Android-base has an implementation of the future std::expected<>.
This provides the same baseline functionality as Result<>, so use it
instead of our own version.
Bug: 132145659
Test: boot, init unit tests
Change-Id: I11e61bcb5719b262a6420483ed51a762826a9e23
In order to prevent device stuck at reboot, we try to create shutdownt
monitor thread with a timeout (default 30s). It will dump init process
and blocked tasks call trace in last kmsg then trigger kernel panic to
reboot device.
Test: reboot device
bug: 128561401
Change-Id: Ieb400ab9fbd983544b61241a4f4b8aa2f4baa863
Dump only uninterruptible tasks instead of all tasks when
unmount timeout. Also dump current CPU stack traces.
Bug: 122858312
Test: Reboot with and without timeout
Change-Id: I1412ace022b6d78e25fbe1337d1082d4be9c19c0
Running fsck when filesystem is in clean state is unnecessary
and causes long shutdown duration.
Bug: 120575926
Test: shutdown
Change-Id: I0562bdad4ac2fb2dd3c9617f96ca3d6279876bd8
Signed-off-by: Randall Huang <huangrandall@google.com>
This patch supports zram_writeback enabled by fstab in two ways.
e.g.,
/dev/block/zram0 none swap defaults
zramsize=1073741824,max_comp_streams=8,zram_loopback_path=/data/unencrypted/zram_swap
==> loopback size is 512MB by default.
Or,
/dev/block/zram0 none swap defaults
zramsize=1073741824,max_comp_streams=8,zram_loopback_path=/data/unencrypted/zram_swap,zram_loopback_size=1G
==> loopback size can be specified by "zram_loopback_size=%s" with "GB" or "MB".
Or,
/dev/block/zram0 none swap defaults
zramsize=1073741824,max_comp_streams=8,zram_backing_dev_path=/dev/block/partition
Bug: 74582279
Bug: 122659265
Change-Id: I66a2e6953b4743a34cf732dd0f5b5256c901f247
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
This reverts commit e2b04b71ae.
Conditionally reintroduce the shutdown animation as there is some
interest in retaining it.
Bug: 117854737
Test: n/a
Change-Id: I99a085bc763e230de46aa44b3488d771f7ad04ce
It's better to either check these results or explicitly ignore them.
Only a few callers weren't already doing this, so it's relatively
trivial to enforce.
Test: build
Change-Id: I44cdc342e46128f66cac914aaa0b9b4559cacd8c
1) increase thermal shutdown timeout to 3s for process to save work
2) respect property "ro.build.shutdown_timeout" in thermal shutdown if
it is set less than default time - "3s"
Bug: 112432890
Test: Build
Change-Id: Idc2b24dd44c1fab8f9b047fd2468de2ee45ff783
We ran into an issue with an fd leaking due to missing both CLO_EXEC
and fclose() in related code, so let's make sure we're safe here too.
Test: boot
Change-Id: Ief893c936859815c78fa6d7e06cb88ad34aadbac
Devices not supporting logical partitions do not require the command.
Bug: 78793464
Test: 'adb reboot fastboot' reboots to bootloader for a device
not supporting logical partitions.
Change-Id: I0a7b6d4335040e24efbf461e2dd2d56ab1985b7f
This is a baseline for splitting init first and second stage into
their own executables.
Bug: 79758715
Test: sailfish boots
Change-Id: I549ad4502893b3a5e4c2a9886f66850f6d31b619
Rebooting to these targets requires writing bootloader
messages and thus root. Moving them into init means that
adb, reboot don't need root to use these targets.
Test: try rebooting to these targets
Bug: 78793464
Change-Id: Ia002d1e3b1cb0c0616f60435fb9af4dce162cf84
This change adds an explicit cleanup for the subcontext processes and
avoids them from respawning, which causes a bunch of LOG(FATAL)s when
the system is going down.
Bug: 80425914
Test: kill -TERM $INIT_PID, no crashes for subcontext inits
Change-Id: I135191d959c1dd921b102af316b24d2bc161d6c9
This reverts commit c9fec9d2be.
Looks like ext4 can't handle a system reboot happening in the middle
of an unmount. We'll have to find another way to handle this.
Bug: 74817735
Bug: 75310371
Test: reboot device
Change-Id: Ib4f7f7fd29988a31a99f146c40f6d987c1fef15e
It seems that these sync() calls may take a long time in some
occasions, so we add these logs to check.
