diff options
author | Kees Cook <keescook@chromium.org> | 2012-08-01 12:41:12 -0700 |
---|---|---|
committer | Gerrit <chrome-bot@google.com> | 2012-08-01 14:00:08 -0700 |
commit | f9dc39023cf6d6ebe601c21fcb32fd288dbe470d (patch) | |
tree | f36f5f6466c7181b38a2ba2999530f92a2e786d2 | |
parent | 6c9f09738045efd84156304c7684bab4a009a5f1 (diff) | |
download | vboot-f9dc39023cf6d6ebe601c21fcb32fd288dbe470d.tar.gz |
mount-encrypted: allow stateful mount check to pass factory install
When factory install happens, mount-encrypted is running on a tmpfs,
which can be detected via a W_OK check on the root filesystem.
BUG=chrome-os-partner:12033
TEST=alex build, manual test
Change-Id: I7bf5eaa244a50dd2a0de51760c964e970fa8e3aa
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/28960
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
-rw-r--r-- | utility/mount-encrypted.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/utility/mount-encrypted.c b/utility/mount-encrypted.c index 2c0fa8b2..5c3dd67e 100644 --- a/utility/mount-encrypted.c +++ b/utility/mount-encrypted.c @@ -1027,9 +1027,16 @@ static void check_mount_states(void) { struct bind_mount *bind; - /* Verify stateful partition exists and is mounted. */ - if (access(stateful_mount, R_OK) || - same_vfs(stateful_mount, rootdir)) { + /* Verify stateful partition exists. */ + if (access(stateful_mount, R_OK)) { + INFO("%s does not exist.", stateful_mount); + exit(1); + } + /* Verify stateful is either a separate mount, or that the + * root directory is writable (i.e. a factory install, dev mode + * where root remounted rw, etc). + */ + if (same_vfs(stateful_mount, rootdir) && access(rootdir, W_OK)) { INFO("%s is not mounted.", stateful_mount); exit(1); } |