1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "init.h"
18
19 #include <dirent.h>
20 #include <fcntl.h>
21 #include <paths.h>
22 #include <pthread.h>
23 #include <signal.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <sys/eventfd.h>
27 #include <sys/mount.h>
28 #include <sys/signalfd.h>
29 #include <sys/types.h>
30 #include <sys/utsname.h>
31 #include <unistd.h>
32
33 #define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
34 #include <sys/_system_properties.h>
35
36 #include <filesystem>
37 #include <fstream>
38 #include <functional>
39 #include <iostream>
40 #include <map>
41 #include <memory>
42 #include <mutex>
43 #include <optional>
44 #include <thread>
45 #include <vector>
46
47 #include <android-base/chrono_utils.h>
48 #include <android-base/file.h>
49 #include <android-base/logging.h>
50 #include <android-base/parseint.h>
51 #include <android-base/properties.h>
52 #include <android-base/stringprintf.h>
53 #include <android-base/strings.h>
54 #include <backtrace/Backtrace.h>
55 #include <fs_avb/fs_avb.h>
56 #include <fs_mgr_vendor_overlay.h>
57 #include <keyutils.h>
58 #include <libavb/libavb.h>
59 #include <libgsi/libgsi.h>
60 #include <libsnapshot/snapshot.h>
61 #include <processgroup/processgroup.h>
62 #include <processgroup/setup.h>
63 #include <selinux/android.h>
64
65 #include "action_parser.h"
66 #include "builtins.h"
67 #include "epoll.h"
68 #include "first_stage_init.h"
69 #include "first_stage_mount.h"
70 #include "import_parser.h"
71 #include "keychords.h"
72 #include "lmkd_service.h"
73 #include "mount_handler.h"
74 #include "mount_namespace.h"
75 #include "property_service.h"
76 #include "proto_utils.h"
77 #include "reboot.h"
78 #include "reboot_utils.h"
79 #include "second_stage_resources.h"
80 #include "security.h"
81 #include "selabel.h"
82 #include "selinux.h"
83 #include "service.h"
84 #include "service_parser.h"
85 #include "sigchld_handler.h"
86 #include "snapuserd_transition.h"
87 #include "subcontext.h"
88 #include "system/core/init/property_service.pb.h"
89 #include "util.h"
90
91 using namespace std::chrono_literals;
92 using namespace std::string_literals;
93
94 using android::base::boot_clock;
95 using android::base::ConsumePrefix;
96 using android::base::GetProperty;
97 using android::base::ReadFileToString;
98 using android::base::SetProperty;
99 using android::base::StringPrintf;
100 using android::base::Timer;
101 using android::base::Trim;
102 using android::fs_mgr::AvbHandle;
103 using android::snapshot::SnapshotManager;
104
105 namespace android {
106 namespace init {
107
108 static int property_triggers_enabled = 0;
109
110 static int signal_fd = -1;
111 static int property_fd = -1;
112
113 struct PendingControlMessage {
114 std::string message;
115 std::string name;
116 pid_t pid;
117 int fd;
118 };
119 static std::mutex pending_control_messages_lock;
120 static std::queue<PendingControlMessage> pending_control_messages;
121
122 // Init epolls various FDs to wait for various inputs. It previously waited on property changes
123 // with a blocking socket that contained the information related to the change, however, it was easy
124 // to fill that socket and deadlock the system. Now we use locks to handle the property changes
125 // directly in the property thread, however we still must wake the epoll to inform init that there
126 // is a change to process, so we use this FD. It is non-blocking, since we do not care how many
127 // times WakeMainInitThread() is called, only that the epoll will wake.
128 static int wake_main_thread_fd = -1;
InstallInitNotifier(Epoll * epoll)129 static void InstallInitNotifier(Epoll* epoll) {
130 wake_main_thread_fd = eventfd(0, EFD_CLOEXEC);
131 if (wake_main_thread_fd == -1) {
132 PLOG(FATAL) << "Failed to create eventfd for waking init";
133 }
134 auto clear_eventfd = [] {
135 uint64_t counter;
136 TEMP_FAILURE_RETRY(read(wake_main_thread_fd, &counter, sizeof(counter)));
137 };
138
139 if (auto result = epoll->RegisterHandler(wake_main_thread_fd, clear_eventfd); !result.ok()) {
140 LOG(FATAL) << result.error();
141 }
142 }
143
WakeMainInitThread()144 static void WakeMainInitThread() {
145 uint64_t counter = 1;
146 TEMP_FAILURE_RETRY(write(wake_main_thread_fd, &counter, sizeof(counter)));
147 }
148
149 static class PropWaiterState {
150 public:
StartWaiting(const char * name,const char * value)151 bool StartWaiting(const char* name, const char* value) {
152 auto lock = std::lock_guard{lock_};
153 if (waiting_for_prop_) {
154 return false;
155 }
156 if (GetProperty(name, "") != value) {
157 // Current property value is not equal to expected value
158 wait_prop_name_ = name;
159 wait_prop_value_ = value;
160 waiting_for_prop_.reset(new Timer());
161 } else {
162 LOG(INFO) << "start_waiting_for_property(\"" << name << "\", \"" << value
163 << "\"): already set";
164 }
165 return true;
166 }
167
ResetWaitForProp()168 void ResetWaitForProp() {
169 auto lock = std::lock_guard{lock_};
170 ResetWaitForPropLocked();
171 }
172
CheckAndResetWait(const std::string & name,const std::string & value)173 void CheckAndResetWait(const std::string& name, const std::string& value) {
174 auto lock = std::lock_guard{lock_};
175 // We always record how long init waited for ueventd to tell us cold boot finished.
