Add init command to set verified properties

Add a command that updates dm-verity state and sets partition.%.verified properties used by adb remount. This is needed in init since fs_mgr cannot set properties: I6a28cccb1ccce960841af20a4b20c32d424b5524 Change-Id: I0fdf5bc29c56690dcadff9d0eb216d3c68483538
2015-03-19 10:00:34 +00:00 · 2015-03-19 10:00:34 +00:00 · acbf9bef43
parent b054582b90
commit acbf9bef43
5 changed files with 47 additions and 7 deletions
--- a/fs_mgr/fs_mgr_verity.c
+++ b/fs_mgr/fs_mgr_verity.c
@ -591,7 +591,7 @@ out:
    return rc;
 }

-int fs_mgr_update_verity_state()
+int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback)
 {
    _Alignas(struct dm_ioctl) char buffer[DM_BUF_SIZE];
    char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
@ -645,7 +645,14 @@ int fs_mgr_update_verity_state()

        if (*status == 'C') {
            rc = write_verity_state(state_loc, offset, VERITY_MODE_LOGGING);
-            goto out;
+
+            if (rc == -1) {
+                goto out;
+            }
+        }
+
+        if (callback) {
+            callback(&fstab->recs[i], mount_point, *status);
        }
    }

@ -729,6 +736,8 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) {
        mode = VERITY_MODE_RESTART; /* default dm-verity mode */
    }

+    INFO("Enabling dm-verity for %s (mode %d)\n",  mount_point, mode);
+
    // load the verity mapping table
    if (load_verity_table(io, mount_point, fstab->blk_device, fd, verity_table,
            mode) < 0) {
--- a/fs_mgr/include/fs_mgr.h
+++ b/fs_mgr/include/fs_mgr.h
@ -27,6 +27,10 @@
 // turn verity off in userdebug builds.
 #define VERITY_METADATA_MAGIC_DISABLE 0x46464f56 // "VOFF"

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 // Verity modes
 enum verity_mode {
    VERITY_MODE_EIO = 0,
@ -35,10 +39,6 @@ enum verity_mode {
    VERITY_MODE_LAST = VERITY_MODE_RESTART
 };

-#ifdef __cplusplus
-extern "C" {
-#endif
-
 /*
 * The entries must be kept in the same order as they were seen in the fstab.
 * Unless explicitly requested, a lookup on mount point should always
@ -66,6 +66,10 @@ struct fstab_rec {
    unsigned int zram_size;
 };

+// Callback function for verity status
+typedef void (*fs_mgr_verity_state_callback)(struct fstab_rec *fstab,
+        const char *mount_point, int status);
+
 struct fstab *fs_mgr_read_fstab(const char *fstab_path);
 void fs_mgr_free_fstab(struct fstab *fstab);

@ -84,7 +88,7 @@ int fs_mgr_unmount_all(struct fstab *fstab);
 int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc,
                          char *real_blk_device, int size);
 int fs_mgr_load_verity_state(int *mode);
-int fs_mgr_update_verity_state();
+int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback);
 int fs_mgr_add_entry(struct fstab *fstab,
                     const char *mount_point, const char *fs_type,
                     const char *blk_device);
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@ -687,6 +687,30 @@ int do_verity_load_state(int nargs, char **args) {
    return -1;
 }

+static void verity_update_property(struct fstab_rec *fstab,
+                    const char *mount_point, int status) {
+    char key[PROP_NAME_MAX];
+    int ret;
+
+    ret = snprintf(key, PROP_NAME_MAX, "partition.%s.verified", mount_point);
+    if (ret >= PROP_NAME_MAX) {
+        ERROR("Error setting verified property for %s: name too long\n",
+            mount_point);
+        return;
+    }
+
+    ret = property_set(key, "1");
+    if (ret < 0)
+        ERROR("Error setting verified property %s: %d\n", key, ret);
+}
+
+int do_verity_update_state(int nargs, char **args) {
+    if (nargs == 1) {
+        return fs_mgr_update_verity_state(verity_update_property);
+    }
+    return -1;
+}
+
 int do_write(int nargs, char **args)
 {
    const char *path = args[1];
--- a/init/init_parser.cpp
+++ b/init/init_parser.cpp
@ -202,6 +202,7 @@ static int lookup_keyword(const char *s)
        break;
    case 'v':
        if (!strcmp(s, "erity_load_state")) return K_verity_load_state;
+        if (!strcmp(s, "erity_update_state")) return K_verity_update_state;
        break;
    case 'w':
        if (!strcmp(s, "rite")) return K_write;
--- a/init/keywords.h
+++ b/init/keywords.h
@ -37,6 +37,7 @@ int do_loglevel(int nargs, char **args);
 int do_load_persist_props(int nargs, char **args);
 int do_load_all_props(int nargs, char **args);
 int do_verity_load_state(int nargs, char **args);
+int do_verity_update_state(int nargs, char **args);
 int do_wait(int nargs, char **args);
 #define __MAKE_KEYWORD_ENUM__
 #define KEYWORD(symbol, flags, nargs, func) K_##symbol,
@ -89,6 +90,7 @@ enum {
    KEYWORD(sysclktz,    COMMAND, 1, do_sysclktz)
    KEYWORD(user,        OPTION,  0, 0)
    KEYWORD(verity_load_state,      COMMAND, 0, do_verity_load_state)
+    KEYWORD(verity_update_state,    COMMAND, 0, do_verity_update_state)
    KEYWORD(wait,        COMMAND, 1, do_wait)
    KEYWORD(write,       COMMAND, 2, do_write)
    KEYWORD(copy,        COMMAND, 2, do_copy)