1 /*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "service.h"
18
19 #include <fcntl.h>
20 #include <inttypes.h>
21 #include <linux/securebits.h>
22 #include <sched.h>
23 #include <sys/prctl.h>
24 #include <sys/stat.h>
25 #include <sys/time.h>
26 #include <termios.h>
27 #include <unistd.h>
28
29 #include <android-base/file.h>
30 #include <android-base/logging.h>
31 #include <android-base/properties.h>
32 #include <android-base/scopeguard.h>
33 #include <android-base/stringprintf.h>
34 #include <android-base/strings.h>
35 #include <cutils/sockets.h>
36 #include <processgroup/processgroup.h>
37 #include <selinux/selinux.h>
38
39 #include "lmkd_service.h"
40 #include "service_list.h"
41 #include "util.h"
42
43 #ifdef INIT_FULL_SOURCES
44 #include <ApexProperties.sysprop.h>
45 #include <android/api-level.h>
46
47 #include "mount_namespace.h"
48 #include "selinux.h"
49 #else
50 #include "host_init_stubs.h"
51 #endif
52
53 using android::base::boot_clock;
54 using android::base::GetProperty;
55 using android::base::Join;
56 using android::base::make_scope_guard;
57 using android::base::SetProperty;
58 using android::base::StartsWith;
59 using android::base::StringPrintf;
60 using android::base::WriteStringToFile;
61
62 namespace android {
63 namespace init {
64
ComputeContextFromExecutable(const std::string & service_path)65 static Result<std::string> ComputeContextFromExecutable(const std::string& service_path) {
66 std::string computed_context;
67
68 char* raw_con = nullptr;
69 char* raw_filecon = nullptr;
70
71 if (getcon(&raw_con) == -1) {
72 return Error() << "Could not get security context";
73 }
74 std::unique_ptr<char> mycon(raw_con);
75
76 if (getfilecon(service_path.c_str(), &raw_filecon) == -1) {
77 return Error() << "Could not get file context";
78 }
79 std::unique_ptr<char> filecon(raw_filecon);
80
81 char* new_con = nullptr;
82 int rc = security_compute_create(mycon.get(), filecon.get(),
83 string_to_security_class("process"), &new_con);
84 if (rc == 0) {
85 computed_context = new_con;
86 free(new_con);
87 }
88 if (rc == 0 && computed_context == mycon.get()) {
89 return Error() << "File " << service_path << "(labeled \"" << filecon.get()
90 << "\") has incorrect label or no domain transition from " << mycon.get()
91 << " to another SELinux domain defined. Have you configured your "
92 "service correctly? https://source.android.com/security/selinux/"
93 "device-policy#label_new_services_and_address_denials. Note: this "
94 "error shows up even in permissive mode in order to make auditing "
95 "denials possible.";
96 }
97 if (rc < 0) {
98 return Error() << "Could not get process context";
99 }
100 return computed_context;
101 }
102
ExpandArgsAndExecv(const std::vector<std::string> & args,bool sigstop)103 static bool ExpandArgsAndExecv(const std::vector<std::string>& args, bool sigstop) {
104 std::vector<std::string> expanded_args;
105 std::vector<char*> c_strings;
106
107 expanded_args.resize(args.size());
108 c_strings.push_back(const_cast<char*>(args[0].data()));
109 for (std::size_t i = 1; i < args.size(); ++i) {
110 auto expanded_arg = ExpandProps(args[i]);
111 if (!expanded_arg.ok()) {
112 LOG(FATAL) << args[0] << ": cannot expand arguments': " << expanded_arg.error();
113 }
114 expanded_args[i] = *expanded_arg;
115 c_strings.push_back(expanded_args[i].data());
116 }
117 c_strings.push_back(nullptr);
118
