Commit graph

32 commits

Author SHA1 Message Date
Jooyung Han
566c65239f Use /bootstrap-apex for bootstrap APEXes
This new directory is bind-mounted to /apex in the bootstrap mount
namespace so that apexd-bootstrap mounts bootstrap APEXes there via
/apex.

The directory is shared between two mount namespaces, hence visible
in the default mount namespace.

Bug: 290148078
Test: VendorApexHostTestCases
Change-Id: I841480e41be8def5a4c6a4aa874c4e21465a71d3
2023-08-09 17:27:39 +09:00
Jooyung Han
840691be71 Revert "Use /bootstrap-apex for bootstrap APEXes"
Revert submission 2666915-share-bootstrap

Reason for revert: b/293949266 vold_prepare_subdirs fails to create apexdata directories.

Reverted changes: /q/submissionid:2666915-share-bootstrap

Change-Id: I3e97e8511755844de4b54f51ff20afc154bd8e74
2023-08-01 09:06:47 +00:00
Jooyung Han
201801ce8e Use /bootstrap-apex for bootstrap APEXes
This new directory is bind-mounted to /apex in the bootstrap mount
namespace so that apexd-bootstrap mounts bootstrap APEXes there via
/apex.

The directory is detached from /apex in the default mount namespace but
still visible in case bootstrap APEXes are needed.

However, there are (mostly, virtual) devices which don't need two mount
namespaces. Those devices don't need to make /bootstrap-apex directory
at all.

Bug: 290148078
Test: atest VendorApexHostTestCases
Test: atest MicrodroidTests
Change-Id: I541cec71d9970b14971d46e01e4808b23590dbed
2023-07-31 18:16:46 +09:00
Jooyung Han
918971c69e No need to read ro.apex.updatable now
Bug: 288202251
Test: m
Test: device boots
Change-Id: I97a3c2fab69489cdfbb5103b148194d7e2ee4d1a
2023-06-23 14:22:44 +09:00
Jooyung Han
5eb441caca Respect namespace mnt
This fixes the regression of aosp/2153354.
SwitchToMountNamespaceIfNeeded() is supposed to switch between "default"
mount namespace and "bootstrap" mount namespace. But it shouldn't affect
services with its own mount namespace.

Bug: 239882455
Test: make a hal service start in a separate mount namespace
    using 'namespace mnt' in its definition.
    see the mount namespace of the service process
    $ cat /proc/$(pgrep -f myservice)/ns/mnt
Change-Id: I8c80eaec723241c405f48980b9e88640123c43ad
2022-07-23 01:41:18 +09:00
Jiyong Park
3b3d87de79 Don't create vendor_init in microdroid
vendor_init is a subcontext of init which is responsible for handling
the vendor-defined services and vendor-defined actions. This is mainly
to enforce the Treble architecture in which the vendor components are
provided with a less-privileged context than the system components
because they are less-trusted.

However, in case of microdroid, both the system and the vendor
partitions are from the same entity. As VMs don't have direct access to
any of the underlying hardware, the vendor partition is targeting the
virtual platform, not the real hw platform. There really is no need for
the discrimination.

This CL disables the creation of the vendor_init subcontext when init
runs in microdroid.

Bug: 201363575
Test: atest MicrodroidHostTestCases
Change-Id: Ie5e47d84e9e245565239b4f2159e8182b457699d
2021-09-29 21:35:08 +09:00
Shikha Malhotra
720694dcca Move flattened APEX activation logic to apexd.
Also the check that linker configuration should not be updated if APEX
is in updatable state, is removed as now with refactoring of code and its
movement to apex project, that is also needed.

Resolves: https://b.corp.google.com/issues/192838499
Test: Run the AVD Device and check that it boots and run atest
ApexTestCases

Change-Id: I80a94fa0a4145d30546bb34a6d478a20a2881368
2021-08-05 19:57:21 +00:00
Jooyung Han
653b063871 init: no bootstrap mount namespace for microdroid
The reason for two mount namespace (bootstrap/default) is that we have
two sets of different APEXes to activate. But in microdroid, we don't
need two separate mount namespaces because there's only one set of
non-updatable APEXes in built-in directories and payloads (passed from
host Android).

Bug: 185991357
Test: MicrodroidHostTestCases
Change-Id: I4469f3b1d90f9543ecb980a450eaaf1c20b94c58
2021-07-29 17:11:23 +09:00
Nikita Ioffe
1f662999e3 Also populate lastUpdateMillis in ActivateFlattenedApexesIfPossible
Test: m
Bug: 192647837
Change-Id: I11dca132168d6a30372d7a68fe590894d3cc5ccf
2021-07-05 16:44:03 +01:00
Kiyoung Kim
0cbee0de2a Check if service is executed before APEX is ready
Any service which is executed when Runtime apex is mounted, but
linkerconfig is not updated can fail to be executed due to missing
information in ld.config.txt. This change updates init to have a status
variable which contains if current mount namespace is default
and APEX is not ready from ld.config.txt, and use bootstrap namespace if
it is not ready.

