This reverts commit 4818f74888.
The previous commit might introduce a build break on legacy
devices that with a smaller /boot partition size, because it
outputs the first-stage init and the second-stage init binaries
in the following locations, respectively (when
BOARD_USES_RECOVERY_AS_BOOT is true).
* $OUT/recovery/root/first_stage_ramdisk/init
* $OUT/recovery/root/system/bin/init
The first one is not needed because there is already a symlink
under $OUT/recovery/root: init -> /system/bin/init.
Bug: 193565271
Test: `lunch aosp_flame-userdebug`, `make bootimage_debug` then
checks the output under $OUT/debug_ramdisk/.
Test: Performs the same check for `lunch aosp_bramble-userdebug`.
Change-Id: I6277a6c4c0980bd976cc35db6ca99eafc6bf3f5a
This has kept adb_debug.prop from being installed for
legacy devices with BOARD_USES_RECOVERY_AS_BOOT set to
true.
Bug: 192432810
Bug: 193291885
Test: `lunch aosp_flame-userdebug` and checks `get_build_var
BOARD_USES_RECOVERY_AS_BOOT` is true.
Test: `make bootimage_debug` then checks
$OUT/debug_ramdisk/adb_debug.prop exists
Test: build/soong/build_test.bash --dist --incremental
Change-Id: I28e2c082512791407167b610843f18731ed6d673
This has kept adb_debug.prop from being installed.
Ignore-AOSP-First: fixes sc-release test breakage
Bug: 192432810
Test: build ramdisk-debug.img and see contents
Change-Id: I254579d2c6427213f40e9ae8e50d046e19390ba5
adb_debug.prop is migrated too. And ramdisk_available is added to all
dependencies.
Bug: 187196593
Test: boot
Change-Id: I59cd149e0021211b8fd59c44b93bbf18dc8637bf
Merged-In: I59cd149e0021211b8fd59c44b93bbf18dc8637bf
adb_debug.prop is migrated too. And ramdisk_available is added to all
dependencies.
Bug: 187196593
Test: boot
Change-Id: I59cd149e0021211b8fd59c44b93bbf18dc8637bf
The first-stage init has been built in Make due to some requirements
(like placing it directly under the root directory rather than bin/, and
creating mountpoints like /proc, etc.) that are not supported in Soong.
However, Ie06dc5a93635ea8b1e18be517ed8615b6c82fee6 will make it possible
to satisfy the requirements in Soong. The build of the boot image is
done in Soong and we can create mount points using the `dirs` property
and create a symlink /init that points to /bin/init_vendor using the
`symlinks` property.
To complete the picture of build everying in Soong, this change adds a
Soong-version of the first-stage init.
Note that the Soong-based boot image creation is currently only for the
microdroid usecase. Therefore, the Android.mk-based first-stage init
still remains and will be removed later.
Bug: 178562516
Test: m init_first_stage_soong
Change-Id: I278cb60a11d94fb48341fd3592be0652a25bdbfb
None of them are necessary, and it's more intention-revealing to say
`c++2a` or whatever anyway.
Test: treehugger
Change-Id: Ie1df26499d160d6fc757d17fcb0121997bda14f9
microdroid is the base image for on-device VMs. We will use Android
components (init, adbd, servicemanager, ...) on the VM as much as
possible.
Bug: 177630284
Test: m microdroid
Change-Id: I36890644baaaf8f441698411dd869ddb220734fb
With compressed VAB updates, it is not possible to mount /system without
first running snapuserd, which is the userspace component to the dm-user
kernel module. This poses a problem because as soon as selinux
enforcement is enabled, snapuserd (running in a kernel context) does not
have access to read and decompress the underlying system partition.
To account for this, we split SelinuxInitialize into multiple steps:
First, sepolicy is read into an in-memory string.
Second, the device-mapper tables for all snapshots are rebuilt. This
flushes any pending reads and creates new dm-user devices. The original
kernel-privileged snapuserd is then killed.
Third, sepolicy is loaded from the in-memory string.
Fourth, we re-launch snapuserd and connect it to the newly created
dm-user devices. As part of this step we restorecon device-mapper
devices and /dev/block/by-name/super, since the new snapuserd is in a
limited context.
Finally, we set enforcing mode.
This sequence ensures that snapuserd has appropriate privileges with a
minimal number of permissive audits.
Bug: 173476209
Test: full OTA with VABC applies and boots
Change-Id: Ie4e0f5166b01c31a6f337afc26fc58b96217604e
This test spawns several services backed by /system/bin/yes executable,
and then stops them either while SIGTERM or SIGKILL.
Ideally we want to unit test more of reboot logic, but that requires a
bigger refactoring.
