Commit Graph

13 Commits

Author SHA1 Message Date
Elliott Hughes 44a5f0ed7f Stop using varargs in libkeyutils.
It's error-prone, and our specific usage of it here upsets ubsan.

Bug: https://issuetracker.google.com/158428513
Test: treehugger
Change-Id: I3a6b68865e6b4c37ac005f5f24c3d6e1de7c5bac
2020-06-08 09:27:17 -07:00
Victor Hsieh f0a242f73d Refactor mini-keyctl and split a static library
Test: mini-keyctl still works in command line
Bug: 112038744
Change-Id: I08006d8befa69e4bf416a2bed9e1813725877147
2019-09-26 10:45:38 -07:00
Victor Hsieh 17aaee2f05 mini-keyctl: fix key id parsing by "0x" prefix
Otherwise, ParseInt treats the input as decimal and fails.

Test: add key works
Bug: None
Change-Id: I144ab0bba519c7630e702562bfb54118a389908e
2019-04-15 15:19:08 -07:00
Victor Hsieh b20e062ff9 mini-keyctl: move logs to stdout
Also, print key id in padd/add like keyctl(1).  This makes local
debugging and integration test easier.

Test: run all commands manually in shell, see expected output
Bug: None
Change-Id: I6be6ea9e273e80e7d5848da5cf348da8308a62c1
2019-04-08 10:59:54 -07:00
Victor Hsieh 59183120c2 Initialize fs-verity keys in shell script
This gives us two benefits:
  - Better compatibility to keyctl(1), which doesn't have "dadd"
  - Pave the way to specify key's security labels, since keyctl(1)
    doesn't support, and we want to avoid adding incompatible option.

Test: See keys loaded in /proc/keys
Bug: 128607724
Change-Id: Ia45f6e9dea80d037c0820cf1fd2bc9d7c8bb6302
2019-03-22 09:18:00 -07:00
Victor Hsieh 0fb290bb8a mini-keyctl: use ParseInt to parse keys
- Valid ID format examples: 0x90a, 123
 - ID like 90a will not work now.

Bug: None
Test: mini-keyctl unlink 0x11d25c86 0x2873c96d

Change-Id: I057bce0a49a60f475d54b23e28dc18db25124466
2019-03-18 13:57:05 -07:00
Victor Hsieh 582c7b9b82 mini-keyctl cleanup: keep local funcitons static
Test: build
Bug: None
Change-Id: If58f496173d8afff9eb81ff7f5975ddaac765d18
2019-03-18 09:45:12 -07:00
Victor Hsieh 327037f063 mini-keyctl: support printing security label
Test: mini-keyctl security <key_id>
Bug: 128607724
Change-Id: If92b41d0aa96d626933546391b964ca2a8a48703
2019-03-15 16:01:01 -07:00
Xiaoyong Zhou b29b27ec7f Change mini-keyctl command format.
This CL change the mini-keyctl tool to make it compitable with libkeyctl
tool to make it more useful.

Bug: 112038861
Test: mini-keyctl padd asymmetric 'desc' .fs-verity < /path/to/cert.der
Test: mini-keyctl unlink <key_id> <keyring_id>
Test: mini-keyctl restrict_keyring <keyring_id>

Change-Id: I950f07c7718f173823ce5a5cd08e0d1a0e23a007
2019-03-08 09:59:42 -08:00
Xiaoyong Zhou 4a5c352e6d Add a tool to add keys to keyring.
This CL adds a binary to load keys to a keyring.

Bug: 112038861
Test: mini-keyctl -k .fsverity -c PATH_CONTAINER_CERTS
Test: cat /proc/keys and find the newly added keys
Change-Id: Iead68618ea194e9412616c5c6cff885e3cf78520
2019-01-30 13:08:31 -08:00
Jiyong Park a0e75045e6 Build adbd for recovery
adbd (and its dependencies) are marked as recovery_available:true so
that recovery version of the binary is built separately from the one for
system partition. This allows us to stop copying the system version to
the recovery partition and also opens up the way to enable shared
libraries in the recovery partition. Then we can also build adbd as a
dynamic executable.

Bug: 79146551
Test: m -j adbd.recovery
Change-Id: Ib95614c7435f9d0afc02a0c7d5ae1a94e439e32a
2018-05-24 14:11:11 +09:00
Elliott Hughes 40fdf3f4ab Add test_suites lines.
Bug: N/A
Test: builds
Change-Id: Ic5e2b9206bcfcb53c774989013b5db6aab462e42
2018-04-27 16:12:06 -07:00
Elliott Hughes 1eeee96676 Add libkeyutils.
Also move init over to it.

Bug: http://b/37991155
Test: builds+boots
Change-Id: I5113a9d96a5ce0a0f3bad71134d6cc4f7b41a57e
2017-05-10 14:53:28 -07:00