1 /*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "ueventd.h"
18
19 #include <android/api-level.h>
20 #include <ctype.h>
21 #include <dirent.h>
22 #include <fcntl.h>
23 #include <signal.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <sys/stat.h>
28 #include <sys/wait.h>
29 #include <unistd.h>
30
31 #include <set>
32 #include <thread>
33
34 #include <android-base/chrono_utils.h>
35 #include <android-base/logging.h>
36 #include <android-base/properties.h>
37 #include <fstab/fstab.h>
38 #include <selinux/android.h>
39 #include <selinux/selinux.h>
40
41 #include "devices.h"
42 #include "firmware_handler.h"
43 #include "modalias_handler.h"
44 #include "selabel.h"
45 #include "selinux.h"
46 #include "uevent_handler.h"
47 #include "uevent_listener.h"
48 #include "ueventd_parser.h"
49 #include "util.h"
50
51 // At a high level, ueventd listens for uevent messages generated by the kernel through a netlink
52 // socket. When ueventd receives such a message it handles it by taking appropriate actions,
53 // which can typically be creating a device node in /dev, setting file permissions, setting selinux
54 // labels, etc.
55 // Ueventd also handles loading of firmware that the kernel requests, and creates symlinks for block
56 // and character devices.
57
58 // When ueventd starts, it regenerates uevents for all currently registered devices by traversing
59 // /sys and writing 'add' to each 'uevent' file that it finds. This causes the kernel to generate
60 // and resend uevent messages for all of the currently registered devices. This is done, because
61 // ueventd would not have been running when these devices were registered and therefore was unable
62 // to receive their uevent messages and handle them appropriately. This process is known as
63 // 'cold boot'.
64
65 // 'init' currently waits synchronously on the cold boot process of ueventd before it continues
66 // its boot process. For this reason, cold boot should be as quick as possible. One way to achieve
67 // a speed up here is to parallelize the handling of ueventd messages, which consume the bulk of the
68 // time during cold boot.
69
70 // Handling of uevent messages has two unique properties:
71 // 1) It can be done in isolation; it doesn't need to read or write any status once it is started.
72 // 2) It uses setegid() and setfscreatecon() so either care (aka locking) must be taken to ensure
73 // that no file system operations are done while the uevent process has an abnormal egid or
74 // fscreatecon or this handling must happen in a separate process.
75 // Given the above two properties, it is best to fork() subprocesses to handle the uevents. This
76 // reduces the overhead and complexity that would be required in a solution with threads and locks.
77 // In testing, a racy multithreaded solution has the same performance as the fork() solution, so
78 // there is no reason to deal with the complexity of the former.
79
80 // One other important caveat during the boot process is the handling of SELinux restorecon.
81 // Since many devices have child devices, calling selinux_android_restorecon() recursively for each
82 // device when its uevent is handled, results in multiple restorecon operations being done on a
83 // given file. It is more efficient to simply do restorecon recursively on /sys during cold boot,
84 // than to do restorecon on each device as its uevent is handled. This only applies to cold boot;
85 // once that has completed, restorecon is done for each device as its uevent is handled.
86
87 // With all of the above considered, the cold boot process has the below steps:
88 // 1) ueventd regenerates uevents by doing the /sys traversal and listens to the netlink socket for
89 // the generated uevents. It writes these uevents into a queue represented by a vector.
90 //
91 // 2) ueventd forks 'n' separate uevent handler subprocesses and has each of them to handle the
92 // uevents in the queue based on a starting offset (their process number) and a stride (the total
93 // number of processes). Note that no IPC happens at this point and only const functions from
94 // DeviceHandler should be called from this context.
95 //
96 // 3) In parallel to the subprocesses handling the uevents, the main thread of ueventd calls
97 // selinux_android_restorecon() recursively on /sys/class, /sys/block, and /sys/devices.
98 //
99 // 4) Once the restorecon operation finishes, the main thread calls waitpid() to wait for all
100 // subprocess handlers to complete and exit. Once this happens, it marks coldboot as having
101 // completed.
102 //
103 // At this point, ueventd is single threaded, poll()'s and then handles any future uevents.
104
105 // Lastly, it should be noted that uevents that occur during the coldboot process are handled
106 // without issue after the coldboot process completes. This is because the uevent listener is
107 // paused while the uevent handler and restorecon actions take place. Once coldboot completes,
108 // the uevent listener resumes in polling mode and will handle the uevents that occurred during
109 // coldboot.
