1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <ctype.h> 18 #include <dirent.h> 19 #include <errno.h> 20 #include <fcntl.h> 21 #include <fstream> 22 #include <libgen.h> 23 #include <paths.h> 24 #include <signal.h> 25 #include <stdarg.h> 26 #include <stdio.h> 27 #include <stdlib.h> 28 #include <string.h> 29 #include <sys/epoll.h> 30 #include <sys/mount.h> 31 #include <sys/socket.h> 32 #include <sys/stat.h> 33 #include <sys/types.h> 34 #include <sys/un.h> 35 #include <sys/wait.h> 36 #include <unistd.h> 37 38 #include <mtd/mtd-user.h> 39 40 #include <selinux/selinux.h> 41 #include <selinux/label.h> 42 #include <selinux/android.h> 43 44 #include <android-base/file.h> 45 #include <android-base/stringprintf.h> 46 #include <android-base/strings.h> 47 #include <cutils/android_reboot.h> 48 #include <cutils/fs.h> 49 #include <cutils/iosched_policy.h> 50 #include <cutils/list.h> 51 #include <cutils/sockets.h> 52 #include <private/android_filesystem_config.h> 53 54 #include <memory> 55 56 #include "action.h" 57 #include "bootchart.h" 58 #include "devices.h" 59 #include "import_parser.h" 60 #include "init.h" 61 #include "init_parser.h" 62 #include "keychords.h" 63 #include "log.h" 64 #include "property_service.h" 65 #include "service.h" 66 #include "signal_handler.h" 67 #include "ueventd.h" 68 #include "util.h" 69 #include "watchdogd.h" 70 71 struct selabel_handle *sehandle; 72 struct selabel_handle *sehandle_prop; 73 74 static int property_triggers_enabled = 0; 75 76 static char qemu[32]; 77 78 int have_console; 79 std::string console_name = "/dev/console"; 80 static time_t process_needs_restart; 81 82 const char *ENV[32]; 83 84 bool waiting_for_exec = false; 85 86 static int epoll_fd = -1; 87 register_epoll_handler(int fd,void (* fn)())88 void register_epoll_handler(int fd, void (*fn)()) { 89 epoll_event ev; 90 ev.events = EPOLLIN; 91 ev.data.ptr = reinterpret_cast<void*>(fn); 92 if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, fd, &ev) == -1) { 93 ERROR("epoll_ctl failed: %s\n", strerror(errno)); 94 } 95 } 96 97 /* add_environment - add "key=value" to the current environment */ add_environment(const char * key,const char * val)98 int add_environment(const char *key, const char *val) 99 { 100 size_t n; 101 size_t key_len = strlen(key); 102 103 /* The last environment entry is reserved to terminate the list */ 104 for (n = 0; n < (ARRAY_SIZE(ENV) - 1); n++) { 105 106 /* Delete any existing entry for this key */ 107 if (ENV[n] != NULL) { 108 size_t entry_key_len = strcspn(ENV[n], "="); 109 if ((entry_key_len == key_len) && (strncmp(ENV[n], key, entry_key_len) == 0)) { 110 free((char*)ENV[n]); 111 ENV[n] = NULL; 112 } 113 } 114 115 /* Add entry if a free slot is available */ 116 if (ENV[n] == NULL) { 117 char* entry; 118 asprintf(&entry, "%s=%s", key, val); 119 ENV[n] = entry; 120 return 0; 121 } 122 } 123 124 ERROR("No env. room to store: '%s':'%s'\n", key, val); 125 126 return -1; 127 } 128 property_changed(const char * name,const char * value)129 void property_changed(const char *name, const char *value) 130 { 131 if (property_triggers_enabled) 132 ActionManager::GetInstance().QueuePropertyTrigger(name, value); 133 } 134 restart_processes()135 static void restart_processes() 136 { 137 process_needs_restart = 0; 138 ServiceManager::GetInstance(). 