Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 068f6d448c7f723f325beb60c1abb45bcdd767c6^! / . / microdroid_manager
commit068f6d448c7f723f325beb60c1abb45bcdd767c6[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Mon Oct 09 10:13:03 2023 +0100
committerAlan Stokes <alanstokes@google.com>Fri Oct 13 11:30:09 2023 +0100
treeb346002946c7e3617ca6224fe2c7177633027ec3
parentac9e7e09e81fec4fad6ec40aa537e7791f51d83c [diff]
Parse APK manifest to extract version etc

Add libapkmanifest to encapsulate the parsing, with a small C++
library on top of libandroidfw.

Extract the zip-handling code from libapkverify into a separate
libapkzip, and fix up a bunch of tests tests, to keep the build happy.

We don't do anything with the manifest information except log it; more
to come in another CL.

Bug: 299591171
Test: atest libapkzip.test libapkverify.integration_test
      libapkverify.test
Test: Manual - run VM, inspect logs.
Change-Id: I56d3bb7309d43ecb598a33320705d31948710f83

diff --git a/microdroid_manager/Android.bp b/microdroid_manager/Android.bp
index c91519c..db65193 100644
--- a/microdroid_manager/Android.bp
+++ b/microdroid_manager/Android.bp

@@ -16,6 +16,7 @@
         "android.system.virtualization.payload-rust",
         "libandroid_logger",
         "libanyhow",
+        "libapkmanifest",
         "libavflog",
         "libapexutil_rust",
         "libapkverify",

diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index dd0ddbb..491d4de 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs

@@ -34,12 +34,13 @@
 };
 use anyhow::{anyhow, bail, ensure, Context, Error, Result};
 use apkverify::{get_public_key_der, verify, V4Signature};
+use apkmanifest::get_manifest_info;
 use binder::Strong;
 use diced_open_dice::OwnedDiceArtifacts;
 use glob::glob;
 use itertools::sorted;
 use libc::VMADDR_CID_HOST;
-use log::{error, info};
+use log::{error, info, warn};
 use keystore2_crypto::ZVec;
 use microdroid_metadata::{write_metadata, Metadata, PayloadMetadata};
 use microdroid_payload_config::{OsConfig, Task, TaskType, VmPayloadConfig};
@@ -424,7 +425,7 @@
     zipfuse.mount(
         MountForExec::Allowed,
         "fscontext=u:object_r:zipfusefs:s0,context=u:object_r:system_file:s0",
-        Path::new("/dev/block/mapper/microdroid-apk"),
+        Path::new(DM_MOUNTED_APK_PATH),
         Path::new(VM_APK_CONTENTS_PATH),
         "microdroid_manager.apk.mounted".to_owned(),
     )?;
@@ -776,14 +777,25 @@
 
 fn get_public_key_from_apk(apk: &str, root_hash_trustful: bool) -> Result<Box<[u8]>> {
     let current_sdk = get_current_sdk()?;
-    if !root_hash_trustful {
+
+    let public_key_der = if !root_hash_trustful {
         verify(apk, current_sdk).context(MicrodroidError::PayloadVerificationFailed(format!(
             "failed to verify {}",
             apk
-        )))
+        )))?
     } else {
-        get_public_key_der(apk, current_sdk)
-    }
+        get_public_key_der(apk, current_sdk)?
+    };
+
+    match get_manifest_info(apk) {
+        Ok(manifest_info) => {
+            // TODO (b/299591171): Do something with this info
+            info!("Manifest info is {manifest_info:?}")
+        }
+        Err(e) => warn!("Failed to read manifest info from APK: {e:?}"),
+    };
+
+    Ok(public_key_der)
 }
 
 fn get_current_sdk() -> Result<u32> {