/*
|
* Copyright (C) 2016 The Android Open Source Project
|
*
|
* Permission is hereby granted, free of charge, to any person
|
* obtaining a copy of this software and associated documentation
|
* files (the "Software"), to deal in the Software without
|
* restriction, including without limitation the rights to use, copy,
|
* modify, merge, publish, distribute, sublicense, and/or sell copies
|
* of the Software, and to permit persons to whom the Software is
|
* furnished to do so, subject to the following conditions:
|
*
|
* The above copyright notice and this permission notice shall be
|
* included in all copies or substantial portions of the Software.
|
*
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
* SOFTWARE.
|
*/
|
|
#include "avb_ops.h"
|
|
#include <errno.h>
|
#include <fcntl.h>
|
#include <stdlib.h>
|
#include <string.h>
|
#include <sys/stat.h>
|
|
#include <string>
|
|
#include <android-base/macros.h>
|
#include <android-base/strings.h>
|
#include <android-base/unique_fd.h>
|
#include <libavb/libavb.h>
|
#include <libdm/dm.h>
|
#include <utils/Compat.h>
|
|
#include "util.h"
|
|
using namespace std::literals;
|
|
namespace android {
|
namespace fs_mgr {
|
|
static AvbIOResult read_from_partition(AvbOps* ops, const char* partition, int64_t offset,
|
size_t num_bytes, void* buffer, size_t* out_num_read) {
|
return FsManagerAvbOps::GetInstanceFromAvbOps(ops)->ReadFromPartition(
|
partition, offset, num_bytes, buffer, out_num_read);
|
}
|
|
static AvbIOResult dummy_read_rollback_index(AvbOps* ops ATTRIBUTE_UNUSED,
|
size_t rollback_index_location ATTRIBUTE_UNUSED,
|
uint64_t* out_rollback_index) {
|
// rollback_index has been checked in bootloader phase.
|
// In user-space, returns the smallest value 0 to pass the check.
|
*out_rollback_index = 0;
|
return AVB_IO_RESULT_OK;
|
}
|
|
static AvbIOResult dummy_validate_vbmeta_public_key(
|
AvbOps* ops ATTRIBUTE_UNUSED, const uint8_t* public_key_data ATTRIBUTE_UNUSED,
|
size_t public_key_length ATTRIBUTE_UNUSED,
|
const uint8_t* public_key_metadata ATTRIBUTE_UNUSED,
|
size_t public_key_metadata_length ATTRIBUTE_UNUSED, bool* out_is_trusted) {
|
// vbmeta public key has been checked in bootloader phase.
|
// In user-space, returns true to pass the check.
|
//
|
// Addtionally, user-space should check
|
// androidboot.vbmeta.{hash_alg, size, digest} against the digest
|
// of all vbmeta images after invoking avb_slot_verify().
|
*out_is_trusted = true;
|
return AVB_IO_RESULT_OK;
|
}
|
|
static AvbIOResult dummy_read_is_device_unlocked(AvbOps* ops ATTRIBUTE_UNUSED,
|
bool* out_is_unlocked) {
|
// The function is for bootloader to update the value into
|
// androidboot.vbmeta.device_state in kernel cmdline.
|
// In user-space, returns true as we don't need to update it anymore.
|
*out_is_unlocked = true;
|
return AVB_IO_RESULT_OK;
|
}
|
|
static AvbIOResult dummy_get_unique_guid_for_partition(AvbOps* ops ATTRIBUTE_UNUSED,
|
const char* partition ATTRIBUTE_UNUSED,
|
char* guid_buf, size_t guid_buf_size) {
|
// The function is for bootloader to set the correct UUID
|
// for a given partition in kernel cmdline.
|
// In user-space, returns a faking one as we don't need to update
|
// it anymore.
