From ae56bd2c81b7a54c0e4d9ecc58bece76d8b328f1 Mon Sep 17 00:00:00 2001 From: cbl Date: Tue, 23 Apr 2024 16:16:23 +0800 Subject: [PATCH] add xpm_mode level Signed-off-by: cbl --- code_signature.gni | 2 +- interfaces/innerkits/code_sign_utils/BUILD.gn | 2 +- services/key_enable/BUILD.gn | 12 +++++-- .../enable_xpm/{ => level1}/key_enable.cfg | 0 .../cfg/enable_xpm/level2/key_enable.cfg | 33 +++++++++++++++++++ .../cfg/enable_xpm/level3/key_enable.cfg | 33 +++++++++++++++++++ .../cfg/enable_xpm/level4/key_enable.cfg | 33 +++++++++++++++++++ .../cfg/enable_xpm/level5/key_enable.cfg | 33 +++++++++++++++++++ 8 files changed, 144 insertions(+), 4 deletions(-) rename services/key_enable/cfg/enable_xpm/{ => level1}/key_enable.cfg (100%) create mode 100644 services/key_enable/cfg/enable_xpm/level2/key_enable.cfg create mode 100644 services/key_enable/cfg/enable_xpm/level3/key_enable.cfg create mode 100644 services/key_enable/cfg/enable_xpm/level4/key_enable.cfg create mode 100644 services/key_enable/cfg/enable_xpm/level5/key_enable.cfg diff --git a/code_signature.gni b/code_signature.gni index 0661084..107f220 100644 --- a/code_signature.gni +++ b/code_signature.gni @@ -22,7 +22,7 @@ selinux_dir = "//third_party/selinux" declare_args() { code_signature_support_openharmony_ca = true code_signature_support_oh_code_sign = false - code_signature_enable_xpm_mode = false + code_signature_enable_xpm_mode = 0 code_signature_support_oh_release_app = true code_signature_screenlock_mgr_enable = false if (defined(global_parts_info) && diff --git a/interfaces/innerkits/code_sign_utils/BUILD.gn b/interfaces/innerkits/code_sign_utils/BUILD.gn index 6ab34c6..b4edf27 100644 --- a/interfaces/innerkits/code_sign_utils/BUILD.gn +++ b/interfaces/innerkits/code_sign_utils/BUILD.gn @@ -50,7 +50,7 @@ ohos_shared_library("libcode_sign_utils") { if (code_signature_support_oh_code_sign) { defines += [ "SUPPORT_OH_CODE_SIGN" ] } - if (build_variant == "root" || !code_signature_enable_xpm_mode) { + if (build_variant == "root" || code_signature_enable_xpm_mode == 0) { defines += [ "SUPPORT_PERMISSIVE_MODE" ] } external_deps = [ diff --git a/services/key_enable/BUILD.gn b/services/key_enable/BUILD.gn index 533a71c..4aa59b2 100644 --- a/services/key_enable/BUILD.gn +++ b/services/key_enable/BUILD.gn @@ -95,8 +95,16 @@ ohos_prebuilt_etc("trusted_cert_path_test") { } ohos_prebuilt_etc("key_enable.cfg") { - if (code_signature_enable_xpm_mode) { - source = "cfg/enable_xpm/key_enable.cfg" + if (code_signature_enable_xpm_mode == 1) { + source = "cfg/enable_xpm/level1/key_enable.cfg" + } else if (code_signature_enable_xpm_mode == 2) { + source = "cfg/enable_xpm/level2/key_enable.cfg" + } else if (code_signature_enable_xpm_mode == 3) { + source = "cfg/enable_xpm/level3/key_enable.cfg" + } else if (code_signature_enable_xpm_mode == 4) { + source = "cfg/enable_xpm/level4/key_enable.cfg" + } else if (code_signature_enable_xpm_mode == 5) { + source = "cfg/enable_xpm/level5/key_enable.cfg" } else { source = "cfg/disable_xpm/key_enable.cfg" } diff --git a/services/key_enable/cfg/enable_xpm/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level1/key_enable.cfg similarity index 100% rename from services/key_enable/cfg/enable_xpm/key_enable.cfg rename to services/key_enable/cfg/enable_xpm/level1/key_enable.cfg diff --git a/services/key_enable/cfg/enable_xpm/level2/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level2/key_enable.cfg new file mode 100644 index 0000000..498b2c9 --- /dev/null +++ b/services/key_enable/cfg/enable_xpm/level2/key_enable.cfg @@ -0,0 +1,33 @@ +{ + "jobs" : [{ + "name" : "post-fs-data", + "cmds" : [ + "write /proc/sys/fs/verity/require_signatures 1", + "mkdir /data/service/el0/profiles 0655 installs installs", + "mkdir /data/service/el0/profiles/developer 0655 installs installs", + "mkdir /data/service/el0/profiles/debug 0655 installs installs" + ] + }, { + "name" : "init", + "cmds" : [ + "start key_enable" + ] + }, { + "name" : "pre-init", + "cmds" : [ + "write /proc/sys/kernel/xpm/xpm_mode 2" + ] + } + ], + "services" : [{ + "name" : "key_enable", + "path" : ["/system/bin/key_enable"], + "importance" : -20, + "uid" : "root", + "gid" : ["root"], + "secon" : "u:r:key_enable:s0", + "start-mode": "condition", + "once": 1 + } + ] +} \ No newline at end of file diff --git a/services/key_enable/cfg/enable_xpm/level3/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level3/key_enable.cfg new file mode 100644 index 0000000..c27cfbe --- /dev/null +++ b/services/key_enable/cfg/enable_xpm/level3/key_enable.cfg @@ -0,0 +1,33 @@ +{ + "jobs" : [{ + "name" : "post-fs-data", + "cmds" : [ + "write /proc/sys/fs/verity/require_signatures 1", + "mkdir /data/service/el0/profiles 0655 installs installs", + "mkdir /data/service/el0/profiles/developer 0655 installs installs", + "mkdir /data/service/el0/profiles/debug 0655 installs installs" + ] + }, { + "name" : "init", + "cmds" : [ + "start key_enable" + ] + }, { + "name" : "pre-init", + "cmds" : [ + "write /proc/sys/kernel/xpm/xpm_mode 3" + ] + } + ], + "services" : [{ + "name" : "key_enable", + "path" : ["/system/bin/key_enable"], + "importance" : -20, + "uid" : "root", + "gid" : ["root"], + "secon" : "u:r:key_enable:s0", + "start-mode": "condition", + "once": 1 + } + ] +} \ No newline at end of file diff --git a/services/key_enable/cfg/enable_xpm/level4/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level4/key_enable.cfg new file mode 100644 index 0000000..d201a72 --- /dev/null +++ b/services/key_enable/cfg/enable_xpm/level4/key_enable.cfg @@ -0,0 +1,33 @@ +{ + "jobs" : [{ + "name" : "post-fs-data", + "cmds" : [ + "write /proc/sys/fs/verity/require_signatures 1", + "mkdir /data/service/el0/profiles 0655 installs installs", + "mkdir /data/service/el0/profiles/developer 0655 installs installs", + "mkdir /data/service/el0/profiles/debug 0655 installs installs" + ] + }, { + "name" : "init", + "cmds" : [ + "start key_enable" + ] + }, { + "name" : "pre-init", + "cmds" : [ + "write /proc/sys/kernel/xpm/xpm_mode 4" + ] + } + ], + "services" : [{ + "name" : "key_enable", + "path" : ["/system/bin/key_enable"], + "importance" : -20, + "uid" : "root", + "gid" : ["root"], + "secon" : "u:r:key_enable:s0", + "start-mode": "condition", + "once": 1 + } + ] +} \ No newline at end of file diff --git a/services/key_enable/cfg/enable_xpm/level5/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level5/key_enable.cfg new file mode 100644 index 0000000..77d3ff8 --- /dev/null +++ b/services/key_enable/cfg/enable_xpm/level5/key_enable.cfg @@ -0,0 +1,33 @@ +{ + "jobs" : [{ + "name" : "post-fs-data", + "cmds" : [ + "write /proc/sys/fs/verity/require_signatures 1", + "mkdir /data/service/el0/profiles 0655 installs installs", + "mkdir /data/service/el0/profiles/developer 0655 installs installs", + "mkdir /data/service/el0/profiles/debug 0655 installs installs" + ] + }, { + "name" : "init", + "cmds" : [ + "start key_enable" + ] + }, { + "name" : "pre-init", + "cmds" : [ + "write /proc/sys/kernel/xpm/xpm_mode 5" + ] + } + ], + "services" : [{ + "name" : "key_enable", + "path" : ["/system/bin/key_enable"], + "importance" : -20, + "uid" : "root", + "gid" : ["root"], + "secon" : "u:r:key_enable:s0", + "start-mode": "condition", + "once": 1 + } + ] +} \ No newline at end of file -- Gitee