Let the CheckShutdown() method clear the do_shutdown_ member instead of
clearing that member separately from calling CheckShutdown().
Bug: 266255006
Change-Id: Ifc1cff2be92a45db7f91be2fdb812930d2fd1ad5
Signed-off-by: Bart Van Assche <bvanassche@google.com>
The DebugRebootLogging() function was introduced to help with
root-causing b/150863651. Remove this function since this logging
functionality is no longer needed. Also remove the functions and methods
that are only used by DebugRebootLogging().
Change-Id: Ia150604c6cd70f42b13d655ba43b95445a55b6e2
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Combine two if-statements. This change is fine because:
* The code between the two if-statements does not queue actions.
* If an action is queued from another thread then WakeMainInitThread()
is called after the action has been queued.
Bug: 266255006
Change-Id: Id4b9565ff4fdb3ee2a2bbca316c8c78e0f2d38dd
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Let the compiler verify that lock_ is held when any of the data members
are accessed.
Bug: 266255006
Change-Id: I71b341815d84ab530627d934ad4d4681b652b9d8
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Let the compiler verify that shutdown_command_lock_ is held when
shutdown_command_ is accessed.
Bug: 266255006
Change-Id: Ibd05137ab65e20f247f35bbb2bb1865e05f51f41
Signed-off-by: Bart Van Assche <bvanassche@google.com>
PropertyInit loads the build.prop files and set the system properties.
Set the SELinux log callback before that to show the avc denials for debugging.
Test: $ make init_system
Push this module and ensure system property set denials are shown during boot
Bug: 185920634
Bug: 211547922
Change-Id: If9f34d469d3da2ebdfe64bb611de85a3ca37e000
Revert commit 14f9c15e05 ("init: Add more diagnostics for signalfd
hangs") because:
* That commit was intented to help with root-causing b/223076262.
* The root cause of b/223076262 has been fixed (not blocking SIGCHLD
in all threads in the init process).
Test: Treehugger
Change-Id: I586663ec0588e74a9d58512f7f31155398cf4f52
Signed-off-by: Bart Van Assche <bvanassche@google.com>
There are two bugs in HandleSignalFd():
* If the one_off argument is true and if no data is read from the
signalfd, 'siginfo' is left uninitialized and used in the switch
statement in HandleSignalFd().
* The PLOG() statement in the switch statement should be a LOG()
statement since it does not report a failed system call.
This CL has been tested by changing kDiagnosticTimeout locally from 10s
into 100ms.
Change-Id: I0e488dd95bc13e1befaef770c0748d1d47f6e431
Signed-off-by: Bart Van Assche <bvanassche@google.com>
We are planning to remove cgroups from the Micrdroid kernel, since the
entire VM belongs exclusively to a single owner, and is in the control
of the cgroups on the host side.
This patch expoxes CgroupAvailable API from libprocessgroup, and changes
init to query the CgroupAvailable API before doing any
cgroups/task_profiles related work.
Bug: 239367015
Test: run MicrodroidDemoApp
Test: atest --test-mapping packages/modules/Virtualization:avf-presubmit
Change-Id: I82787141cd2a7f9309a4e9b24acbd92ca21c145b
Invoke the callback functions from inside Epoll::Wait() instead of
returning a vector with pointers to callback functions. Remove handlers
after handler invocation finished to prevent that self-removal triggers
a use-after-free.
The CL that made Epoll::Wait() return a vector is available at
https://android-review.googlesource.com/c/platform/system/core/+/1112042.
Bug: 213617178
Change-Id: I52c6ade5746a911510746f83802684f2d9cfb429
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Change the type of epoll_timeout from
std::optional<std::chrono:milliseconds> into std::chrono::milliseconds.
No functionality is changed.
Bug: 213617178
Change-Id: Ieb150e0aeabdb79c8da4649875ea3ed59297343b
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Prepare for optimizing Epoll::Wait() by moving the
ReapAnyOutstandingChildren() call into Epoll::Wait(). No functionality
is changed.
Bug: 213617178
Change-Id: I280ea0069ed29cf323e4177ec500b30b900f7c8d
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Passed apex file name to service. The file name will be parsed
to determine 1) whether the service is from an apex; 2) apex name
Bug: 236090201
Change-Id: I2c292c0c067f4bf44bb25b1f80e4f972b94f7258
On ctl.apex_load <apex_name> control message, init invokes linkerconfig
to update linker configuration for the updated apex.
Bug: 232173613
Test: CtsInitTestCases
Test: VendorApexHostTestCases
Change-Id: I01d975849c3f4efe74205a7b04ebbd6864ba1121
For consistent error message. This is a preparation step for the
follow-up change: to generate linker configuration in DoLoadApex()
Bug: 232173613
Test: CtsInitTestCases
Change-Id: I27954ae2429e82da1bde1925ef62b277c24129d3
These props are supposed to be used by apexd when installing an apex
without reboot. During the installation, apexd will unmount the current
one and mount the new one. Since the path and its contents will be
replaced, anything loaded from the apex should be unloaded before
unmounting. After apexd mounts the apex again, then init should re-read
.rc files from the apex.
