Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 214f33b8 authored by Sami Tolvanen's avatar Sami Tolvanen
Browse files

Set underlying block device RO when enabling verity 

Currently, when verity is set up on a block device, the underlying
device is still accessible directly. Change the existing function
fs_set_blk_ro visible to other fs_mgr modules, change the behavior
to match the comment above the function definition, and call it to
disable write access to the block device when setting up verity.

Bug: 18609347
Change-Id: I7884175df15f9161174788d74d20a08e4cd472ca
parent be971215

fs_mgr/fs_mgr.c

+9 −6
Original line number Diff line number Diff line
@@ -185,19 +185,22 @@ static void remove_trailing_slashes(char *n) 
 * Mark the given block device as read-only, using the BLKROSET ioctl.

 * Return 0 on success, and -1 on error.

 */

static void fs_set_blk_ro(const char *blockdev)

int fs_mgr_set_blk_ro(const char *blockdev)

{

    int fd;

    int rc = -1;

    int ON = 1;



    fd = open(blockdev, O_RDONLY);

    fd = TEMP_FAILURE_RETRY(open(blockdev, O_RDONLY | O_CLOEXEC));

    if (fd < 0) {

        // should never happen

        return;

        return rc;

    }



    ioctl(fd, BLKROSET, &ON);

    close(fd);

    rc = ioctl(fd, BLKROSET, &ON);

    TEMP_FAILURE_RETRY(close(fd));



    return rc;

}



/*
@@ -223,7 +226,7 @@ static int __mount(const char *source, const char *target, const struct fstab_re 
    save_errno = errno;

    INFO("%s(source=%s,target=%s,type=%s)=%d\n", __func__, source, target, rec->fs_type, ret);

    if ((ret == 0) && (mountflags & MS_RDONLY) != 0) {

        fs_set_blk_ro(source);

        fs_mgr_set_blk_ro(source);

    }

    errno = save_errno;

    return ret;

fs_mgr/fs_mgr_priv.h

+2 −0
Original line number Diff line number Diff line
@@ -79,5 +79,7 @@ 


#define DM_BUF_SIZE 4096



int fs_mgr_set_blk_ro(const char *blockdev);



#endif /* __CORE_FS_MGR_PRIV_H */

fs_mgr/fs_mgr_verity.c

+3 −0
Original line number Diff line number Diff line
@@ -442,6 +442,9 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { 
        goto out;

    }



    // mark the underlying block device as read-only

    fs_mgr_set_blk_ro(fstab->blk_device);



    // assign the new verity block device as the block device

    free(fstab->blk_device);

    fstab->blk_device = verity_blk_name;