The first-stage init has been built in Make due to some requirements
(like placing it directly under the root directory rather than bin/, and
creating mountpoints like /proc, etc.) that are not supported in Soong.
However, Ie06dc5a93635ea8b1e18be517ed8615b6c82fee6 will make it possible
to satisfy the requirements in Soong. The build of the boot image is
done in Soong and we can create mount points using the `dirs` property
and create a symlink /init that points to /bin/init_vendor using the
`symlinks` property.
To complete the picture of build everying in Soong, this change adds a
Soong-version of the first-stage init.
Note that the Soong-based boot image creation is currently only for the
microdroid usecase. Therefore, the Android.mk-based first-stage init
still remains and will be removed later.
Bug: 178562516
Test: m init_first_stage_soong
Change-Id: I278cb60a11d94fb48341fd3592be0652a25bdbfb
When there is a transition of daemon from selinux stage, we observe
intermittent hangs during OTA. This is a workaround wherein
we don't do the transition and allow the daemon to continue which
was spawned during selinux stage.
Bug: 179331261
Test: Incremental OTA, full OTA on pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I622a0ed8afcd404bac4919b1de00728de2c12eaf
This has been something the kernel does automatically since 2014, so
there's no obvious reason to add extra work during boot to duplicate
that effort.
Bug: http://b/179086242
Test: treehugger
Change-Id: I44cce99a892e4f2a6a303c2126bd29f955f5fb23
None of them are necessary, and it's more intention-revealing to say
`c++2a` or whatever anyway.
Test: treehugger
Change-Id: Ie1df26499d160d6fc757d17fcb0121997bda14f9
Revert submission 1563392-remove_art_from_bootstrap
Reason for revert: Bug: 179002105
Reverted Changes:
I65e2a2089:Remove ART APEX from the bootstrap apexes
Ic20df80e2:Remove ART APEX from the bootstrap apexes
Change-Id: I474ab95805c5ca28e0bba91f3d226e8db5a7a9ea
ueventd.rc scripts belong in the /etc/ directory of their given
partition, not the root of the partition. This can cause problems,
especially since Android.bp cannot write to the root directly, forcing
vendors to use Android.mk for these files. Note that
/system/etc/ueventd.rc moved long ago.
Test: Tree-hugger
Change-Id: I2dcaafc3c3f687f76ab6bc38af979c8b43346db0
During device bringup, dynamic partitions may not be properly
configured by some sort of build or load misconfiguration. Diagnosing
such issues can be difficult without being able to see which partitions
are available and what they contain.
Aditionally, making logical partitions available to first stage console
permits early mounting of vendor partition and allows primitive
validation of vendor scripts without requiring full Android
environment. For instance, vendor_dlkm partition and modules can be
probed needing to have a full Android bootup.
Creation of logical partitions is done only when first_stage_console is
requested in order to have minimal impact on normal boot. Thus, only a
small refactor is required to split CreateLogicalPartitions out of
MountPartitions.
Bug: 174685384
Bug: 173732805
Change-Id: I82b7d77b9dc75af59b5e18b574e3eb99c8aff9e2
Signed-off-by: Elliot Berman <eberman@quicinc.com>
microdroid is the base image for on-device VMs. We will use Android
components (init, adbd, servicemanager, ...) on the VM as much as
possible.
Bug: 177630284
Test: m microdroid
Change-Id: I36890644baaaf8f441698411dd869ddb220734fb
For user who would like to retain the crash symptom and avoid device
from power cycle for live debugging, set
init.svc_debug.no_fatal.<svc_name> to "true" to skip FATAL reboot.
Bug: 177593855
Change-Id: I0bdb6191e5963c08e1ea301a60060acf916dd49b
This is used in cts tests to verify that algorithms in blocklist aren't
used to build the hashtree. The system properties are required to perform
the check on unrooted devices.
Bug: 175236047
Test: flash, getprop; atest CtsNativeVerifiedBootTestCases
Change-Id: I2dcfdb06f85dbe92cde45e836dd68e7bd835020f
This change will help non-user builds with keeping debugfs
disabled during run time. Instead, debugfs will be mounted by init
to enable boot time initializations to set up vendor debug data
collection and unmounted after boot. It will be also be mounted by
dumpstate for bug report generation and unmounted after.
This change is only intended to help vendors (who depend on debugfs to
collect debug information from userdebug/eng builds) keep debugfs
disabled during runtime. Platform code must not depend on debugfs at all.
Test: manual
Bug: 176936478
Change-Id: I2e89d5b9540e3de094976563682d4b8c5c125876
After Treblized, AOSP do not handle /factory folder. Also, AOSP
does not mount any partition to /factory. /factory has no possibility
to have any content. For factory purpose, it can be implemented in
vendor.
Bug: 177280838
Test: na
Change-Id: I0a2537336c2ef1efbad3e4f9e876aeaa607bc737
With compressed VAB updates, it is not possible to mount /system without
first running snapuserd, which is the userspace component to the dm-user
kernel module. This poses a problem because as soon as selinux
enforcement is enabled, snapuserd (running in a kernel context) does not
have access to read and decompress the underlying system partition.
To account for this, we split SelinuxInitialize into multiple steps:
First, sepolicy is read into an in-memory string.
Second, the device-mapper tables for all snapshots are rebuilt. This
flushes any pending reads and creates new dm-user devices. The original
kernel-privileged snapuserd is then killed.
Third, sepolicy is loaded from the in-memory string.
