1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <errno.h>
18 #include <fcntl.h>
19 #include <libgen.h>
20 #include <stdio.h>
21 #include <stdlib.h>
22 #include <string.h>
23 #include <sys/stat.h>
24 #include <sys/statfs.h>
25 #include <sys/types.h>
26 #include <unistd.h>
27
28 #include <memory>
29 #include <string>
30
31 #include <android-base/strings.h>
32
33 #include "openssl/sha.h"
34 #include "applypatch.h"
35 #include "mtdutils/mtdutils.h"
36 #include "edify/expr.h"
37 #include "ota_io.h"
38 #include "print_sha1.h"
39
40 static int LoadPartitionContents(const char* filename, FileContents* file);
41 static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token);
42 static int GenerateTarget(FileContents* source_file,
43 const Value* source_patch_value,
44 FileContents* copy_file,
45 const Value* copy_patch_value,
46 const char* source_filename,
47 const char* target_filename,
48 const uint8_t target_sha1[SHA_DIGEST_LENGTH],
49 size_t target_size,
50 const Value* bonus_data);
51
52 static bool mtd_partitions_scanned = false;
53
54 // Read a file into memory; store the file contents and associated
55 // metadata in *file.
56 //
57 // Return 0 on success.
LoadFileContents(const char * filename,FileContents * file)58 int LoadFileContents(const char* filename, FileContents* file) {
59 // A special 'filename' beginning with "MTD:" or "EMMC:" means to
60 // load the contents of a partition.
61 if (strncmp(filename, "MTD:", 4) == 0 ||
62 strncmp(filename, "EMMC:", 5) == 0) {
63 return LoadPartitionContents(filename, file);
64 }
65
66 if (stat(filename, &file->st) != 0) {
67 printf("failed to stat \"%s\": %s\n", filename, strerror(errno));
68 return -1;
69 }
70
71 std::vector<unsigned char> data(file->st.st_size);
72 FILE* f = ota_fopen(filename, "rb");
73 if (f == NULL) {
74 printf("failed to open \"%s\": %s\n", filename, strerror(errno));
75 return -1;
76 }
77
78 size_t bytes_read = ota_fread(data.data(), 1, data.size(), f);
79 if (bytes_read != data.size()) {
80 printf("short read of \"%s\" (%zu bytes of %zd)\n", filename, bytes_read, data.size());
81 ota_fclose(f);
82 return -1;
83 }
84 ota_fclose(f);
85 file->data = std::move(data);
86 SHA1(file->data.data(), file->data.size(), file->sha1);
87 return 0;
88 }
89
90 // Load the contents of an MTD or EMMC partition into the provided
91 // FileContents. filename should be a string of the form
92 // "MTD:<partition_name>:<size_1>:<sha1_1>:<size_2>:<sha1_2>:..." (or
93 // "EMMC:<partition_device>:..."). The smallest size_n bytes for
94 // which that prefix of the partition contents has the corresponding
95 // sha1 hash will be loaded. It is acceptable for a size value to be
96 // repeated with different sha1s. Will return 0 on success.
97 //
98 // This complexity is needed because if an OTA installation is
99 // interrupted, the partition might contain either the source or the
100 // target data, which might be of different lengths. We need to know
101 // the length in order to read from a partition (there is no
102 // "end-of-file" marker), so the caller must specify the possible
103 // lengths and the hash of the data, and we'll do the load expecting
104 // to find one of those hashes.
105 enum PartitionType { MTD, EMMC };
106
LoadPartitionContents(const char * filename,FileContents * file)107 static int LoadPartitionContents(const char* filename, FileContents* file) {
108 std::string copy(filename);
109 std::vector<std::string> pieces = android::base::Split(copy, ":");
110 if (pieces.size() < 4 || pieces.size() % 2 != 0) {
111 printf("LoadPartitionContents called with bad filename (%s)\n", filename);
112 return -1;
113 }
114
115 enum PartitionType type;
116 if (pieces[0] == "MTD") {
117 type = MTD;
118 } else if (pieces[0] == "EMMC") {
119 type = EMMC;
120 } else {
121 printf("LoadPartitionContents called with bad filename (%s)\n", filename);
122 return -1;
123 }
124 const char* partition = pieces[1].c_str();
125
126 size_t pairs = (pieces.size() - 2) / 2; // # of (size, sha1) pairs in filename
127 std::vector<size_t> index(pairs);
128 std::vector<size_t> size(pairs);
129 std::vector<std::string> sha1sum(pairs);
130
131 for (size_t i = 0; i < pairs; ++i) {
132 size[i] = strtol(pieces[i*2+2].c_str(), NULL, 10);
133 if (size[i] == 0) {
134 printf("LoadPartitionContents called with bad size (%s)\n", filename);
135 return -1;
136 }
137 sha1sum[i] = pieces[i*2+3].c_str();
138 index[i] = i;
139 }
140
141 // Sort the index[] array so it indexes the pairs in order of increasing size.
