summaryrefslogtreecommitdiffstats
path: root/updater (unfollow)
Commit message (Collapse)AuthorFilesLines
2019-04-29Consolidate the codes that handle reboot/shutdown.Tao Bao1-1/+1
Test: Choose `Reboot system now`, `Power off`, `Reboot to bootloader` from recovery UI respectively. Test: `adb reboot recovery` while under sideload mode. Change-Id: I0f3d55b80b472178ea4f6970b29cd9df0778b639
2019-01-17Fix potential size overflow in blockimg.cppxunchang1-3/+5
Switch to 64 bit integers since the size of the entire src/tgt images may not fit in size_t of ILP32. There are other theoretical overflow cases in memory allocation and I/O functions. However, they reside within a single transfer command and are less likely to happen. I will evaluate and address them in separate cls. Test: unit tests pass Bug: 122461124 Change-Id: Ib719ee695920877458fcfaa25c6ac058a5bbabf2
2019-01-14updater: add functions to modify dynamic partition metadataYifan Hong7-9/+534
Test: sideload full OTA on cuttlefish Test: sideload incremental OTA on cuttlefish (that grows system, shrinks vendor, and move vendor to group foo) Test: verify that /cache/recovery/cc46ebfd04058569d0c6c1431c6af6c1328458e4 exists (sha1sum of "system") Bug: 111801737 Change-Id: Ibdf6565bc1b60f3665c01739b4c95a85f0261ae5
2019-01-12Create stash dir recursively.Yifan Hong1-1/+2
When applying an OTA package onto the device in OTA mode, if the recovery logs haven't been viewed, there is a chance that /cache/recovery does not exist. Then, stash creation will fail. Create stash directories recursively to avoid this error. Test: without /cache/recovery, sideload the OTA on cuttlefish Change-Id: I5cc01a067d866476a3594e795dcb5b15649e817b
2019-01-05updater: erase ignores EOPNOTSUPP for BLKDISCARDYifan Hong1-11/+10
Test: sideload on cuttlefish Bug: 111801737 Change-Id: I784a2142049054f38d6b70c7af7e88a451996d83
2018-12-20Use dynamically linked f2fs executables.Tao Bao1-4/+5
It also reduces the space cost for devices using f2fs (e.g. crosshatch). /sbin/mkfs.f2fs 722560 => /system/bin/make_f2fs 49568 /sbin/sload.f2fs 1182456 => /system/bin/sload_f2fs 150032 Test: Build and boot recovery on crosshatch. Factory reset. Test: Install a non-A/B OTA package that formats a f2fs partition. Change-Id: Ibe70c8d91a1d07e1c78ff9eac19b1f7955800161
2018-12-20Clean up the arg setup for exec(3).Tao Bao1-54/+34
Test: Build and boot into recovery on marlin. Factory reset. Test: Build and install a non-A/B OTA that calls format. Change-Id: I72416e775e237fc15ca5eff1036175a9eef43b76
2018-11-21make_f2fs: use -g android by defaultJaegeuk Kim1-5/+1
Bug: 119875846 Change-Id: Ibff18ea6f92620852222fff4073379ec8afd0e10 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2018-11-05updater: Error out on underrun during patching.Tao Bao1-1/+4
Test: Run recovery_component_test on marlin. Change-Id: If23baf42aeacb48500edabc2eadd2e7119a848da
2018-10-05Use only signed/unsigned numbers with ParseInt/ParseUint respectivelyTom Cherry1-1/+1
Test: build Change-Id: If56b33c9c420237ff441779ba1dbebffd9dae8e3
2018-10-04DO NOT MERGE: Initialize the ZipArchive to zero before parsingTianjie Xu1-1/+1
The fields of the ZipArchive on the stack are not initialized before we call libminzip to parse the zip file. As a result, some random memory location is freed unintentionally when we close the ZipArchive upon parsing failures. Bug: 35385357 Test: recompile and run the poc with asan. Change-Id: I7e7f8ab4816c84a158af7389e1a889f8fc65f079
2018-09-08DO NOT MERGE: Initialize the ZipArchive to zero before parsingTianjie Xu1-1/+1
The fields of the ZipArchive on the stack are not initialized before we call libminzip to parse the zip file. As a result, some random memory location is freed unintentionally when we close the ZipArchive upon parsing failures. Bug: 35385357 Test: recompile and run the poc with asan. Change-Id: I7e7f8ab4816c84a158af7389e1a889f8fc65f079
2018-09-08DO NOT MERGE: Initialize the ZipArchive to zero before parsingTianjie Xu1-1/+1
The fields of the ZipArchive on the stack are not initialized before we call libminzip to parse the zip file. As a result, some random memory location is freed unintentionally when we close the ZipArchive upon parsing failures. Bug: 35385357 Test: recompile and run the poc with asan. Change-Id: I7e7f8ab4816c84a158af7389e1a889f8fc65f079
2018-08-31applypatch: Refactor applypatch().Tao Bao1-69/+57
applypatch() was initially designed for file-based OTA, operating on individual files. It was later extended to allow patching eMMC targets as a whole, in favor of block-based updates. As we have deprecated file-based OTA since Oreo, part of the code in applypatch() has become obsolete. This CL refactors the related functions, by removing the obsolete logic and focusing on eMMC targets. Since this CL substantially changes applypatch APIs, it adds new functions to avoid unintentionally mixing them together. In particular, it removes `applypatch()`, `applypatch_check()`, `applypatch_flash()`, and adds `PatchPartition()`, `PatchPartitionCheck()`, `FlashPartition()` and `CheckPartition()`. It also replaces the old Edify functions `apply_patch()` and `apply_patch_check()` with `patch_partition()` and `patch_partition_check()` respectively. This CL requires matching changes to OTA generation script (in the same topic). Bug: 110106408 Test: Run recovery_unit_test and recovery_component_test on marlin. Test: `m dist` with non-A/B target. Verify /system/bin/install-recovery.sh on device. Test: `m dist` with non-A/B target using BOARD_USES_FULL_RECOVERY_IMAGE. Verify /system/bin/install-recovery.sh on device. Test: Install an incremental OTA with the new updater and scripts. Change-Id: Ia34a90114bb227f4216eb478c22dc98c8194cb7f
2018-08-28Enable c++17 in recovery_defaults.Tao Bao1-23/+23
And add the first few users. Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: Ifdf093d011478b6a1dd0405b0ba48c145b509cc8
2018-08-28Remove otafaultTianjie Xu5-110/+64
Now it's less beneficial to inject I/O faults since we don't see many of them. Remove the library that mocks I/O failures. And switch to android::base I/O when possible. Bug: 113032079 Test: unit tests pass Change-Id: I9f2a92b7ba80f4da6ff9e2abc27f2680138f942c
2018-08-17updater: Add TransferList class.Tao Bao2-0/+118
This would be the top-level class that represents and holds the info parsed from a transfer list file. Bug: 112151972 Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I83b54df9d1411542eeeb8ef4a2db167e97f989c3
2018-08-16updater: Add SourceInfo::{ReadAll,DumpBuffer,Overlaps}.Tao Bao2-0/+96
Bug: 112151972 Test: Run recovery_unit_test on marlin. Change-Id: Ica2a7b3c768f5d8ca5d591a9560bca9f8ed847c5
2018-08-15tests: Move to Android.bp.Tao Bao1-16/+25
Also separate libupdater_defaults out to be shareable. It turns out the `data` property in `cc_test` doesn't follow symlinks as LOCAL_TEST_DATA does in Android.mk. This CL creates a filegroup in top-level Android.bp in order to pick up the testdata for ResourcesTest. Test: `mmma -j bootable/recovery` with aosp_marlin-userdebug Test: Run recovery_{unit,component,manual}_test on marlin. Test: Run recovery_host_test. Change-Id: I4532ab25aeb83c0b0baa8051d5fe34ba7b910a35
2018-08-14Add the hash_tree_info class in CommandTianjie Xu2-1/+93
Add hash_tree_info to represent the hash tree computation arguments in the transfer commands 'compute_hash_tree'. Also add its parsing code in the Command class. Bug: 25170618 Test: unit tests pass Change-Id: Ie8607968377968e8fb3e58d1af0b8ca315e145be
2018-08-13updater: Move libupdater to Soong.Tao Bao2-31/+75
Test: mmma -j bootable/recovery Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I2617b87d13c585addf0ed2fbae8c3ce443ea7200
2018-08-06Add an updater function to compute hash treeTianjie Xu4-18/+132
The new command is part of the transfer.list and allows us to compute the hash tree on non-ab devices. The required arguments for the hash_tree computation are: hash_tree_ranges source_ranges hash_algorithm salt_hex root_hash Bug: 25170618 Test: unit tests pass; run simulator with compute_hash_tree Change-Id: I8ff0d582cc8adabb8a060db7845f38b35b28e62c
2018-07-13applypatch: Consolidate CacheSizeCheck() and MakeFreeSpaceOnCache().Tao Bao2-4/+4
They are doing exactly the same thing, except for the slightly different error return value (1 vs -1). int CacheSizeCheck(size_t bytes); int MakeFreeSpaceOnCache(size_t bytes_needed); This CL consolidates the two functions and uses bool as its return type. // Checks whether /cache partition has at least 'bytes'-byte free space. Returns true immediately // if so. Otherwise, it will try to free some space by removing older logs, checks again and // returns the checking result. bool CheckAndFreeSpaceOnCache(size_t bytes); Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I94a96934d2b18713f8f39ad5aa96a02c98d87963
2018-07-10updater: Let read_file() return Value::Type::STRING.Tao Bao1-5/+5
It used to return a Value blob to be consumed by sha1_check() (which has been deprecated). Currently there's no other generic updater function that works with BLOB Values. This CL changes read_file() to return a string Value to make it more useful (e.g. allowing equality check). Test: Run recovery_component_test and recovery_unit_test on marlin. Change-Id: Iba986ba649030112babefe898f26aa9ffe69eeb7
2018-07-10edify: Rename parse_string to ParseString and let it take std::string.Tao Bao1-1/+1
Also simplify the helper function expect() in {edify,updater}_test.cpp. Test: Run recovery_component_test on marlin. Change-Id: If54febba4b5013f6d71546318a1ca6b635204ac8
2018-07-10edify: Remove VAL_INVALID and move ValueType into Value class.Tao Bao2-21/+22
Test: mmma -j bootable/recovery Test: Run recovery_component_test and recovery_unit_test on marlin. Change-Id: I4b240e3e771c387b9694be9c0f2f74e0265ab4cb
2018-07-09updater: Remove the support for sha1_check().Tao Bao1-49/+1
The matching edify function has been removed from EdifyGenerator [1]. In theory device-specific releasetools script may still use this function, but it no longer looks useful. Because a) we should use range_sha1() when asserting the SHA-1 hash of a block device; b) we should look into the contents when asserting a text file. [1] https://android-review.googlesource.com/c/platform/build/+/714104 Test: Run recovery_component_test on marlin. Test: Code search shows no active user. Change-Id: Id39439101534fb89cf8c5cea80a4b758c8a1a60d
2018-07-07updater: Add ABORT command.Tao Bao3-1/+35
This will be used for testing purpose only, replacing the previously used "fail", to intentionally abort an update. As we're separating the logic between commands parsing and execution, "abort" needs to be considered as a valid command during the parsing. Test: recovery_unit_test and recovery_component_test on marlin. Change-Id: I47c41c423e62c41cc8515fd92f3c5959be08da02
2018-07-03No longer print hash for stashed blocks during verification of retryTianjie Xu1-1/+3
During block verification, load stash reads from the source blocks on the device instead of the stashed files. And for interrupted update, it's pretty common that the source blocks has already been overwritten by subsequent commands. In that case the hash printing is mostly useless. Moreover we should have already printed the hash when the first update failed. Bug: 80241799 Test: Unit tests pass. No longer prints mismatching stashed source blocks on retry. Change-Id: I4effe684280b0325199f6cc4b2cc26e91295c2d7
2018-06-25updater: Check the number of args in Command::Parse.Tao Bao1-9/+16
Additionally checks for excess args when parsing ERASE, FREE, NEW, STASH and ZERO. Note that the check for MOVE, BSDIFF, IMGDIFF has been covered in Command::ParseTargetInfoAndSourceInfo. Test: Run recovery_unit_test on marlin. Change-Id: Ic8bc9b7a8dcf98f1f8db2e259607564508726857
2018-06-25updater: Add Command parsing codes.Tao Bao3-17/+521
The added codes are not used in the updater yet. The switch will happen in subsequent CLs. Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I1ae8a233280f02c2171b43ef028bdccdacb39c59
2018-06-20applypatch: {Load,Save}FileContents and ParseSha1 take std::string.Tao Bao1-1/+1
Test: mmma -j bootable/recovery Test: Run recovery_component_test on marlin. Change-Id: Ifcf244346a88dac833d91b169a4c2aee1fe677f1
2018-06-20e2fsdroid and mke2fs are dynamic executable in recovery partitionJiyong Park1-4/+4
The two utilities are now converted to dynamic executables as shared libraries are supported in recovery mode. As part of the conversion, their location has moved from /sbin to /system/bin. Reflect the change in the program 'recovery' Bug: 79146551 Test: adb reboot recovery, and select 'Wipe data/factory reset'. The data partition is formatted and there is no selinux denial. Change-Id: Ie7cfc4c50ab1e6767e4a5170533ccf826ec7d7f3
2018-06-18updater: Defer the creation of the new data writer.Tao Bao1-24/+24
This avoids leaving the created new data writer thread unjoined, in the presence of transfer list parsing errors, or the early exit case on `total_blocks == 0`. Also fix a minor issue when dumping the errno on pthread_create error (pthread_create returns the error number, as opposed to setting errno). Test: Run recovery_component_test on marlin. Change-Id: Icfac27fef0c64736eb8c76264da73c223b4960cb
2018-06-08updater: Drop the 'overlap' parameter in LoadSrcTgtVersion3().Tao Bao1-12/+10
Test: Run recovery_component_test on marlin. Change-Id: I93afca891c5c9c1a351c907b023cd20c4704a66a
2018-06-07updater: Remove the redundant check on line count.Tao Bao1-9/+3
Test: recovery_component_test on marlin. Change-Id: I2ac2bd47469d1aec8a97a8c4ed0fe80ffd65c95b
2018-06-05updater: Replace the reference arguments with pointers.Tao Bao1-102/+101
As suggested by the style guide (https://google.github.io/styleguide/cppguide.html#Reference_Arguments), all parameters passed by reference must be labeled const. This CL moves most of the non-const references in blockimg.cpp to pointers, except for the CommandParameters& parameter in PerformCommand* functions, which will be handled in separate CLs. Test: mmma -j bootable/recovery Test: Run recovery_component_test on marlin. Change-Id: I84299208e9a1699f5381fb2228d4120f0c8dacb3
2018-06-04tests: Add ResumableUpdaterTest.Tao Bao1-0/+1
