Home | History | Annotate | Download | only in apex 
      1 #!/system/bin/sh
      2 
      3 # Copyright (C) 2019 The Android Open Source Project
      4 #
      5 # Licensed under the Apache License, Version 2.0 (the "License");
      6 # you may not use this file except in compliance with the License.
      7 # You may obtain a copy of the License at
      8 #
      9 #      http://www.apache.org/licenses/LICENSE-2.0
     10 #
     11 # Unless required by applicable law or agreed to in writing, software
     12 # distributed under the License is distributed on an "AS IS" BASIS,
     13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14 # See the License for the specific language governing permissions and
     15 # limitations under the License.
     16 #
     17 
     18 alias log_info="log -t art_apex -p i"
     19 alias log_error="log -t art_apex -p f"
     20 
     21 # Set |ARCHES| to a string containing the architectures of the device.
     22 function set_arches {
     23   # Derive architectures. For now, stop at two.
     24   local abilist_prop=`getprop ro.product.cpu.abilist`
     25   local abilist=`echo $abilist_prop | tr "," "\n"`
     26   ARCHES=""
     27   for abi in $abilist ; do
     28     case "$abi" in
     29       arm64-v8a)
     30         ARCHES="$ARCHES\narm64"
     31         ;;
     32       armeabi-v7a|armeabi)
     33         ARCHES="$ARCHES\narm"
     34         ;;
     35       x86)
     36         ARCHES="$ARCHES\nx86"
     37         ;;
     38       x86_64)
     39         ARCHES="$ARCHES\nx86_64"
     40         ;;
     41       *)
     42         log_error "Unsupported ABI $abi"
     43         return 1
     44         ;;
     45     esac
     46   done
     47   ARCHES=`echo $ARCHES | uniq`
     48   return 0
     49 }
     50 
     51 function setup_fsverity {
     52   local full_shell_path=`readlink -f $0`
     53   local bin_dir=`dirname $full_shell_path`
     54   local apex_dir=`dirname $bin_dir`
     55   local sig_dir="${apex_dir}.signatures"
     56   local file=$1
     57   local signature_file="$sig_dir/$file.sig"
     58   # Setup.
     59   log_info "fsverity setup for $file"
     60   SETUP_MSG=`fsverity setup $file --signature=$signature_file --hash=sha256 2>&1` || \
     61     { log_error "Setup failed: $SETUP_MSG" ; return 300 ; }
     62   # Enable.
     63   log_info "fsverity enable for $file"
     64   ENABLE_MSG=`fsverity enable $file 2>&1` || \
     65     { log_error "Enable failed: $ENABLE_MSG" ; return 301 ; }
     66   # Test integrity.
     67   INTEGRITY_MSG=`dd if=$file of=/dev/null bs=4k 2>&1` || \
     68     { log_error "Integrity failed: $INTEGRITY_MSG" ; return 302 ; }
     69   return 0
     70 }
     71