Running snapuserd before early-init means ueventd is missing, which
means we can't use WaitForFile() when dm-user misc devices are created.
Fix this by starting the transition after early-init.
Bug: 173476209
Test: full OTA with VABC applies and boots
Change-Id: Ice594cceb44981ae38deb82289d313c14726c36b
In first-stage init, libsnapshot needs to know how to wait for device
paths, since ueventd isn't running yet. We do this by passing a callback
wrapping BlockDevInitializer.
Bug: 173476209
Test: device boots into first-stage init after full VABC ota
Change-Id: I9a87f98824e65a9379cb0b99c001e28cccd9d205
There are sysfs nodes that don't take multiple inputs, adding a new
copy_per_line built-in command to copy from source file to destination
line by line.
Bug: 171740453
Test: boot and check file and log
Change-Id: I41b7a565829299d56b81d4509525dfa6a0a52444
create_directories return false with ec == 0 if directory
already exists. Do not abort in this case.
Bug: 173425293
Test: boots with pre-existing /first_stage_ramdisk/system/bin
Change-Id: I351837f0a5a56361ebc385b9a9da9658882a131d
Also includes new --out_<partition> flags for
system,system_ext,product,vendor,odm
to allow host_init_verifier to work with a collection of init rc files.
Test: host_init_verifier --out_system=... --out_vendor=...
where vendor contains an init rc file that overrides a service
present in system. Observe parse failure and non-zero exit.
Bug: 163089173
Change-Id: I520fef613e0036df8a7d47a98d47405eaa969110
Add the matadata directory for the non-VAB device to eliminate the
following init error logs:
[ 1.891172] init: [libfs_mgr]check_fs():
mount(/dev/block/by-name/metadata,/metadata,ext4)=-1: No such
file or directory
Test: dmesg | grep metadata | grep "No such file or directory"
Change-Id: Ie4db10bd3cbc194d05e64ffb954f1956db2321c6
Signed-off-by: lijiazi <lijiazi@xiaomi.com>
Dynamically creating /dev/dm-user makes it difficult to set an inotify
watch for child devices to appear. It requires having an additional
watch on /dev, and more complicated sepolicy as a result.
Bug: 168554689
Test: full OTA with VABC enabled
Change-Id: I0cdef3d5a953a372446ff4e539a25a7b5314500d
* changes:
libsnapshot: Implement MapAllSnapshots and UnmapAllSnapshots.
Start snapuserd if needed as soon as possible during second-stage init.
libsnapshot: Add support for first-to-second-stage transitions of snapuserd.
To enable the use of first_stage.sh on target configurations that lack a
console, run it regardless of whether a console has been specified on
the kernel command line. The first stage console is still only opened if
a console is present.
Bug: 163857097
Change-Id: I5f8bb66cbb42006e4b2710e17504844e665219f4
snapuserd is used as a user-space block device implementation during
Virtual A/B Compression-enabled updates. It has to be started in
first-stage init, so that updated partitions can be mounted.
Once init reaches second-stage, and sepolicy is loaded, we want to
re-launch snapuserd at the correct privilege level. We accomplish this
by rebuilding the device-mapper tables of each block device, which
allows us to re-bind the kernel driver to a new instance of snapuserd.
After this, the old daemon can be shut down.
Ideally this transition happens as soon as possible, before any .rc
scripts are run. This minimizes the amount of time the original
snapuserd is running, as well as any ambiguity about which instance of
snapuserd is the correct one.
The original daemon is sent a SIGTERM signal once the transition is
complete. The pid is stored in an environment variable to make this
possible (these details are implemented in libsnapshot).
Bug: 168259959
Test: manual test
Change-Id: Ife9518e502ce02f11ec54e7f3e6adc6f04d94133
On devices without a dedicated recovery partition, it is possible that
e2fsck exists in /system/bin, not /first_stage_ramdisk/system/bin, if
it is using generic ramdisk. When force_normal_boot, /system/bin/e2fsck
would not exist during first stage mount.
In this case, move /first_stage_ramdisk/system/bin/e2fsck to
/system/bin/e2fsck before switching root into /first_stage_ramdisk.
Abort if the operation fails.
On devices launching with R, e2fsck should already exist in the correct
place, so skip moving if force_normal_boot and
/first_stage_ramdisk/system/bin/e2fsck already exists.
On devices launching before R, it is possible that /system/bin/e2fsck
does not exist. Skip moving if force_normal_boot and /system/bin/e2fsck
does not exist.
