Implement trigger postinstall API Test: adb shell update_engine_client --trigger_postinstall=system Bug: 377557752 Change-Id: Ieb28e86bd979502c5b208cd8df917f3e49a50f0b
diff --git a/aosp/service_delegate_android_interface.h b/aosp/service_delegate_android_interface.h index c73c6de..5e139d7 100644 --- a/aosp/service_delegate_android_interface.h +++ b/aosp/service_delegate_android_interface.h
@@ -17,8 +17,6 @@ #ifndef UPDATE_ENGINE_AOSP_SERVICE_DELEGATE_ANDROID_INTERFACE_H_ #define UPDATE_ENGINE_AOSP_SERVICE_DELEGATE_ANDROID_INTERFACE_H_ -#include <inttypes.h> - #include <memory> #include <string> #include <vector>
diff --git a/aosp/update_attempter_android.cc b/aosp/update_attempter_android.cc index f29383a..89c79f3 100644 --- a/aosp/update_attempter_android.cc +++ b/aosp/update_attempter_android.cc
@@ -17,6 +17,7 @@ #include "update_engine/aosp/update_attempter_android.h" #include <algorithm> +#include <iterator> #include <map> #include <memory> #include <ostream> @@ -56,6 +57,7 @@ #include "update_engine/payload_consumer/payload_verifier.h" #include "update_engine/payload_consumer/postinstall_runner_action.h" #include "update_engine/update_boot_flags_action.h" +#include "update_engine/update_metadata.pb.h" #include "update_engine/update_status.h" #include "update_engine/update_status_utils.h" @@ -546,6 +548,32 @@ return !(a == b); } +bool VerifyPayloadMetadata(Error* error, + std::string_view metadata, + const PayloadMetadata& payload_metadata) { + auto payload_verifier = PayloadVerifier::CreateInstanceFromZipPath( + constants::kUpdateCertificatesPath); + if (!payload_verifier) { + return LogAndSetError(error, + __LINE__, + __FILE__, + "Failed to create the payload verifier from " + + std::string(constants::kUpdateCertificatesPath), + ErrorCode::kDownloadManifestParseError); + } + auto errorcode = payload_metadata.ValidateMetadataSignature( + metadata, "", *payload_verifier); + if (errorcode != ErrorCode::kSuccess) { + return LogAndSetError(error, + __LINE__, + __FILE__, + "Failed to validate metadata signature: " + + utils::ErrorCodeToString(errorcode), + errorcode); + } + return true; +} + bool UpdateAttempterAndroid::VerifyPayloadParseManifest( const std::string& metadata_filename, std::string_view expected_metadata_hash, @@ -619,27 +647,9 @@ << HexEncode(metadata_hash); } } + TEST_AND_RETURN_FALSE( + VerifyPayloadMetadata(error, ToStringView(metadata), payload_metadata)); - auto payload_verifier = PayloadVerifier::CreateInstanceFromZipPath( - constants::kUpdateCertificatesPath); - if (!payload_verifier) { - return LogAndSetError(error, - __LINE__, - __FILE__, - "Failed to create the payload verifier from " + - std::string(constants::kUpdateCertificatesPath), - ErrorCode::kDownloadManifestParseError); - } - errorcode = payload_metadata.ValidateMetadataSignature( - metadata, "", *payload_verifier); - if (errorcode != ErrorCode::kSuccess) { - return LogAndSetError(error, - __LINE__, - __FILE__, - "Failed to validate metadata signature: " + - utils::ErrorCodeToString(errorcode), - errorcode); - } if (!payload_metadata.GetManifest(metadata, manifest)) { return LogAndSetError(error, __LINE__, @@ -1454,16 +1464,162 @@ processor_->StartProcessing(); } +bool ParsePayloadMetadata(Error* error, + std::string_view manifest_bytes, + DeltaArchiveManifest* manifest) { + PayloadMetadata payload_metadata; + ErrorCode errorcode{}; + if (payload_metadata.ParsePayloadHeader(manifest_bytes, &errorcode) != + MetadataParseResult::kSuccess) { + return LogAndSetError(error, + __LINE__, + __FILE__, + "Failed to parse payload header: " + + utils::ErrorCodeToString(errorcode), + errorcode); + } + uint64_t metadata_size = payload_metadata.GetMetadataSize() + + payload_metadata.GetMetadataSignatureSize(); + if (metadata_size < kMaxPayloadHeaderSize || + metadata_size > manifest_bytes.size()) { + return LogAndSetError(error, + __LINE__, + __FILE__, + "Invalid metadata size on cached manifest: " + + std::to_string(metadata_size), + ErrorCode::kDownloadManifestParseError); + } + TEST_AND_RETURN_FALSE( + VerifyPayloadMetadata(error, manifest_bytes, payload_metadata)); + + if (!payload_metadata.GetManifest(manifest_bytes, manifest)) { + return LogAndSetError(error, + __LINE__, + __FILE__, + "Failed to parse manifest. Might need to install " + "OTA first and re-try this API", + ErrorCode::kDownloadManifestParseError); + } + return true; +} + bool UpdateAttempterAndroid::TriggerPostinstall(const std::string& partition, Error* error) { - if (error) { - return LogAndSetGenericError( + if (processor_->IsRunning()) { + return LogAndSetError(error, + __LINE__, + __FILE__, + "Already processing an update, cancel it first.", + ErrorCode::kUpdateProcessing); + } + bool postinstall_succeeded = false; + if (!prefs_->GetBoolean(kPrefsPostInstallSucceeded, &postinstall_succeeded)) { + return LogAndSetError( error, __LINE__, __FILE__, - __FUNCTION__ + std::string(" is not implemented")); + "Postinstall action did not run. " + "OTA update must first reach the " + "Postinstall phase(which verfies that all partitions can be mounted) " + "before calling TriggerPostinstall", + ErrorCode::kPostinstallRunnerError); } - return false; + if (!postinstall_succeeded) { + return LogAndSetError( + error, + __LINE__, + __FILE__, + "Postinstall action did not complete successfully. " + "OTA update must first reach the " + "Postinstall phase(which verfies that all partitions can be mounted) " + "before calling TriggerPostinstall", + ErrorCode::kPostinstallRunnerError); + } + + InstallPlan install_plan; + install_plan.source_slot = GetCurrentSlot(); + install_plan.target_slot = GetTargetSlot(); + install_plan.switch_slot_on_reboot = false; + install_plan.run_post_install = true; + install_plan.download_url = + std::string(kPrefsManifestBytes) + ":" + install_plan_.download_url; + + std::string manifest_bytes; + // kPrefsManifestBytes is set during DownloadAction + if (!prefs_->GetString(kPrefsManifestBytes, &manifest_bytes)) { + return LogAndSetError( + error, + __LINE__, + __FILE__, + "Cached manifest not found. TriggerPostinstall can only be called " + "after OTA get past at least FilesystemVerification stage", + ErrorCode::kDownloadStateInitializationError); + } + DeltaArchiveManifest manifest; + TEST_AND_RETURN_FALSE(ParsePayloadMetadata(error, manifest_bytes, &manifest)); + ErrorCode errorcode{}; + if (!boot_control_->GetDynamicPartitionControl()->PreparePartitionsForUpdate( + GetCurrentSlot(), + GetTargetSlot(), + manifest, + false /* should update */, + nullptr, + &errorcode)) { + return LogAndSetError(error, + __LINE__, + __FILE__, + "Failed to PreparePartitionsForUpdate", + errorcode); + } + std::vector<PartitionUpdate> partitions; + std::copy_if(manifest.partitions().begin(), + manifest.partitions().end(), + std::back_inserter(partitions), + [&partition](const PartitionUpdate& part) { + return part.partition_name() == partition; + }); + if (partitions.empty()) { + return LogAndSetError(error, + __LINE__, + __FILE__, + "Partition " + partition + " not found", + ErrorCode::kDownloadStateInitializationError); + } + // We only want to trigger postinstall for a specific partition, + // and since we already checked partitions array is non-empty, reading just + // the first partition is enough. + if (!partitions[0].has_postinstall_path() || + partitions[0].postinstall_path().empty()) { + return LogAndSetError(error, + __LINE__, + __FILE__, + "Partition " + partition + + " does not have a postinstall script defined", + ErrorCode::kDownloadStateInitializationError); + } + if (!install_plan.ParsePartitions( + partitions, boot_control_, manifest.block_size(), &errorcode)) { + return LogAndSetError(error, + __LINE__, + __FILE__, + "Failed to parse manifest partitions. Might need " + "to install OTA first and re-try this API", + ErrorCode::kDownloadManifestParseError); + } + LOG(INFO) << "Trigger postinstall with this install plan: " + << install_plan.ToString(); + + auto postinstall_runner_action = + std::make_unique<PostinstallRunnerAction>(boot_control_, hardware_); + postinstall_runner_action->set_delegate(this); + + auto install_plan_action = std::make_unique<InstallPlanAction>(install_plan); + BondActions(install_plan_action.get(), postinstall_runner_action.get()); + processor_->EnqueueAction(std::move(install_plan_action)); + processor_->EnqueueAction(std::move(postinstall_runner_action)); + SetStatusAndNotify(UpdateStatus::FINALIZING); + ScheduleProcessingStart(); + return true; } void UpdateAttempterAndroid::OnCleanupProgressUpdate(double progress) { diff --git a/payload_consumer/filesystem_verifier_action.cc b/payload_consumer/filesystem_verifier_action.cc index 8c21673..956f90b 100644 --- a/payload_consumer/filesystem_verifier_action.cc +++ b/payload_consumer/filesystem_verifier_action.cc
@@ -16,7 +16,6 @@ #include "update_engine/payload_consumer/filesystem_verifier_action.h" -#include <errno.h> #include <fcntl.h> #include <sys/stat.h> #include <sys/types.h> @@ -28,7 +27,6 @@ #include <memory> #include <numeric> #include <string> -#include <utility> #include <base/bind.h> #include <brillo/data_encoding.h>