Bug: 181348374
Test: cuttlefish boot succeeded
Change-Id: Ia574b1fad2110d4e68586680dacbe6137186546e
2021-03-05 16:42:20 +09:00
Adrian DC
9449583bc3 init: Sort the list of flattened APEX folders to avoid variations
* In 'ActivateFlattenedApexesFrom', the 'readdir' detects
   the APEX folders in a random way that depends on filesystems,
   built packages and order of the build chain

 * In normal cases, this is not an issue, however when building
   with Go configurations, we have a case where the package
   'com.android.tethering.inprocess' is built along the
   'com.android.tethering' overriden binary, and depending on
   the 'readdir' output, the mounts break the Tethering service

Change-Id: I8ac4a0284d8d885f732c71e846933869cf16a0bd
Signed-off-by: Adrian DC <radian.dc@gmail.com>
2020-12-30 22:41:33 +01:00
Elliott Hughes
e79b8c2092 Cleanup for #inclusivefixit.
Test: treehugger
Change-Id: I651689e2d59c017a9bde44251d95b57e594f0b5b
2020-07-28 11:09:03 -07:00
Jooyung Han
1d951b7700 init: generate apex-info-list.xml
If a device doesn't support unflattened APEXes, init activates flattened
APEXes instead of apexd.

Because apexd dumps apex-info-list.xml after it activates all APEXes,
init should do the same thing.

Bug: 159585065
Test: lunch aosp_cf_x86_phone_noapex & m & boot
      adb more /apex/apex-info-list.xml
      adb shell ls -lZ /apex/apex-info-list.xml
       -> -rw-rw-rw- 1 root root u:object_r:apex_info_file:s0 ..
Change-Id: I74a4d0ee363761564225097c5949e5ce335ac6dc
2020-07-05 00:12:04 +00:00
Jooyung Han
4f23d5a236 init: start ueventd in the default mount namespace
Init starts ueventd in the default mount namespace to support loading
firmware from APEXes.

Bug: 155023652
Test: devices boots
      adb$ nsenter -t (pid of ueventd) -m ls /apex
      => shows all APEXes
Change-Id: Ibb8b33a07eb014752275e3bca4541b8b694dc64b
2020-06-11 15:10:40 +09:00
Ricky Wai
a4c163d734 Add /mnt/androidwritable for MOUNT_EXTERNAL_ANDROID_WRITABLE apps
Bug: 153540919
Test: Able to boot without errors
Change-Id: If206e5e3d76a7919b7468bc2d9666b3aff296b3b
Merged-In: If206e5e3d76a7919b7468bc2d9666b3aff296b3b
2020-04-21 12:16:43 +01:00
Tom Cherry
832f9f1dbd Revert "init: handle property service callbacks asynchronously"
This is apparently causing problems with reboot.

This reverts commit 7205c62933.

Bug: 150863651
Test: build
Change-Id: Ib8a4835cdc8358a54c7acdebc5c95038963a0419
2020-03-10 11:53:11 -07:00
Tom Cherry
459ca0be74 Revert "Stop & Resume property service when switching to bootstrap namespace"
Dependent change was reverted.

This reverts commit 352ae2d225.

Bug: 150863651
Test: build
Change-Id: I2e11b782fcd2b7baded133a841fdcf519f702b84
2020-03-10 11:48:24 -07:00
Nikita Ioffe
6963f81a2b Stop & Resume property service when switching to bootstrap namespace
Test: atest CtsUserspaceRebootHostSideTestCases
Bug: 149745936
Change-Id: I9d30b75f4b4177175ce086c3b6a7c0bba9a17396
2020-02-28 11:37:22 +00:00
Tom Cherry
7205c62933 init: handle property service callbacks asynchronously
A previous change moved property_service into its own thread, since
there was otherwise a deadlock whenever a process called by init would
try to set a property.  This new thread, however, would send a message
via a blocking socket to init for each property that it received,
since init may need to take action depending on which property it is.
Unfortunately, this means that the deadlock is still possible, the
only difference is the socket's buffer must be filled before init deadlocks.

There are possible partial solutions here: the socket's buffer may be
increased or property_service may only send messages for the
properties that init will take action on, however all of these
solutions still lead to eventual deadlock.  The only complete solution
is to handle these messages asynchronously.

This change, therefore, adds the following:
1) A lock for instructing init to reboot
2) A lock for waiting on properties
3) A lock for queueing new properties
4) A lock for any actions with ServiceList or any Services, enforced
   through thread annotations, particularly since this code was not
   designed with the intention of being multi-threaded.

