Merge "Uses a per-partition fingerprint for building images and avb_salt." am: b6145d320c

Change-Id: I8ca783cb0252a7b4562952835351aeef141913f9

4 files changed, 103 insertions, 73 deletions

diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index 8249915ac4..cc05c644a1 100755
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -338,7 +338,7 @@ def CreateImage(input_dir, info_dict, what, output_file, block_list=None):
   # Use repeatable ext4 FS UUID and hash_seed UUID (based on partition name and
   # build fingerprint).
   build_info = common.BuildInfo(info_dict)
-  uuid_seed = what + "-" + build_info.fingerprint
+  uuid_seed = what + "-" + build_info.GetPartitionFingerprint(what)
   image_props["uuid"] = str(uuid.uuid5(uuid.NAMESPACE_URL, uuid_seed))
   hash_seed = "hash_seed-" + uuid_seed
   image_props["hash_seed"] = str(uuid.uuid5(uuid.NAMESPACE_URL, hash_seed))
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index ed9183e193..54bb857ac1 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -540,7 +540,6 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
       "verity_disable",
       "avb_enable",
       "avb_avbtool",
-      "avb_salt",
       "use_dynamic_partition_size",
   )
   for p in common_props:
@@ -553,6 +552,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
               "avb_add_hashtree_footer_args")
     copy_prop("avb_system_key_path", "avb_key_path")
     copy_prop("avb_system_algorithm", "avb_algorithm")
+    copy_prop("avb_system_salt", "avb_salt")
     copy_prop("fs_type", "fs_type")
     # Copy the generic system fs type first, override with specific one if
     # available.
@@ -584,6 +584,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
               "avb_add_hashtree_footer_args")
     copy_prop("avb_system_other_key_path", "avb_key_path")
     copy_prop("avb_system_other_algorithm", "avb_algorithm")
+    copy_prop("avb_system_other_salt", "avb_salt")
     copy_prop("fs_type", "fs_type")
     copy_prop("system_fs_type", "fs_type")
     copy_prop("system_other_size", "partition_size")
@@ -619,6 +620,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
               "avb_add_hashtree_footer_args")
     copy_prop("avb_vendor_key_path", "avb_key_path")
     copy_prop("avb_vendor_algorithm", "avb_algorithm")
+    copy_prop("avb_vendor_salt", "avb_salt")
     copy_prop("vendor_fs_type", "fs_type")
     copy_prop("vendor_size", "partition_size")
     if not copy_prop("vendor_journal_size", "journal_size"):
@@ -641,6 +643,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
               "avb_add_hashtree_footer_args")
     copy_prop("avb_product_key_path", "avb_key_path")
     copy_prop("avb_product_algorithm", "avb_algorithm")
+    copy_prop("avb_product_salt", "avb_salt")
     copy_prop("product_fs_type", "fs_type")
     copy_prop("product_size", "partition_size")
     if not copy_prop("product_journal_size", "journal_size"):
@@ -663,6 +666,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
               "avb_add_hashtree_footer_args")
     copy_prop("avb_system_ext_key_path", "avb_key_path")
     copy_prop("avb_system_ext_algorithm", "avb_algorithm")
+    copy_prop("avb_system_ext_salt", "avb_salt")
     copy_prop("system_ext_fs_type", "fs_type")
     copy_prop("system_ext_size", "partition_size")
     if not copy_prop("system_ext_journal_size", "journal_size"):
@@ -687,6 +691,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
               "avb_add_hashtree_footer_args")
     copy_prop("avb_odm_key_path", "avb_key_path")
     copy_prop("avb_odm_algorithm", "avb_algorithm")
+    copy_prop("avb_odm_salt", "avb_salt")
     copy_prop("odm_fs_type", "fs_type")
     copy_prop("odm_size", "partition_size")
     if not copy_prop("odm_journal_size", "journal_size"):
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 2e235ee9aa..3276b297e4 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -319,7 +319,7 @@ class BuildInfo(object):
   OEM-specific properties, some of them will be calculated from two info dicts.
 
   Users can query properties similarly as using a dict() (e.g. info['fstab']),
-  or to query build properties via GetBuildProp() or GetVendorBuildProp().
+  or to query build properties via GetBuildProp() or GetPartitionBuildProp().
 
   Attributes:
     info_dict: The build-time info dict.
@@ -362,16 +362,31 @@ class BuildInfo(object):
     if self._oem_props:
       assert oem_dicts, "OEM source required for this build"
 
