summaryrefslogtreecommitdiffstats
path: root/uncrypt (follow)
Commit message (Collapse)AuthorAgeFilesLines
* [LSC] Add LOCAL_LICENSE_KINDS to bootable/recoveryBob Badour2021-02-141-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added SPDX-license-identifier-Apache-2.0 to: applypatch/Android.bp bootloader_message/Android.bp edify/Android.bp fuse_sideload/Android.bp install/Android.bp minadbd/Android.bp minui/Android.bp otautil/Android.bp recovery_ui/Android.bp recovery_utils/Android.bp tests/Android.bp tools/image_generator/Android.bp tools/recovery_l10n/Android.bp uncrypt/Android.bp update_verifier/Android.bp updater/Android.bp updater/Android.mk updater_sample/Android.bp updater_sample/tests/Android.bp Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-MIT SPDX-license-identifier-OFL to: Android.bp Android.mk Bug: 68860345 Bug: 151177513 Bug: 151953481 Test: m all Exempt-From-Owner-Approval: janitorial work Change-Id: I3da761b525452838977297f773974000d4de7bd6
* Fix clang-analyzer-core.uninitialized.Branch warningsChih-Hung Hsieh2020-04-231-3/+3
| | | | | | Bug: 154760495 Test: make with WITH_TIDY=1 and DEFAULT_GLOBAL_TIDY_CHECKS=clang-analyzer-core.uninitialized.Branch Change-Id: I03af58f9491f4abcface9abb12c80a35e0f97a40
* Add android::fs_mgr namespace for new Fstab codeTom Cherry2019-01-311-0/+3
| | | | | | | | | | | | | | | Also add libfstab dependencies where needed. Previously the `typedef struct FstabEntry Volume;` line served to both define a `struct FstabEntry` as well as alias Volume to it. With the new namespace for android::fs_mgr::FstabEntry, `struct FstabEntry` isn't compatible anymore, so we need to alias Volume to the real android::fs_mgr::FstabEntry. In doing so, we need to include <fstab/fstab.h> and this requires libfstab as a library, which a few modules did not have before. Test: treehugger Change-Id: I655209a0efb304b3e0568db0748bd5cf7cecbdb7
* uncrypt: Fix the comparison in FindBlockDevice().Tao Bao2018-12-051-3/+1
| | | | | | | | | | | Previously it considered a match if the given path (i.e. path to an update package) fully equals to a mount_point. For example, `uncrypt /data block.map` or `uncrypt /vendor block.map` would exit successfully, without producing a block map. Test: `uncrypt /path/to/package.zip block.map` Test: `uncrypt /vendor block.map` fails. Change-Id: Id946ab1c0b158b623013f89463cbb1960141d8b5
* uncrypt: Replace a few C-strings with std::string.Tao Bao2018-12-051-175/+168
| | | | | | | Also use android::base::{Dirname,Realpath,StartsWith}. Test: Run uncrypt on device (`uncrypt package block.map`). Change-Id: Ifacd01d6b35d85ea4afcb93a0dbc0235bb765a75
* Move some small users of fstab to new C++ FstabTom Cherry2018-12-041-26/+17
| | | | | | Bug: 62292478 Test: tree-hugger Change-Id: Ie2cc10e5168ef3b9dcc42f88e67a1ccd1175fcc5
* uncrypt: write permission for f2fs_pin_fileJaegeuk Kim2018-11-211-1/+1
| | | | | | | We need a write permission to set a flag in the file. Change-Id: I4896ecbe0fc04374e01d006b1c8acdb932e5d16d Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
* uncrypt: fix ioctl direction for F2FS_IOC_GET_PIN_FILEDevin Kim2018-09-121-1/+1
| | | | | | The direction should be set as READ, not WRITE Change-Id: Id695276f25c1d75bca3a02d87e4a59623e95cb00
* uncrypt: Depend on commonly used shared libs.Tao Bao2018-08-231-5/+7
| | | | | | | | | | | | We already have these shared libraries on device. And `uncrypt` doesn't need to be statically linked (it wasn't, even prior to this change). With this change, the size of uncrypt goes down from 139KiB to 33KiB (aosp_marlin-userdebug). Test: Build and flash on marlin. Trigger a factory reset (which calls `uncrypt` to set up the BCB). Change-Id: I77e3c82e8ce3734019da75c48928d881cb7ef0f0
* uncrypt: fix f2fs ioctl argument for pin_fileJaegeuk Kim2018-08-011-1/+2
| | | | | | | This patch fixes missing f2fs ioctl call. Change-Id: Id840b76b9d5c580041aaee4501ac8e69fc3fb818 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
* f2fs: support f2fs by setting unmovable bit for package fileJaegeuk Kim2018-03-221-4/+38
