Rebooting to these targets requires writing bootloader
messages and thus root. Moving them into init means that
adb, reboot don't need root to use these targets.
Test: try rebooting to these targets
Bug: 78793464
Change-Id: Ia002d1e3b1cb0c0616f60435fb9af4dce162cf84
We're moving past a world where static executables are needed,
including watchdogd, so treat this like any other executable and place
it in /system/bin.
Bug: 73660730
Test: watchdogd still runs
Change-Id: I1f7508fd55dce6e9ee72a6ab7a085011a76c0053
Some devices have modules.alias and modules.dep for modprobe and other
purposes but do not want to opt into ueventd auto loading their
modules. Therefore we add a flag that can be added to ueventd
configuration files to opt into this behavior.
Bug: 111916071
Bug: 112048758
Test: check that modules are loaded with this opt-in
Test: check that modules are not loaded without this opt-in
Change-Id: Ifb281b273059b4671eea1ca5bc726c9e79f3adfb
This change adds an explicit cleanup for the subcontext processes and
avoids them from respawning, which causes a bunch of LOG(FATAL)s when
the system is going down.
Bug: 80425914
Test: kill -TERM $INIT_PID, no crashes for subcontext inits
Change-Id: I135191d959c1dd921b102af316b24d2bc161d6c9
This CL is largely and adaptation of
Ie996def20e25dc1afe0c74af2096af844934b2dc
Bug: 80741439
Test: Successfully built product-services.img with one module in it, and
flashed on device. Also successfully built image with
/system/product-services and no dedicated /product-services partition.
Change-Id: I1046dfe19bf874da929c9131b76a1f85422fbb80
Merged-In: I1046dfe19bf874da929c9131b76a1f85422fbb80
For some platforms it is not known at build time what devices
will be attached at runtime. Building into the kernel or pre-loading
at init all the modules that could be needed would unnecessary bloat
the kernel. The solution is dynamic kernel module loading.
The kernel will generate uevents when devices are added, userspace
should monitor for these events and load the compatible modules.
The init process already monitors for uevents, add here the ability
to respond to modalias events and preform the correct action.
Adding this to init is preferred over an external program as we
can read and process the module alias and dependency files once,
instead of for each module needing to be loaded.
Test: Run on Beagle-X15, check all needed modules are loaded (lsmod)
Change-Id: I1b57d9aeb0a9770f309207183dc4bc2b7b905f14
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Executables should be in /system/bin
rather than sbin. Change lookup paths
in a few places to reflect this.
Test: recovery is in system/bin
Bug: 78793464
Change-Id: Ibcdff7abf1f21e2566e02cad8bdb3c26ee500534
This CL is largely and adaptation of
Ie996def20e25dc1afe0c74af2096af844934b2dc
Bug: 80741439
Test: Successfully built product-services.img with one module in it, and
flashed on device. Also successfully built image with
/system/product-services and no dedicated /product-services partition.
Change-Id: I1046dfe19bf874da929c9131b76a1f85422fbb80
In preparation for splitting first stage init from the rest of the
init executable, rename these files which are specifically involved in
first stage mount operations to a more appropriate name.
Test: builds
Change-Id: I8a2d4e8c7e1deea1bab45cc8e738727bc2ceb3e5
Clean up a few mistakes in logging initialization
1) Only init needs to clear stdout/stderr/stdin, so remove this from
ueventd, watchdogd, and subcontext init
2) Only init should reboot due to FATAL errors. This was true even
before this change due to getpid() checks, but there's no reason to
not just use the DefaultAborter for other processes.
3) It's probably a mistake for FATAL logs in init to try to gracefully
shutdown the system, so simply call RebootSystem() here.
4) Lastly, remove log.cpp since it's not actually shared code anymore
Test: build
Change-Id: Ic8c323393dc7ee98ed6bb9691361b51d0d915267
fs_mgr is used by several different
processes in both system and recovery,
so it makes sense for it to be a shared
library to save space.
libadbd is used by adbd, recovery (as minadbd)
and fastbootd so it should be shared as well.
