From ba27adbbb6db81babc1ee3ac070ea6b6189dd2e1 Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Tue, 6 Aug 2019 12:32:05 -0700 Subject: Force package installation with FUSE unless the package stores on device The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Test: recovery_component_test - all passing Merged-In: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f --- Android.bp | 2 ++ install/include/install/install.h | 4 ++++ install/install.cpp | 47 +++++++++++++++++++++++++++++++++++++++ recovery.cpp | 25 ++++++++++++++++++++- tests/Android.bp | 1 + tests/component/install_test.cpp | 28 +++++++++++++++++++++++ 6 files changed, 106 insertions(+), 1 deletion(-) diff --git a/Android.bp b/Android.bp index f92078256..f367e5e7d 100644 --- a/Android.bp +++ b/Android.bp @@ -69,6 +69,7 @@ cc_defaults { ], static_libs: [ + "libc++fs", "libinstall", "librecovery_fastboot", "libminui", @@ -94,6 +95,7 @@ cc_library_static { ], shared_libs: [ + "libfusesideload", "librecovery_ui", ], } diff --git a/install/include/install/install.h b/install/include/install/install.h index c0a8f1f4c..ed0f6c7da 100644 --- a/install/include/install/install.h +++ b/install/include/install/install.h @@ -69,3 +69,7 @@ bool verify_package_compatibility(ZipArchiveHandle package_zip); // Mandatory checks: ota-type, pre-device and serial number(if presents) // AB OTA specific checks: pre-build version, fingerprint, timestamp. int CheckPackageMetadata(const std::map& metadata, OtaType ota_type); + +// Ensures the path to the update package is mounted. Also set the |should_use_fuse| to true if the +// package stays on a removable media. +bool SetupPackageMount(const std::string& package_path, bool* should_use_fuse); diff --git a/install/install.cpp b/install/install.cpp index e2d470096..9203ef0e5 100644 --- a/install/install.cpp +++ b/install/install.cpp @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -736,3 +737,49 @@ bool verify_package(Package* package, RecoveryUI* ui) { } return true; } + +bool SetupPackageMount(const std::string& package_path, bool* should_use_fuse) { + CHECK(should_use_fuse != nullptr); + + if (package_path.empty()) { + return false; + } + + *should_use_fuse = true; + if (package_path[0] == '@') { + auto block_map_path = package_path.substr(1); + if (ensure_path_mounted(block_map_path) != 0) { + LOG(ERROR) << "Failed to mount " << block_map_path; + return false; + } + // uncrypt only produces block map only if the package stays on /data. + *should_use_fuse = false; + return true; + } + + // Package is not a block map file. + if (ensure_path_mounted(package_path) != 0) { + LOG(ERROR) << "Failed to mount " << package_path; + return false; + } + + // Reject the package if the input path doesn't equal the canonicalized path. + // e.g. /cache/../sdcard/update_package. + std::error_code ec; + auto canonical_path = std::filesystem::canonical(package_path, ec); + if (ec) { + LOG(ERROR) << "Failed to get canonical of " << package_path << ", " << ec.message(); + return false; + } + if (canonical_path.string() != package_path) { + LOG(ERROR) << "Installation aborts. The canonical path " << canonical_path.string() + << " doesn't equal the original path " << package_path; + return false; + } + + constexpr const char* CACHE_ROOT = "/cache"; + if (android::base::StartsWith(package_path, CACHE_ROOT)) { + *should_use_fuse = false; + } + return true; +} diff --git a/recovery.cpp b/recovery.cpp index 5fc673ec2..e51687a7e 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -50,6 +50,7 @@ #include "common.h" #include "fsck_unshare_blocks.h" +#include "fuse_sideload.h" #include "install/adb_install.h" #include "install/fuse_sdcard_install.h" #include "install/install.h" @@ -881,7 +882,29 @@ Device::BuiltinAction start_recovery(Device* device, const std::vector(update_package, 65536); + status = run_fuse_sideload(std::move(file_data_reader)); + } else if (auto