fs_mgr: move AVB related source into libfs_avb
This CL also adds namespace android::fs_mgr and remove FsManager* prefix
for class names. Note that android::fs_mgr::FsManagerAvbOps will be removed
in later CLs when fs_mgr doesn't rely on libavb->avb_slot_verify() to
parse vbmeta structs.
Some lingering sources for by_name_symlink_map_ are also removed.
Bug: 112103720
Test: boot crosshatch_mainline-userdebug
Change-Id: I2d1a5cc39bcd5a699da8d5539f191d8c7737c4af
diff --git a/fs_mgr/Android.bp b/fs_mgr/Android.bp
index 6c8a943..f150af3 100644
--- a/fs_mgr/Android.bp
+++ b/fs_mgr/Android.bp
@@ -42,8 +42,6 @@
"fs_mgr.cpp",
"fs_mgr_format.cpp",
"fs_mgr_verity.cpp",
- "fs_mgr_avb.cpp",
- "fs_mgr_avb_ops.cpp",
"fs_mgr_dm_linear.cpp",
"fs_mgr_overlayfs.cpp",
"fs_mgr_vendor_overlay.cpp",
@@ -61,10 +59,12 @@
],
static_libs: [
"libavb",
+ "libfs_avb",
"libfstab",
"libdm",
],
export_static_lib_headers: [
+ "libfs_avb",
"libfstab",
"libdm",
],
@@ -104,3 +104,28 @@
export_include_dirs: ["include_fstab"],
header_libs: ["libbase_headers"],
}
+
+cc_library_static {
+ name: "libfs_avb",
+ defaults: ["fs_mgr_defaults"],
+ recovery_available: true,
+ export_include_dirs: ["libfs_avb/include"],
+ srcs: [
+ "libfs_avb/avb_ops.cpp",
+ "libfs_avb/fs_avb.cpp",
+ ],
+ static_libs: [
+ "libavb",
+ "libfstab",
+ "libdm",
+ ],
+ export_static_lib_headers: [
+ "libfstab",
+ ],
+ shared_libs: [
+ "libcrypto",
+ ],
+ header_libs: [
+ "libbase_headers",
+ ],
+}
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index 6310238..1ba956d 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -34,6 +34,7 @@
#include <unistd.h>
#include <functional>
+#include <map>
#include <memory>
#include <string>
#include <thread>
@@ -53,6 +54,7 @@
#include <ext4_utils/ext4_sb.h>
#include <ext4_utils/ext4_utils.h>
#include <ext4_utils/wipe.h>
+#include <fs_avb/fs_avb.h>
#include <fs_mgr_overlayfs.h>
#include <libdm/dm.h>
#include <liblp/metadata_format.h>
@@ -62,7 +64,6 @@
#include <log/log_properties.h>
#include <logwrap/logwrap.h>
-#include "fs_mgr_avb.h"
#include "fs_mgr_priv.h"
#define KEY_LOC_PROP "ro.crypto.keyfile.userdata"
@@ -82,6 +83,9 @@
using android::dm::DeviceMapper;
using android::dm::DmDeviceState;
+using android::fs_mgr::AvbHandle;
+using android::fs_mgr::AvbHashtreeResult;
+using android::fs_mgr::AvbUniquePtr;
// record fs stat
enum FsStatFlags {
@@ -973,7 +977,7 @@
int mount_errno = 0;
int attempted_idx = -1;
CheckpointManager checkpoint_manager;
- FsManagerAvbUniquePtr avb_handle(nullptr);
+ AvbUniquePtr avb_handle(nullptr);
if (!fstab) {
return FS_MGR_MNTALL_FAIL;
@@ -1031,14 +1035,14 @@
if (fstab->recs[i].fs_mgr_flags & MF_AVB) {
if (!avb_handle) {
- avb_handle = FsManagerAvbHandle::Open();
+ avb_handle = AvbHandle::Open();
if (!avb_handle) {
- LERROR << "Failed to open FsManagerAvbHandle";
+ LERROR << "Failed to open AvbHandle";
return FS_MGR_MNTALL_FAIL;
}
}
if (avb_handle->SetUpAvbHashtree(&fstab->recs[i], true /* wait_for_verity_dev */) ==
- SetUpAvbHashtreeResult::kFail) {
+ AvbHashtreeResult::kFail) {
