Merge changes from topic "apex_earlymount_base" am: c676cca4f6 am: a192ff7ad3
am: 7e933b1e07
Change-Id: I038cfec65219659dbd0ae6a886476be7aeb25d5b
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 538ed00..6511d29 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -1119,13 +1119,21 @@
}
static Result<Success> do_setup_runtime_bionic(const BuiltinArguments& args) {
- if (SwitchToDefaultMountNamespace()) {
+ if (SetupRuntimeBionic()) {
return Success();
} else {
return Error() << "Failed to setup runtime bionic";
}
}
+static Result<Success> do_enter_default_mount_ns(const BuiltinArguments& args) {
+ if (SwitchToDefaultMountNamespace()) {
+ return Success();
+ } else {
+ return Error() << "Failed to enter into default mount namespace";
+ }
+}
+
// Builtin-function-map start
const BuiltinFunctionMap::Map& BuiltinFunctionMap::map() const {
constexpr std::size_t kMax = std::numeric_limits<std::size_t>::max();
@@ -1177,6 +1185,7 @@
{"start", {1, 1, {false, do_start}}},
{"stop", {1, 1, {false, do_stop}}},
{"swapon_all", {1, 1, {false, do_swapon_all}}},
+ {"enter_default_mount_ns", {0, 0, {false, do_enter_default_mount_ns}}},
{"symlink", {2, 2, {true, do_symlink}}},
{"sysclktz", {1, 1, {false, do_sysclktz}}},
{"trigger", {1, 1, {false, do_trigger}}},
diff --git a/init/mount_namespace.cpp b/init/mount_namespace.cpp
index 413fe8f..327446a 100644
--- a/init/mount_namespace.cpp
+++ b/init/mount_namespace.cpp
@@ -172,6 +172,11 @@
kBionicLibsMountPointDir64))
return false;
+ // /apex is also a private mountpoint to give different sets of APEXes for
+ // the bootstrap and default mount namespaces. The processes running with
+ // the bootstrap namespace get APEXes from the read-only partition.
+ if (!(MakePrivate("/apex"))) return false;
+
bootstrap_ns_fd.reset(OpenMountNamespace());
bootstrap_ns_id = GetMountNamespaceId();
@@ -227,6 +232,17 @@
}
}
+ LOG(INFO) << "Switched to default mount namespace";
+ return true;
+}
+
+// TODO(jiyong): remove this when /system/lib/libc.so becomes
+// a symlink to /apex/com.android.runtime/lib/bionic/libc.so
+bool SetupRuntimeBionic() {
+ if (IsRecoveryMode()) {
+ // We don't have multiple namespaces in recovery mode
+ return true;
+ }
// Bind-mount bionic from the runtime APEX since it is now available. Note
// that in case of IsBionicUpdatable() == false, these mounts are over the
// existing existing bind mounts for the bootstrap bionic, which effectively
@@ -238,7 +254,7 @@
kBionicLibsMountPointDir64))
return false;
- LOG(INFO) << "Switched to default mount namespace";
+ LOG(INFO) << "Runtime bionic is set up";
return true;
}
diff --git a/init/mount_namespace.h b/init/mount_namespace.h
index c41a449..4eef785 100644
--- a/init/mount_namespace.h
+++ b/init/mount_namespace.h
@@ -20,6 +20,7 @@
namespace init {
bool SetupMountNamespaces();
+bool SetupRuntimeBionic();
bool SwitchToDefaultMountNamespace();
bool SwitchToBootstrapMountNamespaceIfNeeded();
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 22a0d1e..9090170 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -13,12 +13,6 @@
# Cgroups are mounted right before early-init using list from /etc/cgroups.json
on early-init
- # Mount shared so changes propagate into child namespaces
- # Do this before other processes are started from init. Otherwise,
- # processes launched while the propagation type of / is 'private'
- # won't get mount events from others.
- mount rootfs rootfs / shared rec
-
# Set init and its forked children's oom_adj.
write /proc/1/oom_score_adj -1000
@@ -43,6 +37,11 @@
start ueventd
+ # Run apexd-bootstrap so that APEXes that provide critical libraries
+ # become available. Note that this is executed as exec_start to ensure that
+ # the libraries are available to the processes started after this statement.
+ exec_start apexd-bootstrap
+
on init
sysclktz 0
@@ -281,9 +280,6 @@
# Start logd before any other services run to ensure we capture all of their logs.
start logd
- # Start apexd as soon as we can
- start apexd
-
# Start essential services.
start servicemanager
start hwservicemanager
@@ -419,8 +415,16 @@
mkdir /data/bootchart 0755 shell shell
bootchart start
- # /data/apex is now available. Let apexd to scan and activate APEXes.
- setprop apexd.data.status ready
+ # Make sure that apexd is started in the default namespace
+ enter_default_mount_ns
+
+ # /data/apex is now available. Start apexd to scan and activate APEXes.
+ mkdir /data/apex 0750 root system
+ mkdir /data/apex/active 0750 root system
+ mkdir /data/apex/backup 0700 root system
+ mkdir /data/apex/sessions 0700 root system
+ mkdir /data/pkg_staging 0750 system system
+ start apexd
# Avoid predictable entropy pool. Carry over entropy from previous boot.
copy /data/system/entropy.dat /dev/urandom
@@ -537,12 +541,6 @@
mkdir /data/anr 0775 system system
- mkdir /data/apex 0750 root system
- mkdir /data/apex/active 0750 root system
- mkdir /data/apex/backup 0700 root system
- mkdir /data/apex/sessions 0700 root system
- mkdir /data/pkg_staging 0750 system system
-
# NFC: create data/nfc for nv storage
mkdir /data/nfc 0770 nfc nfc
mkdir /data/nfc/param 0770 nfc nfc
@@ -575,6 +573,12 @@
mkdir /data/cache/backup_stage 0700 system system
mkdir /data/cache/backup 0700 system system
+ # Wait for apexd to finish activating APEXes before starting more processes.
+ wait_for_prop apexd.status ready
+ # TODO(jiyong): remove setup_runtime_bionic
+ setup_runtime_bionic
+ parse_apex_configs
+
init_user0
# Set SELinux security contexts on upgrade or policy update.
@@ -583,14 +587,6 @@
# load fsverity keys
exec -- /system/bin/mini-keyctl -c /product/etc/security/cacerts_fsverity,/vendor/etc/security/cacerts_fsverity -k .fs-verity
- # Wait for apexd to finish activating APEXes before starting more processes.
- # This certainly reduces the parallelism but is required to make as many processes
- # as possible to use the bionic libs from the runtime APEX. This takes less than 50ms
- # so the impact on the booting time is not significant.
- wait_for_prop apexd.status ready
- setup_runtime_bionic
- parse_apex_configs
-
# Check any timezone data in /data is newer than the copy in the runtime module, delete if not.
exec - system system -- /system/bin/tzdatacheck /apex/com.android.runtime/etc/tz /data/misc/zoneinfo