Merge "Construct the super_vbmeta image"
diff --git a/adb/client/adb_install.cpp b/adb/client/adb_install.cpp
index a6e8998..042a2d6 100644
--- a/adb/client/adb_install.cpp
+++ b/adb/client/adb_install.cpp
@@ -201,69 +201,68 @@
 #else
         error_exit("fastdeploy is disabled");
 #endif
-    } else {
-        struct stat sb;
-        if (stat(file, &sb) == -1) {
-            fprintf(stderr, "adb: failed to stat %s: %s\n", file, strerror(errno));
-            return 1;
-        }
+    }
 
-        unique_fd local_fd(adb_open(file, O_RDONLY | O_CLOEXEC));
-        if (local_fd < 0) {
-            fprintf(stderr, "adb: failed to open %s: %s\n", file, strerror(errno));
-            return 1;
-        }
-
-#ifdef __linux__
-        posix_fadvise(local_fd.get(), 0, 0, POSIX_FADV_SEQUENTIAL | POSIX_FADV_NOREUSE);
-#endif
-
-        const bool use_abb = can_use_feature(kFeatureAbb);
-        std::string error;
-        std::vector<std::string> cmd_args = {use_abb ? "package" : "exec:cmd package"};
-        cmd_args.reserve(argc + 3);
-
-        // don't copy the APK name, but, copy the rest of the arguments as-is
-        while (argc-- > 1) {
-            if (use_abb) {
-                cmd_args.push_back(*argv++);
-            } else {
-                cmd_args.push_back(escape_arg(*argv++));
-            }
-        }
-
-        // add size parameter [required for streaming installs]
-        // do last to override any user specified value
-        cmd_args.push_back("-S");
-        cmd_args.push_back(
-                android::base::StringPrintf("%" PRIu64, static_cast<uint64_t>(sb.st_size)));
-
-        if (is_apex) {
-            cmd_args.push_back("--apex");
-        }
-
-        unique_fd remote_fd;
-        if (use_abb) {
-            remote_fd = send_abb_exec_command(cmd_args, &error);
-        } else {
-            remote_fd.reset(adb_connect(android::base::Join(cmd_args, " "), &error));
-        }
-        if (remote_fd < 0) {
-            fprintf(stderr, "adb: connect error for write: %s\n", error.c_str());
-            return 1;
-        }
-
-        copy_to_file(local_fd.get(), remote_fd.get());
-
-        char buf[BUFSIZ];
-        read_status_line(remote_fd.get(), buf, sizeof(buf));
-        if (!strncmp("Success", buf, 7)) {
-            fputs(buf, stdout);
-            return 0;
-        }
-        fprintf(stderr, "adb: failed to install %s: %s", file, buf);
+    struct stat sb;
+    if (stat(file, &sb) == -1) {
+        fprintf(stderr, "adb: failed to stat %s: %s\n", file, strerror(errno));
         return 1;
     }
+
+    unique_fd local_fd(adb_open(file, O_RDONLY | O_CLOEXEC));
+    if (local_fd < 0) {
+        fprintf(stderr, "adb: failed to open %s: %s\n", file, strerror(errno));
+        return 1;
+    }
+
+#ifdef __linux__
+    posix_fadvise(local_fd.get(), 0, 0, POSIX_FADV_SEQUENTIAL | POSIX_FADV_NOREUSE);
+#endif
+
+    const bool use_abb = can_use_feature(kFeatureAbbExec);
+    std::string error;
+    std::vector<std::string> cmd_args = {use_abb ? "package" : "exec:cmd package"};
+    cmd_args.reserve(argc + 3);
+
+    // don't copy the APK name, but, copy the rest of the arguments as-is
+    while (argc-- > 1) {
+        if (use_abb) {
+            cmd_args.push_back(*argv++);
+        } else {
+            cmd_args.push_back(escape_arg(*argv++));
+        }
+    }
+
+    // add size parameter [required for streaming installs]
+    // do last to override any user specified value
+    cmd_args.push_back("-S");
+    cmd_args.push_back(android::base::StringPrintf("%" PRIu64, static_cast<uint64_t>(sb.st_size)));
+
+    if (is_apex) {
+        cmd_args.push_back("--apex");
+    }
+
+    unique_fd remote_fd;
+    if (use_abb) {
+        remote_fd = send_abb_exec_command(cmd_args, &error);
+    } else {
+        remote_fd.reset(adb_connect(android::base::Join(cmd_args, " "), &error));
+    }
+    if (remote_fd < 0) {
+        fprintf(stderr, "adb: connect error for write: %s\n", error.c_str());
+        return 1;
+    }
+
+    copy_to_file(local_fd.get(), remote_fd.get());
+
+    char buf[BUFSIZ];
+    read_status_line(remote_fd.get(), buf, sizeof(buf));
+    if (!strncmp("Success", buf, 7)) {
+        fputs(buf, stdout);
+        return 0;
+    }
+    fprintf(stderr, "adb: failed to install %s: %s", file, buf);
+    return 1;
 }
 
 static int install_app_legacy(int argc, const char** argv, bool use_fastdeploy,
diff --git a/adb/client/commandline.cpp b/adb/client/commandline.cpp
index fe2bdfe..a0818d3 100644
--- a/adb/client/commandline.cpp
+++ b/adb/client/commandline.cpp
@@ -1713,8 +1713,12 @@
         }
 
         if (CanUseFeature(features, kFeatureRemountShell)) {
-            const char* arg[2] = {"shell", "remount"};
-            return adb_shell(2, arg);
+            std::vector<const char*> args = {"shell"};
+            args.insert(args.cend(), argv, argv + argc);
+            return adb_shell(args.size(), args.data());
+        } else if (argc > 1) {
+            auto command = android::base::StringPrintf("%s:%s", argv[0], argv[1]);
+            return adb_connect_command(command);
         } else {
             return adb_connect_command("remount:");
         }
diff --git a/adb/transport.h b/adb/transport.h
index 61a3d9a..c38cb1d 100644
--- a/adb/transport.h
+++ b/adb/transport.h
@@ -65,8 +65,10 @@
 extern const char* const kFeatureApex;
 // adbd has b/110953234 fixed.
 extern const char* const kFeatureFixedPushMkdir;
-// adbd supports android binder bridge (abb).
+// adbd supports android binder bridge (abb) in interactive mode using shell protocol.
 extern const char* const kFeatureAbb;
+// adbd supports abb using raw pipe.
+extern const char* const kFeatureAbbExec;
 // adbd properly updates symlink timestamps on push.
 extern const char* const kFeatureFixedPushSymlinkTimestamp;
 extern const char* const kFeatureRemountShell;
diff --git a/base/include/android-base/endian.h b/base/include/android-base/endian.h
index 2d0f614..8fa6365 100644
--- a/base/include/android-base/endian.h
+++ b/base/include/android-base/endian.h
@@ -51,8 +51,10 @@
 /* macOS has some of the basics. */
 #include <sys/_endian.h>
 #else
-/* Windows has even less. */
+/* Windows has some of the basics as well. */
 #include <sys/param.h>
+#include <winsock2.h>
+/* winsock2.h *must* be included before the following four macros. */
 #define htons(x) __builtin_bswap16(x)
 #define htonl(x) __builtin_bswap32(x)
 #define ntohs(x) __builtin_bswap16(x)
diff --git a/debuggerd/debuggerd_test.cpp b/debuggerd/debuggerd_test.cpp
index fbc8b97..c86a018 100644
--- a/debuggerd/debuggerd_test.cpp
+++ b/debuggerd/debuggerd_test.cpp
@@ -603,6 +603,8 @@
   policy += "\nclone: 1";
   policy += "\nsigaltstack: 1";
   policy += "\nnanosleep: 1";
+  policy += "\ngetrlimit: 1";
+  policy += "\nugetrlimit: 1";
 
   FILE* tmp_file = tmpfile();
   if (!tmp_file) {
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index 4737ae4..a7fc628 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -874,7 +874,7 @@
         return false;
     }
 
-    if (sparse_file* s = sparse_file_import_auto(fd, false, false)) {
+    if (sparse_file* s = sparse_file_import(fd, false, false)) {
         buf->image_size = sparse_file_len(s, false, false);
         sparse_file_destroy(s);
     } else {
diff --git a/fs_mgr/liblp/builder.cpp b/fs_mgr/liblp/builder.cpp
index ea3b58e..96068b1 100644
--- a/fs_mgr/liblp/builder.cpp
+++ b/fs_mgr/liblp/builder.cpp
@@ -504,7 +504,7 @@
     return total;
 }
 
-void MetadataBuilder::RemovePartition(const std::string& name) {
+void MetadataBuilder::RemovePartition(std::string_view name) {
     for (auto iter = partitions_.begin(); iter != partitions_.end(); iter++) {
         if ((*iter)->name() == name) {
             partitions_.erase(iter);
diff --git a/fs_mgr/liblp/include/liblp/builder.h b/fs_mgr/liblp/include/liblp/builder.h
index 69885fe..4d7f81d 100644
--- a/fs_mgr/liblp/include/liblp/builder.h
+++ b/fs_mgr/liblp/include/liblp/builder.h
@@ -260,7 +260,7 @@
     Partition* AddPartition(const std::string& name, uint32_t attributes);
 
     // Delete a partition by name if it exists.
-    void RemovePartition(const std::string& name);
+    void RemovePartition(std::string_view name);
 
     // Find a partition by name. If no partition is found, nullptr is returned.
     Partition* FindPartition(std::string_view name);
diff --git a/fs_mgr/libsnapshot/Android.bp b/fs_mgr/libsnapshot/Android.bp
index f73b189..bb941dd 100644
--- a/fs_mgr/libsnapshot/Android.bp
+++ b/fs_mgr/libsnapshot/Android.bp
@@ -32,6 +32,7 @@
         "libfs_mgr",
         "libfstab",
         "liblp",
+        "update_metadata-protos",
     ],
     whole_static_libs: [
         "libext2_uuid",
@@ -41,6 +42,9 @@
     header_libs: [
         "libfiemap_headers",
     ],
+    export_static_lib_headers: [
+        "update_metadata-protos",
+    ],
     export_header_lib_headers: [
         "libfiemap_headers",
     ],
@@ -51,6 +55,7 @@
     name: "libsnapshot_sources",
     srcs: [
         "snapshot.cpp",
+        "snapshot_metadata_updater.cpp",
         "partition_cow_creator.cpp",
         "utility.cpp",
     ],
@@ -87,10 +92,12 @@
     srcs: [
         "snapshot_test.cpp",
         "partition_cow_creator_test.cpp",
+        "snapshot_metadata_updater_test.cpp",
         "test_helpers.cpp",
     ],
     shared_libs: [
         "libbinder",
+        "libprotobuf-cpp-lite",
         "libutils",
     ],
     static_libs: [
diff --git a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
index 6bc09a1..aeeb4aa 100644
--- a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
+++ b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
@@ -29,6 +29,7 @@
 #include <libfiemap/image_manager.h>
 #include <liblp/builder.h>
 #include <liblp/liblp.h>
+#include <update_engine/update_metadata.pb.h>
 
 #ifndef FRIEND_TEST
 #define FRIEND_TEST(test_set_name, individual_test) \
@@ -89,6 +90,7 @@
     using IPartitionOpener = android::fs_mgr::IPartitionOpener;
     using LpMetadata = android::fs_mgr::LpMetadata;
     using MetadataBuilder = android::fs_mgr::MetadataBuilder;
+    using DeltaArchiveManifest = chromeos_update_engine::DeltaArchiveManifest;
 
   public:
     // Dependency injection for testing.
@@ -98,6 +100,7 @@
         virtual std::string GetGsidDir() const = 0;
         virtual std::string GetMetadataDir() const = 0;
         virtual std::string GetSlotSuffix() const = 0;
+        virtual std::string GetOtherSlotSuffix() const = 0;
         virtual std::string GetSuperDevice(uint32_t slot) const = 0;
         virtual const IPartitionOpener& GetPartitionOpener() const = 0;
         virtual bool IsOverlayfsSetup() const = 0;
@@ -169,9 +172,7 @@
     // Create necessary COW device / files for OTA clients. New logical partitions will be added to
     // group "cow" in target_metadata. Regions of partitions of current_metadata will be
     // "write-protected" and snapshotted.
-    bool CreateUpdateSnapshots(MetadataBuilder* target_metadata, const std::string& target_suffix,
-                               MetadataBuilder* current_metadata, const std::string& current_suffix,
-                               const std::map<std::string, uint64_t>& cow_sizes);
+    bool CreateUpdateSnapshots(const DeltaArchiveManifest& manifest);
 
     // Map a snapshotted partition for OTA clients to write to. Write-protected regions are
     // determined previously in CreateSnapshots.
diff --git a/fs_mgr/libsnapshot/partition_cow_creator.cpp b/fs_mgr/libsnapshot/partition_cow_creator.cpp
index 3163e61..4250d23 100644
--- a/fs_mgr/libsnapshot/partition_cow_creator.cpp
+++ b/fs_mgr/libsnapshot/partition_cow_creator.cpp
@@ -25,6 +25,9 @@
 using android::fs_mgr::Interval;
 using android::fs_mgr::kDefaultBlockSize;
 using android::fs_mgr::Partition;
+using chromeos_update_engine::InstallOperation;
+template <typename T>
+using RepeatedPtrField = google::protobuf::RepeatedPtrField<T>;
 
 namespace android {
 namespace snapshot {
@@ -117,9 +120,15 @@
     return snapshot_size;
 }
 
-std::optional<PartitionCowCreator::Return> PartitionCowCreator::Run() {
+std::optional<uint64_t> PartitionCowCreator::GetCowSize(uint64_t snapshot_size) {
+    // TODO: Use |operations|. to determine a minimum COW size.
+    // kCowEstimateFactor is good for prototyping but we can't use that in production.
     static constexpr double kCowEstimateFactor = 1.05;
+    auto cow_size = RoundUp(snapshot_size * kCowEstimateFactor, kDefaultBlockSize);
+    return cow_size;
+}
 
+std::optional<PartitionCowCreator::Return> PartitionCowCreator::Run() {
     CHECK(current_metadata->GetBlockDevicePartitionName(0) == LP_METADATA_DEFAULT_PARTITION_NAME &&
           target_metadata->GetBlockDevicePartitionName(0) == LP_METADATA_DEFAULT_PARTITION_NAME);
 
@@ -135,13 +144,8 @@
 
     ret.snapshot_status.snapshot_size = *snapshot_size;
 
-    // TODO: always read from cow_size when the COW size is written in
-    // update package. kCowEstimateFactor is good for prototyping but
-    // we can't use that in production.
-    if (!cow_size.has_value()) {
-        cow_size =
-                RoundUp(ret.snapshot_status.snapshot_size * kCowEstimateFactor, kDefaultBlockSize);
-    }
+    auto cow_size = GetCowSize(*snapshot_size);
+    if (!cow_size.has_value()) return std::nullopt;
 
     // Compute regions that are free in both current and target metadata. These are the regions
     // we can use for COW partition.
diff --git a/fs_mgr/libsnapshot/partition_cow_creator.h b/fs_mgr/libsnapshot/partition_cow_creator.h
index a235914..7c81418 100644
--- a/fs_mgr/libsnapshot/partition_cow_creator.h
+++ b/fs_mgr/libsnapshot/partition_cow_creator.h
@@ -32,20 +32,23 @@
     using Interval = android::fs_mgr::Interval;
     using MetadataBuilder = android::fs_mgr::MetadataBuilder;
     using Partition = android::fs_mgr::Partition;
+    using InstallOperation = chromeos_update_engine::InstallOperation;
+    template <typename T>
+    using RepeatedPtrField = google::protobuf::RepeatedPtrField<T>;
 
     // The metadata that will be written to target metadata slot.
-    MetadataBuilder* target_metadata;
+    MetadataBuilder* target_metadata = nullptr;
     // The suffix of the target slot.
     std::string target_suffix;
     // The partition in target_metadata that needs to be snapshotted.
-    Partition* target_partition;
+    Partition* target_partition = nullptr;
     // The metadata at the current slot (that would be used if the device boots
     // normally). This is used to determine which extents are being used.
-    MetadataBuilder* current_metadata;
+    MetadataBuilder* current_metadata = nullptr;
     // The suffix of the current slot.
     std::string current_suffix;
-    // The COW size given by client code.
-    std::optional<uint64_t> cow_size;
+    // List of operations to be applied on the partition.
+    const RepeatedPtrField<InstallOperation>* operations = nullptr;
 
     struct Return {
         SnapshotManager::SnapshotStatus snapshot_status;
@@ -57,6 +60,7 @@
   private:
     bool HasExtent(Partition* p, Extent* e);
     std::optional<uint64_t> GetSnapshotSize();
+    std::optional<uint64_t> GetCowSize(uint64_t snapshot_size);
 };
 
 }  // namespace snapshot
diff --git a/fs_mgr/libsnapshot/partition_cow_creator_test.cpp b/fs_mgr/libsnapshot/partition_cow_creator_test.cpp
index e308943..29d15af 100644
--- a/fs_mgr/libsnapshot/partition_cow_creator_test.cpp
+++ b/fs_mgr/libsnapshot/partition_cow_creator_test.cpp
@@ -76,14 +76,11 @@
                                 .target_suffix = "_b",
                                 .target_partition = system_b,
                                 .current_metadata = builder_a.get(),
-                                .current_suffix = "_a",
-                                .cow_size = 20 * 1024};
+                                .current_suffix = "_a"};
     auto ret = creator.Run();
     ASSERT_TRUE(ret.has_value());
     ASSERT_EQ(40 * 1024, ret->snapshot_status.device_size);
     ASSERT_EQ(40 * 1024, ret->snapshot_status.snapshot_size);
-    ASSERT_EQ(20 * 1024,
-              ret->snapshot_status.cow_file_size + ret->snapshot_status.cow_partition_size);
 }
 
 }  // namespace snapshot
diff --git a/fs_mgr/libsnapshot/snapshot.cpp b/fs_mgr/libsnapshot/snapshot.cpp
index 15d52f1..b5b3af3 100644
--- a/fs_mgr/libsnapshot/snapshot.cpp
+++ b/fs_mgr/libsnapshot/snapshot.cpp
@@ -39,6 +39,7 @@
 #include <liblp/liblp.h>
 
 #include "partition_cow_creator.h"
+#include "snapshot_metadata_updater.h"
 #include "utility.h"
 
 namespace android {
@@ -61,6 +62,10 @@
 using android::fs_mgr::LpMetadata;
 using android::fs_mgr::MetadataBuilder;
 using android::fs_mgr::SlotNumberForSlotSuffix;
+using chromeos_update_engine::DeltaArchiveManifest;
+using chromeos_update_engine::InstallOperation;
+template <typename T>
+using RepeatedPtrField = google::protobuf::RepeatedPtrField<T>;
 using std::chrono::duration_cast;
 using namespace std::chrono_literals;
 using namespace std::string_literals;
@@ -74,6 +79,7 @@
     std::string GetGsidDir() const override { return "ota"s; }
     std::string GetMetadataDir() const override { return "/metadata/ota"s; }
     std::string GetSlotSuffix() const override { return fs_mgr_get_slot_suffix(); }
+    std::string GetOtherSlotSuffix() const override { return fs_mgr_get_other_slot_suffix(); }
     const android::fs_mgr::IPartitionOpener& GetPartitionOpener() const { return opener_; }
     std::string GetSuperDevice(uint32_t slot) const override {
         return fs_mgr_get_super_partition_name(slot);
@@ -1713,26 +1719,44 @@
     return true;
 }
 
-bool SnapshotManager::CreateUpdateSnapshots(MetadataBuilder* target_metadata,
-                                            const std::string& target_suffix,
-                                            MetadataBuilder* current_metadata,
-                                            const std::string& current_suffix,
-                                            const std::map<std::string, uint64_t>& cow_sizes) {
+bool SnapshotManager::CreateUpdateSnapshots(const DeltaArchiveManifest& manifest) {
     auto lock = LockExclusive();
     if (!lock) return false;
 
-    // Add _{target_suffix} to COW size map.
-    std::map<std::string, uint64_t> suffixed_cow_sizes;
-    for (const auto& [name, size] : cow_sizes) {
-        suffixed_cow_sizes[name + target_suffix] = size;
+    const auto& opener = device_->GetPartitionOpener();
+    auto current_suffix = device_->GetSlotSuffix();
+    uint32_t current_slot = SlotNumberForSlotSuffix(current_suffix);
+    auto target_suffix = device_->GetOtherSlotSuffix();
+    uint32_t target_slot = SlotNumberForSlotSuffix(target_suffix);
+    auto current_super = device_->GetSuperDevice(current_slot);
+
+    auto current_metadata = MetadataBuilder::New(opener, current_super, current_slot);
+    auto target_metadata =
+            MetadataBuilder::NewForUpdate(opener, current_super, current_slot, target_slot);
+
+    SnapshotMetadataUpdater metadata_updater(target_metadata.get(), target_slot, manifest);
+    if (!metadata_updater.Update()) {
+        LOG(ERROR) << "Cannot calculate new metadata.";
+        return false;
     }
 
-    target_metadata->RemoveGroupAndPartitions(kCowGroupName);
     if (!target_metadata->AddGroup(kCowGroupName, 0)) {
         LOG(ERROR) << "Cannot add group " << kCowGroupName;
         return false;
     }
 
+    std::map<std::string, const RepeatedPtrField<InstallOperation>*> install_operation_map;
+    for (const auto& partition_update : manifest.partitions()) {
+        auto suffixed_name = partition_update.partition_name() + target_suffix;
+        auto&& [it, inserted] = install_operation_map.emplace(std::move(suffixed_name),
+                                                              &partition_update.operations());
+        if (!inserted) {
+            LOG(ERROR) << "Duplicated partition " << partition_update.partition_name()
+                       << " in update manifest.";
+            return false;
+        }
+    }
+
     // TODO(b/134949511): remove this check. Right now, with overlayfs mounted, the scratch
     // partition takes up a big chunk of space in super, causing COW images to be created on
     // retrofit Virtual A/B devices.
@@ -1757,18 +1781,16 @@
     // these devices.
     AutoDeviceList created_devices;
 
-    for (auto* target_partition : ListPartitionsWithSuffix(target_metadata, target_suffix)) {
-        std::optional<uint64_t> cow_size = std::nullopt;
-        auto it = suffixed_cow_sizes.find(target_partition->name());
-        if (it != suffixed_cow_sizes.end()) {
-            cow_size = it->second;
-            LOG(INFO) << "Using provided COW size " << *cow_size << " for partition "
-                      << target_partition->name();
+    for (auto* target_partition : ListPartitionsWithSuffix(target_metadata.get(), target_suffix)) {
+        const RepeatedPtrField<InstallOperation>* operations = nullptr;
+        auto operations_it = install_operation_map.find(target_partition->name());
+        if (operations_it != install_operation_map.end()) {
+            operations = operations_it->second;
         }
 
         // Compute the device sizes for the partition.
-        PartitionCowCreator cow_creator{target_metadata,  target_suffix,  target_partition,
-                                        current_metadata, current_suffix, cow_size};
+        PartitionCowCreator cow_creator{target_metadata.get(),  target_suffix,  target_partition,
+                                        current_metadata.get(), current_suffix, operations};
         auto cow_creator_ret = cow_creator.Run();
         if (!cow_creator_ret.has_value()) {
             return false;
@@ -1846,13 +1868,17 @@
 
     auto& dm = DeviceMapper::Instance();
     auto exported_target_metadata = target_metadata->Export();
+    if (exported_target_metadata == nullptr) {
+        LOG(ERROR) << "Cannot export target metadata";
+        return false;
+    }
     CreateLogicalPartitionParams cow_params{
             .block_device = LP_METADATA_DEFAULT_PARTITION_NAME,
             .metadata = exported_target_metadata.get(),
             .timeout_ms = std::chrono::milliseconds::max(),
             .partition_opener = &device_->GetPartitionOpener(),
     };
-    for (auto* target_partition : ListPartitionsWithSuffix(target_metadata, target_suffix)) {
+    for (auto* target_partition : ListPartitionsWithSuffix(target_metadata.get(), target_suffix)) {
         AutoDeviceList created_devices_for_cow;
 
         if (!UnmapPartitionWithSnapshot(lock.get(), target_partition->name())) {
@@ -1884,6 +1910,12 @@
         // Let destructor of created_devices_for_cow to unmap the COW devices.
     };
 
