Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6467eedd authored by Yi-yo Chiang's avatar Yi-yo Chiang Committed by Automerger Merge Worker
Browse files

Merge "set-verity-state: Remove dead code that was used by AVB 1.0" am: 83b12a5c 

Original change: https://android-review.googlesource.com/c/platform/system/core/+/2173963



Change-Id: I0c347cb9d2389e93706d5824f8c66cd59cf595ff
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents cf733f8c 83b12a5c

set-verity-state/Android.bp

+0 −1
Original line number Diff line number Diff line
@@ -12,7 +12,6 @@ cc_binary { 
        "libcrypto",

        "libcrypto_utils",

        "libcutils",

        "libfec",

        "libfs_mgr_binder",

        "liblog",

        "libutils",

set-verity-state/set-verity-state.cpp

+0 −82
Original line number Diff line number Diff line
@@ -15,107 +15,25 @@ 
 */



#include <errno.h>

#include <fcntl.h>

#include <inttypes.h>

#include <libavb_user/libavb_user.h>

#include <stdarg.h>

#include <stdio.h>

#include <sys/mount.h>

#include <sys/stat.h>

#include <unistd.h>



#include <android-base/file.h>

#include <android-base/logging.h>

#include <android-base/properties.h>

#include <android-base/stringprintf.h>

#include <android-base/unique_fd.h>

#include <fs_mgr.h>

#include <fs_mgr_overlayfs.h>

#include <fstab/fstab.h>

#include <log/log_properties.h>



#include "fec/io.h"



#ifdef ALLOW_DISABLE_VERITY

static const bool kAllowDisableVerity = true;

#else

static const bool kAllowDisableVerity = false;

#endif



using android::base::unique_fd;



static void suggest_run_adb_root() {

  if (getuid() != 0) printf("Maybe run adb root?\n");

}



static bool make_block_device_writable(const std::string& dev) {

  unique_fd fd(open(dev.c_str(), O_RDONLY | O_CLOEXEC));

  if (fd == -1) {

    return false;

  }



  int OFF = 0;

  bool result = (ioctl(fd.get(), BLKROSET, &OFF) != -1);

  return result;

}



/* Turn verity on/off */

static bool set_verity_enabled_state(const char* block_device, const char* mount_point,

                                     bool enable) {

  if (!make_block_device_writable(block_device)) {

    printf("Could not make block device %s writable (%s).\n", block_device, strerror(errno));

    return false;

  }



  fec::io fh(block_device, O_RDWR);



  if (!fh) {

    printf("Could not open block device %s (%s).\n", block_device, strerror(errno));

    suggest_run_adb_root();

    return false;

  }



  fec_verity_metadata metadata;



  if (!fh.get_verity_metadata(metadata)) {

    printf("Couldn't find verity metadata!\n");

    return false;

  }



  if (!enable && metadata.disabled) {

    printf("Verity already disabled on %s\n", mount_point);

    return false;

  }



  if (enable && !metadata.disabled) {

    printf("Verity already enabled on %s\n", mount_point);

    return false;

  }



  if (!fh.set_verity_status(enable)) {

    printf("Could not set verity %s flag on device %s with error %s\n",

           enable ? "enabled" : "disabled", block_device, strerror(errno));

    return false;

  }



  auto change = false;

  errno = 0;

  if (enable ? fs_mgr_overlayfs_teardown(mount_point, &change)

             : fs_mgr_overlayfs_setup(nullptr, mount_point, &change)) {

    if (change) {

      printf("%s overlayfs for %s\n", enable ? "disabling" : "using", mount_point);

    }

  } else if (errno) {

    int expected_errno = enable ? EBUSY : ENOENT;

    if (errno != expected_errno) {

      printf("Overlayfs %s for %s failed with error %s\n", enable ? "teardown" : "setup",

             mount_point, strerror(errno));

    }

  }

  printf("Verity %s on %s\n", enable ? "enabled" : "disabled", mount_point);

  return true;

}



/* Helper function to get A/B suffix, if any. If the device isn't

 * using A/B the empty string is returned. Otherwise either "_a",

 * "_b", ... is returned.