Commit graph

1184 commits

Author SHA1 Message Date
Xiaoyong Zhou
66e2127c47 Loads fsverity keys
This CL calls mini-keyctl to load fsverity keys.

Bug: 112038861
Test: cat /proc/keys
Change-Id: I3b7cf85c2f64116a56349c54ed5fa4e8cf14a730
2019-01-31 13:48:04 -08:00
Jiyong Park
6866041ff0 Proper mount namespace configuration for bionic
This CL fixes the design problem of the previous mechanism for providing
the bootstrap bionic and the runtime bionic to the same path.

Previously, bootstrap bionic was self-bind-mounted; i.e.
/system/bin/libc.so is bind-mounted to itself. And the runtime bionic
was bind-mounted on top of the bootstrap bionic. This has not only caused
problems like `adb sync` not working(b/122737045), but also is quite
difficult to understand due to the double-and-self mounting.

This is the new design:

Most importantly, these four are all distinct:
1) bootstrap bionic (/system/lib/bootstrap/libc.so)
2) runtime bionic (/apex/com.android.runtime/lib/bionic/libc.so)
3) mount point for 1) and 2) (/bionic/lib/libc.so)
4) symlink for 3) (/system/lib/libc.so -> /bionic/lib/libc.so)

Inside the mount namespace of the pre-apexd processes, 1) is
bind-mounted to 3). Likewise, inside the mount namespace of the
post-apexd processes, 2) is bind-mounted to 3). In other words, there is
no self-mount, and no double-mount.

Another change is that mount points are under /bionic and the legacy
paths become symlinks to the mount points. This is to make sure that
there is no bind mounts under /system, which is breaking some apps.

Finally, code for creating mount namespaces, mounting bionic, etc are
refactored to mount_namespace.cpp

Bug: 120266448
Bug: 123275379
Test: m, device boots, adb sync/push/pull works,
especially with following paths:
/bionic/lib64/libc.so
/bionic/bin/linker64
/system/lib64/bootstrap/libc.so
/system/bin/bootstrap/linker64
Change-Id: Icdfbdcc1efca540ac854d4df79e07ee61fca559f
2019-01-30 19:18:22 +09:00
Wei Wang
0d78bfbc09 Fix path for default prop
Bug: 123407630
Test: boot
Change-Id: Ia10ac6ad141e980abb07d7b37487f9de9ef64796
2019-01-25 10:30:47 -08:00
Sudheer Shanka
c39ed35d82 Merge "Reland "Create new mount directory /mnt/runtime/full."" 2019-01-19 00:24:23 +00:00
Sudheer Shanka
81c687dff8 Reland "Create new mount directory /mnt/runtime/full."
This will be used for system internals to access
secondary volumes without having to bypass sdcardfs.

This reverts commit 54b8844b13

Bug: 121277410
Test: manual
Change-Id: Id5b995dc5899b5999f1dea662ba1c3ee475a0e46
2019-01-19 00:21:10 +00:00
Jiyong Park
8b73dfc0a4 Revert "Bionic libs and the dynamic linker are bind mounted"
This reverts commit 2599088ff6.
Reason: Breaks some 3p apps.

Bug: 122920047
Test: run the app, login.
Change-Id: Idea332b1f91e9d2ac6ebd3879da7820c8ba2284f
2019-01-18 12:30:51 +09:00
Treehugger Robot
3daecf5977 Merge "Revert "Create new mount directory /mnt/runtime/full."" 2019-01-17 01:04:50 +00:00
Sudheer Shanka
54b8844b13 Revert "Create new mount directory /mnt/runtime/full."
This reverts commit 987e732fe8.

Reason for revert: 122957837

Change-Id: Ib1451d46a05f34eb52fdc13143529913df5ec001
2019-01-16 19:52:29 +00:00
Sudheer Shanka
598a4bcb13 Merge "Create new mount directory /mnt/runtime/full." 2019-01-16 16:34:21 +00:00
Jiyong Park
3b316ee201 Load build sysprops early
*/build.prop files are now loaded much earlier than before; from 'on
post-fs' to the time when the property service is started which is
before init starts the action loop.

