Loading fs_mgr/fs_mgr.cpp +24 −47 Original line number Diff line number Diff line Loading @@ -85,6 +85,7 @@ #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a))) using android::base::Basename; using android::base::Realpath; using android::base::StartsWith; using android::base::unique_fd; Loading Loading @@ -1576,65 +1577,41 @@ bool fs_mgr_load_verity_state(int* mode) { return true; } bool fs_mgr_update_verity_state( std::function<void(const std::string& mount_point, int mode)> callback) { if (!callback) { return false; } int mode; if (!fs_mgr_load_verity_state(&mode)) { return false; } Fstab fstab; if (!ReadDefaultFstab(&fstab)) { LERROR << "Failed to read default fstab"; bool fs_mgr_is_verity_enabled(const FstabEntry& entry) { if (!entry.fs_mgr_flags.verify && !entry.fs_mgr_flags.avb) { return false; } DeviceMapper& dm = DeviceMapper::Instance(); for (const auto& entry : fstab) { if (!entry.fs_mgr_flags.verify && !entry.fs_mgr_flags.avb) { continue; } std::string mount_point; if (entry.mount_point == "/") { // In AVB, the dm device name is vroot instead of system. mount_point = entry.fs_mgr_flags.avb ? "vroot" : "system"; } else { mount_point = basename(entry.mount_point.c_str()); mount_point = Basename(entry.mount_point); } if (dm.GetState(mount_point) == DmDeviceState::INVALID) { PERROR << "Could not find verity device for mount point: " << mount_point; continue; return false; } const char* status; std::vector<DeviceMapper::TargetInfo> table; if (!dm.GetTableStatus(mount_point, &table) || table.empty() || table[0].data.empty()) { if (!entry.fs_mgr_flags.verify_at_boot) { PERROR << "Failed to query DM_TABLE_STATUS for " << mount_point; continue; return false; } status = "V"; } else { status = table[0].data.c_str(); } // To be consistent in vboot 1.0 and vboot 2.0 (AVB), change the mount_point // back to 'system' for the callback. So it has property [partition.system.verified] // instead of [partition.vroot.verified]. if (mount_point == "vroot") mount_point = "system"; if (*status == 'C' || *status == 'V') { callback(mount_point, mode); } return true; } return true; return false; } std::string fs_mgr_get_super_partition_name(int slot) { Loading fs_mgr/fs_mgr_overlayfs.cpp +6 −14 Original line number Diff line number Diff line Loading @@ -272,15 +272,6 @@ bool fs_mgr_overlayfs_already_mounted(const std::string& mount_point, bool overl return false; } std::vector<std::string> fs_mgr_overlayfs_verity_enabled_list() { std::vector<std::string> ret; auto save_errno = errno; fs_mgr_update_verity_state( [&ret](const std::string& mount_point, int) { ret.emplace_back(mount_point); }); if ((errno == ENOENT) || (errno == ENXIO)) errno = save_errno; return ret; } bool fs_mgr_wants_overlayfs(FstabEntry* entry) { // Don't check entries that are managed by vold. if (entry->fs_mgr_flags.vold_managed || entry->fs_mgr_flags.recovery_only) return false; Loading Loading @@ -537,7 +528,6 @@ bool fs_mgr_overlayfs_mount(const std::string& mount_point) { std::vector<std::string> fs_mgr_candidate_list(Fstab* fstab, const char* mount_point = nullptr) { std::vector<std::string> mounts; auto verity = fs_mgr_overlayfs_verity_enabled_list(); for (auto& entry : *fstab) { if (!fs_mgr_overlayfs_already_mounted(entry.mount_point) && !fs_mgr_wants_overlayfs(&entry)) { Loading @@ -545,10 +535,12 @@ std::vector<std::string> fs_mgr_candidate_list(Fstab* fstab, const char* mount_p } std::string new_mount_point(fs_mgr_mount_point(entry.mount_point.c_str())); if (mount_point && (new_mount_point != mount_point)) continue; if (std::find(verity.begin(), verity.end(), android::base::Basename(new_mount_point)) != verity.end()) { continue; } auto saved_errno = errno; auto verity_enabled = fs_mgr_is_verity_enabled(entry); if (errno == ENOENT || errno == ENXIO) errno = saved_errno; if (verity_enabled) continue; auto duplicate_or_more_specific = false; for (auto it = mounts.begin(); it != mounts.end();) { if ((*it == new_mount_point) || Loading fs_mgr/include/fs_mgr.h +3 −6 Original line number Diff line number Diff line Loading @@ -14,8 +14,7 @@ * limitations under the License. */ #ifndef __CORE_FS_MGR_H #define __CORE_FS_MGR_H #pragma once #include <stdio.h> #include <stdint.h> Loading Loading @@ -73,8 +72,8 @@ int fs_mgr_do_mount_one(const android::fs_mgr::FstabEntry& entry, const