summaryrefslogtreecommitdiffstats
path: root/updater/updater.cpp (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-09-18Check for overflow before allocating memory fore decompression.Kelvin Zhang1-1/+6
On 32bit devices, an ZipEntry64 may have size > 2^32, we should check for such cases before attempting to allocate memory. Test: mm -j Change-Id: I0f916ef4b2a692f167719a74bd6ff2e887c6c2ce
2020-09-16Switch to zip64 in recoveryKelvin Zhang1-1/+1
There's already library support for zip64 in libziparchive. We just need to start using the new APIs. Bug: 167951876 Test: Sideload a large ota package in recovery Change-Id: I652741965f28de079d873c6822317ee9fa855201
2019-05-29Implement an update simulator to verify BB OTA packages on hostTianjie Xu1-1/+2
Implement the simulator runtime and build the updater simulator as a host executable. The code to parse the target-files and mocks the block devices will be submitted in the follow-up. Bug: 131911365 Test: unit tests pass Change-Id: Ib1ba939aec8333ca68a45139514d772ad7a27ad8
2019-05-22Some clean ups to the updaterTianjie Xu1-3/+1
Remove some unnecessary includes or forward declarations. And include the correct headers to build host executables. Bug: 131911365 Test: unit tests pass Change-Id: I62e75f60678159fe24619a4bd386b1416f1a5b5d
2019-05-21Add UpdaterRuntime classTianjie Xu1-12/+20
This class adds a wrapper to the runtime dependent functions. Therefore, the behavior of update on device stays the same, while simulators can have their own implementations. Also change the caller side of the registered updater functions to call these runtime wrappers. Bug: 131911365 Test: unit tests pass, sideload an update on cuttlefish Change-Id: Ib3ab67132991d67fc132f27120e4152439d16ac5
2019-05-09Add Updater class and remove UpdaterInfoTianjie Xu1-159/+115
The UpdaterInfo class is merely a collection of pointers and POD types. We can replace it with a Updater class that has the ownership of the resources. This also makes this class extensible as we plan to add more functionality in the host simulator. Bug: 131911365 Test: unit tests pass, run an update on cuttlefish and check last_install Change-Id: I07ca5963bbee8ae3cb85ccc184464910aa73d4e4
2019-05-06Track libziparchive API change.Elliott Hughes1-2/+1
Bug: http://b/129068177 Test: treehugger Change-Id: Ie5b2b0cff087f2e9e65a4e77c187e3173357f3ad
2019-01-14updater: add functions to modify dynamic partition metadataYifan Hong1-0/+2
Test: sideload full OTA on cuttlefish Test: sideload incremental OTA on cuttlefish (that grows system, shrinks vendor, and move vendor to group foo) Test: verify that /cache/recovery/cc46ebfd04058569d0c6c1431c6af6c1328458e4 exists (sha1sum of "system") Bug: 111801737 Change-Id: Ibdf6565bc1b60f3665c01739b4c95a85f0261ae5
2018-10-04DO NOT MERGE: Initialize the ZipArchive to zero before parsingTianjie Xu1-1/+1
The fields of the ZipArchive on the stack are not initialized before we call libminzip to parse the zip file. As a result, some random memory location is freed unintentionally when we close the ZipArchive upon parsing failures. Bug: 35385357 Test: recompile and run the poc with asan. Change-Id: I7e7f8ab4816c84a158af7389e1a889f8fc65f079
2018-09-08DO NOT MERGE: Initialize the ZipArchive to zero before parsingTianjie Xu1-1/+1
The fields of the ZipArchive on the stack are not initialized before we call libminzip to parse the zip file. As a result, some random memory location is freed unintentionally when we close the ZipArchive upon parsing failures. Bug: 35385357 Test: recompile and run the poc with asan. Change-Id: I7e7f8ab4816c84a158af7389e1a889f8fc65f079
2018-09-08DO NOT MERGE: Initialize the ZipArchive to zero before parsingTianjie Xu1-1/+1
The fields of the ZipArchive on the stack are not initialized before we call libminzip to parse the zip file. As a result, some random memory location is freed unintentionally when we close the ZipArchive upon parsing failures. Bug: 35385357 Test: recompile and run the poc with asan. Change-Id: I7e7f8ab4816c84a158af7389e1a889f8fc65f079
2018-08-28Remove otafaultTianjie Xu1-8/+3
Now it's less beneficial to inject I/O faults since we don't see many of them. Remove the library that mocks I/O failures. And switch to android::base I/O when possible. Bug: 113032079 Test: unit tests pass Change-Id: I9f2a92b7ba80f4da6ff9e2abc27f2680138f942c
2018-07-10edify: Rename parse_string to ParseString and let it take std::string.Tao Bao1-1/+1
Also simplify the helper function expect() in {edify,updater}_test.cpp. Test: Run recovery_component_test on marlin. Change-Id: If54febba4b5013f6d71546318a1ca6b635204ac8
2018-05-04otautil: Rename dir/sys/thermal utils.Tao Bao1-2/+2
Test: mmma -j bootable/recovery Change-Id: I32ab98549e91f993364306e4a88dc654221b3869
2018-04-26Rename CacheLocation to Paths.Tao Bao1-2/+1
We have a general need for overriding more paths (e.g. "/tmp"), mostly for testing purpose. Rename CacheLocation to Paths, and use that to manage TEMPORARY_{INSTALL,LOG}_FILE. Test: mmma -j bootable/recovery Test: recovery_component_test Change-Id: Ia8ce8e5695df37ca434f13ac4d3206de1e8e9396
2018-03-08Set the update locations to default in CacheLocation's constructorTianjie Xu1-4/+0
Otherwise the applypatch executable will fail to back up the source file to /cache when patching the recovery image. Bug: 74198354 Test: run applypatch from boot to recovery (cherry picked from commit b4e3a370bf6fe2bbb6ad8e33d16ce3210595aaef) Change-Id: I37b7fd88d66ab49ef953d4b7dca22577bd1472e1
2018-03-08Set the update locations to default in CacheLocation's constructorTianjie Xu1-4/+0
Otherwise the applypatch executable will fail to back up the source file to /cache when patching the recovery image. Bug: 74198354 Test: run applypatch from boot to recovery Change-Id: I6e5b9cd06d6ed0b26066b779a348437ecf984b92
2018-02-28Add a singleton CacheLocation to replace the hard coded locationsTianjie Xu1-0/+5
This class allows us to set the following locations dynamically: cache_temp_source, last_command_file, stash_directory_base. In the updater's main function, we reset the values of these variables to their default locations in /cache; while we can set them to temp files in unit tests or host simulation. Test: unit tests pass Change-Id: I528652650caa41373617ab055d41b1f1a4ec0f87
2017-10-09Revert "Revert "Move error_code.h into otautil.""Tao Bao1-1/+1
This reverts commit 26436d6d6010d5323349af7e119ff8f34f85c40c to re-land "Move error_code.h into otautil.". This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". This CL needs to land with device-specific module changes (e.g. adding the dependency on libotautil). Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug; mmma bootable/recovery Change-Id: If193241801af2dae73eccd31ce57cd2b81c9fd96
2017-10-05Don't include "error_code.h" in edify/expr.h.Tao Bao1-0/+1
Use forward declartion to avoid pull in the module that contains error_code.h (trying to move it into libotautil). Otherwise all the modules that include "edify/expr.h" need to depend on the module that exports error_code.h. .cpp sources should include "error_code.h" explicitly to use the enums. Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug; mmma bootable/recovery Change-Id: Ic82db2746c7deb866e8cdfb3c57e0b1ecc71c4dc
2017-09-29otafault: Move headers under otafault/.Tao Bao1-1/+1
Test: mmma bootable/recovery Change-Id: I3ceb72f703c7c2857d656c137d71baa1fccd8238
2017-06-15Fix "No file_contexts" warningJeff Vander Stoep1-3/+3
Fixed by Loading the file_contexts specified in libselinux, whereas previously recovery loaded /file_contexts which no longer exists. Bug: 62587423 Test: build and flash recovery on Angler. Warning is gone. Test: Wipe data and cache. Test: sideload OTA Change-Id: I11581c878b860ac5f412e6e8e7acde811f37870f (cherry picked from commit 2330dd8733ce0b207058e3003a3b1efebc022394)
2017-06-15Fix "No file_contexts" warningJeff Vander Stoep1-3/+3
Fixed by Loading the file_contexts specified in libselinux, whereas previously recovery loaded /file_contexts which no longer exists. Bug: 62587423 Test: build and flash recovery on Angler. Warning is gone. Test: Wipe data and cache. Test: sideload OTA Change-Id: I11581c878b860ac5f412e6e8e7acde811f37870f
2017-05-24Retry the update if ApplyBSDiffPatch | ApplyImagePatch failsTianjie Xu1-0/+4
We have seen one case when bspatch failed likely due to patch corruption. Since the package has passed verification before, we want to reboot and retry the patch command again since there's no alternative for users. We won't delete the stash before reboot, and the src has passed SHA1 check. If there's an error on the patch, it will fail the package verification during retry. Bug: 37855643 Test: angler reboots and retries the update when bspatch fails. Change-Id: I2ebac9621bd1f0649bb301b9a28a0dd079ed4e1d
2017-05-03Add a default error code when updater script abortsTianjie Xu1-7/+9
We didn't report error/cause codes unless there's an explict "Abort()" call inside the updater script. As a result, some cause codes set by ErrorAbort() didn't show up in last_install. To fix the issue, add a default error code when the script terminates abnormally (i.e. with non zero status). Bug: 37912405 Test: error/cause code shows up in last_install when argument parsing fails Change-Id: Ic6d3bd1855b853aeaa0760071e593a00cf6f0209
