diff options
39 files changed, 939 insertions, 385 deletions
diff --git a/Android.mk b/Android.mk index 69490a57e..9542080ca 100644 --- a/Android.mk +++ b/Android.mk @@ -28,7 +28,32 @@ recovery_common_cflags := \ -Werror \ -DRECOVERY_API_VERSION=$(RECOVERY_API_VERSION) -# librecovery_ui (static library) +# librecovery_ui_ext (shared library) +# =================================== +include $(CLEAR_VARS) + +LOCAL_MODULE := librecovery_ui_ext + +# LOCAL_MODULE_PATH for shared libraries is unsupported in multiarch builds. +LOCAL_MULTILIB := first + +ifeq ($(TARGET_IS_64_BIT),true) +LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/lib64 +else +LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/lib +endif + +LOCAL_WHOLE_STATIC_LIBRARIES := \ + $(TARGET_RECOVERY_UI_LIB) + +LOCAL_SHARED_LIBRARIES := \ + libbase \ + liblog \ + librecovery_ui + +include $(BUILD_SHARED_LIBRARY) + +# librecovery_ui (shared library) # =============================== include $(CLEAR_VARS) LOCAL_SRC_FILES := \ @@ -40,69 +65,56 @@ LOCAL_SRC_FILES := \ LOCAL_MODULE := librecovery_ui -LOCAL_STATIC_LIBRARIES := \ - libminui \ - libotautil \ - libbase - LOCAL_CFLAGS := $(recovery_common_cflags) -ifneq ($(TARGET_RECOVERY_UI_MARGIN_HEIGHT),) -LOCAL_CFLAGS += -DRECOVERY_UI_MARGIN_HEIGHT=$(TARGET_RECOVERY_UI_MARGIN_HEIGHT) -else -LOCAL_CFLAGS += -DRECOVERY_UI_MARGIN_HEIGHT=0 -endif +LOCAL_MULTILIB := first -ifneq ($(TARGET_RECOVERY_UI_MARGIN_WIDTH),) -LOCAL_CFLAGS += -DRECOVERY_UI_MARGIN_WIDTH=$(TARGET_RECOVERY_UI_MARGIN_WIDTH) +ifeq ($(TARGET_IS_64_BIT),true) +LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/lib64 else -LOCAL_CFLAGS += -DRECOVERY_UI_MARGIN_WIDTH=0 +LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/lib endif -ifneq ($(TARGET_RECOVERY_UI_TOUCH_LOW_THRESHOLD),) -LOCAL_CFLAGS += -DRECOVERY_UI_TOUCH_LOW_THRESHOLD=$(TARGET_RECOVERY_UI_TOUCH_LOW_THRESHOLD) -else -LOCAL_CFLAGS += -DRECOVERY_UI_TOUCH_LOW_THRESHOLD=50 -endif +LOCAL_STATIC_LIBRARIES := \ + libminui \ + libotautil \ -ifneq ($(TARGET_RECOVERY_UI_TOUCH_HIGH_THRESHOLD),) -LOCAL_CFLAGS += -DRECOVERY_UI_TOUCH_HIGH_THRESHOLD=$(TARGET_RECOVERY_UI_TOUCH_HIGH_THRESHOLD) -else -LOCAL_CFLAGS += -DRECOVERY_UI_TOUCH_HIGH_THRESHOLD=90 -endif +LOCAL_SHARED_LIBRARIES := \ + libbase \ + libpng \ + libz \ -ifneq ($(TARGET_RECOVERY_UI_PROGRESS_BAR_BASELINE),) -LOCAL_CFLAGS += -DRECOVERY_UI_PROGRESS_BAR_BASELINE=$(TARGET_RECOVERY_UI_PROGRESS_BAR_BASELINE) -else -LOCAL_CFLAGS += -DRECOVERY_UI_PROGRESS_BAR_BASELINE=259 -endif +include $(BUILD_SHARED_LIBRARY) -ifneq ($(TARGET_RECOVERY_UI_ANIMATION_FPS),) -LOCAL_CFLAGS += -DRECOVERY_UI_ANIMATION_FPS=$(TARGET_RECOVERY_UI_ANIMATION_FPS) -else -LOCAL_CFLAGS += -DRECOVERY_UI_ANIMATION_FPS=30 -endif +# librecovery_ui (static library) +# =============================== +include $(CLEAR_VARS) +LOCAL_SRC_FILES := \ + device.cpp \ + screen_ui.cpp \ + ui.cpp \ + vr_ui.cpp \ + wear_ui.cpp -ifneq ($(TARGET_RECOVERY_UI_MENU_UNUSABLE_ROWS),) -LOCAL_CFLAGS += -DRECOVERY_UI_MENU_UNUSABLE_ROWS=$(TARGET_RECOVERY_UI_MENU_UNUSABLE_ROWS) -else -LOCAL_CFLAGS += -DRECOVERY_UI_MENU_UNUSABLE_ROWS=9 -endif +LOCAL_MODULE := librecovery_ui -ifneq ($(TARGET_RECOVERY_UI_VR_STEREO_OFFSET),) -LOCAL_CFLAGS += -DRECOVERY_UI_VR_STEREO_OFFSET=$(TARGET_RECOVERY_UI_VR_STEREO_OFFSET) -else -LOCAL_CFLAGS += -DRECOVERY_UI_VR_STEREO_OFFSET=0 -endif +LOCAL_CFLAGS := $(recovery_common_cflags) + +LOCAL_STATIC_LIBRARIES := \ + libminui \ + libotautil \ + +LOCAL_SHARED_LIBRARIES := \ + libbase \ + libpng \ + libz \ include $(BUILD_STATIC_LIBRARY) librecovery_static_libraries := \ - $(TARGET_RECOVERY_UI_LIB) \ libbootloader_message \ libfusesideload \ libminadbd \ - librecovery_ui \ libminui \ libverifier \ libotautil \ @@ -160,9 +172,7 @@ LOCAL_SRC_FILES := \ LOCAL_MODULE := recovery -LOCAL_FORCE_STATIC_EXECUTABLE := true - -LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/sbin +LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/bin # Cannot link with LLD: undefined symbol: UsbNoPermissionsLongHelpText # http://b/77543887, lld does not handle -Wl,--gc-sections as well as ld. @@ -172,8 +182,12 @@ LOCAL_CFLAGS := $(recovery_common_cflags) LOCAL_STATIC_LIBRARIES := \ librecovery \ + librecovery_ui_default \ $(librecovery_static_libraries) +LOCAL_SHARED_LIBRARIES := \ + librecovery_ui \ + LOCAL_HAL_STATIC_LIBRARIES := libhealthd LOCAL_REQUIRED_MODULES := \ @@ -202,11 +216,21 @@ LOCAL_REQUIRED_MODULES += \ recovery-refresh endif +LOCAL_REQUIRED_MODULES += \ + librecovery_ui_ext + +# TODO(b/110380063): Explicitly install the following shared libraries to recovery, until `recovery` +# module is built with Soong (with `recovery: true` flag). +LOCAL_REQUIRED_MODULES += \ + libbase.recovery \ + liblog.recovery \ + libpng.recovery \ + libz.recovery \ + include $(BUILD_EXECUTABLE) include \ $(LOCAL_PATH)/boot_control/Android.mk \ - $(LOCAL_PATH)/minui/Android.mk \ $(LOCAL_PATH)/tests/Android.mk \ $(LOCAL_PATH)/updater/Android.mk \ $(LOCAL_PATH)/updater_sample/Android.mk \ diff --git a/adb_install.cpp b/adb_install.cpp index 4ee5333c7..97dff221d 100644 --- a/adb_install.cpp +++ b/adb_install.cpp @@ -82,7 +82,7 @@ int apply_from_adb(bool* wipe_cache) { pid_t child; if ((child = fork()) == 0) { - execl("/sbin/recovery", "recovery", "--adbd", nullptr); + execl("/system/bin/recovery", "recovery", "--adbd", nullptr); _exit(EXIT_FAILURE); } diff --git a/bootloader_message/Android.bp b/bootloader_message/Android.bp index ab23733cd..5cd21323c 100644 --- a/bootloader_message/Android.bp +++ b/bootloader_message/Android.bp @@ -14,7 +14,7 @@ // limitations under the License. // -cc_library_static { +cc_library { name: "libbootloader_message", recovery_available: true, srcs: ["bootloader_message.cpp"], @@ -22,7 +22,7 @@ cc_library_static { "-Wall", "-Werror", ], - static_libs: [ + shared_libs: [ "libbase", "libfs_mgr", ], @@ -47,6 +47,7 @@ class Device { MOUNT_SYSTEM = 10, RUN_GRAPHICS_TEST = 11, RUN_LOCALE_TEST = 12, + KEY_INTERRUPTED = 13, }; explicit Device(RecoveryUI* ui); @@ -118,8 +119,12 @@ class Device { std::unique_ptr<RecoveryUI> ui_; }; +// Disable name mangling, as this function will be loaded via dlsym(3). +extern "C" { + // The device-specific library must define this function (or the default one will be used, if there // is no device-specific library). It returns the Device object that recovery should use. Device* make_device(); +} #endif // _DEVICE_H diff --git a/etc/init.rc b/etc/init.rc index f1f9ce522..3821eb6a8 100644 --- a/etc/init.rc +++ b/etc/init.rc @@ -85,7 +85,7 @@ service charger /charger -r critical seclabel u:r:charger:s0 -service recovery /sbin/recovery +service recovery /system/bin/recovery seclabel u:r:recovery:s0 service adbd /system/bin/adbd --root_seclabel=u:r:su:s0 --device_banner=recovery diff --git a/minadbd/minadbd_services.cpp b/minadbd/minadbd_services.cpp index 043c51a6a..ab1939e92 100644 --- a/minadbd/minadbd_services.cpp +++ b/minadbd/minadbd_services.cpp @@ -21,15 +21,18 @@ #include <string.h> #include <unistd.h> +#include <functional> #include <string> #include <thread> #include "adb.h" +#include "adb_unique_fd.h" #include "fdevent.h" #include "fuse_adb_provider.h" +#include "services.h" #include "sysdeps.h" -static void sideload_host_service(int sfd, const std::string& args) { +static void sideload_host_service(unique_fd sfd, const std::string& args) { int file_size; int block_size; if (sscanf(args.c_str(), "%d:%d", &file_size, &block_size) != 2) { @@ -45,22 +48,7 @@ static void sideload_host_service(int sfd, const std::string& args) { exit(result == 0 ? 0 : 1); } -static int create_service_thread(void (*func)(int, const std::string&), const std::string& args) { - int s[2]; - if (adb_socketpair(s)) { - printf("cannot create service socket pair\n"); - return -1; - } - - std::thread([s, func, args]() { func(s[1], args); }).detach(); - - VLOG(SERVICES) << "service thread started, " << s[0] << ":" << s[1]; - return s[0]; -} - -int service_to_fd(const char* name, atransport* /* transport */) { - int ret = -1; - +unique_fd daemon_service_to_fd(const char* name, atransport* /* transport */) { if (!strncmp(name, "sideload:", 9)) { // this exit status causes recovery to print a special error // message saying to use a newer adb (that supports @@ -68,10 +56,8 @@ int service_to_fd(const char* name, atransport* /* transport */) { exit(3); } else if (!strncmp(name, "sideload-host:", 14)) { std::string arg(name + 14); - ret = create_service_thread(sideload_host_service, arg); - } - if (ret >= 0) { - close_on_exec(ret); + return create_service_thread("sideload-host", + std::bind(sideload_host_service, std::placeholders::_1, arg)); } - return ret; + return unique_fd{}; } diff --git a/minui/Android.bp b/minui/Android.bp new file mode 100644 index 000000000..19d28be62 --- /dev/null +++ b/minui/Android.bp @@ -0,0 +1,46 @@ +// Copyright (C) 2018 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +cc_library { + name: "libminui", + + defaults: [ + "recovery_defaults", + ], + + export_include_dirs: [ + "include", + ], + + srcs: [ + "events.cpp", + "graphics.cpp", + "graphics_adf.cpp", + "graphics_drm.cpp", + "graphics_fbdev.cpp", + "resources.cpp", + ], + + whole_static_libs: [ + "libadf", + "libdrm", + "libsync_recovery", + ], + + shared_libs: [ + "libbase", + "libpng", + "libz", + ], +} diff --git a/minui/Android.mk b/minui/Android.mk deleted file mode 100644 index ae1552b1b..000000000 --- a/minui/Android.mk +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright (C) 2007 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -LOCAL_PATH := $(call my-dir) - -# libminui (static library) -# =============================== -include $(CLEAR_VARS) - -LOCAL_SRC_FILES := \ - events.cpp \ - graphics.cpp \ - graphics_adf.cpp \ - graphics_drm.cpp \ - graphics_fbdev.cpp \ - resources.cpp \ - -LOCAL_WHOLE_STATIC_LIBRARIES := \ - libadf \ - libdrm \ - libsync_recovery - -LOCAL_STATIC_LIBRARIES := \ - libpng \ - libbase - -LOCAL_CFLAGS := -Wall -Werror -LOCAL_C_INCLUDES := $(LOCAL_PATH)/include -LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include - -LOCAL_MODULE := libminui - -# This used to compare against values in double-quotes (which are just -# ordinary characters in this context). Strip double-quotes from the -# value so that either will work. - -ifeq ($(subst ",,$(TARGET_RECOVERY_PIXEL_FORMAT)),ABGR_8888) - LOCAL_CFLAGS += -DRECOVERY_ABGR -endif -ifeq ($(subst ",,$(TARGET_RECOVERY_PIXEL_FORMAT)),RGBX_8888) - LOCAL_CFLAGS += -DRECOVERY_RGBX -endif -ifeq ($(subst ",,$(TARGET_RECOVERY_PIXEL_FORMAT)),BGRA_8888) - LOCAL_CFLAGS += -DRECOVERY_BGRA -endif - -ifneq ($(TARGET_RECOVERY_OVERSCAN_PERCENT),) - LOCAL_CFLAGS += -DOVERSCAN_PERCENT=$(TARGET_RECOVERY_OVERSCAN_PERCENT) -else - LOCAL_CFLAGS += -DOVERSCAN_PERCENT=0 -endif - -ifneq ($(TARGET_RECOVERY_DEFAULT_ROTATION),) - LOCAL_CFLAGS += -DDEFAULT_ROTATION=$(TARGET_RECOVERY_DEFAULT_ROTATION) -else - LOCAL_CFLAGS += -DDEFAULT_ROTATION=ROTATION_NONE -endif - -include $(BUILD_STATIC_LIBRARY) - -# libminui (shared library) -# =============================== -# Used by OEMs for factory test images. -include $(CLEAR_VARS) -LOCAL_MODULE := libminui -LOCAL_WHOLE_STATIC_LIBRARIES += libminui -LOCAL_SHARED_LIBRARIES := \ - libpng \ - libbase - -LOCAL_CFLAGS := -Wall -Werror -LOCAL_C_INCLUDES := $(LOCAL_PATH)/include -LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include -include $(BUILD_SHARED_LIBRARY) diff --git a/minui/graphics.cpp b/minui/graphics.cpp index cc02e9e82..4fe0fdc7b 100644 --- a/minui/graphics.cpp +++ b/minui/graphics.cpp @@ -23,6 +23,8 @@ #include <memory> +#include <android-base/properties.h> + #include "graphics_adf.h" #include "graphics_drm.h" #include "graphics_fbdev.h" @@ -31,7 +33,6 @@ static GRFont* gr_font = nullptr; static MinuiBackend* gr_backend = nullptr; -static int overscan_percent = OVERSCAN_PERCENT; static int overscan_offset_x = 0; static int overscan_offset_y = 0; @@ -40,17 +41,23 @@ static constexpr uint32_t alpha_mask = 0xff000000; // gr_draw is owned by backends. static const GRSurface* gr_draw = nullptr; -static GRRotation rotation = ROTATION_NONE; +static GRRotation rotation = GRRotation::NONE; +static PixelFormat pixel_format = PixelFormat::UNKNOWN; static bool outside(int x, int y) { - return x < 0 || x >= (rotation % 2 ? gr_draw->height : gr_draw->width) || y < 0 || - y >= (rotation % 2 ? gr_draw->width : gr_draw->height); + auto swapped = (rotation == GRRotation::LEFT || rotation == GRRotation::RIGHT); + return x < 0 || x >= (swapped ? gr_draw->height : gr_draw->width) || y < 0 || + y >= (swapped ? gr_draw->width : gr_draw->height); } const GRFont* gr_sys_font() { return gr_font; } +PixelFormat gr_pixel_format() { + return pixel_format; +} + int gr_measure(const GRFont* font, const char* s) { if (font == nullptr) { return -1; @@ -89,36 +96,44 @@ static inline uint32_t pixel_blend(uint8_t alpha, uint32_t pix) { // Increments pixel pointer right, with current rotation. static void incr_x(uint32_t** p, int row_pixels) { - if (rotation % 2) { - *p = *p + (rotation == 1 ? 1 : -1) * row_pixels; - } else { - *p = *p + (rotation ? -1 : 1); + if (rotation == GRRotation::LEFT) { + *p = *p - row_pixels; + } else if (rotation == GRRotation::RIGHT) { + *p = *p + row_pixels; + } else if (rotation == GRRotation::DOWN) { + *p = *p - 1; + } else { // GRRotation::NONE + *p = *p + 1; } } // Increments pixel pointer down, with current rotation. static void incr_y(uint32_t** p, int row_pixels) { - if (rotation % 2) { - *p = *p + (rotation == 1 ? -1 : 1); - } else { - *p = *p + (rotation ? -1 : 1) * row_pixels; + if (rotation == GRRotation::LEFT) { + *p = *p + 1; + } else if (rotation == GRRotation::RIGHT) { + *p = *p - 1; + } else if (rotation == GRRotation::DOWN) { + *p = *p - row_pixels; + } else { // GRRotation::NONE + *p = *p + row_pixels; } } // Returns pixel pointer at given coordinates with rotation adjustment. static uint32_t* pixel_at(const GRSurface* surf, int x, int y, int row_pixels) { switch (rotation) { - case ROTATION_NONE: + case GRRotation::NONE: return reinterpret_cast<uint32_t*>(surf->data) + y * row_pixels + x; - case ROTATION_RIGHT: + case GRRotation::RIGHT: return reinterpret_cast<uint32_t*>(surf->data) + x * row_pixels + (surf->width - y); - case ROTATION_DOWN: + case GRRotation::DOWN: return reinterpret_cast<uint32_t*>(surf->data) + (surf->height - 1 - y) * row_pixels + (surf->width - 1 - x); - case ROTATION_LEFT: + case GRRotation::LEFT: return reinterpret_cast<uint32_t*>(surf->data) + (surf->height - 1 - x) * row_pixels + y; default: - printf("invalid rotation %d", rotation); + printf("invalid rotation %d", static_cast<int>(rotation)); } return nullptr; } @@ -194,11 +209,11 @@ void gr_texticon(int x, int y, GRSurface* icon) { void gr_color(unsigned char r, unsigned char g, unsigned char b, unsigned char a) { uint32_t r32 = r, g32 = g, b32 = b, a32 = a; -#if defined(RECOVERY_ABGR) || defined(RECOVERY_BGRA) - gr_current = (a32 << 24) | (r32 << 16) | (g32 << 8) | b32; -#else - gr_current = (a32 << 24) | (b32 << 16) | (g32 << 8) | r32; -#endif + if (pixel_format == PixelFormat::ABGR || pixel_format == PixelFormat::BGRA) { + gr_current = (a32 << 24) | (r32 << 16) | (g32 << 8) | b32; + } else { + gr_current = (a32 << 24) | (b32 << 16) | (g32 << 8) | r32; + } } void gr_clear() { @@ -256,7 +271,7 @@ void gr_blit(GRSurface* source, int sx, int sy, int w, int h, int dx, int dy) { if (outside(dx, dy) || outside(dx + w - 1, dy + h - 1)) return; - if (rotation) { + if (rotation != GRRotation::NONE) { int src_row_pixels = source->row_bytes / source->pixel_bytes; int row_pixels = gr_draw->row_bytes / gr_draw->pixel_bytes; uint32_t* src_py = reinterpret_cast<uint32_t*>(source->data) + sy * source->row_bytes / 4 + sx; @@ -326,6 +341,18 @@ void gr_flip() { } int gr_init() { + // pixel_format needs to be set before loading any resources or initializing backends. + std::string format = android::base::GetProperty("ro.recovery.ui.pixel_format", ""); + if (format == "ABGR_8888") { + pixel_format = PixelFormat::ABGR; + } else if (format == "RGBX_8888") { + pixel_format = PixelFormat::RGBX; + } else if (format == "BGRA_8888") { + pixel_format = PixelFormat::BGRA; + } else { + pixel_format = PixelFormat::UNKNOWN; + } + int ret = gr_init_font("font", &gr_font); if (ret != 0) { printf("Failed to init font: %d, continuing graphic backend initialization without font file\n", @@ -351,6 +378,7 @@ int gr_init() { gr_backend = backend.release(); + int overscan_percent = android::base::GetIntProperty("ro.recovery.ui.overscan_percent", 0); overscan_offset_x = gr_draw->width * overscan_percent / 100; overscan_offset_y = gr_draw->height * overscan_percent / 100; @@ -361,7 +389,17 @@ int gr_init() { return -1; } - gr_rotate(DEFAULT_ROTATION); + std::string rotation_str = + android::base::GetProperty("ro.recovery.ui.default_rotation", "ROTATION_NONE"); + if (rotation_str == "ROTATION_RIGHT") { + gr_rotate(GRRotation::RIGHT); + } else if (rotation_str == "ROTATION_DOWN") { + gr_rotate(GRRotation::DOWN); + } else if (rotation_str == "ROTATION_LEFT") { + gr_rotate(GRRotation::LEFT); + } else { // "ROTATION_NONE" or unknown string + gr_rotate(GRRotation::NONE); + } if (gr_draw->pixel_bytes != 4) { printf("gr_init: Only 4-byte pixel formats supported\n"); @@ -379,13 +417,15 @@ void gr_exit() { } int gr_fb_width() { - return rotation % 2 ? gr_draw->height - 2 * overscan_offset_y - : gr_draw->width - 2 * overscan_offset_x; + return (rotation == GRRotation::LEFT || rotation == GRRotation::RIGHT) + ? gr_draw->height - 2 * overscan_offset_y + : gr_draw->width - 2 * overscan_offset_x; } int gr_fb_height() { - return rotation % 2 ? gr_draw->width - 2 * overscan_offset_x - : gr_draw->height - 2 * overscan_offset_y; + return (rotation == GRRotation::LEFT || rotation == GRRotation::RIGHT) + ? gr_draw->width - 2 * overscan_offset_x + : gr_draw->height - 2 * overscan_offset_y; } void gr_fb_blank(bool blank) { diff --git a/minui/graphics_adf.cpp b/minui/graphics_adf.cpp index a59df00c6..7439df9ac 100644 --- a/minui/graphics_adf.cpp +++ b/minui/graphics_adf.cpp @@ -104,15 +104,16 @@ int MinuiBackendAdf::DeviceInit(adf_device* dev) { } GRSurface* MinuiBackendAdf::Init() { -#if defined(RECOVERY_ABGR) - format = DRM_FORMAT_ABGR8888; -#elif defined(RECOVERY_BGRA) - format = DRM_FORMAT_BGRA8888; -#elif defined(RECOVERY_RGBX) - format = DRM_FORMAT_RGBX8888; -#else - format = DRM_FORMAT_RGB565; -#endif + PixelFormat pixel_format = gr_pixel_format(); + if (pixel_format == PixelFormat::ABGR) { + format = DRM_FORMAT_ABGR8888; + } else if (pixel_format == PixelFormat::BGRA) { + format = DRM_FORMAT_BGRA8888; + } else if (pixel_format == PixelFormat::RGBX) { + format = DRM_FORMAT_RGBX8888; + } else { + format = DRM_FORMAT_RGB565; + } adf_id_t* dev_ids = nullptr; ssize_t n_dev_ids = adf_devices(&dev_ids); diff --git a/minui/graphics_drm.cpp b/minui/graphics_drm.cpp index 57912d1e8..9336a1e63 100644 --- a/minui/graphics_drm.cpp +++ b/minui/graphics_drm.cpp @@ -116,15 +116,16 @@ GRSurfaceDrm* MinuiBackendDrm::DrmCreateSurface(int width, int height) { *surface = {}; uint32_t format; -#if defined(RECOVERY_ABGR) - format = DRM_FORMAT_RGBA8888; -#elif defined(RECOVERY_BGRA) - format = DRM_FORMAT_ARGB8888; -#elif defined(RECOVERY_RGBX) - format = DRM_FORMAT_XBGR8888; -#else - format = DRM_FORMAT_RGB565; -#endif + PixelFormat pixel_format = gr_pixel_format(); + if (pixel_format == PixelFormat::ABGR) { + format = DRM_FORMAT_ABGR8888; + } else if (pixel_format == PixelFormat::BGRA) { + format = DRM_FORMAT_BGRA8888; + } else if (pixel_format == PixelFormat::RGBX) { + format = DRM_FORMAT_RGBX8888; + } else { + format = DRM_FORMAT_RGB565; + } drm_mode_create_dumb create_dumb = {}; create_dumb.height = height; diff --git a/minui/include/minui/minui.h b/minui/include/minui/minui.h index ef4abe252..fa13ecdff 100644 --- a/minui/include/minui/minui.h +++ b/minui/include/minui/minui.h @@ -41,11 +41,18 @@ struct GRFont { int char_height; }; -enum GRRotation { - ROTATION_NONE = 0, - ROTATION_RIGHT = 1, - ROTATION_DOWN = 2, - ROTATION_LEFT = 3, +enum class GRRotation : int { + NONE = 0, + RIGHT = 1, + DOWN = 2, + LEFT = 3, +}; + +enum class PixelFormat : int { + UNKNOWN = 0, + ABGR = 1, + RGBX = 2, + BGRA = 3, }; // Initializes the graphics backend and loads font file. Returns 0 on success, or -1 on error. Note @@ -85,6 +92,9 @@ unsigned int gr_get_height(const GRSurface* surface); // Sets rotation, flips gr_fb_width/height if 90 degree rotation difference void gr_rotate(GRRotation rotation); +// Returns the current PixelFormat being used. +PixelFormat gr_pixel_format(); + // // Input events. // diff --git a/minui/resources.cpp b/minui/resources.cpp index c018d9b8c..477fbe2a2 100644 --- a/minui/resources.cpp +++ b/minui/resources.cpp @@ -207,9 +207,10 @@ int res_create_display_surface(const char* name, GRSurface** pSurface) { return -8; } -#if defined(RECOVERY_ABGR) || defined(RECOVERY_BGRA) - png_set_bgr(png_ptr); -#endif + PixelFormat pixel_format = gr_pixel_format(); + if (pixel_format == PixelFormat::ABGR || pixel_format == PixelFormat::BGRA) { + png_set_bgr(png_ptr); + } for (png_uint_32 y = 0; y < height; ++y) { std::vector<unsigned char> p_row(width * 4); @@ -278,9 +279,9 @@ int res_create_multi_display_surface(const char* name, int* frames, int* fps, } } -#if defined(RECOVERY_ABGR) || defined(RECOVERY_BGRA) - png_set_bgr(png_ptr); -#endif + if (gr_pixel_format() == PixelFormat::ABGR || gr_pixel_format() == PixelFormat::BGRA) { + png_set_bgr(png_ptr); + } for (png_uint_32 y = 0; y < height; ++y) { std::vector<unsigned char> p_row(width * 4); @@ -327,9 +328,10 @@ int res_create_alpha_surface(const char* name, GRSurface** pSurface) { surface->row_bytes = width; surface->pixel_bytes = 1; -#if defined(RECOVERY_ABGR) || defined(RECOVERY_BGRA) - png_set_bgr(png_ptr); -#endif + PixelFormat pixel_format = gr_pixel_format(); + if (pixel_format == PixelFormat::ABGR || pixel_format == PixelFormat::BGRA) { + png_set_bgr(png_ptr); + } for (png_uint_32 y = 0; y < height; ++y) { unsigned char* p_row = surface->data + y * surface->row_bytes; diff --git a/otautil/include/otautil/error_code.h b/otautil/include/otautil/error_code.h index b0ff42d8d..0f6c9f85f 100644 --- a/otautil/include/otautil/error_code.h +++ b/otautil/include/otautil/error_code.h @@ -48,6 +48,7 @@ enum CauseCode : int { kRebootFailure, kPackageExtractFileFailure, kPatchApplicationFailure, + kHashTreeComputationFailure, kVendorFailure = 200 }; diff --git a/recovery.cpp b/recovery.cpp index 3284440da..3828e29b3 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -326,6 +326,11 @@ static std::string browse_directory(const std::string& path, Device* device) { headers, entries, chosen_item, true, std::bind(&Device::HandleMenuKey, device, std::placeholders::_1, std::placeholders::_2)); + // Return if WaitKey() was interrupted. + if (chosen_item == static_cast<size_t>(RecoveryUI::KeyError::INTERRUPTED)) { + return ""; + } + const std::string& item = entries[chosen_item]; if (chosen_item == 0) { // Go up but continue browsing (if the caller is browse_directory). @@ -401,6 +406,11 @@ static bool prompt_and_wipe_data(Device* device) { size_t chosen_item = ui->ShowMenu( headers, items, 0, true, std::bind(&Device::HandleMenuKey, device, std::placeholders::_1, std::placeholders::_2)); + + // If ShowMenu() returned RecoveryUI::KeyError::INTERRUPTED, WaitKey() was interrupted. + if (chosen_item == static_cast<size_t>(RecoveryUI::KeyError::INTERRUPTED)) { + return false; + } if (chosen_item != 1) { return true; // Just reboot, no wipe; not a failure, user asked for it } @@ -597,6 +607,11 @@ static void choose_recovery_file(Device* device) { chosen_item = ui->ShowMenu( headers, entries, chosen_item, true, std::bind(&Device::HandleMenuKey, device, std::placeholders::_1, std::placeholders::_2)); + + // Handle WaitKey() interrupt. + if (chosen_item == static_cast<size_t>(RecoveryUI::KeyError::INTERRUPTED)) { + break; + } if (entries[chosen_item] == "Back") break; ui->ShowFile(entries[chosen_item]); @@ -745,12 +760,16 @@ static Device::BuiltinAction prompt_and_wait(Device* device, int status) { size_t chosen_item = ui->ShowMenu( {}, device->GetMenuItems(), 0, false, std::bind(&Device::HandleMenuKey, device, std::placeholders::_1, std::placeholders::_2)); - + // Handle Interrupt key + if (chosen_item == static_cast<size_t>(RecoveryUI::KeyError::INTERRUPTED)) { + return Device::KEY_INTERRUPTED; + } // Device-specific code may take some action here. It may return one of the core actions // handled in the switch statement below. - Device::BuiltinAction chosen_action = (chosen_item == static_cast<size_t>(-1)) - ? Device::REBOOT - : device->InvokeMenuItem(chosen_item); + Device::BuiltinAction chosen_action = + (chosen_item == static_cast<size_t>(RecoveryUI::KeyError::TIMED_OUT)) + ? Device::REBOOT + : device->InvokeMenuItem(chosen_item); bool should_wipe_cache = false; switch (chosen_action) { @@ -831,6 +850,9 @@ static Device::BuiltinAction prompt_and_wait(Device* device, int status) { } } break; + + case Device::KEY_INTERRUPTED: + return Device::KEY_INTERRUPTED; } } } @@ -1072,6 +1094,7 @@ Device::BuiltinAction start_recovery(Device* device, const std::vector<std::stri title_lines.insert(std::begin(title_lines), "Android Recovery"); ui->SetTitle(title_lines); + ui->ResetKeyInterruptStatus(); device->StartRecovery(); printf("Command:"); diff --git a/recovery_main.cpp b/recovery_main.cpp index c79d7d8d8..9a9890de0 100644 --- a/recovery_main.cpp +++ b/recovery_main.cpp @@ -14,6 +14,7 @@ * limitations under the License. */ +#include <dlfcn.h> #include <errno.h> #include <fcntl.h> #include <getopt.h> @@ -329,7 +330,32 @@ int main(int argc, char** argv) { printf("locale is [%s]\n", locale.c_str()); - Device* device = make_device(); + static constexpr const char* kDefaultLibRecoveryUIExt = "librecovery_ui_ext.so"; + // Intentionally not calling dlclose(3) to avoid potential gotchas (e.g. `make_device` may have + // handed out pointers to code or static [or thread-local] data and doesn't collect them all back + // in on dlclose). + void* librecovery_ui_ext = dlopen(kDefaultLibRecoveryUIExt, RTLD_NOW); + + using MakeDeviceType = decltype(&make_device); + MakeDeviceType make_device_func = nullptr; + if (librecovery_ui_ext == nullptr) { + printf("Failed to dlopen %s: %s\n", kDefaultLibRecoveryUIExt, dlerror()); + } else { + reinterpret_cast<void*&>(make_device_func) = dlsym(librecovery_ui_ext, "make_device"); + if (make_device_func == nullptr) { + printf("Failed to dlsym make_device: %s\n", dlerror()); + } + } + + Device* device; + if (make_device_func == nullptr) { + printf("Falling back to the default make_device() instead\n"); + device = make_device(); + } else { + printf("Loading make_device from %s\n", kDefaultLibRecoveryUIExt); + device = (*make_device_func)(); + } + if (android::base::GetBoolProperty("ro.boot.quiescent", false)) { printf("Quiescent recovery mode.\n"); device->ResetUI(new StubRecoveryUI()); diff --git a/screen_ui.cpp b/screen_ui.cpp index f9c4a06c1..391dedb00 100644 --- a/screen_ui.cpp +++ b/screen_ui.cpp @@ -142,11 +142,18 @@ int Menu::Select(int sel) { ScreenRecoveryUI::ScreenRecoveryUI() : ScreenRecoveryUI(false) {} +constexpr int kDefaultMarginHeight = 0; +constexpr int kDefaultMarginWidth = 0; +constexpr int kDefaultAnimationFps = 30; + ScreenRecoveryUI::ScreenRecoveryUI(bool scrollable_menu) - : kMarginWidth(RECOVERY_UI_MARGIN_WIDTH), - kMarginHeight(RECOVERY_UI_MARGIN_HEIGHT), - kAnimationFps(RECOVERY_UI_ANIMATION_FPS), - kDensity(static_cast<float>(android::base::GetIntProperty("ro.sf.lcd_density", 160)) / 160.f), + : margin_width_( + android::base::GetIntProperty("ro.recovery.ui.margin_width", kDefaultMarginWidth)), + margin_height_( + android::base::GetIntProperty("ro.recovery.ui.margin_height", kDefaultMarginHeight)), + animation_fps_( + android::base::GetIntProperty("ro.recovery.ui.animation_fps", kDefaultAnimationFps)), + density_(static_cast<float>(android::base::GetIntProperty("ro.sf.lcd_density", 160)) / 160.f), currentIcon(NONE), progressBarType(EMPTY), progressScopeStart(0), @@ -203,7 +210,7 @@ GRSurface* ScreenRecoveryUI::GetCurrentText() const { } int ScreenRecoveryUI::PixelsFromDp(int dp) const { - return dp * kDensity; + return dp * density_; } // Here's the intended layout: @@ -258,7 +265,7 @@ void ScreenRecoveryUI::draw_background_locked() { int stage_height = gr_get_height(stageMarkerEmpty); int stage_width = gr_get_width(stageMarkerEmpty); int x = (ScreenWidth() - max_stage * gr_get_width(stageMarkerEmpty)) / 2; - int y = ScreenHeight() - stage_height - kMarginHeight; + int y = ScreenHeight() - stage_height - margin_height_; for (int i = 0; i < max_stage; ++i) { GRSurface* stage_surface = (i < stage) ? stageMarkerFill : stageMarkerEmpty; DrawSurface(stage_surface, 0, 0, stage_width, stage_height, x, y); @@ -373,8 +380,8 @@ void ScreenRecoveryUI::SelectAndShowBackgroundText(const std::vector<std::string gr_color(0, 0, 0, 255); gr_clear(); - int text_y = kMarginHeight; - int text_x = kMarginWidth; + int text_y = margin_height_; + int text_x = margin_width_; int line_spacing = gr_sys_font()->char_height; // Put some extra space between images. // Write the header and