| | | | | | | | | | | | | | | This enables to use uncrypt for f2fs update-on-reboot. It requires kernel patch named: "f2fs: add an ioctl to disable GC for specific file" If any operation fails during uncrypt, please delete package file as soon as possible, and create the file again to move forward. IOWs, don't leave the package file for a long time. Bug: 70309376 Bug: 30170612 Change-Id: I3b4233e7da756f107be35364521699deaf2e7139 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
* uncrypt: Move to Soong.Tao Bao2017-11-092-31/+39
| | | | | Test: mmma -j bootable/recovery Change-Id: I405f2a70f51904c02c49a287c23cbc115a4c5132
* Revert "Revert "Move error_code.h into otautil.""Tao Bao2017-10-092-2/+2
| | | | | | | | | | | | | | | | This reverts commit 26436d6d6010d5323349af7e119ff8f34f85c40c to re-land "Move error_code.h into otautil.". This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". This CL needs to land with device-specific module changes (e.g. adding the dependency on libotautil). Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug; mmma bootable/recovery Change-Id: If193241801af2dae73eccd31ce57cd2b81c9fd96
* Revert "Move error_code.h into otautil."Tao Bao2017-10-052-2/+2
| | | | | | | | This reverts commit 623fe7e701d5d0fb17082d1ced14498af1b44e5b. Reason for revert: Need to address device-specific modules. Change-Id: Ib7a4191e7f193dfff49b02d3de76dda856800251
* Move error_code.h into otautil.Tao Bao2017-10-042-2/+2
| | | | | | | | | This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". Test: mmma bootable/recovery Change-Id: Ia4649789cef2aaeb2785483660e9ea5a8b389c62
* Turn on -Wall for recovery modulesTianjie Xu2017-08-291-1/+1
| | | | | | | | | | | | | Turn on -Wall for all modules. Also remove the obsolete file_cmp() in apply_patch test and now() in wear_ui. The only exception is lib_edify due to the unused functions in the intermediate cpp files generated from the lex files. It will be handled in a seperate CL. Bug: 64939312 Test: mma, unit tests pass Change-Id: Ic53f76b60b6401ab20db3d98130d674c08e3702f
* Merge "Add more specific error codes for uncrypt failures"Tianjie Xu2017-07-271-6/+6
|\ | | | | | | | | | | am: 3ff8a5e2a4 Change-Id: Iee5b01f59b2e0532232393c0133f0bd3b11d9ccd
| * Add more specific error codes for uncrypt failuresTianjie Xu2017-07-271-6/+6
| | | | | | | | | | | | | | | | | | Add the error codes when we fail to find the realpath, or fail to find the block_device. Bug: 63737759 Test: mma Change-Id: Icf15368ad3e7345c747d9083da2f049cc8acd571
* | Merge "Remove LOCAL_CLANG"Tao Bao2017-07-251-1/+0
|\| | | | | | | | | | | am: 231c627a55 Change-Id: Idfd30503b9ebd8e3d59af7ab703911a500ad6c09
| * Remove LOCAL_CLANGLennart Wieboldt2017-07-251-1/+0
| | | | | | | | | | | | | | clang is the default compiler since Android nougat Change-Id: I930bba431dc49970cb4491ed5fcf44b5e00e97df Signed-off-by: Lennart Wieboldt <lennart.1997@gmx.de>
* | Merge "recovery: replacing fs_mgr_read_fstab() with new fs_mgr APIs" am: 7a0dfec771 am: 1a23257214Bowgo Tsai2017-03-101-13/+2
|\| | | | | | | | | | | am: 1a76f4a3bc Change-Id: I8869ddf69589c2a1bb0e8dd493df67f9126db585
| * recovery: replacing fs_mgr_read_fstab() with new fs_mgr APIsBowgo Tsai2017-03-101-13/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The fstab settings of early-mounted partitions (e.g., /vendor) will be in kernel device tree. Switch to the new API to get the whole settings with those in device tree: fs_mgr_read_fstab_with_dt("/etc/recovery.fstab") The original default /fstab.{ro.hardware} might be moved to /vendor/etc/. or /odm/etc/. Use another new API to get the default fstab instead of using the hard-coded /fstab.{ro.hardware}. This API also includes the settings from device tree: fs_mgr_read_fstab_default() Bug: 35811655 Test: boot sailfish recovery Change-Id: Iaa56ac7f7b4c4dfc7180c65f03e9a37b94f1de09
* | Merge "Retry ioctl in uncrypt if it returns block# 0" am: ceafe69fb8 am: 06b4254a70 am: 5ec75851a7Tianjie Xu2017-01-071-1/+40
