init: support loading odm sepolicy
Currently init merges two sepolicy cil files:
- /system/etc/selinux/plat_sepolicy.cil
- /vendor/etc/selinux/nonplat_sepolicy.cil
This change replaces nonplat_sepolicy.cil with the following two files:
- /vendor/etc/selinux/declaration/nonplat_declaration.cil
- /vendor/etc/selinux/vender_sepolicy.cil
And support merging another default (but optional):
- /odm/etc/selinux/odm_sepolicy.cil.
Bug: 64240127
Test: boot sailfish normally without odm.cil
Test: boot another device having odm.cil
Change-Id: I0b7f8c656c73ddb0fd46f2af3c625d7c81566f2f
Clang static analyzer worries that strcpy to a field may overwrites
other fields. Use snprintf() instead.
Test: built without seeing the warning.
Change-Id: I75d8edf1353b5d052fd14a954362bd0632c258fa
- Change all load_base to load_bias in the test files.
- Add the test files to the backtrace_test.
- Add a function to get the path to the test libraries.
- Change aarch64 to arm64 for offline test code.
- Modify the offline tests so that they can be easily updated when
unwinding on any arch for any other arch is possible.
- Add tests of CreateNew for remote debugging.
Test: Ran unit tests on host and angler.
Change-Id: Id6c5afe73aeb2ac22463dd81f061799fcb1c178b
Use CHECK_LT(foo, 1234) instead of CHECK(foo < 1234) so that failing
checks have the values emitted.
Bug: http://b/65063965
Test: adb server nodaemon
Change-Id: I094287f7c4d2d177ea216568d06e9e425a28dd96
We've seen crashes due to processes exceeding the current soft limit
for open FDs of 1024, mainly due to increases in using FDs for shared
memory and gralloc memory objects.
There is not a compelling reason to keep this limit artificially low,
so we raise it to 32K. This matches my desktop linux limit, so it is
with precedent.
Bug: 64894637
Test: open 32K FDs in a process without failure then fail after 32K
Change-Id: Ibecfc486e9c61f273a432a108893137d2d13a530
Add a new service option, `rlimit` that allows a given rlimit to be
set for a specific service instead of globally.
Use the same parsing, now allowing text such as 'cpu' or 'rtprio'
instead of relying on the enum value for the `setrlimit` builtin
command as well.
Bug: 63882119
Bug: 64894637
Test: boot bullhead, run a test app that attempts to set its rtprio to
95, see that the priority set fails normally but passes when
`rlimit rtprio 99 99` is used as its service option.
See that this fails when `rlimit rtprio 50 50` is used as well.
Test: new unit tests
Change-Id: I4a13ca20e8529937d8b4bc11718ffaaf77523a52
Child processes inherit the signal handlers and the 'Aborter' for
logging from their parent process. In the case of init, fork()'ed
processes, will attempt to reboot the system if they receive a fatal
signal or if they call LOG(FATAL). This is not the correct behavior;
these processes should terminate due to the provided signal like other
processes on the system.
This is particularly important as there are multiple LOG(FATAL) calls
in service.cpp for failures after fork() but before execv() when a
service is started.
Note, that pthread_atfork() is not a viable solution since clone() is
used in some cases instead of fork() and atfork handlers are not
called with clone().
Test: LOG(FATAL) from a child process of init and see that it
terminates due to a signal correctly
Test: LOG(FATAL) from init proper and see that it reboots to the
bootloader
Change-Id: I875ebd7a5f6b3f5e3e2c028af3306917c4409db3
There are no actual users of the machine type output parameter to
Regs::RemoteGet. The concrete implementations of Regs know what machine
type they represent anyway, so provide an accessor to query.
Test: treehugger
Test: libunwindstack tests on 32/64-bit host, hikey960
Change-Id: Ia25910531d36c41b2b6919f154cfa914aae63117
1) Attempt to make the error message associated with a missing service
better.
2) Provide a link to more in-depth documentation.
Bug: 65023716
Test: code compiles.
