init.c revision 66ed50af6870210ce013a5588a688434a5d48ee9
1/* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <stdio.h> 18#include <stdlib.h> 19#include <string.h> 20#include <unistd.h> 21#include <fcntl.h> 22#include <ctype.h> 23#include <signal.h> 24#include <sys/wait.h> 25#include <sys/mount.h> 26#include <sys/stat.h> 27#include <sys/poll.h> 28#include <errno.h> 29#include <stdarg.h> 30#include <mtd/mtd-user.h> 31#include <sys/types.h> 32#include <sys/socket.h> 33#include <sys/un.h> 34 35#include <selinux/selinux.h> 36#include <selinux/label.h> 37#include <selinux/android.h> 38 39#include <libgen.h> 40 41#include <cutils/list.h> 42#include <cutils/android_reboot.h> 43#include <cutils/sockets.h> 44#include <cutils/iosched_policy.h> 45#include <cutils/fs.h> 46#include <private/android_filesystem_config.h> 47#include <termios.h> 48 49#include <sys/system_properties.h> 50 51#include "devices.h" 52#include "init.h" 53#include "log.h" 54#include "property_service.h" 55#include "bootchart.h" 56#include "signal_handler.h" 57#include "keychords.h" 58#include "init_parser.h" 59#include "util.h" 60#include "ueventd.h" 61#include "watchdogd.h" 62 63struct selabel_handle *sehandle; 64struct selabel_handle *sehandle_prop; 65 66static int property_triggers_enabled = 0; 67 68#if BOOTCHART 69static int bootchart_count; 70#endif 71 72static char console[32]; 73static char bootmode[32]; 74static char hardware[32]; 75static unsigned revision = 0; 76static char qemu[32]; 77 78static struct action *cur_action = NULL; 79static struct command *cur_command = NULL; 80static struct listnode *command_queue = NULL; 81 82void notify_service_state(const char *name, const char *state) 83{ 84 char pname[PROP_NAME_MAX]; 85 int len = strlen(name); 86 if ((len + 10) > PROP_NAME_MAX) 87 return; 88 snprintf(pname, sizeof(pname), "init.svc.%s", name); 89 property_set(pname, state); 90} 91 92static int have_console; 93static char console_name[PROP_VALUE_MAX] = "/dev/console"; 94static time_t process_needs_restart; 95 96static const char *ENV[32]; 97 98/* add_environment - add "key=value" to the current environment */ 99int add_environment(const char *key, const char *val) 100{ 101 int n; 102 103 for (n = 0; n < 31; n++) { 104 if (!ENV[n]) { 105 size_t len = strlen(key) + strlen(val) + 2; 106 char *entry = malloc(len); 107 snprintf(entry, len, "%s=%s", key, val); 108 ENV[n] = entry; 109 return 0; 110 } 111 } 112 113 return 1; 114} 115 116static void zap_stdio(void) 117{ 118 int fd; 119 fd = open("/dev/null", O_RDWR); 120 dup2(fd, 0); 121 dup2(fd, 1); 122 dup2(fd, 2); 123 close(fd); 124} 125 126static void open_console() 127{ 128 int fd; 129 if ((fd = open(console_name, O_RDWR)) < 0) { 130 fd = open("/dev/null", O_RDWR); 131 } 132 ioctl(fd, TIOCSCTTY, 0); 133 dup2(fd, 0); 134 dup2(fd, 1); 135 dup2(fd, 2); 136 close(fd); 137} 138 139static void publish_socket(const char *name, int fd) 140{ 141 char key[64] = ANDROID_SOCKET_ENV_PREFIX; 142 char val[64]; 143 144 strlcpy(key + sizeof(ANDROID_SOCKET_ENV_PREFIX) - 1, 145 name, 146 sizeof(key) - sizeof(ANDROID_SOCKET_ENV_PREFIX)); 147 snprintf(val, sizeof(val), "%d", fd); 148 add_environment(key, val); 149 150 /* make sure we don't close-on-exec */ 151 fcntl(fd, F_SETFD, 0); 152} 153 154void service_start(struct service *svc, const char *dynamic_args) 155{ 156 struct stat s; 157 pid_t pid; 158 int needs_console; 159 int n; 160 char *scon = NULL; 161 int rc; 162 163 /* starting a service removes it from the disabled or reset 164 * state and immediately takes it out of the restarting 165 * state if it was in there 166 */ 167 svc->flags &= (~(SVC_DISABLED|SVC_RESTARTING|SVC_RESET|SVC_RESTART)); 168 svc->time_started = 0; 169 170 /* running processes require no additional work -- if 171 * they're in the process of exiting, we've ensured 172 * that they will immediately restart on exit, unless 173 * they are ONESHOT 174 */ 175 if (svc->flags & SVC_RUNNING) { 176 return; 177 } 178 179 needs_console = (svc->flags & SVC_CONSOLE) ? 