Fourth, we re-launch snapuserd and connect it to the newly created
dm-user devices. As part of this step we restorecon device-mapper
devices and /dev/block/by-name/super, since the new snapuserd is in a
limited context.
Finally, we set enforcing mode.
This sequence ensures that snapuserd has appropriate privileges with a
minimal number of permissive audits.
Bug: 173476209
Test: full OTA with VABC applies and boots
Change-Id: Ie4e0f5166b01c31a6f337afc26fc58b96217604e
Basically, ro.product.cpu.abilist* are defined by
ro.vendor.cpu.abilist*. And they can be overried by
ro.odm.cpu.abilist* and ro.product.cpu.abilist*.
ro.system.cpu.abilist* are for fallback if others are no defined.
Bug: 176520383
Test: check the result by flashing aosp_arm64-userdebug on
Test: aosp_blueline-user and aosp_blueline-user hacked by
Test: 64-bits-only
Change-Id: I01ae01af099a4ec8fe3d4525edecc233a477ff60
* In 'ActivateFlattenedApexesFrom', the 'readdir' detects
the APEX folders in a random way that depends on filesystems,
built packages and order of the build chain
* In normal cases, this is not an issue, however when building
with Go configurations, we have a case where the package
'com.android.tethering.inprocess' is built along the
'com.android.tethering' overriden binary, and depending on
the 'readdir' output, the mounts break the Tethering service
Change-Id: I8ac4a0284d8d885f732c71e846933869cf16a0bd
Signed-off-by: Adrian DC <radian.dc@gmail.com>
The firmware_handler.HandleAbort and subcontext.RecoverAfterAbort
tests intentionally abort in the child process to ensure that
ueventd/init can recover if their child processes die. This generates
a tombstone which causes confusion. This change resets SIGABRT to
SIG_DFL right before the abort(), so that the child processes will
exit normally without generating a tombstone or writing a crash to
logcat.
Bug: 169771958
Bug: 175383788
Test: run the above tests and verify no stack traces are printed to
logcat and no tombstones are generated.
Change-Id: Ica09548d1c7a766bf5d9ff2e26c9fd558e85c7c1
This makes it easier to associate logs written during the test with the
test case that was running.
Test: atest CtsInitTestCases
Change-Id: I832f1c9ba8358341c934fdd91a65f5739bc98e37
This hasn't helped investigating the issue, and the issue itself isn't
a problem anymore, so we remove these logs.
Bug: 155203339
Test: reboot
Change-Id: I20e51d8fcad5572906a8d556bec8a8dee4522834
* changes:
Add /metadata to ramdisk.
Also create dirs under /first_stage_ramdisk for GKI.
Refactor the list of empty dirs in ramdisk in its own list.
Revert "Move e2fsck into /first_stage_ramdisk."
Vendors have an interest in importing ueventd files based on certain
property values. Instead of baking this logic in the ueventd binary,
add the import option from the init parser to the ueventd parser, to
allow vendors to expand as needed.
Test: imported files are parsed
Change-Id: I674987fd48f3218e4703528c6d905b1afb5fb366
Now that GKI may not be writeable, also create /metadata at build time
to avoid error log at boot time.
Note that this also creates /first_stage_ramdisk/metadata in GKI.
[ 1.891172] init: [libfs_mgr]check_fs():
mount(/dev/block/by-name/metadata,/metadata,ext4)=-1: No such
file or directory
Bug: 173425293
Test: boots
Change-Id: I62d23c382ed1ad165c1d6598b3df41bd92206733
If the device uses GKI and generic ramdisk, also create
empty directories under /first_stage_ramdisk so that they
won't have to be created at runtime. This allows generic
ramdisk to be not writable.
Test: boots
Bug: 173425293
Change-Id: If987cb1d4af9f9ee94a43a4523f9e1465b01b16a
This reverts commit 3337e782e6.
Reason for revert: e2fsck is moved into vendor ramdisk and installed
to / or /first_stage_ramdisk depending on the device, so there is no
need to move it.
Bug: 173425293
Change-Id: I1eb431e6b2a1e0ba7d0da0278d076b6682a0156d
Test: boots
If a `*` appears within (but not at the end) of a /dev or /sys path in
a ueventd.rc file, then that path is matched with fnmatch() using the
FNM_PATHNAME, which means `*` will not match `/`. That is not always
the intended behavior and this change creates the no_fnm_pathname
option, which will not use the FNM_PATHNAME flag and will have `*`
match `/`.
Bug: 172880724
Test: these unit tests
Change-Id: I85b813d89237dbf3af47564e5cbf6806df5d412f
Current implementation updates the permissions of sysfs
nodes of a device upon the following actions: "add",
"change" and "online".
But certain sysfs nodes (ex: wakeup capabilities under
power management) of devices are not present when the
device is added, but these are generally dependent on
the device driver and are added once the driver is bound.
This is particularly common in USB host stack.
If the bind action events are not parsed the ueventd
will not update the permissions of these nodes.
Hence, add the support for updating permissions on
bind action as well.
Bug: 174215510
Test: Verified permissions updated on bind action
Change-Id: Ic1a147e3993ef78dd6c539bbae652e8107207b87
Linkerconfig will be moved into Runtime APEX, so
/system/bin/linkerconfig would not be available before APEX is mounted.
Use bootstrap linkerconfig instead during early init.
Bug: 165769179
Test: Cuttlefish boot succeeded
Change-Id: Iae41f325bbd5f5194aaf4613141860f913dfbff1
