| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
After a reboot function call, we should always wait for it to finish
without executing other instructions.
Bug: 151110322
Test: build
Change-Id: I1dda291a0835ff96df7eaf42eba1a38267a3beeb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change is part of a topic that moves the recovery resources from the
system partition to the vendor partition, if it exists, or the vendor directory
on the system partition otherwise. The recovery resources are moving from the
system image to the vendor partition so that a single system image may be used
with either an A/B or a non-A/B vendor image. The topic removes a delta in the
system image that prevented such reuse in the past.
The recovery resources that are moving are involved with updating the recovery
partition after an update. In a non-A/B configuration, the system boots from
the recovery partition, updates the other partitions (system, vendor, etc.)
Then, the next time the system boots normally, a script updates the recovery
partition (if necessary). This script, the executables it invokes, and the data
files that it uses were previously on the system partition. The resources that
are moving include the following.
* install-recovery.sh
* applypatch
* recovery-resource.dat (if present)
* recovery-from-boot.p (if present)
This makes the applypatch executable a vendor module.
This change supports making dependencies of the applypatch executable available
to applypatch, which is now on vendor.
Since install-recovery.sh is now a vendor service, we add the
applypatch/vendor_flash_recovery.rc file to /vendor/etc/init to start the
service.
Bug: 68319577
Test: Ensure that recovery partition is updated correctly.
Change-Id: I01c0800ee6078aa6c9d716d5f154ad2d63c7af84
|
|
|
|
|
|
|
|
|
|
|
| |
A number of utility functions are intended for serving recovery's own
use. Exposing them via libotautil (which is a static lib) would pass the
dependencies onto libotautil's users (e.g. recovery image, updater, host
simulator, device-specific recovery UI/updater extensions etc). This CL
finds a new home for the utils that are private to recovery.
Test: mmma bootable/recovery
Change-Id: I575e97ad099b85fe1c1c8c7c9458a5a43d4e11e1
|
|
|
|
|
| |
Test: mmma bootable/recovery
Change-Id: I6ed8f9eca7183f84537c770baaffddd22b6e9f28
|
|
|
|
|
|
|
|
|
| |
All the active users of mounts.h now live in updater/.
Test: mmma bootable/recovery
Test: Run recovery_unit_test on taimen.
Test: Code search shows no reference to otautil/mounts.h in device dirs.
Change-Id: I6c35d2e403e92a0111102d00aa4773f4f524650e
|
|
|
|
|
|
|
|
|
| |
Commit 0f339e27bb753b0dafb17a315fa4b029ba31aa28 moved part of the mounts
implementation into libfs_mgr. As a result, otautil/roots.cpp no longer
depends on anything in the local otautil/mounts.h.
Test: mmma bootable/recovery
Change-Id: If16c3e19a62933358fb0002a10e8556a99f9d29a
|
|
|
|
|
|
|
|
|
|
|
| |
Additionally kill the global variable: reason, stage; move them to a
separate BootState class instead. Vendor specific recovery code will
need to call getters from Device() class to access these variables.
Bug: 137705917
Test: unit tests pass, boot sailfish into recovery, code search and no
code includes common.h in vendor specific recovery.
Change-Id: Ia50a5ea951212c25548562f29cc9cf78505b5e34
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some global variables are only used for recovery.cpp and
recovery_main.cpp, remove them from common.h and handle their usage
accordingly. Variables include:
static constexpr int kRecoveryApiVersion;
extern struct selabel_handle* sehandle;
extern RecoveryUI* ui;
extern bool has_cache;
bool is_ro_debuggable();
Test: unit tests pass, boot into recovery mode and run graphic tests
Change-Id: If83a005786c9b38412731da97aaf85af69a3b917
|
|
|
|
|
|
|
|
|
|
|
|
| |
We may fail to memory map the package on 32 bit builds for packages with
2GiB+ size. This cl tries to install the package with fuse when memory map
fails in such cases.
Bug: 127071893
Test: build 32 bit version sailfish, push package and block.map, reboot into recovery with
the corresponding update_package argument.
Change-Id: I5dae4f3e27ccaf8d64ff3657d36f0e75db2330b0
|
|
|
|
|
|
|
|
|
|
|
| |
Implement the simulator runtime and build the updater simulator as a host
executable. The code to parse the target-files and mocks the block devices
will be submitted in the follow-up.
Bug: 131911365
Test: unit tests pass
Change-Id: Ib1ba939aec8333ca68a45139514d772ad7a27ad8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
shutdown and reboot should have a corresponding sub-reason.
