summaryrefslogtreecommitdiffstats
path: root/fuse_sideload.cpp (unfollow)
Commit message (Collapse)AuthorFilesLines
2017-05-03fuse_sideload: Change the minimal block size to 4096.Tao Bao1-138/+140
run_fuse_sideload() is passing the block size as the max_read option, so it will only handle a request that involves at most two blocks at a time. However, the minimal allowed value was set to 1024 prior to this CL, which is inconsistent with the kernel code (fs/fuse/inode.c) that sets it to the greater of 4096 and the passed-in max_read option. This would fail the calls with a block size / max_read less than 4096 due to the wrongly computed block indices. Note that we didn't observe real issue in practice, because we have been using 64 KiB block sizes for both of adb and sdcard sideload calls. The issue only shows up in my local CL (to come later) that uses 1024 block size in run_fuse_sideload() tests. Test: recovery_component_test Test: adb sideload with the new recovery image on angler Change-Id: Id9f0cfea13d0d193dcb7cd41a1553a23739545f2
2017-04-27libfusesideload: Clean up the CFLAGS for the module.Tao Bao1-2/+4
Remove "-DADB_HOST=0" since it doesn't include adb related stuff. Test: mmma bootable/recovery Test: sideload on marlin Change-Id: Ia83a8edd31eedd803435d687513d561c873ffabe
2016-04-14Use BoringSSL instead of mincrypt to speed up package verification.Elliott Hughes1-9/+10
This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with merge conflict resolution, extra logging in verifier.cpp, and an increase in the hash chunk size from 4KiB to 1MiB. Bug: http://b/28135231 Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
2016-04-06Convert recovery to use BoringSSL instead of mincrypt.Mattias Nissler1-9/+10
This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
2015-07-24recovery: Switch fuse_* to C++.Tao Bao1-9/+6
Change-Id: Id50c3e6febd0ab61f10a654b9b265cf21a2d1701 (cherry picked from commit 71dc365f25676cfb3f62dbb7163697a8c3c5243d)
2015-07-20recovery: Switch fuse_* to C++.Tao Bao1-527/+0
Change-Id: I68770ad1a9e99caee292f8010cfd37dfea3acc64
2015-04-30Check all lseek calls succeed.Elliott Hughes1-9/+7
Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek. Bug: http://b/20625546 Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b (cherry picked from commit 7bad7c4646ee8fd8d6e6ed0ffd3ddbb0c1b41a2f)
2015-04-30Check all lseek calls succeed.Elliott Hughes1-9/+7
Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek. Bug: http://b/20625546 Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
2015-03-23Always use strerror to report errno in recovery.Elliott Hughes1-3/+3
Change-Id: I7009959043150fabf5853a43ee2448c7fbea176e
2014-09-18Use the correct fuse_init_out structure size.Christopher Ferris1-2/+28
Kernel 2.6.16 is the first stable kernel with struct fuse_init_out defined (fuse version 7.6). The structure is the same from 7.6 through 7.22. Beginning with 7.23, the structure increased in size and added new parameters. If the kernel only works on minor revs older than or equal to 22, then use the older structure size since this code only uses the 7.22 version of the structure. Change-Id: I00d7530e01e6b4718dcd04ad2484959d12ef4a65
2014-07-10refactor fuse sideloading codeDoug Zongker1-24/+19
Split the adb-specific portions (fetching a block from the adb host and closing the connections) out from the rest of the FUSE filesystem code, so that we can reuse the fuse stuff for installing off sdcards as well. Change-Id: I0ba385fd35999c5f5cad27842bc82024a264dd14
2014-07-02sideload without holding the whole package in RAMDoug Zongker1-0/+508
Implement a new method of sideloading over ADB that does not require the entire package to be held in RAM (useful for low-RAM devices and devices using block OTA where we'd rather have more RAM available for binary patching). We communicate with the host using a new adb service called "sideload-host", which makes the host act as a server, sending us different parts of the package file on request. We create a FUSE filesystem that creates a virtual file "/sideload/package.zip" that is backed by the ADB connection -- users see a normal file, but when they read from the file we're actually fetching the data from the adb host. This file is then passed to the verification and installation systems like any other. To prevent a malicious adb host implementation from serving different data to the verification and installation phases of sideloading, the FUSE filesystem verifies that the contents of the file don't change between reads -- every time we fetch a block from the host we compare its hash to the previous hash for that block (if it was read before) and cause the read to fail if it changes. One necessary change is that the minadbd started by recovery in sideload mode no longer drops its root privileges (they're needed to mount the FUSE filesystem). We rely on SELinux enforcement to restrict the set of things that can be accessed. Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114