This commits allows multiple lines in a fstab have the same mount
point for first-stage mount, where the first successful mount will be
used.
This allows us to specify a common/shared fstab, with different
settings (e.g., ext4, squashfs) per line, to mount different types
of images on the same mount point. e.g., allows the device to mount
GSI (ext4) while support mounting the original squashfs system.img.
Sample fstab:
fstab in dt:
android {
fstab {
odm_ext4 {
dev = "/dev/block/by-name/odm";
mnt_point = "/odm";
type = ext4;
mnt_flags = "ro";
fs_mgr_flags = "slotselect";
};
odm_f2fs {
dev = "/dev/block/by-name/odm";
mnt_point = "/odm";
type = f2fs;
mnt_flags = "ro";
fs_mgr_flags = "slotselect";
};
};
}
fstab in file:
/dev/block/by-name/odm /odm ext4 ro slotselect
/dev/block/by-name/odm /odm f2fs ro slotselect
Test: make & boot & check /proc/mounts
Change-Id: I64892e3007b0cfd7d06dad1cfc664c45305197ee
X86 Kernel could pass CPU capablity to init as argument. This will cause init
can't start first-stage because unknown argument. Need remove this restriction
of arguments to start init successfully.
Fixes: 122435289
Test: Android init can start successfully
Change-Id: I1d432e25553589dd7f618e42ad238b9372dbe34f
Signed-off-by: Haoyu Tang <haoyu.tang@intel.com>
Signed-off-by: Xihua Chen <xihua.chen@intel.com>
Removing restorecon on root sepolicy files because:
1. Under normal boot the files are properly labeled when creating the
image. Restorecon'ing them successfully would require "adb remount".
2. These restorecon's are not required for recovery to function.
Fixes: 122535196
Test: boot blueline
Change-Id: I20b127e950b16535d4bfa9fd4e626e11228925e7
As bionic libs are moved from /system to the runtime APEX, anything that
is outside of the runtime APEX cannot use private symbols from the
bionic libs.
init is not included in the runtime APEX but is using private bionic
APIs: __system_property_[add|area_init|update|...]. So, it was required
to publicize the private symbols for init.
However, since init is started before the runtime APEX is activated, it
actually cannot use the bionic libs from the runtime APEX, but will use
the bootstrap bionic libs left in /system/bootstrap/lib[64]. Because
init and the bootstrap libs are in the same partition, init doesn't need
to link against the stubs of bionic libs. In order to make this
possible, the new property 'bootstrap' is set to true allow init to use
the bootstrap bionic.
Bug: 120266448
Test: m with https://android-review.googlesource.com/c/platform/bionic/+/849044
Change-Id: If61f25faf9aed4968bf2922859ceb94276ba03fb
Critical processes currently cause the device to reboot into recovery when they
crash 4 times in 4mins.
We extend this feature to a new 'updatable' class of init services.
If these services crash 4 times in 4mins, instead of rebooting into bootloader,
we set ro.init.updatable_crashing to '1'. apexd and update_verifier will
listen to that property and try to abort and rollback updates, staged apex
modules and new slots respectively.
Test: Tested manually by marking zygote as updatable and killing zygote
frequently, verified that property is set.
Bug: 120598832
Change-Id: I7d47ea1223f7792a834981c729694242ab3f28c9
With all of the changes made to the early init boot phase, the
README.md needs updating for future referencing.
Test: none
Change-Id: Ia572577c683add449a4e091ffd4d1597682e9325
Create /dev/block/by-name/<device> symlink for block devices that are
boot devices but do not have a partition name given.
Test: boot normally
Change-Id: I8c100b0d30dce02a2dd31aebcfea538b8eed9b19
If a partition can be formatted by vold, then it doesn't make sense to
have first-stage mount fail if the partition hasn't been formatted yet.
Bug: 121209697
Test: device boots after fastboot flashall -w
Change-Id: I4a6c794a9912a5e0794983e9514a08f9c23e6ae9
mainline-core is still in the progress of defining interfaces between
/system, /product, /product_services. Before that was completely done,
just updating /system to GSI usually couldn't boot a device.
Therefore, this CL allows GSI to specify a config file, telling init
not to mount /product and /product_services. And fallback to
/system/product and /system/product_services in the GSI.
Bug: 120208657
Test: boots a device with /system/etc/init/config/skip_mount.cfg and
checks both /product and /product_services are not mounted.
Change-Id: Ibe2abad30b178a6e552fb21e4b30207fc3ef5523
We want to move all information required for first stage mount into
the first stage ramdisk instead of using device tree. A previous
change allowed reading the fstab from the first stage ramdisk, but
'vbmeta/parts' was still in device tree. This change allows
specifying the required vbmeta/parts information in the fstab.
The new syntax is that instead of simply specifying 'avb' as an fs_mgr
option, a partition may specify 'avb=<vbmeta partition name>' and that
vbmeta partition will also be initialized by first stage init before
attempting to mount any devices.
Bug: 117933812
Test: boot crosshatch without device tree fstab
Change-Id: Ida1a6da988c10d364b3ccdaa6c5d63e5264d1b27
Some configurations won't allow ueventd to have CAP_NET_ADMIN, so the
new default size of 16M is not possible for those. Those
configurations also won't need such a large buffer size, so this
change allows devices to customize the SO_RCVBUF(FORCE) size for the
uevent socket.
