Disallow fastboot to modify locked DSU

This enhances the security requirement by only allowing
the owner app to change a locked DSU.

(Cherry-picked from aosp/2744993)

Bug: 277691885
Bug: 296985785
Test: 1. ensure device is OEM locked
      2. adb shell am start-activity \
         -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
         -a android.os.image.action.START_INSTALL \
         --el KEY_USERDATA_SIZE 2147483648 \
	 --es KEY_DSU_SLOT foo.lock
      3. adb reboot fastboot
      4. `fastboot gsi disable|wipe` should be blocked

Merged-In: I1a0cb8a074412468d16043ddf4101fbb76490115
Change-Id: I1a0cb8a074412468d16043ddf4101fbb76490115

1 files changed, 11 insertions, 0 deletions

diff --git a/fastboot/device/commands.cpp b/fastboot/device/commands.cpp
index d60539332..6de598f69 100644
--- a/fastboot/device/commands.cpp
+++ b/fastboot/device/commands.cpp
@@ -639,6 +639,12 @@ bool UpdateSuperHandler(FastbootDevice* device, const std::vector<std::string>&
     return UpdateSuper(device, args[1], wipe);
 }
 
+static bool IsLockedDsu() {
+    std::string active_dsu;
+    android::gsi::GetActiveDsu(&active_dsu);
+    return android::base::EndsWith(active_dsu, ".lock");
+}
+
 bool GsiHandler(FastbootDevice* device, const std::vector<std::string>& args) {
     if (args.size() != 2) {
         return device->WriteFail("Invalid arguments");
@@ -653,6 +659,11 @@ bool GsiHandler(FastbootDevice* device, const std::vector<std::string>& args) {
         return device->WriteStatus(FastbootResult::FAIL, "No GSI is installed");
     }
 
+    if ((args[1] == "wipe" || args[1] == "disable") && GetDeviceLockStatus() && IsLockedDsu()) {
+        // Block commands that modify the states of locked DSU
+        return device->WriteFail("Command not available on locked DSU/devices");
+    }
+
     if (args[1] == "wipe") {
         if (!android::gsi::UninstallGsi()) {
             return device->WriteStatus(FastbootResult::FAIL, strerror(errno));