176 // If we aren't waiting on this property, it means that ueventd finished before we even
177 // started to wait.
178 if (name == kColdBootDoneProp) {
179 auto time_waited = waiting_for_prop_ ? waiting_for_prop_->duration().count() : 0;
180 std::thread([time_waited] {
181 SetProperty("ro.boottime.init.cold_boot_wait", std::to_string(time_waited));
182 }).detach();
183 }
184
185 if (waiting_for_prop_) {
186 if (wait_prop_name_ == name && wait_prop_value_ == value) {
187 LOG(INFO) << "Wait for property '" << wait_prop_name_ << "=" << wait_prop_value_
188 << "' took " << *waiting_for_prop_;
189 ResetWaitForPropLocked();
190 WakeMainInitThread();
191 }
192 }
193 }
194
195 // This is not thread safe because it releases the lock when it returns, so the waiting state
196 // may change. However, we only use this function to prevent running commands in the main
197 // thread loop when we are waiting, so we do not care about false positives; only false
198 // negatives. StartWaiting() and this function are always called from the same thread, so false
199 // negatives are not possible and therefore we're okay.
MightBeWaiting()200 bool MightBeWaiting() {
201 auto lock = std::lock_guard{lock_};
202 return static_cast<bool>(waiting_for_prop_);
203 }
204
205 private:
ResetWaitForPropLocked()206 void ResetWaitForPropLocked() {
207 wait_prop_name_.clear();
208 wait_prop_value_.clear();
209 waiting_for_prop_.reset();
210 }
211
212 std::mutex lock_;
213 std::unique_ptr<Timer> waiting_for_prop_{nullptr};
214 std::string wait_prop_name_;
215 std::string wait_prop_value_;
216
217 } prop_waiter_state;
218
start_waiting_for_property(const char * name,const char * value)219 bool start_waiting_for_property(const char* name, const char* value) {
220 return prop_waiter_state.StartWaiting(name, value);
221 }
222
ResetWaitForProp()223 void ResetWaitForProp() {
224 prop_waiter_state.ResetWaitForProp();
225 }
226
227 static class ShutdownState {
228 public:
TriggerShutdown(const std::string & command)229 void TriggerShutdown(const std::string& command) {
230 // We can't call HandlePowerctlMessage() directly in this function,
231 // because it modifies the contents of the action queue, which can cause the action queue
232 // to get into a bad state if this function is called from a command being executed by the
233 // action queue. Instead we set this flag and ensure that shutdown happens before the next
234 // command is run in the main init loop.
235 auto lock = std::lock_guard{shutdown_command_lock_};
236 shutdown_command_ = command;
237 do_shutdown_ = true;
238 WakeMainInitThread();
239 }
240
CheckShutdown()241 std::optional<std::string> CheckShutdown() {
242 auto lock = std::lock_guard{shutdown_command_lock_};
243 if (do_shutdown_ && !IsShuttingDown()) {
244 return shutdown_command_;
245 }
246 return {};
247 }
248
do_shutdown() const249 bool do_shutdown() const { return do_shutdown_; }
set_do_shutdown(bool value)250 void set_do_shutdown(bool value) { do_shutdown_ = value; }
251
252 private:
253 std::mutex shutdown_command_lock_;
254 std::string shutdown_command_;
255 bool do_shutdown_ = false;
256 } shutdown_state;
257
UnwindMainThreadStack()258 static void UnwindMainThreadStack() {
259 std::unique_ptr<Backtrace> backtrace(Backtrace::Create(BACKTRACE_CURRENT_PROCESS, 1));
260 if (!backtrace->Unwind(0)) {
261 LOG(ERROR) << __FUNCTION__ << "sys.powerctl: Failed to unwind callstack.";
262 }
263 for (size_t i = 0; i < backtrace->NumFrames(); i++) {
264 LOG(ERROR) << "sys.powerctl: " << backtrace->FormatFrameData(i);
265 }
266 }
267
DebugRebootLogging()268 void DebugRebootLogging() {
269 LOG(INFO) << "sys.powerctl: do_shutdown: " << shutdown_state.do_shutdown()
270 << " IsShuttingDown: " << IsShuttingDown();
271 if (shutdown_state.do_shutdown()) {
272 LOG(ERROR) << "sys.powerctl set while a previous shutdown command has not been handled";
273 UnwindMainThreadStack();
274 }
275 if (IsShuttingDown()) {
276 LOG(ERROR) << "sys.powerctl set while init is already shutting down";
277 UnwindMainThreadStack();
278 }
279 }
280
DumpState()281 void DumpState() {
282 ServiceList::GetInstance().DumpState();
283 ActionManager::GetInstance().DumpState();
284 }
285
CreateParser(ActionManager & action_manager,ServiceList & service_list)286 Parser CreateParser(ActionManager& action_manager, ServiceList& service_list) {
287 Parser parser;
288
289 parser.AddSectionParser("service", std::make_unique<ServiceParser>(
290 &service_list, GetSubcontext(), std::nullopt));
291 parser.AddSectionParser("on", std::make_unique<ActionParser>(&action_manager, GetSubcontext()));
292 parser.AddSectionParser("import", std::make_unique<ImportParser>(&parser));
293
294 return parser;
295 }
296
297 // parser that only accepts new services
CreateServiceOnlyParser(ServiceList & service_list,bool from_apex)298 Parser CreateServiceOnlyParser(ServiceList& service_list, bool from_apex) {
299 Parser parser;
300
301 parser.AddSectionParser(
302 "service", std::make_unique<ServiceParser>(&service_list, GetSubcontext(), std::nullopt,
303 from_apex));
304 return parser;
305 }
306
LoadBootScripts(ActionManager & action_manager,ServiceList & service_list)307 static void LoadBootScripts(ActionManager& action_manager, ServiceList& service_list) {
308 Parser parser = CreateParser(action_manager, service_list);
309
310 std::string bootscript = GetProperty("ro.boot.init_rc", "");
311 if (bootscript.empty()) {
312 parser.ParseConfig("/system/etc/init/hw/init.rc");
313 if (!parser.ParseConfig("/system/etc/init")) {
314 late_import_paths.emplace_back("/system/etc/init");
315 }
316 // late_import is available only in Q and earlier release. As we don't
317 // have system_ext in those versions, skip late_import for system_ext.