1 : 0; 180 if (needs_console && (!have_console)) { 181 ERROR("service '%s' requires console\n", svc->name); 182 svc->flags |= SVC_DISABLED; 183 return; 184 } 185 186 if (stat(svc->args[0], &s) != 0) { 187 ERROR("cannot find '%s', disabling '%s'\n", svc->args[0], svc->name); 188 svc->flags |= SVC_DISABLED; 189 return; 190 } 191 192 if ((!(svc->flags & SVC_ONESHOT)) && dynamic_args) { 193 ERROR("service '%s' must be one-shot to use dynamic args, disabling\n", 194 svc->args[0]); 195 svc->flags |= SVC_DISABLED; 196 return; 197 } 198 199 if (is_selinux_enabled() > 0) { 200 if (svc->seclabel) { 201 scon = strdup(svc->seclabel); 202 if (!scon) { 203 ERROR("Out of memory while starting '%s'\n", svc->name); 204 return; 205 } 206 } else { 207 char *mycon = NULL, *fcon = NULL; 208 209 INFO("computing context for service '%s'\n", svc->args[0]); 210 rc = getcon(&mycon); 211 if (rc < 0) { 212 ERROR("could not get context while starting '%s'\n", svc->name); 213 return; 214 } 215 216 rc = getfilecon(svc->args[0], &fcon); 217 if (rc < 0) { 218 ERROR("could not get context while starting '%s'\n", svc->name); 219 freecon(mycon); 220 return; 221 } 222 223 rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon); 224 freecon(mycon); 225 freecon(fcon); 226 if (rc < 0) { 227 ERROR("could not get context while starting '%s'\n", svc->name); 228 return; 229 } 230 } 231 } 232 233 NOTICE("starting '%s'\n", svc->name); 234 235 pid = fork(); 236 237 if (pid == 0) { 238 struct socketinfo *si; 239 struct svcenvinfo *ei; 240 char tmp[32]; 241 int fd, sz; 242 243 umask(077); 244 if (properties_inited()) { 245 get_property_workspace(&fd, &sz); 246 sprintf(tmp, "%d,%d", dup(fd), sz); 247 add_environment("ANDROID_PROPERTY_WORKSPACE", tmp); 248 } 249 250 for (ei = svc->envvars; ei; ei = ei->next) 251 add_environment(ei->name, ei->value); 252 253 for (si = svc->sockets; si; si = si->next) { 254 int socket_type = ( 255 !strcmp(si->type, "stream") ? SOCK_STREAM : 256 (!strcmp(si->type, "dgram") ? SOCK_DGRAM : SOCK_SEQPACKET)); 257 int s = create_socket(si->name, socket_type, 258 si->perm, si->uid, si->gid, si->socketcon ?: scon); 259 if (s >= 0) { 260 publish_socket(si->name, s); 261 } 262 } 263 264 freecon(scon); 265 scon = NULL; 266 267 if (svc->ioprio_class != IoSchedClass_NONE) { 268 if (android_set_ioprio(getpid(), svc->ioprio_class, svc->ioprio_pri)) { 269 ERROR("Failed to set pid %d ioprio = %d,%d: %s\n", 270 getpid(), svc->ioprio_class, svc->ioprio_pri, strerror(errno)); 271 } 272 } 273 274 if (needs_console) { 275 setsid(); 276 open_console(); 277 } else { 278 zap_stdio(); 279 } 280 281#if 0 282 for (n = 0; svc->args[n]; n++) { 283 INFO("args[%d] = '%s'\n", n, svc->args[n]); 284 } 285 for (n = 0; ENV[n]; n++) { 286 INFO("env[%d] = '%s'\n", n, ENV[n]); 287 } 288#endif 289 290 setpgid(0, getpid()); 291 292 /* as requested, set our gid, supplemental gids, and uid */ 293 if (svc->gid) { 294 if (setgid(svc->gid) != 0) { 295 ERROR("setgid failed: %s\n", strerror(errno)); 296 _exit(127); 297 } 298 } 299 if (svc->nr_supp_gids) { 300 if (setgroups(svc->nr_supp_gids, svc->supp_gids) != 0) { 301 ERROR("setgroups failed: %s\n", strerror(errno)); 302 _exit(127); 303 } 304 } 305 if (svc->uid) { 306 if (setuid(svc->uid) != 0) { 307 ERROR("setuid failed: %s\n", strerror(errno)); 308 _exit(127); 309 } 310 } 311 if (svc->seclabel) { 312 if (is_selinux_enabled() > 0 && setexeccon(svc->seclabel) < 0) { 313 ERROR("cannot setexeccon('%s'): %s\n", svc->seclabel, strerror(errno)); 314 _exit(127); 315 } 316 } 317 318 if (!dynamic_args) { 319 if (execve(svc->args[0], (char**) svc->args, (char**) ENV) < 0) { 320 ERROR("cannot execve('%s'): %s\n", svc->args[0], strerror(errno)); 321 } 322 } else { 323 char *arg_ptrs[INIT_PARSER_MAXARGS+1]; 324 int arg_idx = svc->nargs; 325 char *tmp = strdup(dynamic_args); 326 char *next = tmp; 327 char *bword; 328 329 /* Copy the static arguments */ 330 memcpy(arg_ptrs, svc->args, (svc->nargs * sizeof(char *))); 331 332 while((bword = strsep(&next, " "))) { 333 arg_ptrs[arg_idx++] = bword; 334 if (arg_idx == INIT_PARSER_MAXARGS) 335 break; 336 } 337 arg_ptrs[arg_idx] = '\0'; 338 execve(svc->args[0], (char**) arg_ptrs, (char**) ENV); 339 } 340 _exit(127); 341 } 342 343 freecon(scon); 344 345 if (pid < 0) { 346 ERROR("failed to start '%s'\n", svc->name); 347 svc->pid = 0; 348 return; 349 } 350 351 svc->time_started = gettime(); 352 svc->pid = pid; 353 svc->flags |= SVC_RUNNING; 354 355 if (properties_inited()) 356 notify_service_state(svc->name, "running"); 357} 358 359/* The how field should be either SVC_DISABLED, SVC_RESET, or SVC_RESTART */ 360static void service_stop_or_reset(struct service *svc, int how) 361{ 362 /* The service is still SVC_RUNNING until its process exits, but if it has 363 * already exited it shoudn't attempt a restart yet. */ 364 svc->flags &= (~SVC_RESTARTING); 365 366 if ((how != SVC_DISABLED) && (how != SVC_RESET) && (how != SVC_RESTART)) { 367 /* Hrm, an illegal flag. Default to SVC_DISABLED */ 368 how = SVC_DISABLED; 369 } 370 /* if the service has not yet started, prevent 371 * it from auto-starting with its class 372 */ 373 if (how == SVC_RESET) { 374 svc->flags |= (svc->flags & SVC_RC_DISABLED) ? SVC_DISABLED : SVC_RESET; 375 } else { 376 svc->flags |= how; 377 } 378 379 if (svc->pid) { 380 NOTICE("service '%s' is being killed\n", svc->name); 381 kill(-svc->pid, SIGKILL); 382 notify_service_state(svc->name, "stopping"); 383 } else { 384 notify_service_state(svc->name, "stopped"); 385 } 386} 387 388void service_reset(struct service *svc) 389{ 390 service_stop_or_reset(svc, SVC_RESET); 391} 392 393void service_stop(struct service *svc) 394{ 395 service_stop_or_reset(svc, SVC_DISABLED); 396} 397 398void service_restart(struct service *svc) 399{ 400 if (svc->flags & SVC_RUNNING) { 401 /* Stop, wait, then start the service. */ 402 service_stop_or_reset(svc, SVC_RESTART); 403 } else if (!(svc->flags & SVC_RESTARTING)) { 404 /* Just start the service since it's not running. */ 405 service_start(svc, NULL); 406 } /* else: Service is restarting anyways. */ 407} 408 409void property_changed(const char *name, const char *value) 410{ 411 if (property_triggers_enabled) 412 queue_property_triggers(name, value); 413} 414 415static void restart_service_if_needed(struct service *svc) 416{ 417 time_t next_start_time = svc->time_started + 5; 418 419 if (next_start_time <= gettime()) { 420 svc->flags &= (~SVC_RESTARTING); 421 service_start(svc, NULL); 422 return; 423 } 424 425 if ((next_start_time < process_needs_restart) || 426 (process_needs_restart == 0)) { 427 process_needs_restart = next_start_time; 428 } 429} 430 431static void restart_processes() 432{ 433 process_needs_restart = 0; 434 service_for_each_flags(SVC_RESTARTING, 435 restart_service_if_needed); 436} 437 438static void msg_start(const char *name) 439{ 440 struct service *svc = NULL; 441 char *tmp = NULL; 442 char *args = NULL; 443 444 if (!strchr(name, ':')) 445 svc = service_find_by_name(name); 446 else { 447 tmp = strdup(name); 448 if (tmp) { 449 args = strchr(tmp, ':'); 450 *args = '\0'; 451 args++; 452 453 svc = service_find_by_name(tmp); 454 } 455 } 456 457 if (svc) { 458 service_start(svc, args); 459 } else { 460 ERROR("no such service '%s'\n", name); 461 } 462 if (tmp) 463 free(tmp); 464} 465 466static void msg_stop(const char *name) 467{ 468 struct service *svc = service_find_by_name(name); 469 470 if (svc) { 471 service_stop(svc); 472 } else { 473 ERROR("no such service '%s'\n", name); 474 } 475} 476 477static void msg_restart(const char *name) 478{ 479 struct service *svc = service_find_by_name(name); 480 481 if (svc) { 482 service_restart(svc); 483 } else { 484 ERROR("no such service '%s'\n", name); 485 } 486} 487 488void handle_control_message(const char *msg, const char *arg) 489{ 490 if (!strcmp(msg,"start")) { 491 msg_start(arg); 492 } else if (!strcmp(msg,"stop")) { 493 msg_stop(arg); 494 } else if (!strcmp(msg,"restart")) { 495 msg_restart(arg); 496 } else { 497 ERROR("unknown control msg '%s'\n", msg); 498 } 499} 500 501static struct command *get_first_command(struct action *act) 502{ 503 struct listnode *node; 504 node = list_head(&act->commands); 505 if (!node || list_empty(&act->commands)) 506 return NULL; 507 508 return node_to_item(node, struct command, clist); 509} 510 511static struct command *get_next_command(struct action *act, struct command *cmd) 512{ 513 struct listnode *node; 514 node = cmd->clist.next; 515 if (!node) 516 return NULL; 517 if (node == &act->commands) 518 return NULL; 519 520 return node_to_item(node, struct command, clist); 521} 522 523static int is_last_command(struct action *act, struct command *cmd) 524{ 525 return (list_tail(&act->commands) == &cmd->clist); 526} 527 528void execute_one_command(void) 529{ 530 int ret; 531 532 if (!cur_action || !cur_command || is_last_command(cur_action, cur_command)) { 533 cur_action = action_remove_queue_head(); 534 cur_command = NULL; 535 if (!cur_action) 536 return; 537 INFO("processing action %p (%s)\n", cur_action, cur_action->name); 538 cur_command = get_first_command(cur_action); 539 } else { 540 cur_command = get_next_command(cur_action, cur_command); 541 } 542 543 if (!cur_command) 544 return; 545 546 ret = cur_command->func(cur_command->nargs, cur_command->args); 547 INFO("command '%s' r=%d\n", cur_command->args[0], ret); 548} 549 550static int wait_for_coldboot_done_action(int nargs, char **args) 551{ 552 int ret; 553 INFO("wait for %s\n", coldboot_done); 554 ret = wait_for_file(coldboot_done, COMMAND_RETRY_TIMEOUT); 555 if (ret) 556 ERROR("Timed out waiting for %s\n", coldboot_done); 557 return ret; 558} 559 560/* 561 * Writes 512 bytes of output from Hardware RNG (/dev/hw_random, backed 562 * by Linux kernel's hw_random framework) into Linux RNG's via /dev/urandom. 563 * Does nothing if Hardware RNG is not present. 564 * 565 * Since we don't yet trust the quality of Hardware RNG, these bytes are not 566 * mixed into the primary pool of Linux RNG and the entropy estimate is left 567 * unmodified. 568 * 569 * If the HW RNG device /dev/hw_random is present, we require that at least 570 * 512 bytes read from it are written into Linux RNG. QA is expected to catch 571 * devices/configurations where these I/O operations are blocking for a long 572 * time. We do not reboot or halt on failures, as this is a best-effort 573 * attempt. 574 */ 575static int mix_hwrng_into_linux_rng_action(int nargs, char **args) 576{ 577 int result = -1; 578 int hwrandom_fd = -1; 579 int urandom_fd = -1; 580 char buf[512]; 581 ssize_t chunk_size; 582 size_t total_bytes_written = 0; 583 584 hwrandom_fd = TEMP_FAILURE_RETRY( 585 open("/dev/hw_random", O_RDONLY | O_NOFOLLOW)); 586 if (hwrandom_fd == -1) { 587 if (errno == ENOENT) { 588 ERROR("/dev/hw_random not found\n"); 589 /* It's not an error to not have a Hardware RNG. */ 590 result = 0; 591 } else { 592 ERROR("Failed to open /dev/hw_random: %s\n", strerror(errno)); 593 } 594 goto ret; 595 } 596 597 urandom_fd = TEMP_FAILURE_RETRY( 598 open("/dev/urandom", O_WRONLY | O_NOFOLLOW)); 599 if (urandom_fd == -1) { 600 ERROR("Failed to open /dev/urandom: %s\n", strerror(errno)); 