This is a stress test that instantiates multiple testcases that interrupt a BBOTA update at every transfer command. Each testcase asserts the last_command_file after the interruption, verifies the update resumability, then resumes the update and asserts the updated image. The transfer list in the testcase covers most of the transfer commands (stash/free/move/bsdiff/zero/new), as well as some special pattern like having duplicate stash ids. This CL also addresses one issue in the updater code, by resetting the stash_map before each run. The stash map should be valid only per block_image_verify/block_image_update run. Having leftover may cause issue in subsequent runs, in particular when calling block_image_verify after a previous run of block_image_{update,verify}. Test: Run recovery_component_test on marlin. Change-Id: I6f9a0368d194a754ce41a9c9819c6d5be2657248
2018-05-31updater: Drop the 'blocks' parameter in LoadStash().Tao Bao1-15/+8
None of the callers actually uses the value. (Even in the earlier versions, e.g. the one in M, the value wasn't used either.) Test: Run recovery_component_test on marlin. Change-Id: I53e61a1afa211f71a200889ed3aa4046763b46ea
2018-05-26updater: Add Commmand class to manage BBOTA commands.Tao Bao4-63/+133
Move the commands map parsing out of PerformBlockImageUpdate(), as this can be done more easily by the caller. The goal (not done in this CL) is to decouple command parsing logic from the performers. This allows (a) focusing on the command logic in the performer; and (b) extending BBOTA commands syntax separately. Test: Run recovery_unit_test and recovery_component_test. Change-Id: Ife202398a7660b152d84a3ba17b90f93d19c55f2
2018-05-22updater: Use a bool to indicate if allowed to skip a command.Tao Bao1-22/+17
This avoids the signedness issue, and makes the code more readable. Test: mmma bootable/recovery Test: Run recovery_component_test. Change-Id: I01c3a0357887cfd7c9d4aba4239ef650cfa18388
2018-05-21updater: Clean up the header lines computation.Tao Bao1-6/+4
It no longer needs to be conditional, as we've removed the support for BBOTA v1/v2. Test: mmma bootable/recovery Change-Id: I881de8afa38cc5b41b48e6d48d85170699ea5eb4
2018-05-16Last command file should be updated after a command finishesTianjie Xu1-11/+7
The last command file has the last executed stash command by convention. So we should update the file after we actually finishes executing the command; instead of after loading src/tgt. Bug: 79756267 Test: unit tests pass Change-Id: I4535b5836e7eb13b3abe3d02f9f362ec5e9ec969
2018-05-08updater: Fix an issue when resuming an update.Tao Bao1-3/+6
We cannot skip "new" commands while resuming an update with last_command_file, because they read in the data sequentially from the package. Bug: 69858743 Test: Interrupt an update that has new commands. Check the update log. Change-Id: I05fb67246f5ea3ba2a0f78f10255c0d9b0bc2f5a
2018-05-08updater: Skip an updated partition on retry.Tao Bao1-39/+77
Prior to the change, the BBOTA updater would try to re-run all the commands for a given partition on retry, including creating stashes according to the list of commands. This could fail a retry when the previous update had moved on to next stage, with leftovers in /cache. This CL creates a marker on /cache upon successfully updating a partition. The update commands will be skipped when trying to apply updates on an updated partition. Note that the marker is expected to be removed while doing a normal boot (in particular, handled by RecoverySystem#handleAftermath). If that didn't happen, the updater would also remove the marker before starting next fresh update. Alternatively, we can achieve the same goal by changing the OTA script, which needs to additionally compare the checksum against the target build. For example, range_sha1("/system", "ranges") == SHA1_of_updated_system || block_image_update("/system"); The downside is that we need to pay that cost on each install, as the edify script doesn't support caching the result in a variable. Bug: 79165963 Test: Simulate the process on device (by triggering a reboot while updating /vendor). Check the update log and result. Change-Id: I731031fa336133e1221b33edfc469969706e8091
2018-05-04Move reboot() from common.h into otautil/sysutil.h.Tao Bao1-6/+2
This breaks the dependency on common.h (which belongs to recovery/librecovery) from librecovery_ui. reboot() is now owned by libotautil, which is expected to be a leaf node to be depended on. With the change, recovery and updater also share the same reboot() code now. Test: mmma -j bootable/recovery Change-Id: I1cc5d702cfe49302048db33d31c9c87ddc97ac71
2018-05-04otautil: Rename dir/sys/thermal utils.Tao Bao2-3/+3
Test: mmma -j bootable/recovery Change-Id: I32ab98549e91f993364306e4a88dc654221b3869
2018-04-28Merge libmounts into libotautil.Tao Bao2-8/+5
Export its header (mounts.h) from there, and drop the dot dot dependency from libupdater / updater. Test: mmma bootable/recovery Test: recovery_component_test Change-Id: Ic26a6b9b78a34dbe1f178b138f3abaafffbec44c
2018-04-26Rename CacheLocation to Paths.Tao Bao2-18/+13
We have a general need for overriding more paths (e.g. "/tmp"), mostly for testing purpose. Rename CacheLocation to Paths, and use that to manage TEMPORARY_{INSTALL,LOG}_FILE. Test: mmma -j bootable/recovery Test: recovery_component_test Change-Id: Ia8ce8e5695df37ca434f13ac4d3206de1e8e9396
2018-04-25updater: Remove an unneeded strdup().Tao Bao1-1/+1
StringValue() makes a copy of the arg. Test: mmma bootable/recovery Change-Id: I1002994e7496c840aa05c785019bdeca281f467e
2018-04-20applypatch: Drop the SHA_CTX parameter in Apply{BSDiff,Image}Patch.Tao Bao1-3/+2
As they're accepting the SinkFn callback, it makes more sense to leave the work to their callers. Test: mmma -j bootable/recovery Test: Run recovery_component_test on marlin. Test: No other active user of the two functions. Change-Id: I8d67b38ce037925442296f136b483e0c71983777
2018-04-06recovery: enable fsverity feature bitJaegeuk Kim1-6/+4
Bug: 74604441 Bug 67380979 Change-Id: Iab1cc9aef356f0ddf6e2491578a2bd53009182ce Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2018-04-05install: mkfs.f2fs: specify sector size for target image sizeJaegeuk Kim1-0/+2
The total sectors that we want to format is used in different meanings from various users. This notifies its size based on 512 bytes explicitly. Bug: 76407663 Change-Id: I20687b40a1733d3b459a45f8b64a338c37a7bc95 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2018-04-05install: mkfs.f2fs: specify sector size for target image sizeJaegeuk Kim1-0/+2
The total sectors that we want to format is used in different meanings from various users. This notifies its size based on 512 bytes explicitly. Bug: 76407663 Change-Id: I20687b40a1733d3b459a45f8b64a338c37a7bc95 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2018-03-08Set the update locations to default in CacheLocation's constructorTianjie Xu1-4/+0
Otherwise the applypatch executable will fail to back up the source file to /cache when patching the recovery image. Bug: 74198354 Test: run applypatch from boot to recovery (cherry picked from commit b4e3a370bf6fe2bbb6ad8e33d16ce3210595aaef) Change-Id: I37b7fd88d66ab49ef953d4b7dca22577bd1472e1
2018-03-08Set the update locations to default in CacheLocation's constructorTianjie Xu1-4/+0
Otherwise the applypatch executable will fail to back up the source file to /cache when patching the recovery image. Bug: 74198354 Test: run applypatch from boot to recovery Change-Id: I6e5b9cd06d6ed0b26066b779a348437ecf984b92
2018-02-28Add a singleton CacheLocation to replace the hard coded locationsTianjie Xu3-5/+10
This class allows us to set the following locations dynamically: cache_temp_source, last_command_file, stash_directory_base. In the updater's main function, we reset the values of these variables to their default locations in /cache; while we can set them to temp files in unit tests or host simulation. Test: unit tests pass Change-Id: I528652650caa41373617ab055d41b1f1a4ec0f87
2018-02-28Fix the behavior of undefined commands in BlockImageVerifyTianjie Xu1-2/+4
In BlockImageVerify some commands are undefined, e.g. "erase", "new", "zero". And we should not error out if the corresponding function pointer of these commands is null; otherwise we will fail the verification. The old code is: if (cmd->f != nullptr && cmd->f(params) == -1) return false; In the last_command_file change the logic was wrongly modified to if (cmd->f == nullptr) return false; ... if (cmd->f(params) == -1) return false; Test: sideload an incremental OTA twice on bullhead Change-Id: I2561c365badb850da0e416629ccd61f0df7da5d7
2018-02-12Reorder the functions in updater/install.cppTianjie Xu1-239/+244
There is no logical change to the file; merely the function definition reorder and some comestic change to make the future review easier. Test: mma Change-Id: I7ffe952f8c78e840f10aa6bfad0c4b5a58e29896
2018-02-07Log the last command to cacheTianjie Xu2-9/+175
When performing an update, save the index and cmdline of the current command into the last command file if this command writes to the stash either explicitly of implicitly. This mitigates the overhead to update the last command file for every command. I ran a simple test on angler and the time to update 1000 times is ~2.3 seconds. Upon resuming an update, read the saved index first; then 1. In verification mode, check if all commands before the saved index have already produced the expected target blocks. If not, delete the last command file so that we will later resume the update from the start of the transfer list. 2. In update mode, skip all commands before the saved index. Therefore, we can avoid deleting stashes with duplicate id unintentionally; and also speed up the update. If an update succeeds or is unresumable, delete the last command file. Bug: 69858743 Test: Unittest passed, apply a failed update with invalid cmd on angler and check the last_command content, apply a failed update with invalid source hash and last_command is deleted. Change-Id: Ib60ba1e3c6d111d9f33097759b17dbcef97a37bf
2018-01-29Avoid overwrite of the error message in AbortFnTianjie Xu2-15/+15
The AbortFn() used to overwrite the error message, hiding the real failure reported in ErrorAbort(). And we will miss the failure in the script patterns like 'blockimageupdate() || abort()' We will ensure there's one line break at the end of ErrorAbort's error message; and append to the existing error message when calling abort(). Test: Message from ErrorAbort shows up in the log Change-Id: I3aebd06629c5129330250c7fe5e8cdead2ae85bc
2017-12-05add sload.f2fs for recovery formatJaegeuk Kim1-0/+9
Change-Id: Iddfe54b2b36f2d531925cbe61c98dbfb4903c0d1 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2017-12-01Detect interrupted update due to power offTianjie Xu1-1/+5
An interrupted update may stash extra blocks in /cache, leading to a failure when checking the cache size. We can save the incremented retry_count in the BCB before installing the update; and distinguish a fresh update from an interrupted one this way. Bug: 68679601 Test: An interrupted update reapplies successfully. Change-Id: Ic1403e1fd25a937c91ef34c14b92a0f6c8f1c0f4
2017-11-13recovery: format f2fs with encrypt/quotaJaegeuk Kim1-4/+10
Change-Id: Ia393b7b78b45f09964449ec0e255aa26bb3b8ddf Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2017-11-10applypatch: Change the patch parameter to const Value& in Apply{BSDiff,Image}Patch.Tao Bao1-2/+2
It used to be "const Value*", but nullptr won't be a valid input. Test: recovery_host_test; recovery_component_test Change-Id: I904b5689ac3e64504088bf0544c9fb5d45a52243
2017-11-07otautil: Remove the aborts in RangeSet::Parse().Tao Bao1-1/+19
We used to CHECK and abort on parsing errors. While it works fine for the updater use case (because recovery starts updater in a forked process and collects the process exit code), it's difficult for other clients to use RangeSet as a library (e.g. update_verifier). This CL switches the aborts to returning empty RangeSet instead. Callers need to check the parsing results explicitly. The CL also separates RangeSet::PushBack() into a function, and moves SortedRangeSet::Clear() into RangeSet. Test: recovery_unit_test Test: Sideload an OTA package with the new updater on angler. Test: Sideload an OTA package with injected range string errors. The updater aborts from the explicit checks. Change-Id: If2b7f6f41dc93af917a21c7877a83e98dc3fd016
2017-11-03recovery: remove make_ext4fs from updaterJin Qian1-9/+2
Bug: 64395169 Change-Id: I6f6a4f82b225435c6ad5c828e110fa135e6f7579
2017-11-02recovery: remove make_ext4fs from updaterJin Qian1-9/+2
Bug: 64395169 Change-Id: I6f6a4f82b225435c6ad5c828e110fa135e6f7579
2017-10-20Finish the new data receiver when update failsTianjie Xu1-16/+41
The thread to receive new data may still be alive after we exit PerformBlockImageUpdate() upon failures. This caused memory corruption when we run the unittest repeatedly. Set the receiver_available flag to false and make sure the receiver exits when the update fails. Bug: 65430057 Test: unittests passed with tsan Change-Id: Icb232d13fb96c78262249ffbd29cdbe5b77f1fce
2017-10-12Drop -Wno-unused-parameter.Tao Bao1-2/+0
The only one left is libedify. Will handle that in a separate CL. Test: mmma bootable/recovery Change-Id: I732a5f85229da90fd767bee2e46c5c95f529c396
2017-10-11Move rangeset.h and print_sha1.h into otautil.Tao Bao2-4/+4
Also drop the "bootable/recovery" path in LOCAL_C_INCLUDES from applypatch modules. Test: lunch aosp_{angler,bullhead,fugu,dragon,sailfish}-userdebug; mmma bootable/recovery Change-Id: Idd602a796894f971ee4f8fa3eafe36c42d9de986
2017-10-09Revert "Revert "Move error_code.h into otautil.""Tao Bao3-3/+3
This reverts commit 26436d6d6010d5323349af7e119ff8f34f85c40c to re-land "Move error_code.h into otautil.". This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". This CL needs to land with device-specific module changes (e.g. adding the dependency on libotautil). Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug; mmma bootable/recovery Change-Id: If193241801af2dae73eccd31ce57cd2b81c9fd96
2017-10-05Don't include "error_code.h" in edify/expr.h.Tao Bao1-0/+1
Use forward declartion to avoid pull in the module that contains error_code.h (trying to move it into libotautil). Otherwise all the modules that include "edify/expr.h" need to depend on the module that exports error_code.h. .cpp sources should include "error_code.h" explicitly to use the enums. Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug; mmma bootable/recovery Change-Id: Ic82db2746c7deb866e8cdfb3c57e0b1ecc71c4dc
2017-10-05Revert "Move error_code.h into otautil."Tao Bao2-2/+2
