tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "On-device signing: reject everything that's not a regular file/dir." am: 30257fa908

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/1751220

Change-Id: If41aba7810a4ff4deecd9161d013ed8b7a984bef
This commit is contained in:
Martijn Coenen 2021-06-29 14:52:48 +00:00 committed by Automerger Merge Worker
commit 36ef057910
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
ondevice-signing/VerityUtils.cpp
View file

@ -220,13 +220,19 @@ Result<std::map<std::string, std::string>> verifyAllFilesInVerity(const std::str
while (!ec && it != end) { while (!ec && it != end) {
if (it->is_regular_file()) { if (it->is_regular_file()) {
// Verify // Verify the file is in fs-verity
auto result = isFileInVerity(it->path()); auto result = isFileInVerity(it->path());
if (!result.ok()) { if (!result.ok()) {
return result.error(); return result.error();
} }
digests[it->path()] = *result; digests[it->path()] = *result;
} // TODO reject other types besides dirs? } else if (it->is_directory()) {
// These are fine to ignore
} else if (it->is_symlink()) {
return Error() << "Rejecting artifacts, symlink at " << it->path();
} else {
return Error() << "Rejecting artifacts, unexpected file type for " << it->path();
}
++it; ++it;
} }
if (ec) { if (ec) {