From e9da79bd4466d5bf0d445b90915a9f18942fc7fe Mon Sep 17 00:00:00 2001 From: Sandeep Patil Date: Thu, 16 Feb 2017 18:13:38 -0800 Subject: [PATCH] init: early_mount: create device node for verity metadata partition Most devices pass the veritymode through 'androidboot.veritymode' kernel cmdline partition. However, for those who don't, the verity state is read from a different block device whose path it passed to "verify=" fs_mgr option in fstab. This change add support for such a case if the partition that needs to be mounted early requires this additional block device to load the verity state from. Note that, there can only be 1 partition to get the verity state regardless of the number of partitions we enable verity for. Bug: 27805372 Test: Test angler by removing the metdata argument in fstab when it boots fine. Tested by adding the argument when it fails to boot as veritymode gets set to EIO during early mount due to lack of access to properties as expected. TODO: fs_mgr must pull the veritymode from kernel cmdline or device tree by itself Change-Id: I9e62b8c1bf2c0ae0365677df697a0cbe9e5810c1 Signed-off-by: Sandeep Patil --- init/init.cpp | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/init/init.cpp b/init/init.cpp index 2399f5c6f..05f2cfd66 100644 --- a/init/init.cpp +++ b/init/init.cpp @@ -791,6 +791,8 @@ static bool early_mount() { } // find out fstab records for odm, system and vendor + // TODO: add std::map so all required information about + // them can be gathered at once in a single loop fstab_rec* odm_rec = fs_mgr_get_entry_for_mount_point(tab.get(), "/odm"); fstab_rec* system_rec = fs_mgr_get_entry_for_mount_point(tab.get(), "/system"); fstab_rec* vendor_rec = fs_mgr_get_entry_for_mount_point(tab.get(), "/vendor"); @@ -811,9 +813,29 @@ static bool early_mount() { bool is_ab = ((odm_rec && fs_mgr_is_slotselect(odm_rec)) || (system_rec && fs_mgr_is_slotselect(system_rec)) || (vendor_rec && fs_mgr_is_slotselect(vendor_rec))); + + // check for verified partitions + bool need_verity = ((odm_rec && fs_mgr_is_verified(odm_rec)) || + (system_rec && fs_mgr_is_verified(system_rec)) || + (vendor_rec && fs_mgr_is_verified(vendor_rec))); + + // check if verity metadata is on a separate partition and get partition + // name from the end of the ->verity_loc path. verity state is not partition + // specific, so there must be only 1 additional partition that carries + // verity state. + std::string meta_partition; + if (odm_rec && odm_rec->verity_loc) { + meta_partition = basename(odm_rec->verity_loc); + } else if (system_rec && system_rec->verity_loc) { + meta_partition = basename(system_rec->verity_loc); + } else if (vendor_rec && vendor_rec->verity_loc) { + meta_partition = basename(vendor_rec->verity_loc); + } + bool found_odm = !odm_rec; bool found_system = !system_rec; bool found_vendor = !vendor_rec; + bool found_meta = meta_partition.empty(); int count_odm = 0, count_vendor = 0, count_system = 0; // create the devices we need.. @@ -863,6 +885,10 @@ static bool early_mount() { found_vendor = true; } + create_this_node = true; + } else if (!found_meta && (meta_partition == uevent->partition_name)) { + LOG(VERBOSE) << "early_mount: found (" << uevent->partition_name << ") partition"; + found_meta = true; create_this_node = true; } } @@ -871,7 +897,7 @@ static bool early_mount() { // node and stop coldboot. If this is a prefix matched // partition, create device node and continue. For everything // else skip the device node - if (found_odm && found_system && found_vendor) { + if (found_meta && found_odm && found_system && found_vendor) { ret = COLDBOOT_STOP; } else if (create_this_node) { ret = COLDBOOT_CREATE; @@ -882,10 +908,6 @@ static bool early_mount() { return ret; }); - // check for verified partitions - bool need_verity = ((odm_rec && fs_mgr_is_verified(odm_rec)) || - (system_rec && fs_mgr_is_verified(system_rec)) || - (vendor_rec && fs_mgr_is_verified(vendor_rec))); if (need_verity) { // create /dev/device mapper device_init("/sys/devices/virtual/misc/device-mapper",