- Skipping SIGTERM / SIGKILL / umount brings race between block
device driver and fs layer. Do umount before shutting down.
- Reduce timeout to 1 sec for thermal shutdown and skip other time
taking part like fsck.
- Refactor waiting part to check time in ms so that 1 sec can
have enough resolution.
bug: 63686426
Test: adb shell setprop sys.powerctl thermal-shutdown, adb shell setprop sys.powerctl reboot and check dmesg
Merged-In: I048bac767b328c8d656a97fe65dde5f2b5bf4ae5
Change-Id: I048bac767b328c8d656a97fe65dde5f2b5bf4ae5
- If problematic process is from user, kill all kills
it and dump does not show problematic process.
bug: 37737296
Test: reboot and check log
Merged-In: Iaa4f7d12f5a40fa7528c6672567c36e30b140372
Change-Id: Iaa4f7d12f5a40fa7528c6672567c36e30b140372
- /vendor, /system, /oem can be remounted to R/W for development
purpose.
- In such case, umounting these partitions can lead into some processes
not running properly during shutdown or blocking umount of fs.
- So skip them. As it is dev feature, it is up to each developer to
understand the risk. But for normal adb sync - reboot should be ok
as shutdown involves sync operations.
bug: 37737296
Test: adb remount,reboot, and check last kmsg
(cherry picked from commit 6e12b3887e)
Change-Id: Ia92a20aa672e68f695818e451ba2ae53af8f5ab9
init calls fs_mgr to format ext4 partitions. This requires
e2fsdroid and mke2fs in /system/bin/
Bug: 35219933
Change-Id: Ia32fe438cd9b9332f8e18e0cbe7f61bd050adcb1
It's not a error case if we do not find a device that we're attempting
to regenerate uevents for during first stage mount, but it is likely
to increase boot time, so we log a message to attribute this delay.
Bug: 63327193
Test: Boot bullhead, sailfish
Merged-In: I97c2e5aefd218bbdd87717ff3c375381f725de08
Change-Id: I97c2e5aefd218bbdd87717ff3c375381f725de08
(cherry picked from commit 322e176f6a)
We have been seeing panics and errors during shutdown sequence in
some vendor's platform, and it is required to disable error handling
during shutdown.
This CL separates the shutdown request to execute another "shutdown"
trigger at the beginning of shutdown stage. And vendor can use this
trigger to add custom commands needed for shutting down gracefully.
Bug: 38203024
Bug: 62084631
Test: device reboot/shutdown
Change-Id: I3fac4ed59f06667d86e477ee55ed391cf113717f
(cherry picked from commit eeab491efd)
- "shutdown critical" prevents killing the service during
shutdown. And the service will be started if not running.
- Without it, services will be killed by SIGTERM / SIGKILL during shutdown.
- Even services with "shutdown critical" will be killed if shutdown
times out.
- Removes ueventd and vold from hard coded list. Each service's rc will
be updated to add "shutdown critical". watchdogd is still kept in the list.
bug: 37626581
Test: reboot and check last kmsg
(cherry picked from commit cccb34fce8)
Change-Id: I3c6aeb7151e64beca4b435f843ae64455217262d
We build a static version for recovery mode. Give them
different names to avoid conflicts with regular version
in /system/bin/
Bug: 35219933
Change-Id: I738655ad9b9ad71c63ae604d9a4d659b0b671121
Merged-In: I738655ad9b9ad71c63ae604d9a4d659b0b671121
The generic system.img released from project Treble can't contain any verity
metadata (e.g., vboot 1.0, AVB, or any other implementation) because it's
*generic*. To make any device can boot with it, `avbctl disable-verification`
is introduced to set a new flag AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED
in the top-level vbmeta to disable the entire AVB verification process. This
should be done prior to flash the generic system.img. See the following link
for details:
https://android-review.googlesource.com/#/c/418399/
This CL checks whether AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED is
set in the top-level vbmeta. When set, skip verifying the vbmeta structs
against androidboot.vbmeta.{hash_alg, size, digest} because it will be
absent in kernel cmdline. Also, only top-level vbmeta struct is read then
returned by libavb in this case.