std::string& mount_point = ""); int fs_mgr_do_tmpfs_mount(const char *n_name); bool fs_mgr_load_verity_state(int* mode); bool fs_mgr_update_verity_state( std::function<void(const std::string& mount_point, int mode)> callback); // Returns true if verity is enabled on this particular FstabEntry. bool fs_mgr_is_verity_enabled(const android::fs_mgr::FstabEntry& entry); bool fs_mgr_swapon_all(const android::fs_mgr::Fstab& fstab); bool fs_mgr_update_logical_partition(android::fs_mgr::FstabEntry* entry); Loading @@ -90,5 +89,3 @@ int fs_mgr_setup_verity(android::fs_mgr::FstabEntry* fstab, bool wait_for_verity // specified, the super partition for the corresponding metadata slot will be // returned. Otherwise, it will use the current slot. std::string fs_mgr_get_super_partition_name(int slot = -1); #endif /* __CORE_FS_MGR_H */ init/builtins.cpp +21 −4 Original line number Diff line number Diff line Loading @@ -75,6 +75,7 @@ using namespace std::literals::string_literals; using android::base::Basename; using android::base::unique_fd; using android::fs_mgr::Fstab; using android::fs_mgr::ReadFstabFromFile; Loading Loading @@ -749,11 +750,27 @@ static Result<Success> do_verity_load_state(const BuiltinArguments& args) { } static Result<Success> do_verity_update_state(const BuiltinArguments& args) { if (!fs_mgr_update_verity_state([](const std::string& mount_point, int mode) { property_set("partition." + mount_point + ".verified", std::to_string(mode)); })) { return Error() << "fs_mgr_update_verity_state() failed"; int mode; if (!fs_mgr_load_verity_state(&mode)) { return Error() << "fs_mgr_load_verity_state() failed"; } Fstab fstab; if (!ReadDefaultFstab(&fstab)) { return Error() << "Failed to read default fstab"; } for (const auto& entry : fstab) { if (!fs_mgr_is_verity_enabled(entry)) { continue; } // To be consistent in vboot 1.0 and vboot 2.0 (AVB), use "system" for the partition even // for system as root, so it has property [partition.system.verified]. std::string partition = entry.mount_point == "/" ? "system" : Basename(entry.mount_point); property_set("partition." + partition + ".verified", std::to_string(mode)); } return Success(); } Loading Loading
fs_mgr/fs_mgr.cpp +24 −47 Original line number Diff line number Diff line Loading @@ -85,6 +85,7 @@ #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a))) using android::base::Basename; using android::base::Realpath; using android::base::StartsWith; using android::base::unique_fd; Loading Loading @@ -1576,65 +1577,41 @@ bool fs_mgr_load_verity_state(int* mode) { return true; } bool fs_mgr_update_verity_state( std::function<void(const std::string& mount_point, int mode)> callback) { if (!callback) { return false; } int mode; if (!fs_mgr_load_verity_state(&mode)) { return false; } Fstab fstab; if (!ReadDefaultFstab(&fstab)) { LERROR << "Failed to read default fstab"; bool fs_mgr_is_verity_enabled(const FstabEntry& entry) { if (!entry.fs_mgr_flags.verify && !entry.fs_mgr_flags.avb) { return false; } DeviceMapper& dm = DeviceMapper::Instance(); for (const auto& entry : fstab) { if (!entry.fs_mgr_flags.verify && !entry.fs_mgr_flags.avb) { continue; } std::string mount_point; if (entry.mount_point == "/") { // In AVB, the dm device name is vroot instead of system. mount_point = entry.fs_mgr_flags.avb ? "vroot" : "system"; } else { mount_point = basename(entry.mount_point.c_str()); mount_point = Basename(entry.mount_point); } if (dm.GetState(mount_point) == DmDeviceState::INVALID) { PERROR << "Could not find verity device for mount point: " << mount_point; continue; return false; } const char* status; std::vector<DeviceMapper::TargetInfo> table; if (!dm.GetTableStatus(mount_point, &table) || table.empty() || table[0].data.empty()) { if (!entry.fs_mgr_flags.verify_at_boot) { PERROR << "Failed to query DM_TABLE_STATUS for " << mount_point; continue; return false; } status = "V"; } else { status = table[0].data.c_str(); } // To be consistent in vboot 1.0 and vboot 2.0 (AVB), change the mount_point // back to 'system' for the callback. So it has property [partition.system.verified] // instead of [partition.vroot.verified]. if (mount_point == "vroot") mount_point = "system"; if (*status == 'C' || *status == 'V') { callback(mount_point, mode); } return true; } return true; return false; } std::string fs_mgr_get_super_partition_name(int slot) { Loading
