update_verifier: Support AVB.

When using AVB, PRODUCT_SUPPORTS_VERITY is not set so check for BOARD_ENABLE_AVB as well. Also AVB sets up the root filesystem as 'vroot' so map that to 'system' since this is what is expected. Managed to test at least that the code is at least compiled in: $ fastboot --set-active=_a Setting current slot to 'a'... OKAY [ 0.023s] finished. total time: 0.023s $ fastboot reboot rebooting... finished. total time: 0.050s $ adb wait-for-device $ adb logcat |grep update_verifier 03-04 05:28:56.773 630 630 I /system/bin/update_verifier: Started with arg 1: nonencrypted 03-04 05:28:56.776 630 630 I /system/bin/update_verifier: Booting slot 0: isSlotMarkedSuccessful=0 03-04 05:28:56.776 630 630 W /system/bin/update_verifier: Failed to open /data/ota_package/care_map.txt: No such file or directory 03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Marked slot 0 as booted successfully. 03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Leaving update_verifier. Bug: 62464819 Test: Manually tested on device using AVB bootloader. Merged-In: I13c0fe1cc5d0f397e36f5e62fcc05c8dfee5fd85 Change-Id: I2834b17688053411e7b904e31df9c83bf904cd56
2017-05-08 13:41:28 -04:00
parent 3445b94c89
commit 336cbce252
4 changed files with 24 additions and 7 deletions
--- a/tests/Android.mk
+++ b/tests/Android.mk
@@ -92,6 +92,10 @@ ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true)
 LOCAL_CFLAGS += -DPRODUCT_SUPPORTS_VERITY=1
 endif

+ifeq ($(BOARD_AVB_ENABLE),true)
+LOCAL_CFLAGS += -DBOARD_AVB_ENABLE=1
+endif
+
 LOCAL_MODULE := recovery_component_test
 LOCAL_COMPATIBILITY_SUITE := device-tests
 LOCAL_C_INCLUDES := bootable/recovery
--- a/tests/component/update_verifier_test.cpp
+++ b/tests/component/update_verifier_test.cpp
@@ -24,7 +24,7 @@
 class UpdateVerifierTest : public ::testing::Test {
 protected:
  void SetUp() override {
-#ifdef PRODUCT_SUPPORTS_VERITY
+#if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE)
    verity_supported = true;
 #else
    verity_supported = false;
--- a/update_verifier/Android.mk
+++ b/update_verifier/Android.mk
@@ -39,6 +39,10 @@ ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true)
 LOCAL_CFLAGS += -DPRODUCT_SUPPORTS_VERITY=1
 endif

+ifeq ($(BOARD_AVB_ENABLE),true)
+LOCAL_CFLAGS += -DBOARD_AVB_ENABLE=1
+endif
+
 include $(BUILD_STATIC_LIBRARY)

 # update_verifier (executable)
--- a/update_verifier/update_verifier.cpp
+++ b/update_verifier/update_verifier.cpp
@@ -99,12 +99,21 @@ static bool read_blocks(const std::string& partition, const std::string& range_s
    std::string content;
    if (!android::base::ReadFileToString(path, &content)) {
      PLOG(WARNING) << "Failed to read " << path;
-    } else if (android::base::Trim(content) == partition) {
-      dm_block_device = DEV_PATH + std::string(namelist[n]->d_name);
-      while (n--) {
-        free(namelist[n]);
+    } else {
+      std::string dm_block_name = android::base::Trim(content);
+#ifdef BOARD_AVB_ENABLE
+      // AVB is using 'vroot' for the root block device but we're expecting 'system'.
+      if (dm_block_name == "vroot") {
+        dm_block_name = "system";
+      }
+#endif
+      if (dm_block_name == partition) {
+        dm_block_device = DEV_PATH + std::string(namelist[n]->d_name);
+        while (n--) {
+          free(namelist[n]);
+        }
+        break;
      }
-      break;
    }
    free(namelist[n]);
  }
@@ -229,7 +238,7 @@ int update_verifier(int argc, char** argv) {
  if (is_successful == BoolResult::FALSE) {
    // The current slot has not booted successfully.

-#ifdef PRODUCT_SUPPORTS_VERITY
+#if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE)
    std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", "");
    if (verity_mode.empty()) {
      LOG(ERROR) << "Failed to get dm-verity mode.";