summaryrefslogtreecommitdiffstats
path: root/updater (follow)
Commit message (Collapse)AuthorAgeFilesLines
* updater: libapplypatch needs libbase now.Tao Bao2015-07-171-1/+1
| | | | Change-Id: Ibe3173edd6274b61bd9ca5ec394d7f6b4a403639
* recovery: Switch applypatch/ and updater/ to cpp.Tao Bao2015-07-144-112/+113
| | | | | | | Mostly trivial changes to make cpp compiler happy. Change-Id: I1b0481465c67c3bbca35a839d0764190d84ff34e (cherry picked from commit ba9a42aa7e10686de186636fe9fecbf8c4cc7c19)
* am 7125f959: Revert "Zero blocks before BLKDISCARD"Tao Bao2015-07-011-17/+1
|\ | | | | | | | | * commit '7125f9594db027ce4313d940ce2cafac67ae8c31': Revert "Zero blocks before BLKDISCARD"
| * Revert "Zero blocks before BLKDISCARD"Tao Bao2015-07-011-17/+1
| | | | | | | | | | | | | | | | | | | | This reverts commit b65f0272c860771f2105668accd175be1ed95ae9. It slows down the update too much on some devices (e.g. increased from 8 mins to 40 mins to take a full OTA update). Bug: 22129621 Change-Id: I4e8d4f6734967caf4f0d19c734027f7b6c107370
| * More accurate checking for overlapped ranges.Tao Bao2015-06-261-1/+1
| | | | | | | | | | | | | | | | | | A RangeSet has half-closed half-open bounds. For example, "3,5" contains blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped. Bug: 22098085 Change-Id: I362d259f8b5d62478858ad0422b635bc5068698d (cherry picked from commit c0f56ad76680df555689d4a2397487ef8c16b1a6)
| * Zero blocks before BLKDISCARDSami Tolvanen2015-06-101-1/+17
| | | | | | | | | | | | | | | | | | | | | | Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f (cherry picked from commit a3c75e3ea60d61df93461f5c356befe825c429d2)
| * Revert "Zero blocks before BLKDISCARD"Sami Tolvanen2015-06-101-5/+9
| | | | | | | | | | | | This reverts commit 604c583c9dd3d47906b1a57c14a7e9650df7471e. Change-Id: I2b0b283dc3f44bae55c5e9f7231d7c712630c2b5
| * Zero blocks before BLKDISCARDSami Tolvanen2015-06-091-9/+5
| | | | | | | | | | | | | | | | | | | | | | Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3 (cherry picked from commit 96392b97f6bf1670d478494fb6df89a3410e53fa)
| * Really don't use TEMP_FAILURE_RETRY with close in recovery.Elliott Hughes2015-05-291-1/+1
| | | | | | | | | | | | | | | | I missed one last time. Bug: http://b/20501816 Change-Id: I9896ee2704237d61ee169f898680761e946e0a56 (cherry picked from commit b3ac676192a093c561b7f15064cbd67733407b12)
| * Handle BLKDISCARD failuresSami Tolvanen2015-05-291-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | In the block updater, if BLKDISCARD fails, the error is silently ignored and some of the blocks may not be erased. This means the target partition will have inconsistent contents. If the ioctl fails, return an error and abort the update. Bug: 20614277 Change-Id: I33867ba9337c514de8ffae59f28584b285324067 (cherry picked from commit cc2428c8181d18c9a88db908fa4eabd2db5601ad)
| * Don't use TEMP_FAILURE_RETRY on close in recovery.Elliott Hughes2015-05-161-2/+2
| | | | | | | | | | | | Bug: http://b/20501816 Change-Id: I35efcd8dcec7a6492ba70602d380d9980cdda31f (cherry picked from commit b47afedb42866e85b76822736d915afd371ef5f0)
| * Check all lseek calls succeed.Elliott Hughes2015-04-301-28/+20
| | | | | | | | | | | | | | | | Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek. Bug: http://b/20625546 Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b (cherry picked from commit 7bad7c4646ee8fd8d6e6ed0ffd3ddbb0c1b41a2f)
* | More accurate checking for overlapped ranges.Tao Bao2015-06-261-1/+1
| | | | | | | | | | | | | | | | A RangeSet has half-closed half-open bounds. For example, "3,5" contains blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped. Bug: 22098085 Change-Id: I75e54a6506f2a20255d782ee710e889fad2eaf29
* | Zero blocks before BLKDISCARDSami Tolvanen2015-06-101-1/+17
| | | | | | | | | | | | | | | | | | | | Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f
* | Revert "Zero blocks before BLKDISCARD"Sami Tolvanen2015-06-101-5/+9
| | | | | | | | | | | | This reverts commit 96392b97f6bf1670d478494fb6df89a3410e53fa. Change-Id: I77acc27158bad3cd8948390a3955197646a43a31
* | Zero blocks before BLKDISCARDSami Tolvanen2015-06-091-9/+5
| | | | | | | | | | | | | | | | | | | | Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3
* | recovery: Switch to clangTao Bao2015-06-031-0/+2
| | | | | | | | | | | | And a few trival fixes to suppress warnings. Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
* | Fix build: fprintf without modifierTao Bao2015-06-031-2/+1
| | | | | | | | Change-Id: I66ae21a25a25fa3c70837bc54a7d406182d4cf37
* | Merge "Log update outputs in order"Tao Bao2015-06-031-0/+6
|\ \
| * | Log update outputs in orderTao Bao2015-06-031-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Although stdout and stderr are both redirected to log file with no buffering, we are seeing some outputs are mixed in random order. This is because ui_print commands from the updater are passed to the recovery binary via a pipe, which may interleave with other outputs that go to stderr directly. In recovery, adding ui::PrintOnScreenOnly() function to handle ui_print command, which skips printing to stdout. Meanwhile, updater prints the contents to stderr in addition to piping them to recovery. Change-Id: Idda93ea940d2e23a0276bb8ead4aa70a3cb97700
