From 99ec013d58dfe2b2792415bbe9cfb694ca9d58b8 Mon Sep 17 00:00:00 2001
From: Yi-Yo Chiang <yochiang@google.com>
Date: Thu, 3 Nov 2022 23:57:58 +0800
Subject: [PATCH] remount: Simplify disable verity logic

We are calling avb_user_verity_set() _for each_ fstab entry in order to
disable verity. This is an artifact from back when each partition has
its own verity flag (VB1.0). Since AVB, the verity flag in vbmeta
affects all dm-verity device, thus we only need to call
avb_user_verity_set() once.

Bug: 241688845
Test: adb-remount-test
Change-Id: Ie5b788e2d34f83152228db62f84d26a32e2b26e0
---
 fs_mgr/fs_mgr_remount.cpp | 41 +++++++++++++--------------------------
 1 file changed, 13 insertions(+), 28 deletions(-)

diff --git a/fs_mgr/fs_mgr_remount.cpp b/fs_mgr/fs_mgr_remount.cpp
index 1040a1802..3824bb607 100644
--- a/fs_mgr/fs_mgr_remount.cpp
+++ b/fs_mgr/fs_mgr_remount.cpp
@@ -294,37 +294,12 @@ struct RemountCheckResult {
     bool remounted_anything = false;
 };
 
-static RemountStatus CheckVerity(const FstabEntry& entry, RemountCheckResult* result) {
-    if (!fs_mgr_is_verity_enabled(entry)) {
-        return REMOUNT_SUCCESS;
-    }
-
-    std::unique_ptr<AvbOps, decltype(&::avb_ops_user_free)> ops(avb_ops_user_new(),
-                                                                &::avb_ops_user_free);
-    if (!ops) {
-        return VERITY_PARTITION;
-    }
-    if (!avb_user_verity_set(ops.get(), fs_mgr_get_slot_suffix().c_str(), false)) {
-        return VERITY_PARTITION;
-    }
-    result->disabled_verity = true;
-    result->reboot_later = true;
-    return REMOUNT_SUCCESS;
-}
-
-static RemountStatus CheckVerityAndOverlayfs(Fstab* partitions, RemountCheckResult* result) {
+RemountStatus CheckOverlayfs(Fstab* partitions, RemountCheckResult* result) {
     RemountStatus status = REMOUNT_SUCCESS;
     for (auto it = partitions->begin(); it != partitions->end();) {
         auto& entry = *it;
         const auto& mount_point = entry.mount_point;
 
-        if (auto rv = CheckVerity(entry, result); rv != REMOUNT_SUCCESS) {
-            LOG(ERROR) << "Skipping verified partition " << mount_point << " for remount";
-            status = rv;
-            it = partitions->erase(it);
-            continue;
-        }
-
         if (fs_mgr_wants_overlayfs(&entry)) {
             bool want_reboot = false;
             bool force = result->disabled_verity;
@@ -514,8 +489,18 @@ static int do_remount(Fstab& fstab, const std::vector<std::string>& partition_ar
         }
     }
 
-    // Check verity and optionally setup overlayfs backing.
-    auto retval = CheckVerityAndOverlayfs(&partitions, check_result);
+    // Disable verity.
+    auto verity_result = SetVerityState(false /* enable_verity */);
+    if (!verity_result.success) {
+        return VERITY_PARTITION;
+    }
+    if (verity_result.want_reboot) {
+        check_result->reboot_later = true;
+        check_result->disabled_verity = true;
+    }
+
+    // Optionally setup overlayfs backing.
+    auto retval = CheckOverlayfs(&partitions, check_result);
 
     if (partitions.empty() || check_result->disabled_verity) {
         if (partitions.empty()) {