diff options
author | Treehugger Robot <treehugger-gerrit@google.com> | 2021-07-06 11:58:38 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2021-07-06 11:58:38 +0000 |
commit | 1bca8c905e2013b07b185cdf71ea0ac79a0c55ea (patch) | |
tree | 9a73666a78e9aa11a69ffc267d497382893bc1bb | |
parent | 8a47bfe7d95a23b788c3c193335b0ac3aba39bf4 (diff) | |
parent | 2553b56a829effed312d68dfb51791585e2308f2 (diff) | |
download | security-1bca8c905e2013b07b185cdf71ea0ac79a0c55ea.tar.gz |
Merge "Skip FS_IOC_GETFLAGS."
-rw-r--r-- | ondevice-signing/VerityUtils.cpp | 21 |
1 files changed, 6 insertions, 15 deletions
diff --git a/ondevice-signing/VerityUtils.cpp b/ondevice-signing/VerityUtils.cpp index 36f85b50..543e5a49 100644 --- a/ondevice-signing/VerityUtils.cpp +++ b/ondevice-signing/VerityUtils.cpp @@ -210,29 +210,20 @@ Result<std::map<std::string, std::string>> addFilesToVerityRecursive(const std:: return digests; } -Result<std::string> readVerityDigest(int fd) { +Result<std::string> isFileInVerity(int fd) { auto d = makeUniqueWithTrailingData<fsverity_digest>(FS_VERITY_MAX_DIGEST_SIZE); d->digest_size = FS_VERITY_MAX_DIGEST_SIZE; auto ret = ioctl(fd, FS_IOC_MEASURE_VERITY, d.get()); if (ret < 0) { - return ErrnoError() << "Failed to FS_IOC_MEASURE_VERITY"; + if (errno == ENODATA) { + return Error() << "File is not in fs-verity"; + } else { + return ErrnoError() << "Failed to FS_IOC_MEASURE_VERITY"; + } } return toHex({&d->digest[0], &d->digest[d->digest_size]}); } -Result<std::string> isFileInVerity(int fd) { - unsigned int flags; - int ret = ioctl(fd, FS_IOC_GETFLAGS, &flags); - if (ret < 0) { - return ErrnoError() << "Failed to FS_IOC_GETFLAGS"; - } - if (!(flags & FS_VERITY_FL)) { - return Error() << "File is not in fs-verity"; - } - - return readVerityDigest(fd); -} - Result<std::string> isFileInVerity(const std::string& path) { unique_fd fd(TEMP_FAILURE_RETRY(open(path.c_str(), O_RDONLY | O_CLOEXEC))); if (!fd.ok()) { |