139 ForEachServiceWithFlags(SVC_RESTARTING, [] (Service* s) { 140 s->RestartIfNeeded(process_needs_restart); 141 }); 142 } 143 handle_control_message(const std::string & msg,const std::string & name)144 void handle_control_message(const std::string& msg, const std::string& name) { 145 Service* svc = ServiceManager::GetInstance().FindServiceByName(name); 146 if (svc == nullptr) { 147 ERROR("no such service '%s'\n", name.c_str()); 148 return; 149 } 150 151 if (msg == "start") { 152 svc->Start(); 153 } else if (msg == "stop") { 154 svc->Stop(); 155 } else if (msg == "restart") { 156 svc->Restart(); 157 } else { 158 ERROR("unknown control msg '%s'\n", msg.c_str()); 159 } 160 } 161 wait_for_coldboot_done_action(const std::vector<std::string> & args)162 static int wait_for_coldboot_done_action(const std::vector<std::string>& args) { 163 Timer t; 164 165 NOTICE("Waiting for %s...\n", COLDBOOT_DONE); 166 // Any longer than 1s is an unreasonable length of time to delay booting. 167 // If you're hitting this timeout, check that you didn't make your 168 // sepolicy regular expressions too expensive (http://b/19899875). 169 if (wait_for_file(COLDBOOT_DONE, 1)) { 170 ERROR("Timed out waiting for %s\n", COLDBOOT_DONE); 171 } 172 173 NOTICE("Waiting for %s took %.2fs.\n", COLDBOOT_DONE, t.duration()); 174 return 0; 175 } 176 177 /* 178 * Writes 512 bytes of output from Hardware RNG (/dev/hw_random, backed 179 * by Linux kernel's hw_random framework) into Linux RNG's via /dev/urandom. 180 * Does nothing if Hardware RNG is not present. 181 * 182 * Since we don't yet trust the quality of Hardware RNG, these bytes are not 183 * mixed into the primary pool of Linux RNG and the entropy estimate is left 184 * unmodified. 185 * 186 * If the HW RNG device /dev/hw_random is present, we require that at least 187 * 512 bytes read from it are written into Linux RNG. QA is expected to catch 188 * devices/configurations where these I/O operations are blocking for a long 189 * time. We do not reboot or halt on failures, as this is a best-effort 190 * attempt. 191 */ mix_hwrng_into_linux_rng_action(const std::vector<std::string> & args)192 static int mix_hwrng_into_linux_rng_action(const std::vector<std::string>& args) 193 { 194 int result = -1; 195 int hwrandom_fd = -1; 196 int urandom_fd = -1; 197 char buf[512]; 198 ssize_t chunk_size; 199 size_t total_bytes_written = 0; 200 201 hwrandom_fd = TEMP_FAILURE_RETRY( 202 open("/dev/hw_random", O_RDONLY | O_NOFOLLOW | O_CLOEXEC)); 203 if (hwrandom_fd == -1) { 204 if (errno == ENOENT) { 205 ERROR("/dev/hw_random not found\n"); 206 /* It's not an error to not have a Hardware RNG. */ 207 result = 0; 208 } else { 209 ERROR("Failed to open /dev/hw_random: %s\n", strerror(errno)); 210 } 211 goto ret; 212 } 213 214 urandom_fd = TEMP_FAILURE_RETRY( 215 open("/dev/urandom", O_WRONLY | O_NOFOLLOW | O_CLOEXEC)); 216 if (urandom_fd == -1) { 217 ERROR("Failed to open /dev/urandom: %s\n", strerror(errno)); 218 goto ret; 219 } 220 221 while (total_bytes_written < sizeof(buf)) { 222 chunk_size = TEMP_FAILURE_RETRY( 223 read(hwrandom_fd, buf, sizeof(buf) - total_bytes_written)); 224 if (chunk_size == -1) { 225 ERROR("Failed to read from /dev/hw_random: %s\n", strerror(errno)); 226 goto ret; 227 } else if (chunk_size == 0) { 228 ERROR("Failed to read from /dev/hw_random: EOF\n"); 229 goto ret; 230 } 231 232 chunk_size = TEMP_FAILURE_RETRY(write(urandom_fd, buf, chunk_size)); 233 if (chunk_size == -1) { 