summaryrefslogtreecommitdiffstats
path: root/tests (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-02-13Force off-device package installation with FUSETianjie Xu2-0/+29
The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Test: recovery_unit_test - no new failures Change-Id: Ia5afd19854c3737110339fd59491b96708926ae5 Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
2020-02-13Revert "Force package installation with FUSE unless the package stores on device"Raman Tenneti2-29/+0
This reverts commit 5e6c4e9a91674826bf11cab604250b41a9326fd8. Reason for revert: BUG: 149432069 - build failure on git_qt-qpr1-dev-plus-aosp on docs. 'otautil/roots.h' file not found is the error. Forrest run: https://android-build.googleplex.com/builds/forrest/run/L85900000460577420 Change-Id: I35119c2334895aa0ef4ed71b3ddd08f280c0c031 Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
2020-02-06rm libbinderthreadstateSteven Moreland1-1/+0
This library is empty, and its functionality has moved into libbinder/libhwbinder. Bug: 148692216 Test: N/A Change-Id: Ie50d9130a8e43de7d5b222883169c26ab958e6d7
2020-01-22Force package installation with FUSE unless the package stores on deviceTianjie Xu2-0/+29
The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Test: recovery_component_test - all passing Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f Merged-In: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
2020-01-21Force package installation with FUSE unless the package stores on deviceTianjie Xu2-0/+29
The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Test: recovery_component_test - all passing Merged-In: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
2019-12-18Delete VINTF compatibility check during OTA.Yifan Hong2-83/+0
Test: sideload OTA Bug: 139300422 Change-Id: I3369b69242ccd7a64540a0c2d754a5d6fc50d072
2019-12-18Link libvndksupport dynamically instead of statically.Peter Collingbourne1-1/+1
Bug: 146456667 Change-Id: I839223d8fbc365fd3271634143b117604f6aa879
2019-11-12Consolidate the vendor space misc usage for PixelsTianjie Xu1-34/+0
The layout of the vendor space /misc partition was pretty confusing and lead to some usage conflicts. To formalize the layout, we create a pixel specific library with the definition & offset of various flags. The new library also handles the R/W. As a result, we will leave system domain /misc definitions in the libbootloader_message. We also switch the misc_writer binary to use more specific options instead of writing an arbitrary hex string. So we can avoid redefining the string & offset in both init script and recovery ui. Bug: 131775112 Test: unit tests pass, run misc_writer and check contents of /misc Change-Id: I00f8842a81d1929e31a1de4d5eb09575ffad47c0
2019-10-16Force package installation with FUSE unless the package stores on deviceTianjie Xu2-0/+29
The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
2019-10-03Refactor battery info querying functions into librecovery_utils.Tao Bao1-0/+27
Bug: 134560109 Test: Run recovery_unit_test. Change-Id: Ibbcdcfd507fa23657ee7ff677208b0003ec382ba
2019-10-02otautil: Factor out the utils that're private to recovery.Tao Bao2-1/+2
A number of utility functions are intended for serving recovery's own use. Exposing them via libotautil (which is a static lib) would pass the dependencies onto libotautil's users (e.g. recovery image, updater, host simulator, device-specific recovery UI/updater extensions etc). This CL finds a new home for the utils that are private to recovery. Test: mmma bootable/recovery Change-Id: I575e97ad099b85fe1c1c8c7c9458a5a43d4e11e1
2019-09-23applypatch: Add backup_source parameter to PatchPartition.Tao Bao1-2/+2
And set it to false when installing recovery image via applypatch. We only need to back up the source partition when doing in-place update (e.g. when updating a given partition under recovery). When installing recovery image via applypatch, we won't touch the source partition (i.e. /boot). Removing the backup step also allows dropping the dac_override_allowed permission. Previously it was needed due to the access to /cache. Because applypatch runs as root:root, while /cache is owned by system:cache with 0770. Bug: 68319577 Test: Invoke the code that installs recovery image; check that recovery is installed successfully without denials. Test: recovery_unit_test passes on taimen. Change-Id: I549a770b511762189d6672a2835b6e403d695919
2019-09-19tests: recovery_unit_test requires root.Tao Bao1-0/+1
Bug: 141272654 Test: TreeHugger (recovery_unit_test no longer fails) Change-Id: I47cbee274e659e3d90be5a77b215466d2973c7d6
2019-09-13Link libcrypto dynamically for recovery unit tests.Pete Bentley1-1/+0
Tested by running recovery_unit_test as described in https://android.googlesource.com/platform/bootable/recovery/+/refs/heads/master/README.md Attempted to build and boot a recovery image with the same change to confirm it still works, but m recoveryimage-nodeps fails for me. Bug: 140940227 Test: See above Change-Id: I00545968a0e5684823e505f2ddbe7e993319b5d4
2019-09-05Remove reference to libhwbinder_noltopgo.Steven Moreland1-2/+0
No longer needed. Bug: 135558503 Test: build only Change-Id: Ia1257513c6276cdb01604fbedb411e7412d02b84
2019-07-31Simulator: add the argument to keep the updated imagesTianjie Xu1-2/+2
Add the command line option to select the work directory and save the updated image files. Because some people might have interested in getting updated images from an ota file. Also, fix a minor issue that the destination of package_extract_file needs to be updated if it's a block device. Otherwise, an unintended file may be extracted in the callers' directory. Test: run simulation, run unit tests Change-Id: Ic6a7db0580bc1748d6e080102e4654da4e41fd8c
2019-07-10Remove libimgpatchTianjie Xu1-3/+2
Stop building libimgpatch as it's merely a subset of libapplypatch. Test: unit tests pass Change-Id: I0735ec053344404434a50e53a36e3f55964c2e4f
2019-06-28Build libimgdiff as a host only libraryTianjie Xu1-2/+1
Stop building libimgdiff on device because we are only running patching there. Test: unit tests pass Change-Id: I4225c6b52a536617301a64c405e325799a303b40
2019-06-28Add unit tests for simulatorTianjie Xu3-10/+409
Make sure the simulator succeeds executing common non-A/B update functions. Bug: 131911365 Test: run unit tests Change-Id: I520ce6a8827539b88a9e36f9e67eec30d8b586d4
2019-06-20Support starting fuse from a block mapTianjie Xu2-1/+6
Factor out a new function from ApplyFromSdcard that installs a package from a local path. Inside this function, we start the fuse and choose the type of data provider depending on the path string. And similar to the existing logic, we treat the package as a block map if the path starts with a '@'. This is part of the effort to install larger than 2GiB packages on ILP32 devices. Bug: 127071893 Test: Build a 32 bit sailfish and create a 3GiB OTA package. Sideload the package, uncrypt and install the package from sdcard. Change-Id: I328ea34fa530731acbce7554bfc3059313ad6ece
2019-05-29Implement an update simulator to verify BB OTA packages on hostTianjie Xu1-1/+3
Implement the simulator runtime and build the updater simulator as a host executable. The code to parse the target-files and mocks the block devices will be submitted in the follow-up. Bug: 131911365 Test: unit tests pass Change-Id: Ib1ba939aec8333ca68a45139514d772ad7a27ad8
2019-05-22Some clean ups to the updaterTianjie Xu1-1/+3
Remove some unnecessary includes or forward declarations. And include the correct headers to build host executables. Bug: 131911365 Test: unit tests pass Change-Id: I62e75f60678159fe24619a4bd386b1416f1a5b5d
2019-05-21Add UpdaterRuntime classTianjie Xu1-3/+9
This class adds a wrapper to the runtime dependent functions. Therefore, the behavior of update on device stays the same, while simulators can have their own implementations. Also change the caller side of the registered updater functions to call these runtime wrappers. Bug: 131911365 Test: unit tests pass, sideload an update on cuttlefish Change-Id: Ib3ab67132991d67fc132f27120e4152439d16ac5
2019-05-21Add misc_writer.Tao Bao1-0/+38
bootloader_message.h currently divides /misc into four segments. The space between 2K and 16K is reserved for vendor use (e.g. bootloader persists flags). This CL adds a vendor tool "misc_writer", to allow writing data to the vendor space in /misc, before getting a dedicated HAL for accessing /misc partition (b/131775112). Targets need to explicitly include the module, then invoke the executable to write data. For example, the following command will write 3-byte data ("0xABCDEF") to offset 4 in vendor space (i.e. 2048 + 4 in /misc). $ /vendor/bin/misc_writer --vendor-space-offset 4 --hex-string 0xABCDEF Bug: 132906936 Test: Run recovery_unit_test on crosshatch. Test: Call the command via init.hardware.rc on crosshatch. Check that the call finishes successfully. Then check the contents written to /misc (`dd bs=1 skip=2048 if=/dev/block/sda2 count=32 | xxd`). Change-Id: I79548fc63fc79b705a0320868690569c3106949f Merged-In: I79548fc63fc79b705a0320868690569c3106949f (cherry picked from commit 7ae01698424cc3adf635c324961b1405594f5156)
2019-05-21Add misc_writer.Tao Bao1-0/+38
bootloader_message.h currently divides /misc into four segments. The space between 2K and 16K is reserved for vendor use (e.g. bootloader persists flags). This CL adds a vendor tool "misc_writer", to allow writing data to the vendor space in /misc, before getting a dedicated HAL for accessing /misc partition (b/131775112). Targets need to explicitly include the module, then invoke the executable to write data. For example, the following command will write 3-byte data ("0xABCDEF") to offset 4 in vendor space (i.e. 2048 + 4 in /misc). $ /vendor/bin/misc_writer --vendor-space-offset 4 --hex-string 0xABCDEF Bug: 132906936 Test: Run recovery_unit_test on crosshatch. Test: Call the command via init.hardware.rc on crosshatch. Check that the call finishes successfully. Then check the contents written to /misc (`dd bs=1 skip=2048 if=/dev/block/sda2 count=32 | xxd`). Change-Id: I79548fc63fc79b705a0320868690569c3106949f
2019-05-09Add Updater class and remove UpdaterInfoTianjie Xu1-92/+86
The UpdaterInfo class is merely a collection of pointers and POD types. We can replace it with a Updater class that has the ownership of the resources. This also makes this class extensible as we plan to add more functionality in the host simulator. Bug: 131911365 Test: unit tests pass, run an update on cuttlefish and check last_install Change-Id: I07ca5963bbee8ae3cb85ccc184464910aa73d4e4
2019-05-06Track libziparchive API change.Elliott Hughes3-7/+4
Bug: http://b/129068177 Test: treehugger Change-Id: Ie5b2b0cff087f2e9e65a4e77c187e3173357f3ad
2019-05-01Implement FuseBlockDataProviderxunchang4-1/+129
Adds a fuse data provider that parses the metadata from a block map, reads the data from the given ranges of the block device; and provides the data to the fuse. Bug: 127071893 Test: unit tests pass, install a package from block map Change-Id: Ie9925ee9144e98642505b3f5e1a4a186d2b21ed0
2019-04-30install: Return bool for a few check functions.Tao Bao1-27/+27
The results from these functions have boolean semantics. They're returning `int` prior to this CL, with some of them mixing 0 and InstallResult. Note that SetUpNonAbUpdateCommands() was returning INSTALL_CORRUPT / INSTALL_ERROR / 0 prior to this change, but all the callers handle INSTALL_CORRUPT and INSTALL_ERROR the same way. This CL changes them to return bool instead. Test: `mmma -j bootable/recovery` Test: TreeHugger Test: Sideload on taimen. Change-Id: Ic1b5dbf79aaca68b53ab8ea2c8ba3d19f988c571
2019-04-30tests: Merge recovery_component_test into recovery_unit_test.Tao Bao13-153/+111
Most of the tests in component/ are in fact unit tests. And it doesn't look practically beneficial to distinguish between the two: - They have the same test setup; - We always run both (recovery_unit_test and recovery_component_test) at the same time; - Breaking any of them would be equally bad. This CL merges the tests in recovery_component_test into recovery_unit_test to save the effort to maintain both. Test: Run recovery_unit_test on marlin (via `adb sync data`). Test: `atest recovery_unit_test` Change-Id: I93ff32e7219cd83425a4bcfe5613978a8dd48d75
2019-04-27Add install/wipe_device.cpp.Tao Bao1-0/+1
Prior to this CL, GetWipePartitionList was declared in install.h (libinstall) but defined in recovery.cpp (librecovery). This CL addresses the issue by refactoring wipe-device related functions into install/wipe_device.cpp. Test: atest recovery_component_test Change-Id: I7ebe04ccfda3d793e085403560a0a202752d9ee3
2019-04-26Remove the FD parameter from FuseDataProvider ctor.Tao Bao1-7/+15
This leaves the FD implementation details to subclasses. In particular, it allows minadbd to do additional works with the FD after sideloading. Bug: 128415917 Test: atest recovery_component_test Test: atest minadbd_test Test: Sideload package on taimen. Change-Id: I106bbaad05201227bbc5fe28890bbbb06fdcb67e Merged-In: I106bbaad05201227bbc5fe28890bbbb06fdcb67e (cherry picked from commit 2be9737cf449dd0650c85ee5168d09b12d386077)
2019-04-26Add recovery_host_test to TEST_MAPPING.Tao Bao2-33/+2
Also remove the AndroidTest.xml file, which is no longer needed (the `data` property in Android.bp takes care of that). The AndroidTest.xml file would otherwise block `atest recovery_host_test` from running. Test: TreeHugger; check the test result. Change-Id: If545878a1f3ae627986e19a94b42162f133b9098
2019-04-23matches_locale no longer accept empty locales in the png filexunchang1-2/+2
The legacy png files have an empty line in the end. And the recovery used to match any missing locale, e.g. "he" with that line and gets an empty image. Since the empty image is barely useful, we should just error out and fall back to the default locale. This reversed the unit test check added in d17a6885253da909e376ba5ca5084f5281f3557c Bug: 128934634 Test: run locale test with "he" and legacy images, recovery reports error and doesn't crash even without default locale fall back Change-Id: Ibdb7dd0b42348de5e392c834cce67ff02be85c24
2019-04-16Remove the FD parameter from FuseDataProvider ctor.Tao Bao1-7/+15
This leaves the FD implementation details to subclasses. In particular, it allows minadbd to do additional works with the FD after sideloading. Bug: 128415917 Test: atest recovery_component_test Test: atest minadbd_test Test: Sideload package on taimen. Change-Id: I106bbaad05201227bbc5fe28890bbbb06fdcb67e
2019-03-29Move install to separate modulexunchang5-10/+9
Build libinstall as a shared library. Also drop the dependency on the global variables in common.h. Test: unit tests pass, sideload an OTA Change-Id: I30a20047768ce00689fc0e7851c1c5d712a365a0
2019-03-26Allow RSA 4096 key in package verificationxunchang3-0/+46
The RSA_verify sitll works for 4096 bits keys. And we just need to loose the check on modulus. Sample commands to generate the key & package: 1. openssl genrsa -out keypair.pem 4096 2. openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt \ -in keypair.pem -out private.pk8 3. openssl req -new -x509 -key keypair.pem -out public.x509.pem \ -days 365 4. java -Djava.library.path=prebuilts/sdk/tools/linux/lib64 -jar \ prebuilts/sdk/tools/lib/signapk.jar -w public.x509.pem private.pk8 \ unsigned.zip signed.zip Bug: 129163830 Test: unit tests pass Change-Id: I5a5ff539c9ff1955c02ec2ce4b17563cb92808a4
2019-03-26Move out the code to parse block map in MemMapxunchang1-0/+61
We will reuse them to implement the fuse provider from block maps. Test: unit tests pass, sideload an OTA Change-Id: Iaa409d19569c4ccc0bb24e12518044fcddb45c69
2019-03-21Move librecovery_ui to a sub-directoryTianjie Xu1-2/+2
This helps to expose librecovery_ui for device specific RecoveryUi. Bug: 76436783 Test: mma, unit tests pass Change-Id: Ic6c3d301d5833e4a592e6ea9d9d059bc4e4919be (cherry picked from commit b5108c372c8b92671ea5ebb4eeff00757fcee187)
2019-03-21Move librecovery_ui to a sub-directoryTianjie Xu1-2/+2
This helps to expose librecovery_ui for device specific RecoveryUi. Bug: 76436783 Test: mma, unit tests pass Change-Id: Ic6c3d301d5833e4a592e6ea9d9d059bc4e4919be
2019-03-19Remove the provider_vtabxunchang1-14/+17
It's no longer needed with the newly added FuseDataProvider class. Also cleans up the parameters for run_fuse_sideload. Bug: 127071893 Test: unit tests pass, run a sideload Change-Id: I1ccd6798d187cfc6ac9f559ffb3f3edf08dad55c
2019-03-19Create a FuseDataProvider base classxunchang1-2/+2
The fuse data provider for adb/sdcard shares common code and structures. This cl creates a FuseDataProvider base class and provides implementations for adb and sdcard. In the follow cls, we can kill the provider_vtab struct; and also add another implementation to parse a block map file and provides data. Test: unit tests pass, sideload a package, apply a package from sdcard Change-Id: If8311666a52a2e3c0fbae0ee9688fa6d01e4ad09
2019-03-14Implement FilePackage classxunchang3-5/+129
This is another implementation of the Package class. And we will later need it when reading the package from FUSE. Bug: 127071893 Test: unit tests pass, sideload a file package on sailfish Change-Id: I3de5d5ef60b29c8b73517d6de3498459d7d95975
2019-03-13Update_verifier: Remove the support for legacy text format CareMapxunchang1-41/+3
