tools/releasetools/apex_utils.py - android_build - Gitiles

 #!/usr/bin/env python
 #
 # Copyright (C) 2019 The Android Open Source Project
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 import logging
 import os.path
 import re
 import shlex
 import sys

 import common

 logger = logging.getLogger(__name__)


 class ApexInfoError(Exception):
   """An Exception raised during Apex Information command."""

   def __init__(self, message):
     Exception.__init__(self, message)


 class ApexSigningError(Exception):
   """An Exception raised during Apex Payload signing."""

   def __init__(self, message):
     Exception.__init__(self, message)


 def SignApexPayload(payload_file, payload_key_path, payload_key_name, algorithm,
                     salt, signing_args=None):
   """Signs a given payload_file with the payload key."""
   # Add the new footer. Old footer, if any, will be replaced by avbtool.
   cmd = ['avbtool', 'add_hashtree_footer',
          '--do_not_generate_fec',
          '--algorithm', algorithm,
          '--key', payload_key_path,
          '--prop', 'apex.key:{}'.format(payload_key_name),
          '--image', payload_file,
          '--salt', salt]
   if signing_args:
     cmd.extend(shlex.split(signing_args))

   try:
     common.RunAndCheckOutput(cmd)
   except common.ExternalError as e:
     raise ApexSigningError, \
         'Failed to sign APEX payload {} with {}:\n{}'.format(
             payload_file, payload_key_path, e), sys.exc_info()[2]

   # Verify the signed payload image with specified public key.
   logger.info('Verifying %s', payload_file)
   VerifyApexPayload(payload_file, payload_key_path)


 def VerifyApexPayload(payload_file, payload_key):
   """Verifies the APEX payload signature with the given key."""
   cmd = ['avbtool', 'verify_image', '--image', payload_file,
          '--key', payload_key]
   try:
     common.RunAndCheckOutput(cmd)
   except common.ExternalError as e:
     raise ApexSigningError, \
         'Failed to validate payload signing for {} with {}:\n{}'.format(
             payload_file, payload_key, e), sys.exc_info()[2]


 def ParseApexPayloadInfo(payload_path):
   """Parses the APEX payload info.

   Args:
     payload_path: The path to the payload image.

   Raises:
     ApexInfoError on parsing errors.

   Returns:
     A dict that contains payload property-value pairs. The dict should at least
     contain Algorithm, Salt and apex.key.
   """
   if not os.path.exists(payload_path):
     raise ApexInfoError('Failed to find image: {}'.format(payload_path))

   cmd = ['avbtool', 'info_image', '--image', payload_path]
   try:
     output = common.RunAndCheckOutput(cmd)
   except common.ExternalError as e:
     raise ApexInfoError, \
         'Failed to get APEX payload info for {}:\n{}'.format(
             payload_path, e), sys.exc_info()[2]

   # Extract the Algorithm / Salt / Prop info from payload (i.e. an image signed
   # with avbtool). For example,
   # Algorithm:                SHA256_RSA4096
   PAYLOAD_INFO_PATTERN = (
       r'^\s*(?P<key>Algorithm|Salt|Prop)\:\s*(?P<value>.*?)$')
   payload_info_matcher = re.compile(PAYLOAD_INFO_PATTERN)

   payload_info = {}
   for line in output.split('\n'):
     line_info = payload_info_matcher.match(line)
     if not line_info:
       continue

     key, value = line_info.group('key'), line_info.group('value')

     if key == 'Prop':
       # Further extract the property key-value pair, from a 'Prop:' line. For
       # example,
       #   Prop: apex.key -> 'com.android.runtime'
       # Note that avbtool writes single or double quotes around values.
       PROPERTY_DESCRIPTOR_PATTERN = r'^\s*(?P<key>.*?)\s->\s*(?P<value>.*?)$'

       prop_matcher = re.compile(PROPERTY_DESCRIPTOR_PATTERN)
       prop = prop_matcher.match(value)
       if not prop:
         raise ApexInfoError(
             'Failed to parse prop string {}'.format(value))

       prop_key, prop_value = prop.group('key'), prop.group('value')
       if prop_key == 'apex.key':
         # avbtool dumps the prop value with repr(), which contains single /
         # double quotes that we don't want.
         payload_info[prop_key] = prop_value.strip('\"\'')

     else:
       payload_info[key] = value

   # Sanity check.
   for key in ('Algorithm', 'Salt', 'apex.key'):
     if key not in payload_info:
       raise ApexInfoError(
           'Failed to find {} prop in {}'.format(key, payload_path))

   return payload_info
	#!/usr/bin/env python
	#
	# Copyright (C) 2019 The Android Open Source Project
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	import logging
	import os.path
	import re
	import shlex
	import sys

	import common

	logger = logging.getLogger(__name__)


	class ApexInfoError(Exception):
	"""An Exception raised during Apex Information command."""

