openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

fs_mgr: move AVB related source into libfs_avb 

This CL also adds namespace android::fs_mgr and remove FsManager* prefix
for class names. Note that android::fs_mgr::FsManagerAvbOps will be removed
in later CLs when fs_mgr doesn't rely on libavb->avb_slot_verify() to
parse vbmeta structs.

Some lingering sources for by_name_symlink_map_ are also removed.

Bug: 112103720
Test: boot crosshatch_mainline-userdebug
Change-Id: I2d1a5cc39bcd5a699da8d5539f191d8c7737c4af
This commit is contained in:
Bowgo Tsai 2018-11-26 17:49:23 +08:00
parent 01011fee14
commit c1bc2813c9
10 changed files with 146 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
fs_mgr/Android.bp
View File

@ -42,8 +42,6 @@ cc_library {
"fs_mgr.cpp",
"fs_mgr_format.cpp",
"fs_mgr_verity.cpp",
"fs_mgr_avb.cpp",
"fs_mgr_avb_ops.cpp",
"fs_mgr_dm_linear.cpp",
"fs_mgr_overlayfs.cpp",
"fs_mgr_vendor_overlay.cpp",
@ -61,10 +59,12 @@ cc_library {
],
static_libs: [
"libavb",
"libfs_avb",
"libfstab",
"libdm",
],
export_static_lib_headers: [
"libfs_avb",
"libfstab",
"libdm",
],
@ -104,3 +104,28 @@ cc_library_static {
export_include_dirs: ["include_fstab"],
header_libs: ["libbase_headers"],
}
cc_library_static {
name: "libfs_avb",
defaults: ["fs_mgr_defaults"],
recovery_available: true,
export_include_dirs: ["libfs_avb/include"],
srcs: [
"libfs_avb/avb_ops.cpp",
"libfs_avb/fs_avb.cpp",
],
static_libs: [
"libavb",
"libfstab",
"libdm",
],
export_static_lib_headers: [
"libfstab",
],
shared_libs: [
"libcrypto",
],
header_libs: [
"libbase_headers",
],
}

22
fs_mgr/fs_mgr.cpp
View File

@ -34,6 +34,7 @@
#include <unistd.h>
#include <functional>
#include <map>
#include <memory>
#include <string>
#include <thread>
@ -53,6 +54,7 @@
#include <ext4_utils/ext4_sb.h>
#include <ext4_utils/ext4_utils.h>
#include <ext4_utils/wipe.h>
#include <fs_avb/fs_avb.h>
#include <fs_mgr_overlayfs.h>
#include <libdm/dm.h>
#include <liblp/metadata_format.h>
@ -62,7 +64,6 @@
#include <log/log_properties.h>
#include <logwrap/logwrap.h>
#include "fs_mgr_avb.h"
#include "fs_mgr_priv.h"
#define KEY_LOC_PROP "ro.crypto.keyfile.userdata"
@ -82,6 +83,9 @@
using android::dm::DeviceMapper;
using android::dm::DmDeviceState;
using android::fs_mgr::AvbHandle;
using android::fs_mgr::AvbHashtreeResult;
using android::fs_mgr::AvbUniquePtr;
// record fs stat
enum FsStatFlags {
@ -973,7 +977,7 @@ int fs_mgr_mount_all(fstab* fstab, int mount_mode) {
int mount_errno = 0;
int attempted_idx = -1;
CheckpointManager checkpoint_manager;
FsManagerAvbUniquePtr avb_handle(nullptr);
AvbUniquePtr avb_handle(nullptr);
if (!fstab) {
return FS_MGR_MNTALL_FAIL;
@ -1031,14 +1035,14 @@ int fs_mgr_mount_all(fstab* fstab, int mount_mode) {
if (fstab->recs[i].fs_mgr_flags & MF_AVB) {
if (!avb_handle) {
avb_handle = FsManagerAvbHandle::Open();
avb_handle = AvbHandle::Open();
if (!avb_handle) {
LERROR << "Failed to open FsManagerAvbHandle";
LERROR << "Failed to open AvbHandle";
return FS_MGR_MNTALL_FAIL;
}
}
if (avb_handle->SetUpAvbHashtree(&fstab->recs[i], true /* wait_for_verity_dev */) ==
SetUpAvbHashtreeResult::kFail) {
AvbHashtreeResult::kFail) {
LERROR << "Failed to set up AVB on partition: "
<< fstab->recs[i].mount_point << ", skipping!";
/* Skips mounting the device. */
@ -1232,7 +1236,7 @@ static int fs_mgr_do_mount_helper(fstab* fstab, const char* n_name, char* n_blk_
int first_mount_errno = 0;
char* mount_point;
CheckpointManager checkpoint_manager(needs_checkpoint);
FsManagerAvbUniquePtr avb_handle(nullptr);
AvbUniquePtr avb_handle(nullptr);
if (!fstab) {
return FS_MGR_DOMNT_FAILED;
@ -1275,14 +1279,14 @@ static int fs_mgr_do_mount_helper(fstab* fstab, const char* n_name, char* n_blk_
if (fstab->recs[i].fs_mgr_flags & MF_AVB) {
if (!avb_handle) {
avb_handle = FsManagerAvbHandle::Open();
avb_handle = AvbHandle::Open();
if (!avb_handle) {
LERROR << "Failed to open FsManagerAvbHandle";
LERROR << "Failed to open AvbHandle";
return FS_MGR_DOMNT_FAILED;
}
}
if (avb_handle->SetUpAvbHashtree(&fstab->recs[i], true /* wait_for_verity_dev */) ==
SetUpAvbHashtreeResult::kFail) {
AvbHashtreeResult::kFail) {
LERROR << "Failed to set up AVB on partition: "
<< fstab->recs[i].mount_point << ", skipping!";
/* Skips mounting the device. */

