ART: Boot integrity checks for dalvik cache Add a boot rc file that checks for boot classpath components in the dalvik-cache and ensures they are fsverity-protected. Bug: 125474642 Test: m Test: manual Change-Id: I3e7c2926e549c88934d86eb2d1d5264c5930b674

commit: 57975683aaa9a6b93fe7d1bf6c4f3428dcf99ab5 [log] [tgz]
author: Andreas Gampe <agampe@google.com> Mon Mar 04 09:27:11 2019 -0800
committer: Andreas Gampe <agampe@google.com> Wed Mar 13 18:19:00 2019 +0000
tree: 6eea916a15efe232dbd228cfe46dacbe644e2db3
parent: 8682354d448e1c3c355dbcac07b77e9c40e35987 [diff] [blame]
diff --git a/build/apex/Android.bp b/build/apex/Android.bp
index 128a079..dcabfc6 100644
--- a/build/apex/Android.bp
+++ b/build/apex/Android.bp

@@ -188,6 +188,7 @@
     prebuilts: art_runtime_data_file_prebuilts
         + ["com.android.runtime.ld.config.txt"],
     key: "com.android.runtime.key",
+    required: ["art_apex_boot_integrity"],
 }
 
 // Release version of the Runtime APEX module (not containing debug
@@ -358,3 +359,9 @@
     name: "art_postinstall_hook",
     src: "art_postinstall_hook.sh",
 }
+
+sh_binary {
+    name: "art_apex_boot_integrity",
+    src: "art_apex_boot_integrity.sh",
+    init_rc: ["art_apex_boot_integrity.rc"],
+}
commit	57975683aaa9a6b93fe7d1bf6c4f3428dcf99ab5	[log] [tgz]
author	Andreas Gampe <agampe@google.com>	Mon Mar 04 09:27:11 2019 -0800
committer	Andreas Gampe <agampe@google.com>	Wed Mar 13 18:19:00 2019 +0000
tree	6eea916a15efe232dbd228cfe46dacbe644e2db3
parent	8682354d448e1c3c355dbcac07b77e9c40e35987 [diff] [blame]