diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c index feb3c196f..5c673337b 100644 --- a/fs_mgr/fs_mgr_verity.c +++ b/fs_mgr/fs_mgr_verity.c @@ -591,7 +591,7 @@ out: return rc; } -int fs_mgr_update_verity_state() +int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback) { _Alignas(struct dm_ioctl) char buffer[DM_BUF_SIZE]; char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)]; @@ -645,7 +645,14 @@ int fs_mgr_update_verity_state() if (*status == 'C') { rc = write_verity_state(state_loc, offset, VERITY_MODE_LOGGING); - goto out; + + if (rc == -1) { + goto out; + } + } + + if (callback) { + callback(&fstab->recs[i], mount_point, *status); } } @@ -729,6 +736,8 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { mode = VERITY_MODE_RESTART; /* default dm-verity mode */ } + INFO("Enabling dm-verity for %s (mode %d)\n", mount_point, mode); + // load the verity mapping table if (load_verity_table(io, mount_point, fstab->blk_device, fd, verity_table, mode) < 0) { diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h index 0437d45c7..d2c8fffd0 100644 --- a/fs_mgr/include/fs_mgr.h +++ b/fs_mgr/include/fs_mgr.h @@ -27,6 +27,10 @@ // turn verity off in userdebug builds. #define VERITY_METADATA_MAGIC_DISABLE 0x46464f56 // "VOFF" +#ifdef __cplusplus +extern "C" { +#endif + // Verity modes enum verity_mode { VERITY_MODE_EIO = 0, @@ -35,10 +39,6 @@ enum verity_mode { VERITY_MODE_LAST = VERITY_MODE_RESTART }; -#ifdef __cplusplus -extern "C" { -#endif - /* * The entries must be kept in the same order as they were seen in the fstab. * Unless explicitly requested, a lookup on mount point should always @@ -66,6 +66,10 @@ struct fstab_rec { unsigned int zram_size; }; +// Callback function for verity status +typedef void (*fs_mgr_verity_state_callback)(struct fstab_rec *fstab, + const char *mount_point, int status); + struct fstab *fs_mgr_read_fstab(const char *fstab_path); void fs_mgr_free_fstab(struct fstab *fstab); @@ -84,7 +88,7 @@ int fs_mgr_unmount_all(struct fstab *fstab); int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_device, int size); int fs_mgr_load_verity_state(int *mode); -int fs_mgr_update_verity_state(); +int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback); int fs_mgr_add_entry(struct fstab *fstab, const char *mount_point, const char *fs_type, const char *blk_device); diff --git a/init/builtins.cpp b/init/builtins.cpp index fb1aa7c8b..01217c189 100644 --- a/init/builtins.cpp +++ b/init/builtins.cpp @@ -687,6 +687,30 @@ int do_verity_load_state(int nargs, char **args) { return -1; } +static void verity_update_property(struct fstab_rec *fstab, + const char *mount_point, int status) { + char key[PROP_NAME_MAX]; + int ret; + + ret = snprintf(key, PROP_NAME_MAX, "partition.%s.verified", mount_point); + if (ret >= PROP_NAME_MAX) { + ERROR("Error setting verified property for %s: name too long\n", + mount_point); + return; + } + + ret = property_set(key, "1"); + if (ret < 0) + ERROR("Error setting verified property %s: %d\n", key, ret); +} + +int do_verity_update_state(int nargs, char **args) { + if (nargs == 1) { + return fs_mgr_update_verity_state(verity_update_property); + } + return -1; +} + int do_write(int nargs, char **args) { const char *path = args[1]; diff --git a/init/init_parser.cpp b/init/init_parser.cpp index f3d34b2ed..7db203f0f 100644 --- a/init/init_parser.cpp +++ b/init/init_parser.cpp @@ -202,6 +202,7 @@ static int lookup_keyword(const char *s) break; case 'v': if (!strcmp(s, "erity_load_state")) return K_verity_load_state; + if (!strcmp(s, "erity_update_state")) return K_verity_update_state; break; case 'w': if (!strcmp(s, "rite")) return K_write; diff --git a/init/keywords.h b/init/keywords.h index c8327c36d..09f645b80 100644 --- a/init/keywords.h +++ b/init/keywords.h @@ -37,6 +37,7 @@ int do_loglevel(int nargs, char **args); int do_load_persist_props(int nargs, char **args); int do_load_all_props(int nargs, char **args); int do_verity_load_state(int nargs, char **args); +int do_verity_update_state(int nargs, char **args); int do_wait(int nargs, char **args); #define __MAKE_KEYWORD_ENUM__ #define KEYWORD(symbol, flags, nargs, func) K_##symbol, @@ -89,6 +90,7 @@ enum { KEYWORD(sysclktz, COMMAND, 1, do_sysclktz) KEYWORD(user, OPTION, 0, 0) KEYWORD(verity_load_state, COMMAND, 0, do_verity_load_state) + KEYWORD(verity_update_state, COMMAND, 0, do_verity_update_state) KEYWORD(wait, COMMAND, 1, do_wait) KEYWORD(write, COMMAND, 2, do_write) KEYWORD(copy, COMMAND, 2, do_copy)