• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <sys/types.h>
20 
21 #include <optional>
22 #include <string>
23 #include <vector>
24 
25 #include <libsnapshot/snapshot.h>
26 
27 #include "block_dev_initializer.h"
28 
29 namespace android {
30 namespace init {
31 
32 enum class SnapshotDriver {
33     DM_SNAPSHOT,
34     DM_USER,
35 };
36 
37 // Fork and exec a new copy of snapuserd.
38 void LaunchFirstStageSnapuserd(SnapshotDriver driver);
39 
40 class SnapuserdSelinuxHelper final {
41     using SnapshotManager = android::snapshot::SnapshotManager;
42 
43   public:
44     SnapuserdSelinuxHelper(std::unique_ptr<SnapshotManager>&& sm, pid_t old_pid);
45 
46     void StartTransition();
47     void FinishTransition();
48 
49     // Return a helper for facilitating the selinux transition of snapuserd.
50     // If snapuserd is not in use, null is returned. StartTransition() should
51     // be called after reading policy. FinishTransition() should be called
52     // after loading policy. In between, no reads of /system or other dynamic
53     // partitions are possible.
54     static std::unique_ptr<SnapuserdSelinuxHelper> CreateIfNeeded();
55 
56   private:
57     void RelaunchFirstStageSnapuserd();
58     void ExecSnapuserd();
59     bool TestSnapuserdIsReady();
60 
61     std::unique_ptr<SnapshotManager> sm_;
62     BlockDevInitializer block_dev_init_;
63     pid_t old_pid_;
64     std::vector<std::string> argv_;
65 };
66 
67 // Remove /dev/socket/snapuserd. This ensures that (1) the existing snapuserd
68 // will receive no new requests, and (2) the next copy we transition to can
69 // own the socket.
70 void CleanupSnapuserdSocket();
71 
72 // Kill an instance of snapuserd given a pid.
73 void KillFirstStageSnapuserd(pid_t pid);
74 
75 // Save an open fd to /system/bin (in the ramdisk) into an environment. This is
76 // used to later execveat() snapuserd.
77 void SaveRamdiskPathToSnapuserd();
78 
79 // Returns true if first-stage snapuserd is running.
80 bool IsFirstStageSnapuserdRunning();
81 
82 // Return the pid of the first-stage instances of snapuserd, if it was started.
83 std::optional<pid_t> GetSnapuserdFirstStagePid();
84 
85 // Return snapuserd info strings that were set during first-stage init.
86 std::vector<std::string> GetSnapuserdFirstStageInfo();
87 
88 // Save an open fd to /system/bin (in the ramdisk) into an environment. This is
89 // used to later execveat() snapuserd.
90 void SaveRamdiskPathToSnapuserd();
91 
92 // Returns true if first-stage snapuserd is running.
93 bool IsFirstStageSnapuserdRunning();
94 
95 }  // namespace init
96 }  // namespace android
97