Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dd78ae75 authored by Prashant Malani's avatar Prashant Malani
Browse files

fs_mgr: Fix disable-verity for verifyatboot partitions 

This allows a remount to be performed on partitions which have been
verified at boot, without causing the verity service to complain of
"corrupted" blocks that could have been modified as a result of a
remount (while the verity checksum remained unchanged).

Bug: 32638755
Change-Id: I77cf7dd20ee5c5f5dac80f73f292e32583fe5906
parent b928a348

fs_mgr/fs_mgr_verity.cpp

+9 −5
Original line number Diff line number Diff line
@@ -833,7 +833,7 @@ int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback) 
    char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];

    const char *mount_point;

    char propbuf[PROPERTY_VALUE_MAX];

    char *status;

    const char *status;

    int fd = -1;

    int i;

    int mode;
@@ -883,10 +883,14 @@ int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback) 
        verity_ioctl_init(io, mount_point, 0);



        if (ioctl(fd, DM_TABLE_STATUS, io)) {

            if (fstab->recs[i].fs_mgr_flags & MF_VERIFYATBOOT) {

                status = "V";

            } else {

                ERROR("Failed to query DM_TABLE_STATUS for %s (%s)\n", mount_point,

                      strerror(errno));

                continue;

            }

        }



        status = &buffer[io->data_start + sizeof(struct dm_target_spec)];
@@ -945,11 +949,11 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) 
    struct fec_handle *f = NULL;

    struct fec_verity_metadata verity;

    struct verity_table_params params = { .table = NULL };

    bool verified_at_boot = false;



    alignas(dm_ioctl) char buffer[DM_BUF_SIZE];

    struct dm_ioctl *io = (struct dm_ioctl *) buffer;

    char *mount_point = basename(fstab->mount_point);

    bool verified_at_boot = false;



    if (fec_open(&f, fstab->blk_device, O_RDONLY, FEC_VERITY_DISABLE,

            FEC_DEFAULT_ROOTS) < 0) {