Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 851026d5 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Do not restrict .fs-verity keyring in debuggable build 

Test: add logs, see expected behavior
Bug: 112038861
Change-Id: Ib133d2206a7696caaf42ab5f0a6d79aa5308b332
parent 5c58e092

rootdir/fsverity_init.sh

+6 −3
Original line number Diff line number Diff line
@@ -24,6 +24,9 @@ for cert in /product/etc/security/fsverity/*.der; do 
    log -p e -t fsverity_init "Failed to load $cert"

done



DEBUGGABLE=$(getprop ro.debuggable)

if [ $DEBUGGABLE != "1" ]; then

  # Prevent future key links to .fs-verity keyring

  /system/bin/mini-keyctl restrict_keyring .fs-verity ||

    log -p e -t fsverity_init "Failed to restrict .fs-verity keyring"

fi