|
snprintf(guid_buf, guid_buf_size, "1234-fake-guid-for:%s", partition);
|
return AVB_IO_RESULT_OK;
|
}
|
|
static AvbIOResult dummy_get_size_of_partition(AvbOps* ops ATTRIBUTE_UNUSED,
|
const char* partition ATTRIBUTE_UNUSED,
|
uint64_t* out_size_num_byte) {
|
// The function is for bootloader to load entire content of AVB HASH partitions.
|
// In user-space, returns 0 as we only need to set up AVB HASHTHREE partitions.
|
*out_size_num_byte = 0;
|
return AVB_IO_RESULT_OK;
|
}
|
|
// Converts a partition name (with ab_suffix) to the corresponding mount point.
|
// e.g., "system_a" => "/system",
|
// e.g., "vendor_a" => "/vendor",
|
static std::string DeriveMountPoint(const std::string& partition_name) {
|
const std::string ab_suffix = fs_mgr_get_slot_suffix();
|
std::string mount_point(partition_name);
|
auto found = partition_name.rfind(ab_suffix);
|
if (found != std::string::npos) {
|
mount_point.erase(found); // converts system_a => system
|
}
|
|
return "/" + mount_point;
|
}
|
|
FsManagerAvbOps::FsManagerAvbOps() {
|
// We only need to provide the implementation of read_from_partition()
|
// operation since that's all what is being used by the avb_slot_verify().
|
// Other I/O operations are only required in bootloader but not in
|
// user-space so we set them as dummy operations. Also zero the entire
|
// struct so operations added in the future will be set to NULL.
|
memset(&avb_ops_, 0, sizeof(AvbOps));
|
avb_ops_.read_from_partition = read_from_partition;
|
avb_ops_.read_rollback_index = dummy_read_rollback_index;
|
avb_ops_.validate_vbmeta_public_key = dummy_validate_vbmeta_public_key;
|
avb_ops_.read_is_device_unlocked = dummy_read_is_device_unlocked;
|
avb_ops_.get_unique_guid_for_partition = dummy_get_unique_guid_for_partition;
|
avb_ops_.get_size_of_partition = dummy_get_size_of_partition;
|
|
// Sets user_data for GetInstanceFromAvbOps() to convert it back to FsManagerAvbOps.
|
avb_ops_.user_data = this;
|
}
|
|
// Given a partition name (with ab_suffix), e.g., system_a, returns the corresponding
|
// dm-linear path for it. e.g., /dev/block/dm-0. If not found, returns an empty string.
|
// This assumes that the prefix of the partition name and the mount point are the same.
|
// e.g., partition vendor_a is mounted under /vendor, product_a is mounted under /product, etc.
|
// This might not be true for some special fstab files, e.g., fstab.postinstall.
|
// But it's good enough for the default fstab. Also note that the logical path is a
|
// fallback solution when the physical path (/dev/block/by-name/<partition>) cannot be found.
|
std::string FsManagerAvbOps::GetLogicalPath(const std::string& partition_name) {
|
if (fstab_.empty() && !ReadDefaultFstab(&fstab_)) {
|
return "";
|
}
|
|
const auto mount_point = DeriveMountPoint(partition_name);
|
if (mount_point.empty()) return "";
|
|
auto fstab_entry = GetEntryForMountPoint(&fstab_, mount_point);
|
if (!fstab_entry) return "";
|
|
std::string device_path;
|
if (fstab_entry->fs_mgr_flags.logical) {
|
dm::DeviceMapper& dm = dm::DeviceMapper::Instance();
|
if (!dm.GetDmDevicePathByName(fstab_entry->blk_device, &device_path)) {
|
LERROR << "Failed to resolve logical device path for: " << fstab_entry->blk_device;
|
return "";
|
}
|
return device_path;
|
}
|
|
return "";
|
}
|
|
AvbIOResult FsManagerAvbOps::ReadFromPartition(const char* partition, int64_t offset,
|
size_t num_bytes, void* buffer,
|
size_t* out_num_read) {
|
std::string path = "/dev/block/by-name/"s + partition;
|
|
// Ensures the device path (a symlink created by init) is ready to access.
