commit 33c62fc4b81b93b29c7a94fba20ab56d7f5f6bd7
author Kelvin Zhang <zhangkelvin@google.com> Fri May 14 17:15:50 2021 -0400
committer Kelvin Zhang <zhangkelvin@google.com> Mon May 17 16:25:00 2021 -0400
tree cdf7df10096b0fd3919578a988810eb52c4a3611
parent 90f783f3ca34134298c6220b9223da08319804b3

Check SPL downgrade before install OTA in recovery

Applying an SPL downgrade package can cause boot failures
(/data failed to decrypt). Today's ota_from_target_files
tool already try to prevent this. But Packages generated
using older tools are still around.

Add check in recovery to prevent such OTA package from
installing.

Test: th
Test: Sideload an OTA with newer SPL, make sure check passes
Test; Sideload an OTA with older SPL, make sure check fails

Bug: 186581246

Change-Id: Icffe8097521c511e151af023a443ccbb4b59e22c

install/spl_check_unittests.cpp

diff --git a/install/spl_check_unittests.cpp b/install/spl_check_unittests.cpp
new file mode 100644
index 0000000..709b69c
--- /dev/null
+++ b/install/spl_check_unittests.cpp
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <gtest/gtest.h>
+
+#include "install/spl_check.h"
+#include "ota_metadata.pb.h"
+
+using build::tools::releasetools::OtaMetadata;
+class SplCheckUnittest : public ::testing::Test {
+ public:
+  OtaMetadata metadata;
+};
+
+TEST_F(SplCheckUnittest, OlderSPL) {
+  metadata.set_spl_downgrade(false);
+  metadata.mutable_postcondition()->set_security_patch_level("2021-04-25");
+  ASSERT_TRUE(ViolatesSPLDowngrade(metadata, "2021-05-01"));
+}
+
+TEST_F(SplCheckUnittest, NewerSPL) {
+  metadata.set_spl_downgrade(false);
+  metadata.mutable_postcondition()->set_security_patch_level("2021-06-01");
+  ASSERT_FALSE(ViolatesSPLDowngrade(metadata, "2021-05-05"));
+}
+
+TEST_F(SplCheckUnittest, OlderSPLPermit) {
+  // If spl_downgrade is set to true, OTA should be permitted
+  metadata.set_spl_downgrade(true);
+  metadata.mutable_postcondition()->set_security_patch_level("2021-04-11");
+  ASSERT_FALSE(ViolatesSPLDowngrade(metadata, "2021-05-11"));
+}
\ No newline at end of file