1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.updates; 18 19 import android.content.BroadcastReceiver; 20 import android.content.ContentResolver; 21 import android.content.Context; 22 import android.content.Intent; 23 import android.provider.Settings; 24 import android.os.FileUtils; 25 import android.util.Base64; 26 import android.util.EventLog; 27 import android.util.Slog; 28 29 import com.android.server.EventLogTags; 30 31 import java.io.ByteArrayInputStream; 32 import java.io.File; 33 import java.io.FileNotFoundException; 34 import java.io.FileOutputStream; 35 import java.io.InputStream; 36 import java.io.IOException; 37 import java.security.cert.Certificate; 38 import java.security.cert.CertificateException; 39 import java.security.cert.CertificateFactory; 40 import java.security.cert.X509Certificate; 41 import java.security.MessageDigest; 42 import java.security.NoSuchAlgorithmException; 43 import java.security.Signature; 44 import java.security.SignatureException; 45 46 import libcore.io.IoUtils; 47 48 public class ConfigUpdateInstallReceiver extends BroadcastReceiver { 49 50 private static final String TAG = "ConfigUpdateInstallReceiver"; 51 52 private static final String EXTRA_CONTENT_PATH = "CONTENT_PATH"; 53 private static final String EXTRA_REQUIRED_HASH = "REQUIRED_HASH"; 54 private static final String EXTRA_SIGNATURE = "SIGNATURE"; 55 private static final String EXTRA_VERSION_NUMBER = "VERSION"; 56 57 private static final String UPDATE_CERTIFICATE_KEY = "config_update_certificate"; 58 59 protected final File updateDir; 60 protected final File updateContent; 61 protected final File updateVersion; 62 ConfigUpdateInstallReceiver(String updateDir, String updateContentPath, String updateMetadataPath, String updateVersionPath)63 public ConfigUpdateInstallReceiver(String updateDir, String updateContentPath, 64 String updateMetadataPath, String updateVersionPath) { 65 this.updateDir = new File(updateDir); 66 this.updateContent = new File(updateDir, updateContentPath); 67 File updateMetadataDir = new File(updateDir, updateMetadataPath); 68 this.updateVersion = new File(updateMetadataDir, updateVersionPath); 69 } 70 71 @Override onReceive(final Context context, final Intent intent)72 public void onReceive(final Context context, final Intent intent) { 73 new Thread() { 74 @Override 75 public void run() { 76 try { 77 // get the certificate from Settings.Secure 78 X509Certificate cert = getCert(context.getContentResolver()); 79 // get the content path from the extras 80 byte[] altContent = getAltContent(intent); 81 // get the version from the extras 82 int altVersion = getVersionFromIntent(intent); 83 // get the previous value from the extras 84 String altRequiredHash = getRequiredHashFromIntent(intent); 85 // get the signature from the extras 86 String altSig = getSignatureFromIntent(intent); 87 // get the version currently being used 88 int currentVersion = getCurrentVersion(); 89 // get the hash of the currently used value 90 String currentHash = getCurrentHash(getCurrentContent()); 91 if (!verifyVersion(currentVersion, altVersion)) { 92 Slog.i(TAG, "Not installing, new version is <= current version"); 93 } else if (!verifyPreviousHash(currentHash, altRequiredHash)) { 94 EventLog.writeEvent(EventLogTags.CONFIG_INSTALL_FAILED, 95 "Current hash did not match required value"); 96 } else if (!verifySignature(altContent, altVersion, altRequiredHash, altSig, 97 cert)) { 98 EventLog.writeEvent(EventLogTags.CONFIG_INSTALL_FAILED, 99 "Signature did not verify"); 100 } else { 101 // install the new content 102 Slog.i(TAG, "Found new update, installing..."); 103 install(altContent, altVersion); 104 Slog.i(TAG, "Installation successful"); 105 postInstall(context, intent); 106 } 107 } catch (Exception e) { 108 Slog.e(TAG, "Could not update content!", e); 109 // keep the error message <= 100 chars 110 String errMsg = e.toString(); 111 if (errMsg.length() > 100) { 112 errMsg = errMsg.substring(0, 99); 113 } 114 EventLog.writeEvent(EventLogTags.CONFIG_INSTALL_FAILED, errMsg); 115 } 116 } 117 }.start(); 118 } 119 getCert(ContentResolver cr)120 private X509Certificate getCert(ContentResolver cr) { 121 // get the cert from settings 122 String cert = Settings.Secure.getString(cr, UPDATE_CERTIFICATE_KEY); 123 // convert it into a real certificate 124 try { 125 byte[] derCert = Base64.decode(cert.getBytes(), Base64.DEFAULT); 126 InputStream istream = new ByteArrayInputStream(derCert); 127 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 128 return (X509Certificate) cf.generateCertificate(istream); 129 } catch (CertificateException e) { 130 throw new IllegalStateException("Got malformed certificate from settings, ignoring"); 131 } 132 } 133 getContentFromIntent(Intent i)134 private String getContentFromIntent(Intent i) { 135 String extraValue = i.getStringExtra(EXTRA_CONTENT_PATH); 136 if (extraValue == null) { 137 throw new IllegalStateException("Missing required content path, ignoring."); 138 } 139 return extraValue; 140 } 141 getVersionFromIntent(Intent i)142 private int getVersionFromIntent(Intent i) throws NumberFormatException { 143 String extraValue = i.getStringExtra(EXTRA_VERSION_NUMBER); 144 if (extraValue == null) { 145 throw new IllegalStateException("Missing required version number, ignoring."); 146 } 147 return Integer.parseInt(extraValue.trim()); 148 } 149 getRequiredHashFromIntent(Intent i)150 private String getRequiredHashFromIntent(Intent i) { 151 String extraValue = i.getStringExtra(EXTRA_REQUIRED_HASH); 152 if (extraValue == null) { 153 throw new IllegalStateException("Missing required previous hash, ignoring."); 154 } 155 return extraValue.trim(); 156 } 157 getSignatureFromIntent(Intent i)158 private String getSignatureFromIntent(Intent i) { 159 String extraValue = i.getStringExtra(EXTRA_SIGNATURE); 160 if (extraValue == null) { 161 throw new IllegalStateException("Missing required signature, ignoring."); 162 } 163 return extraValue.trim(); 164 } 165 getCurrentVersion()166 private int getCurrentVersion() throws NumberFormatException { 167 try { 168 String strVersion = IoUtils.readFileAsString(updateVersion.getCanonicalPath()).trim(); 169 return Integer.parseInt(strVersion); 170 } catch (IOException e) { 171 Slog.i(TAG, "Couldn't find current metadata, assuming first update"); 172 return 0; 173 } 174 } 175 getAltContent(Intent i)176 private byte[] getAltContent(Intent i) throws IOException { 177 return IoUtils.readFileAsByteArray(getContentFromIntent(i)); 178 } 179 getCurrentContent()180 private byte[] getCurrentContent() { 181 try { 182 return IoUtils.readFileAsByteArray(updateContent.getCanonicalPath()); 183 } catch (IOException e) { 184 Slog.i(TAG, "Failed to read current content, assuming first update!"); 185 return null; 186 } 187 } 188 getCurrentHash(byte[] content)189 private static String getCurrentHash(byte[] content) { 190 if (content == null) { 191 return "0"; 192 } 193 try { 194 MessageDigest dgst = MessageDigest.getInstance("SHA512"); 195 byte[] fingerprint = dgst.digest(content); 196 return IntegralToString.bytesToHexString(fingerprint, false); 197 } catch (NoSuchAlgorithmException e) { 198 throw new AssertionError(e); 199 } 200 } 201 verifyVersion(int current, int alternative)202 private boolean verifyVersion(int current, int alternative) { 203 return (current < alternative); 204 } 205 verifyPreviousHash(String current, String required)206 private boolean verifyPreviousHash(String current, String required) { 207 // this is an optional value- if the required field is NONE then we ignore it 208 if (required.equals("NONE")) { 209 return true; 210 } 211 // otherwise, verify that we match correctly 212 return current.equals(required); 213 } 214 verifySignature(byte[] content, int version, String requiredPrevious, String signature, X509Certificate cert)215 private boolean verifySignature(byte[] content, int version, String requiredPrevious, 216 String signature, X509Certificate cert) throws Exception { 217 Signature signer = Signature.getInstance("SHA512withRSA"); 218 signer.initVerify(cert); 219 signer.update(content); 220 signer.update(Long.toString(version).getBytes()); 221 signer.update(requiredPrevious.getBytes()); 222 return signer.verify(Base64.decode(signature.getBytes(), Base64.DEFAULT)); 223 } 224 writeUpdate(File dir, File file, byte[] content)225 protected void writeUpdate(File dir, File file, byte[] content) throws IOException { 226 FileOutputStream out = null; 227 File tmp = null; 228 try { 229 // create the parents for the destination file 230 File parent = file.getParentFile(); 231 parent.mkdirs(); 232 // check that they were created correctly 233 if (!parent.exists()) { 234 throw new IOException("Failed to create directory " + parent.getCanonicalPath()); 235 } 236 // create the temporary file 237 tmp = File.createTempFile("journal", "", dir); 238 // mark tmp -rw-r--r-- 239 tmp.setReadable(true, false); 240 // write to it 241 out = new FileOutputStream(tmp); 242 out.write(content); 243 // sync to disk 244 out.getFD().sync(); 245 // atomic rename 246 if (!tmp.renameTo(file)) { 247 throw new IOException("Failed to atomically rename " + file.getCanonicalPath()); 248 } 249 } finally { 250 if (tmp != null) { 251 tmp.delete(); 252 } 253 IoUtils.closeQuietly(out); 254 } 255 } 256 install(byte[] content, int version)257 protected void install(byte[] content, int version) throws IOException { 258 writeUpdate(updateDir, updateContent, content); 259 writeUpdate(updateDir, updateVersion, Long.toString(version).getBytes()); 260 } 261 postInstall(Context context, Intent intent)262 protected void postInstall(Context context, Intent intent) { 263 } 264 } 265