Set properties dev.mnt.blk.<mount_point>=<device_block_class> for mount
and umount operations by setting up an Epoll handler to catch
EPOLLERR or EPOLLPRI signals when /proc/mounts is changed. Only
update properties associated with block devices. For the mount
point of /, use the designation of /root instead.
Can use the properties in init rc expansion like:
on property dev.mnt.blk.root=*
write /sys/block/${dev.mnt.blk.root}/queue/read_ahead_kb ${boot_read_ahead_kb:-2048}
on property dev.mnt.blk.data=*
write /sys/block/${dev.mnt.blk.data}/queue/read_ahead_kb ${boot_read_ahead_kb:-2048}
on late-fs
setprop boot_read_ahead_kb 128
write /sys/block/${dev.mnt.blk.root}/queue/read_ahead_kb ${boot_read_ahead_kb}
write /sys/block/${dev.mnt.blk.data}/queue/read_ahead_kb ${boot_read_ahead_kb}
Test: boot and inspect getprop results.
Bug: 124072565
Change-Id: I1b8aff44f922ba372cd926de2919c215c40ee874
In particular, this allows services running as the root user to have
capabilities removed instead of always having full capabilities.
Test: boot device with a root service with an empty capabilities
option in init showing no capabilities in /proc/<pid>/status
Change-Id: I569a5573ed4bc5fab0eb37ce9224ab708e980451
*/build.prop files are now loaded much earlier than before; from 'on
post-fs' to the time when the property service is started which is
before init starts the action loop.
This ensures that all processes that are launched by init have a
consistent view of system properties. Previously, the processes that
started before 'on post-fs' were initially with the small number of
sysprops loaded from */default.prop and then suddenly get additional
sysprops from */build.prop while they are executing.
Bug: 122714998
Test: device boots
Change-Id: Ic07528421dfbe8d4f43673cea41175d33cfbf298
With all of the changes made to the early init boot phase, the
README.md needs updating for future referencing.
Test: none
Change-Id: Ia572577c683add449a4e091ffd4d1597682e9325
A service with 'updatable' option can be overriden by the same service
definition in APEXes.
/system/etc/init/foo.rc:
service foo /system/bin/foo
updatable
/apex/myapex/etc/init.rc:
service foo /apex/myapex/bin/foo
override
Overriding a non-updatable (i.e. without updatable option) service
from APEXes is prohibited.
When an updatable service is started before APEXes are all activated,
the execution is delayed until when the APEXes are all activated.
Bug: 117403679
Test: m apex.test; adb push <built_apex> /data/apex; adb reboot
adb shell, then lsof -p $(pidof surfaceflinger) shows that
the process is executing
/apex/com.android.example.apex@1/bin/surfaceflinger instead of
/system/bin/surfaceflinger
Change-Id: I8a57b8e7f6da81b4d2843e261a9a935dd279067c
Init now parses *.rc files from the APEXs when the apexd notifies the
mount event via apexd.status sysprop.
Bug: 117403679
Test: m apex.test; adb root; adb push <builtfile> /data/apex; adb reboot
adb root; adb shell setprop ctl.start apex.test; dmesg shows that init
tries to start the service which doesn't exist.
[ 47.979657] init: Could not ctl.start for 'apex.test': Cannot find '/apex/com.android.example.apex/bin/test': No such file or directory
Change-Id: I3f12355346eeb212eca4de85b6b73257283fa054
The memcg.limit_percent option can be used to limit the cgroup's
max RSS to the given value as a percentage of the device's physical
memory. The memcg.limit_property option specifies the name of a
property that can be used to control the cgroup's max RSS. These
new options correspond to the arguments to the limitProcessMemory
function in frameworks/av/media/libmedia/MediaUtils.cpp; this will
allow us to add these options to the rc files for the programs that
call this function and then remove the callers in a later change.
There is also a change in semantics: the memcg.* options now have
an effect on all devices which support memory cgroups, not just
those with ro.config.low_ram or ro.config.per_app_memcg set to true.
This change also brings the semantics in line with the documentation,
so it looks like the previous semantics were unintentional.
Change-Id: I9495826de6e477b952e23866743b5fa600adcacb
Bug: 118642754
Bug: 117828597
Test: bugreport launches with a test property set to appropriate keys
Test: bugreport doesn't launch with the test property unset
Test: no errors seen in build or boot in either of the above cases
Change-Id: Iea27032080a0a7863932b1c1b573857ac66b56b5
'Critical' services have rebooted into bootloader, like all other
catastrophic init crashes, for years now. Update the text to match.
Test: n/a
Change-Id: Icfc41bf3e383958f14ecfaab9ca187e2c3dc7fd9
This keyword can (and should) be used multiple times when multiple
services are served together. I've documented this here.
Bug: N/A
Test: N/A
Change-Id: Ie986c9cac486db346555f359e9ccbed93d8d1d22
Allow services to specify a custom restart period via the
restart_period service option. This will allow services to be run
periodically, such as a service that needs to run every hour.
Allow services to specify a timeout period via the timeout_period
service option. This will allow services to be killed after the
timeout expires if they are still running. This can be combined with
restart_period for creating period services.
