From 8ed9738b62b075205a81489b01ec882520da183a Mon Sep 17 00:00:00 2001
From: David Zeuthen <zeuthen@google.com>
Date: Mon, 8 May 2017 13:41:28 -0400
Subject: update_verifier: Support AVB.

When using AVB, PRODUCT_SUPPORTS_VERITY is not set so check for
BOARD_ENABLE_AVB as well. Also AVB sets up the root filesystem as
'vroot' so map that to 'system' since this is what is
expected. Managed to test at least that the code is at least compiled
in:

 $ fastboot --set-active=_a
 Setting current slot to 'a'...
 OKAY [  0.023s]
 finished. total time: 0.023s

 $ fastboot reboot
 rebooting...

 finished. total time: 0.050s

 $ adb wait-for-device

 $ adb logcat |grep update_verifier
 03-04 05:28:56.773   630   630 I /system/bin/update_verifier: Started with arg 1: nonencrypted
 03-04 05:28:56.776   630   630 I /system/bin/update_verifier: Booting slot 0: isSlotMarkedSuccessful=0
 03-04 05:28:56.776   630   630 W /system/bin/update_verifier: Failed to open /data/ota_package/care_map.txt: No such file or directory
 03-04 05:28:56.788   630   630 I /system/bin/update_verifier: Marked slot 0 as booted successfully.
 03-04 05:28:56.788   630   630 I /system/bin/update_verifier: Leaving update_verifier.

Bug: None
Test: Manually tested on device using AVB bootloader.
Change-Id: I13c0fe1cc5d0f397e36f5e62fcc05c8dfee5fd85
---
 tests/Android.mk                         |  4 ++++
 tests/component/update_verifier_test.cpp |  2 +-
 update_verifier/Android.mk               |  4 ++++
 update_verifier/update_verifier.cpp      | 21 +++++++++++++++------
 4 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/tests/Android.mk b/tests/Android.mk
index 02a240127..4ee59b526 100644
--- a/tests/Android.mk
+++ b/tests/Android.mk
@@ -93,6 +93,10 @@ ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true)
 LOCAL_CFLAGS += -DPRODUCT_SUPPORTS_VERITY=1
 endif
 
+ifeq ($(BOARD_AVB_ENABLE),true)
+LOCAL_CFLAGS += -DBOARD_AVB_ENABLE=1
+endif
+
 LOCAL_MODULE := recovery_component_test
 LOCAL_COMPATIBILITY_SUITE := device-tests
 LOCAL_C_INCLUDES := bootable/recovery
diff --git a/tests/component/update_verifier_test.cpp b/tests/component/update_verifier_test.cpp
index 73b4478aa..5fc7ef63f 100644
--- a/tests/component/update_verifier_test.cpp
+++ b/tests/component/update_verifier_test.cpp
@@ -24,7 +24,7 @@
 class UpdateVerifierTest : public ::testing::Test {
  protected:
   void SetUp() override {
-#ifdef PRODUCT_SUPPORTS_VERITY
+#if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE)
     verity_supported = true;
 #else
     verity_supported = false;
diff --git a/update_verifier/Android.mk b/update_verifier/Android.mk
index 37d9bfed3..33c5fe9e7 100644
--- a/update_verifier/Android.mk
+++ b/update_verifier/Android.mk
@@ -39,6 +39,10 @@ ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true)
 LOCAL_CFLAGS += -DPRODUCT_SUPPORTS_VERITY=1
 endif
 
+ifeq ($(BOARD_AVB_ENABLE),true)
+LOCAL_CFLAGS += -DBOARD_AVB_ENABLE=1
+endif
+
 include $(BUILD_STATIC_LIBRARY)
 
 # update_verifier (executable)
diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp
index fdbcfde56..d3a5185b8 100644
--- a/update_verifier/update_verifier.cpp
+++ b/update_verifier/update_verifier.cpp
@@ -99,12 +99,21 @@ static bool read_blocks(const std::string& partition, const std::string& range_s
     std::string content;
     if (!android::base::ReadFileToString(path, &content)) {
       PLOG(WARNING) << "Failed to read " << path;
-    } else if (android::base::Trim(content) == partition) {
-      dm_block_device = DEV_PATH + std::string(namelist[n]->d_name);
-      while (n--) {
-        free(namelist[n]);
+    } else {
+      std::string dm_block_name = android::base::Trim(content);
+#ifdef BOARD_AVB_ENABLE
+      // AVB is using 'vroot' for the root block device but we're expecting 'system'.
+      if (dm_block_name == "vroot") {
+        dm_block_name = "system";
+      }
+#endif
+      if (dm_block_name == partition) {
+        dm_block_device = DEV_PATH + std::string(namelist[n]->d_name);
+        while (n--) {
+          free(namelist[n]);
+        }
+        break;
       }
-      break;
     }
     free(namelist[n]);
   }
@@ -229,7 +238,7 @@ int update_verifier(int argc, char** argv) {
   if (is_successful == BoolResult::FALSE) {
     // The current slot has not booted successfully.
 
-#ifdef PRODUCT_SUPPORTS_VERITY
+#if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE)
     std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", "");
     if (verity_mode.empty()) {
       LOG(ERROR) << "Failed to get dm-verity mode.";
-- 
cgit v1.2.3