Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_vold / dd20dc3128b3c719b96a297865e986991352c67b^! / . / MetadataCrypt.cpp
commitdd20dc3128b3c719b96a297865e986991352c67b[log] [tgz]
authorfaqiang.zhu <faqiang.zhu@nxp.com>Mon Jul 19 12:27:37 2021 +0800
committerKeith Mok <keithmok@google.com>Wed Jan 04 21:06:00 2023 +0000
tree192b8810653e960f775521fe2f28ab4c02a148c5
parent0777c5d6048eb2f36a4cd80a1dd4240ff71fae17 [diff] [blame]
Do not reboot with commit failure when ext4 userdata is wiped

When userdata partition is the type of ext4, checkpoint and metadata
encryption are enabled, boot up the images, if the slot currently
in use is not marked as "successful" and userdata is wiped, a reboot
will be triggered because of "Checkpoint commit failed"

In this patch, do not create checkpoint when the preceding condition
occurs, otherwise "dm-default-key" sits below "dm-bow".

Because cp_needsCheckpoint(), cp_prepareCheckpoint() and cp_commitChanges()
are always executed when the system boots up, and now there is a condition
that BOW device is not created while the slot in use is not marked as
"successful", set "isBow" to be "false" if BOW state fails to be set to
1, if "isBow" is false, then there is no need to commit the checkpoint,
and the system won't automatically reboot.

Bug: 193457319
Test: i.MX 8M Plus EVK, images flashed to board, misc and userdata
      partitions are wiped, checkpoint and metadata encryption are
      enabled for ext4 userdata partition.
Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
Change-Id: I4ad47a9504f1be0407f0fd196001a0e96919be33

diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index 91a8d62..0396138 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp

@@ -95,7 +95,7 @@
     }
 }
 
-static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) {
+static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device, bool needs_encrypt) {
     // fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
     // partitions in the fsck domain.
     if (setexeccon(android::vold::sFsckContext)) {
@@ -104,7 +104,8 @@
     }
     auto mount_rc = fs_mgr_do_mount(&fstab_default, const_cast<char*>(mount_point),
                                     const_cast<char*>(blk_device), nullptr,
-                                    android::vold::cp_needsCheckpoint(), true);
+                                    needs_encrypt? false: android::vold::cp_needsCheckpoint(),
+                                    true);
     if (setexeccon(nullptr)) {
         PLOG(ERROR) << "Failed to clear setexeccon";
         return false;
@@ -350,7 +351,7 @@
     }
 
     LOG(DEBUG) << "Mounting metadata-encrypted filesystem:" << mount_point;
-    mount_via_fs_mgr(mount_point.c_str(), crypto_blkdev.c_str());
+    mount_via_fs_mgr(mount_point.c_str(), crypto_blkdev.c_str(), needs_encrypt);
 
     // Record that there's at least one fstab entry with metadata encryption
     if (!android::base::SetProperty("ro.crypto.metadata.enabled", "true")) {