Adding:
"reboot,userrequested,fastboot"
"reboot,userrequested,recovery"
"reboot,userrequested,recovery,ui"
"shutdown,userrequested,fastboot"
"shutdown,userrequested,recovery"
"reboot,unknown#" (Can't happen, debug)
Test: manual, multiple targets, enter recovery, be able to exit recovery
Bug: 133326470
Change-Id: Ibfcb2a23158e8e99922e8053edd815fb592150f2
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 6f4e4db4f9e0911a07c6393d01e4380e844f7891.
Reason for revert: Booting out of recovery (choose `Reboot system now`)
on taimen is broken. Device keeps booting back into recovery.
Bug: 133326470
Test: Choose `Reboot system now` from recovery menu. Deivce attempts
normal boot.
Change-Id: I6e85fc248e18953a6fb94513c3abc7e7e0fb0477
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
shutdown and reboot should have a corresponding sub-reason.
Adding:
"reboot,fastboot_menu"
"reboot,recovery_menu"
"reboot,recovery_ui"
"shutdown,fastboot"
"shutdown,recovery"
"reboot,unknown#"
Test: none
Change-Id: Icf1ab0d462ec2de2272914a36994a095998d6186
|
|
|
|
|
|
| |
Test: TreeHugger
Test: Boot into recovery on blueline. Choose "Mount system partition".
Change-Id: Iac475d18ce2415de09dc0bf009ad4cf0383ffede
|
|
|
|
|
|
|
|
|
|
| |
Adds a fuse data provider that parses the metadata from a block map,
reads the data from the given ranges of the block device; and provides
the data to the fuse.
Bug: 127071893
Test: unit tests pass, install a package from block map
Change-Id: Ie9925ee9144e98642505b3f5e1a4a186d2b21ed0
|
|
|
|
|
|
|
| |
Test: Choose `Reboot system now`, `Power off`, `Reboot to bootloader`
from recovery UI respectively.
Test: `adb reboot recovery` while under sideload mode.
Change-Id: I0f3d55b80b472178ea4f6970b29cd9df0778b639
|
|
|
|
|
|
|
|
|
|
| |
We perform these steps to perserve the recovery logs when wiping
/cache partition. Move them to logging.cpp to keep the actually
EraseVolume function concise.
Bug: 130166585
Test: unit tests pass, mount cache and check last log after cache
Change-Id: Idc52833817a446f3a0148a3dd2112f911c9ef48d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Therefore, libinstall becomes the sole owner to handle the request
from minadbd service.
The change also includes
1. move logging.cpp out of librecovery
2. drop the dependency on common.h
3. now it's more sensible to move the wipe_cache as part of
install_package. move the wipe_cache to the end of the function.
Bug: 130166585
Test: wipe data and cache from menu
Change-Id: I6f356dccdb38015c50acf756bac246f87c30fc1f
|
|
|
|
|
|
|
|
|
|
|
|
| |
otautil/roots.h includes <fstab/fstab.h>, but users of otautil/roots.h
don't need to explicitly depend on libfstab unless they have a real
need.
Also remove the unneeded include of <fstab/fstab.h> from
fsck_unshare_blocks.cpp.
Test: mmma -j bootable/recovery
Change-Id: Id3dc995a4769e631ab242843ee439bd94b2bf0bc
|
|
|
|
|
|
|
|
| |
Build libinstall as a shared library. Also drop the dependency on the
global variables in common.h.
Test: unit tests pass, sideload an OTA
Change-Id: I30a20047768ce00689fc0e7851c1c5d712a365a0
|
|
|
|
|
|
|
| |
We will reuse them to implement the fuse provider from block maps.
Test: unit tests pass, sideload an OTA
Change-Id: Iaa409d19569c4ccc0bb24e12518044fcddb45c69
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recovery-persist used to look for the related recovery logs in
persist storage, and copy them under /data/misc/recovery during the
normal boot process.
As we also want to find out the sideload information from last_install,
it makes more sense to move the parse & report of non-a/b metrics to
recovery-persist. Thus we can avoid the race condition of the file
system between the native code and RecoverySystem.
Bug: 114278989
Test: unit test pass, check the event buffer for metrics report
Change-Id: I32d7b2b831bc74a61a70af9a2f0b8a7e9b3e36ee
|
|
|
|
|
|
|
| |
And add the first few users.
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: Ifdf093d011478b6a1dd0405b0ba48c145b509cc8
|
|
|
|
|
|
|
|
|
|
| |
Now it's less beneficial to inject I/O faults since we don't see many of
them. Remove the library that mocks I/O failures. And switch to android::base
I/O when possible.