This ensures that all processes that are launched by init have a
consistent view of system properties. Previously, the processes that
started before 'on post-fs' were initially with the small number of
sysprops loaded from */default.prop and then suddenly get additional
sysprops from */build.prop while they are executing.

Bug: 122714998
Test: device boots

Change-Id: Ic07528421dfbe8d4f43673cea41175d33cfbf298
2019-01-15 22:40:49 +09:00
Sudheer Shanka
987e732fe8 Create new mount directory /mnt/runtime/full.
This will be used for system internals to access
secondary volumes without having to bypass sdcardfs.

Bug: 121277410
Test: manual
Change-Id: I6546fa8df419157b3c2adcf5ff3faa4db4458cff
2019-01-11 11:32:34 -08:00
Jiyong Park
2599088ff6 Bionic libs and the dynamic linker are bind mounted
This change makes the bionic libs and the dynamic linker from the
runtime APEX (com.android.runtime) available to all processes started
after apexd finishes activating APEXes.

Specifically, the device has two sets of bionic libs and the dynamic
linker: one in the system partition for pre-apexd processes and another
in the runtime APEX for post-apexd processes. The former is referred as
the 'bootstrap' bionic and are located at
/system/lib/{libc|libdl|libm}.so and /system/bin/linker. The latter is
referred as the 'runtime' bionic and are located at
/apex/com.android.runtime/lib/bionic/{libc|libdl|libm}.so and
/apex/com.android.runtime/bin/linker.

Although the two sets are located in different directories, at runtime,
they are accessed via the same path: /system/lib/* and
/system/bin/linker ... for both pre/post-apexd processes. This is done
by bind-mounting the bootstrap or the runtime bionic to the same path.
Keeping the same path is necessary because there are many modules and
apps that explicitly or implicitly depend on the fact that bionic libs
are located in /system/lib and are loaded into the default linker
namespace (which has /system/lib in its search paths).

Before the apexd is started, init executes a built-in action
'prepare_bootstrap_bionic' that bind-mounts the bootstrap bionic to the
mount points. Processes started during this time are provided with the
bootstrap bionic. Then after the apexd is finished, init executes
another built-in action 'setup_runtime_bionic' which again mounts the
runtime bionic to the same mount points, thus hiding the previous mounts
that target the bootstrap bionic. The mounting of the runtime bionic
(which is only for post-apexd processes) is hidden from pre-apexd
processes by changing propagation type of the mount points to 'private'
and execute the pre-apexd processes with a new mount namespace using
unshare(2). If a pre-apexd process crashes and re-launched after the
apexd is on, the process still gets the bootstrap bionic by unmounting
the runtime bionic which effectively un-hides the previous bind-mounts
targeting the bootstrap bionic.

Bug: 120266448
Test: device boots
Test: cat /proc/`pidof zygote`/mountinfo shows that
/system/lib/{libc|libdl|libm}.so and /system/bin/linker are from the
runtime APEX
Test: cat /proc/'pidof vold`/mountinfo shows that the same mount points
are from system partition.

Change-Id: I7ca67755dc0656c0f0c834ba94bf23ba9b1aca68
2019-01-11 15:17:04 +09:00
Narayan Kamath
8464d79877 Allow the system user to read apex_data_file.
For consistency with APKs, signature verification is performed
in the system_server. This includes checking that the signature of
an updated install matches the signature of the active package that
it updates. For this, it requires search access to /data/apex and
read access to the files under that directory.

Test: m
Change-Id: I8795b26b9a40ba7126c2a548fbec82ff322a1453
2019-01-07 19:15:10 +00:00
Dario Freni
22cdf96697 Create staging directory for Staging Manager.
Staging Manager is a high-level service (yet to be committed) that
manages multi-package sessions requiring a reboot to be applied, for
example if one of the packages is an APEX file. This directory will
contain the session data and the temporary copies of the packages.

Bug: 118865310
Test: N/A
Change-Id: I8aceefab849cf5af17086cb6868b801d1c2615e9
2018-12-20 15:24:18 +00:00
Neil Fuller
c71a48ba55 Track movement of tz files into the runtime module
The main "base" copy of time zone data is now found in
the runtime module. The system files will likely be deleted.

