Commit graph

134 commits

Author SHA1 Message Date
Tom Cherry
d2dab830d3 init: handle property service callbacks asynchronously
A previous change moved property_service into its own thread, since
there was otherwise a deadlock whenever a process called by init would
try to set a property.  This new thread, however, would send a message
via a blocking socket to init for each property that it received,
since init may need to take action depending on which property it is.
Unfortunately, this means that the deadlock is still possible, the
only difference is the socket's buffer must be filled before init deadlocks.

There are possible partial solutions here: the socket's buffer may be
increased or property_service may only send messages for the
properties that init will take action on, however all of these
solutions still lead to eventual deadlock.  The only complete solution
is to handle these messages asynchronously.

This change, therefore, adds the following:
1) A lock for instructing init to reboot
2) A lock for waiting on properties
3) A lock for queueing new properties
4) A lock for any actions with ServiceList or any Services, enforced
   through thread annotations, particularly since this code was not
   designed with the intention of being multi-threaded.

Bug: 146877356
Bug: 148236233
Test: boot
Test: kill hwservicemanager without deadlock
Merged-In: I84108e54217866205a48c45e8b59355012c32ea8
Change-Id: I84108e54217866205a48c45e8b59355012c32ea8
(cherry picked from commit 7205c62933)
2020-03-02 11:08:50 -08:00
Tom Cherry
eb04526a1e Refactor libinit_test_utils to not use libinit and expose its libraries
Users of libinit_test_utils must include all libraries that it uses.
If it uses libinit, then there is a large number of libraries that
must be included.  To avoid this, make libinit_test_utils only use
init_common_sources and the small number of required libraries that go
along with those sources.  Additionally, expose these sources as a
default for users of libinit_test_utils.

Bug: 148236233
Test: build
Merged-In: I224fa7e0590d073e4cd40412b5dcb6f72a64b6bf
Change-Id: I224fa7e0590d073e4cd40412b5dcb6f72a64b6bf
(cherry picked from commit a2f9136b2c)
2020-03-02 11:08:26 -08:00
Tom Cherry
66196495f2 init: group source files better in Android.bp
Test: build
Change-Id: I780a82122a08840257c44bff0b93ea6b25f0b2f0
2020-02-06 12:03:05 -08:00
Jiyong Park
648ae3a9d3 Use apex name in apex_manifest.pb as the mount point
When bind-mounting flattened APEX, use the apex name found in
apex_manifest.pb as the mount point, instead of the directory name which
might be different from apex name in case when the apex is overridden.

This allowed us to remove the special casing for the ART apex since we
/system/apex/com.android.art.release will be mounted to
/apex/com.android.art instead of /apex/com.android.art.release.

Bug: N/A
Test: m
Test: OVERRIDE_TARGET_FLATTEN_APEX=true m, device is bootable
Change-Id: Ibdde7002b9078db390e6672b0eb82c474925451d
2019-12-16 11:31:50 +09:00
Nikita Ioffe
23dbd6dc11 Make userspace_reboot.in_progress sysprop-as-api
sys.init.userspace_reboot.in_progress will be used to notify all
the processes (including vendor ones) that userspace reboot is
happening, hence it should be treated as stable public api.

All other sys.init.userspace_reboot.* props will be internal to /system
partition and don't require any stability guarantees.

Test: builds
Test: adb reboot userspace
Bug: 135984674
Change-Id: Ifb64a6bfae2de76bac67edea68df44e33c9cfe2d
2019-11-15 20:07:58 +00:00
Tom Cherry
e91c76b210 Merge "init: check property type in host_init_verifier" 2019-11-13 18:41:17 +00:00
Tom Cherry
47cdf6c078 Merge "Move init and ueventd scripts from / to /system/etc" 2019-11-13 14:36:47 +00:00
Tom Cherry
b5f2ec06f5 init: check property type in host_init_verifier
We have all of the 'type' information for properties available during
build time, so let's check this when setting properties in init.

