1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef __CORE_FS_MGR_AVB_H
18#define __CORE_FS_MGR_AVB_H
19
20#include <map>
21#include <memory>
22#include <string>
23
24#include <libavb/libavb.h>
25
26#include "fs_mgr.h"
27
28enum class SetUpAvbHashtreeResult {
29    kSuccess = 0,
30    kFail,
31    kDisabled,
32};
33
34class FsManagerAvbOps;
35
36class FsManagerAvbHandle;
37using FsManagerAvbUniquePtr = std::unique_ptr<FsManagerAvbHandle>;
38
39using ByNameSymlinkMap = std::map<std::string, std::string>;
40
41// Provides a factory method to return a unique_ptr pointing to itself and the
42// SetUpAvbHashtree() function to extract dm-verity parameters from AVB HASHTREE
43// descriptors to load verity table into kernel through ioctl.
44class FsManagerAvbHandle {
45  public:
46    // The factory method to return a FsManagerAvbUniquePtr that holds
47    // the verified AVB (external/avb) metadata of all verified partitions
48    // in avb_slot_data_.vbmeta_images[].
49    //
50    // The metadata is checked against the following values from /proc/cmdline.
51    //   - androidboot.vbmeta.{hash_alg, size, digest}.
52    //
53    // A typical usage will be:
54    //   - FsManagerAvbUniquePtr handle = FsManagerAvbHandle::Open();
55    //
56    // There are two overloaded Open() functions with a single parameter.
57    // The argument can be a ByNameSymlinkMap describing the mapping from partition
58    // name to by-name symlink, or a fstab file to which the ByNameSymlinkMap is
59    // constructed from. e.g.,
60    //   - /dev/block/platform/soc.0/7824900.sdhci/by-name/system_a ->
61    //   - ByNameSymlinkMap["system_a"] = "/dev/block/platform/soc.0/7824900.sdhci/by-name/system_a"
62    //
63    // Possible return values:
64    //   - nullptr: any error when reading and verifying the metadata,
65    //     e.g., I/O error, digest value mismatch, size mismatch, etc.
66    //
67    //   - a valid unique_ptr with status kAvbHandleHashtreeDisabled:
68    //     to support the existing 'adb disable-verity' feature in Android.
69    //     It's very helpful for developers to make the filesystem writable to
70    //     allow replacing binaries on the device.
71    //
72    //   - a valid unique_ptr with status kAvbHandleVerificationDisabled:
73    //     to support 'avbctl disable-verification': only the top-level
74    //     vbmeta is read, vbmeta structs in other partitions are not processed.
75    //     It's needed to bypass AVB when using the generic system.img to run
76    //     VTS for project Treble.
77    //
78    //   - a valid unique_ptr with status kAvbHandleVerificationError:
79    //     there is verification error when libavb loads vbmeta from each
80    //     partition. This is only allowed when the device is unlocked.
81    //
82    //   - a valid unique_ptr with status kAvbHandleSuccess: the metadata
83    //     is verified and can be trusted.
84    //
85    static FsManagerAvbUniquePtr Open(const fstab& fstab);
86    static FsManagerAvbUniquePtr Open(ByNameSymlinkMap&& by_name_symlink_map);
87
88    // Sets up dm-verity on the given fstab entry.
89    // The 'wait_for_verity_dev' parameter makes this function wait for the
90    // verity device to get created before return.
91    //
92    // Return value:
93    //   - kSuccess: successfully loads dm-verity table into kernel.
94    //   - kFailed: failed to setup dm-verity, e.g., vbmeta verification error,
95    //     failed to get the HASHTREE descriptor, runtime error when set up
96    //     device-mapper, etc.
97    //   - kDisabled: hashtree is disabled.
98    SetUpAvbHashtreeResult SetUpAvbHashtree(fstab_rec* fstab_entry, bool wait_for_verity_dev);
99
100    const std::string& avb_version() const { return avb_version_; }
101
102    FsManagerAvbHandle(const FsManagerAvbHandle&) = delete;             // no copy
103    FsManagerAvbHandle& operator=(const FsManagerAvbHandle&) = delete;  // no assignment
104
105    FsManagerAvbHandle(FsManagerAvbHandle&&) noexcept = delete;             // no move
106    FsManagerAvbHandle& operator=(FsManagerAvbHandle&&) noexcept = delete;  // no move assignment
107
108    ~FsManagerAvbHandle() {
109        if (avb_slot_data_) {
110            avb_slot_verify_data_free(avb_slot_data_);
111        }
112    };
113
114  private:
115    enum AvbHandleStatus {
116        kAvbHandleSuccess = 0,
117        kAvbHandleUninitialized,
118        kAvbHandleHashtreeDisabled,
119        kAvbHandleVerificationDisabled,
120        kAvbHandleVerificationError,
121    };
122
123    FsManagerAvbHandle() : avb_slot_data_(nullptr), status_(kAvbHandleUninitialized) {}
124    static FsManagerAvbUniquePtr DoOpen(FsManagerAvbOps* avb_ops);
125
126    AvbSlotVerifyData* avb_slot_data_;
127    AvbHandleStatus status_;
128    std::string avb_version_;
129};
130
131#endif /* __CORE_FS_MGR_AVB_H */
132