| Ricardo Cerqueira | aff5e54 | 2014-05-09 22:24:12 +0100 | [diff] [blame] | 1 | #!/sbin/sh |
| 2 | |
| 3 | # Validate that the incoming OTA is compatible with an already-installed |
| 4 | # system |
| 5 | |
| Brint E. Kriebel | 84ec9f5 | 2014-09-24 12:46:09 -0700 | [diff] [blame] | 6 | grep -q "Command:.*\"--wipe\_data\"" /tmp/recovery.log |
| 7 | if [ $? -eq 0 ]; then |
| 8 | echo "Data will be wiped after install; skipping signature check..." |
| 9 | exit 0 |
| 10 | fi |
| 11 | |
| Brint E. Kriebel | 1d055a3 | 2014-11-28 17:39:21 -0800 | [diff] [blame] | 12 | grep -q "Command:.*\"--headless\"" /tmp/recovery.log |
| 13 | if [ $? -eq 0 ]; then |
| 14 | echo "Headless mode install; skipping signature check..." |
| 15 | exit 0 |
| 16 | fi |
| 17 | |
| Tom Marshall | 322cc5a | 2015-12-02 13:24:54 -0800 | [diff] [blame] | 18 | if [ -f "/data/system/packages.xml" -a -f "/tmp/releasekey" ]; then |
| 19 | relkey=$(cat "/tmp/releasekey") |
| 20 | OLDIFS="$IFS" |
| 21 | IFS="" |
| 22 | while read line; do |
| Tom Marshall | 139e798 | 2015-12-18 14:45:25 -0800 | [diff] [blame^] | 23 | if [ "${#line}" -gt 4094 ]; then |
| 24 | continue |
| 25 | fi |
| Tom Marshall | 322cc5a | 2015-12-02 13:24:54 -0800 | [diff] [blame] | 26 | params=${line# *<package *} |
| 27 | if [ "$line" != "$params" ]; then |
| 28 | kvp=${params%% *} |
| 29 | params=${params#* } |
| 30 | while [ "$kvp" != "$params" ]; do |
| 31 | key=${kvp%%=*} |
| 32 | val=${kvp#*=} |
| 33 | vlen=$(( ${#val} - 2 )) |
| 34 | val=${val:1:$vlen} |
| 35 | if [ "$key" = "name" ]; then |
| 36 | package="$val" |
| 37 | fi |
| 38 | kvp=${params%% *} |
| 39 | params=${params#* } |
| 40 | done |
| 41 | continue |
| 42 | fi |
| 43 | params=${line# *<cert *} |
| 44 | if [ "$line" != "$params" ]; then |
| 45 | keyidx="" |
| 46 | keyval="" |
| 47 | kvp=${params%% *} |
| 48 | params=${params#* } |
| 49 | while [ "$kvp" != "$params" ]; do |
| 50 | key=${kvp%%=*} |
| 51 | val=${kvp#*=} |
| 52 | vlen=$(( ${#val} - 2 )) |
| 53 | val=${val:1:$vlen} |
| 54 | if [ "$key" = "index" ]; then |
| 55 | keyidx="$val" |
| 56 | fi |
| 57 | if [ "$key" = "key" ]; then |
| 58 | keyval="$val" |
| 59 | fi |
| 60 | kvp=${params%% *} |
| 61 | params=${params#* } |
| 62 | done |
| 63 | if [ -n "$keyidx" ]; then |
| 64 | if [ "$package" = "com.android.htmlviewer" ]; then |
| 65 | cert_idx="$keyidx" |
| 66 | fi |
| 67 | fi |
| 68 | if [ -n "$keyval" ]; then |
| 69 | eval "key_$keyidx=$keyval" |
| 70 | fi |
| 71 | continue |
| 72 | fi |
| 73 | done < "/data/system/packages.xml" |
| 74 | IFS="$OLDIFS" |
| Ricardo Cerqueira | aff5e54 | 2014-05-09 22:24:12 +0100 | [diff] [blame] | 75 | |
| Ricardo Cerqueira | d2248b2 | 2014-12-01 15:15:15 +0000 | [diff] [blame] | 76 | # Tools missing? Err on the side of caution and exit cleanly |
| Tom Marshall | 322cc5a | 2015-12-02 13:24:54 -0800 | [diff] [blame] | 77 | if [ -z "$cert_idx" ]; then |
| 78 | echo "Package cert index not found; skipping signature check..." |
| 79 | exit 0 |
| 80 | fi |
| Ricardo Cerqueira | d2248b2 | 2014-12-01 15:15:15 +0000 | [diff] [blame] | 81 | |
| Tom Marshall | 322cc5a | 2015-12-02 13:24:54 -0800 | [diff] [blame] | 82 | varname="key_$cert_idx" |
| 83 | eval "pkgkey=\$$varname" |
| 84 | |
| 85 | if [ "$pkgkey" != "$relkey" ]; then |
| Ricardo Cerqueira | aff5e54 | 2014-05-09 22:24:12 +0100 | [diff] [blame] | 86 | echo "You have an installed system that isn't signed with this build's key, aborting..." |
| Ricardo Cerqueira | d2248b2 | 2014-12-01 15:15:15 +0000 | [diff] [blame] | 87 | exit 124 |
| Ricardo Cerqueira | aff5e54 | 2014-05-09 22:24:12 +0100 | [diff] [blame] | 88 | fi |
| 89 | fi |
| 90 | |
| 91 | exit 0 |