LERROR << "Failed to set up AVB on partition: "
<< fstab->recs[i].mount_point << ", skipping!";
/* Skips mounting the device. */
@@ -1232,7 +1236,7 @@
int first_mount_errno = 0;
char* mount_point;
CheckpointManager checkpoint_manager(needs_checkpoint);
- FsManagerAvbUniquePtr avb_handle(nullptr);
+ AvbUniquePtr avb_handle(nullptr);
if (!fstab) {
return FS_MGR_DOMNT_FAILED;
@@ -1275,14 +1279,14 @@
if (fstab->recs[i].fs_mgr_flags & MF_AVB) {
if (!avb_handle) {
- avb_handle = FsManagerAvbHandle::Open();
+ avb_handle = AvbHandle::Open();
if (!avb_handle) {
- LERROR << "Failed to open FsManagerAvbHandle";
+ LERROR << "Failed to open AvbHandle";
return FS_MGR_DOMNT_FAILED;
}
}
if (avb_handle->SetUpAvbHashtree(&fstab->recs[i], true /* wait_for_verity_dev */) ==
- SetUpAvbHashtreeResult::kFail) {
+ AvbHashtreeResult::kFail) {
LERROR << "Failed to set up AVB on partition: "
<< fstab->recs[i].mount_point << ", skipping!";
/* Skips mounting the device. */
diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h
index 23a92d3..87c971a 100644
--- a/fs_mgr/fs_mgr_priv.h
+++ b/fs_mgr/fs_mgr_priv.h
@@ -21,8 +21,8 @@
#include <string>
#include <android-base/logging.h>
+#include <fs_mgr.h>
-#include "fs_mgr.h"
#include "fs_mgr_priv_boot_config.h"
/* The CHECK() in logging.h will use program invocation name as the tag.
diff --git a/fs_mgr/fs_mgr_avb_ops.cpp b/fs_mgr/libfs_avb/avb_ops.cpp
similarity index 93%
rename from fs_mgr/fs_mgr_avb_ops.cpp
rename to fs_mgr/libfs_avb/avb_ops.cpp
index 18efa22..f56a517 100644
--- a/fs_mgr/fs_mgr_avb_ops.cpp
+++ b/fs_mgr/libfs_avb/avb_ops.cpp
@@ -22,7 +22,7 @@
* SOFTWARE.
*/
-#include "fs_mgr_priv_avb_ops.h"
+#include "avb_ops.h"
#include <errno.h>
#include <fcntl.h>
@@ -37,15 +37,17 @@
#include <libavb/libavb.h>
#include <utils/Compat.h>
-#include "fs_mgr.h"
#include "fs_mgr_priv.h"
using namespace std::literals;
+namespace android {
+namespace fs_mgr {
+
static AvbIOResult read_from_partition(AvbOps* ops, const char* partition, int64_t offset,
size_t num_bytes, void* buffer, size_t* out_num_read) {
return FsManagerAvbOps::GetInstanceFromAvbOps(ops)->ReadFromPartition(
- partition, offset, num_bytes, buffer, out_num_read);
+ partition, offset, num_bytes, buffer, out_num_read);
}
static AvbIOResult dummy_read_rollback_index(AvbOps* ops ATTRIBUTE_UNUSED,
@@ -58,9 +60,10 @@
}
static AvbIOResult dummy_validate_vbmeta_public_key(
- AvbOps* ops ATTRIBUTE_UNUSED, const uint8_t* public_key_data ATTRIBUTE_UNUSED,
- size_t public_key_length ATTRIBUTE_UNUSED, const uint8_t* public_key_metadata ATTRIBUTE_UNUSED,
- size_t public_key_metadata_length ATTRIBUTE_UNUSED, bool* out_is_trusted) {
+ AvbOps* ops ATTRIBUTE_UNUSED, const uint8_t* public_key_data ATTRIBUTE_UNUSED,
+ size_t public_key_length ATTRIBUTE_UNUSED,
+ const uint8_t* public_key_metadata ATTRIBUTE_UNUSED,
+ size_t public_key_metadata_length ATTRIBUTE_UNUSED, bool* out_is_trusted) {
// vbmeta public key has been checked in bootloader phase.
// In user-space, returns true to pass the check.
