validate_target_files.py revision c765cca38bd357097dd2b7d3713a49bcd62a6858 
1#!/usr/bin/env python
2
3# Copyright (C) 2017 The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#      http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17"""
18Validate a given (signed) target_files.zip.
19
20It performs checks to ensure the integrity of the input zip.
21 - It verifies the file consistency between the ones in IMAGES/system.img (read
22   via IMAGES/system.map) and the ones under unpacked folder of SYSTEM/. The
23   same check also applies to the vendor image if present.
24"""
25
26import logging
27import os.path
28import re
29import sys
30
31import common
32
33
34def _ReadFile(file_name, unpacked_name, round_up=False):
35  """Constructs and returns a File object. Rounds up its size if needed."""
36
37  assert os.path.exists(unpacked_name)
38  with open(unpacked_name, 'r') as f:
39    file_data = f.read()
40  file_size = len(file_data)
41  if round_up:
42    file_size_rounded_up = common.RoundUpTo4K(file_size)
43    file_data += '\0' * (file_size_rounded_up - file_size)
44  return common.File(file_name, file_data)
45
46
47def ValidateFileAgainstSha1(input_tmp, file_name, file_path, expected_sha1):
48  """Check if the file has the expected SHA-1."""
49
50  logging.info('Validating the SHA-1 of %s', file_name)
51  unpacked_name = os.path.join(input_tmp, file_path)
52  assert os.path.exists(unpacked_name)
53  actual_sha1 = _ReadFile(file_name, unpacked_name, False).sha1
54  assert actual_sha1 == expected_sha1, \
55      'SHA-1 mismatches for {}. actual {}, expected {}'.format(
56          file_name, actual_sha1, expected_sha1)
57
58
59def ValidateFileConsistency(input_zip, input_tmp):
60  """Compare the files from image files and unpacked folders."""
61
62  def CheckAllFiles(which):
63    logging.info('Checking %s image.', which)
64    image = common.GetSparseImage(which, input_tmp, input_zip)
65    prefix = '/' + which
66    for entry in image.file_map:
67      # Skip entries like '__NONZERO-0'.
68      if not entry.startswith(prefix):
69        continue
70
71      # Read the blocks that the file resides. Note that it will contain the
72      # bytes past the file length, which is expected to be padded with '\0's.
73      ranges = image.file_map[entry]
74
75      incomplete = ranges.extra.get('incomplete', False)
76      if incomplete:
77        logging.warning('Skipping %s that has incomplete block list', entry)
78        continue
79
80      blocks_sha1 = image.RangeSha1(ranges)
81
82      # The filename under unpacked directory, such as SYSTEM/bin/sh.
83      unpacked_name = os.path.join(
84          input_tmp, which.upper(), entry[(len(prefix) + 1):])
85      unpacked_file = _ReadFile(entry, unpacked_name, True)
86      file_sha1 = unpacked_file.sha1
87      assert blocks_sha1 == file_sha1, \
88          'file: %s, range: %s, blocks_sha1: %s, file_sha1: %s' % (
89              entry, ranges, blocks_sha1, file_sha1)
90
91  logging.info('Validating file consistency.')
92
93  # Verify IMAGES/system.img.
94  CheckAllFiles('system')
95
96  # Verify IMAGES/vendor.img if applicable.
97  if 'VENDOR/' in input_zip.namelist():
98    CheckAllFiles('vendor')
99
100  # Not checking IMAGES/system_other.img since it doesn't have the map file.
101
102
103def ValidateInstallRecoveryScript(input_tmp, info_dict):
104  """Validate the SHA-1 embedded in install-recovery.sh.
105
106  install-recovery.sh is written in common.py and has the following format:
107
108  1. full recovery:
109  ...
110  if ! applypatch -c type:device:size:SHA-1; then
111  applypatch /system/etc/recovery.img type:device sha1 size && ...
112  ...
113
114  2. recovery from boot:
115  ...
116  applypatch [-b bonus_args] boot_info recovery_info recovery_sha1 \
117  recovery_size patch_info && ...
118  ...
119
120  For full recovery, we want to calculate the SHA-1 of /system/etc/recovery.img
121  and compare it against the one embedded in the script. While for recovery
122  from boot, we want to check the SHA-1 for both recovery.img and boot.img
123  under IMAGES/.
124  """
125
126  script_path = 'SYSTEM/bin/install-recovery.sh'
127  if not os.path.exists(os.path.join(input_tmp, script_path)):
128    logging.info('%s does not exist in input_tmp', script_path)
129    return
130
131  logging.info('Checking %s', script_path)
132  with open(os.path.join(input_tmp, script_path), 'r') as script:
133    lines = script.read().strip().split('\n')
134  assert len(lines) >= 6
135  check_cmd = re.search(r'if ! applypatch -c \w+:.+:\w+:(\w+);',
136                        lines[1].strip())
137  expected_recovery_check_sha1 = check_cmd.group(1)
138  patch_cmd = re.search(r'(applypatch.+)&&', lines[2].strip())
139  applypatch_argv = patch_cmd.group(1).strip().split()
140
141  full_recovery_image = info_dict.get("full_recovery_image") == "true"
142  if full_recovery_image:
143    assert len(applypatch_argv) == 5
144    # Check we have the same expected SHA-1 of recovery.img in both check mode
145    # and patch mode.
146    expected_recovery_sha1 = applypatch_argv[3].strip()
147    assert expected_recovery_check_sha1 == expected_recovery_sha1
148    ValidateFileAgainstSha1(input_tmp, 'recovery.img',
149                            'SYSTEM/etc/recovery.img', expected_recovery_sha1)
150  else:
151    # We're patching boot.img to get recovery.img where bonus_args is optional
152    if applypatch_argv[1] == "-b":
153      assert len(applypatch_argv) == 8
154      boot_info_index = 3
155    else:
156      assert len(applypatch_argv) == 6
157      boot_info_index = 1
158
159    # boot_info: boot_type:boot_device:boot_size:boot_sha1
160    boot_info = applypatch_argv[boot_info_index].strip().split(':')
161    assert len(boot_info) == 4
162    ValidateFileAgainstSha1(input_tmp, file_name='boot.img',
163                            file_path='IMAGES/boot.img',
164                            expected_sha1=boot_info[3])
165
166    recovery_sha1_index = boot_info_index + 2
167    expected_recovery_sha1 = applypatch_argv[recovery_sha1_index]
168    assert expected_recovery_check_sha1 == expected_recovery_sha1
169    ValidateFileAgainstSha1(input_tmp, file_name='recovery.img',
170                            file_path='IMAGES/recovery.img',
171                            expected_sha1=expected_recovery_sha1)
172
173  logging.info('Done checking %s', script_path)
174
175
176def main(argv):
177  def option_handler():
178    return True
179
180  args = common.ParseOptions(
181      argv, __doc__, extra_opts="",
182      extra_long_opts=[],
183      extra_option_handler=option_handler)
184
185  if len(args) != 1:
186    common.Usage(__doc__)
187    sys.exit(1)
188
189  logging_format = '%(asctime)s - %(filename)s - %(levelname)-8s: %(message)s'
190  date_format = '%Y/%m/%d %H:%M:%S'
191  logging.basicConfig(level=logging.INFO, format=logging_format,
192                      datefmt=date_format)
193
194  logging.info("Unzipping the input target_files.zip: %s", args[0])
195  input_tmp, input_zip = common.UnzipTemp(args[0])
196
197  ValidateFileConsistency(input_zip, input_tmp)
198
199  info_dict = common.LoadInfoDict(input_tmp)
200  ValidateInstallRecoveryScript(input_tmp, info_dict)
201
202  # TODO: Check if the OTA keys have been properly updated (the ones on /system,
203  # in recovery image).
204
205  logging.info("Done.")
206
207
208if __name__ == '__main__':
209  try:
210    main(sys.argv[1:])
211  finally:
212    common.Cleanup()
213