| Andreas Gampe | 31782c1 | 2019-02-06 09:47:25 -0800 | [diff] [blame] | 1 | #!/system/bin/sh |
| 2 | |
| 3 | # Copyright (C) 2019 The Android Open Source Project |
| 4 | # |
| 5 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | # you may not use this file except in compliance with the License. |
| 7 | # You may obtain a copy of the License at |
| 8 | # |
| 9 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | # |
| 11 | # Unless required by applicable law or agreed to in writing, software |
| 12 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | # See the License for the specific language governing permissions and |
| 15 | # limitations under the License. |
| 16 | # |
| 17 | |
| 18 | alias log_info="log -t art_apex -p i" |
| 19 | alias log_error="log -t art_apex -p f" |
| 20 | |
| 21 | # Set |ARCHES| to a string containing the architectures of the device. |
| 22 | function set_arches { |
| 23 | # Derive architectures. For now, stop at two. |
| 24 | local abilist_prop=`getprop ro.product.cpu.abilist` |
| 25 | local abilist=`echo $abilist_prop | tr "," "\n"` |
| 26 | ARCHES="" |
| 27 | for abi in $abilist ; do |
| 28 | case "$abi" in |
| 29 | arm64-v8a) |
| 30 | ARCHES="$ARCHES\narm64" |
| 31 | ;; |
| 32 | armeabi-v7a|armeabi) |
| 33 | ARCHES="$ARCHES\narm" |
| 34 | ;; |
| 35 | x86) |
| 36 | ARCHES="$ARCHES\nx86" |
| 37 | ;; |
| 38 | x86_64) |
| 39 | ARCHES="$ARCHES\nx86_64" |
| 40 | ;; |
| 41 | *) |
| 42 | log_error "Unsupported ABI $abi" |
| 43 | return 1 |
| 44 | ;; |
| 45 | esac |
| 46 | done |
| 47 | ARCHES=`echo $ARCHES | uniq` |
| 48 | return 0 |
| 49 | } |
| Andreas Gampe | 2d68fc2 | 2019-02-12 14:12:17 -0800 | [diff] [blame] | 50 | |
| 51 | function setup_fsverity { |
| Andreas Gampe | 4cb26ac | 2019-03-20 16:38:01 -0700 | [diff] [blame] | 52 | local full_shell_path=`readlink -f $0` |
| 53 | local bin_dir=`dirname $full_shell_path` |
| 54 | local apex_dir=`dirname $bin_dir` |
| 55 | local sig_dir="${apex_dir}.signatures" |
| Andreas Gampe | 2d68fc2 | 2019-02-12 14:12:17 -0800 | [diff] [blame] | 56 | local file=$1 |
| Andreas Gampe | 4cb26ac | 2019-03-20 16:38:01 -0700 | [diff] [blame] | 57 | local signature_file="$sig_dir/$file.sig" |
| Andreas Gampe | 2d68fc2 | 2019-02-12 14:12:17 -0800 | [diff] [blame] | 58 | # Setup. |
| Andreas Gampe | 4cb26ac | 2019-03-20 16:38:01 -0700 | [diff] [blame] | 59 | log_info "fsverity setup for $file" |
| Andreas Gampe | 2d68fc2 | 2019-02-12 14:12:17 -0800 | [diff] [blame] | 60 | SETUP_MSG=`fsverity setup $file --signature=$signature_file --hash=sha256 2>&1` || \ |
| 61 | { log_error "Setup failed: $SETUP_MSG" ; return 300 ; } |
| 62 | # Enable. |
| Andreas Gampe | 4cb26ac | 2019-03-20 16:38:01 -0700 | [diff] [blame] | 63 | log_info "fsverity enable for $file" |
| Andreas Gampe | 2d68fc2 | 2019-02-12 14:12:17 -0800 | [diff] [blame] | 64 | ENABLE_MSG=`fsverity enable $file 2>&1` || \ |
| 65 | { log_error "Enable failed: $ENABLE_MSG" ; return 301 ; } |
| 66 | # Test integrity. |
| 67 | INTEGRITY_MSG=`dd if=$file of=/dev/null bs=4k 2>&1` || \ |
| 68 | { log_error "Integrity failed: $INTEGRITY_MSG" ; return 302 ; } |
| 69 | return 0 |
| 70 | } |