diff options
author | Bowgo Tsai <bowgotsai@google.com> | 2017-10-15 02:48:33 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-10-15 02:48:33 +0000 |
commit | 6353d514e88bb1debd4de36b001e3debb55fa427 (patch) | |
tree | 333a5586ca2c0770c876f5a8d865e22db9ab9f27 | |
parent | 604f61dcbd8755ce7db1ebf69c2affc6c1a1dacb (diff) | |
parent | af54c27e1b9d2b1d016cf721a2fcb991839ac203 (diff) | |
download | core-6353d514e88bb1debd4de36b001e3debb55fa427.tar.gz core-6353d514e88bb1debd4de36b001e3debb55fa427.tar.bz2 core-6353d514e88bb1debd4de36b001e3debb55fa427.zip |
Merge "fs_mgr: removing is_device_secure()"
am: af54c27e1b
Change-Id: I22cac8bba9115765527b2c484b4ce9c15fe816cc
-rw-r--r-- | fs_mgr/Android.bp | 7 | ||||
-rw-r--r-- | fs_mgr/fs_mgr.cpp | 8 | ||||
-rw-r--r-- | fs_mgr/fs_mgr_priv.h | 1 | ||||
-rw-r--r-- | fs_mgr/fs_mgr_verity.cpp | 9 |
4 files changed, 3 insertions, 22 deletions
diff --git a/fs_mgr/Android.bp b/fs_mgr/Android.bp index 2f530efb4..5a6298e9b 100644 --- a/fs_mgr/Android.bp +++ b/fs_mgr/Android.bp @@ -56,7 +56,6 @@ cc_library_static { "libfstab", ], cppflags: [ - "-DALLOW_SKIP_SECURE_CHECK=0", "-DALLOW_ADBD_DISABLE_VERITY=0", ], product_variables: { @@ -66,12 +65,6 @@ cc_library_static { "-DALLOW_ADBD_DISABLE_VERITY=1", ], }, - eng: { - cppflags: [ - "-UALLOW_SKIP_SECURE_CHECK", - "-DALLOW_SKIP_SECURE_CHECK=1", - ], - }, }, } diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp index 25b671b14..4b94f9c97 100644 --- a/fs_mgr/fs_mgr.cpp +++ b/fs_mgr/fs_mgr.cpp @@ -773,10 +773,6 @@ static int handle_encryptable(const struct fstab_rec* rec) } } -bool is_device_secure() { - return android::base::GetBoolProperty("ro.secure", ALLOW_SKIP_SECURE_CHECK ? false : true); -} - /* When multiple fstab records share the same mount_point, it will * try to mount each one in turn, and ignore any duplicates after a * first successful mount. @@ -849,7 +845,7 @@ int fs_mgr_mount_all(struct fstab *fstab, int mount_mode) /* Skips mounting the device. */ continue; } - } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) { + } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY)) { int rc = fs_mgr_setup_verity(&fstab->recs[i], true); if (__android_log_is_debuggable() && (rc == FS_MGR_SETUP_VERITY_DISABLED || @@ -1060,7 +1056,7 @@ int fs_mgr_do_mount(struct fstab *fstab, const char *n_name, char *n_blk_device, /* Skips mounting the device. */ continue; } - } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) { + } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY)) { int rc = fs_mgr_setup_verity(&fstab->recs[i], true); if (__android_log_is_debuggable() && (rc == FS_MGR_SETUP_VERITY_DISABLED || diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h index 0f62e18fd..724156d70 100644 --- a/fs_mgr/fs_mgr_priv.h +++ b/fs_mgr/fs_mgr_priv.h @@ -122,7 +122,6 @@ bool fs_mgr_update_for_slotselect(struct fstab *fstab); bool fs_mgr_is_device_unlocked(); const std::string& get_android_dt_dir(); bool is_dt_compatible(); -bool is_device_secure(); int load_verity_state(struct fstab_rec* fstab, int* mode); #endif /* __CORE_FS_MGR_PRIV_H */ diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp index 7f8e1e213..896b60313 100644 --- a/fs_mgr/fs_mgr_verity.cpp +++ b/fs_mgr/fs_mgr_verity.cpp @@ -765,13 +765,6 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev) const std::string mount_point(basename(fstab->mount_point)); bool verified_at_boot = false; - // This is a public API and so deserves its own check to see if verity - // setup is needed at all. - if (!is_device_secure()) { - LINFO << "Verity setup skipped for " << mount_point; - return FS_MGR_SETUP_VERITY_SKIPPED; - } - if (fec_open(&f, fstab->blk_device, O_RDONLY, FEC_VERITY_DISABLE, FEC_DEFAULT_ROOTS) < 0) { PERROR << "Failed to open '" << fstab->blk_device << "'"; @@ -792,7 +785,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev) #ifdef ALLOW_ADBD_DISABLE_VERITY if (verity.disabled) { retval = FS_MGR_SETUP_VERITY_DISABLED; - LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG"; + LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG/ENG"; goto out; } #endif |