This allows the client to get the public key data without need to
provide the expected key data to load vbmeta. Then do the comparison by
themselves, to allow "key rotation".
Bug: 65470881
Test: atest libfs_avb_test
Test: atest libfs_avb_internal_test
Test: boot a device
Change-Id: Icd4e317c2f79cd35e46cdd14f858575ee692facd
Enables performance testing with very large numbers of dm-linear devices
Test: Can create device with 16384 extents, and can get its table
Bug: 123261135
Change-Id: I0e78a659eb7616e4db6a8276031e25a0d84f52ba
Background:
We now have two sets of Bionic: the bootstrap Bionic which is at
/system/{lib|bin}/bootstrap for early processes and the default Bionic
which is from the runtime APEX for all the others. In order to give the
same path for Bionic to both categories of processes, the init prepares
two mount namespaces and bind-mount appropriate Bionic files onto the
common mount points under /bionic. For example,
/system/bin/bootstrap/linker is bind-mounted to /bionic/bin/linker for
the early processes. Likewise, /apex/com.android.runtime/bin/linker is
bind-mounted to the same path for rest of the processes.
In addition, in order not to propagate mount events in one mount
namespace to the other namespace, /bionic itself is created as a mount
namespace (via self bind-mount) and its propagation type is set to
private.
Changes required:
This however requires some adjustments to adb sync and remount
mechanism.
For remounting, /bionic path should also be re-mounted for RW, because
it is a RO mount in the beginning. This remounting is done only for the
system-as-root devices where entire / can be re-mounted as RW.
For synching, the sync thread creates a temporary mount namespace where
there is no bind-mount. This ensures that a path that the thread handles
is pointing to the correct file that is expected from the client side.
In addition, push operation to /bionic path is done without unlinking.
This is required because the mount points under /bionic are gone in the
current mount namespace but are still active in other mount namespaces.
If unlinked, the existing mounts on the path are all silently removed.
In order to prevent the unwanted situation, the moint points are not
unlinked but truncated to 0. This however is not a significant problem
because the files that serve as mount points do not carry any
useful information (i.e. the content is meaningless).
Bug: 879416
Test: adb sync
adb push <random_file> /bionic/bin/linker64
adb push <random_file> /system/bin/bootstrap/bin/linker64
system/core/fs_mgr/tests/adb-remount-test.sh
Change-Id: Id87dc9ee7ec5c43d06b54969b55e2cb394329317
Particularly, capitulate that GetEntryForMountPoint() would be cleaner
than std::find_if() and update the rest of system/core to use it.
Test: build
Change-Id: I982b5a8552d44852d3ab22c20db83afcd4dd652b
We no longer use these methods since they require write access to the
userdata block device. This patch removes them to simplify FiemapWriter,
and avoid opening userdata with write permissions.
Bug: 122556707
Test: fiemap_writer_test gtest
Change-Id: I0091eb5ff92253533c67c89b0059c34953aae211
The following static function has been added into class AvbHandle to
support loading the AVB hashtree descriptor to enable dm-verity for
a FstabEntry.
static AvbHashtreeResult SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry);
Bug: 112103720
Bug: 117960205
Test: atest libfs_avb_test
Test: atest libfs_avb_internal_test
Test: Add /system/etc/system_other.avbpubkey, then add
avb_key=/system/etc/system_other.avbpubkey into /system/etc/fstab.postinstall.
factory reset, boot a device and checks that system_other is
mounted with verity (see the serial log below)
Serial log:
-----------
init: [libfs_avb]Built verity table: '1 /dev/block/by-name/system_a
/dev/block/by-name/system_a 4096 4096 8521
8521 sha1 895ba03023a35172b393429fadad9ee228b39203
3405d16fec2cd12ad9e6b36d3bc983e1e83b5e09 10 use_fec_from_device
/dev/block/by-name/system_a fec_roots 2 fec_blocks 8589 fec_start 8589
restart_on_corruption ignore_zero_blocks'
init: [libfs_mgr]superblock s_max_mnt_count:65535,/dev/block/dm-7
init: [libfs_mgr]__mount(source=/dev/block/dm-7,target=/postinstall,type=ext4)=0:
Success
Change-Id: Ie339a43ff9c6a7d170e12ef466df666b98ddec19
And deprecate one more old style function that is not used after this
change.
Test: boot, disable and enable verity
Change-Id: Id509f479850120352b4ea4dc3b6c40f6e8e2e53e
Previously information from the fstab was needed for this test, but
that's not longer the case, so skip reading the fstab altogether.
Test: build
Change-Id: I3989c62e19ae2d8606f2bc3a617f9cc3da0e5a6f
New code should be using the new Fstab class, so remove these older
functions that don't have current users.
Test: build
Change-Id: I3ba2b12b838b4b46979963869939fd4b65264738
* changes:
fs_mgr: test parsing all mount and fs mgr options
fs_mgr: convert parse_flags over to C++
fs_mgr: store file_contents_mode and file_names_mode directly
Fixes a bug where verify= and a path is not respected.
Keeps the default value of -1 for swap_prio, zram_size, and the vold
managed partition number in the case of not being able to parse their
values.