Bug: 113032079
Test: unit tests pass
Change-Id: I9f2a92b7ba80f4da6ff9e2abc27f2680138f942c
|
|
|
|
|
|
|
|
|
|
| |
Bug: 110380063
Test: `m -j installclean && mmma -j bootable/recovery` with
aosp_taimen-userdebug
Test: Build (`m -j bootimage`) and boot into recovery. Check that
`adb sideload` and `Run graphics test` both work.
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: Ie6ed0e7cafa352d5faff9d1b6ccef724a0415e65
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new command is part of the transfer.list and allows us to compute the hash
tree on non-ab devices.
The required arguments for the hash_tree computation are:
hash_tree_ranges
source_ranges
hash_algorithm
salt_hex
root_hash
Bug: 25170618
Test: unit tests pass; run simulator with compute_hash_tree
Change-Id: I8ff0d582cc8adabb8a060db7845f38b35b28e62c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The getopt_long(3) implementation in Android (upstream freebsd) expects
a null-terminated array while parsing long options with required args.
if (long_options[match].has_arg == required_argument) {
optarg = nargv[optind++];
}
...
if (long_options[match].has_arg == required_argument && optarg == NULL) {
return (BADARG);
}
This seems to make sense in practice, as getopt(3) takes the first two
arguments of argc and argv that are "as passed to the main() function on
program invocation", and both of C and C++ spec say "the value of
argv[argc] shall be 0".
Prior to the CL, we may run into undefined behavior on malformed input
command line (e.g. missing arg for an option that requires one). This CL
fixes the issue by always appending a nullptr to the argument list (but
without counting that into argc).
Test: Build and boot into recovery with commands.
Change-Id: Ic6c37548f4db2f30aeabd40f387ca916eeca5392
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This shortens the gap between A/B and non-A/B builds, by replacing the
dependency on build-time flag with runtime detection instead. It also
allows building and testing both paths regardless of the target OTA
type.
The size increase to /sbin/recovery looks negligible (< 0.01%).
- marlin: increased from 2084928 to 2085024;
- angler: increased from 2084776 to 2084896.
Test: Run recovery_component_test on angler and marlin.
Test: Sideload an A/B OTA package on marlin.
Test: Sideload a non-A/B OTA package on angler.
Change-Id: I1d927d1ede9713fb42f73b4fe324aa5705ee6f99
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to support that, this CL adds Paths::set_resource_dir() to
override the default resource dir ("/res/images/") that's only available
under recovery. Note that since there're external modules depending on
libminui, it adds a separate function of res_set_resource_dir(), instead
of requiring the dependency on libotautil for everyone.
Test: mmma -j bootable/recovery
Test: Run recovery_unit_test on marlin.
Change-Id: I0a7dcf4476808bea9e634eaffc9676f6cbaf92b7
|
|
|
|
|
|
|
|
|
|
|
|
| |
This breaks the dependency on common.h (which belongs to
recovery/librecovery) from librecovery_ui. reboot() is now owned by
libotautil, which is expected to be a leaf node to be depended on.
With the change, recovery and updater also share the same reboot() code
now.
Test: mmma -j bootable/recovery
Change-Id: I1cc5d702cfe49302048db33d31c9c87ddc97ac71
|
|
|
|
|
| |
Test: mmma -j bootable/recovery
Change-Id: I32ab98549e91f993364306e4a88dc654221b3869
|
|
|
|
|
|
|
| |
This avoids unnecessarily breaking mac build.
Test: `mmma -j bootable/recovery` on Linux and macOS.
Change-Id: I1dc00364c895866a4757c2a43beb3432ae1e4113
|
|
|
|
|
|
|
|
|
| |
Export its header (mounts.h) from there, and drop the dot dot dependency
from libupdater / updater.
Test: mmma bootable/recovery
Test: recovery_component_test
Change-Id: Ic26a6b9b78a34dbe1f178b138f3abaafffbec44c
|
|
|
|
|
|
|
|
|
|
| |
We have a general need for overriding more paths (e.g. "/tmp"), mostly
for testing purpose. Rename CacheLocation to Paths, and use that to
manage TEMPORARY_{INSTALL,LOG}_FILE.
Test: mmma -j bootable/recovery
Test: recovery_component_test
Change-Id: Ia8ce8e5695df37ca434f13ac4d3206de1e8e9396
|
|
|
|
|
|
|
|
|
|
|
| |
We set the limit of the max stash size to 80% of cache size. But the
cache space can still be insufficient for the update if the log files
occupy a large chunk of /cache. So remove the old logs for now to make
room for the update.
