ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

am 70f81cee: Merge "fs_mgr_verity: Add support for squashfs"

Browse source 
* commit '70f81ceeeb1c88a164b0e02e05110043ceef8885':
  fs_mgr_verity: Add support for squashfs
This commit is contained in:
Mohamad Ayyash 2015-04-08 19:09:55 +00:00 committed by Android Git Automerger
commit 48bfdb859b
3 changed files with 40 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
fs_mgr/Android.mk
View file

@ -8,8 +8,8 @@ LOCAL_SRC_FILES:= fs_mgr.c fs_mgr_verity.c fs_mgr_fstab.c
LOCAL_C_INCLUDES := $(LOCAL_PATH)/include LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
LOCAL_MODULE:= libfs_mgr LOCAL_MODULE:= libfs_mgr
LOCAL_STATIC_LIBRARIES := liblogwrap libmincrypt libext4_utils_static LOCAL_STATIC_LIBRARIES := liblogwrap libmincrypt libext4_utils_static libsquashfs_utils
LOCAL_C_INCLUDES += system/extras/ext4_utils LOCAL_C_INCLUDES += system/extras/ext4_utils system/extras/squashfs_utils
LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
LOCAL_CFLAGS := -Werror LOCAL_CFLAGS := -Werror
@ -34,7 +34,7 @@ LOCAL_FORCE_STATIC_EXECUTABLE := true
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)/sbin LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)/sbin
LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED) LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED)
LOCAL_STATIC_LIBRARIES := libfs_mgr liblogwrap libcutils liblog libc libmincrypt libext4_utils_static LOCAL_STATIC_LIBRARIES := libfs_mgr liblogwrap libcutils liblog libc libmincrypt libext4_utils_static libsquashfs_utils
LOCAL_CXX_STL := libc++_static LOCAL_CXX_STL := libc++_static
LOCAL_CFLAGS := -Werror LOCAL_CFLAGS := -Werror

