| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A service with 'updatable' option can be overriden by the same service
definition in APEXes.
/system/etc/init/foo.rc:
service foo /system/bin/foo
updatable
/apex/myapex/etc/init.rc:
service foo /apex/myapex/bin/foo
override
Overriding a non-updatable (i.e. without updatable option) service
from APEXes is prohibited.
When an updatable service is started before APEXes are all activated,
the execution is delayed until when the APEXes are all activated.
Bug: 117403679
Test: m apex.test; adb push <built_apex> /data/apex; adb reboot
adb shell, then lsof -p $(pidof surfaceflinger) shows that
the process is executing
/apex/com.android.example.apex@1/bin/surfaceflinger instead of
/system/bin/surfaceflinger
Change-Id: I8a57b8e7f6da81b4d2843e261a9a935dd279067c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Init now parses *.rc files from the APEXs when the apexd notifies the
mount event via apexd.status sysprop.
Bug: 117403679
Test: m apex.test; adb root; adb push <builtfile> /data/apex; adb reboot
adb root; adb shell setprop ctl.start apex.test; dmesg shows that init
tries to start the service which doesn't exist.
[ 47.979657] init: Could not ctl.start for 'apex.test': Cannot find '/apex/com.android.example.apex/bin/test': No such file or directory
Change-Id: I3f12355346eeb212eca4de85b6b73257283fa054
|
| |
|
|
|
|
|
|
|
|
| |
The file-based encryption setup code is being refactored into its own
library because it applies to both ext4 and f2fs, not just ext4. Update
init to use the new location. For fs_mgr, just remove the include of
ext4_crypt_init_extensions.h since it was unneeded.
Test: built, booted device with f2fs encryption
Change-Id: I392a763e3349f001bdbc09eb9ca975aa3451fd68
|
| |
|
|
|
|
|
|
|
| |
It's better to either check these results or explicitly ignore them.
Only a few callers weren't already doing this, so it's relatively
trivial to enforce.
Test: build
Change-Id: I44cdc342e46128f66cac914aaa0b9b4559cacd8c
|
| |
|
|
|
|
|
|
|
|
|
| |
e.x.:
interface_start android.hardware.nfc@1.0/default
onrestart interface_restart android.hardware.nfc@1.0/default
Fixes: 79418581
Test: add this to a service, and killing that service, light is restarted
onrestart interface_restart android.hardware.light@2.0::ILight/default
Change-Id: Ia7ac9380f01038752325cfbe030df1dd4a5665e2
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Bug: 77335096
Test: device boots twice with and without metadata encryption
Change-Id: Iaed78288cb37865ba23833721b73b11414e7e862
|
| |/
|
|
|
|
|
|
|
| |
An earlier such change was reverted in commit e242a97db547dc73efea1b5287536be66637dc33.
Bug: 70487538
Test: ensure that angler can boot
Merged-In: Id5f57fce1c9b817a2650e0c848143d8a0d286bf0
Change-Id: Id5f57fce1c9b817a2650e0c848143d8a0d286bf0
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 959b05553576ffc15da4334a5917ce763611ab82.
Reason for revert: b/73968735
Bug: 73968735
Test: b/73968735#comment5
Change-Id: Ifce4c029bab7380c60e20cc2b2885beb4a097456
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Create a host side parser for init such that init rc files can be
verified for syntax correctness before being used on the device.
Bug: 36970783
Test: run the parser on init files on host
Change-Id: I7e8772e278ebaff727057308596ebacf28b6fdda
|
| |\| |
|
| | |
| |
| |
| |
| |
| | |
Test: Roll back PLATFORM_SECURITY_PATCH, ensure recovery dialog is seen
Bug: 70487538
Change-Id: Iceb6af3f9d6aea6bc646dbb4b5d29dffcb284736
|
| | |
| |
| |
| |
| |
| | |
Bug: 36970783
Test: build
Change-Id: I08fa39052236b462249f79de1d02bf02bdbf4c84
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
mount operations should be done in vendor init context, but their
complexity currently limits this. Add a TODO to make this reason
clear to those viewing the code.
Bug: 72488820
Test: N/A
Change-Id: I8b6dd92aa79f31dc24603559ed6de0815facfcba
|
| |/
|
|
|
|
|
|
|
| |
Don't use the FDE flow to support metadata encryption; just use the
vold service which directly mounts the volume.
Bug: 63927601
Test: Boot Taimen to SUW with and without metadata encryption.
Change-Id: Idf9c27a69872cd7a9e2fb76df09a91d8e5ef4896
|
| |
|
|
|
|
|
|
|
| |
Finishing a TODO from vendor_init, check SELinux permissions before
setting properties in vendor_init.