Test: setprop apexd.status bad results in:
host_init_verifier: Command 'setprop apexd.status bad'
(out/soong/.intermediates/system/core/rootdir/init.rc/android_x86_core/init.rc:927)
failed: Property type check failed, value doesn't match expected type
'enum starting ready'
host_init_verifier: Failed to parse init script
'out/soong/.intermediates/system/core/rootdir/init.rc/android_x86_core/init.rc'
with 1 errors
Test: CF builds without that error

Change-Id: Iaad07747c09f4a10b2b816c455d6e8a485357ab9
2019-11-12 10:19:21 -08:00
Tom Cherry
c9f5353ad3 Move init and ueventd scripts from / to /system/etc
There is no reason for these scripts to continue to exist in /, when
they are better suited for /system/etc.  There are problems keeping
them at / as well, particularly that they cannot be updated with
overlayfs.

Bug: 131087886
Bug: 140313207
Test: build/boot
Merged-In: I043d9a02ba588ca37ceba2c4e28ed631792b2586
Change-Id: I043d9a02ba588ca37ceba2c4e28ed631792b2586
2019-11-08 10:15:49 -08:00
Suren Baghdasaryan
c29c2baa69 init: Add support for native service registration with lmkd
init should be able to register native services with lmkd so that they
can be killed when needed. Only processes with oom_score_adjust not
equal to the default -1000 will be registered with lmkd because with the
score that low the process is unkillable anyway.
Inform lmkd when a registered process is killed so that the record can be
removed.
Change init.rc to start lmkd during init phase so that it is there to
register other services.
Replace hardcoded oom_score_adj values with appropriate definitions.

Bug: 129011369
Test: boot and verify native service registration
Change-Id: Ie5ed62203395120d86dc1c8250fae01aa0b3c511
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-11-07 18:19:31 +00:00
Paul Crowley
7160fc1139 fs_mgr: Add stable_inodes flag to encrypted ext4
Also put libfscrypt into fs_mgr via whole_static_libs
since it's now a dependency.

Bug: 143307095
Test: we can use the inline policy on it
Change-Id: I82d7d5330abef76ce82accea25d2663748e87a8b
2019-10-30 13:35:48 -07:00
Steven Moreland
5d9cdae3f3 Merge "host_init_verifier: use libhidlmetadata" 2019-10-23 23:07:30 +00:00
David Anderson
dfe6d07a4b Integrate libsnapshot with the boot control HAL.
This patch translates UpdateState states into a MergeStatus from
IBootControl 1.1, and asks the HAL to store it. Unfortunately this patch
has to work around a few issues.

The first issue is that Soong doesn't allow including only the headers
from a HAL. The second issue is that entraining the headers requires
linking to libraries that would otherwise not be needed in init.

To address this, we now have three ways of linking to libsnapshot:
  1. libsnapshot - Has access to gsid and HALs.
  2. libsnapshot_nobinder - Has access to HALs, but not binder (for
                            recovery).
  3. libsnapshot_init - Does not use binder or HALs.

The HAL code is #ifdef'd behind LIBSNAPSHOT_USE_HAL and we make use of
forward declarations and dependency injection to minimize its spread.

Bug: 139154945
Test: libsnapshot_test gtest
Change-Id: I21ffd8a79a43d0589f2f71f346ac1b019584a183
2019-10-16 16:09:38 -07:00
Steven Moreland
422a758568 host_init_verifier: use libhidlmetadata
Since it's available in C++, it's easier to build host_init_verifier
with this than create a new way to export the json file.

Bug: 141567104
Test: manually change hidl interface in a manifest
host_init_verifier: system/core/rootdir/init.rc: 69:
host_init_verifier: Interface is not in the known set of hidl_interfaces: 'android.hardwar.edne@1.0::IFoo'. Please ensure the interface is spelled correctly and built by a hidl_interface target.
Change-Id: Ic73dcb51855cb751734bc497d8e69f379966c511
2019-10-15 14:59:18 -07:00
Tobias Thierer
1be2a2ce8d init: drop unused direct dependency on libcrypto.so
When I previously tried this in https://r.android.com/1108553 , it broke on
some targets but I think that may have been fixed. I'm trying it again now
to see if this now passes treehugger and sticks.

Note: There is still an indirect dependency via libfs_mgr.