142 sort(index.begin(), index.end(),
143 [&](const size_t& i, const size_t& j) {
144 return (size[i] < size[j]);
145 }
146 );
147
148 MtdReadContext* ctx = NULL;
149 FILE* dev = NULL;
150
151 switch (type) {
152 case MTD: {
153 if (!mtd_partitions_scanned) {
154 mtd_scan_partitions();
155 mtd_partitions_scanned = true;
156 }
157
158 const MtdPartition* mtd = mtd_find_partition_by_name(partition);
159 if (mtd == NULL) {
160 printf("mtd partition \"%s\" not found (loading %s)\n", partition, filename);
161 return -1;
162 }
163
164 ctx = mtd_read_partition(mtd);
165 if (ctx == NULL) {
166 printf("failed to initialize read of mtd partition \"%s\"\n", partition);
167 return -1;
168 }
169 break;
170 }
171
172 case EMMC:
173 dev = ota_fopen(partition, "rb");
174 if (dev == NULL) {
175 printf("failed to open emmc partition \"%s\": %s\n", partition, strerror(errno));
176 return -1;
177 }
178 }
179
180 SHA_CTX sha_ctx;
181 SHA1_Init(&sha_ctx);
182 uint8_t parsed_sha[SHA_DIGEST_LENGTH];
183
184 // Allocate enough memory to hold the largest size.
185 std::vector<unsigned char> data(size[index[pairs-1]]);
186 char* p = reinterpret_cast<char*>(data.data());
187 size_t data_size = 0; // # bytes read so far
188 bool found = false;
189
190 for (size_t i = 0; i < pairs; ++i) {
191 // Read enough additional bytes to get us up to the next size. (Again,
192 // we're trying the possibilities in order of increasing size).
193 size_t next = size[index[i]] - data_size;
194 if (next > 0) {
195 size_t read = 0;
196 switch (type) {
197 case MTD:
198 read = mtd_read_data(ctx, p, next);
199 break;
200
201 case EMMC:
202 read = ota_fread(p, 1, next, dev);
203 break;
204 }
205 if (next != read) {
206 printf("short read (%zu bytes of %zu) for partition \"%s\"\n",
207 read, next, partition);
208 return -1;
209 }
210 SHA1_Update(&sha_ctx, p, read);
211 data_size += read;
212 p += read;
213 }
214
215 // Duplicate the SHA context and finalize the duplicate so we can
216 // check it against this pair's expected hash.
217 SHA_CTX temp_ctx;
218 memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX));
219 uint8_t sha_so_far[SHA_DIGEST_LENGTH];
220 SHA1_Final(sha_so_far, &temp_ctx);
221
222 if (ParseSha1(sha1sum[index[i]].c_str(), parsed_sha) != 0) {
223 printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]].c_str(), filename);
224 return -1;
225 }
226
227 if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_LENGTH) == 0) {
228 // we have a match. stop reading the partition; we'll return
229 // the data we've read so far.
230 printf("partition read matched size %zu sha %s\n",
231 size[index[i]], sha1sum[index[i]].c_str());
232 found = true;
233 break;
234 }
235 }
236
237 switch (type) {
238 case MTD:
239 mtd_read_close(ctx);
240 break;
241
242 case EMMC:
243 ota_fclose(dev);
244 break;
245 }
246
247
248 if (!found) {
249 // Ran off the end of the list of (size,sha1) pairs without finding a match.
250 printf("contents of partition \"%s\" didn't match %s\n", partition, filename);
251 return -1;
252 }
253
254 SHA1_Final(file->sha1, &sha_ctx);
255
256 data.resize(data_size);
257 file->data = std::move(data);
258 // Fake some stat() info.
259 file->st.st_mode = 0644;
260 file->st.st_uid = 0;
261 file->st.st_gid = 0;
262
263 return 0;
264 }
265
266
267 // Save the contents of the given FileContents object under the given
268 // filename. Return 0 on success.