2
fs_mgr/fs_mgr_priv.h
View File

@ -21,8 +21,8 @@
#include <string>
#include <android-base/logging.h>
#include <fs_mgr.h>
#include "fs_mgr.h"
#include "fs_mgr_priv_boot_config.h"
/* The CHECK() in logging.h will use program invocation name as the tag.

18
fs_mgr/fs_mgr_avb_ops.cpp → fs_mgr/libfs_avb/avb_ops.cpp
View File

@ -22,7 +22,7 @@
* SOFTWARE.
*/
#include "fs_mgr_priv_avb_ops.h"
#include "avb_ops.h"
#include <errno.h>
#include <fcntl.h>
@ -37,15 +37,17 @@
#include <libavb/libavb.h>
#include <utils/Compat.h>
#include "fs_mgr.h"
#include "fs_mgr_priv.h"
using namespace std::literals;
namespace android {
namespace fs_mgr {
static AvbIOResult read_from_partition(AvbOps* ops, const char* partition, int64_t offset,
size_t num_bytes, void* buffer, size_t* out_num_read) {
return FsManagerAvbOps::GetInstanceFromAvbOps(ops)->ReadFromPartition(
partition, offset, num_bytes, buffer, out_num_read);
partition, offset, num_bytes, buffer, out_num_read);
}
static AvbIOResult dummy_read_rollback_index(AvbOps* ops ATTRIBUTE_UNUSED,
@ -58,9 +60,10 @@ static AvbIOResult dummy_read_rollback_index(AvbOps* ops ATTRIBUTE_UNUSED,
}
static AvbIOResult dummy_validate_vbmeta_public_key(
AvbOps* ops ATTRIBUTE_UNUSED, const uint8_t* public_key_data ATTRIBUTE_UNUSED,
size_t public_key_length ATTRIBUTE_UNUSED, const uint8_t* public_key_metadata ATTRIBUTE_UNUSED,
size_t public_key_metadata_length ATTRIBUTE_UNUSED, bool* out_is_trusted) {
AvbOps* ops ATTRIBUTE_UNUSED, const uint8_t* public_key_data ATTRIBUTE_UNUSED,
size_t public_key_length ATTRIBUTE_UNUSED,
const uint8_t* public_key_metadata ATTRIBUTE_UNUSED,
size_t public_key_metadata_length ATTRIBUTE_UNUSED, bool* out_is_trusted) {
// vbmeta public key has been checked in bootloader phase.
// In user-space, returns true to pass the check.
//
@ -178,3 +181,6 @@ AvbSlotVerifyResult FsManagerAvbOps::AvbSlotVerify(const std::string& ab_suffix,
return avb_slot_verify(&avb_ops_, requested_partitions, ab_suffix.c_str(), flags,
AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, out_data);
}
} // namespace fs_mgr
} // namespace android

