| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enables to use uncrypt for f2fs update-on-reboot.
It requires kernel patch named:
"f2fs: add an ioctl to disable GC for specific file"
If any operation fails during uncrypt, please delete package file as soon as
possible, and create the file again to move forward. IOWs, don't leave the
package file for a long time.
Bug: 70309376
Bug: 30170612
Change-Id: I3b4233e7da756f107be35364521699deaf2e7139
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 26436d6d6010d5323349af7e119ff8f34f85c40c to re-land
"Move error_code.h into otautil.".
This way it stops requiring relative path ".." in LOCAL_C_INCLUDES
(uncrypt and edify). Soong doesn't accept non-local ".." in
"local_include_dirs".
This CL needs to land with device-specific module changes (e.g. adding
the dependency on libotautil).
Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug;
mmma bootable/recovery
Change-Id: If193241801af2dae73eccd31ce57cd2b81c9fd96
|
|
|
|
|
|
|
|
| |
This reverts commit 623fe7e701d5d0fb17082d1ced14498af1b44e5b.
Reason for revert: Need to address device-specific modules.
Change-Id: Ib7a4191e7f193dfff49b02d3de76dda856800251
|
|
|
|
|
|
|
|
|
| |
This way it stops requiring relative path ".." in LOCAL_C_INCLUDES
(uncrypt and edify). Soong doesn't accept non-local ".." in
"local_include_dirs".
Test: mmma bootable/recovery
Change-Id: Ia4649789cef2aaeb2785483660e9ea5a8b389c62
|
|\
| |
| |
| |
| |
| | |
am: 3ff8a5e2a4
Change-Id: Iee5b01f59b2e0532232393c0133f0bd3b11d9ccd
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the error codes when we fail to find the realpath, or fail to find
the block_device.
Bug: 63737759
Test: mma
Change-Id: Icf15368ad3e7345c747d9083da2f049cc8acd571
|
|\|
| |
| |
| |
| |
| | |
am: 1a76f4a3bc
Change-Id: I8869ddf69589c2a1bb0e8dd493df67f9126db585
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The fstab settings of early-mounted partitions (e.g., /vendor) will be in
kernel device tree. Switch to the new API to get the whole settings with
those in device tree:
fs_mgr_read_fstab_with_dt("/etc/recovery.fstab")
The original default /fstab.{ro.hardware} might be moved to
/vendor/etc/. or /odm/etc/. Use another new API to get the default fstab
instead of using the hard-coded /fstab.{ro.hardware}. This API also
includes the settings from device tree:
fs_mgr_read_fstab_default()
Bug: 35811655
Test: boot sailfish recovery
Change-Id: Iaa56ac7f7b4c4dfc7180c65f03e9a37b94f1de09
|
|\|
| |
| |
| |
| |
| | |
am: 4536c470f8
Change-Id: I399f35a1bc1575f9e1fcfa5d2bb537390360505e
|
| |\ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In some conditions, ioctl(fd, FIBMAP, &block) returns block number 0.This
is a failure to locate the actual block number of the update package and
will result in an invalid block.map. This CL retries ioctl a few times
if it returns block number as 0.
Bug: 31632090
Test: On N9, uncrypt retries ioctl and produces the correct blockmap.
Change-Id: I913f98cf5c112915c2e803d0683db273c89053b6
|
|\| |
| | |
| | |
| | |
| | |
| | | |
am: 51ccca4b8c
Change-Id: Ifa6579a34df60e48ff53689397bb53464a5d15ee
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bug: http://b/33534933
Test: recovery_component_test passes (and fails on buggy build due to
the CL in [1]).
[1]: commit 7e31f421a514da09b90e46dbd642a5e9b16e0003
Change-Id: I120498048ec1db8f9fcbb3cf135c05d3a48cfcdf
|
| |\|
| | |
| | |
| | |
| | |
| | | |
am: 4c1f3eda98
Change-Id: I8e86d4201d2fac0293e70df54e0816c96e85a9b7
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It was inconvenient to uncrypt a update package under adb shell
because the uncrypt executable required a socket to start its job.