* | | Merge "Really don't use TEMP_FAILURE_RETRY with close in recovery."Elliott Hughes2015-05-291-1/+1
|\ \ \
| * | | Really don't use TEMP_FAILURE_RETRY with close in recovery.Elliott Hughes2015-05-291-1/+1
| |/ / | | | | | | | | | | | | | | | | | | I missed one last time. Bug: http://b/20501816 Change-Id: I9896ee2704237d61ee169f898680761e946e0a56
* / / Handle BLKDISCARD failuresSami Tolvanen2015-05-281-2/+1
|/ / | | | | | | | | | | | | | | | | | | | | In the block updater, if BLKDISCARD fails, the error is silently ignored and some of the blocks may not be erased. This means the target partition will have inconsistent contents. If the ioctl fails, return an error and abort the update. Bug: 20614277 Change-Id: I33867ba9337c514de8ffae59f28584b285324067
* | Stop using libstdc++.Dan Albert2015-05-191-1/+1
| | | | | | | | | | | | | | | | These are already getting libc++, so it isn't necessary. If any of the other static libraries (such as adb) use new or delete from libc++, there will be symbol collisions. Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f
* | Merge "Add error and range checks to parse_range"Sami Tolvanen2015-05-181-10/+71
|\ \
| * | Add error and range checks to parse_rangeSami Tolvanen2015-05-151-10/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only trusted input is passed to parse_range, but check for invalid input to catch possible problems in transfer lists. Bug: 21033983 Bug: 21034030 Bug: 21034172 Bug: 21034406 Change-Id: Ia17537a2d23d5f701522fbc42ed38924e1ee3366
* | | Don't use TEMP_FAILURE_RETRY on close in recovery.Elliott Hughes2015-05-161-2/+2
|/ / | | | | | | | | Bug: http://b/20501816 Change-Id: I35efcd8dcec7a6492ba70602d380d9980cdda31f
* / Check all lseek calls succeed.Elliott Hughes2015-04-301-28/+20
|/ | | | | | | Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek. Bug: http://b/20625546 Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
* Don't remove existing explicitly stashed blocksSami Tolvanen2015-04-171-10/+28
| | | | | | | | | | | | | | | | When automatically stashing overlapping blocks, should the stash file already exist due to an explicit stash command, it's not safe to remove the stash file after the command has completed. Note that it is safe to assume that the stash file will remain in place during the execution of the next command, so we don't have take other measures to preserve overlapping blocks. The stash file itself will be removed by a free command when it's no longer needed. Bug: 20297065 Change-Id: I8ff1a798b94086adff183c5aac03260eb947ae2c
* Always use strerror to report errno in recovery.Elliott Hughes2015-03-231-19/+20
| | | | Change-Id: I7009959043150fabf5853a43ee2448c7fbea176e
* Remove more dead code from minzip.Narayan Kamath2015-02-271-1/+1
| | | | | | | | | | | | I've added explanatory comments to mzExtractRecursive because that function will live on as a utility even after we move the zip format related logic to libziparchive. bug: 19472796 (cherry-picked from commit c9ccdfd7a42de08c47ab771b94dc5b9d1f957b95) Change-Id: I8b7fb6fa3eafb2e7ac080ef7a7eceb691b252d8a
* Initialize stashbase even stash_max_blocks = 0Jesse Zhao2015-02-181-1/+1
| | | | | Change-Id: I480c02ffedd811f4dda9940ef979a05ff54f1435 Bug: 19410117
* am 42b09d25: am 6a0d2fbc: Merge "There\'s no GPL code in \'updater\'."Elliott Hughes2015-02-092-339/+0
|\ | | | | | | | | * commit '42b09d255afdb47bc0546183cbc68e86147baaab': There's no GPL code in 'updater'.
| * am 6a0d2fbc: Merge "There\'s no GPL code in \'updater\'."Elliott Hughes2015-02-072-339/+0
| |\ | | | | | | | | | | | | * commit '6a0d2fbcaa1740da7bb0e7a0ef8280e8b7b9bb05': There's no GPL code in 'updater'.
| | * There's no GPL code in 'updater'.Elliott Hughes2015-02-052-339/+0
| | | | | | | | | | | | | | | | | | | | | This notice was added for libsyspatch and libxdelta3, but that code has been removed since. Change-Id: I4008878ded56ca1d5094a8208728f8c02fe1fe03
* | | Merge "Support resuming block based OTAs"Sami Tolvanen2015-02-061-346/+1460
|\ \ \ | |/ / |/| |
| * | Support resuming block based OTAsSami Tolvanen2015-01-301-346/+1460
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for transfer list version 3, which allows us to verify the status of each command and resume an interrupted block based OTA update. Notes on the changes: - Move the previous BlockImageUpdateFn to a shorter and reusable PerformBlockImageUpdate, which can be used also in BlockImageVerifyFn for verification. - Split individual transfer list commands into separate functions with unified parameters for clarity, and use a hash table to locate them during execution. - Move common block reading and writing to ReadBlocks and WriteBlocks to reduce code duplication, and rename the readblock and writeblock to less confusing read_all and write_all. The coding style of the new functions follows the existing style in the updater/edify code. Needs matching changes from Ia5c56379f570047f10f0aa7373a1025439495c98 Bug: 18262110 Change-Id: I1e752464134aeb2d396946348e6041acabe13942
* | | am aeecac54: Merge "Add missing includes."Elliott Hughes2015-01-301-0/+1
|\ \ \ | |/ / |/| / | |/ | | * commit 'aeecac5444ce55d2e82ee1b2aa35ff61a038c14e': Add missing includes.
