Set underlying block device RO when enabling verity
Currently, when verity is set up on a block device, the underlying
device is still accessible directly. Change the existing function
fs_set_blk_ro visible to other fs_mgr modules, change the behavior
to match the comment above the function definition, and call it to
disable write access to the block device when setting up verity.
Bug: 18609347
Change-Id: I7884175df15f9161174788d74d20a08e4cd472ca
diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c
index a1391e0..f9a6ba2 100644
--- a/fs_mgr/fs_mgr.c
+++ b/fs_mgr/fs_mgr.c
@@ -185,19 +185,22 @@
* Mark the given block device as read-only, using the BLKROSET ioctl.
* Return 0 on success, and -1 on error.
*/
-static void fs_set_blk_ro(const char *blockdev)
+int fs_mgr_set_blk_ro(const char *blockdev)
{
int fd;
+ int rc = -1;
int ON = 1;
- fd = open(blockdev, O_RDONLY);
+ fd = TEMP_FAILURE_RETRY(open(blockdev, O_RDONLY | O_CLOEXEC));
if (fd < 0) {
// should never happen
- return;
+ return rc;
}
- ioctl(fd, BLKROSET, &ON);
- close(fd);
+ rc = ioctl(fd, BLKROSET, &ON);
+ TEMP_FAILURE_RETRY(close(fd));
+
+ return rc;
}
/*
@@ -223,7 +226,7 @@
save_errno = errno;
INFO("%s(source=%s,target=%s,type=%s)=%d\n", __func__, source, target, rec->fs_type, ret);
if ((ret == 0) && (mountflags & MS_RDONLY) != 0) {
- fs_set_blk_ro(source);
+ fs_mgr_set_blk_ro(source);
}
errno = save_errno;
return ret;
diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h
index 4ba6f92..88a1040 100644
--- a/fs_mgr/fs_mgr_priv.h
+++ b/fs_mgr/fs_mgr_priv.h
@@ -79,5 +79,7 @@
#define DM_BUF_SIZE 4096
+int fs_mgr_set_blk_ro(const char *blockdev);
+
#endif /* __CORE_FS_MGR_PRIV_H */
diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c
index 4683acb..db63bcc 100644
--- a/fs_mgr/fs_mgr_verity.c
+++ b/fs_mgr/fs_mgr_verity.c
@@ -442,6 +442,9 @@
goto out;
}
+ // mark the underlying block device as read-only
+ fs_mgr_set_blk_ro(fstab->blk_device);
+
// assign the new verity block device as the block device
free(fstab->blk_device);
fstab->blk_device = verity_blk_name;