From ff09efb1bf07fc8e00e48cd02e96e939808fa69a Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Thu, 15 Nov 2018 15:29:02 -0800 Subject: [PATCH] fs.mitm: Prevent non-sysmodules from reading CAL0. --- stratosphere/fs_mitm/source/fsmitm_service.cpp | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/stratosphere/fs_mitm/source/fsmitm_service.cpp b/stratosphere/fs_mitm/source/fsmitm_service.cpp index ebb485c88..9897edf6f 100644 --- a/stratosphere/fs_mitm/source/fsmitm_service.cpp +++ b/stratosphere/fs_mitm/source/fsmitm_service.cpp @@ -99,14 +99,21 @@ Result FsMitmService::OpenBisStorage(Out> out FsStorage bis_storage; rc = fsOpenBisStorageFwd(this->forward_service.get(), &bis_storage, bis_partition_id); if (R_SUCCEEDED(rc)) { - const bool allow_writes = this->title_id < 0x0100000000001000; + const bool is_sysmodule = this->title_id < 0x0100000000001000; if (bis_partition_id == BisStorageId_Boot0) { storage = std::make_shared(new Boot0Storage(bis_storage, this->title_id)); } else if (bis_partition_id == BisStorageId_Prodinfo) { /* PRODINFO should *never* be writable. */ - storage = std::make_shared(new ROProxyStorage(bis_storage)); + if (is_sysmodule) { + storage = std::make_shared(new ROProxyStorage(bis_storage)); + } else { + /* Do not allow non-sysmodules to read *or* write CAL0. */ + fsStorageClose(&bis_storage); + return 0x320002; + } } else { - if (!allow_writes) { + if (!is_sysmodule) { + /* Non-sysmodules should be allowed to read. */ storage = std::make_shared(new ROProxyStorage(bis_storage)); } else { /* Sysmodules should still be allowed to read and write. */