diff options
-rw-r--r-- | Android.bp | 5 | ||||
-rw-r--r-- | bootloader_message/include/bootloader_message/bootloader_message.h | 1 | ||||
-rw-r--r-- | install/wipe_data.cpp | 7 | ||||
-rw-r--r-- | minadbd/OWNERS | 2 | ||||
-rw-r--r-- | minadbd/minadbd_services.cpp | 2 | ||||
-rw-r--r-- | otautil/verifier.cpp | 4 | ||||
-rw-r--r-- | recovery-persist.cpp | 24 | ||||
-rw-r--r-- | tools/recovery_l10n/res/values-ky/strings.xml | 2 | ||||
-rw-r--r-- | tools/recovery_l10n/res/values-nb/strings.xml | 2 | ||||
-rw-r--r-- | tools/recovery_l10n/res/values-or/strings.xml | 2 | ||||
-rw-r--r-- | tools/recovery_l10n/res/values-te/strings.xml | 2 | ||||
-rw-r--r-- | update_verifier/Android.bp | 6 | ||||
-rw-r--r-- | update_verifier/include/update_verifier/update_verifier.h | 5 | ||||
-rw-r--r-- | update_verifier/update_verifier.cpp | 51 |
14 files changed, 83 insertions, 32 deletions
diff --git a/Android.bp b/Android.bp index bd9570500..4cdeba0f4 100644 --- a/Android.bp +++ b/Android.bp @@ -94,6 +94,8 @@ cc_defaults { shared_libs: [ "android.hardware.boot@1.0", "android.hardware.boot@1.1", + "android.hardware.boot-V1-ndk", + "libboot_control_client", "libbase", "libbootloader_message", "libcrypto", @@ -113,6 +115,8 @@ cc_defaults { "librecovery_utils", "libotautil", "libsnapshot_nobinder", + "libsnapshot_cow", + "liblz4", "update_metadata-protos", ], } @@ -158,6 +162,7 @@ cc_binary { shared_libs: [ "android.hardware.health-V1-ndk", // from librecovery_utils + "android.hardware.boot-V1-ndk", "librecovery_ui", ], diff --git a/bootloader_message/include/bootloader_message/bootloader_message.h b/bootloader_message/include/bootloader_message/bootloader_message.h index d58158dd6..8fba101a0 100644 --- a/bootloader_message/include/bootloader_message/bootloader_message.h +++ b/bootloader_message/include/bootloader_message/bootloader_message.h @@ -109,6 +109,7 @@ struct misc_memtag_message { #define MISC_MEMTAG_MODE_MEMTAG_ONCE 0x2 #define MISC_MEMTAG_MODE_MEMTAG_KERNEL 0x4 #define MISC_MEMTAG_MODE_MEMTAG_KERNEL_ONCE 0x8 +#define MISC_MEMTAG_MODE_MEMTAG_OFF 0x10 #if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus) static_assert(sizeof(struct misc_virtual_ab_message) == 64, diff --git a/install/wipe_data.cpp b/install/wipe_data.cpp index 024c1e1d5..c65e6f488 100644 --- a/install/wipe_data.cpp +++ b/install/wipe_data.cpp @@ -25,6 +25,7 @@ #include <android-base/logging.h> #include <android-base/stringprintf.h> +#include "bootloader_message/bootloader_message.h" #include "install/snapshot_utils.h" #include "otautil/dirutil.h" #include "recovery_ui/ui.h" @@ -100,6 +101,12 @@ bool WipeData(Device* device) { success &= EraseVolume(METADATA_ROOT, ui); } } + ui->Print("Resetting memtag message...\n"); + std::string err; + if (!WriteMiscMemtagMessage({}, &err)) { + ui->Print("Failed to reset memtag message: %s\n", err.c_str()); + success = false; + } if (success) { success &= device->PostWipeData(); } diff --git a/minadbd/OWNERS b/minadbd/OWNERS new file mode 100644 index 000000000..8ee79dd4f --- /dev/null +++ b/minadbd/OWNERS @@ -0,0 +1,2 @@ +enh@google.com +shaju@google.com diff --git a/minadbd/minadbd_services.cpp b/minadbd/minadbd_services.cpp index 0abe8675b..16bcb5edb 100644 --- a/minadbd/minadbd_services.cpp +++ b/minadbd/minadbd_services.cpp @@ -305,7 +305,7 @@ static void WipeDeviceService(unique_fd fd, const std::string& args) { } } -asocket* daemon_service_to_socket(std::string_view) { +asocket* daemon_service_to_socket(std::string_view, atransport*) { return nullptr; } diff --git a/otautil/verifier.cpp b/otautil/verifier.cpp index 8a65566ec..83ad7082b 100644 --- a/otautil/verifier.cpp +++ b/otautil/verifier.cpp @@ -309,13 +309,15 @@ int verify_file(VerifierInterface* package, const std::vector<Certificate>& keys } static