Merge changes Ic9c27552,Ie3980cd5,I42bf2bdc into oc-dr1-dev

            }

        } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) {

            int rc = fs_mgr_setup_verity(&fstab->recs[i], true);

            if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {

            if (__android_log_is_debuggable() &&

                    (rc == FS_MGR_SETUP_VERITY_DISABLED ||

                     rc == FS_MGR_SETUP_VERITY_SKIPPED)) {

                LINFO << "Verity disabled";

            } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {

                LERROR << "Could not set up verified partition, skipping!";

            }

        } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) {

            int rc = fs_mgr_setup_verity(&fstab->recs[i], true);

            if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {

            if (__android_log_is_debuggable() &&

                    (rc == FS_MGR_SETUP_VERITY_DISABLED ||

                     rc == FS_MGR_SETUP_VERITY_SKIPPED)) {

                LINFO << "Verity disabled";

            } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {

                LERROR << "Could not set up verified partition, skipping!";

    // setup is needed at all.

    if (!is_device_secure()) {

        LINFO << "Verity setup skipped for " << mount_point;

        return FS_MGR_SETUP_VERITY_SUCCESS;

        return FS_MGR_SETUP_VERITY_SKIPPED;

    }

    if (fec_open(&f, fstab->blk_device, O_RDONLY, FEC_VERITY_DISABLE,

int fs_mgr_do_format(struct fstab_rec *fstab, bool reserve_footer);

#define FS_MGR_SETUP_VERITY_SKIPPED  (-3)

#define FS_MGR_SETUP_VERITY_DISABLED (-2)

#define FS_MGR_SETUP_VERITY_FAIL (-1)

#define FS_MGR_SETUP_VERITY_SUCCESS 0

    }

}

// Given a path that may start with a platform device, find the length of the

// platform device prefix.  If it doesn't start with a platform device, return false

bool PlatformDeviceList::Find(const std::string& path, std::string* out_path) const {

    out_path->clear();

    // platform_devices is searched backwards, since parents are added before their children,

    // and we want to match as deep of a child as we can.

    for (auto it = platform_devices_.crbegin(); it != platform_devices_.crend(); ++it) {

        auto platform_device_path_length = it->length();

        if (platform_device_path_length < path.length() &&

            path[platform_device_path_length] == '/' &&

            android::base::StartsWith(path, it->c_str())) {

            *out_path = *it;

// Given a path that may start with a platform device, find the parent platform device by finding a

// parent directory with a 'subsystem' symlink that points to the platform bus.

// If it doesn't start with a platform device, return false

bool DeviceHandler::FindPlatformDevice(std::string path, std::string* platform_device_path) const {

    platform_device_path->clear();

    // Uevents don't contain the mount point, so we need to add it here.

    path.insert(0, sysfs_mount_point_);

    std::string directory = android::base::Dirname(path);

    while (directory != "/" && directory != ".") {

        std::string subsystem_link_path;

        if (android::base::Realpath(directory + "/subsystem", &subsystem_link_path) &&

            subsystem_link_path == sysfs_mount_point_ + "/bus/platform") {

            // We need to remove the mount point that we added above before returning.

            directory.erase(0, sysfs_mount_point_.size());

            *platform_device_path = directory;

            return true;

        }

        auto last_slash = path.rfind('/');

        if (last_slash == std::string::npos) return false;

        path.erase(last_slash);

        directory = android::base::Dirname(path);

    }

    return false;

}

std::vector<std::string> DeviceHandler::GetCharacterDeviceSymlinks(const Uevent& uevent) const {

    std::string parent_device;

    if (!platform_devices_.Find(uevent.path, &parent_device)) return {};

    if (!FindPlatformDevice(uevent.path, &parent_device)) return {};

    // skip path to the parent driver

    std::string path = uevent.path.substr(parent_device.length());

    std::string device;

    std::string type;

    if (platform_devices_.Find(uevent.path, &device)) {

    if (FindPlatformDevice(uevent.path, &device)) {

        // Skip /devices/platform or /devices/ if present

        static const std::string devices_platform_prefix = "/devices/platform/";

        static const std::string devices_prefix = "/devices/";

    }

}

void DeviceHandler::HandlePlatformDeviceEvent(const Uevent& uevent) {

    if (uevent.action == "add") {

        platform_devices_.Add(uevent.path);

    } else if (uevent.action == "remove") {

        platform_devices_.Remove(uevent.path);

    }

}

void DeviceHandler::HandleBlockDeviceEvent(const Uevent& uevent) const {

    // if it's not a /dev device, nothing to do

    if (uevent.major < 0 || uevent.minor < 0) return;

    if (uevent.subsystem == "block") {

        HandleBlockDeviceEvent(uevent);

    } else if (uevent.subsystem == "platform") {

        HandlePlatformDeviceEvent(uevent);

    } else {

        HandleGenericDeviceEvent(uevent);

    }

      sysfs_permissions_(std::move(sysfs_permissions)),

      subsystems_(std::move(subsystems)),

      sehandle_(selinux_android_file_context_handle()),

      skip_restorecon_(skip_restorecon) {}

      skip_restorecon_(skip_restorecon),

      sysfs_mount_point_("/sys") {}

DeviceHandler::DeviceHandler()

    : DeviceHandler(std::vector<Permissions>{}, std::vector<SysfsPermissions>{},

    DevnameSource devname_source_;

};

class PlatformDeviceList {

  public:

    void Add(const std::string& path) { platform_devices_.emplace_back(path); }

    void Remove(const std::string& path) {

        auto it = std::find(platform_devices_.begin(), platform_devices_.end(), path);

        if (it != platform_devices_.end()) platform_devices_.erase(it);

    }

    bool Find(const std::string& path, std::string* out_path) const;

    auto size() const { return platform_devices_.size(); }

  private:

    std::vector<std::string> platform_devices_;

};

class DeviceHandler {

  public:

    friend class DeviceHandlerTester;

    void HandleDeviceEvent(const Uevent& uevent);

    void FixupSysPermissions(const std::string& upath, const std::string& subsystem) const;

    void HandlePlatformDeviceEvent(const Uevent& uevent);

    void HandleBlockDeviceEvent(const Uevent& uevent) const;

    void HandleGenericDeviceEvent(const Uevent& uevent) const;

    std::vector<std::string> GetBlockDeviceSymlinks(const Uevent& uevent) const;

    void set_skip_restorecon(bool value) { skip_restorecon_ = value; }

  private:

    bool FindPlatformDevice(std::string path, std::string* platform_device_path) const;

    std::tuple<mode_t, uid_t, gid_t> GetDevicePermissions(

        const std::string& path, const std::vector<std::string>& links) const;

    void MakeDevice(const std::string& path, int block, int major, int minor,

    std::vector<std::string> GetCharacterDeviceSymlinks(const Uevent& uevent) const;

    void HandleDevice(const std::string& action, const std::string& devpath, int block, int major,

                      int minor, const std::vector<std::string>& links) const;

    void FixupSysPermissions(const std::string& upath, const std::string& subsystem) const;

    void HandleBlockDeviceEvent(const Uevent& uevent) const;

    void HandleGenericDeviceEvent(const Uevent& uevent) const;

    std::vector<Permissions> dev_permissions_;

    std::vector<SysfsPermissions> sysfs_permissions_;

    std::vector<Subsystem> subsystems_;

    PlatformDeviceList platform_devices_;

    selabel_handle* sehandle_;

    bool skip_restorecon_;

    std::string sysfs_mount_point_;

};

// Exposed for testing