service.cpp revision 7d0a5c3656ee56eb81e442b58063d500b4f506e0
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include "service.h" 18 19#include <fcntl.h> 20#include <inttypes.h> 21#include <linux/securebits.h> 22#include <sched.h> 23#include <sys/mount.h> 24#include <sys/prctl.h> 25#include <sys/resource.h> 26#include <sys/stat.h> 27#include <sys/system_properties.h> 28#include <sys/time.h> 29#include <sys/wait.h> 30#include <termios.h> 31#include <unistd.h> 32 33#include <android-base/file.h> 34#include <android-base/logging.h> 35#include <android-base/parseint.h> 36#include <android-base/properties.h> 37#include <android-base/scopeguard.h> 38#include <android-base/stringprintf.h> 39#include <android-base/strings.h> 40#include <hidl-util/FQName.h> 41#include <processgroup/processgroup.h> 42#include <selinux/selinux.h> 43#include <system/thread_defs.h> 44 45#include "init.h" 46#include "property_service.h" 47#include "rlimit_parser.h" 48#include "util.h" 49 50using android::base::boot_clock; 51using android::base::GetProperty; 52using android::base::Join; 53using android::base::make_scope_guard; 54using android::base::ParseInt; 55using android::base::StartsWith; 56using android::base::StringPrintf; 57using android::base::WriteStringToFile; 58 59namespace android { 60namespace init { 61 62static Result<std::string> ComputeContextFromExecutable(std::string& service_name, 63 const std::string& service_path) { 64 std::string computed_context; 65 66 char* raw_con = nullptr; 67 char* raw_filecon = nullptr; 68 69 if (getcon(&raw_con) == -1) { 70 return Error() << "Could not get security context"; 71 } 72 std::unique_ptr<char> mycon(raw_con); 73 74 if (getfilecon(service_path.c_str(), &raw_filecon) == -1) { 75 return Error() << "Could not get file context"; 76 } 77 std::unique_ptr<char> filecon(raw_filecon); 78 79 char* new_con = nullptr; 80 int rc = security_compute_create(mycon.get(), filecon.get(), 81 string_to_security_class("process"), &new_con); 82 if (rc == 0) { 83 computed_context = new_con; 84 free(new_con); 85 } 86 if (rc == 0 && computed_context == mycon.get()) { 87 return Error() << "File " << service_path << "(labeled \"" << filecon.get() 88 << "\") has incorrect label or no domain transition from " << mycon.get() 89 << " to another SELinux domain defined. Have you configured your " 90 "service correctly? https://source.android.com/security/selinux/" 91 "device-policy#label_new_services_and_address_denials"; 92 } 93 if (rc < 0) { 94 return Error() << "Could not get process context"; 95 } 96 return computed_context; 97} 98 99static void SetUpPidNamespace(const std::string& service_name) { 100 constexpr unsigned int kSafeFlags = MS_NODEV | MS_NOEXEC | MS_NOSUID; 101 102 // It's OK to LOG(FATAL) in this function since it's running in the first 103 // child process. 104 105 // Recursively remount / as slave like zygote does so unmounting and mounting /proc 106 // doesn't interfere with the parent namespace's /proc mount. This will also 107 // prevent any other mounts/unmounts initiated by the service from interfering 108 // with the parent namespace but will still allow mount events from the parent 109 // namespace to propagate to the child. 110 if (mount("rootfs", "/", nullptr, (MS_SLAVE | MS_REC), nullptr) == -1) { 111 PLOG(FATAL) << "couldn't remount(/) recursively as slave for " << service_name; 112 } 113 // umount() then mount() /proc. 114 // Note that it is not sufficient to mount with MS_REMOUNT. 115 if (umount("/proc") == -1) { 116 PLOG(FATAL) << "couldn't umount(/proc) for " << service_name; 117 } 118 if (mount("", "/proc", "proc", kSafeFlags, "") == -1) { 119 PLOG(FATAL) << "couldn't mount(/proc) for " << service_name; 120 } 121 122 if (prctl(PR_SET_NAME, service_name.c_str()) == -1) { 123 PLOG(FATAL) << "couldn't set name for " << service_name; 124 } 125 126 pid_t child_pid = fork(); 127 if (child_pid == -1) { 128 PLOG(FATAL) << "couldn't fork init inside the PID namespace for " << service_name; 129 } 130 131 if (child_pid > 0) { 132 // So that we exit with the right status. 133 static int init_exitstatus = 0; 134 signal(SIGTERM, [](int) { _exit(init_exitstatus); }); 135 136 pid_t waited_pid; 137 int status; 138 while ((waited_pid = wait(&status)) > 0) { 139 // This loop will end when there are no processes left inside the 140 // PID namespace or when the init process inside the PID namespace 141 // gets a signal. 