// Search an array of sha1 strings for one matching the given sha1. // Return the index of the match on success, or -1 if no match is // found. int FindMatchingPatch(uint8_t* sha1, char* const * const patch_sha1_str, int num_patches) { uint8_t patch_sha1[SHA_DIGEST_SIZE]; for (int i = 0; i < num_patches; ++i) { if (ParseSha1(patch_sha1_str[i], patch_sha1) == 0 && memcmp(patch_sha1, sha1, SHA_DIGEST_SIZE) == 0) { return i; } } return -1; }
/* * This function flashes a given image to the target partition. It verifies * the target cheksum first, and will return if target has the desired hash. * It checks the checksum of the given source image before flashing, and * verifies the target partition afterwards. The function is idempotent. * Returns zero on success. */ int applypatch_flash(const char* source_filename, const char* target_filename, const char* target_sha1_str, size_t target_size) { printf("flash %s: ", target_filename); uint8_t target_sha1[SHA_DIGEST_SIZE]; if (ParseSha1(target_sha1_str, target_sha1) != 0) { printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); return 1; } FileContents source_file; source_file.data = NULL; std::string target_str(target_filename); std::vector<std::string> pieces = android::base::Split(target_str, ":"); if (pieces.size() != 2 || (pieces[0] != "MTD" && pieces[0] != "EMMC")) { printf("invalid target name \"%s\"", target_filename); return 1; } // Load the target into the source_file object to see if already applied. pieces.push_back(std::to_string(target_size)); pieces.push_back(target_sha1_str); std::string fullname = android::base::Join(pieces, ':'); if (LoadPartitionContents(fullname.c_str(), &source_file) == 0 && memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { // The early-exit case: the image was already applied, this partition // has the desired hash, nothing for us to do. printf("already %s\n", short_sha1(target_sha1).c_str()); free(source_file.data); return 0; } if (LoadFileContents(source_filename, &source_file) == 0) { if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { // The source doesn't have desired checksum. printf("source \"%s\" doesn't have expected sha1 sum\n", source_filename); printf("expected: %s, found: %s\n", short_sha1(target_sha1).c_str(), short_sha1(source_file.sha1).c_str()); free(source_file.data); return 1; } } if (WriteToPartition(source_file.data, target_size, target_filename) != 0) { printf("write of copied data to %s failed\n", target_filename); free(source_file.data); return 1; } free(source_file.data); return 0; }
// Parse arguments (which should be of the form "<sha1>" or // "<sha1>:<filename>" into the new parallel arrays *sha1s and // *patches (loading file contents into the patches). Returns 0 on // success. static int ParsePatchArgs(int argc, char** argv, char*** sha1s, Value*** patches, int* num_patches) { *num_patches = argc; *sha1s = malloc(*num_patches * sizeof(char*)); *patches = malloc(*num_patches * sizeof(Value*)); memset(*patches, 0, *num_patches * sizeof(Value*)); uint8_t digest[SHA_DIGEST_SIZE]; int i; for (i = 0; i < *num_patches; ++i) { char* colon = strchr(argv[i], ':'); if (colon != NULL) { *colon = '\0'; ++colon; } if (ParseSha1(argv[i], digest) != 0) { printf("failed to parse sha1 \"%s\"\n", argv[i]); return -1; } (*sha1s)[i] = argv[i]; if (colon == NULL) { (*patches)[i] = NULL; } else { FileContents fc; if (LoadFileContents(colon, &fc, RETOUCH_DONT_MASK) != 0) { goto abort; } (*patches)[i] = malloc(sizeof(Value)); (*patches)[i]->type = VAL_BLOB; (*patches)[i]->size = fc.size; (*patches)[i]->data = (char*)fc.data; } } return 0; abort: for (i = 0; i < *num_patches; ++i) { Value* p = (*patches)[i]; if (p != NULL) { free(p->data); free(p); } } free(*sha1s); free(*patches); return -1; }
// sha1_check(data) // to return the sha1 of the data (given in the format returned by // read_file). // // sha1_check(data, sha1_hex, [sha1_hex, ...]) // returns the sha1 of the file if it matches any of the hex // strings passed, or "" if it does not equal any of them. // Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { if (argc < 1) { return ErrorAbort(state, "%s() expects at least 1 arg", name); } Value** args = ReadValueVarArgs(state, argc, argv); if (args == NULL) { return NULL; } if (args[0]->size < 0) { fprintf(stderr, "%s(): no file contents received", name); return StringValue(strdup("")); } uint8_t digest[SHA_DIGEST_SIZE]; SHA(args[0]->data, args[0]->size, digest); FreeValue(args[0]); if (argc == 1) { return StringValue(PrintSha1(digest)); } int i; uint8_t* arg_digest = malloc(SHA_DIGEST_SIZE); for (i = 1; i < argc; ++i) { if (args[i]->type != VAL_STRING) { fprintf(stderr, "%s(): arg %d is not a string; skipping", name, i); } else if (ParseSha1(args[i]->data, arg_digest) != 0) { // Warn about bad args and skip them. fprintf(stderr, "%s(): error parsing \"%s\" as sha-1; skipping", name, args[i]->data); } else if (memcmp(digest, arg_digest, SHA_DIGEST_SIZE) == 0) { break; } FreeValue(args[i]); } if (i >= argc) { // Didn't match any of the hex strings; return false. return StringValue(strdup("")); } // Found a match; free all the remaining arguments and return the // matched one. int j; for (j = i+1; j < argc; ++j) { FreeValue(args[j]); } return args[i]; }
// Parse arguments (which should be of the form "<sha1>" or // "<sha1>:<filename>" into the array *patches, returning the number // of Patch objects in *num_patches. Return 0 on success. int ParseShaArgs(int argc, char** argv, Patch** patches, int* num_patches) { *num_patches = argc; *patches = malloc(*num_patches * sizeof(Patch)); int i; for (i = 0; i < *num_patches; ++i) { if (ParseSha1(argv[i], (*patches)[i].sha1) != 0) { fprintf(stderr, "failed to parse sha1 \"%s\"\n", argv[i]); return -1; } if (argv[i][SHA_DIGEST_SIZE*2] == '\0') { (*patches)[i].patch_filename = NULL; } else if (argv[i][SHA_DIGEST_SIZE*2] == ':') { (*patches)[i].patch_filename = argv[i] + (SHA_DIGEST_SIZE*2+1); } else { fprintf(stderr, "failed to parse filename \"%s\"\n", argv[i]); return -1; } } return 0; }
