This requires a bit of refactoring: moving things around.
libinit_host is used by host_apex_verifier which needs check_builtins as
well.
Bug: 325565247
Test: atest host-apex-verifier
Test: m out/target/product/vsoc_x86_64/host_init_verifier_output.txt
Change-Id: Ifed54dd2149afbab2bf63f7e42c410c2354895fc
Re-order the fields in the declaration to address the following
ISO C++ requires field designators to be specified in declaration order;
field 'sigaction::(anonymous union at bionic/libc/include/bits/signal_types.h:76:20)'
will be initialized after field 'sa_flags' [-Wreorder-init-list]
Test: TH
Change-Id: I3f1d4739f1677aad50d4f07361aa264da43bdd13
The test is not eligible for CTS. Reasons:
1. The init behavior does not directly affect app compat. App interact
with init only for the property service and that part is covered by
the Bionic test already.
2. This test doesn't run against the init binary installed on the
device. libinit where most of the init functionalities are
implemented is statically linked to this test binary. In other words,
this test is closer to a unit test for init.
3. This test is not compatible with Trunk stable where test and DUT are
built in different branches. The test depends on several (private)
libraries like libbase and libutils. Since the interfaces of the
libraries may have changed in the main branch, the test binary built
from the old test-dev branch may break.
This change does not remove the test. The test will still run as a unit
test during pre/post submit.
I didn't drop the `Cts` prefix from the name, because that requires
broader changes.
Bug: 320800872
Test: N/A
Change-Id: I1402c08b79b57ad6daa7948fe37f14fbbe36f1d6
Remove temporary 'vendor_api_level_of' function from init and replace
the function with the same in libvendorsupport.
Bug: 312403948
Test: getprop ro.vendor.api_level
Change-Id: I095353e602397220571e131431e7cbd1b8511fa6
Merged-In: I095353e602397220571e131431e7cbd1b8511fa6
This reverts commit f5d8773169.
Reason for revert: Identified as culprit for broken tests: b/317470107
Change-Id: If599c688bb4bbe800270881451fa5ac1f6898aff
Currently the only ways to enable dm-verity were relying on its built-in
vbmeta image or containing its public key on standalone vbmeta image.
Merging this change will support enabling dm-verity based on hashtree
descriptor root digest for standalone vbmeta image.
Bug: 285855436
Test: Presubmit
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid --vendor /vendor/etc/avf/microdroid/microdroid_vendor.img
Change-Id: I51eb64cae2ca8b4e97f1c6419b35d45e6f51cacb
During PrepareSnapshotPartitionsForUpdate, we attempt to connect to
snapuserd with a 5s timeout, only to tell snapuserd to shutdown
immediately. If snapuserd isn't running, we will wait-out the whole 5
seconds. Change the logic to return early if socket_connect() calls
return ENOENT, indicating that snapuserd socket isn't used by any
process. This reduces allocateSpaceForPayload() time from 6s to 1s.
Test: th
Bug: 315215541
Change-Id: Ib24d7c63733a896c082ac92aaa88ad52d050a2a5
Despite 'require_root: true' in Android.bp for CtsInitTestCases, it can
happen that this test is run without root privileges. If that happens,
skip the ServiceStopTest.
Bug: 313551148
Change-Id: I45f29369915a1f61e08ffd9bf5601a83a147597c
Signed-off-by: Bart Van Assche <bvanassche@google.com>
The android-4.14-stable and later kernels support the
FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY ioctls. This
has superseded the old way of adding fscrypt keys to the kernel, which
was to use the add_key() syscall to add keys to the "session" keyring.
On kernels that support the ioctls, Android doesn't use the obsolete
way. Since upgrading even just to Android 14 requires at minimum a
android-4.14-stable kernel (according to
https://source.android.com/docs/core/architecture/kernel/android-common#compatibility-matrix),
there is no need to support the obsolete way anymore.
Therefore, this commit removes the code from init that created a keyring
named "fscrypt" in the session keyring. It also removes the code that
created the session keyring itself, since the only reason that Android
even created a session keyring was just to hold the "fscrypt" keyring.
Flag: N/A for the following reasons:
- Removing obsolete code, which is fairly safe
- Very early code, so runtime flag cannot be used
- Even a build-time flag cannot be used, since init needs
recovery_available, which aconfig libraries do not support
Bug: 311736104
Test: Build and boot Cuttlefish
Change-Id: Id9a184c68cf16d5c4b1d889444cf637c95a91413
The root cause of "After OTA, device is not responding" is that
Service::Stop() did not stop services that had been migrated to another
v2 cgroup. Add a unit test for that scenario.
Bug: 308900853
Change-Id: I590fde90e31326290c2c8ce8fce51e94b215a979
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Add an Epoll::Open() call such that the Epoll::Wait() calls wait for the
signalfd. Rename DiscardSiginfo() into HandleSignal(). Handle Epoll method
call failures. Test whether alive_pids is empty once per loop iteration.
