'object_r' is supposed to be simply 'r'.
Test: boot sailfish with SELinux fully enabled and subcontexts enabled
Change-Id: I7eb8b2dd18e66f23c09863e8961da339f72d25c5
One of the major aspects of treble is the compartmentalization of system
and vendor components, however init leaves a huge gap here, as vendor
init scripts run in the same context as system init scripts and thus can
access and modify the same properties, files, etc as the system can.
This change is meant to close that gap. It forks a separate 'subcontext'
init that runs in a different SELinux context with permissions that match
what vendors should have access to. Commands get sent over a socket to
this 'subcontext' init that then runs them in this SELinux context and
returns the result.
Note that not all commands run in the subcontext; some commands such as
those dealing with services only make sense in the context of the main
init process.
Bug: 62875318
Test: init unit tests, boot bullhead, boot sailfish
Change-Id: Idf4a4ebf98842d27b8627f901f961ab9eb412aee
This has moved to being serialized with libprotobuf.
Test: persistent properties work on bullhead
Test: init unit tests
Change-Id: I26ebe135e37d352f9c53612301bde703144853e7
Change HandleSigtermSignal() handler to report shutdown,container. Add
the new reason to bootstat. Remove log stutter as
HandlPowerctlMessage will also do a LOG(INFO) reporting
shutdown,container as reason.
Sending SIGTERM to init is to allow a host OS to ask an Android
Container instance to shutdown. The temptation is to report
shutdown,sigterm but that does not accurately describe the usage
scenario.
Test: compile
Bug: 63736262
Change-Id: I3c5798921bdbef5d2689ad22a2e8103741b570b4
Primarily, this fixes a bug where a forked child of property service
uses exit() instead of _exit, which has the unintended consequences of
running the global destructors of init proper, which leads to
unintended cleanup.
Secondly, this replaces the remaining calls of exit() that really
should be LOG(FATAL).
Test: boot sailfish
Change-Id: I779228e7d44a73186bc7685bb723c4b9278a0a2d
I probably should have done this from the start... There's a shim to
convert my manually serialized format to protobuf, and since that has
not yet shipped, it'll be reverted in a short period of time.
Test: init unit tests
Test: upgrade from legacy and intermediate property formats successfully
Change-Id: Iad25f6c30d0b44d294230a53dd6876222d1c785b
This command functions similarly to `exec` except that it does not
cause init to halt executing commands until the process has
terminated. It is useful for launching simple one time background
tasks.
Bug: 65736247
Test: create an exec_background service and see it function properly
Change-Id: I719c8b85479b65201770aedc0a13191303007c11
Builtin commands may set the sys.powerctl property, which causes
reboot to be immediately processed. Unfortunately, part of the reboot
processing involves clearing the action queue, so when this scenario
happens, ActionManager::ExecuteOneCommand() can abort due to its state
being unexpectedly changed.
Longer term, the real fix here is to split init and property service.
In this case, the property sets will be sent to property service and
the reboot will only be processed once property service responds back
to init that the property has been set. Since that will not happen
within the action queue, there will be no risk of failure.
Short term, this change sets a flag in init to shutdown the device
before the next action is run, which defers the shutdown enough to fix
the crash, but continues to prevent any further commands from running.
Bug: 65374456
Test: force bullhead into the repro case and observe that it no longer
repros
Change-Id: I89c73dad8d7912a845d694b095cab061b8dcc05e
ExpandArgs() was factored out of Service::Start() to clean up init,
however this introduced a bug: the scope of expanded_args ends when
ExpandArgs() returns, yet pointers to the c strings contained within
those std::strings are returned from the function. These pointers are
invalid and have been seen to cause failures on real devices.
This change moves the execv() into ExpandArgs() and renames it
ExpandArgsAndExecv() to keep the clean separation of Service::Start()
but fix the variable scope issue.
Bug: 65303004
Test: boot fugu
Change-Id: I612128631f5b58d040bffcbc2220593ad16cd450
