Merge "Set verity mode as the verified property value"

author: Sami Tolvanen 2015-04-07 03:45:23 -0500
committer: Gerrit Code Review 2015-04-07 03:45:24 -0500
commit: 284c5cb2a16d21e5d5123ae6a0d731dcc6beadca (patch)
tree: 83e432d5869f178344cbb7a378f19eef77f48baf
parent: 33c2ad37cac1d85272bd0f8f869710cac73d3bb7 (diff)
parent: 454742392f72079dbdb0d23ea24e01b5703c1aa5 (diff)
download: platform-system-core-284c5cb2a16d21e5d5123ae6a0d731dcc6beadca.tar.gz
platform-system-core-284c5cb2a16d21e5d5123ae6a0d731dcc6beadca.tar.xz
platform-system-core-284c5cb2a16d21e5d5123ae6a0d731dcc6beadca.zip
4 files changed, 44 insertions, 37 deletions
diff --git a/adb/remount_service.cpp b/adb/remount_service.cpp
index 483ca3d3d..b150274c9 100644
--- a/adb/remount_service.cpp
+++ b/adb/remount_service.cpp
@@ -112,13 +112,13 @@ void remount_service(int fd, void* cookie) {
    }
    bool system_verified = false, vendor_verified = false;
-    property_get("partition.system.verified", prop_buf, "0");
+    property_get("partition.system.verified", prop_buf, "");
-    if (!strcmp(prop_buf, "1")) {
+    if (strlen(prop_buf) > 0) {
        system_verified = true;
    }
-    property_get("partition.vendor.verified", prop_buf, "0");
+    property_get("partition.vendor.verified", prop_buf, "");
-    if (!strcmp(prop_buf, "1")) {
+    if (strlen(prop_buf) > 0) {
        vendor_verified = true;
    }
diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c
index acdc5a360..530df2698 100644
--- a/fs_mgr/fs_mgr_verity.c
+++ b/fs_mgr/fs_mgr_verity.c
@@ -594,46 +594,29 @@ out:
    return rc;
 }
-static int load_verity_state(struct fstab_rec *fstab, int *mode)
+static int read_verity_state(const char *fname, off64_t offset, int *mode)
 {
    int fd = -1;
    int rc = -1;
-    off64_t offset = 0;
    struct verity_state s;
-    if (metadata_find(fstab->verity_loc, VERITY_STATE_TAG, sizeof(s),
+    fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY | O_CLOEXEC));
-            &offset) < 0) {
-        /* fall back to stateless behavior */
-        *mode = VERITY_MODE_EIO;
-        rc = 0;
-        goto out;
-    }
-    if (was_verity_restart()) {
-        /* device was restarted after dm-verity detected a corrupted
-         * block, so switch to logging mode */
-        *mode = VERITY_MODE_LOGGING;
-        rc = write_verity_state(fstab->verity_loc, offset, *mode);
-        goto out;
-    }
-    fd = TEMP_FAILURE_RETRY(open(fstab->verity_loc, O_RDONLY | O_CLOEXEC));
    if (fd == -1) {
-        ERROR("Failed to open %s (%s)\n", fstab->verity_loc, strerror(errno));
+        ERROR("Failed to open %s (%s)\n", fname, strerror(errno));
        goto out;
    }
    if (TEMP_FAILURE_RETRY(pread64(fd, &s, sizeof(s), offset)) != sizeof(s)) {
        ERROR("Failed to read %zu bytes from %s offset %" PRIu64 " (%s)\n",
-            sizeof(s), fstab->verity_loc, offset, strerror(errno));
+            sizeof(s), fname, offset, strerror(errno));
        goto out;
    }
    if (s.header != VERITY_STATE_HEADER) {
        /* space allocated, but no state written. write default state */
        *mode = VERITY_MODE_DEFAULT;
-        rc = write_verity_state(fstab->verity_loc, offset, *mode);
+        rc = write_verity_state(fname, offset, *mode);
        goto out;
    }
@@ -659,6 +642,27 @@ out:
    return rc;
 }
+static int load_verity_state(struct fstab_rec *fstab, int *mode)
+{
+    off64_t offset = 0;
+    if (metadata_find(fstab->verity_loc, VERITY_STATE_TAG,
+            sizeof(struct verity_state), &offset) < 0) {
+        /* fall back to stateless behavior */
+        *mode = VERITY_MODE_EIO;
+        return 0;
+    }
+    if (was_verity_restart()) {
+        /* device was restarted after dm-verity detected a corrupted
