gsid: Add a command-line option for verifying image maps.
Bug: 213646061
Test: adb remount, gsid verify-image-maps
Change-Id: I2d2f28921a2f22bb1c7d8660802fe33adbf109bd
diff --git a/gsi_service.cpp b/gsi_service.cpp
index 939f603..98963ef 100644
--- a/gsi_service.cpp
+++ b/gsi_service.cpp
@@ -36,6 +36,7 @@
#include <android/os/IVold.h>
#include <binder/IServiceManager.h>
#include <binder/LazyServiceRegistrar.h>
+#include <cutils/android_reboot.h>
#include <ext4_utils/ext4_utils.h>
#include <fs_mgr.h>
#include <libavb/libavb.h>
@@ -1100,6 +1101,28 @@
}
}
+void GsiService::VerifyImageMaps() {
+ std::vector<std::pair<std::string, std::string>> paths = {
+ {"/metadata/gsi/remount", "/data/gsi/remount"},
+ {"/metadata/gsi/ota", "/data/gsi/ota"},
+ };
+
+ for (const auto& [metadata_dir, data_dir] : paths) {
+ auto impl = ImageManager::Open(metadata_dir, data_dir);
+ if (!impl) {
+ LOG(ERROR) << "Could not open ImageManager for " << metadata_dir << " and " << data_dir;
+ continue;
+ }
+ if (!impl->ValidateImageMaps()) {
+ LOG(ERROR) << "ImageManager for " << metadata_dir
+ << " failed validation, device data is at risk. Rebooting.";
+ android::base::SetProperty(ANDROID_RB_PROPERTY, "reboot,fastboot");
+ continue;
+ }
+ LOG(INFO) << "ImageManager verification passed for " << metadata_dir;
+ }
+}
+
static bool GetAvbPublicKeyFromFd(int fd, AvbPublicKey* dst) {
// Read the AVB footer from EOF.
int64_t total_size = get_block_device_size(fd);
