init.cpp revision e36a85cdcc93a84a6869fc8fc3fc82e3639d4398
1/* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <ctype.h> 18#include <dirent.h> 19#include <errno.h> 20#include <fcntl.h> 21#include <libgen.h> 22#include <paths.h> 23#include <signal.h> 24#include <stdarg.h> 25#include <stdio.h> 26#include <stdlib.h> 27#include <string.h> 28#include <sys/epoll.h> 29#include <sys/mount.h> 30#include <sys/socket.h> 31#include <sys/stat.h> 32#include <sys/types.h> 33#include <sys/un.h> 34#include <sys/wait.h> 35#include <unistd.h> 36 37#include <mtd/mtd-user.h> 38 39#include <selinux/selinux.h> 40#include <selinux/label.h> 41#include <selinux/android.h> 42 43#include <base/file.h> 44#include <base/stringprintf.h> 45#include <base/strings.h> 46#include <cutils/android_reboot.h> 47#include <cutils/fs.h> 48#include <cutils/iosched_policy.h> 49#include <cutils/list.h> 50#include <cutils/sockets.h> 51#include <private/android_filesystem_config.h> 52 53#include <memory> 54 55#include "action.h" 56#include "bootchart.h" 57#include "devices.h" 58#include "import_parser.h" 59#include "init.h" 60#include "init_parser.h" 61#include "keychords.h" 62#include "log.h" 63#include "property_service.h" 64#include "service.h" 65#include "signal_handler.h" 66#include "ueventd.h" 67#include "util.h" 68#include "watchdogd.h" 69 70struct selabel_handle *sehandle; 71struct selabel_handle *sehandle_prop; 72 73static int property_triggers_enabled = 0; 74 75static char qemu[32]; 76 77int have_console; 78std::string console_name = "/dev/console"; 79static time_t process_needs_restart; 80 81const char *ENV[32]; 82 83bool waiting_for_exec = false; 84 85static int epoll_fd = -1; 86 87void register_epoll_handler(int fd, void (*fn)()) { 88 epoll_event ev; 89 ev.events = EPOLLIN; 90 ev.data.ptr = reinterpret_cast<void*>(fn); 91 if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, fd, &ev) == -1) { 92 ERROR("epoll_ctl failed: %s\n", strerror(errno)); 93 } 94} 95 96/* add_environment - add "key=value" to the current environment */ 97int add_environment(const char *key, const char *val) 98{ 99 size_t n; 100 size_t key_len = strlen(key); 101 102 /* The last environment entry is reserved to terminate the list */ 103 for (n = 0; n < (ARRAY_SIZE(ENV) - 1); n++) { 104 105 /* Delete any existing entry for this key */ 106 if (ENV[n] != NULL) { 107 size_t entry_key_len = strcspn(ENV[n], "="); 108 if ((entry_key_len == key_len) && (strncmp(ENV[n], key, entry_key_len) == 0)) { 109 free((char*)ENV[n]); 110 ENV[n] = NULL; 111 } 112 } 113 114 /* Add entry if a free slot is available */ 115 if (ENV[n] == NULL) { 116 char* entry; 117 asprintf(&entry, "%s=%s", key, val); 118 ENV[n] = entry; 119 return 0; 120 } 121 } 122 123 ERROR("No env. room to store: '%s':'%s'\n", key, val); 124 125 return -1; 126} 127 128void property_changed(const char *name, const char *value) 129{ 130 if (property_triggers_enabled) 131 ActionManager::GetInstance().QueuePropertyTrigger(name, value); 132} 133 134static void restart_processes() 135{ 136 process_needs_restart = 0; 137 ServiceManager::GetInstance(). 