| * Add missing includes.Elliott Hughes2015-01-301-0/+1
| | | | | | | | Change-Id: I06ea08400efa511e627be37a4fd70fbdfadea2e6
* | am c43b17f0: Merge "Fix recovery image build for 32p"Ying Wang2014-12-021-1/+1
|\| | | | | | | | | * commit 'c43b17f0adac1092e221ce6166ca8bc464090525': Fix recovery image build for 32p
| * Fix recovery image build for 32pBruce Beare2014-12-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | When building for 32p, we need to be explicit that we wish to build the 32bit version of the binaries that will be placed in the recovery image. The recovery image doesn't actually care... but if we are not explicit in this, the makefiles will ask for the 64bit binaries but the Android.mk for the binaries will supply the 32bit images (causing the build to fail). Change-Id: Iea2d5f412740c082795da4358765751138a4b167
* | am b278c252: Add support for tune2fs file operationsMichael Runge2014-11-242-0/+43
|\ \ | | | | | | | | | | | | * commit 'b278c252e148798346f85fc92eeea6afeb33fbf0': Add support for tune2fs file operations
| * | Add support for tune2fs file operationsMichael Runge2014-11-212-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | This allows tune2fs to be executed from within OTA scripts, allowing for file system modifications without formatting the partition Bug: 18430740 Change-Id: I0c2e05b5ef4a81ecea043e9b7b99b545d18fe5e6
* | | am 5ddf4293: Log mount/unmount errors to UIMichael Runge2014-10-251-5/+9
|\| | | | | | | | | | | | | | * commit '5ddf4293df45a051c7900eeb62fb5ec4950b6cb6': Log mount/unmount errors to UI
| * | Log mount/unmount errors to UIMichael Runge2014-10-241-5/+9
| | | | | | | | | | | | | | | Bug: 18092022 Change-Id: I6c42038ebeb1cfc1e7ca0d3e12310fdce1b990b0
* | | am 68802416: unconditionally apply SELinux labels to symlinksNick Kralevich2014-10-241-10/+9
|\| | | | | | | | | | | | | | * commit '688024169df70336cc128ea8cc929174c53a501e': unconditionally apply SELinux labels to symlinks
| * | unconditionally apply SELinux labels to symlinksNick Kralevich2014-10-241-10/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At the end of the OTA script, we walk through /system, updating all the permissions on the filesystem, including the UID, GID, standard UNIX permissions, capabilities, and SELinux labels. In the case of a symbolic link, however, we want to skip most of those operations. The UID, GID, UNIX permissions, and capabilities don't meaningfully apply to symbolic links. However, that's not true with SELinux labels. The SELinux label on a symbolic link is important. We need to make sure the label on the symbolic link is always updated, even if none of the other attributes are updated. This change unconditionally updates the SELinux label on the symbolic link itself. lsetfilecon() is used, so that the link itself is updated, not what it's pointing to. In addition, drop the ENOTSUP special case. SELinux has been a requirement since Android 4.4. Running without filesystem extended attributes is no longer supported, and we shouldn't even try to handle non-SELinux updates anymore. (Note: this could be problematic if these scripts are ever used to produce OTA images for 4.2 devices) Bug: 18079773 Change-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91
* | | am 168f7778: Allow passing of mount args to mountFnMichael Runge2014-10-231-5/+18
|\| | | | | | | | | | | | | | * commit '168f77787700f0e9f66675beef33c593a777e64e': Allow passing of mount args to mountFn
| * | Allow passing of mount args to mountFnMichael Runge2014-10-231-5/+18
| | | | | | | | | | | | | | | | | | | | | Bug: 18079773 Bug: 18092222 Change-Id: Ifc3f3e123de729dfbb2f49414b3207afa96268d5
* | | am 473967d8: Merge "Log to UI any metadata setting errors" into lmp-devBrian Carlstrom2014-10-231-34/+50
|\| | | | | | | | | | | | | | * commit '473967d87ff9fc7a541c16ebdc56364c285d2862': Log to UI any metadata setting errors
| * | Merge "Log to UI any metadata setting errors" into lmp-devBrian Carlstrom2014-10-231-34/+50
| |\ \
| | * | Log to UI any metadata setting errorsMichael Runge2014-10-231-34/+50
| | |/ | | | | | | | | | | | | Bug: 18079773 Change-Id: Ic6fddbcbcb6ddb9e1cbd1698df98387c0033ae15
* | | am 2f0ef730: Treat already-renamed files as having no problems.Michael Runge2014-10-231-0/+3
|\| | | | | | | | | | | | | | * commit '2f0ef73029fc51c6404121f338b034c8b516652c': Treat already-renamed files as having no problems.
| * | Treat already-renamed files as having no problems.Michael Runge2014-10-231-0/+3
| |/ | | | | | | | | | | | | | | This should help with reentrant OTAs. Bug: 18079773 Change-Id: I102fd738e3b450483ecd4471384c12e89fc586e2
* / support for version 2 of block image diffsDoug Zongker2014-09-261-45/+209
|/ | | | | | | | | | | | | | | | | | | In version 2 of block image diffs, we support a new command to load data from the image and store it in the "stash table" and then subsequently use entries in the stash table to fill in missing bits of source data we're not allowed to read when doing move/bsdiff/imgdiff commands. This leads to smaller update packages because we can break cycles in the ordering of how pieces are updated by storing data away and using it later, rather than not using the data as input to the patch system at all. This comes at the cost of the RAM or scratch disk needed to store the data. The implementation is backwards compatible; it can still handle the existing version 1 of the transfer file format. Change-Id: I4559bfd76d5403859637aeac832f3a5e9e13b63a
* Merge "fix comment in blockimg updater code" into lmp-devDoug Zongker2014-09-041-3/+3
|\
| * fix comment in blockimg updater codeDoug Zongker2014-09-041-3/+3
| | | | | | | | | | | | The comment for the DEBUG_ERASE setting is exactly backwards. Change-Id: I98ab5828365894217fc78976817a131e7d22d5c1
* | use lseek64 instead of lseekAndrew Boie2014-09-041-11/+11
|/ | | | | | | | Otherwise, overflow problems can occur with images larger than 2G since the offsets will overflow a 32-bit off_t. Change-Id: I05951a38ebeae83ad2cb938594e8d8adb323e2aa Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* remove code for original block OTA mechanismDoug Zongker2014-08-262-209/+6
| | | | | | | Superseded by newer code. Bug: 16984795 Change-Id: I842299f6a02af7ccf51ef2ca174d813ca53deef1
* fix two bugs in block image updaterDoug Zongker2014-08-211-18/+32
| | | | | | | | | The computation of file offsets was overflowing for partitions larger than 2 GB. The parsing of the transfer file could fail at the end if the data happened to not be properly null-terminated. Bug: 16984795 Change-Id: I3ce6eb3e54ab7b55aa9bbed252da5a7eacd3317a
* installer for new block OTA systemDoug Zongker2014-08-206-1/+662
| | | | | | | (Cherry-pick back from master.) Bug: 16984795 Change-Id: Ifa3d8345c5e2a0be86fb28faa080ca82592a96b4
* remove spurious parens from error messageDoug Zongker2014-08-061-4/+3
| | | | | | | | These error messages include empty parens after each string substition. Ill-advised cut and paste, probably. Bug: 16467401 Change-Id: Ib623172d6228354afdcc2e33442cc53a07f0ecbc
* Auto create parent directories for rename supportMichael Runge2014-07-222-3/+7
| | | | | | | | | Sometimes renames will move a file into a directory that does not yet exist. This will create the parent directories, using the same symlink logic, to ensure that there is a valid destination. Change-Id: Iaa005a12ce800c39f4db20f7c25a2a68cb40a52d
* Support F2FS for the data partitionJP Abgrall2014-06-171-2/+35
| | | | | | | | | | | | This adds F2FS support - for wiping a device - for the install "format" command. Note: crypto data in "footer" with a default/negative length is not supported, unlike with "ext4". Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870 Signed-off-by: JP Abgrall <jpa@google.com>
* advance progress bar during block OTA installationsDoug Zongker2014-06-091-2/+23
| | | | | | | | | While executing syspatch and package_extract_file() calls with don't care maps (both of which are used to rewrite the system image in incremental and full block OTAs, respectively), pass a progress callback in and use it to update the visible progress bar. Change-Id: I1d3742d167c1bb2130571eb5103b7795c65ff371
* disable async reboot during package installationDoug Zongker2014-05-231-0/+11
| | | | | | | | | | The default recovery UI will reboot the device when the power key is pressed 7 times in a row, regardless of what recovery is doing. Disable this feature during package installation, to minimize the chance of corrupting the device due to a mid-install reboot. (Debug packages can explicitly request that the feature be reenabled.) Change-Id: I20f3ec240ecd344615d452005ff26d8dd7775acf
* Allow lines without = signs.Michael Runge2014-05-021-5/+3
| | | | | | | | | The new build.prop for Sprout includes lines of the format: import xxx.prop These can be safely ignored when reading the property file. Change-Id: Ia84a138e71461ffe8e591e88143b9787873def29
* am 4b6de1ba: am 026ebe02: Merge "Recovery 64-bit compile issues"Mark Salyzyn2014-03-141-2/+2
|\ | | | | | | | | * commit '4b6de1ba1ce0fff95c18a8abb7ba6e5762006d49': Recovery 64-bit compile issues
| * am 026ebe02: Merge "Recovery 64-bit compile issues"Mark Salyzyn2014-03-141-2/+2
| |\ | | | | | | | | | | | | * commit '026ebe0214d6c1c9b3ddc22c35e9ac37e5f622bc': Recovery 64-bit compile issues
| | * Recovery 64-bit compile issuesMark Salyzyn2014-03-141-2/+2
| | | | | | | | | | | | Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
* | | support don't-care maps when writing the system imageDoug Zongker2014-02-251-62/+172
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make package_extract_file() take an optional third argument which is the pathname (in the package zip) of a map of don't-care regions to skip over when writing the file. Modify syspatch() to take source and target don't-care maps and use them when patching the system partition. Add the wipe_block_device() function to do a discard of all data on the partition. Change-Id: I8c856054edfb6aab2f3e5177f16d9d78add20be4
* | | add flag for GPL licenseDoug Zongker2014-02-202-0/+339
| | | | | | | | | | | | | | | | | | | | | updater now depends on the GPL'd libraries libsyspatch and libxdelta3, so be careful when taking code from this directory. Change-Id: Ib6f8c50ce7052912b9d81ff96d095f778bf9a3d0
* | | Merge "clean up some warnings when building recovery"Doug Zongker2014-02-183-5/+5
|\ \ \
| * | | clean up some warnings when building recoveryDoug Zongker2014-02-143-5/+5
| | | | | | | | | | | | | | | | Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
* | | | remove remaining libminelf referencesDoug Zongker2014-02-141-1/+0
|/ / / | | | | | | | | | Change-Id: Id38b08607829bccc031693cc03e60e849903b6f8
* | | remove 'retouch' ASLR supportDoug Zongker2014-02-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Older versions of android supported an ASLR system where binaries were randomly twiddled at OTA install time. Remove support for this; we now use the ASLR support in the linux kernel. Change-Id: I8348eb0d6424692668dc1a00e2416fbef6c158a2
* | | add syspatch support to updaterDoug Zongker2014-02-132-14/+115
| | | | | | | | | | | | | | | | | | | | | Add the syspatch() function, which can apply xdelta3+xz patches using the libsyspatch library. Change-Id: Idc1921e449020923bcaf425a1983bec0833e47ed
* | | do verification and extraction on memory, not filesDoug Zongker2014-01-161-4/+11
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes minzip and recovery's file signature verification to work on memory regions, rather than files. For packages which are regular files, install.cpp now mmap()s them into memory and then passes the mapped memory to the verifier and to the minzip library. Support for files which are raw block maps (which will be used when we have packages written to encrypted data partitions) is present but largely untested so far. Bug: 12188746 Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
* | am f9dd42de: Merge "Don\'t abort on read_file if the file is missing." into klp-devMichael Runge2013-12-271-5/+3
|\ \ | | | | | | | | | | | | * commit 'f9dd42de6034ab09f9fa649ed1fbea25bc05e598': Don't abort on read_file if the file is missing.