descriptive texts. SetColor(INFO); @@ -417,6 +424,7 @@ void ScreenRecoveryUI::CheckBackgroundTextImages() { FlushKeys(); while (true) { int key = WaitKey(); + if (key == static_cast<int>(KeyError::INTERRUPTED)) break; if (key == KEY_POWER || key == KEY_ENTER) { break; } else if (key == KEY_UP || key == KEY_VOLUMEUP) { @@ -534,10 +542,10 @@ void ScreenRecoveryUI::draw_screen_locked() { // Draws the menu and text buffer on the screen. Should only be called with updateMutex locked. void ScreenRecoveryUI::draw_menu_and_text_buffer_locked( const std::vector<std::string>& help_message) { - int y = kMarginHeight; + int y = margin_height_; if (menu_) { static constexpr int kMenuIndent = 4; - int x = kMarginWidth + kMenuIndent; + int x = margin_width_ + kMenuIndent; SetColor(INFO); @@ -593,9 +601,9 @@ void ScreenRecoveryUI::draw_menu_and_text_buffer_locked( SetColor(LOG); int row = text_row_; size_t count = 0; - for (int ty = ScreenHeight() - kMarginHeight - char_height_; ty >= y && count < text_rows_; + for (int ty = ScreenHeight() - margin_height_ - char_height_; ty >= y && count < text_rows_; ty -= char_height_, ++count) { - DrawTextLine(kMarginWidth, ty, text_[row], false); + DrawTextLine(margin_width_, ty, text_[row], false); --row; if (row < 0) row = text_rows_ - 1; } @@ -621,7 +629,7 @@ void ScreenRecoveryUI::update_progress_locked() { } void ScreenRecoveryUI::ProgressThreadLoop() { - double interval = 1.0 / kAnimationFps; + double interval = 1.0 / animation_fps_; while (!progress_thread_stopped_) { double start = now(); bool redraw = false; @@ -707,8 +715,8 @@ bool ScreenRecoveryUI::InitTextParams() { return false; } gr_font_size(gr_sys_font(), &char_width_, &char_height_); - text_rows_ = (ScreenHeight() - kMarginHeight * 2) / char_height_; - text_cols_ = (ScreenWidth() - kMarginWidth * 2) / char_width_; + text_rows_ = (ScreenHeight() - margin_height_ * 2) / char_height_; + text_cols_ = (ScreenWidth() - margin_width_ * 2) / char_width_; return true; } @@ -925,6 +933,7 @@ void ScreenRecoveryUI::ShowFile(FILE* fp) { while (show_prompt) { show_prompt = false; int key = WaitKey(); + if (key == static_cast<int>(KeyError::INTERRUPTED)) return; if (key == KEY_POWER || key == KEY_ENTER) { return; } else if (key == KEY_UP || key == KEY_VOLUMEUP) { @@ -1017,19 +1026,26 @@ size_t ScreenRecoveryUI::ShowMenu(const std::vector<std::string>& headers, // Throw away keys pressed previously, so user doesn't accidentally trigger menu items. FlushKeys(); + // If there is a key interrupt in progress, return KeyError::INTERRUPTED without starting the + // menu. + if (IsKeyInterrupted()) return static_cast<size_t>(KeyError::INTERRUPTED); + StartMenu(headers, items, initial_selection); int selected = initial_selection; int chosen_item = -1; while (chosen_item < 0) { int key = WaitKey(); - if (key == -1) { // WaitKey() timed out. + if (key == static_cast<int>(KeyError::INTERRUPTED)) { // WaitKey() was interrupted. + return static_cast<size_t>(KeyError::INTERRUPTED); + } + if (key == static_cast<int>(KeyError::TIMED_OUT)) { // WaitKey() timed out. if (WasTextEverVisible()) { continue; } else { LOG(INFO) << "Timed out waiting for key input; rebooting."; EndMenu(); - return static_cast<size_t>(-1); + return static_cast<size_t>(KeyError::TIMED_OUT); } } diff --git a/screen_ui.h b/screen_ui.h index b76d4706e..f08f4f4f3 100644 --- a/screen_ui.h +++ b/screen_ui.h @@ -158,14 +158,14 @@ class ScreenRecoveryUI : public RecoveryUI { protected: // The margin that we don't want to use for showing texts (e.g. round screen, or screen with // rounded corners). - const int kMarginWidth; - const int kMarginHeight; + const int margin_width_; + const int margin_height_; // Number of frames per sec (default: 30) for both parts of the animation. - const int kAnimationFps; + const int animation_fps_; // The scale factor from dp to pixels. 1.0 for mdpi, 4.0 for xxxhdpi. - const float kDensity; + const float density_; virtual bool InitTextParams(); diff --git a/tests/Android.mk b/tests/Android.mk index 1fa259ebc..daf4853b9 100644 --- a/tests/Android.mk +++ b/tests/Android.mk @@ -113,7 +113,8 @@ LOCAL_SRC_FILES := \ component/verifier_test.cpp LOCAL_SHARED_LIBRARIES := \ - libhidlbase + libhidlbase \ + libprotobuf-cpp-lite tune2fs_static_libraries := \ libext2_com_err \ @@ -136,6 +137,7 @@ libupdater_static_libraries := \ libext4_utils \ libfec \ libfec_rs \ + libverity_tree \ libfs_mgr \ libgtest_prod \ liblog \ @@ -154,10 +156,10 @@ libupdater_static_libraries := \ librecovery_static_libraries := \ librecovery \ - $(TARGET_RECOVERY_UI_LIB) \ libbootloader_message \ libfusesideload \ libminadbd \ + librecovery_ui_default \ librecovery_ui \ libminui \ libverifier \ diff --git a/tests/component/update_verifier_test.cpp b/tests/component/update_verifier_test.cpp index f6ef6dcfd..a97071635 100644 --- a/tests/component/update_verifier_test.cpp +++ b/tests/component/update_verifier_test.cpp @@ -14,14 +14,20 @@ * limitations under the License. */ +#include <update_verifier/update_verifier.h> + #include <string> +#include <unordered_map> +#include <vector> #include <android-base/file.h> #include <android-base/properties.h> #include <android-base/strings.h> #include <android-base/test_utils.h> +#include <google/protobuf/repeated_field.h> #include <gtest/gtest.h> -#include <update_verifier/update_verifier.h> + +#include "care_map.pb.h" class UpdateVerifierTest : public ::testing::Test { protected: @@ -30,7 +36,30 @@ class UpdateVerifierTest : public ::testing::Test { verity_supported = android::base::EqualsIgnoreCase(verity_mode, "enforcing"); } + // Returns a serialized string of the proto3 message according to the given partition info. + std::string ConstructProto( + std::vector<std::unordered_map<std::string, std::string>>& partitions) { + UpdateVerifier::CareMap result; + for (const auto& partition : partitions) { + UpdateVerifier::CareMap::PartitionInfo info; + if (partition.find("name") != partition.end()) { + info.set_name(partition.at("name")); + } + if (partition.find("ranges") != partition.end()) { + info.set_ranges(partition.at("ranges")); + } + if (partition.find("fingerprint") != partition.end()) { + info.set_fingerprint(partition.at("fingerprint")); + } + + *result.add_partitions() = info; + } + + return result.SerializeAsString(); + } + bool verity_supported; + TemporaryFile care_map_file; }; TEST_F(UpdateVerifierTest, verify_image_no_care_map) { @@ -45,26 +74,26 @@ TEST_F(UpdateVerifierTest, verify_image_smoke) { return; } - TemporaryFile temp_file; std::string content = "system\n2,0,1"; - ASSERT_TRUE(android::base::WriteStringToFile(content, temp_file.path)); - ASSERT_TRUE(verify_image(temp_file.path)); + ASSERT_TRUE(android::base::WriteStringToFile(content, care_map_file.path)); + ASSERT_TRUE(verify_image(care_map_file.path)); // Leading and trailing newlines should be accepted. - ASSERT_TRUE(android::base::WriteStringToFile("\n" + content + "\n\n", temp_file.path)); - ASSERT_TRUE(verify_image(temp_file.path)); + ASSERT_TRUE(android::base::WriteStringToFile("\n" + content + "\n\n", care_map_file.path)); + ASSERT_TRUE(verify_image(care_map_file.path)); +} + +TEST_F(UpdateVerifierTest, verify_image_empty_care_map) { + ASSERT_FALSE(verify_image(care_map_file.path)); } TEST_F(UpdateVerifierTest, verify_image_wrong_lines) { // The care map file can have only 2 / 4 / 6 lines. - TemporaryFile temp_file; - ASSERT_FALSE(verify_image(temp_file.path)); + ASSERT_TRUE(android::base::WriteStringToFile("line1", care_map_file.path)); + ASSERT_FALSE(verify_image(care_map_file.path)); - ASSERT_TRUE(android::base::WriteStringToFile("line1", temp_file.path)); - ASSERT_FALSE(verify_image(temp_file.path)); - - ASSERT_TRUE(android::base::WriteStringToFile("line1\nline2\nline3", temp_file.path)); - ASSERT_FALSE(verify_image(temp_file.path)); + ASSERT_TRUE(android::base::WriteStringToFile("line1\nline2\nline3", care_map_file.path)); + ASSERT_FALSE(verify_image(care_map_file.path)); } TEST_F(UpdateVerifierTest, verify_image_malformed_care_map) { @@ -74,10 +103,9 @@ TEST_F(UpdateVerifierTest, verify_image_malformed_care_map) { return; } - TemporaryFile temp_file; std::string content = "system\n2,1,0"; - ASSERT_TRUE(android::base::WriteStringToFile(content, temp_file.path)); - ASSERT_FALSE(verify_image(temp_file.path)); + ASSERT_TRUE(android::base::WriteStringToFile(content, care_map_file.path)); + ASSERT_FALSE(verify_image(care_map_file.path)); } TEST_F(UpdateVerifierTest, verify_image_legacy_care_map) { @@ -87,8 +115,55 @@ TEST_F(UpdateVerifierTest, verify_image_legacy_care_map) { return; } - TemporaryFile temp_file; std::string content = "/dev/block/bootdevice/by-name/system\n2,1,0"; - ASSERT_TRUE(android::base::WriteStringToFile(content, temp_file.path)); - ASSERT_TRUE(verify_image(temp_file.path)); + ASSERT_TRUE(android::base::WriteStringToFile(content, care_map_file.path)); + ASSERT_TRUE(verify_image(care_map_file.path)); +} + +TEST_F(UpdateVerifierTest, verify_image_protobuf_care_map_smoke) { + // This test relies on dm-verity support. + if (!verity_supported) { + GTEST_LOG_(INFO) << "Test skipped on devices without dm-verity support."; + return; + } + + std::vector<std::unordered_map<std::string, std::string>> partitions = { + { { "name", "system" }, { "ranges", "2,0,1" } }, + }; + + std::string proto = ConstructProto(partitions); + ASSERT_TRUE(android::base::WriteStringToFile(proto, care_map_file.path)); + ASSERT_TRUE(verify_image(care_map_file.path)); +} + +TEST_F(UpdateVerifierTest, verify_image_protobuf_care_map_missing_name) { + // This test relies on dm-verity support. + if (!verity_supported) { + GTEST_LOG_(INFO) << "Test skipped on devices without dm-verity support."; + return; + } + + std::vector<std::unordered_map<std::string, std::string>> partitions = { + { { "ranges", "2,0,1" } }, + }; + + std::string proto = ConstructProto(partitions); + ASSERT_TRUE(android::base::WriteStringToFile(proto, care_map_file.path)); + ASSERT_FALSE(verify_image(care_map_file.path)); +} + +TEST_F(UpdateVerifierTest, verify_image_protobuf_care_map_bad_ranges) { + // This test relies on dm-verity support. + if (!verity_supported) { + GTEST_LOG_(INFO) << "Test skipped on devices without dm-verity support."; + return; + } + + std::vector<std::unordered_map<std::string, std::string>> partitions = { + { { "name", "system" }, { "ranges", "3,0,1" } }, + }; + + std::string proto = ConstructProto(partitions); + ASSERT_TRUE(android::base::WriteStringToFile(proto, care_map_file.path)); + ASSERT_FALSE(verify_image(care_map_file.path)); } diff --git a/tests/component/updater_test.cpp b/tests/component/updater_test.cpp index 9fcf17f13..248b469b0 100644 --- a/tests/component/updater_test.cpp +++ b/tests/component/updater_test.cpp @@ -37,6 +37,7 @@ #include <brotli/encode.h> #include <bsdiff/bsdiff.h> #include <gtest/gtest.h> +#include <verity/hash_tree_builder.h> #include <ziparchive/zip_archive.h> #include <ziparchive/zip_writer.h> @@ -389,6 +390,86 @@ TEST_F(UpdaterTest, read_file) { expect("", script, kNoCause); } +TEST_F(UpdaterTest, compute_hash_tree_smoke) { + std::string data; + for (unsigned char i = 0; i < 128; i++) { + data += std::string(4096, i); + } + // Appends an additional block for verity data. + data += std::string(4096, 0); + ASSERT_EQ(129 * 4096, data.size()); + ASSERT_TRUE(android::base::WriteStringToFile(data, image_file_)); + + std::string salt = "aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7"; + std::string expected_root_hash = + "7e0a8d8747f54384014ab996f5b2dc4eb7ff00c630eede7134c9e3f05c0dd8ca"; + // hash_tree_ranges, source_ranges, hash_algorithm, salt_hex, root_hash + std::vector<std::string> tokens{ "compute_hash_tree", "2,128,129", "2,0,128", "sha256", salt, + expected_root_hash }; + std::string hash_tree_command = android::base::Join(tokens, " "); + + std::vector<std::string> transfer_list{ + "4", "2", "0", "2", hash_tree_command, + }; + + PackageEntries entries{ + { "new_data", "" }, + { "patch_data", "" }, + { "transfer_list", android::base::Join(transfer_list, "\n") }, + }; + + RunBlockImageUpdate(false, entries, image_file_, "t"); + + std::string updated; + ASSERT_TRUE(android::base::ReadFileToString(image_file_, &updated)); + ASSERT_EQ(129 * 4096, updated.size()); + ASSERT_EQ(data.substr(0, 128 * 4096), updated.substr(0, 128 * 4096)); + + // Computes the SHA256 of the salt + hash_tree_data and expects the result to match with the + // root_hash. + std::vector<unsigned char> salt_bytes; + ASSERT_TRUE(HashTreeBuilder::ParseBytesArrayFromString(salt, &salt_bytes)); + std::vector<unsigned char> hash_tree = std::move(salt_bytes); + hash_tree.insert(hash_tree.end(), updated.begin() + 128 * 4096, updated.end()); + + std::vector<unsigned char> digest(SHA256_DIGEST_LENGTH); + SHA256(hash_tree.data(), hash_tree.size(), digest.data()); + ASSERT_EQ(expected_root_hash, HashTreeBuilder::BytesArrayToString(digest)); +} + +TEST_F(UpdaterTest, compute_hash_tree_root_mismatch) { + std::string data; + for (size_t i = 0; i < 128; i++) { + data += std::string(4096, i); + } + // Appends an additional block for verity data. + data += std::string(4096, 0); + ASSERT_EQ(129 * 4096, data.size()); + // Corrupts one bit + data[4096] = 'A'; + ASSERT_TRUE(android::base::WriteStringToFile(data, image_file_)); + + std::string salt = "aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7"; + std::string expected_root_hash = + "7e0a8d8747f54384014ab996f5b2dc4eb7ff00c630eede7134c9e3f05c0dd8ca"; + // hash_tree_ranges, source_ranges, hash_algorithm, salt_hex, root_hash + std::vector<std::string> tokens{ "compute_hash_tree", "2,128,129", "2,0,128", "sha256", salt, + expected_root_hash }; + std::string hash_tree_command = android::base::Join(tokens, " "); + + std::vector<std::string> transfer_list{ + "4", "2", "0", "2", hash_tree_command, + }; + + PackageEntries entries{ + { "new_data", "" }, + { "patch_data", "" }, + { "transfer_list", android::base::Join(transfer_list, "\n") }, + }; + + RunBlockImageUpdate(false, entries, image_file_, "", kHashTreeComputationFailure); +} + TEST_F(UpdaterTest, write_value) { // write_value() expects two arguments. expect(nullptr, "write_value()", kArgsParsingFailure); diff --git a/tests/unit/commands_test.cpp b/tests/unit/commands_test.cpp index 3daa58f33..9679a9e73 100644 --- a/tests/unit/commands_test.cpp +++ b/tests/unit/commands_test.cpp @@ -30,6 +30,7 @@ TEST(CommandsTest, ParseType) { ASSERT_EQ(Command::Type::IMGDIFF, Command::ParseType("imgdiff")); ASSERT_EQ(Command::Type::STASH, Command::ParseType("stash")); ASSERT_EQ(Command::Type::FREE, Command::ParseType("free")); + ASSERT_EQ(Command::Type::COMPUTE_HASH_TREE, Command::ParseType("compute_hash_tree")); } TEST(CommandsTest, ParseType_InvalidCommand) { diff --git a/tests/unit/screen_ui_test.cpp b/tests/unit/screen_ui_test.cpp index 4c0a868f0..7d97a006b 100644 --- a/tests/unit/screen_ui_test.cpp +++ b/tests/unit/screen_ui_test.cpp @@ -264,6 +264,10 @@ int TestableScreenRecoveryUI::KeyHandler(int key, bool) const { } int TestableScreenRecoveryUI::WaitKey() { + if (IsKeyInterrupted()) { + return static_cast<int>(RecoveryUI::KeyError::INTERRUPTED); + } + CHECK_LT(key_buffer_index_, key_buffer_.size()); return static_cast<int>(key_buffer_[key_buffer_index_++]); } @@ -391,7 +395,8 @@ TEST_F(ScreenRecoveryUITest, ShowMenu_TimedOut) { ui_->SetKeyBuffer({ KeyCode::TIMEOUT, }); - ASSERT_EQ(static_cast<size_t>(-1), ui_->ShowMenu(HEADERS, ITEMS, 3, true, nullptr)); + ASSERT_EQ(static_cast<size_t>(RecoveryUI::KeyError::TIMED_OUT), + ui_->ShowMenu(HEADERS, ITEMS, 3, true, nullptr)); } TEST_F(ScreenRecoveryUITest, ShowMenu_TimedOut_TextWasEverVisible) { @@ -412,6 +417,38 @@ TEST_F(ScreenRecoveryUITest, ShowMenu_TimedOut_TextWasEverVisible) { std::placeholders::_1, std::placeholders::_2))); } +TEST_F(ScreenRecoveryUITest, ShowMenuWithInterrupt) { + RETURN_IF_NO_GRAPHICS; + + ASSERT_TRUE(ui_->Init(kTestLocale)); + ui_->SetKeyBuffer({ + KeyCode::UP, + KeyCode::DOWN, + KeyCode::UP, + KeyCode::DOWN, + KeyCode::ENTER, + }); + + ui_->InterruptKey(); + ASSERT_EQ(static_cast<size_t>(RecoveryUI::KeyError::INTERRUPTED), + ui_->ShowMenu(HEADERS, ITEMS, 3, true, + std::bind(&TestableScreenRecoveryUI::KeyHandler, ui_.get(), + std::placeholders::_1, std::placeholders::_2))); + + ui_->SetKeyBuffer({ + KeyCode::UP, + KeyCode::UP, + KeyCode::NO_OP, + KeyCode::NO_OP, + KeyCode::UP, + KeyCode::ENTER, + }); + ASSERT_EQ(static_cast<size_t>(RecoveryUI::KeyError::INTERRUPTED), + ui_->ShowMenu(HEADERS, ITEMS, 0, true, + std::bind(&TestableScreenRecoveryUI::KeyHandler, ui_.get(), + std::placeholders::_1, std::placeholders::_2))); +} + TEST_F(ScreenRecoveryUITest, LoadAnimation) { RETURN_IF_NO_GRAPHICS; @@ -34,6 +34,7 @@ #include <android-base/file.h> #include <android-base/logging.h> #include <android-base/parseint.h> +#include <android-base/properties.h> #include <android-base/strings.h> #include "minui/minui.h" @@ -42,22 +43,27 @@ using namespace std::chrono_literals; -static constexpr int UI_WAIT_KEY_TIMEOUT_SEC = 120; -static constexpr const char* BRIGHTNESS_FILE = "/sys/class/leds/lcd-backlight/brightness"; -static constexpr const char* MAX_BRIGHTNESS_FILE = "/sys/class/leds/lcd-backlight/max_brightness"; -static constexpr const char* BRIGHTNESS_FILE_SDM = - "/sys/class/backlight/panel0-backlight/brightness"; -static constexpr const char* MAX_BRIGHTNESS_FILE_SDM = +constexpr int UI_WAIT_KEY_TIMEOUT_SEC = 120; +constexpr const char* BRIGHTNESS_FILE = "/sys/class/leds/lcd-backlight/brightness"; +constexpr const char* MAX_BRIGHTNESS_FILE = "/sys/class/leds/lcd-backlight/max_brightness"; +constexpr const char* BRIGHTNESS_FILE_SDM = "/sys/class/backlight/panel0-backlight/brightness"; +constexpr const char* MAX_BRIGHTNESS_FILE_SDM = "/sys/class/backlight/panel0-backlight/max_brightness"; +constexpr int kDefaultTouchLowThreshold = 50; +constexpr int kDefaultTouchHighThreshold = 90; + RecoveryUI::RecoveryUI() : brightness_normal_(50), brightness_dimmed_(25), brightness_file_(BRIGHTNESS_FILE), max_brightness_file_(MAX_BRIGHTNESS_FILE), touch_screen_allowed_(false), - kTouchLowThreshold(RECOVERY_UI_TOUCH_LOW_THRESHOLD), - kTouchHighThreshold(RECOVERY_UI_TOUCH_HIGH_THRESHOLD), + touch_low_threshold_(android::base::GetIntProperty("ro.recovery.ui.touch_low_threshold", + kDefaultTouchLowThreshold)), + touch_high_threshold_(android::base::GetIntProperty("ro.recovery.ui.touch_high_threshold", + kDefaultTouchHighThreshold)), + key_interrupted_(false), key_queue_len(0), key_last_down(-1), key_long_press(false), @@ -177,15 +183,15 @@ void RecoveryUI::OnTouchDetected(int dx, int dy) { enum SwipeDirection { UP, DOWN, RIGHT, LEFT } direction; // We only consider a valid swipe if: - // - the delta along one axis is below kTouchLowThreshold; - // - and the delta along the other axis is beyond kTouchHighThreshold. - if (abs(dy) < kTouchLowThreshold && abs(dx) > kTouchHighThreshold) { + // - the delta along one axis is below touch_low_threshold_; + // - and the delta along the other axis is beyond touch_high_threshold_. + if (abs(dy) < touch_low_threshold_ && abs(dx) > touch_high_threshold_) { direction = dx < 0 ? SwipeDirection::LEFT : SwipeDirection::RIGHT; - } else if (abs(dx) < kTouchLowThreshold && abs(dy) > kTouchHighThreshold) { + } else if (abs(dx) < touch_low_threshold_ && abs(dy) > touch_high_threshold_) { direction = dy < 0 ? SwipeDirection::UP : SwipeDirection::DOWN; } else { - LOG(DEBUG) << "Ignored " << dx << " " << dy << " (low: " << kTouchLowThreshold - << ", high: " << kTouchHighThreshold << ")"; + LOG(DEBUG) << "Ignored " << dx << " " << dy << " (low: " << touch_low_threshold_ + << ", high: " << touch_high_threshold_ << ")"; return; } @@ -404,34 +410,69 @@ void RecoveryUI::EnqueueKey(int key_code) { } } +void RecoveryUI::SetScreensaverState(ScreensaverState state) { + switch (state) { + case ScreensaverState::NORMAL: + if (android::base::WriteStringToFile(std::to_string(brightness_normal_value_), + brightness_file_)) { + screensaver_state_ = ScreensaverState::NORMAL; + LOG(INFO) << "Brightness: " << brightness_normal_value_ << " (" << brightness_normal_ + << "%)"; + } else { + LOG(ERROR) << "Unable to set brightness to normal"; + } + break; + case ScreensaverState::DIMMED: + if (android::base::WriteStringToFile(std::to_string(brightness_dimmed_value_), + brightness_file_)) { + LOG(INFO) << "Brightness: " << brightness_dimmed_value_ << " (" << brightness_dimmed_ + << "%)"; + screensaver_state_ = ScreensaverState::DIMMED; + } else { + LOG(ERROR) << "Unable to set brightness to dim"; + } + break; + case ScreensaverState::OFF: + if (android::base::WriteStringToFile("0", brightness_file_)) { + LOG(INFO) << "Brightness: 0 (off)"; + screensaver_state_ = ScreensaverState::OFF; + } else { + LOG(ERROR) << "Unable to set brightness to off"; + } + break; + default: + LOG(ERROR) << "Invalid screensaver state"; + } +} + int RecoveryUI::WaitKey() { std::unique_lock<std::mutex> lk(key_queue_mutex); + // Check for a saved key queue interruption. + if (key_interrupted_) { + SetScreensaverState(ScreensaverState::NORMAL); + return static_cast<int>(KeyError::INTERRUPTED); + } + // Time out after UI_WAIT_KEY_TIMEOUT_SEC, unless a USB cable is // plugged in. do { - std::cv_status rc = std::cv_status::no_timeout; - while (key_queue_len == 0 && rc != std::cv_status::timeout) { - rc = key_queue_cond.wait_for(lk, std::chrono::seconds(UI_WAIT_KEY_TIMEOUT_SEC)); + bool rc = key_queue_cond.wait_for(lk, std::chrono::seconds(UI_WAIT_KEY_TIMEOUT_SEC), [this] { + return this->key_queue_len != 0 || key_interrupted_; + }); + if (key_interrupted_) { + SetScreensaverState(ScreensaverState::NORMAL); + return static_cast<int>(KeyError::INTERRUPTED); } - if (screensaver_state_ != ScreensaverState::DISABLED) { - if (rc == std::cv_status::timeout) { + if (!rc) { // Lower the brightness level: NORMAL -> DIMMED; DIMMED -> OFF. if (screensaver_state_ == ScreensaverState::NORMAL) { - if (android::base::WriteStringToFile(std::to_string(brightness_dimmed_value_), - brightness_file_)) { - LOG(INFO) << "Brightness: " << brightness_dimmed_value_ << " (" << brightness_dimmed_ - << "%)"; - screensaver_state_ = ScreensaverState::DIMMED; - } + SetScreensaverState(ScreensaverState::DIMMED); } else if (screensaver_state_ == ScreensaverState::DIMMED) { - if (android::base::WriteStringToFile("0", brightness_file_)) { - LOG(INFO) << "Brightness: 0 (off)"; - screensaver_state_ = ScreensaverState::OFF; - } + SetScreensaverState(ScreensaverState::OFF); } - } else if (screensaver_state_ != ScreensaverState::NORMAL) { + } else { // Drop the first key if it's changing from OFF to NORMAL. if (screensaver_state_ == ScreensaverState::OFF) { if (key_queue_len > 0) { @@ -440,17 +481,12 @@ int RecoveryUI::WaitKey() { } // Reset the brightness to normal. - if (android::base::WriteStringToFile(std::to_string(brightness_normal_value_), - brightness_file_)) { - screensaver_state_ = ScreensaverState::NORMAL; - LOG(INFO) << "Brightness: " << brightness_normal_value_ << " (" << brightness_normal_ - << "%)"; - } + SetScreensaverState(ScreensaverState::NORMAL); } } } while (IsUsbConnected() && key_queue_len == 0); - int key = -1; + int key = static_cast<int>(KeyError::TIMED_OUT); if (key_queue_len > 0) { key = key_queue[0]; memcpy(&key_queue[0], &key_queue[1], sizeof(int) * --key_queue_len); @@ -458,6 +494,14 @@ int RecoveryUI::WaitKey() { return key; } +void RecoveryUI::InterruptKey() { + { + std::lock_guard<std::mutex> lg(key_queue_mutex); + key_interrupted_ = true; + } + key_queue_cond.notify_one(); +} + bool RecoveryUI::IsUsbConnected() { int fd = open("/sys/class/android_usb/android0/state", O_RDONLY); if (fd < 0) { @@ -51,6 +51,11 @@ class RecoveryUI { IGNORE }; + enum class KeyError : int { + TIMED_OUT = -1, + INTERRUPTED = -2, + }; + RecoveryUI(); virtual ~RecoveryUI(); @@ -99,9 +104,13 @@ class RecoveryUI { // --- key handling --- - // Waits for a key and return it. May return -1 after timeout. + // Waits for a key and return it. May return TIMED_OUT after timeout and + // KeyError::INTERRUPTED on a key interrupt. virtual int WaitKey(); + // Wakes up the UI if it is waiting on key input, causing WaitKey to return KeyError::INTERRUPTED. + virtual void InterruptKey(); + virtual bool IsKeyPressed(int key); virtual bool IsLongPress(); @@ -147,11 +156,22 @@ class RecoveryUI { // device-specific action, even without that being listed in the menu. Caller needs to handle // such a case accordingly (e.g. by calling Device::InvokeMenuItem() to process the action). // Returns a non-negative value (the chosen item number or device-specific action code), or - // static_cast<size_t>(-1) if timed out waiting for input. + // static_cast<size_t>(TIMED_OUT) if timed out waiting for input or + // static_cast<size_t>(ERR_KEY_INTERTUPT) if interrupted, such as by InterruptKey(). virtual size_t ShowMenu(const std::vector<std::string>& headers, const std::vector<std::string>& items, size_t initial_selection, bool menu_only, const std::function<int(int, bool)>& key_handler) = 0; + // Resets the key interrupt status. + void ResetKeyInterruptStatus() { + key_interrupted_ = false; + } + + // Returns the key interrupt status. + bool IsKeyInterrupted() const { + return key_interrupted_; + } + protected: void EnqueueKey(int key_code); @@ -175,8 +195,8 @@ class RecoveryUI { }; // The sensitivity when detecting a swipe. - const int kTouchLowThreshold; - const int kTouchHighThreshold; + const int touch_low_threshold_; + const int touch_high_threshold_; void OnKeyDetected(int key_code); void OnTouchDetected(int dx, int dy); @@ -187,10 +207,11 @@ class RecoveryUI { bool IsUsbConnected(); bool InitScreensaver(); - + void SetScreensaverState(ScreensaverState state); // Key event input queue std::mutex key_queue_mutex; std::condition_variable key_queue_cond; + bool key_interrupted_; int key_queue[256], key_queue_len; char key_pressed[KEY_MAX + 1]; // under key_queue_mutex int key_last_down; // under key_queue_mutex diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 16036f9ce..95f40c71f 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -332,7 +332,8 @@ static int produce_block_map(const char* path, const char* map_file, const char* #define F2FS_IOC_GET_PIN_FILE _IOW(F2FS_IOCTL_MAGIC, 14, __u32) #endif if (f2fs_fs) { - int error = ioctl(fd, F2FS_IOC_SET_PIN_FILE); + __u32 set = 1; + int error = ioctl(fd, F2FS_IOC_SET_PIN_FILE, &set); // Don't break the old kernels which don't support it. if (error && errno != ENOTTY && errno != ENOTSUP) { PLOG(ERROR) << "Failed to set pin_file for f2fs: " << path << " on " << blk_dev; diff --git a/update_verifier/Android.bp b/update_verifier/Android.bp index f6c7056d9..f4dc1f498 100644 --- a/update_verifier/Android.bp +++ b/update_verifier/Android.bp @@ -33,6 +33,7 @@ cc_library_static { ], srcs: [ + "care_map.proto", "update_verifier.cpp", ], @@ -49,6 +50,11 @@ cc_library_static { "libbase", "libcutils", ], + + proto: { + type: "lite", + export_proto_headers: true, + } } cc_binary { @@ -74,6 +80,7 @@ cc_binary { "libhardware", "libhidlbase", "liblog", + "libprotobuf-cpp-lite", "libutils", ], diff --git a/update_verifier/care_map.proto b/update_verifier/care_map.proto new file mode 100644 index 000000000..442ddd4a9 --- /dev/null +++ b/update_verifier/care_map.proto @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +syntax = "proto3"; + +package UpdateVerifier; +option optimize_for = LITE_RUNTIME; + +message CareMap { + message PartitionInfo { + string name = 1; + string ranges = 2; + string id = 3; + string fingerprint = 4; + } + + repeated PartitionInfo partitions = 1; +} diff --git a/update_verifier/include/update_verifier/update_verifier.h b/update_verifier/include/update_verifier/update_verifier.h index 16b394e98..534384e1d 100644 --- a/update_verifier/include/update_verifier/update_verifier.h +++ b/update_verifier/include/update_verifier/update_verifier.h @@ -20,5 +20,13 @@ int update_verifier(int argc, char** argv); -// Exposed for testing purpose. +// Returns true to indicate a passing verification (or the error should be ignored); Otherwise +// returns false on fatal errors, where we should reject the current boot and trigger a fallback. +// This function tries to process the care_map.txt as protobuf message; and falls back to use the +// plain text format if the parse failed. +// +// Note that update_verifier should be backward compatible to not reject care_map.txt from old +// releases, which could otherwise fail to boot into the new release. For example, we've changed +// the care_map format between N and O. An O update_verifier would fail to work with N care_map.txt. +// This could be a result of sideloading an O OTA while the device having a pending N update. bool verify_image(const std::string& care_map_name); diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp index dc7276326..5e5aa1819 100644 --- a/update_verifier/update_verifier.cpp +++ b/update_verifier/update_verifier.cpp @@ -60,6 +60,7 @@ #include <android/hardware/boot/1.0/IBootControl.h> #include <cutils/android_reboot.h> +#include "care_map.pb.h" #include "otautil/rangeset.h" using android::sp; @@ -189,33 +190,12 @@ static bool read_blocks(const std::string& partition, const std::string& range_s return