From 16cedf8595a16c79f94f0095f2617e4d829ea927 Mon Sep 17 00:00:00 2001 From: Adam Boardman Date: Thu, 20 Apr 2023 13:05:40 +0100 Subject: [PATCH] Pulled lots of changes from Droidian --- debian/control | 6 +- debian/lxc-android.install | 1 + debian/lxc-android.service | 20 ++- debian/postinst | 9 +- .../conf.d/99-wifi-disable-random-mac.conf | 3 + lib/systemd/system/android-mount.service | 12 ++ lib/systemd/system/bind-vendor.service | 2 +- lib/systemd/system/dev-cpuset.mount | 20 --- lib/systemd/system/mnt-vendor-nvcfg.mount | 20 --- lib/systemd/system/mnt-vendor-nvdata.mount | 20 --- lib/systemd/system/mnt-vendor-persist.mount | 20 --- lib/systemd/system/mnt-vendor-protect_f.mount | 20 --- lib/systemd/system/mnt-vendor-protect_s.mount | 20 --- lib/systemd/system/system_root.mount | 20 --- lib/systemd/system/vendor.mount | 20 --- usr/lib/lxc-android/lxc-android-notify | 84 ++++++++++++ usr/lib/lxc-android/lxc-android-ready | 20 --- usr/lib/lxc-android/lxc-android-stop | 11 ++ usr/lib/lxc-android/mount-android | 5 + usr/lib/lxc-android/update-fstab | 100 -------------- usr/sbin/mount-android.sh | 129 ++++++++++++++++++ var/lib/lxc/android/config | 10 +- var/lib/lxc/android/pre-start.sh | 12 ++ 23 files changed, 285 insertions(+), 299 deletions(-) create mode 100644 etc/NetworkManager/conf.d/99-wifi-disable-random-mac.conf create mode 100644 lib/systemd/system/android-mount.service delete mode 100644 lib/systemd/system/dev-cpuset.mount delete mode 100644 lib/systemd/system/mnt-vendor-nvcfg.mount delete mode 100644 lib/systemd/system/mnt-vendor-nvdata.mount delete mode 100644 lib/systemd/system/mnt-vendor-persist.mount delete mode 100644 lib/systemd/system/mnt-vendor-protect_f.mount delete mode 100644 lib/systemd/system/mnt-vendor-protect_s.mount delete mode 100644 lib/systemd/system/system_root.mount delete mode 100644 lib/systemd/system/vendor.mount create mode 100755 usr/lib/lxc-android/lxc-android-notify delete mode 100755 usr/lib/lxc-android/lxc-android-ready create mode 100755 usr/lib/lxc-android/lxc-android-stop create mode 100755 usr/lib/lxc-android/mount-android delete mode 100755 usr/lib/lxc-android/update-fstab create mode 100755 usr/sbin/mount-android.sh diff --git a/debian/control b/debian/control index be4e1d4..44603eb 100644 --- a/debian/control +++ b/debian/control @@ -8,7 +8,11 @@ Homepage: https://github.com/gemian/lxc-android Package: lxc-android Architecture: all -Depends: lxc, gemian-system, planet-linux-kernel +Depends: lxc, + gemian-system, + planet-linux-kernel, + parse-android-dynparts, + halium-wrappers, Description: lxc configuration for starting android . This package provides the configuration for starting android in lxc diff --git a/debian/lxc-android.install b/debian/lxc-android.install index b31a09c..e556427 100644 --- a/debian/lxc-android.install +++ b/debian/lxc-android.install @@ -1,3 +1,4 @@ +etc/* usr/* var/* lib/* diff --git a/debian/lxc-android.service b/debian/lxc-android.service index 3e977a0..4362708 100644 --- a/debian/lxc-android.service +++ b/debian/lxc-android.service @@ -1,12 +1,22 @@ [Unit] Description=LXC Android Config and Container Initialization -After=android-rootfs.mount +After=android-mount.service +Wants=android-mount.service [Service] -Type=forking -ExecStart=/usr/bin/lxc-start -n android -d -- /init -ExecStartPost=/usr/lib/lxc-android/lxc-android-ready -ExecStop=/usr/bin/lxc-stop -n android -k +Type=notify +NotifyAccess=exec +# Move the actual container start-up as an ExecStartPre. +# While is not-entirely-correct(TM) this allows for the notification +# script to