This reverts commit 623fe7e701d5d0fb17082d1ced14498af1b44e5b. Reason for revert: Need to address device-specific modules. Change-Id: Ib7a4191e7f193dfff49b02d3de76dda856800251
2017-10-04Move error_code.h into otautil.Tao Bao2-2/+2
This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". Test: mmma bootable/recovery Change-Id: Ia4649789cef2aaeb2785483660e9ea5a8b389c62
2017-09-29otafault: Move headers under otafault/.Tao Bao3-3/+3
Test: mmma bootable/recovery Change-Id: I3ceb72f703c7c2857d656c137d71baa1fccd8238
2017-08-29Turn on -Wall for recovery modulesTianjie Xu1-0/+2
Turn on -Wall for all modules. Also remove the obsolete file_cmp() in apply_patch test and now() in wear_ui. The only exception is lib_edify due to the unused functions in the intermediate cpp files generated from the lex files. It will be handled in a seperate CL. Bug: 64939312 Test: mma, unit tests pass Change-Id: Ic53f76b60b6401ab20db3d98130d674c08e3702f
2017-08-19Move Image/ImageChunk/PatchChunk declaration into header filesTianjie Xu2-279/+1
1. Move the declaration of the Image classes to the header file to make testing easier. 2. Also move rangeset.h to bootable/recovery to allow access in imgdiff. Test: recovery component test Change-Id: I68a863e60a3f2e7ae46ee48f48eb15391f5f4330
2017-08-01Add implemention of SortedRangeSetTianjie Xu1-1/+115
This is useful in imgdiff to maintain the block ranges of splitted source image. Bug: 34220646 Test: mma && unit tests pass Change-Id: I6427f2ea50f0e3b0aa3dd01880ec0206679b7429
2017-07-25updater: Remove dead make_parents().Tao Bao1-28/+0
Its former callers in RenameFn() and SymlinkFn() have been removed in commit 63d786cf22cb44fe32e8b9c1f18b32da3c9d2e1b. Test: mmma -j bootable/recovery Change-Id: I26ed126202554fc5840811ec7ae162da70593213
2017-07-23Remove the obsolete reference to /file_contexts.Tao Bao1-2/+1
This file no longer exists: - /file_contexts has been split into plat_file_contexts and nonplat_file_contexts since commit b236eb6ca204cefcb926e19bd5682f9dcad4021d (system/sepolicy). - It was named /file_contexts.bin prior to the split. '-S file_contexts' is also no longer required by e2fsdroid, since commit 2fff6fb036cbbb6dedd7da3d208b312a9038a5ce (external/e2fsprogs). It will load the file contexts via libselinux. Test: Trigger the path by performing a data wipe for converting to FBE. Change-Id: I179939da409e5c0415ae0ea0bf5ddb23f9e6331e (cherry picked from commit 7af933b6a6fd687bd17710ef6fda0ad5483e4d6d)
2017-07-22Fix a case when brotli writer fails to write last few blocks of dataTianjie Xu1-94/+81
receive_new_data may exit too early if the zip processor has sent all the raw data. As a result, the last few 'new' commands will fail even though the brotli decoder has more output in its buffer. Restruct the code so that 'NewThreadInfo' owns the decoder state solely; and receive_brotli_new_data is responsible for the decompression. Also reduce the test data size to 100 blocks to avoid the test timeout. Bug: 63802629 Test: recovery_component_test. on bullhead, apply full updates with and w/o brotli compressed entries, apply an incremental update. Change-Id: Id429b2c2f31951897961525609fa12c3657216b7 (cherry picked from commit 6ed175d5412deeaec9691f85757e45452407b8e3)
2017-07-21Fix a case when brotli writer fails to write last few blocks of dataTianjie Xu1-94/+81
receive_new_data may exit too early if the zip processor has sent all the raw data. As a result, the last few 'new' commands will fail even though the brotli decoder has more output in its buffer. Restruct the code so that 'NewThreadInfo' owns the decoder state solely; and receive_brotli_new_data is responsible for the decompression. Also reduce the test data size to 100 blocks to avoid the test timeout. Bug: 63802629 Test: recovery_component_test. on bullhead, apply full updates with and w/o brotli compressed entries, apply an incremental update. Change-Id: I9442f2536b74e48dbf7eeb062a8539c82c6dab47
2017-07-20recovery: replace make_ext4 with e2fsprogsJin Qian1-2/+25
Execute mke2fs to create empty ext4 filesystem. Execute e2fsdroid to add files to filesystem. Test: enter recovery mode and wipe data Bug: 35219933 Change-Id: I10a9f4c1f4754ad864b2df45b1f879180ab33876 (cherry picked from commit ac31808cd37cfb98755e5821dbb2efb5fe5cb12a)
2017-07-13Remove the obsolete reference to /file_contexts.Tao Bao1-2/+1
This file no longer exists: - /file_contexts has been split into plat_file_contexts and nonplat_file_contexts since commit b236eb6ca204cefcb926e19bd5682f9dcad4021d (system/sepolicy). - It was named /file_contexts.bin prior to the split. '-S file_contexts' is also no longer required by e2fsdroid, since commit 2fff6fb036cbbb6dedd7da3d208b312a9038a5ce (external/e2fsprogs). It will load the file contexts via libselinux. Test: Trigger the path by performing a data wipe for converting to FBE. Change-Id: I179939da409e5c0415ae0ea0bf5ddb23f9e6331e
2017-07-08Add support to decompress brotli compressed new dataTianjie Xu2-32/+144
Add a new writer that can decode the brotli-compressed system/vendor new data stored in the OTA zip. Brotli generally gives better compression rate at the cost of slightly increased time consumption. The patch.dat is already compressed by BZ; so there's no point to further compress it. For the given 1.9G bullhead system image: Size: 875M -> 787M; ~10% reduction of package size. Time: 147s -> 153s; ~4% increase of the block_image_update execution time. (I guess I/O takes much longer time than decompression.) Also it takes 4 minutes to compress the system image on my local machine, 3 more minutes than zip. Test: recovery tests pass && apply a full OTA with brotli compressed system/vendor.new.dat on bullhead Change-Id: I232335ebf662a9c55579ca073ad45265700a621e
2017-06-27recovery: replace make_ext4 with e2fsprogsJin Qian1-2/+25
Execute mke2fs to create empty ext4 filesystem. Execute e2fsdroid to add files to filesystem. Test: enter recovery mode and wipe data Bug: 35219933 Change-Id: I10a9f4c1f4754ad864b2df45b1f879180ab33876 Merged-In: I10a9f4c1f4754ad864b2df45b1f879180ab33876
2017-06-19recovery: replace make_ext4 with e2fsprogsJin Qian1-2/+25
Execute mke2fs to create empty ext4 filesystem. Execute e2fsdroid to add files to filesystem. Test: enter recovery mode and wipe data Bug: 35219933 Change-Id: I10a9f4c1f4754ad864b2df45b1f879180ab33876
2017-06-15Fix "No file_contexts" warningJeff Vander Stoep1-3/+3
Fixed by Loading the file_contexts specified in libselinux, whereas previously recovery loaded /file_contexts which no longer exists. Bug: 62587423 Test: build and flash recovery on Angler. Warning is gone. Test: Wipe data and cache. Test: sideload OTA Change-Id: I11581c878b860ac5f412e6e8e7acde811f37870f (cherry picked from commit 2330dd8733ce0b207058e3003a3b1efebc022394)
2017-06-15Fix "No file_contexts" warningJeff Vander Stoep1-3/+3
Fixed by Loading the file_contexts specified in libselinux, whereas previously recovery loaded /file_contexts which no longer exists. Bug: 62587423 Test: build and flash recovery on Angler. Warning is gone. Test: Wipe data and cache. Test: sideload OTA Change-Id: I11581c878b860ac5f412e6e8e7acde811f37870f
2017-05-24Retry the update if ApplyBSDiffPatch | ApplyImagePatch failsTianjie Xu2-0/+6
We have seen one case when bspatch failed likely due to patch corruption. Since the package has passed verification before, we want to reboot and retry the patch command again since there's no alternative for users. We won't delete the stash before reboot, and the src has passed SHA1 check. If there's an error on the patch, it will fail the package verification during retry. Bug: 37855643 Test: angler reboots and retries the update when bspatch fails. Change-Id: I2ebac9621bd1f0649bb301b9a28a0dd079ed4e1d
2017-05-24kill package_extract_dirTianjie Xu1-32/+0
It's only used by file-based OTA which has been deprecated for O. Test: mma Change-Id: I439c93155ca94554d827142c99aa6c0845cc7561
2017-05-12updater: Update the mkfs.f2fs argument to match f2fs-tools 1.8.0.Tao Bao1-3/+5
Commit adeb41a8c0da3122a2907acb4aafd7ff9bce26af has switched the argument for recovery. This CL handles the case for updater. Note that there's a chance the updater may run against the old recovery (and f2fs 1.4.1 binary). Not sending a 0-sector argument to f2fs 1.4.1 also works. Bug: 37758867 Test: Make an OTA package that calls format f2fs, with mkfs.f2fs 1.8.0 and 1.4.1 binaries respectively. Change-Id: I4d4bbe8c57544d1c514b7aa37fbf22a0aab14e2c
2017-05-03Add a default error code when updater script abortsTianjie Xu1-7/+9
We didn't report error/cause codes unless there's an explict "Abort()" call inside the updater script. As a result, some cause codes set by ErrorAbort() didn't show up in last_install. To fix the issue, add a default error code when the script terminates abnormally (i.e. with non zero status). Bug: 37912405 Test: error/cause code shows up in last_install when argument parsing fails Change-Id: Ic6d3bd1855b853aeaa0760071e593a00cf6f0209
2017-05-02Move sysMapFile and sysReleaseMap into MemMapping class.Tao Bao1-2/+1
Test: recovery_component_test Test: recovery_unit_test Test: Apply an OTA on angler. Change-Id: I7170f03e4ce1fe06184ca1d7bcce0a695f33ac4d
2017-04-28Adding support for quiescent reboot to recoveryDmitri Plotnikov1-1/+4
Bug: 37401320 Test: build and push OTA and hit adb reboot recovery,quiescent. The screen should remain off throughout the upgrade process. (cherry picked from commit 8706a98aa635236a95795f0a0c122bb3e591a50d) Change-Id: I79789a151f6faafda8ecc6198c2182cc2a91da70
2017-04-19Adding support for quiescent reboot to recoveryDmitri Plotnikov1-1/+4
Bug: 37401320 Test: build and push OTA and hit adb reboot recovery,quiescent. The screen should remain off throughout the upgrade process. Change-Id: Ibed3795c09e26c4fa73684d40b94e40c78394d3f
2017-04-08Abort the update if there's not enough new dataTianjie Xu1-4/+26
Right now the update stuck in a deadlock if there's less new data than expection. Add some checkers and abort the update if such case happens. Also add a corresponding test. Bug: 36787146 Test: update aborts correctly on bullhead && recovery_component_test passes Change-Id: I914e4a2a4cf157b99ef2fc65bd21c6981e38ca47
2017-04-03Change the internal representation in RangeSet.Tao Bao2-233/+284
This CL makes the following changes to RangeSet: - Uses std::pair<size_t, size_t> to represent a Range; - Uses std::vector<Range> to represent a RangeSet; - Provides const iterators (forward and reverse); - Provides const accessor; - 'blocks()' returns the number of blocks (formerly 'size'); - 'size()' returns the number of Range's (formerly 'count'). Test: recovery_unit_test Test: Apply an incremental update with the new updater. Change-Id: Ia1fbb343370a152e1f7aa050cf914c2da09b1396
2017-03-31updater: Keep the parsed parameters in std::unique_ptr.Tao Bao1-160/+157
We don't need to take raw pointers out of the parsed arguments. std::unique_ptr handles the dereferencing automatically. Test: mmma bootable/recovery Change-Id: I1beabf6e04dc350bdad7b36cee5fb345c82b28f2
2017-03-31Move parse_range() and range_overlaps() into RangeSet.Tao Bao2-110/+113
Also move RangeSet into a header file to make it testable, and add unit tests. In RangeSet::Parse() (the former parse_range()), use libbase logging to do assertions. This has the same effect as the previous exit(EXIT_FAILURE) to terminate the updater process and abort an update. The difference lies in the exit status code (i.e. WEXITSTATUS(status) in install.cpp), which changes from 1 (i.e. EXIT_FAILURE) to 0. Test: recovery_unit_test Test: Apply an incremental update with the new updater. Change-Id: Ie8393c78b0d8ae0fd5f0ca0646d871308d71fff0
2017-03-30updater: Don't append newline when calling uiPrint().Tao Bao2-9/+10
LOG(INFO) already appends a newline. Don't print redundant newline. Test: No extra blank lines when calling ui_print(). And on-screen UI shows the same. Change-Id: I74e9a8504a7146a6cb3dae02fe2406d0dd54069b
2017-03-29updater: Move RangeSinkWrite into RangeSinkState.Tao Bao1-164/+146
Then rename RangeSinkState to RangeSinkWriter. RangeSinkWriter reads data from the given FD, and writes them to the desination RangeSet. Test: Apply an incremental with the new updater. Change-Id: I5e3ab6fc082efa1726562c55b56e2d418fe4acaf
2017-03-28applypatch: Let Apply{BSDiff,Image}Patch accept std::function.Tao Bao1-75/+76
Test: mmma bootable/recovery system/update_engine Test: recovery_component_test Change-Id: I93c2caa87bf94a53509bb37f98f2c02bcadb6f5c
2017-03-28applypatch: Change the ssize_t length parameters to size_t.Tao Bao1-41/+40
Mostly for applypatch family APIs like ApplyBSDiffPatch() and ApplyImagePatch(). Changing to size_t doesn't indicate they would necessarily work with very large size_t (e.g. > ssize_t), just similar to write(2). But otherwise accepting negative length doesn't make much sense. Also change the return type of SinkFn from ssize_t to size_t. Callers tell a successful sink by comparing the number of written bytes against the desired value. Negative return values like -1 are not needed. This also makes it consistent with bsdiff::bspatch interface. Test: recovery_component_test Test: Apply an incremental with the new updater. Change-Id: I7ff1615203a5c9854134f75d019e266f4ea6e714
2017-03-28updater: Clean up LoadSrcTgtVersion2().Tao Bao1-146/+143
Rename to LoadSourceBlocks() by moving the target blocks parsing part into the caller. This allows detecting whether the target blocks have already had the expected data before loading the source blocks. It doesn't affect anything when applying an update package for the first time, but it skips loading the unneeded source blocks when resuming an update. It additionally avoids unnecessarily dumping the "corrupt" source/stash blocks when resuming an update. Bug: 33694730 Test: Apply an incremental update with the new updater. Test: Resume an incremental update with the new updater. Change-Id: I794fd0d1045be7b3b7f8619285dc0dade01398d0
2017-03-24updater: Remove some redundant arguments.Tao Bao1-78/+65
Clean up a few functions that take CommandParameters& as the first parameter. We don't need to take duplicate arguments if they always come from CommandParameters. This redundancy came from the point we replaced strtok()s (commit baad2d454dc07ce916442987a2908a93fe6ae298). Test: Apply an incremental update with the new updater. Change-Id: I2912b8ce6bc7580bf7f566e125f12270e679e155
2017-03-24updater: Drop the support for BBOTA v1 and v2.Tao Bao1-398/+330