std::vector<Certificate> IterateZipEntriesAndSearchForKeys(const ZipArchiveHandle& handle) { - void* cookie; + void* cookie{}; + int32_t iter_status = StartIteration(handle, &cookie, "", "x509.pem"); if (iter_status != 0) { LOG(ERROR) << "Failed to iterate over entries in the certificate zipfile: " << ErrorCodeString(iter_status); return {}; } + std::unique_ptr<void, decltype(&EndIteration)> cookie_guard(cookie, &EndIteration); std::vector<Certificate> result; diff --git a/recovery-persist.cpp b/recovery-persist.cpp index ad101ede2..55699b24e 100644 --- a/recovery-persist.cpp +++ b/recovery-persist.cpp @@ -77,6 +77,10 @@ static void copy_file(const char* source, const char* destination) { } } +static bool file_exists(const char* filename) { + return access(filename, R_OK) == 0; +} + static bool rotated = false; ssize_t logsave( @@ -141,7 +145,7 @@ int main(int argc, char **argv) { if (has_cache) { // Collects and reports the non-a/b update metrics from last_install; and removes the file // to avoid duplicate report. - if (access(LAST_INSTALL_FILE_IN_CACHE, F_OK) && unlink(LAST_INSTALL_FILE_IN_CACHE) == -1) { + if (file_exists(LAST_INSTALL_FILE_IN_CACHE) && unlink(LAST_INSTALL_FILE_IN_CACHE) == -1) { PLOG(ERROR) << "Failed to unlink " << LAST_INSTALL_FILE_IN_CACHE; } @@ -152,9 +156,9 @@ int main(int argc, char **argv) { } } - /* Is there something in pmsg? */ - if (access(LAST_PMSG_FILE, R_OK)) { - return 0; + /* Is there something in pmsg? If not, no need to proceed. */ + if (!file_exists(LAST_PMSG_FILE)) { + return 0; } // Take last pmsg file contents and send it off to the logsave @@ -164,18 +168,18 @@ int main(int argc, char **argv) { // For those device without /cache, the last_install file has been copied to // /data/misc/recovery from pmsg. Looks for the sideload history only. if (!has_cache) { - if (access(LAST_INSTALL_FILE, F_OK) && unlink(LAST_INSTALL_FILE) == -1) { + if (file_exists(LAST_INSTALL_FILE) && unlink(LAST_INSTALL_FILE) == -1) { PLOG(ERROR) << "Failed to unlink " << LAST_INSTALL_FILE; } } /* Is there a last console log too? */ if (rotated) { - if (!access(LAST_CONSOLE_FILE, R_OK)) { - copy_file(LAST_CONSOLE_FILE, LAST_KMSG_FILE); - } else if (!access(ALT_LAST_CONSOLE_FILE, R_OK)) { - copy_file(ALT_LAST_CONSOLE_FILE, LAST_KMSG_FILE); - } + if (file_exists(LAST_CONSOLE_FILE)) { + copy_file(LAST_CONSOLE_FILE, LAST_KMSG_FILE); + } else if (file_exists(ALT_LAST_CONSOLE_FILE)) { + copy_file(ALT_LAST_CONSOLE_FILE, LAST_KMSG_FILE); + } } return 0; diff --git a/tools/recovery_l10n/res/values-ky/strings.xml b/tools/recovery_l10n/res/values-ky/strings.xml index 67dca2a37..45fcd15e0 100644 --- a/tools/recovery_l10n/res/values-ky/strings.xml +++ b/tools/recovery_l10n/res/values-ky/strings.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <resources xmlns:android="http://schemas.android.com/apk/res/android" xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2"> - <string name="recovery_installing" msgid="2013591905463558223">"Система жаңырууда"</string> + <string name="recovery_installing" msgid="2013591905463558223">"Тутум жаңырууда"</string> <string name="recovery_erasing" msgid="7334826894904037088">"Тазаланууда"</string> <string name="recovery_no_command" msgid="4465476568623024327">"Буйрук берилген жок"</string> <string name="recovery_error" msgid="5748178989622716736">"Ката!"</string> diff --git a/tools/recovery_l10n/res/values-nb/strings.xml b/tools/recovery_l10n/res/values-nb/strings.xml index 61d1173c5..e8cad136c 100644 --- a/tools/recovery_l10n/res/values-nb/strings.xml +++ b/tools/recovery_l10n/res/values-nb/strings.xml @@ -7,7 +7,7 @@ <string name="recovery_error" msgid="5748178989622716736">"Feil!"