Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / c516684a63890ba6bfb61f33e8c6c48d0ca3371d^! / . / microdroid / init.rc
commitc516684a63890ba6bfb61f33e8c6c48d0ca3371d[log] [tgz]
authorJiyong Park <jiyong@google.com>Fri Jan 21 12:54:57 2022 +0900
committerJiyong Park <jiyong@google.com>Fri Jan 21 12:59:42 2022 +0900
tree9d5ff813683dee4570466d1858fef72bb91eb5af
parent7930ef8847ced84da0bc584c63913c0ec37064a6 [diff] [blame]
Prepare diced before microdroid_manager runs

microdroid_manager needs to access diced to get the per-VM secret that
it uses to encrypt/decrypt the instance disk. This is not trivial
because previously diced (and servicemanager it depends on) were not
bootstrap processes, which means they can start only after APEXes are
activated. However, microdroid_manager can't do that before the instance
disk is decrypted. So, there's a circular dependency between
microdroid_manager and diced.

This CL fixes the issue by making diced and servicemanager bootstrap
processes. They now can start before APEXes are activated. The start of
microdroid_manager is moved to after diced.

Bug: 214231981
Test: run microdroid

Change-Id: I8ada5324000f9731a5709982fbb45cbf101f94c6

diff --git a/microdroid/init.rc b/microdroid/init.rc
index 31c06d3..117b62c 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc

@@ -17,25 +17,6 @@
 
     start ueventd
 
-    mkdir /mnt/apk 0755 system system
-    mkdir /mnt/extra-apk 0755 root root
-    # Microdroid_manager starts apkdmverity/zipfuse/apexd
-    start microdroid_manager
-
-    # restorecon so microdroid_manager can create subdirectories
-    restorecon /mnt/extra-apk
-
-    # Wait for apexd to finish activating APEXes before starting more processes.
-    wait_for_prop apexd.status activated
-    perform_apex_config
-
-    # Notify to microdroid_manager that perform_apex_config is done.
-    # Microdroid_manager shouldn't execute payload before this, because app
-    # payloads are not designed to run with bootstrap bionic
-    setprop apex_config.done true
-
-    setprop ro.debuggable ${ro.boot.microdroid.debuggable:-0}
-
 on init
     # Mount binderfs
     mkdir /dev/binderfs
@@ -78,18 +59,35 @@
     chmod 0664 /dev/cpuset/background/tasks
     chmod 0664 /dev/cpuset/system-background/tasks
 
-on init && property:ro.boot.logd.enabled=1
-    # Start logd before any other services run to ensure we capture all of their logs.
-    start logd
-
-on init
     start servicemanager
 
+    start diced
+
+    mkdir /mnt/apk 0755 system system
+    mkdir /mnt/extra-apk 0755 root root
+    # Microdroid_manager starts apkdmverity/zipfuse/apexd
+    start microdroid_manager
+
+    # restorecon so microdroid_manager can create subdirectories
+    restorecon /mnt/extra-apk
+
+    # Wait for apexd to finish activating APEXes before starting more processes.
+    wait_for_prop apexd.status activated
+    perform_apex_config
+
+    # Notify to microdroid_manager that perform_apex_config is done.
+    # Microdroid_manager shouldn't execute payload before this, because app
+    # payloads are not designed to run with bootstrap bionic
+    setprop apex_config.done true
+
+    setprop ro.debuggable ${ro.boot.microdroid.debuggable:-0}
+
     # TODO(b/185767624): remove hidl after full keymint support
     start hwservicemanager
 
-    # TODO(b/214231981): start diced (and servicemanager) earlier than microdroid_manager.
-    start diced
+on init && property:ro.boot.logd.enabled=1
+    # Start logd before any other services run to ensure we capture all of their logs.
+    start logd
 
 on init && property:ro.boot.adb.enabled=1
     start adbd