With all of the changes made to the early init boot phase, the
README.md needs updating for future referencing.
Test: none
Change-Id: Ia572577c683add449a4e091ffd4d1597682e9325
Create /dev/block/by-name/<device> symlink for block devices that are
boot devices but do not have a partition name given.
Test: boot normally
Change-Id: I8c100b0d30dce02a2dd31aebcfea538b8eed9b19
If a partition can be formatted by vold, then it doesn't make sense to
have first-stage mount fail if the partition hasn't been formatted yet.
Bug: 121209697
Test: device boots after fastboot flashall -w
Change-Id: I4a6c794a9912a5e0794983e9514a08f9c23e6ae9
mainline-core is still in the progress of defining interfaces between
/system, /product, /product_services. Before that was completely done,
just updating /system to GSI usually couldn't boot a device.
Therefore, this CL allows GSI to specify a config file, telling init
not to mount /product and /product_services. And fallback to
/system/product and /system/product_services in the GSI.
Bug: 120208657
Test: boots a device with /system/etc/init/config/skip_mount.cfg and
checks both /product and /product_services are not mounted.
Change-Id: Ibe2abad30b178a6e552fb21e4b30207fc3ef5523
We want to move all information required for first stage mount into
the first stage ramdisk instead of using device tree. A previous
change allowed reading the fstab from the first stage ramdisk, but
'vbmeta/parts' was still in device tree. This change allows
specifying the required vbmeta/parts information in the fstab.
The new syntax is that instead of simply specifying 'avb' as an fs_mgr
option, a partition may specify 'avb=<vbmeta partition name>' and that
vbmeta partition will also be initialized by first stage init before
attempting to mount any devices.
Bug: 117933812
Test: boot crosshatch without device tree fstab
Change-Id: Ida1a6da988c10d364b3ccdaa6c5d63e5264d1b27
Some configurations won't allow ueventd to have CAP_NET_ADMIN, so the
new default size of 16M is not possible for those. Those
configurations also won't need such a large buffer size, so this
change allows devices to customize the SO_RCVBUF(FORCE) size for the
uevent socket.
This is done by adding the line 'uevent_socket_rcvbuf_size <size>' to
your device's ueventd.rc file. <size> is specified as a byte count,
for example '16M' is 16MiB.
The last parsed uevent_socket_rcvbuf_size line is the one that is
used.
Bug: 120485624
Test: boot sailfish
Test: ueventd unit tests
Change-Id: If8123b92ca8a9b089ad50318caada2f21bc94707
A symlink for TARGET_ROOT_OUT as a post install command of a package
that is also installed to TARGET_ROOT_OUT. We hijack init.rc which
satisfies this requirement for this symlink.
Bug: 120402274
Bug: 120460755
Bug: 120509320
Bug: 120554662
Test: symlink is created
Test: make bootimage && ls -la $OUT/root/init
Change-Id: I6f1ac06ef152c36d7d7db4618d49a008338da39b
Asan requires /proc to be mounted, which means it fundamentally cannot
be used with first stage init. Given that second stage init now
contains the logic for first stage init, asan must be disabled on all
of init until this can be resolved.
Bug: 120424438
Bug: 120561310
Test: Asan builds boot
Change-Id: I24d1a0c8ecb5eb3f77435e6e36432c7b4cb97c6a
In the non-retrofit case, the metadata source partition will be
hardcoded as "super", but such a partition may not exist or may have
been overridden by super_partition=<something>. Make this work reliably
by plumbing the resolved metadata block device through, and using it any
time a partition called "super" is requested.
This also fixes a case in the first_stage_mount code that assumed that
detected a non-A/B, non-retrofit case by assuming the metadata source
partition would be called "super".
Bug: 113175337
Test: boot test on cuttlefish
Change-Id: I8ce1defb902e257eeb7170d697b378eba31faee3
Now that we have a first stage ramdisk (or use recovery in its place),
it's possible to place a vendor specific fstab along with first stage
init, removing the need for device tree modifications to have an
fstab.
Bug: 117933812
Test: hikey boots with only an fstab in first stage ramdisk
Test: blueline mainline boots with a disabled DT fstab and an fstab in recovery
Change-Id: I4460b88851557a75ba06ff795cd842e7dfb6da46
Increase size of the NETLINK_KOBJECT_UEVENT socket receive buffer to
16M. Also, use SO_RCVBUFFORCE to override any limits set by
/proc/sys/net/core/rmem_max.
