From 9459f7c09c7756d2328a5aa953137a9d8614acae Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Tue, 12 Mar 2024 19:27:13 -0700 Subject: [PATCH] dmctl: add report of IMA This adds an option "ima" in dmctl. $ dmctl ima product-verity Targets in the device-mapper table for product-verity: 0-7463768: verity, target_name=verity,target_version=1.9.0,hash_failed=V,verity_version=1,data_device_name=254:4,hash_device_name=254:4,verity_algorithm=sha256,root_digest=d7af9fcb04d184219ba5477b97bb2bbc89fd23a46e03d1dea31d674cc4934769,salt=19d4f2345adfc8b7cc22a3c2f21dd413e5020fc7920a08a33f46f3c61492dfcc,ignore_zero_blocks=y,check_at_most_once=n,verity_mode=restart_on_corruption; Change-Id: I057970b6c786b3f9a394b4919f5f5115b27cbc08 Signed-off-by: Jaegeuk Kim --- fs_mgr/libdm/dm.cpp | 7 +++++++ fs_mgr/libdm/include/libdm/dm.h | 7 +++++++ .../include_test/libsnapshot/test_helpers.h | 3 +++ fs_mgr/tools/dmctl.cpp | 13 +++++++++++++ 4 files changed, 30 insertions(+) diff --git a/fs_mgr/libdm/dm.cpp b/fs_mgr/libdm/dm.cpp index e261aa301..fee67fdfa 100644 --- a/fs_mgr/libdm/dm.cpp +++ b/fs_mgr/libdm/dm.cpp @@ -39,6 +39,9 @@ #ifndef DM_DEFERRED_REMOVE #define DM_DEFERRED_REMOVE (1 << 17) #endif +#ifndef DM_IMA_MEASUREMENT_FLAG +#define DM_IMA_MEASUREMENT_FLAG (1 << 19) +#endif namespace android { namespace dm { @@ -540,6 +543,10 @@ bool DeviceMapper::GetTableStatus(const std::string& name, std::vector* table) { + return GetTable(name, DM_IMA_MEASUREMENT_FLAG, table); +} + bool DeviceMapper::GetTableInfo(const std::string& name, std::vector* table) { return GetTable(name, DM_STATUS_TABLE_FLAG, table); } diff --git a/fs_mgr/libdm/include/libdm/dm.h b/fs_mgr/libdm/include/libdm/dm.h index 22c475f1e..fa976535b 100644 --- a/fs_mgr/libdm/include/libdm/dm.h +++ b/fs_mgr/libdm/include/libdm/dm.h @@ -78,6 +78,7 @@ class IDeviceMapper { virtual bool LoadTable(const std::string& name, const DmTable& table) = 0; virtual bool GetTableInfo(const std::string& name, std::vector* table) = 0; virtual bool GetTableStatus(const std::string& name, std::vector* table) = 0; + virtual bool GetTableStatusIma(const std::string& name, std::vector* table) = 0; virtual bool GetDmDevicePathByName(const std::string& name, std::string* path) = 0; virtual bool GetDeviceString(const std::string& name, std::string* dev) = 0; virtual bool DeleteDeviceIfExists(const std::string& name) = 0; @@ -267,6 +268,12 @@ class DeviceMapper final : public IDeviceMapper { // false. bool GetTableStatus(const std::string& name, std::vector* table) override; + // Query the status of a table, given a device name. The output vector will + // contain IMA TargetInfo for each target in the table. If the device does + // not exist, or there were too many targets, the call will fail and return + // false. + bool GetTableStatusIma(const std::string& name, std::vector* table) override; + // Identical to GetTableStatus, except also retrives the active table for the device // mapper device from the kernel. bool GetTableInfo(const std::string& name, std::vector* table) override; diff --git a/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h b/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h index 5e9f049d1..90813fe79 100644 --- a/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h +++ b/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h @@ -155,6 +155,9 @@ class DeviceMapperWrapper : public android::dm::IDeviceMapper { virtual bool GetTableStatus(const std::string& name, std::vector* table) { return impl_.GetTableStatus(name, table); } + virtual bool GetTableStatusIma(const std::string& name, std::vector* table) { + return impl_.GetTableStatusIma(name, table); + } virtual bool GetDmDevicePathByName(const std::string& name, std::string* path) { return impl_.GetDmDevicePathByName(name, path); } diff --git a/fs_mgr/tools/dmctl.cpp b/fs_mgr/tools/dmctl.cpp index 7273087b3..5d5c65029 100644 --- a/fs_mgr/tools/dmctl.cpp +++ b/fs_mgr/tools/dmctl.cpp @@ -52,6 +52,7 @@ static int Usage(void) { std::cerr << " list [-v]" << std::endl; std::cerr << " getpath " << std::endl; std::cerr << " getuuid " << std::endl; + std::cerr << " ima " << std::endl; std::cerr << " info " << std::endl; std::cerr << " replace " << std::endl; std::cerr << " status " << std::endl; @@ -493,7 +494,14 @@ static int DumpTable(const std::string& mode, int argc, char** argv) { << std::endl; return -EINVAL; } + } else if (mode == "ima") { + if (!dm.GetTableStatusIma(argv[0], &table)) { + std::cerr << "Could not query table status of device \"" << argv[0] << "\"." + << std::endl; + return -EINVAL; + } } + std::cout << "Targets in the device-mapper table for " << argv[0] << ":" << std::endl; for (const auto& target : table) { std::cout << target.spec.sector_start << "-" @@ -515,6 +523,10 @@ static int StatusCmdHandler(int argc, char** argv) { return DumpTable("status", argc, argv); } +static int ImaCmdHandler(int argc, char** argv) { + return DumpTable("ima", argc, argv); +} + static int ResumeCmdHandler(int argc, char** argv) { if (argc != 1) { std::cerr << "Invalid arguments, see \'dmctl help\'" << std::endl; @@ -555,6 +567,7 @@ static std::map> cmdmap = { {"info", InfoCmdHandler}, {"table", TableCmdHandler}, {"status", StatusCmdHandler}, + {"ima", ImaCmdHandler}, {"resume", ResumeCmdHandler}, {"suspend", SuspendCmdHandler}, // clang-format on