601 goto ret; 602 } 603 604 while (total_bytes_written < sizeof(buf)) { 605 chunk_size = TEMP_FAILURE_RETRY( 606 read(hwrandom_fd, buf, sizeof(buf) - total_bytes_written)); 607 if (chunk_size == -1) { 608 ERROR("Failed to read from /dev/hw_random: %s\n", strerror(errno)); 609 goto ret; 610 } else if (chunk_size == 0) { 611 ERROR("Failed to read from /dev/hw_random: EOF\n"); 612 goto ret; 613 } 614 615 chunk_size = TEMP_FAILURE_RETRY(write(urandom_fd, buf, chunk_size)); 616 if (chunk_size == -1) { 617 ERROR("Failed to write to /dev/urandom: %s\n", strerror(errno)); 618 goto ret; 619 } 620 total_bytes_written += chunk_size; 621 } 622 623 INFO("Mixed %d bytes from /dev/hw_random into /dev/urandom", 624 total_bytes_written); 625 result = 0; 626 627ret: 628 if (hwrandom_fd != -1) { 629 close(hwrandom_fd); 630 } 631 if (urandom_fd != -1) { 632 close(urandom_fd); 633 } 634 memset(buf, 0, sizeof(buf)); 635 return result; 636} 637 638static int keychord_init_action(int nargs, char **args) 639{ 640 keychord_init(); 641 return 0; 642} 643 644static int console_init_action(int nargs, char **args) 645{ 646 int fd; 647 648 if (console[0]) { 649 snprintf(console_name, sizeof(console_name), "/dev/%s", console); 650 } 651 652 fd = open(console_name, O_RDWR); 653 if (fd >= 0) 654 have_console = 1; 655 close(fd); 656 657 fd = open("/dev/tty0", O_WRONLY); 658 if (fd >= 0) { 659 const char *msg; 660 msg = "\n" 661 "\n" 662 "\n" 663 "\n" 664 "\n" 665 "\n" 666 "\n" // console is 40 cols x 30 lines 667 "\n" 668 "\n" 669 "\n" 670 "\n" 671 "\n" 672 "\n" 673 "\n" 674 " A N D R O I D "; 675 write(fd, msg, strlen(msg)); 676 close(fd); 677 } 678 679 return 0; 680} 681 682static void import_kernel_nv(char *name, int for_emulator) 683{ 684 char *value = strchr(name, '='); 685 int name_len = strlen(name); 686 687 if (value == 0) return; 688 *value++ = 0; 689 if (name_len == 0) return; 690 691 if (for_emulator) { 692 /* in the emulator, export any kernel option with the 693 * ro.kernel. prefix */ 694 char buff[PROP_NAME_MAX]; 695 int len = snprintf( buff, sizeof(buff), "ro.kernel.%s", name ); 696 697 if (len < (int)sizeof(buff)) 698 property_set( buff, value ); 699 return; 700 } 701 702 if (!strcmp(name,"qemu")) { 703 strlcpy(qemu, value, sizeof(qemu)); 704 } else if (!strncmp(name, "androidboot.", 12) && name_len > 12) { 705 const char *boot_prop_name = name + 12; 706 char prop[PROP_NAME_MAX]; 707 int cnt; 708 709 cnt = snprintf(prop, sizeof(prop), "ro.boot.%s", boot_prop_name); 710 if (cnt < PROP_NAME_MAX) 711 property_set(prop, value); 712 } 713} 714 715static void export_kernel_boot_props(void) 716{ 717 char tmp[PROP_VALUE_MAX]; 718 int ret; 719 unsigned i; 720 struct { 721 const char *src_prop; 722 const char *dest_prop; 723 const char *def_val; 724 } prop_map[] = { 725 { "ro.boot.serialno", "ro.serialno", "", }, 726 { "ro.boot.mode", "ro.bootmode", "unknown", }, 727 { "ro.boot.baseband", "ro.baseband", "unknown", }, 728 { "ro.boot.bootloader", "ro.bootloader", "unknown", }, 729 }; 730 731 for (i = 0; i < ARRAY_SIZE(prop_map); i++) { 732 ret = property_get(prop_map[i].src_prop, tmp); 733 if (ret > 0) 734 property_set(prop_map[i].dest_prop, tmp); 735 else 736 property_set(prop_map[i].dest_prop, prop_map[i].def_val); 737 } 738 739 ret = property_get("ro.boot.console", tmp); 740 if (ret) 741 strlcpy(console, tmp, sizeof(console)); 742 743 /* save a copy for init's usage during boot */ 744 property_get("ro.bootmode", tmp); 745 strlcpy(bootmode, tmp, sizeof(bootmode)); 746 747 /* if this was given on kernel command line, override what we read 748 * before (e.g. from /proc/cpuinfo), if anything */ 749 ret = property_get("ro.boot.hardware", tmp); 750 if (ret) 751 strlcpy(hardware, tmp, sizeof(hardware)); 752 property_set("ro.hardware", hardware); 753 