Google Git
Sign in
android / platform / system / update_engine / 81c705be23920083b16c41b43412c2a5e7928f61^! / .
commit81c705be23920083b16c41b43412c2a5e7928f61[log] [tgz]
authorSen Jiang <[email protected]>Thu Oct 04 14:15:05 2018 -0700
committerSen Jiang <[email protected]>Mon Oct 08 20:53:15 2018 +0000
tree6100c5948ccfac451c78468e254dbf61b850caed
parent3271186bc8d1e2d382725e7368d092a335e2aa14 [diff]
Mandate hash check for https payload URL.

Bug: 35809062
Test: update_engine_unittests
Change-Id: I7e2c0fe7cb6f52bd01a6efdbb764128dbf7d65ed

diff --git a/omaha_response_handler_action.cc b/omaha_response_handler_action.cc
index 7e6da5d..c1fe854 100644
--- a/omaha_response_handler_action.cc
+++ b/omaha_response_handler_action.cc

@@ -21,7 +21,6 @@
 
 #include <base/logging.h>
 #include <base/strings/string_number_conversions.h>
-#include <base/strings/string_util.h>
 #include <policy/device_policy.h>
 
 #include "update_engine/common/constants.h"
@@ -236,37 +235,8 @@
     }
   }
 
-  // If we're using p2p, |install_plan_.download_url| may contain a
-  // HTTP URL even if |response.payload_urls| contain only HTTPS URLs.
-  if (!base::StartsWith(install_plan_.download_url, "https://",
-                        base::CompareCase::INSENSITIVE_ASCII)) {
-    LOG(INFO) << "Mandating hash checks since download_url is not HTTPS.";
-    return true;
-  }
-
-  // TODO(jaysri): VALIDATION: For official builds, we currently waive hash
-  // checks for HTTPS until we have rolled out at least once and are confident
-  // nothing breaks. chromium-os:37082 tracks turning this on for HTTPS
-  // eventually.
-
-  // Even if there's a single non-HTTPS URL, make the hash checks as
-  // mandatory because we could be downloading the payload from any URL later
-  // on. It's really hard to do book-keeping based on each byte being
-  // downloaded to see whether we only used HTTPS throughout.
-  for (const auto& package : response.packages) {
-    for (const string& payload_url : package.payload_urls) {
-      if (!base::StartsWith(
-              payload_url, "https://", base::CompareCase::INSENSITIVE_ASCII)) {
-        LOG(INFO) << "Mandating payload hash checks since Omaha response "
-                  << "contains non-HTTPS URL(s)";
-        return true;
-      }
-    }
-  }
-
-  LOG(INFO) << "Waiving payload hash checks since Omaha response "
-            << "only has HTTPS URL(s)";
-  return false;
+  LOG(INFO) << "Mandating hash checks for official URL on official build.";
+  return true;
 }
 
 }  // namespace chromeos_update_engine

diff --git a/omaha_response_handler_action_unittest.cc b/omaha_response_handler_action_unittest.cc
index 4e101ee..e4d05f4 100644
--- a/omaha_response_handler_action_unittest.cc
+++ b/omaha_response_handler_action_unittest.cc

@@ -386,7 +386,7 @@
   EXPECT_TRUE(DoTest(in, "", &install_plan));
   EXPECT_EQ(in.packages[0].payload_urls[0], install_plan.download_url);
   EXPECT_EQ(expected_hash_, install_plan.payloads[0].hash);
-  EXPECT_FALSE(install_plan.hash_checks_mandatory);
+  EXPECT_TRUE(install_plan.hash_checks_mandatory);
   EXPECT_EQ(in.version, install_plan.version);
 }