Bug: 137267623
Test: Treehugger
Change-Id: I2d8b909e451bb64a1eb0719a145dfd74da1dcbad
2019-10-07 19:34:16 +00:00
Elliott Hughes
f3a5ab8b1d Merge "Remove the global seccomp option." 2019-09-17 20:21:09 +00:00
Tom Cherry
dcb3d15611 ueventd: allow using external firmware handlers
Userspace may want to load a different firmware than the one that the
kernel requests in some cases, therefore this change adds the ability
to ueventd to run an external handler that will determine the name of
the file that should actually be loaded.

Bug: 138352500
Test: unit tests
Change-Id: Ic5da37268fd78109f83ae52d1b903bf7322a5ee5
2019-09-12 12:57:22 -07:00
Tom Cherry
4e46a33c70 Merge "Reland^2: "init: run property service in a thread"" 2019-09-10 17:04:57 +00:00
Tom Cherry
1ab3dfcab4 Reland^2: "init: run property service in a thread"
It's been a long standing issue that init cannot respond to property
set messages when it is running a builtin command.  This is
particularly problematic when the commands involve IPC to vold or
other daemons, as it prevents them from being able to set properties.

This change has init run property service in a thread, which
eliminates the above issue.

This change may also serve as a starting block to running property
service in an entirely different process to better isolate init from
handling property requests.

Reland: during reboot, init stops processing property_changed messages
from property service, since it will not act on these anyway.  This
had an unexpected effect of causing future property_set calls to block
indefinitely, since the buffer between init and property_service was
filling up and the send() call from property_service would then
block.  This change has init tell property_service to stop sending it
property_changed messages once reboot begins.

Test: CF boots, walleye boots, properties are set appropriately
Change-Id: I26902708e8be788caa6dbcf4b6d2968d90962785
2019-09-05 14:42:58 -07:00
Elliott Hughes
4e6bf2510f Remove the global seccomp option.
Added in af1a9bfb8f, but it's never been
used in practice because of the performance impact, and it's incompatible
with our ability to add new system calls via a bionic module update
because it defaults to disabling all unknown syscalls, and init will
still be using the non-updated bootstrap libc from when it first shipped.

Test: treehugger
Change-Id: I8e396675fcfaf0218a92f464d15e613f43319305
2019-09-04 21:16:26 -07:00
Tobias Thierer
1136f1592a Init: Run boringssl self test via separate binaries.
Instead of init.cpp knowning about the boringssl self
test, use init.rc to exec dedicated self test executables.

Advantages:
 - The self test is run not only both the copy of libcrypto
   in /system but also /apex/com.android.conscrypt.
 - The self test is run not only for the primary (e.g. 64bit)
   ABI but also for a secondarry (e.g. 32bit) ABI.
 - The dependency on libcrypto is kept to the self test binary.
 - The self test binary abstracts the exact native API for
   running the self test (this will change soon because the
   self test will be run when the library is loaded).

Bug: 137267623
Test: Check that logcat shows both binaries being started as root,
      and finishing with exit code 0.

Change-Id: I1e716749ee2133993f0f7b2836483391fd1a62f0
2019-09-05 01:41:08 +01:00
Tom Cherry
4adbd2905a Merge "Revert "Reland: "init: run property service in a thread""" 2019-08-28 17:50:00 +00:00
Tom Cherry
3da2ba6d4a Revert "Reland: "init: run property service in a thread""
This reverts commit 8efca4bbb3.

Reason for revert: Still broken

Change-Id: I3b37b1b00ff4b19f2eec2d8bd72042463d47cee3
2019-08-28 17:47:49 +00:00
Tom Cherry
34f2537393 Merge "Reland: "init: run property service in a thread"" 2019-08-28 15:01:34 +00:00
Josh Gao
6cad139bcc Mark some tests as requiring root.
Bug: http://b/140123924
Test: mma
Change-Id: I3ad277179018631c50d9295cdb173dd9dfa7ac59
2019-08-27 16:09:32 -07:00
Yifan Hong
8d168c3321 Merge "init: Add first-stage init support for snapshot-based partitions." 2019-08-27 01:56:41 +00:00
Tom Cherry
8efca4bbb3 Reland: "init: run property service in a thread"
It's been a long standing issue that init cannot respond to property
set messages when it is running a builtin command.  This is
particularly problematic when the commands involve IPC to vold or
other daemons, as it prevents them from being able to set properties.

This change has init run property service in a thread, which
eliminates the above issue.

This change may also serve as a starting block to running property
service in an entirely different process to better isolate init from
handling property requests.

Test: CF boots, walleye boots, properties are set appropriately
Change-Id: I13b8bf240c9fcb1d2d5890a8be2f0ef74efd4adf
2019-08-26 17:08:41 -07:00
Treehugger Robot
e3cd3badbd Merge "Move fscrypt_init_extensions into system/core" 2019-08-26 23:24:54 +00:00
Tom Cherry
eb94026231 Merge "Revert "init: run property service in a thread"" 2019-08-26 19:47:02 +00:00
Paul Crowley
052f31c678 Move fscrypt_init_extensions into system/core
Bug: 140027478
Test: treehugger
Change-Id: I9f8b76a501be0b261b6fdd1da98447601e0fd32b
2019-08-26 10:33:17 -07:00
Tom Cherry
f451426205 Revert "init: run property service in a thread"
This reverts commit 26f5e7da3a.

Reason for revert: bluecross boot stability issue

Bug: 140009641
Change-Id: I7ddb9509dfb2c6f644037129aa9d3fb9ff1740aa
2019-08-26 16:33:40 +00:00
Tom Cherry
88eedafbe1 Merge "Add init_tests to CTS" 2019-08-22 22:53:56 +00:00
Tom Cherry
afe45ab5f2 Merge changes Id9534a59,I3ee81536
* changes:
  init: run property service in a thread
  Revert "init: Handle properties in the background of calling fs_mgr"
2019-08-22 17:24:18 +00:00
Tom Cherry
17b2be05a2 Add init_tests to CTS
Test: atest CtsInitTestCases
Test: Cts in presubmit still passes
Change-Id: Ic16dafbaacfbace904947bd3ce2b8586f981348f
2019-08-22 08:37:55 -07:00
David Anderson
c8edf84d45 init: Add first-stage init support for snapshot-based partitions.
Note that /metadata must now be mounted before CreateLogicalPartitions()
is called. This is because SnapshotManager overrides the default
partitioning scheme, and the only way to tell if a SnapshotManager is
needed is via the metadata partition.

Bug: 139204329
Test: manual test
Change-Id: I812df6c4c0d4d8753b1516f63dc70c5bc3e1c09c
2019-08-21 12:27:56 -07:00
Tom Cherry
26f5e7da3a init: run property service in a thread
It's been a long standing issue that init cannot respond to property
set messages when it is running a builtin command.  This is
particularly problematic when the commands involve IPC to vold or
other daemons, as it prevents them from being able to set properties.

This change has init run property service in a thread, which
eliminates the above issue.

This change may also serve as a starting block to running property
service in an entirely different process to better isolate init from
handling property requests.

Test: CF boots, walleye boots, properties are set appropriately
Change-Id: Id9534a5916abb2f7d2a49cda54e33c1b69c50c2f
2019-08-21 08:26:09 -07:00
Yi Kong
0f6537c437 Fix ODR violation
host_init_verifier statically links libprocessgroup, which has shared
dependency on libjsoncpp. Right now it also has shared dependency on
libjsoncpp, resulting in ODR violation:

 ERROR: AddressSanitizer: odr-violation (0x7fce895f3220):
 [1] size=8 'Json::kNullRef' external/jsoncpp/src/lib_json/json_value.cpp:37:22
 [2] size=8 'Json::kNullRef' external/jsoncpp/src/lib_json/json_value.cpp:37:22
 These globals were registered at these points:
 [1]:
 #0 0x56276926ef0d (/usr/local/google/buildbot/src/android/master/out/host/linux-x86/bin/host_init_verifier+0xd1f0d)
 #1 0x7fce894ac1d9 (/lib64/ld-linux-x86-64.so.2+0x101d9)

 [2]:
 #0 0x56276926ef0d (/usr/local/google/buildbot/src/android/master/out/host/linux-x86/bin/host_init_verifier+0xd1f0d)
 #1 0x7fce894ac1d9 (/lib64/ld-linux-x86-64.so.2+0x101d9)

Move host_init_verifier to libjsoncpp_headers to fix the ODR violation.

