Merge "Do not restrict .fs-verity keyring in debuggable build"

2019-04-05 16:21:15 +00:00 · 2019-04-05 16:21:15 +00:00 · be51525424
commit be51525424
parent 55ba959c13 851026d569
1 changed files with 6 additions and 3 deletions
--- a/rootdir/fsverity_init.sh
+++ b/rootdir/fsverity_init.sh
@ -24,6 +24,9 @@ for cert in /product/etc/security/fsverity/*.der; do
    log -p e -t fsverity_init "Failed to load $cert"
 done

-# Prevent future key links to .fs-verity keyring
-/system/bin/mini-keyctl restrict_keyring .fs-verity ||
-  log -p e -t fsverity_init "Failed to restrict .fs-verity keyring"
+DEBUGGABLE=$(getprop ro.debuggable)
+if [ $DEBUGGABLE != "1" ]; then
+  # Prevent future key links to .fs-verity keyring
+  /system/bin/mini-keyctl restrict_keyring .fs-verity ||
+    log -p e -t fsverity_init "Failed to restrict .fs-verity keyring"
+fi