summaryrefslogtreecommitdiffstats
path: root/updater (follow)
Commit message (Collapse)AuthorAgeFilesLines
* applypatch: Consolidate CacheSizeCheck() and MakeFreeSpaceOnCache().Tao Bao2018-07-132-4/+4
| | | | | | | | | | | | | | | | | | They are doing exactly the same thing, except for the slightly different error return value (1 vs -1). int CacheSizeCheck(size_t bytes); int MakeFreeSpaceOnCache(size_t bytes_needed); This CL consolidates the two functions and uses bool as its return type. // Checks whether /cache partition has at least 'bytes'-byte free space. Returns true immediately // if so. Otherwise, it will try to free some space by removing older logs, checks again and // returns the checking result. bool CheckAndFreeSpaceOnCache(size_t bytes); Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I94a96934d2b18713f8f39ad5aa96a02c98d87963
* updater: Let read_file() return Value::Type::STRING.Tao Bao2018-07-101-5/+5
| | | | | | | | | | It used to return a Value blob to be consumed by sha1_check() (which has been deprecated). Currently there's no other generic updater function that works with BLOB Values. This CL changes read_file() to return a string Value to make it more useful (e.g. allowing equality check). Test: Run recovery_component_test and recovery_unit_test on marlin. Change-Id: Iba986ba649030112babefe898f26aa9ffe69eeb7
* Merge "edify: Rename parse_string to ParseString and let it take std::string."Tao Bao2018-07-101-1/+1
|\
| * edify: Rename parse_string to ParseString and let it take std::string.Tao Bao2018-07-101-1/+1
| | | | | | | | | | | | | | Also simplify the helper function expect() in {edify,updater}_test.cpp. Test: Run recovery_component_test on marlin. Change-Id: If54febba4b5013f6d71546318a1ca6b635204ac8
* | edify: Remove VAL_INVALID and move ValueType into Value class.Tao Bao2018-07-102-21/+22
|/ | | | | | Test: mmma -j bootable/recovery Test: Run recovery_component_test and recovery_unit_test on marlin. Change-Id: I4b240e3e771c387b9694be9c0f2f74e0265ab4cb
* updater: Remove the support for sha1_check().Tao Bao2018-07-091-49/+1
| | | | | | | | | | | | | | The matching edify function has been removed from EdifyGenerator [1]. In theory device-specific releasetools script may still use this function, but it no longer looks useful. Because a) we should use range_sha1() when asserting the SHA-1 hash of a block device; b) we should look into the contents when asserting a text file. [1] https://android-review.googlesource.com/c/platform/build/+/714104 Test: Run recovery_component_test on marlin. Test: Code search shows no active user. Change-Id: Id39439101534fb89cf8c5cea80a4b758c8a1a60d
* updater: Add ABORT command.Tao Bao2018-07-073-1/+35
| | | | | | | | | | | This will be used for testing purpose only, replacing the previously used "fail", to intentionally abort an update. As we're separating the logic between commands parsing and execution, "abort" needs to be considered as a valid command during the parsing. Test: recovery_unit_test and recovery_component_test on marlin. Change-Id: I47c41c423e62c41cc8515fd92f3c5959be08da02
* No longer print hash for stashed blocks during verification of retryTianjie Xu2018-07-031-1/+3
| | | | | | | | | | | | | | During block verification, load stash reads from the source blocks on the device instead of the stashed files. And for interrupted update, it's pretty common that the source blocks has already been overwritten by subsequent commands. In that case the hash printing is mostly useless. Moreover we should have already printed the hash when the first update failed. Bug: 80241799 Test: Unit tests pass. No longer prints mismatching stashed source blocks on retry. Change-Id: I4effe684280b0325199f6cc4b2cc26e91295c2d7
* updater: Check the number of args in Command::Parse.Tao Bao2018-06-251-9/+16
| | | | | | | | | Additionally checks for excess args when parsing ERASE, FREE, NEW, STASH and ZERO. Note that the check for MOVE, BSDIFF, IMGDIFF has been covered in Command::ParseTargetInfoAndSourceInfo. Test: Run recovery_unit_test on marlin. Change-Id: Ic8bc9b7a8dcf98f1f8db2e259607564508726857
* updater: Add Command parsing codes.Tao Bao2018-06-253-17/+521
| | | | | | | | The added codes are not used in the updater yet. The switch will happen in subsequent CLs. Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I1ae8a233280f02c2171b43ef028bdccdacb39c59
* Merge "applypatch: {Load,Save}FileContents and ParseSha1 take std::string."Tao Bao2018-06-251-1/+1
|\
| * applypatch: {Load,Save}FileContents and ParseSha1 take std::string.Tao Bao2018-06-201-1/+1
| | | | | | | | | | | | Test: mmma -j bootable/recovery Test: Run recovery_component_test on marlin. Change-Id: Ifcf244346a88dac833d91b169a4c2aee1fe677f1
* | Merge "e2fsdroid and mke2fs are dynamic executable in recovery partition"Treehugger Robot2018-06-211-4/+4
|\ \ | |/ |/|
| * e2fsdroid and mke2fs are dynamic executable in recovery partitionJiyong Park2018-06-201-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The two utilities are now converted to dynamic executables as shared libraries are supported in recovery mode. As part of the conversion, their location has moved from /sbin to /system/bin. Reflect the change in the program 'recovery' Bug: 79146551 Test: adb reboot recovery, and select 'Wipe data/factory reset'. The data partition is formatted and there is no selinux denial. Change-Id: Ie7cfc4c50ab1e6767e4a5170533ccf826ec7d7f3
* | updater: Defer the creation of the new data writer.Tao Bao2018-06-181-24/+24
|/ | | | | | | | | | | | This avoids leaving the created new data writer thread unjoined, in the presence of transfer list parsing errors, or the early exit case on `total_blocks == 0`. Also fix a minor issue when dumping the errno on pthread_create error (pthread_create returns the error number, as opposed to setting errno). Test: Run recovery_component_test on marlin. Change-Id: Icfac27fef0c64736eb8c76264da73c223b4960cb
* updater: Drop the 'overlap' parameter in LoadSrcTgtVersion3().Tao Bao2018-06-081-12/+10
| | | | | Test: Run recovery_component_test on marlin. Change-Id: I93afca891c5c9c1a351c907b023cd20c4704a66a
* updater: Remove the redundant check on line count.Tao Bao2018-06-071-9/+3
| | | | | Test: recovery_component_test on marlin. Change-Id: I2ac2bd47469d1aec8a97a8c4ed0fe80ffd65c95b
* updater: Replace the reference arguments with pointers.Tao Bao2018-06-051-102/+101
| | | | | | | | | | | | | As suggested by the style guide (https://google.github.io/styleguide/cppguide.html#Reference_Arguments), all parameters passed by reference must be labeled const. This CL moves most of the non-const references in blockimg.cpp to pointers, except for the CommandParameters& parameter in PerformCommand* functions, which will be handled in separate CLs. Test: mmma -j bootable/recovery Test: Run recovery_component_test on marlin. Change-Id: I84299208e9a1699f5381fb2228d4120f0c8dacb3
* tests: Add ResumableUpdaterTest.Tao Bao2018-06-041-0/+1
| | | | | | | | | | | | | | | | | | | | | This is a stress test that instantiates multiple testcases that interrupt a BBOTA update at every transfer command. Each testcase asserts the last_command_file after the interruption, verifies the update resumability, then resumes the update and asserts the updated image. The transfer list in the testcase covers most of the transfer commands (stash/free/move/bsdiff/zero/new), as well as some special pattern like having duplicate stash ids. This CL also addresses one issue in the updater code, by resetting the stash_map before each run. The stash map should be valid only per block_image_verify/block_image_update run. Having leftover may cause issue in subsequent runs, in particular when calling block_image_verify after a previous run of block_image_{update,verify}. Test: Run recovery_component_test on marlin. Change-Id: I6f9a0368d194a754ce41a9c9819c6d5be2657248
* updater: Drop the 'blocks' parameter in LoadStash().Tao Bao2018-05-311-15/+8
| | | | | | | | | | None of the callers actually uses the value. (Even in the earlier versions, e.g. the one in M, the value wasn't used either.) Test: Run recovery_component_test on marlin. Change-Id: I53e61a1afa211f71a200889ed3aa4046763b46ea
* updater: Add Commmand class to manage BBOTA commands.Tao Bao2018-05-264-63/+133
| | | | | | | | | | | | Move the commands map parsing out of PerformBlockImageUpdate(), as this can be done more easily by the caller. The goal (not done in this CL) is to decouple command parsing logic from the performers. This allows (a) focusing on the command logic in the performer; and (b) extending BBOTA commands syntax separately. Test: Run recovery_unit_test and recovery_component_test. Change-Id: Ife202398a7660b152d84a3ba17b90f93d19c55f2
* updater: Use a bool to indicate if allowed to skip a command.Tao Bao2018-05-221-22/+17
| | | | | | | | This avoids the signedness issue, and makes the code more readable. Test: mmma bootable/recovery Test: Run recovery_component_test. Change-Id: I01c3a0357887cfd7c9d4aba4239ef650cfa18388
* updater: Clean up the header lines computation.Tao Bao2018-05-211-6/+4
| | | | | | | | It no longer needs to be conditional, as we've removed the support for BBOTA v1/v2. Test: mmma bootable/recovery Change-Id: I881de8afa38cc5b41b48e6d48d85170699ea5eb4
* Last command file should be updated after a command finishesTianjie Xu2018-05-161-11/+7
| | | | | | | | | | The last command file has the last executed stash command by convention. So we should update the file after we actually finishes executing the command; instead of after loading src/tgt. Bug: 79756267 Test: unit tests pass Change-Id: I4535b5836e7eb13b3abe3d02f9f362ec5e9ec969
* Merge "updater: Skip an updated partition on retry."Tao Bao2018-05-081-39/+77
|\
| * updater: Skip an updated partition on retry.Tao Bao2018-05-081-39/+77
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to the change, the BBOTA updater would try to re-run all the commands for a given partition on retry, including creating stashes according to the list of commands. This could fail a retry when the previous update had moved on to next stage, with leftovers in /cache. This CL creates a marker on /cache upon successfully updating a partition. The update commands will be skipped when trying to apply updates on an updated partition. Note that the marker is expected to be removed while doing a normal boot (in particular, handled by RecoverySystem#handleAftermath). If that didn't happen, the updater would also remove the marker before starting next fresh update. Alternatively, we can achieve the same goal by changing the OTA script, which needs to additionally compare the checksum against the target build. For example, range_sha1("/system", "ranges") == SHA1_of_updated_system || block_image_update("/system"); The downside is that we need to pay that cost on each install, as the edify script doesn't support caching the result in a variable. Bug: 79165963 Test: Simulate the process on device (by triggering a reboot while updating /vendor). Check the update log and result. Change-Id: I731031fa336133e1221b33edfc469969706e8091
* | updater: Fix an issue when resuming an update.Tao Bao2018-05-081-3/+6
|/ | | | | | | | | | We cannot skip "new" commands while resuming an update with last_command_file, because they read in the data sequentially from the package. Bug: 69858743 Test: Interrupt an update that has new commands. Check the update log. Change-Id: I05fb67246f5ea3ba2a0f78f10255c0d9b0bc2f5a
* Move reboot() from common.h into otautil/sysutil.h.Tao Bao2018-05-041-6/+2
| | | | | | | | | | | | This breaks the dependency on common.h (which belongs to recovery/librecovery) from librecovery_ui. reboot() is now owned by libotautil, which is expected to be a leaf node to be depended on. With the change, recovery and updater also share the same reboot() code now. Test: mmma -j bootable/recovery Change-Id: I1cc5d702cfe49302048db33d31c9c87ddc97ac71
* otautil: Rename dir/sys/thermal utils.Tao Bao2018-05-042-3/+3
| | | | | Test: mmma -j bootable/recovery Change-Id: I32ab98549e91f993364306e4a88dc654221b3869
* Merge libmounts into libotautil.Tao Bao2018-04-282-8/+5
| | | | | | | | | Export its header (mounts.h) from there, and drop the dot dot dependency from libupdater / updater. Test: mmma bootable/recovery Test: recovery_component_test Change-Id: Ic26a6b9b78a34dbe1f178b138f3abaafffbec44c
* Rename CacheLocation to Paths.Tao Bao2018-04-262-18/+13
| | | | | | | | | | We have a general need for overriding more paths (e.g. "/tmp"), mostly for testing purpose. Rename CacheLocation to Paths, and use that to manage TEMPORARY_{INSTALL,LOG}_FILE. Test: mmma -j bootable/recovery Test: recovery_component_test Change-Id: Ia8ce8e5695df37ca434f13ac4d3206de1e8e9396
* updater: Remove an unneeded strdup().Tao Bao2018-04-251-1/+1
| | | | | | | StringValue() makes a copy of the arg. Test: mmma bootable/recovery Change-Id: I1002994e7496c840aa05c785019bdeca281f467e
* applypatch: Drop the SHA_CTX parameter in Apply{BSDiff,Image}Patch.Tao Bao2018-04-201-3/+2
| | | | | | | | | | As they're accepting the SinkFn callback, it makes more sense to leave the work to their callers. Test: mmma -j bootable/recovery Test: Run recovery_component_test on marlin. Test: No other active user of the two functions. Change-Id: I8d67b38ce037925442296f136b483e0c71983777
* install: mkfs.f2fs: specify sector size for target image sizeJaegeuk Kim2018-04-051-0/+2
| | | | | | | | | The total sectors that we want to format is used in different meanings from various users. This notifies its size based on 512 bytes explicitly. Bug: 76407663 Change-Id: I20687b40a1733d3b459a45f8b64a338c37a7bc95 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
* Set the update locations to default in CacheLocation's constructorTianjie Xu2018-03-081-4/+0
| | | | | | | | | Otherwise the applypatch executable will fail to back up the source file to /cache when patching the recovery image. Bug: 74198354 Test: run applypatch from boot to recovery Change-Id: I6e5b9cd06d6ed0b26066b779a348437ecf984b92
* Add a singleton CacheLocation to replace the hard coded locationsTianjie Xu2018-02-283-5/+10
| | | | | | | | | | | | This class allows us to set the following locations dynamically: cache_temp_source, last_command_file, stash_directory_base. In the updater's main function, we reset the values of these variables to their default locations in /cache; while we can set them to temp files in unit tests or host simulation. Test: unit tests pass Change-Id: I528652650caa41373617ab055d41b1f1a4ec0f87
* Fix the behavior of undefined commands in BlockImageVerifyTianjie Xu2018-02-281-2/+4
| | | | | | | | | | | | | | | | | | | | | In BlockImageVerify some commands are undefined, e.g. "erase", "new", "zero". And we should not error out if the corresponding function pointer of these commands is null; otherwise we will fail the verification. The old code is: if (cmd->f != nullptr && cmd->f(params) == -1) return false; In the last_command_file change the logic was wrongly modified to if (cmd->f == nullptr) return false; ... if (cmd->f(params) == -1) return false; Test: sideload an incremental OTA twice on bullhead Change-Id: I2561c365badb850da0e416629ccd61f0df7da5d7
* Reorder the functions in updater/install.cppTianjie Xu2018-02-121-239/+244
| | | | | | | | There is no logical change to the file; merely the function definition reorder and some comestic change to make the future review easier. Test: mma Change-Id: I7ffe952f8c78e840f10aa6bfad0c4b5a58e29896
* Log the last command to cacheTianjie Xu2018-02-072-9/+175
| | | | | | | | | | | | | | | | | | | | | | | | When performing an update, save the index and cmdline of the current command into the last command file if this command writes to the stash either explicitly of implicitly. This mitigates the overhead to update the last command file for every command. I ran a simple test on angler and the time to update 1000 times is ~2.3 seconds. Upon resuming an update, read the saved index first; then 1. In verification mode, check if all commands before the saved index have already produced the expected target blocks. If not, delete the last command file so that we will later resume the update from the start of the transfer list. 2. In update mode, skip all commands before the saved index. Therefore, we can avoid deleting stashes with duplicate id unintentionally; and also speed up the update. If an update succeeds or is unresumable, delete the last command file. Bug: 69858743 Test: Unittest passed, apply a failed update with invalid cmd on angler and check the last_command content, apply a failed update with invalid source hash and last_command is deleted. Change-Id: Ib60ba1e3c6d111d9f33097759b17dbcef97a37bf
* Avoid overwrite of the error message in AbortFnTianjie Xu2018-01-292-15/+15
| | | | | | | | | | | | | The AbortFn() used to overwrite the error message, hiding the real failure reported in ErrorAbort(). And we will miss the failure in the script patterns like 'blockimageupdate() || abort()' We will ensure there's one line break at the end of ErrorAbort's error message; and append to the existing error message when calling abort(). Test: Message from ErrorAbort shows up in the log Change-Id: I3aebd06629c5129330250c7fe5e8cdead2ae85bc
* add sload.f2fs for recovery formatJaegeuk Kim2017-12-051-0/+9
| | | | | Change-Id: Iddfe54b2b36f2d531925cbe61c98dbfb4903c0d1 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
* Detect interrupted update due to power offTianjie Xu2017-12-011-1/+5
| | | | | | | | | | | An interrupted update may stash extra blocks in /cache, leading to a failure when checking the cache size. We can save the incremented retry_count in the BCB before installing the update; and distinguish a fresh update from an interrupted one this way. Bug: 68679601 Test: An interrupted update reapplies successfully. Change-Id: Ic1403e1fd25a937c91ef34c14b92a0f6c8f1c0f4
* recovery: format f2fs with encrypt/quotaJaegeuk Kim2017-11-131-4/+10
| | | | | Change-Id: Ia393b7b78b45f09964449ec0e255aa26bb3b8ddf Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
* applypatch: Change the patch parameter to const Value& in Apply{BSDiff,Image}Patch.Tao Bao2017-11-101-2/+2
| | | | | | | It used to be "const Value*", but nullptr won't be a valid input. Test: recovery_host_test; recovery_component_test Change-Id: I904b5689ac3e64504088bf0544c9fb5d45a52243
* otautil: Remove the aborts in RangeSet::Parse().Tao Bao2017-11-071-1/+19
| | | | | | | | | | | | | | | | | | | We used to CHECK and abort on parsing errors. While it works fine for the updater use case (because recovery starts updater in a forked process and collects the process exit code), it's difficult for other clients to use RangeSet as a library (e.g. update_verifier). This CL switches the aborts to returning empty RangeSet instead. Callers need to check the parsing results explicitly. The CL also separates RangeSet::PushBack() into a function, and moves SortedRangeSet::Clear() into RangeSet. Test: recovery_unit_test Test: Sideload an OTA package with the new updater on angler. Test: Sideload an OTA package with injected range string errors. The updater aborts from the explicit checks. Change-Id: If2b7f6f41dc93af917a21c7877a83e98dc3fd016
* recovery: remove make_ext4fs from updaterJin Qian2017-11-031-9/+2
| | | | | Bug: 64395169 Change-Id: I6f6a4f82b225435c6ad5c828e110fa135e6f7579
* Finish the new data receiver when update failsTianjie Xu2017-10-201-16/+41
| | | | | | | | | | | The thread to receive new data may still be alive after we exit PerformBlockImageUpdate() upon failures. This caused memory corruption when we run the unittest repeatedly. Set the receiver_available flag to false and make sure the receiver exits when the update fails. Bug: 65430057 Test: unittests passed with tsan Change-Id: Icb232d13fb96c78262249ffbd29cdbe5b77f1fce
* Drop -Wno-unused-parameter.Tao Bao2017-10-121-2/+0
| | | | | | | The only one left is libedify. Will handle that in a separate CL. Test: mmma bootable/recovery Change-Id: I732a5f85229da90fd767bee2e46c5c95f529c396
* Move rangeset.h and print_sha1.h into otautil.Tao Bao2017-10-112-4/+4
| | | | | | | | | Also drop the "bootable/recovery" path in LOCAL_C_INCLUDES from applypatch modules. Test: lunch aosp_{angler,bullhead,fugu,dragon,sailfish}-userdebug; mmma bootable/recovery Change-Id: Idd602a796894f971ee4f8fa3eafe36c42d9de986
* Revert "Revert "Move error_code.h into otautil.""Tao Bao2017-10-093-3/+3
| | | | | | | | | | | | | | | | This reverts commit 26436d6d6010d5323349af7e119ff8f34f85c40c to re-land "Move error_code.h into otautil.". This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". This CL needs to land with device-specific module changes (e.g. adding the dependency on libotautil). Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug; mmma bootable/recovery Change-Id: If193241801af2dae73eccd31ce57cd2b81c9fd96
* Don't include "error_code.h" in edify/expr.h.Tao Bao2017-10-051-0/+1
| | | | | | | | | | | | | Use forward declartion to avoid pull in the module that contains error_code.h (trying to move it into libotautil). Otherwise all the modules that include "edify/expr.h" need to depend on the module that exports error_code.h. .cpp sources should include "error_code.h" explicitly to use the enums. Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug; mmma bootable/recovery Change-Id: Ic82db2746c7deb866e8cdfb3c57e0b1ecc71c4dc
* Revert "Move error_code.h into otautil."Tao Bao2017-10-052-2/+2
| | | | | | | | This reverts commit 623fe7e701d5d0fb17082d1ced14498af1b44e5b. Reason for revert: Need to address device-specific modules. Change-Id: Ib7a4191e7f193dfff49b02d3de76dda856800251
* Move error_code.h into otautil.Tao Bao2017-10-042-2/+2
| | | | | | | | | This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". Test: mmma bootable/recovery Change-Id: Ia4649789cef2aaeb2785483660e9ea5a8b389c62
* otafault: Move headers under otafault/.Tao Bao2017-09-293-3/+3
| | | | | Test: mmma bootable/recovery Change-Id: I3ceb72f703c7c2857d656c137d71baa1fccd8238
* Turn on -Wall for recovery modulesTianjie Xu2017-08-291-0/+2
| | | | | | | | | | | | | Turn on -Wall for all modules. Also remove the obsolete file_cmp() in apply_patch test and now() in wear_ui. The only exception is lib_edify due to the unused functions in the intermediate cpp files generated from the lex files. It will be handled in a seperate CL. Bug: 64939312 Test: mma, unit tests pass Change-Id: Ic53f76b60b6401ab20db3d98130d674c08e3702f
* Merge "Move Image/ImageChunk/PatchChunk declaration into header files"Tianjie Xu2017-08-192-279/+1
|\ | | | | | | | | | | am: b4bc57ed39 Change-Id: If254ed9e24bc0cafa19db9766ed36643ca0fed49
| * Move Image/ImageChunk/PatchChunk declaration into header filesTianjie Xu2017-08-192-279/+1
| | | | | | | | | | | | | | | | | | 1. Move the declaration of the Image classes to the header file to make testing easier. 2. Also move rangeset.h to bootable/recovery to allow access in imgdiff. Test: recovery component test Change-Id: I68a863e60a3f2e7ae46ee48f48eb15391f5f4330
* | Merge "Add implemention of SortedRangeSet"Tianjie Xu2017-08-011-1/+115
|\| | | | | | | | | | | am: 64cba55fbc Change-Id: I2174e4f55c85fe57014b31625dbc2d06e41350be
| * Add implemention of SortedRangeSetTianjie Xu2017-08-011-1/+115
| | | | | | | | | | | | | | | | | | This is useful in imgdiff to maintain the block ranges of splitted source image. Bug: 34220646 Test: mma && unit tests pass Change-Id: I6427f2ea50f0e3b0aa3dd01880ec0206679b7429
* | Merge "updater: Remove dead make_parents()."Tao Bao2017-07-251-28/+0
|\| | | | | | | | | | | am: f5396eb8b2 Change-Id: Ief0557813324d49c5da64265dc49ab757ed3ae3f
| * updater: Remove dead make_parents().Tao Bao2017-07-251-28/+0
| | | | | | | | | | | | | | | | Its former callers in RenameFn() and SymlinkFn() have been removed in commit 63d786cf22cb44fe32e8b9c1f18b32da3c9d2e1b. Test: mmma -j bootable/recovery Change-Id: I26ed126202554fc5840811ec7ae162da70593213
* | Merge "Remove the obsolete reference to /file_contexts."Tao Bao2017-07-231-2/+1
|\| | | | | | | | | | | am: 6b09b895be Change-Id: I2b26ced9ffeb278ce01ff2ca7be4057b0ab6c61c
| * Remove the obsolete reference to /file_contexts.Tao Bao2017-07-231-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This file no longer exists: - /file_contexts has been split into plat_file_contexts and nonplat_file_contexts since commit b236eb6ca204cefcb926e19bd5682f9dcad4021d (system/sepolicy). - It was named /file_contexts.bin prior to the split. '-S file_contexts' is also no longer required by e2fsdroid, since commit 2fff6fb036cbbb6dedd7da3d208b312a9038a5ce (external/e2fsprogs). It will load the file contexts via libselinux. Test: Trigger the path by performing a data wipe for converting to FBE. Change-Id: I179939da409e5c0415ae0ea0bf5ddb23f9e6331e (cherry picked from commit 7af933b6a6fd687bd17710ef6fda0ad5483e4d6d)
* | Merge "Fix a case when brotli writer fails to write last few blocks of data"Tianjie Xu2017-07-211-94/+81
|\| | | | | | | | | | | am: e45c8f0057 Change-Id: I337e8ec26f59a5245ab299080d7251331823e2da
| * Merge "Fix a case when brotli writer fails to write last few blocks of data"Tianjie Xu2017-07-211-94/+81
| |\
| | * Fix a case when brotli writer fails to write last few blocks of dataTianjie Xu2017-07-211-94/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | receive_new_data may exit too early if the zip processor has sent all the raw data. As a result, the last few 'new' commands will fail even though the brotli decoder has more output in its buffer. Restruct the code so that 'NewThreadInfo' owns the decoder state solely; and receive_brotli_new_data is responsible for the decompression. Also reduce the test data size to 100 blocks to avoid the test timeout. Bug: 63802629 Test: recovery_component_test. on bullhead, apply full updates with and w/o brotli compressed entries, apply an incremental update. Change-Id: I9442f2536b74e48dbf7eeb062a8539c82c6dab47
* | | Merge "recovery: replace make_ext4 with e2fsprogs"Jin Qian2017-07-211-2/+25
|\| | | | | | | | | | | | | | | | | am: f7c00ddaf6 Change-Id: I17167b59242c709b18d09fccb52058b0bc25bf09
| * | recovery: replace make_ext4 with e2fsprogsJin Qian2017-07-201-2/+25
| |/ | | | | | | | | | | | | | | | | | | Execute mke2fs to create empty ext4 filesystem. Execute e2fsdroid to add files to filesystem. Test: enter recovery mode and wipe data Bug: 35219933 Change-Id: I10a9f4c1f4754ad864b2df45b1f879180ab33876 (cherry picked from commit ac31808cd37cfb98755e5821dbb2efb5fe5cb12a)
* | Merge "Add support to decompress brotli compressed new data"Tianjie Xu2017-07-112-32/+144
|\| | | | | | | | | | | am: 918e6ea1b2 Change-Id: I4fd9cea71716ad1574ecb4bb7f612bc8734711c5
| * Add support to decompress brotli compressed new dataTianjie Xu2017-07-082-32/+144
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new writer that can decode the brotli-compressed system/vendor new data stored in the OTA zip. Brotli generally gives better compression rate at the cost of slightly increased time consumption. The patch.dat is already compressed by BZ; so there's no point to further compress it. For the given 1.9G bullhead system image: Size: 875M -> 787M; ~10% reduction of package size. Time: 147s -> 153s; ~4% increase of the block_image_update execution time. (I guess I/O takes much longer time than decompression.) Also it takes 4 minutes to compress the system image on my local machine, 3 more minutes than zip. Test: recovery tests pass && apply a full OTA with brotli compressed system/vendor.new.dat on bullhead Change-Id: I232335ebf662a9c55579ca073ad45265700a621e
* | Fix "No file_contexts" warningJeff Vander Stoep2017-06-161-3/+3
|\ \ | |/ |/| | | | | | | am: e35926e1af Change-Id: Ia050561286c30d8198f3185da9e3cd31372b1d79
| * Fix "No file_contexts" warningJeff Vander Stoep2017-06-151-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Fixed by Loading the file_contexts specified in libselinux, whereas previously recovery loaded /file_contexts which no longer exists. Bug: 62587423 Test: build and flash recovery on Angler. Warning is gone. Test: Wipe data and cache. Test: sideload OTA Change-Id: I11581c878b860ac5f412e6e8e7acde811f37870f (cherry picked from commit 2330dd8733ce0b207058e3003a3b1efebc022394)
| * Adding support for quiescent reboot to recoveryDmitri Plotnikov2017-04-281-1/+4
| | | | | | | | | | | | | | | | | | Bug: 37401320 Test: build and push OTA and hit adb reboot recovery,quiescent. The screen should remain off throughout the upgrade process. (cherry picked from commit 8706a98aa635236a95795f0a0c122bb3e591a50d) Change-Id: I79789a151f6faafda8ecc6198c2182cc2a91da70
* | Merge "kill package_extract_dir"Tianjie Xu2017-05-311-32/+0
|\ \
| * | kill package_extract_dirTianjie Xu2017-05-241-32/+0
| | | | | | | | | | | | | | | | | | | | | It's only used by file-based OTA which has been deprecated for O. Test: mma Change-Id: I439c93155ca94554d827142c99aa6c0845cc7561
* | | Retry the update if ApplyBSDiffPatch | ApplyImagePatch failsTianjie Xu2017-05-242-0/+6
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have seen one case when bspatch failed likely due to patch corruption. Since the package has passed verification before, we want to reboot and retry the patch command again since there's no alternative for users. We won't delete the stash before reboot, and the src has passed SHA1 check. If there's an error on the patch, it will fail the package verification during retry. Bug: 37855643 Test: angler reboots and retries the update when bspatch fails. Change-Id: I2ebac9621bd1f0649bb301b9a28a0dd079ed4e1d
