Move enable/disable-verity code from avbctl to libavb_user.

Also build a libavb_user library and make avbctl link with it. Also
add a function to get whether verity is currrently enabled and expose
this through a new get-verity sub-command in avbctl. Make avbctl a bit
smarter and tell the user if verity is already enabled/disabled when
trying to enable/disable it. Also remind the user to reboot if we're
changing the state.

With this change it's possible to make adbd link with libavb_user for
implementing 'adb {enable,disable}-verity' command.

Also stop linking avbctl with the boot_control HAL and just access the
ro.boot.slot or ro.boot.slot_suffix properties (aka "androidboot.slot"
or "androidboot.slot_suffix" on the kernel cmdline). This way
external/avb should be usable on N without manually having to patch in
the O->N boot_control changes.

Complete AvbOps in libavb_user so it can be used with avb_slot_verify()
in user space. Also add more documentation explaining what this particular
AvbOps implementation is intended to do.

Bug: 34124301
Test: All unit tests pass.
Test: Manually tested on UEFI-based bootloader.
Change-Id: I0b5080ff102c29f2c4c0e92a9737590d450967a9

Android.mk

@@ -44,6 +44,25 @@ avb_common_ldflags := \
     -Wl,--gc-sections \
     -rdynamic
 
+# The sources that make up libavb (excluding sysdeps).
+libavb_sources := \
+    libavb/avb_chain_partition_descriptor.c \
+    libavb/avb_crc32.c \
+    libavb/avb_crypto.c \
+    libavb/avb_descriptor.c \
+    libavb/avb_footer.c \
+    libavb/avb_hash_descriptor.c \
+    libavb/avb_hashtree_descriptor.c \
+    libavb/avb_kernel_cmdline_descriptor.c \
+    libavb/avb_property_descriptor.c \
+    libavb/avb_rsa.c \
+    libavb/avb_sha256.c \
+    libavb/avb_sha512.c \
+    libavb/avb_slot_verify.c \
+    libavb/avb_util.c \
+    libavb/avb_vbmeta_image.c \
+    libavb/avb_version.c
+
 include $(CLEAR_VARS)
 LOCAL_SRC_FILES := avbtool
 LOCAL_MODULE_CLASS := EXECUTABLES
@@ -52,7 +71,8 @@ LOCAL_IS_HOST_MODULE := true
 LOCAL_MODULE := avbtool
 include $(BUILD_PREBUILT)
 
-# Build libavb for the target (for e.g. fs_mgr usage).
+# Build libavb for the target - this is a static library that depends
+# on only libc and doesn't drag in any other dependencies.
 include $(CLEAR_VARS)
 LOCAL_MODULE := libavb
 LOCAL_MODULE_HOST_OS := linux
@@ -61,23 +81,30 @@ LOCAL_CLANG := true
 LOCAL_CFLAGS := $(avb_common_cflags) -DAVB_ENABLE_DEBUG -DAVB_COMPILATION
 LOCAL_LDFLAGS := $(avb_common_ldflags)
 LOCAL_SRC_FILES := \
-    libavb/avb_chain_partition_descriptor.c \
-    libavb/avb_crc32.c \
-    libavb/avb_crypto.c \
-    libavb/avb_descriptor.c \
-    libavb/avb_footer.c \
-    libavb/avb_hash_descriptor.c \
-    libavb/avb_hashtree_descriptor.c \
-    libavb/avb_kernel_cmdline_descriptor.c \
-    libavb/avb_property_descriptor.c \
-    libavb/avb_rsa.c \
-    libavb/avb_sha256.c \
-    libavb/avb_sha512.c \
-    libavb/avb_slot_verify.c \
+    $(libavb_sources) \
+    libavb/avb_sysdeps_posix.c
+include $(BUILD_STATIC_LIBRARY)
+
+# Build libavb_user for the target - in addition to libavb, it
+# includes libavb_ab, libavb_user and also depends on libbase and
+# libfs_mgr.
+include $(CLEAR_VARS)
+LOCAL_MODULE := libavb_user
+LOCAL_MODULE_HOST_OS := linux
+LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)
+LOCAL_CLANG := true
+LOCAL_CFLAGS := $(avb_common_cflags) -DAVB_ENABLE_DEBUG -DAVB_COMPILATION
+LOCAL_LDFLAGS := $(avb_common_ldflags)
+LOCAL_SHARED_LIBRARIES := \
+    libbase
+LOCAL_STATIC_LIBRARIES := \
+    libfs_mgr
+LOCAL_SRC_FILES := \
+    $(libavb_sources) \
     libavb/avb_sysdeps_posix.c \
-    libavb/avb_util.c \
-    libavb/avb_vbmeta_image.c \
-    libavb/avb_version.c
+    libavb_ab/avb_ab_flow.c \
+    libavb_user/avb_ops_user.c \
+    libavb_user/avb_user_verity.c
 include $(BUILD_STATIC_LIBRARY)
 