We had a couple of instances, where we lost critical uevent messages due
to receive buffer overflows.
Bug: 119933843
Change-Id: I6aab183aa0194e173f9175b47c6beb0835cf6675
init add support for picking up partitions if specified by
fs_mgr_overlayfs_required_devices() as /dev/block/by-name/<partition>
Test: adb-remount-test.sh
Bug: 119885423
Change-Id: I6a4c3d9b5c2b406178f0acf0a86c52ab17209537
Even though it isn't strictly needed when not system-as-root, for
backwards compatibility, it is desired to keep this symlink.
Bug: 119851742
Test: tree-hugger
Change-Id: I47bc25ab257336f56ef09b5db6ebaf6b17daad35
This CL also adds namespace android::fs_mgr and remove FsManager* prefix
for class names. Note that android::fs_mgr::FsManagerAvbOps will be removed
in later CLs when fs_mgr doesn't rely on libavb->avb_slot_verify() to
parse vbmeta structs.
Some lingering sources for by_name_symlink_map_ are also removed.
Bug: 112103720
Test: boot crosshatch_mainline-userdebug
Change-Id: I2d1a5cc39bcd5a699da8d5539f191d8c7737c4af
NIAP certification requires that all cryptographic functions
undergo a self-test during startup to demonstrate correct
operation. This change adds such a check.
If the check fails, it will prevent the device from booting
by rebooting into the bootloader.
Bug: 119826244
Test: Built for walleye. After device booted examined dmesg and
observed logs from init showing that the new task did
start. Further, when BoringSSL is built to fail its self
check the device did stop during a normal boot and enter
the bootloader, and did so before the boot animation stopped.
Change-Id: I07a5dc73a314502c87de566bb26f4d73499d2675
This reverts commit 055347e564.
Reason for revert:
init boots with XOM now. I think this was fixed when this boringssl patch got merged in earlier this week (init has a static dependency on libcrypto):
https://boringssl-review.googlesource.com/c/boringssl/+/33245
Change-Id: I70e15fad4a194c0d2087941bba70dfcd38abe8b5
Follow up to the change made for AVB2 devices in
I19371b05912240480dc50864a2c04131258a7103.
The same consideration must be made in the fall through case, which
is taken either if AVB is completely disabled, or the dm-verity / AVB1
mechanism is used.
Bug: 113175337
Test: boot test on cuttlefish
Change-Id: I99d46a2c2630c40f5f5c02279b11e423998a1e05
init doesn't cooperate with execute-only memory just yet, so disable it
until we can determine the root cause.
Bug: 77958880
Test: Device boots.
Change-Id: Ieb78315ba1e48c9cd0d047a42951bd3fbd36641b
There can be no match when there is no APEX installed or no APEX is
providing *.rc file. Don't fail in that case.
Bug: 117403679
Test: m apex.test; m; device is is bootable
Change-Id: Ib1c607ee2c156dc236da1df7df0c6663e8d899b2
With the addition of the /dev/block/by-name/ symlinks created for the
boot_device, we no longer need to use a map to track the symlinks for
the partitions AVB needs to access.
This will help us in removing the requirement to specify which
partitions contain AVB metadata.
Bug: 117933812
Test: boot blueline_mainline with AVB
Change-Id: I1d46dba5b2fc16b2a14f861b34225ac0f2995b60
The first split of 1st/2nd stage init went a bit overboard, since it
split these even in the case of the recovery image and system-as-root,
which don't actually need the split. This change simplifies this a
bit:
system-as-root and recovery have a single combined /system/bin/init
and a symlink from /init to it.
non-system-as-root has a separate first stage init at /init on the
first stage ramdisk and a combined /system/bin/init on system.img.
Two particular benefits from this:
1) Removal of the rsync of TARGET_RAMDISK_OUT to the recovery image
2) Decrease of overall space on the recovery image since it won't have
a statically linked first stage init
This also unified the various entry points of init to depend entirely
on the arguments passed to it, instead of the hybrid of arguments and
environment variable used previously.
Bug: 80395578
Test: boot both system-as-root and non-system-as-root
Change-Id: Ic2f29b6f56b7defc80eaa0e7cd0c9107e978816f
A service with 'updatable' option can be overriden by the same service
definition in APEXes.
