Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 851026d5 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Do not restrict .fs-verity keyring in debuggable build

Test: add logs, see expected behavior
Bug: 112038861
Change-Id: Ib133d2206a7696caaf42ab5f0a6d79aa5308b332
parent 5c58e092
Loading
Loading
Loading
Loading
+6 −3
Original line number Diff line number Diff line
@@ -24,6 +24,9 @@ for cert in /product/etc/security/fsverity/*.der; do
    log -p e -t fsverity_init "Failed to load $cert"
done

DEBUGGABLE=$(getprop ro.debuggable)
if [ $DEBUGGABLE != "1" ]; then
  # Prevent future key links to .fs-verity keyring
  /system/bin/mini-keyctl restrict_keyring .fs-verity ||
    log -p e -t fsverity_init "Failed to restrict .fs-verity keyring"
fi