Don't run postinstall script from untrusted rootfs as part of rollback.
During Rollback, we don't currently verify the other partition is actually
a Chrome OS image. Given that, we can't trust their postinstall (yet).
This CL just has us run our own postinstall which switches partitions.
BUG=chromium:366207
TEST=Unittests + integration run in a VM.
Change-Id: I2d267f8a5eaa7c3c56a18f4aaefdda2709deb0fd
Reviewed-on: https://chromium-review.googlesource.com/196665
Tested-by: Chris Sosa <sosa@chromium.org>
Reviewed-by: Alex Deymo <deymo@chromium.org>
Commit-Queue: Chris Sosa <sosa@chromium.org>
diff --git a/postinstall_runner_action.cc b/postinstall_runner_action.cc
index f8bcc36..1b3af2f 100644
--- a/postinstall_runner_action.cc
+++ b/postinstall_runner_action.cc
@@ -84,7 +84,13 @@
// Runs the postinstall script asynchronously to free up the main loop while
// it's running.
vector<string> command;
- command.push_back(temp_rootfs_dir_ + kPostinstallScript);
+ if (!install_plan_.download_url.empty()) {
+ command.push_back(temp_rootfs_dir_ + kPostinstallScript);
+ } else {
+ // TODO(sosa): crbug.com/366207.
+ // If we're doing a rollback, just run our own postinstall.
+ command.push_back(kPostinstallScript);
+ }
command.push_back(install_device);
if (!Subprocess::Get().Exec(command, StaticCompletePostinstall, this)) {
CompletePostinstall(1);
diff --git a/postinstall_runner_action_unittest.cc b/postinstall_runner_action_unittest.cc
index 891afc5..be77e08 100644
--- a/postinstall_runner_action_unittest.cc
+++ b/postinstall_runner_action_unittest.cc
@@ -171,6 +171,7 @@
ObjectFeederAction<InstallPlan> feeder_action;
InstallPlan install_plan;
install_plan.install_path = dev;
+ install_plan.download_url = "http://devserver:8080/update";
install_plan.powerwash_required = powerwash_required;
feeder_action.set_obj(install_plan);
PostinstallRunnerAction runner_action(powerwash_marker_file.c_str());