summaryrefslogtreecommitdiffstats
path: root/applypatch/applypatch.cpp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* applypatch: {Load,Save}FileContents return bool values.Tao Bao2018-08-311-13/+13
| | | | | | Bug: 110106408 Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: Id72e24dd00eb451565d90cff6e049f4f4b844ea2
* applypatch: Refactor applypatch().Tao Bao2018-08-311-276/+164
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | applypatch() was initially designed for file-based OTA, operating on individual files. It was later extended to allow patching eMMC targets as a whole, in favor of block-based updates. As we have deprecated file-based OTA since Oreo, part of the code in applypatch() has become obsolete. This CL refactors the related functions, by removing the obsolete logic and focusing on eMMC targets. Since this CL substantially changes applypatch APIs, it adds new functions to avoid unintentionally mixing them together. In particular, it removes `applypatch()`, `applypatch_check()`, `applypatch_flash()`, and adds `PatchPartition()`, `PatchPartitionCheck()`, `FlashPartition()` and `CheckPartition()`. It also replaces the old Edify functions `apply_patch()` and `apply_patch_check()` with `patch_partition()` and `patch_partition_check()` respectively. This CL requires matching changes to OTA generation script (in the same topic). Bug: 110106408 Test: Run recovery_unit_test and recovery_component_test on marlin. Test: `m dist` with non-A/B target. Verify /system/bin/install-recovery.sh on device. Test: `m dist` with non-A/B target using BOARD_USES_FULL_RECOVERY_IMAGE. Verify /system/bin/install-recovery.sh on device. Test: Install an incremental OTA with the new updater and scripts. Change-Id: Ia34a90114bb227f4216eb478c22dc98c8194cb7f
* Remove otafaultTianjie Xu2018-08-281-104/+46
| | | | | | | | | | Now it's less beneficial to inject I/O faults since we don't see many of them. Remove the library that mocks I/O failures. And switch to android::base I/O when possible. Bug: 113032079 Test: unit tests pass Change-Id: I9f2a92b7ba80f4da6ff9e2abc27f2680138f942c
* applypatch: Change applypatch command-line arguments.Tao Bao2018-07-201-7/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This applies to the standalone applypatch executable (/system/bin/applypatch on device). This executable is only used when installing (via patching or flashing) a recovery image on non-A/B device. This CL removes the support for patching non-eMMC targets from applypatch that has been deprecated as part of file-based OTA. For patching eMMC targets, it also drops the support for accepting multiple patches (not useful, since the source file must be fixed). This CL needs the matching change in the same topic, which writes the script of "/system/bin/install-recovery.sh". Note that this CL doesn't chanage the applypatch API signatures, in order to minimize the CL size. *BEFORE* usage: /system/bin/applypatch [-b <bonus-file>] <src-file> <tgt-file> <tgt-sha1> <tgt-size> [<src-sha1>:<patch> ...] or /system/bin/applypatch -c <file> [<sha1> ...] or /system/bin/applypatch -l Filenames may be of the form EMMC:<partition>:<len_1>:<sha1_1>:<len_2>:<sha1_2>:... to specify reading from or writing to an EMMC partition. *AFTER* Usage: check mode applypatch --check EMMC:<target-file>:<target-size>:<target-sha1> flash mode applypatch --flash <source-file> --target EMMC:<target-file>:<target-size>:<target-sha1> patch mode applypatch [--bonus <bonus-file>] --patch <patch-file> --target EMMC:<target-file>:<target-size>:<target-sha1> --source EMMC:<source-file>:<source-size>:<source-sha1> show license applypatch --license Bug: 110106408 Test: Run recovery_component_test and recovery_unit_test on marlin. Test: Build a non-A/B target that has /system/bin/install-recovery.sh. Verify that it installs recovery image successfully. Test: Build a non-A/B target that has /system/bin/install-recovery.sh in flashing mode. Verify that it installs recovery image successfully. Change-Id: I71f9a71fb457e6f663e0b5511946949e65b4b78c
