Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / core / fe68578716290d93fd42005622adade8d345de3c / . / adb / set_verity_enable_state_service.c
blob: 2660ddd73c5407903b80c3d6dcc168dd3297955d [file] [log] [blame]
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "sysdeps.h"
18
19#define TRACE_TAG TRACE_ADB
20#include "adb.h"
21
22#include <stdio.h>
23#include <stdarg.h>
24#include <sys/stat.h>
25#include <fcntl.h>
26#include <inttypes.h>
27
28#include "cutils/properties.h"
Dan Albert030b76f2015-01-26 17:13:54 -0800[diff] [blame]29#include "ext4_sb.h"
30#include <fs_mgr.h>
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]31
32#define FSTAB_PREFIX "/fstab."
33struct fstab *fstab;
34
35__attribute__((__format__(printf, 2, 3))) __nonnull((2))
36static void write_console(int fd, const char* format, ...)
37{
38 char buffer[256];
39 va_list args;
40 va_start (args, format);
41 vsnprintf (buffer, sizeof(buffer), format, args);
42 va_end (args);
43
44 adb_write(fd, buffer, strnlen(buffer, sizeof(buffer)));
45}
46
Bernhard Rosenkränzer2bd41242014-12-12 22:22:37 +0100[diff] [blame]47#ifdef ALLOW_ADBD_DISABLE_VERITY
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]48static int get_target_device_size(int fd, const char *blk_device,
49 uint64_t *device_size)
50{
51 int data_device;
52 struct ext4_super_block sb;
53 struct fs_info info;
54
55 info.len = 0; /* Only len is set to 0 to ask the device for real size. */
56
57 data_device = adb_open(blk_device, O_RDONLY | O_CLOEXEC);
58 if (data_device < 0) {
59 write_console(fd, "Error opening block device (%s)\n", strerror(errno));
60 return -1;
61 }
62
63 if (lseek64(data_device, 1024, SEEK_SET) < 0) {
64 write_console(fd, "Error seeking to superblock\n");
65 adb_close(data_device);
66 return -1;
67 }
68
69 if (adb_read(data_device, &sb, sizeof(sb)) != sizeof(sb)) {
70 write_console(fd, "Error reading superblock\n");
71 adb_close(data_device);
72 return -1;
73 }
74
75 ext4_parse_sb(&sb, &info);
76 *device_size = info.len;
77
78 adb_close(data_device);
79 return 0;
80}
81
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]82/* Turn verity on/off */
83static int set_verity_enabled_state(int fd, const char *block_device,
84 const char* mount_point, bool enable)
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]85{
86 uint32_t magic_number;
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]87 const uint32_t new_magic = enable ? VERITY_METADATA_MAGIC_NUMBER
88 : VERITY_METADATA_MAGIC_DISABLE;
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]89 uint64_t device_length;
Sami Tolvanen13449cd2015-01-02 13:30:50 +0000[diff] [blame]90 int device = -1;
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]91 int retval = -1;
92
Sami Tolvanen13449cd2015-01-02 13:30:50 +0000[diff] [blame]93 if (make_block_device_writable(block_device)) {
94 write_console(fd, "Could not make block device %s writable (%s).\n",
95 block_device, strerror(errno));
96 goto errout;
97 }
98
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]99 device = adb_open(block_device, O_RDWR | O_CLOEXEC);
100 if (device == -1) {
101 write_console(fd, "Could not open block device %s (%s).\n",
102 block_device, strerror(errno));
103 write_console(fd, "Maybe run adb remount?\n");
104 goto errout;
105 }
106
107 // find the start of the verity metadata
108 if (get_target_device_size(fd, (char*)block_device, &device_length) < 0) {
109 write_console(fd, "Could not get target device size.\n");
110 goto errout;
111 }
112
113 if (lseek64(device, device_length, SEEK_SET) < 0) {
114 write_console(fd,
115 "Could not seek to start of verity metadata block.\n");
116 goto errout;
117 }
118
119 // check the magic number
120 if (adb_read(device, &magic_number, sizeof(magic_number))
121 != sizeof(magic_number)) {
122 write_console(fd, "Couldn't read magic number!\n");
123 goto errout;
124 }
125
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]126 if (!enable && magic_number == VERITY_METADATA_MAGIC_DISABLE) {
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]127 write_console(fd, "Verity already disabled on %s\n", mount_point);
