Merge changes from topic 'early-mount-support'

    fs_mgr_slotselect.cpp \

    fs_mgr_verity.cpp \

    fs_mgr_avb.cpp \

    fs_mgr_avb_ops.cpp

    fs_mgr_avb_ops.cpp \

    fs_mgr_boot_config.cpp

LOCAL_C_INCLUDES := \

    $(LOCAL_PATH)/include \

    system/vold \

#include "fs_mgr_priv.h"

#include "fs_mgr_priv_avb.h"

#include "fs_mgr_priv_verity.h"

#define KEY_LOC_PROP   "ro.crypto.keyfile.userdata"

#define KEY_IN_FOOTER  "footer"

    }

}

// TODO: add ueventd notifiers if they don't exist.

// This is just doing a wait_for_device for maximum of 1s

int fs_mgr_test_access(const char *device) {

    int tries = 25;

    while (tries--) {

    }

}

/* wrapper to __mount() and expects a fully prepared fstab_rec,

 * unlike fs_mgr_do_mount which does more things with avb / verity

 * etc.

 */

int fs_mgr_do_mount_one(struct fstab_rec *rec)

{

    if (!rec) {

        return FS_MGR_DOMNT_FAILED;

    }

    int ret = __mount(rec->blk_device, rec->mount_point, rec);

    if (ret) {

      ret = (errno == EBUSY) ? FS_MGR_DOMNT_BUSY : FS_MGR_DOMNT_FAILED;

    }

    return ret;

}

/* If tmp_mount_point is non-null, mount the filesystem there.  This is for the

 * tmp mount we do to check the user password

 * If multiple fstab entries are to be mounted on "n_name", it will try to mount each one

    return 0;

}

int fs_mgr_early_setup_verity(struct fstab_rec *fstab_rec)

{

    if ((fstab_rec->fs_mgr_flags & MF_VERIFY) && device_is_secure()) {

        int rc = fs_mgr_setup_verity(fstab_rec, false);

        if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {

            LINFO << "Verity disabled";

            return FS_MGR_EARLY_SETUP_VERITY_NO_VERITY;

        } else if (rc == FS_MGR_SETUP_VERITY_SUCCESS) {

            return FS_MGR_EARLY_SETUP_VERITY_SUCCESS;

        } else {

            return FS_MGR_EARLY_SETUP_VERITY_FAIL;

        }

    } else if (device_is_secure()) {

        LERROR << "Verity must be enabled for early mounted partitions on secured devices";

        return FS_MGR_EARLY_SETUP_VERITY_FAIL;

    }

    return FS_MGR_EARLY_SETUP_VERITY_NO_VERITY;

}

static bool init_is_avb_used() {

    // When AVB is used, boot loader should set androidboot.vbmeta.{hash_alg,

    // size, digest} in kernel cmdline. They will then be imported by init

    // process to system properties: ro.boot.vbmeta.{hash_alg, size, digest}.

    // size, digest} in kernel cmdline or in device tree. They will then be

    // imported by init process to system properties: ro.boot.vbmeta.{hash_alg, size, digest}.

    //

    // In case of early mount, init properties are not initialized, so we also

    // ensure we look into kernel command line and device tree if the property is

    // not found

    //

    // Checks hash_alg as an indicator for whether AVB is used.

    // We don't have to parse and check all of them here. The check will

    // be done in fs_mgr_load_vbmeta_images() and FS_MGR_SETUP_AVB_FAIL will

    // be returned when there is an error.

    std::string hash_alg = android::base::GetProperty("ro.boot.vbmeta.hash_alg", "");

    std::string hash_alg;

    if (fs_mgr_get_boot_config("vbmeta.hash_alg", &hash_alg) == 0) {

        if (hash_alg == "sha256" || hash_alg == "sha512") {

            return true;

        }

    }

    return false;

}

    // of HASH partitions into fs_mgr_avb_verify_data, which is not required as

    // fs_mgr only deals with HASHTREE partitions.

    const char *requested_partitions[] = {nullptr};

    const char* ab_suffix = android::base::GetProperty("ro.boot.slot_suffix", "").c_str();

    std::string ab_suffix;

    fs_mgr_get_boot_config("slot_suffix", &ab_suffix);

    AvbSlotVerifyResult verify_result =

        avb_slot_verify(fs_mgr_avb_ops, requested_partitions, ab_suffix,

        avb_slot_verify(fs_mgr_avb_ops, requested_partitions, ab_suffix.c_str(),

                        fs_mgr_vbmeta_prop.allow_verification_error, &fs_mgr_avb_verify_data);

    // Only allow two verify results:

/*

 * Copyright (C) 2017 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#include <android-base/file.h>

#include <android-base/stringprintf.h>

#include <android-base/strings.h>

#include <android-base/properties.h>

#include "fs_mgr_priv.h"

// Tries to get the boot config value in properties, kernel cmdline and

// device tree (in that order).  returns 'true' if successfully found, 'false'

// otherwise

bool fs_mgr_get_boot_config(const std::string& key, std::string* out_val) {

    FS_MGR_CHECK(out_val != nullptr);

    // first check if we have "ro.boot" property already

    *out_val = android::base::GetProperty("ro.boot." + key, "");

    if (!out_val->empty()) {

        return true;

    }

    // fallback to kernel cmdline, properties may not be ready yet

    std::string cmdline;

    std::string cmdline_key("androidboot." + key);

    if (android::base::ReadFileToString("/proc/cmdline", &cmdline)) {

        for (const auto& entry : android::base::Split(android::base::Trim(cmdline), " ")) {

            std::vector<std::string> pieces = android::base::Split(entry, "=");

            if (pieces.size() == 2) {

                if (pieces[0] == cmdline_key) {

                    *out_val = pieces[1];

                    return true;

                }

            }

        }

    }

    // lastly, check the device tree

    static const std::string android_dt_dir("/proc/device-tree/firmware/android");

    std::string file_name = android_dt_dir + "/compatible";

    std::string dt_value;

    if (android::base::ReadFileToString(file_name, &dt_value)) {

        if (dt_value != "android,firmware") {

            LERROR << "Error finding compatible android DT node";

            return false;

        }

        file_name = android_dt_dir + "/" + key;

        // DT entries terminate with '\0' but so do the properties

        if (android::base::ReadFileToString(file_name, out_val)) {

            return true;

        }

        LERROR << "Error finding '" << key << "' in device tree";

    }

    return false;

}

    return fstab->fs_mgr_flags & MF_VERIFY;

}

int fs_mgr_is_verifyatboot(const struct fstab_rec *fstab)

{

    return fstab->fs_mgr_flags & MF_VERIFYATBOOT;

}

int fs_mgr_is_encryptable(const struct fstab_rec *fstab)

{

    return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT | MF_FORCEFDEORFBE);