//
@@ -178,3 +181,6 @@
return avb_slot_verify(&avb_ops_, requested_partitions, ab_suffix.c_str(), flags,
AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, out_data);
}
+
+} // namespace fs_mgr
+} // namespace android
diff --git a/fs_mgr/fs_mgr_priv_avb_ops.h b/fs_mgr/libfs_avb/avb_ops.h
similarity index 89%
rename from fs_mgr/fs_mgr_priv_avb_ops.h
rename to fs_mgr/libfs_avb/avb_ops.h
index 44eb1da..e6b33c2 100644
--- a/fs_mgr/fs_mgr_priv_avb_ops.h
+++ b/fs_mgr/libfs_avb/avb_ops.h
@@ -22,15 +22,14 @@
* SOFTWARE.
*/
-#ifndef __CORE_FS_MGR_PRIV_AVB_OPS_H
-#define __CORE_FS_MGR_PRIV_AVB_OPS_H
+#pragma once
-#include <map>
#include <string>
#include <libavb/libavb.h>
-#include "fs_mgr.h"
+namespace android {
+namespace fs_mgr {
// This class provides C++ bindings to interact with libavb, a small
// self-contained piece of code that's intended to be used in bootloaders.
@@ -42,7 +41,7 @@
// read and verify the metadata and store it into the out_data parameter.
// The caller MUST check the integrity of metadata against the
// androidboot.vbmeta.{hash_alg, size, digest} values from /proc/cmdline.
-// e.g., see class FsManagerAvbVerifier for more details.
+// e.g., see class AvbVerifier for more details.
//
class FsManagerAvbOps {
public:
@@ -60,6 +59,7 @@
private:
AvbOps avb_ops_;
- std::map<std::string, std::string> by_name_symlink_map_;
};
-#endif /* __CORE_FS_MGR_PRIV_AVB_OPS_H */
+
+} // namespace fs_mgr
+} // namespace android
diff --git a/fs_mgr/fs_mgr_avb.cpp b/fs_mgr/libfs_avb/fs_avb.cpp
similarity index 86%
rename from fs_mgr/fs_mgr_avb.cpp
rename to fs_mgr/libfs_avb/fs_avb.cpp
index 6f94d45..c4accad 100644
--- a/fs_mgr/fs_mgr_avb.cpp
+++ b/fs_mgr/libfs_avb/fs_avb.cpp
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-#include "fs_mgr_avb.h"
+#include "fs_avb/fs_avb.h"
#include <fcntl.h>
#include <libgen.h>
@@ -35,10 +35,12 @@
#include <libavb/libavb.h>
#include <libdm/dm.h>
-#include "fs_mgr.h"
+#include "avb_ops.h"
#include "fs_mgr_priv.h"
-#include "fs_mgr_priv_avb_ops.h"
-#include "fs_mgr_priv_sha.h"
+#include "sha.h"
+
+namespace android {
+namespace fs_mgr {
static inline bool nibble_value(const char& c, uint8_t* value) {
FS_MGR_CHECK(value != nullptr);
@@ -117,14 +119,14 @@
// - androidboot.vbmeta.hash_alg
// - androidboot.vbmeta.size
// - androidboot.vbmeta.digest
-class FsManagerAvbVerifier {
+class AvbVerifier {
public:
- // The factory method to return a unique_ptr<FsManagerAvbVerifier>
- static std::unique_ptr<FsManagerAvbVerifier> Create();
+ // The factory method to return a unique_ptr<AvbVerifier>
+ static std::unique_ptr<AvbVerifier> Create();
bool VerifyVbmetaImages(const AvbSlotVerifyData& verify_data);
protected:
- FsManagerAvbVerifier() = default;
+ AvbVerifier() = default;
private:
enum HashAlgorithm {
@@ -138,10 +140,10 @@
size_t vbmeta_size_;
};
-std::unique_ptr<FsManagerAvbVerifier> FsManagerAvbVerifier::Create() {
- std::unique_ptr<FsManagerAvbVerifier> avb_verifier(new FsManagerAvbVerifier());
+std::unique_ptr<AvbVerifier> AvbVerifier::Create() {
+ std::unique_ptr<AvbVerifier> avb_verifier(new AvbVerifier());
if (!avb_verifier) {