Test: fs_mgr unit tests, boot
Change-Id: I41bd92a7a2f9165d62134704cb7a1209d76a2071
It doesn't really make sense to have extra logic to convert these
strings to enums then back again to strings for usage, especially
since with the C++ fstab, these strings are small enough to fall into
the small string optimization of std::string.
This will help make future changes cleaner as well.
Test: boot, fs_mgr_test
Change-Id: I5669ed10f2fc3eafdb137747446a2e93c24d55c4
Since we are moving the fstab from DT into the ramdisk fstab, the
logging from ReadFstabFromDt when reading the default fstab is
turning into logging noise.
Test: compile
Bug: 122602260
Change-Id: Icba0962c13d701afce2dc7c4f23712dd47ea0100
This commits adds the following two public functions into
class AvbHandle, and verified by 'libfs_avb_test':
static AvbUniquePtr LoadAndVerifyVbmeta(); // loads inline vbmeta.
static AvbUniquePtr LoadAndVerifyVbmeta( // loads offline vbmeta.
const std::string& partition_name, const std::string& ab_suffix,
const std::string& ab_other_suffix, const std::string& expected_public_key,
const HashAlgorithm& hash_algorithm, bool allow_verification_error,
bool load_chained_vbmeta, bool rollback_protection,
std::function<std::string(const std::string&)> custom_device_path = nullptr);
The first function LoadAndVerifyVbmeta() will be used to replace Open(),
in a separate CL in the future. Many libfs_avb internal utils are added
into avb_util.cpp as well, which are verified by
'libfs_avb_internal_test'.
Bug: 112103720
Bug: 117960205
Test: atest libfs_avb_test
Test: atest libfs_avb_internal_test
Change-Id: I807b8af0b69c9a4511f6f120e9754aca5442830e
liblp treats the term "block size" ambiguously when it compares the logical
hardware block size with the file system block size (which for all
intents and purposes must be 4K). This warning is thus spurious on
devices with say a 512 logical block size. However, liblp's block size
should at least be a multiple of this, so change the check accordingly.
Bug: 123317012
Test: liblp_test gtest
Change-Id: I0f41f6bae60a512ab8d313e487c28606daa661a6
WAI: Using mount -o rw,remount command can only work after the
overlays are setup. After the second 'adb disable-verity' or
'adb remount -R' has been issued; the first only disables
verity and does not setup the backing storage. If mount remount
command is issued after the first on an overlayfs system, it will
report a r/o filesystem.
Add a test that confirms that at least this supported behavior is
working, we do not test the corner case.
In the case of overlayfs, we have declared we will not support the
mount remount operation until then; we would need to modify toybox
to add logic that resides inside adb remount service. toybox is
allowed to be adjusted to compile under Android and bionic, but it
is not supposed to have code that is specific to Android.
Fix last test to before this one to move us back into this state.
Fix the adb_sh command parser to handle properly quoting arguments
as it passes them to adb, since we will need it working for this
added test.
Report the product serial number of build description to aid triage.
Test: adb-remount-test.sh
Bug: 109821005
Bug: 122602260
Bug: 123079041
Change-Id: Ida051dbe2a918182db97f0f22f64b299e3c0a068
And fix a bug in the meantime, where mounts with no filesystem
specific mount options were incorrectly having an empty string in
their set of mount options.
Test: this test
Change-Id: I9b1f14d00a90f8b95a13fcecb3cfa7fe10a2f96a
Loosen some tests and borrow logic from retrofit Dynamic Android
Partitions (DAP) A/B devices. In non-DAP A/B device case
/mnt/scratch is used, backed by the system other partition.
Tested on taimen with CONFIG_OVERLAY_FS added to its pre 4.6 kernel,
and BOARD_EXT4_SHARE_DUP_BLOCKS := true added to board config. Also
tested on a retrofit DAP A/B device and an untouched taimen.
Test: adb_remount_test.sh
Bug: 120448575
Change-Id: I72aaf4d68db1c3ac380aba425346ab6443cadad3
If there is no userspace fastboot, then overlayfs has a corner case
bug where overlay content is not wiped when the partition is flashed.
We will report a warning instead.
This is done to reduce the flakiness of the test results as we do not
intend to fix this specific corner case in the short term. We would
require to record a sha representing the flash image, and the risks
were evaluated as too high of an impact on libavb to add interfaces
to expose the signatures, especially at first stage mount time. All
new devices must support Dynamic Android Partitions (DAP), which
means they all have support for userspace fastboot, it will be
considered a misconfiguration and thus the position is we will not
fix this issue and only use this test adjustment to deal with legacy
products. If a legacy non-DAP product wishes to close the issue
today, they must supply a user space fastboot.
Test: adb-remount-test.sh
Bug: 109821005
Bug: 123079041
Change-Id: I420cb87c19e3e184a974dfc373fb17c097d4858f
Check if any system partition looks like it has ext dedupe or
rather shared_blocks feature enabled, if so then we expect
overlayfs to kick in. We do this to deal with any flakiness
in the test when right-sizing is not applied to the platform.
Minor: older devices mounted persist to /persist.
Test: adb-remount-test.sh
Bug: 109821005
Bug: 123079041
Change-Id: Iab7c6cf7f24f2c446aeb149e3f65d6793a42c6ea