2017-05-02Move sysMapFile and sysReleaseMap into MemMapping class.Tao Bao1-2/+1
Test: recovery_component_test Test: recovery_unit_test Test: Apply an OTA on angler. Change-Id: I7170f03e4ce1fe06184ca1d7bcce0a695f33ac4d
2017-03-23Fixed scanf modifierMikhail Lappo1-1/+1
Scanf expectation is to have same type of pointer to store parsed value and modifier in format string
2017-03-22Remove malloc in edify functionsTianjie Xu1-1/+1
And switch them to std::vector & std::unique_ptr Bug: 32117870 Test: recovery tests passed on sailfish Change-Id: I5a45951c4bdf895be311d6d760e52e7a1b0798c3
2017-01-22Print with newline for ui_print.Tao Bao1-1/+0
Currently the ui_print command between the recovery and updater doesn't append newline. Updater has to send an extra "ui_print" command without any argument to get the line break. This looks unnecessary. And not all the callers (including the ones in bootable/recovery) are following this protocol when sending the ui_print command. This CL simplifies the protocol to always print with a newline for ui_print command. When updating from an old recovery with the new updater, all the ui_print'd strings would appear in one line as a side effect. But a) it would only affect the text-mode UI, which won't be shown to users; b) log files won't be affected. Bug: 32305035 Test: Apply an update with the new updater on top of an old and new recovery image respectively. Change-Id: I305a0ffc6f180daf60919cf99d24d1495d68749b
2017-01-09Do not inject I/O fault on a retryTianjie Xu1-1/+1
We could inject I/O faults during an OTA update for test purpose. But we should skip the injection if the update is an retry. Otherwise the update test will simply keeps failing. Bug: 34159970 Test: Apply the same package on angler and the update succeeds on the 2nd try. Change-Id: Id274e5475e3bc8d25d50a8cf61a77d2e32c569d6
2016-12-01updater: Fix inconsistent code.Tao Bao1-1/+3
Commit 81e54eddd4132895d70ab8b2307c693311799e05 introduced the inconsistency when resolving the merge conflict into master. Test: mmma bootable/recovery Change-Id: I43b7ec76a7eee000708cdca60bd372173e1fac2f
2016-12-01updater: Switch to libbase logging.Tao Bao1-152/+157
Test: Build an updater into a package and apply it on device. Change-Id: I289b5768e9b1e44ef78e0479c64dbaa36fb1a685
2016-10-18Replace minzip with libziparchiveTianjie Xu1-20/+33
Clean up the duplicated codes that handle the zip files in bootable/recovery; and rename the library of the remaining utility functions to libotautil. Test: Update package installed successfully on angler. Bug: 19472796 Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
2016-10-15Change StringValue to use std::stringTianjie Xu1-4/+4
Changing the field of 'Value' in edify to std::string from char*. Meanwhile cleaning up the users of 'Value' and switching them to cpp style. Test: compontent tests passed. Bug: 31713288 Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
2016-10-13edify: Some clean-ups to libedify.Tao Bao1-1/+0
- Remove dead declarations in expr.h: SetError(), GetError(), ClearError(). - Remove the declaration of Build() out of expr.h. - Use std::unordered_map to implement RegisterFunction() and FindFunction(); kill FinishRegistration(). - Add a testcase for calling unknown functions. Test: mmma bootable/recovery; recovery_component_test passes. Change-Id: I9af6825ae677f92b22d716a4a5682f58522af03b
2016-10-11Refactor libupdater into a seperate module.Tao Bao1-4/+4
So that we can write native tests for updater functions. This CL adds a testcase for getprop() function. Test: mmma bootable/recovery; Run recovery_component_test on device. Change-Id: Iff4c1ff63c5c71aded2f9686fed6b71cc298c228
2016-10-05edify: Move State.script and State.errmsg to std::string.Tao Bao1-20/+17
This way we kill a few strdup() and free() calls. Test: 1. recovery_component_test still passes; 2. Applying an update with the new updater works; 3. The error code in a script with abort("E310: xyz") is recorded into last_install correctly. Change-Id: Ibda4da5937346e058a0d7cc81764d6f02920010a (cherry picked from commit 59dcb9cbea8fb70ab933fd10d35582b08cd13f37)
2016-10-04edify: Move State.script and State.errmsg to std::string.Tao Bao1-20/+17
This way we kill a few strdup() and free() calls. Test: 1. recovery_component_test still passes; 2. Applying an update with the new updater works; 3. The error code in a script with abort("E310: xyz") is recorded into last_install correctly. Change-Id: Ibda4da5937346e058a0d7cc81764d6f02920010a
2016-06-03Call ioctl before each write on retryTianjie Xu1-1/+9