/system/etc/init/foo.rc:
service foo /system/bin/foo
updatable
/apex/myapex/etc/init.rc:
service foo /apex/myapex/bin/foo
override
Overriding a non-updatable (i.e. without updatable option) service
from APEXes is prohibited.
When an updatable service is started before APEXes are all activated,
the execution is delayed until when the APEXes are all activated.
Bug: 117403679
Test: m apex.test; adb push <built_apex> /data/apex; adb reboot
adb shell, then lsof -p $(pidof surfaceflinger) shows that
the process is executing
/apex/com.android.example.apex@1/bin/surfaceflinger instead of
/system/bin/surfaceflinger
Change-Id: I8a57b8e7f6da81b4d2843e261a9a935dd279067c
The following message creates unnecessary alarm:
init: Partition system_a already existed in the by-name symlink map \
with a value of \
/dev/block/platform/soc/1d84000.ufshc/by-name/system_a, new value \
/dev/block/platform/soc/1d84000.ufshc/by-name/system_a will be \
ignored.
and in the code is cited as an ERROR. The message admittedly does
point out an inefficiency by reporting multiple updates.
Test: compile
Change-Id: I388a76fa078cf9de5840930247f732d16ccb0719
When using the recovery image as a trampoline to boot the system,
first chroot from the recovery image to /first_stage_ramdisk, to
minimize differences between these two boot paths.
Primary motivation is due to the fact that the basename of each mount
point is used by device-manager to name its nodes, and the previous
code that created used /system_recovery_mount as the mount point for
system.img broke AVB. Instead of hacking around that issue, this
change unified mounting for the recovery trampoline and true first
stage ramdisk paths.
Change when relanding: the original change skipped the move mount from
/first_stage_ramdisk to / and only did a chroot instead. This was a
mistake that resulted in the subsequent move mount of /system to / to
mount over the '/' directory instead of moving that mount. This
change uses a bind mount of /first_stage_ramdisk to itself instead of
skipping the first move mount.
Bug: 114062208
Test: AVB works with blueline_mainline
Change-Id: I65207edfe98531892da2eafcbff19b438c9c64fe
Init now parses *.rc files from the APEXs when the apexd notifies the
mount event via apexd.status sysprop.
Bug: 117403679
Test: m apex.test; adb root; adb push <builtfile> /data/apex; adb reboot
adb root; adb shell setprop ctl.start apex.test; dmesg shows that init
tries to start the service which doesn't exist.
[ 47.979657] init: Could not ctl.start for 'apex.test': Cannot find '/apex/com.android.example.apex/bin/test': No such file or directory
Change-Id: I3f12355346eeb212eca4de85b6b73257283fa054
This reverts commit 56999b41af.
Reason for revert: Something is broken here; we're not switching to /system properly.
Change-Id: I777fedcfb545c11275c9cc12f99b99a2423959a0
When using the recovery image as a trampoline to boot the system,
first chroot from the recovery image to /first_stage_ramdisk, to
minimize differences between these two boot paths.
Primary motivation is due to the fact that the basename of each mount
point is used by device-manager to name its nodes, and the previous
code that created used /system_recovery_mount as the mount point for
system.img broke AVB. Instead of hacking around that issue, this
change unified mounting for the recovery trampoline and true first
stage ramdisk paths.
Bug: 114062208
Test: AVB works with blueline_mainline
Change-Id: Iffb154962b6e160150917e068f1e7d0bf7cb84e7
This patch adds another uevent-regeneration pass to the first stage
mount. When the super partition spans multiple block devices, we need
/dev/block/by-name symlinks to have been created before we begin mapping
dynamic partitions.
Bug: 116802789
Test: retrofit device boots
Change-Id: I00bb277e1d81385a457c5b4205a95d8fbe365bb2
We need to do restorecon after the cold boot, otherwise the newly
created sysfs nodes won't be labelled.
Bug: 118861992
Test: manual - do insmod, check sysfs nodes are properly labelled
Change-Id: I4bdfb4a68206724a568d8cbb6c644ba8764b5fa7
Current hwasan implementation breaks when stderr (fd 2) is missing.
Bug: 118776698
Test: hwasan boots without serial console
Change-Id: Id095a87212096526a497563adab3d7f2f9fe8ab0
Using overlayfs, the system partition may provide files for older
version of vendor partitions by overlaying on the vendor partition.
Directories in /system/vendor_overlay will be overlaid on the
directories in /vendor to override existing files or provide new
files.
