1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "init.h"
18
19 #include <dirent.h>
20 #include <fcntl.h>
21 #include <paths.h>
22 #include <pthread.h>
23 #include <signal.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <sys/eventfd.h>
27 #include <sys/mount.h>
28 #include <sys/signalfd.h>
29 #include <sys/types.h>
30 #include <sys/utsname.h>
31 #include <unistd.h>
32
33 #define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
34 #include <sys/_system_properties.h>
35
36 #include <functional>
37 #include <map>
38 #include <memory>
39 #include <mutex>
40 #include <optional>
41 #include <thread>
42 #include <vector>
43
44 #include <android-base/chrono_utils.h>
45 #include <android-base/file.h>
46 #include <android-base/logging.h>
47 #include <android-base/parseint.h>
48 #include <android-base/properties.h>
49 #include <android-base/stringprintf.h>
50 #include <android-base/strings.h>
51 #include <backtrace/Backtrace.h>
52 #include <fs_avb/fs_avb.h>
53 #include <fs_mgr_vendor_overlay.h>
54 #include <keyutils.h>
55 #include <libavb/libavb.h>
56 #include <libgsi/libgsi.h>
57 #include <libsnapshot/snapshot.h>
58 #include <processgroup/processgroup.h>
59 #include <processgroup/setup.h>
60 #include <selinux/android.h>
61
62 #include "action_parser.h"
63 #include "builtins.h"
64 #include "epoll.h"
65 #include "first_stage_init.h"
66 #include "first_stage_mount.h"
67 #include "import_parser.h"
68 #include "keychords.h"
69 #include "lmkd_service.h"
70 #include "mount_handler.h"
71 #include "mount_namespace.h"
72 #include "property_service.h"
73 #include "proto_utils.h"
74 #include "reboot.h"
75 #include "reboot_utils.h"
76 #include "second_stage_resources.h"
77 #include "security.h"
78 #include "selabel.h"
79 #include "selinux.h"
80 #include "service.h"
81 #include "service_parser.h"
82 #include "sigchld_handler.h"
83 #include "snapuserd_transition.h"
84 #include "subcontext.h"
85 #include "system/core/init/property_service.pb.h"
86 #include "util.h"
87
88 using namespace std::chrono_literals;
89 using namespace std::string_literals;
90
91 using android::base::boot_clock;
92 using android::base::ConsumePrefix;
93 using android::base::GetProperty;
94 using android::base::ReadFileToString;
95 using android::base::SetProperty;
96 using android::base::StringPrintf;
97 using android::base::Timer;
98 using android::base::Trim;
99 using android::fs_mgr::AvbHandle;
100 using android::snapshot::SnapshotManager;
101
102 namespace android {
103 namespace init {
104
105 static int property_triggers_enabled = 0;
106
107 static int signal_fd = -1;
108 static int property_fd = -1;
109
110 struct PendingControlMessage {
111 std::string message;
112 std::string name;
113 pid_t pid;
114 int fd;
115 };
116 static std::mutex pending_control_messages_lock;
117 static std::queue<PendingControlMessage> pending_control_messages;
118
119 // Init epolls various FDs to wait for various inputs. It previously waited on property changes
120 // with a blocking socket that contained the information related to the change, however, it was easy
121 // to fill that socket and deadlock the system. Now we use locks to handle the property changes
122 // directly in the property thread, however we still must wake the epoll to inform init that there
123 // is a change to process, so we use this FD. It is non-blocking, since we do not care how many
124 // times WakeMainInitThread() is called, only that the epoll will wake.
125 static int wake_main_thread_fd = -1;
InstallInitNotifier(Epoll * epoll)126 static void InstallInitNotifier(Epoll* epoll) {
127 wake_main_thread_fd = eventfd(0, EFD_CLOEXEC);
128 if (wake_main_thread_fd == -1) {
129 PLOG(FATAL) << "Failed to create eventfd for waking init";
130 }
131 auto clear_eventfd = [] {
132 uint64_t counter;
133 TEMP_FAILURE_RETRY(read(wake_main_thread_fd, &counter, sizeof(counter)));
134 };
135
136 if (auto result = epoll->RegisterHandler(wake_main_thread_fd, clear_eventfd); !result.ok()) {
137 LOG(FATAL) << result.error();
138 }
139 }
140
WakeMainInitThread()141 static void WakeMainInitThread() {
142 uint64_t counter = 1;
143 TEMP_FAILURE_RETRY(write(wake_main_thread_fd, &counter, sizeof(counter)));
144 }
145
146 static class PropWaiterState {
147 public:
StartWaiting(const char * name,const char * value)148 bool StartWaiting(const char* name, const char* value) {
149 auto lock = std::lock_guard{lock_};
150 if (waiting_for_prop_) {
151 return false;
152 }
153 if (GetProperty(name, "") != value) {
154 // Current property value is not equal to expected value
155 wait_prop_name_ = name;
156 wait_prop_value_ = value;
157 waiting_for_prop_.reset(new Timer());
158 } else {
159 LOG(INFO) << "start_waiting_for_property(\"" << name << "\", \"" << value
160 << "\"): already set";
161 }
162 return true;
163 }
164
ResetWaitForProp()165 void ResetWaitForProp() {
166 auto lock = std::lock_guard{lock_};
167 ResetWaitForPropLocked();
168 }
169
CheckAndResetWait(const std::string & name,const std::string & value)170 void CheckAndResetWait(const std::string& name, const std::string& value) {
171 auto lock = std::lock_guard{lock_};
172 // We always record how long init waited for ueventd to tell us cold boot finished.
