summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSami Tolvanen <samitolvanen@google.com>2014-11-07 10:20:02 -0800
committerSami Tolvanen <samitolvanen@google.com>2014-11-11 07:27:18 -0800
commitc95e9da39660f278ace4b14d688dc6818d1a38bf (patch)
tree0260a42e104064ad3b0cb8df3a092478d8b82993
parenta3465e250cfc3c00931735711e11ad61cf84d8b2 (diff)
downloadsystem_core-c95e9da39660f278ace4b14d688dc6818d1a38bf.zip
system_core-c95e9da39660f278ace4b14d688dc6818d1a38bf.tar.gz
system_core-c95e9da39660f278ace4b14d688dc6818d1a38bf.tar.bz2
Do not mount devices with invalid verity metadata
The return value of read_verity_metadata is propagated to caller even if the verity metadata is invalid, provided that it can be read from the device. This results in devices with invalid verity metadata signatures to be mounted normally, which is not desirable. This change fixes the bug by changing the return value in case of verification failure to FS_MGR_SETUP_VERITY_FAIL. Change-Id: Ic29f37a23cb417c2538d60fb05de9dd310d50f4a
Diffstat
-rw-r--r--fs_mgr/fs_mgr_verity.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c
index f02781c..51555a1 100644
--- a/fs_mgr/fs_mgr_verity.c
+++ b/fs_mgr/fs_mgr_verity.c
@@ -378,7 +378,7 @@ static int set_verified_property(char *name) {
int fs_mgr_setup_verity(struct fstab_rec *fstab) {
- int retval = -1;
+ int retval = FS_MGR_SETUP_VERITY_FAIL;
int fd = -1;
char *verity_blk_name = 0;
@@ -409,6 +409,8 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) {
goto out;
}
+ retval = FS_MGR_SETUP_VERITY_FAIL;
+
// get the device mapper fd
if ((fd = open("/dev/device-mapper", O_RDWR)) < 0) {
ERROR("Error opening device mapper (%s)", strerror(errno));
generated by cgit v1.1 at 2025-07-03 20:12:36 +0000