1 /*
2 * Copyright (C) 2018 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "first_stage_init.h"
18
19 #include <dirent.h>
20 #include <fcntl.h>
21 #include <paths.h>
22 #include <stdlib.h>
23 #include <sys/mount.h>
24 #include <sys/stat.h>
25 #include <sys/sysmacros.h>
26 #include <sys/types.h>
27 #include <sys/utsname.h>
28 #include <unistd.h>
29
30 #include <chrono>
31 #include <filesystem>
32 #include <string>
33 #include <vector>
34
35 #include <android-base/chrono_utils.h>
36 #include <android-base/file.h>
37 #include <android-base/logging.h>
38 #include <modprobe/modprobe.h>
39 #include <private/android_filesystem_config.h>
40
41 #include "debug_ramdisk.h"
42 #include "first_stage_console.h"
43 #include "first_stage_mount.h"
44 #include "reboot_utils.h"
45 #include "second_stage_resources.h"
46 #include "snapuserd_transition.h"
47 #include "switch_root.h"
48 #include "util.h"
49
50 using android::base::boot_clock;
51
52 using namespace std::literals;
53
54 namespace fs = std::filesystem;
55
56 namespace android {
57 namespace init {
58
59 namespace {
60
FreeRamdisk(DIR * dir,dev_t dev)61 void FreeRamdisk(DIR* dir, dev_t dev) {
62 int dfd = dirfd(dir);
63
64 dirent* de;
65 while ((de = readdir(dir)) != nullptr) {
66 if (de->d_name == "."s || de->d_name == ".."s) {
67 continue;
68 }
69
70 bool is_dir = false;
71
72 if (de->d_type == DT_DIR || de->d_type == DT_UNKNOWN) {
73 struct stat info;
74 if (fstatat(dfd, de->d_name, &info, AT_SYMLINK_NOFOLLOW) != 0) {
75 continue;
76 }
77
78 if (info.st_dev != dev) {
79 continue;
80 }
81
82 if (S_ISDIR(info.st_mode)) {
83 is_dir = true;
84 auto fd = openat(dfd, de->d_name, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
85 if (fd >= 0) {
86 auto subdir =
87 std::unique_ptr<DIR, decltype(&closedir)>{fdopendir(fd), closedir};
88 if (subdir) {
89 FreeRamdisk(subdir.get(), dev);
90 } else {
91 close(fd);
92 }
93 }
94 }
95 } else if (de->d_type == DT_REG) {
96 // Do not free snapuserd if we will need the ramdisk copy during the
97 // selinux transition.
98 if (de->d_name == "snapuserd"s && IsFirstStageSnapuserdRunning()) {
99 continue;
100 }
101 }
102 unlinkat(dfd, de->d_name, is_dir ? AT_REMOVEDIR : 0);
103 }
104 }
105
ForceNormalBoot(const std::string & cmdline,const std::string & bootconfig)106 bool ForceNormalBoot(const std::string& cmdline, const std::string& bootconfig) {
107 return bootconfig.find("androidboot.force_normal_boot = \"1\"") != std::string::npos ||
108 cmdline.find("androidboot.force_normal_boot=1") != std::string::npos;
109 }
110
Copy(const char * src,const char * dst)111 static void Copy(const char* src, const char* dst) {
112 if (link(src, dst) == 0) {
113 LOG(INFO) << "hard linking " << src << " to " << dst << " succeeded";
114 return;
115 }
116 PLOG(FATAL) << "hard linking " << src << " to " << dst << " failed";
117 }
118
119 // Move snapuserd before switching root, so that it is available at the same path
120 // after switching root.
PrepareSwitchRoot()121 void PrepareSwitchRoot() {
122 static constexpr const auto& snapuserd = "/system/bin/snapuserd";
123 static constexpr const auto& snapuserd_ramdisk = "/system/bin/snapuserd_ramdisk";
124 static constexpr const auto& dst = "/first_stage_ramdisk/system/bin/snapuserd";
125
126 if (access(dst, X_OK) == 0) {
127 LOG(INFO) << dst << " already exists and it can be executed";
128 return;
129 }
130 auto dst_dir = android::base::Dirname(dst);
131 std::error_code ec;
132 if (access(dst_dir.c_str(), F_OK) != 0) {
133 if (!fs::create_directories(dst_dir, ec)) {
134 LOG(FATAL) << "Cannot create " << dst_dir << ": " << ec.message();
135 }
136 }
137
138 // prefer the generic ramdisk copy of snapuserd, because that's on system side of treble
139 // boundary, and therefore is more likely to be updated along with the Android platform.
140 // The vendor ramdisk copy might be under vendor freeze, or vendor might choose not to update
141 // it.
