| Commit message (Collapse) | Author | Files | Lines |
|
This file no longer exists:
- /file_contexts has been split into plat_file_contexts and
nonplat_file_contexts since commit
b236eb6ca204cefcb926e19bd5682f9dcad4021d (system/sepolicy).
- It was named /file_contexts.bin prior to the split.
'-S file_contexts' is also no longer required by e2fsdroid, since commit
2fff6fb036cbbb6dedd7da3d208b312a9038a5ce (external/e2fsprogs). It will
load the file contexts via libselinux.
Test: Trigger the path by performing a data wipe for converting to FBE.
Change-Id: I179939da409e5c0415ae0ea0bf5ddb23f9e6331e
(cherry picked from commit 7af933b6a6fd687bd17710ef6fda0ad5483e4d6d)
|
|
Execute mke2fs to create empty ext4 filesystem.
Execute e2fsdroid to add files to filesystem.
Test: enter recovery mode and wipe data
Bug: 35219933
Change-Id: I10a9f4c1f4754ad864b2df45b1f879180ab33876
(cherry picked from commit ac31808cd37cfb98755e5821dbb2efb5fe5cb12a)
|
|
It's only used by file-based OTA which has been deprecated for O.
Test: mma
Change-Id: I439c93155ca94554d827142c99aa6c0845cc7561
|
|
Commit adeb41a8c0da3122a2907acb4aafd7ff9bce26af has switched the
argument for recovery. This CL handles the case for updater.
Note that there's a chance the updater may run against the old
recovery (and f2fs 1.4.1 binary). Not sending a 0-sector argument to
f2fs 1.4.1 also works.
Bug: 37758867
Test: Make an OTA package that calls format f2fs, with mkfs.f2fs 1.8.0
and 1.4.1 binaries respectively.
Change-Id: I4d4bbe8c57544d1c514b7aa37fbf22a0aab14e2c
|
|
Bug: 37401320
Test: build and push OTA and hit adb reboot recovery,quiescent. The screen should remain off throughout the upgrade process.
(cherry picked from commit 8706a98aa635236a95795f0a0c122bb3e591a50d)
Change-Id: I79789a151f6faafda8ecc6198c2182cc2a91da70
|
|
Bug: 37401320
Test: build and push OTA and hit adb reboot recovery,quiescent. The screen should remain off throughout the upgrade process.
Change-Id: Ibed3795c09e26c4fa73684d40b94e40c78394d3f
|
|
LOG(INFO) already appends a newline. Don't print redundant newline.
Test: No extra blank lines when calling ui_print(). And on-screen UI
shows the same.
Change-Id: I74e9a8504a7146a6cb3dae02fe2406d0dd54069b
|
|
It's valid to provide only 1 argument to apply_patch_check(). We
shouldn't fail the argument parsing.
Bug: 36541737
Test: recovery_component_test passes.
Test: recovery_component_test captures the failure without the fix.
Test: The previously failed update applies successfully.
Change-Id: Iee4c54ed33b877fc4885945b085341ec5c64f663
|
|
And switch them to std::vector & std::unique_ptr
Bug: 32117870
Test: recovery tests passed on sailfish
Change-Id: I5a45951c4bdf895be311d6d760e52e7a1b0798c3
|
|
This CL removes the updater support for delete(), symlink(), rename(),
set_metadata() and set_metadata_recursive(). Such functions have been
removed from the generation script in commit
f388104eaacd05cfa075d6478369e1d0df5ddbf3 (platform/build).
Note: This CL also removes delete_recursive() which seems to have never
been supported in generation script.
Bug: 35853185
Test: recovery_component_test passes.
Change-Id: I51e1ec946fa73761118fa1eaa082423df6d588e9
|
|
-1 is not a valid exit status.
Also replace a few exit(1) with exit(EXIT_FAILURE).
Test: mmma bootable/recovery
Change-Id: I4596c8328b770bf95acccc06a4401bd5cabd4bfd
|
|
Currently the ui_print command between the recovery and updater doesn't
append newline. Updater has to send an extra "ui_print" command without
any argument to get the line break. This looks unnecessary. And not all
the callers (including the ones in bootable/recovery) are following this
protocol when sending the ui_print command.