|
if (!WaitForFile(path, 1s)) {
|
LERROR << "Device path not found: " << path;
|
// Falls back to logical path if the physical path is not found.
|
// This mostly only works for emulator (no bootloader). Because in normal
|
// device, bootloader is unable to read logical partitions. So if libavb in
|
// the bootloader failed to read a physical partition, it will failed to boot
|
// the HLOS and we won't reach the code here.
|
path = GetLogicalPath(partition);
|
if (path.empty() || !WaitForFile(path, 1s)) return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
|
LINFO << "Fallback to use logical device path: " << path;
|
}
|
|
android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(path.c_str(), O_RDONLY | O_CLOEXEC)));
|
if (fd < 0) {
|
PERROR << "Failed to open " << path;
|
return AVB_IO_RESULT_ERROR_IO;
|
}
|
|
// If offset is negative, interprets its absolute value as the
|
// number of bytes from the end of the partition.
|
if (offset < 0) {
|
off64_t total_size = lseek64(fd, 0, SEEK_END);
|
if (total_size == -1) {
|
PERROR << "Failed to lseek64 to end of the partition";
|
return AVB_IO_RESULT_ERROR_IO;
|
}
|
offset = total_size + offset;
|
// Repositions the offset to the beginning.
|
if (lseek64(fd, 0, SEEK_SET) == -1) {
|
PERROR << "Failed to lseek64 to the beginning of the partition";
|
return AVB_IO_RESULT_ERROR_IO;
|
}
|
}
|
|
// On Linux, we never get partial reads from block devices (except
|
// for EOF).
|
ssize_t num_read = TEMP_FAILURE_RETRY(pread64(fd, buffer, num_bytes, offset));
|
if (num_read < 0 || (size_t)num_read != num_bytes) {
|
PERROR << "Failed to read " << num_bytes << " bytes from " << path << " offset " << offset;
|
return AVB_IO_RESULT_ERROR_IO;
|
}
|
|
if (out_num_read != nullptr) {
|
*out_num_read = num_read;
|
}
|
|
return AVB_IO_RESULT_OK;
|
}
|
|
AvbSlotVerifyResult FsManagerAvbOps::AvbSlotVerify(const std::string& ab_suffix,
|
AvbSlotVerifyFlags flags,
|
std::vector<VBMetaData>* out_vbmeta_images) {
|
// Invokes avb_slot_verify() to load and verify all vbmeta images.
|
// Sets requested_partitions to nullptr as it's to copy the contents
|
// of HASH partitions into handle>avb_slot_data_, which is not required as
|
// fs_mgr only deals with HASHTREE partitions.
|
const char* requested_partitions[] = {nullptr};
|
|
// Local resource to store vbmeta images from avb_slot_verify();
|
AvbSlotVerifyData* avb_slot_data;
|
|
// The |hashtree_error_mode| field doesn't matter as it only
|
// influences the generated kernel cmdline parameters.
|
auto verify_result =
|
avb_slot_verify(&avb_ops_, requested_partitions, ab_suffix.c_str(), flags,
|
AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, &avb_slot_data);
|
|
if (!avb_slot_data) return verify_result;
|
// Copies avb_slot_data->vbmeta_images[].
|
for (size_t i = 0; i < avb_slot_data->num_vbmeta_images; i++) {
|
out_vbmeta_images->emplace_back(VBMetaData(avb_slot_data->vbmeta_images[i].vbmeta_data,
|
avb_slot_data->vbmeta_images[i].vbmeta_size,
|
avb_slot_data->vbmeta_images[i].partition_name));
|
}
|
|
// Free the local resource.
|
avb_slot_verify_data_free(avb_slot_data);
|
|
return verify_result;
|
}
|
|
} // namespace fs_mgr
|
} // namespace android
|
