1*d289c2baSAndroid Build Coastguard Worker /*
2*d289c2baSAndroid Build Coastguard Worker * Copyright (C) 2017 The Android Open Source Project
3*d289c2baSAndroid Build Coastguard Worker *
4*d289c2baSAndroid Build Coastguard Worker * Permission is hereby granted, free of charge, to any person
5*d289c2baSAndroid Build Coastguard Worker * obtaining a copy of this software and associated documentation
6*d289c2baSAndroid Build Coastguard Worker * files (the "Software"), to deal in the Software without
7*d289c2baSAndroid Build Coastguard Worker * restriction, including without limitation the rights to use, copy,
8*d289c2baSAndroid Build Coastguard Worker * modify, merge, publish, distribute, sublicense, and/or sell copies
9*d289c2baSAndroid Build Coastguard Worker * of the Software, and to permit persons to whom the Software is
10*d289c2baSAndroid Build Coastguard Worker * furnished to do so, subject to the following conditions:
11*d289c2baSAndroid Build Coastguard Worker *
12*d289c2baSAndroid Build Coastguard Worker * The above copyright notice and this permission notice shall be
13*d289c2baSAndroid Build Coastguard Worker * included in all copies or substantial portions of the Software.
14*d289c2baSAndroid Build Coastguard Worker *
15*d289c2baSAndroid Build Coastguard Worker * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16*d289c2baSAndroid Build Coastguard Worker * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17*d289c2baSAndroid Build Coastguard Worker * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18*d289c2baSAndroid Build Coastguard Worker * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19*d289c2baSAndroid Build Coastguard Worker * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20*d289c2baSAndroid Build Coastguard Worker * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21*d289c2baSAndroid Build Coastguard Worker * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22*d289c2baSAndroid Build Coastguard Worker * SOFTWARE.
23*d289c2baSAndroid Build Coastguard Worker */
24*d289c2baSAndroid Build Coastguard Worker
25*d289c2baSAndroid Build Coastguard Worker #include <stdio.h>
26*d289c2baSAndroid Build Coastguard Worker #include <string.h>
27*d289c2baSAndroid Build Coastguard Worker #include <sysexits.h>
28*d289c2baSAndroid Build Coastguard Worker
29*d289c2baSAndroid Build Coastguard Worker #include <android-base/properties.h>
30*d289c2baSAndroid Build Coastguard Worker
31*d289c2baSAndroid Build Coastguard Worker #include <libavb_user/libavb_user.h>
32*d289c2baSAndroid Build Coastguard Worker
33*d289c2baSAndroid Build Coastguard Worker namespace {
34*d289c2baSAndroid Build Coastguard Worker
35*d289c2baSAndroid Build Coastguard Worker static bool g_opt_force = false;
36*d289c2baSAndroid Build Coastguard Worker
37*d289c2baSAndroid Build Coastguard Worker /* Prints program usage to |where|. */
usage(FILE * where,int,char * argv[])38*d289c2baSAndroid Build Coastguard Worker void usage(FILE* where, int /* argc */, char* argv[]) {
39*d289c2baSAndroid Build Coastguard Worker fprintf(where,
40*d289c2baSAndroid Build Coastguard Worker "%s - command-line tool for AVB.\n"
41*d289c2baSAndroid Build Coastguard Worker "\n"
42*d289c2baSAndroid Build Coastguard Worker "Usage:\n"
43*d289c2baSAndroid Build Coastguard Worker " %s [--force] COMMAND\n"
44*d289c2baSAndroid Build Coastguard Worker "\n"
45*d289c2baSAndroid Build Coastguard Worker "Commands:\n"
46*d289c2baSAndroid Build Coastguard Worker " %s get-verity - Prints whether verity is enabled in "
47*d289c2baSAndroid Build Coastguard Worker "current slot.\n"
48*d289c2baSAndroid Build Coastguard Worker " %s disable-verity - Disable verity in current slot.\n"
49*d289c2baSAndroid Build Coastguard Worker " %s enable-verity - Enable verity in current slot.\n"
50*d289c2baSAndroid Build Coastguard Worker " %s get-verification - Prints whether verification is enabled "
51*d289c2baSAndroid Build Coastguard Worker "in current slot.\n"
52*d289c2baSAndroid Build Coastguard Worker " %s disable-verification - Disable verification in current slot.\n"
53*d289c2baSAndroid Build Coastguard Worker " %s enable-verification - Enable verification in current slot.\n",
54*d289c2baSAndroid Build Coastguard Worker argv[0],
55*d289c2baSAndroid Build Coastguard Worker argv[0],
56*d289c2baSAndroid Build Coastguard Worker argv[0],
57*d289c2baSAndroid Build Coastguard Worker argv[0],
58*d289c2baSAndroid Build Coastguard Worker argv[0],
59*d289c2baSAndroid Build Coastguard Worker argv[0],
60*d289c2baSAndroid Build Coastguard Worker argv[0],
61*d289c2baSAndroid Build Coastguard Worker argv[0]);
62*d289c2baSAndroid Build Coastguard Worker }
63*d289c2baSAndroid Build Coastguard Worker
64*d289c2baSAndroid Build Coastguard Worker /* Returns true if device is in LOCKED mode and --force wasn't
65*d289c2baSAndroid Build Coastguard Worker * passed. In this case also prints diagnostic message to stderr as a
66*d289c2baSAndroid Build Coastguard Worker * side-effect.