234 ERROR("Failed to write to /dev/urandom: %s\n", strerror(errno)); 235 goto ret; 236 } 237 total_bytes_written += chunk_size; 238 } 239 240 INFO("Mixed %zu bytes from /dev/hw_random into /dev/urandom", 241 total_bytes_written); 242 result = 0; 243 244 ret: 245 if (hwrandom_fd != -1) { 246 close(hwrandom_fd); 247 } 248 if (urandom_fd != -1) { 249 close(urandom_fd); 250 } 251 return result; 252 } 253 security_failure()254 static void security_failure() { 255 ERROR("Security failure; rebooting into recovery mode...\n"); 256 android_reboot(ANDROID_RB_RESTART2, 0, "recovery"); 257 while (true) { pause(); } // never reached 258 } 259 260 #define MMAP_RND_PATH "/proc/sys/vm/mmap_rnd_bits" 261 #define MMAP_RND_COMPAT_PATH "/proc/sys/vm/mmap_rnd_compat_bits" 262 263 /* __attribute__((unused)) due to lack of mips support: see mips block 264 * in set_mmap_rnd_bits_action */ set_mmap_rnd_bits_min(int start,int min,bool compat)265 static bool __attribute__((unused)) set_mmap_rnd_bits_min(int start, int min, bool compat) { 266 std::string path; 267 if (compat) { 268 path = MMAP_RND_COMPAT_PATH; 269 } else { 270 path = MMAP_RND_PATH; 271 } 272 std::ifstream inf(path, std::fstream::in); 273 if (!inf) { 274 return false; 275 } 276 while (start >= min) { 277 // try to write out new value 278 std::string str_val = std::to_string(start); 279 std::ofstream of(path, std::fstream::out); 280 if (!of) { 281 return false; 282 } 283 of << str_val << std::endl; 284 of.close(); 285 286 // check to make sure it was recorded 287 inf.seekg(0); 288 std::string str_rec; 289 inf >> str_rec; 290 if (str_val.compare(str_rec) == 0) { 291 break; 292 } 293 start--; 294 } 295 inf.close(); 296 return (start >= min); 297 } 298 299 /* 300 * Set /proc/sys/vm/mmap_rnd_bits and potentially 301 * /proc/sys/vm/mmap_rnd_compat_bits to the maximum supported values. 302 * Returns -1 if unable to set these to an acceptable value. Apply 303 * upstream patch-sets https://lkml.org/lkml/2015/12/21/337 and 304 * https://lkml.org/lkml/2016/2/4/831 to enable this. 305 */ set_mmap_rnd_bits_action(const std::vector<std::string> & args)306 static int set_mmap_rnd_bits_action(const std::vector<std::string>& args) 307 { 308 int ret = -1; 309 310 /* values are arch-dependent */ 311 #if defined(__aarch64__) 312 /* arm64 supports 18 - 33 bits depending on pagesize and VA_SIZE */ 313 if (set_mmap_rnd_bits_min(33, 24, false) 314 && set_mmap_rnd_bits_min(16, 16, true)) { 315 ret = 0; 316 } 317 #elif defined(__x86_64__) 318 /* x86_64 supports 28 - 32 bits */ 319 if (set_mmap_rnd_bits_min(32, 32, false) 320 && set_mmap_rnd_bits_min(16, 16, true)) { 321 ret = 0; 322 } 323 #elif defined(__arm__) || defined(__i386__) 324 /* check to see if we're running on 64-bit kernel */ 325 bool h64 = !access(MMAP_RND_COMPAT_PATH, F_OK); 326 /* supported 32-bit architecture must have 16 bits set */ 327 if (set_mmap_rnd_bits_min(16, 16, h64)) { 328 ret = 0; 329 } 330 #elif defined(__mips__) || defined(__mips64__) 331 // TODO: add mips support b/27788820 332 ret = 0; 333 #else 334 ERROR("Unknown architecture\n"); 335 #endif 336 337 #ifdef __BRILLO__ 338 // TODO: b/27794137 339 ret = 0; 340 #endif 341 if (ret == -1) { 342 ERROR("Unable to set adequate mmap entropy value!\n"); 343 security_failure(); 344 } 345 return ret; 346 } 347 keychord_init_action(const std::vector<std::string> & args)348 static int keychord_init_action(const std::vector<std::string>& args) 349 { 350 keychord_init(); 351 return 0; 352 } 353 console_init_action(const std::vector<std::string> & args)354 static int console_init_action(const std::vector<std::string>& args) 355 { 356 std::string console = property_get("ro.boot.console"); 357 if (!console.empty()) { 358 console_name = "/dev/" + console; 359 } 360 361 int fd = open(console_name.c_str(), O_RDWR | O_CLOEXEC); 362 if (fd >= 0) 363 have_console = 1; 364 close(fd); 365 366 fd = open("/dev/tty0", O_WRONLY | O_CLOEXEC); 367 if (fd >= 0) { 368 const char *msg; 369 msg = "\n" 370 "\n" 371 "\n" 372 "\n" 373 "\n" 374 "\n" 375 "\n" // console is 40 cols x 30 lines 376 "\n" 377 "\n" 378 "\n" 379 "\n" 380 "\n" 381 "\n" 382 "\n" 383 " A N D R O I D "; 384 write(fd, msg, strlen(msg)); 385 close(fd); 386 } 387 388 return 0; 389 } 390 import_kernel_nv(const std::string & key,const std::string & value,bool for_emulator)391 static void import_kernel_nv(const std::string& key, const std::string& value, bool for_emulator) { 392 if (key.empty()) return; 393 394 if (for_emulator) { 395 // In the emulator, export any kernel option with the "ro.kernel." prefix. 396 property_set(android::base::StringPrintf("ro.kernel.%s", key.c_str()).c_str(), value.c_str()); 397 return; 398 } 399 400 if (key == "qemu") { 401 strlcpy(qemu, value.c_str(), sizeof(qemu)); 402 } else if (android::base::StartsWith(key, "androidboot.")) { 403 property_set(android::base::StringPrintf("ro.boot.%s", key.c_str() + 12).c_str(), 404 value.c_str()); 405 } 406 } 407 export_oem_lock_status()408 static void export_oem_lock_status() { 409 if (property_get("ro.oem_unlock_supported") != "1") { 410 return; 411 } 412 413 std::string value = property_get("ro.boot.verifiedbootstate"); 414 415 if (!value.empty()) { 416 property_set("ro.boot.flash.locked", value == "orange" ? "0" : "1"); 417 } 418 } 419 export_kernel_boot_props()420 static void export_kernel_boot_props() { 421 struct { 422 const char *src_prop; 423 const char *dst_prop; 424 const char *default_value; 425 } prop_map[] = { 426 { "ro.boot.serialno", "ro.serialno", "", }, 427 { "ro.boot.mode", "ro.bootmode", "unknown", }, 428 { "ro.boot.baseband", "ro.baseband", "unknown", }, 429 { "ro.boot.bootloader", "ro.bootloader", "unknown", }, 430 { "ro.boot.hardware", "ro.hardware", "unknown", }, 431 { "ro.boot.revision", "ro.revision", "0", }, 432 }; 433 for (size_t i = 0; i < ARRAY_SIZE(prop_map); i++) { 434 std::string value = property_get(prop_map[i].src_prop); 435 property_set(prop_map[i].dst_prop, (!value.empty()) ? value.c_str() : prop_map[i].default_value); 436 } 437 } 438 process_kernel_dt()439 static void process_kernel_dt() { 440 static const char android_dir[] = "/proc/device-tree/firmware/android"; 441 442 std::string file_name = android::base::StringPrintf("%s/compatible", android_dir); 443 444 std::string dt_file; 445 android::base::ReadFileToString(file_name, &dt_file); 446 if (!dt_file.compare("android,firmware")) { 447 ERROR("firmware/android is not compatible with 'android,firmware'\n"); 448 return; 449 } 450 451 std::unique_ptr<DIR, int(*)(DIR*)>dir(opendir(android_dir), closedir); 452 if (!dir) return; 453 454 struct dirent *dp; 455 while ((dp = readdir(dir.get())) != NULL) { 456 if (dp->d_type != DT_REG || !strcmp(dp->d_name, "compatible") || !strcmp(dp->d_name, "name")) { 457 continue; 458 } 459 460 file_name = android::base::StringPrintf("%s/%s", android_dir, dp->d_name); 461 462 android::base::ReadFileToString(file_name, &dt_file); 463 std::replace(dt_file.begin(), dt_file.end(), ',', '.'); 464 465 std::string property_name = android::base::StringPrintf("ro.boot.