|\| | | | | | | | | | | am: 4536c470f8 Change-Id: I399f35a1bc1575f9e1fcfa5d2bb537390360505e
| * Merge "Retry ioctl in uncrypt if it returns block# 0"Tianjie Xu2017-01-071-1/+40
| |\
| | * Retry ioctl in uncrypt if it returns block# 0Tianjie Xu2016-12-051-1/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In some conditions, ioctl(fd, FIBMAP, &block) returns block number 0.This is a failure to locate the actual block number of the update package and will result in an invalid block.map. This CL retries ioctl a few times if it returns block number as 0. Bug: 31632090 Test: On N9, uncrypt retries ioctl and produces the correct blockmap. Change-Id: I913f98cf5c112915c2e803d0683db273c89053b6
* | | Merge "Add tests for setup-bcb and clear-bcb via uncrypt." am: 4e48a6c1a1 am: af62097c08 am: b1e8150c44Tao Bao2016-12-141-1/+1
|\| | | | | | | | | | | | | | | | | am: 51ccca4b8c Change-Id: Ifa6579a34df60e48ff53689397bb53464a5d15ee
| * | Add tests for setup-bcb and clear-bcb via uncrypt.Tao Bao2016-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: http://b/33534933 Test: recovery_component_test passes (and fails on buggy build due to the CL in [1]). [1]: commit 7e31f421a514da09b90e46dbd642a5e9b16e0003 Change-Id: I120498048ec1db8f9fcbb3cf135c05d3a48cfcdf
| * | Merge "Allow uncrypt to work without socket communication"Tianjie Xu2016-11-121-2/+18
| |\| | | | | | | | | | | | | | | | am: 4c1f3eda98 Change-Id: I8e86d4201d2fac0293e70df54e0816c96e85a9b7
| | * Allow uncrypt to work without socket communicationTianjie Xu2016-11-111-2/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was inconvenient to uncrypt a update package under adb shell because the uncrypt executable required a socket to start its job. Add a workaround to allow uncrypt executes without socket communication. Test: run uncrypt under adb shell, and the block map generates successfully Bug: 29906218 Change-Id: Ibc328b31636d925dc429ede8dcec7392a721dd53 (cherry picked from commit 28c1e5d3aa9610db6e141380b1435937fc7f07db)
| | * Verify wipe package when wiping A/B device in recovery.Yabin Cui2016-10-192-36/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To increase the security of wiping A/B devices, let uncrypt write wipe package in misc partition. Then recovery verifies the wipe package before wiping the device. Based on the original cherrypick, this CL also has additional changes to address the LOG statements and libziparchive changes. Bug: 29159185 Test: Build and boot into recovery. Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168 (cherry picked from commit 6faf0265c9b58db2c15b53f6d29025629d52f882)
* | | resolve merge conflicts of e89bf25 to stage-aosp-master am: 69c117c2ffTao Bao2016-10-191-5/+6
|\| | | | | | | | | | | | | | | | | am: 2a576e2097 Change-Id: Iee6000f594a04a0862b3687f1d87daa809fb3804
| * | resolve merge conflicts of e89bf25 to stage-aosp-masterTao Bao2016-10-191-5/+6
| |\| | | | | | | | | | Change-Id: I3b0ddb23daf264d407370cd8ace31eceb230a11a
| | * Create bootloader_message static library.Yabin Cui2016-10-183-123/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bootloader_messages merges bootloader_message_writer and bootloader.cpp, so we can use the same library to manage bootloader_message in normal boot and recovery mode. Bug: 29582118 Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618 (cherry picked from commit 2f272c0551f984e83bc5abaf240e0dddb38a3326)
| | * Turn on -Werror for recoveryTianjie Xu2016-09-301-7/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
* | | Turn on -Werror for recoveryTianjie Xu2016-09-301-7/+6
|\| | | | | | | | | | | | | | | | | am: 17e316cce0 Change-Id: Ia0e1948491edf7cca8b64d7e7f0cac91314c2025
| * | Turn on -Werror for recoveryTianjie Xu2016-09-301-7/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab (cherry picked from commit 7aa88748f6ec4e53333d1a15747bc44826ccc410)
* | | Report uncrypt errors in detailsTianjie Xu2016-09-291-23/+12
|\| | | | | | | | | | | | | | | | | am: 68fc81e860 Change-Id: I57eff7b0aaa388c32dc8e99318e68ca25ff5c02d
