microdroid_manager: pass apex pubkeys to apexd
Microdroid_manager passes apex pubkeys from the instance.img so that
apexd uses them to verify APEXes.
Bug: 199371341
Test: MicrodroidHostTestCases
Change-Id: I9260e456a00e767a79c8121eb6b391978ece0ae3
diff --git a/microdroid/init.rc b/microdroid/init.rc
index 347f514..23434bb 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc
@@ -18,12 +18,11 @@
start ueventd
mkdir /mnt/apk 0755 system system
+ # Microdroid_manager starts apkdmverity/zipfuse/apexd
start microdroid_manager
- # Exec apexd in the VM mode to avoid unnecessary overhead of normal mode.
- # (e.g. session management)
- exec - root system -- /system/bin/apexd --vm
-
+ # Wait for apexd to finish activating APEXes before starting more processes.
+ wait_for_prop apexd.status activated
perform_apex_config
# Notify to microdroid_manager that perform_apex_config is done.
@@ -170,6 +169,12 @@
mkdir /data/local 0751 root root
mkdir /data/local/tmp 0771 shell shell
+service apexd-vm /system/bin/apexd --vm
+ user root
+ group system
+ oneshot
+ disabled
+
service ueventd /system/bin/ueventd
class core
critical
diff --git a/microdroid/payload/metadata.proto b/microdroid/payload/metadata.proto
index 0fa0650..4c32dde 100644
--- a/microdroid/payload/metadata.proto
+++ b/microdroid/payload/metadata.proto
@@ -38,11 +38,7 @@
// Optional.
// When specified, the public key used to sign the apex should match with it.
- string publicKey = 3;
-
- // Optional.
- // When specified, the root digest of the apex should match with it.
- string rootDigest = 4;
+ bytes public_key = 3;
}
message ApkPayload {