Commit graph

1198 commits

Author SHA1 Message Date
Greg Kaiser
4d6f4cc4fe libfs_avb: Pass const string by reference
Minor performance improvement for ValidatePublicKeyBlob().

Test: TreeHugger
Change-Id: I3498b529abedb8169d2488a2dc04cbd42cdb6f7d
2019-02-28 06:34:25 -08:00
Treehugger Robot
33f344cb36 Merge "libfs_avb: support key rotation for standalone partitions" 2019-02-28 01:13:20 +00:00
Treehugger Robot
c620f4a1b8 Merge changes I7a2dd830,I6ce43725,I5fc2f370,Ibc2e14bd,Idf213800, ...
* changes:
  fs_mgr_remount: support legacy devices (marlin)
  fs_mgr: remount: add -R argument
  fs_mgr: remount: add -T fstab argument
  fs_mgr: remount: log to stderr and logd
  fs_mgr: add remount command
  fs_mgr: overlayfs: test: add inRecovery check
2019-02-27 23:14:43 +00:00
Mark Salyzyn
4469fb1c06 fs_mgr_remount: support legacy devices (marlin)
Deal with first version of verity for legacy products.

Test: system/core/fs_mgr/tests/adb-remount-test.sh
Bug: 120448575
Bug: 123079041
Change-Id: I7a2dd8309cbb19751fdbb05d4efc30c486615e04
2019-02-27 13:03:13 -08:00
Mark Salyzyn
1188ce4e1d fs_mgr: remount: add -R argument
The -R flag tells remount it can reboot to disable verity or to
run fsck on an ext4 deduped filesystem, or both.

Testing may include a manual component because adb-remount-test.sh
needs to run from a device in an enable-verity state to test this.

Only recognizes chained avb.

Test: adb-remount-test.sh
Bug: 122602260
Change-Id: I6ce4372532d9b933dcca9e2bec544d525b76c4d9
2019-02-27 13:03:13 -08:00
Mark Salyzyn
8c07db6a6b fs_mgr: remount: add -T fstab argument
Allow selection of an fstab file.  This is to mirror the built-in
functionality associated with init mount_all <fstab> command.

Test: adb-remount-test.sh
Bug: 122602260
Change-Id: I5fc2f3707c1dafd687c826eaccbaab03a408035b
2019-02-27 13:03:13 -08:00
Mark Salyzyn
75941f2c9c fs_mgr: remount: log to stderr and logd
Logging normally goes to stderr, also send output redirected to the
Android Logger.  Required if command is exec'd, useful if commanded
from shell.

Test: manual confirmation of both outputs.
Bug: 122602260
Change-Id: Ibc2e14bd4fad561514c0c33741da8ca6f00af3f3
2019-02-27 13:03:13 -08:00
Mark Salyzyn
6b3f587ac7 fs_mgr: add remount command
There is currently no good option for callers to setup overlayfs
on-device, it is automated as part of the adb services.  Add a
remount command that does what is needed that simulates the salient
behaviors of the adb remount command.

Clean up some noise restoring device to original state when done.

Test: adb-remount-test.sh
Bug: 122602260
Change-Id: Idf213800a8182cb1c51600c8f574df8a8cd68d4a
2019-02-27 13:03:13 -08:00
Mark Salyzyn
6dc0dfe785 fs_mgr: overlayfs: test: add inRecovery check
Handle a device in recovery mode gracefully.  Handle a device
that fails to boot into a commanded state more gracefully.

Deal with regression where die() calls restore(), and we can not
have this under the conditions where we are ignoring the error
in a subshell.

Test: adb-remount-test.sh
Bug: 118225373
Bug: 123079041
Change-Id: Ie37beb245d0ec55eb00757cdb93da34ff9c42827
2019-02-27 13:03:08 -08:00
David Anderson
2c32a6cf24 Merge "libfiemap_writer: Allow callers to query the block device of a file." 2019-02-27 19:48:14 +00:00
Bowgo Tsai
f3e28e1682 libfs_avb: support key rotation for standalone partitions
The FstabEntry.avb_key is renamed to FstabEntry.avb_keys, to
allow specifying multiple avb keys, separated by ':'
(because ',' is already used by fstab parsing).

Bug: 124013032
Test: boot live GSI with multiple allowed AVB keys
Change-Id: Iacd3472a1d5a659dfecf09ea6074d622658f4d0b
2019-02-27 04:13:21 +00:00
Treehugger Robot
df3f38f6c9 Merge "fs_mgr: overlayfs: requires override_creds patch for 4.4+ kernels (taimen)" 2019-02-27 01:18:23 +00:00
David Anderson
e99564fc62 Merge "Allow fiemap_writer_test to run in arbitrary directories." 2019-02-26 19:33:36 +00:00
Mark Salyzyn
a9451a5db1 fs_mgr: overlayfs: requires override_creds patch for 4.4+ kernels (taimen)
The original adb-remount-test.sh when certifying kernels allowed a
pass on 4.4 kernels because it added new content, and missed a test
for overriding existing content.  When the test was added to confirm
APEX control of libc.so, it serendipitously added a check for
overriding existing content, which the 4.4 kernel did not allow to
pass.  Update the tests and documentation to reflect this new state
of affairs.

