fs_mgr: removing is_device_secure()
Previously there is no vboot 1.0 metadata for ENG builds. It relies on is_device_secure() to query "ro.secure" and skip setting up dm-verity if the value is 0 (meaning ENG build). This change will be submitted together with other changes to add vboot 1.0 metadata for ENG builds with a "disable magic". The resulting metadata will be the same as triggering an "adb disable-verity" on an USERDEBUG image. Bug: 63056044 Test: boot sailfish eng/userdebug builds Change-Id: I35eef771e1b30bfc6d01b8ed76b40c942fe7b783
This commit is contained in:
Bowgo Tsai
parent
4a5a337ef2
commit
744361fc57
|
|
@ -56,7 +56,6 @@ cc_library_static {
|
|||
"libfstab",
|
||||
],
|
||||
cppflags: [
|
||||
"-DALLOW_SKIP_SECURE_CHECK=0",
|
||||
"-DALLOW_ADBD_DISABLE_VERITY=0",
|
||||
],
|
||||
product_variables: {
|
||||
|
|
@ -66,12 +65,6 @@ cc_library_static {
|
|||
"-DALLOW_ADBD_DISABLE_VERITY=1",
|
||||
],
|
||||
},
|
||||
eng: {
|
||||
cppflags: [
|
||||
"-UALLOW_SKIP_SECURE_CHECK",
|
||||
"-DALLOW_SKIP_SECURE_CHECK=1",
|
||||
],
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -761,10 +761,6 @@ static int handle_encryptable(const struct fstab_rec* rec)
|
|||
}
|
||||
}
|
||||
|
||||
bool is_device_secure() {
|
||||
return android::base::GetBoolProperty("ro.secure", ALLOW_SKIP_SECURE_CHECK ? false : true);
|
||||
}
|
||||
|
||||
/* When multiple fstab records share the same mount_point, it will
|
||||
* try to mount each one in turn, and ignore any duplicates after a
|
||||
* first successful mount.
|
||||
|
|
@ -837,7 +833,7 @@ int fs_mgr_mount_all(struct fstab *fstab, int mount_mode)
|
|||
/* Skips mounting the device. */
|
||||
continue;
|
||||
}
|
||||
} else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) {
|
||||
} else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY)) {
|
||||
int rc = fs_mgr_setup_verity(&fstab->recs[i], true);
|
||||
if (__android_log_is_debuggable() &&
|
||||
(rc == FS_MGR_SETUP_VERITY_DISABLED ||
|
||||
|
|
@ -1044,7 +1040,7 @@ int fs_mgr_do_mount(struct fstab *fstab, const char *n_name, char *n_blk_device,
|
|||
/* Skips mounting the device. */
|
||||
continue;
|
||||
}
|
||||
} else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) {
|
||||
} else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY)) {
|
||||
int rc = fs_mgr_setup_verity(&fstab->recs[i], true);
|
||||
if (__android_log_is_debuggable() &&
|
||||
(rc == FS_MGR_SETUP_VERITY_DISABLED ||
|
||||
|
|
|
|||
|
|
@ -121,7 +121,6 @@ bool fs_mgr_update_for_slotselect(struct fstab *fstab);
|
|||
bool fs_mgr_is_device_unlocked();
|
||||
const std::string& get_android_dt_dir();
|
||||
bool is_dt_compatible();
|
||||
bool is_device_secure();
|
||||
int load_verity_state(struct fstab_rec* fstab, int* mode);
|
||||
|
||||
#endif /* __CORE_FS_MGR_PRIV_H */
|
||||
|
|
|
|||
|
|
@ -765,13 +765,6 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev)
|
|||
const std::string mount_point(basename(fstab->mount_point));
|
||||
bool verified_at_boot = false;
|
||||
|
||||
// This is a public API and so deserves its own check to see if verity
|
||||
// setup is needed at all.
|
||||
if (!is_device_secure()) {
|
||||
LINFO << "Verity setup skipped for " << mount_point;
|
||||
return FS_MGR_SETUP_VERITY_SKIPPED;
|
||||
}
|
||||
|
||||
if (fec_open(&f, fstab->blk_device, O_RDONLY, FEC_VERITY_DISABLE,
|
||||
FEC_DEFAULT_ROOTS) < 0) {
|
||||
PERROR << "Failed to open '" << fstab->blk_device << "'";
|
||||
|
|
@ -792,7 +785,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev)
|
|||
#ifdef ALLOW_ADBD_DISABLE_VERITY
|
||||
if (verity.disabled) {
|
||||
retval = FS_MGR_SETUP_VERITY_DISABLED;
|
||||
LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG";
|
||||
LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG/ENG";
|
||||
goto out;
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in New Issue