cil files on every boot, thus slowing boot down by about 400 ms. This change enables init to skip the step compilation and thus avoid spending the 400 ms. The skipping occurs only if the device's vendor partition includes an acceptable precompiled policy file. If no acceptable policy is found, the compilation step takes place same as before. Because such devices support updating system and vendor partitions independently of each other, the vendor partition's precompiled policy is only used if it was compiled against the system partition's policy. The exact mechanism is that both partitions include a file containing the SHA-256 digest of the system partition's policy (plat_sepolicy.cil) and the precompiled policy is considered usable only if the two digests are identical. Test: Device with monolithic policy boots up just fine Test: Device with split policy and with matching precompiled policy boots up just fine and getprop ro.boottime.init.selinux returns a number below 100 ms. No "Compiling SELinux policy" message in dmesg. Test: Device with split policy and with non-matching precompiled policy boots up just fine and getpropr ro.boottime.init.selinux returns a number above 400 ms. There is a "Compiling SELinux policy" message in dmesg. The non-matching policy was obtained by adding an allow rule to system/sepolicy, building a new system image using make systemimage and then flashing it onto the device. Bug: 31363362 Change-Id: Ic2e81a83051689b5cd5ef1299ba6aaa1b1df1bdc
2017-03-07 23:12:01 +01:00
plat_sepolicy.cil.sha256 \
secilc \
nonplat_file_contexts \
plat_file_contexts
Use precompiled sepolicy when available NOTE: This change affects only devices which use SELinux kernel policy split over system and vendor directories/partitions. Prior to this change, init compiled sepolicy from *.cil files on every boot, thus slowing boot down by about 400 ms. This change enables init to skip the step compilation and thus avoid spending the 400 ms. The skipping occurs only if the device's vendor partition includes an acceptable precompiled policy file. If no acceptable policy is found, the compilation step takes place same as before. Because such devices support updating system and vendor partitions independently of each other, the vendor partition's precompiled policy is only used if it was compiled against the system partition's policy. The exact mechanism is that both partitions include a file containing the SHA-256 digest of the system partition's policy (plat_sepolicy.cil) and the precompiled policy is considered usable only if the two digests are identical. Test: Device with monolithic policy boots up just fine Test: Device with split policy and with matching precompiled policy boots up just fine and getprop ro.boottime.init.selinux returns a number below 100 ms. No "Compiling SELinux policy" message in dmesg. Test: Device with split policy and with non-matching precompiled policy boots up just fine and getpropr ro.boottime.init.selinux returns a number above 400 ms. There is a "Compiling SELinux policy" message in dmesg. The non-matching policy was obtained by adding an allow rule to system/sepolicy, building a new system image using make systemimage and then flashing it onto the device. Bug: 31363362 Change-Id: Ic2e81a83051689b5cd5ef1299ba6aaa1b1df1bdc
2017-03-07 23:12:01 +01:00
# Include precompiled policy, unless told otherwise
ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
LOCAL_REQUIRED_MODULES += precompiled_sepolicy precompiled_sepolicy.plat.sha256
endif
else
# Use monolithic SELinux policy
LOCAL_REQUIRED_MODULES += sepolicy \
file_contexts.bin
endif
init: Add support for ambient capabilities. Ambient capabilities are inherited in a straightforward way across execve(2): " If you are nonroot but you have a capability, you can add it to pA. If you do so, your children get that capability in pA, pP, and pE. For example, you can set pA = CAP_NET_BIND_SERVICE, and your children can automatically bind low-numbered ports. " This will allow us to get rid of the special meaning for AID_NET_ADMIN and AID_NET_RAW, and if desired, to reduce the use of file capabilities (which grant capabilities to any process that can execute the file). An additional benefit of the latter is that a single .rc file can specify all properties for a service, without having to rely on a separate file for file capabilities. Ambient capabilities are supported starting with kernel 4.3 and have been backported to all Android common kernels back to 3.10. I chose to not use Minijail here (though I'm still using libcap) for two reasons: 1-The Minijail code is designed to work in situations where the process is holding any set of capabilities, so it's more complex. The situation when forking from init allows for simpler code. 2-The way Minijail is structured right now, we would not be able to make the required SELinux calls between UID/GID dropping and other priv dropping code. In the future, it will make sense to add some sort of "hook" to Minijail so that it can be used in situations where we want to do other operations between some of the privilege-dropping operations carried out by Minijail. Bug: 32438163 Test: Use sample service. Change-Id: I3226cc95769d1beacbae619cb6c6e6a5425890fb
2016-10-27 16:33:03 +02:00
# Create symlinks.
LOCAL_POST_INSTALL_CMD := $(hide) mkdir -p $(TARGET_ROOT_OUT)/sbin; \
ln -sf ../init $(TARGET_ROOT_OUT)/sbin/ueventd; \
ln -sf ../init $(TARGET_ROOT_OUT)/sbin/watchdogd
LOCAL_SANITIZE := integer
LOCAL_CLANG := true
include $(BUILD_EXECUTABLE)
init: Add support for ambient capabilities. Ambient capabilities are inherited in a straightforward way across execve(2): " If you are nonroot but you have a capability, you can add it to pA. If you do so, your children get that capability in pA, pP, and pE. For example, you can set pA = CAP_NET_BIND_SERVICE, and your children can automatically bind low-numbered ports. " This will allow us to get rid of the special meaning for AID_NET_ADMIN and AID_NET_RAW, and if desired, to reduce the use of file capabilities (which grant capabilities to any process that can execute the file). An additional benefit of the latter is that a single .rc file can specify all properties for a service, without having to rely on a separate file for file capabilities. Ambient capabilities are supported starting with kernel 4.3 and have been backported to all Android common kernels back to 3.10. I chose to not use Minijail here (though I'm still using libcap) for two reasons: 1-The Minijail code is designed to work in situations where the process is holding any set of capabilities, so it's more complex. The situation when forking from init allows for simpler code. 2-The way Minijail is structured right now, we would not be able to make the required SELinux calls between UID/GID dropping and other priv dropping code. In the future, it will make sense to add some sort of "hook" to Minijail so that it can be used in situations where we want to do other operations between some of the privilege-dropping operations carried out by Minijail. Bug: 32438163 Test: Use sample service. Change-Id: I3226cc95769d1beacbae619cb6c6e6a5425890fb
2016-10-27 16:33:03 +02:00
# Unit tests.
# =========================================================
include $(CLEAR_VARS)
LOCAL_MODULE := init_tests
LOCAL_SRC_FILES := \
init_parser_test.cpp \
property_service_test.cpp \
util_test.cpp \
LOCAL_SHARED_LIBRARIES += \
libcutils \
libbase \
LOCAL_STATIC_LIBRARIES := libinit
LOCAL_SANITIZE := integer
LOCAL_CLANG := true
LOCAL_CPPFLAGS := -Wall -Wextra -Werror
include $(BUILD_NATIVE_TEST)
# Include targets in subdirs.
# =========================================================
include $(call all-makefiles-under,$(LOCAL_PATH))