blob: e63530bc237ca5b761f86f50ac573ad2d695550d [file] [log] [blame]
Alan Stokes1125e012023-10-13 12:31:10 +01001// Copyright 2023 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
Alan Stokes03754962023-11-06 15:36:09 +000015use crate::instance::{ApexData, ApkData, MicrodroidData, RootHash};
16use crate::payload::{get_apex_data_from_payload, to_metadata};
17use crate::{is_strict_boot, is_verified_boot, MicrodroidError};
Alan Stokes1125e012023-10-13 12:31:10 +010018use anyhow::{anyhow, ensure, Context, Result};
19use apkmanifest::get_manifest_info;
20use apkverify::{get_public_key_der, verify, V4Signature};
21use glob::glob;
22use itertools::sorted;
23use log::{info, warn};
Alan Stokes03754962023-11-06 15:36:09 +000024use microdroid_metadata::{write_metadata, Metadata};
Alan Stokes1125e012023-10-13 12:31:10 +010025use rand::Fill;
26use rustutils::system_properties;
Alan Stokes03754962023-11-06 15:36:09 +000027use std::fs::OpenOptions;
Alan Stokes1125e012023-10-13 12:31:10 +010028use std::path::Path;
29use std::process::{Child, Command};
30use std::str;
31use std::time::SystemTime;
32
33pub const DM_MOUNTED_APK_PATH: &str = "/dev/block/mapper/microdroid-apk";
34
35const MAIN_APK_PATH: &str = "/dev/block/by-name/microdroid-apk";
36const MAIN_APK_IDSIG_PATH: &str = "/dev/block/by-name/microdroid-apk-idsig";
37const MAIN_APK_DEVICE_NAME: &str = "microdroid-apk";
38const EXTRA_APK_PATH_PATTERN: &str = "/dev/block/by-name/extra-apk-*";
39const EXTRA_IDSIG_PATH_PATTERN: &str = "/dev/block/by-name/extra-idsig-*";
40
41const APKDMVERITY_BIN: &str = "/system/bin/apkdmverity";
42
43/// Verify payload before executing it. For APK payload, Full verification (which is slow) is done
44/// when the root_hash values from the idsig file and the instance disk are different. This function
45/// returns the verified root hash (for APK payload) and pubkeys (for APEX payloads) that can be
46/// saved to the instance disk.
47pub fn verify_payload(
48 metadata: &Metadata,
49 saved_data: Option<&MicrodroidData>,
50) -> Result<MicrodroidData> {
51 let start_time = SystemTime::now();
52
53 // Verify main APK
54 let root_hash_from_idsig = get_apk_root_hash_from_idsig(MAIN_APK_IDSIG_PATH)?;
55 let root_hash_trustful =
56 saved_data.map(|d| d.apk_data.root_hash_eq(root_hash_from_idsig.as_ref())).unwrap_or(false);
57
58 // If root_hash can be trusted, pass it to apkdmverity so that it uses the passed root_hash
59 // instead of the value read from the idsig file.
60 let main_apk_argument = {
61 ApkDmverityArgument {
62 apk: MAIN_APK_PATH,
63 idsig: MAIN_APK_IDSIG_PATH,
64 name: MAIN_APK_DEVICE_NAME,
65 saved_root_hash: if root_hash_trustful {
66 Some(root_hash_from_idsig.as_ref())
67 } else {
68 None
69 },
70 }
71 };
72 let mut apkdmverity_arguments = vec![main_apk_argument];
73
74 // Verify extra APKs
75 // For now, we can't read the payload config, so glob APKs and idsigs.
76 // Later, we'll see if it matches with the payload config.