int applypatch(const char* source_filename, const char* target_filename, const char* target_sha1_str, size_t target_size, int num_patches, char** const patch_sha1_str, Value** patch_data) { printf("\napplying patch to %s\n", source_filename); if (target_filename[0] == '-' && target_filename[1] == '\0') { target_filename = source_filename; } uint8_t target_sha1[SHA_DIGEST_SIZE]; if (ParseSha1(target_sha1_str, target_sha1) != 0) { printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); return 1; } FileContents copy_file; FileContents source_file; const Value* source_patch_value = NULL; const Value* copy_patch_value = NULL; int made_copy = 0; // We try to load the target file into the source_file object. if (LoadFileContents(target_filename, &source_file, RETOUCH_DO_MASK) == 0) { if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { // The early-exit case: the patch was already applied, this file // has the desired hash, nothing for us to do. printf("\"%s\" is already target; no patch needed\n", target_filename); return 0; } } if (source_file.data == NULL || (target_filename != source_filename && strcmp(target_filename, source_filename) != 0)) { // Need to load the source file: either we failed to load the // target file, or we did but it's different from the source file. free(source_file.data); LoadFileContents(source_filename, &source_file, RETOUCH_DO_MASK); } if (source_file.data != NULL) { int to_use = FindMatchingPatch(source_file.sha1, patch_sha1_str, num_patches); if (to_use >= 0) { source_patch_value = patch_data[to_use]; } } if (source_patch_value == NULL) { free(source_file.data); printf("source file is bad; trying copy\n"); if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file, RETOUCH_DO_MASK) < 0) { // fail. printf("failed to read copy file\n"); return 1; } int to_use = FindMatchingPatch(copy_file.sha1, patch_sha1_str, num_patches); if (to_use >= 0) { copy_patch_value = patch_data[to_use]; } if (copy_patch_value == NULL) { // fail. printf("copy file doesn't match source SHA-1s either\n"); return 1; } } int retry = 1; SHA_CTX ctx; int output; MemorySinkInfo msi; FileContents* source_to_use; char* outname; // assume that target_filename (eg "/system/app/Foo.apk") is located // on the same filesystem as its top-level directory ("/system"). // We need something that exists for calling statfs(). char target_fs[strlen(target_filename)+1]; char* slash = strchr(target_filename+1, '/'); if (slash != NULL) { int count = slash - target_filename; strncpy(target_fs, target_filename, count); target_fs[count] = '\0'; } else { strcpy(target_fs, target_filename); } do { // Is there enough room in the target filesystem to hold the patched // file? if (strncmp(target_filename, "EMMC:", 5) == 0) { // If the target is a partition, we're actually going to // write the output to /tmp and then copy it to the // partition. statfs() always returns 0 blocks free for // /tmp, so instead we'll just assume that /tmp has enough // space to hold the file. // We still write the original source to cache, in case // the partition write is interrupted. if (MakeFreeSpaceOnCache(source_file.size) < 0) { printf("not enough free space on /cache\n"); return 1; } if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { printf("failed to back up source file\n"); return 1; } made_copy = 1; retry = 0; } else { int enough_space = 0; if (retry > 0) { size_t free_space = FreeSpaceForFile(target_fs); enough_space = (free_space > (256 << 10)) && // 256k (two-block) minimum (free_space > (target_size * 3 / 2)); // 50% margin of error printf("target %ld bytes; free space %ld bytes; retry %d; enough %d\n", (long)target_size, (long)free_space, retry, enough_space); } if (!enough_space) { retry = 0; } if (!enough_space && source_patch_value != NULL) { // Using the original source, but not enough free space. First // copy the source file to cache, then delete it from the original // location. if (strncmp(source_filename, "EMMC:", 5) == 0) { // It's impossible to free space on the target filesystem by // deleting the source if the source is a partition. If // we're ever in a state where we need to do this, fail. printf("not enough free space for target but source " "is partition\n"); return 1; } if (MakeFreeSpaceOnCache(source_file.size) < 0) { printf("not enough free space on /cache\n"); return 1; } if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { printf("failed to back up source file\n"); return 1; } made_copy = 1; unlink(source_filename); size_t free_space = FreeSpaceForFile(target_fs); printf("(now %ld bytes free for target)\n", (long)free_space); } } const Value* patch; if (source_patch_value != NULL) { source_to_use = &source_file; patch = source_patch_value; } else { source_to_use = ©_file; patch = copy_patch_value; } if (patch->type != VAL_BLOB) { printf("patch is not a blob\n"); return 1; } SinkFn sink = NULL; void* token = NULL; output = -1; outname = NULL; if (strncmp(target_filename, "EMMC:", 5) == 0) { // We store the decoded output in memory. msi.buffer = malloc(target_size); if (msi.buffer == NULL) { printf("failed to alloc %ld bytes for output\n", (long)target_size); return 1; } msi.pos = 0; msi.size = target_size; sink = MemorySink; token = &msi; } else { // We write the decoded output to "<tgt-file>.patch". outname = (char*)malloc(strlen(target_filename) + 10); strcpy(outname, target_filename); strcat(outname, ".patch"); output = open(outname, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); if (output < 0) { printf("failed to open output file %s: %s\n", outname, strerror(errno)); return 1; } sink = FileSink; token = &output; } char* header = patch->data; ssize_t header_bytes_read = patch->size; SHA_init(&ctx); int result; if (header_bytes_read >= 8 && memcmp(header, "BSDIFF40", 8) == 0) { result = ApplyBSDiffPatch(source_to_use->data, source_to_use->size, patch, 0, sink, token, &ctx); } else if (header_bytes_read >= 8 && memcmp(header, "IMGDIFF2", 8) == 0) { result = ApplyImagePatch(source_to_use->data, source_to_use->size, patch, sink, token, &ctx); } else { printf("Unknown patch file format\n"); return 1; } if (output >= 0) { fsync(output); close(output); } if (result != 0) { if (retry == 0) { printf("applying patch failed\n"); return result != 0; } else { printf("applying patch failed; retrying\n"); } if (outname != NULL) { unlink(outname); } } else { // succeeded; no need to retry break; } } while (retry-- > 0); const uint8_t* current_target_sha1 = SHA_final(&ctx); if (memcmp(current_target_sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { printf("patch did not produce expected sha1\n"); return 1; } if (output < 0) { // Copy the temp file to the partition. if (WriteToPartition(msi.buffer, msi.pos, target_filename) != 0) { printf("write of patched data to %s failed\n", target_filename); return 1; } free(msi.buffer); } else { // Give the .patch file the same owner, group, and mode of the // original source file. if (chmod(outname, source_to_use->st.st_mode) != 0) { printf("chmod of \"%s\" failed: %s\n", outname, strerror(errno)); return 1; } if (chown(outname, source_to_use->st.st_uid, source_to_use->st.st_gid) != 0) { printf("chown of \"%s\" failed: %s\n", outname, strerror(errno)); return 1; } // Finally, rename the .patch file to replace the target file. if (rename(outname, target_filename) != 0) { printf("rename of .patch to \"%s\" failed: %s\n", target_filename, strerror(errno)); return 1; } } // If this run of applypatch created the copy, and we're here, we // can delete it. if (made_copy) unlink(CACHE_TEMP_SOURCE); // Success! return 0; }
static int LoadPartitionContents(const char* filename, FileContents* file) { char* copy = strdup(filename); const char* magic = strtok(copy, ":"); enum PartitionType type; if (strcmp(magic, "EMMC") == 0) { type = EMMC; } else { printf("LoadPartitionContents called with bad filename (%s)\n", filename); return -1; } const char* partition = strtok(NULL, ":"); int i; int colons = 0; for (i = 0; filename[i] != '\0'; ++i) { if (filename[i] == ':') { ++colons; } } if (colons < 3 || colons%2 == 0) { printf("LoadPartitionContents called with bad filename (%s)\n", filename); } int pairs = (colons-1)/2; // # of (size,sha1) pairs in filename int* index = malloc(pairs * sizeof(int)); size_t* size = malloc(pairs * sizeof(size_t)); char** sha1sum = malloc(pairs * sizeof(char*)); for (i = 0; i < pairs; ++i) { const char* size_str = strtok(NULL, ":"); size[i] = strtol(size_str, NULL, 10); if (size[i] == 0) { printf("LoadPartitionContents called with bad size (%s)\n", filename); return -1; } sha1sum[i] = strtok(NULL, ":"); index[i] = i; } // sort the index[] array so it indexes the pairs in order of // increasing size. size_array = size; qsort(index, pairs, sizeof(int), compare_size_indices); FILE* dev = NULL; switch (type) { case EMMC: dev = fopen(partition, "rb"); if (dev == NULL) { printf("failed to open emmc partition \"%s\": %s\n", partition, strerror(errno)); return -1; } } SHA_CTX sha_ctx; SHA_init(&sha_ctx); uint8_t parsed_sha[SHA_DIGEST_SIZE]; // allocate enough memory to hold the largest size. file->data = malloc(size[index[pairs-1]]); char* p = (char*)file->data; file->size = 0; // # bytes read so far for (i = 0; i < pairs; ++i) { // Read enough additional bytes to get us up to the next size // (again, we're trying the possibilities in order of increasing // size). size_t next = size[index[i]] - file->size; size_t read = 0; if (next > 0) { switch (type) { case EMMC: read = fread(p, 1, next, dev); break; } if (next != read) { printf("short read (%d bytes of %d) for partition \"%s\"\n", read, next, partition); free(file->data); file->data = NULL; return -1; } SHA_update(&sha_ctx, p, read); file->size += read; } // Duplicate the SHA context and finalize the duplicate so we can // check it against this pair's expected hash. SHA_CTX temp_ctx; memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); const uint8_t* sha_so_far = SHA_final(&temp_ctx); if (ParseSha1(sha1sum[index[i]], parsed_sha) != 0) { printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]], filename); free(file->data); file->data = NULL; return -1; } if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_SIZE) == 0) { // we have a match. stop reading the partition; we'll return // the data we've read so far. printf("partition read matched size %d sha %s\n", size[index[i]], sha1sum[index[i]]); break; } p += read; } switch (type) { case EMMC: fclose(dev); break; } if (i == pairs) { // Ran off the end of the list of (size,sha1) pairs without // finding a match. printf("contents of partition \"%s\" didn't match %s\n", partition, filename); free(file->data); file->data = NULL; return -1; } const uint8_t* sha_final = SHA_final(&sha_ctx); for (i = 0; i < SHA_DIGEST_SIZE; ++i) { file->sha1[i] = sha_final[i]; } // Fake some stat() info. file->st.st_mode = 0644; file->st.st_uid = 0; file->st.st_gid = 0; free(copy); free(index); free(size); free(sha1sum); return 0; }