Add a workaround to allow uncrypt executes without socket
communication.
Test: run uncrypt under adb shell, and the block map generates successfully
Bug: 29906218
Change-Id: Ibc328b31636d925dc429ede8dcec7392a721dd53
(cherry picked from commit 28c1e5d3aa9610db6e141380b1435937fc7f07db)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To increase the security of wiping A/B devices, let uncrypt write
wipe package in misc partition. Then recovery verifies the wipe
package before wiping the device.
Based on the original cherrypick, this CL also has additional changes to
address the LOG statements and libziparchive changes.
Bug: 29159185
Test: Build and boot into recovery.
Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168
(cherry picked from commit 6faf0265c9b58db2c15b53f6d29025629d52f882)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
bootloader_messages merges bootloader_message_writer
and bootloader.cpp, so we can use the same library to
manage bootloader_message in normal boot and recovery mode.
Bug: 29582118
Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618
(cherry picked from commit 2f272c0551f984e83bc5abaf240e0dddb38a3326)
|
|\| |
| | |
| | |
| | |
| | |
| | | |
am: 68fc81e860
Change-Id: I57eff7b0aaa388c32dc8e99318e68ca25ff5c02d
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add the error codes for uncrypt and report the failure details in
uncrypt_status.
Test: uncrypt_error logs correctly in last_install
Bug: 31603820
Change-Id: I8e0de845ce1707b6f8f5ae84564c5e93fd5f5ef5
(cherry picked from commit 0c68675f5ae80cd669e0bf014a69689b6fe08eee)
|
|\| |
| | |
| | |
| | |
| | |
| | | |
am: b0d0ee3c7d
Change-Id: Ie44169accea9196457d7cae696836c3a6fe14c8e
|
| |\|
| | |
| | |
| | |
| | |
| | | |
am: fc887a8fba
Change-Id: I5e83be10f4443c8b107821975b3506381fcbdf0c
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add the error codes for uncrypt and report the failure details in
uncrypt_status.
Test: uncrypt_error logs correctly in last_install
Bug: 31603820
Change-Id: I8e0de845ce1707b6f8f5ae84564c5e93fd5f5ef5
|
| |\|
| | |
| | |
| | | |
Change-Id: Ia041044547351a3e65b647bb9913aa18c7d2c97c
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bug: http://b/23102347
Test: boot into recovery.
Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e
Merged-In: Ib2ca560f1312961c21fbaa294bb068de19cb883e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Save the uncrypt time cost to /cache/recovery/uncrypt_status. Recovery
reads the file and saves its contents to last_install.
Bug: 31383361
Test: Tested on angler and uncrypt_time reports correctly.
Change-Id: I5cd3f7b6ca069d69086d09acfea8fc4f1215c833
Merged-In: I5cd3f7b6ca069d69086d09acfea8fc4f1215c833
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
|
| | |
| | |
| | |
| | |
| | |
| | | |
Bug: http://b/23102347
Test: boot into recovery.
Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e
|
|\| |
| | |
| | |
| | |
| | |
| | | |
am: 707583a4ab
Change-Id: I22b520ceaea408cad4e267d5a87c21ec80cd5e1d
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 4769f209dc
Change-Id: Ic9056d4af518df3747743ec6b2886fa437029395
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Save the uncrypt time cost to /cache/recovery/uncrypt_status. Recovery
reads the file and saves its contents to last_install.
Bug: 31383361
Test: Tested on angler and uncrypt_time reports correctly.
(cherry picked from commit fe16b5ccaf80f6e04d5b722c37c1abd70457ad28)
Change-Id: Id69681a35c7eb2f0eb21b48e3616dcda82ce41b8
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
(cherry picked from commit 747781433fb01f745529c7e9dd97c5599070ad0d)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It was inconvenient to uncrypt a update package under adb shell
because the uncrypt executable required a socket to start its job.
Add a workaround to allow uncrypt executes without socket
communication.
