Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bda0554b authored by Tobias Thierer's avatar Tobias Thierer
Browse files

init.rc: Move /system/bin/boringssl_self_test{32,64} call to early-init. 

This should ensure that the self tests run before any other binaries
that load libcrypto and which would otherwise run into SELinux denials
trying to create the marker file /dev/boringssl/selftest/[hash]

The invocation of the self test binaries from the Conscrypt apex
requires the apex to be mounted so it remains at a later point in
the boot process.

Bug: 137267623
Test: Treehugger
Change-Id: I34266d6e9d2f394fffa8a2c7725479b5770d119c
parent 9e4e275a

rootdir/init.rc

+14 −14
Original line number Diff line number Diff line
@@ -52,6 +52,20 @@ on early-init 
    # the libraries are available to the processes started after this statement.

    exec_start apexd-bootstrap



    # These must already exist by the time boringssl_self_test32 / boringssl_self_test64 run.

    mkdir /dev/boringssl 0755 root root

    mkdir /dev/boringssl/selftest 0755 root root



# Run boringssl self test for each ABI so that later processes can skip it. http://b/139348610

on early-init && property:ro.product.cpu.abilist32=*

    exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test32

on early-init && property:ro.product.cpu.abilist64=*

    exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test64

on property:apexd.status=ready && property:ro.product.cpu.abilist64=*

    exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test64

on property:apexd.status=ready && property:ro.product.cpu.abilist32=*

    exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test32



on init

    sysclktz 0
@@ -127,10 +141,6 @@ on init 
    mkdir /mnt/expand 0771 system system

    mkdir /mnt/appfuse 0711 root root



    # These must already exist by the time boringssl_self_test32 / boringssl_self_test64 run.

    mkdir /dev/boringssl 0755 root root

    mkdir /dev/boringssl/selftest 0755 root root



    # Storage views to support runtime permissions

    mkdir /mnt/runtime 0700 root root

    mkdir /mnt/runtime/default 0755 root root
@@ -315,16 +325,6 @@ on init 
    start hwservicemanager

    start vndservicemanager



# Run boringssl self test for each ABI so that later processes can skip it. http://b/139348610

on init && property:ro.product.cpu.abilist32=*

    exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test32

on init && property:ro.product.cpu.abilist64=*

    exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test64

on property:apexd.status=ready && property:ro.product.cpu.abilist64=*

    exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test64

on property:apexd.status=ready && property:ro.product.cpu.abilist32=*

    exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test32



# Healthd can trigger a full boot from charger mode by signaling this

# property when the power button is held.

on property:sys.boot_from_charger_mode=1