Something went wrong on our end
-
Tianjie Xu authoredCurrently update_verifier only verifies the blocks when dm-verity is in 'enforcing' mode; and dm-verity will reboot the device upon detection of errors. However, sometimes the verity mode is not guaranteed to be correct. When mode is 'eio' for example, dm-verity will not trigger a reboot but rather fail the read. So update_verifier need to take the responsibility to reboot the device. Otherwise the device will continue to boot without setting the flag "isSlotMarkedSuccessful". Denial message: update_verifier: type=1400 audit(0.0:18): avc: denied { write } for name="property_service" dev="tmpfs" ino=14678 scontext=u:r:update_verifier:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 Bug: 36260064 Test: powerctl property sets successfully Change-Id: I7431f87e2d61be1425397732aebb369d4ad4c26cTianjie Xu authoredCurrently update_verifier only verifies the blocks when dm-verity is in 'enforcing' mode; and dm-verity will reboot the device upon detection of errors. However, sometimes the verity mode is not guaranteed to be correct. When mode is 'eio' for example, dm-verity will not trigger a reboot but rather fail the read. So update_verifier need to take the responsibility to reboot the device. Otherwise the device will continue to boot without setting the flag "isSlotMarkedSuccessful". Denial message: update_verifier: type=1400 audit(0.0:18): avc: denied { write } for name="property_service" dev="tmpfs" ino=14678 scontext=u:r:update_verifier:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 Bug: 36260064 Test: powerctl property sets successfully Change-Id: I7431f87e2d61be1425397732aebb369d4ad4c26c