142 if (waited_pid == child_pid) { 143 init_exitstatus = status; 144 } 145 } 146 if (!WIFEXITED(init_exitstatus)) { 147 _exit(EXIT_FAILURE); 148 } 149 _exit(WEXITSTATUS(init_exitstatus)); 150 } 151} 152 153static bool ExpandArgsAndExecv(const std::vector<std::string>& args) { 154 std::vector<std::string> expanded_args; 155 std::vector<char*> c_strings; 156 157 expanded_args.resize(args.size()); 158 c_strings.push_back(const_cast<char*>(args[0].data())); 159 for (std::size_t i = 1; i < args.size(); ++i) { 160 if (!expand_props(args[i], &expanded_args[i])) { 161 LOG(FATAL) << args[0] << ": cannot expand '" << args[i] << "'"; 162 } 163 c_strings.push_back(expanded_args[i].data()); 164 } 165 c_strings.push_back(nullptr); 166 167 return execv(c_strings[0], c_strings.data()) == 0; 168} 169 170unsigned long Service::next_start_order_ = 1; 171bool Service::is_exec_service_running_ = false; 172 173Service::Service(const std::string& name, Subcontext* subcontext_for_restart_commands, 174 const std::vector<std::string>& args) 175 : Service(name, 0, 0, 0, {}, 0, 0, "", subcontext_for_restart_commands, args) {} 176 177Service::Service(const std::string& name, unsigned flags, uid_t uid, gid_t gid, 178 const std::vector<gid_t>& supp_gids, const CapSet& capabilities, 179 unsigned namespace_flags, const std::string& seclabel, 180 Subcontext* subcontext_for_restart_commands, const std::vector<std::string>& args) 181 : name_(name), 182 classnames_({"default"}), 183 flags_(flags), 184 pid_(0), 185 crash_count_(0), 186 uid_(uid), 187 gid_(gid), 188 supp_gids_(supp_gids), 189 capabilities_(capabilities), 190 namespace_flags_(namespace_flags), 191 seclabel_(seclabel), 192 onrestart_(false, subcontext_for_restart_commands, "<Service '" + name + "' onrestart>", 0), 193 keychord_id_(0), 194 ioprio_class_(IoSchedClass_NONE), 195 ioprio_pri_(0), 196 priority_(0), 197 oom_score_adjust_(-1000), 198 swappiness_(-1), 199 soft_limit_in_bytes_(-1), 200 limit_in_bytes_(-1), 201 start_order_(0), 202 args_(args) { 203 onrestart_.InitSingleTrigger("onrestart"); 204} 205 206void Service::NotifyStateChange(const std::string& new_state) const { 207 if ((flags_ & SVC_TEMPORARY) != 0) { 208 // Services created by 'exec' are temporary and don't have properties tracking their state. 209 return; 210 } 211 212 std::string prop_name = "init.svc." + name_; 213 property_set(prop_name, new_state); 214 215 if (new_state == "running") { 216 uint64_t start_ns = time_started_.time_since_epoch().count(); 217 std::string boottime_property = "ro.boottime." + name_; 218 if (GetProperty(boottime_property, "").empty()) { 219 property_set(boottime_property, std::to_string(start_ns)); 220 } 221 } 222} 223 224void Service::KillProcessGroup(int signal) { 225 // If we've already seen a successful result from killProcessGroup*(), then we have removed 226 // the cgroup already and calling these functions a second time will simply result in an error. 227 // This is true regardless of which signal was sent. 228 // These functions handle their own logging, so no additional logging is needed. 229 if (!process_cgroup_empty_) { 230 LOG(INFO) << "Sending signal " << signal << " to service '" << name_ << "' (pid " << pid_ 231 << ") process group..."; 232 int r; 233 if (signal == SIGTERM) { 234 r = killProcessGroupOnce(uid_, pid_, signal); 235 } else { 236 r = killProcessGroup(uid_, pid_, signal); 237 } 238 239 if (r == 0) process_cgroup_empty_ = true; 240 } 241} 242 243void Service::SetProcessAttributes() { 244 for (const auto& rlimit : rlimits_) { 245 if (setrlimit(rlimit.first, &rlimit.second) == -1) { 246 LOG(FATAL) << StringPrintf("setrlimit(%d, {rlim_cur=%ld, rlim_max=%ld}) failed", 247 rlimit.first, rlimit.second.rlim_cur, rlimit.second.rlim_max); 248 } 249 } 250 // Keep capabilites on uid change. 251 if (capabilities_.any() && uid_) { 252 // If Android is running in a container, some securebits might already 253 // be locked, so don't change those. 254 unsigned long securebits = prctl(PR_GET_SECUREBITS); 255 if (securebits == -1UL) { 256 PLOG(FATAL) << "prctl(PR_GET_SECUREBITS) failed for " << name_; 257 } 258 securebits |= SECBIT_KEEP_CAPS | SECBIT_KEEP_CAPS_LOCKED; 259 if (prctl(PR_SET_SECUREBITS, securebits) != 0) { 260 PLOG(FATAL) << "prctl(PR_SET_SECUREBITS) failed for " << name_; 261 } 262 } 263 264 // TODO: work out why this fails for `console` then upgrade to FATAL. 265 if (setpgid(0, getpid()) == -1) PLOG(ERROR) << "setpgid failed for " << name_; 266 267 if (gid_) { 268 if (setgid(gid_) != 0) { 269 PLOG(FATAL) << "setgid failed for " << name_; 270 } 271 } 272 if (setgroups(supp_gids_.size(), &supp_gids_[0]) != 0) { 273 PLOG(FATAL) << "setgroups failed for " << name_; 274 } 275 if (uid_) { 276 if (setuid(uid_) != 0) { 277 PLOG(FATAL) << "setuid failed for " << name_; 278 } 279 } 280 if (!seclabel_.empty()) { 281 if (setexeccon(seclabel_.c_str()) < 0) { 282 PLOG(FATAL) << "cannot setexeccon('" << seclabel_ << "') for " << name_; 283 } 284 } 285 if (priority_ != 0) { 286 if (setpriority(PRIO_PROCESS, 0, priority_) != 0) { 287 PLOG(FATAL) << "setpriority failed for " << name_; 288 } 289 } 290 if (capabilities_.any()) { 291 if (!SetCapsForExec(capabilities_)) { 292 LOG(FATAL) << "cannot set capabilities for " << name_; 293 } 294 } 295} 296 297void Service::Reap() { 298 if (!