commit e63122520489f969280db2725fabd580def4f97c
author Kelvin Zhang <zhangkelvin@google.com> Fri May 14 17:15:50 2021 -0400
committer Kelvin Zhang <zhangkelvin@google.com> Wed May 19 20:58:02 2021 +0000
tree 9d371e32a721ab29ec0e1c860a46a1ea1dcf7b92
parent 48a7e7dd7b5c50249e6507499f014c9616221433

Check SPL downgrade before install OTA in recovery

Applying an SPL downgrade package can cause boot failures
(/data failed to decrypt). Today's ota_from_target_files
tool already try to prevent this. But Packages generated
using older tools are still around.

Add check in recovery to prevent such OTA package from
installing.

Test: th
Test: Sideload an OTA with newer SPL, make sure check passes
Test; Sideload an OTA with older SPL, make sure check fails

Bug: 186581246
Bug: 188575410

cherry-picked from aosp/1708986
cherry-picked from commit: 33c62fc4b81b93b29c7a94fba20ab56d7f5f6bd7

Change-Id: Icffe8097521c511e151af023a443ccbb4b59e22c

install/Android.bp

diff --git a/install/Android.bp b/install/Android.bp
index 8c88bd0..e239ddc 100644
--- a/install/Android.bp
+++ b/install/Android.bp
@@ -26,6 +26,7 @@
 
     defaults: [
         "recovery_defaults",
+        "libspl_check_defaults",
     ],
 
     shared_libs: [
@@ -49,12 +50,51 @@
         "librecovery_utils",
         "libotautil",
         "libsnapshot_nobinder",
+        "ota_metadata_proto_cc",
 
         // external dependencies
         "libvintf",
     ],
 }
 
+cc_test_host {
+    name: "libinstall_host_unittests",
+    defaults: [
+        "libspl_check_defaults"
+    ],
+    srcs: [
+        "spl_check_unittests.cpp",
+    ],
+    static_libs: [
+        "libspl_check",
+    ],
+}
+
+cc_defaults {
+    name: "libspl_check_defaults",
+    static_libs: [
+        "libbase",
+        "ota_metadata_proto_cc",
+        "liblog",
+        "libziparchive",
+        "libz",
+        "libprotobuf-cpp-lite",
+    ],
+}
+
+cc_library_static {
+    name: "libspl_check",
+    recovery_available: true,
+    host_supported: true,
+    defaults: [
+        "libspl_check_defaults",
+    ],
+    srcs: ["spl_check.cpp"],
+    export_include_dirs: [
+        "include",
+    ],
+}
+
 cc_library_static {
     name: "libinstall",
     recovery_available: true,
@@ -73,6 +113,7 @@
         "verifier.cpp",
         "wipe_data.cpp",
         "wipe_device.cpp",
+        "spl_check.cpp",
     ],
 
     header_libs: [