Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 8f12f2b7aa3bec1132ade6146a548991830bd111^! / . / javalib / api
commit8f12f2b7aa3bec1132ade6146a548991830bd111[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Mon Jan 09 09:19:20 2023 +0000
committerAlan Stokes <alanstokes@google.com>Mon Jan 09 16:57:42 2023 +0000
treea0cf5cf42f5c6eb58f3b448e2e52d02744dbe05a
parent5d786d39273a9971a0b46ec28e438f7a0a2b537b [diff]
Only accept binary name not path

I think we've discussed this a couple of times, although I can't now
find a link.

There's really no reason to specify a path, it's complicated to
describe, and it might open up weird path traversal attacks,so
disallow it.

Rename setPayloadBinaryPath to setPayloadBinaryName to reflect this
(and rename lots of other things to match). Add a check that it isn't
a path, and a test for that (and fix some other tests that were
breaking the new rule).

Also expand on the Javadoc around ABI & 32/64-bit.

Also add a check inside VS (because checks in the payload code can be
bypassed), and a host test for that.

Note that a VM created with a config file can still specify a path
inside the config file; CompOS relies on that to run code from its
APEX.

Bug: 261037705
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ie59b9c81d13a7a3e4ec62cf874d43bfaf6163431

diff --git a/javalib/api/system-current.txt b/javalib/api/system-current.txt
index 30e437b..71bdf13 100644
--- a/javalib/api/system-current.txt
+++ b/javalib/api/system-current.txt

@@ -61,7 +61,7 @@
     method @IntRange(from=0) public long getEncryptedStorageKib();
     method @IntRange(from=0) public int getMemoryMib();
     method @IntRange(from=1) public int getNumCpus();
-    method @Nullable public String getPayloadBinaryPath();
+    method @Nullable public String getPayloadBinaryName();
     method public boolean isCompatibleWith(@NonNull android.system.virtualmachine.VirtualMachineConfig);
     method public boolean isEncryptedStorageEnabled();
     method public boolean isProtectedVm();
@@ -77,7 +77,7 @@
     method @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setEncryptedStorageKib(@IntRange(from=1) long);
     method @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setMemoryMib(@IntRange(from=1) int);
     method @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setNumCpus(@IntRange(from=1) int);
-    method @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setPayloadBinaryPath(@NonNull String);
+    method @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setPayloadBinaryName(@NonNull String);
     method @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setProtectedVm(boolean);
   }