memory_package = Package::CreateMemoryPackage( + update_package, + std::bind(&RecoveryUI::SetProgress, ui, std::placeholders::_1)); + memory_package != nullptr) { + status = install_package(update_package, should_wipe_cache, true, retry_count, ui); + } else { + // We may fail to memory map the package on 32 bit builds for packages with 2GiB+ size. + // In such cases, we will try to install the package with fuse. This is not the default + // installation method because it introduces a layer of indirection from the kernel space. + LOG(WARNING) << "Failed to memory map package " << update_package + << "; falling back to install with fuse"; + auto file_data_reader = std::make_unique(update_package, 65536); + status = run_fuse_sideload(std::move(file_data_reader)); + } + if (status != INSTALL_SUCCESS) { ui->Print("Installation aborted.\n"); diff --git a/tests/Android.bp b/tests/Android.bp index 09ef716d6..a0d82d5fd 100644 --- a/tests/Android.bp +++ b/tests/Android.bp @@ -99,6 +99,7 @@ librecovery_static_libs = [ "liblp", "libvndksupport", "libtinyxml2", + "libc++fs", ] cc_test { diff --git a/tests/component/install_test.cpp b/tests/component/install_test.cpp index 385132939..c1f0ca812 100644 --- a/tests/component/install_test.cpp +++ b/tests/component/install_test.cpp @@ -34,6 +34,7 @@ #include "install/install.h" #include "otautil/paths.h" +#include "otautil/roots.h" #include "private/setup_commands.h" static void BuildZipArchive(const std::map& file_map, int fd, @@ -595,3 +596,30 @@ TEST(InstallTest, CheckPackageMetadata_ab_post_timestamp) { "\n"); test_check_package_metadata(metadata, OtaType::AB, 0); } + +TEST(InstallTest, SetupPackageMount_package_path) { + load_volume_table(); + bool install_with_fuse; + + // Setup should fail if the input path doesn't exist. + ASSERT_FALSE(SetupPackageMount("/does_not_exist", &install_with_fuse)); + + // Package should be installed with fuse if it's not in /cache. + TemporaryDir temp_dir; + TemporaryFile update_package(temp_dir.path); + ASSERT_TRUE(SetupPackageMount(update_package.path, &install_with_fuse)); + ASSERT_TRUE(install_with_fuse); + + // Setup should fail if the input path isn't canonicalized. + std::string uncanonical_package_path = android::base::Join( + std::vector{ + temp_dir.path, + "..", + android::base::Basename(temp_dir.path), + android::base::Basename(update_package.path), + }, + '/'); + + ASSERT_EQ(0, access(uncanonical_package_path.c_str(), R_OK)); + ASSERT_FALSE(SetupPackageMount(uncanonical_package_path, &install_with_fuse)); +} -- cgit v1.2.3 From 5e6c4e9a91674826bf11cab604250b41a9326fd8 Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Tue, 6 Aug 2019 12:32:05 -0700 Subject: Force package installation with FUSE unless the package stores on device The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Test: recovery_component_test - all passing Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f Merged-In: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f --- Android.bp | 2 ++ install/include/install/install.h | 4 ++++ install/install.cpp | 47 +++++++++++++++++++++++++++++++++++++++ recovery.cpp | 6 ++++- tests/Android.bp | 1 + tests/unit/install_test.cpp | 28 +++++++++++++++++++++++ 6 files changed, 87 insertions(+), 1 deletion(-) diff --git a/Android.bp b/Android.bp index 3a8e97883..bda36c2f5 100644 --- a/Android.bp +++ b/Android.bp @@ -72,6 +72,7 @@ cc_defaults { ], static_libs: [ + "libc++fs", "libinstall", "librecovery_fastboot", "libminui", @@ -95,6 +96,7 @@ cc_library_static { ], shared_libs: [ + "libfusesideload", "librecovery_ui", ], } diff --git a/install/include/install/install.h b/install/include/install/install.h index 87d43ab09..bef23e9ca 100644 --- a/install/include/install/install.h +++ b/install/include/install/install.h @@ -63,3 +63,7 @@ bool ReadMetadataFromPackage(ZipArchiveHandle zip, std::map& metadata, OtaType ota_type); + +// Ensures the path