+         * block, so switch to logging mode */
+        *mode = VERITY_MODE_LOGGING;
+        return write_verity_state(fstab->verity_loc, offset, *mode);
+    }
+    return read_verity_state(fstab->verity_loc, offset, mode);
+}
 int fs_mgr_load_verity_state(int *mode)
 {
    char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
@@ -717,6 +721,7 @@ int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback)
    char *status;
    int fd = -1;
    int i;
+    int mode;
    int rc = -1;
    off64_t offset = 0;
    struct dm_ioctl *io = (struct dm_ioctl *) buffer;
@@ -749,32 +754,33 @@ int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback)
            continue;
        }
+        if (read_verity_state(fstab->recs[i].verity_loc, offset, &mode) < 0) {
+            continue;
+        }
        mount_point = basename(fstab->recs[i].mount_point);
        verity_ioctl_init(io, mount_point, 0);
        if (ioctl(fd, DM_TABLE_STATUS, io)) {
            ERROR("Failed to query DM_TABLE_STATUS for %s (%s)\n", mount_point,
                strerror(errno));
-            goto out;
+            continue;
        }
        status = &buffer[io->data_start + sizeof(struct dm_target_spec)];
        if (*status == 'C') {
-            rc = write_verity_state(fstab->recs[i].verity_loc, offset,
+            if (write_verity_state(fstab->recs[i].verity_loc, offset,
-                    VERITY_MODE_LOGGING);
+                    VERITY_MODE_LOGGING) < 0) {
+                continue;
-            if (rc == -1) {
-                goto out;
            }
        }
        if (callback) {
-            callback(&fstab->recs[i], mount_point, *status);
+            callback(&fstab->recs[i], mount_point, mode, *status);
        }
    }
-    /* Don't overwrite possible previous state if there's no corruption. */
    rc = 0;
 out:
diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h
index b5e02f9bc..c58a888cb 100644
--- a/fs_mgr/include/fs_mgr.h
+++ b/fs_mgr/include/fs_mgr.h
@@ -69,7 +69,7 @@ struct fstab_rec {
 // Callback function for verity status
 typedef void (*fs_mgr_verity_state_callback)(struct fstab_rec *fstab,
-        const char *mount_point, int status);
+        const char *mount_point, int mode, int status);
 struct fstab *fs_mgr_read_fstab(const char *fstab_path);
 void fs_mgr_free_fstab(struct fstab *fstab);
diff --git a/init/builtins.cpp b/init/builtins.cpp
index ff6c9376f..3bbaf8336 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -661,8 +661,9 @@ int do_verity_load_state(int nargs, char **args) {
    return rc;
 }
-static void verity_update_property(fstab_rec *fstab, const char *mount_point, int status) {
+static void verity_update_property(fstab_rec *fstab, const char *mount_point, int mode, int status) {
-    property_set(android::base::StringPrintf("partition.%s.verified", mount_point).c_str(), "1");
+    property_set(android::base::StringPrintf("partition.%s.verified", mount_point).c_str(),
+                 android::base::StringPrintf("%d", mode).c_str());
 }
 int do_verity_update_state(int nargs, char** args) {
author	Sami Tolvanen	2015-04-07 03:45:23 -0500
committer	Gerrit Code Review	2015-04-07 03:45:24 -0500
commit	284c5cb2a16d21e5d5123ae6a0d731dcc6beadca (patch)
tree	83e432d5869f178344cbb7a378f19eef77f48baf
parent	33c2ad37cac1d85272bd0f8f869710cac73d3bb7 (diff)
parent	454742392f72079dbdb0d23ea24e01b5703c1aa5 (diff)
download	platform-system-core-284c5cb2a16d21e5d5123ae6a0d731dcc6beadca.tar.gz platform-system-core-284c5cb2a16d21e5d5123ae6a0d731dcc6beadca.tar.xz platform-system-core-284c5cb2a16d21e5d5123ae6a0d731dcc6beadca.zip

diff --git a/adb/remount_service.cpp b/adb/remount_service.cpp index 483ca3d3d..b150274c9 100644 --- a/adb/remount_service.cpp +++ b/adb/remount_service.cpp
