Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / 915b8d7194fc351a63655e255069206a70c50fcc^! / .
commit915b8d7194fc351a63655e255069206a70c50fcc[log] [tgz]
authorEric Biggers <ebiggers@google.com>Wed Apr 28 10:15:38 2021 -0700
committerEric Biggers <ebiggers@google.com>Thu Apr 29 17:05:37 2021 +0000
treee86ac23beca70d6caab226feab83012ad8ba6418
parente222fa4d749cef1c782ca3ccc04caa57cf95992d [diff]
init.rc: fix (re)starting apexd on FDE devices

On first boot, FDE devices hang on the command
'wait_for_prop apexd.status activated'.  This is because apexd was
already started with the tmpfs /data, then was stopped by
vold.decrypt=trigger_shutdown_framework.  Then when apexd is started
again with the real /data, it sees that apexd.status="ready" already, so
it doesn't consider itself to be starting from scratch again.  So it
doesn't move apexd.status back to "activated" as expected.

Fix the above by resetting apexd.status to its initial value of the
empty string before trying to start apexd in the post-fs-data trigger.
Note that this also takes care of the userspace reboot case which was
previously handled in the userspace-reboot-requested trigger.

Also, FDE devices hang at the same place on non-first boots with default
encryption (i.e., when no PIN is set) because apexd is still running
after having been started with the tmpfs /data.  This is because
vold.decrypt=trigger_shutdown_framework isn't run in that case, but
rather vold manually kills processes that have open files on /data --
which doesn't include apexd.  But, apexd should be restarted too.

Fix that by using 'restart apexd' rather than 'start apexd'.

Note that these changes are needed even though FDE devices don't support
updatable APEXes, as apexd is needed regardless.

This is one of a set of changes that is needed to get FDE working again
so that devices that launched with FDE can be upgraded to Android 12.

Bug: 186165644
Test: Tested FDE on Cuttlefish.  Also tested userspace reboot (with FBE)
Change-Id: I4fa57cf15d77b64d1167eaf966347d2a9d6a9b72

diff --git a/rootdir/init.rc b/rootdir/init.rc
index d834f73..4ec5d33 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -685,6 +685,10 @@
     exec - system system -- /system/bin/vdc keymaster earlyBootEnded
 
     # /data/apex is now available. Start apexd to scan and activate APEXes.
+    #
+    # To handle userspace reboots as well as devices that use FDE, make sure
+    # that apexd is started cleanly here (set apexd.status="") and that it is
+    # restarted if it's already running.
     mkdir /data/apex 0755 root system encryption=None
     mkdir /data/apex/active 0755 root system
     mkdir /data/apex/backup 0700 root system
@@ -693,7 +697,8 @@
     mkdir /data/apex/sessions 0700 root system
     mkdir /data/app-staging 0751 system system encryption=DeleteIfNecessary
     mkdir /data/apex/ota_reserved 0700 root system encryption=Require
-    start apexd
+    setprop apexd.status ""
+    restart apexd
 
     # create rest of basic filesystem structure
     mkdir /data/misc/recovery 0770 system log
@@ -1240,7 +1245,6 @@
   setprop dev.bootcomplete ""
   setprop sys.init.updatable_crashing ""
   setprop sys.init.updatable_crashing_process_name ""
-  setprop apexd.status ""
   setprop sys.user.0.ce_available ""
   setprop sys.shutdown.requested ""
   setprop service.bootanim.exit ""