summaryrefslogtreecommitdiffstats
path: root/recovery.cpp (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-03-14Consolidate the wait in recovery's rebootTianjie Xu1-7/+1
After a reboot function call, we should always wait for it to finish without executing other instructions. Bug: 151110322 Test: build Change-Id: I1dda291a0835ff96df7eaf42eba1a38267a3beeb
2020-01-30Show warning message if sideload failed or is interrupted.Yifan Hong1-24/+33
For non A/B and Virtual A/B devices where sideloading may affect the existing OS, - If sideload has failed, show a warning message in recovery menu header. - If sideload has interrupted, automatically reboot back into recovery and show the warning message in recovery menu header. Test: the above Fixes: 140749209 Change-Id: Ifdfc28b45975cdc31b6fce2ecb99acc31bc61fa8
2020-01-28Prompt for confirmation before reboot if installation fails.Yifan Hong1-2/+63
If previous installation fails, menu item 'Reboot system now' and 'Power off' now prompts for confirmation from the user. Known issues: - If the sideload is interrupted, it'll still boot into normal Android in the next cycle. - If 'Enter fastbootd' is chosen, and then 'Enter recovery', such prompt do not show up. Test: manual Fixes: 142892891 Change-Id: I929b80e0520bd3b9f56d88a4b2203fcdd8d7b013
2020-01-27Remove fsck_unshare_blocks.David Anderson1-10/+1
This code is dead. It was briefly used to support "adb remount" with deduplicated partitions, but was very quickly obsoleted by overlayfs support. There is no reason to include it anymore. Bug: N/A Test: N/A Change-Id: I4cdcbf66bec80092f954826eaae037934ff37765
2019-12-16Mount snapshotted /system in Virtual A/B devicesAlessio Balsini1-0/+7
Mounting /system in Virtual A/B devices may require the creation of the associated snapshot devices. This patch performs all the required initializations prior to attempting the mount of /system. Bug: 139157327 Test: manual /system partition mount on VAB device during OTA Depends-on: I7337bdd38d7016d12d3ee42be1c7893b10e9116d Change-Id: I71a9dfc57e1a1354f1f1edc5d287aca93c0c8924 Signed-off-by: Alessio Balsini <balsini@google.com>
2019-10-03Refactor battery info querying functions into librecovery_utils.Tao Bao1-73/+14
Bug: 134560109 Test: Run recovery_unit_test. Change-Id: Ibbcdcfd507fa23657ee7ff677208b0003ec382ba
2019-10-02otautil: Factor out the utils that're private to recovery.Tao Bao1-2/+2
A number of utility functions are intended for serving recovery's own use. Exposing them via libotautil (which is a static lib) would pass the dependencies onto libotautil's users (e.g. recovery image, updater, host simulator, device-specific recovery UI/updater extensions etc). This CL finds a new home for the utils that are private to recovery. Test: mmma bootable/recovery Change-Id: I575e97ad099b85fe1c1c8c7c9458a5a43d4e11e1
2019-08-15Remove common.hTianjie Xu1-11/+10
Additionally kill the global variable: reason, stage; move them to a separate BootState class instead. Vendor specific recovery code will need to call getters from Device() class to access these variables. Bug: 137705917 Test: unit tests pass, boot sailfish into recovery, code search and no code includes common.h in vendor specific recovery. Change-Id: Ia50a5ea951212c25548562f29cc9cf78505b5e34
2019-07-24Clean up some global variables in common.hTianjie Xu1-28/+25
Some global variables are only used for recovery.cpp and recovery_main.cpp, remove them from common.h and handle their usage accordingly. Variables include: static constexpr int kRecoveryApiVersion; extern struct selabel_handle* sehandle; extern RecoveryUI* ui; extern bool has_cache; bool is_ro_debuggable(); Test: unit tests pass, boot into recovery mode and run graphic tests Change-Id: If83a005786c9b38412731da97aaf85af69a3b917
2019-07-09Create a fallback to install from fuse if mmap failsTianjie Xu1-4/+24
We may fail to memory map the package on 32 bit builds for packages with 2GiB+ size. This cl tries to install the package with fuse when memory map fails in such cases. Bug: 127071893 Test: build 32 bit version sailfish, push package and block.map, reboot into recovery with the corresponding update_package argument. Change-Id: I5dae4f3e27ccaf8d64ff3657d36f0e75db2330b0
2019-06-20Support starting fuse from a block mapTianjie Xu1-2/+2
Factor out a new function from ApplyFromSdcard that installs a package from a local path. Inside this function, we start the fuse and choose the type of data provider depending on the path string. And similar to the existing logic, we treat the package as a block map if the path starts with a '@'. This is part of the effort to install larger than 2GiB packages on ILP32 devices. Bug: 127071893 Test: Build a 32 bit sailfish and create a 3GiB OTA package. Sideload the package, uncrypt and install the package from sdcard. Change-Id: I328ea34fa530731acbce7554bfc3059313ad6ece
2019-06-13InstallPackage now takes a package as parameterTianjie Xu1-1/+9
Therefore InstallPackage() doesn't need to worry about the details of a given Package. Bug: 127071893 Test: run update from /bin/recovery --update_package=@path, sideload a package Change-Id: I0caa36785b43924f884ee398e7ea640d7472a92e
2019-05-23recovery: report compliant reboot reason (Part Deux)Mark Salyzyn1-0/+2
shutdown and reboot should have a corresponding sub-reason. Adding: "reboot,userrequested,fastboot" "reboot,userrequested,recovery" "reboot,userrequested,recovery,ui" "shutdown,userrequested,fastboot" "shutdown,userrequested,recovery" "reboot,unknown#" (Can't happen, debug) Test: manual, multiple targets, enter recovery, be able to exit recovery Bug: 133326470 Change-Id: Ibfcb2a23158e8e99922e8053edd815fb592150f2
2019-05-22Revert "recovery: report compliant reboot reason"Tao Bao1-2/+0
This reverts commit 6f4e4db4f9e0911a07c6393d01e4380e844f7891. Reason for revert: Booting out of recovery (choose `Reboot system now`) on taimen is broken. Device keeps booting back into recovery. Bug: 133326470 Test: Choose `Reboot system now` from recovery menu. Deivce attempts normal boot. Change-Id: I6e85fc248e18953a6fb94513c3abc7e7e0fb0477
2019-05-20recovery: report compliant reboot reasonMark Salyzyn1-0/+2
shutdown and reboot should have a corresponding sub-reason. Adding: "reboot,fastboot_menu" "reboot,recovery_menu" "reboot,recovery_ui" "shutdown,fastboot" "shutdown,recovery" "reboot,unknown#" Test: none Change-Id: Icf1ab0d462ec2de2272914a36994a095998d6186
2019-05-10roots: Remove get_system_root and logical_partitions_mapped.Tao Bao1-2/+2
Test: TreeHugger Test: Boot into recovery on blueline. Choose "Mount system partition". Change-Id: Iac475d18ce2415de09dc0bf009ad4cf0383ffede
2019-04-30install: Install functions return InstallResult.Tao Bao1-8/+18
Test: `atest recovery_unit_test recovery_component_test` Test: Sideload a package on taimen. Change-Id: I2d42f55a89931ee495ea5c5d9e6b5ee1058e8e52
2019-04-30Support wipe command in rescue modexunchang1-4/+4
Bug: 131037235 Test: unit tests pass, run `adb rescue wipe` Change-Id: I22668f2c98fe2d9195d2561f961c28a7c08e712c (cherry picked from commit fedeef6f6d1f7b8f1e5a8b9e77f8dc21ef6b3c95)
2019-04-29Consolidate the codes that handle reboot/shutdown.Tao Bao1-2/+2
Test: Choose `Reboot system now`, `Power off`, `Reboot to bootloader` from recovery UI respectively. Test: `adb reboot recovery` while under sideload mode. Change-Id: I0f3d55b80b472178ea4f6970b29cd9df0778b639
2019-04-28Parse BCB command to enter rescue mode.Tao Bao1-3/+13
bootloader will set `boot-rescue` in BCB command field to indicate booting into rescue mode. This CL adds the matching parsing code. This CL changes the on-screen UI to display the default image while waiting for each sideload / rescue command. It also changes the minadbd reboot handlers to use REBOOT_ instead of the previous ENTER_ actions. This ensures a reboot going through bootloader, which may load a newly installed bootloader/recovery. Bug: 128505466 Bug: 128415917 Test: Boot into rescue mode. Run `adb rescue getprop` and `adb rescue install`. Check the UI. Then run `adb reboot rescue`. Change-Id: I5b7de9dfd898ed8e14bea0d4ad7385a9bae26e94 Merged-In: I5b7de9dfd898ed8e14bea0d4ad7385a9bae26e94 (cherry picked from commit d9cb014d431fee946308bdb8979c8e8fa74b582f)
2019-04-27Add install/wipe_device.cpp.Tao Bao1-165/+4
Prior to this CL, GetWipePartitionList was declared in install.h (libinstall) but defined in recovery.cpp (librecovery). This CL addresses the issue by refactoring wipe-device related functions into install/wipe_device.cpp. Test: atest recovery_component_test Change-Id: I7ebe04ccfda3d793e085403560a0a202752d9ee3
2019-04-26minadbd: Support `adb reboot` under sideload/rescue modes.Tao Bao1-24/+34
Bug: 128415917 Test: Run the following commands under sideload and rescue modes respectively. $ adb reboot $ adb reboot bootloader $ adb reboot recovery $ adb reboot rescue $ adb reboot invalid Change-Id: I84daf63e3360b7b4a0af5e055149a4f54e10ba90 Merged-In: I84daf63e3360b7b4a0af5e055149a4f54e10ba90 (cherry picked from commit 10f441a9dbb91be3124f455439631abcf8e96cde)
2019-04-26Allow entering rescue mode via recovery UI.Tao Bao1-5/+13
Only enabled on debuggable builds. Bug: 128415917 Test: Sideload package on taimen. Test: Choose "Enter rescue" from recovery UI. Change-Id: I913dbdbcffd3179e6fa72ca862f74ca8f1364b02 Merged-In: I913dbdbcffd3179e6fa72ca862f74ca8f1364b02 (cherry picked from commit c6dc325e88a25201aa3856e6532c3ed14203a376)
2019-04-26Support wipe command in rescue modexunchang1-4/+4
Bug: 131037235 Test: unit tests pass, run `adb rescue wipe` Change-Id: I22668f2c98fe2d9195d2561f961c28a7c08e712c
2019-04-25Parse BCB command to enter rescue mode.Tao Bao1-3/+13
bootloader will set `boot-rescue` in BCB command field to indicate booting into rescue mode. This CL adds the matching parsing code. This CL changes the on-screen UI to display the default image while waiting for each sideload / rescue command. It also changes the minadbd reboot handlers to use REBOOT_ instead of the previous ENTER_ actions. This ensures a reboot going through bootloader, which may load a newly installed bootloader/recovery. Bug: 128505466 Test: Boot into rescue mode. Run `adb rescue getprop` and `adb rescue install`. Check the UI. Then run `adb reboot rescue`. Change-Id: I5b7de9dfd898ed8e14bea0d4ad7385a9bae26e94
2019-04-24minadbd: Support `adb reboot` under sideload/rescue modes.Tao Bao1-24/+34
Bug: 128415917 Test: Run the following commands under sideload and rescue modes respectively. $ adb reboot $ adb reboot bootloader $ adb reboot recovery $ adb reboot rescue $ adb reboot invalid Change-Id: I84daf63e3360b7b4a0af5e055149a4f54e10ba90
2019-04-17Allow entering rescue mode via recovery UI.Tao Bao1-5/+13
Only enabled on debuggable builds. Bug: 128415917 Test: Sideload package on taimen. Test: Choose "Enter rescue" from recovery UI. Change-Id: I913dbdbcffd3179e6fa72ca862f74ca8f1364b02
2019-04-16DO NOT MERGE: Move wipe cache|data to libinstallxunchang1-186/+31
Therefore, libinstall becomes the sole owner to handle the request from minadbd service. The change also includes 1. move logging.cpp out of librecovery 2. drop the dependency on common.h 3. now it's more sensible to move the wipe_cache as part of install_package. move the wipe_cache to the end of the function. Bug: 130166585 Test: wipe data and cache from menu Change-Id: I6f356dccdb38015c50acf756bac246f87c30fc1f (cherry picked from commit 316e9717461890dd319dc370970069fe4532a561)
2019-04-15Move wipe cache|data to libinstallxunchang1-186/+31
Therefore, libinstall becomes the sole owner to handle the request from minadbd service. The change also includes 1. move logging.cpp out of librecovery 2. drop the dependency on common.h 3. now it's more sensible to move the wipe_cache as part of install_package. move the wipe_cache to the end of the function. Bug: 130166585 Test: wipe data and cache from menu Change-Id: I6f356dccdb38015c50acf756bac246f87c30fc1f
2019-03-29recovery: Remove SetUsbConfig() out of common.h.Tao Bao1-6/+0
libinstall now has its own copy. Test: mmma -j bootable/recovery Change-Id: Ibbe7084e15baeb7e744f2175d5944477092acc9e
2019-03-29Remove ui_print().Tao Bao1-15/+0
This used to be a helper function that allows printing message to UI. We no longer have any active user in bootable/recovery. Device-specific code can achieve the same functionality by calling GetUI()->Print() instead. Test: mmma -j bootable/recovery Change-Id: If584fc8a51d1af466f1d94d8ea5faa262603a784
2019-03-29Move install to separate modulexunchang1-10/+11
Build libinstall as a shared library. Also drop the dependency on the global variables in common.h. Test: unit tests pass, sideload an OTA Change-Id: I30a20047768ce00689fc0e7851c1c5d712a365a0
2019-03-21Move librecovery_ui to a sub-directoryTianjie Xu1-3/+2
This helps to expose librecovery_ui for device specific RecoveryUi. Bug: 76436783 Test: mma, unit tests pass Change-Id: Ic6c3d301d5833e4a592e6ea9d9d059bc4e4919be (cherry picked from commit b5108c372c8b92671ea5ebb4eeff00757fcee187)
2019-03-21Move librecovery_ui to a sub-directoryTianjie Xu1-3/+2
This helps to expose librecovery_ui for device specific RecoveryUi. Bug: 76436783 Test: mma, unit tests pass Change-Id: Ic6c3d301d5833e4a592e6ea9d9d059bc4e4919be
2019-03-20Move apply_from_sdcard to fuse_sdcard_installxunchang1-180/+21
Move the sdcard installation function and all helper functions to a separate file, and drop the dependency on common.h. In the future, we want to move these functions into the install class. Bug: 127071893 Test: unit tests pass Change-Id: I0b7f7cbf0b68918e638e13878ca28bfca367088a
2019-03-19Create a FuseDataProvider base classxunchang1-1/+2
The fuse data provider for adb/sdcard shares common code and structures. This cl creates a FuseDataProvider base class and provides implementations for adb and sdcard. In the follow cls, we can kill the provider_vtab struct; and also add another implementation to parse a block map file and provides data. Test: unit tests pass, sideload a package, apply a package from sdcard Change-Id: If8311666a52a2e3c0fbae0ee9688fa6d01e4ad09
2019-03-12Use the package class for wipe packagesxunchang1-34/+21
The wipe package used to open the zip file directly from the content string. Switch to use the interface from the new package class instead. Bug: 127071893 Test: unit tests pass Change-Id: I990e7f00c5148710722d17140bab2e343eea3b6b
2019-03-11Create a wrapper class for update packagexunchang1-3/+6
