Merge "init: replace panic() with LOG(FATAL)" am: 57a89f3b

#include <android-base/logging.h>

#include <android-base/properties.h>

#include <android-base/strings.h>

#include <cutils/android_reboot.h>

#include <keyutils.h>

#include <libavb/libavb.h>

#include <private/android_filesystem_config.h>

    // because any build that slow isn't likely to boot at all, and we'd

    // rather any test lab devices fail back to the bootloader.

    if (wait_for_file(COLDBOOT_DONE, 60s) < 0) {

        LOG(ERROR) << "Timed out waiting for " COLDBOOT_DONE;

        panic();

        LOG(FATAL) << "Timed out waiting for " COLDBOOT_DONE;

    }

    property_set("ro.boottime.init.cold_boot_wait", std::to_string(t.duration().count()));

static void global_seccomp() {

    import_kernel_cmdline(false, [](const std::string& key, const std::string& value, bool in_qemu) {

        if (key == "androidboot.seccomp" && value == "global" && !set_global_seccomp_filter()) {

            LOG(ERROR) << "Failed to globally enable seccomp!";

            panic();

            LOG(FATAL) << "Failed to globally enable seccomp!";

        }

    });

}

    memset(&action, 0, sizeof(action));

    sigfillset(&action.sa_mask);

    action.sa_handler = [](int) {

        // panic() reboots to bootloader

        panic();

        // Calling DoReboot() or LOG(FATAL) is not a good option as this is a signal handler.

        // RebootSystem uses syscall() which isn't actually async-signal-safe, but our only option

        // and probably good enough given this is already an error case and only enabled for

        // development builds.

        RebootSystem(ANDROID_RB_RESTART2, "bootloader");

    };

    action.sa_flags = SA_RESTART;

    sigaction(SIGABRT, &action, nullptr);

        LOG(INFO) << "init first stage started!";

        if (!DoFirstStageMount()) {

            LOG(ERROR) << "Failed to mount required partitions early ...";

            panic();

            LOG(FATAL) << "Failed to mount required partitions early ...";

        }

        SetInitAvbVersionInRecovery();

        // We're in the kernel domain, so re-exec init to transition to the init domain now

        // that the SELinux policy has been loaded.

        if (selinux_android_restorecon("/init", 0) == -1) {

            PLOG(ERROR) << "restorecon failed of /init failed";

            panic();

            PLOG(FATAL) << "restorecon failed of /init failed";

        }

        setenv("INIT_SECOND_STAGE", "true", 1);

        // execv() only returns if an error happened, in which case we

        // panic and never fall through this conditional.

        PLOG(ERROR) << "execv(\"" << path << "\") failed";

        panic();

        PLOG(FATAL) << "execv(\"" << path << "\") failed";

    }

    // At this point we're in the second stage of init.

#include <string.h>

#include <android-base/logging.h>

#include <cutils/android_reboot.h>

#include <selinux/selinux.h>

#include "reboot.h"

namespace android {

namespace init {

static void RebootAborter(const char* abort_message) {

    // DoReboot() does a lot to try to shutdown the system cleanly.  If something happens to call

    // LOG(FATAL) in the shutdown path, we want to catch this and immediately use the syscall to

    // reboot instead of recursing here.

    static bool has_aborted = false;

    if (!has_aborted) {

        has_aborted = true;

        // Do not queue "shutdown" trigger since we want to shutdown immediately and it's not likely

        // that we can even run the ActionQueue at this point.

        DoReboot(ANDROID_RB_RESTART2, "reboot", "bootloader", false);

    } else {

        RebootSystem(ANDROID_RB_RESTART2, "bootloader");

    }

}

void InitKernelLogging(char* argv[]) {

    // Make stdin/stdout/stderr all point to /dev/null.

    int fd = open("/sys/fs/selinux/null", O_RDWR);

    if (fd == -1) {

        int saved_errno = errno;

        android::base::InitLogging(argv, &android::base::KernelLogger);

        android::base::InitLogging(argv, &android::base::KernelLogger, RebootAborter);

        errno = saved_errno;

        PLOG(FATAL) << "Couldn't open /sys/fs/selinux/null";

    }

    dup2(fd, 2);

    if (fd > 2) close(fd);

    android::base::InitLogging(argv, &android::base::KernelLogger);

    android::base::InitLogging(argv, &android::base::KernelLogger, RebootAborter);

}

int selinux_klog_callback(int type, const char *fmt, ...) {

    return value == CAP_SET;

}

static void __attribute__((noreturn))

RebootSystem(unsigned int cmd, const std::string& rebootTarget) {

void __attribute__((noreturn)) RebootSystem(unsigned int cmd, const std::string& rebootTarget) {

    LOG(INFO) << "Reboot ending, jumping to kernel";

    if (!IsRebootCapable()) {

            break;

    }

    // In normal case, reboot should not return.

    PLOG(FATAL) << "reboot call returned";

    PLOG(ERROR) << "reboot call returned";

    abort();

}

namespace android {

namespace init {

// This is a wrapper around the actual reboot calls.  DoReboot() should be preferred in most cases.

void __attribute__((noreturn)) RebootSystem(unsigned int cmd, const std::string& rebootTarget);

/* Reboot / shutdown the system.

 * cmd ANDROID_RB_* as defined in android_reboot.h

 * reason Reason string like "reboot", "userrequested"

#include <android-base/logging.h>

#include <android-base/unique_fd.h>

#include "util.h"

using android::base::unique_fd;

namespace android {

    LOG(ERROR) << "Unknown architecture";

#endif

    LOG(ERROR) << "Unable to set adequate mmap entropy value!";

    panic();

    LOG(FATAL) << "Unable to set adequate mmap entropy value!";

    return Error();

}

    std::string path = KPTR_RESTRICT_PATH;

    if (!SetHighestAvailableOptionValue(path, KPTR_RESTRICT_MINVALUE, KPTR_RESTRICT_MAXVALUE)) {

        LOG(ERROR) << "Unable to set adequate kptr_restrict value!";

        panic();

        LOG(FATAL) << "Unable to set adequate kptr_restrict value!";

        return Error();

    }

    return Success();