summaryrefslogtreecommitdiffstats
path: root/Android.mk (unfollow)
Commit message (Collapse)AuthorFilesLines
2017-05-17libbootloader_message: convert to Android.bpTom Cherry1-1/+0
Test: build Change-Id: Ia0c2e141673e37eea29306817d2f4b2c944213b0
2017-05-10otautil: Android.mk -> Android.bpSteven Moreland1-1/+0
Test: flash and boot recovery on internal angler Change-Id: Id8845b4b422d0078b251333eb6d30ce14771ef10
2017-05-08recovery: Use libverifier instead of rebuilding the sources.Tao Bao1-3/+1
Test: mmma bootable/recovery Change-Id: Ie8cec009b00c121948179518ba9cbc26a82352bf
2017-05-03fuse_sideload: Change the minimal block size to 4096.Tao Bao1-1/+3
run_fuse_sideload() is passing the block size as the max_read option, so it will only handle a request that involves at most two blocks at a time. However, the minimal allowed value was set to 1024 prior to this CL, which is inconsistent with the kernel code (fs/fuse/inode.c) that sets it to the greater of 4096 and the passed-in max_read option. This would fail the calls with a block size / max_read less than 4096 due to the wrongly computed block indices. Note that we didn't observe real issue in practice, because we have been using 64 KiB block sizes for both of adb and sdcard sideload calls. The issue only shows up in my local CL (to come later) that uses 1024 block size in run_fuse_sideload() tests. Test: recovery_component_test Test: adb sideload with the new recovery image on angler Change-Id: Id9f0cfea13d0d193dcb7cd41a1553a23739545f2
2017-04-27libfusesideload: Clean up the CFLAGS for the module.Tao Bao1-3/+2
Remove "-DADB_HOST=0" since it doesn't include adb related stuff. Test: mmma bootable/recovery Test: sideload on marlin Change-Id: Ia83a8edd31eedd803435d687513d561c873ffabe
2017-04-24recovery: Remove the include of adb.h.Tao Bao1-2/+0
recovery.cpp doesn't have a direct dependency on adb.h (only minadbd does). 'adb.h' was once needed for DEFAULT_ADB_PORT, until being killed by commit acb2a2fa4c415944a27539461ba3757f3edbb128. Test: mmma bootable/recovery Change-Id: I84f87988d01c3f0c3d1383cc3cffde2e7d5e7aea
2017-04-24librecovery: Remove -Wno-unused-parameter and add -Wall.Tao Bao1-1/+1
Test: mmma bootable/recovery Change-Id: I5598d32bebb9dbda4a183a1502e0b7dc4918392e
2017-04-20Call libvintf to verify package compatibility.Tao Bao1-0/+4
The libvintf API has landed. Hook up to do the actual verification. Bug: 36597505 Test: recovery_component_test Test: m recoveryimage; adb sideload on angler and sailfish, with packages that contain dummy compatibility entries. Test: m recoveryimage; adb sideload on angler and sailfish, with packages that don't contain any compatibility entries. Change-Id: Idbd6f5aaef605ca51b20e667505d686de5ac781f (cherry picked from commit da320ac6ab53395ddff3cc08b88a61f977ed939a)
2017-04-18Add the missing LOCAL_CFLAGS for librecovery.Tao Bao1-0/+5
The -DAB_OTA_UDPATER part was missing when separating the librecovery module (commit 62e0bc7586077b3bde82759fb34b51b982cea20f). Bug: 37300957 Test: Build sailfish recovery image and sideload full OTA. Change-Id: Idd25662f6bc812c1aca95b096802f59b051f8d63 (cherry picked from commit 25dbe1717e3096ee59bfa4385cbcf80a972016a6)
2017-04-13Verify the package compatibility with libvintf.Tao Bao1-3/+21
verify_package_compatibility() is added to parse the compatibility entry (compatibility.zip) in a given OTA package. If entry is present, the information is sent to libvintf to check the compatibility. This CL doesn't actually call libvintf, since the API there is not available yet. Bug: 36597505 Test: Doesn't break the install with existing packages (i.e. w/o the compatibility entry). Test: recovery_component_test Change-Id: I3903ffa5f6ba33a5c0d761602ade6290c6752596 (cherry picked from commit 62e0bc7586077b3bde82759fb34b51b982cea20f)
2017-04-03Boot control HAL based on the A/B headers.Alex Deymo1-0/+1
The added bootctrl.bcb module implement the legacy interface for the bootctrl HAL based on the Boot Control Block (BCB) and the headers already specified in the booloader_message library. This serves as a reference implementation of the boot_control HAL. Bug: 32707546 Test: Tested internally that a device can use this HAL to flip slots and recovery from a /misc wipe. Change-Id: Ic02e5aaf4de7d0a1780eac4e8705dae20d0b3e10
2017-03-29Log the error message when failing to mount/umount.Tao Bao1-2/+4
