From d2a86b62d7265309d0d1a5d53b640c080c72eca3 Mon Sep 17 00:00:00 2001
From: Victor Hsieh <victorhsieh@google.com>
Date: Wed, 29 Nov 2023 16:34:05 -0800
Subject: Don't block the boot on hashing sepolicy

onBootPhase seems to run sequentially. Moving the work to a background
thread should fix the boot time regression around 15ms.

Bug: 308471499
Test: enable the flag; atest BinaryTransparencyServiceTest
Test: boot and saw sepolicy hash in the log
Change-Id: I0f3ea9f852eb6a12554e995615bdb9b05478f387
---
 .../android/server/BinaryTransparencyService.java    | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/services/core/java/com/android/server/BinaryTransparencyService.java b/services/core/java/com/android/server/BinaryTransparencyService.java
index eb3ec2444210..05d07ae761c1 100644
--- a/services/core/java/com/android/server/BinaryTransparencyService.java
+++ b/services/core/java/com/android/server/BinaryTransparencyService.java
@@ -1464,15 +1464,17 @@ public class BinaryTransparencyService extends SystemService {
         FrameworkStatsLog.write(FrameworkStatsLog.VBMETA_DIGEST_REPORTED, mVbmetaDigest);
 
         if (android.security.Flags.binaryTransparencySepolicyHash()) {
-            byte[] sepolicyHash = PackageUtils.computeSha256DigestForLargeFileAsBytes(
-                    "/sys/fs/selinux/policy", PackageUtils.createLargeFileBuffer());
-            String sepolicyHashEncoded = null;
-            if (sepolicyHash != null) {
-                sepolicyHashEncoded = HexEncoding.encodeToString(sepolicyHash, false);
-                Slog.d(TAG, "sepolicy hash: " + sepolicyHashEncoded);
-            }
-            FrameworkStatsLog.write(FrameworkStatsLog.BOOT_INTEGRITY_INFO_REPORTED,
-                    sepolicyHashEncoded, mVbmetaDigest);
+            IoThread.getExecutor().execute(() -> {
+                byte[] sepolicyHash = PackageUtils.computeSha256DigestForLargeFileAsBytes(
+                        "/sys/fs/selinux/policy", PackageUtils.createLargeFileBuffer());
+                String sepolicyHashEncoded = null;
+                if (sepolicyHash != null) {
+                    sepolicyHashEncoded = HexEncoding.encodeToString(sepolicyHash, false);
+                    Slog.d(TAG, "sepolicy hash: " + sepolicyHashEncoded);
+                }
+                FrameworkStatsLog.write(FrameworkStatsLog.BOOT_INTEGRITY_INFO_REPORTED,
+                        sepolicyHashEncoded, mVbmetaDigest);
+            });
         }
     }
 
-- 
cgit v1.2.3-59-g8ed1b