Bug: 62875318
Test: N/A
Change-Id: I3cb6abadd2613ae083705cc6b9c970587b6c6b19
|
| |
|
|
|
|
|
|
|
|
|
| |
Init currently sets the SELinux context on a mkdir but not on
other operations. This patch modifies it to do so when creating
symlinks, writing to a file, or copying a file.
Test: Built, flashed, and booted. Added fake init entries and
verified that they received the proper SELinux context.
Change-Id: I836b570fef81d74f3b6c8e7ce0274e94ca7b12d3
|
| |\
| |
| |
| |
| |
| | |
am: 6e52973623
Change-Id: I160bedcb91668ccf2b663c36835871d21be2db8b
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
wait_for_prop sets a flag that prevents the action queue from
continuing while otherwise allowing init's main loop to continue
executing. This cannot be done from a subcontext, so it's moved to
normal init.
All property functions need work in any case, particularly once
property_service is moved out of init.
Bug: 62875318
Test: boot sailfish and see that the previous failure related to this
is fixed
Change-Id: Ib9e0d0bdbd0ff22ab0e5c3fe6db620700af266c6
|
| |\|
| |
| |
| |
| |
| | |
am: 533fbd62ab
Change-Id: I7a05ae9f806a23d04d649fb230e2875633b2caee
|
| | |
| |
| |
| |
| | |
Test: boot system with this logging and see appropriate failures
Change-Id: I312dca89f6215afe05b10b2539258a212a0c1ae2
|
| |\|
| |
| |
| |
| |
| | |
am: 8e09b0b953
Change-Id: I7e0272f29bd8bab029a9f9c07aa413c9172f6f5a
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
One of the major aspects of treble is the compartmentalization of system
and vendor components, however init leaves a huge gap here, as vendor
init scripts run in the same context as system init scripts and thus can
access and modify the same properties, files, etc as the system can.
This change is meant to close that gap. It forks a separate 'subcontext'
init that runs in a different SELinux context with permissions that match
what vendors should have access to. Commands get sent over a socket to
this 'subcontext' init that then runs them in this SELinux context and
returns the result.
Note that not all commands run in the subcontext; some commands such as
those dealing with services only make sense in the context of the main
init process.
Bug: 62875318
Test: init unit tests, boot bullhead, boot sailfish
Change-Id: Idf4a4ebf98842d27b8627f901f961ab9eb412aee
|
| |\|
| |
| |
| |
| |
| | |
am: 424ed42fb4
Change-Id: I9529146ea9b29b2fb2e2c92f3533efc4e3106943
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This command functions similarly to `exec` except that it does not
cause init to halt executing commands until the process has
terminated. It is useful for launching simple one time background
tasks.
Bug: 65736247
Test: create an exec_background service and see it function properly
Change-Id: I719c8b85479b65201770aedc0a13191303007c11
|
| |\| |
| | |
| | |
| | |
| | |
| | | |
am: b92415cee2
Change-Id: I4137679d88e58c706f14adeeaf84b41426079de4
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Builtin commands may set the sys.powerctl property, which causes
reboot to be immediately processed. Unfortunately, part of the reboot
processing involves clearing the action queue, so when this scenario
happens, ActionManager::ExecuteOneCommand() can abort due to its state
being unexpectedly changed.
Longer term, the real fix here is to split init and property service.
In this case, the property sets will be sent to property service and
the reboot will only be processed once property service responds back
to init that the property has been set. Since that will not happen
within the action queue, there will be no risk of failure.
Short term, this change sets a flag in init to shutdown the device
before the next action is run, which defers the shutdown enough to fix
the crash, but continues to prevent any further commands from running.
Bug: 65374456
Test: force bullhead into the repro case and observe that it no longer
repros
Change-Id: I89c73dad8d7912a845d694b095cab061b8dcc05e
|
| |\|
| |
| |
| |
| |
| | |
am: 61cb88add2
Change-Id: If0a495fa067440f0b59969ac0dbc010b4687b52f
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows Android to cleanly shutdown when running in a PID namespace
in a way that does not rely on adbd running. This is useful to allow
Android to be running in a container and its lifetime managed by an
OCI-compliant tool.
Bug: 65415372
Test: `kill -TERM 1` as root is correctly dropped.
Test: `kill -TERM 1` from the init PID namespace causes init to cleanly shutdown.
Change-Id: Ia66ebdb436221919081bc4723337c0c7f1e53b09
|
| |\|
| |
| |
| |
| |
| | |
am: d97a1710b8
Change-Id: I2a49bd384b1fe621314916c1f325c03b7fa43162
|
| | |
| |
| |
| |
| |
| | |
Bug: 62413151
Test: boottime, dumpcache
Change-Id: I1a7b69f0619428e4db31c5a7639c5d895c89ecdb
|
| |\|
| |
| |
| |
| |
| | |
am: 459aa1cac6
Change-Id: I4ef5abc3371ce52783bfb14669bcffe33febb73e
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a new service option, `rlimit` that allows a given rlimit to be
set for a specific service instead of globally.