Test: Observe the error messaage for a umount failure case. Bug: 36686818 Change-Id: I28e335c2df4454dd0192f95e3909599fcc9dc1c0
2017-03-18Remove the dead #include's in verifier.cpp.Tao Bao1-4/+1
A follow-up to commit 5e535014dd7961fbf812abeaa27f3339775031f1. Also clean up Android.mk, since libverifier no longer needs anything from libminui. Test: mmma bootable/recovery Test: recovery_component_test passes. Change-Id: I1c11e4bbeef67ca34a2054debf1f5b280d509217
2017-01-17minui: Export minui/minui.h.Tao Bao1-1/+5
For libminui static and shared libraries. Test: build Change-Id: Ib30dc5e2ef4a3c8b3ca3a0cec68cb65e229a0c16
2017-01-11Remove "_static" suffix from libsparseAlex Deymo1-1/+1
Bug: 34220783 Change-Id: I358f931f0b29f5bd526e1475180e477e2e90b936
2017-01-11Remove "_static" suffix from libext4_utils.Alex Deymo1-1/+1
Bug: 34220783 Change-Id: I34ccc3b11da0d1b48805967ad75b9ddade569930
2016-11-04Cleanup the duplicates of logs rotation functionsTianjie Xu1-3/+8
Bug: 32067516 Test: Logs rotated successfully on angler, recovery-refresh/persist tests passed on an a/b device. Change-Id: Ie80adf0fa958ad3d7869d2d17f49489666b86c29
2016-10-18Create bootloader_message static library.Yabin Cui1-6/+8
bootloader_messages merges bootloader_message_writer and bootloader.cpp, so we can use the same library to manage bootloader_message in normal boot and recovery mode. Bug: 29582118 Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618 (cherry picked from commit 2f272c0551f984e83bc5abaf240e0dddb38a3326)
2016-10-18Replace minzip with libziparchiveTianjie Xu1-2/+3
Clean up the duplicated codes that handle the zip files in bootable/recovery; and rename the library of the remaining utility functions to libotautil. Test: Update package installed successfully on angler. Bug: 19472796 Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
2016-10-09Update the header path for ext4_utils.Tao Bao1-4/+0
Test: `mmma bootable/recovery` Change-Id: I70ccddb3ddf46bb012fdc5f632afc46ebdd5473e
2016-10-09Disable the meaningless parts of the UI for A/B.Elliott Hughes1-0/+4
Bug: http://b/28748484 Test: mmma bootable/recovery Change-Id: Ie86a265f4699503471e7c717d65677a916dbd25b (cherry picked from commit 01fcbe160bd49891c0680b80c5688cd4feb2adbc)
2016-09-30Turn on -Werror for recoveryTianjie Xu1-1/+2
Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab (cherry picked from commit 7aa88748f6ec4e53333d1a15747bc44826ccc410)
2016-09-30Turn on -Werror for recoveryTianjie Xu1-1/+2
Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
2016-09-01Switch recovery to libbase loggingTianjie Xu1-1/+1
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 (cherry picked from commit 747781433fb01f745529c7e9dd97c5599070ad0d)
2016-09-01Switch recovery to libbase loggingTianjie Xu1-1/+1
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
2016-08-06Fix references to libcrypto_utils_static.Josh Gao1-4/+4
Bug: http://b/30708454 Change-Id: I7a5048beff1d8b783a9683dcb4a79606a77f20ee
2016-06-30Create bootloader_message static library.Yabin Cui1-5/+7
bootloader_messages merges bootloader_message_writer and bootloader.cpp, so we can use the same library to manage bootloader_message in normal boot and recovery mode. Bug: 29582118 Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618
2016-06-10Remove obsolete MTD support.Elliott Hughes1-9/+13
Bug: http://b/29250988 Change-Id: Ia97ba9082a165c37f74d6e1c3f71a367adc59945
2016-05-24Disable the meaningless parts of the UI for A/B.Elliott Hughes1-0/+4
Bug: http://b/28748484 Change-Id: Ie86a265f4699503471e7c717d65677a916dbd25b
2016-04-14Use BoringSSL instead of mincrypt to speed up package verification.Elliott Hughes1-2/+3
This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with merge conflict resolution, extra logging in verifier.cpp, and an increase in the hash chunk size from 4KiB to 1MiB. Bug: http://b/28135231 Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
2016-04-06Convert recovery to use BoringSSL instead of mincrypt.Mattias Nissler1-2/+4
This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
2016-03-31recovery: use __android_log_pmsg_file_write for log filesMark Salyzyn1-0/+24
(cherry-pick from commit a4f701af93a5a739f34823cde0c493dfbc63537a) - Add call to __android_log_pmsg_file_write for recovery logging. - Add call to refresh pmsg if we reboot back into recovery and then allow overwrite of those logs. - Add a new one-time executable recovery-refresh that refreshes pmsg in post-fs phase of init. We rely on pmsg eventually scrolling off to age the content after recovery-persist has done its job. - Add a new one-time executable recovery-persist that transfers from pmsg to /data/misc/recovery/ directory if /cache is not mounted in post-fs-data phase of init. - Build and appropriately trigger the above two as required if BOARD_CACHEIMAGE_PARTITION_SIZE is undefined. - Add some simple unit tests NB: Test failure is expected on systems that do not deliver either the recovery-persist or recovery-refresh executables, e.g. systems with /cache. Tests also require a timely reboot sequence of test to truly verify, tests provide guidance on stderr to direct. Bug: 27176738 Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
2016-03-28recovery: use __android_log_pmsg_file_write for log filesMark Salyzyn1-0/+24
- Add call to __android_log_pmsg_file_write for recovery logging. - Add call to refresh pmsg if we reboot back into recovery and then allow overwrite of those logs. - Add a new one-time executable recovery-refresh that refreshes pmsg in post-fs phase of init. We rely on pmsg eventually scrolling off to age the content after recovery-persist has done its job. - Add a new one-time executable recovery-persist that transfers from pmsg to /data/misc/recovery/ directory if /cache is not mounted in post-fs-data phase of init. - Build and appropriately trigger the above two as required if BOARD_CACHEIMAGE_PARTITION_SIZE is undefined. - Add some simple unit tests NB: Test failure is expected on systems that do not deliver either the recovery-persist or recovery-refresh executables, e.g. systems with /cache. Tests also require a timely reboot sequence of test to truly verify, tests provide guidance on stderr to direct. Bug: 27176738 Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
2016-03-18recovery: Move SwipeDetector into common locationPrashant Malani1-0/+1
The SwipeDetector class is used almost unchanged in all locations. This patch moves it into the recovery module, from which devices can reference it if required. The class is now renamed to WearSwipeDetector. Bug: 27407422 Change-Id: Ifd3c7069a287548b89b14ab5d6d2b90a298e0145
2016-03-03Fix the improper use of LOCAL_WHOLE_STATIC_LIBRARIES.Tao Bao1-3/+6
If two libraries both use LOCAL_WHOLE_STATIC_LIBRARIES and include a same library, there would be linking errors when generating a shared library (or executable) that depends on the two libraries both. Also clean up Android.mk files. Remove the "LOCAL_MODULE_TAGS := eng" line for the updater module. The module will then default to "optional" which won't be built until needed. Change-Id: I3ec227109b8aa744b7568e7f82f575aae3fe0e6f
2016-02-23recovery: check battery level before installing package.Yabin Cui1-0/+4
Bug: 26879394 Change-Id: I63dce5bc50c2e104129f1bcab7d3cad5682bf45d (cherry picked from commit 53e7a0628f4acc95481f556ba51800df4a1de37d)
2016-02-20recovery: check battery level before installing package.Yabin Cui1-0/+4
Bug: 26879394 Change-Id: I63dce5bc50c2e104129f1bcab7d3cad5682bf45d
2016-02-10IO fault injection for OTA packagesJed Estep1-0/+1
Bug: 25951086 Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c (cherry-picked from commit f1fc48c6e62cfee42d25ad12f443e22d50c15d0b)
2016-02-04Refactor existing tests to use gtestJed Estep1-19/+1
Bug: 26962907 Change-Id: I5f80636af1740badeff7d08193f08e23f4e4fee1
2016-01-06IO fault injection for OTA packagesJed Estep1-0/+1
Bug: 25951086 Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
2015-12-08Add update_verifier for A/B OTA update.Tao Bao1-0/+1
update_verifier checks the integrity of the updated system and vendor partitions on the first boot post an A/B OTA update. It marks the current slot as having booted successfully if it passes the verification. This CL doesn't perform any actual verification work which will be addressed in follow-up CLs. Bug: 26039641 Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42 (cherry picked from commit 1171d3a12b13ca3f1d4301985cf068076e55ae26)
2015-12-07Add update_verifier for A/B OTA update.Tao Bao1-0/+1
update_verifier checks the integrity of the updated system and vendor partitions on the first boot post an A/B OTA update. It marks the current slot as having booted successfully if it passes the verification. This CL doesn't perform any actual verification work which will be addressed in follow-up CLs. Bug: 26039641 Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42
2015-11-16Stop using libstdc++.Dan Albert1-2/+0
These are already getting libc++, so it isn't necessary. If any of the other static libraries (such as adb) use new or delete from libc++, there will be symbol collisions. Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f (cherry picked from commit e49a9e527a51f43db792263bb60bfc91293848da)
2015-11-16recovery: Switch to clangTao Bao1-2/+4
And a few trival fixes to suppress warnings. Change-Id: Id28e3581aaca4bda59826afa80c0c1cdfb0442fc (cherry picked from commit 80e46e08de5f65702fa7f7cd3ef83f905d919bbc)
2015-10-28recovery: Depend on mkfs.f2fs only if needed.Tao Bao1-0/+2
Don't build mkfs.f2fs unless device defines TARGET_USERIMAGES_USE_F2FS. Change-Id: Ifac592c30315bbe7590c8fbf3a0844e6a7a31a1a
2015-09-09Track usage of Vector / SortedVector from libutils DO NOT MERGENarayan Kamath1-0/+1
bug: 22953624 Change-Id: Ifcc17e39433ac91ca41da5d336fb3006dfbb65a8
2015-08-25recovery: Factor out wear_ui.{cpp,h} into bootable/recovery.Tao Bao1-0/+1
Every watch has a (mostly identical) copy of the wear_ui. Factor them out into a single copy for easier maintenance. Device-specific settings should be defined in recovery_ui.cpp that inherits WearRecoveryUI class. Bug: 22451422 Change-Id: Id07efca37d1b1d330e6327506c7b73ccf6ae9241
2015-07-24recovery: Switch fuse_* to C++.Tao Bao1-2/+2
Change-Id: Id50c3e6febd0ab61f10a654b9b265cf21a2d1701 (cherry picked from commit 71dc365f25676cfb3f62dbb7163697a8c3c5243d)
2015-07-20recovery: Switch fuse_* to C++.Tao Bao1-2/+2
Change-Id: I68770ad1a9e99caee292f8010cfd37dfea3acc64
2015-06-03recovery: Switch to clangTao Bao1-2/+4
And a few trival fixes to suppress warnings. Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
2015-05-19Stop using libstdc++.Dan Albert1-2/+0
These are already getting libc++, so it isn't necessary. If any of the other static libraries (such as adb) use new or delete from libc++, there will be symbol collisions. Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f
2015-04-14Move the menu header out of the menu.Elliott Hughes1-0/+1
This makes it easier for us to deal with arbitrary information at the top, and means that headers added by specific commands don't overwrite the default ones. Add the fingerprint back, but broken up so it fits even on sprout's display. Change-Id: Id71da79ab1aa455a611d72756a3100a97ceb4c1c
2015-04-10Move "Mount /system" to the main menu.Elliott Hughes1-1/+0
Everyone's adding secret key combinations for this anyway, and it's very useful when debugging. Change-Id: Iad549452b872a7af963dd649f283ebcd3ea24234
2015-04-09Move default implementations into Device.Elliott Hughes1-5/+6
The current abstract class was a nice idea but has led to a lot of copy & paste in practice. Right now, no one we know of has any extra menu items, so let's make the default menu available to everyone. (If we assume that someone somewhere really does need custom device-specific menu options, a better API would let them add to our menu rather than replacing it.) Change-Id: I59f6a92f3ecd830c2ce78ce9da19eaaf472c5dfa
2015-03-11Install the recovery binary directly to the recovery image.Ying Wang1-5/+1
This eliminated the previous hack, that doesn't work reliably with the "LOCAL_REQUIRED_MODULES := mkfs.f2fs". Bug: 19666886 Change-Id: I1f0a2d41129f402c0165f3b86b6fda077291f282
2015-03-10Install the recovery binary directly to the recovery image.Ying Wang1-5/+1
This eliminated the previous hack, that doesn't work reliably with the "LOCAL_REQUIRED_MODULES := mkfs.f2fs". Bug: 19666886 Change-Id: I1f0a2d41129f402c0165f3b86b6fda077291f282
2015-02-20Kill of most of the remainder of minadbd.Dan Albert1-1/+0
I think everything left now is here to stay (services.c might get massaged in to libadbd if it gets refactored). Bug: 17626262 Change-Id: I01faf8b277a601a40e3a0f4c3b8206c97f1d2ce6
2015-02-19Use headers from adb.Dan Albert1-3/+4
adb.h has diverged a bit, so that one will be more involved, but these three are all trivial, unimportant changes. Change-Id: Ief8474c1c2927d7e955adf04f887c76ab37077a6
2015-02-19Lose USB transport code to libadb.Dan Albert1-1/+1
Bug: 17626262 Change-Id: If41031ba20a3a75fa510f155c654a482b47e409d
2015-01-23Remove superfluous OpenSSL include paths.Adam Langley1-1/+0
This include path was needed because system/vold/cryptfs.h included an OpenSSL header just to get the length of a SHA-256 hash. This has been fixed in https://android-review.googlesource.com/#/c/124477/1. Change-Id: I06a8ba0ee5b9efcc3260598f07d9819f065711de
2014-11-25Start losing code to libadb.Dan Albert1-0/+1
Bug: 17626262 Change-Id: I8ce7cff2b7789f39f35a4211d7120d072c05a863
2014-11-07Fix build when TARGET_USERIMAGES_USE_EXT4 is not definedAdrien Grassein1-1/+3
The cryptfs.h files is always included, but its path is only included when TARGET_USERIMAGES_USE_EXT4 is defined. Change-Id: Iec6aa4601a56a1feac456a21a53a08557dc1d00d
2014-07-10do sdcard sideloading through the fuse filesystemDoug Zongker1-1/+2
Make a fuse filesystem that sits on top of the selected package file on the sdcard, so we can verify that the file contents don't change while being read and avoid copying the file to /tmp (that is, RAM) before verifying and installing it. Change-Id: Ifd982aa68bfe469eda5f839042648654bf7386a1
2014-07-10refactor fuse sideloading codeDoug Zongker1-0/+13
Split the adb-specific portions (fetching a block from the adb host and closing the connections) out from the rest of the FUSE filesystem code, so that we can reuse the fuse stuff for installing off sdcards as well. Change-Id: I0ba385fd35999c5f5cad27842bc82024a264dd14
2014-06-18Use LOCAL_REQUIRED_MODULES for mkfs.f2fsJi-Hwan Lee1-5/+3
Instead of LOCAL_ADDITIONAL_DEPENDENCIES. Bug: 15702524 Change-Id: Ic152ae60354bf09eccdb9a85dcd04f0f076a6422
2014-06-17Support F2FS for the data partitionJP Abgrall1-0/+6
This adds F2FS support - for wiping a device - for the install "format" command. Note: crypto data in "footer" with a default/negative length is not supported, unlike with "ext4". Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870 Signed-off-by: JP Abgrall <jpa@google.com>
2014-03-11remove pixelflinger from recoveryDoug Zongker1-1/+0
Recovery now draws directly to the framebuffer by rolling its own graphics code, rather than depending on libpixelflinger. The recovery UI is modified slightly to eliminate operations that are slow with the software implementation: when the text display / menu is turned on, it now appears on a black background instead of a dimmed version of the recovery icon. There's probably substantial room for optimization of the graphics operations. Bug: 12131110 Change-Id: Iab6520e0a7aaec39e2ce39377c10aef82ae0c595 Conflicts: minui/resources.c
2014-03-11allow CheckKey to request mounting /systemDoug Zongker1-0/+1
Also provide a default implementation of CheckKey that's reasonable for many devices (those that have power and volume keys). Change-Id: Icf6c7746ebd866152d402059dbd27fd16bd51ff8
2014-03-11remove pixelflinger from recoveryDoug Zongker1-1/+0
Recovery now draws directly to the framebuffer by rolling its own graphics code, rather than depending on libpixelflinger. The recovery UI is modified slightly to eliminate operations that are slow with the software implementation: when the text display / menu is turned on, it now appears on a black background instead of a dimmed version of the recovery icon. There's probably substantial room for optimization of the graphics operations. Bug: 12131110 Change-Id: Iab6520e0a7aaec39e2ce39377c10aef82ae0c595
2014-03-03Fix build break caused by vold changePaul Lawrence1-0/+1
cryptfs.h now includes sha header from libcrypto folder Change-Id: Icd02c88971aedf96040c3bd9ca759e531546023b
2014-02-14clean up some warnings when building recoveryDoug Zongker1-0/+2
Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
2014-02-14remove 'retouch' ASLR supportDoug Zongker1-1/+0
Older versions of android supported an ASLR system where binaries were randomly twiddled at OTA install time. Remove support for this; we now use the ASLR support in the linux kernel. Change-Id: I8348eb0d6424692668dc1a00e2416fbef6c158a2
2014-01-16program to store unencrypted files in an encrypted filesystemDoug Zongker1-0/+1
uncrypt can read a file on an encrypted filesystem and rewrite it to the same blocks on the underlying (unencrypted) block device. This destroys the contents of the file as far as the encrypted filesystem is concerned, but allows the data to be read without the encryption key if you know which blocks of the raw device to access. uncrypt produces a "block map" file which lists the blocks that contain the file. For unencrypted filesystem, uncrypt will produce the block map without touching the data. Bug: 12188746 Change-Id: Ib7259b9e14dac8af406796b429d58378a00c7c63
2014-01-16do verification and extraction on memory, not filesDoug Zongker1-0/+1
Changes minzip and recovery's file signature verification to work on memory regions, rather than files. For packages which are regular files, install.cpp now mmap()s them into memory and then passes the mapped memory to the verifier and to the minzip library. Support for files which are raw block maps (which will be used when we have packages written to encrypted data partitions) is present but largely untested so far. Bug: 12188746 Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
2013-12-13recovery: wipe encryption metadata along with data partitionDoug Zongker1-1/+1
This assumes that the metadata is correctly defined in fstab. Which apparently some devices don't do. Bug: 8766487 Bug: 12112624 Change-Id: I1b14b9d4c888e9348527984be3dce04bdd9f4de0
2013-10-10Add support for ECDSA signaturesKenny Root1-1/+10
This adds support for key version 5 which is an EC key using the NIST P-256 curve parameters. OTAs may be signed with these keys using the ECDSA signature algorithm with SHA-256. Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
2013-09-05allow CheckKey to request mounting /systemDoug Zongker1-0/+1
Also provide a default implementation of CheckKey that's reasonable for many devices (those that have power and volume keys). Change-Id: Icf6c7746ebd866152d402059dbd27fd16bd51ff8
2013-04-10Add liblogYing Wang1-0/+1
Bug: 8580410 Change-Id: Ie60dade81c06589cb0daee431611ded34adef8e6
2013-02-20Move to using the new unified fstab in recovery.Ken Sumrall1-0/+2
Instead of reading it's own fstab, have recovery invoke fs_mgr to read the unified fstab. Change-Id: I80c75d2c53b809ac60a4a69f0ef7ebfa707c39e9
2012-10-16Remove HAVE_SELINUX guardsKenny Root1-12/+1
Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
2012-08-24Add libm due to libpng dependency.Stephen Hines1-0/+1
Change-Id: I0bdc2df5ef358813587f613a1b50eaa850e95782
2012-08-14Use the static version of libsparseJoe Onorato1-1/+1
Change-Id: I664f8dc7939f8f902e4775eaaf6476fcd4ab8ed2
2012-08-14Multiple modules with the same name are going away.Joe Onorato1-35/+59
Change-Id: I4154db066865d6031caa3c2c3b94064b2f28076e
2012-07-24Use the static version of libsparseJoe Onorato1-1/+1
Change-Id: I664f8dc7939f8f902e4775eaaf6476fcd4ab8ed2
2012-07-22Multiple modules with the same name are going away.Joe Onorato1-35/+59
Change-Id: I4154db066865d6031caa3c2c3b94064b2f28076e
2012-07-18Link against libsparseColin Cross1-2/+2
libext4_utils requires libsparse, link against it as well. Change-Id: I4d6aec0e5edcf1ed42118b7b77adcded2858d3dd
2012-03-30Extend recovery and updater to support setting file security contexts.Stephen Smalley1-1/+2
Extend minzip, recovery, and updater to set the security context on files based on the file_contexts configuration included in the package. Change-Id: Ied379f266a16c64f2b4dca15dc39b98fcce16f29
2012-01-31libz is a superset of libunz, so we don't need both.Elliott Hughes1-2/+2
Change-Id: I082995c338feaf5d11288300768624cd51b027a4
2012-01-24Add libselinux to LOCAL_STATIC_LIBRARIES wherever libext4_utils is used.Stephen Smalley1-0/+11
libext4_utils now calls libselinux in order to determine the file security context to set on files when creating ext4 images. Change-Id: I09fb9d563d22ee106bf100eacd4cd9c6300b1152
2012-01-18support "sideload over ADB" modeDoug Zongker1-2/+4
Rather than depending on the existence of some place to store a file that is accessible to users on an an unbootable device (eg, a physical sdcard, external USB drive, etc.), add support for sideloading packages sent to the device with adb. This change adds a "minimal adbd" which supports nothing but receiving a package over adb (with the "adb sideload" command) and storing it to a fixed filename in the /tmp ramdisk, from where it can be verified and sideloaded in the usual way. This should be leave available even on locked user-build devices. The user can select "apply package from ADB" from the recovery menu, which starts minimal-adb mode (shutting down any real adbd that may be running). Once minimal-adb has received a package it exits (restarting real adbd if appropriate) and then verification and installation of the received package proceeds. always initialize usb product, vendor, etc. for adb in recovery Set these values even on non-debuggable builds, so that the mini-adb now in recovery can work.
2012-01-10support "sideload over ADB" modeDoug Zongker1-2/+4
Rather than depending on the existence of some place to store a file that is accessible to users on an an unbootable device (eg, a physical sdcard, external USB drive, etc.), add support for sideloading packages sent to the device with adb. This change adds a "minimal adbd" which supports nothing but receiving a package over adb (with the "adb sideload" command) and storing it to a fixed filename in the /tmp ramdisk, from where it can be verified and sideloaded in the usual way. This should be leave available even on locked user-build devices. The user can select "apply package from ADB" from the recovery menu, which starts minimal-adb mode (shutting down any real adbd that may be running). Once minimal-adb has received a package it exits (restarting real adbd if appropriate) and then verification and installation of the received package proceeds. Change-Id: I6fe13161ca064a98d06fa32104e1f432826582f5
2011-11-04move key processing to RecoveryUIDoug Zongker1-2/+3
Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so it can be used by devices without screens. Remove the UIParameters struct and replace it with some new member variables in ScreenRecoveryUI. Change-Id: I70094ecbc4acbf76ce44d5b5ec2036c36bdc3414
2011-11-01fix verifier testDoug Zongker1-2/+2
Needs to link with libminui and ui.cpp now. Change-Id: I5005e12cf8adb13d320921e3f9174e8c7304d7bf
2011-11-01move key processing to RecoveryUIDoug Zongker1-0/+1
Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so it can be used by devices without screens. Remove the UIParameters struct and replace it with some new member variables in ScreenRecoveryUI. Change-Id: I4c0e659edcbedc0b9e86ed261ae4dbb3c6097414
2011-10-31C++ class for device-specific codeDoug Zongker1-7/+7
Replace the device-specific functions with a class. Move some of the key handling (for log visibility toggling and rebooting) into the UI class. Fix up the key handling so there is less crosstalk between the immediate keys and the queued keys (an increasing annoyance on button-limited devices). Change-Id: I698f6fd21c67a1e55429312a0484b6c393cad46f
2011-10-31temporarily remove verifier_test binaryDoug Zongker1-6/+6
Change-Id: I61f249861b27180225fb786901275d2da611531b
2011-10-31refactor ui functions into a classDoug Zongker1-1/+1
Move all the functions in ui.c to be members of a ScreenRecoveryUI class, which is a subclass of an abstract RecoveryUI class. Recovery then creates a global singleton instance of this class and then invoke the methods to drive the UI. We use this to allow substitution of a different RecoveryUI implementation for devices with radically different form factors (eg, that don't have a screen). Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
2011-10-31C++ class for device-specific codeDoug Zongker1-1/+1
Replace the device-specific functions with a class. Move some of the key handling (for log visibility toggling and rebooting) into the UI class. Fix up the key handling so there is less crosstalk between the immediate keys and the queued keys (an increasing annoyance on button-limited devices). Change-Id: I8bdea6505da7974631bf3d9ac3ee308f8c0f76e1
2011-10-31turn recovery into a C++ binaryDoug Zongker1-7/+7
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555
2011-10-29refactor ui functions into a classDoug Zongker1-1/+1
Move all the functions in ui.c to be members of a ScreenRecoveryUI class, which is a subclass of an abstract RecoveryUI class. Recovery then creates a global singleton instance of this class and then invoke the methods to drive the UI. We use this to allow substitution of a different RecoveryUI implementation for devices with radically different form factors (eg, that don't have a screen). Change-Id: I7fd8b2949d0db5a3f47c52978bca183966c86f33
2011-10-28turn recovery into a C++ binaryDoug Zongker1-7/+7
Change-Id: I68a67a4c8edec9a74463b3d4766005ce27b51316
2011-07-12Remove the simulator target from all makefiles.Jeff Brown1-4/+0
Bug: 5010576 Change-Id: Ib465fdb42c8621899bea15c04a427d7ab1641a8c
2011-02-09Fix x86 build.Ying Wang1-3/+0
Change-Id: Iada6268b0a72ee832113ea397334cc7950a37051
2011-01-18remove encrypted filesystem code from recoveryDoug Zongker1-2/+1
This was never used; encrypted filesystems are being done a different way now. Change-Id: I519c57b9be44d001f0b81516af7bfc252069892b
2010-09-21remove the notion of "root path"; support mixed flash typesDoug Zongker1-2/+3
Remove the wacky notion of "roots" and "root paths" (those things that look like "FOO:some/path" instead of just "/foo/some/path"). Let each device specify its own table of available partitions and how to mount them (needed for devices that use both MTD/yaffs2 and EMMC/ext4 partitions). (Cherrypicked from gingerbread w/slight edits.) Change-Id: I2479ce76b13e73f1d12035c89386c3a82b3edf51
2010-09-21remove the notion of "root path"; support mixed flash types (do not merge)Doug Zongker1-2/+3
Remove the wacky notion of "roots" and "root paths" (those things that look like "FOO:some/path" instead of just "/foo/some/path"). Let each device specify its own table of available partitions and how to mount them (needed for devices that use both MTD/yaffs2 and EMMC/ext4 partitions). Change-Id: I18b0a572a71c5e087e0b7ae11b1774388339bfd1
2010-08-02Working ASLR implementationHristo Bojinov1-0/+1
Separate files for retouch functionality are in minelf/* ASLR for shared libraries is controlled by "-a" in ota_from_target_files. Binary files are self-contained. Retouch logic can recover from crashes. Signed-off-by: Hristo Bojinov <hristo@google.com> Change-Id: I76c596abf4febd68c14f9d807ac62e8751e0b1bd
2010-06-30support userdata and cache partitions using emmc/ext4 instead of mtd/yaffsDoug Zongker1-1/+8
Change-Id: I827af624c9ec7c64decb702de8c0310cf19b4141
2010-04-02DO NOT MERGEOscar Montemayor1-1/+1
Encrypted File Systems integration. Recovery changes. Change-Id: I932f73a6f937aac061128e1134eab08c30f0471d
2010-03-27DO NOT MERGEOscar Montemayor1-2/+1
Removing unused recovey options. Please refer to Bug#2502219 for more info. Change-Id: I2fe3cdb0c8b93ed7e1cc4093824fbe181f5f0aea
2010-03-15Encrypted File Systems part 3. Recovery changes.Oscar Montemayor1-1/+1
Change-Id: I932f73a6f937aac061128e1134eab08c30f0471d
2010-02-18relocate applypatch; add type system and new functions to edifyDoug Zongker1-0/+1
- Move applypatch to this package (from build). - Add a rudimentary type system to edify: instead of just returning a char*, functions now return a Value*, which is a struct that can carry different types of value (currently just STRING and BLOB). Convert all functions to this new scheme. - Change the one-argument form of package_extract_file to return a Value of the new BLOB type. - Add read_file() to load a local file and return a blob, and sha1_check() to test a blob (or string) against a set of possible sha1s. read_file() uses the file-loading code from applypatch so it can read MTD partitions as well. This is the start of better integration between applypatch and the rest of edify. b/2361316 - VZW Issue PP628: Continuous reset to Droid logo: framework-res.apk update failed (CR LIBtt59130) Change-Id: Ibd038074749a4d515de1f115c498c6c589ee91e5
2010-02-03bump updater API version to 3; deprecate firmware update commandDoug Zongker1-2/+1
Remove support for the HTC-specific "firmware" update command and the corresponding edify function write_firmware_update(). This functionality is now done by an edify extension library that lives in vendor/htc. Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
2009-12-10Recovery changes for Encrypted File Systems.Oscar Montemayor1-8/+9
This change enables/disables the Encrypted file systems feature. It reads some properties form the data partition, wipes the partition out, and then rewrites the proper properties again into the data partition to signal that encrypted FS are enabled.
2009-12-10add a simple unit test for the OTA package verifierDoug Zongker1-0/+16
2009-11-13eclair snapshotJean-Baptiste Queru1-4/+10
2009-07-15remove amendDoug Zongker1-3/+1
Yank all the code to install OTA packages out of the recovery binary itself. Now packages are installed by a binary included in the package (run as a child of recovery), so we can make improvements in the installation process without waiting for a new release to use them.
2009-06-18let the "firmware" command take the file straight from the packageDoug Zongker1-0/+3
To do a firmware-install-on-reboot, the update binary tells recovery what file to install before rebooting. Let this file be specified as "PACKAGE:<foo>" to indicate taking the file out of the OTA package, avoiding an extra copy to /tmp. Bump the API version number to reflect this change.
2009-06-12fix sim build in donut, tooDoug Zongker1-4/+4
2009-06-12fix simulator build by excluding more of recoveryDoug Zongker1-3/+4
2009-06-12edify extensions for OTA package installation, part 1Doug Zongker1-0/+2
Adds the following edify functions: mount unmount format show_progress delete delete_recursive package_extract symlink set_perm set_perm_recursive This set is enough to extract and install the system part of a (full) OTA package. Adds the updater binary that extracts an edify script from the OTA package and then executes it. Minor changes to the edify core (adds a sleep() builtin for debugging, adds "." to the set of characters that can appear in an unquoted string).
2009-06-11split out device-specific recovery UI code into vendor directoriesDoug Zongker1-6/+11
Take some device-specific details of the recovery UI (eg, what keys to press to bring up the interface and perform actions, exact text of the menu, etc.) and split them out into separate C functions. Arrange to take implementations of those functions from the appropriate vendor directory at build time. Provide a default implementation in case no vendor-specific one is available.
2009-04-02AI 144132: am: CL 144130 Don't build OTA package keys into the recovery binary; readDoug Zongker1-13/+0
them from an external file in the recovery image. Use the test-keys for all builds. Original author: dougz Merged from: //branches/donutburger/... Automated import of CL 144132
2009-04-02AI 144130: Don't build OTA package keys into the recovery binary; readDoug Zongker1-13/+0
them from an external file in the recovery image. Use the test-keys for all builds. Automated import of CL 144130
2009-03-28AI 143289: am: CL 143128 Use PNG instead of BMP for recovery image icons. This savesDoug Zongker1-1/+1
about 60k from the recovery and system images. Original author: dougz Merged from: //branches/donutburger/... Automated import of CL 143289
2009-03-27AI 143128: Use PNG instead of BMP for recovery image icons. This savesDoug Zongker1-1/+1
about 60k from the recovery and system images. Automated import of CL 143128
2009-03-04auto import from //depot/cupcake/@135843The Android Open Source Project1-0/+60
2009-03-04auto import from //depot/cupcake/@135843The Android Open Source Project1-60/+0
2008-12-18Code drop from //branches/cupcake/...@124589The Android Open Source Project1-0/+3