blob: 01dfaa076094a68d8861cdf687987da1435ec902 [file] [log] [blame]
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "Start the cryptohome daemon"
author "chromium-os-dev@chromium.org"
# Starts the cryptohome daemon, which handles mounting and
# unmounting users' encrypted home directories. Also supports
# offline login checks.
start on started boot-services and started tcsd and started chapsd
stop on stopping boot-services
respawn
env OLD_ATTESTATION_PATH="/mnt/stateful_partition/home/.shadow/attestation.epb"
env NEW_ATTESTATION_PATH="/mnt/stateful_partition/unencrypted/preserve/attestation.epb"
# If attestation.epb still exists in its old location, move it to the new
# location where cryptohome will look for it.
pre-start script
# Paths under the stateful partition cannot be trusted. Only operate
# on them after verifying that they don't contain symlinks pointing
# elsewhere.
has_symlink() {
local path="$1"
[ "$(realpath "${path}")" != "${path}" ]
}
if [ -f "${OLD_ATTESTATION_PATH}" ] &&
! has_symlink "${OLD_ATTESTATION_PATH}" &&
! has_symlink "${NEW_ATTESTATION_PATH}"; then
mv "${OLD_ATTESTATION_PATH}" "${NEW_ATTESTATION_PATH}"
fi
end script
expect fork
exec cryptohomed --noclose