173 // If we aren't waiting on this property, it means that ueventd finished before we even
174 // started to wait.
175 if (name == kColdBootDoneProp) {
176 auto time_waited = waiting_for_prop_ ? waiting_for_prop_->duration().count() : 0;
177 std::thread([time_waited] {
178 SetProperty("ro.boottime.init.cold_boot_wait", std::to_string(time_waited));
179 }).detach();
180 }
181
182 if (waiting_for_prop_) {
183 if (wait_prop_name_ == name && wait_prop_value_ == value) {
184 LOG(INFO) << "Wait for property '" << wait_prop_name_ << "=" << wait_prop_value_
185 << "' took " << *waiting_for_prop_;
186 ResetWaitForPropLocked();
187 WakeMainInitThread();
188 }
189 }
190 }
191
192 // This is not thread safe because it releases the lock when it returns, so the waiting state
193 // may change. However, we only use this function to prevent running commands in the main
194 // thread loop when we are waiting, so we do not care about false positives; only false
195 // negatives. StartWaiting() and this function are always called from the same thread, so false
196 // negatives are not possible and therefore we're okay.
MightBeWaiting()197 bool MightBeWaiting() {
198 auto lock = std::lock_guard{lock_};
199 return static_cast<bool>(waiting_for_prop_);
200 }
201
202 private:
ResetWaitForPropLocked()203 void ResetWaitForPropLocked() {
204 wait_prop_name_.clear();
205 wait_prop_value_.clear();
206 waiting_for_prop_.reset();
207 }
208
209 std::mutex lock_;
210 std::unique_ptr<Timer> waiting_for_prop_{nullptr};
211 std::string wait_prop_name_;
212 std::string wait_prop_value_;
213
214 } prop_waiter_state;
215
start_waiting_for_property(const char * name,const char * value)216 bool start_waiting_for_property(const char* name, const char* value) {
217 return prop_waiter_state.StartWaiting(name, value);
218 }
219
ResetWaitForProp()220 void ResetWaitForProp() {
221 prop_waiter_state.ResetWaitForProp();
222 }
223
224 static class ShutdownState {
225 public:
TriggerShutdown(const std::string & command)226 void TriggerShutdown(const std::string& command) {
227 // We can't call HandlePowerctlMessage() directly in this function,
228 // because it modifies the contents of the action queue, which can cause the action queue
229 // to get into a bad state if this function is called from a command being executed by the
230 // action queue. Instead we set this flag and ensure that shutdown happens before the next
231 // command is run in the main init loop.
232 auto lock = std::lock_guard{shutdown_command_lock_};
233 shutdown_command_ = command;
234 do_shutdown_ = true;
235 WakeMainInitThread();
236 }
237
CheckShutdown()238 std::optional<std::string> CheckShutdown() {
239 auto lock = std::lock_guard{shutdown_command_lock_};
240 if (do_shutdown_ && !IsShuttingDown()) {
241 return shutdown_command_;
242 }
243 return {};
244 }
245
do_shutdown() const246 bool do_shutdown() const { return do_shutdown_; }
set_do_shutdown(bool value)247 void set_do_shutdown(bool value) { do_shutdown_ = value; }
248
249 private:
250 std::mutex shutdown_command_lock_;
251 std::string shutdown_command_;
252 bool do_shutdown_ = false;
253 } shutdown_state;
254
UnwindMainThreadStack()255 static void UnwindMainThreadStack() {
256 std::unique_ptr<Backtrace> backtrace(Backtrace::Create(BACKTRACE_CURRENT_PROCESS, 1));
257 if (!backtrace->Unwind(0)) {
258 LOG(ERROR) << __FUNCTION__ << "sys.powerctl: Failed to unwind callstack.";
259 }
260 for (size_t i = 0; i < backtrace->NumFrames(); i++) {
261 LOG(ERROR) << "sys.powerctl: " << backtrace->FormatFrameData(i);
262 }
263 }
264
DebugRebootLogging()265 void DebugRebootLogging() {
266 LOG(INFO) << "sys.powerctl: do_shutdown: " << shutdown_state.do_shutdown()
267 << " IsShuttingDown: " << IsShuttingDown();
268 if (shutdown_state.do_shutdown()) {
269 LOG(ERROR) << "sys.powerctl set while a previous shutdown command has not been handled";
270 UnwindMainThreadStack();
271 }
272 if (IsShuttingDown()) {
273 LOG(ERROR) << "sys.powerctl set while init is already shutting down";
274 UnwindMainThreadStack();
275 }
276 }
277
DumpState()278 void DumpState() {
279 ServiceList::GetInstance().DumpState();
280 ActionManager::GetInstance().DumpState();
281 }
282
CreateParser(ActionManager & action_manager,ServiceList & service_list)283 Parser CreateParser(ActionManager& action_manager, ServiceList& service_list) {