754 snprintf(tmp, PROP_VALUE_MAX, "%d", revision); 755 property_set("ro.revision", tmp); 756 757 /* TODO: these are obsolete. We should delete them */ 758 if (!strcmp(bootmode,"factory")) 759 property_set("ro.factorytest", "1"); 760 else if (!strcmp(bootmode,"factory2")) 761 property_set("ro.factorytest", "2"); 762 else 763 property_set("ro.factorytest", "0"); 764} 765 766static void process_kernel_cmdline(void) 767{ 768 /* don't expose the raw commandline to nonpriv processes */ 769 chmod("/proc/cmdline", 0440); 770 771 /* first pass does the common stuff, and finds if we are in qemu. 772 * second pass is only necessary for qemu to export all kernel params 773 * as props. 774 */ 775 import_kernel_cmdline(0, import_kernel_nv); 776 if (qemu[0]) 777 import_kernel_cmdline(1, import_kernel_nv); 778 779 /* now propogate the info given on command line to internal variables 780 * used by init as well as the current required properties 781 */ 782 export_kernel_boot_props(); 783} 784 785static int property_service_init_action(int nargs, char **args) 786{ 787 /* read any property files on system or data and 788 * fire up the property service. This must happen 789 * after the ro.foo properties are set above so 790 * that /data/local.prop cannot interfere with them. 791 */ 792 start_property_service(); 793 return 0; 794} 795 796static int signal_init_action(int nargs, char **args) 797{ 798 signal_init(); 799 return 0; 800} 801 802static int check_startup_action(int nargs, char **args) 803{ 804 /* make sure we actually have all the pieces we need */ 805 if ((get_property_set_fd() < 0) || 806 (get_signal_fd() < 0)) { 807 ERROR("init startup failure\n"); 808 exit(1); 809 } 810 811 /* signal that we hit this point */ 812 unlink("/dev/.booting"); 813 814 return 0; 815} 816 817static int queue_property_triggers_action(int nargs, char **args) 818{ 819 queue_all_property_triggers(); 820 /* enable property triggers */ 821 property_triggers_enabled = 1; 822 return 0; 823} 824 825#if BOOTCHART 826static int bootchart_init_action(int nargs, char **args) 827{ 828 bootchart_count = bootchart_init(); 829 if (bootchart_count < 0) { 830 ERROR("bootcharting init failure\n"); 831 } else if (bootchart_count > 0) { 832 NOTICE("bootcharting started (period=%d ms)\n", bootchart_count*BOOTCHART_POLLING_MS); 833 } else { 834 NOTICE("bootcharting ignored\n"); 835 } 836 837 return 0; 838} 839#endif 840 841static const struct selinux_opt seopts_prop[] = { 842 { SELABEL_OPT_PATH, "/data/security/property_contexts" }, 843 { SELABEL_OPT_PATH, "/property_contexts" }, 844 { 0, NULL } 845}; 846 847struct selabel_handle* selinux_android_prop_context_handle(void) 848{ 849 int i = 0; 850 struct selabel_handle* sehandle = NULL; 851 while ((sehandle == NULL) && seopts_prop[i].value) { 852 sehandle = selabel_open(SELABEL_CTX_ANDROID_PROP, &seopts_prop[i], 1); 853 i++; 854 } 855 856 if (!sehandle) { 857 ERROR("SELinux: Could not load property_contexts: %s\n", 858 strerror(errno)); 859 return NULL; 860 } 861 INFO("SELinux: Loaded property contexts from %s\n", seopts_prop[i - 1].value); 862 return sehandle; 863} 864 865void selinux_init_all_handles(void) 866{ 867 sehandle = selinux_android_file_context_handle(); 868 sehandle_prop = selinux_android_prop_context_handle(); 869} 870 871static bool selinux_is_disabled(void) 872{ 873 char tmp[PROP_VALUE_MAX]; 874 875 if (access("/sys/fs/selinux", F_OK) != 0) { 876 /* SELinux is not compiled into the kernel, or has been disabled 877 * via the kernel command line "selinux=0". 