1/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "ueventd.h"
18
19#include <ctype.h>
20#include <fcntl.h>
21#include <signal.h>
22#include <stdio.h>
23#include <stdlib.h>
24#include <string.h>
25#include <sys/wait.h>
26
27#include <set>
28#include <thread>
29
30#include <android-base/chrono_utils.h>
31#include <android-base/logging.h>
32#include <android-base/properties.h>
33#include <fstab/fstab.h>
34#include <selinux/android.h>
35#include <selinux/selinux.h>
36
37#include "devices.h"
38#include "firmware_handler.h"
39#include "log.h"
40#include "selinux.h"
41#include "uevent_listener.h"
42#include "ueventd_parser.h"
43#include "util.h"
44
45// At a high level, ueventd listens for uevent messages generated by the kernel through a netlink
46// socket.  When ueventd receives such a message it handles it by taking appropriate actions,
47// which can typically be creating a device node in /dev, setting file permissions, setting selinux
48// labels, etc.
49// Ueventd also handles loading of firmware that the kernel requests, and creates symlinks for block
50// and character devices.
51
52// When ueventd starts, it regenerates uevents for all currently registered devices by traversing
53// /sys and writing 'add' to each 'uevent' file that it finds.  This causes the kernel to generate
54// and resend uevent messages for all of the currently registered devices.  This is done, because
55// ueventd would not have been running when these devices were registered and therefore was unable
56// to receive their uevent messages and handle them appropriately.  This process is known as
57// 'cold boot'.
58
59// 'init' currently waits synchronously on the cold boot process of ueventd before it continues
60// its boot process.  For this reason, cold boot should be as quick as possible.  One way to achieve
61// a speed up here is to parallelize the handling of ueventd messages, which consume the bulk of the
62// time during cold boot.
63
64// Handling of uevent messages has two unique properties:
65// 1) It can be done in isolation; it doesn't need to read or write any status once it is started.
66// 2) It uses setegid() and setfscreatecon() so either care (aka locking) must be taken to ensure
67//    that no file system operations are done while the uevent process has an abnormal egid or
68//    fscreatecon or this handling must happen in a separate process.
69// Given the above two properties, it is best to fork() subprocesses to handle the uevents.  This
70// reduces the overhead and complexity that would be required in a solution with threads and locks.
71// In testing, a racy multithreaded solution has the same performance as the fork() solution, so
72// there is no reason to deal with the complexity of the former.
73
74// One other important caveat during the boot process is the handling of SELinux restorecon.
75// Since many devices have child devices, calling selinux_android_restorecon() recursively for each
76// device when its uevent is handled, results in multiple restorecon operations being done on a
77// given file.  It is more efficient to simply do restorecon recursively on /sys during cold boot,
78// than to do restorecon on each device as its uevent is handled.  This only applies to cold boot;
79// once that has completed, restorecon is done for each device as its uevent is handled.
80
81// With all of the above considered, the cold boot process has the below steps:
82// 1) ueventd regenerates uevents by doing the /sys traversal and listens to the netlink socket for
83//    the generated uevents.  It writes these uevents into a queue represented by a vector.
84//
85// 2) ueventd forks 'n' separate uevent handler subprocesses and has each of them to handle the
86//    uevents in the queue based on a starting offset (their process number) and a stride (the total
87//    number of processes).  Note that no IPC happens at this point and only const functions from
88//    DeviceHandler should be called from this context.
89//
90// 3) In parallel to the subprocesses handling the uevents, the main thread of ueventd calls
91//    selinux_android_restorecon() recursively on /sys/class, /sys/block, and /sys/devices.
92//
93// 4) Once the restorecon operation finishes, the main thread calls waitpid() to wait for all
94//    subprocess handlers to complete and exit.  Once this happens, it marks coldboot as having
95//    completed.
96//
97// At this point, ueventd is single threaded, poll()'s and then handles any future uevents.
98
99// Lastly, it should be noted that uevents that occur during the coldboot process are handled
100// without issue after the coldboot process completes.  This is because the uevent listener is
101// paused while the uevent handler and restorecon actions take place.  Once coldboot completes,
102// the uevent listener resumes in polling mode and will handle the uevents that occurred during
103// coldboot.
104
105namespace android {
106namespace init {
107
108class ColdBoot {
109  public:
110    ColdBoot(UeventListener& uevent_listener, DeviceHandler& device_handler)
111        : uevent_listener_(uevent_listener),
112          device_handler_(device_handler),
113          num_handler_subprocesses_(std::thread::hardware_concurrency() ?: 4) {}
114
115    void Run();
116
117  private:
118    void UeventHandlerMain(unsigned int process_num, unsigned int total_processes);
119    void RegenerateUevents();
120    void ForkSubProcesses();
121    void DoRestoreCon();
122    void WaitForSubProcesses();
123
124    UeventListener& uevent_listener_;
125    DeviceHandler& device_handler_;
126
127    unsigned int num_handler_subprocesses_;
128    std::vector<Uevent> uevent_queue_;
129
130    std::set<pid_t> subprocess_pids_;
131};
132
133void ColdBoot::UeventHandlerMain(unsigned int process_num, unsigned int total_processes) {
134    for (unsigned int i = process_num; i < uevent_queue_.size(); i += total_processes) {
135        auto& uevent = uevent_queue_[i];
136        device_handler_.HandleDeviceEvent(uevent);
137    }
138    _exit(EXIT_SUCCESS);
139}
140
141void ColdBoot::RegenerateUevents() {
142    uevent_listener_.RegenerateUevents([this](const Uevent& uevent) {
143        HandleFirmwareEvent(uevent);
144
145        uevent_queue_.emplace_back(std::move(uevent));
146        return ListenerAction::kContinue;
147    });
148}
149
150void ColdBoot::ForkSubProcesses() {
151    for (unsigned int i = 0; i < num_handler_subprocesses_; ++i) {
152        auto pid = fork();
153        if (pid < 0) {
154            PLOG(FATAL) << "fork() failed!";
155        }
156
157        if (pid == 0) {
158            UeventHandlerMain(i, num_handler_subprocesses_);
159        }
160
161        subprocess_pids_.emplace(pid);
162    }
163}
164
165void ColdBoot::DoRestoreCon() {
166    selinux_android_restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE);
167    device_handler_.set_skip_restorecon(false);
168}
169
170void ColdBoot::WaitForSubProcesses() {
171    // Treat subprocesses that crash or get stuck the same as if ueventd itself has crashed or gets
172    // stuck.