SaveFileContents(const char * filename,const FileContents * file)269 int SaveFileContents(const char* filename, const FileContents* file) {
270 int fd = ota_open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR);
271 if (fd < 0) {
272 printf("failed to open \"%s\" for write: %s\n", filename, strerror(errno));
273 return -1;
274 }
275
276 ssize_t bytes_written = FileSink(file->data.data(), file->data.size(), &fd);
277 if (bytes_written != static_cast<ssize_t>(file->data.size())) {
278 printf("short write of \"%s\" (%zd bytes of %zu) (%s)\n",
279 filename, bytes_written, file->data.size(), strerror(errno));
280 ota_close(fd);
281 return -1;
282 }
283 if (ota_fsync(fd) != 0) {
284 printf("fsync of \"%s\" failed: %s\n", filename, strerror(errno));
285 return -1;
286 }
287 if (ota_close(fd) != 0) {
288 printf("close of \"%s\" failed: %s\n", filename, strerror(errno));
289 return -1;
290 }
291
292 if (chmod(filename, file->st.st_mode) != 0) {
293 printf("chmod of \"%s\" failed: %s\n", filename, strerror(errno));
294 return -1;
295 }
296 if (chown(filename, file->st.st_uid, file->st.st_gid) != 0) {
297 printf("chown of \"%s\" failed: %s\n", filename, strerror(errno));
298 return -1;
299 }
300
301 return 0;
302 }
303
304 // Write a memory buffer to 'target' partition, a string of the form
305 // "MTD:<partition>[:...]" or "EMMC:<partition_device>[:...]". The target name
306 // might contain multiple colons, but WriteToPartition() only uses the first
307 // two and ignores the rest. Return 0 on success.
WriteToPartition(const unsigned char * data,size_t len,const char * target)308 int WriteToPartition(const unsigned char* data, size_t len, const char* target) {
309 std::string copy(target);
310 std::vector<std::string> pieces = android::base::Split(copy, ":");
311
312 if (pieces.size() < 2) {
313 printf("WriteToPartition called with bad target (%s)\n", target);
314 return -1;
315 }
316
317 enum PartitionType type;
318 if (pieces[0] == "MTD") {
319 type = MTD;
320 } else if (pieces[0] == "EMMC") {
321 type = EMMC;
322 } else {
323 printf("WriteToPartition called with bad target (%s)\n", target);
324 return -1;
325 }
326 const char* partition = pieces[1].c_str();
327
328 switch (type) {
329 case MTD: {
330 if (!mtd_partitions_scanned) {
331 mtd_scan_partitions();
332 mtd_partitions_scanned = true;
333 }
334
335 const MtdPartition* mtd = mtd_find_partition_by_name(partition);
336 if (mtd == NULL) {
337 printf("mtd partition \"%s\" not found for writing\n", partition);
338 return -1;
339 }
340
341 MtdWriteContext* ctx = mtd_write_partition(mtd);
342 if (ctx == NULL) {
343 printf("failed to init mtd partition \"%s\" for writing\n", partition);
344 return -1;
345 }
346
347 size_t written = mtd_write_data(ctx, reinterpret_cast<const char*>(data), len);
348 if (written != len) {
349 printf("only wrote %zu of %zu bytes to MTD %s\n", written, len, partition);
350 mtd_write_close(ctx);
351 return -1;
352 }
353
354 if (mtd_erase_blocks(ctx, -1) < 0) {
355 printf("error finishing mtd write of %s\n", partition);
356 mtd_write_close(ctx);
357 return -1;
358 }
359
360 if (mtd_write_close(ctx)) {
361 printf("error closing mtd write of %s\n", partition);
362 return -1;
363 }
364 break;
365 }
366
367 case EMMC: {
368 size_t start = 0;
369 bool success = false;
370 int fd = ota_open(partition, O_RDWR | O_SYNC);
371 if (fd < 0) {
372 printf("failed to open %s: %s\n", partition, strerror(errno));
373 return -1;
374 }
375
376 for (size_t attempt = 0; attempt < 2; ++attempt) {
377 if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1) {
378 printf("failed seek on %s: %s\n", partition, strerror(errno));
379 return -1;
380 }
381 while (start < len) {
382 size_t to_write = len - start;
383 if (to_write > 1<<20) to_write = 1<<20;
384
385 ssize_t written = TEMP_FAILURE_RETRY(ota_write(fd, data+start, to_write));
386 if (written == -1) {
387 printf("failed write writing to %s: %s\n", partition, strerror(errno));
388 return -1;
389 }
390 start += written;
391 }
392 if (ota_fsync(fd) != 0) {
393 printf("failed to sync to %s (%s)\n", partition, strerror(errno));
394 return -1;
395 }
396 if (ota_close(fd) != 0) {
397 printf("failed to close %s (%s)\n", partition, strerror(errno));
398 return -1;
399 }
400 fd = ota_open(partition, O_RDONLY);
401 if (fd < 0) {
402 printf("failed to reopen %s for verify (%s)\n", partition, strerror(errno));
403 return -1;
404 }
405
406 // Drop caches so our subsequent verification read
407 // won't just be reading the cache.
