diff options
author | Eric Biggers <ebiggers@google.com> | 2023-07-19 01:13:40 +0000 |
---|---|---|
committer | Eric Biggers <ebiggers@google.com> | 2023-07-19 01:13:40 +0000 |
commit | 997fd3392a34594e611405257acd165546ee3dd2 (patch) | |
tree | 2039e5d9da858672dba3de6d8ce5d343b1705acb /fsverity_init | |
parent | b0a6a2adc19b94084fabf2d1f78f64ada86f9cb9 (diff) | |
download | security-997fd3392a34594e611405257acd165546ee3dd2.tar.gz |
Remove fsverity_init
Now that fsverity_init is no longer used, it can be removed.
For more details, see https://r.android.com/2662658.
Bug: 290064770
Test: presubmit
Change-Id: I9a90a7141d708ea8aaeefc54288083ee5a0f52ff
Diffstat (limited to 'fsverity_init')
-rw-r--r-- | fsverity_init/Android.bp | 25 | ||||
-rw-r--r-- | fsverity_init/OWNERS | 5 | ||||
-rw-r--r-- | fsverity_init/fsverity_init.cpp | 104 |
3 files changed, 0 insertions, 134 deletions
diff --git a/fsverity_init/Android.bp b/fsverity_init/Android.bp deleted file mode 100644 index 07eaf6a2..00000000 --- a/fsverity_init/Android.bp +++ /dev/null @@ -1,25 +0,0 @@ -package { - // See: http://go/android-license-faq - // A large-scale-change added 'default_applicable_licenses' to import - // all of the 'license_kinds' from "system_security_license" - // to get the below license kinds: - // SPDX-license-identifier-Apache-2.0 - default_applicable_licenses: ["system_security_license"], -} - -cc_binary { - name: "fsverity_init", - srcs: [ - "fsverity_init.cpp", - ], - static_libs: [ - "libc++fs", - "libmini_keyctl_static", - ], - shared_libs: [ - "libbase", - "libkeyutils", - "liblog", - ], - cflags: ["-Werror", "-Wall", "-Wextra"], -} diff --git a/fsverity_init/OWNERS b/fsverity_init/OWNERS deleted file mode 100644 index f9e7b25e..00000000 --- a/fsverity_init/OWNERS +++ /dev/null @@ -1,5 +0,0 @@ -alanstokes@google.com -ebiggers@google.com -jeffv@google.com -jiyong@google.com -victorhsieh@google.com diff --git a/fsverity_init/fsverity_init.cpp b/fsverity_init/fsverity_init.cpp deleted file mode 100644 index 797118d4..00000000 --- a/fsverity_init/fsverity_init.cpp +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// -// fsverity_init is a tool for loading X.509 certificates into the kernel keyring used by the -// fsverity builtin signature verification kernel feature -// (https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#built-in-signature-verification). -// Starting in Android 14, Android has actually stopped using this feature, as it was too inflexible -// and caused problems. It has been replaced by userspace signature verification. Also, some uses -// of fsverity in Android are now for integrity-only use cases. -// -// Regardless, there may exist fsverity files on-disk that were created by Android 13 or earlier. -// These files still have builtin signatures. If the kernel is an older kernel that still has -// CONFIG_FS_VERITY_BUILTIN_SIGNATURES enabled, these files cannot be opened unless the -// corresponding key is in the ".fs-verity" keyring. Therefore, this tool still has to exist and be -// used to load keys into the kernel, even though this has no security purpose anymore. -// -// This tool can be removed as soon as all supported kernels are guaranteed to have -// CONFIG_FS_VERITY_BUILTIN_SIGNATURES disabled, or alternatively as soon as support for upgrades -// from Android 13 or earlier is no longer required. -// - -#define LOG_TAG "fsverity_init" - -#include <sys/types.h> - -#include <filesystem> -#include <string> - -#include <android-base/file.h> -#include <android-base/logging.h> -#include <android-base/strings.h> -#include <log/log.h> -#include <mini_keyctl_utils.h> - -void LoadKeyFromFile(key_serial_t keyring_id, const char* keyname, const std::string& path) { - LOG(INFO) << "LoadKeyFromFile path=" << path << " keyname=" << keyname; - std::string content; - if (!android::base::ReadFileToString(path, &content)) { - LOG(ERROR) << "Failed to read key from " << path; - return; - } - if (add_key("asymmetric", keyname, content.c_str(), content.size(), keyring_id) < 0) { - PLOG(ERROR) << "Failed to add key from " << path; - } -} - -void LoadKeyFromDirectory(key_serial_t keyring_id, const char* keyname_prefix, const char* dir) { - if (!std::filesystem::exists(dir)) { - return; - } - int counter = 0; - for (const auto& entry : std::filesystem::directory_iterator(dir)) { - if (!android::base::EndsWithIgnoreCase(entry.path().c_str(), ".der")) continue; - std::string keyname = keyname_prefix + std::to_string(counter); - counter++; - LoadKeyFromFile(keyring_id, keyname.c_str(), entry.path()); - } -} - -void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) { - // NB: Directories need to be synced with FileIntegrityService.java in - // frameworks/base. - LoadKeyFromDirectory(keyring_id, "fsv_system_", "/system/etc/security/fsverity"); - LoadKeyFromDirectory(keyring_id, "fsv_product_", "/product/etc/security/fsverity"); -} - -int main(int argc, const char** argv) { - if (argc < 2) { - LOG(ERROR) << "Not enough arguments"; - return -1; - } - - key_serial_t keyring_id = android::GetKeyringId(".fs-verity"); - if (keyring_id < 0) { - // This is expected on newer kernels. See comment at the beginning of this file. - LOG(DEBUG) << "no initialization required"; - return 0; - } - - const std::string_view command = argv[1]; - - if (command == "--load-verified-keys") { - LoadKeyFromVerifiedPartitions(keyring_id); - } else { - LOG(ERROR) << "Unknown argument(s)."; - return -1; - } - - return 0; -} |