ret; } -// Returns true to indicate a passing verification (or the error should be ignored); Otherwise -// returns false on fatal errors, where we should reject the current boot and trigger a fallback. -// Note that update_verifier should be backward compatible to not reject care_map.txt from old -// releases, which could otherwise fail to boot into the new release. For example, we've changed -// the care_map format between N and O. An O update_verifier would fail to work with N -// care_map.txt. This could be a result of sideloading an O OTA while the device having a pending N -// update. -bool verify_image(const std::string& care_map_name) { - android::base::unique_fd care_map_fd(TEMP_FAILURE_RETRY(open(care_map_name.c_str(), O_RDONLY))); - // If the device is flashed before the current boot, it may not have care_map.txt - // in /data/ota_package. To allow the device to continue booting in this situation, - // we should print a warning and skip the block verification. - if (care_map_fd.get() == -1) { - PLOG(WARNING) << "Failed to open " << care_map_name; - return true; - } +static bool process_care_map_plain_text(const std::string& care_map_contents) { // care_map file has up to six lines, where every two lines make a pair. Within each pair, the // first line has the partition name (e.g. "system"), while the second line holds the ranges of // all the blocks to verify. - std::string file_content; - if (!android::base::ReadFdToString(care_map_fd.get(), &file_content)) { - LOG(ERROR) << "Error reading care map contents to string."; - return false; - } - - std::vector<std::string> lines; - lines = android::base::Split(android::base::Trim(file_content), "\n"); + std::vector<std::string> lines = + android::base::Split(android::base::Trim(care_map_contents), "\n"); if (lines.size() != 2 && lines.size() != 4 && lines.size() != 6) { LOG(ERROR) << "Invalid lines in care_map: found " << lines.size() << " lines, expecting 2 or 4 or 6 lines."; @@ -237,6 +217,50 @@ bool verify_image(const std::string& care_map_name) { return true; } +bool verify_image(const std::string& care_map_name) { + android::base::unique_fd care_map_fd(TEMP_FAILURE_RETRY(open(care_map_name.c_str(), O_RDONLY))); + // If the device is flashed before the current boot, it may not have care_map.txt in + // /data/ota_package. To allow the device to continue booting in this situation, we should + // print a warning and skip the block verification. + if (care_map_fd.get() == -1) { + PLOG(WARNING) << "Failed to open " << care_map_name; + return true; + } + + std::string file_content; + if (!android::base::ReadFdToString(care_map_fd.get(), &file_content)) { + PLOG(ERROR) << "Failed to read " << care_map_name; + return false; + } + + if (file_content.empty()) { + LOG(ERROR) << "Unexpected empty care map"; + return false; + } + + UpdateVerifier::CareMap care_map; + // Falls back to use the plain text version if we cannot parse the file as protobuf message. + if (!care_map.ParseFromString(file_content)) { + return process_care_map_plain_text(file_content); + } + + for (const auto& partition : care_map.partitions()) { + if (partition.name().empty()) { + LOG(ERROR) << "Unexpected empty partition name."; + return false; + } + if (partition.ranges().empty()) { + LOG(ERROR) << "Unexpected block ranges for partition " << partition.name(); + return false; + } + if (!read_blocks(partition.name(), partition.ranges())) { + return false; + } + } + + return true; +} + static int reboot_device() { if (android_reboot(ANDROID_RB_RESTART2, 0, nullptr) == -1) { LOG(ERROR) << "Failed to reboot."; diff --git a/updater/Android.mk b/updater/Android.mk index ac9aecb04..78d0bd451 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -34,6 +34,7 @@ updater_common_static_libraries := \ libext4_utils \ libfec \ libfec_rs \ + libverity_tree \ libfs_mgr \ libgtest_prod \ liblog \ diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 2a2ab19a3..96b2d9feb 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -49,6 +49,7 @@ #include <fec/io.h> #include <openssl/sha.h> #include <private/android_filesystem_config.h> +#include <verity/hash_tree_builder.h> #include <ziparchive/zip_archive.h> #include "edify/expr.h" @@ -1495,6 +1496,105 @@ static int PerformCommandAbort(CommandParameters&) { return -1; } +// Computes the hash_tree bytes based on the parameters, checks if the root hash of the tree +// matches the expected hash and writes the result to the specified range on the block_device. +// Hash_tree computation arguments: +// hash_tree_ranges +// source_ranges +// hash_algorithm +// salt_hex +// root_hash +static int PerformCommandComputeHashTree(CommandParameters& params) { + if (params.cpos + 5 != params.tokens.size()) { + LOG(ERROR) << "Invaild arguments count in hash computation " << params.cmdline; + return -1; + } + + // Expects the hash_tree data to be contiguous. + RangeSet hash_tree_ranges = RangeSet::Parse(params.tokens[params.cpos++]); + if (!hash_tree_ranges || hash_tree_ranges.size() != 1) { + LOG(ERROR) << "Invalid hash tree ranges in " << params.cmdline; + return -1; + } + + RangeSet source_ranges = RangeSet::Parse(params.tokens[params.cpos++]); + if (!source_ranges) { + LOG(ERROR) << "Invalid source ranges in " << params.cmdline; + return -1; + } + + auto hash_function = HashTreeBuilder::HashFunction(params.tokens[params.cpos++]); + if (hash_function == nullptr) { + LOG(ERROR) << "Invalid hash algorithm in " << params.cmdline; + return -1; + } + + std::vector<unsigned char> salt; + std::string salt_hex = params.tokens[params.cpos++]; + if (salt_hex.empty() || !HashTreeBuilder::ParseBytesArrayFromString(salt_hex, &salt)) { + LOG(ERROR) << "Failed to parse salt in " << params.cmdline; + return -1; + } + + std::string expected_root_hash = params.tokens[params.cpos++]; + if (expected_root_hash.empty()) { + LOG(ERROR) << "Invalid root hash in " << params.cmdline; + return -1; + } + + // Starts the hash_tree computation. + HashTreeBuilder builder(BLOCKSIZE, hash_function); + if (!builder.Initialize(source_ranges.blocks() * BLOCKSIZE, salt)) { + LOG(ERROR) << "Failed to initialize hash tree computation, source " << source_ranges.ToString() + << ", salt " << salt_hex; + return -1; + } + + // Iterates through every block in the source_ranges and updates the hash tree structure + // accordingly. + for (const auto& range : source_ranges) { + uint8_t buffer[BLOCKSIZE]; + if (!check_lseek(params.fd, static_cast<off64_t>(range.first) * BLOCKSIZE, SEEK_SET)) { + PLOG(ERROR) << "Failed to seek to block: " << range.first; + return -1; + } + + for (size_t i = range.first; i < range.second; i++) { + if (read_all(params.fd, buffer, BLOCKSIZE) == -1) { + LOG(ERROR) << "Failed to read data in " << range.first << ":" << range.second; + return -1; + } + + if (!builder.Update(reinterpret_cast<unsigned char*>(buffer), BLOCKSIZE)) { + LOG(ERROR) << "Failed to update hash tree builder"; + return -1; + } + } + } + + if (!builder.BuildHashTree()) { + LOG(ERROR) << "Failed to build hash tree"; + return -1; + } + + std::string root_hash_hex = HashTreeBuilder::BytesArrayToString(builder.root_hash()); + if (root_hash_hex != expected_root_hash) { + LOG(ERROR) << "Root hash of the verity hash tree doesn't match the expected value. Expected: " + << expected_root_hash << ", actual: " << root_hash_hex; + return -1; + } + + uint64_t write_offset = static_cast<uint64_t>(hash_tree_ranges.GetBlockNumber(0)) * BLOCKSIZE; + if (params.canwrite && !builder.WriteHashTreeToFd(params.fd, write_offset)) { + LOG(ERROR) << "Failed to write hash tree to output"; + return -1; + } + + // TODO(xunchang) validates the written bytes + + return 0; +} + using CommandFunction = std::function<int(CommandParameters&)>; using CommandMap = std::unordered_map<Command::Type, CommandFunction>; @@ -1737,6 +1837,9 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, if (performer(params) == -1) { LOG(ERROR) << "failed to execute command [" << line << "]"; + if (cmd_type == Command::Type::COMPUTE_HASH_TREE && failure_type == kNoCause) { + failure_type = kHashTreeComputationFailure; + } goto pbiudone; } @@ -1894,15 +1997,16 @@ Value* BlockImageVerifyFn(const char* name, State* state, // Commands which are not allowed are set to nullptr to skip them completely. const CommandMap command_map{ // clang-format off - { Command::Type::ABORT, PerformCommandAbort }, - { Command::Type::BSDIFF, PerformCommandDiff }, - { Command::Type::ERASE, nullptr }, - { Command::Type::FREE, PerformCommandFree }, - { Command::Type::IMGDIFF, PerformCommandDiff }, - { Command::Type::MOVE, PerformCommandMove }, - { Command::Type::NEW, nullptr }, - { Command::Type::STASH, PerformCommandStash }, - { Command::Type::ZERO, nullptr }, + { Command::Type::ABORT, PerformCommandAbort }, + { Command::Type::BSDIFF, PerformCommandDiff }, + { Command::Type::COMPUTE_HASH_TREE, PerformCommandComputeHashTree }, + { Command::Type::ERASE, nullptr }, + { Command::Type::FREE, PerformCommandFree }, + { Command::Type::IMGDIFF, PerformCommandDiff }, + { Command::Type::MOVE, PerformCommandMove }, + { Command::Type::NEW, nullptr }, + { Command::Type::STASH, PerformCommandStash }, + { Command::Type::ZERO, nullptr }, // clang-format on }; CHECK_EQ(static_cast<size_t>(Command::Type::LAST), command_map.size()); @@ -1915,15 +2019,16 @@ Value* BlockImageUpdateFn(const char* name, State* state, const std::vector<std::unique_ptr<Expr>>& argv) { const CommandMap command_map{ // clang-format off - { Command::Type::ABORT, PerformCommandAbort }, - { Command::Type::BSDIFF, PerformCommandDiff }, - { Command::Type::ERASE, PerformCommandErase }, - { Command::Type::FREE, PerformCommandFree }, - { Command::Type::IMGDIFF, PerformCommandDiff }, - { Command::Type::MOVE, PerformCommandMove }, - { Command::Type::NEW, PerformCommandNew }, - { Command::Type::STASH, PerformCommandStash }, - { Command::Type::ZERO, PerformCommandZero }, + { Command::Type::ABORT, PerformCommandAbort }, + { Command::Type::BSDIFF, PerformCommandDiff }, + { Command::Type::COMPUTE_HASH_TREE, PerformCommandComputeHashTree }, + { Command::Type::ERASE, PerformCommandErase }, + { Command::Type::FREE, PerformCommandFree }, + { Command::Type::IMGDIFF, PerformCommandDiff }, + { Command::Type::MOVE, PerformCommandMove }, + { Command::Type::NEW, PerformCommandNew }, + { Command::Type::STASH, PerformCommandStash }, + { Command::Type::ZERO, PerformCommandZero }, // clang-format on }; CHECK_EQ(static_cast<size_t>(Command::Type::LAST), command_map.size()); diff --git a/updater/commands.cpp b/updater/commands.cpp index e88149678..15a787c51 100644 --- a/updater/commands.cpp +++ b/updater/commands.cpp @@ -40,6 +40,8 @@ Command::Type Command::ParseType(const std::string& type_str) { return Type::ABORT; } else if (type_str == "bsdiff") { return Type::BSDIFF; + } else if (type_str == "compute_hash_tree") { + return Type::COMPUTE_HASH_TREE; } else if (type_str == "erase") { return Type::ERASE; } else if (type_str == "free") { @@ -175,6 +177,7 @@ Command Command::Parse(const std::string& line, size_t index, std::string* err) SourceInfo source_info; StashInfo stash_info; + // TODO(xunchang) add the parse code of compute_hash_tree if (op == Type::ZERO || op == Type::NEW || op == Type::ERASE) { // zero/new/erase <rangeset> if (pos + 1 != tokens.size()) { diff --git a/updater/include/private/commands.h b/updater/include/private/commands.h index 087d7cfbf..7f9dc79f4 100644 --- a/updater/include/private/commands.h +++ b/updater/include/private/commands.h @@ -213,6 +213,10 @@ class PatchInfo { // - Free the given stash data. // - Meaningful args: StashInfo // +// compute_hash_tree <hash_tree_ranges> <source_ranges> <hash_algorithm> <salt_hex> <root_hash> +// - Computes the hash_tree bytes and writes the result to the specified range on the +// block_device. +// // abort // - Abort the current update. Allowed for testing code only. // @@ -221,6 +225,7 @@ class Command { enum class Type { ABORT, BSDIFF, + COMPUTE_HASH_TREE, ERASE, FREE, IMGDIFF, diff --git a/updater_sample/README.md b/updater_sample/README.md index f6a2a044b..306e71e5b 100644 --- a/updater_sample/README.md +++ b/updater_sample/README.md @@ -1,9 +1,8 @@ # SystemUpdaterSample This app demonstrates how to use Android system updates APIs to install -[OTA updates](https://source.android.com/devices/tech/ota/). It contains a sample -client for `update_engine` to install A/B (seamless) updates and a sample of -applying non-A/B updates using `recovery`. +[OTA updates](https://source.android.com/devices/tech/ota/). It contains a +sample client for `update_engine` to install A/B (seamless) updates. A/B (seamless) update is available since Android Nougat (API 24), but this sample targets the latest android. @@ -180,7 +179,8 @@ privileged system app, so it's granted the required permissions to access `update_engine` service as well as OTA package files. Detailed steps are as follows: 1. [Prepare to build](https://source.android.com/setup/build/building) -2. Add the module (SystemUpdaterSample) to the `PRODUCT_PACKAGES` list for the lunch target. +2. Add the module (SystemUpdaterSample) to the `PRODUCT_PACKAGES` list for the + lunch target. e.g. add a line containing `PRODUCT_PACKAGES += SystemUpdaterSample` to `device/google/marlin/device-common.mk`. 3. [Whitelist the sample app](https://source.android.com/devices/tech/config/perms-whitelist) @@ -221,7 +221,6 @@ privileged system app, so it's granted the required permissions to access - [x] Add smart update completion detection using onStatusUpdate - [x] Add pause/resume demo - [ ] Verify system partition checksum for package -- [?] Add non-A/B updates demo ## Running tests @@ -243,7 +242,8 @@ privileged system app, so it's granted the required permissions to access ## Accessing `android.os.UpdateEngine` API -`android.os.UpdateEngine`` APIs are marked as `@SystemApi`, meaning only system apps can access them. +`android.os.UpdateEngine` APIs are marked as `@SystemApi`, meaning only system +apps can access them. ## Getting read/write access to `/data/ota_package/` @@ -16,9 +16,15 @@ #include "vr_ui.h" -#include <minui/minui.h> +#include <android-base/properties.h> -VrRecoveryUI::VrRecoveryUI() : kStereoOffset(RECOVERY_UI_VR_STEREO_OFFSET) {} +#include "minui/minui.h" + +constexpr int kDefaultStereoOffset = 0; + +VrRecoveryUI::VrRecoveryUI() + : stereo_offset_( + android::base::GetIntProperty("ro.recovery.ui.stereo_offset", kDefaultStereoOffset)) {} int VrRecoveryUI::ScreenWidth() const { return gr_fb_width() / 2; @@ -30,36 +36,37 @@ int VrRecoveryUI::ScreenHeight() const { void VrRecoveryUI::DrawSurface(GRSurface* surface, int sx, int sy, int w, int h, int dx, int dy) const { - gr_blit(surface, sx, sy, w, h, dx + kStereoOffset, dy); - gr_blit(surface, sx, sy, w, h, dx - kStereoOffset + ScreenWidth(), dy); + gr_blit(surface, sx, sy, w, h, dx + stereo_offset_, dy); + gr_blit(surface, sx, sy, w, h, dx - stereo_offset_ + ScreenWidth(), dy); } void VrRecoveryUI::DrawTextIcon(int x, int y, GRSurface* surface) const { - gr_texticon(x + kStereoOffset, y, surface); - gr_texticon(x - kStereoOffset + ScreenWidth(), y, surface); + gr_texticon(x + stereo_offset_, y, surface); + gr_texticon(x - stereo_offset_ + ScreenWidth(), y, surface); } int VrRecoveryUI::DrawTextLine(int x, int y, const std::string& line, bool bold) const { - gr_text(gr_sys_font(), x + kStereoOffset, y, line.c_str(), bold); - gr_text(gr_sys_font(), x - kStereoOffset + ScreenWidth(), y, line.c_str(), bold); + gr_text(gr_sys_font(), x + stereo_offset_, y, line.c_str(), bold); + gr_text(gr_sys_font(), x - stereo_offset_ + ScreenWidth(), y, line.c_str(), bold); return char_height_ + 4; } int VrRecoveryUI::DrawHorizontalRule(int y) const { y += 4; - gr_fill(kMarginWidth + kStereoOffset, y, ScreenWidth() - kMarginWidth + kStereoOffset, y + 2); - gr_fill(ScreenWidth() + kMarginWidth - kStereoOffset, y, - gr_fb_width() - kMarginWidth - kStereoOffset, y + 2); + gr_fill(margin_width_ + stereo_offset_, y, ScreenWidth() - margin_width_ + stereo_offset_, y + 2); + gr_fill(ScreenWidth() + margin_width_ - stereo_offset_, y, + gr_fb_width() - margin_width_ - stereo_offset_, y + 2); return y + 4; } void VrRecoveryUI::DrawHighlightBar(int /* x */, int y, int /* width */, int height) const { - gr_fill(kMarginWidth + kStereoOffset, y, ScreenWidth() - kMarginWidth + kStereoOffset, y + height); - gr_fill(ScreenWidth() + kMarginWidth - kStereoOffset, y, - gr_fb_width() - kMarginWidth - kStereoOffset, y + height); + gr_fill(margin_width_ + stereo_offset_, y, ScreenWidth() - margin_width_ + stereo_offset_, + y + height); + gr_fill(ScreenWidth() + margin_width_ - stereo_offset_, y, + gr_fb_width() - margin_width_ - stereo_offset_, y + height); } void VrRecoveryUI::DrawFill(int x, int y, int w, int h) const { - gr_fill(x + kStereoOffset, y, w, h); - gr_fill(x - kStereoOffset + ScreenWidth(), y, w, h); + gr_fill(x + stereo_offset_, y, w, h); + gr_fill(x - stereo_offset_ + ScreenWidth(), y, w, h); } @@ -28,7 +28,7 @@ class VrRecoveryUI : public ScreenRecoveryUI { protected: // Pixel offsets to move drawing functions to visible range. // Can vary per device depending on screen size and lens distortion. - const int kStereoOffset; + const int stereo_offset_; int ScreenWidth() const override; int ScreenHeight() const override; diff --git a/wear_ui.cpp b/wear_ui.cpp index f50823688..3b057b761 100644 --- a/wear_ui.cpp +++ b/wear_ui.cpp @@ -25,17 +25,22 @@ #include <android-base/strings.h> #include <minui/minui.h> +constexpr int kDefaultProgressBarBaseline = 259; +constexpr int kDefaultMenuUnusableRows = 9; + WearRecoveryUI::WearRecoveryUI() : ScreenRecoveryUI(true), - kProgressBarBaseline(RECOVERY_UI_PROGRESS_BAR_BASELINE), - kMenuUnusableRows(RECOVERY_UI_MENU_UNUSABLE_ROWS) { - // TODO: kMenuUnusableRows should be computed based on the lines in draw_screen_locked(). + progress_bar_baseline_(android::base::GetIntProperty("ro.recovery.ui.progress_bar_baseline", + kDefaultProgressBarBaseline)), + menu_unusable_rows_(android::base::GetIntProperty("ro.recovery.ui.menu_unusable_rows", + kDefaultMenuUnusableRows)) { + // TODO: menu_unusable_rows_ should be computed based on the lines in draw_screen_locked(). touch_screen_allowed_ = true; } int WearRecoveryUI::GetProgressBaseline() const { - return kProgressBarBaseline; + return progress_bar_baseline_; } // Draw background frame on the screen. Does not flip pages. @@ -94,7 +99,7 @@ void WearRecoveryUI::StartMenu(const std::vector<std::string>& headers, const std::vector<std::string>& items, size_t initial_selection) { std::lock_guard<std::mutex> lg(updateMutex); if (text_rows_ > 0 && text_cols_ > 0) { - menu_ = std::make_unique<Menu>(scrollable_menu_, text_rows_ - kMenuUnusableRows - 1, + menu_ = std::make_unique<Menu>(scrollable_menu_, text_rows_ - menu_unusable_rows_ - 1, text_cols_ - 1, headers, items, initial_selection); update_screen_locked(); } @@ -30,11 +30,11 @@ class WearRecoveryUI : public ScreenRecoveryUI { protected: // progress bar vertical position, it's centered horizontally - const int kProgressBarBaseline; + const int progress_bar_baseline_; // Unusable rows when displaying the recovery menu, including the lines for headers (Android // Recovery, build id and etc) and the bottom lines that may otherwise go out of the screen. - const int kMenuUnusableRows; + const int menu_unusable_rows_; void StartMenu(const std::vector<std::string>& headers, const std::vector<std::string>& items, size_t initial_selection) override; |