A recently added subcontext test was failing beause it was running as
non-root, but GTEST_SKIP() didn't work as I expected it to.
In retrospect, all of these tests except for the property one, can
easily run as root, so this changes allows all of these tests to run
as root, while fixing the original issue.
Bug: 144707143
Test: root and nonroot subcontext unit tests
Change-Id: Ia835597701698f6be2101f92d6f4c9450bd3c7dd
sys.init.userspace_reboot.in_progress will be used to notify all
the processes (including vendor ones) that userspace reboot is
happening, hence it should be treated as stable public api.
All other sys.init.userspace_reboot.* props will be internal to /system
partition and don't require any stability guarantees.
Test: builds
Test: adb reboot userspace
Bug: 135984674
Change-Id: Ifb64a6bfae2de76bac67edea68df44e33c9cfe2d
Watchdog is just a forked process that is going to fall back to the
full reboot in case device wasn't able to boot in given amount of time.
Currently this amount is hard-coded to 1 minute, but in the future it
will be controlled by a read-only property.
Also added sync calls before and after tearing down services.
Test: adb reboot userspace
Bug: 135984674
Change-Id: Ie6053c9446a6761deae6dc104036bb35b09ef0e2
Previously CheckPropertyTriggers() tried to do the entire property
triggers check with one loop. However, that would require calling
GetProperty() on all properties for all triggers just in case the
property that is being set is used by a given trigger.
This change first checks that the property being set exists in each
trigger and that its value is set such that the trigger would be
triggered, only then does it check that other property triggers are
set to the right value.
Bug: 143922756
Test: boot
Test: substantially fewer GetProperty() calls from
CheckPropertyTriggers()
Change-Id: I0228cf47328b31963eaf3fc689fb60f711532df4
There will be useful in debugging/logging events to statsd.
Also as part of this CL, sys.init.userspace_reboot.in_progress property
is now used as a mean of synchronization. It is set directly in
DoUserspaceReboot, to make sure that all the setprop actions triggered
by userspace-reboot-requested were processed.
Test: adb reboot userspace
Test: adb shell getprop sys.init.userspace_reboot.last_started
Test: adb shell getprop sys.init.userspace_reboot.last_finished
Bug: 135984674
Change-Id: I9debcd4f058e790855200d5295344dafb30e496a
Previously, we assumed that TriggerShutdown() should never be called
from vendor_init and used property service as a back up in case it
ever did. We have since then found out that vendor_init may indeed
call TriggerShutdown() and we want to make it just as strict as it is
in init, wherein it will immediately start the shutdown sequence
without executing any further commands.
Test: init unit tests, trigger shuttdown from init and vendor_init
Change-Id: I1f44dae801a28269eb8127879a8b7d6adff6f353
Use TEMP_FAILURE_RETRY() for recvmsg() to prevent failing
unnecessarily from EINTR. Use PLOG(ERROR) in ueventd to display the
actual error if reading from the uevent socket does fail.
Test: build
Change-Id: I64a22698ce6ffc7573f75b57803551c7b6940e30
We have all of the 'type' information for properties available during
build time, so let's check this when setting properties in init.
Test: setprop apexd.status bad results in:
host_init_verifier: Command 'setprop apexd.status bad'
(out/soong/.intermediates/system/core/rootdir/init.rc/android_x86_core/init.rc:927)
failed: Property type check failed, value doesn't match expected type
'enum starting ready'
host_init_verifier: Failed to parse init script
'out/soong/.intermediates/system/core/rootdir/init.rc/android_x86_core/init.rc'
with 1 errors
Test: CF builds without that error
Change-Id: Iaad07747c09f4a10b2b816c455d6e8a485357ab9
There is no reason for these scripts to continue to exist in /, when
they are better suited for /system/etc. There are problems keeping
them at / as well, particularly that they cannot be updated with
overlayfs.
Bug: 131087886
Bug: 140313207
Test: build/boot
Merged-In: I043d9a02ba588ca37ceba2c4e28ed631792b2586
Change-Id: I043d9a02ba588ca37ceba2c4e28ed631792b2586
* changes:
init: Add support for native service registration with lmkd
lmkd: Support process types when registering a process
lmkd: Add library function to unregister a process
lmkd: Prepare lmkd to support connection from init process
lmkd: Restrict process record modifications to the client that created it
From the implementation of FscryptInstallKeyring it looks like it will
install a new keyring on each call.
Another approach would be change FscryptInstallKeyring to first call
request_key[0] (http://man7.org/linux/man-pages/man2/request_key.2.html),
and don't add keyring in case request_key succeeded, but it looks like
that libkeyutils doesn't provide such functionality.
Since I was there, I've also added checks that we are not trying to
remount userdata on FDE devices.
Test: adb reboot userspace
Bug: 135984674
Change-Id: I2e063d7d87a3c2c26810e913a33e3a5c0364332b
Init unit tests refer to libraries that do not exist for the
secondary ABI, and we'd rather test the libraries on the device than
statically link them, so only test the primary ABI.
Init will only run on the primary ABI in any case, and doesn't have
much arch specific code in it.
Bug: 143560509
Test: build
Change-Id: I3c1883b3b55e5a06391d2885242f38c74eab621d
init should be able to register native services with lmkd so that they
can be killed when needed. Only processes with oom_score_adjust not
equal to the default -1000 will be registered with lmkd because with the
score that low the process is unkillable anyway.
Inform lmkd when a registered process is killed so that the record can be
removed.
Change init.rc to start lmkd during init phase so that it is there to
register other services.
Replace hardcoded oom_score_adj values with appropriate definitions.