Creates a new class handle the package in memory and package read from fd. Define the new interface functions, and make approximate changes to the verify and install functions. Bug: 127071893 Test: unit tests pass, sideload a package Change-Id: I66ab00654df92471184536fd147b237a86e9c5b5
2019-03-07Add a new entry in wipe package to list all wipe partitionsxunchang1-45/+103
This gives us finer control over the partitions to wipe on the host side. Bug: 127492427 Test: unit tests pass, install a wipe package on sailfish Change-Id: I612f8bac743a310f28e365b490ef388b278cfccb
2018-12-19roots.cpp: convert to C++ FstabYifan Hong1-3/+3
Convert code to use C++ Fstab struct and C++ std::strings. Bug: 62292478 Bug: 118634720 Test: boots Change-Id: Ibdc1df5831bc885d7c1574419f41af026e49a137
2018-12-12Show wipe data confirmation text in recovery modeTianjie Xu1-2/+8
After we generate the localized confirmation text images for certain dpi, we can now load these images and display them under recovery. Devices that cannot load the images will use the backup text strings as before. Bug: 74397117 Test: check the menu with multiple locales, and check all the images locally with locale test, check the fall back strings. Change-Id: Ic31a55670026c909ec7a05cb0bb4a0fc1d5d15c7
2018-11-28SYSTEM_ROOT -> get_system_rootYifan Hong1-9/+2
Add a get_system_root() function in roots.cpp which returns / or /system based on fstab. This factors out the 'if' check from recovery.cpp and fsck_unshare_blocks.cpp. Test: boot recovery, mount system Bug: 118634720 Change-Id: If4947cba3a3f08dbe695fd2b50a9354cd302ee03
2018-10-31Refactor the code to check the metadataTianjie Xu1-25/+8
The two functions check_wipe_package() and check_newer_ab_build() were using the same flow; and checked the same device properties against the metadata file in the package. These properties include: ota_type, pre-device, and serial number. Therefore, we can consolidate the checks to a single function; and continue to check the fingerprint and timestamp only for AB updates. This change also addresses the need to accept multiple serial number in the wipe package. Bug: 118401208 Test: unit tests pass Change-Id: Ia6bc48fb6effcae059a2ff2cf71764b4136b4c00
2018-10-23Add function to show localized rescue party menuTianjie Xu1-5/+6
Add a function in screenUI to display the pre-generated graphs for rescue party. If these graphs are not valid, falls back to display the old text strings. Right now we haven't generated the localized graphs yet, so the UI always shows the TextMenu. Bug: 116655889 Test: check rescue party under recovery Change-Id: I0558cb536b659cdc25c8b7946d3a39820935b003
2018-10-11recovery: deprecate check for ro.build.system_root_imageMark Salyzyn1-2/+3
If there is a "/system" in the fstab, then can not be a system as root image. Test: compile Bug: 109821005 Change-Id: I2c852dcbdcf6de437d39039937799feeef949516
2018-09-17Trigger the logging when prompting for wipe.Tao Bao1-0/+3
This allows recording the reason string that prompts user for a data wipe, even if user selects 'Try again'. Test: Inject an error into framework to trigger RescueParty. Select 'Try again' and check the recovery log post-boot. Change-Id: I0d7d5afcf38cae5019e2ce0a46d3cd1ac3e83a03
2018-09-12Allow switch to fastbootd when userdata wipe is requiredHridya Valsaraju1-7/+11
Bug: 114065789 Test: Able to use 'adb reboot fastboot' to switch to fastboot from recovery when a userdata wipe is required to boot. Change-Id: Ice6950444656f8d8857808531af030078f544b88
2018-09-08Fix sideload for user devices by adding a new sideload configHridya Valsaraju1-0/+6
Bug: 113563995 Test: Tested the 'adb sideload' command on marlin user/userdebug builds and walleye user/userdebug builds Change-Id: I00d565547b85f2db87012e4a08316609e03395ac
2018-08-14Add fastboot mode to recoveryHridya Valsaraju1-1/+4
Add a fastboot mode to recovery that can be entered with command line args or with the ui. Add usb property triggers to switch between fastboot and adb configurations. Allow switching between fastboot and adb through usb commands by opening a unix socket. adbd/fastbootd writes to this socket, which interrupts the ui and switches to the new mode. Test: Use fastboot mode Bug: 78793464 Change-Id: I7891bb84427ec734a21a872036629b95ab3fb13c
2018-08-14recovery uses IHealth::getServiceYifan Hong1-38/+27
recovery is_battery_ok function uses get_health_service(), which calls IHealth::getService("default") then IHealth::getService("backup"). - An OEM can provide the default instance by installing android.hardware.health@2.0-impl-<device>.so to recovery partition. - If that's not found, the "backup" instance is provided to the recovery partition by default. Test: call is_battery_ok() in recovery, successfully get battery information. Bug: 80132328 Change-Id: Ibfee80636325a07bc20b24d044d007a60b3dd7c2
2018-07-30recovery: Add ability to interrupt UIJerry Zhang1-4/+27
Normally calling a UI method will block indefinitely until the UI is actually used. This creates a method to interrupt the UI, causing waitKey to return -2. This in turn, will cause ShowMenu to return -2. This allows switching between recovery and fastbootd via usb commands. Test: adb shell /data/nativetest64/recovery_unit_test/recovery_unit_test Bug: 78793464 Change-Id: I4c6c9aa18d79070877841a5c9818acf723fa6096
2018-07-17Fix the arguments passed to getopt_long(3).Tao Bao1-5/+6
The getopt_long(3) implementation in Android (upstream freebsd) expects a null-terminated array while parsing long options with required args. if (long_options[match].has_arg == required_argument) { optarg = nargv[optind++]; } ... if (long_options[match].has_arg == required_argument && optarg == NULL) { return (BADARG); } This seems to make sense in practice, as getopt(3) takes the first two arguments of argc and argv that are "as passed to the main() function on program invocation", and both of C and C++ spec say "the value of argv[argc] shall be 0". Prior to the CL, we may run into undefined behavior on malformed input command line (e.g. missing arg for an option that requires one). This CL fixes the issue by always appending a nullptr to the argument list (but without counting that into argc). Test: Build and boot into recovery with commands. Change-Id: Ic6c37548f4db2f30aeabd40f387ca916eeca5392
2018-06-07Recovery image is self-containedJiyong Park1-5/+3
Now recovery mode is self-contained, which means we don't need to mount system.img to run shell, etc. What is needed in recovery mode is all in the recovery ramdisk image. Since we no longer use /system as the mount point for the system.img, this allows us to have identical filesystem layout as the system.img. Executables and libs are installed to /system/bin and /system/lib. Right now, we only have adbd, sh, toybox in /system/bin but will move static executables from /sbin to /system/bin as soon as they are converted to dynamic executables. system.img is mounted to /mnt/system instead. Bug: 63673171 Test: `adb reboot recovery; adb devices` shows the device ID Test: `adb root && adb shell` and then $ lsof -p `pidof adbd` shows that libm.so, libc.so, etc. are loaded from the /lib directory. Change-Id: I801ebd18f3e0a112db3d9a11e4fbb4e49181652a
2018-05-30recovery: add --fsck_unshare_blocks option for adb remountDavid Anderson1-1/+10
Allow "adb remount" on deduplicated filesystems to reboot into recovery and run e2fsck to undo deduplication. The e2fsck binary is copied from the system partition into tmpfs, and the system partition is unmounted so e2fsck can run safely. Bug: 64109868 Test: recovery with --fsck_unshare_blocks; adb remount Change-Id: I7558749b018b58f3c4339e51a95831dbd5be1ae3
2018-05-22recovery: Add ability to set title linesJerry Zhang1-0/+5
Add the ability to change the contents of the title lines, displayed at the top of the screen. Once set, the same lines are displayed for all menus until changed again. Test: Recovery works Bug: 78793464 Change-Id: I7ef5594b0d76dbbd2e01ad7508863af1270b2a2a
2018-05-17recovery: Reset optind to 1 after getoptJerry Zhang1-0/+1
The getopt library exposes optind which is the next index to be processed. When scanning is restarted, optind has to be reset to 1. Test: Recovery works Bug: 78793464 Change-Id: I1efca3fb985ffbdfe91e43767469733cda6e7d5b
2018-05-16recovery: Refactor common setup into main()Jerry Zhang1-167/+5
Move more common setup into the main function. Main() handles all 1 time setup, such as ui, logging, and secontext. Recovery_main() takes in command line arguments, does any necessary recovery work, and can be called multiple times from main(). Test: Recovery works Bug: 78793464 Change-Id: I2d2595fc342b4ddfa80f4e06b30e44263132acd9 Merged-In: I2d2595fc342b4ddfa80f4e06b30e44263132acd9
2018-05-16recovery: Refactor common setup into main()Jerry Zhang1-167/+5
Move more common setup into the main function. Main() handles all 1 time setup, such as ui, logging, and secontext. Recovery_main() takes in command line arguments, does any necessary recovery work, and can be called multiple times from main(). Test: Recovery works Bug: 78793464 Change-Id: I2d2595fc342b4ddfa80f4e06b30e44263132acd9
2018-05-11recovery: Configure device menu based on runtime info.Tao Bao1-0/+4
Drop the dependency on build time flag of AB_OTA_UPDATER when compiling device.cpp. Note that AB_OTA_UPDATER still guards the package install behavior (install.cpp). This can be extended to cover the entry of "Apply update from SD card". Test: Build and boot into recovery on angler and walleye respectively. Check the recovery menu. Change-Id: I36a6a6b4101ba61d4d374e32353c36cc5716f9ce
2018-05-10Device owns the RecoveryUI instance.Tao Bao1-11/+9
Test: mmma -j bootable/recovery Test: Build and boot into recovery, w/ and w/o enabling quiescent mode respectively. Change-Id: I5d9bb945a6c3c9a3b96199fa0c8071a2f91339a0
2018-05-08screen_ui: Drop the parameter in CheckBackgroundTextImages.Tao Bao1-1/+1
ScreenRecoveryUI already has the info in locale_. Also when showing "Current locale: X/Y" on screen, use 1-based index for X, so that we have 1 <= X <= Y. Test: Build anf flash recovery image on aosp_bullhead-userdebug. Choose `Run locale test` from UI. Change-Id: I5dd4de82e63890ddf755f4e23cd2290ad5d50ece
2018-05-08recovery: Get UI and locale from device.Jerry Zhang1-5/+7
This removes some reliance on the global locale and ui variables. Test: Recovery works Bug: 78793464 Change-Id: I78f1a2b321f5d50aa58b10735a73ae137283353a
2018-05-08recovery: Remove unneeded include of minui.h.Tao Bao1-1/+0
Test: mmma -j bootable/recovery Change-Id: I1a79fa6386d56bf5e20ee074352d287403d2d745
2018-05-07recovery: Refactor logging code into logging.cppJerry Zhang1-128/+6
Move common logging related functions to rotate_logs.cpp, and rename that to logging.cpp. Test: Recovery works Bug: 78793464 Merged-In: I00f20a79a296680122b8437d54a87897c5cb2fc7 Change-Id: I00f20a79a296680122b8437d54a87897c5cb2fc7
2018-05-07recovery: Refactor logging code into logging.cppJerry Zhang1-128/+6
Move common logging related functions to rotate_logs.cpp, and rename that to logging.cpp. Test: Recovery works Bug: 78793464 Change-Id: I00f20a79a296680122b8437d54a87897c5cb2fc7 (cherry picked from commit 3c3f211d1e5698da6eea9e83584acb2dee4ca46e)
2018-05-07recovery: Refactor logging code into logging.cppJerry Zhang1-128/+6
Move common logging related functions to rotate_logs.cpp, and rename that to logging.cpp. Test: Recovery works Bug: 78793464 Change-Id: I00f20a79a296680122b8437d54a87897c5cb2fc7
2018-05-04Move reboot() from common.h into otautil/sysutil.h.Tao Bao1-8/+1
This breaks the dependency on common.h (which belongs to recovery/librecovery) from librecovery_ui. reboot() is now owned by libotautil, which is expected to be a leaf node to be depended on. With the change, recovery and updater also share the same reboot() code now. Test: mmma -j bootable/recovery Change-Id: I1cc5d702cfe49302048db33d31c9c87ddc97ac71
2018-05-04otautil: Rename dir/sys/thermal utils.Tao Bao1-1/+1
Test: mmma -j bootable/recovery Change-Id: I32ab98549e91f993364306e4a88dc654221b3869
2018-05-03Move menu headers/items to std::vector<std::string>.Tao Bao1-34/+24
Test: mmma -j bootable/recovery Test: Run recovery_unit_test on marlin. Test: Build and boot into recovery image on angler. Check the UI that shows menu ('View recovery log', 'Wipe data', 'Run locale test'). Test: Start recovery with '--prompt_and_wipe_data'. Check the UI. Change-Id: If8a4209e0bb4ca64f719f9f9465d3b3589a69cdc
2018-05-02screen_ui: Drop the dependency on common.h.Tao Bao1-1/+1
Remove the use of fopen_path() in screen_ui.cpp, as this is the only place that requires the dependency on common.h. The mounting work should be done by the caller. Also change the parameter in RecoveryUI::ShowFile() from const char* to const std::string&. Test: mmma -j bootable/recovery Test: Build and boot into recovery image on angler. Choose 'View recovery logs'. Change-Id: I8e63f14a8e2b12b856e5a92476e4226cd6ea39fb
2018-05-01Add ScreenRecoveryUI::ShowMenu().Tao Bao1-60/+20
From caller's PoV, RecoveryUI::{Start,Select,End}Menu should always be used together, i.e. to show a menu and get user's selection. This CL provides ShowMenu() as one-stop service (which is based on get_menu_selection() from recovery.cpp). Also move RecoveryUI::{Start,Select,End}Menu into ScreenRecoveryUI, with a dropped access level from public to protected. Due to the dependency on recovery / librecovery refactoring, will add testcases in follow-up CLs. Test: Build and boot into recovery image. Check the menus (main menu, 'View recovery logs', 'Wipe data/factory reset'). Change-Id: Ie17aa78144871a12affd6f9075e045f76608a0ba
2018-05-01recovery: Split main() into recovery_main.cpp.Tao Bao1-134/+5
This prepares for moving more codes from recovery into librecovery, so that they will become more easily testable. recovery_main.cpp will be the source code for recovery module, with the rest moved into librecovery. recovery_main.cpp mainly does the initializations, such as setting up the logger. Test: mmma -j bootable/recovery Test: recovery_component_test Test: Build and boot into recovery image on marlin. Change-Id: I8e846524546b6f3f0e32ed869e851f62261eef23 Merged-In: I8e846524546b6f3f0e32ed869e851f62261eef23
2018-05-01recovery: Split main() into recovery_main.cpp.Tao Bao1-133/+4