(flags_ & SVC_ONESHOT) || (flags_ & SVC_RESTART)) { 299 KillProcessGroup(SIGKILL); 300 } 301 302 // Remove any descriptor resources we may have created. 303 std::for_each(descriptors_.begin(), descriptors_.end(), 304 std::bind(&DescriptorInfo::Clean, std::placeholders::_1)); 305 306 if (flags_ & SVC_EXEC) UnSetExec(); 307 308 if (flags_ & SVC_TEMPORARY) return; 309 310 pid_ = 0; 311 flags_ &= (~SVC_RUNNING); 312 start_order_ = 0; 313 314 // Oneshot processes go into the disabled state on exit, 315 // except when manually restarted. 316 if ((flags_ & SVC_ONESHOT) && !(flags_ & SVC_RESTART)) { 317 flags_ |= SVC_DISABLED; 318 } 319 320 // Disabled and reset processes do not get restarted automatically. 321 if (flags_ & (SVC_DISABLED | SVC_RESET)) { 322 NotifyStateChange("stopped"); 323 return; 324 } 325 326 // If we crash > 4 times in 4 minutes, reboot into recovery. 327 boot_clock::time_point now = boot_clock::now(); 328 if ((flags_ & SVC_CRITICAL) && !(flags_ & SVC_RESTART)) { 329 if (now < time_crashed_ + 4min) { 330 if (++crash_count_ > 4) { 331 LOG(FATAL) << "critical process '" << name_ << "' exited 4 times in 4 minutes"; 332 } 333 } else { 334 time_crashed_ = now; 335 crash_count_ = 1; 336 } 337 } 338 339 flags_ &= (~SVC_RESTART); 340 flags_ |= SVC_RESTARTING; 341 342 // Execute all onrestart commands for this service. 343 onrestart_.ExecuteAllCommands(); 344 345 NotifyStateChange("restarting"); 346 return; 347} 348 349void Service::DumpState() const { 350 LOG(INFO) << "service " << name_; 351 LOG(INFO) << " class '" << Join(classnames_, " ") << "'"; 352 LOG(INFO) << " exec " << Join(args_, " "); 353 std::for_each(descriptors_.begin(), descriptors_.end(), 354 [] (const auto& info) { LOG(INFO) << *info; }); 355} 356 357Result<Success> Service::ParseCapabilities(const std::vector<std::string>& args) { 358 capabilities_ = 0; 359 360 if (!CapAmbientSupported()) { 361 return Error() 362 << "capabilities requested but the kernel does not support ambient capabilities"; 363 } 364 365 unsigned int last_valid_cap = GetLastValidCap(); 366 if (last_valid_cap >= capabilities_.size()) { 367 LOG(WARNING) << "last valid run-time capability is larger than CAP_LAST_CAP"; 368 } 369 370 for (size_t i = 1; i < args.size(); i++) { 371 const std::string& arg = args[i]; 372 int res = LookupCap(arg); 373 if (res < 0) { 374 return Error() << StringPrintf("invalid capability '%s'", arg.c_str()); 375 } 376 unsigned int cap = static_cast<unsigned int>(res); // |res| is >= 0. 377 if (cap > last_valid_cap) { 378 return Error() << StringPrintf("capability '%s' not supported by the kernel", 379 arg.c_str()); 380 } 381 capabilities_[cap] = true; 382 } 383 return Success(); 384} 385 386Result<Success> Service::ParseClass(const std::vector<std::string>& args) { 387 classnames_ = std::set<std::string>(args.begin() + 1, args.end()); 388 return Success(); 389} 390 391Result<Success> Service::ParseConsole(const std::vector<std::string>& args) { 392 flags_ |= SVC_CONSOLE; 393 console_ = args.size() > 1 ? "/dev/" + args[1] : ""; 394 return Success(); 395} 396 397Result<Success> Service::ParseCritical(const std::vector<std::string>& args) { 398 flags_ |= SVC_CRITICAL; 399 return Success(); 400} 401 402Result<Success> Service::ParseDisabled(const std::vector<std::string>& args) { 403 flags_ |= SVC_DISABLED; 404 flags_ |= SVC_RC_DISABLED; 405 return Success(); 406} 407 408Result<Success> Service::ParseGroup(const std::vector<std::string>& args) { 409 auto gid = DecodeUid(args[1]); 410 if (!gid) { 411 return Error() << "Unable to decode GID for '" << args[1] << "': " << gid.error(); 412 } 413 gid_ = *gid; 414 415 for (std::size_t n = 2; n < args.size(); n++) { 416 gid = DecodeUid(args[n]); 417 if (!gid) { 418 return Error() << "Unable to decode GID for '" << args[n] << "': " << gid.error(); 419 } 420 supp_gids_.emplace_back(*gid); 421 } 422 return Success(); 423} 424 425Result<Success> Service::ParsePriority(const std::vector<std::string>& args) { 426 priority_ = 0; 427 if (!ParseInt(args[1], &priority_, 428 static_cast<int>(ANDROID_PRIORITY_HIGHEST), // highest is negative 429 static_cast<int>(ANDROID_PRIORITY_LOWEST))) { 430 return Error() << StringPrintf("process priority value must be range %d - %d", 431 ANDROID_PRIORITY_HIGHEST, ANDROID_PRIORITY_LOWEST); 432 } 433 return Success(); 434} 435 436Result<Success> Service::ParseInterface(const std::vector<std::string>& args) { 437 const std::string& interface_name = args[1]; 438 const std::string& instance_name = args[2]; 439 440 const FQName fq_name = FQName(interface_name); 441 if (!fq_name.isValid()) { 442 return Error() << "Invalid fully-qualified name for interface '" << interface_name << "'"; 443 } 444 445 if (!fq_name.isFullyQualified()) { 446 return Error() << "Interface name not fully-qualified '" << interface_name << "'"; 447 } 448 449 if (fq_name.isValidValueName()) { 450 return Error() << "Interface name must not be a value name '" << interface_name << "'"; 451 } 452 453 const std::string fullname = interface_name + "/" + instance_name; 454 455 for (const auto& svc : ServiceList::GetInstance()) { 456 if (svc->interfaces().count(fullname) > 0) { 457 return Error() << "Interface '" << fullname << "' redefined in " << name() 458 << " but is already defined by " << svc->name(); 459 } 460 } 461 462 interfaces_.insert(fullname); 463 464 return Success(); 465} 466 467Result<Success> Service::ParseIoprio(const std::vector<std::string>& args) { 468 if (!ParseInt(args[2], &ioprio_pri_, 0, 7)) { 469 return Error() << "priority value must be range 0 - 7"; 470 } 471 472 if (args[1] == "rt") { 473 ioprio_class_ = IoSchedClass_RT; 474 } else if (args[1] == "be") { 475 ioprio_class_ = IoSchedClass_BE; 476 } else if (args[1] == "idle") { 477 ioprio_class_ = IoSchedClass_IDLE; 478 } else { 479 return Error() << "ioprio option usage: ioprio <rt|be|idle> <0-7>"; 480 } 481 482 return Success(); 483} 484 485Result<Success> Service::ParseKeycodes(const std::vector<std::string>& args) { 486 for (std::size_t i = 1; i < args.size(); i++) { 487 int code; 488 if (ParseInt(args[i], &code)) { 489 keycodes_.emplace_back(code); 490 } else { 491 LOG(WARNING) << "ignoring invalid keycode: " << args[i]; 492 } 493 } 494 return Success(); 495} 496 497Result<Success> Service::ParseOneshot(const std::vector<std::string>& args) { 498 flags_ |= SVC_ONESHOT; 499 return Success(); 500} 501 502Result<Success> Service::ParseOnrestart(const std::vector<std::string>& args) { 503 std::vector<std::string> str_args(args.begin() + 1, args.end()); 504 int line = onrestart_.NumCommands() + 1; 505 if (auto result = onrestart_.AddCommand(str_args, line); !result) { 506 return Error() << "cannot add Onrestart command: " << result.error(); 507 } 508 return Success(); 509} 510 511Result<Success> Service::ParseNamespace(const std::vector<std::string>& args) { 512 for (size_t i = 1; i < args.size(); i++) { 513 if (args[i] == "pid") { 514 namespace_flags_ |= CLONE_NEWPID; 515 // PID namespaces require mount namespaces. 516 namespace_flags_ |= CLONE_NEWNS; 517 } else if (args[i] == "mnt") { 518 namespace_flags_ |= CLONE_NEWNS; 519 } else { 520 return Error() << "namespace must be 'pid' or 'mnt'"; 521 } 522 } 523 return Success(); 524} 525 526Result<Success> Service::ParseOomScoreAdjust(const std::vector<std::string>& args) { 527 if (!ParseInt(args[1], &oom_score_adjust_, -1000, 1000)) { 528 return Error() << "oom_score_adjust value must be in range -1000 - +1000"; 529 } 530 return Success(); 531} 532 533Result<Success> Service::ParseMemcgSwappiness(const std::vector<std::string>& args) { 534 if (!ParseInt(args[1], &swappiness_, 0)) { 535 return Error() << "swappiness value must be equal or greater than 0"; 536 } 537 return Success(); 538} 539 540Result<Success> Service::ParseMemcgLimitInBytes(const std::vector<std::string>& args) { 541 if (!ParseInt(args[1], &limit_in_bytes_, 0)) { 542 return Error() << "limit_in_bytes value must be equal or greater than 0"; 543 } 544 return Success(); 545} 546 547Result<Success> Service::ParseMemcgSoftLimitInBytes(const std::vector<std::string>& args) { 548 if (!ParseInt(args[1], &soft_limit_in_bytes_, 0)) { 549 return Error() << "soft_limit_in_bytes value must be equal or greater than 0"; 550 } 551 return Success(); 552} 553 554Result<Success> Service::ParseProcessRlimit(const std::vector<std::string>& args) { 555 auto rlimit = ParseRlimit(args); 556 if (!rlimit) return rlimit.error(); 557 558 rlimits_.emplace_back(*rlimit); 559 return Success(); 560} 561 562Result<Success> Service::ParseSeclabel(const std::vector<std::string>& args) { 563 seclabel_ = args[1]; 564 return Success(); 565} 566 567Result<Success> Service::ParseSetenv(const std::vector<std::string>& args) { 568 environment_vars_.emplace_back(args[1], args[2]); 569 return Success(); 570} 571 572Result<Success> Service::ParseShutdown(const std::vector<std::string>& args) { 