blob: 0ec24c5d478dd2ff2a44efe3da8884fdc69ff219 [file] [log] [blame]
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "Start the cryptohome daemon"
author ""
# Starts the cryptohome daemon, which handles mounting and
# unmounting users' encrypted home directories. Also supports
# offline login checks.
start on started boot-services and started tcsd and started chapsd
stop on stopping boot-services
# Where we store the attestation-based enterprise enrollment data. The
# daemon will check for this environment variable and read the file at
# startup before forking.
env ABE_DATA_FILE=/run/cryptohomed.abe_data
env OLD_ATTESTATION_PATH="/mnt/stateful_partition/home/.shadow/attestation.epb"
env NEW_ATTESTATION_PATH="/mnt/stateful_partition/unencrypted/preserve/attestation.epb"
# Set in the ebuild.
# If attestation.epb still exists in its old location, move it to the new
# location where cryptohome will look for it.
pre-start script
# Paths under the stateful partition cannot be trusted. Only operate
# on them after verifying that they don't contain symlinks pointing
# elsewhere.
has_symlink() {
local path="$1"
[ "$(realpath "${path}")" != "${path}" ]
if [ -f "${OLD_ATTESTATION_PATH}" ] &&
! has_symlink "${OLD_ATTESTATION_PATH}" &&
! has_symlink "${NEW_ATTESTATION_PATH}"; then
(vpd -g stable_device_secret_DO_NOT_SHARE || printf '') >$ABE_DATA_FILE
end script
expect fork
exec cryptohomed --noclose ${DIRENCRYPTION_FLAG}
post-start exec rm -f $ABE_DATA_FILE