Move restorecon of /data earlier in boot sequence.
A future early-boot daemon (on-device signing) needs to access /data/misc before fs-verity keys are locked. Therefore, move the restorecon of /data up a bit, to make sure the labels are correct. To be safe, only run it after init_user0, since that function is responsible for loading DE keys. Also move early boot keys and fs-verity key locking a bit later, since the on-device signing daemon needs to use both of these, but it also needs the restorecon to function correctly. Bug: 174740982 Test: manual Change-Id: I9b6e44d9b547d420e1c6ba01fb3d3accc0625e20
This commit is contained in:
Martijn Coenen
parent
ba73e995e5
commit
c7a26dc263
1 changed files with 10 additions and 10 deletions
|
|
@ -856,13 +856,6 @@ on post-fs-data
|
|||
wait_for_prop apexd.status activated
|
||||
perform_apex_config
|
||||
|
||||
# Lock the fs-verity keyring, so no more keys can be added
|
||||
exec -- /system/bin/fsverity_init --lock
|
||||
|
||||
# After apexes are mounted, tell keymaster early boot has ended, so it will
|
||||
# stop allowing use of early-boot keys
|
||||
exec - system system -- /system/bin/vdc keymaster earlyBootEnded
|
||||
|
||||
# Special-case /data/media/obb per b/64566063
|
||||
mkdir /data/media 0770 media_rw media_rw encryption=None
|
||||
exec - media_rw media_rw -- /system/bin/chattr +F /data/media
|
||||
|
|
@ -872,15 +865,22 @@ on post-fs-data
|
|||
|
||||
init_user0
|
||||
|
||||
# Set SELinux security contexts on upgrade or policy update.
|
||||
restorecon --recursive --skip-ce /data
|
||||
|
||||
# After apexes are mounted, tell keymaster early boot has ended, so it will
|
||||
# stop allowing use of early-boot keys
|
||||
exec - system system -- /system/bin/vdc keymaster earlyBootEnded
|
||||
|
||||
# Lock the fs-verity keyring, so no more keys can be added
|
||||
exec -- /system/bin/fsverity_init --lock
|
||||
|
||||
# Allow apexd to snapshot and restore device encrypted apex data in the case
|
||||
# of a rollback. This should be done immediately after DE_user data keys
|
||||
# are loaded. APEXes should not access this data until this has been
|
||||
# completed and apexd.status becomes "ready".
|
||||
exec_start apexd-snapshotde
|
||||
|
||||
# Set SELinux security contexts on upgrade or policy update.
|
||||
restorecon --recursive --skip-ce /data
|
||||
|
||||
# Check any timezone data in /data is newer than the copy in the time zone data
|
||||
# module, delete if not.
|
||||
exec - system system -- /system/bin/tzdatacheck /apex/com.android.tzdata/etc/tz /data/misc/zoneinfo
|
||||
|
|
|
|||
Loading…
Reference in a new issue