From 45a00fdccefc059112e43be690411ece655f2ed1 Mon Sep 17 00:00:00 2001
From: Bowgo Tsai <bowgotsai@google.com>
Date: Mon, 12 Mar 2018 16:26:23 +0800
Subject: [PATCH] adb: checks device state when using adb disable-verity for
 AVB

adb disable-verity will toggle a flag in /vbmeta and introduce AVB
verification error on next boot. If the device is LOCKED, it will make
the device unbootable because verification error isn't allowed when the
device is locked.

Also indicating 'adb root' when failed to get verity state.

Bug: 70969453
Test: adb disable-verity should pop-up warning if the device is locked.

Change-Id: I1ed705e34334ea2231c96b16ddb8d225067af2f0
Merged-In: I1ed705e34334ea2231c96b16ddb8d225067af2f0
(cherry picked from commit 8cc9c3835a7052621b4829324b30f21f0307510e)
---
 adb/set_verity_enable_state_service.cpp | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/adb/set_verity_enable_state_service.cpp b/adb/set_verity_enable_state_service.cpp
index 49e0363a1..0fcf89b7c 100644
--- a/adb/set_verity_enable_state_service.cpp
+++ b/adb/set_verity_enable_state_service.cpp
@@ -98,13 +98,22 @@ static std::string get_ab_suffix() {
     return android::base::GetProperty("ro.boot.slot_suffix", "");
 }
 
+static bool is_avb_device_locked() {
+    return android::base::GetProperty("ro.boot.vbmeta.device_state", "") == "locked";
+}
+
 /* Use AVB to turn verity on/off */
 static bool set_avb_verity_enabled_state(int fd, AvbOps* ops, bool enable_verity) {
     std::string ab_suffix = get_ab_suffix();
-
     bool verity_enabled;
+
+    if (is_avb_device_locked()) {
+        WriteFdFmt(fd, "Device is locked. Please unlock the device first\n");
+        return false;
+    }
+
     if (!avb_user_verity_get(ops, ab_suffix.c_str(), &verity_enabled)) {
-        WriteFdFmt(fd, "Error getting verity state\n");
+        WriteFdFmt(fd, "Error getting verity state. Try adb root first?\n");
         return false;
     }