Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 21afa169 authored by Mark Salyzyn's avatar Mark Salyzyn
Browse files

fs_mgr: overlay drop redundant check 

fs_mgr_update_verity_state() provides the needed result, we do not
need to check verity state manually.

Caveat:

The open-coded verity check is not 100% redundant, as it ensures
that if /vendor is not mounted, where the device mount table resides
to aid in a correct enumeration of all verity-enabled mount points,
that /system is not accidentally overlay mounted on a verity checked
volume.  This is a unlikely corner condition.  A fix for this
condition in the future is to instead migrate this redundant
checking into fs_mgr_update_verity_state() since system is
considered ever present and can be blindly performed without the
required /system or / mount point entries in fstab.  Note that
the overlay logic is #ifdef'd out on user builds, so it is not
really a security or reliability issue on a release build.

Test: manual
Bug: 109821005
Change-Id: Ib4a7f9438b2a3cb008e263605a7a7647737c40f2
parent 4c67290d

fs_mgr/fs_mgr_overlayfs.cpp

+5 −11
Original line number Diff line number Diff line
@@ -556,17 +556,11 @@ std::vector<std::string> fs_mgr_candidate_list(const fstab* fstab, 
        return mounts;

    }



    // Manually check dm state because stunted fstab (w/o system as root) borken

    auto& dm = DeviceMapper::Instance();

    auto found = false;

    for (auto& system : {"system", "vroot"}) {

        if (dm.GetState(system) == DmDeviceState::INVALID) continue;

        std::vector<DeviceMapper::TargetInfo> table;

        found = !dm.GetTableStatus(system, &table) || table.empty() || table[0].data.empty() ||

                (table[0].data[0] == 'C') || (table[0].data[0] == 'V');

        if (found) break;

    }

    if (!found) mounts.emplace_back("/system");

    // We have a stunted fstab (w/o system or / ) passed in by the caller,

    // verity claims are assumed accurate because they are collected internally

    // from fs_mgr_fstab_default() from within fs_mgr_update_verity_state(),

    // Can (re)evaluate /system with impunity since we know it is ever-present.

    mounts.emplace_back("/system");

    return mounts;

}