119 if (sigstop) {
120 kill(getpid(), SIGSTOP);
121 }
122
123 return execv(c_strings[0], c_strings.data()) == 0;
124 }
125
AreRuntimeApexesReady()126 static bool AreRuntimeApexesReady() {
127 struct stat buf;
128 return stat("/apex/com.android.art/", &buf) == 0 &&
129 stat("/apex/com.android.runtime/", &buf) == 0;
130 }
131
132 unsigned long Service::next_start_order_ = 1;
133 bool Service::is_exec_service_running_ = false;
134
Service(const std::string & name,Subcontext * subcontext_for_restart_commands,const std::vector<std::string> & args,bool from_apex)135 Service::Service(const std::string& name, Subcontext* subcontext_for_restart_commands,
136 const std::vector<std::string>& args, bool from_apex)
137 : Service(name, 0, 0, 0, {}, 0, "", subcontext_for_restart_commands, args, from_apex) {}
138
Service(const std::string & name,unsigned flags,uid_t uid,gid_t gid,const std::vector<gid_t> & supp_gids,int namespace_flags,const std::string & seclabel,Subcontext * subcontext_for_restart_commands,const std::vector<std::string> & args,bool from_apex)139 Service::Service(const std::string& name, unsigned flags, uid_t uid, gid_t gid,
140 const std::vector<gid_t>& supp_gids, int namespace_flags,
141 const std::string& seclabel, Subcontext* subcontext_for_restart_commands,
142 const std::vector<std::string>& args, bool from_apex)
143 : name_(name),
144 classnames_({"default"}),
145 flags_(flags),
146 pid_(0),
147 crash_count_(0),
148 proc_attr_{.ioprio_class = IoSchedClass_NONE,
149 .ioprio_pri = 0,
150 .uid = uid,
151 .gid = gid,
152 .supp_gids = supp_gids,
153 .priority = 0},
154 namespaces_{.flags = namespace_flags},
155 seclabel_(seclabel),
156 onrestart_(false, subcontext_for_restart_commands, "<Service '" + name + "' onrestart>", 0,
157 "onrestart", {}),
158 oom_score_adjust_(DEFAULT_OOM_SCORE_ADJUST),
159 start_order_(0),
160 args_(args),
161 from_apex_(from_apex) {}
162
NotifyStateChange(const std::string & new_state) const163 void Service::NotifyStateChange(const std::string& new_state) const {
164 if ((flags_ & SVC_TEMPORARY) != 0) {
165 // Services created by 'exec' are temporary and don't have properties tracking their state.
166 return;
167 }
168
169 std::string prop_name = "init.svc." + name_;
170 SetProperty(prop_name, new_state);
171
172 if (new_state == "running") {
173 uint64_t start_ns = time_started_.time_since_epoch().count();
174 std::string boottime_property = "ro.boottime." + name_;
175 if (GetProperty(boottime_property, "").empty()) {
176 SetProperty(boottime_property, std::to_string(start_ns));
177 }
178 }
179
180 // init.svc_debug_pid.* properties are only for tests, and should not be used
181 // on device for security checks.
182 std::string pid_property = "init.svc_debug_pid." + name_;
183 if (new_state == "running") {
184 SetProperty(pid_property, std::to_string(pid_));
185 } else if (new_state == "stopped") {
186 SetProperty(pid_property, "");
187 }
188 }
189
KillProcessGroup(int signal,bool report_oneshot)190 void Service::KillProcessGroup(int signal, bool report_oneshot) {
191 // If we've already seen a successful result from killProcessGroup*(), then we have removed
192 // the cgroup already and calling these functions a second time will simply result in an error.
193 // This is true regardless of which signal was sent.
194 // These functions handle their own logging, so no additional logging is needed.