Test: test app restarts every minute
Change-Id: Iad017820f9a602f9826104fb8cafc91bfb4b28d6
Due to a bug with ParseUint(), init would defacto accept -1 for an
infinite rlimit, but only on 64bit devices. That bug is now fixed,
such that -1 would be rejected by ParseUint() for all devices.
This change explicitly checks for -1 for all devices or 'unlimited' to
match ulimit's reporting and accepts either as an infinite rlimit.
Bug: 112668205
Test: new (and old) unit tests
Change-Id: Ie28ff622cdf375a65ceb5f32ffb14fb3d5d9f2ba
Add the ability to enter a network namespace when launching a service.
Typical usage of this would be something similar to the below:
on fs
exec ip netns add namespace_name
service vendor_something /vendor/...
capabilities <lower than root>
user not_root
enter_namespace net /mnt/.../namespace_name
Note changes to the `ip` tool are needed to create the namespace in
the correct directory.
Bug: 73334854
Test: not yet
Change-Id: Ifa91c873d36d69db399bb9c04ff2362518a0b07d
This command functions similarly to `exec` except that it does not
cause init to halt executing commands until the process has
terminated. It is useful for launching simple one time background
tasks.
Bug: 65736247
Test: create an exec_background service and see it function properly
Change-Id: I719c8b85479b65201770aedc0a13191303007c11
Add a new service option, `rlimit` that allows a given rlimit to be
set for a specific service instead of globally.
Use the same parsing, now allowing text such as 'cpu' or 'rtprio'
instead of relying on the enum value for the `setrlimit` builtin
command as well.
Bug: 63882119
Bug: 64894637
Test: boot bullhead, run a test app that attempts to set its rtprio to
95, see that the priority set fails normally but passes when
`rlimit rtprio 99 99` is used as its service option.
See that this fails when `rlimit rtprio 50 50` is used as well.
Test: new unit tests
Change-Id: I4a13ca20e8529937d8b4bc11718ffaaf77523a52
Inspired by ag/2659809/, this CL add readahead built-in command in init
to let files be prefetched into pagecache for faster reading.
Readahead happens in background but due to filesystem limitation it
might take small amount of time in it reading the filesystem metadata
needed to locate the requested blocks. So the command is executed in a
forked process to not block init execution.
Bug: 62413151
Test: boottime, dumpcache
Change-Id: I56c86e2ebc20efda4aa509e6efb736bd1d92baa5
Allow configuring memory.swappiness, memory.soft_limit_in_bytes
and memory.limit_in_bytes by init; by doing so there is better
control of memory consumption per native app.
Test: tested on gobo branch.
bug: 63765067
Change-Id: I8906f3ff5ef77f75a0f4cdfbf9d424a579ed52bb
- "shutdown critical" prevents killing the service during
shutdown. And the service will be started if not running.
- Without it, services will be killed by SIGTERM / SIGKILL during shutdown.
- Even services with "shutdown critical" will be killed if shutdown
times out.
- Removes ueventd and vold from hard coded list. Each service's rc will
be updated to add "shutdown critical". watchdogd is still kept in the list.
bug: 37626581
Test: reboot and check last kmsg
Change-Id: Ie8cc699d1efbc59b9a2561bdd40fec64aed5a4bb
The exec_service documentation was difficult to read, clarify it.
Tests:
Run grip.py to verify that the markdown still works correctly.
Run aspell to verify spelling.
Change-Id: I29bdd456f3d3ea2a91c9d4772bd09a5a195f97a9
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Also renames "early mount" to "first stage mount" to prevent confusion
with "mount_all --early", which is run in the init second stage.
Also creates a base class: FirstStageMount and two derived classes:
FirstStageMountVBootV1 and FirstStageMountVBootV2 to replace/refactor
existing functions:
- early_mount() -> DoFirstStageMount() and FirstStageMount::DoFirstStageMount()
- vboot_1_0_early_partitions -> FirstStageMountVBootV1::GetRequiredDevices()
- vboot_2_0_early_partitions -> FirstStageMountVBootV2::GetRequiredDevices()
- vboot_1_0_mount_partitions ->
FirstStageMount::MountPartitions() and
FirstStageMountVBootV1::SetUpDmVerity()
- vboot_2_0_mount_partitions ->
FirstStageMount::MountPartitions() and
FirstStageMountVBootV2::SetUpDmVerity()
Bug: 37413399
Test: first stage mount /vendor with vboot 2.0 (avb) on bullhead
Test: first stage mount /system with without verity on bullhead
Test: first stage mount /vendor with with vboot 1.0 on sailfish
Change-Id: I6584bdf7d832c9fbc8740f97c9b8b94e68a90783
In the past, I had thought it didn't make sense to have multiple
Action classes with identical triggers within ActionManager::actions_,
and opted to instead combine these into a single action. In theory,
it should reduce memory overhead as only one copy of the triggers
needs to be stored.
In practice, this ends up not being a good idea.
