From 00e51a4b39359024909b883c47bb2fc401ac8008 Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@google.com>
Date: Fri, 27 Nov 2020 12:21:34 +0100
Subject: [PATCH] Add on-device signing binary.

This binary checks and refreshes ART compilation artifacts that are
necessary for the system to boot.

Bug: 165630556
Test: inspect init log output on boot
Change-Id: I15074989a0fb6e5b1036292bc2cd824a141a0252
---
 rootdir/init.rc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 19c00f98f..340be9a1c 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -734,6 +734,8 @@ on post-fs-data
     mkdir /data/misc/snapshotctl_log 0755 root root
     # create location to store pre-reboot information
     mkdir /data/misc/prereboot 0700 system system
+    # directory used for on-device signing key blob
+    mkdir /data/misc/odsign 0700 root root
 
     mkdir /data/preloads 0775 system system encryption=None
 
@@ -868,6 +870,10 @@ on post-fs-data
     # Set SELinux security contexts on upgrade or policy update.
     restorecon --recursive --skip-ce /data
 
+    # Start the on-device signing daemon, and wait for it to finish, to ensure
+    # ART artifacts are generated if needed.
+    exec_start odsign
+
     # After apexes are mounted, tell keymaster early boot has ended, so it will
     # stop allowing use of early-boot keys
     exec - system system -- /system/bin/vdc keymaster earlyBootEnded