1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "init.h"
18
19 #include <dirent.h>
20 #include <fcntl.h>
21 #include <paths.h>
22 #include <pthread.h>
23 #include <signal.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <sys/eventfd.h>
27 #include <sys/mount.h>
28 #include <sys/signalfd.h>
29 #include <sys/system_properties.h>
30 #include <sys/types.h>
31 #include <sys/utsname.h>
32 #include <unistd.h>
33
34 #include <filesystem>
35 #include <fstream>
36 #include <functional>
37 #include <iostream>
38 #include <map>
39 #include <memory>
40 #include <mutex>
41 #include <optional>
42 #include <thread>
43 #include <vector>
44
45 #include <android-base/chrono_utils.h>
46 #include <android-base/file.h>
47 #include <android-base/logging.h>
48 #include <android-base/parseint.h>
49 #include <android-base/properties.h>
50 #include <android-base/stringprintf.h>
51 #include <android-base/strings.h>
52 #include <android-base/thread_annotations.h>
53 #include <fs_avb/fs_avb.h>
54 #include <fs_mgr_vendor_overlay.h>
55 #include <libavb/libavb.h>
56 #include <libgsi/libgsi.h>
57 #include <libsnapshot/snapshot.h>
58 #include <logwrap/logwrap.h>
59 #include <processgroup/processgroup.h>
60 #include <processgroup/setup.h>
61 #include <selinux/android.h>
62 #include <unwindstack/AndroidUnwinder.h>
63
64 #include "action.h"
65 #include "action_manager.h"
66 #include "action_parser.h"
67 #include "apex_init_util.h"
68 #include "epoll.h"
69 #include "first_stage_init.h"
70 #include "first_stage_mount.h"
71 #include "import_parser.h"
72 #include "keychords.h"
73 #include "lmkd_service.h"
74 #include "mount_handler.h"
75 #include "mount_namespace.h"
76 #include "property_service.h"
77 #include "proto_utils.h"
78 #include "reboot.h"
79 #include "reboot_utils.h"
80 #include "second_stage_resources.h"
81 #include "security.h"
82 #include "selabel.h"
83 #include "selinux.h"
84 #include "service.h"
85 #include "service_list.h"
86 #include "service_parser.h"
87 #include "sigchld_handler.h"
88 #include "snapuserd_transition.h"
89 #include "subcontext.h"
90 #include "system/core/init/property_service.pb.h"
91 #include "util.h"
92
93 #ifndef RECOVERY
94 #include "com_android_apex.h"
95 #endif // RECOVERY
96
97 using namespace std::chrono_literals;
98 using namespace std::string_literals;
99
100 using android::base::boot_clock;
101 using android::base::ConsumePrefix;
102 using android::base::GetProperty;
103 using android::base::ReadFileToString;
104 using android::base::SetProperty;
105 using android::base::StringPrintf;
106 using android::base::Timer;
107 using android::base::Trim;
108 using android::base::unique_fd;
109 using android::fs_mgr::AvbHandle;
110 using android::snapshot::SnapshotManager;
111
112 namespace android {
113 namespace init {
114
115 static int property_triggers_enabled = 0;
116
117 static int sigterm_fd = -1;
118 static int property_fd = -1;
119
120 struct PendingControlMessage {
121 std::string message;
122 std::string name;
123 pid_t pid;
124 int fd;
125 };
126 static std::mutex pending_control_messages_lock;
127 static std::queue<PendingControlMessage> pending_control_messages;
128
129 // Init epolls various FDs to wait for various inputs. It previously waited on property changes
130 // with a blocking socket that contained the information related to the change, however, it was easy
131 // to fill that socket and deadlock the system. Now we use locks to handle the property changes
132 // directly in the property thread, however we still must wake the epoll to inform init that there
133 // is a change to process, so we use this FD. It is non-blocking, since we do not care how many
134 // times WakeMainInitThread() is called, only that the epoll will wake.
135 static int wake_main_thread_fd = -1;
InstallInitNotifier(Epoll * epoll)136 static void InstallInitNotifier(Epoll* epoll) {
137 wake_main_thread_fd = eventfd(0, EFD_CLOEXEC);
138 if (wake_main_thread_fd == -1) {
139 PLOG(FATAL) << "Failed to create eventfd for waking init";
140 }
141 auto clear_eventfd = [] {
142 uint64_t counter;
143 TEMP_FAILURE_RETRY(read(wake_main_thread_fd, &counter, sizeof(counter)));
144 };
145
146 if (auto result = epoll->RegisterHandler(wake_main_thread_fd, clear_eventfd); !result.ok()) {
147 LOG(FATAL) << result.error();
148 }
149 }
150
WakeMainInitThread()151 static void WakeMainInitThread() {
152 uint64_t counter = 1;
153 TEMP_FAILURE_RETRY(write(wake_main_thread_fd, &counter, sizeof(counter)));
154 }
155
156 static class PropWaiterState {
157 public:
StartWaiting(const char * name,const char * value)158 bool StartWaiting(const char* name, const char* value) {
159 auto lock = std::lock_guard{lock_};
160 if (waiting_for_prop_) {
161 return false;
162 }
163 if (GetProperty(name, "") != value) {
164 // Current property value is not equal to expected value
165 wait_prop_name_ = name;
166 wait_prop_value_ = value;
167 waiting_for_prop_.reset(new Timer());
168 } else {
169 LOG(INFO) << "start_waiting_for_property(\"" << name << "\", \"" << value
170 << "\"): already set";
171 }
172 return true;
173 }
174
ResetWaitForProp()175 void ResetWaitForProp() {
176 auto lock = std::lock_guard{lock_};
177 ResetWaitForPropLocked();
178 }
179
CheckAndResetWait(const std::string & name,const std::string & value)180 void CheckAndResetWait(const std::string& name, const std::string& value) {
181 auto lock = std::lock_guard{lock_};
182 // We always record how long init waited for ueventd to tell us cold boot finished.
183 // If we aren't waiting on this property, it means that ueventd finished before we even
184 // started to wait.
