Refactor fs_mgr_update_verity_state()
fs_mgr_update_verity_state() has two callers with generally different
intentions. One caller loops through all entries in the default fstab
to set partition.<mount_point>.verified properties. The other caller
is only interested in whether or a specific mount point has verity
enabled.
Given this, we refactor fs_mgr_update_verity_state() to
fs_mgr_get_verity_mount_point() which takes a single FstabEntry and
returns the mount point used for the dm-verity device or an empty
option if verity is not enabled on that mount point.
Test: adb-remount-test.sh test on blueline
Change-Id: Ic7dd8390509e95b2931b21e544c919a544138864
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index e684293..b69e773 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -85,6 +85,7 @@
#define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a)))
+using android::base::Basename;
using android::base::Realpath;
using android::base::StartsWith;
using android::base::unique_fd;
@@ -1576,65 +1577,41 @@
return true;
}
-bool fs_mgr_update_verity_state(
- std::function<void(const std::string& mount_point, int mode)> callback) {
- if (!callback) {
- return false;
- }
-
- int mode;
- if (!fs_mgr_load_verity_state(&mode)) {
- return false;
- }
-
- Fstab fstab;
- if (!ReadDefaultFstab(&fstab)) {
- LERROR << "Failed to read default fstab";
+bool fs_mgr_is_verity_enabled(const FstabEntry& entry) {
+ if (!entry.fs_mgr_flags.verify && !entry.fs_mgr_flags.avb) {
return false;
}
DeviceMapper& dm = DeviceMapper::Instance();
- for (const auto& entry : fstab) {
- if (!entry.fs_mgr_flags.verify && !entry.fs_mgr_flags.avb) {
- continue;
- }
-
- std::string mount_point;
- if (entry.mount_point == "/") {
- // In AVB, the dm device name is vroot instead of system.
- mount_point = entry.fs_mgr_flags.avb ? "vroot" : "system";
- } else {
- mount_point = basename(entry.mount_point.c_str());
- }
-
- if (dm.GetState(mount_point) == DmDeviceState::INVALID) {
- PERROR << "Could not find verity device for mount point: " << mount_point;
- continue;
- }
-
- const char* status;
- std::vector<DeviceMapper::TargetInfo> table;
- if (!dm.GetTableStatus(mount_point, &table) || table.empty() || table[0].data.empty()) {
- if (!entry.fs_mgr_flags.verify_at_boot) {
- PERROR << "Failed to query DM_TABLE_STATUS for " << mount_point;
- continue;
- }
- status = "V";
- } else {
- status = table[0].data.c_str();
- }
-
- // To be consistent in vboot 1.0 and vboot 2.0 (AVB), change the mount_point
- // back to 'system' for the callback. So it has property [partition.system.verified]
- // instead of [partition.vroot.verified].
- if (mount_point == "vroot") mount_point = "system";
- if (*status == 'C' || *status == 'V') {
- callback(mount_point, mode);
- }
+ std::string mount_point;
+ if (entry.mount_point == "/") {
+ // In AVB, the dm device name is vroot instead of system.
+ mount_point = entry.fs_mgr_flags.avb ? "vroot" : "system";
+ } else {
+ mount_point = Basename(entry.mount_point);
}
- return true;
+ if (dm.GetState(mount_point) == DmDeviceState::INVALID) {
+ return false;
+ }
+
+ const char* status;
+ std::vector<DeviceMapper::TargetInfo> table;
+ if (!dm.GetTableStatus(mount_point, &table) || table.empty() || table[0].data.empty()) {
+ if (!entry.fs_mgr_flags.verify_at_boot) {
+ return false;
+ }
+ status = "V";
+ } else {
+ status = table[0].data.c_str();
+ }
+
+ if (*status == 'C' || *status == 'V') {
+ return true;
+ }
+
+ return false;
}
std::string fs_mgr_get_super_partition_name(int slot) {
diff --git a/fs_mgr/fs_mgr_overlayfs.cpp b/fs_mgr/fs_mgr_overlayfs.cpp
index df1e326..87729cd 100644
--- a/fs_mgr/fs_mgr_overlayfs.cpp
+++ b/fs_mgr/fs_mgr_overlayfs.cpp
@@ -272,15 +272,6 @@
return false;
}
-std::vector<std::string> fs_mgr_overlayfs_verity_enabled_list() {
- std::vector<std::string> ret;
- auto save_errno = errno;
- fs_mgr_update_verity_state(
- [&ret](const std::string& mount_point, int) { ret.emplace_back(mount_point); });
- if ((errno == ENOENT) || (errno == ENXIO)) errno = save_errno;
- return ret;
-}
-
bool fs_mgr_wants_overlayfs(FstabEntry* entry) {
// Don't check entries that are managed by vold.
