From db57f0d7f427538b177ef82dde385e4207e35067 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 10 Mar 2017 14:21:25 -0800 Subject: update_verifier: Set the success flag if dm-verity is not enabled. For devices that are not using dm-verity, update_verifier can't verify anything, but to mark the successfully booted flag unconditionally. Test: Successfully-booted flag is set on devices w/o dm-verity. Test: Successfully-booted flag is set after verification on devices w/ dm-verity. Change-Id: I79ab2caec2d4284aad0d66dd161adabebde175b6 --- update_verifier/Android.mk | 4 ++++ update_verifier/update_verifier.cpp | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/update_verifier/Android.mk b/update_verifier/Android.mk index 49d19b0e1..c1051a54a 100644 --- a/update_verifier/Android.mk +++ b/update_verifier/Android.mk @@ -32,4 +32,8 @@ LOCAL_SHARED_LIBRARIES := \ LOCAL_CFLAGS := -Werror LOCAL_C_INCLUDES += $(LOCAL_PATH)/.. +ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true) + LOCAL_CFLAGS += -DPRODUCT_SUPPORTS_VERITY=1 +endif + include $(BUILD_EXECUTABLE) diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp index a4799cc31..83b1c46c4 100644 --- a/update_verifier/update_verifier.cpp +++ b/update_verifier/update_verifier.cpp @@ -216,6 +216,8 @@ int main(int argc, char** argv) { if (is_successful == BoolResult::FALSE) { // The current slot has not booted successfully. + +#ifdef PRODUCT_SUPPORTS_VERITY std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", ""); if (verity_mode.empty()) { LOG(ERROR) << "Failed to get dm-verity mode."; @@ -232,6 +234,9 @@ int main(int argc, char** argv) { LOG(ERROR) << "Failed to verify all blocks in care map file."; return -1; } +#else + LOG(WARNING) << "dm-verity not enabled; marking without verification."; +#endif CommandResult cr; module->markBootSuccessful([&cr](CommandResult result) { cr = result; }); -- cgit v1.2.3