+    if (!UpdatePartitionTable(opener, device_->GetSuperDevice(target_slot),
+                              *exported_target_metadata, target_slot)) {
+        LOG(ERROR) << "Cannot write target metadata";
+        return false;
+    }
+
     created_devices.Release();
     LOG(INFO) << "Successfully created all snapshots for target slot " << target_suffix;
 
diff --git a/fs_mgr/libsnapshot/snapshot_metadata_updater.cpp b/fs_mgr/libsnapshot/snapshot_metadata_updater.cpp
new file mode 100644
index 0000000..60bf796
--- /dev/null
+++ b/fs_mgr/libsnapshot/snapshot_metadata_updater.cpp
@@ -0,0 +1,273 @@
+//
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#include "snapshot_metadata_updater.h"
+
+#include <algorithm>
+#include <map>
+#include <optional>
+#include <set>
+#include <string>
+#include <string_view>
+#include <vector>
+
+#include <android-base/logging.h>
+#include <android-base/strings.h>
+#include <fs_mgr.h>
+#include <libsnapshot/snapshot.h>
+
+using android::fs_mgr::MetadataBuilder;
+using android::fs_mgr::Partition;
+using android::fs_mgr::SlotSuffixForSlotNumber;
+using chromeos_update_engine::DeltaArchiveManifest;
+
+namespace android {
+namespace snapshot {
+SnapshotMetadataUpdater::SnapshotMetadataUpdater(MetadataBuilder* builder, uint32_t target_slot,
+                                                 const DeltaArchiveManifest& manifest)
+    : builder_(builder), target_suffix_(SlotSuffixForSlotNumber(target_slot)) {
+    if (!manifest.has_dynamic_partition_metadata()) {
+        return;
+    }
+
+    // Key: partition name ("system"). Value: group name ("group").
+    // No suffix.
+    std::map<std::string_view, std::string_view> partition_group_map;
+    const auto& metadata_groups = manifest.dynamic_partition_metadata().groups();
+    groups_.reserve(metadata_groups.size());
+    for (const auto& group : metadata_groups) {
+        groups_.emplace_back(Group{group.name() + target_suffix_, &group});
+        for (const auto& partition_name : group.partition_names()) {
+            partition_group_map[partition_name] = group.name();
+        }
+    }
+
+    for (const auto& p : manifest.partitions()) {
+        auto it = partition_group_map.find(p.partition_name());
+        if (it != partition_group_map.end()) {
+            partitions_.emplace_back(Partition{p.partition_name() + target_suffix_,
+                                               std::string(it->second) + target_suffix_, &p});
+        }
+    }
+}
+
+bool SnapshotMetadataUpdater::ShrinkPartitions() const {
+    for (const auto& partition_update : partitions_) {
+        auto* existing_partition = builder_->FindPartition(partition_update.name);
+        if (existing_partition == nullptr) {
+            continue;
+        }
+        auto new_size = partition_update->new_partition_info().size();
+        if (existing_partition->size() <= new_size) {
+            continue;
+        }
+        if (!builder_->ResizePartition(existing_partition, new_size)) {
+            return false;
+        }
+    }
+    return true;
+}
+
+bool SnapshotMetadataUpdater::DeletePartitions() const {
+    std::vector<std::string> partitions_to_delete;
+    // Don't delete partitions in groups where the group name doesn't have target_suffix,
+    // e.g. default.
+    for (auto* existing_partition : ListPartitionsWithSuffix(builder_, target_suffix_)) {
+        auto iter = std::find_if(partitions_.begin(), partitions_.end(),
+                                 [existing_partition](auto&& partition_update) {
+                                     return partition_update.name == existing_partition->name();
+                                 });
+        // Update package metadata doesn't have this partition. Prepare to delete it.
+        // Not deleting from builder_ yet because it may break ListPartitionsWithSuffix if it were
+        // to return an iterable view of builder_.
+        if (iter == partitions_.end()) {
+            partitions_to_delete.push_back(existing_partition->name());
+        }
+    }
+
+    for (const auto& partition_name : partitions_to_delete) {
+        builder_->RemovePartition(partition_name);
+    }
+    return true;
+}
+
+bool SnapshotMetadataUpdater::MovePartitionsToDefault() const {
+    for (const auto& partition_update : partitions_) {
+        auto* existing_partition = builder_->FindPartition(partition_update.name);
+        if (existing_partition == nullptr) {
+            continue;
+        }
+        if (existing_partition->group_name() == partition_update.group_name) {
+            continue;
+        }
+        // Move to "default" group (which doesn't have maximum size constraint)
+        // temporarily.
+        if (!builder_->ChangePartitionGroup(existing_partition, android::fs_mgr::kDefaultGroup)) {
+            return false;
+        }
+    }
+    return true;
+}
+
+bool SnapshotMetadataUpdater::ShrinkGroups() const {
+    for (const auto& group_update : groups_) {
+        auto* existing_group = builder_->FindGroup(group_update.name);
+        if (existing_group == nullptr) {
+            continue;
+        }
+        if (existing_group->maximum_size() <= group_update->size()) {
+            continue;
+        }
+        if (!builder_->ChangeGroupSize(existing_group->name(), group_update->size())) {
+            return false;
+        }
+    }
+    return true;
+}
+
+bool SnapshotMetadataUpdater::DeleteGroups() const {
+    std::vector<std::string> existing_groups = builder_->ListGroups();
+    for (const auto& existing_group_name : existing_groups) {
+        // Don't delete groups without target suffix, e.g. default.
+        if (!android::base::EndsWith(existing_group_name, target_suffix_)) {
+            continue;
+        }
+
+        auto iter = std::find_if(groups_.begin(), groups_.end(),
+                                 [&existing_group_name](auto&& group_update) {
+                                     return group_update.name == existing_group_name;
+                                 });
+        // Update package metadata has this group as well, so not deleting it.
+        if (iter != groups_.end()) {
+            continue;
+        }
+        // Update package metadata doesn't have this group. Before deleting it, sanity check that it
+        // doesn't have any partitions left. Update metadata shouldn't assign any partitions to this
+        // group, so all partitions that originally belong to this group should be moved by
+        // MovePartitionsToDefault at this point.
+        auto existing_partitions_in_group = builder_->ListPartitionsInGroup(existing_group_name);
+        if (!existing_partitions_in_group.empty()) {
+            std::vector<std::string> partition_names_in_group;
+            std::transform(existing_partitions_in_group.begin(), existing_partitions_in_group.end(),
+                           std::back_inserter(partition_names_in_group),
+                           [](auto* p) { return p->name(); });
+            LOG(ERROR)
+                    << "Group " << existing_group_name
+                    << " cannot be deleted because the following partitions are left unassigned: ["
+                    << android::base::Join(partition_names_in_group, ",") << "]";
+            return false;
+        }
+        builder_->RemoveGroupAndPartitions(existing_group_name);
+    }
+    return true;
+}
+
+bool SnapshotMetadataUpdater::AddGroups() const {
+    for (const auto& group_update : groups_) {
+        if (builder_->FindGroup(group_update.name) == nullptr) {
+            if (!builder_->AddGroup(group_update.name, group_update->size())) {
+                return false;
+            }
+        }
+    }
+    return true;
+}
+
+bool SnapshotMetadataUpdater::GrowGroups() const {
+    for (const auto& group_update : groups_) {
+        auto* existing_group = builder_->FindGroup(group_update.name);
+        if (existing_group == nullptr) {
+            continue;
+        }
+        if (existing_group->maximum_size() >= group_update->size()) {
+            continue;
+        }
+        if (!builder_->ChangeGroupSize(existing_group->name(), group_update->size())) {
+            return false;
+        }
+    }
+    return true;
+}
+
+bool SnapshotMetadataUpdater::AddPartitions() const {
+    for (const auto& partition_update : partitions_) {
+        if (builder_->FindPartition(partition_update.name) == nullptr) {
+            auto* p =
+                    builder_->AddPartition(partition_update.name, partition_update.group_name,
+                                           LP_PARTITION_ATTR_READONLY | LP_PARTITION_ATTR_UPDATED);
+            if (p == nullptr) {
+                return false;
+            }
+        }
+    }
+    // Will be resized in GrowPartitions.
+    return true;
+}
+
+bool SnapshotMetadataUpdater::GrowPartitions() const {
+    for (const auto& partition_update : partitions_) {
+        auto* existing_partition = builder_->FindPartition(partition_update.name);
+        if (existing_partition == nullptr) {
+            continue;
+        }
+        auto new_size = partition_update->new_partition_info().size();
+        if (existing_partition->size() >= new_size) {
+            continue;
+        }
+        if (!builder_->ResizePartition(existing_partition, new_size)) {
+            return false;
+        }
+    }
+    return true;
+}
+
+bool SnapshotMetadataUpdater::MovePartitionsToCorrectGroup() const {
+    for (const auto& partition_update : partitions_) {
+        auto* existing_partition = builder_->FindPartition(partition_update.name);
+        if (existing_partition == nullptr) {
+            continue;
+        }
+        if (existing_partition->group_name() == partition_update.group_name) {
+            continue;
+        }
+        if (!builder_->ChangePartitionGroup(existing_partition, partition_update.group_name)) {
+            return false;
+        }
+    }
+    return true;
+}
+
+bool SnapshotMetadataUpdater::Update() const {
+    // Remove extents used by COW devices by removing the COW group completely.
+    builder_->RemoveGroupAndPartitions(android::snapshot::kCowGroupName);
+
+    // The order of these operations are important so that we
+    // always have enough space to grow or add new partitions / groups.
+    // clang-format off
+    return ShrinkPartitions() &&
+           DeletePartitions() &&
+           MovePartitionsToDefault() &&
+           ShrinkGroups() &&
+           DeleteGroups() &&
+           AddGroups() &&
+           GrowGroups() &&
+           AddPartitions() &&
+           GrowPartitions() &&
+           MovePartitionsToCorrectGroup();
+    // clang-format on
+}
+}  // namespace snapshot
+}  // namespace android
diff --git a/fs_mgr/libsnapshot/snapshot_metadata_updater.h b/fs_mgr/libsnapshot/snapshot_metadata_updater.h
new file mode 100644
index 0000000..83c9460
--- /dev/null
+++ b/fs_mgr/libsnapshot/snapshot_metadata_updater.h
@@ -0,0 +1,85 @@
+//
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#pragma once
+
+#include <stdint.h>
+
+#include <string>
+#include <vector>
+
+#include <liblp/builder.h>
+#include <update_engine/update_metadata.pb.h>
+
+#include "utility.h"
+
+namespace android {
+namespace snapshot {
+
+// Helper class that modifies a super partition metadata for an update for
+// Virtual A/B devices.
+class SnapshotMetadataUpdater {
+    using DeltaArchiveManifest = chromeos_update_engine::DeltaArchiveManifest;
+    using DynamicPartitionMetadata = chromeos_update_engine::DynamicPartitionMetadata;
+    using DynamicPartitionGroup = chromeos_update_engine::DynamicPartitionGroup;
+    using PartitionUpdate = chromeos_update_engine::PartitionUpdate;
+
+  public:
+    // Caller is responsible for ensuring the lifetime of manifest to be longer
+    // than SnapshotMetadataUpdater.
+    SnapshotMetadataUpdater(android::fs_mgr::MetadataBuilder* builder, uint32_t target_slot,
+                            const DeltaArchiveManifest& manifest);
+    bool Update() const;
+
+  private:
+    bool RenameGroupSuffix() const;
+    bool ShrinkPartitions() const;
+    bool DeletePartitions() const;
+    bool MovePartitionsToDefault() const;
+    bool ShrinkGroups() const;
+    bool DeleteGroups() const;
+    bool AddGroups() const;
+    bool GrowGroups() const;
+    bool AddPartitions() const;
+    bool GrowPartitions() const;
+    bool MovePartitionsToCorrectGroup() const;
+
+    // Wraps a DynamicPartitionGroup with a slot-suffixed name. Always use
+    // .name instead of ->name() because .name has the slot suffix (e.g.
+    // .name is "group_b" and ->name() is "group".)
+    struct Group {
+        std::string name;
+        const DynamicPartitionGroup* group;
+        const DynamicPartitionGroup* operator->() const { return group; }
+    };
