Cleanup ApexFile interfaces even further

* Move VerifyManifestMatches to apexd.cpp * Move FindApexes/FindApexFilesByName to apexd_utils.h Test: atest ApexTestCases Bug: 165948777 Change-Id: I1983163f5170f238384d2dd1b215ce189b20ccf3 Merged-In: I1983163f5170f238384d2dd1b215ce189b20ccf3 (cherry picked from commit ac2318c4da86cf9bcffd957194ecc86016bddecb)
author: Nikita Ioffe <ioffe@google.com> 2020-09-10 19:47:03 +0100
committer: Nikita Ioffe <ioffe@google.com> 2020-09-14 22:28:24 +0100
commit: 54347f380cff00f7027d8b25ac33a126bffad5cc (patch)
tree: f89dfc876eda240fe18ebb88634d0387203aae0d
parent: fe685a3474c59645d2223b8664cfc704d7f44b45 (diff)
download: platform_system_apex-54347f380cff00f7027d8b25ac33a126bffad5cc.tar.gz
platform_system_apex-54347f380cff00f7027d8b25ac33a126bffad5cc.tar.bz2
platform_system_apex-54347f380cff00f7027d8b25ac33a126bffad5cc.zip
5 files changed, 47 insertions, 66 deletions
diff --git a/apexd/apex_file.cpp b/apexd/apex_file.cpp
index 282595af..83264d34 100644
--- a/apexd/apex_file.cpp
+++ b/apexd/apex_file.cpp
@@ -30,7 +30,6 @@
 #include <android-base/scopeguard.h>
 #include <android-base/strings.h>
 #include <android-base/unique_fd.h>
-#include <google/protobuf/util/message_differencer.h>
 #include <libavb/libavb.h>
 #include <ziparchive/zip_archive.h>
 
@@ -38,12 +37,10 @@
 #include "apexd_utils.h"
 
 using android::base::borrowed_fd;
-using android::base::EndsWith;
 using android::base::Error;
 using android::base::ReadFullyAtOffset;
 using android::base::Result;
 using android::base::unique_fd;
-using google::protobuf::util::MessageDifferencer;
 
 namespace android {
 namespace apex {
@@ -364,53 +361,5 @@ Result<ApexVerityData> ApexFile::VerifyApexVerity(
   return verityData;
 }
 
-Result<void> ApexFile::VerifyManifestMatches(
-    const std::string& mount_path) const {
-  Result<ApexManifest> verifiedManifest =
-      ReadManifest(mount_path + "/" + kManifestFilenamePb);
-  if (!verifiedManifest.ok()) {
-    return verifiedManifest.error();
-  }
-
-  if (!MessageDifferencer::Equals(manifest_, *verifiedManifest)) {
-    return Errorf(
-        "Manifest inside filesystem does not match manifest outside it");
-  }
-
-  return {};
-}
-
-Result<std::vector<std::string>> FindApexes(
-    const std::vector<std::string>& paths) {
-  std::vector<std::string> result;
-  for (const auto& path : paths) {
-    auto exist = PathExists(path);
-    if (!exist.ok()) {
-      return exist.error();
-    }
-    if (!*exist) continue;
-
-    const auto& apexes = FindApexFilesByName(path);
-    if (!apexes.ok()) {
-      return apexes;
-    }
-
-    result.insert(result.end(), apexes->begin(), apexes->end());
-  }
-  return result;
-}
-
-Result<std::vector<std::string>> FindApexFilesByName(const std::string& path) {
-  auto filter_fn = [](const std::filesystem::directory_entry& entry) {
-    std::error_code ec;
-    if (entry.is_regular_file(ec) &&
-        EndsWith(entry.path().filename().string(), kApexPackageSuffix)) {
-      return true;  // APEX file, take.
-    }
-    return false;
-  };
-  return ReadDir(path, filter_fn);
-}
-
 }  // namespace apex
 }  // namespace android
diff --git a/apexd/apex_file.h b/apexd/apex_file.h
index 86478073..a7bc1231 100644
--- a/apexd/apex_file.h
+++ b/apexd/apex_file.h
@@ -53,9 +53,6 @@ class ApexFile {
   const std::string& GetFsType() const { return fs_type_; }
   android::base::Result<ApexVerityData> VerifyApexVerity(
       const std::string& public_key) const;
-  // TODO(b/165948777): this doesn't seem to belong to ApexFile?
-  android::base::Result<void> VerifyManifestMatches(
-      const std::string& mount_path) const;
 
  private:
   ApexFile(const std::string& apex_path, int32_t image_offset,
@@ -76,12 +73,6 @@ class ApexFile {
   std::string fs_type_;
 };
 