 # Build avbctl for the target.
@@ -91,18 +118,11 @@ LOCAL_CFLAGS := $(avb_common_cflags) -DAVB_COMPILATION -DAVB_ENABLE_DEBUG
 LOCAL_CPPFLAGS := $(avb_common_cppflags)
 LOCAL_LDFLAGS := $(avb_common_ldflags)
 LOCAL_STATIC_LIBRARIES := \
-    libavb \
+    libavb_user \
     libfs_mgr
 LOCAL_SHARED_LIBRARIES := \
-    libbase \
-    libhidlbase \
-    libhidltransport \
-    libhwbinder \
-    libutils \
-    [email protected]
+    libbase
 LOCAL_SRC_FILES := \
-    libavb_ab/avb_ab_flow.c \
-    libavb_user/avb_ops_user.c \
     tools/avbctl/avbctl.cc
 include $(BUILD_EXECUTABLE)
 
@@ -116,21 +136,7 @@ LOCAL_CLANG := true
 LOCAL_CFLAGS := $(avb_common_cflags) -fno-stack-protector -DAVB_ENABLE_DEBUG -DAVB_COMPILATION
 LOCAL_LDFLAGS := $(avb_common_ldflags)
 LOCAL_SRC_FILES := \
-    libavb/avb_chain_partition_descriptor.c \
-    libavb/avb_crc32.c \
-    libavb/avb_crypto.c \
-    libavb/avb_descriptor.c \
-    libavb/avb_footer.c \
-    libavb/avb_hash_descriptor.c \
-    libavb/avb_hashtree_descriptor.c \
-    libavb/avb_kernel_cmdline_descriptor.c \
-    libavb/avb_property_descriptor.c \
-    libavb/avb_rsa.c \
-    libavb/avb_sha256.c \
-    libavb/avb_sha512.c \
-    libavb/avb_slot_verify.c \
-    libavb/avb_util.c \
-    libavb/avb_vbmeta_image.c \
+    $(libavb_sources) \
     libavb/avb_version.c
 include $(BUILD_HOST_STATIC_LIBRARY)
 
@@ -220,16 +226,17 @@ include $(BUILD_HOST_STATIC_LIBRARY)
 include $(CLEAR_VARS)
 LOCAL_MODULE := bootctrl.avb
 LOCAL_MODULE_RELATIVE_PATH := hw
-LOCAL_REQUIRED_MODULES := libavb
 LOCAL_SRC_FILES := \
-    libavb_ab/avb_ab_flow.c \
-    libavb_user/avb_ops_user.c \
     boot_control/boot_control_avb.c
 LOCAL_CLANG := true
 LOCAL_CFLAGS := $(avb_common_cflags) -DAVB_COMPILATION
 LOCAL_LDFLAGS := $(avb_common_ldflags)
-LOCAL_SHARED_LIBRARIES := libbase libcutils
-LOCAL_STATIC_LIBRARIES := libfs_mgr libavb
+LOCAL_SHARED_LIBRARIES := \
+    libbase \
+    libcutils
+LOCAL_STATIC_LIBRARIES := \
+    libavb_user \
+    libfs_mgr
 LOCAL_POST_INSTALL_CMD := \
 	$(hide) mkdir -p $(TARGET_OUT_SHARED_LIBRARIES)/hw && \
 	ln -sf bootctrl.avb.so $(TARGET_OUT_SHARED_LIBRARIES)/hw/bootctrl.default.so

libavb_user/avb_ops_user.c

@@ -221,6 +221,51 @@ static AvbIOResult write_to_partition(AvbOps* ops,
   return ret;
 }
 