195 if (!process_cgroup_empty_) {
196 LOG(INFO) << "Sending signal " << signal << " to service '" << name_ << "' (pid " << pid_
197 << ") process group...";
198 int max_processes = 0;
199 int r;
200 if (signal == SIGTERM) {
201 r = killProcessGroupOnce(proc_attr_.uid, pid_, signal, &max_processes);
202 } else {
203 r = killProcessGroup(proc_attr_.uid, pid_, signal, &max_processes);
204 }
205
206 if (report_oneshot && max_processes > 0) {
207 LOG(WARNING)
208 << "Killed " << max_processes
209 << " additional processes from a oneshot process group for service '" << name_
210 << "'. This is new behavior, previously child processes would not be killed in "
211 "this case.";
212 }
213
214 if (r == 0) process_cgroup_empty_ = true;
215 }
216
217 if (oom_score_adjust_ != DEFAULT_OOM_SCORE_ADJUST) {
218 LmkdUnregister(name_, pid_);
219 }
220 }
221
SetProcessAttributesAndCaps()222 void Service::SetProcessAttributesAndCaps() {
223 // Keep capabilites on uid change.
224 if (capabilities_ && proc_attr_.uid) {
225 // If Android is running in a container, some securebits might already
226 // be locked, so don't change those.
227 unsigned long securebits = prctl(PR_GET_SECUREBITS);
228 if (securebits == -1UL) {
229 PLOG(FATAL) << "prctl(PR_GET_SECUREBITS) failed for " << name_;
230 }
231 securebits |= SECBIT_KEEP_CAPS | SECBIT_KEEP_CAPS_LOCKED;
232 if (prctl(PR_SET_SECUREBITS, securebits) != 0) {
233 PLOG(FATAL) << "prctl(PR_SET_SECUREBITS) failed for " << name_;
234 }
235 }
236
237 if (auto result = SetProcessAttributes(proc_attr_); !result.ok()) {
238 LOG(FATAL) << "cannot set attribute for " << name_ << ": " << result.error();
239 }
240
241 if (!seclabel_.empty()) {
242 if (setexeccon(seclabel_.c_str()) < 0) {
243 PLOG(FATAL) << "cannot setexeccon('" << seclabel_ << "') for " << name_;
244 }
245 }
246
247 if (capabilities_) {
248 if (!SetCapsForExec(*capabilities_)) {
249 LOG(FATAL) << "cannot set capabilities for " << name_;
250 }
251 } else if (proc_attr_.uid) {
252 // Inheritable caps can be non-zero when running in a container.
253 if (!DropInheritableCaps()) {
254 LOG(FATAL) << "cannot drop inheritable caps for " << name_;
255 }
256 }
257 }
258
Reap(const siginfo_t & siginfo)259 void Service::Reap(const siginfo_t& siginfo) {
260 if (!(flags_ & SVC_ONESHOT) || (flags_ & SVC_RESTART)) {
261 KillProcessGroup(SIGKILL, false);
262 } else {
263 // Legacy behavior from ~2007 until Android R: this else branch did not exist and we did not
264 // kill the process group in this case.
265 if (SelinuxGetVendorAndroidVersion() >= __ANDROID_API_R__) {
266 // The new behavior in Android R is to kill these process groups in all cases. The
267 // 'true' parameter instructions KillProcessGroup() to report a warning message where it
268 // detects a difference in behavior has occurred.
269 KillProcessGroup(SIGKILL, true);
270 }
271 }
272
273 // Remove any socket resources we may have created.
274 for (const auto& socket : sockets_) {
275 auto path = ANDROID_SOCKET_DIR "/" + socket.name;
276 unlink(path.c_str());
277 }
278
279 for (const auto& f : reap_callbacks_) {
280 f(siginfo);
281 }
282
283 if ((siginfo.si_code != CLD_EXITED || siginfo.si_status != 0) && on_failure_reboot_target_) {
284 LOG(ERROR) << "Service with 'reboot_on_failure' option failed, shutting down system.";
285 trigger_shutdown(*on_failure_reboot_target_);
286 }
287
288 if (flags_ & SVC_EXEC) UnSetExec();
289
290 if (flags_ & SVC_TEMPORARY) return;
291
292 pid_ = 0;
293 flags_ &= (~SVC_RUNNING);
294 start_order_ = 0;
295
296 // Oneshot processes go into the disabled state on exit,
297 // except when manually restarted.
