1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <stdio.h> 18 #include <stdlib.h> 19 #include <string.h> 20 #include <unistd.h> 21 #include <fcntl.h> 22 #include <ctype.h> 23 #include <signal.h> 24 #include <sys/wait.h> 25 #include <sys/mount.h> 26 #include <sys/stat.h> 27 #include <sys/poll.h> 28 #include <errno.h> 29 #include <stdarg.h> 30 #include <mtd/mtd-user.h> 31 #include <sys/types.h> 32 #include <sys/socket.h> 33 #include <sys/un.h> 34 35 #include <selinux/selinux.h> 36 #include <selinux/label.h> 37 #include <selinux/android.h> 38 39 #include <libgen.h> 40 41 #include <cutils/list.h> 42 #include <cutils/android_reboot.h> 43 #include <cutils/sockets.h> 44 #include <cutils/iosched_policy.h> 45 #include <cutils/fs.h> 46 #include <private/android_filesystem_config.h> 47 #include <termios.h> 48 49 #include <sys/system_properties.h> 50 51 #include "devices.h" 52 #include "init.h" 53 #include "log.h" 54 #include "property_service.h" 55 #include "bootchart.h" 56 #include "signal_handler.h" 57 #include "keychords.h" 58 #include "init_parser.h" 59 #include "util.h" 60 #include "ueventd.h" 61 #include "watchdogd.h" 62 63 struct selabel_handle *sehandle; 64 struct selabel_handle *sehandle_prop; 65 66 static int property_triggers_enabled = 0; 67 68 #if BOOTCHART 69 static int bootchart_count; 70 #endif 71 72 static char console[32]; 73 static char bootmode[32]; 74 static char hardware[32]; 75 static unsigned revision = 0; 76 static char qemu[32]; 77 78 static struct action *cur_action = NULL; 79 static struct command *cur_command = NULL; 80 static struct listnode *command_queue = NULL; 81 82 void notify_service_state(const char *name, const char *state) 83 { 84 char pname[PROP_NAME_MAX]; 85 int len = strlen(name); 86 if ((len + 10) > PROP_NAME_MAX) 87 return; 88 snprintf(pname, sizeof(pname), "init.svc.%s", name); 89 property_set(pname, state); 90 } 91 92 static int have_console; 93 static char console_name[PROP_VALUE_MAX] = "/dev/console"; 94 static time_t process_needs_restart; 95 96 static const char *ENV[32]; 97 98 /* add_environment - add "key=value" to the current environment */ 99 int add_environment(const char *key, const char *val) 100 { 101 int n; 102 103 for (n = 0; n < 31; n++) { 104 if (!ENV[n]) { 105 size_t len = strlen(key) + strlen(val) + 2; 106 char *entry = malloc(len); 107 snprintf(entry, len, "%s=%s", key, val); 108 ENV[n] = entry; 109 return 0; 110 } 111 } 112 113 return 1; 114 } 115 116 static void zap_stdio(void) 117 { 118 int fd; 119 fd = open("/dev/null", O_RDWR); 120 dup2(fd, 0); 121 dup2(fd, 1); 122 dup2(fd, 2); 123 close(fd); 124 } 125 126 static void open_console() 127 { 128 int fd; 129 if ((fd = open(console_name, O_RDWR)) < 0) { 130 fd = open("/dev/null", O_RDWR); 131 } 132 ioctl(fd, TIOCSCTTY, 0); 133 dup2(fd, 0); 134 dup2(fd, 1); 135 dup2(fd, 2); 136 close(fd); 137 } 138 139 static void publish_socket(const char *name, int fd) 140 { 141 char key[64] = ANDROID_SOCKET_ENV_PREFIX; 142 char val[64]; 143 144 strlcpy(key + sizeof(ANDROID_SOCKET_ENV_PREFIX) - 1, 145 name, 146 sizeof(key) - sizeof(ANDROID_SOCKET_ENV_PREFIX)); 147 snprintf(val, sizeof(val), "%d", fd); 148 add_environment(key, val); 149 150 /* make sure we don't close-on-exec */ 151 fcntl(fd, F_SETFD, 0); 152 } 153 154 void service_start(struct service *svc, const char *dynamic_args) 155 { 156 struct stat s; 157 pid_t pid; 158 int needs_console; 159 int n; 160 char *scon = NULL; 161 int rc; 162 163 /* starting a service removes it from the disabled or reset 164 * state and immediately takes it out of the restarting 165 * state if it was in there 166 */ 167 svc->flags &= (~(SVC_DISABLED|SVC_RESTARTING|SVC_RESET|SVC_RESTART)); 168 svc->time_started = 0; 169 170 /* running processes require no additional work -- if 171 * they're in the process of exiting, we've ensured 172 * that they will immediately restart on exit, unless 173 * they are ONESHOT 174 */ 175 if (svc->flags & SVC_RUNNING) { 176 return; 177 } 178 179 needs_console = (svc->flags & SVC_CONSOLE) ? 