CN113791814B - Method, device, equipment and medium for updating production presets on Android platform - Google Patents

Method, device, equipment and medium for updating production presets on Android platform Download PDF

Info

Publication number
CN113791814B
CN113791814B CN202110973366.7A CN202110973366A CN113791814B CN 113791814 B CN113791814 B CN 113791814B CN 202110973366 A CN202110973366 A CN 202110973366A CN 113791814 B CN113791814 B CN 113791814B
Authority
CN
China
Prior art keywords
custom
partition
ota
differential packet
sound
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110973366.7A
Other languages
Chinese (zh)
Other versions
CN113791814A (en
Inventor
肖敏
陈嘉祺
谢纯珀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Morefun Electronic Technology Co ltd
Original Assignee
Fujian Morefun Electronic Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Morefun Electronic Technology Co ltd filed Critical Fujian Morefun Electronic Technology Co ltd
Priority to CN202110973366.7A priority Critical patent/CN113791814B/en
Publication of CN113791814A publication Critical patent/CN113791814A/en
Application granted granted Critical
Publication of CN113791814B publication Critical patent/CN113791814B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/658Incremental updates; Differential updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4406Loading of operating system

Abstract

The embodiment of the invention provides a method, a device, equipment and a medium for customizing and updating production presets on an Android platform, which relate to the technical field of mobile equipment production, and aim at the problem that a high-version Android system for opening AVB2.0 cannot realize customization demands through customizing OTA package differential upgrading, and provides a method for customizing and upgrading a custom OTA differential package of a high-version system for supporting opening AVB 2.0.