This CL simplifies the protocol to always print with a newline for
ui_print command. When updating from an old recovery with the new
updater, all the ui_print'd strings would appear in one line as a side
effect. But a) it would only affect the text-mode UI, which won't be
shown to users; b) log files won't be affected.
Bug: 32305035
Test: Apply an update with the new updater on top of an old and new
recovery image respectively.
Change-Id: I305a0ffc6f180daf60919cf99d24d1495d68749b
|
|
We should include "bootloader_message/bootloader_message.h" now.
Test: m updater
Change-Id: I65b22a8a0bcc5976ff1ba827bd30b46ee9d59c53
|
|
Test: Build an updater into a package and apply it on device.
Change-Id: I289b5768e9b1e44ef78e0479c64dbaa36fb1a685
|
|
We should always use unique_fd or unique_file to hold the FD or FILE*
pointer when opening via ota_(f)open functions.
This CL avoids accidentally closing raw FDs or FILE* pointers that are
managed by unique_fd/unique_file.
Test: recovery_component_test passes.
Change-Id: If58eb8b5c5da507563f85efd5d56276472a1c957
|
|
Add read_bootloader_message_from() and write_bootloader_message_to() to
allow specifying the BCB device (/misc).
Also add testcases for set_stage() and get_stage().
Test: recovery_component_test passes.
Test: Build a recovery image and apply a two-step OTA package.
Change-Id: If5ab06a1aaaea168d2a9e5dd63c07c0a3190e4ae
|
|
Test: recovery_component_test passes.
Change-Id: I3af4707bc42c7331ca961be8b967a53de82ea25b
|
|
write_value(value, filename) writes 'value' to 'filename'. It can be
used to tune device settings when applying an OTA package. For example,
write_value("960000", "/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq").
Bug: 32463933
Test: recovery_component_test passes.
Test: Apply an OTA package that contains a call to write_value(), and
check the result.
Change-Id: Ib009ecb8a45a94353f10c59e2383fe1f49796e35
(cherry picked from commit d0f3088aa95e255b39ed4b83da6b08866c2c3e0c)
|
|
write_value(value, filename) writes 'value' to 'filename'. It can be
used to tune device settings when applying an OTA package. For example,
write_value("960000", "/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq").
Bug: 32463933
Test: recovery_component_test passes.
Test: Apply an OTA package that contains a call to write_value(), and
check the result.
Change-Id: Ib009ecb8a45a94353f10c59e2383fe1f49796e35
|
|
'bool success = ExtractEntryToFile()' gives opposite result. Fix the
issue and add testcases.
Change the one-argument version of package_extract_file() to explicitly
abort for non-existent zip entry. Note that this is NOT changing the
behavior. Prior to this CL, it aborts from Evaluate() function, by
giving a general cause code. Now it returns kPackageExtractFileFailure.
BUg: 32903624
Test: recovery_component_test works.
Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f
(cherry picked from commit ef0eb3b01b66fbbc97908667a3dd1e02d710cbb7)
|
|
'bool success = ExtractEntryToFile()' gives opposite result. Fix the
issue and add testcases.
Change the one-argument version of package_extract_file() to explicitly
abort for non-existent zip entry. Note that this is NOT changing the
behavior. Prior to this CL, it aborts from Evaluate() function, by
giving a general cause code. Now it returns kPackageExtractFileFailure.
BUg: 32903624
Test: recovery_component_test works.
Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f
|
|
Clean up SymlinkFn() a bit. Also clean up the temp files created when
running the tests; otherwise non-empty TemporaryDir won't be removed.
Test: recovery_component_test passes.
Change-Id: Id3844abebd168c40125c4dcec54e6ef680a83c3a
|
|
Switch to use const std::string; and add corresponding tests.
Bug: 32649858
Test: Component tests pass
Change-Id: I640f3ec81f1481fa91aa310f8d4d96dac9649cb9
|
|
Test: recovery_component_test passes.
Change-Id: Iba5a0fdf6c79e2bed6b30b8fc19a306c1ab29d8a
|
|
Also add a testcase for delete() function.
Test: recovery_component_test passes.
Change-Id: I064d1ad4693c3ed339d0a69eabadd08a61a2ea86
|
|
Also add a testcase for file_getprop().
Test: recovery_component_test passes.
