diff options
| author | Doug Zongker <dougz@android.com> | 2014-01-13 14:16:58 -0800 |
|---|---|---|
| committer | Doug Zongker <dougz@android.com> | 2014-01-16 13:29:28 -0800 |
| commit | 99916f0496cfe37891d40f21a9a0e387620a8a60 (patch) | |
| tree | 6b457a65cfdf482fec027386fcd7d197586c67b2 /install.cpp | |
| parent | 0708239c003a1537c9cbf98dea5a490955d667aa (diff) | |
| download | bootable_recovery-99916f0496cfe37891d40f21a9a0e387620a8a60.zip bootable_recovery-99916f0496cfe37891d40f21a9a0e387620a8a60.tar.gz bootable_recovery-99916f0496cfe37891d40f21a9a0e387620a8a60.tar.bz2 | |
do verification and extraction on memory, not files
Changes minzip and recovery's file signature verification to work on
memory regions, rather than files.
For packages which are regular files, install.cpp now mmap()s them
into memory and then passes the mapped memory to the verifier and to
the minzip library.
Support for files which are raw block maps (which will be used when we
have packages written to encrypted data partitions) is present but
largely untested so far.
Bug: 12188746
Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
Diffstat (limited to 'install.cpp')
| -rw-r--r-- | install.cpp | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/install.cpp b/install.cpp index 980830c..0bd7945 100644 --- a/install.cpp +++ b/install.cpp @@ -186,12 +186,22 @@ really_install_package(const char *path, int* wipe_cache) ui->ShowProgress(VERIFICATION_PROGRESS_FRACTION, VERIFICATION_PROGRESS_TIME); LOGI("Update location: %s\n", path); - if (ensure_path_mounted(path) != 0) { - LOGE("Can't mount %s\n", path); - return INSTALL_CORRUPT; + // Map the update package into memory. + ui->Print("Opening update package...\n"); + + if (path) { + if (path[0] == '@') { + ensure_path_mounted(path+1); + } else { + ensure_path_mounted(path); + } } - ui->Print("Opening update package...\n"); + MemMapping map; + if (sysMapFile(path, &map) != 0) { + LOGE("failed to map file\n"); + return INSTALL_CORRUPT; + } int numKeys; Certificate* loadedKeys = load_keys(PUBLIC_KEYS_FILE, &numKeys); @@ -204,27 +214,33 @@ really_install_package(const char *path, int* wipe_cache) ui->Print("Verifying update package...\n"); int err; - err = verify_file(path, loadedKeys, numKeys); + err = verify_file(map.addr, map.length, loadedKeys, numKeys); free(loadedKeys); LOGI("verify_file returned %d\n", err); if (err != VERIFY_SUCCESS) { LOGE("signature verification failed\n"); + sysReleaseMap(&map); return INSTALL_CORRUPT; } /* Try to open the package. */ ZipArchive zip; - err = mzOpenZipArchive(path, &zip); + err = mzOpenZipArchive(map.addr, map.length, &zip); if (err != 0) { LOGE("Can't open %s\n(%s)\n", path, err != -1 ? strerror(err) : "bad"); + sysReleaseMap(&map); return INSTALL_CORRUPT; } /* Verify and install the contents of the package. */ ui->Print("Installing update...\n"); - return try_update_binary(path, &zip, wipe_cache); + int result = try_update_binary(path, &zip, wipe_cache); + + sysReleaseMap(&map); + + return result; } int |