Description

Method, device, equipment and medium for updating production presets on Android platform
Technical Field
The invention relates to the technical field of mobile equipment production, in particular to a method, a device, equipment and a medium for updating production presets on an Android platform.
Background
Verification boot (verifiedboost) is an important security function of Android, and is mainly used for preventing boot images from being tampered, protecting the integrity of some protected partitions such as boot/recovery/system/vendor and the like, and improving the anti-attack capability of a system. Early android systems did not verify the secure functionality of boot, google developed a unified verification boot framework Android verified boot 2.0.2.0 on android o (8.0). The AVB2.0 not only ensures that the verified boot function developed based on the framework can meet CDD (Compatibility Definition Document) requirements, but also reserves the elasticity of each OEM custom-made starting verification process. AVB2.0 introduces a new partition: and (verified boot metadata) calculating and packaging all the contents to be verified into the partition at the compiling time, wherein the BootLoader can confirm whether the data in the vbmeta is credible only by verifying the vbmeta. Img in the starting process, and then comparing the boot. Img, dtbo. Img, system. Img and vendor. Img with the data in the vbmeta. In addition to the most basic authentication initiation, AVB2.0 also provides functionality to prevent rollback and support for AB partition backup. Since the android version (9.0), the AVB2.0 security function must be forced to turn on. Aiming at the customization requirement of Android equipment without AVB2.0, a common scheme is to manufacture a customized OTA differential packet to upgrade the system. The customized OTA differential package is convenient to manufacture and flexible to use, and a set of system mirror image programming package can be upgraded to different customized devices by using different customized OTA differential packages, so that the production efficiency of factories is improved in the device production process.
However, starting from the android version (9.0), the conventional custom OTA differential upgrade scheme cannot update the system or vendor partitions of the system. To realize customization requirements of android and subsequent version devices, the AVB2.0 function of the system cannot be disabled, and the system image can be reprogrammed only by changing the system code to meet different customization requirements. The system engineer also needs to maintain multiple sets of system codes and burn multiple sets of system images during the production of the device. The traditional customization mode has low efficiency, and developed codes are inconvenient to maintain and manage the produced system mirror images, so that the traditional customization mode cannot rapidly cope with the requirements of various application scenes of different clients.
Disclosure of Invention
The invention aims to solve the technical problem of providing a method, a device, equipment and a medium for producing preset updating on an Android platform, and provides a customized OTA differential packet customized upgrading method supporting a high-version system for starting AVB2.0, aiming at the fact that the customized demand can not be realized through customized OTA packet differential upgrading of the high-version Android system for starting AVB 2.0.
In a first aspect, the present invention provides a method for updating production presets on an Android platform, including: a system pre-transformation process and a production preset updating process;
the system pre-modification process comprises the following steps:
newly creating a custom partition in an Android system, wherein the custom partition is used for storing preset custom files, and the custom files comprise APK installation packages, startup animation/sound, shutdown animation/sound and/or system attribute files;
adding an API in a script interpreter update-binary, wherein the API is used for extracting all files in a specified compression package to a specified target directory;
adding management of APK installation packages in the custom partition for the PackageManagerService service;
changing system settings, when loading each partition attribute file in the Android system starting process, preferentially searching whether the system attribute file exists in the custom partition, if so, loading the system attribute file, and if not, normally loading the default attribute file of the system;
when the system is started to load the startup animation/sound, preferentially searching the startup animation/sound in the custom partition, preferentially using if the custom partition has startup animation/sound files, and using the startup animation/sound in the system partition if the custom partition does not have startup animation/sound;
in the system shutdown process, when the system executes to load shutdown animation/sound, preferentially searching the shutdown animation/sound in the custom partition, preferentially using if the custom partition has the shutdown animation/sound file, and using if the custom partition has no shutdown animation/sound, the shutdown animation/sound in the system partition;
the production preset updating process comprises the following steps:
and sending the obtained self-defined OTA differential packet to a terminal, preprocessing, running a preset system upgrading interface, restarting the system, and executing OTA packet upgrading in a recovery mode.
Further, in the process of producing the preset update, the obtained custom OTA differential packet is sent to the terminal and then preprocessed, which specifically comprises:
step S1, manufacturing a custom OTA differential packet according to customized requirements, wherein the custom OTA differential packet is a compressed packet of secondary compression;
s2, signing the self-defined OTA differential packet by using a private key;
s3, downloading the signed user-defined OTA differential packet and the signature file to the terminal;
s4, verifying and signing the self-defined OTA differential packet by using a preset public key;
and S5, preprocessing the self-defined OTA differential packet after the signature verification passes.
Further, the step S1 specifically includes:
s1a, generating a custom OTA differential packet in a Linux environment according to a custom directory template, wherein the custom directory template comprises META-INF and a custom partition directory, and the subdirectories and file structures under the custom partition directory are matched with the custom partition mirror image directory structures compiled by source codes;
s1b, writing an application version number into a ver.ini file of the custom partition catalog, thereby confirming version information of upgrading the custom OTA differential packet;
s1c, compressing META-INF and a custom partition directory into a compressed package, and then signing the compressed package, wherein a signing key is consistent with a key used in the compiling process of an Android system, and the signed compressed package is placed under a specified target directory;
s1d, compressing the target directory again to generate a custom OTA differential packet, wherein the custom OTA differential packet which is compressed for the second time is used for directly decompressing the operation decompression command to a default system upgrading path when the system is upgraded.
Further, the step S2 specifically includes:
and carrying out secondary signature on the self-defined OTA differential packet by using a secret key, wherein a public key certificate corresponding to the secondary signature secret key is preset on a security module of the system, the secondary signature is carried out by adopting a 2048-bit RSA algorithm and a SHA-256 algorithm, firstly, carrying out SHA-256 operation on a compressed packet of the self-defined OTA differential packet to obtain a HASH value, then carrying out RSA signature on the HASH value by using a private key, and storing a signature result and a working certificate for signature verification as a SIG file in a set format.