* applypatch: Consolidate CacheSizeCheck() and MakeFreeSpaceOnCache().Tao Bao2018-07-131-10/+2
| | | | | | | | | | | | | | | | | | They are doing exactly the same thing, except for the slightly different error return value (1 vs -1). int CacheSizeCheck(size_t bytes); int MakeFreeSpaceOnCache(size_t bytes_needed); This CL consolidates the two functions and uses bool as its return type. // Checks whether /cache partition has at least 'bytes'-byte free space. Returns true immediately // if so. Otherwise, it will try to free some space by removing older logs, checks again and // returns the checking result. bool CheckAndFreeSpaceOnCache(size_t bytes); Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I94a96934d2b18713f8f39ad5aa96a02c98d87963
* applypatch: Fix the return type of FreeSpaceForFile().Tao Bao2018-07-121-10/+0
| | | | | | | | | | | | | | Prior to this CL, FreeSpaceForFile() was returning `size_t`, which may overflow on ILP32 when called on a partition with 4GiB+ free space. Additionally, it was returning static_cast<size_t>(-1) on error, but the caller in freecache.cpp didn't check for that. This CL changes its return type to `int64_t`, and moves the function into freecache.cpp since there's no external caller. Test: Run recovery_unit_test on marlin. Test: Code search shows no external user of FreeSpaceForFile(). Change-Id: I00f501a057726e1f1ab69f367c46c77b30f2d774
* Remove the debug code for bspatch flakinessTianjie Xu2018-07-111-13/+0
| | | | | | | | | We already know the flakiness happens in bspatch, and the issue is tracked in b/80193170. Bug: 67849209 Test: unit tests pass Change-Id: Ib4772b8f2f0225125096fe7407d083b5bb542cfb
* edify: Remove VAL_INVALID and move ValueType into Value class.Tao Bao2018-07-101-1/+1
| | | | | | Test: mmma -j bootable/recovery Test: Run recovery_component_test and recovery_unit_test on marlin. Change-Id: I4b240e3e771c387b9694be9c0f2f74e0265ab4cb
* Merge "applypatch: Restrict applypatch_check to eMMC targets."Tao Bao2018-07-101-10/+12
|\
| * applypatch: Restrict applypatch_check to eMMC targets.Tao Bao2018-07-101-10/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also fix an error-pone behavior in previous code when verifying an eMMC target. As long as it loads the partition content successfully according to the SHAs embedded in the filename, it shouldn't further check against the SHAs given in the second argument. Because the loaded contents relate to a specific partition size. For example: apply_patch_check( "EMMC:/boot.img:src_size:src_hash:tgt_size:tgt_hash", "src_hash"); Assume "/boot.img" already has the desired hash of "tgt_hash", the previous code would give wrong verification result. The issue can be addressed by additionally listing "tgt_hash" as one of the desired SHAs (or by applying this CL). Bug: 110106408 Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I8daafdbecd083f687e24d563ab089caa25667633
* | applypatch: Fix a potential nullptr dereferencing.Tao Bao2018-07-101-4/+7
|/ | | | | | | | Note that the code exists in debugging path only, and won't be hit unless device has flaky flash. Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I0c71adc271f08f00e3eabd9d14cd8af3186c5bae
* applypatch: {Load,Save}FileContents and ParseSha1 take std::string.Tao Bao2018-06-201-13/+14
