fs.mitm: Prevent non-sysmodules from reading CAL0.

This commit is contained in:
Michael Scire 2018-11-15 15:29:02 -08:00
parent cff283f77d
commit ff09efb1bf

View file

@ -99,14 +99,21 @@ Result FsMitmService::OpenBisStorage(Out<std::shared_ptr<IStorageInterface>> out
FsStorage bis_storage; FsStorage bis_storage;
rc = fsOpenBisStorageFwd(this->forward_service.get(), &bis_storage, bis_partition_id); rc = fsOpenBisStorageFwd(this->forward_service.get(), &bis_storage, bis_partition_id);
if (R_SUCCEEDED(rc)) { if (R_SUCCEEDED(rc)) {
const bool allow_writes = this->title_id < 0x0100000000001000; const bool is_sysmodule = this->title_id < 0x0100000000001000;
if (bis_partition_id == BisStorageId_Boot0) { if (bis_partition_id == BisStorageId_Boot0) {
storage = std::make_shared<IStorageInterface>(new Boot0Storage(bis_storage, this->title_id)); storage = std::make_shared<IStorageInterface>(new Boot0Storage(bis_storage, this->title_id));
} else if (bis_partition_id == BisStorageId_Prodinfo) { } else if (bis_partition_id == BisStorageId_Prodinfo) {
/* PRODINFO should *never* be writable. */ /* PRODINFO should *never* be writable. */
if (is_sysmodule) {
storage = std::make_shared<IStorageInterface>(new ROProxyStorage(bis_storage)); storage = std::make_shared<IStorageInterface>(new ROProxyStorage(bis_storage));
} else { } else {
if (!allow_writes) { /* Do not allow non-sysmodules to read *or* write CAL0. */
fsStorageClose(&bis_storage);
return 0x320002;
}
} else {
if (!is_sysmodule) {
/* Non-sysmodules should be allowed to read. */
storage = std::make_shared<IStorageInterface>(new ROProxyStorage(bis_storage)); storage = std::make_shared<IStorageInterface>(new ROProxyStorage(bis_storage));
} else { } else {
/* Sysmodules should still be allowed to read and write. */ /* Sysmodules should still be allowed to read and write. */