| David Anderson | 491e4da | 2020-12-08 00:21:20 -0800 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (C) 2020 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #pragma once |
| 18 | |
| 19 | #include <sys/types.h> |
| 20 | |
| 21 | #include <optional> |
| 22 | #include <string> |
| 23 | #include <vector> |
| 24 | |
| 25 | #include <libsnapshot/snapshot.h> |
| 26 | |
| 27 | #include "block_dev_initializer.h" |
| 28 | |
| 29 | namespace android { |
| 30 | namespace init { |
| 31 | |
| 32 | // Fork and exec a new copy of snapuserd. |
| 33 | void LaunchFirstStageSnapuserd(); |
| 34 | |
| 35 | class SnapuserdSelinuxHelper final { |
| 36 | using SnapshotManager = android::snapshot::SnapshotManager; |
| 37 | |
| 38 | public: |
| 39 | SnapuserdSelinuxHelper(std::unique_ptr<SnapshotManager>&& sm, pid_t old_pid); |
| 40 | |
| 41 | void StartTransition(); |
| 42 | void FinishTransition(); |
| 43 | |
| 44 | // Return a helper for facilitating the selinux transition of snapuserd. |
| 45 | // If snapuserd is not in use, null is returned. StartTransition() should |
| 46 | // be called after reading policy. FinishTransition() should be called |
| 47 | // after loading policy. In between, no reads of /system or other dynamic |
| 48 | // partitions are possible. |
| 49 | static std::unique_ptr<SnapuserdSelinuxHelper> CreateIfNeeded(); |
| 50 | |
| 51 | private: |
| 52 | void RelaunchFirstStageSnapuserd(); |
| 53 | void ExecSnapuserd(); |
| 54 | |
| 55 | std::unique_ptr<SnapshotManager> sm_; |
| 56 | BlockDevInitializer block_dev_init_; |
| 57 | pid_t old_pid_; |
| 58 | std::vector<std::string> argv_; |
| 59 | }; |
| 60 | |
| 61 | // Remove /dev/socket/snapuserd. This ensures that (1) the existing snapuserd |
| 62 | // will receive no new requests, and (2) the next copy we transition to can |
| 63 | // own the socket. |
| 64 | void CleanupSnapuserdSocket(); |
| 65 | |
| 66 | // Kill an instance of snapuserd given a pid. |
| 67 | void KillFirstStageSnapuserd(pid_t pid); |
| 68 | |
| 69 | // Save an open fd to /system/bin (in the ramdisk) into an environment. This is |
| 70 | // used to later execveat() snapuserd. |
| 71 | void SaveRamdiskPathToSnapuserd(); |
| 72 | |
| 73 | // Returns true if first-stage snapuserd is running. |
| 74 | bool IsFirstStageSnapuserdRunning(); |
| 75 | |
| 76 | // Return the pid of the first-stage instances of snapuserd, if it was started. |
| 77 | std::optional<pid_t> GetSnapuserdFirstStagePid(); |
| 78 | |
| 79 | // Save an open fd to /system/bin (in the ramdisk) into an environment. This is |
| 80 | // used to later execveat() snapuserd. |
| 81 | void SaveRamdiskPathToSnapuserd(); |
| 82 | |
| 83 | // Returns true if first-stage snapuserd is running. |
| 84 | bool IsFirstStageSnapuserdRunning(); |
| 85 | |
| 86 | } // namespace init |
| 87 | } // namespace android |