summaryrefslogtreecommitdiffstats
path: root/recovery.cpp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Include reason when wiping data.Jeff Sharkey2014-09-241-0/+4
| | | | | | | This will help us track down who requested a data wipe. Bug: 17412160 Change-Id: I1c439fbd29f96b9851810baca9101f683a0f18d8
* Erase PST partition if its marked to be erased.Andres Morales2014-08-061-0/+2
| | | | | | | | | | | We need to wipe the challenges on this partition if OEM unlock is enabled, as this is a signal that the user has opted out of factory reset protection. go/factory-reset Bug: 16633064 Change-Id: Icb8f1433bf99ca57813f5b72d5a3dd15fa94a263
* do sdcard sideloading through the fuse filesystemDoug Zongker2014-07-101-101/+9
| | | | | | | | | Make a fuse filesystem that sits on top of the selected package file on the sdcard, so we can verify that the file contents don't change while being read and avoid copying the file to /tmp (that is, RAM) before verifying and installing it. Change-Id: Ifd982aa68bfe469eda5f839042648654bf7386a1
* drop APPLY_CACHE and refactor APPLY_EXTDoug Zongker2014-07-081-63/+45
| | | | | | | | | Drop support for sideloading OTA packages of the cache partition (a half-solution that's long since been deprecated by "adb sideload"). Refactor the code to sideload OTA packages from SD cards: remove the installation code from the file browser. Change-Id: Id0dff6b27c4a5837546f174f50e2e1d0379c43db
* sideload without holding the whole package in RAMDoug Zongker2014-07-021-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a new method of sideloading over ADB that does not require the entire package to be held in RAM (useful for low-RAM devices and devices using block OTA where we'd rather have more RAM available for binary patching). We communicate with the host using a new adb service called "sideload-host", which makes the host act as a server, sending us different parts of the package file on request. We create a FUSE filesystem that creates a virtual file "/sideload/package.zip" that is backed by the ADB connection -- users see a normal file, but when they read from the file we're actually fetching the data from the adb host. This file is then passed to the verification and installation systems like any other. To prevent a malicious adb host implementation from serving different data to the verification and installation phases of sideloading, the FUSE filesystem verifies that the contents of the file don't change between reads -- every time we fetch a block from the host we compare its hash to the previous hash for that block (if it was read before) and cause the read to fail if it changes. One necessary change is that the minadbd started by recovery in sideload mode no longer drops its root privileges (they're needed to mount the FUSE filesystem). We rely on SELinux enforcement to restrict the set of things that can be accessed. Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
* add reboot-to-bootloader and power down options to recovery menuDoug Zongker2014-04-011-17/+38
| | | | | | Useful when debugging or developing for recovery. Change-Id: Ic3ab42d5e848ad3488f1c575339b55e45c8a024b
* am b4bbf887: resolved conflicts for merge of 708aa238 to klp-modular-dev-plus-aospDoug Zongker2014-03-181-4/+10
|\ | | | | | | | | * commit 'b4bbf8878c3a6b2a17a3a96f1a23300748dbd81a': add --shutdown_after option to recovery
| * resolved conflicts for merge of 708aa238 to klp-modular-dev-plus-aospDoug Zongker2014-03-181-4/+10
| |\ | | | | | | | | | Change-Id: I3d00437d519f93652ccae6b361e89e853ccae9b3
| | * add --shutdown_after option to recoveryDoug Zongker2014-03-181-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "--shutdown_after" option causes recovery to power down the device on completion rather than rebooting. Removes the last vestiges of the "--previous_runs" argument, which doesn't seem to be used for anything. Change-Id: I465eda2ef59d367e2b1c79a8dc69831263c69a4d