Test: CTS: run cts -m CtsHostTzDataTests
Test: PTS (cp'd to internal master): run pts -m PtsTimeZoneTestCases
Bug: 116191025
Bug: 119293618
Bug: 113373927
Test: build / boot with logcat inspection
Change-Id: I8dc8ff0d17aac124262d9c7c54abce61d97397e5
2018-12-14 15:32:39 +00:00
Haibo Huang
d60a19b184 Writes cpu variant information to dev/
This change adds a command to init.rc to write cpu variant information to a file under dev/

Test: sync to device and make sure corresponding files are created.
Change-Id: Ibf90967f13f72af925c82ff79bd973ef4cdc4068
2018-11-19 18:57:50 +00:00
Jiyong Park
c240440eec init parses *.rc files from APEXes
Init now parses *.rc files from the APEXs when the apexd notifies the
mount event via apexd.status sysprop.

Bug: 117403679
Test: m apex.test; adb root; adb push <builtfile> /data/apex; adb reboot
adb root; adb shell setprop ctl.start apex.test; dmesg shows that init
tries to start the service which doesn't exist.

[   47.979657] init: Could not ctl.start for 'apex.test': Cannot find '/apex/com.android.example.apex/bin/test': No such file or directory

Change-Id: I3f12355346eeb212eca4de85b6b73257283fa054
2018-11-10 04:18:09 +09:00
Anton Hansson
c38a63646b Create /data/preloads on post-fs-data
This directory is used for preloads that are typically placed in
the system_other image and copied to /data on first boot if the
cppreopts script is installed.

Bug: 80508492
Test: make
Change-Id: I4121b07ee2fc96d533075d1907557de7e4be4ee0
2018-10-24 15:29:16 +01:00
Tom Cherry
f18b748b91 Start logd and service managers during the 'init' trigger
Now that we mount partitions early, services can be started before the
'fs' trigger.  We therefore start the service managers as early as
possible to ensure their transports are online, without device
specific rc files needing to handle that.  We also start logd even
one step earlier to ensure that we capture all possible logd.

Bug: 89689596
Test: logging works for early services, include the servicemanagers
Change-Id: I75dbfcd26eb6fa77f002de10afd00f085c93aa07
2018-10-17 14:21:37 -07:00
Daniel Rosenberg
6156b9b8ba Call markBootAttempt when serice manager available
This causes adds a call the fucntion to decrement the
checkpoint's retry count as soon as service manager is
available.

Test: vdc setCheckpoint 2 then reboot 3 times checking state
Bug: 112901762
Change-Id: Ie0a78b1eb05b340718e76175509d1ebefae68017
2018-10-15 22:16:19 +00:00
Paul Lawrence
b920cb44aa Handle retry count correctly
Test: vdc startCheckpoint 2 then reboot 3 times checking state

Change-Id: I4eeda7f73d82a7c8b2469571fa558df2fac47354
2018-10-08 14:06:06 -07:00
Martijn Coenen
c3b40a5793 Merge "Add /apex tmpfs mount and mount it." 2018-10-04 07:08:54 +00:00
Martijn Coenen
344a91a5f1 Add /apex tmpfs mount and mount it.
APEX filesystem images will now be mounted in /apex.

Also, make sure /data/apex is created with the right ACL.

Bug: 112455435
Test: flash and wipe, /apex is mounted as tmpfs, /data/apex is created
Change-Id: Ie27775e9f40a27b510272f212762624a04e94f1d
2018-10-03 09:48:38 +02:00
Paul Lawrence
786d0b27a2 make checkpointing work on ext4
Test: Test script passes

Change-Id: Iafa337947f2fd456aa692ecb112ccc56638f7947
2018-10-02 10:12:33 -07:00
Martijn Coenen
1e3764575e Merge "init: start apexd as early as we can." 2018-09-26 06:56:26 +00:00
Wei Wang
fa14d21ca4 Move zygote start after loading persist properties
Currently zygote is started before loading persistent properties which
stops ART honor experiment flags planned landed as persistent
properties.

The original motivation is we would like zygote be started as early as
possible and loading persistent properties taking time, but after fix of
b/64392887 loading persist properties is now only taking 3ms on P18, 6ms
on P16 respectively.

