ksud: support module disable in safemode
This commit is contained in:
tiann
@@ -116,10 +116,23 @@ pub fn on_post_data_fs() -> Result<()> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If there isn't any image exist, do nothing for module!
|
||||||
|
if !Path::new(target_update_img).exists() {
|
||||||
|
return Ok(());
|
||||||
|
}
|
||||||
|
|
||||||
|
// we should always mount the module.img to module dir
|
||||||
|
// becuase we may need to operate the module dir in safe mode
|
||||||
|
info!("mount module image: {target_update_img} to {module_dir}");
|
||||||
|
mount::AutoMountExt4::try_new(target_update_img, module_dir, false)
|
||||||
|
.with_context(|| "mount module image failed".to_string())?;
|
||||||
|
|
||||||
// check safe mode first.
|
// check safe mode first.
|
||||||
if crate::utils::is_safe_mode() {
|
if crate::utils::is_safe_mode() {
|
||||||
warn!("safe mode, skip module post-fs-data scripts");
|
warn!("safe mode, skip post-fs-data scripts and disable all modules!");
|
||||||
// TODO: we should also disable modules
|
if let Err(e) = crate::module::disable_all_modules() {
|
||||||
|
warn!("disable all modules failed: {}", e);
|
||||||
|
}
|
||||||
return Ok(());
|
return Ok(());
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -128,15 +141,6 @@ pub fn on_post_data_fs() -> Result<()> {
|
|||||||
warn!("exec common post-fs-data scripts failed: {}", e);
|
warn!("exec common post-fs-data scripts failed: {}", e);
|
||||||
}
|
}
|
||||||
|
|
||||||
// If there isn't any image exist, do nothing for module!
|
|
||||||
if !Path::new(target_update_img).exists() {
|
|
||||||
return Ok(());
|
|
||||||
}
|
|
||||||
|
|
||||||
info!("mount module image: {target_update_img} to {module_dir}");
|
|
||||||
mount::AutoMountExt4::try_new(target_update_img, module_dir, false)
|
|
||||||
.with_context(|| "mount module image failed".to_string())?;
|
|
||||||
|
|
||||||
// load sepolicy.rule
|
// load sepolicy.rule
|
||||||
if crate::module::load_sepolicy_rule().is_err() {
|
if crate::module::load_sepolicy_rule().is_err() {
|
||||||
warn!("load sepolicy.rule failed");
|
warn!("load sepolicy.rule failed");
|
||||||
|
|||||||
@@ -636,6 +636,20 @@ pub fn disable_module(id: &str) -> Result<()> {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn disable_all_modules() -> Result<()> {
|
||||||
|
// we assume the module dir is already mounted
|
||||||
|
let dir = std::fs::read_dir(defs::MODULE_DIR)?;
|
||||||
|
for entry in dir.flatten() {
|
||||||
|
let path = entry.path();
|
||||||
|
let disable_flag = path.join(defs::DISABLE_FILE_NAME);
|
||||||
|
if let Err(e) = ensure_file_exists(disable_flag) {
|
||||||
|
warn!("Failed to disable module: {}: {}", path.display(), e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
fn _list_modules(path: &str) -> Vec<HashMap<String, String>> {
|
fn _list_modules(path: &str) -> Vec<HashMap<String, String>> {
|
||||||
// first check enabled modules
|
// first check enabled modules
|
||||||
let dir = std::fs::read_dir(path);
|
let dir = std::fs::read_dir(path);
|
||||||
|
|||||||
Reference in New Issue
Block a user