Change-Id: I8eb2f9a5702b43997ac9f4b29665eea087b1c146
|
|
ReadArgs will switch to using std::string and std::unique_ptr. Also
cleanup the callers.
Test: mma & component test passed.
Change-Id: I4724406ae6c0c134a27bbd1cdd24ad5d343b2a3b
|
|
Test: Unit tests and install-recovery.sh pass on angler and dragon.
Change-Id: I328e6554edca667cf850f5584ebf1ac211e3d4d1
|
|
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.
Test: Update package installed successfully on angler.
Bug: 19472796
Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
|
|
Changing the field of 'Value' in edify to std::string from char*.
Meanwhile cleaning up the users of 'Value' and switching them to
cpp style.
Test: compontent tests passed.
Bug: 31713288
Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
|
|
Also add a testcase for sha1_check().
Test: mmma bootable/recovery; recovery_component_test passes.
Change-Id: I4d06d551a771aec84e460148544f68b247a7e721
|
|
So that we can write native tests for updater functions. This CL adds a
testcase for getprop() function.
Test: mmma bootable/recovery; Run recovery_component_test on device.
Change-Id: Iff4c1ff63c5c71aded2f9686fed6b71cc298c228
|
|
Test: `mmma bootable/recovery`
Change-Id: I70ccddb3ddf46bb012fdc5f632afc46ebdd5473e
|
|
Test: `mmma bootable/recovery`
Change-Id: I70ccddb3ddf46bb012fdc5f632afc46ebdd5473e
(cherry picked from commit 3cbe1d20978dc488272e2b1ba10890a006fdfab9)
|
|
Bug: http://b/23102347
Test: boot into recovery.
Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e
Merged-In: Ib2ca560f1312961c21fbaa294bb068de19cb883e
|
|
Bug: http://b/23102347
Test: boot into recovery.
Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e
|
|
Was accidentally broken by the CL in [1].
[1]: commit d6c93afcc28cc65217ba65eeb646009c4f15a2ad
Bug: 29767315
Change-Id: I851e13ccea6f5be6fcd47f712cc95867245f9934
(cherry picked from commit efacd80364c7ed42d56310949790d89febaf3444)
|
|
And move off the bionic __nonnull macro, which I'm removing.
Change-Id: I40b4424f4fd7bd8076e0eee3ec35de36c3ded8de
|
|
Was accidentally broken by the CL in [1].
[1]: commit d6c93afcc28cc65217ba65eeb646009c4f15a2ad
Change-Id: I851e13ccea6f5be6fcd47f712cc95867245f9934
|
|
Bug: http://b/29250988
Change-Id: Ia97ba9082a165c37f74d6e1c3f71a367adc59945
|
|
Fix a typo for ota_fclose().
Change-Id: Ia93e911aa5391afc604874fc3a09c5a45c094c80
|
|
Write error code, cause code, and retry count into last_install. So we
can have more information about the reason of a failed OTA.
Example of new last_install:
@/cache/recovery/block.map package name
0 install result
retry: 1 retry count (new)
error: 30 error code (new)
cause: 12 error cause (new)
Details in:
go/android-ota-errorcode
Bug: 28471955
Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
|
|
Remove O_SYNC from mzExtractRecursive() and PackageExtractFileFn().
These functions deal with extracting whole files from the update
package onto a filesystem. If run on ext4 on a rotating disk, for
example, the O_SYNC flag will cause serious performance problems
and the extraction proecss can take over 30 minutes, with no
obvious benefits.
This API function already calls fsync(fd) after each file is
extracted to ensure data and metadata is written to the underlying
block device, so the O_SYNC calls should be superfluous and safely
removable.
This change does not affect the OTA patch paths or any modification
of the bootloader partition or writes to other 'emmc' partitions.
Signed-off-by: Alistair Strachan <alistair.strachan@imgtec.com>
Change-Id: I9cbb98a98e6278bf5c0d7efaae340773d1fbfcd2
|
|
Bug: 28220065
Change-Id: Ida199c66692a1638be6990d583d2ed42583fb592
|
|
Bug: http://b/27764900
Change-Id: Ib62a59edcb13054f40f514c404d32b87b14ed5f1
|
|
Bug: 27724259
Change-Id: I65bdefed10b3fb85fcb9e1147eaf0687d7d438f4
|
|
This reverts commit f73abf36bcfd433a3fdd1664a77e8e531346c1b1.
