Init: Run boringssl self test via separate binaries. (1136f159) · Commits · e / os / android_system_core

init/Android.bp

+0 −1

Original line number	Original line	Diff line number	Diff line
	@@ -109,7 +109,6 @@ cc_library_static {
	"action.cpp",		"action.cpp",
	"action_manager.cpp",		"action_manager.cpp",
	"action_parser.cpp",		"action_parser.cpp",
	"boringssl_self_test.cpp",
	"bootchart.cpp",		"bootchart.cpp",
	"builtins.cpp",		"builtins.cpp",
	"capabilities.cpp",		"capabilities.cpp",

init/boringssl_self_test.cpp

deleted100644 → 0

+0 −56

Original line number	Original line	Diff line number	Diff line
	/*
	* Copyright (C) 2018 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#include "boringssl_self_test.h"

	#include <android-base/logging.h>
	#include <cutils/android_reboot.h>
	#include <openssl/crypto.h>
	#include <sys/types.h>
	#include <unistd.h>

	namespace android {
	namespace init {

	Result<void> StartBoringSslSelfTest(const BuiltinArguments&) {
	pid_t id = fork();

	if (id == 0) {
	if (BORINGSSL_self_test() != 1) {
	LOG(INFO) << "BoringSSL crypto self tests failed";

	// This check has failed, so the device should refuse
	// to boot. Rebooting to bootloader to wait for
	// further action from the user.

	int result = android_reboot(ANDROID_RB_RESTART2, 0,
	"bootloader,boringssl-self-check-failed");
	if (result != 0) {
	LOG(ERROR) << "Failed to reboot into bootloader";
	}
	}

	_exit(0);
	} else if (id == -1) {
	// Failed to fork, so cannot run the test. Refuse to continue.
	PLOG(FATAL) << "Failed to fork for BoringSSL self test";
	}

	return {};
	}

	} // namespace init
	} // namespace android

init/boringssl_self_test.h

deleted100644 → 0

+0 −28

Original line number	Original line	Diff line number	Diff line
	/*
	* Copyright (C) 2018 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#pragma once

	#include "builtin_arguments.h"
	#include "result.h"

	namespace android {
	namespace init {

	Result<void> StartBoringSslSelfTest(const BuiltinArguments&);

	} // namespace init
	} // namespace android

init/init.cpp

+0 −4

Original line number	Original line	Diff line number	Diff line
	@@ -51,7 +51,6 @@
	#include <selinux/android.h>		#include <selinux/android.h>

	#include "action_parser.h"		#include "action_parser.h"
	#include "boringssl_self_test.h"
	#include "builtins.h"		#include "builtins.h"
	#include "epoll.h"		#include "epoll.h"
	#include "first_stage_init.h"		#include "first_stage_init.h"
	@@ -739,9 +738,6 @@ int SecondStageMain(int argc, char** argv) {
	// Trigger all the boot actions to get us started.		// Trigger all the boot actions to get us started.
	am.QueueEventTrigger("init");		am.QueueEventTrigger("init");

	// Starting the BoringSSL self test, for NIAP certification compliance.
	am.QueueBuiltinAction(StartBoringSslSelfTest, "StartBoringSslSelfTest");

	// Repeat mix_hwrng_into_linux_rng in case /dev/hw_random or /dev/random		// Repeat mix_hwrng_into_linux_rng in case /dev/hw_random or /dev/random
	// wasn't ready immediately after wait_for_coldboot_done		// wasn't ready immediately after wait_for_coldboot_done
	am.QueueBuiltinAction(MixHwrngIntoLinuxRngAction, "MixHwrngIntoLinuxRng");		am.QueueBuiltinAction(MixHwrngIntoLinuxRngAction, "MixHwrngIntoLinuxRng");

rootdir/init.rc

+11 −1

Original line number	Original line	Diff line number	Diff line
	@@ -127,7 +127,7 @@ on init
	mkdir /mnt/expand 0771 system system		mkdir /mnt/expand 0771 system system
	mkdir /mnt/appfuse 0711 root root		mkdir /mnt/appfuse 0711 root root

	# tmpfs place for BORINGSSL_self_test() to remember whether it has run		# These must already exist by the time boringssl_self_test32 / boringssl_self_test64 run.
	mkdir /dev/boringssl 0755 root root		mkdir /dev/boringssl 0755 root root
	mkdir /dev/boringssl/selftest 0755 root root		mkdir /dev/boringssl/selftest 0755 root root

	@@ -315,6 +315,16 @@ on init
	start hwservicemanager		start hwservicemanager
	start vndservicemanager		start vndservicemanager

			# Run boringssl self test for each ABI so that later processes can skip it. http://b/139348610
			on init && property:ro.product.cpu.abilist32=*:
			exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test32
			on init && property:ro.product.cpu.abilist64=*
			exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test64
			on property:apexd.status=ready && property:ro.product.cpu.abilist64=*
			exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test64
			on property:apexd.status=ready && property:ro.product.cpu.abilist32=*
			exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test32

	# Healthd can trigger a full boot from charger mode by signaling this		# Healthd can trigger a full boot from charger mode by signaling this
	# property when the power button is held.		# property when the power button is held.
	on property:sys.boot_from_charger_mode=1		on property:sys.boot_from_charger_mode=1