Bug: 78793464
Test: compiles
Change-Id: I4225f4d1a44e6e5811c68a55595d1f94f0773114
Merged-In: I4225f4d1a44e6e5811c68a55595d1f94f0773114
(cherry picked from commit aacfc68acf)
This early code is no longer needed now that logical partitions can be
created and flashed normally.
Bug: 79173901
Test: N/A
Change-Id: I393ef23b3d3ce1cd9c80833358051838d0e9f333
When using AVB, init's first stage regenerates uevent to find the paths
of block devices for verified partitions. If it can't find them all, it
will panic, causing the device to boot to recovery.
This does not work with logical partitions, since devices for those
partitions are created later in the first stage. In fact, they cannot be
created until uevent regeneration completes, since logical partitions are
are created by finding the "super" partition.
To address this we exclude logical partitions (as marked in fstab) from
the device finding process. Note that partitions moved from GPT to liblp
will no longer appear in by_name_symlink_map_.
Bug: 79173901
Test: AVB 2.0 device boots after deleting the vendor partition,
creating a super partition, and flashing it with a dynamic
vendor partition.
Change-Id: I19371b05912240480dc50864a2c04131258a7103
Since some vendors will have firmware in mount points in
/mnt/vendor/..., we extend the ueventd script language to allow
specifying the firmware directories.
Also, move the existing 4 directories to ueventd.rc as a primary user
of this mechanism.
Bug: 111337229
Test: boot sailfish; firmwares load
Change-Id: I0854b0b786ad761e40d2332312c637610432fce2
1. init creates /mnt/product used to mount product-specific rw partitions.
2. If a device tree fstab entry for early mount specifies a mount point
under /mnt/product e.g. /mnt/product/foo, init will create
/mnt/product/foo mount point.
Bug: 110808288
Test: change dt fstab entry to mount /mnt/product/foo; mount point is
created correctly, and partition is mounted in early mount.
Change-Id: I321e314992abe1084fd67a382c205f5c0c92bf3d
After dealing with some specical escape characters('\n','\r','\t','\\',"\r\n")
it doesn't goto the next position in the next loop, so it process the current
character twice.
For example, when parsing the string "test\ntoken" we expect the
"test'\n'token" but actually we got the "test'\n'ntoken"
Test: have espace characters in init .rc files
Change-Id: I015c087a5c6e5ee9c490f29a83b15b89443f7f81
Signed-off-by: liwugang <liwugang@xiaomi.com>
This functionality is useful for improving boottimes on the ARC++
project. Without this change, ro.serialno would be set to the empty
string when androidboot.serialno was unset in the kernel commandline.
Bug: 62039211
Test: boot with androidboot.serialno unset and ensure ro.serialno is
unset
Change-Id: Iaee339dfa3f0c871e5e9c1fc0534347f2b3e8a07
Let's start by fixing the build, then see how possible this will be to do fully.
Bug: 110477913
Test: n/a
Change-Id: If52e15bd070781a405c5494631ede033c1067903
Also get rid of the copy in parser. There's no incentive to switch to
a tokenizer that doesn't modify the input, nor is there a reason to
waste cycles making a copy of every init script as its processed.
Bug: 36970783
Test: boot
Change-Id: I8aca9c9d6f1961e1ab35dee50691a6791fc6ec66
Currently, init can create logical partitions by hardcoding them in
fs_mgr or by specifying them in device-tree. This change allows init to
also create logical partitions by using liblp, which stores partition
tables in a physical partition. The current name for this partition is
"android".
Two aspects of this code will change long-term. One, the prototype code
using device-tree will be deleted once fastboot supports logical
partitions. Two, libdm will obsolete most of the code in
fs_mgr_dm_linear.cpp. For now however we preserve how the prototype code
functions and we layer liblp on top of the existing dm_linear logic.
Bug: 79173901
Test: N/A
Change-Id: If014a109da78fa12269bf0df0dda39028ac2d1aa
init is now dynamically linked to libselinux. This gives us about 100KB
extra space, which is valuable in the recovery partition.
Bug: 63673171
Test: m -j
Test: adb reboot recovery
Change-Id: I72c4f886cbbb9ce54f8221f05547f5b9f0e1adb0
It's not going to be possible to safely assume $OUT has the right init
scripts to be parsed at a given point, so instead we fall back to
parsing init scripts individually.