Bug: 77528881
Test: unit tests pass
Change-Id: Ia8bcb0ace11f8164ad9290bfb360e08e31d282cb
|
|
|
|
|
|
|
|
|
| |
Otherwise the applypatch executable will fail to back up the source
file to /cache when patching the recovery image.
Bug: 74198354
Test: run applypatch from boot to recovery
Change-Id: I6e5b9cd06d6ed0b26066b779a348437ecf984b92
|
|
|
|
|
|
|
|
|
|
|
|
| |
This class allows us to set the following locations dynamically:
cache_temp_source, last_command_file, stash_directory_base.
In the updater's main function, we reset the values of these variables
to their default locations in /cache; while we can set them to temp
files in unit tests or host simulation.
Test: unit tests pass
Change-Id: I528652650caa41373617ab055d41b1f1a4ec0f87
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this CL, the block verification works were assigned based on
the pattern of the ranges, which could lead to unbalanced workloads. This
CL adds RangeSet::Split() and moves update_verifier over.
a) For the following care_map.txt on walleye:
system
20,0,347,348,540,556,32770,33084,98306,98620,163842,164156,229378,229692,294914,295228,524289,524291,524292,524348,529059
vendor
8,0,120,135,32770,32831,94564,98304,98306
Measured the time costs prior to and with this CL with the following
script.
$ cat test_update_verifier.sh
#!/bin/sh
adb shell stop
adb shell "cp /data/local/tmp/care_map.txt /data/ota_package/"
for i in $(seq 1 50)
do
echo "Iteration: $i"
adb shell "bootctl set-active-boot-slot 0"
adb shell "echo 3 > /proc/sys/vm/drop_caches"
adb shell "time /data/local/tmp/update_verifier"
sleep 3
done
Without this CL, the average time cost is 5.66s, while with the CL it's
reduced to 3.2s.
b) For the following care_map.txt, measured the performance on marlin:
system
18,0,271,286,457,8350,32770,33022,98306,98558,163842,164094,196609,204800,229378,229630,294914,295166,501547
vendor
10,0,42,44,85,2408,32770,32806,32807,36902,74242
It takes 12.9s and 5.6s without and with the CL respectively.
Fixes: 68553827
Test: recovery_unit_test
Test: Flash new build and trigger update_verifier. Check the balanced
block verification.
Change-Id: I5fa4bf09a84e6b9b0975ee5f522724464181333f
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to CHECK and abort on parsing errors. While it works fine for
the updater use case (because recovery starts updater in a forked
process and collects the process exit code), it's difficult for other
clients to use RangeSet as a library (e.g. update_verifier).
This CL switches the aborts to returning empty RangeSet instead. Callers
need to check the parsing results explicitly.
The CL also separates RangeSet::PushBack() into a function, and moves
SortedRangeSet::Clear() into RangeSet.
Test: recovery_unit_test
Test: Sideload an OTA package with the new updater on angler.
Test: Sideload an OTA package with injected range string errors. The
updater aborts from the explicit checks.
Change-Id: If2b7f6f41dc93af917a21c7877a83e98dc3fd016
|
|
|
|
|
|
|
|
|
|
|
| |
Since it has grown much larger, users of the header shouldn't compile
and carry their full copies.
Also add missing header includes in imgdiff.cpp and imgdiff_test.cpp.
Test: mmma bootable/recovery
Test: recovery_unit_test; recovery_component_test; recovery_host_test
Change-Id: I88ca54171765e5606ab0d61580fbc1ada578fd7d
|
|
|
|
|
| |
Test: mmma bootable/recovery
Change-Id: I5959303528c6f704f10ce153f6fcb2054ce35b1e
|
|
|
|
|
|
|
|
|
| |
Also drop the "bootable/recovery" path in LOCAL_C_INCLUDES from
applypatch modules.
Test: lunch aosp_{angler,bullhead,fugu,dragon,sailfish}-userdebug;
mmma bootable/recovery
Change-Id: Idd602a796894f971ee4f8fa3eafe36c42d9de986
|
|
|
|
|
|
|
|
|
| |
bootable/recovery/otautil/SysUtil.cpp:103:19: error: use of undeclared identifier 'mmap64'; did you mean 'mmap'?
void* reserve = mmap64(nullptr, blocks * blksize, PROT_NONE, MAP_PRIVATE | MAP_ANON, -1, 0);
^~~~~~
Test: mmma bootable/recovery
Change-Id: I22d7dc4d994069201e5a633cec21421e2c4182fa
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 26436d6d6010d5323349af7e119ff8f34f85c40c to re-land
"Move error_code.h into otautil.".