- LERROR << "Failed to create unique_ptr<FsManagerAvbVerifier>";
+ LERROR << "Failed to create unique_ptr<AvbVerifier>";
return nullptr;
}
@@ -184,7 +186,7 @@
return avb_verifier;
}
-bool FsManagerAvbVerifier::VerifyVbmetaImages(const AvbSlotVerifyData& verify_data) {
+bool AvbVerifier::VerifyVbmetaImages(const AvbSlotVerifyData& verify_data) {
if (verify_data.num_vbmeta_images == 0) {
LERROR << "No vbmeta images";
return false;
@@ -195,10 +197,10 @@
if (hash_alg_ == kSHA256) {
std::tie(total_size, digest_matched) =
- verify_vbmeta_digest<SHA256Hasher>(verify_data, digest_);
+ verify_vbmeta_digest<SHA256Hasher>(verify_data, digest_);
} else if (hash_alg_ == kSHA512) {
std::tie(total_size, digest_matched) =
- verify_vbmeta_digest<SHA512Hasher>(verify_data, digest_);
+ verify_vbmeta_digest<SHA512Hasher>(verify_data, digest_);
}
if (total_size != vbmeta_size_) {
@@ -268,7 +270,8 @@
const std::string& salt, const std::string& root_digest,
bool wait_for_verity_dev) {
android::dm::DmTable table;
- if (!construct_verity_table(hashtree_desc, salt, root_digest, fstab_entry->blk_device, &table) ||
+ if (!construct_verity_table(hashtree_desc, salt, root_digest, fstab_entry->blk_device,
+ &table) ||
!table.valid()) {
LERROR << "Failed to construct verity table.";
return false;
@@ -314,9 +317,9 @@
// Get descriptors from vbmeta_images[i].
size_t num_descriptors;
std::unique_ptr<const AvbDescriptor* [], decltype(&avb_free)> descriptors(
- avb_descriptor_get_all(verify_data.vbmeta_images[i].vbmeta_data,
- verify_data.vbmeta_images[i].vbmeta_size, &num_descriptors),
- avb_free);
+ avb_descriptor_get_all(verify_data.vbmeta_images[i].vbmeta_data,
+ verify_data.vbmeta_images[i].vbmeta_size, &num_descriptors),
+ avb_free);
if (!descriptors || num_descriptors < 1) {
continue;
@@ -329,9 +332,10 @@
continue;
}
if (desc.tag == AVB_DESCRIPTOR_TAG_HASHTREE) {
- desc_partition_name = (const uint8_t*)descriptors[j] + sizeof(AvbHashtreeDescriptor);
+ desc_partition_name =
+ (const uint8_t*)descriptors[j] + sizeof(AvbHashtreeDescriptor);
if (!avb_hashtree_descriptor_validate_and_byteswap(
- (AvbHashtreeDescriptor*)descriptors[j], out_hashtree_desc)) {
+ (AvbHashtreeDescriptor*)descriptors[j], out_hashtree_desc)) {
continue;
}
if (out_hashtree_desc->partition_name_len != partition_name.length()) {
@@ -361,12 +365,12 @@
return true;
}
-FsManagerAvbUniquePtr FsManagerAvbHandle::Open() {
+AvbUniquePtr AvbHandle::Open() {
bool is_device_unlocked = fs_mgr_is_device_unlocked();
- FsManagerAvbUniquePtr avb_handle(new FsManagerAvbHandle());
+ AvbUniquePtr avb_handle(new AvbHandle());
if (!avb_handle) {
- LERROR << "Failed to allocate FsManagerAvbHandle";
+ LERROR << "Failed to allocate AvbHandle";
return nullptr;
}
@@ -406,7 +410,7 @@
// Sets the MAJOR.MINOR for init to set it into "ro.boot.avb_version".
avb_handle->avb_version_ =
- android::base::StringPrintf("%d.%d", AVB_VERSION_MAJOR, AVB_VERSION_MINOR);
+ android::base::StringPrintf("%d.%d", AVB_VERSION_MAJOR, AVB_VERSION_MINOR);
// Checks whether FLAGS_VERIFICATION_DISABLED is set:
// - Only the top-level vbmeta struct is read.
@@ -414,18 +418,18 @@
// and AVB HASHTREE descriptor(s).