Most importantly, given a file with the below three sections in this
same order:
on boot
setprop a b
on boot && property:true=true
setprop c d
on boot
setprop e f
Assuming that property 'true' == 'true', when the `boot` event
happens, the order of the setprop commands will actually be:
setprop a b
setprop e f
setprop c d
instead of the more intuitive order of:
setprop a b
setprop c d
setprop e f
This is a mistake and this CL fixes it. It also documents this order.
Secondly, with a given 'Action' now spanning multiple files, in order
to keep track of which file a command is run from, the 'Command'
itself needs to store this. Ironically to the original intention,
this increases total ram usage. This change now only stores the file
name in each 'Action' instead of each 'Command'. All in all this is a
negligible trade off of ram usage.
Thirdly, this requires a bunch of extra code and assumptions that
don't help anything else. In particular it forces to keep property triggers
sorted for easy comparison, which I'm using an std::map for currently,
but that is not the best data structure to contain them.
Lastly, I added the filename and line number to the 'processing
action' LOG(INFO) message.
Test: Boot bullhead, observe above changes
Test: Boot sailfish, observe no change in boot time
Change-Id: I3fbcac4ee677351314e33012c758145be82346e9
Currently if a process sets the sys.powerctl property, init adds this
property change into the event queue, just like any other property.
The actual logic to shutdown the device is not executed until init
gets to the action associated with the property change.
This is bad for multiple reasons, but explicitly causes deadlock in
the follow scenario:
A service is started with `exec` or `exec_start`
The same service sets sys.powerctl indicating to the system to
shutdown
The same service then waits infinitely
In this case, init doesn't process any further commands until the exec
service completes, including the command to reboot the device.
This change causes init to immediately handle sys.powerctl and reboot
the device regardless of the state of the event queue, wait for exec,
or wait for property conditions.
Bug: 37209359
Bug: 37415192
Test: Init reboots normally
Test: Update verifier can reboot the system
Change-Id: Iff2295aed970840f47e56c4bacc93001b791fa35
this will make the implementation more cleaner,
and has error message output when failed on some operations
also add the O_TRUNC flag explicitly for the open function
called in write_file.
And add more test on read_file and write_file functions
Bug: 36726045
Test: manual with hikey
Test: boot and init tests on bullhead
Test: cast with fugu, per b/36726045
Merged-In: If3c30a2fff58cfece2fcd27e69c30382146e6808
Change-Id: If3c30a2fff58cfece2fcd27e69c30382146e6808
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
- Run shutdown animation during shutdown if surfaceflinger is
available / running.
- services necessary for animation should be added to animation
class.
- Keep debugging tools while non-critical services are terminated:
logd, adbd, tombstoned
bug: 36526187
Test: many reboots
Change-Id: I758f700a622c6005f3df9f29de2b55270055ad4d
Exec services may also want to set other service flags such as
priority. Instead of expanding the exec syntax to handle this, create
a new command, exec_start, that will treat an existing service
definition as an exec service. The new exec_start command will start
the service then halt init from executing further commands until the
service has exited.
This change additionally encapsulates the waiting_for_exec logic into
ServiceManager and removes the ambiguous 'bool' return value from
Reap() which previously indicated if a Reaped service was an exec
service or not.
Bug: 36511808
Bug: 36102163
Test: Bullhead boots, services run with exec_start as they do exec.
Change-Id: I44f775cf1c1dd81d5c715f44fdc150c651a2c80a
Add support of multiple class names in service, so that related services
can be grouped together. By doing this, we can start/stop some services
for special purpose. For example, early zygote, early boot animation
and etc.
Bug: 36535312
Test: marlin boots with defined classes
Change-Id: Ifeaaf034fd836816e24f3775bece53ea83faada6
writepid takes a list of space delimited files. Make this clear in
the documentation, following the format for repeated fields used in
the rest of the file.
Test: N/A
Change-Id: I5bbe453fcb54f060d3cc5a82e9b38d3091a1ece3
this will make the implementation more cleaner,
and has error message output when failed on some operations
also add the O_TRUNC flag explicitly for the open function
called in write_file.
And add more test on read_file and write_file functions
Test: manual with hikey
Change-Id: Ifc1086a20e85db6980b497b1150a8a7952e672d6
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Normally 'writepid' is used to add a process to a particular cpuset. However
certain systems with big/small cores might need to specify a default cpuset for
system processes which do not explicitly specify one. Add an option to use
'ro.cpuset.default' system property to specify default cpuset for system processes
which do not explicitly write to /dev/cpuset/... with 'writepid' option.
The cpuset name specified in ro.cpuset.default is just the cpuset name, e.g.
'/system-background', '/foreground', or simply '/' for the "root" cpuset.
Bug: 28550814
Test: `m -j32` succeeds for aosp_sailfish-eng. Phone boots successfully.
Also tested manually with debug trace messages on emulator with different
combinations of values for 'ro.cpuset.default'.
Change-Id: I501727fa5ee3f4bb7a938fa104b81a404b616633
There are many use cases from vendors to exec service in background and then
use a shell scriprt to wait for the command done.
This CL is to add a wait_for_prop command to suppor those use cases.
Bug: 34746108
Test: on marlin
Change-Id: Ia81290b0928f9d375710d2daa546714f0cd65b72