| Index: find_omaha.sh
|
| diff --git a/find_omaha.sh b/find_omaha.sh
|
| index 80928e178061f11c9ec37d69286aaced971f7dfd..59fb138f22205776cd364421e222345be815cc2f 100755
|
| --- a/find_omaha.sh
|
| +++ b/find_omaha.sh
|
| @@ -5,19 +5,12 @@
|
| # Parent file must include memento_updater_logging.sh
|
| # This file cannot be run by itself, it must be included.
|
|
|
| -OVERRIDE_IS_SECURE="YES"
|
| -FACTORY_OVERRIDE_IS_SECURE="YES"
|
| -
|
| -# Return the value for a given key in the override lsb-release file if the
|
| -# file is secure. If no value is found, checks in the standard lsb-release
|
| -# file.
|
| +# Return the value for a given key in the override lsb-release file.
|
| +# If no value is found, checks in the standard lsb-release file.
|
| findLSBValue()
|
| {
|
| - if [ "$FACTORY_OVERRIDE_IS_SECURE" = "YES" ]
|
| - then
|
| - # Check factory lsb file.
|
| - value=$(grep ^$1 $FACTORY_LSB_FILE | cut -d = -f 2-)
|
| - fi
|
| + # Check factory lsb file.
|
| + value=$(grep ^$1 $FACTORY_LSB_FILE | cut -d = -f 2-)
|
|
|
| if [ -z "$value" ]
|
| then
|
| @@ -28,56 +21,4 @@ findLSBValue()
|
| echo $value
|
| }
|
|
|
| -# Returns 0 if the file or folder is owned by root and not writable
|
| -# by group/other. Returns 1 otherwise.
|
| -checkRootPermission()
|
| -{
|
| - if [ -z "$1" ]
|
| - then
|
| - log Path is missing, unable to check permissions
|
| - return 1
|
| - fi
|
| - # Verifying root owner for the passed in value ($1)
|
| - OWNER=$(stat -c '%U:%G' "$1")
|
| -
|
| - if [ "$OWNER" != "root:root" ]
|
| - then
|
| - return 1
|
| - else
|
| - # File has root:root permission so now we will check write permission
|
| - # on the file.
|
| - PERMISSION=$(stat -c '%A' "$1")
|
| - # PERMISSION would be something like -rw-r--r--, so we are parsing
|
| - # w bits for owner, group and others.
|
| - GROUP_WRITE=$(echo "$PERMISSION" | cut -b 6)
|
| - OTHER_WRITE=$(echo "$PERMISSION" | cut -b 9)
|
| -
|
| - # Except owner, nobody should have write permission. (owner has to be root)
|
| - if [ "$GROUP_WRITE" != '-' -o "$OTHER_WRITE" != '-' ]
|
| - then
|
| - return 1
|
| - fi
|
| - fi
|
| - return 0
|
| -}
|
| -
|
| -FACTORY_STATEFUL_VAR=/mnt/stateful_partition/dev_image
|
| -FACTORY_STATEFUL_ETC=/mnt/stateful_partition/dev_image/etc
|
| FACTORY_LSB_FILE=/mnt/stateful_partition/dev_image/etc/lsb-factory
|
| -
|
| -FACTORY_LIST_TO_CHECK="
|
| - $FACTORY_STATEFUL_VAR
|
| - $FACTORY_STATEFUL_ETC
|
| - $FACTORY_LSB_FILE
|
| -"
|
| -
|
| -for FILE_NAME in $FACTORY_LIST_TO_CHECK
|
| -do
|
| - if ! checkRootPermission "$FILE_NAME"
|
| - then
|
| - log non-root can write to $FILE_NAME, thus ignoring $FACTORY_LSB_FILE
|
| - # If we find there is security hole, we set this flag
|
| - FACTORY_OVERRIDE_IS_SECURE=NO
|
| - fi
|
| -done
|
| -
|
|
|