ConfigUpdateInstallReceiver.java revision 49782e46c0eb85a25ae2abcf80880c48dbab5aea 
1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.updates;
18
19import android.content.BroadcastReceiver;
20import android.content.ContentResolver;
21import android.content.Context;
22import android.content.Intent;
23import android.provider.Settings;
24import android.util.Base64;
25import android.util.EventLog;
26import android.util.Slog;
27
28import com.android.server.EventLogTags;
29
30import java.io.ByteArrayInputStream;
31import java.io.File;
32import java.io.FileOutputStream;
33import java.io.InputStream;
34import java.io.IOException;
35import java.security.cert.CertificateException;
36import java.security.cert.CertificateFactory;
37import java.security.cert.X509Certificate;
38import java.security.MessageDigest;
39import java.security.NoSuchAlgorithmException;
40import java.security.Signature;
41
42import libcore.io.IoUtils;
43
44public class ConfigUpdateInstallReceiver extends BroadcastReceiver {
45
46    private static final String TAG = "ConfigUpdateInstallReceiver";
47
48    private static final String EXTRA_CONTENT_PATH = "CONTENT_PATH";
49    private static final String EXTRA_REQUIRED_HASH = "REQUIRED_HASH";
50    private static final String EXTRA_SIGNATURE = "SIGNATURE";
51    private static final String EXTRA_VERSION_NUMBER = "VERSION";
52
53    private static final String UPDATE_CERTIFICATE_KEY = "config_update_certificate";
54
55    protected final File updateDir;
56    protected final File updateContent;
57    protected final File updateVersion;
58
59    public ConfigUpdateInstallReceiver(String updateDir, String updateContentPath,
60                                       String updateMetadataPath, String updateVersionPath) {
61        this.updateDir = new File(updateDir);
62        this.updateContent = new File(updateDir, updateContentPath);
63        File updateMetadataDir = new File(updateDir, updateMetadataPath);
64        this.updateVersion = new File(updateMetadataDir, updateVersionPath);
65    }
66
67    @Override
68    public void onReceive(final Context context, final Intent intent) {
69        new Thread() {
70            @Override
71            public void run() {
72                try {
73                    // get the certificate from Settings.Secure
74                    X509Certificate cert = getCert(context.getContentResolver());
75                    // get the content path from the extras
76                    byte[] altContent = getAltContent(intent);
77                    // get the version from the extras
78                    int altVersion = getVersionFromIntent(intent);
79                    // get the previous value from the extras
80                    String altRequiredHash = getRequiredHashFromIntent(intent);
81                    // get the signature from the extras
82                    String altSig = getSignatureFromIntent(intent);
83                    // get the version currently being used
84                    int currentVersion = getCurrentVersion();
85                    // get the hash of the currently used value
86                    String currentHash = getCurrentHash(getCurrentContent());
87                    if (!verifyVersion(currentVersion, altVersion)) {
88                        Slog.i(TAG, "Not installing, new version is <= current version");
89                    } else if (!verifyPreviousHash(currentHash, altRequiredHash)) {
90                        EventLog.writeEvent(EventLogTags.CONFIG_INSTALL_FAILED,
91                                            "Current hash did not match required value");
92                    } else if (!verifySignature(altContent, altVersion, altRequiredHash, altSig,
93                               cert)) {
94                        EventLog.writeEvent(EventLogTags.CONFIG_INSTALL_FAILED,
95                                            "Signature did not verify");
96                    } else {
97                        // install the new content
98                        Slog.i(TAG, "Found new update, installing...");
99                        install(altContent, altVersion);
100                        Slog.i(TAG, "Installation successful");
101                        postInstall(context, intent);
102                    }
103                } catch (Exception e) {
104                    Slog.e(TAG, "Could not update content!", e);
105                    // keep the error message <= 100 chars
106                    String errMsg = e.toString();
107                    if (errMsg.length() > 100) {
108                        errMsg = errMsg.substring(0, 99);
109                    }
110                    EventLog.writeEvent(EventLogTags.CONFIG_INSTALL_FAILED, errMsg);
111                }
112            }
113        }.start();
114    }
115
116    private X509Certificate getCert(ContentResolver cr) {
117        // get the cert from settings
118        String cert = Settings.Secure.getString(cr, UPDATE_CERTIFICATE_KEY);
119        // convert it into a real certificate
120        try {
121            byte[] derCert = Base64.decode(cert.getBytes(), Base64.DEFAULT);
122            InputStream istream = new ByteArrayInputStream(derCert);
123            CertificateFactory cf = CertificateFactory.getInstance("X.509");
124            return (X509Certificate) cf.generateCertificate(istream);
125        } catch (CertificateException e) {