14
fs_mgr/fs_mgr_priv_avb_ops.h → fs_mgr/libfs_avb/avb_ops.h
View File

@ -22,15 +22,14 @@
* SOFTWARE.
*/
#ifndef __CORE_FS_MGR_PRIV_AVB_OPS_H
#define __CORE_FS_MGR_PRIV_AVB_OPS_H
#pragma once
#include <map>
#include <string>
#include <libavb/libavb.h>
#include "fs_mgr.h"
namespace android {
namespace fs_mgr {
// This class provides C++ bindings to interact with libavb, a small
// self-contained piece of code that's intended to be used in bootloaders.
@ -42,7 +41,7 @@
// read and verify the metadata and store it into the out_data parameter.
// The caller MUST check the integrity of metadata against the
// androidboot.vbmeta.{hash_alg, size, digest} values from /proc/cmdline.
// e.g., see class FsManagerAvbVerifier for more details.
// e.g., see class AvbVerifier for more details.
//
class FsManagerAvbOps {
public:
@ -60,6 +59,7 @@ class FsManagerAvbOps {
private:
AvbOps avb_ops_;
std::map<std::string, std::string> by_name_symlink_map_;
};
#endif /* __CORE_FS_MGR_PRIV_AVB_OPS_H */
} // namespace fs_mgr
} // namespace android

