Set verity mode as the verified property value
Set the verity mode as the value for partition.%s.verified to make it
easier for userspace to determine in which mode dm-verity was started.
Change-Id: Icc635515f8a8ede941277aed196867351d8387cb
diff --git a/adb/remount_service.cpp b/adb/remount_service.cpp
index 483ca3d..b150274 100644
--- a/adb/remount_service.cpp
+++ b/adb/remount_service.cpp
@@ -112,13 +112,13 @@
}
bool system_verified = false, vendor_verified = false;
- property_get("partition.system.verified", prop_buf, "0");
- if (!strcmp(prop_buf, "1")) {
+ property_get("partition.system.verified", prop_buf, "");
+ if (strlen(prop_buf) > 0) {
system_verified = true;
}
- property_get("partition.vendor.verified", prop_buf, "0");
- if (!strcmp(prop_buf, "1")) {
+ property_get("partition.vendor.verified", prop_buf, "");
+ if (strlen(prop_buf) > 0) {
vendor_verified = true;
}
diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c
index acdc5a3..530df26 100644
--- a/fs_mgr/fs_mgr_verity.c
+++ b/fs_mgr/fs_mgr_verity.c
@@ -594,46 +594,29 @@
return rc;
}
-static int load_verity_state(struct fstab_rec *fstab, int *mode)
+static int read_verity_state(const char *fname, off64_t offset, int *mode)
{
int fd = -1;
int rc = -1;
- off64_t offset = 0;
struct verity_state s;
- if (metadata_find(fstab->verity_loc, VERITY_STATE_TAG, sizeof(s),
- &offset) < 0) {
- /* fall back to stateless behavior */
- *mode = VERITY_MODE_EIO;
- rc = 0;
- goto out;
- }
-
- if (was_verity_restart()) {
- /* device was restarted after dm-verity detected a corrupted
- * block, so switch to logging mode */
- *mode = VERITY_MODE_LOGGING;
- rc = write_verity_state(fstab->verity_loc, offset, *mode);
- goto out;
- }
-
- fd = TEMP_FAILURE_RETRY(open(fstab->verity_loc, O_RDONLY | O_CLOEXEC));
+ fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY | O_CLOEXEC));
if (fd == -1) {
- ERROR("Failed to open %s (%s)\n", fstab->verity_loc, strerror(errno));
+ ERROR("Failed to open %s (%s)\n", fname, strerror(errno));
goto out;
}
if (TEMP_FAILURE_RETRY(pread64(fd, &s, sizeof(s), offset)) != sizeof(s)) {
ERROR("Failed to read %zu bytes from %s offset %" PRIu64 " (%s)\n",
- sizeof(s), fstab->verity_loc, offset, strerror(errno));
+ sizeof(s), fname, offset, strerror(errno));
goto out;
}
if (s.header != VERITY_STATE_HEADER) {
/* space allocated, but no state written. write default state */
*mode = VERITY_MODE_DEFAULT;
- rc = write_verity_state(fstab->verity_loc, offset, *mode);
+ rc = write_verity_state(fname, offset, *mode);
goto out;
}
@@ -659,6 +642,27 @@
return rc;
}
+static int load_verity_state(struct fstab_rec *fstab, int *mode)
+{
+ off64_t offset = 0;
+
+ if (metadata_find(fstab->verity_loc, VERITY_STATE_TAG,
+ sizeof(struct verity_state), &offset) < 0) {
+ /* fall back to stateless behavior */
+ *mode = VERITY_MODE_EIO;
+ return 0;
+ }
+
+ if (was_verity_restart()) {
+ /* device was restarted after dm-verity detected a corrupted
+ * block, so switch to logging mode */
+ *mode = VERITY_MODE_LOGGING;
+ return write_verity_state(fstab->verity_loc, offset, *mode);
+ }
+
+ return read_verity_state(fstab->verity_loc, offset, mode);
+}
+
int fs_mgr_load_verity_state(int *mode)
{
char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
@@ -717,6 +721,7 @@
char *status;
int fd = -1;
int i;
+ int mode;
int rc = -1;
off64_t offset = 0;
struct dm_ioctl *io = (struct dm_ioctl *) buffer;
@@ -749,32 +754,33 @@
continue;
}
+ if (read_verity_state(fstab->recs[i].verity_loc, offset, &mode) < 0) {
+ continue;
+ }
+
mount_point = basename(fstab->recs[i].mount_point);
verity_ioctl_init(io, mount_point, 0);
if (ioctl(fd, DM_TABLE_STATUS, io)) {
ERROR("Failed to query DM_TABLE_STATUS for %s (%s)\n", mount_point,
strerror(errno));
- goto out;
+ continue;
}
status = &buffer[io->data_start + sizeof(struct dm_target_spec)];
if (*status == 'C') {
- rc = write_verity_state(fstab->recs[i].verity_loc, offset,
- VERITY_MODE_LOGGING);
-
- if (rc == -1) {
- goto out;
+ if (write_verity_state(fstab->recs[i].verity_loc, offset,
+ VERITY_MODE_LOGGING) < 0) {
+ continue;
}
}
if (callback) {
- callback(&fstab->recs[i], mount_point, *status);
+ callback(&fstab->recs[i], mount_point, mode, *status);
}
}
- /* Don't overwrite possible previous state if there's no corruption. */
rc = 0;
out:
diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h
index ad8a8fc..3286948 100644
--- a/fs_mgr/include/fs_mgr.h
+++ b/fs_mgr/include/fs_mgr.h
@@ -69,7 +69,7 @@
// Callback function for verity status
typedef void (*fs_mgr_verity_state_callback)(struct fstab_rec *fstab,
- const char *mount_point, int status);
+ const char *mount_point, int mode, int status);
struct fstab *fs_mgr_read_fstab(const char *fstab_path);
void fs_mgr_free_fstab(struct fstab *fstab);
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 6daea37..aa5c649 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -680,8 +680,9 @@
return rc;
}
-static void verity_update_property(fstab_rec *fstab, const char *mount_point, int status) {
- property_set(android::base::StringPrintf("partition.%s.verified", mount_point).c_str(), "1");
+static void verity_update_property(fstab_rec *fstab, const char *mount_point, int mode, int status) {
+ property_set(android::base::StringPrintf("partition.%s.verified", mount_point).c_str(),
+ android::base::StringPrintf("%d", mode).c_str());
}
int do_verity_update_state(int nargs, char** args) {