67*d289c2baSAndroid Build Coastguard Worker */
is_locked_and_not_forced()68*d289c2baSAndroid Build Coastguard Worker bool is_locked_and_not_forced() {
69*d289c2baSAndroid Build Coastguard Worker std::string device_state;
70*d289c2baSAndroid Build Coastguard Worker
71*d289c2baSAndroid Build Coastguard Worker device_state = android::base::GetProperty("ro.boot.vbmeta.device_state", "");
72*d289c2baSAndroid Build Coastguard Worker if (device_state == "locked" && !g_opt_force) {
73*d289c2baSAndroid Build Coastguard Worker fprintf(stderr,
74*d289c2baSAndroid Build Coastguard Worker "Manipulating vbmeta on a LOCKED device will likely cause the\n"
75*d289c2baSAndroid Build Coastguard Worker "device to fail booting with little chance of recovery.\n"
76*d289c2baSAndroid Build Coastguard Worker "\n"
77*d289c2baSAndroid Build Coastguard Worker "If you really want to do this, use the --force option.\n"
78*d289c2baSAndroid Build Coastguard Worker "\n"
79*d289c2baSAndroid Build Coastguard Worker "ONLY DO THIS IF YOU KNOW WHAT YOU ARE DOING.\n"
80*d289c2baSAndroid Build Coastguard Worker "\n");
81*d289c2baSAndroid Build Coastguard Worker return false;
82*d289c2baSAndroid Build Coastguard Worker }
83*d289c2baSAndroid Build Coastguard Worker
84*d289c2baSAndroid Build Coastguard Worker return true;
85*d289c2baSAndroid Build Coastguard Worker }
86*d289c2baSAndroid Build Coastguard Worker
87*d289c2baSAndroid Build Coastguard Worker /* Function to enable and disable verification. The |ops| parameter
88*d289c2baSAndroid Build Coastguard Worker * should be an |AvbOps| from libavb_user.
