Refactor fs_mgr_update_verity_state()
fs_mgr_update_verity_state() has two callers with generally different
intentions. One caller loops through all entries in the default fstab
to set partition.<mount_point>.verified properties. The other caller
is only interested in whether or a specific mount point has verity
enabled.
Given this, we refactor fs_mgr_update_verity_state() to
fs_mgr_get_verity_mount_point() which takes a single FstabEntry and
returns the mount point used for the dm-verity device or an empty
option if verity is not enabled on that mount point.
Test: adb-remount-test.sh test on blueline
Change-Id: Ic7dd8390509e95b2931b21e544c919a544138864
diff --git a/init/builtins.cpp b/init/builtins.cpp
index c8ceb0c..538ed00 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -75,6 +75,7 @@
using namespace std::literals::string_literals;
+using android::base::Basename;
using android::base::unique_fd;
using android::fs_mgr::Fstab;
using android::fs_mgr::ReadFstabFromFile;
@@ -749,11 +750,27 @@
}
static Result<Success> do_verity_update_state(const BuiltinArguments& args) {
- if (!fs_mgr_update_verity_state([](const std::string& mount_point, int mode) {
- property_set("partition." + mount_point + ".verified", std::to_string(mode));
- })) {
- return Error() << "fs_mgr_update_verity_state() failed";
+ int mode;
+ if (!fs_mgr_load_verity_state(&mode)) {
+ return Error() << "fs_mgr_load_verity_state() failed";
}
+
+ Fstab fstab;
+ if (!ReadDefaultFstab(&fstab)) {
+ return Error() << "Failed to read default fstab";
+ }
+
+ for (const auto& entry : fstab) {
+ if (!fs_mgr_is_verity_enabled(entry)) {
+ continue;
+ }
+
+ // To be consistent in vboot 1.0 and vboot 2.0 (AVB), use "system" for the partition even
+ // for system as root, so it has property [partition.system.verified].
+ std::string partition = entry.mount_point == "/" ? "system" : Basename(entry.mount_point);
+ property_set("partition." + partition + ".verified", std::to_string(mode));
+ }
+
return Success();
}