update_verifier: Set the success flag if dm-verity is not enabled.
For devices that are not using dm-verity, update_verifier can't verify
anything, but to mark the successfully booted flag unconditionally.
Test: Successfully-booted flag is set on devices w/o dm-verity.
Test: Successfully-booted flag is set after verification on devices w/
dm-verity.
Change-Id: I79ab2caec2d4284aad0d66dd161adabebde175b6
diff --git a/update_verifier/Android.mk b/update_verifier/Android.mk
index 49d19b0..c1051a5 100644
--- a/update_verifier/Android.mk
+++ b/update_verifier/Android.mk
@@ -32,4 +32,8 @@
LOCAL_CFLAGS := -Werror
LOCAL_C_INCLUDES += $(LOCAL_PATH)/..
+ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true)
+ LOCAL_CFLAGS += -DPRODUCT_SUPPORTS_VERITY=1
+endif
+
include $(BUILD_EXECUTABLE)
diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp
index a4799cc..83b1c46 100644
--- a/update_verifier/update_verifier.cpp
+++ b/update_verifier/update_verifier.cpp
@@ -216,6 +216,8 @@
if (is_successful == BoolResult::FALSE) {
// The current slot has not booted successfully.
+
+#ifdef PRODUCT_SUPPORTS_VERITY
std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", "");
if (verity_mode.empty()) {
LOG(ERROR) << "Failed to get dm-verity mode.";
@@ -232,6 +234,9 @@
LOG(ERROR) << "Failed to verify all blocks in care map file.";
return -1;
}
+#else
+ LOG(WARNING) << "dm-verity not enabled; marking without verification.";
+#endif
CommandResult cr;
module->markBootSuccessful([&cr](CommandResult result) { cr = result; });