Test: run uncrypt under adb shell, and the block map generates successfully
Bug: 29906218
Change-Id: Ibc328b31636d925dc429ede8dcec7392a721dd53
|
|\| |
| | |
| | |
| | | |
Change-Id: I889d94a723415ad2e660b8c99e66935142918bc4
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
bootloader_messages merges bootloader_message_writer
and bootloader.cpp, so we can use the same library to
manage bootloader_message in normal boot and recovery mode.
Bug: 29582118
Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618
|
|\| |
| |/
|/|
| | |
Change-Id: I8788cc80473dc77bfa0cd2682f3acb6e17ac36df
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To increase the security of wiping A/B devices, let uncrypt write
wipe package in misc partition. Then recovery verifies the wipe
package before wiping the device.
Bug: 29159185
Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
am: bcad1d1
* commit 'bcad1d1ced730478c94f951034d252e777661332':
Fix google-runtime-int warnings.
Change-Id: Ifad31026502e3375f4833899056662da540319b5
|
| | |
| | |
| | |
| | |
| | | |
Bug: 28220065
Change-Id: Ida199c66692a1638be6990d583d2ed42583fb592
|
| | |
| | |
| | |
| | |
| | |
| | | |
Bug: 27897241
Change-Id: I4f52ada58e8f204dba8c974ea0ae03876411ecf0
(cherry picked from commit 61799baba3631f55469d2754542130255ce790cf)
|
|\ \ \
| | |/
| |/|
| | | |
Change-Id: I6d95fbd33f570d60e2caf42931ef6aa9f2634239
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
init and vold also need to write bootloader message, so
split this function from uncrypt into a separate library.
Bug: 27176738
Change-Id: If9b0887b4f6ffab6162d9cb47a6ceb7eedd60b4d
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Bug: 27897229
Change-Id: Iab5e829af1676f7fcd8a4b00a194aa679ed4e372
|
|\| | |
| | | |
| | | |
| | | | |
Change-Id: Ib1d0afe9022ec82f05be8b56201e73505160cacc
|
| |/ /
| | |
| | |
| | |
| | | |
Bug: 27897241
Change-Id: I4f52ada58e8f204dba8c974ea0ae03876411ecf0
|
| | |
| | |
| | |
| | | |
Change-Id: I4654f59463d1f3e1f4450e937cd910508b64c157
|
|\ \ \
| |/ /
|/| /
| |/ |
Change-Id: Ia69f8b070c05cfe201115de510e3c12e813e38b5
|
| |
| |
| |
| | |
Change-Id: I13ba3f40bd52b5f3e3fe9002a45a9a8630040129
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We used to rely on files (e.g. /cache/recovery/command and
/cache/recovery/uncrypt_status) to communicate between uncrypt and its
caller (i.e. system_server). Since A/B devices may not have /cache
partitions anymore, we switch to socket communication instead.
We will keep the use of /cache/recovery/uncrypt_file to indicate the OTA
package to be uncrypt'd though. Because there is existing logic in
ShutdownThread.java that depends on the existence of the file to
detect pending uncrypt works. This part won't affect A/B devices without
/cache partitions, because such devices won't need uncrypt service (i.e
the real de-encrypt work) anyway.
Bug: 27176738
Change-Id: I481406e09e3ffc7b80f2c9e39003b9fca028742e
|
|/
|
|
|
|
|
|
|
|
| |
The framework CL in [1] removes the use of "pre-recovery" service which
is basically to trigger a reboot into the recovery.
[1] commit e8a403d57c8ea540f8287cdaee8b90f0cf9626a3
Bug: 26830925
Change-Id: I131f31a228df59e4f9c3024b238bbdee0be2b157
|
|
|
|
|
|
| |
Bug: 26696173
Change-Id: I3a612f045aaa9e93e61ae45b05300d02b19bb3ad
|
|
|
|
|
|
|
|
|
| |
Writing map file directly can break consistency in map file if
it fails in the middle. Instead, we write a temporary file and
rename the temporary file to map file.
Bug: 26883096
Change-Id: I5e99e942e1b75e758af5f7a48f8a08a0b0041d6a
|
|
|
|
|
|
|
|
|
| |
The `std::string package` variable goes out of scope but the input_path
variable is then used to access the memory as it's set to `c_str()`.