Summary: 4.4 kernel overlayfs driver worked partially without the
patch for override_creds.

Test: adb-remount-test.sh
Bug: 126256072
Change-Id: I979ea59a12bc0b9926826b9b09a7893ab3b9ee7f
2019-02-26 08:45:17 -08:00
Treehugger Robot
a24338bff8 Merge "fs_mgr: overlayfs: system as root can not detect shared blocks (taimen)" 2019-02-26 05:34:32 +00:00
David Anderson
50ce7e090a libfiemap_writer: Allow callers to query the block device of a file.
Bug: 126249541
Test: manual test
Change-Id: I478bcf60caf0cedc84189c39fee4b6c4f94b6ed6
2019-02-25 19:10:09 -08:00
Treehugger Robot
6d6ccdf7c6 Merge changes from topic "fs_mgr_unit_test"
* changes:
  Fix fs_mgr_unit_test
  fs_mgr: add test_suites: ["device-tests"]
2019-02-26 02:35:42 +00:00
David Anderson
82b54d2a5e Allow fiemap_writer_test to run in arbitrary directories.
This allows fiemap_writer_test to be run on any read-write partition or
block device.

Bug: 126230649
Test: fiemap_writer_test
Change-Id: Ie002cb77c84c683e5f242695882ba78d510eca36
2019-02-25 15:38:14 -08:00
Treehugger Robot
032b744809 Merge "fiemap_writer: Use fallocate64" 2019-02-25 22:54:49 +00:00
Mark Salyzyn
94a0dedbc4 fs_mgr: overlayfs: test: Add --print-time option
Make it easier to collect test execution time.

Clean up some noise restoring device to original state.

Test: adb-remount-test.sh --print-time
Bug: 123079041
Change-Id: I56f12698ff25362dcefcf8a6ddd8f96a23b37f34
2019-02-25 21:33:33 +00:00
Mark Salyzyn
3f014a2abf fs_mgr: overlayfs: system as root can not detect shared blocks (taimen)
init first stage manufactures a / mount pointing to /dev/root and
we can not use that for checking the filesystem.  Result is /system
overlay is mounted in second stage.

This adjustment to special case /dev/root is safe for overlayfs
handling because we will also gate on content in
/mnt/scratch/overlay/system, which will not be set during runtime
setup because check will have the proper block device at that time.

Test: adb-remount-test.sh
Bug: 123079041
Change-Id: I9c6674163955155f26ad2b0c9b78e9ff6507a514
2019-02-25 13:30:51 -08:00
Paul Trautrim
3d001e7ebb fiemap_writer: Use fallocate64
This is necessary for cf_x86.

Test: gsi_tool install
Change-Id: Ifb1afc149f76a98e9db8f9d71a74542416113590
2019-02-25 16:59:26 +09:00
Treehugger Robot
084d3b9124 Merge "libfs_avb: support rollback protection for Live GSI" 2019-02-22 16:28:23 +00:00
Bowgo Tsai
035f7f2b9c Fix fs_mgr_unit_test
The copy of /data/* doesn't work now, so put the fstab content
into the unittest source instead.

Also replacing ReadFstabFromFd with ReadFstabFromFile, to prevent
race.

Finally, two test cases are temporarily disabled due to read
fstab file error (root cause is still unknown).

Bug: 124837435
Test: atest 124837435
Change-Id: Ib6a3d931a48bffd8be23bda23fa4492babafd166
2019-02-22 10:09:52 +08:00
Tom Cherry
7b98b64dda fs_mgr: add test_suites: ["device-tests"]
Bug: 124837435
Test: tree-hugger
Change-Id: Ia82eb9000b62926abbea108fdd77f15f4a2a1f8c
2019-02-21 11:42:04 +08:00
Bowgo Tsai
918668a2cd libfs_avb: support rollback protection for Live GSI
This commit extracts the security patch level (SPL), e.g.,
com.android.build.system.security_patch = 2019-04-05 from AVB property
descriptors when attempting to mount a standalone image (e.g., live
GSI). Then compares the SPL between the old system.img and the new live
system.img for rollback protection.