This isn't a full revert of the previous commits. We retain parsing
correctness of the 'import' statements and we retain using the new
host side property functionality.
Also, fix a bug where main was not actually returning -1 on failure
Bug: 36970783
Test: testing individual files still works correctly
Change-Id: I4ae5620f234caa08993deb2c30825904a75f6654
init need find required devices and it some times takes a long time due
to rogue drivers. Add a warning if the timing is longer than 50ms.
Bug: 80494921
Test: Reboot
Change-Id: I8f937d7ca7127dc89ed76bb6e5f1781459d5c94a
Init never checked the return values of the calls made during first
stage init (since of course they're not going to fail, right?). But
of course commands can fail and they might not necessarily be obvious
when they do, so let's make it obvious.
Since the kernel log isn't up until later, this creates a list of the
failures that can then be sent to the kernel log once it's ready
(pending of course failures in setting it up...)
Test: boot bullhead, don't see errors
Change-Id: I8c12c61fa12e4368346e8b0e1c0bb0844b5d0377
When adding a new error case for host_init_parser, I didn't handle the
individual line callbacks used for ueventd correctly. This change
fixes that.
Test: bullhead boots without extraneous ueventd warnings
Change-Id: I56cad854b0defd936a7fbcab73fe2f2963c0e2e4
recovery partition now supports shared librarys. Therefore, init can now
be built as a dynamic executable both for normal and recovery modes.
To save save in the recovery mode, not all libs are dynamically linked.
Libs that are only used by init in the recovery mode are still
statically linked.
Note: init is still a static executable for legacy devices where
system-as-root is not on, because the dynamic linker and shared libs
which are in /system are not available when init starts.
Bug: 63673171
Test: `adb reboot recovery; adb devices` shows the device ID
Test: device boots to the UI in normal mode.
Test: do that for both walleye (system-as-root) and bullhead (legacy
ramdisk).
Change-Id: I30c84ae6a8e507e507ad0bb71acad281316d9e90
Bug: 36970783
Test: test bullhead successfully at TOT
Test: create errors and check that they're caught
Test: create uid in passwd and check that it's successful
Change-Id: I237fb8df16a294757fe898bdbbd42e850bcb8301
Allow specifying properties on the command line when running host init
verifier. This is needed particularly for importing files that have a
property expansion in their path.
Handle the import statement on host, basing paths off of the out
directory of Android builds.
Bug: 36970783
Test: verify that bullhead imports the correct files and checks them
Change-Id: I4fe263016b3764a372708b559bc0c739b1b7e5e3
Drop all references to keychord_id and id and instead use keycodes_
as the id. The keycodes are a std::vector<int> with an unique
sorted-order emplacement method added in the parser. Solves the
academic issue with duplicate keychords and trigger all services
that match rather than first match only.
Test: init_tests
Bug: 64114943
Change-Id: I5582779d81458fda393004c551c0d3c03d9471e0
Move things around so that keychords.cpp is independent of service
and init and can be individually tested with few dependencies.
Permits also rolling out the keychords as a class in a future commit.
Improve parser checking.
Test: init_tests
Bug: 64114943
Change-Id: I82570bc6269ed478db784ec38a8bc916da2be2be
Currently, permissions for ctl. property apply to each action verb, so
if a domain has permissions for controlling service 'foo', then it can
start, stop, and restart foo.
This change implements finer grainer permissions such that permission
can be given to strictly start a given service, but not stop or
restart it. This new permission scheme is mandatory for the new
control functions, sigstop_on, sigstop_off, interface_start,
interface_stop, interface_restart.
Bug: 78511553
Test: see appropriate successes and failures based on permissions
Merged-In: I6ce915ae39954a67eb6fe1795a93cf715c352ae4
Change-Id: I6ce915ae39954a67eb6fe1795a93cf715c352ae4
(cherry picked from commit 1debdcf1cf)
Currently, permissions for ctl. property apply to each action verb, so
if a domain has permissions for controlling service 'foo', then it can
start, stop, and restart foo.
This change implements finer grainer permissions such that permission
can be given to strictly start a given service, but not stop or
restart it. This new permission scheme is mandatory for the new
control functions, sigstop_on, sigstop_off, interface_start,
interface_stop, interface_restart.
