Reject SPL downgrade OTAs on release-keys devices Test: th Bug: 270459308 Change-Id: I013324b5b97336366d8e8cbe05e6ade91778b747

commit: 3d05f68f3adcfed2fdb1daabdaaebc9d68e8f026 [log] [tgz]
author: Kelvin Zhang <zhangkelvin@google.com> Fri Feb 24 10:50:53 2023 -0800
committer: Kelvin Zhang <zhangkelvin@google.com> Fri Feb 24 10:50:53 2023 -0800
tree: a15c52dd623a1f9edfa7aa28e0daeab51c9d74f4
parent: b9828d64b468e1e52e6413f9620e5dc324fc884e [diff] [blame]
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index d6c39c6..97fbd51 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py

@@ -1341,6 +1341,14 @@
     source_spl = source_build_prop.GetProp(SECURITY_PATCH_LEVEL_PROP_NAME)
     target_spl = target_build_prop.GetProp(SECURITY_PATCH_LEVEL_PROP_NAME)
     is_spl_downgrade = target_spl < source_spl
+    if is_spl_downgrade and target_build_prop.GetProp("ro.build.tags") == "release-keys":
+      raise common.ExternalError(
+          "Target security patch level {} is older than source SPL {} "
+          "A locked bootloader will reject SPL downgrade no matter "
+          "what(even if data wipe is done), so SPL downgrade on any "
+          "release-keys build is not allowed.".format(target_spl, source_spl))
+
+    logger.info("SPL downgrade on %s", target_build_prop.GetProp("ro.build.tags"))
     if is_spl_downgrade and not OPTIONS.spl_downgrade and not OPTIONS.downgrade:
       raise common.ExternalError(
           "Target security patch level {} is older than source SPL {} applying "
commit	3d05f68f3adcfed2fdb1daabdaaebc9d68e8f026	[log] [tgz]
author	Kelvin Zhang <zhangkelvin@google.com>	Fri Feb 24 10:50:53 2023 -0800
committer	Kelvin Zhang <zhangkelvin@google.com>	Fri Feb 24 10:50:53 2023 -0800
tree	a15c52dd623a1f9edfa7aa28e0daeab51c9d74f4
parent	b9828d64b468e1e52e6413f9620e5dc324fc884e [diff] [blame]