77
78 // sort globbed paths to match apks (extra-apk-{idx}) and idsigs (extra-idsig-{idx})
79 // e.g. "extra-apk-0" corresponds to "extra-idsig-0"
80 let extra_apks =
81 sorted(glob(EXTRA_APK_PATH_PATTERN)?.collect::<Result<Vec<_>, _>>()?).collect::<Vec<_>>();
82 let extra_idsigs =
83 sorted(glob(EXTRA_IDSIG_PATH_PATTERN)?.collect::<Result<Vec<_>, _>>()?).collect::<Vec<_>>();
84 ensure!(
85 extra_apks.len() == extra_idsigs.len(),
86 "Extra apks/idsigs mismatch: {} apks but {} idsigs",
87 extra_apks.len(),
88 extra_idsigs.len()
89 );
90
91 let extra_root_hashes_from_idsig: Vec<_> = extra_idsigs
92 .iter()
93 .map(|idsig| {
94 get_apk_root_hash_from_idsig(idsig).expect("Can't find root hash from extra idsig")
95 })
96 .collect();
97
98 let extra_root_hashes_trustful: Vec<_> = if let Some(data) = saved_data {
99 extra_root_hashes_from_idsig
100 .iter()
101 .enumerate()
102 .map(|(i, root_hash)| data.extra_apk_root_hash_eq(i, root_hash))
103 .collect()
104 } else {
105 vec![false; extra_root_hashes_from_idsig.len()]
106 };
107 let extra_apk_names: Vec<_> =
108 (0..extra_apks.len()).map(|i| format!("extra-apk-{}", i)).collect();
109
110 for (i, extra_apk) in extra_apks.iter().enumerate() {
111 apkdmverity_arguments.push({
112 ApkDmverityArgument {
113 apk: extra_apk.to_str().unwrap(),
114 idsig: extra_idsigs[i].to_str().unwrap(),
115 name: &extra_apk_names[i],
116 saved_root_hash: if extra_root_hashes_trustful[i] {
117 Some(&extra_root_hashes_from_idsig[i])
118 } else {
119 None
120 },
121 }
122 });
123 }
124
125 // Start apkdmverity and wait for the dm-verify block
126 let mut apkdmverity_child = run_apkdmverity(&apkdmverity_arguments)?;
127
128 // While waiting for apkdmverity to mount APK, gathers public keys and root digests from
129 // APEX payload.
130 let apex_data_from_payload = get_apex_data_from_payload(metadata)?;
131
132 // Writing /apex/vm-payload-metadata is to verify that the payload isn't changed.
133 // Skip writing it if the debug policy ignoring identity is on
134 if is_verified_boot() {
135 write_apex_payload_data(saved_data, &apex_data_from_payload)?;
136 }
137
Alan Stokes9a7f67e2023-11-07 09:37:40 +0000138 if cfg!(not(dice_changes)) {
139 // Start apexd to activate APEXes
140 system_properties::write("ctl.start", "apexd-vm")?;
141 }
Alan Stokes1125e012023-10-13 12:31:10 +0100142
143 // TODO(inseob): add timeout
144 apkdmverity_child.wait()?;
145
146 // Do the full verification if the root_hash is un-trustful. This requires the full scanning of
147 // the APK file and therefore can be very slow if the APK is large. Note that this step is
148 // taken only when the root_hash is un-trustful which can be either when this is the first boot
149 // of the VM or APK was updated in the host.
150 // TODO(jooyung): consider multithreading to make this faster
Alan Stokes9b8b8ec2023-10-13 15:58:11 +0100151
152 let main_apk_data =
153 get_data_from_apk(DM_MOUNTED_APK_PATH, root_hash_from_idsig, root_hash_trustful)?;
154
Alan Stokes1125e012023-10-13 12:31:10 +0100155 let extra_apks_data = extra_root_hashes_from_idsig
156 .into_iter()
157 .enumerate()
158 .map(|(i, extra_root_hash)| {
159 let mount_path = format!("/dev/block/mapper/{}", &extra_apk_names[i]);
Alan Stokes9b8b8ec2023-10-13 15:58:11 +0100160 get_data_from_apk(&mount_path, extra_root_hash, extra_root_hashes_trustful[i])
Alan Stokes1125e012023-10-13 12:31:10 +0100161 })
162 .collect::<Result<Vec<_>>>()?;
163
164 info!("payload verification successful. took {:#?}", start_time.elapsed().unwrap());
165
Alan Stokes9b8b8ec2023-10-13 15:58:11 +0100166 // At this point, we can ensure that the root hashes from the idsig files are trusted, either
167 // because we have fully verified the APK signature (and apkdmverity checks all the data we
168 // verified is consistent with the root hash) or because we have the saved APK data which will
169 // be checked as identical to the data we have verified.
170
Alan Stokes1125e012023-10-13 12:31:10 +0100171 // Use the salt from a verified instance, or generate a salt for a new instance.
172 let salt = if let Some(saved_data) = saved_data {
173 saved_data.salt.clone()
174 } else if is_strict_boot() {
175 // No need to add more entropy as a previous stage must have used a new, random salt.
