summaryrefslogtreecommitdiffstats
path: root/uncrypt/uncrypt.cpp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Allow uncrypt to work without socket communicationTianjie Xu2016-07-011-2/+18
| | | | | | | | | | | | It was inconvenient to uncrypt a update package under adb shell because the uncrypt executable required a socket to start its job. Add a workaround to allow uncrypt executes without socket communication. Test: run uncrypt under adb shell, and the block map generates successfully Bug: 29906218 Change-Id: Ibc328b31636d925dc429ede8dcec7392a721dd53
* resolve merge conflicts of 2f272c0 to nyc-mr1-dev-plus-aospYabin Cui2016-07-011-1/+1
|\ | | | | | | Change-Id: I889d94a723415ad2e660b8c99e66935142918bc4
| * Create bootloader_message static library.Yabin Cui2016-06-301-1/+1
| | | | | | | | | | | | | | | | | | | | bootloader_messages merges bootloader_message_writer and bootloader.cpp, so we can use the same library to manage bootloader_message in normal boot and recovery mode. Bug: 29582118 Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618
* | resolve merge conflicts of ed4c49c to nyc-mr1-dev-plus-aospYabin Cui2016-06-211-1/+18
|\| | | | | | | Change-Id: I8788cc80473dc77bfa0cd2682f3acb6e17ac36df
| * Verify wipe package when wiping A/B device in recovery.Yabin Cui2016-06-211-1/+18
| | | | | | | | | | | | | | | | | | | | To increase the security of wiping A/B devices, let uncrypt write wipe package in misc partition. Then recovery verifies the wipe package before wiping the device. Bug: 29159185 Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168
* | Merge "Fix google-runtime-int warnings." am: a1f4a1eChih-hung Hsieh2016-04-191-2/+3
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | am: bcad1d1 * commit 'bcad1d1ced730478c94f951034d252e777661332': Fix google-runtime-int warnings. Change-Id: Ifad31026502e3375f4833899056662da540319b5
| * | Fix google-runtime-int warnings.Chih-Hung Hsieh2016-04-181-2/+3
| | | | | | | | | | | | | | | Bug: 28220065 Change-Id: Ida199c66692a1638be6990d583d2ed42583fb592
| * | uncrypt: remove --read-bcb option.Yabin Cui2016-03-301-32/+0
| | | | | | | | | | | | | | | | | | Bug: 27897241 Change-Id: I4f52ada58e8f204dba8c974ea0ae03876411ecf0 (cherry picked from commit 61799baba3631f55469d2754542130255ce790cf)
* | | resolve merge conflicts of a58a6db to nyc-dev-plus-aospYabin Cui2016-04-091-44/+7
|\ \ \ | | |/ | |/| | | | Change-Id: I6d95fbd33f570d60e2caf42931ef6aa9f2634239
| * | uncrypt: split libbootloader_message_writer for reuse.Yabin Cui2016-04-081-43/+7
| | | | | | | | | | | | | | | | | | | | | | | | init and vold also need to write bootloader message, so split this function from uncrypt into a separate library. Bug: 27176738 Change-Id: If9b0887b4f6ffab6162d9cb47a6ceb7eedd60b4d
| * | Merge "uncrypt: fix call to close()." into nyc-devYabin Cui2016-03-301-2/+2
| |\ \
| | * | uncrypt: fix call to close().Yabin Cui2016-03-301-2/+2
| | | | | | | | | | | | | | | | | | | | Bug: 27897229 Change-Id: Iab5e829af1676f7fcd8a4b00a194aa679ed4e372
* | | | resolve merge conflicts of 61799ba to nyc-dev-plus-aospYabin Cui2016-03-301-32/+0
|\| | | | | | | | | | | | | | | Change-Id: Ib1d0afe9022ec82f05be8b56201e73505160cacc
| * | | uncrypt: remove --read-bcb option.Yabin Cui2016-03-291-32/+0
| |/ / | | | | | | | | | | | | Bug: 27897241 Change-Id: I4f52ada58e8f204dba8c974ea0ae03876411ecf0
* | | Fix uncrypt.cpp unique_fd build breakage.Elliott Hughes2016-03-291-10/+10
| | | | | | | | | | | | Change-Id: I4654f59463d1f3e1f4450e937cd910508b64c157
* | | resolve merge conflicts of 5cf4701 to nyc-dev-plus-aospElliott Hughes2016-03-291-36/+34
|\ \ \ | |/ / |/| / | |/ Change-Id: Ia69f8b070c05cfe201115de510e3c12e813e38b5
| * Switch to <android-base/unique_fd.h>.Elliott Hughes2016-03-291-51/+52
| | | | | | | | Change-Id: I13ba3f40bd52b5f3e3fe9002a45a9a8630040129
* | uncrypt: Communicate via /dev/socket/uncrypt.Tao Bao2016-03-031-79/+181
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We used to rely on files (e.g. /cache/recovery/command and /cache/recovery/uncrypt_status) to communicate between uncrypt and its caller (i.e. system_server). Since A/B devices may not have /cache partitions anymore, we switch to socket communication instead. We will keep the use of /cache/recovery/uncrypt_file to indicate the OTA package to be uncrypt'd though. Because there is existing logic in ShutdownThread.java that depends on the existence of the file to detect pending uncrypt works. This part won't affect A/B devices without /cache partitions, because such devices won't need uncrypt service (i.e the real de-encrypt work) anyway. Bug: 27176738 Change-Id: I481406e09e3ffc7b80f2c9e39003b9fca028742e
* | uncrypt: Retire pre-recovery service.Tao Bao2016-02-231-13/+1
|/ | | | | | | | | | The framework CL in [1] removes the use of "pre-recovery" service which is basically to trigger a reboot into the recovery. [1] commit e8a403d57c8ea540f8287cdaee8b90f0cf9626a3 Bug: 26830925 Change-Id: I131f31a228df59e4f9c3024b238bbdee0be2b157