298 if ((flags_ & SVC_ONESHOT) && !(flags_ & SVC_RESTART) && !(flags_ & SVC_RESET)) {
299 flags_ |= SVC_DISABLED;
300 }
301
302 // Disabled and reset processes do not get restarted automatically.
303 if (flags_ & (SVC_DISABLED | SVC_RESET)) {
304 NotifyStateChange("stopped");
305 return;
306 }
307
308 #if INIT_FULL_SOURCES
309 static bool is_apex_updatable = android::sysprop::ApexProperties::updatable().value_or(false);
310 #else
311 static bool is_apex_updatable = false;
312 #endif
313 const bool is_process_updatable = !pre_apexd_ && is_apex_updatable;
314
315 // If we crash > 4 times in 4 minutes or before boot_completed,
316 // reboot into bootloader or set crashing property
317 boot_clock::time_point now = boot_clock::now();
318 if (((flags_ & SVC_CRITICAL) || is_process_updatable) && !(flags_ & SVC_RESTART)) {
319 bool boot_completed = android::base::GetBoolProperty("sys.boot_completed", false);
320 if (now < time_crashed_ + 4min || !boot_completed) {
321 if (++crash_count_ > 4) {
322 if (flags_ & SVC_CRITICAL) {
323 // Aborts into bootloader
324 LOG(FATAL) << "critical process '" << name_ << "' exited 4 times "
325 << (boot_completed ? "in 4 minutes" : "before boot completed");
326 } else {
327 LOG(ERROR) << "updatable process '" << name_ << "' exited 4 times "
328 << (boot_completed ? "in 4 minutes" : "before boot completed");
329 // Notifies update_verifier and apexd
330 SetProperty("sys.init.updatable_crashing_process_name", name_);
331 SetProperty("sys.init.updatable_crashing", "1");
332 }
333 }
334 } else {
335 time_crashed_ = now;
336 crash_count_ = 1;
337 }
338 }
339
340 flags_ &= (~SVC_RESTART);
341 flags_ |= SVC_RESTARTING;
342
343 // Execute all onrestart commands for this service.
344 onrestart_.ExecuteAllCommands();
345
346 NotifyStateChange("restarting");
347 return;
348 }
349
DumpState() const350 void Service::DumpState() const {
351 LOG(INFO) << "service " << name_;
352 LOG(INFO) << " class '" << Join(classnames_, " ") << "'";
353 LOG(INFO) << " exec " << Join(args_, " ");
354 for (const auto& socket : sockets_) {
355 LOG(INFO) << " socket " << socket.name;
356 }
357 for (const auto& file : files_) {
358 LOG(INFO) << " file " << file.name;
359 }
360 }
361
362
ExecStart()363 Result<void> Service::ExecStart() {
364 auto reboot_on_failure = make_scope_guard([this] {
365 if (on_failure_reboot_target_) {
366 trigger_shutdown(*on_failure_reboot_target_);
367 }
368 });
369
370 if (is_updatable() && !ServiceList::GetInstance().IsServicesUpdated()) {
371 // Don't delay the service for ExecStart() as the semantic is that
372 // the caller might depend on the side effect of the execution.
373 return Error() << "Cannot start an updatable service '" << name_
374 << "' before configs from APEXes are all loaded";
375 }
376
377 flags_ |= SVC_ONESHOT;
378
379 if (auto result = Start(); !result.ok()) {
380 return result;
381 }
382
383 flags_ |= SVC_EXEC;
384 is_exec_service_running_ = true;
385
386 LOG(INFO) << "SVC_EXEC service '" << name_ << "' pid " << pid_ << " (uid " << proc_attr_.uid
387 << " gid " << proc_attr_.gid << "+" << proc_attr_.supp_gids.size() << " context "
388 << (!seclabel_.empty() ? seclabel_ : "default") << ") started; waiting...";
389
390 reboot_on_failure.Disable();
391 return {};
392 }
393
Start()394 Result<void> Service::Start() {
395 auto reboot_on_failure = make_scope_guard([this] {
396 if (on_failure_reboot_target_) {
397 trigger_shutdown(*on_failure_reboot_target_);
398 }
399 });
400
401 if (is_updatable() && !ServiceList::GetInstance().IsServicesUpdated()) {
402 ServiceList::GetInstance().DelayService(*this);
403 return Error() << "Cannot start an updatable service '" << name_
404 << "' before configs from APEXes are all loaded. "
405 << "Queued for execution.";
406 }
407
408 bool disabled = (flags_ & (SVC_DISABLED | SVC_RESET));
409 // Starting a service removes it from the disabled or reset state and
410 // immediately takes it out of the restarting state if it was in there.
