Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ecfce13c authored by Hung-ying Tyan's avatar Hung-ying Tyan
Browse files

fs_mgr: add verify_dev flag to fs_mgr_setup_verity() 

Bug: 33682519
Test: Tested on bullhead with https://android-review.googlesource.com/#/c/315463.
Change-Id: Ie12230c6f77a2834c179e44b59817292d58726f7
parent 3b261ace

fs_mgr/fs_mgr.c

+3 −3
Original line number Original line Diff line number Diff line
@@ -701,7 +701,7 @@ int fs_mgr_mount_all(struct fstab *fstab, int mount_mode) 
        }

        }





        if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {

        if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {

            int rc = fs_mgr_setup_verity(&fstab->recs[i]);

            int rc = fs_mgr_setup_verity(&fstab->recs[i], true);

            if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {

            if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {

                INFO("Verity disabled");

                INFO("Verity disabled");

            } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {

            } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
@@ -870,7 +870,7 @@ int fs_mgr_do_mount(struct fstab *fstab, char *n_name, char *n_blk_device, 
        }

        }





        if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {

        if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {

            int rc = fs_mgr_setup_verity(&fstab->recs[i]);

            int rc = fs_mgr_setup_verity(&fstab->recs[i], true);

            if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {

            if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {

                INFO("Verity disabled");

                INFO("Verity disabled");

            } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {

            } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
@@ -1086,7 +1086,7 @@ int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_dev 
int fs_mgr_early_setup_verity(struct fstab_rec *fstab_rec)

int fs_mgr_early_setup_verity(struct fstab_rec *fstab_rec)

{

{

    if ((fstab_rec->fs_mgr_flags & MF_VERIFY) && device_is_secure()) {

    if ((fstab_rec->fs_mgr_flags & MF_VERIFY) && device_is_secure()) {

        int rc = fs_mgr_setup_verity(fstab_rec);

        int rc = fs_mgr_setup_verity(fstab_rec, false);

        if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {

        if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {

            INFO("Verity disabled");

            INFO("Verity disabled");

            return FS_MGR_EARLY_SETUP_VERITY_NO_VERITY;

            return FS_MGR_EARLY_SETUP_VERITY_NO_VERITY;

fs_mgr/fs_mgr_priv_verity.h

+1 −1
Original line number Original line Diff line number Diff line
@@ -22,6 +22,6 @@ 




__BEGIN_DECLS

__BEGIN_DECLS





int fs_mgr_setup_verity(struct fstab_rec *fstab);

int fs_mgr_setup_verity(struct fstab_rec *fstab, bool verify_dev);





__END_DECLS
 
__END_DECLS

fs_mgr/fs_mgr_verity.cpp

+2 −2
Original line number Original line Diff line number Diff line
@@ -892,7 +892,7 @@ static void update_verity_table_blk_device(char *blk_device, char **table) 
    *table = strdup(result.c_str());

    *table = strdup(result.c_str());

}

}





int fs_mgr_setup_verity(struct fstab_rec *fstab)

int fs_mgr_setup_verity(struct fstab_rec *fstab, bool verify_dev)

{

{

    int retval = FS_MGR_SETUP_VERITY_FAIL;

    int retval = FS_MGR_SETUP_VERITY_FAIL;

    int fd = -1;

    int fd = -1;
@@ -1043,7 +1043,7 @@ loaded: 
    verity_blk_name = 0;

    verity_blk_name = 0;





    // make sure we've set everything up properly

    // make sure we've set everything up properly

    if (test_access(fstab->blk_device) < 0) {

    if (verify_dev && test_access(fstab->blk_device) < 0) {

        goto out;

        goto out;

    }

    }