init: restorecon libsnapshot rollback indicator
The rollback indicator is created during first stage init and is unlabeled. Need to restorecon it properly so that it can be properly deleted by update_engine later. Bug: 149956852 Bug: 150907679 Test: apply OTA, reboot, look at serial console Change-Id: Ie954023b557865691fec2ae378145596bf1973a9
This commit is contained in:
parent
151e74894f
commit
d91998f1c4
|
@ -125,6 +125,9 @@ class SnapshotManager final {
|
|||
// might be needed to perform first-stage mounts.
|
||||
static bool IsSnapshotManagerNeeded();
|
||||
|
||||
// Helper function for second stage init to restorecon on the rollback indicator.
|
||||
static std::string GetGlobalRollbackIndicatorPath();
|
||||
|
||||
// Begin an update. This must be called before creating any snapshots. It
|
||||
// will fail if GetUpdateState() != None.
|
||||
bool BeginUpdate();
|
||||
|
|
|
@ -81,6 +81,7 @@ using namespace std::chrono_literals;
|
|||
using namespace std::string_literals;
|
||||
|
||||
static constexpr char kBootIndicatorPath[] = "/metadata/ota/snapshot-boot";
|
||||
static constexpr char kRollbackIndicatorPath[] = "/metadata/ota/rollback-indicator";
|
||||
static constexpr auto kUpdateStateCheckInterval = 2s;
|
||||
|
||||
// Note: IImageManager is an incomplete type in the header, so the default
|
||||
|
@ -1012,7 +1013,7 @@ std::string SnapshotManager::GetSnapshotBootIndicatorPath() {
|
|||
}
|
||||
|
||||
std::string SnapshotManager::GetRollbackIndicatorPath() {
|
||||
return metadata_dir_ + "/rollback-indicator";
|
||||
return metadata_dir_ + "/" + android::base::Basename(kRollbackIndicatorPath);
|
||||
}
|
||||
|
||||
void SnapshotManager::AcknowledgeMergeSuccess(LockedFile* lock) {
|
||||
|
@ -1469,6 +1470,10 @@ bool SnapshotManager::IsSnapshotManagerNeeded() {
|
|||
return access(kBootIndicatorPath, F_OK) == 0;
|
||||
}
|
||||
|
||||
std::string SnapshotManager::GetGlobalRollbackIndicatorPath() {
|
||||
return kRollbackIndicatorPath;
|
||||
}
|
||||
|
||||
bool SnapshotManager::NeedSnapshotsInFirstStageMount() {
|
||||
// If we fail to read, we'll wind up using CreateLogicalPartitions, which
|
||||
// will create devices that look like the old slot, except with extra
|
||||
|
|
|
@ -66,6 +66,7 @@
|
|||
#include <android-base/unique_fd.h>
|
||||
#include <fs_avb/fs_avb.h>
|
||||
#include <libgsi/libgsi.h>
|
||||
#include <libsnapshot/snapshot.h>
|
||||
#include <selinux/android.h>
|
||||
|
||||
#include "debug_ramdisk.h"
|
||||
|
@ -78,6 +79,7 @@ using android::base::ParseInt;
|
|||
using android::base::Timer;
|
||||
using android::base::unique_fd;
|
||||
using android::fs_mgr::AvbHandle;
|
||||
using android::snapshot::SnapshotManager;
|
||||
|
||||
namespace android {
|
||||
namespace init {
|
||||
|
@ -538,6 +540,8 @@ void SelinuxRestoreContext() {
|
|||
// adb remount, snapshot-based updates, and DSUs all create files during
|
||||
// first-stage init.
|
||||
selinux_android_restorecon("/metadata", SELINUX_ANDROID_RESTORECON_RECURSE);
|
||||
|
||||
selinux_android_restorecon(SnapshotManager::GetGlobalRollbackIndicatorPath().c_str(), 0);
|
||||
}
|
||||
|
||||
int SelinuxKlogCallback(int type, const char* fmt, ...) {
|
||||
|
|
Loading…
Reference in New Issue