1 #!/system/bin/sh 2 3 # Copyright (C) 2019 The Android Open Source Project 4 # 5 # Licensed under the Apache License, Version 2.0 (the "License"); 6 # you may not use this file except in compliance with the License. 7 # You may obtain a copy of the License at 8 # 9 # http://www.apache.org/licenses/LICENSE-2.0 10 # 11 # Unless required by applicable law or agreed to in writing, software 12 # distributed under the License is distributed on an "AS IS" BASIS, 13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 # See the License for the specific language governing permissions and 15 # limitations under the License. 16 # 17 18 alias log_info="log -t art_apex -p i" 19 alias log_error="log -t art_apex -p f" 20 21 # Set |ARCHES| to a string containing the architectures of the device. 22 function set_arches { 23 # Derive architectures. For now, stop at two. 24 local abilist_prop=`getprop ro.product.cpu.abilist` 25 local abilist=`echo $abilist_prop | tr "," "\n"` 26 ARCHES="" 27 for abi in $abilist ; do 28 case "$abi" in 29 arm64-v8a) 30 ARCHES="$ARCHES\narm64" 31 ;; 32 armeabi-v7a|armeabi) 33 ARCHES="$ARCHES\narm" 34 ;; 35 x86) 36 ARCHES="$ARCHES\nx86" 37 ;; 38 x86_64) 39 ARCHES="$ARCHES\nx86_64" 40 ;; 41 *) 42 log_error "Unsupported ABI $abi" 43 return 1 44 ;; 45 esac 46 done 47 ARCHES=`echo $ARCHES | uniq` 48 return 0 49 } 50 51 function setup_fsverity { 52 local full_shell_path=`readlink -f $0` 53 local bin_dir=`dirname $full_shell_path` 54 local apex_dir=`dirname $bin_dir` 55 local sig_dir="${apex_dir}.signatures" 56 local file=$1 57 local signature_file="$sig_dir/$file.sig" 58 # Setup. 59 log_info "fsverity setup for $file" 60 SETUP_MSG=`fsverity setup $file --signature=$signature_file --hash=sha256 2>&1` || \ 61 { log_error "Setup failed: $SETUP_MSG" ; return 300 ; } 62 # Enable. 63 log_info "fsverity enable for $file" 64 ENABLE_MSG=`fsverity enable $file 2>&1` || \ 65 { log_error "Enable failed: $ENABLE_MSG" ; return 301 ; } 66 # Test integrity. 67 INTEGRITY_MSG=`dd if=$file of=/dev/null bs=4k 2>&1` || \ 68 { log_error "Integrity failed: $INTEGRITY_MSG" ; return 302 ; } 69 return 0 70 } 71