diff options
author | Treehugger Robot <treehugger-gerrit@google.com> | 2019-03-19 16:40:48 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2019-03-19 16:40:48 +0000 |
commit | aaee497db2b74e55dc1779abb41b294afb954349 (patch) | |
tree | cf9997c94f215b1d2ea165d8761ed134e79203e7 /rootdir | |
parent | d5032392924f451c8a37bb65be5b6d3425ee8ef5 (diff) | |
parent | 66fc7eb195820d9e8e6649495e51b738d41924a5 (diff) | |
download | system_core-aaee497db2b74e55dc1779abb41b294afb954349.tar.gz system_core-aaee497db2b74e55dc1779abb41b294afb954349.tar.bz2 system_core-aaee497db2b74e55dc1779abb41b294afb954349.zip |
Merge "Enable fsverity signature checking"
Diffstat (limited to 'rootdir')
-rw-r--r-- | rootdir/init.rc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc index 0e961631b..8e63a819c 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -424,6 +424,8 @@ on post-fs-data exec -- /system/bin/mini-keyctl dadd asymmetric vendor_cert /vendor/etc/security/cacerts_fsverity .fs-verity # Prevent future key links to fsverity keyring exec -- /system/bin/mini-keyctl restrict_keyring .fs-verity + # Enforce fsverity signature checking + write /proc/sys/fs/verity/require_signatures 1 # Make sure that apexd is started in the default namespace enter_default_mount_ns |