#!/system/bin/sh # Copyright (C) 2019 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # alias log_info="log -t art_apex -p i" alias log_error="log -t art_apex -p f" # Set |ARCHES| to a string containing the architectures of the device. function set_arches { # Derive architectures. For now, stop at two. local abilist_prop=`getprop ro.product.cpu.abilist` local abilist=`echo $abilist_prop | tr "," "\n"` ARCHES="" for abi in $abilist ; do case "$abi" in arm64-v8a) ARCHES="$ARCHES\narm64" ;; armeabi-v7a|armeabi) ARCHES="$ARCHES\narm" ;; x86) ARCHES="$ARCHES\nx86" ;; x86_64) ARCHES="$ARCHES\nx86_64" ;; *) log_error "Unsupported ABI $abi" return 1 ;; esac done ARCHES=`echo $ARCHES | uniq` return 0 } function setup_fsverity { local full_shell_path=`readlink -f $0` local bin_dir=`dirname $full_shell_path` local apex_dir=`dirname $bin_dir` local sig_dir="${apex_dir}.signatures" local file=$1 local signature_file="$sig_dir/$file.sig" # Setup. log_info "fsverity setup for $file" SETUP_MSG=`fsverity setup $file --signature=$signature_file --hash=sha256 2>&1` || \ { log_error "Setup failed: $SETUP_MSG" ; return 300 ; } # Enable. log_info "fsverity enable for $file" ENABLE_MSG=`fsverity enable $file 2>&1` || \ { log_error "Enable failed: $ENABLE_MSG" ; return 301 ; } # Test integrity. INTEGRITY_MSG=`dd if=$file of=/dev/null bs=4k 2>&1` || \ { log_error "Integrity failed: $INTEGRITY_MSG" ; return 302 ; } return 0 }