diff --git a/services/key_enable/cfg/disable_xpm/key_enable.cfg b/services/key_enable/cfg/disable_xpm/key_enable.cfg index ff934d49ee56a61ae88b746be1cde7214de9ee48..72286b9285a3a281d6bbec1ade3e2d3fa5e4752a 100644 --- a/services/key_enable/cfg/disable_xpm/key_enable.cfg +++ b/services/key_enable/cfg/disable_xpm/key_enable.cfg @@ -8,7 +8,7 @@ "mkdir /data/service/el1/profiles/debug 0655 installs installs" ] }, { - "name" : "late-fs", + "name" : "init", "cmds" : [ "start key_enable" ] diff --git a/services/key_enable/cfg/enable_xpm/level1/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level1/key_enable.cfg index 3d0685a770321d8b90b4d21478b1482ba4519793..acc92ff242eebe7c56b578077c04ab8d3b60b47f 100644 --- a/services/key_enable/cfg/enable_xpm/level1/key_enable.cfg +++ b/services/key_enable/cfg/enable_xpm/level1/key_enable.cfg @@ -8,7 +8,7 @@ "mkdir /data/service/el1/profiles/debug 0655 installs installs" ] }, { - "name" : "late-fs", + "name" : "init", "cmds" : [ "start key_enable" ] diff --git a/services/key_enable/cfg/enable_xpm/level2/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level2/key_enable.cfg index 8cd2cf51206cd3592fdccd7a12c8bbb4873ae529..5d62baa054a5f36ccddc3c1e71361214f36d1331 100644 --- a/services/key_enable/cfg/enable_xpm/level2/key_enable.cfg +++ b/services/key_enable/cfg/enable_xpm/level2/key_enable.cfg @@ -8,7 +8,7 @@ "mkdir /data/service/el1/profiles/debug 0655 installs installs" ] }, { - "name" : "late-fs", + "name" : "init", "cmds" : [ "start key_enable" ] diff --git a/services/key_enable/cfg/enable_xpm/level3/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level3/key_enable.cfg index 086faea23fcb920d01305f5685ee35b778a5d2b0..def9b8a3e01c58f37e904c6be5eba155729ddddb 100644 --- a/services/key_enable/cfg/enable_xpm/level3/key_enable.cfg +++ b/services/key_enable/cfg/enable_xpm/level3/key_enable.cfg @@ -8,7 +8,7 @@ "mkdir /data/service/el1/profiles/debug 0655 installs installs" ] }, { - "name" : "late-fs", + "name" : "init", "cmds" : [ "start key_enable" ] diff --git a/services/key_enable/cfg/enable_xpm/level4/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level4/key_enable.cfg index 2a8c20d6ea0d3842cdcf0cbb0231d1aea548ba78..76624f03da3f0c83c3e8a3e208aea08f971325f9 100644 --- a/services/key_enable/cfg/enable_xpm/level4/key_enable.cfg +++ b/services/key_enable/cfg/enable_xpm/level4/key_enable.cfg @@ -8,7 +8,7 @@ "mkdir /data/service/el1/profiles/debug 0655 installs installs" ] }, { - "name" : "late-fs", + "name" : "init", "cmds" : [ "start key_enable" ] diff --git a/services/key_enable/cfg/enable_xpm/level5/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level5/key_enable.cfg index d4615d7b241154aafc81894f7668c74d6efe7ba9..eba37f27e177d2f5c1ae00a59aba3d00755cb972 100644 --- a/services/key_enable/cfg/enable_xpm/level5/key_enable.cfg +++ b/services/key_enable/cfg/enable_xpm/level5/key_enable.cfg @@ -8,7 +8,7 @@ "mkdir /data/service/el1/profiles/debug 0655 installs installs" ] }, { - "name" : "late-fs", + "name" : "init", "cmds" : [ "start key_enable" ] diff --git a/services/key_enable/src/key_enable.rs b/services/key_enable/src/key_enable.rs index 5eebc3a17f8530e970cc124fbfbfddcaa7d6ab84..7cb350f843c889dc49b21e44e59323220e298810 100644 --- a/services/key_enable/src/key_enable.rs +++ b/services/key_enable/src/key_enable.rs @@ -26,6 +26,8 @@ use std::io::{BufRead, BufReader}; use std::option::Option; use std::ptr; use std::thread; +use std::time::{Duration, Instant}; +use std::path::Path; const LOG_LABEL: HiLogLabel = HiLogLabel { log_type: LogType::LogCore, @@ -39,6 +41,9 @@ const KEYRING_TYPE: &str = "keyring"; const FSVERITY_KEYRING_NAME: &str = ".fs-verity"; const LOCAL_KEY_NAME: &str = "local_key"; const CODE_SIGN_KEY_NAME_PREFIX: &str = "fs_verity_key"; +const PROFILE_STORE_EL1: &str = "/data/service/el1/profiles"; +const PROFILE_SEARCH_SLEEP_TIME: u64 = 1; +const PROFILE_SEARCH_SLEEP_OUT_TIME: u64 = 600; const SUCCESS: i32 = 0; type KeySerial = i32; @@ -164,24 +169,37 @@ fn enable_trusted_keys(key_id: KeySerial, root_cert: &PemCollection) { } } +fn check_and_add_cert_path(root_cert: &PemCollection, cert_paths: &TrustCertPath) -> bool { + if Path::new(PROFILE_STORE_EL1).exists() { + if add_profile_cert_path(root_cert, cert_paths).is_err() { + error!(LOG_LABEL, "Add cert path from local profile err."); + } + info!(LOG_LABEL, "Finished cert path adding."); + true + } else { + false + } +} + // start cert path ops thread add trusted cert & developer cert -fn add_cert_path_thread( +fn add_profile_cert_path_thread( root_cert: PemCollection, cert_paths: TrustCertPath, ) -> std::thread::JoinHandle<()> { thread::spawn(move || { - // enable trusted cert in prebuilt config - info!(LOG_LABEL, "Starting enable trusted cert."); - if cert_paths.add_cert_paths().is_err() { - error!(LOG_LABEL, "Add trusted cert path err."); - } - // enable developer certs info!(LOG_LABEL, "Starting enable developer cert."); - if add_profile_cert_path(&root_cert, &cert_paths).is_err() { - error!(LOG_LABEL, "Add cert path from local profile err."); + let start_time = Instant::now(); + loop { + if check_and_add_cert_path(&root_cert, &cert_paths) { + break; + } else if start_time.elapsed() >= Duration::from_secs(PROFILE_SEARCH_SLEEP_OUT_TIME) { + error!(LOG_LABEL, "Timeout while waiting for PROFILE_STORE_EL1."); + break; + } else { + thread::sleep(Duration::from_secs(PROFILE_SEARCH_SLEEP_TIME)); + } } - info!(LOG_LABEL, "Finished cert path adding."); }) } @@ -230,12 +248,16 @@ pub fn enable_all_keys() { enable_trusted_keys(key_id, &root_cert); let cert_paths = get_cert_path(); - let cert_thread = add_cert_path_thread(root_cert, cert_paths); + // enable trusted cert in prebuilt config + if cert_paths.add_cert_paths().is_err() { + error!(LOG_LABEL, "Add trusted cert path err."); + } + + let cert_thread = add_profile_cert_path_thread(root_cert, cert_paths); enable_keys_after_user_unlock(key_id); if let Err(e) = cert_thread.join() { error!(LOG_LABEL, "add cert path thread panicked: {:?}", e); } - info!(LOG_LABEL, "Fnished enable all keys."); }