init: restorecon libsnapshot rollback indicator

The rollback indicator is created during first stage init and
is unlabeled. Need to restorecon it properly so that it can
be properly deleted by update_engine later.

Bug: 149956852
Bug: 150907679
Test: apply OTA, reboot, look at serial console
Change-Id: Ie954023b557865691fec2ae378145596bf1973a9
This commit is contained in:
Yifan Hong 2020-02-20 17:54:57 -08:00
parent 151e74894f
commit d91998f1c4
3 changed files with 13 additions and 1 deletions

View File

@ -125,6 +125,9 @@ class SnapshotManager final {
// might be needed to perform first-stage mounts.
static bool IsSnapshotManagerNeeded();
// Helper function for second stage init to restorecon on the rollback indicator.
static std::string GetGlobalRollbackIndicatorPath();
// Begin an update. This must be called before creating any snapshots. It
// will fail if GetUpdateState() != None.
bool BeginUpdate();

View File

@ -81,6 +81,7 @@ using namespace std::chrono_literals;
using namespace std::string_literals;
static constexpr char kBootIndicatorPath[] = "/metadata/ota/snapshot-boot";
static constexpr char kRollbackIndicatorPath[] = "/metadata/ota/rollback-indicator";
static constexpr auto kUpdateStateCheckInterval = 2s;
// Note: IImageManager is an incomplete type in the header, so the default
@ -1012,7 +1013,7 @@ std::string SnapshotManager::GetSnapshotBootIndicatorPath() {
}
std::string SnapshotManager::GetRollbackIndicatorPath() {
return metadata_dir_ + "/rollback-indicator";
return metadata_dir_ + "/" + android::base::Basename(kRollbackIndicatorPath);
}
void SnapshotManager::AcknowledgeMergeSuccess(LockedFile* lock) {
@ -1469,6 +1470,10 @@ bool SnapshotManager::IsSnapshotManagerNeeded() {
return access(kBootIndicatorPath, F_OK) == 0;
}
std::string SnapshotManager::GetGlobalRollbackIndicatorPath() {
return kRollbackIndicatorPath;
}
bool SnapshotManager::NeedSnapshotsInFirstStageMount() {
// If we fail to read, we'll wind up using CreateLogicalPartitions, which
// will create devices that look like the old slot, except with extra

View File

@ -66,6 +66,7 @@
#include <android-base/unique_fd.h>
#include <fs_avb/fs_avb.h>
#include <libgsi/libgsi.h>
#include <libsnapshot/snapshot.h>
#include <selinux/android.h>
#include "debug_ramdisk.h"
@ -78,6 +79,7 @@ using android::base::ParseInt;
using android::base::Timer;
using android::base::unique_fd;
using android::fs_mgr::AvbHandle;
using android::snapshot::SnapshotManager;
namespace android {
namespace init {
@ -538,6 +540,8 @@ void SelinuxRestoreContext() {
// adb remount, snapshot-based updates, and DSUs all create files during
// first-stage init.
selinux_android_restorecon("/metadata", SELINUX_ANDROID_RESTORECON_RECURSE);
selinux_android_restorecon(SnapshotManager::GetGlobalRollbackIndicatorPath().c_str(), 0);
}
int SelinuxKlogCallback(int type, const char* fmt, ...) {