284 Parser parser;
285
286 parser.AddSectionParser("service", std::make_unique<ServiceParser>(
287 &service_list, GetSubcontext(), std::nullopt));
288 parser.AddSectionParser("on", std::make_unique<ActionParser>(&action_manager, GetSubcontext()));
289 parser.AddSectionParser("import", std::make_unique<ImportParser>(&parser));
290
291 return parser;
292 }
293
294 // parser that only accepts new services
CreateServiceOnlyParser(ServiceList & service_list,bool from_apex)295 Parser CreateServiceOnlyParser(ServiceList& service_list, bool from_apex) {
296 Parser parser;
297
298 parser.AddSectionParser(
299 "service", std::make_unique<ServiceParser>(&service_list, GetSubcontext(), std::nullopt,
300 from_apex));
301 return parser;
302 }
303
LoadBootScripts(ActionManager & action_manager,ServiceList & service_list)304 static void LoadBootScripts(ActionManager& action_manager, ServiceList& service_list) {
305 Parser parser = CreateParser(action_manager, service_list);
306
307 std::string bootscript = GetProperty("ro.boot.init_rc", "");
308 if (bootscript.empty()) {
309 parser.ParseConfig("/system/etc/init/hw/init.rc");
310 if (!parser.ParseConfig("/system/etc/init")) {
311 late_import_paths.emplace_back("/system/etc/init");
312 }
313 // late_import is available only in Q and earlier release. As we don't
314 // have system_ext in those versions, skip late_import for system_ext.
315 parser.ParseConfig("/system_ext/etc/init");
316 if (!parser.ParseConfig("/vendor/etc/init")) {
317 late_import_paths.emplace_back("/vendor/etc/init");
318 }
319 if (!parser.ParseConfig("/odm/etc/init")) {
320 late_import_paths.emplace_back("/odm/etc/init");
321 }
322 if (!parser.ParseConfig("/product/etc/init")) {
323 late_import_paths.emplace_back("/product/etc/init");
324 }
325 } else {
326 parser.ParseConfig(bootscript);
327 }
328 }
329
PropertyChanged(const std::string & name,const std::string & value)330 void PropertyChanged(const std::string& name, const std::string& value) {
331 // If the property is sys.powerctl, we bypass the event queue and immediately handle it.
332 // This is to ensure that init will always and immediately shutdown/reboot, regardless of
333 // if there are other pending events to process or if init is waiting on an exec service or
334 // waiting on a property.
335 // In non-thermal-shutdown case, 'shutdown' trigger will be fired to let device specific
336 // commands to be executed.
337 if (name == "sys.powerctl") {
338 trigger_shutdown(value);
339 }
340
341 if (property_triggers_enabled) {
342 ActionManager::GetInstance().QueuePropertyChange(name, value);
343 WakeMainInitThread();
344 }
345
346 prop_waiter_state.CheckAndResetWait(name, value);
347 }
348
HandleProcessActions()349 static std::optional<boot_clock::time_point> HandleProcessActions() {
350 std::optional<boot_clock::time_point> next_process_action_time;
351 for (const auto& s : ServiceList::GetInstance()) {
352 if ((s->flags() & SVC_RUNNING) && s->timeout_period()) {
353 auto timeout_time = s->time_started() + *s->timeout_period();
354 if (boot_clock::now() > timeout_time) {
355 s->Timeout();
356 } else {
357 if (!next_process_action_time || timeout_time < *next_process_action_time) {
358 next_process_action_time = timeout_time;
359 }
360 }
361 }
362
363 if (!(s->flags() & SVC_RESTARTING)) continue;
364
365 auto restart_time = s->time_started() + s->restart_period();
366 if (boot_clock::now() > restart_time) {
367 if (auto result = s->Start(); !result.ok()) {
368 LOG(ERROR) << "Could not restart process '" << s->name() << "': " << result.error();
369 }
370 } else {
371 if (!next_process_action_time || restart_time < *next_process_action_time) {
372 next_process_action_time = restart_time;
373 }
374 }
375 }
376 return next_process_action_time;
377 }
378
DoControlStart(Service * service)379 static Result<void> DoControlStart(Service* service) {
380 return service->Start();
381 }
382
DoControlStop(Service * service)383 static Result<void> DoControlStop(Service* service) {
384 service->Stop();
385 return {};
386 }
387
DoControlRestart(Service * service)388 static Result<void> DoControlRestart(Service* service) {
389 service->Restart();
390 return {};
391 }
392
393 enum class ControlTarget {