The script support for BBOTA v1 and v2 has been dropped in commit 8fad03e7712082eb880ffaaffb69eb13252ce220 (platform/build). Bug: 33694730 Test: Apply an incremental with the new updater. Test: recovery_component_test Change-Id: I038b1bf8d10f030cab8ec0aa6ee565c5a9545dfd
2017-03-23Removed C-style castsMikhail Lappo1-1/+1
In c++ code would be cleaner to use c++ retinterpret cast instead of old c-style notation Change-Id: Ibeef5e0c374addf108c0a8876a6be45063d8e396
2017-03-23Redundant checking of STL container elementMikhail Lappo1-3/+1
As of C++ specification size_type erase( const key_type& key ); removes the element (if one exists). There is no need to perform the check twice. Change-Id: I4b057c08526abc7c2a483a60f9e166e4d8f56a74
2017-03-23Fixed scanf modifierMikhail Lappo1-1/+1
Scanf expectation is to have same type of pointer to store parsed value and modifier in format string
2017-03-23updater: Fix the broken case for apply_patch_check().Tao Bao1-1/+1
It's valid to provide only 1 argument to apply_patch_check(). We shouldn't fail the argument parsing. Bug: 36541737 Test: recovery_component_test passes. Test: recovery_component_test captures the failure without the fix. Test: The previously failed update applies successfully. Change-Id: Iee4c54ed33b877fc4885945b085341ec5c64f663
2017-03-22Remove malloc in edify functionsTianjie Xu3-125/+173
And switch them to std::vector & std::unique_ptr Bug: 32117870 Test: recovery tests passed on sailfish Change-Id: I5a45951c4bdf895be311d6d760e52e7a1b0798c3
2017-03-22Fix the permission of stashed blocks created by updaterTianjie Xu1-0/+12
Our updater created the stashes with root permission. This causes an access denial when the RecoverySystem service tries to clean up these blocks after a failing update. As a result, the subsequent OTA updates may fail due to insufficient cache space. Bug: 36457133 Test: stashed blocks cleaned successfully after reboot Change-Id: If0ca99638cdfa1033646f29d9cc92b5ff1bacac1
2017-03-22Fix updater include generation w/installcleanDan Willemsen1-16/+4
Since this was putting the intermediate file in obj/PACKAGING, every installclean was removing it and triggering updater to rebuild. Instead, use the standard generated-sources-dir. The dep file can also be removed now that ninja will re-run the generator if the command line changes. Test: m -j updater; m installclean; m -j updater Test: Only change to aosp_fugu updater before/after is the debug info Change-Id: I20928bd2049d4a3d4e21f83fd64d16cfdc541958
2017-03-17Revert "Revert "Print SHA-1 in hex for corrupted blocks""Tianjie Xu1-6/+140
This reverts commit 90eff6a340f9983792d700df3b1ea0203aced207. Also fix the bug where stashed blocks are not freed. Bug: 21124445 Test: Previous failed update succeeded on bullhead Change-Id: I23d232331a2beb51b6dcc82c957c87bc247d0268
2017-03-16updater: Minor clean up to EnumerateStash().Tao Bao1-73/+50
Test: Apply an incremental BBOTA package with the new updater. Test: Resume an interrupted BBOTA (so it cleans up the partial stash). Change-Id: I620cc57ee6366845bcffbc19210f7a01e2196052
2017-03-15Revert "Print SHA-1 in hex for corrupted blocks"Tao Bao1-140/+3
This reverts commit bb0cd75a0e1f6760bdf96bd141f3a546ffa45fbc. Broke the 'free' command that deletes a stash. Bug: 36242722 Test: The previously failed incremental applies successfully. Change-Id: I1237cb0a33adfbeea57e0465b629704862ba13aa
2017-03-13Print SHA-1 in hex for corrupted blocksTianjie Xu1-3/+140
It will be helpful for debug if we know which blocks are corrupted after a verification failure. This CL prints the SHA-1 for each source block in a transfer command if these blocks don't have an expected hash. And along with the correct SHA-1, we will catch the corrupted blocks. Bug: 21124445 Test: Printed the mismatched SHA-1 for bullhead during an update. Change-Id: I683d4bdaf9a335035045b3f532b3a265b2fcbbfc
2017-03-13updater: Remove some obsoleted functions for file-based OTA.Tao Bao1-362/+0
This CL removes the updater support for delete(), symlink(), rename(), set_metadata() and set_metadata_recursive(). Such functions have been removed from the generation script in commit f388104eaacd05cfa075d6478369e1d0df5ddbf3 (platform/build). Note: This CL also removes delete_recursive() which seems to have never been supported in generation script. Bug: 35853185 Test: recovery_component_test passes. Change-Id: I51e1ec946fa73761118fa1eaa082423df6d588e9
2017-02-03Replace _exit(-1) with _exit(EXIT_FAILURE).Tao Bao2-3/+3
-1 is not a valid exit status. Also replace a few exit(1) with exit(EXIT_FAILURE). Test: mmma bootable/recovery Change-Id: I4596c8328b770bf95acccc06a4401bd5cabd4bfd
2017-02-02Use bspatch from external/bsdiff.Sen Jiang1-0/+1
Now ApplyBSDiffPatch() will stream the output to sink as we go instead of sinking everything at the end. Test: recovery_host_test Bug: 26982501 Change-Id: I05b6ed40d45e4b1b19ae72784cf705b731b976e3
2017-01-24Remove '_static' suffix from libext2* references.Alex Deymo1-1/+1
Bug: 34220783 Test: make checkbuild Change-Id: Iceea20e440a4bb6a3b254486a65a86401a2241ef
2017-01-22Print with newline for ui_print.Tao Bao2-2/+0
Currently the ui_print command between the recovery and updater doesn't append newline. Updater has to send an extra "ui_print" command without any argument to get the line break. This looks unnecessary. And not all the callers (including the ones in bootable/recovery) are following this protocol when sending the ui_print command. This CL simplifies the protocol to always print with a newline for ui_print command. When updating from an old recovery with the new updater, all the ui_print'd strings would appear in one line as a side effect. But a) it would only affect the text-mode UI, which won't be shown to users; b) log files won't be affected. Bug: 32305035 Test: Apply an update with the new updater on top of an old and new recovery image respectively. Change-Id: I305a0ffc6f180daf60919cf99d24d1495d68749b
2017-01-11Remove "_static" suffix from libsparseAlex Deymo1-1/+1
Bug: 34220783 Change-Id: I358f931f0b29f5bd526e1475180e477e2e90b936
2017-01-11Remove "_static" suffix from libext4_utils.Alex Deymo1-1/+1
Bug: 34220783 Change-Id: I34ccc3b11da0d1b48805967ad75b9ddade569930
2017-01-09Do not inject I/O fault on a retryTianjie Xu1-1/+1
We could inject I/O faults during an OTA update for test purpose. But we should skip the injection if the update is an retry. Otherwise the update test will simply keeps failing. Bug: 34159970 Test: Apply the same package on angler and the update succeeds on the 2nd try. Change-Id: Id274e5475e3bc8d25d50a8cf61a77d2e32c569d6
2017-01-04updater: Refactor parse_range().Tao Bao1-74/+63
Returning the parsed RangeSet directly (as opposed to using some pointer parameter) to make the code cleaner. Test: Apply an incremental with the new updater. Change-Id: I8c99e701f189eb6a3eacc0d647e5a3a85fbeb3eb
2016-12-29updater: Clean up CreateStash().Tao Bao1-84/+85
Change the stash size computation from int to size_t. Test: Apply an incremental BBOTA with the new updater. Change-Id: Ib45b71b826fec6aa0ffafc67c17735825634eae0
2016-12-29updater: Update the header name for bootloader.h.Tao Bao1-2/+2
We should include "bootloader_message/bootloader_message.h" now. Test: m updater Change-Id: I65b22a8a0bcc5976ff1ba827bd30b46ee9d59c53
2016-12-14updater: Fix the operator order.Tao Bao1-1/+1
Shift operator ("<<") has a higher precedence level than ternary operator ("?"). Test: BBOTA update log says "performing update" as opposed to "performing 0". Change-Id: I0cf60cbfc11415e94f1f9f6effe75f14d13a1874
2016-12-01updater: Fix inconsistent code.Tao Bao1-1/+3
Commit 81e54eddd4132895d70ab8b2307c693311799e05 introduced the inconsistency when resolving the merge conflict into master. Test: mmma bootable/recovery Change-Id: I43b7ec76a7eee000708cdca60bd372173e1fac2f
2016-12-01updater: Switch to libbase logging.Tao Bao3-993/+994
Test: Build an updater into a package and apply it on device. Change-Id: I289b5768e9b1e44ef78e0479c64dbaa36fb1a685
2016-11-28Remove ota_close(int) and ota_fclose(FILE*).Tao Bao1-73/+69
We should always use unique_fd or unique_file to hold the FD or FILE* pointer when opening via ota_(f)open functions. This CL avoids accidentally closing raw FDs or FILE* pointers that are managed by unique_fd/unique_file. Test: recovery_component_test passes. Change-Id: If58eb8b5c5da507563f85efd5d56276472a1c957
2016-11-18updater: Refactor set_stage() and get_stage() functions.Tao Bao2-68/+69
Add read_bootloader_message_from() and write_bootloader_message_to() to allow specifying the BCB device (/misc). Also add testcases for set_stage() and get_stage(). Test: recovery_component_test passes. Test: Build a recovery image and apply a two-step OTA package. Change-Id: If5ab06a1aaaea168d2a9e5dd63c07c0a3190e4ae
2016-11-18updater: Add testcase for package_extract_dir().Tao Bao1-17/+21
Test: recovery_component_test passes. Change-Id: I3af4707bc42c7331ca961be8b967a53de82ea25b
2016-11-18DO NOT MERGE updater: Add "write_value()" function.Tao Bao1-1/+28
write_value(value, filename) writes 'value' to 'filename'. It can be used to tune device settings when applying an OTA package. For example, write_value("960000", "/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq"). Bug: 32463933 Test: recovery_component_test passes. Test: Apply an OTA package that contains a call to write_value(), and check the result. Change-Id: Ib009ecb8a45a94353f10c59e2383fe1f49796e35 (cherry picked from commit d0f3088aa95e255b39ed4b83da6b08866c2c3e0c)
2016-11-17updater: Add "write_value()" function.Tao Bao1-3/+31
write_value(value, filename) writes 'value' to 'filename'. It can be used to tune device settings when applying an OTA package. For example, write_value("960000", "/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq"). Bug: 32463933 Test: recovery_component_test passes. Test: Apply an OTA package that contains a call to write_value(), and check the result. Change-Id: Ib009ecb8a45a94353f10c59e2383fe1f49796e35
2016-11-16updater: Fix the wrong return value for package_extract_file().Tao Bao1-76/+69
'bool success = ExtractEntryToFile()' gives opposite result. Fix the issue and add testcases. Change the one-argument version of package_extract_file() to explicitly abort for non-existent zip entry. Note that this is NOT changing the behavior. Prior to this CL, it aborts from Evaluate() function, by giving a general cause code. Now it returns kPackageExtractFileFailure. BUg: 32903624 Test: recovery_component_test works. Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f (cherry picked from commit ef0eb3b01b66fbbc97908667a3dd1e02d710cbb7)
2016-11-15updater: Fix the wrong return value for package_extract_file().Tao Bao1-76/+69
'bool success = ExtractEntryToFile()' gives opposite result. Fix the issue and add testcases. Change the one-argument version of package_extract_file() to explicitly abort for non-existent zip entry. Note that this is NOT changing the behavior. Prior to this CL, it aborts from Evaluate() function, by giving a general cause code. Now it returns kPackageExtractFileFailure. BUg: 32903624 Test: recovery_component_test works. Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f
2016-11-09updater: Add more testcase for symlink().Tao Bao1-20/+17
Clean up SymlinkFn() a bit. Also clean up the temp files created when running the tests; otherwise non-empty TemporaryDir won't be removed. Test: recovery_component_test passes. Change-Id: Id3844abebd168c40125c4dcec54e6ef680a83c3a
2016-11-08Make make_parent() to take const argumentTianjie Xu1-19/+27
Switch to use const std::string; and add corresponding tests. Bug: 32649858 Test: Component tests pass Change-Id: I640f3ec81f1481fa91aa310f8d4d96dac9649cb9
2016-11-04updater: Add a testcase for RenameFn().Tao Bao1-1/+4
Test: recovery_component_test passes. Change-Id: Iba5a0fdf6c79e2bed6b30b8fc19a306c1ab29d8a
2016-11-04updater: Fix a bug in DeleteFn().Tao Bao1-9/+13
Also add a testcase for delete() function. Test: recovery_component_test passes. Change-Id: I064d1ad4693c3ed339d0a69eabadd08a61a2ea86
2016-11-03updater: Fix an off-by-1 bug in file_getprop().Tao Bao1-6/+9
Also add a testcase for file_getprop(). Test: recovery_component_test passes. Change-Id: I8eb2f9a5702b43997ac9f4b29665eea087b1c146
2016-11-01Cleanup ReadArgs & ReadValueArgs usageTianjie Xu2-497/+411
ReadArgs will switch to using std::string and std::unique_ptr. Also cleanup the callers. Test: mma & component test passed. Change-Id: I4724406ae6c0c134a27bbd1cdd24ad5d343b2a3b
2016-10-29applypatch: Switch the parameter of Value** to std::vector.Tao Bao1-3/+1
Test: Unit tests and install-recovery.sh pass on angler and dragon. Change-Id: I328e6554edca667cf850f5584ebf1ac211e3d4d1
2016-10-18Replace minzip with libziparchiveTianjie Xu5-85/+87
Clean up the duplicated codes that handle the zip files in bootable/recovery; and rename the library of the remaining utility functions to libotautil. Test: Update package installed successfully on angler. Bug: 19472796 Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
2016-10-15Change StringValue to use std::stringTianjie Xu3-195/+158
Changing the field of 'Value' in edify to std::string from char*. Meanwhile cleaning up the users of 'Value' and switching them to cpp style. Test: compontent tests passed. Bug: 31713288 Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
2016-10-13edify: Some clean-ups to libedify.Tao Bao1-1/+0
- Remove dead declarations in expr.h: SetError(), GetError(), ClearError(). - Remove the declaration of Build() out of expr.h. - Use std::unordered_map to implement RegisterFunction() and FindFunction(); kill FinishRegistration(). - Add a testcase for calling unknown functions. Test: mmma bootable/recovery; recovery_component_test passes. Change-Id: I9af6825ae677f92b22d716a4a5682f58522af03b
2016-10-11updater: Kill the duplicate PrintSha1() in install.cpp.Tao Bao1-36/+19
Also add a testcase for sha1_check(). Test: mmma bootable/recovery; recovery_component_test passes. Change-Id: I4d06d551a771aec84e460148544f68b247a7e721
2016-10-11Refactor libupdater into a seperate module.Tao Bao7-79/+103
So that we can write native tests for updater functions. This CL adds a testcase for getprop() function. Test: mmma bootable/recovery; Run recovery_component_test on device. Change-Id: Iff4c1ff63c5c71aded2f9686fed6b71cc298c228
2016-10-09Update the header path for ext4_utils.Tao Bao2-4/+2
Test: `mmma bootable/recovery` Change-Id: I70ccddb3ddf46bb012fdc5f632afc46ebdd5473e
2016-10-07Update the header path for ext4_utils.Tao Bao2-4/+2
