ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "Set hashtree algorithm for verity partitions" am: b9c7459fba

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1553475

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ibcbc292042177b71ac5fec78993a8f20be19d194
This commit is contained in:
Tianjie Xu 2021-01-28 03:46:57 +00:00 committed by Automerger Merge Worker
commit 161e4a8e24
3 changed files with 44 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
fs_mgr/fs_mgr.cpp
View file

@ -2143,6 +2143,41 @@ bool fs_mgr_is_verity_enabled(const FstabEntry& entry) {
return false; return false;
} }
std::string fs_mgr_get_hashtree_algorithm(const android::fs_mgr::FstabEntry& entry) {
if (!entry.fs_mgr_flags.verify && !entry.fs_mgr_flags.avb) {
return "";
}
DeviceMapper& dm = DeviceMapper::Instance();
std::string device = GetVerityDeviceName(entry);
std::vector<DeviceMapper::TargetInfo> table;
if (dm.GetState(device) == DmDeviceState::INVALID || !dm.GetTableInfo(device, &table)) {
return "";
}
for (const auto& target : table) {
if (strcmp(target.spec.target_type, "verity") != 0) {
continue;
}
// The format is stable for dm-verity version 0 & 1. And the data is expected to have
// the fixed format:
// <version> <dev> <hash_dev> <data_block_size> <hash_block_size> <num_data_blocks>
// <hash_start_block> <algorithm> <digest> <salt>
// Details in https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html
std::vector<std::string> tokens = android::base::Split(target.data, " \t\r\n");
if (tokens[0] != "0" && tokens[0] != "1") {
LOG(WARNING) << "Unrecognized device mapper version in " << target.data;
return "";
}
// Hashtree algorithm is the 8th token in the output
return android::base::Trim(tokens[7]);
}
return "";
}
bool fs_mgr_verity_is_check_at_most_once(const android::fs_mgr::FstabEntry& entry) { bool fs_mgr_verity_is_check_at_most_once(const android::fs_mgr::FstabEntry& entry) {
if (!entry.fs_mgr_flags.verify && !entry.fs_mgr_flags.avb) { if (!entry.fs_mgr_flags.verify && !entry.fs_mgr_flags.avb) {
return false; return false;

4
fs_mgr/include/fs_mgr.h
View file

@ -88,6 +88,10 @@ int fs_mgr_do_tmpfs_mount(const char *n_name);
bool fs_mgr_load_verity_state(int* mode); bool fs_mgr_load_verity_state(int* mode);
// Returns true if verity is enabled on this particular FstabEntry. // Returns true if verity is enabled on this particular FstabEntry.
bool fs_mgr_is_verity_enabled(const android::fs_mgr::FstabEntry& entry); bool fs_mgr_is_verity_enabled(const android::fs_mgr::FstabEntry& entry);
// Returns the hash algorithm used to build the hashtree of this particular FstabEntry. Returns an
// empty string if the input isn't a dm-verity entry, or if there is an error.
std::string fs_mgr_get_hashtree_algorithm(const android::fs_mgr::FstabEntry& entry);
bool fs_mgr_swapon_all(const android::fs_mgr::Fstab& fstab); bool fs_mgr_swapon_all(const android::fs_mgr::Fstab& fstab);
bool fs_mgr_update_logical_partition(android::fs_mgr::FstabEntry* entry); bool fs_mgr_update_logical_partition(android::fs_mgr::FstabEntry* entry);

5
init/builtins.cpp
View file

@ -861,6 +861,11 @@ static Result<void> do_verity_update_state(const BuiltinArguments& args) {
// for system as root, so it has property [partition.system.verified]. // for system as root, so it has property [partition.system.verified].
std::string partition = entry.mount_point == "/" ? "system" : Basename(entry.mount_point); std::string partition = entry.mount_point == "/" ? "system" : Basename(entry.mount_point);
SetProperty("partition." + partition + ".verified", std::to_string(mode)); SetProperty("partition." + partition + ".verified", std::to_string(mode));
std::string hash_alg = fs_mgr_get_hashtree_algorithm(entry);
if (!hash_alg.empty()) {
SetProperty("partition." + partition + ".verified.hash_alg", hash_alg);
}
} }
return {}; return {};