110
111 namespace android {
112 namespace init {
113
114 class ColdBoot {
115 public:
ColdBoot(UeventListener & uevent_listener,std::vector<std::unique_ptr<UeventHandler>> & uevent_handlers,bool enable_parallel_restorecon)116 ColdBoot(UeventListener& uevent_listener,
117 std::vector<std::unique_ptr<UeventHandler>>& uevent_handlers,
118 bool enable_parallel_restorecon)
119 : uevent_listener_(uevent_listener),
120 uevent_handlers_(uevent_handlers),
121 num_handler_subprocesses_(std::thread::hardware_concurrency() ?: 4),
122 enable_parallel_restorecon_(enable_parallel_restorecon) {}
123
124 void Run();
125
126 private:
127 void UeventHandlerMain(unsigned int process_num, unsigned int total_processes);
128 void RegenerateUevents();
129 void ForkSubProcesses();
130 void WaitForSubProcesses();
131 void RestoreConHandler(unsigned int process_num, unsigned int total_processes);
132 void GenerateRestoreCon(const std::string& directory);
133
134 UeventListener& uevent_listener_;
135 std::vector<std::unique_ptr<UeventHandler>>& uevent_handlers_;
136
137 unsigned int num_handler_subprocesses_;
138 bool enable_parallel_restorecon_;
139
140 std::vector<Uevent> uevent_queue_;
141
142 std::set<pid_t> subprocess_pids_;
143
144 std::vector<std::string> restorecon_queue_;
145 };
146
UeventHandlerMain(unsigned int process_num,unsigned int total_processes)147 void ColdBoot::UeventHandlerMain(unsigned int process_num, unsigned int total_processes) {
148 for (unsigned int i = process_num; i < uevent_queue_.size(); i += total_processes) {
149 auto& uevent = uevent_queue_[i];
150
151 for (auto& uevent_handler : uevent_handlers_) {
152 uevent_handler->HandleUevent(uevent);
153 }
154 }
155 }
156
RestoreConHandler(unsigned int process_num,unsigned int total_processes)157 void ColdBoot::RestoreConHandler(unsigned int process_num, unsigned int total_processes) {
158 for (unsigned int i = process_num; i < restorecon_queue_.size(); i += total_processes) {
159 auto& dir = restorecon_queue_[i];
160
161 selinux_android_restorecon(dir.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE);
162 }
163 }
164
GenerateRestoreCon(const std::string & directory)165 void ColdBoot::GenerateRestoreCon(const std::string& directory) {
166 std::unique_ptr<DIR, decltype(&closedir)> dir(opendir(directory.c_str()), &closedir);
167
168 if (!dir) return;
169
170 struct dirent* dent;
171 while ((dent = readdir(dir.get())) != NULL) {
172 if (strcmp(dent->d_name, ".") == 0 || strcmp(dent->d_name, "..") == 0) continue;
173
174 struct stat st;
175 if (fstatat(dirfd(dir.get()), dent->d_name, &st, 0) == -1) continue;
176
177 if (S_ISDIR(st.st_mode)) {
178 std::string fullpath = directory + "/" + dent->d_name;
179 if (fullpath != "/sys/devices") {
180 restorecon_queue_.emplace_back(fullpath);
181 }
182 }
183 }
184 }
185
RegenerateUevents()186 void ColdBoot::RegenerateUevents() {
187 uevent_listener_.RegenerateUevents([this](const Uevent& uevent) {
188 uevent_queue_.emplace_back(uevent);
189 return ListenerAction::kContinue;
190 });
191 }
192
ForkSubProcesses()193 void ColdBoot::ForkSubProcesses() {
194 for (unsigned int i = 0; i < num_handler_subprocesses_; ++i) {
195 auto pid = fork();
196 if (pid < 0) {
197 PLOG(FATAL) << "fork() failed!";
198 }
199
200 if (pid == 0) {
201 UeventHandlerMain(i, num_handler_subprocesses_);
202 if (enable_parallel_restorecon_) {
203 RestoreConHandler(i, num_handler_subprocesses_);
204 }
205 _exit(EXIT_SUCCESS);
206 }
207
208 subprocess_pids_.emplace(pid);
209 }
210 }
211
WaitForSubProcesses()212 void ColdBoot::WaitForSubProcesses() {
213 // Treat subprocesses that crash or get stuck the same as if ueventd itself has crashed or gets
214 // stuck.
215 //
216 // When a subprocess crashes, we fatally abort from ueventd. init will restart ueventd when
217 // init reaps it, and the cold boot process will start again. If this continues to fail, then
218 // since ueventd is marked as a critical service, init will reboot to bootloader.
219 //
220 // When a subprocess gets stuck, keep ueventd spinning waiting for it. init has a timeout for
221 // cold boot and will reboot to the bootloader if ueventd does not complete in time.