Bug: 27724259
Change-Id: I1301fdad15650837d0b1febd0c3239134e2b94fb
|
|
Bug: 26570379
Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
|
|
Cherry pick this patch because it fixes the problem that
a newed Value is released by free().
Bug: 26906416
Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43
(cherry picked from commit d6c93afcc28cc65217ba65eeb646009c4f15a2ad)
|
|
Bug: 26570379
Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
(cherry picked from commit d940887dde23597dc358b16d96ca48dd7480fee6)
|
|
Bug: 26570379
Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
|
|
Bug: 26906416
Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43
|
|
Bug: 25951086
Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
(cherry-picked from commit f1fc48c6e62cfee42d25ad12f443e22d50c15d0b)
|
|
Bug: 26907377
Change-Id: I384c0131322b2d12f0ef489735e70e86819846a4
|
|
Bug: 18790686
Change-Id: I7d2136fb39b2266f5ae5be24819c617b08a6c21e
|
|
Bug: 25951086
Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
|
|
We are already using O_SYNC and fsync() for the recursive case
(package_extract_dir()). Make it consistent for the single-file case.
Bug: 20625549
Change-Id: I487736fe5a0647dd4a2428845e76bf642e0f0dff
|
|
Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
|
|
Mostly trivial changes to make cpp compiler happy.
Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270
(cherry picked from commit ba9a42aa7e10686de186636fe9fecbf8c4cc7c19)
|
|
Mostly trivial changes to make cpp compiler happy.
Change-Id: I1b0481465c67c3bbca35a839d0764190d84ff34e
(cherry picked from commit ba9a42aa7e10686de186636fe9fecbf8c4cc7c19)
|
|
Mostly trivial changes to make cpp compiler happy.
Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270
|
|
Change-Id: I66ae21a25a25fa3c70837bc54a7d406182d4cf37
|
|
Although stdout and stderr are both redirected to log file with no
buffering, we are seeing some outputs are mixed in random order.
This is because ui_print commands from the updater are passed to the
recovery binary via a pipe, which may interleave with other outputs
that go to stderr directly.
In recovery, adding ui::PrintOnScreenOnly() function to handle
ui_print command, which skips printing to stdout. Meanwhile, updater
prints the contents to stderr in addition to piping them to recovery.
Change-Id: Idda93ea940d2e23a0276bb8ead4aa70a3cb97700
|
|
I've added explanatory comments to mzExtractRecursive because
that function will live on as a utility even after we move the
zip format related logic to libziparchive.
bug: 19472796
Change-Id: Id69db859b9b90c13429134d40ba72c1d7c17aa8e
|
|
I've added explanatory comments to mzExtractRecursive because
that function will live on as a utility even after we move the
zip format related logic to libziparchive.
bug: 19472796
(cherry-picked from commit c9ccdfd7a42de08c47ab771b94dc5b9d1f957b95)
Change-Id: I8b7fb6fa3eafb2e7ac080ef7a7eceb691b252d8a
|
|
This allows tune2fs to be executed from within OTA scripts,
allowing for file system modifications without formatting the
partition
Bug: 18430740
Change-Id: I0c2e05b5ef4a81ecea043e9b7b99b545d18fe5e6
|
|
This allows tune2fs to be executed from within OTA scripts,
allowing for file system modifications without formatting the
partition
Bug: 18430740
Change-Id: I0c2e05b5ef4a81ecea043e9b7b99b545d18fe5e6
|
|
Bug: 18092022
Change-Id: I6c42038ebeb1cfc1e7ca0d3e12310fdce1b990b0
|
|
At the end of the OTA script, we walk through /system, updating
all the permissions on the filesystem, including the UID, GID,
standard UNIX permissions, capabilities, and SELinux labels.
In the case of a symbolic link, however, we want to skip most of
those operations. The UID, GID, UNIX permissions, and capabilities
don't meaningfully apply to symbolic links.
However, that's not true with SELinux labels. The SELinux label on
a symbolic link is important. We need to make sure the label on the
symbolic link is always updated, even if none of the other attributes
are updated.
This change unconditionally updates the SELinux label on the symbolic
link itself. lsetfilecon() is used, so that the link itself is updated,
not what it's pointing to.
