Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 62e985a9 authored by Martijn Coenen's avatar Martijn Coenen
Browse files

init: Allow restricted use of binder. 

Allow init to use binder, but in a restricted way:
- No binder threadpool
- Other processes can't initiate calls to init
- No death recipients

This change adds libbinder/libutils and calls into ProcessState,
which also calls into the kernel driver and sets up state there.
No other binder calls are made, so that we can let this soak for
a while to see if there any bad side effects of just loading
these libraries and initializing the kernel driver.

This introduces about 120kB of additional memory usage (PSS),
mostly due to pulling in libbinder and libutils and the private
state they have.

We also don't include these libraries in the recovery version of
init, because space on the recovery partition is limited.

Bug: 112684055
Test: device still boots, /d/binder/proc/1 shows init state
Change-Id: I972b1eebdb16337f52e20d1f614e3a0dce0f06d2
parent 07fd6d02

init/Android.bp

+15 −0
Original line number Diff line number Diff line
@@ -68,6 +68,7 @@ cc_defaults { 
    ],

    shared_libs: [

        "libbase",

        "libbinder",

        "libbootloader_message",

        "libcutils",

        "libdl",
@@ -78,6 +79,7 @@ cc_defaults { 
        "liblog",

        "liblogwrap",

        "libselinux",

        "libutils",

    ],

}
@@ -127,6 +129,13 @@ cc_library_static { 
        type: "lite",

        export_proto_headers: true,

    },



    target: {

        recovery: {

            cflags: ["-DRECOVERY"],

            exclude_shared_libs: ["libbinder", "libutils"],

        },

    },

}



cc_binary {
@@ -143,6 +152,12 @@ cc_binary { 
    ],

    srcs: ["main.cpp"],

    symlinks: ["ueventd"],

    target: {

        recovery: {

            cflags: ["-DRECOVERY"],

            exclude_shared_libs: ["libbinder", "libutils"],

        },

    },

}



// Tests

init/init.cpp

+23 −0
Original line number Diff line number Diff line
@@ -41,6 +41,10 @@ 
#include <keyutils.h>

#include <libavb/libavb.h>



#ifndef RECOVERY

#include <binder/ProcessState.h>

#endif



#include "action_parser.h"

#include "epoll.h"

#include "first_stage_mount.h"
@@ -413,6 +417,22 @@ static Result<Success> queue_property_triggers_action(const BuiltinArguments& ar 
    return Success();

}



static Result<Success> InitBinder(const BuiltinArguments& args) {

    // init's use of binder is very limited. init cannot:

    //   - have any binder threads

    //   - receive incoming binder calls

    //   - pass local binder services to remote processes

    //   - use death recipients

    // The main supported usecases are:

    //   - notifying other daemons (oneway calls only)

    //   - retrieving data that is necessary to boot

    // Also, binder can't be used by recovery.

#ifndef RECOVERY

    android::ProcessState::self()->setThreadPoolMaxThreadCount(0);

#endif

    return Success();

}



// Set the UDC controller for the ConfigFS USB Gadgets.

// Read the UDC controller in use from "/sys/class/udc".

// In case of multiple UDC controllers select the first one.
@@ -673,6 +693,9 @@ int main(int argc, char** argv) { 
    // wasn't ready immediately after wait_for_coldboot_done

    am.QueueBuiltinAction(MixHwrngIntoLinuxRngAction, "MixHwrngIntoLinuxRng");



    // Initialize binder before bringing up other system services

    am.QueueBuiltinAction(InitBinder, "InitBinder");



    // Don't mount filesystems or start core system services in charger mode.

    std::string bootmode = GetProperty("ro.bootmode", "");

    if (bootmode == "charger") {