diff options
| author | Bowgo Tsai <bowgotsai@google.com> | 2017-04-27 18:18:56 +0800 |
|---|---|---|
| committer | Bowgo Tsai <bowgotsai@google.com> | 2017-04-27 18:58:29 +0800 |
| commit | 48fdc292f96e66d33d577bdf5a6da7cb0f5f791a (patch) | |
| tree | 0c2f5423398c453b8bf72e874199ed6000056e46 /fs_mgr | |
| parent | 8a85c253bfabb0fd495949cb36edf73eae9d09f2 (diff) | |
| download | core-48fdc292f96e66d33d577bdf5a6da7cb0f5f791a.tar.gz core-48fdc292f96e66d33d577bdf5a6da7cb0f5f791a.tar.bz2 core-48fdc292f96e66d33d577bdf5a6da7cb0f5f791a.zip | |
fs_mgr: set "partition.system.verified" when AVB is used in a A/B device
In a A/B device, system partition is mounted by kernel as root.
In vboot 1.0, the dm device name of system partition is "system" with
the following configuration in kernel command line:
- dm="system none ro,0 1 android-verity /dev/sda34"
In AVB, the dm device name is switched to vroot as:
- dm="1 vroot none ro 1,0 5201456 verity 1 ..."
When sending ioctl DM_TABLE_STATUS to query status, we should use "vroot" as the
dm device name for AVB. But still pass "system" for the callback function to set
property [partition.system.verified] instead of [partition.vroot.verified].
Bug: 36900078
Test: Use AVB to mount system in a A/B device, checks the property exists
[partition.system.verified]
Test: Use vboot 1.0 to mount system in a A/B device, checks the property exists
[partition.system.verified]
Test: Checks 'adb remount' will output warning message:
- dm_verity is enabled on the system and vendor partitions.
- Use "adb disable-verity" to disable verity.
Change-Id: Iaee7eb2b00b03729bc07fa24f1b449488716d2ea
Diffstat (limited to 'fs_mgr')
| -rw-r--r-- | fs_mgr/fs_mgr.cpp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp index e3d4f870c..247768aeb 100644 --- a/fs_mgr/fs_mgr.cpp +++ b/fs_mgr/fs_mgr.cpp @@ -1367,7 +1367,8 @@ bool fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback) { std::string mount_point; if (system_root && !strcmp(fstab->recs[i].mount_point, "/")) { - mount_point = "system"; + // In AVB, the dm device name is vroot instead of system. + mount_point = fs_mgr_is_avb(&fstab->recs[i]) ? "vroot" : "system"; } else { mount_point = basename(fstab->recs[i].mount_point); } @@ -1386,6 +1387,10 @@ bool fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback) { status = &buffer[io->data_start + sizeof(struct dm_target_spec)]; + // To be consistent in vboot 1.0 and vboot 2.0 (AVB), change the mount_point + // back to 'system' for the callback. So it has property [partition.system.verified] + // instead of [partition.vroot.verified]. + if (mount_point == "vroot") mount_point = "system"; if (*status == 'C' || *status == 'V') { callback(&fstab->recs[i], mount_point.c_str(), mode, *status); } |