Merge "Add some keystore boot levels."

commit: 43defd972f06edfeda82e738fd5300b33a8081fa [log] [tgz]
author: Martijn Coenen <maco@google.com> Thu Mar 11 09:25:40 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Mar 11 09:25:40 2021 +0000
tree: 337d95649b696aea3a9e94aa1c9f53c04f4415d1
parent: 72ad5d2958f7a16fb21a23ed9e086ab7b10cec13 [diff]
parent: e94b36637dd2084a3a611dc45a87c5bea7408707 [diff]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 0e1e98b..58e161d 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -630,6 +630,9 @@
     write /sys/kernel/tracing/instances/bootreceiver/events/error_report/error_report_end/enable 1
 
 on post-fs-data
+    # Boot level 30 - at this point daemons like apexd and odsign run
+    setprop keystore.boot_level 30
+
     mark_post_data
 
     # Start checkpoint before we touch data
@@ -908,6 +911,8 @@
     # Lock the fs-verity keyring, so no more keys can be added
     exec -- /system/bin/fsverity_init --lock
 
+    setprop keystore.boot_level 40
+
     # Allow apexd to snapshot and restore device encrypted apex data in the case
     # of a rollback. This should be done immediately after DE_user data keys
     # are loaded. APEXes should not access this data until this has been
commit	43defd972f06edfeda82e738fd5300b33a8081fa	[log] [tgz]
author	Martijn Coenen <maco@google.com>	Thu Mar 11 09:25:40 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Mar 11 09:25:40 2021 +0000
tree	337d95649b696aea3a9e94aa1c9f53c04f4415d1
parent	72ad5d2958f7a16fb21a23ed9e086ab7b10cec13 [diff]
parent	e94b36637dd2084a3a611dc45a87c5bea7408707 [diff]