Further, the step S4 specifically includes:
extracting a working certificate and a signature from the SIG file;
using a preset public key as a root public key to verify whether the working certificate is legal or not, and if the working certificate passes the next step, exiting the upgrading process if the working certificate fails to pass the next step;
and calculating a HASH value of the self-defined OTA differential packet through an SHA-256 algorithm, performing signature verification by using the HASH value as the original signature data and the extracted signature data and using a certificate, if the signature verification is performed continuously by upgrading the OTA differential packet, and if the signature verification is failed, exiting the upgrading process.
Further, the step S5 specifically includes:
copying the custom OTA differential packet compressed for the second time to a specified target directory of the system;
decompressing the self-defined OTA differential packet for one time through a decompression tool of the system, and obtaining an upgrade file under a target directory, wherein the upgrade file is still a compressed packet;
renaming the upgrade file to be a ZIP suffix file.
In a second aspect, the present invention provides a device for updating production presets on an Android platform, including: a system pre-transformation module and a production preset updating module;
the system pre-modification module is used for:
newly creating a custom partition in an Android system, wherein the custom partition is used for storing preset custom files, and the custom files comprise APK installation packages, startup animation/sound, shutdown animation/sound and/or system attribute files;
adding an API in a script interpreter update-binary, wherein the API is used for extracting all files in a specified compression package to a specified target directory;
adding management of APK installation packages in the custom partition for the PackageManagerService service;
changing system settings, when loading each partition attribute file in the Android system starting process, preferentially searching whether the system attribute file exists in the custom partition, if so, loading the system attribute file, and if not, normally loading the default attribute file of the system;
when the system is started to load the startup animation/sound, preferentially searching the startup animation/sound in the custom partition, preferentially using if the custom partition has startup animation/sound files, and using the startup animation/sound in the system partition if the custom partition does not have startup animation/sound;
in the system shutdown process, when the system executes to load shutdown animation/sound, preferentially searching the shutdown animation/sound in the custom partition, preferentially using if the custom partition has the shutdown animation/sound file, and using the shutdown animation/sound in the system partition if the custom partition has no shutdown animation/sound;
the production preset updating module is used for:
and acquiring a customized OTA differential packet manufactured according to the customized requirements, transmitting the customized OTA differential packet to a terminal, preprocessing the customized OTA differential packet, running a preset system upgrading interface, restarting the system, and executing OTA packet upgrading in a recovery mode.
Further, in the process of producing the preset module, the customized OTA differential packet is obtained and sent to the terminal and then preprocessed, which specifically comprises: the device comprises a differential packet generation module, a signature module, a downloading module, a verification module and a preprocessing module;
the differential packet generation module is used for generating a custom OTA differential packet according to the customized requirement, wherein the custom OTA differential packet is a compressed packet of secondary compression;
the signature module is used for signing the custom OTA differential packet by using a private key;
the downloading module is used for downloading the signed user-defined OTA differential packet and the signature file to the terminal;
the verification module is used for verifying the signature custom OTA differential packet by using a preset public key;
the preprocessing module is used for preprocessing the self-defined OTA differential packet after the signature verification passes.
In a third aspect, the invention provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of the first aspect when executing the program.
In a fourth aspect, the present invention provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements the method of the first aspect.
The embodiment of the invention has the following technical effects or advantages:
1. by simply modifying the high-version Android system of AVB2.0, the OTA upgrading mechanism of the original system is utilized, the development and production burden is not increased, the customized production efficiency of the system is improved, the code maintenance and the system mirror image management are facilitated, and the requirements of various application scenes of different clients can be rapidly met;
2. the customized partition catalog is made into a mirror image format by performing secondary compression when the customized OTA differential catalog is manufactured, and additional tools are not required to be installed on a PC end, so that the updating flow of the system is further simplified, and the production efficiency is improved;
3. and the secondary signature is carried out on the secondary compressed OTA differential packet by using the secret key, so that the legality of the customized OTA differential packet is ensured, and the system safety is ensured.
The foregoing description is only an overview of the present invention, and is intended to provide a better understanding of the technical means of the present invention, as it is embodied in the present specification, and is intended to provide a better understanding of the above and other objects, features and advantages of the present invention, as it is embodied in the following description.
Drawings
The invention will be further described with reference to examples of embodiments with reference to the accompanying drawings.
FIG. 1 is a flow chart of a method according to a first embodiment of the invention;
FIG. 2 is a flow chart of a secondary signature verification process in a second embodiment of the invention;
fig. 3 is a flowchart of performing OTA upgrade in a second embodiment of the present invention;
FIG. 4 is a diagram of a customized catalog template in a second embodiment of the present invention;
FIG. 5 is a schematic view of a device in a third embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention;
fig. 7 is a schematic structural diagram of a medium in a fifth embodiment of the present invention.
Detailed Description
The embodiment of the application provides a customized updating method, device, equipment and medium for production on an Android platform, and provides a customized updating method for customized OTA differential packages of a high-version system supporting starting AVB2.0 aiming at the fact that the customized requirements cannot be met through customized OTA differential package updating of the high-version Android system for starting AVB 2.0.
According to the technical scheme in the embodiment of the application, the overall thought is as follows:
the customization of the Android device is realized by utilizing the original recovery mode OTA upgrading flow of the Android system, and the function of the Android device is not required to be newly added, so that the redundancy of system functions is caused. The secondary signature mechanism ensures that the issued OTA differential packet is safe and controllable, the trusted APK can be preset in the partition, unsafe applications or scripts can not be installed, the production efficiency of system customization is improved, code maintenance and system mirror image management are facilitated, and the requirements of various application scenes of different clients can be rapidly met.
Example 1
