Loading fs_mgr/fs_mgr.cpp +98 −0 Original line number Diff line number Diff line Loading @@ -31,7 +31,10 @@ #include <time.h> #include <unistd.h> #include <memory> #include <android-base/file.h> #include <android-base/properties.h> #include <android-base/stringprintf.h> #include <android-base/unique_fd.h> #include <cutils/android_reboot.h> Loading @@ -50,6 +53,7 @@ #include "fs_mgr.h" #include "fs_mgr_avb.h" #include "fs_mgr_priv.h" #include "fs_mgr_priv_dm_ioctl.h" #define KEY_LOC_PROP "ro.crypto.keyfile.userdata" #define KEY_IN_FOOTER "footer" Loading Loading @@ -1258,3 +1262,97 @@ int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_dev return 0; } bool fs_mgr_load_verity_state(int* mode) { /* return the default mode, unless any of the verified partitions are in * logging mode, in which case return that */ *mode = VERITY_MODE_DEFAULT; std::unique_ptr<fstab, decltype(&fs_mgr_free_fstab)> fstab(fs_mgr_read_fstab_default(), fs_mgr_free_fstab); if (!fstab) { LERROR << "Failed to read default fstab"; return false; } for (int i = 0; i < fstab->num_entries; i++) { if (fs_mgr_is_avb(&fstab->recs[i])) { *mode = VERITY_MODE_RESTART; // avb only supports restart mode. break; } else if (!fs_mgr_is_verified(&fstab->recs[i])) { continue; } int current; if (load_verity_state(&fstab->recs[i], ¤t) < 0) { continue; } if (current != VERITY_MODE_DEFAULT) { *mode = current; break; } } return true; } bool fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback) { if (!callback) { return false; } int mode; if (!fs_mgr_load_verity_state(&mode)) { return false; } android::base::unique_fd fd(TEMP_FAILURE_RETRY(open("/dev/device-mapper", O_RDWR | O_CLOEXEC))); if (fd == -1) { PERROR << "Error opening device mapper"; return false; } std::unique_ptr<fstab, decltype(&fs_mgr_free_fstab)> fstab(fs_mgr_read_fstab_default(), fs_mgr_free_fstab); if (!fstab) { LERROR << "Failed to read default fstab"; return false; } alignas(dm_ioctl) char buffer[DM_BUF_SIZE]; struct dm_ioctl* io = (struct dm_ioctl*)buffer; bool system_root = android::base::GetProperty("ro.build.system_root_image", "") == "true"; for (int i = 0; i < fstab->num_entries; i++) { if (!fs_mgr_is_verified(&fstab->recs[i]) && !fs_mgr_is_avb(&fstab->recs[i])) { continue; } std::string mount_point; if (system_root && !strcmp(fstab->recs[i].mount_point, "/")) { mount_point = "system"; } else { mount_point = basename(fstab->recs[i].mount_point); } fs_mgr_verity_ioctl_init(io, mount_point, 0); const char* status; if (ioctl(fd, DM_TABLE_STATUS, io)) { if (fstab->recs[i].fs_mgr_flags & MF_VERIFYATBOOT) { status = "V"; } else { PERROR << "Failed to query DM_TABLE_STATUS for " << mount_point.c_str(); continue; } } status = &buffer[io->data_start + sizeof(struct dm_target_spec)]; if (*status == 'C' || *status == 'V') { callback(&fstab->recs[i], mount_point.c_str(), mode, *status); } } return true; } fs_mgr/fs_mgr_priv.h +1 −0 Original line number Diff line number Diff line Loading @@ -115,5 +115,6 @@ int fs_mgr_test_access(const char *device); bool fs_mgr_update_for_slotselect(struct fstab *fstab); bool is_dt_compatible(); bool is_device_secure(); int load_verity_state(struct fstab_rec* fstab, int* mode); #endif /* __CORE_FS_MGR_PRIV_H */ fs_mgr/fs_mgr_verity.cpp +1 −125 Original line number Diff line number Diff line Loading @@ -653,8 +653,7 @@ static int get_verity_state_offset(struct fstab_rec *fstab, off64_t *offset) offset); } static int load_verity_state(struct