From 1009be350708b0782fa875c0f4b165dcd8f9ba0b Mon Sep 17 00:00:00 2001 From: Yury Khmel Date: Thu, 3 Dec 2020 19:09:00 +0000 Subject: signer: Verify many Android signer operations that content is unchanged. This adds extra verifications to many Android signer operation in order to narrow down the problem when empty folders are removed from the disk. BUG=chromium:1154734 TEST=Locally image signing passed. Emulated problem and it was detected. BRANCH=none Signed-off-by: Yury Khmel Change-Id: If8bb9fced290117766bfa9ff76a25fc86ed263dc Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2572240 Reviewed-by: Mike Frysinger --- scripts/image_signing/sign_android_image.sh | 37 ++++++++++++++++++++++------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/scripts/image_signing/sign_android_image.sh b/scripts/image_signing/sign_android_image.sh index bd107899..cb45fe9e 100755 --- a/scripts/image_signing/sign_android_image.sh +++ b/scripts/image_signing/sign_android_image.sh @@ -37,6 +37,7 @@ set -e sign_framework_apks() { local system_mnt="$1" local key_dir="$2" + local working_dir="$3" local flavor_prop="" local keyset="" @@ -53,6 +54,9 @@ sign_framework_apks() { info "Start signing framework apks" + image_content_integrity_check "${system_mnt}" "${working_dir}" \ + "Prepare apks signing" + # Counters for validity check. local counter_platform=0 local counter_media=0 @@ -116,6 +120,8 @@ build flavor '${flavor_prop}'." --in "${temp_apk}" --out "${signed_apk}" \ ${extra_flags} fi + image_content_integrity_check "${system_mnt}" "${working_dir}" \ + "sign apk ${signed_apk}" # Copy the content instead of mv to avoid owner/mode changes. sudo cp "${signed_apk}" "${apk}" && rm -f "${signed_apk}" @@ -127,6 +133,8 @@ build flavor '${flavor_prop}'." : $(( counter_${keyname} += 1 )) : $(( counter_total += 1 )) + image_content_integrity_check "${system_mnt}" "${working_dir}" \ + "update re-signed apk ${apk}" done < <(find "${system_mnt}/system" -type f -name '*.apk' -print0) info "Found ${counter_platform} platform APKs." @@ -234,6 +242,18 @@ snapshot_file_properties() { sudo find "${dir}" -exec stat -c '%n:%u:%g:%a' {} + | sort } +# Integrity check that image content is unchanged. +image_content_integrity_check() { + local system_mnt=$1 + local working_dir=$2 + local reason=$3 + snapshot_file_properties "${system_mnt}" > "${working_dir}/properties.new" + local d + if ! d=$(diff "${working_dir}"/properties.{orig,new}); then + die "Unexpected change of file property, diff due to ${reason}\n${d}" + fi +} + main() { local root_fs_dir=$1 local key_dir=$2 @@ -293,16 +313,17 @@ main() { snapshot_file_properties "${system_mnt}" > "${working_dir}/properties.orig" - sign_framework_apks "${system_mnt}" "${key_dir}" + sign_framework_apks "${system_mnt}" "${key_dir}" "${working_dir}" + image_content_integrity_check "${system_mnt}" "${working_dir}" \ + "sign_framework_apks" + update_sepolicy "${system_mnt}" "${key_dir}" - replace_ota_cert "${system_mnt}" "${key_dir}/releasekey.x509.pem" + image_content_integrity_check "${system_mnt}" "${working_dir}" \ + "update_sepolicy" - # Validity check. - snapshot_file_properties "${system_mnt}" > "${working_dir}/properties.new" - local d - if ! d=$(diff "${working_dir}"/properties.{orig,new}); then - die "Unexpected change of file property, diff\n${d}" - fi + replace_ota_cert "${system_mnt}" "${key_dir}/releasekey.x509.pem" + image_content_integrity_check "${system_mnt}" "${working_dir}" \ + "replace_ota_cert" # Packages cache needs to be regenerated when the key and timestamp are # changed for apks. -- cgit v1.2.1