* | updater: Update the mkfs.f2fs argument to match f2fs-tools 1.8.0.Tao Bao2017-05-121-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit adeb41a8c0da3122a2907acb4aafd7ff9bce26af has switched the argument for recovery. This CL handles the case for updater. Note that there's a chance the updater may run against the old recovery (and f2fs 1.4.1 binary). Not sending a 0-sector argument to f2fs 1.4.1 also works. Bug: 37758867 Test: Make an OTA package that calls format f2fs, with mkfs.f2fs 1.8.0 and 1.4.1 binaries respectively. Change-Id: I4d4bbe8c57544d1c514b7aa37fbf22a0aab14e2c
* | Merge "Add a default error code when updater script aborts"Tianjie Xu2017-05-031-7/+9
|\ \
| * | Add a default error code when updater script abortsTianjie Xu2017-05-031-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We didn't report error/cause codes unless there's an explict "Abort()" call inside the updater script. As a result, some cause codes set by ErrorAbort() didn't show up in last_install. To fix the issue, add a default error code when the script terminates abnormally (i.e. with non zero status). Bug: 37912405 Test: error/cause code shows up in last_install when argument parsing fails Change-Id: Ic6d3bd1855b853aeaa0760071e593a00cf6f0209
* | | Move sysMapFile and sysReleaseMap into MemMapping class.Tao Bao2017-05-021-2/+1
| | | | | | | | | | | | | | | | | | | | | Test: recovery_component_test Test: recovery_unit_test Test: Apply an OTA on angler. Change-Id: I7170f03e4ce1fe06184ca1d7bcce0a695f33ac4d
* | | Adding support for quiescent reboot to recoveryDmitri Plotnikov2017-04-191-1/+4
|/ / | | | | | | | | | | Bug: 37401320 Test: build and push OTA and hit adb reboot recovery,quiescent. The screen should remain off throughout the upgrade process. Change-Id: Ibed3795c09e26c4fa73684d40b94e40c78394d3f
* | Abort the update if there's not enough new dataTianjie Xu2017-04-081-4/+26
| | | | | | | | | | | | | | | | | | | | Right now the update stuck in a deadlock if there's less new data than expection. Add some checkers and abort the update if such case happens. Also add a corresponding test. Bug: 36787146 Test: update aborts correctly on bullhead && recovery_component_test passes Change-Id: I914e4a2a4cf157b99ef2fc65bd21c6981e38ca47
* | Change the internal representation in RangeSet.Tao Bao2017-04-032-233/+284
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This CL makes the following changes to RangeSet: - Uses std::pair<size_t, size_t> to represent a Range; - Uses std::vector<Range> to represent a RangeSet; - Provides const iterators (forward and reverse); - Provides const accessor; - 'blocks()' returns the number of blocks (formerly 'size'); - 'size()' returns the number of Range's (formerly 'count'). Test: recovery_unit_test Test: Apply an incremental update with the new updater. Change-Id: Ia1fbb343370a152e1f7aa050cf914c2da09b1396
* | updater: Keep the parsed parameters in std::unique_ptr.Tao Bao2017-03-311-160/+157
| | | | | | | | | | | | | | | | We don't need to take raw pointers out of the parsed arguments. std::unique_ptr handles the dereferencing automatically. Test: mmma bootable/recovery Change-Id: I1beabf6e04dc350bdad7b36cee5fb345c82b28f2
* | Move parse_range() and range_overlaps() into RangeSet.Tao Bao2017-03-312-110/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also move RangeSet into a header file to make it testable, and add unit tests. In RangeSet::Parse() (the former parse_range()), use libbase logging to do assertions. This has the same effect as the previous exit(EXIT_FAILURE) to terminate the updater process and abort an update. The difference lies in the exit status code (i.e. WEXITSTATUS(status) in install.cpp), which changes from 1 (i.e. EXIT_FAILURE) to 0. Test: recovery_unit_test Test: Apply an incremental update with the new updater. Change-Id: Ie8393c78b0d8ae0fd5f0ca0646d871308d71fff0
* | Merge "updater: Move RangeSinkWrite into RangeSinkState."Tao Bao2017-03-311-164/+146
|\ \
| * | updater: Move RangeSinkWrite into RangeSinkState.Tao Bao2017-03-291-164/+146
| | | | | | | | | | | | | | | | | | | | | | | | Then rename RangeSinkState to RangeSinkWriter. RangeSinkWriter reads data from the given FD, and writes them to the desination RangeSet. Test: Apply an incremental with the new updater. Change-Id: I5e3ab6fc082efa1726562c55b56e2d418fe4acaf
* | | updater: Don't append newline when calling uiPrint().Tao Bao2017-03-302-9/+10
|/ / | | | | | | | | | | | | | | LOG(INFO) already appends a newline. Don't print redundant newline. Test: No extra blank lines when calling ui_print(). And on-screen UI shows the same. Change-Id: I74e9a8504a7146a6cb3dae02fe2406d0dd54069b
* | applypatch: Let Apply{BSDiff,Image}Patch accept std::function.Tao Bao2017-03-281-75/+76
| | | | | | | | | | | | Test: mmma bootable/recovery system/update_engine Test: recovery_component_test Change-Id: I93c2caa87bf94a53509bb37f98f2c02bcadb6f5c
* | applypatch: Change the ssize_t length parameters to size_t.Tao Bao2017-03-281-41/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mostly for applypatch family APIs like ApplyBSDiffPatch() and ApplyImagePatch(). Changing to size_t doesn't indicate they would necessarily work with very large size_t (e.g. > ssize_t), just similar to write(2). But otherwise accepting negative length doesn't make much sense. Also change the return type of SinkFn from ssize_t to size_t. Callers tell a successful sink by comparing the number of written bytes against the desired value. Negative return values like -1 are not needed. This also makes it consistent with bsdiff::bspatch interface. Test: recovery_component_test Test: Apply an incremental with the new updater. Change-Id: I7ff1615203a5c9854134f75d019e266f4ea6e714
* | updater: Clean up LoadSrcTgtVersion2().Tao Bao2017-03-281-146/+143
|/ | | | | | | | | | | | | | | Rename to LoadSourceBlocks() by moving the target blocks parsing part into the caller. This allows detecting whether the target blocks have already had the expected data before loading the source blocks. It doesn't affect anything when applying an update package for the first time, but it skips loading the unneeded source blocks when resuming an update. It additionally avoids unnecessarily dumping the "corrupt" source/stash blocks when resuming an update. Bug: 33694730 Test: Apply an incremental update with the new updater. Test: Resume an incremental update with the new updater. Change-Id: I794fd0d1045be7b3b7f8619285dc0dade01398d0
* Merge "updater: Remove some redundant arguments."Tao Bao2017-03-261-78/+65
|\
| * updater: Remove some redundant arguments.Tao Bao2017-03-241-78/+65
| | | | | | | | | | | | | | | | | | | | Clean up a few functions that take CommandParameters& as the first parameter. We don't need to take duplicate arguments if they always come from CommandParameters. This redundancy came from the point we replaced strtok()s (commit baad2d454dc07ce916442987a2908a93fe6ae298). Test: Apply an incremental update with the new updater. Change-Id: I2912b8ce6bc7580bf7f566e125f12270e679e155
* | Merge "updater: Drop the support for BBOTA v1 and v2."Tao Bao2017-03-251-398/+330
|\|
| * updater: Drop the support for BBOTA v1 and v2.Tao Bao2017-03-241-398/+330
| | | | | | | | | | | | | | | | | | | | The script support for BBOTA v1 and v2 has been dropped in commit 8fad03e7712082eb880ffaaffb69eb13252ce220 (platform/build). Bug: 33694730 Test: Apply an incremental with the new updater. Test: recovery_component_test Change-Id: I038b1bf8d10f030cab8ec0aa6ee565c5a9545dfd
* | Merge "Removed C-style casts"Tao Bao2017-03-241-1/+1
|\ \ | |/ |/|
| * Removed C-style castsMikhail Lappo2017-03-231-1/+1
| | | | | | | | | | | | | | | | In c++ code would be cleaner to use c++ retinterpret cast instead of old c-style notation Change-Id: Ibeef5e0c374addf108c0a8876a6be45063d8e396
* | Merge "Redundant checking of STL container element"Tao Bao2017-03-231-3/+1
|\ \ | |/ |/|
| * Redundant checking of STL container elementMikhail Lappo2017-03-231-3/+1
| | | | | | | | | | | | | | | | As of C++ specification size_type erase( const key_type& key ); removes the element (if one exists). There is no need to perform the check twice. Change-Id: I4b057c08526abc7c2a483a60f9e166e4d8f56a74
* | Merge "Fixed scanf modifier"Tao Bao2017-03-231-1/+1
|\|
| * Fixed scanf modifierMikhail Lappo2017-03-231-1/+1
| | | | | | | | | | | | Scanf expectation is to have same type of pointer to store parsed value and modifier in format string
* | updater: Fix the broken case for apply_patch_check().Tao Bao2017-03-231-1/+1
|/ | | | | | | | | | | It's valid to provide only 1 argument to apply_patch_check(). We shouldn't fail the argument parsing. Bug: 36541737 Test: recovery_component_test passes. Test: recovery_component_test captures the failure without the fix. Test: The previously failed update applies successfully. Change-Id: Iee4c54ed33b877fc4885945b085341ec5c64f663
* Remove malloc in edify functionsTianjie Xu2017-03-223-125/+173
| | | | | | | | And switch them to std::vector & std::unique_ptr Bug: 32117870 Test: recovery tests passed on sailfish Change-Id: I5a45951c4bdf895be311d6d760e52e7a1b0798c3
* Merge "Fix the permission of stashed blocks created by updater"Tianjie Xu2017-03-221-0/+12
|\
| * Fix the permission of stashed blocks created by updaterTianjie Xu2017-03-221-0/+12
| | | | | | | | | | | | | | | | | | | | | | Our updater created the stashes with root permission. This causes an access denial when the RecoverySystem service tries to clean up these blocks after a failing update. As a result, the subsequent OTA updates may fail due to insufficient cache space. Bug: 36457133 Test: stashed blocks cleaned successfully after reboot Change-Id: If0ca99638cdfa1033646f29d9cc92b5ff1bacac1
* | Fix updater include generation w/installcleanDan Willemsen2017-03-221-16/+4
|/ | | | | | | | | | | Since this was putting the intermediate file in obj/PACKAGING, every installclean was removing it and triggering updater to rebuild. Instead, use the standard generated-sources-dir. The dep file can also be removed now that ninja will re-run the generator if the command line changes. Test: m -j updater; m installclean; m -j updater Test: Only change to aosp_fugu updater before/after is the debug info Change-Id: I20928bd2049d4a3d4e21f83fd64d16cfdc541958
* Revert "Revert "Print SHA-1 in hex for corrupted blocks""Tianjie Xu2017-03-171-6/+140
| | | | | | | | | This reverts commit 90eff6a340f9983792d700df3b1ea0203aced207. Also fix the bug where stashed blocks are not freed. Bug: 21124445 Test: Previous failed update succeeded on bullhead Change-Id: I23d232331a2beb51b6dcc82c957c87bc247d0268
* updater: Minor clean up to EnumerateStash().Tao Bao2017-03-161-73/+50
| | | | | | Test: Apply an incremental BBOTA package with the new updater. Test: Resume an interrupted BBOTA (so it cleans up the partial stash). Change-Id: I620cc57ee6366845bcffbc19210f7a01e2196052
* Revert "Print SHA-1 in hex for corrupted blocks"Tao Bao2017-03-151-140/+3
| | | | | | | | | | This reverts commit bb0cd75a0e1f6760bdf96bd141f3a546ffa45fbc. Broke the 'free' command that deletes a stash. Bug: 36242722 Test: The previously failed incremental applies successfully. Change-Id: I1237cb0a33adfbeea57e0465b629704862ba13aa
* Merge "updater: Remove some obsoleted functions for file-based OTA."Tao Bao2017-03-141-362/+0
|\
| * updater: Remove some obsoleted functions for file-based OTA.Tao Bao2017-03-131-362/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This CL removes the updater support for delete(), symlink(), rename(), set_metadata() and set_metadata_recursive(). Such functions have been removed from the generation script in commit f388104eaacd05cfa075d6478369e1d0df5ddbf3 (platform/build). Note: This CL also removes delete_recursive() which seems to have never been supported in generation script. Bug: 35853185 Test: recovery_component_test passes. Change-Id: I51e1ec946fa73761118fa1eaa082423df6d588e9
* | Print SHA-1 in hex for corrupted blocksTianjie Xu2017-03-131-3/+140
|/ | | | | | | | | | | It will be helpful for debug if we know which blocks are corrupted after a verification failure. This CL prints the SHA-1 for each source block in a transfer command if these blocks don't have an expected hash. And along with the correct SHA-1, we will catch the corrupted blocks. Bug: 21124445 Test: Printed the mismatched SHA-1 for bullhead during an update. Change-Id: I683d4bdaf9a335035045b3f532b3a265b2fcbbfc
* Merge "Use bspatch from external/bsdiff."Sen Jiang2017-02-161-0/+1
|\
| * Use bspatch from external/bsdiff.Sen Jiang2017-02-021-0/+1
| | | | | | | | | | | | | | | | | | | | Now ApplyBSDiffPatch() will stream the output to sink as we go instead of sinking everything at the end. Test: recovery_host_test Bug: 26982501 Change-Id: I05b6ed40d45e4b1b19ae72784cf705b731b976e3
* | Replace _exit(-1) with _exit(EXIT_FAILURE).Tao Bao2017-02-032-3/+3
|/ | | | | | | | | -1 is not a valid exit status. Also replace a few exit(1) with exit(EXIT_FAILURE). Test: mmma bootable/recovery Change-Id: I4596c8328b770bf95acccc06a4401bd5cabd4bfd
* Merge "Remove '_static' suffix from libext2* references."Alex Deymo2017-01-261-1/+1
|\
| * Remove '_static' suffix from libext2* references.Alex Deymo2017-01-241-1/+1
| | | | | | | | | | | | Bug: 34220783 Test: make checkbuild Change-Id: Iceea20e440a4bb6a3b254486a65a86401a2241ef
* | Print with newline for ui_print.Tao Bao2017-01-222-2/+0
|/ | | | | | | | | | | | | | | | | | | Currently the ui_print command between the recovery and updater doesn't append newline. Updater has to send an extra "ui_print" command without any argument to get the line break. This looks unnecessary. And not all the callers (including the ones in bootable/recovery) are following this protocol when sending the ui_print command. This CL simplifies the protocol to always print with a newline for ui_print command. When updating from an old recovery with the new updater, all the ui_print'd strings would appear in one line as a side effect. But a) it would only affect the text-mode UI, which won't be shown to users; b) log files won't be affected. Bug: 32305035 Test: Apply an update with the new updater on top of an old and new recovery image respectively. Change-Id: I305a0ffc6f180daf60919cf99d24d1495d68749b
* Merge changes from topic 'host_suffix_cleanup'Alex Deymo2017-01-121-2/+2
|\ | | | | | | | | | | * changes: Remove "_static" suffix from libsparse Remove "_static" suffix from libext4_utils.
