| Commit message (Collapse) | Author | Files | Lines |
|
Switch some function signatures to std::string to avoid memory leak.
Bug: 30039381
Test: sideload a package on angler
Change-Id: Iae1e75871a782d6e5d6dde5dcf3f18469eb63f7d
|
|
Test: treehugger
Change-Id: I7edcb13eb1fc6d4f36f5a764a1b647fbf9cd063e
|
|
static_cast is preferable to reinterpret_cast when casting from void*
pointers returned by malloc/calloc/realloc/mmap calls.
Discovered while looking at compiler warnings (b/26936282).
Test: WITH_TIDY=1 WITH_STATIC_ANALYZER=1 mma
Change-Id: Iaffd537784aa857108f6981fdfd82d0496eb5592
Merged-In: I151642d5a60c94f312d0611576ad0143c249ba3d
|
|
Distinguish our "services.cpp" more clearly from the regular adbd
"services.cpp", and remove a few useless includes of "sysdeps.h".
Change-Id: Ided4945a3ac5916133322ca7e95fa51add9abaa4
|
|
Change-Id: Ifa0b4d8c1cf0bb39abac61984ff165e82e41222c
(cherry picked from commit cc07b3556510d03e389a8994a8e5dbed3f3bbbb4)
|
|
Change-Id: Ifa0b4d8c1cf0bb39abac61984ff165e82e41222c
|
|
So sideload thread will not use argument which is to be freed
in the main thread.
Bug: 23968770
Change-Id: I9d6dadc6c33cfbe4b5759382a80fe14cd0d54355
|
|
Change-Id: I542e2ae8f5ef18b2d6b3dbc1888b3ce1e02a7404
|
|
No functional change, just matching the signature to an adb change. See
https://android-review.googlesource.com/#/c/169601/.
Change-Id: Ic826864e126054849b3a4d193ded8acc5ee5269c
|
|
Change-Id: Ia3f30f3ba85c0246d4b667fb7723cfcdce299d4a
|
|
(cherry picked from commit ba45ddf37cf4543143af6b2e27fc1214f3dbe892)
Change-Id: Iba4f77f7db54ca0184437bd8ea96abfadabc72a3
|
|
Change-Id: I323ffda71b82cc939aed446f9c9fb86ca78df153
|
|
Change-Id: I5afaf70caa590525627c676c88b445d3162de33e
|
|
services.c:57:12: error: format '%llu' expects argument of type 'long
long unsigned int', but argument 2 has type 'uint64_t' [-Werror=format=]
Change-Id: Ieba691bf9e7a30c8bb38f4e1f36e86b6ea3f8c80
|
|
Turn the warning on by default and turn on -Werror so this doesn't
happen next time.
Change-Id: Id65bf0cb63bbf0ff224655b425463ae2f55435df
|
|
This code doesn't exist in the normal adb, so it just makes it harder
to diff the two.
Change-Id: Ibb21b49bb9944c4245199536cbe88e8a107cf00d
|
|
adb.h has diverged a bit, so that one will be more involved, but these
three are all trivial, unimportant changes.
Change-Id: Ief8474c1c2927d7e955adf04f887c76ab37077a6
|
|
Split the adb-specific portions (fetching a block from the adb host
and closing the connections) out from the rest of the FUSE filesystem
code, so that we can reuse the fuse stuff for installing off sdcards
as well.
Change-Id: I0ba385fd35999c5f5cad27842bc82024a264dd14
|
|
Implement a new method of sideloading over ADB that does not require
the entire package to be held in RAM (useful for low-RAM devices and
devices using block OTA where we'd rather have more RAM available for
binary patching).
We communicate with the host using a new adb service called
"sideload-host", which makes the host act as a server, sending us
different parts of the package file on request.
We create a FUSE filesystem that creates a virtual file
"/sideload/package.zip" that is backed by the ADB connection -- users
see a normal file, but when they read from the file we're actually
fetching the data from the adb host. This file is then passed to the
verification and installation systems like any other.
To prevent a malicious adb host implementation from serving different
data to the verification and installation phases of sideloading, the
FUSE filesystem verifies that the contents of the file don't change
between reads -- every time we fetch a block from the host we compare
its hash to the previous hash for that block (if it was read before)
and cause the read to fail if it changes.
One necessary change is that the minadbd started by recovery in
sideload mode no longer drops its root privileges (they're needed to
mount the FUSE filesystem). We rely on SELinux enforcement to
restrict the set of things that can be accessed.
Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
|
|
Use intptr_t/uintptr_t to cast between pointer and int to allow
building with -Werror=pointer-to-int-cast and
Werror=int-to-pointer-cast turned on.
Cast to char* instead of unsigned int for pointer arithmetic.
Change-Id: Ia862306fdcca53866b330e8cf726f3d62f2248a0
|
|
A return here leaves adb sideload in a permanent loop. An exit is
more appropriate for this error.
Change-Id: I80fb8abae4f6378833aa75f9eaf7ec1acd44b274
Signed-off-by: Ethan Yonker <ethanayonker@gmail.com>
|
|
Make minadbd drop its root privileges after initializing. We need to
make the /tmp directory writable by the shell group so that it can
drop the sideloaded file there.
|
|
Make minadbd drop its root privileges after initializing. We need to
make the /tmp directory writable by the shell group so that it can
drop the sideloaded file there.
Change-Id: I67b292cf769383f0f67fb934e5a80d408a4c131d
|
|
Rather than depending on the existence of some place to store a file
that is accessible to users on an an unbootable device (eg, a physical
sdcard, external USB drive, etc.), add support for sideloading
packages sent to the device with adb.
This change adds a "minimal adbd" which supports nothing but receiving
a package over adb (with the "adb sideload" command) and storing it to
a fixed filename in the /tmp ramdisk, from where it can be verified
and sideloaded in the usual way. This should be leave available even
on locked user-build devices.
The user can select "apply package from ADB" from the recovery menu,
which starts minimal-adb mode (shutting down any real adbd that may be
running). Once minimal-adb has received a package it exits
(restarting real adbd if appropriate) and then verification and
installation of the received package proceeds.
always initialize usb product, vendor, etc. for adb in recovery
Set these values even on non-debuggable builds, so that the mini-adb
now in recovery can work.
|
|
Rather than depending on the existence of some place to store a file
that is accessible to users on an an unbootable device (eg, a physical
sdcard, external USB drive, etc.), add support for sideloading
packages sent to the device with adb.
This change adds a "minimal adbd" which supports nothing but receiving
a package over adb (with the "adb sideload" command) and storing it to
a fixed filename in the /tmp ramdisk, from where it can be verified
and sideloaded in the usual way. This should be leave available even
on locked user-build devices.
The user can select "apply package from ADB" from the recovery menu,
which starts minimal-adb mode (shutting down any real adbd that may be
running). Once minimal-adb has received a package it exits
(restarting real adbd if appropriate) and then verification and
installation of the received package proceeds.
Change-Id: I6fe13161ca064a98d06fa32104e1f432826582f5
|