Bug: 78511553
Test: see appropriate successes and failures based on permissions
Change-Id: I6ce915ae39954a67eb6fe1795a93cf715c352ae4
It's currently not clear that the error no indicating the
failure to invoke the library function. This change introduces
logs at the failing of socket connect, that could be clearly
get the true reason.
Test: Set system property with failed, and socket recv errno
log will show
Change-Id: I36bf66988811f953e679d1c5a468de0bf1ab0a05
Signed-off-by: Jinguang Dong <dongjinguang@huawei.com>
Add the ability to enter a network namespace when launching a service.
Typical usage of this would be something similar to the below:
on fs
exec ip netns add namespace_name
service vendor_something /vendor/...
capabilities <lower than root>
user not_root
enter_namespace net /mnt/.../namespace_name
Note changes to the `ip` tool are needed to create the namespace in
the correct directory.
Bug: 73334854
Test: auto team verified
Merged-In: Ifa91c873d36d69db399bb9c04ff2362518a0b07d
Change-Id: Ifa91c873d36d69db399bb9c04ff2362518a0b07d
(cherry picked from commit aead51b418)
During uevent processing, some "by-name" symlinks will be created.
/dev/block/<type>/<device>/by-name/<partition>
<type> can be: platform, pci or vbd.
<device> might be: soc.0/f9824900.sdhci, soc.0/f9824900.sdhci, etc.
<partition> might be: system, vendor, system_a, system_b, etc.
e.g., on a non-A/B device:
/dev/block/platform/soc.0/f9824900.sdhci/by-name/system
/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor
On a A/B device:
/dev/block/platform/soc/1da4000.ufshc/by-name/system_a
/dev/block/platform/soc/1da4000.ufshc/by-name/system_b
/dev/block/platform/soc/1da4000.ufshc/by-name/vendor_a
/dev/block/platform/soc/1da4000.ufshc/by-name/vendor_b
However, those symlinks are "device-specific".
This change adds the "generic" symlinks in ueventd, in addition to
the existing symlinks, when the possible "boot devices" are specified
in device tree. e.g.,
&firmware_android {
compatible = "android,firmware";
boot_devices ="soc/1da4000.ufshc,soc.0/f9824900.sdhci";
}
The following symlinks will then be created on the aforementioned non-A/B
and A/B devices, respectively.
/dev/block/by-name/system
/dev/block/by-name/vendor
/dev/block/by-name/system_a
/dev/block/by-name/system_b
/dev/block/by-name/vendor_a
/dev/block/by-name/vendor_b
Note that both <type> and <device> are skipped in the newly create symlinks.
It assumes there is no more than one devices with the same <partition>,
which is the assumption of current first stage mount flow.
Finally, when 'boot_devices' in DT is absent, it fallbacks to extract
'boot_devices' from fstab settings. e.g., using 'soc/1da4000.ufshc',
'soc.0/f9824900.sdhci' for a fstab with the following content:
/dev/block/platform/soc/1da4000.ufshc/by-name/system
/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor
Bug: 78613232
Test: adb shell ls /dev/block/by-name
Change-Id: Iec920b5a72409b6a2bdbeeb290f0a3acd2046b5d
Merged-In: Iec920b5a72409b6a2bdbeeb290f0a3acd2046b5d
(cherry picked from commit 8eec38f4e4)
The uevent.partition_num easily collides between partitions, for
example:
Both /dev/block/sda3 and /dev/block/sdd3 will generate the same symlink:
/dev/block/platform/soc/1da4000.ufshc/by-num/p3
This change remove those by-num symlinks as there seems no effective
user of it.
Bug: 78613232
Test: m init_tests && \
adb push $OUT/data/nativetest64/init_tests/init_tests /data/. && \
adb shell /data/init_tests
Change-Id: I8dfa8dc1a2f9fc9296aa30f33e905bf158b501de
Merged-In: I8dfa8dc1a2f9fc9296aa30f33e905bf158b501de
(cherry picked from commit 95591bd00e)
Add the ability to enter a network namespace when launching a service.