89*d289c2baSAndroid Build Coastguard Worker */
do_set_verification(AvbOps * ops,const std::string & ab_suffix,bool enable_verification)90*d289c2baSAndroid Build Coastguard Worker int do_set_verification(AvbOps* ops,
91*d289c2baSAndroid Build Coastguard Worker const std::string& ab_suffix,
92*d289c2baSAndroid Build Coastguard Worker bool enable_verification) {
93*d289c2baSAndroid Build Coastguard Worker bool verification_enabled;
94*d289c2baSAndroid Build Coastguard Worker
95*d289c2baSAndroid Build Coastguard Worker if (!avb_user_verification_get(
96*d289c2baSAndroid Build Coastguard Worker ops, ab_suffix.c_str(), &verification_enabled)) {
97*d289c2baSAndroid Build Coastguard Worker fprintf(stderr, "Error getting whether verification is enabled.\n");
98*d289c2baSAndroid Build Coastguard Worker return EX_SOFTWARE;
99*d289c2baSAndroid Build Coastguard Worker }
100*d289c2baSAndroid Build Coastguard Worker
101*d289c2baSAndroid Build Coastguard Worker if ((verification_enabled && enable_verification) ||
102*d289c2baSAndroid Build Coastguard Worker (!verification_enabled && !enable_verification)) {
103*d289c2baSAndroid Build Coastguard Worker fprintf(stdout,
104*d289c2baSAndroid Build Coastguard Worker "verification is already %s",
105*d289c2baSAndroid Build Coastguard Worker verification_enabled ? "enabled" : "disabled");
106*d289c2baSAndroid Build Coastguard Worker if (ab_suffix != "") {
107*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, " on slot with suffix %s", ab_suffix.c_str());
108*d289c2baSAndroid Build Coastguard Worker }
109*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, ".\n");
110*d289c2baSAndroid Build Coastguard Worker return EX_OK;
111*d289c2baSAndroid Build Coastguard Worker }
112*d289c2baSAndroid Build Coastguard Worker
113*d289c2baSAndroid Build Coastguard Worker if (!is_locked_and_not_forced()) {
114*d289c2baSAndroid Build Coastguard Worker return EX_NOPERM;
115*d289c2baSAndroid Build Coastguard Worker }
116*d289c2baSAndroid Build Coastguard Worker
117*d289c2baSAndroid Build Coastguard Worker if (!avb_user_verification_set(ops, ab_suffix.c_str(), enable_verification)) {
118*d289c2baSAndroid Build Coastguard Worker fprintf(stderr, "Error setting verification.\n");
119*d289c2baSAndroid Build Coastguard Worker return EX_SOFTWARE;
120*d289c2baSAndroid Build Coastguard Worker }
121*d289c2baSAndroid Build Coastguard Worker
122*d289c2baSAndroid Build Coastguard Worker fprintf(stdout,
123*d289c2baSAndroid Build Coastguard Worker "Successfully %s verification",
124*d289c2baSAndroid Build Coastguard Worker enable_verification ? "enabled" : "disabled");
125*d289c2baSAndroid Build Coastguard Worker if (ab_suffix != "") {
126*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, " on slot with suffix %s", ab_suffix.c_str());
127*d289c2baSAndroid Build Coastguard Worker }
128*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, ". Reboot the device for changes to take effect.\n");
129*d289c2baSAndroid Build Coastguard Worker
130*d289c2baSAndroid Build Coastguard Worker return EX_OK;
131*d289c2baSAndroid Build Coastguard Worker }
132*d289c2baSAndroid Build Coastguard Worker
133*d289c2baSAndroid Build Coastguard Worker /* Function to query if verification. The |ops| parameter should be an
134*d289c2baSAndroid Build Coastguard Worker * |AvbOps| from libavb_user.
135*d289c2baSAndroid Build Coastguard Worker */
do_get_verification(AvbOps * ops,const std::string & ab_suffix)136*d289c2baSAndroid Build Coastguard Worker int do_get_verification(AvbOps* ops, const std::string& ab_suffix) {
137*d289c2baSAndroid Build Coastguard Worker bool verification_enabled;
138*d289c2baSAndroid Build Coastguard Worker
139*d289c2baSAndroid Build Coastguard Worker if (!avb_user_verification_get(
140*d289c2baSAndroid Build Coastguard Worker ops, ab_suffix.c_str(), &verification_enabled)) {
141*d289c2baSAndroid Build Coastguard Worker fprintf(stderr, "Error getting whether verification is enabled.\n");
142*d289c2baSAndroid Build Coastguard Worker return EX_SOFTWARE;
143*d289c2baSAndroid Build Coastguard Worker }
144*d289c2baSAndroid Build Coastguard Worker
145*d289c2baSAndroid Build Coastguard Worker fprintf(stdout,
146*d289c2baSAndroid Build Coastguard Worker "verification is %s",
147*d289c2baSAndroid Build Coastguard Worker verification_enabled ? "enabled" : "disabled");
148*d289c2baSAndroid Build Coastguard Worker if (ab_suffix != "") {
149*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, " on slot with suffix %s", ab_suffix.c_str());
150*d289c2baSAndroid Build Coastguard Worker }
151*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, ".\n");
152*d289c2baSAndroid Build Coastguard Worker
153*d289c2baSAndroid Build Coastguard Worker return EX_OK;
154*d289c2baSAndroid Build Coastguard Worker }
155*d289c2baSAndroid Build Coastguard Worker
156*d289c2baSAndroid Build Coastguard Worker /* Function to enable and disable dm-verity. The |ops| parameter
157*d289c2baSAndroid Build Coastguard Worker * should be an |AvbOps| from libavb_user.