* uncrypt: add options to setup bcb and clear bcb.Yabin Cui2016-02-031-104/+188
| | | | | | Bug: 26696173 Change-Id: I3a612f045aaa9e93e61ae45b05300d02b19bb3ad
* uncrypt: generate map file by renaming tmp file.Yabin Cui2016-02-011-75/+93
| | | | | | | | | Writing map file directly can break consistency in map file if it fails in the middle. Instead, we write a temporary file and rename the temporary file to map file. Bug: 26883096 Change-Id: I5e99e942e1b75e758af5f7a48f8a08a0b0041d6a
* uncrypt: avoid use-after-freeDaniel Micay2016-01-121-3/+4
| | | | | | | | | The `std::string package` variable goes out of scope but the input_path variable is then used to access the memory as it's set to `c_str()`. This was detected via OpenBSD malloc's junk filling feature. Change-Id: Ic4b939347881b6ebebf71884e7e2272ce99510e2
* uncrypt: Suppress the compiler warnings on LP64.Tao Bao2015-12-091-10/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have the following warnings when compiling uncrypt on LP64 (e.g. aosp_angler-userdebug). bootable/recovery/uncrypt/uncrypt.cpp:77:53: warning: format specifies type 'long long' but the argument has type 'off64_t' (aka 'long') [-Wformat] ALOGE("error seeking to offset %lld: %s\n", offset, strerror(errno)); ~~~~ ^~~~~~ %ld bootable/recovery/uncrypt/uncrypt.cpp:84:54: warning: format specifies type 'long long' but the argument has type 'unsigned long' [-Wformat] ALOGE("error writing offset %lld: %s\n", (offset + written), strerror(errno)); ~~~~ ^~~~~~~~~~~~~~~~~~ %lu bootable/recovery/uncrypt/uncrypt.cpp:246:16: warning: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'off_t' (aka 'long') [-Wsign-compare] while (pos < sb.st_size) { ~~~ ^ ~~~~~~~~~~ According to POSIX spec [1], we have: off_t and blksize_t shall be signed integer types; size_t shall be an unsigned integer type; blksize_t and size_t are no greater than the width of type long. And on Android, we always have a 64-bit st_size from stat(2) (//bionic/libc/include/sys/stat.h). Fix the type and add necessary casts to suppress the warnings. [1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_types.h.html Change-Id: I5d64d5b7919c541441176c364752de047f9ecb20
* Track rename from base/ to android-base/.Elliott Hughes2015-12-051-2/+2
| | | | Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
* We can use fclose directly in std::unique_ptr.Elliott Hughes2015-11-131-5/+5
| | | | | | | | It turns out the standard explicitly states that if the pointer is null, the deleter function won't be called. So it doesn't matter that fclose(3) doesn't accept null. Change-Id: I10e6e0d62209ec03ac60e673edd46f32ba279a04
* uncrypt: remove O_SYNC to avoid time-out failuresJaegeuk Kim2015-11-041-1/+1
| | | | | | | | | | | This patch removes costly O_SYNC flag for encrypted block device. After writing whole decrypted blocks, fsync should guarantee their consistency from further power failures. This patch reduces the elapsed time significantly consumed by upgrading packages on an encrypted partition, so that it could avoid another time-out failures too. Change-Id: I1fb9022c83ecc00bad09d107fc87a6a09babb0ec Signed-off-by: Jaegeuk Kim <jaegeuk@motorola.com>
* Use unique_ptr and unique_fd to manager FDs.Tao Bao2015-08-101-16/+16
| | | | | | | | Clean up leaky file descriptors in uncrypt/uncrypt.cpp. Add unique_fd for open() and unique_file for fopen() to close FDs on destruction. Bug: 21496020 Change-Id: I0174db0de9d5f59cd43b44757b8ef0f5912c91a2
* uncrypt: Support file level encryption.Tao Bao2015-07-241-1/+1
| | | | | | Bug: 22534003 Change-Id: I2bc22418c416491da573875dce78daed24f2c046 (cherry picked from commit 6e9dda70cb00dd1f1948e071d7df7ca6e2bd8332)
* uncrypt: Write status when it reboots to factory resetTao Bao2015-06-101-7/+10
| | | | | | | | | When it reboots into recovery for a factory reset, it still needs to write the uncrypt status (-1) to the pipe. Bug: 21511893 (cherry picked from commit 2c2cae8a4a18b85043bb6260a59ac7d1589016bf) Change-Id: Ia5a75c5edf3afbd916153da1b4de4db2f00d0209
* Separate uncrypt into two modesTao Bao2015-06-101-94/+91
| | | | | | | | | | | | | | | uncrypt needs to be triggered to prepare the OTA package before rebooting into the recovery. Separate uncrypt into two modes. In mode 1, it uncrypts the OTA package, but will not reboot the device. In mode 2, it wipes the /misc partition and reboots. Needs matching changes in frameworks/base, system/core and external/sepolicy to work properly. Bug: 20012567 Bug: 20949086 (cherry picked from commit 158e11d6738a751b754d09df7275add589c31191) Change-Id: I349f6d368a0d6f6ee4332831c4cd4075a47426ff
* Clean up the sleep()'s after poking init servicesTao Bao2015-05-271-4/+8
| | | | Change-Id: I77564fe5c59e604f1377b278681b7d1bff53a77a
* uncrypt: Switch to C++Tao Bao2015-05-061-0/+465
Also apply some trivial changes like int -> bool and clean-ups. Change-Id: Ic55fc8b82d7e91b321f69d10175be23d5c04eb92