Don't check for /dev/kvm
Previously we were not running any CompOS related code if /dev/kvm was
not present. But this is not the appropriate check - other VMs are
possible.
I could migrate to checking the newly-introduced properties, but
actually odsign has no reason to check VM capabilities:
- Normally CompOS should not be present on a device that is not
VM-capable.
- Even if it is, it will not generate key files or artifacts, so
odsign won't do any significant work.
- Even if key files did appear, compos_verify_key would fail cleanly &
quickly, preventing any further processing.
Test: boot odsign with & without CompOS files
Test: presubmits
Bug: 217687661
Change-Id: I6edee914f63f8ed579f65c07ce0dc3ad851da541
diff --git a/ondevice-signing/odsign_main.cpp b/ondevice-signing/odsign_main.cpp
index a324857..5c541ae 100644
--- a/ondevice-signing/odsign_main.cpp
+++ b/ondevice-signing/odsign_main.cpp
@@ -53,7 +53,6 @@
constexpr const char* kOdrefreshPath = "/apex/com.android.art/bin/odrefresh";
constexpr const char* kCompOsVerifyPath = "/apex/com.android.compos/bin/compos_verify_key";
constexpr const char* kFsVerityProcPath = "/proc/sys/fs/verity";
-constexpr const char* kKvmDevicePath = "/dev/kvm";
constexpr bool kForceCompilation = false;
constexpr bool kUseCompOs = true;
@@ -145,7 +144,8 @@
}
bool compOsPresent() {
- return access(kCompOsVerifyPath, X_OK) == 0 && access(kKvmDevicePath, F_OK) == 0;
+ // We must have the CompOS APEX
+ return access(kCompOsVerifyPath, X_OK) == 0;
}
Result<void> verifyExistingRootCert(const SigningKey& key) {