This way it stops requiring relative path ".." in LOCAL_C_INCLUDES
(uncrypt and edify). Soong doesn't accept non-local ".." in
"local_include_dirs".
This CL needs to land with device-specific module changes (e.g. adding
the dependency on libotautil).
Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug;
mmma bootable/recovery
Change-Id: If193241801af2dae73eccd31ce57cd2b81c9fd96
|
|
|
|
|
|
|
|
| |
This reverts commit 623fe7e701d5d0fb17082d1ced14498af1b44e5b.
Reason for revert: Need to address device-specific modules.
Change-Id: Ib7a4191e7f193dfff49b02d3de76dda856800251
|
|
|
|
|
|
|
|
|
| |
This way it stops requiring relative path ".." in LOCAL_C_INCLUDES
(uncrypt and edify). Soong doesn't accept non-local ".." in
"local_include_dirs".
Test: mmma bootable/recovery
Change-Id: Ia4649789cef2aaeb2785483660e9ea5a8b389c62
|
|
|
|
|
| |
Test: mmma bootable/recovery
Change-Id: Ic01b68e2a394d578fc9fc09da2dabe9061b98122
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Changed to std::string based implementation (mostly moved from the
former make_parents() in updater/install.cpp);
- Removed the timestamp parameter, which is only neeed by file-based OTA;
- Changed the type of mode from int to mode_t;
- Renamed dirCreateHierarchy() to mkdir_recursively().
Test: recovery_unit_test passes.
Test: No external user of dirCreateHierarchy() in code search.
Change-Id: I71f8c4b29bab625513bbc3af6d0d1ecdc3a2719a
|
|
|
|
|
|
|
|
|
| |
This function has become obsolete since we've removed file-based OTA
support (it was needed by 'delete_recursive' edify function earlier).
Test: mmma -j bootable/recovery
Test: Code search shows no active user of the function.
Change-Id: If6faaa759d4c849b79acba4e6adb82baadc89f7a
|
|
|
|
|
|
|
| |
It's only used by file-based OTA which has been deprecated for O.
Test: mma
Change-Id: I439c93155ca94554d827142c99aa6c0845cc7561
|
|
|
|
|
| |
Test: flash and boot recovery on internal angler
Change-Id: Id8845b4b422d0078b251333eb6d30ce14771ef10
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Symlink is a filebased OTA feature, and the corresponding updater
function has been removed in
https://android-review.googlesource.com/#/c/350357/.
Also the only place where we call "package_extract_dir()" is to unpack
some bootloader dir in vendor's code. We plan to remove it also in a
separate bug.
Bug: 31917448
Test: mma
Change-Id: I3986d60958e64e0d5d8fa5f5bd508c579fb7fa2c
|
|
|
|
|
|
|
| |
Test: recovery_component_test
Test: recovery_unit_test
Test: Apply an OTA on angler.
Change-Id: I7170f03e4ce1fe06184ca1d7bcce0a695f33ac4d
|
|
|
|
|
|
|
|
|
|
|
|
| |
Log the maximum temperature as well as the start/end temperature of an
update to last_install. Check the temperature at the end of each
block_image_update(verify). To get the maximum temp, we iterate through
/sys/class/thermal/thermal_zone*/temp and find the maximum value
present.
Bug: 32518487
Test: temperature logs in last_install
Change-Id: Iaf22a9fbc5b18611bbc5320ffea995417872e514
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
external/zlib and external/safe-iop/include were used by Zip.c, which
became obsolete after [1].
Removing
- <assert.h>: we no longer call assert(3);
- <limits.h>: we no longer use PATH_MAX;
- <stdio.h>: we don't need FILE anymore;
- <stdlib.h>: no more malloc(3)/calloc(3);
- <unistd.h>: was once needed for lseek(2);
- <string.h>: no more memset(3).
Adding
- <stdint.h> for SIZE_MAX.
[1] commit 8cf5c8f60f51049278b08ae4cbc31df397b651fd: "Replace minzip
with libziparchive".
Test: `mmma bootable/recovery`
Change-Id: I349e909ba83d0f6ade5f92856ce3934f29fdca6c
|
|
|
|
|
|
|
|
|
|
| |
Add unit testcases for sysMapFile().
Test: recovery_unit_test passes.
Test: Build and use the new recovery image to sideload a package.
Test: Build and use the new recovery image to install an update.
Change-Id: I77d8f1ea151ab513865d992c256ba93a1fcb51a4
|
|
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.
Test: Update package installed successfully on angler.
Bug: 19472796
Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
|