Mark block device as read-only before mounting.
Mounting a block device as read-only still allows the filesystem to
write to the block device, while keeping the user-facing filesystem
interface "read-only". This behavior will make dm-verity to fail after
reboot if any block is modified during postinstall.
This patch marks the block device as read-only before mounting it, and
marks them read-only or read-write before using them during the update.
Bug: 27859604
TEST=Added logging and deployed an update to brillo, devices are marked RO/RW as needed during a delta update.
Change-Id: I781293cc0b3447dac708470ba6efad4103bf2a58
diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index de121ed..d955d03 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc
@@ -110,6 +110,10 @@
// Opens path for read/write. On success returns an open FileDescriptor
// and sets *err to 0. On failure, sets *err to errno and returns nullptr.
FileDescriptorPtr OpenFile(const char* path, int mode, int* err) {
+ // Try to mark the block device read-only based on the mode. Ignore any
+ // failure since this won't work when passing regular files.
+ utils::SetBlockDeviceReadOnly(path, (mode & O_ACCMODE) == O_RDONLY);
+
FileDescriptorPtr fd = CreateFileDescriptor(path);
#if USE_MTD
// On NAND devices, we can either read, or write, but not both. So here we