int applypatch(const char* source_filename, const char* target_filename, const char* target_sha1_str, size_t target_size, int num_patches, char** const patch_sha1_str, Value** patch_data, Value* bonus_data) { printf("patch %s: ", source_filename); if (target_filename[0] == '-' && target_filename[1] == '\0') { target_filename = source_filename; } uint8_t target_sha1[SHA_DIGEST_SIZE]; if (ParseSha1(target_sha1_str, target_sha1) != 0) { printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); return 1; } FileContents copy_file; FileContents source_file; copy_file.data = NULL; source_file.data = NULL; const Value* source_patch_value = NULL; const Value* copy_patch_value = NULL; // We try to load the target file into the source_file object. if (LoadFileContents(target_filename, &source_file, RETOUCH_DO_MASK) == 0) { if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { // The early-exit case: the patch was already applied, this file // has the desired hash, nothing for us to do. printf("already "); print_short_sha1(target_sha1); putchar('\n'); free(source_file.data); return 0; } } if (source_file.data == NULL || (target_filename != source_filename && strcmp(target_filename, source_filename) != 0)) { // Need to load the source file: either we failed to load the // target file, or we did but it's different from the source file. free(source_file.data); source_file.data = NULL; LoadFileContents(source_filename, &source_file, RETOUCH_DO_MASK); } if (source_file.data != NULL) { int to_use = FindMatchingPatch(source_file.sha1, patch_sha1_str, num_patches); if (to_use >= 0) { source_patch_value = patch_data[to_use]; } } if (source_patch_value == NULL) { free(source_file.data); source_file.data = NULL; printf("source file is bad; trying copy\n"); if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file, RETOUCH_DO_MASK) < 0) { // fail. printf("failed to read copy file\n"); return 1; } int to_use = FindMatchingPatch(copy_file.sha1, patch_sha1_str, num_patches); if (to_use >= 0) { copy_patch_value = patch_data[to_use]; } if (copy_patch_value == NULL) { // fail. printf("copy file doesn't match source SHA-1s either\n"); free(copy_file.data); return 1; } } int result = GenerateTarget(&source_file, source_patch_value, ©_file, copy_patch_value, source_filename, target_filename, target_sha1, target_size, bonus_data); free(source_file.data); free(copy_file.data); return result; }
static int LoadPartitionContents(const char* filename, FileContents* file) { char* copy = strdup(filename); const char* magic = strtok(copy, ":"); enum PartitionType type; #if 0 //wschen 2012-05-24 if (strcmp(magic, "MTD") == 0) { type = MTD; } else if (strcmp(magic, "EMMC") == 0) { type = EMMC; } else { printf("LoadPartitionContents called with bad filename (%s)\n", filename); return -1; } #else switch (phone_type()) { case NAND_TYPE: type = MTD; break; case EMMC_TYPE: type = EMMC; break; default: printf("LoadPartitionContents called with bad filename (%s)\n", filename); return -1; } #endif const char* partition = strtok(NULL, ":"); int i; int colons = 0; for (i = 0; filename[i] != '\0'; ++i) { if (filename[i] == ':') { ++colons; } } if (colons < 3 || colons%2 == 0) { printf("LoadPartitionContents called with bad filename (%s)\n", filename); } int pairs = (colons-1)/2; // # of (size,sha1) pairs in filename int* index = malloc(pairs * sizeof(int)); size_t* size = malloc(pairs * sizeof(size_t)); char** sha1sum = malloc(pairs * sizeof(char*)); for (i = 0; i < pairs; ++i) { const char* size_str = strtok(NULL, ":"); size[i] = strtol(size_str, NULL, 10); if (size[i] == 0) { printf("LoadPartitionContents called with bad size (%s)\n", filename); return -1; } sha1sum[i] = strtok(NULL, ":"); index[i] = i; } // sort the index[] array so it indexes the pairs in order of // increasing size. size_array = size; qsort(index, pairs, sizeof(int), compare_size_indices); MtdReadContext* ctx = NULL; int dev = -1; switch (type) { case MTD: if (!mtd_partitions_scanned) { mtd_scan_partitions(); mtd_partitions_scanned = 1; } const MtdPartition* mtd = mtd_find_partition_by_name(partition); if (mtd == NULL) { printf("mtd partition \"%s\" not found (loading %s)\n", partition, filename); return -1; } ctx = mtd_read_partition(mtd); if (ctx == NULL) { printf("failed to initialize read of mtd partition \"%s\"\n", partition); return -1; } break; case EMMC: printf("open emmc partition \"%s\"\n", partition); if (!strcmp(partition, "boot")) { dev = open("/dev/bootimg", O_RDWR); if (dev == -1) { printf("failed to open emmc partition \"/dev/bootimg\": %s\n", strerror(errno)); return -1; } } else { char dev_name[32]; strcpy(dev_name, "/dev/"); strcat(dev_name, partition); dev = open(dev_name, O_RDWR); if (dev == -1) { printf("failed to open emmc partition \"%s\": %s\n", dev_name, strerror(errno)); return -1; } } break; } SHA_CTX sha_ctx; SHA_init(&sha_ctx); uint8_t parsed_sha[SHA_DIGEST_SIZE]; // allocate enough memory to hold the largest size. file->data = malloc(size[index[pairs-1]]); char* p = (char*)file->data; file->size = 0; // # bytes read so far for (i = 0; i < pairs; ++i) { // Read enough additional bytes to get us up to the next size // (again, we're trying the possibilities in order of increasing // size). size_t next = size[index[i]] - file->size; size_t read_cnt = 0; if (next > 0) { switch (type) { case MTD: read_cnt = mtd_read_data(ctx, p, next); break; case EMMC: read_cnt = read(dev, p, next); break; } if (next != read_cnt) { printf("short read (%d bytes of %d) for partition \"%s\"\n", read_cnt, next, partition); free(file->data); file->data = NULL; return -1; } SHA_update(&sha_ctx, p, read_cnt); file->size += read_cnt; } // Duplicate the SHA context and finalize the duplicate so we can // check it against this pair's expected hash. SHA_CTX temp_ctx; memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); const uint8_t* sha_so_far = SHA_final(&temp_ctx); if (ParseSha1(sha1sum[index[i]], parsed_sha) != 0) { printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]], filename); free(file->data); file->data = NULL; return -1; } if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_SIZE) == 0) { // we have a match. stop reading the partition; we'll return // the data we've read so far. printf("partition read matched size %d sha %s\n", size[index[i]], sha1sum[index[i]]); break; } p += read_cnt; } switch (type) { case MTD: mtd_read_close(ctx); break; case EMMC: close(dev); break; } if (i == pairs) { // Ran off the end of the list of (size,sha1) pairs without // finding a match. printf("contents of partition \"%s\" didn't match %s\n", partition, filename); free(file->data); file->data = NULL; return -1; } const uint8_t* sha_final = SHA_final(&sha_ctx); for (i = 0; i < SHA_DIGEST_SIZE; ++i) { file->sha1[i] = sha_final[i]; } // Fake some stat() info. file->st.st_mode = 0644; file->st.st_uid = 0; file->st.st_gid = 0; free(copy); free(index); free(size); free(sha1sum); return 0; }
int applypatch(int argc, char** argv) { if (argc < 2) { return 2; } if (strncmp(argv[1], "-l", 3) == 0) { return ShowLicenses(); } if (strncmp(argv[1], "-c", 3) == 0) { return CheckMode(argc, argv); } if (strncmp(argv[1], "-s", 3) == 0) { if (argc != 3) { return 2; } size_t bytes = strtol(argv[2], NULL, 10); if (MakeFreeSpaceOnCache(bytes) < 0) { printf("unable to make %ld bytes available on /cache\n", (long)bytes); return 1; } else { return 0; } } uint8_t target_sha1[SHA_DIGEST_SIZE]; const char* source_filename = argv[1]; const char* target_filename = argv[2]; if (target_filename[0] == '-' && target_filename[1] == '\0') { target_filename = source_filename; } if (ParseSha1(argv[3], target_sha1) != 0) { fprintf(stderr, "failed to parse tgt-sha1 \"%s\"\n", argv[3]); return 1; } unsigned long target_size = strtoul(argv[4], NULL, 0); int num_patches; Patch* patches; if (ParseShaArgs(argc-5, argv+5, &patches, &num_patches) < 0) { return 1; } FileContents copy_file; FileContents source_file; const char* source_patch_filename = NULL; const char* copy_patch_filename = NULL; int made_copy = 0; // We try to load the target file into the source_file object. if (LoadFileContents(target_filename, &source_file) == 0) { if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { // The early-exit case: the patch was already applied, this file // has the desired hash, nothing for us to do. fprintf(stderr, "\"%s\" is already target; no patch needed\n", target_filename); return 0; } } if (source_file.data == NULL || (target_filename != source_filename && strcmp(target_filename, source_filename) != 0)) { // Need to load the source file: either we failed to load the // target file, or we did but it's different from the source file. free(source_file.data); LoadFileContents(source_filename, &source_file); } if (source_file.data != NULL) { const Patch* to_use = FindMatchingPatch(source_file.sha1, patches, num_patches); if (to_use != NULL) { source_patch_filename = to_use->patch_filename; } } if (source_patch_filename == NULL) { free(source_file.data); fprintf(stderr, "source file is bad; trying copy\n"); if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file) < 0) { // fail. fprintf(stderr, "failed to read copy file\n"); return 1; } const Patch* to_use = FindMatchingPatch(copy_file.sha1, patches, num_patches); if (to_use != NULL) { copy_patch_filename = to_use->patch_filename; } if (copy_patch_filename == NULL) { // fail. fprintf(stderr, "copy file doesn't match source SHA-1s either\n"); return 1; } } // Is there enough room in the target filesystem to hold the patched // file? if (strncmp(target_filename, "MTD:", 4) == 0) { // If the target is an MTD partition, we're actually going to // write the output to /tmp and then copy it to the partition. // statfs() always returns 0 blocks free for /tmp, so instead // we'll just assume that /tmp has enough space to hold the file. // We still write the original source to cache, in case the MTD // write is interrupted. if (MakeFreeSpaceOnCache(source_file.size) < 0) { fprintf(stderr, "not enough free space on /cache\n"); return 1; } if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { fprintf(stderr, "failed to back up source file\n"); return 1; } made_copy = 1; } else { // assume that target_filename (eg "/system/app/Foo.apk") is located // on the same filesystem as its top-level directory ("/system"). // We need something that exists for calling statfs(). char* target_fs = strdup(target_filename); char* slash = strchr(target_fs+1, '/'); if (slash != NULL) { *slash = '\0'; } size_t free_space = FreeSpaceForFile(target_fs); int enough_space = free_space > (target_size * 3 / 2); // 50% margin of error printf("target %ld bytes; free space %ld bytes; enough %d\n", (long)target_size, (long)free_space, enough_space); if (!enough_space && source_patch_filename != NULL) { // Using the original source, but not enough free space. First // copy the source file to cache, then delete it from the original // location. if (strncmp(source_filename, "MTD:", 4) == 0) { // It's impossible to free space on the target filesystem by // deleting the source if the source is an MTD partition. If // we're ever in a state where we need to do this, fail. fprintf(stderr, "not enough free space for target but source is MTD\n"); return 1; } if (MakeFreeSpaceOnCache(source_file.size) < 0) { fprintf(stderr, "not enough free space on /cache\n"); return 1; } if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { fprintf(stderr, "failed to back up source file\n"); return 1; } made_copy = 1; unlink(source_filename); size_t free_space = FreeSpaceForFile(target_fs); printf("(now %ld bytes free for target)\n", (long)free_space); } } FileContents* source_to_use; const