394 SERVICE, // function gets called for the named service
395 INTERFACE, // action gets called for every service that holds this interface
396 };
397
398 using ControlMessageFunction = std::function<Result<void>(Service*)>;
399
GetControlMessageMap()400 static const std::map<std::string, ControlMessageFunction, std::less<>>& GetControlMessageMap() {
401 // clang-format off
402 static const std::map<std::string, ControlMessageFunction, std::less<>> control_message_functions = {
403 {"sigstop_on", [](auto* service) { service->set_sigstop(true); return Result<void>{}; }},
404 {"sigstop_off", [](auto* service) { service->set_sigstop(false); return Result<void>{}; }},
405 {"oneshot_on", [](auto* service) { service->set_oneshot(true); return Result<void>{}; }},
406 {"oneshot_off", [](auto* service) { service->set_oneshot(false); return Result<void>{}; }},
407 {"start", DoControlStart},
408 {"stop", DoControlStop},
409 {"restart", DoControlRestart},
410 };
411 // clang-format on
412
413 return control_message_functions;
414 }
415
HandleControlMessage(std::string_view message,const std::string & name,pid_t from_pid)416 static bool HandleControlMessage(std::string_view message, const std::string& name,
417 pid_t from_pid) {
418 std::string cmdline_path = StringPrintf("proc/%d/cmdline", from_pid);
419 std::string process_cmdline;
420 if (ReadFileToString(cmdline_path, &process_cmdline)) {
421 std::replace(process_cmdline.begin(), process_cmdline.end(), '\0', ' ');
422 process_cmdline = Trim(process_cmdline);
423 } else {
424 process_cmdline = "unknown process";
425 }
426
427 Service* service = nullptr;
428 auto action = message;
429 if (ConsumePrefix(&action, "interface_")) {
430 service = ServiceList::GetInstance().FindInterface(name);
431 } else {
432 service = ServiceList::GetInstance().FindService(name);
433 }
434
435 if (service == nullptr) {
436 LOG(ERROR) << "Control message: Could not find '" << name << "' for ctl." << message
437 << " from pid: " << from_pid << " (" << process_cmdline << ")";
438 return false;
439 }
440
441 const auto& map = GetControlMessageMap();
442 const auto it = map.find(action);
443 if (it == map.end()) {
444 LOG(ERROR) << "Unknown control msg '" << message << "'";
445 return false;
446 }
447 const auto& function = it->second;
448
449 if (auto result = function(service); !result.ok()) {
450 LOG(ERROR) << "Control message: Could not ctl." << message << " for '" << name
451 << "' from pid: " << from_pid << " (" << process_cmdline
452 << "): " << result.error();
453 return false;
454 }
455
456 LOG(INFO) << "Control message: Processed ctl." << message << " for '" << name
457 << "' from pid: " << from_pid << " (" << process_cmdline << ")";
458 return true;
459 }
460
QueueControlMessage(const std::string & message,const std::string & name,pid_t pid,int fd)461 bool QueueControlMessage(const std::string& message, const std::string& name, pid_t pid, int fd) {
462 auto lock = std::lock_guard{pending_control_messages_lock};
463 if (pending_control_messages.size() > 100) {
464 LOG(ERROR) << "Too many pending control messages, dropped '" << message << "' for '" << name
465 << "' from pid: " << pid;
466 return false;
467 }
468 pending_control_messages.push({message, name, pid, fd});
469 WakeMainInitThread();
470 return true;
471 }
472
HandleControlMessages()473 static void HandleControlMessages() {
474 auto lock = std::unique_lock{pending_control_messages_lock};
475 // Init historically would only execute handle one property message, including control messages
476 // in each iteration of its main loop. We retain this behavior here to prevent starvation of
477 // other actions in the main loop.
478 if (!pending_control_messages.empty()) {
479 auto control_message = pending_control_messages.front();
480 pending_control_messages.pop();
481 lock.unlock();
482
483 bool success = HandleControlMessage(control_message.message, control_message.name,
484 control_message.pid);
485
486 uint32_t response = success ? PROP_SUCCESS : PROP_ERROR_HANDLE_CONTROL_MESSAGE;
487 if (control_message.fd != -1) {
488 TEMP_FAILURE_RETRY(send(control_message.fd, &response, sizeof(response), 0));
489 close(control_message.fd);
490 }
491 lock.lock();
492 }
493 // If we still have items to process, make sure we wake back up to do so.
