1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "fs_avb/fs_avb_util.h"
18
19 #include <memory>
20 #include <string>
21 #include <vector>
22
23 #include <android-base/strings.h>
24 #include <fstab/fstab.h>
25 #include <libavb/libavb.h>
26 #include <libdm/dm.h>
27
28 #include "avb_util.h"
29 #include "util.h"
30
31 namespace android {
32 namespace fs_mgr {
33
34 // Given a FstabEntry, loads and verifies the vbmeta, to extract the Avb Hashtree descriptor.
LoadAndVerifyVbmeta(const FstabEntry & fstab_entry,const std::string & expected_public_key_blob,std::string * out_public_key_data,std::string * out_avb_partition_name,VBMetaVerifyResult * out_verify_result)35 std::unique_ptr<VBMetaData> LoadAndVerifyVbmeta(const FstabEntry& fstab_entry,
36 const std::string& expected_public_key_blob,
37 std::string* out_public_key_data,
38 std::string* out_avb_partition_name,
39 VBMetaVerifyResult* out_verify_result) {
40 // Derives partition_name from blk_device to query the corresponding AVB HASHTREE descriptor
41 // to setup dm-verity. The partition_names in AVB descriptors are without A/B suffix.
42 std::string avb_partition_name = DeriveAvbPartitionName(fstab_entry, fs_mgr_get_slot_suffix(),
43 fs_mgr_get_other_slot_suffix());
44 if (out_avb_partition_name) {
45 *out_avb_partition_name = avb_partition_name;
46 }
47
48 // Updates fstab_entry->blk_device from <partition> to /dev/block/dm-<N> if
49 // it's a logical partition.
50 std::string device_path = fstab_entry.blk_device;
51 if (fstab_entry.fs_mgr_flags.logical &&
52 !android::base::StartsWith(fstab_entry.blk_device, "/")) {
53 dm::DeviceMapper& dm = dm::DeviceMapper::Instance();
54 if (!dm.GetDmDevicePathByName(fstab_entry.blk_device, &device_path)) {
55 LERROR << "Failed to resolve logical device path for: " << fstab_entry.blk_device;
56 return nullptr;
57 }
58 }
59
60 return LoadAndVerifyVbmetaByPath(device_path, avb_partition_name, expected_public_key_blob,
61 true /* allow_verification_error */,
62 false /* rollback_protection */, false /* is_chained_vbmeta */,
63 out_public_key_data, nullptr /* out_verification_disabled */,
64 out_verify_result);
65 }
66
67 // Given a path, loads and verifies the vbmeta, to extract the Avb Hashtree descriptor.
GetHashtreeDescriptor(const std::string & avb_partition_name,VBMetaData && vbmeta)68 std::unique_ptr<FsAvbHashtreeDescriptor> GetHashtreeDescriptor(
69 const std::string& avb_partition_name, VBMetaData&& vbmeta) {
70 if (!vbmeta.size()) return nullptr;
71
72 std::vector<VBMetaData> vbmeta_images;
73 vbmeta_images.emplace_back(std::move(vbmeta));
74 return GetHashtreeDescriptor(avb_partition_name, vbmeta_images);
75 }
76
77 // Given a path, loads and verifies the vbmeta, to extract the Avb Hash descriptor.
GetHashDescriptor(const std::string & avb_partition_name,VBMetaData && vbmeta)78 std::unique_ptr<FsAvbHashDescriptor> GetHashDescriptor(const std::string& avb_partition_name,
79 VBMetaData&& vbmeta) {
80 if (!vbmeta.size()) return nullptr;
81
82 std::vector<VBMetaData> vbmeta_images;
83 vbmeta_images.emplace_back(std::move(vbmeta));
84 return GetHashDescriptor(avb_partition_name, vbmeta_images);
85 }
86
87 } // namespace fs_mgr
88 } // namespace android
89