diff options
| author | Sami Tolvanen <samitolvanen@google.com> | 2014-11-07 10:20:02 -0800 |
|---|---|---|
| committer | Iliyan Malchev <malchev@google.com> | 2014-11-13 15:43:08 -0800 |
| commit | 72f0d92c722447e0c87cfe765516a7352db3d51a (patch) | |
| tree | f2e584aa196a335f39bff21c01f99c29cefc0e16 | |
| parent | 9573a13bbc015c555adff1e4e0fbef2a18963111 (diff) | |
| download | core-72f0d92c722447e0c87cfe765516a7352db3d51a.tar.gz | |
DO NOT MERGE: Do not mount devices with invalid verity metadata
The return value of read_verity_metadata is propagated to caller
even if the verity metadata is invalid, provided that it can be
read from the device. This results in devices with invalid verity
metadata signatures to be mounted normally, which is not desirable.
This change fixes the bug by changing the return value in case of
verification failure to FS_MGR_SETUP_VERITY_FAIL.
Bug: 15984840
Bug: 18120110
Change-Id: Ic29f37a23cb417c2538d60fb05de9dd310d50f4a
(cherry picked from commit c95e9da39660f278ace4b14d688dc6818d1a38bf)
| -rw-r--r-- | fs_mgr/fs_mgr_verity.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c index b2f493a75..a82db4ee3 100644 --- a/fs_mgr/fs_mgr_verity.c +++ b/fs_mgr/fs_mgr_verity.c @@ -376,7 +376,7 @@ static int set_verified_property(char *name) { int fs_mgr_setup_verity(struct fstab_rec *fstab) { - int retval = -1; + int retval = FS_MGR_SETUP_VERITY_FAIL; int fd = -1; char *verity_blk_name = 0; @@ -407,6 +407,8 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { goto out; } + retval = FS_MGR_SETUP_VERITY_FAIL; + // get the device mapper fd if ((fd = open("/dev/device-mapper", O_RDWR)) < 0) { ERROR("Error opening device mapper (%s)", strerror(errno)); |