</string> <string name="recovery_installing_security" msgid="9184031299717114342">"Installerer sikkerhetsoppdateringen"</string> <string name="recovery_wipe_data_menu_header" msgid="550255032058254478">"Kan ikke laste inn Android-systemet. Dataene dine er muligens skadet. Hvis du fortsetter å se denne meldingen, må du muligens tilbakestille til fabrikkstandard og tømme alle brukerdataene som er lagret på denne enheten."</string> - <string name="recovery_try_again" msgid="7168248750158873496">"Prøv på nytt"</string> + <string name="recovery_try_again" msgid="7168248750158873496">"Prøv igjen"</string> <string name="recovery_factory_data_reset" msgid="7321351565602894783">"Tilbakestill til fabrikkstandard"</string> <string name="recovery_wipe_data_confirmation" msgid="5439823343348043954">"Vil du viske ut alle brukerdataene?\n\n DETTE KAN IKKE ANGRES!"</string> <string name="recovery_cancel_wipe_data" msgid="66987687653647384">"Avbryt"</string> diff --git a/tools/recovery_l10n/res/values-or/strings.xml b/tools/recovery_l10n/res/values-or/strings.xml index 683bf1917..25b28e65a 100644 --- a/tools/recovery_l10n/res/values-or/strings.xml +++ b/tools/recovery_l10n/res/values-or/strings.xml @@ -10,5 +10,5 @@ <string name="recovery_try_again" msgid="7168248750158873496">"ପୁଣି ଚେଷ୍ଟା କରନ୍ତୁ"</string> <string name="recovery_factory_data_reset" msgid="7321351565602894783">"ଫ୍ୟାକ୍ଟୋରୀ ଡାଟା ରିସେଟ୍"</string> <string name="recovery_wipe_data_confirmation" msgid="5439823343348043954">"ସମସ୍ଯ ଉପଯୋଗକର୍ତ୍ତା ଡାଟା ୱାଇପ୍ କରିବେ?\n\n ଏହା ଫେରାଇ ନିଆଯାଇପାରିବ ନାହିଁ!"</string> - <string name="recovery_cancel_wipe_data" msgid="66987687653647384">"ବାତିଲ କରନ୍ତୁ"</string> + <string name="recovery_cancel_wipe_data" msgid="66987687653647384">"ବାତିଲ୍ କରନ୍ତୁ"</string> </resources> diff --git a/tools/recovery_l10n/res/values-te/strings.xml b/tools/recovery_l10n/res/values-te/strings.xml index 57470752d..38ca6127d 100644 --- a/tools/recovery_l10n/res/values-te/strings.xml +++ b/tools/recovery_l10n/res/values-te/strings.xml @@ -10,5 +10,5 @@ <string name="recovery_try_again" msgid="7168248750158873496">"మళ్లీ ప్రయత్నించు"</string> <string name="recovery_factory_data_reset" msgid="7321351565602894783">"ఫ్యాక్టరీ డేటా రీసెట్"</string> <string name="recovery_wipe_data_confirmation" msgid="5439823343348043954">"వినియోగదారు డేటా మొత్తాన్ని తొలగించాలా?\n\n ఈ చర్యను రద్దు చేయలేరు!"</string> - <string name="recovery_cancel_wipe_data" msgid="66987687653647384">"రద్దు చేయండి"</string> + <string name="recovery_cancel_wipe_data" msgid="66987687653647384">"రద్దు చేయి"</string> </resources> diff --git a/update_verifier/Android.bp b/update_verifier/Android.bp index 220b007f5..3c4ec4a99 100644 --- a/update_verifier/Android.bp +++ b/update_verifier/Android.bp @@ -73,8 +73,13 @@ cc_library_static { "libvold_binder", ], + whole_static_libs: [ + "libsnapshot_snapuserd", + ], + shared_libs: [ "android.hardware.boot@1.0", + "libboot_control_client", "libbase", "libcutils", "libbinder", @@ -114,6 +119,7 @@ cc_binary { "libprotobuf-cpp-lite", "libbinder", "libutils", + "libboot_control_client", ], init_rc: [ diff --git a/update_verifier/include/update_verifier/update_verifier.h b/update_verifier/include/update_verifier/update_verifier.h index 4c64b1ea1..0cccc9075 100644 --- a/update_verifier/include/update_verifier/update_verifier.h +++ b/update_verifier/include/update_verifier/update_verifier.h @@ -21,6 +21,7 @@ #include <string> #include <vector> +#include <snapuserd/snapuserd_client.h> #include "otautil/rangeset.h" // The update verifier performs verification upon the first boot to a new slot on A/B devices. @@ -68,4 +69,8 @@ class UpdateVerifier { // The function to read the device property; default value: android::base::GetProperty() std::function<std::string(const std::string&)> property_reader_; + + // Check if snapuserd daemon has already completed the update verification + // Applicable only for VABC with userspace snapshots + bool