Fixes: 171326057
Test: boot with GKI and move_recover_resources_to_vendor_boot, and
check serial output
Change-Id: I8008a4cad54c7c74a84cbcabe56723bf0e193025
Some functionality based on eBPF attached to tracepoints (gpu memory
accounting and time-in-state) rely on newer devices running with
"disabled" perf_event_paranoid controls as a result of the kernel having
LSM hooks in the perf_event_open syscall instead. This is tested
for, and set up by init via the sys.init.perf_lsm_hooks sysprop.
Development devices that boot into permissive mode still want the
eBPF-based functionality to work, but end up with a paranoid value that
disallows the syscall, as the LSM hook test expects to observe a SELinux
denial (which doesn't happen due to permissiveness).
As a pragmatic way of achieving the paranoid value override, we pretend
that the hook test has succeeded if we detect permissive SELinux during
second-stage init. It'd be nicer if we had a sysprop to reflect the
device's on-boot status of SELinux, but it's not worth adding for this
case.
BYPASS_INCLUSIVE_LANGUAGE_REASON=technical term
Bug: 170674916
Tested: booted crosshatch-userdebug with permissive kernel cmdline,
confirmed that the log message from the new codepath was present
in logcat, sysprop is 1, and paranoid is -1.
Change-Id: I9df5da2076cdbd777d35e50e8cd7a483ec85e20a
The critical services can now using the interface `critical
[window=<fatal crash window mins>] [target=<fatal reboot target>]` to
setup the timing window that when there are more than 4 crashes in it,
the init will regard it as a fatal system error and reboot the system.
Config `window=${zygote.critical_window.minute:-off}' and
`target=zygote-fatal' for all system-server services, so platform that
configures ro.boot.zygote_critical_window can escape the system-server
crash-loop via init fatal handler.
Bug: 146818493
Change-Id: Ib2dc253616be6935ab9ab52184a1b6394665e813
This reverts commit 42c55f5ce9.
Reason for revert: b/171512004 It should be created at runtime.
Bug: 171512004
Change-Id: If9277f078cb343fbad825f0e8d1348d50f4b759a
Always create ramdisk/first_stage_ramdisk directory at build time.
Generic boot image always need this directory to work on devices
w/ and w/o a dedicated recovery partition. By default, the ramdisk is
mounted as readonly, unless on x86 platforms. If the ramdisk is mounted as
readonly, the directory cannot be created at runtime.
Note that devices with a dedicated recovery partition will never
switch root into the first_stage_ramdisk directory in first stage init.
Bug: 156098440
Test: manual by disabling init to mkdir first_stage_ramdisk
Change-Id: Ie272f4eedccc0b008fb538c1e0f3985ff70696cf
When a device-mapper table contains a "user" entry, a corresponding
dm-user misc control device is created. The devices are put into a
separate folder by default, which currently confuses ueventd, and we
wind up with paths like:
/dev/dm-user!blah
Special case these devices so they wind up as:
/dev/dm-user/blah
Test: dmctl create blah user 0 100 test-device
/dev/dm-user/test-device exists
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Change-Id: I313db07c3400f14f3ed0ffa20fdac2ac3e34b6d3
This change does the following:
- Create /second_stage_resources empty dir at root.
- At runtime:
- At first stage init:
- mount tmpfs to /second_stage_resources.
- Copy /system/etc/ramdisk/build.prop to
/second_stage_resources/system/etc/ramdisk/build.prop
- At second stage init:
- Load prop from the above path
- umount /second_stage_resources
Test: getprop -Z
Test: getprop
Bug: 169169031
Change-Id: I18b16aa5fd42fa44686c858982a17791b2d43489
This is a re-landing of the original CL, with a few changes:
- The correct device is now returned in MapUpdateSnapshot.
- The old API is used for tests, and the new API is only tested when
used on a VABC device.
- A sync() call has been added to ensure that writes to the base and
target snapshot devices have been fully flushed. This makes
IsPartitionUnchanged detect the MapUpdateSnapshot bug.
Implement OpenSnapshotWriter for non-compressed Virtual A/B. This is
done by adding an OnlineKernelSnapshotWriter class, which forwards all
writes to a dm-snapshot block device.
This also introduces a new ISnapshotWriter class which extends
ICowWriter, and adds features specific to libsnapshot (versus ICowWriter
which is intended only for the new COW format). The OpenSnapshotReader
call has been moved here since the writer retains all the information
needed to create the reader.
To test the new call, vts_libsnapshot_test has been modified to use
OpenSnapshotWriter.
As part of this change, all consumers of libsnapshot must now link to
libsnapshot_cow.
