ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "fs_mgr: add verify_dev flag to fs_mgr_setup_verity()"

Browse source
This commit is contained in:
Treehugger Robot 2017-01-10 04:00:18 +00:00 committed by Gerrit Code Review
commit abc26ed753
3 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
fs_mgr/fs_mgr.c
View file

@ -701,7 +701,7 @@ int fs_mgr_mount_all(struct fstab *fstab, int mount_mode)
} }
if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) { if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
int rc = fs_mgr_setup_verity(&fstab->recs[i]); int rc = fs_mgr_setup_verity(&fstab->recs[i], true);
if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) { if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
INFO("Verity disabled"); INFO("Verity disabled");
} else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) { } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
@ -870,7 +870,7 @@ int fs_mgr_do_mount(struct fstab *fstab, char *n_name, char *n_blk_device,
} }
if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) { if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
int rc = fs_mgr_setup_verity(&fstab->recs[i]); int rc = fs_mgr_setup_verity(&fstab->recs[i], true);
if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) { if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
INFO("Verity disabled"); INFO("Verity disabled");
} else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) { } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
@ -1086,7 +1086,7 @@ int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_dev
int fs_mgr_early_setup_verity(struct fstab_rec *fstab_rec) int fs_mgr_early_setup_verity(struct fstab_rec *fstab_rec)
{ {
if ((fstab_rec->fs_mgr_flags & MF_VERIFY) && device_is_secure()) { if ((fstab_rec->fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
int rc = fs_mgr_setup_verity(fstab_rec); int rc = fs_mgr_setup_verity(fstab_rec, false);
if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) { if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
INFO("Verity disabled"); INFO("Verity disabled");
return FS_MGR_EARLY_SETUP_VERITY_NO_VERITY; return FS_MGR_EARLY_SETUP_VERITY_NO_VERITY;

2
fs_mgr/fs_mgr_priv_verity.h
View file

@ -22,6 +22,6 @@
__BEGIN_DECLS __BEGIN_DECLS
int fs_mgr_setup_verity(struct fstab_rec *fstab); int fs_mgr_setup_verity(struct fstab_rec *fstab, bool verify_dev);
__END_DECLS __END_DECLS

4
fs_mgr/fs_mgr_verity.cpp
View file

@ -892,7 +892,7 @@ static void update_verity_table_blk_device(char *blk_device, char **table)
*table = strdup(result.c_str()); *table = strdup(result.c_str());
} }
int fs_mgr_setup_verity(struct fstab_rec *fstab) int fs_mgr_setup_verity(struct fstab_rec *fstab, bool verify_dev)
{ {
int retval = FS_MGR_SETUP_VERITY_FAIL; int retval = FS_MGR_SETUP_VERITY_FAIL;
int fd = -1; int fd = -1;
@ -1043,7 +1043,7 @@ loaded:
verity_blk_name = 0; verity_blk_name = 0;
// make sure we've set everything up properly // make sure we've set everything up properly
if (test_access(fstab->blk_device) < 0) { if (verify_dev && test_access(fstab->blk_device) < 0) {
goto out; goto out;
} }