fstab_rec *fstab, int *mode) { int load_verity_state(struct fstab_rec* fstab, int* mode) { int match = 0; off64_t offset = 0; Loading Loading @@ -690,129 +689,6 @@ static int load_verity_state(struct fstab_rec *fstab, int *mode) return read_verity_state(fstab->verity_loc, offset, mode); } int fs_mgr_load_verity_state(int *mode) { int rc = -1; int i; int current; struct fstab *fstab = NULL; /* return the default mode, unless any of the verified partitions are in * logging mode, in which case return that */ *mode = VERITY_MODE_DEFAULT; fstab = fs_mgr_read_fstab_default(); if (!fstab) { LERROR << "Failed to read default fstab"; goto out; } for (i = 0; i < fstab->num_entries; i++) { if (!fs_mgr_is_verified(&fstab->recs[i])) { continue; } rc = load_verity_state(&fstab->recs[i], ¤t); if (rc < 0) { continue; } if (current != VERITY_MODE_DEFAULT) { *mode = current; break; } } rc = 0; out: if (fstab) { fs_mgr_free_fstab(fstab); } return rc; } int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback) { alignas(dm_ioctl) char buffer[DM_BUF_SIZE]; bool system_root = false; std::string mount_point; char propbuf[PROPERTY_VALUE_MAX]; const char *status; int fd = -1; int i; int mode; int rc = -1; struct dm_ioctl *io = (struct dm_ioctl *) buffer; struct fstab *fstab = NULL; if (!callback) { return -1; } if (fs_mgr_load_verity_state(&mode) == -1) { return -1; } fd = TEMP_FAILURE_RETRY(open("/dev/device-mapper", O_RDWR | O_CLOEXEC)); if (fd == -1) { PERROR << "Error opening device mapper"; goto out; } property_get("ro.build.system_root_image", propbuf, ""); system_root = !strcmp(propbuf, "true"); fstab = fs_mgr_read_fstab_default(); if (!fstab) { LERROR << "Failed to read default fstab"; goto out; } for (i = 0; i < fstab->num_entries; i++) { if (!fs_mgr_is_verified(&fstab->recs[i])) { continue; } if (system_root && !strcmp(fstab->recs[i].mount_point, "/")) { mount_point = "system"; } else { mount_point = basename(fstab->recs[i].mount_point); } fs_mgr_verity_ioctl_init(io, mount_point, 0); if (ioctl(fd, DM_TABLE_STATUS, io)) { if (fstab->recs[i].fs_mgr_flags & MF_VERIFYATBOOT) { status = "V"; } else { PERROR << "Failed to query DM_TABLE_STATUS for " << mount_point.c_str(); continue; } } status = &buffer[io->data_start + sizeof(struct dm_target_spec)]; if (*status == 'C' || *status == 'V') { callback(&fstab->recs[i], mount_point.c_str(), mode, *status); } } rc = 0; out: if (fstab) { fs_mgr_free_fstab(fstab); } if (fd) { close(fd); } return rc; } static void update_verity_table_blk_device(char *blk_device, char **table) { std::string result, word; Loading fs_mgr/include/fs_mgr.h +2 −2 Original line number Diff line number Diff line Loading @@ -113,8 +113,8 @@ int fs_mgr_do_tmpfs_mount(const char *n_name); int fs_mgr_unmount_all(struct fstab *fstab); int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_device, int size); int fs_mgr_load_verity_state(int *mode); int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback); bool fs_mgr_load_verity_state(int* mode); bool fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback); int fs_mgr_add_entry(struct fstab *fstab, const char *mount_point, const char *fs_type, const char *blk_device); Loading init/Android.mk +1 −1 Original line number Diff line number Diff line Loading @@ -111,8 +111,8 @@ LOCAL_STATIC_LIBRARIES := \ libfec_rs \ libsquashfs_utils \ liblogwrap \ libcutils \ libext4_utils \ libcutils \ libbase \ libc \ libselinux \ Loading Loading
