summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBowgo Tsai <bowgotsai@google.com>2017-10-15 02:48:33 +0000
committerandroid-build-merger <android-build-merger@google.com>2017-10-15 02:48:33 +0000
commit6353d514e88bb1debd4de36b001e3debb55fa427 (patch)
tree333a5586ca2c0770c876f5a8d865e22db9ab9f27
parent604f61dcbd8755ce7db1ebf69c2affc6c1a1dacb (diff)
parentaf54c27e1b9d2b1d016cf721a2fcb991839ac203 (diff)
downloadcore-6353d514e88bb1debd4de36b001e3debb55fa427.tar.gz
core-6353d514e88bb1debd4de36b001e3debb55fa427.tar.bz2
core-6353d514e88bb1debd4de36b001e3debb55fa427.zip
Merge "fs_mgr: removing is_device_secure()"
am: af54c27e1b Change-Id: I22cac8bba9115765527b2c484b4ce9c15fe816cc
-rw-r--r--fs_mgr/Android.bp7
-rw-r--r--fs_mgr/fs_mgr.cpp8
-rw-r--r--fs_mgr/fs_mgr_priv.h1
-rw-r--r--fs_mgr/fs_mgr_verity.cpp9
4 files changed, 3 insertions, 22 deletions
diff --git a/fs_mgr/Android.bp b/fs_mgr/Android.bp
index 2f530efb4..5a6298e9b 100644
--- a/fs_mgr/Android.bp
+++ b/fs_mgr/Android.bp
@@ -56,7 +56,6 @@ cc_library_static {
"libfstab",
],
cppflags: [
- "-DALLOW_SKIP_SECURE_CHECK=0",
"-DALLOW_ADBD_DISABLE_VERITY=0",
],
product_variables: {
@@ -66,12 +65,6 @@ cc_library_static {
"-DALLOW_ADBD_DISABLE_VERITY=1",
],
},
- eng: {
- cppflags: [
- "-UALLOW_SKIP_SECURE_CHECK",
- "-DALLOW_SKIP_SECURE_CHECK=1",
- ],
- },
},
}
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index 25b671b14..4b94f9c97 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -773,10 +773,6 @@ static int handle_encryptable(const struct fstab_rec* rec)
}
}
-bool is_device_secure() {
- return android::base::GetBoolProperty("ro.secure", ALLOW_SKIP_SECURE_CHECK ? false : true);
-}
-
/* When multiple fstab records share the same mount_point, it will
* try to mount each one in turn, and ignore any duplicates after a
* first successful mount.
@@ -849,7 +845,7 @@ int fs_mgr_mount_all(struct fstab *fstab, int mount_mode)
/* Skips mounting the device. */
continue;
}
- } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) {
+ } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY)) {
int rc = fs_mgr_setup_verity(&fstab->recs[i], true);
if (__android_log_is_debuggable() &&
(rc == FS_MGR_SETUP_VERITY_DISABLED ||
@@ -1060,7 +1056,7 @@ int fs_mgr_do_mount(struct fstab *fstab, const char *n_name, char *n_blk_device,
/* Skips mounting the device. */
continue;
}
- } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) {
+ } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY)) {
int rc = fs_mgr_setup_verity(&fstab->recs[i], true);
if (__android_log_is_debuggable() &&
(rc == FS_MGR_SETUP_VERITY_DISABLED ||
diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h
index 0f62e18fd..724156d70 100644
--- a/fs_mgr/fs_mgr_priv.h
+++ b/fs_mgr/fs_mgr_priv.h
@@ -122,7 +122,6 @@ bool fs_mgr_update_for_slotselect(struct fstab *fstab);
bool fs_mgr_is_device_unlocked();
const std::string& get_android_dt_dir();
bool is_dt_compatible();
-bool is_device_secure();
int load_verity_state(struct fstab_rec* fstab, int* mode);
#endif /* __CORE_FS_MGR_PRIV_H */
diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp
index 7f8e1e213..896b60313 100644
--- a/fs_mgr/fs_mgr_verity.cpp
+++ b/fs_mgr/fs_mgr_verity.cpp
@@ -765,13 +765,6 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev)
const std::string mount_point(basename(fstab->mount_point));
bool verified_at_boot = false;
- // This is a public API and so deserves its own check to see if verity
- // setup is needed at all.
- if (!is_device_secure()) {
- LINFO << "Verity setup skipped for " << mount_point;
- return FS_MGR_SETUP_VERITY_SKIPPED;
- }
-
if (fec_open(&f, fstab->blk_device, O_RDONLY, FEC_VERITY_DISABLE,
FEC_DEFAULT_ROOTS) < 0) {
PERROR << "Failed to open '" << fstab->blk_device << "'";
@@ -792,7 +785,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev)
#ifdef ALLOW_ADBD_DISABLE_VERITY
if (verity.disabled) {
retval = FS_MGR_SETUP_VERITY_DISABLED;
- LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG";
+ LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG/ENG";
goto out;
}
#endif