Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / 382df5ce2f4b67bf0998b01c6fedcdb5c35ebef9^! / . / scripts / update_payload / payload.py
commit382df5ce2f4b67bf0998b01c6fedcdb5c35ebef9[log] [tgz]
authorGilad Arnold <garnold@chromium.org>Fri May 03 12:49:28 2013 -0700
committerChromeBot <chrome-bot@google.com>Tue May 07 00:03:14 2013 -0700
treef134f56266c93512a10f7d8fff5bd06bd15e70a5
parente73dad9a9ea7121c9e80448dbda154c2510a860f [diff] [blame]
paycheck: enforce physical partition size correctly

During payload checking, payload has wrongly interpreted the size
reported in the update payload to be the physical partition size,
whereas this is in fact the size of the filesystem portion only (a
misnomer). This sometimes caused it to emit errors on out-of-bounds
operations, which are otherwise harmless in real-world scenarios.

This CL makes a clear distinction between the two, with the following
semantics:

- The payload's embedded filesystem size must by <= the physical
  partition sizes.

- Reading/writing from/to the new partition must be within the physical
  partition size boundaries, and not the filesystem ones.

- Reading from the old partition is only allowed from filesystem
  boundaries; this is unchanged from current behavior and appears to be
  consistent with how we perform delta updates.

- Old/new SHA256 verification during payload application is now limited
  to the allotted filesystem portion only (and not the full partition
  size). This is consistent with the update engine's semantics.

- Other than that, this change currently has no further effect on
  payload application, which remains more permissive wrt to partition
  sizes.  This also means that the sizes of partitions resulting from
  a payload application will not necessarily abide by the predetermined
  physical partition sizes.  This is in line with the prevailing
  division of responsibilities between payload checking (strict) and
  application (relaxed).

BUG=chromium:221847
TEST=Payload checking respects partition size override
TEST=Unit tests pass
TEST=Integration tests pass

Change-Id: I0dbc88d538c0cc53b7551f4dfa8f543bcf480cd5
Reviewed-on: https://gerrit.chromium.org/gerrit/50103
Reviewed-by: Gilad Arnold <garnold@chromium.org>
Tested-by: Gilad Arnold <garnold@chromium.org>
Commit-Queue: David James <davidjames@chromium.org>

diff --git a/scripts/update_payload/payload.py b/scripts/update_payload/payload.py
index b4760b2..e432092 100644
--- a/scripts/update_payload/payload.py
+++ b/scripts/update_payload/payload.py

@@ -175,7 +175,8 @@
 
   def Check(self, pubkey_file_name=None, metadata_sig_file=None,
             report_out_file=None, assert_type=None, block_size=0,
-            allow_unhashed=False, disabled_tests=()):
+            rootfs_part_size=0, kernel_part_size=0, allow_unhashed=False,
+            disabled_tests=()):
     """Checks the payload integrity.
 
     Args:
@@ -184,6 +185,8 @@
       report_out_file: file object to dump the report to
       assert_type: assert that payload is either 'full' or 'delta'
       block_size: expected filesystem / payload block size
+      rootfs_part_size: the size of (physical) rootfs partitions in bytes
+      kernel_part_size: the size of (physical) kernel partitions in bytes
       allow_unhashed: allow unhashed operation blobs
       disabled_tests: list of tests to disable
     Raises:
@@ -198,6 +201,8 @@
         allow_unhashed=allow_unhashed, disabled_tests=disabled_tests)
     helper.Run(pubkey_file_name=pubkey_file_name,
                metadata_sig_file=metadata_sig_file,
+               rootfs_part_size=rootfs_part_size,
+               kernel_part_size=kernel_part_size,
                report_out_file=report_out_file)
 
   def Apply(self, dst_kernel_part, dst_rootfs_part, src_kernel_part=None,