| * Remove "_static" suffix from libsparseAlex Deymo2017-01-111-1/+1
| | | | | | | | | | | | Bug: 34220783 Change-Id: I358f931f0b29f5bd526e1475180e477e2e90b936
| * Remove "_static" suffix from libext4_utils.Alex Deymo2017-01-111-1/+1
| | | | | | | | | | Bug: 34220783 Change-Id: I34ccc3b11da0d1b48805967ad75b9ddade569930
* | Do not inject I/O fault on a retryTianjie Xu2017-01-091-1/+1
|/ | | | | | | | | | We could inject I/O faults during an OTA update for test purpose. But we should skip the injection if the update is an retry. Otherwise the update test will simply keeps failing. Bug: 34159970 Test: Apply the same package on angler and the update succeeds on the 2nd try. Change-Id: Id274e5475e3bc8d25d50a8cf61a77d2e32c569d6
* Merge "updater: Clean up CreateStash()."Tao Bao2017-01-051-83/+84
|\
| * updater: Clean up CreateStash().Tao Bao2016-12-291-84/+85
| | | | | | | | | | | | | | Change the stash size computation from int to size_t. Test: Apply an incremental BBOTA with the new updater. Change-Id: Ib45b71b826fec6aa0ffafc67c17735825634eae0
* | updater: Refactor parse_range().Tao Bao2017-01-041-74/+63
| | | | | | | | | | | | | | | | Returning the parsed RangeSet directly (as opposed to using some pointer parameter) to make the code cleaner. Test: Apply an incremental with the new updater. Change-Id: I8c99e701f189eb6a3eacc0d647e5a3a85fbeb3eb
* | updater: Update the header name for bootloader.h.Tao Bao2016-12-291-2/+2
|/ | | | | | | We should include "bootloader_message/bootloader_message.h" now. Test: m updater Change-Id: I65b22a8a0bcc5976ff1ba827bd30b46ee9d59c53
* updater: Fix the operator order.Tao Bao2016-12-141-1/+1
| | | | | | | | | | Shift operator ("<<") has a higher precedence level than ternary operator ("?"). Test: BBOTA update log says "performing update" as opposed to "performing 0". Change-Id: I0cf60cbfc11415e94f1f9f6effe75f14d13a1874
* updater: Switch to libbase logging.Tao Bao2016-12-013-993/+994
| | | | | Test: Build an updater into a package and apply it on device. Change-Id: I289b5768e9b1e44ef78e0479c64dbaa36fb1a685
* Remove ota_close(int) and ota_fclose(FILE*).Tao Bao2016-11-281-73/+69
| | | | | | | | | | | We should always use unique_fd or unique_file to hold the FD or FILE* pointer when opening via ota_(f)open functions. This CL avoids accidentally closing raw FDs or FILE* pointers that are managed by unique_fd/unique_file. Test: recovery_component_test passes. Change-Id: If58eb8b5c5da507563f85efd5d56276472a1c957
* updater: Refactor set_stage() and get_stage() functions.Tao Bao2016-11-182-68/+69
| | | | | | | | | | | Add read_bootloader_message_from() and write_bootloader_message_to() to allow specifying the BCB device (/misc). Also add testcases for set_stage() and get_stage(). Test: recovery_component_test passes. Test: Build a recovery image and apply a two-step OTA package. Change-Id: If5ab06a1aaaea168d2a9e5dd63c07c0a3190e4ae
* updater: Add testcase for package_extract_dir().Tao Bao2016-11-181-17/+21
| | | | | Test: recovery_component_test passes. Change-Id: I3af4707bc42c7331ca961be8b967a53de82ea25b
* updater: Add "write_value()" function.Tao Bao2016-11-171-3/+31
| | | | | | | | | | | | | write_value(value, filename) writes 'value' to 'filename'. It can be used to tune device settings when applying an OTA package. For example, write_value("960000", "/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq"). Bug: 32463933 Test: recovery_component_test passes. Test: Apply an OTA package that contains a call to write_value(), and check the result. Change-Id: Ib009ecb8a45a94353f10c59e2383fe1f49796e35
* updater: Fix the wrong return value for package_extract_file().Tao Bao2016-11-151-76/+69
| | | | | | | | | | | | | | | 'bool success = ExtractEntryToFile()' gives opposite result. Fix the issue and add testcases. Change the one-argument version of package_extract_file() to explicitly abort for non-existent zip entry. Note that this is NOT changing the behavior. Prior to this CL, it aborts from Evaluate() function, by giving a general cause code. Now it returns kPackageExtractFileFailure. BUg: 32903624 Test: recovery_component_test works. Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f
* updater: Add more testcase for symlink().Tao Bao2016-11-091-20/+17
| | | | | | | | Clean up SymlinkFn() a bit. Also clean up the temp files created when running the tests; otherwise non-empty TemporaryDir won't be removed. Test: recovery_component_test passes. Change-Id: Id3844abebd168c40125c4dcec54e6ef680a83c3a
* Make make_parent() to take const argumentTianjie Xu2016-11-081-19/+27
| | | | | | | | Switch to use const std::string; and add corresponding tests. Bug: 32649858 Test: Component tests pass Change-Id: I640f3ec81f1481fa91aa310f8d4d96dac9649cb9
* updater: Add a testcase for RenameFn().Tao Bao2016-11-041-1/+4
| | | | | | Test: recovery_component_test passes. Change-Id: Iba5a0fdf6c79e2bed6b30b8fc19a306c1ab29d8a
* updater: Fix a bug in DeleteFn().Tao Bao2016-11-041-9/+13
| | | | | | | Also add a testcase for delete() function. Test: recovery_component_test passes. Change-Id: I064d1ad4693c3ed339d0a69eabadd08a61a2ea86
* updater: Fix an off-by-1 bug in file_getprop().Tao Bao2016-11-031-6/+9
| | | | | | | | Also add a testcase for file_getprop(). Test: recovery_component_test passes. Change-Id: I8eb2f9a5702b43997ac9f4b29665eea087b1c146
* Cleanup ReadArgs & ReadValueArgs usageTianjie Xu2016-11-012-497/+411
| | | | | | | | ReadArgs will switch to using std::string and std::unique_ptr. Also cleanup the callers. Test: mma & component test passed. Change-Id: I4724406ae6c0c134a27bbd1cdd24ad5d343b2a3b
* applypatch: Switch the parameter of Value** to std::vector.Tao Bao2016-10-291-3/+1
| | | | | | Test: Unit tests and install-recovery.sh pass on angler and dragon. Change-Id: I328e6554edca667cf850f5584ebf1ac211e3d4d1
* Replace minzip with libziparchiveTianjie Xu2016-10-185-85/+87
| | | | | | | | | | | Clean up the duplicated codes that handle the zip files in bootable/recovery; and rename the library of the remaining utility functions to libotautil. Test: Update package installed successfully on angler. Bug: 19472796 Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
* Change StringValue to use std::stringTianjie Xu2016-10-153-195/+158
| | | | | | | | | | | Changing the field of 'Value' in edify to std::string from char*. Meanwhile cleaning up the users of 'Value' and switching them to cpp style. Test: compontent tests passed. Bug: 31713288 Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
* edify: Some clean-ups to libedify.Tao Bao2016-10-131-1/+0
| | | | | | | | | | | | - Remove dead declarations in expr.h: SetError(), GetError(), ClearError(). - Remove the declaration of Build() out of expr.h. - Use std::unordered_map to implement RegisterFunction() and FindFunction(); kill FinishRegistration(). - Add a testcase for calling unknown functions. Test: mmma bootable/recovery; recovery_component_test passes. Change-Id: I9af6825ae677f92b22d716a4a5682f58522af03b
* updater: Kill the duplicate PrintSha1() in install.cpp.Tao Bao2016-10-111-36/+19
| | | | | | | | Also add a testcase for sha1_check(). Test: mmma bootable/recovery; recovery_component_test passes. Change-Id: I4d06d551a771aec84e460148544f68b247a7e721
* Refactor libupdater into a seperate module.Tao Bao2016-10-117-79/+103
| | | | | | | | | So that we can write native tests for updater functions. This CL adds a testcase for getprop() function. Test: mmma bootable/recovery; Run recovery_component_test on device. Change-Id: Iff4c1ff63c5c71aded2f9686fed6b71cc298c228
* Update the header path for ext4_utils.Tao Bao2016-10-092-4/+2
| | | | | Test: `mmma bootable/recovery` Change-Id: I70ccddb3ddf46bb012fdc5f632afc46ebdd5473e
* edify: Move State.script and State.errmsg to std::string.Tao Bao2016-10-041-20/+17
| | | | | | | | | | | This way we kill a few strdup() and free() calls. Test: 1. recovery_component_test still passes; 2. Applying an update with the new updater works; 3. The error code in a script with abort("E310: xyz") is recorded into last_install correctly. Change-Id: Ibda4da5937346e058a0d7cc81764d6f02920010a
* Turn on -Werror for recoveryTianjie Xu2016-09-301-1/+1
| | | | | | | | | | Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
* Switch to <android-base/properties.h>.Elliott Hughes2016-09-261-12/+7
| | | | | | | Bug: http://b/23102347 Test: boot into recovery. Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e Merged-In: Ib2ca560f1312961c21fbaa294bb068de19cb883e
* Merge "Switch recovery to libbase logging"Tianjie Xu2016-09-021-2/+3
|\
| * Switch recovery to libbase loggingTianjie Xu2016-09-011-2/+3
| | | | | | | | | | | | | | | | Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
* | Check an edge case when read(2) returns 0Tianjie Xu2016-09-011-0/+4
|/ | | | | | | | | | We might end up in an infinite loop if read(2) reached EOF unexpectedly. The problematic code in uncrypt mentioned in the bug has been fixed by switching to libbase ReadFully(). So I grepped through the recovery code and fixed some other occurences of the issue. Bug: 31073201 Change-Id: Ib867029158ba23363b8f85d61c25058a635c5a6b
* Merge "Fix references to libcrypto_utils_static."Josh Gao2016-08-081-2/+2
|\ | | | | | | | | | | am: b97da5e0f0 Change-Id: Ia935df84e5ea36dfc6605b41872c36db69a114a0
| * Fix references to libcrypto_utils_static.Josh Gao2016-08-061-2/+2
| | | | | | | | | | Bug: http://b/30708454 Change-Id: I7a5048beff1d8b783a9683dcb4a79606a77f20ee
* | Merge \"Fix install.h\'s use of attribute printf.\"Elliott Hughes2016-06-302-4/+3
|\| | | | | | | | | | | am: a82ee456bb Change-Id: Ibcfabbb0e044d503f889f1afea271cf73ad93f45
| * Fix install.h's use of attribute printf.Elliott Hughes2016-06-302-4/+3
| | | | | | | | | | | | And move off the bionic __nonnull macro, which I'm removing. Change-Id: I40b4424f4fd7bd8076e0eee3ec35de36c3ded8de
* | Check the results from applypatchTianjie Xu2016-06-161-4/+10
|\ \ | | | | | | | | | | | | | | | am: 31f8cc84cf Change-Id: I2ea241fb3e688f5f8b0558d638dd3ed502223f97
| * | Check the results from applypatchTianjie Xu2016-06-161-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | Check the results from applypatch in PerformCommandDiff; and abort the update on failure. Bug:29339536 Change-Id: I5087d79ba532b54250f4c17560524255c8a4fabc
* | | resolve merge conflicts of 179c0d8 to stage-aosp-masterElliott Hughes2016-06-162-161/+12
|\ \ \ | | |/ | |/| | | | Change-Id: Iba5aec266444cabf83f600f2bdb45a3c027e5995
| * | Merge "Remove obsolete MTD support."Elliott Hughes2016-06-152-161/+12
| |\ \
| | * | Remove obsolete MTD support.Elliott Hughes2016-06-102-161/+12
| | | | | | | | | | | | | | | | | | | | Bug: http://b/29250988 Change-Id: Ia97ba9082a165c37f74d6e1c3f71a367adc59945
* | | | Merge \\"updater: Fix the broken ReadFileFn.\\" am: 4ddd5edf31Tao Bao2016-06-111-1/+1
|\| | | | | | | | | | | | | | | | | | | | | | | am: 89dfe730d4 Change-Id: Ia465c92d341da4681d3490151a20e1e117271e52
| * | | updater: Fix the broken ReadFileFn.Tao Bao2016-06-111-1/+1
| |/ / | | | | | | | | | | | | | | | | | | | | | Was accidentally broken by the CL in [1]. [1]: commit d6c93afcc28cc65217ba65eeb646009c4f15a2ad Change-Id: I851e13ccea6f5be6fcd47f712cc95867245f9934
* | | resolve merge conflicts of 7ce287d to nyc-dev-plus-aospTianjie Xu2016-06-042-8/+61
|\ \ \ | | |/ | |/| | | | Change-Id: I2194d1170281f58eb508f2ef63b39c8729125f76
| * | Call ioctl before each write on retryTianjie Xu2016-06-032-8/+61
| | | | | | | | | | | | | | | | | | | | | | | | If the update is a retry, ioctl(BLKDISCARD) the destination blocks before writing to these blocks. Bug: 28990135 Change-Id: I1e703808e68ebb1292cd66afd76be8fd6946ee59
* | | resolve merge conflicts of 50f6417Tianjie Xu2016-05-231-1/+0
| | | | | | | | | | | | | | | | | | Fix a typo for ota_fclose(). Change-Id: Ia93e911aa5391afc604874fc3a09c5a45c094c80
* | | resolve merge conflicts of 50f6417 to nyc-dev-plus-aospTianjie Xu2016-05-233-87/+143
|\| | | | | | | | | | | Change-Id: I42c127f7946e678acf6596f6352f090abc0ca019
| * | Allow recovery to return error codesTianjie Xu2016-05-203-86/+141
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Write error code, cause code, and retry count into last_install. So we can have more information about the reason of a failed OTA. Example of new last_install: @/cache/recovery/block.map package name 0 install result retry: 1 retry count (new) error: 30 error code (new) cause: 12 error cause (new) Details in: go/android-ota-errorcode Bug: 28471955 Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
* | | Add time and I/O info to last_installTianjie Xu2016-05-181-0/+12
|\| | | |/ |/| | | | | | | | | | | | | am: dd874b1c87 * commit 'dd874b1c87eb04f28db0db2629df0adde568a74c': Add time and I/O info to last_install Change-Id: I02aa858d5ce488d3acbf5400811e2565cf7d9c75
| * Add time and I/O info to last_installTianjie Xu2016-05-161-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One example of last_install is: /sideload/package.zip 1 time_total: 101 bytes_written_system: 14574000 bytes_stashed_system: 100 bytes_written_vendor: 5107400 bytes_stashed_vendor: 0 Bug: 28658632 Change-Id: I4bf79ea71a609068d38fbce6b41bcb892524aa7a
| * Skip stashing source blocks in verify modeTianjie Xu2016-03-231-8/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently block_image_verify() stashes source blocks to /cache and in some case triggers I/O errors. To avoid this risk, We create a map from the hash value to the source blocks' range_set. When executing stash command in verify mode, source range is saved but block contents aren't stashed. And load_stash could get its value from either the stashed file from the previous update, or the contents on the source partition specified by the saved range. Bug: 27584487 Bug: 25633753 Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
| * DO NOT MERGE Control fault injection with config files instead of build flagsJed Estep2016-03-163-2/+4
| | | | | | | | | | Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
| * applypatch: use vector to store data in FileContents.Yabin Cui2016-03-111-10/+11
| | | | | | | | | | | | | | | | | | Cherry pick this patch because it fixes the problem that a newed Value is released by free(). Bug: 26906416 Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43 (cherry picked from commit d6c93afcc28cc65217ba65eeb646009c4f15a2ad)
| * Reboot and retry on I/O errorsTianjie Xu2016-03-101-0/+7
| | | | | | | | | | | | | | | | | | When I/O error happens, reboot and retry installation two times before we abort this OTA update. Bug: 25633753 Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69 (cherry picked from commit 3c62b67faf8a25f1dd1c44dc19759c3997fdfd36)
| * Merge "updater: fix memory leak based on static analysis." am: e50d447692Yabin Cui2016-02-051-44/+39
| |\ | | | | | | | | | | | | | | | | | | am: 66b02c4ce5 * commit '66b02c4ce5b175451e723c463e6e9d19ab7872fa': updater: fix memory leak based on static analysis.