| * | Report uncrypt errors in detailsTianjie Xu2016-09-291-23/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the error codes for uncrypt and report the failure details in uncrypt_status. Test: uncrypt_error logs correctly in last_install Bug: 31603820 Change-Id: I8e0de845ce1707b6f8f5ae84564c5e93fd5f5ef5 (cherry picked from commit 0c68675f5ae80cd669e0bf014a69689b6fe08eee)
* | | Merge "Report uncrypt errors in details" am: af8b9363c6 am: 7582609d61 am: fc887a8fbaTianjie Xu2016-09-271-40/+65
|\| | | | | | | | | | | | | | | | | am: b0d0ee3c7d Change-Id: Ie44169accea9196457d7cae696836c3a6fe14c8e
| * | Merge "Report uncrypt errors in details" am: af8b9363c6 am: 7582609d61Tianjie Xu2016-09-271-40/+65
| |\| | | | | | | | | | | | | | | | am: fc887a8fba Change-Id: I5e83be10f4443c8b107821975b3506381fcbdf0c
| | * Report uncrypt errors in detailsTianjie Xu2016-09-271-40/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add the error codes for uncrypt and report the failure details in uncrypt_status. Test: uncrypt_error logs correctly in last_install Bug: 31603820 Change-Id: I8e0de845ce1707b6f8f5ae84564c5e93fd5f5ef5
| * | resolve merge conflicts of d5c7d6b to nyc-mr1-dev-plus-aospElliott Hughes2016-09-261-7/+7
| |\| | | | | | | | | | Change-Id: Ia041044547351a3e65b647bb9913aa18c7d2c97c
| | * Switch to <android-base/properties.h>.Elliott Hughes2016-09-262-13/+12
| | | | | | | | | | | | | | | | | | | | | Bug: http://b/23102347 Test: boot into recovery. Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e Merged-In: Ib2ca560f1312961c21fbaa294bb068de19cb883e
| | * save uncrypt status to last_installTianjie Xu2016-09-131-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Save the uncrypt time cost to /cache/recovery/uncrypt_status. Recovery reads the file and saves its contents to last_install. Bug: 31383361 Test: Tested on angler and uncrypt_time reports correctly. Change-Id: I5cd3f7b6ca069d69086d09acfea8fc4f1215c833 Merged-In: I5cd3f7b6ca069d69086d09acfea8fc4f1215c833
| | * Switch recovery to libbase loggingTianjie Xu2016-09-011-47/+44
| | | | | | | | | | | | | | | | | | | | | | | | Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
* | | Switch to <android-base/properties.h>.Elliott Hughes2016-09-241-7/+7
| | | | | | | | | | | | | | | | | | Bug: http://b/23102347 Test: boot into recovery. Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e
* | | save uncrypt status to last_install am: e16e799dfd am: 4769f209dcTianjie Xu2016-09-131-0/+21
|\| | | | | | | | | | | | | | | | | am: 707583a4ab Change-Id: I22b520ceaea408cad4e267d5a87c21ec80cd5e1d
| * | save uncrypt status to last_install am: e16e799dfdTianjie Xu2016-09-131-0/+21
| |\ \ | | | | | | | | | | | | | | | | | | | | am: 4769f209dc Change-Id: Ic9056d4af518df3747743ec6b2886fa437029395
| | * | save uncrypt status to last_installTianjie Xu2016-09-131-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Save the uncrypt time cost to /cache/recovery/uncrypt_status. Recovery reads the file and saves its contents to last_install. Bug: 31383361 Test: Tested on angler and uncrypt_time reports correctly. (cherry picked from commit fe16b5ccaf80f6e04d5b722c37c1abd70457ad28) Change-Id: Id69681a35c7eb2f0eb21b48e3616dcda82ce41b8
| * | | Switch recovery to libbase loggingTianjie Xu2016-09-011-49/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 (cherry picked from commit 747781433fb01f745529c7e9dd97c5599070ad0d)
* | | | Switch recovery to libbase loggingTianjie Xu2016-09-011-52/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
* | | | Allow uncrypt to work without socket communicationTianjie Xu2016-07-011-2/+18
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was inconvenient to uncrypt a update package under adb shell because the uncrypt executable required a socket to start its job. Add a workaround to allow uncrypt executes without socket communication. Test: run uncrypt under adb shell, and the block map generates successfully Bug: 29906218 Change-Id: Ibc328b31636d925dc429ede8dcec7392a721dd53
