diff options
Diffstat (limited to 'fs_mgr/fs_mgr.c')
-rw-r--r-- | fs_mgr/fs_mgr.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c index 91e6c33..40878c1 100644 --- a/fs_mgr/fs_mgr.c +++ b/fs_mgr/fs_mgr.c @@ -245,6 +245,16 @@ static int device_is_debuggable() { return strcmp(value, "1") ? 0 : 1; } +static int device_is_secure() { + int ret = -1; + char value[PROP_VALUE_MAX]; + ret = __system_property_get("ro.secure", value); + /* If error, we want to fail secure */ + if (ret < 0) + return 1; + return strcmp(value, "0") ? 1 : 0; +} + /* * Tries to mount any of the consecutive fstab entries that match * the mountpoint of the one given by fstab->recs[start_idx]. @@ -350,9 +360,11 @@ int fs_mgr_mount_all(struct fstab *fstab) wait_for_file(fstab->recs[i].blk_device, WAIT_TIMEOUT); } - if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && - !device_is_debuggable()) { - if (fs_mgr_setup_verity(&fstab->recs[i]) < 0) { + if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) { + int rc = fs_mgr_setup_verity(&fstab->recs[i]); + if (device_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) { + INFO("Verity disabled"); + } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) { ERROR("Could not set up verified partition, skipping!\n"); continue; } @@ -467,9 +479,11 @@ int fs_mgr_do_mount(struct fstab *fstab, char *n_name, char *n_blk_device, fstab->recs[i].mount_point); } - if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && - !device_is_debuggable()) { - if (fs_mgr_setup_verity(&fstab->recs[i]) < 0) { + if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) { + int rc = fs_mgr_setup_verity(&fstab->recs[i]); + if (device_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) { + INFO("Verity disabled"); + } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) { ERROR("Could not set up verified partition, skipping!\n"); continue; } |