This prepares for moving more codes from recovery into librecovery, so that they will become more easily testable. recovery_main.cpp will be the source code for recovery module, with the rest moved into librecovery. recovery_main.cpp mainly does the initializations, such as setting up the logger. Test: mmma -j bootable/recovery Test: recovery_component_test Test: Build and boot into recovery image on marlin. Change-Id: I8e846524546b6f3f0e32ed869e851f62261eef23 (cherry picked from commit c241cb662440551eb0d2f42345f7ee08cf60a7dd)
2018-04-30recovery: Move a few constants closer to their uses.Tao Bao1-53/+48
Test: mmma -j bootable/recovery Change-Id: I78839ed487ef41b4eaa3787cb7b4bf33fb0d164a
2018-04-30recovery: Fix the return value when failing to convert to FBE.Tao Bao1-8/+8
Test: Build and flash aosp_angler-userdebug. Choose 'Convert to file encryption' from Developer Options. Converting to FBE still works. Change-Id: I75ac0e266af2d00bfaff0664f8bcee74a5f16b41
2018-04-27recovery: Revoke (most of) short options.Tao Bao1-55/+46
`recovery` is not a command line tool, and these short options don't have the common meanings that are used elsewhere. In the platform code, we're not actively using the short forms. - bootable/recovery/uncrypt/uncrypt.cpp - bootable/recovery/updater/install.cpp - frameworks/base/core/java/android/os/RecoverySystem.java - system/core/adb/services.cpp - system/core/init/builtins.cpp - system/update_engine/hardware_android.cc - system/vold/cryptfs.cpp (Callers must have used libbootloader_message.) '--show_text' and '--just_exit' are not that obvious from the initial commit messages. They appear to be used by vendor code (e.g. '--show_text' is optionally used by bootloader, as in the noted bug). So this CL keeps them as is for now. Test: `mmma -j bootable/recovery` Test: Check the code search for possible callers to recovery. Change-Id: I8a87f5fb50131d647dfc8290381ca47a60f543fa
2018-04-27recovery: Print the actually required battery level.Tao Bao1-15/+17
It should be one of BATTERY_OK_PERCENTAGE (20) and BATTERY_WITH_CHARGER_OK_PERCENTAGE (15), depending on the charger state. Also move the battery level related constants next to their users. Test: mmma -j bootable/recovery Test: Build and boot into recovery with a pending OTA. Check the log. Change-Id: I7513f59c4718ec8e2db16c5266928470c2308648 (cherry picked from commit f2ea6d79992c4004e693c942e5aa0eb32eb5387d)
2018-04-27recovery: Print the actually required battery level.Tao Bao1-60/+62
It should be one of BATTERY_OK_PERCENTAGE (20) and BATTERY_WITH_CHARGER_OK_PERCENTAGE (15), depending on the charger state. Also move the battery level related constants next to their users. Test: mmma -j bootable/recovery Test: Build and boot into recovery with a pending OTA. Check the log. Change-Id: I7513f59c4718ec8e2db16c5266928470c2308648 Merged-In: I7513f59c4718ec8e2db16c5266928470c2308648
2018-04-26Mark ui_print with __printflike.Tao Bao1-1/+1
And fix an issue as a result of the change. Test: mmma -j bootable/recovery Change-Id: I94e6384a1f39e9c37a8ed029d235142738d6e5d3 Merged-In: I94e6384a1f39e9c37a8ed029d235142738d6e5d3
2018-04-26Rename CacheLocation to Paths.Tao Bao1-75/+72
We have a general need for overriding more paths (e.g. "/tmp"), mostly for testing purpose. Rename CacheLocation to Paths, and use that to manage TEMPORARY_{INSTALL,LOG}_FILE. Test: mmma -j bootable/recovery Test: recovery_component_test Change-Id: Ia8ce8e5695df37ca434f13ac4d3206de1e8e9396
2018-04-25Wipe the metadata partition when we wipe data.Paul Crowley1-5/+14
Bug: 78469201 Test: Wipe from recovery menu, check that wipe is logged correctly and boot works as expected. Merged-In: I5bc8ef1b83d78de8b5edba6cc17882edcc744356 Change-Id: I5bc8ef1b83d78de8b5edba6cc17882edcc744356
2018-04-25Wipe the metadata partition when we wipe data.Paul Crowley1-5/+14
Bug: 78469201 Test: Wipe from recovery menu, check that wipe is logged correctly and boot works as expected. Change-Id: I5bc8ef1b83d78de8b5edba6cc17882edcc744356
2018-04-02Do not skip the update installation if it's a retryTianjie Xu1-2/+2
We used to skip the update installation if the battery doesn't reach the threshold or the boot reason is in blacklist. Afterwards, we just cleared the BCB and reboot/shutdown the device. However, this leaves the device in a brick state if the update is a retry; because a subsequent reboot won't resume the update after the BCB gets cleared. This CL skips the battery and bootreason check on retries. An alternative solution is to conduct the check and shutdown the device without clearing the BCB on INSTALL_SKIPPED; but users who don't have context may reboot the device manually anyway. Bug: 65288661 Test: Trigger the INSTALL_SKIPPED with insufficient battery, and check the behavior with retry_count. Change-Id: I0bd8ae9cee0e35aeeec3df469a78cec9ee1b8db8
2017-12-01Detect interrupted update due to power offTianjie Xu1-268/+297
An interrupted update may stash extra blocks in /cache, leading to a failure when checking the cache size. We can save the incremented retry_count in the BCB before installing the update; and distinguish a fresh update from an interrupted one this way. Bug: 68679601 Test: An interrupted update reapplies successfully. Change-Id: Ic1403e1fd25a937c91ef34c14b92a0f6c8f1c0f4
2017-11-14is_battery_ok use health 2.0 HALYifan Hong1-51/+71
Test: call is_battery_ok in graphics test, and test manually Bug: 69268160 Bug: 63702641 Change-Id: Ifcf4d2e2cb459689c11fc5d1b880bb053aaae8ae
2017-10-12Drop -Wno-unused-parameter.Tao Bao1-11/+10
The only one left is libedify. Will handle that in a separate CL. Test: mmma bootable/recovery Change-Id: I732a5f85229da90fd767bee2e46c5c95f529c396
2017-10-09Revert "Revert "Move error_code.h into otautil.""Tao Bao1-1/+1
This reverts commit 26436d6d6010d5323349af7e119ff8f34f85c40c to re-land "Move error_code.h into otautil.". This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". This CL needs to land with device-specific module changes (e.g. adding the dependency on libotautil). Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug; mmma bootable/recovery Change-Id: If193241801af2dae73eccd31ce57cd2b81c9fd96
2017-10-05Revert "Move error_code.h into otautil."Tao Bao1-1/+1
This reverts commit 623fe7e701d5d0fb17082d1ced14498af1b44e5b. Reason for revert: Need to address device-specific modules. Change-Id: Ib7a4191e7f193dfff49b02d3de76dda856800251
2017-10-04Move error_code.h into otautil.Tao Bao1-1/+1
This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". Test: mmma bootable/recovery Change-Id: Ia4649789cef2aaeb2785483660e9ea5a8b389c62
2017-10-02roots: Fix an issue with volume_for_path().Tao Bao1-1/+1
The earlier commit in 2dfc1a38982c4052bb32bc7fc06edeadf3908fb9 unintentionally changed the behavior. It gives a different result when looking up non-existent mount points (e.g. /cache on marlin). The logic behind volume_for_path("/xyz") is unclear: - It's fine to return non-null value if it's called by ensure_path_mounted() before accessing that file "/xyz". (Just based on the function name, we're not actually having this case.) - It should return nullptr if the caller is interested in the existence of that particular mount point "/xyz". This CL renames the function to volume_for_mount_point(), which does an exact match by querying the given mount point from libfs_mgr. The former volume_for_path() has been moved down to function scope for serving ensure_path_mounted() only. Test: Build and boot into recovery on bullhead and marlin respectively. 'View recovery logs'. Test: 'Mount /system' Test: 'Apply update from ADB' Change-Id: I1a16390f57540cae08a2b8f3d439d17886975217
2017-09-27Add a new option in recovery menu to test the background textsTianjie Xu1-0/+5
Add a new option "Run locale test" to check the background text images (i.e. texts for "erasing", "error", "no_command" and "installing" with different locales.) Use volume up/down button to cycle through all the locales embedded in the png file, and power button to go back to recovery main menu. Test: Run locale test with bullhead. Change-Id: Ib16e119f372110cdb5e611ef497b0f9b9b418f51
2017-09-13Remove EXPAND/STRINGIFY macros.Tao Bao1-1/+5
This reverts commit 8be0f39fec7f26164fd0791ff6d15bde65fc849c to reland the change that removes EXPAND/STRINGIFY macros. It's error-prone by putting anything into a string (e.g. EXPAND(RECOVERY_API_VERSION) would become "RECOVER_API_VERSION" if we forgot to pass -DRECOVERY_API_VERSION=3). The initial attempt put RECOVERY_API_VERSION into common.h, which might be included by device-specific codes but without defining that when compiling the module. This CL avoids the issue by using a constant in the header, with a static_assert in recovery.cpp that guards the consistency. Test: recovery_component_test Test: Sideload OTAs on bullhead and sailfish respectively. Change-Id: I12af3f73392a85554ba703f04970ec9d984ccbaa
2017-08-16screen_ui: Word-wrap menu headers.Tao Bao1-4/+5
This CL adds ScreenRecoveryUI::DrawWrappedTextLines() to better handle long menu header texts. It does a word wrap at spaces, if available. This avoids fixed-length menu headers being truncated on small screens. Bug: 64293520 Test: On bullhead, boot into recovery with --prompt_and_wipe_data, and check the prompt texts. Change-Id: Ia22746583516dd230567a267584aca558429395e (cherry picked from commit 2bbc6d642d1fbfb007905d95b629fe5f833b2a1b)
2017-08-16screen_ui: Word-wrap menu headers.Tao Bao1-4/+5
This CL adds ScreenRecoveryUI::DrawWrappedTextLines() to better handle long menu header texts. It does a word wrap at spaces, if available. This avoids fixed-length menu headers being truncated on small screens. Bug: 64293520 Test: On bullhead, boot into recovery with --prompt_and_wipe_data, and check the prompt texts. Change-Id: Ia22746583516dd230567a267584aca558429395e
2017-07-27otautil: Clean up dirCreateHierarchy().Tao Bao1-13/+13
- Changed to std::string based implementation (mostly moved from the former make_parents() in updater/install.cpp); - Removed the timestamp parameter, which is only neeed by file-based OTA; - Changed the type of mode from int to mode_t; - Renamed dirCreateHierarchy() to mkdir_recursively(). Test: recovery_unit_test passes. Test: No external user of dirCreateHierarchy() in code search. Change-Id: I71f8c4b29bab625513bbc3af6d0d1ecdc3a2719a
2017-07-25recovery: Fix the flickering when turning on text mode.Tao Bao1-9/+8
When there's no command specified when booting into debuggable builds (such as using `adb reboot recovery`), we turn on the text mode (i.e. recovery menu) directly. This CL fixes the issue to avoid showing the background image in a flash while turning on the text mode. Bug: 63985334 Test: `fastboot boot $OUT/recovery.img` and it shows the recovery menu directly without the no command image in a flash. Change-Id: Id86bbe346ab76c8defc95e2b423e695a86774b09 (cherry picked from commit 7022f33ec8531c742f8f4701552d687233901495)
2017-07-25recovery: Fix the flickering when turning on text mode.Tao Bao1-9/+8
When there's no command specified when booting into debuggable builds (such as using `adb reboot recovery`), we turn on the text mode (i.e. recovery menu) directly. This CL fixes the issue to avoid showing the background image in a flash while turning on the text mode. Bug: 63985334 Test: `fastboot boot $OUT/recovery.img` and it shows the recovery menu directly without the no command image in a flash. Change-Id: Id86bbe346ab76c8defc95e2b423e695a86774b09
2017-07-22Avoid crashing recovery with unwritable /cache.Tao Bao1-25/+23
When /cache is unwritable, recovery hits a crash loop. Because it passes nullptr to fileno(3) when writing back the locale file. This prevents user from recovering a device - it cannot boot far enough to recovery menu which allows wiping /cache. Bug: 63927337 Test: Corrupt /cache and boot into recovery on bullhead: 1. m -j recoveryimage 2. fastboot erase cache 3. fastboot boot $OUT/recovery.img 4. recovery menu shows up. Change-Id: I1407743f802049eb48add56a36298b665cb86139 (cherry picked from commit ec57903a7ec0bfe3c2f39dd6ee9cfc3de4ed20e6)
2017-07-21Avoid crashing recovery with unwritable /cache.Tao Bao1-25/+23
When /cache is unwritable, recovery hits a crash loop. Because it passes nullptr to fileno(3) when writing back the locale file. This prevents user from recovering a device - it cannot boot far enough to recovery menu which allows wiping /cache. Bug: 63927337 Test: Corrupt /cache and boot into recovery on bullhead: 1. m -j recoveryimage 2. fastboot erase cache 3. fastboot boot $OUT/recovery.img 4. recovery menu shows up. Change-Id: I1407743f802049eb48add56a36298b665cb86139
2017-07-19Fix the android-cloexec-* warnings in bootable/recoveryTianjie Xu1-24/+24
Add the O_CLOEXEC or 'e' accordingly. Bug: 63510015 Test: recovery tests pass Change-Id: I7094bcc6af22c9687eb535116b2ca6a59178b303
2017-06-15Fix "No file_contexts" warningJeff Vander Stoep1-6/+3
Fixed by Loading the file_contexts specified in libselinux, whereas previously recovery loaded /file_contexts which no longer exists. Bug: 62587423 Test: build and flash recovery on Angler. Warning is gone. Test: Wipe data and cache. Test: sideload OTA Change-Id: I11581c878b860ac5f412e6e8e7acde811f37870f (cherry picked from commit 2330dd8733ce0b207058e3003a3b1efebc022394)
2017-06-15Fix "No file_contexts" warningJeff Vander Stoep1-6/+3
Fixed by Loading the file_contexts specified in libselinux, whereas previously recovery loaded /file_contexts which no longer exists. Bug: 62587423 Test: build and flash recovery on Angler. Warning is gone. Test: Wipe data and cache. Test: sideload OTA Change-Id: I11581c878b860ac5f412e6e8e7acde811f37870f
2017-05-24Retry the update if ApplyBSDiffPatch | ApplyImagePatch failsTianjie Xu1-4/+5
We have seen one case when bspatch failed likely due to patch corruption. Since the package has passed verification before, we want to reboot and retry the patch command again since there's no alternative for users. We won't delete the stash before reboot, and the src has passed SHA1 check. If there's an error on the patch, it will fail the package verification during retry. Bug: 37855643 Test: angler reboots and retries the update when bspatch fails. Change-Id: I2ebac9621bd1f0649bb301b9a28a0dd079ed4e1d
2017-05-17Fix the input parameter for "set_retry_bootloader_message"Tianjie Xu1-13/+13
We're not updating argc & argv during get_args(), so some boot arguments missed when we set the boot message for retry. Bug: 38383406 Test: boot command sets correctly during retry attempt. Change-Id: Ie8583a22fad5e0084245e3431d4018518d508dfd (cherry picked from commit 72449c9f995649b1427b2116985ed9826a141d46)
2017-05-17Fix the input parameter for "set_retry_bootloader_message"Tianjie Xu1-13/+13