char* patch_filename; if (source_patch_filename != NULL) { source_to_use = &source_file; patch_filename = source_patch_filename; } else { source_to_use = ©_file; patch_filename = copy_patch_filename; } char* outname = NULL; FILE* output = NULL; MemorySinkInfo msi; SinkFn sink = NULL; void* token = NULL; if (strncmp(target_filename, "MTD:", 4) == 0) { // We store the decoded output in memory. msi.buffer = malloc(target_size); if (msi.buffer == NULL) { fprintf(stderr, "failed to alloc %ld bytes for output\n", (long)target_size); return 1; } msi.pos = 0; msi.size = target_size; sink = MemorySink; token = &msi; } else { // We write the decoded output to "<tgt-file>.patch". outname = (char*)malloc(strlen(target_filename) + 10); strcpy(outname, target_filename); strcat(outname, ".patch"); output = fopen(outname, "wb"); if (output == NULL) { fprintf(stderr, "failed to open output file %s: %s\n", outname, strerror(errno)); return 1; } sink = FileSink; token = output; } #define MAX_HEADER_LENGTH 8 unsigned char header[MAX_HEADER_LENGTH]; FILE* patchf = fopen(patch_filename, "rb"); if (patchf == NULL) { fprintf(stderr, "failed to open patch file %s: %s\n", patch_filename, strerror(errno)); return 1; } int header_bytes_read = fread(header, 1, MAX_HEADER_LENGTH, patchf); fclose(patchf); SHA_CTX ctx; SHA_init(&ctx); if (header_bytes_read >= 4 && header[0] == 0xd6 && header[1] == 0xc3 && header[2] == 0xc4 && header[3] == 0) { // xdelta3 patches begin "VCD" (with the high bits set) followed // by a zero byte (the version number). fprintf(stderr, "error: xdelta3 patches no longer supported\n"); return 1; } else if (header_bytes_read >= 8 && memcmp(header, "BSDIFF40", 8) == 0) { int result = ApplyBSDiffPatch(source_to_use->data, source_to_use->size, patch_filename, 0, sink, token, &ctx); if (result != 0) { fprintf(stderr, "ApplyBSDiffPatch failed\n"); return result; } } else if (header_bytes_read >= 8 && memcmp(header, "IMGDIFF", 7) == 0 && (header[7] == '1' || header[7] == '2')) { int result = ApplyImagePatch(source_to_use->data, source_to_use->size, patch_filename, sink, token, &ctx); if (result != 0) { fprintf(stderr, "ApplyImagePatch failed\n"); return result; } } else { fprintf(stderr, "Unknown patch file format\n"); return 1; } if (output != NULL) { fflush(output); fsync(fileno(output)); fclose(output); } const uint8_t* current_target_sha1 = SHA_final(&ctx); if (memcmp(current_target_sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { fprintf(stderr, "patch did not produce expected sha1\n"); return 1; } if (output == NULL) { // Copy the temp file to the MTD partition. if (WriteToMTDPartition(msi.buffer, msi.pos, target_filename) != 0) { fprintf(stderr, "write of patched data to %s failed\n", target_filename); return 1; } free(msi.buffer); } else { // Give the .patch file the same owner, group, and mode of the // original source file. if (chmod(outname, source_to_use->st.st_mode) != 0) { fprintf(stderr, "chmod of \"%s\" failed: %s\n", outname, strerror(errno)); return 1; } if (chown(outname, source_to_use->st.st_uid, source_to_use->st.st_gid) != 0) { fprintf(stderr, "chown of \"%s\" failed: %s\n", outname, strerror(errno)); return 1; } // Finally, rename the .patch file to replace the target file. if (rename(outname, target_filename) != 0) { fprintf(stderr, "rename of .patch to \"%s\" failed: %s\n", target_filename, strerror(errno)); return 1; } } // If this run of applypatch created the copy, and we're here, we // can delete it. if (made_copy) unlink(CACHE_TEMP_SOURCE); // Success! return 0; }
// Load the contents of an MTD partition into the provided // FileContents. filename should be a string of the form // "MTD:<partition_name>:<size_1>:<sha1_1>:<size_2>:<sha1_2>:...". // The smallest size_n bytes for which that prefix of the mtd contents // has the corresponding sha1 hash will be loaded. It is acceptable // for a size value to be repeated with different sha1s. Will return // 0 on success. // // This complexity is needed because if an OTA installation is // interrupted, the partition might contain either the source or the // target data, which might be of different lengths. We need to know // the length in order to read from MTD (there is no "end-of-file" // marker), so the caller must specify the possible lengths and the // hash of the data, and we'll do the load expecting to find one of // those hashes. int LoadMTDContents(const char* filename, FileContents* file) { char* copy = strdup(filename); const char* magic = strtok(copy, ":"); if (strcmp(magic, "MTD") != 0) { fprintf(stderr, "LoadMTDContents called with bad filename (%s)\n", filename); return -1; } const char* partition = strtok(NULL, ":"); int i; int colons = 0; for (i = 0; filename[i] != '\0'; ++i) { if (filename[i] == ':') { ++colons; } } if (colons < 3 || colons%2 == 0) { fprintf(stderr, "LoadMTDContents called with bad filename (%s)\n", filename); } int pairs = (colons-1)/2; // # of (size,sha1) pairs in filename int* index = malloc(pairs * sizeof(int)); size_t* size = malloc(pairs * sizeof(size_t)); char** sha1sum = malloc(pairs * sizeof(char*)); for (i = 0; i < pairs; ++i) { const char* size_str = strtok(NULL, ":"); size[i] = strtol(size_str, NULL, 10); if (size[i] == 0) { fprintf(stderr, "LoadMTDContents called with bad size (%s)\n", filename); return -1; } sha1sum[i] = strtok(NULL, ":"); index[i] = i; } // sort the index[] array so it indexes the pairs in order of // increasing size. size_array = size; qsort(index, pairs, sizeof(int), compare_size_indices); if (!mtd_partitions_scanned) { mtd_scan_partitions(); mtd_partitions_scanned = 1; } const MtdPartition* mtd = mtd_find_partition_by_name(partition); if (mtd == NULL) { fprintf(stderr, "mtd partition \"%s\" not found (loading %s)\n", partition, filename); return -1; } MtdReadContext* ctx = mtd_read_partition(mtd); if (ctx == NULL) { fprintf(stderr, "failed to initialize read of mtd partition \"%s\"\n", partition); return -1; } SHA_CTX sha_ctx; SHA_init(&sha_ctx); uint8_t parsed_sha[SHA_DIGEST_SIZE]; // allocate enough memory to hold the largest size. file->data = malloc(size[index[pairs-1]]); char* p = (char*)file->data; file->size = 0; // # bytes read so far for (i = 0; i < pairs; ++i) { // Read enough additional bytes to get us up to the next size // (again, we're trying the possibilities in order of increasing // size). size_t next = size[index[i]] - file->size; size_t read = 0; if (next > 0) { read = mtd_read_data(ctx, p, next); if (next != read) { fprintf(stderr, "short read (%d bytes of %d) for partition \"%s\"\n", read, next, partition); free(file->data); file->data = NULL; return -1; } SHA_update(&sha_ctx, p, read); file->size += read; } // Duplicate the SHA context and finalize the duplicate so we can // check it against this pair's expected hash. SHA_CTX temp_ctx; memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); const uint8_t* sha_so_far = SHA_final(&temp_ctx); if (ParseSha1(sha1sum[index[i]], parsed_sha) != 0) { fprintf(stderr, "failed to parse sha1 %s in %s\n", sha1sum[index[i]], filename); free(file->data); file->data = NULL; return -1; } if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_SIZE) == 0) { // we have a match. stop reading the partition; we'll return // the data we've read so far. printf("mtd read matched size %d sha %s\n", size[index[i]], sha1sum[index[i]]); break; } p += read; } mtd_read_close(ctx); if (i == pairs) { // Ran off the end of the list of (size,sha1) pairs without // finding a match. fprintf(stderr, "contents of MTD partition \"%s\" didn't match %s\n", partition, filename); free(file->data); file->data = NULL; return -1; } const uint8_t* sha_final = SHA_final(&sha_ctx); for (i = 0; i < SHA_DIGEST_SIZE; ++i) { file->sha1[i] = sha_final[i]; } // Fake some stat() info. file->st.st_mode = 0644; file->st.st_uid = 0; file->st.st_gid = 0; free(copy); free(index); free(size); free(sha1sum); return 0; }
static bool AddItem(const CXmlItem &item, CObjectVector<CFile> &files, int parent) { if (!item.IsTag) return true; if (item.Name == "file") { CFile file; file.Parent = parent; parent = files.Size(); file.Name = item.GetSubStringForTag("name"); AString type = item.GetSubStringForTag("type"); if (type == "directory") file.IsDir = true; else if (type == "file") file.IsDir = false; else return false; int dataIndex = item.FindSubTag("data"); if (dataIndex >= 0 && !file.IsDir) { file.HasData = true; const CXmlItem &dataItem = item.SubItems[dataIndex]; if (!ParseUInt64(dataItem, "size", file.Size)) return false; if (!ParseUInt64(dataItem, "length", file.PackSize)) return false; if (!ParseUInt64(dataItem, "offset", file.Offset)) return false; file.Sha1IsDefined = ParseSha1(dataItem, "extracted-checksum", file.Sha1); // file.packSha1IsDefined = ParseSha1(dataItem, "archived-checksum", file.packSha1); int encodingIndex = dataItem.FindSubTag("encoding"); if (encodingIndex >= 0) { const CXmlItem &encodingItem = dataItem.SubItems[encodingIndex]; if (encodingItem.IsTag) { AString s = encodingItem.GetPropertyValue("style"); if (s.Length() >= 0) { AString appl = "application/"; if (s.Left(appl.Length()) == appl) { s = s.Mid(appl.Length()); AString xx = "x-"; if (s.Left(xx.Length()) == xx) { s = s.Mid(xx.Length()); if (s == "gzip") s = METHOD_NAME_ZLIB; } } file.Method = s; } } } } file.CTime = ParseTime(item, "ctime"); file.MTime = ParseTime(item, "mtime"); file.ATime = ParseTime(item, "atime"); files.Add(file); } for (int i = 0; i < item.SubItems.Size(); i++) if (!AddItem(item.SubItems[i], files, parent)) return false; return true; }
static int LoadPartitionContents(const char* filename, FileContents* file) { std::string copy(filename); std::vector<std::string> pieces = android::base::Split(copy, ":"); if (pieces.size() < 4 || pieces.size() % 2 != 0) { printf("LoadPartitionContents called with bad filename (%s)\n", filename); return -1; } enum PartitionType type; if (pieces[0] == "MTD") { type = MTD; } else if (pieces[0] == "EMMC") { type = EMMC; } else { printf("LoadPartitionContents called with bad filename (%s)\n", filename); return -1; } const char* partition = pieces[1].c_str(); size_t pairs = (pieces.size() - 2) / 2; // # of (size, sha1) pairs in filename std::vector<size_t> index(pairs); std::vector<size_t> size(pairs); std::vector<std::string> sha1sum(pairs); for (size_t i = 0; i < pairs; ++i) { size[i] = strtol(pieces[i*2+2].c_str(), NULL, 10); if (size[i] == 0) { printf("LoadPartitionContents called with bad size (%s)\n", filename); return -1; } sha1sum[i] = pieces[i*2+3].c_str(); index[i] = i; } // Sort the index[] array so it indexes the pairs in order of increasing size. sort(index.begin(), index.end(), [&](const size_t& i, const size_t& j) { return (size[i] < size[j]); } ); MtdReadContext* ctx = NULL; FILE* dev = NULL; switch (type) { case MTD: { if (!mtd_partitions_scanned) { mtd_scan_partitions(); mtd_partitions_scanned = true; } const MtdPartition* mtd = mtd_find_partition_by_name(partition); if (mtd == NULL) { printf("mtd partition \"%s\" not found (loading %s)\n", partition, filename); return -1; } ctx = mtd_read_partition(mtd); if (ctx == NULL) { printf("failed to initialize read of mtd partition \"%s\"\n", partition); return -1; } break; } case EMMC: dev = fopen(partition, "rb"); if (dev == NULL) { printf("failed to open emmc partition \"%s\": %s\n", partition, strerror(errno)); return -1; } } SHA_CTX sha_ctx; SHA_init(&sha_ctx); uint8_t parsed_sha[SHA_DIGEST_SIZE]; // Allocate enough