From 83b0780dddcaddd661ac48f277f51f7cb6ac13f6 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 26 Apr 2017 14:30:56 -0700 Subject: Separate libupdate_verifier module and add testcases. Enable -Wall and expose verify_image() for testing purpose. Test: mmma bootable/recovery Test: recovery_component_test Change-Id: I1ee1db2a775bafdc1112e25a1bc7194d8d6aee4f --- update_verifier/Android.mk | 42 +++++++++++++++++----- .../include/update_verifier/update_verifier.h | 24 +++++++++++++ update_verifier/update_verifier.cpp | 17 ++++----- update_verifier/update_verifier_main.cpp | 23 ++++++++++++ 4 files changed, 90 insertions(+), 16 deletions(-) create mode 100644 update_verifier/include/update_verifier/update_verifier.h create mode 100644 update_verifier/update_verifier_main.cpp (limited to 'update_verifier') diff --git a/update_verifier/Android.mk b/update_verifier/Android.mk index 1acd5eca0..37d9bfed3 100644 --- a/update_verifier/Android.mk +++ b/update_verifier/Android.mk @@ -14,12 +14,43 @@ LOCAL_PATH := $(call my-dir) +# libupdate_verifier (static library) +# =============================== include $(CLEAR_VARS) -LOCAL_CLANG := true -LOCAL_SRC_FILES := update_verifier.cpp +LOCAL_SRC_FILES := \ + update_verifier.cpp + +LOCAL_MODULE := libupdate_verifier +LOCAL_SHARED_LIBRARIES := \ + libbase \ + libcutils \ + android.hardware.boot@1.0 + +LOCAL_CFLAGS := -Wall -Werror + +LOCAL_EXPORT_C_INCLUDE_DIRS := \ + $(LOCAL_PATH)/include + +LOCAL_C_INCLUDES := \ + $(LOCAL_PATH)/include + +ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true) +LOCAL_CFLAGS += -DPRODUCT_SUPPORTS_VERITY=1 +endif + +include $(BUILD_STATIC_LIBRARY) + +# update_verifier (executable) +# =============================== +include $(CLEAR_VARS) + +LOCAL_SRC_FILES := \ + update_verifier_main.cpp LOCAL_MODULE := update_verifier +LOCAL_STATIC_LIBRARIES := \ + libupdate_verifier LOCAL_SHARED_LIBRARIES := \ libbase \ libcutils \ @@ -29,13 +60,8 @@ LOCAL_SHARED_LIBRARIES := \ libhidlbase \ android.hardware.boot@1.0 -LOCAL_CFLAGS := -Werror -LOCAL_C_INCLUDES += $(LOCAL_PATH)/.. +LOCAL_CFLAGS := -Wall -Werror LOCAL_INIT_RC := update_verifier.rc -ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true) - LOCAL_CFLAGS += -DPRODUCT_SUPPORTS_VERITY=1 -endif - include $(BUILD_EXECUTABLE) diff --git a/update_verifier/include/update_verifier/update_verifier.h b/update_verifier/include/update_verifier/update_verifier.h new file mode 100644 index 000000000..16b394e98 --- /dev/null +++ b/update_verifier/include/update_verifier/update_verifier.h @@ -0,0 +1,24 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include + +int update_verifier(int argc, char** argv); + +// Exposed for testing purpose. +bool verify_image(const std::string& care_map_name); diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp index 350020f13..1950cbd83 100644 --- a/update_verifier/update_verifier.cpp +++ b/update_verifier/update_verifier.cpp @@ -35,6 +35,8 @@ * verifier reaches the end after the verification. */ +#include "update_verifier/update_verifier.h" + #include #include #include @@ -59,12 +61,6 @@ using android::hardware::boot::V1_0::IBootControl; using android::hardware::boot::V1_0::BoolResult; using android::hardware::boot::V1_0::CommandResult; -constexpr auto CARE_MAP_FILE = "/data/ota_package/care_map.txt"; -constexpr auto DM_PATH_PREFIX = "/sys/block/"; -constexpr auto DM_PATH_SUFFIX = "/dm/name"; -constexpr auto DEV_PATH = "/dev/block/"; -constexpr int BLOCKSIZE = 4096; - // Find directories in format of "/sys/block/dm-X". static int dm_name_filter(const dirent* de) { if (android::base::StartsWith(de->d_name, "dm-")) { @@ -82,6 +78,7 @@ static bool read_blocks(const std::string& partition, const std::string& range_s // (or "vendor"), then dm-X is a dm-wrapped system/vendor partition. // Afterwards, update_verifier will read every block on the care_map_file of // "/dev/block/dm-X" to ensure the partition's integrity. + static constexpr auto DM_PATH_PREFIX = "/sys/block/"; dirent** namelist; int n = scandir(DM_PATH_PREFIX, &namelist, dm_name_filter, alphasort); if (n == -1) { @@ -93,6 +90,8 @@ static bool read_blocks(const std::string& partition, const std::string& range_s return false; } + static constexpr auto DM_PATH_SUFFIX = "/dm/name"; + static constexpr auto DEV_PATH = "/dev/block/"; std::string dm_block_device; while (n--) { std::string path = DM_PATH_PREFIX + std::string(namelist[n]->d_name) + DM_PATH_SUFFIX; @@ -143,6 +142,7 @@ static bool read_blocks(const std::string& partition, const std::string& range_s return false; } + static constexpr int BLOCKSIZE = 4096; if (lseek64(fd.get(), static_cast(range_start) * BLOCKSIZE, SEEK_SET) == -1) { PLOG(ERROR) << "lseek to " << range_start << " failed"; return false; @@ -161,7 +161,7 @@ static bool read_blocks(const std::string& partition, const std::string& range_s return true; } -static bool verify_image(const std::string& care_map_name) { +bool verify_image(const std::string& care_map_name) { android::base::unique_fd care_map_fd(TEMP_FAILURE_RETRY(open(care_map_name.c_str(), O_RDONLY))); // If the device is flashed before the current boot, it may not have care_map.txt // in /data/ota_package. To allow the device to continue booting in this situation, @@ -205,7 +205,7 @@ static int reboot_device() { while (true) pause(); } -int main(int argc, char** argv) { +int update_verifier(int argc, char** argv) { for (int i = 1; i < argc; i++) { LOG(INFO) << "Started with arg " << i << ": " << argv[i]; } @@ -238,6 +238,7 @@ int main(int argc, char** argv) { return reboot_device(); } + static constexpr auto CARE_MAP_FILE = "/data/ota_package/care_map.txt"; if (!verify_image(CARE_MAP_FILE)) { LOG(ERROR) << "Failed to verify all blocks in care map file."; return reboot_device(); diff --git a/update_verifier/update_verifier_main.cpp b/update_verifier/update_verifier_main.cpp new file mode 100644 index 000000000..46e8bbb59 --- /dev/null +++ b/update_verifier/update_verifier_main.cpp @@ -0,0 +1,23 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// See the comments in update_verifier.cpp. + +#include "update_verifier/update_verifier.h" + +int main(int argc, char** argv) { + return update_verifier(argc, argv); +} -- cgit v1.2.3