The embodiment provides a method for updating production presets on an Android platform, which is shown in fig. 1 and comprises the following steps of; a system pre-transformation process and a production preset updating process;
the system pre-modification process comprises the following steps:
newly creating a custom partition in an Android system, wherein the custom partition is used for storing preset custom files, and the custom files comprise APK installation packages, startup animation/sound, shutdown animation/sound and/or system attribute files;
adding an API in a script interpreter update-binary, wherein the API is used for extracting all files in a specified compression package to a specified target directory;
adding management of APK installation packages in the custom partition for the PackageManagerService service;
changing system settings, when loading each partition attribute file in the Android system starting process, preferentially searching whether the system attribute file exists in the custom partition, if so, loading the system attribute file, and if not, normally loading the default attribute file of the system;
when the system is started to load the startup animation/sound, preferentially searching the startup animation/sound in the custom partition, preferentially using if the custom partition has startup animation/sound files, and using the startup animation/sound in the system partition if the custom partition does not have startup animation/sound;
in the system shutdown process, when the system executes to load shutdown animation/sound, the shutdown animation/sound in the custom partition is preferentially searched, if the custom partition is related to the shutdown animation/sound file, the custom partition is preferentially used, and if the custom partition is not related to the shutdown animation/sound, the shutdown animation/sound in the system partition is used.
The production preset updating process comprises the following steps:
and sending the obtained self-defined OTA differential packet to a terminal, preprocessing, running a preset system upgrading interface, restarting the system, and executing OTA packet upgrading in a recovery mode.
The Android device customization is realized by simply modifying the high-version Android system of AVB2.0 and utilizing the original recovery mode OTA upgrading flow of the Android system, the function of the Android device is not required to be newly added, the redundancy of the system function is caused, the burden of development and production is not increased, the production efficiency of system customization is improved, the code maintenance and the system mirror image management are convenient, and the requirements of various application scenes of different clients can be rapidly met.
In a specific embodiment, in the process of updating the production preset, the obtained customized OTA differential packet is sent to the terminal and then preprocessed, which specifically includes:
step S1, manufacturing a custom OTA differential packet according to customized requirements, wherein the custom OTA differential packet is a compressed packet of secondary compression;
s2, signing the self-defined OTA differential packet by using a private key;
s3, downloading the signed user-defined OTA differential packet and the signature file to the terminal;
s4, verifying and signing the self-defined OTA differential packet by using a preset public key;
and S5, preprocessing the self-defined OTA differential packet after the signature verification passes.
The customized partition catalog is made into a mirror image format by performing secondary compression when the customized OTA differential catalog is manufactured, and additional tools are not required to be installed on a PC end, so that the updating flow of the system is further simplified, and the production efficiency is improved; and the secondary signature is carried out on the secondary compressed OTA differential packet by using the secret key, so that the legality of the customized OTA differential packet is ensured, and the system safety is ensured.
In one embodiment, the step S1 specifically includes:
s1a, generating a custom OTA differential packet in a Linux environment according to a custom directory template, wherein the custom directory template comprises META-INF and a custom partition directory, and the subdirectories and file structures under the custom partition directory are matched with the custom partition mirror image directory structures compiled by source codes;
s1b, writing an application version number into a ver.ini file of the custom partition catalog, thereby confirming version information of upgrading the custom OTA differential packet;
s1c, compressing META-INF and a custom partition directory into a compressed package, and then signing the compressed package, wherein a signing key is consistent with a key used in the compiling process of an Android system, and the signed compressed package is placed under a specified target directory;
s1d, compressing the target directory again to generate a custom OTA differential packet, wherein the custom OTA differential packet which is compressed for the second time is used for directly decompressing the operation decompression command to a default system upgrading path when the system is upgraded.
In one embodiment, the step S2 specifically includes:
and carrying out secondary signature on the self-defined OTA differential packet by using a secret key, wherein a public key certificate corresponding to the secondary signature secret key is preset on a security module of the system, the secondary signature is carried out by adopting a 2048-bit RSA algorithm and a SHA-256 algorithm, firstly, carrying out SHA-256 operation on a compressed packet of the self-defined OTA differential packet to obtain a HASH value, then carrying out RSA signature on the HASH value by using a private key, and storing a signature result and a working certificate for signature verification as a SIG file in a set format.
In one embodiment, the step S4 specifically includes:
extracting a working certificate and a signature from the SIG file;
using a preset public key as a root public key to verify whether the working certificate is legal or not, and if the working certificate passes the next step, exiting the upgrading process if the working certificate fails to pass the next step;
and calculating a HASH value of the self-defined OTA differential packet through an SHA-256 algorithm, and using the HASH value as the original data of the signature and the extracted signature data to carry out signature verification, if the signature verification is carried out by continuing updating the OTA differential packet, and if the signature verification is failed, exiting the updating flow.
In one embodiment, the step S5 specifically includes:
copying the custom OTA differential packet compressed for the second time to a specified target directory of the system;
decompressing the self-defined OTA differential packet for one time through a decompression tool of the system, and obtaining an upgrade file under a target directory, wherein the upgrade file is still a compressed packet;
renaming the upgrade file to be a ZIP suffix file.
Example two
An embodiment in production is implemented as follows:
aiming at the situation that the high-version Android system of the AVB2.0 version is started, customization needs cannot be achieved through upgrading of the customized OTA differential packet, the system is simply modified, and then the OTA differential packet is manufactured to conduct production preset updating.
Firstly, the system is modified as follows:
1. and newly creating a custom partition mfisv in the Android system for storing preset APK, startup animation/sound, shutdown animation/sound, system attribute files and the like, wherein the content of the partition can be upgraded in a recovery mode.
2. The script interpreter update_binary of the Android system needs to add an API to be compatible with the old upgrade script. In comparison with the old version Android system, the APIs need to be added with delete, delete _ recursive, package _extract_ dir, symlink, set _metadata, set_metadata_recovery and rename, and the functions of the APIs are the same as those of the update_binary module of the old version system.
