Merge "Fix LocalUpdatableMaps"
diff --git a/fs_mgr/liblp/builder.cpp b/fs_mgr/liblp/builder.cpp
index ea3b58e..96068b1 100644
--- a/fs_mgr/liblp/builder.cpp
+++ b/fs_mgr/liblp/builder.cpp
@@ -504,7 +504,7 @@
return total;
}
-void MetadataBuilder::RemovePartition(const std::string& name) {
+void MetadataBuilder::RemovePartition(std::string_view name) {
for (auto iter = partitions_.begin(); iter != partitions_.end(); iter++) {
if ((*iter)->name() == name) {
partitions_.erase(iter);
diff --git a/fs_mgr/liblp/include/liblp/builder.h b/fs_mgr/liblp/include/liblp/builder.h
index 69885fe..4d7f81d 100644
--- a/fs_mgr/liblp/include/liblp/builder.h
+++ b/fs_mgr/liblp/include/liblp/builder.h
@@ -260,7 +260,7 @@
Partition* AddPartition(const std::string& name, uint32_t attributes);
// Delete a partition by name if it exists.
- void RemovePartition(const std::string& name);
+ void RemovePartition(std::string_view name);
// Find a partition by name. If no partition is found, nullptr is returned.
Partition* FindPartition(std::string_view name);
diff --git a/init/fscrypt_init_extensions.cpp b/init/fscrypt_init_extensions.cpp
index 9c2ca75..bd23e31 100644
--- a/init/fscrypt_init_extensions.cpp
+++ b/init/fscrypt_init_extensions.cpp
@@ -38,7 +38,7 @@
#define TAG "fscrypt"
-static int set_system_de_policy_on(const std::string& dir);
+static int set_policy_on(const std::string& ref_basename, const std::string& dir);
int fscrypt_install_keyring() {
key_serial_t device_keyring = add_key("keyring", "fscrypt", 0, 0, KEY_SPEC_SESSION_KEYRING);
@@ -104,7 +104,7 @@
// Special-case /data/media/obb per b/64566063
if (dir == "/data/media/obb") {
// Try to set policy on this directory, but if it is non-empty this may fail.
- set_system_de_policy_on(dir);
+ set_policy_on(fscrypt_key_ref, dir);
return 0;
}
@@ -135,7 +135,16 @@
return 0;
}
}
- int err = set_system_de_policy_on(dir);
+ std::vector<std::string> per_boot_directories = {
+ "per_boot",
+ };
+ for (const auto& d : per_boot_directories) {
+ if ((prefix + d) == dir) {
+ LOG(INFO) << "Setting per_boot key on " << dir;
+ return set_policy_on(fscrypt_key_per_boot_ref, dir);
+ }
+ }
+ int err = set_policy_on(fscrypt_key_ref, dir);
if (err == 0) {
return 0;
}
@@ -147,15 +156,15 @@
if ((prefix + d) == dir) {
LOG(ERROR) << "Setting policy failed, deleting: " << dir;
delete_dir_contents(dir);
- err = set_system_de_policy_on(dir);
+ err = set_policy_on(fscrypt_key_ref, dir);
break;
}
}
return err;
}
-static int set_system_de_policy_on(const std::string& dir) {
- std::string ref_filename = std::string("/data") + fscrypt_key_ref;
+static int set_policy_on(const std::string& ref_basename, const std::string& dir) {
+ std::string ref_filename = std::string("/data") + ref_basename;
std::string policy;
if (!android::base::ReadFileToString(ref_filename, &policy)) {
LOG(ERROR) << "Unable to read system policy to set on " << dir;
diff --git a/libcutils/include/private/android_filesystem_config.h b/libcutils/include/private/android_filesystem_config.h
index ae9dab5..e1e8230 100644
--- a/libcutils/include/private/android_filesystem_config.h
+++ b/libcutils/include/private/android_filesystem_config.h
@@ -128,6 +128,7 @@
#define AID_GPU_SERVICE 1072 /* GPU service daemon */
#define AID_NETWORK_STACK 1073 /* network stack service */
#define AID_GSID 1074 /* GSI service daemon */
+#define AID_FSVERITY_CERT 1075 /* fs-verity key ownership in keystore */
/* Changes to this file must be made in AOSP, *not* in internal branches. */
#define AID_SHELL 2000 /* adb and debug shell user */
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 8808846..a15b501 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -856,6 +856,9 @@
on property:sys.boot_completed=1
bootchart stop
+ # Setup per_boot directory so other .rc could start to use it on boot_completed
+ exec - system system -- /bin/rm -rf /data/per_boot
+ mkdir /data/per_boot 0700 system system
# system server cannot write to /proc/sys files,
# and chown/chmod does not work for /proc/sys/ entries.