1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef __CORE_FS_MGR_AVB_H
18 #define __CORE_FS_MGR_AVB_H
19 
20 #include <map>
21 #include <memory>
22 #include <string>
23 
24 #include <libavb/libavb.h>
25 
26 #include "fs_mgr.h"
27 
28 enum class SetUpAvbHashtreeResult {
29     kSuccess = 0,
30     kFail,
31     kDisabled,
32 };
33 
34 class FsManagerAvbOps;
35 
36 class FsManagerAvbHandle;
37 using FsManagerAvbUniquePtr = std::unique_ptr<FsManagerAvbHandle>;
38 
39 using ByNameSymlinkMap = std::map<std::string, std::string>;
40 
41 // Provides a factory method to return a unique_ptr pointing to itself and the
42 // SetUpAvbHashtree() function to extract dm-verity parameters from AVB HASHTREE
43 // descriptors to load verity table into kernel through ioctl.
44 class FsManagerAvbHandle {
45   public:
46     // The factory method to return a FsManagerAvbUniquePtr that holds
47     // the verified AVB (external/avb) metadata of all verified partitions
48     // in avb_slot_data_.vbmeta_images[].
49     //
50     // The metadata is checked against the following values from /proc/cmdline.
51     //   - androidboot.vbmeta.{hash_alg, size, digest}.
52     //
53     // A typical usage will be:
54     //   - FsManagerAvbUniquePtr handle = FsManagerAvbHandle::Open();
55     //
56     // There are two overloaded Open() functions with a single parameter.
57     // The argument can be a ByNameSymlinkMap describing the mapping from partition
58     // name to by-name symlink, or a fstab file to which the ByNameSymlinkMap is
59     // constructed from. e.g.,
60     //   - /dev/block/platform/soc.0/7824900.sdhci/by-name/system_a ->
61     //   - ByNameSymlinkMap["system_a"] = "/dev/block/platform/soc.0/7824900.sdhci/by-name/system_a"
62     //
63     // Possible return values:
64     //   - nullptr: any error when reading and verifying the metadata,
65     //     e.g., I/O error, digest value mismatch, size mismatch, etc.
66     //
67     //   - a valid unique_ptr with status kAvbHandleHashtreeDisabled:
68     //     to support the existing 'adb disable-verity' feature in Android.
69     //     It's very helpful for developers to make the filesystem writable to
70     //     allow replacing binaries on the device.
71     //
72     //   - a valid unique_ptr with status kAvbHandleVerificationDisabled:
73     //     to support 'avbctl disable-verification': only the top-level
74     //     vbmeta is read, vbmeta structs in other partitions are not processed.
75     //     It's needed to bypass AVB when using the generic system.img to run
76     //     VTS for project Treble.
77     //
78     //   - a valid unique_ptr with status kAvbHandleVerificationError:
79     //     there is verification error when libavb loads vbmeta from each
80     //     partition. This is only allowed when the device is unlocked.
81     //
82     //   - a valid unique_ptr with status kAvbHandleSuccess: the metadata
83     //     is verified and can be trusted.
84     //
85     static FsManagerAvbUniquePtr Open(const fstab& fstab);
86     static FsManagerAvbUniquePtr Open(ByNameSymlinkMap&& by_name_symlink_map);
87 
88     // Sets up dm-verity on the given fstab entry.
89     // The 'wait_for_verity_dev' parameter makes this function wait for the
90     // verity device to get created before return.
91     //
92     // Return value:
93     //   - kSuccess: successfully loads dm-verity table into kernel.
94     //   - kFailed: failed to setup dm-verity, e.g., vbmeta verification error,
95     //     failed to get the HASHTREE descriptor, runtime error when set up
96     //     device-mapper, etc.
97     //   - kDisabled: hashtree is disabled.
98     SetUpAvbHashtreeResult SetUpAvbHashtree(fstab_rec* fstab_entry, bool wait_for_verity_dev);
99 
avb_version()100     const std::string& avb_version() const { return avb_version_; }
101 
102     FsManagerAvbHandle(const FsManagerAvbHandle&) = delete;             // no copy
103     FsManagerAvbHandle& operator=(const FsManagerAvbHandle&) = delete;  // no assignment
104 
105     FsManagerAvbHandle(FsManagerAvbHandle&&) noexcept = delete;             // no move
106     FsManagerAvbHandle& operator=(FsManagerAvbHandle&&) noexcept = delete;  // no move assignment
107 
~FsManagerAvbHandle()108     ~FsManagerAvbHandle() {
109         if (avb_slot_data_) {
110             avb_slot_verify_data_free(avb_slot_data_);
111         }
112     };
113 
114   private:
115     enum AvbHandleStatus {
116         kAvbHandleSuccess = 0,
117         kAvbHandleUninitialized,
118         kAvbHandleHashtreeDisabled,
119         kAvbHandleVerificationDisabled,
120         kAvbHandleVerificationError,
121     };
122 
FsManagerAvbHandle()123     FsManagerAvbHandle() : avb_slot_data_(nullptr), status_(kAvbHandleUninitialized) {}
124     static FsManagerAvbUniquePtr DoOpen(FsManagerAvbOps* avb_ops);
125 
126     AvbSlotVerifyData* avb_slot_data_;
127     AvbHandleStatus status_;
128     std::string avb_version_;
129 };
130 
131 #endif /* __CORE_FS_MGR_AVB_H */
132