Store/Pass root digests of APEX payload

Root digests of APEX payload are now collected by microdroid_manager and
stored in instance.img and passed to apexd.

Bug: 199371341
Test: MicrodroidHostTestCases
Change-Id: I940347068400822f7d8140c3daf68036f553b087
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 204feab..8555892 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -162,14 +162,15 @@
     // Start apkdmverity and wait for the dm-verify block
     system_properties::write("ctl.start", "apkdmverity")?;
 
-    // While waiting for apkdmverity to mount APK, gathers APEX pubkeys from payload.
+    // While waiting for apkdmverity to mount APK, gathers public keys and root digests from
+    // APEX payload.
     let apex_data_from_payload = get_apex_data_from_payload(metadata)?;
     if let Some(saved_data) = saved_data.map(|d| &d.apex_data) {
-        // For APEX payload, we don't support updating their pubkeys
+        // We don't support APEX updates. (assuming that update will change root digest)
         ensure!(saved_data == &apex_data_from_payload, "APEX payloads has changed.");
         let apex_metadata = to_metadata(&apex_data_from_payload);
-        // Pass metadata(with pubkeys) to apexd so that it uses the passed metadata
-        // instead of the default one (/dev/block/by-name/payload-metadata)
+        // Pass metadata(with public keys and root digests) to apexd so that it uses the passed
+        // metadata instead of the default one (/dev/block/by-name/payload-metadata)
         OpenOptions::new()
             .create_new(true)
             .write(true)