diff options
author | Wei Wang | 2017-04-20 16:37:55 -0500 |
---|---|---|
committer | Wei Wang | 2017-04-25 12:49:22 -0500 |
commit | 53842e7dc6c9c08a73b87775e2daccb35d400902 (patch) | |
tree | fa59fe4c8dcf5dc86a5f7ddf207a5c1beadaac62 | |
parent | 8ed2e54ce5d431819ab55290ea767266cd365f14 (diff) | |
download | platform-system-core-53842e7dc6c9c08a73b87775e2daccb35d400902.tar.gz platform-system-core-53842e7dc6c9c08a73b87775e2daccb35d400902.tar.xz platform-system-core-53842e7dc6c9c08a73b87775e2daccb35d400902.zip |
Ensure update_verifier run before zygote
Currently zygote is started early for FBE device but update_verifier is run later
which creates a potential risk. This CL ensures update_verifier run before
zygote touches anything within data/ partition. With this change, we also start zygote
early for unencrypted/unsupported encryption state device.
Bug: 37543411
Test: marlin boots
(cherry picked from commit 5dc05effecca88f06da090dbcdd257666e69c2c7)
Change-Id: I97cde0c20f74b1b17c995d84c2e31c86fe006395
-rw-r--r-- | rootdir/init.rc | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc index 4ebebb7ac..15fce903c 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc | |||
@@ -498,13 +498,28 @@ on post-fs-data | |||
498 | # Set indication (checked by vold) that we have finished this action | 498 | # Set indication (checked by vold) that we have finished this action |
499 | #setprop vold.post_fs_data_done 1 | 499 | #setprop vold.post_fs_data_done 1 |
500 | 500 | ||
501 | # This trigger will be triggered before 'zygote-start' since there is no zygote-start defined in | 501 | # It is recommended to put unnecessary data/ initialization from post-fs-data |
502 | # current init.rc. It is recommended to put unnecessary data/ initialization from post-fs-data | 502 | # to start-zygote in device's init.rc to unblock zygote start. |
503 | # to start-zygote to unblock zygote start. | 503 | on zygote-start && property:ro.crypto.state=unencrypted |
504 | # A/B update verifier that marks a successful boot. | ||
505 | exec_start update_verifier_nonencrypted | ||
506 | start netd | ||
507 | start zygote | ||
508 | start zygote_secondary | ||
509 | |||
510 | on zygote-start && property:ro.crypto.state=unsupported | ||
511 | # A/B update verifier that marks a successful boot. | ||
512 | exec_start update_verifier_nonencrypted | ||
513 | start netd | ||
514 | start zygote | ||
515 | start zygote_secondary | ||
516 | |||
504 | on zygote-start && property:ro.crypto.state=encrypted && property:ro.crypto.type=file | 517 | on zygote-start && property:ro.crypto.state=encrypted && property:ro.crypto.type=file |
505 | start netd | 518 | # A/B update verifier that marks a successful boot. |
506 | start zygote | 519 | exec_start update_verifier_nonencrypted |
507 | start zygote_secondary | 520 | start netd |
521 | start zygote | ||
522 | start zygote_secondary | ||
508 | 523 | ||
509 | on boot | 524 | on boot |
510 | # basic network init | 525 | # basic network init |
@@ -603,8 +618,6 @@ on boot | |||
603 | class_start core | 618 | class_start core |
604 | 619 | ||
605 | on nonencrypted | 620 | on nonencrypted |
606 | # A/B update verifier that marks a successful boot. | ||
607 | exec_start update_verifier_nonencrypted | ||
608 | class_start main | 621 | class_start main |
609 | class_start late_start | 622 | class_start late_start |
610 | 623 | ||