APK roothash is trusted
This CL completes the APK verification story in microdroid. Previously,
the roothash of an APK that apkdmverity uses came from the idsig file.
That file (and thus roothash in it) is untrusted because it's not signed
by anyone. It is generated by virtualization service when the VM is
created.
With this CL, the roothash becomes trustful. Specifically, the roothash
is from the instance disk which is encrypted and signed using the per-VM
secret key. When the roothash in the instance disk is none, which
could happen during the initial boot of the VM, we do the full APK verification (by
scanning every bits), and save the roothash in the instance disk. In the
subsequent boots, we skip the full APK verification, but instead compare
the roothash with the saved one. If they differ, the boot is halted.
1) The start of apkdmverity and zipfuse is controlled by
microdroid_manager. This is to NOT start them before the roothash is
read from the instance disk. Previously, this was impossible because
they are started by init while microdroid_manager is running in
background.
2) apkdmverity now uses the bootstrap bionic libraries, because it is
started far before APEXd activates APEXes.
3) microdroid_manager passes the roothash (read from instance disk) to
apkdmverity via a new system property `microdroid_manager.apk_roothash`.
This is preferred over to letting microdroid_manager directly execute
apkdmverity and pass the roothash as a commandline argument. We don't
want to allow microdroid_manager to fork/exec an executable other than
app payload; there already is a selinux neverallow rule for it.
4) microdroid_manager waits for a new sysprop `linkerconfig.ready` to
become `true` before it executes an app payload. Previously, this was
implied because microdroid_manager waits for /mnt/apk which is created
by zipfuse which in turn is executed after the linkerconfig is ready.
Since zipfuse now is started much earlier, we no longer can rely on the
implicit dependency.
Bug: 193504400
Test: atest MicrodroidHostTestCases
Test: run `adb shell /apex/com.android.virt/bin/vm run-app
/data/local/tmp/virt/MicrodroidDemoApp.apk
/data/local/tmp/virt/MicrodroidDemoApp.apk.idsig
/data/local/tmp/virt/instance.img assets/vm_config.json`
... two times.
In the first run:
microdroid_manager[128]: payload verification successful. took 85.705852ms
microdroid_manager[128]: Updating APK roothash: A4BC793C78E1A...
In the second run:
microdroid_manager[128]: payload verification successful. took 56.789795ms
microdroid_manager[128]: Saved roothash is trustful. Not updating
When the same command is invoked after the apk is intentionally
modified, it fails as expected:
init: Service 'microdroid_manager' (pid 128) exited with status 1
oneshot service took 0.202000 seconds in background
Bug: 193504400
Change-Id: I469116d806cf3dae66fe41c04fdfd6bdb843edab
diff --git a/apkdmverity/src/main.rs b/apkdmverity/src/main.rs
index 9d1ef1c..2cc0758 100644
--- a/apkdmverity/src/main.rs
+++ b/apkdmverity/src/main.rs
@@ -28,6 +28,7 @@
use anyhow::{bail, Context, Result};
use clap::{App, Arg};
use idsig::{HashAlgorithm, V4Signature};
+use rustutils::system_properties;
use std::fmt::Debug;
use std::fs;
use std::fs::File;
@@ -61,7 +62,13 @@
let apk = matches.value_of("apk").unwrap();
let idsig = matches.value_of("idsig").unwrap();
let name = matches.value_of("name").unwrap();
- let ret = enable_verity(apk, idsig, name)?;
+ let roothash = if let Ok(val) = system_properties::read("microdroid_manager.apk_roothash") {
+ Some(util::parse_hexstring(&val)?)
+ } else {
+ // This failure is not an error. We will use the roothash read from the idsig file.
+ None
+ };
+ let ret = enable_verity(apk, idsig, name, roothash.as_deref())?;
if matches.is_present("verbose") {
println!(
"data_device: {:?}, hash_device: {:?}, mapper_device: {:?}",
@@ -80,7 +87,12 @@
const BLOCK_SIZE: u64 = 4096;
// Makes a dm-verity block device out of `apk` and its accompanying `idsig` files.
-fn enable_verity<P: AsRef<Path> + Debug>(apk: P, idsig: P, name: &str) -> Result<VerityResult> {
+fn enable_verity<P: AsRef<Path> + Debug>(
+ apk: P,
+ idsig: P,
+ name: &str,
+ roothash: Option<&[u8]>,
+) -> Result<VerityResult> {
// Attach the apk file to a loop device if the apk file is a regular file. If not (i.e. block
// device), we only need to get the size and use the block device as it is.
let (data_device, apk_size) = if fs::metadata(&apk)?.file_type().is_block_device() {
@@ -108,7 +120,11 @@
let target = dm::DmVerityTargetBuilder::default()
.data_device(&data_device, apk_size)
.hash_device(&hash_device)
- .root_digest(&sig.hashing_info.raw_root_hash)
+ .root_digest(if let Some(roothash) = roothash {
+ roothash
+ } else {
+ &sig.hashing_info.raw_root_hash
+ })
.hash_algorithm(match sig.hashing_info.hash_algorithm {
HashAlgorithm::SHA256 => dm::DmVerityHashAlgorithm::SHA256,
})
@@ -167,6 +183,16 @@
}
fn run_test(apk: &[u8], idsig: &[u8], name: &str, check: fn(TestContext)) {
+ run_test_with_hash(apk, idsig, name, None, check);
+ }
+
+ fn run_test_with_hash(
+ apk: &[u8],
+ idsig: &[u8],
+ name: &str,
+ roothash: Option<&[u8]>,
+ check: fn(TestContext),
+ ) {
if should_skip() {
return;
}
@@ -174,7 +200,7 @@
let (apk_path, idsig_path) = prepare_inputs(test_dir.path(), apk, idsig);
// Run the program and register clean-ups.
- let ret = enable_verity(&apk_path, &idsig_path, name).unwrap();
+ let ret = enable_verity(&apk_path, &idsig_path, name, roothash).unwrap();
let ret = scopeguard::guard(ret, |ret| {
loopdevice::detach(ret.data_device).unwrap();
loopdevice::detach(ret.hash_device).unwrap();
@@ -312,7 +338,8 @@
let name = "loop_as_input";
// Run the program WITH the loop devices, not the regular files.
- let ret = enable_verity(apk_loop_device.deref(), idsig_loop_device.deref(), name).unwrap();
+ let ret =
+ enable_verity(apk_loop_device.deref(), idsig_loop_device.deref(), name, None).unwrap();
let ret = scopeguard::guard(ret, |ret| {
loopdevice::detach(ret.data_device).unwrap();
loopdevice::detach(ret.hash_device).unwrap();
@@ -325,4 +352,18 @@
assert_eq!(verity.len(), original.len()); // fail fast
assert_eq!(verity.as_slice(), original.as_slice());
}
+
+ // test with custom roothash
+ #[test]
+ fn correct_custom_roothash() {
+ let apk = include_bytes!("../testdata/test.apk");
+ let idsig = include_bytes!("../testdata/test.apk.idsig");
+ let roothash = V4Signature::from(Cursor::new(&idsig)).unwrap().hashing_info.raw_root_hash;
+ run_test_with_hash(apk.as_ref(), idsig.as_ref(), "correct", Some(&roothash), |ctx| {
+ let verity = fs::read(&ctx.result.mapper_device).unwrap();
+ let original = fs::read(&ctx.result.data_device).unwrap();
+ assert_eq!(verity.len(), original.len()); // fail fast
+ assert_eq!(verity.as_slice(), original.as_slice());
+ });
+ }
}