411 flags_ &= (~(SVC_DISABLED|SVC_RESTARTING|SVC_RESET|SVC_RESTART|SVC_DISABLED_START));
412
413 // Running processes require no additional work --- if they're in the
414 // process of exiting, we've ensured that they will immediately restart
415 // on exit, unless they are ONESHOT. For ONESHOT service, if it's in
416 // stopping status, we just set SVC_RESTART flag so it will get restarted
417 // in Reap().
418 if (flags_ & SVC_RUNNING) {
419 if ((flags_ & SVC_ONESHOT) && disabled) {
420 flags_ |= SVC_RESTART;
421 }
422 // It is not an error to try to start a service that is already running.
423 reboot_on_failure.Disable();
424 return {};
425 }
426
427 bool needs_console = (flags_ & SVC_CONSOLE);
428 if (needs_console) {
429 if (proc_attr_.console.empty()) {
430 proc_attr_.console = "/dev/" + GetProperty("ro.boot.console", "console");
431 }
432
433 // Make sure that open call succeeds to ensure a console driver is
434 // properly registered for the device node
435 int console_fd = open(proc_attr_.console.c_str(), O_RDWR | O_CLOEXEC);
436 if (console_fd < 0) {
437 flags_ |= SVC_DISABLED;
438 return ErrnoError() << "Couldn't open console '" << proc_attr_.console << "'";
439 }
440 close(console_fd);
441 }
442
443 struct stat sb;
444 if (stat(args_[0].c_str(), &sb) == -1) {
445 flags_ |= SVC_DISABLED;
446 return ErrnoError() << "Cannot find '" << args_[0] << "'";
447 }
448
449 std::string scon;
450 if (!seclabel_.empty()) {
451 scon = seclabel_;
452 } else {
453 auto result = ComputeContextFromExecutable(args_[0]);
454 if (!result.ok()) {
455 return result.error();
456 }
457 scon = *result;
458 }
459
460 if (!AreRuntimeApexesReady() && !pre_apexd_) {
461 // If this service is started before the Runtime and ART APEXes get
462 // available, mark it as pre-apexd one. Note that this marking is
463 // permanent. So for example, if the service is re-launched (e.g., due
464 // to crash), it is still recognized as pre-apexd... for consistency.
465 pre_apexd_ = true;
466 }
467
468 // For pre-apexd services, override mount namespace as "bootstrap" one before starting.
469 // Note: "ueventd" is supposed to be run in "default" mount namespace even if it's pre-apexd
470 // to support loading firmwares from APEXes.