Test: `mmma bootable/recovery` Change-Id: I70ccddb3ddf46bb012fdc5f632afc46ebdd5473e (cherry picked from commit 3cbe1d20978dc488272e2b1ba10890a006fdfab9)
2016-10-05edify: Move State.script and State.errmsg to std::string.Tao Bao1-20/+17
This way we kill a few strdup() and free() calls. Test: 1. recovery_component_test still passes; 2. Applying an update with the new updater works; 3. The error code in a script with abort("E310: xyz") is recorded into last_install correctly. Change-Id: Ibda4da5937346e058a0d7cc81764d6f02920010a (cherry picked from commit 59dcb9cbea8fb70ab933fd10d35582b08cd13f37)
2016-10-04edify: Move State.script and State.errmsg to std::string.Tao Bao1-20/+17
This way we kill a few strdup() and free() calls. Test: 1. recovery_component_test still passes; 2. Applying an update with the new updater works; 3. The error code in a script with abort("E310: xyz") is recorded into last_install correctly. Change-Id: Ibda4da5937346e058a0d7cc81764d6f02920010a
2016-09-30Turn on -Werror for recoveryTianjie Xu1-1/+1
Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab (cherry picked from commit 7aa88748f6ec4e53333d1a15747bc44826ccc410)
2016-09-30Turn on -Werror for recoveryTianjie Xu1-1/+1
Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
2016-09-26Switch to <android-base/properties.h>.Elliott Hughes1-12/+7
Bug: http://b/23102347 Test: boot into recovery. Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e Merged-In: Ib2ca560f1312961c21fbaa294bb068de19cb883e
2016-09-24Switch to <android-base/properties.h>.Elliott Hughes1-12/+7
Bug: http://b/23102347 Test: boot into recovery. Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e
2016-09-01Switch recovery to libbase loggingTianjie Xu1-2/+3
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 (cherry picked from commit 747781433fb01f745529c7e9dd97c5599070ad0d)
2016-09-01Switch recovery to libbase loggingTianjie Xu1-2/+3
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
2016-09-01Switch recovery to libbase loggingTianjie Xu1-2/+3
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
2016-09-01Check an edge case when read(2) returns 0Tianjie Xu1-0/+4
We might end up in an infinite loop if read(2) reached EOF unexpectedly. The problematic code in uncrypt mentioned in the bug has been fixed by switching to libbase ReadFully(). So I grepped through the recovery code and fixed some other occurences of the issue. Bug: 31073201 Change-Id: Ib867029158ba23363b8f85d61c25058a635c5a6b
2016-08-06Fix references to libcrypto_utils_static.Josh Gao1-2/+2
Bug: http://b/30708454 Change-Id: I7a5048beff1d8b783a9683dcb4a79606a77f20ee
2016-07-01updater: Fix the broken ReadFileFn.Tao Bao1-1/+1
Was accidentally broken by the CL in [1]. [1]: commit d6c93afcc28cc65217ba65eeb646009c4f15a2ad Bug: 29767315 Change-Id: I851e13ccea6f5be6fcd47f712cc95867245f9934 (cherry picked from commit efacd80364c7ed42d56310949790d89febaf3444)
2016-06-30Fix install.h's use of attribute printf.Elliott Hughes2-4/+3
And move off the bionic __nonnull macro, which I'm removing. Change-Id: I40b4424f4fd7bd8076e0eee3ec35de36c3ded8de
2016-06-16Check the results from applypatchTianjie Xu1-4/+10
Check the results from applypatch in PerformCommandDiff; and abort the update on failure. Bug:29339536 Change-Id: I5087d79ba532b54250f4c17560524255c8a4fabc
2016-06-11updater: Fix the broken ReadFileFn.Tao Bao1-1/+1
Was accidentally broken by the CL in [1]. [1]: commit d6c93afcc28cc65217ba65eeb646009c4f15a2ad Change-Id: I851e13ccea6f5be6fcd47f712cc95867245f9934
2016-06-10Remove obsolete MTD support.Elliott Hughes2-161/+12
Bug: http://b/29250988 Change-Id: Ia97ba9082a165c37f74d6e1c3f71a367adc59945
2016-06-03Call ioctl before each write on retryTianjie Xu2-8/+61
If the update is a retry, ioctl(BLKDISCARD) the destination blocks before writing to these blocks. Bug: 28990135 Change-Id: I1e703808e68ebb1292cd66afd76be8fd6946ee59
2016-05-23resolve merge conflicts of 50f6417Tianjie Xu1-1/+0
Fix a typo for ota_fclose(). Change-Id: Ia93e911aa5391afc604874fc3a09c5a45c094c80
2016-05-20Allow recovery to return error codesTianjie Xu3-86/+141
Write error code, cause code, and retry count into last_install. So we can have more information about the reason of a failed OTA. Example of new last_install: @/cache/recovery/block.map package name 0 install result retry: 1 retry count (new) error: 30 error code (new) cause: 12 error cause (new) Details in: go/android-ota-errorcode Bug: 28471955 Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
2016-05-16Add time and I/O info to last_installTianjie Xu1-0/+12
One example of last_install is: /sideload/package.zip 1 time_total: 101 bytes_written_system: 14574000 bytes_stashed_system: 100 bytes_written_vendor: 5107400 bytes_stashed_vendor: 0 Bug: 28658632 Change-Id: I4bf79ea71a609068d38fbce6b41bcb892524aa7a
2016-05-06updater, minzip: Remove unnecessary O_SYNC flags.Alistair Strachan1-1/+1
Remove O_SYNC from mzExtractRecursive() and PackageExtractFileFn(). These functions deal with extracting whole files from the update package onto a filesystem. If run on ext4 on a rotating disk, for example, the O_SYNC flag will cause serious performance problems and the extraction proecss can take over 30 minutes, with no obvious benefits. This API function already calls fsync(fd) after each file is extracted to ensure data and metadata is written to the underlying block device, so the O_SYNC calls should be superfluous and safely removable. This change does not affect the OTA patch paths or any modification of the bootloader partition or writes to other 'emmc' partitions. Signed-off-by: Alistair Strachan <alistair.strachan@imgtec.com> Change-Id: I9cbb98a98e6278bf5c0d7efaae340773d1fbfcd2
2016-04-29Fix google-explicit-constructor warnings.Chih-Hung Hsieh1-1/+1
Bug: 28341362 Change-Id: I5b35ae16c069e7e9229e66963386f322bd808af1
2016-04-27updater: Don't zero out CommandParameters with memset(3).Tao Bao1-2/+1
[1] switched a few things to android::base::unique_fd including CommandParameters.fd. However, we were using memset(3) to zero out the struct, which effectively assigned unique_fd(0) to fd. When it called fd.reset(), file descriptor 0 was unintentionally closed. When FD 0 was later reassigned via open(2), it led to lseek(2) errors: "Bad file descriptor". This CL switches to using braced-init (i.e. '= {}') instead, so that the default constructor unique_fd(-1) would be called. [1]: commit bcabd0929316fdd022ea102cc86396547ad9f070 Bug: 28391985 Change-Id: If1f99932b15552714c399e65c8b80550344b758a
2016-04-18Fix google-runtime-int warnings.Chih-Hung Hsieh1-5/+6
Bug: 28220065 Change-Id: Ida199c66692a1638be6990d583d2ed42583fb592
2016-04-06Convert recovery to use BoringSSL instead of mincrypt.Mattias Nissler1-0/+1
This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
2016-04-02Move selinux dependencies out of header files.Elliott Hughes3-4/+6
Bug: http://b/27764900 Change-Id: Ib62a59edcb13054f40f514c404d32b87b14ed5f1
2016-03-29Switch to <android-base/unique_fd.h>.Elliott Hughes1-25/+17
Change-Id: I13ba3f40bd52b5f3e3fe9002a45a9a8630040129
2016-03-25Skip stashing source blocks in verify modeTianjie Xu1-8/+46
Currently block_image_verify() stashes source blocks to /cache and in some case triggers I/O errors. To avoid this risk, We create a map from the hash value to the source blocks' range_set. When executing stash command in verify mode, source range is saved but block contents aren't stashed. And load_stash could get its value from either the stashed file from the previous update, or the contents on the source partition specified by the saved range. Bug: 27584487 Bug: 25633753 Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996 (cherry picked from commit 0188935d55206e8c2becb29e995f166cb7040355)
2016-03-23Skip stashing source blocks in verify modeTianjie Xu1-8/+46
Currently block_image_verify() stashes source blocks to /cache and in some case triggers I/O errors. To avoid this risk, We create a map from the hash value to the source blocks' range_set. When executing stash command in verify mode, source range is saved but block contents aren't stashed. And load_stash could get its value from either the stashed file from the previous update, or the contents on the source partition specified by the saved range. Bug: 27584487 Bug: 25633753 Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
2016-03-19Control fault injection with config files instead of build flagsJed Estep3-2/+4
Bug: 27724259 Change-Id: I65bdefed10b3fb85fcb9e1147eaf0687d7d438f4
2016-03-17Revert "DO NOT MERGE Control fault injection with config files instead of build flags"Tao Bao3-4/+2
This reverts commit f73abf36bcfd433a3fdd1664a77e8e531346c1b1. Bug: 27724259 Change-Id: I1301fdad15650837d0b1febd0c3239134e2b94fb
2016-03-16DO NOT MERGE Control fault injection with config files instead of build flagsJed Estep3-2/+4
Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
2016-03-11applypatch: use vector to store data in FileContents.Yabin Cui1-10/+11
Cherry pick this patch because it fixes the problem that a newed Value is released by free(). Bug: 26906416 Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43 (cherry picked from commit d6c93afcc28cc65217ba65eeb646009c4f15a2ad)
2016-03-10Reboot and retry on I/O errorsTianjie Xu1-0/+7
When I/O error happens, reboot and retry installation two times before we abort this OTA update. Bug: 25633753 Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69 (cherry picked from commit 3c62b67faf8a25f1dd1c44dc19759c3997fdfd36)
2016-03-03Fix the improper use of LOCAL_WHOLE_STATIC_LIBRARIES.Tao Bao1-28/+38
If two libraries both use LOCAL_WHOLE_STATIC_LIBRARIES and include a same library, there would be linking errors when generating a shared library (or executable) that depends on the two libraries both. Also clean up Android.mk files. Remove the "LOCAL_MODULE_TAGS := eng" line for the updater module. The module will then default to "optional" which won't be built until needed. Change-Id: I3ec227109b8aa744b7568e7f82f575aae3fe0e6f
2016-03-03Reboot and retry on I/O errorsTianjie Xu1-0/+7
When I/O error happens, reboot and retry installation two times before we abort this OTA update. Bug: 25633753 Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
2016-02-23Control fault injection with config files instead of build flagsJed Estep3-2/+4
Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c (cherry picked from commit d940887dde23597dc358b16d96ca48dd7480fee6)
2016-02-20Control fault injection with config files instead of build flagsJed Estep3-2/+4
Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
2016-02-18Fix integer overflows in recovery procedure.Yabin Cui1-7/+6
Bug: 26960931 Change-Id: Ieae45caccfb4728fcf514f0d920976585d8e6caf
2016-02-12applypatch: use vector to store data in FileContents.Yabin Cui1-10/+11
Bug: 26906416 Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43
2016-02-10IO fault injection for OTA packagesJed Estep3-34/+36
Bug: 25951086 Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c (cherry-picked from commit f1fc48c6e62cfee42d25ad12f443e22d50c15d0b)
2016-02-04updater: fix memory leak based on static analysis.Yabin Cui1-44/+39
Bug: 26907377 Change-Id: I384c0131322b2d12f0ef489735e70e86819846a4
2016-02-04Switch from mincrypt to BoringSSL in applypatch and updater.Sen Jiang3-18/+17
Bug: 18790686 Change-Id: I7d2136fb39b2266f5ae5be24819c617b08a6c21e
2016-01-07updater: Add a function to check first blockTianjie Xu2-0/+58
Add and register a function to check if the device has been remounted since last update during incremental OTA. This function reads block 0 and executes before partition recovery for version >= 4. Bug: 21124327 Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f (cherry picked from commit 30bf4765593e639966df9f460df22c3fe912e7bf)
2016-01-06IO fault injection for OTA packagesJed Estep3-19/+21
Bug: 25951086 Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
2015-12-18updater: Add a function to check first blockTianjie Xu2-0/+58
Add and register a function to check if the device has been remounted since last update during incremental OTA. This function reads block 0 and executes before partition recovery for version >= 4. Bug: 21124327 Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
2015-12-15updater: Use O_SYNC and fsync() for package_extract_file().Tao Bao1-6/+13
We are already using O_SYNC and fsync() for the recursive case (package_extract_dir()). Make it consistent for the single-file case. Bug: 20625549 Change-Id: I487736fe5a0647dd4a2428845e76bf642e0f0dff
2015-12-11updater: Output msg when recovery is calledTianjie Xu1-1/+4
Output messages in log when recovery is attempted or succeeded during incremental OTA update. Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda (cherry picked from commit b686ba211443490111729ba9d82eb0c0b305e185)
2015-12-10updater: Output msg when recovery is calledTianjie Xu1-1/+4
Output messages in log when recovery is attempted or succeeded during incremental OTA update. Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda
2015-12-07updater: Replace strtok() with android::base::Split().Tao Bao1-133/+144
Change-Id: I36346fa199a3261da1ae1bc310b3557fe1716d96
2015-12-05Track rename from base/ to android-base/.Elliott Hughes2-5/+5
Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
2015-11-16updater: libapplypatch needs libbase now.Tao Bao1-1/+1
Change-Id: Ibe3173edd6274b61bd9ca5ec394d7f6b4a403639 (cherry picked from commit 1b1ea17d554d127a970afe1d6004dd4627cd596e)
2015-11-16DO NOT MERGE recovery: Switch applypatch/ and updater/ to cpp.Tao Bao4-112/+113
Mostly trivial changes to make cpp compiler happy. Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270 (cherry picked from commit ba9a42aa7e10686de186636fe9fecbf8c4cc7c19)
2015-11-16Add error and range checks to parse_rangeSami Tolvanen1-10/+71
Only trusted input is passed to parse_range, but check for invalid input to catch possible problems in transfer lists. Bug: 21033983 Bug: 21034030 Bug: 21034172 Bug: 21034406 Change-Id: I1e266de3de15c99ee596ebdb034419fdfe7eba1f (cherry picked from commit f2bac04e1ba0a5b79f8adbc35b493923b776f8b2)
2015-11-16Stop using libstdc++.Dan Albert1-1/+1
These are already getting libc++, so it isn't necessary. If any of the other static libraries (such as adb) use new or delete from libc++, there will be symbol collisions. Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f (cherry picked from commit e49a9e527a51f43db792263bb60bfc91293848da)
2015-11-16recovery: Switch to clangTao Bao1-0/+2