We're not updating argc & argv during get_args(), so some boot arguments missed when we set the boot message for retry. Bug: 38383406 Test: boot command sets correctly during retry attempt. Change-Id: Ie8583a22fad5e0084245e3431d4018518d508dfd
2017-05-04Revert "Remove EXPAND/STRINGIFY macros."Tao Bao1-1/+1
This reverts commit ec9706738f35a859f66fd0758b73381055804f63. Reason for revert: It's not a good idea to put RECOVERY_API_VERSION in common.h, which might be included by device-specific codes (but with RECOVERY_API_VERSION undefined). Change-Id: I9feb9c64a5af3e9165164622a59b043aa28a8b8c
2017-05-03Remove EXPAND/STRINGIFY macros.Tao Bao1-1/+1
They are error-prone by putting anything into a string (e.g. EXPAND(RECOVERY_API_VERSION) would become "RECOVER_API_VERSION" if we forgot to pass -DRECOVERY_API_VERSION=3). RECOVERY_API_VERSION is the only user (in bootable/recovery) that gets stringified. Assign it to a typed var and sanity check the value. Don't see other reference to the macros from device-specific recovery directories (they can still define that locally if really needed). Test: recovery_component_test Test: Sideload an OTA on angler and marlin respectively. Change-Id: I358bbdf8f0a99db5ce4c7bc2fdcafe8013501b64
2017-05-01adb_install: Stop passing RecoveryUI as a parameter.Tao Bao1-2/+2
It's already a global declared in common.h which is included by adb_install.cpp. Remove '#include "minadbd/fuse_adb_provider.h"' that's not needed by adb_install.cpp (minadbd takes care of that). Test: mmma bootable/recovery Change-Id: I6d08b7abc706b4b05de2ef46a57ced2204ad297e
2017-04-28Adding support for quiescent reboot to recoveryDmitri Plotnikov1-6/+20
Bug: 37401320 Test: build and push OTA and hit adb reboot recovery,quiescent. The screen should remain off throughout the upgrade process. (cherry picked from commit 8706a98aa635236a95795f0a0c122bb3e591a50d) Change-Id: I79789a151f6faafda8ecc6198c2182cc2a91da70
2017-04-24recovery: Remove the include of adb.h.Tao Bao1-1/+0
recovery.cpp doesn't have a direct dependency on adb.h (only minadbd does). 'adb.h' was once needed for DEFAULT_ADB_PORT, until being killed by commit acb2a2fa4c415944a27539461ba3757f3edbb128. Test: mmma bootable/recovery Change-Id: I84f87988d01c3f0c3d1383cc3cffde2e7d5e7aea
2017-04-22Reboot the device on user build after the install failsTianjie Xu1-4/+12
Users can't do much after the install fails with the device showing "error" under recovery. So our best choice is to reboot the device since sometimes the system image is still bootable (i.e. on package verification failure). At worst the device would stuck in a boot loop where the users need the same professional knowledge to recover as before. Behaviors after installation failure (including data wipe): If recovery text is visible: No change. If recovery text is not visible: Old behavior: Wait under "error" screen. Reboot after UI timeout (120s) if not connected to usb charger. New behavior: Wait for 5s (shortens from the 120s timeout) under "error" screen and reboot (w or w/o charger). sideload-auto-reboot (only available for userdebug): Old behavior: Reboot immediately after installation failure. New behavior: Wait for 5s under "error" screen and reboot. Bug: 35386985 Test: On angler user, device auto reboots 5s after a failing OTA. Change-Id: I3ff0ead86e2ccec9445d6a2865bc2c463855f23c
2017-04-19Adding support for quiescent reboot to recoveryDmitri Plotnikov1-6/+20
Bug: 37401320 Test: build and push OTA and hit adb reboot recovery,quiescent. The screen should remain off throughout the upgrade process. Change-Id: Ibed3795c09e26c4fa73684d40b94e40c78394d3f
2017-03-29Merge "Add the missing sr-Latn into png files and rename the png locale header" am: 713d915636 am: dc235b5ab9Tianjie Xu1-1/+1
am: 5ec12126f0 Change-Id: Ia6b861c91958d3be23a4a7456d6d5d8e4a1607c8 (cherry picked from commit 9166f66eee883d6d6cc280a6c355e5528bb4a3f0)
2017-03-25Add the missing sr-Latn into png files and rename the png locale headerTianjie Xu1-1/+1
Switch the locale header in the png files from Locale.toString() to Locale.toLanguageTag(). For example, en_US --> en-us and sr__#Latn --> sr-Latn. Also clean up recovery a bit to expect the new locale format. Bug: 35215015 Test: sr-Latn shows correctly under graphic tests && recovery tests pass Change-Id: Ic62bab7756cdc6e5f98f26076f7c2dd046f811db
2017-03-24Fix the wrong parameter when calling read_metadata_from_package().Tao Bao1-37/+35
The call to read_metadata_from_package() is broken due to being passed an invalid pointer (ZipArchiveHandle vs ZipArchiveHandle*). It's introduced when switching from minzip to libziparchive. Compiler didn't complain, because ZipArchiveHandle is typedef'd as void*, which legitly accepts a void**. Also clean up secure_wipe_partition() logs a bit by using android-base logging. Bug: 36427762 Test: Send a wipe package. Change-Id: I791a0f09a066f1c257dae890e7ae13d02a02e78b
2017-03-23Reword the wipe warning message to be more comprehensible.Paul Crowley1-4/+6
Test: My device was crashing anyway, so observed message on crash. Bug: 34669779 Change-Id: Ib85d1d137139f5e14f735c972c2312acce2caf5f
2017-03-22recovery: Replace the hard-coded 1000 with AID_SYSTEM.Tao Bao1-2/+3
Test: mmma bootable/recovery Change-Id: Icea5bd91a976957e8b6ab46e367345ff69a53ca4
2017-03-08recovery: Fix the FIXME in get_menu_selection().Tao Bao1-99/+94
It used to return a REBOOT action on timeout, until the CL in commit daefc1d442fb421606680feb9aeb59c133f4c427 that redefined the return value of get_menu_selection() (changing from action to a menu index). Prior to this CL, it was returning 0 (i.e. the value of Device::REBOOT) to trigger the reboot. This CL specifies a return value of -1 to indicate the timeout. Test: Boot into a user build recovery; it reboots automatically on timeout (120 sec). Change-Id: I4aedb7a4628bf258017078fe73eb8b48a21d0ea8
2017-03-08recovery: Move a few int to bool.Tao Bao1-67/+68
Most of the changes are trivial. Also update a dead reference to device_handle_key() in device.h comment, and add some comments to get_menu_selection() function. Test: `mmma bootable/recovery` Change-Id: I59ef9213ec88ab35c0e7b8a7813ccf9c56dbd5c5
2017-03-07recovery: Minor clean up to choose_recovery_file().Tao Bao1-51/+35
Test: 'View recovery logs' on bullhead and sailfish. Change-Id: I53272b121e3e55e6fe4c77b71e3c2e819e72cb64
2017-03-07recovery: Drop the "--stages" / '-g' argument.Tao Bao1-13/+4
This was introduced in commit c87bab101893e8322b49d7c8600e3367b20ab50a. But the stage info should be passed through BCB only (there's a dedicated field in struct bootloader_message). This CL removes it from recovery arguments, and also moves 'stage' variable to std::string. Test: 'stage' variable is not used by any device-specific recovery code. Test: Code search shows no hit of '--stages' use. Change-Id: Iccbde578a13255f2b55dd4a928e9ecf487f16b97
2017-03-07recovery: Add SetStage() into 'Run graphics test'.Tao Bao1-25/+37
This allows a quicker test for stage UI. Bug: 27804510 Test: 'Run graphices test' with the new recovery image. Change-Id: I47689ae8e4cac6d7e5d1f6a10b9e393d50d713f3
2017-03-01recovery: Remember the last log position.Tao Bao1-1/+2
After reading one log entry, it should stay at the same menu position. Test: 'View recovery logs' -> Read -> Exit Change-Id: I4b579be4c2fe1e3a1dcc4873e128fd0b2d619ba3
2017-02-24recovery: Don't show "No /cache partition found" on screen.Tao Bao1-1/+0
People have been confused by the message and thought that's an error. Test: Boot recovery on sailfish; choose 'View recovery logs'. Change-Id: I2c540f18d6493c1a129233d10ecbc96823dd3601
2017-02-11recovery: Clean up browse_directory().Tao Bao1-92/+55
Get rid of the malloc/realloc/free'd menus. browse_directory() will only be called on devices with SD card. Tested the CL by temporarily setting SDCARD_ROOT to a different location. Test: See above. Change-Id: I935e1bf4bad0273e3dff87fa2536924f1219adb5
2017-02-03Replace _exit(-1) with _exit(EXIT_FAILURE).Tao Bao1-3/+3
-1 is not a valid exit status. Also replace a few exit(1) with exit(EXIT_FAILURE). Test: mmma bootable/recovery Change-Id: I4596c8328b770bf95acccc06a4401bd5cabd4bfd
2017-01-13recovery: Move property_get() to android::base::GetProperty().Tao Bao1-14/+12
Test: Apply two A/B incremental OTAs with the new recovery image. The one with incorrect pre-build should be blocked, while the other works fine. Change-Id: I94d97eb8798599da1630f66343fb603e87464187
2017-01-09recovery: Fix the argument parsing.Tao Bao1-2/+2
Commit f0ed159f488c57c4ede0503443eb62fadfe0a831 unintentionally changed the behavior when parsing the arguments from BCB and command file. It should only parse the command file for arguments if BCB doesn't supply any. As a result, it shows the following from the log: I:Got 2 arguments from boot message I:Got 3 arguments from /cache/recovery/command Test: Set arguments in BCB and command file both. It should only use the arguments from BCB. Change-Id: Idf371137aa9177f1b2dfdfecf0c9f46959d2ee76
2017-01-04recovery: Fix the broken UI text.Tao Bao1-2/+1
UI text is broken (doesn't show any text during FDR) due to commit d530449e54bd327e9c26209ffa0490c6508afe6c, which reordered the calls to RecoveryUI::SetLocale() and RecoveryUI::Init(). Because Init() uses the locale info to load the localized texts (from images), the locale must be set prior to that via SetLocale(). This CL refactors Init() to take the locale parameter, and removes the odd SetLocale() API. Bug: 34029338 Test: 'Run graphics test' under recovery. Change-Id: I620394a3d4e3705e9af5a1f6299285d143ae1b01
2016-12-21Support a "ask before wiping" boot flag.Paul Crowley1-12/+52
In the event of a catastrophic data error which should never happen, ask the user before wiping the device. Test: Cause an init builtin to fail and generate this error, observe. Bug: 28693324 Change-Id: I38a2b815157d816cba1f30ad37eb4cdcc01db582
2016-12-15Add update_bootloader_message() to fix two-step OTAs.Tao Bao1-11/+12
This is a retry of commit 7e31f421a514da09b90e46dbd642a5e9b16e0003. Commit bd56f1590c967205dc45eb2ec298aa8d2aacb740 switches to calling write_bootloader_message(<options>) in get_args(), which unintentionally resets the stage field thus breaks two-step OTAs. This CL adds update_bootloader_message(<options>), which only sets the command field (to "boot-recovery") and the recovery field (with the specified options). Bug: 33534933 Test: Apply a two-step package. Test: recovery_component_test passes. Change-Id: Ie0b1ed4053d2d3c97d9cb84310d616b28fcfc72e
2016-12-14Remove the obsolete comments for firmware update.Tao Bao1-15/+1
The corresponding code was removed in commit e08991e02a7d678f2574e85289a34b2a9a537c82 in 2010 (Froyo). Test: N/A Change-Id: I2b296e1b07d54232bade79fda7501387d65a4c37
2016-12-13Add a stub recovery UI.Sen Jiang1-1/+5
This allows recovery to work on devices without screen. The stub recovery UI does nothing except print to stdout. Test: write 'recovery\n--wipe_data\n--reason=wipe_data_from_ota\n' to misc and boot to recovery on a device without screen. Bug: 33175036 Change-Id: Icde698aa2e2e29f4b3d0532dfd3c6a939ac2bc63
2016-12-13recovery: Clean up the log saving while wiping.Tao Bao1-95/+85
Test: Wipe /cache and check the logs. Wipe /data and check the logs. Change-Id: I1968e3a0a9ed80134811a91508c4473f1dcdf953
2016-12-10recovery: Remove obsolete code that supports "CACHE:foo" format.Tao Bao1-21/+1
The passing of "--update_package=CACHE:foo" format has been removed in Gingerbread, with commit 4baf641e7d96375eba3f9a3aff5400b9e3d28cd6 in frameworks/base (core/java/android/os/RecoverySystem.java). Test: Recovery image with --update_package still works. Change-Id: I37b56ccf98f62cadf2a3975bbc38b16fea6fe9a1
2016-12-09recovery: Fix the argument parsing from COMMAND_FILE.Tao Bao1-2/+5
Commit f0ed159f488c57c4ede0503443eb62fadfe0a831 didn't ensure mounting COMMAND_FILE (i.e. /cache) prior to reading. Also the first argument in COMMAND_FILE should not be dropped (unlike the first "recovery" argument in BCB message). Bug: 33431888 Test: Push /cache/recovery/command and recovery imag parses the arguments successfully. Change-Id: Ica3157a0bb03a2355315123354617eaf3fff15a4
2016-12-05recovery: Clean up get_args().Tao Bao1-80/+70
Test: Boot into new recovery image, verify the parsed parameters. Change-Id: Ieefafb26cc4147ce4cb9ced4297cdb3b5d1d3789
2016-11-04Cleanup the duplicates of logs rotation functionsTianjie Xu1-84/+6
Bug: 32067516 Test: Logs rotated successfully on angler, recovery-refresh/persist tests passed on an a/b device. Change-Id: Ie80adf0fa958ad3d7869d2d17f49489666b86c29
2016-11-03Revert "Revert "Some cleanups to recovery.""Tao Bao1-57/+53
This reverts commit 8584fcf677dd45b30121bd0490b06297e6be1871. This CL re-lands commit c0319b60f56d445c2d1c74f551e01f069b028fe6. The "stage" and "reason" variables are now declared as global by dropping the static qualifier, because they may be used by vendor recovery libraries. Test: lunch aosp_angler-userdebug; mmma bootable/recovery Test: lunch aosp_dragon-userdebug; mmma bootable/recovery Change-Id: I252c346f450079478cff22bbff01590b8ab2e2b3
2016-10-27Revert "Some cleanups to recovery."Dan Albert1-53/+57
This reverts commit c0319b60f56d445c2d1c74f551e01f069b028fe6. Reason for revert: Broke builds. Change-Id: I82aa880b83de5ae6c36fd7567cb001920559a972
2016-10-26Some cleanups to recovery.Tao Bao1-57/+53
- Remove the duplicate gCurrentUI variable in recovery.cpp; - Refactor the load/save of locale functions; - Clean up ui_print() to get rid of 256-byte buffer limit; - Declare ui in common.h; - Move the typedef of Volume into roots.h. Test: Build and boot into recovery image. Change-Id: Ia28c116858ca754133127a5ff9c722af67ad55b7
2016-10-26Skip update-on-boot for bootreason in blacklistTianjie Xu1-13/+39
Skip the OTA installation when bootreason is 'kernel_panic', 'Panic' etc. Change-Id: Ic1202492bffefa1a9d8d0e691b5af979285e552c Test: On angler, ota installation skips for one bootreason in the blacklist. Bug: 29978689 (cherry picked from commit 27b9fc8a36757235ac3386d66db7d35820c2eb04)
2016-10-19Verify wipe package when wiping A/B device in recovery.Yabin Cui1-2/+71
To increase the security of wiping A/B devices, let uncrypt write wipe package in misc partition. Then recovery verifies the wipe package before wiping the device. Based on the original cherrypick, this CL also has additional changes to address the LOG statements and libziparchive changes. Bug: 29159185 Test: Build and boot into recovery. Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168 (cherry picked from commit 6faf0265c9b58db2c15b53f6d29025629d52f882)