This change only addes required properties:
- ctl.apex_load <apex_name>
- ctl.apex_unload <apex_name>
- init.apex.<apex_name> = loaded | unloaded
Bug: 232114573
Bug: 232173613
Test: atest CtsInitTestCases
Change-Id: I4a8942d67912e2f11acc51bec756c4e3c218179a
Instead of using config file path, use APEX's preinstalled path to
determine whether to use subcontext or not for APEX configs.
Bug: 232021354
Test: CtsInitTestCases, CtsBluetoothTestCases
Change-Id: Iba603f09602f0bec3113e2be3d15c62055c09e72
APEX configs have supported only 'service' definitions. For those
services relying on 'on' trigger actions, we had to have separate config
files installed in read-only partitions (e.g. /system/etc/init).
This was suboptimal because even though APEXes are updatable, read-only
partitions are not.
Now, 'on' is supported in APEX configs. Putting 'on' trigger actions
near to service definitions makes APEX more self-contained.
'on' trigger actions loaded from APEX configs are not sticky. So, events
happens before loading APEX configs can't trigger actions. For example,
'post-fs-data' is where APEX configs are loaded for now, so 'on
post-fs-data' in APEX configs can't be triggerd.
Bug: 202731768
Test: atest CtsInitTestCases
Change-Id: I5a01d9c7c57b07955b829d6cc157e7f0c91166f9
Replace libbacktrace with the new AndroidUnwinder object.
Bug: 120606663
Test: Ran unit tests.
Test: Added call of UnwindMainThreadStack() in DebugRebootLogging()
Test: and verified unwind data is logged properly.
Change-Id: Ia724f9485377d6d2c894283242a3c5653bf82768
If there are snapshot metadata persisting in /metadata/ota/snapshots,
remove them before applying a new update. Make sure that
the snapshots are indeed invalid before removing them.
On a sidenote, add a comment in init.cpp related to
b/223076262.
Bug: 228250473
Test: 1: Apply OTA in recovery through adb sideload
2: Reboot
3: Apply OTA OTA again through update_device.py
4: Re-run Full OTA updates just from update_device.py
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I116bbafae09042b9c391ccd58c102704571c214e
* changes:
DO NOT MERGE: Revert "init: Add more diagnostics for signalfd hangs."
DO NOT MERGE: Revert "init: Add diagnostics for signalfd epoll failures."
This adds three more diagnostics to stuck exec services:
1. /proc/pid/fds is dumped
2. /proc/pid/status is dumped
3. HandleSignalFd is called to see if a SIGCHLD got stuck somewhere
Bug: 223076262
Test: while (1) in linkerconfig
Ignore-AOSP-First: diagnostics
Change-Id: Ida601d86e18be9d49b143fb88b418cbc171ecac6
This adds two new diagnostics. First, signalfd reads are now non-blocking. If the read takes more than 10 seconds, we log an error.
Second, init now wakes up from epoll() every 10 seconds. If it waits on an "exec" command for more than 10 seconds, it logs an error.
This change will be reverted as soon as we get feedback.
Bug: 223076262
Test: device boots
Change-Id: I7ee98d159599217a641b3de2564a92c2435f57ef
This reverts commit 471643a909.
Reason for revert: Given https://r.android.com/1960063, it is safe to revert this diagnostics patch
Change-Id: Ib3600c1982ee10a0204ac0fdbc3e160c2833ed07
This patch attempts to diagnose snapuserd hangs by performing reads
immediately after entering second-stage init. This is done by spawning
two threads: one to perform the reads, and another to wait for the read
thread to finish. If any aspect of the read fails, or the read thread
does not complete in 10 seconds, then a list of snapuserd's open file
descriptors are logged.
Bug: 207298357
Test: apply working OTA, check logcat for success
apply broken OTA, check logcat for fd map
Change-Id: I549e07b7d576fcdaca9b2d6ff33e0924c3812c07
This property will hold the major.minor part of the kernel version (e.g. "5.4"), allowing init scripts to act depending on that version, enabling and disabling certain features.
Bug: 194156700
Change-Id: Icec640b8a7150b344d9aa3bc0bdbcdae050c7c45
Test: manual on a Pixel device
Signed-off-by: Alexander Potapenko <glider@google.com>
Currently there is no socket for daemon instances launched during the
selinux phase of init. We don't create any sockets due to the complexity
of the required sepolicy.
This workaround will allow us to create the socket with very minimal
sepolicy changes. init will launch a one-off instance of snapuserd in
"proxy" mode, and then the following steps will occur:
1. The proxy daemon will be given two sockets, the "normal" socket that
snapuserd clients would connect to, and a "proxy" socket.
2. The proxy daemon will listen on the proxy socket.
3. The first-stage daemon will wake up and connect to the proxy daemon
as a client.
4. The proxy will send the normal socket via SCM_RIGHTS, then exit.
5. The first-stage daemon can now listen and accept on the normal
socket.
Ordering of these events is achieved through a snapuserd.proxy_ready
property.
Some special-casing was needed in init to make this work. The snapuserd
socket owned by snapuserd_proxy is placed into a "persist" mode so it
doesn't get deleted when snapuserd_proxy exits. There's also a special
case method to create a Service object around a previously existing pid.
Finally, first-stage init is technically on a different updateable
partition than snapuserd. Thus, we add a way to query snapuserd to see
if it supports socket handoff. If it does, we communicate this
information through an environment variable to second-stage init.
Bug: 193833730
Test: manual test
Change-Id: I1950b31028980f0138bc03578cd455eb60ea4a58
