fs_mgr: allow disable dm-verity when the device is unlocked without metadata
To start Treble VTS test, a single AOSP system.img will be flashed onto
the device. The size of AOSP system.img might be different than the
system partition size on device, making locating verity metadata fail
(at the last fixed size of the partition).
This change allows disabling dm-verity on system partition when the
device is unlocked (orange device state) with invalid metadata.
BUG: 35603549
Test: Boot bullhead with a different-sized system.img, checks verity is
not enabled via:
"adb shell getprop | grep partition.system.verified"
Change-Id: Id89d023e82c78ff1902ab7a528431cf7f65e49ad
diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp
index e8ed6a2..54a6f71 100644
--- a/fs_mgr/fs_mgr_verity.cpp
+++ b/fs_mgr/fs_mgr_verity.cpp
@@ -30,6 +30,7 @@
#include <unistd.h>
#include <android-base/file.h>
+#include <android-base/properties.h>
#include <android-base/strings.h>
#include <android-base/unique_fd.h>
#include <crypto_utils/android_pubkey.h>
@@ -874,6 +875,11 @@
// read verity metadata
if (fec_verity_get_metadata(f, &verity) < 0) {
PERROR << "Failed to get verity metadata '" << fstab->blk_device << "'";
+ // Allow verity disabled when the device is unlocked without metadata
+ if ("0" == android::base::GetProperty("ro.boot.flash.locked", "")) {
+ retval = FS_MGR_SETUP_VERITY_DISABLED;
+ LWARNING << "Allow invalid metadata when the device is unlocked";
+ }
goto out;
}