1 : 0; 180 if (needs_console && (!have_console)) { 181 ERROR("service '%s' requires console\n", svc->name); 182 svc->flags |= SVC_DISABLED; 183 return; 184 } 185 186 if (stat(svc->args[0], &s) != 0) { 187 ERROR("cannot find '%s', disabling '%s'\n", svc->args[0], svc->name); 188 svc->flags |= SVC_DISABLED; 189 return; 190 } 191 192 if ((!(svc->flags & SVC_ONESHOT)) && dynamic_args) { 193 ERROR("service '%s' must be one-shot to use dynamic args, disabling\n", 194 svc->args[0]); 195 svc->flags |= SVC_DISABLED; 196 return; 197 } 198 199 if (is_selinux_enabled() > 0) { 200 if (svc->seclabel) { 201 scon = strdup(svc->seclabel); 202 if (!scon) { 203 ERROR("Out of memory while starting '%s'\n", svc->name); 204 return; 205 } 206 } else { 207 char *mycon = NULL, *fcon = NULL; 208 209 INFO("computing context for service '%s'\n", svc->args[0]); 210 rc = getcon(&mycon); 211 if (rc < 0) { 212 ERROR("could not get context while starting '%s'\n", svc->name); 213 return; 214 } 215 216 rc = getfilecon(svc->args[0], &fcon); 217 if (rc < 0) { 218 ERROR("could not get context while starting '%s'\n", svc->name); 219 freecon(mycon); 220 return; 221 } 222 223 rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon); 224 freecon(mycon); 225 freecon(fcon); 226 if (rc < 0) { 227 ERROR("could not get context while starting '%s'\n", svc->name); 228 return; 229 } 230 } 231 } 232 233 NOTICE("starting '%s'\n", svc->name); 234 235 pid = fork(); 236 237 if (pid == 0) { 238 struct socketinfo *si; 239 struct svcenvinfo *ei; 240 char tmp[32]; 241 int fd, sz; 242 243 umask(077); 244 if (properties_inited()) { 245 get_property_workspace(&fd, &sz); 246 sprintf(tmp, "%d,%d", dup(fd), sz); 247 add_environment("ANDROID_PROPERTY_WORKSPACE", tmp); 248 } 249 250 for (ei = svc->envvars; ei; ei = ei->next) 251 add_environment(ei->name, ei->value); 252 253 setsockcreatecon(scon); 254 255 for (si = svc->sockets; si; si = si->next) { 256 int socket_type = ( 257 !strcmp(si->type, "stream") ? SOCK_STREAM : 258 (!strcmp(si->type, "dgram") ? SOCK_DGRAM : SOCK_SEQPACKET)); 259 int s = create_socket(si->name, socket_type, 260 si->perm, si->uid, si->gid); 261 if (s >= 0) { 262 publish_socket(si->name, s); 263 } 264 } 265 266 freecon(scon); 267 scon = NULL; 268 setsockcreatecon(NULL); 269 270 if (svc->ioprio_class != IoSchedClass_NONE) { 271 if (android_set_ioprio(getpid(), svc->ioprio_class, svc->ioprio_pri)) { 272 ERROR("Failed to set pid %d ioprio = %d,%d: %s\n", 273 getpid(), svc->ioprio_class, svc->ioprio_pri, strerror(errno)); 274 } 275 } 276 277 if (needs_console) { 278 setsid(); 279 open_console(); 280 } else { 281 zap_stdio(); 282 } 283 284 #if 0 285 for (n = 0; svc->args[n]; n++) { 286 INFO("args[%d] = '%s'\n", n, svc->args[n]); 287 } 288 for (n = 0; ENV[n]; n++) { 289 INFO("env[%d] = '%s'\n", n, ENV[n]); 290 } 291 #endif 292 293 setpgid(0, getpid()); 294 295 /* as requested, set our gid, supplemental gids, and uid */ 296 if (svc->gid) { 297 if (setgid(svc->gid) != 0) { 298 ERROR("setgid failed: %s\n", strerror(errno)); 299 _exit(127); 300 } 301 } 302 if (svc->nr_supp_gids) { 303 if (setgroups(svc->nr_supp_gids, svc->supp_gids) != 0) { 304 ERROR("setgroups failed: %s\n", strerror(errno)); 305 _exit(127); 306 } 307 } 308 if (svc->uid) { 309 if (setuid(svc->uid) != 0) { 310 ERROR("setuid failed: %s\n", strerror(errno)); 311 _exit(127); 312 } 313 } 314 if (svc->seclabel) { 315 if (is_selinux_enabled() > 0 && setexeccon(svc->seclabel) < 0) { 316 ERROR("cannot setexeccon('%s'): %s\n", svc->seclabel, strerror(errno)); 317 _exit(127); 318 } 319 } 320 321 if (!dynamic_args) { 322 if (execve(svc->args[0], (char**) svc->args, (char**) ENV) < 0) { 323 ERROR("cannot execve('%s'): %s\n", svc->args[0], strerror(errno)); 324 } 325 } else { 326 char *arg_ptrs[INIT_PARSER_MAXARGS+1]; 327 int arg_idx = svc->nargs; 328 char *tmp = strdup(dynamic_args); 329 char *next = tmp; 330 char *bword; 331 332 /* Copy the static arguments */ 333 memcpy(arg_ptrs, svc->args, (svc->nargs * sizeof(char *))); 334 335 while((bword = strsep(&next, " "))) { 336 arg_ptrs[arg_idx++] = bword; 337 if (arg_idx == INIT_PARSER_MAXARGS) 338 break; 339 } 340 arg_ptrs[arg_idx] = '\0'; 341 execve(svc->args[0], (char**) arg_ptrs, (char**) ENV); 342 } 343 _exit(127); 344 } 345 346 freecon(scon); 347 348 if (pid < 0) { 349 ERROR("failed to start '%s'\n", svc->name); 350 svc->pid = 0; 351 return; 352 } 353 354 svc->time_started = gettime(); 355 svc->pid = pid; 356 svc->flags |= SVC_RUNNING; 357 358 if (properties_inited()) 359 notify_service_state(svc->name, "running"); 360 } 361 362 /* The how field should be either SVC_DISABLED, SVC_RESET, or SVC_RESTART */ 363 static void service_stop_or_reset(struct service *svc, int how) 364 { 365 /* The service is still SVC_RUNNING until its process exits, but if it has 366 * already exited it shoudn't attempt a restart yet. */ 367 svc->flags &= (~SVC_RESTARTING); 368 369 if ((how != SVC_DISABLED) && (how != SVC_RESET) && (how != SVC_RESTART)) { 370 /* Hrm, an illegal flag. Default to SVC_DISABLED */ 371 how = SVC_DISABLED; 372 } 373 /* if the service has not yet started, prevent 374 * it from auto-starting with its class 375 */ 376 if (how == SVC_RESET) { 377 svc->flags |= (svc->flags & SVC_RC_DISABLED) ? SVC_DISABLED : SVC_RESET; 378 } else { 379 svc->flags |= how; 380 } 381 382 if (svc->pid) { 383 NOTICE("service '%s' is being killed\n", svc->name); 384 kill(-svc->pid, SIGKILL); 385 notify_service_state(svc->name, "stopping"); 386 } else { 387 notify_service_state(svc->name, "stopped"); 388 } 389 } 390 391 void service_reset(struct service *svc) 392 { 393 service_stop_or_reset(svc, SVC_RESET); 394 } 395 396 void service_stop(struct service *svc) 397 { 398 service_stop_or_reset(svc, SVC_DISABLED); 399 } 400 401 void service_restart(struct service *svc) 402 { 403 if (svc->flags & SVC_RUNNING) { 404 /* Stop, wait, then start the service. */ 405 service_stop_or_reset(svc, SVC_RESTART); 406 } else if (!(svc->flags & SVC_RESTARTING)) { 407 /* Just start the service since it's not running. */ 408 service_start(svc, NULL); 409 } /* else: Service is restarting anyways. */ 410 } 411 412 void property_changed(const char *name, const char *value) 413 { 414 if (property_triggers_enabled) 415 queue_property_triggers(name, value); 416 } 417 418 static void restart_service_if_needed(struct service *svc) 419 { 420 time_t next_start_time = svc->time_started + 5; 421 422 if (next_start_time <= gettime()) { 423 svc->flags &= (~SVC_RESTARTING); 424 service_start(svc, NULL); 425 return; 426 } 427 428 if ((next_start_time < process_needs_restart) || 429 (process_needs_restart == 0)) { 430 process_needs_restart = next_start_time; 431 } 432 } 433 434 static void restart_processes() 435 { 436 process_needs_restart = 0; 437 service_for_each_flags(SVC_RESTARTING, 438 restart_service_if_needed); 439 } 440 441 static void msg_start(const char *name) 442 { 443 struct service *svc = NULL; 444 char *tmp = NULL; 445 char *args = NULL; 446 447 if (!strchr(name, ':')) 448 svc = service_find_by_name(name); 449 else { 450 tmp = strdup(name); 451 if (tmp) { 452 args = strchr(tmp, ':'); 453 *args = '\0'; 454 args++; 455 456 svc = service_find_by_name(tmp); 457 } 458 } 459 460 if (svc) { 461 service_start(svc, args); 462 } else { 463 ERROR("no such service '%s'\n", name); 464 } 465 if (tmp) 466 free(tmp); 467 } 468 469 static void msg_stop(const char *name) 470 { 471 struct service *svc = service_find_by_name(name); 472 473 if (svc) { 474 service_stop(svc); 475 } else { 476 ERROR("no such service '%s'\n", name); 477 } 478 } 479 480 static void msg_restart(const char *name) 481 { 482 struct service *svc = service_find_by_name(name); 483 484 if (svc) { 485 service_restart(svc); 486 } else { 487 ERROR("no such service '%s'\n", name); 488 } 489 } 490 491 void handle_control_message(const char *msg, const char *arg) 492 { 493 if (!strcmp(msg,"start")) { 494 msg_start(arg); 495 } else if (!strcmp(msg,"stop")) { 496 msg_stop(arg); 497 } else if (!strcmp(msg,"restart")) { 498 msg_restart(arg); 499 } else { 500 ERROR("unknown control msg '%s'\n", msg); 501 } 502 } 503 504 static struct command *get_first_command(struct action *act) 505 { 506 struct listnode *node; 507 node = list_head(&act->commands); 508 if (!node || list_empty(&act->commands)) 509 return NULL; 510 511 return node_to_item(node, struct command, clist); 512 } 513 514 static struct command *get_next_command(struct action *act, struct command *cmd) 515 { 516 struct listnode *node; 517 node = cmd->clist.next; 518 if (!node) 519 return NULL; 520 if (node == &act->commands) 521 return NULL; 522 523 return node_to_item(node, struct command, clist); 524 } 525 526 static int is_last_command(struct action *act, struct command *cmd) 527 { 528 return (list_tail(&act->commands) == &cmd->clist); 529 } 530 531 void execute_one_command(void) 532 { 533 int ret; 534 535 if (!cur_action || !cur_command || is_last_command(cur_action, cur_command)) { 536 cur_action = action_remove_queue_head(); 537 cur_command = NULL; 538 if (!cur_action) 539 return; 540 INFO("processing action %p (%s)\n", cur_action, cur_action->name); 541 cur_command = get_first_command(cur_action); 542 } else { 543 cur_command = get_next_command(cur_action, cur_command); 544 } 545 546 if (!cur_command) 547 return; 548 549 ret = cur_command->func(cur_command->nargs, cur_command->args); 550 INFO("command '%s' r=%d\n", cur_command->args[0], ret); 551 } 552 553 static int wait_for_coldboot_done_action(int nargs, char **args) 554 { 555 int ret; 556 INFO("wait for %s\n", coldboot_done); 557 ret = wait_for_file(coldboot_done, COMMAND_RETRY_TIMEOUT); 558 if (ret) 559 ERROR("Timed out waiting for %s\n", coldboot_done); 560 return ret; 561 } 562 563 /* 564 * Writes 512 bytes of output from Hardware RNG (/dev/hw_random, backed 565 * by Linux kernel's hw_random framework) into Linux RNG's via /dev/urandom. 566 * Does nothing if Hardware RNG is not present. 567 * 568 * Since we don't yet trust the quality of Hardware RNG, these bytes are not 569 * mixed into the primary pool of Linux RNG and the entropy estimate is left 570 * unmodified. 571 * 572 * If the HW RNG device /dev/hw_random is present, we require that at least 573 * 512 bytes read from it are written into Linux RNG. QA is expected to catch 574 * devices/configurations where these I/O operations are blocking for a long 575 * time. We do not reboot or halt on failures, as this is a best-effort 576 * attempt. 577 */ 578 static int mix_hwrng_into_linux_rng_action(int nargs, char **args) 579 { 580 int result = -1; 581 int hwrandom_fd = -1; 582 int urandom_fd = -1; 583 char buf[512]; 584 ssize_t chunk_size; 585 size_t total_bytes_written = 0; 586 587 hwrandom_fd = TEMP_FAILURE_RETRY( 588 open("/dev/hw_random", O_RDONLY | O_NOFOLLOW)); 589 if (hwrandom_fd == -1) { 590 if (errno == ENOENT) { 591 ERROR("/dev/hw_random not found\n"); 592 /* It's not an error to not have a Hardware RNG. */ 593 result = 0; 594 } else { 595 ERROR("Failed to open /dev/hw_random: %s\n", strerror(errno)); 596 } 597 goto ret; 598 } 599 600 urandom_fd = TEMP_FAILURE_RETRY( 601 open("/dev/urandom", O_WRONLY | O_NOFOLLOW)); 602 if (urandom_fd == -1) { 603 ERROR("Failed to open /dev/urandom: %s\n", strerror(errno)); 