3. In the Android system starting process, when the init process is executed to load the system attribute of each partition, whether the file/mfisv/data/custom_product of the mfisv partition exists or not is checked. If yes, the system attribute value set by the custom_product. In order for the custom_product.Prop property to be loaded, a sentence of import/mfisv/data/custom_product.Prop needs to be added to the build.Prop file of the system partition.
4. In the Android system starting process, when the startup animation/sound is loaded during execution, whether the mfisv partition contains startup animation/sound files is checked preferentially, and if yes, the mfisv partition files are loaded. If not, checking whether the system partition contains the boot animation/sound file, if so, loading the system partition file, and if not, not loading the file.
5. In the Android system starting process, a PackageManagerService service is started, and besides conventional operation is executed, APKs preset under the mfisv/app/path are scanned, and APKs under the mfisv/app/path are installed, uninstalled or upgraded.
6. In the Android system shutdown process, when the execution is carried out to load shutdown animation/sound, whether the mfisv partition contains shutdown animation/sound files is checked preferentially, and if yes, the mfisv partition files are loaded. If not, checking whether the system partition contains the shutdown animation/sound file, if so, loading the system partition file, and if not, not loading the file.
7. After the Android system is started and enters the system, a user-defined OTA differential packet and a signature file are needed. And the Android system supports the acquisition of the custom OTA differential packet and the signature file from a plug-in USB flash disk, a built-in SD card storage space or a network mode.
8. When the custom OTA differential packet is manufactured, the file structure of the mfisv directory of the custom template is matched with the mfisv mirror image directory structure compiled by the source code, so that the application of the newly added API of the 2 nd point update_binary module is facilitated.
9. In the process of executing OTA upgrading operation by the Android system, the system uses a preset public key to verify and sign the self-defined OTA differential packet. And if the verification sign passes, executing the rest upgrading flow. If the check mark does not pass, the upgrading process is exited.
The process of producing OTA differential packet to update the production presets is as follows:
step 1, a custom OTA differential packet is manufactured according to the customized requirements.
a. The customized catalog template generates a customized OTA differential package through shell script in a linux environment, the customized catalog comprises META-INF and mfisv catalog (refer to fig. 4), the file catalog structure is similar to OTA full-package catalog structure coded by a system source code, and the subdirectories and the file structure under mfisv catalog are required to be matched with mfisv mirror catalog structure coded by the source code.
b. And writing an application version number into the ver.ini file of the mfisv catalog through the shell script to confirm the version information of the upgrade of the custom OTA differential packet.
c. And compressing META-INF and mfisv catalogues into a zip packet through the shell script, and signing the zip packet through a signak. The signed OTA packet is put under the current data/morefun directory.
d. The current data/morefun directory is compressed again into a zip packet. The secondarily compressed zip package is used for directly decompressing an un-zip command of the shell script in system upgrading to a default system upgrading path/data/morefun/ota.
The purpose of customizing the custom OTA differential packet is to update the mfisv partition through a recovery mode, the corresponding mfisv directory and files are compressed for the second time, no additional tools are required to be installed on the PC end to make the mfisv directory into an img mirror image format, and the customization flow is mature.
And step 2, signing the self-defined OTA differential packet by using a private key.
And carrying out secondary signature on the secondary compressed OTA by using a secret key, wherein a public key certificate corresponding to the signature secret key is preset on a security module of the system.
The self-defined OTA differential packet also has 2 signature mechanisms to ensure the security of OTA upgrading, and the PCI recommended 2048 bit RSA algorithm and SHA-256 (HASH algorithm) are adopted for signature in the second signature, firstly, the secondary compressed zip packet is firstly subjected to SHA-256 operation to obtain a HASH value, then the HASH value is subjected to RSA signature by using a private key, and the signature result and a working certificate for signature verification are stored in a file with a sig suffix in a determined format. In the subsequent upgrading process, 2 times of signature verification are needed. The security of the differential packet is high, and the system cannot normally run after the system is upgraded.
And 3, downloading the user-defined OTA differential packet and the signature file to the terminal.
The user-defined OTA differential packet and the signature file can be downloaded to the terminal through a network and a usb data line; the files can be copied to the U disk and then connected to the equipment through an otg line, and the files can be used as an external SD card of the system for system access.
And 4, the terminal uses a preset public key to verify and sign the self-defined OTA differential packet.
Secondary signature verification process:
the public key used for the secondary signature verification is preset on the security module of the terminal, and the public key to be preset is programmed on the security module before the equipment leaves the factory.
1) The working certificate and signature are extracted from a signature file with a suffix sig.
2) And using the preset public key as a root public key to verify whether the working certificate is legal or not, and if the working certificate passes the next step, exiting the upgrading process if the working certificate fails to pass the next step.
3) And calculating a hash value of the secondary compressed OTA packet SHA-256, wherein the hash value is used as original data of the signature, and the signature is checked with the extracted signature data by using a working certificate, and if the signature checking passes the next step, the upgrading process is exited if the signature checking fails.
The flow chart of the secondary signature verification process is shown in fig. 2.
And 5, preprocessing the user-defined OTA differential packet, and running a preset system upgrading interface by the terminal.
Preprocessing of custom differential packets:
1) Copying the custom OTA differential packet of secondary compression to the system/data/morefun directory
2) Decompression of custom OTA differential packets by the system's uzip tool results in OTA _update under the/data/morefun directory
3) The re-command ota _update is an ota.zip file.
And the terminal calls an android standard java interface recovery system.installation package, the interface writes parameters for restarting to enter a recovery mode into a system cache, and finally the system is restarted automatically.
And 6, restarting the system to enter a recovery mode to execute OTA packet upgrading.
As shown in fig. 3, after entering the recovery mode, the public key is loaded, and signature verification is performed again on the upgrade package ota.
Decompressing the ota.zip packet to extract a script interpreter update_binary and an upgrade script updater-script, running the upgrade script, and truly executing the upgrade operation of the system. After the execution is finished, the system is automatically restarted.
And 7, automatically restarting the updated system after the updating is finished.
