Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ecfce13c authored by Hung-ying Tyan's avatar Hung-ying Tyan
Browse files

fs_mgr: add verify_dev flag to fs_mgr_setup_verity()

Bug: 33682519
Test: Tested on bullhead with https://android-review.googlesource.com/#/c/315463.
Change-Id: Ie12230c6f77a2834c179e44b59817292d58726f7
parent 3b261ace
Loading
Loading
Loading
Loading
+3 −3
Original line number Original line Diff line number Diff line
@@ -701,7 +701,7 @@ int fs_mgr_mount_all(struct fstab *fstab, int mount_mode)
        }
        }


        if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
        if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
            int rc = fs_mgr_setup_verity(&fstab->recs[i]);
            int rc = fs_mgr_setup_verity(&fstab->recs[i], true);
            if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
            if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
                INFO("Verity disabled");
                INFO("Verity disabled");
            } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
            } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
@@ -870,7 +870,7 @@ int fs_mgr_do_mount(struct fstab *fstab, char *n_name, char *n_blk_device,
        }
        }


        if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
        if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
            int rc = fs_mgr_setup_verity(&fstab->recs[i]);
            int rc = fs_mgr_setup_verity(&fstab->recs[i], true);
            if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
            if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
                INFO("Verity disabled");
                INFO("Verity disabled");
            } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
            } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
@@ -1086,7 +1086,7 @@ int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_dev
int fs_mgr_early_setup_verity(struct fstab_rec *fstab_rec)
int fs_mgr_early_setup_verity(struct fstab_rec *fstab_rec)
{
{
    if ((fstab_rec->fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
    if ((fstab_rec->fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
        int rc = fs_mgr_setup_verity(fstab_rec);
        int rc = fs_mgr_setup_verity(fstab_rec, false);
        if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
        if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
            INFO("Verity disabled");
            INFO("Verity disabled");
            return FS_MGR_EARLY_SETUP_VERITY_NO_VERITY;
            return FS_MGR_EARLY_SETUP_VERITY_NO_VERITY;
+1 −1
Original line number Original line Diff line number Diff line
@@ -22,6 +22,6 @@


__BEGIN_DECLS
__BEGIN_DECLS


int fs_mgr_setup_verity(struct fstab_rec *fstab);
int fs_mgr_setup_verity(struct fstab_rec *fstab, bool verify_dev);


__END_DECLS
__END_DECLS
+2 −2
Original line number Original line Diff line number Diff line
@@ -892,7 +892,7 @@ static void update_verity_table_blk_device(char *blk_device, char **table)
    *table = strdup(result.c_str());
    *table = strdup(result.c_str());
}
}


int fs_mgr_setup_verity(struct fstab_rec *fstab)
int fs_mgr_setup_verity(struct fstab_rec *fstab, bool verify_dev)
{
{
    int retval = FS_MGR_SETUP_VERITY_FAIL;
    int retval = FS_MGR_SETUP_VERITY_FAIL;
    int fd = -1;
    int fd = -1;
@@ -1043,7 +1043,7 @@ loaded:
    verity_blk_name = 0;
    verity_blk_name = 0;


    // make sure we've set everything up properly
    // make sure we've set everything up properly
    if (test_access(fstab->blk_device) < 0) {
    if (verify_dev && test_access(fstab->blk_device) < 0) {
        goto out;
        goto out;
    }
    }