Commit graph

9 commits

Author SHA1 Message Date
Victor Hsieh
59183120c2 Initialize fs-verity keys in shell script
This gives us two benefits:
  - Better compatibility to keyctl(1), which doesn't have "dadd"
  - Pave the way to specify key's security labels, since keyctl(1)
    doesn't support, and we want to avoid adding incompatible option.

Test: See keys loaded in /proc/keys
Bug: 128607724
Change-Id: Ia45f6e9dea80d037c0820cf1fd2bc9d7c8bb6302
2019-03-22 09:18:00 -07:00
Victor Hsieh
0fb290bb8a mini-keyctl: use ParseInt to parse keys
- Valid ID format examples: 0x90a, 123
 - ID like 90a will not work now.

Bug: None
Test: mini-keyctl unlink 0x11d25c86 0x2873c96d

Change-Id: I057bce0a49a60f475d54b23e28dc18db25124466
2019-03-18 13:57:05 -07:00
Victor Hsieh
582c7b9b82 mini-keyctl cleanup: keep local funcitons static
Test: build
Bug: None
Change-Id: If58f496173d8afff9eb81ff7f5975ddaac765d18
2019-03-18 09:45:12 -07:00
Victor Hsieh
327037f063 mini-keyctl: support printing security label
Test: mini-keyctl security <key_id>
Bug: 128607724
Change-Id: If92b41d0aa96d626933546391b964ca2a8a48703
2019-03-15 16:01:01 -07:00
Xiaoyong Zhou
b29b27ec7f Change mini-keyctl command format.
This CL change the mini-keyctl tool to make it compitable with libkeyctl
tool to make it more useful.

Bug: 112038861
Test: mini-keyctl padd asymmetric 'desc' .fs-verity < /path/to/cert.der
Test: mini-keyctl unlink <key_id> <keyring_id>
Test: mini-keyctl restrict_keyring <keyring_id>

Change-Id: I950f07c7718f173823ce5a5cd08e0d1a0e23a007
2019-03-08 09:59:42 -08:00
Xiaoyong Zhou
4a5c352e6d Add a tool to add keys to keyring.
This CL adds a binary to load keys to a keyring.

Bug: 112038861
Test: mini-keyctl -k .fsverity -c PATH_CONTAINER_CERTS
Test: cat /proc/keys and find the newly added keys
Change-Id: Iead68618ea194e9412616c5c6cff885e3cf78520
2019-01-30 13:08:31 -08:00
Jiyong Park
a0e75045e6 Build adbd for recovery
adbd (and its dependencies) are marked as recovery_available:true so
that recovery version of the binary is built separately from the one for
system partition. This allows us to stop copying the system version to
the recovery partition and also opens up the way to enable shared
libraries in the recovery partition. Then we can also build adbd as a
dynamic executable.

Bug: 79146551
Test: m -j adbd.recovery
Change-Id: Ib95614c7435f9d0afc02a0c7d5ae1a94e439e32a
2018-05-24 14:11:11 +09:00
Elliott Hughes
40fdf3f4ab Add test_suites lines.
Bug: N/A
Test: builds
Change-Id: Ic5e2b9206bcfcb53c774989013b5db6aab462e42
2018-04-27 16:12:06 -07:00
Elliott Hughes
1eeee96676 Add libkeyutils.
Also move init over to it.

Bug: http://b/37991155
Test: builds+boots
Change-Id: I5113a9d96a5ce0a0f3bad71134d6cc4f7b41a57e
2017-05-10 14:53:28 -07:00