remount: Treat disable verity error as fatal only if verity is enabled

If device doesn't enable AVB altogether, then it might not have a vbmeta partition at all. In this case, we shall ignore disable-verity errors. We still disable verity unconditionally to keep the logic simple, but we ignore any disable-verity error if AVB is not enabled in the first place. Bug: 241688845 Test: adb-remount-test on emulator Test: Test remount on yukawa Change-Id: Ifc763b3f0ca6989550c139a8c3a2308c9c2a7c3e
2022-11-22 15:01:31 +08:00 · 2022-11-22 15:01:31 +08:00 · b4a86eeb2f
parent 3fca6e72cf
commit b4a86eeb2f
2 changed files with 23 additions and 15 deletions
--- a/fs_mgr/fs_mgr_remount.cpp
+++ b/fs_mgr/fs_mgr_remount.cpp
@ -479,19 +479,24 @@ bool do_remount(Fstab& fstab, const std::vector<std::string>& partition_args,

    // Disable verity.
    auto verity_result = SetVerityState(false /* enable_verity */);
-    if (!verity_result.success) {
-        return false;
+
+    // Treat error as fatal and suggest reboot only if verity is enabled.
+    // TODO(b/260041315): We check the device mapper for any "<partition>-verity" device present
+    // instead of checking ro.boot.veritymode because emulator has incorrect property value.
+    bool must_disable_verity = false;
+    for (const auto& partition : partitions) {
+        if (fs_mgr_is_verity_enabled(partition)) {
+            must_disable_verity = true;
+            break;
+        }
    }
-    if (verity_result.want_reboot) {
-        // TODO(b/259207493): emulator has incorrect androidboot.veritymode value, causing
-        // .want_reboot to always be true. In order to workaround this, double check device mapper
-        // to see if verity is already disabled.
-        for (const auto& partition : partitions) {
-            if (fs_mgr_is_verity_enabled(partition)) {
-                check_result->reboot_later = true;
-                check_result->disabled_verity = true;
-                break;
-            }
+    if (must_disable_verity) {
+        if (!verity_result.success) {
+            return false;
+        }
+        if (verity_result.want_reboot) {
+            check_result->reboot_later = true;
+            check_result->disabled_verity = true;
        }
    }

--- a/fs_mgr/tests/adb-remount-test.sh
+++ b/fs_mgr/tests/adb-remount-test.sh
@ -1422,9 +1422,12 @@ LOG OK "/system/build.prop content remains after reboot"
 LOG RUN "flash vendor, and confirm vendor override disappears"

 is_bootloader_fastboot=true
-# cuttlefish?
-[[ "$(get_property ro.product.vendor.device)" == vsoc_* ]] &&
-  is_bootloader_fastboot=false
+# virtual device?
+case "$(get_property ro.product.vendor.device)" in
+  vsoc_* | emulator_* | emulator64_*)
+    is_bootloader_fastboot=false
+    ;;
+esac
 is_userspace_fastboot=false

 if ! ${is_bootloader_fastboot}; then