| * \ resolve merge conflicts of 7b6027dde4 to master.Tao Bao2016-02-043-18/+17
| |\ \ | | | | | | | | | | | | Change-Id: I1d5232f61744bb18ca5de3a16a340bc3afd110bb
| * \ \ Merge "IO fault injection for OTA packages"Jed Estep2016-01-093-19/+21
| |\ \ \
| | * | | IO fault injection for OTA packagesJed Estep2016-01-063-19/+21
| | | | | | | | | | | | | | | | | | | | | | | | | Bug: 25951086 Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
| * | | | updater: Add a function to check first blockTianjie Xu2015-12-182-0/+58
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add and register a function to check if the device has been remounted since last update during incremental OTA. This function reads block 0 and executes before partition recovery for version >= 4. Bug: 21124327 Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
* | | | updater, minzip: Remove unnecessary O_SYNC flags.Alistair Strachan2016-05-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove O_SYNC from mzExtractRecursive() and PackageExtractFileFn(). These functions deal with extracting whole files from the update package onto a filesystem. If run on ext4 on a rotating disk, for example, the O_SYNC flag will cause serious performance problems and the extraction proecss can take over 30 minutes, with no obvious benefits. This API function already calls fsync(fd) after each file is extracted to ensure data and metadata is written to the underlying block device, so the O_SYNC calls should be superfluous and safely removable. This change does not affect the OTA patch paths or any modification of the bootloader partition or writes to other 'emmc' partitions. Signed-off-by: Alistair Strachan <alistair.strachan@imgtec.com> Change-Id: I9cbb98a98e6278bf5c0d7efaae340773d1fbfcd2
* | | | Merge "Fix google-explicit-constructor warnings."Chih-hung Hsieh2016-04-301-1/+1
|\ \ \ \
| * | | | Fix google-explicit-constructor warnings.Chih-Hung Hsieh2016-04-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Bug: 28341362 Change-Id: I5b35ae16c069e7e9229e66963386f322bd808af1
* | | | | updater: Don't zero out CommandParameters with memset(3).Tao Bao2016-04-271-2/+1
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [1] switched a few things to android::base::unique_fd including CommandParameters.fd. However, we were using memset(3) to zero out the struct, which effectively assigned unique_fd(0) to fd. When it called fd.reset(), file descriptor 0 was unintentionally closed. When FD 0 was later reassigned via open(2), it led to lseek(2) errors: "Bad file descriptor". This CL switches to using braced-init (i.e. '= {}') instead, so that the default constructor unique_fd(-1) would be called. [1]: commit bcabd0929316fdd022ea102cc86396547ad9f070 Bug: 28391985 Change-Id: If1f99932b15552714c399e65c8b80550344b758a
* | | | Fix google-runtime-int warnings.Chih-Hung Hsieh2016-04-181-5/+6
| | | | | | | | | | | | | | | | | | | | Bug: 28220065 Change-Id: Ida199c66692a1638be6990d583d2ed42583fb592
* | | | Convert recovery to use BoringSSL instead of mincrypt.Mattias Nissler2016-04-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
* | | | Move selinux dependencies out of header files.Elliott Hughes2016-04-023-4/+6
| | | | | | | | | | | | | | | | | | | | Bug: http://b/27764900 Change-Id: Ib62a59edcb13054f40f514c404d32b87b14ed5f1
* | | | Switch to <android-base/unique_fd.h>.Elliott Hughes2016-03-291-25/+17
| | | | | | | | | | | | | | | | Change-Id: I13ba3f40bd52b5f3e3fe9002a45a9a8630040129
* | | | Skip stashing source blocks in verify modeTianjie Xu2016-03-251-8/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently block_image_verify() stashes source blocks to /cache and in some case triggers I/O errors. To avoid this risk, We create a map from the hash value to the source blocks' range_set. When executing stash command in verify mode, source range is saved but block contents aren't stashed. And load_stash could get its value from either the stashed file from the previous update, or the contents on the source partition specified by the saved range. Bug: 27584487 Bug: 25633753 Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996 (cherry picked from commit 0188935d55206e8c2becb29e995f166cb7040355)
* | | | Merge "Reboot and retry on I/O errors"Tianjie Xu2016-03-081-0/+7
|\ \ \ \
| * | | | Reboot and retry on I/O errorsTianjie Xu2016-03-031-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When I/O error happens, reboot and retry installation two times before we abort this OTA update. Bug: 25633753 Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
* | | | | Fix the improper use of LOCAL_WHOLE_STATIC_LIBRARIES.Tao Bao2016-03-031-28/+38
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If two libraries both use LOCAL_WHOLE_STATIC_LIBRARIES and include a same library, there would be linking errors when generating a shared library (or executable) that depends on the two libraries both. Also clean up Android.mk files. Remove the "LOCAL_MODULE_TAGS := eng" line for the updater module. The module will then default to "optional" which won't be built until needed. Change-Id: I3ec227109b8aa744b7568e7f82f575aae3fe0e6f
* | | | Control fault injection with config files instead of build flagsJed Estep2016-02-233-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c (cherry picked from commit d940887dde23597dc358b16d96ca48dd7480fee6)
* | | | applypatch: use vector to store data in FileContents.Yabin Cui2016-02-121-10/+11
| | | | | | | | | | | | | | | | | | | | Bug: 26906416 Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43
* | | | IO fault injection for OTA packagesJed Estep2016-02-103-34/+36
| |_|/ |/| | | | | | | | | | | | | | Bug: 25951086 Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c (cherry-picked from commit f1fc48c6e62cfee42d25ad12f443e22d50c15d0b)
* | | updater: fix memory leak based on static analysis.Yabin Cui2016-02-041-44/+39
| |/ |/| | | | | | | Bug: 26907377 Change-Id: I384c0131322b2d12f0ef489735e70e86819846a4
* | Switch from mincrypt to BoringSSL in applypatch and updater.Sen Jiang2016-02-043-18/+17
| | | | | | | | | | Bug: 18790686 Change-Id: I7d2136fb39b2266f5ae5be24819c617b08a6c21e
* | updater: Add a function to check first blockTianjie Xu2016-01-072-0/+58
|/ | | | | | | | | | Add and register a function to check if the device has been remounted since last update during incremental OTA. This function reads block 0 and executes before partition recovery for version >= 4. Bug: 21124327 Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f (cherry picked from commit 30bf4765593e639966df9f460df22c3fe912e7bf)
* updater: Use O_SYNC and fsync() for package_extract_file().Tao Bao2015-12-151-6/+13
| | | | | | | | We are already using O_SYNC and fsync() for the recursive case (package_extract_dir()). Make it consistent for the single-file case. Bug: 20625549 Change-Id: I487736fe5a0647dd4a2428845e76bf642e0f0dff
* updater: Output msg when recovery is calledTianjie Xu2015-12-111-1/+4
| | | | | | | | Output messages in log when recovery is attempted or succeeded during incremental OTA update. Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda (cherry picked from commit b686ba211443490111729ba9d82eb0c0b305e185)
* updater: Replace strtok() with android::base::Split().Tao Bao2015-12-071-133/+144
| | | | Change-Id: I36346fa199a3261da1ae1bc310b3557fe1716d96
* Track rename from base/ to android-base/.Elliott Hughes2015-12-052-5/+5
| | | | Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
* updater: Bump up the BBOTA version to 4.Tao Bao2015-10-231-1/+1
| | | | | | | | | To accommodate new changes in N release, such as error correction [1] and other potential changes to the updater. [1]: commit 0a7b47397db3648afe6f3aeb2abb175934c2cbca Change-Id: I4dd44417d07dd0a31729894628635a0aa1659008
* Error correction: Use libfec in blockimg.cpp for recoverySami Tolvanen2015-10-192-1/+78
| | | | | | | | | | | | Add block_image_recover function to rewrite corrupted blocks on the partition. This can be attempted if block_image_verify fails. Note that we cannot use libfec during block_image_update as it may overwrite blocks required for error correction. A separate recovery pass in case the image is corrupted is the only viable option. Bug: 21893453 Change-Id: I6ff25648fff68d5f50b41a601c95c509d1cc5bce
* updater: Skip empty lines in the transfer list file.Tao Bao2015-09-261-0/+4
| | | | | | | | | We have the last line being empty as a result of android::base::Split("a\nb\n"), which leads to "missing command" warnings in the update. Just skip all the empty lines. Bug: 24373789 Change-Id: I5827e4600bd5cf0418d95477e4592fec47bbd3a9
* updater: Use android::base::ParseInt() to parse integers.Tao Bao2015-09-242-52/+37
| | | | Change-Id: Ic769eafc8d9535b1d517d3dcbd398c3fd65cddd9
* Suppress some compiler warnings due to signedness.Tao Bao2015-09-241-1/+1
| | | | Change-Id: I63f28b3b4ba4185c23b972fc8f93517295b1672a
* Merge "updater: Manage buffers with std::vector."Tao Bao2015-09-161-228/+168
|\
| * updater: Manage buffers with std::vector.Tao Bao2015-09-101-228/+168
| | | | | | | | Change-Id: Ide489e18dd8daf161b612f65b28921b61cdd8d8d
* | updater: Fix the line breaks in ui_print commands.Tao Bao2015-09-101-26/+32
|/ | | | | | | | | When processing ui_print commands in the updater, it misses a line break when printing to the recovery log. Also clean up uiPrintf() and UIPrintFn() with std::string's. Change-Id: Ie5dbbfbc40b024929887d3c3ccd3a334249a8c9d
* updater: Replace the pointers in LoadSrcTgtVersion[1-3]() parameter.Tao Bao2015-09-081-29/+26
| | | | | | And inline the call to LoadSrcTgtVersion1() into SaveStash(). Change-Id: Ibf4ef2bfa2cc62df59c4e8de99fd7d8039e71ecf
* updater: Clean up C codes.Tao Bao2015-09-011-602/+429
| | | | | | | Replace C-string with std::string, pointers with references, and variable-size arrays in struct with std::vector. Change-Id: I57f361a0e58286cbcd113e9be225981da56721b2
* updater: Remove the unused isunresumable in SaveStash().Tao Bao2015-08-261-3/+3
| | | | Change-Id: I6a8d9bea4c1cd8ea7b534682061b90e893b227a2
* GOOGLEGMS-749 Fix integer overflow while applying block based OTA packageShrinivas Sahukar2015-08-221-46/+48
| | | | | | | There is an integer overflow when the size of system goes beyond the signed int limits. Hence changing pos to size_t. Change-Id: I6e5e1b2f0e72030b30a6df09a01642f4c82abc79
* updater: Clean up char* with std::string.Tao Bao2015-08-061-261/+141
| | | | | | | So we can remove a few free()s. And also replace a few pointers with references. Change-Id: I4b6332216704f4f9ea4a044b8d4bb7aa42a7ef26
* udpater: Call fsync() after rename().Tao Bao2015-08-041-0/+20
| | | | | | | We need to ensure the renamed filename reaches the underlying storage. Bug: 22840552 Change-Id: Ide2e753a2038691d472b6ee173cbf68ac998a084
* updater: Hoist fsync() to outer loop.Tao Bao2015-07-271-6/+5
| | | | | | | | | | Currently the fsync() inside write_all() may be called multiple times when performing a command. Move that to the outer loop and call it only after completing the command. Also remove the O_SYNC flag when writing a stash. Change-Id: I71e51d76051a2f7f504eef1aa585d2cb7a000d80
* updater: libapplypatch needs libbase now.Tao Bao2015-07-241-1/+1
| | | | | Change-Id: I18da9e6da64fccab495dc5a96e3efd95cc6d88bf (cherry picked from commit 1b1ea17d554d127a970afe1d6004dd4627cd596e)
* recovery: Switch applypatch/ and updater/ to cpp.Tao Bao2015-07-144-112/+113
| | | | | | Mostly trivial changes to make cpp compiler happy. Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270
* Revert "Zero blocks before BLKDISCARD"Tao Bao2015-07-111-17/+1