diff --git a/payload_consumer/payload_metadata.cc b/payload_consumer/payload_metadata.cc index d2e42f0..649d9be 100644 --- a/payload_consumer/payload_metadata.cc +++ b/payload_consumer/payload_metadata.cc
@@ -154,7 +154,7 @@ } ErrorCode PayloadMetadata::ValidateMetadataSignature( - const brillo::Blob& payload, + const std::string_view payload, const string& metadata_signature, const PayloadVerifier& payload_verifier) const { if (payload.size() < metadata_size_ + metadata_signature_size_) diff --git a/payload_consumer/payload_metadata.h b/payload_consumer/payload_metadata.h index 4d2d5b0..fd24f20 100644 --- a/payload_consumer/payload_metadata.h +++ b/payload_consumer/payload_metadata.h
@@ -17,14 +17,12 @@ #ifndef UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_ #define UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_ -#include <inttypes.h> - #include <string> -#include <vector> #include <android-base/macros.h> #include <brillo/secure_blob.h> +#include "update_engine/common/utils.h" #include "update_engine/common/error_code.h" #include "update_engine/payload_consumer/payload_verifier.h" #include "update_engine/update_metadata.pb.h" @@ -55,6 +53,12 @@ // the payload. MetadataParseResult ParsePayloadHeader(const brillo::Blob& payload, ErrorCode* error); + MetadataParseResult ParsePayloadHeader(std::string_view payload, + ErrorCode* error) { + return ParsePayloadHeader(reinterpret_cast<const uint8_t*>(payload.data()), + payload.size(), + error); + } MetadataParseResult ParsePayloadHeader(const unsigned char* payload, size_t size, ErrorCode* error); @@ -69,9 +73,16 @@ // to the payload server doesn't exploit any vulnerability in the code that // parses the protocol buffer. ErrorCode ValidateMetadataSignature( - const brillo::Blob& payload, + std::string_view payload, const std::string& metadata_signature, const PayloadVerifier& payload_verifier) const; + ErrorCode ValidateMetadataSignature( + const std::vector<uint8_t>& payload, + const std::string& metadata_signature, + const PayloadVerifier& payload_verifier) const { + return ValidateMetadataSignature( + ToStringView(payload), metadata_signature, payload_verifier); + } // Returns the major payload version. If the version was not yet parsed, // returns zero. @@ -93,6 +104,12 @@ bool GetManifest(const unsigned char* payload, size_t size, DeltaArchiveManifest* out_manifest) const; + bool GetManifest(std::string_view payload, + DeltaArchiveManifest* out_manifest) const { + return GetManifest(reinterpret_cast<const uint8_t*>(payload.data()), + payload.size(), + out_manifest); + } // Parses a payload file |payload_path| and prepares the metadata properties, // manifest and metadata signatures. Can be used as an easy to use utility to diff --git a/payload_consumer/postinstall_runner_action.cc b/payload_consumer/postinstall_runner_action.cc index 5a6eeab..da9075a 100644 --- a/payload_consumer/postinstall_runner_action.cc +++ b/payload_consumer/postinstall_runner_action.cc
@@ -35,7 +35,6 @@ #include "update_engine/common/action_processor.h" #include "update_engine/common/boot_control_interface.h" #include "update_engine/common/error_code_utils.h" -#include "update_engine/common/platform_constants.h" #include "update_engine/common/subprocess.h" #include "update_engine/common/utils.h" @@ -280,14 +279,20 @@ // Runs the postinstall script asynchronously to free up the main loop while // it's running. vector<string> command = {abs_path}; -#ifdef __ANDROID__ // In Brillo and Android, we pass the slot number and status fd. command.push_back(std::to_string(install_plan_.target_slot)); command.push_back(std::to_string(kPostinstallStatusFd)); -#else - // Chrome OS postinstall expects the target rootfs as the first parameter. - command.push_back(partition.target_path); -#endif // __ANDROID__ + // If install plan only contains one partition, notify the script. Most likely + // we are scheduled by `triggerPostinstall` API. Certain scripts might want + // different behaviors when triggered by `triggerPostinstall` API. For + // example, call scheduler API to schedule a postinstall run during + // applyPayload(), and only run actual postinstall work if scheduled by + // external async scheduler. + if (install_plan_.partitions.size() == 1 && + !install_plan_.switch_slot_on_reboot && + install_plan_.download_url.starts_with(kPrefsManifestBytes)) { + command.push_back("1"); + } current_command_ = Subprocess::Get().ExecFlags( command, 