if (entry->fs_mgr_flags.vold_managed || entry->fs_mgr_flags.recovery_only) return false;
@@ -537,7 +528,6 @@
std::vector<std::string> fs_mgr_candidate_list(Fstab* fstab, const char* mount_point = nullptr) {
std::vector<std::string> mounts;
- auto verity = fs_mgr_overlayfs_verity_enabled_list();
for (auto& entry : *fstab) {
if (!fs_mgr_overlayfs_already_mounted(entry.mount_point) &&
!fs_mgr_wants_overlayfs(&entry)) {
@@ -545,10 +535,12 @@
}
std::string new_mount_point(fs_mgr_mount_point(entry.mount_point.c_str()));
if (mount_point && (new_mount_point != mount_point)) continue;
- if (std::find(verity.begin(), verity.end(), android::base::Basename(new_mount_point)) !=
- verity.end()) {
- continue;
- }
+
+ auto saved_errno = errno;
+ auto verity_enabled = fs_mgr_is_verity_enabled(entry);
+ if (errno == ENOENT || errno == ENXIO) errno = saved_errno;
+ if (verity_enabled) continue;
+
auto duplicate_or_more_specific = false;
for (auto it = mounts.begin(); it != mounts.end();) {
if ((*it == new_mount_point) ||
diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h
index 8af80a7..a3bb852 100644
--- a/fs_mgr/include/fs_mgr.h
+++ b/fs_mgr/include/fs_mgr.h
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef __CORE_FS_MGR_H
-#define __CORE_FS_MGR_H
+#pragma once
#include <stdio.h>
#include <stdint.h>
@@ -73,8 +72,8 @@
const std::string& mount_point = "");
int fs_mgr_do_tmpfs_mount(const char *n_name);
bool fs_mgr_load_verity_state(int* mode);
-bool fs_mgr_update_verity_state(
- std::function<void(const std::string& mount_point, int mode)> callback);
+// Returns true if verity is enabled on this particular FstabEntry.
+bool fs_mgr_is_verity_enabled(const android::fs_mgr::FstabEntry& entry);
bool fs_mgr_swapon_all(const android::fs_mgr::Fstab& fstab);
bool fs_mgr_update_logical_partition(android::fs_mgr::FstabEntry* entry);
@@ -90,5 +89,3 @@
// specified, the super partition for the corresponding metadata slot will be
// returned. Otherwise, it will use the current slot.
std::string fs_mgr_get_super_partition_name(int slot = -1);
-
-#endif /* __CORE_FS_MGR_H */
diff --git a/init/builtins.cpp b/init/builtins.cpp
index c8ceb0c..538ed00 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -75,6 +75,7 @@
using namespace std::literals::string_literals;
+using android::base::Basename;
using android::base::unique_fd;
using android::fs_mgr::Fstab;
using android::fs_mgr::ReadFstabFromFile;
@@ -749,11 +750,27 @@
}
static Result<Success> do_verity_update_state(const BuiltinArguments& args) {
- if (!fs_mgr_update_verity_state([](const std::string& mount_point, int mode) {
- property_set("partition." + mount_point + ".verified", std::to_string(mode));
- })) {
- return Error() << "fs_mgr_update_verity_state() failed";
+ int mode;
+ if (!fs_mgr_load_verity_state(&mode)) {
+ return Error() << "fs_mgr_load_verity_state() failed";
}
+
+ Fstab fstab;
+ if (!ReadDefaultFstab(&fstab)) {
+ return Error() << "Failed to read default fstab";
+ }
+
+ for (const auto& entry : fstab) {
+ if (!fs_mgr_is_verity_enabled(entry)) {
+ continue;
+ }
+
+ // To be consistent in vboot 1.0 and vboot 2.0 (AVB), use "system" for the partition even
+ // for system as root, so it has property [partition.system.verified].
+ std::string partition = entry.mount_point == "/" ? "system" : Basename(entry.mount_point);
+ property_set("partition." + partition + ".verified", std::to_string(mode));
+ }
+
return Success();
}