We have already switched to the protobuf format for new builds, and the downgrade packages will require a data wipe. So it should be safe to drop the support for text format. This also helps to save the issue when users sideload a package with a pending OTA, because the new CareMap contains the fingerprint of the intended build. Bug: 128536706 Test: unit tests pass, run update_verifier with legacy CareMap Change-Id: I1c4d0e54ec591f16cc0a65dac76767725ff9e7c4 (cherry picked from commit aaa6103ae72985d061432745e668df9ca29d6ac2)
2019-03-13Update_verifier: Remove the support for legacy text format CareMapxunchang1-41/+3
We have already switched to the protobuf format for new builds, and the downgrade packages will require a data wipe. So it should be safe to drop the support for text format. This also helps to save the issue when users sideload a package with a pending OTA, because the new CareMap contains the fingerprint of the intended build. Bug: 128536706 Test: unit tests pass, run update_verifier with legacy CareMap Change-Id: I1c4d0e54ec591f16cc0a65dac76767725ff9e7c4
2019-03-12Use the package class for wipe packagesxunchang1-1/+4
The wipe package used to open the zip file directly from the content string. Switch to use the interface from the new package class instead. Bug: 127071893 Test: unit tests pass Change-Id: I990e7f00c5148710722d17140bab2e343eea3b6b
2019-03-11Create a wrapper class for update packagexunchang1-27/+27
Creates a new class handle the package in memory and package read from fd. Define the new interface functions, and make approximate changes to the verify and install functions. Bug: 127071893 Test: unit tests pass, sideload a package Change-Id: I66ab00654df92471184536fd147b237a86e9c5b5
2019-03-07Add a new entry in wipe package to list all wipe partitionsxunchang1-0/+23
This gives us finer control over the partitions to wipe on the host side. Bug: 127492427 Test: unit tests pass, install a wipe package on sailfish Change-Id: I612f8bac743a310f28e365b490ef388b278cfccb
2019-02-05Recovery test: Fix an parameter issue in string constructionxunchang1-2/+2
The intended string constructor is supposed be basic_string(size_type count, CharT ch). But the parameter is accidentally reversed when calling the constructor in install_test. Test: A failed unit test pass Change-Id: Id9765bfa7d2368ff0d7fbeea45c9c8357864e060
2019-01-25DO NOT MERGE: Revert "Revert "Add libprocessgroup dependency""Suren Baghdasaryan1-0/+1
This reverts commit 9ce1d14ef621459a4ac62ee1bda0b9f51cfa4c38. Reason for revert: AOSP is fixed with new vendor image Change-Id: Ie5a9748acdae22a2b9862cb2ecedda7031f77264 Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-01-24DO NOT MERGE: Revert "Add libprocessgroup dependency"Suren Baghdasaryan1-1/+0
This reverts commit 62d0c7873cf81d63078b932edd23ae78677408cd. Reason for revert: Broke AOSP Change-Id: I88ef00ebce797f7fdca3678ab93fcae364453a8c Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-01-20Add libprocessgroup dependencySuren Baghdasaryan1-0/+1
Because set_sched_policy is moved into libprocessgroup an additional dependency is requred for recovery_component_test to build. Exempt-From-Owner-Approval: janitorial Bug: 111307099 Test: builds, boots Merged-In: I7cf75e473ee1e2837940606c71d15be26db0c3f2 Change-Id: I7cf75e473ee1e2837940606c71d15be26db0c3f2 Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-01-17Add libprocessgroup dependencySuren Baghdasaryan1-0/+1
Because set_sched_policy is moved into libprocessgroup an additional dependency is requred for recovery_component_test to build. Exempt-From-Owner-Approval: janitorial Bug: 111307099 Test: builds, boots Change-Id: I7cf75e473ee1e2837940606c71d15be26db0c3f2 Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2018-12-19Move parts of roots.cpp to libfs_mgrYifan Hong1-0/+1
Move some mounting functionalities to libfs_mgr. Test: run recovery tests Bug: 118634720 Bug: 113182233 Change-Id: Ie59376664a744992429f0262ec96d13a1aed30f9
2018-12-06tests: Temporarily disable ScreenRecoveryUITest tests.Tao Bao1-18/+18
Seems they're racing with SurfaceFlinger in acquiring the display, which occasionally takes down the device and leads to test failures. Bug: 120601844 Test: Run recovery_unit_test on marlin. ScreenRecoveryUITest not triggered. Change-Id: I80b21595247a87fc1f2f95aa68df59f58bdf0257
2018-11-27minui: GRSurface::Create() computes data_size on its own.Tao Bao2-14/+24
GRSurface::Create() doesn't need to rely on caller specifying the buffer size, as it can compute that info based on the given args. This CL also uses `size_t` for all the parameters in GRSurface::Create(). Test: Run recovery_unit_test on marlin. Test: Build and boot into blueline recovery. `Run graphics test`. Test: Build and boot into blueline charger mode. Change-Id: Idec9381079196abf13553a475006fefcfca10950
2018-11-27minui: Fix a wrong arg in calling GRSurface::Create().Tao Bao2-0/+37
This is a bug introduced while refactoring init_display_surface(), in [1]. As a result, user of res_create_multi_display_surface(), which is effectively `charger` right now, crashes due to buffer overrun. This CL fixes the wrong arg and adds a sanity test for res_create_multi_display_surface(). The testdata (battery_scale.png) is copied from system/core/healthd/images/battery_scale.png. [1] commit 44820ac1e31ffa029ab5baa71238a11b6db3e6cc. Bug: 119122296 Test: Run recovery_unit_test on marlin. Test: Build and boot into charger mode on blueline. Verify that `charger` no longer crashes. Change-Id: Ib6d083e1512a9c3c6eb63874d26d22658921d693
2018-11-15Adjust the background text image width to reduce its sizeTianjie Xu1-1/+1
We can adjust the image width with respect to the maximum width of the wrapped text. This will remove some black margins and reduce the final size of the images, especially for those with short strings, e.g. "recovery_error". Also, add an option to centrally align the text; and fix a boundary check in the recovery resource test. Bug: 74397117 Test: Generate and check the image Change-Id: Ib6cf61a9c99c4aeede16751dc0adfa23ce3f5424
2018-11-15switch to using android-base/file.h instead of android-base/test_utils.hMark Salyzyn15-15/+3
Test: compile Bug: 119313545 Change-Id: I664fb32522d01909c603d7b903475c4e9aea9223
2018-11-14Use the non-LTO/PGO hwbinder in recovery_component_testPirama Arumuga Nainar1-1/+1
Bug: http://b/119560349 Bug: http://b/112277682 Currently, any binary links in a PGO-enabled static library also needs to opt into PGO. With b/119560349, this should be done automatically by the build system. Until then, use the non-PGO version of libhwbinder in recovery_component_test. Test: m ANDROID_PGO_INSTRUMENT=all Change-Id: Ic6e44c1cb6d6f13e60e11a46fd7e5ef54238942b
2018-11-06tests: Add a testcase for updater overrun while patching.Tao Bao1-80/+85
For any patching command, the resulting data should always exactly fill up the given target range. Test: Run recovery_component_test on marlin. Change-Id: Ib3cc1fc5c11094e2eab3fe370753db51c7c4135c
2018-11-05ui: Manage loaded resources with smart pointers.Tao Bao1-15/+15
Test: Run recovery_unit_test on marlin. Test: `Run graphics test` on marlin. Change-Id: I8239c3d9fb288f80ee11f615402768ff8ef8ecd0
2018-11-05tests: Remove obsolete testdata files.Tao Bao3-0/+0
testdata/jarsigned.zip and testdata/unsigned.zip became dead since commit 432918603f57de5a3acc6da9ff613d21c857d9fd ("Refactor existing tests to use gtest"). testdata/patch.bsdiff became dead when applypatch/applypatch.sh was deleted (commit c3ef089dfac921ef6ca04d5341a4035e8c4feb51). Test: Run recovery_unit_test and recovery_component_test. Change-Id: Ie1a7f8850878593fcb7d4554759a539271ffb207
2018-11-05updater: Error out on underrun during patching.Tao Bao1-0/+42
Test: Run recovery_component_test on marlin. Change-Id: If23baf42aeacb48500edabc2eadd2e7119a848da
2018-11-01minui: Add GRSurface::Clone().Tao Bao1-1/+13
Clone() allows duplicating the image that's stored in the GRSurface. Test: Run recovery_unit_test. Change-Id: Ia50d507c6200f2de5f17143775de805247a60e1f
2018-11-01tests: Use FRIEND_TEST in ScreenRecoveryUITest.Tao Bao1-24/+14
Test: Run recovery_unit_test on marlin. Change-Id: I93ec6df8c056b2c485200822f18db0b852595242
2018-10-31minui: Add a protected GRSurface ctor.Tao Bao2-22/+21
This prepares for the removal of the default and copy ctors, by making GRSurface::Create() as the only way to get GRSurface instances. Test: mmma -j bootable/recovery Test: Run recovery_unit_test on marlin. Change-Id: I0c34c3f3967e252deb020907c83acbac8a8f36b9
2018-10-31Refactor the code to check the metadataTianjie Xu1-16/+264
The two functions check_wipe_package() and check_newer_ab_build() were using the same flow; and checked the same device properties against the metadata file in the package. These properties include: ota_type, pre-device, and serial number. Therefore, we can consolidate the checks to a single function; and continue to check the fingerprint and timestamp only for AB updates. This change also addresses the need to accept multiple serial number in the wipe package. Bug: 118401208 Test: unit tests pass Change-Id: Ia6bc48fb6effcae059a2ff2cf71764b4136b4c00
2018-10-29Clean up the zipfile creation in InstallTestTianjie Xu1-99/+40
Consolidate them into a static function. Test: unit tests pass Change-Id: If05b62215940b221fc499d779eedc5079f68a060
2018-10-25Remove the load_keys functionTianjie Xu1-75/+9
This function is used to parse the result of dumpKeys. It's no longer needed as we are now parsing the public keys from the zipfile. Bug: 116655889 Test: unit tests pass Change-Id: I817906e451664058c644f4329ff499bbe4587ebb
2018-10-25Add sanity check when loading public keys for OTA packageTianjie Xu1-0/+32
For RSA keys, check if it has a 2048 bits modulus, and its public exponent is 3 or 65537. For EC keys, check if the field size is 256 bits for its curve. Bug: 116655889 Test: unit tests pass Change-Id: I5c00f4d2b61c98c434f0b49db232155d5d0770ec
2018-10-23Add a function to construct the GRSurface in testTianjie Xu1-3/+14
This fixes the build error as the initializer list no longer work without the proper constructor for c++ class. Bug: 74397117 Test: unit tests pass Change-Id: If3ff508a1a01ad5326413dab8e05bacae8a946c8
2018-10-23ui: Add constness to Draw- functions.Tao Bao1-9/+9
These functions take the given GRSurface instances as inputs, which shouldn't be altered. Test: mmma -j bootable/recovery Test: Run recovery_unit_test. Test: `Run graphics test` on marlin. Change-Id: I51bf408e85faae2b497d4f148ab1dec22dd16c93
2018-10-23minui: Move GRSurface into a class.Tao Bao1-0/+32
This CL adds GRSurface::Create() and dtor for managing the allocated memory in GRSurface class. It also adds GRSurface::data() that hides the underlying implementation, with both of const and non-const overloads. This allows `const GRSurface&` to be more useful - previously it only ensured a const member variable of `data`, instead of a read-only buffer it points to. It also marks the parameters in gr_texticon() and gr_blit() as const, as they're incoming source that shouldn't be altered. It corrects the type of gr_draw, which is the sink to be painted on (an earlier attempt was made in [1], but didn't get the full picture correctly). [1] https://android-review.googlesource.com/c/platform/bootable/recovery/+/704757/ Test: mmma -j bootable/recovery Test: recovery_unit_test on marlin Test: Run graphics test on marlin (fbdev). Test: Run graphics test on blueline (drm). Change-Id: I7904df084cd6c08fa04a9da97d01b4b1a6e3a20c
2018-10-23Add function to show localized rescue party menuTianjie Xu1-0/+37
Add a function in screenUI to display the pre-generated graphs for rescue party. If these graphs are not valid, falls back to display the old text strings. Right now we haven't generated the localized graphs yet, so the UI always shows the TextMenu. Bug: 116655889 Test: check rescue party under recovery Change-Id: I0558cb536b659cdc25c8b7946d3a39820935b003
2018-10-18Load X509 keys from ziparchiveTianjie Xu1-7/+84
Add a function to parse the zip archive and load the certificate from all the zip entries with the suffix "x509.pem". Bug: 116655889 Test: unittests pass Change-Id: I93bf7aef7462c0623e89fc2d466d7af2d3a758bc
2018-10-13Implement the graphic menusTianjie Xu1-14/+45
As we plan to show localized rescue party dialogs under recovery mode with pre-generated images, it becomes necessary to show the menu headers and items with images. This cl converts the menu class to a interface and derived TextMenu & GraphicMenu classes. And the GraphicMenu uses GRSurfaces* as the menu header and a list of GRSurfaces* as menu items. Moreover, factor out the Draw* functions in the ScreenUI into a separate DrawInterface. Therefore, the Menu class can access these draw functions and use them to implement the DrawHeaders & DrawItems neatly. Bug: 74397117 Test: unittests pass, boot into recovery and check menu Change-Id: I95cee30f3e5eb666eb6fbcdfc873a7260fc177c1
2018-10-12Add function to load the key from x509.pem fileTianjie Xu1-0/+84
We used to convert a pem certificate file to some intermediate plain text format; and parse that format under recovery mode. This is uncessary since the x509.pem can be directly parsed with openssl functions. Add the function to load the public key from one x509.pem file and corresponding unit tests. And we will add more cls to extract the pem files from otacert.zip later. Bug: 116655889 Test: verify package with 5 supported certficate versions Change-Id: Ibc6c696c534567f005db75143cc4ef8d4bdea6a0
2018-10-05Compare the fingerprint before reading the partitionTianjie Xu1-15/+87
The update_verifier now compares the fingerprint of a partition before performing the blocks read. If the fingerprint of the current system property mismatches the one embedded in the care_map, verification of this partition will be skipped. This is useful for the possible system only updates in the future. Bug: 114778109 Test: unit tests pass Change-Id: Iea309148a05109b5810dfb533d94260d77ab8540
2018-10-02Reland: "recovery_test_component: Add libbinderthreadstate as static Jayant Chowdhary1-1/+2
dependency." This reverts commit 26b86bb1dc895881cf507dfab0850c47c68c2779. Reason for revert: Dependencies which broke tests due to exclusion from LOCAL_JNI_SHARED_LIBS have been added. Change-Id: I364acfe8bd0526fb26f69cc29fb3545fc3e79764
2018-10-01Move to new isolation test runner.Christopher Ferris1-7/+4
Test: Ran tests. Change-Id: I5fa99f7b6b03c7b9247b4f340f3df982063b0e3e
2018-09-28Revert "recovery_test_component: Add libbinderthreadstate as static dependency."Remi NGUYEN VAN1-2/+1
This reverts commit a71c10b46427388932c662ffe59f6513fd5227c0. Reason for revert: This breaks framework tests and blocks presubmit Change-Id: Iae94878889c1e71e2da5336fe75af88dfd3bfcfa
2018-09-27recovery_test_component: Add libbinderthreadstate as static dependency.Jayant Chowdhary1-1/+2
Bug: 110364143 Bug: 114311116 Test: mm -j64 Change-Id: I3b9174443b00ad57be60881736afde7647351bd1 Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
2018-09-21Refactor update_verifier into a classTianjie Xu1-23/+40
The refactor separates out the parsing of care_map and the actual verification of the partitions. Moreover, it skips the verification in case of a format error in the care map. Also, the parsing of care_map now uses the suffix of the file to tell if it has the protobuf format or the plain text format. Bug: 115740187 Test: unit test pass Change-Id: I7aa32004db02af1deb7bfdc6f5bd7921eb7883e5
2018-09-13Move the parse of last_install to recovery-persistTianjie Xu1-0/+75
The recovery-persist used to look for the related recovery logs in persist storage, and copy them under /data/misc/recovery during the normal boot process. As we also want to find out the sideload information from last_install, it makes more sense to move the parse & report of non-a/b metrics to recovery-persist. Thus we can avoid the race condition of the file system between the native code and RecoverySystem. Bug: 114278989 Test: unit test pass, check the event buffer for metrics report Change-Id: I32d7b2b831bc74a61a70af9a2f0b8a7e9b3e36ee
2018-08-31applypatch: {Load,Save}FileContents return bool values.Tao Bao1-5/+5
Bug: 110106408 Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: Id72e24dd00eb451565d90cff6e049f4f4b844ea2
2018-08-31applypatch: Refactor applypatch().Tao Bao2-99/+101
applypatch() was initially designed for file-based OTA, operating on individual files. It was later extended to allow patching eMMC targets as a whole, in favor of block-based updates. As we have deprecated file-based OTA since Oreo, part of the code in applypatch() has become obsolete. This CL refactors the related functions, by removing the obsolete logic and focusing on eMMC targets. Since this CL substantially changes applypatch APIs, it adds new functions to avoid unintentionally mixing them together. In particular, it removes `applypatch()`, `applypatch_check()`, `applypatch_flash()`, and adds `PatchPartition()`, `PatchPartitionCheck()`, `FlashPartition()` and `CheckPartition()`. It also replaces the old Edify functions `apply_patch()` and `apply_patch_check()` with `patch_partition()` and `patch_partition_check()` respectively. This CL requires matching changes to OTA generation script (in the same topic). Bug: 110106408 Test: Run recovery_unit_test and recovery_component_test on marlin. Test: `m dist` with non-A/B target. Verify /system/bin/install-recovery.sh on device. Test: `m dist` with non-A/B target using BOARD_USES_FULL_RECOVERY_IMAGE. Verify /system/bin/install-recovery.sh on device. Test: Install an incremental OTA with the new updater and scripts. Change-Id: Ia34a90114bb227f4216eb478c22dc98c8194cb7f