Bug: 122705329
Test: boot an old Live GSI, checks rollback is detected
Change-Id: I7aae58c0b2062a3ff57ed932ad58e7b604453fed
2019-02-21 10:32:18 +08:00
Tom Cherry
15800946e0 __android_log_is_debuggable() shouldn't be an apex symbol
Remove a superfluous check in fs_mgr, since those return values are
already impossible for a non-debuggable build.  Replace a one time
call to __android_log_is_debuggable(), since there's no reason to
cache the value or use this symbol.

Test: build
Change-Id: Icd4bef7b616c49d304303747388d7e3018c6fcfc
2019-02-20 12:52:02 -08:00
Bowgo Tsai
9bbaa7bbee Adding GSI fstab entries when needed
In ReadFstabFromFile(), currently it always adds 'system_gsi' and
'userdata_gsi' fstab entries when running in Live GSI. As the API
might be used to load a fstab file without "/system" and/or "/data",
it's better to replace "/system" with 'system_gsi' and "/data" with
'userdata_gsi', instead of adding 'system_gsi' and 'userdata_gsi'
unconditionally.

Bug: 124640105
Test: boot a Live GSI, then `atest libfs_avb_device_test`

Change-Id: I52928f95b9ebd12ce09ffd538caf96a2de430dbc
2019-02-18 13:27:53 +00:00
Paul Trautrim
c10d3fdb2c Add presubmit test for vendor overlay
Add a test that creates files in the appropriate vendor_overlay directory and
verifies that they are correctly overlaid (or not) onto /vendor after rebooting.

Test: locally running atest
Change-Id: I65860dbeb837f86ac030fa51b3af93844e82de96
2019-02-16 08:24:35 +09:00
Mark Salyzyn
bbe33f7826 fs_mgr: harden adb-remount-test.sh
Harden adb-remount-test.sh script.  Add --no-color and --color
options.  Allows --serial to be passed in.  Add a recovery handler
that restores the device to verity enabled if possible.  List the
partitions sizes as they may be relevant to triaging errors.  Allow
for devices that have a mixed set of remounts, some direct, some
with overlayfs.  Allow two scripts to run at the same time on a host
machine targetting different devices.  Detect if wrong adb is used
for adb reboot-fastboot.

Add a build target for adb-remount-test.sh so that the script
is landed into the host tools bin for easy pickup.

Test: adb-remount-test.sh
Bug: 123079041
Change-Id: I6369a245a656419067ec4350a4dbdf78c9b0533e
2019-02-15 14:28:19 -08:00
David Anderson
cb13a7766e Merge "Enable metadata encryption for userdata_gsi." 2019-02-14 20:27:05 +00:00
Mark Salyzyn
dffdb4374b fs_mgr: overlayfs: export fs_mgr_overlayfs_candidate_list
Refactor fs_mgr_candidate_list into fs_mgr_overlayfs_candidate_list
that reports all the possible candidates.  The caller is responsible
for filtering out any that have verity enabled.

Sundry improvements to the adb-remount-test.sh script to improve
stability and feedback.

Test: adb-remount-test.sh
Bug: 122602260
Change-Id: I2399f83d8ed77d8f3d2ad1405d0c187ccbace764
2019-02-13 10:49:18 -08:00
Treehugger Robot
c7b5c4fa6b Merge "libfs_avb: adding two public APIs" 2019-02-13 03:07:37 +00:00
Tom Cherry
5272f9b017 Merge "Refactor fs_mgr_update_verity_state()" 2019-02-12 17:22:09 +00:00
Bowgo Tsai
cd316ea4a0 libfs_avb: adding two public APIs
The client can include <fs_avb/fs_avb_util.h> to use the two new
functions to load vbmeta for a FstabEntry and extract the hash tree
descriptor from the loaded vbmeta, respectively.

// Given a FstabEntry, loads and verifies the vbmeta.
std::unique_ptr<VBMetaData> LoadAndVerifyVbmeta(...);

// Gets the hashtree descriptor with avb_partition_name from the vbmeta.
std::unique_ptr<FsAvbHashtreeDescriptor> GetHashtreeDescriptor(...);

Bug: 65470881
Test: atest libfs_avb_test
Test: atest libfs_avb_internal_test
Test: atest libfs_avb_device_test
Change-Id: I7d6619eb8140c14734ffb8f8a1b22cddd2f562f0
2019-02-12 22:03:20 +08:00
Tom Cherry
d2ae1c91ed Merge "Remove logic to fake /system in overlayfs" 2019-02-12 01:04:21 +00:00
Tom Cherry
cf80b6d6e5 Refactor fs_mgr_update_verity_state()
fs_mgr_update_verity_state() has two callers with generally different
intentions.  One caller loops through all entries in the default fstab
to set partition.<mount_point>.verified properties.  The other caller
is only interested in whether or a specific mount point has verity
enabled.

Given this, we refactor fs_mgr_update_verity_state() to
fs_mgr_get_verity_mount_point() which takes a single FstabEntry and
returns the mount point used for the dm-verity device or an empty
option if verity is not enabled on that mount point.