AvbVBMetaImageHeader vbmeta_header;
avb_vbmeta_image_header_to_host_byte_order(
- (AvbVBMetaImageHeader*)avb_handle->avb_slot_data_->vbmeta_images[0].vbmeta_data,
- &vbmeta_header);
- bool verification_disabled =
- ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED);
+ (AvbVBMetaImageHeader*)avb_handle->avb_slot_data_->vbmeta_images[0].vbmeta_data,
+ &vbmeta_header);
+ bool verification_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags &
+ AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED);
if (verification_disabled) {
avb_handle->status_ = kAvbHandleVerificationDisabled;
} else {
// Verifies vbmeta structs against the digest passed from bootloader in kernel cmdline.
- std::unique_ptr<FsManagerAvbVerifier> avb_verifier = FsManagerAvbVerifier::Create();
+ std::unique_ptr<AvbVerifier> avb_verifier = AvbVerifier::Create();
if (!avb_verifier) {
- LERROR << "Failed to create FsManagerAvbVerifier";
+ LERROR << "Failed to create AvbVerifier";
return nullptr;
}
if (!avb_verifier->VerifyVbmetaImages(*avb_handle->avb_slot_data_)) {
@@ -434,8 +438,8 @@
}
// Checks whether FLAGS_HASHTREE_DISABLED is set.
- bool hashtree_disabled =
- ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED);
+ bool hashtree_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags &
+ AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED);
if (hashtree_disabled) {
avb_handle->status_ = kAvbHandleHashtreeDisabled;
}
@@ -445,16 +449,16 @@
return avb_handle;
}
-SetUpAvbHashtreeResult FsManagerAvbHandle::SetUpAvbHashtree(struct fstab_rec* fstab_entry,
- bool wait_for_verity_dev) {
+AvbHashtreeResult AvbHandle::SetUpAvbHashtree(struct fstab_rec* fstab_entry,
+ bool wait_for_verity_dev) {
if (!fstab_entry || status_ == kAvbHandleUninitialized || !avb_slot_data_ ||
avb_slot_data_->num_vbmeta_images < 1) {
- return SetUpAvbHashtreeResult::kFail;
+ return AvbHashtreeResult::kFail;
}
if (status_ == kAvbHandleHashtreeDisabled || status_ == kAvbHandleVerificationDisabled) {
LINFO << "AVB HASHTREE disabled on: " << fstab_entry->mount_point;
- return SetUpAvbHashtreeResult::kDisabled;
+ return AvbHashtreeResult::kDisabled;
}
// Derives partition_name from blk_device to query the corresponding AVB HASHTREE descriptor
@@ -478,14 +482,17 @@
std::string root_digest;
if (!get_hashtree_descriptor(partition_name, *avb_slot_data_, &hashtree_descriptor, &salt,
&root_digest)) {
- return SetUpAvbHashtreeResult::kFail;
+ return AvbHashtreeResult::kFail;
}
// Converts HASHTREE descriptor to verity_table_params.
if (!hashtree_dm_verity_setup(fstab_entry, hashtree_descriptor, salt, root_digest,
wait_for_verity_dev)) {
- return SetUpAvbHashtreeResult::kFail;
+ return AvbHashtreeResult::kFail;
}
- return SetUpAvbHashtreeResult::kSuccess;
+ return AvbHashtreeResult::kSuccess;
}
+
+} // namespace fs_mgr
+} // namespace android
diff --git a/fs_mgr/include/fs_mgr_avb.h b/fs_mgr/libfs_avb/include/fs_avb/fs_avb.h
similarity index 75%
rename from fs_mgr/include/fs_mgr_avb.h
rename to fs_mgr/libfs_avb/include/fs_avb/fs_avb.h
index bb55a14..9adab3d 100644
--- a/fs_mgr/include/fs_mgr_avb.h
+++ b/fs_mgr/libfs_avb/include/fs_avb/fs_avb.h
@@ -14,18 +14,18 @@
* limitations under the License.