+    // Wraps a PartitionUpdate with a slot-suffixed name / group name. Always use
+    // .name instead of ->partition_name() because .name has the slot suffix (e.g.
+    // .name is "system_b" and ->partition_name() is "system".)
+    struct Partition {
+        std::string name;
+        std::string group_name;
+        const PartitionUpdate* partition;
+        const PartitionUpdate* operator->() const { return partition; }
+    };
+
+    android::fs_mgr::MetadataBuilder* const builder_;
+    const std::string target_suffix_;
+    std::vector<Group> groups_;
+    std::vector<Partition> partitions_;
+};
+
+}  // namespace snapshot
+}  // namespace android
diff --git a/fs_mgr/libsnapshot/snapshot_metadata_updater_test.cpp b/fs_mgr/libsnapshot/snapshot_metadata_updater_test.cpp
new file mode 100644
index 0000000..535653a
--- /dev/null
+++ b/fs_mgr/libsnapshot/snapshot_metadata_updater_test.cpp
@@ -0,0 +1,328 @@
+//
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#include "snapshot_metadata_updater.h"
+
+#include <memory>
+#include <string>
+
+#include <gmock/gmock.h>
+#include <gtest/gtest.h>
+#include <liblp/builder.h>
+#include <storage_literals/storage_literals.h>
+
+#include "test_helpers.h"
+
+using namespace android::storage_literals;
+using android::fs_mgr::LpMetadata;
+using android::fs_mgr::MetadataBuilder;
+using android::fs_mgr::SlotSuffixForSlotNumber;
+using chromeos_update_engine::DeltaArchiveManifest;
+using chromeos_update_engine::DynamicPartitionGroup;
+using chromeos_update_engine::PartitionUpdate;
+using testing::AssertionFailure;
+using testing::AssertionResult;
+using testing::AssertionSuccess;
+
+namespace android {
+namespace snapshot {
+
+class SnapshotMetadataUpdaterTest : public ::testing::TestWithParam<uint32_t> {
+  public:
+    void SetUp() override {
+        target_slot_ = GetParam();
+        target_suffix_ = SlotSuffixForSlotNumber(target_slot_);
+        builder_ = MetadataBuilder::New(4_GiB + 1_MiB, 4_KiB, 2);
+
+        group_ = manifest_.mutable_dynamic_partition_metadata()->add_groups();
+        group_->set_name("group");
+        group_->set_size(4_GiB);
+        group_->add_partition_names("system");
+        group_->add_partition_names("vendor");
+        system_ = manifest_.add_partitions();
+        system_->set_partition_name("system");
+        SetSize(system_, 2_GiB);
+        vendor_ = manifest_.add_partitions();
+        vendor_->set_partition_name("vendor");
+        SetSize(vendor_, 1_GiB);
+
+        ASSERT_TRUE(FillFakeMetadata(builder_.get(), manifest_, target_suffix_));
+    }
+
+    // Append suffix to name.
+    std::string T(std::string_view name) { return std::string(name) + target_suffix_; }
+
+    AssertionResult UpdateAndExport() {
+        SnapshotMetadataUpdater updater(builder_.get(), target_slot_, manifest_);
+        if (!updater.Update()) {
+            return AssertionFailure() << "Update failed.";
+        }
+
+        exported_ = builder_->Export();
+        if (exported_ == nullptr) {
+            return AssertionFailure() << "Export failed.";
+        }
+        return AssertionSuccess();
+    }
+
+    // Check that in |builder_|, partition |name| + |target_suffix_| has the given |size|.
+    AssertionResult CheckSize(std::string_view name, uint64_t size) {
+        auto p = builder_->FindPartition(T(name));
+        if (p == nullptr) {
+            return AssertionFailure() << "Cannot find partition " << T(name);
+        }
+        if (p->size() != size) {
+            return AssertionFailure() << "Partition " << T(name) << " should be " << size
+                                      << " bytes, but is " << p->size() << " bytes.";
+        }
+        return AssertionSuccess() << "Partition" << T(name) << " is " << size << " bytes.";
+    }
+
+    // Check that in |builder_|, group |name| + |target_suffix_| has the given |size|.
+    AssertionResult CheckGroupSize(std::string_view name, uint64_t size) {
+        auto g = builder_->FindGroup(T(name));
+        if (g == nullptr) {
+            return AssertionFailure() << "Cannot find group " << T(name);
+        }
+        if (g->maximum_size() != size) {
+            return AssertionFailure() << "Group " << T(name) << " should be " << size
+                                      << " bytes, but is " << g->maximum_size() << " bytes.";
+        }
+        return AssertionSuccess() << "Group" << T(name) << " is " << size << " bytes.";
+    }
+
+    // Check that in |builder_|, partition |partition_name| + |target_suffix_| is in group
+    // |group_name| + |target_suffix_|;
+    AssertionResult CheckGroupName(std::string_view partition_name, std::string_view group_name) {
+        auto p = builder_->FindPartition(T(partition_name));
+        if (p == nullptr) {
+            return AssertionFailure() << "Cannot find partition " << T(partition_name);
+        }
+        if (p->group_name() != T(group_name)) {
+            return AssertionFailure() << "Partition " << T(partition_name) << " should be in "
+                                      << T(group_name) << ", but is in " << p->group_name() << ".";
+        }
+        return AssertionSuccess() << "Partition" << T(partition_name) << " is in " << T(group_name)
+                                  << ".";
+    }
+
+    std::unique_ptr<MetadataBuilder> builder_;
+    uint32_t target_slot_;
+    std::string target_suffix_;
+    DeltaArchiveManifest manifest_;
+    std::unique_ptr<LpMetadata> exported_;
+    DynamicPartitionGroup* group_ = nullptr;
+    PartitionUpdate* system_ = nullptr;
+    PartitionUpdate* vendor_ = nullptr;
+};
+
+TEST_P(SnapshotMetadataUpdaterTest, NoChange) {
+    EXPECT_TRUE(UpdateAndExport());
+
+    EXPECT_TRUE(CheckGroupSize("group", 4_GiB));
+    EXPECT_TRUE(CheckSize("system", 2_GiB));
+    EXPECT_TRUE(CheckGroupName("system", "group"));
+    EXPECT_TRUE(CheckSize("vendor", 1_GiB));
+    EXPECT_TRUE(CheckGroupName("vendor", "group"));
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, GrowWithinBounds) {
+    SetSize(system_, 2_GiB + 512_MiB);
+    SetSize(vendor_, 1_GiB + 512_MiB);
+
+    ASSERT_TRUE(UpdateAndExport());
+
+    EXPECT_TRUE(CheckSize("system", 2_GiB + 512_MiB));
+    EXPECT_TRUE(CheckSize("vendor", 1_GiB + 512_MiB));
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, GrowOverSuper) {
+    SetSize(system_, 3_GiB);
+    SetSize(vendor_, 1_GiB + 512_MiB);
+
+    EXPECT_FALSE(UpdateAndExport());
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, GrowOverGroup) {
+    SetSize(system_, 3_GiB);
+    SetSize(vendor_, 1_GiB + 4_KiB);
+
+    EXPECT_FALSE(UpdateAndExport());
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, Add) {
+    group_->add_partition_names("product");
+    auto product = manifest_.add_partitions();
+    product->set_partition_name("product");
+    SetSize(product, 1_GiB);
+
+    EXPECT_TRUE(UpdateAndExport());
+
+    EXPECT_TRUE(CheckSize("system", 2_GiB));
+    EXPECT_TRUE(CheckSize("vendor", 1_GiB));
+    EXPECT_TRUE(CheckSize("product", 1_GiB));
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, AddTooBig) {
+    group_->add_partition_names("product");
+    auto product = manifest_.add_partitions();
+    product->set_partition_name("product");
+    SetSize(product, 1_GiB + 4_KiB);
+
+    EXPECT_FALSE(UpdateAndExport());
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, ShrinkAll) {
+    SetSize(system_, 1_GiB);
+    SetSize(vendor_, 512_MiB);
+
+    ASSERT_TRUE(UpdateAndExport());
+
+    EXPECT_TRUE(CheckSize("system", 1_GiB));
+    EXPECT_TRUE(CheckSize("vendor", 512_MiB));
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, ShrinkAndGrow) {
+    SetSize(system_, 3_GiB + 512_MiB);
+    SetSize(vendor_, 512_MiB);
+
+    ASSERT_TRUE(UpdateAndExport());
+
+    EXPECT_TRUE(CheckSize("system", 3_GiB + 512_MiB));
+    EXPECT_TRUE(CheckSize("vendor", 512_MiB));
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, ShrinkAndAdd) {
+    SetSize(system_, 2_GiB);
+    SetSize(vendor_, 512_MiB);
+    group_->add_partition_names("product");
+    auto product = manifest_.add_partitions();
+    product->set_partition_name("product");
+    SetSize(product, 1_GiB + 512_MiB);
+
+    ASSERT_TRUE(UpdateAndExport());
+
+    EXPECT_TRUE(CheckSize("system", 2_GiB));
+    EXPECT_TRUE(CheckSize("vendor", 512_MiB));
+    EXPECT_TRUE(CheckSize("product", 1_GiB + 512_MiB));
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, Delete) {
+    group_->mutable_partition_names()->RemoveLast();
+    // No need to delete it from manifest.partitions as SnapshotMetadataUpdater
+    // should ignore them (treat them as static partitions).
+
+    EXPECT_TRUE(UpdateAndExport());
+
+    EXPECT_TRUE(CheckSize("system", 2_GiB));
+    EXPECT_EQ(nullptr, builder_->FindPartition(T("vendor")));
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, DeleteAndGrow) {
+    group_->mutable_partition_names()->RemoveLast();
+    SetSize(system_, 4_GiB);
+
+    EXPECT_TRUE(UpdateAndExport());
+
+    EXPECT_TRUE(CheckSize("system", 4_GiB));
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, DeleteAndAdd) {
+    group_->mutable_partition_names()->RemoveLast();
+    group_->add_partition_names("product");
+    auto product = manifest_.add_partitions();
+    product->set_partition_name("product");
+    SetSize(product, 2_GiB);
+
+    EXPECT_TRUE(UpdateAndExport());
+
+    EXPECT_TRUE(CheckSize("system", 2_GiB));
+    EXPECT_EQ(nullptr, builder_->FindPartition(T("vendor")));
+    EXPECT_TRUE(CheckSize("product", 2_GiB));
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, GrowGroup) {
+    group_->set_size(4_GiB + 512_KiB);
+    SetSize(system_, 2_GiB + 256_KiB);
+    SetSize(vendor_, 2_GiB + 256_KiB);
+
+    EXPECT_TRUE(UpdateAndExport());
+
+    EXPECT_TRUE(CheckSize("system", 2_GiB + 256_KiB));
+    EXPECT_TRUE(CheckSize("vendor", 2_GiB + 256_KiB));
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, ShrinkGroup) {
+    group_->set_size(1_GiB);
+    SetSize(system_, 512_MiB);
+    SetSize(vendor_, 512_MiB);
+
+    EXPECT_TRUE(UpdateAndExport());
+
+    EXPECT_TRUE(CheckSize("system", 512_MiB));
+    EXPECT_TRUE(CheckSize("vendor", 512_MiB));
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, MoveToNewGroup) {
+    group_->mutable_partition_names()->RemoveLast();
+    group_->set_size(2_GiB);
+
+    auto another_group = manifest_.mutable_dynamic_partition_metadata()->add_groups();
+    another_group->set_name("another_group");
+    another_group->set_size(2_GiB);
+    another_group->add_partition_names("vendor");
+    SetSize(vendor_, 2_GiB);
+
+    EXPECT_TRUE(UpdateAndExport());
+
+    EXPECT_TRUE(CheckGroupSize("group", 2_GiB));
+    EXPECT_TRUE(CheckGroupSize("another_group", 2_GiB));
+    EXPECT_TRUE(CheckSize("system", 2_GiB));
+    EXPECT_TRUE(CheckGroupName("system", "group"));
+    EXPECT_TRUE(CheckSize("vendor", 2_GiB));
+    EXPECT_TRUE(CheckGroupName("vendor", "another_group"));
+}
+
+TEST_P(SnapshotMetadataUpdaterTest, DeleteAndAddGroup) {
+    manifest_.mutable_dynamic_partition_metadata()->mutable_groups()->RemoveLast();
+    group_ = nullptr;
+
+    auto another_group = manifest_.mutable_dynamic_partition_metadata()->add_groups();
+    another_group->set_name("another_group");
+    another_group->set_size(4_GiB);
+    another_group->add_partition_names("system");
+    another_group->add_partition_names("vendor");
+    another_group->add_partition_names("product");
+    auto product = manifest_.add_partitions();
+    product->set_partition_name("product");
+    SetSize(product, 1_GiB);
+
+    EXPECT_TRUE(UpdateAndExport());
+
+    EXPECT_EQ(nullptr, builder_->FindGroup(T("group")));
+    EXPECT_TRUE(CheckGroupSize("another_group", 4_GiB));
+    EXPECT_TRUE(CheckSize("system", 2_GiB));
+    EXPECT_TRUE(CheckGroupName("system", "another_group"));
+    EXPECT_TRUE(CheckSize("vendor", 1_GiB));
+    EXPECT_TRUE(CheckGroupName("vendor", "another_group"));
+    EXPECT_TRUE(CheckSize("product", 1_GiB));
+    EXPECT_TRUE(CheckGroupName("product", "another_group"));
+}
+
+INSTANTIATE_TEST_SUITE_P(, SnapshotMetadataUpdaterTest, testing::Values(0, 1));
+
+}  // namespace snapshot
+}  // namespace android
diff --git a/fs_mgr/libsnapshot/snapshot_test.cpp b/fs_mgr/libsnapshot/snapshot_test.cpp
index e9835d0..36982a9 100644
--- a/fs_mgr/libsnapshot/snapshot_test.cpp
+++ b/fs_mgr/libsnapshot/snapshot_test.cpp
@@ -50,6 +50,8 @@
 using android::fs_mgr::GetPartitionGroupName;
 using android::fs_mgr::GetPartitionName;
 using android::fs_mgr::MetadataBuilder;
+using chromeos_update_engine::DeltaArchiveManifest;
+using chromeos_update_engine::PartitionUpdate;
 using namespace ::testing;
 using namespace android::fs_mgr::testing;
 using namespace android::storage_literals;
@@ -62,7 +64,8 @@
 TestDeviceInfo* test_device = nullptr;
 std::string fake_super;
 
