From f0f9438d5b8d59595414191b9d7d9b8de673ed16 Mon Sep 17 00:00:00 2001 From: Tobias Thierer Date: Fri, 13 Sep 2019 16:51:56 +0100 Subject: [PATCH] boringssl_self_test: Enable optimization. libcrypto performs a self test when it is loaded, unless a marker file /dev/boringssl/selftest/[hash] exists which indicates that the self test has already successfully completed since the last time the device was booted. Before this CL topic, libcrypto attempted to create the marker file when the self test successfully completed. On Android, dedicated boringssl_self_test{32,64} binaries are run early during boot and are the only binaries (apart from init and vendor_int) that have permission to create these files. Another CL in this topic stops the boringssl self test creating a marker file unless the environment variable BORINGSSL_SELF_TEST_CREATE_FLAG is set to a nonempty value. This CL sets that value to "true" when running the dedicated self test binaries, but not for other binaries. This has the effect that other binaries that run the self test early during boot (before the dedicated self test binaries have created the marker files) and which run the self test will no longer attempt to create the marker file, which SELinux would have denied anyway. Bug: 137267623 Test: Treehugger Change-Id: I99317df1a8c3496d33ae83f9ec346782b2286ac9 --- rootdir/init.rc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rootdir/init.rc b/rootdir/init.rc index 66247acc5..880884604 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -67,15 +67,19 @@ on property:apexd.status=ready && property:ro.product.cpu.abilist64=* exec_start boringssl_self_test_apex64 service boringssl_self_test32 /system/bin/boringssl_self_test32 + setenv BORINGSSL_SELF_TEST_CREATE_FLAG true # Any nonempty value counts as true reboot_on_failure reboot,bootloader,boringssl-self-check-failed service boringssl_self_test64 /system/bin/boringssl_self_test64 + setenv BORINGSSL_SELF_TEST_CREATE_FLAG true # Any nonempty value counts as true reboot_on_failure reboot,bootloader,boringssl-self-check-failed service boringssl_self_test_apex32 /apex/com.android.conscrypt/bin/boringssl_self_test32 + setenv BORINGSSL_SELF_TEST_CREATE_FLAG true # Any nonempty value counts as true reboot_on_failure reboot,bootloader,boringssl-self-check-failed service boringssl_self_test_apex64 /apex/com.android.conscrypt/bin/boringssl_self_test64 + setenv BORINGSSL_SELF_TEST_CREATE_FLAG true # Any nonempty value counts as true reboot_on_failure reboot,bootloader,boringssl-self-check-failed on init