am ddd0639e: Merge "Add init command to set verified properties"
* commit 'ddd0639e7e1bb2e02c8e424f45924a44b8f70022': Add init command to set verified properties
This commit is contained in:
Sami Tolvanen
Android Git Automerger
commit
54bac178ce
5 changed files with 47 additions and 7 deletions
|
|
@ -591,7 +591,7 @@ out:
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
int fs_mgr_update_verity_state()
|
int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback)
|
||||||
{
|
{
|
||||||
_Alignas(struct dm_ioctl) char buffer[DM_BUF_SIZE];
|
_Alignas(struct dm_ioctl) char buffer[DM_BUF_SIZE];
|
||||||
char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
|
char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
|
||||||
|
|
@ -645,7 +645,14 @@ int fs_mgr_update_verity_state()
|
||||||
|
|
||||||
if (*status == 'C') {
|
if (*status == 'C') {
|
||||||
rc = write_verity_state(state_loc, offset, VERITY_MODE_LOGGING);
|
rc = write_verity_state(state_loc, offset, VERITY_MODE_LOGGING);
|
||||||
goto out;
|
|
||||||
|
if (rc == -1) {
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (callback) {
|
||||||
|
callback(&fstab->recs[i], mount_point, *status);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -729,6 +736,8 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) {
|
||||||
mode = VERITY_MODE_RESTART; /* default dm-verity mode */
|
mode = VERITY_MODE_RESTART; /* default dm-verity mode */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
INFO("Enabling dm-verity for %s (mode %d)\n", mount_point, mode);
|
||||||
|
|
||||||
// load the verity mapping table
|
// load the verity mapping table
|
||||||
if (load_verity_table(io, mount_point, fstab->blk_device, fd, verity_table,
|
if (load_verity_table(io, mount_point, fstab->blk_device, fd, verity_table,
|
||||||
mode) < 0) {
|
mode) < 0) {
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,10 @@
|
||||||
// turn verity off in userdebug builds.
|
// turn verity off in userdebug builds.
|
||||||
#define VERITY_METADATA_MAGIC_DISABLE 0x46464f56 // "VOFF"
|
#define VERITY_METADATA_MAGIC_DISABLE 0x46464f56 // "VOFF"
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
// Verity modes
|
// Verity modes
|
||||||
enum verity_mode {
|
enum verity_mode {
|
||||||
VERITY_MODE_EIO = 0,
|
VERITY_MODE_EIO = 0,
|
||||||
|
|
@ -35,10 +39,6 @@ enum verity_mode {
|
||||||
VERITY_MODE_LAST = VERITY_MODE_RESTART
|
VERITY_MODE_LAST = VERITY_MODE_RESTART
|
||||||
};
|
};
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The entries must be kept in the same order as they were seen in the fstab.
|
* The entries must be kept in the same order as they were seen in the fstab.
|
||||||
* Unless explicitly requested, a lookup on mount point should always
|
* Unless explicitly requested, a lookup on mount point should always
|
||||||
|
|
@ -66,6 +66,10 @@ struct fstab_rec {
|
||||||
unsigned int zram_size;
|
unsigned int zram_size;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Callback function for verity status
|
||||||
|
typedef void (*fs_mgr_verity_state_callback)(struct fstab_rec *fstab,
|
||||||
|
const char *mount_point, int status);
|
||||||
|
|
||||||
struct fstab *fs_mgr_read_fstab(const char *fstab_path);
|
struct fstab *fs_mgr_read_fstab(const char *fstab_path);
|
||||||
void fs_mgr_free_fstab(struct fstab *fstab);
|
void fs_mgr_free_fstab(struct fstab *fstab);
|
||||||
|
|
||||||
|
|
@ -84,7 +88,7 @@ int fs_mgr_unmount_all(struct fstab *fstab);
|
||||||
int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc,
|
int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc,
|
||||||
char *real_blk_device, int size);
