Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 185e34cdfe20645a4cf84b72142d15a2dad4f47f^! / . / microdroid_manager / src / payload.rs
commit185e34cdfe20645a4cf84b72142d15a2dad4f47f[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Fri Nov 24 12:28:39 2023 +0000
committerAlan Stokes <alanstokes@google.com>Tue Nov 28 15:54:26 2023 +0000
tree059b02e447b56616b57b50e6d59f02cb61a12228
parenta5fc4d4acab1ed16e62a30371019a596abc50c5a [diff] [blame]
Get apexd to verify manifest data

Send the name and version we read from the manifest to apexd to make
sure it doesn't change.

Remove image hash since we have no use for it.

Put the manifest extraction & verification behind a flag since it now
has the potential to change behavior.

Expand on the comment for verify(), to make it clearer what it does
and doesn't verify.

Bug: 313042092
Test: atest ApexTestCases
Test: atest MicrodroidTests
Test: atest libapexutil_rust.test
Change-Id: Ida6d9e11b3bce5676b744dc945eadb09aa9a822f

diff --git a/microdroid_manager/src/payload.rs b/microdroid_manager/src/payload.rs
index 87f690b..98fe24b 100644
--- a/microdroid_manager/src/payload.rs
+++ b/microdroid_manager/src/payload.rs

@@ -17,7 +17,7 @@
 use crate::instance::ApexData;
 use crate::ioutil::wait_for_file;
 use anyhow::Result;
-use log::info;
+use log::{info, warn};
 use microdroid_metadata::{read_metadata, ApexPayload, Metadata};
 use std::time::Duration;
 
@@ -37,13 +37,19 @@
         .apexes
         .iter()
         .map(|apex| {
-            let name = apex.name.clone();
             let apex_path = format!("/dev/block/by-name/{}", apex.partition_name);
-            let result = apexutil::verify(&apex_path)?;
+            let extracted = apexutil::verify(&apex_path)?;
+            if let Some(manifest_name) = &extracted.name {
+                if &apex.name != manifest_name {
+                    warn!("Apex named {} is named {} in its manifest", apex.name, manifest_name);
+                }
+            };
             Ok(ApexData {
-                name,
-                public_key: result.public_key,
-                root_digest: result.root_digest,
+                name: apex.name.clone(),
+                manifest_name: extracted.name,
+                manifest_version: extracted.version,
+                public_key: extracted.public_key,
+                root_digest: extracted.root_digest,
                 last_update_seconds: apex.last_update_seconds,
                 is_factory: apex.is_factory,
             })
@@ -60,6 +66,8 @@
                 name: data.name.clone(),
                 public_key: data.public_key.clone(),
                 root_digest: data.root_digest.clone(),
+                manifest_name: data.manifest_name.clone().unwrap_or_default(),
+                manifest_version: data.manifest_version.unwrap_or_default(),
                 last_update_seconds: data.last_update_seconds,
                 is_factory: data.is_factory,
                 ..Default::default()