494 if (!pending_control_messages.empty()) {
495 WakeMainInitThread();
496 }
497 }
498
wait_for_coldboot_done_action(const BuiltinArguments & args)499 static Result<void> wait_for_coldboot_done_action(const BuiltinArguments& args) {
500 if (!prop_waiter_state.StartWaiting(kColdBootDoneProp, "true")) {
501 LOG(FATAL) << "Could not wait for '" << kColdBootDoneProp << "'";
502 }
503
504 return {};
505 }
506
SetupCgroupsAction(const BuiltinArguments &)507 static Result<void> SetupCgroupsAction(const BuiltinArguments&) {
508 // Have to create <CGROUPS_RC_DIR> using make_dir function
509 // for appropriate sepolicy to be set for it
510 make_dir(android::base::Dirname(CGROUPS_RC_PATH), 0711);
511 if (!CgroupSetup()) {
512 return ErrnoError() << "Failed to setup cgroups";
513 }
514
515 return {};
516 }
517
export_oem_lock_status()518 static void export_oem_lock_status() {
519 if (!android::base::GetBoolProperty("ro.oem_unlock_supported", false)) {
520 return;
521 }
522 SetProperty(
523 "ro.boot.flash.locked",
524 android::base::GetProperty("ro.boot.verifiedbootstate", "") == "orange" ? "0" : "1");
525 }
526
property_enable_triggers_action(const BuiltinArguments & args)527 static Result<void> property_enable_triggers_action(const BuiltinArguments& args) {
528 /* Enable property triggers. */
529 property_triggers_enabled = 1;
530 return {};
531 }
532
queue_property_triggers_action(const BuiltinArguments & args)533 static Result<void> queue_property_triggers_action(const BuiltinArguments& args) {
534 ActionManager::GetInstance().QueueBuiltinAction(property_enable_triggers_action, "enable_property_trigger");
535 ActionManager::GetInstance().QueueAllPropertyActions();
536 return {};
537 }
538
539 // Set the UDC controller for the ConfigFS USB Gadgets.
540 // Read the UDC controller in use from "/sys/class/udc".
541 // In case of multiple UDC controllers select the first one.
SetUsbController()542 static void SetUsbController() {
543 static auto controller_set = false;
544 if (controller_set) return;
545 std::unique_ptr<DIR, decltype(&closedir)>dir(opendir("/sys/class/udc"), closedir);
546 if (!dir) return;
547
548 dirent* dp;
549 while ((dp = readdir(dir.get())) != nullptr) {
550 if (dp->d_name[0] == '.') continue;
551
552 SetProperty("sys.usb.controller", dp->d_name);
553 controller_set = true;
554 break;
555 }
556 }
557
558 /// Set ro.kernel.version property to contain the major.minor pair as returned
559 /// by uname(2).
SetKernelVersion()560 static void SetKernelVersion() {
561 struct utsname uts;
562 unsigned int major, minor;
563
564 if ((uname(&uts) != 0) || (sscanf(uts.release, "%u.%u", &major, &minor) != 2)) {
565 LOG(ERROR) << "Could not parse the kernel version from uname";
566 return;
567 }
568 SetProperty("ro.kernel.version", android::base::StringPrintf("%u.%u", major, minor));
569 }
570
HandleSigtermSignal(const signalfd_siginfo & siginfo)571 static void HandleSigtermSignal(const signalfd_siginfo& siginfo) {
572 if (siginfo.ssi_pid != 0) {
573 // Drop any userspace SIGTERM requests.
574 LOG(DEBUG) << "Ignoring SIGTERM from pid " << siginfo.ssi_pid;
575 return;
576 }
577
578 HandlePowerctlMessage("shutdown,container");
579 }
580
HandleSignalFd()581 static void HandleSignalFd() {
582 signalfd_siginfo siginfo;
583 ssize_t bytes_read = TEMP_FAILURE_RETRY(read(signal_fd, &siginfo, sizeof(siginfo)));
584 if (bytes_read != sizeof(siginfo)) {
585 PLOG(ERROR) << "Failed to read siginfo from signal_fd";
586 return;
587 }
588
589 switch (siginfo.ssi_signo) {
590 case SIGCHLD:
591 ReapAnyOutstandingChildren();
592 break;
593 case SIGTERM:
594 HandleSigtermSignal(siginfo);
595 break;
596 default:
597 PLOG(ERROR) << "signal_fd: received unexpected signal " << siginfo.ssi_signo;
598 break;
599 }
600 }
601
UnblockSignals()602 static void UnblockSignals() {
603 const struct sigaction act { .sa_handler = SIG_DFL };
604 sigaction(SIGCHLD, &act, nullptr);
605
606 sigset_t mask;
607 sigemptyset(&mask);
608 sigaddset(&mask, SIGCHLD);
609 sigaddset(&mask, SIGTERM);
610
611 if (sigprocmask(SIG_UNBLOCK, &mask, nullptr) == -1) {
612 PLOG(FATAL) << "failed to unblock signals for PID " << getpid();
613 }
614 }
615
InstallSignalFdHandler(Epoll * epoll)616 static void InstallSignalFdHandler(Epoll* epoll) {
617 // Applying SA_NOCLDSTOP to a defaulted SIGCHLD handler prevents the signalfd from receiving
618 // SIGCHLD when a child process stops or continues (b/77867680#comment9).
