fs_mgr: overlay drop redundant check
fs_mgr_update_verity_state() provides the needed result, we do not
need to check verity state manually.
Caveat:
The open-coded verity check is not 100% redundant, as it ensures
that if /vendor is not mounted, where the device mount table resides
to aid in a correct enumeration of all verity-enabled mount points,
that /system is not accidentally overlay mounted on a verity checked
volume. This is a unlikely corner condition. A fix for this
condition in the future is to instead migrate this redundant
checking into fs_mgr_update_verity_state() since system is
considered ever present and can be blindly performed without the
required /system or / mount point entries in fstab. Note that
the overlay logic is #ifdef'd out on user builds, so it is not
really a security or reliability issue on a release build.
Test: manual
Bug: 109821005
Change-Id: Ib4a7f9438b2a3cb008e263605a7a7647737c40f2
diff --git a/fs_mgr/fs_mgr_overlayfs.cpp b/fs_mgr/fs_mgr_overlayfs.cpp
index ff7a75c..4934f5a 100644
--- a/fs_mgr/fs_mgr_overlayfs.cpp
+++ b/fs_mgr/fs_mgr_overlayfs.cpp
@@ -556,17 +556,11 @@
return mounts;
}
- // Manually check dm state because stunted fstab (w/o system as root) borken
- auto& dm = DeviceMapper::Instance();
- auto found = false;
- for (auto& system : {"system", "vroot"}) {
- if (dm.GetState(system) == DmDeviceState::INVALID) continue;
- std::vector<DeviceMapper::TargetInfo> table;
- found = !dm.GetTableStatus(system, &table) || table.empty() || table[0].data.empty() ||
- (table[0].data[0] == 'C') || (table[0].data[0] == 'V');
- if (found) break;
- }
- if (!found) mounts.emplace_back("/system");
+ // We have a stunted fstab (w/o system or / ) passed in by the caller,
+ // verity claims are assumed accurate because they are collected internally
+ // from fs_mgr_fstab_default() from within fs_mgr_update_verity_state(),
+ // Can (re)evaluate /system with impunity since we know it is ever-present.
+ mounts.emplace_back("/system");
return mounts;
}