| | | | | | | | | | | This reverts commit b65f0272c860771f2105668accd175be1ed95ae9. It slows down the update too much on some devices (e.g. increased from 8 mins to 40 mins to take a full OTA update). Bug: 22129621 Change-Id: I016e3b47313e3113f01bb4f8eb3c14856bdc35e5 (cherry picked from commit 7125f9594db027ce4313d940ce2cafac67ae8c31)
* More accurate checking for overlapped ranges.Tao Bao2015-06-261-1/+1
| | | | | | | | A RangeSet has half-closed half-open bounds. For example, "3,5" contains blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped. Bug: 22098085 Change-Id: I75e54a6506f2a20255d782ee710e889fad2eaf29
* Zero blocks before BLKDISCARDSami Tolvanen2015-06-101-1/+17
| | | | | | | | | | Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f
* Revert "Zero blocks before BLKDISCARD"Sami Tolvanen2015-06-101-5/+9
| | | | | | This reverts commit 96392b97f6bf1670d478494fb6df89a3410e53fa. Change-Id: I77acc27158bad3cd8948390a3955197646a43a31
* Zero blocks before BLKDISCARDSami Tolvanen2015-06-091-9/+5
| | | | | | | | | | Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3
* recovery: Switch to clangTao Bao2015-06-031-0/+2
| | | | | | And a few trival fixes to suppress warnings. Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
* Fix build: fprintf without modifierTao Bao2015-06-031-2/+1
| | | | Change-Id: I66ae21a25a25fa3c70837bc54a7d406182d4cf37
* Merge "Log update outputs in order"Tao Bao2015-06-031-0/+6
|\
| * Log update outputs in orderTao Bao2015-06-031-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Although stdout and stderr are both redirected to log file with no buffering, we are seeing some outputs are mixed in random order. This is because ui_print commands from the updater are passed to the recovery binary via a pipe, which may interleave with other outputs that go to stderr directly. In recovery, adding ui::PrintOnScreenOnly() function to handle ui_print command, which skips printing to stdout. Meanwhile, updater prints the contents to stderr in addition to piping them to recovery. Change-Id: Idda93ea940d2e23a0276bb8ead4aa70a3cb97700
* | Merge "Really don't use TEMP_FAILURE_RETRY with close in recovery."Elliott Hughes2015-05-291-1/+1
|\ \
| * | Really don't use TEMP_FAILURE_RETRY with close in recovery.Elliott Hughes2015-05-291-1/+1
| |/ | | | | | | | | | | | | I missed one last time. Bug: http://b/20501816 Change-Id: I9896ee2704237d61ee169f898680761e946e0a56
* / Handle BLKDISCARD failuresSami Tolvanen2015-05-281-2/+1
|/ | | | | | | | | | | In the block updater, if BLKDISCARD fails, the error is silently ignored and some of the blocks may not be erased. This means the target partition will have inconsistent contents. If the ioctl fails, return an error and abort the update. Bug: 20614277 Change-Id: I33867ba9337c514de8ffae59f28584b285324067
* Stop using libstdc++.Dan Albert2015-05-191-1/+1
| | | | | | | | These are already getting libc++, so it isn't necessary. If any of the other static libraries (such as adb) use new or delete from libc++, there will be symbol collisions. Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f
* Merge "Add error and range checks to parse_range"Sami Tolvanen2015-05-181-10/+71
|\
| * Add error and range checks to parse_rangeSami Tolvanen2015-05-151-10/+71
| | | | | | | | | | | | | | | | | | | | | | Only trusted input is passed to parse_range, but check for invalid input to catch possible problems in transfer lists. Bug: 21033983 Bug: 21034030 Bug: 21034172 Bug: 21034406 Change-Id: Ia17537a2d23d5f701522fbc42ed38924e1ee3366
* | Don't use TEMP_FAILURE_RETRY on close in recovery.Elliott Hughes2015-05-161-2/+2
|/ | | | | Bug: http://b/20501816 Change-Id: I35efcd8dcec7a6492ba70602d380d9980cdda31f
* Check all lseek calls succeed.Elliott Hughes2015-04-301-28/+20
| | | | | | | Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek. Bug: http://b/20625546 Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
* Don't remove existing explicitly stashed blocksSami Tolvanen2015-04-171-10/+28
| | | | | | | | | | | | | | | | When automatically stashing overlapping blocks, should the stash file already exist due to an explicit stash command, it's not safe to remove the stash file after the command has completed. Note that it is safe to assume that the stash file will remain in place during the execution of the next command, so we don't have take other measures to preserve overlapping blocks. The stash file itself will be removed by a free command when it's no longer needed. Bug: 20297065 Change-Id: I8ff1a798b94086adff183c5aac03260eb947ae2c
* Always use strerror to report errno in recovery.Elliott Hughes2015-03-231-19/+20
| | | | Change-Id: I7009959043150fabf5853a43ee2448c7fbea176e
* Remove more dead code from minzip.Narayan Kamath2015-02-271-1/+1
| | | | | | | | | | | | I've added explanatory comments to mzExtractRecursive because that function will live on as a utility even after we move the zip format related logic to libziparchive. bug: 19472796 (cherry-picked from commit c9ccdfd7a42de08c47ab771b94dc5b9d1f957b95) Change-Id: I8b7fb6fa3eafb2e7ac080ef7a7eceb691b252d8a
* Initialize stashbase even stash_max_blocks = 0Jesse Zhao2015-02-181-1/+1
| | | | | Change-Id: I480c02ffedd811f4dda9940ef979a05ff54f1435 Bug: 19410117
* am 42b09d25: am 6a0d2fbc: Merge "There\'s no GPL code in \'updater\'."Elliott Hughes2015-02-092-339/+0
|\ | | | | | | | | * commit '42b09d255afdb47bc0546183cbc68e86147baaab': There's no GPL code in 'updater'.
| * am 6a0d2fbc: Merge "There\'s no GPL code in \'updater\'."Elliott Hughes2015-02-072-339/+0
| |\ | | | | | | | | | | | | * commit '6a0d2fbcaa1740da7bb0e7a0ef8280e8b7b9bb05': There's no GPL code in 'updater'.
| | * There's no GPL code in 'updater'.Elliott Hughes2015-02-052-339/+0
| | | | | | | | | | | | | | | | | | | | | This notice was added for libsyspatch and libxdelta3, but that code has been removed since. Change-Id: I4008878ded56ca1d5094a8208728f8c02fe1fe03
* | | Merge "Support resuming block based OTAs"Sami Tolvanen2015-02-061-346/+1460
|\ \ \ | |/ / |/| |
| * | Support resuming block based OTAsSami Tolvanen2015-01-301-346/+1460
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for transfer list version 3, which allows us to verify the status of each command and resume an interrupted block based OTA update. Notes on the changes: - Move the previous BlockImageUpdateFn to a shorter and reusable PerformBlockImageUpdate, which can be used also in BlockImageVerifyFn for verification. - Split individual transfer list commands into separate functions with unified parameters for clarity, and use a hash table to locate them during execution. - Move common block reading and writing to ReadBlocks and WriteBlocks to reduce code duplication, and rename the readblock and writeblock to less confusing read_all and write_all. The coding style of the new functions follows the existing style in the updater/edify code. Needs matching changes from Ia5c56379f570047f10f0aa7373a1025439495c98 Bug: 18262110 Change-Id: I1e752464134aeb2d396946348e6041acabe13942
* | | am aeecac54: Merge "Add missing includes."Elliott Hughes2015-01-301-0/+1
|\ \ \ | |/ / |/| / | |/ | | * commit 'aeecac5444ce55d2e82ee1b2aa35ff61a038c14e': Add missing includes.
| * Add missing includes.Elliott Hughes2015-01-301-0/+1
| | | | | | | | Change-Id: I06ea08400efa511e627be37a4fd70fbdfadea2e6
* | am c43b17f0: Merge "Fix recovery image build for 32p"Ying Wang2014-12-021-1/+1
|\| | | | | | | | | * commit 'c43b17f0adac1092e221ce6166ca8bc464090525': Fix recovery image build for 32p
| * Fix recovery image build for 32pBruce Beare2014-12-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | When building for 32p, we need to be explicit that we wish to build the 32bit version of the binaries that will be placed in the recovery image. The recovery image doesn't actually care... but if we are not explicit in this, the makefiles will ask for the 64bit binaries but the Android.mk for the binaries will supply the 32bit images (causing the build to fail). Change-Id: Iea2d5f412740c082795da4358765751138a4b167
* | am b278c252: Add support for tune2fs file operationsMichael Runge2014-11-242-0/+43
|\ \ | | | | | | | | | | | | * commit 'b278c252e148798346f85fc92eeea6afeb33fbf0': Add support for tune2fs file operations
| * | Add support for tune2fs file operationsMichael Runge2014-11-212-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | This allows tune2fs to be executed from within OTA scripts, allowing for file system modifications without formatting the partition Bug: 18430740 Change-Id: I0c2e05b5ef4a81ecea043e9b7b99b545d18fe5e6
* | | am 5ddf4293: Log mount/unmount errors to UIMichael Runge2014-10-251-5/+9
|\| | | | | | | | | | | | | | * commit '5ddf4293df45a051c7900eeb62fb5ec4950b6cb6': Log mount/unmount errors to UI
| * | Log mount/unmount errors to UIMichael Runge2014-10-241-5/+9
| | | | | | | | | | | | | | | Bug: 18092022 Change-Id: I6c42038ebeb1cfc1e7ca0d3e12310fdce1b990b0
* | | am 68802416: unconditionally apply SELinux labels to symlinksNick Kralevich2014-10-241-10/+9
|\| | | | | | | | | | | | | | * commit '688024169df70336cc128ea8cc929174c53a501e': unconditionally apply SELinux labels to symlinks
| * | unconditionally apply SELinux labels to symlinksNick Kralevich2014-10-241-10/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At the end of the OTA script, we walk through /system, updating all the permissions on the filesystem, including the UID, GID, standard UNIX permissions, capabilities, and SELinux labels. In the case of a symbolic link, however, we want to skip most of those operations. The UID, GID, UNIX permissions, and capabilities don't meaningfully apply to symbolic links. However, that's not true with SELinux labels. The SELinux label on a symbolic link is important. We need to make sure the label on the symbolic link is always updated, even if none of the other attributes are updated. This change unconditionally updates the SELinux label on the symbolic link itself. lsetfilecon() is used, so that the link itself is updated, not what it's pointing to. In addition, drop the ENOTSUP special case. SELinux has been a requirement since Android 4.4. Running without filesystem extended attributes is no longer supported, and we shouldn't even try to handle non-SELinux updates anymore. (Note: this could be problematic if these scripts are ever used to produce OTA images for 4.2 devices) Bug: 18079773 Change-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91
* | | am 168f7778: Allow passing of mount args to mountFnMichael Runge2014-10-231-5/+18
|\| | | | | | | | | | | | | | * commit '168f77787700f0e9f66675beef33c593a777e64e': Allow passing of mount args to mountFn
| * | Allow passing of mount args to mountFnMichael Runge2014-10-231-5/+18
| | | | | | | | | | | | | | | | | | | | | Bug: 18079773 Bug: 18092222 Change-Id: Ifc3f3e123de729dfbb2f49414b3207afa96268d5
* | | am 473967d8: Merge "Log to UI any metadata setting errors" into lmp-devBrian Carlstrom2014-10-231-34/+50
|\| | | | | | | | | | | | | | * commit '473967d87ff9fc7a541c16ebdc56364c285d2862': Log to UI any metadata setting errors
| * | Merge "Log to UI any metadata setting errors" into lmp-devBrian Carlstrom2014-10-231-34/+50
| |\ \
| | * | Log to UI any metadata setting errorsMichael Runge2014-10-231-34/+50
| | |/ | | | | | | | | | | | | Bug: 18079773 Change-Id: Ic6fddbcbcb6ddb9e1cbd1698df98387c0033ae15
* | | am 2f0ef730: Treat already-renamed files as having no problems.Michael Runge2014-10-231-0/+3
|\| | | | | | | | | | | | | | * commit '2f0ef73029fc51c6404121f338b034c8b516652c': Treat already-renamed files as having no problems.