This was detected via OpenBSD malloc's junk filling feature.
Change-Id: Ic4b939347881b6ebebf71884e7e2272ce99510e2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have the following warnings when compiling uncrypt on LP64 (e.g.
aosp_angler-userdebug).
bootable/recovery/uncrypt/uncrypt.cpp:77:53: warning: format specifies type 'long long' but the argument has type 'off64_t' (aka 'long') [-Wformat]
ALOGE("error seeking to offset %lld: %s\n", offset, strerror(errno));
~~~~ ^~~~~~
%ld
bootable/recovery/uncrypt/uncrypt.cpp:84:54: warning: format specifies type 'long long' but the argument has type 'unsigned long' [-Wformat]
ALOGE("error writing offset %lld: %s\n", (offset + written), strerror(errno));
~~~~ ^~~~~~~~~~~~~~~~~~
%lu
bootable/recovery/uncrypt/uncrypt.cpp:246:16: warning: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'off_t' (aka 'long') [-Wsign-compare]
while (pos < sb.st_size) {
~~~ ^ ~~~~~~~~~~
According to POSIX spec [1], we have:
off_t and blksize_t shall be signed integer types;
size_t shall be an unsigned integer type;
blksize_t and size_t are no greater than the width of type long.
And on Android, we always have a 64-bit st_size from stat(2)
(//bionic/libc/include/sys/stat.h).
Fix the type and add necessary casts to suppress the warnings.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_types.h.html
Change-Id: I5d64d5b7919c541441176c364752de047f9ecb20
|
|
|
|
| |
Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
|
|
|
|
|
|
|
|
| |
It turns out the standard explicitly states that if the pointer is
null, the deleter function won't be called. So it doesn't matter that
fclose(3) doesn't accept null.
Change-Id: I10e6e0d62209ec03ac60e673edd46f32ba279a04
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes costly O_SYNC flag for encrypted block device.
After writing whole decrypted blocks, fsync should guarantee their consistency
from further power failures.
This patch reduces the elapsed time significantly consumed by upgrading packages
on an encrypted partition, so that it could avoid another time-out failures too.
Change-Id: I1fb9022c83ecc00bad09d107fc87a6a09babb0ec
Signed-off-by: Jaegeuk Kim <jaegeuk@motorola.com>
|
|
|
|
|
|
|
|
| |
Clean up leaky file descriptors in uncrypt/uncrypt.cpp. Add unique_fd
for open() and unique_file for fopen() to close FDs on destruction.
Bug: 21496020
Change-Id: I0174db0de9d5f59cd43b44757b8ef0f5912c91a2
|
|
|
|
|
|
| |
Bug: 22534003
Change-Id: I2bc22418c416491da573875dce78daed24f2c046
(cherry picked from commit 6e9dda70cb00dd1f1948e071d7df7ca6e2bd8332)
|
|
|
|
|
|
|
|
|
| |
When it reboots into recovery for a factory reset, it still needs to
write the uncrypt status (-1) to the pipe.
Bug: 21511893
(cherry picked from commit 2c2cae8a4a18b85043bb6260a59ac7d1589016bf)
Change-Id: Ia5a75c5edf3afbd916153da1b4de4db2f00d0209
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
uncrypt needs to be triggered to prepare the OTA package before
rebooting into the recovery. Separate uncrypt into two modes. In
mode 1, it uncrypts the OTA package, but will not reboot the
device. In mode 2, it wipes the /misc partition and reboots.
Needs matching changes in frameworks/base, system/core and
external/sepolicy to work properly.
Bug: 20012567
Bug: 20949086
(cherry picked from commit 158e11d6738a751b754d09df7275add589c31191)
Change-Id: I349f6d368a0d6f6ee4332831c4cd4075a47426ff
|
|
|
|
| |
Change-Id: I77564fe5c59e604f1377b278681b7d1bff53a77a
|
|
Also apply some trivial changes like int -> bool and clean-ups.
Change-Id: Ic55fc8b82d7e91b321f69d10175be23d5c04eb92
|