Use the same parsing, now allowing text such as 'cpu' or 'rtprio'
instead of relying on the enum value for the `setrlimit` builtin
command as well.
Bug: 63882119
Bug: 64894637
Test: boot bullhead, run a test app that attempts to set its rtprio to
95, see that the priority set fails normally but passes when
`rlimit rtprio 99 99` is used as its service option.
See that this fails when `rlimit rtprio 50 50` is used as well.
Test: new unit tests
Change-Id: I4a13ca20e8529937d8b4bc11718ffaaf77523a52
|
| |\|
| |
| |
| |
| |
| | |
am: a78b5b300b
Change-Id: I0e4221611fb34489b2ecdd713933a2e4ba4e5055
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Enable error reporting when builtin functions fail. These errors are
now reported with full context including the source file and line
number, e.g.
init: Command 'write /sys/module/subsystem_restart/parameters/enable_debug ${persist.sys.ssr.enable_debug}' action=early-boot (/init.bullhead.rc:84) took 0ms and failed: cannot expand '${persist.sys.ssr.enable_debug}'
There are two small caveats:
1) There are nearly 200 reports of builtins failure due to "No such
file or directory". Many of these are due to legacy paths included
in rootdir/init.rc. Until they are cleaned up, reporting of these
failures is disabled.
2) Similarly, symlink is often used to create backwards compatible
symlinks. By their very nature, these calls are expected to fail
on newer systems that do already use the new path. Due to this,
failures of symlink due to EEXIST are not reported.
Bug: 38038887
Test: boot bullhead, only see true errors reported from builtins.
Change-Id: I316c13e3adc992cacc6d79ffee987adc8738fca0
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Log Service failures via Result<T> such that their context can be
captured when interacting with services through builtin functions.
Test: boot bullhead
Change-Id: I4d99744d64008d4a06a404e3c9817182c6e177bc
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Init keep its own copy of the environment that it uses for execve when
starting services. This is unnecessary however as libc already has
functions that mutate the environment and the environment that init
uses is clean for starting services. This change removes init's copy
of the environment and uses the libc functions instead.
This also makes small clean-up to the way the Service class stores
service specific environment variables.
Test: boot bullhead
Change-Id: I7c98a0b7aac9fa8f195ae33bd6a7515bb56faf78
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We currently throw out the return values from builtin functions and
occasionally log errors with no supporting context. This change uses
the newly introduced Result<T> class to communicate a successful result
or an error back to callers in order to print an error with clear
context when a builtin fails.
Example:
init: Command 'write /sys/class/leds/vibrator/trigger transient' action=init (/init.rc:245) took 0ms and failed: Unable to write to file '/sys/class/leds/vibrator/trigger': open() failed: No such file or directory
Test: boot bullhead
Merged-In: Idc18f331d2d646629c6093c1e0f2996cf9b42aec
Change-Id: Idc18f331d2d646629c6093c1e0f2996cf9b42aec
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
init tries to propagate error information up to build context before
logging errors. This is a good thing, however too often init has the
overly verbose paradigm for error handling, below:
bool CalculateResult(const T& input, U* output, std::string* err)
bool CalculateAndUseResult(const T& input, std::string* err) {
U output;
std::string calculate_result_err;
if (!CalculateResult(input, &output, &calculate_result_err)) {
*err = "CalculateResult " + input + " failed: " +
calculate_result_err;
return false;
}
UseResult(output);
return true;
}
Even more common are functions that return only true/false but also
require passing a std::string* err in order to see the error message.
This change introduces a Result<T> that is use to either hold a
successful return value of type T or to hold an error message as a
std::string. If the functional only returns success or a failure with
an error message, Result<Success> may be used. The classes Error and
ErrnoError are used to indicate a failed Result<T>.
A successful Result<T> is constructed implicitly from any type that
can be implicitly converted to T or from the constructor arguments for
T. This allows you to return a type T directly from a function that
returns Result<T>.
Error and ErrnoError are used to construct a Result<T> has
failed. Each of these classes take an ostream as an input and are
implicitly cast to a Result<T> containing that failure. ErrnoError()
additionally appends ": " + strerror(errno) to the end of the failure
string to aid in interacting with C APIs.
The end result is that the above code snippet is turned into the much
clearer example below:
Result<U> CalculateResult(const T& input);
Result<Success> CalculateAndUseResult(const T& input) {
auto output = CalculateResult(input);
if (!output) {
return Error() << "CalculateResult " << input << " failed: "
<< output.error();
}
UseResult(*output);
return Success();
}
This change also makes this conversion for some of the util.cpp
functions that used the old paradigm.