-static constexpr uint64_t kSuperSize = 16_MiB;
+static constexpr uint64_t kSuperSize = 16_MiB + 4_KiB;
+static constexpr uint64_t kGroupSize = 16_MiB;
 
 class SnapshotTest : public ::testing::Test {
   public:
@@ -636,28 +639,39 @@
         ON_CALL(*GetMockedPropertyFetcher(), GetBoolProperty("ro.virtual_ab.enabled", _))
                 .WillByDefault(Return(true));
 
-        opener = std::make_unique<TestPartitionOpener>(fake_super);
+        opener_ = std::make_unique<TestPartitionOpener>(fake_super);
 
-        // Initialize source partition metadata. sys_b is similar to system_other.
+        // Create a fake update package metadata.
         // Not using full name "system", "vendor", "product" because these names collide with the
         // mapped partitions on the running device.
-        src = MetadataBuilder::New(*opener, "super", 0);
-        ASSERT_NE(nullptr, src);
-        auto partition = src->AddPartition("sys_a", 0);
+        // Each test modifies manifest_ slightly to indicate changes to the partition layout.
+        auto group = manifest_.mutable_dynamic_partition_metadata()->add_groups();
+        group->set_name("group");
+        group->set_size(kGroupSize);
+        group->add_partition_names("sys");
+        group->add_partition_names("vnd");
+        group->add_partition_names("prd");
+        sys_ = manifest_.add_partitions();
+        sys_->set_partition_name("sys");
+        SetSize(sys_, 3_MiB);
+        vnd_ = manifest_.add_partitions();
+        vnd_->set_partition_name("vnd");
+        SetSize(vnd_, 3_MiB);
+        prd_ = manifest_.add_partitions();
+        prd_->set_partition_name("prd");
+        SetSize(prd_, 3_MiB);
+
+        // Initialize source partition metadata using |manifest_|.
+        src_ = MetadataBuilder::New(*opener_, "super", 0);
+        ASSERT_TRUE(FillFakeMetadata(src_.get(), manifest_, "_a"));
+        ASSERT_NE(nullptr, src_);
+        // Add sys_b which is like system_other.
+        auto partition = src_->AddPartition("sys_b", 0);
         ASSERT_NE(nullptr, partition);
-        ASSERT_TRUE(src->ResizePartition(partition, 3_MiB));
-        partition = src->AddPartition("vnd_a", 0);
-        ASSERT_NE(nullptr, partition);
-        ASSERT_TRUE(src->ResizePartition(partition, 3_MiB));
-        partition = src->AddPartition("prd_a", 0);
-        ASSERT_NE(nullptr, partition);
-        ASSERT_TRUE(src->ResizePartition(partition, 3_MiB));
-        partition = src->AddPartition("sys_b", 0);
-        ASSERT_NE(nullptr, partition);
-        ASSERT_TRUE(src->ResizePartition(partition, 1_MiB));
-        auto metadata = src->Export();
+        ASSERT_TRUE(src_->ResizePartition(partition, 1_MiB));
+        auto metadata = src_->Export();
         ASSERT_NE(nullptr, metadata);
-        ASSERT_TRUE(UpdatePartitionTable(*opener, "super", *metadata.get(), 0));
+        ASSERT_TRUE(UpdatePartitionTable(*opener_, "super", *metadata.get(), 0));
 
         // Map source partitions. Additionally, map sys_b to simulate system_other after flashing.
         std::string path;
@@ -668,7 +682,7 @@
                             .metadata_slot = 0,
                             .partition_name = name,
                             .timeout_ms = 1s,
-                            .partition_opener = opener.get(),
+                            .partition_opener = opener_.get(),
                     },
                     &path));
             ASSERT_TRUE(WriteRandomData(path));
@@ -692,22 +706,6 @@
         EXPECT_TRUE(UnmapAll());
     }
 
-    static AssertionResult ResizePartitions(
-            MetadataBuilder* builder,
-            const std::vector<std::pair<std::string, uint64_t>>& partition_sizes) {
-        for (auto&& [name, size] : partition_sizes) {
-            auto partition = builder->FindPartition(name);
-            if (!partition) {
-                return AssertionFailure() << "Cannot find partition in metadata " << name;
-            }
-            if (!builder->ResizePartition(partition, size)) {
-                return AssertionFailure()
-                       << "Cannot resize partition " << name << " to " << size << " bytes";
-            }
-        }
-        return AssertionSuccess();
-    }
-
     AssertionResult IsPartitionUnchanged(const std::string& name) {
         std::string path;
         if (!dm_.GetDmDevicePathByName(name, &path)) {
@@ -748,9 +746,14 @@
         return AssertionSuccess();
     }
 
-    std::unique_ptr<TestPartitionOpener> opener;
-    std::unique_ptr<MetadataBuilder> src;
+    std::unique_ptr<TestPartitionOpener> opener_;
+    DeltaArchiveManifest manifest_;
+    std::unique_ptr<MetadataBuilder> src_;
     std::map<std::string, std::string> hashes_;
+
+    PartitionUpdate* sys_ = nullptr;
+    PartitionUpdate* vnd_ = nullptr;
+    PartitionUpdate* prd_ = nullptr;
 };
 
 // Test full update flow executed by update_engine. Some partitions uses super empty space,
@@ -767,29 +770,19 @@
         ASSERT_TRUE(sm->UnmapUpdateSnapshot(name));
     }
 
-    // OTA client adjusts the partition sizes before giving it to CreateUpdateSnapshots.
-    auto tgt = MetadataBuilder::NewForUpdate(*opener, "super", 0, 1);
-    ASSERT_NE(nullptr, tgt);
-    // clang-format off
-    ASSERT_TRUE(ResizePartitions(tgt.get(), {
-            {"sys_b", 4_MiB}, // grows
-            {"vnd_b", 4_MiB}, // grows
-            {"prd_b", 4_MiB}, // grows
-    }));
-    // clang-format on
+    // Grow all partitions.
+    SetSize(sys_, 4_MiB);
+    SetSize(vnd_, 4_MiB);
+    SetSize(prd_, 4_MiB);
 
-    ASSERT_TRUE(sm->CreateUpdateSnapshots(tgt.get(), "_b", src.get(), "_a", {}));
+    ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
 
     // Test that partitions prioritize using space in super.
+    auto tgt = MetadataBuilder::New(*opener_, "super", 1);
     ASSERT_NE(nullptr, tgt->FindPartition("sys_b-cow"));
     ASSERT_NE(nullptr, tgt->FindPartition("vnd_b-cow"));
     ASSERT_EQ(nullptr, tgt->FindPartition("prd_b-cow"));
 
-    // The metadata slot 1 is now updated.
-    auto metadata = tgt->Export();
-    ASSERT_NE(nullptr, metadata);
-    ASSERT_TRUE(UpdatePartitionTable(*opener, "super", *metadata.get(), 1));
-
     // Write some data to target partitions.
     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
         std::string path;
@@ -799,7 +792,7 @@
                         .metadata_slot = 1,
                         .partition_name = name,
                         .timeout_ms = 10s,
-                        .partition_opener = opener.get(),
+                        .partition_opener = opener_.get(),
                 },
                 &path))
                 << name;
@@ -845,49 +838,31 @@
 
 // Test that if new system partitions uses empty space in super, that region is not snapshotted.
 TEST_F(SnapshotUpdateTest, DirectWriteEmptySpace) {
-    auto tgt = MetadataBuilder::NewForUpdate(*opener, "super", 0, 1);
-    ASSERT_NE(nullptr, tgt);
-    // clang-format off
-    ASSERT_TRUE(ResizePartitions(tgt.get(), {
-            {"sys_b", 4_MiB}, // grows
-            // vnd_b and prd_b are unchanged
-    }));
-    // clang-format on
-    ASSERT_TRUE(sm->CreateUpdateSnapshots(tgt.get(), "_b", src.get(), "_a", {}));
-
+    SetSize(sys_, 4_MiB);
+    // vnd_b and prd_b are unchanged.
+    ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
     ASSERT_EQ(3_MiB, GetSnapshotSize("sys_b").value_or(0));
 }
 
 // Test that if new system partitions uses space of old vendor partition, that region is
 // snapshotted.
 TEST_F(SnapshotUpdateTest, SnapshotOldPartitions) {
-    auto tgt = MetadataBuilder::NewForUpdate(*opener, "super", 0, 1);
-    ASSERT_NE(nullptr, tgt);
-    // clang-format off
-    ASSERT_TRUE(ResizePartitions(tgt.get(), {
-            {"vnd_b", 2_MiB}, // shrinks
-            {"sys_b", 4_MiB}, // grows
-            // prd_b is unchanged
-    }));
-    // clang-format on
-    ASSERT_TRUE(sm->CreateUpdateSnapshots(tgt.get(), "_b", src.get(), "_a", {}));
-
+    SetSize(sys_, 4_MiB);  // grows
+    SetSize(vnd_, 2_MiB);  // shrinks
+    // prd_b is unchanged
+    ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
     ASSERT_EQ(4_MiB, GetSnapshotSize("sys_b").value_or(0));
 }
 
 // Test that even if there seem to be empty space in target metadata, COW partition won't take
 // it because they are used by old partitions.
 TEST_F(SnapshotUpdateTest, CowPartitionDoNotTakeOldPartitions) {
-    auto tgt = MetadataBuilder::NewForUpdate(*opener, "super", 0, 1);
-    ASSERT_NE(nullptr, tgt);
-    // clang-format off
-    ASSERT_TRUE(ResizePartitions(tgt.get(), {
-            {"sys_b", 2_MiB}, // shrinks
-            // vnd_b and prd_b are unchanged
-    }));
-    // clang-format on
-    ASSERT_TRUE(sm->CreateUpdateSnapshots(tgt.get(), "_b", src.get(), "_a", {}));
+    SetSize(sys_, 2_MiB);  // shrinks
+    // vnd_b and prd_b are unchanged.
+    ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
 
+    auto tgt = MetadataBuilder::New(*opener_, "super", 1);
+    ASSERT_NE(nullptr, tgt);
     auto metadata = tgt->Export();
     ASSERT_NE(nullptr, metadata);
     std::vector<std::string> written;
@@ -903,7 +878,7 @@
                         .metadata = metadata.get(),
                         .partition = &p,
                         .timeout_ms = 1s,
-                        .partition_opener = opener.get(),
+                        .partition_opener = opener_.get(),
                 },
                 &path));
         ASSERT_TRUE(WriteRandomData(path));
@@ -934,14 +909,8 @@
     // Redo the update.
     ASSERT_TRUE(sm->BeginUpdate());
     ASSERT_TRUE(sm->UnmapUpdateSnapshot("sys_b"));
-    auto tgt = MetadataBuilder::NewForUpdate(*opener, "super", 0, 1);
-    ASSERT_NE(nullptr, tgt);
-    ASSERT_TRUE(sm->CreateUpdateSnapshots(tgt.get(), "_b", src.get(), "_a", {}));
 
-    // The metadata slot 1 is now updated.
-    auto metadata = tgt->Export();
-    ASSERT_NE(nullptr, metadata);
-    ASSERT_TRUE(UpdatePartitionTable(*opener, "super", *metadata.get(), 1));
+    ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
 
     // Check that target partitions can be mapped.
     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
@@ -952,7 +921,7 @@
                         .metadata_slot = 1,
                         .partition_name = name,
                         .timeout_ms = 10s,
-                        .partition_opener = opener.get(),
+                        .partition_opener = opener_.get(),
                 },
                 &path))
                 << name;
@@ -964,14 +933,8 @@
     // Execute the update.
     ASSERT_TRUE(sm->BeginUpdate());
     ASSERT_TRUE(sm->UnmapUpdateSnapshot("sys_b"));
-    auto tgt = MetadataBuilder::NewForUpdate(*opener, "super", 0, 1);
-    ASSERT_NE(nullptr, tgt);
-    ASSERT_TRUE(sm->CreateUpdateSnapshots(tgt.get(), "_b", src.get(), "_a", {}));
 
-    // The metadata slot 1 is now updated.
-    auto metadata = tgt->Export();
-    ASSERT_NE(nullptr, metadata);
-    ASSERT_TRUE(UpdatePartitionTable(*opener, "super", *metadata.get(), 1));
+    ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
 
     // Write some data to target partitions.
     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
@@ -982,7 +945,7 @@
                         .metadata_slot = 1,
                         .partition_name = name,
                         .timeout_ms = 10s,
-                        .partition_opener = opener.get(),
+                        .partition_opener = opener_.get(),
                 },
                 &path))
                 << name;
diff --git a/fs_mgr/libsnapshot/test_helpers.cpp b/fs_mgr/libsnapshot/test_helpers.cpp
index e12ec77..1a6a593 100644
--- a/fs_mgr/libsnapshot/test_helpers.cpp
+++ b/fs_mgr/libsnapshot/test_helpers.cpp
@@ -27,6 +27,8 @@
 using android::base::unique_fd;
 using android::base::WriteFully;
 using android::fiemap::IImageManager;
+using testing::AssertionFailure;
+using testing::AssertionSuccess;
 
 void DeleteBackingImage(IImageManager* manager, const std::string& name) {
     if (manager->IsImageMapped(name)) {
@@ -110,5 +112,40 @@
     return ToHexString(out, sizeof(out));
 }
 
+AssertionResult FillFakeMetadata(MetadataBuilder* builder, const DeltaArchiveManifest& manifest,
+                                 const std::string& suffix) {
+    for (const auto& group : manifest.dynamic_partition_metadata().groups()) {
+        if (!builder->AddGroup(group.name() + suffix, group.size())) {
+            return AssertionFailure()
+                   << "Cannot add group " << group.name() << " with size " << group.size();
+        }
+        for (const auto& partition_name : group.partition_names()) {
+            auto p = builder->AddPartition(partition_name + suffix, group.name() + suffix,
+                                           0 /* attr */);
+            if (!p) {
+                return AssertionFailure() << "Cannot add partition " << partition_name + suffix
+                                          << " to group " << group.name() << suffix;
+            }
+        }
+    }
+    for (const auto& partition : manifest.partitions()) {
+        auto p = builder->FindPartition(partition.partition_name() + suffix);
+        if (!p) {
+            return AssertionFailure() << "Cannot resize partition " << partition.partition_name()
+                                      << suffix << "; it is not found.";
+        }
+        if (!builder->ResizePartition(p, partition.new_partition_info().size())) {
+            return AssertionFailure()
+                   << "Cannot resize partition " << partition.partition_name() << suffix
+                   << " to size " << partition.new_partition_info().size();
+        }
+    }
+    return AssertionSuccess();
+}
+
+void SetSize(PartitionUpdate* partition_update, uint64_t size) {
+    partition_update->mutable_new_partition_info()->set_size(size);
+}
+
 }  // namespace snapshot
 }  // namespace android
diff --git a/fs_mgr/libsnapshot/test_helpers.h b/fs_mgr/libsnapshot/test_helpers.h
index d917e35..0303a14 100644
--- a/fs_mgr/libsnapshot/test_helpers.h
+++ b/fs_mgr/libsnapshot/test_helpers.h
@@ -17,13 +17,20 @@
 #include <optional>
 #include <string>
 
+#include <gtest/gtest.h>
 #include <libfiemap/image_manager.h>
 #include <liblp/partition_opener.h>
 #include <libsnapshot/snapshot.h>
+#include <update_engine/update_metadata.pb.h>
 
 namespace android {
 namespace snapshot {
 
+using android::fs_mgr::MetadataBuilder;
+using chromeos_update_engine::DeltaArchiveManifest;
+using chromeos_update_engine::PartitionUpdate;
+using testing::AssertionResult;
+
 using namespace std::string_literals;
 
 // Redirect requests for "super" to our fake super partition.
@@ -48,6 +55,7 @@
     std::string GetGsidDir() const override { return "ota/test"s; }
     std::string GetMetadataDir() const override { return "/metadata/ota/test"s; }
     std::string GetSlotSuffix() const override { return slot_suffix_; }
+    std::string GetOtherSlotSuffix() const override { return slot_suffix_ == "_a" ? "_b" : "_a"; }
     std::string GetSuperDevice([[maybe_unused]] uint32_t slot) const override { return "super"; }
     const android::fs_mgr::IPartitionOpener& GetPartitionOpener() const override {
         return *opener_.get();
@@ -72,5 +80,12 @@
 
 std::optional<std::string> GetHash(const std::string& path);
 
+// Add partitions and groups described by |manifest|.
+AssertionResult FillFakeMetadata(MetadataBuilder* builder, const DeltaArchiveManifest& manifest,
+                                 const std::string& suffix);
+
+// In the update package metadata, set a partition with the given size.
+void SetSize(PartitionUpdate* partition_update, uint64_t size);
+
 }  // namespace snapshot
 }  // namespace android
diff --git a/fs_mgr/libsnapshot/utility.h b/fs_mgr/libsnapshot/utility.h
index a700c46..75c694c 100644
--- a/fs_mgr/libsnapshot/utility.h
+++ b/fs_mgr/libsnapshot/utility.h
@@ -22,6 +22,7 @@
 #include <libfiemap/image_manager.h>
 #include <liblp/builder.h>
 #include <libsnapshot/snapshot.h>
+#include <update_engine/update_metadata.pb.h>
 
 namespace android {
 namespace snapshot {
diff --git a/init/Android.bp b/init/Android.bp
index 9714014..b601075 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -62,7 +62,6 @@
         },
     },
     static_libs: [
-        "libseccomp_policy",
         "libavb",
         "libc++fs",
         "libcgrouprc_format",
diff --git a/init/Android.mk b/init/Android.mk
index 54163fa..8f58437 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -92,7 +92,6 @@
     liblogwrap \
     libext4_utils \
     libfscrypt \
-    libseccomp_policy \
     libcrypto_utils \
     libsparse \
     libavb \
diff --git a/init/first_stage_mount.cpp b/init/first_stage_mount.cpp
index 6b4216f..4a1bc5a 100644
--- a/init/first_stage_mount.cpp
+++ b/init/first_stage_mount.cpp
@@ -77,8 +77,9 @@
     bool InitDevices();
 
   protected:
-    ListenerAction HandleBlockDevice(const std::string& name, const Uevent&);
-    bool InitRequiredDevices();
+    ListenerAction HandleBlockDevice(const std::string& name, const Uevent&,
+                                     std::set<std::string>* required_devices);
+    bool InitRequiredDevices(std::set<std::string> devices);
     bool InitMappedDevice(const std::string& verity_device);
     bool InitDeviceMapper();
     bool CreateLogicalPartitions();
@@ -89,14 +90,14 @@
     bool TrySwitchSystemAsRoot();
     bool TrySkipMountingPartitions();
     bool IsDmLinearEnabled();
-    bool GetDmLinearMetadataDevice();
+    void GetDmLinearMetadataDevice(std::set<std::string>* devices);
     bool InitDmLinearBackingDevices(const android::fs_mgr::LpMetadata& metadata);
     void UseGsiIfPresent();
 
-    ListenerAction UeventCallback(const Uevent& uevent);
+    ListenerAction UeventCallback(const Uevent& uevent, std::set<std::string>* required_devices);
 
     // Pure virtual functions.
-    virtual bool GetDmVerityDevices() = 0;
+    virtual bool GetDmVerityDevices(std::set<std::string>* devices) = 0;
     virtual bool SetUpDmVerity(FstabEntry* fstab_entry) = 0;
 
     bool need_dm_verity_;
@@ -104,7 +105,6 @@
 
     Fstab fstab_;
     std::string lp_metadata_partition_;
-    std::set<std::string> required_devices_partition_names_;
     std::string super_partition_name_;
     std::unique_ptr<DeviceHandler> device_handler_;
     UeventListener uevent_listener_;
@@ -116,7 +116,7 @@
     ~FirstStageMountVBootV1() override = default;
 
   protected:
-    bool GetDmVerityDevices() override;
+    bool GetDmVerityDevices(std::set<std::string>* devices) override;
     bool SetUpDmVerity(FstabEntry* fstab_entry) override;
 };
 
@@ -128,7 +128,7 @@
     ~FirstStageMountVBootV2() override = default;
 
   protected:
-    bool GetDmVerityDevices() override;
+    bool GetDmVerityDevices(std::set<std::string>* devices) override;
     bool SetUpDmVerity(FstabEntry* fstab_entry) override;
     bool InitAvbHandle();
 
@@ -252,7 +252,13 @@
 }
 
 bool FirstStageMount::InitDevices() {
-    return GetDmLinearMetadataDevice() && GetDmVerityDevices() && InitRequiredDevices();
+    std::set<std::string> devices;
+    GetDmLinearMetadataDevice(&devices);
+
+    if (!GetDmVerityDevices(&devices)) {
+        return false;
+    }
+    return InitRequiredDevices(std::move(devices));
 }
 
 bool FirstStageMount::IsDmLinearEnabled() {
@@ -262,45 +268,46 @@
     return false;
 }
 
-bool FirstStageMount::GetDmLinearMetadataDevice() {
+void FirstStageMount::GetDmLinearMetadataDevice(std::set<std::string>* devices) {
     // Add any additional devices required for dm-linear mappings.
     if (!IsDmLinearEnabled()) {
-        return true;
+        return;
     }
 
-    required_devices_partition_names_.emplace(super_partition_name_);
-    return true;
+    devices->emplace(super_partition_name_);
 }
 
-// Creates devices with uevent->partition_name matching one in the member variable
-// required_devices_partition_names_. Found partitions will then be removed from it
-// for the subsequent member function to check which devices are NOT created.
-bool FirstStageMount::InitRequiredDevices() {
+// Creates devices with uevent->partition_name matching ones in the given set.
+// Found partitions will then be removed from it for the subsequent member
+// function to check which devices are NOT created.
+bool FirstStageMount::InitRequiredDevices(std::set<std::string> devices) {
     if (!InitDeviceMapper()) {
         return false;
     }
 
-    if (required_devices_partition_names_.empty()) {
+    if (devices.empty()) {
         return true;
     }
 
-    auto uevent_callback = [this](const Uevent& uevent) { return UeventCallback(uevent); };
+    auto uevent_callback = [&, this](const Uevent& uevent) {
+        return UeventCallback(uevent, &devices);
+    };
     uevent_listener_.RegenerateUevents(uevent_callback);
 
-    // UeventCallback() will remove found partitions from required_devices_partition_names_.
-    // So if it isn't empty here, it means some partitions are not found.
-    if (!required_devices_partition_names_.empty()) {
+    // UeventCallback() will remove found partitions from |devices|. So if it
+    // isn't empty here, it means some partitions are not found.
+    if (!devices.empty()) {
         LOG(INFO) << __PRETTY_FUNCTION__
                   << ": partition(s) not found in /sys, waiting for their uevent(s): "
-                  << android::base::Join(required_devices_partition_names_, ", ");
+                  << android::base::Join(devices, ", ");
         Timer t;
         uevent_listener_.Poll(uevent_callback, 10s);
         LOG(INFO) << "Wait for partitions returned after " << t;
     }
 
-    if (!required_devices_partition_names_.empty()) {
+    if (!devices.empty()) {
         LOG(ERROR) << __PRETTY_FUNCTION__ << ": partition(s) not found after polling timeout: "
-                   << android::base::Join(required_devices_partition_names_, ", ");
+                   << android::base::Join(devices, ", ");
         return false;
     }
 
@@ -333,27 +340,20 @@
 }
 
 bool FirstStageMount::InitDmLinearBackingDevices(const android::fs_mgr::LpMetadata& metadata) {
+    std::set<std::string> devices;
+
     auto partition_names = android::fs_mgr::GetBlockDevicePartitionNames(metadata);
     for (const auto& partition_name : partition_names) {
         // The super partition was found in the earlier pass.
         if (partition_name == super_partition_name_) {
             continue;
         }
-        required_devices_partition_names_.emplace(partition_name);
+        devices.emplace(partition_name);
     }
-    if (required_devices_partition_names_.empty()) {
+    if (devices.empty()) {
         return true;
     }
-
-    auto uevent_callback = [this](const Uevent& uevent) { return UeventCallback(uevent); };
-    uevent_listener_.RegenerateUevents(uevent_callback);
-
-    if (!required_devices_partition_names_.empty()) {
-        LOG(ERROR) << __PRETTY_FUNCTION__ << ": partition(s) not found after polling timeout: "
-                   << android::base::Join(required_devices_partition_names_, ", ");
-        return false;
-    }
-    return true;
+    return InitRequiredDevices(std::move(devices));
 }
 
 bool FirstStageMount::CreateLogicalPartitions() {
@@ -372,6 +372,11 @@
             return false;
         }
         if (sm->NeedSnapshotsInFirstStageMount()) {
+            // When COW images are present for snapshots, they are stored on
+            // the data partition.
+            if (!InitRequiredDevices({"userdata"})) {
+                return false;
+            }
             return sm->CreateLogicalAndSnapshotPartitions(lp_metadata_partition_);
         }
     }
@@ -387,20 +392,21 @@
     return android::fs_mgr::CreateLogicalPartitions(*metadata.get(), lp_metadata_partition_);
 }
 
