diff options
| -rw-r--r-- | adb/remount_service.cpp | 8 | ||||
| -rw-r--r-- | fs_mgr/fs_mgr_verity.c | 66 | ||||
| -rw-r--r-- | fs_mgr/include/fs_mgr.h | 2 | ||||
| -rw-r--r-- | init/builtins.cpp | 5 |
4 files changed, 44 insertions, 37 deletions
diff --git a/adb/remount_service.cpp b/adb/remount_service.cpp index 483ca3d..b150274 100644 --- a/adb/remount_service.cpp +++ b/adb/remount_service.cpp @@ -112,13 +112,13 @@ void remount_service(int fd, void* cookie) { } bool system_verified = false, vendor_verified = false; - property_get("partition.system.verified", prop_buf, "0"); - if (!strcmp(prop_buf, "1")) { + property_get("partition.system.verified", prop_buf, ""); + if (strlen(prop_buf) > 0) { system_verified = true; } - property_get("partition.vendor.verified", prop_buf, "0"); - if (!strcmp(prop_buf, "1")) { + property_get("partition.vendor.verified", prop_buf, ""); + if (strlen(prop_buf) > 0) { vendor_verified = true; } diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c index acdc5a3..530df26 100644 --- a/fs_mgr/fs_mgr_verity.c +++ b/fs_mgr/fs_mgr_verity.c @@ -594,46 +594,29 @@ out: return rc; } -static int load_verity_state(struct fstab_rec *fstab, int *mode) +static int read_verity_state(const char *fname, off64_t offset, int *mode) { int fd = -1; int rc = -1; - off64_t offset = 0; struct verity_state s; - if (metadata_find(fstab->verity_loc, VERITY_STATE_TAG, sizeof(s), - &offset) < 0) { - /* fall back to stateless behavior */ - *mode = VERITY_MODE_EIO; - rc = 0; - goto out; - } - - if (was_verity_restart()) { - /* device was restarted after dm-verity detected a corrupted - * block, so switch to logging mode */ - *mode = VERITY_MODE_LOGGING; - rc = write_verity_state(fstab->verity_loc, offset, *mode); - goto out; - } - - fd = TEMP_FAILURE_RETRY(open(fstab->verity_loc, O_RDONLY | O_CLOEXEC)); + fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY | O_CLOEXEC)); if (fd == -1) { - ERROR("Failed to open %s (%s)\n", fstab->verity_loc, strerror(errno)); + ERROR("Failed to open %s (%s)\n", fname, strerror(errno)); goto out; } if (TEMP_FAILURE_RETRY(pread64(fd, &s, sizeof(s), offset)) != sizeof(s)) { ERROR("Failed to read %zu bytes from %s offset %" PRIu64 " (%s)\n", - sizeof(s), fstab->verity_loc, offset, strerror(errno)); + sizeof(s), fname, offset, strerror(errno)); goto out; } if (s.header != VERITY_STATE_HEADER) { /* space allocated, but no state written. write default state */ *mode = VERITY_MODE_DEFAULT; - rc = write_verity_state(fstab->verity_loc, offset, *mode); + rc = write_verity_state(fname, offset, *mode); goto out; } @@ -659,6 +642,27 @@ out: return rc; } +static int load_verity_state(struct fstab_rec *fstab, int *mode) +{ + off64_t offset = 0; + + if (metadata_find(fstab->verity_loc, VERITY_STATE_TAG, + sizeof(struct verity_state), &offset) < 0) { + /* fall back to stateless behavior */ + *mode = VERITY_MODE_EIO; + return 0; + } + + if (was_verity_restart()) { + /* device was restarted after dm-verity detected a corrupted + * block, so switch to logging mode */ + *mode = VERITY_MODE_LOGGING; + return write_verity_state(fstab->verity_loc, offset, *mode); + } + + return read_verity_state(fstab->verity_loc, offset, mode); +} + int fs_mgr_load_verity_state(int *mode) { char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)]; @@ -717,6 +721,7 @@ int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback) char *status; int fd = -1; int i; + int mode; int rc = -1; off64_t offset = 0; struct dm_ioctl *io = (struct dm_ioctl *) buffer; @@ -749,32 +754,33 @@ int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback) continue; } + if (read_verity_state(fstab->recs[i].verity_loc, offset, &mode) < 0) { + continue; + } + mount_point = basename(fstab->recs[i].mount_point); verity_ioctl_init(io, mount_point, 0); if (ioctl(fd, DM_TABLE_STATUS, io)) { ERROR("Failed to query DM_TABLE_STATUS for %s (%s)\n", mount_point, strerror(errno)); - goto out; + continue; } status = &buffer[io->data_start + sizeof(struct dm_target_spec)]; if (*status == 'C') { - rc = write_verity_state(fstab->recs[i].verity_loc, offset, - VERITY_MODE_LOGGING); - - if (rc == -1) { - goto out; + if (write_verity_state(fstab->recs[i].verity_loc, offset, + VERITY_MODE_LOGGING) < 0) { + continue; } } if (callback) { - callback(&fstab->recs[i], mount_point, *status); + callback(&fstab->recs[i], mount_point, mode, *status); } } - /* Don't overwrite possible previous state if there's no corruption. */ rc = 0; out: diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h index ad8a8fc..3286948 100644 --- a/fs_mgr/include/fs_mgr.h +++ b/fs_mgr/include/fs_mgr.h @@ -69,7 +69,7 @@ struct fstab_rec { // Callback function for verity status typedef void (*fs_mgr_verity_state_callback)(struct fstab_rec *fstab, - const char *mount_point, int status); + const char *mount_point, int mode, int status); struct fstab *fs_mgr_read_fstab(const char *fstab_path); void fs_mgr_free_fstab(struct fstab *fstab); diff --git a/init/builtins.cpp b/init/builtins.cpp index 6daea37..aa5c649 100644 --- a/init/builtins.cpp +++ b/init/builtins.cpp @@ -680,8 +680,9 @@ int do_verity_load_state(int nargs, char **args) { return rc; } -static void verity_update_property(fstab_rec *fstab, const char *mount_point, int status) { - property_set(android::base::StringPrintf("partition.%s.verified", mount_point).c_str(), "1"); +static void verity_update_property(fstab_rec *fstab, const char *mount_point, int mode, int status) { + property_set(android::base::StringPrintf("partition.%s.verified", mount_point).c_str(), + android::base::StringPrintf("%d", mode).c_str()); } int do_verity_update_state(int nargs, char** args) { |