619 const struct sigaction act { .sa_handler = SIG_DFL, .sa_flags = SA_NOCLDSTOP };
620 sigaction(SIGCHLD, &act, nullptr);
621
622 sigset_t mask;
623 sigemptyset(&mask);
624 sigaddset(&mask, SIGCHLD);
625
626 if (!IsRebootCapable()) {
627 // If init does not have the CAP_SYS_BOOT capability, it is running in a container.
628 // In that case, receiving SIGTERM will cause the system to shut down.
629 sigaddset(&mask, SIGTERM);
630 }
631
632 if (sigprocmask(SIG_BLOCK, &mask, nullptr) == -1) {
633 PLOG(FATAL) << "failed to block signals";
634 }
635
636 // Register a handler to unblock signals in the child processes.
637 const int result = pthread_atfork(nullptr, nullptr, &UnblockSignals);
638 if (result != 0) {
639 LOG(FATAL) << "Failed to register a fork handler: " << strerror(result);
640 }
641
642 signal_fd = signalfd(-1, &mask, SFD_CLOEXEC);
643 if (signal_fd == -1) {
644 PLOG(FATAL) << "failed to create signalfd";
645 }
646
647 if (auto result = epoll->RegisterHandler(signal_fd, HandleSignalFd); !result.ok()) {
648 LOG(FATAL) << result.error();
649 }
650 }
651
HandleKeychord(const std::vector<int> & keycodes)652 void HandleKeychord(const std::vector<int>& keycodes) {
653 // Only handle keychords if adb is enabled.
654 std::string adb_enabled = android::base::GetProperty("init.svc.adbd", "");
655 if (adb_enabled != "running") {
656 LOG(WARNING) << "Not starting service for keychord " << android::base::Join(keycodes, ' ')
657 << " because ADB is disabled";
658 return;
659 }
660
661 auto found = false;
662 for (const auto& service : ServiceList::GetInstance()) {
663 auto svc = service.get();
664 if (svc->keycodes() == keycodes) {
665 found = true;
666 LOG(INFO) << "Starting service '" << svc->name() << "' from keychord "
667 << android::base::Join(keycodes, ' ');
668 if (auto result = svc->Start(); !result.ok()) {
669 LOG(ERROR) << "Could not start service '" << svc->name() << "' from keychord "
670 << android::base::Join(keycodes, ' ') << ": " << result.error();
671 }
672 }
673 }
674 if (!found) {
675 LOG(ERROR) << "Service for keychord " << android::base::Join(keycodes, ' ') << " not found";
676 }
677 }
678
UmountDebugRamdisk()679 static void UmountDebugRamdisk() {
680 if (umount("/debug_ramdisk") != 0) {
681 PLOG(ERROR) << "Failed to umount /debug_ramdisk";
682 }
683 }
684
UmountSecondStageRes()685 static void UmountSecondStageRes() {
686 if (umount(kSecondStageRes) != 0) {
687 PLOG(ERROR) << "Failed to umount " << kSecondStageRes;
688 }
689 }
690
MountExtraFilesystems()691 static void MountExtraFilesystems() {
692 #define CHECKCALL(x) \
693 if ((x) != 0) PLOG(FATAL) << #x " failed.";
694
695 // /apex is used to mount APEXes
696 CHECKCALL(mount("tmpfs", "/apex", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
697 "mode=0755,uid=0,gid=0"));
698
699 // /linkerconfig is used to keep generated linker configuration
700 CHECKCALL(mount("tmpfs", "/linkerconfig", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
701 "mode=0755,uid=0,gid=0"));
702 #undef CHECKCALL
703 }
704
RecordStageBoottimes(const boot_clock::time_point & second_stage_start_time)705 static void RecordStageBoottimes(const boot_clock::time_point& second_stage_start_time) {
706 int64_t first_stage_start_time_ns = -1;
707 if (auto first_stage_start_time_str = getenv(kEnvFirstStageStartedAt);
708 first_stage_start_time_str) {
709 SetProperty("ro.boottime.init", first_stage_start_time_str);
710 android::base::ParseInt(first_stage_start_time_str, &first_stage_start_time_ns);
711 }
712 unsetenv(kEnvFirstStageStartedAt);
713
714 int64_t selinux_start_time_ns = -1;
715 if (auto selinux_start_time_str = getenv(kEnvSelinuxStartedAt); selinux_start_time_str) {
716 android::base::ParseInt(selinux_start_time_str, &selinux_start_time_ns);
717 }
718 unsetenv(kEnvSelinuxStartedAt);
719
720 if (selinux_start_time_ns == -1) return;
721 if (first_stage_start_time_ns == -1) return;
722
723 SetProperty("ro.boottime.init.first_stage",
724 std::to_string(selinux_start_time_ns - first_stage_start_time_ns));
725 SetProperty("ro.boottime.init.selinux",