2018-08-28Remove otafaultTianjie Xu2-2/+1
Now it's less beneficial to inject I/O faults since we don't see many of them. Remove the library that mocks I/O failures. And switch to android::base I/O when possible. Bug: 113032079 Test: unit tests pass Change-Id: I9f2a92b7ba80f4da6ff9e2abc27f2680138f942c
2018-08-20tests: Remove {old,new}.file.Tao Bao4-50/+55
They serve the same purpose as {boot,recovery}.img, except that they're not structured to be imgdiff'd. Remove the two files and replace all the uses with {boot,recovery}.img instead. Bug: 110106408 Test: Run recovery_{unit,component}_test on marlin. Change-Id: I8e71187d5b0c142ad932f33717f6fae364b43abc
2018-08-17updater: Add TransferList class.Tao Bao2-10/+68
This would be the top-level class that represents and holds the info parsed from a transfer list file. Bug: 112151972 Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I83b54df9d1411542eeeb8ef4a2db167e97f989c3
2018-08-16updater: Add SourceInfo::{ReadAll,DumpBuffer,Overlaps}.Tao Bao1-0/+116
Bug: 112151972 Test: Run recovery_unit_test on marlin. Change-Id: Ica2a7b3c768f5d8ca5d591a9560bca9f8ed847c5
2018-08-16Fixing the Mac SDK buildAndreas Huber1-0/+7
recovery_host_test is now excluded from darwin targets as its dependency libimgdiff is. Change-Id: I6aa085125109ed2218572df97f35289b71c354ab
2018-08-16tests: Add the missing tests in applypatch_modes_test.cpp.Tao Bao1-19/+2
This file was somehow missed when converting from Android.mk to Android.bp. This CL addresses the issue by picking up all the .cpp files in the test source dir. Test: Run recovery_{unit,component}_test on marlin. Check the reported number of tests (94 for unit test and 157 for component test). Change-Id: I50435b07fcb8602ef7b3f7e7d3a69e10b6a5932d
2018-08-15tests: Move to Android.bp.Tao Bao8-235/+220
Also separate libupdater_defaults out to be shareable. It turns out the `data` property in `cc_test` doesn't follow symlinks as LOCAL_TEST_DATA does in Android.mk. This CL creates a filegroup in top-level Android.bp in order to pick up the testdata for ResourcesTest. Test: `mmma -j bootable/recovery` with aosp_marlin-userdebug Test: Run recovery_{unit,component,manual}_test on marlin. Test: Run recovery_host_test. Change-Id: I4532ab25aeb83c0b0baa8051d5fe34ba7b910a35
2018-08-14Track the change to update_engine_sideload path.Tao Bao1-1/+1
Bug: 112494634 Test: Build and boot into recovery image on taimen. Verify that `Apply updates from ADB` keeps working. Test: Run recovery_component_test on marlin. Change-Id: I9ee8834053fda79a4fd77bfa83eab3cc51a90dff
2018-08-14Add the hash_tree_info class in CommandTianjie Xu1-0/+20
Add hash_tree_info to represent the hash tree computation arguments in the transfer commands 'compute_hash_tree'. Also add its parsing code in the Command class. Bug: 25170618 Test: unit tests pass Change-Id: Ie8607968377968e8fb3e58d1af0b8ca315e145be
2018-08-14recovery uses IHealth::getServiceYifan Hong1-13/+0
recovery is_battery_ok function uses get_health_service(), which calls IHealth::getService("default") then IHealth::getService("backup"). - An OEM can provide the default instance by installing android.hardware.health@2.0-impl-<device>.so to recovery partition. - If that's not found, the "backup" instance is provided to the recovery partition by default. Test: call is_battery_ok() in recovery, successfully get battery information. Bug: 80132328 Change-Id: Ibfee80636325a07bc20b24d044d007a60b3dd7c2
2018-08-13Reland "Build and use minadbd as a shared library."Tao Bao1-2/+0
This relands the previously reverted CL in commit c70446ce7b4db79f296833b16ce38eb8a01d83df ("Build and use minadbd as a shared library."). `recovery` has been built with Soong, so the previous concern (unintentionally installing `libminadbd_services.so` to normal system image) no longer holds. Note that `reocvery` can't use `libminadbd_services.a`, as functions like `daemon_service_to_fd()` (needed by `libadbd.so`) won't be linked into `recovery`. This CL moves the dependency of `libminadbd_services` from `librecovery` into `recovery`, as only the latter actually relies on it (via `recovery_main.cpp`). Note that we no longer need to list the transitive dependency on `libadbd` or `libasyncio`. Bug: 112494634 Test: `mmma -j bootable/recovery` Test: Build and boot into recovery with aosp_taimen-userdebug. Verify that sideloading keeps working. Test: `build/soong/build_test.bash --dist` Change-Id: Ic086470b86d6770bede317e0f5534f608fa7b7d2
2018-08-13updater: Move libupdater to Soong.Tao Bao1-5/+5
Test: mmma -j bootable/recovery Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I2617b87d13c585addf0ed2fbae8c3ce443ea7200
2018-08-13tests: Create res-testdata for testdata pickup.Tao Bao7-5/+11
It doesn't change the functionality of the test, but allows easier conversion to Soong. Test: Run recovery_component_test on marlin. Change-Id: Ic7419dc86c6b220531ae44e49ab4657394a5d7fa
2018-08-08Revert "Build and use minadbd as a shared library."Tao Bao1-1/+1
This reverts commit 4fd4f89591fe826cf26167bccaeb2802f14fbdc8. The reverted CL has a side effect that unintentionally installs a copy of libminadbd_services.so to the system image. This breaks the check with `build/soong/build_test.bash --dist` which detects and prevents vendor modules from installing files to the system image. Prior to fully converting `recovery` to be built with Soong, we have to statically link recovery-specific modules into `recovery`. Bug: 110380063 Test: `m -j bootimage` with aosp_marlin-userdebug Test: Run minadbd_test on marlin. Test: Boot into recovery and verify that sideloading still works. Test: `build/soong/build_test.bash --dist` Change-Id: I290d55c82e17aa60a5afdf2ff7f896afc4dae8b3
2018-08-07Build and use minadbd as a shared library.Tao Bao1-1/+1
The former `minadbd` module is now built as a shared library (`libminadbd_services.so`) that serves sideloading under recovery, with a dynamic dependency on `libadbd.so`. This allows sharing and reusing libadbd code on device (both of `adbd` and `recovery` now uses `libadbd.so`). As a result, it reduces the size of `recovery` binary from 1407360-byte to (1272880 + 33032)-byte (aosp_marlin-userdebug). Bug: 78793464 Test: `m -j bootimage` with aosp_marlin-userdebug Test: Run minadbd_test on marlin. Test: Boot into recovery and verify that sideloading still works. Change-Id: I6c2bc3d351d5af71220a9b9f956c8c039e52c781
2018-08-06Dynamically load device-specific recovery UI lib.Tao Bao1-1/+1
We used to statically link the device-specific recovery UI extension (`TARGET_RECOVERY_UI_LIB`) into `recovery`. Such a logic can't be easily migrated to Soong, as modules specified by `TARGET_RECOVERY_UI_LIB` may not be built with Soong. Instead of porting all the device-specific codes over, this CL builds and installs the UI lib as a shared library with Android.mk. `recovery` dlopen(3)'s and dlsym(3)'s `make_device` to invoke the device-specific UI lib on start. Note that in order to make dlopen(3) actually working, we have to switch `recovery` to be dynamically linked (we will make the move later anyway). Bug: 110380063 Test: Build and boot into marlin recovery image. Check that device-specific recovery UI is successfully loaded. Change-Id: Ia9861c7559a95f3f50676534540c0cb87cae4574
2018-08-06Add an updater function to compute hash treeTianjie Xu3-0/+83
The new command is part of the transfer.list and allows us to compute the hash tree on non-ab devices. The required arguments for the hash_tree computation are: hash_tree_ranges source_ranges hash_algorithm salt_hex root_hash Bug: 25170618 Test: unit tests pass; run simulator with compute_hash_tree Change-Id: I8ff0d582cc8adabb8a060db7845f38b35b28e62c
2018-07-30recovery: Add ability to interrupt UIJerry Zhang1-1/+38
Normally calling a UI method will block indefinitely until the UI is actually used. This creates a method to interrupt the UI, causing waitKey to return -2. This in turn, will cause ShowMenu to return -2. This allows switching between recovery and fastbootd via usb commands. Test: adb shell /data/nativetest64/recovery_unit_test/recovery_unit_test Bug: 78793464 Change-Id: I4c6c9aa18d79070877841a5c9818acf723fa6096
2018-07-25Add proto3 support for care_mapTianjie Xu2-20/+96
Switching to the protobuf format helps to make the care_map more extensible. As we have such plans in the future, add the support to parse the protobuf message in the update_verifier. Bug: 77867897 Test: unit tests pass, update_verifier successfully verifies a care_map.pb Change-Id: I9fe83cb4dd3cc8d6fd0260f2a47338fe142d3938
2018-07-23Revert "Make recovery libraries shared / recovery_available"Hridya Valsaraju1-7/+0
This reverts commit c936a6961940a15f7f95befcf35425bad8fa4f7c. Reason for revert: b/111734137 Change-Id: Ie9c1fdc75d6e87dba7019c4e6d1799af25c2f94a
2018-07-20applypatch: Change applypatch command-line arguments.Tao Bao1-191/+107
This applies to the standalone applypatch executable (/system/bin/applypatch on device). This executable is only used when installing (via patching or flashing) a recovery image on non-A/B device. This CL removes the support for patching non-eMMC targets from applypatch that has been deprecated as part of file-based OTA. For patching eMMC targets, it also drops the support for accepting multiple patches (not useful, since the source file must be fixed). This CL needs the matching change in the same topic, which writes the script of "/system/bin/install-recovery.sh". Note that this CL doesn't chanage the applypatch API signatures, in order to minimize the CL size. *BEFORE* usage: /system/bin/applypatch [-b <bonus-file>] <src-file> <tgt-file> <tgt-sha1> <tgt-size> [<src-sha1>:<patch> ...] or /system/bin/applypatch -c <file> [<sha1> ...] or /system/bin/applypatch -l Filenames may be of the form EMMC:<partition>:<len_1>:<sha1_1>:<len_2>:<sha1_2>:... to specify reading from or writing to an EMMC partition. *AFTER* Usage: check mode applypatch --check EMMC:<target-file>:<target-size>:<target-sha1> flash mode applypatch --flash <source-file> --target EMMC:<target-file>:<target-size>:<target-sha1> patch mode applypatch [--bonus <bonus-file>] --patch <patch-file> --target EMMC:<target-file>:<target-size>:<target-sha1> --source EMMC:<source-file>:<source-size>:<source-sha1> show license applypatch --license Bug: 110106408 Test: Run recovery_component_test and recovery_unit_test on marlin. Test: Build a non-A/B target that has /system/bin/install-recovery.sh. Verify that it installs recovery image successfully. Test: Build a non-A/B target that has /system/bin/install-recovery.sh in flashing mode. Verify that it installs recovery image successfully. Change-Id: I71f9a71fb457e6f663e0b5511946949e65b4b78c
2018-07-20Make recovery libraries shared / recovery_availableJerry Zhang1-0/+7
Test: compiles Bug: 78793464 Change-Id: Iff64bc1a597e70f749a9d825f7d386baa427be3d Merged-In: Iff64bc1a597e70f749a9d825f7d386baa427be3d (cherry picked from commit 92969c49dce519803ed0a1986781c474b1bbc82f)
2018-07-20Make recovery libraries shared / recovery_availableJerry Zhang1-0/+7
Test: compiles Bug: 78793464 Change-Id: Iff64bc1a597e70f749a9d825f7d386baa427be3d
2018-07-17Fix the arguments passed to getopt_long(3).Tao Bao1-0/+10
The getopt_long(3) implementation in Android (upstream freebsd) expects a null-terminated array while parsing long options with required args. if (long_options[match].has_arg == required_argument) { optarg = nargv[optind++]; } ... if (long_options[match].has_arg == required_argument && optarg == NULL) { return (BADARG); } This seems to make sense in practice, as getopt(3) takes the first two arguments of argc and argv that are "as passed to the main() function on program invocation", and both of C and C++ spec say "the value of argv[argc] shall be 0". Prior to the CL, we may run into undefined behavior on malformed input command line (e.g. missing arg for an option that requires one). This CL fixes the issue by always appending a nullptr to the argument list (but without counting that into argc). Test: Build and boot into recovery with commands. Change-Id: Ic6c37548f4db2f30aeabd40f387ca916eeca5392
2018-07-12tests: Clean up the temporary dirs post-run.Tao Bao2-21/+22
TemporaryDir only deletes empty dirs (not done by its dtor because it tries to keep the temporary files available on error exit). Also change FreeCacheTest::MockFreeSpaceChecker to be static. Test: Run recovery_unit_test on marlin. Check /data/local/tmp post-run. Change-Id: I1bd54eb840e3094b4f22ee84c059eec2998773bf
2018-07-12applypatch: Fix the return type of FreeSpaceForFile().Tao Bao1-6/+18
Prior to this CL, FreeSpaceForFile() was returning `size_t`, which may overflow on ILP32 when called on a partition with 4GiB+ free space. Additionally, it was returning static_cast<size_t>(-1) on error, but the caller in freecache.cpp didn't check for that. This CL changes its return type to `int64_t`, and moves the function into freecache.cpp since there's no external caller. Test: Run recovery_unit_test on marlin. Test: Code search shows no external user of FreeSpaceForFile(). Change-Id: I00f501a057726e1f1ab69f367c46c77b30f2d774
2018-07-11Remove the debug code for bspatch flakinessTianjie Xu1-66/+2
We already know the flakiness happens in bspatch, and the issue is tracked in b/80193170. Bug: 67849209 Test: unit tests pass Change-Id: Ib4772b8f2f0225125096fe7407d083b5bb542cfb
2018-07-10updater: Let read_file() return Value::Type::STRING.Tao Bao1-0/+23
It used to return a Value blob to be consumed by sha1_check() (which has been deprecated). Currently there's no other generic updater function that works with BLOB Values. This CL changes read_file() to return a string Value to make it more useful (e.g. allowing equality check). Test: Run recovery_component_test and recovery_unit_test on marlin. Change-Id: Iba986ba649030112babefe898f26aa9ffe69eeb7
2018-07-10edify: Rename parse_string to ParseString and let it take std::string.Tao Bao2-69/+66
Also simplify the helper function expect() in {edify,updater}_test.cpp. Test: Run recovery_component_test on marlin. Change-Id: If54febba4b5013f6d71546318a1ca6b635204ac8
2018-07-10edify: Remove VAL_INVALID and move ValueType into Value class.Tao Bao1-2/+2
Test: mmma -j bootable/recovery Test: Run recovery_component_test and recovery_unit_test on marlin. Change-Id: I4b240e3e771c387b9694be9c0f2f74e0265ab4cb
2018-07-10applypatch: Restrict applypatch_check to eMMC targets.Tao Bao2-86/+50
Also fix an error-pone behavior in previous code when verifying an eMMC target. As long as it loads the partition content successfully according to the SHAs embedded in the filename, it shouldn't further check against the SHAs given in the second argument. Because the loaded contents relate to a specific partition size. For example: apply_patch_check( "EMMC:/boot.img:src_size:src_hash:tgt_size:tgt_hash", "src_hash"); Assume "/boot.img" already has the desired hash of "tgt_hash", the previous code would give wrong verification result. The issue can be addressed by additionally listing "tgt_hash" as one of the desired SHAs (or by applying this CL). Bug: 110106408 Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I8daafdbecd083f687e24d563ab089caa25667633
2018-07-09updater: Remove the support for sha1_check().Tao Bao1-33/+28
The matching edify function has been removed from EdifyGenerator [1]. In theory device-specific releasetools script may still use this function, but it no longer looks useful. Because a) we should use range_sha1() when asserting the SHA-1 hash of a block device; b) we should look into the contents when asserting a text file. [1] https://android-review.googlesource.com/c/platform/build/+/714104 Test: Run recovery_component_test on marlin. Test: Code search shows no active user. Change-Id: Id39439101534fb89cf8c5cea80a4b758c8a1a60d
2018-07-07updater: Add ABORT command.Tao Bao2-3/+34
This will be used for testing purpose only, replacing the previously used "fail", to intentionally abort an update. As we're separating the logic between commands parsing and execution, "abort" needs to be considered as a valid command during the parsing. Test: recovery_unit_test and recovery_component_test on marlin. Change-Id: I47c41c423e62c41cc8515fd92f3c5959be08da02
2018-07-06tests: Split unit tests out of component/applypatch_test.cpp.Tao Bao3-289/+331
... into unit/applypatch_test.cpp. And rename the file to component/applypatch_modes_test.cpp. Bug: 110106408 Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: Ic23c4f054baa2fa0d5e8ea2fcffd22572f1f112e
2018-06-25updater: Check the number of args in Command::Parse.Tao Bao1-0/+25
Additionally checks for excess args when parsing ERASE, FREE, NEW, STASH and ZERO. Note that the check for MOVE, BSDIFF, IMGDIFF has been covered in Command::ParseTargetInfoAndSourceInfo. Test: Run recovery_unit_test on marlin. Change-Id: Ic8bc9b7a8dcf98f1f8db2e259607564508726857
2018-06-25updater: Add Command parsing codes.Tao Bao2-0/+277
The added codes are not used in the updater yet. The switch will happen in subsequent CLs. Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I1ae8a233280f02c2171b43ef028bdccdacb39c59
2018-06-19Drop the dependency on AB_OTA_UPDATER flag.Tao Bao2-93/+85
This shortens the gap between A/B and non-A/B builds, by replacing the dependency on build-time flag with runtime detection instead. It also allows building and testing both paths regardless of the target OTA type. The size increase to /sbin/recovery looks negligible (< 0.01%). - marlin: increased from 2084928 to 2085024; - angler: increased from 2084776 to 2084896. Test: Run recovery_component_test on angler and marlin. Test: Sideload an A/B OTA package on marlin. Test: Sideload a non-A/B OTA package on angler. Change-Id: I1d927d1ede9713fb42f73b4fe324aa5705ee6f99
