init.rc: Move /system/bin/boringssl_self_test{32,64} call to early-init.
This should ensure that the self tests run before any other binaries that load libcrypto and which would otherwise run into SELinux denials trying to create the marker file /dev/boringssl/selftest/[hash] The invocation of the self test binaries from the Conscrypt apex requires the apex to be mounted so it remains at a later point in the boot process. Bug: 137267623 Test: Treehugger Change-Id: I34266d6e9d2f394fffa8a2c7725479b5770d119c
This commit is contained in:
Tobias Thierer
parent
9e4e275a79
commit
bda0554bb2
|
|
@ -52,6 +52,20 @@ on early-init
|
|||
# the libraries are available to the processes started after this statement.
|
||||
exec_start apexd-bootstrap
|
||||
|
||||
# These must already exist by the time boringssl_self_test32 / boringssl_self_test64 run.
|
||||
mkdir /dev/boringssl 0755 root root
|
||||
mkdir /dev/boringssl/selftest 0755 root root
|
||||
|
||||
# Run boringssl self test for each ABI so that later processes can skip it. http://b/139348610
|
||||
on early-init && property:ro.product.cpu.abilist32=*
|
||||
exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test32
|
||||
on early-init && property:ro.product.cpu.abilist64=*
|
||||
exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test64
|
||||
on property:apexd.status=ready && property:ro.product.cpu.abilist64=*
|
||||
exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test64
|
||||
on property:apexd.status=ready && property:ro.product.cpu.abilist32=*
|
||||
exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test32
|
||||
|
||||
on init
|
||||
sysclktz 0
|
||||
|
||||
|
|
@ -127,10 +141,6 @@ on init
|
|||
mkdir /mnt/expand 0771 system system
|
||||
mkdir /mnt/appfuse 0711 root root
|
||||
|
||||
# These must already exist by the time boringssl_self_test32 / boringssl_self_test64 run.
|
||||
mkdir /dev/boringssl 0755 root root
|
||||
mkdir /dev/boringssl/selftest 0755 root root
|
||||
|
||||
# Storage views to support runtime permissions
|
||||
mkdir /mnt/runtime 0700 root root
|
||||
mkdir /mnt/runtime/default 0755 root root
|
||||
|
|
@ -315,16 +325,6 @@ on init
|
|||
start hwservicemanager
|
||||
start vndservicemanager
|
||||
|
||||
# Run boringssl self test for each ABI so that later processes can skip it. http://b/139348610
|
||||
on init && property:ro.product.cpu.abilist32=*
|
||||
exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test32
|
||||
on init && property:ro.product.cpu.abilist64=*
|
||||
exec_reboot_on_failure boringssl-self-check-failed /system/bin/boringssl_self_test64
|
||||
on property:apexd.status=ready && property:ro.product.cpu.abilist64=*
|
||||
exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test64
|
||||
on property:apexd.status=ready && property:ro.product.cpu.abilist32=*
|
||||
exec_reboot_on_failure boringssl-self-check-failed /apex/com.android.conscrypt/bin/boringssl_self_test32
|
||||
|
||||
# Healthd can trigger a full boot from charger mode by signaling this
|
||||
# property when the power button is held.
|
||||
on property:sys.boot_from_charger_mode=1
|
||||
|
|
|
|||
Loading…
Reference in New Issue