| Ricardo Cerqueira | aff5e54 | 2014-05-09 22:24:12 +0100 | [diff] [blame] | 1 | #!/sbin/sh |
| 2 | |
| 3 | # Validate that the incoming OTA is compatible with an already-installed |
| 4 | # system |
| 5 | |
| Brint E. Kriebel | 84ec9f5 | 2014-09-24 12:46:09 -0700 | [diff] [blame] | 6 | grep -q "Command:.*\"--wipe\_data\"" /tmp/recovery.log |
| 7 | if [ $? -eq 0 ]; then |
| 8 | echo "Data will be wiped after install; skipping signature check..." |
| 9 | exit 0 |
| 10 | fi |
| 11 | |
| Brint E. Kriebel | 1d055a3 | 2014-11-28 17:39:21 -0800 | [diff] [blame] | 12 | grep -q "Command:.*\"--headless\"" /tmp/recovery.log |
| 13 | if [ $? -eq 0 ]; then |
| 14 | echo "Headless mode install; skipping signature check..." |
| 15 | exit 0 |
| 16 | fi |
| 17 | |
| Tom Marshall | 322cc5a | 2015-12-02 13:24:54 -0800 | [diff] [blame] | 18 | if [ -f "/data/system/packages.xml" -a -f "/tmp/releasekey" ]; then |
| 19 | relkey=$(cat "/tmp/releasekey") |
| 20 | OLDIFS="$IFS" |
| 21 | IFS="" |
| 22 | while read line; do |
| 23 | params=${line# *<package *} |
| 24 | if [ "$line" != "$params" ]; then |
| 25 | kvp=${params%% *} |
| 26 | params=${params#* } |
| 27 | while [ "$kvp" != "$params" ]; do |
| 28 | key=${kvp%%=*} |
| 29 | val=${kvp#*=} |
| 30 | vlen=$(( ${#val} - 2 )) |
| 31 | val=${val:1:$vlen} |
| 32 | if [ "$key" = "name" ]; then |
| 33 | package="$val" |
| 34 | fi |
| 35 | kvp=${params%% *} |
| 36 | params=${params#* } |
| 37 | done |
| 38 | continue |
| 39 | fi |
| 40 | params=${line# *<cert *} |
| 41 | if [ "$line" != "$params" ]; then |
| 42 | keyidx="" |
| 43 | keyval="" |
| 44 | kvp=${params%% *} |
| 45 | params=${params#* } |
| 46 | while [ "$kvp" != "$params" ]; do |
| 47 | key=${kvp%%=*} |
| 48 | val=${kvp#*=} |
| 49 | vlen=$(( ${#val} - 2 )) |
| 50 | val=${val:1:$vlen} |
| 51 | if [ "$key" = "index" ]; then |
| 52 | keyidx="$val" |
| 53 | fi |
| 54 | if [ "$key" = "key" ]; then |
| 55 | keyval="$val" |
| 56 | fi |
| 57 | kvp=${params%% *} |
| 58 | params=${params#* } |
| 59 | done |
| 60 | if [ -n "$keyidx" ]; then |
| 61 | if [ "$package" = "com.android.htmlviewer" ]; then |
| 62 | cert_idx="$keyidx" |
| 63 | fi |
| 64 | fi |
| 65 | if [ -n "$keyval" ]; then |
| 66 | eval "key_$keyidx=$keyval" |
| 67 | fi |
| 68 | continue |
| 69 | fi |
| 70 | done < "/data/system/packages.xml" |
| 71 | IFS="$OLDIFS" |
| Ricardo Cerqueira | aff5e54 | 2014-05-09 22:24:12 +0100 | [diff] [blame] | 72 | |
| Ricardo Cerqueira | d2248b2 | 2014-12-01 15:15:15 +0000 | [diff] [blame] | 73 | # Tools missing? Err on the side of caution and exit cleanly |
| Tom Marshall | 322cc5a | 2015-12-02 13:24:54 -0800 | [diff] [blame] | 74 | if [ -z "$cert_idx" ]; then |
| 75 | echo "Package cert index not found; skipping signature check..." |
| 76 | exit 0 |
| 77 | fi |
| Ricardo Cerqueira | d2248b2 | 2014-12-01 15:15:15 +0000 | [diff] [blame] | 78 | |
| Tom Marshall | 322cc5a | 2015-12-02 13:24:54 -0800 | [diff] [blame] | 79 | varname="key_$cert_idx" |
| 80 | eval "pkgkey=\$$varname" |
| 81 | |
| 82 | if [ "$pkgkey" != "$relkey" ]; then |
| Ricardo Cerqueira | aff5e54 | 2014-05-09 22:24:12 +0100 | [diff] [blame] | 83 | echo "You have an installed system that isn't signed with this build's key, aborting..." |
| Ricardo Cerqueira | d2248b2 | 2014-12-01 15:15:15 +0000 | [diff] [blame] | 84 | exit 124 |
| Ricardo Cerqueira | aff5e54 | 2014-05-09 22:24:12 +0100 | [diff] [blame] | 85 | fi |
| 86 | fi |
| 87 | |
| 88 | exit 0 |