arc/setup/priv_code_verifier.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2017 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef ARC_SETUP_PRIV_CODE_VERIFIER_H_
 #define ARC_SETUP_PRIV_CODE_VERIFIER_H_

 #include <memory>
 #include <string>

 #include <base/macros.h>

 #include "arc/setup/boot_lockbox_client.h"

 namespace base {
 class FilePath;
 }  // namespace base

 namespace arc {

 // TODO(xzhou): This class is NOT production-ready yet. arc-setup.cc does not
 // call into this at all. Talk to xzhou/yusukes before using it.

 // A class that verifies the code integrity in /data/dalvik-cache.
 // TODO(xzhou): Write unit test.
 class PrivCodeVerifier {
  public:
   explicit PrivCodeVerifier(
       std::unique_ptr<BootLockboxClient> boot_lockbox_client);
   PrivCodeVerifier(const PrivCodeVerifier&) = delete;
   PrivCodeVerifier& operator=(const PrivCodeVerifier&) = delete;

   ~PrivCodeVerifier();

   // Waits for cryptohomed to be ready before calling to cryptohomed.
   bool WaitForCryptohomed();

   // Checks code integrity using TPM keys. The function does not check
   // whether TPM is ready or not, call IsTpmReady() before this function.
   bool CheckCodeIntegrity(const base::FilePath& dalvik_cache_directory);

   // Verifies the signatures of compiled code.
   bool Verify(const base::FilePath& directory, const std::string& isa);

   // Verifies the integrity of code in |android_data_directory|.
   bool IsCodeValid(const base::FilePath& android_data_directory);

   // Signs the compiled code in |directory|.
   bool Sign(const base::FilePath& directory);

   // Starts patchoat container and relocate boot image.
   bool PatchImage();

   // Checks if TPM is enabled on device.
   bool IsTpmReady();

  private:
   std::unique_ptr<BootLockboxClient> boot_lockbox_client_;
 };

 std::unique_ptr<PrivCodeVerifier> CreatePrivCodeVerifier();

 }  // namespace arc

 #endif  // ARC_SETUP_PRIV_CODE_VERIFIER_H_
	// Copyright 2017 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef ARC_SETUP_PRIV_CODE_VERIFIER_H_
	#define ARC_SETUP_PRIV_CODE_VERIFIER_H_

	#include <memory>
	#include <string>

	#include <base/macros.h>

	#include "arc/setup/boot_lockbox_client.h"

	namespace base {
	class FilePath;
	} // namespace base

	namespace arc {

	// TODO(xzhou): This class is NOT production-ready yet. arc-setup.cc does not
	// call into this at all. Talk to xzhou/yusukes before using it.

	// A class that verifies the code integrity in /data/dalvik-cache.
	// TODO(xzhou): Write unit test.
	class PrivCodeVerifier {
	public:
	explicit PrivCodeVerifier(
	std::unique_ptr<BootLockboxClient> boot_lockbox_client);
	PrivCodeVerifier(const PrivCodeVerifier&) = delete;
	PrivCodeVerifier& operator=(const PrivCodeVerifier&) = delete;

	~PrivCodeVerifier();

	// Waits for cryptohomed to be ready before calling to cryptohomed.
	bool WaitForCryptohomed();

	// Checks code integrity using TPM keys. The function does not check
	// whether TPM is ready or not, call IsTpmReady() before this function.
	bool CheckCodeIntegrity(const base::FilePath& dalvik_cache_directory);

	// Verifies the signatures of compiled code.
	bool Verify(const base::FilePath& directory, const std::string& isa);

	// Verifies the integrity of code in \|android_data_directory\|.
	bool IsCodeValid(const base::FilePath& android_data_directory);

	// Signs the compiled code in \|directory\|.
	bool Sign(const base::FilePath& directory);

	// Starts patchoat container and relocate boot image.
	bool PatchImage();

	// Checks if TPM is enabled on device.
	bool IsTpmReady();

	private:
	std::unique_ptr<BootLockboxClient> boot_lockbox_client_;
	};

	std::unique_ptr<PrivCodeVerifier> CreatePrivCodeVerifier();

	} // namespace arc

	#endif // ARC_SETUP_PRIV_CODE_VERIFIER_H_