142 if (access(snapuserd_ramdisk, F_OK) == 0) {
143 LOG(INFO) << "Using generic ramdisk copy of snapuserd " << snapuserd_ramdisk;
144 Copy(snapuserd_ramdisk, dst);
145 } else if (access(snapuserd, F_OK) == 0) {
146 LOG(INFO) << "Using vendor ramdisk copy of snapuserd " << snapuserd;
147 Copy(snapuserd, dst);
148 }
149 }
150 } // namespace
151
GetModuleLoadList(bool recovery,const std::string & dir_path)152 std::string GetModuleLoadList(bool recovery, const std::string& dir_path) {
153 auto module_load_file = "modules.load";
154 if (recovery) {
155 struct stat fileStat;
156 std::string recovery_load_path = dir_path + "/modules.load.recovery";
157 if (!stat(recovery_load_path.c_str(), &fileStat)) {
158 module_load_file = "modules.load.recovery";
159 }
160 }
161
162 return module_load_file;
163 }
164
165 #define MODULE_BASE_DIR "/lib/modules"
LoadKernelModules(bool recovery,bool want_console,bool want_parallel,int & modules_loaded)166 bool LoadKernelModules(bool recovery, bool want_console, bool want_parallel, int& modules_loaded) {
167 struct utsname uts;
168 if (uname(&uts)) {
169 LOG(FATAL) << "Failed to get kernel version.";
170 }
171 int major, minor;
172 if (sscanf(uts.release, "%d.%d", &major, &minor) != 2) {
173 LOG(FATAL) << "Failed to parse kernel version " << uts.release;
174 }
175
176 std::unique_ptr<DIR, decltype(&closedir)> base_dir(opendir(MODULE_BASE_DIR), closedir);
177 if (!base_dir) {
178 LOG(INFO) << "Unable to open /lib/modules, skipping module loading.";
179 return true;
180 }
181 dirent* entry;
182 std::vector<std::string> module_dirs;
183 while ((entry = readdir(base_dir.get()))) {
184 if (entry->d_type != DT_DIR) {
185 continue;
186 }
187 int dir_major, dir_minor;
188 if (sscanf(entry->d_name, "%d.%d", &dir_major, &dir_minor) != 2 || dir_major != major ||
189 dir_minor != minor) {
190 continue;
191 }
192 module_dirs.emplace_back(entry->d_name);
193 }
194
195 // Sort the directories so they are iterated over during module loading
196 // in a consistent order. Alphabetical sorting is fine here because the
197 // kernel version at the beginning of the directory name must match the
198 // current kernel version, so the sort only applies to a label that
199 // follows the kernel version, for example /lib/modules/5.4 vs.
200 // /lib/modules/5.4-gki.
201 std::sort(module_dirs.begin(), module_dirs.end());
202
203 for (const auto& module_dir : module_dirs) {
204 std::string dir_path = MODULE_BASE_DIR "/";
205 dir_path.append(module_dir);
206 Modprobe m({dir_path}, GetModuleLoadList(recovery, dir_path));
207 bool retval = m.LoadListedModules(!want_console);
208 modules_loaded = m.GetModuleCount();
209 if (modules_loaded > 0) {
210 return retval;
211 }
212 }
213
214 Modprobe m({MODULE_BASE_DIR}, GetModuleLoadList(recovery, MODULE_BASE_DIR));
215 bool retval = (want_parallel) ? m.LoadModulesParallel(std::thread::hardware_concurrency())
216 : m.LoadListedModules(!want_console);
217 modules_loaded = m.GetModuleCount();
218 if (modules_loaded > 0) {
219 return retval;
220 }
221 return true;
222 }
223
FirstStageMain(int argc,char ** argv)224 int FirstStageMain(int argc, char** argv) {
225 if (REBOOT_BOOTLOADER_ON_PANIC) {
226 InstallRebootSignalHandlers();
227 }
228
229 boot_clock::time_point start_time = boot_clock::now();
230
231 std::vector<std::pair<std::string, int>> errors;
232 #define CHECKCALL(x) \
233 if ((x) != 0) errors.emplace_back(#x " failed", errno);
234
235 // Clear the umask.
236 umask(0);
237
238 CHECKCALL(clearenv());
239 CHECKCALL(setenv("PATH", _PATH_DEFPATH, 1));
240 // Get the basic filesystem setup we need put together in the initramdisk
241 // on / and then we'll let the rc file figure out the rest.
242 CHECKCALL(mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"));
243 CHECKCALL(mkdir("/dev/pts", 0755));
244 CHECKCALL(mkdir("/dev/socket", 0755));
245 CHECKCALL(mkdir("/dev/dm-user", 0755));
246 CHECKCALL(mount("devpts", "/dev/pts", "devpts", 0, NULL));
247 #define MAKE_STR(x) __STRING(x)
248 CHECKCALL(mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC)));
249 #undef MAKE_STR
250 // Don't expose the raw commandline to unprivileged processes.
251 CHECKCALL(chmod("/proc/cmdline", 0440));
252 std::string cmdline;
253 android::base::ReadFileToString("/proc/cmdline", &cmdline);
254 // Don't expose the raw bootconfig to unprivileged processes.
255 chmod("/proc/bootconfig", 0440);
256 std::string bootconfig;
257 android::base::ReadFileToString("/proc/bootconfig", &bootconfig);
258 gid_t groups[] = {AID_READPROC};
259 CHECKCALL(setgroups(arraysize(groups), groups));
260 CHECKCALL(mount("sysfs", "/sys", "sysfs", 0, NULL));
261 CHECKCALL(mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL));
262
263 CHECKCALL(mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)));
264
265 if constexpr (WORLD_WRITABLE_KMSG) {
266 CHECKCALL(mknod("/dev/kmsg_debug", S_IFCHR | 0622, makedev(1, 11)));
267 }
268
269 CHECKCALL(mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8)));
270 CHECKCALL(mknod("/dev/urandom", S_IFCHR | 0666, makedev(1, 9)));
271
272 // This is needed for log wrapper, which gets called before ueventd runs.
273 CHECKCALL(mknod("/dev/ptmx", S_IFCHR | 0666, makedev(5, 2)));
274 CHECKCALL(mknod("/dev/null", S_IFCHR | 0666, makedev(1, 3)));
275
276 // These below mounts are done in first stage init so that first stage mount can mount
277 // subdirectories of /mnt/{vendor,product}/. Other mounts, not required by first stage mount,
278 // should be done in rc files.
279 // Mount staging areas for devices managed by vold
280 // See storage config details at http://source.android.com/devices/storage/
281 CHECKCALL(mount("tmpfs", "/mnt", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
282 "mode=0755,uid=0,gid=1000"));
283 // /mnt/vendor is used to mount vendor-specific partitions that can not be
284 // part of the vendor partition, e.g. because they are mounted read-write.
285 CHECKCALL(mkdir("/mnt/vendor", 0755));
286 // /mnt/product is used to mount product-specific partitions that can not be
287 // part of the product partition, e.g. because they are mounted read-write.
288 CHECKCALL(mkdir("/mnt/product", 0755));
289
290 // /debug_ramdisk is used to preserve additional files from the debug ramdisk
291 CHECKCALL(mount("tmpfs", "/debug_ramdisk", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
292 "mode=0755,uid=0,gid=0"));
293
294 // /second_stage_resources is used to preserve files from first to second
295 // stage init
296 CHECKCALL(mount("tmpfs", kSecondStageRes, "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
297 "mode=0755,uid=0,gid=0"))
298 #undef CHECKCALL
299
300 SetStdioToDevNull(argv);
301 // Now that tmpfs is mounted on /dev and we have /dev/kmsg, we can actually
302 // talk to the outside world...
303 InitKernelLogging(argv);
304
305 if (!errors.empty()) {
306 for (const auto& [error_string, error_errno] : errors) {
307 LOG(ERROR) << error_string << " " << strerror(error_errno);
308 }
309 LOG(FATAL) << "Init encountered errors starting first stage, aborting";
310 }
311
312 LOG(INFO) << "init first stage started!";
313
314 auto old_root_dir = std::unique_ptr<DIR, decltype(&closedir)>{opendir("/"), closedir};
315 if (!old_root_dir) {
316 PLOG(ERROR) << "Could not opendir(\"/\"), not freeing ramdisk";
317 }
318
319 struct stat old_root_info;
320 if (stat("/", &old_root_info) != 0) {
321 PLOG(ERROR) << "Could not stat(\"/\"), not freeing ramdisk";
322 old_root_dir.reset();
323 }
324
325 auto want_console = ALLOW_FIRST_STAGE_CONSOLE ? FirstStageConsole(cmdline, bootconfig) : 0;
326 auto want_parallel =
327 bootconfig.find("androidboot.load_modules_parallel = \"true\"") != std::string::npos;
328
329 boot_clock::time_point module_start_time = boot_clock::now();
330 int module_count = 0;
331 if (!LoadKernelModules(IsRecoveryMode() && !ForceNormalBoot(cmdline, bootconfig), want_console,
332 want_parallel, module_count)) {
333 if (want_console != FirstStageConsoleParam::DISABLED) {
334 LOG(ERROR) << "Failed to load kernel modules, starting console";
335 } else {
336 LOG(FATAL) << "Failed to load kernel modules";
