apkmanifest: parse fields related to relaxed rollback protection scheme
In case a Microdroid pVM wants to opt in a relaxed rollback protection
scheme it needs to have the following things defined in its manifest:
* <uses-permission USE_RELAXED_MICRODROID_ROLLBACK_PROTECTION>
* set android.system.virtualmachine.ROLLBACK_INDEX <property>
In case only one of the two things is defined, the VM won't boot. This
is enforced by microdroid_manager (see changes to the verify.rs).
In the follow-up patch these new fields will be used to create a new
more relaxed sealing policy.
Bug: 378681279
Test: atest MicrodroidTests
Change-Id: Iabd12fd47f0eb271f021d5ad466de4f6c0669f2b
diff --git a/guest/microdroid_manager/src/verify.rs b/guest/microdroid_manager/src/verify.rs
index e5d26fc..ec8d66e 100644
--- a/guest/microdroid_manager/src/verify.rs
+++ b/guest/microdroid_manager/src/verify.rs
@@ -16,7 +16,7 @@
use crate::payload::{get_apex_data_from_payload, to_metadata};
use crate::MicrodroidError;
use anyhow::{anyhow, ensure, Context, Result};
-use apkmanifest::get_manifest_info;
+use apkmanifest::{get_manifest_info, ApkManifestInfo};
use apkverify::{extract_signed_data, verify, V4Signature};
use glob::glob;
use itertools::sorted;
@@ -174,6 +174,14 @@
})
}
+fn validate_manifest_info(info: &ApkManifestInfo) -> Result<()> {
+ ensure!(
+ info.has_relaxed_rollback_protection_permission == info.rollback_index.is_some(),
+ MicrodroidError::PayloadVerificationFailed(String::from("to opt in relaxed rollback protection scheme manifest must request android.permission.USE_RELAXED_MICRODROID_ROLLBACK_PROTECTION permission and set the android.system.virtualmachine.ROLLBACK_INDEX property"))
+ );
+ Ok(())
+}
+
fn get_data_from_apk(
apk_path: &str,
root_hash: Box<[u8]>,
@@ -188,6 +196,8 @@
.map_err(|e| warn!("Failed to read manifest info from APK: {e:?}"))
.unwrap_or_default();
+ validate_manifest_info(&manifest_info)?;
+
Ok(ApkData {
root_hash: root_hash.into(),
cert_hash,