| | | | | | Test: mmma -j bootable/recovery Test: Run recovery_component_test on marlin. Change-Id: Ifcf244346a88dac833d91b169a4c2aee1fe677f1
* applypatch: Move to libbase logging.Tao Bao2018-06-201-72/+75
| | | | | | Test: mmma -j bootable/recovery Test: Run recovery_component_test on marlin. Change-Id: I3a4e32eb2c1e231c6690a50571edc66341b8d50a
* applypatch: Clean up the function comments.Tao Bao2018-06-201-106/+57
| | | | | | | | | | Also two minor changes (other than renaming some parameters): - Added constness to the first parameter of FindMatchingPatch(); - Declared WriteToPartition() as static. Bug: 110106408 Test: mmma -j bootable/recovery Change-Id: I388958c944a23ce4a38a757ce2249f6a89dd4f03
* Save the target file when applypatch tests failTianjie Xu2018-04-271-0/+8
| | | | | | | | | | | | | Save the target file to tempfile upon unittest failures so that we can try to decompress the deflate chunks in the flaky unittests. And print the zlib version in case that gets changed. Also the SHA1 of the uncompressed data seems correct; so only keep the final SHA1 to double confirm. Bug: 67849209 Test: recovery_component_test Change-Id: Ic6447c2b75c29379d6844cd23a0ff1c4305694a0
* Rename CacheLocation to Paths.Tao Bao2018-04-261-5/+5
| | | | | | | | | | We have a general need for overriding more paths (e.g. "/tmp"), mostly for testing purpose. Rename CacheLocation to Paths, and use that to manage TEMPORARY_{INSTALL,LOG}_FILE. Test: mmma -j bootable/recovery Test: recovery_component_test Change-Id: Ia8ce8e5695df37ca434f13ac4d3206de1e8e9396
* Dump debug information for apply_patch unit testsTianjie Xu2018-04-241-0/+5
| | | | | | | | | | | | | The apply patch test should have a deterministic way to append patch data. Add debug logs to dump the length and SHA1 of each step to further track down the flakiness. Also redirect the debug logging to stdout in case the logcat becomes too chatty. Bug: 67849209 Test: Run recovery_component_test Change-Id: I42bafef2d9dee599719ae57840b3d8c00d243ebd
* applypatch: Drop the SHA_CTX parameter in Apply{BSDiff,Image}Patch.Tao Bao2018-04-201-8/+7
| | | | | | | | | | As they're accepting the SinkFn callback, it makes more sense to leave the work to their callers. Test: mmma -j bootable/recovery Test: Run recovery_component_test on marlin. Test: No other active user of the two functions. Change-Id: I8d67b38ce037925442296f136b483e0c71983777
* applypatch: Dump patch info on mismatching patching result.Tao Bao2018-04-191-1/+16
| | | | | | | | | | | | After splitting the previously flaky ApplyPatchModesTest#PatchModeEmmcTarget tests, PatchModeEmmcTargetWithMultiplePatches now becomes the sole victim. This CL dumps additional info to narrow down the cause. Bug: 67849209 Test: `recovery_component_test` on marlin. Test: It dumps additional info after using corrupt bonus.file. Change-Id: Ic5436de457cc882a51d03f49d5cee70077f7d3df
* Remove the old log files if cache space is insufficient for OTATianjie Xu2018-04-131-7/+7
| | | | | | | | | | | We set the limit of the max stash size to 80% of cache size. But the cache space can still be insufficient for the update if the log files occupy a large chunk of /cache. So remove the old logs for now to make room for the update. Bug: 77528881 Test: unit tests pass Change-Id: Ia8bcb0ace11f8164ad9290bfb360e08e31d282cb
* Add a singleton CacheLocation to replace the hard coded locationsTianjie Xu2018-02-281-6/+5
| | | | | | | | | | | | This class allows us to set the following locations dynamically: cache_temp_source, last_command_file, stash_directory_base. In the updater's main function, we reset the values of these variables to their default locations in /cache; while we can set them to temp files in unit tests or host simulation. Test: unit tests pass Change-Id: I528652650caa41373617ab055d41b1f1a4ec0f87