128 goto errout;
129 }
130
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]131 if (enable && magic_number == VERITY_METADATA_MAGIC_NUMBER) {
132 write_console(fd, "Verity already enabled on %s\n", mount_point);
133 goto errout;
134 }
135
136 if (magic_number != VERITY_METADATA_MAGIC_NUMBER
137 && magic_number != VERITY_METADATA_MAGIC_DISABLE) {
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]138 write_console(fd,
139 "Couldn't find verity metadata at offset %"PRIu64"!\n",
140 device_length);
141 goto errout;
142 }
143
144 if (lseek64(device, device_length, SEEK_SET) < 0) {
145 write_console(fd,
146 "Could not seek to start of verity metadata block.\n");
147 goto errout;
148 }
149
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]150 if (adb_write(device, &new_magic, sizeof(new_magic)) != sizeof(new_magic)) {
151 write_console(fd, "Could not set verity %s flag on device %s with error %s\n",
152 enable ? "enabled" : "disabled",
153 block_device,
154 strerror(errno));
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]155 goto errout;
156 }
157
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]158 write_console(fd, "Verity %s on %s\n",
159 enable ? "enabled" : "disabled",
160 mount_point);
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]161 retval = 0;
162errout:
163 if (device != -1)
164 adb_close(device);
165 return retval;
166}
Bernhard Rosenkränzer2bd41242014-12-12 22:22:37 +0100[diff] [blame]167#endif
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]168
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]169void set_verity_enabled_state_service(int fd, void* cookie)
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]170{
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]171 bool enable = (cookie != NULL);
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]172#ifdef ALLOW_ADBD_DISABLE_VERITY
173 char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
174 char propbuf[PROPERTY_VALUE_MAX];
175 int i;
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]176 bool any_changed = false;
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]177
178 property_get("ro.secure", propbuf, "0");
179 if (strcmp(propbuf, "1")) {
180 write_console(fd, "verity not enabled - ENG build\n");
181 goto errout;
182 }
183
184 property_get("ro.debuggable", propbuf, "0");
185 if (strcmp(propbuf, "1")) {
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]186 write_console(fd, "verity cannot be disabled/enabled - USER build\n");
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]187 goto errout;
188 }
189
190 property_get("ro.hardware", propbuf, "");
191 snprintf(fstab_filename, sizeof(fstab_filename), FSTAB_PREFIX"%s", propbuf);
192
193 fstab = fs_mgr_read_fstab(fstab_filename);
194 if (!fstab) {
195 write_console(fd, "Failed to open %s\nMaybe run adb root?\n",
196 fstab_filename);
197 goto errout;
198 }
199
200 /* Loop through entries looking for ones that vold manages */
201 for (i = 0; i < fstab->num_entries; i++) {
202 if(fs_mgr_is_verified(&fstab->recs[i])) {
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]203 if (!set_verity_enabled_state(fd, fstab->recs[i].blk_device,
204 fstab->recs[i].mount_point, enable)) {
205 any_changed = true;
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]206 }
207 }
208 }
209
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]210 if (any_changed) {
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]211 write_console(fd,
212 "Now reboot your device for settings to take effect\n");
213 }
Bernhard Rosenkränzer2bd41242014-12-12 22:22:37 +0100[diff] [blame]214errout:
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]215#else
Paul Lawrence982089d2014-12-03 15:31:57 -0800[diff] [blame]216 write_console(fd, "%s-verity only works for userdebug builds\n",
Paul Lawrence1d931bc2014-12-04 14:54:18 -0800[diff] [blame]217 enable ? "enable" : "disable");
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]218#endif
219
Paul Lawrenceec900bb2014-10-09 14:22:49 +0000[diff] [blame]220 adb_close(fd);
221}