| * | Don't abort on read_file if the file is missing.Michael Runge2013-12-141-5/+3
| | | | | | | | | | | | Change-Id: I85726bf736203d602428114145c3b98692580656
* | | am c87bab10: add the functions for multi-stage packages to updaterDoug Zongker2013-11-271-1/+106
|\| | | |/ |/| | | | | * commit 'c87bab101893e8322b49d7c8600e3367b20ab50a': add the functions for multi-stage packages to updater
| * add the functions for multi-stage packages to updaterDoug Zongker2013-11-271-1/+106
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to support multi-stage recovery packages, we add the set_stage() and get_stage() functions, which store a short string somewhere it can be accessed across invocations of recovery. We also add reboot_now() which updater can invoke to immediately reboot the device, without doing normal recovery cleanup. (It can also choose whether to boot off the boot or recovery partition.) If the stage string is of the form "#/#", recovery's UI will be augmented with a simple indicator of what stage you're in, so it doesn't look like a reboot loop. Change-Id: I62f7ff0bc802b549c9bcf3cc154a6bad99f94603
* | am c64e76c7: Merge "Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add." into klp-devMichael Runge2013-11-081-0/+35
|\| | | | | | | | | * commit 'c64e76c75088b951f61a7f7bacf8af6eccd2ccfa': Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add.
| * Enable incremental builder to find files that moved, andMichael Runge2013-11-071-0/+35
| | | | | | | | | | | | | | | | | | try to process them via patch + rename, instead of delete + add. b/11437930 Change-Id: I984349fbc9a8dac4379e00c0d66fc7d22c4eb834
* | updater: Delete dead codeNick Kralevich2013-09-171-87/+0
|/ | | | | | | | set_perm and set_perm_recursive are no longer used. Delete. (cherry picked from commit 08ef9a957027183dcf55e432441e8fb0d5299aba) Change-Id: I1bcc90ae19af9df4f0705496c5876987159f75ac
* Don't apply permission changes to symlink.Nick Kralevich2013-09-111-0/+5
| | | | | | | Bug: 10183961 Bug: 10186213 Bug: 8985290 Change-Id: I57cb14af59682c5f25f1e091564548bdbf20f74e
* updater: introduce and set_metadata and set_metadata_recursiveNick Kralevich2013-09-101-0/+274
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce two new updater functions: * set_metadata * set_metadata_recursive Long term, these functions are intended to be more flexible replacements for the following methods: * set_perm * set_perm_recursive Usage: set_metadata("filename", "key1", "value1", "key2", "value2", ...) set_metadata_recursive("dirname", "key1", "value1", "key2", "value2", ...) Description: set_metadata() and set_metadata_recursive() set the attributes on a file/directory according to the key/value pairs provided. Today, the following keys are supported: * uid * gid * mode (set_perm_extd only) * fmode (set_perm_extd_recursive only) * dmode (set_perm_extd_recursive only) * selabel * capabilities Unknown keys are logged as warnings, but are not fatal errors. Examples: * set_metadata("/system/bin/netcfg", "selabel", "u:object_r:system_file:s0"); This sets the SELinux label of /system/bin/netcfg to u:object_r:system_file:s0. No other changes occur. * set_metadata("/system/bin/netcfg", "uid", 0, "gid", 3003, "mode", 02750, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); This sets /system/bin/netcfg to uid=0, gid=3003, mode=02750, selinux label=u:object_r:system_file:s0, and clears the capabilities associated with the file. * set_metadata_recursive("/system", "uid", 0, "gid", 0, "fmode", 0644, "dmode", 0755, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); All files and directories under /system are set to uid=0, gid=0, and selinux label=u:object_r:system_file:s0. Directories are set to mode=0755. Files are set to mode=0644 and all capabilities are cleared. Bug: 10183961 Bug: 10186213 Bug: 8985290 Change-Id: Ifdcf186a7ed45265511dc493c4036e1ac5e3d0af
* Revert "Update OTA installer to understand SELinux filesystem labels"Nick Kralevich2013-09-091-24/+5
| | | | | | | This reverts commit 627eb30f73c29257acaeb6568f3da38880784f7c. Bug: 10183961 Bug: 10186213
* Update OTA installer to understand SELinux filesystem labelsNick Kralevich2013-07-191-5/+24
| | | | | | | | | | | | | | | | | | Modify the OTA installer to understand SELinux filesystem labels. We do this by introducing new set_perm2 / set_perm2_recursive calls, which understand SELinux filesystem labels. These filesystem labels are applied at the same time that we apply the UID / GID / permission changes. For compatibility, we preserve the behavior of the existing set_perm / set_perm_recursive calls. If the destination kernel doesn't support security labels, don't fail. SELinux isn't enabled on all kernels. Bug: 8985290 Change-Id: I99800499f01784199e4918a82e3e2db1089cf25b
* recovery: move log output to stdoutDoug Zongker2013-07-092-48/+48
| | | | | | | | Recovery currently has a random mix of messages printed to stdout and messages printed to stderr, which can make logs hard to read. Move everything to stdout. Change-Id: Ie33bd4a9e1272e731302569cdec918e0534c48a6
* Merge "verifier: update to support certificates using SHA-256"Doug Zongker2013-04-121-1/+1
|\
| * verifier: update to support certificates using SHA-256Doug Zongker2013-04-101-1/+1
| | | | | | | | Change-Id: Ifd5a29d459acf101311fa1c220f728c3d0ac2e4e
* | Add liblogYing Wang2013-04-101-1/+1
|/ | | | | Bug: 8580410 Change-Id: Ie60dade81c06589cb0daee431611ded34adef8e6
* resolved conflicts for merge of 78afed1c to jb-mr1-dev-plus-aospKenny Root2012-10-174-16/+1
|\ | | | | | | Change-Id: I861e3a6aa07c448909b2ae54618bba178bd6e457
| * Remove HAVE_SELINUX guardsKenny Root2012-10-164-16/+1
| | | | | | | | Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
