Merge "fs_mgr: adds/changes some public APIs for early mount in init"

#include <logwrap/logwrap.h>

#include <private/android_logger.h>  // for __android_log_is_debuggable()

#include "fs_mgr.h"

#include "fs_mgr_avb.h"

#include "fs_mgr_priv.h"

#include "fs_mgr_priv_avb.h"

#define KEY_LOC_PROP   "ro.crypto.keyfile.userdata"

#define KEY_IN_FOOTER  "footer"

                    return -1;

                }

            }

            if (!avb_handle->SetUpAvb(&fstab->recs[i])) {

            if (!avb_handle->SetUpAvb(&fstab->recs[i], true /* wait_for_verity_dev */)) {

                LERROR << "Failed to set up AVB on partition: "

                       << fstab->recs[i].mount_point << ", skipping!";

                /* Skips mounting the device. */

                    return -1;

                }

            }

            if (!avb_handle->SetUpAvb(&fstab->recs[i])) {

            if (!avb_handle->SetUpAvb(&fstab->recs[i], true /* wait_for_verity_dev */)) {

                LERROR << "Failed to set up AVB on partition: "

                       << fstab->recs[i].mount_point << ", skipping!";

                /* Skips mounting the device. */

#include <utils/Compat.h>

#include "fs_mgr.h"

#include "fs_mgr_avb.h"

#include "fs_mgr_avb_ops.h"

#include "fs_mgr_priv.h"

#include "fs_mgr_priv_avb.h"

#include "fs_mgr_priv_dm_ioctl.h"

#include "fs_mgr_priv_sha.h"

static bool hashtree_dm_verity_setup(struct fstab_rec* fstab_entry,

                                     const AvbHashtreeDescriptor& hashtree_desc,

                                     const std::string& salt, const std::string& root_digest) {

                                     const std::string& salt, const std::string& root_digest,

                                     bool wait_for_verity_dev) {

    // Gets the device mapper fd.

    android::base::unique_fd fd(open("/dev/device-mapper", O_RDWR));

    if (fd < 0) {

    // Marks the underlying block device as read-only.

    fs_mgr_set_blk_ro(fstab_entry->blk_device);

    // TODO(bowgotsai): support verified all partition at boot.

    // Updates fstab_rec->blk_device to verity device name.

    free(fstab_entry->blk_device);

    fstab_entry->blk_device = strdup(verity_blk_name.c_str());

    // Makes sure we've set everything up properly.

    if (fs_mgr_test_access(verity_blk_name.c_str()) < 0) {

    if (wait_for_verity_dev && fs_mgr_test_access(verity_blk_name.c_str()) < 0) {

        return false;

    }

    return nullptr;

}

bool FsManagerAvbHandle::SetUpAvb(struct fstab_rec* fstab_entry) {

bool FsManagerAvbHandle::SetUpAvb(struct fstab_rec* fstab_entry, bool wait_for_verity_dev) {

    if (!fstab_entry) return false;

    if (!avb_slot_data_ || avb_slot_data_->num_vbmeta_images < 1) {

        return false;

    }

    // Converts HASHTREE descriptor to verity_table_params.

    if (!hashtree_dm_verity_setup(fstab_entry, hashtree_descriptor, salt, root_digest)) {

    if (!hashtree_dm_verity_setup(fstab_entry, hashtree_descriptor, salt, root_digest,

                                  wait_for_verity_dev)) {

        return false;

    }

    return true;

    return fstab->fs_mgr_flags & MF_VERIFY;

}

int fs_mgr_is_avb(const struct fstab_rec *fstab)

{

    return fstab->fs_mgr_flags & MF_AVB;

}

int fs_mgr_is_verifyatboot(const struct fstab_rec *fstab)

{

    return fstab->fs_mgr_flags & MF_VERIFYATBOOT;

int fs_mgr_is_nonremovable(const struct fstab_rec *fstab);

int fs_mgr_is_verified(const struct fstab_rec *fstab);

int fs_mgr_is_verifyatboot(const struct fstab_rec *fstab);

int fs_mgr_is_avb(const struct fstab_rec *fstab);

int fs_mgr_is_encryptable(const struct fstab_rec *fstab);

int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab);

const char* fs_mgr_get_file_encryption_mode(const struct fstab_rec *fstab);

/*

 * Copyright (C) 2016 The Android Open Source Project

 * Copyright (C) 2017 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * limitations under the License.

 */

#ifndef __CORE_FS_MGR_PRIV_AVB_H

#define __CORE_FS_MGR_PRIV_AVB_H

#ifndef __CORE_FS_MGR_AVB_H

#define __CORE_FS_MGR_AVB_H

#include <memory>

#include <string>

    static FsManagerAvbUniquePtr Open(const std::string& device_file_by_name_prefix);

    // Sets up dm-verity on the given fstab entry.

    // The 'wait_for_verity_dev' parameter makes this function wait for the

    // verity device to get created before return.

    // Returns true if the mount point is eligible to mount, it includes:

    //   - status_ is kFsMgrAvbHandleHashtreeDisabled or

    //   - status_ is kFsMgrAvbHandleSuccess and sending ioctl DM_TABLE_LOAD

    //     to load verity table is success.

    // Otherwise, returns false.

    bool SetUpAvb(fstab_rec* fstab_entry);

    bool SetUpAvb(fstab_rec* fstab_entry, bool wait_for_verity_dev);

    bool AvbHashtreeDisabled() { return status_ == kFsManagerAvbHandleHashtreeDisabled; }

    FsManagerAvbHandle(const FsManagerAvbHandle&) = delete;             // no copy

    FsManagerAvbHandle& operator=(const FsManagerAvbHandle&) = delete;  // no assignment

    FsManagerAvbHandleStatus status_;

};

#endif /* __CORE_FS_MGR_PRIV_AVB_H */

#endif /* __CORE_FS_MGR_AVB_H */