In addition, drop the ENOTSUP special case. SELinux has been a
requirement since Android 4.4. Running without filesystem extended
attributes is no longer supported, and we shouldn't even try to handle
non-SELinux updates anymore. (Note: this could be problematic if
these scripts are ever used to produce OTA images for 4.2 devices)
Bug: 18079773
Change-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91
|
|
Bug: 18079773
Bug: 18092222
Change-Id: Ifc3f3e123de729dfbb2f49414b3207afa96268d5
|
|
Bug: 18079773
Change-Id: Ic6fddbcbcb6ddb9e1cbd1698df98387c0033ae15
|
|
This should help with reentrant OTAs.
Bug: 18079773
Change-Id: I102fd738e3b450483ecd4471384c12e89fc586e2
|
|
Superseded by newer code.
Bug: 16984795
Change-Id: I842299f6a02af7ccf51ef2ca174d813ca53deef1
|
|
Superseded by newer code.
Bug: 16984795
Change-Id: I70c1d29dc03287b06ea909d17f729ec51ccb0344
|
|
(Cherry-pick back from master.)
Bug: 16984795
Change-Id: Ifa3d8345c5e2a0be86fb28faa080ca82592a96b4
|
|
Bug: 16984795
Change-Id: I90f958446baed83dec658de2430c8fc5e9c3047e
|
|
These error messages include empty parens after each string
substition. Ill-advised cut and paste, probably.
Bug: 16467401
Change-Id: Ib623172d6228354afdcc2e33442cc53a07f0ecbc
|
|
Sometimes renames will move a file into a directory
that does not yet exist. This will create the
parent directories, using the same symlink logic,
to ensure that there is a valid destination.
Bug: 16458395
Change-Id: Iaa005a12ce800c39f4db20f7c25a2a68cb40a52d
|
|
Sometimes renames will move a file into a directory
that does not yet exist. This will create the
parent directories, using the same symlink logic,
to ensure that there is a valid destination.
Change-Id: Iaa005a12ce800c39f4db20f7c25a2a68cb40a52d
|
|
This adds F2FS support
- for wiping a device
- for the install "format" command.
Note: crypto data in "footer" with a default/negative length
is not supported, unlike with "ext4".
Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870
Signed-off-by: JP Abgrall <jpa@google.com>
|
|
While executing syspatch and package_extract_file() calls with don't
care maps (both of which are used to rewrite the system image in
incremental and full block OTAs, respectively), pass a progress
callback in and use it to update the visible progress bar.
Change-Id: I1d3742d167c1bb2130571eb5103b7795c65ff371
|
|
The default recovery UI will reboot the device when the power key is
pressed 7 times in a row, regardless of what recovery is doing.
Disable this feature during package installation, to minimize the
chance of corrupting the device due to a mid-install reboot. (Debug
packages can explicitly request that the feature be reenabled.)
Change-Id: I20f3ec240ecd344615d452005ff26d8dd7775acf
|
|
The new build.prop for Sprout includes lines of the format:
import xxx.prop
These can be safely ignored when reading the property file.
Change-Id: Ia84a138e71461ffe8e591e88143b9787873def29
|
|
Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
|
|
Make package_extract_file() take an optional third argument which is
the pathname (in the package zip) of a map of don't-care regions to
skip over when writing the file.
Modify syspatch() to take source and target don't-care maps and use
them when patching the system partition.
Add the wipe_block_device() function to do a discard of all data on
the partition.
Change-Id: I8c856054edfb6aab2f3e5177f16d9d78add20be4
|
|
Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
|
|
Older versions of android supported an ASLR system where binaries were
randomly twiddled at OTA install time. Remove support for this; we
now use the ASLR support in the linux kernel.
Change-Id: I8348eb0d6424692668dc1a00e2416fbef6c158a2
|
|
Add the syspatch() function, which can apply xdelta3+xz patches using
the libsyspatch library.
Change-Id: Idc1921e449020923bcaf425a1983bec0833e47ed
|
|
Change-Id: I85726bf736203d602428114145c3b98692580656
|
|
In order to support multi-stage recovery packages, we add the
set_stage() and get_stage() functions, which store a short string
somewhere it can be accessed across invocations of recovery. We also
add reboot_now() which updater can invoke to immediately reboot the
device, without doing normal recovery cleanup. (It can also choose
whether to boot off the boot or recovery partition.)