2018-06-14tests: Skip ScreenRecoveryUITest on gr_init failure.Tao Bao1-1/+38
It addresses the ScreenRecoveryUITest failures on gce targets which don't have any graphics backend. Probing for all backend devices in tests could work, but would duplicate codes. This CL relies on the result of gr_init(). As a side effect, it may give false negatives if gr_init() is supposed to work but silently broken. But such issues are beyond ScreenRecoveryUITest's concern, which should be captured by the tests for minui or graphics backends instead. Fixes: 79616356 Test: Run recovery_unit_test on marlin. Test: Run recovery_unit_test on gce. Change-Id: I121aacc61c8a614447509506057ecfd8d86163e4
2018-06-07updater: Remove the redundant check on line count.Tao Bao1-2/+21
Test: recovery_component_test on marlin. Change-Id: I2ac2bd47469d1aec8a97a8c4ed0fe80ffd65c95b
2018-06-06ui: join only if joinable.Tao Bao1-0/+5
The threads in RecoveryUI only get initialized if their Init()s finish successfully. Test: recovery_unit_test on marlin. Change-Id: Ic4b62300a3cbd47887d9f4a90dc26f8a7deab616
2018-06-05tests: Specify the death test style to avoid flakiness.Tao Bao2-0/+5
As warned below (while running the test), the default death test style (i.e. "fast") doesn't work well in a threaded context, which causes test flakiness (timeout or early exit). [WARNING] external/googletest/googletest/src/gtest-death-test.cc:836:: Death tests use fork(), which is unsafe particularly in a threaded context. For this test, Google Test detected 3 threads. This CL specifies the death test styles to be "threadsafe" for the following death tests. - RangeSetTest.GetBlockNumber - RangeSetTest.file_range - ScreenRecoveryUITest.LoadAnimation_MissingAnimation Test: mmma -j bootable/recovery Test: Run recovery_unit_test on marlin. Test passes and the above warning is gone. Change-Id: I245bbc09286702d5cb326f878c4391e842b66cc5
2018-06-04tests: Add ResumableUpdaterTest.Tao Bao1-0/+227
This is a stress test that instantiates multiple testcases that interrupt a BBOTA update at every transfer command. Each testcase asserts the last_command_file after the interruption, verifies the update resumability, then resumes the update and asserts the updated image. The transfer list in the testcase covers most of the transfer commands (stash/free/move/bsdiff/zero/new), as well as some special pattern like having duplicate stash ids. This CL also addresses one issue in the updater code, by resetting the stash_map before each run. The stash map should be valid only per block_image_verify/block_image_update run. Having leftover may cause issue in subsequent runs, in particular when calling block_image_verify after a previous run of block_image_{update,verify}. Test: Run recovery_component_test on marlin. Change-Id: I6f9a0368d194a754ce41a9c9819c6d5be2657248
2018-05-26updater: Add Commmand class to manage BBOTA commands.Tao Bao2-0/+38
Move the commands map parsing out of PerformBlockImageUpdate(), as this can be done more easily by the caller. The goal (not done in this CL) is to decouple command parsing logic from the performers. This allows (a) focusing on the command logic in the performer; and (b) extending BBOTA commands syntax separately. Test: Run recovery_unit_test and recovery_component_test. Change-Id: Ife202398a7660b152d84a3ba17b90f93d19c55f2
2018-05-25tests: Setup last_command_file for UpdaterTest.Tao Bao1-13/+15
Otherwise tests may interfere with each other by using the same / default location. Test: Run recovery_component_test on marlin. Change-Id: I6b0455489f2fdce819009964dd92bfd9bfeb06ef
2018-05-24Convert deflate image chunks to raw if the raw data is smallerTianjie Xu3-32/+75
The imgpatch will fail on empty deflates because the bspatch won't call the sink function if the target length is zero. Instead of compressing an empty string, it's cleaner to not generate such empty deflate chunks in the patch. Therefore, we can just convert the chunk type to raw if the target length is smaller than the patch data. Also adjust some unit tests and add the testdata gzipped_source & gzipped_target. These two files are ~1K each and are generated by gzipping two slightly different regular files. Bug: 79265132 Test: unit tests pass, imgpatch applys successfully on the given src/tgt Change-Id: I6bfff3251918137f6762a6f9e9551642371a1124
2018-05-24tests: Refactor the common lines in UpdaterTest.Tao Bao1-286/+182
Move the common codes into RunBlockImageUpdate(). Also clean up the partition updated marker after running each test. Test: Run recovery_component_test on marlin. Change-Id: Id4302e4da4c664231b737a1e83d2e164ef58ed97
2018-05-22ui: Use std::thread to create input/progress threads.Tao Bao1-2/+10
Test: Build and boot into recovery on walleye. Check the long press detection; `Run graphics test`. Change-Id: Ic3e9b0652fc3ff6fb3ad118df5ebb9bb4abda2cd
2018-05-17Move stuff from recovery into librecovery.Tao Bao1-1/+1
Move most source files into librecovery so they become testable. Only recovery_main.cpp and logging.cpp are built into recovery module, as they perform one-time setup (e.g. setting up logger). Test: `mmma -j bootable/recovery` with aosp_{angler,bullhead,fugu,dragon,marlin}-userdebug Test: recovery_host_test; recovery_unit_test; recovery_component_test; recovery_manual_test Test: Build and boot into recovery image on angler. Change-Id: Ic4444f87a2f123557c71085f81dc2b2764c05ed8 Merged-In: Ic4444f87a2f123557c71085f81dc2b2764c05ed8
2018-05-17Move stuff from recovery into librecovery.Tao Bao1-2/+14
Move most source files into librecovery so they become testable. Only recovery_main.cpp and logging.cpp are built into recovery module, as they perform one-time setup (e.g. setting up logger). Test: `mmma -j bootable/recovery` with aosp_{angler,bullhead,fugu,dragon,marlin}-userdebug Test: recovery_host_test; recovery_unit_test; recovery_component_test; recovery_manual_test Test: Build and boot into recovery image on angler. Change-Id: Ic4444f87a2f123557c71085f81dc2b2764c05ed8 (cherry picked from commit bf4c006d7bc8a4517c82399bbffd9cb09971c0b4)
2018-05-14wear_ui: Address a TODO regarding {intro,loop}_frames.Tao Bao1-3/+53
Also add tests for LoadAnimation that cover the change. Test: Run `recovery_unit_test` on marlin. Change-Id: I0380a5cdd0d85d55baecf7759eb647b6a9f3a085
2018-05-12Clean up the Makefile for recovery and tests.Tao Bao1-28/+71
Reorder librecovery and librecovery_ui, so that librecovery stays closer to recovery (in preparation for later changes that move more files between the two). For the libraries in LOCAL_STATIC_LIBRARIES, reorder them based on the dependency - local modules coming first, with external libraries near the end. Sort the local / external modules, unless a specific order is needed. In tests/Android.mk, split the monolithic list of LOCAL_STATIC_LIBRARIES based on modules. This makes adding / finding libraries easier. There's no functionality in this CL. Test: mmma -j bootable/recovery Change-Id: I6836be574df565001ae9cd3d466a2b6460d90d08
2018-05-09screen_ui: Fix an issue in RTL locale detection.Tao Bao1-1/+1
The CL in [1] moved android.os.RecoverySystem to send the locale argument in well-formed BCP 47 language tags (e.g. "en-US" instead of "en_US"), with the matching changes to recovery code in [2]. However, the one in ScreenRecoveryUI::SetLocale() was missed, which broke RTL locale detection when using new format. [1] commit 38715228 in platform/frameworks/base [2] commit 2078b22e in platform/bootable/recovery Test: Set the locale to "ar-EG". `Run graphics test` under recovery. Check the progress bar. Test: Run recovery_unit_test on marlin. Change-Id: I7c7f5e0725bfb096109c7192c19f3f008e8e47e3
2018-05-09tests: Add tests for ScreenRecoveryUI.Tao Bao4-0/+168
In order to support that, this CL adds Paths::set_resource_dir() to override the default resource dir ("/res/images/") that's only available under recovery. Note that since there're external modules depending on libminui, it adds a separate function of res_set_resource_dir(), instead of requiring the dependency on libotautil for everyone. Test: mmma -j bootable/recovery Test: Run recovery_unit_test on marlin. Change-Id: I0a7dcf4476808bea9e634eaffc9676f6cbaf92b7
2018-05-04otautil: Rename dir/sys/thermal utils.Tao Bao5-8/+8
Test: mmma -j bootable/recovery Change-Id: I32ab98549e91f993364306e4a88dc654221b3869
2018-05-03Move menu headers/items to std::vector<std::string>.Tao Bao1-12/+15
Test: mmma -j bootable/recovery Test: Run recovery_unit_test on marlin. Test: Build and boot into recovery image on angler. Check the UI that shows menu ('View recovery log', 'Wipe data', 'Run locale test'). Test: Start recovery with '--prompt_and_wipe_data'. Check the UI. Change-Id: If8a4209e0bb4ca64f719f9f9465d3b3589a69cdc
2018-05-03screen_ui: Merge Menu::Start() into its ctor.Tao Bao1-21/+7
Since we instantiate a Menu object each time for a given set of header/items, we don't have a use case of re-populating an existing Menu with different data (which is what Menu::Start() does). Test: mmma -j bootable/recovery Test: Run recovery_unit_test on marlin. Test: Build and boot into recovery image on angler. Check the UI. Change-Id: Iaa2ba9d406ebd74c015e43198c17c5335b38df53
2018-04-28Merge libmounts into libotautil.Tao Bao1-1/+0
Export its header (mounts.h) from there, and drop the dot dot dependency from libupdater / updater. Test: mmma bootable/recovery Test: recovery_component_test Change-Id: Ic26a6b9b78a34dbe1f178b138f3abaafffbec44c
2018-04-26Rename CacheLocation to Paths.Tao Bao2-13/+12
We have a general need for overriding more paths (e.g. "/tmp"), mostly for testing purpose. Rename CacheLocation to Paths, and use that to manage TEMPORARY_{INSTALL,LOG}_FILE. Test: mmma -j bootable/recovery Test: recovery_component_test Change-Id: Ia8ce8e5695df37ca434f13ac4d3206de1e8e9396
2018-04-26Dump the uncompressed data's SHA1 to debug flaky testsTianjie Xu1-2/+52
Dump the SHA1 of the uncompressed data in applypatch to confirm if we are at least doing the bspatch part correctly. (I expect so since the actual length of the uncompressed data matches the expected length). Also try to decompress the deflate chunk inside the recovery image for these two flacky tests. In theory, there shouldn't be randomness in zlib; so we would know if we process the data wrongly if the deflate fails to decompress. Bug: 67849209 Test: recovery_component_test Change-Id: Id947522153b1eeb0d10d161298a96fb045f92018
2018-04-24Dump debug information for apply_patch unit testsTianjie Xu1-1/+12
The apply patch test should have a deterministic way to append patch data. Add debug logs to dump the length and SHA1 of each step to further track down the flakiness. Also redirect the debug logging to stdout in case the logcat becomes too chatty. Bug: 67849209 Test: Run recovery_component_test Change-Id: I42bafef2d9dee599719ae57840b3d8c00d243ebd
2018-04-20Make update_verifier generic across verified boot versions.Tao Bao2-13/+4
This allows the update_verifier in a general system image to work across devices that have different verified boot versions (i.e. not supported / verified boot 1.0 / verified boot 2.0 / disabled). Bug: 78283982 Test: Run recovery_component_test on both of marlin and walleye. Test: Generate an OTA that has this CL. Install this OTA and check the update_verifier log during the post-reboot verification, on both of marlin (VB 1.0) and walleye (VB 2.0). Test: Build and flash walleye image with verified boot disabled. Check that update_verifier marks the slot as successfully booted. Change-Id: I828d87d59f911786531f774ffcf9b2ad7c2ca007
2018-04-19applypatch: Dump patch info on mismatching patching result.Tao Bao1-0/+5
After splitting the previously flaky ApplyPatchModesTest#PatchModeEmmcTarget tests, PatchModeEmmcTargetWithMultiplePatches now becomes the sole victim. This CL dumps additional info to narrow down the cause. Bug: 67849209 Test: `recovery_component_test` on marlin. Test: It dumps additional info after using corrupt bonus.file. Change-Id: Ic5436de457cc882a51d03f49d5cee70077f7d3df
2018-04-16tests: Move ResourcesTest into component test.Tao Bao3-101/+126
Although the tests were initially written for checking the validity of the text images, it doesn't hurt to run them continuously as part of the component test (recovery_manual_test requires reboots during the run, due to the nature of the tests of recovery-{refresh,persist}). This also allows detecting breaking changes to libminui or libpng. There's a catch that the ResourcesTest won't be triggered via `atest`, as the res-* testdata won't be picked up via AndroidTest.xml. Explored a few options but not addressing that in this CL: - `atest` is not fully working in AOSP yet (missing support in tools/tradefederation/core/atest/atest.py). - `atest` doesn't allow specifying the testdata with path in the 'push' option. - It won't fail the test run though, as ResourcesTest will skip the tests automatically when it finds no text image file. - APCT and manual `adb sync data` are not affected, and I don't see an active user of `atest` other than a tool for manual test invocation. - Unrelated to this CL, `atest` doesn't seem to work well with recovery_component_test or recovery_unit_test while we have both of them in one AndroidTest.xml. It randomly triggers only one of them, despite of the given test name. When splitting AndroidTest.xml into two, it tends to pick up the wrong testdata subdir and gives wrong results. Test: Run recovery_manual_test and recovery_component_test on marlin. Change-Id: I3a237499a7770356e14085674bc8b9cb4551db85
2018-04-14Expose PngHandler via resources.h.Tao Bao1-95/+55
As a private header for testing purpose. PngHandler additionally loads a given filename if the one with '/res/images' prefix is not available. It also provides color_type/bit_depth that are parsed from the PNG file. This allows reusing the same code for the ResourcesTest (renamed from ResourceTest). Test: Run recovery_manual_test on marlin. Change-Id: I3f939d79a1cb1b83a899847dbe2d51bde15d16d8
2018-04-13Remove the old log files if cache space is insufficient for OTATianjie Xu1-0/+129
We set the limit of the max stash size to 80% of cache size. But the cache space can still be insufficient for the update if the log files occupy a large chunk of /cache. So remove the old logs for now to make room for the update. Bug: 77528881 Test: unit tests pass Change-Id: Ia8bcb0ace11f8164ad9290bfb360e08e31d282cb
2018-04-02tests: Pick up testdata with LOCAL_TEST_DATA.Tao Bao4-62/+25
Also push the testdata in AndroidTest.xml for `atest`. LOCAL_TEST_DATA was added in commit [1], which ships testdata next to native tests. With this CL, 1) manually sync-ing via `adb sync` and running tests with `adb shell` keep working. 2) both of 32- and 64-bit recovery_{unit,component}_test now work in APCT continuous tests. Note that 64-bit tests were failing previously in APCT, due to missing testdata. 3) `atest recovery_unit_test` works, as the testdata gets pushed to /data/local/tmp. [1] commit d07ba4e2a625a8f000d042c1953adb612bccbbe2 in https://android-review.googlesource.com/c/platform/build/+/312567. Bug: 77320514 Test: Build recovery_{unit,component,manual}_test. Setup the test via `adb sync data`. Run both of 32- and 64-bit versions on device. Test: Build and run recovery_host_test on host, for both of 32- and 64-bit versions. Test: `atest recovery_component_test` Change-Id: Ie54037726043a3a659a80030b83db1f8c1de318d
2018-03-24Factor out a menu class for screen uiTianjie Xu2-1/+201
Also consolidate the duplicate codes to draw the menu in ScreenRecoveryUI and WearRecoveryUI. This helps us to support text icons as menu in the future. Bug: 74397117 Test: Check the menu under recovery on bullhead and a wear device. Change-Id: Iba9b646c3828670f0e78a7e07d1a94a44e96bb0b Merged-In: Iba9b646c3828670f0e78a7e07d1a94a44e96bb0b
2018-03-24Factor out a menu class for screen uiTianjie Xu2-1/+201
Also consolidate the duplicate codes to draw the menu in ScreenRecoveryUI and WearRecoveryUI. This helps us to support text icons as menu in the future. Bug: 74397117 Test: Check the menu under recovery on bullhead and a wear device. Change-Id: Iba9b646c3828670f0e78a7e07d1a94a44e96bb0b (cherry picked from commit 2b3f80068ece1040ba7c923afe1e70b705535ad5)
2018-03-23Factor out a menu class for screen uiTianjie Xu2-1/+201
Also consolidate the duplicate codes to draw the menu in ScreenRecoveryUI and WearRecoveryUI. This helps us to support text icons as menu in the future. Bug: 74397117 Test: Check the menu under recovery on bullhead and a wear device. Change-Id: Iba9b646c3828670f0e78a7e07d1a94a44e96bb0b (cherry picked from commit Iba9b646c3828670f0e78a7e07d1a94a44e96bb0b)
2018-03-23update_verifier: Support verifying product partition.Tao Bao1-2/+1
We have added the support for building /product partition in build system (the CL in [1]), where /product is an optional partition that contains system files. This CL adds the matching support if /product needs to be verified during A/B OTA (i.e. listed in care_map file). [1]: commit b7735d81054002961b681f4bdf296d4de2701135, https://android-review.googlesource.com/c/platform/build/+/598454 Bug: 63974895 Test: Run update_verifier test on walleye. Change-Id: Ia1c35e9583b8e66c98a4495b1f81a5ea7e65036f (cherry picked from commit ec2e8c6c1ef3cbafa129ade95abca3203e062b5f)