* | add bonus data feature to imgdiff/imgpatch/applypatchDoug Zongker2012-08-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The bonus data option lets you give an additional blob of uncompressed data to be used when constructing a patch for chunk #1 of an image. The same blob must be available at patch time, and can be passed to the command-line applypatch tool (this feature is not accessible from edify scripts). This will be used to reduce the size of recovery-from-boot patches by storing parts of the recovery ramdisk (the UI images) on the system partition. Change-Id: Iac1959cdf7f5e4582f8d434e83456e483b64c02c
* | am 3733d218: Merge changes I664f8dc7,I4154db06,I5e1df90fJoe Onorato2012-08-171-1/+4
|\| | | | | | | | | | | | | * commit '3733d2185bbcedd9ef626907f1f32628986cc0f5': Use the static version of libsparse Multiple modules with the same name are going away. host modules don't need LOCAL_MODULE_TAGS
| * Use the static version of libsparseJoe Onorato2012-07-241-1/+1
| | | | | | | | Change-Id: I664f8dc7939f8f902e4775eaaf6476fcd4ab8ed2
| * Multiple modules with the same name are going away.Joe Onorato2012-07-221-1/+4
| | | | | | | | Change-Id: I4154db066865d6031caa3c2c3b94064b2f28076e
* | fix the symlink() command to create directories if neededDoug Zongker2012-08-071-3/+29
|/ | | | | | | | | | | Full OTAs currently fail if the build contains a directory containing only symlinks, because nothing creates that directory. Change the symlink() command to create any ancestor directories that don't exist. They're created as owner root perms 0700 because we assume that in practice subsequent set_perm_recursive() calls will fix up their ownership and permissions. Change-Id: I4681cbc85863d9778e36b924f0532b2b3ef14310
* Link against libsparseColin Cross2012-07-181-1/+1
| | | | | | libext4_utils requires libsparse, link against it as well. Change-Id: I4d6aec0e5edcf1ed42118b7b77adcded2858d3dd
* am 6d60667d: Merge "Use a dependency file to replace the list file."Ying Wang2012-06-121-10/+14
|\ | | | | | | | | * commit '6d60667de6b8e6bd8a54fb4031901e2935743308': Use a dependency file to replace the list file.
| * Use a dependency file to replace the list file.Ying Wang2012-06-111-10/+14
| | | | | | | | | | | | instead of creating the list file whenever loading the Android.mk Change-Id: I78e4820754399dff3993a863eede8b75da9f6d29
* | am 78911bdf: am 2a4ab824: Merge "Change the format command to always take the mount point as an argument."Kenny Root2012-04-071-13/+4
|\| | | | | | | | | * commit '78911bdf4f9dfff6583f3f8150a3257212ceea13': Change the format command to always take the mount point as an argument.
| * Change the format command to always take the mount point as an argument.Stephen Smalley2012-04-031-13/+4
| | | | | | | | | | | | Requires I5a63fd61a7e74d386d0803946d06bcf2fa8a857e Change-Id: Ica5fb73d6f2ffb981b74d1896538988dbc4d9b24
* | resolved conflicts for merge of 0b1fee1b to masterKenny Root2012-03-314-7/+69
|\| | | | | | | Change-Id: I2e8298ff5988a96754f56f80a5186c9605ad9928
| * Extend recovery and updater to support setting file security contexts.Stephen Smalley2012-03-304-8/+65
| | | | | | | | | | | | | | Extend minzip, recovery, and updater to set the security context on files based on the file_contexts configuration included in the package. Change-Id: Ied379f266a16c64f2b4dca15dc39b98fcce16f29
| * Add libselinux to LOCAL_STATIC_LIBRARIES wherever libext4_utils is used.Stephen Smalley2012-01-241-0/+5
| | | | | | | | | | | | | | libext4_utils now calls libselinux in order to determine the file security context to set on files when creating ext4 images. Change-Id: I09fb9d563d22ee106bf100eacd4cd9c6300b1152
* | fail edify script if set_perm() or symlink() failsDoug Zongker2012-03-221-0/+13
| | | | | | | | | | | | | | | | It's surprising if these fail, so abort the whole edify script to catch any problems early. Bug: 2284848 Change-Id: Ia2a0b60e7f086fc590b242616028905a229c9e05
* | remove retouching code from updaterDoug Zongker2012-02-281-118/+0
| | | | | | | | | | | | | | | | | | | | | | Removes the retouch_binaries and undo_retouch_binaries from updater; newly generated OTA packages should not call them any more. Note that applypatch retains the ability to unretouch a file as it reads it. This will be needed as long as we want to support OTAs from devices that were installed with retouching. Change-Id: Ib3f6baeae90c84ba85983f626d821ab7e436ceb2
* | C++ class for device-specific codeDoug Zongker2011-10-311-1/+2
|/ | | | | | | | | | Replace the device-specific functions with a class. Move some of the key handling (for log visibility toggling and rebooting) into the UI class. Fix up the key handling so there is less crosstalk between the immediate keys and the queued keys (an increasing annoyance on button-limited devices). Change-Id: I698f6fd21c67a1e55429312a0484b6c393cad46f
* allow recovery packages to wipe cacheDoug Zongker2011-10-191-0/+10
| | | | | | | | | | updater now has a function "wipe_cache();" which causes recovery to wipe the cache partition after the successful installation of the package. Move log copying around a bit so logs and the last_install flag file are copied to cache after it's wiped. Bug: 5314244 Change-Id: Id35a9eb6dcd626c8f3a3a0076074f462ed3d44bd
* Support multiple recovery updater extensions.Michael Ward2011-07-151-2/+2
| | | | Change-Id: I787c086223b674050c0a12fc575add9badb471af
* make write_raw_image able to take a blobDoug Zongker2011-04-131-27/+40
| | | | | | | write_raw_image() can now take either a blob or a filename as the source. The blob format eliminates the need for a temp file. Change-Id: I0c6effec53d47862040efcec75e64b7c951cdcf7
* Reserve the last 16 Kbytes of /data for the crypto footer.Ken Sumrall2011-01-201-8/+11
| | | | | | | When formatting /data, if it's an ext4 filesystem, reserve the last 16 Kbytes for the crypto footer. Change-Id: I7b401d851ee87732e5da5860df0287a1c331c5b7