* | | resolve merge conflicts of 2f272c0 to nyc-mr1-dev-plus-aospYabin Cui2016-07-014-170/+2
|\| | | | | | | | | | | Change-Id: I889d94a723415ad2e660b8c99e66935142918bc4
| * | Create bootloader_message static library.Yabin Cui2016-06-304-170/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bootloader_messages merges bootloader_message_writer and bootloader.cpp, so we can use the same library to manage bootloader_message in normal boot and recovery mode. Bug: 29582118 Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618
* | | resolve merge conflicts of ed4c49c to nyc-mr1-dev-plus-aospYabin Cui2016-06-213-3/+37
|\| | | |/ |/| | | Change-Id: I8788cc80473dc77bfa0cd2682f3acb6e17ac36df
| * Verify wipe package when wiping A/B device in recovery.Yabin Cui2016-06-213-3/+37
| | | | | | | | | | | | | | | | | | | | To increase the security of wiping A/B devices, let uncrypt write wipe package in misc partition. Then recovery verifies the wipe package before wiping the device. Bug: 29159185 Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168
* | Merge "Fix google-runtime-int warnings." am: a1f4a1eChih-hung Hsieh2016-04-191-2/+3
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | am: bcad1d1 * commit 'bcad1d1ced730478c94f951034d252e777661332': Fix google-runtime-int warnings. Change-Id: Ifad31026502e3375f4833899056662da540319b5
| * | Fix google-runtime-int warnings.Chih-Hung Hsieh2016-04-181-2/+3
| | | | | | | | | | | | | | | Bug: 28220065 Change-Id: Ida199c66692a1638be6990d583d2ed42583fb592
| * | uncrypt: remove --read-bcb option.Yabin Cui2016-03-301-32/+0
| | | | | | | | | | | | | | | | | | Bug: 27897241 Change-Id: I4f52ada58e8f204dba8c974ea0ae03876411ecf0 (cherry picked from commit 61799baba3631f55469d2754542130255ce790cf)
* | | resolve merge conflicts of a58a6db to nyc-dev-plus-aospYabin Cui2016-04-094-45/+160
|\ \ \ | | |/ | |/| | | | Change-Id: I6d95fbd33f570d60e2caf42931ef6aa9f2634239
| * | uncrypt: split libbootloader_message_writer for reuse.Yabin Cui2016-04-084-44/+160
| | | | | | | | | | | | | | | | | | | | | | | | init and vold also need to write bootloader message, so split this function from uncrypt into a separate library. Bug: 27176738 Change-Id: If9b0887b4f6ffab6162d9cb47a6ceb7eedd60b4d
| * | Merge "uncrypt: fix call to close()." into nyc-devYabin Cui2016-03-301-2/+2
| |\ \
| | * | uncrypt: fix call to close().Yabin Cui2016-03-301-2/+2
| | | | | | | | | | | | | | | | | | | | Bug: 27897229 Change-Id: Iab5e829af1676f7fcd8a4b00a194aa679ed4e372
* | | | resolve merge conflicts of 61799ba to nyc-dev-plus-aospYabin Cui2016-03-301-32/+0
|\| | | | | | | | | | | | | | | Change-Id: Ib1d0afe9022ec82f05be8b56201e73505160cacc
| * | | uncrypt: remove --read-bcb option.Yabin Cui2016-03-291-32/+0
| |/ / | | | | | | | | | | | | Bug: 27897241 Change-Id: I4f52ada58e8f204dba8c974ea0ae03876411ecf0
* | | Fix uncrypt.cpp unique_fd build breakage.Elliott Hughes2016-03-291-10/+10
| | | | | | | | | | | | Change-Id: I4654f59463d1f3e1f4450e937cd910508b64c157
* | | resolve merge conflicts of 5cf4701 to nyc-dev-plus-aospElliott Hughes2016-03-291-36/+34
|\ \ \ | |/ / |/| / | |/ Change-Id: Ia69f8b070c05cfe201115de510e3c12e813e38b5
| * Switch to <android-base/unique_fd.h>.Elliott Hughes2016-03-291-51/+52
| | | | | | | | Change-Id: I13ba3f40bd52b5f3e3fe9002a45a9a8630040129
* | uncrypt: Communicate via /dev/socket/uncrypt.Tao Bao2016-03-032-79/+184
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We used to rely on files (e.g. /cache/recovery/command and /cache/recovery/uncrypt_status) to communicate between uncrypt and its caller (i.e. system_server). Since A/B devices may not have /cache partitions anymore, we switch to socket communication instead. We will keep the use of /cache/recovery/uncrypt_file to indicate the OTA package to be uncrypt'd though. Because there is existing logic in ShutdownThread.java that depends on the existence of the file to detect pending uncrypt works. This part won't affect A/B devices without /cache partitions, because such devices won't need uncrypt service (i.e the real de-encrypt work) anyway. Bug: 27176738 Change-Id: I481406e09e3ffc7b80f2c9e39003b9fca028742e