| * | Treat already-renamed files as having no problems.Michael Runge2014-10-231-0/+3
| |/ | | | | | | | | | | | | | | This should help with reentrant OTAs. Bug: 18079773 Change-Id: I102fd738e3b450483ecd4471384c12e89fc586e2
* / support for version 2 of block image diffsDoug Zongker2014-09-261-45/+209
|/ | | | | | | | | | | | | | | | | | | In version 2 of block image diffs, we support a new command to load data from the image and store it in the "stash table" and then subsequently use entries in the stash table to fill in missing bits of source data we're not allowed to read when doing move/bsdiff/imgdiff commands. This leads to smaller update packages because we can break cycles in the ordering of how pieces are updated by storing data away and using it later, rather than not using the data as input to the patch system at all. This comes at the cost of the RAM or scratch disk needed to store the data. The implementation is backwards compatible; it can still handle the existing version 1 of the transfer file format. Change-Id: I4559bfd76d5403859637aeac832f3a5e9e13b63a
* Merge "fix comment in blockimg updater code" into lmp-devDoug Zongker2014-09-041-3/+3
|\
| * fix comment in blockimg updater codeDoug Zongker2014-09-041-3/+3
| | | | | | | | | | | | The comment for the DEBUG_ERASE setting is exactly backwards. Change-Id: I98ab5828365894217fc78976817a131e7d22d5c1
* | use lseek64 instead of lseekAndrew Boie2014-09-041-11/+11
|/ | | | | | | | Otherwise, overflow problems can occur with images larger than 2G since the offsets will overflow a 32-bit off_t. Change-Id: I05951a38ebeae83ad2cb938594e8d8adb323e2aa Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* remove code for original block OTA mechanismDoug Zongker2014-08-262-209/+6
| | | | | | | Superseded by newer code. Bug: 16984795 Change-Id: I842299f6a02af7ccf51ef2ca174d813ca53deef1
* fix two bugs in block image updaterDoug Zongker2014-08-211-18/+32
| | | | | | | | | The computation of file offsets was overflowing for partitions larger than 2 GB. The parsing of the transfer file could fail at the end if the data happened to not be properly null-terminated. Bug: 16984795 Change-Id: I3ce6eb3e54ab7b55aa9bbed252da5a7eacd3317a
* installer for new block OTA systemDoug Zongker2014-08-206-1/+662
| | | | | | | (Cherry-pick back from master.) Bug: 16984795 Change-Id: Ifa3d8345c5e2a0be86fb28faa080ca82592a96b4
* remove spurious parens from error messageDoug Zongker2014-08-061-4/+3
| | | | | | | | These error messages include empty parens after each string substition. Ill-advised cut and paste, probably. Bug: 16467401 Change-Id: Ib623172d6228354afdcc2e33442cc53a07f0ecbc
* Auto create parent directories for rename supportMichael Runge2014-07-222-3/+7
| | | | | | | | | Sometimes renames will move a file into a directory that does not yet exist. This will create the parent directories, using the same symlink logic, to ensure that there is a valid destination. Change-Id: Iaa005a12ce800c39f4db20f7c25a2a68cb40a52d
* Support F2FS for the data partitionJP Abgrall2014-06-171-2/+35
| | | | | | | | | | | | This adds F2FS support - for wiping a device - for the install "format" command. Note: crypto data in "footer" with a default/negative length is not supported, unlike with "ext4". Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870 Signed-off-by: JP Abgrall <jpa@google.com>
* advance progress bar during block OTA installationsDoug Zongker2014-06-091-2/+23
| | | | | | | | | While executing syspatch and package_extract_file() calls with don't care maps (both of which are used to rewrite the system image in incremental and full block OTAs, respectively), pass a progress callback in and use it to update the visible progress bar. Change-Id: I1d3742d167c1bb2130571eb5103b7795c65ff371
* disable async reboot during package installationDoug Zongker2014-05-231-0/+11
| | | | | | | | | | The default recovery UI will reboot the device when the power key is pressed 7 times in a row, regardless of what recovery is doing. Disable this feature during package installation, to minimize the chance of corrupting the device due to a mid-install reboot. (Debug packages can explicitly request that the feature be reenabled.) Change-Id: I20f3ec240ecd344615d452005ff26d8dd7775acf
* Allow lines without = signs.Michael Runge2014-05-021-5/+3
| | | | | | | | | The new build.prop for Sprout includes lines of the format: import xxx.prop These can be safely ignored when reading the property file. Change-Id: Ia84a138e71461ffe8e591e88143b9787873def29
* am 4b6de1ba: am 026ebe02: Merge "Recovery 64-bit compile issues"Mark Salyzyn2014-03-141-2/+2
|\ | | | | | | | | * commit '4b6de1ba1ce0fff95c18a8abb7ba6e5762006d49': Recovery 64-bit compile issues
| * am 026ebe02: Merge "Recovery 64-bit compile issues"Mark Salyzyn2014-03-141-2/+2
| |\ | | | | | | | | | | | | * commit '026ebe0214d6c1c9b3ddc22c35e9ac37e5f622bc': Recovery 64-bit compile issues
| | * Recovery 64-bit compile issuesMark Salyzyn2014-03-141-2/+2
| | | | | | | | | | | | Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
* | | support don't-care maps when writing the system imageDoug Zongker2014-02-251-62/+172
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make package_extract_file() take an optional third argument which is the pathname (in the package zip) of a map of don't-care regions to skip over when writing the file. Modify syspatch() to take source and target don't-care maps and use them when patching the system partition. Add the wipe_block_device() function to do a discard of all data on the partition. Change-Id: I8c856054edfb6aab2f3e5177f16d9d78add20be4
* | | add flag for GPL licenseDoug Zongker2014-02-202-0/+339
| | | | | | | | | | | | | | | | | | | | | updater now depends on the GPL'd libraries libsyspatch and libxdelta3, so be careful when taking code from this directory. Change-Id: Ib6f8c50ce7052912b9d81ff96d095f778bf9a3d0
* | | Merge "clean up some warnings when building recovery"Doug Zongker2014-02-183-5/+5
|\ \ \
| * | | clean up some warnings when building recoveryDoug Zongker2014-02-143-5/+5
| | | | | | | | | | | | | | | | Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
* | | | remove remaining libminelf referencesDoug Zongker2014-02-141-1/+0
|/ / / | | | | | | | | | Change-Id: Id38b08607829bccc031693cc03e60e849903b6f8
* | | remove 'retouch' ASLR supportDoug Zongker2014-02-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Older versions of android supported an ASLR system where binaries were randomly twiddled at OTA install time. Remove support for this; we now use the ASLR support in the linux kernel. Change-Id: I8348eb0d6424692668dc1a00e2416fbef6c158a2
* | | add syspatch support to updaterDoug Zongker2014-02-132-14/+115
| | | | | | | | | | | | | | | | | | | | | Add the syspatch() function, which can apply xdelta3+xz patches using the libsyspatch library. Change-Id: Idc1921e449020923bcaf425a1983bec0833e47ed
* | | do verification and extraction on memory, not filesDoug Zongker2014-01-161-4/+11
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes minzip and recovery's file signature verification to work on memory regions, rather than files. For packages which are regular files, install.cpp now mmap()s them into memory and then passes the mapped memory to the verifier and to the minzip library. Support for files which are raw block maps (which will be used when we have packages written to encrypted data partitions) is present but largely untested so far. Bug: 12188746 Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
* | am f9dd42de: Merge "Don\'t abort on read_file if the file is missing." into klp-devMichael Runge2013-12-271-5/+3
|\ \ | | | | | | | | | | | | * commit 'f9dd42de6034ab09f9fa649ed1fbea25bc05e598': Don't abort on read_file if the file is missing.
| * | Don't abort on read_file if the file is missing.Michael Runge2013-12-141-5/+3
| | | | | | | | | | | | Change-Id: I85726bf736203d602428114145c3b98692580656
* | | am c87bab10: add the functions for multi-stage packages to updaterDoug Zongker2013-11-271-1/+106
|\| | | |/ |/| | | | | * commit 'c87bab101893e8322b49d7c8600e3367b20ab50a': add the functions for multi-stage packages to updater
| * add the functions for multi-stage packages to updaterDoug Zongker2013-11-271-1/+106
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to support multi-stage recovery packages, we add the set_stage() and get_stage() functions, which store a short string somewhere it can be accessed across invocations of recovery. We also add reboot_now() which updater can invoke to immediately reboot the device, without doing normal recovery cleanup. (It can also choose whether to boot off the boot or recovery partition.) If the stage string is of the form "#/#", recovery's UI will be augmented with a simple indicator of what stage you're in, so it doesn't look like a reboot loop. Change-Id: I62f7ff0bc802b549c9bcf3cc154a6bad99f94603
* | am c64e76c7: Merge "Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add." into klp-devMichael Runge2013-11-081-0/+35
|\| | | | | | | | | * commit 'c64e76c75088b951f61a7f7bacf8af6eccd2ccfa': Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add.
| * Enable incremental builder to find files that moved, andMichael Runge2013-11-071-0/+35
| | | | | | | | | | | | | | | | | | try to process them via patch + rename, instead of delete + add. b/11437930 Change-Id: I984349fbc9a8dac4379e00c0d66fc7d22c4eb834
* | updater: Delete dead codeNick Kralevich2013-09-171-87/+0
|/ | | | | | | | set_perm and set_perm_recursive are no longer used. Delete. (cherry picked from commit 08ef9a957027183dcf55e432441e8fb0d5299aba) Change-Id: I1bcc90ae19af9df4f0705496c5876987159f75ac
* Don't apply permission changes to symlink.Nick Kralevich2013-09-111-0/+5
| | | | | | | Bug: 10183961 Bug: 10186213 Bug: 8985290 Change-Id: I57cb14af59682c5f25f1e091564548bdbf20f74e
* updater: introduce and set_metadata and set_metadata_recursiveNick Kralevich2013-09-101-0/+274
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce two new updater functions: * set_metadata * set_metadata_recursive Long term, these functions are intended to be more flexible replacements for the following methods: * set_perm * set_perm_recursive Usage: set_metadata("filename", "key1", "value1", "key2", "value2", ...) set_metadata_recursive("dirname", "key1", "value1", "key2", "value2", ...) Description: set_metadata() and set_metadata_recursive() set the attributes on a file/directory according to the key/value pairs provided. Today, the following keys are supported: * uid * gid * mode (set_perm_extd only) * fmode (set_perm_extd_recursive only) * dmode (set_perm_extd_recursive only) * selabel * capabilities Unknown keys are logged as warnings, but are not fatal errors. Examples: * set_metadata("/system/bin/netcfg", "selabel", "u:object_r:system_file:s0"); This sets the SELinux label of /system/bin/netcfg to u:object_r:system_file:s0. No other changes occur. * set_metadata("/system/bin/netcfg", "uid", 0, "gid", 3003, "mode", 02750, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); This sets /system/bin/netcfg to uid=0, gid=3003, mode=02750, selinux label=u:object_r:system_file:s0, and clears the capabilities associated with the file. * set_metadata_recursive("/system", "uid", 0, "gid", 0, "fmode", 0644, "dmode", 0755, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); All files and directories under /system are set to uid=0, gid=0, and selinux label=u:object_r:system_file:s0. Directories are set to mode=0755. Files are set to mode=0644 and all capabilities are cleared. Bug: 10183961 Bug: 10186213 Bug: 8985290 Change-Id: Ifdcf186a7ed45265511dc493c4036e1ac5e3d0af
* Revert "Update OTA installer to understand SELinux filesystem labels"Nick Kralevich2013-09-091-24/+5
| | | | | | | This reverts commit 627eb30f73c29257acaeb6568f3da38880784f7c. Bug: 10183961 Bug: 10186213
* Update OTA installer to understand SELinux filesystem labelsNick Kralevich2013-07-191-5/+24
| | | | | | | | | | | | | | | | | | Modify the OTA installer to understand SELinux filesystem labels. We do this by introducing new set_perm2 / set_perm2_recursive calls, which understand SELinux filesystem labels. These filesystem labels are applied at the same time that we apply the UID / GID / permission changes. For compatibility, we preserve the behavior of the existing set_perm / set_perm_recursive calls. If the destination kernel doesn't support security labels, don't fail. SELinux isn't enabled on all kernels. Bug: 8985290 Change-Id: I99800499f01784199e4918a82e3e2db1089cf25b
* recovery: move log output to stdoutDoug Zongker2013-07-092-48/+48
| | | | | | | | Recovery currently has a random mix of messages printed to stdout and messages printed to stderr, which can make logs hard to read. Move everything to stdout. Change-Id: Ie33bd4a9e1272e731302569cdec918e0534c48a6
* Merge "verifier: update to support certificates using SHA-256"Doug Zongker2013-04-121-1/+1
|\
| * verifier: update to support certificates using SHA-256Doug Zongker2013-04-101-1/+1
| | | | | | | | Change-Id: Ifd5a29d459acf101311fa1c220f728c3d0ac2e4e
* | Add liblogYing Wang2013-04-101-1/+1
|/ | | | | Bug: 8580410 Change-Id: Ie60dade81c06589cb0daee431611ded34adef8e6
* resolved conflicts for merge of 78afed1c to jb-mr1-dev-plus-aospKenny Root2012-10-174-16/+1
|\ | | | | | | Change-Id: I861e3a6aa07c448909b2ae54618bba178bd6e457
| * Remove HAVE_SELINUX guardsKenny Root2012-10-164-16/+1
| | | | | | | | Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
* | add bonus data feature to imgdiff/imgpatch/applypatchDoug Zongker2012-08-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The bonus data option lets you give an additional blob of uncompressed data to be used when constructing a patch for chunk #1 of an image. The same blob must be available at patch time, and can be passed to the command-line applypatch tool (this feature is not accessible from edify scripts). This will be used to reduce the size of recovery-from-boot patches by storing parts of the recovery ramdisk (the UI images) on the system partition. Change-Id: Iac1959cdf7f5e4582f8d434e83456e483b64c02c
* | am 3733d218: Merge changes I664f8dc7,I4154db06,I5e1df90fJoe Onorato2012-08-171-1/+4
|\| | | | | | | | | | | | | * commit '3733d2185bbcedd9ef626907f1f32628986cc0f5': Use the static version of libsparse Multiple modules with the same name are going away. host modules don't need LOCAL_MODULE_TAGS
| * Use the static version of libsparseJoe Onorato2012-07-241-1/+1
| | | | | | | | Change-Id: I664f8dc7939f8f902e4775eaaf6476fcd4ab8ed2
| * Multiple modules with the same name are going away.Joe Onorato2012-07-221-1/+4
| | | | | | | | Change-Id: I4154db066865d6031caa3c2c3b94064b2f28076e
* | fix the symlink() command to create directories if neededDoug Zongker2012-08-071-3/+29
|/ | | | | | | | | | | Full OTAs currently fail if the build contains a directory containing only symlinks, because nothing creates that directory. Change the symlink() command to create any ancestor directories that don't exist. They're created as owner root perms 0700 because we assume that in practice subsequent set_perm_recursive() calls will fix up their ownership and permissions. Change-Id: I4681cbc85863d9778e36b924f0532b2b3ef14310
* Link against libsparseColin Cross2012-07-181-1/+1
| | | | | | libext4_utils requires libsparse, link against it as well. Change-Id: I4d6aec0e5edcf1ed42118b7b77adcded2858d3dd
* am 6d60667d: Merge "Use a dependency file to replace the list file."Ying Wang2012-06-121-10/+14
|\ | | | | | | | | * commit '6d60667de6b8e6bd8a54fb4031901e2935743308': Use a dependency file to replace the list file.