185 if (name == kColdBootDoneProp) {
186 auto time_waited = waiting_for_prop_ ? waiting_for_prop_->duration().count() : 0;
187 std::thread([time_waited] {
188 SetProperty("ro.boottime.init.cold_boot_wait", std::to_string(time_waited));
189 }).detach();
190 }
191
192 if (waiting_for_prop_) {
193 if (wait_prop_name_ == name && wait_prop_value_ == value) {
194 LOG(INFO) << "Wait for property '" << wait_prop_name_ << "=" << wait_prop_value_
195 << "' took " << *waiting_for_prop_;
196 ResetWaitForPropLocked();
197 WakeMainInitThread();
198 }
199 }
200 }
201
202 // This is not thread safe because it releases the lock when it returns, so the waiting state
203 // may change. However, we only use this function to prevent running commands in the main
204 // thread loop when we are waiting, so we do not care about false positives; only false
205 // negatives. StartWaiting() and this function are always called from the same thread, so false
206 // negatives are not possible and therefore we're okay.
MightBeWaiting()207 bool MightBeWaiting() {
208 auto lock = std::lock_guard{lock_};
209 return static_cast<bool>(waiting_for_prop_);
210 }
211
212 private:
ResetWaitForPropLocked()213 void ResetWaitForPropLocked() EXCLUSIVE_LOCKS_REQUIRED(lock_) {
214 wait_prop_name_.clear();
215 wait_prop_value_.clear();
216 waiting_for_prop_.reset();
217 }
218
219 std::mutex lock_;
GUARDED_BY(lock_)220 GUARDED_BY(lock_) std::unique_ptr<Timer> waiting_for_prop_{nullptr};
221 GUARDED_BY(lock_) std::string wait_prop_name_;
222 GUARDED_BY(lock_) std::string wait_prop_value_;
223
224 } prop_waiter_state;
225
start_waiting_for_property(const char * name,const char * value)226 bool start_waiting_for_property(const char* name, const char* value) {
227 return prop_waiter_state.StartWaiting(name, value);
228 }
229
ResetWaitForProp()230 void ResetWaitForProp() {
231 prop_waiter_state.ResetWaitForProp();
232 }
233
234 static class ShutdownState {
235 public:
TriggerShutdown(const std::string & command)236 void TriggerShutdown(const std::string& command) {
237 // We can't call HandlePowerctlMessage() directly in this function,
238 // because it modifies the contents of the action queue, which can cause the action queue
239 // to get into a bad state if this function is called from a command being executed by the
240 // action queue. Instead we set this flag and ensure that shutdown happens before the next
241 // command is run in the main init loop.
242 auto lock = std::lock_guard{shutdown_command_lock_};
243 shutdown_command_ = command;
244 do_shutdown_ = true;
245 WakeMainInitThread();
246 }
247
CheckShutdown()248 std::optional<std::string> CheckShutdown() __attribute__((warn_unused_result)) {
249 auto lock = std::lock_guard{shutdown_command_lock_};
250 if (do_shutdown_ && !IsShuttingDown()) {
251 do_shutdown_ = false;
252 return shutdown_command_;
253 }
254 return {};
255 }
256
257 private:
258 std::mutex shutdown_command_lock_;
259 std::string shutdown_command_ GUARDED_BY(shutdown_command_lock_);
260 bool do_shutdown_ = false;
261 } shutdown_state;
262
DumpState()263 void DumpState() {
264 ServiceList::GetInstance().DumpState();
265 ActionManager::GetInstance().DumpState();
266 }
267
CreateParser(ActionManager & action_manager,ServiceList & service_list)268 Parser CreateParser(ActionManager& action_manager, ServiceList& service_list) {
269 Parser parser;
270
271 parser.AddSectionParser("service",
272 std::make_unique<ServiceParser>(&service_list, GetSubcontext()));
273 parser.AddSectionParser("on", std::make_unique<ActionParser>(&action_manager, GetSubcontext()));
274 parser.AddSectionParser("import", std::make_unique<ImportParser>(&parser));
275
276 return parser;
277 }
278
279 #ifndef RECOVERY
280 template <typename T>
281 struct LibXmlErrorHandler {
282 T handler_;
283 template <typename Handler>
LibXmlErrorHandlerandroid::init::LibXmlErrorHandler284 LibXmlErrorHandler(Handler&& handler) : handler_(std::move(handler)) {
285 xmlSetGenericErrorFunc(nullptr, &ErrorHandler);
286 }
~LibXmlErrorHandlerandroid::init::LibXmlErrorHandler287 ~LibXmlErrorHandler() { xmlSetGenericErrorFunc(nullptr, nullptr); }
ErrorHandlerandroid::init::LibXmlErrorHandler288 static void ErrorHandler(void*, const char* msg, ...) {
289 va_list args;
290 va_start(args, msg);
291 char* formatted;
292 if (vasprintf(&formatted, msg, args) >= 0) {
293 LOG(ERROR) << formatted;
294 }
295 free(formatted);
296 va_end(args);
297 }
298 };
299
300 template <typename Handler>
301 LibXmlErrorHandler(Handler&&) -> LibXmlErrorHandler<Handler>;
302 #endif // RECOVERY
303
304 // Returns a Parser that accepts scripts from APEX modules. It supports `service` and `on`.