878 */ 879 return true; 880 } 881 882 if ((property_get("ro.boot.selinux", tmp) != 0) && (strcmp(tmp, "disabled") == 0)) { 883 /* SELinux is compiled into the kernel, but we've been told to disable it. */ 884 return true; 885 } 886 887 return false; 888} 889 890static bool selinux_is_enforcing(void) 891{ 892 char tmp[PROP_VALUE_MAX]; 893 894 if (property_get("ro.boot.selinux", tmp) == 0) { 895 /* Property is not set. Assume enforcing */ 896 return true; 897 } 898 899 if (strcmp(tmp, "permissive") == 0) { 900 /* SELinux is in the kernel, but we've been told to go into permissive mode */ 901 return false; 902 } 903 904 if (strcmp(tmp, "enforcing") != 0) { 905 ERROR("SELinux: Unknown value of ro.boot.selinux. Got: \"%s\". Assuming enforcing.\n", tmp); 906 } 907 908 return true; 909} 910 911int selinux_reload_policy(void) 912{ 913 if (selinux_is_disabled()) { 914 return -1; 915 } 916 917 INFO("SELinux: Attempting to reload policy files\n"); 918 919 if (selinux_android_reload_policy() == -1) { 920 return -1; 921 } 922 923 if (sehandle) 924 selabel_close(sehandle); 925 926 if (sehandle_prop) 927 selabel_close(sehandle_prop); 928 929 selinux_init_all_handles(); 930 return 0; 931} 932 933int audit_callback(void *data, security_class_t cls, char *buf, size_t len) 934{ 935 snprintf(buf, len, "property=%s", !data ? "NULL" : (char *)data); 936 return 0; 937} 938 939static void selinux_initialize(void) 940{ 941 if (selinux_is_disabled()) { 942 return; 943 } 944 945 INFO("loading selinux policy\n"); 946 if (selinux_android_load_policy() < 0) { 947 ERROR("SELinux: Failed to load policy; rebooting into recovery mode\n"); 948 android_reboot(ANDROID_RB_RESTART2, 0, "recovery"); 949 while (1) { pause(); } // never reached 950 } 951 952 selinux_init_all_handles(); 953 bool is_enforcing = selinux_is_enforcing(); 954 INFO("SELinux: security_setenforce(%d)\n", is_enforcing); 955 security_setenforce(is_enforcing); 956} 957 958int main(int argc, char **argv) 959{ 960 int fd_count = 0; 961 struct pollfd ufds[4]; 962 char *tmpdev; 963 char* debuggable; 964 char tmp[32]; 965 int property_set_fd_init = 0; 966 int signal_fd_init = 0; 967 int keychord_fd_init = 0; 968 bool is_charger = false; 969 970 if (!strcmp(basename(argv[0]), "ueventd")) 971 return ueventd_main(argc, argv); 972 973 if (!strcmp(basename(argv[0]), "watchdogd")) 974 return watchdogd_main(argc, argv); 975 976 /* clear the umask */ 977 umask(0); 978 979 /* Get the basic filesystem setup we need put 980 * together in the initramdisk on / and then we'll 981 * let the rc file figure out the rest. 982 */ 983 mkdir("/dev", 0755); 984 mkdir("/proc", 0755); 985 mkdir("/sys", 0755); 986 987 mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"); 988 mkdir("/dev/pts", 0755); 989 mkdir("/dev/socket", 0755); 990 mount("devpts", "/dev/pts", "devpts", 0, NULL); 991 mount("proc", "/proc", "proc", 0, NULL); 992 mount("sysfs", "/sys", "sysfs", 0, NULL); 993 994 /* indicate that booting is in progress to background fw loaders, etc */ 995 close(open("/dev/.booting", O_WRONLY | O_CREAT, 0000)); 996 997 /* We must have some place other than / to create the 998 * device nodes for kmsg and null, otherwise we won't 999 * be able to remount / read-only later on. 1000 * Now that tmpfs is mounted on /dev, we can actually 1001 * talk to the outside world. 1002 */ 1003 open_devnull_stdio(); 1004 klog_init(); 1005 property_init(); 1006 1007 get_hardware_name(hardware, &revision); 1008 1009 process_kernel_cmdline(); 1010 1011 union selinux_callback cb; 1012 cb.func_log = klog_write; 1013 selinux_set_callback(SELINUX_CB_LOG, cb); 1014 1015 cb.func_audit = audit_callback; 1016 selinux_set_callback(SELINUX_CB_AUDIT, cb); 1017 1018 selinux_initialize(); 1019 /* These directories were necessarily created before initial policy load 1020 * and therefore need their security context restored to the proper value. 1021 * This must happen before /dev is populated by ueventd. 