Typical usage of this would be something similar to the below:
on fs
exec ip netns add namespace_name
service vendor_something /vendor/...
capabilities <lower than root>
user not_root
enter_namespace net /mnt/.../namespace_name
Note changes to the `ip` tool are needed to create the namespace in
the correct directory.
Bug: 73334854
Test: not yet
Change-Id: Ifa91c873d36d69db399bb9c04ff2362518a0b07d
During uevent processing, some "by-name" symlinks will be created.
/dev/block/<type>/<device>/by-name/<partition>
<type> can be: platform, pci or vbd.
<device> might be: soc.0/f9824900.sdhci, soc.0/f9824900.sdhci, etc.
<partition> might be: system, vendor, system_a, system_b, etc.
e.g., on a non-A/B device:
/dev/block/platform/soc.0/f9824900.sdhci/by-name/system
/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor
On a A/B device:
/dev/block/platform/soc/1da4000.ufshc/by-name/system_a
/dev/block/platform/soc/1da4000.ufshc/by-name/system_b
/dev/block/platform/soc/1da4000.ufshc/by-name/vendor_a
/dev/block/platform/soc/1da4000.ufshc/by-name/vendor_b
However, those symlinks are "device-specific".
This change adds the "generic" symlinks in ueventd, in addition to
the existing symlinks, when the possible "boot devices" are specified
in device tree. e.g.,
&firmware_android {
compatible = "android,firmware";
boot_devices ="soc/1da4000.ufshc,soc.0/f9824900.sdhci";
}
The following symlinks will then be created on the aforementioned non-A/B
and A/B devices, respectively.
/dev/block/by-name/system
/dev/block/by-name/vendor
/dev/block/by-name/system_a
/dev/block/by-name/system_b
/dev/block/by-name/vendor_a
/dev/block/by-name/vendor_b
Note that both <type> and <device> are skipped in the newly create symlinks.
It assumes there is no more than one devices with the same <partition>,
which is the assumption of current first stage mount flow.
Finally, when 'boot_devices' in DT is absent, it fallbacks to extract
'boot_devices' from fstab settings. e.g., using 'soc/1da4000.ufshc',
'soc.0/f9824900.sdhci' for a fstab with the following content:
/dev/block/platform/soc/1da4000.ufshc/by-name/system
/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor
Bug: 78613232
Test: adb shell ls /dev/block/by-name
Change-Id: Iec920b5a72409b6a2bdbeeb290f0a3acd2046b5d
The uevent.partition_num easily collides between partitions, for
example:
Both /dev/block/sda3 and /dev/block/sdd3 will generate the same symlink:
/dev/block/platform/soc/1da4000.ufshc/by-num/p3
This change remove those by-num symlinks as there seems no effective
user of it.
Bug: 78613232
Test: m init_tests && \
adb push $OUT/data/nativetest64/init_tests/init_tests /data/. && \
adb shell /data/init_tests
Change-Id: I8dfa8dc1a2f9fc9296aa30f33e905bf158b501de
This adds an API to fs_mgr for reading dm-linear tables out of device trees
and issuing device-mapper ioctls. The device tree code will be
implemented separately. The dm-linear structures in fs_mgr are organized
assuming we may want to pull them from sources other than DT (for
example, text files, binary blobs, or something hardcoded for testing).
File systems which are mounted from these logical partitions have
specific fstab requirements. The block device must be a partition name,
and if Verified Boot is used, that name must match the vbmeta partition name.
Second, the entry must have the "logical" fs_mgr flag. Example fstab
entry:
vendor /vendor ext4 ro wait,logical
Example fstab entry in device tree:
vendor {
compatible = "android,fstab";
dev = "vendor";
type = "ext4";
mnt_flags = "ro";
fs_mgr_flags = "wait,slotselect,avb,logical";
};
Bug: 78914864
Test: N/A
Change-Id: I4d8878ea8858f26310119616cadc3ee0dd08566c
Since event sources can come and go asynchronously because of delayed
driver instantiation due to initialization or firmware upload, USB
attched devices, kernel module loads, or test automation sources like
monkey, add in inotify on /dev/input/ to support these possibilities.