138 ForEachServiceWithFlags(SVC_RESTARTING, [] (Service* s) { 139 s->RestartIfNeeded(process_needs_restart); 140 }); 141} 142 143static void msg_start(const std::string& name) 144{ 145 Service* svc = nullptr; 146 std::vector<std::string> vargs; 147 148 size_t colon_pos = name.find(':'); 149 if (colon_pos == std::string::npos) { 150 svc = ServiceManager::GetInstance().FindServiceByName(name); 151 } else { 152 std::string service_name(name.substr(0, colon_pos)); 153 std::string args(name.substr(colon_pos + 1)); 154 vargs = android::base::Split(args, " "); 155 156 svc = ServiceManager::GetInstance().FindServiceByName(service_name); 157 } 158 159 if (svc) { 160 svc->Start(vargs); 161 } else { 162 ERROR("no such service '%s'\n", name.c_str()); 163 } 164} 165 166static void msg_stop(const std::string& name) 167{ 168 Service* svc = ServiceManager::GetInstance().FindServiceByName(name); 169 170 if (svc) { 171 svc->Stop(); 172 } else { 173 ERROR("no such service '%s'\n", name.c_str()); 174 } 175} 176 177static void msg_restart(const std::string& name) 178{ 179 Service* svc = ServiceManager::GetInstance().FindServiceByName(name); 180 181 if (svc) { 182 svc->Restart(); 183 } else { 184 ERROR("no such service '%s'\n", name.c_str()); 185 } 186} 187 188void handle_control_message(const std::string& msg, const std::string& arg) 189{ 190 if (msg == "start") { 191 msg_start(arg); 192 } else if (msg == "stop") { 193 msg_stop(arg); 194 } else if (msg == "restart") { 195 msg_restart(arg); 196 } else { 197 ERROR("unknown control msg '%s'\n", msg.c_str()); 198 } 199} 200 201static int wait_for_coldboot_done_action(const std::vector<std::string>& args) { 202 Timer t; 203 204 NOTICE("Waiting for %s...\n", COLDBOOT_DONE); 205 // Any longer than 1s is an unreasonable length of time to delay booting. 206 // If you're hitting this timeout, check that you didn't make your 207 // sepolicy regular expressions too expensive (http://b/19899875). 208 if (wait_for_file(COLDBOOT_DONE, 1)) { 209 ERROR("Timed out waiting for %s\n", COLDBOOT_DONE); 210 } 211 212 NOTICE("Waiting for %s took %.2fs.\n", COLDBOOT_DONE, t.duration()); 213 return 0; 214} 215 216/* 217 * Writes 512 bytes of output from Hardware RNG (/dev/hw_random, backed 218 * by Linux kernel's hw_random framework) into Linux RNG's via /dev/urandom. 219 * Does nothing if Hardware RNG is not present. 220 * 221 * Since we don't yet trust the quality of Hardware RNG, these bytes are not 222 * mixed into the primary pool of Linux RNG and the entropy estimate is left 223 * unmodified. 224 * 225 * If the HW RNG device /dev/hw_random is present, we require that at least 226 * 512 bytes read from it are written into Linux RNG. QA is expected to catch 227 * devices/configurations where these I/O operations are blocking for a long 228 * time. We do not reboot or halt on failures, as this is a best-effort 229 * attempt. 230 */ 231static int mix_hwrng_into_linux_rng_action(const std::vector<std::string>& args) 232{ 233 int result = -1; 234 int hwrandom_fd = -1; 235 int urandom_fd = -1; 236 char buf[512]; 237 ssize_t chunk_size; 238 size_t total_bytes_written = 0; 239 240 hwrandom_fd = TEMP_FAILURE_RETRY( 241 open("/dev/hw_random", O_RDONLY | O_NOFOLLOW | O_CLOEXEC)); 242 if (hwrandom_fd == -1) { 243 if (errno == ENOENT) { 244 ERROR("/dev/hw_random not found\n"); 245 /* It's not an error to not have a Hardware RNG. */ 246 result = 0; 247 } else { 248 ERROR("Failed to open /dev/hw_random: %s\n", strerror(errno)); 249 } 250 goto ret; 251 } 252 253 urandom_fd = TEMP_FAILURE_RETRY( 254 open("/dev/urandom", O_WRONLY | O_NOFOLLOW | O_CLOEXEC)); 255 if (urandom_fd == -1) { 256 ERROR("Failed to open /dev/urandom: %s\n", strerror(errno)); 257 goto ret; 258 } 259 260 while (total_bytes_written < sizeof(buf)) { 261 chunk_size = TEMP_FAILURE_RETRY( 262 read(hwrandom_fd, buf, sizeof(buf) - total_bytes_written)); 263 if (chunk_size == -1) { 264 ERROR("Failed to read from /dev/hw_random: %s\n", strerror(errno)); 265 goto ret; 266 } else if (chunk_size == 0) { 267 ERROR("Failed to read from /dev/hw_random: EOF\n"); 268 goto ret; 269 } 270 271 chunk_size = TEMP_FAILURE_RETRY(write(urandom_fd, buf, chunk_size)); 272 if (chunk_size == -1) { 273 ERROR("Failed to write to /dev/urandom: %s\n", strerror(errno)); 274 goto ret; 275 } 276 total_bytes_written += chunk_size; 277 } 278 279 INFO("Mixed %zu bytes from /dev/hw_random into /dev/urandom", 280 total_bytes_written); 281 result = 0; 282 283ret: 284 if (hwrandom_fd != -1) { 285 close(hwrandom_fd); 286 } 287 if (urandom_fd != -1) { 288 close(urandom_fd); 289 } 290 return result; 291} 292 293static int keychord_init_action(const std::vector<std::string>& args) 294{ 295 keychord_init(); 296 return 0; 297} 298 299static int console_init_action(const std::vector<std::string>& args) 300{ 301 std::string console = property_get("ro.boot.console"); 302 if (!console.empty()) { 303 console_name = "/dev/" + console; 304 } 305 306 int fd = open(console_name.c_str(), O_RDWR | O_CLOEXEC); 307 if (fd >= 0) 308 have_console = 1; 309 close(fd); 310 311 fd = open("/dev/tty0", O_WRONLY | O_CLOEXEC); 312 if (fd >= 0) { 313 const char *msg; 314 msg = "\n" 315 "\n" 316 "\n" 317 "\n" 318 "\n" 319 "\n" 320 "\n" // console is 40 cols x 30 lines 321 "\n" 322 "\n" 323 "\n" 324 "\n" 325 "\n" 326 "\n" 327 "\n" 328 " A N D R O I D "; 329 write(fd, msg, strlen(msg)); 330 close(fd); 331 } 332 333 return 0; 334} 335 336static void import_kernel_nv(const std::string& key, const std::string& value, bool for_emulator) { 337 if (key.empty()) return; 338 339 if (for_emulator) { 340 // In the emulator, export any kernel option with the "ro.kernel." prefix. 341 property_set(android::base::StringPrintf("ro.kernel.%s", key.c_str()).c_str(), value.c_str()); 342 return; 343 } 344 345 if (key == "qemu") { 346 strlcpy(qemu, value.c_str(), sizeof(qemu)); 347 } else if (android::base::StartsWith(key, "androidboot.")) { 348 property_set(android::base::StringPrintf("ro.boot.%s", key.c_str() + 12).c_str(), 349 value.c_str()); 350 } 351} 352 353static void export_kernel_boot_props() { 354 struct { 355 const char *src_prop; 356 const char *dst_prop; 357 const char *default_value; 358 } prop_map[] = { 359 { "ro.boot.serialno", "ro.serialno", "", }, 360 { "ro.boot.mode", "ro.bootmode", "unknown", }, 361 { "ro.boot.baseband", "ro.baseband", "unknown", }, 362 { "ro.boot.bootloader", "ro.bootloader", "unknown", }, 363 { "ro.boot.hardware", "ro.hardware", "unknown", }, 364 { "ro.boot.revision", "ro.revision", "0", }, 365 }; 366 for (size_t i = 0; i < ARRAY_SIZE(prop_map); i++) { 367 std::string value = property_get(prop_map[i].src_prop); 368 property_set(prop_map[i].dst_prop, (!value.empty()) ? value.c_str() : prop_map[i].default_value); 369 } 370} 371 372static void process_kernel_dt() { 373 static const char android_dir[] = "/proc/device-tree/firmware/android"; 374 375 std::string file_name = android::base::StringPrintf("%s/compatible", android_dir); 376 377 std::string dt_file; 378 