Bug: 146877356
Bug: 148236233
Test: boot
Test: kill hwservicemanager without deadlock
Change-Id: I84108e54217866205a48c45e8b59355012c32ea8
2020-02-20 14:58:06 -08:00
Bernie Innocenti
cecebbbacc Convert system/core to Result::ok()
No functionality changes, this is a mechanical cleanup.

Test: m
Test: cd system/core && atest
Change-Id: Ifdaa3ce1947ed578f656d5a446978726eb416c36
2020-02-06 17:04:27 +00:00
Satoshi Niwa
1eb300dca5 init: Fix a bug in MountDir
mkdir always returns -1 for any types of errors.
errno should be checked for actual error type.

Test: m
Change-Id: I1b56d48ba48992a2f9629dc09d795c277b5b774d
2020-01-20 18:00:49 +09:00
Martijn Coenen
c70c0665fc init: Bind mount /mnt/installer early for scoped storage.
Scoped storage has some unique requirements that are hard to implement
with the two mount namespaces, because the daemon that does the mounting
(vold) lives in a different namespace than the processes using those
mounts.

In particular, /mnt/installer is a special bind mount that should
receive mount events under /mnt/user, but at the same time only
only propagate mount events under /mnt/installer to /mnt/installer in
the other namespace. More details in the code.

Bug: 134706060
Test: /mnt/installer shows up and is setup correctly.
Change-Id: I6dab5ace5a345d9d684a9f1ae94c833fc294d49e
2020-01-11 15:07:21 +01:00
Kiyoung Kim
e4d3f2123f Generate linkerconfig per mount namespaces
There are two namespaces from init - bootstrap and default - and those
will have different set of APEX modules. To support difference between
two namespaces, linker config should be generated per namespace and each
namespace should use its own linker configuration. As a first step of
the work, this change will create different mount point for each
namespace, and re-generate linker config after APEX mount from each
namespaces.

Bug: 144664390
Test: m -j passed & tested from cuttlefish
Change-Id: Iac2e222376ec4b0ced6c29eed18b21d39ff0b1ba
2019-12-20 09:46:59 +09:00
Jiyong Park
648ae3a9d3 Use apex name in apex_manifest.pb as the mount point
When bind-mounting flattened APEX, use the apex name found in
apex_manifest.pb as the mount point, instead of the directory name which
might be different from apex name in case when the apex is overridden.

This allowed us to remove the special casing for the ART apex since we
/system/apex/com.android.art.release will be mounted to
/apex/com.android.art instead of /apex/com.android.art.release.

Bug: N/A
Test: m
Test: OVERRIDE_TARGET_FLATTEN_APEX=true m, device is bootable
Change-Id: Ibdde7002b9078db390e6672b0eb82c474925451d
2019-12-16 11:31:50 +09:00
Kiyoung Kim
99df54be93 Move linker config under /linkerconfig
Currently linker config locates under /dev, but this makes some problem
in case of using two system partitions with chroot. To match system
image and configuration, linker config better stays under /linkerconfig

Bug: 144966380
Test: m -j passed && tested from cuttelfish
Change-Id: Iaae5af65721eee8106311c1efb4760a9db13564a
2019-12-09 19:45:11 +09:00
Jooyung Han
5bb9d2133a Bind-mount individual flattened APEXes
There are a few directories for builtin APEXes: /system/apex,
/system_ext/apex, /product/apex, /vendor/apex.

For devices with ro.apex.updatable=false, init should bind-mount
"flattened" apexes from all of above.

Bug: 144732372
Test: OVERRIDE_TARGET_FLATTEN_APEX=true m && device boot
Change-Id: If151145e6e3d966b202300ff3a0ddb5ec9fdaa87
2019-11-25 19:53:24 +09:00
Martin Stjernholm
df96e1f25c Update paths and names for the new ART APEX.
Test: Build & boot
Test: atest CtsJniTestCases
Bug: 135753770
Exempt-From-Owner-Approval: Approved internally
Change-Id: Ic59b7bc8aae7ce521cf3ec9df4ab72aa611d0b75
Merged-In: Ic59b7bc8aae7ce521cf3ec9df4ab72aa611d0b75
2019-08-30 17:47:31 +01:00
Jiyong Park
d7f7c208da Don't use apexd when TARGET_FLATTEN_APEX == true
When TARGET_FLATTEN_APEX is true (= ro.apex.updatable is unset or set to
false), apexd is not used to activate the built-in flattened APEXes.
Init simply bind-mounts /system/apex to /apex.

However, there is a special case here. The runtime APEX is installed as
either /system/apex/com.android.runtime.debug or
/system/apex/com.android.runtime.release, whereas it should be activated
on /apex/com.android.runtime - without the .debug or .release suffix.
To handle that case, the build system creates an empty directory
/system/apex/com.android.runtime and the .debug or .release directory
is bind-mounted to the empty directory by init at runtime.

