diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2020-05-29 17:01:56 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2020-05-29 17:01:56 +0000 |
commit | 37dedb0f5221f63c5c1d8dbcc8c62149a672bcb1 (patch) | |
tree | 3f8c8fa07a84fdd38cae36162681a6259259f4c7 | |
parent | f635cf0e311bfcc1f24aa1465af142ada57a4e64 (diff) | |
parent | 0b89cd3e46f3a87d41ecf32407d849391897617f (diff) | |
download | security-37dedb0f5221f63c5c1d8dbcc8c62149a672bcb1.tar.gz |
Merge "Also load fs-verity cert from /system/etc/security/fsverity/" into rvc-dev
-rw-r--r-- | fsverity_init/fsverity_init.cpp | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/fsverity_init/fsverity_init.cpp b/fsverity_init/fsverity_init.cpp index e2a8bf70..4ed25cdc 100644 --- a/fsverity_init/fsverity_init.cpp +++ b/fsverity_init/fsverity_init.cpp @@ -37,10 +37,8 @@ bool LoadKeyToKeyring(key_serial_t keyring_id, const char* desc, const char* dat return true; } -void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) { - const char* dir = "/product/etc/security/fsverity"; +void LoadKeyFromDirectory(key_serial_t keyring_id, const char* keyname, const char* dir) { if (!std::filesystem::exists(dir)) { - LOG(ERROR) << "no such dir: " << dir; return; } for (const auto& entry : std::filesystem::directory_iterator(dir)) { @@ -49,12 +47,19 @@ void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) { if (!android::base::ReadFileToString(entry.path(), &content)) { continue; } - if (!LoadKeyToKeyring(keyring_id, "fsv_system", content.c_str(), content.size())) { + if (!LoadKeyToKeyring(keyring_id, keyname, content.c_str(), content.size())) { LOG(ERROR) << "Failed to load key from " << entry.path(); } } } +void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) { + // NB: Directories need to be synced with FileIntegrityService.java in + // frameworks/base. + LoadKeyFromDirectory(keyring_id, "fsv_system", "/system/etc/security/fsverity"); + LoadKeyFromDirectory(keyring_id, "fsv_product", "/product/etc/security/fsverity"); +} + int main(int /*argc*/, const char** /*argv*/) { key_serial_t keyring_id = android::GetKeyringId(".fs-verity"); if (keyring_id < 0) { |