fs_mgr_update_verity_state() has two callers with generally different
intentions. One caller loops through all entries in the default fstab
to set partition.<mount_point>.verified properties. The other caller
is only interested in whether or a specific mount point has verity
enabled.
Given this, we refactor fs_mgr_update_verity_state() to
fs_mgr_get_verity_mount_point() which takes a single FstabEntry and
returns the mount point used for the dm-verity device or an empty
option if verity is not enabled on that mount point.
Test: adb-remount-test.sh test on blueline
Change-Id: Ic7dd8390509e95b2931b21e544c919a544138864
It is better to guarantee that a /system or / entry will be present in
first stage mount than it is to maintain the code to fake an entry if
its not present in the input fstab.
Test: adb-remount-test.sh on blueline
Change-Id: I8aa3e704903b8abf06b1c63be071913a9de58eb3
Confusion has occurred with respect to the kernel patch requirements,
added some clarity.
Corrected some spelling mistakes in other areas.
Test: inspect gitties and run spell
Bug: 118225373
Change-Id: I4ff9497aa5a584b20e9cb2028342aa4e7e4660c3
fs_mgr_overlayfs_setup return false second time around if all
are setup. It should report true if candidate list is all done.
Test: adb-remount-test.sh
Bug: 122602260
Change-Id: Ic9e16489e2c8ac4d3de91fcf8cfceedc23595e94
Expand the tests to deal with the boot environment for marlin.
Recognize that older overlayfs drivers do not report to /sys/module
and the parsing /proc/filesystem is another place to interrogate this.
Suppress adb push and pull noise during testing. Resolve APEX
failures. Add some cleanup to test script.
NB: Running test to completion is difficult because marlin's USB
driver is flakey enough through the multitude of reboots and
may not reconnect. The tester will have to notice when a reboot
is stalling and manually disconnect and reconnect the USB
connection to trigger discovery and to continue through the
test sequences. To make this easier, report when we are
waiting for the device to make it easier to babysit.
Test: system/core/fs_mgr/tests/adb-remount-test.sh
Bug: 120448575
Bug: 123079041
Change-Id: I5fc5f01b4e4788ac57541cb5235f7ac4e4284d71
If a flag is empty (eg: reading /proc/mounts), skip instead of
reporting "unknown flag: ". Do the same for "defaults".
Test: compile
Change-Id: Ibc3dc7154bbef4bb5dc6522d3226b6ca1e60ec24
This allows the client to get the public key data without need to
provide the expected key data to load vbmeta. Then do the comparison by
themselves, to allow "key rotation".
Bug: 65470881
Test: atest libfs_avb_test
Test: atest libfs_avb_internal_test
Test: boot a device
Change-Id: Icd4e317c2f79cd35e46cdd14f858575ee692facd
Enables performance testing with very large numbers of dm-linear devices
Test: Can create device with 16384 extents, and can get its table
Bug: 123261135
Change-Id: I0e78a659eb7616e4db6a8276031e25a0d84f52ba
Background:
We now have two sets of Bionic: the bootstrap Bionic which is at
/system/{lib|bin}/bootstrap for early processes and the default Bionic
which is from the runtime APEX for all the others. In order to give the
same path for Bionic to both categories of processes, the init prepares
two mount namespaces and bind-mount appropriate Bionic files onto the
common mount points under /bionic. For example,
/system/bin/bootstrap/linker is bind-mounted to /bionic/bin/linker for
the early processes. Likewise, /apex/com.android.runtime/bin/linker is
bind-mounted to the same path for rest of the processes.
In addition, in order not to propagate mount events in one mount
namespace to the other namespace, /bionic itself is created as a mount
namespace (via self bind-mount) and its propagation type is set to
private.
Changes required:
This however requires some adjustments to adb sync and remount
mechanism.
For remounting, /bionic path should also be re-mounted for RW, because
it is a RO mount in the beginning. This remounting is done only for the
system-as-root devices where entire / can be re-mounted as RW.
For synching, the sync thread creates a temporary mount namespace where
there is no bind-mount. This ensures that a path that the thread handles
is pointing to the correct file that is expected from the client side.
In addition, push operation to /bionic path is done without unlinking.
This is required because the mount points under /bionic are gone in the
current mount namespace but are still active in other mount namespaces.
If unlinked, the existing mounts on the path are all silently removed.
In order to prevent the unwanted situation, the moint points are not
unlinked but truncated to 0. This however is not a significant problem
because the files that serve as mount points do not carry any
useful information (i.e. the content is meaningless).
Bug: 879416
Test: adb sync
adb push <random_file> /bionic/bin/linker64
adb push <random_file> /system/bin/bootstrap/bin/linker64
system/core/fs_mgr/tests/adb-remount-test.sh
Change-Id: Id87dc9ee7ec5c43d06b54969b55e2cb394329317
Particularly, capitulate that GetEntryForMountPoint() would be cleaner
than std::find_if() and update the rest of system/core to use it.