318 parser.ParseConfig("/system_ext/etc/init");
319 if (!parser.ParseConfig("/vendor/etc/init")) {
320 late_import_paths.emplace_back("/vendor/etc/init");
321 }
322 if (!parser.ParseConfig("/odm/etc/init")) {
323 late_import_paths.emplace_back("/odm/etc/init");
324 }
325 if (!parser.ParseConfig("/product/etc/init")) {
326 late_import_paths.emplace_back("/product/etc/init");
327 }
328 } else {
329 parser.ParseConfig(bootscript);
330 }
331 }
332
PropertyChanged(const std::string & name,const std::string & value)333 void PropertyChanged(const std::string& name, const std::string& value) {
334 // If the property is sys.powerctl, we bypass the event queue and immediately handle it.
335 // This is to ensure that init will always and immediately shutdown/reboot, regardless of
336 // if there are other pending events to process or if init is waiting on an exec service or
337 // waiting on a property.
338 // In non-thermal-shutdown case, 'shutdown' trigger will be fired to let device specific
339 // commands to be executed.
340 if (name == "sys.powerctl") {
341 trigger_shutdown(value);
342 }
343
344 if (property_triggers_enabled) {
345 ActionManager::GetInstance().QueuePropertyChange(name, value);
346 WakeMainInitThread();
347 }
348
349 prop_waiter_state.CheckAndResetWait(name, value);
350 }
351
HandleProcessActions()352 static std::optional<boot_clock::time_point> HandleProcessActions() {
353 std::optional<boot_clock::time_point> next_process_action_time;
354 for (const auto& s : ServiceList::GetInstance()) {
355 if ((s->flags() & SVC_RUNNING) && s->timeout_period()) {
356 auto timeout_time = s->time_started() + *s->timeout_period();
357 if (boot_clock::now() > timeout_time) {
358 s->Timeout();
359 } else {
360 if (!next_process_action_time || timeout_time < *next_process_action_time) {
361 next_process_action_time = timeout_time;
362 }
363 }
364 }
365
366 if (!(s->flags() & SVC_RESTARTING)) continue;
367
368 auto restart_time = s->time_started() + s->restart_period();
369 if (boot_clock::now() > restart_time) {
370 if (auto result = s->Start(); !result.ok()) {
371 LOG(ERROR) << "Could not restart process '" << s->name() << "': " << result.error();
372 }
373 } else {
374 if (!next_process_action_time || restart_time < *next_process_action_time) {
375 next_process_action_time = restart_time;
376 }
377 }
378 }
379 return next_process_action_time;
380 }
381
DoControlStart(Service * service)382 static Result<void> DoControlStart(Service* service) {
383 return service->Start();
384 }
385
DoControlStop(Service * service)386 static Result<void> DoControlStop(Service* service) {
387 service->Stop();
388 return {};
389 }
390
DoControlRestart(Service * service)391 static Result<void> DoControlRestart(Service* service) {
392 service->Restart();
393 return {};
394 }
395
396 enum class ControlTarget {
397 SERVICE, // function gets called for the named service
398 INTERFACE, // action gets called for every service that holds this interface
399 };
400
401 using ControlMessageFunction = std::function<Result<void>(Service*)>;
402
GetControlMessageMap()403 static const std::map<std::string, ControlMessageFunction, std::less<>>& GetControlMessageMap() {
404 // clang-format off
405 static const std::map<std::string, ControlMessageFunction, std::less<>> control_message_functions = {
406 {"sigstop_on", [](auto* service) { service->set_sigstop(true); return Result<void>{}; }},
407 {"sigstop_off", [](auto* service) { service->set_sigstop(false); return Result<void>{}; }},
408 {"oneshot_on", [](auto* service) { service->set_oneshot(true); return Result<void>{}; }},
409 {"oneshot_off", [](auto* service) { service->set_oneshot(false); return Result<void>{}; }},
410 {"start", DoControlStart},
411 {"stop", DoControlStop},
412 {"restart", DoControlRestart},
413 };
414 // clang-format on
415
416 return control_message_functions;
417 }
418
HandleControlMessage(std::string_view message,const std::string & name,pid_t from_pid)419 static bool HandleControlMessage(std::string_view message, const std::string& name,
420 pid_t from_pid) {
421 std::string cmdline_path = StringPrintf("proc/%d/cmdline", from_pid);
422 std::string process_cmdline;
423 if (ReadFileToString(cmdline_path, &process_cmdline)) {
424 std::replace(process_cmdline.begin(), process_cmdline.end(), '\0', ' ');
425 process_cmdline = Trim(process_cmdline);
426 } else {
427 process_cmdline = "unknown process";
428 }
429
430 Service* service = nullptr;
431 auto action = message;
432 if (ConsumePrefix(&action, "interface_")) {
433 service = ServiceList::GetInstance().FindInterface(name);
434 } else {
435 service = ServiceList::GetInstance().FindService(name);
436 }
437
438 if (service == nullptr) {
439 LOG(ERROR) << "Control message: Could not find '" << name << "' for ctl." << message
