blob: 90b14b588193893bad75d608e7f2b2717559acab [file] [log] [blame]
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "Start the cryptohome daemon"
author "chromium-os-dev@chromium.org"
# Starts the cryptohome daemon, which handles mounting and
# unmounting users' encrypted home directories. Also supports
# offline login checks.
start on started boot-services and started tcsd and started chapsd
stop on stopping boot-services
respawn
# Where we store the attestation-based enterprise enrollment data. The
# daemon will check for this environment variable and read the file at
# startup before forking.
env ABE_DATA_FILE=/run/cryptohomed.abe_data
env OLD_ATTESTATION_PATH="/mnt/stateful_partition/home/.shadow/attestation.epb"
env NEW_ATTESTATION_PATH="/mnt/stateful_partition/unencrypted/preserve/attestation.epb"
# If attestation.epb still exists in its old location, move it to the new
# location where cryptohome will look for it.
pre-start script
# Paths under the stateful partition cannot be trusted. Only operate
# on them after verifying that they don't contain symlinks pointing
# elsewhere.
has_symlink() {
local path="$1"
[ "$(realpath "${path}")" != "${path}" ]
}
if [ -f "${OLD_ATTESTATION_PATH}" ] &&
! has_symlink "${OLD_ATTESTATION_PATH}" &&
! has_symlink "${NEW_ATTESTATION_PATH}"; then
mv "${OLD_ATTESTATION_PATH}" "${NEW_ATTESTATION_PATH}"
fi
(vpd -g stable_device_secret_DO_NOT_SHARE || printf '') >$ABE_DATA_FILE
end script
expect fork
exec cryptohomed --noclose
post-start exec rm -f $ABE_DATA_FILE