Test: build
Change-Id: I982b5a8552d44852d3ab22c20db83afcd4dd652b
We no longer use these methods since they require write access to the
userdata block device. This patch removes them to simplify FiemapWriter,
and avoid opening userdata with write permissions.
Bug: 122556707
Test: fiemap_writer_test gtest
Change-Id: I0091eb5ff92253533c67c89b0059c34953aae211
The following static function has been added into class AvbHandle to
support loading the AVB hashtree descriptor to enable dm-verity for
a FstabEntry.
static AvbHashtreeResult SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry);
Bug: 112103720
Bug: 117960205
Test: atest libfs_avb_test
Test: atest libfs_avb_internal_test
Test: Add /system/etc/system_other.avbpubkey, then add
avb_key=/system/etc/system_other.avbpubkey into /system/etc/fstab.postinstall.
factory reset, boot a device and checks that system_other is
mounted with verity (see the serial log below)
Serial log:
-----------
init: [libfs_avb]Built verity table: '1 /dev/block/by-name/system_a
/dev/block/by-name/system_a 4096 4096 8521
8521 sha1 895ba03023a35172b393429fadad9ee228b39203
3405d16fec2cd12ad9e6b36d3bc983e1e83b5e09 10 use_fec_from_device
/dev/block/by-name/system_a fec_roots 2 fec_blocks 8589 fec_start 8589
restart_on_corruption ignore_zero_blocks'
init: [libfs_mgr]superblock s_max_mnt_count:65535,/dev/block/dm-7
init: [libfs_mgr]__mount(source=/dev/block/dm-7,target=/postinstall,type=ext4)=0:
Success
Change-Id: Ie339a43ff9c6a7d170e12ef466df666b98ddec19
And deprecate one more old style function that is not used after this
change.
Test: boot, disable and enable verity
Change-Id: Id509f479850120352b4ea4dc3b6c40f6e8e2e53e
Previously information from the fstab was needed for this test, but
that's not longer the case, so skip reading the fstab altogether.
Test: build
Change-Id: I3989c62e19ae2d8606f2bc3a617f9cc3da0e5a6f
New code should be using the new Fstab class, so remove these older
functions that don't have current users.
Test: build
Change-Id: I3ba2b12b838b4b46979963869939fd4b65264738
* changes:
fs_mgr: test parsing all mount and fs mgr options
fs_mgr: convert parse_flags over to C++
fs_mgr: store file_contents_mode and file_names_mode directly
Fixes a bug where verify= and a path is not respected.
Keeps the default value of -1 for swap_prio, zram_size, and the vold
managed partition number in the case of not being able to parse their
values.
Test: fs_mgr unit tests, boot
Change-Id: I41bd92a7a2f9165d62134704cb7a1209d76a2071
It doesn't really make sense to have extra logic to convert these
strings to enums then back again to strings for usage, especially
since with the C++ fstab, these strings are small enough to fall into
the small string optimization of std::string.
This will help make future changes cleaner as well.
Test: boot, fs_mgr_test
Change-Id: I5669ed10f2fc3eafdb137747446a2e93c24d55c4
Since we are moving the fstab from DT into the ramdisk fstab, the
logging from ReadFstabFromDt when reading the default fstab is
turning into logging noise.
Test: compile
Bug: 122602260
Change-Id: Icba0962c13d701afce2dc7c4f23712dd47ea0100
This commits adds the following two public functions into
class AvbHandle, and verified by 'libfs_avb_test':
static AvbUniquePtr LoadAndVerifyVbmeta(); // loads inline vbmeta.
static AvbUniquePtr LoadAndVerifyVbmeta( // loads offline vbmeta.
const std::string& partition_name, const std::string& ab_suffix,
const std::string& ab_other_suffix, const std::string& expected_public_key,
const HashAlgorithm& hash_algorithm, bool allow_verification_error,
bool load_chained_vbmeta, bool rollback_protection,
std::function<std::string(const std::string&)> custom_device_path = nullptr);
The first function LoadAndVerifyVbmeta() will be used to replace Open(),
in a separate CL in the future. Many libfs_avb internal utils are added
into avb_util.cpp as well, which are verified by
'libfs_avb_internal_test'.
Bug: 112103720
Bug: 117960205
Test: atest libfs_avb_test
Test: atest libfs_avb_internal_test
Change-Id: I807b8af0b69c9a4511f6f120e9754aca5442830e
liblp treats the term "block size" ambiguously when it compares the logical
hardware block size with the file system block size (which for all
intents and purposes must be 4K). This warning is thus spurious on
devices with say a 512 logical block size. However, liblp's block size
should at least be a multiple of this, so change the check accordingly.
Bug: 123317012
Test: liblp_test gtest
Change-Id: I0f41f6bae60a512ab8d313e487c28606daa661a6