573 if (args[1] == "critical") { 574 flags_ |= SVC_SHUTDOWN_CRITICAL; 575 return Success(); 576 } 577 return Error() << "Invalid shutdown option"; 578} 579 580template <typename T> 581Result<Success> Service::AddDescriptor(const std::vector<std::string>& args) { 582 int perm = args.size() > 3 ? std::strtoul(args[3].c_str(), 0, 8) : -1; 583 Result<uid_t> uid = 0; 584 Result<gid_t> gid = 0; 585 std::string context = args.size() > 6 ? args[6] : ""; 586 587 if (args.size() > 4) { 588 uid = DecodeUid(args[4]); 589 if (!uid) { 590 return Error() << "Unable to find UID for '" << args[4] << "': " << uid.error(); 591 } 592 } 593 594 if (args.size() > 5) { 595 gid = DecodeUid(args[5]); 596 if (!gid) { 597 return Error() << "Unable to find GID for '" << args[5] << "': " << gid.error(); 598 } 599 } 600 601 auto descriptor = std::make_unique<T>(args[1], args[2], *uid, *gid, perm, context); 602 603 auto old = 604 std::find_if(descriptors_.begin(), descriptors_.end(), 605 [&descriptor] (const auto& other) { return descriptor.get() == other.get(); }); 606 607 if (old != descriptors_.end()) { 608 return Error() << "duplicate descriptor " << args[1] << " " << args[2]; 609 } 610 611 descriptors_.emplace_back(std::move(descriptor)); 612 return Success(); 613} 614 615// name type perm [ uid gid context ] 616Result<Success> Service::ParseSocket(const std::vector<std::string>& args) { 617 if (!StartsWith(args[2], "dgram") && !StartsWith(args[2], "stream") && 618 !StartsWith(args[2], "seqpacket")) { 619 return Error() << "socket type must be 'dgram', 'stream' or 'seqpacket'"; 620 } 621 return AddDescriptor<SocketInfo>(args); 622} 623 624// name type perm [ uid gid context ] 625Result<Success> Service::ParseFile(const std::vector<std::string>& args) { 626 if (args[2] != "r" && args[2] != "w" && args[2] != "rw") { 627 return Error() << "file type must be 'r', 'w' or 'rw'"; 628 } 629 if ((args[1][0] != '/') || (args[1].find("../") != std::string::npos)) { 630 return Error() << "file name must not be relative"; 631 } 632 return AddDescriptor<FileInfo>(args); 633} 634 635Result<Success> Service::ParseUser(const std::vector<std::string>& args) { 636 auto uid = DecodeUid(args[1]); 637 if (!uid) { 638 return Error() << "Unable to find UID for '" << args[1] << "': " << uid.error(); 639 } 640 uid_ = *uid; 641 return Success(); 642} 643 644Result<Success> Service::ParseWritepid(const std::vector<std::string>& args) { 645 writepid_files_.assign(args.begin() + 1, args.end()); 646 return Success(); 647} 648 649class Service::OptionParserMap : public KeywordMap<OptionParser> { 650 public: 651 OptionParserMap() {} 652 653 private: 654 const Map& map() const override; 655}; 656 657const Service::OptionParserMap::Map& Service::OptionParserMap::map() const { 658 constexpr std::size_t kMax = std::numeric_limits<std::size_t>::max(); 659 // clang-format off 660 static const Map option_parsers = { 661 {"capabilities", 662 {1, kMax, &Service::ParseCapabilities}}, 663 {"class", {1, kMax, &Service::ParseClass}}, 664 {"console", {0, 1, &Service::ParseConsole}}, 665 {"critical", {0, 0, &Service::ParseCritical}}, 666 {"disabled", {0, 0, &Service::ParseDisabled}}, 667 {"group", {1, NR_SVC_SUPP_GIDS + 1, &Service::ParseGroup}}, 668 {"interface", {2, 2, &Service::ParseInterface}}, 669 {"ioprio", {2, 2, &Service::ParseIoprio}}, 670 {"priority", {1, 1, &Service::ParsePriority}}, 671 {"keycodes", {1, kMax, &Service::ParseKeycodes}}, 672 {"oneshot", {0, 0, &Service::ParseOneshot}}, 673 {"onrestart", {1, kMax, &Service::ParseOnrestart}}, 674 {"oom_score_adjust", 675 {1, 1, &Service::ParseOomScoreAdjust}}, 676 {"memcg.swappiness", 677 {1, 1, &Service::ParseMemcgSwappiness}}, 678 {"memcg.soft_limit_in_bytes", 679 {1, 1, &Service::ParseMemcgSoftLimitInBytes}}, 680 {"memcg.limit_in_bytes", 681 {1, 1, &Service::ParseMemcgLimitInBytes}}, 682 {"namespace", {1, 2, &Service::ParseNamespace}}, 683 {"rlimit", {3, 3, &Service::ParseProcessRlimit}}, 684 {"seclabel", {1, 1, &Service::ParseSeclabel}}, 685 {"setenv", {2, 2, &Service::ParseSetenv}}, 686 {"shutdown", {1, 1, &Service::ParseShutdown}}, 687 {"socket", {3, 6, &Service::ParseSocket}}, 688 {"file", {2, 2, &Service::ParseFile}}, 689 {"user", {1, 1, &Service::ParseUser}}, 690 {"writepid", {1, kMax, &Service::ParseWritepid}}, 691 }; 692 // clang-format on 693 return option_parsers; 694} 695 696Result<Success> Service::ParseLine(const std::vector<std::string>& args) { 697 static const OptionParserMap parser_map; 698 auto parser = parser_map.FindFunction(args); 699 700 if (!parser) return parser.error(); 701 702 return std::invoke(*parser, this, args); 703} 704 705Result<Success> Service::ExecStart() { 706 flags_ |= SVC_ONESHOT; 707 708 if (auto result = Start(); !result) { 709 return result; 710 } 711 712 flags_ |= SVC_EXEC; 713 is_exec_service_running_ = true; 714 715 LOG(INFO) << "SVC_EXEC pid " << pid_ << " (uid " << uid_ << " gid " << gid_ << "+" 716 << supp_gids_.size() << " context " << (!seclabel_.empty() ? seclabel_ : "default") 717 << ") started; waiting..."; 718 719 return Success(); 720} 721 722Result<Success> Service::Start() { 723 bool disabled = (flags_ & (SVC_DISABLED | SVC_RESET)); 724 // Starting a service removes it from the disabled or reset state and 725 // immediately takes it out of the restarting state if it was in there. 