Loading init/Android.bp +0 −1 Original line number Diff line number Diff line Loading @@ -109,7 +109,6 @@ cc_library_static { "action.cpp", "action_manager.cpp", "action_parser.cpp", "boringssl_self_test.cpp", "bootchart.cpp", "builtins.cpp", "capabilities.cpp", Loading init/boringssl_self_test.cppdeleted 100644 → 0 +0 −56 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "boringssl_self_test.h" #include <android-base/logging.h> #include <cutils/android_reboot.h> #include <openssl/crypto.h> #include <sys/types.h> #include <unistd.h> namespace android { namespace init { Result<void> StartBoringSslSelfTest(const BuiltinArguments&) { pid_t id = fork(); if (id == 0) { if (BORINGSSL_self_test() != 1) { LOG(INFO) << "BoringSSL crypto self tests failed"; // This check has failed, so the device should refuse // to boot. Rebooting to bootloader to wait for // further action from the user. int result = android_reboot(ANDROID_RB_RESTART2, 0, "bootloader,boringssl-self-check-failed"); if (result != 0) { LOG(ERROR) << "Failed to reboot into bootloader"; } } _exit(0); } else if (id == -1) { // Failed to fork, so cannot run the test. Refuse to continue. PLOG(FATAL) << "Failed to fork for BoringSSL self test"; } return {}; } } // namespace init } // namespace android init/boringssl_self_test.hdeleted 100644 → 0 +0 −28 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #pragma once #include "builtin_arguments.h" #include "result.h" namespace android { namespace init { Result<void> StartBoringSslSelfTest(const BuiltinArguments&); } // namespace init } // namespace android init/init.cpp +0 −4 Original line number Diff line number Diff line Loading @@ -51,7 +51,6 @@ #include <selinux/android.h> #include "action_parser.h" #include "boringssl_self_test.h" #include "builtins.h" #include "epoll.h" #include "first_stage_init.h" Loading Loading @@ -739,9 +738,6 @@ int SecondStageMain(int argc, char** argv) { // Trigger all the boot actions to get us started. am.QueueEventTrigger("init"); // Starting the BoringSSL self test, for NIAP certification compliance. am.QueueBuiltinAction(StartBoringSslSelfTest, "StartBoringSslSelfTest"); // Repeat mix_hwrng_into_linux_rng in case /dev/hw_random or /dev/random // wasn't ready immediately after wait_for_coldboot_done am.QueueBuiltinAction(MixHwrngIntoLinuxRngAction, "MixHwrngIntoLinuxRng"); Loading rootdir/init.rc +11 −1 Original line number Diff line number Diff line Loading @@ -127,7 +127,7 @@ on init mkdir /mnt/expand 0771 system system mkdir /mnt/appfuse 0711 root root # tmpfs place for BORINGSSL_self_test() to remember whether it has run # These must already exist by the time boringssl_self_test32 / boringssl_self_test64 run. mkdir /dev/boringssl 0755 root root mkdir /dev/boringssl/selftest 0755 root root Loading Loading @@ -315,6 +315,16 @@ on init start hwservicemanager start vndservicemanager # Run boringssl self test for each ABI so that later processes can skip it. http://b/139348610 on init && property:ro.product.cpu.abilist32=*: exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test32 on init && property:ro.product.cpu.abilist64=* exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test64 on property:apexd.status=ready && property:ro.product.cpu.abilist64=* exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test64 on property:apexd.status=ready && property:ro.product.cpu.abilist32=* exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test32 # Healthd can trigger a full boot from charger mode by signaling this # property when the power button is held. on property:sys.boot_from_charger_mode=1 Loading Loading
init/Android.bp +0 −1 Original line number Diff line number Diff line Loading @@ -109,7 +109,6 @@ cc_library_static { "action.cpp", "action_manager.cpp", "action_parser.cpp", "boringssl_self_test.cpp", "bootchart.cpp", "builtins.cpp", "capabilities.cpp", Loading
init/boringssl_self_test.cppdeleted 100644 → 0 +0 −56 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "boringssl_self_test.h" #include <android-base/logging.h> #include <cutils/android_reboot.h> #include <openssl/crypto.h> #include <sys/types.h> #include <unistd.h> namespace android { namespace init { Result<void> StartBoringSslSelfTest(const BuiltinArguments&) { pid_t id = fork(); if (id == 0) { if (BORINGSSL_self_test() != 1) { LOG(INFO) << "BoringSSL crypto self tests failed"; // This check has failed, so the device should refuse // to boot. Rebooting to bootloader to wait for // further action from the user. int result = android_reboot(ANDROID_RB_RESTART2, 0, "bootloader,boringssl-self-check-failed"); if (result != 0) { LOG(ERROR) << "Failed to reboot into bootloader"; } } _exit(0); } else if (id == -1) { // Failed to fork, so cannot run the test. Refuse to continue. PLOG(FATAL) << "Failed to fork for BoringSSL self test"; } return {}; } } // namespace init } // namespace android
init/boringssl_self_test.hdeleted 100644 → 0 +0 −28 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #pragma once #include "builtin_arguments.h" #include "result.h" namespace android { namespace init { Result<void> StartBoringSslSelfTest(const BuiltinArguments&); } // namespace init } // namespace android
init/init.cpp +0 −4 Original line number Diff line number Diff line Loading @@ -51,7 +51,6 @@ #include <selinux/android.h> #include "action_parser.h" #include "boringssl_self_test.h" #include "builtins.h" #include "epoll.h" #include "first_stage_init.h" Loading Loading @@ -739,9 +738,6 @@ int SecondStageMain(int argc, char** argv) { // Trigger all the boot actions to get us started. am.QueueEventTrigger("init"); // Starting the BoringSSL self test, for NIAP certification compliance. am.QueueBuiltinAction(StartBoringSslSelfTest, "StartBoringSslSelfTest"); // Repeat mix_hwrng_into_linux_rng in case /dev/hw_random or /dev/random // wasn't ready immediately after wait_for_coldboot_done am.QueueBuiltinAction(MixHwrngIntoLinuxRngAction, "MixHwrngIntoLinuxRng"); Loading
rootdir/init.rc +11 −1 Original line number Diff line number Diff line Loading @@ -127,7 +127,7 @@ on init mkdir /mnt/expand 0771 system system mkdir /mnt/appfuse 0711 root root # tmpfs place for BORINGSSL_self_test() to remember whether it has run # These must already exist by the time boringssl_self_test32 / boringssl_self_test64 run. mkdir /dev/boringssl 0755 root root mkdir /dev/boringssl/selftest 0755 root root Loading Loading @@ -315,6 +315,16 @@ on init start hwservicemanager start vndservicemanager # Run boringssl self test for each ABI so that later processes can skip it. http://b/139348610 on init && property:ro.product.cpu.abilist32=*: exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test32 on init && property:ro.product.cpu.abilist64=* exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test64 on property:apexd.status=ready && property:ro.product.cpu.abilist64=* exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test64 on property:apexd.status=ready && property:ro.product.cpu.abilist32=* exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test32 # Healthd can trigger a full boot from charger mode by signaling this # property when the power button is held. on property:sys.boot_from_charger_mode=1 Loading