This feature works only if the kernel support overlayfs and has a
patch for override_creds. Otherwise, no-op.
Bug: 114679254
Test: Build and boot: nothing affected without overlayfs, or
vendor file is overrided with overlayfs
Change-Id: Iff3a308945299034123ba7bcb40dc787e102730e
The memcg.limit_percent option can be used to limit the cgroup's
max RSS to the given value as a percentage of the device's physical
memory. The memcg.limit_property option specifies the name of a
property that can be used to control the cgroup's max RSS. These
new options correspond to the arguments to the limitProcessMemory
function in frameworks/av/media/libmedia/MediaUtils.cpp; this will
allow us to add these options to the rc files for the programs that
call this function and then remove the callers in a later change.
There is also a change in semantics: the memcg.* options now have
an effect on all devices which support memory cgroups, not just
those with ro.config.low_ram or ro.config.per_app_memcg set to true.
This change also brings the semantics in line with the documentation,
so it looks like the previous semantics were unintentional.
Change-Id: I9495826de6e477b952e23866743b5fa600adcacb
Bug: 118642754
Found the following 2 binary is not in the path
system/core/init/grab-bootchart.sh: line 20: bootchart: command not found
system/core/init/grab-bootchart.sh: line 21: gnome-open: command not found
Use a more commonly available command to create bootchart
Test: system/core/init/grab-bootchart.sh started a bootchart
successfully
Change-Id: I6d5b4a692af2fd53ea636b768f55c697586e6898
If a section header such as 'on' or 'service' has an error with it,
the rest of the commands / options are currently reported as errors
since there is no valid parser object to parse them. For example,
service !@#$%%^&*() /system/bin/false
user root
group blah
blah blah
Generates:
init: /system/etc/init/bad.rc: 2: invalid service name '!@#$%%^&*()'
init: /system/etc/init/bad.rc: 3: Invalid section keyword found
init: /system/etc/init/bad.rc: 4: Invalid section keyword found
init: /system/etc/init/bad.rc: 5: Invalid section keyword found
This change suppresses the extraneous 'Invalid section keyword found'
messages.
Test: faulty error messages are suppressed.
Change-Id: Ieeb2d5b8b7eea33e191a88ce5a0d41701686943f
Partial revert of "init: if vendor_init can read a property, let it be
a trigger too" (b35f827c97).
We made a mistake when we allowed vendor init to action on any vendor
or odm property, since when a new SELinux label is created for a
vendor property, vendor_init does not automatically get read
permissions for it.
Recently, we tried to use read permissions instead of the built-in
list in init, but that broke due to the above mistaken. Since we have
already launched with these permissions as is, we must restore them.
Bug: 118457755
Test: no denials for vendor init actionable properties on crosshatch
Change-Id: I7a9a560c9a54a177c6b83d28309e2f288f05d400
The file-based encryption setup code is being refactored into its own
library because it applies to both ext4 and f2fs, not just ext4. Update
init to use the new location. For fs_mgr, just remove the include of
ext4_crypt_init_extensions.h since it was unneeded.
Test: built, booted device with f2fs encryption
Change-Id: I392a763e3349f001bdbc09eb9ca975aa3451fd68
There is a list of 'stable_properties' that vendor_init can use as
property triggers for Treble property compliance. This list came about
since init parses init scripts before all partitions are mounted and
therefore before all property context files are available, such that
init cannot use the normal SELinux mechanisms for determining if a
given property is vendor_init readable.
Currently though, we require all partitions that would contain
property context files to be mounted during first stage mount, so we
can use the normal SELinux mechanisms here, so this change deprecates
the stable_properties list and moves init to use SELinux to determine
if a property can be a trigger.
Bug: 71814576
Test: vendor_init fails to use non-readable properties as a trigger
Test: vendor_init successfully uses readable properties as a trigger
Change-Id: I6a914e8c212a3418cbf4a8a07215056aad2e0162
Init is special.
It starts early and does not pick up the Android ASAN options provided
on the environment. Therefore we pull in /system/asan.options in
explicitly if it exists. We provide sane defaults that will allow the
system to boot otherwise.
Logging is complicated because it needs to go to the kernel log.
So use sanitizer functions to install log functions.