176 vec![0u8; 64]
177 } else {
178 let mut salt = vec![0u8; 64];
179 salt.as_mut_slice().try_fill(&mut rand::thread_rng())?;
180 salt
181 };
182
Alan Stokes1125e012023-10-13 12:31:10 +0100183 Ok(MicrodroidData {
184 salt,
Alan Stokes9b8b8ec2023-10-13 15:58:11 +0100185 apk_data: main_apk_data,
Alan Stokes1125e012023-10-13 12:31:10 +0100186 extra_apks_data,
187 apex_data: apex_data_from_payload,
188 })
189}
190
Alan Stokes9b8b8ec2023-10-13 15:58:11 +0100191fn get_data_from_apk(
192 apk_path: &str,
193 root_hash: Box<RootHash>,
194 root_hash_trustful: bool,
195) -> Result<ApkData> {
196 let pubkey = get_public_key_from_apk(apk_path, root_hash_trustful)?;
197 // Read package name etc from the APK manifest. In the unlikely event that they aren't present
198 // we use the default values. We simply put these values in the DICE node for the payload, and
199 // users of that can decide how to handle blank information - there's no reason for us
200 // to fail starting a VM even with such a weird APK.
201 let manifest_info = get_manifest_info(apk_path)
202 .map_err(|e| warn!("Failed to read manifest info from APK: {e:?}"))
203 .unwrap_or_default();
204
205 Ok(ApkData {
206 root_hash,
207 pubkey,
208 package_name: manifest_info.package,
209 version_code: manifest_info.version_code,
210 })
211}
212
Alan Stokes03754962023-11-06 15:36:09 +0000213fn write_apex_payload_data(
214 saved_data: Option<&MicrodroidData>,
215 apex_data_from_payload: &[ApexData],
216) -> Result<()> {
217 if let Some(saved_apex_data) = saved_data.map(|d| &d.apex_data) {
218 // We don't support APEX updates. (assuming that update will change root digest)
219 ensure!(
220 saved_apex_data == apex_data_from_payload,
221 MicrodroidError::PayloadChanged(String::from("APEXes have changed."))
222 );
223 let apex_metadata = to_metadata(apex_data_from_payload);
224 // Pass metadata(with public keys and root digests) to apexd so that it uses the passed
225 // metadata instead of the default one (/dev/block/by-name/payload-metadata)
226 OpenOptions::new()
227 .create_new(true)
228 .write(true)
229 .open("/apex/vm-payload-metadata")
230 .context("Failed to open /apex/vm-payload-metadata")
231 .and_then(|f| write_metadata(&apex_metadata, f))?;
232 }
233 Ok(())
234}
235
Alan Stokes1125e012023-10-13 12:31:10 +0100236fn get_apk_root_hash_from_idsig<P: AsRef<Path>>(idsig_path: P) -> Result<Box<RootHash>> {
237 Ok(V4Signature::from_idsig_path(idsig_path)?.hashing_info.raw_root_hash)
238}
239
240fn get_public_key_from_apk(apk: &str, root_hash_trustful: bool) -> Result<Box<[u8]>> {
241 let current_sdk = get_current_sdk()?;
242
Alan Stokes9b8b8ec2023-10-13 15:58:11 +0100243 if !root_hash_trustful {
Alan Stokes1125e012023-10-13 12:31:10 +0100244 verify(apk, current_sdk).context(MicrodroidError::PayloadVerificationFailed(format!(
245 "failed to verify {}",
246 apk
Alan Stokes9b8b8ec2023-10-13 15:58:11 +0100247 )))
Alan Stokes1125e012023-10-13 12:31:10 +0100248 } else {
Alan Stokes9b8b8ec2023-10-13 15:58:11 +0100249 get_public_key_der(apk, current_sdk)
250 }
Alan Stokes1125e012023-10-13 12:31:10 +0100251}
252
253fn get_current_sdk() -> Result<u32> {
254 let current_sdk = system_properties::read("ro.build.version.sdk")?;
255 let current_sdk = current_sdk.ok_or_else(|| anyhow!("SDK version missing"))?;
256 current_sdk.parse().context("Malformed SDK version")
257}
258
259struct ApkDmverityArgument<'a> {
260 apk: &'a str,
261 idsig: &'a str,
262 name: &'a str,
263 saved_root_hash: Option<&'a RootHash>,
264}
265
266fn run_apkdmverity(args: &[ApkDmverityArgument]) -> Result<Child> {
267 let mut cmd = Command::new(APKDMVERITY_BIN);
268
269 for argument in args {
270 cmd.arg("--apk").arg(argument.apk).arg(argument.idsig).arg(argument.name);
271 if let Some(root_hash) = argument.saved_root_hash {
272 cmd.arg(&hex::encode(root_hash));
273 } else {
274 cmd.arg("none");
275 }
276 }
277
278 cmd.spawn().context("Spawn apkdmverity")
279}