-ListenerAction FirstStageMount::HandleBlockDevice(const std::string& name, const Uevent& uevent) {
+ListenerAction FirstStageMount::HandleBlockDevice(const std::string& name, const Uevent& uevent,
+                                                  std::set<std::string>* required_devices) {
     // Matches partition name to create device nodes.
     // Both required_devices_partition_names_ and uevent->partition_name have A/B
     // suffix when A/B is used.
-    auto iter = required_devices_partition_names_.find(name);
-    if (iter != required_devices_partition_names_.end()) {
+    auto iter = required_devices->find(name);
+    if (iter != required_devices->end()) {
         LOG(VERBOSE) << __PRETTY_FUNCTION__ << ": found partition: " << *iter;
         if (IsDmLinearEnabled() && name == super_partition_name_) {
             std::vector<std::string> links = device_handler_->GetBlockDeviceSymlinks(uevent);
             lp_metadata_partition_ = links[0];
         }
-        required_devices_partition_names_.erase(iter);
+        required_devices->erase(iter);
         device_handler_->HandleUevent(uevent);
-        if (required_devices_partition_names_.empty()) {
+        if (required_devices->empty()) {
             return ListenerAction::kStop;
         } else {
             return ListenerAction::kContinue;
@@ -409,18 +415,19 @@
     return ListenerAction::kContinue;
 }
 
-ListenerAction FirstStageMount::UeventCallback(const Uevent& uevent) {
+ListenerAction FirstStageMount::UeventCallback(const Uevent& uevent,
+                                               std::set<std::string>* required_devices) {
     // Ignores everything that is not a block device.
     if (uevent.subsystem != "block") {
         return ListenerAction::kContinue;
     }
 
     if (!uevent.partition_name.empty()) {
-        return HandleBlockDevice(uevent.partition_name, uevent);
+        return HandleBlockDevice(uevent.partition_name, uevent, required_devices);
     } else {
         size_t base_idx = uevent.path.rfind('/');
         if (base_idx != std::string::npos) {
-            return HandleBlockDevice(uevent.path.substr(base_idx + 1), uevent);
+            return HandleBlockDevice(uevent.path.substr(base_idx + 1), uevent, required_devices);
         }
     }
     // Not found a partition or find an unneeded partition, continue to find others.
@@ -577,17 +584,7 @@
     const auto devices = fs_mgr_overlayfs_required_devices(&fstab_);
     for (auto const& device : devices) {
         if (android::base::StartsWith(device, "/dev/block/by-name/")) {
-            required_devices_partition_names_.emplace(basename(device.c_str()));
-            auto uevent_callback = [this](const Uevent& uevent) { return UeventCallback(uevent); };
-            uevent_listener_.RegenerateUevents(uevent_callback);
-            if (!required_devices_partition_names_.empty()) {
-                uevent_listener_.Poll(uevent_callback, 10s);
-                if (!required_devices_partition_names_.empty()) {
-                    LOG(ERROR) << __PRETTY_FUNCTION__
-                               << ": partition(s) not found after polling timeout: "
-                               << android::base::Join(required_devices_partition_names_, ", ");
-                }
-            }
+            InitRequiredDevices({basename(device.c_str())});
         } else {
             InitMappedDevice(device);
         }
@@ -641,7 +638,7 @@
     gsi_not_on_userdata_ = (super_name != "userdata");
 }
 
-bool FirstStageMountVBootV1::GetDmVerityDevices() {
+bool FirstStageMountVBootV1::GetDmVerityDevices(std::set<std::string>* devices) {
     need_dm_verity_ = false;
 
     for (const auto& fstab_entry : fstab_) {
@@ -660,7 +657,7 @@
     // Notes that fstab_rec->blk_device has A/B suffix updated by fs_mgr when A/B is used.
     for (const auto& fstab_entry : fstab_) {
         if (!fstab_entry.fs_mgr_flags.logical) {
-            required_devices_partition_names_.emplace(basename(fstab_entry.blk_device.c_str()));
+            devices->emplace(basename(fstab_entry.blk_device.c_str()));
         }
     }
 
@@ -711,7 +708,7 @@
     }
 }
 
-bool FirstStageMountVBootV2::GetDmVerityDevices() {
+bool FirstStageMountVBootV2::GetDmVerityDevices(std::set<std::string>* devices) {
     need_dm_verity_ = false;
 
     std::set<std::string> logical_partitions;
@@ -725,7 +722,7 @@
             // Don't try to find logical partitions via uevent regeneration.
             logical_partitions.emplace(basename(fstab_entry.blk_device.c_str()));
         } else {
-            required_devices_partition_names_.emplace(basename(fstab_entry.blk_device.c_str()));
+            devices->emplace(basename(fstab_entry.blk_device.c_str()));
         }
     }
 
@@ -742,11 +739,11 @@
             if (logical_partitions.count(partition_name)) {
                 continue;
             }
-            // required_devices_partition_names_ is of type std::set so it's not an issue
-            // to emplace a partition twice. e.g., /vendor might be in both places:
+            // devices is of type std::set so it's not an issue to emplace a
+            // partition twice. e.g., /vendor might be in both places:
             //   - device_tree_vbmeta_parts_ = "vbmeta,boot,system,vendor"
             //   - mount_fstab_recs_: /vendor_a
-            required_devices_partition_names_.emplace(partition_name);
+            devices->emplace(partition_name);
         }
     }
     return true;
diff --git a/init/fscrypt_init_extensions.cpp b/init/fscrypt_init_extensions.cpp
index 9c2ca75..bd23e31 100644
--- a/init/fscrypt_init_extensions.cpp
+++ b/init/fscrypt_init_extensions.cpp
@@ -38,7 +38,7 @@
 
 #define TAG "fscrypt"
 
-static int set_system_de_policy_on(const std::string& dir);
+static int set_policy_on(const std::string& ref_basename, const std::string& dir);
 
 int fscrypt_install_keyring() {
     key_serial_t device_keyring = add_key("keyring", "fscrypt", 0, 0, KEY_SPEC_SESSION_KEYRING);
@@ -104,7 +104,7 @@
     // Special-case /data/media/obb per b/64566063
     if (dir == "/data/media/obb") {
         // Try to set policy on this directory, but if it is non-empty this may fail.
-        set_system_de_policy_on(dir);
+        set_policy_on(fscrypt_key_ref, dir);
         return 0;
     }
 
@@ -135,7 +135,16 @@
             return 0;
         }
     }
-    int err = set_system_de_policy_on(dir);
+    std::vector<std::string> per_boot_directories = {
+            "per_boot",
+    };
+    for (const auto& d : per_boot_directories) {
+        if ((prefix + d) == dir) {
+            LOG(INFO) << "Setting per_boot key on " << dir;
+            return set_policy_on(fscrypt_key_per_boot_ref, dir);
+        }
+    }
+    int err = set_policy_on(fscrypt_key_ref, dir);
     if (err == 0) {
         return 0;
     }
@@ -147,15 +156,15 @@
         if ((prefix + d) == dir) {
             LOG(ERROR) << "Setting policy failed, deleting: " << dir;
             delete_dir_contents(dir);
-            err = set_system_de_policy_on(dir);
+            err = set_policy_on(fscrypt_key_ref, dir);
             break;
         }
     }
     return err;
 }
 
-static int set_system_de_policy_on(const std::string& dir) {
-    std::string ref_filename = std::string("/data") + fscrypt_key_ref;
+static int set_policy_on(const std::string& ref_basename, const std::string& dir) {
+    std::string ref_filename = std::string("/data") + ref_basename;
     std::string policy;
     if (!android::base::ReadFileToString(ref_filename, &policy)) {
         LOG(ERROR) << "Unable to read system policy to set on " << dir;
diff --git a/init/init.cpp b/init/init.cpp
index 53b065f..8326466 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -19,7 +19,6 @@
 #include <dirent.h>
 #include <fcntl.h>
 #include <pthread.h>
-#include <seccomp_policy.h>
 #include <signal.h>
 #include <stdlib.h>
 #include <string.h>
@@ -581,15 +580,6 @@
     }
 }
 
-static void GlobalSeccomp() {
-    import_kernel_cmdline(false, [](const std::string& key, const std::string& value,
-                                    bool in_qemu) {
-        if (key == "androidboot.seccomp" && value == "global" && !set_global_seccomp_filter()) {
-            LOG(FATAL) << "Failed to globally enable seccomp!";
-        }
-    });
-}
-
 static void UmountDebugRamdisk() {
     if (umount("/debug_ramdisk") != 0) {
         LOG(ERROR) << "Failed to umount /debug_ramdisk";
@@ -691,9 +681,6 @@
         LOG(ERROR) << "Unable to write -1000 to /proc/1/oom_score_adj: " << result.error();
     }
 
-    // Enable seccomp if global boot option was passed (otherwise it is enabled in zygote).
-    GlobalSeccomp();
-
     // Set up a session keyring that all processes will have access to. It
     // will hold things like FBE encryption keys. No process should override
     // its session keyring.
diff --git a/libcutils/include/private/android_filesystem_config.h b/libcutils/include/private/android_filesystem_config.h
index ae9dab5..e1e8230 100644
--- a/libcutils/include/private/android_filesystem_config.h
+++ b/libcutils/include/private/android_filesystem_config.h
@@ -128,6 +128,7 @@
 #define AID_GPU_SERVICE 1072     /* GPU service daemon */
 #define AID_NETWORK_STACK 1073   /* network stack service */
 #define AID_GSID 1074            /* GSI service daemon */
+#define AID_FSVERITY_CERT 1075   /* fs-verity key ownership in keystore */
 /* Changes to this file must be made in AOSP, *not* in internal branches. */
 
 #define AID_SHELL 2000 /* adb and debug shell user */
diff --git a/libion/tests/heap_query.cpp b/libion/tests/heap_query.cpp
index bad3bbf..fed8030 100644
--- a/libion/tests/heap_query.cpp
+++ b/libion/tests/heap_query.cpp
@@ -15,6 +15,8 @@
  */
 
 #include <gtest/gtest.h>
+
+#include <ion/ion.h>
 #include "ion_test_fixture.h"
 
 class HeapQuery : public IonTest {};
@@ -23,5 +25,24 @@
     ASSERT_GT(ion_heaps.size(), 0);
 }
 
-// TODO: Check if we expect some of the default
-// heap types to be present on all devices.
+// TODO: Adjust this test to account for the range of valid carveout and DMA heap ids.
+TEST_F(HeapQuery, HeapIdVerify) {
+    for (const auto& heap : ion_heaps) {
+        SCOPED_TRACE(::testing::Message() << "Invalid id for heap:" << heap.name << ":" << heap.type
+                                          << ":" << heap.heap_id);
+        switch (heap.type) {
+            case ION_HEAP_TYPE_SYSTEM:
+                ASSERT_TRUE((1 << heap.heap_id) & ION_HEAP_SYSTEM_MASK);
+                break;
+            case ION_HEAP_TYPE_SYSTEM_CONTIG:
+                ASSERT_TRUE((1 << heap.heap_id) & ION_HEAP_SYSTEM_CONTIG_MASK);
+                break;
+            case ION_HEAP_TYPE_CARVEOUT:
+                ASSERT_TRUE((1 << heap.heap_id) & ION_HEAP_CARVEOUT_MASK);
+                break;
+            case ION_HEAP_TYPE_DMA:
+                ASSERT_TRUE((1 << heap.heap_id) & ION_HEAP_TYPE_DMA_MASK);
+                break;
+        }
+    }
+}
diff --git a/libmemunreachable/ScopedDisableMalloc.h b/libmemunreachable/ScopedDisableMalloc.h
index 655e826..dc863c9 100644
--- a/libmemunreachable/ScopedDisableMalloc.h
+++ b/libmemunreachable/ScopedDisableMalloc.h
@@ -34,8 +34,8 @@
 
   void Disable() {
     if (!disabled_) {
-      malloc_disable();
       disabled_ = true;
+      malloc_disable();
     }
   }
 
@@ -71,8 +71,7 @@
 
 class ScopedDisableMallocTimeout {
  public:
-  explicit ScopedDisableMallocTimeout(
-      std::chrono::milliseconds timeout = std::chrono::milliseconds(2000))
+  explicit ScopedDisableMallocTimeout(std::chrono::milliseconds timeout = std::chrono::seconds(10))
       : timeout_(timeout), timed_out_(false), disable_malloc_() {
     Disable();
   }
diff --git a/libprocessgroup/OWNERS b/libprocessgroup/OWNERS
index bfa730a..27b9a03 100644
--- a/libprocessgroup/OWNERS
+++ b/libprocessgroup/OWNERS
@@ -1,2 +1,3 @@
 ccross@google.com
+surenb@google.com
 tomcherry@google.com
diff --git a/libunwindstack/Android.bp b/libunwindstack/Android.bp
index da18af6..8d2299f 100644
--- a/libunwindstack/Android.bp
+++ b/libunwindstack/Android.bp
@@ -183,6 +183,7 @@
         "tests/ElfTestUtils.cpp",
         "tests/IsolatedSettings.cpp",
         "tests/JitDebugTest.cpp",
+        "tests/LocalUpdatableMapsTest.cpp",
         "tests/LogFake.cpp",
         "tests/MapInfoCreateMemoryTest.cpp",
         "tests/MapInfoGetBuildIDTest.cpp",
diff --git a/libunwindstack/Maps.cpp b/libunwindstack/Maps.cpp
index 5da73e4..250e600 100644
--- a/libunwindstack/Maps.cpp
+++ b/libunwindstack/Maps.cpp
@@ -149,9 +149,10 @@
       }
 
       // Never delete these maps, they may be in use. The assumption is
-      // that there will only every be a handfull of these so waiting
+      // that there will only every be a handful of these so waiting
       // to destroy them is not too expensive.
       saved_maps_.emplace_back(std::move(info));
+      search_map_idx = old_map_idx + 1;
       maps_[old_map_idx] = nullptr;
       total_entries--;
     }
diff --git a/libunwindstack/include/unwindstack/Maps.h b/libunwindstack/include/unwindstack/Maps.h
index 1784394..e53f367 100644
--- a/libunwindstack/include/unwindstack/Maps.h
+++ b/libunwindstack/include/unwindstack/Maps.h
@@ -105,7 +105,7 @@
 
   const std::string GetMapsFile() const override;
 
- private:
+ protected:
   std::vector<std::unique_ptr<MapInfo>> saved_maps_;
 };
 
diff --git a/libunwindstack/tests/LocalUpdatableMapsTest.cpp b/libunwindstack/tests/LocalUpdatableMapsTest.cpp
new file mode 100644
index 0000000..b816b9a
--- /dev/null
+++ b/libunwindstack/tests/LocalUpdatableMapsTest.cpp
@@ -0,0 +1,274 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdint.h>
+#include <sys/mman.h>
+
+#include <string>
+#include <vector>
+
+#include <gtest/gtest.h>
+
+#include <android-base/file.h>
+#include <unwindstack/Maps.h>
+
+namespace unwindstack {
+
+class TestUpdatableMaps : public LocalUpdatableMaps {
+ public:
+  TestUpdatableMaps() : LocalUpdatableMaps() {}
+  virtual ~TestUpdatableMaps() = default;
+
+  const std::string GetMapsFile() const override { return maps_file_; }
+
+  void TestSetMapsFile(const std::string& maps_file) { maps_file_ = maps_file; }
+
+  const std::vector<std::unique_ptr<MapInfo>>& TestGetSavedMaps() { return saved_maps_; }
+
+ private:
+  std::string maps_file_;
+};
+
+class LocalUpdatableMapsTest : public ::testing::Test {
+ protected:
+  static const std::string GetDefaultMapString() {
+    return "3000-4000 r-xp 00000 00:00 0\n8000-9000 r-xp 00000 00:00 0\n";
+  }
+
+  void SetUp() override {
+    TemporaryFile tf;
+    ASSERT_TRUE(android::base::WriteStringToFile(GetDefaultMapString(), tf.path));
+
+    maps_.TestSetMapsFile(tf.path);
+    ASSERT_TRUE(maps_.Parse());
+    ASSERT_EQ(2U, maps_.Total());
+
+    MapInfo* map_info = maps_.Get(0);
+    ASSERT_TRUE(map_info != nullptr);
+    EXPECT_EQ(0x3000U, map_info->start);
+    EXPECT_EQ(0x4000U, map_info->end);
+    EXPECT_EQ(0U, map_info->offset);
+    EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+    EXPECT_TRUE(map_info->name.empty());
+
+    map_info = maps_.Get(1);
+    ASSERT_TRUE(map_info != nullptr);
+    EXPECT_EQ(0x8000U, map_info->start);
+    EXPECT_EQ(0x9000U, map_info->end);
+    EXPECT_EQ(0U, map_info->offset);
+    EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+    EXPECT_TRUE(map_info->name.empty());
+  }
+
+  TestUpdatableMaps maps_;
+};
+
+TEST_F(LocalUpdatableMapsTest, same_map) {
+  TemporaryFile tf;
+  ASSERT_TRUE(android::base::WriteStringToFile(GetDefaultMapString(), tf.path));
+
+  maps_.TestSetMapsFile(tf.path);
+  ASSERT_TRUE(maps_.Reparse());
+  ASSERT_EQ(2U, maps_.Total());
+  EXPECT_EQ(0U, maps_.TestGetSavedMaps().size());
+
+  MapInfo* map_info = maps_.Get(0);
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x3000U, map_info->start);
+  EXPECT_EQ(0x4000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+
+  map_info = maps_.Get(1);
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x8000U, map_info->start);
+  EXPECT_EQ(0x9000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+}
+
+TEST_F(LocalUpdatableMapsTest, same_map_new_perms) {
+  TemporaryFile tf;
+  ASSERT_TRUE(
+      android::base::WriteStringToFile("3000-4000 rwxp 00000 00:00 0\n"
+                                       "8000-9000 r-xp 00000 00:00 0\n",
+                                       tf.path));
+
+  maps_.TestSetMapsFile(tf.path);
+  ASSERT_TRUE(maps_.Reparse());
+  ASSERT_EQ(2U, maps_.Total());
+
+  MapInfo* map_info = maps_.Get(0);
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x3000U, map_info->start);
+  EXPECT_EQ(0x4000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_WRITE | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+
+  map_info = maps_.Get(1);
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x8000U, map_info->start);
+  EXPECT_EQ(0x9000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+
+  auto& saved_maps = maps_.TestGetSavedMaps();
+  ASSERT_EQ(1U, saved_maps.size());
+  map_info = saved_maps[0].get();
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x3000U, map_info->start);
+  EXPECT_EQ(0x4000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+}
+
+TEST_F(LocalUpdatableMapsTest, same_map_new_name) {
+  TemporaryFile tf;
+  ASSERT_TRUE(
+      android::base::WriteStringToFile("3000-4000 r-xp 00000 00:00 0 /fake/lib.so\n"
+                                       "8000-9000 r-xp 00000 00:00 0\n",
+                                       tf.path));
+
+  maps_.TestSetMapsFile(tf.path);
+  ASSERT_TRUE(maps_.Reparse());
+  ASSERT_EQ(2U, maps_.Total());
+
+  MapInfo* map_info = maps_.Get(0);
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x3000U, map_info->start);
+  EXPECT_EQ(0x4000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_EQ("/fake/lib.so", map_info->name);
+
+  map_info = maps_.Get(1);
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x8000U, map_info->start);
+  EXPECT_EQ(0x9000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+
+  auto& saved_maps = maps_.TestGetSavedMaps();
+  ASSERT_EQ(1U, saved_maps.size());
+  map_info = saved_maps[0].get();
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x3000U, map_info->start);
+  EXPECT_EQ(0x4000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+}
+
+TEST_F(LocalUpdatableMapsTest, only_add_maps) {
+  TemporaryFile tf;
+  ASSERT_TRUE(
+      android::base::WriteStringToFile("1000-2000 r-xp 00000 00:00 0\n"
+                                       "3000-4000 r-xp 00000 00:00 0\n"
+                                       "8000-9000 r-xp 00000 00:00 0\n"
+                                       "a000-f000 r-xp 00000 00:00 0\n",
+                                       tf.path));
+
+  maps_.TestSetMapsFile(tf.path);
+  ASSERT_TRUE(maps_.Reparse());
+  ASSERT_EQ(4U, maps_.Total());
+  EXPECT_EQ(0U, maps_.TestGetSavedMaps().size());
+
+  MapInfo* map_info = maps_.Get(0);
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x1000U, map_info->start);
+  EXPECT_EQ(0x2000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+
+  map_info = maps_.Get(1);
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x3000U, map_info->start);
+  EXPECT_EQ(0x4000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+
+  map_info = maps_.Get(2);
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x8000U, map_info->start);
+  EXPECT_EQ(0x9000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+
+  map_info = maps_.Get(3);
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0xa000U, map_info->start);
+  EXPECT_EQ(0xf000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+}
+
+TEST_F(LocalUpdatableMapsTest, all_new_maps) {
+  TemporaryFile tf;
+  ASSERT_TRUE(
+      android::base::WriteStringToFile("1000-2000 r-xp 00000 00:00 0\n"
+                                       "a000-f000 r-xp 00000 00:00 0\n",
+                                       tf.path));
+
+  maps_.TestSetMapsFile(tf.path);
+  ASSERT_TRUE(maps_.Reparse());
+  ASSERT_EQ(2U, maps_.Total());
+
+  MapInfo* map_info = maps_.Get(0);
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x1000U, map_info->start);
+  EXPECT_EQ(0x2000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+
+  map_info = maps_.Get(1);
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0xa000U, map_info->start);
+  EXPECT_EQ(0xf000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+
+  auto& saved_maps = maps_.TestGetSavedMaps();
+  ASSERT_EQ(2U, saved_maps.size());
+  map_info = saved_maps[0].get();
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x3000U, map_info->start);
+  EXPECT_EQ(0x4000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+
+  map_info = saved_maps[1].get();
+  ASSERT_TRUE(map_info != nullptr);
+  EXPECT_EQ(0x8000U, map_info->start);
+  EXPECT_EQ(0x9000U, map_info->end);
+  EXPECT_EQ(0U, map_info->offset);
+  EXPECT_EQ(PROT_READ | PROT_EXEC, map_info->flags);
+  EXPECT_TRUE(map_info->name.empty());
+}
+
+}  // namespace unwindstack
diff --git a/logcat/logcat.cpp b/logcat/logcat.cpp
index e2711af..4dcb338 100644
--- a/logcat/logcat.cpp
+++ b/logcat/logcat.cpp
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <sys/cdefs.h>
+#include <sys/ioctl.h>
 #include <sys/resource.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
@@ -158,8 +159,22 @@
                          enum helpType showHelp, const char* fmt, ...)
     __printflike(3, 4);
 
-static int openLogFile(const char* pathname) {
-    return open(pathname, O_WRONLY | O_APPEND | O_CREAT, S_IRUSR | S_IWUSR);
+#ifndef F2FS_IOC_SET_PIN_FILE
+#define F2FS_IOCTL_MAGIC       0xf5
+#define F2FS_IOC_SET_PIN_FILE _IOW(F2FS_IOCTL_MAGIC, 13, __u32)
+#endif
+
+static int openLogFile(const char* pathname, size_t sizeKB) {
+    int fd = open(pathname, O_WRONLY | O_APPEND | O_CREAT, S_IRUSR | S_IWUSR);
+    if (fd < 0) {
+        return fd;
+    }
+
+    // no need to check errors
+    __u32 set = 1;
+    ioctl(fd, F2FS_IOC_SET_PIN_FILE, &set);
+    fallocate(fd, FALLOC_FL_KEEP_SIZE, 0, (sizeKB << 10));
+    return fd;
 }
 
 static void close_output(android_logcat_context_internal* context) {
@@ -192,6 +207,7 @@
             if (context->fds[1] == context->output_fd) {
                 context->fds[1] = -1;
             }
+            posix_fadvise(context->output_fd, 0, 0, POSIX_FADV_DONTNEED);
             close(context->output_fd);
         }
         context->output_fd = -1;
@@ -276,7 +292,7 @@
         }
     }
 
-    context->output_fd = openLogFile(context->outputFileName);
+    context->output_fd = openLogFile(context->outputFileName, context->logRotateSizeKBytes);
 
     if (context->output_fd < 0) {
         logcat_panic(context, HELP_FALSE, "couldn't open output file");
@@ -398,7 +414,7 @@
 
     close_output(context);
 
-    context->output_fd = openLogFile(context->outputFileName);
+    context->output_fd = openLogFile(context->outputFileName, context->logRotateSizeKBytes);
 
     if (context->output_fd < 0) {
         logcat_panic(context, HELP_FALSE, "couldn't open output file");
diff --git a/logcat/logcatd.rc b/logcat/logcatd.rc
index 26c9de3..e986184 100644
--- a/logcat/logcatd.rc
+++ b/logcat/logcatd.rc
@@ -52,7 +52,7 @@
     stop logcatd
 
 # logcatd service
-service logcatd /system/bin/logcatd -L -b ${logd.logpersistd.buffer:-all} -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r ${logd.logpersistd.rotate_kbytes:-1024} -n ${logd.logpersistd.size:-256} --id=${ro.build.id}
+service logcatd /system/bin/logcatd -L -b ${logd.logpersistd.buffer:-all} -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r ${logd.logpersistd.rotate_kbytes:-2048} -n ${logd.logpersistd.size:-256} --id=${ro.build.id}
     class late_start
     disabled
     # logd for write to /data/misc/logd, log group for read from log daemon
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 8808846..a15b501 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -856,6 +856,9 @@
 
 on property:sys.boot_completed=1
     bootchart stop
+    # Setup per_boot directory so other .rc could start to use it on boot_completed
+    exec - system system -- /bin/rm -rf /data/per_boot
+    mkdir /data/per_boot 0700 system system
 
 # system server cannot write to /proc/sys files,
 # and chown/chmod does not work for /proc/sys/ entries.