ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "fs_mgr: allow disable dm-verity when the device is unlocked without metadata"

Browse source
This commit is contained in:
Treehugger Robot 2017-03-06 18:57:01 +00:00 committed by Gerrit Code Review
commit 17c84b2cca
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
fs_mgr/fs_mgr_verity.cpp
View file

@ -30,6 +30,7 @@
#include <unistd.h> #include <unistd.h>
#include <android-base/file.h> #include <android-base/file.h>
#include <android-base/properties.h>
#include <android-base/strings.h> #include <android-base/strings.h>
#include <android-base/unique_fd.h> #include <android-base/unique_fd.h>
#include <crypto_utils/android_pubkey.h> #include <crypto_utils/android_pubkey.h>
@ -874,6 +875,11 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev)
// read verity metadata // read verity metadata
if (fec_verity_get_metadata(f, &verity) < 0) { if (fec_verity_get_metadata(f, &verity) < 0) {
PERROR << "Failed to get verity metadata '" << fstab->blk_device << "'"; PERROR << "Failed to get verity metadata '" << fstab->blk_device << "'";
// Allow verity disabled when the device is unlocked without metadata
if ("0" == android::base::GetProperty("ro.boot.flash.locked", "")) {
retval = FS_MGR_SETUP_VERITY_DISABLED;
LWARNING << "Allow invalid metadata when the device is unlocked";
}
goto out; goto out;
} }