android::base::ReadFileToString(file_name, &dt_file); 379 if (!dt_file.compare("android,firmware")) { 380 ERROR("firmware/android is not compatible with 'android,firmware'\n"); 381 return; 382 } 383 384 std::unique_ptr<DIR, int(*)(DIR*)>dir(opendir(android_dir), closedir); 385 if (!dir) return; 386 387 struct dirent *dp; 388 while ((dp = readdir(dir.get())) != NULL) { 389 if (dp->d_type != DT_REG || !strcmp(dp->d_name, "compatible") || !strcmp(dp->d_name, "name")) { 390 continue; 391 } 392 393 file_name = android::base::StringPrintf("%s/%s", android_dir, dp->d_name); 394 395 android::base::ReadFileToString(file_name, &dt_file); 396 std::replace(dt_file.begin(), dt_file.end(), ',', '.'); 397 398 std::string property_name = android::base::StringPrintf("ro.boot.%s", dp->d_name); 399 property_set(property_name.c_str(), dt_file.c_str()); 400 } 401} 402 403static void process_kernel_cmdline() { 404 // Don't expose the raw commandline to unprivileged processes. 405 chmod("/proc/cmdline", 0440); 406 407 // The first pass does the common stuff, and finds if we are in qemu. 408 // The second pass is only necessary for qemu to export all kernel params 409 // as properties. 410 import_kernel_cmdline(false, import_kernel_nv); 411 if (qemu[0]) import_kernel_cmdline(true, import_kernel_nv); 412} 413 414static int queue_property_triggers_action(const std::vector<std::string>& args) 415{ 416 ActionManager::GetInstance().QueueAllPropertyTriggers(); 417 /* enable property triggers */ 418 property_triggers_enabled = 1; 419 return 0; 420} 421 422static void selinux_init_all_handles(void) 423{ 424 sehandle = selinux_android_file_context_handle(); 425 selinux_android_set_sehandle(sehandle); 426 sehandle_prop = selinux_android_prop_context_handle(); 427} 428 429enum selinux_enforcing_status { SELINUX_PERMISSIVE, SELINUX_ENFORCING }; 430 431static selinux_enforcing_status selinux_status_from_cmdline() { 432 selinux_enforcing_status status = SELINUX_ENFORCING; 433 434 import_kernel_cmdline(false, [&](const std::string& key, const std::string& value, bool in_qemu) { 435 if (key == "androidboot.selinux" && value == "permissive") { 436 status = SELINUX_PERMISSIVE; 437 } 438 }); 439 440 return status; 441} 442 443static bool selinux_is_enforcing(void) 444{ 445 if (ALLOW_PERMISSIVE_SELINUX) { 446 return selinux_status_from_cmdline() == SELINUX_ENFORCING; 447 } 448 return true; 449} 450 451int selinux_reload_policy(void) 452{ 453 INFO("SELinux: Attempting to reload policy files\n"); 454 455 if (selinux_android_reload_policy() == -1) { 456 return -1; 457 } 458 459 if (sehandle) 460 selabel_close(sehandle); 461 462 if (sehandle_prop) 463 selabel_close(sehandle_prop); 464 465 selinux_init_all_handles(); 466 return 0; 467} 468 469static int audit_callback(void *data, security_class_t /*cls*/, char *buf, size_t len) { 470 471 property_audit_data *d = reinterpret_cast<property_audit_data*>(data); 472 473 if (!d || !d->name || !d->cr) { 474 ERROR("audit_callback invoked with null data arguments!"); 475 return 0; 476 } 477 478 snprintf(buf, len, "property=%s pid=%d uid=%d gid=%d", d->name, 479 d->cr->pid, d->cr->uid, d->cr->gid); 480 return 0; 481} 482 483static void security_failure() { 484 ERROR("Security failure; rebooting into recovery mode...