diff options
| author | 2023-05-18 20:50:04 +0000 | |
|---|---|---|
| committer | 2023-05-18 20:50:04 +0000 | |
| commit | 200ea89cf2acb50398c65d68d0773fbb52286056 (patch) | |
| tree | 57c1f99d0199e614a453df45b384b94e4cc39f4c | |
| parent | 1bccc28d20b9146094b712eda592010323a68fd7 (diff) | |
| parent | 30c50ce584cb6d6b82812412555eaec3a16ef9d1 (diff) | |
Merge "VerityUtils: handle ENOTTY from FS_IOC_GETFLAGS" am: 30c50ce584
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2595109
Change-Id: I9869d0c5a0367377842c167f579a94b93feac946
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
| -rw-r--r-- | core/jni/com_android_internal_security_VerityUtils.cpp | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/core/jni/com_android_internal_security_VerityUtils.cpp b/core/jni/com_android_internal_security_VerityUtils.cpp index 5553d28db066..6eab12b0eb42 100644 --- a/core/jni/com_android_internal_security_VerityUtils.cpp +++ b/core/jni/com_android_internal_security_VerityUtils.cpp @@ -79,7 +79,11 @@ int enableFsverity(JNIEnv *env, jobject /* clazz */, jstring filePath, jbyteArra int statxForFsverity(JNIEnv *env, jobject /* clazz */, jstring filePath) { ScopedUtfChars path(env, filePath); - // Call statx and check STATX_ATTR_VERITY. + // There are two ways to check whether a file has fs-verity enabled: statx() and FS_IOC_GETFLAGS + // (See https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#statx and + // https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#fs-ioc-getflags.) + // We try statx() first, since it doesn't require opening the file. + struct statx out = {}; if (statx(AT_FDCWD, path.c_str(), 0 /* flags */, STATX_ALL, &out) != 0) { return -errno; @@ -89,8 +93,12 @@ int statxForFsverity(JNIEnv *env, jobject /* clazz */, jstring filePath) { return (out.stx_attributes & STATX_ATTR_VERITY) != 0; } - // STATX_ATTR_VERITY is not supported for the file path. - // In this case, call ioctl(FS_IOC_GETFLAGS) and check FS_VERITY_FL. + // The filesystem doesn't support STATX_ATTR_VERITY. This normally means that it doesn't + // support fs-verity, in which case we should simply return 0. Unfortunately, virtio-fs is an + // exception, since it doesn't support STATX_ATTR_VERITY but does support querying FS_VERITY_FL + // via FS_IOC_GETFLAGS. So we have to fall back to FS_IOC_GETFLAGS. Note: despite being an + // ioctl, FS_IOC_GETFLAGS doesn't require the "ioctl" SELinux permission but rather "getattr". + ::android::base::unique_fd rfd(open(path.c_str(), O_RDONLY | O_CLOEXEC)); if (rfd.get() < 0) { ALOGE("open failed at %s", path.c_str()); @@ -99,6 +107,11 @@ int statxForFsverity(JNIEnv *env, jobject /* clazz */, jstring filePath) { unsigned int flags; if (ioctl(rfd.get(), FS_IOC_GETFLAGS, &flags) < 0) { + if (errno == ENOTTY) { + // If the filesystem supports neither STATX_ATTR_VERITY nor FS_IOC_GETFLAGS, then assume + // that it doesn't support fs-verity. + return 0; + } ALOGE("ioctl(FS_IOC_GETFLAGS) failed at %s", path.c_str()); return -errno; } |