Check for build-tags before installing sideload OTA

Only allow test-key OTA to be installed on test-key devices, and only allow release-key OTA to be installed on release-key devices. Test: sideload recovery OTA Bug: 314013134 Change-Id: I6609923929247ab498d3a315637765ae2d1370b0
author: Kelvin Zhang <zhangkelvin@google.com> 2024-03-18 10:24:10 -0700
committer: Kelvin Zhang <zhangkelvin@google.com> 2024-03-26 15:55:08 -0700
commit: e366fe9f01a91d0a86f892ef544c85672627813e (patch)
tree: fe4df07acad020fce38b0e1100d0d8d96eee5a07
parent: 5aee6aca72b7cbf53566c91eb5734716a8286d3f (diff)
download: recovery-e366fe9f01a91d0a86f892ef544c85672627813e.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/install/install.cpp b/install/install.cpp
index a9786cfd..6294a3dc 100644
--- a/install/install.cpp
+++ b/install/install.cpp
@@ -189,6 +189,17 @@ static bool CheckAbSpecificMetadata(const std::map<std::string, std::string>& me
       return false;
     }
   }
+  const auto post_build = get_value(metadata, "post-build");
+  const auto build_fingerprint = android::base::Tokenize(post_build, "/");
+  if (!build_fingerprint.empty()) {
+    const auto& post_build_tag = build_fingerprint.back();
+    const auto build_tag = android::base::GetProperty("ro.build.tags", "");
+    if (build_tag != post_build_tag) {
+      LOG(ERROR) << "Post build-tag " << post_build_tag << " does not match device build tag "
+                 << build_tag;
+      return false;
+    }
+  }
 
   return true;
 }
author	Kelvin Zhang <zhangkelvin@google.com>	2024-03-18 10:24:10 -0700
committer	Kelvin Zhang <zhangkelvin@google.com>	2024-03-26 15:55:08 -0700
commit	e366fe9f01a91d0a86f892ef544c85672627813e (patch)
tree	fe4df07acad020fce38b0e1100d0d8d96eee5a07
parent	5aee6aca72b7cbf53566c91eb5734716a8286d3f (diff)
download	recovery-e366fe9f01a91d0a86f892ef544c85672627813e.tar.gz