From f4d345c5ee46f18e7bde3bdaa39f0af0b594b5d4 Mon Sep 17 00:00:00 2001 From: Howard Chen Date: Fri, 7 Feb 2020 12:17:41 +0800 Subject: [PATCH] Add a switch to enforce avb for DSU in userdebug Bug: 148997664 Test: adb root && adb shell touch /metadata/gsi/dsu/avb_enforce Change-Id: I5308fa1ae3ca32ee49575fdc52475ad67d51c176 --- fs_mgr/libfs_avb/Android.bp | 1 + fs_mgr/libfs_avb/fs_avb.cpp | 31 ++++++++++++++++++++++--------- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/fs_mgr/libfs_avb/Android.bp b/fs_mgr/libfs_avb/Android.bp index bf51fe756..8fb969701 100644 --- a/fs_mgr/libfs_avb/Android.bp +++ b/fs_mgr/libfs_avb/Android.bp @@ -31,6 +31,7 @@ cc_library_static { static_libs: [ "libavb", "libdm", + "libgsi", "libfstab", ], export_static_lib_headers: [ diff --git a/fs_mgr/libfs_avb/fs_avb.cpp b/fs_mgr/libfs_avb/fs_avb.cpp index 50de42c06..1297cf900 100644 --- a/fs_mgr/libfs_avb/fs_avb.cpp +++ b/fs_mgr/libfs_avb/fs_avb.cpp @@ -33,6 +33,7 @@ #include #include #include +#include #include "avb_ops.h" #include "avb_util.h" @@ -266,6 +267,18 @@ AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta( return avb_handle; } +static bool IsAvbPermissive() { + if (IsDeviceUnlocked()) { + // Manually putting a file under metadata partition can enforce AVB verification. + if (!access(DSU_METADATA_PREFIX "avb_enforce", F_OK)) { + LINFO << "Enforcing AVB verification when the device is unlocked"; + return false; + } + return true; + } + return false; +} + AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta(const FstabEntry& fstab_entry, const std::vector& preload_avb_key_blobs) { // At least one of the following should be provided for public key matching. @@ -275,7 +288,7 @@ AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta(const FstabEntry& fstab_entry, } // Binds allow_verification_error and rollback_protection to device unlock state. - bool allow_verification_error = IsDeviceUnlocked(); + bool allow_verification_error = IsAvbPermissive(); bool rollback_protection = !allow_verification_error; std::string public_key_data; @@ -364,15 +377,15 @@ AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta() { return LoadAndVerifyVbmeta("vbmeta", fs_mgr_get_slot_suffix(), fs_mgr_get_other_slot_suffix(), {} /* expected_public_key, already checked by bootloader */, HashAlgorithm::kSHA256, - IsDeviceUnlocked(), /* allow_verification_error */ - true, /* load_chained_vbmeta */ + IsAvbPermissive(), /* allow_verification_error */ + true, /* load_chained_vbmeta */ false, /* rollback_protection, already checked by bootloader */ nullptr /* custom_device_path */); } // TODO(b/128807537): removes this function. AvbUniquePtr AvbHandle::Open() { - bool is_device_unlocked = IsDeviceUnlocked(); + bool allow_verification_error = IsAvbPermissive(); AvbUniquePtr avb_handle(new AvbHandle()); if (!avb_handle) { @@ -381,8 +394,9 @@ AvbUniquePtr AvbHandle::Open() { } FsManagerAvbOps avb_ops; - AvbSlotVerifyFlags flags = is_device_unlocked ? AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR - : AVB_SLOT_VERIFY_FLAGS_NONE; + AvbSlotVerifyFlags flags = allow_verification_error + ? AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR + : AVB_SLOT_VERIFY_FLAGS_NONE; AvbSlotVerifyResult verify_result = avb_ops.AvbSlotVerify(fs_mgr_get_slot_suffix(), flags, &avb_handle->vbmeta_images_); @@ -405,9 +419,8 @@ AvbUniquePtr AvbHandle::Open() { break; case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED: - if (!is_device_unlocked) { - LERROR << "ERROR_VERIFICATION / PUBLIC_KEY_REJECTED isn't allowed " - << "if the device is LOCKED"; + if (!allow_verification_error) { + LERROR << "ERROR_VERIFICATION / PUBLIC_KEY_REJECTED isn't allowed "; return nullptr; } avb_handle->status_ = AvbHandleStatus::kVerificationError;