1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <functional> 20 #include <memory> 21 #include <string> 22 #include <vector> 23 24 #include <fs_avb/types.h> 25 #include <fstab/fstab.h> 26 #include <libavb/libavb.h> 27 28 namespace android { 29 namespace fs_mgr { 30 31 struct VBMetaInfo { 32 std::string digest; 33 HashAlgorithm hash_algorithm; 34 size_t total_size; 35 VBMetaInfoVBMetaInfo36 VBMetaInfo() {} 37 VBMetaInfoVBMetaInfo38 VBMetaInfo(std::string digest_value, HashAlgorithm algorithm, size_t size) 39 : digest(std::move(digest_value)), hash_algorithm(algorithm), total_size(size) {} 40 }; 41 42 class FsManagerAvbOps; 43 44 class AvbHandle; 45 using AvbUniquePtr = std::unique_ptr<AvbHandle>; 46 47 // Provides a factory method to return a unique_ptr pointing to itself and the 48 // SetUpAvbHashtree() function to extract dm-verity parameters from AVB HASHTREE 49 // descriptors to load verity table into kernel through ioctl. 50 class AvbHandle { 51 public: 52 // The factory methods to return a AvbUniquePtr that holds 53 // the verified AVB (external/avb) metadata of all verified partitions 54 // in vbmeta_images_. 55 // 56 // The metadata is checked against the following values from /proc/cmdline. 57 // - androidboot.vbmeta.{hash_alg, size, digest}. 58 // 59 // A typical usage will be: 60 // - AvbUniquePtr handle = AvbHandle::Open(); or 61 // - AvbUniquePtr handle = AvbHandle::LoadAndVerifyVbmeta(); 62 // 63 // Possible return values: 64 // - nullptr: any error when reading and verifying the metadata, 65 // e.g., I/O error, digest value mismatch, size mismatch, etc. 66 // 67 // - a valid unique_ptr with status AvbHandleStatus::HashtreeDisabled: 68 // to support the existing 'adb disable-verity' feature in Android. 69 // It's very helpful for developers to make the filesystem writable to 70 // allow replacing binaries on the device. 71 // 72 // - a valid unique_ptr with status AvbHandleStatus::VerificationDisabled: 73 // to support 'avbctl disable-verification': only the top-level 74 // vbmeta is read, vbmeta structs in other partitions are not processed. 75 // It's needed to bypass AVB when using the generic system.img to run 76 // VTS for project Treble. 77 // 78 // - a valid unique_ptr with status AvbHandleStatus::VerificationError: 79 // there is verification error when libavb loads vbmeta from each 80 // partition. This is only allowed when the device is unlocked. 81 // 82 // - a valid unique_ptr with status AvbHandleStatus::Success: the metadata 83 // is verified and can be trusted. 84 // 85 // TODO(bowgotsai): remove Open() and switch to LoadAndVerifyVbmeta(). 86 static AvbUniquePtr Open(); // loads inline vbmeta, via libavb. 87 static AvbUniquePtr LoadAndVerifyVbmeta(); // loads inline vbmeta. 88 static AvbUniquePtr LoadAndVerifyVbmeta( 89 const FstabEntry& fstab_entry); // loads offline vbmeta. 90 static AvbUniquePtr LoadAndVerifyVbmeta( // loads offline vbmeta. 91 const std::string& partition_name, const std::string& ab_suffix, 92 const std::string& ab_other_suffix, const std::string& expected_public_key, 93 const HashAlgorithm& hash_algorithm, bool allow_verification_error, 94 bool load_chained_vbmeta, bool rollback_protection, 95 std::function<std::string(const std::string&)> custom_device_path = nullptr); 96 97 // Sets up dm-verity on the given fstab entry. 98 // The 'wait_for_verity_dev' parameter makes this function wait for the 99 // verity device to get created before return. 100 // 101 // Return value: 102 // - kSuccess: successfully loads dm-verity table into kernel. 103 // - kFailed: failed to setup dm-verity, e.g., vbmeta verification error, 104 // failed to get the HASHTREE descriptor, runtime error when set up 105 // device-mapper, etc. 106 // - kDisabled: hashtree is disabled. 107 AvbHashtreeResult SetUpAvbHashtree(FstabEntry* fstab_entry, bool wait_for_verity_dev); 108 109 // Similar to above, but loads the offline vbmeta from the end of fstab_entry->blk_device. 110 static AvbHashtreeResult SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry, 111 bool wait_for_verity_dev = true); 112 113 // Tear down dm devices created by SetUp[Standalone]AvbHashtree 114 // The 'wait' parameter makes this function wait for the verity device to get destroyed 115 // before return. 116 static bool TearDownAvbHashtree(FstabEntry* fstab_entry, bool wait); 117 118 static bool IsDeviceUnlocked(); 119 120 std::string GetSecurityPatchLevel(const FstabEntry& fstab_entry) const; 121 avb_version()122 const std::string& avb_version() const { return avb_version_; } vbmeta_info()123 const VBMetaInfo& vbmeta_info() const { return vbmeta_info_; } status()124 AvbHandleStatus status() const { return status_; } 125 126 AvbHandle(const AvbHandle&) = delete; // no copy 127 AvbHandle& operator=(const AvbHandle&) = delete; // no assignment 128 129 AvbHandle(AvbHandle&&) noexcept = delete; // no move 130 AvbHandle& operator=(AvbHandle&&) noexcept = delete; // no move assignment 131 132 private: AvbHandle()133 AvbHandle() : status_(AvbHandleStatus::kUninitialized) {} 134 135 std::vector<VBMetaData> vbmeta_images_; 136 VBMetaInfo vbmeta_info_; // A summary info for vbmeta_images_. 137 AvbHandleStatus status_; 138 std::string avb_version_; 139 }; 140 141 } // namespace fs_mgr 142 } // namespace android 143