ConfigUpdateInstallReceiver.java revision 49782e46c0eb85a25ae2abcf80880c48dbab5aea
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.updates; 18 19import android.content.BroadcastReceiver; 20import android.content.ContentResolver; 21import android.content.Context; 22import android.content.Intent; 23import android.provider.Settings; 24import android.util.Base64; 25import android.util.EventLog; 26import android.util.Slog; 27 28import com.android.server.EventLogTags; 29 30import java.io.ByteArrayInputStream; 31import java.io.File; 32import java.io.FileOutputStream; 33import java.io.InputStream; 34import java.io.IOException; 35import java.security.cert.CertificateException; 36import java.security.cert.CertificateFactory; 37import java.security.cert.X509Certificate; 38import java.security.MessageDigest; 39import java.security.NoSuchAlgorithmException; 40import java.security.Signature; 41 42import libcore.io.IoUtils; 43 44public class ConfigUpdateInstallReceiver extends BroadcastReceiver { 45 46 private static final String TAG = "ConfigUpdateInstallReceiver"; 47 48 private static final String EXTRA_CONTENT_PATH = "CONTENT_PATH"; 49 private static final String EXTRA_REQUIRED_HASH = "REQUIRED_HASH"; 50 private static final String EXTRA_SIGNATURE = "SIGNATURE"; 51 private static final String EXTRA_VERSION_NUMBER = "VERSION"; 52 53 private static final String UPDATE_CERTIFICATE_KEY = "config_update_certificate"; 54 55 protected final File updateDir; 56 protected final File updateContent; 57 protected final File updateVersion; 58 59 public ConfigUpdateInstallReceiver(String updateDir, String updateContentPath, 60 String updateMetadataPath, String updateVersionPath) { 61 this.updateDir = new File(updateDir); 62 this.updateContent = new File(updateDir, updateContentPath); 63 File updateMetadataDir = new File(updateDir, updateMetadataPath); 64 this.updateVersion = new File(updateMetadataDir, updateVersionPath); 65 } 66 67 @Override 68 public void onReceive(final Context context, final Intent intent) { 69 new Thread() { 70 @Override 71 public void run() { 72 try { 73 // get the certificate from Settings.Secure 74 X509Certificate cert = getCert(context.getContentResolver()); 75 // get the content path from the extras 76 byte[] altContent = getAltContent(intent); 77 // get the version from the extras 78 int altVersion = getVersionFromIntent(intent); 79 // get the previous value from the extras 80 String altRequiredHash = getRequiredHashFromIntent(intent); 81 // get the signature from the extras 82 String altSig = getSignatureFromIntent(intent); 83 // get the version currently being used 84 int currentVersion = getCurrentVersion(); 85 // get the hash of the currently used value 86 String currentHash = getCurrentHash(getCurrentContent()); 87 if (!verifyVersion(currentVersion, altVersion)) { 88 Slog.i(TAG, "Not installing, new version is <= current version"); 89 } else if (!verifyPreviousHash(currentHash, altRequiredHash)) { 90 EventLog.writeEvent(EventLogTags.CONFIG_INSTALL_FAILED, 91 "Current hash did not match required value"); 92 } else if (!verifySignature(altContent, altVersion, altRequiredHash, altSig, 93 cert)) { 94 EventLog.writeEvent(EventLogTags.CONFIG_INSTALL_FAILED, 95 "Signature did not verify"); 96 } else { 97 // install the new content 98 Slog.i(TAG, "Found new update, installing..."); 99 install(altContent, altVersion); 100 Slog.i(TAG, "Installation successful"); 101 postInstall(context, intent); 102 } 103 } catch (Exception e) { 104 Slog.e(TAG, "Could not update content!", e); 105 // keep the error message <= 100 chars 106 String errMsg = e.toString(); 107 if (errMsg.length() > 100) { 108 errMsg = errMsg.substring(0, 99); 109 } 110 EventLog.writeEvent(EventLogTags.CONFIG_INSTALL_FAILED, errMsg); 111 } 112 } 113 }.start(); 114 } 115 116 private X509Certificate getCert(ContentResolver cr) { 117 // get the cert from settings 118 String cert = Settings.Secure.getString(cr, UPDATE_CERTIFICATE_KEY); 119 // convert it into a real certificate 120 try { 121 byte[] derCert = Base64.decode(cert.getBytes(), Base64.DEFAULT); 122 InputStream istream = new ByteArrayInputStream(derCert); 123 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 124 return (X509Certificate) cf.generateCertificate(istream); 125 } catch (CertificateException e) { 126 throw new IllegalStateException("Got malformed certificate from settings, ignoring"); 127 } 128 } 129 130 private String getContentFromIntent(Intent i) { 131 String extraValue = i.getStringExtra(EXTRA_CONTENT_PATH); 132 if (extraValue == null) { 133 throw new IllegalStateException("Missing required content path, ignoring."); 134 } 135 return extraValue; 136 } 137 138 private int getVersionFromIntent(Intent i) throws NumberFormatException { 139 String extraValue = i.getStringExtra(EXTRA_VERSION_NUMBER); 140 if (extraValue == null) { 141 throw new IllegalStateException("Missing required version number, ignoring."); 142 } 143 return Integer.parseInt(extraValue.trim()); 144 } 145 146 private String getRequiredHashFromIntent(Intent i) { 147 String extraValue = i.getStringExtra(EXTRA_REQUIRED_HASH); 148 if (extraValue == null) { 149 throw new IllegalStateException("Missing required previous hash, ignoring."); 150 } 151 return extraValue.trim(); 152 } 153 154 private String getSignatureFromIntent(Intent i) { 155 String extraValue = i.getStringExtra(EXTRA_SIGNATURE); 156 if (extraValue == null) { 157 throw new IllegalStateException("Missing required signature, ignoring."); 158 } 159 return extraValue.trim(); 160 } 161 162 private int getCurrentVersion() throws NumberFormatException { 163 try { 164 String strVersion = IoUtils.readFileAsString(updateVersion.getCanonicalPath()).trim(); 165 return Integer.parseInt(strVersion); 166 } catch (IOException e) { 167 Slog.i(TAG, "Couldn't find current metadata, assuming first update"); 168 return 0; 169 } 170 } 171 172 private byte[] getAltContent(Intent i) throws IOException { 173 return IoUtils.readFileAsByteArray(getContentFromIntent(i)); 174 } 175 176 private byte[] getCurrentContent() { 177 try { 178 return IoUtils.readFileAsByteArray(updateContent.getCanonicalPath()); 179 } catch (IOException e) { 180 Slog.i(TAG, "Failed to read current content, assuming first update!"); 181 return null; 182 } 183 } 184 185 private static String getCurrentHash(byte[] content) { 186 if (content == null) { 187 return "0"; 188 } 189 try { 190 MessageDigest dgst = MessageDigest.getInstance("SHA512"); 191 byte[] fingerprint = dgst.digest(content); 192 return IntegralToString.bytesToHexString(fingerprint, false); 193 } catch (NoSuchAlgorithmException e) { 194 throw new AssertionError(e); 195 } 196 } 197 198 private boolean verifyVersion(int current, int alternative) { 199 return (current < alternative); 200 } 201 202 private boolean verifyPreviousHash(String current, String required) { 203 // this is an optional value- if the required field is NONE then we ignore it 204 if (required.equals("NONE")) { 205 return true; 206 } 207 // otherwise, verify that we match correctly 208 return current.equals(required); 209 } 210 211 private boolean verifySignature(byte[] content, int version, String requiredPrevious, 212 String signature, X509Certificate cert) throws Exception { 213 Signature signer = Signature.getInstance("SHA512withRSA"); 214 signer.initVerify(cert); 215 signer.update(content); 216 signer.update(Long.toString(version).getBytes()); 217 signer.update(requiredPrevious.getBytes()); 218 return signer.verify(Base64.decode(signature.getBytes(), Base64.DEFAULT)); 219 } 220 221 protected void writeUpdate(File dir, File file, byte[] content) throws IOException { 222 FileOutputStream out = null; 223 File tmp = null; 224 try { 225 // create the parents for the destination file 226 File parent = file.getParentFile(); 227 parent.mkdirs(); 228 // check that they were created correctly 229 if (!parent.exists()) { 230 throw new IOException("Failed to create directory " + parent.getCanonicalPath()); 231 } 232 // create the temporary file 233 tmp = File.createTempFile("journal", "", dir); 234 // mark tmp -rw-r--r-- 235 tmp.setReadable(true, false); 236 // write to it 237 out = new FileOutputStream(tmp); 238 out.write(content); 239 // sync to disk 240 out.getFD().sync(); 241 // atomic rename 242 if (!tmp.renameTo(file)) { 243 throw new IOException("Failed to atomically rename " + file.getCanonicalPath()); 244 } 245 } finally { 246 if (tmp != null) { 247 tmp.delete(); 248 } 249 IoUtils.closeQuietly(out); 250 } 251 } 252 253 protected void install(byte[] content, int version) throws IOException { 254 writeUpdate(updateDir, updateContent, content); 255 writeUpdate(updateDir, updateVersion, Long.toString(version).getBytes()); 256 } 257 258 protected void postInstall(Context context, Intent intent) { 259 } 260} 261