Use block apex path as key for rootdigest overrides
When scanning block apexes in VM mode, apexd keeps rootdigest overrides
in a map for later verification. But using apex name as a key doesn't
work for "sharelibs" apexes because there might be two apexes for a
single sharelib apex name.
Instead, we can use block apex path as a key to a map.
Bug: 257377686
Test: ApexTestCases
Merged-In: Idd4e90f52e56b47d046c4eda88f34bf7b7aee4d5
Change-Id: Idd4e90f52e56b47d046c4eda88f34bf7b7aee4d5
(cherry picked from commit f571befaba0b3609d9574a2b31006e0c871c5fe8)
diff --git a/apexd/apex_file_repository.cpp b/apexd/apex_file_repository.cpp
index 43b6f6e..834eef5 100644
--- a/apexd/apex_file_repository.cpp
+++ b/apexd/apex_file_repository.cpp
@@ -279,7 +279,7 @@
if (overrides.last_update_seconds.has_value() ||
overrides.block_apex_root_digest.has_value()) {
- block_apex_overrides_.emplace(name, std::move(overrides));
+ block_apex_overrides_.emplace(apex_path, std::move(overrides));
}
// Depending on whether the APEX was a factory version in the host or not,
@@ -412,8 +412,8 @@
}
std::optional<std::string> ApexFileRepository::GetBlockApexRootDigest(
- const std::string& name) const {
- auto it = block_apex_overrides_.find(name);
+ const std::string& path) const {
+ auto it = block_apex_overrides_.find(path);
if (it == block_apex_overrides_.end()) {
return std::nullopt;
}
@@ -421,8 +421,8 @@
}
std::optional<int64_t> ApexFileRepository::GetBlockApexLastUpdateSeconds(
- const std::string& name) const {
- auto it = block_apex_overrides_.find(name);
+ const std::string& path) const {
+ auto it = block_apex_overrides_.find(path);
if (it == block_apex_overrides_.end()) {
return std::nullopt;
}
diff --git a/apexd/apex_file_repository.h b/apexd/apex_file_repository.h
index 1a1cf94..f90dcbc 100644
--- a/apexd/apex_file_repository.h
+++ b/apexd/apex_file_repository.h
@@ -104,13 +104,13 @@
android::base::Result<const std::string> GetDataPath(
const std::string& name) const;
- // Returns root digest of an apex with the given |name| for block apexes.
+ // Returns root digest of an apex with the given |path| for block apexes.
std::optional<std::string> GetBlockApexRootDigest(
- const std::string& name) const;
+ const std::string& path) const;
- // Returns timestamp to be used for the block apex of the given |name|.
+ // Returns timestamp to be used for the block apex of the given |path|.
std::optional<int64_t> GetBlockApexLastUpdateSeconds(
- const std::string& name) const;
+ const std::string& path) const;
// Checks whether there is a pre-installed version of an apex with the given
// |name|.
@@ -203,6 +203,8 @@
std::optional<int64_t> last_update_seconds;
};
+ // Use "path" as key instead of APEX name because there can be multiple
+ // versions of sharedlibs APEXes.
std::unordered_map<std::string, BlockApexOverride> block_apex_overrides_;
};
diff --git a/apexd/apex_file_repository_test.cpp b/apexd/apex_file_repository_test.cpp
index bf73092..272979f 100644
--- a/apexd/apex_file_repository_test.cpp
+++ b/apexd/apex_file_repository_test.cpp
@@ -740,8 +740,7 @@
auto status = instance.AddBlockApex(metadata_partition_path);
ASSERT_TRUE(IsOk(status));
- ASSERT_EQ(hex_root_digest,
- instance.GetBlockApexRootDigest("com.android.apex.test_package"));
+ ASSERT_EQ(hex_root_digest, instance.GetBlockApexRootDigest(apex_foo_path));
}
TEST_F(ApexFileRepositoryTestAddBlockApex, GetBlockApexLastUpdateSeconds) {
@@ -767,8 +766,8 @@
auto status = instance.AddBlockApex(metadata_partition_path);
ASSERT_TRUE(IsOk(status));
- ASSERT_EQ(last_update_seconds, instance.GetBlockApexLastUpdateSeconds(
- "com.android.apex.test_package"));
+ ASSERT_EQ(last_update_seconds,
+ instance.GetBlockApexLastUpdateSeconds(apex_foo_path));
}
TEST_F(ApexFileRepositoryTestAddBlockApex, VerifyPublicKeyWhenAddingBlockApex) {
diff --git a/apexd/apexd.cpp b/apexd/apexd.cpp
index b777f1f..5cf19ad 100644
--- a/apexd/apexd.cpp
+++ b/apexd/apexd.cpp
@@ -538,8 +538,7 @@
<< ": " << verity_data.error();
}
if (instance.IsBlockApex(apex)) {
- auto root_digest =
- instance.GetBlockApexRootDigest(apex.GetManifest().name());
+ auto root_digest = instance.GetBlockApexRootDigest(apex.GetPath());
if (root_digest.has_value() &&
root_digest.value() != verity_data->root_digest) {
return Error() << "Failed to verify Apex Verity data for " << full_path
@@ -3438,7 +3437,7 @@
}
std::optional<int64_t> mtime =
- instance.GetBlockApexLastUpdateSeconds(apex.GetManifest().name());
+ instance.GetBlockApexLastUpdateSeconds(apex.GetPath());
if (!mtime.has_value()) {
struct stat stat_buf;
if (stat(apex.GetPath().c_str(), &stat_buf) == 0) {