* | | am 80c1a386: resolved conflicts for merge of d90da130 to klp-modular-dev-plus-aospDoug Zongker2014-03-181-1/+1
|\| | | | | | | | | | | | | | * commit '80c1a386d3f614919708b37986919ecaf74ee738': refactor image resource loading code in minui
| * | resolved conflicts for merge of d90da130 to klp-modular-dev-plus-aospDoug Zongker2014-03-181-1/+1
| |\| | | | | | | | | | Change-Id: Ib95b5bcd8d24014e1f2a956d2f31c99a471d3e30
| | * refactor image resource loading code in minuiDoug Zongker2014-03-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reduce the number of copies of libpng boilerplate. Rename res_create_* functions to be more clear. Make explicit the use of the framebuffer pixel format for images, and handle more combinations of input and output (eg, loading a grayscale image for display rather than use as a text alpha channel). Change-Id: I3d41c800a8f4c22b2f0167967ce6ee4d6b2b8846
* | | am 4b6de1ba: am 026ebe02: Merge "Recovery 64-bit compile issues"Mark Salyzyn2014-03-141-2/+2
|\| | | | | | | | | | | | | | * commit '4b6de1ba1ce0fff95c18a8abb7ba6e5762006d49': Recovery 64-bit compile issues
| * | am 026ebe02: Merge "Recovery 64-bit compile issues"Mark Salyzyn2014-03-141-2/+2
| |\| | | | | | | | | | | | | * commit '026ebe0214d6c1c9b3ddc22c35e9ac37e5f622bc': Recovery 64-bit compile issues
| | * Recovery 64-bit compile issuesMark Salyzyn2014-03-141-2/+2
| | | | | | | | | | | | Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
* | | clean up some warnings when building recoveryDoug Zongker2014-02-141-1/+1
| | | | | | | | | | | | Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
* | | log extra info for debuggingDoug Zongker2014-01-211-1/+1
|/ / | | | | | | | | | | | | Make recovery log its PID, and when we use a block map file, log how many ranges it contains. Change-Id: I1b4299f8163af68a770b48c029ae25e6cb45d26b
* / add the functions for multi-stage packages to updaterDoug Zongker2013-11-271-0/+18
|/ | | | | | | | | | | | | | | In order to support multi-stage recovery packages, we add the set_stage() and get_stage() functions, which store a short string somewhere it can be accessed across invocations of recovery. We also add reboot_now() which updater can invoke to immediately reboot the device, without doing normal recovery cleanup. (It can also choose whether to boot off the boot or recovery partition.) If the stage string is of the form "#/#", recovery's UI will be augmented with a simple indicator of what stage you're in, so it doesn't look like a reboot loop. Change-Id: I62f7ff0bc802b549c9bcf3cc154a6bad99f94603
* recovery: fix use of init reboot methodDoug Zongker2013-09-031-1/+1
| | | | | | | We need to set the system property to "reboot,", not an empty string. Bug: 10605007 Change-Id: I776e0d273764cf254651ab2b25c2743395b990e0
* recovery: fix rebootingDoug Zongker2013-08-301-1/+1
| | | | | | | | Change I84c0513acb549720cb0e8c9fcbda0050f5c396f5 moved reboot functionality into init but did not update the recovery partition; so "adb reboot" and /system/bin/reboot in recovery are both broken. Change-Id: Ie2d14627a686ffb5064256b6c399723636dff116
* recovery: install packages in a known mount environmentDoug Zongker2013-08-211-5/+0
| | | | | | | | | | | When installing a package, we should have /tmp and /cache mounted and nothing else. Ensure this is true by explicitly mounting them and unmounting everything else as the first step of every install. Also fix an error in the progress bar that crops up when you do multiple package installs in one instance of recovery. Change-Id: I4837ed707cb419ddd3d9f6188b6355ba1bcfe2b2
* notify about pending long pressDoug Zongker2013-07-311-8/+6