* | uncrypt: Retire pre-recovery service.Tao Bao2016-02-232-19/+2
|/ | | | | | | | | | The framework CL in [1] removes the use of "pre-recovery" service which is basically to trigger a reboot into the recovery. [1] commit e8a403d57c8ea540f8287cdaee8b90f0cf9626a3 Bug: 26830925 Change-Id: I131f31a228df59e4f9c3024b238bbdee0be2b157
* uncrypt: add options to setup bcb and clear bcb.Yabin Cui2016-02-032-104/+198
| | | | | | Bug: 26696173 Change-Id: I3a612f045aaa9e93e61ae45b05300d02b19bb3ad
* uncrypt: generate map file by renaming tmp file.Yabin Cui2016-02-011-75/+93
| | | | | | | | | Writing map file directly can break consistency in map file if it fails in the middle. Instead, we write a temporary file and rename the temporary file to map file. Bug: 26883096 Change-Id: I5e99e942e1b75e758af5f7a48f8a08a0b0041d6a
* uncrypt: avoid use-after-freeDaniel Micay2016-01-121-3/+4
| | | | | | | | | The `std::string package` variable goes out of scope but the input_path variable is then used to access the memory as it's set to `c_str()`. This was detected via OpenBSD malloc's junk filling feature. Change-Id: Ic4b939347881b6ebebf71884e7e2272ce99510e2
* uncrypt: Suppress the compiler warnings on LP64.Tao Bao2015-12-091-10/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have the following warnings when compiling uncrypt on LP64 (e.g. aosp_angler-userdebug). bootable/recovery/uncrypt/uncrypt.cpp:77:53: warning: format specifies type 'long long' but the argument has type 'off64_t' (aka 'long') [-Wformat] ALOGE("error seeking to offset %lld: %s\n", offset, strerror(errno)); ~~~~ ^~~~~~ %ld bootable/recovery/uncrypt/uncrypt.cpp:84:54: warning: format specifies type 'long long' but the argument has type 'unsigned long' [-Wformat] ALOGE("error writing offset %lld: %s\n", (offset + written), strerror(errno)); ~~~~ ^~~~~~~~~~~~~~~~~~ %lu bootable/recovery/uncrypt/uncrypt.cpp:246:16: warning: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'off_t' (aka 'long') [-Wsign-compare] while (pos < sb.st_size) { ~~~ ^ ~~~~~~~~~~ According to POSIX spec [1], we have: off_t and blksize_t shall be signed integer types; size_t shall be an unsigned integer type; blksize_t and size_t are no greater than the width of type long. And on Android, we always have a 64-bit st_size from stat(2) (//bionic/libc/include/sys/stat.h). Fix the type and add necessary casts to suppress the warnings. [1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_types.h.html Change-Id: I5d64d5b7919c541441176c364752de047f9ecb20
* Track rename from base/ to android-base/.Elliott Hughes2015-12-051-2/+2
| | | | Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
* We can use fclose directly in std::unique_ptr.Elliott Hughes2015-11-131-5/+5
| | | | | | | | It turns out the standard explicitly states that if the pointer is null, the deleter function won't be called. So it doesn't matter that fclose(3) doesn't accept null. Change-Id: I10e6e0d62209ec03ac60e673edd46f32ba279a04
* uncrypt: remove O_SYNC to avoid time-out failuresJaegeuk Kim2015-11-041-1/+1
| | | | | | | | | | | This patch removes costly O_SYNC flag for encrypted block device. After writing whole decrypted blocks, fsync should guarantee their consistency from further power failures. This patch reduces the elapsed time significantly consumed by upgrading packages on an encrypted partition, so that it could avoid another time-out failures too. Change-Id: I1fb9022c83ecc00bad09d107fc87a6a09babb0ec Signed-off-by: Jaegeuk Kim <jaegeuk@motorola.com>
* move uncrypt from init.rc to uncrypt.rcTom Cherry2015-09-042-0/+11
| | | | | | | | | Move uncrypt from /init.rc to /system/etc/init/uncrypt.rc using the LOCAL_INIT_RC mechanism Bug 23186545 Change-Id: Ib8cb6dffd2212f524298279787fd557bc84aa7b9
* Use unique_ptr and unique_fd to manager FDs.Tao Bao2015-08-102-16/+18
| | | | | | | | Clean up leaky file descriptors in uncrypt/uncrypt.cpp. Add unique_fd for open() and unique_file for fopen() to close FDs on destruction. Bug: 21496020 Change-Id: I0174db0de9d5f59cd43b44757b8ef0f5912c91a2