726 flags_ &= (~(SVC_DISABLED|SVC_RESTARTING|SVC_RESET|SVC_RESTART|SVC_DISABLED_START)); 727 728 // Running processes require no additional work --- if they're in the 729 // process of exiting, we've ensured that they will immediately restart 730 // on exit, unless they are ONESHOT. For ONESHOT service, if it's in 731 // stopping status, we just set SVC_RESTART flag so it will get restarted 732 // in Reap(). 733 if (flags_ & SVC_RUNNING) { 734 if ((flags_ & SVC_ONESHOT) && disabled) { 735 flags_ |= SVC_RESTART; 736 } 737 // It is not an error to try to start a service that is already running. 738 return Success(); 739 } 740 741 bool needs_console = (flags_ & SVC_CONSOLE); 742 if (needs_console) { 743 if (console_.empty()) { 744 console_ = default_console; 745 } 746 747 // Make sure that open call succeeds to ensure a console driver is 748 // properly registered for the device node 749 int console_fd = open(console_.c_str(), O_RDWR | O_CLOEXEC); 750 if (console_fd < 0) { 751 flags_ |= SVC_DISABLED; 752 return ErrnoError() << "Couldn't open console '" << console_ << "'"; 753 } 754 close(console_fd); 755 } 756 757 struct stat sb; 758 if (stat(args_[0].c_str(), &sb) == -1) { 759 flags_ |= SVC_DISABLED; 760 return ErrnoError() << "Cannot find '" << args_[0] << "'"; 761 } 762 763 std::string scon; 764 if (!seclabel_.empty()) { 765 scon = seclabel_; 766 } else { 767 auto result = ComputeContextFromExecutable(name_, args_[0]); 768 if (!result) { 769 return result.error(); 770 } 771 scon = *result; 772 } 773 774 LOG(INFO) << "starting service '" << name_ << "'..."; 775 776 pid_t pid = -1; 777 if (namespace_flags_) { 778 pid = clone(nullptr, nullptr, namespace_flags_ | SIGCHLD, nullptr); 779 } else { 780 pid = fork(); 781 } 782 783 if (pid == 0) { 784 umask(077); 785 786 if (namespace_flags_ & CLONE_NEWPID) { 787 // This will fork again to run an init process inside the PID 788 // namespace. 789 SetUpPidNamespace(name_); 790 } 791 792 for (const auto& [key, value] : environment_vars_) { 793 setenv(key.c_str(), value.c_str(), 1); 794 } 795 796 std::for_each(descriptors_.begin(), descriptors_.end(), 797 std::bind(&DescriptorInfo::CreateAndPublish, std::placeholders::_1, scon)); 798 799 // See if there were "writepid" instructions to write to files under /dev/cpuset/. 800 auto cpuset_predicate = [](const std::string& path) { 801 return StartsWith(path, "/dev/cpuset/"); 802 }; 803 auto iter = std::find_if(writepid_files_.begin(), writepid_files_.end(), cpuset_predicate); 804 if (iter == writepid_files_.end()) { 805 // There were no "writepid" instructions for cpusets, check if the system default 806 // cpuset is specified to be used for the process. 807 std::string default_cpuset = GetProperty("ro.cpuset.default", ""); 808 if (!default_cpuset.empty()) { 809 // Make sure the cpuset name starts and ends with '/'. 810 // A single '/' means the 'root' cpuset. 811 if (default_cpuset.front() != '/') { 812 default_cpuset.insert(0, 1, '/'); 813 } 814 if (default_cpuset.back() != '/') { 815 default_cpuset.push_back('/'); 816 } 817 writepid_files_.push_back( 818 StringPrintf("/dev/cpuset%stasks", default_cpuset.c_str())); 819 } 820 } 821 std::string pid_str = std::to_string(getpid()); 822 for (const auto& file : writepid_files_) { 823 if (!WriteStringToFile(pid_str, file)) { 824 PLOG(ERROR) << "couldn't write " << pid_str << " to " << file; 825 } 826 } 827 828 if (ioprio_class_ != IoSchedClass_NONE) { 829 if (android_set_ioprio(getpid(), ioprio_class_, ioprio_pri_)) { 830 PLOG(ERROR) << "failed to set pid " << getpid() 831 << " ioprio=" << ioprio_class_ << "," << ioprio_pri_; 832 } 833 } 834 835 if (needs_console) { 836 setsid(); 837 OpenConsole(); 838 } else { 839 ZapStdio(); 840 } 841 842 // As requested, set our gid, supplemental gids, uid, context, and 843 // priority. Aborts on failure. 