2016-10-19Clean up bootloader_message usage in recoveryTianjie Xu1-29/+13
Switch to using vector and string. Test: bootloader message writes correctly on angler. Change-Id: I95d5a1e584630db326bb4400f3a149b59ad30a9e
2016-10-18Create bootloader_message static library.Yabin Cui1-25/+38
bootloader_messages merges bootloader_message_writer and bootloader.cpp, so we can use the same library to manage bootloader_message in normal boot and recovery mode. Bug: 29582118 Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618 (cherry picked from commit 2f272c0551f984e83bc5abaf240e0dddb38a3326)
2016-10-18Replace minzip with libziparchiveTianjie Xu1-1/+2
Clean up the duplicated codes that handle the zip files in bootable/recovery; and rename the library of the remaining utility functions to libotautil. Test: Update package installed successfully on angler. Bug: 19472796 Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
2016-10-07No longer need android/log.hMark Salyzyn1-1/+0
Test: compile Bug: 31992412 Change-Id: I5156590bfc94e46e9d282c197c3dd8c4bbd9e855
2016-09-30Turn on -Werror for recoveryTianjie Xu1-3/+3
Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab (cherry picked from commit 7aa88748f6ec4e53333d1a15747bc44826ccc410)
2016-09-30Turn on -Werror for recoveryTianjie Xu1-3/+3
Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
2016-09-27DO NOT MERGE Duplicate the last_install content into last_log.Tao Bao1-8/+11
Currently we save the OTA metrics in last_install, which keeps the data for the _last_ install only. This CL logs the same content into last_log so that we keep the metrics for every install. Bug: 31607469 Test: Apply an update (via OTA and sideload) and check last_log and last_install. Change-Id: Id8f174d79534fddc9f06d72a4e69b2b1d8ab186c (cherry picked from commit f4885adc189f246ac3c651aa5cb2e74a240f3f1e)
2016-09-26Duplicate the last_install content into last_log.Tao Bao1-8/+11
Currently we save the OTA metrics in last_install, which keeps the data for the _last_ install only. This CL logs the same content into last_log so that we keep the metrics for every install. Bug: 31607469 Test: Apply an update (via OTA and sideload) and check last_log and last_install. Change-Id: Id8f174d79534fddc9f06d72a4e69b2b1d8ab186c (cherry picked from commit f4885adc189f246ac3c651aa5cb2e74a240f3f1e)
2016-09-26Duplicate the last_install content into last_log.Tao Bao1-8/+12
Currently we save the OTA metrics in last_install, which keeps the data for the _last_ install only. This CL logs the same content into last_log so that we keep the metrics for every install. Bug: 31607469 Test: Apply an update (via OTA and sideload) and check last_log and last_install. Change-Id: Id8f174d79534fddc9f06d72a4e69b2b1d8ab186c
2016-09-26Switch to <android-base/properties.h>.Elliott Hughes1-12/+8
Bug: http://b/23102347 Test: boot into recovery. Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e Merged-In: Ib2ca560f1312961c21fbaa294bb068de19cb883e
2016-09-24Switch to <android-base/properties.h>.Elliott Hughes1-12/+8
Bug: http://b/23102347 Test: boot into recovery. Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e
2016-09-01Switch recovery to libbase loggingTianjie Xu1-39/+60
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 (cherry picked from commit 747781433fb01f745529c7e9dd97c5599070ad0d)
2016-09-01Switch recovery to libbase loggingTianjie Xu1-29/+50
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
2016-09-01Switch recovery to libbase loggingTianjie Xu1-39/+60
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
2016-08-30minadbd: rename adb_server_main to minadbd_main.Josh Gao1-1/+2
adb_server_main in adb refers to the adb server on the host, not adbd. Since there doesn't seem to be a good reason to reuse the declaration from adb's headers, give minadbd a main function of its own. Change-Id: I748f1a6822dc14c726cb73ef3b533c57a6615608
2016-08-18"view recovery logs" will show /tmp/recovery.logTianjie Xu1-31/+36
For A/B devices, "view recovery logs" doesn't work due to the lack of cache partition. To help debugging, we'll show /tmp/recovery.log instead if /cache is not found. Change-Id: Idb77c3a4c30388148a210b38d732a7b27e757bba Test: Tested on an A/B device and /tmp/recovery.log showed up. Bug: 30905700 (cherry picked from commit a54f75ede8f5404c2c55b4f928e73fe9c908298e)
2016-08-17"view recovery logs" will show /tmp/recovery.logTianjie Xu1-31/+36
For A/B devices, "view recovery logs" doesn't work due to the lack of cache partition. To help debugging, we'll show /tmp/recovery.log instead if /cache is not found. Change-Id: Idb77c3a4c30388148a210b38d732a7b27e757bba Test: Tested on an A/B device and /tmp/recovery.log showed up. Bug: 30905700
2016-08-08Handle error from fopen_path in finish_recoveryJohan Harvyl1-4/+6
The fopen_path will fail here e.g. if /cache is corrupt and could not be mounted. Not properly handling an error code from fopen_path() results in a boot loop into recovery as fwrite() on a NULL FILE object will crash the recovery app. Change-Id: I1ccff5a8cb620a32f32adfe97a3fae8e5e908f39
2016-07-27Fix clang-tidy performance warnings.Chih-Hung Hsieh1-1/+1
* Use const reference parameter type to avoid unnecessary copy. * Use more efficient overloaded string methods. Bug: 30407689 Bug: 30411878 Change-Id: Iefab05c077367f272abf545036b853e8a295c8cd Test: build with WITH_TIDY=1
2016-07-12Skip update-on-boot for bootreason in blacklistTianjie Xu1-9/+36
Skip the OTA installation when bootreason is 'kernel_panic', 'Panic' etc. Change-Id: Ic1202492bffefa1a9d8d0e691b5af979285e552c Test: On angler, ota installation skips for one bootreason in the blacklist. Bug: 29978689
2016-06-30Create bootloader_message static library.Yabin Cui1-15/+29
bootloader_messages merges bootloader_message_writer and bootloader.cpp, so we can use the same library to manage bootloader_message in normal boot and recovery mode. Bug: 29582118 Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618
2016-06-24Increase EIO retry countTianjie Xu1-1/+2
Increase the number of attempts of an OTA update from 3 to 5 in case an I/O error happened. This should increase the success rate of the update. Bug: 29619468 Change-Id: I88a067d9debd55a07be22ed981f395f6e47ec28f
2016-06-21Verify wipe package when wiping A/B device in recovery.Yabin Cui1-2/+71
To increase the security of wiping A/B devices, let uncrypt write wipe package in misc partition. Then recovery verifies the wipe package before wiping the device. Bug: 29159185 Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168
2016-06-10recovery: Track the name change for wipe_ab.Tao Bao1-12/+12
Bug: 27253717 Change-Id: I6e63b2a80b7b2948c16e1b57dedc856d52456ac9
2016-06-03recovery: Add support to brick a device.Tao Bao1-1/+91
When recovery starts with --brick, it tries to brick the device by securely wiping all the partitions as listed in /etc/recovery.brick. This is designed to support bricking lost devices. Bug: 27253717 Change-Id: Ib0bd4f0a3bdaca4febc91fce6b682e3ec74354e2 (cherry picked from commit 862a4c11190d72851a72a2b97375ec2698078358)
2016-06-03recovery: Add support to brick a device.Tao Bao1-1/+91
When recovery starts with --brick, it tries to brick the device by securely wiping all the partitions as listed in /etc/recovery.brick. This is designed to support bricking lost devices. Bug: 27253717 Change-Id: Ib0bd4f0a3bdaca4febc91fce6b682e3ec74354e2
2016-05-20Allow recovery to return error codesTianjie Xu1-2/+14
Write error code, cause code, and retry count into last_install. So we can have more information about the reason of a failed OTA. Example of new last_install: @/cache/recovery/block.map package name 0 install result retry: 1 retry count (new) error: 30 error code (new) cause: 12 error cause (new) Details in: go/android-ota-errorcode Bug: 28471955 Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
2016-05-03recovery: Always log the update attempt.Tao Bao1-0/+4
An OTA may be skipped due to low battery. But we should always log it to understand why an update _fails_ to apply. Bug: 27893175 Change-Id: I50a3fbbb3e51035e0ac5f1cca150e283852825c3 (cherry picked from commit 568700189528c69a6cdd7a246127ce01463e033d)
2016-04-30recovery: Always log the update attempt.Tao Bao1-0/+4
An OTA may be skipped due to low battery. But we should always log it to understand why an update _fails_ to apply. Bug: 27893175 Change-Id: I50a3fbbb3e51035e0ac5f1cca150e283852825c3
2016-04-29Add ability to show "installing security update"Tianjie Xu1-0/+6
Add a new command "--security" to boot commands. If this command is observed as part of BCB, choose a different background text picture for installing stage in recovery UI. As a result, users will see "installing security update" instead of "installing system update" when applying a security update package. Bug: 27837319 Change-Id: I2e2253a124993ecc24804fa1ee0b918ac96837c5
2016-04-18Fix google-runtime-int warnings.Chih-Hung Hsieh1-4/+4
Bug: 28220065 Change-Id: Ida199c66692a1638be6990d583d2ed42583fb592
2016-04-15Update the system update animation.Elliott Hughes1-1/+36
Switch to a Wear-like intro/loop system. We don't have an intro yet, but hopefully this will let Wear delete more code when they move to N. Unlike them, we don't hard-code the number of frames: we just look to see what we have available. We do hard-code the fps though. Also add a graphics test mode so you can see a demo of the UI components without having to actually apply an OTA. Also fix a bug where default locale is null rather than en-US: it's more useful to show _some_ text if we don't have a locale (which should only be during development anyway). Bug: http://b/26548285 Change-Id: I63422e3fef3c41109f924d96fb5ded0b3ae7815d
2016-04-02Move selinux dependencies out of header files.Elliott Hughes1-2/+3
Bug: http://b/27764900 Change-Id: Ib62a59edcb13054f40f514c404d32b87b14ed5f1
2016-03-31recovery: use __android_log_pmsg_file_write for log filesMark Salyzyn1-12/+97
(cherry-pick from commit a4f701af93a5a739f34823cde0c493dfbc63537a) - Add call to __android_log_pmsg_file_write for recovery logging. - Add call to refresh pmsg if we reboot back into recovery and then allow overwrite of those logs. - Add a new one-time executable recovery-refresh that refreshes pmsg in post-fs phase of init. We rely on pmsg eventually scrolling off to age the content after recovery-persist has done its job. - Add a new one-time executable recovery-persist that transfers from pmsg to /data/misc/recovery/ directory if /cache is not mounted in post-fs-data phase of init. - Build and appropriately trigger the above two as required if BOARD_CACHEIMAGE_PARTITION_SIZE is undefined. - Add some simple unit tests NB: Test failure is expected on systems that do not deliver either the recovery-persist or recovery-refresh executables, e.g. systems with /cache. Tests also require a timely reboot sequence of test to truly verify, tests provide guidance on stderr to direct. Bug: 27176738 Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
2016-03-28recovery: use __android_log_pmsg_file_write for log filesMark Salyzyn1-12/+97
- Add call to __android_log_pmsg_file_write for recovery logging. - Add call to refresh pmsg if we reboot back into recovery and then allow overwrite of those logs. - Add a new one-time executable recovery-refresh that refreshes pmsg in post-fs phase of init. We rely on pmsg eventually scrolling off to age the content after recovery-persist has done its job. - Add a new one-time executable recovery-persist that transfers from pmsg to /data/misc/recovery/ directory if /cache is not mounted in post-fs-data phase of init. - Build and appropriately trigger the above two as required if BOARD_CACHEIMAGE_PARTITION_SIZE is undefined. - Add some simple unit tests NB: Test failure is expected on systems that do not deliver either the recovery-persist or recovery-refresh executables, e.g. systems with /cache. Tests also require a timely reboot sequence of test to truly verify, tests provide guidance on stderr to direct. Bug: 27176738 Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
2016-03-24Clean up intent_file related code in recovery.cppTianjie Xu1-23/+5
No one in recovery or framework is utilizing intent file. Clean up the code. Bug:27725880 Change-Id: I78b37ff94261793e0d6a86a0fa6d27dcfe3f4783
2016-03-10Reboot and retry on I/O errorsTianjie Xu1-1/+46
When I/O error happens, reboot and retry installation two times before we abort this OTA update. Bug: 25633753 Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69 (cherry picked from commit 3c62b67faf8a25f1dd1c44dc19759c3997fdfd36)
2016-03-04recovery: Handle devices without /cache partition.Tao Bao1-10/+29
Since we may not have /cache partition on A/B devices, let recovery handle /cache related operations gracefully if /cache doesn't exist. (1) Disable the wipe for /cache partition. (2) Skip wiping /cache while wiping /data (i.e. factory reset). (3) Disable logging-related features, until we figure out better ways / places to store recovery logs (mainly for factory resets on A/B devices). Bug: 27176738 Change-Id: I7b14e53ce18960fe801ddfc15380dac6ceef1198 (cherry picked from commit 26112e587084e8b066c28a696533328adde406a9)
2016-03-03Reboot and retry on I/O errorsTianjie Xu1-1/+46
When I/O error happens, reboot and retry installation two times before we abort this OTA update. Bug: 25633753 Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
2016-03-03recovery: Handle devices without /cache partition.Tao Bao1-10/+29
Since we may not have /cache partition on A/B devices, let recovery handle /cache related operations gracefully if /cache doesn't exist. (1) Disable the wipe for /cache partition. (2) Skip wiping /cache while wiping /data (i.e. factory reset). (3) Disable logging-related features, until we figure out better ways / places to store recovery logs (mainly for factory resets on A/B devices). Bug: 27176738 Change-Id: I7b14e53ce18960fe801ddfc15380dac6ceef1198
2016-02-25Move recovery's convert_fbe folder to /tmpPaul Lawrence1-4/+7
The cache folder is no longer available at this time Bug: 27355824 Change-Id: I74e33266c1ff407364981b186613f81319dd22dc
2016-02-23recovery: check battery level before installing package.Yabin Cui1-15/+84
Bug: 26879394 Change-Id: I63dce5bc50c2e104129f1bcab7d3cad5682bf45d (cherry picked from commit 53e7a0628f4acc95481f556ba51800df4a1de37d)