* uncrypt: Support file level encryption.Tao Bao2015-07-241-1/+1
| | | | | | Bug: 22534003 Change-Id: I2bc22418c416491da573875dce78daed24f2c046 (cherry picked from commit 6e9dda70cb00dd1f1948e071d7df7ca6e2bd8332)
* uncrypt: Write status when it reboots to factory resetTao Bao2015-06-101-7/+10
| | | | | | | | | When it reboots into recovery for a factory reset, it still needs to write the uncrypt status (-1) to the pipe. Bug: 21511893 (cherry picked from commit 2c2cae8a4a18b85043bb6260a59ac7d1589016bf) Change-Id: Ia5a75c5edf3afbd916153da1b4de4db2f00d0209
* Separate uncrypt into two modesTao Bao2015-06-102-95/+92
| | | | | | | | | | | | | | | uncrypt needs to be triggered to prepare the OTA package before rebooting into the recovery. Separate uncrypt into two modes. In mode 1, it uncrypts the OTA package, but will not reboot the device. In mode 2, it wipes the /misc partition and reboots. Needs matching changes in frameworks/base, system/core and external/sepolicy to work properly. Bug: 20012567 Bug: 20949086 (cherry picked from commit 158e11d6738a751b754d09df7275add589c31191) Change-Id: I349f6d368a0d6f6ee4332831c4cd4075a47426ff
* recovery: Switch to clangTao Bao2015-06-031-0/+2
| | | | | | And a few trival fixes to suppress warnings. Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
* Clean up the sleep()'s after poking init servicesTao Bao2015-05-271-4/+8
| | | | Change-Id: I77564fe5c59e604f1377b278681b7d1bff53a77a
* uncrypt: Switch to C++Tao Bao2015-05-062-42/+40
| | | | | | Also apply some trivial changes like int -> bool and clean-ups. Change-Id: Ic55fc8b82d7e91b321f69d10175be23d5c04eb92
* uncrypt: package on non-data partition should follow the right pathTao Bao2015-05-061-20/+41
| | | | | | | | | | Fix the accidental change of behavior in [1]. OTA packages not on /data partition should still go through the path that has validity checks and wipe_misc() steps. [1]: commit eaf33654c1817bd665831a13c5bd0c04daabee02. Change-Id: Ice9a049f6259cd2368d2fb95a991f8a6a0120bdd
* Check all lseek calls succeed.Elliott Hughes2015-04-301-8/+12
| | | | | | | Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek. Bug: http://b/20625546 Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
* am aeecac54: Merge "Add missing includes."Elliott Hughes2015-01-301-0/+1
|\ | | | | | | | | * commit 'aeecac5444ce55d2e82ee1b2aa35ff61a038c14e': Add missing includes.
| * Add missing includes.Elliott Hughes2015-01-301-0/+1
| | | | | | | | Change-Id: I06ea08400efa511e627be37a4fd70fbdfadea2e6
* | am 538d7d83: Merge "Fix missing #includes in bootable/recovery."Elliott Hughes2014-12-301-0/+1
|\| | | | | | | | | * commit '538d7d838d82e29c738145431aa64c587dc84943': Fix missing #includes in bootable/recovery.
| * Fix missing #includes in bootable/recovery.Elliott Hughes2014-12-291-0/+1
| | | | | | | | Change-Id: I58dfbac6ca1aa80d3659f53a8fad1bbbbdc9b941
* | Add O_CREAT option for openSungmin Choi2014-12-111-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Factory reset fails if there is no file, for example, RECOVERY_COMMAND_FILE_TMP. So create file as adding O_CREAT option if it does not exist. error log: --------- beginning of crash 12-10 02:35:17.190 3059 3059 F libc : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x30 in tid 3059 (uncrypt) 12-10 02:35:17.296 766 1528 W NativeCrashListener: Couldn't find ProcessRecord for pid 3059 12-10 02:35:17.296 191 191 I DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 12-10 02:35:17.296 191 191 E DEBUG : AM write failure (32 / Broken pipe) 12-10 02:35:17.296 191 191 I DEBUG : Build fingerprint: 'Android/aosp_hammerhead/hammerhead:5.1/LMP/hopemini12052127:userdebug/test-keys' 12-10 02:35:17.296 191 191 I DEBUG : Revision: '10' 12-10 02:35:17.297 191 191 I DEBUG : ABI: 'arm' 12-10 02:35:17.297 191 191 I DEBUG : pid: 3059, tid: 3059, name: uncrypt >>> /system/bin/uncrypt <<< 12-10 02:35:17.297 191 191 I DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x30 