#!/bin/sh
# Filename:      forensic-mark-readonly
# Purpose:       force block devices to read-only mode when booting with boot option read-only
# Authors:       grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
# Bug-Reports:   see http://grml.org/bugs/
# License:       This file is licensed under the GPL v2 or any later version.
################################################################################

get_blockdev_dir() {
    for dir in /sys/subsystem/block/ /sys/class/block/ /sys/block/ ; do
        [ -d "$dir" ] && echo "$dir" && return
    done
}

base() {
    echo ${1##*/}
}

dir() {
    echo ${1%/*}
}

is_ro() {
    [ "$(blockdev --getro $1)" = "1" ] && return 0 || return 1
}

# check for read-only bootoption
if grep -q read-only /proc/cmdline ; then
 # we get $DEVNAME via udev's environment
 if [ -n "$DEVNAME" ] ; then
    NAME=$(base $DEVNAME)
    SYS_DIR=$(get_blockdev_dir)

    if [ -n "$SYS_DIR" ] && [ -n "$NAME" ] ; then
        DEVICE=$SYS_DIR/*/$NAME
        if [ -d $DEVICE ] ; then
            PARENT=$(dir $DEVICE)
            PARENT=$(base $PARENT)
            PARENT="/dev/$PARENT"
        fi
    fi

   if is_ro "$DEVNAME" ; then
     logger "forensic mode: device $DEVNAME already set to read-only mode, nothing to do"
   elif [ -n "$PARENT" ] && ! is_ro "$PARENT" ; then
     logger "forensic mode: parent device $PARENT is set read-write, not modifying"
     logger "forensic mode: use blockdev --setro $DEVNAME to set it manually"
   else
     logger "forensic mode: setting $DEVNAME [$ID_SERIAL] to read-only"

     if blockdev --setro "$DEVNAME" ; then
       logger "|-> done; execute 'blockdev --setrw $DEVNAME' to unlock"
     else
       logger "|-> error while executing blockdev: $(blockdev --setro $DEVNAME 2>&1)"
     fi

   fi

 fi
fi

## END OF FILE #################################################################