Bug: 168554689
Test: vts_libsnapshot_test
Test: full OTA with update_device.py
Test: incremental OTA with update_device.py
Change-Id: I90364a58902a4406a37cb14a816642c57a72bec2
The ro.build.version.release property was changed from being the
codename or final name of the current release to be the final name
of the most recent release. Use ro.build.version.release_or_codename
to reconstruct the fingerprint to match what the build system does.
Bug: 158483506
Test: adb shell getprop | grep fingerprint
Change-Id: I3bd992b6f06ff90bb6024253339a2654afa069ee
So DSU system don't use a hard-coded metadata key dir.
Bug: 168571434
Test: Install and boot a DSU system.
Change-Id: I096ef46a6f7b2d9fc42882288519fc5b93df1f41
Revert "Link to libsnapshot_cow everywhere libsnapshot is linked."
Revert submission 1433573-vab-libsnapshot-linkage
Reason for revert: b/169981170, update crash for droidfooders.
Reverted Changes:
Ie75bba98c:Link to libsnapshot_cow where libsnapshot is linke...
Ieedfadc55:libsnapshot: Partially implement OpenSnapshotWrite...
I28a5d4a88:Link to libsnapshot_cow everywhere libsnapshot is ...
Exempt-From-Owner-Approval: Revert to unblock dogfood
Change-Id: I0677df77672aca9fd54d94e009ac0be7c88a1a9d
The README.md states that this ordering is not guaranteed to give
flexibility for the future, however it's time to state that this
ordering is guaranteed, especially since:
1) We have a tests, EventTriggerOrder and
EventTriggerOrderMultipleFiles, which have guaranteed this ordering
since 2017.
2) We have users requesting and depending on this order
Also update some slightly out of date parts of the documentation:
1) We import /system/etc/init/hw/init.rc instead of /init.rc as the
first import
2) We additionally import /system_ext/etc/init and /product/etc/init
Test: n/a
Change-Id: I6d7b8d9e52f0d52bee320d5074ebb74a537f9150
Implement OpenSnapshotWriter for non-compressed Virtual A/B. This is
done by adding an OnlineKernelSnapshotWriter class, which forwards all
writes to a dm-snapshot block device.
This also introduces a new ISnapshotWriter class which extends
ICowWriter, and adds features specific to libsnapshot (versus ICowWriter
which is intended only for the new COW format). The OpenSnapshotReader
call has been moved here since the writer retains all the information
needed to create the reader.
To test the new call, vts_libsnapshot_test has been modified to use
OpenSnapshotWriter.
As part of this change, all consumers of libsnapshot must now link to
libsnapshot_cow.
Bug: 168554689
Test: vts_libsnapshot_test
Change-Id: Ieedfadc557833c1e0540922aabc6e95c80266a64
To be consistent with other prebuilt modules within APEXes, the location
for firmware files is switched from /apex/*/firmware to
/apex/*/etc/firmware.
Bug: 167942098
Test: loading vibrator firmware from vibrator apex(sunfish)
Change-Id: Ia05735bf5a54482fded26525fa4a8f795dcfc029
In addition to "firmware_directories", ueventd scans /apex/*/firmware/
directory as well to find firmware files.
Bug: 167942098
Test: loading firmware from vibrator apex successfully.
(sunfish)
Change-Id: I90fc8f9ad843a08b1ca98a2be1b5d22c0c5954a3
"init subcontext" is responsible to handle a few commands in vendor
context. To support Vendor APEX, "init subcontext" is now started in
"default" mount namespace so that those commands can access /apex/*.
For example, insmod should see the contents of /apex to install kernel
modules in apexes.
Bug: 162701747
Test: adb shell ps -ef | grep init
=> check pid of <init subcontext>
adb shell readlink /proc/<pid: init>/ns/mnt
adb shell readlink /proc/<pid: init subcontext>/ns/mnt
=> check if these are equal
Change-Id: Icd5e862e52d78635e83824b267b6d32d8f3e9eea
dev.mnt. properties are primarily intended for tuning parameters for
mounts such as /system and /data but don't have much use for emulated
mounts.
There are additional emulated mounts created for each user on a
device, so if too many users are created, init would otherwise create
too many dev.mnt. properties, filling the property file that backs
these properties, and preventing more properties from being
generated.
Therefore, this change stops init from creating dev.mnt. properties
for emulated mounts.
Bug: 156721033
Test: user creation stress test doesn't create large numbers of
properties
Change-Id: I6475956719b7c938b8289189abfef661140d526d
