diff options
| author | Sami Tolvanen <samitolvanen@google.com> | 2014-12-18 16:15:30 +0000 |
|---|---|---|
| committer | Sami Tolvanen <samitolvanen@google.com> | 2015-02-27 11:28:34 +0000 |
| commit | 214f33b8c095feedfdbaa680ff6ffb763f47d375 (patch) | |
| tree | f840f0deeaebc0a53ce6612106eed82b7ddcacdc | |
| parent | be9712156bdcf8cff774a78a3afdb0c562998c73 (diff) | |
| download | system_core-214f33b8c095feedfdbaa680ff6ffb763f47d375.zip system_core-214f33b8c095feedfdbaa680ff6ffb763f47d375.tar.gz system_core-214f33b8c095feedfdbaa680ff6ffb763f47d375.tar.bz2 | |
Set underlying block device RO when enabling verity
Currently, when verity is set up on a block device, the underlying
device is still accessible directly. Change the existing function
fs_set_blk_ro visible to other fs_mgr modules, change the behavior
to match the comment above the function definition, and call it to
disable write access to the block device when setting up verity.
Bug: 18609347
Change-Id: I7884175df15f9161174788d74d20a08e4cd472ca
| -rw-r--r-- | fs_mgr/fs_mgr.c | 15 | ||||
| -rw-r--r-- | fs_mgr/fs_mgr_priv.h | 2 | ||||
| -rw-r--r-- | fs_mgr/fs_mgr_verity.c | 3 |
3 files changed, 14 insertions, 6 deletions
diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c index a1391e0..f9a6ba2 100644 --- a/fs_mgr/fs_mgr.c +++ b/fs_mgr/fs_mgr.c @@ -185,19 +185,22 @@ static void remove_trailing_slashes(char *n) * Mark the given block device as read-only, using the BLKROSET ioctl. * Return 0 on success, and -1 on error. */ -static void fs_set_blk_ro(const char *blockdev) +int fs_mgr_set_blk_ro(const char *blockdev) { int fd; + int rc = -1; int ON = 1; - fd = open(blockdev, O_RDONLY); + fd = TEMP_FAILURE_RETRY(open(blockdev, O_RDONLY | O_CLOEXEC)); if (fd < 0) { // should never happen - return; + return rc; } - ioctl(fd, BLKROSET, &ON); - close(fd); + rc = ioctl(fd, BLKROSET, &ON); + TEMP_FAILURE_RETRY(close(fd)); + + return rc; } /* @@ -223,7 +226,7 @@ static int __mount(const char *source, const char *target, const struct fstab_re save_errno = errno; INFO("%s(source=%s,target=%s,type=%s)=%d\n", __func__, source, target, rec->fs_type, ret); if ((ret == 0) && (mountflags & MS_RDONLY) != 0) { - fs_set_blk_ro(source); + fs_mgr_set_blk_ro(source); } errno = save_errno; return ret; diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h index 4ba6f92..88a1040 100644 --- a/fs_mgr/fs_mgr_priv.h +++ b/fs_mgr/fs_mgr_priv.h @@ -79,5 +79,7 @@ #define DM_BUF_SIZE 4096 +int fs_mgr_set_blk_ro(const char *blockdev); + #endif /* __CORE_FS_MGR_PRIV_H */ diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c index 4683acb..db63bcc 100644 --- a/fs_mgr/fs_mgr_verity.c +++ b/fs_mgr/fs_mgr_verity.c @@ -442,6 +442,9 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { goto out; } + // mark the underlying block device as read-only + fs_mgr_set_blk_ro(fstab->blk_device); + // assign the new verity block device as the block device free(fstab->blk_device); fstab->blk_device = verity_blk_name; |