726 std::to_string(second_stage_start_time.time_since_epoch().count() -
727 selinux_start_time_ns));
728 if (auto init_module_time_str = getenv(kEnvInitModuleDurationMs); init_module_time_str) {
729 SetProperty("ro.boottime.init.modules", init_module_time_str);
730 unsetenv(kEnvInitModuleDurationMs);
731 }
732 }
733
SendLoadPersistentPropertiesMessage()734 void SendLoadPersistentPropertiesMessage() {
735 auto init_message = InitMessage{};
736 init_message.set_load_persistent_properties(true);
737 if (auto result = SendMessage(property_fd, init_message); !result.ok()) {
738 LOG(ERROR) << "Failed to send load persistent properties message: " << result.error();
739 }
740 }
741
SecondStageMain(int argc,char ** argv)742 int SecondStageMain(int argc, char** argv) {
743 if (REBOOT_BOOTLOADER_ON_PANIC) {
744 InstallRebootSignalHandlers();
745 }
746
747 boot_clock::time_point start_time = boot_clock::now();
748
749 trigger_shutdown = [](const std::string& command) { shutdown_state.TriggerShutdown(command); };
750
751 SetStdioToDevNull(argv);
752 InitKernelLogging(argv);
753 LOG(INFO) << "init second stage started!";
754
755 // Update $PATH in the case the second stage init is newer than first stage init, where it is
756 // first set.
757 if (setenv("PATH", _PATH_DEFPATH, 1) != 0) {
758 PLOG(FATAL) << "Could not set $PATH to '" << _PATH_DEFPATH << "' in second stage";
759 }
760
761 // Init should not crash because of a dependence on any other process, therefore we ignore
762 // SIGPIPE and handle EPIPE at the call site directly. Note that setting a signal to SIG_IGN
763 // is inherited across exec, but custom signal handlers are not. Since we do not want to
764 // ignore SIGPIPE for child processes, we set a no-op function for the signal handler instead.
765 {
766 struct sigaction action = {.sa_flags = SA_RESTART};
767 action.sa_handler = [](int) {};
768 sigaction(SIGPIPE, &action, nullptr);
769 }
770
771 // Set init and its forked children's oom_adj.
772 if (auto result =
773 WriteFile("/proc/1/oom_score_adj", StringPrintf("%d", DEFAULT_OOM_SCORE_ADJUST));
774 !result.ok()) {
775 LOG(ERROR) << "Unable to write " << DEFAULT_OOM_SCORE_ADJUST
776 << " to /proc/1/oom_score_adj: " << result.error();
777 }
778
779 // Set up a session keyring that all processes will have access to. It
780 // will hold things like FBE encryption keys. No process should override
781 // its session keyring.
782 keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 1);
783
784 // Indicate that booting is in progress to background fw loaders, etc.
785 close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000));
786
787 // See if need to load debug props to allow adb root, when the device is unlocked.
788 const char* force_debuggable_env = getenv("INIT_FORCE_DEBUGGABLE");
789 bool load_debug_prop = false;
790 if (force_debuggable_env && AvbHandle::IsDeviceUnlocked()) {
791 load_debug_prop = "true"s == force_debuggable_env;
792 }
793 unsetenv("INIT_FORCE_DEBUGGABLE");
794
795 // Umount the debug ramdisk so property service doesn't read .prop files from there, when it
796 // is not meant to.
797 if (!load_debug_prop) {
798 UmountDebugRamdisk();
799 }
800
801 PropertyInit();
802
803 // Umount second stage resources after property service has read the .prop files.
804 UmountSecondStageRes();
805
806 // Umount the debug ramdisk after property service has read the .prop files when it means to.
807 if (load_debug_prop) {
808 UmountDebugRamdisk();
809 }
810
811 // Mount extra filesystems required during second stage init
812 MountExtraFilesystems();
813
814 // Now set up SELinux for second stage.
815 SelinuxSetupKernelLogging();
816 SelabelInitialize();
817 SelinuxRestoreContext();
818
819 Epoll epoll;
820 if (auto result = epoll.Open(); !result.ok()) {
821 PLOG(FATAL) << result.error();
822 }
823
824 InstallSignalFdHandler(&epoll);
825 InstallInitNotifier(&epoll);
826 StartPropertyService(&property_fd);
827
828 // Make the time that init stages started available for bootstat to log.
829 RecordStageBoottimes(start_time);
830
831 // Set libavb version for Framework-only OTA match in Treble build.
