1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server; 18 19 import static android.os.SystemUpdateManager.KEY_STATUS; 20 import static android.os.SystemUpdateManager.STATUS_IDLE; 21 import static android.os.SystemUpdateManager.STATUS_UNKNOWN; 22 23 import static org.xmlpull.v1.XmlPullParser.END_DOCUMENT; 24 import static org.xmlpull.v1.XmlPullParser.END_TAG; 25 import static org.xmlpull.v1.XmlPullParser.START_TAG; 26 27 import android.Manifest; 28 import android.annotation.Nullable; 29 import android.content.Context; 30 import android.content.pm.PackageManager; 31 import android.os.Binder; 32 import android.os.Build; 33 import android.os.Bundle; 34 import android.os.Environment; 35 import android.os.ISystemUpdateManager; 36 import android.os.PersistableBundle; 37 import android.os.SystemUpdateManager; 38 import android.provider.Settings; 39 import android.util.AtomicFile; 40 import android.util.Slog; 41 import android.util.Xml; 42 43 import com.android.internal.util.FastXmlSerializer; 44 import com.android.internal.util.XmlUtils; 45 46 import org.xmlpull.v1.XmlPullParser; 47 import org.xmlpull.v1.XmlPullParserException; 48 import org.xmlpull.v1.XmlSerializer; 49 50 import java.io.File; 51 import java.io.FileInputStream; 52 import java.io.FileNotFoundException; 53 import java.io.FileOutputStream; 54 import java.io.IOException; 55 import java.nio.charset.StandardCharsets; 56 57 public class SystemUpdateManagerService extends ISystemUpdateManager.Stub { 58 59 private static final String TAG = "SystemUpdateManagerService"; 60 61 private static final int UID_UNKNOWN = -1; 62 63 private static final String INFO_FILE = "system-update-info.xml"; 64 private static final int INFO_FILE_VERSION = 0; 65 private static final String TAG_INFO = "info"; 66 private static final String KEY_VERSION = "version"; 67 private static final String KEY_UID = "uid"; 68 private static final String KEY_BOOT_COUNT = "boot-count"; 69 private static final String KEY_INFO_BUNDLE = "info-bundle"; 70 71 private final Context mContext; 72 private final AtomicFile mFile; 73 private final Object mLock = new Object(); 74 private int mLastUid = UID_UNKNOWN; 75 private int mLastStatus = STATUS_UNKNOWN; 76 SystemUpdateManagerService(Context context)77 public SystemUpdateManagerService(Context context) { 78 mContext = context; 79 mFile = new AtomicFile(new File(Environment.getDataSystemDirectory(), INFO_FILE)); 80 81 // Populate mLastUid and mLastStatus. 82 synchronized (mLock) { 83 loadSystemUpdateInfoLocked(); 84 } 85 } 86 87 @Override updateSystemUpdateInfo(PersistableBundle infoBundle)88 public void updateSystemUpdateInfo(PersistableBundle infoBundle) { 89 mContext.enforceCallingOrSelfPermission(Manifest.permission.RECOVERY, TAG); 90 91 int status = infoBundle.getInt(KEY_STATUS, STATUS_UNKNOWN); 92 if (status == STATUS_UNKNOWN) { 93 Slog.w(TAG, "Invalid status info. Ignored"); 94 return; 95 } 96 97 // There could be multiple updater apps running on a device. But only one at most should 98 // be active (i.e. with a pending update), with the rest reporting idle status. We will 99 // only accept the reported status if any of the following conditions holds: 100 // a) none has been reported before; 101 // b) the current on-file status was last reported by the same caller; 102 // c) an active update is being reported. 103 int uid = Binder.getCallingUid(); 104 if (mLastUid == UID_UNKNOWN || mLastUid == uid || status != STATUS_IDLE) { 105 synchronized (mLock) { 106 saveSystemUpdateInfoLocked(infoBundle, uid); 107 } 108 } else { 109 Slog.i(TAG, "Inactive updater reporting IDLE status. Ignored"); 110 } 111 } 112 113 @Override retrieveSystemUpdateInfo()114 public Bundle retrieveSystemUpdateInfo() { 115 if (mContext.checkCallingOrSelfPermission(Manifest.permission.READ_SYSTEM_UPDATE_INFO) 116 == PackageManager.PERMISSION_DENIED 117 && mContext.checkCallingOrSelfPermission(Manifest.permission.RECOVERY) 118 == PackageManager.PERMISSION_DENIED) { 119 throw new SecurityException("Can't read system update info. Requiring " 120 + "READ_SYSTEM_UPDATE_INFO or RECOVERY permission."); 121 } 122 123 synchronized (mLock) { 124 return loadSystemUpdateInfoLocked(); 125 } 126 } 127 128 // Reads and validates the info file. Returns the loaded info bundle on success; or a default 129 // info bundle with UNKNOWN status. loadSystemUpdateInfoLocked()130 private Bundle loadSystemUpdateInfoLocked() { 131 PersistableBundle loadedBundle = null; 132 try (FileInputStream fis = mFile.openRead()) { 133 XmlPullParser parser = Xml.newPullParser(); 134 parser.setInput(fis, StandardCharsets.UTF_8.name()); 135 loadedBundle = readInfoFileLocked(parser); 136 } catch (FileNotFoundException e) { 137 Slog.i(TAG, "No existing info file " + mFile.getBaseFile()); 138 } catch (XmlPullParserException e) { 139 Slog.e(TAG, "Failed to parse the info file:", e); 140 } catch (IOException e) { 141 Slog.e(TAG, "Failed to read the info file:", e); 142 } 143 144 // Validate the loaded bundle. 