Merge "Revert "Use /bootstrap-apex for bootstrap APEXes"" into main am: deff223842

Original change: https://android-review.googlesource.com/c/platform/system/core/+/2685548

Change-Id: Ie8f8741baff37b992952a0cbc3da41b6ad3f80df
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

init/builtins.cpp

@@ -1262,51 +1262,6 @@ static Result<void> MountLinkerConfigForDefaultNamespace() {
 
     return {};
 }
-
-static Result<void> MountApexRootForDefaultNamespace() {
-    auto mount_namespace_id = GetCurrentMountNamespace();
-    if (!mount_namespace_id.ok()) {
-        return mount_namespace_id.error();
-    }
-    // There's nothing to do if it's still in the bootstrap mount namespace.
-    // This happens when we don't need to update APEXes (e.g. Microdroid)
-    // where bootstrap mount namespace == default mount namespace.
-    if (mount_namespace_id.value() == NS_BOOTSTRAP) {
-        return {};
-    }
-
-    // Now, we're in the "default" mount namespace and need a fresh /apex for
-    // the default mount namespace.
-    //
-    // At this point, there are two mounts at the same mount point: /apex
-    // - to tmpfs (private)
-    // - to /bootstrap-apex (shared)
-    //
-    // We need unmount the second mount so that /apex in the default mount
-    // namespace becomes RW/empty and "private" (we don't want mount events to
-    // propagate to the bootstrap mount namespace).
-    //
-    // Likewise, we don't want the unmount event itself to propagate to the
-    // bootstrap mount namespace. Otherwise, /apex in the bootstrap mount
-    // namespace would become empty due to the unmount.
-    //
-    // Hence, before unmounting, we make /apex (the second one) "private" first.
-    // so that the unmouting below doesn't affect to the bootstrap mount namespace.
-    if (mount(nullptr, "/apex", nullptr, MS_PRIVATE | MS_REC, nullptr) == -1) {
-        return ErrnoError() << "Failed to remount /apex as private";
-    }
-
-    // Now we can unmount /apex (bind-mount to /bootstrap-apex). This only affects
-    // in the default mount namespace and /apex is now seen as tmpfs mount.
-    // Note that /apex in the bootstrap mount namespace is still a bind-mount to
-    // /bootstrap-apex and holds the APEX mounts.
-    if (umount2("/apex", MNT_DETACH) == -1) {
-        return ErrnoError() << "Failed to umount /apex";
-    }
-
-    return {};
-}
-
 static Result<void> do_update_linker_config(const BuiltinArguments&) {
     return GenerateLinkerConfiguration();
 }
@@ -1360,11 +1315,6 @@ static Result<void> do_enter_default_mount_ns(const BuiltinArguments& args) {
     if (auto result = SwitchToMountNamespaceIfNeeded(NS_DEFAULT); !result.ok()) {
         return result.error();
     }
-
-    if (auto result = MountApexRootForDefaultNamespace(); !result.ok()) {
-        return result.error();
-    }
-
     if (auto result = MountLinkerConfigForDefaultNamespace(); !result.ok()) {
         return result.error();
     }

init/init.cpp

@@ -832,12 +832,6 @@ static void MountExtraFilesystems() {
     CHECKCALL(mount("tmpfs", "/apex", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
                     "mode=0755,uid=0,gid=0"));
 
-    if (NeedsTwoMountNamespaces()) {
-        // /bootstrap-apex is used to mount "bootstrap" APEXes.
-        CHECKCALL(mount("tmpfs", "/bootstrap-apex", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
-                        "mode=0755,uid=0,gid=0"));
-    }
-
     // /linkerconfig is used to keep generated linker configuration
     CHECKCALL(mount("tmpfs", "/linkerconfig", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
                     "mode=0755,uid=0,gid=0"));

init/mount_namespace.cpp

@@ -66,6 +66,15 @@ static std::string GetMountNamespaceId() {
     return ret;
 }
 