	def __init__(self, message):
	Exception.__init__(self, message)


	class ApexSigningError(Exception):
	"""An Exception raised during Apex Payload signing."""

	def __init__(self, message):
	Exception.__init__(self, message)


	def SignApexPayload(payload_file, payload_key_path, payload_key_name, algorithm,
	salt, signing_args=None):
	"""Signs a given payload_file with the payload key."""
	# Add the new footer. Old footer, if any, will be replaced by avbtool.
	cmd = ['avbtool', 'add_hashtree_footer',
	'--do_not_generate_fec',
	'--algorithm', algorithm,
	'--key', payload_key_path,
	'--prop', 'apex.key:{}'.format(payload_key_name),
	'--image', payload_file,
	'--salt', salt]
	if signing_args:
	cmd.extend(shlex.split(signing_args))

	try:
	common.RunAndCheckOutput(cmd)
	except common.ExternalError as e:
	raise ApexSigningError, \
	'Failed to sign APEX payload {} with {}:\n{}'.format(
	payload_file, payload_key_path, e), sys.exc_info()[2]

	# Verify the signed payload image with specified public key.
	logger.info('Verifying %s', payload_file)
	VerifyApexPayload(payload_file, payload_key_path)


	def VerifyApexPayload(payload_file, payload_key):
	"""Verifies the APEX payload signature with the given key."""
	cmd = ['avbtool', 'verify_image', '--image', payload_file,
	'--key', payload_key]
	try:
	common.RunAndCheckOutput(cmd)
	except common.ExternalError as e:
	raise ApexSigningError, \
	'Failed to validate payload signing for {} with {}:\n{}'.format(
	payload_file, payload_key, e), sys.exc_info()[2]


	def ParseApexPayloadInfo(payload_path):
	"""Parses the APEX payload info.

	Args:
	payload_path: The path to the payload image.

	Raises:
	ApexInfoError on parsing errors.

	Returns:
	A dict that contains payload property-value pairs. The dict should at least
	contain Algorithm, Salt and apex.key.
	"""
	if not os.path.exists(payload_path):
	raise ApexInfoError('Failed to find image: {}'.format(payload_path))

	cmd = ['avbtool', 'info_image', '--image', payload_path]
	try:
	output = common.RunAndCheckOutput(cmd)
	except common.ExternalError as e:
	raise ApexInfoError, \
	'Failed to get APEX payload info for {}:\n{}'.format(
	payload_path, e), sys.exc_info()[2]

	# Extract the Algorithm / Salt / Prop info from payload (i.e. an image signed
	# with avbtool). For example,
	# Algorithm: SHA256_RSA4096
	PAYLOAD_INFO_PATTERN = (
	r'^\s(?P<key>Algorithm\|Salt\|Prop)\:\s(?P<value>.*?)$')
	payload_info_matcher = re.compile(PAYLOAD_INFO_PATTERN)

	payload_info = {}
	for line in output.split('\n'):
	line_info = payload_info_matcher.match(line)
	if not line_info:
	continue

	key, value = line_info.group('key'), line_info.group('value')

	if key == 'Prop':
	# Further extract the property key-value pair, from a 'Prop:' line. For
	# example,
	# Prop: apex.key -> 'com.android.runtime'
	# Note that avbtool writes single or double quotes around values.
	PROPERTY_DESCRIPTOR_PATTERN = r'^\s(?P<key>.?)\s->\s(?P<value>.?)$'

	prop_matcher = re.compile(PROPERTY_DESCRIPTOR_PATTERN)
	prop = prop_matcher.match(value)
	if not prop:
	raise ApexInfoError(
	'Failed to parse prop string {}'.format(value))

	prop_key, prop_value = prop.group('key'), prop.group('value')
	if prop_key == 'apex.key':
	# avbtool dumps the prop value with repr(), which contains single /
	# double quotes that we don't want.
	payload_info[prop_key] = prop_value.strip('\"\'')

	else:
	payload_info[key] = value

	# Sanity check.
	for key in ('Algorithm', 'Salt', 'apex.key'):
	if key not in payload_info:
	raise ApexInfoError(
	'Failed to find {} prop in {}'.format(key, payload_path))

	return payload_info