• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <ostream>
20 #include <string>
21 #include <vector>
22 
23 #include <fstab/fstab.h>
24 #include <libavb/libavb.h>
25 #include <libdm/dm.h>
26 
27 #include "fs_avb/types.h"
28 
29 namespace android {
30 namespace fs_mgr {
31 
32 struct ChainInfo {
33     std::string partition_name;
34     std::string public_key_blob;
35 
ChainInfoChainInfo36     ChainInfo(const std::string& chain_partition_name, const std::string& chain_public_key_blob)
37         : partition_name(chain_partition_name), public_key_blob(chain_public_key_blob) {}
38 };
39 
40 std::string GetAvbPropertyDescriptor(const std::string& key,
41                                      const std::vector<VBMetaData>& vbmeta_images);
42 
43 // AvbHashtreeDescriptor to dm-verity table setup.
44 std::unique_ptr<FsAvbHashtreeDescriptor> GetHashtreeDescriptor(
45         const std::string& partition_name, const std::vector<VBMetaData>& vbmeta_images);
46 
47 bool ConstructVerityTable(const FsAvbHashtreeDescriptor& hashtree_desc,
48                           const std::string& blk_device, android::dm::DmTable* table);
49 
50 bool HashtreeDmVeritySetup(FstabEntry* fstab_entry, const FsAvbHashtreeDescriptor& hashtree_desc,
51                            bool wait_for_verity_dev);
52 
53 // Searches a Avb hashtree descriptor in vbmeta_images for fstab_entry, to enable dm-verity.
54 bool LoadAvbHashtreeToEnableVerity(FstabEntry* fstab_entry, bool wait_for_verity_dev,
55                                    const std::vector<VBMetaData>& vbmeta_images,
56                                    const std::string& ab_suffix, const std::string& ab_other_suffix);
57 
58 // Converts AVB partition name to a device partition name.
59 std::string AvbPartitionToDevicePatition(const std::string& avb_partition_name,
60                                          const std::string& ab_suffix,
61                                          const std::string& ab_other_suffix);
62 
63 // Converts by-name symlink to AVB partition name.
64 std::string DeriveAvbPartitionName(const FstabEntry& fstab_entry, const std::string& ab_suffix,
65                                    const std::string& ab_other_suffix);
66 
67 // AvbFooter and AvbMetaImage maninpulations.
68 off64_t GetTotalSize(int fd);
69 
70 std::unique_ptr<AvbFooter> GetAvbFooter(int fd);
71 
72 std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partition_name,
73                                              const std::string& expected_public_key_blob,
74                                              std::string* out_public_key_data,
75                                              VBMetaVerifyResult* out_verify_result);
76 
77 VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta,
78                                          const std::string& expected_public_key_blob,
79                                          std::string* out_public_key_data);
80 
81 bool ValidatePublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob);
82 
83 bool ValidatePublicKeyBlob(const std::string& key_blob_to_validate,
84                            const std::vector<std::string>& expected_key_paths);
85 
86 // Detects if whether a partition contains a rollback image.
87 bool RollbackDetected(const std::string& partition_name, uint64_t rollback_index);
88 
89 // Extracts chain partition info.
90 std::vector<ChainInfo> GetChainPartitionInfo(const VBMetaData& vbmeta, bool* fatal_error);
91 
92 // Loads the single vbmeta from a given path.
93 std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath(
94         const std::string& image_path, const std::string& partition_name,
95         const std::string& expected_public_key_blob, bool allow_verification_error,
96         bool rollback_protection, bool is_chained_vbmeta, std::string* out_public_key_data,
97         bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result);
98 
99 // Loads the top-level vbmeta and all its chained vbmeta images.
100 // The actual device path is constructed at runtime by:
101 // partition_name, ab_suffix, ab_other_suffix, and device_path_constructor.
102 VBMetaVerifyResult LoadAndVerifyVbmetaByPartition(
103     const std::string& partition_name, const std::string& ab_suffix,
104     const std::string& ab_other_suffix, const std::string& expected_public_key_blob,
105     bool allow_verification_error, bool load_chained_vbmeta, bool rollback_protection,
106     std::function<std::string(const std::string&)> device_path_constructor, bool is_chained_vbmeta,
107     std::vector<VBMetaData>* out_vbmeta_images);
108 
109 }  // namespace fs_mgr
110 }  // namespace android
111