145 if (loadedBundle == null) { 146 return removeInfoFileAndGetDefaultInfoBundleLocked(); 147 } 148 149 int version = loadedBundle.getInt(KEY_VERSION, -1); 150 if (version == -1) { 151 Slog.w(TAG, "Invalid info file (invalid version). Ignored"); 152 return removeInfoFileAndGetDefaultInfoBundleLocked(); 153 } 154 155 int lastUid = loadedBundle.getInt(KEY_UID, -1); 156 if (lastUid == -1) { 157 Slog.w(TAG, "Invalid info file (invalid UID). Ignored"); 158 return removeInfoFileAndGetDefaultInfoBundleLocked(); 159 } 160 161 int lastBootCount = loadedBundle.getInt(KEY_BOOT_COUNT, -1); 162 if (lastBootCount == -1 || lastBootCount != getBootCount()) { 163 Slog.w(TAG, "Outdated info file. Ignored"); 164 return removeInfoFileAndGetDefaultInfoBundleLocked(); 165 } 166 167 PersistableBundle infoBundle = loadedBundle.getPersistableBundle(KEY_INFO_BUNDLE); 168 if (infoBundle == null) { 169 Slog.w(TAG, "Invalid info file (missing info). Ignored"); 170 return removeInfoFileAndGetDefaultInfoBundleLocked(); 171 } 172 173 int lastStatus = infoBundle.getInt(KEY_STATUS, STATUS_UNKNOWN); 174 if (lastStatus == STATUS_UNKNOWN) { 175 Slog.w(TAG, "Invalid info file (invalid status). Ignored"); 176 return removeInfoFileAndGetDefaultInfoBundleLocked(); 177 } 178 179 // Everything looks good upon reaching this point. 180 mLastStatus = lastStatus; 181 mLastUid = lastUid; 182 return new Bundle(infoBundle); 183 } 184 saveSystemUpdateInfoLocked(PersistableBundle infoBundle, int uid)185 private void saveSystemUpdateInfoLocked(PersistableBundle infoBundle, int uid) { 186 // Wrap the incoming bundle with extra info (e.g. version, uid, boot count). We use nested 187 // PersistableBundle to avoid manually parsing XML attributes when loading the info back. 188 PersistableBundle outBundle = new PersistableBundle(); 189 outBundle.putPersistableBundle(KEY_INFO_BUNDLE, infoBundle); 190 outBundle.putInt(KEY_VERSION, INFO_FILE_VERSION); 191 outBundle.putInt(KEY_UID, uid); 192 outBundle.putInt(KEY_BOOT_COUNT, getBootCount()); 193 194 // Only update the info on success. 195 if (writeInfoFileLocked(outBundle)) { 196 mLastUid = uid; 197 mLastStatus = infoBundle.getInt(KEY_STATUS); 198 } 199 } 200 201 // Performs I/O work only, without validating the loaded info. 202 @Nullable readInfoFileLocked(XmlPullParser parser)203 private PersistableBundle readInfoFileLocked(XmlPullParser parser) 204 throws XmlPullParserException, IOException { 205 int type; 206 while ((type = parser.next()) != END_DOCUMENT) { 207 if (type == START_TAG && TAG_INFO.equals(parser.getName())) { 208 return PersistableBundle.restoreFromXml(parser); 209 } 210 } 211 return null; 212 } 213 writeInfoFileLocked(PersistableBundle outBundle)214 private boolean writeInfoFileLocked(PersistableBundle outBundle) { 215 FileOutputStream fos = null; 216 try { 217 fos = mFile.startWrite(); 218 219 XmlSerializer out = new FastXmlSerializer(); 220 out.setOutput(fos, StandardCharsets.UTF_8.name()); 221 out.startDocument(null, true); 222 223 out.startTag(null, TAG_INFO); 224 outBundle.saveToXml(out); 225 out.endTag(null, TAG_INFO); 226 227 out.endDocument(); 228 mFile.finishWrite(fos); 229 return true; 230 } catch (IOException | XmlPullParserException e) { 231 Slog.e(TAG, "Failed to save the info file:", e); 232 if (fos != null) { 233 mFile.failWrite(fos); 234 } 235 } 236 return false; 237 } 238 removeInfoFileAndGetDefaultInfoBundleLocked()239 private Bundle removeInfoFileAndGetDefaultInfoBundleLocked() { 240 if (mFile.exists()) { 241 Slog.i(TAG, "Removing info file"); 242 mFile.delete(); 243 } 244 245 mLastStatus = STATUS_UNKNOWN; 246 mLastUid = UID_UNKNOWN; 247 Bundle infoBundle = new Bundle(); 248 infoBundle.putInt(KEY_STATUS, STATUS_UNKNOWN); 249 return infoBundle; 250 } 251 getBootCount()252 private int getBootCount() { 253 return Settings.Global.getInt(mContext.getContentResolver(), Settings.Global.BOOT_COUNT, 0); 254 } 255 } 256