Add maximum timestamp to the payload. Added a new field max_timestamp in the protobuf, from now on update_engine will reject any payload without this field. If the OS build timestamp is newer than the max_timestamp, the payload will also be rejected to prevent downgrade. Bug: 36232423 Test: update_engine_unittests Merged-In: Ib20f5f35aaf41165013bada02bc8720917358237 Change-Id: Ib20f5f35aaf41165013bada02bc8720917358237 (cherry picked from commit 5011df680621eb477cad8b34f03fba5b542cc2f9)

commit: 8e768e9359d01008b286db1f6c54a6c3972a56b9 [log] [tgz]
author: Sen Jiang <senj@google.com> Wed Jun 28 17:13:19 2017 -0700
committer: Sen Jiang <senj@google.com> Tue Oct 24 15:11:43 2017 -0700
tree: 0cae4fb21b0769cca98fb3f511a53a609e8fe3b6
parent: 9ae5f7f85f10997e8a3af2e2afa27891c05fbac7 [diff] [blame]
diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index d6ac16c..a135338 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc

@@ -1416,6 +1416,14 @@
     }
   }
 
+  if (manifest_.max_timestamp() < hardware_->GetBuildTimestamp()) {
+    LOG(ERROR) << "The current OS build timestamp ("
+               << hardware_->GetBuildTimestamp()
+               << ") is newer than the maximum timestamp in the manifest ("
+               << manifest_.max_timestamp() << ")";
+    return ErrorCode::kPayloadTimestampError;
+  }
+
   // TODO(garnold) we should be adding more and more manifest checks, such as
   // partition boundaries etc (see chromium-os:37661).
commit	8e768e9359d01008b286db1f6c54a6c3972a56b9	[log] [tgz]
author	Sen Jiang <senj@google.com>	Wed Jun 28 17:13:19 2017 -0700
committer	Sen Jiang <senj@google.com>	Tue Oct 24 15:11:43 2017 -0700
tree	0cae4fb21b0769cca98fb3f511a53a609e8fe3b6
parent	9ae5f7f85f10997e8a3af2e2afa27891c05fbac7 [diff] [blame]