85
fs_mgr/fs_mgr_avb.cpp → fs_mgr/libfs_avb/fs_avb.cpp
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
#include "fs_mgr_avb.h"
#include "fs_avb/fs_avb.h"
#include <fcntl.h>
#include <libgen.h>
@ -35,10 +35,12 @@
#include <libavb/libavb.h>
#include <libdm/dm.h>
#include "fs_mgr.h"
#include "avb_ops.h"
#include "fs_mgr_priv.h"
#include "fs_mgr_priv_avb_ops.h"
#include "fs_mgr_priv_sha.h"
#include "sha.h"
namespace android {
namespace fs_mgr {
static inline bool nibble_value(const char& c, uint8_t* value) {
FS_MGR_CHECK(value != nullptr);
@ -117,14 +119,14 @@ static std::pair<size_t, bool> verify_vbmeta_digest(const AvbSlotVerifyData& ver
// - androidboot.vbmeta.hash_alg
// - androidboot.vbmeta.size
// - androidboot.vbmeta.digest
class FsManagerAvbVerifier {
class AvbVerifier {
public:
// The factory method to return a unique_ptr<FsManagerAvbVerifier>
static std::unique_ptr<FsManagerAvbVerifier> Create();
// The factory method to return a unique_ptr<AvbVerifier>
static std::unique_ptr<AvbVerifier> Create();
bool VerifyVbmetaImages(const AvbSlotVerifyData& verify_data);
protected:
FsManagerAvbVerifier() = default;
AvbVerifier() = default;
private:
enum HashAlgorithm {
@ -138,10 +140,10 @@ class FsManagerAvbVerifier {
size_t vbmeta_size_;
};
std::unique_ptr<FsManagerAvbVerifier> FsManagerAvbVerifier::Create() {
std::unique_ptr<FsManagerAvbVerifier> avb_verifier(new FsManagerAvbVerifier());
std::unique_ptr<AvbVerifier> AvbVerifier::Create() {
std::unique_ptr<AvbVerifier> avb_verifier(new AvbVerifier());
if (!avb_verifier) {
LERROR << "Failed to create unique_ptr<FsManagerAvbVerifier>";
LERROR << "Failed to create unique_ptr<AvbVerifier>";
return nullptr;
}
@ -184,7 +186,7 @@ std::unique_ptr<FsManagerAvbVerifier> FsManagerAvbVerifier::Create() {
return avb_verifier;
}
bool FsManagerAvbVerifier::VerifyVbmetaImages(const AvbSlotVerifyData& verify_data) {
bool AvbVerifier::VerifyVbmetaImages(const AvbSlotVerifyData& verify_data) {
if (verify_data.num_vbmeta_images == 0) {
LERROR << "No vbmeta images";
return false;
@ -195,10 +197,10 @@ bool FsManagerAvbVerifier::VerifyVbmetaImages(const AvbSlotVerifyData& verify_da
if (hash_alg_ == kSHA256) {
std::tie(total_size, digest_matched) =
verify_vbmeta_digest<SHA256Hasher>(verify_data, digest_);
verify_vbmeta_digest<SHA256Hasher>(verify_data, digest_);
} else if (hash_alg_ == kSHA512) {
std::tie(total_size, digest_matched) =
verify_vbmeta_digest<SHA512Hasher>(verify_data, digest_);
verify_vbmeta_digest<SHA512Hasher>(verify_data, digest_);
}
if (total_size != vbmeta_size_) {
@ -268,7 +270,8 @@ static bool hashtree_dm_verity_setup(struct fstab_rec* fstab_entry,
const std::string& salt, const std::string& root_digest,
bool wait_for_verity_dev) {
android::dm::DmTable table;
if (!construct_verity_table(hashtree_desc, salt, root_digest, fstab_entry->blk_device, &table) ||
if (!construct_verity_table(hashtree_desc, salt, root_digest, fstab_entry->blk_device,
&table) ||
!table.valid()) {
LERROR << "Failed to construct verity table.";
return false;
@ -314,9 +317,9 @@ static bool get_hashtree_descriptor(const std::string& partition_name,
// Get descriptors from vbmeta_images[i].
size_t num_descriptors;
std::unique_ptr<const AvbDescriptor* [], decltype(&avb_free)> descriptors(
avb_descriptor_get_all(verify_data.vbmeta_images[i].vbmeta_data,
verify_data.vbmeta_images[i].vbmeta_size, &num_descriptors),
avb_free);
avb_descriptor_get_all(verify_data.vbmeta_images[i].vbmeta_data,
verify_data.vbmeta_images[i].vbmeta_size, &num_descriptors),
avb_free);
if (!descriptors || num_descriptors < 1) {
continue;
@ -329,9 +332,10 @@ static bool get_hashtree_descriptor(const std::string& partition_name,
continue;
}
if (desc.tag == AVB_DESCRIPTOR_TAG_HASHTREE) {
desc_partition_name = (const uint8_t*)descriptors[j] + sizeof(AvbHashtreeDescriptor);
desc_partition_name =
(const uint8_t*)descriptors[j] + sizeof(AvbHashtreeDescriptor);
if (!avb_hashtree_descriptor_validate_and_byteswap(
(AvbHashtreeDescriptor*)descriptors[j], out_hashtree_desc)) {
(AvbHashtreeDescriptor*)descriptors[j], out_hashtree_desc)) {
