hardware_manager: Validate upgrade zips against the saved ota channel

[waydroid.git] / tools / services / hardware_manager.py

diff --git a/tools/services/hardware_manager.py b/tools/services/hardware_manager.py
index 8d21dd04299e41bee979488a4dfb02d1e350adfb..b9cff466879779f1ddbd41bc71ca0264e9e2d768 100644 (file)
--- a/tools/services/hardware_manager.py
+++ b/tools/services/hardware_manager.py
@@ -2,6 +2,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 import logging
 import threading
+import os
 import tools.actions.container_manager
 import tools.actions.session_manager
 import tools.config
@@ -29,11 +30,18 @@ def start(args):
         helpers.lxc.start(args)
 
     def upgrade(system_zip, system_time, vendor_zip, vendor_time):
+        if os.path.exists(system_zip) and not helpers.images.validate(args, "system_ota", system_zip):
+            logging.warning("Not upgrading because system.img comes from an unverified source")
+            return
+        if os.path.exists(vendor_zip) and not helpers.images.validate(args, "vendor_ota", vendor_zip):
+            logging.warning("Not upgrading because vendor.img comes from an unverified source")
+            return
         helpers.lxc.stop(args)
         helpers.images.umount_rootfs(args)
         helpers.images.replace(args, system_zip, system_time,
                                vendor_zip, vendor_time)
-        helpers.images.mount_rootfs(args, args.images_path)
+        args.session["background_start"] = "false"
+        helpers.images.mount_rootfs(args, args.images_path, args.session)
         helpers.protocol.set_aidl_version(args)
         helpers.lxc.start(args)