Loading fs_mgr/fs_mgr.cpp +10 −0 Original line number Diff line number Diff line Loading @@ -457,6 +457,16 @@ int fs_mgr_set_blk_ro(const char *blockdev) return rc; } // Orange state means the device is unlocked, see the following link for details. // https://source.android.com/security/verifiedboot/verified-boot#device_state bool fs_mgr_is_device_unlocked() { std::string verified_boot_state; if (fs_mgr_get_boot_config("verifiedbootstate", &verified_boot_state)) { return verified_boot_state == "orange"; } return false; } /* * __mount(): wrapper around the mount() system call which also * sets the underlying block device to read-only if the mount is read-only. Loading fs_mgr/fs_mgr_avb.cpp +1 −11 Original line number Diff line number Diff line Loading @@ -473,16 +473,6 @@ static bool get_hashtree_descriptor(const std::string& partition_name, return true; } // Orange state means the device is unlocked, see the following link for details. // https://source.android.com/security/verifiedboot/verified-boot#device_state static inline bool IsDeviceUnlocked() { std::string verified_boot_state; if (fs_mgr_get_boot_config("verifiedbootstate", &verified_boot_state)) { return verified_boot_state == "orange"; } return false; } FsManagerAvbUniquePtr FsManagerAvbHandle::Open(const fstab& fstab) { FsManagerAvbOps avb_ops(fstab); return DoOpen(&avb_ops); Loading @@ -498,7 +488,7 @@ FsManagerAvbUniquePtr FsManagerAvbHandle::Open(ByNameSymlinkMap&& by_name_symlin } FsManagerAvbUniquePtr FsManagerAvbHandle::DoOpen(FsManagerAvbOps* avb_ops) { bool is_device_unlocked = IsDeviceUnlocked(); bool is_device_unlocked = fs_mgr_is_device_unlocked(); FsManagerAvbUniquePtr avb_handle(new FsManagerAvbHandle()); if (!avb_handle) { Loading fs_mgr/fs_mgr_priv.h +1 −0 Original line number Diff line number Diff line Loading @@ -113,6 +113,7 @@ int fs_mgr_set_blk_ro(const char *blockdev); int fs_mgr_test_access(const char *device); bool fs_mgr_update_for_slotselect(struct fstab *fstab); bool fs_mgr_is_device_unlocked(); bool is_dt_compatible(); bool is_device_secure(); int load_verity_state(struct fstab_rec* fstab, int* mode); Loading fs_mgr/fs_mgr_verity.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -782,8 +782,8 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev) if (fec_verity_get_metadata(f, &verity) < 0) { PERROR << "Failed to get verity metadata '" << fstab->blk_device << "'"; // Allow verity disabled when the device is unlocked without metadata if ("0" == android::base::GetProperty("ro.boot.flash.locked", "")) { retval = FS_MGR_SETUP_VERITY_DISABLED; if (fs_mgr_is_device_unlocked()) { retval = FS_MGR_SETUP_VERITY_SKIPPED; LWARNING << "Allow invalid metadata when the device is unlocked"; } goto out; Loading Loading
fs_mgr/fs_mgr.cpp +10 −0 Original line number Diff line number Diff line Loading @@ -457,6 +457,16 @@ int fs_mgr_set_blk_ro(const char *blockdev) return rc; } // Orange state means the device is unlocked, see the following link for details. // https://source.android.com/security/verifiedboot/verified-boot#device_state bool fs_mgr_is_device_unlocked() { std::string verified_boot_state; if (fs_mgr_get_boot_config("verifiedbootstate", &verified_boot_state)) { return verified_boot_state == "orange"; } return false; } /* * __mount(): wrapper around the mount() system call which also * sets the underlying block device to read-only if the mount is read-only. Loading
fs_mgr/fs_mgr_avb.cpp +1 −11 Original line number Diff line number Diff line Loading @@ -473,16 +473,6 @@ static bool get_hashtree_descriptor(const std::string& partition_name, return true; } // Orange state means the device is unlocked, see the following link for details. // https://source.android.com/security/verifiedboot/verified-boot#device_state static inline bool IsDeviceUnlocked() { std::string verified_boot_state; if (fs_mgr_get_boot_config("verifiedbootstate", &verified_boot_state)) { return verified_boot_state == "orange"; } return false; } FsManagerAvbUniquePtr FsManagerAvbHandle::Open(const fstab& fstab) { FsManagerAvbOps avb_ops(fstab); return DoOpen(&avb_ops); Loading @@ -498,7 +488,7 @@ FsManagerAvbUniquePtr FsManagerAvbHandle::Open(ByNameSymlinkMap&& by_name_symlin } FsManagerAvbUniquePtr FsManagerAvbHandle::DoOpen(FsManagerAvbOps* avb_ops) { bool is_device_unlocked = IsDeviceUnlocked(); bool is_device_unlocked = fs_mgr_is_device_unlocked(); FsManagerAvbUniquePtr avb_handle(new FsManagerAvbHandle()); if (!avb_handle) { Loading
fs_mgr/fs_mgr_priv.h +1 −0 Original line number Diff line number Diff line Loading @@ -113,6 +113,7 @@ int fs_mgr_set_blk_ro(const char *blockdev); int fs_mgr_test_access(const char *device); bool fs_mgr_update_for_slotselect(struct fstab *fstab); bool fs_mgr_is_device_unlocked(); bool is_dt_compatible(); bool is_device_secure(); int load_verity_state(struct fstab_rec* fstab, int* mode); Loading
fs_mgr/fs_mgr_verity.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -782,8 +782,8 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev) if (fec_verity_get_metadata(f, &verity) < 0) { PERROR << "Failed to get verity metadata '" << fstab->blk_device << "'"; // Allow verity disabled when the device is unlocked without metadata if ("0" == android::base::GetProperty("ro.boot.flash.locked", "")) { retval = FS_MGR_SETUP_VERITY_DISABLED; if (fs_mgr_is_device_unlocked()) { retval = FS_MGR_SETUP_VERITY_SKIPPED; LWARNING << "Allow invalid metadata when the device is unlocked"; } goto out; Loading
