diff options
author | Victor Hsieh <victorhsieh@google.com> | 2020-04-03 15:17:37 -0700 |
---|---|---|
committer | Victor Hsieh <victorhsieh@google.com> | 2020-05-27 17:13:54 -0700 |
commit | 0b89cd3e46f3a87d41ecf32407d849391897617f (patch) | |
tree | 838981521e956dbf195708d16b32caeaf932aae6 | |
parent | fc96b70b564027969e01cff002cc42c97c1db801 (diff) | |
download | security-0b89cd3e46f3a87d41ecf32407d849391897617f.tar.gz |
Also load fs-verity cert from /system/etc/security/fsverity/
Bug: 153112812
Test: able to use the new cert after reboot
Change-Id: I01085913f81898592a3a1edcaa97aff6dc8ac89c
Merged-In: I01085913f81898592a3a1edcaa97aff6dc8ac89c
-rw-r--r-- | fsverity_init/fsverity_init.cpp | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/fsverity_init/fsverity_init.cpp b/fsverity_init/fsverity_init.cpp index e2a8bf70..4ed25cdc 100644 --- a/fsverity_init/fsverity_init.cpp +++ b/fsverity_init/fsverity_init.cpp @@ -37,10 +37,8 @@ bool LoadKeyToKeyring(key_serial_t keyring_id, const char* desc, const char* dat return true; } -void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) { - const char* dir = "/product/etc/security/fsverity"; +void LoadKeyFromDirectory(key_serial_t keyring_id, const char* keyname, const char* dir) { if (!std::filesystem::exists(dir)) { - LOG(ERROR) << "no such dir: " << dir; return; } for (const auto& entry : std::filesystem::directory_iterator(dir)) { @@ -49,12 +47,19 @@ void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) { if (!android::base::ReadFileToString(entry.path(), &content)) { continue; } - if (!LoadKeyToKeyring(keyring_id, "fsv_system", content.c_str(), content.size())) { + if (!LoadKeyToKeyring(keyring_id, keyname, content.c_str(), content.size())) { LOG(ERROR) << "Failed to load key from " << entry.path(); } } } +void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) { + // NB: Directories need to be synced with FileIntegrityService.java in + // frameworks/base. + LoadKeyFromDirectory(keyring_id, "fsv_system", "/system/etc/security/fsverity"); + LoadKeyFromDirectory(keyring_id, "fsv_product", "/product/etc/security/fsverity"); +} + int main(int /*argc*/, const char** /*argv*/) { key_serial_t keyring_id = android::GetKeyringId(".fs-verity"); if (keyring_id < 0) { |