dmctl: add report of IMA
This adds an option "ima" in dmctl.
$ dmctl ima product-verity
Targets in the device-mapper table for product-verity:
0-7463768: verity, target_name=verity,target_version=1.9.0,hash_failed=V,verity_version=1,data_device_name=254:4,hash_device_name=254:4,verity_algorithm=sha256,root_digest=d7af9fcb04d184219ba5477b97bb2bbc89fd23a46e03d1dea31d674cc4934769,salt=19d4f2345adfc8b7cc22a3c2f21dd413e5020fc7920a08a33f46f3c61492dfcc,ignore_zero_blocks=y,check_at_most_once=n,verity_mode=restart_on_corruption;
Change-Id: I057970b6c786b3f9a394b4919f5f5115b27cbc08
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
diff --git a/fs_mgr/libdm/dm.cpp b/fs_mgr/libdm/dm.cpp
index e261aa3..fee67fdf 100644
--- a/fs_mgr/libdm/dm.cpp
+++ b/fs_mgr/libdm/dm.cpp
@@ -39,6 +39,9 @@
#ifndef DM_DEFERRED_REMOVE
#define DM_DEFERRED_REMOVE (1 << 17)
#endif
+#ifndef DM_IMA_MEASUREMENT_FLAG
+#define DM_IMA_MEASUREMENT_FLAG (1 << 19)
+#endif
namespace android {
namespace dm {
@@ -540,6 +543,10 @@
return GetTable(name, 0, table);
}
+bool DeviceMapper::GetTableStatusIma(const std::string& name, std::vector<TargetInfo>* table) {
+ return GetTable(name, DM_IMA_MEASUREMENT_FLAG, table);
+}
+
bool DeviceMapper::GetTableInfo(const std::string& name, std::vector<TargetInfo>* table) {
return GetTable(name, DM_STATUS_TABLE_FLAG, table);
}
diff --git a/fs_mgr/libdm/include/libdm/dm.h b/fs_mgr/libdm/include/libdm/dm.h
index 22c475f..fa97653 100644
--- a/fs_mgr/libdm/include/libdm/dm.h
+++ b/fs_mgr/libdm/include/libdm/dm.h
@@ -78,6 +78,7 @@
virtual bool LoadTable(const std::string& name, const DmTable& table) = 0;
virtual bool GetTableInfo(const std::string& name, std::vector<TargetInfo>* table) = 0;
virtual bool GetTableStatus(const std::string& name, std::vector<TargetInfo>* table) = 0;
+ virtual bool GetTableStatusIma(const std::string& name, std::vector<TargetInfo>* table) = 0;
virtual bool GetDmDevicePathByName(const std::string& name, std::string* path) = 0;
virtual bool GetDeviceString(const std::string& name, std::string* dev) = 0;
virtual bool DeleteDeviceIfExists(const std::string& name) = 0;
@@ -267,6 +268,12 @@
// false.
bool GetTableStatus(const std::string& name, std::vector<TargetInfo>* table) override;
+ // Query the status of a table, given a device name. The output vector will
+ // contain IMA TargetInfo for each target in the table. If the device does
+ // not exist, or there were too many targets, the call will fail and return
+ // false.
+ bool GetTableStatusIma(const std::string& name, std::vector<TargetInfo>* table) override;
+
// Identical to GetTableStatus, except also retrives the active table for the device
// mapper device from the kernel.
bool GetTableInfo(const std::string& name, std::vector<TargetInfo>* table) override;
diff --git a/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h b/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h
index 5e9f049..90813fe 100644
--- a/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h
+++ b/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h
@@ -155,6 +155,9 @@
virtual bool GetTableStatus(const std::string& name, std::vector<TargetInfo>* table) {
return impl_.GetTableStatus(name, table);
}
+ virtual bool GetTableStatusIma(const std::string& name, std::vector<TargetInfo>* table) {
+ return impl_.GetTableStatusIma(name, table);
+ }
virtual bool GetDmDevicePathByName(const std::string& name, std::string* path) {
return impl_.GetDmDevicePathByName(name, path);
}
diff --git a/fs_mgr/tools/dmctl.cpp b/fs_mgr/tools/dmctl.cpp
index 7273087..5d5c650 100644
--- a/fs_mgr/tools/dmctl.cpp
+++ b/fs_mgr/tools/dmctl.cpp
@@ -52,6 +52,7 @@
std::cerr << " list <devices | targets> [-v]" << std::endl;
std::cerr << " getpath <dm-name>" << std::endl;
std::cerr << " getuuid <dm-name>" << std::endl;
+ std::cerr << " ima <dm-name>" << std::endl;
std::cerr << " info <dm-name>" << std::endl;
std::cerr << " replace <dm-name> <targets...>" << std::endl;
std::cerr << " status <dm-name>" << std::endl;
@@ -493,7 +494,14 @@
<< std::endl;
return -EINVAL;
}
+ } else if (mode == "ima") {
+ if (!dm.GetTableStatusIma(argv[0], &table)) {
+ std::cerr << "Could not query table status of device \"" << argv[0] << "\"."
+ << std::endl;
+ return -EINVAL;
+ }
}
+
std::cout << "Targets in the device-mapper table for " << argv[0] << ":" << std::endl;
for (const auto& target : table) {
std::cout << target.spec.sector_start << "-"
@@ -515,6 +523,10 @@
return DumpTable("status", argc, argv);
}
+static int ImaCmdHandler(int argc, char** argv) {
+ return DumpTable("ima", argc, argv);
+}
+
static int ResumeCmdHandler(int argc, char** argv) {
if (argc != 1) {
std::cerr << "Invalid arguments, see \'dmctl help\'" << std::endl;
@@ -555,6 +567,7 @@
{"info", InfoCmdHandler},
{"table", TableCmdHandler},
{"status", StatusCmdHandler},
+ {"ima", ImaCmdHandler},
{"resume", ResumeCmdHandler},
{"suspend", SuspendCmdHandler},
// clang-format on