844 SetProcessAttributes(); 845 846 if (!ExpandArgsAndExecv(args_)) { 847 PLOG(ERROR) << "cannot execve('" << args_[0] << "')"; 848 } 849 850 _exit(127); 851 } 852 853 if (pid < 0) { 854 pid_ = 0; 855 return ErrnoError() << "Failed to fork"; 856 } 857 858 if (oom_score_adjust_ != -1000) { 859 std::string oom_str = std::to_string(oom_score_adjust_); 860 std::string oom_file = StringPrintf("/proc/%d/oom_score_adj", pid); 861 if (!WriteStringToFile(oom_str, oom_file)) { 862 PLOG(ERROR) << "couldn't write oom_score_adj: " << strerror(errno); 863 } 864 } 865 866 time_started_ = boot_clock::now(); 867 pid_ = pid; 868 flags_ |= SVC_RUNNING; 869 start_order_ = next_start_order_++; 870 process_cgroup_empty_ = false; 871 872 errno = -createProcessGroup(uid_, pid_); 873 if (errno != 0) { 874 PLOG(ERROR) << "createProcessGroup(" << uid_ << ", " << pid_ << ") failed for service '" 875 << name_ << "'"; 876 } else { 877 if (swappiness_ != -1) { 878 if (!setProcessGroupSwappiness(uid_, pid_, swappiness_)) { 879 PLOG(ERROR) << "setProcessGroupSwappiness failed"; 880 } 881 } 882 883 if (soft_limit_in_bytes_ != -1) { 884 if (!setProcessGroupSoftLimit(uid_, pid_, soft_limit_in_bytes_)) { 885 PLOG(ERROR) << "setProcessGroupSoftLimit failed"; 886 } 887 } 888 889 if (limit_in_bytes_ != -1) { 890 if (!setProcessGroupLimit(uid_, pid_, limit_in_bytes_)) { 891 PLOG(ERROR) << "setProcessGroupLimit failed"; 892 } 893 } 894 } 895 896 NotifyStateChange("running"); 897 return Success(); 898} 899 900Result<Success> Service::StartIfNotDisabled() { 901 if (!(flags_ & SVC_DISABLED)) { 902 return Start(); 903 } else { 904 flags_ |= SVC_DISABLED_START; 905 } 906 return Success(); 907} 908 909Result<Success> Service::Enable() { 910 flags_ &= ~(SVC_DISABLED | SVC_RC_DISABLED); 911 if (flags_ & SVC_DISABLED_START) { 912 return Start(); 913 } 914 return Success(); 915} 916 917void Service::Reset() { 918 StopOrReset(SVC_RESET); 919} 920 921void Service::Stop() { 922 StopOrReset(SVC_DISABLED); 923} 924 925void Service::Terminate() { 926 flags_ &= ~(SVC_RESTARTING | SVC_DISABLED_START); 927 flags_ |= SVC_DISABLED; 928 if (pid_) { 929 KillProcessGroup(SIGTERM); 930 NotifyStateChange("stopping"); 931 } 932} 933 934void Service::Restart() { 935 if (flags_ & SVC_RUNNING) { 936 /* Stop, wait, then start the service. */ 937 StopOrReset(SVC_RESTART); 938 } else if (!(flags_ & SVC_RESTARTING)) { 939 /* Just start the service since it's not running. */ 940 if (auto result = Start(); !result) { 941 LOG(ERROR) << "Could not restart '" << name_ << "': " << result.error(); 942 } 943 } /* else: Service is restarting anyways. */ 944} 945 946// The how field should be either SVC_DISABLED, SVC_RESET, or SVC_RESTART. 947void Service::StopOrReset(int how) { 948 // The service is still SVC_RUNNING until its process exits, but if it has 949 // already exited it shoudn't attempt a restart yet. 950 flags_ &= ~(SVC_RESTARTING | SVC_DISABLED_START); 951 952 if ((how != SVC_DISABLED) && (how != SVC_RESET) && (how != SVC_RESTART)) { 953 // An illegal flag: default to SVC_DISABLED. 954 how = SVC_DISABLED; 955 } 956 957 // If the service has not yet started, prevent it from auto-starting with its class. 958 if (how == SVC_RESET) { 959 flags_ |= (flags_ & SVC_RC_DISABLED) ? SVC_DISABLED : SVC_RESET; 960 } else { 961 flags_ |= how; 962 } 963 // Make sure it's in right status when a restart immediately follow a 964 // stop/reset or vice versa. 965 if (how == SVC_RESTART) { 966 flags_ &= (~(SVC_DISABLED | SVC_RESET)); 967 } else { 968 flags_ &= (~SVC_RESTART); 969 } 970 971 if (pid_) { 972 KillProcessGroup(SIGKILL); 973 NotifyStateChange("stopping"); 974 } else { 975 NotifyStateChange("stopped"); 976 } 977} 978 979void Service::ZapStdio() const { 980 int fd; 981 fd = open("/dev/null", O_RDWR); 982 dup2(fd, 0); 983 dup2(fd, 1); 984 dup2(fd, 2); 985 close(fd); 986} 987 988void Service::OpenConsole() const { 989 int fd = open(console_.c_str(), O_RDWR); 990 if (fd == -1) fd = open("/dev/null", O_RDWR); 991 ioctl(fd, TIOCSCTTY, 0); 992 dup2(fd, 0); 993 dup2(fd, 1); 994 dup2(fd, 2); 995 close(fd); 996} 997 998ServiceList::ServiceList() {} 999 1000ServiceList& ServiceList::GetInstance() { 1001 static ServiceList instance; 1002 return instance; 1003} 1004 1005void ServiceList::AddService(std::unique_ptr<Service> service) { 1006 services_.emplace_back(std::move(service)); 1007} 1008 1009std::unique_ptr<Service> Service::MakeTemporaryOneshotService(const std::vector<std::string>& args) { 1010 // Parse the arguments: exec [SECLABEL [UID [GID]*] --] COMMAND ARGS... 1011 // SECLABEL can be a - to denote default 1012 std::size_t command_arg = 1; 1013 for (std::size_t i = 1; i < args.size(); ++i) { 1014 if (args[i] == "--") { 1015 command_arg = i + 1; 1016 break; 1017 } 1018 } 1019 if (command_arg > 4 + NR_SVC_SUPP_GIDS) { 1020 LOG(ERROR) << "exec called with too many supplementary group ids"; 1021 return nullptr; 1022 } 1023 1024 if (command_arg >= args.size()) { 1025 LOG(ERROR) << "exec called without command"; 1026 return nullptr; 1027 } 1028 std::vector<std::string> str_args(args.begin() + command_arg, args.end()); 1029 1030 static size_t exec_count = 0; 1031 exec_count++; 1032 std::string name = "exec " + std::to_string(exec_count) + " (" + Join(str_args, " ") + ")"; 1033 1034 unsigned flags = SVC_ONESHOT | SVC_TEMPORARY; 1035 CapSet no_capabilities; 1036 unsigned namespace_flags = 0; 1037 1038 std::string seclabel = ""; 1039 if (command_arg > 2 && args[1] != "-") { 1040 seclabel = args[1]; 1041 } 1042 Result<uid_t> uid = 0; 1043 if (command_arg > 3) { 1044 uid = DecodeUid(args[2]); 1045 if (!uid) { 1046 LOG(ERROR) << "Unable to decode UID for '" << args[2] << "': " << uid.error(); 1047 return nullptr; 1048 } 1049 } 1050 Result<gid_t> gid = 0; 1051 std::vector<gid_t> supp_gids; 1052 if (command_arg > 4) { 1053 gid = DecodeUid(args[3]); 1054 if (!gid) { 1055 LOG(ERROR) << "Unable to decode GID for '" << args[3] << "': " << gid.error(); 1056 return nullptr; 1057 } 1058 std::size_t nr_supp_gids = command_arg - 1 /* -- */ - 4 /* exec SECLABEL UID GID */; 1059 for (size_t i = 0; i < nr_supp_gids; ++i) { 1060 auto supp_gid = DecodeUid(args[4 + i]); 1061 if (!supp_gid) { 1062 LOG(ERROR) << "Unable to decode GID for '" << args[4 + i] 1063 << "': " << supp_gid.error(); 1064 return nullptr; 1065 } 1066 supp_gids.push_back(*supp_gid); 1067 } 1068 } 1069 1070 return std::make_unique<Service>(name, flags, *uid, *gid, supp_gids, no_capabilities, 1071 namespace_flags, seclabel, nullptr, str_args); 1072} 1073 1074// Shutdown services in the opposite order that they were started. 1075const std::vector<Service*> ServiceList::services_in_shutdown_order() const { 1076 std::vector<Service*> shutdown_services; 1077 for (const auto& service : services_) { 1078 if (service->start_order() > 0) shutdown_services.emplace_back(service.get()); 1079 } 1080 std::sort(shutdown_services.begin(), shutdown_services.end(), 1081 [](const auto& a, const auto& b) { return a->start_order() > b->start_order(); }); 1082 return shutdown_services; 1083} 1084 1085void ServiceList::RemoveService(const Service& svc) { 1086 auto svc_it = std::find_if(services_.begin(), services_.end(), 1087 [&svc] (const std::unique_ptr<Service>& s) { 1088 return svc.name() == s->name(); 1089 }); 1090 if (svc_it == services_.end()) { 1091 return; 1092 } 1093 1094 services_.erase(svc_it); 1095} 1096 1097void ServiceList::DumpState() const { 1098 for (const auto& s : services_) { 1099 s->DumpState(); 1100 } 1101} 1102 1103Result<Success> ServiceParser::ParseSection(std::vector<std::string>&& args, 1104 const std::string& filename, int line) { 1105 if (args.size() < 3) { 1106 return Error() << "services must have a name and a program"; 1107 } 1108 1109 const std::string& name = args[1]; 1110 if (!IsValidName(name)) { 1111 return Error() << "invalid service name '" << name << "'"; 1112 } 1113 1114 Service* old_service = service_list_->FindService(name); 1115 if (old_service) { 1116 return Error() << "ignored duplicate definition of service '" << name << "'"; 1117 } 1118 1119 Subcontext* restart_action_subcontext = nullptr; 1120 if (subcontexts_) { 1121 for (auto& subcontext : *subcontexts_) { 1122 if (StartsWith(filename, subcontext.path_prefix().c_str())) { 1123 restart_action_subcontext = &subcontext; 1124 break; 1125 } 1126 } 1127 } 1128 1129 std::vector<std::string> str_args(args.begin() + 2, args.end()); 1130 service_ = std::make_unique<Service>(name, restart_action_subcontext, str_args); 1131 return Success(); 1132} 1133 1134Result<Success> ServiceParser::ParseLineSection(std::vector<std::string>&& args, int line) { 1135 return service_ ? service_->ParseLine(std::move(args)) : Success(); 1136} 1137 1138Result<Success> ServiceParser::EndSection() { 1139 if (service_) { 1140 service_list_->AddService(std::move(service_)); 1141 } 1142 1143 return Success(); 1144} 1145 1146bool ServiceParser::IsValidName(const std::string& name) const { 1147 // Property names can be any length, but may only contain certain characters. 1148 // Property values can contain any characters, but may only be a certain length. 1149 // (The latter restriction is needed because `start` and `stop` work by writing 1150 // the service name to the "ctl.start" and "ctl.stop" properties.) 1151 return is_legal_property_name("init.svc." + name) && name.size() <= PROP_VALUE_MAX; 1152} 1153 1154} // namespace init 1155} // namespace android 1156