Test: atest CtsInitTestCases
Bug: 170315126
Bug: 174335499
Change-Id: Ife48b1636c6ca2d0aac73f4eb6f4737343a88e7a
This is a re-landing of the original CL, with a few changes:
- The correct device is now returned in MapUpdateSnapshot.
- The old API is used for tests, and the new API is only tested when
used on a VABC device.
- A sync() call has been added to ensure that writes to the base and
target snapshot devices have been fully flushed. This makes
IsPartitionUnchanged detect the MapUpdateSnapshot bug.
Implement OpenSnapshotWriter for non-compressed Virtual A/B. This is
done by adding an OnlineKernelSnapshotWriter class, which forwards all
writes to a dm-snapshot block device.
This also introduces a new ISnapshotWriter class which extends
ICowWriter, and adds features specific to libsnapshot (versus ICowWriter
which is intended only for the new COW format). The OpenSnapshotReader
call has been moved here since the writer retains all the information
needed to create the reader.
To test the new call, vts_libsnapshot_test has been modified to use
OpenSnapshotWriter.
As part of this change, all consumers of libsnapshot must now link to
libsnapshot_cow.
Bug: 168554689
Test: vts_libsnapshot_test
Test: full OTA with update_device.py
Test: incremental OTA with update_device.py
Change-Id: I90364a58902a4406a37cb14a816642c57a72bec2
Revert "Link to libsnapshot_cow everywhere libsnapshot is linked."
Revert submission 1433573-vab-libsnapshot-linkage
Reason for revert: b/169981170, update crash for droidfooders.
Reverted Changes:
Ie75bba98c:Link to libsnapshot_cow where libsnapshot is linke...
Ieedfadc55:libsnapshot: Partially implement OpenSnapshotWrite...
I28a5d4a88:Link to libsnapshot_cow everywhere libsnapshot is ...
Exempt-From-Owner-Approval: Revert to unblock dogfood
Change-Id: I0677df77672aca9fd54d94e009ac0be7c88a1a9d
Implement OpenSnapshotWriter for non-compressed Virtual A/B. This is
done by adding an OnlineKernelSnapshotWriter class, which forwards all
writes to a dm-snapshot block device.
This also introduces a new ISnapshotWriter class which extends
ICowWriter, and adds features specific to libsnapshot (versus ICowWriter
which is intended only for the new COW format). The OpenSnapshotReader
call has been moved here since the writer retains all the information
needed to create the reader.
To test the new call, vts_libsnapshot_test has been modified to use
OpenSnapshotWriter.
As part of this change, all consumers of libsnapshot must now link to
libsnapshot_cow.
Bug: 168554689
Test: vts_libsnapshot_test
Change-Id: Ieedfadc557833c1e0540922aabc6e95c80266a64
If a device doesn't support unflattened APEXes, init activates flattened
APEXes instead of apexd.
Because apexd dumps apex-info-list.xml after it activates all APEXes,
init should do the same thing.
Bug: 159585065
Test: lunch aosp_cf_x86_phone_noapex & m & boot
adb more /apex/apex-info-list.xml
adb shell ls -lZ /apex/apex-info-list.xml
-> -rw-rw-rw- 1 root root u:object_r:apex_info_file:s0 ..
Change-Id: I74a4d0ee363761564225097c5949e5ce335ac6dc
libsnapshot* uses update_metadata-protos. This
used to be optimized out, but now that SnapshotManager is
virtual, CreateUpdateSnapshots can no longer be optimized out.
Bug: 148956645
Test: compiles
Change-Id: Ib67cafd156308bf5a477996ec32eb786f8e896db
If the first stage console is being used, attempt to run /first_stage.sh
immediately before the console is created.
Bug: 154126020
Change-Id: I8b7431e7b8219afea295b120d7ea91751804bda6
The tests are only needed in vts10 suite.
Bug: 151896491
Test: local build
Exempt-From-Owner-Approval: This CL removes vts10 tests from vts suite.
It won't change test logic or behavior.
Change-Id: I4d468be075b54213b56c7e1aa94af94f2bdce9ff
This is to prepare renaming vts to vts10.
Bug: 151896491
Test: local build
Exempt-From-Owner-Approval: This CL adds all tests in vts to a new
suite vts10. vts10 will be the new name of existing vts suite. This CL
won't change test logic or behavior.
Change-Id: I3c7ccef142de30f02a59046cecba121480f6e436
This will make it possible to re-use in second-stage init.
Bug: 150315914
Test: first-stage init boots
Change-Id: I6a0f13d5c71ab5529a76751f68ac0f15834323d1
Some services are lazy HALs on some platforms and not lazy HALs on
others; this is known at runtime by hwservicemanager, so this change
adds these properties to allow hwservicemanager to turn one oneshot
(for lazy HALs). It may also be required to make a lazy HAL not lazy
anymore, and oneshot_off is provided for this.