158*d289c2baSAndroid Build Coastguard Worker */
do_set_verity(AvbOps * ops,const std::string & ab_suffix,bool enable_verity)159*d289c2baSAndroid Build Coastguard Worker int do_set_verity(AvbOps* ops,
160*d289c2baSAndroid Build Coastguard Worker const std::string& ab_suffix,
161*d289c2baSAndroid Build Coastguard Worker bool enable_verity) {
162*d289c2baSAndroid Build Coastguard Worker bool verity_enabled;
163*d289c2baSAndroid Build Coastguard Worker
164*d289c2baSAndroid Build Coastguard Worker if (!avb_user_verity_get(ops, ab_suffix.c_str(), &verity_enabled)) {
165*d289c2baSAndroid Build Coastguard Worker fprintf(stderr, "Error getting whether verity is enabled.\n");
166*d289c2baSAndroid Build Coastguard Worker return EX_SOFTWARE;
167*d289c2baSAndroid Build Coastguard Worker }
168*d289c2baSAndroid Build Coastguard Worker
169*d289c2baSAndroid Build Coastguard Worker if ((verity_enabled && enable_verity) ||
170*d289c2baSAndroid Build Coastguard Worker (!verity_enabled && !enable_verity)) {
171*d289c2baSAndroid Build Coastguard Worker fprintf(stdout,
172*d289c2baSAndroid Build Coastguard Worker "verity is already %s",
173*d289c2baSAndroid Build Coastguard Worker verity_enabled ? "enabled" : "disabled");
174*d289c2baSAndroid Build Coastguard Worker if (ab_suffix != "") {
175*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, " on slot with suffix %s", ab_suffix.c_str());
176*d289c2baSAndroid Build Coastguard Worker }
177*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, ".\n");
178*d289c2baSAndroid Build Coastguard Worker return EX_OK;
179*d289c2baSAndroid Build Coastguard Worker }
180*d289c2baSAndroid Build Coastguard Worker
181*d289c2baSAndroid Build Coastguard Worker if (!is_locked_and_not_forced()) {
182*d289c2baSAndroid Build Coastguard Worker return EX_NOPERM;
183*d289c2baSAndroid Build Coastguard Worker }
184*d289c2baSAndroid Build Coastguard Worker
185*d289c2baSAndroid Build Coastguard Worker if (!avb_user_verity_set(ops, ab_suffix.c_str(), enable_verity)) {
186*d289c2baSAndroid Build Coastguard Worker fprintf(stderr, "Error setting verity.\n");
187*d289c2baSAndroid Build Coastguard Worker return EX_SOFTWARE;
188*d289c2baSAndroid Build Coastguard Worker }
189*d289c2baSAndroid Build Coastguard Worker
190*d289c2baSAndroid Build Coastguard Worker fprintf(
191*d289c2baSAndroid Build Coastguard Worker stdout, "Successfully %s verity", enable_verity ? "enabled" : "disabled");
192*d289c2baSAndroid Build Coastguard Worker if (ab_suffix != "") {
193*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, " on slot with suffix %s", ab_suffix.c_str());
194*d289c2baSAndroid Build Coastguard Worker }
195*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, ". Reboot the device for changes to take effect.\n");
196*d289c2baSAndroid Build Coastguard Worker
197*d289c2baSAndroid Build Coastguard Worker return EX_OK;
198*d289c2baSAndroid Build Coastguard Worker }
199*d289c2baSAndroid Build Coastguard Worker
200*d289c2baSAndroid Build Coastguard Worker /* Function to query if dm-verity is enabled. The |ops| parameter
201*d289c2baSAndroid Build Coastguard Worker * should be an |AvbOps| from libavb_user.
