| # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start the cryptohome daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| # Starts the cryptohome daemon, which handles mounting and |
| # unmounting users' encrypted home directories. Also supports |
| # offline login checks. |
| start on started boot-services and started tcsd and started chapsd |
| stop on stopping boot-services |
| respawn |
| |
| env OLD_ATTESTATION_PATH="/mnt/stateful_partition/home/.shadow/attestation.epb" |
| env NEW_ATTESTATION_PATH="/mnt/stateful_partition/unencrypted/preserve/attestation.epb" |
| |
| # If attestation.epb still exists in its old location, move it to the new |
| # location where cryptohome will look for it. |
| pre-start script |
| # Paths under the stateful partition cannot be trusted. Only operate |
| # on them after verifying that they don't contain symlinks pointing |
| # elsewhere. |
| has_symlink() { |
| local path="$1" |
| [ "$(realpath "${path}")" != "${path}" ] |
| } |
| |
| if [ -f "${OLD_ATTESTATION_PATH}" ] && |
| ! has_symlink "${OLD_ATTESTATION_PATH}" && |
| ! has_symlink "${NEW_ATTESTATION_PATH}"; then |
| mv "${OLD_ATTESTATION_PATH}" "${NEW_ATTESTATION_PATH}" |
| fi |
| end script |
| |
| expect fork |
| exec cryptohomed --noclose |