Loading fs_mgr/fs_mgr.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -1089,7 +1089,7 @@ int fs_mgr_mount_all(Fstab* fstab, int mount_mode) { // Skips mounting the device. continue; } } else if (!current_entry.avb_key.empty()) { } else if (!current_entry.avb_keys.empty()) { if (AvbHandle::SetUpStandaloneAvbHashtree(¤t_entry) == AvbHashtreeResult::kFail) { LERROR << "Failed to set up AVB on standalone partition: " << current_entry.mount_point << ", skipping!"; Loading Loading @@ -1320,7 +1320,7 @@ static int fs_mgr_do_mount_helper(Fstab* fstab, const std::string& n_name, // Skips mounting the device. continue; } } else if (!fstab_entry.avb_key.empty()) { } else if (!fstab_entry.avb_keys.empty()) { if (AvbHandle::SetUpStandaloneAvbHashtree(&fstab_entry) == AvbHashtreeResult::kFail) { LERROR << "Failed to set up AVB on standalone partition: " << fstab_entry.mount_point << ", skipping!"; Loading fs_mgr/fs_mgr_fstab.cpp +4 −3 Original line number Diff line number Diff line Loading @@ -325,8 +325,8 @@ void ParseFsMgrFlags(const std::string& flags, FstabEntry* entry) { } } else if (StartsWith(flag, "zram_backing_dev_path=")) { entry->zram_backing_dev_path = arg; } else if (StartsWith(flag, "avb_key=")) { entry->avb_key = arg; } else if (StartsWith(flag, "avb_keys=")) { entry->avb_keys = arg; } else { LWARNING << "Warning: unknown flag: " << flag; } Loading Loading @@ -759,7 +759,8 @@ FstabEntry BuildGsiSystemFstabEntry() { .fs_type = "ext4", .flags = MS_RDONLY, .fs_options = "barrier=1", .avb_key = "/gsi.avbpubkey", // could add more keys separated by ':'. .avb_keys = "/avb/gsi.avbpubkey:", .logical_partition_name = "system"}; system.fs_mgr_flags.wait = true; system.fs_mgr_flags.logical = true; Loading fs_mgr/include_fstab/fstab/fstab.h +1 −1 Original line number Diff line number Diff line Loading @@ -55,7 +55,7 @@ struct FstabEntry { std::string zram_loopback_path; uint64_t zram_loopback_size = 512 * 1024 * 1024; // 512MB by default; std::string zram_backing_dev_path; std::string avb_key; std::string avb_keys; struct FsMgrFlags { bool wait : 1; Loading fs_mgr/libfs_avb/avb_util.cpp +19 −2 Original line number Diff line number Diff line Loading @@ -28,6 +28,7 @@ #include "util.h" using android::base::Basename; using android::base::ReadFileToString; using android::base::StartsWith; using android::base::unique_fd; Loading Loading @@ -311,7 +312,8 @@ std::unique_ptr<AvbFooter> GetAvbFooter(int fd) { return footer; } bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob) { bool ValidatePublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob) { if (expected_key_blob.empty()) { // no expectation of the key, return true. return true; } Loading @@ -324,6 +326,21 @@ bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& e return false; } bool ValidatePublicKeyBlob(const std::string key_blob_to_validate, const std::vector<std::string>& allowed_key_paths) { std::string allowed_key_blob; if (key_blob_to_validate.empty()) { LWARNING << "Failed to validate an empty key"; return false; } for (const auto& path : allowed_key_paths) { if (ReadFileToString(path, &allowed_key_blob)) { if (key_blob_to_validate == allowed_key_blob) return true; } } return false; } VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta, const std::string& expected_public_key_blob, std::string* out_public_key_data) { Loading @@ -347,7 +364,7 @@ VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta, << ": Error verifying vbmeta image: failed to get public key"; return VBMetaVerifyResult::kError; } if (!VerifyPublicKeyBlob(pk_data, pk_len, expected_public_key_blob)) { if (!ValidatePublicKeyBlob(pk_data, pk_len, expected_public_key_blob)) { LERROR << vbmeta.partition() << ": Error verifying vbmeta image: public key used to" << " sign data does not match key in chain descriptor"; return VBMetaVerifyResult::kErrorVerification; Loading fs_mgr/libfs_avb/avb_util.h +4 −1 Original line number Diff line number Diff line Loading @@ -78,7 +78,10 @@ VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta, const std::string& expected_public_key_blob, std::string* out_public_key_data); bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob); bool ValidatePublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob); bool ValidatePublicKeyBlob(const std::string key_blob_to_validate, const std::vector<std::string>& expected_key_paths); // Detects if whether a partition contains a rollback image. bool RollbackDetected(const std::string& partition_name, uint64_t rollback_index); Loading Loading