12-10 02:35:17.302 191 191 I DEBUG : r0 00000001 r1 be94b690 r2 fffffe90 r3 b6fdbf7c 12-10 02:35:17.302 191 191 I DEBUG : r4 00000000 r5 00000000 r6 b6fd8ca4 r7 be94b67c 12-10 02:35:17.302 191 191 I DEBUG : r8 00000000 r9 ffffffff sl b6ff582b fp be94b68d 12-10 02:35:17.302 191 191 I DEBUG : ip b6fcfd08 sp be94b648 lr b6f98fe5 pc b6f98fe4 cpsr 20070030 12-10 02:35:17.303 191 191 I DEBUG : 12-10 02:35:17.303 191 191 I DEBUG : backtrace: 12-10 02:35:17.303 191 191 I DEBUG : #00 pc 00032fe4 /system/lib/libc.so (fputs+29) 12-10 02:35:17.303 191 191 I DEBUG : #01 pc 000016a1 /system/bin/uncrypt 12-10 02:35:17.303 191 191 I DEBUG : #02 pc 0000114b /system/bin/uncrypt 12-10 02:35:17.303 191 191 I DEBUG : #03 pc 00012df5 /system/lib/libc.so (__libc_init+44) 12-10 02:35:17.303 191 191 I DEBUG : #04 pc 000013cc /system/bin/uncrypt 12-10 02:35:17.325 191 191 I DEBUG : 12-10 02:35:17.325 191 191 I DEBUG : Tombstone written to: /data/tombstones/tombstone_00 Bug: 18709330 Change-Id: Ib5dccdd366e829049938a188ea5f98d9e4e282db
* | Force write to disk while doing uncryptMichael Runge2014-11-221-5/+10
|/ | | | | | | | | This should reduce errors if the device reboots before the blocks are commited to disk. Bug: 18481902 Change-Id: I13cda1c78955e4c83522fbcf87ddb16cc9f97683
* create block map for all update packages on /dataDoug Zongker2014-09-051-12/+9
| | | | | | | | Always create the block map for packages on /data; don't only look at the encryptable/encrypted flags. Bug: 17395453 Change-Id: Iaa7643a32898328277841e324305b9419a9e071c
* open misc device in write-only modeDoug Zongker2014-08-262-19/+27
| | | | | | | | | | Opening the misc block device in read-write mode runs afoul of SELinux, which keeps the wipe code from working. Fix. Also change various things to log to logcat so we can see them happening, for future debugging. Bug: 16715412 Change-Id: Ia14066f0a371cd605fcb544547b58a41acca70b9
* clear BCB in misc partition before rebootingDoug Zongker2014-08-191-3/+43
| | | | | | | | | | | Something is leaving behind wipe commands in the BCB area of the /misc partition. We don't know what is doing that. It should always be safe to zero out that area from uncrypt, though (because if uncrypt is running then it's got the command we want in the recovery command file rather than the BCB). Bug: 16715412 Change-Id: Iad01124287f13b80ff71d6371db6371f43c43211
* revert uncrypt back to dynamic linking, fix libsDoug Zongker2014-08-141-6/+1
| | | | | Bug: 17029174, 17015157 Change-Id: I1d24f3402875dfb972daa6daef0f385baeff84e9
* change uncrypt to static linkingDoug Zongker2014-08-141-0/+2
| | | | | Bug: 17015157 Change-Id: I3c4bdcf4f11d44b617bb731a48413e3707044d1c
* only do uncryption on packages in /dataDoug Zongker2014-08-011-1/+1
| | | | | | | If recovery is invoked with a package somewhere other than /data, leave it alone. Change-Id: Ief358b53df467ae24a65e30e7a631da59bf13683
* recovery: 64 bit build issuesMark Salyzyn2014-03-191-3/+3
| | | | Change-Id: Ie88c49dea13cce5f4eb428e97f5a0956f2656a30
* Fix a crash when going into recovery mode.Maxim Siniavine2014-02-141-1/+6
| | | | | | | | | When going into recovery mode withoug recovery command file present, uncrypt crashes and the device gets stuck and eventually shuts down. Check that the command file is present before trying to read from it. Change-Id: If0192d597032be0067738e437188d92993ce56f7
* program to store unencrypted files in an encrypted filesystemDoug Zongker2014-01-162-0/+405
uncrypt can read a file on an encrypted filesystem and rewrite it to the same blocks on the underlying (unencrypted) block device. This destroys the contents of the file as far as the encrypted filesystem is concerned, but allows the data to be read without the encryption key if you know which blocks of the raw device to access. uncrypt produces a "block map" file which lists the blocks that contain the file. For unencrypted filesystem, uncrypt will produce the block map without touching the data. Bug: 12188746 Change-Id: Ib7259b9e14dac8af406796b429d58378a00c7c63