to the update package is mounted. Also set the |should_use_fuse| to true if the +// package stays on a removable media. +bool SetupPackageMount(const std::string& package_path, bool* should_use_fuse); diff --git a/install/install.cpp b/install/install.cpp index 4bb0903cc..1c9bf2fd2 100644 --- a/install/install.cpp +++ b/install/install.cpp @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -641,3 +642,49 @@ bool verify_package(Package* package, RecoveryUI* ui) { } return true; } + +bool SetupPackageMount(const std::string& package_path, bool* should_use_fuse) { + CHECK(should_use_fuse != nullptr); + + if (package_path.empty()) { + return false; + } + + *should_use_fuse = true; + if (package_path[0] == '@') { + auto block_map_path = package_path.substr(1); + if (ensure_path_mounted(block_map_path) != 0) { + LOG(ERROR) << "Failed to mount " << block_map_path; + return false; + } + // uncrypt only produces block map only if the package stays on /data. + *should_use_fuse = false; + return true; + } + + // Package is not a block map file. + if (ensure_path_mounted(package_path) != 0) { + LOG(ERROR) << "Failed to mount " << package_path; + return false; + } + + // Reject the package if the input path doesn't equal the canonicalized path. + // e.g. /cache/../sdcard/update_package. + std::error_code ec; + auto canonical_path = std::filesystem::canonical(package_path, ec); + if (ec) { + LOG(ERROR) << "Failed to get canonical of " << package_path << ", " << ec.message(); + return false; + } + if (canonical_path.string() != package_path) { + LOG(ERROR) << "Installation aborts. The canonical path " << canonical_path.string() + << " doesn't equal the original path " << package_path; + return false; + } + + constexpr const char* CACHE_ROOT = "/cache"; + if (android::base::StartsWith(package_path, CACHE_ROOT)) { + *should_use_fuse = false; + } + return true; +} diff --git a/recovery.cpp b/recovery.cpp index e4b8e45fb..9747aae82 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -687,7 +687,11 @@ Device::BuiltinAction start_recovery(Device* device, const std::vector& file_map, int fd, @@ -513,3 +514,30 @@ TEST(InstallTest, CheckPackageMetadata_ab_post_timestamp) { "\n"); TestCheckPackageMetadata(metadata, OtaType::AB, true); } + +TEST(InstallTest, SetupPackageMount_package_path) { + load_volume_table(); + bool install_with_fuse; + + // Setup should fail if the input path doesn't exist. + ASSERT_FALSE(SetupPackageMount("/does_not_exist", &install_with_fuse)); + + // Package should be installed with fuse if it's not in /cache. + TemporaryDir temp_dir; + TemporaryFile update_package(temp_dir.path); + ASSERT_TRUE(SetupPackageMount(update_package.path, &install_with_fuse)); + ASSERT_TRUE(install_with_fuse); + + // Setup should fail if the input path isn't canonicalized. + std::string uncanonical_package_path = android::base::Join( + std::vector{ + temp_dir.path, + "..", + android::base::Basename(temp_dir.path), + android::base::Basename(update_package.path), + }, + '/'); + + ASSERT_EQ(0, access(uncanonical_package_path.c_str(), R_OK)); + ASSERT_FALSE(SetupPackageMount(uncanonical_package_path, &install_with_fuse)); +} -- cgit v1.2.3 From daaacea96ebfc55b47f44240e2082c820c8eb234 Mon Sep 17 00:00:00 2001 From: Raman Tenneti Date: Thu, 13 Feb 2020 02:50:42 +0000 Subject: Revert "Force package installation with FUSE unless the package stores on device" This reverts commit 5e6c4e9a91674826bf11cab604250b41a9326fd8. Reason for revert: BUG: 149432069 - build failure on git_qt-qpr1-dev-plus-aosp on docs. 