Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include "sysdeps.h" |
| 18 | |
| 19 | #define TRACE_TAG TRACE_ADB |
| 20 | #include "adb.h" |
| 21 | |
| 22 | #include <stdio.h> |
| 23 | #include <stdarg.h> |
| 24 | #include <sys/stat.h> |
| 25 | #include <fcntl.h> |
| 26 | #include <inttypes.h> |
| 27 | |
| 28 | #include "cutils/properties.h" |
Dan Albert | 030b76f | 2015-01-26 17:13:54 -0800 | [diff] [blame] | 29 | #include "ext4_sb.h" |
| 30 | #include <fs_mgr.h> |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 31 | |
| 32 | #define FSTAB_PREFIX "/fstab." |
| 33 | struct fstab *fstab; |
| 34 | |
| 35 | __attribute__((__format__(printf, 2, 3))) __nonnull((2)) |
| 36 | static void write_console(int fd, const char* format, ...) |
| 37 | { |
| 38 | char buffer[256]; |
| 39 | va_list args; |
| 40 | va_start (args, format); |
| 41 | vsnprintf (buffer, sizeof(buffer), format, args); |
| 42 | va_end (args); |
| 43 | |
| 44 | adb_write(fd, buffer, strnlen(buffer, sizeof(buffer))); |
| 45 | } |
| 46 | |
Bernhard Rosenkränzer | 2bd4124 | 2014-12-12 22:22:37 +0100 | [diff] [blame] | 47 | #ifdef ALLOW_ADBD_DISABLE_VERITY |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 48 | static int get_target_device_size(int fd, const char *blk_device, |
| 49 | uint64_t *device_size) |
| 50 | { |
| 51 | int data_device; |
| 52 | struct ext4_super_block sb; |
| 53 | struct fs_info info; |
| 54 | |
| 55 | info.len = 0; /* Only len is set to 0 to ask the device for real size. */ |
| 56 | |
| 57 | data_device = adb_open(blk_device, O_RDONLY | O_CLOEXEC); |
| 58 | if (data_device < 0) { |
| 59 | write_console(fd, "Error opening block device (%s)\n", strerror(errno)); |
| 60 | return -1; |
| 61 | } |
| 62 | |
| 63 | if (lseek64(data_device, 1024, SEEK_SET) < 0) { |
| 64 | write_console(fd, "Error seeking to superblock\n"); |
| 65 | adb_close(data_device); |
| 66 | return -1; |
| 67 | } |
| 68 | |
| 69 | if (adb_read(data_device, &sb, sizeof(sb)) != sizeof(sb)) { |
| 70 | write_console(fd, "Error reading superblock\n"); |
| 71 | adb_close(data_device); |
| 72 | return -1; |
| 73 | } |
| 74 | |
| 75 | ext4_parse_sb(&sb, &info); |
| 76 | *device_size = info.len; |
| 77 | |
| 78 | adb_close(data_device); |
| 79 | return 0; |
| 80 | } |
| 81 | |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 82 | /* Turn verity on/off */ |
| 83 | static int set_verity_enabled_state(int fd, const char *block_device, |
| 84 | const char* mount_point, bool enable) |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 85 | { |
| 86 | uint32_t magic_number; |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 87 | const uint32_t new_magic = enable ? VERITY_METADATA_MAGIC_NUMBER |
| 88 | : VERITY_METADATA_MAGIC_DISABLE; |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 89 | uint64_t device_length; |
Sami Tolvanen | 13449cd | 2015-01-02 13:30:50 +0000 | [diff] [blame] | 90 | int device = -1; |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 91 | int retval = -1; |
| 92 | |
Sami Tolvanen | 13449cd | 2015-01-02 13:30:50 +0000 | [diff] [blame] | 93 | if (make_block_device_writable(block_device)) { |
| 94 | write_console(fd, "Could not make block device %s writable (%s).\n", |
| 95 | block_device, strerror(errno)); |
| 96 | goto errout; |
| 97 | } |
| 98 | |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 99 | device = adb_open(block_device, O_RDWR | O_CLOEXEC); |
| 100 | if (device == -1) { |
| 101 | write_console(fd, "Could not open block device %s (%s).\n", |
| 102 | block_device, strerror(errno)); |
| 103 | write_console(fd, "Maybe run adb remount?\n"); |
| 104 | goto errout; |
| 105 | } |
| 106 | |
| 107 | // find the start of the verity metadata |
| 108 | if (get_target_device_size(fd, (char*)block_device, &device_length) < 0) { |
| 109 | write_console(fd, "Could not get target device size.\n"); |
| 110 | goto errout; |
| 111 | } |
| 112 | |
| 113 | if (lseek64(device, device_length, SEEK_SET) < 0) { |
| 114 | write_console(fd, |
| 115 | "Could not seek to start of verity metadata block.\n"); |
| 116 | goto errout; |
| 117 | } |
| 118 | |
| 119 | // check the magic number |
| 120 | if (adb_read(device, &magic_number, sizeof(magic_number)) |
| 121 | != sizeof(magic_number)) { |
| 122 | write_console(fd, "Couldn't read magic number!\n"); |
| 123 | goto errout; |
| 124 | } |
| 125 | |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 126 | if (!enable && magic_number == VERITY_METADATA_MAGIC_DISABLE) { |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 127 | write_console(fd, "Verity already disabled on %s\n", mount_point); |