%s", dp->d_name); 466 property_set(property_name.c_str(), dt_file.c_str()); 467 } 468 } 469 process_kernel_cmdline()470 static void process_kernel_cmdline() { 471 // Don't expose the raw commandline to unprivileged processes. 472 chmod("/proc/cmdline", 0440); 473 474 // The first pass does the common stuff, and finds if we are in qemu. 475 // The second pass is only necessary for qemu to export all kernel params 476 // as properties. 477 import_kernel_cmdline(false, import_kernel_nv); 478 if (qemu[0]) import_kernel_cmdline(true, import_kernel_nv); 479 } 480 property_enable_triggers_action(const std::vector<std::string> & args)481 static int property_enable_triggers_action(const std::vector<std::string>& args) 482 { 483 /* Enable property triggers. */ 484 property_triggers_enabled = 1; 485 return 0; 486 } 487 queue_property_triggers_action(const std::vector<std::string> & args)488 static int queue_property_triggers_action(const std::vector<std::string>& args) 489 { 490 ActionManager::GetInstance().QueueBuiltinAction(property_enable_triggers_action, "enable_property_trigger"); 491 ActionManager::GetInstance().QueueAllPropertyTriggers(); 492 return 0; 493 } 494 selinux_init_all_handles(void)495 static void selinux_init_all_handles(void) 496 { 497 sehandle = selinux_android_file_context_handle(); 498 selinux_android_set_sehandle(sehandle); 499 sehandle_prop = selinux_android_prop_context_handle(); 500 } 501 502 enum selinux_enforcing_status { SELINUX_PERMISSIVE, SELINUX_ENFORCING }; 503 selinux_status_from_cmdline()504 static selinux_enforcing_status selinux_status_from_cmdline() { 505 selinux_enforcing_status status = SELINUX_ENFORCING; 506 507 import_kernel_cmdline(false, [&](const std::string& key, const std::string& value, bool in_qemu) { 508 if (key == "androidboot.selinux" && value == "permissive") { 509 status = SELINUX_PERMISSIVE; 510 } 511 }); 512 513 return status; 514 } 515 selinux_is_enforcing(void)516 static bool selinux_is_enforcing(void) 517 { 518 if (ALLOW_PERMISSIVE_SELINUX) { 519 return selinux_status_from_cmdline() == SELINUX_ENFORCING; 520 } 521 return true; 522 } 523 selinux_reload_policy(void)524 int selinux_reload_policy(void) 525 { 526 INFO("SELinux: Attempting to reload policy files\n"); 527 528 if (selinux_android_reload_policy() == -1) { 529 return -1; 530 } 531 532 if (sehandle) 533 selabel_close(sehandle); 534 535 if (sehandle_prop) 536 selabel_close(sehandle_prop); 537 538 selinux_init_all_handles(); 539 return 0; 540 } 541 audit_callback(void * data,security_class_t,char * buf,size_t len)542 static int audit_callback(void *data, security_class_t /*cls*/, char *buf, size_t len) { 543 544 property_audit_data *d = reinterpret_cast<property_audit_data*>(data); 545 546 if (!d || !d->name || !d->cr) { 547 ERROR("audit_callback invoked with null data arguments!"); 548 return 0; 549 } 550 551 snprintf(buf, len, "property=%s pid=%d uid=%d gid=%d", d->name, 552 d->cr->pid, d->cr->uid, d->cr->gid); 553 return 0; 554 } 555 selinux_initialize(bool in_kernel_domain)556 static void selinux_initialize(bool in_kernel_domain) { 557 Timer t; 558 559 selinux_callback cb; 560 cb.func_log = selinux_klog_callback; 561 selinux_set_callback(SELINUX_CB_LOG, cb); 562 cb.func_audit = audit_callback; 563 selinux_set_callback(SELINUX_CB_AUDIT, cb); 564 565 if (in_kernel_domain) { 566 INFO("Loading SELinux policy...