init: setup keyring before ueventd starts
(cherry pick from commit 4599627492)
Invent keyutils.h to supply capability to set session keyring.
The keyring will hold things like the FBE encryption keys.
Test: gTest logd-unit-tests --gtest_filter=logd.statistics (from master)
Bug: 37751120
Bug: 36645158
Change-Id: Ieb44fa8f53dda6cf506a6243498c72d7f7f3cde7
This commit is contained in:
Mark Salyzyn
parent
d5398bf97d
commit
2350391b8d
2 changed files with 50 additions and 0 deletions
|
|
@ -19,6 +19,7 @@
|
|||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <inttypes.h>
|
||||
#include <keyutils.h>
|
||||
#include <libgen.h>
|
||||
#include <paths.h>
|
||||
#include <signal.h>
|
||||
|
|
@ -1028,6 +1029,11 @@ int main(int argc, char** argv) {
|
|||
InitKernelLogging(argv);
|
||||
LOG(INFO) << "init second stage started!";
|
||||
|
||||
// Set up a session keyring that all processes will have access to. It
|
||||
// will hold things like FBE encryption keys. No process should override
|
||||
// its session keyring.
|
||||
keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_SESSION_KEYRING, 1);
|
||||
|
||||
// Indicate that booting is in progress to background fw loaders, etc.
|
||||
close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000));
|
||||
|
||||
|
|
|
|||
44
init/keyutils.h
Normal file
44
init/keyutils.h
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
/*
|
||||
* Copyright (C) 2017 The Android Open Source Project
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
/* Miniature version of a header-only keyutils.h (no library required) */
|
||||
|
||||
#ifndef _INIT_KEYUTILS_H_
|
||||
#define _INIT_KEYUTILS_H_
|
||||
|
||||
#ifndef KEYUTILS_H /* walk away if the _real_ one exists */
|
||||
|
||||
#include <linux/keyctl.h>
|
||||
#include <stdarg.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <unistd.h>
|
||||
|
||||
static inline long keyctl(int cmd, ...) {
|
||||
va_list va;
|
||||
unsigned long arg2, arg3, arg4, arg5;
|
||||
|
||||
va_start(va, cmd);
|
||||
arg2 = va_arg(va, unsigned long);
|
||||
arg3 = va_arg(va, unsigned long);
|
||||
arg4 = va_arg(va, unsigned long);
|
||||
arg5 = va_arg(va, unsigned long);
|
||||
va_end(va);
|
||||
return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#endif
|
||||
Loading…
Add table
Reference in a new issue