Bug: 117879229
Test: m && m SANITIZE_TARGET=address
Test: init boots with ASAN enabled
Change-Id: I72c033a1f86ba5d6b2e4f943e7a3acd0d399c8bf
Bug: 117828597
Test: bugreport launches with a test property set to appropriate keys
Test: bugreport doesn't launch with the test property unset
Test: no errors seen in build or boot in either of the above cases
Change-Id: Iea27032080a0a7863932b1c1b573857ac66b56b5
ParseLineSection() provides 'args' as an rvalue reference, so its
callers can and should use it as such. This saves some copying
overhead and cleans up the code a bit.
Test: boot
Change-Id: Ib906318583dc81de9ea585f5f09fdff35403be1b
With system-as-root, both first and second stage init belong to
system, but without system-as-root, first stage belongs to vendor and
second stage belongs to system. This change creates two phony
packages to achieve this correctly in the build system.
Bug: 117606184
Test: mainline builds work properly
Change-Id: I19263e76c217c2e70bc06c180be3a460e9144f18
'Critical' services have rebooted into bootloader, like all other
catastrophic init crashes, for years now. Update the text to match.
Test: n/a
Change-Id: Icfc41bf3e383958f14ecfaab9ca187e2c3dc7fd9
This keyword can (and should) be used multiple times when multiple
services are served together. I've documented this here.
Bug: N/A
Test: N/A
Change-Id: Ie986c9cac486db346555f359e9ccbed93d8d1d22
It's better to either check these results or explicitly ignore them.
Only a few callers weren't already doing this, so it's relatively
trivial to enforce.
Test: build
Change-Id: I44cdc342e46128f66cac914aaa0b9b4559cacd8c
Vendor might want to pause/resume some operations while a bugreport is captured
so that we need to export dumpstatez into stable_properties.h for vendor to get
property event when dumpstatez launch.
Test: confirmed manually with "adb bugreport"
Bug: 117536084
Change-Id: Ib743c5e59ca20cc44470110c814d85e4cbb90c0c
Signed-off-by: Minchan Kim <minchan@google.com>
1) increase thermal shutdown timeout to 3s for process to save work
2) respect property "ro.build.shutdown_timeout" in thermal shutdown if
it is set less than default time - "3s"
Bug: 112432890
Test: Build
Change-Id: Idc2b24dd44c1fab8f9b047fd2468de2ee45ff783
The kernel opens /dev/console and uses that fd for stdin/stdout/stderr
if there is a serial console enabled and no initramfs, otherwise it
does not provide any fds for stdin/stdout/stderr. InitKernelLogging()
is used to close these existing fds if they exist and replace them
with /dev/null.
Currently, InitKernelLogging() is only called in second stage init,
which means that processes exec'ed from first stage init will inherit
the kernel provided fds if any are provided.
In the case that they are provided, the exec of second stage init
causes an SELinux denial as it does not have access to /dev/console.
In the case that they are not provided, exec of any further process is
potentially dangerous as the first fd's opened by that process will
take the stdin/stdout/stderr fileno's, which can cause issues if
printf(), etc is then used by that process.
Lastly, simply moving InitKernelLogging() to first stage init is not
enough, since first stage init still runs in kernel context and future
child processes will not have permissions to access kernel context
resources. Therefore, it must be done for a second time in second
stage init.
Bug: 117281017
Test: no audits when booting marlin.
Change-Id: If27edab5c32b27765e24c32fbed506ef625889de
Allow services to specify a custom restart period via the
restart_period service option. This will allow services to be run
periodically, such as a service that needs to run every hour.
Allow services to specify a timeout period via the timeout_period
service option. This will allow services to be killed after the
timeout expires if they are still running. This can be combined with
restart_period for creating period services.
Test: test app restarts every minute
Change-Id: Iad017820f9a602f9826104fb8cafc91bfb4b28d6
Added fs_mgr_overlayfs_required_devices() as hint to init to make sure
the device gets created before fs_mgr_overlayfs_mount_all().
Test: manual
Bug: 109821005
Change-Id: Iab038f3e0252a357b082bb08db3679512b9badec
We ran into an issue with an fd leaking due to missing both CLO_EXEC
and fclose() in related code, so let's make sure we're safe here too.
Test: boot
Change-Id: Ief893c936859815c78fa6d7e06cb88ad34aadbac
If a device has logical partitions but does not use a partition called
"super", we will need this to be configurable. Note that the "slot"
argument is currently unused, but will be necessary for update_engine if
there are A and B super partitions.