fs_mgr/fs_mgr.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -1089,7 +1089,7 @@ int fs_mgr_mount_all(Fstab* fstab, int mount_mode) { // Skips mounting the device. continue; } } else if (!current_entry.avb_key.empty()) { } else if (!current_entry.avb_keys.empty()) { if (AvbHandle::SetUpStandaloneAvbHashtree(¤t_entry) == AvbHashtreeResult::kFail) { LERROR << "Failed to set up AVB on standalone partition: " << current_entry.mount_point << ", skipping!"; Loading Loading @@ -1320,7 +1320,7 @@ static int fs_mgr_do_mount_helper(Fstab* fstab, const std::string& n_name, // Skips mounting the device. continue; } } else if (!fstab_entry.avb_key.empty()) { } else if (!fstab_entry.avb_keys.empty()) { if (AvbHandle::SetUpStandaloneAvbHashtree(&fstab_entry) == AvbHashtreeResult::kFail) { LERROR << "Failed to set up AVB on standalone partition: " << fstab_entry.mount_point << ", skipping!"; Loading
fs_mgr/fs_mgr_fstab.cpp +4 −3 Original line number Diff line number Diff line Loading @@ -325,8 +325,8 @@ void ParseFsMgrFlags(const std::string& flags, FstabEntry* entry) { } } else if (StartsWith(flag, "zram_backing_dev_path=")) { entry->zram_backing_dev_path = arg; } else if (StartsWith(flag, "avb_key=")) { entry->avb_key = arg; } else if (StartsWith(flag, "avb_keys=")) { entry->avb_keys = arg; } else { LWARNING << "Warning: unknown flag: " << flag; } Loading Loading @@ -759,7 +759,8 @@ FstabEntry BuildGsiSystemFstabEntry() { .fs_type = "ext4", .flags = MS_RDONLY, .fs_options = "barrier=1", .avb_key = "/gsi.avbpubkey", // could add more keys separated by ':'. .avb_keys = "/avb/gsi.avbpubkey:", .logical_partition_name = "system"}; system.fs_mgr_flags.wait = true; system.fs_mgr_flags.logical = true; Loading
fs_mgr/include_fstab/fstab/fstab.h +1 −1 Original line number Diff line number Diff line Loading @@ -55,7 +55,7 @@ struct FstabEntry { std::string zram_loopback_path; uint64_t zram_loopback_size = 512 * 1024 * 1024; // 512MB by default; std::string zram_backing_dev_path; std::string avb_key; std::string avb_keys; struct FsMgrFlags { bool wait : 1; Loading
fs_mgr/libfs_avb/avb_util.cpp +19 −2 Original line number Diff line number Diff line Loading @@ -28,6 +28,7 @@ #include "util.h" using android::base::Basename; using android::base::ReadFileToString; using android::base::StartsWith; using android::base::unique_fd; Loading Loading @@ -311,7 +312,8 @@ std::unique_ptr<AvbFooter> GetAvbFooter(int fd) { return footer; } bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob) { bool ValidatePublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob) { if (expected_key_blob.empty()) { // no expectation of the key, return true. return true; } Loading @@ -324,6 +326,21 @@ bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& e return false; } bool ValidatePublicKeyBlob(const std::string key_blob_to_validate, const std::vector<std::string>& allowed_key_paths) { std::string allowed_key_blob; if (key_blob_to_validate.empty()) { LWARNING << "Failed to validate an empty key"; return false; } for (const auto& path : allowed_key_paths) { if (ReadFileToString(path, &allowed_key_blob)) { if (key_blob_to_validate == allowed_key_blob) return true; } } return false; } VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta, const std::string& expected_public_key_blob, std::string* out_public_key_data) { Loading @@ -347,7 +364,7 @@ VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta, << ": Error verifying vbmeta image: failed to get public key"; return VBMetaVerifyResult::kError; } if (!VerifyPublicKeyBlob(pk_data, pk_len, expected_public_key_blob)) { if (!ValidatePublicKeyBlob(pk_data, pk_len, expected_public_key_blob)) { LERROR << vbmeta.partition() << ": Error verifying vbmeta image: public key used to" << " sign data does not match key in chain descriptor"; return VBMetaVerifyResult::kErrorVerification; Loading
fs_mgr/libfs_avb/avb_util.h +4 −1 Original line number Diff line number Diff line Loading @@ -78,7 +78,10 @@ VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta, const std::string& expected_public_key_blob, std::string* out_public_key_data); bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob); bool ValidatePublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob); bool ValidatePublicKeyBlob(const std::string key_blob_to_validate, const std::vector<std::string>& expected_key_paths); // Detects if whether a partition contains a rollback image. bool RollbackDetected(const std::string& partition_name, uint64_t rollback_index); Loading
