Init is no longer a special case and talks to property service just
like every other client, therefore move it away from property_set()
and to android::base::SetProperty().
In doing so, this change moves the initial property set up from the
kernel command line and property files directly into PropertyInit().
This makes the responsibilities between init and property services
more clear.
Test: boot, unit test cases
Change-Id: I36b8c83e845d887f1b203355c2391ec123c3d05f
Previously, we assumed that TriggerShutdown() should never be called
from vendor_init and used property service as a back up in case it
ever did. We have since then found out that vendor_init may indeed
call TriggerShutdown() and we want to make it just as strict as it is
in init, wherein it will immediately start the shutdown sequence
without executing any further commands.
Test: init unit tests, trigger shuttdown from init and vendor_init
Change-Id: I1f44dae801a28269eb8127879a8b7d6adff6f353
Legacy symlink from /charger to /system/bin/charger is
removed. Instead, all Android R devices are required
to use /system/bin/charger instead.
See hardware/interfaces/health/2.1/README.md for details.
Bug: 142286265
Test: charger mode
Change-Id: Ib478a864ef68647bc9fc14650ca3d382952b80c8
Especially now that property_service is a thread, there may be some
delay between when init sets sys.powerctl and when the main thread of
init receives this and triggers shutdown. It's possible that
outstanding init commands are run during this gap and that is not
desirable.
Instead, have builtins call TriggerShutdown() directly, so we can be
sure that the next action that init runs will be to shutdown the
device.
Test: reboot works
Test: reboot into recovery due to bad /data works
Change-Id: I26fb9f4f57f46c7451b8b58187138cfedd6fd9eb
It wasn't clear to me why init was rebooting until I saw that it was
SIGABRT, which then made me read through earlier log spam to work out
what was actually unhappy (the SELinux compiler, in my case).
Test: worked out why init was rebooting my device
Change-Id: I605d8956213c4c23711073fd4b0ff99562b7f351
This replaces the recently added `exec_reboot_on_failure` builtin, since
it'll be cleaner to extend service definitions than extending `exec`.
This is in line with what we decided when adding `exec_start` instead
of extending `exec` to add parameters for priority.
Test: `exec_start` a service with a reboot_on_failure option and watch
the system reboot appropriately when the service is not found and when
the service terminates with a non-zero exit code.
Change-Id: I332bf9839fa94840d159a810c4a6ba2522189d0b
It's better to pass the error message to the caller to determine how
best to print the error.
Test: build
Change-Id: Id8857c459df2f26c031650166609608d20e4d051
In retrospect, these always should have been header only. We don't
need setgroups() anymore either, since we have the right symbols now.
Test: build
Change-Id: If6fbf6f8ee288ed261576207d90a7ec5674853f9
There's no fundamental reason to store this aside. That property can
only be written by init, so it's not likely that we're going to
corrupt it.
Test: boot and use serial console
Change-Id: I9248fbaf959ea913d09add829d4cb509af99d570
Currently, if init encounters a fatal issues it reboots to fastboot
but this may be not desirable in all cases, especially the case of
critical services crashing. Therefore this change adds the ability
for vendors to customize the reboot target via the
androidboot.init_fatal_reboot_target= kernel command line.
This applies to all LOG(FATAL) messages as well as fatal signals in
userdebug/eng builds, except for signals before logging is enabled in
first stage init.
Bug: 121006328
Test: device reboots to configurable target with LOG(FATAL)
Test: device reboots to configurable target after a segfault in the
various stages of init
Test: device reboots to fastboot without a configured target
Change-Id: I16ea9e32e2fee08dece3d33b697d7a08191d607b
Dump init stacks when aborting either due to LOG(FATAL) or in
userdebug/eng builds due to signals, including signals from
sanitizers.
Doesn't work for static first stage init yet, b/133450393 tracks
that.
Also, ensure that LOG(FATAL) in child processes calls abort() in all
stages of init, not just 2nd stage init.
Bug: 131747478
Test: abort init in various ways and see stacks
Test: hang or crash in backtrace handler and see child reboot
Change-Id: Ib53b5d3e7e814244203f875de016ada9900dfce8
There is a list of 'stable_properties' that vendor_init can use as
property triggers for Treble property compliance. This list came about
since init parses init scripts before all partitions are mounted and
therefore before all property context files are available, such that
init cannot use the normal SELinux mechanisms for determining if a
given property is vendor_init readable.
Currently though, we require all partitions that would contain
property context files to be mounted during first stage mount, so we
can use the normal SELinux mechanisms here, so this change deprecates
the stable_properties list and moves init to use SELinux to determine
if a property can be a trigger.
Bug: 71814576
Test: vendor_init fails to use non-readable properties as a trigger
Test: vendor_init successfully uses readable properties as a trigger
Change-Id: I6a914e8c212a3418cbf4a8a07215056aad2e0162
We're moving past a world where static executables are needed,
including watchdogd, so treat this like any other executable and place
it in /system/bin.
Bug: 73660730
Test: watchdogd still runs
Change-Id: I1f7508fd55dce6e9ee72a6ab7a085011a76c0053
GetIntProperty() isn't used after
Ied46e9346b4ca7931aa4dcf1c9dbc11de0e12d93, so it can be removed.
Test: build
Change-Id: I5736f553db1a615d51b8fe3cbf9b4aee89451076
This commit uses vendor sepolicy file version (defined in
`/vendor/etc/selinux/plat_sepolicy_vers.txt`) to determine whether the
source context should be set as `u:r:vendor_init:s0`.
Before this commit, the criterion was `ro.vndk.version` >= 28. However,
the check in `property_service.cpp` will always be true because
`ro.vndk.version` hasn't been loaded from `/vendor/default.prop`.
Furthermore, under some circumstances, `ro.vndk.version` may be
different from `plat_sepolicy_vers.txt` (e.g. O-MR1 vendor does not
define `ro.vndk.version`).
Bug: 78605339 # high-level bug to combine O-MR1 and P GSI
Bug: 79135481 # the usage of `ro.vndk.version` in init
Test: vts-tradefed run vts -m VtsTrebleVintfTest # tetheroffload
Change-Id: Ied46e9346b4ca7931aa4dcf1c9dbc11de0e12d93
Do not restrict vendor_init restrictions on vendor images that were
built before P, as they will not have the correct permissions.
Bug: 77732028
Test: test new devices and see vendor_init still works
Change-Id: I636a07b54fbfb248e1d1a68a8f3c4d047fd5a9e9
Currently we only report why a property set call has failed but drop
the context of what was trying to set the property. This change
adds information about why a property was trying to be set when it
fails.
It also unifies property_set() within init to go through the same
HandlePropertySet() function as normal processes do, removing unneeded
special cases.
Test: boot bullhead
Test: attempt to set invalid properties and see better error messages
Change-Id: I5cd3a40086fd3b226e9c8a5e3a84cb3b31399c0d
Create a host side parser for init such that init rc files can be
verified for syntax correctness before being used on the device.
Bug: 36970783
Test: run the parser on init files on host
Change-Id: I7e8772e278ebaff727057308596ebacf28b6fdda
Tom Cherry
Yifan Hong
Elliott Hughes
Logan Chien