@@ -112,13 +112,13 @@ void remount_service(int fd, void* cookie) {
112	}	112	}
113		113
114	bool system_verified = false, vendor_verified = false;	114	bool system_verified = false, vendor_verified = false;
115	property_get("partition.system.verified", prop_buf, "0");	115	property_get("partition.system.verified", prop_buf, "");
116	if (!strcmp(prop_buf, "1")) {	116	if (strlen(prop_buf) > 0) {
117	system_verified = true;	117	system_verified = true;
118	}	118	}
119		119
120	property_get("partition.vendor.verified", prop_buf, "0");	120	property_get("partition.vendor.verified", prop_buf, "");
121	if (!strcmp(prop_buf, "1")) {	121	if (strlen(prop_buf) > 0) {
122	vendor_verified = true;	122	vendor_verified = true;
123	}	123	}
124		124


diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c index acdc5a360..530df2698 100644 --- a/fs_mgr/fs_mgr_verity.c +++ b/fs_mgr/fs_mgr_verity.c
@@ -594,46 +594,29 @@ out:
594	return rc;	594	return rc;
595	}	595	}
596		596
597	static int load_verity_state(struct fstab_rec fstab, int mode)	597	static int read_verity_state(const char fname, off64_t offset, int mode)
598	{	598	{
599	int fd = -1;	599	int fd = -1;
600	int rc = -1;	600	int rc = -1;
601	off64_t offset = 0;
602	struct verity_state s;	601	struct verity_state s;
603		602
604	if (metadata_find(fstab->verity_loc, VERITY_STATE_TAG, sizeof(s),	603	fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY \| O_CLOEXEC));
605	&offset) < 0) {
606	/* fall back to stateless behavior */
607	*mode = VERITY_MODE_EIO;
608	rc = 0;
609	goto out;
610	}
611
612	if (was_verity_restart()) {
613	/* device was restarted after dm-verity detected a corrupted
614	* block, so switch to logging mode */
615	*mode = VERITY_MODE_LOGGING;
616	rc = write_verity_state(fstab->verity_loc, offset, *mode);
617	goto out;
618	}
619
620	fd = TEMP_FAILURE_RETRY(open(fstab->verity_loc, O_RDONLY \| O_CLOEXEC));
621		604
622	if (fd == -1) {	605	if (fd == -1) {
623	ERROR("Failed to open %s (%s)\n", fstab->verity_loc, strerror(errno));	606	ERROR("Failed to open %s (%s)\n", fname, strerror(errno));
624	goto out;	607	goto out;
625	}	608	}
626		609
627	if (TEMP_FAILURE_RETRY(pread64(fd, &s, sizeof(s), offset)) != sizeof(s)) {	610	if (TEMP_FAILURE_RETRY(pread64(fd, &s, sizeof(s), offset)) != sizeof(s)) {
628	ERROR("Failed to read %zu bytes from %s offset %" PRIu64 " (%s)\n",	611	ERROR("Failed to read %zu bytes from %s offset %" PRIu64 " (%s)\n",
629	sizeof(s), fstab->verity_loc, offset, strerror(errno));	612	sizeof(s), fname, offset, strerror(errno));
630	goto out;	613	goto out;
631	}	614	}
632		615
633	if (s.header != VERITY_STATE_HEADER) {	616	if (s.header != VERITY_STATE_HEADER) {
634	/* space allocated, but no state written. write default state */	617	/* space allocated, but no state written. write default state */
635	*mode = VERITY_MODE_DEFAULT;	618	*mode = VERITY_MODE_DEFAULT;
636	rc = write_verity_state(fstab->verity_loc, offset, *mode);	619	rc = write_verity_state(fname, offset, *mode);
637	goto out;	620	goto out;
638	}	621	}
639		622
@@ -659,6 +642,27 @@ out:
659	return rc;	642	return rc;
660	}	643	}
661		644
		645	static int load_verity_state(struct fstab_rec fstab, int mode)
		646	{
		647	off64_t offset = 0;
		648
		649	if (metadata_find(fstab->verity_loc, VERITY_STATE_TAG,
		650	sizeof(struct verity_state), &offset) < 0) {
		651	/* fall back to stateless behavior */
		652	*mode = VERITY_MODE_EIO;
		653	return 0;
		654	}
		655
		656	if (was_verity_restart()) {
		657	/* device was restarted after dm-verity detected a corrupted
		658	* block, so switch to logging mode */
		659	*mode = VERITY_MODE_LOGGING;
		660	return write_verity_state(fstab->verity_loc, offset, *mode);
		661	}
		662
		663	return read_verity_state(fstab->verity_loc, offset, mode);
