diff options
author | David Anderson <dvander@google.com> | 2022-02-01 23:35:56 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-02-01 23:35:56 +0000 |
commit | 9e0485ac4cf0bc718851ee63a7930fcccb09deb7 (patch) | |
tree | 271233d42dd233a52b74f50a1d6b990be2e4df9a | |
parent | 49a9dc86ac141d7f30490cf8b2edd63670c9198d (diff) | |
parent | 7e0bf7819a5fbfafdf8474102c791d42881a3331 (diff) | |
download | gsid-9e0485ac4cf0bc718851ee63a7930fcccb09deb7.tar.gz |
Merge "gsid: Add a command-line option for verifying image maps." am: ec15716ea6 am: b5d23a7e05 am: 87bf40315a am: 7e0bf7819a
Original change: https://android-review.googlesource.com/c/platform/system/gsid/+/1942173
Change-Id: Ib8e6e6d22b4c4d5bf9f72a6aa47f19f627eca43f
-rw-r--r-- | daemon.cpp | 3 | ||||
-rw-r--r-- | gsi_service.cpp | 23 | ||||
-rw-r--r-- | gsi_service.h | 1 |
3 files changed, 27 insertions, 0 deletions
@@ -59,6 +59,9 @@ int main(int argc, char** argv) { } else if (argv[1] == "dump-device-mapper"s) { int rc = DumpDeviceMapper(); exit(rc); + } else if (argv[1] == "verify-image-maps"s) { + android::gsi::GsiService::VerifyImageMaps(); + exit(0); } } diff --git a/gsi_service.cpp b/gsi_service.cpp index 4d30a69..c7b3a28 100644 --- a/gsi_service.cpp +++ b/gsi_service.cpp @@ -36,6 +36,7 @@ #include <android/os/IVold.h> #include <binder/IServiceManager.h> #include <binder/LazyServiceRegistrar.h> +#include <cutils/android_reboot.h> #include <ext4_utils/ext4_utils.h> #include <fs_mgr.h> #include <libavb/libavb.h> @@ -1109,6 +1110,28 @@ void GsiService::RunStartupTasks() { } } +void GsiService::VerifyImageMaps() { + std::vector<std::pair<std::string, std::string>> paths = { + {"/metadata/gsi/remount", "/data/gsi/remount"}, + {"/metadata/gsi/ota", "/data/gsi/ota"}, + }; + + for (const auto& [metadata_dir, data_dir] : paths) { + auto impl = ImageManager::Open(metadata_dir, data_dir); + if (!impl) { + LOG(ERROR) << "Could not open ImageManager for " << metadata_dir << " and " << data_dir; + continue; + } + if (!impl->ValidateImageMaps()) { + LOG(ERROR) << "ImageManager for " << metadata_dir + << " failed validation, device data is at risk. Rebooting."; + android::base::SetProperty(ANDROID_RB_PROPERTY, "reboot,fastboot"); + continue; + } + LOG(INFO) << "ImageManager verification passed for " << metadata_dir; + } +} + static bool GetAvbPublicKeyFromFd(int fd, AvbPublicKey* dst) { // Read the AVB footer from EOF. int64_t total_size = get_block_device_size(fd); diff --git a/gsi_service.h b/gsi_service.h index 95f1537..0ec7620 100644 --- a/gsi_service.h +++ b/gsi_service.h @@ -80,6 +80,7 @@ class GsiService : public BinderService<GsiService>, public BnGsiService { bool should_abort() const { return should_abort_; } static void RunStartupTasks(); + static void VerifyImageMaps(); static std::string GetInstalledImageDir(); std::string GetActiveDsuSlot(); std::string GetActiveInstalledImageDir(); |