408 sync();
409 int dc = ota_open("/proc/sys/vm/drop_caches", O_WRONLY);
410 if (TEMP_FAILURE_RETRY(ota_write(dc, "3\n", 2)) == -1) {
411 printf("write to /proc/sys/vm/drop_caches failed: %s\n", strerror(errno));
412 } else {
413 printf(" caches dropped\n");
414 }
415 ota_close(dc);
416 sleep(1);
417
418 // verify
419 if (TEMP_FAILURE_RETRY(lseek(fd, 0, SEEK_SET)) == -1) {
420 printf("failed to seek back to beginning of %s: %s\n",
421 partition, strerror(errno));
422 return -1;
423 }
424 unsigned char buffer[4096];
425 start = len;
426 for (size_t p = 0; p < len; p += sizeof(buffer)) {
427 size_t to_read = len - p;
428 if (to_read > sizeof(buffer)) {
429 to_read = sizeof(buffer);
430 }
431
432 size_t so_far = 0;
433 while (so_far < to_read) {
434 ssize_t read_count =
435 TEMP_FAILURE_RETRY(ota_read(fd, buffer+so_far, to_read-so_far));
436 if (read_count == -1) {
437 printf("verify read error %s at %zu: %s\n",
438 partition, p, strerror(errno));
439 return -1;
440 }
441 if (static_cast<size_t>(read_count) < to_read) {
442 printf("short verify read %s at %zu: %zd %zu %s\n",
443 partition, p, read_count, to_read, strerror(errno));
444 }
445 so_far += read_count;
446 }
447
448 if (memcmp(buffer, data+p, to_read) != 0) {
449 printf("verification failed starting at %zu\n", p);
450 start = p;
451 break;
452 }
453 }
454
455 if (start == len) {
456 printf("verification read succeeded (attempt %zu)\n", attempt+1);
457 success = true;
458 break;
459 }
460 }
461
462 if (!success) {
463 printf("failed to verify after all attempts\n");
464 return -1;
465 }
466
467 if (ota_close(fd) != 0) {
468 printf("error closing %s (%s)\n", partition, strerror(errno));
469 return -1;
470 }
471 sync();
472 break;
473 }
474 }
475
476 return 0;
477 }
478
479
480 // Take a string 'str' of 40 hex digits and parse it into the 20
481 // byte array 'digest'. 'str' may contain only the digest or be of
482 // the form "<digest>:<anything>". Return 0 on success, -1 on any
483 // error.
ParseSha1(const char * str,uint8_t * digest)484 int ParseSha1(const char* str, uint8_t* digest) {
485 const char* ps = str;
486 uint8_t* pd = digest;
487 for (int i = 0; i < SHA_DIGEST_LENGTH * 2; ++i, ++ps) {
488 int digit;
489 if (*ps >= '0' && *ps <= '9') {
490 digit = *ps - '0';
491 } else if (*ps >= 'a' && *ps <= 'f') {
492 digit = *ps - 'a' + 10;
493 } else if (*ps >= 'A' && *ps <= 'F') {
494 digit = *ps - 'A' + 10;
495 } else {
496 return -1;
497 }
498 if (i % 2 == 0) {
499 *pd = digit << 4;
500 } else {
501 *pd |= digit;
502 ++pd;
503 }
504 }
505 if (*ps != '\0') return -1;
506 return 0;
507 }
508
509 // Search an array of sha1 strings for one matching the given sha1.
510 // Return the index of the match on success, or -1 if no match is
511 // found.
