diff options
author | Victor Hsieh <victorhsieh@google.com> | 2019-03-20 15:52:45 -0700 |
---|---|---|
committer | Victor Hsieh <victorhsieh@google.com> | 2019-03-22 09:18:00 -0700 |
commit | 59183120c29e5e2747222b24de09484b7cd8cf17 (patch) | |
tree | e95aee4f80ae6f695c3b51cc9c0bf1d702d7c92b /libkeyutils/mini_keyctl_utils.cpp | |
parent | b4ef0beb990d02600cad57096bcd20c9d646c8fa (diff) |
Initialize fs-verity keys in shell script
This gives us two benefits:
- Better compatibility to keyctl(1), which doesn't have "dadd"
- Pave the way to specify key's security labels, since keyctl(1)
doesn't support, and we want to avoid adding incompatible option.
Test: See keys loaded in /proc/keys
Bug: 128607724
Change-Id: Ia45f6e9dea80d037c0820cf1fd2bc9d7c8bb6302
Diffstat (limited to 'libkeyutils/mini_keyctl_utils.cpp')
-rw-r--r-- | libkeyutils/mini_keyctl_utils.cpp | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/libkeyutils/mini_keyctl_utils.cpp b/libkeyutils/mini_keyctl_utils.cpp index 9fe2dfef1d..56afea4b68 100644 --- a/libkeyutils/mini_keyctl_utils.cpp +++ b/libkeyutils/mini_keyctl_utils.cpp @@ -86,53 +86,6 @@ static bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_ return false; } -int AddCertsFromDir(const std::string& type, const std::string& desc_prefix, - const std::string& cert_dir, const std::string& keyring) { - key_serial_t keyring_id; - if (!GetKeyringId(keyring, &keyring_id)) { - LOG(ERROR) << "Can not find keyring id"; - return 1; - } - - std::unique_ptr<DIR, int (*)(DIR*)> dir(opendir(cert_dir.c_str()), closedir); - if (!dir) { - PLOG(WARNING) << "Failed to open directory " << cert_dir; - return 1; - } - int keys_added = 0; - struct dirent* dp; - while ((dp = readdir(dir.get())) != NULL) { - if (dp->d_type != DT_REG) { - continue; - } - std::string cert_path = cert_dir + "/" + dp->d_name; - std::string cert_buf; - if (!android::base::ReadFileToString(cert_path, &cert_buf, false /* follow_symlinks */)) { - LOG(ERROR) << "Failed to read " << cert_path; - continue; - } - - if (cert_buf.size() > kMaxCertSize) { - LOG(ERROR) << "Certficate size too large: " << cert_path; - continue; - } - - // Add key to keyring. - int key_desc_index = keys_added; - std::string key_desc = desc_prefix + std::to_string(key_desc_index); - key_serial_t key = - add_key(type.c_str(), key_desc.c_str(), &cert_buf[0], cert_buf.size(), keyring_id); - if (key < 0) { - PLOG(ERROR) << "Failed to add key to keyring: " << cert_path; - continue; - } - LOG(INFO) << "Key " << cert_path << " added to " << keyring << " with key id 0x" << std::hex - << key; - keys_added++; - } - return 0; -} - int Unlink(key_serial_t key, const std::string& keyring) { key_serial_t keyring_id; if (!GetKeyringId(keyring, &keyring_id)) { |