Remove fsverity_init

Now that fsverity_init is no longer used, it can be removed.
For more details, see https://r.android.com/2662658.

Bug: 290064770
Test: presubmit
Change-Id: I9a90a7141d708ea8aaeefc54288083ee5a0f52ff

3 files changed, 0 insertions, 134 deletions

diff --git a/fsverity_init/Android.bp b/fsverity_init/Android.bp
deleted file mode 100644
index 07eaf6a2..00000000
--- a/fsverity_init/Android.bp
+++ /dev/null
@@ -1,25 +0,0 @@
-package {
-    // See: http://go/android-license-faq
-    // A large-scale-change added 'default_applicable_licenses' to import
-    // all of the 'license_kinds' from "system_security_license"
-    // to get the below license kinds:
-    //   SPDX-license-identifier-Apache-2.0
-    default_applicable_licenses: ["system_security_license"],
-}
-
-cc_binary {
-    name: "fsverity_init",
-    srcs: [
-        "fsverity_init.cpp",
-    ],
-    static_libs: [
-        "libc++fs",
-        "libmini_keyctl_static",
-    ],
-    shared_libs: [
-        "libbase",
-        "libkeyutils",
-        "liblog",
-    ],
-    cflags: ["-Werror", "-Wall", "-Wextra"],
-}
diff --git a/fsverity_init/OWNERS b/fsverity_init/OWNERS
deleted file mode 100644
index f9e7b25e..00000000
--- a/fsverity_init/OWNERS
+++ /dev/null
@@ -1,5 +0,0 @@
-alanstokes@google.com
-ebiggers@google.com
-jeffv@google.com
-jiyong@google.com
-victorhsieh@google.com
diff --git a/fsverity_init/fsverity_init.cpp b/fsverity_init/fsverity_init.cpp
deleted file mode 100644
index 797118d4..00000000
--- a/fsverity_init/fsverity_init.cpp
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-//
-// fsverity_init is a tool for loading X.509 certificates into the kernel keyring used by the
-// fsverity builtin signature verification kernel feature
-// (https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#built-in-signature-verification).
-// Starting in Android 14, Android has actually stopped using this feature, as it was too inflexible
-// and caused problems.  It has been replaced by userspace signature verification.  Also, some uses
-// of fsverity in Android are now for integrity-only use cases.
-//
-// Regardless, there may exist fsverity files on-disk that were created by Android 13 or earlier.
-// These files still have builtin signatures.  If the kernel is an older kernel that still has
-// CONFIG_FS_VERITY_BUILTIN_SIGNATURES enabled, these files cannot be opened unless the
-// corresponding key is in the ".fs-verity" keyring.  Therefore, this tool still has to exist and be
-// used to load keys into the kernel, even though this has no security purpose anymore.
-//
-// This tool can be removed as soon as all supported kernels are guaranteed to have
-// CONFIG_FS_VERITY_BUILTIN_SIGNATURES disabled, or alternatively as soon as support for upgrades
-// from Android 13 or earlier is no longer required.
-//
-
-#define LOG_TAG "fsverity_init"
-
-#include <sys/types.h>
-
-#include <filesystem>
-#include <string>
-
-#include <android-base/file.h>
-#include <android-base/logging.h>
-#include <android-base/strings.h>
-#include <log/log.h>
-#include <mini_keyctl_utils.h>
-
-void LoadKeyFromFile(key_serial_t keyring_id, const char* keyname, const std::string& path) {
-    LOG(INFO) << "LoadKeyFromFile path=" << path << " keyname=" << keyname;
-    std::string content;
-    if (!android::base::ReadFileToString(path, &content)) {
-        LOG(ERROR) << "Failed to read key from " << path;
-        return;
-    }
-    if (add_key("asymmetric", keyname, content.c_str(), content.size(), keyring_id) < 0) {
-        PLOG(ERROR) << "Failed to add key from " << path;
-    }
-}
-
-void LoadKeyFromDirectory(key_serial_t keyring_id, const char* keyname_prefix, const char* dir) {
-    if (!std::filesystem::exists(dir)) {
-        return;
-    }
-    int counter = 0;
-    for (const auto& entry : std::filesystem::directory_iterator(dir)) {
-        if (!android::base::EndsWithIgnoreCase(entry.path().c_str(), ".der")) continue;
-        std::string keyname = keyname_prefix + std::to_string(counter);
-        counter++;
-        LoadKeyFromFile(keyring_id, keyname.c_str(), entry.path());
-    }
-}
-
-void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) {
-    // NB: Directories need to be synced with FileIntegrityService.java in
-    // frameworks/base.
-    LoadKeyFromDirectory(keyring_id, "fsv_system_", "/system/etc/security/fsverity");
-    LoadKeyFromDirectory(keyring_id, "fsv_product_", "/product/etc/security/fsverity");
-}
-
-int main(int argc, const char** argv) {
-    if (argc < 2) {
-        LOG(ERROR) << "Not enough arguments";
-        return -1;
-    }
-
-    key_serial_t keyring_id = android::GetKeyringId(".fs-verity");
-    if (keyring_id < 0) {
-        // This is expected on newer kernels.  See comment at the beginning of this file.
-        LOG(DEBUG) << "no initialization required";
-        return 0;
-    }
-
-    const std::string_view command = argv[1];
-
-    if (command == "--load-verified-keys") {
-        LoadKeyFromVerifiedPartitions(keyring_id);
-    } else {
-        LOG(ERROR) << "Unknown argument(s).";
-        return -1;
-    }
-
-    return 0;
-}