440 << " from pid: " << from_pid << " (" << process_cmdline << ")";
441 return false;
442 }
443
444 const auto& map = GetControlMessageMap();
445 const auto it = map.find(action);
446 if (it == map.end()) {
447 LOG(ERROR) << "Unknown control msg '" << message << "'";
448 return false;
449 }
450 const auto& function = it->second;
451
452 if (auto result = function(service); !result.ok()) {
453 LOG(ERROR) << "Control message: Could not ctl." << message << " for '" << name
454 << "' from pid: " << from_pid << " (" << process_cmdline
455 << "): " << result.error();
456 return false;
457 }
458
459 LOG(INFO) << "Control message: Processed ctl." << message << " for '" << name
460 << "' from pid: " << from_pid << " (" << process_cmdline << ")";
461 return true;
462 }
463
QueueControlMessage(const std::string & message,const std::string & name,pid_t pid,int fd)464 bool QueueControlMessage(const std::string& message, const std::string& name, pid_t pid, int fd) {
465 auto lock = std::lock_guard{pending_control_messages_lock};
466 if (pending_control_messages.size() > 100) {
467 LOG(ERROR) << "Too many pending control messages, dropped '" << message << "' for '" << name
468 << "' from pid: " << pid;
469 return false;
470 }
471 pending_control_messages.push({message, name, pid, fd});
472 WakeMainInitThread();
473 return true;
474 }
475
HandleControlMessages()476 static void HandleControlMessages() {
477 auto lock = std::unique_lock{pending_control_messages_lock};
478 // Init historically would only execute handle one property message, including control messages
479 // in each iteration of its main loop. We retain this behavior here to prevent starvation of
480 // other actions in the main loop.
481 if (!pending_control_messages.empty()) {
482 auto control_message = pending_control_messages.front();
483 pending_control_messages.pop();
484 lock.unlock();
485
486 bool success = HandleControlMessage(control_message.message, control_message.name,
487 control_message.pid);
488
489 uint32_t response = success ? PROP_SUCCESS : PROP_ERROR_HANDLE_CONTROL_MESSAGE;
490 if (control_message.fd != -1) {
491 TEMP_FAILURE_RETRY(send(control_message.fd, &response, sizeof(response), 0));
492 close(control_message.fd);
493 }
494 lock.lock();
495 }
496 // If we still have items to process, make sure we wake back up to do so.
497 if (!pending_control_messages.empty()) {
498 WakeMainInitThread();
499 }
500 }
501
wait_for_coldboot_done_action(const BuiltinArguments & args)502 static Result<void> wait_for_coldboot_done_action(const BuiltinArguments& args) {
503 if (!prop_waiter_state.StartWaiting(kColdBootDoneProp, "true")) {
504 LOG(FATAL) << "Could not wait for '" << kColdBootDoneProp << "'";
505 }
506
507 return {};
508 }
509
SetupCgroupsAction(const BuiltinArguments &)510 static Result<void> SetupCgroupsAction(const BuiltinArguments&) {
511 // Have to create <CGROUPS_RC_DIR> using make_dir function
512 // for appropriate sepolicy to be set for it
513 make_dir(android::base::Dirname(CGROUPS_RC_PATH), 0711);
514 if (!CgroupSetup()) {
515 return ErrnoError() << "Failed to setup cgroups";
516 }
517
518 return {};
519 }
520
export_oem_lock_status()521 static void export_oem_lock_status() {
522 if (!android::base::GetBoolProperty("ro.oem_unlock_supported", false)) {
523 return;
524 }
525 SetProperty(
526 "ro.boot.flash.locked",
527 android::base::GetProperty("ro.boot.verifiedbootstate", "") == "orange" ? "0" : "1");
528 }
529
property_enable_triggers_action(const BuiltinArguments & args)530 static Result<void> property_enable_triggers_action(const BuiltinArguments& args) {
531 /* Enable property triggers. */
532 property_triggers_enabled = 1;
533 return {};
534 }
535
queue_property_triggers_action(const BuiltinArguments & args)536 static Result<void> queue_property_triggers_action(const BuiltinArguments& args) {
537 ActionManager::GetInstance().QueueBuiltinAction(property_enable_triggers_action, "enable_property_trigger");
538 ActionManager::GetInstance().QueueAllPropertyActions();
539 return {};
540 }
541
542 // Set the UDC controller for the ConfigFS USB Gadgets.
543 // Read the UDC controller in use from "/sys/class/udc".
544 // In case of multiple UDC controllers select the first one.
SetUsbController()545 static void SetUsbController() {
546 static auto controller_set = false;
547 if (controller_set) return;
548 std::unique_ptr<DIR, decltype(&closedir)>dir(opendir("/sys/class/udc"), closedir);
549 if (!dir) return;
550
551 dirent* dp;
552 while ((dp = readdir(dir.get())) != nullptr) {
553 if (dp->d_name[0] == '.') continue;
554
555 SetProperty("sys.usb.controller", dp->d_name);
556 controller_set = true;
557 break;
558 }
559 }
560
561 /// Set ro.kernel.version property to contain the major.minor pair as returned
562 /// by uname(2).