| | | | | | | | | | | | | | | | | | Recovery changes: - add a method to the UI class that is called when a key is held down long enough to be a "long press" (but before it is released). Device-specific subclasses can override this to indicate a long press. - do color selection for ScreenRecoveryUI's menu-and-log drawing function. Subclasses can override this to customize the colors they use for various elements. - Include the value of ro.build.display.id in the menu headers, so you can see on the screen what version of recovery you are running. Change-Id: I426a6daf892b9011638e2035aebfa2831d4f596d
* Merge "recovery: preserve recovery logs across cache wipes"Doug Zongker2013-07-091-2/+76
|\
| * recovery: preserve recovery logs across cache wipesDoug Zongker2013-07-091-2/+76
| | | | | | | | | | | | | | | | | | When doing a cache wipe or a factory reset (which includes a cache wipe), save any last* log files in the /cache/recovery directory and write them back after reformatting the partition, so that wiping data doesn't lose useful log information. Change-Id: I1f52ae9131760b5e752e136645c19f71b7b166ee
* | recovery: move log output to stdoutDoug Zongker2013-07-091-2/+1
|/ | | | | | | | Recovery currently has a random mix of messages printed to stdout and messages printed to stderr, which can make logs hard to read. Move everything to stdout. Change-Id: Ie33bd4a9e1272e731302569cdec918e0534c48a6
* recovery: copy logs to cache more aggressivelyDoug Zongker2013-07-021-9/+17
| | | | | | | | Copy logs to /cache immediately upon a package installation failure; don't wait for recovery to finish. (If the user reboots without exiting recovery the "right" way, the logs never get copied at all.) Change-Id: Iee342944e7ded63da5a4af33d11ebc876f6c0835
* am d51bfc9b: Merge "Fix the potential segmentation fault"Doug Zongker2013-06-041-1/+7
|\ | | | | | | | | * commit 'd51bfc9b1fe89321af3c629e7b23a747050332e1': Fix the potential segmentation fault
| * Fix the potential segmentation faultJin Feng2013-06-041-1/+7
| | | | | | | | | | | | | | | | | | | | Extral newline can trigger recovery segmentation fault Test case: host$ adb shell 'echo -en "--update_package=ota_update.zip\n--show_text\n\n" > /cache/recovery/command' host$ adb reboot recovery Change-Id: If1781c1f5ad94a273f1cb122b67cedd9fb562433 Signed-off-by: Jin Feng <jin88.feng@gmail.com>
* | recovery: save logs from the last few invocations of recoveryDoug Zongker2013-05-211-1/+19
| | | | | | | | | | | | | | | | Extends the last_log mechanism to save logs from the last six invocations of recovery, so that we're more likely to have useful logs even if the device has repeatedly booted into recovery. Change-Id: I08ae7a09553ada45f9e0733fe1e55e5a22efd9f9
* | recovery: turn on text display for install errors in debug buildsDoug Zongker2013-05-211-2/+33
| | | | | | | | | | | | | | | | | | | | | | Hopefully this will reduce the number of OTA "bugs" reported that are really just someone having changed their system partition, invalidating future incremental OTAs. Also fixes a longstanding TODO about putting LOGE() output in the on-screen display. Change-Id: I44e5be65b2dee7ebce2cce28ccd920dc3d6e522e
* | more font improvements and cleanupDoug Zongker2013-03-071-1/+0
|/ | | | | | | | | | | | | | | | | Get rid of the notion of a font's "ascent"; the reference point for drawing is the top-left corner of the character box rather than the baseline. Add some more space between the menu entries and make the highlight bar around the text. Replace the default font.png with two images; the build system will include one or the other based on the resolutions of the device. Restore the original compiled-in bitmap font, to fall back on when font.png can't be found (eg, in the charger binary). Add support for bold text (when a font.png image is used). Change-Id: I6d211a486a3636f20208502b1cd2aeae8b9f5b02
* resolved conflicts for merge of 78afed1c to jb-mr1-dev-plus-aospKenny Root2012-10-171-2/+0
|\ | | | | | | Change-Id: I861e3a6aa07c448909b2ae54618bba178bd6e457
| * Remove HAVE_SELINUX guardsKenny Root2012-10-161-2/+0
| | | | | | | | Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
* | recovery: fix failure to unmount "/cache"Devin Kim2012-10-091-0/+1
| | | | | | | | | | | | | | | | | | At load_locale_from_cache() function, LOCALE_FILE must get closed after it is opened and used. Otherwise it causes a failure to unmount "/cache" after load_locale_from_cache() function is called. Change-Id: I9cec0f29a8ec4452c8a6a52e2f3c8ce9930d5372 Signed-off-by: Iliyan Malchev <malchev@google.com>
* | display error state on OTA failureDoug Zongker2012-09-241-4/+13
| | | | | | | | | | | | | | | | We need prompt_with_wait() to show either the ERROR or NO_COMMAND state as appropriate. Bug: 7221068 Change-Id: I191526cf12630d08b7a8250a2a81e724a4a5d972
* | localization for recovery messagesDoug Zongker2012-09-181-1/+2
| | | | | | | | | | | | | | | | | | Add images of text for all locales we support. Make the progress bar fill the correct way for RTL languages. (Flip the direction the spinner turns, too, just for good measure.) Bug: 7064142 Change-Id: I5dddb26e02ee5275c57c4dc4a03c6d68432ac7ba
* | recovery locale handling fixesDoug Zongker2012-08-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | - change locale filename to "last_locale" so the main system doesn't delete it - clean up some chatty logging - update images with real German (other languages TBD) Change-Id: I2ebb4ed4e054bd1808a3042d9efbb2c18f3a044d
* | change recovery images to android with spinnerDoug Zongker2012-08-231-9/+12
| | | | | | | | | | | | Also make writing the locale a bit more robust. Change-Id: I803dd0aa0b9d6661fad74ea13fb085682402323c
* | add simple text to recovery UIDoug Zongker2012-08-231-10/+53
|/ | | | | | | | | | | | | | | - recovery takes a --locale argument, which will be passed by the main system - the locale is saved in cache, in case the --locale argument is missing (eg, when recovery is started from fastboot) - we include images that have prerendered text for many locales - we split the background states into four (installing update, erasing, no command, error) so that appropriate text can be shown. Change-Id: I731b8108e83d5ccc09a4aacfc1dbf7e86b397aaf
* am e5d5ac76: minor recovery changesDoug Zongker2012-04-121-2/+6
|\ | | | | | | | | * commit 'e5d5ac76cc8e5d11867aeff6a1d068215c1c3a7c': minor recovery changes
| * minor recovery changesDoug Zongker2012-04-121-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | - add the --just_exit option to make recovery exit normally without doing anything - make it possible to build updater extensions in C++ - add the clear_display command so that the updater binary can request recovery switch to the NONE background UI These are all used to support the notion of using OTA as a factory reflash mechanism. Change-Id: Ib00d1cbf540feff38f52a61a2cf198915b48488c
| * support "sideload over ADB" modeDoug Zongker2012-01-181-0/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rather than depending on the existence of some place to store a file that is accessible to users on an an unbootable device (eg, a physical sdcard, external USB drive, etc.), add support for sideloading packages sent to the device with adb. This change adds a "minimal adbd" which supports nothing but receiving a package over adb (with the "adb sideload" command) and storing it to a fixed filename in the /tmp ramdisk, from where it can be verified and sideloaded in the usual way. This should be leave available even on locked user-build devices. The user can select "apply package from ADB" from the recovery menu, which starts minimal-adb mode (shutting down any real adbd that may be running). Once minimal-adb has received a package it exits (restarting real adbd if appropriate) and then verification and installation of the received package proceeds. always initialize usb product, vendor, etc. for adb in recovery Set these values even on non-debuggable builds, so that the mini-adb now in recovery can work.
| * move key processing to RecoveryUIDoug Zongker2011-11-011-3/+1
| | | | | | | | | | | | | | | | | | Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so it can be used by devices without screens. Remove the UIParameters struct and replace it with some new member variables in ScreenRecoveryUI. Change-Id: I4c0e659edcbedc0b9e86ed261ae4dbb3c6097414
| * C++ class for device-specific codeDoug Zongker2011-10-311-36/+34
| | | | | | | | | | | | | | | | | | | | Replace the device-specific functions with a class. Move some of the key handling (for log visibility toggling and rebooting) into the UI class. Fix up the key handling so there is less crosstalk between the immediate keys and the queued keys (an increasing annoyance on button-limited devices). Change-Id: I8bdea6505da7974631bf3d9ac3ee308f8c0f76e1
| * refactor ui functions into a classDoug Zongker2011-10-291-44/+51
| | | | | | | | | | | | | | | | | | | | | | Move all the functions in ui.c to be members of a ScreenRecoveryUI class, which is a subclass of an abstract RecoveryUI class. Recovery then creates a global singleton instance of this class and then invoke the methods to drive the UI. We use this to allow substitution of a different RecoveryUI implementation for devices with radically different form factors (eg, that don't have a screen). Change-Id: I7fd8b2949d0db5a3f47c52978bca183966c86f33
| * turn recovery into a C++ binaryDoug Zongker2011-10-281-0/+826
| | | | Change-Id: I68a67a4c8edec9a74463b3d4766005ce27b51316
* Update merge for SELinux to compileKenny Root2012-04-081-1/+1
| | | | | | | | The contribution of SELinux things to AOSP had a call to the old ui_print that merged cleanly. This changes that call into the newer call so it will actually compile when enabled. Change-Id: I8368e937219b01d0bef06007fa46302415256d07
* resolved conflicts for merge of 0b1fee1b to masterKenny Root2012-03-311-1/+16
| | | | Change-Id: I2e8298ff5988a96754f56f80a5186c9605ad9928
* support "sideload over ADB" modeDoug Zongker2012-01-101-0/+32
| | | | | | | | | | | | | | | | | | | | | Rather than depending on the existence of some place to store a file that is accessible to users on an an unbootable device (eg, a physical sdcard, external USB drive, etc.), add support for sideloading packages sent to the device with adb. This change adds a "minimal adbd" which supports nothing but receiving a package over adb (with the "adb sideload" command) and storing it to a fixed filename in the /tmp ramdisk, from where it can be verified and sideloaded in the usual way. This should be leave available even on locked user-build devices. The user can select "apply package from ADB" from the recovery menu, which starts minimal-adb mode (shutting down any real adbd that may be running). Once minimal-adb has received a package it exits (restarting real adbd if appropriate) and then verification and installation of the received package proceeds. Change-Id: I6fe13161ca064a98d06fa32104e1f432826582f5
* mount cache before sideloading from external storageDoug Zongker2011-12-141-0/+4
| | | | | | | | Some packages expect to find cache mounted, since it always is for "real" OTAs. Bug: 5739915 Change-Id: I7a7cdd88a60c61e4bc7dc3e1f99956f6487c42e1
* move key processing to RecoveryUIDoug Zongker2011-11-041-3/+1
| | | | | | | | | Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so it can be used by devices without screens. Remove the UIParameters struct and replace it with some new member variables in ScreenRecoveryUI. Change-Id: I70094ecbc4acbf76ce44d5b5ec2036c36bdc3414
* C++ class for device-specific codeDoug Zongker2011-10-311-36/+34
| | | | | | | | | | Replace the device-specific functions with a class. Move some of the key handling (for log visibility toggling and rebooting) into the UI class. Fix up the key handling so there is less crosstalk between the immediate keys and the queued keys (an increasing annoyance on button-limited devices). Change-Id: I698f6fd21c67a1e55429312a0484b6c393cad46f
* refactor ui functions into a classDoug Zongker2011-10-311-44/+51
| | | | | | | | | | | Move all the functions in ui.c to be members of a ScreenRecoveryUI class, which is a subclass of an abstract RecoveryUI class. Recovery then creates a global singleton instance of this class and then invoke the methods to drive the UI. We use this to allow substitution of a different RecoveryUI implementation for devices with radically different form factors (eg, that don't have a screen). Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
* turn recovery into a C++ binaryDoug Zongker2011-10-311-0/+826
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555