ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "adb: Allow disabling verity on eng builds when using AVB."

Browse source
This commit is contained in:
Treehugger Robot 2017-05-17 21:11:44 +00:00 committed by Gerrit Code Review
commit 7ce0f00c08
1 changed files with 23 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
adb/set_verity_enable_state_service.cpp
View file

@ -139,25 +139,36 @@ void set_verity_enabled_state_service(int fd, void* cookie) {
bool any_changed = false; bool any_changed = false;
bool enable = (cookie != NULL); bool enable = (cookie != NULL);
if (!kAllowDisableVerity) {
WriteFdFmt(fd, "%s-verity only works for userdebug builds\n", // Figure out if we're using VB1.0 or VB2.0 (aka AVB) - by
enable ? "enable" : "disable"); // contract, androidboot.vbmeta.digest is set by the bootloader
// when using AVB).
bool using_avb = !android::base::GetProperty("ro.boot.vbmeta.digest", "").empty();
// If using AVB, dm-verity is used on any build so we want it to
// be possible to disable/enable on any build (except USER). For
// VB1.0 dm-verity is only enabled on certain builds.
if (!using_avb) {
if (!kAllowDisableVerity) {
WriteFdFmt(fd, "%s-verity only works for userdebug builds\n",
enable ? "enable" : "disable");
}
if (!android::base::GetBoolProperty("ro.secure", false)) {
WriteFdFmt(fd, "verity not enabled - ENG build\n");
return;
}
} }
if (!android::base::GetBoolProperty("ro.secure", false)) { // Should never be possible to disable dm-verity on a USER build
WriteFdFmt(fd, "verity not enabled - ENG build\n"); // regardless of using AVB or VB1.0.
return;
}
if (!__android_log_is_debuggable()) { if (!__android_log_is_debuggable()) {
WriteFdFmt(fd, "verity cannot be disabled/enabled - USER build\n"); WriteFdFmt(fd, "verity cannot be disabled/enabled - USER build\n");
return; return;
} }
// Figure out if we're using VB1.0 or VB2.0 (aka AVB). if (using_avb) {
std::string vbmeta_hash = android::base::GetProperty("ro.boot.vbmeta.digest", ""); // Yep, the system is using AVB.
if (vbmeta_hash != "") {
// Yep, the system is using AVB (by contract, androidboot.vbmeta.hash is
// set by the bootloader when using AVB).
AvbOps* ops = avb_ops_user_new(); AvbOps* ops = avb_ops_user_new();
if (ops == nullptr) { if (ops == nullptr) {
WriteFdFmt(fd, "Error getting AVB ops\n"); WriteFdFmt(fd, "Error getting AVB ops\n");