2016-02-20recovery: check battery level before installing package.Yabin Cui1-15/+84
Bug: 26879394 Change-Id: I63dce5bc50c2e104129f1bcab7d3cad5682bf45d
2016-01-14recovery: Fork a process for fuse when sideloading from SD card.Tao Bao1-4/+57
For applying update from SD card, we used to use a thread to serve the file with fuse. Since accessing through fuse involves going from kernel to userspace to kernel, it may run into deadlock (e.g. for mmap_sem) when a page fault occurs. Switch to using a process instead. Bug: 23783099 Bug: 26313124 Change-Id: Iac0f55b1bdb078cadb520cfe1133e70fbb26eadd
2015-12-05Track rename from base/ to android-base/.Elliott Hughes1-2/+2
Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
2015-11-20Track name change from adb_main to adb_server_main.Elliott Hughes1-1/+1
Change-Id: I835805348a9817c81639ad8471e3b49cae93c107
2015-11-16recovery: Allow "Mount /system" for system_root_image.Tao Bao1-2/+17
When system images contain the root directory, there is no entry of "/system" in the fstab. Change it to look for "/" instead if ro.build.system_root_image is true. We actually mount the partition to /system_root instead, and create a symlink to /system_root/system for /system. This allows "adb shell" to work properly. Bug: 22855115 Change-Id: I91864444950dc3229fda3cc133ddbadeb8817fb8 (cherry picked from commit abb8f7785ee24eac42f6d28dbfef37872a06c7e9)
2015-11-16recovery: Switch to clangTao Bao1-6/+15
And a few trival fixes to suppress warnings. Change-Id: Id28e3581aaca4bda59826afa80c0c1cdfb0442fc (cherry picked from commit 80e46e08de5f65702fa7f7cd3ef83f905d919bbc)
2015-11-13Create convert_fbe breadcrumb file to support conversion to FBEPaul Lawrence1-1/+23
Change-Id: I38b29e1e34ea793e4b87cd27a1d39fa905fddf7a
2015-09-17recovery: Add timestamps in update logs.Tao Bao1-16/+98
Fork a logger process and send over the log lines through a pipe. Prepend a timestamp to each line for debugging purpose. Timestamps are relative to the start of the logger. Example lines with the change in this CL: [ 445.948393] Verifying update package... [ 446.279139] I:comment is 1738 bytes; signature 1720 bytes from end [ 449.463652] I:whole-file signature verified against RSA key 0 [ 449.463704] I:verify_file returned 0 Change-Id: I139d02ed8f2e944c1618c91d5cc43282efd50b99
2015-09-10recovery: Remove redirect_stdio() when calling ShowFile().Tao Bao1-3/+0
When calling ScreenRecoveryUI::ShowFile(), the only thing that gets inadequately logged is the progress bar. Replace the call to ScreenRecoveryUI::Print() with ScreenRecoveryUI::PrintOnScreenOnly() for the progress bar, so we can avoid calling redirect_stdio(). Change-Id: I4d7c5d5b39bebe0d5880a99d7a72cee4f0b8f325
2015-08-07Fix recovery image build.Elliott Hughes1-1/+1
A recent adb cleanup changed the signature of adb_main. Change-Id: I98d084f999966f1a7aa94c63e9ed996b3375096d
2015-08-05Fix potential crashJeremy Compostella1-5/+9
Malloc might fail when replacing package path. In this case, print a clear error message in the logs and let the OTA fails. Change-Id: I7209d95edc025e3ee1b4478f5e04f6e852d97205 Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com> Signed-off-by: Gaelle Nassiet <gaellex.nassiet@intel.com>
2015-07-31recovery: Allow "Mount /system" for system_root_image.Tao Bao1-2/+17
When system images contain the root directory, there is no entry of "/system" in the fstab. Change it to look for "/" instead if ro.build.system_root_image is true. We actually mount the partition to /system_root instead, and create a symlink to /system_root/system for /system. This allows "adb shell" to work properly. Bug: 22855115 Change-Id: Ibac493a5a9320c98ee3b60bd2cc635b925f5454a
2015-06-10Split WipeData into PreWipeData and PostWipeData.Elliott Hughes1-17/+12
Bug: http://b/21760064 Change-Id: Idde268fe4d7e27586ca4469de16783f1ffdc5069 (cherry picked from commit 945548ef7b3eee5dbfb46f6291465d4b0b6d02e1)
2015-06-10Split WipeData into PreWipeData and PostWipeData.Elliott Hughes1-17/+12
Bug: http://b/21760064 Change-Id: Idde268fe4d7e27586ca4469de16783f1ffdc5069
2015-06-10Unmount sdcard if no package file is selected.caozhiyuan1-0/+1
Change-Id: I12b4f880802135a98dbc11a19e74172a3a5ef921
2015-06-03recovery: Switch to clangTao Bao1-6/+15
And a few trival fixes to suppress warnings. Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
2015-05-27Clean up the sleep()'s after poking init servicesTao Bao1-8/+11
Change-Id: I77564fe5c59e604f1377b278681b7d1bff53a77a
2015-05-07Add an alternate screen for viewing recovery logs.Elliott Hughes1-4/+5
This makes it easier to go back and forth without losing current output. Also make the display more like regular more(1). Bug: http://b/20834540 Change-Id: Icc5703e9c8a378cc7072d8ebb79e34451267ee1b (cherry picked from commit c049163234003ef463bca018920622bc8269c69b)
2015-05-07Add an alternate screen for viewing recovery logs.Elliott Hughes1-4/+5
This makes it easier to go back and forth without losing current output. Also make the display more like regular more(1). Bug: http://b/20834540 Change-Id: Icc5703e9c8a378cc7072d8ebb79e34451267ee1b
2015-05-05Keep multiple kernel logsTao Bao1-82/+73
Currently we are keeping one copy of the kernel log (LAST_KMSG_FILE). This CL changes to keep up to KEEP_LOG_COUNT copies for kernel logs. Bug: http://b/18092237 Change-Id: Ied862b5b70cbbae7775f59c78c32ec62aeeca655 (cherry picked from commit bef39710ff50cedf6a4de8eb6c7802f66930aab4)
2015-05-05Keep multiple kernel logsTao Bao1-82/+73
Currently we are keeping one copy of the kernel log (LAST_KMSG_FILE). This CL changes to keep up to KEEP_LOG_COUNT copies for kernel logs. Bug: http://b/18092237 Change-Id: I1bf5e230de3efd6a48a5b2ae5a34241cb4d9ca90
2015-05-04Turn on text display for debuggable buildsTao Bao1-0/+7
For userdebug and eng builds, turn on the text display automatically if no command is specified. (cherry-pick of 785d22c88cda46972331c04ebc9df97371a696da.) Bug: http://b/17489952 Change-Id: I38377c45f2a8e45ca788e5506695aa88c769cbcf
2015-05-04Turn on text display for debuggable buildsTao Bao1-0/+7
For userdebug and eng builds, turn on the text display automatically if no command is specified. Bug: http://b/17489952 Change-Id: I3d42ba2848b968da12164ddfda915ca69dcecba1
2015-04-14Move the menu header out of the menu.Elliott Hughes1-10/+4
This makes it easier for us to deal with arbitrary information at the top, and means that headers added by specific commands don't overwrite the default ones. Add the fingerprint back, but broken up so it fits even on sprout's display. Change-Id: Id71da79ab1aa455a611d72756a3100a97ceb4c1c
2015-04-13Add missing \n after "Mounting /system." message.Elliott Hughes1-1/+1
Change-Id: I280a478526f033f5c0041d7e8a818fce6177d732
2015-04-11Revert "Append kernel logs to last_log file"Tao Bao1-46/+42
This reverts commit 2ec803f4350f7b72f5dd65c5f27656c6807e2966. Change-Id: I419025a772ef99db4c0a78bfa7ef66767f3fa062
2015-04-11Append kernel logs to last_log fileTao Bao1-42/+46
Currently we are keeping one copy of the kernel log (LAST_KMSG_FILE). This CL changes to append it to the recovery log. Bug: 18092237 Change-Id: I06ad5629016846927153064f1663753a90296f79
2015-04-10Switch minadb over to C++.Elliott Hughes1-2/+0
Change-Id: I5afaf70caa590525627c676c88b445d3162de33e
2015-04-10Fix ScreenRecoveryUI to handle devices without power/up/down.Elliott Hughes1-4/+2
Currently fugu has a custom subclass to handle this. The default code supports devices with trackballs but not all shipping Nexus devices? That's just silly. Change-Id: Id2779c91284899a26b4bb1af41e7033aa889df10
2015-04-10Move "Mount /system" to the main menu.Elliott Hughes1-5/+7
Everyone's adding secret key combinations for this anyway, and it's very useful when debugging. Change-Id: Iad549452b872a7af963dd649f283ebcd3ea24234
2015-04-10Move the recovery image version out of the menu header.Elliott Hughes1-21/+7
Rather than add code to wrap menu items, let's just put output the recovery version to the log. It'll be visible at the bottom of the screen and automatically wrap. Change-Id: I158fe2d85bc56b195e00619fba455321743923bd
2015-04-09Move file paging into ScreenRecoveryUI.Elliott Hughes1-57/+6
This fixes the N9 performance problem. Change-Id: I00c10d4162ff266a6243285e5a5e768217f6f799
2015-04-09Enable printf format argument checking.Elliott Hughes1-1/+1
The original attempt missed the fact that Print is a member function, so the first argument is the implicit 'this'. Change-Id: I963b668c5432804c767f0a2e3ef7dea5978a1218
2015-04-08Rotate logs only when there are actual operationsTao Bao1-9/+28
Currently it rotates the log files every time it boots into the recovery mode. We lose useful logs after ten times. This CL changes the rotation condition so that it will rotate only if it performs some actual operations that modify the flash (installs, wipes, sideloads and etc). Bug: 19695622 Change-Id: Ie708ad955ef31aa500b6590c65faa72391705940
2015-04-02DO NOT MERGE Revert "Erase PST partition if its marked to be erased."Andres Morales1-2/+0
This now gets done at the framework level. Doing it here breaks the signature on the partition. This reverts commit ee19387905650cab5da7dd97ada5502cd17ac93d. Bug: 19967123 Change-Id: I447b926b733ca145f11a916d9569ce39889db627
2015-03-31Refactor the codes to call wipe_data/wipe_cache functionsTao Bao1-22/+36
It also changes the return type of wipe_data/wipe_cache to bool, so the caller can get the status accordingly. Change-Id: I3022dcdadd6504dac757a52c2932d1176ffd1918
2015-03-31Revert "Erase PST partition if its marked to be erased."Andres Morales1-2/+0
This now gets done at the framework level. Doing it here breaks the signature on the partition. This reverts commit ee19387905650cab5da7dd97ada5502cd17ac93d. Bug: 19967123 Change-Id: I2a977cb0f0ba94defa1bf9091219398ddc1d3528 (cherry picked from commit 037444642bc32d8fed3bb996823b6a62faa57195)
2015-03-30Add support to enter sideload mode directlyTao Bao1-26/+49
When the command file contains "--sideload" (as a result of 'adb reboot sideload'), it goes into sideload mode directly. Text display will be turned on by default. It waits for user interaction upon finishing. When the command file contains "--sideload_auto_reboot", it enters sideload mode silently. And it will reboot after the installation regardless of its result, which is designed for automated testing purpose. Change-Id: Ifdf173351221c7bbf635cfd32463b48e1fff5740
2015-03-30Revert "Erase PST partition if its marked to be erased."Andres Morales1-2/+0
This now gets done at the framework level. Doing it here breaks the signature on the partition. This reverts commit ee19387905650cab5da7dd97ada5502cd17ac93d. Bug: 19967123 Change-Id: I447b926b733ca145f11a916d9569ce39889db627
2015-03-26Factor out the "yes/no" menu and use it for "Wipe cache" too.Elliott Hughes1-60/+35
It's surprising that only one of the wipe options asks for confirmation. This change makes it easier to add confirmation to any action. I've also removed the version information from all but the main menu, because I find I'm not really reading the red text because there's so much of it all the time. (Given that fingerprints are long and menu items aren't wrapped, we might want to go with an actual "About" menu item instead.) Change-Id: I7d809fdd53f9af32efc78bee618f98a69883fffe
2015-03-25Factor out option variables from int to bool typesTao Bao1-6/+8
Change-Id: Ia897aa43e44d115bde6de91789b35723826ace22
2015-03-24Fix wipe command when using sideload in recoveryChristian Poetzsch1-52/+47
Add support for the wipe command when using sideload within the recovery. All the support for this command is in place, only the execution of the actual wipe command itself was missing. Change-Id: Ia9cdfc912bfb9f558fa89b9f0ed54e843ede41f2 Signed-off-by: Christian Poetzsch <christian.potzsch@imgtec.com>
2015-03-23Add "Apply update from sdcard" to default recovery image.Elliott Hughes1-3/+7
At the moment, this is the only difference in the sprout recovery image. That's silly. Let's just improve the error handling slightly and always have this option present. Also make the obscure "<3e>" less unclear. Also use "power button" as the default text rather than "enter button", because it's been years since anyone had one of those. (Longer term we should let subclassers tell us the keycode and we translate it to the correct string.) Also move the two "Reboot" options together, put "Power off" at the bottom (and use that terminology, like the real UI, rather than "Power down"), and use capitals throughout. Finally, add a README.md with some useful instructions. Change-Id: I94fb19f73d79c54fed2dda30cefb884426641b5c
2015-03-11updater: Check the return value from ApplyImagePatch / ApplyBSDiffPatchTao Bao1-0/+1
Return NULL to abort the update process. Note that returning "" won't stop the script. Change-Id: Ifd108c1356f7c92a905c8776247a8842c6445319
2015-02-20Kill of most of the remainder of minadbd.Dan Albert1-2/+2
I think everything left now is here to stay (services.c might get massaged in to libadbd if it gets refactored). Bug: 17626262 Change-Id: I01faf8b277a601a40e3a0f4c3b8206c97f1d2ce6
2015-02-10recovery: Properly detect userdebug or eng buildsElliott Hughes1-3/+6
The recovery system behaves a little bit differently on userdebug or eng builds by presenting error reports to the user in the ui. This is controlled by checking the build fingerprint for the string :userdebug/ or :eng/. But with AOSP version numbers most AOSP builds blows the 92 char limit of ro.build.fingerprint and therefore the property is not set, so this condition will always be evaluated to false, for most builds. Instead of depending on the flaky ro.build.fingerprint this change uses ro.debuggable. Change-Id: I74bc00c655ac596aaf4b488ecea58f0a8de9c26b
2014-12-10Add basic navigation controls to log viewer.Patrick Tjin1-2/+36
Bug: 18642766 Change-Id: I95a6c8edf83513d421a041e79c15111b5c991dde Signed-off-by: Patrick Tjin <pattjin@google.com>
2014-12-10Save kernel logs to /cache/recoveryPatrick Tjin1-6/+60
Bug: 18642766 Change-Id: I6c8b7d8f9ffb688d3afdfe0d47c4142e711e421d Signed-off-by: Patrick Tjin <pattjin@google.com>
2014-10-23Make /cache/recovery/last_log available in recoveryNick Kralevich1-4/+73
Create a new recovery UI option to allow the user to view /cache/recovery/last_log for their device. This gives enhanced debugging information which may be necessary when a failed OTA occurs. Bug: 18094012 Change-Id: Ic3228de96e9bfc2a0141c7aab4ce392a38140cf3
