init: Add an selinux transition for snapuserd.

    // Helper function for second stage init to restorecon on the rollback indicator.

    static std::string GetGlobalRollbackIndicatorPath();

    // Initiate the transition from first-stage to second-stage snapuserd. This

    // process involves re-creating the dm-user table entries for each device,

    // so that they connect to the new daemon. Once all new tables have been

    // activated, we ask the first-stage daemon to cleanly exit.

    //

    // The caller must pass a function which starts snapuserd.

    bool PerformSecondStageTransition();

    // Detach dm-user devices from the current snapuserd, and populate

    // |snapuserd_argv| with the necessary arguments to restart snapuserd

    // and reattach them.

    bool DetachSnapuserdForSelinux(std::vector<std::string>* snapuserd_argv);

    // Perform the transition from the selinux stage of snapuserd into the

    // second-stage of snapuserd. This process involves re-creating the dm-user

    // table entries for each device, so that they connect to the new daemon.

    // Once all new tables have been activated, we ask the first-stage daemon

    // to cleanly exit.

    bool PerformSecondStageInitTransition();

    // ISnapshotManager overrides.

    bool BeginUpdate() override;

    // returns true.

    bool WaitForDevice(const std::string& device, std::chrono::milliseconds timeout_ms);

    enum class InitTransition { SELINUX_DETACH, SECOND_STAGE };

    // Initiate the transition from first-stage to second-stage snapuserd. This

    // process involves re-creating the dm-user table entries for each device,

    // so that they connect to the new daemon. Once all new tables have been

    // activated, we ask the first-stage daemon to cleanly exit.

    //

    // If the mode is SELINUX_DETACH, snapuserd_argv must be non-null and will

    // be populated with a list of snapuserd arguments to pass to execve(). It

    // is otherwise ignored.

    bool PerformInitTransition(InitTransition transition,

                               std::vector<std::string>* snapuserd_argv = nullptr);

    std::string gsid_dir_;

    std::string metadata_dir_;

    std::unique_ptr<IDeviceInfo> device_;

static constexpr char kSnapuserdSocket[] = "snapuserd";

static constexpr char kSnapuserdFirstStagePidVar[] = "FIRST_STAGE_SNAPUSERD_PID";

// Ensure that the second-stage daemon for snapuserd is running.

bool EnsureSnapuserdStarted();

    return RemoveAllUpdateState(lock, before_cancel);

}

bool SnapshotManager::PerformSecondStageTransition() {

    LOG(INFO) << "Performing second-stage transition for snapuserd.";

bool SnapshotManager::PerformInitTransition(InitTransition transition,

                                            std::vector<std::string>* snapuserd_argv) {

    LOG(INFO) << "Performing transition for snapuserd.";

    // Don't use EnsuerSnapuserdConnected() because this is called from init,

    // and attempting to do so will deadlock.

    if (!snapuserd_client_) {

    if (!snapuserd_client_ && transition != InitTransition::SELINUX_DETACH) {

        snapuserd_client_ = SnapuserdClient::Connect(kSnapuserdSocket, 10s);

        if (!snapuserd_client_) {

            LOG(ERROR) << "Unable to connect to snapuserd";

        }

        auto misc_name = user_cow_name;

        if (transition == InitTransition::SELINUX_DETACH) {

            misc_name += "-selinux";

        }

        DmTable table;

        table.Emplace<DmTargetUser>(0, target.spec.length, misc_name);

            continue;

        }

        if (transition == InitTransition::SELINUX_DETACH) {

            auto message = misc_name + "," + cow_image_device + "," + backing_device;

            snapuserd_argv->emplace_back(std::move(message));

            // Do not attempt to connect to the new snapuserd yet, it hasn't

            // been started. We do however want to wait for the misc device

            // to have been created.

            ok_cows++;

            continue;

        }

        uint64_t base_sectors =

                snapuserd_client_->InitDmUserCow(misc_name, cow_image_device, backing_device);

        if (base_sectors == 0) {

    return status.state() != UpdateState::None && status.compression_enabled();

}

bool SnapshotManager::DetachSnapuserdForSelinux(std::vector<std::string>* snapuserd_argv) {

    return PerformInitTransition(InitTransition::SELINUX_DETACH, snapuserd_argv);

}

bool SnapshotManager::PerformSecondStageInitTransition() {

    return PerformInitTransition(InitTransition::SECOND_STAGE);

}

}  // namespace snapshot

}  // namespace android

    ASSERT_TRUE(init->EnsureSnapuserdConnected());

    init->set_use_first_stage_snapuserd(true);

    init->SetUeventRegenCallback([](const std::string& device) -> bool {

        return android::fs_mgr::WaitForFile(device, snapshot_timeout_);

    });

    ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());

    ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));

    ASSERT_EQ(access("/dev/dm-user/sys_b-user-cow-init", F_OK), 0);

    ASSERT_EQ(access("/dev/dm-user/sys_b-user-cow", F_OK), -1);

    ASSERT_TRUE(init->PerformSecondStageTransition());

    ASSERT_TRUE(init->PerformInitTransition(SnapshotManager::InitTransition::SECOND_STAGE));

    // The control device should have been renamed.

    ASSERT_TRUE(android::fs_mgr::WaitForFileDeleted("/dev/dm-user/sys_b-user-cow-init", 10s));

    "selabel.cpp",

    "selinux.cpp",

    "sigchld_handler.cpp",

    "snapuserd_transition.cpp",

    "switch_root.cpp",

    "uevent_listener.cpp",

    "ueventd.cpp",