install.cpp文件really_install_package函数校验更新包的签名过程分析

时间:2021-09-01 22:49:49
static int
really_install_package(const char *path, bool* wipe_cache, bool needs_mount)
{
	bNeedClearMisc = false;
    ui->SetBackground(RecoveryUI::INSTALLING_UPDATE); //lefty_lan注:更新屏幕的提示为正在更新
    ui->Print("Finding update package...\n");
    // Give verification half the progress bar...
    ui->SetProgressType(RecoveryUI::DETERMINATE);
    ui->ShowProgress(VERIFICATION_PROGRESS_FRACTION, VERIFICATION_PROGRESS_TIME);
    LOGI("Update location: %s\n", path);

    // Map the update package into memory.
    ui->Print("Opening update package...\n");

    char really_path[100];
    if (path && needs_mount) {//lefty_lan注:确保更新包所在的路径已经mount
        if (path[0] == '@') {
            ensure_path_mounted(path+1);
        } else {
            ensure_path_mounted(path);
        }
    }

    if(strncmp(path, "/mnt/external_sd", 16) == 0){
        ensure_sd_mounted();
    }else if(strncmp(path, "/mnt/usb_storage", 16) == 0){
        ensure_usb_mounted();
    }

    MemMapping map;
    if(strncmp(path, "/mnt/media_rw", 13) == 0){
        //external_sd
        LOGI("try to read update.zip from /mnt/external_sd");
        strcpy(really_path, "/mnt/external_sd/");
        ensure_sd_mounted();
        strcat(really_path, "update.zip");
        if(sysMapFile(really_path, &map) != 0){
            //usb_storage
            LOGI("try to read update.zip from /mnt/usb_storage");
            strcpy(really_path, "/mnt/usb_storage/");
            ensure_usb_mounted();
            strcat(really_path, "update.zip");
            if(sysMapFile(really_path, &map) != 0){
                LOGE("failed to map file\n");
                return INSTALL_CORRUPT;
            }
        }
    }else if (sysMapFile(path, &map) != 0) {
        LOGE("failed to map file\n");
        return INSTALL_CORRUPT;
    }else{
        strcpy(really_path, path);
    }
    LOGI("update.zip path is %s\n", really_path);

    int numKeys;
    Certificate* loadedKeys = load_keys(PUBLIC_KEYS_FILE, &numKeys);//lefty_lan注:从/res/keys文件中装载设备的签名文件
    if (loadedKeys == NULL) {
        LOGE("Failed to load keys\n");
        return INSTALL_CORRUPT;
    }
    LOGI("%d key(s) loaded from %s\n", numKeys, PUBLIC_KEYS_FILE);

    ui->Print("Verifying update package...\n");

    int err;
    err = verify_file(map.addr, map.length, loadedKeys, numKeys);//lefty_lan注:校验更新包的签名
    free(loadedKeys);
    LOGI("verify_file returned %d\n", err);
    if (err != VERIFY_SUCCESS) {//lefty_lan注:校验失败,退出
        LOGE("signature verification failed\n");
        sysReleaseMap(&map);
        return INSTALL_CORRUPT;
    }

    /* Try to open the package.
     */
    ZipArchive zip;
    err = mzOpenZipArchive(map.addr, map.length, &zip);
    if (err != 0) {
        LOGE("Can't open %s\n(%s)\n", really_path, err != -1 ? strerror(err) : "bad");
        sysReleaseMap(&map);
        return INSTALL_CORRUPT;
    }

    /* Verify and install the contents of the package.
     */
    ui->Print("Installing update...\n");
    ui->SetEnableReboot(false);
    int result = try_update_binary(really_path, &zip, wipe_cache);//lefty_lan注:开始安装
    ui->SetEnableReboot(true);
    ui->Print("\n");

    sysReleaseMap(&map);

    return result;
}
标签:

相关文章