471 std::optional<MountNamespace> override_mount_namespace;
472 if (name_ == "ueventd") {
473 override_mount_namespace = NS_DEFAULT;
474 } else if (pre_apexd_) {
475 override_mount_namespace = NS_BOOTSTRAP;
476 }
477
478 post_data_ = ServiceList::GetInstance().IsPostData();
479
480 LOG(INFO) << "starting service '" << name_ << "'...";
481
482 std::vector<Descriptor> descriptors;
483 for (const auto& socket : sockets_) {
484 if (auto result = socket.Create(scon); result.ok()) {
485 descriptors.emplace_back(std::move(*result));
486 } else {
487 LOG(INFO) << "Could not create socket '" << socket.name << "': " << result.error();
488 }
489 }
490
491 for (const auto& file : files_) {
492 if (auto result = file.Create(); result.ok()) {
493 descriptors.emplace_back(std::move(*result));
494 } else {
495 LOG(INFO) << "Could not open file '" << file.name << "': " << result.error();
496 }
497 }
498
499 pid_t pid = -1;
500 if (namespaces_.flags) {
501 pid = clone(nullptr, nullptr, namespaces_.flags | SIGCHLD, nullptr);
502 } else {
503 pid = fork();
504 }
505
506 if (pid == 0) {
507 umask(077);
508
509 if (auto result = EnterNamespaces(namespaces_, name_, override_mount_namespace);
510 !result.ok()) {
511 LOG(FATAL) << "Service '" << name_
512 << "' failed to set up namespaces: " << result.error();
513 }
514
515 for (const auto& [key, value] : environment_vars_) {
516 setenv(key.c_str(), value.c_str(), 1);
517 }
518
519 for (const auto& descriptor : descriptors) {
520 descriptor.Publish();
521 }
522
523 if (auto result = WritePidToFiles(&writepid_files_); !result.ok()) {
524 LOG(ERROR) << "failed to write pid to files: " << result.error();
525 }
526
527 if (task_profiles_.size() > 0 && !SetTaskProfiles(getpid(), task_profiles_)) {
528 LOG(ERROR) << "failed to set task profiles";
529 }
530
531 // As requested, set our gid, supplemental gids, uid, context, and
532 // priority. Aborts on failure.
533 SetProcessAttributesAndCaps();
534
535 if (!ExpandArgsAndExecv(args_, sigstop_)) {
536 PLOG(ERROR) << "cannot execv('" << args_[0]
537 << "'). See the 'Debugging init' section of init's README.md for tips";
538 }
539
540 _exit(127);
541 }
542
543 if (pid < 0) {
544 pid_ = 0;
545 return ErrnoError() << "Failed to fork";
546 }
547
548 if (oom_score_adjust_ != DEFAULT_OOM_SCORE_ADJUST) {
549 std::string oom_str = std::to_string(oom_score_adjust_);
550 std::string oom_file = StringPrintf("/proc/%d/oom_score_adj", pid);
551 if (!WriteStringToFile(oom_str, oom_file)) {
552 PLOG(ERROR) << "couldn't write oom_score_adj";
553 }
554 }
555
556 time_started_ = boot_clock::now();
557 pid_ = pid;
558 flags_ |= SVC_RUNNING;
559 start_order_ = next_start_order_++;
560 process_cgroup_empty_ = false;
561
562 bool use_memcg = swappiness_ != -1 || soft_limit_in_bytes_ != -1 || limit_in_bytes_ != -1 ||
563 limit_percent_ != -1 || !limit_property_.empty();
564 errno = -createProcessGroup(proc_attr_.uid, pid_, use_memcg);
565 if (errno != 0) {
566 PLOG(ERROR) << "createProcessGroup(" << proc_attr_.uid << ", " << pid_
567 << ") failed for service '" << name_ << "'";
568 } else if (use_memcg) {
569 if (swappiness_ != -1) {
570 if (!setProcessGroupSwappiness(proc_attr_.uid, pid_, swappiness_)) {
571 PLOG(ERROR) << "setProcessGroupSwappiness failed";
572 }
573 }
574
575 if (soft_limit_in_bytes_ != -1) {
576 if (!setProcessGroupSoftLimit(proc_attr_.uid, pid_, soft_limit_in_bytes_)) {
577 PLOG(ERROR) << "setProcessGroupSoftLimit failed";
578 }
579 }
580
581 size_t computed_limit_in_bytes = limit_in_bytes_;
582 if (limit_percent_ != -1) {
583 long page_size = sysconf(_SC_PAGESIZE);
584 long num_pages = sysconf(_SC_PHYS_PAGES);
585 if (page_size > 0 && num_pages > 0) {
586 size_t max_mem = SIZE_MAX;
587 if (size_t(num_pages) < SIZE_MAX / size_t(page_size)) {
588 max_mem = size_t(num_pages) * size_t(page_size);
589 }
590 computed_limit_in_bytes =
591 std::min(computed_limit_in_bytes, max_mem / 100 * limit_percent_);
592 }
593 }
594
595 if (!limit_property_.empty()) {
596 // This ends up overwriting computed_limit_in_bytes but only if the
597 // property is defined.