block. +# The container is now started in background, and lxc-android-notify +# has the task to notify systemd when it's ready. +ExecStartPre=/usr/bin/lxc-start -n android -d +ExecStart=/usr/lib/lxc-android/lxc-android-notify +KillMode=mixed +TimeoutStopSec=120s +ExecStop=/usr/lib/lxc-android/lxc-android-stop +Delegate=yes [Install] WantedBy=multi-user.target diff --git a/debian/postinst b/debian/postinst index fa0e2bb..63837eb 100644 --- a/debian/postinst +++ b/debian/postinst @@ -3,16 +3,9 @@ systemctl disable lxc systemctl disable lxc-net +systemctl enable android-mount.service systemctl enable var-lib-lxc-android-rootfs.mount -systemctl enable vendor.mount -systemctl enable system_root.mount systemctl enable system.mount -systemctl enable mnt-vendor-protect_s.mount -systemctl enable mnt-vendor-protect_f.mount -systemctl enable mnt-vendor-persist.mount -systemctl enable mnt-vendor-nvdata.mount -systemctl enable mnt-vendor-nvcfg.mount -systemctl enable dev-cpuset.mount systemctl enable config.mount systemctl enable bind-vendor.service systemctl enable wlan-module.service diff --git a/etc/NetworkManager/conf.d/99-wifi-disable-random-mac.conf b/etc/NetworkManager/conf.d/99-wifi-disable-random-mac.conf new file mode 100644 index 0000000..ee15239 --- /dev/null +++ b/etc/NetworkManager/conf.d/99-wifi-disable-random-mac.conf @@ -0,0 +1,3 @@ +[device] +wifi.scan-rand-mac-address=no + diff --git a/lib/systemd/system/android-mount.service b/lib/systemd/system/android-mount.service new file mode 100644 index 0000000..da09435 --- /dev/null +++ b/lib/systemd/system/android-mount.service @@ -0,0 +1,12 @@ +[Unit] +Description=mount android parts +After=systemd-udev-settle.service local-fs.target +Before=lxc-android.service +Wants=systemd-udev-settle.service + +[Service] +Type=oneshot +ExecStart=/usr/lib/lxc-android/mount-android + +[Install] +RequiredBy=local-fs.target diff --git a/lib/systemd/system/bind-vendor.service b/lib/systemd/system/bind-vendor.service index 20b418c..9d5b225 100644 --- a/lib/systemd/system/bind-vendor.service +++ b/lib/systemd/system/bind-vendor.service @@ -1,6 +1,6 @@ [Unit] Description=Bind mount certain files over /vendor -After=vendor.mount +After=android-mount.service DefaultDependencies=no [Service] diff --git a/lib/systemd/system/dev-cpuset.mount b/lib/systemd/system/dev-cpuset.mount deleted file mode 100644 index 6b65aff..0000000 --- a/lib/systemd/system/dev-cpuset.mount +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Droid mount for /dev/cpuset -Before=local-fs.target systemd-modules-load.service - -[Mount] -What=none -Where=/dev/cpuset -Type=cpuset -Options=nodev,noexec,nosuid -# Options had SELinux context option: - -# Default is 90 which makes mount period too long in case of -# errors so drop it down a notch. -TimeoutSec=10 - -[Install] -WantedBy=local-fs.target - -# From ./out/target/product/cosmopda/root/init.rc : -# mount cpuset none /dev/cpuset nodev noexec nosuid diff --git a/lib/systemd/system/mnt-vendor-nvcfg.mount b/lib/systemd/system/mnt-vendor-nvcfg.mount deleted file mode 100644 index ef27c55..0000000 --- a/lib/systemd/system/mnt-vendor-nvcfg.mount +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Droid mount for /mnt/vendor/nvcfg -Before=local-fs.target systemd-modules-load.service - -[Mount] -What=/dev/disk/by-partlabel/nvcfg -Where=/mnt/vendor/nvcfg -Type=ext4 -Options=noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc -# Options had SELinux context option: - -# Default is 90 which makes mount period too long in case of -# errors so drop it down a notch. -TimeoutSec=10 - -[Install] -WantedBy=local-fs.target - -# From ./out/target/product/cosmopda/root/fstab.mt6771 : -# /dev/mmcblk0p6 /mnt/vendor/nvcfg ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,formattable diff --git a/lib/systemd/system/mnt-vendor-nvdata.mount b/lib/systemd/system/mnt-vendor-nvdata.mount deleted file mode 100644 index 9b0259d..0000000 --- a/lib/systemd/system/mnt-vendor-nvdata.mount +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Droid mount for /mnt/vendor/nvdata -Before=local-fs.target systemd-modules-load.service - -[Mount] -What=/dev/disk/by-partlabel/nvdata -Where=/mnt/vendor/nvdata -Type=ext4 -Options=noatime,nosuid,nodev,noauto_da_alloc,discard -# Options had SELinux context option: - -# Default is 90 which makes mount period too long in case of -# errors so drop it down a notch. -TimeoutSec=10 - -[Install] -WantedBy=local-fs.target - -# From ./out/target/product/cosmopda/root/fstab.mt6771 : -# /dev/mmcblk0p7 /mnt/vendor/nvdata ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,formattable diff --git a/lib/systemd/system/mnt-vendor-persist.mount b/lib/systemd/system/mnt-vendor-persist.mount deleted file mode 100644 index ebc49fd..0000000 --- a/lib/systemd/system/mnt-vendor-persist.mount +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Droid mount for /mnt/vendor/persist -Before=local-fs.target systemd-modules-load.service - -[Mount] -What=/dev/disk/by-partlabel/persist -Where=/mnt/vendor/persist -Type=ext4 -Options=noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc -# Options had SELinux context option: - -# Default is 90 which makes mount period too long in case of -# errors so drop it down a notch. -TimeoutSec=10 - -[Install] -WantedBy=local-fs.target - -# From ./out/target/product/cosmopda/root/fstab.mt6771 : -# /dev/block/platform/bootdevice/by-name/persist /mnt/vendor/persist ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,formattable diff --git a/lib/systemd/system/mnt-vendor-protect_f.mount b/lib/systemd/system/mnt-vendor-protect_f.mount deleted file mode 100644 index d13374f..0000000 --- a/lib/systemd/system/mnt-vendor-protect_f.mount +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Droid mount for /mnt/vendor/protect_f -Before=local-fs.target systemd-modules-load.service - -[Mount] -What=/dev/disk/by-partlabel/protect1 -Where=/mnt/vendor/protect_f -Type=ext4 -Options=noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc -# Options had SELinux context option: - -# Default is 90 which makes mount period too long in case of -# errors so drop it down a notch. -TimeoutSec=10 - -[Install] -WantedBy=local-fs.target - -# From ./out/target/product/cosmopda/root/fstab.mt6771 : -# /dev/mmcblk0p9 /mnt/vendor/protect_f ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,formattable diff --git a/lib/systemd/system/mnt-vendor-protect_s.mount b/lib/systemd/system/mnt-vendor-protect_s.mount deleted file mode 100644 index 994057b..0000000 --- a/lib/systemd/system/mnt-vendor-protect_s.mount +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Droid mount for /mnt/vendor/protect_s -Before=local-fs.target systemd-modules-load.service - -[Mount] -What=/dev/disk/by-partlabel/protect2 -Where=/mnt/vendor/protect_s -Type=ext4 -Options=noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc -# Options had SELinux context option: - -# Default is 90 which makes mount period too long in case of -# errors so drop it down a notch. -TimeoutSec=10 - -[Install] -WantedBy=local-fs.target - -# From ./out/target/product/cosmopda/root/fstab.mt6771 : -# /dev/mmcblk0p10 /mnt/vendor/protect_s ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,formattable diff --git a/lib/systemd/system/system_root.mount b/lib/systemd/system/system_root.mount deleted file mode 100644 index c23ab0d..0000000 --- a/lib/systemd/system/system_root.mount +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Droid mount for /system_root -Before=local-fs.target systemd-modules-load.service - -[Mount] -What=/dev/disk/by-partlabel/system -Where=/system_root -Type=ext4 -Options=ro -# Options had SELinux context option: - -# Default is 90 which makes mount period too long in case of -# errors so drop it down a notch. -TimeoutSec=10 - -[Install] -WantedBy=local-fs.target - -# From ./out/target/product/cosmopda/root/fstab.mt6771 : -# /dev/mmcblk0p33 / ext4 ro wait,verify,recoveryonly diff --git a/lib/systemd/system/vendor.mount b/lib/systemd/system/vendor.mount deleted file mode 100644 index 3c90e3c..0000000 --- a/lib/systemd/system/vendor.mount +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Droid mount for /vendor -Before=local-fs.target systemd-modules-load.service - -[Mount] -What=/dev/disk/by-partlabel/vendor -Where=/vendor -Type=ext4 -Options=ro -# Options had SELinux context option: - -# Default is 90 which makes mount period too long in case of -# errors so drop it down a notch. -TimeoutSec=10 - -[Install] -WantedBy=local-fs.target - -# From ./out/target/product/cosmopda/root/fstab.mt6771 : -# /dev/mmcblk0p32 /vendor ext4 ro wait,verify,recoveryonly diff --git a/usr/lib/lxc-android/lxc-android-notify b/usr/lib/lxc-android/lxc-android-notify new file mode 100755 index 0000000..12b9508 --- /dev/null +++ b/usr/lib/lxc-android/lxc-android-notify @@ -0,0 +1,84 @@ +#!/bin/bash + +# When this script starts, the container is starting-up. +# On Android 10+ devices, we need to properly replicate APEX bind-mounts +# on the host system. + +LXC_ROOTFS="/var/lib/lxc/android/rootfs" + +info() { + echo "I: $@" +} + +warning() { + echo "W: $@" >&2 +} + +error() { + echo "E: $@" >&2 + exit 1 +} + +get_source_apex_name() { + NAME="$(echo ${1} | sed -E 's|\.v[0-9]+$||g')" + + for choice in ${NAME} ${NAME}.release ${NAME}.debug ${NAME}.current; do + if [ -e "/android/system/apex/${choice}" ]; then + echo "${choice}" + break + fi + done +} + +# Get Android container version +ANDROID_SDK_VERSION=$(grep ro.build.version.sdk= ${LXC_ROOTFS}/system/build.prop | cut -d "=" -f2) +if [ $(getconf LONG_BIT) == 32 ]; then + LIBDIR="lib" +else + LIBDIR="lib64" +fi + +# Wait for the container +lxc-wait -n android -t 10 -s "RUNNING" + +if [ $ANDROID_SDK_VERSION -ge 29 ]; then + # Android >= 10 + info "Detected Android 10+ container" + + # Wait for apex to show up + HYBRIS_LD_LIBRARY_PATH="/android/system/apex/com.android.runtime/${LIBDIR}/bionic:/android/system/apex/com.android.runtime.release/${LIBDIR}/bionic:/android/system/apex/com.android.runtime.debug/${LIBDIR}/bionic:/android/system/${LIBDIR}" \ + WAITFORSERVICE_VALUE="ready" \ + /usr/bin/waitforservice apexd.status + + info "apexd ready, replicating bind-mounts" + for mpoint in /apex/*; do + # TODO: Actually determine from where the directory has been bind-mounted + # from, and support non-flattened apexes + if [ ! -d "${mpoint}" ] || [[ ${mpoint} == /apex/*@* ]]; then + continue + fi + + apex=$(basename ${mpoint}) + target="/apex/${apex}" + + source_apex=$(get_source_apex_name ${apex}) + + if [ -z "${source_apex}" ]; then + warning "Unable to finx source apex for apex ${apex}" + continue + fi + + source="/android/system/apex/${source_apex}" + + if [ -d "${source}" ]; then + info "Replicating