/*
|
* Copyright (C) 2018 The Android Open Source Project
|
*
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
* you may not use this file except in compliance with the License.
|
* You may obtain a copy of the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing, software
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
* See the License for the specific language governing permissions and
|
* limitations under the License.
|
*/
|
|
#include "boringssl_self_test.h"
|
|
#include <android-base/logging.h>
|
#include <cutils/android_reboot.h>
|
#include <openssl/crypto.h>
|
#include <sys/types.h>
|
#include <unistd.h>
|
|
namespace android {
|
namespace init {
|
|
Result<Success> StartBoringSslSelfTest(const BuiltinArguments&) {
|
pid_t id = fork();
|
|
if (id == 0) {
|
if (BORINGSSL_self_test() != 1) {
|
LOG(INFO) << "BoringSSL crypto self tests failed";
|
|
// This check has failed, so the device should refuse
|
// to boot. Rebooting to bootloader to wait for
|
// further action from the user.
|
|
int result = android_reboot(ANDROID_RB_RESTART2, 0,
|
"bootloader,boringssl-self-check-failed");
|
if (result != 0) {
|
LOG(ERROR) << "Failed to reboot into bootloader";
|
}
|
}
|
|
_exit(0);
|
} else if (id == -1) {
|
// Failed to fork, so cannot run the test. Refuse to continue.
|
PLOG(FATAL) << "Failed to fork for BoringSSL self test";
|
}
|
|
return Success();
|
}
|
|
} // namespace init
|
} // namespace android
|