|
char *real_blk_device, int size);
|
||||||
int fs_mgr_load_verity_state(int *mode);
|
int fs_mgr_load_verity_state(int *mode);
|
||||||
int fs_mgr_update_verity_state();
|
int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback);
|
||||||
int fs_mgr_add_entry(struct fstab *fstab,
|
int fs_mgr_add_entry(struct fstab *fstab,
|
||||||
const char *mount_point, const char *fs_type,
|
const char *mount_point, const char *fs_type,
|
||||||
const char *blk_device);
|
const char *blk_device);
|
||||||
|
|
|
||||||
|
|
@ -687,6 +687,30 @@ int do_verity_load_state(int nargs, char **args) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void verity_update_property(struct fstab_rec *fstab,
|
||||||
|
const char *mount_point, int status) {
|
||||||
|
char key[PROP_NAME_MAX];
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
ret = snprintf(key, PROP_NAME_MAX, "partition.%s.verified", mount_point);
|
||||||
|
if (ret >= PROP_NAME_MAX) {
|
||||||
|
ERROR("Error setting verified property for %s: name too long\n",
|
||||||
|
mount_point);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = property_set(key, "1");
|
||||||
|
if (ret < 0)
|
||||||
|
ERROR("Error setting verified property %s: %d\n", key, ret);
|
||||||
|
}
|
||||||
|
|
||||||
|
int do_verity_update_state(int nargs, char **args) {
|
||||||
|
if (nargs == 1) {
|
||||||
|
return fs_mgr_update_verity_state(verity_update_property);
|
||||||
|
}
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
int do_write(int nargs, char **args)
|
int do_write(int nargs, char **args)
|
||||||
{
|
{
|
||||||
const char *path = args[1];
|
const char *path = args[1];
|
||||||
|
|
|
||||||
|
|
@ -202,6 +202,7 @@ static int lookup_keyword(const char *s)
|
||||||
break;
|
break;
|
||||||
case 'v':
|
case 'v':
|
||||||
if (!strcmp(s, "erity_load_state")) return K_verity_load_state;
|
if (!strcmp(s, "erity_load_state")) return K_verity_load_state;
|
||||||
|
if (!strcmp(s, "erity_update_state")) return K_verity_update_state;
|
||||||
break;
|
break;
|
||||||
case 'w':
|
case 'w':
|
||||||
if (!strcmp(s, "rite")) return K_write;
|
if (!strcmp(s, "rite")) return K_write;
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,7 @@ int do_loglevel(int nargs, char **args);
|
||||||
int do_load_persist_props(int nargs, char **args);
|
int do_load_persist_props(int nargs, char **args);
|
||||||
int do_load_all_props(int nargs, char **args);
|
int do_load_all_props(int nargs, char **args);
|
||||||
int do_verity_load_state(int nargs, char **args);
|
int do_verity_load_state(int nargs, char **args);
|
||||||
|
int do_verity_update_state(int nargs, char **args);
|
||||||
int do_wait(int nargs, char **args);
|
int do_wait(int nargs, char **args);
|
||||||
#define __MAKE_KEYWORD_ENUM__
|
#define __MAKE_KEYWORD_ENUM__
|
||||||
#define KEYWORD(symbol, flags, nargs, func) K_##symbol,
|
#define KEYWORD(symbol, flags, nargs, func) K_##symbol,
|
||||||
|
|
@ -89,6 +90,7 @@ enum {
|
||||||
KEYWORD(sysclktz, COMMAND, 1, do_sysclktz)
|
KEYWORD(sysclktz, COMMAND, 1, do_sysclktz)
|
||||||
KEYWORD(user, OPTION, 0, 0)
|
KEYWORD(user, OPTION, 0, 0)
|
||||||
KEYWORD(verity_load_state, COMMAND, 0, do_verity_load_state)
|
KEYWORD(verity_load_state, COMMAND, 0, do_verity_load_state)
|
||||||
|
KEYWORD(verity_update_state, COMMAND, 0, do_verity_update_state)
|
||||||
KEYWORD(wait, COMMAND, 1, do_wait)
|
KEYWORD(wait, COMMAND, 1, do_wait)
|
||||||
KEYWORD(write, COMMAND, 2, do_write)
|
KEYWORD(write, COMMAND, 2, do_write)
|
||||||
KEYWORD(copy, COMMAND, 2, do_copy)
|
KEYWORD(copy, COMMAND, 2, do_copy)
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue