diff options
| author | Tao Bao <tbao@google.com> | 2018-07-06 23:18:14 -0700 |
|---|---|---|
| committer | Tao Bao <tbao@google.com> | 2018-07-09 21:13:56 -0700 |
| commit | 7c1d426dbc4f5539929247027e4bd1c33ec63471 (patch) | |
| tree | 21a44d8e8727d95197bc7acd5bd9cafac3b8eef4 /applypatch/applypatch.cpp | |
| parent | fbc0f6062cc4be942a5b78729642106694ccc712 (diff) | |
| download | android_bootable_recovery-7c1d426dbc4f5539929247027e4bd1c33ec63471.tar.gz android_bootable_recovery-7c1d426dbc4f5539929247027e4bd1c33ec63471.tar.bz2 android_bootable_recovery-7c1d426dbc4f5539929247027e4bd1c33ec63471.zip | |
applypatch: Restrict applypatch_check to eMMC targets.
Also fix an error-pone behavior in previous code when verifying an eMMC
target. As long as it loads the partition content successfully according
to the SHAs embedded in the filename, it shouldn't further check against
the SHAs given in the second argument. Because the loaded contents
relate to a specific partition size.
For example:
apply_patch_check(
"EMMC:/boot.img:src_size:src_hash:tgt_size:tgt_hash",
"src_hash");
Assume "/boot.img" already has the desired hash of "tgt_hash", the
previous code would give wrong verification result. The issue can be
addressed by additionally listing "tgt_hash" as one of the desired SHAs
(or by applying this CL).
Bug: 110106408
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I8daafdbecd083f687e24d563ab089caa25667633
Diffstat (limited to 'applypatch/applypatch.cpp')
| -rw-r--r-- | applypatch/applypatch.cpp | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index e6fd5f6a..6daa0d69 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -376,24 +376,26 @@ static int FindMatchingPatch(const uint8_t* sha1, const std::vector<std::string> return -1; } -int applypatch_check(const char* filename, const std::vector<std::string>& patch_sha1s) { - // It's okay to specify no SHA-1s; the check will pass if the LoadFileContents is successful. - // (Useful for reading partitions, where the filename encodes the SHA-1s; no need to check them - // twice.) +int applypatch_check(const std::string& filename, const std::vector<std::string>& sha1s) { + if (!android::base::StartsWith(filename, "EMMC:")) { + return 1; + } + + // The check will pass if LoadPartitionContents is successful, because the filename already + // encodes the desired SHA-1s. FileContents file; - if (LoadFileContents(filename, &file) != 0 || - (!patch_sha1s.empty() && FindMatchingPatch(file.sha1, patch_sha1s) < 0)) { + if (LoadPartitionContents(filename, &file) != 0) { LOG(INFO) << "\"" << filename << "\" doesn't have any of expected SHA-1 sums; checking cache"; - // If the source file is missing or corrupted, it might be because we were killed in the middle - // of patching it. A copy should have been made in cache_temp_source. If that file exists and - // matches the SHA-1 we're looking for, the check still passes. + // If the partition is corrupted, it might be because we were killed in the middle of patching + // it. A copy should have been made in cache_temp_source. If that file exists and matches the + // SHA-1 we're looking for, the check still passes. if (LoadFileContents(Paths::Get().cache_temp_source(), &file) != 0) { LOG(ERROR) << "Failed to load cache file"; return 1; } - if (FindMatchingPatch(file.sha1, patch_sha1s) < 0) { + if (FindMatchingPatch(file.sha1, sha1s) < 0) { LOG(ERROR) << "The cache bits don't match any SHA-1 for \"" << filename << "\""; return 1; } |