Test: adb-remount-test.sh test on blueline
Change-Id: Ic7dd8390509e95b2931b21e544c919a544138864
2019-02-11 12:50:22 -08:00
Tom Cherry
6576e13995 Remove logic to fake /system in overlayfs
It is better to guarantee that a /system or / entry will be present in
first stage mount than it is to maintain the code to fake an entry if
its not present in the input fstab.

Test: adb-remount-test.sh on blueline
Change-Id: I8aa3e704903b8abf06b1c63be071913a9de58eb3
2019-02-08 16:25:24 -08:00
David Anderson
88045aef59 Enable metadata encryption for userdata_gsi.
Rather than constructing a userdata fstab entry from scratch, this patch
will modify the vendor fstab to preserve the desired encryption
properties and filesystem type.

Bug: 123906417
Test: manual test
Change-Id: I338715fc62628169e8eafbf4a3125e4aadf0ff15
2019-02-08 15:44:00 -08:00
Mark Salyzyn
60d5467bd8 fs_mgr: overlayfs: documentation: update kernel patch details
Confusion has occurred with respect to the kernel patch requirements,
added some clarity.

Corrected some spelling mistakes in other areas.

Test: inspect gitties and run spell
Bug: 118225373
Change-Id: I4ff9497aa5a584b20e9cb2028342aa4e7e4660c3
2019-02-08 11:49:05 -08:00
Mark Salyzyn
fab9f08ea5 fs_mgr: overlayfs: fs_mgr_overlay_setup true if already mounted
fs_mgr_overlayfs_setup return false second time around if all
are setup. It should report true if candidate list is all done.

Test: adb-remount-test.sh
Bug: 122602260
Change-Id: Ic9e16489e2c8ac4d3de91fcf8cfceedc23595e94
2019-02-06 15:35:45 -08:00
Mark Salyzyn
6d109ecba3 fs_mgr: overlayfs support legacy devices (marlin)
Expand the tests to deal with the boot environment for marlin.
Recognize that older overlayfs drivers do not report to /sys/module
and the parsing /proc/filesystem is another place to interrogate this.

Suppress adb push and pull noise during testing.  Resolve APEX
failures.  Add some cleanup to test script.

NB: Running test to completion is difficult because marlin's USB
    driver is flakey enough through the multitude of reboots and
    may not reconnect.  The tester will have to notice when a reboot
    is stalling and manually disconnect and reconnect the USB
    connection to trigger discovery and to continue through the
    test sequences.  To make this easier, report when we are
    waiting for the device to make it easier to babysit.

Test: system/core/fs_mgr/tests/adb-remount-test.sh
Bug: 120448575
Bug: 123079041
Change-Id: I5fc5f01b4e4788ac57541cb5235f7ac4e4284d71
2019-02-06 15:35:29 -08:00
Treehugger Robot
bece53e515 Merge "fs_mgr: fstab: logspam from empty flags" 2019-02-06 17:59:42 +00:00
Mark Salyzyn
c0d09a2603 fs_mgr: fstab: logspam from empty flags
If a flag is empty (eg: reading /proc/mounts), skip instead of
reporting "unknown flag: ". Do the same for "defaults".

Test: compile
Change-Id: Ibc3dc7154bbef4bb5dc6522d3226b6ca1e60ec24
2019-02-05 14:31:38 -08:00
Tom Cherry
7dec4fdd38 fs_mgr: Remove fs_mgr_flags #define's
These are no longer used but I missed them in the last CL.

Test: treehugger
Change-Id: Iea5235cf2d105c80a406f0ef020080859c0d2ff7
2019-02-05 13:04:21 -08:00
Tom Cherry
7303edd194 Merge "Remove old C fs_mgr interface" 2019-02-05 17:06:03 +00:00
Tom Cherry
685c2c7b1e Remove old C fs_mgr interface
Remove superfluous fs_mgr flags as well.

Bug: 62292478
Test: tree hugger, fs_mgr_unit_test
Change-Id: Ib307400941b46ca8bcb51d479668efd82fc3ed2d
2019-02-04 15:09:02 -08:00
Dan Shi
5c937a3a5d Move the tests to postsubmit group
The tests are failing on ToT.

Bug: 123852953
Test: None
Change-Id: I2e75c99d913f6954290aa9d6aada8797bf931977
2019-02-04 10:31:32 -08:00
Treehugger Robot
0ed7819d6a Merge "Restrict zram_writeback permission" 2019-02-02 03:31:38 +00:00
Wei Wang
aa25756426 Restrict zram_writeback permission
Bug: 74582279
Bug: 122659265
Test: Build
Change-Id: Iba610929bc02d7ee5a590f8ec5b440269dbc12f5
2019-02-01 11:57:00 -08:00