2014-09-24Include reason when wiping data.Jeff Sharkey1-0/+4
This will help us track down who requested a data wipe. Bug: 17412160 Change-Id: I1c439fbd29f96b9851810baca9101f683a0f18d8
2014-08-06Erase PST partition if its marked to be erased.Andres Morales1-0/+2
We need to wipe the challenges on this partition if OEM unlock is enabled, as this is a signal that the user has opted out of factory reset protection. go/factory-reset Bug: 16633064 Change-Id: Icb8f1433bf99ca57813f5b72d5a3dd15fa94a263
2014-07-10do sdcard sideloading through the fuse filesystemDoug Zongker1-101/+9
Make a fuse filesystem that sits on top of the selected package file on the sdcard, so we can verify that the file contents don't change while being read and avoid copying the file to /tmp (that is, RAM) before verifying and installing it. Change-Id: Ifd982aa68bfe469eda5f839042648654bf7386a1
2014-07-08drop APPLY_CACHE and refactor APPLY_EXTDoug Zongker1-63/+45
Drop support for sideloading OTA packages of the cache partition (a half-solution that's long since been deprecated by "adb sideload"). Refactor the code to sideload OTA packages from SD cards: remove the installation code from the file browser. Change-Id: Id0dff6b27c4a5837546f174f50e2e1d0379c43db
2014-07-02sideload without holding the whole package in RAMDoug Zongker1-2/+2
Implement a new method of sideloading over ADB that does not require the entire package to be held in RAM (useful for low-RAM devices and devices using block OTA where we'd rather have more RAM available for binary patching). We communicate with the host using a new adb service called "sideload-host", which makes the host act as a server, sending us different parts of the package file on request. We create a FUSE filesystem that creates a virtual file "/sideload/package.zip" that is backed by the ADB connection -- users see a normal file, but when they read from the file we're actually fetching the data from the adb host. This file is then passed to the verification and installation systems like any other. To prevent a malicious adb host implementation from serving different data to the verification and installation phases of sideloading, the FUSE filesystem verifies that the contents of the file don't change between reads -- every time we fetch a block from the host we compare its hash to the previous hash for that block (if it was read before) and cause the read to fail if it changes. One necessary change is that the minadbd started by recovery in sideload mode no longer drops its root privileges (they're needed to mount the FUSE filesystem). We rely on SELinux enforcement to restrict the set of things that can be accessed. Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
2014-04-01add reboot-to-bootloader and power down options to recovery menuDoug Zongker1-17/+38
Useful when debugging or developing for recovery. Change-Id: Ic3ab42d5e848ad3488f1c575339b55e45c8a024b
2014-03-18add --shutdown_after option to recoveryDoug Zongker1-4/+10
The "--shutdown_after" option causes recovery to power down the device on completion rather than rebooting. Removes the last vestiges of the "--previous_runs" argument, which doesn't seem to be used for anything. Change-Id: I465eda2ef59d367e2b1c79a8dc69831263c69a4d Conflicts: recovery.cpp
2014-03-18add --shutdown_after option to recoveryDoug Zongker1-4/+10
The "--shutdown_after" option causes recovery to power down the device on completion rather than rebooting. Removes the last vestiges of the "--previous_runs" argument, which doesn't seem to be used for anything. Change-Id: I465eda2ef59d367e2b1c79a8dc69831263c69a4d
2014-03-17refactor image resource loading code in minuiDoug Zongker1-1/+1
Reduce the number of copies of libpng boilerplate. Rename res_create_* functions to be more clear. Make explicit the use of the framebuffer pixel format for images, and handle more combinations of input and output (eg, loading a grayscale image for display rather than use as a text alpha channel). Change-Id: I3d41c800a8f4c22b2f0167967ce6ee4d6b2b8846
2014-03-14Recovery 64-bit compile issuesMark Salyzyn1-2/+2
Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
2014-02-14clean up some warnings when building recoveryDoug Zongker1-1/+1
Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
2014-01-21log extra info for debuggingDoug Zongker1-1/+1
Make recovery log its PID, and when we use a block map file, log how many ranges it contains. Change-Id: I1b4299f8163af68a770b48c029ae25e6cb45d26b
2013-11-27add the functions for multi-stage packages to updaterDoug Zongker1-0/+18
In order to support multi-stage recovery packages, we add the set_stage() and get_stage() functions, which store a short string somewhere it can be accessed across invocations of recovery. We also add reboot_now() which updater can invoke to immediately reboot the device, without doing normal recovery cleanup. (It can also choose whether to boot off the boot or recovery partition.) If the stage string is of the form "#/#", recovery's UI will be augmented with a simple indicator of what stage you're in, so it doesn't look like a reboot loop. Change-Id: I62f7ff0bc802b549c9bcf3cc154a6bad99f94603
2013-09-04recovery: fix use of init reboot methodDoug Zongker1-1/+1
We need to set the system property to "reboot,", not an empty string. Bug: 10605007 Change-Id: I776e0d273764cf254651ab2b25c2743395b990e0
2013-09-03recovery: fix use of init reboot methodDoug Zongker1-1/+1
We need to set the system property to "reboot,", not an empty string. Bug: 10605007 Change-Id: I776e0d273764cf254651ab2b25c2743395b990e0
2013-08-30recovery: fix rebootingDoug Zongker1-1/+1
Change I84c0513acb549720cb0e8c9fcbda0050f5c396f5 moved reboot functionality into init but did not update the recovery partition; so "adb reboot" and /system/bin/reboot in recovery are both broken. Change-Id: Ie2d14627a686ffb5064256b6c399723636dff116
2013-08-21recovery: install packages in a known mount environmentDoug Zongker1-5/+0
When installing a package, we should have /tmp and /cache mounted and nothing else. Ensure this is true by explicitly mounting them and unmounting everything else as the first step of every install. Also fix an error in the progress bar that crops up when you do multiple package installs in one instance of recovery. Change-Id: I4837ed707cb419ddd3d9f6188b6355ba1bcfe2b2
2013-07-31notify about pending long pressDoug Zongker1-8/+6
Recovery changes: - add a method to the UI class that is called when a key is held down long enough to be a "long press" (but before it is released). Device-specific subclasses can override this to indicate a long press. - do color selection for ScreenRecoveryUI's menu-and-log drawing function. Subclasses can override this to customize the colors they use for various elements. - Include the value of ro.build.display.id in the menu headers, so you can see on the screen what version of recovery you are running. Change-Id: I426a6daf892b9011638e2035aebfa2831d4f596d
2013-07-09recovery: preserve recovery logs across cache wipesDoug Zongker1-2/+76
When doing a cache wipe or a factory reset (which includes a cache wipe), save any last* log files in the /cache/recovery directory and write them back after reformatting the partition, so that wiping data doesn't lose useful log information. Change-Id: I1f52ae9131760b5e752e136645c19f71b7b166ee
2013-07-09recovery: move log output to stdoutDoug Zongker1-2/+1
Recovery currently has a random mix of messages printed to stdout and messages printed to stderr, which can make logs hard to read. Move everything to stdout. Change-Id: Ie33bd4a9e1272e731302569cdec918e0534c48a6
2013-07-02recovery: copy logs to cache more aggressivelyDoug Zongker1-9/+17
Copy logs to /cache immediately upon a package installation failure; don't wait for recovery to finish. (If the user reboots without exiting recovery the "right" way, the logs never get copied at all.) Change-Id: Iee342944e7ded63da5a4af33d11ebc876f6c0835
2013-06-04Fix the potential segmentation faultJin Feng1-1/+7
Extral newline can trigger recovery segmentation fault Test case: host$ adb shell 'echo -en "--update_package=ota_update.zip\n--show_text\n\n" > /cache/recovery/command' host$ adb reboot recovery Change-Id: If1781c1f5ad94a273f1cb122b67cedd9fb562433 Signed-off-by: Jin Feng <jin88.feng@gmail.com>
2013-05-21recovery: save logs from the last few invocations of recoveryDoug Zongker1-1/+19
Extends the last_log mechanism to save logs from the last six invocations of recovery, so that we're more likely to have useful logs even if the device has repeatedly booted into recovery. Change-Id: I08ae7a09553ada45f9e0733fe1e55e5a22efd9f9
2013-05-21recovery: turn on text display for install errors in debug buildsDoug Zongker1-2/+33
Hopefully this will reduce the number of OTA "bugs" reported that are really just someone having changed their system partition, invalidating future incremental OTAs. Also fixes a longstanding TODO about putting LOGE() output in the on-screen display. Change-Id: I44e5be65b2dee7ebce2cce28ccd920dc3d6e522e
2013-05-16recovery: save logs from the last few invocations of recoveryDoug Zongker1-1/+19
Extends the last_log mechanism to save logs from the last six invocations of recovery, so that we're more likely to have useful logs even if the device has repeatedly booted into recovery. Change-Id: I08ae7a09553ada45f9e0733fe1e55e5a22efd9f9
2013-05-16recovery: turn on text display for install errors in debug buildsDoug Zongker1-2/+33
Hopefully this will reduce the number of OTA "bugs" reported that are really just someone having changed their system partition, invalidating future incremental OTAs. Also fixes a longstanding TODO about putting LOGE() output in the on-screen display. Change-Id: I44e5be65b2dee7ebce2cce28ccd920dc3d6e522e
2013-03-07more font improvements and cleanupDoug Zongker1-1/+0
Get rid of the notion of a font's "ascent"; the reference point for drawing is the top-left corner of the character box rather than the baseline. Add some more space between the menu entries and make the highlight bar around the text. Replace the default font.png with two images; the build system will include one or the other based on the resolutions of the device. Restore the original compiled-in bitmap font, to fall back on when font.png can't be found (eg, in the charger binary). Add support for bold text (when a font.png image is used). Change-Id: I6d211a486a3636f20208502b1cd2aeae8b9f5b02
2012-10-16Remove HAVE_SELINUX guardsKenny Root1-2/+0
Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
2012-10-09recovery: fix failure to unmount "/cache"Devin Kim1-0/+1
At load_locale_from_cache() function, LOCALE_FILE must get closed after it is opened and used. Otherwise it causes a failure to unmount "/cache" after load_locale_from_cache() function is called. Change-Id: I9cec0f29a8ec4452c8a6a52e2f3c8ce9930d5372 Signed-off-by: Iliyan Malchev <malchev@google.com>
2012-09-24display error state on OTA failureDoug Zongker1-4/+13
We need prompt_with_wait() to show either the ERROR or NO_COMMAND state as appropriate. Bug: 7221068 Change-Id: I191526cf12630d08b7a8250a2a81e724a4a5d972
2012-09-19localization for recovery messagesDoug Zongker1-1/+2
Add images of text for all locales we support. Make the progress bar fill the correct way for RTL languages. (Flip the direction the spinner turns, too, just for good measure.) Bug: 7064142 Change-Id: I5dddb26e02ee5275c57c4dc4a03c6d68432ac7ba
2012-09-18localization for recovery messagesDoug Zongker1-1/+2
Add images of text for all locales we support. Make the progress bar fill the correct way for RTL languages. (Flip the direction the spinner turns, too, just for good measure.) Bug: 7064142 Change-Id: I5dddb26e02ee5275c57c4dc4a03c6d68432ac7ba
2012-08-30recovery locale handling fixesDoug Zongker1-1/+1
- change locale filename to "last_locale" so the main system doesn't delete it - clean up some chatty logging - update images with real German (other languages TBD) Change-Id: I2ebb4ed4e054bd1808a3042d9efbb2c18f3a044d
2012-08-23change recovery images to android with spinnerDoug Zongker1-9/+12
Also make writing the locale a bit more robust. Change-Id: I803dd0aa0b9d6661fad74ea13fb085682402323c
2012-08-23add simple text to recovery UIDoug Zongker1-10/+53
- recovery takes a --locale argument, which will be passed by the main system - the locale is saved in cache, in case the --locale argument is missing (eg, when recovery is started from fastboot) - we include images that have prerendered text for many locales - we split the background states into four (installing update, erasing, no command, error) so that appropriate text can be shown. Change-Id: I731b8108e83d5ccc09a4aacfc1dbf7e86b397aaf
2012-04-12minor recovery changesDoug Zongker1-2/+6
- add the --just_exit option to make recovery exit normally without doing anything - make it possible to build updater extensions in C++ - add the clear_display command so that the updater binary can request recovery switch to the NONE background UI These are all used to support the notion of using OTA as a factory reflash mechanism. Change-Id: Ib00d1cbf540feff38f52a61a2cf198915b48488c
2012-04-08Update merge for SELinux to compileKenny Root1-1/+1
The contribution of SELinux things to AOSP had a call to the old ui_print that merged cleanly. This changes that call into the newer call so it will actually compile when enabled. Change-Id: I8368e937219b01d0bef06007fa46302415256d07
2012-01-18support "sideload over ADB" modeDoug Zongker1-0/+32
Rather than depending on the existence of some place to store a file that is accessible to users on an an unbootable device (eg, a physical sdcard, external USB drive, etc.), add support for sideloading packages sent to the device with adb. This change adds a "minimal adbd" which supports nothing but receiving a package over adb (with the "adb sideload" command) and storing it to a fixed filename in the /tmp ramdisk, from where it can be verified and sideloaded in the usual way. This should be leave available even on locked user-build devices. The user can select "apply package from ADB" from the recovery menu, which starts minimal-adb mode (shutting down any real adbd that may be running). Once minimal-adb has received a package it exits (restarting real adbd if appropriate) and then verification and installation of the received package proceeds. always initialize usb product, vendor, etc. for adb in recovery Set these values even on non-debuggable builds, so that the mini-adb now in recovery can work.