And a few trival fixes to suppress warnings. Change-Id: Id28e3581aaca4bda59826afa80c0c1cdfb0442fc (cherry picked from commit 80e46e08de5f65702fa7f7cd3ef83f905d919bbc)
2015-10-23updater: Bump up the BBOTA version to 4.Tao Bao1-1/+1
To accommodate new changes in N release, such as error correction [1] and other potential changes to the updater. [1]: commit 0a7b47397db3648afe6f3aeb2abb175934c2cbca Change-Id: I4dd44417d07dd0a31729894628635a0aa1659008
2015-10-19Error correction: Use libfec in blockimg.cpp for recoverySami Tolvanen2-1/+78
Add block_image_recover function to rewrite corrupted blocks on the partition. This can be attempted if block_image_verify fails. Note that we cannot use libfec during block_image_update as it may overwrite blocks required for error correction. A separate recovery pass in case the image is corrupted is the only viable option. Bug: 21893453 Change-Id: I6ff25648fff68d5f50b41a601c95c509d1cc5bce
2015-09-26updater: Skip empty lines in the transfer list file.Tao Bao1-0/+4
We have the last line being empty as a result of android::base::Split("a\nb\n"), which leads to "missing command" warnings in the update. Just skip all the empty lines. Bug: 24373789 Change-Id: I5827e4600bd5cf0418d95477e4592fec47bbd3a9
2015-09-24updater: Use android::base::ParseInt() to parse integers.Tao Bao2-52/+37
Change-Id: Ic769eafc8d9535b1d517d3dcbd398c3fd65cddd9
2015-09-24Suppress some compiler warnings due to signedness.Tao Bao1-1/+1
Change-Id: I63f28b3b4ba4185c23b972fc8f93517295b1672a
2015-09-10updater: Fix the line breaks in ui_print commands.Tao Bao1-26/+32
When processing ui_print commands in the updater, it misses a line break when printing to the recovery log. Also clean up uiPrintf() and UIPrintFn() with std::string's. Change-Id: Ie5dbbfbc40b024929887d3c3ccd3a334249a8c9d
2015-09-10updater: Manage buffers with std::vector.Tao Bao1-228/+168
Change-Id: Ide489e18dd8daf161b612f65b28921b61cdd8d8d
2015-09-08updater: Replace the pointers in LoadSrcTgtVersion[1-3]() parameter.Tao Bao1-29/+26
And inline the call to LoadSrcTgtVersion1() into SaveStash(). Change-Id: Ibf4ef2bfa2cc62df59c4e8de99fd7d8039e71ecf
2015-09-01updater: Clean up C codes.Tao Bao1-602/+429
Replace C-string with std::string, pointers with references, and variable-size arrays in struct with std::vector. Change-Id: I57f361a0e58286cbcd113e9be225981da56721b2
2015-08-26updater: Remove the unused isunresumable in SaveStash().Tao Bao1-3/+3
Change-Id: I6a8d9bea4c1cd8ea7b534682061b90e893b227a2
2015-08-22GOOGLEGMS-749 Fix integer overflow while applying block based OTA packageShrinivas Sahukar1-46/+48
There is an integer overflow when the size of system goes beyond the signed int limits. Hence changing pos to size_t. Change-Id: I6e5e1b2f0e72030b30a6df09a01642f4c82abc79
2015-08-06updater: Clean up char* with std::string.Tao Bao1-261/+141
So we can remove a few free()s. And also replace a few pointers with references. Change-Id: I4b6332216704f4f9ea4a044b8d4bb7aa42a7ef26
2015-08-04udpater: Call fsync() after rename().Tao Bao1-0/+20
We need to ensure the renamed filename reaches the underlying storage. Bug: 22840552 Change-Id: I824b6e9d8a9c5966035be7b42a73678d07376342 (cherry picked from commit dc3922622a94af4f6412fd68e8f075f839ab2348)
2015-08-04udpater: Call fsync() after rename().Tao Bao1-0/+20
We need to ensure the renamed filename reaches the underlying storage. Bug: 22840552 Change-Id: Ide2e753a2038691d472b6ee173cbf68ac998a084
2015-07-27updater: Hoist fsync() to outer loop.Tao Bao1-6/+5
Currently the fsync() inside write_all() may be called multiple times when performing a command. Move that to the outer loop and call it only after completing the command. Also remove the O_SYNC flag when writing a stash. Change-Id: I71e51d76051a2f7f504eef1aa585d2cb7a000d80
2015-07-24updater: libapplypatch needs libbase now.Tao Bao1-1/+1
Change-Id: I18da9e6da64fccab495dc5a96e3efd95cc6d88bf (cherry picked from commit 1b1ea17d554d127a970afe1d6004dd4627cd596e)
2015-07-17updater: libapplypatch needs libbase now.Tao Bao1-1/+1
Change-Id: Ibe3173edd6274b61bd9ca5ec394d7f6b4a403639
2015-07-14recovery: Switch applypatch/ and updater/ to cpp.Tao Bao4-112/+113
Mostly trivial changes to make cpp compiler happy. Change-Id: I1b0481465c67c3bbca35a839d0764190d84ff34e (cherry picked from commit ba9a42aa7e10686de186636fe9fecbf8c4cc7c19)
2015-07-14recovery: Switch applypatch/ and updater/ to cpp.Tao Bao4-112/+113
Mostly trivial changes to make cpp compiler happy. Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270
2015-07-11Revert "Zero blocks before BLKDISCARD"Tao Bao1-17/+1
This reverts commit b65f0272c860771f2105668accd175be1ed95ae9. It slows down the update too much on some devices (e.g. increased from 8 mins to 40 mins to take a full OTA update). Bug: 22129621 Change-Id: I016e3b47313e3113f01bb4f8eb3c14856bdc35e5 (cherry picked from commit 7125f9594db027ce4313d940ce2cafac67ae8c31)
2015-07-01Revert "Zero blocks before BLKDISCARD"Tao Bao1-17/+1
This reverts commit b65f0272c860771f2105668accd175be1ed95ae9. It slows down the update too much on some devices (e.g. increased from 8 mins to 40 mins to take a full OTA update). Bug: 22129621 Change-Id: I4e8d4f6734967caf4f0d19c734027f7b6c107370
2015-06-26More accurate checking for overlapped ranges.Tao Bao1-1/+1
A RangeSet has half-closed half-open bounds. For example, "3,5" contains blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped. Bug: 22098085 Change-Id: I362d259f8b5d62478858ad0422b635bc5068698d (cherry picked from commit c0f56ad76680df555689d4a2397487ef8c16b1a6)
2015-06-26More accurate checking for overlapped ranges.Tao Bao1-1/+1
A RangeSet has half-closed half-open bounds. For example, "3,5" contains blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped. Bug: 22098085 Change-Id: I75e54a6506f2a20255d782ee710e889fad2eaf29
2015-06-10Zero blocks before BLKDISCARDSami Tolvanen1-1/+17
Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f (cherry picked from commit a3c75e3ea60d61df93461f5c356befe825c429d2)
2015-06-10Zero blocks before BLKDISCARDSami Tolvanen1-1/+17
Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f
2015-06-10Revert "Zero blocks before BLKDISCARD"Sami Tolvanen1-5/+9
This reverts commit 96392b97f6bf1670d478494fb6df89a3410e53fa. Change-Id: I77acc27158bad3cd8948390a3955197646a43a31
2015-06-10Revert "Zero blocks before BLKDISCARD"Sami Tolvanen1-5/+9
This reverts commit 604c583c9dd3d47906b1a57c14a7e9650df7471e. Change-Id: I2b0b283dc3f44bae55c5e9f7231d7c712630c2b5
2015-06-09Zero blocks before BLKDISCARDSami Tolvanen1-9/+5
Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3 (cherry picked from commit 96392b97f6bf1670d478494fb6df89a3410e53fa)
2015-06-09Zero blocks before BLKDISCARDSami Tolvanen1-9/+5
Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3
2015-06-03recovery: Switch to clangTao Bao1-0/+2
And a few trival fixes to suppress warnings. Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
2015-06-03Fix build: fprintf without modifierTao Bao1-2/+1
Change-Id: I66ae21a25a25fa3c70837bc54a7d406182d4cf37
2015-06-03Log update outputs in orderTao Bao1-0/+6
Although stdout and stderr are both redirected to log file with no buffering, we are seeing some outputs are mixed in random order. This is because ui_print commands from the updater are passed to the recovery binary via a pipe, which may interleave with other outputs that go to stderr directly. In recovery, adding ui::PrintOnScreenOnly() function to handle ui_print command, which skips printing to stdout. Meanwhile, updater prints the contents to stderr in addition to piping them to recovery. Change-Id: Idda93ea940d2e23a0276bb8ead4aa70a3cb97700
2015-05-29Really don't use TEMP_FAILURE_RETRY with close in recovery.Elliott Hughes1-1/+1
I missed one last time. Bug: http://b/20501816 Change-Id: I9896ee2704237d61ee169f898680761e946e0a56 (cherry picked from commit b3ac676192a093c561b7f15064cbd67733407b12)
2015-05-29Handle BLKDISCARD failuresSami Tolvanen1-2/+1
In the block updater, if BLKDISCARD fails, the error is silently ignored and some of the blocks may not be erased. This means the target partition will have inconsistent contents. If the ioctl fails, return an error and abort the update. Bug: 20614277 Change-Id: I33867ba9337c514de8ffae59f28584b285324067 (cherry picked from commit cc2428c8181d18c9a88db908fa4eabd2db5601ad)
2015-05-29Really don't use TEMP_FAILURE_RETRY with close in recovery.Elliott Hughes1-1/+1
I missed one last time. Bug: http://b/20501816 Change-Id: I9896ee2704237d61ee169f898680761e946e0a56
2015-05-28Handle BLKDISCARD failuresSami Tolvanen1-2/+1
In the block updater, if BLKDISCARD fails, the error is silently ignored and some of the blocks may not be erased. This means the target partition will have inconsistent contents. If the ioctl fails, return an error and abort the update. Bug: 20614277 Change-Id: I33867ba9337c514de8ffae59f28584b285324067
2015-05-19Stop using libstdc++.Dan Albert1-1/+1
These are already getting libc++, so it isn't necessary. If any of the other static libraries (such as adb) use new or delete from libc++, there will be symbol collisions. Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f
2015-05-16Don't use TEMP_FAILURE_RETRY on close in recovery.Elliott Hughes1-2/+2
Bug: http://b/20501816 Change-Id: I35efcd8dcec7a6492ba70602d380d9980cdda31f (cherry picked from commit b47afedb42866e85b76822736d915afd371ef5f0)
2015-05-16Don't use TEMP_FAILURE_RETRY on close in recovery.Elliott Hughes1-2/+2
Bug: http://b/20501816 Change-Id: I35efcd8dcec7a6492ba70602d380d9980cdda31f
2015-05-15Add error and range checks to parse_rangeSami Tolvanen1-10/+71
Only trusted input is passed to parse_range, but check for invalid input to catch possible problems in transfer lists. Bug: 21033983 Bug: 21034030 Bug: 21034172 Bug: 21034406 Change-Id: Ia17537a2d23d5f701522fbc42ed38924e1ee3366
2015-04-30Check all lseek calls succeed.Elliott Hughes1-28/+20
Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek. Bug: http://b/20625546 Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b (cherry picked from commit 7bad7c4646ee8fd8d6e6ed0ffd3ddbb0c1b41a2f)
2015-04-30Check all lseek calls succeed.Elliott Hughes1-28/+20
Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek. Bug: http://b/20625546 Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
2015-04-17Don't remove existing explicitly stashed blocksSami Tolvanen1-10/+28
When automatically stashing overlapping blocks, should the stash file already exist due to an explicit stash command, it's not safe to remove the stash file after the command has completed. Note that it is safe to assume that the stash file will remain in place during the execution of the next command, so we don't have take other measures to preserve overlapping blocks. The stash file itself will be removed by a free command when it's no longer needed. Bug: 20297065 Change-Id: I8ff1a798b94086adff183c5aac03260eb947ae2c
2015-03-23Always use strerror to report errno in recovery.Elliott Hughes1-19/+20
Change-Id: I7009959043150fabf5853a43ee2448c7fbea176e
2015-03-11updater: Check the return value from ApplyImagePatch / ApplyBSDiffPatchTao Bao1-14/+28
Return NULL to abort the update process. Note that returning "" won't stop the script. Change-Id: Ifd108c1356f7c92a905c8776247a8842c6445319
2015-02-27Remove more dead code from minzip.Narayan Kamath1-1/+1
I've added explanatory comments to mzExtractRecursive because that function will live on as a utility even after we move the zip format related logic to libziparchive. bug: 19472796 Change-Id: Id69db859b9b90c13429134d40ba72c1d7c17aa8e
2015-02-27Remove more dead code from minzip.Narayan Kamath1-1/+1
I've added explanatory comments to mzExtractRecursive because that function will live on as a utility even after we move the zip format related logic to libziparchive. bug: 19472796 (cherry-picked from commit c9ccdfd7a42de08c47ab771b94dc5b9d1f957b95) Change-Id: I8b7fb6fa3eafb2e7ac080ef7a7eceb691b252d8a
2015-02-23Fix a printf format warning.Narayan Kamath1-1/+1
warning: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'unsigned int' [-Wformat] sizeof(RangeSet) + num * sizeof(int)); Change-Id: I4a3c6fc8d40c08ea84f8f5ee13f39350e4264027
2015-02-18Initialize stashbase even stash_max_blocks = 0Jesse Zhao1-1/+1
Change-Id: I480c02ffedd811f4dda9940ef979a05ff54f1435 Bug: 19410117
2015-02-05There's no GPL code in 'updater'.Elliott Hughes2-339/+0
This notice was added for libsyspatch and libxdelta3, but that code has been removed since. Change-Id: I4008878ded56ca1d5094a8208728f8c02fe1fe03
2015-01-30Support resuming block based OTAsSami Tolvanen1-346/+1460
Add support for transfer list version 3, which allows us to verify the status of each command and resume an interrupted block based OTA update. Notes on the changes: - Move the previous BlockImageUpdateFn to a shorter and reusable PerformBlockImageUpdate, which can be used also in BlockImageVerifyFn for verification. - Split individual transfer list commands into separate functions with unified parameters for clarity, and use a hash table to locate them during execution. - Move common block reading and writing to ReadBlocks and WriteBlocks to reduce code duplication, and rename the readblock and writeblock to less confusing read_all and write_all. The coding style of the new functions follows the existing style in the updater/edify code. Needs matching changes from Ia5c56379f570047f10f0aa7373a1025439495c98 Bug: 18262110 Change-Id: I1e752464134aeb2d396946348e6041acabe13942
2015-01-30Add missing includes.Elliott Hughes1-0/+1
Change-Id: I06ea08400efa511e627be37a4fd70fbdfadea2e6
2014-12-01Fix recovery image build for 32pBruce Beare1-1/+1
When building for 32p, we need to be explicit that we wish to build the 32bit version of the binaries that will be placed in the recovery image. The recovery image doesn't actually care... but if we are not explicit in this, the makefiles will ask for the 64bit binaries but the Android.mk for the binaries will supply the 32bit images (causing the build to fail). Change-Id: Iea2d5f412740c082795da4358765751138a4b167
2014-11-22Add support for tune2fs file operationsMichael Runge2-0/+43
This allows tune2fs to be executed from within OTA scripts, allowing for file system modifications without formatting the partition Bug: 18430740 Change-Id: I0c2e05b5ef4a81ecea043e9b7b99b545d18fe5e6
2014-11-21Add support for tune2fs file operationsMichael Runge2-0/+43
This allows tune2fs to be executed from within OTA scripts, allowing for file system modifications without formatting the partition Bug: 18430740 Change-Id: I0c2e05b5ef4a81ecea043e9b7b99b545d18fe5e6