* Skip the cache size check on hostTianjie Xu2018-02-131-3/+2
| | | | | | | | | | | When running the update simulation, we choose to skip the cache size check for now due to the lack of "/cache" on host. And in later cls we can implement a cache size estimator to make the check more constrained. Also build the host version of support libraries. Test: unit test pass Change-Id: I3ed93c857fd02f7b62f5baba9130f75c3236e717
* applypatch: Remove the 'st' field from FileContents.Tao Bao2017-12-071-15/+3
| | | | | | | | It used to keep track of the stat(2) info (e.g. st_mode/st_gid/st_uid) while patching a file in file-based OTA. Test: Build and use the new updater to apply an update on bullhead. Change-Id: Ibf8f0f4b14298a9489bf24a2678bb279c5d9c8f3
* applypatch: Change the patch parameter to const Value& in Apply{BSDiff,Image}Patch.Tao Bao2017-11-101-4/+4
| | | | | | | It used to be "const Value*", but nullptr won't be a valid input. Test: recovery_host_test; recovery_component_test Change-Id: I904b5689ac3e64504088bf0544c9fb5d45a52243
* Switch to bionic gtest in bootable/recoveryTianjie Xu2017-11-031-9/+9
| | | | | | | | | | | | | | | | | We encountered segfaults in Imgdiff host tests due to the failure to reset states of getopt. The problem can be solved by switching to use bionic's gtest where a new process is forked for each test. Also modify the recovery_component_test to make sure it runs in parallel. Changes include: 1. Merge the writes to misc partition into one single test. 2. Change the hard coded location "/cache/saved.file" into a configurable variable. Bug: 67849209 Test: recovery tests pass Change-Id: I165d313f32b83393fb7922c5078636ac40b50bc2
* Move rangeset.h and print_sha1.h into otautil.Tao Bao2017-10-111-1/+1
| | | | | | | | | Also drop the "bootable/recovery" path in LOCAL_C_INCLUDES from applypatch modules. Test: lunch aosp_{angler,bullhead,fugu,dragon,sailfish}-userdebug; mmma bootable/recovery Change-Id: Idd602a796894f971ee4f8fa3eafe36c42d9de986
* otafault: Move headers under otafault/.Tao Bao2017-09-291-1/+1
| | | | | Test: mmma bootable/recovery Change-Id: I3ceb72f703c7c2857d656c137d71baa1fccd8238
* applypatch: Let Apply{BSDiff,Image}Patch accept std::function.Tao Bao2017-03-281-14/+10
| | | | | | Test: mmma bootable/recovery system/update_engine Test: recovery_component_test Change-Id: I93c2caa87bf94a53509bb37f98f2c02bcadb6f5c
* applypatch: Change the ssize_t length parameters to size_t.Tao Bao2017-03-281-19/+18
| | | | | | | | | | | | | | | | | Mostly for applypatch family APIs like ApplyBSDiffPatch() and ApplyImagePatch(). Changing to size_t doesn't indicate they would necessarily work with very large size_t (e.g. > ssize_t), just similar to write(2). But otherwise accepting negative length doesn't make much sense. Also change the return type of SinkFn from ssize_t to size_t. Callers tell a successful sink by comparing the number of written bytes against the desired value. Negative return values like -1 are not needed. This also makes it consistent with bsdiff::bspatch interface. Test: recovery_component_test Test: Apply an incremental with the new updater. Change-Id: I7ff1615203a5c9854134f75d019e266f4ea6e714
* applypatch: Drop the support for patching non-EMMC targets.Tao Bao2017-03-161-277/+109
| | | | | | | | | | | Patching regular files is used in file-based OTA only, which has become obsolete. Bug: 35853185 Test: Apply an incremental that patches the boot.img. Test: /system/bin/install-recovery.sh works. Test: recovery_component_test passes. Change-Id: Id44e42c4bc63f2162ecc8a6df1cb528b7ae6b0a9