2018-03-23update_verifier: Support verifying product partition.Tao Bao1-2/+1
We have added the support for building /product partition in build system (the CL in [1]), where /product is an optional partition that contains system files. This CL adds the matching support if /product needs to be verified during A/B OTA (i.e. listed in care_map file). [1]: commit b7735d81054002961b681f4bdf296d4de2701135, https://android-review.googlesource.com/c/platform/build/+/598454 Bug: 63974895 Test: Run update_verifier test on walleye. Change-Id: Ia1c35e9583b8e66c98a4495b1f81a5ea7e65036f
2018-03-20tests: Split ApplyPatchModesTest.PatchModeEmmcTarget.Tao Bao1-45/+74
We have been seeing flakiness in continuous test, but unable to reproduce locally. Break it down into smaller units to narrow down the cause. Bug: 67849209 Test: Run recovery_component_test on marlin. Change-Id: Ia24b0c5d137bad27d502575fcd18d3ca9c9828b6
2018-03-20tests: Add ApplyPatchModesTest.PatchModeEmmcTargetWithBsdiffPatch test.Tao Bao1-0/+51
/system/bin/applypatch on device is expected to work with bsdiff based recovery-from-boot patch automatically. Adding a test to ensure that's always the case. Bug: 72731506 Test: Run recovery_component_test on marlin. Change-Id: I56283cd3ce7cf0215cc3bb3619b206fa01d552c4 Merged-In: I56283cd3ce7cf0215cc3bb3619b206fa01d552c4 (cherry picked from commit d612b23dfd58dbe5059ba53d8fd13cbb343b177c)
2018-03-13recovery: add libhidl-gen-utils depedencyYifan Hong1-0/+1
introduced as a depedency to libvintf. Test: builds Bug: 73556059 Change-Id: Ia51ba81ef462879481dcacb80d9ea9ea35e8b0bb Merged-In: Ia51ba81ef462879481dcacb80d9ea9ea35e8b0bb
2018-03-13tests: Add ApplyPatchModesTest.PatchModeEmmcTargetWithBsdiffPatch test.Tao Bao1-0/+51
/system/bin/applypatch on device is expected to work with bsdiff based recovery-from-boot patch automatically. Adding a test to ensure that's always the case. Bug: 72731506 Test: Run recovery_component_test on marlin. Change-Id: I56283cd3ce7cf0215cc3bb3619b206fa01d552c4
2018-03-08recovery: add libhidl-gen-utils depedencyYifan Hong1-0/+1
introduced as a depedency to libvintf. Test: builds Bug: 73556059 Change-Id: Ia51ba81ef462879481dcacb80d9ea9ea35e8b0bb
2018-02-28Add a singleton CacheLocation to replace the hard coded locationsTianjie Xu2-9/+17
This class allows us to set the following locations dynamically: cache_temp_source, last_command_file, stash_directory_base. In the updater's main function, we reset the values of these variables to their default locations in /cache; while we can set them to temp files in unit tests or host simulation. Test: unit tests pass Change-Id: I528652650caa41373617ab055d41b1f1a4ec0f87
2018-02-23Remove the assumption of target chunk size in imgdiffTianjie Xu1-0/+101
In the split mode of imgdiff, we used to assume that the size of a split target chunk is always greater than the blocksize i.e. 4096. This may lead to the following assertion failure: I0221 04:57:33.451323 818464 common.py:205 imgdiff F 02-21 04:57:33 821203 821203 imgdiff.cpp:999] Check failed: tgt_size >= BLOCK_SIZE (tgt_size=476, BLOCK_SIZE=4096) This CL removes the assumption and handles the edge cases. Test: generate and verify the incremental update for TFs in the bug; unit test passes Bug: 73757557 Bug: 73711365 Change-Id: Iadbb4ee658995f5856cd488f3793980881a59620
2018-02-07Log the last command to cacheTianjie Xu1-0/+217
When performing an update, save the index and cmdline of the current command into the last command file if this command writes to the stash either explicitly of implicitly. This mitigates the overhead to update the last command file for every command. I ran a simple test on angler and the time to update 1000 times is ~2.3 seconds. Upon resuming an update, read the saved index first; then 1. In verification mode, check if all commands before the saved index have already produced the expected target blocks. If not, delete the last command file so that we will later resume the update from the start of the transfer list. 2. In update mode, skip all commands before the saved index. Therefore, we can avoid deleting stashes with duplicate id unintentionally; and also speed up the update. If an update succeeds or is unresumable, delete the last command file. Bug: 69858743 Test: Unittest passed, apply a failed update with invalid cmd on angler and check the last_command content, apply a failed update with invalid source hash and last_command is deleted. Change-Id: Ib60ba1e3c6d111d9f33097759b17dbcef97a37bf
2017-12-20StartsWith allows a std::string prefix now.Elliott Hughes1-1/+1
Bug: N/A Test: builds Change-Id: I5183ec8133f5dc9a81a438223c6d3d2ea11ef0ec
2017-11-09Load-balancing update_verifier worker threads.Tao Bao1-0/+80
Prior to this CL, the block verification works were assigned based on the pattern of the ranges, which could lead to unbalanced workloads. This CL adds RangeSet::Split() and moves update_verifier over. a) For the following care_map.txt on walleye: system 20,0,347,348,540,556,32770,33084,98306,98620,163842,164156,229378,229692,294914,295228,524289,524291,524292,524348,529059 vendor 8,0,120,135,32770,32831,94564,98304,98306 Measured the time costs prior to and with this CL with the following script. $ cat test_update_verifier.sh #!/bin/sh adb shell stop adb shell "cp /data/local/tmp/care_map.txt /data/ota_package/" for i in $(seq 1 50) do echo "Iteration: $i" adb shell "bootctl set-active-boot-slot 0" adb shell "echo 3 > /proc/sys/vm/drop_caches" adb shell "time /data/local/tmp/update_verifier" sleep 3 done Without this CL, the average time cost is 5.66s, while with the CL it's reduced to 3.2s. b) For the following care_map.txt, measured the performance on marlin: system 18,0,271,286,457,8350,32770,33022,98306,98558,163842,164094,196609,204800,229378,229630,294914,295166,501547 vendor 10,0,42,44,85,2408,32770,32806,32807,36902,74242 It takes 12.9s and 5.6s without and with the CL respectively. Fixes: 68553827 Test: recovery_unit_test Test: Flash new build and trigger update_verifier. Check the balanced block verification. Change-Id: I5fa4bf09a84e6b9b0975ee5f522724464181333f
2017-11-07otautil: Remove the aborts in RangeSet::Parse().Tao Bao1-14/+64
We used to CHECK and abort on parsing errors. While it works fine for the updater use case (because recovery starts updater in a forked process and collects the process exit code), it's difficult for other clients to use RangeSet as a library (e.g. update_verifier). This CL switches the aborts to returning empty RangeSet instead. Callers need to check the parsing results explicitly. The CL also separates RangeSet::PushBack() into a function, and moves SortedRangeSet::Clear() into RangeSet. Test: recovery_unit_test Test: Sideload an OTA package with the new updater on angler. Test: Sideload an OTA package with injected range string errors. The updater aborts from the explicit checks. Change-Id: If2b7f6f41dc93af917a21c7877a83e98dc3fd016
2017-11-04Clean up fuse_sideload and add a testcase.Tao Bao1-4/+66
This CL mainly changes: a) moving the interface in struct provider_vtab to std::function; b) code cleanup, such as moving the declaration closer to the uses, using explicit type conversion. Test: recovery_component_test Test: minadbd_test Test: Sideload a package on marlin. Change-Id: Id0e3c70f1ada54a4cd985b54c84438c23ed4687e
2017-11-03Switch to bionic gtest in bootable/recoveryTianjie Xu4-238/+142
We encountered segfaults in Imgdiff host tests due to the failure to reset states of getopt. The problem can be solved by switching to use bionic's gtest where a new process is forked for each test. Also modify the recovery_component_test to make sure it runs in parallel. Changes include: 1. Merge the writes to misc partition into one single test. 2. Change the hard coded location "/cache/saved.file" into a configurable variable. Bug: 67849209 Test: recovery tests pass Change-Id: I165d313f32b83393fb7922c5078636ac40b50bc2
2017-11-02tests: Clean up the files in TemporaryDir.Tao Bao1-5/+9
~TemporaryDir() calls rmdir(2) directly, which works with empty directories only. Test: Run recovery_host_test; No leftover on host. Test; Run recovery_component_test on marlin; No leftover on device. Change-Id: Ib510efb16eeda61b34161e2b386499e6cb79a4ca
2017-11-01Add libbrotli as a dependency for libbsdiffTianjie Xu1-0/+1
Bug: 34220646 Test: mma Change-Id: If00285943fff8226f1bc7239db5570a277739904
2017-11-01Fix the size mismatch in imgdiffTianjie Xu4-53/+36
As we construct the deflate entries of the target zip file with random data, the total size of the zip file may vary from case to case. This leads to occasional failures in the split test for deflate large apk files. This CL fixes the issue by adding two static zip files in the testdata instead of generating them dynamically. Bug: 67849209 Test: run the deflate_large_test repeatedly Change-Id: Iaeffad9205adefa10c9f62f9f088c33c4360a650
2017-10-26tests: Take the ownership of the FD when calling fdopen.Tao Bao2-29/+29
To avoid closing the same FD twice. Test: recovery_component_test && recovery_host_test Change-Id: I95195be8109101081410e9224efda535b2560e72
2017-10-24Use SuffixArrayIndexInterface opaque type instead of the underlying data pointer.Alex Deymo1-1/+1
bsdiff interface is changing such that it hides the suffix array pointer from the public interface. This allows to use a different suffix array data size depending on the input size, running much faster in the normal case. Bug: 34220646 Test: `make checkbuild`; Ran an incremental update generation on a non-A/B device. Change-Id: I78e766da56cf28bc7774b8c8e58527bc11d919fb
2017-10-20Finish the new data receiver when update failsTianjie Xu1-87/+133
The thread to receive new data may still be alive after we exit PerformBlockImageUpdate() upon failures. This caused memory corruption when we run the unittest repeatedly. Set the receiver_available flag to false and make sure the receiver exits when the update fails. Bug: 65430057 Test: unittests passed with tsan Change-Id: Icb232d13fb96c78262249ffbd29cdbe5b77f1fce
2017-10-16otautil: Move RangeSet implementation into rangeset.cpp.Tao Bao1-0/+1
Since it has grown much larger, users of the header shouldn't compile and carry their full copies. Also add missing header includes in imgdiff.cpp and imgdiff_test.cpp. Test: mmma bootable/recovery Test: recovery_unit_test; recovery_component_test; recovery_host_test Change-Id: I88ca54171765e5606ab0d61580fbc1ada578fd7d
2017-10-11Move rangeset.h and print_sha1.h into otautil.Tao Bao4-4/+5
Also drop the "bootable/recovery" path in LOCAL_C_INCLUDES from applypatch modules. Test: lunch aosp_{angler,bullhead,fugu,dragon,sailfish}-userdebug; mmma bootable/recovery Change-Id: Idd602a796894f971ee4f8fa3eafe36c42d9de986
2017-10-09Revert "Revert "Move error_code.h into otautil.""Tao Bao1-1/+1
This reverts commit 26436d6d6010d5323349af7e119ff8f34f85c40c to re-land "Move error_code.h into otautil.". This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". This CL needs to land with device-specific module changes (e.g. adding the dependency on libotautil). Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug; mmma bootable/recovery Change-Id: If193241801af2dae73eccd31ce57cd2b81c9fd96
2017-10-05Revert "Move error_code.h into otautil."Tao Bao1-1/+1
This reverts commit 623fe7e701d5d0fb17082d1ced14498af1b44e5b. Reason for revert: Need to address device-specific modules. Change-Id: Ib7a4191e7f193dfff49b02d3de76dda856800251
2017-10-04Move error_code.h into otautil.Tao Bao1-1/+1
This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". Test: mmma bootable/recovery Change-Id: Ia4649789cef2aaeb2785483660e9ea5a8b389c62
2017-09-29otafault: Remove the use of LOCAL_WHOLE_STATIC_LIBRARIES.Tao Bao1-1/+1
Commit d80a99883d5ae2b117c54f076fe1df7eae86d2f8 has explanation of potential issues. Test: mmma bootable/recovery Change-Id: I25ca9920952b7bbdd8a661d9dc90962431410bc4
2017-09-21Output split information for imgdiff when handling large apksTianjie Xu1-8/+40
Add a mandatory option in imgdiff to write the split info (i.e. patch_size, tgt_size, src_ranges) to file when handling large apks. Therefore, the caller of imgdiff can create split transfers based on the info. Bug: 63542719 Test: unit tests pass Change-Id: I853d55d1f999fd576474faa81077f7307f4d856d
2017-09-13Fix the dangling pointer when setting up arguments of imgdiffTianjie Xu1-6/+9
Test: unit tests pass Change-Id: If884e805ccd4df73671ab3436eb90860786ff6c9
2017-09-11Close cmd_pipe properly after updater test finishesTianjie Xu1-8/+14
Otherwise the test may fail after a large number of iterations due to file open failure. Bug: 65430057 Test: run recovery_component_test on sailfish for 2000 iterations. Change-Id: I0d456284d6064467038911d63eade95740cbec2c
2017-09-06Improve imgdiff for large zip filesTianjie Xu1-5/+334
Due to the cache size limit for OTA generation, we used to split large zip files linearly into pieces and do bsdiff on them. As a result, i) we lose the advantage of imgdiff; ii) if there's an accidental order change of some huge files inside the zip, we'll create an insanely large patch. This patch splits the src&tgt more smartly based on the zip entry_name. If the entry_name is empty or no matching source is found for a target chunk, we'll skip adding its source and later do a bsdiff against the whole split source image (this rarely happens in our use cases except for the metadata inside a ziparchive). After the split, the target pieces are continuous and block aligned, while the sources pieces are mutually exclusive. (Some of the source blocks may not be used if there's no matching entry_name in the target.) Then we will generate patches accordingly between each split image pairs. Afterwards, if we apply imgpatch to each pair of split source/target images and add up the patched result, we can get back the original target image. For example: Input: [src_image, tgt_image] Split: [src-0,tgt-0; src-1,tgt-1, src-2,tgt-2] Diff: [ patch-0; patch-1; patch-2] Patch: [(src-0,patch-0)=tgt-0; (src-1,patch-1)=tgt-1; (src-2,patch-2)=tgt-2;] Append: [tgt-0 + tgt-1 + tgt-2 = tgt_image] Peformance: For the small package in b/34220646, we decrease the patch size of chrome.apk dramatically from 30M to 400K due to the order change of two big .so files. On two versions of angler, I also observe decent patch size decrease. For chrome.apk, we reduced the size from 5.9M to 3.2M; and for vevlet.apk from 8.0M to 6.5M. Bug: 34220646 Test: recovery component test && apply imgdiff & imgpatch on two chrome.apk Change-Id: I145d802984fa805efbbac9d01a2e64d82ef9728b
2017-08-29Turn on -Wall for recovery modulesTianjie Xu2-11/+4
Turn on -Wall for all modules. Also remove the obsolete file_cmp() in apply_patch test and now() in wear_ui. The only exception is lib_edify due to the unused functions in the intermediate cpp files generated from the lex files. It will be handled in a seperate CL. Bug: 64939312 Test: mma, unit tests pass Change-Id: Ic53f76b60b6401ab20db3d98130d674c08e3702f
2017-08-22Allow comparison against multi serial nums for A/B packageTianjie Xu1-13/+58
The metadata file now can have multiple serial numbers in the format: serialno=serialno1|serialno2|serialno3 ... Verifier will pass the check if the device serial number matches any of these numbers. Bug: 64802465 Test: Create a metadata file with 1000 numbers and sideload in sailfish. The checker detects both match and mismatch cases. Change-Id: I3f12b75e15f4179df260778e37f4563d65db0fa8
2017-08-19Move Image/ImageChunk/PatchChunk declaration into header filesTianjie Xu1-1/+1
1. Move the declaration of the Image classes to the header file to make testing easier. 2. Also move rangeset.h to bootable/recovery to allow access in imgdiff. Test: recovery component test Change-Id: I68a863e60a3f2e7ae46ee48f48eb15391f5f4330
2017-08-10tests: Add the missing dependency on libhidlbase.Tao Bao1-1/+2
It fails to build recovery_component_test with the following errors: out/soong/.intermediates/hardware/interfaces/boot/1.0/android.hardware.boot@1.0_genc++_headers/gen/android/hardware/boot/1.0/types.h:14: error: undefined reference to 'android::hardware::hidl_string::hidl_string(android::hardware::hidl_string const&)' out/soong/.intermediates/hardware/interfaces/boot/1.0/android.hardware.boot@1.0_genc++_headers/gen/android/hardware/boot/1.0/types.h:14: error: undefined reference to 'android::hardware::hidl_string::operator=(android::hardware::hidl_string const&)' out/soong/.intermediates/hardware/interfaces/boot/1.0/android.hardware.boot@1.0_genc++_headers/gen/android/hardware/boot/1.0/types.h:14: error: undefined reference to 'android::hardware::hidl_string::~hidl_string()' libupdate_verifier includes <android/hardware/boot/1.0/IBootControl.h>, which includes the 'types.h' above. In 'types.h', it defines struct CommandResult that's using android::hardware::hidl_string. Since libhidlbase doesn't have a static library target, remove 'LOCAL_FORCE_STATIC_EXECUTABLE := true', which isn't required for running tests. Test: mmma -j bootable/recovery Bug: 64538692 Change-Id: Iaa7c08adc241128d787274fcaea9b363e7ff93f4 (cherry picked from commit 102016ce1fe62190ace7016f2e7484b37f6391ea)
2017-08-10tests: Add the missing dependency on libhidlbase.Tao Bao1-1/+2
It fails to build recovery_component_test with the following errors: out/soong/.intermediates/hardware/interfaces/boot/1.0/android.hardware.boot@1.0_genc++_headers/gen/android/hardware/boot/1.0/types.h:14: error: undefined reference to 'android::hardware::hidl_string::hidl_string(android::hardware::hidl_string const&)' out/soong/.intermediates/hardware/interfaces/boot/1.0/android.hardware.boot@1.0_genc++_headers/gen/android/hardware/boot/1.0/types.h:14: error: undefined reference to 'android::hardware::hidl_string::operator=(android::hardware::hidl_string const&)' out/soong/.intermediates/hardware/interfaces/boot/1.0/android.hardware.boot@1.0_genc++_headers/gen/android/hardware/boot/1.0/types.h:14: error: undefined reference to 'android::hardware::hidl_string::~hidl_string()' libupdate_verifier includes <android/hardware/boot/1.0/IBootControl.h>, which includes the 'types.h' above. In 'types.h', it defines struct CommandResult that's using android::hardware::hidl_string. Since libhidlbase doesn't have a static library target, remove 'LOCAL_FORCE_STATIC_EXECUTABLE := true', which isn't required for running tests. Test: mmma -j bootable/recovery Bug: 64538692 Change-Id: Iaa7c08adc241128d787274fcaea9b363e7ff93f4
2017-08-01Add implemention of SortedRangeSetTianjie Xu1-0/+47
This is useful in imgdiff to maintain the block ranges of splitted source image. Bug: 34220646 Test: mma && unit tests pass Change-Id: I6427f2ea50f0e3b0aa3dd01880ec0206679b7429
2017-07-27otautil: Clean up dirCreateHierarchy().Tao Bao1-21/+11
- Changed to std::string based implementation (mostly moved from the former make_parents() in updater/install.cpp); - Removed the timestamp parameter, which is only neeed by file-based OTA; - Changed the type of mode from int to mode_t; - Renamed dirCreateHierarchy() to mkdir_recursively(). Test: recovery_unit_test passes. Test: No external user of dirCreateHierarchy() in code search. Change-Id: I71f8c4b29bab625513bbc3af6d0d1ecdc3a2719a
2017-07-25otautil: Delete dirUnlinkHierarchy().Tao Bao1-32/+0
This function has become obsolete since we've removed file-based OTA support (it was needed by 'delete_recursive' edify function earlier). Test: mmma -j bootable/recovery Test: Code search shows no active user of the function. Change-Id: If6faaa759d4c849b79acba4e6adb82baadc89f7a
2017-07-24tests: Add a test to cover legacy care_map.txt handling.Tao Bao1-0/+13
This is to cover the code added by commit 5a1dee01df3af346729b5791606b72d59b8e9815, where an O update_verifier should not reject N care_map.txt. Bug: 63544345 Test: recovery_component_test passes on marlin. Change-Id: Ia944e16cba3cc635098b3ffd92842d725b570fec (cherry picked from commit c319613e06f996aed32da3a1c3e93bf9b04ffa95)
2017-07-24tests: Add a test to cover legacy care_map.txt handling.Tao Bao1-0/+13
This is to cover the code added by commit 5a1dee01df3af346729b5791606b72d59b8e9815, where an O update_verifier should not reject N care_map.txt. Bug: 63544345 Test: recovery_component_test passes on marlin. Change-Id: Ia944e16cba3cc635098b3ffd92842d725b570fec
2017-07-22Fix a case when brotli writer fails to write last few blocks of dataTianjie Xu1-4/+15
receive_new_data may exit too early if the zip processor has sent all the raw data. As a result, the last few 'new' commands will fail even though the brotli decoder has more output in its buffer. Restruct the code so that 'NewThreadInfo' owns the decoder state solely; and receive_brotli_new_data is responsible for the decompression. Also reduce the test data size to 100 blocks to avoid the test timeout. Bug: 63802629 Test: recovery_component_test. on bullhead, apply full updates with and w/o brotli compressed entries, apply an incremental update. Change-Id: Id429b2c2f31951897961525609fa12c3657216b7 (cherry picked from commit 6ed175d5412deeaec9691f85757e45452407b8e3)
2017-07-21Fix a case when brotli writer fails to write last few blocks of dataTianjie Xu1-4/+15
receive_new_data may exit too early if the zip processor has sent all the raw data. As a result, the last few 'new' commands will fail even though the brotli decoder has more output in its buffer. Restruct the code so that 'NewThreadInfo' owns the decoder state solely; and receive_brotli_new_data is responsible for the decompression. Also reduce the test data size to 100 blocks to avoid the test timeout. Bug: 63802629 Test: recovery_component_test. on bullhead, apply full updates with and w/o brotli compressed entries, apply an incremental update. Change-Id: I9442f2536b74e48dbf7eeb062a8539c82c6dab47
2017-07-19Fix the android-cloexec-* warnings in bootable/recoveryTianjie Xu2-3/+3
Add the O_CLOEXEC or 'e' accordingly. Bug: 63510015 Test: recovery tests pass Change-Id: I7094bcc6af22c9687eb535116b2ca6a59178b303
2017-07-08Add support to decompress brotli compressed new dataTianjie Xu2-0/+68
Add a new writer that can decode the brotli-compressed system/vendor new data stored in the OTA zip. Brotli generally gives better compression rate at the cost of slightly increased time consumption. The patch.dat is already compressed by BZ; so there's no point to further compress it. For the given 1.9G bullhead system image: Size: 875M -> 787M; ~10% reduction of package size. Time: 147s -> 153s; ~4% increase of the block_image_update execution time. (I guess I/O takes much longer time than decompression.) Also it takes 4 minutes to compress the system image on my local machine, 3 more minutes than zip. Test: recovery tests pass && apply a full OTA with brotli compressed system/vendor.new.dat on bullhead Change-Id: I232335ebf662a9c55579ca073ad45265700a621e
2017-07-07Fix a rare failure for imgdiff when random data equals gzip headerTianjie Xu1-0/+33
In a rare case, a random chunk will pass both the gzip header check and the inflation process; but fail the uncompressed length check in the footer. This leads to a imgdiff failure. So, we should treat this chunk as 'normal' instead of 'inflated' while generating the patch. Bug: 63334984 Test: imgdiff generates patch successfully on previous failing images. Change-Id: Ice84f22d3653bce9756bda91e70528c0d2f264a0
2017-06-23Remove the obsolete package_extract_dir() testTianjie Xu1-96/+0
package_extract_dir() was removed in go/aog/402383, and the corresponding UpdaterTest should be removed as well. Bug: 62918308 Test: mma && code search Change-Id: Ibe9c473a5d41d2fa4d26abca5684e71b104891b0
2017-06-23update_verifier: Support AVB.David Zeuthen2-1/+5
When using AVB, PRODUCT_SUPPORTS_VERITY is not set so check for BOARD_ENABLE_AVB as well. Also AVB sets up the root filesystem as 'vroot' so map that to 'system' since this is what is expected. Managed to test at least that the code is at least compiled in: $ fastboot --set-active=_a Setting current slot to 'a'... OKAY [ 0.023s] finished. total time: 0.023s $ fastboot reboot rebooting... finished. total time: 0.050s $ adb wait-for-device $ adb logcat |grep update_verifier 03-04 05:28:56.773 630 630 I /system/bin/update_verifier: Started with arg 1: nonencrypted 03-04 05:28:56.776 630 630 I /system/bin/update_verifier: Booting slot 0: isSlotMarkedSuccessful=0 03-04 05:28:56.776 630 630 W /system/bin/update_verifier: Failed to open /data/ota_package/care_map.txt: No such file or directory 03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Marked slot 0 as booted successfully. 03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Leaving update_verifier. Bug: 62464819 Test: Manually tested on device using AVB bootloader. Merged-In: I13c0fe1cc5d0f397e36f5e62fcc05c8dfee5fd85 Change-Id: I2834b17688053411e7b904e31df9c83bf904cd56
2017-05-24update_verifier: Support AVB.David Zeuthen2-1/+5
When using AVB, PRODUCT_SUPPORTS_VERITY is not set so check for BOARD_ENABLE_AVB as well. Also AVB sets up the root filesystem as 'vroot' so map that to 'system' since this is what is expected. Managed to test at least that the code is at least compiled in: $ fastboot --set-active=_a Setting current slot to 'a'... OKAY [ 0.023s] finished. total time: 0.023s $ fastboot reboot rebooting... finished. total time: 0.050s $ adb wait-for-device $ adb logcat |grep update_verifier 03-04 05:28:56.773 630 630 I /system/bin/update_verifier: Started with arg 1: nonencrypted 03-04 05:28:56.776 630 630 I /system/bin/update_verifier: Booting slot 0: isSlotMarkedSuccessful=0 03-04 05:28:56.776 630 630 W /system/bin/update_verifier: Failed to open /data/ota_package/care_map.txt: No such file or directory 03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Marked slot 0 as booted successfully. 03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Leaving update_verifier. Bug: None Test: Manually tested on device using AVB bootloader. Change-Id: I13c0fe1cc5d0f397e36f5e62fcc05c8dfee5fd85
2017-05-24kill package_extract_dirTianjie Xu3-229/+0
It's only used by file-based OTA which has been deprecated for O. Test: mma Change-Id: I439c93155ca94554d827142c99aa6c0845cc7561
2017-05-16Print SHA1 of the patch if bsdiff fails with data errorTianjie Xu1-0/+39
This will help us to identify the patch corruption. Meanwhile fix a wrong size parameter passed to bspatch. (patch->data.size() into patch->data.size() - patch_offset). Also remove the only usage of "ApplyBSDiffPatchMem()" and inline its Sink function for simplicity. Bug: 37855643 Test: Prints SHA1 for corrupted patch in imgdiff_test. Change-Id: Ibf2db8c08b0ded1409bb7c91a3547a6bf99c601d
2017-05-08Add a binary path param to update_binary_command().Tao Bao1-10/+74
This allows writing native tests for non-A/B update_binary_command(). Prior to this CL, it was extracting the updater to a hard-coded location (/tmp/update_binary) that's not available under the test environment. Test: recovery_component_test on angler and marlin respectively. Test: Sideload OTA packages on angler and marlin respectively. Change-Id: I78b9cc211d90c0a16a84e94e339b65759300e2a8
2017-05-03fuse_sideload: Change the minimal block size to 4096.Tao Bao2-2/+18
run_fuse_sideload() is passing the block size as the max_read option, so it will only handle a request that involves at most two blocks at a time. However, the minimal allowed value was set to 1024 prior to this CL, which is inconsistent with the kernel code (fs/fuse/inode.c) that sets it to the greater of 4096 and the passed-in max_read option. This would fail the calls with a block size / max_read less than 4096 due to the wrongly computed block indices. Note that we didn't observe real issue in practice, because we have been using 64 KiB block sizes for both of adb and sdcard sideload calls. The issue only shows up in my local CL (to come later) that uses 1024 block size in run_fuse_sideload() tests. Test: recovery_component_test Test: adb sideload with the new recovery image on angler Change-Id: Id9f0cfea13d0d193dcb7cd41a1553a23739545f2
2017-05-02Move sysMapFile and sysReleaseMap into MemMapping class.Tao Bao4-41/+30
Test: recovery_component_test Test: recovery_unit_test Test: Apply an OTA on angler. Change-Id: I7170f03e4ce1fe06184ca1d7bcce0a695f33ac4d
2017-04-27Separate libupdate_verifier module and add testcases.Tao Bao2-0/+89
Enable -Wall and expose verify_image() for testing purpose. Test: mmma bootable/recovery Test: recovery_component_test Change-Id: I1ee1db2a775bafdc1112e25a1bc7194d8d6aee4f
2017-04-26applypatch: Remove the obsolete support for "applypatch -s".Tao Bao1-14/+0
The SpaceMode (applypatch -s) was used in amend script (cupcake) only, which has been removed since commit 9ce2ebf5d300eba5f6086583b0941ef68a3e4b42 (platform/build). The later (and current) edify script uses apply_patch_space(). Note that other modes (PatchMode, CheckMode) of applypatch executable are mostly used by install-recovery.sh script. Test: No active user of "applypatch -s". Test: recovery_component_test Change-Id: I1d689b7fedd3884077e88ed1d6c22f7a2198859d
2017-04-24Add more tests for verify_package_compatibility().Tao Bao1-0/+84
This now covers the actual calls to libvintf, and asserts we're getting identical results through verify_package_compatibility() and by calling libvintf directly. We were missing the coverage and introduced the double free bug (fixed by commit f978278995d02a58e311fe017bdbb2c3702dd3bc). Bug: 37413730 Test: recovery_component_test passes. Test: recovery_component_test fails w/o commit f978278995d02a58e311fe017bdbb2c3702dd3bc. Change-Id: If5195ea1c583fd7c440a1de289da82145e80e23c (cherry picked from commit f2784b6a43e54ed67bc30ac456f66f11bd16bc74)
2017-04-21tests: Remove obsolete classes in applypatch_test.Tao Bao1-49/+2
ApplyPatchFullTest and ApplyPatchDoubleCacheTest were used for defining testcases for file-based OTA. The testcases have already been removed by commit 40e144dae877654f75e65242535036058ea48f58. This CL removes the obsolete class defnitions. Bug: 37559618 Test: recovery_component_test on angler and marlin respectively. Change-Id: I3f4f1dfc8580cf010365e671de256f68bbc0d99a
2017-04-20Add more tests for verify_package_compatibility().Tao Bao1-0/+84
This now covers the actual calls to libvintf, and asserts we're getting identical results through verify_package_compatibility() and by calling libvintf directly. We were missing the coverage and introduced the double free bug (fixed by commit f978278995d02a58e311fe017bdbb2c3702dd3bc). Bug: 37413730 Test: recovery_component_test passes. Test: recovery_component_test fails w/o commit f978278995d02a58e311fe017bdbb2c3702dd3bc. Change-Id: If5195ea1c583fd7c440a1de289da82145e80e23c
2017-04-20Call libvintf to verify package compatibility.Tao Bao1-0/+3
The libvintf API has landed. Hook up to do the actual verification. Bug: 36597505 Test: recovery_component_test Test: m recoveryimage; adb sideload on angler and sailfish, with packages that contain dummy compatibility entries. Test: m recoveryimage; adb sideload on angler and sailfish, with packages that don't contain any compatibility entries. Change-Id: Idbd6f5aaef605ca51b20e667505d686de5ac781f (cherry picked from commit da320ac6ab53395ddff3cc08b88a61f977ed939a)
2017-04-19Call libvintf to verify package compatibility.Tao Bao1-0/+3
The libvintf API has landed. Hook up to do the actual verification. Bug: 36597505 Test: recovery_component_test Test: m recoveryimage; adb sideload on angler and sailfish, with packages that contain dummy compatibility entries. Test: m recoveryimage; adb sideload on angler and sailfish, with packages that don't contain any compatibility entries. Change-Id: Idbd6f5aaef605ca51b20e667505d686de5ac781f
2017-04-19Add tests for read_metadata_from_package().Tao Bao1-0/+50
Test: recovery_component_test Change-Id: I672a6a4f101c72e82b9f25f165dccd1c9520627b
2017-04-19Add tests for update_binary_command().Tao Bao2-0/+92
Expose update_binary_command() through private/install.h for testing purpose. Also make minor clean-ups to install.cpp: a) adding more verbose logging on ExtractToMemory failures; b) update_binary_command() taking std::string instead of const char*; c) moving a few macro and global constants into update_binary_command(). Bug: 37300957 Test: recovery_component_test on marlin Test: Build new recovery and adb sideload on angler and sailfish. Change-Id: Ib2d9068af3fee038f01c90940ccaeb0a7da374fc Merged-In: Ib2d9068af3fee038f01c90940ccaeb0a7da374fc (cherry picked from commit bc4b1fe4c4305ebf0fbfc891b9b508c14b5c8ef8)
2017-04-18Add tests for update_binary_command().Tao Bao2-0/+91
Expose update_binary_command() through private/install.h for testing purpose. Also make minor clean-ups to install.cpp: a) adding more verbose logging on ExtractToMemory failures; b) update_binary_command() taking std::string instead of const char*; c) moving a few macro and global constants into update_binary_command(). Bug: 37300957 Test: recovery_component_test on marlin Test: Build new recovery and adb sideload on angler and sailfish. Change-Id: Ib2d9068af3fee038f01c90940ccaeb0a7da374fc
2017-04-13Verify the package compatibility with libvintf.Tao Bao2-1/+59
verify_package_compatibility() is added to parse the compatibility entry (compatibility.zip) in a given OTA package. If entry is present, the information is sent to libvintf to check the compatibility. This CL doesn't actually call libvintf, since the API there is not available yet. Bug: 36597505 Test: Doesn't break the install with existing packages (i.e. w/o the compatibility entry). Test: recovery_component_test Change-Id: I3903ffa5f6ba33a5c0d761602ade6290c6752596 (cherry picked from commit 62e0bc7586077b3bde82759fb34b51b982cea20f)
2017-04-12Verify the package compatibility with libvintf.Tao Bao2-1/+59
verify_package_compatibility() is added to parse the compatibility entry (compatibility.zip) in a given OTA package. If entry is present, the information is sent to libvintf to check the compatibility. This CL doesn't actually call libvintf, since the API there is not available yet. Bug: 36597505 Test: Doesn't break the install with existing packages (i.e. w/o the compatibility entry). Test: recovery_component_test Change-Id: I3903ffa5f6ba33a5c0d761602ade6290c6752596
2017-04-08Abort the update if there's not enough new dataTianjie Xu1-0/+66
Right now the update stuck in a deadlock if there's less new data than expection. Add some checkers and abort the update if such case happens. Also add a corresponding test. Bug: 36787146 Test: update aborts correctly on bullhead && recovery_component_test passes Change-Id: I914e4a2a4cf157b99ef2fc65bd21c6981e38ca47
2017-04-05tests: Use get_bootloader_message_blk_device() to find /misc.Tao Bao3-49/+4
Since commit fb00d82f32446804f7149bc6846dcc580cf0db1d has added get_bootloader_message_blk_device() as an API, switch the tests-local implementation to it. Test: recovery_component_test on angler. Test: recovery_component_test on a local build that doesn't have /misc. Change-Id: I4f5f542cb9ef58292c587a677da73d8822db7262