SetKernelVersion()563 static void SetKernelVersion() {
564 struct utsname uts;
565 unsigned int major, minor;
566
567 if ((uname(&uts) != 0) || (sscanf(uts.release, "%u.%u", &major, &minor) != 2)) {
568 LOG(ERROR) << "Could not parse the kernel version from uname";
569 return;
570 }
571 SetProperty("ro.kernel.version", android::base::StringPrintf("%u.%u", major, minor));
572 }
573
HandleSigtermSignal(const signalfd_siginfo & siginfo)574 static void HandleSigtermSignal(const signalfd_siginfo& siginfo) {
575 if (siginfo.ssi_pid != 0) {
576 // Drop any userspace SIGTERM requests.
577 LOG(DEBUG) << "Ignoring SIGTERM from pid " << siginfo.ssi_pid;
578 return;
579 }
580
581 HandlePowerctlMessage("shutdown,container");
582 }
583
584 static constexpr std::chrono::milliseconds kDiagnosticTimeout = 10s;
585
HandleSignalFd(bool one_off)586 static void HandleSignalFd(bool one_off) {
587 signalfd_siginfo siginfo;
588 auto started = std::chrono::steady_clock::now();
589 do {
590 ssize_t bytes_read = TEMP_FAILURE_RETRY(read(signal_fd, &siginfo, sizeof(siginfo)));
591 if (bytes_read < 0 && errno == EAGAIN) {
592 auto now = std::chrono::steady_clock::now();
593 std::chrono::duration<double> waited = now - started;
594 if (waited >= kDiagnosticTimeout) {
595 LOG(ERROR) << "epoll() woke us up, but we waited with no SIGCHLD!";
596 started = now;
597 }
598
599 std::this_thread::sleep_for(100ms);
600 continue;
601 }
602 if (bytes_read != sizeof(siginfo)) {
603 PLOG(ERROR) << "Failed to read siginfo from signal_fd";
604 return;
605 }
606 break;
607 } while (!one_off);
608
609 switch (siginfo.ssi_signo) {
610 case SIGCHLD:
611 ReapAnyOutstandingChildren();
612 break;
613 case SIGTERM:
614 HandleSigtermSignal(siginfo);
615 break;
616 default:
617 PLOG(ERROR) << "signal_fd: received unexpected signal " << siginfo.ssi_signo;
618 break;
619 }
620 }
621
UnblockSignals()622 static void UnblockSignals() {
623 const struct sigaction act { .sa_handler = SIG_DFL };
624 sigaction(SIGCHLD, &act, nullptr);
625
626 sigset_t mask;
627 sigemptyset(&mask);
628 sigaddset(&mask, SIGCHLD);
629 sigaddset(&mask, SIGTERM);
630
631 if (sigprocmask(SIG_UNBLOCK, &mask, nullptr) == -1) {
632 PLOG(FATAL) << "failed to unblock signals for PID " << getpid();
633 }
634 }
635
InstallSignalFdHandler(Epoll * epoll)636 static void InstallSignalFdHandler(Epoll* epoll) {
637 // Applying SA_NOCLDSTOP to a defaulted SIGCHLD handler prevents the signalfd from receiving
638 // SIGCHLD when a child process stops or continues (b/77867680#comment9).
639 const struct sigaction act { .sa_handler = SIG_DFL, .sa_flags = SA_NOCLDSTOP };
640 sigaction(SIGCHLD, &act, nullptr);
641
642 sigset_t mask;
643 sigemptyset(&mask);
644 sigaddset(&mask, SIGCHLD);
645
646 if (!IsRebootCapable()) {
647 // If init does not have the CAP_SYS_BOOT capability, it is running in a container.
648 // In that case, receiving SIGTERM will cause the system to shut down.
649 sigaddset(&mask, SIGTERM);
650 }
651
652 if (sigprocmask(SIG_BLOCK, &mask, nullptr) == -1) {
653 PLOG(FATAL) << "failed to block signals";
654 }
655
656 // Register a handler to unblock signals in the child processes.
657 const int result = pthread_atfork(nullptr, nullptr, &UnblockSignals);
658 if (result != 0) {
659 LOG(FATAL) << "Failed to register a fork handler: " << strerror(result);
660 }
661
662 signal_fd = signalfd(-1, &mask, SFD_CLOEXEC | SFD_NONBLOCK);
663 if (signal_fd == -1) {
664 PLOG(FATAL) << "failed to create signalfd";
665 }
666
667 constexpr int flags = EPOLLIN | EPOLLPRI;
668 auto handler = std::bind(HandleSignalFd, false);
669 if (auto result = epoll->RegisterHandler(signal_fd, handler, flags); !result.ok()) {
670 LOG(FATAL) << result.error();
671 }
672 }
673
HandleKeychord(const std::vector<int> & keycodes)674 void HandleKeychord(const std::vector<int>& keycodes) {
675 // Only handle keychords if adb is enabled.