Test: CtsInitTestCases:ServiceStopTest
Change-Id: I16c27aa74d61f889b304f3e59cd3c5255c299ce1
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Prepare for adding a second caller of ReapAndRemove().
Change-Id: I0f54af6136f49caa0198c123a4c8de968e5f41ba
Signed-off-by: Bart Van Assche <bvanassche@google.com>
In Android V, ro.vendor.api_level read ro.board.api_level only if
ro.board.first_api_level is defined. The format of the vendor api
level is YYYYMM.
Update the ro.vendor.api_level initialize funtion with this change.
As ro.product.first_api_level follows the version from the SDK, a
new function `vendor_api_level_of` translates the SDK version to the
vendor API level.
Bug: 312403948
Test: getprop ro.vendor.api_level
Change-Id: I2961ed9a6de8e9156f72c1bbfeabcac9c35f08fb
... because vendors should be able to extend ueventd.rc for their own
devices (in microdroid) and microdroid's system.img can't be amended.
Bug: N/A
Test: boot microdroid
Change-Id: I7ceaf3f87453c8e29f9d9bf03d4d1866185d4fec
Remove the Service::SetSigchldFd() method. Make the Service::GetSigchldFd()
create a signalfd for SIGCHLD. This makes it possible to use a SIGCHLD
signalfd in unit tests.
Change-Id: I0b41caa8f46c79f4d400e49aaba5227fad53c251
Signed-off-by: Bart Van Assche <bvanassche@google.com>
With a regular x86 kernel we are always able to get 32
min bits for mmap randomization.
However to emulate 16KB for x86 app developers the kernel
can only provide 30 bits for the randomization due the to
larger page size (PAGE_SHIFT =+ 2).
Allow the min rand bits to be (32 - (PAGE_SHIFT - 12)) in
order to generically support larger than 4KB page sizes.
This should be a no-op change for all devices, except the
x86 16KB emulator, since they will always be able to get
32 random bits.
Bug: 309816695
Test: Boot test 4k x86 device
Test: Boot test emulated 16k x86 device
Change-Id: I48d47d56ac3aecb71a9e0093a7033bb60b89c2b7
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
When service is started prior to early init and if per-app memcg is enabled, service start will fail as the required directories for memcg isn't present viz /dev/memcg/apps.
Bug: 308818430
Test: th and CF OTA test with per-app memcg enabled
Change-Id: Ic65e8d179fbfb8e2135f2de5cc7c77d6c29ea7d2
Signed-off-by: Akilesh Kailash <akailash@google.com>
Reduce the time spent in WaitToBeReaped() by waiting for SIGCHLD instead
of waiting for 50 ms.
Bug: 308687042
Change-Id: I5e259fdd22dec68e45d27205def2fc6463c06ca3
Signed-off-by: Bart Van Assche <bvanassche@google.com>
This change will allow a later CL to wait for SIGCHLD without discarding
the SIGTERM information.
Bug: 308687042
Change-Id: I5b9ab4562060455573cd816cc48bf90576b39ab9
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Only report status information for the processes that are still running.
Additionally, make the logging output look better by starting the
process information from /proc start on a new line.
Fixes: ea595ba2a0 ("init: Log more information if stopping times out")
Change-Id: I3c882c364f11278087a78efb7a8e8fee8e582417
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Fix the following compiler warning:
//system/core/init:host_init_verifier clang++ host_init_verifier.cp
system/core/init/host_init_verifier.cpp:112:9: warning: ISO C++ requires field designators to be specified in declaration order; field 'pw_shell' will be initialized after field 'pw_uid' [-Wreorder-init-list]
.pw_uid = 0,
^~~~~~~~~~~
system/core/init/host_init_verifier.cpp:111:21: note: previous initialization for field 'pw_shell' is here
.pw_shell = static_shell,
^~~~~~~~~~~~
Change-Id: I930c668d7fb1d12ebe9307b1549776da71a9a95a
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Fix the following compiler warning:
system/core/init/init.cpp:754:57: warning: ISO C++ requires field designators to be specified in declaration order; field '' will be initialized after field 'sa_flags' [-Wreorder-init-list]
const struct sigaction act { .sa_handler = SIG_DFL, .sa_flags = SA_NOCLDSTOP };
^~~~~~~~~~~~~~~~~~~~~~~~
system/core/init/init.cpp:754:34: note: previous initialization for field '' is here
const struct sigaction act { .sa_handler = SIG_DFL, .sa_flags = SA_NOCLDSTOP };
^~~~~~~~~~~~~~~~~~~~~
Change-Id: I29e2d51dfdff85212a33eebfd51b241268cdfe9a
Signed-off-by: Bart Van Assche <bvanassche@google.com>
unit tests
1, Previous implementation has the staged prop application done in
property_service, which caused a number of unnecessary changes which
including exposing apis like AddPersistentProperty. In addition, it made
the property_service logic complicated. A better design is to have the
staged value application done while reading the persistent properties
from file. This way, no change to property service. In addition, unit
test is much cleaner and efficient.
