From 5fc34e4d8dd9d60446c91621aad7f9fc97a48c8f Mon Sep 17 00:00:00 2001 From: yeyuning Date: Thu, 15 Aug 2024 16:11:19 +0800 Subject: [PATCH] duration when profiles accessable Signed-off-by: yeyuning Change-Id: I270ea1f49e7eef1456f8cdc5b5590ed3cefceb78 --- .../key_enable/cfg/disable_xpm/key_enable.cfg | 2 +- .../cfg/enable_xpm/level1/key_enable.cfg | 2 +- .../cfg/enable_xpm/level2/key_enable.cfg | 2 +- .../cfg/enable_xpm/level3/key_enable.cfg | 2 +- .../cfg/enable_xpm/level4/key_enable.cfg | 2 +- .../cfg/enable_xpm/level5/key_enable.cfg | 2 +- services/key_enable/src/key_enable.rs | 46 ++++++++++++++----- 7 files changed, 40 insertions(+), 18 deletions(-) diff --git a/services/key_enable/cfg/disable_xpm/key_enable.cfg b/services/key_enable/cfg/disable_xpm/key_enable.cfg index ff934d4..72286b9 100644 --- a/services/key_enable/cfg/disable_xpm/key_enable.cfg +++ b/services/key_enable/cfg/disable_xpm/key_enable.cfg @@ -8,7 +8,7 @@ "mkdir /data/service/el1/profiles/debug 0655 installs installs" ] }, { - "name" : "late-fs", + "name" : "init", "cmds" : [ "start key_enable" ] diff --git a/services/key_enable/cfg/enable_xpm/level1/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level1/key_enable.cfg index 3d0685a..acc92ff 100644 --- a/services/key_enable/cfg/enable_xpm/level1/key_enable.cfg +++ b/services/key_enable/cfg/enable_xpm/level1/key_enable.cfg @@ -8,7 +8,7 @@ "mkdir /data/service/el1/profiles/debug 0655 installs installs" ] }, { - "name" : "late-fs", + "name" : "init", "cmds" : [ "start key_enable" ] diff --git a/services/key_enable/cfg/enable_xpm/level2/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level2/key_enable.cfg index 8cd2cf5..5d62baa 100644 --- a/services/key_enable/cfg/enable_xpm/level2/key_enable.cfg +++ b/services/key_enable/cfg/enable_xpm/level2/key_enable.cfg @@ -8,7 +8,7 @@ "mkdir /data/service/el1/profiles/debug 0655 installs installs" ] }, { - "name" : "late-fs", + "name" : "init", "cmds" : [ "start key_enable" ] diff --git a/services/key_enable/cfg/enable_xpm/level3/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level3/key_enable.cfg index 086faea..def9b8a 100644 --- a/services/key_enable/cfg/enable_xpm/level3/key_enable.cfg +++ b/services/key_enable/cfg/enable_xpm/level3/key_enable.cfg @@ -8,7 +8,7 @@ "mkdir /data/service/el1/profiles/debug 0655 installs installs" ] }, { - "name" : "late-fs", + "name" : "init", "cmds" : [ "start key_enable" ] diff --git a/services/key_enable/cfg/enable_xpm/level4/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level4/key_enable.cfg index 2a8c20d..76624f0 100644 --- a/services/key_enable/cfg/enable_xpm/level4/key_enable.cfg +++ b/services/key_enable/cfg/enable_xpm/level4/key_enable.cfg @@ -8,7 +8,7 @@ "mkdir /data/service/el1/profiles/debug 0655 installs installs" ] }, { - "name" : "late-fs", + "name" : "init", "cmds" : [ "start key_enable" ] diff --git a/services/key_enable/cfg/enable_xpm/level5/key_enable.cfg b/services/key_enable/cfg/enable_xpm/level5/key_enable.cfg index d4615d7..eba37f2 100644 --- a/services/key_enable/cfg/enable_xpm/level5/key_enable.cfg +++ b/services/key_enable/cfg/enable_xpm/level5/key_enable.cfg @@ -8,7 +8,7 @@ "mkdir /data/service/el1/profiles/debug 0655 installs installs" ] }, { - "name" : "late-fs", + "name" : "init", "cmds" : [ "start key_enable" ] diff --git a/services/key_enable/src/key_enable.rs b/services/key_enable/src/key_enable.rs index 5eebc3a..7cb350f 100644 --- a/services/key_enable/src/key_enable.rs +++ b/services/key_enable/src/key_enable.rs @@ -26,6 +26,8 @@ use std::io::{BufRead, BufReader}; use std::option::Option; use std::ptr; use std::thread; +use std::time::{Duration, Instant}; +use std::path::Path; const LOG_LABEL: HiLogLabel = HiLogLabel { log_type: LogType::LogCore, @@ -39,6 +41,9 @@ const KEYRING_TYPE: &str = "keyring"; const FSVERITY_KEYRING_NAME: &str = ".fs-verity"; const LOCAL_KEY_NAME: &str = "local_key"; const CODE_SIGN_KEY_NAME_PREFIX: &str = "fs_verity_key"; +const PROFILE_STORE_EL1: &str = "/data/service/el1/profiles"; +const PROFILE_SEARCH_SLEEP_TIME: u64 = 1; +const PROFILE_SEARCH_SLEEP_OUT_TIME: u64 = 600; const SUCCESS: i32 = 0; type KeySerial = i32; @@ -164,24 +169,37 @@ fn enable_trusted_keys(key_id: KeySerial, root_cert: &PemCollection) { } } +fn check_and_add_cert_path(root_cert: &PemCollection, cert_paths: &TrustCertPath) -> bool { + if Path::new(PROFILE_STORE_EL1).exists() { + if add_profile_cert_path(root_cert, cert_paths).is_err() { + error!(LOG_LABEL, "Add cert path from local profile err."); + } + info!(LOG_LABEL, "Finished cert path adding."); + true + } else { + false + } +} + // start cert path ops thread add trusted cert & developer cert -fn add_cert_path_thread( +fn add_profile_cert_path_thread( root_cert: PemCollection, cert_paths: TrustCertPath, ) -> std::thread::JoinHandle<()> { thread::spawn(move || { - // enable trusted cert in prebuilt config - info!(LOG_LABEL, "Starting enable trusted cert."); - if cert_paths.add_cert_paths().is_err() { - error!(LOG_LABEL, "Add trusted cert path err."); - } - // enable developer certs info!(LOG_LABEL, "Starting enable developer cert."); - if add_profile_cert_path(&root_cert, &cert_paths).is_err() { - error!(LOG_LABEL, "Add cert path from local profile err."); + let start_time = Instant::now(); + loop { + if check_and_add_cert_path(&root_cert, &cert_paths) { + break; + } else if start_time.elapsed() >= Duration::from_secs(PROFILE_SEARCH_SLEEP_OUT_TIME) { + error!(LOG_LABEL, "Timeout while waiting for PROFILE_STORE_EL1."); + break; + } else { + thread::sleep(Duration::from_secs(PROFILE_SEARCH_SLEEP_TIME)); + } } - info!(LOG_LABEL, "Finished cert path adding."); }) } @@ -230,12 +248,16 @@ pub fn enable_all_keys() { enable_trusted_keys(key_id, &root_cert); let cert_paths = get_cert_path(); - let cert_thread = add_cert_path_thread(root_cert, cert_paths); + // enable trusted cert in prebuilt config + if cert_paths.add_cert_paths().is_err() { + error!(LOG_LABEL, "Add trusted cert path err."); + } + + let cert_thread = add_profile_cert_path_thread(root_cert, cert_paths); enable_keys_after_user_unlock(key_id); if let Err(e) = cert_thread.join() { error!(LOG_LABEL, "add cert path thread panicked: {:?}", e); } - info!(LOG_LABEL, "Fnished enable all keys."); } -- Gitee