If the update is a retry, ioctl(BLKDISCARD) the destination blocks before writing to these blocks. Bug: 28990135 Change-Id: I1e703808e68ebb1292cd66afd76be8fd6946ee59
2016-05-20Allow recovery to return error codesTianjie Xu1-0/+17
Write error code, cause code, and retry count into last_install. So we can have more information about the reason of a failed OTA. Example of new last_install: @/cache/recovery/block.map package name 0 install result retry: 1 retry count (new) error: 30 error code (new) cause: 12 error cause (new) Details in: go/android-ota-errorcode Bug: 28471955 Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
2016-04-02Move selinux dependencies out of header files.Elliott Hughes1-0/+3
Bug: http://b/27764900 Change-Id: Ib62a59edcb13054f40f514c404d32b87b14ed5f1
2016-03-19Control fault injection with config files instead of build flagsJed Estep1-0/+2
Bug: 27724259 Change-Id: I65bdefed10b3fb85fcb9e1147eaf0687d7d438f4
2016-03-17Revert "DO NOT MERGE Control fault injection with config files instead of build flags"Tao Bao1-2/+0
This reverts commit f73abf36bcfd433a3fdd1664a77e8e531346c1b1. Bug: 27724259 Change-Id: I1301fdad15650837d0b1febd0c3239134e2b94fb
2016-03-16DO NOT MERGE Control fault injection with config files instead of build flagsJed Estep1-0/+2
Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
2016-03-10Reboot and retry on I/O errorsTianjie Xu1-0/+7
When I/O error happens, reboot and retry installation two times before we abort this OTA update. Bug: 25633753 Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69 (cherry picked from commit 3c62b67faf8a25f1dd1c44dc19759c3997fdfd36)
2016-03-03Reboot and retry on I/O errorsTianjie Xu1-0/+7
When I/O error happens, reboot and retry installation two times before we abort this OTA update. Bug: 25633753 Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
2016-02-23Control fault injection with config files instead of build flagsJed Estep1-0/+2
Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c (cherry picked from commit d940887dde23597dc358b16d96ca48dd7480fee6)
2016-02-20Control fault injection with config files instead of build flagsJed Estep1-0/+2
Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
2016-02-18Fix integer overflows in recovery procedure.Yabin Cui1-7/+6
Bug: 26960931 Change-Id: Ieae45caccfb4728fcf514f0d920976585d8e6caf
2015-11-16DO NOT MERGE recovery: Switch applypatch/ and updater/ to cpp.Tao Bao1-1/+1
Mostly trivial changes to make cpp compiler happy. Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270 (cherry picked from commit ba9a42aa7e10686de186636fe9fecbf8c4cc7c19)
2015-07-14recovery: Switch applypatch/ and updater/ to cpp.Tao Bao1-169/+0
Mostly trivial changes to make cpp compiler happy. Change-Id: I1b0481465c67c3bbca35a839d0764190d84ff34e (cherry picked from commit ba9a42aa7e10686de186636fe9fecbf8c4cc7c19)
2015-07-14recovery: Switch applypatch/ and updater/ to cpp.Tao Bao1-169/+0
Mostly trivial changes to make cpp compiler happy. Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270
2015-01-30Add missing includes.Elliott Hughes1-0/+1
Change-Id: I06ea08400efa511e627be37a4fd70fbdfadea2e6
2014-08-20installer for new block OTA systemDoug Zongker1-0/+4
(Cherry-pick back from master.) Bug: 16984795 Change-Id: Ifa3d8345c5e2a0be86fb28faa080ca82592a96b4
2014-08-19installer for new block OTA systemDoug Zongker1-0/+4
Bug: 16984795 Change-Id: I90f958446baed83dec658de2430c8fc5e9c3047e
2014-02-14clean up some warnings when building recoveryDoug Zongker1-2/+1
Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
2014-01-16do verification and extraction on memory, not filesDoug Zongker1-4/+11
Changes minzip and recovery's file signature verification to work on memory regions, rather than files. For packages which are regular files, install.cpp now mmap()s them into memory and then passes the mapped memory to the verifier and to the minzip library. Support for files which are raw block maps (which will be used when we have packages written to encrypted data partitions) is present but largely untested so far. Bug: 12188746 Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
2013-07-09recovery: move log output to stdoutDoug Zongker1-12/+12
Recovery currently has a random mix of messages printed to stdout and messages printed to stderr, which can make logs hard to read. Move everything to stdout. Change-Id: Ie33bd4a9e1272e731302569cdec918e0534c48a6
2012-10-16Remove HAVE_SELINUX guardsKenny Root1-2/+0
Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
2012-03-30Extend recovery and updater to support setting file security contexts.Stephen Smalley1-0/+15