* Update arguments to make_ext4fsColin Cross2010-12-291-1/+1
| | | | Change-Id: Id96e98da76b3091987b01651f980797b1d6b49d8
* add missing sparseness parameterDoug Zongker2010-09-161-1/+1
| | | | Change-Id: Ie6e309b127e80cd6475f1deaa5dbadf9f5cc2746
* resolved conflicts for merge of 9f89b0e4 to masterDoug Zongker2010-09-161-1/+1
|\ | | | | | | Change-Id: Id458df96fd56830fdb35397e95a80274761ecff5
| * support for ext4/EMMC filesystems in updater binaryDoug Zongker2010-09-152-25/+64
| | | | | | | | | | | | | | | | | | Make the mount and format functions take extra parameters describing the filesystem type and add support for mounting and formatting ext4 filesystems on EMMC. Change recovery to consistently use stdout for status messages instead of mixing stdout and stderr.
* | am 858f0a76: am 8e5e4dad: close update package before installing; allow remountDoug Zongker2010-09-161-1/+3
|\| | | | | | | | | | | | | Merge commit '858f0a763d0f736eb721f54257b6164886bfcbfc' * commit '858f0a763d0f736eb721f54257b6164886bfcbfc': close update package before installing; allow remount
| * close update package before installing; allow remountDoug Zongker2010-09-151-1/+3
| | | | | | | | | | | | | | | | Close the update package before invoking the binary, to allow the installer to unmount /cache if it wants to. Add a function to allow remounting of a mount as read-only. Change-Id: Idfcc96c3da66083295177f729263560be58034e4
* | Changes to work with updated make_ext4fs tool that supports creating sparse images.Ken Sumrall2010-08-141-1/+1
| | | | | | | | | | | | | | An extra parameter was added to the make_ext4fs() function, we these tools need to be updated to match. Change-Id: Id640a7f2b03153eb333b00337f0f991ff5332349
* | Working ASLR implementationHristo Bojinov2010-08-022-2/+123
| | | | | | | | | | | | | | | | | | | | Separate files for retouch functionality are in minelf/* ASLR for shared libraries is controlled by "-a" in ota_from_target_files. Binary files are self-contained. Retouch logic can recover from crashes. Signed-off-by: Hristo Bojinov <hristo@google.com> Change-Id: I76c596abf4febd68c14f9d807ac62e8751e0b1bd
* | Mute unwanted error messageYing Wang2010-07-211-1/+1
| | | | | | | | | | | | | | This CL removes the following line from the top of build logs: "diff: out/target/product/*/obj/PACKAGING/updater_extensions_intermediates/register.inc.list: No such file or directory" Change-Id: I79c15a69a0b1b0da0e45620b45a7a0fea5625250
* | support for ext4/EMMC filesystems in updater binaryDoug Zongker2010-07-022-25/+64
|/ | | | | | | | | Make the mount and format functions take extra parameters describing the filesystem type and add support for mounting and formatting ext4 filesystems on EMMC. Change recovery to consistently use stdout for status messages instead of mixing stdout and stderr.
* refactor applypatch and friendsDoug Zongker2010-02-231-65/+107
| | | | | | | | | | | | | | | | | | | Change the applypatch function to take meaningful arguments instead of argc and argv. Move all the parsing of arguments into main.c (for the standalone binary) and into install.c (for the updater function). applypatch() takes patches as Value objects, so we can pass in blobs extracted from the package without ever writing them to temp files. The patching code is changed to read the patch from memory instead of a file. A bunch of compiler warnings (mostly about signed vs unsigned types) are fixed. Support for the IMGDIFF1 format is dropped. (We've been generating IMGDIFF2 packages for some time now.) Change-Id: I217563c500012750f27110db821928a06211323f
* relocate applypatch; add type system and new functions to edifyDoug Zongker2010-02-182-52/+190
| | | | | | | | | | | | | | | | | | | | | | | | | - Move applypatch to this package (from build). - Add a rudimentary type system to edify: instead of just returning a char*, functions now return a Value*, which is a struct that can carry different types of value (currently just STRING and BLOB). Convert all functions to this new scheme. - Change the one-argument form of package_extract_file to return a Value of the new BLOB type. - Add read_file() to load a local file and return a blob, and sha1_check() to test a blob (or string) against a set of possible sha1s. read_file() uses the file-loading code from applypatch so it can read MTD partitions as well. This is the start of better integration between applypatch and the rest of edify. b/2361316 - VZW Issue PP628: Continuous reset to Droid logo: framework-res.apk update failed (CR LIBtt59130) Change-Id: Ibd038074749a4d515de1f115c498c6c589ee91e5
* bump updater API version to 3; deprecate firmware update commandDoug Zongker2010-02-033-42/+7
| | | | | | | | | Remove support for the HTC-specific "firmware" update command and the corresponding edify function write_firmware_update(). This functionality is now done by an edify extension library that lives in vendor/htc. Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
* add a one-argument version of package_extract_fileDoug Zongker2010-02-011-24/+69
| | | | | | | | | | | Add a version of package_extract_file that returns the file data as its return value (to be consumed by some other edify function that expects to receive a bunch of binary data as an argument). Lets us avoid having two copies of a big file in memory (extracting it into /tmp, which is a ramdisk, and then having something load it into memory) when doing things like radio updates. Change-Id: Ie26ece5fbae457eb0ddcd8a13d74d78a769fbc70
* delete files before symlinking; log error messagesDoug Zongker2009-09-191-3/+21
| | | | | | The symlink() function should remove existing files before creating symlinks, so scripts are idempotent. Log messages when various system calls fail (but don't make the whole script fail).
