imageloader: allow Component to search for other keys

This allows us to look for manifest signatures verified with keys
other than the prod key simply by widening the name pattern for
the manifest signature file.

BUG=chromium:697645
TEST=unit tests, platform_ImageLoaderServer, inspect container
  with imageloader.sig.2 and expanded pattern and ensure it parses
  the right key number and finds the signature file

Change-Id: Ie5f635523ac7a81d3bc851b8ae9dfbb2542ba5e1
Reviewed-on: https://chromium-review.googlesource.com/457801
Commit-Ready: Eric Caruso <ejcaruso@chromium.org>
Tested-by: Eric Caruso <ejcaruso@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
3 files changed
tree: f2a8e0d4b5247853ce7d09ef35c13bffbb47ef32
  1. .presubmitignore
  2. README.md
  3. component.cc
  4. component.h
  5. component_unittest.cc
  6. dbus_adaptors/
  7. dbus_permissions/
  8. dbus_service/
  9. helper_process.cc
  10. helper_process.h
  11. imageloader.cc
  12. imageloader.conf
  13. imageloader.gyp
  14. imageloader.h
  15. imageloader_impl.cc
  16. imageloader_impl.h
  17. imageloader_main.cc
  18. imageloader_unittest.cc
  19. imageloader_wrapper
  20. ipc.proto
  21. mock_helper_process.h
  22. mock_verity_mounter.h
  23. mount_helper.cc
  24. mount_helper.h
  25. public_keys/
  26. run_tests.cc
  27. seccomp/
  28. test_utilities.cc
  29. test_utilities.h
  30. testdata/
  31. verity_mounter.cc
  32. verity_mounter.h
README.md

src/platform/imageloader

This aims to provide a generic utility to verify and load (mount) signed disk images through DBUS IPC.

Binaries

  • imageloader

imageloader handles the mounting of disk images. imageloader should be executed via the imageloader_wrapper script, which ensures that imageloader's storage exists and is owned by imageloaderd user. When imageloader is not running, DBus will automatically invoke it. After 20 seconds of inactivity, the service exits.