FindMatchingPatch(uint8_t * sha1,char * const * const patch_sha1_str,int num_patches)512 int FindMatchingPatch(uint8_t* sha1, char* const * const patch_sha1_str,
513 int num_patches) {
514 uint8_t patch_sha1[SHA_DIGEST_LENGTH];
515 for (int i = 0; i < num_patches; ++i) {
516 if (ParseSha1(patch_sha1_str[i], patch_sha1) == 0 &&
517 memcmp(patch_sha1, sha1, SHA_DIGEST_LENGTH) == 0) {
518 return i;
519 }
520 }
521 return -1;
522 }
523
524 // Returns 0 if the contents of the file (argv[2]) or the cached file
525 // match any of the sha1's on the command line (argv[3:]). Returns
526 // nonzero otherwise.
applypatch_check(const char * filename,int num_patches,char ** const patch_sha1_str)527 int applypatch_check(const char* filename, int num_patches,
528 char** const patch_sha1_str) {
529 FileContents file;
530
531 // It's okay to specify no sha1s; the check will pass if the
532 // LoadFileContents is successful. (Useful for reading
533 // partitions, where the filename encodes the sha1s; no need to
534 // check them twice.)
535 if (LoadFileContents(filename, &file) != 0 ||
536 (num_patches > 0 &&
537 FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0)) {
538 printf("file \"%s\" doesn't have any of expected "
539 "sha1 sums; checking cache\n", filename);
540
541 // If the source file is missing or corrupted, it might be because
542 // we were killed in the middle of patching it. A copy of it
543 // should have been made in CACHE_TEMP_SOURCE. If that file
544 // exists and matches the sha1 we're looking for, the check still
545 // passes.
546
547 if (LoadFileContents(CACHE_TEMP_SOURCE, &file) != 0) {
548 printf("failed to load cache file\n");
549 return 1;
550 }
551
552 if (FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0) {
553 printf("cache bits don't match any sha1 for \"%s\"\n", filename);
554 return 1;
555 }
556 }
557 return 0;
558 }
559
ShowLicenses()560 int ShowLicenses() {
561 ShowBSDiffLicense();
562 return 0;
563 }
564
FileSink(const unsigned char * data,ssize_t len,void * token)565 ssize_t FileSink(const unsigned char* data, ssize_t len, void* token) {
566 int fd = *static_cast<int*>(token);
567 ssize_t done = 0;
568 ssize_t wrote;
569 while (done < len) {
570 wrote = TEMP_FAILURE_RETRY(ota_write(fd, data+done, len-done));
571 if (wrote == -1) {
572 printf("error writing %zd bytes: %s\n", (len-done), strerror(errno));
573 return done;
574 }
575 done += wrote;
576 }
577 return done;
578 }
579
MemorySink(const unsigned char * data,ssize_t len,void * token)580 ssize_t MemorySink(const unsigned char* data, ssize_t len, void* token) {
581 std::string* s = static_cast<std::string*>(token);
582 s->append(reinterpret_cast<const char*>(data), len);
583 return len;
584 }
585
586 // Return the amount of free space (in bytes) on the filesystem
587 // containing filename. filename must exist. Return -1 on error.
FreeSpaceForFile(const char * filename)588 size_t FreeSpaceForFile(const char* filename) {
589 struct statfs sf;
590 if (statfs(filename, &sf) != 0) {
591 printf("failed to statfs %s: %s\n", filename, strerror(errno));
592 return -1;
593 }
594 return sf.f_bsize * sf.f_bavail;
595 }
596
CacheSizeCheck(size_t bytes)597 int CacheSizeCheck(size_t bytes) {
598 if (MakeFreeSpaceOnCache(bytes) < 0) {
599 printf("unable to make %ld bytes available on /cache\n", (long)bytes);
600 return 1;
601 } else {
602 return 0;
603 }
604 }
605
606 // This function applies binary patches to files in a way that is safe
607 // (the original file is not touched until we have the desired
608 // replacement for it) and idempotent (it's okay to run this program
609 // multiple times).
610 //
611 // - if the sha1 hash of <target_filename> is <target_sha1_string>,
612 // does nothing and exits successfully.
613 //
614 // - otherwise, if the sha1 hash of <source_filename> is one of the
615 // entries in <patch_sha1_str>, the corresponding patch from
616 // <patch_data> (which must be a VAL_BLOB) is applied to produce a
617 // new file (the type of patch is automatically detected from the
618 // blob data). If that new file has sha1 hash <target_sha1_str>,
619 // moves it to replace <target_filename>, and exits successfully.
620 // Note that if <source_filename> and <target_filename> are not the
621 // same, <source_filename> is NOT deleted on success.
622 // <target_filename> may be the string "-" to mean "the same as
623 // source_filename".
624 //
625 // - otherwise, or if any error is encountered, exits with non-zero
626 // status.
627 //
628 // <source_filename> may refer to a partition to read the source data.
629 // See the comments for the LoadPartitionContents() function above
630 // for the format of such a filename.
