commit fe685a3474c59645d2223b8664cfc704d7f44b45
author Nikita Ioffe <ioffe@google.com> Thu Sep 10 19:02:56 2020 +0100
committer Nikita Ioffe <ioffe@google.com> Mon Sep 14 22:27:22 2020 +0100
tree 2a71449e779820389fd84702e70ffe2ad5579f51
parent 8f55c71592894e8e5fd1b3876c3e58f35c331312

Remove dependency between apex_file and apex_preinstalled_data

The only reason that dependency was there is to get a trusted public key
when validating vbmeta of an apex. This responsibility is now delegated
to the caller of ValidateApexVerity.

Test: atest ApexTestCases
Bug: 165948777
Change-Id: Ibfff81c4dfd078546d3dcf3167ad624e8028a52b
Merged-In: Ibfff81c4dfd078546d3dcf3167ad624e8028a52b
(cherry picked from commit 814ca221e8862ad9db72838a23fa673c4201d8a0)

apexd/apex_file.cpp

diff --git a/apexd/apex_file.cpp b/apexd/apex_file.cpp
index 36fd7c9..282595a 100644
--- a/apexd/apex_file.cpp
+++ b/apexd/apex_file.cpp
@@ -23,6 +23,7 @@
 
 #include <filesystem>
 #include <fstream>
+#include <span>
 
 #include <android-base/file.h>
 #include <android-base/logging.h>
@@ -31,18 +32,16 @@
 #include <android-base/unique_fd.h>
 #include <google/protobuf/util/message_differencer.h>
 #include <libavb/libavb.h>
+#include <ziparchive/zip_archive.h>
 
 #include "apex_constants.h"
-#include "apex_preinstalled_data.h"
 #include "apexd_utils.h"
-#include "string_log.h"
 
 using android::base::borrowed_fd;
 using android::base::EndsWith;
 using android::base::Error;
 using android::base::ReadFullyAtOffset;
 using android::base::Result;
-using android::base::StartsWith;
 using android::base::unique_fd;
 using google::protobuf::util::MessageDifferencer;
 
@@ -148,7 +147,7 @@
   }
 
   return ApexFile(path, image_offset, image_size, std::move(*manifest), pubkey,
-                  isPathForBuiltinApexes(path), *fs_type);
+                  *fs_type);
 }
 
 // AVB-related code.
@@ -214,8 +213,10 @@
          memcmp(&public_key_content[0], key, length) == 0;
 }
 
-Result<void> verifyVbMetaSignature(const ApexFile& apex, const uint8_t* data,
-                                   size_t length) {
+// Verifies correctness of vbmeta and returns public key it was signed with.
+Result<std::span<const uint8_t>> verifyVbMetaSignature(const ApexFile& apex,
+                                                       const uint8_t* data,
+                                                       size_t length) {
   const uint8_t* pk;
   size_t pk_len;
   AvbVBMetaVerifyResult res;
@@ -236,31 +237,16 @@
       return Error() << "Error verifying " << apex.GetPath() << ": "
                      << "unsupported version";
     default:
-      return Errorf("Unknown vmbeta_image_verify return value");
+      return Error() << "Unknown vmbeta_image_verify return value : " << res;
   }
 
-  auto& instance = ApexPreinstalledData::GetInstance();
-  // TODO(b/165948777): extract into verifier.
-  Result<const std::string> public_key =
-      instance.GetPublicKey(apex.GetManifest().name());
-  if (public_key.ok()) {
-    // TODO(b/115718846)
-    // We need to decide whether we need rollback protection, and whether
-    // we can use the rollback protection provided by libavb.
-    if (!CompareKeys(pk, pk_len, *public_key)) {
-      return Error() << "Error verifying " << apex.GetPath() << ": "
-                     << "public key doesn't match the pre-installed one";
-    }
-  } else {
-    return public_key.error();
-  }
-  LOG(VERBOSE) << apex.GetPath() << ": public key matches.";
-  return {};
+  return std::span<const uint8_t>(pk, pk_len);
 }
 
 Result<std::unique_ptr<uint8_t[]>> verifyVbMeta(const ApexFile& apex,
                                                 const unique_fd& fd,
-                                                const AvbFooter& footer) {
+                                                const AvbFooter& footer,
+                                                const std::string& public_key) {
   if (footer.vbmeta_size > kVbMetaMaxSize) {
     return Errorf("VbMeta size in footer exceeds kVbMetaMaxSize.");
   }
@@ -272,12 +258,17 @@
     return ErrnoError() << "Couldn't read AVB meta-data";
   }
 
-  Result<void> st =
+  Result<std::span<const uint8_t>> st =
       verifyVbMetaSignature(apex, vbmeta_buf.get(), footer.vbmeta_size);
   if (!st.ok()) {
     return st.error();
   }
 
+  if (!CompareKeys(st->data(), st->size(), public_key)) {
+    return Error() << "Error verifying " << apex.GetPath() << " : "
+                   << "public key doesn't match the pre-installed one";
+  }
+
   return vbmeta_buf;
 }
 
@@ -329,7 +320,8 @@
 
 }  // namespace
 
-Result<ApexVerityData> ApexFile::VerifyApexVerity() const {
+Result<ApexVerityData> ApexFile::VerifyApexVerity(
+    const std::string& public_key) const {
   ApexVerityData verityData;
 
   unique_fd fd(open(GetPath().c_str(), O_RDONLY | O_CLOEXEC));
@@ -343,7 +335,7 @@
   }
 
   Result<std::unique_ptr<uint8_t[]>> vbmeta_data =
-      verifyVbMeta(*this, fd, **footer);
+      verifyVbMeta(*this, fd, **footer, public_key);
   if (!vbmeta_data.ok()) {
     return vbmeta_data.error();
   }
@@ -420,14 +412,5 @@
   return ReadDir(path, filter_fn);
 }
 
-bool isPathForBuiltinApexes(const std::string& path) {
-  for (const auto& dir : kApexPackageBuiltinDirs) {
-    if (StartsWith(path, dir)) {
-      return true;
-    }
-  }
-  return false;
-}
-
 }  // namespace apex
 }  // namespace android