From f9dc39023cf6d6ebe601c21fcb32fd288dbe470d Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@chromium.org>
Date: Wed, 1 Aug 2012 12:41:12 -0700
Subject: [PATCH] mount-encrypted: allow stateful mount check to pass factory
 install

When factory install happens, mount-encrypted is running on a tmpfs,
which can be detected via a W_OK check on the root filesystem.

BUG=chrome-os-partner:12033
TEST=alex build, manual test

Change-Id: I7bf5eaa244a50dd2a0de51760c964e970fa8e3aa
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/28960
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
---
 utility/mount-encrypted.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/utility/mount-encrypted.c b/utility/mount-encrypted.c
index 2c0fa8b20e..5c3dd67ece 100644
--- a/utility/mount-encrypted.c
+++ b/utility/mount-encrypted.c
@@ -1027,9 +1027,16 @@ static void check_mount_states(void)
 {
 	struct bind_mount *bind;
 
-	/* Verify stateful partition exists and is mounted. */
-	if (access(stateful_mount, R_OK) ||
-	    same_vfs(stateful_mount, rootdir)) {
+	/* Verify stateful partition exists. */
+	if (access(stateful_mount, R_OK)) {
+		INFO("%s does not exist.", stateful_mount);
+		exit(1);
+	}
+	/* Verify stateful is either a separate mount, or that the
+	 * root directory is writable (i.e. a factory install, dev mode
+	 * where root remounted rw, etc).
+	 */
+	if (same_vfs(stateful_mount, rootdir) && access(rootdir, W_OK)) {
 		INFO("%s is not mounted.", stateful_mount);
 		exit(1);
 	}