* applypatch: Don't expose FindMatchingPatch().Tao Bao2016-12-281-1/+1
| | | | | Test: make Change-Id: Ic77c4669574b6129e06aa6051804f419bcc8196c
* Bugfix:updater always retry apply patch failed,when memcpy failed.katao2016-12-191-0/+11
| | | | | | | | | https://code.google.com/p/android/issues/detail?id=230602 On the second attempt, open the file with O_RDONLY, which causing a write failure。 Change-Id: If89165b8c7619fe25722073a46b3cc7c61530a71 Signed-off-by: katao <ustckato@gmail.com>
* Remove ota_close(int) and ota_fclose(FILE*).Tao Bao2016-11-281-2/+2
| | | | | | | | | | | We should always use unique_fd or unique_file to hold the FD or FILE* pointer when opening via ota_(f)open functions. This CL avoids accidentally closing raw FDs or FILE* pointers that are managed by unique_fd/unique_file. Test: recovery_component_test passes. Change-Id: If58eb8b5c5da507563f85efd5d56276472a1c957
* Add ota_close(unique_fd&) and ota_fclose(std::unique_ptr<FILE>&).Tao Bao2016-11-231-7/+7
| | | | | | | | | | | | | | | | | | | | | | We were using the below sequence prior to the CL in [1]. unique_fd fd(ota_open(...)); ota_close(fd); fd.reset(ota_open(...)); fd.reset() may unintentionally close the newly opened FD if it has the same value as the early ota_open. The CL in [1] changed to "ota_close(fd.release())" to avoid the issue. This CL adds a new overloaded function ota_close(unique_fd&) to handle the release automatically. Similarly add ota_fclose(std::unique_ptr<FILE>&). [1] commit 48cf770471ef53fbf0a1837196220862a0bdb18d. Bug: 33034669 Test: recovery_component_test passes. Change-Id: Ief91edc590e95a7426e33364b28754173efb1056
* applypatch: Release FD when explicitly calling close.Tao Bao2016-11-211-5/+5
| | | | | | | | | | | We use android::base::unique_fd() to avoid leaking FD. We also want to call close (or ota_close) to explicitly check the close result. When combining the two together, we need to release the unique_fd to avoid closing the same FD twice. Bug: 33034669 Test: Trigger applypatch with install-recovery.sh. Change-Id: I1a4f5d5fba7a23ef98d8bd7b7b07e87ae6f705c5
* applypatch: Use unique_fd to avoid leaking FDs.Tao Bao2016-11-171-282/+270
| | | | | | | | | Add unique_fd that calls ota_close() instead of the default closer. Test: recovery_component_test passes. Test: Apply a package that calls apply_patch(). Change-Id: I0c19921731757934f76cf7d5215916673a8f2777
* applypatch: Clean up LoadPartitionContents().Tao Bao2016-11-171-283/+257
| | | | | | | | | We don't need three vectors to sort the (size, SHA-1) pairs. Test: recovery_component_test passes. Test: Apply a package that calls apply_patch_check() to patch EMMC partitions. Change-Id: I4a6620630a6711f490822cf30f1e7fe5cea6ce49
* applypatch: Switch the parameter of Value** to std::vector.Tao Bao2016-10-291-8/+8
| | | | | | Test: Unit tests and install-recovery.sh pass on angler and dragon. Change-Id: I328e6554edca667cf850f5584ebf1ac211e3d4d1
* Fix applypatch_check failure when applying update on anglerTianjie Xu2016-10-181-1/+1
| | | | | | | | | | | Applypatch_check should be skipped if no sha is specified. As the comments said: "It's okay to specify no sha1s; the check will pass if the LoadFileContents is successful. Useful for reading partitions, where the filename encodes the sha1s." Test: The update package applied on angler successfully. Bug: 32243751 Change-Id: Ib8f3dadf19f745c2dbd350d60da46ab12d75bc87
* Change StringValue to use std::stringTianjie Xu2016-10-151-16/+12
| | | | | | | | | | | Changing the field of 'Value' in edify to std::string from char*. Meanwhile cleaning up the users of 'Value' and switching them to cpp style. Test: compontent tests passed. Bug: 31713288 Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