222 while (!subprocess_pids_.empty()) {
223 int status;
224 pid_t pid = TEMP_FAILURE_RETRY(waitpid(-1, &status, 0));
225 if (pid == -1) {
226 PLOG(ERROR) << "waitpid() failed";
227 continue;
228 }
229
230 auto it = std::find(subprocess_pids_.begin(), subprocess_pids_.end(), pid);
231 if (it == subprocess_pids_.end()) continue;
232
233 if (WIFEXITED(status)) {
234 if (WEXITSTATUS(status) == EXIT_SUCCESS) {
235 subprocess_pids_.erase(it);
236 } else {
237 LOG(FATAL) << "subprocess exited with status " << WEXITSTATUS(status);
238 }
239 } else if (WIFSIGNALED(status)) {
240 LOG(FATAL) << "subprocess killed by signal " << WTERMSIG(status);
241 }
242 }
243 }
244
Run()245 void ColdBoot::Run() {
246 android::base::Timer cold_boot_timer;
247
248 RegenerateUevents();
249
250 if (enable_parallel_restorecon_) {
251 selinux_android_restorecon("/sys", 0);
252 selinux_android_restorecon("/sys/devices", 0);
253 GenerateRestoreCon("/sys");
254 // takes long time for /sys/devices, parallelize it
255 GenerateRestoreCon("/sys/devices");
256 }
257
258 ForkSubProcesses();
259
260 if (!enable_parallel_restorecon_) {
261 selinux_android_restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE);
262 }
263
264 WaitForSubProcesses();
265
266 android::base::SetProperty(kColdBootDoneProp, "true");
267 LOG(INFO) << "Coldboot took " << cold_boot_timer.duration().count() / 1000.0f << " seconds";
268 }
269
GetConfiguration()270 static UeventdConfiguration GetConfiguration() {
271 // TODO: Remove these legacy paths once Android S is no longer supported.
272 if (android::base::GetIntProperty("ro.product.first_api_level", 10000) <= __ANDROID_API_S__) {
273 auto hardware = android::base::GetProperty("ro.hardware", "");
274 return ParseConfig({"/system/etc/ueventd.rc", "/vendor/ueventd.rc", "/odm/ueventd.rc",
275 "/ueventd." + hardware + ".rc"});
276 }
277
278 return ParseConfig({"/system/etc/ueventd.rc"});
279 }
280
ueventd_main(int argc,char ** argv)281 int ueventd_main(int argc, char** argv) {
282 /*
283 * init sets the umask to 077 for forked processes. We need to
284 * create files with exact permissions, without modification by
285 * the umask.
286 */
287 umask(000);
288
289 android::base::InitLogging(argv, &android::base::KernelLogger);
290
291 LOG(INFO) << "ueventd started!";
292
293 SelinuxSetupKernelLogging();
294 SelabelInitialize();
295
296 std::vector<std::unique_ptr<UeventHandler>> uevent_handlers;
297
298 auto ueventd_configuration = GetConfiguration();
299
300 uevent_handlers.emplace_back(std::make_unique<DeviceHandler>(
301 std::move(ueventd_configuration.dev_permissions),
302 std::move(ueventd_configuration.sysfs_permissions),
303 std::move(ueventd_configuration.subsystems), android::fs_mgr::GetBootDevices(), true));
304 uevent_handlers.emplace_back(std::make_unique<FirmwareHandler>(
305 std::move(ueventd_configuration.firmware_directories),
306 std::move(ueventd_configuration.external_firmware_handlers)));
307
308 if (ueventd_configuration.enable_modalias_handling) {
309 std::vector<std::string> base_paths = {"/odm/lib/modules", "/vendor/lib/modules"};
310 uevent_handlers.emplace_back(std::make_unique<ModaliasHandler>(base_paths));
311 }
312 UeventListener uevent_listener(ueventd_configuration.uevent_socket_rcvbuf_size);
313
314 if (!android::base::GetBoolProperty(kColdBootDoneProp, false)) {
315 ColdBoot cold_boot(uevent_listener, uevent_handlers,
316 ueventd_configuration.enable_parallel_restorecon);
317 cold_boot.Run();
318 }
319
320 for (auto& uevent_handler : uevent_handlers) {
321 uevent_handler->ColdbootDone();
322 }
323
324 // We use waitpid() in ColdBoot, so we can't ignore SIGCHLD until now.
325 signal(SIGCHLD, SIG_IGN);
326 // Reap and pending children that exited between the last call to waitpid() and setting SIG_IGN
327 // for SIGCHLD above.
328 while (waitpid(-1, nullptr, WNOHANG) > 0) {
329 }
330
331 // Restore prio before main loop
332 setpriority(PRIO_PROCESS, 0, 0);
333 uevent_listener.Poll([&uevent_handlers](const Uevent& uevent) {
334 for (auto& uevent_handler : uevent_handlers) {
335 uevent_handler->HandleUevent(uevent);
336 }
337 return ListenerAction::kContinue;
338 });
339
340 return 0;
341 }
342
343 } // namespace init
344 } // namespace android
345