676 std::string adb_enabled = android::base::GetProperty("init.svc.adbd", "");
677 if (adb_enabled != "running") {
678 LOG(WARNING) << "Not starting service for keychord " << android::base::Join(keycodes, ' ')
679 << " because ADB is disabled";
680 return;
681 }
682
683 auto found = false;
684 for (const auto& service : ServiceList::GetInstance()) {
685 auto svc = service.get();
686 if (svc->keycodes() == keycodes) {
687 found = true;
688 LOG(INFO) << "Starting service '" << svc->name() << "' from keychord "
689 << android::base::Join(keycodes, ' ');
690 if (auto result = svc->Start(); !result.ok()) {
691 LOG(ERROR) << "Could not start service '" << svc->name() << "' from keychord "
692 << android::base::Join(keycodes, ' ') << ": " << result.error();
693 }
694 }
695 }
696 if (!found) {
697 LOG(ERROR) << "Service for keychord " << android::base::Join(keycodes, ' ') << " not found";
698 }
699 }
700
UmountDebugRamdisk()701 static void UmountDebugRamdisk() {
702 if (umount("/debug_ramdisk") != 0) {
703 PLOG(ERROR) << "Failed to umount /debug_ramdisk";
704 }
705 }
706
UmountSecondStageRes()707 static void UmountSecondStageRes() {
708 if (umount(kSecondStageRes) != 0) {
709 PLOG(ERROR) << "Failed to umount " << kSecondStageRes;
710 }
711 }
712
MountExtraFilesystems()713 static void MountExtraFilesystems() {
714 #define CHECKCALL(x) \
715 if ((x) != 0) PLOG(FATAL) << #x " failed.";
716
717 // /apex is used to mount APEXes
718 CHECKCALL(mount("tmpfs", "/apex", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
719 "mode=0755,uid=0,gid=0"));
720
721 // /linkerconfig is used to keep generated linker configuration
722 CHECKCALL(mount("tmpfs", "/linkerconfig", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
723 "mode=0755,uid=0,gid=0"));
724 #undef CHECKCALL
725 }
726
RecordStageBoottimes(const boot_clock::time_point & second_stage_start_time)727 static void RecordStageBoottimes(const boot_clock::time_point& second_stage_start_time) {
728 int64_t first_stage_start_time_ns = -1;
729 if (auto first_stage_start_time_str = getenv(kEnvFirstStageStartedAt);
730 first_stage_start_time_str) {
731 SetProperty("ro.boottime.init", first_stage_start_time_str);
732 android::base::ParseInt(first_stage_start_time_str, &first_stage_start_time_ns);
733 }
734 unsetenv(kEnvFirstStageStartedAt);
735
736 int64_t selinux_start_time_ns = -1;
737 if (auto selinux_start_time_str = getenv(kEnvSelinuxStartedAt); selinux_start_time_str) {
738 android::base::ParseInt(selinux_start_time_str, &selinux_start_time_ns);
739 }
740 unsetenv(kEnvSelinuxStartedAt);
741
742 if (selinux_start_time_ns == -1) return;
743 if (first_stage_start_time_ns == -1) return;
744
745 SetProperty("ro.boottime.init.first_stage",
746 std::to_string(selinux_start_time_ns - first_stage_start_time_ns));
747 SetProperty("ro.boottime.init.selinux",
748 std::to_string(second_stage_start_time.time_since_epoch().count() -
749 selinux_start_time_ns));
750 if (auto init_module_time_str = getenv(kEnvInitModuleDurationMs); init_module_time_str) {
751 SetProperty("ro.boottime.init.modules", init_module_time_str);
752 unsetenv(kEnvInitModuleDurationMs);
753 }
754 }
755
SendLoadPersistentPropertiesMessage()756 void SendLoadPersistentPropertiesMessage() {
757 auto init_message = InitMessage{};
758 init_message.set_load_persistent_properties(true);
759 if (auto result = SendMessage(property_fd, init_message); !result.ok()) {
760 LOG(ERROR) << "Failed to send load persistent properties message: " << result.error();
761 }
762 }
763
ConnectEarlyStageSnapuserdAction(const BuiltinArguments & args)764 static Result<void> ConnectEarlyStageSnapuserdAction(const BuiltinArguments& args) {
765 auto pid = GetSnapuserdFirstStagePid();
766 if (!pid) {
767 return {};
768 }
769
770 auto info = GetSnapuserdFirstStageInfo();
771 if (auto iter = std::find(info.begin(), info.end(), "socket"s); iter == info.end()) {
772 // snapuserd does not support socket handoff, so exit early.
773 return {};
774 }
775
776 // Socket handoff is supported.
