From 05ff38ba43eb7a882873312f12fc019b42f37b34 Mon Sep 17 00:00:00 2001 From: Sandeep Patil Date: Thu, 16 Feb 2017 17:04:11 -0800 Subject: [PATCH] init: early_mount: disallow partitions to be verified at boot While technically possible, the verification at boot basically will block init for as long as the entire partition is read while nothing else is running. Disallow that as this is not going to be used anywhere. Bug: 27805372 Test: boot angler with verifyatboot fs_mgr option for early mounted vendor partition. That resulted in a panic() as expected. Change-Id: I9da5caa163cae8bce6dbfb630f0ed5605ea044a0 Signed-off-by: Sandeep Patil --- fs_mgr/fs_mgr_fstab.cpp | 5 +++++ fs_mgr/include/fs_mgr.h | 1 + init/init.cpp | 8 ++++++++ 3 files changed, 14 insertions(+) diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp index 48ddf29e8..10e70d6e5 100644 --- a/fs_mgr/fs_mgr_fstab.cpp +++ b/fs_mgr/fs_mgr_fstab.cpp @@ -557,6 +557,11 @@ int fs_mgr_is_verified(const struct fstab_rec *fstab) return fstab->fs_mgr_flags & MF_VERIFY; } +int fs_mgr_is_verifyatboot(const struct fstab_rec *fstab) +{ + return fstab->fs_mgr_flags & MF_VERIFYATBOOT; +} + int fs_mgr_is_encryptable(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT | MF_FORCEFDEORFBE); diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h index 7b389cd1c..0402b5593 100644 --- a/fs_mgr/include/fs_mgr.h +++ b/fs_mgr/include/fs_mgr.h @@ -117,6 +117,7 @@ struct fstab_rec *fs_mgr_get_entry_for_mount_point(struct fstab *fstab, const ch int fs_mgr_is_voldmanaged(const struct fstab_rec *fstab); int fs_mgr_is_nonremovable(const struct fstab_rec *fstab); int fs_mgr_is_verified(const struct fstab_rec *fstab); +int fs_mgr_is_verifyatboot(const struct fstab_rec *fstab); int fs_mgr_is_encryptable(const struct fstab_rec *fstab); int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab); const char* fs_mgr_get_file_encryption_mode(const struct fstab_rec *fstab); diff --git a/init/init.cpp b/init/init.cpp index 702186cfa..2399f5c6f 100644 --- a/init/init.cpp +++ b/init/init.cpp @@ -799,6 +799,14 @@ static bool early_mount() { return true; } + // don't allow verifyatboot for early mounted partitions + if ((odm_rec && fs_mgr_is_verifyatboot(odm_rec)) || + (system_rec && fs_mgr_is_verifyatboot(system_rec)) || + (vendor_rec && fs_mgr_is_verifyatboot(vendor_rec))) { + LOG(ERROR) << "Early mount partitions can't be verified at boot"; + return false; + } + // assume A/B device if we find 'slotselect' in any fstab entry bool is_ab = ((odm_rec && fs_mgr_is_slotselect(odm_rec)) || (system_rec && fs_mgr_is_slotselect(system_rec)) ||