summaryrefslogtreecommitdiffstats
path: root/minadbd/services.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* refactor fuse sideloading codeDoug Zongker2014-07-101-2/+2
| | | | | | | | | Split the adb-specific portions (fetching a block from the adb host and closing the connections) out from the rest of the FUSE filesystem code, so that we can reuse the fuse stuff for installing off sdcards as well. Change-Id: I0ba385fd35999c5f5cad27842bc82024a264dd14
* sideload without holding the whole package in RAMDoug Zongker2014-07-021-33/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a new method of sideloading over ADB that does not require the entire package to be held in RAM (useful for low-RAM devices and devices using block OTA where we'd rather have more RAM available for binary patching). We communicate with the host using a new adb service called "sideload-host", which makes the host act as a server, sending us different parts of the package file on request. We create a FUSE filesystem that creates a virtual file "/sideload/package.zip" that is backed by the ADB connection -- users see a normal file, but when they read from the file we're actually fetching the data from the adb host. This file is then passed to the verification and installation systems like any other. To prevent a malicious adb host implementation from serving different data to the verification and installation phases of sideloading, the FUSE filesystem verifies that the contents of the file don't change between reads -- every time we fetch a block from the host we compare its hash to the previous hash for that block (if it was read before) and cause the read to fail if it changes. One necessary change is that the minadbd started by recovery in sideload mode no longer drops its root privileges (they're needed to mount the FUSE filesystem). We rely on SELinux enforcement to restrict the set of things that can be accessed. Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
* Merge "exit instead of return if sideload file creation fails"Doug Zongker2014-05-161-1/+1
|\
| * exit instead of return if sideload file creation failsEthan Yonker2013-01-091-1/+1
| | | | | | | | | | | | | | | | A return here leaves adb sideload in a permanent loop. An exit is more appropriate for this error. Change-Id: I80fb8abae4f6378833aa75f9eaf7ec1acd44b274 Signed-off-by: Ethan Yonker <ethanayonker@gmail.com>
* | recovery: fix building with pointer-to-int errors turned onColin Cross2014-02-061-2/+2
|/ | | | | | | | | | Use intptr_t/uintptr_t to cast between pointer and int to allow building with -Werror=pointer-to-int-cast and Werror=int-to-pointer-cast turned on. Cast to char* instead of unsigned int for pointer arithmetic. Change-Id: Ia862306fdcca53866b330e8cf726f3d62f2248a0
* run minadbd as shell userDoug Zongker2012-03-201-0/+1
| | | | | | | | Make minadbd drop its root privileges after initializing. We need to make the /tmp directory writable by the shell group so that it can drop the sideloaded file there. Change-Id: I67b292cf769383f0f67fb934e5a80d408a4c131d
* support "sideload over ADB" modeDoug Zongker2012-01-101-0/+161
Rather than depending on the existence of some place to store a file that is accessible to users on an an unbootable device (eg, a physical sdcard, external USB drive, etc.), add support for sideloading packages sent to the device with adb. This change adds a "minimal adbd" which supports nothing but receiving a package over adb (with the "adb sideload" command) and storing it to a fixed filename in the /tmp ramdisk, from where it can be verified and sideloaded in the usual way. This should be leave available even on locked user-build devices. The user can select "apply package from ADB" from the recovery menu, which starts minimal-adb mode (shutting down any real adbd that may be running). Once minimal-adb has received a package it exits (restarting real adbd if appropriate) and then verification and installation of the received package proceeds. Change-Id: I6fe13161ca064a98d06fa32104e1f432826582f5