ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "fs_mgr: validate corrected signatures" into nyc-dev

Browse source
This commit is contained in:
Sami Tolvanen 2016-06-07 00:01:55 +00:00 committed by Android (Google) Code Review
commit eacbb824c9
1 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
fs_mgr/fs_mgr_verity.cpp
View file

@ -150,6 +150,18 @@ out:
return retval; return retval;
} }
static int verify_verity_signature(const struct fec_verity_metadata& verity)
{
if (verify_table(verity.signature, verity.table,
verity.table_length) == 0 ||
verify_table(verity.ecc_signature, verity.table,
verity.table_length) == 0) {
return 0;
}
return -1;
}
static int invalidate_table(char *table, size_t table_length) static int invalidate_table(char *table, size_t table_length)
{ {
size_t n = 0; size_t n = 0;
@ -919,8 +931,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab)
} }
// verify the signature on the table // verify the signature on the table
if (verify_table(verity.signature, verity.table, if (verify_verity_signature(verity) < 0) {
verity.table_length) < 0) {
if (params.mode == VERITY_MODE_LOGGING) { if (params.mode == VERITY_MODE_LOGGING) {
// the user has been warned, allow mounting without dm-verity // the user has been warned, allow mounting without dm-verity
retval = FS_MGR_SETUP_VERITY_SUCCESS; retval = FS_MGR_SETUP_VERITY_SUCCESS;