Only accept binary name not path
I think we've discussed this a couple of times, although I can't now
find a link.
There's really no reason to specify a path, it's complicated to
describe, and it might open up weird path traversal attacks,so
disallow it.
Rename setPayloadBinaryPath to setPayloadBinaryName to reflect this
(and rename lots of other things to match). Add a check that it isn't
a path, and a test for that (and fix some other tests that were
breaking the new rule).
Also expand on the Javadoc around ABI & 32/64-bit.
Also add a check inside VS (because checks in the payload code can be
bypassed), and a host test for that.
Note that a VM created with a config file can still specify a path
inside the config file; CompOS relies on that to run code from its
APEX.
Bug: 261037705
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ie59b9c81d13a7a3e4ec62cf874d43bfaf6163431
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 4018d00..b237bab 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -259,7 +259,7 @@
// ? -71001: PayloadConfig
// }
// PayloadConfig = {
- // 1: tstr // payload_binary_path
+ // 1: tstr // payload_binary_name
// }
let mut config_desc = vec![
@@ -278,7 +278,7 @@
encode_negative_number(-71001, &mut config_desc)?;
encode_header(5, 1, &mut config_desc)?; // map(1)
encode_number(1, &mut config_desc)?;
- encode_tstr(&payload_config.payload_binary_path, &mut config_desc)?;
+ encode_tstr(&payload_config.payload_binary_name, &mut config_desc)?;
}
}
@@ -757,7 +757,7 @@
PayloadMetadata::config(payload_config) => {
let task = Task {
type_: TaskType::MicrodroidLauncher,
- command: payload_config.payload_binary_path,
+ command: payload_config.payload_binary_name,
};
Ok(VmPayloadConfig {
os: OsConfig { name: "microdroid".to_owned() },