Merge "Refactor fs_mgr_update_verity_state()"

am: 5272f9b017

Change-Id: I23151b9a2c7bf28e4f62dfdbf5049d0100241cf1

fs_mgr/fs_mgr.cpp

@@ -85,6 +85,7 @@
 
 #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a)))
 
+using android::base::Basename;
 using android::base::Realpath;
 using android::base::StartsWith;
 using android::base::unique_fd;
@@ -1576,65 +1577,41 @@ bool fs_mgr_load_verity_state(int* mode) {
     return true;
 }
 
-bool fs_mgr_update_verity_state(
+bool fs_mgr_is_verity_enabled(const FstabEntry& entry) {
-        std::function<void(const std::string& mount_point, int mode)> callback) {
+    if (!entry.fs_mgr_flags.verify && !entry.fs_mgr_flags.avb) {
-    if (!callback) {
-        return false;
-    }
-
-    int mode;
-    if (!fs_mgr_load_verity_state(&mode)) {
-        return false;
-    }
-
-    Fstab fstab;
-    if (!ReadDefaultFstab(&fstab)) {
-        LERROR << "Failed to read default fstab";
         return false;
     }
 
     DeviceMapper& dm = DeviceMapper::Instance();
 
-    for (const auto& entry : fstab) {
+    std::string mount_point;
-        if (!entry.fs_mgr_flags.verify && !entry.fs_mgr_flags.avb) {
+    if (entry.mount_point == "/") {
-            continue;
+        // In AVB, the dm device name is vroot instead of system.
-        }
+        mount_point = entry.fs_mgr_flags.avb ? "vroot" : "system";
-
+    } else {
-        std::string mount_point;
+        mount_point = Basename(entry.mount_point);
-        if (entry.mount_point == "/") {
-            // In AVB, the dm device name is vroot instead of system.
-            mount_point = entry.fs_mgr_flags.avb ? "vroot" : "system";
-        } else {
-            mount_point = basename(entry.mount_point.c_str());
-        }
-
-        if (dm.GetState(mount_point) == DmDeviceState::INVALID) {
-            PERROR << "Could not find verity device for mount point: " << mount_point;
-            continue;
-        }
-
-        const char* status;
-        std::vector<DeviceMapper::TargetInfo> table;
-        if (!dm.GetTableStatus(mount_point, &table) || table.empty() || table[0].data.empty()) {
-            if (!entry.fs_mgr_flags.verify_at_boot) {
-                PERROR << "Failed to query DM_TABLE_STATUS for " << mount_point;
-                continue;
-            }
-            status = "V";
-        } else {
-            status = table[0].data.c_str();
-        }
-
-        // To be consistent in vboot 1.0 and vboot 2.0 (AVB), change the mount_point
-        // back to 'system' for the callback. So it has property [partition.system.verified]
-        // instead of [partition.vroot.verified].
-        if (mount_point == "vroot") mount_point = "system";
-        if (*status == 'C' || *status == 'V') {
-            callback(mount_point, mode);
-        }
     }
 
-    return true;
+    if (dm.GetState(mount_point) == DmDeviceState::INVALID) {
+        return false;
+    }
+
+    const char* status;
+    std::vector<DeviceMapper::TargetInfo> table;
+    if (!dm.GetTableStatus(mount_point, &table) || table.empty() || table[0].data.empty()) {
+        if (!entry.fs_mgr_flags.verify_at_boot) {
+            return false;
+        }
+        status = "V";
+    } else {
+        status = table[0].data.c_str();
+    }
+
+    if (*status == 'C' || *status == 'V') {
+        return true;
+    }
+
+    return false;
 }
 
 std::string fs_mgr_get_super_partition_name(int slot) {

fs_mgr/fs_mgr_overlayfs.cpp

@@ -272,15 +272,6 @@ bool fs_mgr_overlayfs_already_mounted(const std::string& mount_point, bool overl
     return false;
 }
 