CreateApexConfigParser(ActionManager & action_manager,ServiceList & service_list)305 Parser CreateApexConfigParser(ActionManager& action_manager, ServiceList& service_list) {
306 Parser parser;
307 auto subcontext = GetSubcontext();
308 #ifndef RECOVERY
309 if (subcontext) {
310 const auto apex_info_list_file = "/apex/apex-info-list.xml";
311 auto error_handler = LibXmlErrorHandler([&](const auto& error_message) {
312 LOG(ERROR) << "Failed to read " << apex_info_list_file << ":" << error_message;
313 });
314 const auto apex_info_list = com::android::apex::readApexInfoList(apex_info_list_file);
315 if (apex_info_list.has_value()) {
316 std::vector<std::string> subcontext_apexes;
317 for (const auto& info : apex_info_list->getApexInfo()) {
318 if (subcontext->PartitionMatchesSubcontext(info.getPartition())) {
319 subcontext_apexes.push_back(info.getModuleName());
320 }
321 }
322 subcontext->SetApexList(std::move(subcontext_apexes));
323 }
324 }
325 #endif // RECOVERY
326 parser.AddSectionParser("service", std::make_unique<ServiceParser>(&service_list, subcontext));
327 parser.AddSectionParser("on", std::make_unique<ActionParser>(&action_manager, subcontext));
328
329 return parser;
330 }
331
LoadBootScripts(ActionManager & action_manager,ServiceList & service_list)332 static void LoadBootScripts(ActionManager& action_manager, ServiceList& service_list) {
333 Parser parser = CreateParser(action_manager, service_list);
334
335 std::string bootscript = GetProperty("ro.boot.init_rc", "");
336 if (bootscript.empty()) {
337 parser.ParseConfig("/system/etc/init/hw/init.rc");
338 if (!parser.ParseConfig("/system/etc/init")) {
339 late_import_paths.emplace_back("/system/etc/init");
340 }
341 // late_import is available only in Q and earlier release. As we don't
342 // have system_ext in those versions, skip late_import for system_ext.
343 parser.ParseConfig("/system_ext/etc/init");
344 if (!parser.ParseConfig("/vendor/etc/init")) {
345 late_import_paths.emplace_back("/vendor/etc/init");
346 }
347 if (!parser.ParseConfig("/odm/etc/init")) {
348 late_import_paths.emplace_back("/odm/etc/init");
349 }
350 if (!parser.ParseConfig("/product/etc/init")) {
351 late_import_paths.emplace_back("/product/etc/init");
352 }
353 } else {
354 parser.ParseConfig(bootscript);
355 }
356 }
357
PropertyChanged(const std::string & name,const std::string & value)358 void PropertyChanged(const std::string& name, const std::string& value) {
359 // If the property is sys.powerctl, we bypass the event queue and immediately handle it.
360 // This is to ensure that init will always and immediately shutdown/reboot, regardless of
361 // if there are other pending events to process or if init is waiting on an exec service or
362 // waiting on a property.
363 // In non-thermal-shutdown case, 'shutdown' trigger will be fired to let device specific
364 // commands to be executed.
365 if (name == "sys.powerctl") {
366 trigger_shutdown(value);
367 }
368
369 if (property_triggers_enabled) {
370 ActionManager::GetInstance().QueuePropertyChange(name, value);
371 WakeMainInitThread();
372 }
373
374 prop_waiter_state.CheckAndResetWait(name, value);
375 }
376
HandleProcessActions()377 static std::optional<boot_clock::time_point> HandleProcessActions() {
378 std::optional<boot_clock::time_point> next_process_action_time;
379 for (const auto& s : ServiceList::GetInstance()) {
380 if ((s->flags() & SVC_RUNNING) && s->timeout_period()) {
381 auto timeout_time = s->time_started() + *s->timeout_period();
382 if (boot_clock::now() > timeout_time) {
383 s->Timeout();
384 } else {
385 if (!next_process_action_time || timeout_time < *next_process_action_time) {
386 next_process_action_time = timeout_time;
387 }
388 }
389 }
390
391 if (!(s->flags() & SVC_RESTARTING)) continue;
392
393 auto restart_time = s->time_started() + s->restart_period();
394 if (boot_clock::now() > restart_time) {
395 if (auto result = s->Start(); !result.ok()) {
396 LOG(ERROR) << "Could not restart process '" << s->name() << "': " << result.error();
397 }
398 } else {
399 if (!next_process_action_time || restart_time < *next_process_action_time) {
400 next_process_action_time = restart_time;
401 }
402 }
403 }
404 return next_process_action_time;
405 }
406
DoControlStart(Service * service)407 static Result<void> DoControlStart(Service* service) {
408 return service->Start();
409 }
410
DoControlStop(Service * service)411 static Result<void> DoControlStop(Service* service) {
412 service->Stop();
413 return {};
414 }
415
DoControlRestart(Service * service)416 static Result<void> DoControlRestart(Service* service) {
417 service->Restart();
418 return {};
419 }
420
StopServicesFromApex(const std::string & apex_name)421 int StopServicesFromApex(const std::string& apex_name) {
422 auto services = ServiceList::GetInstance().FindServicesByApexName(apex_name);
423 if (services.empty()) {
424 LOG(INFO) << "No service found for APEX: " << apex_name;
425 return 0;
426 }
427 std::set<std::string> service_names;
428 for (const auto& service : services) {
429 service_names.emplace(service->name());
430 }
431 constexpr std::chrono::milliseconds kServiceStopTimeout = 10s;
432 int still_running = StopServicesAndLogViolations(service_names, kServiceStopTimeout,
433 true /*SIGTERM*/);
434 // Send SIGKILL to ones that didn't terminate cleanly.
435 if (still_running > 0) {
436 still_running = StopServicesAndLogViolations(service_names, 0ms, false /*SIGKILL*/);
437 }
438 return still_running;
439 }
440
RemoveServiceAndActionFromApex(const std::string & apex_name)441 void RemoveServiceAndActionFromApex(const std::string& apex_name) {
442 // Remove services and actions that match apex name
443 ActionManager::GetInstance().RemoveActionIf([&](const std::unique_ptr<Action>& action) -> bool {
444 if (GetApexNameFromFileName(action->filename()) == apex_name) {
445 return true;
446 }
447 return false;
448 });
449 ServiceList::GetInstance().RemoveServiceIf([&](const std::unique_ptr<Service>& s) -> bool {
450 if (GetApexNameFromFileName(s->filename()) == apex_name) {
451 return true;
452 }
453 return false;
454 });
455 }
456
DoUnloadApex(const std::string & apex_name)457 static Result<void> DoUnloadApex(const std::string& apex_name) {
458 if (StopServicesFromApex(apex_name) > 0) {
459 return Error() << "Unable to stop all service from " << apex_name;
460 }
461 RemoveServiceAndActionFromApex(apex_name);
462 return {};
463 }
464
UpdateApexLinkerConfig(const std::string & apex_name)465 static Result<void> UpdateApexLinkerConfig(const std::string& apex_name) {
466 // Do not invoke linkerconfig when there's no bin/ in the apex.