Bug: 114044733
Test: Boot
Change-Id: Ibc118966e975c741ee8ea47091b14d691692bf2c
2018-09-06 10:29:00 -07:00
Isaac Lee
f32c201743 Show bootanimation after decrypt
Because the original modification (restart SF which is added
for display bootanimation) from O to P causes bootanimation NPE,
 we remove the part of restart SF and add other flow to show
 bootanimation.

Test: manual, ran the test 10 times and it cause no NPE and
      display BootAnimation after decrypt
Test: boot aosp_sailfish

Bug: 79547653
Change-Id: I355ccdbb2e2f27d897e2e0ee00f9300ef38ede03
2018-08-30 16:44:34 +00:00
Elliott Hughes
5a0a51b81f Add /dev/stdin, /dev/stdout, and /dev/stderr.
Bug: http://b/31824379
Test: `adb shell ls -l /dev/std*`
Change-Id: I6af7ff205e12c10e958be263c3f1c429d48c0bbc
2018-08-22 13:21:21 -07:00
Martijn Coenen
3848e1ba12 init: start apexd as early as we can.
apexd needs to run right after mounting /data.

Bug: 112455435
Test: apexd is running
Change-Id: I71c834bcaf26a3133aef57bb1d1953010a6d137c
2018-08-17 13:52:25 +02:00
Xin Li
5d707816ac Merge "Merge Android Pie into master" 2018-08-07 16:51:24 +00:00
Tom Cherry
31438489c0 split first stage init into a separate executable
In the future, systems with dm-linear will require a ramdisk to set up
the mount for system.  In this world, first stage init will be a part
of this ramdisk and handle setting up dm-linear, mounting the
necessary partitions, then pivoting to the system image, which will
become the root partition.

This also enables previous devices without system-as-root, to be
unified with system-as-root devices for all aspects of boot after the
pivot_root.

Bug: 79758715
Test: boot hikey
Test: boot sailfish, boot sailfish into recovery
Change-Id: Iefa88a3ec5994e7989aa9f26f2de0351ffa5468b
2018-08-06 10:36:43 -07:00
Luis Hector Chavez
c4a8b5a595 Merge "Make /acct have 0555 permissions after mounting"
am: f2878cf15b

Change-Id: I961153c5af23a7f094aea16c8958b0d2bb36391b
2018-07-30 16:49:55 -07:00
Luis Hector Chavez
0451fd6584 Make /acct have 0555 permissions after mounting
This change adds a `chmod 0555 /acct` just after mounting the cgroup fs
on it. This makes it such that even on systems where the rootdir+system
partitions are shared, the permissions allow for the system user to open
files within /acct, which in turn makes libprocessgroup not complain
that it can never do anything with those files.

Bug: 111996377
Test: adb shell 'ls -ldZ /acct'  # Before and after, on an aosp_sailfish
      dr-xr-xr-x 48 root root u:object_r:cgroup:s0 0 1971-12-29 17:41 /acct

Change-Id: Iee6531126c6e81aa7794e44500555bd3c1cdf7b8
2018-07-30 13:06:46 -07:00
Luis Hector Chavez
81c97bc46f Merge "init.rc: Remount / with MS_REMOUNT|MS_BIND|MS_NODEV"
am: 19ef02ef42

Change-Id: I94c5641308b7b2760bdc4734158011d9cb7146aa
2018-07-11 10:49:41 -07:00
Luis Hector Chavez
d07d0942c6 init.rc: Remount / with MS_REMOUNT|MS_BIND|MS_NODEV
/ should not have any character/block devices, so might as well pass in
the nodev flag.

Bug: 73255020
Test: aosp_sailfish still boots
Test: sailfish:/ # find / -xdev -a \( -type b -o -type c -o -type p -o -type s \)
      sailfish:/ #
Test: rootfs on / type rootfs (rw,seclabel)
      /dev/root on / type ext4 (ro,seclabel,nodevrelatime)

Change-Id: Ia73e04b53a47506892d9d3cb61b471b81bb72dc3
2018-07-11 08:36:00 -07:00
Yabin Cui
329e12fb57 Merge "Add debug system properties to control profiling limits."
am: 1db3789252

Change-Id: I32d3d93bc97aab5a9c21be0f0af5191b581aa32a
2018-07-10 11:11:09 -07:00
Yabin Cui
4f0da7cb82 Add debug system properties to control profiling limits.
When security.perf_harden is disabled through adb, use some debug
system properties to set profiling limits in the kernel, including
cpu percentage, memory, and max sample rate.