*/
-#ifndef __CORE_FS_MGR_AVB_H
-#define __CORE_FS_MGR_AVB_H
+#pragma once
-#include <map>
#include <memory>
#include <string>
+#include <fstab/fstab.h>
#include <libavb/libavb.h>
-#include "fs_mgr.h"
+namespace android {
+namespace fs_mgr {
-enum class SetUpAvbHashtreeResult {
+enum class AvbHashtreeResult {
kSuccess = 0,
kFail,
kDisabled,
@@ -33,17 +33,15 @@
class FsManagerAvbOps;
-class FsManagerAvbHandle;
-using FsManagerAvbUniquePtr = std::unique_ptr<FsManagerAvbHandle>;
-
-using ByNameSymlinkMap = std::map<std::string, std::string>;
+class AvbHandle;
+using AvbUniquePtr = std::unique_ptr<AvbHandle>;
// Provides a factory method to return a unique_ptr pointing to itself and the
// SetUpAvbHashtree() function to extract dm-verity parameters from AVB HASHTREE
// descriptors to load verity table into kernel through ioctl.
-class FsManagerAvbHandle {
+class AvbHandle {
public:
- // The factory method to return a FsManagerAvbUniquePtr that holds
+ // The factory method to return a AvbUniquePtr that holds
// the verified AVB (external/avb) metadata of all verified partitions
// in avb_slot_data_.vbmeta_images[].
//
@@ -51,7 +49,7 @@
// - androidboot.vbmeta.{hash_alg, size, digest}.
//
// A typical usage will be:
- // - FsManagerAvbUniquePtr handle = FsManagerAvbHandle::Open();
+ // - AvbUniquePtr handle = AvbHandle::Open();
//
// Possible return values:
// - nullptr: any error when reading and verifying the metadata,
@@ -75,7 +73,7 @@
// - a valid unique_ptr with status kAvbHandleSuccess: the metadata
// is verified and can be trusted.
//
- static FsManagerAvbUniquePtr Open();
+ static AvbUniquePtr Open();
// Sets up dm-verity on the given fstab entry.
// The 'wait_for_verity_dev' parameter makes this function wait for the
@@ -87,17 +85,17 @@
// failed to get the HASHTREE descriptor, runtime error when set up
// device-mapper, etc.
// - kDisabled: hashtree is disabled.
- SetUpAvbHashtreeResult SetUpAvbHashtree(fstab_rec* fstab_entry, bool wait_for_verity_dev);
+ AvbHashtreeResult SetUpAvbHashtree(fstab_rec* fstab_entry, bool wait_for_verity_dev);
const std::string& avb_version() const { return avb_version_; }
- FsManagerAvbHandle(const FsManagerAvbHandle&) = delete; // no copy
- FsManagerAvbHandle& operator=(const FsManagerAvbHandle&) = delete; // no assignment
+ AvbHandle(const AvbHandle&) = delete; // no copy
+ AvbHandle& operator=(const AvbHandle&) = delete; // no assignment
- FsManagerAvbHandle(FsManagerAvbHandle&&) noexcept = delete; // no move
- FsManagerAvbHandle& operator=(FsManagerAvbHandle&&) noexcept = delete; // no move assignment
+ AvbHandle(AvbHandle&&) noexcept = delete; // no move
+ AvbHandle& operator=(AvbHandle&&) noexcept = delete; // no move assignment
- ~FsManagerAvbHandle() {
+ ~AvbHandle() {
if (avb_slot_data_) {
avb_slot_verify_data_free(avb_slot_data_);
}
@@ -112,11 +110,12 @@
kAvbHandleVerificationError,
};
- FsManagerAvbHandle() : avb_slot_data_(nullptr), status_(kAvbHandleUninitialized) {}
+ AvbHandle() : avb_slot_data_(nullptr), status_(kAvbHandleUninitialized) {}
AvbSlotVerifyData* avb_slot_data_;
AvbHandleStatus status_;
std::string avb_version_;
};
-#endif /* __CORE_FS_MGR_AVB_H */
+} // namespace fs_mgr
+} // namespace android
diff --git a/fs_mgr/fs_mgr_priv_sha.h b/fs_mgr/libfs_avb/sha.h
similarity index 92%
rename from fs_mgr/fs_mgr_priv_sha.h
rename to fs_mgr/libfs_avb/sha.h
index 5b53eea..2d3ca6d 100644
--- a/fs_mgr/fs_mgr_priv_sha.h
+++ b/fs_mgr/libfs_avb/sha.h
@@ -14,11 +14,13 @@
* limitations under the License.