\n"); 485 android_reboot(ANDROID_RB_RESTART2, 0, "recovery"); 486 while (true) { pause(); } // never reached 487} 488 489static void selinux_initialize(bool in_kernel_domain) { 490 Timer t; 491 492 selinux_callback cb; 493 cb.func_log = selinux_klog_callback; 494 selinux_set_callback(SELINUX_CB_LOG, cb); 495 cb.func_audit = audit_callback; 496 selinux_set_callback(SELINUX_CB_AUDIT, cb); 497 498 if (in_kernel_domain) { 499 INFO("Loading SELinux policy...\n"); 500 if (selinux_android_load_policy() < 0) { 501 ERROR("failed to load policy: %s\n", strerror(errno)); 502 security_failure(); 503 } 504 505 bool kernel_enforcing = (security_getenforce() == 1); 506 bool is_enforcing = selinux_is_enforcing(); 507 if (kernel_enforcing != is_enforcing) { 508 if (security_setenforce(is_enforcing)) { 509 ERROR("security_setenforce(%s) failed: %s\n", 510 is_enforcing ? "true" : "false", strerror(errno)); 511 security_failure(); 512 } 513 } 514 515 if (write_file("/sys/fs/selinux/checkreqprot", "0") == -1) { 516 security_failure(); 517 } 518 519 NOTICE("(Initializing SELinux %s took %.2fs.)\n", 520 is_enforcing ? "enforcing" : "non-enforcing", t.duration()); 521 } else { 522 selinux_init_all_handles(); 523 } 524} 525 526int main(int argc, char** argv) { 527 if (!strcmp(basename(argv[0]), "ueventd")) { 528 return ueventd_main(argc, argv); 529 } 530 531 if (!strcmp(basename(argv[0]), "watchdogd")) { 532 return watchdogd_main(argc, argv); 533 } 534 535 // Clear the umask. 536 umask(0); 537 538 add_environment("PATH", _PATH_DEFPATH); 539 540 bool is_first_stage = (argc == 1) || (strcmp(argv[1], "--second-stage") != 0); 541 542 // Get the basic filesystem setup we need put together in the initramdisk 543 // on / and then we'll let the rc file figure out the rest. 544 if (is_first_stage) { 545 mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"); 546 mkdir("/dev/pts", 0755); 547 mkdir("/dev/socket", 0755); 548 mount("devpts", "/dev/pts", "devpts", 0, NULL); 549 #define MAKE_STR(x) __STRING(x) 550 mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC)); 551 mount("sysfs", "/sys", "sysfs", 0, NULL); 552 } 553 554 // We must have some place other than / to create the device nodes for 555 // kmsg and null, otherwise we won't be able to remount / read-only 556 // later on. Now that tmpfs is mounted on /dev, we can actually talk 557 // to the outside world. 558 open_devnull_stdio(); 559 klog_init(); 560 klog_set_level(KLOG_NOTICE_LEVEL); 561 562 NOTICE("init %s started!\n", is_first_stage ? "first stage" : "second stage"); 563 564 if (!is_first_stage) { 565 // Indicate that booting is in progress to background fw loaders, etc. 566 close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000)); 567 568 property_init(); 569 570 // If arguments are passed both on the command line and in DT, 571 // properties set in DT always have priority over the command-line ones. 572 process_kernel_dt(); 573 process_kernel_cmdline(); 574 575 // Propagate the kernel variables to internal variables 576 // used by init as well as the current required properties. 577 export_kernel_boot_props(); 578 } 579 580 // Set up SELinux, including loading the SELinux policy if we're in the kernel domain. 581 selinux_initialize(is_first_stage); 582 583 // If we're in the kernel domain, re-exec init to transition to the init domain now 584 // that the SELinux policy has been loaded. 