598 computed_limit_in_bytes = android::base::GetUintProperty(
599 limit_property_, computed_limit_in_bytes, SIZE_MAX);
600 }
601
602 if (computed_limit_in_bytes != size_t(-1)) {
603 if (!setProcessGroupLimit(proc_attr_.uid, pid_, computed_limit_in_bytes)) {
604 PLOG(ERROR) << "setProcessGroupLimit failed";
605 }
606 }
607 }
608
609 if (oom_score_adjust_ != DEFAULT_OOM_SCORE_ADJUST) {
610 LmkdRegister(name_, proc_attr_.uid, pid_, oom_score_adjust_);
611 }
612
613 NotifyStateChange("running");
614 reboot_on_failure.Disable();
615 return {};
616 }
617
StartIfNotDisabled()618 Result<void> Service::StartIfNotDisabled() {
619 if (!(flags_ & SVC_DISABLED)) {
620 return Start();
621 } else {
622 flags_ |= SVC_DISABLED_START;
623 }
624 return {};
625 }
626
Enable()627 Result<void> Service::Enable() {
628 flags_ &= ~(SVC_DISABLED | SVC_RC_DISABLED);
629 if (flags_ & SVC_DISABLED_START) {
630 return Start();
631 }
632 return {};
633 }
634
Reset()635 void Service::Reset() {
636 StopOrReset(SVC_RESET);
637 }
638
ResetIfPostData()639 void Service::ResetIfPostData() {
640 if (post_data_) {
641 if (flags_ & SVC_RUNNING) {
642 running_at_post_data_reset_ = true;
643 }
644 StopOrReset(SVC_RESET);
645 }
646 }
647
StartIfPostData()648 Result<void> Service::StartIfPostData() {
649 // Start the service, but only if it was started after /data was mounted,
650 // and it was still running when we reset the post-data services.
651 if (running_at_post_data_reset_) {
652 return Start();
653 }
654
655 return {};
656 }
657
Stop()658 void Service::Stop() {
659 StopOrReset(SVC_DISABLED);
660 }
661
Terminate()662 void Service::Terminate() {
663 flags_ &= ~(SVC_RESTARTING | SVC_DISABLED_START);
664 flags_ |= SVC_DISABLED;
665 if (pid_) {
666 KillProcessGroup(SIGTERM);
667 NotifyStateChange("stopping");
668 }
669 }
670
Timeout()671 void Service::Timeout() {
672 // All process state flags will be taken care of in Reap(), we really just want to kill the
673 // process here when it times out. Oneshot processes will transition to be disabled, and
674 // all other processes will transition to be restarting.
675 LOG(INFO) << "Service '" << name_ << "' expired its timeout of " << timeout_period_->count()
676 << " seconds and will now be killed";
677 if (pid_) {
678 KillProcessGroup(SIGKILL);
679 NotifyStateChange("stopping");
680 }
681 }
682
Restart()683 void Service::Restart() {
684 if (flags_ & SVC_RUNNING) {
685 /* Stop, wait, then start the service. */
686 StopOrReset(SVC_RESTART);
687 } else if (!(flags_ & SVC_RESTARTING)) {
688 /* Just start the service since it's not running. */
689 if (auto result = Start(); !result.ok()) {
690 LOG(ERROR) << "Could not restart '" << name_ << "': " << result.error();
691 }
692 } /* else: Service is restarting anyways. */
693 }
694
695 // The how field should be either SVC_DISABLED, SVC_RESET, or SVC_RESTART.
