am d087e6f3: am 7a91e93e: am be940153: Merge "Revert "Revert "fs_mgr_verity: Add support for squashfs"""
* commit 'd087e6f3ff0f928fb1ad7e47e488a3345ab8a555': Revert "Revert "fs_mgr_verity: Add support for squashfs""
This commit is contained in:
commit
b09ef774fa
|
@ -8,8 +8,8 @@ LOCAL_SRC_FILES:= fs_mgr.c fs_mgr_verity.c fs_mgr_fstab.c
|
|||
LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
|
||||
|
||||
LOCAL_MODULE:= libfs_mgr
|
||||
LOCAL_STATIC_LIBRARIES := liblogwrap libmincrypt libext4_utils_static
|
||||
LOCAL_C_INCLUDES += system/extras/ext4_utils
|
||||
LOCAL_STATIC_LIBRARIES := liblogwrap libmincrypt libext4_utils_static libsquashfs_utils
|
||||
LOCAL_C_INCLUDES += system/extras/ext4_utils system/extras/squashfs_utils
|
||||
LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
|
||||
LOCAL_CFLAGS := -Werror
|
||||
|
||||
|
@ -34,7 +34,7 @@ LOCAL_FORCE_STATIC_EXECUTABLE := true
|
|||
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)/sbin
|
||||
LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED)
|
||||
|
||||
LOCAL_STATIC_LIBRARIES := libfs_mgr liblogwrap libcutils liblog libc libmincrypt libext4_utils_static
|
||||
LOCAL_STATIC_LIBRARIES := libfs_mgr liblogwrap libcutils liblog libc libmincrypt libext4_utils_static libsquashfs_utils
|
||||
LOCAL_CXX_STL := libc++_static
|
||||
|
||||
LOCAL_CFLAGS := -Werror
|
||||
|
|
|
@ -38,6 +38,7 @@
|
|||
#include "mincrypt/sha256.h"
|
||||
|
||||
#include "ext4_sb.h"
|
||||
#include "squashfs_utils.h"
|
||||
|
||||
#include "fs_mgr_priv.h"
|
||||
#include "fs_mgr_priv_verity.h"
|
||||
|
@ -140,7 +141,19 @@ out:
|
|||
return retval;
|
||||
}
|
||||
|
||||
static int get_target_device_size(char *blk_device, uint64_t *device_size)
|
||||
static int squashfs_get_target_device_size(char *blk_device, uint64_t *device_size)
|
||||
{
|
||||
struct squashfs_info sq_info;
|
||||
|
||||
if (squashfs_parse_sb(blk_device, &sq_info) >= 0) {
|
||||
*device_size = sq_info.bytes_used_4K_padded;
|
||||
return 0;
|
||||
} else {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
static int ext4_get_target_device_size(char *blk_device, uint64_t *device_size)
|
||||
{
|
||||
int data_device;
|
||||
struct ext4_super_block sb;
|
||||
|
@ -173,11 +186,29 @@ static int get_target_device_size(char *blk_device, uint64_t *device_size)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int read_verity_metadata(char *block_device, char **signature, char **table)
|
||||
static int get_fs_size(char *fs_type, char *blk_device, uint64_t *device_size) {
|
||||
if (!strcmp(fs_type, "ext4")) {
|
||||
if (ext4_get_target_device_size(blk_device, device_size) < 0) {
|
||||
ERROR("Failed to get ext4 fs size on %s.", blk_device);
|
||||
return -1;
|
||||
}
|
||||
} else if (!strcmp(fs_type, "squashfs")) {
|
||||
if (squashfs_get_target_device_size(blk_device, device_size) < 0) {
|
||||
ERROR("Failed to get squashfs fs size on %s.", blk_device);
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
ERROR("%s: Unsupported filesystem for verity.", fs_type);
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int read_verity_metadata(uint64_t device_size, char *block_device, char **signature,
|
||||
char **table)
|
||||
{
|
||||
unsigned magic_number;
|
||||
unsigned table_length;
|
||||
uint64_t device_length;
|
||||
int protocol_version;
|
||||
int device;
|
||||
int retval = FS_MGR_SETUP_VERITY_FAIL;
|
||||
|
@ -194,12 +225,7 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab
|
|||
goto out;
|
||||
}
|
||||
|
||||
// find the start of the verity metadata
|
||||
if (get_target_device_size(block_device, &device_length) < 0) {
|
||||
ERROR("Could not get target device size.\n");
|
||||
goto out;
|
||||
}
|
||||
if (TEMP_FAILURE_RETRY(lseek64(device, device_length, SEEK_SET)) < 0) {
|
||||
if (TEMP_FAILURE_RETRY(lseek64(device, device_size, SEEK_SET)) < 0) {
