From 286db70cc6de5cf8f8642cdfb27ae76922f97abb Mon Sep 17 00:00:00 2001 From: Luca Stefani Date: Wed, 9 Sep 2020 12:43:54 +0200 Subject: [PATCH] libfscrypt: Bail out if we can't open directory * On QCOM Q vendor init.qcom.rc has a 'mkdir' entry for /data/system * While the encryption policy matches and is applied properly in permissive, vendor_init doesn't have enough perms to open and run ioctl over system_data_file to check its policy * Instead of opening the possiblity to vendors, just bail out if we fail to open the directory Test: m, boot r-gsi on Zenfone 6 Change-Id: I5ea37019221cd0887b8a5d7454f5a42ac01335c7 --- libfscrypt/fscrypt.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp index a52ed90c..435de51d 100644 --- a/libfscrypt/fscrypt.cpp +++ b/libfscrypt/fscrypt.cpp @@ -323,7 +323,7 @@ bool EnsurePolicy(const EncryptionPolicy& policy, const std::string& directory) android::base::unique_fd fd(open(directory.c_str(), O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC)); if (fd == -1) { PLOG(ERROR) << "Failed to open directory " << directory; - return false; + return true; } bool already_encrypted = fscrypt_is_encrypted(fd); -- 2.17.1