467 const std::string bin_path = "/apex/" + apex_name + "/bin";
468 if (access(bin_path.c_str(), R_OK) != 0) {
469 return {};
470 }
471 const char* linkerconfig_binary = "/apex/com.android.runtime/bin/linkerconfig";
472 const char* linkerconfig_target = "/linkerconfig";
473 const char* arguments[] = {linkerconfig_binary, "--target", linkerconfig_target, "--apex",
474 apex_name.c_str(), "--strict"};
475
476 if (logwrap_fork_execvp(arraysize(arguments), arguments, nullptr, false, LOG_KLOG, false,
477 nullptr) != 0) {
478 return ErrnoError() << "failed to execute linkerconfig";
479 }
480 LOG(INFO) << "Generated linker configuration for " << apex_name;
481 return {};
482 }
483
DoLoadApex(const std::string & apex_name)484 static Result<void> DoLoadApex(const std::string& apex_name) {
485 if (auto result = ParseRcScriptsFromApex(apex_name); !result.ok()) {
486 return result.error();
487 }
488
489 if (auto result = UpdateApexLinkerConfig(apex_name); !result.ok()) {
490 return result.error();
491 }
492
493 return {};
494 }
495
496 enum class ControlTarget {
497 SERVICE, // function gets called for the named service
498 INTERFACE, // action gets called for every service that holds this interface
499 };
500
501 using ControlMessageFunction = std::function<Result<void>(Service*)>;
502
GetControlMessageMap()503 static const std::map<std::string, ControlMessageFunction, std::less<>>& GetControlMessageMap() {
504 // clang-format off
505 static const std::map<std::string, ControlMessageFunction, std::less<>> control_message_functions = {
506 {"sigstop_on", [](auto* service) { service->set_sigstop(true); return Result<void>{}; }},
507 {"sigstop_off", [](auto* service) { service->set_sigstop(false); return Result<void>{}; }},
508 {"oneshot_on", [](auto* service) { service->set_oneshot(true); return Result<void>{}; }},
509 {"oneshot_off", [](auto* service) { service->set_oneshot(false); return Result<void>{}; }},
510 {"start", DoControlStart},
511 {"stop", DoControlStop},
512 {"restart", DoControlRestart},
513 };
514 // clang-format on
515
516 return control_message_functions;
517 }
518
HandleApexControlMessage(std::string_view action,const std::string & name,std::string_view message)519 static Result<void> HandleApexControlMessage(std::string_view action, const std::string& name,
520 std::string_view message) {
521 if (action == "load") {
522 return DoLoadApex(name);
523 } else if (action == "unload") {
524 return DoUnloadApex(name);
525 } else {
526 return Error() << "Unknown control msg '" << message << "'";
527 }
528 }
529
HandleControlMessage(std::string_view message,const std::string & name,pid_t from_pid)530 static bool HandleControlMessage(std::string_view message, const std::string& name,
531 pid_t from_pid) {
532 std::string cmdline_path = StringPrintf("proc/%d/cmdline", from_pid);
533 std::string process_cmdline;
534 if (ReadFileToString(cmdline_path, &process_cmdline)) {
535 std::replace(process_cmdline.begin(), process_cmdline.end(), '\0', ' ');
536 process_cmdline = Trim(process_cmdline);
537 } else {
538 process_cmdline = "unknown process";
539 }
540
541 auto action = message;
542 if (ConsumePrefix(&action, "apex_")) {
543 if (auto result = HandleApexControlMessage(action, name, message); !result.ok()) {
544 LOG(ERROR) << "Control message: Could not ctl." << message << " for '" << name
545 << "' from pid: " << from_pid << " (" << process_cmdline
546 << "): " << result.error();
547 return false;
548 }
549 LOG(INFO) << "Control message: Processed ctl." << message << " for '" << name
550 << "' from pid: " << from_pid << " (" << process_cmdline << ")";
551 return true;
552 }
553
554 Service* service = nullptr;
555 if (ConsumePrefix(&action, "interface_")) {
556 service = ServiceList::GetInstance().FindInterface(name);
557 } else {
558 service = ServiceList::GetInstance().FindService(name);
559 }
560
561 if (service == nullptr) {
562 LOG(ERROR) << "Control message: Could not find '" << name << "' for ctl." << message
563 << " from pid: " << from_pid << " (" << process_cmdline << ")";
564 return false;
565 }
566
567 const auto& map = GetControlMessageMap();
568 const auto it = map.find(action);
569 if (it == map.end()) {
570 LOG(ERROR) << "Unknown control msg '" << message << "'";
571 return false;
572 }
573 const auto& function = it->second;
574
575 if (auto result = function(service); !result.ok()) {
576 LOG(ERROR) << "Control message: Could not ctl." << message << " for '" << name
577 << "' from pid: " << from_pid << " (" << process_cmdline
578 << "): " << result.error();
579 return false;
580 }
581
582 LOG(INFO) << "Control message: Processed ctl." << message << " for '" << name
583 << "' from pid: " << from_pid << " (" << process_cmdline << ")";
584 return true;
585 }
586
QueueControlMessage(const std::string & message,const std::string & name,pid_t pid,int fd)587 bool QueueControlMessage(const std::string& message, const std::string& name, pid_t pid, int fd) {
588 auto lock = std::lock_guard{pending_control_messages_lock};
589 if (pending_control_messages.size() > 100) {
590 LOG(ERROR) << "Too many pending control messages, dropped '" << message << "' for '" << name
591 << "' from pid: " << pid;
592 return false;
593 }
594 pending_control_messages.push({message, name, pid, fd});
595 WakeMainInitThread();
596 return true;
597 }
598
HandleControlMessages()599 static void HandleControlMessages() {
600 auto lock = std::unique_lock{pending_control_messages_lock};
601 // Init historically would only execute handle one property message, including control messages
602 // in each iteration of its main loop. We retain this behavior here to prevent starvation of
603 // other actions in the main loop.
604 if (!pending_control_messages.empty()) {
605 auto control_message = pending_control_messages.front();
606 pending_control_messages.pop();
607 lock.unlock();
608
609 bool success = HandleControlMessage(control_message.message, control_message.name,
610 control_message.pid);
611
612 uint32_t response = success ? PROP_SUCCESS : PROP_ERROR_HANDLE_CONTROL_MESSAGE;
613 if (control_message.fd != -1) {
614 TEMP_FAILURE_RETRY(send(control_message.fd, &response, sizeof(response), 0));
615 close(control_message.fd);
616 }
617 lock.lock();
618 }
619 // If we still have items to process, make sure we wake back up to do so.
620 if (!pending_control_messages.empty()) {
621 WakeMainInitThread();
622 }
623 }
624
wait_for_coldboot_done_action(const BuiltinArguments & args)625 static Result<void> wait_for_coldboot_done_action(const BuiltinArguments& args) {
626 if (!prop_waiter_state.StartWaiting(kColdBootDoneProp, "true")) {
627 LOG(FATAL) << "Could not wait for '" << kColdBootDoneProp << "'";
628 }
629
630 return {};
631 }
632
SetupCgroupsAction(const BuiltinArguments &)633 static Result<void> SetupCgroupsAction(const BuiltinArguments&) {
634 if (!CgroupsAvailable()) {
635 LOG(INFO) << "Cgroups support in kernel is not enabled";
636 return {};
637 }
638 if (!CgroupSetup()) {
639 return ErrnoError() << "Failed to setup cgroups";
640 }
641
642 return {};
643 }
644
export_oem_lock_status()645 static void export_oem_lock_status() {
646 if (!android::base::GetBoolProperty("ro.oem_unlock_supported", false)) {
647 return;
648 }
649 SetProperty(
650 "ro.boot.flash.locked",
651 android::base::GetProperty("ro.boot.verifiedbootstate", "") == "orange" ? "0" : "1");
652 }
653
property_enable_triggers_action(const BuiltinArguments & args)654 static Result<void> property_enable_triggers_action(const BuiltinArguments& args) {
655 /* Enable property triggers. */
656 property_triggers_enabled = 1;
657 return {};
658 }
659
queue_property_triggers_action(const BuiltinArguments & args)660 static Result<void> queue_property_triggers_action(const BuiltinArguments& args) {
661 ActionManager::GetInstance().QueueBuiltinAction(property_enable_triggers_action, "enable_property_trigger");
662 ActionManager::GetInstance().QueueAllPropertyActions();
663 return {};
664 }
665
666 // Set the UDC controller for the ConfigFS USB Gadgets.
667 // Read the UDC controller in use from "/sys/class/udc".
668 // In case of multiple UDC controllers select the first one.
SetUsbController()669 static void SetUsbController() {
670 static auto controller_set = false;
671 if (controller_set) return;
672 std::unique_ptr<DIR, decltype(&closedir)>dir(opendir("/sys/class/udc"), closedir);
673 if (!dir) return;
674
675 dirent* dp;
676 while ((dp = readdir(dir.get())) != nullptr) {
677 if (dp->d_name[0] == '.') continue;
678
679 SetProperty("sys.usb.controller", dp->d_name);
680 controller_set = true;
681 break;
682 }
683 }
684
685 /// Set ro.kernel.version property to contain the major.minor pair as returned
686 /// by uname(2).
SetKernelVersion()687 static void SetKernelVersion() {
688 struct utsname uts;
689 unsigned int major, minor;
690
691 if ((uname(&uts) != 0) || (sscanf(uts.release, "%u.%u", &major, &minor) != 2)) {
692 LOG(ERROR) << "Could not parse the kernel version from uname";
693 return;
694 }
695 SetProperty("ro.kernel.version", android::base::StringPrintf("%u.%u", major, minor));
696 }
697
HandleSigtermSignal(const signalfd_siginfo & siginfo)698 static void HandleSigtermSignal(const signalfd_siginfo& siginfo) {
699 if (siginfo.ssi_pid != 0) {
700 // Drop any userspace SIGTERM requests.
701 LOG(DEBUG) << "Ignoring SIGTERM from pid " << siginfo.ssi_pid;
702 return;
703 }
704
705 HandlePowerctlMessage("shutdown,container");
706 }
707
HandleSignalFd(int signal)708 static void HandleSignalFd(int signal) {
709 signalfd_siginfo siginfo;
710 const int signal_fd = signal == SIGCHLD ? Service::GetSigchldFd() : sigterm_fd;
711 ssize_t bytes_read = TEMP_FAILURE_RETRY(read(signal_fd, &siginfo, sizeof(siginfo)));
712 if (bytes_read != sizeof(siginfo)) {
713 PLOG(ERROR) << "Failed to read siginfo from signal_fd";
714 return;
715 }
716
717 switch (siginfo.ssi_signo) {
718 case SIGCHLD:
719 ReapAnyOutstandingChildren();
720 break;
721 case SIGTERM:
722 HandleSigtermSignal(siginfo);
723 break;
724 default:
725 LOG(ERROR) << "signal_fd: received unexpected signal " << siginfo.ssi_signo;
726 break;
727 }
728 }
729
UnblockSignals()730 static void UnblockSignals() {
731 const struct sigaction act { .sa_handler = SIG_DFL };
732 sigaction(SIGCHLD, &act, nullptr);
733
734 sigset_t mask;
735 sigemptyset(&mask);
736 sigaddset(&mask, SIGCHLD);
737 sigaddset(&mask, SIGTERM);
738
739 if (sigprocmask(SIG_UNBLOCK, &mask, nullptr) == -1) {
740 PLOG(FATAL) << "failed to unblock signals for PID " << getpid();
741 }
742 }
743
RegisterSignalFd(Epoll * epoll,int signal,int fd)744 static Result<void> RegisterSignalFd(Epoll* epoll, int signal, int fd) {
745 return epoll->RegisterHandler(
746 fd, [signal]() { HandleSignalFd(signal); }, EPOLLIN | EPOLLPRI);
747 }
748
CreateAndRegisterSignalFd(Epoll * epoll,int signal)749 static Result<int> CreateAndRegisterSignalFd(Epoll* epoll, int signal) {
750 sigset_t mask;
751 sigemptyset(&mask);
752 sigaddset(&mask, signal);
753 if (sigprocmask(SIG_BLOCK, &mask, nullptr) == -1) {
754 return ErrnoError() << "failed to block signal " << signal;
755 }
756
757 unique_fd signal_fd(signalfd(-1, &mask, SFD_CLOEXEC));
758 if (signal_fd.get() < 0) {
759 return ErrnoError() << "failed to create signalfd for signal " << signal;
760 }
761 OR_RETURN(RegisterSignalFd(epoll, signal, signal_fd.get()));
762
763 return signal_fd.release();
764 }
765
InstallSignalFdHandler(Epoll * epoll)766 static void InstallSignalFdHandler(Epoll* epoll) {
767 // Applying SA_NOCLDSTOP to a defaulted SIGCHLD handler prevents the signalfd from receiving
768 // SIGCHLD when a child process stops or continues (b/77867680#comment9).
