1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <functional>
20 #include <memory>
21 #include <string>
22 #include <vector>
23 
24 #include <fs_avb/types.h>
25 #include <fstab/fstab.h>
26 #include <libavb/libavb.h>
27 
28 namespace android {
29 namespace fs_mgr {
30 
31 struct VBMetaInfo {
32     std::string digest;
33     HashAlgorithm hash_algorithm;
34     size_t total_size;
35 
VBMetaInfoVBMetaInfo36     VBMetaInfo() {}
37 
VBMetaInfoVBMetaInfo38     VBMetaInfo(std::string digest_value, HashAlgorithm algorithm, size_t size)
39         : digest(std::move(digest_value)), hash_algorithm(algorithm), total_size(size) {}
40 };
41 
42 class FsManagerAvbOps;
43 
44 class AvbHandle;
45 using AvbUniquePtr = std::unique_ptr<AvbHandle>;
46 
47 // Provides a factory method to return a unique_ptr pointing to itself and the
48 // SetUpAvbHashtree() function to extract dm-verity parameters from AVB HASHTREE
49 // descriptors to load verity table into kernel through ioctl.
50 class AvbHandle {
51   public:
52     // The factory methods to return a AvbUniquePtr that holds
53     // the verified AVB (external/avb) metadata of all verified partitions
54     // in vbmeta_images_.
55     //
56     // The metadata is checked against the following values from /proc/cmdline.
57     //   - androidboot.vbmeta.{hash_alg, size, digest}.
58     //
59     // A typical usage will be:
60     //   - AvbUniquePtr handle = AvbHandle::Open(); or
61     //   - AvbUniquePtr handle = AvbHandle::LoadAndVerifyVbmeta();
62     //
63     // Possible return values:
64     //   - nullptr: any error when reading and verifying the metadata,
65     //     e.g., I/O error, digest value mismatch, size mismatch, etc.
66     //
67     //   - a valid unique_ptr with status AvbHandleStatus::HashtreeDisabled:
68     //     to support the existing 'adb disable-verity' feature in Android.
69     //     It's very helpful for developers to make the filesystem writable to
70     //     allow replacing binaries on the device.
71     //
72     //   - a valid unique_ptr with status AvbHandleStatus::VerificationDisabled:
73     //     to support 'avbctl disable-verification': only the top-level
74     //     vbmeta is read, vbmeta structs in other partitions are not processed.
75     //     It's needed to bypass AVB when using the generic system.img to run
76     //     VTS for project Treble.
77     //
78     //   - a valid unique_ptr with status AvbHandleStatus::VerificationError:
79     //     there is verification error when libavb loads vbmeta from each
80     //     partition. This is only allowed when the device is unlocked.
81     //
82     //   - a valid unique_ptr with status AvbHandleStatus::Success: the metadata
83     //     is verified and can be trusted.
84     //
85     // TODO(bowgotsai): remove Open() and switch to LoadAndVerifyVbmeta().
86     static AvbUniquePtr Open();                 // loads inline vbmeta, via libavb.
87     static AvbUniquePtr LoadAndVerifyVbmeta();  // loads inline vbmeta.
88 
89     // The caller can specify optional preload_avb_key_blobs for public key matching.
90     // This is mostly for init to preload AVB keys before chroot into /system.
91     // Both preload_avb_key_blobs and fstab_entry.avb_keys (file paths) will be used
92     // for public key matching.
93     static AvbUniquePtr LoadAndVerifyVbmeta(  // loads offline vbmeta.
94             const FstabEntry& fstab_entry,
95             const std::vector<std::string>& preload_avb_key_blobs = {});
96 
97     static AvbUniquePtr LoadAndVerifyVbmeta(    // loads offline vbmeta.
98             const std::string& partition_name, const std::string& ab_suffix,
99             const std::string& ab_other_suffix, const std::string& expected_public_key,
100             const HashAlgorithm& hash_algorithm, bool allow_verification_error,
101             bool load_chained_vbmeta, bool rollback_protection,
102             std::function<std::string(const std::string&)> custom_device_path = nullptr);
103 
104     // Sets up dm-verity on the given fstab entry.
105     // The 'wait_for_verity_dev' parameter makes this function wait for the
106     // verity device to get created before return.
107     //
108     // Return value:
109     //   - kSuccess: successfully loads dm-verity table into kernel.
110     //   - kFailed: failed to setup dm-verity, e.g., vbmeta verification error,
111     //     failed to get the HASHTREE descriptor, runtime error when set up
112     //     device-mapper, etc.
113     //   - kDisabled: hashtree is disabled.
114     AvbHashtreeResult SetUpAvbHashtree(FstabEntry* fstab_entry, bool wait_for_verity_dev);
115 
116     // Similar to above, but loads the offline vbmeta from the end of fstab_entry->blk_device.
117     static AvbHashtreeResult SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry,
118                                                         bool wait_for_verity_dev = true);
119 
120     // Tear down dm devices created by SetUp[Standalone]AvbHashtree
121     // The 'wait' parameter makes this function wait for the verity device to get destroyed
122     // before return.
123     static bool TearDownAvbHashtree(FstabEntry* fstab_entry, bool wait);
124 
125     static bool IsDeviceUnlocked();
126 
127     std::string GetSecurityPatchLevel(const FstabEntry& fstab_entry) const;
128 
avb_version()129     const std::string& avb_version() const { return avb_version_; }
vbmeta_info()130     const VBMetaInfo& vbmeta_info() const { return vbmeta_info_; }
status()131     AvbHandleStatus status() const { return status_; }
132 
133     AvbHandle(const AvbHandle&) = delete;             // no copy
134     AvbHandle& operator=(const AvbHandle&) = delete;  // no assignment
135 
136     AvbHandle(AvbHandle&&) noexcept = delete;             // no move
137     AvbHandle& operator=(AvbHandle&&) noexcept = delete;  // no move assignment
138 
139   private:
AvbHandle()140     AvbHandle() : status_(AvbHandleStatus::kUninitialized) {}
141 
142     std::vector<VBMetaData> vbmeta_images_;
143     VBMetaInfo vbmeta_info_;  // A summary info for vbmeta_images_.
144     AvbHandleStatus status_;
145     std::string avb_version_;
146 };
147 
148 }  // namespace fs_mgr
149 }  // namespace android
150