604 goto ret; 605 } 606 607 while (total_bytes_written < sizeof(buf)) { 608 chunk_size = TEMP_FAILURE_RETRY( 609 read(hwrandom_fd, buf, sizeof(buf) - total_bytes_written)); 610 if (chunk_size == -1) { 611 ERROR("Failed to read from /dev/hw_random: %s\n", strerror(errno)); 612 goto ret; 613 } else if (chunk_size == 0) { 614 ERROR("Failed to read from /dev/hw_random: EOF\n"); 615 goto ret; 616 } 617 618 chunk_size = TEMP_FAILURE_RETRY(write(urandom_fd, buf, chunk_size)); 619 if (chunk_size == -1) { 620 ERROR("Failed to write to /dev/urandom: %s\n", strerror(errno)); 621 goto ret; 622 } 623 total_bytes_written += chunk_size; 624 } 625 626 INFO("Mixed %d bytes from /dev/hw_random into /dev/urandom", 627 total_bytes_written); 628 result = 0; 629 630 ret: 631 if (hwrandom_fd != -1) { 632 close(hwrandom_fd); 633 } 634 if (urandom_fd != -1) { 635 close(urandom_fd); 636 } 637 memset(buf, 0, sizeof(buf)); 638 return result; 639 } 640 641 static int keychord_init_action(int nargs, char **args) 642 { 643 keychord_init(); 644 return 0; 645 } 646 647 static int console_init_action(int nargs, char **args) 648 { 649 int fd; 650 651 if (console[0]) { 652 snprintf(console_name, sizeof(console_name), "/dev/%s", console); 653 } 654 655 fd = open(console_name, O_RDWR); 656 if (fd >= 0) 657 have_console = 1; 658 close(fd); 659 660 if( load_565rle_image(INIT_IMAGE_FILE) ) { 661 fd = open("/dev/tty0", O_WRONLY); 662 if (fd >= 0) { 663 const char *msg; 664 msg = "\n" 665 "\n" 666 "\n" 667 "\n" 668 "\n" 669 "\n" 670 "\n" // console is 40 cols x 30 lines 671 "\n" 672 "\n" 673 "\n" 674 "\n" 675 "\n" 676 "\n" 677 "\n" 678 " A N D R O I D "; 679 write(fd, msg, strlen(msg)); 680 close(fd); 681 } 682 } 683 return 0; 684 } 685 686 static void import_kernel_nv(char *name, int for_emulator) 687 { 688 char *value = strchr(name, '='); 689 int name_len = strlen(name); 690 691 if (value == 0) return; 692 *value++ = 0; 693 if (name_len == 0) return; 694 695 if (for_emulator) { 696 /* in the emulator, export any kernel option with the 697 * ro.kernel. prefix */ 698 char buff[PROP_NAME_MAX]; 699 int len = snprintf( buff, sizeof(buff), "ro.kernel.%s", name ); 700 701 if (len < (int)sizeof(buff)) 702 property_set( buff, value ); 703 return; 704 } 705 706 if (!strcmp(name,"qemu")) { 707 strlcpy(qemu, value, sizeof(qemu)); 708 } else if (!strncmp(name, "androidboot.", 12) && name_len > 12) { 709 const char *boot_prop_name = name + 12; 710 char prop[PROP_NAME_MAX]; 711 int cnt; 712 713 cnt = snprintf(prop, sizeof(prop), "ro.boot.%s", boot_prop_name); 714 if (cnt < PROP_NAME_MAX) 715 property_set(prop, value); 716 } 717 } 718 719 static void export_kernel_boot_props(void) 720 { 721 char tmp[PROP_VALUE_MAX]; 722 int ret; 723 unsigned i; 724 struct { 725 const char *src_prop; 726 const char *dest_prop; 727 const char *def_val; 728 } prop_map[] = { 729 { "ro.boot.serialno", "ro.serialno", "", }, 730 { "ro.boot.mode", "ro.bootmode", "unknown", }, 731 { "ro.boot.baseband", "ro.baseband", "unknown", }, 732 { "ro.boot.bootloader", "ro.bootloader", "unknown", }, 733 }; 734 735 for (i = 0; i < ARRAY_SIZE(prop_map); i++) { 736 ret = property_get(prop_map[i].src_prop, tmp); 737 if (ret > 0) 738 property_set(prop_map[i].dest_prop, tmp); 739 else 740 property_set(prop_map[i].dest_prop, prop_map[i].def_val); 741 } 742 743 ret = property_get("ro.boot.console", tmp); 744 if (ret) 745 strlcpy(console, tmp, sizeof(console)); 746 747 /* save a copy for init's usage during boot */ 748 property_get("ro.bootmode", tmp); 749 strlcpy(bootmode, tmp, sizeof(bootmode)); 750 751 /* if this was given on kernel command line, override what we read 752 * before (e.g. from /proc/cpuinfo), if anything */ 753 ret = property_get("ro.boot.hardware", tmp); 754 if (ret) 755 strlcpy(hardware, tmp, sizeof(hardware)); 756 