777 auto svc = ServiceList::GetInstance().FindService("snapuserd");
778 if (!svc) {
779 LOG(FATAL) << "Failed to find snapuserd service entry";
780 }
781
782 svc->SetShutdownCritical();
783 svc->SetStartedInFirstStage(*pid);
784
785 svc = ServiceList::GetInstance().FindService("snapuserd_proxy");
786 if (!svc) {
787 LOG(FATAL) << "Failed find snapuserd_proxy service entry, merge will never initiate";
788 }
789 if (!svc->MarkSocketPersistent("snapuserd")) {
790 LOG(FATAL) << "Could not find snapuserd socket in snapuserd_proxy service entry";
791 }
792 if (auto result = svc->Start(); !result.ok()) {
793 LOG(FATAL) << "Could not start snapuserd_proxy: " << result.error();
794 }
795 return {};
796 }
797
DumpPidFds(const std::string & prefix,pid_t pid)798 static void DumpPidFds(const std::string& prefix, pid_t pid) {
799 std::error_code ec;
800 std::string proc_dir = "/proc/" + std::to_string(pid) + "/fd";
801 for (const auto& entry : std::filesystem::directory_iterator(proc_dir)) {
802 std::string target;
803 if (android::base::Readlink(entry.path(), &target)) {
804 LOG(ERROR) << prefix << target;
805 } else {
806 LOG(ERROR) << prefix << entry.path();
807 }
808 }
809 }
810
DumpFile(const std::string & prefix,const std::string & file)811 static void DumpFile(const std::string& prefix, const std::string& file) {
812 std::ifstream fp(file);
813 if (!fp) {
814 LOG(ERROR) << "Could not open " << file;
815 return;
816 }
817
818 std::string line;
819 while (std::getline(fp, line)) {
820 LOG(ERROR) << prefix << line;
821 }
822 }
823
SecondStageMain(int argc,char ** argv)824 int SecondStageMain(int argc, char** argv) {
825 if (REBOOT_BOOTLOADER_ON_PANIC) {
826 InstallRebootSignalHandlers();
827 }
828
829 // No threads should be spin up until signalfd
830 // is registered. If the threads are indeed required,
831 // each of these threads _should_ make sure SIGCHLD signal
832 // is blocked. See b/223076262
833 boot_clock::time_point start_time = boot_clock::now();
834
835 trigger_shutdown = [](const std::string& command) { shutdown_state.TriggerShutdown(command); };
836
837 SetStdioToDevNull(argv);
838 InitKernelLogging(argv);
839 LOG(INFO) << "init second stage started!";
840
841 // Update $PATH in the case the second stage init is newer than first stage init, where it is
842 // first set.
843 if (setenv("PATH", _PATH_DEFPATH, 1) != 0) {
844 PLOG(FATAL) << "Could not set $PATH to '" << _PATH_DEFPATH << "' in second stage";
845 }
846
847 // Init should not crash because of a dependence on any other process, therefore we ignore
848 // SIGPIPE and handle EPIPE at the call site directly. Note that setting a signal to SIG_IGN
849 // is inherited across exec, but custom signal handlers are not. Since we do not want to
850 // ignore SIGPIPE for child processes, we set a no-op function for the signal handler instead.
851 {
852 struct sigaction action = {.sa_flags = SA_RESTART};
853 action.sa_handler = [](int) {};
854 sigaction(SIGPIPE, &action, nullptr);
855 }
856
857 // Set init and its forked children's oom_adj.
858 if (auto result =
859 WriteFile("/proc/1/oom_score_adj", StringPrintf("%d", DEFAULT_OOM_SCORE_ADJUST));
860 !result.ok()) {
861 LOG(ERROR) << "Unable to write " << DEFAULT_OOM_SCORE_ADJUST
862 << " to /proc/1/oom_score_adj: " << result.error();
863 }
864
865 // Set up a session keyring that all processes will have access to. It
866 // will hold things like FBE encryption keys. No process should override
867 // its session keyring.
868 keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 1);
869
870 // Indicate that booting is in progress to background fw loaders, etc.
871 close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000));
872
873 // See if need to load debug props to allow adb root, when the device is unlocked.
874 const char* force_debuggable_env = getenv("INIT_FORCE_DEBUGGABLE");
875 bool load_debug_prop = false;
876 if (force_debuggable_env && AvbHandle::IsDeviceUnlocked()) {
877 load_debug_prop = "true"s == force_debuggable_env;
878 }
879 unsetenv("INIT_FORCE_DEBUGGABLE");
880
881 // Umount the debug ramdisk so property service doesn't read .prop files from there, when it
882 // is not meant to.
883 if (!load_debug_prop) {
884 UmountDebugRamdisk();
885 }
886
887 PropertyInit();
888
889 // Umount second stage resources after property service has read the .prop files.
890 UmountSecondStageRes();
891
892 // Umount the debug ramdisk after property service has read the .prop files when it means to.
893 if (load_debug_prop) {
894 UmountDebugRamdisk();
895 }
896
897 // Mount extra filesystems required during second stage init
898 MountExtraFilesystems();
899
900 // Now set up SELinux for second stage.
901 SelinuxSetupKernelLogging();
902 SelabelInitialize();
903 SelinuxRestoreContext();
904
905 Epoll epoll;
906 if (auto result = epoll.Open(); !result.ok()) {
907 PLOG(FATAL) << result.error();
908 }
909
910 InstallSignalFdHandler(&epoll);
911 InstallInitNotifier(&epoll);
912 StartPropertyService(&property_fd);
913
914 // Make the time that init stages started available for bootstat to log.
915 RecordStageBoottimes(start_time);
916
917 // Set libavb version for Framework-only OTA match in Treble build.
918 if (const char* avb_version = getenv("INIT_AVB_VERSION"); avb_version != nullptr) {
919 SetProperty("ro.boot.avb_version", avb_version);
920 }
921 unsetenv("INIT_AVB_VERSION");
922
923 fs_mgr_vendor_overlay_mount_all();
924 export_oem_lock_status();
925 MountHandler mount_handler(&epoll);
926 SetUsbController();
927 SetKernelVersion();
928
929 const BuiltinFunctionMap& function_map = GetBuiltinFunctionMap();
930 Action::set_function_map(&function_map);
931
932 if (!SetupMountNamespaces()) {
933 PLOG(FATAL) << "SetupMountNamespaces failed";
934 }
935
936 InitializeSubcontext();
937
938 ActionManager& am = ActionManager::GetInstance();
939 ServiceList& sm = ServiceList::GetInstance();
940
941 LoadBootScripts(am, sm);
942
943 // Turning this on and letting the INFO logging be discarded adds 0.2s to
944 // Nexus 9 boot time, so it's disabled by default.