631
applypatch(const char * source_filename,const char * target_filename,const char * target_sha1_str,size_t target_size,int num_patches,char ** const patch_sha1_str,Value ** patch_data,Value * bonus_data)632 int applypatch(const char* source_filename,
633 const char* target_filename,
634 const char* target_sha1_str,
635 size_t target_size,
636 int num_patches,
637 char** const patch_sha1_str,
638 Value** patch_data,
639 Value* bonus_data) {
640 printf("patch %s: ", source_filename);
641
642 if (target_filename[0] == '-' && target_filename[1] == '\0') {
643 target_filename = source_filename;
644 }
645
646 uint8_t target_sha1[SHA_DIGEST_LENGTH];
647 if (ParseSha1(target_sha1_str, target_sha1) != 0) {
648 printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str);
649 return 1;
650 }
651
652 FileContents copy_file;
653 FileContents source_file;
654 const Value* source_patch_value = NULL;
655 const Value* copy_patch_value = NULL;
656
657 // We try to load the target file into the source_file object.
658 if (LoadFileContents(target_filename, &source_file) == 0) {
659 if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_LENGTH) == 0) {
660 // The early-exit case: the patch was already applied, this file
661 // has the desired hash, nothing for us to do.
662 printf("already %s\n", short_sha1(target_sha1).c_str());
663 return 0;
664 }
665 }
666
667 if (source_file.data.empty() ||
668 (target_filename != source_filename &&
669 strcmp(target_filename, source_filename) != 0)) {
670 // Need to load the source file: either we failed to load the
671 // target file, or we did but it's different from the source file.
672 source_file.data.clear();
673 LoadFileContents(source_filename, &source_file);
674 }
675
676 if (!source_file.data.empty()) {
677 int to_use = FindMatchingPatch(source_file.sha1, patch_sha1_str, num_patches);
678 if (to_use >= 0) {
679 source_patch_value = patch_data[to_use];
680 }
681 }
682
683 if (source_patch_value == NULL) {
684 source_file.data.clear();
685 printf("source file is bad; trying copy\n");
686
687 if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file) < 0) {
688 // fail.
689 printf("failed to read copy file\n");
690 return 1;
691 }
692
693 int to_use = FindMatchingPatch(copy_file.sha1, patch_sha1_str, num_patches);
694 if (to_use >= 0) {
695 copy_patch_value = patch_data[to_use];
696 }
697
698 if (copy_patch_value == NULL) {
699 // fail.
700 printf("copy file doesn't match source SHA-1s either\n");
701 return 1;
702 }
703 }
704
705 return GenerateTarget(&source_file, source_patch_value,
706 ©_file, copy_patch_value,
707 source_filename, target_filename,
708 target_sha1, target_size, bonus_data);
709 }
710
711 /*
712 * This function flashes a given image to the target partition. It verifies
713 * the target cheksum first, and will return if target has the desired hash.
714 * It checks the checksum of the given source image before flashing, and
715 * verifies the target partition afterwards. The function is idempotent.
716 * Returns zero on success.
717 */
applypatch_flash(const char * source_filename,const char * target_filename,const char * target_sha1_str,size_t target_size)718 int applypatch_flash(const char* source_filename, const char* target_filename,
719 const char* target_sha1_str, size_t target_size) {
720 printf("flash %s: ", target_filename);
721
722 uint8_t target_sha1[SHA_DIGEST_LENGTH];
723 if (ParseSha1(target_sha1_str, target_sha1) != 0) {
724 printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str);
725 return 1;
726 }
727
728 FileContents source_file;
729 std::string target_str(target_filename);
730
731 std::vector<std::string> pieces = android::base::Split(target_str, ":");
732 if (pieces.size() != 2 || (pieces[0] != "MTD" && pieces[0] != "EMMC")) {
733 printf("invalid target name \"%s\"", target_filename);
734 return 1;
735 }
736
737 // Load the target into the source_file object to see if already applied.
738 pieces.push_back(std::to_string(target_size));
739 pieces.push_back(target_sha1_str);
740 std::string fullname = android::base::Join(pieces, ':');
741 if (LoadPartitionContents(fullname.c_str(), &source_file) == 0 &&
742 memcmp(source_file.sha1, target_sha1, SHA_DIGEST_LENGTH) == 0) {
743 // The early-exit case: the image was already applied, this partition
744 // has the desired hash, nothing for us to do.
745 printf("already %s\n", short_sha1(target_sha1).c_str());
746 return 0;
747 }
748
749 if (LoadFileContents(source_filename, &source_file) == 0) {
750 if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_LENGTH) != 0) {
751 // The source doesn't have desired checksum.