continue;
}
if (out_hashtree_desc->partition_name_len != partition_name.length()) {
@ -361,12 +365,12 @@ static bool get_hashtree_descriptor(const std::string& partition_name,
return true;
}
FsManagerAvbUniquePtr FsManagerAvbHandle::Open() {
AvbUniquePtr AvbHandle::Open() {
bool is_device_unlocked = fs_mgr_is_device_unlocked();
FsManagerAvbUniquePtr avb_handle(new FsManagerAvbHandle());
AvbUniquePtr avb_handle(new AvbHandle());
if (!avb_handle) {
LERROR << "Failed to allocate FsManagerAvbHandle";
LERROR << "Failed to allocate AvbHandle";
return nullptr;
}
@ -406,7 +410,7 @@ FsManagerAvbUniquePtr FsManagerAvbHandle::Open() {
// Sets the MAJOR.MINOR for init to set it into "ro.boot.avb_version".
avb_handle->avb_version_ =
android::base::StringPrintf("%d.%d", AVB_VERSION_MAJOR, AVB_VERSION_MINOR);
android::base::StringPrintf("%d.%d", AVB_VERSION_MAJOR, AVB_VERSION_MINOR);
// Checks whether FLAGS_VERIFICATION_DISABLED is set:
// - Only the top-level vbmeta struct is read.
@ -414,18 +418,18 @@ FsManagerAvbUniquePtr FsManagerAvbHandle::Open() {
// and AVB HASHTREE descriptor(s).
AvbVBMetaImageHeader vbmeta_header;
avb_vbmeta_image_header_to_host_byte_order(
(AvbVBMetaImageHeader*)avb_handle->avb_slot_data_->vbmeta_images[0].vbmeta_data,
&vbmeta_header);
bool verification_disabled =
((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED);
(AvbVBMetaImageHeader*)avb_handle->avb_slot_data_->vbmeta_images[0].vbmeta_data,
&vbmeta_header);
bool verification_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags &
AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED);
if (verification_disabled) {
avb_handle->status_ = kAvbHandleVerificationDisabled;
} else {
// Verifies vbmeta structs against the digest passed from bootloader in kernel cmdline.
std::unique_ptr<FsManagerAvbVerifier> avb_verifier = FsManagerAvbVerifier::Create();
std::unique_ptr<AvbVerifier> avb_verifier = AvbVerifier::Create();
if (!avb_verifier) {
LERROR << "Failed to create FsManagerAvbVerifier";
LERROR << "Failed to create AvbVerifier";
return nullptr;
}
if (!avb_verifier->VerifyVbmetaImages(*avb_handle->avb_slot_data_)) {
@ -434,8 +438,8 @@ FsManagerAvbUniquePtr FsManagerAvbHandle::Open() {
}
// Checks whether FLAGS_HASHTREE_DISABLED is set.
bool hashtree_disabled =
((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED);
bool hashtree_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags &
AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED);
if (hashtree_disabled) {
avb_handle->status_ = kAvbHandleHashtreeDisabled;
}
@ -445,16 +449,16 @@ FsManagerAvbUniquePtr FsManagerAvbHandle::Open() {
return avb_handle;
}
SetUpAvbHashtreeResult FsManagerAvbHandle::SetUpAvbHashtree(struct fstab_rec* fstab_entry,
bool wait_for_verity_dev) {
AvbHashtreeResult AvbHandle::SetUpAvbHashtree(struct fstab_rec* fstab_entry,
bool wait_for_verity_dev) {
if (!fstab_entry || status_ == kAvbHandleUninitialized || !avb_slot_data_ ||
avb_slot_data_->num_vbmeta_images < 1) {
return SetUpAvbHashtreeResult::kFail;
return AvbHashtreeResult::kFail;
}
if (status_ == kAvbHandleHashtreeDisabled || status_ == kAvbHandleVerificationDisabled) {
LINFO << "AVB HASHTREE disabled on: " << fstab_entry->mount_point;
return SetUpAvbHashtreeResult::kDisabled;
return AvbHashtreeResult::kDisabled;
}
// Derives partition_name from blk_device to query the corresponding AVB HASHTREE descriptor
@ -478,14 +482,17 @@ SetUpAvbHashtreeResult FsManagerAvbHandle::SetUpAvbHashtree(struct fstab_rec* fs
std::string root_digest;
if (!get_hashtree_descriptor(partition_name, *avb_slot_data_, &hashtree_descriptor, &salt,
&root_digest)) {
return SetUpAvbHashtreeResult::kFail;
return AvbHashtreeResult::kFail;
}
// Converts HASHTREE descriptor to verity_table_params.
if (!hashtree_dm_verity_setup(fstab_entry, hashtree_descriptor, salt, root_digest,
wait_for_verity_dev)) {
return SetUpAvbHashtreeResult::kFail;
return AvbHashtreeResult::kFail;
}
return SetUpAvbHashtreeResult::kSuccess;
return AvbHashtreeResult::kSuccess;
}
} // namespace fs_mgr
} // namespace android

