From 66e2127c47d8863cea5b9d9899dd549d09bd1542 Mon Sep 17 00:00:00 2001
From: Xiaoyong Zhou <xzhou@google.com>
Date: Tue, 29 Jan 2019 16:01:38 -0800
Subject: [PATCH] Loads fsverity keys

This CL calls mini-keyctl to load fsverity keys.

Bug: 112038861
Test: cat /proc/keys
Change-Id: I3b7cf85c2f64116a56349c54ed5fa4e8cf14a730
---
 rootdir/init.rc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 4a19e3930..7aba3dce7 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -587,6 +587,9 @@ on post-fs-data
     # Check any timezone data in /data is newer than the copy in the runtime module, delete if not.
     exec - system system -- /system/bin/tzdatacheck /apex/com.android.runtime/etc/tz /data/misc/zoneinfo
 
+    # load fsverity keys
+    exec -- /system/bin/mini-keyctl -c /product/etc/security/cacerts_fsverity,/vendor/etc/security/cacerts_fsverity -k .fs-verity
+
     # Wait for apexd to finish activating APEXes before starting more processes.
     # This certainly reduces the parallelism but is required to make as many processes
     # as possible to use the bionic libs from the runtime APEX. This takes less than 50ms