Add on-device signing binary.

This binary checks and refreshes ART compilation artifacts that are necessary for the system to boot. Bug: 165630556 Test: inspect init log output on boot Change-Id: I15074989a0fb6e5b1036292bc2cd824a141a0252
2020-11-27 12:21:34 +01:00 · 2020-11-27 12:21:34 +01:00 · 00e51a4b39
parent c7a26dc263
commit 00e51a4b39
1 changed files with 6 additions and 0 deletions
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@ -734,6 +734,8 @@ on post-fs-data
    mkdir /data/misc/snapshotctl_log 0755 root root
    # create location to store pre-reboot information
    mkdir /data/misc/prereboot 0700 system system
+    # directory used for on-device signing key blob
+    mkdir /data/misc/odsign 0700 root root

    mkdir /data/preloads 0775 system system encryption=None

@ -868,6 +870,10 @@ on post-fs-data
    # Set SELinux security contexts on upgrade or policy update.
    restorecon --recursive --skip-ce /data

+    # Start the on-device signing daemon, and wait for it to finish, to ensure
+    # ART artifacts are generated if needed.
+    exec_start odsign
+
    # After apexes are mounted, tell keymaster early boot has ended, so it will
    # stop allowing use of early-boot keys
    exec - system system -- /system/bin/vdc keymaster earlyBootEnded