Validate payload data for each operation

For streaming update, we currently verify:
1. the hash of manifest before applying ops
2. the hash of the entire payload after we apply all ops
3. the final patched on filesystems after the update

So there is some potential to exploit the patching libraries, if
some attacker manage to provide us malicious patch data after the
manifest verification. Therefore, this cl enables the validation of
patch data for each install operation. The hash itself is embedded
in the payload manifest; and thus has been verified upfront.

Bug: 160800689
Test: unittests, apply an OTA
Change-Id: Idd4cbe167ce63f197d821752f75e45add0ea829c
(cherry picked from commit ef49160c9bd2621dd3084fa061f09d176304ca49)
1 file changed
tree: 988b705ee5a8b6da6b8fbaca0ee60461c5ddc267
  1. .clang-format
  2. .gitignore
  3. Android.bp
  4. COMMIT-QUEUE.ini
  5. CPPLINT.cfg
  6. MODULE_LICENSE_APACHE2
  7. NOTICE
  8. OWNERS
  9. PRESUBMIT.cfg
  10. PREUPLOAD.cfg
  11. UpdateEngine.conf
  12. binder_bindings/
  13. binder_service_android.cc
  14. binder_service_android.h
  15. binder_service_brillo.cc
  16. binder_service_brillo.h
  17. boot_control_android.cc
  18. boot_control_android.h
  19. boot_control_chromeos.cc
  20. boot_control_chromeos.h
  21. boot_control_chromeos_unittest.cc
  22. certificate_checker.cc
  23. certificate_checker.h
  24. certificate_checker_unittest.cc
  25. chrome_browser_proxy_resolver.cc
  26. chrome_browser_proxy_resolver.h
  27. cleanup_previous_update_action.cc
  28. cleanup_previous_update_action.h
  29. client_library/
  30. common/
  31. common_service.cc
  32. common_service.h
  33. common_service_unittest.cc
  34. connection_manager.cc
  35. connection_manager.h
  36. connection_manager_android.cc
  37. connection_manager_android.h
  38. connection_manager_interface.h
  39. connection_manager_unittest.cc
  40. connection_utils.cc
  41. connection_utils.h
  42. daemon.cc
  43. daemon.h
  44. daemon_state_android.cc
  45. daemon_state_android.h
  46. daemon_state_interface.h
  47. dbus_bindings/
  48. dbus_connection.cc
  49. dbus_connection.h
  50. dbus_service.cc
  51. dbus_service.h
  52. dbus_test_utils.h
  53. dlcservice_chromeos.cc
  54. dlcservice_chromeos.h
  55. dynamic_partition_control_android.cc
  56. dynamic_partition_control_android.h
  57. dynamic_partition_control_android_unittest.cc
  58. dynamic_partition_test_utils.h
  59. dynamic_partition_utils.cc
  60. dynamic_partition_utils.h
  61. fake_file_writer.h
  62. fake_p2p_manager.h
  63. fake_p2p_manager_configuration.h
  64. fake_shill_proxy.cc
  65. fake_shill_proxy.h
  66. fake_system_state.cc
  67. fake_system_state.h
  68. fuzz/
  69. generate_pc_file.sh
  70. hardware_android.cc
  71. hardware_android.h
  72. hardware_chromeos.cc
  73. hardware_chromeos.h
  74. hardware_chromeos_unittest.cc
  75. image_properties.h
  76. image_properties_android.cc
  77. image_properties_android_unittest.cc
  78. image_properties_chromeos.cc
  79. image_properties_chromeos_unittest.cc
  80. init/
  81. libcurl_http_fetcher.cc
  82. libcurl_http_fetcher.h
  83. libupdate_engine-client-test.pc.in
  84. libupdate_engine-client.pc.in
  85. local_coverage_rate
  86. logging.cc
  87. logging.h
  88. logging_android.cc
  89. main.cc
  90. metrics_constants.h
  91. metrics_reporter_android.cc
  92. metrics_reporter_android.h
  93. metrics_reporter_interface.h
  94. metrics_reporter_omaha.cc
  95. metrics_reporter_omaha.h
  96. metrics_reporter_omaha_unittest.cc
  97. metrics_reporter_stub.cc
  98. metrics_reporter_stub.h
  99. metrics_utils.cc
  100. metrics_utils.h
  101. metrics_utils_unittest.cc
  102. mock_boot_control_hal.h
  103. mock_certificate_checker.h
  104. mock_connection_manager.h
  105. mock_dynamic_partition_control.h
  106. mock_file_writer.h
  107. mock_metrics_reporter.h
  108. mock_omaha_request_params.h
  109. mock_p2p_manager.h
  110. mock_payload_state.h
  111. mock_power_manager.h
  112. mock_service_observer.h
  113. mock_update_attempter.h
  114. network_selector.h
  115. network_selector_android.cc
  116. network_selector_android.h
  117. network_selector_interface.h
  118. network_selector_stub.cc
  119. network_selector_stub.h
  120. omaha_request_action.cc
  121. omaha_request_action.h
  122. omaha_request_action_fuzzer.cc
  123. omaha_request_action_unittest.cc
  124. omaha_request_params.cc
  125. omaha_request_params.h
  126. omaha_request_params_unittest.cc
  127. omaha_response.h
  128. omaha_response_handler_action.cc
  129. omaha_response_handler_action.h
  130. omaha_response_handler_action_unittest.cc
  131. omaha_utils.cc
  132. omaha_utils.h
  133. omaha_utils_unittest.cc
  134. otacerts.zip
  135. p2p_manager.cc
  136. p2p_manager.h
  137. p2p_manager_unittest.cc
  138. parcelable_update_engine_status.cc
  139. parcelable_update_engine_status.h
  140. parcelable_update_engine_status_unittest.cc
  141. payload_consumer/
  142. payload_generator/
  143. payload_state.cc
  144. payload_state.h
  145. payload_state_interface.h
  146. payload_state_unittest.cc
  147. power_manager_android.cc
  148. power_manager_android.h
  149. power_manager_chromeos.cc
  150. power_manager_chromeos.h
  151. power_manager_interface.h
  152. pylintrc
  153. real_system_state.cc
  154. real_system_state.h
  155. run_unittests
  156. sample_images/
  157. sample_omaha_v3_response.xml
  158. scripts/
  159. service_delegate_android_interface.h
  160. service_observer_interface.h
  161. shill_proxy.cc
  162. shill_proxy.h
  163. shill_proxy_interface.h
  164. sideload_main.cc
  165. system_state.h
  166. tar_bunzip2.gypi
  167. test_config.xml
  168. test_http_server.cc
  169. test_subprocess.cc
  170. testrunner.cc
  171. unittest_key.pem
  172. unittest_key2.pem
  173. unittest_key_EC.pem
  174. unittest_key_RSA4096.pem
  175. update_attempter.cc
  176. update_attempter.h
  177. update_attempter_android.cc
  178. update_attempter_android.h
  179. update_attempter_android_unittest.cc
  180. update_attempter_unittest.cc
  181. update_boot_flags_action.cc
  182. update_boot_flags_action.h
  183. update_boot_flags_action_unittest.cc
  184. update_engine-client.gyp
  185. update_engine.conf
  186. update_engine.gyp
  187. update_engine.rc
  188. update_engine/
  189. update_engine_client.cc
  190. update_engine_client_android.cc
  191. update_manager/
  192. update_metadata.proto
  193. update_payload_key/
  194. update_status_utils.cc
  195. update_status_utils.h