After the Android system is modified, the production preset updating step is implemented, so that the system can be updated smoothly, and the customization of the system is realized. Step 5-step 7 is a complete OTA upgrade process, only the custom differential packet preprocessing in step 5 requires equipment manufacturer development, and other step systems are already supported by default. Therefore, customization of Android equipment is realized by utilizing the original recovery mode OTA upgrading flow of the Android system, and new functions of the Android equipment are not needed, so that redundancy of system functions is caused. The secondary signature mechanism ensures that the issued OTA differential packet is safe and controllable, the partition can preset a trusted APK, and unsafe applications or scripts cannot be installed.
The custom OTA differential packet is written to the mfisv partition through the recovery mode, and the existing files in the mfisv partition can be covered by the files in the OTA differential packet, or the existing files are deleted through script commands, and the like. The mfis partition functions like a vendor partition, and as a part of the system, the system does not need to execute redundant business logic to judge partition content change every time the system is started to enable the system to enter different default presets or expected presets, for example, the property configuration of the pro system of the mfis partition can be imported in the init process of every time the system is started, and an APK package under the mfis/app directory can be scanned in the frame work layer of the system to determine whether to install the APK or not, and the like.
Based on the same inventive concept, the present application also provides a device corresponding to the method in the first embodiment, and the details of the third embodiment are described in detail.
Example III
In this embodiment, a preset updating device for production on an Android platform is provided, as shown in fig. 5, including: a system pre-transformation module and a production preset updating module;
the system pre-modification module is used for:
newly creating a custom partition in an Android system, wherein the custom partition is used for storing preset custom files, and the custom files comprise APK installation packages, startup animation/sound, shutdown animation/sound and/or system attribute files;
adding an API in a script interpreter update-binary, wherein the API is used for extracting all files in a specified compression package to a specified target directory;
adding management of APK installation packages in the custom partition for the PackageManagerService service;
changing system settings, when loading each partition attribute file in the Android system starting process, preferentially searching whether the system attribute file exists in the custom partition, if so, loading the system attribute file, and if not, normally loading the default attribute file of the system;
when the system is started to load the startup animation/sound, preferentially searching the startup animation/sound in the custom partition, preferentially using if the custom partition has startup animation/sound files, and using the startup animation/sound in the system partition if the custom partition does not have startup animation/sound;
in the system shutdown process, when the system executes to load shutdown animation/sound, preferentially searching the shutdown animation/sound in the custom partition, preferentially using if the custom partition has the shutdown animation/sound file, and using the shutdown animation/sound in the system partition if the custom partition has no shutdown animation/sound;
the production preset updating module is used for:
and acquiring a customized OTA differential packet manufactured according to the customized requirements, transmitting the customized OTA differential packet to a terminal, preprocessing the customized OTA differential packet, running a preset system upgrading interface, restarting the system, and executing OTA packet upgrading in a recovery mode.
Further, in the process of producing the preset module, the customized OTA differential packet is obtained and sent to the terminal and then preprocessed, which specifically comprises: the device comprises a differential packet generation module, a signature module, a downloading module, a verification module and a preprocessing module;
the differential packet generation module is used for generating a custom OTA differential packet according to the customized requirement, wherein the custom OTA differential packet is a compressed packet of secondary compression;
the signature module is used for signing the custom OTA differential packet by using a private key;
the downloading module is used for downloading the signed user-defined OTA differential packet and the signature file to the terminal;
the verification module is used for verifying the signature custom OTA differential packet by using a preset public key;
the preprocessing module is used for preprocessing the self-defined OTA differential packet after the signature verification passes.
Since the device described in the third embodiment of the present invention is a device used for implementing the method described in the first embodiment of the present invention, based on the method described in the first embodiment of the present invention, a person skilled in the art can understand the specific structure and function of the device, and therefore, the detailed description thereof is omitted herein. All devices used in the method according to the first embodiment of the present invention are within the scope of the present invention.
Based on the same inventive concept, the application provides an electronic device embodiment corresponding to the first embodiment, and details of the fourth embodiment are shown in the specification.
Example IV
The present embodiment provides an electronic device, as shown in fig. 6, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where any implementation of the first embodiment may be implemented when the processor executes the computer program.
Since the electronic device described in this embodiment is a device for implementing the method described in the first embodiment of the present application, those skilled in the art will be able to understand the specific implementation of the electronic device and various modifications thereof based on the method described in the first embodiment of the present application, so how the method described in the embodiment of the present application is implemented in this electronic device will not be described in detail herein. The apparatus used to implement the methods of the embodiments of the present application are within the scope of what is intended to be protected by the present application.
Based on the same inventive concept, the application provides a storage medium corresponding to the first embodiment, and the details of the fifth embodiment are described in the following.
Example five
The present embodiment provides a computer readable storage medium, as shown in fig. 7, on which a computer program is stored, which when executed by a processor, can implement any implementation of the first embodiment.
Since the computer readable storage medium described in this embodiment is a computer readable storage medium used to implement the method in the first embodiment of the present application, those skilled in the art will be able to understand the specific implementation of the computer readable storage medium and various modifications thereof based on the method described in the first embodiment of the present application, so how the computer readable storage medium implements the method in the embodiment of the present application will not be described in detail herein. Insofar as the computer-readable storage medium employed by one of ordinary skill in the art to practice the methods of embodiments of the present application is included within the scope of what is claimed herein.
While specific embodiments of the invention have been described above, it will be appreciated by those skilled in the art that the specific embodiments described are illustrative only and not intended to limit the scope of the invention, and that equivalent modifications and variations of the invention in light of the spirit of the invention will be covered by the claims of the present invention.