If the stage string is of the form "#/#", recovery's UI will be
augmented with a simple indicator of what stage you're in, so it
doesn't look like a reboot loop.
Change-Id: I62f7ff0bc802b549c9bcf3cc154a6bad99f94603
|
|
try to process them via patch + rename, instead of
delete + add.
b/11437930
Change-Id: I984349fbc9a8dac4379e00c0d66fc7d22c4eb834
|
|
(cherry picked from commit bac7fba02763ae5e78e8e4ba0bea727330ad953e)
Change-Id: I01c38d7fea088622a8b0bbf2c833fa2d969417af
|
|
set_perm and set_perm_recursive are no longer used. Delete.
(cherry picked from commit 08ef9a957027183dcf55e432441e8fb0d5299aba)
Change-Id: I1bcc90ae19af9df4f0705496c5876987159f75ac
|
|
set_perm and set_perm_recursive are no longer used. Delete.
Change-Id: I3bb40b934b6c093b24b88aa4ed6f3c7de2bb52f0
|
|
Bug: 10183961
Bug: 10186213
Bug: 8985290
Change-Id: I57cb14af59682c5f25f1e091564548bdbf20f74e
|
|
Bug: 10183961
Bug: 10186213
Bug: 8985290
Change-Id: I57cb14af59682c5f25f1e091564548bdbf20f74e
|
|
Introduce two new updater functions:
* set_metadata
* set_metadata_recursive
Long term, these functions are intended to be more flexible replacements
for the following methods:
* set_perm
* set_perm_recursive
Usage:
set_metadata("filename", "key1", "value1", "key2", "value2", ...)
set_metadata_recursive("dirname", "key1", "value1", "key2", "value2", ...)
Description:
set_metadata() and set_metadata_recursive() set the attributes on a file/directory
according to the key/value pairs provided. Today, the following keys are
supported:
* uid
* gid
* mode (set_perm_extd only)
* fmode (set_perm_extd_recursive only)
* dmode (set_perm_extd_recursive only)
* selabel
* capabilities
Unknown keys are logged as warnings, but are not fatal errors.
Examples:
* set_metadata("/system/bin/netcfg", "selabel", "u:object_r:system_file:s0");
This sets the SELinux label of /system/bin/netcfg to u:object_r:system_file:s0.
No other changes occur.
* set_metadata("/system/bin/netcfg", "uid", 0, "gid", 3003, "mode", 02750, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0);
This sets /system/bin/netcfg to uid=0, gid=3003, mode=02750,
selinux label=u:object_r:system_file:s0, and clears the capabilities
associated with the file.
* set_metadata_recursive("/system", "uid", 0, "gid", 0, "fmode", 0644, "dmode", 0755, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0);
All files and directories under /system are set to uid=0, gid=0,
and selinux label=u:object_r:system_file:s0. Directories are set to
mode=0755. Files are set to mode=0644 and all capabilities are cleared.
Bug: 10183961
Bug: 10186213
Bug: 8985290
Change-Id: Ifdcf186a7ed45265511dc493c4036e1ac5e3d0af
|
|
This reverts commit 627eb30f73c29257acaeb6568f3da38880784f7c.
Bug: 10183961
Bug: 10186213
|
|
Modify the OTA installer to understand SELinux filesystem labels.
We do this by introducing new set_perm2 / set_perm2_recursive
calls, which understand SELinux filesystem labels. These filesystem
labels are applied at the same time that we apply the
UID / GID / permission changes.
For compatibility, we preserve the behavior of the existing
set_perm / set_perm_recursive calls.
If the destination kernel doesn't support security labels, don't
fail. SELinux isn't enabled on all kernels.
Bug: 8985290
Change-Id: I99800499f01784199e4918a82e3e2db1089cf25b
|
|
Recovery currently has a random mix of messages printed to stdout and
messages printed to stderr, which can make logs hard to read. Move
everything to stdout.
Change-Id: Ie33bd4a9e1272e731302569cdec918e0534c48a6
|
|
Change-Id: Ifd5a29d459acf101311fa1c220f728c3d0ac2e4e
|
|
Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
|
|
The bonus data option lets you give an additional blob of uncompressed
data to be used when constructing a patch for chunk #1 of an image.
