Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 328b5658 authored by Bowgo Tsai's avatar Bowgo Tsai Committed by android-build-merger
Browse files

Merge "fs_mgr: allow no verity metadata when the device is unlocked." 

am: cd0c2d89

Change-Id: Icebfb3c34b3c2878c4015f36dafe893c577b40c9
parents 1030828a cd0c2d89

fs_mgr/fs_mgr.cpp

+10 −0
Original line number Diff line number Diff line
@@ -457,6 +457,16 @@ int fs_mgr_set_blk_ro(const char *blockdev) 
    return rc;

}



// Orange state means the device is unlocked, see the following link for details.

// https://source.android.com/security/verifiedboot/verified-boot#device_state

bool fs_mgr_is_device_unlocked() {

    std::string verified_boot_state;

    if (fs_mgr_get_boot_config("verifiedbootstate", &verified_boot_state)) {

        return verified_boot_state == "orange";

    }

    return false;

}



/*

 * __mount(): wrapper around the mount() system call which also

 * sets the underlying block device to read-only if the mount is read-only.

fs_mgr/fs_mgr_avb.cpp

+1 −11
Original line number Diff line number Diff line
@@ -473,16 +473,6 @@ static bool get_hashtree_descriptor(const std::string& partition_name, 
    return true;

}



// Orange state means the device is unlocked, see the following link for details.

// https://source.android.com/security/verifiedboot/verified-boot#device_state

static inline bool IsDeviceUnlocked() {

    std::string verified_boot_state;

    if (fs_mgr_get_boot_config("verifiedbootstate", &verified_boot_state)) {

        return verified_boot_state == "orange";

    }

    return false;

}



FsManagerAvbUniquePtr FsManagerAvbHandle::Open(const fstab& fstab) {

    FsManagerAvbOps avb_ops(fstab);

    return DoOpen(&avb_ops);
@@ -498,7 +488,7 @@ FsManagerAvbUniquePtr FsManagerAvbHandle::Open(ByNameSymlinkMap&& by_name_symlin 
}



FsManagerAvbUniquePtr FsManagerAvbHandle::DoOpen(FsManagerAvbOps* avb_ops) {

    bool is_device_unlocked = IsDeviceUnlocked();

    bool is_device_unlocked = fs_mgr_is_device_unlocked();



    FsManagerAvbUniquePtr avb_handle(new FsManagerAvbHandle());

    if (!avb_handle) {

fs_mgr/fs_mgr_priv.h

+1 −0
Original line number Diff line number Diff line
@@ -113,6 +113,7 @@ 
int fs_mgr_set_blk_ro(const char *blockdev);

int fs_mgr_test_access(const char *device);

bool fs_mgr_update_for_slotselect(struct fstab *fstab);

bool fs_mgr_is_device_unlocked();

bool is_dt_compatible();

bool is_device_secure();

int load_verity_state(struct fstab_rec* fstab, int* mode);

fs_mgr/fs_mgr_verity.cpp

+2 −2
Original line number Diff line number Diff line
@@ -782,8 +782,8 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev) 
    if (fec_verity_get_metadata(f, &verity) < 0) {

        PERROR << "Failed to get verity metadata '" << fstab->blk_device << "'";

        // Allow verity disabled when the device is unlocked without metadata

        if ("0" == android::base::GetProperty("ro.boot.flash.locked", "")) {

            retval = FS_MGR_SETUP_VERITY_DISABLED;

        if (fs_mgr_is_device_unlocked()) {

            retval = FS_MGR_SETUP_VERITY_SKIPPED;

            LWARNING << "Allow invalid metadata when the device is unlocked";

        }

        goto out;