* Check an edge case when read(2) returns 0Tianjie Xu2016-09-011-0/+3
| | | | | | | | | | We might end up in an infinite loop if read(2) reached EOF unexpectedly. The problematic code in uncrypt mentioned in the bug has been fixed by switching to libbase ReadFully(). So I grepped through the recovery code and fixed some other occurences of the issue. Bug: 31073201 Change-Id: Ib867029158ba23363b8f85d61c25058a635c5a6b
* Remove obsolete MTD support.Elliott Hughes2016-06-101-207/+101
| | | | | Bug: http://b/29250988 Change-Id: Ia97ba9082a165c37f74d6e1c3f71a367adc59945
* Fix google-runtime-int warnings.Chih-Hung Hsieh2016-04-181-1/+1
| | | | | Bug: 28220065 Change-Id: Ida199c66692a1638be6990d583d2ed42583fb592
* Fix the improper use of LOCAL_WHOLE_STATIC_LIBRARIES.Tao Bao2016-03-031-1/+1
| | | | | | | | | | | | | If two libraries both use LOCAL_WHOLE_STATIC_LIBRARIES and include a same library, there would be linking errors when generating a shared library (or executable) that depends on the two libraries both. Also clean up Android.mk files. Remove the "LOCAL_MODULE_TAGS := eng" line for the updater module. The module will then default to "optional" which won't be built until needed. Change-Id: I3ec227109b8aa744b7568e7f82f575aae3fe0e6f
* Control fault injection with config files instead of build flagsJed Estep2016-02-231-1/+1
| | | | | | Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c (cherry picked from commit d940887dde23597dc358b16d96ca48dd7480fee6)
* applypatch: use vector to store data in FileContents.Yabin Cui2016-02-121-71/+32
| | | | | Bug: 26906416 Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43
* IO fault injection for OTA packagesJed Estep2016-02-101-26/+27
| | | | | | Bug: 25951086 Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c (cherry-picked from commit f1fc48c6e62cfee42d25ad12f443e22d50c15d0b)
* applypatch: fix memory leaks reported by static analysis.Yabin Cui2016-02-051-96/+83
| | | | | Bug: 26906416 Change-Id: I163df5a8f3abda3ba5d4ed81dfc8567054eceb27
* Switch from mincrypt to BoringSSL in applypatch and updater.Sen Jiang2016-02-041-24/+23
| | | | | Bug: 18790686 Change-Id: I7d2136fb39b2266f5ae5be24819c617b08a6c21e
* Track rename from base/ to android-base/.Elliott Hughes2015-12-051-1/+1
| | | | Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
* updater: Clean up char* with std::string.Tao Bao2015-08-061-11/+1
| | | | | | | So we can remove a few free()s. And also replace a few pointers with references. Change-Id: I4b6332216704f4f9ea4a044b8d4bb7aa42a7ef26
* applypatch: Fix the checking in WriteToPartition().Tao Bao2015-07-251-3/+4
| | | | | | | | WriteToPartition() should consider a target name as valid if it contains multiple colons. But only the first two fields will be used. Bug: 22725128 Change-Id: Ie9404375e24045c115595eec6ce5b6423da8fc3e
* applypatch: Support flash mode.Tao Bao2015-07-241-12/+72
| | | | | | | | | | We may carry a full copy of recovery image in the /system, and use /system/bin/install-recovery.sh to install the recovery. This CL adds support to flash the recovery partition with the given image. Bug: 22641135 Change-Id: I7a275b62fdd1bf41f97f6aab62d0200f7dae5aa1 (cherry picked from commit 68c5a6796737bb583a8bdfa4c9cd9c7f12ef4276)
* applypatch: Refactor strtok().Tao Bao2015-07-241-83/+53
| | | | | | | We have android::base::Split() for the work. Change-Id: I0fb562feb203c9b15e2f431d8e84355fd682376a (cherry picked from commit 0a47ce27de454e272a883a0c452fad627fd7f419)
* recovery: Switch applypatch/ and updater/ to cpp.Tao Bao2015-07-141-0/+1025
Mostly trivial changes to make cpp compiler happy. Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270