945 if (false) DumpState();
946
947 // Make the GSI status available before scripts start running.
948 auto is_running = android::gsi::IsGsiRunning() ? "1" : "0";
949 SetProperty(gsi::kGsiBootedProp, is_running);
950 auto is_installed = android::gsi::IsGsiInstalled() ? "1" : "0";
951 SetProperty(gsi::kGsiInstalledProp, is_installed);
952
953 am.QueueBuiltinAction(SetupCgroupsAction, "SetupCgroups");
954 am.QueueBuiltinAction(SetKptrRestrictAction, "SetKptrRestrict");
955 am.QueueBuiltinAction(TestPerfEventSelinuxAction, "TestPerfEventSelinux");
956 am.QueueBuiltinAction(ConnectEarlyStageSnapuserdAction, "ConnectEarlyStageSnapuserd");
957 am.QueueEventTrigger("early-init");
958
959 // Queue an action that waits for coldboot done so we know ueventd has set up all of /dev...
960 am.QueueBuiltinAction(wait_for_coldboot_done_action, "wait_for_coldboot_done");
961 // ... so that we can start queuing up actions that require stuff from /dev.
962 am.QueueBuiltinAction(SetMmapRndBitsAction, "SetMmapRndBits");
963 Keychords keychords;
964 am.QueueBuiltinAction(
965 [&epoll, &keychords](const BuiltinArguments& args) -> Result<void> {
966 for (const auto& svc : ServiceList::GetInstance()) {
967 keychords.Register(svc->keycodes());
968 }
969 keychords.Start(&epoll, HandleKeychord);
970 return {};
971 },
972 "KeychordInit");
973
974 // Trigger all the boot actions to get us started.
975 am.QueueEventTrigger("init");
976
977 // Don't mount filesystems or start core system services in charger mode.
978 std::string bootmode = GetProperty("ro.bootmode", "");
979 if (bootmode == "charger") {
980 am.QueueEventTrigger("charger");
981 } else {
982 am.QueueEventTrigger("late-init");
983 }
984
985 // Run all property triggers based on current state of the properties.
986 am.QueueBuiltinAction(queue_property_triggers_action, "queue_property_triggers");
987
988 // Restore prio before main loop
989 setpriority(PRIO_PROCESS, 0, 0);
990 while (true) {
991 // By default, sleep until something happens.
992 auto epoll_timeout = std::optional<std::chrono::milliseconds>{kDiagnosticTimeout};
993
994 auto shutdown_command = shutdown_state.CheckShutdown();
995 if (shutdown_command) {
996 LOG(INFO) << "Got shutdown_command '" << *shutdown_command
997 << "' Calling HandlePowerctlMessage()";
998 HandlePowerctlMessage(*shutdown_command);
999 shutdown_state.set_do_shutdown(false);
1000 }
1001
1002 if (!(prop_waiter_state.MightBeWaiting() || Service::is_exec_service_running())) {
1003 am.ExecuteOneCommand();
1004 }
1005 if (!IsShuttingDown()) {
1006 auto next_process_action_time = HandleProcessActions();
1007
1008 // If there's a process that needs restarting, wake up in time for that.
1009 if (next_process_action_time) {
1010 epoll_timeout = std::chrono::ceil<std::chrono::milliseconds>(
1011 *next_process_action_time - boot_clock::now());
1012 if (*epoll_timeout < 0ms) epoll_timeout = 0ms;
1013 }
1014 }
1015
1016 if (!(prop_waiter_state.MightBeWaiting() || Service::is_exec_service_running())) {
1017 // If there's more work to do, wake up again immediately.
1018 if (am.HasMoreCommands()) epoll_timeout = 0ms;
1019 }
1020
1021 auto pending_functions = epoll.Wait(epoll_timeout);
1022 if (!pending_functions.ok()) {
1023 LOG(ERROR) << pending_functions.error();
1024 } else if (!pending_functions->empty()) {
1025 // We always reap children before responding to the other pending functions. This is to
1026 // prevent a race where other daemons see that a service has exited and ask init to
1027 // start it again via ctl.start before init has reaped it.
1028 ReapAnyOutstandingChildren();
1029 for (const auto& function : *pending_functions) {
1030 (*function)();
1031 }
1032 } else if (Service::is_exec_service_running()) {
1033 static bool dumped_diagnostics = false;
1034 std::chrono::duration<double> waited =
1035 std::chrono::steady_clock::now() - Service::exec_service_started();
1036 if (waited >= kDiagnosticTimeout) {
1037 LOG(ERROR) << "Exec service is hung? Waited " << waited.count()
1038 << " without SIGCHLD";
1039 if (!dumped_diagnostics) {
1040 DumpPidFds("exec service opened: ", Service::exec_service_pid());
1041
1042 std::string status_file =
1043 "/proc/" + std::to_string(Service::exec_service_pid()) + "/status";
1044 DumpFile("exec service: ", status_file);
1045 dumped_diagnostics = true;
1046
1047 LOG(INFO) << "Attempting to handle any stuck SIGCHLDs...";
1048 HandleSignalFd(true);
1049 }
1050 }
1051 }
1052 if (!IsShuttingDown()) {
1053 HandleControlMessages();
1054 SetUsbController();
1055 }
1056 }
1057
1058 return 0;
1059 }
1060
1061 } // namespace init
1062 } // namespace android
1063