Note that another flag AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED, usually
set by `adb disable-verity`, is used to signal fs_mgr to skip setting up
dm-verity, but libavb still verifies all vbmeta structs. fs_mgr will
also verify all vbmeta structs against androidboot.vbmeta.{hash_alg,
size, digest} from kernel cmdline as well.
Also rename SetUpAvb() to SetUpAvbHashtree() to better fit its usage.
This function will return kDisabled when any of the above two flags is set.
Finally, regardless of which flag is set or not set, we still only allow two
return values from avb_slot_verify():
- AVB_SLOT_VERIFY_RESULT_OK: it's still possible to get this value
when any of these flags are set in build time. e.g.,
BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS=--flags 2
- AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: in most cases we should
get this value, because the flags are likely set at run time.
Bug: 62523303
Test: boot device with 'avbctl disable-verification'.
Test: boot device with 'avbctl enable-verification'.
Test: boot device with 'adb disable-verity'.
Test: boot device with 'adb enable-verity'.
Test: build image with BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS=--flags 2, then boot device.
repeat the above steps to boot device again.
Merged-In: Ie8436f3e0e82c78490208f3b85eac5238a9fdfdb
Change-Id: Ie8436f3e0e82c78490208f3b85eac5238a9fdfdb
(cherry picked from commit 60f19a0792)
In case of non-secure builds (eng variant) fs_mgr_setup_verity() skips
verity checks regardless of fstab options. This is slightly different
than 'adb disable-verity' where it would first read the verity metadata
to check if verity is disabled.
So, this change adds a new return value of FS_MGR_SETUP_VERITY_SKIPPED
instead of piggy backing on the FS_MGR_SETUP_VERITY_DISABLED.
Bug: 62864413
Test: Boot sailfish
Merged-In: I42bf2bdce0ecb18b4c3b568e2bc96bf1590dfb35
Change-Id: I42bf2bdce0ecb18b4c3b568e2bc96bf1590dfb35
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit 95366e97dd)
In order to create symlinks for USB and block devices, the path for
their parent platform device must be known.
Previously, ueventd would save each platform device that it encounters
to a list and query this list when creating the symlinks. That,
however, is racy because the uevent socket does not differentiate
uevents from RegenerateUevents() and uevents sent by the kernel when
probing a device first the first time. The below scenario is the
faulty case:
1) Kernel probes parent platform device for a block device
2) ueventd calls RegenerateUevents() and starts processing uevents
3) Kernel probes block device and sends its uevents
4) ueventd picks up the block device uevent during its uevent processing,
without yet regenerating the platform device uevent, causing improper
symlinks to be created.
This change stops storing the platform devices in a list, and instead
traverses up the directory structure for each USB or block device
until it reaches a platform device, defined as one whose subsystem is
the platform bus. This fixes the race and simplifies the ueventd
code.
Bug: 62436493
Bug: 62681642
Test: Boot bullhead
Test: Boot sailfish
Test: Init unit tests
Test: Boot hikey + hotplug/unplug sdcard
Merged-In: I21636355d8e434f30e0cba568598a6cf139e67f9
Change-Id: I21636355d8e434f30e0cba568598a6cf139e67f9
(cherry picked from commit c94ce7b130)
/default.prop is moved to /system/etc/prop.default for full Treblized
devices. Modifies property_service to load it from there first.
In recovery mode, the file is renamed as /prop.default. This path is
tried if /system/etc/prop.default is not available.
Bug: 37815285
Test: Tested with ag/2419001. Booted pixel phones, checked the location
of prop.default, verified the symlink at /default.prop, checked a
few properties via adb shell and manually tested a few apps.
Booted to recovery and ran 'adb sideload' successfully.
Change-Id: I485231f21fc86b0aec58edf867e229a31e77d85e
libprocessgroup kills the cgroup associated with a given pid and uid,
but not the POSIX process group associated with it. This means that
to kill both, two of the same signals must be sent, which may cause
some issues.
