init: only mlock() system pages when performing snapuserd transitions.

        "libcgrouprc_format",

        "libcgrouprc_format",

        "liblmkd_utils",

        "liblmkd_utils",

        "libmodprobe",

        "libmodprobe",

        "libprocinfo",

        "libprotobuf-cpp-lite",

        "libprotobuf-cpp-lite",

        "libpropertyinfoserializer",

        "libpropertyinfoserializer",

        "libpropertyinfoparser",

        "libpropertyinfoparser",

        "libsnapshot_cow",

        "libsnapshot_cow",

        "libsnapshot_init",

        "libsnapshot_init",

        "update_metadata-protos",

        "update_metadata-protos",

        "libprocinfo",

    ],

    ],

    static_executable: true,

    static_executable: true,

    libsnapshot_cow \

    libsnapshot_cow \

    libsnapshot_init \

    libsnapshot_init \

    update_metadata-protos \

    update_metadata-protos \

    libprocinfo \

LOCAL_SANITIZE := signed-integer-overflow

LOCAL_SANITIZE := signed-integer-overflow

# First stage init is weird: it may start without stdout/stderr, and no /proc.

# First stage init is weird: it may start without stdout/stderr, and no /proc.

#include <filesystem>

#include <filesystem>

#include <string>

#include <string>

#include <string_view>

#include <android-base/file.h>

#include <android-base/file.h>

#include <android-base/logging.h>

#include <android-base/logging.h>

#include <libsnapshot/snapshot.h>

#include <libsnapshot/snapshot.h>

#include <libsnapshot/snapuserd_client.h>

#include <libsnapshot/snapuserd_client.h>

#include <private/android_filesystem_config.h>

#include <private/android_filesystem_config.h>

#include <procinfo/process_map.h>

#include <selinux/android.h>

#include <selinux/android.h>

#include "block_dev_initializer.h"

#include "block_dev_initializer.h"

    });

    });

}

}

static void LockAllSystemPages() {

    bool ok = true;

    auto callback = [&](const android::procinfo::MapInfo& map) -> void {

        if (!ok || android::base::StartsWith(map.name, "/dev/") ||

            !android::base::StartsWith(map.name, "/")) {

            return;

        }

        auto start = reinterpret_cast<const void*>(map.start);

        auto len = map.end - map.start;

        if (!len) {

            return;

        }

        if (mlock(start, len) < 0) {

            LOG(ERROR) << "mlock failed, " << start << " for " << len << " bytes.";

            ok = false;

        }

    };

    if (!android::procinfo::ReadProcessMaps(getpid(), callback) || !ok) {

        LOG(FATAL) << "Could not process /proc/" << getpid() << "/maps file for init, "

                   << "falling back to mlockall().";

        if (mlockall(MCL_CURRENT) < 0) {

            LOG(FATAL) << "mlockall failed";

        }

    }

}

void SnapuserdSelinuxHelper::StartTransition() {

void SnapuserdSelinuxHelper::StartTransition() {

    LOG(INFO) << "Starting SELinux transition of snapuserd";

    LOG(INFO) << "Starting SELinux transition of snapuserd";

    // We cannot access /system after the transition, so make sure init is

    // We cannot access /system after the transition, so make sure init is

    // pinned in memory.

    // pinned in memory.

    if (mlockall(MCL_CURRENT) < 0) {

    LockAllSystemPages();

        LOG(FATAL) << "mlockall failed";

    }

    argv_.emplace_back("snapuserd");

    argv_.emplace_back("snapuserd");

    argv_.emplace_back("-no_socket");

    argv_.emplace_back("-no_socket");