Bug: 147841742
Test: new unit test that turn on and off oneshot on a service (bootanim)
and observes that it follows the expected behavior
Change-Id: I79524e2c9a5008f90c8d3bc40920fde00602a439
A previous change moved property_service into its own thread, since
there was otherwise a deadlock whenever a process called by init would
try to set a property. This new thread, however, would send a message
via a blocking socket to init for each property that it received,
since init may need to take action depending on which property it is.
Unfortunately, this means that the deadlock is still possible, the
only difference is the socket's buffer must be filled before init deadlocks.
This change, therefore, adds the following:
1) A lock for instructing init to reboot
2) A lock for waiting on properties
3) A lock for queueing new properties
A previous version of this change was reverted and added locks around
all service operations and allowed the property thread to spawn
services directly. This was complex due to the fact that this code
was not designed to be multi-threaded. It was reverted due to
apparent issues during reboot. This change keeps a queue of processes
pending control messages, which it will then handle in the future. It
is less flexible but safer.
Bug: 146877356
Bug: 148236233
Bug: 150863651
Bug: 151251827
Test: multiple reboot tests, safely restarting hwservicemanager
Change-Id: Ice773436e85d3bf636bb0a892f3f6002bdf996b6
This is apparently causing problems with reboot.
This reverts commit 7205c62933.
Bug: 150863651
Test: build
Change-Id: Ib8a4835cdc8358a54c7acdebc5c95038963a0419
A previous change moved property_service into its own thread, since
there was otherwise a deadlock whenever a process called by init would
try to set a property. This new thread, however, would send a message
via a blocking socket to init for each property that it received,
since init may need to take action depending on which property it is.
Unfortunately, this means that the deadlock is still possible, the
only difference is the socket's buffer must be filled before init deadlocks.
There are possible partial solutions here: the socket's buffer may be
increased or property_service may only send messages for the
properties that init will take action on, however all of these
solutions still lead to eventual deadlock. The only complete solution
is to handle these messages asynchronously.
This change, therefore, adds the following:
1) A lock for instructing init to reboot
2) A lock for waiting on properties
3) A lock for queueing new properties
4) A lock for any actions with ServiceList or any Services, enforced
through thread annotations, particularly since this code was not
designed with the intention of being multi-threaded.
Bug: 146877356
Bug: 148236233
Test: boot
Test: kill hwservicemanager without deadlock
Change-Id: I84108e54217866205a48c45e8b59355012c32ea8
Users of libinit_test_utils must include all libraries that it uses.
If it uses libinit, then there is a large number of libraries that
must be included. To avoid this, make libinit_test_utils only use
init_common_sources and the small number of required libraries that go
along with those sources. Additionally, expose these sources as a
default for users of libinit_test_utils.
Test: build
Change-Id: I224fa7e0590d073e4cd40412b5dcb6f72a64b6bf
When bind-mounting flattened APEX, use the apex name found in
apex_manifest.pb as the mount point, instead of the directory name which
might be different from apex name in case when the apex is overridden.
This allowed us to remove the special casing for the ART apex since we
/system/apex/com.android.art.release will be mounted to
/apex/com.android.art instead of /apex/com.android.art.release.
Bug: N/A
Test: m
Test: OVERRIDE_TARGET_FLATTEN_APEX=true m, device is bootable
Change-Id: Ibdde7002b9078db390e6672b0eb82c474925451d
sys.init.userspace_reboot.in_progress will be used to notify all
the processes (including vendor ones) that userspace reboot is
happening, hence it should be treated as stable public api.
All other sys.init.userspace_reboot.* props will be internal to /system
partition and don't require any stability guarantees.
Test: builds
Test: adb reboot userspace
Bug: 135984674
Change-Id: Ifb64a6bfae2de76bac67edea68df44e33c9cfe2d
We have all of the 'type' information for properties available during
build time, so let's check this when setting properties in init.
Test: setprop apexd.status bad results in:
host_init_verifier: Command 'setprop apexd.status bad'
(out/soong/.intermediates/system/core/rootdir/init.rc/android_x86_core/init.rc:927)
failed: Property type check failed, value doesn't match expected type
'enum starting ready'
host_init_verifier: Failed to parse init script
'out/soong/.intermediates/system/core/rootdir/init.rc/android_x86_core/init.rc'
with 1 errors
Test: CF builds without that error
Change-Id: Iaad07747c09f4a10b2b816c455d6e8a485357ab9
There is no reason for these scripts to continue to exist in /, when
they are better suited for /system/etc. There are problems keeping
them at / as well, particularly that they cannot be updated with
overlayfs.
Bug: 131087886
Bug: 140313207
Test: build/boot
Merged-In: I043d9a02ba588ca37ceba2c4e28ed631792b2586
Change-Id: I043d9a02ba588ca37ceba2c4e28ed631792b2586