property_set("ro.hardware", hardware); 757 758 snprintf(tmp, PROP_VALUE_MAX, "%d", revision); 759 property_set("ro.revision", tmp); 760 761 /* TODO: these are obsolete. We should delete them */ 762 if (!strcmp(bootmode,"factory")) 763 property_set("ro.factorytest", "1"); 764 else if (!strcmp(bootmode,"factory2")) 765 property_set("ro.factorytest", "2"); 766 else 767 property_set("ro.factorytest", "0"); 768 } 769 770 static void process_kernel_cmdline(void) 771 { 772 /* don't expose the raw commandline to nonpriv processes */ 773 chmod("/proc/cmdline", 0440); 774 775 /* first pass does the common stuff, and finds if we are in qemu. 776 * second pass is only necessary for qemu to export all kernel params 777 * as props. 778 */ 779 import_kernel_cmdline(0, import_kernel_nv); 780 if (qemu[0]) 781 import_kernel_cmdline(1, import_kernel_nv); 782 783 /* now propogate the info given on command line to internal variables 784 * used by init as well as the current required properties 785 */ 786 export_kernel_boot_props(); 787 } 788 789 static int property_service_init_action(int nargs, char **args) 790 { 791 /* read any property files on system or data and 792 * fire up the property service. This must happen 793 * after the ro.foo properties are set above so 794 * that /data/local.prop cannot interfere with them. 795 */ 796 start_property_service(); 797 return 0; 798 } 799 800 static int signal_init_action(int nargs, char **args) 801 { 802 signal_init(); 803 return 0; 804 } 805 806 static int check_startup_action(int nargs, char **args) 807 { 808 /* make sure we actually have all the pieces we need */ 809 if ((get_property_set_fd() < 0) || 810 (get_signal_fd() < 0)) { 811 ERROR("init startup failure\n"); 812 exit(1); 813 } 814 815 /* signal that we hit this point */ 816 unlink("/dev/.booting"); 817 818 return 0; 819 } 820 821 static int queue_property_triggers_action(int nargs, char **args) 822 { 823 queue_all_property_triggers(); 824 /* enable property triggers */ 825 property_triggers_enabled = 1; 826 return 0; 827 } 828 829 #if BOOTCHART 830 static int bootchart_init_action(int nargs, char **args) 831 { 832 bootchart_count = bootchart_init(); 833 if (bootchart_count < 0) { 834 ERROR("bootcharting init failure\n"); 835 } else if (bootchart_count > 0) { 836 NOTICE("bootcharting started (period=%d ms)\n", bootchart_count*BOOTCHART_POLLING_MS); 837 } else { 838 NOTICE("bootcharting ignored\n"); 839 } 840 841 return 0; 842 } 843 #endif 844 845 static const struct selinux_opt seopts_prop[] = { 846 { SELABEL_OPT_PATH, "/data/security/property_contexts" }, 847 { SELABEL_OPT_PATH, "/property_contexts" }, 848 { 0, NULL } 849 }; 850 851 struct selabel_handle* selinux_android_prop_context_handle(void) 852 { 853 int i = 0; 854 struct selabel_handle* sehandle = NULL; 855 while ((sehandle == NULL) && seopts_prop[i].value) { 856 sehandle = selabel_open(SELABEL_CTX_ANDROID_PROP, &seopts_prop[i], 1); 857 i++; 858 } 859 860 if (!sehandle) { 861 ERROR("SELinux: Could not load property_contexts: %s\n", 862 strerror(errno)); 863 return NULL; 864 } 865 INFO("SELinux: Loaded property contexts from %s\n", seopts_prop[i - 1].value); 866 return sehandle; 867 } 868 869 void selinux_init_all_handles(void) 870 { 871 sehandle = selinux_android_file_context_handle(); 872 sehandle_prop = selinux_android_prop_context_handle(); 873 } 874 875 static bool selinux_is_disabled(void) 876 { 877 char tmp[PROP_VALUE_MAX]; 878 879 if (access("/sys/fs/selinux", F_OK) != 0) { 880 /* SELinux is not compiled into the kernel, or has been disabled 881 * via the kernel command line "selinux=0". 