• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/system/bin/sh
2
3# Copyright (C) 2019 The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#      http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#
17
18alias log_info="log -t art_apex -p i"
19alias log_error="log -t art_apex -p f"
20
21# Set |ARCHES| to a string containing the architectures of the device.
22function set_arches {
23  # Derive architectures. For now, stop at two.
24  local abilist_prop=`getprop ro.product.cpu.abilist`
25  local abilist=`echo $abilist_prop | tr "," "\n"`
26  ARCHES=""
27  for abi in $abilist ; do
28    case "$abi" in
29      arm64-v8a)
30        ARCHES="$ARCHES\narm64"
31        ;;
32      armeabi-v7a|armeabi)
33        ARCHES="$ARCHES\narm"
34        ;;
35      x86)
36        ARCHES="$ARCHES\nx86"
37        ;;
38      x86_64)
39        ARCHES="$ARCHES\nx86_64"
40        ;;
41      *)
42        log_error "Unsupported ABI $abi"
43        return 1
44        ;;
45    esac
46  done
47  ARCHES=`echo $ARCHES | uniq`
48  return 0
49}
50
51function setup_fsverity {
52  local full_shell_path=`readlink -f $0`
53  local bin_dir=`dirname $full_shell_path`
54  local apex_dir=`dirname $bin_dir`
55  local sig_dir="${apex_dir}.signatures"
56  local file=$1
57  local signature_file="$sig_dir/$file.sig"
58  # Setup.
59  log_info "fsverity setup for $file"
60  SETUP_MSG=`fsverity setup $file --signature=$signature_file --hash=sha256 2>&1` || \
61    { log_error "Setup failed: $SETUP_MSG" ; return 300 ; }
62  # Enable.
63  log_info "fsverity enable for $file"
64  ENABLE_MSG=`fsverity enable $file 2>&1` || \
65    { log_error "Enable failed: $ENABLE_MSG" ; return 301 ; }
66  # Test integrity.
67  INTEGRITY_MSG=`dd if=$file of=/dev/null bs=4k 2>&1` || \
68    { log_error "Integrity failed: $INTEGRITY_MSG" ; return 302 ; }
69  return 0
70}
71