41
fs_mgr/include/fs_mgr_avb.h → fs_mgr/libfs_avb/include/fs_avb/fs_avb.h
View File

@ -14,18 +14,18 @@
* limitations under the License.
*/
#ifndef __CORE_FS_MGR_AVB_H
#define __CORE_FS_MGR_AVB_H
#pragma once
#include <map>
#include <memory>
#include <string>
#include <fstab/fstab.h>
#include <libavb/libavb.h>
#include "fs_mgr.h"
namespace android {
namespace fs_mgr {
enum class SetUpAvbHashtreeResult {
enum class AvbHashtreeResult {
kSuccess = 0,
kFail,
kDisabled,
@ -33,17 +33,15 @@ enum class SetUpAvbHashtreeResult {
class FsManagerAvbOps;
class FsManagerAvbHandle;
using FsManagerAvbUniquePtr = std::unique_ptr<FsManagerAvbHandle>;
using ByNameSymlinkMap = std::map<std::string, std::string>;
class AvbHandle;
using AvbUniquePtr = std::unique_ptr<AvbHandle>;
// Provides a factory method to return a unique_ptr pointing to itself and the
// SetUpAvbHashtree() function to extract dm-verity parameters from AVB HASHTREE
// descriptors to load verity table into kernel through ioctl.
class FsManagerAvbHandle {
class AvbHandle {
public:
// The factory method to return a FsManagerAvbUniquePtr that holds
// The factory method to return a AvbUniquePtr that holds
// the verified AVB (external/avb) metadata of all verified partitions
// in avb_slot_data_.vbmeta_images[].
//
@ -51,7 +49,7 @@ class FsManagerAvbHandle {
// - androidboot.vbmeta.{hash_alg, size, digest}.
//
// A typical usage will be:
// - FsManagerAvbUniquePtr handle = FsManagerAvbHandle::Open();
// - AvbUniquePtr handle = AvbHandle::Open();
//
// Possible return values:
// - nullptr: any error when reading and verifying the metadata,
@ -75,7 +73,7 @@ class FsManagerAvbHandle {
// - a valid unique_ptr with status kAvbHandleSuccess: the metadata
// is verified and can be trusted.
//
static FsManagerAvbUniquePtr Open();
static AvbUniquePtr Open();
// Sets up dm-verity on the given fstab entry.
// The 'wait_for_verity_dev' parameter makes this function wait for the
@ -87,17 +85,17 @@ class FsManagerAvbHandle {
// failed to get the HASHTREE descriptor, runtime error when set up
// device-mapper, etc.
// - kDisabled: hashtree is disabled.
SetUpAvbHashtreeResult SetUpAvbHashtree(fstab_rec* fstab_entry, bool wait_for_verity_dev);
AvbHashtreeResult SetUpAvbHashtree(fstab_rec* fstab_entry, bool wait_for_verity_dev);
const std::string& avb_version() const { return avb_version_; }
FsManagerAvbHandle(const FsManagerAvbHandle&) = delete; // no copy
FsManagerAvbHandle& operator=(const FsManagerAvbHandle&) = delete; // no assignment
AvbHandle(const AvbHandle&) = delete; // no copy
AvbHandle& operator=(const AvbHandle&) = delete; // no assignment
FsManagerAvbHandle(FsManagerAvbHandle&&) noexcept = delete; // no move
FsManagerAvbHandle& operator=(FsManagerAvbHandle&&) noexcept = delete; // no move assignment
AvbHandle(AvbHandle&&) noexcept = delete; // no move
AvbHandle& operator=(AvbHandle&&) noexcept = delete; // no move assignment
~FsManagerAvbHandle() {
~AvbHandle() {
if (avb_slot_data_) {
avb_slot_verify_data_free(avb_slot_data_);
}
@ -112,11 +110,12 @@ class FsManagerAvbHandle {
kAvbHandleVerificationError,
};
FsManagerAvbHandle() : avb_slot_data_(nullptr), status_(kAvbHandleUninitialized) {}
AvbHandle() : avb_slot_data_(nullptr), status_(kAvbHandleUninitialized) {}
AvbSlotVerifyData* avb_slot_data_;
AvbHandleStatus status_;
std::string avb_version_;
};
#endif /* __CORE_FS_MGR_AVB_H */
} // namespace fs_mgr
} // namespace android

9
fs_mgr/fs_mgr_priv_sha.h → fs_mgr/libfs_avb/sha.h
View File

@ -14,11 +14,13 @@
* limitations under the License.
*/
#ifndef __CORE_FS_MGR_PRIV_SHA_H
#define __CORE_FS_MGR_PRIV_SHA_H
#pragma once
#include <openssl/sha.h>
namespace android {
namespace fs_mgr {
class SHA256Hasher {
private:
SHA256_CTX sha256_ctx;
@ -59,4 +61,5 @@ class SHA512Hasher {
}
};
#endif /* __CORE_FS_MGR_PRIV_SHA_H */
} // namespace fs_mgr
} // namespace android