|
||||
ERROR("Could not seek to start of verity metadata block.\n");
|
||||
goto out;
|
||||
}
|
||||
|
@ -220,8 +246,7 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab
|
|||
#endif
|
||||
|
||||
if (magic_number != VERITY_METADATA_MAGIC_NUMBER) {
|
||||
ERROR("Couldn't find verity metadata at offset %"PRIu64"!\n",
|
||||
device_length);
|
||||
ERROR("Couldn't find verity metadata at offset %"PRIu64"!\n", device_size);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -330,17 +355,12 @@ static int get_verity_device_name(struct dm_ioctl *io, char *name, int fd, char
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int load_verity_table(struct dm_ioctl *io, char *name, char *blockdev, int fd, char *table,
|
||||
static int load_verity_table(struct dm_ioctl *io, char *name, uint64_t device_size, int fd, char *table,
|
||||
int mode)
|
||||
{
|
||||
char *verity_params;
|
||||
char *buffer = (char*) io;
|
||||
size_t bufsize;
|
||||
uint64_t device_size = 0;
|
||||
|
||||
if (get_target_device_size(blockdev, &device_size) < 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
verity_ioctl_init(io, name, DM_STATUS_TABLE_FLAG);
|
||||
|
||||
|
@ -665,10 +685,17 @@ static int compare_last_signature(struct fstab_rec *fstab, int *match)
|
|||
uint8_t curr[SHA256_DIGEST_SIZE];
|
||||
uint8_t prev[SHA256_DIGEST_SIZE];
|
||||
off64_t offset = 0;
|
||||
uint64_t device_size;
|
||||
|
||||
*match = 1;
|
||||
|
||||
if (read_verity_metadata(fstab->blk_device, &signature, NULL) < 0) {
|
||||
// get verity filesystem size
|
||||
if (get_fs_size(fstab->fs_type, fstab->blk_device, &device_size) < 0) {
|
||||
ERROR("Failed to get filesystem size\n");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (read_verity_metadata(device_size, fstab->blk_device, &signature, NULL) < 0) {
|
||||
ERROR("Failed to read verity signature from %s\n", fstab->mount_point);
|
||||
goto out;
|
||||
}
|
||||
|
@ -901,6 +928,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) {
|
|||
char *verity_blk_name = 0;
|
||||
char *verity_table = 0;
|
||||
char *verity_table_signature = 0;
|
||||
uint64_t device_size = 0;
|
||||
|
||||
_Alignas(struct dm_ioctl) char buffer[DM_BUF_SIZE];
|
||||
struct dm_ioctl *io = (struct dm_ioctl *) buffer;
|
||||
|
@ -910,16 +938,15 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) {
|
|||
io->flags |= 1;
|
||||
io->target_count = 1;
|
||||
|
||||
// check to ensure that the verity device is ext4
|
||||
// TODO: support non-ext4 filesystems
|
||||
if (strcmp(fstab->fs_type, "ext4")) {
|
||||
ERROR("Cannot verify non-ext4 device (%s)", fstab->fs_type);
|
||||
// get verity filesystem size
|
||||
if (get_fs_size(fstab->fs_type, fstab->blk_device, &device_size) < 0) {
|
||||
return retval;
|
||||
}
|
||||
|
||||
// read the verity block at the end of the block device
|
||||
// send error code up the chain so we can detect attempts to disable verity
|
||||
retval = read_verity_metadata(fstab->blk_device,
|
||||
retval = read_verity_metadata(device_size,
|
||||
fstab->blk_device,
|
||||
&verity_table_signature,
|
||||
&verity_table);
|
||||
if (retval < 0) {
|
||||
|
@ -964,7 +991,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) {
|
|||
INFO("Enabling dm-verity for %s (mode %d)\n", mount_point, mode);
|
||||
|
||||
// load the verity mapping table
|
||||
if (load_verity_table(io, mount_point, fstab->blk_device, fd, verity_table,
|
||||
if (load_verity_table(io, mount_point, device_size, fd, verity_table,
|
||||
mode) < 0) {
|
||||
goto out;
|
||||
}
|
||||
|
|
|
@ -58,6 +58,7 @@ LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED)
|
|||
LOCAL_STATIC_LIBRARIES := \
|
||||
libinit \
|
||||
libfs_mgr \
|
||||
libsquashfs_utils \
|
||||
liblogwrap \
|
||||
libcutils \
|
||||
libbase \
|
||||
|
|
Loading…
Reference in New Issue