Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 34e70410 authored by Tom Cherry's avatar Tom Cherry
Browse files

init: cleanup is_first_stage conditionals 

A recent change to the is_first_stage conditionals created a unneeded
else { } block as both the code in the else { } block and any code
that runs after it are both in the second stage of init.  A first step
to clean this up is to remove this else block.

Secondly, given the above confusion, it makes sense to simplify the two
if (is_first_stage) conditions into one, which only now requires
duplicating one line to initialize logging and the actual "init
first/second stage started!" logs.

Lastly, there are a few commands ran at the beginning of both init
stages that do not need to be,

* boot_clock::time_point start_time = boot_clock::now();
This is only used in the first stage so keep it there

* umask(0);
umasks are preserved across execve() so it only needs to be set in the
first stage

* chmod("/proc/cmdline", 0440);
This needs to be moved until after /proc is mounted in the first
stage, but otherwise only needs to be done once

Test: Boot bullhead, check umask, check cmdline permissions, check
boot time property

Change-Id: Idb7df1d4330960ce282d9609f5c62281ee2638b9
parent e323976e

init/init.cpp

+46 −43
Original line number Diff line number Diff line
@@ -1108,27 +1108,26 @@ int main(int argc, char** argv) { 
        return watchdogd_main(argc, argv);

    }



    boot_clock::time_point start_time = boot_clock::now();



    // Clear the umask.

    umask(0);



    add_environment("PATH", _PATH_DEFPATH);



    bool is_first_stage = (getenv("INIT_SECOND_STAGE") == nullptr);



    // Don't expose the raw commandline to unprivileged processes.

    chmod("/proc/cmdline", 0440);

    if (is_first_stage) {

        boot_clock::time_point start_time = boot_clock::now();



        // Clear the umask.

        umask(0);



        // Get the basic filesystem setup we need put together in the initramdisk

        // on / and then we'll let the rc file figure out the rest.

    if (is_first_stage) {

        mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755");

        mkdir("/dev/pts", 0755);

        mkdir("/dev/socket", 0755);

        mount("devpts", "/dev/pts", "devpts", 0, NULL);

        #define MAKE_STR(x) __STRING(x)

        mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC));

        // Don't expose the raw commandline to unprivileged processes.

        chmod("/proc/cmdline", 0440);

        gid_t groups[] = { AID_READPROC };

        setgroups(arraysize(groups), groups);

        mount("sysfs", "/sys", "sysfs", 0, NULL);
@@ -1136,15 +1135,13 @@ int main(int argc, char** argv) { 
        mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));

        mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8));

        mknod("/dev/urandom", S_IFCHR | 0666, makedev(1, 9));

    }



        // Now that tmpfs is mounted on /dev and we have /dev/kmsg, we can actually

        // talk to the outside world...

        InitKernelLogging(argv);



    LOG(INFO) << "init " << (is_first_stage ? "first" : "second") << " stage started!";

        LOG(INFO) << "init first stage started!";



    if (is_first_stage) {

        if (!early_mount()) {

            LOG(ERROR) << "Failed to mount required partitions early ...";

            panic();
@@ -1168,11 +1165,18 @@ int main(int argc, char** argv) { 


        char* path = argv[0];

        char* args[] = { path, nullptr };

        if (execv(path, args) == -1) {

        execv(path, args);



        // execv() only returns if an error happened, in which case we

        // panic and never fall through this conditional.

        PLOG(ERROR) << "execv(\"" << path << "\") failed";

        security_failure();

    }

    } else {



    // At this point we're in the second stage of init.

    InitKernelLogging(argv);

    LOG(INFO) << "init second stage started!";



    // Indicate that booting is in progress to background fw loaders, etc.

    close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000));
@@ -1201,7 +1205,6 @@ int main(int argc, char** argv) { 


    // Now set up SELinux for second stage.

    selinux_initialize(false);

    }



    // These directories were necessarily created before initial policy load

    // and therefore need their security context restored to the proper value.