控制不同形态的xpm_mode

Signed-off-by: yeyuning <yeyuning2@huawei.com>
Change-Id: I0265af3b1cacb0f8df94ed5a8c7c379a7a3abc7e

bundle.json

@@ -17,7 +17,8 @@
       "//base/security/code_signature/hisysevent.yaml"
     ],
     "features": [
-      "code_signature_support_oh_code_sign"
+      "code_signature_support_oh_code_sign",
+      "code_signature_enable_xpm_mode"
     ],
     "adapted_system_type": [ "standard" ],
     "rom": "1024KB",

code_signature.gni

@@ -21,4 +21,5 @@ third_party_securec_dir = "//third_party/bounds_checking_function"
 declare_args() {
   code_signature_support_openharmony_ca = true
   code_signature_support_oh_code_sign = false
+  code_signature_enable_xpm_mode = false
 }

services/key_enable/BUILD.gn

@@ -82,7 +82,11 @@ ohos_prebuilt_etc("trusted_cert_path_test") {
 }
 
 ohos_prebuilt_etc("key_enable.cfg") {
-  source = "key_enable.cfg"
+  if (code_signature_enable_xpm_mode) {
+    source = "cfg/key_enable.enable_xpm.cfg"
+  } else {
+    source = "cfg/key_enable.disable_xpm.cfg"
+  }
   relative_install_dir = "init"
   subsystem_name = "security"
   part_name = "code_signature"

services/key_enable/cfg/key_enable.disable_xpm.cfg

@@ -1,28 +1,28 @@
-{
-    "jobs" : [{
-            "name" : "post-fs-data",
-            "cmds" : [
-                "write /proc/sys/fs/verity/require_signatures 1",
-                "mkdir /data/service/el0/profiles 0655 installs installs",
-                "mkdir /data/service/el0/profiles/developer 0655 installs installs",
-                "mkdir /data/service/el0/profiles/debug 0655 installs installs"
-            ]
-        }, {
-            "name" : "init",
-            "cmds" : [
-                "start key_enable"
-            ]
-        }
-    ],
-    "services" : [{
-            "name" : "key_enable",
-            "path" : ["/system/bin/key_enable"],
-            "importance" : -20,
-            "uid" : "root",
-            "gid" : ["root"],
-            "secon" : "u:r:key_enable:s0",
-            "start-mode": "condition",
-            "once": 1
-        }
-    ]
+{
+    "jobs" : [{
+            "name" : "post-fs-data",
+            "cmds" : [
+                "write /proc/sys/fs/verity/require_signatures 1",
+                "mkdir /data/service/el0/profiles 0655 installs installs",
+                "mkdir /data/service/el0/profiles/developer 0655 installs installs",
+                "mkdir /data/service/el0/profiles/debug 0655 installs installs"
+            ]
+        }, {
+            "name" : "init",
+            "cmds" : [
+                "start key_enable"
+            ]
+        }
+    ],
+    "services" : [{
+            "name" : "key_enable",
+            "path" : ["/system/bin/key_enable"],
+            "importance" : -20,
+            "uid" : "root",
+            "gid" : ["root"],
+            "secon" : "u:r:key_enable:s0",
+            "start-mode": "condition",
+            "once": 1
+        }
+    ]
 }

services/key_enable/cfg/key_enable.enable_xpm.cfg

@@ -0,0 +1,33 @@
+{
+    "jobs" : [{
+            "name" : "post-fs-data",
+            "cmds" : [
+                "write /proc/sys/fs/verity/require_signatures 1",
+                "mkdir /data/service/el0/profiles 0655 installs installs",
+                "mkdir /data/service/el0/profiles/developer 0655 installs installs",
+                "mkdir /data/service/el0/profiles/debug 0655 installs installs"
+            ]
+        }, {
+            "name" : "init",
+            "cmds" : [
+                "start key_enable"
+            ]
+        }, {
+            "name" : "pre-init",
+            "cmds" : [
+                "write /proc/sys/kernel/xpm/xpm_mode 1",
+            ]
+        }
+    ],
+    "services" : [{
+            "name" : "key_enable",
+            "path" : ["/system/bin/key_enable"],
+            "importance" : -20,
+            "uid" : "root",
+            "gid" : ["root"],
+            "secon" : "u:r:key_enable:s0",
+            "start-mode": "condition",
+            "once": 1
+        }
+    ]
+}