diff options
author | Sami Tolvanen <samitolvanen@google.com> | 2016-06-07 00:01:55 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2016-06-07 00:01:56 +0000 |
commit | eacbb824c9ee2ccec9e1de641d03e7370888eabc (patch) | |
tree | b3fb209978dd2d0e984b38f176fd62c7a8d9d6ef | |
parent | a6d56611404f2e1c0c9f4ab7c8471af0e80b2026 (diff) | |
parent | 830126637ae4e5198df075fba57c1e498624dab6 (diff) | |
download | core-eacbb824c9ee2ccec9e1de641d03e7370888eabc.tar.gz |
Merge "fs_mgr: validate corrected signatures" into nyc-dev
-rw-r--r-- | fs_mgr/fs_mgr_verity.cpp | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp index b5141c934..719096f9b 100644 --- a/fs_mgr/fs_mgr_verity.cpp +++ b/fs_mgr/fs_mgr_verity.cpp @@ -150,6 +150,18 @@ out: return retval; } +static int verify_verity_signature(const struct fec_verity_metadata& verity) +{ + if (verify_table(verity.signature, verity.table, + verity.table_length) == 0 || + verify_table(verity.ecc_signature, verity.table, + verity.table_length) == 0) { + return 0; + } + + return -1; +} + static int invalidate_table(char *table, size_t table_length) { size_t n = 0; @@ -919,8 +931,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) } // verify the signature on the table - if (verify_table(verity.signature, verity.table, - verity.table_length) < 0) { + if (verify_verity_signature(verity) < 0) { if (params.mode == VERITY_MODE_LOGGING) { // the user has been warned, allow mounting without dm-verity retval = FS_MGR_SETUP_VERITY_SUCCESS; |