*/
-#ifndef __CORE_FS_MGR_PRIV_SHA_H
-#define __CORE_FS_MGR_PRIV_SHA_H
+#pragma once
#include <openssl/sha.h>
+namespace android {
+namespace fs_mgr {
+
class SHA256Hasher {
private:
SHA256_CTX sha256_ctx;
@@ -59,4 +61,5 @@
}
};
-#endif /* __CORE_FS_MGR_PRIV_SHA_H */
+} // namespace fs_mgr
+} // namespace android
diff --git a/init/Android.mk b/init/Android.mk
index ee030c7..a9daa8b 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -67,6 +67,7 @@
$(TARGET_RAMDISK_OUT)/sys \
LOCAL_STATIC_LIBRARIES := \
+ libfs_avb \
libfs_mgr \
libfec \
libfec_rs \
diff --git a/init/first_stage_mount.cpp b/init/first_stage_mount.cpp
index a3257f5..8644dae 100644
--- a/init/first_stage_mount.cpp
+++ b/init/first_stage_mount.cpp
@@ -30,8 +30,8 @@
#include <android-base/file.h>
#include <android-base/logging.h>
#include <android-base/strings.h>
+#include <fs_avb/fs_avb.h>
#include <fs_mgr.h>
-#include <fs_mgr_avb.h>
#include <fs_mgr_dm_linear.h>
#include <fs_mgr_overlayfs.h>
#include <liblp/liblp.h>
@@ -43,6 +43,9 @@
#include "util.h"
using android::base::Timer;
+using android::fs_mgr::AvbHandle;
+using android::fs_mgr::AvbHashtreeResult;
+using android::fs_mgr::AvbUniquePtr;
using namespace std::literals;
@@ -113,7 +116,7 @@
bool InitAvbHandle();
std::string device_tree_vbmeta_parts_;
- FsManagerAvbUniquePtr avb_handle_;
+ AvbUniquePtr avb_handle_;
};
// Static Functions
@@ -547,12 +550,12 @@
bool FirstStageMountVBootV2::SetUpDmVerity(fstab_rec* fstab_rec) {
if (fs_mgr_is_avb(fstab_rec)) {
if (!InitAvbHandle()) return false;
- SetUpAvbHashtreeResult hashtree_result =
+ AvbHashtreeResult hashtree_result =
avb_handle_->SetUpAvbHashtree(fstab_rec, false /* wait_for_verity_dev */);
switch (hashtree_result) {
- case SetUpAvbHashtreeResult::kDisabled:
+ case AvbHashtreeResult::kDisabled:
return true; // Returns true to mount the partition.
- case SetUpAvbHashtreeResult::kSuccess:
+ case AvbHashtreeResult::kSuccess:
// The exact block device name (fstab_rec->blk_device) is changed to
// "/dev/block/dm-XX". Needs to create it because ueventd isn't started in init
// first stage.
@@ -567,10 +570,10 @@
bool FirstStageMountVBootV2::InitAvbHandle() {
if (avb_handle_) return true; // Returns true if the handle is already initialized.
- avb_handle_ = FsManagerAvbHandle::Open();
+ avb_handle_ = AvbHandle::Open();
if (!avb_handle_) {
- PLOG(ERROR) << "Failed to open FsManagerAvbHandle";
+ PLOG(ERROR) << "Failed to open AvbHandle";
return false;
}
// Sets INIT_AVB_VERSION here for init to set ro.boot.avb_version in the second stage.
@@ -607,7 +610,7 @@
return;
}
- // Initializes required devices for the subsequent FsManagerAvbHandle::Open()
+ // Initializes required devices for the subsequent AvbHandle::Open()
// to verify AVB metadata on all partitions in the verified chain.
// We only set INIT_AVB_VERSION when the AVB verification succeeds, i.e., the
// Open() function returns a valid handle.
@@ -618,9 +621,9 @@
return;
}
- FsManagerAvbUniquePtr avb_handle = FsManagerAvbHandle::Open();
+ AvbUniquePtr avb_handle = AvbHandle::Open();
if (!avb_handle) {
- PLOG(ERROR) << "Failed to open FsManagerAvbHandle for INIT_AVB_VERSION";
+ PLOG(ERROR) << "Failed to open AvbHandle for INIT_AVB_VERSION";
return;
}
setenv("INIT_AVB_VERSION", avb_handle->avb_version().c_str(), 1);