mount-encrypted: allow stateful mount check to pass factory install

When factory install happens, mount-encrypted is running on a tmpfs, which can be detected via a W_OK check on the root filesystem. BUG=chrome-os-partner:12033 TEST=alex build, manual test Change-Id: I7bf5eaa244a50dd2a0de51760c964e970fa8e3aa Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/28960 Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
2026-01-10 17:41:54 +00:00 · 2012-08-01 12:41:12 -07:00
parent 6c9f097380
commit f9dc39023c
1 changed files with 10 additions and 3 deletions
--- a/utility/mount-encrypted.c
+++ b/utility/mount-encrypted.c
@@ -1027,9 +1027,16 @@ static void check_mount_states(void)
 {
 	struct bind_mount *bind;

-	/* Verify stateful partition exists and is mounted. */
-	if (access(stateful_mount, R_OK) ||
-	    same_vfs(stateful_mount, rootdir)) {
+	/* Verify stateful partition exists. */
+	if (access(stateful_mount, R_OK)) {
+		INFO("%s does not exist.", stateful_mount);
+		exit(1);
+	}
+	/* Verify stateful is either a separate mount, or that the
+	 * root directory is writable (i.e. a factory install, dev mode
+	 * where root remounted rw, etc).
+	 */
+	if (same_vfs(stateful_mount, rootdir) && access(rootdir, W_OK)) {
 		INFO("%s is not mounted.", stateful_mount);
 		exit(1);
 	}