337 }
338 }
339 if (module_count > 0) {
340 auto module_elapse_time = std::chrono::duration_cast<std::chrono::milliseconds>(
341 boot_clock::now() - module_start_time);
342 setenv(kEnvInitModuleDurationMs, std::to_string(module_elapse_time.count()).c_str(), 1);
343 LOG(INFO) << "Loaded " << module_count << " kernel modules took "
344 << module_elapse_time.count() << " ms";
345 }
346
347 bool created_devices = false;
348 if (want_console == FirstStageConsoleParam::CONSOLE_ON_FAILURE) {
349 if (!IsRecoveryMode()) {
350 created_devices = DoCreateDevices();
351 if (!created_devices) {
352 LOG(ERROR) << "Failed to create device nodes early";
353 }
354 }
355 StartConsole(cmdline);
356 }
357
358 if (access(kBootImageRamdiskProp, F_OK) == 0) {
359 std::string dest = GetRamdiskPropForSecondStage();
360 std::string dir = android::base::Dirname(dest);
361 std::error_code ec;
362 if (!fs::create_directories(dir, ec) && !!ec) {
363 LOG(FATAL) << "Can't mkdir " << dir << ": " << ec.message();
364 }
365 if (!fs::copy_file(kBootImageRamdiskProp, dest, ec)) {
366 LOG(FATAL) << "Can't copy " << kBootImageRamdiskProp << " to " << dest << ": "
367 << ec.message();
368 }
369 LOG(INFO) << "Copied ramdisk prop to " << dest;
370 }
371
372 // If "/force_debuggable" is present, the second-stage init will use a userdebug
373 // sepolicy and load adb_debug.prop to allow adb root, if the device is unlocked.
374 if (access("/force_debuggable", F_OK) == 0) {
375 constexpr const char adb_debug_prop_src[] = "/adb_debug.prop";
376 constexpr const char userdebug_plat_sepolicy_cil_src[] = "/userdebug_plat_sepolicy.cil";
377 std::error_code ec; // to invoke the overloaded copy_file() that won't throw.
378 if (access(adb_debug_prop_src, F_OK) == 0 &&
379 !fs::copy_file(adb_debug_prop_src, kDebugRamdiskProp, ec)) {
380 LOG(WARNING) << "Can't copy " << adb_debug_prop_src << " to " << kDebugRamdiskProp
381 << ": " << ec.message();
382 }
383 if (access(userdebug_plat_sepolicy_cil_src, F_OK) == 0 &&
384 !fs::copy_file(userdebug_plat_sepolicy_cil_src, kDebugRamdiskSEPolicy, ec)) {
385 LOG(WARNING) << "Can't copy " << userdebug_plat_sepolicy_cil_src << " to "
386 << kDebugRamdiskSEPolicy << ": " << ec.message();
387 }
388 // setenv for second-stage init to read above kDebugRamdisk* files.
389 setenv("INIT_FORCE_DEBUGGABLE", "true", 1);
390 }
391
392 if (ForceNormalBoot(cmdline, bootconfig)) {
393 mkdir("/first_stage_ramdisk", 0755);
394 PrepareSwitchRoot();
395 // SwitchRoot() must be called with a mount point as the target, so we bind mount the
396 // target directory to itself here.
397 if (mount("/first_stage_ramdisk", "/first_stage_ramdisk", nullptr, MS_BIND, nullptr) != 0) {
398 PLOG(FATAL) << "Could not bind mount /first_stage_ramdisk to itself";
399 }
400 SwitchRoot("/first_stage_ramdisk");
401 }
402
403 if (!DoFirstStageMount(!created_devices)) {
404 LOG(FATAL) << "Failed to mount required partitions early ...";
405 }
406
407 struct stat new_root_info;
408 if (stat("/", &new_root_info) != 0) {
409 PLOG(ERROR) << "Could not stat(\"/\"), not freeing ramdisk";
410 old_root_dir.reset();
411 }
412
413 if (old_root_dir && old_root_info.st_dev != new_root_info.st_dev) {
414 FreeRamdisk(old_root_dir.get(), old_root_info.st_dev);
415 }
416
417 SetInitAvbVersionInRecovery();
418
419 setenv(kEnvFirstStageStartedAt, std::to_string(start_time.time_since_epoch().count()).c_str(),
420 1);
421
422 const char* path = "/system/bin/init";
423 const char* args[] = {path, "selinux_setup", nullptr};
424 auto fd = open("/dev/kmsg", O_WRONLY | O_CLOEXEC);
425 dup2(fd, STDOUT_FILENO);
426 dup2(fd, STDERR_FILENO);
427 close(fd);
428 execv(path, const_cast<char**>(args));
429
430 // execv() only returns if an error happened, in which case we
431 // panic and never fall through this conditional.
432 PLOG(FATAL) << "execv(\"" << path << "\") failed";
433
434 return 1;
435 }
436
437 } // namespace init
438 } // namespace android
439