update_verifier: Support AVB.
When using AVB, PRODUCT_SUPPORTS_VERITY is not set so check for
BOARD_ENABLE_AVB as well. Also AVB sets up the root filesystem as
'vroot' so map that to 'system' since this is what is
expected. Managed to test at least that the code is at least compiled
in:
$ fastboot --set-active=_a
Setting current slot to 'a'...
OKAY [ 0.023s]
finished. total time: 0.023s
$ fastboot reboot
rebooting...
finished. total time: 0.050s
$ adb wait-for-device
$ adb logcat |grep update_verifier
03-04 05:28:56.773 630 630 I /system/bin/update_verifier: Started with arg 1: nonencrypted
03-04 05:28:56.776 630 630 I /system/bin/update_verifier: Booting slot 0: isSlotMarkedSuccessful=0
03-04 05:28:56.776 630 630 W /system/bin/update_verifier: Failed to open /data/ota_package/care_map.txt: No such file or directory
03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Marked slot 0 as booted successfully.
03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Leaving update_verifier.
Bug: 62464819
Test: Manually tested on device using AVB bootloader.
Merged-In: I13c0fe1cc5d0f397e36f5e62fcc05c8dfee5fd85
Change-Id: I2834b17688053411e7b904e31df9c83bf904cd56
diff --git a/tests/Android.mk b/tests/Android.mk
index 262f4ff..346873d 100644
--- a/tests/Android.mk
+++ b/tests/Android.mk
@@ -92,6 +92,10 @@
LOCAL_CFLAGS += -DPRODUCT_SUPPORTS_VERITY=1
endif
+ifeq ($(BOARD_AVB_ENABLE),true)
+LOCAL_CFLAGS += -DBOARD_AVB_ENABLE=1
+endif
+
LOCAL_MODULE := recovery_component_test
LOCAL_COMPATIBILITY_SUITE := device-tests
LOCAL_C_INCLUDES := bootable/recovery
diff --git a/tests/component/update_verifier_test.cpp b/tests/component/update_verifier_test.cpp
index 73b4478..5fc7ef6 100644
--- a/tests/component/update_verifier_test.cpp
+++ b/tests/component/update_verifier_test.cpp
@@ -24,7 +24,7 @@
class UpdateVerifierTest : public ::testing::Test {
protected:
void SetUp() override {
-#ifdef PRODUCT_SUPPORTS_VERITY
+#if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE)
verity_supported = true;
#else
verity_supported = false;
diff --git a/update_verifier/Android.mk b/update_verifier/Android.mk
index 37d9bfe..33c5fe9 100644
--- a/update_verifier/Android.mk
+++ b/update_verifier/Android.mk
@@ -39,6 +39,10 @@
LOCAL_CFLAGS += -DPRODUCT_SUPPORTS_VERITY=1
endif
+ifeq ($(BOARD_AVB_ENABLE),true)
+LOCAL_CFLAGS += -DBOARD_AVB_ENABLE=1
+endif
+
include $(BUILD_STATIC_LIBRARY)
# update_verifier (executable)
diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp
index fdbcfde..d3a5185 100644
--- a/update_verifier/update_verifier.cpp
+++ b/update_verifier/update_verifier.cpp
@@ -99,12 +99,21 @@
std::string content;
if (!android::base::ReadFileToString(path, &content)) {
PLOG(WARNING) << "Failed to read " << path;
- } else if (android::base::Trim(content) == partition) {
- dm_block_device = DEV_PATH + std::string(namelist[n]->d_name);
- while (n--) {
- free(namelist[n]);
+ } else {
+ std::string dm_block_name = android::base::Trim(content);
+#ifdef BOARD_AVB_ENABLE
+ // AVB is using 'vroot' for the root block device but we're expecting 'system'.
+ if (dm_block_name == "vroot") {
+ dm_block_name = "system";
}
- break;
+#endif
+ if (dm_block_name == partition) {
+ dm_block_device = DEV_PATH + std::string(namelist[n]->d_name);
+ while (n--) {
+ free(namelist[n]);
+ }
+ break;
+ }
}
free(namelist[n]);
}
@@ -229,7 +238,7 @@
if (is_successful == BoolResult::FALSE) {
// The current slot has not booted successfully.
-#ifdef PRODUCT_SUPPORTS_VERITY
+#if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE)
std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", "");
if (verity_mode.empty()) {
LOG(ERROR) << "Failed to get dm-verity mode.";