Bug: 110706031
Test: boot hikey960 and manually set system properties to make
Test: sure it works.

Change-Id: I44c0adf3a000bb393905233f2a097c97b5fe91ec
2018-07-09 16:03:30 -07:00
Mark Salyzyn
fbe32e723b Merge "rootdir: access to pstore denied to bootstat"
am: 8b80960417

Change-Id: I02884961f2b782e57a9dcac028c2bd6ae7b33f48
2018-06-29 15:20:57 -07:00
Mark Salyzyn
7ab805ea1d rootdir: access to pstore denied to bootstat
Test: boot_reason_test.sh
Bug: 110925971
Change-Id: Iba7b7325fe8c9ad18a7f8dbda550d6008400693e
2018-06-29 13:10:08 -07:00
Jordan Liu
2f51c3ec25 Merge "Add a new directory to store downloaded apns" am: e0a52774b4
am: c25eeeca52

Change-Id: I0e4fc27f07aea7a050ed06d7206256319d4204bc
2018-05-21 14:49:10 -07:00
Paul Crowley
36bd69f826 Add option to create metadata mount point
am: fe305ab286

Change-Id: If035ab553e75afd4ac6e07ee1c97d6218c3ce397
2018-05-21 10:46:33 -07:00
Niklas Lindgren
fd66538ef3 Add a new directory to store downloaded apns
downloaded apns-conf.xml will be stored in the folder
/data/misc/apns/ to make sure TelephonyProvider gets
access.

Bug: 79948106
Test: Manual
Change-Id: I4ba0596fa6523c0eb96328dbe46ead02587bd9b8
2018-05-21 18:48:28 +02:00
Paul Crowley
fe305ab286 Add option to create metadata mount point
Test: booted metadata-encrypted device
Bug: 79781913
Change-Id: Ie922db20314c04409c98700bfb1aff3d111275f0
2018-05-18 14:10:56 -07:00
Tim Murray
3188458f36 cutils: add restricted cpuset
am: 658ae90f69

Change-Id: I94d05991e95f79282b0ad980a97edb75d2e908f7
2018-04-18 17:00:21 -07:00
Tim Murray
658ae90f69 cutils: add restricted cpuset
Bug 78197570
Test: CTS
Exempt-From-Owner-Approval: owner OOO, build cop says it's fine

Change-Id: I6df972950b75a839caa463ae282ad000b959e8ae
2018-04-18 16:42:12 -07:00
Jeff Vander Stoep
6d36fdc4da Merge "init.rc: create /data/system/dropbox" am: c629131c26
am: b0918bfa47

Change-Id: Ibe80b9d6e4f3fe6b4555c919fccfc4b0d72aba63
2018-04-18 15:05:27 -07:00
Treehugger Robot
c629131c26 Merge "init.rc: create /data/system/dropbox" 2018-04-18 21:48:39 +00:00
Tri Vo
4640149fd5 Merge "Add /mnt/vendor rw mount point for vendor partitions." 2018-04-18 19:32:32 +00:00
Jeff Vander Stoep
148dea71a5 init.rc: create /data/system/dropbox
Ensure dropbox has the new dropbox_data_file label.

Bug: 31681871
Test: ls -dZ /data/system/dropbox
    u:object_r:dropbox_data_file:s0 /data/system/dropbox

Change-Id: Ia67646f4a789155e20650c33fe4412cae7f930d2
2018-04-18 07:15:37 -07:00
Mark Salyzyn
7977e3d24d Merge "lmkd: limit capability set to minimum" am: 01ce44b734
am: c2d4d08be2

Change-Id: Ic97ab3c4312d260c2aa8c7a30e203564cd72f61a
2018-04-17 15:34:06 -07:00