Claims (7)

1. The method for producing the preset update on the Android platform is characterized by comprising the following steps of: a system pre-transformation process and a production preset updating process;
the system pre-modification process comprises the following steps:
newly creating a custom partition in an Android system, wherein the custom partition is used for storing preset custom files, and the custom files comprise APK installation packages, startup animation/sound, shutdown animation/sound and/or system attribute files;
adding an API in a script interpreter update-binary, wherein the API is used for extracting all files in a specified compression package to a specified target directory;
adding management of APK installation packages in the custom partition for the PackageManagerService service;
changing system settings, when loading each partition attribute file in the Android system starting process, preferentially searching whether the system attribute file exists in the custom partition, if so, loading the system attribute file, and if not, normally loading the default attribute file of the system;
when the system is started to load the startup animation/sound, preferentially searching the startup animation/sound in the custom partition, preferentially using if the custom partition has startup animation/sound files, and using the startup animation/sound in the system partition if the custom partition does not have startup animation/sound;
in the system shutdown process, when the system executes to load shutdown animation/sound, preferentially searching the shutdown animation/sound in the custom partition, preferentially using if the custom partition has the shutdown animation/sound file, and using if the custom partition has no shutdown animation/sound, the shutdown animation/sound in the system partition;
the production preset updating process comprises the following steps:
the obtained self-defined OTA differential packet is sent to a terminal and then preprocessed, a preset system upgrading interface is operated, and the system is restarted to enter a recovery mode to execute OTA packet upgrading;
in the process of producing and updating the preset, the obtained self-defined OTA differential packet is sent to a terminal and then preprocessed, and the method specifically comprises the following steps:
step S1, manufacturing a custom OTA differential packet according to customized requirements, wherein the custom OTA differential packet is a compressed packet of secondary compression;
s2, signing the self-defined OTA differential packet by using a private key;
s3, downloading the signed user-defined OTA differential packet and the signature file to the terminal;
s4, verifying and signing the self-defined OTA differential packet by using a preset public key;
s5, preprocessing the self-defined OTA differential packet after the signature verification passes;
the step S1 specifically includes:
s1a, generating a custom OTA differential packet in a Linux environment according to a custom directory template, wherein the custom directory template comprises META-INF and a custom partition directory, and the subdirectories and file structures under the custom partition directory are matched with the custom partition mirror image directory structures compiled by source codes;
s1b, writing an application version number into a ver.ini file of the custom partition catalog, thereby confirming version information of upgrading the custom OTA differential packet;
s1c, compressing META-INF and a custom partition directory into a compressed package, and then signing the compressed package, wherein a signing key is consistent with a key used in the compiling process of an Android system, and the signed compressed package is placed under a specified target directory;
s1d, compressing the target directory again to generate a custom OTA differential packet, wherein the custom OTA differential packet which is compressed for the second time is used for directly decompressing the operation decompression command to a default system upgrading path when the system is upgraded.
2. The method according to claim 1, wherein the step S2 specifically comprises:
and carrying out secondary signature on the self-defined OTA differential packet by using a secret key, wherein a public key certificate corresponding to the secondary signature secret key is preset on a security module of the system, the secondary signature is carried out by adopting a 2048-bit RSA algorithm and a SHA-256 algorithm, firstly, carrying out SHA-256 operation on a compressed packet of the self-defined OTA differential packet to obtain a HASH value, then carrying out RSA signature on the HASH value by using a private key, and storing a signature result and a working certificate for signature verification as a SIG file in a set format.
3. The method according to claim 1, wherein the step S4 specifically includes:
extracting a working certificate and a signature from the SIG file;
using a preset public key as a root public key to verify whether the working certificate is legal or not, and if the working certificate passes the next step, exiting the upgrading process if the working certificate fails to pass the next step;
and calculating a HASH value of the self-defined OTA differential packet through an SHA-256 algorithm, performing signature verification by using the HASH value as the original signature data and the extracted signature data and using a certificate, if the signature verification is performed continuously by upgrading the OTA differential packet, and if the signature verification is failed, exiting the upgrading process.
4. The method according to claim 1, wherein the step S5 specifically includes:
copying the custom OTA differential packet compressed for the second time to a specified target directory of the system;
decompressing the self-defined OTA differential packet for one time through a decompression tool of the system, and obtaining an upgrade file under a target directory, wherein the upgrade file is still a compressed packet;
renaming the upgrade file to be a ZIP suffix file.
5. The utility model provides a production presets updating device on Android platform which characterized in that includes: a system pre-transformation module and a production preset updating module;
the system pre-modification module is used for:
newly creating a custom partition in an Android system, wherein the custom partition is used for storing preset custom files, and the custom files comprise APK installation packages, startup animation/sound, shutdown animation/sound and/or system attribute files;
adding an API in a script interpreter update-binary, wherein the API is used for extracting all files in a specified compression package to a specified target directory;
adding management of APK installation packages in the custom partition for the PackageManagerService service;
changing system settings, when loading each partition attribute file in the Android system starting process, preferentially searching whether the system attribute file exists in the custom partition, if so, loading the system attribute file, and if not, normally loading the default attribute file of the system;
when the system is started to load the startup animation/sound, preferentially searching the startup animation/sound in the custom partition, preferentially using if the custom partition has startup animation/sound files, and using the startup animation/sound in the system partition if the custom partition does not have startup animation/sound;
in the system shutdown process, when the system executes to load shutdown animation/sound, preferentially searching the shutdown animation/sound in the custom partition, preferentially using if the custom partition has the shutdown animation/sound file, and using the shutdown animation/sound in the system partition if the custom partition has no shutdown animation/sound;
the production preset updating module is used for:
acquiring a customized OTA differential packet manufactured according to customized requirements, sending the customized OTA differential packet to a terminal, preprocessing the customized OTA differential packet, running a preset system upgrading interface, restarting the system to enter a recovery mode, and executing OTA packet upgrading;
in the production preset updating module, the obtained custom OTA differential packet is sent to a terminal and then preprocessed, and the method specifically comprises the following steps: the device comprises a differential packet generation module, a signature module, a downloading module, a verification module and a preprocessing module;
the differential packet generation module is used for generating a custom OTA differential packet according to the customized requirement, wherein the custom OTA differential packet is a compressed packet of secondary compression;
the signature module is used for signing the custom OTA differential packet by using a private key;
the downloading module is used for downloading the signed user-defined OTA differential packet and the signature file to the terminal;
the verification module is used for verifying the signature custom OTA differential packet by using a preset public key;
the preprocessing module is used for preprocessing the self-defined OTA differential packet after the signature verification passes;
the differential packet generation module is specifically configured to execute the following steps:
s1a, generating a custom OTA differential packet in a Linux environment according to a custom directory template, wherein the custom directory template comprises META-INF and a custom partition directory, and the subdirectories and file structures under the custom partition directory are matched with the custom partition mirror image directory structures compiled by source codes;
s1b, writing an application version number into a ver.ini file of the custom partition catalog, thereby confirming version information of upgrading the custom OTA differential packet;
s1c, compressing META-INF and a custom partition directory into a compressed package, and then signing the compressed package, wherein a signing key is consistent with a key used in the compiling process of an Android system, and the signed compressed package is placed under a specified target directory;
s1d, compressing the target directory again to generate a custom OTA differential packet, wherein the custom OTA differential packet which is compressed for the second time is used for directly decompressing the operation decompression command to a default system upgrading path when the system is upgraded.
6. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 4 when the program is executed by the processor.
7. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any one of claims 1 to 4.
CN202110973366.7A 2021-08-24 2021-08-24 Method, device, equipment and medium for updating production presets on Android platform Active CN113791814B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110973366.7A CN113791814B (en) 2021-08-24 2021-08-24 Method, device, equipment and medium for updating production presets on Android platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110973366.7A CN113791814B (en) 2021-08-24 2021-08-24 Method, device, equipment and medium for updating production presets on Android platform