769 const struct sigaction act { .sa_flags = SA_NOCLDSTOP, .sa_handler = SIG_DFL };
770 sigaction(SIGCHLD, &act, nullptr);
771
772 // Register a handler to unblock signals in the child processes.
773 const int result = pthread_atfork(nullptr, nullptr, &UnblockSignals);
774 if (result != 0) {
775 LOG(FATAL) << "Failed to register a fork handler: " << strerror(result);
776 }
777
778 Result<void> cs_result = RegisterSignalFd(epoll, SIGCHLD, Service::GetSigchldFd());
779 if (!cs_result.ok()) {
780 PLOG(FATAL) << cs_result.error();
781 }
782
783 if (!IsRebootCapable()) {
784 Result<int> cs_result = CreateAndRegisterSignalFd(epoll, SIGTERM);
785 if (!cs_result.ok()) {
786 PLOG(FATAL) << cs_result.error();
787 }
788 sigterm_fd = cs_result.value();
789 }
790 }
791
HandleKeychord(const std::vector<int> & keycodes)792 void HandleKeychord(const std::vector<int>& keycodes) {
793 // Only handle keychords if adb is enabled.
794 std::string adb_enabled = android::base::GetProperty("init.svc.adbd", "");
795 if (adb_enabled != "running") {
796 LOG(WARNING) << "Not starting service for keychord " << android::base::Join(keycodes, ' ')
797 << " because ADB is disabled";
798 return;
799 }
800
801 auto found = false;
802 for (const auto& service : ServiceList::GetInstance()) {
803 auto svc = service.get();
804 if (svc->keycodes() == keycodes) {
805 found = true;
806 LOG(INFO) << "Starting service '" << svc->name() << "' from keychord "
807 << android::base::Join(keycodes, ' ');
808 if (auto result = svc->Start(); !result.ok()) {
809 LOG(ERROR) << "Could not start service '" << svc->name() << "' from keychord "
810 << android::base::Join(keycodes, ' ') << ": " << result.error();
811 }
812 }
813 }
814 if (!found) {
815 LOG(ERROR) << "Service for keychord " << android::base::Join(keycodes, ' ') << " not found";
816 }
817 }
818
UmountDebugRamdisk()819 static void UmountDebugRamdisk() {
820 if (umount("/debug_ramdisk") != 0) {
821 PLOG(ERROR) << "Failed to umount /debug_ramdisk";
822 }
823 }
824
UmountSecondStageRes()825 static void UmountSecondStageRes() {
826 if (umount(kSecondStageRes) != 0) {
827 PLOG(ERROR) << "Failed to umount " << kSecondStageRes;
828 }
829 }
830
MountExtraFilesystems()831 static void MountExtraFilesystems() {
832 #define CHECKCALL(x) \
833 if ((x) != 0) PLOG(FATAL) << #x " failed.";
834
835 // /apex is used to mount APEXes
836 CHECKCALL(mount("tmpfs", "/apex", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
837 "mode=0755,uid=0,gid=0"));
838
839 if (NeedsTwoMountNamespaces()) {
840 // /bootstrap-apex is used to mount "bootstrap" APEXes.
841 CHECKCALL(mount("tmpfs", "/bootstrap-apex", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
842 "mode=0755,uid=0,gid=0"));
843 }
844
845 // /linkerconfig is used to keep generated linker configuration
846 CHECKCALL(mount("tmpfs", "/linkerconfig", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
847 "mode=0755,uid=0,gid=0"));
848 #undef CHECKCALL
849 }
850
RecordStageBoottimes(const boot_clock::time_point & second_stage_start_time)851 static void RecordStageBoottimes(const boot_clock::time_point& second_stage_start_time) {
852 int64_t first_stage_start_time_ns = -1;
853 if (auto first_stage_start_time_str = getenv(kEnvFirstStageStartedAt);
854 first_stage_start_time_str) {
855 SetProperty("ro.boottime.init", first_stage_start_time_str);
856 android::base::ParseInt(first_stage_start_time_str, &first_stage_start_time_ns);
857 }
858 unsetenv(kEnvFirstStageStartedAt);
859
860 int64_t selinux_start_time_ns = -1;
861 if (auto selinux_start_time_str = getenv(kEnvSelinuxStartedAt); selinux_start_time_str) {
862 android::base::ParseInt(selinux_start_time_str, &selinux_start_time_ns);
863 }
864 unsetenv(kEnvSelinuxStartedAt);
865
866 if (selinux_start_time_ns == -1) return;
867 if (first_stage_start_time_ns == -1) return;
868
869 SetProperty("ro.boottime.init.first_stage",
870 std::to_string(selinux_start_time_ns - first_stage_start_time_ns));
871 SetProperty("ro.boottime.init.selinux",
872 std::to_string(second_stage_start_time.time_since_epoch().count() -
873 selinux_start_time_ns));
874 if (auto init_module_time_str = getenv(kEnvInitModuleDurationMs); init_module_time_str) {
875 SetProperty("ro.boottime.init.modules", init_module_time_str);
876 unsetenv(kEnvInitModuleDurationMs);
877 }
878 }
879
SendLoadPersistentPropertiesMessage()880 void SendLoadPersistentPropertiesMessage() {
881 auto init_message = InitMessage{};
882 init_message.set_load_persistent_properties(true);
883 if (auto result = SendMessage(property_fd, init_message); !result.ok()) {
884 LOG(ERROR) << "Failed to send load persistent properties message: " << result.error();
885 }
886 }
887
ConnectEarlyStageSnapuserdAction(const BuiltinArguments & args)888 static Result<void> ConnectEarlyStageSnapuserdAction(const BuiltinArguments& args) {
889 auto pid = GetSnapuserdFirstStagePid();
890 if (!pid) {
891 return {};
892 }
893
894 auto info = GetSnapuserdFirstStageInfo();
895 if (auto iter = std::find(info.begin(), info.end(), "socket"s); iter == info.end()) {
896 // snapuserd does not support socket handoff, so exit early.