The same blob must be available at patch time, and can be passed to
the command-line applypatch tool (this feature is not accessible from
edify scripts).
This will be used to reduce the size of recovery-from-boot patches by
storing parts of the recovery ramdisk (the UI images) on the system
partition.
Change-Id: Iac1959cdf7f5e4582f8d434e83456e483b64c02c
|
|
Full OTAs currently fail if the build contains a directory containing
only symlinks, because nothing creates that directory. Change the
symlink() command to create any ancestor directories that don't exist.
They're created as owner root perms 0700 because we assume that in
practice subsequent set_perm_recursive() calls will fix up their
ownership and permissions.
Change-Id: I4681cbc85863d9778e36b924f0532b2b3ef14310
|
|
Requires I5a63fd61a7e74d386d0803946d06bcf2fa8a857e
Change-Id: Ica5fb73d6f2ffb981b74d1896538988dbc4d9b24
|
|
Extend minzip, recovery, and updater to set the security context on
files based on the file_contexts configuration included in the package.
Change-Id: Ied379f266a16c64f2b4dca15dc39b98fcce16f29
|
|
It's surprising if these fail, so abort the whole edify script to
catch any problems early.
Bug: 2284848
Change-Id: Ia2a0b60e7f086fc590b242616028905a229c9e05
|
|
Removes the retouch_binaries and undo_retouch_binaries from updater;
newly generated OTA packages should not call them any more.
Note that applypatch retains the ability to unretouch a file as it
reads it. This will be needed as long as we want to support OTAs from
devices that were installed with retouching.
Change-Id: Ib3f6baeae90c84ba85983f626d821ab7e436ceb2
|
|
Replace the device-specific functions with a class. Move some of the
key handling (for log visibility toggling and rebooting) into the UI
class. Fix up the key handling so there is less crosstalk between the
immediate keys and the queued keys (an increasing annoyance on
button-limited devices).
Change-Id: I698f6fd21c67a1e55429312a0484b6c393cad46f
|
|
Replace the device-specific functions with a class. Move some of the
key handling (for log visibility toggling and rebooting) into the UI
class. Fix up the key handling so there is less crosstalk between the
immediate keys and the queued keys (an increasing annoyance on
button-limited devices).
Change-Id: I8bdea6505da7974631bf3d9ac3ee308f8c0f76e1
|
|
updater now has a function "wipe_cache();" which causes recovery to
wipe the cache partition after the successful installation of the
package. Move log copying around a bit so logs and the last_install
flag file are copied to cache after it's wiped.
Bug: 5314244
Change-Id: Id35a9eb6dcd626c8f3a3a0076074f462ed3d44bd
|
|
write_raw_image() can now take either a blob or a filename as the
source. The blob format eliminates the need for a temp file.
Change-Id: I0c6effec53d47862040efcec75e64b7c951cdcf7
|
|
When formatting /data, if it's an ext4 filesystem, reserve the
last 16 Kbytes for the crypto footer.
Change-Id: I7b401d851ee87732e5da5860df0287a1c331c5b7
|
|
Change-Id: Id96e98da76b3091987b01651f980797b1d6b49d8
|
|
Change-Id: Ie6e309b127e80cd6475f1deaa5dbadf9f5cc2746
|
|
Change-Id: I9d34e491022d7dfed653a861b0728a0a656f1fbe
|
|
Make the mount and format functions take extra parameters describing
the filesystem type and add support for mounting and formatting ext4
filesystems on EMMC.
Change recovery to consistently use stdout for status messages instead
of mixing stdout and stderr.
|
|
An extra parameter was added to the make_ext4fs() function, we these tools need
to be updated to match.
Change-Id: Id640a7f2b03153eb333b00337f0f991ff5332349
|
|
Separate files for retouch functionality are in minelf/*
ASLR for shared libraries is controlled by "-a" in ota_from_target_files.
Binary files are self-contained. Retouch logic can recover from crashes.
Signed-off-by: Hristo Bojinov <hristo@google.com>
Change-Id: I76c596abf4febd68c14f9d807ac62e8751e0b1bd
|
|
Make the mount and format functions take extra parameters describing
the filesystem type and add support for mounting and formatting ext4
filesystems on EMMC.