Bug: 116608795
Test: super partition works
Change-Id: Ieb548a158faeb423f3561230f26d582325efbc6b
We need to keep the right mount points in the fstab for other
processes to access (/ for system-as-root or /system otherwise).
Force_normal_boot devices are defacto not system-as-root,
since they're booting through the recovery ramdisk and therefore must
use /system as the system mount point.
Bug: 114062208
Test: boot pixel from recovery with force_normal_boot
Change-Id: Ib0e4e4f8a29299ecdcd35e8f1415551c4c9745ad
Device is considered to be unlocked if
androidboot.verifiedbootstate is "orange".
Test: adb shell getprop ro.boot.flash.locked
Change-Id: Id3aeec757908ea63a37e28ad880a6c71d53083ac
Add an fstab argument for fs_mgr_overlayfs_mount_all so that it can
leverage the locally and timely acquired fstab entries. Affects all
callers, adb and init.
Test: manual
Bug: 109821005
Bug: 115751838
Change-Id: I96e2045d88525a6ce39bef63327a0fcf0704e9bc
Devices not supporting logical partitions do not require the command.
Bug: 78793464
Test: 'adb reboot fastboot' reboots to bootloader for a device
not supporting logical partitions.
Change-Id: I0a7b6d4335040e24efbf461e2dd2d56ab1985b7f
This change makes the subcontext processes cleanly exit in the event of
the init's socket being closed. If that was an accident, init will
respawn the process immediately. Otherwise, it will just quietly go
away.
Bug: 80425914
Test: kill -9 $INIT_PID # Outside of an Android container
Change-Id: I664f11d1b3700ea46857abf24857335fe28e92fa
If there is no valid pre-compiled SEPolicy policy, init may call
secilc, which exists on the system partition. 1st stage init won't
always live on this partition, so we need to move this SELinux setup
to 2nd stage init, which always lives on the system partition, to
ensure that both secilc and its caller are updated together.
Bug: 114059212
Test: hikey boots, sailfish boots
Change-Id: Iaf7b4af4a5c2ace16755ec2e54510ab95c53f041
For A/B devices, the recovery image is typically provided as a ramdisk
paired with boot.img. Instead of repartitioning these devices to have
a separate recovery partition and have the new 1st stage ramdisk
paired with the boot.img, this allows setting
androidboot.force_normal_boot=1 on the kernel command line to have init
in recovery boot directly to a normal boot.
This requires /system_recovery_mount to be added in the DT fstab for
the system partition.
Bug: 114062208
Test: hikey boots
Change-Id: I1e331b5cca91152d20ca92549779ab41aa9cd431
Allow init to use binder, but in a restricted way:
- No binder threadpool
- Other processes can't initiate calls to init
- No death recipients
This change adds libbinder/libutils and calls into ProcessState,
which also calls into the kernel driver and sets up state there.
No other binder calls are made, so that we can let this soak for
a while to see if there any bad side effects of just loading
these libraries and initializing the kernel driver.
This introduces about 120kB of additional memory usage (PSS),
mostly due to pulling in libbinder and libutils and the private
state they have.
We also don't include these libraries in the recovery version of
init, because space on the recovery partition is limited.
Bug: 112684055
Test: device still boots, /d/binder/proc/1 shows init state
Change-Id: I972b1eebdb16337f52e20d1f614e3a0dce0f06d2
MountPartitions should respect nofail. The nofail flag makes the
partition optional.
Test: manual (future code using feature), and smoke test
Bug: 109821005
Bug: 78914864
Change-Id: I715a66ef1abbe223b0cefe5bd2758f63352b1afc
The keycodes functionality in init only needs to read key events. It
doesn't need to inject key events. A read-only file descriptor is
perfectly sufficient.
Test: pressing volume-up/volume-down/power still generates a bugreport
Change-Id: Iecbf21c544914334006ac6258c03df390f417e80
Not all the dependent shared libs are installed on device with both
arches. For example, we don't have 32-bit `libfs_mgr.so` or
`libbootloader_message.so` on marlin, which would cause 32-bit
`init_tests` to fail.
Bug: 112494634
Test: Run (64-bit) init_tests on marlin.
Test: `m -j continuous_native_tests` with aosp_marlin-userdebug. Check
that only 64-bit init_tests is included in
`continuous_native_tests.zip`.