752 printf("source \"%s\" doesn't have expected sha1 sum\n", source_filename);
753 printf("expected: %s, found: %s\n", short_sha1(target_sha1).c_str(),
754 short_sha1(source_file.sha1).c_str());
755 return 1;
756 }
757 }
758
759 if (WriteToPartition(source_file.data.data(), target_size, target_filename) != 0) {
760 printf("write of copied data to %s failed\n", target_filename);
761 return 1;
762 }
763 return 0;
764 }
765
GenerateTarget(FileContents * source_file,const Value * source_patch_value,FileContents * copy_file,const Value * copy_patch_value,const char * source_filename,const char * target_filename,const uint8_t target_sha1[SHA_DIGEST_LENGTH],size_t target_size,const Value * bonus_data)766 static int GenerateTarget(FileContents* source_file,
767 const Value* source_patch_value,
768 FileContents* copy_file,
769 const Value* copy_patch_value,
770 const char* source_filename,
771 const char* target_filename,
772 const uint8_t target_sha1[SHA_DIGEST_LENGTH],
773 size_t target_size,
774 const Value* bonus_data) {
775 int retry = 1;
776 SHA_CTX ctx;
777 std::string memory_sink_str;
778 FileContents* source_to_use;
779 int made_copy = 0;
780
781 bool target_is_partition = (strncmp(target_filename, "MTD:", 4) == 0 ||
782 strncmp(target_filename, "EMMC:", 5) == 0);
783 const std::string tmp_target_filename = std::string(target_filename) + ".patch";
784
785 // assume that target_filename (eg "/system/app/Foo.apk") is located
786 // on the same filesystem as its top-level directory ("/system").
787 // We need something that exists for calling statfs().
788 std::string target_fs = target_filename;
789 auto slash_pos = target_fs.find('/', 1);
790 if (slash_pos != std::string::npos) {
791 target_fs.resize(slash_pos);
792 }
793
794 const Value* patch;
795 if (source_patch_value != NULL) {
796 source_to_use = source_file;
797 patch = source_patch_value;
798 } else {
799 source_to_use = copy_file;
800 patch = copy_patch_value;
801 }
802 if (patch->type != VAL_BLOB) {
803 printf("patch is not a blob\n");
804 return 1;
805 }
806 char* header = patch->data;
807 ssize_t header_bytes_read = patch->size;
808 bool use_bsdiff = false;
809 if (header_bytes_read >= 8 && memcmp(header, "BSDIFF40", 8) == 0) {
810 use_bsdiff = true;
811 } else if (header_bytes_read >= 8 && memcmp(header, "IMGDIFF2", 8) == 0) {
812 use_bsdiff = false;
813 } else {
814 printf("Unknown patch file format\n");
815 return 1;
816 }
817
818 do {
819 // Is there enough room in the target filesystem to hold the patched
820 // file?
821
822 if (target_is_partition) {
823 // If the target is a partition, we're actually going to
824 // write the output to /tmp and then copy it to the
825 // partition. statfs() always returns 0 blocks free for
826 // /tmp, so instead we'll just assume that /tmp has enough
827 // space to hold the file.
828
829 // We still write the original source to cache, in case
830 // the partition write is interrupted.
831 if (MakeFreeSpaceOnCache(source_file->data.size()) < 0) {
832 printf("not enough free space on /cache\n");
833 return 1;
834 }
835 if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) {
836 printf("failed to back up source file\n");
837 return 1;
838 }
839 made_copy = 1;
840 retry = 0;
841 } else {
842 int enough_space = 0;
843 if (retry > 0) {
844 size_t free_space = FreeSpaceForFile(target_fs.c_str());
845 enough_space =
846 (free_space > (256 << 10)) && // 256k (two-block) minimum
847 (free_space > (target_size * 3 / 2)); // 50% margin of error
848 if (!enough_space) {
849 printf("target %zu bytes; free space %zu bytes; retry %d; enough %d\n",
850 target_size, free_space, retry, enough_space);
851 }
852 }
853
854 if (!enough_space) {
855 retry = 0;
856 }
857
858 if (!enough_space && source_patch_value != NULL) {
859 // Using the original source, but not enough free space. First
860 // copy the source file to cache, then delete it from the original
861 // location.
862
863 if (strncmp(source_filename, "MTD:", 4) == 0 ||
864 strncmp(source_filename, "EMMC:", 5) == 0) {
865 // It's impossible to free space on the target filesystem by
866 // deleting the source if the source is a partition. If
867 // we're ever in a state where we need to do this, fail.