882 */ 883 return true; 884 } 885 886 if ((property_get("ro.boot.selinux", tmp) != 0) && (strcmp(tmp, "disabled") == 0)) { 887 /* SELinux is compiled into the kernel, but we've been told to disable it. */ 888 return true; 889 } 890 891 return false; 892 } 893 894 static bool selinux_is_enforcing(void) 895 { 896 char tmp[PROP_VALUE_MAX]; 897 898 if (property_get("ro.boot.selinux", tmp) == 0) { 899 /* Property is not set. Assume enforcing */ 900 return true; 901 } 902 903 if (strcmp(tmp, "permissive") == 0) { 904 /* SELinux is in the kernel, but we've been told to go into permissive mode */ 905 return false; 906 } 907 908 if (strcmp(tmp, "enforcing") != 0) { 909 ERROR("SELinux: Unknown value of ro.boot.selinux. Got: \"%s\". Assuming enforcing.\n", tmp); 910 } 911 912 return true; 913 } 914 915 int selinux_reload_policy(void) 916 { 917 if (selinux_is_disabled()) { 918 return -1; 919 } 920 921 INFO("SELinux: Attempting to reload policy files\n"); 922 923 if (selinux_android_reload_policy() == -1) { 924 return -1; 925 } 926 927 if (sehandle) 928 selabel_close(sehandle); 929 930 if (sehandle_prop) 931 selabel_close(sehandle_prop); 932 933 selinux_init_all_handles(); 934 return 0; 935 } 936 937 int audit_callback(void *data, security_class_t cls, char *buf, size_t len) 938 { 939 snprintf(buf, len, "property=%s", !data ? "NULL" : (char *)data); 940 return 0; 941 } 942 943 static void selinux_initialize(void) 944 { 945 if (selinux_is_disabled()) { 946 return; 947 } 948 949 INFO("loading selinux policy\n"); 950 if (selinux_android_load_policy() < 0) { 951 ERROR("SELinux: Failed to load policy; rebooting into recovery mode\n"); 952 android_reboot(ANDROID_RB_RESTART2, 0, "recovery"); 953 while (1) { pause(); } // never reached 954 } 955 956 selinux_init_all_handles(); 957 bool is_enforcing = selinux_is_enforcing(); 958 INFO("SELinux: security_setenforce(%d)\n", is_enforcing); 959 security_setenforce(is_enforcing); 960 } 961 962 int main(int argc, char **argv) 963 { 964 int fd_count = 0; 965 struct pollfd ufds[4]; 966 char *tmpdev; 967 char* debuggable; 968 char tmp[32]; 969 int property_set_fd_init = 0; 970 int signal_fd_init = 0; 971 int keychord_fd_init = 0; 972 bool is_charger = false; 973 974 if (!strcmp(basename(argv[0]), "ueventd")) 975 return ueventd_main(argc, argv); 976 977 if (!strcmp(basename(argv[0]), "watchdogd")) 978 return watchdogd_main(argc, argv); 979 980 /* clear the umask */ 981 umask(0); 982 983 /* Get the basic filesystem setup we need put 984 * together in the initramdisk on / and then we'll 985 * let the rc file figure out the rest. 986 */ 987 mkdir("/dev", 0755); 988 mkdir("/proc", 0755); 989 mkdir("/sys", 0755); 990 991 mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"); 992 mkdir("/dev/pts", 0755); 993 mkdir("/dev/socket", 0755); 994 mount("devpts", "/dev/pts", "devpts", 0, NULL); 995 mount("proc", "/proc", "proc", 0, NULL); 996 mount("sysfs", "/sys", "sysfs", 0, NULL); 997 998 /* indicate that booting is in progress to background fw loaders, etc */ 999 close(open("/dev/.booting", O_WRONLY | O_CREAT, 0000)); 1000 1001 /* We must have some place other than / to create the 1002 * device nodes for kmsg and null, otherwise we won't 1003 * be able to remount / read-only later on. 1004 * Now that tmpfs is mounted on /dev, we can actually 1005 * talk to the outside world. 1006 */ 1007 open_devnull_stdio(); 1008 klog_init(); 1009 property_init(); 1010 1011 get_hardware_name(hardware, &revision); 1012 1013 process_kernel_cmdline(); 1014 1015 union selinux_callback cb; 1016 cb.func_log = klog_write; 1017 selinux_set_callback(SELINUX_CB_LOG, cb); 1018 1019 cb.func_audit = audit_callback; 1020 selinux_set_callback(SELINUX_CB_AUDIT, cb); 1021 1022 selinux_initialize(); 1023 /* These directories were necessarily created before initial policy load 1024 * and therefore need their security context restored to the proper value. 1025 * This must happen before /dev is populated by ueventd. 