-// TODO(b/165948777): this doesn't seem to belong to apex_file.h
-android::base::Result<std::vector<std::string>> FindApexes(
-    const std::vector<std::string>& paths);
-android::base::Result<std::vector<std::string>> FindApexFilesByName(
-    const std::string& path);
-
 }  // namespace apex
 }  // namespace android
 
diff --git a/apexd/apexd.cpp b/apexd/apexd.cpp
index 3bfaca89..6d30eebd 100644
--- a/apexd/apexd.cpp
+++ b/apexd/apexd.cpp
@@ -44,6 +44,7 @@
 #include <android-base/stringprintf.h>
 #include <android-base/strings.h>
 #include <android-base/unique_fd.h>
+#include <google/protobuf/util/message_differencer.h>
 #include <libavb/libavb.h>
 #include <libdm/dm.h>
 #include <libdm/dm_table.h>
@@ -90,8 +91,8 @@ using android::dm::DeviceMapper;
 using android::dm::DmDeviceState;
 using android::dm::DmTable;
 using android::dm::DmTargetVerity;
-
 using apex::proto::SessionState;
+using google::protobuf::util::MessageDifferencer;
 
 namespace android {
 namespace apex {
@@ -347,9 +348,16 @@ Result<void> readVerityDevice(const std::string& verity_device,
 
 Result<void> VerifyMountedImage(const ApexFile& apex,
                                 const std::string& mount_point) {
-  auto result = apex.VerifyManifestMatches(mount_point);
-  if (!result.ok()) {
-    return result;
+  // Verify that apex_manifest.pb inside mounted image matches the one in the
+  // outer .apex container.
+  Result<ApexManifest> verified_manifest =
+      ReadManifest(mount_point + "/" + kManifestFilenamePb);
+  if (!verified_manifest.ok()) {
+    return verified_manifest.error();
+  }
+  if (!MessageDifferencer::Equals(*verified_manifest, apex.GetManifest())) {
+    return Errorf(
+        "Manifest inside filesystem does not match manifest outside it");
   }
   if (shim::IsShimApex(apex)) {
     return shim::ValidateShimApex(mount_point, apex);
diff --git a/apexd/apexd_utils.h b/apexd/apexd_utils.h
index 73853c90..e0486f92 100644
--- a/apexd/apexd_utils.h
+++ b/apexd/apexd_utils.h
@@ -36,8 +36,8 @@
 #include <cutils/android_reboot.h>
 
 #include "apex_constants.h"
-#include "string_log.h"
 
+using android::base::EndsWith;
 using android::base::ErrnoError;
 using android::base::Error;
 using android::base::Result;
@@ -241,6 +241,39 @@ inline Result<std::vector<std::string>> GetDeUserDirs() {
   return GetSubdirs(kDeNDataDir);
 }
 
+inline Result<std::vector<std::string>> FindApexFilesByName(
+    const std::string& path) {
+  auto filter_fn = [](const std::filesystem::directory_entry& entry) {
+    std::error_code ec;
+    if (entry.is_regular_file(ec) &&
+        EndsWith(entry.path().filename().string(), kApexPackageSuffix)) {
+      return true;  // APEX file, take.
+    }
+    return false;
+  };
+  return ReadDir(path, filter_fn);
+}
+
+inline Result<std::vector<std::string>> FindApexes(
+    const std::vector<std::string>& paths) {
+  std::vector<std::string> result;
+  for (const auto& path : paths) {
+    auto exist = PathExists(path);
+    if (!exist.ok()) {
+      return exist.error();
+    }
+    if (!*exist) continue;
+
+    const auto& apexes = FindApexFilesByName(path);
+    if (!apexes.ok()) {
+      return apexes;
+    }
+
+    result.insert(result.end(), apexes->begin(), apexes->end());
+  }
+  return result;
+}
+
 }  // namespace apex
 }  // namespace android
 
diff --git a/apexd/apexservice_test.cpp b/apexd/apexservice_test.cpp
index 17c44381..4cbd6f74 100644
--- a/apexd/apexservice_test.cpp
+++ b/apexd/apexservice_test.cpp
@@ -59,8 +59,8 @@
 #include "apexd_session.h"
 #include "apexd_test_utils.h"
 #include "apexd_utils.h"
-
 #include "session_state.pb.h"
+#include "string_log.h"
 
 using apex::proto::SessionState;
author	Nikita Ioffe <ioffe@google.com>	2020-09-10 19:47:03 +0100
committer	Nikita Ioffe <ioffe@google.com>	2020-09-14 22:28:24 +0100
commit	54347f380cff00f7027d8b25ac33a126bffad5cc (patch)
tree	f89dfc876eda240fe18ebb88634d0387203aae0d
parent	fe685a3474c59645d2223b8664cfc704d7f44b45 (diff)
download	platform_system_apex-54347f380cff00f7027d8b25ac33a126bffad5cc.tar.gz platform_system_apex-54347f380cff00f7027d8b25ac33a126bffad5cc.tar.bz2 platform_system_apex-54347f380cff00f7027d8b25ac33a126bffad5cc.zip