897 return {};
898 }
899
900 // Socket handoff is supported.
901 auto svc = ServiceList::GetInstance().FindService("snapuserd");
902 if (!svc) {
903 LOG(FATAL) << "Failed to find snapuserd service entry";
904 }
905
906 svc->SetShutdownCritical();
907 svc->SetStartedInFirstStage(*pid);
908
909 svc = ServiceList::GetInstance().FindService("snapuserd_proxy");
910 if (!svc) {
911 LOG(FATAL) << "Failed find snapuserd_proxy service entry, merge will never initiate";
912 }
913 if (!svc->MarkSocketPersistent("snapuserd")) {
914 LOG(FATAL) << "Could not find snapuserd socket in snapuserd_proxy service entry";
915 }
916 if (auto result = svc->Start(); !result.ok()) {
917 LOG(FATAL) << "Could not start snapuserd_proxy: " << result.error();
918 }
919 return {};
920 }
921
SecondStageMain(int argc,char ** argv)922 int SecondStageMain(int argc, char** argv) {
923 if (REBOOT_BOOTLOADER_ON_PANIC) {
924 InstallRebootSignalHandlers();
925 }
926
927 // No threads should be spin up until signalfd
928 // is registered. If the threads are indeed required,
929 // each of these threads _should_ make sure SIGCHLD signal
930 // is blocked. See b/223076262
931 boot_clock::time_point start_time = boot_clock::now();
932
933 trigger_shutdown = [](const std::string& command) { shutdown_state.TriggerShutdown(command); };
934
935 SetStdioToDevNull(argv);
936 InitKernelLogging(argv);
937 LOG(INFO) << "init second stage started!";
938
939 SelinuxSetupKernelLogging();
940
941 // Update $PATH in the case the second stage init is newer than first stage init, where it is
942 // first set.
943 if (setenv("PATH", _PATH_DEFPATH, 1) != 0) {
944 PLOG(FATAL) << "Could not set $PATH to '" << _PATH_DEFPATH << "' in second stage";
945 }
946
947 // Init should not crash because of a dependence on any other process, therefore we ignore
948 // SIGPIPE and handle EPIPE at the call site directly. Note that setting a signal to SIG_IGN
949 // is inherited across exec, but custom signal handlers are not. Since we do not want to
950 // ignore SIGPIPE for child processes, we set a no-op function for the signal handler instead.
951 {
952 struct sigaction action = {.sa_flags = SA_RESTART};
953 action.sa_handler = [](int) {};
954 sigaction(SIGPIPE, &action, nullptr);
955 }
956
957 // Set init and its forked children's oom_adj.
958 if (auto result =
959 WriteFile("/proc/1/oom_score_adj", StringPrintf("%d", DEFAULT_OOM_SCORE_ADJUST));
960 !result.ok()) {
961 LOG(ERROR) << "Unable to write " << DEFAULT_OOM_SCORE_ADJUST
962 << " to /proc/1/oom_score_adj: " << result.error();
963 }
964
965 // Indicate that booting is in progress to background fw loaders, etc.
966 close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000));
967
968 // See if need to load debug props to allow adb root, when the device is unlocked.
969 const char* force_debuggable_env = getenv("INIT_FORCE_DEBUGGABLE");
970 bool load_debug_prop = false;
971 if (force_debuggable_env && AvbHandle::IsDeviceUnlocked()) {
972 load_debug_prop = "true"s == force_debuggable_env;
973 }
974 unsetenv("INIT_FORCE_DEBUGGABLE");
975
976 // Umount the debug ramdisk so property service doesn't read .prop files from there, when it
977 // is not meant to.
978 if (!load_debug_prop) {
979 UmountDebugRamdisk();
980 }
981
982 PropertyInit();
983
984 // Umount second stage resources after property service has read the .prop files.
985 UmountSecondStageRes();
986
987 // Umount the debug ramdisk after property service has read the .prop files when it means to.
988 if (load_debug_prop) {
989 UmountDebugRamdisk();
990 }
991
992 // Mount extra filesystems required during second stage init
993 MountExtraFilesystems();
994
995 // Now set up SELinux for second stage.
996 SelabelInitialize();
997 SelinuxRestoreContext();
998
999 Epoll epoll;
1000 if (auto result = epoll.Open(); !result.ok()) {
1001 PLOG(FATAL) << result.error();
1002 }
1003
1004 // We always reap children before responding to the other pending functions. This is to
1005 // prevent a race where other daemons see that a service has exited and ask init to
1006 // start it again via ctl.start before init has reaped it.
1007 epoll.SetFirstCallback(ReapAnyOutstandingChildren);
1008
1009 InstallSignalFdHandler(&epoll);
1010 InstallInitNotifier(&epoll);
1011 StartPropertyService(&property_fd);
1012
1013 // Make the time that init stages started available for bootstat to log.