202*d289c2baSAndroid Build Coastguard Worker */
do_get_verity(AvbOps * ops,const std::string & ab_suffix)203*d289c2baSAndroid Build Coastguard Worker int do_get_verity(AvbOps* ops, const std::string& ab_suffix) {
204*d289c2baSAndroid Build Coastguard Worker bool verity_enabled;
205*d289c2baSAndroid Build Coastguard Worker
206*d289c2baSAndroid Build Coastguard Worker if (!avb_user_verity_get(ops, ab_suffix.c_str(), &verity_enabled)) {
207*d289c2baSAndroid Build Coastguard Worker fprintf(stderr, "Error getting whether verity is enabled.\n");
208*d289c2baSAndroid Build Coastguard Worker return EX_SOFTWARE;
209*d289c2baSAndroid Build Coastguard Worker }
210*d289c2baSAndroid Build Coastguard Worker
211*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, "verity is %s", verity_enabled ? "enabled" : "disabled");
212*d289c2baSAndroid Build Coastguard Worker if (ab_suffix != "") {
213*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, " on slot with suffix %s", ab_suffix.c_str());
214*d289c2baSAndroid Build Coastguard Worker }
215*d289c2baSAndroid Build Coastguard Worker fprintf(stdout, ".\n");
216*d289c2baSAndroid Build Coastguard Worker
217*d289c2baSAndroid Build Coastguard Worker return EX_OK;
218*d289c2baSAndroid Build Coastguard Worker }
219*d289c2baSAndroid Build Coastguard Worker
220*d289c2baSAndroid Build Coastguard Worker /* Helper function to get A/B suffix, if any. If the device isn't
221*d289c2baSAndroid Build Coastguard Worker * using A/B the empty string is returned. Otherwise either "_a",
222*d289c2baSAndroid Build Coastguard Worker * "_b", ... is returned.
223*d289c2baSAndroid Build Coastguard Worker */
get_ab_suffix()224*d289c2baSAndroid Build Coastguard Worker std::string get_ab_suffix() {
225*d289c2baSAndroid Build Coastguard Worker return android::base::GetProperty("ro.boot.slot_suffix", "");
226*d289c2baSAndroid Build Coastguard Worker }
227*d289c2baSAndroid Build Coastguard Worker
228*d289c2baSAndroid Build Coastguard Worker } // namespace
229*d289c2baSAndroid Build Coastguard Worker
230*d289c2baSAndroid Build Coastguard Worker enum class Command {
231*d289c2baSAndroid Build Coastguard Worker kNone,
232*d289c2baSAndroid Build Coastguard Worker kDisableVerity,
233*d289c2baSAndroid Build Coastguard Worker kEnableVerity,
234*d289c2baSAndroid Build Coastguard Worker kGetVerity,
235*d289c2baSAndroid Build Coastguard Worker kDisableVerification,
236*d289c2baSAndroid Build Coastguard Worker kEnableVerification,
237*d289c2baSAndroid Build Coastguard Worker kGetVerification,
238*d289c2baSAndroid Build Coastguard Worker };
239*d289c2baSAndroid Build Coastguard Worker
main(int argc,char * argv[])240*d289c2baSAndroid Build Coastguard Worker int main(int argc, char* argv[]) {
241*d289c2baSAndroid Build Coastguard Worker int ret;
242*d289c2baSAndroid Build Coastguard Worker AvbOps* ops = nullptr;
243*d289c2baSAndroid Build Coastguard Worker std::string ab_suffix = get_ab_suffix();
244*d289c2baSAndroid Build Coastguard Worker Command cmd = Command::kNone;
245*d289c2baSAndroid Build Coastguard Worker
246*d289c2baSAndroid Build Coastguard Worker if (argc < 2) {
247*d289c2baSAndroid Build Coastguard Worker usage(stderr, argc, argv);
248*d289c2baSAndroid Build Coastguard Worker ret = EX_USAGE;
249*d289c2baSAndroid Build Coastguard Worker goto out;
250*d289c2baSAndroid Build Coastguard Worker }
251*d289c2baSAndroid Build Coastguard Worker
252*d289c2baSAndroid Build Coastguard Worker ops = avb_ops_user_new();
253*d289c2baSAndroid Build Coastguard Worker if (ops == nullptr) {
254*d289c2baSAndroid Build Coastguard Worker fprintf(stderr, "Error getting AVB ops.\n");
