summaryrefslogtreecommitdiffstats
path: root/Android.bp (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-02-14[LSC] Add LOCAL_LICENSE_KINDS to bootable/recoveryBob Badour1-0/+34
Added SPDX-license-identifier-Apache-2.0 to: applypatch/Android.bp bootloader_message/Android.bp edify/Android.bp fuse_sideload/Android.bp install/Android.bp minadbd/Android.bp minui/Android.bp otautil/Android.bp recovery_ui/Android.bp recovery_utils/Android.bp tests/Android.bp tools/image_generator/Android.bp tools/recovery_l10n/Android.bp uncrypt/Android.bp update_verifier/Android.bp updater/Android.bp updater/Android.mk updater_sample/Android.bp updater_sample/tests/Android.bp Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-MIT SPDX-license-identifier-OFL to: Android.bp Android.mk Bug: 68860345 Bug: 151177513 Bug: 151953481 Test: m all Exempt-From-Owner-Approval: janitorial work Change-Id: I3da761b525452838977297f773974000d4de7bd6
2020-10-03Revert "Link to libsnapshot_cow everywhere libsnapshot is linked."Tianjie Xu1-1/+0
Revert submission 1433573-vab-libsnapshot-linkage Reason for revert: b/169981170, update crash for droidfooders. Reverted Changes: Ie75bba98c:Link to libsnapshot_cow where libsnapshot is linke... Ieedfadc55:libsnapshot: Partially implement OpenSnapshotWrite... I28a5d4a88:Link to libsnapshot_cow everywhere libsnapshot is ... Change-Id: I8c774ca4a8dec21dd308694bb8205861a19c3e12
2020-09-23Link to libsnapshot_cow everywhere libsnapshot is linked.David Anderson1-0/+1
Bug: 168554689 Test: recovery builds Change-Id: I28a5d4a88914b10db1ca8298947afc2314a9ae8a
2020-04-16Add missing dep.Yifan Hong1-0/+1
libsnapshot_nobinder uses update_metadata-protos. This used to be optimized out, but now that SnapshotManager is virtual, CreateUpdateSnapshots can no longer be optimized out. Bug: 148956645 Test: compiles Change-Id: Iab1c9d92de2e558c73cf7da736c543b2ac8c0aa5
2020-02-13Force off-device package installation with FUSETianjie Xu1-0/+2
The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Test: recovery_unit_test - no new failures Change-Id: Ia5afd19854c3737110339fd59491b96708926ae5 Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
2020-02-13Revert "Force package installation with FUSE unless the package stores on device"Raman Tenneti1-2/+0
This reverts commit 5e6c4e9a91674826bf11cab604250b41a9326fd8. Reason for revert: BUG: 149432069 - build failure on git_qt-qpr1-dev-plus-aosp on docs. 'otautil/roots.h' file not found is the error. Forrest run: https://android-build.googleplex.com/builds/forrest/run/L85900000460577420 Change-Id: I35119c2334895aa0ef4ed71b3ddd08f280c0c031 Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
2020-01-27Remove fsck_unshare_blocks.David Anderson1-1/+0
This code is dead. It was briefly used to support "adb remount" with deduplicated partitions, but was very quickly obsoleted by overlayfs support. There is no reason to include it anymore. Bug: N/A Test: N/A Change-Id: I4cdcbf66bec80092f954826eaae037934ff37765
2020-01-22Force package installation with FUSE unless the package stores on deviceTianjie Xu1-0/+2
The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Test: recovery_component_test - all passing Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f Merged-In: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
2020-01-21Force package installation with FUSE unless the package stores on deviceTianjie Xu1-0/+2
The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Test: recovery_component_test - all passing Merged-In: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
2020-01-17Retire the Tron metrics reporting for non-A/B updateTianjie Xu1-1/+0
This is part of the effort to remove libmetricslogger in platform. Remove the reporting since the status from non-A/B update is less important to us. Plus the gmscore already has a copy of the logic to parse the contents from last_install and report non-A/B metrics to the clearcut log. bug: 147776349 Test: build Change-Id: I4fc5d58fb616edb3eb1edadf4614d3eca15c7ce1
2019-11-11Force merges to complete before wiping data or metadata.David Anderson1-0/+5
After an OTA is applied, a wipe in recovery may overwrite components of dynamic partitions living in userdata. If the OTA has not yet begun merging, we mark the current slot unbootable. If the OTA has begun merging, we wait for the merge to complete. This logic is encapsulated in libsnapshot. Bug: 139156011 Test: manual test Change-Id: Id6544a1b8583afcbba11559d46214ec2e68ffa40
2019-11-07Move init and ueventd scripts from / to /system/etcTom Cherry1-0/+10
There is no reason for these scripts to continue to exist in /, when they are better suited for /system/etc. There are problems keeping them at / as well, particularly that they cannot be updated with overlayfs. Bug: 131087886 Bug: 140313207 Test: build/boot + boot to recovery Merged-In: I1fb6690d4302a1884d8521c21a9754b2ca710d5a Change-Id: I1fb6690d4302a1884d8521c21a9754b2ca710d5a
2019-11-07Move init and ueventd scripts from / to /system/etcTom Cherry1-0/+10
There is no reason for these scripts to continue to exist in /, when they are better suited for /system/etc. There are problems keeping them at / as well, particularly that they cannot be updated with overlayfs. Bug: 131087886 Bug: 140313207 Test: build/boot + boot to recovery Merged-In: I1fb6690d4302a1884d8521c21a9754b2ca710d5a Change-Id: I1fb6690d4302a1884d8521c21a9754b2ca710d5a
2019-10-16Force package installation with FUSE unless the package stores on deviceTianjie Xu1-0/+1
The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
2019-10-03Refactor battery info querying functions into librecovery_utils.Tao Bao1-4/+1
Bug: 134560109 Test: Run recovery_unit_test. Change-Id: Ibbcdcfd507fa23657ee7ff677208b0003ec382ba
2019-10-02otautil: Factor out the utils that're private to recovery.Tao Bao1-2/+3
A number of utility functions are intended for serving recovery's own use. Exposing them via libotautil (which is a static lib) would pass the dependencies onto libotautil's users (e.g. recovery image, updater, host simulator, device-specific recovery UI/updater extensions etc). This CL finds a new home for the utils that are private to recovery. Test: mmma bootable/recovery Change-Id: I575e97ad099b85fe1c1c8c7c9458a5a43d4e11e1
2019-04-16DO NOT MERGE: Move wipe cache|data to libinstallxunchang1-3/+0
Therefore, libinstall becomes the sole owner to handle the request from minadbd service. The change also includes 1. move logging.cpp out of librecovery 2. drop the dependency on common.h 3. now it's more sensible to move the wipe_cache as part of install_package. move the wipe_cache to the end of the function. Bug: 130166585 Test: wipe data and cache from menu Change-Id: I6f356dccdb38015c50acf756bac246f87c30fc1f (cherry picked from commit 316e9717461890dd319dc370970069fe4532a561)
2019-04-16DO NOT MERGE: Add socket communication between recovery and minadbdxunchang1-1/+1
This cl adds a socket pair to support the communication between recovery and minadbd. Therefore, minadbd will be able to issue multiple commands to recovery and get back the status of each command. This cl also switches the adb sideload from the recovery menu to use this protocol; and moves minadbd to a separate binary. Bug: 130166585 Test: sideload a package Change-Id: I80d36d5c4e6fe1ae3ea23640907bc50c0dc0d482 (cherry picked from commit 34690ced91e22f5d9b5dd19c33b11c8e0b4bafa0)
2019-04-16DO NOT MERGE: Build libinstall as a static library.Tao Bao1-2/+1
It was once considered to be shared between recovery and minadbd, so that the latter can start an install on its own. The plan has been changed, since package install -- including device wipe operations -- could be device-specific, which should be done by recovery only. This CL moves libinstall back to a static library, which also saves the overall size (reducing from 140256 + 660576 to 555880 bytes on aosp_taimen-userdebug). Bug: 130166585 Test: Run recovery_component_test. Test: `adb sideload` on taimen. Change-Id: Ib1f5f79f235df4682c0bd104425c9c122f6091ba
2019-04-15Move wipe cache|data to libinstallxunchang1-3/+0
Therefore, libinstall becomes the sole owner to handle the request from minadbd service. The change also includes 1. move logging.cpp out of librecovery 2. drop the dependency on common.h 3. now it's more sensible to move the wipe_cache as part of install_package. move the wipe_cache to the end of the function. Bug: 130166585 Test: wipe data and cache from menu Change-Id: I6f356dccdb38015c50acf756bac246f87c30fc1f
2019-04-11Add socket communication between recovery and minadbdxunchang1-1/+1
This cl adds a socket pair to support the communication between recovery and minadbd. Therefore, minadbd will be able to issue multiple commands to recovery and get back the status of each command. This cl also switches the adb sideload from the recovery menu to use this protocol; and moves minadbd to a separate binary. Bug: 130166585 Test: sideload a package Change-Id: I80d36d5c4e6fe1ae3ea23640907bc50c0dc0d482
2019-04-08Build libinstall as a static library.Tao Bao1-2/+1
It was once considered to be shared between recovery and minadbd, so that the latter can start an install on its own. The plan has been changed, since package install -- including device wipe operations -- could be device-specific, which should be done by recovery only. This CL moves libinstall back to a static library, which also saves the overall size (reducing from 140256 + 660576 to 555880 bytes on aosp_taimen-userdebug). Bug: 130166585 Test: Run recovery_component_test. Test: `adb sideload` on taimen. Change-Id: Ib1f5f79f235df4682c0bd104425c9c122f6091ba
2019-04-03libotautil exports libfstab header.Tao Bao1-3/+0
otautil/roots.h includes <fstab/fstab.h>, but users of otautil/roots.h don't need to explicitly depend on libfstab unless they have a real need. Also remove the unneeded include of <fstab/fstab.h> from fsck_unshare_blocks.cpp. Test: mmma -j bootable/recovery Change-Id: Id3dc995a4769e631ab242843ee439bd94b2bf0bc
2019-03-29Move install to separate modulexunchang1-70/+3
Build libinstall as a shared library. Also drop the dependency on the global variables in common.h. Test: unit tests pass, sideload an OTA Change-Id: I30a20047768ce00689fc0e7851c1c5d712a365a0
2019-03-21Move librecovery_ui to a sub-directoryTianjie Xu1-71/+5
This helps to expose librecovery_ui for device specific RecoveryUi. Bug: 76436783 Test: mma, unit tests pass Change-Id: Ic6c3d301d5833e4a592e6ea9d9d059bc4e4919be (cherry picked from commit b5108c372c8b92671ea5ebb4eeff00757fcee187)
2019-03-21Move librecovery_ui to a sub-directoryTianjie Xu1-71/+5
This helps to expose librecovery_ui for device specific RecoveryUi. Bug: 76436783 Test: mma, unit tests pass Change-Id: Ic6c3d301d5833e4a592e6ea9d9d059bc4e4919be
2019-03-19Create a FuseDataProvider base classxunchang1-1/+1
The fuse data provider for adb/sdcard shares common code and structures. This cl creates a FuseDataProvider base class and provides implementations for adb and sdcard. In the follow cls, we can kill the provider_vtab struct; and also add another implementation to parse a block map file and provides data. Test: unit tests pass, sideload a package, apply a package from sdcard Change-Id: If8311666a52a2e3c0fbae0ee9688fa6d01e4ad09
2019-03-14Implement FilePackage classxunchang1-1/+24
This is another implementation of the Package class. And we will later need it when reading the package from FUSE. Bug: 127071893 Test: unit tests pass, sideload a file package on sailfish Change-Id: I3de5d5ef60b29c8b73517d6de3498459d7d95975
2019-03-11Create a wrapper class for update packagexunchang1-0/+1
Creates a new class handle the package in memory and package read from fd. Define the new interface functions, and make approximate changes to the verify and install functions. Bug: 127071893 Test: unit tests pass, sideload a package Change-Id: I66ab00654df92471184536fd147b237a86e9c5b5
2019-01-31Add android::fs_mgr namespace for new Fstab codeTom Cherry1-0/+4
Also add libfstab dependencies where needed. Previously the `typedef struct FstabEntry Volume;` line served to both define a `struct FstabEntry` as well as alias Volume to it. With the new namespace for android::fs_mgr::FstabEntry, `struct FstabEntry` isn't compatible anymore, so we need to alias Volume to the real android::fs_mgr::FstabEntry. In doing so, we need to include <fstab/fstab.h> and this requires libfstab as a library, which a few modules did not have before. Test: treehugger Change-Id: I655209a0efb304b3e0568db0748bd5cf7cecbdb7
2018-12-03C++17 is the default now.Elliott Hughes1-2/+0
Test: builds Change-Id: I91923da25f470621189589711c50f3d67e435c68
2018-10-18Load X509 keys from ziparchiveTianjie Xu1-0/+1
Add a function to parse the zip archive and load the certificate from all the zip entries with the suffix "x509.pem". Bug: 116655889 Test: unittests pass Change-Id: I93bf7aef7462c0623e89fc2d466d7af2d3a758bc
2018-09-13Move the parse of last_install to recovery-persistTianjie Xu1-0/+1
The recovery-persist used to look for the related recovery logs in persist storage, and copy them under /data/misc/recovery during the normal boot process. As we also want to find out the sideload information from last_install, it makes more sense to move the parse & report of non-a/b metrics to recovery-persist. Thus we can avoid the race condition of the file system between the native code and RecoverySystem. Bug: 114278989 Test: unit test pass, check the event buffer for metrics report Change-Id: I32d7b2b831bc74a61a70af9a2f0b8a7e9b3e36ee
2018-08-28Enable c++17 in recovery_defaults.Tao Bao1-0/+2
And add the first few users. Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: Ifdf093d011478b6a1dd0405b0ba48c145b509cc8
2018-08-21Depend on mke2fs.conf.recovery.Tao Bao1-1/+1
Bug: 112780007 Test: `m dist` along with other changes in the topic. Check the file under recovery. Trigger factory reset from recovery UI. Change-Id: I2fb6954576eefecea60712a21506a2aeb1cecc53
2018-08-15tests: Move to Android.bp.Tao Bao1-0/+8
Also separate libupdater_defaults out to be shareable. It turns out the `data` property in `cc_test` doesn't follow symlinks as LOCAL_TEST_DATA does in Android.mk. This CL creates a filegroup in top-level Android.bp in order to pick up the testdata for ResourcesTest. Test: `mmma -j bootable/recovery` with aosp_marlin-userdebug Test: Run recovery_{unit,component,manual}_test on marlin. Test: Run recovery_host_test. Change-Id: I4532ab25aeb83c0b0baa8051d5fe34ba7b910a35
2018-08-14recovery: Drop the dependency on libcrypto_utils.so and libsparse.so.Tao Bao1-2/+0
They're only needed in past when we statically linked libs that had dependencies on them. Dropping them doesn't affect the recovery image size, as there're still other users of the libs. But this would avoid the false dependencies on them. Test: `mmma -j bootable/recovery` Change-Id: Ib43cc42221edde9efea1f12357cfc2f2232ec520
2018-08-14Add fastboot mode to recoveryHridya Valsaraju1-0/+24
Add a fastboot mode to recovery that can be entered with command line args or with the ui. Add usb property triggers to switch between fastboot and adb configurations. Allow switching between fastboot and adb through usb commands by opening a unix socket. adbd/fastbootd writes to this socket, which interrupts the ui and switches to the new mode. Test: Use fastboot mode Bug: 78793464 Change-Id: I7891bb84427ec734a21a872036629b95ab3fb13c
2018-08-14recovery uses IHealth::getServiceYifan Hong1-12/+6
recovery is_battery_ok function uses get_health_service(), which calls IHealth::getService("default") then IHealth::getService("backup"). - An OEM can provide the default instance by installing android.hardware.health@2.0-impl-<device>.so to recovery partition. - If that's not found, the "backup" instance is provided to the recovery partition by default. Test: call is_battery_ok() in recovery, successfully get battery information. Bug: 80132328 Change-Id: Ibfee80636325a07bc20b24d044d007a60b3dd7c2
2018-08-13Reland "Build and use minadbd as a shared library."Tao Bao1-2/+1
This relands the previously reverted CL in commit c70446ce7b4db79f296833b16ce38eb8a01d83df ("Build and use minadbd as a shared library."). `recovery` has been built with Soong, so the previous concern (unintentionally installing `libminadbd_services.so` to normal system image) no longer holds. Note that `reocvery` can't use `libminadbd_services.a`, as functions like `daemon_service_to_fd()` (needed by `libadbd.so`) won't be linked into `recovery`. This CL moves the dependency of `libminadbd_services` from `librecovery` into `recovery`, as only the latter actually relies on it (via `recovery_main.cpp`). Note that we no longer need to list the transitive dependency on `libadbd` or `libasyncio`. Bug: 112494634 Test: `mmma -j bootable/recovery` Test: Build and boot into recovery with aosp_taimen-userdebug. Verify that sideloading keeps working. Test: `build/soong/build_test.bash --dist` Change-Id: Ic086470b86d6770bede317e0f5534f608fa7b7d2
2018-08-10Build `recovery` with Soong.Tao Bao1-0/+131
Fixes: 110380063 Test: `mmma -j bootable/recovery` with aosp_taimen-userdebug Test: Build and boot into recovery on taimen. Check the basic functionalities (`Apply update from ADB`, `View recovery logs`, `Run graphics test`). Test: Run recovery_unit_test and recovery_component_test on marlin. Test: Modify `recovery.cpp` locally to trigger the call to is_battery_ok(). Check that the battery info is reported correctly. Test: `build/soong/build_test.bash --dist` Change-Id: I391eb201d57c760e457ba2bf2410ceb72596795c
2018-08-08`recovery` uses more shared libraries.Tao Bao1-1/+13
Bug: 110380063 Test: `m -j installclean && mmma -j bootable/recovery` with aosp_taimen-userdebug Test: Build (`m -j bootimage`) and boot into recovery. Check that `adb sideload` and `Run graphics test` both work. Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: Ie6ed0e7cafa352d5faff9d1b6ccef724a0415e65
2018-05-07recovery: Refactor logging code into logging.cppJerry Zhang1-2/+10
Move common logging related functions to rotate_logs.cpp, and rename that to logging.cpp. Test: Recovery works Bug: 78793464 Merged-In: I00f20a79a296680122b8437d54a87897c5cb2fc7 Change-Id: I00f20a79a296680122b8437d54a87897c5cb2fc7
2018-05-07recovery: Refactor logging code into logging.cppJerry Zhang1-2/+10
Move common logging related functions to rotate_logs.cpp, and rename that to logging.cpp. Test: Recovery works Bug: 78793464 Change-Id: I00f20a79a296680122b8437d54a87897c5cb2fc7 (cherry picked from commit 3c3f211d1e5698da6eea9e83584acb2dee4ca46e)
2018-05-07recovery: Refactor logging code into logging.cppJerry Zhang1-2/+10
Move common logging related functions to rotate_logs.cpp, and rename that to logging.cpp. Test: Recovery works Bug: 78793464 Change-Id: I00f20a79a296680122b8437d54a87897c5cb2fc7
2018-04-28Merge libmounts into libotautil.Tao Bao1-16/+0
Export its header (mounts.h) from there, and drop the dot dot dependency from libupdater / updater. Test: mmma bootable/recovery Test: recovery_component_test Change-Id: Ic26a6b9b78a34dbe1f178b138f3abaafffbec44c
2018-03-27Move a few modules to Soong.Tao Bao1-0/+143
libmounts librecovery_ui_default librecovery_ui_wear librecovery_ui_vr libverifier recovery-persist recovery-refresh They are all trivially converted. Test: mmma -j bootable/recovery Change-Id: Id783b3eec32bd15e74f42df17053732db5666675
2018-03-07Drop the no-op Android.bp.Tao Bao1-8/+0
The "subdirs=" statement no longer has any effect (with the CL in [1] that's merged last November). All the Android.bp's will be picked up automatically. [1] commit 4f21237342e715cbbac6e409cd67e86a304483c4 in https://android-review.googlesource.com/c/platform/build/blueprint/+/530115. Test: mmma -j bootable/recovery Change-Id: Idd39af1fff907e8c1886f91eea0dd4a9e38a4079
2017-11-09uncrypt: Move to Soong.Tao Bao1-0/+1
Test: mmma -j bootable/recovery Change-Id: I405f2a70f51904c02c49a287c23cbc115a4c5132
2017-10-12applypatch: Move to Soong.Tao Bao1-0/+1
Test: mmma bootable/recovery Change-Id: Ie163aff1c4c2b3b15bb705825779ada6bc38ad67
2017-10-09edify: Export the header and move to Soong.Tao Bao1-0/+1
Also make matching changes to applypatch modules which include edify/expr.h. Test: mmma bootable/recovery Change-Id: Ia72be3caa010d7f56a70add2da345e631b306378
2017-09-29otafault: Move to soong.Tao Bao1-0/+1
Test: mmma bootable/recovery Change-Id: I5f2520ea457ba66743aa3aa1d5b3b488a93084a3
2017-05-17libbootloader_message: convert to Android.bpTom Cherry1-0/+1
Test: build Change-Id: Ia0c2e141673e37eea29306817d2f4b2c944213b0
2017-05-10otautil: Android.mk -> Android.bpSteven Moreland1-0/+3
Test: flash and boot recovery on internal angler Change-Id: Id8845b4b422d0078b251333eb6d30ce14771ef10