If UnregisterHandler() is called from inside a handler for an event that
has not yet been processed then that will result in a use-after-free.
Fix this by passing file descriptors to epoll_ctl() instead of pointers
to map elements.
Bug: 213617178
Change-Id: Ie62e3a299af964271ec24cd8fc2e794042b77ee6
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Prepare for optimizing Epoll::Wait() by moving the
ReapAnyOutstandingChildren() call into Epoll::Wait(). No functionality
is changed.
Bug: 213617178
Change-Id: I280ea0069ed29cf323e4177ec500b30b900f7c8d
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Add a move constructor in the CatchDtor class. Check the .emplace()
result. Simplify the destructor. Initialize handler_invoked. Explain the
purpose of this test.
Bug: 213617178
Change-Id: I4d6f97dbb2705a2f2dd78e449ae8de74e90b102f
Signed-off-by: Bart Van Assche <bvanassche@google.com>
The new sequence of operation would be:
1: Load sepolicy - Daemon will continue to be alive and serve any I/O request
2: After sepolicy loading is complete - Switch the device-mapper tables.
3: Kill the block device daemon launched in the first-stage init.
4: Re-launch the daemon with the correct selinux labels set.
5: Enforce the sepolicy
Bug: 240321741
Test: Full OTA on pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Idd392f0f0aae7d93e546c0ec0762e6c07b6263e4
Thermal shutdown could be due to tskin temperature or
battery temperature. Pass reason while rebooting the
system to reflect properly in boot.reason
Bug: 238464124
Test: Build and boot on device. Check reboot reason
for thermal shutdown and battery thermal shutdown with
thermal warmreset enabled.
Change-Id: I192562fed48ae7da7843e383362cd22a76ce479f
This variable is always false or empty now, so clean up remaining
references of the variable.
Bug: 241346584
Test: Presubmit
Change-Id: Id5c37a1391239206477fd802d364a2678692f513
Added SPDX-license-identifier-Apache-2.0 to:
init/fuzzer/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: I2db55c80799d0a8fc5935d9b07a2ddb17eb7235e
This is to resolve idiosyncracies with test packaging.
Bug: 244284630
Test: ldd -d -r CtsInitTestCases
Change-Id: Iec2c14c3ca5cd359b79d9e1f12e689c0eeffb122
Review note: Original change was a p-o-c by agl in
https://r.android.com/2094350 which I think is actually
production quality. I'm just taking it over so that he doesn't
get spammed by any review comments as that's not a good use
of his time.
Needed for the hardware entropy daemon (see bug).
Original commit message:
If one needs to create a service that synchronously starts listening on
a socket then there are currently no good options.
The traditional UNIX solution is to have the service create the socket
and then daemonise. In this situation, init could start the service with
`exec_start` and yet not block forever because the service forks and
exits. However, when the initial child process exits, init kills the
daemon process:
> init: Killed 1 additional processes from a oneshot process group for
> service 'foo'. This is new behavior, previously child processes
> would not be killed in this case.
Next, there is a `socket` option for services and (although the
documentation didn't nail this down), the socket is created
synchronously by `start`. However, init doesn't call `listen` on the
socket so, until the service starts listening on the socket itself,
clients will get ECONNREFUSED.
This this change adds a `+listen` option, similar to `+passcred` which
allows a socket service to reliably handle connections.
Bug: 243933553
Test: Started prng_seeder from init using the new listen flag
Change-Id: I91b3b2b1fd38cc3d96e19e92b76c8e95788191d5
Services created during new tests weren't properly cleaned up after tests. It caused slowdown of subsequent tests as described in b/244486404.
This change kills/terminates services after test with apex services.
To provide some context, original change is at https://android-review.googlesource.com/q/topic:vapex_stop_service. The issue was discovered by android test monitor and filed as a P0 bug.
Bug: 244486404
Change-Id: Ie64e0eb1686e94ef543a457ea49d1d7aeab38c97
extra_free_kbytes.sh accepts a parameter representing the number of KB
to add to low and high watermarks. It adds this margin to the current
watermark levels, however this is not how /proc/sys/vm/extra_free_kbytes
knob that it replaces used to work. The old knob would add the margin
relative to the original and not the current level of the watermarks.
Change extra_free_kbytes.sh to add the specified margin to the original
watermark levels to act as correct replacement of the old knob.
Bug: 242837506
Fixes: 642048d969 ("init: Add extra_free_kbytes.sh script to adjust watermark_scale_factor")
Test: repeatedly run 'setprop sys.sysctl.extra_free_kbytes 30375'
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I8af603ba00bd4fb8182b80b3c0969fa96cdd7311
Added SPDX-license-identifier-Apache-2.0 to:
init/test_upgrade_mte/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: I77b956ed672a2f171b78ab1e7bfddc09bd0dc158
The /dev/selinux folder is normally created by first-stage-init
https://cs.android.com/android/platform/superproject/+/master:system/core/init/first_stage_init.cpp;l=299-300;drc=07c86bace1e7a7cc4dd975f10b077d21c3743749
However, in some cases the first-stage-init comes from a GKI prebuilt
boot.img and doess not create the required folder (see for example
b/217677967), resulting in bugs like b/244793900.
I modified the selinux.cpp code to create the /dev/selinux folder if it
does not exist already, as a safety measure.
To verify these changes for b/244793900, follow gpaste/4922166775644160
Bug: 243923977
Test: atest SeamendcHostTest, manual verification
Change-Id: I8fe798643b1aeab2b4caac837055348febf70b94
Tests using Service::Start() should run under root. Otherwise tests fail
to start services from the test binary due to lack of permission.
Bug: 244748231
Test: CtsInitTestCases
Change-Id: Ia4eb8457cfad7d44da6b171e44f64238e08af9f7
Prepare for migration of the blkio controller to the v2 cgroup hierarchy
by applying the NormalIoProfile when starting a service. While the
NormalIoProfile is automatically applied when the blkio controller is
mounted in the v1 hierarchy, this is not the case for the v2 hierarchy.
Bug: 213617178
Change-Id: I3cad288a31aa2692e10c778ae1e5fdd04acd66d7
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Before loading persistent properties, init now checks if there are any
invalid properties (not starting with "persist.").
Bug: 243723877
Test: atest persistent_properties
Change-Id: Ieb4ddce05916f193388af6b658e1904004ffa473
SeamendcHostTest should run when making changes to selinux.cpp, to
ensure the test logic is updated to match the logic selinux.cpp follows
when it decides to compile the SELinux policy in the OpenSplitPolicy
method.
Bug: 238394904
Test: atest --test-mapping system/core/init/TEST_MAPPING:presubmit
Change-Id: Iaf0ec2356a894b071e6875dd41bcf9e842126e42
This fixes the regression of aosp/2153354.
SwitchToMountNamespaceIfNeeded() is supposed to switch between "default"
mount namespace and "bootstrap" mount namespace. But it shouldn't affect
services with its own mount namespace.
Bug: 239882455
Test: make a hal service start in a separate mount namespace
using 'namespace mnt' in its definition.
see the mount namespace of the service process
$ cat /proc/$(pgrep -f myservice)/ns/mnt
Change-Id: I8c80eaec723241c405f48980b9e88640123c43ad
Passed apex file name to service. The file name will be parsed
to determine 1) whether the service is from an apex; 2) apex name
Bug: 236090201
Change-Id: I2c292c0c067f4bf44bb25b1f80e4f972b94f7258
