Validate payload data for each operation
For streaming update, we currently verify:
1. the hash of manifest before applying ops
2. the hash of the entire payload after we apply all ops
3. the final patched on filesystems after the update
So there is some potential to exploit the patching libraries, if
some attacker manage to provide us malicious patch data after the
manifest verification. Therefore, this cl enables the validation of
patch data for each install operation. The hash itself is embedded
in the payload manifest; and thus has been verified upfront.
Bug: 160800689
Test: unittests, apply an OTA
Change-Id: Idd4cbe167ce63f197d821752f75e45add0ea829c
(cherry picked from commit ef49160c9bd2621dd3084fa061f09d176304ca49)
1 file changed