Created
September 9, 2020 10:45
-
-
Save luca020400/f736df74f3a555f3a4850a523d643968 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 1c814d20b08b1ed359d808e251c56aa2905b390b Mon Sep 17 00:00:00 2001 | |
| From: Luca Stefani <luca.stefani.ge1@gmail.com> | |
| Date: Wed, 9 Sep 2020 12:43:54 +0200 | |
| Subject: [PATCH] libfscrypt: Bail out if we can't open directory | |
| * On QCOM vendor API 29 init.qcom.rc has a 'mkdir' entry | |
| for /data/system | |
| * While the encryption policy matches and is applied properly in | |
| permissive, vendor_init doesn't have enough perms to open | |
| and run ioctl over system_data_file to check its policy | |
| * Instead of opening th possiblity to vendors, just | |
| bail out if we fail to open the directory | |
| Test: m, boot r-gsi on Zenfone 6 | |
| Change-Id: I5ea37019221cd0887b8a5d7454f5a42ac01335c7 | |
| --- | |
| libfscrypt/fscrypt.cpp | 2 +- | |
| 1 file changed, 1 insertion(+), 1 deletion(-) | |
| diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp | |
| index a52ed90c..435de51d 100644 | |
| --- a/libfscrypt/fscrypt.cpp | |
| +++ b/libfscrypt/fscrypt.cpp | |
| @@ -323,7 +323,7 @@ bool EnsurePolicy(const EncryptionPolicy& policy, const std::string& directory) | |
| android::base::unique_fd fd(open(directory.c_str(), O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC)); | |
| if (fd == -1) { | |
| PLOG(ERROR) << "Failed to open directory " << directory; | |
| - return false; | |
| + return true; | |
| } | |
| bool already_encrypted = fscrypt_is_encrypted(fd); | |
| -- | |
| 2.28.0 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment