diff options
author | Victor Hsieh <victorhsieh@google.com> | 2023-10-16 16:15:59 -0700 |
---|---|---|
committer | Victor Hsieh <victorhsieh@google.com> | 2023-10-17 10:54:28 -0700 |
commit | 0da66a553772a194f704877e5c4c59d42d6bbd2b (patch) | |
tree | 34e3ae1afeb9b2a5f16878f3f921e2258c7ed5e5 /fsverity_init | |
parent | b6d1dfbe0b83dfdca36adbb0bafd8db8258bea9d (diff) | |
download | security-0da66a553772a194f704877e5c4c59d42d6bbd2b.tar.gz |
Flag guard to make fsverity_init a no-op
As early as fsverity_init, the flag can only be static (thus
is_fixed_read_only). It is now a constant/false and will be flipped
during the ramp up at build time.
Bug: 290064770
Test: mma
Test: Inspect the generated code
Change-Id: I4bd1addb996705f6e6b9f75313bf22b9ecd3e11c
Diffstat (limited to 'fsverity_init')
-rw-r--r-- | fsverity_init/Android.bp | 12 | ||||
-rw-r--r-- | fsverity_init/flags.aconfig | 9 | ||||
-rw-r--r-- | fsverity_init/fsverity_init.cpp | 8 |
3 files changed, 29 insertions, 0 deletions
diff --git a/fsverity_init/Android.bp b/fsverity_init/Android.bp index 07eaf6a2..d9bff3b2 100644 --- a/fsverity_init/Android.bp +++ b/fsverity_init/Android.bp @@ -13,6 +13,7 @@ cc_binary { "fsverity_init.cpp", ], static_libs: [ + "aconfig_fsverity_init_c_lib", "libc++fs", "libmini_keyctl_static", ], @@ -23,3 +24,14 @@ cc_binary { ], cflags: ["-Werror", "-Wall", "-Wextra"], } + +aconfig_declarations { + name: "aconfig_fsverity_init", + package: "android.security.flag", + srcs: ["flags.aconfig"], +} + +cc_aconfig_library { + name: "aconfig_fsverity_init_c_lib", + aconfig_declarations: "aconfig_fsverity_init", +} diff --git a/fsverity_init/flags.aconfig b/fsverity_init/flags.aconfig new file mode 100644 index 00000000..20640d7e --- /dev/null +++ b/fsverity_init/flags.aconfig @@ -0,0 +1,9 @@ +package: "android.security.flag" + +flag { + name: "deprecate_fsverity_init" + namespace: "hardware_backed_security" + description: "Feature flag for deprecate fsverity_init" + bug: "290064770" + is_fixed_read_only: true +} diff --git a/fsverity_init/fsverity_init.cpp b/fsverity_init/fsverity_init.cpp index 797118d4..717beebc 100644 --- a/fsverity_init/fsverity_init.cpp +++ b/fsverity_init/fsverity_init.cpp @@ -43,6 +43,7 @@ #include <android-base/file.h> #include <android-base/logging.h> #include <android-base/strings.h> +#include <android_security_flag.h> #include <log/log.h> #include <mini_keyctl_utils.h> @@ -79,6 +80,13 @@ void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) { } int main(int argc, const char** argv) { + if (android::security::flag::deprecate_fsverity_init()) { + // Don't load keys to the built-in fs-verity keyring in kernel. This will make existing + // files not readable. We expect to only enable the flag when there are no such files or + // when failure is ok (e.g. with a fallback). + return 0; + } + if (argc < 2) { LOG(ERROR) << "Not enough arguments"; return -1; |