Bug: 129011369
Test: boot and verify native service registration
Change-Id: Ie5ed62203395120d86dc1c8250fae01aa0b3c511
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This will bring device to the state closer to the one during normal boot
Bug: 135984674
Test: adb install system/apex/shim/com.android.apex.cts.shim.v1.apex
Test: adb reboot userspace
Test: verified install succeeded
Change-Id: I6ef73bde2ca817c8a62bf19b8f1895dd0d6d2829
We are going to teamfood userspace reboot soon, and in order to gather
as much data as possible we are fine with ignoring checkpointing for the
devices with ext4 (teamfood will be a very limited set of people that
are aware what they've signed for).
As result of this, we don't need to reset vold and kill zram backing
device. Added a TODO to restore that functionality if needed.
Since I was there, fixed yet another typo in userspace-reboot-resume -_-
Bug: 135984674
Test: adb reboot userspace
Change-Id: I2b7a93aaf738fe9bec9d606d7e11aefb325550b1
FscryptSetDirectoryPolicy no longer tries to infer the action from the
filename. Well mostly; it still assumes top-level directories in /data
should be encrypted unless the mkdir arguments say otherwise, but
it warns.
Bug: 26641735
Test: boot, check log messages
Change-Id: Id6d2cea7fb856f17323897d85cf6190c981b443c
Legacy symlink from /charger to /system/bin/charger is
removed. Instead, all Android R devices are required
to use /system/bin/charger instead.
See hardware/interfaces/health/2.1/README.md for details.
Bug: 142286265
Test: charger mode
Change-Id: Ib478a864ef68647bc9fc14650ca3d382952b80c8
Allow for module load errors if first stage console is enabled, userdebug
development builds, load what you can and continue.
Test: compile
Bug: 141311820
Change-Id: I30f3ee1129373f6ffedcf03807c212c60d4c39aa
Also put libfscrypt into fs_mgr via whole_static_libs
since it's now a dependency.
Bug: 143307095
Test: we can use the inline policy on it
Change-Id: I82d7d5330abef76ce82accea25d2663748e87a8b
This is a behavior change and may have unintended consequences,
especially in Java, where failed property sets create exceptions.
Therefore, we only provide this new behavior to devices launching > Q.
Bug: 137070994
Test: build
Change-Id: If0b44aedc5c887ea6ea16dd3ec551ac2bf793cef
This patch translates UpdateState states into a MergeStatus from
IBootControl 1.1, and asks the HAL to store it. Unfortunately this patch
has to work around a few issues.
The first issue is that Soong doesn't allow including only the headers
from a HAL. The second issue is that entraining the headers requires
linking to libraries that would otherwise not be needed in init.
To address this, we now have three ways of linking to libsnapshot:
1. libsnapshot - Has access to gsid and HALs.
2. libsnapshot_nobinder - Has access to HALs, but not binder (for
recovery).
3. libsnapshot_init - Does not use binder or HALs.
The HAL code is #ifdef'd behind LIBSNAPSHOT_USE_HAL and we make use of
forward declarations and dependency injection to minimize its spread.
Bug: 139154945
Test: libsnapshot_test gtest
Change-Id: I21ffd8a79a43d0589f2f71f346ac1b019584a183
Since it's available in C++, it's easier to build host_init_verifier
with this than create a new way to export the json file.
Bug: 141567104
Test: manually change hidl interface in a manifest
host_init_verifier: system/core/rootdir/init.rc: 69:
host_init_verifier: Interface is not in the known set of hidl_interfaces: 'android.hardwar.edne@1.0::IFoo'. Please ensure the interface is spelled correctly and built by a hidl_interface target.
Change-Id: Ic73dcb51855cb751734bc497d8e69f379966c511
Especially now that property_service is a thread, there may be some
delay between when init sets sys.powerctl and when the main thread of
init receives this and triggers shutdown. It's possible that
outstanding init commands are run during this gap and that is not
desirable.
Instead, have builtins call TriggerShutdown() directly, so we can be
sure that the next action that init runs will be to shutdown the
device.
Test: reboot works
Test: reboot into recovery due to bad /data works
Change-Id: I26fb9f4f57f46c7451b8b58187138cfedd6fd9eb
This should help in preventing silly typos like "on foo:"
Test: atest CtsInitTestCases
Test: builds
Bug: 135984674
Change-Id: I6e4e18970e957d25dea9f557f0d31a759fbe6150
* Refactored code around stopping services a little bit to reuse it
between full reboot and userspace reboot.
* Add a scope_guard to fallback to full reboot in case userspace reboot
fails.
* In case of userspace reboot init will also wait for services to be
terminated/killed and log the ones that didn't react to
SIGTERM/SIGKILL in time.
* If some of the services didn't react to SIGKILL, fail userspace reboot.
Test: adb reboot userspace
Bug: 135984674
Change-Id: I820c7bc406169333b0f929f0eea028d8384eb2ac
This CL only draws boundaries between userspace and full reboots, and
adds some functionality that will be required for userspace reboot:
* Whenever device is shutting down is now controlled in reboot.cpp,
since during userspace reboot this state can change.
* Now it's also possible to restart handling of control messages inside
property service. In case of userspace reboot, init will restart it
after stopping post-data services.
* New userspace-reboot-requested trigger is added similar to shutdown
one for full reboot.
Test: adb reboot
Test: adb reboot userspace
Bug: 135984674
Change-Id: Id55a53ba781d2b90ce40449037b6d8d47e72c476
It wasn't clear to me why init was rebooting until I saw that it was
SIGABRT, which then made me read through earlier log spam to work out
what was actually unhappy (the SELinux compiler, in my case).
Test: worked out why init was rebooting my device
Change-Id: I605d8956213c4c23711073fd4b0ff99562b7f351
