1) increase thermal shutdown timeout to 3s for process to save work
2) respect property "ro.build.shutdown_timeout" in thermal shutdown if
it is set less than default time - "3s"
Bug: 112432890
Test: Build
Change-Id: Idc2b24dd44c1fab8f9b047fd2468de2ee45ff783
The kernel opens /dev/console and uses that fd for stdin/stdout/stderr
if there is a serial console enabled and no initramfs, otherwise it
does not provide any fds for stdin/stdout/stderr. InitKernelLogging()
is used to close these existing fds if they exist and replace them
with /dev/null.
Currently, InitKernelLogging() is only called in second stage init,
which means that processes exec'ed from first stage init will inherit
the kernel provided fds if any are provided.
In the case that they are provided, the exec of second stage init
causes an SELinux denial as it does not have access to /dev/console.
In the case that they are not provided, exec of any further process is
potentially dangerous as the first fd's opened by that process will
take the stdin/stdout/stderr fileno's, which can cause issues if
printf(), etc is then used by that process.
Lastly, simply moving InitKernelLogging() to first stage init is not
enough, since first stage init still runs in kernel context and future
child processes will not have permissions to access kernel context
resources. Therefore, it must be done for a second time in second
stage init.
Bug: 117281017
Test: no audits when booting marlin.
Change-Id: If27edab5c32b27765e24c32fbed506ef625889de
Allow services to specify a custom restart period via the
restart_period service option. This will allow services to be run
periodically, such as a service that needs to run every hour.
Allow services to specify a timeout period via the timeout_period
service option. This will allow services to be killed after the
timeout expires if they are still running. This can be combined with
restart_period for creating period services.
Test: test app restarts every minute
Change-Id: Iad017820f9a602f9826104fb8cafc91bfb4b28d6
Added fs_mgr_overlayfs_required_devices() as hint to init to make sure
the device gets created before fs_mgr_overlayfs_mount_all().
Test: manual
Bug: 109821005
Change-Id: Iab038f3e0252a357b082bb08db3679512b9badec
We ran into an issue with an fd leaking due to missing both CLO_EXEC
and fclose() in related code, so let's make sure we're safe here too.
Test: boot
Change-Id: Ief893c936859815c78fa6d7e06cb88ad34aadbac
If a device has logical partitions but does not use a partition called
"super", we will need this to be configurable. Note that the "slot"
argument is currently unused, but will be necessary for update_engine if
there are A and B super partitions.
Bug: 116608795
Test: super partition works
Change-Id: Ieb548a158faeb423f3561230f26d582325efbc6b
We need to keep the right mount points in the fstab for other
processes to access (/ for system-as-root or /system otherwise).
Force_normal_boot devices are defacto not system-as-root,
since they're booting through the recovery ramdisk and therefore must
use /system as the system mount point.
Bug: 114062208
Test: boot pixel from recovery with force_normal_boot
Change-Id: Ib0e4e4f8a29299ecdcd35e8f1415551c4c9745ad
Device is considered to be unlocked if
androidboot.verifiedbootstate is "orange".
Test: adb shell getprop ro.boot.flash.locked
Change-Id: Id3aeec757908ea63a37e28ad880a6c71d53083ac
Add an fstab argument for fs_mgr_overlayfs_mount_all so that it can
leverage the locally and timely acquired fstab entries. Affects all
callers, adb and init.
Test: manual
Bug: 109821005
Bug: 115751838
Change-Id: I96e2045d88525a6ce39bef63327a0fcf0704e9bc
Devices not supporting logical partitions do not require the command.
Bug: 78793464
Test: 'adb reboot fastboot' reboots to bootloader for a device
not supporting logical partitions.
Change-Id: I0a7b6d4335040e24efbf461e2dd2d56ab1985b7f
This change makes the subcontext processes cleanly exit in the event of
the init's socket being closed. If that was an accident, init will
respawn the process immediately. Otherwise, it will just quietly go
away.
Bug: 80425914
Test: kill -9 $INIT_PID # Outside of an Android container
Change-Id: I664f11d1b3700ea46857abf24857335fe28e92fa
If there is no valid pre-compiled SEPolicy policy, init may call
secilc, which exists on the system partition. 1st stage init won't
always live on this partition, so we need to move this SELinux setup
to 2nd stage init, which always lives on the system partition, to
ensure that both secilc and its caller are updated together.
Bug: 114059212
Test: hikey boots, sailfish boots
Change-Id: Iaf7b4af4a5c2ace16755ec2e54510ab95c53f041
For A/B devices, the recovery image is typically provided as a ramdisk
paired with boot.img. Instead of repartitioning these devices to have
a separate recovery partition and have the new 1st stage ramdisk
paired with the boot.img, this allows setting
androidboot.force_normal_boot=1 on the kernel command line to have init
in recovery boot directly to a normal boot.
This requires /system_recovery_mount to be added in the DT fstab for
the system partition.