2012-01-10support "sideload over ADB" modeDoug Zongker1-0/+32
Rather than depending on the existence of some place to store a file that is accessible to users on an an unbootable device (eg, a physical sdcard, external USB drive, etc.), add support for sideloading packages sent to the device with adb. This change adds a "minimal adbd" which supports nothing but receiving a package over adb (with the "adb sideload" command) and storing it to a fixed filename in the /tmp ramdisk, from where it can be verified and sideloaded in the usual way. This should be leave available even on locked user-build devices. The user can select "apply package from ADB" from the recovery menu, which starts minimal-adb mode (shutting down any real adbd that may be running). Once minimal-adb has received a package it exits (restarting real adbd if appropriate) and then verification and installation of the received package proceeds. Change-Id: I6fe13161ca064a98d06fa32104e1f432826582f5
2011-12-14mount cache before sideloading from external storageDoug Zongker1-0/+4
Some packages expect to find cache mounted, since it always is for "real" OTAs. Bug: 5739915 Change-Id: I7a7cdd88a60c61e4bc7dc3e1f99956f6487c42e1
2011-11-04move key processing to RecoveryUIDoug Zongker1-3/+1
Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so it can be used by devices without screens. Remove the UIParameters struct and replace it with some new member variables in ScreenRecoveryUI. Change-Id: I70094ecbc4acbf76ce44d5b5ec2036c36bdc3414
2011-11-01move key processing to RecoveryUIDoug Zongker1-3/+1
Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so it can be used by devices without screens. Remove the UIParameters struct and replace it with some new member variables in ScreenRecoveryUI. Change-Id: I4c0e659edcbedc0b9e86ed261ae4dbb3c6097414
2011-10-31C++ class for device-specific codeDoug Zongker1-36/+34
Replace the device-specific functions with a class. Move some of the key handling (for log visibility toggling and rebooting) into the UI class. Fix up the key handling so there is less crosstalk between the immediate keys and the queued keys (an increasing annoyance on button-limited devices). Change-Id: I698f6fd21c67a1e55429312a0484b6c393cad46f
2011-10-31refactor ui functions into a classDoug Zongker1-44/+51
Move all the functions in ui.c to be members of a ScreenRecoveryUI class, which is a subclass of an abstract RecoveryUI class. Recovery then creates a global singleton instance of this class and then invoke the methods to drive the UI. We use this to allow substitution of a different RecoveryUI implementation for devices with radically different form factors (eg, that don't have a screen). Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
2011-10-31C++ class for device-specific codeDoug Zongker1-36/+34
Replace the device-specific functions with a class. Move some of the key handling (for log visibility toggling and rebooting) into the UI class. Fix up the key handling so there is less crosstalk between the immediate keys and the queued keys (an increasing annoyance on button-limited devices). Change-Id: I8bdea6505da7974631bf3d9ac3ee308f8c0f76e1
2011-10-31turn recovery into a C++ binaryDoug Zongker1-37/+38
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555
2011-10-28turn recovery into a C++ binaryDoug Zongker1-825/+0
Change-Id: I68a67a4c8edec9a74463b3d4766005ce27b51316
2011-10-19allow recovery packages to wipe cacheDoug Zongker1-14/+44
updater now has a function "wipe_cache();" which causes recovery to wipe the cache partition after the successful installation of the package. Move log copying around a bit so logs and the last_install flag file are copied to cache after it's wiped. Bug: 5314244 Change-Id: Id35a9eb6dcd626c8f3a3a0076074f462ed3d44bd
2011-06-24Allow applying an OTA package manually from cache.Michael Ward1-9/+31
Change-Id: I8f78377555c658a992ca95cadf11b67ddc93fed8
2011-04-12save a last_install file with the result of the last package install attemptDoug Zongker1-1/+1
When installing a package, create /cache/recovery/last_install, which contains the filename of the package and a 1 or 0 for success or failure. Also, don't mount ext4 and vfat filesystems as read-only (on devices where /cache is ext4, we need it to be read-write). Change-Id: I0cf2a1921bbd65e06343aa74e2006577fac77c2c
2011-03-11Have recovery reboot using the new android_reboot() function.Ken Sumrall1-3/+2
The new android_reboot() function is a nicer way to reboot the system. I can optionally sync() and remount read-only writable filesystems. This fixes bug 3350709. Change-Id: Ic4c8676debd642e57bce3107b99dd810d90b6f82
2011-03-01make recovery UI images more general; allow for installation animationDoug Zongker1-0/+3
Change some of the UI parameters (# of indeterminate progress bar frames, fps, etc.) from #defined constants to variables that can be set by the device-specific recovery_ui code (via a new function). Support overlaying different images on top of the base installation icon to animate it. Make the FPS control more accurate. Change-Id: I9268b389b7ea6b3ed9e0c7eae37baf4272e60edd
2011-01-25make recovery reboot after 2 minutes of no activityDoug Zongker1-0/+10
If recovery sits for 2 minutes in prompt_and_wait(), and you've never turned the screen on via the magic keypress, go ahead and reboot. (We used to assume that the user could pull the battery to get out of this state, but on devices with nonremovable batteries...) If you've ever enabled display of the log/menu since recovery started, we assume you know what you're doing and will stay in recovery until you choose to reboot. Bug: 3387873 Bug: 3387274 Change-Id: I041621e5db132df9a925e6808845a7c45e1b427a
2011-01-18remove encrypted filesystem code from recoveryDoug Zongker1-63/+1
This was never used; encrypted filesystems are being done a different way now. Change-Id: I519c57b9be44d001f0b81516af7bfc252069892b
2010-11-01clear recovery framebuffers on allocation; display icon right after ui_initDoug Zongker1-0/+1
Make ui_init() clear the framebuffer memory it maps in so the user isn't treated to a visible flash of random bits on recovery startup. Call ui_set_background() (to show the installing icon) right after ui_init() to display something while device_recovery_start() is working (which can take a second or two on some devices). Bug: 3145331 Change-Id: I11e7859fab5847370ea4f4932c3fb1558af26c5d
2010-09-29save the log from recovery's last run in /cache/recovery/last_logDoug Zongker1-17/+40
Also, don't lose the start of the log whenever a wipe cache is performed. Change-Id: I29999762854eb36d1ff2bc20b4183c9077b19777
2010-09-22handle old-style CACHE: packagesDoug Zongker1-2/+18
Change-Id: I7bf52b56770c207ba1c8329243991b07ebb65779
2010-09-22mount sdcard only on demand; fix sideload installsDoug Zongker1-3/+6
Bug: 3009493 Change-Id: I1a7f99fc41a6a7012742e82f8c06a0c75584890a
2010-09-21remove the notion of "root path"; support mixed flash typesDoug Zongker1-76/+63
Remove the wacky notion of "roots" and "root paths" (those things that look like "FOO:some/path" instead of just "/foo/some/path"). Let each device specify its own table of available partitions and how to mount them (needed for devices that use both MTD/yaffs2 and EMMC/ext4 partitions). (Cherrypicked from gingerbread w/slight edits.) Change-Id: I2479ce76b13e73f1d12035c89386c3a82b3edf51
2010-09-21remove the notion of "root path"; support mixed flash types (do not merge)Doug Zongker1-76/+63
Remove the wacky notion of "roots" and "root paths" (those things that look like "FOO:some/path" instead of just "/foo/some/path"). Let each device specify its own table of available partitions and how to mount them (needed for devices that use both MTD/yaffs2 and EMMC/ext4 partitions). Change-Id: I18b0a572a71c5e087e0b7ae11b1774388339bfd1
2010-09-15support for ext4/EMMC filesystems in updater binaryDoug Zongker1-6/+6
Make the mount and format functions take extra parameters describing the filesystem type and add support for mounting and formatting ext4 filesystems on EMMC. Change recovery to consistently use stdout for status messages instead of mixing stdout and stderr.
2010-09-15(cherry-pick) support installing any .zip file on the sdcardDoug Zongker1-25/+140
Replaces the "install sdcard:update zip" menu option with one that displays a menu of zip files (and subdirs) on the sdcard and lets you pick which one to install. Change-Id: Icff541525f2fdfc8939a91af626ecc386ac9dd07
2010-09-03add --show_text option to recoveryDoug Zongker1-0/+2
Change-Id: Ie6c6c920260dfa759fbb15b1f352d6bb0fa7146c
2010-09-01Revert 21f0f97ebabb47adcbfe8d38b02685f2019b4eb3Ying Wang1-2/+1
Change-Id: I46e4d7fe76e4219207e46f19e50188e38bb932b7
2010-08-31Fix for crespo.Ying Wang1-1/+2
Change-Id: I008510bf614606a46a630c7adc39464ce1143ec3
2010-08-02don't go into file select menu when mounting external storage failsDoug Zongker1-1/+4
Change-Id: If0efeddc28e1dbb52d9e52abf53323e2cc97c8f0
2010-07-30generalize "install from sdcard" to "install from external storage"Doug Zongker1-4/+6
Allow sideloading of OTA packages from USB drives that appear as /dev/block/sda1. Change-Id: I1908576c24547cd0088475d8c8917699cd906868
2010-07-09make a copy of sideloaded packages in /tmp before verifyingDoug Zongker1-2/+112
Copy a sideloaded package into /tmp, then verify and install the copy, to prevent malicious users from overwriting the package between verification and install. Bug: 2826890 package can be replaced during verification Bug: 2058160 Recovery should copy sideloaded (sd card) update ... Change-Id: I3de148b0f1a671f1974782b6855527caeaefda23
2010-07-02support for ext4/EMMC filesystems in updater binaryDoug Zongker1-6/+6
Make the mount and format functions take extra parameters describing the filesystem type and add support for mounting and formatting ext4 filesystems on EMMC. Change recovery to consistently use stdout for status messages instead of mixing stdout and stderr.
2010-04-08support installing any .zip file on the sdcardDoug Zongker1-20/+140
Replaces the "install sdcard:update zip" menu option with one that displays a menu of zip files (and subdirs) on the sdcard and lets you pick which one to install. Change-Id: I85c94c0e9bc8e05ca52031fc29ca2624c2695ced
2010-04-02DO NOT MERGEOscar Montemayor1-18/+18
Encrypted File Systems integration. Recovery changes. Change-Id: I932f73a6f937aac061128e1134eab08c30f0471d
2010-03-27DO NOT MERGEOscar Montemayor1-43/+1
Removing unused recovey options. Please refer to Bug#2502219 for more info. Change-Id: I2fe3cdb0c8b93ed7e1cc4093824fbe181f5f0aea
2010-03-15Encrypted File Systems part 3. Recovery changes.Oscar Montemayor1-18/+18
Change-Id: I932f73a6f937aac061128e1134eab08c30f0471d
2010-02-03bump updater API version to 3; deprecate firmware update commandDoug Zongker1-10/+1
Remove support for the HTC-specific "firmware" update command and the corresponding edify function write_firmware_update(). This functionality is now done by an edify extension library that lives in vendor/htc. Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
2010-02-02change log recovery to generic device_recovery_start functionDoug Zongker1-3/+3
Remove (or at least stop calling) the HTC-specific mechanism for preserving the recovery log from before a radio or hboot update. Replace it with a generic device_recovery_start() function which each device's code can implement to do whatever it wants on recovery startup. Change-Id: If3cca4b498c0b1cf0565236404ecf56a1fc46123
2010-01-21save the recovery log from before HTC firmware updatesDoug Zongker1-1/+3
When doing a firmware (radio or hboot) update on HTC devices, save the recovery log in block 1 of the cache partition, before the firmware image and the UI bitmaps. When we boot back into recovery after the firmware update to reformat the cache partition, copy that log out of cache before reformatting it and dump it into the current invocation's log. The practical upshot of all this is that we can see the log output from radio and hboot updates. Change-Id: Ie0e89566754c88f4bed6a90d8a0aa04047b01a27
2009-12-10Recovery changes for Encrypted File Systems.Oscar Montemayor1-14/+71
This change enables/disables the Encrypted file systems feature. It reads some properties form the data partition, wipes the partition out, and then rewrites the proper properties again into the data partition to signal that encrypted FS are enabled.
2009-11-13eclair snapshotJean-Baptiste Queru1-94/+152
2009-10-06add terminator to recovery's getopt_long options arrayDoug Zongker1-0/+1
http://b/2170691 - recovery argument parsing is broken
2009-09-23confirm before wiping user data in recoveryDoug Zongker1-69/+107
When using the hidden menu to wipe data in recovery, confirm before starting the wipe. (This does not affect booting with the --wipe_data flag, or using Alt+W on dream with the menu hidden -- those still wipe data immediately.)
2009-08-25Not all failures to fopen_root_path() are serious.Jay Freeman (saurik)1-3/+6
Example: E:Can't open /cache/recovery/command.
2009-08-18do not merge: cherry-pick of c2d666bd4f6eb5f7a9f17b10435c161cb105b7c5 from masterDoug Zongker1-0/+10
2009-08-18Recovery: When updating from SD card, update can't resume automaticallyJared Suttles1-0/+10
after a power loss Submitted on behalf of Hong-Bin Wang <hong-binwang@motorola.com> Signed-off-by: Jared Suttles <jared.suttles@motorola.com>
2009-07-15remove amendDoug Zongker1-28/+1
Yank all the code to install OTA packages out of the recovery binary itself. Now packages are installed by a binary included in the package (run as a child of recovery), so we can make improvements in the installation process without waiting for a new release to use them.
2009-06-19add function for device-specific wipe data featuresDoug Zongker1-2/+7
Some devices want to do special things when recovery wipes data (eg, wipe data in their baseband processor as well). Add a hook in the device-specific recovery library that gets called when data is wiped. Also add an amend root for the "mbm" partition.
2009-06-18let the "firmware" command take the file straight from the packageDoug Zongker1-1/+2
To do a firmware-install-on-reboot, the update binary tells recovery what file to install before rebooting. Let this file be specified as "PACKAGE:<foo>" to indicate taking the file out of the OTA package, avoiding an extra copy to /tmp. Bump the API version number to reflect this change.
2009-06-11split out device-specific recovery UI code into vendor directoriesDoug Zongker1-42/+29
Take some device-specific details of the recovery UI (eg, what keys to press to bring up the interface and perform actions, exact text of the menu, etc.) and split them out into separate C functions. Arrange to take implementations of those functions from the appropriate vendor directory at build time. Provide a default implementation in case no vendor-specific one is available.
2009-06-03remove unused permissions scheme from amendDoug Zongker1-4/+0
Amend (aka the recovery command language) had a half-implemented scheme of limiting which commands OTA packages were allowed to execute. It's not clear what this was ever supposed to be good for. Remove it.
2009-05-29don't say "install complete" when it really isn'tDoug Zongker1-1/+6
Change the recovery UI so that when there is a hboot or radio update pending (which the user most do a home+back reboot to actually install), the UI tells them so, instead of saying "Install from sdcard complete."
2009-04-02AI 144101: am: CL 144070 Add an option to wipe cache (only) to the recovery menu.Doug Zongker1-0/+9
Original author: dougz Merged from: //branches/donutburger/... Automated import of CL 144101
2009-04-01AI 144070: Add an option to wipe cache (only) to the recovery menu.Doug Zongker1-0/+9
Automated import of CL 144070
2009-03-04auto import from //depot/cupcake/@135843The Android Open Source Project1-0/+471
2009-03-04auto import from //depot/cupcake/@135843The Android Open Source Project1-471/+0
2009-02-11auto import from //branches/cupcake/...@130745The Android Open Source Project1-23/+78
2009-01-10auto import from //branches/cupcake/...@125939The Android Open Source Project1-24/+79