Test: manual, boot, check registered chord works
Bug: 64114943
Change-Id: Ie598bb6f5bf94b2034ab33cf3be7fa15d3467141
GetIntProperty() isn't used after
Ied46e9346b4ca7931aa4dcf1c9dbc11de0e12d93, so it can be removed.
Test: build
Change-Id: I5736f553db1a615d51b8fe3cbf9b4aee89451076
FindService can't be used w/ interfaces due
to the fact that multiple interfaces can be
added to any given interface.
Bug: 79418581
Test: boot device, manually use ctl commands
Change-Id: I7c152630462c9b7509473bc190f5b30460fcc2bc
e.x.:
interface_start android.hardware.nfc@1.0/default
onrestart interface_restart android.hardware.nfc@1.0/default
Fixes: 79418581
Test: add this to a service, and killing that service, light is restarted
onrestart interface_restart android.hardware.light@2.0::ILight/default
Change-Id: Ia7ac9380f01038752325cfbe030df1dd4a5665e2
Replace deprecated /dev/keychord driver with /dev/input/ interface.
Will restrict which nodes are active and relevant, and try to mask
out any unreferenced inputs with EVIOCSMASK if available.
Test: manual, boot, check registered chord works
Bug: 64114943
Change-Id: I2bbf84a6e472d720f02282e10d56795b75ac62d1
This commit uses vendor sepolicy file version (defined in
`/vendor/etc/selinux/plat_sepolicy_vers.txt`) to determine whether the
source context should be set as `u:r:vendor_init:s0`.
Before this commit, the criterion was `ro.vndk.version` >= 28. However,
the check in `property_service.cpp` will always be true because
`ro.vndk.version` hasn't been loaded from `/vendor/default.prop`.
Furthermore, under some circumstances, `ro.vndk.version` may be
different from `plat_sepolicy_vers.txt` (e.g. O-MR1 vendor does not
define `ro.vndk.version`).
Bug: 78605339 # high-level bug to combine O-MR1 and P GSI
Bug: 79135481 # the usage of `ro.vndk.version` in init
Test: vts-tradefed run vts -m VtsTrebleVintfTest # tetheroffload
Change-Id: Ied46e9346b4ca7931aa4dcf1c9dbc11de0e12d93
Merged-In: Ied46e9346b4ca7931aa4dcf1c9dbc11de0e12d93
This commit uses vendor sepolicy file version (defined in
`/vendor/etc/selinux/plat_sepolicy_vers.txt`) to determine whether the
source context should be set as `u:r:vendor_init:s0`.
Before this commit, the criterion was `ro.vndk.version` >= 28. However,
the check in `property_service.cpp` will always be true because
`ro.vndk.version` hasn't been loaded from `/vendor/default.prop`.
Furthermore, under some circumstances, `ro.vndk.version` may be
different from `plat_sepolicy_vers.txt` (e.g. O-MR1 vendor does not
define `ro.vndk.version`).
Bug: 78605339 # high-level bug to combine O-MR1 and P GSI
Bug: 79135481 # the usage of `ro.vndk.version` in init
Test: vts-tradefed run vts -m VtsTrebleVintfTest # tetheroffload
Change-Id: Ied46e9346b4ca7931aa4dcf1c9dbc11de0e12d93
In order to support dm-linear devices, we need an additional first-stage
step to ensure that required devices are created. This must happen before
setting up dm-verity or mounting any first-stage partitions.
This patch refactors FirstStageMount so that having a compatible fstab
is optional. This will let us use InitRequiredDevices on systems that
would not otherwise perform first-stage mounts.
Bug: 78914864
Test: non-AVB devices still boot
Change-Id: I11265375a9900d983da8cabcc77d32c503ded02e
Related AOSP changes:
1. https://android-review.googlesource.com/#/c/platform/system/core/+/405009/
2. https://android-review.googlesource.com/#/c/platform/system/core/+/532637/
The second CL raises a FATAL error when it detects fstab-dt has no content
during first-stage mount. However, with the first CL, the fstab-dt entry
might be "skipped" when bootloader sets the status property to a value
other than "ok"/"okay". (e.g., to skip mounting /vendor on upgrading
devices which have no vendor partition).
