fs_mgr: Fix disable-verity for verifyatboot partitions
This allows a remount to be performed on partitions which have been
verified at boot, without causing the verity service to complain of
"corrupted" blocks that could have been modified as a result of a
remount (while the verity checksum remained unchanged).
Bug: 32638755
Change-Id: I77cf7dd20ee5c5f5dac80f73f292e32583fe5906
diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp
index a0896fa..aa00520 100644
--- a/fs_mgr/fs_mgr_verity.cpp
+++ b/fs_mgr/fs_mgr_verity.cpp
@@ -833,7 +833,7 @@
char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
const char *mount_point;
char propbuf[PROPERTY_VALUE_MAX];
- char *status;
+ const char *status;
int fd = -1;
int i;
int mode;
@@ -883,9 +883,13 @@
verity_ioctl_init(io, mount_point, 0);
if (ioctl(fd, DM_TABLE_STATUS, io)) {
- ERROR("Failed to query DM_TABLE_STATUS for %s (%s)\n", mount_point,
- strerror(errno));
- continue;
+ if (fstab->recs[i].fs_mgr_flags & MF_VERIFYATBOOT) {
+ status = "V";
+ } else {
+ ERROR("Failed to query DM_TABLE_STATUS for %s (%s)\n", mount_point,
+ strerror(errno));
+ continue;
+ }
}
status = &buffer[io->data_start + sizeof(struct dm_target_spec)];
@@ -945,11 +949,11 @@
struct fec_handle *f = NULL;
struct fec_verity_metadata verity;
struct verity_table_params params = { .table = NULL };
- bool verified_at_boot = false;
alignas(dm_ioctl) char buffer[DM_BUF_SIZE];
struct dm_ioctl *io = (struct dm_ioctl *) buffer;
char *mount_point = basename(fstab->mount_point);
+ bool verified_at_boot = false;
if (fec_open(&f, fstab->blk_device, O_RDONLY, FEC_VERITY_DISABLE,
FEC_DEFAULT_ROOTS) < 0) {