Commit 2170b7cd authored Dec 28, 2024 by Karuna Wadhera

Run module code only after KeyMints receive module info

In order to prevent updateable APEX modules from interfering in module
measurement, have `perform_apex_config` wait for the new system
property `keystore.module_hash.sent` to be set to true before running.
Keystore sets `keystore.module_hash.sent` to true after receiving a
non-error response to `setAdditionalAttestationInfo` from all V4+
KeyMints.

Since Keystore waits for `apexd.status` to be set to
`activated` (before calling `setAdditionalAttestationInfo`),
`perform_apex_config` no longer needs to (once flagging is removed).

Note that boot will hang if sending module info fails (as we'll be stuck
on the wait). Preventing boot from continuing is an intended consequence
- an error here likely indicates a more general issue with Keystore or
  KeyMint (and one that likely isn't specific to an individual device).

Bug: 369375199
Test: Manual (boots)
Change-Id: Id67c674643762b1fdbba42a407c21756a78ea18d

parent 64d68e1d

rootdir/init.rc

+4 −1

Original line number	Original line	Diff line number	Diff line
	@@ -995,8 +995,11 @@ on post-fs-data
	mkdir /data/misc/stats-service/ 0770 statsd system		mkdir /data/misc/stats-service/ 0770 statsd system
	mkdir /data/misc/train-info/ 0770 statsd system		mkdir /data/misc/train-info/ 0770 statsd system

	# Wait for apexd to finish activating APEXes before starting more processes.		# TODO(b/369375199): Remove once attest modules flagging is removed.
	wait_for_prop apexd.status activated		wait_for_prop apexd.status activated
			# Wait for KeyMints to receive APEX module info before starting code from updateable APEXes.
			# This is to prevent APEX modules from interfering in module measurement.
			wait_for_prop keystore.module_hash.sent true
	perform_apex_config		perform_apex_config

	exec_start system_aconfigd_mainline_init		exec_start system_aconfigd_mainline_init