173    //
174    // When a subprocess crashes, we fatally abort from ueventd.  init will restart ueventd when
175    // init reaps it, and the cold boot process will start again.  If this continues to fail, then
176    // since ueventd is marked as a critical service, init will reboot to recovery.
177    //
178    // When a subprocess gets stuck, keep ueventd spinning waiting for it.  init has a timeout for
179    // cold boot and will reboot to the bootloader if ueventd does not complete in time.
180    while (!subprocess_pids_.empty()) {
181        int status;
182        pid_t pid = TEMP_FAILURE_RETRY(waitpid(-1, &status, 0));
183        if (pid == -1) {
184            PLOG(ERROR) << "waitpid() failed";
185            continue;
186        }
187
188        auto it = std::find(subprocess_pids_.begin(), subprocess_pids_.end(), pid);
189        if (it == subprocess_pids_.end()) continue;
190
191        if (WIFEXITED(status)) {
192            if (WEXITSTATUS(status) == EXIT_SUCCESS) {
193                subprocess_pids_.erase(it);
194            } else {
195                LOG(FATAL) << "subprocess exited with status " << WEXITSTATUS(status);
196            }
197        } else if (WIFSIGNALED(status)) {
198            LOG(FATAL) << "subprocess killed by signal " << WTERMSIG(status);
199        }
200    }
201}
202
203void ColdBoot::Run() {
204    android::base::Timer cold_boot_timer;
205
206    RegenerateUevents();
207
208    ForkSubProcesses();
209
210    DoRestoreCon();
211
212    WaitForSubProcesses();
213
214    close(open(COLDBOOT_DONE, O_WRONLY | O_CREAT | O_CLOEXEC, 0000));
215    LOG(INFO) << "Coldboot took " << cold_boot_timer.duration().count() / 1000.0f << " seconds";
216}
217
218DeviceHandler CreateDeviceHandler() {
219    Parser parser;
220
221    std::vector<Subsystem> subsystems;
222    parser.AddSectionParser("subsystem", std::make_unique<SubsystemParser>(&subsystems));
223
224    using namespace std::placeholders;
225    std::vector<SysfsPermissions> sysfs_permissions;
226    std::vector<Permissions> dev_permissions;
227    parser.AddSingleLineParser("/sys/",
228                               std::bind(ParsePermissionsLine, _1, &sysfs_permissions, nullptr));
229    parser.AddSingleLineParser("/dev/",
230                               std::bind(ParsePermissionsLine, _1, nullptr, &dev_permissions));
231
232    parser.ParseConfig("/ueventd.rc");
233    parser.ParseConfig("/vendor/ueventd.rc");
234    parser.ParseConfig("/odm/ueventd.rc");
235
236    /*
237     * keep the current product name base configuration so
238     * we remain backwards compatible and allow it to override
239     * everything
240     * TODO: cleanup platform ueventd.rc to remove vendor specific
241     * device node entries (b/34968103)
242     */
243    std::string hardware = android::base::GetProperty("ro.hardware", "");
244    parser.ParseConfig("/ueventd." + hardware + ".rc");
245
246    auto boot_devices = fs_mgr_get_boot_devices();
247    return DeviceHandler(std::move(dev_permissions), std::move(sysfs_permissions),
248                         std::move(subsystems), std::move(boot_devices), true);
249}
250
251int ueventd_main(int argc, char** argv) {
252    /*
253     * init sets the umask to 077 for forked processes. We need to
254     * create files with exact permissions, without modification by
255     * the umask.
256     */
257    umask(000);
258
259    InitKernelLogging(argv);
260
261    LOG(INFO) << "ueventd started!";
262
263    SelinuxSetupKernelLogging();
264    SelabelInitialize();
265
266    DeviceHandler device_handler = CreateDeviceHandler();
267    UeventListener uevent_listener;
268
269    if (access(COLDBOOT_DONE, F_OK) != 0) {
270        ColdBoot cold_boot(uevent_listener, device_handler);
271        cold_boot.Run();
272    }
273
274    // We use waitpid() in ColdBoot, so we can't ignore SIGCHLD until now.
275    signal(SIGCHLD, SIG_IGN);
276    // Reap and pending children that exited between the last call to waitpid() and setting SIG_IGN
277    // for SIGCHLD above.
278    while (waitpid(-1, nullptr, WNOHANG) > 0) {
279    }
280
281    uevent_listener.Poll([&device_handler](const Uevent& uevent) {
282        HandleFirmwareEvent(uevent);
283        device_handler.HandleDeviceEvent(uevent);
284        return ListenerAction::kContinue;
285    });
286
287    return 0;
288}
289
290}  // namespace init
291}  // namespace android
292