585 if (is_first_stage) { 586 if (restorecon("/init") == -1) { 587 ERROR("restorecon failed: %s\n", strerror(errno)); 588 security_failure(); 589 } 590 char* path = argv[0]; 591 char* args[] = { path, const_cast<char*>("--second-stage"), nullptr }; 592 if (execv(path, args) == -1) { 593 ERROR("execv(\"%s\") failed: %s\n", path, strerror(errno)); 594 security_failure(); 595 } 596 } 597 598 // These directories were necessarily created before initial policy load 599 // and therefore need their security context restored to the proper value. 600 // This must happen before /dev is populated by ueventd. 601 NOTICE("Running restorecon...\n"); 602 restorecon("/dev"); 603 restorecon("/dev/socket"); 604 restorecon("/dev/__properties__"); 605 restorecon("/property_contexts"); 606 restorecon_recursive("/sys"); 607 608 epoll_fd = epoll_create1(EPOLL_CLOEXEC); 609 if (epoll_fd == -1) { 610 ERROR("epoll_create1 failed: %s\n", strerror(errno)); 611 exit(1); 612 } 613 614 signal_handler_init(); 615 616 property_load_boot_defaults(); 617 start_property_service(); 618 619 const BuiltinFunctionMap function_map; 620 Action::set_function_map(&function_map); 621 622 Parser& parser = Parser::GetInstance(); 623 parser.AddSectionParser("service",std::make_unique<ServiceParser>()); 624 parser.AddSectionParser("on", std::make_unique<ActionParser>()); 625 parser.AddSectionParser("import", std::make_unique<ImportParser>()); 626 parser.ParseConfig("/init.rc"); 627 628 ActionManager& am = ActionManager::GetInstance(); 629 630 am.QueueEventTrigger("early-init"); 631 632 // Queue an action that waits for coldboot done so we know ueventd has set up all of /dev... 633 am.QueueBuiltinAction(wait_for_coldboot_done_action, "wait_for_coldboot_done"); 634 // ... so that we can start queuing up actions that require stuff from /dev. 635 am.QueueBuiltinAction(mix_hwrng_into_linux_rng_action, "mix_hwrng_into_linux_rng"); 636 am.QueueBuiltinAction(keychord_init_action, "keychord_init"); 637 am.QueueBuiltinAction(console_init_action, "console_init"); 638 639 // Trigger all the boot actions to get us started. 640 am.QueueEventTrigger("init"); 641 642 // Repeat mix_hwrng_into_linux_rng in case /dev/hw_random or /dev/random 643 // wasn't ready immediately after wait_for_coldboot_done 644 am.QueueBuiltinAction(mix_hwrng_into_linux_rng_action, "mix_hwrng_into_linux_rng"); 645 646 // Don't mount filesystems or start core system services in charger mode. 647 std::string bootmode = property_get("ro.bootmode"); 648 if (bootmode == "charger") { 649 am.QueueEventTrigger("charger"); 650 } else { 651 am.QueueEventTrigger("late-init"); 652 } 653 654 // Run all property triggers based on current state of the properties. 655 am.QueueBuiltinAction(queue_property_triggers_action, "queue_property_triggers"); 656 657 while (true) { 658 if (!waiting_for_exec) { 659 am.ExecuteOneCommand(); 660 restart_processes(); 661 } 662 663 int timeout = -1; 664 if (process_needs_restart) { 665 timeout = (process_needs_restart - gettime()) * 1000; 666 if (timeout < 0) 667 timeout = 0; 668 } 669 670 if (am.HasMoreCommands()) { 671 timeout = 0; 672 } 673 674 bootchart_sample(&timeout); 675 676 epoll_event ev; 677 int nr = TEMP_FAILURE_RETRY(epoll_wait(epoll_fd, &ev, 1, timeout)); 678 if (nr == -1) { 679 ERROR("epoll_wait failed: %s\n", strerror(errno)); 680 } else if (nr == 1) { 681 ((void (*)()) ev.data.ptr)(); 682 } 683 } 684 685 return 0; 686} 687