+// In case we have two sets of APEXes (non-updatable, updatable), we need two separate mount
+// namespaces.
+static bool NeedsTwoMountNamespaces() {
+    if (IsRecoveryMode()) return false;
+    // In microdroid, there's only one set of APEXes in built-in directories include block devices.
+    if (IsMicrodroid()) return false;
+    return true;
+}
+
 static android::base::unique_fd bootstrap_ns_fd;
 static android::base::unique_fd default_ns_fd;
 
@@ -74,15 +83,6 @@ static std::string default_ns_id;
 
 }  // namespace
 
-// In case we have two sets of APEXes (non-updatable, updatable), we need two separate mount
-// namespaces.
-bool NeedsTwoMountNamespaces() {
-    if (IsRecoveryMode()) return false;
-    // In microdroid, there's only one set of APEXes in built-in directories include block devices.
-    if (IsMicrodroid()) return false;
-    return true;
-}
-
 bool SetupMountNamespaces() {
     // Set the propagation type of / as shared so that any mounting event (e.g.
     // /data) is by default visible to all processes. When private mounting is
@@ -96,27 +96,6 @@ bool SetupMountNamespaces() {
     // the bootstrap namespace get APEXes from the read-only partition.
     if (!(ChangeMount("/apex", MS_PRIVATE))) return false;
 
-    // However, some components (e.g. servicemanager) need to access bootstrap
-    // APEXes from the default mount namespace. To achieve that, we bind-mount
-    // /apex with /bootstrap-apex (not private) in the bootstrap mount namespace.
-    // Bootstrap APEXes are mounted in /apex and also visible in /bootstrap-apex.
-    // In the default mount namespace, we detach /bootstrap-apex from /apex and
-    // bootstrap APEXes are still be visible in /bootstrap-apex.
-    //
-    // The end result will look like:
-    //   in the bootstrap mount namespace:
-    //     /apex  (== /bootstrap-apex)
-    //       {bootstrap APEXes from the read-only partition}
-    //
-    //   in the default mount namespace:
-    //     /bootstrap-apex
-    //       {bootstrap APEXes from the read-only partition}
-    //     /apex
-    //       {APEXes, can be from /data partition}
-    if (NeedsTwoMountNamespaces()) {
-        if (!(BindMount("/bootstrap-apex", "/apex"))) return false;
-    }
-
     // /linkerconfig is a private mountpoint to give a different linker configuration
     // based on the mount namespace. Subdirectory will be bind-mounted based on current mount
     // namespace

init/mount_namespace.h

@@ -24,12 +24,9 @@ namespace init {
 enum MountNamespace { NS_BOOTSTRAP, NS_DEFAULT };
 
 bool SetupMountNamespaces();
-
 base::Result<void> SwitchToMountNamespaceIfNeeded(MountNamespace target_mount_namespace);
 
 base::Result<MountNamespace> GetCurrentMountNamespace();
 
-bool NeedsTwoMountNamespaces();
-
 }  // namespace init
 }  // namespace android

init/selinux.cpp

@@ -766,7 +766,7 @@ void SelinuxRestoreContext() {
     selinux_android_restorecon("/dev/device-mapper", 0);
 
     selinux_android_restorecon("/apex", 0);
-    selinux_android_restorecon("/bootstrap-apex", 0);
+
     selinux_android_restorecon("/linkerconfig", 0);
 
     // adb remount, snapshot-based updates, and DSUs all create files during

rootdir/Android.mk

@@ -91,7 +91,7 @@ endif
 #
 # create some directories (some are mount points) and symlinks
 LOCAL_POST_INSTALL_CMD := mkdir -p $(addprefix $(TARGET_ROOT_OUT)/, \
-    dev proc sys system data data_mirror odm oem acct config storage mnt apex bootstrap-apex debug_ramdisk \
+    dev proc sys system data data_mirror odm oem acct config storage mnt apex debug_ramdisk \
     linkerconfig second_stage_resources postinstall $(BOARD_ROOT_EXTRA_FOLDERS)); \
     ln -sf /system/bin $(TARGET_ROOT_OUT)/bin; \
     ln -sf /system/etc $(TARGET_ROOT_OUT)/etc; \