		664	}
		665
662	int fs_mgr_load_verity_state(int *mode)	666	int fs_mgr_load_verity_state(int *mode)
663	{	667	{
664	char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];	668	char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
@@ -717,6 +721,7 @@ int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback)
717	char *status;	721	char *status;
718	int fd = -1;	722	int fd = -1;
719	int i;	723	int i;
		724	int mode;
720	int rc = -1;	725	int rc = -1;
721	off64_t offset = 0;	726	off64_t offset = 0;
722	struct dm_ioctl io = (struct dm_ioctl ) buffer;	727	struct dm_ioctl io = (struct dm_ioctl ) buffer;
@@ -749,32 +754,33 @@ int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback)
749	continue;	754	continue;
750	}	755	}
751		756
		757	if (read_verity_state(fstab->recs[i].verity_loc, offset, &mode) < 0) {
		758	continue;
		759	}
		760
752	mount_point = basename(fstab->recs[i].mount_point);	761	mount_point = basename(fstab->recs[i].mount_point);
753	verity_ioctl_init(io, mount_point, 0);	762	verity_ioctl_init(io, mount_point, 0);
754		763
755	if (ioctl(fd, DM_TABLE_STATUS, io)) {	764	if (ioctl(fd, DM_TABLE_STATUS, io)) {
756	ERROR("Failed to query DM_TABLE_STATUS for %s (%s)\n", mount_point,	765	ERROR("Failed to query DM_TABLE_STATUS for %s (%s)\n", mount_point,
757	strerror(errno));	766	strerror(errno));
758	goto out;	767	continue;
759	}	768	}
760		769
761	status = &buffer[io->data_start + sizeof(struct dm_target_spec)];	770	status = &buffer[io->data_start + sizeof(struct dm_target_spec)];
762		771
763	if (*status == 'C') {	772	if (*status == 'C') {
764	rc = write_verity_state(fstab->recs[i].verity_loc, offset,	773	if (write_verity_state(fstab->recs[i].verity_loc, offset,
765	VERITY_MODE_LOGGING);	774	VERITY_MODE_LOGGING) < 0) {
766		775	continue;
767	if (rc == -1) {
768	goto out;
769	}	776	}
770	}	777	}
771		778
772	if (callback) {	779	if (callback) {
773	callback(&fstab->recs[i], mount_point, *status);	780	callback(&fstab->recs[i], mount_point, mode, *status);
774	}	781	}
775	}	782	}
776		783
777	/* Don't overwrite possible previous state if there's no corruption. */
778	rc = 0;	784	rc = 0;
779		785
780	out:	786	out:


diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h index b5e02f9bc..c58a888cb 100644 --- a/fs_mgr/include/fs_mgr.h +++ b/fs_mgr/include/fs_mgr.h
@@ -69,7 +69,7 @@ struct fstab_rec {
69		69
70	// Callback function for verity status	70	// Callback function for verity status
71	typedef void (fs_mgr_verity_state_callback)(struct fstab_rec fstab,	71	typedef void (fs_mgr_verity_state_callback)(struct fstab_rec fstab,
72	const char *mount_point, int status);	72	const char *mount_point, int mode, int status);
73		73
74	struct fstab fs_mgr_read_fstab(const char fstab_path);	74	struct fstab fs_mgr_read_fstab(const char fstab_path);
75	void fs_mgr_free_fstab(struct fstab *fstab);	75	void fs_mgr_free_fstab(struct fstab *fstab);


diff --git a/init/builtins.cpp b/init/builtins.cpp index ff6c9376f..3bbaf8336 100644 --- a/init/builtins.cpp +++ b/init/builtins.cpp
@@ -661,8 +661,9 @@ int do_verity_load_state(int nargs, char **args) {
661	return rc;	661	return rc;
662	}	662	}
663		663
664	static void verity_update_property(fstab_rec fstab, const char mount_point, int status) {	664	static void verity_update_property(fstab_rec fstab, const char mount_point, int mode, int status) {
665	property_set(android::base::StringPrintf("partition.%s.verified", mount_point).c_str(), "1");	665	property_set(android::base::StringPrintf("partition.%s.verified", mount_point).c_str(),
		666	android::base::StringPrintf("%d", mode).c_str());
666	}	667	}
667		668
668	int do_verity_update_state(int nargs, char** args) {	669	int do_verity_update_state(int nargs, char** args) {