fs_mgr/fs_mgr.cpp +98 −0 Original line number Diff line number Diff line Loading @@ -31,7 +31,10 @@ #include <time.h> #include <unistd.h> #include <memory> #include <android-base/file.h> #include <android-base/properties.h> #include <android-base/stringprintf.h> #include <android-base/unique_fd.h> #include <cutils/android_reboot.h> Loading @@ -50,6 +53,7 @@ #include "fs_mgr.h" #include "fs_mgr_avb.h" #include "fs_mgr_priv.h" #include "fs_mgr_priv_dm_ioctl.h" #define KEY_LOC_PROP "ro.crypto.keyfile.userdata" #define KEY_IN_FOOTER "footer" Loading Loading @@ -1258,3 +1262,97 @@ int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_dev return 0; } bool fs_mgr_load_verity_state(int* mode) { /* return the default mode, unless any of the verified partitions are in * logging mode, in which case return that */ *mode = VERITY_MODE_DEFAULT; std::unique_ptr<fstab, decltype(&fs_mgr_free_fstab)> fstab(fs_mgr_read_fstab_default(), fs_mgr_free_fstab); if (!fstab) { LERROR << "Failed to read default fstab"; return false; } for (int i = 0; i < fstab->num_entries; i++) { if (fs_mgr_is_avb(&fstab->recs[i])) { *mode = VERITY_MODE_RESTART; // avb only supports restart mode. break; } else if (!fs_mgr_is_verified(&fstab->recs[i])) { continue; } int current; if (load_verity_state(&fstab->recs[i], ¤t) < 0) { continue; } if (current != VERITY_MODE_DEFAULT) { *mode = current; break; } } return true; } bool fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback) { if (!callback) { return false; } int mode; if (!fs_mgr_load_verity_state(&mode)) { return false; } android::base::unique_fd fd(TEMP_FAILURE_RETRY(open("/dev/device-mapper", O_RDWR | O_CLOEXEC))); if (fd == -1) { PERROR << "Error opening device mapper"; return false; } std::unique_ptr<fstab, decltype(&fs_mgr_free_fstab)> fstab(fs_mgr_read_fstab_default(), fs_mgr_free_fstab); if (!fstab) { LERROR << "Failed to read default fstab"; return false; } alignas(dm_ioctl) char buffer[DM_BUF_SIZE]; struct dm_ioctl* io = (struct dm_ioctl*)buffer; bool system_root = android::base::GetProperty("ro.build.system_root_image", "") == "true"; for (int i = 0; i < fstab->num_entries; i++) { if (!fs_mgr_is_verified(&fstab->recs[i]) && !fs_mgr_is_avb(&fstab->recs[i])) { continue; } std::string mount_point; if (system_root && !strcmp(fstab->recs[i].mount_point, "/")) { mount_point = "system"; } else { mount_point = basename(fstab->recs[i].mount_point); } fs_mgr_verity_ioctl_init(io, mount_point, 0); const char* status; if (ioctl(fd, DM_TABLE_STATUS, io)) { if (fstab->recs[i].fs_mgr_flags & MF_VERIFYATBOOT) { status = "V"; } else { PERROR << "Failed to query DM_TABLE_STATUS for " << mount_point.c_str(); continue; } } status = &buffer[io->data_start + sizeof(struct dm_target_spec)]; if (*status == 'C' || *status == 'V') { callback(&fstab->recs[i], mount_point.c_str(), mode, *status); } } return true; }
fs_mgr/fs_mgr_priv.h +1 −0 Original line number Diff line number Diff line Loading @@ -115,5 +115,6 @@ int fs_mgr_test_access(const char *device); bool fs_mgr_update_for_slotselect(struct fstab *fstab); bool is_dt_compatible(); bool is_device_secure(); int load_verity_state(struct fstab_rec* fstab, int* mode); #endif /* __CORE_FS_MGR_PRIV_H */
