adb: checks device state when using adb disable-verity for AVB

adb disable-verity will toggle a flag in /vbmeta and introduce AVB verification error on next boot. If the device is LOCKED, it will make the device unbootable because verification error isn't allowed when the device is locked. Also indicating 'adb root' when failed to get verity state. Bug: 70969453 Test: adb disable-verity should pop-up warning if the device is locked. Change-Id: I1ed705e34334ea2231c96b16ddb8d225067af2f0
2018-03-12 16:26:23 +08:00 · 2018-03-12 16:26:23 +08:00 · 8cc9c3835a
parent 887d74b479
commit 8cc9c3835a
1 changed files with 11 additions and 2 deletions
--- a/adb/daemon/set_verity_enable_state_service.cpp
+++ b/adb/daemon/set_verity_enable_state_service.cpp
@ -98,13 +98,22 @@ static std::string get_ab_suffix() {
    return android::base::GetProperty("ro.boot.slot_suffix", "");
 }

+static bool is_avb_device_locked() {
+    return android::base::GetProperty("ro.boot.vbmeta.device_state", "") == "locked";
+}
+
 /* Use AVB to turn verity on/off */
 static bool set_avb_verity_enabled_state(int fd, AvbOps* ops, bool enable_verity) {
    std::string ab_suffix = get_ab_suffix();
-
    bool verity_enabled;
+
+    if (is_avb_device_locked()) {
+        WriteFdFmt(fd, "Device is locked. Please unlock the device first\n");
+        return false;
+    }
+
    if (!avb_user_verity_get(ops, ab_suffix.c_str(), &verity_enabled)) {
-        WriteFdFmt(fd, "Error getting verity state\n");
+        WriteFdFmt(fd, "Error getting verity state. Try adb root first?\n");
        return false;
    }