Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f782e47f authored by Bowgo Tsai's avatar Bowgo Tsai Committed by Amit Pundir
Browse files

ANDROID: dm: android-verity: allow disable dm-verity for Treble VTS 



To start Treble VTS test, a single AOSP system.img will be flashed onto
the device. The size of AOSP system.img might be different than the
system partition size on device, making locating verity metadata fail
(at the last fixed size of the partition).

This change allows disabling dm-verity on system partition when the
device is unlocked (orange device state) with invalid metadata.

BUG: 35603549
Test: boot device with a different-sized system.img, checks verity is
      not enabled via:

          "adb shell getprop | grep partition.system.verified"

Change-Id: Ide78dca4eefde4ab019e4b202d3f590dcb1bb506
Signed-off-by: default avatarBowgo Tsai <bowgotsai@google.com>
parent 9d8757c6

drivers/md/dm-android-verity.c

+35 −18
Original line number Diff line number Diff line
@@ -115,6 +115,12 @@ static inline bool is_userdebug(void) 
	return !strncmp(buildvariant, typeuserdebug, sizeof(typeuserdebug));

}



static inline bool is_unlocked(void)

{

	static const char unlocked[] = "orange";



	return !strncmp(verifiedbootstate, unlocked, sizeof(unlocked));

}



static int table_extract_mpi_array(struct public_key_signature *pks,

				const void *data, size_t len)
@@ -653,6 +659,28 @@ static int add_as_linear_device(struct dm_target *ti, char *dev) 
	return err;

}



static int create_linear_device(struct dm_target *ti, dev_t dev,

				char *target_device)

{

	u64 device_size = 0;

	int err = find_size(dev, &device_size);



	if (err) {

		DMERR("error finding bdev size");

		handle_error();

		return err;

	}



	ti->len = device_size;

	err = add_as_linear_device(ti, target_device);

	if (err) {

		handle_error();

		return err;

	}

	verity_enabled = false;

	return 0;

}



/*

 * Target parameters:

 *	<key id>	Key id of the public key in the system keyring.
@@ -676,7 +704,6 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv) 
	struct fec_ecc_metadata uninitialized_var(ecc);

	char buf[FEC_ARG_LENGTH], *buf_ptr;

	unsigned long long tmpll;

	u64  uninitialized_var(device_size);



	if (argc == 1) {

		/* Use the default keyid */
@@ -704,23 +731,8 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv) 
		return -EINVAL;

	}



	if (is_eng()) {

		err = find_size(dev, &device_size);

		if (err) {

			DMERR("error finding bdev size");

			handle_error();

			return err;

		}



		ti->len = device_size;

		err = add_as_linear_device(ti, target_device);

		if (err) {

			handle_error();

			return err;

		}

		verity_enabled = false;

		return 0;

	}

	if (is_eng())

		return create_linear_device(ti, dev, target_device);



	strreplace(key_id, '#', ' ');
@@ -735,6 +747,11 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv) 
	err = extract_metadata(dev, &fec, &metadata, &verity_enabled);



	if (err) {

		/* Allow invalid metadata when the device is unlocked */

		if (is_unlocked()) {

			DMWARN("Allow invalid metadata when unlocked");

			return create_linear_device(ti, dev, target_device);

		}

		DMERR("Error while extracting metadata");

		handle_error();

		goto free_metadata;