diff options
| -rw-r--r-- | fs_mgr/libfs_avb/Android.bp | 1 | ||||
| -rw-r--r-- | fs_mgr/libfs_avb/fs_avb.cpp | 31 |
2 files changed, 23 insertions, 9 deletions
diff --git a/fs_mgr/libfs_avb/Android.bp b/fs_mgr/libfs_avb/Android.bp index bf51fe756..8fb969701 100644 --- a/fs_mgr/libfs_avb/Android.bp +++ b/fs_mgr/libfs_avb/Android.bp @@ -31,6 +31,7 @@ cc_library_static { static_libs: [ "libavb", "libdm", + "libgsi", "libfstab", ], export_static_lib_headers: [ diff --git a/fs_mgr/libfs_avb/fs_avb.cpp b/fs_mgr/libfs_avb/fs_avb.cpp index ed623bc2e..5d504ab0d 100644 --- a/fs_mgr/libfs_avb/fs_avb.cpp +++ b/fs_mgr/libfs_avb/fs_avb.cpp @@ -33,6 +33,7 @@ #include <android-base/strings.h> #include <libavb/libavb.h> #include <libdm/dm.h> +#include <libgsi/libgsi.h> #include "avb_ops.h" #include "avb_util.h" @@ -266,6 +267,18 @@ AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta( return avb_handle; } +static bool IsAvbPermissive() { + if (IsDeviceUnlocked()) { + // Manually putting a file under metadata partition can enforce AVB verification. + if (!access(DSU_METADATA_PREFIX "avb_enforce", F_OK)) { + LINFO << "Enforcing AVB verification when the device is unlocked"; + return false; + } + return true; + } + return false; +} + AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta(const FstabEntry& fstab_entry, const std::vector<std::string>& preload_avb_key_blobs) { // At least one of the following should be provided for public key matching. @@ -275,7 +288,7 @@ AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta(const FstabEntry& fstab_entry, } // Binds allow_verification_error and rollback_protection to device unlock state. - bool allow_verification_error = IsDeviceUnlocked(); + bool allow_verification_error = IsAvbPermissive(); bool rollback_protection = !allow_verification_error; std::string public_key_data; @@ -364,15 +377,15 @@ AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta() { return LoadAndVerifyVbmeta("vbmeta", fs_mgr_get_slot_suffix(), fs_mgr_get_other_slot_suffix(), {} /* expected_public_key, already checked by bootloader */, HashAlgorithm::kSHA256, - IsDeviceUnlocked(), /* allow_verification_error */ - true, /* load_chained_vbmeta */ + IsAvbPermissive(), /* allow_verification_error */ + true, /* load_chained_vbmeta */ false, /* rollback_protection, already checked by bootloader */ nullptr /* custom_device_path */); } // TODO(b/128807537): removes this function. AvbUniquePtr AvbHandle::Open() { - bool is_device_unlocked = IsDeviceUnlocked(); + bool allow_verification_error = IsAvbPermissive(); AvbUniquePtr avb_handle(new AvbHandle()); if (!avb_handle) { @@ -381,8 +394,9 @@ AvbUniquePtr AvbHandle::Open() { } FsManagerAvbOps avb_ops; - AvbSlotVerifyFlags flags = is_device_unlocked ? AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR - : AVB_SLOT_VERIFY_FLAGS_NONE; + AvbSlotVerifyFlags flags = allow_verification_error + ? AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR + : AVB_SLOT_VERIFY_FLAGS_NONE; AvbSlotVerifyResult verify_result = avb_ops.AvbSlotVerify(fs_mgr_get_slot_suffix(), flags, &avb_handle->vbmeta_images_); @@ -405,9 +419,8 @@ AvbUniquePtr AvbHandle::Open() { break; case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED: - if (!is_device_unlocked) { - LERROR << "ERROR_VERIFICATION / PUBLIC_KEY_REJECTED isn't allowed " - << "if the device is LOCKED"; + if (!allow_verification_error) { + LERROR << "ERROR_VERIFICATION / PUBLIC_KEY_REJECTED isn't allowed "; return nullptr; } avb_handle->status_ = AvbHandleStatus::kVerificationError; |