2017-04-03Change the internal representation in RangeSet.Tao Bao1-6/+34
This CL makes the following changes to RangeSet: - Uses std::pair<size_t, size_t> to represent a Range; - Uses std::vector<Range> to represent a RangeSet; - Provides const iterators (forward and reverse); - Provides const accessor; - 'blocks()' returns the number of blocks (formerly 'size'); - 'size()' returns the number of Range's (formerly 'count'). Test: recovery_unit_test Test: Apply an incremental update with the new updater. Change-Id: Ia1fbb343370a152e1f7aa050cf914c2da09b1396
2017-03-31Move parse_range() and range_overlaps() into RangeSet.Tao Bao2-0/+86
Also move RangeSet into a header file to make it testable, and add unit tests. In RangeSet::Parse() (the former parse_range()), use libbase logging to do assertions. This has the same effect as the previous exit(EXIT_FAILURE) to terminate the updater process and abort an update. The difference lies in the exit status code (i.e. WEXITSTATUS(status) in install.cpp), which changes from 1 (i.e. EXIT_FAILURE) to 0. Test: recovery_unit_test Test: Apply an incremental update with the new updater. Change-Id: Ie8393c78b0d8ae0fd5f0ca0646d871308d71fff0
2017-03-30tests: Remove LOCAL_ADDITIONAL_DEPENDENCIES.Tao Bao1-4/+0
Per the comment in build/make/core/base_rules.mk: Ninja has an implicit dependency on the command being run, and kati will regenerate the ninja manifest if any read makefile changes, so there is no need to have dependencies on makefiles. Test: mmma bootable/recovery Change-Id: I27b97df10d40f39ad966be70b33811175a665439
2017-03-29Add test config to minadbd_testDan Shi2-0/+33
Design doc: Generalized Suites & the Unification of APCT & CTS Workflows Design/Roadmap https://docs.google.com/document/d/1eabK3srlBLouMiBMrNP3xJPiRRdcoCquNxC8gBWPvx8/edit#heading=h.78vup5eivwzo Details about test configs changes are tracked in doc https://docs.google.com/document/d/1EWUjJ7fjy8ge_Nk0YQbFdRp8DSHo3z6GU0R8jLgrAcw/edit# Bug: 35882476 Test: local test Change-Id: I51e1b410536469d254ae7a353bc61a7df06c8324
2017-03-29Fix the bad merge (duplicate tests).Tao Bao1-45/+0
Test: mmma bootable/recovery Change-Id: I909164fed84fb17a7e1cb2427cb88208a69dc052
2017-03-29Merge "Add the missing sr-Latn into png files and rename the png locale header" am: 713d915636 am: dc235b5ab9Tianjie Xu1-10/+11
am: 5ec12126f0 Change-Id: Ia6b861c91958d3be23a4a7456d6d5d8e4a1607c8 (cherry picked from commit 9166f66eee883d6d6cc280a6c355e5528bb4a3f0)
2017-03-28tests: Add a test for --wipe_ab into UncryptTest.Tao Bao1-103/+82
Also factor out the common parts in {setup,clear}_bcb into a separate function. Test: recovery_component_test Change-Id: I7b95cced925c8135e020dcb791ca2425d4f28449
2017-03-28applypatch: Let Apply{BSDiff,Image}Patch accept std::function.Tao Bao1-56/+24
Test: mmma bootable/recovery system/update_engine Test: recovery_component_test Change-Id: I93c2caa87bf94a53509bb37f98f2c02bcadb6f5c
2017-03-28applypatch: Change the ssize_t length parameters to size_t.Tao Bao1-1/+1
Mostly for applypatch family APIs like ApplyBSDiffPatch() and ApplyImagePatch(). Changing to size_t doesn't indicate they would necessarily work with very large size_t (e.g. > ssize_t), just similar to write(2). But otherwise accepting negative length doesn't make much sense. Also change the return type of SinkFn from ssize_t to size_t. Callers tell a successful sink by comparing the number of written bytes against the desired value. Negative return values like -1 are not needed. This also makes it consistent with bsdiff::bspatch interface. Test: recovery_component_test Test: Apply an incremental with the new updater. Change-Id: I7ff1615203a5c9854134f75d019e266f4ea6e714
2017-03-28tests: Construct two bad packages at runtime for VerifierTest.Tao Bao3-3/+46
For the BadPackage tests from VerifierTest: one alters the footer, and the other alters the metadata. Move the two tests to be based on otasigned_v3.zip (they're based on otasigned_v1.zip previously). Also construct the testdata files dynamically (to save the space and for better readability). Test: recovery_component_test Change-Id: I7604d563f8b4fa0c55fec8730c063384158e3abc (cherry picked from commit 217d9f98595076f344746bffdafb4314191f3e1b)
2017-03-28tests: Construct two bad packages at runtime for VerifierTest.Tao Bao3-3/+46
For the BadPackage tests from VerifierTest: one alters the footer, and the other alters the metadata. Move the two tests to be based on otasigned_v3.zip (they're based on otasigned_v1.zip previously). Also construct the testdata files dynamically (to save the space and for better readability). Test: recovery_component_test Change-Id: I7604d563f8b4fa0c55fec8730c063384158e3abc
2017-03-27tests: Construct signature-boundary.zip at runtime.Tao Bao2-2/+18
Test: Observe the same failure with recovery_component_test ("signature start: 65535 is larger than comment size: 0"). Change-Id: I98c357b5df2fa4caa9d8eed63af2e945ed99f18a
2017-03-25Add the missing sr-Latn into png files and rename the png locale headerTianjie Xu1-10/+11
Switch the locale header in the png files from Locale.toString() to Locale.toLanguageTag(). For example, en_US --> en-us and sr__#Latn --> sr-Latn. Also clean up recovery a bit to expect the new locale format. Bug: 35215015 Test: sr-Latn shows correctly under graphic tests && recovery tests pass Change-Id: Ic62bab7756cdc6e5f98f26076f7c2dd046f811db
2017-03-23updater: Fix the broken case for apply_patch_check().Tao Bao1-0/+49
It's valid to provide only 1 argument to apply_patch_check(). We shouldn't fail the argument parsing. Bug: 36541737 Test: recovery_component_test passes. Test: recovery_component_test captures the failure without the fix. Test: The previously failed update applies successfully. Change-Id: Iee4c54ed33b877fc4885945b085341ec5c64f663
2017-03-22Remove malloc in edify functionsTianjie Xu2-3/+5
And switch them to std::vector & std::unique_ptr Bug: 32117870 Test: recovery tests passed on sailfish Change-Id: I5a45951c4bdf895be311d6d760e52e7a1b0798c3
2017-03-21Refactor asn1_decoder functions into a class.Tao Bao1-217/+180
Test: mmma bootable/recovery Test: recovery_unit_test passes. Test: recovery_component_test passes. Change-Id: If0bf25993158eaebeedff55ba4f4dd0f6e5f937d
2017-03-21verify_file: Add constness to a few addresses.Tao Bao1-14/+14
We should not touch any data while verifying packages (or parsing the in-memory ASN.1 structures). Test: mmma bootable/recovery Test: recovery_component_test passes. Test: recovery_unit_test passes. Change-Id: Ie990662c6451ec066a1807b3081c9296afbdb0bf
2017-03-18Add testcases for load_keys().Tao Bao1-0/+57
Test: recovery_component_test passes. Change-Id: I6276b59981c87c50736d69d4af7647c8ed892965
2017-03-18Remove the dead #include's in verifier.cpp.Tao Bao1-1/+0
A follow-up to commit 5e535014dd7961fbf812abeaa27f3339775031f1. Also clean up Android.mk, since libverifier no longer needs anything from libminui. Test: mmma bootable/recovery Test: recovery_component_test passes. Change-Id: I1c11e4bbeef67ca34a2054debf1f5b280d509217
2017-03-17Drop the dependency on 'ui' in verify_file().Tao Bao1-105/+46
verify_file() has a dependency on the global variable of 'ui' for posting the verification progress, which requires the users of libverifier to provide a UI instance. This CL adds an optional argument to verify_file() so that it can post the progress through the provided callback function. As a result, we can drop the MockUI class in verifier_test.cpp. Test: recovery_component_test passes. Test: verify_file() posts progress update when installing an OTA. Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1 (cherry picked from commit 5e535014dd7961fbf812abeaa27f3339775031f1)
2017-03-17Drop the dependency on 'ui' in verify_file().Tao Bao1-104/+45
verify_file() has a dependency on the global variable of 'ui' for posting the verification progress, which requires the users of libverifier to provide a UI instance. This CL adds an optional argument to verify_file() so that it can post the progress through the provided callback function. As a result, we can drop the MockUI class in verifier_test.cpp. Test: recovery_component_test passes. Test: verify_file() posts progress update when installing an OTA. Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1
2017-03-17Add a test to perform block_image_updateTianjie Xu2-6/+123
Add the following tests: stash src bspatch stashed_src tgt free stashed_src (expected a successful update) stash src free stashed_src fail_the_update (expected stashed_src freed) Bug: 36242722 Test: Test identified unfreed stashes correctly. Change-Id: I5a136e8dc31774367972fbfe8c63cbc1ddb3a113
2017-03-16More cleanup to imgdiff & imgpatchTianjie Xu1-4/+5
Also remove the utils in applypatch and replace them with the corresponding libbase functions. Test: recovery tests pass. Change-Id: I77254c141bd3e7d3d6894c23b60e866009516f81
2017-03-16applypatch: Drop the support for patching non-EMMC targets.Tao Bao1-124/+0
Patching regular files is used in file-based OTA only, which has become obsolete. Bug: 35853185 Test: Apply an incremental that patches the boot.img. Test: /system/bin/install-recovery.sh works. Test: recovery_component_test passes. Change-Id: Id44e42c4bc63f2162ecc8a6df1cb528b7ae6b0a9
2017-03-13updater: Remove some obsoleted functions for file-based OTA.Tao Bao1-113/+0
This CL removes the updater support for delete(), symlink(), rename(), set_metadata() and set_metadata_recursive(). Such functions have been removed from the generation script in commit f388104eaacd05cfa075d6478369e1d0df5ddbf3 (platform/build). Note: This CL also removes delete_recursive() which seems to have never been supported in generation script. Bug: 35853185 Test: recovery_component_test passes. Change-Id: I51e1ec946fa73761118fa1eaa082423df6d588e9
2017-03-10recovery: replacing fs_mgr_read_fstab() with new fs_mgr APIsBowgo Tsai1-12/+5
The fstab settings of early-mounted partitions (e.g., /vendor) will be in kernel device tree. Switch to the new API to get the whole settings with those in device tree: fs_mgr_read_fstab_with_dt("/etc/recovery.fstab") The original default /fstab.{ro.hardware} might be moved to /vendor/etc/. or /odm/etc/. Use another new API to get the default fstab instead of using the hard-coded /fstab.{ro.hardware}. This API also includes the settings from device tree: fs_mgr_read_fstab_default() Bug: 35811655 Test: boot sailfish recovery Change-Id: Iaa56ac7f7b4c4dfc7180c65f03e9a37b94f1de09
2017-03-07Refractor the code for imgdiffTianjie Xu2-0/+57
Put ImageChunk and some helper functions into a class. Also switch to using std::vector instead of malloc. Bug: 18606652 Test: imgdiff_test passed on host. Also generate a complete incremental OTA package. The file content is the same and time consumption is similar. Change-Id: Id603ada4e130ef521218400761a119001a86ca79
2017-03-03Fix an error on bootloadermessager test teardownTianjie Xu1-2/+4
The test should not clear bcb during teardown on devices without /misc. Bug: 35712836 Test: The test tears down without errors after /misc removed from the fstab. Change-Id: I42df89feb18fac5a435cd17eef97a6bad0f44545
2017-03-03Recovery Test: add SideloadTest to test FUSE support on targetWei Wang2-0/+22
FUSE FS is required in recovery sideload functionalites. This CL is to add a native test to flag when FUSE is not supported in the device kernel. Bug: 35768196 Test: mma, run recovery_component_test on marlin and pass all Change-Id: I43b6dbee658010df56ba4d4b0e91baa7fd1c4480
2017-03-01Skip BootloaderMessageTest, UncryptTest for devices without /miscTianjie Xu3-3/+111
Skip these two tests if /misc partition is not found in fstab. Bug: 35712836 Test: Both test skip correctly if there's no /misc in fstab.${hardware}. Change-Id: I38417a8677030229a335e43eaef85ae70c4e0845
2017-02-02Use bspatch from external/bsdiff.Sen Jiang1-0/+2
Now ApplyBSDiffPatch() will stream the output to sink as we go instead of sinking everything at the end. Test: recovery_host_test Bug: 26982501 Change-Id: I05b6ed40d45e4b1b19ae72784cf705b731b976e3
2017-01-24Remove '_static' suffix from libext2* references.Alex Deymo1-1/+1
Bug: 34220783 Test: make checkbuild Change-Id: Iceea20e440a4bb6a3b254486a65a86401a2241ef
2017-01-19Add checkers and tests for empty locale in PNG fileTianjie Xu3-2/+167
match_locale() will return false for empty locale string in the PNG file. Also add a manual test to validate if a PNG file is qualified to use under recovery. Bug: 34054052 Test: recovery_manual_test catches invalid PNG files successfully & Locale_test passed Change-Id: Id7e2136e1d8abf20da15825aa7901effbced8b03
2017-01-11Remove "_static" suffix from libsparseAlex Deymo1-1/+1
Bug: 34220783 Change-Id: I358f931f0b29f5bd526e1475180e477e2e90b936
2017-01-11Remove "_static" suffix from libext4_utils.Alex Deymo1-1/+1
Bug: 34220783 Change-Id: I34ccc3b11da0d1b48805967ad75b9ddade569930
2017-01-06tests: Add testcase for show_progress() and set_progress().Tao Bao1-0/+50
Test: recovery_component_test passes. Change-Id: I4f00d0171cf86699e9ce747d07d7d44a01906e81
2017-01-04recovery: Fix the broken UI text.Tao Bao1-32/+38
UI text is broken (doesn't show any text during FDR) due to commit d530449e54bd327e9c26209ffa0490c6508afe6c, which reordered the calls to RecoveryUI::SetLocale() and RecoveryUI::Init(). Because Init() uses the locale info to load the localized texts (from images), the locale must be set prior to that via SetLocale(). This CL refactors Init() to take the locale parameter, and removes the odd SetLocale() API. Bug: 34029338 Test: 'Run graphics test' under recovery. Change-Id: I620394a3d4e3705e9af5a1f6299285d143ae1b01
2016-12-28imgdiff: Fix an edge case that leads to infinite loop.Tao Bao1-0/+80
When the input image ends with the magic value sequence of 0x1f, 0x8b, 0x0b (optionally with 0x00), the image parsing code will be stuck in an infinite loop. Test: recovery_component_test passes. Change-Id: Ie3629dfdc41360387b19cc3e0359c95ae4fb998e
2016-12-22tests: Add test coverage for DirUtil.Tao Bao2-0/+151
Test: recovery_unit_test passes. Change-Id: I764c56404c7ccdd57ae5486c946fbc9ac6ae7bc9
2016-12-22tests: Add testcase for ZipUtil.Tao Bao2-1/+193
Test: recovery_unit_test passes. Change-Id: I8ad364e88aaee31579ed7206aad8e5620518d797
2016-12-22tests: Replace the O_RDONLY in access(2).Tao Bao2-8/+16
Although O_RDONLY gives the same value as F_OK (0), it's not the right friend of access(2). Also clean up the temporary files from ZipTest (TemporaryDir doesn't like non-empty directory). Test: recovery_unit_test passes and has no leftover. Change-Id: I66b90e43c0954c89ce08b36b9e2b4e84183b28f5
2016-12-20Add tests for imgdiff.Tao Bao2-0/+477
Factor out libimgdiff static library for testing purpose. This CL adds the imgdiff tests on host and on target both (similar to libimgpatch). In practice, we only need imgdiff binary on host, and libimgpatch on target. But they should build and pass tests on both platforms. Test: recovery_host_test passes; recovery_component_test passes. Change-Id: I0eafb7faf727cdf70066310e845af6ee245d4f60
2016-12-17Add a checker for signature boundary in verifierTianjie Xu2-1/+2
The 'signature_start' variable marks the location of the signature from the end of a zip archive. And a boundary check is missing where 'signature_start' should be within the EOCD comment field. This causes problems when sideloading a malicious package. Also add a corresponding test. Bug: 31914369 Test: Verification fails correctly when sideloading recovery_test.zip on angler. Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1
2016-12-15Add update_bootloader_message() to fix two-step OTAs.Tao Bao1-0/+26
This is a retry of commit 7e31f421a514da09b90e46dbd642a5e9b16e0003. Commit bd56f1590c967205dc45eb2ec298aa8d2aacb740 switches to calling write_bootloader_message(<options>) in get_args(), which unintentionally resets the stage field thus breaks two-step OTAs. This CL adds update_bootloader_message(<options>), which only sets the command field (to "boot-recovery") and the recovery field (with the specified options). Bug: 33534933 Test: Apply a two-step package. Test: recovery_component_test passes. Change-Id: Ie0b1ed4053d2d3c97d9cb84310d616b28fcfc72e
2016-12-15tests: Add tests for bootloader_message.Tao Bao2-0/+140
Test: recovery_component_test passes. Change-Id: Ib9aa2ffd6b018546223c76b7424f4ba355f5b088
2016-12-14Add tests for setup-bcb and clear-bcb via uncrypt.Tao Bao2-0/+176
Bug: http://b/33534933 Test: recovery_component_test passes (and fails on buggy build due to the CL in [1]). [1]: commit 7e31f421a514da09b90e46dbd642a5e9b16e0003 Change-Id: I120498048ec1db8f9fcbb3cf135c05d3a48cfcdf
2016-12-13Add a stub recovery UI.Sen Jiang1-1/+1
This allows recovery to work on devices without screen. The stub recovery UI does nothing except print to stdout. Test: write 'recovery\n--wipe_data\n--reason=wipe_data_from_ota\n' to misc and boot to recovery on a device without screen. Bug: 33175036 Change-Id: Icde698aa2e2e29f4b3d0532dfd3c6a939ac2bc63
2016-11-22tests: Add testcases for EMMC targets.Tao Bao1-31/+144
There're two types of targets in applypatch: regular files and EMMC targets. We have two sets of functions to handle them respectively. This CL adds testcases to use "EMMC:filename:size:sha1" as the target name, which triggers the code path for patching EMMC targets. Bug: 33034669 Test: recovery_component_test passes. Change-Id: I8f10c6c8d2c1fb083f06a83de91d9e23cb41fb6d
2016-11-18updater: Refactor set_stage() and get_stage() functions.Tao Bao2-0/+61