fs_mgr/fs_mgr_verity.cpp +1 −125 Original line number Diff line number Diff line Loading @@ -653,8 +653,7 @@ static int get_verity_state_offset(struct fstab_rec *fstab, off64_t *offset) offset); } static int load_verity_state(struct fstab_rec *fstab, int *mode) { int load_verity_state(struct fstab_rec* fstab, int* mode) { int match = 0; off64_t offset = 0; Loading Loading @@ -690,129 +689,6 @@ static int load_verity_state(struct fstab_rec *fstab, int *mode) return read_verity_state(fstab->verity_loc, offset, mode); } int fs_mgr_load_verity_state(int *mode) { int rc = -1; int i; int current; struct fstab *fstab = NULL; /* return the default mode, unless any of the verified partitions are in * logging mode, in which case return that */ *mode = VERITY_MODE_DEFAULT; fstab = fs_mgr_read_fstab_default(); if (!fstab) { LERROR << "Failed to read default fstab"; goto out; } for (i = 0; i < fstab->num_entries; i++) { if (!fs_mgr_is_verified(&fstab->recs[i])) { continue; } rc = load_verity_state(&fstab->recs[i], ¤t); if (rc < 0) { continue; } if (current != VERITY_MODE_DEFAULT) { *mode = current; break; } } rc = 0; out: if (fstab) { fs_mgr_free_fstab(fstab); } return rc; } int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback) { alignas(dm_ioctl) char buffer[DM_BUF_SIZE]; bool system_root = false; std::string mount_point; char propbuf[PROPERTY_VALUE_MAX]; const char *status; int fd = -1; int i; int mode; int rc = -1; struct dm_ioctl *io = (struct dm_ioctl *) buffer; struct fstab *fstab = NULL; if (!callback) { return -1; } if (fs_mgr_load_verity_state(&mode) == -1) { return -1; } fd = TEMP_FAILURE_RETRY(open("/dev/device-mapper", O_RDWR | O_CLOEXEC)); if (fd == -1) { PERROR << "Error opening device mapper"; goto out; } property_get("ro.build.system_root_image", propbuf, ""); system_root = !strcmp(propbuf, "true"); fstab = fs_mgr_read_fstab_default(); if (!fstab) { LERROR << "Failed to read default fstab"; goto out; } for (i = 0; i < fstab->num_entries; i++) { if (!fs_mgr_is_verified(&fstab->recs[i])) { continue; } if (system_root && !strcmp(fstab->recs[i].mount_point, "/")) { mount_point = "system"; } else { mount_point = basename(fstab->recs[i].mount_point); } fs_mgr_verity_ioctl_init(io, mount_point, 0); if (ioctl(fd, DM_TABLE_STATUS, io)) { if (fstab->recs[i].fs_mgr_flags & MF_VERIFYATBOOT) { status = "V"; } else { PERROR << "Failed to query DM_TABLE_STATUS for " << mount_point.c_str(); continue; } } status = &buffer[io->data_start + sizeof(struct dm_target_spec)]; if (*status == 'C' || *status == 'V') { callback(&fstab->recs[i], mount_point.c_str(), mode, *status); } } rc = 0; out: if (fstab) { fs_mgr_free_fstab(fstab); } if (fd) { close(fd); } return rc; } static void update_verity_table_blk_device(char *blk_device, char **table) { std::string result, word; Loading
fs_mgr/include/fs_mgr.h +2 −2 Original line number Diff line number Diff line Loading @@ -113,8 +113,8 @@ int fs_mgr_do_tmpfs_mount(const char *n_name); int fs_mgr_unmount_all(struct fstab *fstab); int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_device, int size); int fs_mgr_load_verity_state(int *mode); int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback); bool fs_mgr_load_verity_state(int* mode); bool fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback); int fs_mgr_add_entry(struct fstab *fstab, const char *mount_point, const char *fs_type, const char *blk_device); Loading
init/Android.mk +1 −1 Original line number Diff line number Diff line Loading @@ -111,8 +111,8 @@ LOCAL_STATIC_LIBRARIES := \ libfec_rs \ libsquashfs_utils \ liblogwrap \ libcutils \ libext4_utils \ libcutils \ libbase \ libc \ libselinux \ Loading
