ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "fs_mgr: allow no verity metadata when the device is unlocked."

Browse source
This commit is contained in:
Treehugger Robot 2017-07-06 00:29:47 +00:00 committed by Gerrit Code Review
commit cd0c2d8962
4 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
fs_mgr/fs_mgr.cpp
View file

@ -457,6 +457,16 @@ int fs_mgr_set_blk_ro(const char *blockdev)
return rc; return rc;
} }
// Orange state means the device is unlocked, see the following link for details.
// https://source.android.com/security/verifiedboot/verified-boot#device_state
bool fs_mgr_is_device_unlocked() {
std::string verified_boot_state;
if (fs_mgr_get_boot_config("verifiedbootstate", &verified_boot_state)) {
return verified_boot_state == "orange";
}
return false;
}
/* /*
* __mount(): wrapper around the mount() system call which also * __mount(): wrapper around the mount() system call which also
* sets the underlying block device to read-only if the mount is read-only. * sets the underlying block device to read-only if the mount is read-only.

12
fs_mgr/fs_mgr_avb.cpp
View file

@ -473,16 +473,6 @@ static bool get_hashtree_descriptor(const std::string& partition_name,
return true; return true;
} }
// Orange state means the device is unlocked, see the following link for details.
// https://source.android.com/security/verifiedboot/verified-boot#device_state
static inline bool IsDeviceUnlocked() {
std::string verified_boot_state;
if (fs_mgr_get_boot_config("verifiedbootstate", &verified_boot_state)) {
return verified_boot_state == "orange";
}
return false;
}
FsManagerAvbUniquePtr FsManagerAvbHandle::Open(const fstab& fstab) { FsManagerAvbUniquePtr FsManagerAvbHandle::Open(const fstab& fstab) {
FsManagerAvbOps avb_ops(fstab); FsManagerAvbOps avb_ops(fstab);
return DoOpen(&avb_ops); return DoOpen(&avb_ops);
@ -498,7 +488,7 @@ FsManagerAvbUniquePtr FsManagerAvbHandle::Open(ByNameSymlinkMap&& by_name_symlin
} }
FsManagerAvbUniquePtr FsManagerAvbHandle::DoOpen(FsManagerAvbOps* avb_ops) { FsManagerAvbUniquePtr FsManagerAvbHandle::DoOpen(FsManagerAvbOps* avb_ops) {
bool is_device_unlocked = IsDeviceUnlocked(); bool is_device_unlocked = fs_mgr_is_device_unlocked();
FsManagerAvbUniquePtr avb_handle(new FsManagerAvbHandle()); FsManagerAvbUniquePtr avb_handle(new FsManagerAvbHandle());
if (!avb_handle) { if (!avb_handle) {

1
fs_mgr/fs_mgr_priv.h
View file

@ -113,6 +113,7 @@
int fs_mgr_set_blk_ro(const char *blockdev); int fs_mgr_set_blk_ro(const char *blockdev);
int fs_mgr_test_access(const char *device); int fs_mgr_test_access(const char *device);
bool fs_mgr_update_for_slotselect(struct fstab *fstab); bool fs_mgr_update_for_slotselect(struct fstab *fstab);
bool fs_mgr_is_device_unlocked();
bool is_dt_compatible(); bool is_dt_compatible();
bool is_device_secure(); bool is_device_secure();
int load_verity_state(struct fstab_rec* fstab, int* mode); int load_verity_state(struct fstab_rec* fstab, int* mode);

4
fs_mgr/fs_mgr_verity.cpp
View file

@ -782,8 +782,8 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev)
if (fec_verity_get_metadata(f, &verity) < 0) { if (fec_verity_get_metadata(f, &verity) < 0) {
PERROR << "Failed to get verity metadata '" << fstab->blk_device << "'"; PERROR << "Failed to get verity metadata '" << fstab->blk_device << "'";
// Allow verity disabled when the device is unlocked without metadata // Allow verity disabled when the device is unlocked without metadata
if ("0" == android::base::GetProperty("ro.boot.flash.locked", "")) { if (fs_mgr_is_device_unlocked()) {
retval = FS_MGR_SETUP_VERITY_DISABLED; retval = FS_MGR_SETUP_VERITY_SKIPPED;
LWARNING << "Allow invalid metadata when the device is unlocked"; LWARNING << "Allow invalid metadata when the device is unlocked";
} }
goto out; goto out;