2, add a unit test to lock down the behavior. Specifically, it locks down that when a prop is staged, it should be applied the next time when the persistent prop is loaded. In addition, it should lock down that other persistent props are not overwritten.
Bug: b/307752841, b/300111812, b/306062513
Change-Id: I43c603efbb803195065dda3f0bc2145716302bbc
The max_processes calculation is incorrect for KillProcessGroup because
the set of processes in cgroup.procs can differ between the multiple
reads in the implementation. Luckily the exact value isn't very
important because it's just logged. Remove max_processes from the API
and remove the warning about the new behavior in Android 11.
Note that we still always LOG(INFO) that any cgroup is being killed.
Bug: 301871933
Change-Id: I8e449f5089d4a48dbc1797b6d979539e87026f43
This fixes a bug introduced by I81b6bd984aad8f7ddec93ce74f4543e4f71be508
In the original CL, setting a sysprop `next_boot.<name>` and then
rebooting the device could remove all the persistent properties stored
in /data/property/persistent_properties. It happened because the
function `WritePersistentProperty` is called with a properties set which
is initialized as an empty set and then added with the properties which
had the next_boot prefix.
As a result...
Before the boot:
* persist.a = 1
* next_boot.b = 2
* next_boot.persist.c = 3
After the reboot:
* b = 2
* persist.c = 3
persist.a gets lost.
This change fixes the issue by populating properties set from the memory
and then save it to the file.
Bug: 306062513
Bug: 300111812
Test: do the following.
$ adb root
$ adb shell setprop persist.a 1
$ adb shell setprop next_boot.b 1
$ adb shell setprop next_boot.persist.c 1
$ adb reboot
$ adb shell getprop persist.a
1 // was (none) before this change
$ adb shell getprop b
1
$ adb shell getprop persist.c
1
$ adb reboot
$ adb shell getprop persist.a
1 // was (none) before this change
$ adb shell getprop b
// (none) because b isn't persisted. WAI.
$ adb shell getprop persist.c
1
Change-Id: I85d3777f9b32523b010e49b8ca53f4319dd2ce05
Certain applications may have their system properties overlaid with the
contents overlaid for appcompat purposes. Init must initialize the
appcompat folder, same as it does the standard folder.
Bug: 291814949
Test: manual
Change-Id: I6d239e0a10a1c81a05d4121e5fc2c41da5b3dbc4
Merged-In: I0c6a0f66dc543c6e861bc86a417e4feb5ecd7789
This SELinux option has been deprecated in the kernel since v5.7. In
v6.4, commit a7e4676e made any write to this file a no-op.
Since v4.4, the default value of 0 is set by the kernel. Skip the
setting of this value since we only support kernel >= 4.14.
Test: presubmit
Change-Id: Ied5945532e10b156dc0d9996b2a41a99d04e750b
Also, why are we accepting the completely made-up "RLIM_AS" but not the
real "RLIMIT_AS" in .rc files?
Bug: http://b/293894041
Test: treehugger
Change-Id: I18b10b6dd77265a9a14b88bfdf1cc0b474800a94
Certain applications may have their system properties overlaid with the
contents overlaid for appcompat purposes. Init must initialize the
appcompat folder, same as it does the standard folder.
Bug: 291814949
Ignore-AOSP-First: must be merged with ag/24558703, which has an Aosp -> internal merge conflict
Test: manual
Change-Id: I0c6a0f66dc543c6e861bc86a417e4feb5ecd7789
We've updated the glibc header (and musl will just use the bionic uapi
headers), so this is obsolete (and getting in the way of someone trying
to use the PERFMON capability).
Test: treehugger
Change-Id: Ife7ee076179e1db6246738aa41c2b82bd8546265
The initramfs.img from kernel builds do not store kernel modules under
_16k directory. Currently, init is programmed to only load kernel
modules from _16k dir if running on 16K page size kernel. Relax this
restriction so that booting on custom 16K kernel would work without
going through platform rebuild.
Test: th
Bug: 293313353
Bug: 300184677
Change-Id: I9ee3c74066ad9ec5127f1e8662f7c1273445994c
The macros isn't used anywhere but was a distraction when tracking down
/data mounting behaviour.
Test: build
Change-Id: Ie23574326cbebd7f515c8409e1dcb91a00cafc6f
Noticed while looking at riscv64. Looks like a bug, but actually nothing
we can do about it now or for the foreseeable future.
Bug: https://github.com/google/android-riscv64/issues/45
Test: treehugger
Change-Id: I2be81b2fd7095df40958a1f641d7b89cf5a8e41d
Improve the comment, and increase the "minimum maximum" to 24 --- we
only support 64-bit, and 64-bit never has less than 24 bits.
Bug: https://github.com/google/android-riscv64/issues/1
Test: treehugger
Change-Id: I478c7649aa19258352c908a449cabe12da94952c
