Check SPL downgrade before install OTA in recovery
Applying an SPL downgrade package can cause boot failures
(/data failed to decrypt). Today's ota_from_target_files
tool already try to prevent this. But Packages generated
using older tools are still around.
Add check in recovery to prevent such OTA package from
installing.
Test: th
Test: Sideload an OTA with newer SPL, make sure check passes
Test; Sideload an OTA with older SPL, make sure check fails
Bug: 186581246
Bug: 188575410
cherry-picked from aosp/1708986
cherry-picked from commit: 33c62fc4b81b93b29c7a94fba20ab56d7f5f6bd7
Change-Id: Icffe8097521c511e151af023a443ccbb4b59e22c
diff --git a/install/install.cpp b/install/install.cpp
index 1b220cb..6e74f80 100644
--- a/install/install.cpp
+++ b/install/install.cpp
@@ -47,6 +47,7 @@
#include <android-base/unique_fd.h>
#include "install/package.h"
+#include "install/spl_check.h"
#include "install/verifier.h"
#include "install/wipe_data.h"
#include "otautil/error_code.h"
@@ -348,6 +349,12 @@
android::base::GetBoolProperty("ro.virtual_ab.allow_non_ab", false);
bool device_only_supports_ab = device_supports_ab && !ab_device_supports_nonab;
+ const auto current_spl = android::base::GetProperty("ro.build.version.security_patch", "");
+ if (ViolatesSPLDowngrade(zip, current_spl)) {
+ LOG(ERROR) << "Denying OTA because it's SPL downgrade";
+ return INSTALL_ERROR;
+ }
+
if (package_is_ab) {
CHECK(package->GetType() == PackageType::kFile);
}