Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 25f693688c9a3dc0e4118465fd700f5e11eebb7e^! / . / virtualizationmanager / src / aidl.rs
commit25f693688c9a3dc0e4118465fd700f5e11eebb7e[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Mon Mar 06 16:51:54 2023 +0000
committerAlan Stokes <alanstokes@google.com>Wed Mar 08 09:31:16 2023 +0000
treea80426d7546049a1d3dae8875e6024abeb34bba9
parent787c7b0aecc96c4644fdfc721cab121d17ba0429 [diff] [blame]
Improve APK signature handling

There are two changes here:

- The maxSdk property of a signature is inclusive not exclusive
  (https://source.android.com/docs/security/features/apksigning/v3),
  so our mapping to a Rust Range was wrong.

- We hard-wired the platform SDK as 31; but really we should use the
  version of the platform we're running on.

I thought the APK Verify library shouldn't really be reading
properties, so instead I changed the function signatures to accept the
current SDK version as a parameter. That does mean duplicating the
code to read it in virtualization manager & microdroid manager, but I
can live with that for now.

Bug: 271500509
Bug: 190343842
Test: atest MicrodroidTests
Test: run a VM from an APK signed with minSdk = 33
Change-Id: I7ec7a201d05a6545847eb9b264abe642de883e0b

diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index 48e2431..e015d9d 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs

@@ -48,7 +48,7 @@
 use android_system_virtualmachineservice::aidl::android::system::virtualmachineservice::IVirtualMachineService::{
         BnVirtualMachineService, IVirtualMachineService,
 };
-use anyhow::{bail, Context, Result};
+use anyhow::{anyhow, bail, Context, Result};
 use apkverify::{HashAlgorithm, V4Signature};
 use binder::{
     self, wait_for_interface, BinderFeatures, ExceptionCode, Interface, ParcelFileDescriptor,
@@ -60,6 +60,7 @@
 use microdroid_payload_config::{OsConfig, Task, TaskType, VmPayloadConfig};
 use nix::unistd::pipe;
 use rpcbinder::RpcServer;
+use rustutils::system_properties;
 use semver::VersionReq;
 use std::convert::TryInto;
 use std::ffi::CStr;
@@ -111,8 +112,9 @@
     if !metadata.is_file() {
         bail!("input is not a regular file");
     }
-    let mut sig = V4Signature::create(&mut input, 4096, &[], HashAlgorithm::SHA256)
-        .context("failed to create idsig")?;
+    let mut sig =
+        V4Signature::create(&mut input, get_current_sdk()?, 4096, &[], HashAlgorithm::SHA256)
+            .context("failed to create idsig")?;
 
     let mut output = clone_file(idsig_fd)?;
     output.set_len(0).context("failed to set_len on the idsig output")?;
@@ -120,6 +122,12 @@
     Ok(())
 }
 
+fn get_current_sdk() -> Result<u32> {
+    let current_sdk = system_properties::read("ro.build.version.sdk")?;
+    let current_sdk = current_sdk.ok_or_else(|| anyhow!("SDK version missing"))?;
+    current_sdk.parse().context("Malformed SDK version")
+}
+
 pub fn remove_temporary_files(path: &PathBuf) -> Result<()> {
     for dir_entry in read_dir(path)? {
         remove_file(dir_entry?.path())?;