This is done by adding the line 'uevent_socket_rcvbuf_size <size>' to
your device's ueventd.rc file. <size> is specified as a byte count,
for example '16M' is 16MiB.
The last parsed uevent_socket_rcvbuf_size line is the one that is
used.
Bug: 120485624
Test: boot sailfish
Test: ueventd unit tests
Change-Id: If8123b92ca8a9b089ad50318caada2f21bc94707
A symlink for TARGET_ROOT_OUT as a post install command of a package
that is also installed to TARGET_ROOT_OUT. We hijack init.rc which
satisfies this requirement for this symlink.
Bug: 120402274
Bug: 120460755
Bug: 120509320
Bug: 120554662
Test: symlink is created
Test: make bootimage && ls -la $OUT/root/init
Change-Id: I6f1ac06ef152c36d7d7db4618d49a008338da39b
Asan requires /proc to be mounted, which means it fundamentally cannot
be used with first stage init. Given that second stage init now
contains the logic for first stage init, asan must be disabled on all
of init until this can be resolved.
Bug: 120424438
Bug: 120561310
Test: Asan builds boot
Change-Id: I24d1a0c8ecb5eb3f77435e6e36432c7b4cb97c6a
In the non-retrofit case, the metadata source partition will be
hardcoded as "super", but such a partition may not exist or may have
been overridden by super_partition=<something>. Make this work reliably
by plumbing the resolved metadata block device through, and using it any
time a partition called "super" is requested.
This also fixes a case in the first_stage_mount code that assumed that
detected a non-A/B, non-retrofit case by assuming the metadata source
partition would be called "super".
Bug: 113175337
Test: boot test on cuttlefish
Change-Id: I8ce1defb902e257eeb7170d697b378eba31faee3
Now that we have a first stage ramdisk (or use recovery in its place),
it's possible to place a vendor specific fstab along with first stage
init, removing the need for device tree modifications to have an
fstab.
Bug: 117933812
Test: hikey boots with only an fstab in first stage ramdisk
Test: blueline mainline boots with a disabled DT fstab and an fstab in recovery
Change-Id: I4460b88851557a75ba06ff795cd842e7dfb6da46
Increase size of the NETLINK_KOBJECT_UEVENT socket receive buffer to
16M. Also, use SO_RCVBUFFORCE to override any limits set by
/proc/sys/net/core/rmem_max.
We had a couple of instances, where we lost critical uevent messages due
to receive buffer overflows.
Bug: 119933843
Change-Id: I6aab183aa0194e173f9175b47c6beb0835cf6675
init add support for picking up partitions if specified by
fs_mgr_overlayfs_required_devices() as /dev/block/by-name/<partition>
Test: adb-remount-test.sh
Bug: 119885423
Change-Id: I6a4c3d9b5c2b406178f0acf0a86c52ab17209537
Even though it isn't strictly needed when not system-as-root, for
backwards compatibility, it is desired to keep this symlink.
Bug: 119851742
Test: tree-hugger
Change-Id: I47bc25ab257336f56ef09b5db6ebaf6b17daad35
This CL also adds namespace android::fs_mgr and remove FsManager* prefix
for class names. Note that android::fs_mgr::FsManagerAvbOps will be removed
in later CLs when fs_mgr doesn't rely on libavb->avb_slot_verify() to
parse vbmeta structs.
Some lingering sources for by_name_symlink_map_ are also removed.
Bug: 112103720
Test: boot crosshatch_mainline-userdebug
Change-Id: I2d1a5cc39bcd5a699da8d5539f191d8c7737c4af
NIAP certification requires that all cryptographic functions
undergo a self-test during startup to demonstrate correct
operation. This change adds such a check.
If the check fails, it will prevent the device from booting
by rebooting into the bootloader.
Bug: 119826244
Test: Built for walleye. After device booted examined dmesg and
observed logs from init showing that the new task did
start. Further, when BoringSSL is built to fail its self
check the device did stop during a normal boot and enter
the bootloader, and did so before the boot animation stopped.
Change-Id: I07a5dc73a314502c87de566bb26f4d73499d2675
This reverts commit 055347e564.
Reason for revert:
init boots with XOM now. I think this was fixed when this boringssl patch got merged in earlier this week (init has a static dependency on libcrypto):
https://boringssl-review.googlesource.com/c/boringssl/+/33245
Change-Id: I70e15fad4a194c0d2087941bba70dfcd38abe8b5
Follow up to the change made for AVB2 devices in
I19371b05912240480dc50864a2c04131258a7103.
The same consideration must be made in the fall through case, which
is taken either if AVB is completely disabled, or the dm-verity / AVB1
mechanism is used.
Bug: 113175337
Test: boot test on cuttlefish
Change-Id: I99d46a2c2630c40f5f5c02279b11e423998a1e05
init doesn't cooperate with execute-only memory just yet, so disable it
until we can determine the root cause.
Bug: 77958880
Test: Device boots.
Change-Id: Ieb78315ba1e48c9cd0d047a42951bd3fbd36641b