Bug: 74817735
Test: tree hugger
Change-Id: Id3635f6c7a6618b20c7caf93b05e50cc50ef99de
There is currently a timeout for reboot, however if the system gets
stuck, particularly during file system operations, there is no safety
mechanism that guarantees the system will still reboot.
This change does all of the optional reboot steps in a separate thread
and waits for this thread with a timeout, such that if the reboot
steps get hung, the system is guaranteed to still reboot.
This is specific to 'reboot'. Shutdown continues to run unbounded to
run fsck.
Bug: 72781711
Test: Reboot devices hitting and not hitting this timeout
Change-Id: Id5e1b3693bab00602177e28b9b662e1499c32961
These are halified. Instead launch blank_screen which
does the same task w/o init itself having binder
dependencies.
Bug: 70846424
Test: manual + reboot appears similar
Change-Id: If8b2a56cbc31077122ea81406721b06034e4498f
std::all_of is using std::find_if, which means, if any element the given
predicate returns false, it stops further iteration and just returns false.
std::all_of used in Reboot.cpp will cause umount not to be called on all
block devices if some block device returns false in the middle.
Bug: 68158923
Test: reboot
Change-Id: I43ba6bd0c18018c1ed5fe2b63996552bc51cc67c
To make parsing easier for last reboot reason. This also ensures that
last boot reason matches the content that is typically returned by the
bootloader or in turn landed in the canonical system boot reason.
Simplify parsing in bootstat. Adjust and fix boot_reason_test.sh for
new reality. Allow boot reason tests battery and kernel_panic to pass
if device does not support pstore (empty before and after the test).
If device somehow landed in fastboot mode while waiting for the
display, issue a fastboot reboot to move the test along. Some cleanup
and standardization changes to the test script.
Test: system/core/bootstat/boot_reason_test.sh
Bug: 63736262
Change-Id: I97d5467c0b4a6d65df3525f1a2d0051db813d5ad
The last one will avoid errors=panic in ext4.
Test: Build
Bug: 63981945
Bug: 65481582
Change-Id: I9c86afcce441767e24fc43668ab1ff6230155a9f
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
One of the major aspects of treble is the compartmentalization of system
and vendor components, however init leaves a huge gap here, as vendor
init scripts run in the same context as system init scripts and thus can
access and modify the same properties, files, etc as the system can.
This change is meant to close that gap. It forks a separate 'subcontext'
init that runs in a different SELinux context with permissions that match
what vendors should have access to. Commands get sent over a socket to
this 'subcontext' init that then runs them in this SELinux context and
returns the result.
Note that not all commands run in the subcontext; some commands such as
those dealing with services only make sense in the context of the main
init process.
Bug: 62875318
Test: init unit tests, boot bullhead, boot sailfish
Change-Id: Idf4a4ebf98842d27b8627f901f961ab9eb412aee
This allows Android to cleanly shutdown when running in a PID namespace
in a way that does not rely on adbd running. This is useful to allow
Android to be running in a container and its lifetime managed by an
OCI-compliant tool.
Bug: 65415372
Test: `kill -TERM 1` as root is correctly dropped.
Test: `kill -TERM 1` from the init PID namespace causes init to cleanly shutdown.
Change-Id: Ia66ebdb436221919081bc4723337c0c7f1e53b09
The move to returning Result from Service::Start() for better context
when starting process through init's builtins stops Service::Start()
failures from being logged from other contexts. This change adds
those logs along with their context.
Test: boot bullhead, fail to start services via `setprop ctl.start`,
see the expected error in dmesg
Change-Id: I45294f6abf00852f3d4c549a32eaf4920a51e6f0
Switch from /data/misc/reboot/last_reboot_reason to persistent
Android property persist.sys.boot.reason for indicating why the
device is rebooted or shutdown.
persist.sys.boot.reason has a standard as outlined in b/63736262 and
the associated investigation. Made adjustments to the values so that
we did not create a problem even before we started. Compliance is
part of the tests in boot_reason_test.sh.
Test: system/core/bootstat/boot_reason_test.sh
Bug: 64687998
Change-Id: I812c55a12faf7cb7ff92101009be058ad9958d07
Test: boot bullhead
Test: Introduce LOG(FATAL) at various points of init and ensure that
it reboots to the bootloader successfully
Test: Introduce LOG(FATAL) during DoReboot() and ensure that it reboots
instead of recursing infinitely
Test: Ensure that fatal signals reboot to bootloader
Change-Id: I409005b6fab379df2d635e3e33d2df48a1a97df3
We currently throw out the return values from builtin functions and
occasionally log errors with no supporting context. This change uses
the newly introduced Result<T> class to communicate a successful result
or an error back to callers in order to print an error with clear
context when a builtin fails.
