/* * Copyright (C) 2012 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.server.updates; import android.content.BroadcastReceiver; import android.content.ContentResolver; import android.content.Context; import android.content.Intent; import android.net.Uri; import android.provider.Settings; import android.util.Base64; import android.util.EventLog; import android.util.Slog; import com.android.server.EventLogTags; import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileOutputStream; import java.io.InputStream; import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.Signature; import libcore.io.IoUtils; import libcore.io.Streams; public class ConfigUpdateInstallReceiver extends BroadcastReceiver { private static final String TAG = "ConfigUpdateInstallReceiver"; private static final String EXTRA_CONTENT_PATH = "CONTENT_PATH"; private static final String EXTRA_REQUIRED_HASH = "REQUIRED_HASH"; private static final String EXTRA_SIGNATURE = "SIGNATURE"; private static final String EXTRA_VERSION_NUMBER = "VERSION"; private static final String UPDATE_CERTIFICATE_KEY = "config_update_certificate"; protected final File updateDir; protected final File updateContent; protected final File updateVersion; public ConfigUpdateInstallReceiver(String updateDir, String updateContentPath, String updateMetadataPath, String updateVersionPath) { this.updateDir = new File(updateDir); this.updateContent = new File(updateDir, updateContentPath); File updateMetadataDir = new File(updateDir, updateMetadataPath); this.updateVersion = new File(updateMetadataDir, updateVersionPath); } @Override public void onReceive(final Context context, final Intent intent) { new Thread() { @Override public void run() { try { // get the certificate from Settings.Secure X509Certificate cert = getCert(context.getContentResolver()); // get the content path from the extras byte[] altContent = getAltContent(context, intent); // get the version from the extras int altVersion = getVersionFromIntent(intent); // get the previous value from the extras String altRequiredHash = getRequiredHashFromIntent(intent); // get the signature from the extras String altSig = getSignatureFromIntent(intent); // get the version currently being used int currentVersion = getCurrentVersion(); // get the hash of the currently used value String currentHash = getCurrentHash(getCurrentContent()); if (!verifyVersion(currentVersion, altVersion)) { Slog.i(TAG, "Not installing, new version is <= current version"); } else if (!verifyPreviousHash(currentHash, altRequiredHash)) { EventLog.writeEvent(EventLogTags.CONFIG_INSTALL_FAILED, "Current hash did not match required value"); } else if (!verifySignature(altContent, altVersion, altRequiredHash, altSig, cert)) { EventLog.writeEvent(EventLogTags.CONFIG_INSTALL_FAILED, "Signature did not verify"); } else { // install the new content Slog.i(TAG, "Found new update, installing..."); install(altContent, altVersion); Slog.i(TAG, "Installation successful"); postInstall(context, intent); } } catch (Exception e) { Slog.e(TAG, "Could not update content!", e); // keep the error message <= 100 chars String errMsg = e.toString(); if (errMsg.length() > 100) { errMsg = errMsg.substring(0, 99); } EventLog.writeEvent(EventLogTags.CONFIG_INSTALL_FAILED, errMsg); } } }.start(); } private X509Certificate getCert(ContentResolver cr) { // get the cert from settings String cert = Settings.Secure.getString(cr, UPDATE_CERTIFICATE_KEY); // convert it into a real certificate try { byte[] derCert = Base64.decode(cert.getBytes(), Base64.DEFAULT); InputStream istream = new ByteArrayInputStream(derCert); CertificateFactory cf = CertificateFactory.getInstance("X.509"); return (X509Certificate) cf.generateCertificate(istream); } catch (CertificateException e) { throw new IllegalStateException("Got malformed certificate from settings, ignoring"); } } private Uri getContentFromIntent(Intent i) { Uri data = i.getData(); if (data == null) { throw new IllegalStateException("Missing required content path, ignoring."); } return data; } private int getVersionFromIntent(Intent i) throws NumberFormatException { String extraValue = i.getStringExtra(EXTRA_VERSION_NUMBER); if (extraValue == null) { throw new IllegalStateException("Missing required version number, ignoring."); } return Integer.parseInt(extraValue.trim()); } private String getRequiredHashFromIntent(Intent i) { String extraValue = i.getStringExtra(EXTRA_REQUIRED_HASH); if (extraValue == null) { throw new IllegalStateException("Missing required previous hash, ignoring."); } return extraValue.trim(); } private String getSignatureFromIntent(Intent i) { String extraValue = i.getStringExtra(EXTRA_SIGNATURE); if (extraValue == null) { throw new IllegalStateException("Missing required signature, ignoring."); } return extraValue.trim(); } private int getCurrentVersion() throws NumberFormatException { try { String strVersion = IoUtils.readFileAsString(updateVersion.getCanonicalPath()).trim(); return Integer.parseInt(strVersion); } catch (IOException e) { Slog.i(TAG, "Couldn't find current metadata, assuming first update"); return 0; } } private byte[] getAltContent(Context c, Intent i) throws IOException { Uri content = getContentFromIntent(i); InputStream is = c.getContentResolver().openInputStream(content); try { return Streams.readFullyNoClose(is); } finally { is.close(); } } private byte[] getCurrentContent() { try { return IoUtils.readFileAsByteArray(updateContent.getCanonicalPath()); } catch (IOException e) { Slog.i(TAG, "Failed to read current content, assuming first update!"); return null; } } private static String getCurrentHash(byte[] content) { if (content == null) { return "0"; } try { MessageDigest dgst = MessageDigest.getInstance("SHA512"); byte[] fingerprint = dgst.digest(content); return IntegralToString.bytesToHexString(fingerprint, false); } catch (NoSuchAlgorithmException e) { throw new AssertionError(e); } } private boolean verifyVersion(int current, int alternative) { return (current < alternative); } private boolean verifyPreviousHash(String current, String required) { // this is an optional value- if the required field is NONE then we ignore it if (required.equals("NONE")) { return true; } // otherwise, verify that we match correctly return current.equals(required); } private boolean verifySignature(byte[] content, int version, String requiredPrevious, String signature, X509Certificate cert) throws Exception { Signature signer = Signature.getInstance("SHA512withRSA"); signer.initVerify(cert); signer.update(content); signer.update(Long.toString(version).getBytes()); signer.update(requiredPrevious.getBytes()); return signer.verify(Base64.decode(signature.getBytes(), Base64.DEFAULT)); } protected void writeUpdate(File dir, File file, byte[] content) throws IOException { FileOutputStream out = null; File tmp = null; try { // create the parents for the destination file File parent = file.getParentFile(); parent.mkdirs(); // check that they were created correctly if (!parent.exists()) { throw new IOException("Failed to create directory " + parent.getCanonicalPath()); } // create the temporary file tmp = File.createTempFile("journal", "", dir); // mark tmp -rw-r--r-- tmp.setReadable(true, false); // write to it out = new FileOutputStream(tmp); out.write(content); // sync to disk out.getFD().sync(); // atomic rename if (!tmp.renameTo(file)) { throw new IOException("Failed to atomically rename " + file.getCanonicalPath()); } } finally { if (tmp != null) { tmp.delete(); } IoUtils.closeQuietly(out); } } protected void install(byte[] content, int version) throws IOException { writeUpdate(updateDir, updateContent, content); writeUpdate(updateDir, updateVersion, Long.toString(version).getBytes()); } protected void postInstall(Context context, Intent intent) { } }