diff options
author | Kelvin Zhang <zhangkelvin@google.com> | 2024-03-18 10:24:10 -0700 |
---|---|---|
committer | Kelvin Zhang <zhangkelvin@google.com> | 2024-03-26 15:55:08 -0700 |
commit | e366fe9f01a91d0a86f892ef544c85672627813e (patch) | |
tree | fe4df07acad020fce38b0e1100d0d8d96eee5a07 | |
parent | 5aee6aca72b7cbf53566c91eb5734716a8286d3f (diff) | |
download | recovery-e366fe9f01a91d0a86f892ef544c85672627813e.tar.gz |
Check for build-tags before installing sideload OTA
Only allow test-key OTA to be installed on test-key devices,
and only allow release-key OTA to be installed on release-key devices.
Test: sideload recovery OTA
Bug: 314013134
Change-Id: I6609923929247ab498d3a315637765ae2d1370b0
-rw-r--r-- | install/install.cpp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/install/install.cpp b/install/install.cpp index a9786cfd..6294a3dc 100644 --- a/install/install.cpp +++ b/install/install.cpp @@ -189,6 +189,17 @@ static bool CheckAbSpecificMetadata(const std::map<std::string, std::string>& me return false; } } + const auto post_build = get_value(metadata, "post-build"); + const auto build_fingerprint = android::base::Tokenize(post_build, "/"); + if (!build_fingerprint.empty()) { + const auto& post_build_tag = build_fingerprint.back(); + const auto build_tag = android::base::GetProperty("ro.build.tags", ""); + if (build_tag != post_build_tag) { + LOG(ERROR) << "Post build-tag " << post_build_tag << " does not match device build tag " + << build_tag; + return false; + } + } return true; } |