| * Use a dependency file to replace the list file.Ying Wang2012-06-111-10/+14
| | | | | | | | | | | | instead of creating the list file whenever loading the Android.mk Change-Id: I78e4820754399dff3993a863eede8b75da9f6d29
* | am 78911bdf: am 2a4ab824: Merge "Change the format command to always take the mount point as an argument."Kenny Root2012-04-071-13/+4
|\| | | | | | | | | * commit '78911bdf4f9dfff6583f3f8150a3257212ceea13': Change the format command to always take the mount point as an argument.
| * Change the format command to always take the mount point as an argument.Stephen Smalley2012-04-031-13/+4
| | | | | | | | | | | | Requires I5a63fd61a7e74d386d0803946d06bcf2fa8a857e Change-Id: Ica5fb73d6f2ffb981b74d1896538988dbc4d9b24
* | resolved conflicts for merge of 0b1fee1b to masterKenny Root2012-03-314-7/+69
|\| | | | | | | Change-Id: I2e8298ff5988a96754f56f80a5186c9605ad9928
| * Extend recovery and updater to support setting file security contexts.Stephen Smalley2012-03-304-8/+65
| | | | | | | | | | | | | | Extend minzip, recovery, and updater to set the security context on files based on the file_contexts configuration included in the package. Change-Id: Ied379f266a16c64f2b4dca15dc39b98fcce16f29
| * Add libselinux to LOCAL_STATIC_LIBRARIES wherever libext4_utils is used.Stephen Smalley2012-01-241-0/+5
| | | | | | | | | | | | | | libext4_utils now calls libselinux in order to determine the file security context to set on files when creating ext4 images. Change-Id: I09fb9d563d22ee106bf100eacd4cd9c6300b1152
* | fail edify script if set_perm() or symlink() failsDoug Zongker2012-03-221-0/+13
| | | | | | | | | | | | | | | | It's surprising if these fail, so abort the whole edify script to catch any problems early. Bug: 2284848 Change-Id: Ia2a0b60e7f086fc590b242616028905a229c9e05
* | remove retouching code from updaterDoug Zongker2012-02-281-118/+0
| | | | | | | | | | | | | | | | | | | | | | Removes the retouch_binaries and undo_retouch_binaries from updater; newly generated OTA packages should not call them any more. Note that applypatch retains the ability to unretouch a file as it reads it. This will be needed as long as we want to support OTAs from devices that were installed with retouching. Change-Id: Ib3f6baeae90c84ba85983f626d821ab7e436ceb2
* | C++ class for device-specific codeDoug Zongker2011-10-311-1/+2
|/ | | | | | | | | | Replace the device-specific functions with a class. Move some of the key handling (for log visibility toggling and rebooting) into the UI class. Fix up the key handling so there is less crosstalk between the immediate keys and the queued keys (an increasing annoyance on button-limited devices). Change-Id: I698f6fd21c67a1e55429312a0484b6c393cad46f
* allow recovery packages to wipe cacheDoug Zongker2011-10-191-0/+10
| | | | | | | | | | updater now has a function "wipe_cache();" which causes recovery to wipe the cache partition after the successful installation of the package. Move log copying around a bit so logs and the last_install flag file are copied to cache after it's wiped. Bug: 5314244 Change-Id: Id35a9eb6dcd626c8f3a3a0076074f462ed3d44bd
* Support multiple recovery updater extensions.Michael Ward2011-07-151-2/+2
| | | | Change-Id: I787c086223b674050c0a12fc575add9badb471af
* make write_raw_image able to take a blobDoug Zongker2011-04-131-27/+40
| | | | | | | write_raw_image() can now take either a blob or a filename as the source. The blob format eliminates the need for a temp file. Change-Id: I0c6effec53d47862040efcec75e64b7c951cdcf7
* Reserve the last 16 Kbytes of /data for the crypto footer.Ken Sumrall2011-01-201-8/+11
| | | | | | | When formatting /data, if it's an ext4 filesystem, reserve the last 16 Kbytes for the crypto footer. Change-Id: I7b401d851ee87732e5da5860df0287a1c331c5b7
* Update arguments to make_ext4fsColin Cross2010-12-291-1/+1
| | | | Change-Id: Id96e98da76b3091987b01651f980797b1d6b49d8
* add missing sparseness parameterDoug Zongker2010-09-161-1/+1
| | | | Change-Id: Ie6e309b127e80cd6475f1deaa5dbadf9f5cc2746
* resolved conflicts for merge of 9f89b0e4 to masterDoug Zongker2010-09-161-1/+1
|\ | | | | | | Change-Id: Id458df96fd56830fdb35397e95a80274761ecff5
| * support for ext4/EMMC filesystems in updater binaryDoug Zongker2010-09-152-25/+64
| | | | | | | | | | | | | | | | | | Make the mount and format functions take extra parameters describing the filesystem type and add support for mounting and formatting ext4 filesystems on EMMC. Change recovery to consistently use stdout for status messages instead of mixing stdout and stderr.
* | am 858f0a76: am 8e5e4dad: close update package before installing; allow remountDoug Zongker2010-09-161-1/+3
|\| | | | | | | | | | | | | Merge commit '858f0a763d0f736eb721f54257b6164886bfcbfc' * commit '858f0a763d0f736eb721f54257b6164886bfcbfc': close update package before installing; allow remount
| * close update package before installing; allow remountDoug Zongker2010-09-151-1/+3
| | | | | | | | | | | | | | | | Close the update package before invoking the binary, to allow the installer to unmount /cache if it wants to. Add a function to allow remounting of a mount as read-only. Change-Id: Idfcc96c3da66083295177f729263560be58034e4
* | Changes to work with updated make_ext4fs tool that supports creating sparse images.Ken Sumrall2010-08-141-1/+1
| | | | | | | | | | | | | | An extra parameter was added to the make_ext4fs() function, we these tools need to be updated to match. Change-Id: Id640a7f2b03153eb333b00337f0f991ff5332349
* | Working ASLR implementationHristo Bojinov2010-08-022-2/+123
| | | | | | | | | | | | | | | | | | | | Separate files for retouch functionality are in minelf/* ASLR for shared libraries is controlled by "-a" in ota_from_target_files. Binary files are self-contained. Retouch logic can recover from crashes. Signed-off-by: Hristo Bojinov <hristo@google.com> Change-Id: I76c596abf4febd68c14f9d807ac62e8751e0b1bd
* | Mute unwanted error messageYing Wang2010-07-211-1/+1
| | | | | | | | | | | | | | This CL removes the following line from the top of build logs: "diff: out/target/product/*/obj/PACKAGING/updater_extensions_intermediates/register.inc.list: No such file or directory" Change-Id: I79c15a69a0b1b0da0e45620b45a7a0fea5625250
* | support for ext4/EMMC filesystems in updater binaryDoug Zongker2010-07-022-25/+64
|/ | | | | | | | | Make the mount and format functions take extra parameters describing the filesystem type and add support for mounting and formatting ext4 filesystems on EMMC. Change recovery to consistently use stdout for status messages instead of mixing stdout and stderr.
* refactor applypatch and friendsDoug Zongker2010-02-231-65/+107
| | | | | | | | | | | | | | | | | | | Change the applypatch function to take meaningful arguments instead of argc and argv. Move all the parsing of arguments into main.c (for the standalone binary) and into install.c (for the updater function). applypatch() takes patches as Value objects, so we can pass in blobs extracted from the package without ever writing them to temp files. The patching code is changed to read the patch from memory instead of a file. A bunch of compiler warnings (mostly about signed vs unsigned types) are fixed. Support for the IMGDIFF1 format is dropped. (We've been generating IMGDIFF2 packages for some time now.) Change-Id: I217563c500012750f27110db821928a06211323f
* relocate applypatch; add type system and new functions to edifyDoug Zongker2010-02-182-52/+190
| | | | | | | | | | | | | | | | | | | | | | | | | - Move applypatch to this package (from build). - Add a rudimentary type system to edify: instead of just returning a char*, functions now return a Value*, which is a struct that can carry different types of value (currently just STRING and BLOB). Convert all functions to this new scheme. - Change the one-argument form of package_extract_file to return a Value of the new BLOB type. - Add read_file() to load a local file and return a blob, and sha1_check() to test a blob (or string) against a set of possible sha1s. read_file() uses the file-loading code from applypatch so it can read MTD partitions as well. This is the start of better integration between applypatch and the rest of edify. b/2361316 - VZW Issue PP628: Continuous reset to Droid logo: framework-res.apk update failed (CR LIBtt59130) Change-Id: Ibd038074749a4d515de1f115c498c6c589ee91e5
* bump updater API version to 3; deprecate firmware update commandDoug Zongker2010-02-033-42/+7
| | | | | | | | | Remove support for the HTC-specific "firmware" update command and the corresponding edify function write_firmware_update(). This functionality is now done by an edify extension library that lives in vendor/htc. Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
* add a one-argument version of package_extract_fileDoug Zongker2010-02-011-24/+69
| | | | | | | | | | | Add a version of package_extract_file that returns the file data as its return value (to be consumed by some other edify function that expects to receive a bunch of binary data as an argument). Lets us avoid having two copies of a big file in memory (extracting it into /tmp, which is a ramdisk, and then having something load it into memory) when doing things like radio updates. Change-Id: Ie26ece5fbae457eb0ddcd8a13d74d78a769fbc70
* delete files before symlinking; log error messagesDoug Zongker2009-09-191-3/+21
| | | | | | The symlink() function should remove existing files before creating symlinks, so scripts are idempotent. Log messages when various system calls fail (but don't make the whole script fail).
* add a run_program() function to edifyDoug Zongker2009-09-101-0/+49
| | | | | Handy for producing debugging OTA packages (eg, running sqlite3 or whatever in recovery).
* am d8f7c9b8: Merge change 5545 into donutAndroid (Google) Code Review2009-06-301-1/+6
|\ | | | | | | | | | | | | Merge commit 'd8f7c9b85e25fab93fef2221a84b60edc2e7b837' * commit 'd8f7c9b85e25fab93fef2221a84b60edc2e7b837': remove updater from the user system image
| * Merge change 5545 into donutAndroid (Google) Code Review2009-06-261-1/+6
| |\ | | | | | | | | | | | | * changes: remove updater from the user system image
| | * remove updater from the user system imageDoug Zongker2009-06-261-1/+6
| | | | | | | | | | | | | | | | | | | | | updater (which is only needed in OTA packages) is getting included in /system/bin, where it just takes up (quite a bit of) space. Use the hack of including it only in eng builds so it's not there for user builds.
* | | am 0bbfe3d9: fix off-by-one error in set_perm()Doug Zongker2009-06-251-1/+1
|\| | | | | | | | | | | | | | | | | | | | Merge commit '0bbfe3d901885c1f0ab006e8d4cc1029c44a7376' * commit '0bbfe3d901885c1f0ab006e8d4cc1029c44a7376': fix off-by-one error in set_perm()
| * | fix off-by-one error in set_perm()Doug Zongker2009-06-251-1/+1
| |/ | | | | | | | | We were inadvertently skipping over the first filename in the list of arguments.
* | am fbf3c10e: improve updater progress barDoug Zongker2009-06-251-3/+21
|\| | | | | | | | | | | | | Merge commit 'fbf3c10e45c20f8fe6bd1ac49ffe220035b9c454' * commit 'fbf3c10e45c20f8fe6bd1ac49ffe220035b9c454': improve updater progress bar
| * improve updater progress barDoug Zongker2009-06-241-3/+21
| | | | | | | | | | | | Let recovery accept set_progress commands to control progress over the 'current segment' of the bar. Add a set_progress() builtin to the updater binary.
* | add device extension mechanism to updaterDoug Zongker2009-06-222-1/+43
|/ | | | | | | Allow devices (in BoardConfig.mk) to define additional static libraries to be linked in to updater, to make device-specific functions available in edify scripts. Modify the updater makefile to arrange for device libraries to register their edify functions.
* add file_getprop() to updaterDoug Zongker2009-06-181-11/+100
| | | | | | | Add a function to read a property from a ".prop"-formatted file (key=value pairs, one per line, ignore # comment lines and blank lines). Move ErrorAbort to the core of edify; it's not specific to updater now that errors aren't stored in the app cookie.
* let the "firmware" command take the file straight from the packageDoug Zongker2009-06-181-3/+4
| | | | | | | | To do a firmware-install-on-reboot, the update binary tells recovery what file to install before rebooting. Let this file be specified as "PACKAGE:<foo>" to indicate taking the file out of the OTA package, avoiding an extra copy to /tmp. Bump the API version number to reflect this change.
* fixes to edify and updater scriptDoug Zongker2009-06-122-67/+124
| | | | | | | | | | | | | | | | | | | | | A few more changes to edify: - fix write_raw_image(); my last change neglected to close the write context, so the written image was corrupt. - each expression tracks the span of the source code from which it was compiled, so that assert()'s error message can include the source of the expression that failed. - the 'cookie' argument to each Function is replaced with a State object, which contains the cookie, the source script (for use with the above spans), and the current error message (replacing the global variables that were used for this purpose). - in the recovery image, a new command "ui_print" can be sent back through the command pipe to cause text to appear on the screen. Add a new ui_print() function to print things from scripts. Rename existing "print" function to "stdout".
* edify extensions for OTA package installation, part 2Doug Zongker2009-06-123-7/+278
| | | | | | | | | | | | | | | | | | Adds more edify functions for OTAs: is_mounted getprop apply_patch apply_patch_check apply_patch_space write_raw_image write_firmware_image package_extract_file This allows us to install radios, hboots, boot images, and install incremental OTA packages. Fixes a couple of dumb bugs in edify itself: - we were doubling the size of the function table each time it was *not* full, rather than each time it was full - "no such function" errors weren't visible to the parser, so they didn't prevent execution of the script.
* edify extensions for OTA package installation, part 1Doug Zongker2009-06-125-0/+555
Adds the following edify functions: mount unmount format show_progress delete delete_recursive package_extract symlink set_perm set_perm_recursive This set is enough to extract and install the system part of a (full) OTA package. Adds the updater binary that extracts an edify script from the OTA package and then executes it. Minor changes to the edify core (adds a sleep() builtin for debugging, adds "." to the set of characters that can appear in an unquoted string).