832 if (const char* avb_version = getenv("INIT_AVB_VERSION"); avb_version != nullptr) {
833 SetProperty("ro.boot.avb_version", avb_version);
834 }
835 unsetenv("INIT_AVB_VERSION");
836
837 fs_mgr_vendor_overlay_mount_all();
838 export_oem_lock_status();
839 MountHandler mount_handler(&epoll);
840 SetUsbController();
841 SetKernelVersion();
842
843 const BuiltinFunctionMap& function_map = GetBuiltinFunctionMap();
844 Action::set_function_map(&function_map);
845
846 if (!SetupMountNamespaces()) {
847 PLOG(FATAL) << "SetupMountNamespaces failed";
848 }
849
850 InitializeSubcontext();
851
852 ActionManager& am = ActionManager::GetInstance();
853 ServiceList& sm = ServiceList::GetInstance();
854
855 LoadBootScripts(am, sm);
856
857 // Turning this on and letting the INFO logging be discarded adds 0.2s to
858 // Nexus 9 boot time, so it's disabled by default.
859 if (false) DumpState();
860
861 // Make the GSI status available before scripts start running.
862 auto is_running = android::gsi::IsGsiRunning() ? "1" : "0";
863 SetProperty(gsi::kGsiBootedProp, is_running);
864 auto is_installed = android::gsi::IsGsiInstalled() ? "1" : "0";
865 SetProperty(gsi::kGsiInstalledProp, is_installed);
866
867 am.QueueBuiltinAction(SetupCgroupsAction, "SetupCgroups");
868 am.QueueBuiltinAction(SetKptrRestrictAction, "SetKptrRestrict");
869 am.QueueBuiltinAction(TestPerfEventSelinuxAction, "TestPerfEventSelinux");
870 am.QueueEventTrigger("early-init");
871
872 // Queue an action that waits for coldboot done so we know ueventd has set up all of /dev...
873 am.QueueBuiltinAction(wait_for_coldboot_done_action, "wait_for_coldboot_done");
874 // ... so that we can start queuing up actions that require stuff from /dev.
875 am.QueueBuiltinAction(SetMmapRndBitsAction, "SetMmapRndBits");
876 Keychords keychords;
877 am.QueueBuiltinAction(
878 [&epoll, &keychords](const BuiltinArguments& args) -> Result<void> {
879 for (const auto& svc : ServiceList::GetInstance()) {
880 keychords.Register(svc->keycodes());
881 }
882 keychords.Start(&epoll, HandleKeychord);
883 return {};
884 },
885 "KeychordInit");
886
887 // Trigger all the boot actions to get us started.
888 am.QueueEventTrigger("init");
889
890 // Don't mount filesystems or start core system services in charger mode.
891 std::string bootmode = GetProperty("ro.bootmode", "");
892 if (bootmode == "charger") {
893 am.QueueEventTrigger("charger");
894 } else {
895 am.QueueEventTrigger("late-init");
896 }
897
898 // Run all property triggers based on current state of the properties.
899 am.QueueBuiltinAction(queue_property_triggers_action, "queue_property_triggers");
900
901 // Restore prio before main loop
902 setpriority(PRIO_PROCESS, 0, 0);
903 while (true) {
904 // By default, sleep until something happens.
905 auto epoll_timeout = std::optional<std::chrono::milliseconds>{};
906
907 auto shutdown_command = shutdown_state.CheckShutdown();
908 if (shutdown_command) {
909 LOG(INFO) << "Got shutdown_command '" << *shutdown_command
910 << "' Calling HandlePowerctlMessage()";
911 HandlePowerctlMessage(*shutdown_command);
912 shutdown_state.set_do_shutdown(false);
913 }
914
915 if (!(prop_waiter_state.MightBeWaiting() || Service::is_exec_service_running())) {
916 am.ExecuteOneCommand();
917 }
918 if (!IsShuttingDown()) {
919 auto next_process_action_time = HandleProcessActions();
920
921 // If there's a process that needs restarting, wake up in time for that.
922 if (next_process_action_time) {
923 epoll_timeout = std::chrono::ceil<std::chrono::milliseconds>(
924 *next_process_action_time - boot_clock::now());
925 if (*epoll_timeout < 0ms) epoll_timeout = 0ms;
926 }
927 }
928
929 if (!(prop_waiter_state.MightBeWaiting() || Service::is_exec_service_running())) {
930 // If there's more work to do, wake up again immediately.
931 if (am.HasMoreCommands()) epoll_timeout = 0ms;
932 }
933
934 auto pending_functions = epoll.Wait(epoll_timeout);
935 if (!pending_functions.ok()) {
936 LOG(ERROR) << pending_functions.error();
937 } else if (!pending_functions->empty()) {
938 // We always reap children before responding to the other pending functions. This is to
939 // prevent a race where other daemons see that a service has exited and ask init to
940 // start it again via ctl.start before init has reaped it.
941 ReapAnyOutstandingChildren();
942 for (const auto& function : *pending_functions) {
943 (*function)();
944 }
945 }
946 if (!IsShuttingDown()) {
947 HandleControlMessages();
948 SetUsbController();
949 }
950 }
951
952 return 0;
953 }
954
955 } // namespace init
956 } // namespace android
957