diff options
| author | Sami Tolvanen <samitolvanen@google.com> | 2015-06-03 12:33:07 +0100 |
|---|---|---|
| committer | Sami Tolvanen <samitolvanen@google.com> | 2015-07-08 07:54:24 +0000 |
| commit | 3fd58ae7e57344ff4c1671c1f12dbc7094171538 (patch) | |
| tree | aee4c737ec49ad5660cca7ad96b68f95b43b6e62 /fs_mgr | |
| parent | 833f142d201a4b682885ff9d95c6b3ab32fd0618 (diff) | |
| download | system_core-3fd58ae7e57344ff4c1671c1f12dbc7094171538.zip system_core-3fd58ae7e57344ff4c1671c1f12dbc7094171538.tar.gz system_core-3fd58ae7e57344ff4c1671c1f12dbc7094171538.tar.bz2 | |
fs_mgr: Use ro.boot.veritymode
If verity state is managed by bootloader, it will pass the verity
mode to the kernel in the androidboot.veritymode command line
parameter. Init copies the value to the ro.boot.veritymode property.
Check for ro.boot.veritymode in fs_mgr and use the value to set
dm-verity mode. If this property is not set, store verity state in
metadata as before, if a storage location is specified in fstab.
Bug: 21605676
Change-Id: Ife3c978c133248432c302583d3b70e179605fe42
(cherry picked from commit ac5c1224cfc959b96f7a34068a807db9aaab9358)
Diffstat (limited to 'fs_mgr')
| -rw-r--r-- | fs_mgr/fs_mgr_verity.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c index cc8c57e..2d1abbe 100644 --- a/fs_mgr/fs_mgr_verity.c +++ b/fs_mgr/fs_mgr_verity.c @@ -767,8 +767,24 @@ static int get_verity_state_offset(struct fstab_rec *fstab, off64_t *offset) static int load_verity_state(struct fstab_rec *fstab, int *mode) { - off64_t offset = 0; + char propbuf[PROPERTY_VALUE_MAX]; int match = 0; + off64_t offset = 0; + + /* use the kernel parameter if set */ + property_get("ro.boot.veritymode", propbuf, ""); + + if (*propbuf != '\0') { + if (!strcmp(propbuf, "enforcing")) { + *mode = VERITY_MODE_DEFAULT; + return 0; + } else if (!strcmp(propbuf, "logging")) { + *mode = VERITY_MODE_LOGGING; + return 0; + } else { + INFO("Unknown value %s for veritymode; ignoring", propbuf); + } + } if (get_verity_state_offset(fstab, &offset) < 0) { /* fall back to stateless behavior */ @@ -855,6 +871,13 @@ int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback) struct dm_ioctl *io = (struct dm_ioctl *) buffer; struct fstab *fstab = NULL; + /* check if we need to store the state */ + property_get("ro.boot.veritymode", propbuf, ""); + + if (*propbuf != '\0') { + return 0; /* state is kept by the bootloader */ + } + fd = TEMP_FAILURE_RETRY(open("/dev/device-mapper", O_RDWR | O_CLOEXEC)); if (fd == -1) { |