2014-10-24Log mount/unmount errors to UIMichael Runge1-5/+9
Bug: 18092022 Change-Id: I6c42038ebeb1cfc1e7ca0d3e12310fdce1b990b0
2014-10-24unconditionally apply SELinux labels to symlinksNick Kralevich1-10/+9
At the end of the OTA script, we walk through /system, updating all the permissions on the filesystem, including the UID, GID, standard UNIX permissions, capabilities, and SELinux labels. In the case of a symbolic link, however, we want to skip most of those operations. The UID, GID, UNIX permissions, and capabilities don't meaningfully apply to symbolic links. However, that's not true with SELinux labels. The SELinux label on a symbolic link is important. We need to make sure the label on the symbolic link is always updated, even if none of the other attributes are updated. This change unconditionally updates the SELinux label on the symbolic link itself. lsetfilecon() is used, so that the link itself is updated, not what it's pointing to. In addition, drop the ENOTSUP special case. SELinux has been a requirement since Android 4.4. Running without filesystem extended attributes is no longer supported, and we shouldn't even try to handle non-SELinux updates anymore. (Note: this could be problematic if these scripts are ever used to produce OTA images for 4.2 devices) Bug: 18079773 Change-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91
2014-10-23Allow passing of mount args to mountFnMichael Runge1-5/+18
Bug: 18079773 Bug: 18092222 Change-Id: Ifc3f3e123de729dfbb2f49414b3207afa96268d5
2014-10-23Log to UI any metadata setting errorsMichael Runge1-34/+50
Bug: 18079773 Change-Id: Ic6fddbcbcb6ddb9e1cbd1698df98387c0033ae15
2014-10-23Treat already-renamed files as having no problems.Michael Runge1-0/+3
This should help with reentrant OTAs. Bug: 18079773 Change-Id: I102fd738e3b450483ecd4471384c12e89fc586e2
2014-09-26support for version 2 of block image diffsDoug Zongker1-45/+209
In version 2 of block image diffs, we support a new command to load data from the image and store it in the "stash table" and then subsequently use entries in the stash table to fill in missing bits of source data we're not allowed to read when doing move/bsdiff/imgdiff commands. This leads to smaller update packages because we can break cycles in the ordering of how pieces are updated by storing data away and using it later, rather than not using the data as input to the patch system at all. This comes at the cost of the RAM or scratch disk needed to store the data. The implementation is backwards compatible; it can still handle the existing version 1 of the transfer file format. Change-Id: I4559bfd76d5403859637aeac832f3a5e9e13b63a
2014-09-08support for version 2 of block image diffsDoug Zongker1-45/+209
In version 2 of block image diffs, we support a new command to load data from the image and store it in the "stash table" and then subsequently use entries in the stash table to fill in missing bits of source data we're not allowed to read when doing move/bsdiff/imgdiff commands. This leads to smaller update packages because we can break cycles in the ordering of how pieces are updated by storing data away and using it later, rather than not using the data as input to the patch system at all. This comes at the cost of the RAM or scratch disk needed to store the data. The implementation is backwards compatible; it can still handle the existing version 1 of the transfer file format. Change-Id: I7fafe741d86b92d82d46feb2939ecf5a3890dc64
2014-09-04fix comment in blockimg updater codeDoug Zongker1-3/+3
The comment for the DEBUG_ERASE setting is exactly backwards. Change-Id: I98ab5828365894217fc78976817a131e7d22d5c1
2014-09-04use lseek64 instead of lseekAndrew Boie1-11/+11
Otherwise, overflow problems can occur with images larger than 2G since the offsets will overflow a 32-bit off_t. Change-Id: I05951a38ebeae83ad2cb938594e8d8adb323e2aa Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2014-08-26remove code for original block OTA mechanismDoug Zongker2-209/+6
Superseded by newer code. Bug: 16984795 Change-Id: I842299f6a02af7ccf51ef2ca174d813ca53deef1
2014-08-25remove code for original block OTA mechanismDoug Zongker2-209/+6
Superseded by newer code. Bug: 16984795 Change-Id: I70c1d29dc03287b06ea909d17f729ec51ccb0344
2014-08-21fix two bugs in block image updaterDoug Zongker1-18/+32
The computation of file offsets was overflowing for partitions larger than 2 GB. The parsing of the transfer file could fail at the end if the data happened to not be properly null-terminated. Bug: 16984795 Change-Id: I3ce6eb3e54ab7b55aa9bbed252da5a7eacd3317a
2014-08-20installer for new block OTA systemDoug Zongker6-1/+662
(Cherry-pick back from master.) Bug: 16984795 Change-Id: Ifa3d8345c5e2a0be86fb28faa080ca82592a96b4
2014-08-19installer for new block OTA systemDoug Zongker6-1/+662
Bug: 16984795 Change-Id: I90f958446baed83dec658de2430c8fc5e9c3047e
2014-08-06remove spurious parens from error messageDoug Zongker1-4/+3
These error messages include empty parens after each string substition. Ill-advised cut and paste, probably. Bug: 16467401 Change-Id: Ib623172d6228354afdcc2e33442cc53a07f0ecbc
2014-07-22Auto create parent directories for rename supportMichael Runge2-3/+7
Sometimes renames will move a file into a directory that does not yet exist. This will create the parent directories, using the same symlink logic, to ensure that there is a valid destination. Bug: 16458395 Change-Id: Iaa005a12ce800c39f4db20f7c25a2a68cb40a52d
2014-07-22Auto create parent directories for rename supportMichael Runge2-3/+7
Sometimes renames will move a file into a directory that does not yet exist. This will create the parent directories, using the same symlink logic, to ensure that there is a valid destination. Change-Id: Iaa005a12ce800c39f4db20f7c25a2a68cb40a52d
2014-06-17Support F2FS for the data partitionJP Abgrall1-2/+35
This adds F2FS support - for wiping a device - for the install "format" command. Note: crypto data in "footer" with a default/negative length is not supported, unlike with "ext4". Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870 Signed-off-by: JP Abgrall <jpa@google.com>
2014-06-09advance progress bar during block OTA installationsDoug Zongker1-2/+23
While executing syspatch and package_extract_file() calls with don't care maps (both of which are used to rewrite the system image in incremental and full block OTAs, respectively), pass a progress callback in and use it to update the visible progress bar. Change-Id: I1d3742d167c1bb2130571eb5103b7795c65ff371
2014-05-23disable async reboot during package installationDoug Zongker1-0/+11
The default recovery UI will reboot the device when the power key is pressed 7 times in a row, regardless of what recovery is doing. Disable this feature during package installation, to minimize the chance of corrupting the device due to a mid-install reboot. (Debug packages can explicitly request that the feature be reenabled.) Change-Id: I20f3ec240ecd344615d452005ff26d8dd7775acf
2014-05-02Allow lines without = signs.Michael Runge1-5/+3
The new build.prop for Sprout includes lines of the format: import xxx.prop These can be safely ignored when reading the property file. Change-Id: Ia84a138e71461ffe8e591e88143b9787873def29
2014-03-14Recovery 64-bit compile issuesMark Salyzyn1-2/+2
Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
2014-02-25support don't-care maps when writing the system imageDoug Zongker1-62/+172
Make package_extract_file() take an optional third argument which is the pathname (in the package zip) of a map of don't-care regions to skip over when writing the file. Modify syspatch() to take source and target don't-care maps and use them when patching the system partition. Add the wipe_block_device() function to do a discard of all data on the partition. Change-Id: I8c856054edfb6aab2f3e5177f16d9d78add20be4
2014-02-20add flag for GPL licenseDoug Zongker2-0/+339
updater now depends on the GPL'd libraries libsyspatch and libxdelta3, so be careful when taking code from this directory. Change-Id: Ib6f8c50ce7052912b9d81ff96d095f778bf9a3d0
2014-02-14remove remaining libminelf referencesDoug Zongker1-1/+0
Change-Id: Id38b08607829bccc031693cc03e60e849903b6f8
2014-02-14clean up some warnings when building recoveryDoug Zongker3-5/+5
Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
2014-02-14remove 'retouch' ASLR supportDoug Zongker1-1/+1
Older versions of android supported an ASLR system where binaries were randomly twiddled at OTA install time. Remove support for this; we now use the ASLR support in the linux kernel. Change-Id: I8348eb0d6424692668dc1a00e2416fbef6c158a2
2014-02-13add syspatch support to updaterDoug Zongker2-14/+115
Add the syspatch() function, which can apply xdelta3+xz patches using the libsyspatch library. Change-Id: Idc1921e449020923bcaf425a1983bec0833e47ed
2014-01-16do verification and extraction on memory, not filesDoug Zongker1-4/+11
Changes minzip and recovery's file signature verification to work on memory regions, rather than files. For packages which are regular files, install.cpp now mmap()s them into memory and then passes the mapped memory to the verifier and to the minzip library. Support for files which are raw block maps (which will be used when we have packages written to encrypted data partitions) is present but largely untested so far. Bug: 12188746 Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
2013-12-14Don't abort on read_file if the file is missing.Michael Runge1-5/+3
Change-Id: I85726bf736203d602428114145c3b98692580656
2013-11-27add the functions for multi-stage packages to updaterDoug Zongker1-1/+106
In order to support multi-stage recovery packages, we add the set_stage() and get_stage() functions, which store a short string somewhere it can be accessed across invocations of recovery. We also add reboot_now() which updater can invoke to immediately reboot the device, without doing normal recovery cleanup. (It can also choose whether to boot off the boot or recovery partition.) If the stage string is of the form "#/#", recovery's UI will be augmented with a simple indicator of what stage you're in, so it doesn't look like a reboot loop. Change-Id: I62f7ff0bc802b549c9bcf3cc154a6bad99f94603
2013-11-07Enable incremental builder to find files that moved, andMichael Runge1-0/+35
try to process them via patch + rename, instead of delete + add. b/11437930 Change-Id: I984349fbc9a8dac4379e00c0d66fc7d22c4eb834
2013-09-25verifier: update to support certificates using SHA-256Doug Zongker1-1/+1
(cherry picked from commit bac7fba02763ae5e78e8e4ba0bea727330ad953e) Change-Id: I01c38d7fea088622a8b0bbf2c833fa2d969417af
2013-09-17updater: Delete dead codeNick Kralevich1-87/+0
set_perm and set_perm_recursive are no longer used. Delete. (cherry picked from commit 08ef9a957027183dcf55e432441e8fb0d5299aba) Change-Id: I1bcc90ae19af9df4f0705496c5876987159f75ac
2013-09-11updater: Delete dead codeNick Kralevich1-87/+0
set_perm and set_perm_recursive are no longer used. Delete. Change-Id: I3bb40b934b6c093b24b88aa4ed6f3c7de2bb52f0
2013-09-11Don't apply permission changes to symlink.Nick Kralevich1-0/+5
Bug: 10183961 Bug: 10186213 Bug: 8985290 Change-Id: I57cb14af59682c5f25f1e091564548bdbf20f74e
2013-09-11Don't apply permission changes to symlink.Nick Kralevich1-0/+5
Bug: 10183961 Bug: 10186213 Bug: 8985290 Change-Id: I57cb14af59682c5f25f1e091564548bdbf20f74e
2013-09-10updater: introduce and set_metadata and set_metadata_recursiveNick Kralevich1-0/+274
Introduce two new updater functions: * set_metadata * set_metadata_recursive Long term, these functions are intended to be more flexible replacements for the following methods: * set_perm * set_perm_recursive Usage: set_metadata("filename", "key1", "value1", "key2", "value2", ...) set_metadata_recursive("dirname", "key1", "value1", "key2", "value2", ...) Description: set_metadata() and set_metadata_recursive() set the attributes on a file/directory according to the key/value pairs provided. Today, the following keys are supported: * uid * gid * mode (set_perm_extd only) * fmode (set_perm_extd_recursive only) * dmode (set_perm_extd_recursive only) * selabel * capabilities Unknown keys are logged as warnings, but are not fatal errors. Examples: * set_metadata("/system/bin/netcfg", "selabel", "u:object_r:system_file:s0"); This sets the SELinux label of /system/bin/netcfg to u:object_r:system_file:s0. No other changes occur. * set_metadata("/system/bin/netcfg", "uid", 0, "gid", 3003, "mode", 02750, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); This sets /system/bin/netcfg to uid=0, gid=3003, mode=02750, selinux label=u:object_r:system_file:s0, and clears the capabilities associated with the file. * set_metadata_recursive("/system", "uid", 0, "gid", 0, "fmode", 0644, "dmode", 0755, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); All files and directories under /system are set to uid=0, gid=0, and selinux label=u:object_r:system_file:s0. Directories are set to mode=0755. Files are set to mode=0644 and all capabilities are cleared. Bug: 10183961 Bug: 10186213 Bug: 8985290 Change-Id: Ifdcf186a7ed45265511dc493c4036e1ac5e3d0af
2013-09-09Revert "Update OTA installer to understand SELinux filesystem labels"Nick Kralevich1-24/+5
This reverts commit 627eb30f73c29257acaeb6568f3da38880784f7c. Bug: 10183961 Bug: 10186213
2013-07-19Update OTA installer to understand SELinux filesystem labelsNick Kralevich1-5/+24
Modify the OTA installer to understand SELinux filesystem labels. We do this by introducing new set_perm2 / set_perm2_recursive calls, which understand SELinux filesystem labels. These filesystem labels are applied at the same time that we apply the UID / GID / permission changes. For compatibility, we preserve the behavior of the existing set_perm / set_perm_recursive calls. If the destination kernel doesn't support security labels, don't fail. SELinux isn't enabled on all kernels. Bug: 8985290 Change-Id: I99800499f01784199e4918a82e3e2db1089cf25b
2013-07-09recovery: move log output to stdoutDoug Zongker2-48/+48
Recovery currently has a random mix of messages printed to stdout and messages printed to stderr, which can make logs hard to read. Move everything to stdout. Change-Id: Ie33bd4a9e1272e731302569cdec918e0534c48a6
2013-04-10verifier: update to support certificates using SHA-256Doug Zongker1-1/+1
Change-Id: Ifd5a29d459acf101311fa1c220f728c3d0ac2e4e
2013-04-10Add liblogYing Wang1-1/+1
Bug: 8580410 Change-Id: Ie60dade81c06589cb0daee431611ded34adef8e6
2012-10-16Remove HAVE_SELINUX guardsKenny Root4-16/+1
Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
2012-08-21add bonus data feature to imgdiff/imgpatch/applypatchDoug Zongker1-1/+1
The bonus data option lets you give an additional blob of uncompressed data to be used when constructing a patch for chunk #1 of an image. The same blob must be available at patch time, and can be passed to the command-line applypatch tool (this feature is not accessible from edify scripts). This will be used to reduce the size of recovery-from-boot patches by storing parts of the recovery ramdisk (the UI images) on the system partition. Change-Id: Iac1959cdf7f5e4582f8d434e83456e483b64c02c
2012-08-14Use the static version of libsparseJoe Onorato1-1/+1
Change-Id: I664f8dc7939f8f902e4775eaaf6476fcd4ab8ed2
2012-08-14Multiple modules with the same name are going away.Joe Onorato1-1/+4
Change-Id: I4154db066865d6031caa3c2c3b94064b2f28076e
2012-08-07fix the symlink() command to create directories if neededDoug Zongker1-3/+29
Full OTAs currently fail if the build contains a directory containing only symlinks, because nothing creates that directory. Change the symlink() command to create any ancestor directories that don't exist. They're created as owner root perms 0700 because we assume that in practice subsequent set_perm_recursive() calls will fix up their ownership and permissions. Change-Id: I4681cbc85863d9778e36b924f0532b2b3ef14310
2012-07-24Use the static version of libsparseJoe Onorato1-1/+1
Change-Id: I664f8dc7939f8f902e4775eaaf6476fcd4ab8ed2
2012-07-22Multiple modules with the same name are going away.Joe Onorato1-1/+4
Change-Id: I4154db066865d6031caa3c2c3b94064b2f28076e
2012-07-18Link against libsparseColin Cross1-1/+1
libext4_utils requires libsparse, link against it as well. Change-Id: I4d6aec0e5edcf1ed42118b7b77adcded2858d3dd
2012-06-11Use a dependency file to replace the list file.Ying Wang1-10/+14
instead of creating the list file whenever loading the Android.mk Change-Id: I78e4820754399dff3993a863eede8b75da9f6d29
2012-04-03Change the format command to always take the mount point as an argument.Stephen Smalley1-13/+4
Requires I5a63fd61a7e74d386d0803946d06bcf2fa8a857e Change-Id: Ica5fb73d6f2ffb981b74d1896538988dbc4d9b24
2012-03-30Extend recovery and updater to support setting file security contexts.Stephen Smalley4-8/+65
Extend minzip, recovery, and updater to set the security context on files based on the file_contexts configuration included in the package. Change-Id: Ied379f266a16c64f2b4dca15dc39b98fcce16f29
2012-03-22fail edify script if set_perm() or symlink() failsDoug Zongker1-0/+13
It's surprising if these fail, so abort the whole edify script to catch any problems early. Bug: 2284848 Change-Id: Ia2a0b60e7f086fc590b242616028905a229c9e05
2012-02-28remove retouching code from updaterDoug Zongker1-118/+0
Removes the retouch_binaries and undo_retouch_binaries from updater; newly generated OTA packages should not call them any more. Note that applypatch retains the ability to unretouch a file as it reads it. This will be needed as long as we want to support OTAs from devices that were installed with retouching. Change-Id: Ib3f6baeae90c84ba85983f626d821ab7e436ceb2
2012-01-24Add libselinux to LOCAL_STATIC_LIBRARIES wherever libext4_utils is used.Stephen Smalley1-0/+5
libext4_utils now calls libselinux in order to determine the file security context to set on files when creating ext4 images. Change-Id: I09fb9d563d22ee106bf100eacd4cd9c6300b1152
2011-10-31C++ class for device-specific codeDoug Zongker1-1/+2
Replace the device-specific functions with a class. Move some of the key handling (for log visibility toggling and rebooting) into the UI class. Fix up the key handling so there is less crosstalk between the immediate keys and the queued keys (an increasing annoyance on button-limited devices). Change-Id: I698f6fd21c67a1e55429312a0484b6c393cad46f
2011-10-31C++ class for device-specific codeDoug Zongker1-1/+2
Replace the device-specific functions with a class. Move some of the key handling (for log visibility toggling and rebooting) into the UI class. Fix up the key handling so there is less crosstalk between the immediate keys and the queued keys (an increasing annoyance on button-limited devices). Change-Id: I8bdea6505da7974631bf3d9ac3ee308f8c0f76e1
2011-10-19allow recovery packages to wipe cacheDoug Zongker1-0/+10
updater now has a function "wipe_cache();" which causes recovery to wipe the cache partition after the successful installation of the package. Move log copying around a bit so logs and the last_install flag file are copied to cache after it's wiped. Bug: 5314244 Change-Id: Id35a9eb6dcd626c8f3a3a0076074f462ed3d44bd
2011-07-15Support multiple recovery updater extensions.Michael Ward1-2/+2
Change-Id: I787c086223b674050c0a12fc575add9badb471af
2011-05-25Mute unharmful build warning at the top of the build log:Ying Wang1-1/+1
diff: out/target/product/generic/obj/PACKAGING/updater_extensions_intermediates/register.inc.list: No such file or directory Change-Id: I269b1703b6091b343db45b1c5cdd0962c738788b
2011-04-13make write_raw_image able to take a blobDoug Zongker1-27/+40
write_raw_image() can now take either a blob or a filename as the source. The blob format eliminates the need for a temp file. Change-Id: I0c6effec53d47862040efcec75e64b7c951cdcf7
2011-01-20Reserve the last 16 Kbytes of /data for the crypto footer.Ken Sumrall1-8/+11
When formatting /data, if it's an ext4 filesystem, reserve the last 16 Kbytes for the crypto footer. Change-Id: I7b401d851ee87732e5da5860df0287a1c331c5b7
2010-12-29Update arguments to make_ext4fsColin Cross1-1/+1
Change-Id: Id96e98da76b3091987b01651f980797b1d6b49d8
2010-09-16add missing sparseness parameterDoug Zongker1-1/+1
Change-Id: Ie6e309b127e80cd6475f1deaa5dbadf9f5cc2746
2010-09-16do not merge - update to match ext4utils apiBrian Swetland1-1/+1
Change-Id: I9d34e491022d7dfed653a861b0728a0a656f1fbe
2010-09-15support for ext4/EMMC filesystems in updater binaryDoug Zongker2-25/+64
Make the mount and format functions take extra parameters describing the filesystem type and add support for mounting and formatting ext4 filesystems on EMMC. Change recovery to consistently use stdout for status messages instead of mixing stdout and stderr.
2010-09-15close update package before installing; allow remountDoug Zongker1-1/+3
Close the update package before invoking the binary, to allow the installer to unmount /cache if it wants to. Add a function to allow remounting of a mount as read-only. Change-Id: Idfcc96c3da66083295177f729263560be58034e4
2010-08-14Changes to work with updated make_ext4fs tool that supports creating sparse images.Ken Sumrall1-1/+1
An extra parameter was added to the make_ext4fs() function, we these tools need to be updated to match. Change-Id: Id640a7f2b03153eb333b00337f0f991ff5332349
2010-08-02Working ASLR implementationHristo Bojinov2-2/+123
Separate files for retouch functionality are in minelf/* ASLR for shared libraries is controlled by "-a" in ota_from_target_files. Binary files are self-contained. Retouch logic can recover from crashes. Signed-off-by: Hristo Bojinov <hristo@google.com> Change-Id: I76c596abf4febd68c14f9d807ac62e8751e0b1bd
2010-07-21Mute unwanted error messageYing Wang1-1/+1
This CL removes the following line from the top of build logs: "diff: out/target/product/*/obj/PACKAGING/updater_extensions_intermediates/register.inc.list: No such file or directory" Change-Id: I79c15a69a0b1b0da0e45620b45a7a0fea5625250
2010-07-02support for ext4/EMMC filesystems in updater binaryDoug Zongker2-25/+64
Make the mount and format functions take extra parameters describing the filesystem type and add support for mounting and formatting ext4 filesystems on EMMC. Change recovery to consistently use stdout for status messages instead of mixing stdout and stderr.
2010-02-23refactor applypatch and friendsDoug Zongker1-65/+107
Change the applypatch function to take meaningful arguments instead of argc and argv. Move all the parsing of arguments into main.c (for the standalone binary) and into install.c (for the updater function). applypatch() takes patches as Value objects, so we can pass in blobs extracted from the package without ever writing them to temp files. The patching code is changed to read the patch from memory instead of a file. A bunch of compiler warnings (mostly about signed vs unsigned types) are fixed. Support for the IMGDIFF1 format is dropped. (We've been generating IMGDIFF2 packages for some time now.) Change-Id: I217563c500012750f27110db821928a06211323f
2010-02-18relocate applypatch; add type system and new functions to edifyDoug Zongker2-52/+190
- Move applypatch to this package (from build). - Add a rudimentary type system to edify: instead of just returning a char*, functions now return a Value*, which is a struct that can carry different types of value (currently just STRING and BLOB). Convert all functions to this new scheme. - Change the one-argument form of package_extract_file to return a Value of the new BLOB type. - Add read_file() to load a local file and return a blob, and sha1_check() to test a blob (or string) against a set of possible sha1s. read_file() uses the file-loading code from applypatch so it can read MTD partitions as well. This is the start of better integration between applypatch and the rest of edify. b/2361316 - VZW Issue PP628: Continuous reset to Droid logo: framework-res.apk update failed (CR LIBtt59130) Change-Id: Ibd038074749a4d515de1f115c498c6c589ee91e5
2010-02-03bump updater API version to 3; deprecate firmware update commandDoug Zongker3-42/+7
Remove support for the HTC-specific "firmware" update command and the corresponding edify function write_firmware_update(). This functionality is now done by an edify extension library that lives in vendor/htc. Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
2010-02-01add a one-argument version of package_extract_fileDoug Zongker1-24/+69
Add a version of package_extract_file that returns the file data as its return value (to be consumed by some other edify function that expects to receive a bunch of binary data as an argument). Lets us avoid having two copies of a big file in memory (extracting it into /tmp, which is a ramdisk, and then having something load it into memory) when doing things like radio updates. Change-Id: Ie26ece5fbae457eb0ddcd8a13d74d78a769fbc70
2009-11-13eclair snapshotJean-Baptiste Queru3-4/+113
2009-09-19delete files before symlinking; log error messagesDoug Zongker1-3/+21
The symlink() function should remove existing files before creating symlinks, so scripts are idempotent. Log messages when various system calls fail (but don't make the whole script fail).
2009-09-10add a run_program() function to edifyDoug Zongker1-0/+49
Handy for producing debugging OTA packages (eg, running sqlite3 or whatever in recovery).
2009-06-26remove updater from the user system imageDoug Zongker1-1/+6
updater (which is only needed in OTA packages) is getting included in /system/bin, where it just takes up (quite a bit of) space. Use the hack of including it only in eng builds so it's not there for user builds.
2009-06-25fix off-by-one error in set_perm()Doug Zongker1-1/+1
We were inadvertently skipping over the first filename in the list of arguments.
2009-06-24improve updater progress barDoug Zongker1-3/+21
Let recovery accept set_progress commands to control progress over the 'current segment' of the bar. Add a set_progress() builtin to the updater binary.
2009-06-22add device extension mechanism to updaterDoug Zongker2-1/+43
Allow devices (in BoardConfig.mk) to define additional static libraries to be linked in to updater, to make device-specific functions available in edify scripts. Modify the updater makefile to arrange for device libraries to register their edify functions.
2009-06-18add file_getprop() to updaterDoug Zongker1-11/+100
Add a function to read a property from a ".prop"-formatted file (key=value pairs, one per line, ignore # comment lines and blank lines). Move ErrorAbort to the core of edify; it's not specific to updater now that errors aren't stored in the app cookie.
2009-06-18let the "firmware" command take the file straight from the packageDoug Zongker1-3/+4
To do a firmware-install-on-reboot, the update binary tells recovery what file to install before rebooting. Let this file be specified as "PACKAGE:<foo>" to indicate taking the file out of the OTA package, avoiding an extra copy to /tmp. Bump the API version number to reflect this change.
2009-06-12fixes to edify and updater scriptDoug Zongker2-67/+124
A few more changes to edify: - fix write_raw_image(); my last change neglected to close the write context, so the written image was corrupt. - each expression tracks the span of the source code from which it was compiled, so that assert()'s error message can include the source of the expression that failed. - the 'cookie' argument to each Function is replaced with a State object, which contains the cookie, the source script (for use with the above spans), and the current error message (replacing the global variables that were used for this purpose). - in the recovery image, a new command "ui_print" can be sent back through the command pipe to cause text to appear on the screen. Add a new ui_print() function to print things from scripts. Rename existing "print" function to "stdout".
2009-06-12edify extensions for OTA package installation, part 2Doug Zongker3-7/+278
Adds more edify functions for OTAs: is_mounted getprop apply_patch apply_patch_check apply_patch_space write_raw_image write_firmware_image package_extract_file This allows us to install radios, hboots, boot images, and install incremental OTA packages. Fixes a couple of dumb bugs in edify itself: - we were doubling the size of the function table each time it was *not* full, rather than each time it was full - "no such function" errors weren't visible to the parser, so they didn't prevent execution of the script.
2009-06-12edify extensions for OTA package installation, part 1Doug Zongker5-0/+555
Adds the following edify functions: mount unmount format show_progress delete delete_recursive package_extract symlink set_perm set_perm_recursive This set is enough to extract and install the system part of a (full) OTA package. Adds the updater binary that extracts an edify script from the OTA package and then executes it. Minor changes to the edify core (adds a sleep() builtin for debugging, adds "." to the set of characters that can appear in an unquoted string).