| 128 | goto errout; |
| 129 | } |
| 130 | |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 131 | if (enable && magic_number == VERITY_METADATA_MAGIC_NUMBER) { |
| 132 | write_console(fd, "Verity already enabled on %s\n", mount_point); |
| 133 | goto errout; |
| 134 | } |
| 135 | |
| 136 | if (magic_number != VERITY_METADATA_MAGIC_NUMBER |
| 137 | && magic_number != VERITY_METADATA_MAGIC_DISABLE) { |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 138 | write_console(fd, |
| 139 | "Couldn't find verity metadata at offset %"PRIu64"!\n", |
| 140 | device_length); |
| 141 | goto errout; |
| 142 | } |
| 143 | |
| 144 | if (lseek64(device, device_length, SEEK_SET) < 0) { |
| 145 | write_console(fd, |
| 146 | "Could not seek to start of verity metadata block.\n"); |
| 147 | goto errout; |
| 148 | } |
| 149 | |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 150 | if (adb_write(device, &new_magic, sizeof(new_magic)) != sizeof(new_magic)) { |
| 151 | write_console(fd, "Could not set verity %s flag on device %s with error %s\n", |
| 152 | enable ? "enabled" : "disabled", |
| 153 | block_device, |
| 154 | strerror(errno)); |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 155 | goto errout; |
| 156 | } |
| 157 | |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 158 | write_console(fd, "Verity %s on %s\n", |
| 159 | enable ? "enabled" : "disabled", |
| 160 | mount_point); |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 161 | retval = 0; |
| 162 | errout: |
| 163 | if (device != -1) |
| 164 | adb_close(device); |
| 165 | return retval; |
| 166 | } |
Bernhard Rosenkränzer | 2bd4124 | 2014-12-12 22:22:37 +0100 | [diff] [blame] | 167 | #endif |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 168 | |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 169 | void set_verity_enabled_state_service(int fd, void* cookie) |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 170 | { |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 171 | bool enable = (cookie != NULL); |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 172 | #ifdef ALLOW_ADBD_DISABLE_VERITY |
| 173 | char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)]; |
| 174 | char propbuf[PROPERTY_VALUE_MAX]; |
| 175 | int i; |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 176 | bool any_changed = false; |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 177 | |
| 178 | property_get("ro.secure", propbuf, "0"); |
| 179 | if (strcmp(propbuf, "1")) { |
| 180 | write_console(fd, "verity not enabled - ENG build\n"); |
| 181 | goto errout; |
| 182 | } |
| 183 | |
| 184 | property_get("ro.debuggable", propbuf, "0"); |
| 185 | if (strcmp(propbuf, "1")) { |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 186 | write_console(fd, "verity cannot be disabled/enabled - USER build\n"); |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 187 | goto errout; |
| 188 | } |
| 189 | |
| 190 | property_get("ro.hardware", propbuf, ""); |
| 191 | snprintf(fstab_filename, sizeof(fstab_filename), FSTAB_PREFIX"%s", propbuf); |
| 192 | |
| 193 | fstab = fs_mgr_read_fstab(fstab_filename); |
| 194 | if (!fstab) { |
| 195 | write_console(fd, "Failed to open %s\nMaybe run adb root?\n", |
| 196 | fstab_filename); |
| 197 | goto errout; |
| 198 | } |
| 199 | |
| 200 | /* Loop through entries looking for ones that vold manages */ |
| 201 | for (i = 0; i < fstab->num_entries; i++) { |
| 202 | if(fs_mgr_is_verified(&fstab->recs[i])) { |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 203 | if (!set_verity_enabled_state(fd, fstab->recs[i].blk_device, |
| 204 | fstab->recs[i].mount_point, enable)) { |
| 205 | any_changed = true; |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 206 | } |
| 207 | } |
| 208 | } |
| 209 | |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 210 | if (any_changed) { |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 211 | write_console(fd, |
| 212 | "Now reboot your device for settings to take effect\n"); |
| 213 | } |
Bernhard Rosenkränzer | 2bd4124 | 2014-12-12 22:22:37 +0100 | [diff] [blame] | 214 | errout: |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 215 | #else |
Paul Lawrence | 982089d | 2014-12-03 15:31:57 -0800 | [diff] [blame] | 216 | write_console(fd, "%s-verity only works for userdebug builds\n", |
Paul Lawrence | 1d931bc | 2014-12-04 14:54:18 -0800 | [diff] [blame] | 217 | enable ? "enable" : "disable"); |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 218 | #endif |
| 219 | |
Paul Lawrence | ec900bb | 2014-10-09 14:22:49 +0000 | [diff] [blame] | 220 | adb_close(fd); |
| 221 | } |