pa-fazil
/
android_system_core
mirror of https://github.com/fazilsheik96/android_system_core.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Expose system property for dm-verity check_at_most_once 

Allow us to check if check_at_most_once is set for any partitions.

This property should be false for any device with a reasonable amount of
RAM and a modern CPU. Enabling check_at_most_once violates AVB best
practices, it should only be allowed on performance limited devices.

Bug: 253033920
Test: Ensure that avbHashtreeNotUsingSha1 CTS test still passes
    and that partition.system.verified.check_at_most_once is set.
Change-Id: I8174adf81111cc0df547ea01f81b0dfaca32631f
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
This commit is contained in:
Nathan Huckleberry 2022-10-21 20:55:49 +00:00
parent 8f6fcd19af
commit 997d738dda
3 changed files with 11 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
fs_mgr/fs_mgr.cpp
View File

@ -2191,36 +2191,22 @@ std::optional<HashtreeInfo> fs_mgr_get_hashtree_info(const android::fs_mgr::Fsta
std::vector<std::string> tokens = android::base::Split(target.data, " \t\r\n"); std::vector<std::string> tokens = android::base::Split(target.data, " \t\r\n");
if (tokens[0] != "0" && tokens[0] != "1") { if (tokens[0] != "0" && tokens[0] != "1") {
LOG(WARNING) << "Unrecognized device mapper version in " << target.data; LOG(WARNING) << "Unrecognized device mapper version in " << target.data;
return {};
} }
// Hashtree algorithm & root digest are the 8th & 9th token in the output. // Hashtree algorithm & root digest are the 8th & 9th token in the output.
return HashtreeInfo{.algorithm = android::base::Trim(tokens[7]), return HashtreeInfo{
.root_digest = android::base::Trim(tokens[8])}; .algorithm = android::base::Trim(tokens[7]),
.root_digest = android::base::Trim(tokens[8]),
.check_at_most_once = target.data.find("check_at_most_once") != std::string::npos};
} }
return {}; return {};
} }
bool fs_mgr_verity_is_check_at_most_once(const android::fs_mgr::FstabEntry& entry) { bool fs_mgr_verity_is_check_at_most_once(const android::fs_mgr::FstabEntry& entry) {
if (!entry.fs_mgr_flags.avb) { auto hashtree_info = fs_mgr_get_hashtree_info(entry);
return false; if (!hashtree_info) return false;
} return hashtree_info->check_at_most_once;
DeviceMapper& dm = DeviceMapper::Instance();
std::string device = GetVerityDeviceName(entry);
std::vector<DeviceMapper::TargetInfo> table;
if (dm.GetState(device) == DmDeviceState::INVALID || !dm.GetTableInfo(device, &table)) {
return false;
}
for (const auto& target : table) {
if (strcmp(target.spec.target_type, "verity") == 0 &&
target.data.find("check_at_most_once") != std::string::npos) {
return true;
}
}
return false;
} }
std::string fs_mgr_get_super_partition_name(int slot) { std::string fs_mgr_get_super_partition_name(int slot) {

2
fs_mgr/include/fs_mgr.h
View File

@ -71,6 +71,8 @@ struct HashtreeInfo {
std::string algorithm; std::string algorithm;
// The root digest of the merkle tree. // The root digest of the merkle tree.
std::string root_digest; std::string root_digest;
// If check_at_most_once is enabled.
bool check_at_most_once;
}; };
// fs_mgr_mount_all() updates fstab entries that reference device-mapper. // fs_mgr_mount_all() updates fstab entries that reference device-mapper.

2
init/builtins.cpp
View File

@ -879,6 +879,8 @@ static Result<void> do_verity_update_state(const BuiltinArguments& args) {
SetProperty("partition." + partition + ".verified.hash_alg", hashtree_info->algorithm); SetProperty("partition." + partition + ".verified.hash_alg", hashtree_info->algorithm);
SetProperty("partition." + partition + ".verified.root_digest", SetProperty("partition." + partition + ".verified.root_digest",
hashtree_info->root_digest); hashtree_info->root_digest);
SetProperty("partition." + partition + ".verified.check_at_most_once",
hashtree_info->check_at_most_once ? "1" : "0");
} }
} }