59
fs_mgr/fs_mgr_verity.c
View file

@ -38,6 +38,7 @@
#include "mincrypt/sha256.h" #include "mincrypt/sha256.h"
#include "ext4_sb.h" #include "ext4_sb.h"
#include "squashfs_utils.h"
#include "fs_mgr_priv.h" #include "fs_mgr_priv.h"
#include "fs_mgr_priv_verity.h" #include "fs_mgr_priv_verity.h"
@ -140,7 +141,19 @@ out:
return retval; return retval;
} }
static int get_target_device_size(char *blk_device, uint64_t *device_size) static int squashfs_get_target_device_size(char *blk_device, uint64_t *device_size)
{
struct squashfs_info sq_info;
if (squashfs_parse_sb(blk_device, &sq_info) >= 0) {
*device_size = sq_info.bytes_used_4K_padded;
return 0;
} else {
return -1;
}
}
static int ext4_get_target_device_size(char *blk_device, uint64_t *device_size)
{ {
int data_device; int data_device;
struct ext4_super_block sb; struct ext4_super_block sb;
@ -173,11 +186,11 @@ static int get_target_device_size(char *blk_device, uint64_t *device_size)
return 0; return 0;
} }
static int read_verity_metadata(char *block_device, char **signature, char **table) static int read_verity_metadata(uint64_t device_size, char *block_device, char **signature,
char **table)
{ {
unsigned magic_number; unsigned magic_number;
unsigned table_length; unsigned table_length;
uint64_t device_length;
int protocol_version; int protocol_version;
int device; int device;
int retval = FS_MGR_SETUP_VERITY_FAIL; int retval = FS_MGR_SETUP_VERITY_FAIL;
@ -194,12 +207,7 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab
goto out; goto out;
} }
// find the start of the verity metadata if (TEMP_FAILURE_RETRY(lseek64(device, device_size, SEEK_SET)) < 0) {
if (get_target_device_size(block_device, &device_length) < 0) {
ERROR("Could not get target device size.\n");
goto out;
}
if (TEMP_FAILURE_RETRY(lseek64(device, device_length, SEEK_SET)) < 0) {
ERROR("Could not seek to start of verity metadata block.\n"); ERROR("Could not seek to start of verity metadata block.\n");
goto out; goto out;
} }
@ -220,8 +228,7 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab
#endif #endif
if (magic_number != VERITY_METADATA_MAGIC_NUMBER) { if (magic_number != VERITY_METADATA_MAGIC_NUMBER) {
ERROR("Couldn't find verity metadata at offset %"PRIu64"!\n", ERROR("Couldn't find verity metadata at offset %"PRIu64"!\n", device_size);
device_length);
goto out; goto out;
} }
@ -330,17 +337,12 @@ static int get_verity_device_name(struct dm_ioctl *io, char *name, int fd, char
return 0; return 0;
} }
static int load_verity_table(struct dm_ioctl *io, char *name, char *blockdev, int fd, char *table, static int load_verity_table(struct dm_ioctl *io, char *name, uint64_t device_size, int fd, char *table,
int mode) int mode)
{ {
char *verity_params; char *verity_params;
char *buffer = (char*) io; char *buffer = (char*) io;
size_t bufsize; size_t bufsize;
uint64_t device_size = 0;
if (get_target_device_size(blockdev, &device_size) < 0) {
return -1;
}
verity_ioctl_init(io, name, DM_STATUS_TABLE_FLAG); verity_ioctl_init(io, name, DM_STATUS_TABLE_FLAG);
@ -901,6 +903,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) {
char *verity_blk_name = 0; char *verity_blk_name = 0;
char *verity_table = 0; char *verity_table = 0;
char *verity_table_signature = 0; char *verity_table_signature = 0;
uint64_t device_size = 0;
_Alignas(struct dm_ioctl) char buffer[DM_BUF_SIZE]; _Alignas(struct dm_ioctl) char buffer[DM_BUF_SIZE];
struct dm_ioctl *io = (struct dm_ioctl *) buffer; struct dm_ioctl *io = (struct dm_ioctl *) buffer;
@ -910,16 +913,26 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) {
io->flags |= 1; io->flags |= 1;
io->target_count = 1; io->target_count = 1;
// check to ensure that the verity device is ext4 // check the verity device's filesystem
// TODO: support non-ext4 filesystems if (!strcmp(fstab->fs_type, "ext4")) {
if (strcmp(fstab->fs_type, "ext4")) { if (ext4_get_target_device_size(fstab->blk_device, &device_size) < 0) {
ERROR("Cannot verify non-ext4 device (%s)", fstab->fs_type); ERROR("Failed to get ext4 fs size on %s.", fstab->blk_device);
return retval;
}
} else if (!strcmp(fstab->fs_type, "squashfs")) {
if (squashfs_get_target_device_size(fstab->blk_device, &device_size) < 0) {
ERROR("Failed to get squashfs fs size on %s.", fstab->blk_device);
return retval;
}
} else {
ERROR("%s: Unsupported filesystem for verity.", fstab->fs_type);
return retval; return retval;
} }
// read the verity block at the end of the block device // read the verity block at the end of the block device
// send error code up the chain so we can detect attempts to disable verity // send error code up the chain so we can detect attempts to disable verity
retval = read_verity_metadata(fstab->blk_device, retval = read_verity_metadata(device_size,
fstab->blk_device,
&verity_table_signature, &verity_table_signature,
&verity_table); &verity_table);
if (retval < 0) { if (retval < 0) {
@ -964,7 +977,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) {
INFO("Enabling dm-verity for %s (mode %d)\n", mount_point, mode); INFO("Enabling dm-verity for %s (mode %d)\n", mount_point, mode);
// load the verity mapping table // load the verity mapping table
if (load_verity_table(io, mount_point, fstab->blk_device, fd, verity_table, if (load_verity_table(io, mount_point, device_size, fd, verity_table,
mode) < 0) { mode) < 0) {
goto out; goto out;
} }

1
init/Android.mk
View file

@ -58,6 +58,7 @@ LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED)
LOCAL_STATIC_LIBRARIES := \ LOCAL_STATIC_LIBRARIES := \
libinit \ libinit \
libfs_mgr \ libfs_mgr \
libsquashfs_utils \
liblogwrap \ liblogwrap \
libcutils \ libcutils \
libbase \ libbase \