1014 RecordStageBoottimes(start_time);
1015
1016 // Set libavb version for Framework-only OTA match in Treble build.
1017 if (const char* avb_version = getenv("INIT_AVB_VERSION"); avb_version != nullptr) {
1018 SetProperty("ro.boot.avb_version", avb_version);
1019 }
1020 unsetenv("INIT_AVB_VERSION");
1021
1022 fs_mgr_vendor_overlay_mount_all();
1023 export_oem_lock_status();
1024 MountHandler mount_handler(&epoll);
1025 SetUsbController();
1026 SetKernelVersion();
1027
1028 const BuiltinFunctionMap& function_map = GetBuiltinFunctionMap();
1029 Action::set_function_map(&function_map);
1030
1031 if (!SetupMountNamespaces()) {
1032 PLOG(FATAL) << "SetupMountNamespaces failed";
1033 }
1034
1035 InitializeSubcontext();
1036
1037 ActionManager& am = ActionManager::GetInstance();
1038 ServiceList& sm = ServiceList::GetInstance();
1039
1040 LoadBootScripts(am, sm);
1041
1042 // Turning this on and letting the INFO logging be discarded adds 0.2s to
1043 // Nexus 9 boot time, so it's disabled by default.
1044 if (false) DumpState();
1045
1046 // Make the GSI status available before scripts start running.
1047 auto is_running = android::gsi::IsGsiRunning() ? "1" : "0";
1048 SetProperty(gsi::kGsiBootedProp, is_running);
1049 auto is_installed = android::gsi::IsGsiInstalled() ? "1" : "0";
1050 SetProperty(gsi::kGsiInstalledProp, is_installed);
1051 if (android::gsi::IsGsiRunning()) {
1052 std::string dsu_slot;
1053 if (android::gsi::GetActiveDsu(&dsu_slot)) {
1054 SetProperty(gsi::kDsuSlotProp, dsu_slot);
1055 }
1056 }
1057
1058 am.QueueBuiltinAction(SetupCgroupsAction, "SetupCgroups");
1059 am.QueueBuiltinAction(SetKptrRestrictAction, "SetKptrRestrict");
1060 am.QueueBuiltinAction(TestPerfEventSelinuxAction, "TestPerfEventSelinux");
1061 am.QueueEventTrigger("early-init");
1062 am.QueueBuiltinAction(ConnectEarlyStageSnapuserdAction, "ConnectEarlyStageSnapuserd");
1063
1064 // Queue an action that waits for coldboot done so we know ueventd has set up all of /dev...
1065 am.QueueBuiltinAction(wait_for_coldboot_done_action, "wait_for_coldboot_done");
1066 // ... so that we can start queuing up actions that require stuff from /dev.
1067 am.QueueBuiltinAction(SetMmapRndBitsAction, "SetMmapRndBits");
1068 Keychords keychords;
1069 am.QueueBuiltinAction(
1070 [&epoll, &keychords](const BuiltinArguments& args) -> Result<void> {
1071 for (const auto& svc : ServiceList::GetInstance()) {
1072 keychords.Register(svc->keycodes());
1073 }
1074 keychords.Start(&epoll, HandleKeychord);
1075 return {};
1076 },
1077 "KeychordInit");
1078
1079 // Trigger all the boot actions to get us started.
1080 am.QueueEventTrigger("init");
1081
1082 // Don't mount filesystems or start core system services in charger mode.
1083 std::string bootmode = GetProperty("ro.bootmode", "");
1084 if (bootmode == "charger") {
1085 am.QueueEventTrigger("charger");
1086 } else {
1087 am.QueueEventTrigger("late-init");
1088 }
1089
1090 // Run all property triggers based on current state of the properties.
1091 am.QueueBuiltinAction(queue_property_triggers_action, "queue_property_triggers");
1092
1093 // Restore prio before main loop
1094 setpriority(PRIO_PROCESS, 0, 0);
1095 while (true) {
1096 // By default, sleep until something happens. Do not convert far_future into
1097 // std::chrono::milliseconds because that would trigger an overflow. The unit of boot_clock
1098 // is 1ns.
1099 const boot_clock::time_point far_future = boot_clock::time_point::max();
1100 boot_clock::time_point next_action_time = far_future;
1101
1102 auto shutdown_command = shutdown_state.CheckShutdown();
1103 if (shutdown_command) {
1104 LOG(INFO) << "Got shutdown_command '" << *shutdown_command
1105 << "' Calling HandlePowerctlMessage()";
1106 HandlePowerctlMessage(*shutdown_command);
1107 }
1108
1109 if (!(prop_waiter_state.MightBeWaiting() || Service::is_exec_service_running())) {
1110 am.ExecuteOneCommand();
1111 // If there's more work to do, wake up again immediately.
1112 if (am.HasMoreCommands()) {
1113 next_action_time = boot_clock::now();
1114 }
1115 }
1116 // Since the above code examined pending actions, no new actions must be
1117 // queued by the code between this line and the Epoll::Wait() call below
1118 // without calling WakeMainInitThread().
1119 if (!IsShuttingDown()) {
1120 auto next_process_action_time = HandleProcessActions();
1121
1122 // If there's a process that needs restarting, wake up in time for that.
1123 if (next_process_action_time) {
1124 next_action_time = std::min(next_action_time, *next_process_action_time);
1125 }
1126 }
1127
1128 std::optional<std::chrono::milliseconds> epoll_timeout;
1129 if (next_action_time != far_future) {
1130 epoll_timeout = std::chrono::ceil<std::chrono::milliseconds>(
1131 std::max(next_action_time - boot_clock::now(), 0ns));
1132 }
1133 auto epoll_result = epoll.Wait(epoll_timeout);
1134 if (!epoll_result.ok()) {
1135 LOG(ERROR) << epoll_result.error();
1136 }
1137 if (!IsShuttingDown()) {
1138 HandleControlMessages();
1139 SetUsbController();
1140 }
1141 }
1142
1143 return 0;
1144 }
1145
1146 } // namespace init
1147 } // namespace android
1148