Use LOG(INFO) when there is nothing to mount here. The later stages
should trigger a FATAL error when some important files in those
partitions are not available, e.g., SEPolicy files.
Bug: 78441220
Test: boot a device
Change-Id: Iae2f47d455679298bdb067d96b771a30c1a82e6f
Merged-In: Iae2f47d455679298bdb067d96b771a30c1a82e6f
(cherry picked from commit 8fe363f260)
Related AOSP changes:
1. https://android-review.googlesource.com/#/c/platform/system/core/+/405009/
2. https://android-review.googlesource.com/#/c/platform/system/core/+/532637/
The second CL raises a FATAL error when it detects fstab-dt has no content
during first-stage mount. However, with the first CL, the fstab-dt entry
might be "skipped" when bootloader sets the status property to a value
other than "ok"/"okay". (e.g., to skip mounting /vendor on upgrading
devices which have no vendor partition).
Use LOG(INFO) when there is nothing to mount here. The later stages
should trigger a FATAL error when some important files in those
partitions are not available, e.g., SEPolicy files.
Bug: 78441220
Test: boot a device
Change-Id: Iae2f47d455679298bdb067d96b771a30c1a82e6f
Changes to init's behavior during early mount:
1. Mounting of tmpfs on /mnt is moved from init stage to early mount.
2. init creates /mnt/vendor used to mount vendor partitions.
3. If a device tree fstab entry for early mount specifies a mount point
under /mnt/vendor e.g. /mnt/vendor/foo, init will create
/mnt/vendor/foo mount point.
Bug: 64905218
Test: change dt fstab entry to mount persist to /mnt/vendor/persist;
mount point is created correctly, and partition is mounted in early
mount. See go/pag/1069774
Test: device boots with /mnt/vendor and previous contents of /mnt present,
and selinux label "mnt_vendor_file" is applied correctly.
Test: cts-tradefed run commandAndExit cts --skip-all-system-status-check
--primary-abi-only --skip-preconditions -m CtsAppSecurityHostTestCases
-t android.appsecurity.cts.PermissionsHostTest
Change-Id: I3739130739eadf508355c7f2531366fcaed74175
Merged-In: I3739130739eadf508355c7f2531366fcaed74175
(cherry picked from commit b511475664)
Changes to init's behavior during early mount:
1. Mounting of tmpfs on /mnt is moved from init stage to early mount.
2. init creates /mnt/vendor used to mount vendor partitions.
3. If a device tree fstab entry for early mount specifies a mount point
under /mnt/vendor e.g. /mnt/vendor/foo, init will create
/mnt/vendor/foo mount point.
Bug: 64905218
Test: change dt fstab entry to mount persist to /mnt/vendor/persist;
mount point is created correctly, and partition is mounted in early
mount. See go/pag/1069774
Test: device boots with /mnt/vendor and previous contents of /mnt present,
and selinux label "mnt_vendor_file" is applied correctly.
Test: cts-tradefed run commandAndExit cts --skip-all-system-status-check
--primary-abi-only --skip-preconditions -m CtsAppSecurityHostTestCases
-t android.appsecurity.cts.PermissionsHostTest
Change-Id: I3739130739eadf508355c7f2531366fcaed74175
An earlier such change was reverted in commit e242a97db5.
Bug: 70487538
Test: ensure that angler can boot
Merged-In: Id5f57fce1c9b817a2650e0c848143d8a0d286bf0
Change-Id: Id5f57fce1c9b817a2650e0c848143d8a0d286bf0
An earlier such change was reverted in commit e242a97db5.
Bug: 70487538
Test: ensure that angler can boot
Merged-In: Id5f57fce1c9b817a2650e0c848143d8a0d286bf0
Change-Id: Id5f57fce1c9b817a2650e0c848143d8a0d286bf0
Do not restrict vendor_init restrictions on vendor images that were
built before P, as they will not have the correct permissions.
Bug: 77732028
Test: test new devices and see vendor_init still works
Merged-In: I636a07b54fbfb248e1d1a68a8f3c4d047fd5a9e9
Change-Id: I636a07b54fbfb248e1d1a68a8f3c4d047fd5a9e9
(cherry picked from commit a1dbeb8d33)