+static AvbIOResult validate_vbmeta_public_key(
+    AvbOps* ops,
+    const uint8_t* public_key_data,
+    size_t public_key_length,
+    const uint8_t* public_key_metadata,
+    size_t public_key_metadata_length,
+    bool* out_is_trusted) {
+  if (out_is_trusted != NULL) {
+    *out_is_trusted = true;
+  }
+  return AVB_IO_RESULT_OK;
+}
+
+static AvbIOResult read_rollback_index(AvbOps* ops,
+                                       size_t rollback_index_location,
+                                       uint64_t* out_rollback_index) {
+  if (out_rollback_index != NULL) {
+    *out_rollback_index = 0;
+  }
+  return AVB_IO_RESULT_OK;
+}
+
+static AvbIOResult write_rollback_index(AvbOps* ops,
+                                        size_t rollback_index_location,
+                                        uint64_t rollback_index) {
+  return AVB_IO_RESULT_OK;
+}
+
+static AvbIOResult read_is_device_unlocked(AvbOps* ops, bool* out_is_unlocked) {
+  if (out_is_unlocked != NULL) {
+    *out_is_unlocked = true;
+  }
+  return AVB_IO_RESULT_OK;
+}
+
+static AvbIOResult get_unique_guid_for_partition(AvbOps* ops,
+                                                 const char* partition,
+                                                 char* guid_buf,
+                                                 size_t guid_buf_size) {
+  if (guid_buf != NULL && guid_buf_size > 0) {
+    guid_buf[0] = '\0';
+  }
+  return AVB_IO_RESULT_OK;
+}
+
 AvbOps* avb_ops_user_new(void) {
   AvbOps* ops;
 
@@ -240,6 +285,11 @@ AvbOps* avb_ops_user_new(void) {
 
   ops->read_from_partition = read_from_partition;
   ops->write_to_partition = write_to_partition;
+  ops->validate_vbmeta_public_key = validate_vbmeta_public_key;
+  ops->read_rollback_index = read_rollback_index;
+  ops->write_rollback_index = write_rollback_index;
+  ops->read_is_device_unlocked = read_is_device_unlocked;
+  ops->get_unique_guid_for_partition = get_unique_guid_for_partition;
   ops->ab_ops->read_ab_metadata = avb_ab_data_read;
   ops->ab_ops->write_ab_metadata = avb_ab_data_write;
 

libavb_user/avb_ops_user.h

@@ -31,8 +31,29 @@
 extern "C" {
 #endif
 
-/* Allocates an AvbOps instance suitable for use in userspace on the
- * device. Returns NULL on OOM.
+/* Allocates an AvbOps instance suitable for use in Android userspace
+ * on the device. Returns NULL on OOM.
+ *
+ * The returned AvbOps has the following characteristics:
+ *
+ * - The read_from_partition() and write_to_partition() operations are
+ *   implemented, however for these operations to work the fstab file
+ *   on the device must have a /misc entry using a by-name device file
+ *   scheme and the containing by-name/ subdirectory must have files
+ *   for other partitions.
+ *
+ * - The remaining operations are implemented and never fails and
+ *   return the following values:
+ *   - validate_vbmeta_public_key(): always returns |true|.
+ *   - read_rollback_index(): returns 0 for any roolback index.
+ *   - write_rollback_index(): no-op.
+ *   - read_is_device_unlocked(): always returns |true|.
+ *   - get_unique_guid_for_partition(): always returns the empty string.
+ *
+ * - The |ab_ops| member will point to a valid AvbABOps instance
+ *   implemented via libavb_ab/. This should only be used if the AVB
+ *   A/B stack is used on the device. This is what is used in
+ *   bootctrl.avb boot control implementation.
  *
  * Free with avb_ops_user_free().
  */