* add a run_program() function to edifyDoug Zongker2009-09-101-0/+49
| | | | | Handy for producing debugging OTA packages (eg, running sqlite3 or whatever in recovery).
* am d8f7c9b8: Merge change 5545 into donutAndroid (Google) Code Review2009-06-301-1/+6
|\ | | | | | | | | | | | | Merge commit 'd8f7c9b85e25fab93fef2221a84b60edc2e7b837' * commit 'd8f7c9b85e25fab93fef2221a84b60edc2e7b837': remove updater from the user system image
| * Merge change 5545 into donutAndroid (Google) Code Review2009-06-261-1/+6
| |\ | | | | | | | | | | | | * changes: remove updater from the user system image
| | * remove updater from the user system imageDoug Zongker2009-06-261-1/+6
| | | | | | | | | | | | | | | | | | | | | updater (which is only needed in OTA packages) is getting included in /system/bin, where it just takes up (quite a bit of) space. Use the hack of including it only in eng builds so it's not there for user builds.
* | | am 0bbfe3d9: fix off-by-one error in set_perm()Doug Zongker2009-06-251-1/+1
|\| | | | | | | | | | | | | | | | | | | | Merge commit '0bbfe3d901885c1f0ab006e8d4cc1029c44a7376' * commit '0bbfe3d901885c1f0ab006e8d4cc1029c44a7376': fix off-by-one error in set_perm()
| * | fix off-by-one error in set_perm()Doug Zongker2009-06-251-1/+1
| |/ | | | | | | | | We were inadvertently skipping over the first filename in the list of arguments.
* | am fbf3c10e: improve updater progress barDoug Zongker2009-06-251-3/+21
|\| | | | | | | | | | | | | Merge commit 'fbf3c10e45c20f8fe6bd1ac49ffe220035b9c454' * commit 'fbf3c10e45c20f8fe6bd1ac49ffe220035b9c454': improve updater progress bar
| * improve updater progress barDoug Zongker2009-06-241-3/+21
| | | | | | | | | | | | Let recovery accept set_progress commands to control progress over the 'current segment' of the bar. Add a set_progress() builtin to the updater binary.
* | add device extension mechanism to updaterDoug Zongker2009-06-222-1/+43
|/ | | | | | | Allow devices (in BoardConfig.mk) to define additional static libraries to be linked in to updater, to make device-specific functions available in edify scripts. Modify the updater makefile to arrange for device libraries to register their edify functions.
* add file_getprop() to updaterDoug Zongker2009-06-181-11/+100
| | | | | | | Add a function to read a property from a ".prop"-formatted file (key=value pairs, one per line, ignore # comment lines and blank lines). Move ErrorAbort to the core of edify; it's not specific to updater now that errors aren't stored in the app cookie.
* let the "firmware" command take the file straight from the packageDoug Zongker2009-06-181-3/+4
| | | | | | | | To do a firmware-install-on-reboot, the update binary tells recovery what file to install before rebooting. Let this file be specified as "PACKAGE:<foo>" to indicate taking the file out of the OTA package, avoiding an extra copy to /tmp. Bump the API version number to reflect this change.
* fixes to edify and updater scriptDoug Zongker2009-06-122-67/+124
| | | | | | | | | | | | | | | | | | | | | A few more changes to edify: - fix write_raw_image(); my last change neglected to close the write context, so the written image was corrupt. - each expression tracks the span of the source code from which it was compiled, so that assert()'s error message can include the source of the expression that failed. - the 'cookie' argument to each Function is replaced with a State object, which contains the cookie, the source script (for use with the above spans), and the current error message (replacing the global variables that were used for this purpose). - in the recovery image, a new command "ui_print" can be sent back through the command pipe to cause text to appear on the screen. Add a new ui_print() function to print things from scripts. Rename existing "print" function to "stdout".
* edify extensions for OTA package installation, part 2Doug Zongker2009-06-123-7/+278
| | | | | | | | | | | | | | | | | | Adds more edify functions for OTAs: is_mounted getprop apply_patch apply_patch_check apply_patch_space write_raw_image write_firmware_image package_extract_file This allows us to install radios, hboots, boot images, and install incremental OTA packages. Fixes a couple of dumb bugs in edify itself: - we were doubling the size of the function table each time it was *not* full, rather than each time it was full - "no such function" errors weren't visible to the parser, so they didn't prevent execution of the script.
* edify extensions for OTA package installation, part 1Doug Zongker2009-06-125-0/+555
Adds the following edify functions: mount unmount format show_progress delete delete_recursive package_extract symlink set_perm set_perm_recursive This set is enough to extract and install the system part of a (full) OTA package. Adds the updater binary that extracts an edify script from the OTA package and then executes it. Minor changes to the edify core (adds a sleep() builtin for debugging, adds "." to the set of characters that can appear in an unquoted string).