ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "fs_mgr: update block device reference in verity metadata" into nyc-mr1-dev

Browse source
This commit is contained in:
TreeHugger Robot 2016-05-27 23:14:16 +00:00 committed by Android (Google) Code Review
commit 8024f8f9ea
1 changed files with 47 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
fs_mgr/fs_mgr_verity.cpp
View file

@ -30,7 +30,7 @@
#include <time.h> #include <time.h>
#include <android-base/file.h> #include <android-base/file.h>
#include <private/android_filesystem_config.h> #include <android-base/strings.h>
#include <cutils/properties.h> #include <cutils/properties.h>
#include <logwrap/logwrap.h> #include <logwrap/logwrap.h>
@ -217,7 +217,7 @@ static int get_verity_device_name(struct dm_ioctl *io, char *name, int fd, char
} }
struct verity_table_params { struct verity_table_params {
const char *table; char *table;
int mode; int mode;
struct fec_ecc_metadata ecc; struct fec_ecc_metadata ecc;
const char *ecc_dev; const char *ecc_dev;
@ -849,15 +849,42 @@ out:
return rc; return rc;
} }
static void update_verity_table_blk_device(char *blk_device, char **table)
{
std::string result, word;
auto tokens = android::base::Split(*table, " ");
for (const auto token : tokens) {
if (android::base::StartsWith(token, "/dev/block/") &&
android::base::StartsWith(blk_device, token.c_str())) {
word = blk_device;
} else {
word = token;
}
if (result.empty()) {
result = word;
} else {
result += " " + word;
}
}
if (result.empty()) {
return;
}
free(*table);
*table = strdup(result.c_str());
}
int fs_mgr_setup_verity(struct fstab_rec *fstab) int fs_mgr_setup_verity(struct fstab_rec *fstab)
{ {
int retval = FS_MGR_SETUP_VERITY_FAIL; int retval = FS_MGR_SETUP_VERITY_FAIL;
int fd = -1; int fd = -1;
char *invalid_table = NULL;
char *verity_blk_name = NULL; char *verity_blk_name = NULL;
struct fec_handle *f = NULL; struct fec_handle *f = NULL;
struct fec_verity_metadata verity; struct fec_verity_metadata verity;
struct verity_table_params params; struct verity_table_params params = { .table = NULL };
alignas(dm_ioctl) char buffer[DM_BUF_SIZE]; alignas(dm_ioctl) char buffer[DM_BUF_SIZE];
struct dm_ioctl *io = (struct dm_ioctl *) buffer; struct dm_ioctl *io = (struct dm_ioctl *) buffer;
@ -918,6 +945,15 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab)
params.mode = VERITY_MODE_EIO; params.mode = VERITY_MODE_EIO;
} }
if (!verity.table) {
goto out;
}
params.table = strdup(verity.table);
if (!params.table) {
goto out;
}
// verify the signature on the table // verify the signature on the table
if (verify_table(verity.signature, verity.table, if (verify_table(verity.signature, verity.table,
verity.table_length) < 0) { verity.table_length) < 0) {
@ -928,20 +964,18 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab)
} }
// invalidate root hash and salt to trigger device-specific recovery // invalidate root hash and salt to trigger device-specific recovery
invalid_table = strdup(verity.table); if (invalidate_table(params.table, verity.table_length) < 0) {
if (!invalid_table ||
invalidate_table(invalid_table, verity.table_length) < 0) {
goto out; goto out;
} }
params.table = invalid_table;
} else {
params.table = verity.table;
} }
INFO("Enabling dm-verity for %s (mode %d)\n", mount_point, params.mode); INFO("Enabling dm-verity for %s (mode %d)\n", mount_point, params.mode);
if (fstab->fs_mgr_flags & MF_SLOTSELECT) {
// Update the verity params using the actual block device path
update_verity_table_blk_device(fstab->blk_device, &params.table);
}
// load the verity mapping table // load the verity mapping table
if (load_verity_table(io, mount_point, verity.data_size, fd, &params, if (load_verity_table(io, mount_point, verity.data_size, fd, &params,
format_verity_table) == 0) { format_verity_table) == 0) {
@ -1007,7 +1041,7 @@ out:
} }
fec_close(f); fec_close(f);
free(invalid_table); free(params.table);
free(verity_blk_name); free(verity_blk_name);
return retval; return retval;