1
init/Android.mk
View File

@ -67,6 +67,7 @@ LOCAL_POST_INSTALL_CMD := \
$(TARGET_RAMDISK_OUT)/sys \
LOCAL_STATIC_LIBRARIES := \
libfs_avb \
libfs_mgr \
libfec \
libfec_rs \

23
init/first_stage_mount.cpp
View File

@ -30,8 +30,8 @@
#include <android-base/file.h>
#include <android-base/logging.h>
#include <android-base/strings.h>
#include <fs_avb/fs_avb.h>
#include <fs_mgr.h>
#include <fs_mgr_avb.h>
#include <fs_mgr_dm_linear.h>
#include <fs_mgr_overlayfs.h>
#include <liblp/liblp.h>
@ -43,6 +43,9 @@
#include "util.h"
using android::base::Timer;
using android::fs_mgr::AvbHandle;
using android::fs_mgr::AvbHashtreeResult;
using android::fs_mgr::AvbUniquePtr;
using namespace std::literals;
@ -113,7 +116,7 @@ class FirstStageMountVBootV2 : public FirstStageMount {
bool InitAvbHandle();
std::string device_tree_vbmeta_parts_;
FsManagerAvbUniquePtr avb_handle_;
AvbUniquePtr avb_handle_;
};
// Static Functions
@ -547,12 +550,12 @@ bool FirstStageMountVBootV2::GetDmVerityDevices() {
bool FirstStageMountVBootV2::SetUpDmVerity(fstab_rec* fstab_rec) {
if (fs_mgr_is_avb(fstab_rec)) {
if (!InitAvbHandle()) return false;
SetUpAvbHashtreeResult hashtree_result =
AvbHashtreeResult hashtree_result =
avb_handle_->SetUpAvbHashtree(fstab_rec, false /* wait_for_verity_dev */);
switch (hashtree_result) {
case SetUpAvbHashtreeResult::kDisabled:
case AvbHashtreeResult::kDisabled:
return true; // Returns true to mount the partition.
case SetUpAvbHashtreeResult::kSuccess:
case AvbHashtreeResult::kSuccess:
// The exact block device name (fstab_rec->blk_device) is changed to
// "/dev/block/dm-XX". Needs to create it because ueventd isn't started in init
// first stage.
@ -567,10 +570,10 @@ bool FirstStageMountVBootV2::SetUpDmVerity(fstab_rec* fstab_rec) {
bool FirstStageMountVBootV2::InitAvbHandle() {
if (avb_handle_) return true; // Returns true if the handle is already initialized.
avb_handle_ = FsManagerAvbHandle::Open();
avb_handle_ = AvbHandle::Open();
if (!avb_handle_) {
PLOG(ERROR) << "Failed to open FsManagerAvbHandle";
PLOG(ERROR) << "Failed to open AvbHandle";
return false;
}
// Sets INIT_AVB_VERSION here for init to set ro.boot.avb_version in the second stage.
@ -607,7 +610,7 @@ void SetInitAvbVersionInRecovery() {
return;
}
// Initializes required devices for the subsequent FsManagerAvbHandle::Open()
// Initializes required devices for the subsequent AvbHandle::Open()
// to verify AVB metadata on all partitions in the verified chain.
// We only set INIT_AVB_VERSION when the AVB verification succeeds, i.e., the
// Open() function returns a valid handle.
@ -618,9 +621,9 @@ void SetInitAvbVersionInRecovery() {
return;
}
FsManagerAvbUniquePtr avb_handle = FsManagerAvbHandle::Open();
AvbUniquePtr avb_handle = AvbHandle::Open();
if (!avb_handle) {
PLOG(ERROR) << "Failed to open FsManagerAvbHandle for INIT_AVB_VERSION";
PLOG(ERROR) << "Failed to open AvbHandle for INIT_AVB_VERSION";
return;
}
setenv("INIT_AVB_VERSION", avb_handle->avb_version().c_str(), 1);