Change-Id: I999d58750d48c34df7dbabccf8863a6ccaf0b83c
This CL switches init_defaults and thus init_second_stage to depend on
commonly used shared libraries. In particular, use the following shared
libs that have been available on device (under both of normal boot and
recovery):
- libbootloader_message
- libext4_utils
- libfs_mgr
- libhidl-gen-utils
- libkeyutils
- liblogwrap
The following transitive dependencies have been dropped. They were only
needed when including the above libs statically. Dropping them doesn't
further affect the size though.
- libfec
- libfec_rs
- libsquashfs_utils
With the change, the second stage init size has been reduced from
1094328 to 627992 bytes (aosp_taimen-userdebug), with no new shared libs
installed.
Also evaluated the impact of using `libprotobuf-cpp-lite.so` and
`libseccomp_policy.so`. It doesn't look beneficial -- at least not right
now with `init` as the singler user.
- statically linked them both: 627992-byte
- with libprotobuf-cpp-lite.so: 605880 (init) + 262624 (.so)
- with libseccomp_policy.so: 605848 (init) + 32208 (.so)
Bug: 112494634
Test: `mmma -j system/core/init` with aosp_marlin-userdebug
Test: Flash the marlin build on device. Run init_test.
Test: Boot into recovery successfully.
Change-Id: I49debe9066ff36dfda55b08266862e29e2bfc96b
An unintended consequence of property types is that it makes clearing
a property, by setting it to an empty string, impossible. This change
explicitly allows that case:
Test: new (and old) unit tests
Change-Id: I188693bfd3a71b64c194c3858544230b87d8d891
Due to a bug with ParseUint(), init would defacto accept -1 for an
infinite rlimit, but only on 64bit devices. That bug is now fixed,
such that -1 would be rejected by ParseUint() for all devices.
This change explicitly checks for -1 for all devices or 'unlimited' to
match ulimit's reporting and accepts either as an infinite rlimit.
Bug: 112668205
Test: new (and old) unit tests
Change-Id: Ie28ff622cdf375a65ceb5f32ffb14fb3d5d9f2ba
Attempting to reduce the number of different spellings we have for
"product services" partition in the codebase.
Bug: 112431447
Test: m
Change-Id: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
Merged-In: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
This makes the init module only produce artifacts in
/system. A simultaneous change in the core product
makefiles explicitly adds init_second_stage.recovery.
Bug: 112318375
Test: lunch mainline_arm64 && m nothing
Change-Id: I33f0f0c869dfb1ffe781fc682eeb20589a4ffe90
* changes:
init: add fs_mgr_overlayfs_mount_all to FirstStageMount
adb: add overlayfs handling for readonly system filesystems
fs_mgr: get fs_mgr_mount_all to call fs_mgr_overlayfs_mount_all
fs_mgr: add overlayfs handling for squashfs system filesystems
In the future, systems with dm-linear will require a ramdisk to set up
the mount for system. In this world, first stage init will be a part
of this ramdisk and handle setting up dm-linear, mounting the
necessary partitions, then pivoting to the system image, which will
become the root partition.
This also enables previous devices without system-as-root, to be
unified with system-as-root devices for all aspects of boot after the
pivot_root.
Bug: 79758715
Test: boot hikey
Test: boot sailfish, boot sailfish into recovery
Change-Id: Iefa88a3ec5994e7989aa9f26f2de0351ffa5468b
This is a baseline for splitting init first and second stage into
their own executables.
Bug: 79758715
Test: sailfish boots
Change-Id: I549ad4502893b3a5e4c2a9886f66850f6d31b619
Rebooting to these targets requires writing bootloader
messages and thus root. Moving them into init means that
adb, reboot don't need root to use these targets.
Test: try rebooting to these targets
Bug: 78793464
Change-Id: Ia002d1e3b1cb0c0616f60435fb9af4dce162cf84
We're moving past a world where static executables are needed,
including watchdogd, so treat this like any other executable and place
it in /system/bin.
Bug: 73660730
Test: watchdogd still runs
Change-Id: I1f7508fd55dce6e9ee72a6ab7a085011a76c0053
Some devices have modules.alias and modules.dep for modprobe and other
purposes but do not want to opt into ueventd auto loading their
modules. Therefore we add a flag that can be added to ueventd
configuration files to opt into this behavior.
Bug: 111916071
Bug: 112048758
Test: check that modules are loaded with this opt-in
Test: check that modules are not loaded without this opt-in
Change-Id: Ifb281b273059b4671eea1ca5bc726c9e79f3adfb