Change-Id: Ie0f1896fb41d5afd11501f046cb51d4c8afe0a62
The move to returning Result from Service::Start() for better context
when starting process through init's builtins stops Service::Start()
failures from being logged from other contexts. This change adds
those logs along with their context.
Test: boot bullhead, fail to start services via `setprop ctl.start`,
see the expected error in dmesg
Change-Id: I45294f6abf00852f3d4c549a32eaf4920a51e6f0
liblog concurrent printf tests now check every write succeeds.
logd timeout_negative tests exits as soon as one run succeeds.
Test: CTS tests till pass.
Change-Id: I9a166a0abcb8b9aa5c055c35c5dccf30616a4e24
don't abort it after 30s.
Adds a new CTS test to verify the behaviour.
Bug: 64143705
Test: New and existing CTS tests pass. Manual testing with logcat.
Change-Id: Ia67175701ed8c462083e14e26123ce8ddcb226bc
Switch from /data/misc/reboot/last_reboot_reason to persistent
Android property persist.sys.boot.reason for indicating why the
device is rebooted or shutdown.
persist.sys.boot.reason has a standard as outlined in b/63736262 and
the associated investigation. Made adjustments to the values so that
we did not create a problem even before we started. Compliance is
part of the tests in boot_reason_test.sh.
Test: system/core/bootstat/boot_reason_test.sh
Bug: 64687998
Change-Id: I812c55a12faf7cb7ff92101009be058ad9958d07
With full disk encryption, a temporary /data partition is mounted to
start a minimum subset of the frameworks. Later, once /data can be
decrypted it is mounted again. load_persist_props is called both when
the temporary /data partition is mounted and again after the real
/data is mounted; this is a mistake.
This change checks to see if we're a FDE device and if so, returns the
first time load_persist_props is called.
Test: boot bullhead (FDE) with and without boot pin and check that
persistent properties are loaded
Test: boot sailfish (FBE) and check that persistent properties are loaded
Change-Id: I6ed725072bdb27d80bfa6575d0a4876b08c6a4bc
- Rewrite the Maps::Parse to use open, and a buffer on the stack.
- Rewrite the line parser away from sscanf. The current way sscanf
is used does not catch many malformed lines. In addition, this
new version improves performance by 50% over sscanf on sailfish.
- Add a lot of unit tests for the parser to make sure there are
no problems. In addition, add a special line that was not rejected
with the previous version of the code.
- Add new accessor to get the map at a particular index.
- Add a backtrace benchmark for map creation for both new and old.
This cl results in ~5% speedup and makes the new unwinder map creation
about the same for 64 bit. It's still a bit slower, but not by much.
On 32 bit, we are still about 5% slower than the old creation method,
though.
Bug: 23762183
Test: libunwindstack unit tests pass. Ran the new benchmarks.
Change-Id: Id4431e539f400984e6fad62153fdf4152d518322
The test was assuming we still output the full help for every syntax error.
While I'm here, make the diagnostics suck less.
Bug: N/A
Test: ran tests
Change-Id: Idc28616f20c66391f32046cf4216f122998a84bd
* changes:
init: enable error reporting of builtin functions
init: log Service failures via Result<T>
init: pass errors from one Result<T> to another better
init: cleanup environment handling
The feature references a new file created by the selinux make system
that is stored on device under /system/etc/selinux/ which contains a
scontext, tcontext, tclass, and the bug they map to. logd will
reference this map every time an selinux denial comes through to see if
it's a known denial with a bug attached and then add the bug number to
the denial that's logged.
go/selinux-bug-metadata
Bug: 34997782
Test: any denial -> bug map listed in the referenced file is correcty
displayed in the selinux denials that are logged
Change-Id: I75bab59917591ed700471a0b4922b5f02f86bee9
we don't want to continue fastboot process if failed to
generate fs image. Print an error message and exit early.
Bug: 64915319
Change-Id: I5506d2a7a5063c188685633d6c3890239f9d658e