Extend minzip, recovery, and updater to set the security context on files based on the file_contexts configuration included in the package. Change-Id: Ied379f266a16c64f2b4dca15dc39b98fcce16f29
2010-09-15close update package before installing; allow remountDoug Zongker1-1/+3
Close the update package before invoking the binary, to allow the installer to unmount /cache if it wants to. Add a function to allow remounting of a mount as read-only. Change-Id: Idfcc96c3da66083295177f729263560be58034e4
2010-02-18relocate applypatch; add type system and new functions to edifyDoug Zongker1-0/+6
- Move applypatch to this package (from build). - Add a rudimentary type system to edify: instead of just returning a char*, functions now return a Value*, which is a struct that can carry different types of value (currently just STRING and BLOB). Convert all functions to this new scheme. - Change the one-argument form of package_extract_file to return a Value of the new BLOB type. - Add read_file() to load a local file and return a blob, and sha1_check() to test a blob (or string) against a set of possible sha1s. read_file() uses the file-loading code from applypatch so it can read MTD partitions as well. This is the start of better integration between applypatch and the rest of edify. b/2361316 - VZW Issue PP628: Continuous reset to Droid logo: framework-res.apk update failed (CR LIBtt59130) Change-Id: Ibd038074749a4d515de1f115c498c6c589ee91e5
2010-02-03bump updater API version to 3; deprecate firmware update commandDoug Zongker1-3/+6
Remove support for the HTC-specific "firmware" update command and the corresponding edify function write_firmware_update(). This functionality is now done by an edify extension library that lives in vendor/htc. Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
2009-11-13eclair snapshotJean-Baptiste Queru1-0/+6
2009-06-22add device extension mechanism to updaterDoug Zongker1-0/+6
Allow devices (in BoardConfig.mk) to define additional static libraries to be linked in to updater, to make device-specific functions available in edify scripts. Modify the updater makefile to arrange for device libraries to register their edify functions.
2009-06-18let the "firmware" command take the file straight from the packageDoug Zongker1-3/+4
To do a firmware-install-on-reboot, the update binary tells recovery what file to install before rebooting. Let this file be specified as "PACKAGE:<foo>" to indicate taking the file out of the OTA package, avoiding an extra copy to /tmp. Bump the API version number to reflect this change.
2009-06-12fixes to edify and updater scriptDoug Zongker1-5/+20
A few more changes to edify: - fix write_raw_image(); my last change neglected to close the write context, so the written image was corrupt. - each expression tracks the span of the source code from which it was compiled, so that assert()'s error message can include the source of the expression that failed. - the 'cookie' argument to each Function is replaced with a State object, which contains the cookie, the source script (for use with the above spans), and the current error message (replacing the global variables that were used for this purpose). - in the recovery image, a new command "ui_print" can be sent back through the command pipe to cause text to appear on the screen. Add a new ui_print() function to print things from scripts. Rename existing "print" function to "stdout".
2009-06-12edify extensions for OTA package installation, part 2Doug Zongker1-3/+4
Adds more edify functions for OTAs: is_mounted getprop apply_patch apply_patch_check apply_patch_space write_raw_image write_firmware_image package_extract_file This allows us to install radios, hboots, boot images, and install incremental OTA packages. Fixes a couple of dumb bugs in edify itself: - we were doubling the size of the function table each time it was *not* full, rather than each time it was full - "no such function" errors weren't visible to the parser, so they didn't prevent execution of the script.
2009-06-12edify extensions for OTA package installation, part 1Doug Zongker1-0/+111
Adds the following edify functions: mount unmount format show_progress delete delete_recursive package_extract symlink set_perm set_perm_recursive This set is enough to extract and install the system part of a (full) OTA package. Adds the updater binary that extracts an edify script from the OTA package and then executes it. Minor changes to the edify core (adds a sleep() builtin for debugging, adds "." to the set of characters that can appear in an unquoted string).