If there is no valid pre-compiled SEPolicy policy, init may call
secilc, which exists on the system partition. 1st stage init won't
always live on this partition, so we need to move this SELinux setup
to 2nd stage init, which always lives on the system partition, to
ensure that both secilc and its caller are updated together.
Bug: 114059212
Test: hikey boots, sailfish boots
Change-Id: Iaf7b4af4a5c2ace16755ec2e54510ab95c53f041
For A/B devices, the recovery image is typically provided as a ramdisk
paired with boot.img. Instead of repartitioning these devices to have
a separate recovery partition and have the new 1st stage ramdisk
paired with the boot.img, this allows setting
androidboot.force_normal_boot=1 on the kernel command line to have init
in recovery boot directly to a normal boot.
This requires /system_recovery_mount to be added in the DT fstab for
the system partition.
Bug: 114062208
Test: hikey boots
Change-Id: I1e331b5cca91152d20ca92549779ab41aa9cd431
Allow init to use binder, but in a restricted way:
- No binder threadpool
- Other processes can't initiate calls to init
- No death recipients
This change adds libbinder/libutils and calls into ProcessState,
which also calls into the kernel driver and sets up state there.
No other binder calls are made, so that we can let this soak for
a while to see if there any bad side effects of just loading
these libraries and initializing the kernel driver.
This introduces about 120kB of additional memory usage (PSS),
mostly due to pulling in libbinder and libutils and the private
state they have.
We also don't include these libraries in the recovery version of
init, because space on the recovery partition is limited.
Bug: 112684055
Test: device still boots, /d/binder/proc/1 shows init state
Change-Id: I972b1eebdb16337f52e20d1f614e3a0dce0f06d2
MountPartitions should respect nofail. The nofail flag makes the
partition optional.
Test: manual (future code using feature), and smoke test
Bug: 109821005
Bug: 78914864
Change-Id: I715a66ef1abbe223b0cefe5bd2758f63352b1afc
The keycodes functionality in init only needs to read key events. It
doesn't need to inject key events. A read-only file descriptor is
perfectly sufficient.
Test: pressing volume-up/volume-down/power still generates a bugreport
Change-Id: Iecbf21c544914334006ac6258c03df390f417e80
Not all the dependent shared libs are installed on device with both
arches. For example, we don't have 32-bit `libfs_mgr.so` or
`libbootloader_message.so` on marlin, which would cause 32-bit
`init_tests` to fail.
Bug: 112494634
Test: Run (64-bit) init_tests on marlin.
Test: `m -j continuous_native_tests` with aosp_marlin-userdebug. Check
that only 64-bit init_tests is included in
`continuous_native_tests.zip`.
Change-Id: I999d58750d48c34df7dbabccf8863a6ccaf0b83c
This CL switches init_defaults and thus init_second_stage to depend on
commonly used shared libraries. In particular, use the following shared
libs that have been available on device (under both of normal boot and
recovery):
- libbootloader_message
- libext4_utils
- libfs_mgr
- libhidl-gen-utils
- libkeyutils
- liblogwrap
The following transitive dependencies have been dropped. They were only
needed when including the above libs statically. Dropping them doesn't
further affect the size though.
- libfec
- libfec_rs
- libsquashfs_utils
With the change, the second stage init size has been reduced from
1094328 to 627992 bytes (aosp_taimen-userdebug), with no new shared libs
installed.
Also evaluated the impact of using `libprotobuf-cpp-lite.so` and
`libseccomp_policy.so`. It doesn't look beneficial -- at least not right
now with `init` as the singler user.
- statically linked them both: 627992-byte
- with libprotobuf-cpp-lite.so: 605880 (init) + 262624 (.so)
- with libseccomp_policy.so: 605848 (init) + 32208 (.so)
Bug: 112494634
Test: `mmma -j system/core/init` with aosp_marlin-userdebug
Test: Flash the marlin build on device. Run init_test.
Test: Boot into recovery successfully.
Change-Id: I49debe9066ff36dfda55b08266862e29e2bfc96b
An unintended consequence of property types is that it makes clearing
a property, by setting it to an empty string, impossible. This change
explicitly allows that case:
Test: new (and old) unit tests
Change-Id: I188693bfd3a71b64c194c3858544230b87d8d891
Due to a bug with ParseUint(), init would defacto accept -1 for an
infinite rlimit, but only on 64bit devices. That bug is now fixed,
such that -1 would be rejected by ParseUint() for all devices.
This change explicitly checks for -1 for all devices or 'unlimited' to
match ulimit's reporting and accepts either as an infinite rlimit.
Bug: 112668205
Test: new (and old) unit tests
Change-Id: Ie28ff622cdf375a65ceb5f32ffb14fb3d5d9f2ba
Attempting to reduce the number of different spellings we have for
"product services" partition in the codebase.
Bug: 112431447
Test: m
Change-Id: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
Merged-In: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
This makes the init module only produce artifacts in
/system. A simultaneous change in the core product
makefiles explicitly adds init_second_stage.recovery.
Bug: 112318375
Test: lunch mainline_arm64 && m nothing
Change-Id: I33f0f0c869dfb1ffe781fc682eeb20589a4ffe90
* changes:
init: add fs_mgr_overlayfs_mount_all to FirstStageMount
adb: add overlayfs handling for readonly system filesystems
fs_mgr: get fs_mgr_mount_all to call fs_mgr_overlayfs_mount_all
fs_mgr: add overlayfs handling for squashfs system filesystems
In the future, systems with dm-linear will require a ramdisk to set up
the mount for system. In this world, first stage init will be a part
of this ramdisk and handle setting up dm-linear, mounting the
necessary partitions, then pivoting to the system image, which will
become the root partition.
This also enables previous devices without system-as-root, to be
unified with system-as-root devices for all aspects of boot after the
pivot_root.
Bug: 79758715
Test: boot hikey
Test: boot sailfish, boot sailfish into recovery
Change-Id: Iefa88a3ec5994e7989aa9f26f2de0351ffa5468b
This is a baseline for splitting init first and second stage into
their own executables.
Bug: 79758715
Test: sailfish boots
Change-Id: I549ad4502893b3a5e4c2a9886f66850f6d31b619
Rebooting to these targets requires writing bootloader
messages and thus root. Moving them into init means that
adb, reboot don't need root to use these targets.
Test: try rebooting to these targets
Bug: 78793464
Change-Id: Ia002d1e3b1cb0c0616f60435fb9af4dce162cf84
We're moving past a world where static executables are needed,
including watchdogd, so treat this like any other executable and place
it in /system/bin.
Bug: 73660730
Test: watchdogd still runs
Change-Id: I1f7508fd55dce6e9ee72a6ab7a085011a76c0053
Some devices have modules.alias and modules.dep for modprobe and other
purposes but do not want to opt into ueventd auto loading their
modules. Therefore we add a flag that can be added to ueventd
configuration files to opt into this behavior.
Bug: 111916071
Bug: 112048758
Test: check that modules are loaded with this opt-in
Test: check that modules are not loaded without this opt-in
Change-Id: Ifb281b273059b4671eea1ca5bc726c9e79f3adfb
This change adds an explicit cleanup for the subcontext processes and
avoids them from respawning, which causes a bunch of LOG(FATAL)s when
the system is going down.
Bug: 80425914
Test: kill -TERM $INIT_PID, no crashes for subcontext inits
Change-Id: I135191d959c1dd921b102af316b24d2bc161d6c9
This CL is largely and adaptation of
Ie996def20e25dc1afe0c74af2096af844934b2dc
Bug: 80741439
Test: Successfully built product-services.img with one module in it, and
flashed on device. Also successfully built image with
/system/product-services and no dedicated /product-services partition.
Change-Id: I1046dfe19bf874da929c9131b76a1f85422fbb80
Merged-In: I1046dfe19bf874da929c9131b76a1f85422fbb80
For some platforms it is not known at build time what devices
will be attached at runtime. Building into the kernel or pre-loading
at init all the modules that could be needed would unnecessary bloat
the kernel. The solution is dynamic kernel module loading.
The kernel will generate uevents when devices are added, userspace
should monitor for these events and load the compatible modules.
The init process already monitors for uevents, add here the ability
to respond to modalias events and preform the correct action.
Adding this to init is preferred over an external program as we
can read and process the module alias and dependency files once,
instead of for each module needing to be loaded.
Test: Run on Beagle-X15, check all needed modules are loaded (lsmod)
Change-Id: I1b57d9aeb0a9770f309207183dc4bc2b7b905f14
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Executables should be in /system/bin
rather than sbin. Change lookup paths
in a few places to reflect this.
Test: recovery is in system/bin
Bug: 78793464
Change-Id: Ibcdff7abf1f21e2566e02cad8bdb3c26ee500534