Bug: 114062208
Test: hikey boots
Change-Id: I1e331b5cca91152d20ca92549779ab41aa9cd431
Allow init to use binder, but in a restricted way:
- No binder threadpool
- Other processes can't initiate calls to init
- No death recipients
This change adds libbinder/libutils and calls into ProcessState,
which also calls into the kernel driver and sets up state there.
No other binder calls are made, so that we can let this soak for
a while to see if there any bad side effects of just loading
these libraries and initializing the kernel driver.
This introduces about 120kB of additional memory usage (PSS),
mostly due to pulling in libbinder and libutils and the private
state they have.
We also don't include these libraries in the recovery version of
init, because space on the recovery partition is limited.
Bug: 112684055
Test: device still boots, /d/binder/proc/1 shows init state
Change-Id: I972b1eebdb16337f52e20d1f614e3a0dce0f06d2
MountPartitions should respect nofail. The nofail flag makes the
partition optional.
Test: manual (future code using feature), and smoke test
Bug: 109821005
Bug: 78914864
Change-Id: I715a66ef1abbe223b0cefe5bd2758f63352b1afc
The keycodes functionality in init only needs to read key events. It
doesn't need to inject key events. A read-only file descriptor is
perfectly sufficient.
Test: pressing volume-up/volume-down/power still generates a bugreport
Change-Id: Iecbf21c544914334006ac6258c03df390f417e80
Not all the dependent shared libs are installed on device with both
arches. For example, we don't have 32-bit `libfs_mgr.so` or
`libbootloader_message.so` on marlin, which would cause 32-bit
`init_tests` to fail.
Bug: 112494634
Test: Run (64-bit) init_tests on marlin.
Test: `m -j continuous_native_tests` with aosp_marlin-userdebug. Check
that only 64-bit init_tests is included in
`continuous_native_tests.zip`.
Change-Id: I999d58750d48c34df7dbabccf8863a6ccaf0b83c
This CL switches init_defaults and thus init_second_stage to depend on
commonly used shared libraries. In particular, use the following shared
libs that have been available on device (under both of normal boot and
recovery):
- libbootloader_message
- libext4_utils
- libfs_mgr
- libhidl-gen-utils
- libkeyutils
- liblogwrap
The following transitive dependencies have been dropped. They were only
needed when including the above libs statically. Dropping them doesn't
further affect the size though.
- libfec
- libfec_rs
- libsquashfs_utils
With the change, the second stage init size has been reduced from
1094328 to 627992 bytes (aosp_taimen-userdebug), with no new shared libs
installed.
Also evaluated the impact of using `libprotobuf-cpp-lite.so` and
`libseccomp_policy.so`. It doesn't look beneficial -- at least not right
now with `init` as the singler user.
- statically linked them both: 627992-byte
- with libprotobuf-cpp-lite.so: 605880 (init) + 262624 (.so)
- with libseccomp_policy.so: 605848 (init) + 32208 (.so)
Bug: 112494634
Test: `mmma -j system/core/init` with aosp_marlin-userdebug
Test: Flash the marlin build on device. Run init_test.
Test: Boot into recovery successfully.
Change-Id: I49debe9066ff36dfda55b08266862e29e2bfc96b
An unintended consequence of property types is that it makes clearing
a property, by setting it to an empty string, impossible. This change
explicitly allows that case:
Test: new (and old) unit tests
Change-Id: I188693bfd3a71b64c194c3858544230b87d8d891
Due to a bug with ParseUint(), init would defacto accept -1 for an
infinite rlimit, but only on 64bit devices. That bug is now fixed,
such that -1 would be rejected by ParseUint() for all devices.
This change explicitly checks for -1 for all devices or 'unlimited' to
match ulimit's reporting and accepts either as an infinite rlimit.
Bug: 112668205
Test: new (and old) unit tests
Change-Id: Ie28ff622cdf375a65ceb5f32ffb14fb3d5d9f2ba
Attempting to reduce the number of different spellings we have for
"product services" partition in the codebase.
Bug: 112431447
Test: m
Change-Id: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
Merged-In: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
This makes the init module only produce artifacts in
/system. A simultaneous change in the core product
makefiles explicitly adds init_second_stage.recovery.
Bug: 112318375
Test: lunch mainline_arm64 && m nothing
Change-Id: I33f0f0c869dfb1ffe781fc682eeb20589a4ffe90
* changes:
init: add fs_mgr_overlayfs_mount_all to FirstStageMount
adb: add overlayfs handling for readonly system filesystems
fs_mgr: get fs_mgr_mount_all to call fs_mgr_overlayfs_mount_all
fs_mgr: add overlayfs handling for squashfs system filesystems
In the future, systems with dm-linear will require a ramdisk to set up
the mount for system. In this world, first stage init will be a part
of this ramdisk and handle setting up dm-linear, mounting the
necessary partitions, then pivoting to the system image, which will
become the root partition.
This also enables previous devices without system-as-root, to be
unified with system-as-root devices for all aspects of boot after the
pivot_root.
Bug: 79758715
Test: boot hikey
Test: boot sailfish, boot sailfish into recovery
Change-Id: Iefa88a3ec5994e7989aa9f26f2de0351ffa5468b