Publications (2)

Publication Number Publication Date
CN113791814A CN113791814A (en) 2021-12-14
CN113791814B true CN113791814B (en) 2024-03-26

Family

ID=78876357

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110973366.7A Active CN113791814B (en) 2021-08-24 2021-08-24 Method, device, equipment and medium for updating production presets on Android platform

Country Status (1)

Country Link
CN (1) CN113791814B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106775723A (en) * 2016-12-16 2017-05-31 深圳市优博讯科技股份有限公司 The method and Android device of the system firmware customization based on Android platform
CN107229502A (en) * 2017-07-18 2017-10-03 山东亚华电子股份有限公司 A kind of many applications combination upgrade method based on Android platform terminal
CN108874439A (en) * 2018-07-02 2018-11-23 京东方科技集团股份有限公司 Obtain method and device, upgrade method and the device of customization difference packet
CN110515646A (en) * 2019-07-26 2019-11-29 华为技术有限公司 A kind of difference upgrade method and relevant device
CN112433747A (en) * 2020-12-16 2021-03-02 深圳乐播科技有限公司 Differential upgrading method and system suitable for Software Development Kit (SDK)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9606774B2 (en) * 2012-10-16 2017-03-28 Citrix Systems, Inc. Wrapping an application with field-programmable business logic

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106775723A (en) * 2016-12-16 2017-05-31 深圳市优博讯科技股份有限公司 The method and Android device of the system firmware customization based on Android platform
CN107229502A (en) * 2017-07-18 2017-10-03 山东亚华电子股份有限公司 A kind of many applications combination upgrade method based on Android platform terminal
CN108874439A (en) * 2018-07-02 2018-11-23 京东方科技集团股份有限公司 Obtain method and device, upgrade method and the device of customization difference packet
CN110515646A (en) * 2019-07-26 2019-11-29 华为技术有限公司 A kind of difference upgrade method and relevant device
CN112433747A (en) * 2020-12-16 2021-03-02 深圳乐播科技有限公司 Differential upgrading method and system suitable for Software Development Kit (SDK)

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential Analysis;Yousra Aafer 等;《Proceedings of the 25th USENIX Security Symposium》;第1153-1168页 *
Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating;Luyi Xing 等;《2014 IEEE Symposium on Security and Privacy》;第393-408页 *
基于移动互联网的个性化医疗信息服务技术研究;余欢;《中国优秀硕士学位论文全文数据库 医药卫生科技辑》;E054-46 *

Also Published As

Publication number Publication date
CN113791814A (en) 2021-12-14

Similar Documents

Publication Publication Date Title
US11599348B2 (en) Container image building using shared resources
RU2419839C2 (en) Software update system and method for portable ota supporting mobile terminal
CN106775723B (en) Android platform-based system firmware customization method and Android device
CN105573780B (en) A kind of mobile terminal operating system upgrade method and device based on container
KR101143112B1 (en) Applying custom software image updates to non-volatile storage in a failsafe manner
US20070294685A1 (en) Program upgrade system and method for ota-capable portable device
CN109062598B (en) Safe OTA (over the air) upgrading method and system
US9823915B1 (en) Software container format
CN105786538B (en) software upgrading method and device based on android system
US20130055231A1 (en) System and method for incremental software installation
US20160378458A1 (en) Method and device for system application installation package, and terminal
TWI533216B (en) Operating system updating method
WO2013078951A1 (en) Method and system for upgrading software
GB2413653A (en) Software installation comprising a decision phase and installation phase
CN104052818A (en) Version upgrade method and device for mobile terminal
CN103309706A (en) Memory file system preparation method and unit based on Linux operation system
US9513762B1 (en) Static content updates
US20170242685A1 (en) Updating of firmware
WO2020029967A1 (en) Method and apparatus for repairing fault in operating system
CN112416406A (en) Terminal equipment upgrading method and device, terminal equipment and medium
CN106210877A (en) The method for upgrading system of intelligent television and device
CN112286543B (en) Application service deployment method and device
CN113741954A (en) System software generation method and device, electronic equipment and storage medium
CN113791814B (en) Method, device, equipment and medium for updating production presets on Android platform
KR101563897B1 (en) Apparatus and method for obtaining data assuring data integrity of user's data in a device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant