summaryrefslogtreecommitdiffstats
path: root/update_verifier (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add 'system' to update_verifier's gidTianjie Xu2017-04-191-2/+2
| | | | | | | | | | | | | | | | This addresses the denial to /dev/cpuset/tasks: update_verifier: type=1400 audit(0.0:377): avc: denied { dac_override } for capability=1 scontext=u:r:update_verifier:s0 tcontext=u:r:update_verifier:s0 tclass=capability permissive=1 update_verifier: type=1400 audit(0.0:378): avc: granted { write } for name="tasks" dev="cgroup" ino=5 scontext=u:r:update_verifier:s0 tcontext=u:object_r:cgroup:s0 tclass=file Bug: 37358323 Test: denial message gone after adding system group Change-Id: I66b4925295a13fbc1c6f26a1bb9bd2f9cebcec3d (cherry-picked from 0ad2de5eab12dbf63ad43bd0c3e5ef729984cf81)
* Merge "update_verifier: correct group in rc file" into oc-devTreeHugger Robot2017-04-042-3/+3
|\
| * update_verifier: correct group in rc fileTom Cherry2017-04-042-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | update_verifier should be in the cache group, not 'class'. Also use PLOG instead of LOG if care_map.txt cannot be opened. Bug: 36818743 Test: boot sailfish Test: fake OTA on sailfish and verify update_verifier reads care_package (cherry picked from commit 3a8002f8c0382894b65ea3cece784287a75c7881) Change-Id: I7e4cccd457ee84054164077c81d04ad7cb394c7a
* | update_verifier: tweak priority of update_verifier for quick bootWei Wang2017-04-041-2/+2
|/ | | | | | | | | | | Highest ioprio is 0 for CFQ and we should run update_verifier with that. Tested on device and showing boottime decreased. Bug: 36511808 Bug: 36102163 Test: Boot marlin Change-Id: Iddd925951d976e21014b61e5590bcdae3cea8470 (cherry picked from commit a015cd1d7a3af5d9c06622e00be47fee52ba4b02)
* Merge "Use regular check for partition name instead of CHECK()" am: 76cb4eeda6 am: cd66e52573Tianjie Xu2017-04-021-3/+4
| | | | | | | am: 705a4d72c8 Change-Id: Ie1f8e1c6ab9fddf1b355287f0c4e5fc0b2631441 (cherry picked from commit 2e797d9905df9ca3a6068a23f6ad6669b823657d)
* Merge "Update_verifier should read blocks in EIO mode" am: 21d481c81e am: 89559e3cfeTianjie Xu2017-04-021-26/+33
| | | | | | | am: 81f5b04df2 Change-Id: I20f459c3403ec0e120769bd805b9508dbe11b989 (cherry picked from commit e3ea825181d073eb240cdedaf4aa412647b495fd)
* update_verifier: raise priority and ioprio and start with exec_startTom Cherry2017-03-292-0/+13
| | | | | | | | | | | | Raise the priority and ioprio of update_verifier and launch with exec_start. This saves ~100ms of time before `class_start main` is executed. Bug: 36511808 Bug: 36102163 Test: Boot bullhead Test: Verify boottime decrease on sailfish Change-Id: I944a6c0d4368ead5b99171f49142da2523ed1bdd (cherry picked from commit 545317f4fb99efd4d2c32187328e617ad6f69980)
* update_verifier: Set the success flag if dm-verity is not enabled.Tao Bao2017-03-112-0/+9
| | | | | | | | | | For devices that are not using dm-verity, update_verifier can't verify anything, but to mark the successfully booted flag unconditionally. Test: Successfully-booted flag is set on devices w/o dm-verity. Test: Successfully-booted flag is set after verification on devices w/ dm-verity. Change-Id: I79ab2caec2d4284aad0d66dd161adabebde175b6
* update_verifier should read dm wrapped partitionTianjie Xu2017-01-261-6/+64
| | | | | | | | | | | update_verifier used to read from system_block_device, which bypasses dm-verity check completely. Switch update_verifier to read the corresponding '/dev/block/dm-X' instead. U_v gets the verity block device number by comparing the contents in '/sys/block/dm-X/dm/name'. Bug: 34391662 Test: update_verifier detects the corrupped blocks and dm-verity trigger the reboot on Sailfish. Change-Id: Ie5c50c23410bd29fcc6e733ba29cf892e9a07460
* Merge "update_verifier: Move property_get() to android::base::GetProperty()."Tao Bao2017-01-251-48/+46
|\
| * update_verifier: Move property_get() to android::base::GetProperty().Tao Bao2017-01-201-48/+46
| | | | | | | | | | | | | | | | | | | | Also make minor changes to android::base::ParseUint(), which accepts std::string now. Test: Flash an A/B device and make sure update_verifier works (by marking the active slot as successfully booted). Change-Id: Id6e578671cb3c87160c2b6ca717ee618ecf2342a
* | bootctrl HAL uses "default" service nameChris Phoenix2017-01-201-1/+1
|/ | | | | | | | | | | | | | The getService() and registerAsService() methods of interface objects now have default parameters of "default" for the service name. HALs will not have to use any service name unless they want to register more than one service. Test: builds; verify HAL still works In support of b/33844934 Change-Id: I5ce988128b0471384e1472298a0ae383df2b7c3e Merged-In: I86c44aaaaf663e774c631a469ebf2b81619f89c4
* Switch update verifier to HIDL HALConnor O'Brien2016-11-212-15/+21
| | | | | | | Test: UV logs show success in both binderized and passthrough modes. Bug: 31864052 Change-Id: Ied67a52c458dba7fe600e0fe7eca84db1a9f2587 Signed-off-by: Connor O'Brien <connoro@google.com>
* Revert "Convert update_verifier to boot HIDL HAL"Connor O'Brien2016-11-182-21/+15
| | | | | | | This reverts commit f50593c447faf8415615b5dea2666d7f0f24a0fb. Bug: 32973182 Change-Id: I5b14a812671ea02575cb452242ff1a6f05edb9c1
* Convert update_verifier to boot HIDL HALConnor O'Brien2016-11-162-15/+21
| | | | | | | Test: Flashed device and confirmed update_verifier runs successfully Change-Id: I5bce4ece1e3ba98f57299c9cf469a5e2a5226ff2 Merged-In: I5bce4ece1e3ba98f57299c9cf469a5e2a5226ff2 Signed-off-by: Connor O'Brien <connoro@google.com>
* Touch blocks in care_map in update_verifierTianjie Xu2016-11-092-12/+128
| | | | | | | | | | | | | | Read all blocks in system and vendor partition during boot time so that dm-verity could verify this partition is properly flashed. Bug: 27175949 Change-Id: I38ff7b18ee4f2733e639b89633d36f5ed551c989 Test: mma (cherry picked from commit 03ca853a1c8b974152b7c56cb887ac2f36cfd833) (cherry picked from commit 4bbe0c93c80789891d54a74424731caffda0d0db) (Fix a typo when comparing the verity mode) (cherry picked from commit da654af606d700c0a467c27025fb7f6ef745936d) (Skip update verification if care_map is not found)
* Turn on -Werror for recoveryTianjie Xu2016-09-301-0/+1
| | | | | | | | | | Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
* Switch recovery to libbase loggingTianjie Xu2016-09-012-10/+8
| | | | | | | | Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
* update_verifier: Track the API change for isSlotBootable().Tao Bao2015-12-091-5/+6
| | | | | | | | | [1] added a new API isSlotMarkedSuccessful() to actually query if a given slot has been marked as successful. [1]: commit 72c88c915d957bf2eba73950e7f0407b220d1ef4 Change-Id: I9155c9b9233882a295a9a6e607a844d9125e4c56
* update_verifier: Log to logd instead of kernel log.Tao Bao2015-12-082-12/+8
| | | | | | | | logd already gets started before we call update_verifier. Bug: 26039641 Change-Id: If00669a77bf9a6e5534e33f4e50b42eabba2667a (cherry picked from commit 45eac58ef188679f6df2d80efc0391c6d7904cd8)
* Add update_verifier for A/B OTA update.Tao Bao2015-12-082-0/+108
update_verifier checks the integrity of the updated system and vendor partitions on the first boot post an A/B OTA update. It marks the current slot as having booted successfully if it passes the verification. This CL doesn't perform any actual verification work which will be addressed in follow-up CLs. Bug: 26039641 Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42 (cherry picked from commit 1171d3a12b13ca3f1d4301985cf068076e55ae26)