ANDROID: dm: android-verity: allow disable dm-verity for Treble VTS

To start Treble VTS test, a single AOSP system.img will be flashed onto
the device. The size of AOSP system.img might be different than the
system partition size on device, making locating verity metadata fail
(at the last fixed size of the partition).

This change allows disabling dm-verity on system partition when the
device is unlocked (orange device state) with invalid metadata.

BUG: 35603549
Test: boot device with a different-sized system.img, checks verity is
      not enabled via:

          "adb shell getprop | grep partition.system.verified"

Change-Id: Ide78dca4eefde4ab019e4b202d3f590dcb1bb506
Signed-off-by: Bowgo Tsai <bowgotsai@google.com>

diff --git a/drivers/md/dm-android-verity.c b/drivers/md/dm-android-verity.c
index ac73db367d1707b528602a8a6d673c67a87b6f77..b2665f569396885c819574cc7353674ecdfbff02 100644 (file)
--- a/drivers/md/dm-android-verity.c
+++ b/drivers/md/dm-android-verity.c
@@ -115,6 +115,12 @@ static inline bool is_userdebug(void)
        return !strncmp(buildvariant, typeuserdebug, sizeof(typeuserdebug));
 }
 
+static inline bool is_unlocked(void)
+{
+       static const char unlocked[] = "orange";
+
+       return !strncmp(verifiedbootstate, unlocked, sizeof(unlocked));
+}
 
 static int table_extract_mpi_array(struct public_key_signature *pks,
                                const void *data, size_t len)
@@ -653,6 +659,28 @@ static int add_as_linear_device(struct dm_target *ti, char *dev)
        return err;
 }
 
+static int create_linear_device(struct dm_target *ti, dev_t dev,
+                               char *target_device)
+{
+       u64 device_size = 0;
+       int err = find_size(dev, &device_size);
+
+       if (err) {
+               DMERR("error finding bdev size");
+               handle_error();
+               return err;
+       }
+
+       ti->len = device_size;
+       err = add_as_linear_device(ti, target_device);
+       if (err) {
+               handle_error();
+               return err;
+       }
+       verity_enabled = false;
+       return 0;
+}
+
 /*
  * Target parameters:
  *     <key id>        Key id of the public key in the system keyring.
@@ -676,7 +704,6 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
        struct fec_ecc_metadata uninitialized_var(ecc);
        char buf[FEC_ARG_LENGTH], *buf_ptr;
        unsigned long long tmpll;
-       u64  uninitialized_var(device_size);
 
        if (argc == 1) {
                /* Use the default keyid */
@@ -704,23 +731,8 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
                return -EINVAL;
        }
 
-       if (is_eng()) {
-               err = find_size(dev, &device_size);
-               if (err) {
-                       DMERR("error finding bdev size");
-                       handle_error();
-                       return err;
-               }
-
-               ti->len = device_size;
-               err = add_as_linear_device(ti, target_device);
-               if (err) {
-                       handle_error();
-                       return err;
-               }
-               verity_enabled = false;
-               return 0;
-       }
+       if (is_eng())
+               return create_linear_device(ti, dev, target_device);
 
        strreplace(key_id, '#', ' ');
 
@@ -735,6 +747,11 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
        err = extract_metadata(dev, &fec, &metadata, &verity_enabled);
 
        if (err) {
+               /* Allow invalid metadata when the device is unlocked */
+               if (is_unlocked()) {
+                       DMWARN("Allow invalid metadata when unlocked");
+                       return create_linear_device(ti, dev, target_device);
+               }
                DMERR("Error while extracting metadata");
                handle_error();
                goto free_metadata;