There is no reason for these scripts to continue to exist in /, when
they are better suited for /system/etc. There are problems keeping
them at / as well, particularly that they cannot be updated with
overlayfs.
Bug: 131087886
Bug: 140313207
Test: build/boot
Merged-In: I043d9a02ba588ca37ceba2c4e28ed631792b2586
Change-Id: I043d9a02ba588ca37ceba2c4e28ed631792b2586
* changes:
init: Add support for native service registration with lmkd
lmkd: Support process types when registering a process
lmkd: Add library function to unregister a process
lmkd: Prepare lmkd to support connection from init process
lmkd: Restrict process record modifications to the client that created it
init should be able to register native services with lmkd so that they
can be killed when needed. Only processes with oom_score_adjust not
equal to the default -1000 will be registered with lmkd because with the
score that low the process is unkillable anyway.
Inform lmkd when a registered process is killed so that the record can be
removed.
Change init.rc to start lmkd during init phase so that it is there to
register other services.
Replace hardcoded oom_score_adj values with appropriate definitions.
Bug: 129011369
Test: boot and verify native service registration
Change-Id: Ie5ed62203395120d86dc1c8250fae01aa0b3c511
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
We are going to teamfood userspace reboot soon, and in order to gather
as much data as possible we are fine with ignoring checkpointing for the
devices with ext4 (teamfood will be a very limited set of people that
are aware what they've signed for).
As result of this, we don't need to reset vold and kill zram backing
device. Added a TODO to restore that functionality if needed.
Since I was there, fixed yet another typo in userspace-reboot-resume -_-
Bug: 135984674
Test: adb reboot userspace
Change-Id: I2b7a93aaf738fe9bec9d606d7e11aefb325550b1
FscryptSetDirectoryPolicy no longer tries to infer the action from the
filename. Well mostly; it still assumes top-level directories in /data
should be encrypted unless the mkdir arguments say otherwise, but
it warns.
Bug: 26641735
Test: boot, check log messages
Change-Id: Id6d2cea7fb856f17323897d85cf6190c981b443c
It should userspace-reboot-requested, not userspace-reboot
Test: adb reboot userspace
Bug: 135984674
Change-Id: I1e844b7705eb70ee3702a1dc0432644592666364
* Refactored code around stopping services a little bit to reuse it
between full reboot and userspace reboot.
* Add a scope_guard to fallback to full reboot in case userspace reboot
fails.
* In case of userspace reboot init will also wait for services to be
terminated/killed and log the ones that didn't react to
SIGTERM/SIGKILL in time.
* If some of the services didn't react to SIGKILL, fail userspace reboot.
Test: adb reboot userspace
Bug: 135984674
Change-Id: I820c7bc406169333b0f929f0eea028d8384eb2ac
This CL only draws boundaries between userspace and full reboots, and
adds some functionality that will be required for userspace reboot:
* Whenever device is shutting down is now controlled in reboot.cpp,
since during userspace reboot this state can change.
* Now it's also possible to restart handling of control messages inside
property service. In case of userspace reboot, init will restart it
after stopping post-data services.
* New userspace-reboot-requested trigger is added similar to shutdown
one for full reboot.
Test: adb reboot
Test: adb reboot userspace
Bug: 135984674
Change-Id: Id55a53ba781d2b90ce40449037b6d8d47e72c476
This change is part of a topic that moves the recovery resources from the
system partition to the vendor partition, if it exists, or the vendor directory
on the system partition otherwise. The recovery resources are moving from the
system image to the vendor partition so that a single system image may be used
with either an A/B or a non-A/B vendor image. The topic removes a delta in the
system image that prevented such reuse in the past.
The recovery resources that are moving are involved with updating the recovery
partition after an update. In a non-A/B configuration, the system boots from
the recovery partition, updates the other partitions (system, vendor, etc.)
Then, the next time the system boots normally, a script updates the recovery
partition (if necessary). This script, the executables it invokes, and the data
files that it uses were previously on the system partition. The resources that
are moving include the following.
* install-recovery.sh
* applypatch
* recovery-resource.dat (if present)
* recovery-from-boot.p (if present)
This change moves the recovery resources to vendor in libcutils/fs_config.cpp
and removes the flash_recovery service from rootdir/init.rc. This service moved
to a vendor init.rc file in bootable/recovery/applypatch.
Bug: 68319577
Test: Ensure that recovery partition is updated correctly.
Change-Id: I492f7989ea8042912e9d0e0eadeaa351affbee13
To aid in debugging if there are failures.
Bug: 137267623
Test: add prints to boringssl_self_test and see them
Test: add failure prints to the linker and see them before
boringssl_self_test runs
Change-Id: I89d50c6a46df994d6ea1fadf00e3a8a796043234
Execute mkdir -p /mnt/pass_through/0/emulated
and bootstrap the emulated volume for user 0.
The 'pass_through' paths allow us bind mount the lower
filesystem directly into /storage, bypassing any sdcardfs
of FUSE mounts.
This change is part of enabling upcoming platform changes that are
described in the bug linked below.
Bug: 135341433
Test: builds, boots and pass through directories are created
Change-Id: I46ce207d06a1ec550b8bacac259387371fc0b841
If this check fails and an OTA or mainline module update has recently
happened, we want to rollback the recent change. The easiest way to
handle this is to reboot, which will trigger the fallback mechanisms
that are already in place.
Bug: 141082587
Test: device reboots if self test fails
Test: device rolls back a recently applied OTA with failing self test
Test: device rolls back a recently applied conscrypt apex update with
failing self test
Change-Id: Iff879deff09d347262dc7a2acadb9164a5029d4a
Bug: 140882488
Test: Booted twice, checked logs to ensure encryption
is different each time, adb created files in directory.
Change-Id: I44f746acd1040f7baa9123d4824ba39b194f287b
libcrypto performs a self test when it is loaded, unless
a marker file /dev/boringssl/selftest/[hash] exists which
indicates that the self test has already successfully
completed since the last time the device was booted.
Before this CL topic, libcrypto attempted to create the
marker file when the self test successfully completed.
On Android, dedicated boringssl_self_test{32,64} binaries
are run early during boot and are the only binaries
(apart from init and vendor_int) that have permission to
create these files.
Another CL in this topic stops the boringssl self test
creating a marker file unless the environment variable
BORINGSSL_SELF_TEST_CREATE_FLAG is set to a nonempty value.
This CL sets that value to "true" when running the dedicated
self test binaries, but not for other binaries. This has
the effect that other binaries that run the self test
early during boot (before the dedicated self test binaries
have created the marker files) and which run the self test
will no longer attempt to create the marker file, which
SELinux would have denied anyway.
Bug: 137267623
Test: Treehugger
Change-Id: I99317df1a8c3496d33ae83f9ec346782b2286ac9
This replaces the recently added `exec_reboot_on_failure` builtin, since
it'll be cleaner to extend service definitions than extending `exec`.
This is in line with what we decided when adding `exec_start` instead
of extending `exec` to add parameters for priority.
Test: `exec_start` a service with a reboot_on_failure option and watch
the system reboot appropriately when the service is not found and when
the service terminates with a non-zero exit code.
Change-Id: I332bf9839fa94840d159a810c4a6ba2522189d0b
This should ensure that the self tests run before any other binaries
that load libcrypto and which would otherwise run into SELinux denials
trying to create the marker file /dev/boringssl/selftest/[hash]
The invocation of the self test binaries from the Conscrypt apex
requires the apex to be mounted so it remains at a later point in
the boot process.
Bug: 137267623
Test: Treehugger
Change-Id: I34266d6e9d2f394fffa8a2c7725479b5770d119c
The accidental trailing ':' appears to stop the line
triggering.
Bug: 137267623
Test: Checked the /system/bin/boringssl_self_test32
now runs on aosp_cf_x86_phone-userdebug
Change-Id: I7b4b1d6b838d8d1a7a0db7f104a94b34962df030
vold is already started during early-fs which happens before
post-fs-data.
Trying to start it again in post-fs-data is a little bit confusing.
Test: device boots
Change-Id: I5faefe6d1f1bb7472ea3d032b1f157c69da565f1
The script needs to run after keystore, which is now a core service.
Note the previous APEX requirement by ART is no longer needed.
Test: see keys loaded
Bug: 112038744
Change-Id: I02fb6ce193bb301488b259421f120e6aa6cd75b9
Instead of init.cpp knowning about the boringssl self
test, use init.rc to exec dedicated self test executables.
Advantages:
- The self test is run not only both the copy of libcrypto
in /system but also /apex/com.android.conscrypt.
- The self test is run not only for the primary (e.g. 64bit)
ABI but also for a secondarry (e.g. 32bit) ABI.
- The dependency on libcrypto is kept to the self test binary.
- The self test binary abstracts the exact native API for
running the self test (this will change soon because the
self test will be run when the library is loaded).
Bug: 137267623
Test: Check that logcat shows both binaries being started as root,
and finishing with exit code 0.
Change-Id: I1e716749ee2133993f0f7b2836483391fd1a62f0
Start the serial console at the 'init' trigger instead of much later
when property triggers happen. This will help debugging early boot
issues.
Test: serial console starts early for a userdebug build
Test: serial console still doesn't start on a user build
Change-Id: I7112a8e7171c9fa865c8787c9a3d14515bc59478
Init sets the encryption policy on these directores when created.
Bug: b/139193659
Test: Boot device without this, then try to boot with it without wiping.
Cherrypicked-From: 7bf42f148a
Change-Id: I6b26710674b51d62fa4a07b06e06c539571fb7ac
Merged-In: I6b26710674b51d62fa4a07b06e06c539571fb7ac
