fs_mgr: Set the 'partition.*.verified' property for verified partitions.
This modifies fs_mgr to set the partition.*.verified properties.
Each of these should be used as a weak indicator that a given partition
is verified. For instance, if the 'partition.system.verified' property
is set to '1', this could indicate that the system partition is verified
and therefore should not be modified by, e.g., adb sync.
Note that these properties can be mutated by the system, and so
should not be used as the basis for security decisions.
Change-Id: I27215a3d3628a1b1e184df9eaad90541b9d8b841
diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c
index 40bc2ec..aa3b1dd 100644
--- a/fs_mgr/fs_mgr_verity.c
+++ b/fs_mgr/fs_mgr_verity.c
@@ -30,6 +30,7 @@
#include <time.h>
#include <private/android_filesystem_config.h>
+#include <cutils/properties.h>
#include <logwrap/logwrap.h>
#include "mincrypt/rsa.h"
@@ -335,6 +336,26 @@
return -1;
}
+static int set_verified_property(char *name) {
+ int ret;
+ char *key;
+ ret = asprintf(&key, "partition.%s.verified", name);
+ if (ret < 0) {
+ ERROR("Error formatting verified property");
+ return ret;
+ }
+ ret = PROP_NAME_MAX - strlen(key);
+ if (ret < 0) {
+ ERROR("Verified property name is too long");
+ return -1;
+ }
+ ret = property_set(key, "1");
+ if (ret < 0)
+ ERROR("Error setting verified property %s: %d", key, ret);
+ free(key);
+ return ret;
+}
+
int fs_mgr_setup_verity(struct fstab_rec *fstab) {
int retval = -1;
@@ -351,6 +372,13 @@
io->flags |= 1;
io->target_count = 1;
+ // check to ensure that the verity device is ext4
+ // TODO: support non-ext4 filesystems
+ if (strcmp(fstab->fs_type, "ext4")) {
+ ERROR("Cannot verify non-ext4 device (%s)", fstab->fs_type);
+ return retval;
+ }
+
// get the device mapper fd
int fd;
if ((fd = open("/dev/device-mapper", O_RDWR)) < 0) {
@@ -403,7 +431,8 @@
goto out;
}
- retval = 0;
+ // set the property indicating that the partition is verified
+ retval = set_verified_property(mount_point);
out:
close(fd);