openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Do not mount devices with invalid verity metadata 

The return value of read_verity_metadata is propagated to caller
even if the verity metadata is invalid, provided that it can be
read from the device. This results in devices with invalid verity
metadata signatures to be mounted normally, which is not desirable.
This change fixes the bug by changing the return value in case of
verification failure to FS_MGR_SETUP_VERITY_FAIL.

Change-Id: Ic29f37a23cb417c2538d60fb05de9dd310d50f4a
This commit is contained in:
Sami Tolvanen 2014-11-07 10:20:02 -08:00
parent a3465e250c
commit c95e9da396
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fs_mgr/fs_mgr_verity.c
View File

@ -378,7 +378,7 @@ static int set_verified_property(char *name) {
int fs_mgr_setup_verity(struct fstab_rec *fstab) {
int retval = -1;
int retval = FS_MGR_SETUP_VERITY_FAIL;
int fd = -1;
char *verity_blk_name = 0;
@ -409,6 +409,8 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) {
goto out;
}
retval = FS_MGR_SETUP_VERITY_FAIL;
// get the device mapper fd
if ((fd = open("/dev/device-mapper", O_RDWR)) < 0) {
ERROR("Error opening device mapper (%s)", strerror(errno));