Merge "gsid: Add a command-line option for verifying image maps." am: ec15716ea6 am: b5d23a7e05 am: 87bf40315a am: 7e0bf7819a

Original change: https://android-review.googlesource.com/c/platform/system/gsid/+/1942173 Change-Id: Ib8e6e6d22b4c4d5bf9f72a6aa47f19f627eca43f
author: David Anderson <dvander@google.com> 2022-02-01 23:35:56 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2022-02-01 23:35:56 +0000
commit: 9e0485ac4cf0bc718851ee63a7930fcccb09deb7 (patch)
tree: 271233d42dd233a52b74f50a1d6b990be2e4df9a
parent: 49a9dc86ac141d7f30490cf8b2edd63670c9198d (diff)
parent: 7e0bf7819a5fbfafdf8474102c791d42881a3331 (diff)
download: gsid-9e0485ac4cf0bc718851ee63a7930fcccb09deb7.tar.gz
3 files changed, 27 insertions, 0 deletions
diff --git a/daemon.cpp b/daemon.cpp
index a1ee809..2123599 100644
--- a/daemon.cpp
+++ b/daemon.cpp
@@ -59,6 +59,9 @@ int main(int argc, char** argv) {
         } else if (argv[1] == "dump-device-mapper"s) {
             int rc = DumpDeviceMapper();
             exit(rc);
+        } else if (argv[1] == "verify-image-maps"s) {
+            android::gsi::GsiService::VerifyImageMaps();
+            exit(0);
         }
     }
 
diff --git a/gsi_service.cpp b/gsi_service.cpp
index 4d30a69..c7b3a28 100644
--- a/gsi_service.cpp
+++ b/gsi_service.cpp
@@ -36,6 +36,7 @@
 #include <android/os/IVold.h>
 #include <binder/IServiceManager.h>
 #include <binder/LazyServiceRegistrar.h>
+#include <cutils/android_reboot.h>
 #include <ext4_utils/ext4_utils.h>
 #include <fs_mgr.h>
 #include <libavb/libavb.h>
@@ -1109,6 +1110,28 @@ void GsiService::RunStartupTasks() {
     }
 }
 
+void GsiService::VerifyImageMaps() {
+    std::vector<std::pair<std::string, std::string>> paths = {
+            {"/metadata/gsi/remount", "/data/gsi/remount"},
+            {"/metadata/gsi/ota", "/data/gsi/ota"},
+    };
+
+    for (const auto& [metadata_dir, data_dir] : paths) {
+        auto impl = ImageManager::Open(metadata_dir, data_dir);
+        if (!impl) {
+            LOG(ERROR) << "Could not open ImageManager for " << metadata_dir << " and " << data_dir;
+            continue;
+        }
+        if (!impl->ValidateImageMaps()) {
+            LOG(ERROR) << "ImageManager for " << metadata_dir
+                       << " failed validation, device data is at risk. Rebooting.";
+            android::base::SetProperty(ANDROID_RB_PROPERTY, "reboot,fastboot");
+            continue;
+        }
+        LOG(INFO) << "ImageManager verification passed for " << metadata_dir;
+    }
+}
+
 static bool GetAvbPublicKeyFromFd(int fd, AvbPublicKey* dst) {
     // Read the AVB footer from EOF.
     int64_t total_size = get_block_device_size(fd);
diff --git a/gsi_service.h b/gsi_service.h
index 95f1537..0ec7620 100644
--- a/gsi_service.h
+++ b/gsi_service.h
@@ -80,6 +80,7 @@ class GsiService : public BinderService<GsiService>, public BnGsiService {
     bool should_abort() const { return should_abort_; }
 
     static void RunStartupTasks();
+    static void VerifyImageMaps();
     static std::string GetInstalledImageDir();
     std::string GetActiveDsuSlot();
     std::string GetActiveInstalledImageDir();
author	David Anderson <dvander@google.com>	2022-02-01 23:35:56 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-02-01 23:35:56 +0000
commit	9e0485ac4cf0bc718851ee63a7930fcccb09deb7 (patch)
tree	271233d42dd233a52b74f50a1d6b990be2e4df9a
parent	49a9dc86ac141d7f30490cf8b2edd63670c9198d (diff)
parent	7e0bf7819a5fbfafdf8474102c791d42881a3331 (diff)
download	gsid-9e0485ac4cf0bc718851ee63a7930fcccb09deb7.tar.gz