Change recovery to consistently use stdout for status messages instead
of mixing stdout and stderr.
|
|
Change the applypatch function to take meaningful arguments instead of
argc and argv. Move all the parsing of arguments into main.c (for the
standalone binary) and into install.c (for the updater function).
applypatch() takes patches as Value objects, so we can pass in blobs
extracted from the package without ever writing them to temp files.
The patching code is changed to read the patch from memory instead of
a file.
A bunch of compiler warnings (mostly about signed vs unsigned types)
are fixed.
Support for the IMGDIFF1 format is dropped. (We've been generating
IMGDIFF2 packages for some time now.)
Change-Id: I217563c500012750f27110db821928a06211323f
|
|
- Move applypatch to this package (from build).
- Add a rudimentary type system to edify: instead of just returning a
char*, functions now return a Value*, which is a struct that can
carry different types of value (currently just STRING and BLOB).
Convert all functions to this new scheme.
- Change the one-argument form of package_extract_file to return a
Value of the new BLOB type.
- Add read_file() to load a local file and return a blob, and
sha1_check() to test a blob (or string) against a set of possible
sha1s. read_file() uses the file-loading code from applypatch so it
can read MTD partitions as well.
This is the start of better integration between applypatch and the
rest of edify.
b/2361316 - VZW Issue PP628: Continuous reset to Droid logo:
framework-res.apk update failed (CR LIBtt59130)
Change-Id: Ibd038074749a4d515de1f115c498c6c589ee91e5
|
|
Remove support for the HTC-specific "firmware" update command and the
corresponding edify function write_firmware_update(). This
functionality is now done by an edify extension library that lives in
vendor/htc.
Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
|
|
Add a version of package_extract_file that returns the file data as
its return value (to be consumed by some other edify function that
expects to receive a bunch of binary data as an argument). Lets us
avoid having two copies of a big file in memory (extracting it into
/tmp, which is a ramdisk, and then having something load it into
memory) when doing things like radio updates.
Change-Id: Ie26ece5fbae457eb0ddcd8a13d74d78a769fbc70
|
|
|
|
The symlink() function should remove existing files before creating
symlinks, so scripts are idempotent. Log messages when various system
calls fail (but don't make the whole script fail).
|
|
Handy for producing debugging OTA packages (eg, running sqlite3 or
whatever in recovery).
|
|
We were inadvertently skipping over the first filename in the list of
arguments.
|
|
Let recovery accept set_progress commands to control progress over the
'current segment' of the bar. Add a set_progress() builtin to the
updater binary.
|
|
Add a function to read a property from a ".prop"-formatted file
(key=value pairs, one per line, ignore # comment lines and blank
lines). Move ErrorAbort to the core of edify; it's not specific to
updater now that errors aren't stored in the app cookie.
|
|
A few more changes to edify:
- fix write_raw_image(); my last change neglected to close the write
context, so the written image was corrupt.
- each expression tracks the span of the source code from which it
was compiled, so that assert()'s error message can include the
source of the expression that failed.
- the 'cookie' argument to each Function is replaced with a State
object, which contains the cookie, the source script (for use with
the above spans), and the current error message (replacing the
global variables that were used for this purpose).
- in the recovery image, a new command "ui_print" can be sent back
through the command pipe to cause text to appear on the screen.
Add a new ui_print() function to print things from scripts.
Rename existing "print" function to "stdout".
|
|
Adds more edify functions for OTAs:
is_mounted getprop apply_patch apply_patch_check apply_patch_space
write_raw_image write_firmware_image package_extract_file
This allows us to install radios, hboots, boot images, and install
incremental OTA packages.
Fixes a couple of dumb bugs in edify itself:
- we were doubling the size of the function table each time it was
*not* full, rather than each time it was full
- "no such function" errors weren't visible to the parser, so they
didn't prevent execution of the script.
|
|
Adds the following edify functions:
mount unmount format show_progress delete delete_recursive
package_extract symlink set_perm set_perm_recursive
This set is enough to extract and install the system part of a (full)
OTA package.
Adds the updater binary that extracts an edify script from the OTA
package and then executes it. Minor changes to the edify core (adds a
sleep() builtin for debugging, adds "." to the set of characters that
can appear in an unquoted string).
|