diff options
author | Nikita Ioffe <ioffe@google.com> | 2020-09-10 19:47:03 +0100 |
---|---|---|
committer | Nikita Ioffe <ioffe@google.com> | 2020-09-14 22:28:24 +0100 |
commit | 54347f380cff00f7027d8b25ac33a126bffad5cc (patch) | |
tree | f89dfc876eda240fe18ebb88634d0387203aae0d | |
parent | fe685a3474c59645d2223b8664cfc704d7f44b45 (diff) | |
download | platform_system_apex-54347f380cff00f7027d8b25ac33a126bffad5cc.tar.gz platform_system_apex-54347f380cff00f7027d8b25ac33a126bffad5cc.tar.bz2 platform_system_apex-54347f380cff00f7027d8b25ac33a126bffad5cc.zip |
Cleanup ApexFile interfaces even further
* Move VerifyManifestMatches to apexd.cpp
* Move FindApexes/FindApexFilesByName to apexd_utils.h
Test: atest ApexTestCases
Bug: 165948777
Change-Id: I1983163f5170f238384d2dd1b215ce189b20ccf3
Merged-In: I1983163f5170f238384d2dd1b215ce189b20ccf3
(cherry picked from commit ac2318c4da86cf9bcffd957194ecc86016bddecb)
-rw-r--r-- | apexd/apex_file.cpp | 51 | ||||
-rw-r--r-- | apexd/apex_file.h | 9 | ||||
-rw-r--r-- | apexd/apexd.cpp | 16 | ||||
-rw-r--r-- | apexd/apexd_utils.h | 35 | ||||
-rw-r--r-- | apexd/apexservice_test.cpp | 2 |
5 files changed, 47 insertions, 66 deletions
diff --git a/apexd/apex_file.cpp b/apexd/apex_file.cpp index 282595af..83264d34 100644 --- a/apexd/apex_file.cpp +++ b/apexd/apex_file.cpp @@ -30,7 +30,6 @@ #include <android-base/scopeguard.h> #include <android-base/strings.h> #include <android-base/unique_fd.h> -#include <google/protobuf/util/message_differencer.h> #include <libavb/libavb.h> #include <ziparchive/zip_archive.h> @@ -38,12 +37,10 @@ #include "apexd_utils.h" using android::base::borrowed_fd; -using android::base::EndsWith; using android::base::Error; using android::base::ReadFullyAtOffset; using android::base::Result; using android::base::unique_fd; -using google::protobuf::util::MessageDifferencer; namespace android { namespace apex { @@ -364,53 +361,5 @@ Result<ApexVerityData> ApexFile::VerifyApexVerity( return verityData; } -Result<void> ApexFile::VerifyManifestMatches( - const std::string& mount_path) const { - Result<ApexManifest> verifiedManifest = - ReadManifest(mount_path + "/" + kManifestFilenamePb); - if (!verifiedManifest.ok()) { - return verifiedManifest.error(); - } - - if (!MessageDifferencer::Equals(manifest_, *verifiedManifest)) { - return Errorf( - "Manifest inside filesystem does not match manifest outside it"); - } - - return {}; -} - -Result<std::vector<std::string>> FindApexes( - const std::vector<std::string>& paths) { - std::vector<std::string> result; - for (const auto& path : paths) { - auto exist = PathExists(path); - if (!exist.ok()) { - return exist.error(); - } - if (!*exist) continue; - - const auto& apexes = FindApexFilesByName(path); - if (!apexes.ok()) { - return apexes; - } - - result.insert(result.end(), apexes->begin(), apexes->end()); - } - return result; -} - -Result<std::vector<std::string>> FindApexFilesByName(const std::string& path) { - auto filter_fn = [](const std::filesystem::directory_entry& entry) { - std::error_code ec; - if (entry.is_regular_file(ec) && - EndsWith(entry.path().filename().string(), kApexPackageSuffix)) { - return true; // APEX file, take. - } - return false; - }; - return ReadDir(path, filter_fn); -} - } // namespace apex } // namespace android diff --git a/apexd/apex_file.h b/apexd/apex_file.h index 86478073..a7bc1231 100644 --- a/apexd/apex_file.h +++ b/apexd/apex_file.h @@ -53,9 +53,6 @@ class ApexFile { const std::string& GetFsType() const { return fs_type_; } android::base::Result<ApexVerityData> VerifyApexVerity( const std::string& public_key) const; - // TODO(b/165948777): this doesn't seem to belong to