126            throw new IllegalStateException("Got malformed certificate from settings, ignoring");
127        }
128    }
129
130    private String getContentFromIntent(Intent i) {
131        String extraValue = i.getStringExtra(EXTRA_CONTENT_PATH);
132        if (extraValue == null) {
133            throw new IllegalStateException("Missing required content path, ignoring.");
134        }
135        return extraValue;
136    }
137
138    private int getVersionFromIntent(Intent i) throws NumberFormatException {
139        String extraValue = i.getStringExtra(EXTRA_VERSION_NUMBER);
140        if (extraValue == null) {
141            throw new IllegalStateException("Missing required version number, ignoring.");
142        }
143        return Integer.parseInt(extraValue.trim());
144    }
145
146    private String getRequiredHashFromIntent(Intent i) {
147        String extraValue = i.getStringExtra(EXTRA_REQUIRED_HASH);
148        if (extraValue == null) {
149            throw new IllegalStateException("Missing required previous hash, ignoring.");
150        }
151        return extraValue.trim();
152    }
153
154    private String getSignatureFromIntent(Intent i) {
155        String extraValue = i.getStringExtra(EXTRA_SIGNATURE);
156        if (extraValue == null) {
157            throw new IllegalStateException("Missing required signature, ignoring.");
158        }
159        return extraValue.trim();
160    }
161
162    private int getCurrentVersion() throws NumberFormatException {
163        try {
164            String strVersion = IoUtils.readFileAsString(updateVersion.getCanonicalPath()).trim();
165            return Integer.parseInt(strVersion);
166        } catch (IOException e) {
167            Slog.i(TAG, "Couldn't find current metadata, assuming first update");
168            return 0;
169        }
170    }
171
172    private byte[] getAltContent(Intent i) throws IOException {
173        return IoUtils.readFileAsByteArray(getContentFromIntent(i));
174    }
175
176    private byte[] getCurrentContent() {
177        try {
178            return IoUtils.readFileAsByteArray(updateContent.getCanonicalPath());
179        } catch (IOException e) {
180            Slog.i(TAG, "Failed to read current content, assuming first update!");
181            return null;
182        }
183    }
184
185    private static String getCurrentHash(byte[] content) {
186        if (content == null) {
187            return "0";
188        }
189        try {
190            MessageDigest dgst = MessageDigest.getInstance("SHA512");
191            byte[] fingerprint = dgst.digest(content);
192            return IntegralToString.bytesToHexString(fingerprint, false);
193        } catch (NoSuchAlgorithmException e) {
194            throw new AssertionError(e);
195        }
196    }
197
198    private boolean verifyVersion(int current, int alternative) {
199        return (current < alternative);
200    }
201
202    private boolean verifyPreviousHash(String current, String required) {
203        // this is an optional value- if the required field is NONE then we ignore it
204        if (required.equals("NONE")) {
205            return true;
206        }
207        // otherwise, verify that we match correctly
208        return current.equals(required);
209    }
210
211    private boolean verifySignature(byte[] content, int version, String requiredPrevious,
212                                   String signature, X509Certificate cert) throws Exception {
213        Signature signer = Signature.getInstance("SHA512withRSA");
214        signer.initVerify(cert);
215        signer.update(content);
216        signer.update(Long.toString(version).getBytes());
217        signer.update(requiredPrevious.getBytes());
218        return signer.verify(Base64.decode(signature.getBytes(), Base64.DEFAULT));
219    }
220
221    protected void writeUpdate(File dir, File file, byte[] content) throws IOException {
222        FileOutputStream out = null;
223        File tmp = null;
224        try {
225            // create the parents for the destination file
226            File parent = file.getParentFile();
227            parent.mkdirs();
228            // check that they were created correctly
229            if (!parent.exists()) {
230                throw new IOException("Failed to create directory " + parent.getCanonicalPath());
231            }
232            // create the temporary file
233            tmp = File.createTempFile("journal", "", dir);
234            // mark tmp -rw-r--r--
235            tmp.setReadable(true, false);
236            // write to it
237            out = new FileOutputStream(tmp);
238            out.write(content);
239            // sync to disk
240            out.getFD().sync();
241            // atomic rename
242            if (!tmp.renameTo(file)) {
243                throw new IOException("Failed to atomically rename " + file.getCanonicalPath());
244            }
245        } finally {
246            if (tmp != null) {
247                tmp.delete();
248            }
249            IoUtils.closeQuietly(out);
250        }
251    }
252
253    protected void install(byte[] content, int version) throws IOException {
254        writeUpdate(updateDir, updateContent, content);
255        writeUpdate(updateDir, updateVersion, Long.toString(version).getBytes());
256    }
257
258    protected void postInstall(Context context, Intent intent) {
259    }
260}
261