Prevent SPL downgrade OTAs from generating

Previously we allow all spl downgrade OTA to generate. But applying such OTA often causes device to hang and rollback, because keymaster refuses to attach if it detects spl downgrade. When such error happens, it's really hard to debug. So instead of debugging a mysterious boot failure, let''s prevent such OTA from generating in the first place. Test: th Bug: 178584781 Change-Id: I8e271862d804e86b16aea70424b4d3e289d43cc9
2021-02-08 19:57:57 -05:00 · 2021-02-08 19:57:57 -05:00 · 80ff466780
commit 80ff466780
parent a632e7f855
1 changed files with 19 additions and 0 deletions
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@ -273,6 +273,7 @@ OPTIONS.disable_verity_computation = False
 OPTIONS.partial = None
 OPTIONS.custom_images = {}
 OPTIONS.disable_vabc = False
+OPTIONS.spl_downgrade = False

 POSTINSTALL_CONFIG = 'META/postinstall_config.txt'
 DYNAMIC_PARTITION_INFO = 'META/dynamic_partitions_info.txt'
@ -291,6 +292,8 @@ SECONDARY_PAYLOAD_SKIPPED_IMAGES = [
    'system_ext', 'vbmeta', 'vbmeta_system', 'vbmeta_vendor', 'vendor',
    'vendor_boot']

+SECURITY_PATCH_LEVEL_PROP_NAME = "ro.build.version.security_patch"
+

 class PayloadSigner(object):
  """A class that wraps the payload signing works.
@ -1262,6 +1265,8 @@ def main(argv):
      OPTIONS.custom_images[custom_partition] = custom_image
    elif o == "--disable_vabc":
      OPTIONS.disable_vabc = True
+    elif o == "--spl_downgrade":
+      OPTIONS.spl_downgrade = True
    else:
      return False
    return True
@ -1304,6 +1309,7 @@ def main(argv):
                                 "partial=",
                                 "custom_image=",
                                 "disable_vabc",
+                                 "spl_downgrade"
                             ], extra_option_handler=option_handler)

  if len(args) != 2:
@ -1400,6 +1406,19 @@ def main(argv):
    # Get signing keys
    OPTIONS.key_passwords = common.GetKeyPasswords([OPTIONS.package_key])

+  if OPTIONS.source_info_dict:
+    source_build_prop = OPTIONS.source_info_dict["build.prop"]
+    target_build_prop = OPTIONS.target_info_dict["build.prop"]
+    source_spl = source_build_prop.GetProp(SECURITY_PATCH_LEVEL_PROP_NAME)
+    target_spl = target_build_prop.GetProp(SECURITY_PATCH_LEVEL_PROP_NAME)
+    if target_spl < source_spl and not OPTIONS.spl_downgrade:
+      raise common.ExternalError(
+        "Target security patch level {} is older than source SPL {} applying "
+        "such OTA will likely cause device fail to boot. Pass --spl-downgrade "
+        "to override this check. This script expects security patch level to "
+        "be in format yyyy-mm-dd (e.x. 2021-02-05). It's possible to use "
+        "separators other than -, so as long as it's used consistenly across "
+        "all SPL dates".format(target_spl, source_spl))
  if generate_ab:
    GenerateAbOtaPackage(
        target_file=args[0],