Loading tools/releasetools/validate_target_files.py +46 −19 Original line number Diff line number Diff line Loading @@ -194,7 +194,8 @@ def ValidateInstallRecoveryScript(input_tmp, info_dict): # Check we have the same recovery target in the check and flash commands. assert check_partition == flash_partition, \ "Mismatching targets: {} vs {}".format(check_partition, flash_partition) "Mismatching targets: {} vs {}".format( check_partition, flash_partition) # Validate the SHA-1 of the recovery image. recovery_sha1 = flash_partition.split(':')[3] Loading Loading @@ -248,6 +249,29 @@ def symlinkIfNotExists(src, dst): os.symlink(os.path.join(src, filename), os.path.join(dst, filename)) def ValidatePartitionFingerprints(input_tmp, info_dict): build_info = common.BuildInfo(info_dict) # Expected format: # Prop: com.android.build.vendor.fingerprint -> 'generic/aosp_cf_x86_64_phone/vsoc_x86_64:S/AOSP.MASTER/7335886:userdebug/test-keys' # Prop: com.android.build.vendor_boot.fingerprint -> 'generic/aosp_cf_x86_64_phone/vsoc_x86_64:S/AOSP.MASTER/7335886:userdebug/test-keys' p = re.compile( r"Prop: com.android.build.(?P<partition>\w+).fingerprint -> '(?P<fingerprint>[\w\/:\.-]+)'") for vbmeta_partition in ["vbmeta", "vbmeta_system"]: image = os.path.join(input_tmp, "IMAGES", vbmeta_partition + ".img") output = common.RunAndCheckOutput( [info_dict["avb_avbtool"], "info_image", "--image", image]) matches = p.findall(output) for (partition, fingerprint) in matches: actual_fingerprint = build_info.GetPartitionFingerprint( partition) if actual_fingerprint is None: logging.warning( "Failed to get fingerprint for partition %s", partition) continue assert fingerprint == actual_fingerprint, "Fingerprint mismatch for partition {}, expected: {} actual: {}".format( partition, fingerprint, actual_fingerprint) def ValidateVerifiedBootImages(input_tmp, info_dict, options): """Validates the Verified Boot related images. Loading Loading @@ -325,7 +349,8 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options): if info_dict.get("system_root_image") != "true": verity_key_ramdisk = os.path.join( input_tmp, 'BOOT', 'RAMDISK', 'verity_key') assert os.path.exists(verity_key_ramdisk), 'Missing verity_key in ramdisk' assert os.path.exists( verity_key_ramdisk), 'Missing verity_key in ramdisk' assert filecmp.cmp( verity_key_mincrypt, verity_key_ramdisk, shallow=False), \ Loading Loading @@ -362,6 +387,8 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options): if key is None: key = info_dict['avb_vbmeta_key_path'] ValidatePartitionFingerprints(input_tmp, info_dict) # avbtool verifies all the images that have descriptors listed in vbmeta. # Using `--follow_chain_partitions` so it would additionally verify chained # vbmeta partitions (e.g. vbmeta_system). Loading Loading
tools/releasetools/validate_target_files.py +46 −19 Original line number Diff line number Diff line Loading @@ -194,7 +194,8 @@ def ValidateInstallRecoveryScript(input_tmp, info_dict): # Check we have the same recovery target in the check and flash commands. assert check_partition == flash_partition, \ "Mismatching targets: {} vs {}".format(check_partition, flash_partition) "Mismatching targets: {} vs {}".format( check_partition, flash_partition) # Validate the SHA-1 of the recovery image. recovery_sha1 = flash_partition.split(':')[3] Loading Loading @@ -248,6 +249,29 @@ def symlinkIfNotExists(src, dst): os.symlink(os.path.join(src, filename), os.path.join(dst, filename)) def ValidatePartitionFingerprints(input_tmp, info_dict): build_info = common.BuildInfo(info_dict) # Expected format: # Prop: com.android.build.vendor.fingerprint -> 'generic/aosp_cf_x86_64_phone/vsoc_x86_64:S/AOSP.MASTER/7335886:userdebug/test-keys' # Prop: com.android.build.vendor_boot.fingerprint -> 'generic/aosp_cf_x86_64_phone/vsoc_x86_64:S/AOSP.MASTER/7335886:userdebug/test-keys' p = re.compile( r"Prop: com.android.build.(?P<partition>\w+).fingerprint -> '(?P<fingerprint>[\w\/:\.-]+)'") for vbmeta_partition in ["vbmeta", "vbmeta_system"]: image = os.path.join(input_tmp, "IMAGES", vbmeta_partition + ".img") output = common.RunAndCheckOutput( [info_dict["avb_avbtool"], "info_image", "--image", image]) matches = p.findall(output) for (partition, fingerprint) in matches: actual_fingerprint = build_info.GetPartitionFingerprint( partition) if actual_fingerprint is None: logging.warning( "Failed to get fingerprint for partition %s", partition) continue assert fingerprint == actual_fingerprint, "Fingerprint mismatch for partition {}, expected: {} actual: {}".format( partition, fingerprint, actual_fingerprint) def ValidateVerifiedBootImages(input_tmp, info_dict, options): """Validates the Verified Boot related images. Loading Loading @@ -325,7 +349,8 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options): if info_dict.get("system_root_image") != "true": verity_key_ramdisk = os.path.join( input_tmp, 'BOOT', 'RAMDISK', 'verity_key') assert os.path.exists(verity_key_ramdisk), 'Missing verity_key in ramdisk' assert os.path.exists( verity_key_ramdisk), 'Missing verity_key in ramdisk' assert filecmp.cmp( verity_key_mincrypt, verity_key_ramdisk, shallow=False), \ Loading Loading @@ -362,6 +387,8 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options): if key is None: key = info_dict['avb_vbmeta_key_path'] ValidatePartitionFingerprints(input_tmp, info_dict) # avbtool verifies all the images that have descriptors listed in vbmeta. # Using `--follow_chain_partitions` so it would additionally verify chained # vbmeta partitions (e.g. vbmeta_system). Loading
