ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Skip enabling dm-verity for live GSI when needed

Browse source 
Currently the dm-verity for live GSI is always enabled, even if the
disable bit in the top-level /vbmeta is set. We should skip setting up
dm-verity on live system.img when adb disable-verity is ever set.

Bug: 124291583
Test: adb disable-verity, then boot live GSI
Test: fastboot flash --disable-verification vbmeta vbmeta.img,
      then boot live GSI

Change-Id: Id52d20d0b2e56dfa7de8f866dcc989b82a96c879
This commit is contained in:
Bowgo Tsai 2019-02-13 18:14:08 +08:00
parent 68c5ce22fb
commit fffe43974d
1 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
init/first_stage_mount.cpp
View file

@ -47,6 +47,7 @@ using android::base::ReadFileToString;
using android::base::Split;
using android::base::Timer;
using android::fs_mgr::AvbHandle;
using android::fs_mgr::AvbHandleStatus;
using android::fs_mgr::AvbHashtreeResult;
using android::fs_mgr::AvbUniquePtr;
using android::fs_mgr::BuildGsiSystemFstabEntry;
@ -737,8 +738,17 @@ bool FirstStageMountVBootV2::SetUpDmVerity(FstabEntry* fstab_entry) {
hashtree_result =
avb_handle_->SetUpAvbHashtree(fstab_entry, false /* wait_for_verity_dev */);
} else if (!fstab_entry->avb_key.empty()) {
hashtree_result =
AvbHandle::SetUpStandaloneAvbHashtree(fstab_entry, false /* wait_for_verity_dev */);
if (!InitAvbHandle()) return false;
// Checks if hashtree should be disabled from the top-level /vbmeta.
if (avb_handle_->status() == AvbHandleStatus::kHashtreeDisabled ||
avb_handle_->status() == AvbHandleStatus::kVerificationDisabled) {
LOG(ERROR) << "Top-level vbmeta is disabled, skip Hashtree setup for "
<< fstab_entry->mount_point;
return true; // Returns true to mount the partition directly.
} else {
hashtree_result = AvbHandle::SetUpStandaloneAvbHashtree(
fstab_entry, false /* wait_for_verity_dev */);
}
} else {
return true; // No need AVB, returns true to mount the partition directly.
}
@ -754,8 +764,6 @@ bool FirstStageMountVBootV2::SetUpDmVerity(FstabEntry* fstab_entry) {
default:
return false;
}
return true; // Returns true to mount the partition.
}
bool FirstStageMountVBootV2::InitAvbHandle() {