commit 753ac2a34ba00b834f71ac214d9f76ee72dad11a
author Victor Hsieh <victorhsieh@google.com> Fri Apr 03 15:17:37 2020 -0700
committer Victor Hsieh <victorhsieh@google.com> Fri Apr 03 15:30:09 2020 -0700
tree 2dce1c5ce6b6d99a9cb7b11b9b3408847a4ba6d5
parent 21b6c38fa099855a88483bcc4960b39eb0446707

Also load fs-verity cert from /system/etc/security/fsverity/

Bug: 153112812
Test: able to use the new cert after reboot
Change-Id: I01085913f81898592a3a1edcaa97aff6dc8ac89c

fsverity_init/fsverity_init.cpp

diff --git a/fsverity_init/fsverity_init.cpp b/fsverity_init/fsverity_init.cpp
index e2a8bf7..4ed25cd 100644
--- a/fsverity_init/fsverity_init.cpp
+++ b/fsverity_init/fsverity_init.cpp
@@ -37,10 +37,8 @@
     return true;
 }
 
-void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) {
-    const char* dir = "/product/etc/security/fsverity";
+void LoadKeyFromDirectory(key_serial_t keyring_id, const char* keyname, const char* dir) {
     if (!std::filesystem::exists(dir)) {
-        LOG(ERROR) << "no such dir: " << dir;
         return;
     }
     for (const auto& entry : std::filesystem::directory_iterator(dir)) {
@@ -49,12 +47,19 @@
         if (!android::base::ReadFileToString(entry.path(), &content)) {
             continue;
         }
-        if (!LoadKeyToKeyring(keyring_id, "fsv_system", content.c_str(), content.size())) {
+        if (!LoadKeyToKeyring(keyring_id, keyname, content.c_str(), content.size())) {
             LOG(ERROR) << "Failed to load key from " << entry.path();
         }
     }
 }
 
+void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) {
+    // NB: Directories need to be synced with FileIntegrityService.java in
+    // frameworks/base.
+    LoadKeyFromDirectory(keyring_id, "fsv_system", "/system/etc/security/fsverity");
+    LoadKeyFromDirectory(keyring_id, "fsv_product", "/product/etc/security/fsverity");
+}
+
 int main(int /*argc*/, const char** /*argv*/) {
     key_serial_t keyring_id = android::GetKeyringId(".fs-verity");
     if (keyring_id < 0) {