Bug: 139546461
Bug: 131328001
Test: Run ASAN host_init_verifier
Change-Id: I54a51138d61fff37f092ffaa0758817600a0af9d
2019-08-18 17:57:35 -07:00
Daniel Norman
d2533c3395 Adds check_interface_{restart,start,stop} check_builtins.
Includes refactoring out interface inheritance hierarchy logic to a new
interface_utils file.

Bug: 137397100
Test: 'm' with an init_rc that misspells an interface in an
interface_start, interface_restart, or interface_stop line.
Change-Id: I9f650289d64ae2b13435a81e1693c7ab5e6e9ecf
2019-08-06 11:10:42 -07:00
Daniel Norman
fb54b74fa0 Merge changes from topic "services_serve_interfaces_test"
* changes:
  Adds new property for service name -> PID.
  Adds a library to parse service info from init_rc files for use in tests.
  Adds a visibility rule for init defaults.
2019-08-02 21:51:17 +00:00
Tom Cherry
4772f1da47 init: check the arguments of builtins during the build
Host init verifier already checks that the names and number of
arguments for builtins are correct, but it can check more.  This
change ensures that property expansions are well formed, and that
arguments that can be parsed on the host are correct.  For example it
checks that UIDs and GIDs exist, that numerical values can be parsed,
and that rlimit strings are correct.

Test: build

Change-Id: Ied8882498a88a9f8324db6b8d1020aeeccc8177b
2019-08-01 10:54:47 -07:00
Daniel Norman
8082ba2f77 Adds a visibility rule for init defaults.
Also ran bpfmt on the file.

Test: n/a
Change-Id: I33f6233a031462debe295ab5576dd75c948ae081
2019-07-31 11:33:35 -07:00
Treehugger Robot
a19f51eccc Merge "Reserve 'init'." 2019-07-16 02:35:29 +00:00
Treehugger Robot
100e8ffbcd Merge "Remove obsolete subdirs entry." 2019-07-16 02:02:40 +00:00
Steven Moreland
4c79df91a9 Remove obsolete subdirs entry.
Change-Id: I3327df74179d2ba1ffd66da59e5196f34dfe3974
Bugs: me
Test: N/A
2019-07-15 15:14:34 -07:00
Steven Moreland
ceb36d08f4 Reserve 'init'.
This makes `pathmod init` and `gomod init` work, and it also reserves
the 'init' for potential future usage.

Change-Id: I6990bf421211b93d58d978d84d46474ff243e808
Bugs: me
Test: pathmod init; gomod init
2019-07-15 15:12:56 -07:00
Tom Cherry
2e4c85f157 init: clean up file / socket descriptor creation
clang-tidy hinted that some of this code wasn't right.  Looking
deeper, there is really not much related to file and socket
descriptors, except that they're published in similar ways to the
environment.  All of the abstraction into a 'Descriptor' class takes
us further away from specifying what we really mean.

This removes that abstraction, adds stricter checks and better errors
for parsing init scripts, reports sockets and files that are unable to
be acquired before exec, and updates the README.md for the passcred
option.

Test: build, logd (uses files and sockets) works
Change-Id: I59e611e95c85bdbefa779ef69b32b9dd4ee203e2
2019-07-15 12:17:30 -07:00
Daniel Norman
4b505fe3a8 Merge "Checks the interface inheritance hierarchy in init_rc files." 2019-07-12 18:01:46 +00:00
Daniel Norman
3f42a767cd Checks the interface inheritance hierarchy in init_rc files.
Bug: 118016875
Test: Added 'interface' lines to an init_rc file and observed errors
when misspelled or missing entire inheritance hierarchy.
Change-Id: I681420f15539742d8415808b2a0dcbf0bf6faaf1
2019-07-11 14:43:11 -07:00
Steven Moreland
4280165ae0 Merge "Remove binder dependency in init." 2019-07-11 20:56:12 +00:00
Steven Moreland
4ee27039e0 Remove binder dependency in init.
- unused
- using binder requires twoway calls (since getting a service from
    servicemanager requires two calls)

Bug: 135768100
Test: N/A
Change-Id: Idc41f487bad2d8343e99ded98812f3a84e2b8e37
2019-07-10 17:01:31 +00:00