-std::vector<std::string> fs_mgr_overlayfs_verity_enabled_list() {
-    std::vector<std::string> ret;
-    auto save_errno = errno;
-    fs_mgr_update_verity_state(
-            [&ret](const std::string& mount_point, int) { ret.emplace_back(mount_point); });
-    if ((errno == ENOENT) || (errno == ENXIO)) errno = save_errno;
-    return ret;
-}
-
 bool fs_mgr_wants_overlayfs(FstabEntry* entry) {
     // Don't check entries that are managed by vold.
     if (entry->fs_mgr_flags.vold_managed || entry->fs_mgr_flags.recovery_only) return false;
@@ -537,7 +528,6 @@ bool fs_mgr_overlayfs_mount(const std::string& mount_point) {
 
 std::vector<std::string> fs_mgr_candidate_list(Fstab* fstab, const char* mount_point = nullptr) {
     std::vector<std::string> mounts;
-    auto verity = fs_mgr_overlayfs_verity_enabled_list();
     for (auto& entry : *fstab) {
         if (!fs_mgr_overlayfs_already_mounted(entry.mount_point) &&
             !fs_mgr_wants_overlayfs(&entry)) {
@@ -545,10 +535,12 @@ std::vector<std::string> fs_mgr_candidate_list(Fstab* fstab, const char* mount_p
         }
         std::string new_mount_point(fs_mgr_mount_point(entry.mount_point.c_str()));
         if (mount_point && (new_mount_point != mount_point)) continue;
-        if (std::find(verity.begin(), verity.end(), android::base::Basename(new_mount_point)) !=
+
-            verity.end()) {
+        auto saved_errno = errno;
-            continue;
+        auto verity_enabled = fs_mgr_is_verity_enabled(entry);
-        }
+        if (errno == ENOENT || errno == ENXIO) errno = saved_errno;
+        if (verity_enabled) continue;
+
         auto duplicate_or_more_specific = false;
         for (auto it = mounts.begin(); it != mounts.end();) {
             if ((*it == new_mount_point) ||

fs_mgr/include/fs_mgr.h

@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-#ifndef __CORE_FS_MGR_H
+#pragma once
-#define __CORE_FS_MGR_H
 
 #include <stdio.h>
 #include <stdint.h>
@@ -73,8 +72,8 @@ int fs_mgr_do_mount_one(const android::fs_mgr::FstabEntry& entry,
                         const std::string& mount_point = "");
 int fs_mgr_do_tmpfs_mount(const char *n_name);
 bool fs_mgr_load_verity_state(int* mode);
-bool fs_mgr_update_verity_state(
+// Returns true if verity is enabled on this particular FstabEntry.
-        std::function<void(const std::string& mount_point, int mode)> callback);
+bool fs_mgr_is_verity_enabled(const android::fs_mgr::FstabEntry& entry);
 bool fs_mgr_swapon_all(const android::fs_mgr::Fstab& fstab);
 bool fs_mgr_update_logical_partition(android::fs_mgr::FstabEntry* entry);
 
@@ -90,5 +89,3 @@ int fs_mgr_setup_verity(android::fs_mgr::FstabEntry* fstab, bool wait_for_verity
 // specified, the super partition for the corresponding metadata slot will be
 // returned. Otherwise, it will use the current slot.
 std::string fs_mgr_get_super_partition_name(int slot = -1);
-
-#endif /* __CORE_FS_MGR_H */

init/builtins.cpp

@@ -75,6 +75,7 @@
 
 using namespace std::literals::string_literals;
 
+using android::base::Basename;
 using android::base::unique_fd;
 using android::fs_mgr::Fstab;
 using android::fs_mgr::ReadFstabFromFile;
@@ -749,11 +750,27 @@ static Result<Success> do_verity_load_state(const BuiltinArguments& args) {
 }
 
 static Result<Success> do_verity_update_state(const BuiltinArguments& args) {
-    if (!fs_mgr_update_verity_state([](const std::string& mount_point, int mode) {
+    int mode;
-            property_set("partition." + mount_point + ".verified", std::to_string(mode));
+    if (!fs_mgr_load_verity_state(&mode)) {
-        })) {
+        return Error() << "fs_mgr_load_verity_state() failed";
-        return Error() << "fs_mgr_update_verity_state() failed";
     }
+
+    Fstab fstab;
+    if (!ReadDefaultFstab(&fstab)) {
+        return Error() << "Failed to read default fstab";
+    }
+
+    for (const auto& entry : fstab) {
+        if (!fs_mgr_is_verity_enabled(entry)) {
+            continue;
+        }
+
+        // To be consistent in vboot 1.0 and vboot 2.0 (AVB), use "system" for the partition even
+        // for system as root, so it has property [partition.system.verified].
+        std::string partition = entry.mount_point == "/" ? "system" : Basename(entry.mount_point);
+        property_set("partition." + partition + ".verified", std::to_string(mode));
+    }
+
     return Success();
 }