\n"); 567 if (selinux_android_load_policy() < 0) { 568 ERROR("failed to load policy: %s\n", strerror(errno)); 569 security_failure(); 570 } 571 572 bool kernel_enforcing = (security_getenforce() == 1); 573 bool is_enforcing = selinux_is_enforcing(); 574 if (kernel_enforcing != is_enforcing) { 575 if (security_setenforce(is_enforcing)) { 576 ERROR("security_setenforce(%s) failed: %s\n", 577 is_enforcing ? "true" : "false", strerror(errno)); 578 security_failure(); 579 } 580 } 581 582 if (write_file("/sys/fs/selinux/checkreqprot", "0") == -1) { 583 security_failure(); 584 } 585 586 NOTICE("(Initializing SELinux %s took %.2fs.)\n", 587 is_enforcing ? "enforcing" : "non-enforcing", t.duration()); 588 } else { 589 selinux_init_all_handles(); 590 } 591 } 592 main(int argc,char ** argv)593 int main(int argc, char** argv) { 594 if (!strcmp(basename(argv[0]), "ueventd")) { 595 return ueventd_main(argc, argv); 596 } 597 598 if (!strcmp(basename(argv[0]), "watchdogd")) { 599 return watchdogd_main(argc, argv); 600 } 601 602 // Clear the umask. 603 umask(0); 604 605 add_environment("PATH", _PATH_DEFPATH); 606 607 bool is_first_stage = (argc == 1) || (strcmp(argv[1], "--second-stage") != 0); 608 609 // Get the basic filesystem setup we need put together in the initramdisk 610 // on / and then we'll let the rc file figure out the rest. 611 if (is_first_stage) { 612 mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"); 613 mkdir("/dev/pts", 0755); 614 mkdir("/dev/socket", 0755); 615 mount("devpts", "/dev/pts", "devpts", 0, NULL); 616 #define MAKE_STR(x) __STRING(x) 617 mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC)); 618 mount("sysfs", "/sys", "sysfs", 0, NULL); 619 } 620 621 // We must have some place other than / to create the device nodes for 622 // kmsg and null, otherwise we won't be able to remount / read-only 623 // later on. Now that tmpfs is mounted on /dev, we can actually talk 624 // to the outside world. 625 open_devnull_stdio(); 626 klog_init(); 627 klog_set_level(KLOG_NOTICE_LEVEL); 628 629 NOTICE("init %s started!\n", is_first_stage ? "first stage" : "second stage"); 630 631 if (!is_first_stage) { 632 // Indicate that booting is in progress to background fw loaders, etc. 633 close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000)); 634 635 property_init(); 636 637 // If arguments are passed both on the command line and in DT, 638 // properties set in DT always have priority over the command-line ones. 639 process_kernel_dt(); 640 process_kernel_cmdline(); 641 642 // Propagate the kernel variables to internal variables 643 // used by init as well as the current required properties. 644 export_kernel_boot_props(); 645 } 646 647 // Set up SELinux, including loading the SELinux policy if we're in the kernel domain. 648 selinux_initialize(is_first_stage); 649 650 // If we're in the kernel domain, re-exec init to transition to the init domain now 651 // that the SELinux policy has been loaded. 