868 printf("not enough free space for target but source is partition\n");
869 return 1;
870 }
871
872 if (MakeFreeSpaceOnCache(source_file->data.size()) < 0) {
873 printf("not enough free space on /cache\n");
874 return 1;
875 }
876
877 if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) {
878 printf("failed to back up source file\n");
879 return 1;
880 }
881 made_copy = 1;
882 unlink(source_filename);
883
884 size_t free_space = FreeSpaceForFile(target_fs.c_str());
885 printf("(now %zu bytes free for target) ", free_space);
886 }
887 }
888
889
890 SinkFn sink = NULL;
891 void* token = NULL;
892 int output_fd = -1;
893 if (target_is_partition) {
894 // We store the decoded output in memory.
895 sink = MemorySink;
896 token = &memory_sink_str;
897 } else {
898 // We write the decoded output to "<tgt-file>.patch".
899 output_fd = ota_open(tmp_target_filename.c_str(), O_WRONLY | O_CREAT | O_TRUNC | O_SYNC,
900 S_IRUSR | S_IWUSR);
901 if (output_fd < 0) {
902 printf("failed to open output file %s: %s\n", tmp_target_filename.c_str(),
903 strerror(errno));
904 return 1;
905 }
906 sink = FileSink;
907 token = &output_fd;
908 }
909
910
911 SHA1_Init(&ctx);
912
913 int result;
914 if (use_bsdiff) {
915 result = ApplyBSDiffPatch(source_to_use->data.data(), source_to_use->data.size(),
916 patch, 0, sink, token, &ctx);
917 } else {
918 result = ApplyImagePatch(source_to_use->data.data(), source_to_use->data.size(),
919 patch, sink, token, &ctx, bonus_data);
920 }
921
922 if (!target_is_partition) {
923 if (ota_fsync(output_fd) != 0) {
924 printf("failed to fsync file \"%s\" (%s)\n", tmp_target_filename.c_str(),
925 strerror(errno));
926 result = 1;
927 }
928 if (ota_close(output_fd) != 0) {
929 printf("failed to close file \"%s\" (%s)\n", tmp_target_filename.c_str(),
930 strerror(errno));
931 result = 1;
932 }
933 }
934
935 if (result != 0) {
936 if (retry == 0) {
937 printf("applying patch failed\n");
938 return result != 0;
939 } else {
940 printf("applying patch failed; retrying\n");
941 }
942 if (!target_is_partition) {
943 unlink(tmp_target_filename.c_str());
944 }
945 } else {
946 // succeeded; no need to retry
947 break;
948 }
949 } while (retry-- > 0);
950
951 uint8_t current_target_sha1[SHA_DIGEST_LENGTH];
952 SHA1_Final(current_target_sha1, &ctx);
953 if (memcmp(current_target_sha1, target_sha1, SHA_DIGEST_LENGTH) != 0) {
954 printf("patch did not produce expected sha1\n");
955 return 1;
956 } else {
957 printf("now %s\n", short_sha1(target_sha1).c_str());
958 }
959
960 if (target_is_partition) {
961 // Copy the temp file to the partition.
962 if (WriteToPartition(reinterpret_cast<const unsigned char*>(memory_sink_str.c_str()),
963 memory_sink_str.size(), target_filename) != 0) {
964 printf("write of patched data to %s failed\n", target_filename);
965 return 1;
966 }
967 } else {
968 // Give the .patch file the same owner, group, and mode of the
969 // original source file.
970 if (chmod(tmp_target_filename.c_str(), source_to_use->st.st_mode) != 0) {
971 printf("chmod of \"%s\" failed: %s\n", tmp_target_filename.c_str(), strerror(errno));
972 return 1;
973 }
974 if (chown(tmp_target_filename.c_str(), source_to_use->st.st_uid, source_to_use->st.st_gid) != 0) {
975 printf("chown of \"%s\" failed: %s\n", tmp_target_filename.c_str(), strerror(errno));
976 return 1;
977 }
978
979 // Finally, rename the .patch file to replace the target file.
980 if (rename(tmp_target_filename.c_str(), target_filename) != 0) {
981 printf("rename of .patch to \"%s\" failed: %s\n", target_filename, strerror(errno));
982 return 1;
983 }
984 }
985
986 // If this run of applypatch created the copy, and we're here, we
987 // can delete it.
988 if (made_copy) {
989 unlink(CACHE_TEMP_SOURCE);
990 }
991
992 // Success!
993 return 0;
994 }
995