255*d289c2baSAndroid Build Coastguard Worker ret = EX_SOFTWARE;
256*d289c2baSAndroid Build Coastguard Worker goto out;
257*d289c2baSAndroid Build Coastguard Worker }
258*d289c2baSAndroid Build Coastguard Worker
259*d289c2baSAndroid Build Coastguard Worker for (int n = 1; n < argc; n++) {
260*d289c2baSAndroid Build Coastguard Worker if (strcmp(argv[n], "--force") == 0) {
261*d289c2baSAndroid Build Coastguard Worker g_opt_force = true;
262*d289c2baSAndroid Build Coastguard Worker } else if (strcmp(argv[n], "disable-verity") == 0) {
263*d289c2baSAndroid Build Coastguard Worker cmd = Command::kDisableVerity;
264*d289c2baSAndroid Build Coastguard Worker } else if (strcmp(argv[n], "enable-verity") == 0) {
265*d289c2baSAndroid Build Coastguard Worker cmd = Command::kEnableVerity;
266*d289c2baSAndroid Build Coastguard Worker } else if (strcmp(argv[n], "get-verity") == 0) {
267*d289c2baSAndroid Build Coastguard Worker cmd = Command::kGetVerity;
268*d289c2baSAndroid Build Coastguard Worker } else if (strcmp(argv[n], "disable-verification") == 0) {
269*d289c2baSAndroid Build Coastguard Worker cmd = Command::kDisableVerification;
270*d289c2baSAndroid Build Coastguard Worker } else if (strcmp(argv[n], "enable-verification") == 0) {
271*d289c2baSAndroid Build Coastguard Worker cmd = Command::kEnableVerification;
272*d289c2baSAndroid Build Coastguard Worker } else if (strcmp(argv[n], "get-verification") == 0) {
273*d289c2baSAndroid Build Coastguard Worker cmd = Command::kGetVerification;
274*d289c2baSAndroid Build Coastguard Worker }
275*d289c2baSAndroid Build Coastguard Worker }
276*d289c2baSAndroid Build Coastguard Worker
277*d289c2baSAndroid Build Coastguard Worker switch (cmd) {
278*d289c2baSAndroid Build Coastguard Worker case Command::kNone:
279*d289c2baSAndroid Build Coastguard Worker usage(stderr, argc, argv);
280*d289c2baSAndroid Build Coastguard Worker ret = EX_USAGE;
281*d289c2baSAndroid Build Coastguard Worker break;
282*d289c2baSAndroid Build Coastguard Worker case Command::kDisableVerity:
283*d289c2baSAndroid Build Coastguard Worker ret = do_set_verity(ops, ab_suffix, false);
284*d289c2baSAndroid Build Coastguard Worker break;
285*d289c2baSAndroid Build Coastguard Worker case Command::kEnableVerity:
286*d289c2baSAndroid Build Coastguard Worker ret = do_set_verity(ops, ab_suffix, true);
287*d289c2baSAndroid Build Coastguard Worker break;
288*d289c2baSAndroid Build Coastguard Worker case Command::kGetVerity:
289*d289c2baSAndroid Build Coastguard Worker ret = do_get_verity(ops, ab_suffix);
290*d289c2baSAndroid Build Coastguard Worker break;
291*d289c2baSAndroid Build Coastguard Worker case Command::kDisableVerification:
292*d289c2baSAndroid Build Coastguard Worker ret = do_set_verification(ops, ab_suffix, false);
293*d289c2baSAndroid Build Coastguard Worker break;
294*d289c2baSAndroid Build Coastguard Worker case Command::kEnableVerification:
295*d289c2baSAndroid Build Coastguard Worker ret = do_set_verification(ops, ab_suffix, true);
296*d289c2baSAndroid Build Coastguard Worker break;
297*d289c2baSAndroid Build Coastguard Worker case Command::kGetVerification:
298*d289c2baSAndroid Build Coastguard Worker ret = do_get_verification(ops, ab_suffix);
299*d289c2baSAndroid Build Coastguard Worker break;
300*d289c2baSAndroid Build Coastguard Worker }
301*d289c2baSAndroid Build Coastguard Worker
302*d289c2baSAndroid Build Coastguard Worker out:
303*d289c2baSAndroid Build Coastguard Worker if (ops != nullptr) {
304*d289c2baSAndroid Build Coastguard Worker avb_ops_user_free(ops);
305*d289c2baSAndroid Build Coastguard Worker }
306*d289c2baSAndroid Build Coastguard Worker return ret;
307*d289c2baSAndroid Build Coastguard Worker }
308