+    def check_fingerprint(fingerprint):
+      if (" " in fingerprint or any(ord(ch) > 127 for ch in fingerprint)):
+        raise ValueError(
+            'Invalid build fingerprint: "{}". See the requirement in Android CDD '
+            "3.2.2. Build Parameters.".format(fingerprint))
+
+
+    self._partition_fingerprints = {}
+    for partition in PARTITIONS_WITH_CARE_MAP:
+      try:
+        fingerprint = self.CalculatePartitionFingerprint(partition)
+        check_fingerprint(fingerprint)
+        self._partition_fingerprints[partition] = fingerprint
+      except ExternalError:
+        continue
+    if "system" in self._partition_fingerprints:
+      # system_other is not included in PARTITIONS_WITH_CARE_MAP, but does
+      # need a fingerprint when creating the image.
+      self._partition_fingerprints[
+          "system_other"] = self._partition_fingerprints["system"]
+
     # These two should be computed only after setting self._oem_props.
     self._device = self.GetOemProperty("ro.product.device")
     self._fingerprint = self.CalculateFingerprint()
-
-    # Sanity check the build fingerprint.
-    if (' ' in self._fingerprint or
-        any(ord(ch) > 127 for ch in self._fingerprint)):
-      raise ValueError(
-          'Invalid build fingerprint: "{}". See the requirement in Android CDD '
-          '3.2.2. Build Parameters.'.format(self._fingerprint))
+    check_fingerprint(self._fingerprint)
 
   @property
   def is_ab(self):
@@ -386,28 +401,6 @@ class BuildInfo(object):
     return self._fingerprint
 
   @property
-  def vendor_fingerprint(self):
-    return self._fingerprint_of("vendor")
-
-  @property
-  def product_fingerprint(self):
-    return self._fingerprint_of("product")
-
-  @property
-  def odm_fingerprint(self):
-    return self._fingerprint_of("odm")
-
-  def _fingerprint_of(self, partition):
-    if partition + ".build.prop" not in self.info_dict:
-      return None
-    build_prop = self.info_dict[partition + ".build.prop"]
-    if "ro." + partition + ".build.fingerprint" in build_prop:
-      return build_prop["ro." + partition + ".build.fingerprint"]
-    if "ro." + partition + ".build.thumbprint" in build_prop:
-      return build_prop["ro." + partition + ".build.thumbprint"]
-    return None
-
-  @property
   def oem_props(self):
     return self._oem_props
 
@@ -423,8 +416,22 @@ class BuildInfo(object):
   def items(self):
     return self.info_dict.items()
 
+  def GetPartitionBuildProp(self, prop, partition):
+    """Returns the inquired build property for the provided partition."""
+    # If provided a partition for this property, only look within that
+    # partition's build.prop.
+    if prop in BuildInfo._RO_PRODUCT_RESOLVE_PROPS:
+      prop = prop.replace("ro.product", "ro.product.{}".format(partition))
+    else:
+      prop = prop.replace("ro.", "ro.{}.".format(partition))
+    try:
+      return self.info_dict.get("{}.build.prop".format(partition), {})[prop]
+    except KeyError:
+      raise ExternalError("couldn't find %s in %s.build.prop" %
+                          (prop, partition))
+
   def GetBuildProp(self, prop):
-    """Returns the inquired build property."""
+    """Returns the inquired build property from the standard build.prop file."""
     if prop in BuildInfo._RO_PRODUCT_RESOLVE_PROPS:
       return self._ResolveRoProductBuildProp(prop)
 
@@ -462,19 +469,28 @@ class BuildInfo(object):
 
     raise ExternalError("couldn't resolve {}".format(prop))
 
-  def GetVendorBuildProp(self, prop):
-    """Returns the inquired vendor build property."""
-    try:
-      return self.info_dict.get("vendor.build.prop", {})[prop]
-    except KeyError:
-      raise ExternalError(
-          "couldn't find %s in vendor.build.prop" % (prop,))
-
   def GetOemProperty(self, key):
     if self.oem_props is not None and key in self.oem_props:
       return self.oem_dicts[0][key]
     return self.GetBuildProp(key)
 
+  def GetPartitionFingerprint(self, partition):
+    return self._partition_fingerprints.get(partition, None)
+
+  def CalculatePartitionFingerprint(self, partition):
+    try:
+      return self.GetPartitionBuildProp("ro.build.fingerprint", partition)
+    except ExternalError:
+      return "{}/{}/{}:{}/{}/{}:{}/{}".format(
+          self.GetPartitionBuildProp("ro.product.brand", partition),
+          self.GetPartitionBuildProp("ro.product.name", partition),
+          self.GetPartitionBuildProp("ro.product.device", partition),
+          self.GetPartitionBuildProp("ro.build.version.release", partition),
+          self.GetPartitionBuildProp("ro.build.id", partition),
+          self.GetPartitionBuildProp("ro.build.version.incremental", partition),
+          self.GetPartitionBuildProp("ro.build.type", partition),
+          self.GetPartitionBuildProp("ro.build.tags", partition))
+
   def CalculateFingerprint(self):
     if self.oem_props is None:
       try:
@@ -644,7 +660,10 @@ def LoadInfoDict(input_file, repacking=False):
   # hash / hashtree footers.
   if d.get("avb_enable") == "true":
     build_info = BuildInfo(d)
-    d["avb_salt"] = sha256(build_info.fingerprint).hexdigest()
+    for partition in PARTITIONS_WITH_CARE_MAP:
+      fingerprint = build_info.GetPartitionFingerprint(partition)
+      if fingerprint:
+        d["avb_{}_salt".format(partition)] = sha256(fingerprint).hexdigest()
 
