Rewrite key management & signing
Extend compos_helper to support signing, use it from CompOS.
Expose the public key from the VM. Rename compos_verify_key to
compos_verify and get it to verify the signature against the current
instance's public key.
Also move DICE access to compos_key_main. There's no use having it in
the library - neither the tests nor compos_verify can use it - and it
complicates the build rules.
There's a lot more that can be deleted, but I'll do that in a
follow-up; this is big enough already.
Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I2d71f68a595d5ddadb2e7b16937fa6855f5db0ab
diff --git a/compos/composd/src/odrefresh_task.rs b/compos/composd/src/odrefresh_task.rs
index d1d0e28..9dec1c1 100644
--- a/compos/composd/src/odrefresh_task.rs
+++ b/compos/composd/src/odrefresh_task.rs
@@ -26,7 +26,7 @@
use compos_aidl_interface::aidl::com::android::compos::ICompOsService::{
CompilationMode::CompilationMode, ICompOsService,
};
-use compos_common::odrefresh::ExitCode;
+use compos_common::odrefresh::{ExitCode, ODREFRESH_OUTPUT_ROOT_DIR};
use log::{error, info, warn};
use rustutils::system_properties;
use std::fs::{remove_dir_all, File, OpenOptions};
@@ -36,8 +36,6 @@
use std::sync::{Arc, Mutex};
use std::thread;
-const ART_APEX_DATA: &str = "/data/misc/apexdata/com.android.art";
-
#[derive(Clone)]
pub struct OdrefreshTask {
running_task: Arc<Mutex<Option<RunningTask>>>,
@@ -122,7 +120,7 @@
compilation_mode: CompilationMode,
target_dir_name: &str,
) -> Result<ExitCode> {
- let output_root = Path::new(ART_APEX_DATA);
+ let output_root = Path::new(ODREFRESH_OUTPUT_ROOT_DIR);
// We need to remove the target directory because odrefresh running in compos will create it
// (and can't see the existing one, since authfs doesn't show it existing files in an output