diff options
author | Sami Tolvanen <samitolvanen@google.com> | 2015-10-20 13:23:19 +0100 |
---|---|---|
committer | Sami Tolvanen <samitolvanen@google.com> | 2015-10-20 13:54:27 +0100 |
commit | 83cda15b15269721aa4c5680af2fc33ffd30dfa3 (patch) | |
tree | 6fb6367436006001adc2fc09fc17729ef038d47e /libfec | |
parent | 78ca45c2bb2855243bd262581473b20c63f75460 (diff) | |
download | extras-83cda15b15269721aa4c5680af2fc33ffd30dfa3.tar.gz |
libfec: add a function to disable verity
Add fec_verity_set_status to allow disabling verity on userdebug
builds by updating metadata magic.
Change-Id: I02f83b0d1d4e7ef5cd5d13a37ff0b84f17e23376
Diffstat (limited to 'libfec')
-rw-r--r-- | libfec/fec_verity.cpp | 37 | ||||
-rw-r--r-- | libfec/include/fec/io.h | 6 |
2 files changed, 43 insertions, 0 deletions
diff --git a/libfec/fec_verity.cpp b/libfec/fec_verity.cpp index eaf56b4b..7537530b 100644 --- a/libfec/fec_verity.cpp +++ b/libfec/fec_verity.cpp @@ -602,3 +602,40 @@ int verity_parse_header(fec_handle *f, uint64_t offset) return 0; } + +int fec_verity_set_status(struct fec_handle *f, bool enabled) +{ + check(f); + + if (!(f->mode & O_RDWR)) { + error("cannot update verity magic: read-only handle"); + errno = EBADF; + return -1; + } + + verity_info *v = &f->verity; + + if (!v->metadata_start) { + error("cannot update verity magic: no metadata found"); + errno = EINVAL; + return -1; + } + + if (v->disabled == !enabled) { + return 0; /* nothing to do */ + } + + uint32_t magic = enabled ? VERITY_MAGIC : VERITY_MAGIC_DISABLE; + + if (!raw_pwrite(f, &magic, sizeof(magic), v->metadata_start)) { + error("failed to update verity magic to %08x: %s", magic, + strerror(errno)); + return -1; + } + + warn("updated verity magic to %08x (%s)", magic, + enabled ? "enabled" : "disabled"); + v->disabled = !enabled; + + return 0; +} diff --git a/libfec/include/fec/io.h b/libfec/include/fec/io.h index 5a9decb5..1a077f32 100644 --- a/libfec/include/fec/io.h +++ b/libfec/include/fec/io.h @@ -90,6 +90,8 @@ extern int fec_open(struct fec_handle **f, const char *path, int mode, extern int fec_close(struct fec_handle *f); +extern int fec_verity_set_status(struct fec_handle *f, bool enabled); + extern int fec_verity_get_metadata(struct fec_handle *f, struct fec_verity_metadata *data); @@ -177,6 +179,10 @@ namespace fec { return get_ecc_metadata(data) && data.valid; } + bool set_verity_status(bool enabled) { + return !fec_verity_set_status(handle_.get(), enabled); + } + private: handle handle_; }; |