1022 */ 1023 restorecon("/dev"); 1024 restorecon("/dev/socket"); 1025 restorecon("/dev/__properties__"); 1026 restorecon_recursive("/sys"); 1027 1028 is_charger = !strcmp(bootmode, "charger"); 1029 1030 INFO("property init\n"); 1031 if (!is_charger) 1032 property_load_boot_defaults(); 1033 1034 INFO("reading config file\n"); 1035 init_parse_config_file("/init.rc"); 1036 1037 action_for_each_trigger("early-init", action_add_queue_tail); 1038 1039 queue_builtin_action(wait_for_coldboot_done_action, "wait_for_coldboot_done"); 1040 queue_builtin_action(mix_hwrng_into_linux_rng_action, "mix_hwrng_into_linux_rng"); 1041 queue_builtin_action(keychord_init_action, "keychord_init"); 1042 queue_builtin_action(console_init_action, "console_init"); 1043 1044 /* execute all the boot actions to get us started */ 1045 action_for_each_trigger("init", action_add_queue_tail); 1046 1047 /* skip mounting filesystems in charger mode */ 1048 if (!is_charger) { 1049 action_for_each_trigger("early-fs", action_add_queue_tail); 1050 action_for_each_trigger("fs", action_add_queue_tail); 1051 action_for_each_trigger("post-fs", action_add_queue_tail); 1052 action_for_each_trigger("post-fs-data", action_add_queue_tail); 1053 } 1054 1055 /* Repeat mix_hwrng_into_linux_rng in case /dev/hw_random or /dev/random 1056 * wasn't ready immediately after wait_for_coldboot_done 1057 */ 1058 queue_builtin_action(mix_hwrng_into_linux_rng_action, "mix_hwrng_into_linux_rng"); 1059 1060 queue_builtin_action(property_service_init_action, "property_service_init"); 1061 queue_builtin_action(signal_init_action, "signal_init"); 1062 queue_builtin_action(check_startup_action, "check_startup"); 1063 1064 if (is_charger) { 1065 action_for_each_trigger("charger", action_add_queue_tail); 1066 } else { 1067 action_for_each_trigger("early-boot", action_add_queue_tail); 1068 action_for_each_trigger("boot", action_add_queue_tail); 1069 } 1070 1071 /* run all property triggers based on current state of the properties */ 1072 queue_builtin_action(queue_property_triggers_action, "queue_property_triggers"); 1073 1074 1075#if BOOTCHART 1076 queue_builtin_action(bootchart_init_action, "bootchart_init"); 1077#endif 1078 1079 for(;;) { 1080 int nr, i, timeout = -1; 1081 1082 execute_one_command(); 1083 restart_processes(); 1084 1085 if (!property_set_fd_init && get_property_set_fd() > 0) { 1086 ufds[fd_count].fd = get_property_set_fd(); 1087 ufds[fd_count].events = POLLIN; 1088 ufds[fd_count].revents = 0; 1089 fd_count++; 1090 property_set_fd_init = 1; 1091 } 1092 if (!signal_fd_init && get_signal_fd() > 0) { 1093 ufds[fd_count].fd = get_signal_fd(); 1094 ufds[fd_count].events = POLLIN; 1095 ufds[fd_count].revents = 0; 1096 fd_count++; 1097 signal_fd_init = 1; 1098 } 1099 if (!keychord_fd_init && get_keychord_fd() > 0) { 1100 ufds[fd_count].fd = get_keychord_fd(); 1101 ufds[fd_count].events = POLLIN; 1102 ufds[fd_count].revents = 0; 1103 fd_count++; 1104 keychord_fd_init = 1; 1105 } 1106 1107 if (process_needs_restart) { 1108 timeout = (process_needs_restart - gettime()) * 1000; 1109 if (timeout < 0) 1110 timeout = 0; 1111 } 1112 1113 if (!action_queue_empty() || cur_action) 1114 timeout = 0; 1115 1116#if BOOTCHART 1117 if (bootchart_count > 0) { 1118 if (timeout < 0 || timeout > BOOTCHART_POLLING_MS) 1119 timeout = BOOTCHART_POLLING_MS; 1120 if (bootchart_step() < 0 || --bootchart_count == 0) { 1121 bootchart_finish(); 1122 bootchart_count = 0; 1123 } 1124 } 1125#endif 1126 1127 nr = poll(ufds, fd_count, timeout); 1128 if (nr <= 0) 1129 continue; 1130 1131 for (i = 0; i < fd_count; i++) { 1132 if (ufds[i].revents == POLLIN) { 1133 if (ufds[i].fd == get_property_set_fd()) 1134 handle_property_set_fd(); 1135 else if (ufds[i].fd == get_keychord_fd()) 1136 handle_keychord(); 1137 else if (ufds[i].fd == get_signal_fd()) 1138 handle_signal(); 1139 } 1140 } 1141 } 1142 1143 return 0; 1144} 1145