Cleanup obsolete art apex checks
Module definition of art_apex_boot_integrity is removed in
aosp/I39de908ebe52f06f19781dc024ede619802a3196.
TARGET module com.android.art requires non-existent: art_apex_boot_integrity
This change cleans up remaining references to art_apex_boot_integrity
and removes the source file of art_apex_boot_integrity.
Bug: 7456955
Test: TH; File cleanup. Doesn't affect build.
Change-Id: I61b8f4b09a8f6695975ea1267e5f5c88f64a371f
diff --git a/Android.mk b/Android.mk
index 0cc2881..d8340bd 100644
--- a/Android.mk
+++ b/Android.mk
@@ -320,7 +320,6 @@
LOCAL_MODULE := com.android.art
LOCAL_REQUIRED_MODULES := $(TARGET_ART_APEX)
-LOCAL_REQUIRED_MODULES += art_apex_boot_integrity
# Clear locally used variable.
art_target_include_debug_build :=
diff --git a/build/apex/Android.bp b/build/apex/Android.bp
index 45a8401..99993e4 100644
--- a/build/apex/Android.bp
+++ b/build/apex/Android.bp
@@ -213,7 +213,6 @@
},
key: "com.android.art.key",
required: [
- "art_apex_boot_integrity",
"com.android.i18n",
],
// ART APEXes depend on bouncycastle which is disabled for PDK builds.
diff --git a/build/apex/art_apex_boot_integrity.rc b/build/apex/art_apex_boot_integrity.rc
deleted file mode 100644
index 92f616b..0000000
--- a/build/apex/art_apex_boot_integrity.rc
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright (C) 2019 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# Check that boot classpath files in /data/dalvik-cache have fsverity
-# protection
-
-on post-fs-data
- # TODO: Use apex path once feature is implemented.
- exec - root -- /system/bin/art_apex_boot_integrity
diff --git a/build/apex/art_apex_boot_integrity.sh b/build/apex/art_apex_boot_integrity.sh
deleted file mode 100644
index 36d0f7f..0000000
--- a/build/apex/art_apex_boot_integrity.sh
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/system/bin/sh
-
-# Copyright (C) 2019 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-alias log_info="log -t art_apex -p i"
-alias log_error="log -t art_apex -p f"
-
-log_info "=== ART pre-boot integrity checks ==="
-
-# Measure (and enable) fsverity to see if things are installed. Enable is not
-# idempotent, and we'd need to parse the error string to see whether it says
-# data was installed. Rather do a two-step.
-FILES=`find /data/dalvik-cache -type f -a -name 'system@framework@boot*' -o name 'system@framework@*jar*'`
-
-if [ ! -f "/system/bin/fsverity" ] ; then
- log_error "Device is not fsverity-enabled."
- rm -f $FILES
- exit 0
-fi
-
-for FILE in $FILES ; do
- if [ ! -f "$FILE" ] ; then
- continue # May have deleted already.
- fi
-
- # Check for fsverity protection.
- fsverity measure $FILE || \
- ENABLE_MSG=`fsverity enable $FILE 2>&1` || \
- {
- # No installed data, can't enable - clean up.
- # Note: to avoid side effects, only delete the tested files. To avoid
- # understanding arches here, delete all, even if that may delete
- # too aggressively.
- log_error "Enable failed: $ENABLE_MSG" ;
- rm -f $FILES ;
- exit 1 ;
- }
-
- # Check for integrity.
- INTEGRITY_MSG=`dd if=$FILE of=/dev/null bs=4k 2>&1` || \
- { log_error "Integrity failed: $INTEGRITY_MSG" ; rm -f $FILES ; exit 2 ; }
-done