From 292fcd74b916e739e6f57cd927d7add0e030b896 Mon Sep 17 00:00:00 2001
From: yeyuning <yeyuning2@huawei.com>
Date: Mon, 25 Dec 2023 16:19:49 +0800
Subject: [PATCH] =?UTF-8?q?=E6=8E=A7=E5=88=B6=E4=B8=8D=E5=90=8C=E5=BD=A2?=
 =?UTF-8?q?=E6=80=81=E7=9A=84xpm=5Fmode?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: yeyuning <yeyuning2@huawei.com>
Change-Id: I0265af3b1cacb0f8df94ed5a8c7c379a7a3abc7e
---
 bundle.json                                   |  3 +-
 code_signature.gni                            |  1 +
 services/key_enable/BUILD.gn                  |  6 ++-
 .../key_enable.disable_xpm.cfg}               | 54 +++++++++----------
 .../key_enable/cfg/key_enable.enable_xpm.cfg  | 33 ++++++++++++
 5 files changed, 68 insertions(+), 29 deletions(-)
 rename services/key_enable/{key_enable.cfg => cfg/key_enable.disable_xpm.cfg} (96%)
 create mode 100644 services/key_enable/cfg/key_enable.enable_xpm.cfg

diff --git a/bundle.json b/bundle.json
index bfd4ac4..e899a9e 100644
--- a/bundle.json
+++ b/bundle.json
@@ -17,7 +17,8 @@
       "//base/security/code_signature/hisysevent.yaml"
     ],
     "features": [
-      "code_signature_support_oh_code_sign"
+      "code_signature_support_oh_code_sign",
+      "code_signature_enable_xpm_mode"
     ],
     "adapted_system_type": [ "standard" ],
     "rom": "1024KB",
diff --git a/code_signature.gni b/code_signature.gni
index 9c25ee4..de5e268 100644
--- a/code_signature.gni
+++ b/code_signature.gni
@@ -21,4 +21,5 @@ third_party_securec_dir = "//third_party/bounds_checking_function"
 declare_args() {
   code_signature_support_openharmony_ca = true
   code_signature_support_oh_code_sign = false
+  code_signature_enable_xpm_mode = false
 }
diff --git a/services/key_enable/BUILD.gn b/services/key_enable/BUILD.gn
index 581e4eb..5f9c91e 100644
--- a/services/key_enable/BUILD.gn
+++ b/services/key_enable/BUILD.gn
@@ -82,7 +82,11 @@ ohos_prebuilt_etc("trusted_cert_path_test") {
 }
 
 ohos_prebuilt_etc("key_enable.cfg") {
-  source = "key_enable.cfg"
+  if (code_signature_enable_xpm_mode) {
+    source = "cfg/key_enable.enable_xpm.cfg"
+  } else {
+    source = "cfg/key_enable.disable_xpm.cfg"
+  }
   relative_install_dir = "init"
   subsystem_name = "security"
   part_name = "code_signature"
diff --git a/services/key_enable/key_enable.cfg b/services/key_enable/cfg/key_enable.disable_xpm.cfg
similarity index 96%
rename from services/key_enable/key_enable.cfg
rename to services/key_enable/cfg/key_enable.disable_xpm.cfg
index 3827f73..c0b1b2c 100644
--- a/services/key_enable/key_enable.cfg
+++ b/services/key_enable/cfg/key_enable.disable_xpm.cfg
@@ -1,28 +1,28 @@
-{
-    "jobs" : [{
-            "name" : "post-fs-data",
-            "cmds" : [
-                "write /proc/sys/fs/verity/require_signatures 1",
-                "mkdir /data/service/el0/profiles 0655 installs installs",
-                "mkdir /data/service/el0/profiles/developer 0655 installs installs",
-                "mkdir /data/service/el0/profiles/debug 0655 installs installs"
-            ]
-        }, {
-            "name" : "init",
-            "cmds" : [
-                "start key_enable"
-            ]
-        }
-    ],
-    "services" : [{
-            "name" : "key_enable",
-            "path" : ["/system/bin/key_enable"],
-            "importance" : -20,
-            "uid" : "root",
-            "gid" : ["root"],
-            "secon" : "u:r:key_enable:s0",
-            "start-mode": "condition",
-            "once": 1
-        }
-    ]
+{
+    "jobs" : [{
+            "name" : "post-fs-data",
+            "cmds" : [
+                "write /proc/sys/fs/verity/require_signatures 1",
+                "mkdir /data/service/el0/profiles 0655 installs installs",
+                "mkdir /data/service/el0/profiles/developer 0655 installs installs",
+                "mkdir /data/service/el0/profiles/debug 0655 installs installs"
+            ]
+        }, {
+            "name" : "init",
+            "cmds" : [
+                "start key_enable"
+            ]
+        }
+    ],
+    "services" : [{
+            "name" : "key_enable",
+            "path" : ["/system/bin/key_enable"],
+            "importance" : -20,
+            "uid" : "root",
+            "gid" : ["root"],
+            "secon" : "u:r:key_enable:s0",
+            "start-mode": "condition",
+            "once": 1
+        }
+    ]
 }
\ No newline at end of file
diff --git a/services/key_enable/cfg/key_enable.enable_xpm.cfg b/services/key_enable/cfg/key_enable.enable_xpm.cfg
new file mode 100644
index 0000000..6b6a6dc
--- /dev/null
+++ b/services/key_enable/cfg/key_enable.enable_xpm.cfg
@@ -0,0 +1,33 @@
+{
+    "jobs" : [{
+            "name" : "post-fs-data",
+            "cmds" : [
+                "write /proc/sys/fs/verity/require_signatures 1",
+                "mkdir /data/service/el0/profiles 0655 installs installs",
+                "mkdir /data/service/el0/profiles/developer 0655 installs installs",
+                "mkdir /data/service/el0/profiles/debug 0655 installs installs"
+            ]
+        }, {
+            "name" : "init",
+            "cmds" : [
+                "start key_enable"
+            ]
+        }, {
+            "name" : "pre-init",
+            "cmds" : [
+                "write /proc/sys/kernel/xpm/xpm_mode 1",
+            ]
+        }
+    ],
+    "services" : [{
+            "name" : "key_enable",
+            "path" : ["/system/bin/key_enable"],
+            "importance" : -20,
+            "uid" : "root",
+            "gid" : ["root"],
+            "secon" : "u:r:key_enable:s0",
+            "start-mode": "condition",
+            "once": 1
+        }
+    ]
+}
\ No newline at end of file
-- 
Gitee