recovery: Allow bypassing signature verification on non-release builds
For non-release (userdebug, eng) builds, when signature verification
fails, ask the user whether they wish to install anyway.
[aleasto]
Rewritten to minimize the diff footprint for maintainability
Change-Id: I950ad455e6f698cabe348f0482eb64287cc88a08
diff --git a/install/install.cpp b/install/install.cpp
index 45a21fa..9787542 100644
--- a/install/install.cpp
+++ b/install/install.cpp
@@ -54,12 +54,15 @@
#include "otautil/sysutil.h"
#include "otautil/verifier.h"
#include "private/setup_commands.h"
+#include "recovery_ui/device.h"
#include "recovery_ui/ui.h"
#include "recovery_utils/roots.h"
#include "recovery_utils/thermalutil.h"
using namespace std::chrono_literals;
+bool ask_to_continue_unverified(Device* device);
+
static constexpr int kRecoveryApiVersion = 3;
// We define RECOVERY_API_VERSION in Android.mk, which will be picked up by build system and packed
// into target_files.zip. Assert the version defined in code and in Android.mk are consistent.
@@ -572,7 +575,9 @@
// Verify package.
if (!verify_package(package, ui)) {
log_buffer->push_back(android::base::StringPrintf("error: %d", kZipVerificationFailure));
- return INSTALL_CORRUPT;
+ if (!ui->IsTextVisible() || !ask_to_continue_unverified(ui->GetDevice())) {
+ return INSTALL_CORRUPT;
+ }
}
// Verify and install the contents of the package.