tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fs_mgr: Strengthen ReadFstabFromFile() around gsi_public_metadata_file

Browse source 
ReadFstabFromFile() calls access() to check the existence of DSU
metadata files to determine if device is in DSU running state. This is
error prone because a failed access() can mean non-exsitent file as well
as the caller lacking the permission to path resolute the pathname.

Strengthen ReadFstabFromFile() to check the errno after a failed
access() or open(), if the errno is not ENOENT, then return with error,
as this may be indicating the caller doesn't have sufficient access
rights to call ReadFstabFromFile().

After this change, processes would need these policies to call
ReadFstabFromFile():
  allow scontext { metadata_file gsi_metadata_file_type }:dir search;
And these policies to call ReadFstabFromFile() within a DSU system:
  allow scontext gsi_public_metadata_file:file r_file_perms;

Bug: 181110285
Test: Presubmit
Change-Id: I1a6a796cb9b7b49af3aa5e7a5e8d99cde25e5857
This commit is contained in:
Yi-Yo Chiang 2021-03-22 13:45:09 +08:00 committed by Yo Chiang
parent a2b662cf23
commit ea4369d141
1 changed files with 29 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
fs_mgr/fs_mgr_fstab.cpp
View file

@ -693,22 +693,32 @@ bool ReadFstabFromFile(const std::string& path, Fstab* fstab) {
LERROR << __FUNCTION__ << "(): failed to load fstab from : '" << path << "'";
return false;
}
if (!is_proc_mounts && !access(android::gsi::kGsiBootedIndicatorFile, F_OK)) {
// This is expected to fail if host is android Q, since Q doesn't
// support DSU slotting. The DSU "active" indicator file would be
// non-existent or empty if DSU is enabled within the guest system.
// In that case, just use the default slot name "dsu".
std::string dsu_slot;
if (!android::gsi::GetActiveDsu(&dsu_slot)) {
PWARNING << __FUNCTION__ << "(): failed to get active dsu slot";
if (!is_proc_mounts) {
if (!access(android::gsi::kGsiBootedIndicatorFile, F_OK)) {
// This is expected to fail if host is android Q, since Q doesn't
// support DSU slotting. The DSU "active" indicator file would be
// non-existent or empty if DSU is enabled within the guest system.
// In that case, just use the default slot name "dsu".
std::string dsu_slot;
if (!android::gsi::GetActiveDsu(&dsu_slot) && errno != ENOENT) {
PERROR << __FUNCTION__ << "(): failed to get active DSU slot";
return false;
}
if (dsu_slot.empty()) {
dsu_slot = "dsu";
LWARNING << __FUNCTION__ << "(): assuming default DSU slot: " << dsu_slot;
}
// This file is non-existent on Q vendor.
std::string lp_names;
if (!ReadFileToString(gsi::kGsiLpNamesFile, &lp_names) && errno != ENOENT) {
PERROR << __FUNCTION__ << "(): failed to read DSU LP names";
return false;
}
TransformFstabForDsu(fstab, dsu_slot, Split(lp_names, ","));
} else if (errno != ENOENT) {
PERROR << __FUNCTION__ << "(): failed to access() DSU booted indicator";
return false;
}
if (dsu_slot.empty()) {
dsu_slot = "dsu";
}
std::string lp_names;
ReadFileToString(gsi::kGsiLpNamesFile, &lp_names);
TransformFstabForDsu(fstab, dsu_slot, Split(lp_names, ","));
}
SkipMountingPartitions(fstab, false /* verbose */);
@ -802,16 +812,14 @@ bool ReadDefaultFstab(Fstab* fstab) {
}
Fstab default_fstab;
if (!default_fstab_path.empty()) {
ReadFstabFromFile(default_fstab_path, &default_fstab);
if (!default_fstab_path.empty() && ReadFstabFromFile(default_fstab_path, &default_fstab)) {
for (auto&& entry : default_fstab) {
fstab->emplace_back(std::move(entry));
}
} else {
LINFO << __FUNCTION__ << "(): failed to find device default fstab";
}
for (auto&& entry : default_fstab) {
fstab->emplace_back(std::move(entry));
}
return !fstab->empty();
}