Test: boot bullhead, init unit tests
Merged-In: I1e7d3a8820a79362245041251057fbeed2f7979b
Change-Id: I1e7d3a8820a79362245041251057fbeed2f7979b
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change splits out the selinux initialization and supporting
functionality into selinux.cpp and splits the security related
initialization of the rng, etc to security.cpp. It also provides
additional documentation for SEPolicy loading as this has been
requested by some teams.
It additionally cleans up sehandle and sehandle_prop. The former is
static within selinux.cpp and new wrapper functions are created around
selabel_lookup*() to better serve the users. The latter is moved to
property_service.cpp as it is isolated to that file for its usage.
Test: boot bullhead
Merged-In: Idc95d493cebc681fbe686b5160502f36af149f60
Change-Id: Idc95d493cebc681fbe686b5160502f36af149f60
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We currently throw out the return values from builtin functions and
occasionally log errors with no supporting context. This change uses
the newly introduced Result<T> class to communicate a successful result
or an error back to callers in order to print an error with clear
context when a builtin fails.
Example:
init: Command 'write /sys/class/leds/vibrator/trigger transient' action=init (/init.rc:245) took 0ms and failed: Unable to write to file '/sys/class/leds/vibrator/trigger': open() failed: No such file or directory
Test: boot bullhead
Change-Id: Idc18f331d2d646629c6093c1e0f2996cf9b42aec
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
init tries to propagate error information up to build context before
logging errors. This is a good thing, however too often init has the
overly verbose paradigm for error handling, below:
bool CalculateResult(const T& input, U* output, std::string* err)
bool CalculateAndUseResult(const T& input, std::string* err) {
U output;
std::string calculate_result_err;
if (!CalculateResult(input, &output, &calculate_result_err)) {
*err = "CalculateResult " + input + " failed: " +
calculate_result_err;
return false;
}
UseResult(output);
return true;
}
Even more common are functions that return only true/false but also
require passing a std::string* err in order to see the error message.
This change introduces a Result<T> that is use to either hold a
successful return value of type T or to hold an error message as a
std::string. If the functional only returns success or a failure with
an error message, Result<Success> may be used. The classes Error and
ErrnoError are used to indicate a failed Result<T>.
A successful Result<T> is constructed implicitly from any type that
can be implicitly converted to T or from the constructor arguments for
T. This allows you to return a type T directly from a function that
returns Result<T>.
Error and ErrnoError are used to construct a Result<T> has
failed. Each of these classes take an ostream as an input and are
implicitly cast to a Result<T> containing that failure. ErrnoError()
additionally appends ": " + strerror(errno) to the end of the failure
string to aid in interacting with C APIs.
The end result is that the above code snippet is turned into the much
clearer example below:
Result<U> CalculateResult(const T& input);
Result<Success> CalculateAndUseResult(const T& input) {
auto output = CalculateResult(input);
if (!output) {
return Error() << "CalculateResult " << input << " failed: "
<< output.error();
}
UseResult(*output);
return Success();
}
This change also makes this conversion for some of the util.cpp
functions that used the old paradigm.
Test: boot bullhead, init unit tests
Change-Id: I1e7d3a8820a79362245041251057fbeed2f7979b
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
am: 08228116a8
Change-Id: I3fc6288cf03cd1e262852ceb3fc9dbcedb32c7c3
|
| | |\ \
| | |/
| |/| |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change splits out the selinux initialization and supporting
functionality into selinux.cpp and splits the security related
initialization of the rng, etc to security.cpp. It also provides
additional documentation for SEPolicy loading as this has been
requested by some teams.
It additionally cleans up sehandle and sehandle_prop. The former is
static within selinux.cpp and new wrapper functions are created around
selabel_lookup*() to better serve the users. The latter is moved to
property_service.cpp as it is isolated to that file for its usage.
Test: boot bullhead
Merged-In: Idc95d493cebc681fbe686b5160502f36af149f60
Change-Id: Idc95d493cebc681fbe686b5160502f36af149f60
(cherry picked from commit 9afb86b25d8675927cb37c86119a7ecf19f74819)
|
| |\| |
| | |
| | |
| | |
| | |
| | | |
am: 67eac4fa36
Change-Id: I852ee7278ec94e3b483a8ef61fe34477f73517fb
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Inspired by ag/2659809/, this CL add readahead built-in command in init
to let files be prefetched into pagecache for faster reading.
Readahead happens in background but due to filesystem limitation it
might take small amount of time in it reading the filesystem metadata
needed to locate the requested blocks. So the command is executed in a
forked process to not block init execution.
Bug: 62413151
Test: boottime, dumpcache
Change-Id: I56c86e2ebc20efda4aa509e6efb736bd1d92baa5
|