Example:
init: Command 'write /sys/class/leds/vibrator/trigger transient' action=init (/init.rc:245) took 0ms and failed: Unable to write to file '/sys/class/leds/vibrator/trigger': open() failed: No such file or directory
Test: boot bullhead
Merged-In: Idc18f331d2d646629c6093c1e0f2996cf9b42aec
Change-Id: Idc18f331d2d646629c6093c1e0f2996cf9b42aec
This change splits out the selinux initialization and supporting
functionality into selinux.cpp and splits the security related
initialization of the rng, etc to security.cpp. It also provides
additional documentation for SEPolicy loading as this has been
requested by some teams.
It additionally cleans up sehandle and sehandle_prop. The former is
static within selinux.cpp and new wrapper functions are created around
selabel_lookup*() to better serve the users. The latter is moved to
property_service.cpp as it is isolated to that file for its usage.
Test: boot bullhead
Merged-In: Idc95d493cebc681fbe686b5160502f36af149f60
Change-Id: Idc95d493cebc681fbe686b5160502f36af149f60
ServiceManager is essentially just a list now that the rest of its
functionality has been moved elsewhere, so the class is renamed
appropriately.
The ServiceList::Find* functions have been cleaned up into a single
smaller interface.
The ServiceList::ForEach functions have been removed in favor of
ServiceList itself being directly iterable.
Test: boot bullhead
Change-Id: Ibd57c103338f03b83d81e8b48ea0e46cd48fd8f0
signal_handler.cpp itself needs to be cleaned up, but this is a step
to clean up ServiceManager.
Test: boot bullhead
Change-Id: I81f1e8ac4d09692cfb364bc702cbd3deb61aa55a
These can be implemented without ServiceManager, so we remove them and
make ServiceManager slightly less of a God class.
Test: boot bullhead
Test: init unit tests
Change-Id: Ia6e546fe5292255412245256f7d230af4ece135f
Currently, the order that we kill to services during shutdown is the
order of services_ in ServiceManager and that is defacto the order in
which they were parsed, which is not a very useful ordering.
Related to this, we have seen a few issues during shutdown that may be
related to services with dependencies on other services, where the
dependency is killed first and the dependent service then misbehaves.
This change allows services to keep track of the order in which they
were started and shutdown then uses that information to kill running
services in the opposite order that they were started.
Bug: 64067984
Test: Boot and reboot bullhead
Change-Id: I6b4cacb03aed2a72ae98a346bce41ed5434a09c2
Latest device has rootfs instead of "/system" mount point
Bug: 37737296
Test: adb remount, reboot, and check log
Change-Id: I315ecf71e85255fc55c3a80619920b456bad0956
Recent change in init has bring normal shutdown sequence in
thermal-shutdown condition. This CL will make sure init fire shutdown
trigger where holds custom shutdown actions for vendor SoC/platform.
Bug: 63686426
Test: adb shell setprop sys.powerctl thermal-shutdown
Change-Id: Ieb8579fdf9c30c1a81d60466a7375c9784f3ca98
- Skipping SIGTERM / SIGKILL / umount brings race between block
device driver and fs layer. Do umount before shutting down.
- Reduce timeout to 1 sec for thermal shutdown and skip other time
taking part like fsck.
- Refactor waiting part to check time in ms so that 1 sec can
have enough resolution.
bug: 63686426
Test: adb shell setprop sys.powerctl thermal-shutdown, adb shell setprop sys.powerctl reboot and check dmesg
Change-Id: I048bac767b328c8d656a97fe65dde5f2b5bf4ae5
- If problematic process is from user, kill all kills
it and dump does not show problematic process.
bug: 37737296
Test: reboot and check log
Change-Id: Iaa4f7d12f5a40fa7528c6672567c36e30b140372
- /vendor, /system, /oem can be remounted to R/W for development
purpose.
- In such case, umounting these partitions can lead into some processes
not running properly during shutdown or blocking umount of fs.
- So skip them. As it is dev feature, it is up to each developer to
understand the risk. But for normal adb sync - reboot should be ok
as shutdown involves sync operations.
bug: 37737296
Test: adb remount,reboot, and check last kmsg
Change-Id: Iab6a6374bc558375d359b3b49b14db93d363b1ad