Add read_bootloader_message_from() and write_bootloader_message_to() to allow specifying the BCB device (/misc). Also add testcases for set_stage() and get_stage(). Test: recovery_component_test passes. Test: Build a recovery image and apply a two-step OTA package. Change-Id: If5ab06a1aaaea168d2a9e5dd63c07c0a3190e4ae
2016-11-18updater: Add testcase for package_extract_dir().Tao Bao2-0/+98
Test: recovery_component_test passes. Change-Id: I3af4707bc42c7331ca961be8b967a53de82ea25b
2016-11-17updater: Add "write_value()" function.Tao Bao1-0/+33
write_value(value, filename) writes 'value' to 'filename'. It can be used to tune device settings when applying an OTA package. For example, write_value("960000", "/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq"). Bug: 32463933 Test: recovery_component_test passes. Test: Apply an OTA package that contains a call to write_value(), and check the result. Change-Id: Ib009ecb8a45a94353f10c59e2383fe1f49796e35
2016-11-16updater: Fix the wrong return value for package_extract_file().Tao Bao4-20/+86
'bool success = ExtractEntryToFile()' gives opposite result. Fix the issue and add testcases. Change the one-argument version of package_extract_file() to explicitly abort for non-existent zip entry. Note that this is NOT changing the behavior. Prior to this CL, it aborts from Evaluate() function, by giving a general cause code. Now it returns kPackageExtractFileFailure. BUg: 32903624 Test: recovery_component_test works. Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f (cherry picked from commit ef0eb3b01b66fbbc97908667a3dd1e02d710cbb7)
2016-11-15updater: Fix the wrong return value for package_extract_file().Tao Bao4-20/+86
'bool success = ExtractEntryToFile()' gives opposite result. Fix the issue and add testcases. Change the one-argument version of package_extract_file() to explicitly abort for non-existent zip entry. Note that this is NOT changing the behavior. Prior to this CL, it aborts from Evaluate() function, by giving a general cause code. Now it returns kPackageExtractFileFailure. BUg: 32903624 Test: recovery_component_test works. Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f
2016-11-09updater: Add more testcase for symlink().Tao Bao1-6/+39
Clean up SymlinkFn() a bit. Also clean up the temp files created when running the tests; otherwise non-empty TemporaryDir won't be removed. Test: recovery_component_test passes. Change-Id: Id3844abebd168c40125c4dcec54e6ef680a83c3a
2016-11-08Move recovery_test.cpp out of unit testTianjie Xu3-92/+99
Move recovery-refresh/persist tests out because these tests need special steps to run. Also switch the constants to std::string. Test: recovery_manual_test passed on an A/B device Change-Id: I60b3ec6f094044945c3aafc1fae540896a6ddea6
2016-11-08Make make_parent() to take const argumentTianjie Xu1-0/+22
Switch to use const std::string; and add corresponding tests. Bug: 32649858 Test: Component tests pass Change-Id: I640f3ec81f1481fa91aa310f8d4d96dac9649cb9
2016-11-08otautil: Clean up SysUtil.cpp.Tao Bao2-6/+147
Add unit testcases for sysMapFile(). Test: recovery_unit_test passes. Test: Build and use the new recovery image to sideload a package. Test: Build and use the new recovery image to install an update. Change-Id: I77d8f1ea151ab513865d992c256ba93a1fcb51a4 (cherry picked from commit c3292f3fcbb3cd608cc19b7459751fa5bb64ab84)
2016-11-07otautil: Clean up SysUtil.cpp.Tao Bao2-6/+147
Add unit testcases for sysMapFile(). Test: recovery_unit_test passes. Test: Build and use the new recovery image to sideload a package. Test: Build and use the new recovery image to install an update. Change-Id: I77d8f1ea151ab513865d992c256ba93a1fcb51a4
2016-11-04tests: Fix unit/zip_test.cpp.Tao Bao1-59/+50
It's accidentally broken when refactoring the testdata path. Also clean up the testcase a bit by simplying the file reading. Test: recovery_unit_test passes. Change-Id: I592a1cf5a4eb9a7a5f4eecbc6426baeedeb02781
2016-11-04updater: Add a testcase for RenameFn().Tao Bao1-0/+29
Test: recovery_component_test passes. Change-Id: Iba5a0fdf6c79e2bed6b30b8fc19a306c1ab29d8a
2016-11-04updater: Fix a bug in DeleteFn().Tao Bao1-0/+33
Also add a testcase for delete() function. Test: recovery_component_test passes. Change-Id: I064d1ad4693c3ed339d0a69eabadd08a61a2ea86
2016-11-03updater: Fix an off-by-1 bug in file_getprop().Tao Bao1-0/+50
Also add a testcase for file_getprop(). Test: recovery_component_test passes. Change-Id: I8eb2f9a5702b43997ac9f4b29665eea087b1c146
2016-11-03tests: Set up testdata path for continuous native tests.Tao Bao4-31/+23
continuous_native_tests expects the testdata under DATA/ in continuous_native_tests.zip. This CL packs a copy of the testdata into continuous_native_tests.zip as DATA/nativetest/recovery/testdata (via LOCAL_PICKUP_FILES). This CL also removes the extra copy for nativetest64. Testdata will always stay at /data/nativetest/recovery/testdata, even for 64-bit version. Otherwise we will unnecessarily get four copies (two for data/ and another two for DATA/). Bug: 32123241 Test: mmma bootable/recovery && adb sync data. On bullhead, /data/nativetest/recovery_component_test/recovery_component_test works; /data/nativetest64/recovery_component_test/recovery_component_test works. Test: m continuous_native_test; DATA/nativetest/recovery/testdata exists. Change-Id: Ifefa0309de7af23c77654e8e450848ca2da218c2
2016-11-01applypatch: Add testcases for applypatch executable.Tao Bao7-257/+324
Refactor applypatch/main.cpp into libapplypatch_modes so that we can add testcases. Some changes to applypatch/main.cpp: - Replace char** argv with const char**; - Use android::base::Split() to split ":"; - Use android::base::ParseUInt(). Bug: 32383590 Test: Unit tests pass, install-recovery.sh works. Change-Id: I44e7bfa5ab717d439ea1d0ee9ddb7b2c40bb95a4
2016-10-29applypatch: Switch the parameter of Value** to std::vector.Tao Bao1-126/+138
Test: Unit tests and install-recovery.sh pass on angler and dragon. Change-Id: I328e6554edca667cf850f5584ebf1ac211e3d4d1
2016-10-26tests: Generate testdata for 2nd arch.Tao Bao1-1/+12
We currently only copy the testdata to $(TARGET_OUT_DATA_NATIVE_TESTS)/recovery, which fails the tests generated for 2nd arch (TARGET_2ND_ARCH). For example, on angler /data/nativetest/recovery_component_test/recovery_component_test fails due to missing testdata. Bug: 32123241 Test: Both of /data/nativetest/recovery... and /data/nativetest64/recovery... work on angler. Change-Id: Ib76264b4408d01c08b2619c8ac84b2476ea5a8bc
2016-10-19Add a unit test for applypatch_checkTianjie Xu1-0/+5
If no sha1 is specified, applypatch_check should pass as long as the file content loads successfully. Add a unit case acccordingly. Test: Unit tests passed Bug: 32243751 Change-Id: I8c013be67c197d2935e11cf6acc59fb9b943cfd9
2016-10-18Replace minzip with libziparchiveTianjie Xu5-3/+104
Clean up the duplicated codes that handle the zip files in bootable/recovery; and rename the library of the remaining utility functions to libotautil. Test: Update package installed successfully on angler. Bug: 19472796 Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
2016-10-15Change StringValue to use std::stringTianjie Xu3-81/+67
Changing the field of 'Value' in edify to std::string from char*. Meanwhile cleaning up the users of 'Value' and switching them to cpp style. Test: compontent tests passed. Bug: 31713288 Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
2016-10-13edify: Some clean-ups to libedify.Tao Bao2-6/+23
- Remove dead declarations in expr.h: SetError(), GetError(), ClearError(). - Remove the declaration of Build() out of expr.h. - Use std::unordered_map to implement RegisterFunction() and FindFunction(); kill FinishRegistration(). - Add a testcase for calling unknown functions. Test: mmma bootable/recovery; recovery_component_test passes. Change-Id: I9af6825ae677f92b22d716a4a5682f58522af03b
2016-10-11updater: Kill the duplicate PrintSha1() in install.cpp.Tao Bao1-7/+36
Also add a testcase for sha1_check(). Test: mmma bootable/recovery; recovery_component_test passes. Change-Id: I4d06d551a771aec84e460148544f68b247a7e721
2016-10-11Refactor libupdater into a seperate module.Tao Bao2-6/+93
So that we can write native tests for updater functions. This CL adds a testcase for getprop() function. Test: mmma bootable/recovery; Run recovery_component_test on device. Change-Id: Iff4c1ff63c5c71aded2f9686fed6b71cc298c228
2016-10-05edify: Move State.script and State.errmsg to std::string.Tao Bao1-6/+1
This way we kill a few strdup() and free() calls. Test: 1. recovery_component_test still passes; 2. Applying an update with the new updater works; 3. The error code in a script with abort("E310: xyz") is recorded into last_install correctly. Change-Id: Ibda4da5937346e058a0d7cc81764d6f02920010a (cherry picked from commit 59dcb9cbea8fb70ab933fd10d35582b08cd13f37)
2016-10-04edify: Move State.script and State.errmsg to std::string.Tao Bao1-6/+1
This way we kill a few strdup() and free() calls. Test: 1. recovery_component_test still passes; 2. Applying an update with the new updater works; 3. The error code in a script with abort("E310: xyz") is recorded into last_install correctly. Change-Id: Ibda4da5937346e058a0d7cc81764d6f02920010a
2016-10-04recovery: drop log/logger.hMark Salyzyn1-1/+0
private/android_logger.h contains all we need. Test: compile Bug: 26552300 Bug: 31289077 Bug: 31456426 Change-Id: I6714d730372dc81f784e7f9dfee8a33848643a5d
2016-10-04edify: Move the testcases to gtest.Tao Bao2-0/+158
Now they live in tests/component/edify_test.cpp. Also rename edify/main.cpp to edify/edify_parser.cpp. It becomes a host-side debugging tool that validates the input edify script. However, it supports edify builtin functions only and doesn't recognize the ones defined via updater. Test: recovery_component_test passes on device. Change-Id: Ib94a787bf15098a9cc078d256b6a6dc96ff12b2e
2016-09-30Turn on -Werror for recoveryTianjie Xu1-1/+2
Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab (cherry picked from commit 7aa88748f6ec4e53333d1a15747bc44826ccc410)
2016-09-30Turn on -Werror for recoveryTianjie Xu1-1/+2
Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
2016-09-01Switch recovery to libbase loggingTianjie Xu1-2/+3
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 (cherry picked from commit 747781433fb01f745529c7e9dd97c5599070ad0d)
2016-09-01Switch recovery to libbase loggingTianjie Xu1-2/+3
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
2016-09-01Switch recovery to libbase loggingTianjie Xu1-2/+3
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
2016-08-26Fix clang-tidy warnings in bootable/recovery.Chih-Hung Hsieh1-1/+1
* Use const reference type for read-only parameters. Bug: 30407689 * Use faster overloaded string find function. Bug: 30411878 * Add parentheses around macro parameters. Bug: 28705665 Test: build with WITH_TIDY=1 Change-Id: I4e8e5748bfa4ae89871f1fb5fa4624d372530d75
2016-08-06Fix references to libcrypto_utils_static.Josh Gao1-2/+2
Bug: http://b/30708454 Change-Id: I7a5048beff1d8b783a9683dcb4a79606a77f20ee
2016-08-01Clean up verifier testcases.Tao Bao21-41/+30
A Certificate is a pair of an RSAPublicKey and a particular hash. So v1 and v3 differ in the hash algorithm (SHA-1 vs SHA-256), similarly for v2 and v4. In verifier testcases, we used to load v1/v2 keys with an explicit argument of "sha256" to test the v3/v4 keys. This CL switches to loading v3/v4 keys directly and lets load_keys() to handle that, which is the actual flow we use in practice. Also remove the "fallback to v1 key" in the testcases, which is not the actual behavior. Bug: 30415901 Test: Run the verifier_test component test on device. Change-Id: I3a2baa64826f1b6c4c367a560090df384c4521bb
2016-06-16tests: Remove obsolete MTD support.Tao Bao1-1/+0
Track the change in commit 63a319201fc0f5c34c1c62b446527e06f57f8d40 and fix builds. Bug: http://b/29250988 Change-Id: Iad5be953e102020931649629afc980d585ed2931 (cherry picked from commit ab2fb94bf48483d761ba3aa85e0acf851895566f)
2016-06-16tests: Remove obsolete MTD support.Tao Bao1-1/+0
Track the change in commit 63a319201fc0f5c34c1c62b446527e06f57f8d40 and fix builds. Bug: http://b/29250988 Change-Id: Iad5be953e102020931649629afc980d585ed2931 (cherry picked from commit ab2fb94bf48483d761ba3aa85e0acf851895566f)
2016-06-16tests: Remove obsolete MTD support.Tao Bao1-1/+0
Track the change in commit 63a319201fc0f5c34c1c62b446527e06f57f8d40 and fix builds. Bug: http://b/29250988 Change-Id: Iad5be953e102020931649629afc980d585ed2931
2016-04-29Add ability to show "installing security update"Tianjie Xu1-0/+1
Add a new command "--security" to boot commands. If this command is observed as part of BCB, choose a different background text picture for installing stage in recovery UI. As a result, users will see "installing security update" instead of "installing system update" when applying a security update package. Bug: 27837319 Change-Id: I2e2253a124993ecc24804fa1ee0b918ac96837c5
2016-04-20Fix matches_locale functionTianjie Xu2-1/+34
matches_locale was expecting input locale string to have at most one underscore; as a result "zh_CN_#Hans" ignores "zh_CN" and matches into "zh". Fix the match function and add unit tests. Bug: 27837319 Change-Id: I4e8a66f91cae6ac2a46b6bf21f670d5ea564c7c8
2016-04-14Use BoringSSL instead of mincrypt to speed up package verification.Elliott Hughes5-109/+26
This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with merge conflict resolution, extra logging in verifier.cpp, and an increase in the hash chunk size from 4KiB to 1MiB. Bug: http://b/28135231 Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
2016-04-06Convert recovery to use BoringSSL instead of mincrypt.Mattias Nissler5-109/+28
This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
2016-03-31recovery: use __android_log_pmsg_file_write for log filesMark Salyzyn2-0/+94
(cherry-pick from commit a4f701af93a5a739f34823cde0c493dfbc63537a) - Add call to __android_log_pmsg_file_write for recovery logging. - Add call to refresh pmsg if we reboot back into recovery and then allow overwrite of those logs. - Add a new one-time executable recovery-refresh that refreshes pmsg in post-fs phase of init. We rely on pmsg eventually scrolling off to age the content after recovery-persist has done its job. - Add a new one-time executable recovery-persist that transfers from pmsg to /data/misc/recovery/ directory if /cache is not mounted in post-fs-data phase of init. - Build and appropriately trigger the above two as required if BOARD_CACHEIMAGE_PARTITION_SIZE is undefined. - Add some simple unit tests NB: Test failure is expected on systems that do not deliver either the recovery-persist or recovery-refresh executables, e.g. systems with /cache. Tests also require a timely reboot sequence of test to truly verify, tests provide guidance on stderr to direct. Bug: 27176738 Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
2016-03-28recovery: use __android_log_pmsg_file_write for log filesMark Salyzyn2-0/+94
- Add call to __android_log_pmsg_file_write for recovery logging. - Add call to refresh pmsg if we reboot back into recovery and then allow overwrite of those logs. - Add a new one-time executable recovery-refresh that refreshes pmsg in post-fs phase of init. We rely on pmsg eventually scrolling off to age the content after recovery-persist has done its job. - Add a new one-time executable recovery-persist that transfers from pmsg to /data/misc/recovery/ directory if /cache is not mounted in post-fs-data phase of init. - Build and appropriately trigger the above two as required if BOARD_CACHEIMAGE_PARTITION_SIZE is undefined. - Add some simple unit tests NB: Test failure is expected on systems that do not deliver either the recovery-persist or recovery-refresh executables, e.g. systems with /cache. Tests also require a timely reboot sequence of test to truly verify, tests provide guidance on stderr to direct. Bug: 27176738 Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
2016-03-12Port applypatch.sh tests to recovery_component_testsJed Estep7-8/+429
Bug: 27135282 Change-Id: If53682b591397ddfdb84860a3779b612904d4489
2016-02-22Fix verifier test base testdata directory after merge conflictJed Estep1-1/+1
Change-Id: I7ffba0be5a6befc875ce59b51a008c1892e7d34b
2016-02-05Change on-device directory for recovery test dataJed Estep2-2/+2
Test data needs to go outside the gtest module. Change-Id: Ic444ca838cbafa651ec97ff8730129da84fafc09
2016-02-05verifier_test: Suppress the unused parameter warnings.Tao Bao1-8/+9
Change-Id: I51fec30114c0a31efc9c2ac8472654baf8bb3e84
2016-02-04Refactor existing tests to use gtestJed Estep22-3/+413
Bug: 26962907 Change-Id: I5f80636af1740badeff7d08193f08e23f4e4fee1
2015-11-16recovery: Switch to clangTao Bao1-0/+1
And a few trival fixes to suppress warnings. Change-Id: Id28e3581aaca4bda59826afa80c0c1cdfb0442fc (cherry picked from commit 80e46e08de5f65702fa7f7cd3ef83f905d919bbc)
2015-06-03recovery: Switch to clangTao Bao1-0/+1
And a few trival fixes to suppress warnings. Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
2014-10-17More test makefile cleanup.Dan Albert1-24/+23
Global variables kill. No need to manually link gtest, and that causes problems with libc++. Change-Id: If804cdd436cf1addfa9a777708efbc37c27770b6
2013-10-10Add support for ECDSA signaturesKenny Root2-0/+264
This adds support for key version 5 which is an EC key using the NIST P-256 curve parameters. OTAs may be signed with these keys using the ECDSA signature algorithm with SHA-256. Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567