From a466ca8ff42e6d3b7b589c2acc006ce8492e1b2e Mon Sep 17 00:00:00 2001
From: Oli Lan <olilan@google.com>
Date: Thu, 23 Jan 2020 19:52:42 +0000
Subject: [PATCH] Allow apexd to snapshot and restore DE data.

This calls into apexd to allow it to snapshot and restore DE apex data
in the case of a rollback. See the corresponding apexd change for more
information.

Cherry-pick from (unsubmitted) internal CL: ag/10163227

Bug: 141148175
Test: atest StagedRollbackTest#testRollbackApexDataDirectories_DeSys
Change-Id: Ia4bacc9b7b7a77038ba897acbc7db29e177a6433
---
 rootdir/init.rc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 20fb071f4..bc7b55fba 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -738,6 +738,12 @@ on post-fs-data
 
     init_user0
 
+    # Allow apexd to snapshot and restore device encrypted apex data in the case
+    # of a rollback. This should be done immediately after DE_user data keys
+    # are loaded. APEXes should not access this data until this has been
+    # completed.
+    exec_start apexd-snapshotde
+
     # Set SELinux security contexts on upgrade or policy update.
     restorecon --recursive --skip-ce /data