Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 2cb8e7397b171e0eea0d0c16e099a004da157e80^! / . / guest / microdroid_manager / src
commit2cb8e7397b171e0eea0d0c16e099a004da157e80[log] [tgz]
authorNikita Ioffe <ioffe@google.com>Tue Feb 04 00:41:51 2025 +0000
committerNikita Ioffe <ioffe@google.com>Wed Feb 05 15:26:20 2025 +0000
treeb9bdb692d2fea62f2fca6a94fae251aa3119da6c
parenta73451a6da8530004db0f129f472acc531f10b86 [diff]
If rollback_index is specified use it in the dice chain of pVM

Ideally the subcomponents part of the payload node should have both
version and security_version, but this is not the case for now. Hence we
just override the security_version with the value of rollback_index.

Bug: 378681279
Test: atest MicrodroidTests
Change-Id: I3c4ecb0f7d725bd76347bdac1caa62b3c9106e06

diff --git a/guest/microdroid_manager/src/dice.rs b/guest/microdroid_manager/src/dice.rs
index dd5375f..7952210 100644
--- a/guest/microdroid_manager/src/dice.rs
+++ b/guest/microdroid_manager/src/dice.rs

@@ -100,7 +100,10 @@
     fn for_apk(apk: &ApkData) -> Self {
         Self {
             name: format!("apk:{}", apk.package_name),
-            version: apk.version_code,
+            // Ideally we would want to log both rollback_index and apk version code in dice. There
+            // is even a separate field called security_version_code, but it looks like it is not
+            // used in subcomponents, so for now log the rollback index as version code.
+            version: apk.rollback_index.map(u64::from).unwrap_or(apk.version_code),
             code_hash: apk.root_hash.clone(),
             authority_hash: apk.cert_hash.clone(),
         }

diff --git a/guest/microdroid_manager/src/instance.rs b/guest/microdroid_manager/src/instance.rs
index d3a597a..a5f0d66 100644
--- a/guest/microdroid_manager/src/instance.rs
+++ b/guest/microdroid_manager/src/instance.rs

@@ -290,6 +290,7 @@
     pub cert_hash: Vec<u8>,
     pub package_name: String,
     pub version_code: u64,
+    pub rollback_index: Option<u32>,
 }
 
 impl ApkData {

diff --git a/guest/microdroid_manager/src/verify.rs b/guest/microdroid_manager/src/verify.rs
index ec8d66e..2d46b1f 100644
--- a/guest/microdroid_manager/src/verify.rs
+++ b/guest/microdroid_manager/src/verify.rs

@@ -203,6 +203,7 @@
         cert_hash,
         package_name: manifest_info.package,
         version_code: manifest_info.version_code,
+        rollback_index: manifest_info.rollback_index,
     })
 }