This change also fixes a minor bug that native watchdog is triggered
for all post-apexd processes regardless of whether ro.apex.updatable
is true or not. Since apexd is expected to shutdown itself when ro.apex
.updatable is false, we don't trigger the watchdog in that case.

Bug: 132413565
Bug: 133305381
Test: marlin and sdk_gphone are bootable
Merged-In: I219465b8b81decb960e2c5f46bab6e0768b31317
Change-Id: I219465b8b81decb960e2c5f46bab6e0768b31317
(cherry picked from commit f93088ba2b)
2019-05-29 07:04:27 +09:00
Jiyong Park
7b4801a921 Don't bind-mount bionic files
Bind-mounting of the bionic files on /bionic/* paths no longer required
as there are direct symlinks from bionic files in /system partition to
the corresponding bionic files in the runtime APEX. e.g.,

/system/lib/libc.so -> /apex/com.android.runtime/lib/bionic/libc.so

Bug: 125549215
Test: m; devices boots
Change-Id: I4a43101c3e3e2e14a81001d6d65a8a4b727df385
2019-03-14 07:35:54 +09:00
Jiyong Park
8502ed308d Access apex sysprops via the generated API
Bug: 125549215
Test: m
Change-Id: Ie9b0aa5eec5931da3512d77613b034e5bd760f3e
2019-03-05 16:22:55 +09:00
Jiyong Park
dcbaf9f41b Activate system APEXes early
Summary: Boot sequence around apexd is changed to make it possible for
pre-apexd processes to use libraries from APEXes. They no longer need to
wait for the apexd to finish activating APEXes, which again can be
done only after /data/ is mounted. This improves overall boot
performance.

Detail: This change fixes the problem that processes that are started
before apexd (so called pre-apexd processes) can't access libraries
that are provided only by the APEXes but are not found in the system
partition (e.g. libdexfile_external.so, etc.). Main idea is to activate
system APEXes (/system/apex/*.apex) before /data is mounted and then
activate the updated APEXes (/data/apex/*.apex) after the /data mount.

Detailed boot sequence is as follows.

1) init prepares the bootstrap and default mount namespaces. A tmpfs is
mounted on /apex and the propagation type of the mountpoint is set to
private.

2) before any other process is started, apexd is started in bootstrap
mode. When executed in the mode, apexd only activates APEXes under
/system/apex. Note that APEXes activated in this phase are mounted in
the bootstrap mount namespace only.

3) other pre-apexd processes are started. They are in the bootstrap
mount namespace and thus are provided with the libraries from the system
APEXes.

4) /data is mounted. init switches into the default mount namespace and
starts apexd as a daemon as usual.

5) apexd scans both /data/apex and /system/apex, and activate latest
APEXes from the directories. Note that APEXes activated in this phase
are mounted in the default namespaces only and thus are not visible to
the pre-apexd processes.

Bug: 125549215
Test: m; device boots
Change-Id: I21c60d0ebe188fa4f24d6e6861f85ca204843069
2019-03-05 09:47:49 +09:00
Jiyong Park
6866041ff0 Proper mount namespace configuration for bionic
This CL fixes the design problem of the previous mechanism for providing
the bootstrap bionic and the runtime bionic to the same path.

Previously, bootstrap bionic was self-bind-mounted; i.e.
/system/bin/libc.so is bind-mounted to itself. And the runtime bionic
was bind-mounted on top of the bootstrap bionic. This has not only caused
problems like `adb sync` not working(b/122737045), but also is quite
difficult to understand due to the double-and-self mounting.

This is the new design:

Most importantly, these four are all distinct:
1) bootstrap bionic (/system/lib/bootstrap/libc.so)
2) runtime bionic (/apex/com.android.runtime/lib/bionic/libc.so)
3) mount point for 1) and 2) (/bionic/lib/libc.so)
4) symlink for 3) (/system/lib/libc.so -> /bionic/lib/libc.so)

Inside the mount namespace of the pre-apexd processes, 1) is
bind-mounted to 3). Likewise, inside the mount namespace of the
post-apexd processes, 2) is bind-mounted to 3). In other words, there is
no self-mount, and no double-mount.

Another change is that mount points are under /bionic and the legacy
paths become symlinks to the mount points. This is to make sure that
there is no bind mounts under /system, which is breaking some apps.

Finally, code for creating mount namespaces, mounting bionic, etc are
refactored to mount_namespace.cpp

Bug: 120266448
Bug: 123275379
Test: m, device boots, adb sync/push/pull works,
especially with following paths:
/bionic/lib64/libc.so
/bionic/bin/linker64
/system/lib64/bootstrap/libc.so
/system/bin/bootstrap/linker64
Change-Id: Icdfbdcc1efca540ac854d4df79e07ee61fca559f
2019-01-30 19:18:22 +09:00