1026 */ 1027 restorecon("/dev"); 1028 restorecon("/dev/socket"); 1029 restorecon("/dev/__properties__"); 1030 restorecon_recursive("/sys"); 1031 1032 is_charger = !strcmp(bootmode, "charger"); 1033 1034 INFO("property init\n"); 1035 if (!is_charger) 1036 property_load_boot_defaults(); 1037 1038 INFO("reading config file\n"); 1039 init_parse_config_file("/init.rc"); 1040 1041 action_for_each_trigger("early-init", action_add_queue_tail); 1042 1043 queue_builtin_action(wait_for_coldboot_done_action, "wait_for_coldboot_done"); 1044 queue_builtin_action(mix_hwrng_into_linux_rng_action, "mix_hwrng_into_linux_rng"); 1045 queue_builtin_action(keychord_init_action, "keychord_init"); 1046 queue_builtin_action(console_init_action, "console_init"); 1047 1048 /* execute all the boot actions to get us started */ 1049 action_for_each_trigger("init", action_add_queue_tail); 1050 1051 /* skip mounting filesystems in charger mode */ 1052 if (!is_charger) { 1053 action_for_each_trigger("early-fs", action_add_queue_tail); 1054 action_for_each_trigger("fs", action_add_queue_tail); 1055 action_for_each_trigger("post-fs", action_add_queue_tail); 1056 action_for_each_trigger("post-fs-data", action_add_queue_tail); 1057 } 1058 1059 /* Repeat mix_hwrng_into_linux_rng in case /dev/hw_random or /dev/random 1060 * wasn't ready immediately after wait_for_coldboot_done 1061 */ 1062 queue_builtin_action(mix_hwrng_into_linux_rng_action, "mix_hwrng_into_linux_rng"); 1063 1064 queue_builtin_action(property_service_init_action, "property_service_init"); 1065 queue_builtin_action(signal_init_action, "signal_init"); 1066 queue_builtin_action(check_startup_action, "check_startup"); 1067 1068 if (is_charger) { 1069 action_for_each_trigger("charger", action_add_queue_tail); 1070 } else { 1071 action_for_each_trigger("early-boot", action_add_queue_tail); 1072 action_for_each_trigger("boot", action_add_queue_tail); 1073 } 1074 1075 /* run all property triggers based on current state of the properties */ 1076 queue_builtin_action(queue_property_triggers_action, "queue_property_triggers"); 1077 1078 1079 #if BOOTCHART 1080 queue_builtin_action(bootchart_init_action, "bootchart_init"); 1081 #endif 1082 1083 for(;;) { 1084 int nr, i, timeout = -1; 1085 1086 execute_one_command(); 1087 restart_processes(); 1088 1089 if (!property_set_fd_init && get_property_set_fd() > 0) { 1090 ufds[fd_count].fd = get_property_set_fd(); 1091 ufds[fd_count].events = POLLIN; 1092 ufds[fd_count].revents = 0; 1093 fd_count++; 1094 property_set_fd_init = 1; 1095 } 1096 if (!signal_fd_init && get_signal_fd() > 0) { 1097 ufds[fd_count].fd = get_signal_fd(); 1098 ufds[fd_count].events = POLLIN; 1099 ufds[fd_count].revents = 0; 1100 fd_count++; 1101 signal_fd_init = 1; 1102 } 1103 if (!keychord_fd_init && get_keychord_fd() > 0) { 1104 ufds[fd_count].fd = get_keychord_fd(); 1105 ufds[fd_count].events = POLLIN; 1106 ufds[fd_count].revents = 0; 1107 fd_count++; 1108 keychord_fd_init = 1; 1109 } 1110 1111 if (process_needs_restart) { 1112 timeout = (process_needs_restart - gettime()) * 1000; 1113 if (timeout < 0) 1114 timeout = 0; 1115 } 1116 1117 if (!action_queue_empty() || cur_action) 1118 timeout = 0; 1119 1120 #if BOOTCHART 1121 if (bootchart_count > 0) { 1122 if (timeout < 0 || timeout > BOOTCHART_POLLING_MS) 1123 timeout = BOOTCHART_POLLING_MS; 1124 if (bootchart_step() < 0 || --bootchart_count == 0) { 1125 bootchart_finish(); 1126 bootchart_count = 0; 1127 } 1128 } 1129 #endif 1130 1131 nr = poll(ufds, fd_count, timeout); 1132 if (nr <= 0) 1133 continue; 1134 1135 for (i = 0; i < fd_count; i++) { 1136 if (ufds[i].revents == POLLIN) { 1137 if (ufds[i].fd == get_property_set_fd()) 1138 handle_property_set_fd(); 1139 else if (ufds[i].fd == get_keychord_fd()) 1140 handle_keychord(); 1141 else if (ufds[i].fd == get_signal_fd()) 1142 handle_signal(); 1143 } 1144 } 1145 } 1146 1147 return 0; 1148 } 1149