bind-mount for apex ${apex}" + mount --bind ${source} ${target} + fi + done +fi + +# Notify systemd we're done +systemd-notify --ready --status="Container ready" + +# Block on lxc-wait +lxc-wait -n android -s "STOPPED" diff --git a/usr/lib/lxc-android/lxc-android-ready b/usr/lib/lxc-android/lxc-android-ready deleted file mode 100755 index 6d8092d..0000000 --- a/usr/lib/lxc-android/lxc-android-ready +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -e - -lxc-wait -n android -s RUNNING -t 30 -containerpid="$(lxc-info -n android -p -H)" -if [ -n "$containerpid" ]; then - while true; do - [ -f /proc/$containerpid/root/dev/.coldboot_done ] && break - sleep 0.1 - done - - # Allow custom properties before announcing that the boot is completed - if [ -f /custom/custom.prop ]; then - while [ ! -e /dev/socket/property_service ]; do sleep 0.1; done - grep "^custom\." /custom/custom.prop | sed 's/=/ /' | while read property value; do - setprop $property $value - done - fi -else - exit 1 -fi diff --git a/usr/lib/lxc-android/lxc-android-stop b/usr/lib/lxc-android/lxc-android-stop new file mode 100755 index 0000000..3972834 --- /dev/null +++ b/usr/lib/lxc-android/lxc-android-stop @@ -0,0 +1,11 @@ +#!/bin/sh + +/usr/bin/setprop sys.powerctl shutdown +lxc-wait -n android -s "STOPPED" -t 30 + +# Teardown mapped super partition +if [ -e "/dev/disk/by-partlabel/super" ]; then + dmsetup remove /dev/mapper/dynpart-* || true +fi + +exit 0 diff --git a/usr/lib/lxc-android/mount-android b/usr/lib/lxc-android/mount-android new file mode 100755 index 0000000..e890443 --- /dev/null +++ b/usr/lib/lxc-android/mount-android @@ -0,0 +1,5 @@ +#!/bin/sh +mkdir -p /dev/cpuset +mount none /dev/cpuset -t cpuset -o nodev,noexec,nosuid + +BIND_MOUNT_PATH="/var/lib/lxc/android/rootfs" /usr/sbin/mount-android.sh diff --git a/usr/lib/lxc-android/update-fstab b/usr/lib/lxc-android/update-fstab deleted file mode 100755 index 95eec03..0000000 --- a/usr/lib/lxc-android/update-fstab +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/sh - -set -e - -mountpoints="system data factory persist" - -syslabels="FACTORYFS APP system SYSTEM" -datalabels="DATAFS UDA userdata USERDATA" -factorylabels="EFS efs" -persistlabels="persist" - -mountopts="noatime,nodiratime,errors=remount-ro" -romountopts="ro,${mountopts}" -bindmountopts="ro,bind" -persistopts="rw,nosuid,nodev,relatime,nodelalloc,data=ordered" - -if grep -q "^[a-z0-9/]*./system" /etc/fstab || \ - grep -q "^[a-z0-9/]*./data" /etc/fstab; then - exit 0 -fi - -tmpfile=$(mktemp /tmp/fstab.XXX) - -cleanup() -{ - case $? in - 0) - mv $tmpfile /etc/fstab - chmod 644 /etc/fstab - echo "success" - ;; - *) - rm -rf $tmpfile - echo "failed" - ;; - esac -} -trap cleanup EXIT INT QUIT ILL KILL SEGV TERM - -# logging -log=/var/log/lxc-android-boot.log -exec 3>&1 4>&2 >$log 2>&1 - -# prepare working file -cp /etc/fstab $tmpfile -echo >>$tmpfile - - -for mount in $mountpoints; do - path=$diskpath - fs="ext4" - part="" - - # make sure the mountpoint exists at all - [ -e "/$mount" ] || mkdir -p /$mount - - # different options per mountpioint - case $mount in - system) - labels=$syslabels - options=$romountopts - ;; - data) - labels=$datalabels - options=$mountopts - ;; - factory) - labels=$factorylabels - options=$romountopts - ;; - persist) - labels=$persistlabels - options=$persistopts - ;; - esac - - disk="" - for partname in $labels; do - diskpaths=$(find /dev -type l -name ${partname}|head -1) - for diskpath in $diskpaths; do - disk=$(readlink -f ${diskpath}) - [ -b "$disk" ] && break - done - done - case $diskpath in - *EFS) - mount="efs" - ;; - esac - if [ -n "$disk" ]; then - echo "# added by lxc-android-boot for /$mount" >>$tmpfile - echo "$disk\t/$mount\t$fs\t$options\t0\t0" >>$tmpfile - fi -done - -if grep -q "^[a-z0-9/]*./system" $tmpfile; then - [ -e "/vendor" ] || mkdir -p /vendor - echo "# added by lxc-android-boot for /vendor" >>$tmpfile - echo "/system/vendor\t/vendor\tauto\t$bindmountopts\t0\t0" >>$tmpfile -fi diff --git a/usr/sbin/mount-android.sh b/usr/sbin/mount-android.sh new file mode 100755 index 0000000..3bf9e18 --- /dev/null +++ b/usr/sbin/mount-android.sh @@ -0,0 +1,129 @@ +#!/bin/bash + +# On systems with A/B partition layout, current slot is provided via cmdline parameter. +ab_slot_suffix=$(grep -o 'androidboot\.slot_suffix=..' /proc/cmdline | cut -d "=" -f2) +[ ! -z "$ab_slot_suffix" ] && echo "A/B slot system detected! Slot suffix is $ab_slot_suffix" + +find_partition_path() { + label=$1 + path="/dev/$label" + # In case fstab provides /dev/mmcblk0p* lines + for dir in by-partlabel by-name by-label by-path by-uuid by-partuuid by-id; do + # On A/B systems not all of the partitions are duplicated, so we have to check with and without suffix + if [ -e "/dev/disk/$dir/$label$ab_slot_suffix" ]; then + path="/dev/disk/$dir/$label$ab_slot_suffix" + break + elif [ -e "/dev/disk/$dir/$label" ]; then + path="/dev/disk/$dir/$label" + break + fi + done + echo $path +} + +parse_mount_flags() { + org_options="$1" + options="" + for i in $(echo $org_options | tr "," "\n"); do + [[ "$i" =~ "context" ]] && continue + options+=$i"," + done + options=${options%?} + echo $options +} + +if [ -e "/dev/disk/by-partlabel/super" ]; then + echo "mapping super partition" + dmsetup create --concise "$(parse-android-dynparts /dev/disk/by-partlabel/super)" +fi + +echo "checking for vendor mount point" + +vendor_images="/userdata/vendor.img /var/lib/lxc/android/vendor.img /dev/mapper/dynpart-vendor /dev/mapper/dynpart-vendor${ab_slot_suffix}" +for image in $vendor_images; do + if [ -e $image ]; then + echo "mounting vendor from $image" + mount $image /vendor -o ro + fi +done + +sys_vendor="/sys/firmware/devicetree/base/firmware/android/fstab/vendor" +if [ -e $sys_vendor ] && ! mountpoint -q -- /vendor; then + label=$(cat $sys_vendor/dev | awk -F/ '{print $NF}') + path=$(find_partition_path $label) + [ ! -e "$path" ] && echo "Error vendor not found" && exit + type=$(cat $sys_vendor/type) + options=$(parse_mount_flags $(cat $sys_vendor/mnt_flags)) + echo "mounting $path as /vendor" + mount $path /vendor -t $type -o $options +fi + +# Bind-mount /vendor if we should. Legacy devices do not have /vendor +# on a separate partition and we should handle that. +if [ -n "${BIND_MOUNT_PATH}" ] && mountpoint -q -- /vendor; then + # Mountpoint, bind-mount. We don't use rbind as we're going + # to go through the fstab anyways. + mount -o bind /vendor "${BIND_MOUNT_PATH}/vendor" +fi + +sys_persist="/sys/firmware/devicetree/base/firmware/android/fstab/persist" +if [ -e $sys_persist ]; then + label=$(cat $sys_persist/dev | awk -F/ '{print $NF}') + path=$(find_partition_path $label) + # [ ! -e "$path" ] && echo "Error persist not found" && exit + type=$(cat $sys_persist/type) + options=$(parse_mount_flags $(cat $sys_persist/mnt_flags)) + echo "mounting $path as /mnt/vendor/persist" + mount $path /mnt/vendor/persist -t $type -o $options +fi + +echo "checking if system overlay exists" +if [ -d "/usr/lib/droid-system-overlay" ]; then + echo "mounting android's system overlay" + mount -t overlay overlay -o lowerdir=/usr/lib/droid-system-overlay:/var/lib/lxc/android/rootfs/system /var/lib/lxc/android/rootfs/system +fi +echo "checking if vendor overlay exists" +if [ -d "/usr/lib/droid-vendor-overlay" ]; then + echo "mounting android's vendor overlay" + mount -t overlay overlay -o lowerdir=/usr/lib/droid-vendor-overlay:/var/lib/lxc/android/rootfs/vendor /var/lib/lxc/android/rootfs/vendor +fi + +# Assume there's only one fstab in vendor +fstab=$(ls /vendor/etc/fstab*) +[ -z "$fstab" ] && echo "fstab not found" && exit + +echo "checking fstab $fstab for additional mount points" + +cat ${fstab} ${EXTRA_FSTAB} | while read line; do + set -- $line + + # stop processing if we hit the "#endhalium" comment in the file + echo $1 | egrep -q "^#endhalium" && break + + # Skip any unwanted entry + echo $1 | egrep -q "^#" && continue + ([ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ] || [ -z "$4" ]) && continue + ([ "$2" = "/system" ] || [ "$2" = "/data" ] || [ "$2" = "/" ] \ + || [ "$2" = "auto" ] || [ "$2" = "/vendor" ] || [ "$2" = "none" ] \ + || [ "$2" = "/misc" ]) && continue + ([ "$3" = "emmc" ] || [ "$3" = "swap" ] || [ "$3" = "mtd" ]) && continue + + label=$(echo $1 | awk -F/ '{print $NF}') + [ -z "$label" ] && continue + + echo "checking mount label $label" + + path=$(find_partition_path $label) + + [ ! -e "$path" ] && continue + + mkdir -p $2 + echo "mounting $path as $2" + mount $path $2 -t $3 -o $(parse_mount_flags $4) + + # Bind mount on rootfs if we should + if [ -n "${BIND_MOUNT_PATH}" ] && [[ ${2} != /mnt/* ]]; then + # /mnt is recursively binded via the LXC configuration + mount -o bind ${2} "${BIND_MOUNT_PATH}/${2}" + fi +done diff --git a/var/lib/lxc/android/config b/var/lib/lxc/android/config index 77a1d49..bae2480 100644 --- a/var/lib/lxc/android/config +++ b/var/lib/lxc/android/config @@ -3,7 +3,7 @@ lxc.net.0.type = none lxc.rootfs.path = dir:/var/lib/lxc/android/rootfs -lxc.tty.dir = +lxc.tty.dir = lxc lxc.tty.max = 4 lxc.pty.max = 1024 lxc.arch = arm64 @@ -17,8 +17,7 @@ lxc.cap.drop = mac_admin mac_override lxc.hook.pre-start = /var/lib/lxc/android/pre-start.sh -# This is not needed as we do it manually within the systemd startup -#lxc.init_cmd = /init +lxc.init.cmd = /init lxc.apparmor.profile = unconfined lxc.autodev = 0 @@ -28,10 +27,13 @@ lxc.hook.post-stop = /usr/share/lxcfs/lxc.reboot.hook lxc.mount.entry = tmpfs dev tmpfs nosuid 0 0 lxc.mount.entry = /dev/__properties__ dev/__properties__ bind bind,create=dir 0 0 +lxc.mount.entry = /dev/binderfs dev/binderfs bind bind,create=dir,optional 0 0 lxc.mount.entry = /dev/socket dev/socket bind bind,create=dir 0 0 lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 lxc.mount.entry = sys sys sysfs nodev,noexec,nosuid 0 0 #lxc.mount.entry = tmp tmp tmpfs nodev,noexec,nosuid 0 0 lxc.mount.entry = /data data bind bind 0 0 -lxc.mount.entry = /vendor vendor bind rbind 0 0 +#lxc.mount.entry = /vendor vendor bind rbind 0 0 lxc.mount.entry = /mnt mnt bind rbind 0 0 +lxc.mount.entry = /apex apex bind bind,optional 0 0 +lxc.mount.entry = /odm odm bind bind,optional 0 0 diff --git a/var/lib/lxc/android/pre-start.sh b/var/lib/lxc/android/pre-start.sh index 98a32e7..2b8f0f6 100755 --- a/var/lib/lxc/android/pre-start.sh +++ b/var/lib/lxc/android/pre-start.sh @@ -55,4 +55,16 @@ else # Halium 9 mkdir -p /dev/__properties__ mkdir -p /dev/socket + + # Mount a tmpfs on /apex if we should + if [ -e "/apex" ]; then + mount -t tmpfs tmpfs /apex + fi + + # mount binderfs if needed + if [ ! -e /dev/binder ]; then + mkdir -p /dev/binderfs + mount -t binder binder /dev/binderfs -o stats=global + ln -s /dev/binderfs/*binder /dev + fi fi