CheckVerificationStatus(); }; diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp index a042f9008..ea47a65ca 100644 --- a/update_verifier/update_verifier.cpp +++ b/update_verifier/update_verifier.cpp @@ -52,13 +52,14 @@ #include <future> #include <thread> +#include <BootControlClient.h> +#include <android-base/chrono_utils.h> #include <android-base/file.h> #include <android-base/logging.h> #include <android-base/parseint.h> #include <android-base/properties.h> #include <android-base/strings.h> #include <android-base/unique_fd.h> -#include <android/hardware/boot/1.0/IBootControl.h> #include <android/os/IVold.h> #include <binder/BinderService.h> #include <binder/Status.h> @@ -66,11 +67,6 @@ #include "care_map.pb.h" -using android::sp; -using android::hardware::boot::V1_0::IBootControl; -using android::hardware::boot::V1_0::BoolResult; -using android::hardware::boot::V1_0::CommandResult; - // TODO(xunchang) remove the prefix and use a default path instead. constexpr const char* kDefaultCareMapPrefix = "/data/ota_package/care_map"; @@ -91,7 +87,7 @@ UpdateVerifier::UpdateVerifier() // partition's integrity. std::map<std::string, std::string> UpdateVerifier::FindDmPartitions() { static constexpr auto DM_PATH_PREFIX = "/sys/block/"; - dirent** namelist; + dirent** namelist = nullptr; int n = scandir(DM_PATH_PREFIX, &namelist, dm_name_filter, alphasort); if (n == -1) { PLOG(ERROR) << "Failed to scan dir " << DM_PATH_PREFIX; @@ -188,7 +184,28 @@ bool UpdateVerifier::ReadBlocks(const std::string partition_name, return ret; } +bool UpdateVerifier::CheckVerificationStatus() { + auto client = + android::snapshot::SnapuserdClient::Connect(android::snapshot::kSnapuserdSocket, 5s); + if (!client) { + LOG(ERROR) << "Unable to connect to snapuserd"; + return false; + } + + return client->QueryUpdateVerification(); +} + bool UpdateVerifier::VerifyPartitions() { + const bool userspace_snapshots = + android::base::GetBoolProperty("ro.virtual_ab.userspace.snapshots.enabled", false); + + if (userspace_snapshots && CheckVerificationStatus()) { + LOG(INFO) << "Partitions verified by snapuserd daemon"; + return true; + } + + LOG(INFO) << "Partitions not verified by snapuserd daemon"; + auto dm_block_devices = FindDmPartitions(); if (dm_block_devices.empty()) { LOG(ERROR) << "No dm-enabled block device is found."; @@ -307,18 +324,21 @@ int update_verifier(int argc, char** argv) { LOG(INFO) << "Started with arg " << i << ": " << argv[i]; } - sp<IBootControl> module = IBootControl::getService(); + const auto module = android::hal::BootControlClient::WaitForService(); if (module == nullptr) { LOG(ERROR) << "Error getting bootctrl module."; return reboot_device(); } - uint32_t current_slot = module->getCurrentSlot(); - BoolResult is_successful = module->isSlotMarkedSuccessful(current_slot); - LOG(INFO) << "Booting slot " << current_slot << ": isSlotMarkedSuccessful=" - << static_cast<int32_t>(is_successful); - - if (is_successful == BoolResult::FALSE) { + uint32_t current_slot = module->GetCurrentSlot(); + const auto is_successful = module->IsSlotMarkedSuccessful(current_slot); + if (!is_successful.has_value()) { + LOG(INFO) << "Booting slot " << current_slot << " failed"; + } else { + LOG(INFO) << "Booting slot " << current_slot + << ": isSlotMarkedSuccessful=" << is_successful.value(); + } + if (is_successful.has_value() && !is_successful.value()) { // The current slot has not booted successfully. bool skip_verification = false; @@ -364,8 +384,7 @@ int update_verifier(int argc, char** argv) { } if (!supports_checkpoint) { - CommandResult cr; - module->markBootSuccessful([&cr](CommandResult result) { cr = result; }); + const auto cr = module->MarkBootSuccessful(); if (!cr.success) { LOG(ERROR) << "Error marking booted successfully: " << cr.errMsg; return reboot_device(); |