Some functionality based on eBPF attached to tracepoints (gpu memory
accounting and time-in-state) rely on newer devices running with
"disabled" perf_event_paranoid controls as a result of the kernel having
LSM hooks in the perf_event_open syscall instead. This is tested
for, and set up by init via the sys.init.perf_lsm_hooks sysprop.
Development devices that boot into permissive mode still want the
eBPF-based functionality to work, but end up with a paranoid value that
disallows the syscall, as the LSM hook test expects to observe a SELinux
denial (which doesn't happen due to permissiveness).
As a pragmatic way of achieving the paranoid value override, we pretend
that the hook test has succeeded if we detect permissive SELinux during
second-stage init. It'd be nicer if we had a sysprop to reflect the
device's on-boot status of SELinux, but it's not worth adding for this
case.
BYPASS_INCLUSIVE_LANGUAGE_REASON=technical term
Bug: 170674916
Tested: booted crosshatch-userdebug with permissive kernel cmdline,
confirmed that the log message from the new codepath was present
in logcat, sysprop is 1, and paranoid is -1.
Change-Id: I9df5da2076cdbd777d35e50e8cd7a483ec85e20a
The critical services can now using the interface `critical
[window=<fatal crash window mins>] [target=<fatal reboot target>]` to
setup the timing window that when there are more than 4 crashes in it,
the init will regard it as a fatal system error and reboot the system.
Config `window=${zygote.critical_window.minute:-off}' and
`target=zygote-fatal' for all system-server services, so platform that
configures ro.boot.zygote_critical_window can escape the system-server
crash-loop via init fatal handler.
Bug: 146818493
Change-Id: Ib2dc253616be6935ab9ab52184a1b6394665e813
This reverts commit 42c55f5ce9.
Reason for revert: b/171512004 It should be created at runtime.
Bug: 171512004
Change-Id: If9277f078cb343fbad825f0e8d1348d50f4b759a
Always create ramdisk/first_stage_ramdisk directory at build time.
Generic boot image always need this directory to work on devices
w/ and w/o a dedicated recovery partition. By default, the ramdisk is
mounted as readonly, unless on x86 platforms. If the ramdisk is mounted as
readonly, the directory cannot be created at runtime.
Note that devices with a dedicated recovery partition will never
switch root into the first_stage_ramdisk directory in first stage init.
Bug: 156098440
Test: manual by disabling init to mkdir first_stage_ramdisk
Change-Id: Ie272f4eedccc0b008fb538c1e0f3985ff70696cf
When a device-mapper table contains a "user" entry, a corresponding
dm-user misc control device is created. The devices are put into a
separate folder by default, which currently confuses ueventd, and we
wind up with paths like:
/dev/dm-user!blah
Special case these devices so they wind up as:
/dev/dm-user/blah
Test: dmctl create blah user 0 100 test-device
/dev/dm-user/test-device exists
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Change-Id: I313db07c3400f14f3ed0ffa20fdac2ac3e34b6d3
This change does the following:
- Create /second_stage_resources empty dir at root.
- At runtime:
- At first stage init:
- mount tmpfs to /second_stage_resources.
- Copy /system/etc/ramdisk/build.prop to
/second_stage_resources/system/etc/ramdisk/build.prop
- At second stage init:
- Load prop from the above path
- umount /second_stage_resources
Test: getprop -Z
Test: getprop
Bug: 169169031
Change-Id: I18b16aa5fd42fa44686c858982a17791b2d43489
This is a re-landing of the original CL, with a few changes:
- The correct device is now returned in MapUpdateSnapshot.
- The old API is used for tests, and the new API is only tested when
used on a VABC device.
- A sync() call has been added to ensure that writes to the base and
target snapshot devices have been fully flushed. This makes
IsPartitionUnchanged detect the MapUpdateSnapshot bug.
Implement OpenSnapshotWriter for non-compressed Virtual A/B. This is
done by adding an OnlineKernelSnapshotWriter class, which forwards all
writes to a dm-snapshot block device.
This also introduces a new ISnapshotWriter class which extends
ICowWriter, and adds features specific to libsnapshot (versus ICowWriter
which is intended only for the new COW format). The OpenSnapshotReader
call has been moved here since the writer retains all the information
needed to create the reader.
To test the new call, vts_libsnapshot_test has been modified to use
OpenSnapshotWriter.
As part of this change, all consumers of libsnapshot must now link to
libsnapshot_cow.
Bug: 168554689
Test: vts_libsnapshot_test
Test: full OTA with update_device.py
Test: incremental OTA with update_device.py
Change-Id: I90364a58902a4406a37cb14a816642c57a72bec2
The ro.build.version.release property was changed from being the
codename or final name of the current release to be the final name
of the most recent release. Use ro.build.version.release_or_codename
to reconstruct the fingerprint to match what the build system does.
Bug: 158483506
Test: adb shell getprop | grep fingerprint
Change-Id: I3bd992b6f06ff90bb6024253339a2654afa069ee
So DSU system don't use a hard-coded metadata key dir.
Bug: 168571434
Test: Install and boot a DSU system.
Change-Id: I096ef46a6f7b2d9fc42882288519fc5b93df1f41
Revert "Link to libsnapshot_cow everywhere libsnapshot is linked."
Revert submission 1433573-vab-libsnapshot-linkage
Reason for revert: b/169981170, update crash for droidfooders.
Reverted Changes:
Ie75bba98c:Link to libsnapshot_cow where libsnapshot is linke...
Ieedfadc55:libsnapshot: Partially implement OpenSnapshotWrite...
I28a5d4a88:Link to libsnapshot_cow everywhere libsnapshot is ...
Exempt-From-Owner-Approval: Revert to unblock dogfood
Change-Id: I0677df77672aca9fd54d94e009ac0be7c88a1a9d
The README.md states that this ordering is not guaranteed to give
flexibility for the future, however it's time to state that this
ordering is guaranteed, especially since:
1) We have a tests, EventTriggerOrder and
EventTriggerOrderMultipleFiles, which have guaranteed this ordering
since 2017.
2) We have users requesting and depending on this order
Also update some slightly out of date parts of the documentation:
1) We import /system/etc/init/hw/init.rc instead of /init.rc as the
first import
2) We additionally import /system_ext/etc/init and /product/etc/init
Test: n/a
Change-Id: I6d7b8d9e52f0d52bee320d5074ebb74a537f9150
Implement OpenSnapshotWriter for non-compressed Virtual A/B. This is
done by adding an OnlineKernelSnapshotWriter class, which forwards all
writes to a dm-snapshot block device.
This also introduces a new ISnapshotWriter class which extends
ICowWriter, and adds features specific to libsnapshot (versus ICowWriter
which is intended only for the new COW format). The OpenSnapshotReader
call has been moved here since the writer retains all the information
needed to create the reader.
To test the new call, vts_libsnapshot_test has been modified to use
OpenSnapshotWriter.
As part of this change, all consumers of libsnapshot must now link to
libsnapshot_cow.
Bug: 168554689
Test: vts_libsnapshot_test
Change-Id: Ieedfadc557833c1e0540922aabc6e95c80266a64
To be consistent with other prebuilt modules within APEXes, the location
for firmware files is switched from /apex/*/firmware to
/apex/*/etc/firmware.
Bug: 167942098
Test: loading vibrator firmware from vibrator apex(sunfish)
Change-Id: Ia05735bf5a54482fded26525fa4a8f795dcfc029
In addition to "firmware_directories", ueventd scans /apex/*/firmware/
directory as well to find firmware files.
Bug: 167942098
Test: loading firmware from vibrator apex successfully.
(sunfish)
Change-Id: I90fc8f9ad843a08b1ca98a2be1b5d22c0c5954a3
"init subcontext" is responsible to handle a few commands in vendor
context. To support Vendor APEX, "init subcontext" is now started in
"default" mount namespace so that those commands can access /apex/*.
For example, insmod should see the contents of /apex to install kernel
modules in apexes.
Bug: 162701747
Test: adb shell ps -ef | grep init
=> check pid of <init subcontext>
adb shell readlink /proc/<pid: init>/ns/mnt
adb shell readlink /proc/<pid: init subcontext>/ns/mnt
=> check if these are equal
Change-Id: Icd5e862e52d78635e83824b267b6d32d8f3e9eea
dev.mnt. properties are primarily intended for tuning parameters for
mounts such as /system and /data but don't have much use for emulated
mounts.
There are additional emulated mounts created for each user on a
device, so if too many users are created, init would otherwise create
too many dev.mnt. properties, filling the property file that backs
these properties, and preventing more properties from being
generated.
Therefore, this change stops init from creating dev.mnt. properties
for emulated mounts.
Bug: 156721033
Test: user creation stress test doesn't create large numbers of
properties
Change-Id: I6475956719b7c938b8289189abfef661140d526d
During boot sequence there can be multiple calls to mount_all. For the
userspace reboot to correctly remount userdata, we need to store the
return code of the one that was responsible in mounting userdata.
Test: adb root
Test: adb shell setprop init.userspace_reboot.is_supported 1
Test: adb reboot userspace
Test: checked dmsg
Bug: 166353152
Change-Id: Id0ae15f3bcf65fa54e4e72b76f64716c053af7fb
Store pertinent information about userspace reboot events in the case
of failure. This information is any services which failed to stop
cleanly, the output of the default fstab and /proc/mounts, and
a list of mounts which failed to unmount. This information is only
stored as necessary (i.e. mount information will not be stored if
everything unmounted, even if some services failed to stop).
Added new /metadata/userspacereboot directory to persist this
information. Information older than 3 days will be deleted.
Test: adb reboot userspace with sigterm/sigkill timeouts set to
very low values
Test: Manual test of storing all other information
Bug: 151820675
Change-Id: I6cfbfae92a7fc6f6c984475cad2c50c559924866
Move responsibility for setting ro.crypto.type into fs_mgr_mount_all,
so that even if setting up the filesystem fails, the type is set
correctly and so errors are appropriately handled.
Bug: 162289984
Test: simulate a failure and check that it's set.
Change-Id: Ib061a454e7e21d7206c3c1fa8e88e16618099581
To support "override" services, we need to scan partitions from least
speicific to most specific.
Bug: 163021585
Test: m
Change-Id: I26a6de4f7fb571c60038e803137a4b1c237792fd
The set of linked binaries was making it difficult to run
the test over a native bridge. Since init won't usually
run over a native bridge, the test can be skipped.
Bug: 161081809, 142324733, 162288553
Test: Arm build of CtsInitTestCases skips rammus-arc-r Chromebook.
Change-Id: Icdd8b03111d0f3fd6658ee6d9a97fca27181db45
(cherry picked from commit 9cecf8422a)
This is correct significant figures/units based on the precision of our
measurements, but it does not reflect our actual certainty re the output
data, since in reality, confidence is diminished by temperature, device,
hardware revision, time of day/month/year, spurious activity, data
connectivity, app install list, inherent randomness of multiprogramming,
sensor activity, user interaction, /data caches, build-by-build
differences, charging state, data fragmentation, race-driven sleeps,
cosmic radiation, factory defects, local magnetic or gravitational field
differences, changes in device momentum, or other known and unknown
causes.
Bug: N/A
Test: run perfboot.py, and output has:
mean: 10801 ms
median: 10801 ms
standard deviation: 18 ms
Change-Id: I796396acc203b29e9a14e4d6dffa58db7b8cd9fb
* changes:
init: Initiate other misc devices from BlockDevInitializer.
Allow snapuserd to be included in the initial ramdisk.
Add experimental daemon for handling dm-user requests.
If the system partition has been updated and _PATH_DEFPATH has a new
value, then we must set $PATH in second stage init to take on the new
value, as well as having set it in first stage init.
Bug: 160210288
Test: build
Change-Id: I18765709dc9bff9379b0ae39272199cf74a79d2f
