Loading fs_mgr/Android.bp +0 −7 Original line number Diff line number Diff line Loading @@ -56,7 +56,6 @@ cc_library_static { "libfstab", ], cppflags: [ "-DALLOW_SKIP_SECURE_CHECK=0", "-DALLOW_ADBD_DISABLE_VERITY=0", ], product_variables: { Loading @@ -66,12 +65,6 @@ cc_library_static { "-DALLOW_ADBD_DISABLE_VERITY=1", ], }, eng: { cppflags: [ "-UALLOW_SKIP_SECURE_CHECK", "-DALLOW_SKIP_SECURE_CHECK=1", ], }, }, } Loading fs_mgr/fs_mgr.cpp +2 −6 Original line number Diff line number Diff line Loading @@ -773,10 +773,6 @@ static int handle_encryptable(const struct fstab_rec* rec) } } bool is_device_secure() { return android::base::GetBoolProperty("ro.secure", ALLOW_SKIP_SECURE_CHECK ? false : true); } /* When multiple fstab records share the same mount_point, it will * try to mount each one in turn, and ignore any duplicates after a * first successful mount. Loading Loading @@ -849,7 +845,7 @@ int fs_mgr_mount_all(struct fstab *fstab, int mount_mode) /* Skips mounting the device. */ continue; } } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) { } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY)) { int rc = fs_mgr_setup_verity(&fstab->recs[i], true); if (__android_log_is_debuggable() && (rc == FS_MGR_SETUP_VERITY_DISABLED || Loading Loading @@ -1060,7 +1056,7 @@ int fs_mgr_do_mount(struct fstab *fstab, const char *n_name, char *n_blk_device, /* Skips mounting the device. */ continue; } } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) { } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY)) { int rc = fs_mgr_setup_verity(&fstab->recs[i], true); if (__android_log_is_debuggable() && (rc == FS_MGR_SETUP_VERITY_DISABLED || Loading fs_mgr/fs_mgr_priv.h +0 −1 Original line number Diff line number Diff line Loading @@ -122,7 +122,6 @@ bool fs_mgr_update_for_slotselect(struct fstab *fstab); bool fs_mgr_is_device_unlocked(); const std::string& get_android_dt_dir(); bool is_dt_compatible(); bool is_device_secure(); int load_verity_state(struct fstab_rec* fstab, int* mode); #endif /* __CORE_FS_MGR_PRIV_H */ fs_mgr/fs_mgr_verity.cpp +1 −8 Original line number Diff line number Diff line Loading @@ -765,13 +765,6 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev) const std::string mount_point(basename(fstab->mount_point)); bool verified_at_boot = false; // This is a public API and so deserves its own check to see if verity // setup is needed at all. if (!is_device_secure()) { LINFO << "Verity setup skipped for " << mount_point; return FS_MGR_SETUP_VERITY_SKIPPED; } if (fec_open(&f, fstab->blk_device, O_RDONLY, FEC_VERITY_DISABLE, FEC_DEFAULT_ROOTS) < 0) { PERROR << "Failed to open '" << fstab->blk_device << "'"; Loading @@ -792,7 +785,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev) #ifdef ALLOW_ADBD_DISABLE_VERITY if (verity.disabled) { retval = FS_MGR_SETUP_VERITY_DISABLED; LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG"; LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG/ENG"; goto out; } #endif Loading Loading
fs_mgr/Android.bp +0 −7 Original line number Diff line number Diff line Loading @@ -56,7 +56,6 @@ cc_library_static { "libfstab", ], cppflags: [ "-DALLOW_SKIP_SECURE_CHECK=0", "-DALLOW_ADBD_DISABLE_VERITY=0", ], product_variables: { Loading @@ -66,12 +65,6 @@ cc_library_static { "-DALLOW_ADBD_DISABLE_VERITY=1", ], }, eng: { cppflags: [ "-UALLOW_SKIP_SECURE_CHECK", "-DALLOW_SKIP_SECURE_CHECK=1", ], }, }, } Loading
fs_mgr/fs_mgr.cpp +2 −6 Original line number Diff line number Diff line Loading @@ -773,10 +773,6 @@ static int handle_encryptable(const struct fstab_rec* rec) } } bool is_device_secure() { return android::base::GetBoolProperty("ro.secure", ALLOW_SKIP_SECURE_CHECK ? false : true); } /* When multiple fstab records share the same mount_point, it will * try to mount each one in turn, and ignore any duplicates after a * first successful mount. Loading Loading @@ -849,7 +845,7 @@ int fs_mgr_mount_all(struct fstab *fstab, int mount_mode) /* Skips mounting the device. */ continue; } } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) { } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY)) { int rc = fs_mgr_setup_verity(&fstab->recs[i], true); if (__android_log_is_debuggable() && (rc == FS_MGR_SETUP_VERITY_DISABLED || Loading Loading @@ -1060,7 +1056,7 @@ int fs_mgr_do_mount(struct fstab *fstab, const char *n_name, char *n_blk_device, /* Skips mounting the device. */ continue; } } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) { } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY)) { int rc = fs_mgr_setup_verity(&fstab->recs[i], true); if (__android_log_is_debuggable() && (rc == FS_MGR_SETUP_VERITY_DISABLED || Loading
fs_mgr/fs_mgr_priv.h +0 −1 Original line number Diff line number Diff line Loading @@ -122,7 +122,6 @@ bool fs_mgr_update_for_slotselect(struct fstab *fstab); bool fs_mgr_is_device_unlocked(); const std::string& get_android_dt_dir(); bool is_dt_compatible(); bool is_device_secure(); int load_verity_state(struct fstab_rec* fstab, int* mode); #endif /* __CORE_FS_MGR_PRIV_H */
fs_mgr/fs_mgr_verity.cpp +1 −8 Original line number Diff line number Diff line Loading @@ -765,13 +765,6 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev) const std::string mount_point(basename(fstab->mount_point)); bool verified_at_boot = false; // This is a public API and so deserves its own check to see if verity // setup is needed at all. if (!is_device_secure()) { LINFO << "Verity setup skipped for " << mount_point; return FS_MGR_SETUP_VERITY_SKIPPED; } if (fec_open(&f, fstab->blk_device, O_RDONLY, FEC_VERITY_DISABLE, FEC_DEFAULT_ROOTS) < 0) { PERROR << "Failed to open '" << fstab->blk_device << "'"; Loading @@ -792,7 +785,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev) #ifdef ALLOW_ADBD_DISABLE_VERITY if (verity.disabled) { retval = FS_MGR_SETUP_VERITY_DISABLED; LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG"; LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG/ENG"; goto out; } #endif Loading