fs_mgr/fs_mgr_overlayfs.cpp +6 −14 Original line number Diff line number Diff line Loading @@ -272,15 +272,6 @@ bool fs_mgr_overlayfs_already_mounted(const std::string& mount_point, bool overl return false; } std::vector<std::string> fs_mgr_overlayfs_verity_enabled_list() { std::vector<std::string> ret; auto save_errno = errno; fs_mgr_update_verity_state( [&ret](const std::string& mount_point, int) { ret.emplace_back(mount_point); }); if ((errno == ENOENT) || (errno == ENXIO)) errno = save_errno; return ret; } bool fs_mgr_wants_overlayfs(FstabEntry* entry) { // Don't check entries that are managed by vold. if (entry->fs_mgr_flags.vold_managed || entry->fs_mgr_flags.recovery_only) return false; Loading Loading @@ -537,7 +528,6 @@ bool fs_mgr_overlayfs_mount(const std::string& mount_point) { std::vector<std::string> fs_mgr_candidate_list(Fstab* fstab, const char* mount_point = nullptr) { std::vector<std::string> mounts; auto verity = fs_mgr_overlayfs_verity_enabled_list(); for (auto& entry : *fstab) { if (!fs_mgr_overlayfs_already_mounted(entry.mount_point) && !fs_mgr_wants_overlayfs(&entry)) { Loading @@ -545,10 +535,12 @@ std::vector<std::string> fs_mgr_candidate_list(Fstab* fstab, const char* mount_p } std::string new_mount_point(fs_mgr_mount_point(entry.mount_point.c_str())); if (mount_point && (new_mount_point != mount_point)) continue; if (std::find(verity.begin(), verity.end(), android::base::Basename(new_mount_point)) != verity.end()) { continue; } auto saved_errno = errno; auto verity_enabled = fs_mgr_is_verity_enabled(entry); if (errno == ENOENT || errno == ENXIO) errno = saved_errno; if (verity_enabled) continue; auto duplicate_or_more_specific = false; for (auto it = mounts.begin(); it != mounts.end();) { if ((*it == new_mount_point) || Loading
fs_mgr/include/fs_mgr.h +3 −6 Original line number Diff line number Diff line Loading @@ -14,8 +14,7 @@ * limitations under the License. */ #ifndef __CORE_FS_MGR_H #define __CORE_FS_MGR_H #pragma once #include <stdio.h> #include <stdint.h> Loading Loading @@ -73,8 +72,8 @@ int fs_mgr_do_mount_one(const android::fs_mgr::FstabEntry& entry, const std::string& mount_point = ""); int fs_mgr_do_tmpfs_mount(const char *n_name); bool fs_mgr_load_verity_state(int* mode); bool fs_mgr_update_verity_state( std::function<void(const std::string& mount_point, int mode)> callback); // Returns true if verity is enabled on this particular FstabEntry. bool fs_mgr_is_verity_enabled(const android::fs_mgr::FstabEntry& entry); bool fs_mgr_swapon_all(const android::fs_mgr::Fstab& fstab); bool fs_mgr_update_logical_partition(android::fs_mgr::FstabEntry* entry); Loading @@ -90,5 +89,3 @@ int fs_mgr_setup_verity(android::fs_mgr::FstabEntry* fstab, bool wait_for_verity // specified, the super partition for the corresponding metadata slot will be // returned. Otherwise, it will use the current slot. std::string fs_mgr_get_super_partition_name(int slot = -1); #endif /* __CORE_FS_MGR_H */
init/builtins.cpp +21 −4 Original line number Diff line number Diff line Loading @@ -75,6 +75,7 @@ using namespace std::literals::string_literals; using android::base::Basename; using android::base::unique_fd; using android::fs_mgr::Fstab; using android::fs_mgr::ReadFstabFromFile; Loading Loading @@ -749,11 +750,27 @@ static Result<Success> do_verity_load_state(const BuiltinArguments& args) { } static Result<Success> do_verity_update_state(const BuiltinArguments& args) { if (!fs_mgr_update_verity_state([](const std::string& mount_point, int mode) { property_set("partition." + mount_point + ".verified", std::to_string(mode)); })) { return Error() << "fs_mgr_update_verity_state() failed"; int mode; if (!fs_mgr_load_verity_state(&mode)) { return Error() << "fs_mgr_load_verity_state() failed"; } Fstab fstab; if (!ReadDefaultFstab(&fstab)) { return Error() << "Failed to read default fstab"; } for (const auto& entry : fstab) { if (!fs_mgr_is_verity_enabled(entry)) { continue; } // To be consistent in vboot 1.0 and vboot 2.0 (AVB), use "system" for the partition even // for system as root, so it has property [partition.system.verified]. std::string partition = entry.mount_point == "/" ? "system" : Basename(entry.mount_point); property_set("partition." + partition + ".verified", std::to_string(mode)); } return Success(); } Loading