StopOrReset(int how)696 void Service::StopOrReset(int how) {
697 // The service is still SVC_RUNNING until its process exits, but if it has
698 // already exited it shoudn't attempt a restart yet.
699 flags_ &= ~(SVC_RESTARTING | SVC_DISABLED_START);
700
701 if ((how != SVC_DISABLED) && (how != SVC_RESET) && (how != SVC_RESTART)) {
702 // An illegal flag: default to SVC_DISABLED.
703 how = SVC_DISABLED;
704 }
705
706 // If the service has not yet started, prevent it from auto-starting with its class.
707 if (how == SVC_RESET) {
708 flags_ |= (flags_ & SVC_RC_DISABLED) ? SVC_DISABLED : SVC_RESET;
709 } else {
710 flags_ |= how;
711 }
712 // Make sure it's in right status when a restart immediately follow a
713 // stop/reset or vice versa.
714 if (how == SVC_RESTART) {
715 flags_ &= (~(SVC_DISABLED | SVC_RESET));
716 } else {
717 flags_ &= (~SVC_RESTART);
718 }
719
720 if (pid_) {
721 KillProcessGroup(SIGKILL);
722 NotifyStateChange("stopping");
723 } else {
724 NotifyStateChange("stopped");
725 }
726 }
727
MakeTemporaryOneshotService(const std::vector<std::string> & args)728 Result<std::unique_ptr<Service>> Service::MakeTemporaryOneshotService(
729 const std::vector<std::string>& args) {
730 // Parse the arguments: exec [SECLABEL [UID [GID]*] --] COMMAND ARGS...
731 // SECLABEL can be a - to denote default
732 std::size_t command_arg = 1;
733 for (std::size_t i = 1; i < args.size(); ++i) {
734 if (args[i] == "--") {
735 command_arg = i + 1;
736 break;
737 }
738 }
739 if (command_arg > 4 + NR_SVC_SUPP_GIDS) {
740 return Error() << "exec called with too many supplementary group ids";
741 }
742
743 if (command_arg >= args.size()) {
744 return Error() << "exec called without command";
745 }
746 std::vector<std::string> str_args(args.begin() + command_arg, args.end());
747
748 static size_t exec_count = 0;
749 exec_count++;
750 std::string name = "exec " + std::to_string(exec_count) + " (" + Join(str_args, " ") + ")";
751
752 unsigned flags = SVC_ONESHOT | SVC_TEMPORARY;
753 unsigned namespace_flags = 0;
754
755 std::string seclabel = "";
756 if (command_arg > 2 && args[1] != "-") {
757 seclabel = args[1];
758 }
759 Result<uid_t> uid = 0;
760 if (command_arg > 3) {
761 uid = DecodeUid(args[2]);
762 if (!uid.ok()) {
763 return Error() << "Unable to decode UID for '" << args[2] << "': " << uid.error();
764 }
765 }
766 Result<gid_t> gid = 0;
767 std::vector<gid_t> supp_gids;
768 if (command_arg > 4) {
769 gid = DecodeUid(args[3]);
770 if (!gid.ok()) {
771 return Error() << "Unable to decode GID for '" << args[3] << "': " << gid.error();
772 }
773 std::size_t nr_supp_gids = command_arg - 1 /* -- */ - 4 /* exec SECLABEL UID GID */;
774 for (size_t i = 0; i < nr_supp_gids; ++i) {
775 auto supp_gid = DecodeUid(args[4 + i]);
776 if (!supp_gid.ok()) {
777 return Error() << "Unable to decode GID for '" << args[4 + i]
778 << "': " << supp_gid.error();
779 }
780 supp_gids.push_back(*supp_gid);
781 }
782 }
783
784 return std::make_unique<Service>(name, flags, *uid, *gid, supp_gids, namespace_flags, seclabel,
785 nullptr, str_args, false);
786 }
787
788 } // namespace init
789 } // namespace android
790