This change kills all POSIX process groups whose group leaders are
found within a cgroup. It only then kills processes in the cgroup
that are not part of the POSIX process groups that have been killed.
Bug: 37853905
Bug: 62418791
Test: Boot, kill zygote, reboot
Change-Id: Id1d96935745899b4c454c36c351ec16a0b1d3827
(cherry picked from commit 70a5ed49ef)
Current first stage mount only allows three mount points: system, vendor
and/or odm. This was introduced by project Treble to mount those
verified partitions early. However, there might be some other custom
partitions needs to be mounted early as well. This CL removes the
restriction and does first stage mount for whatever specified in
fstab-dt.
Bug: 62423887
Test: first stage mount /vendor with vboot 1.0
Test: first stage mount /vendor with vboot 2.0 (AVB)
Change-Id: I6c146c64e673c35c2823523ccbde193590430c48
Merged-In: I6c146c64e673c35c2823523ccbde193590430c48
(cherry picked from commit 06ed613e73)
fork() subprocesses to handle uevents in parallel.
This reduces coldboot time on bullhead from ~446ms to ~230ms.
This reduces coldboot time on sailfish from ~690ms to ~360ms.
This reduces coldboot time on ryu from ~187ms to ~122ms.
Bug: 33785894
Test: boot bullhead x40, observe no major differences in /dev and /sys
Test: boot sailfish x40, observe no major differences in /dev and /sys
Test: boot ryu x40, observe no major differences in /dev and /sys
Test: boottime tests on bullhead and sailfish
Test: init unit tests
Change-Id: Ie2f63e000b8af78d187477d31fe109f20304d749
Bug: 62114389
Test: boot bullhead, get/set properties with ':' via command line
Test: trigger an init trigger with a property containing a ':'
Change-Id: Ib51853a1ef9d4f79d510c8175c0d9684e2025e23
devices.cpp handles too many things for creating one class. This
change breaks it up into various files and classes.
* Parsing is moved to ueventd_parser.cpp
* Reading from the uevent socket and Cold booting is moved to a
UeventListener class, in uevent_listener.cpp
* Firmware handling is moved to firmware_handler.cpp
* The remaining contents form a DeviceHandler class within devices.cpp
Bug: 33785894
Test: boot bullhead x40, observe no major differences in /dev and /sys
Test: boot sailfish x40, observe no major differences in /dev and /sys
Test: init unit tests
Change-Id: I846a2e5995fbb344c7a8e349065c18a934fa6aba
/default.prop may be moved to /system/etc/ and renamed as prop.default.
/{system,vendor,odm}/build.prop may be moved to /{system,vendor,odm}/etc/
and renamed as prop.build.
This patch makes property_service load prop.* from the new locations
first. Also replaces NULL with nullptr for C++ cleanup.
Bug: 37815285
Test: Booted pixel phones, checked the locations of prop.*, verified
symlinks, checked a few properties (via adb shell getprop)
and manually tested a few apps (Camera, Maps etc).
ODM is not tested as it does not exist on the tested device.
Change-Id: Id8eeb3c1a5728dd04005dfad4733b8e6336f9093
Move libinit, init_tests, and test_service to Android.bp
Leave init in Android.mk as it has unfulfilled dependencies, but
create a comment in Android.bp for future use.
Remove libinit_parser and init_parser_tests as that code was never
used in init.
Bug: 36970783
Bug: 37512442
Test: Build, boot bullhead, init unit tests
Change-Id: Id81cd10ea09453a5fd762ba9189276aad79d5444
This reverts commit bdfd395e47.
We want to keep AOSP and internal master in sync and since this isn't
being used, instead of cherry-picking to AOSP, we'll revert from internal.
Test: Build
Change-Id: I161b4c7187ec260841605149b7eee7df64434246
- In some devices, some drivers still try to load firmware while shutting
down, and crashes the kernel. So keep ueventd to prevent such case.
bug: 38203024
Test: reboots
Change-Id: I4f1910723254ccb69f8e9c78e8727fbd8c7eed3e
