adb: checks device state when using adb disable-verity for AVB
adb disable-verity will toggle a flag in /vbmeta and introduce AVB
verification error on next boot. If the device is LOCKED, it will make
the device unbootable because verification error isn't allowed when the
device is locked.
Also indicating 'adb root' when failed to get verity state.
Bug: 70969453
Test: adb disable-verity should pop-up warning if the device is locked.
Change-Id: I1ed705e34334ea2231c96b16ddb8d225067af2f0
Merged-In: I1ed705e34334ea2231c96b16ddb8d225067af2f0
(cherry picked from commit 8cc9c3835a7052621b4829324b30f21f0307510e)
diff --git a/adb/set_verity_enable_state_service.cpp b/adb/set_verity_enable_state_service.cpp
index 49e0363..0fcf89b 100644
--- a/adb/set_verity_enable_state_service.cpp
+++ b/adb/set_verity_enable_state_service.cpp
@@ -98,13 +98,22 @@
return android::base::GetProperty("ro.boot.slot_suffix", "");
}
+static bool is_avb_device_locked() {
+ return android::base::GetProperty("ro.boot.vbmeta.device_state", "") == "locked";
+}
+
/* Use AVB to turn verity on/off */
static bool set_avb_verity_enabled_state(int fd, AvbOps* ops, bool enable_verity) {
std::string ab_suffix = get_ab_suffix();
-
bool verity_enabled;
+
+ if (is_avb_device_locked()) {
+ WriteFdFmt(fd, "Device is locked. Please unlock the device first\n");
+ return false;
+ }
+
if (!avb_user_verity_get(ops, ab_suffix.c_str(), &verity_enabled)) {
- WriteFdFmt(fd, "Error getting verity state\n");
+ WriteFdFmt(fd, "Error getting verity state. Try adb root first?\n");
return false;
}