Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / afe86cc0884fddd22a898ff34356bb40e4cfc357^! / .
commitafe86cc0884fddd22a898ff34356bb40e4cfc357[log] [tgz]
authorMartijn Coenen <maco@google.com>Thu Nov 12 11:01:24 2020 +0100
committerMartijn Coenen <maco@google.com>Thu Nov 12 11:04:34 2020 +0100
treea873e279134b048dcc251d11191a4cf3d35b8b98
parent9e6cef7f07d8c11b3ea820938aeb7ff2e9dbaa52 [diff]
Call early-boot-ended from init.

To make sure it's always called after apexd has run.

Bug: 168585635
Bug: 173005594
Test: inspect logs
Change-Id: Iaff175dea6a658523cdedb8b6894ca23af62bcbf

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 746fc61..e290072 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -807,6 +807,10 @@
     wait_for_prop apexd.status activated
     perform_apex_config
 
+    # After apexes are mounted, tell keymaster early boot has ended, so it will
+    # stop allowing use of early-boot keys
+    exec - system system -- /system/bin/vdc keymaster early-boot-ended
+
     # Special-case /data/media/obb per b/64566063
     mkdir /data/media 0770 media_rw media_rw encryption=None
     exec - media_rw media_rw -- /system/bin/chattr +F /data/media