ApexFile? - android::base::Result<void> VerifyManifestMatches( - const std::string& mount_path) const; private: ApexFile(const std::string& apex_path, int32_t image_offset, @@ -76,12 +73,6 @@ class ApexFile { std::string fs_type_; }; -// TODO(b/165948777): this doesn't seem to belong to apex_file.h -android::base::Result<std::vector<std::string>> FindApexes( - const std::vector<std::string>& paths); -android::base::Result<std::vector<std::string>> FindApexFilesByName( - const std::string& path); - } // namespace apex } // namespace android diff --git a/apexd/apexd.cpp b/apexd/apexd.cpp index 3bfaca89..6d30eebd 100644 --- a/apexd/apexd.cpp +++ b/apexd/apexd.cpp @@ -44,6 +44,7 @@ #include <android-base/stringprintf.h> #include <android-base/strings.h> #include <android-base/unique_fd.h> +#include <google/protobuf/util/message_differencer.h> #include <libavb/libavb.h> #include <libdm/dm.h> #include <libdm/dm_table.h> @@ -90,8 +91,8 @@ using android::dm::DeviceMapper; using android::dm::DmDeviceState; using android::dm::DmTable; using android::dm::DmTargetVerity; - using apex::proto::SessionState; +using google::protobuf::util::MessageDifferencer; namespace android { namespace apex { @@ -347,9 +348,16 @@ Result<void> readVerityDevice(const std::string& verity_device, Result<void> VerifyMountedImage(const ApexFile& apex, const std::string& mount_point) { - auto result = apex.VerifyManifestMatches(mount_point); - if (!result.ok()) { - return result; + // Verify that apex_manifest.pb inside mounted image matches the one in the + // outer .apex container. + Result<ApexManifest> verified_manifest = + ReadManifest(mount_point + "/" + kManifestFilenamePb); + if (!verified_manifest.ok()) { + return verified_manifest.error(); + } + if (!MessageDifferencer::Equals(*verified_manifest, apex.GetManifest())) { + return Errorf( + "Manifest inside filesystem does not match manifest outside it"); } if (shim::IsShimApex(apex)) { return shim::ValidateShimApex(mount_point, apex); diff --git a/apexd/apexd_utils.h b/apexd/apexd_utils.h index 73853c90..e0486f92 100644 --- a/apexd/apexd_utils.h +++ b/apexd/apexd_utils.h @@ -36,8 +36,8 @@ #include <cutils/android_reboot.h> #include "apex_constants.h" -#include "string_log.h" +using android::base::EndsWith; using android::base::ErrnoError; using android::base::Error; using android::base::Result; @@ -241,6 +241,39 @@ inline Result<std::vector<std::string>> GetDeUserDirs() { return GetSubdirs(kDeNDataDir); } +inline Result<std::vector<std::string>> FindApexFilesByName( + const std::string& path) { + auto filter_fn = [](const std::filesystem::directory_entry& entry) { + std::error_code ec; + if (entry.is_regular_file(ec) && + EndsWith(entry.path().filename().string(), kApexPackageSuffix)) { + return true; // APEX file, take. + } + return false; + }; + return ReadDir(path, filter_fn); +} + +inline Result<std::vector<std::string>> FindApexes( + const std::vector<std::string>& paths) { + std::vector<std::string> result; + for (const auto& path : paths) { + auto exist = PathExists(path); + if (!exist.ok()) { + return exist.error(); + } + if (!*exist) continue; + + const auto& apexes = FindApexFilesByName(path); + if (!apexes.ok()) { + return apexes; + } + + result.insert(result.end(), apexes->begin(), apexes->end()); + } + return result; +} + } // namespace apex } // namespace android diff --git a/apexd/apexservice_test.cpp b/apexd/apexservice_test.cpp index 17c44381..4cbd6f74 100644 --- a/apexd/apexservice_test.cpp +++ b/apexd/apexservice_test.cpp @@ -59,8 +59,8 @@ #include "apexd_session.h" #include "apexd_test_utils.h" #include "apexd_utils.h" - #include "session_state.pb.h" +#include "string_log.h" using apex::proto::SessionState; |