Run module code only after KeyMints receive module info
In order to prevent updateable APEX modules from interfering in module
measurement, have `perform_apex_config` wait for the new system
property `keystore.module_hash.sent` to be set to true before running.
Keystore sets `keystore.module_hash.sent` to true after receiving a
non-error response to `setAdditionalAttestationInfo` from all V4+
KeyMints.
Since Keystore waits for `apexd.status` to be set to
`activated` (before calling `setAdditionalAttestationInfo`),
`perform_apex_config` no longer needs to (once flagging is removed).
Note that boot will hang if sending module info fails (as we'll be stuck
on the wait). Preventing boot from continuing is an intended consequence
- an error here likely indicates a more general issue with Keystore or
KeyMint (and one that likely isn't specific to an individual device).
Bug: 369375199
Test: Manual (boots)
Change-Id: Id67c674643762b1fdbba42a407c21756a78ea18d
diff --git a/rootdir/init.rc b/rootdir/init.rc
index f1670ae..0b45e73 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -995,8 +995,11 @@
mkdir /data/misc/stats-service/ 0770 statsd system
mkdir /data/misc/train-info/ 0770 statsd system
- # Wait for apexd to finish activating APEXes before starting more processes.
+ # TODO(b/369375199): Remove once attest modules flagging is removed.
wait_for_prop apexd.status activated
+ # Wait for KeyMints to receive APEX module info before starting code from updateable APEXes.
+ # This is to prevent APEX modules from interfering in module measurement.
+ wait_for_prop keystore.module_hash.sent true
perform_apex_config
exec_start system_aconfigd_mainline_init