652 if (is_first_stage) { 653 if (restorecon("/init") == -1) { 654 ERROR("restorecon failed: %s\n", strerror(errno)); 655 security_failure(); 656 } 657 char* path = argv[0]; 658 char* args[] = { path, const_cast<char*>("--second-stage"), nullptr }; 659 if (execv(path, args) == -1) { 660 ERROR("execv(\"%s\") failed: %s\n", path, strerror(errno)); 661 security_failure(); 662 } 663 } 664 665 // These directories were necessarily created before initial policy load 666 // and therefore need their security context restored to the proper value. 667 // This must happen before /dev is populated by ueventd. 668 NOTICE("Running restorecon...\n"); 669 restorecon("/dev"); 670 restorecon("/dev/socket"); 671 restorecon("/dev/__properties__"); 672 restorecon("/property_contexts"); 673 restorecon_recursive("/sys"); 674 675 epoll_fd = epoll_create1(EPOLL_CLOEXEC); 676 if (epoll_fd == -1) { 677 ERROR("epoll_create1 failed: %s\n", strerror(errno)); 678 exit(1); 679 } 680 681 signal_handler_init(); 682 683 property_load_boot_defaults(); 684 export_oem_lock_status(); 685 start_property_service(); 686 687 const BuiltinFunctionMap function_map; 688 Action::set_function_map(&function_map); 689 690 Parser& parser = Parser::GetInstance(); 691 parser.AddSectionParser("service",std::make_unique<ServiceParser>()); 692 parser.AddSectionParser("on", std::make_unique<ActionParser>()); 693 parser.AddSectionParser("import", std::make_unique<ImportParser>()); 694 parser.ParseConfig("/init.rc"); 695 696 ActionManager& am = ActionManager::GetInstance(); 697 698 am.QueueEventTrigger("early-init"); 699 700 // Queue an action that waits for coldboot done so we know ueventd has set up all of /dev... 701 am.QueueBuiltinAction(wait_for_coldboot_done_action, "wait_for_coldboot_done"); 702 // ... so that we can start queuing up actions that require stuff from /dev. 703 am.QueueBuiltinAction(mix_hwrng_into_linux_rng_action, "mix_hwrng_into_linux_rng"); 704 am.QueueBuiltinAction(set_mmap_rnd_bits_action, "set_mmap_rnd_bits"); 705 am.QueueBuiltinAction(keychord_init_action, "keychord_init"); 706 am.QueueBuiltinAction(console_init_action, "console_init"); 707 708 // Trigger all the boot actions to get us started. 709 am.QueueEventTrigger("init"); 710 711 // Repeat mix_hwrng_into_linux_rng in case /dev/hw_random or /dev/random 712 // wasn't ready immediately after wait_for_coldboot_done 713 am.QueueBuiltinAction(mix_hwrng_into_linux_rng_action, "mix_hwrng_into_linux_rng"); 714 715 // Don't mount filesystems or start core system services in charger mode. 716 std::string bootmode = property_get("ro.bootmode"); 717 if (bootmode == "charger") { 718 am.QueueEventTrigger("charger"); 719 } else { 720 am.QueueEventTrigger("late-init"); 721 } 722 723 // Run all property triggers based on current state of the properties. 724 am.QueueBuiltinAction(queue_property_triggers_action, "queue_property_triggers"); 725 726 while (true) { 727 if (!waiting_for_exec) { 728 am.ExecuteOneCommand(); 729 restart_processes(); 730 } 731 732 int timeout = -1; 733 if (process_needs_restart) { 734 timeout = (process_needs_restart - gettime()) * 1000; 735 if (timeout < 0) 736 timeout = 0; 737 } 738 739 if (am.HasMoreCommands()) { 740 timeout = 0; 741 } 742 743 bootchart_sample(&timeout); 744 745 epoll_event ev; 746 int nr = TEMP_FAILURE_RETRY(epoll_wait(epoll_fd, &ev, 1, timeout)); 747 if (nr == -1) { 748 ERROR("epoll_wait failed: %s\n", strerror(errno)); 749 } else if (nr == 1) { 750 ((void (*)()) ev.data.ptr)(); 751 } 752 } 753 754 return 0; 755 } 756