From 22ddb0aec5fd7a4e448de8098297df0004076737 Mon Sep 17 00:00:00 2001 From: Jiakai Zhang Date: Fri, 8 Mar 2024 18:49:41 +0000 Subject: [PATCH] Allow other processes to run snapshotctl through init. Running snapshotctl involves talking to gsid, which requires the UID to be 0. To allow other processes to run snapshotctl without running as the root user, this change adds system properties "sys.snapshotctl.map" and "sys.snapshotctl.unmap" that proxy snapshotctl calls. Bug: 311377497 Test: adb shell setprop sys.snapshotctl.map requested Test: adb shell setprop sys.snapshotctl.unmap requested Change-Id: Ia29dde30021a94511b8e699c2c8f3816b851bf5c --- rootdir/init.rc | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/rootdir/init.rc b/rootdir/init.rc index 1e0fa9a82..bf34a9e66 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -1361,3 +1361,16 @@ on property:persist.device_config.mglru_native.lru_gen_config=core_and_nonleaf_y write /sys/kernel/mm/lru_gen/enabled 5 on property:persist.device_config.mglru_native.lru_gen_config=all write /sys/kernel/mm/lru_gen/enabled 7 + +# Allow other processes to run `snapshotctl` through `init`. This requires +# `set_prop` permission on `snapshotctl_prop`. +on property:sys.snapshotctl.map=requested + # "root" is needed to talk to gsid and pass its check on uid. + # "system" is needed to write to "/dev/socket/snapuserd" to talk to + # snapuserd. + exec - root root system -- /system/bin/snapshotctl map + setprop sys.snapshotctl.map "finished" + +on property:sys.snapshotctl.unmap=requested + exec - root root system -- /system/bin/snapshotctl unmap + setprop sys.snapshotctl.unmap "finished"