   return d
 
diff --git a/tools/releasetools/test_common.py b/tools/releasetools/test_common.py
index 53b5b76bdd..da9216369e 100644
--- a/tools/releasetools/test_common.py
+++ b/tools/releasetools/test_common.py
@@ -53,8 +53,26 @@ class BuildInfoTest(test_utils.ReleaseToolsTestCase):
           'ro.build.fingerprint' : 'build-fingerprint',
           'ro.build.foo' : 'build-foo',
       },
+      'system.build.prop' : {
+          'ro.product.system.brand' : 'product-brand',
+          'ro.product.system.name' : 'product-name',
+          'ro.product.system.device' : 'product-device',
+          'ro.system.build.version.release' : 'version-release',
+          'ro.system.build.id' : 'build-id',
+          'ro.system.build.version.incremental' : 'version-incremental',
+          'ro.system.build.type' : 'build-type',
+          'ro.system.build.tags' : 'build-tags',
+          'ro.system.build.foo' : 'build-foo',
+      },
       'vendor.build.prop' : {
-          'ro.vendor.build.fingerprint' : 'vendor-build-fingerprint',
+          'ro.product.vendor.brand' : 'vendor-product-brand',
+          'ro.product.vendor.name' : 'vendor-product-name',
+          'ro.product.vendor.device' : 'vendor-product-device',
+          'ro.vendor.build.version.release' : 'vendor-version-release',
+          'ro.vendor.build.id' : 'vendor-build-id',
+          'ro.vendor.build.version.incremental' : 'vendor-version-incremental',
+          'ro.vendor.build.type' : 'vendor-build-type',
+          'ro.vendor.build.tags' : 'vendor-build-tags',
       },
       'property1' : 'value1',
       'property2' : 4096,
@@ -186,39 +204,27 @@ class BuildInfoTest(test_utils.ReleaseToolsTestCase):
     self.assertRaises(common.ExternalError, target_info.GetBuildProp,
                       'ro.build.nonexistent')
 
-  def test_GetVendorBuildProp(self):
+  def test_GetPartitionFingerprint(self):
     target_info = common.BuildInfo(self.TEST_INFO_DICT, None)
-    self.assertEqual('vendor-build-fingerprint',
-                     target_info.GetVendorBuildProp(
-                         'ro.vendor.build.fingerprint'))
-    self.assertRaises(common.ExternalError, target_info.GetVendorBuildProp,
-                      'ro.build.nonexistent')
-
-  def test_GetVendorBuildProp_with_oem_props(self):
-    target_info = common.BuildInfo(self.TEST_INFO_DICT_USES_OEM_PROPS,
-                                   self.TEST_OEM_DICTS)
-    self.assertEqual('vendor-build-fingerprint',
-                     target_info.GetVendorBuildProp(
-                         'ro.vendor.build.fingerprint'))
-    self.assertRaises(common.ExternalError, target_info.GetVendorBuildProp,
-                      'ro.build.nonexistent')
+    self.assertEqual(
+        target_info.GetPartitionFingerprint('vendor'),
+        'vendor-product-brand/vendor-product-name/vendor-product-device'
+        ':vendor-version-release/vendor-build-id/vendor-version-incremental'
+        ':vendor-build-type/vendor-build-tags')
 
-  def test_vendor_fingerprint(self):
+  def test_GetPartitionFingerprint_system_other_uses_system(self):
     target_info = common.BuildInfo(self.TEST_INFO_DICT, None)
-    self.assertEqual('vendor-build-fingerprint',
-                     target_info.vendor_fingerprint)
-
-  def test_vendor_fingerprint_blacklisted(self):
-    target_info_dict = copy.deepcopy(self.TEST_INFO_DICT_USES_OEM_PROPS)
-    del target_info_dict['vendor.build.prop']['ro.vendor.build.fingerprint']
-    target_info = common.BuildInfo(target_info_dict, self.TEST_OEM_DICTS)
-    self.assertIsNone(target_info.vendor_fingerprint)
-
-  def test_vendor_fingerprint_without_vendor_build_prop(self):
-    target_info_dict = copy.deepcopy(self.TEST_INFO_DICT_USES_OEM_PROPS)
-    del target_info_dict['vendor.build.prop']
-    target_info = common.BuildInfo(target_info_dict, self.TEST_OEM_DICTS)
-    self.assertIsNone(target_info.vendor_fingerprint)
+    self.assertEqual(
+        target_info.GetPartitionFingerprint('system_other'),
+        target_info.GetPartitionFingerprint('system'))
+
+  def test_GetPartitionFingerprint_uses_fingerprint_prop_if_available(self):
+    info_dict = copy.deepcopy(self.TEST_INFO_DICT)
+    info_dict['vendor.build.prop']['ro.vendor.build.fingerprint'] = 'vendor:fingerprint'
+    target_info = common.BuildInfo(info_dict, None)
+    self.assertEqual(
+        target_info.GetPartitionFingerprint('vendor'),
+        'vendor:fingerprint')
 
   def test_WriteMountOemScript(self):
     target_info = common.BuildInfo(self.TEST_INFO_DICT_USES_OEM_PROPS,