commit 6ae155d8ee86d8d398f109a81153a3c2517a2f55
author Eric Biggers <ebiggers@google.com> Thu Jul 06 17:29:20 2023 +0000
committer Eric Biggers <ebiggers@google.com> Thu Jul 06 18:36:16 2023 +0000
tree 81f16cf86341986c26ba94b7f7ac89404b7c2de8
parent 31b4751a4d5ab89657a56989c74d80aef580790e

fsverity_init: remove unneeded functionality

The --load-extra-key option to 'fsverity_init' was only used by odsign,
and --lock was only used by init.rc.  Since these uses have been
removed, remove the code that implemented these options as well.

Bug: 290064770
Test: presubmit
Change-Id: Iaad4b78926748f24dcaddecb27dc28e4c659a574

fsverity_init/fsverity_init.cpp

diff --git a/fsverity_init/fsverity_init.cpp b/fsverity_init/fsverity_init.cpp
index 4761b53..797118d 100644
--- a/fsverity_init/fsverity_init.cpp
+++ b/fsverity_init/fsverity_init.cpp
@@ -42,33 +42,10 @@
 
 #include <android-base/file.h>
 #include <android-base/logging.h>
-#include <android-base/properties.h>
 #include <android-base/strings.h>
 #include <log/log.h>
 #include <mini_keyctl_utils.h>
 
-bool LoadKeyToKeyring(key_serial_t keyring_id, const char* desc, const char* data, size_t size) {
-    key_serial_t key = add_key("asymmetric", desc, data, size, keyring_id);
-    if (key < 0) {
-        PLOG(ERROR) << "Failed to add key";
-        return false;
-    }
-    return true;
-}
-
-bool LoadKeyFromStdin(key_serial_t keyring_id, const char* keyname) {
-    std::string content;
-    if (!android::base::ReadFdToString(STDIN_FILENO, &content)) {
-        LOG(ERROR) << "Failed to read key from stdin";
-        return false;
-    }
-    if (!LoadKeyToKeyring(keyring_id, keyname, content.c_str(), content.size())) {
-        LOG(ERROR) << "Failed to load key from stdin";
-        return false;
-    }
-    return true;
-}
-
 void LoadKeyFromFile(key_serial_t keyring_id, const char* keyname, const std::string& path) {
     LOG(INFO) << "LoadKeyFromFile path=" << path << " keyname=" << keyname;
     std::string content;
@@ -76,8 +53,8 @@
         LOG(ERROR) << "Failed to read key from " << path;
         return;
     }
-    if (!LoadKeyToKeyring(keyring_id, keyname, content.c_str(), content.size())) {
-        LOG(ERROR) << "Failed to load key from " << path;
+    if (add_key("asymmetric", keyname, content.c_str(), content.size(), keyring_id) < 0) {
+        PLOG(ERROR) << "Failed to add key from " << path;
     }
 }
 
@@ -118,20 +95,6 @@
 
     if (command == "--load-verified-keys") {
         LoadKeyFromVerifiedPartitions(keyring_id);
-    } else if (command == "--load-extra-key") {
-        if (argc != 3) {
-            LOG(ERROR) << "--load-extra-key requires <key_name> argument.";
-            return -1;
-        }
-        if (!LoadKeyFromStdin(keyring_id, argv[2])) {
-            return -1;
-        }
-    } else if (command == "--lock") {
-        if (!android::base::GetBoolProperty("ro.debuggable", false)) {
-            if (keyctl_restrict_keyring(keyring_id, nullptr, nullptr) < 0) {
-                PLOG(ERROR) << "Cannot restrict .fs-verity keyring";
-            }
-        }
     } else {
         LOG(ERROR) << "Unknown argument(s).";
         return -1;