memory to hold the largest size. file->data = reinterpret_cast<unsigned char*>(malloc(size[index[pairs-1]])); char* p = (char*)file->data; file->size = 0; // # bytes read so far bool found = false; for (size_t i = 0; i < pairs; ++i) { // Read enough additional bytes to get us up to the next size. (Again, // we're trying the possibilities in order of increasing size). size_t next = size[index[i]] - file->size; size_t read = 0; if (next > 0) { switch (type) { case MTD: read = mtd_read_data(ctx, p, next); break; case EMMC: read = fread(p, 1, next, dev); break; } if (next != read) { printf("short read (%zu bytes of %zu) for partition \"%s\"\n", read, next, partition); free(file->data); file->data = NULL; return -1; } SHA_update(&sha_ctx, p, read); file->size += read; } // Duplicate the SHA context and finalize the duplicate so we can // check it against this pair's expected hash. SHA_CTX temp_ctx; memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); const uint8_t* sha_so_far = SHA_final(&temp_ctx); if (ParseSha1(sha1sum[index[i]].c_str(), parsed_sha) != 0) { printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]].c_str(), filename); free(file->data); file->data = NULL; return -1; } if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_SIZE) == 0) { // we have a match. stop reading the partition; we'll return // the data we've read so far. printf("partition read matched size %zu sha %s\n", size[index[i]], sha1sum[index[i]].c_str()); found = true; break; } p += read; } switch (type) { case MTD: mtd_read_close(ctx); break; case EMMC: fclose(dev); break; } if (!found) { // Ran off the end of the list of (size,sha1) pairs without finding a match. printf("contents of partition \"%s\" didn't match %s\n", partition, filename); free(file->data); file->data = NULL; return -1; } const uint8_t* sha_final = SHA_final(&sha_ctx); for (size_t i = 0; i < SHA_DIGEST_SIZE; ++i) { file->sha1[i] = sha_final[i]; } // Fake some stat() info. file->st.st_mode = 0644; file->st.st_uid = 0; file->st.st_gid = 0; return 0; }
int applypatch(const char* source_filename, const char* target_filename, const char* target_sha1_str, size_t target_size, int num_patches, char** const patch_sha1_str, Value** patch_data, Value* bonus_data) { printf("patch %s: ", source_filename); if (target_filename[0] == '-' && target_filename[1] == '\0') { target_filename = source_filename; } uint8_t target_sha1[SHA_DIGEST_SIZE]; if (ParseSha1(target_sha1_str, target_sha1) != 0) { printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); return 1; } FileContents copy_file; FileContents source_file; copy_file.data = NULL; source_file.data = NULL; const Value* source_patch_value = NULL; const Value* copy_patch_value = NULL; // We try to load the target file into the source_file object. if (LoadFileContents(target_filename, &source_file) == 0) { if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { // The early-exit case: the patch was already applied, this file // has the desired hash, nothing for us to do. printf("already "); print_short_sha1(target_sha1); putchar('\n'); free(source_file.data); return 0; } } if (source_file.data == NULL || (target_filename != source_filename && strcmp(target_filename, source_filename) != 0)) { // Need to load the source file: either we failed to load the // target file, or we did but it's different from the source file. free(source_file.data); source_file.data = NULL; LoadFileContents(source_filename, &source_file); } if (source_file.data != NULL) { int to_use = FindMatchingPatch(source_file.sha1, patch_sha1_str, num_patches); if (to_use >= 0) { source_patch_value = patch_data[to_use]; } } if (source_patch_value == NULL) { free(source_file.data); source_file.data = NULL; printf("source file is bad; trying copy\n"); if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file) < 0) { // fail. printf("failed to read copy file\n"); return 1; } int to_use = FindMatchingPatch(copy_file.sha1, patch_sha1_str, num_patches); if (to_use >= 0) { copy_patch_value = patch_data[to_use]; } if (copy_patch_value == NULL) { // fail. printf("copy file doesn't match source SHA-1s either\n"); #if 0 //wschen 2013-05-23 free(copy_file.data); return 1; #else if (memcmp(copy_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { printf("use cache temp file to replace \"%s\"\n", target_filename); if (strncmp(target_filename, "MTD:", 4) == 0 || strncmp(target_filename, "EMMC:", 5) == 0) { if (WriteToPartition(copy_file.data, copy_file.size, target_filename) != 0) { printf("write of patched data to %s failed\n", target_filename); return 1; } //everything is fine unlink(CACHE_TEMP_SOURCE); sync(); return 0; } else { if (SaveFileContents(target_filename, ©_file) < 0) { printf("failed to copy back %s\n", target_filename); free(copy_file.data); copy_file.data = NULL; return 1; } else { //copy success free(copy_file.data); copy_file.data = NULL; if (LoadFileContents(target_filename, &source_file) == 0) { if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { free(source_file.data); source_file.data = NULL; //everything is fine unlink(CACHE_TEMP_SOURCE); sync(); return 0; } else { free(source_file.data); source_file.data = NULL; printf("copied target file (%s) SHA1 does not match\n", target_filename); return 1; } } else { printf("failed to read copied target file (%s)\n", target_filename); return 1; } } } } else { printf("cache temp file doesn't match target SHA-1s (%s)\n", target_filename); free(copy_file.data); copy_file.data = NULL; return 1; } #endif } } int result = GenerateTarget(&source_file, source_patch_value, ©_file, copy_patch_value, source_filename, target_filename, target_sha1, target_size, bonus_data); free(source_file.data); free(copy_file.data); return result; }