Detected whether Verified Boot (dm-verity) is active

This might help to warn people about possible boot loops. The detection logic might not be perfect yet, but it could be fine-tuned in the future.
rovo89 · Jan 16, 2018 · 2f93ef1 · 2f93ef1 · aryie · Jul 8, 2020
1 parent e5a2852
commit 2f93ef1
Show file tree

Hide file tree

Showing 5 changed files with 89 additions and 0 deletions.
diff --git a/app/src/main/java/de/robv/android/xposed/installer/installation/StatusInstallerFragment.java b/app/src/main/java/de/robv/android/xposed/installer/installation/StatusInstallerFragment.java
@@ -33,6 +33,7 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.lang.reflect.Method;
 import java.util.Set;
 
 import de.robv.android.xposed.installer.R;
@@ -111,6 +112,8 @@ public void onCheckedChanged(CompoundButton buttonView, boolean isChecked) {
         manufacturer.setText(getUIFramework());
         cpu.setText(FrameworkZips.ARCH);
 
+        determineVerifiedBootState(v);
+
         // Known issues
         refreshKnownIssue(v);
 
@@ -375,6 +378,34 @@ private String getUIFramework() {
         return manufacturer;
     }
 
+    private void determineVerifiedBootState(View v) {
+        try {
+            Class<?> c = Class.forName("android.os.SystemProperties");
+            Method m = c.getDeclaredMethod("get", String.class, String.class);
+            m.setAccessible(true);
+
+            String propSystemVerified = (String) m.invoke(null, "partition.system.verified", "0");
+            String propState = (String) m.invoke(null, "ro.boot.verifiedbootstate", "");
+            File fileDmVerityModule = new File("/sys/module/dm_verity");
+
+            boolean verified = !propSystemVerified.equals("0");
+            boolean detected = !propState.isEmpty() || fileDmVerityModule.exists();
+
+            TextView tv = v.findViewById(R.id.dmverity);
+            if (verified) {
+                tv.setText(R.string.verified_boot_active);
+                tv.setTextColor(getResources().getColor(R.color.warning));
+            } else if (detected) {
+                tv.setText(R.string.verified_boot_deactivated);
+                v.findViewById(R.id.dmverity_explanation).setVisibility(View.GONE);
+            } else {
+                v.findViewById(R.id.dmverity_row).setVisibility(View.GONE);
+            }
+        } catch (Exception e) {
+            Log.e(XposedApp.TAG, "Could not detect Verified Boot state", e);
+        }
+    }
+
     @UiThread
     private void refreshZipViews(View view) {
         LinearLayout zips = (LinearLayout) view.findViewById(R.id.zips);

diff --git a/app/src/main/res/drawable/ic_verified.xml b/app/src/main/res/drawable/ic_verified.xml
@@ -0,0 +1,9 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+        android:width="24dp"
+        android:height="24dp"
+        android:viewportWidth="24.0"
+        android:viewportHeight="24.0">
+    <path
+        android:fillColor="#757575"
+        android:pathData="M12,1L3,5v6c0,5.55 3.84,10.74 9,12 5.16,-1.26 9,-6.45 9,-12L21,5l-9,-4zM10,17l-4,-4 1.41,-1.41L10,14.17l6.59,-6.59L18,9l-8,8z"/>
+</vector>
diff --git a/app/src/main/res/layout/status_installer.xml b/app/src/main/res/layout/status_installer.xml
@@ -257,6 +257,49 @@
 
                         </LinearLayout>
 
+                        <LinearLayout
+                            android:id="@+id/dmverity_row"
+                            android:layout_width="fill_parent"
+                            android:layout_height="wrap_content"
+                            android:background="?android:attr/selectableItemBackground"
+                            android:clickable="true"
+                            android:gravity="center_vertical"
+                            android:orientation="horizontal"
+                            android:paddingLeft="16dp"
+                            android:paddingRight="16dp">
+
+                            <ImageView
+                                android:layout_width="24dp"
+                                android:layout_height="24dp"
+                                android:src="@drawable/ic_verified"/>
+
+                            <LinearLayout
+                                android:layout_width="fill_parent"
+                                android:layout_height="wrap_content"
+                                android:layout_marginLeft="32dp"
+                                android:layout_marginStart="32dp"
+                                android:orientation="vertical"
+                                android:paddingBottom="8dp"
+                                android:paddingTop="8dp">
+
+                                <TextView
+                                    android:id="@+id/dmverity"
+                                    android:layout_width="wrap_content"
+                                    android:layout_height="wrap_content"
+                                    android:textAppearance="@style/TextAppearance.AppCompat.Subhead"
+                                    tools:text="@string/verified_boot_deactivated"/>
+
+                                <TextView
+                                    android:id="@+id/dmverity_explanation"
+                                    android:layout_width="wrap_content"
+                                    android:layout_height="wrap_content"
+                                    android:text="@string/verified_boot_explanation"
+                                    android:textAppearance="@style/TextAppearance.AppCompat.Body1"/>
+
+                            </LinearLayout>
+
+                        </LinearLayout>
+
                     </LinearLayout>
 
                 </android.support.v7.widget.CardView>

diff --git a/app/src/main/res/values-de/strings.xml b/app/src/main/res/values-de/strings.xml
@@ -59,6 +59,9 @@
     <string name="framework_delete">Heruntergeladene Datei löschen</string>
     <string name="framework_zip_load_failed">Konnte die verfügbaren ZIPs nicht laden. Ziehe nach unten, um es erneut zu versuchen.</string>
     <string name="framework_no_zips">Keine passenden ZIPs gefunden, dein Gerät scheint derzeit nicht unterstützt zu sein.</string>
+    <string name="verified_boot_deactivated">Verified Boot ist deaktiviert</string>
+    <string name="verified_boot_active">Verified Boot ist aktiv</string>
+    <string name="verified_boot_explanation">Verified Boot (dm-verity) verhindert das Booten des Geräts, falls die System-Partition modifiziert ist.\n<b>Es wird nicht empfohlen, Xposed zu installieren!</b></string>
 
     <!-- File operations -->
     <string name="root_failed">Root-Zugriff fehlgeschlagen\n\nStelle sicher, dass das Gerät korrekt gerootet ist und Shell-Kommandos nicht blockiert werden.</string>

diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
@@ -62,6 +62,9 @@
     <string name="framework_delete">Delete downloaded file</string>
     <string name="framework_zip_load_failed">Could not load available ZIP files. Pull down to try again.</string>
     <string name="framework_no_zips">No matching ZIPs were found, it seems like your device is currently not supported.</string>
+    <string name="verified_boot_deactivated">Verified Boot is deactivated</string>
+    <string name="verified_boot_active">Verified Boot is active</string>
+    <string name="verified_boot_explanation">Verified Boot (dm-verity) prevents the device from booting if the system partition is modified.\n<b>Installing Xposed is not recommended!</b></string>
 
     <!-- File operations -->
     <string name="root_failed">Failed to get root access.\n\nMake sure your device is rooted properly and you have not blocked shell commands.</string>