ADHOC/replicant-vendor_replicant
3
0
Fork 0
Code Issues 6 Pull Requests Releases Activity

ota: Validate any installed data's signature against our own

Browse Source 
Try to prevent incompatible-signature system quirkiness

Change-Id: I73402d963a1b57ad0ee3c68ced4f2d7f074f927f
This commit is contained in:
Ricardo Cerqueira 2014-05-09 22:24:12 +01:00 committed by Brint E. Kriebel
parent 1df415bba2
commit aff5e54c4e
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/common.mk
View File

@ -87,6 +87,10 @@ PRODUCT_COPY_FILES += \
vendor/cm/prebuilt/common/bin/blacklist:system/addon.d/blacklist vendor/cm/prebuilt/common/bin/blacklist:system/addon.d/blacklist
endif endif
# Signature compatibility validation
PRODUCT_COPY_FILES += \
vendor/cm/prebuilt/common/bin/otasigcheck.sh:system/bin/otasigcheck.sh
# init.d support # init.d support
PRODUCT_COPY_FILES += \ PRODUCT_COPY_FILES += \
vendor/cm/prebuilt/common/etc/init.d/00banner:system/etc/init.d/00banner \ vendor/cm/prebuilt/common/etc/init.d/00banner:system/etc/init.d/00banner \

18
prebuilt/common/bin/otasigcheck.sh Normal file
View File

@ -0,0 +1,18 @@
#!/sbin/sh
# Validate that the incoming OTA is compatible with an already-installed
# system
if [ -f /data/system/packages.xml -a -f /tmp/releasekey ]; then
relCert=$(grep -A3 'package name="com.android.providers.calendar"' /data/system/packages.xml | grep "cert index" | head -n 1 | sed -e 's|.*"\([[:digit:]]\)".*|\1|g')
grep "cert index=\"$relCert\"" /data/system/packages.xml | grep -q `cat /tmp/releasekey`
if [ $? -ne 0 ]; then
echo "You have an installed system that isn't signed with this build's key, aborting..."
# Edify doesn't abort on non-zero executions, so let's trash the key and use sha1sum instead
echo "INVALID" > /tmp/releasekey
exit 1
fi
fi
exit 0