'otautil/roots.h' file not found is the error. Forrest run: https://android-build.googleplex.com/builds/forrest/run/L85900000460577420 Change-Id: I35119c2334895aa0ef4ed71b3ddd08f280c0c031 Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031 --- Android.bp | 2 -- install/include/install/install.h | 4 ---- install/install.cpp | 47 --------------------------------------- recovery.cpp | 6 +---- tests/Android.bp | 1 - tests/unit/install_test.cpp | 28 ----------------------- 6 files changed, 1 insertion(+), 87 deletions(-) diff --git a/Android.bp b/Android.bp index bda36c2f5..3a8e97883 100644 --- a/Android.bp +++ b/Android.bp @@ -72,7 +72,6 @@ cc_defaults { ], static_libs: [ - "libc++fs", "libinstall", "librecovery_fastboot", "libminui", @@ -96,7 +95,6 @@ cc_library_static { ], shared_libs: [ - "libfusesideload", "librecovery_ui", ], } diff --git a/install/include/install/install.h b/install/include/install/install.h index bef23e9ca..87d43ab09 100644 --- a/install/include/install/install.h +++ b/install/include/install/install.h @@ -63,7 +63,3 @@ bool ReadMetadataFromPackage(ZipArchiveHandle zip, std::map& metadata, OtaType ota_type); - -// Ensures the path to the update package is mounted. Also set the |should_use_fuse| to true if the -// package stays on a removable media. -bool SetupPackageMount(const std::string& package_path, bool* should_use_fuse); diff --git a/install/install.cpp b/install/install.cpp index 1c9bf2fd2..4bb0903cc 100644 --- a/install/install.cpp +++ b/install/install.cpp @@ -30,7 +30,6 @@ #include #include #include -#include #include #include #include @@ -642,49 +641,3 @@ bool verify_package(Package* package, RecoveryUI* ui) { } return true; } - -bool SetupPackageMount(const std::string& package_path, bool* should_use_fuse) { - CHECK(should_use_fuse != nullptr); - - if (package_path.empty()) { - return false; - } - - *should_use_fuse = true; - if (package_path[0] == '@') { - auto block_map_path = package_path.substr(1); - if (ensure_path_mounted(block_map_path) != 0) { - LOG(ERROR) << "Failed to mount " << block_map_path; - return false; - } - // uncrypt only produces block map only if the package stays on /data. - *should_use_fuse = false; - return true; - } - - // Package is not a block map file. - if (ensure_path_mounted(package_path) != 0) { - LOG(ERROR) << "Failed to mount " << package_path; - return false; - } - - // Reject the package if the input path doesn't equal the canonicalized path. - // e.g. /cache/../sdcard/update_package. - std::error_code ec; - auto canonical_path = std::filesystem::canonical(package_path, ec); - if (ec) { - LOG(ERROR) << "Failed to get canonical of " << package_path << ", " << ec.message(); - return false; - } - if (canonical_path.string() != package_path) { - LOG(ERROR) << "Installation aborts. The canonical path " << canonical_path.string() - << " doesn't equal the original path " << package_path; - return false; - } - - constexpr const char* CACHE_ROOT = "/cache"; - if (android::base::StartsWith(package_path, CACHE_ROOT)) { - *should_use_fuse = false; - } - return true; -} diff --git a/recovery.cpp b/recovery.cpp index 9747aae82..e4b8e45fb 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -687,11 +687,7 @@ Device::BuiltinAction start_recovery(Device* device, const std::vector& file_map, int fd, @@ -514,30 +513,3 @@ TEST(InstallTest, CheckPackageMetadata_ab_post_timestamp) { "\n"); TestCheckPackageMetadata(metadata, OtaType::AB, true); } - -TEST(InstallTest, SetupPackageMount_package_path) { - load_volume_table(); - bool install_with_fuse; - - // Setup should fail if the input path doesn't exist. - ASSERT_FALSE(SetupPackageMount("/does_not_exist", &install_with_fuse)); - - // Package should be installed with fuse if it's not in /cache. - TemporaryDir temp_dir; - TemporaryFile update_package(temp_dir.path); - ASSERT_TRUE(SetupPackageMount(update_package.path, &install_with_fuse)); - ASSERT_TRUE(install_with_fuse); - - // Setup should fail if the input path isn't canonicalized. - std::string uncanonical_package_path = android::base::Join( - std::vector{ - temp_dir.path, - "..", - android::base::Basename(temp_dir.path), - android::base::Basename(update_package.path), - }, - '/'); - - ASSERT_EQ(0, access(uncanonical_package_path.c_str(), R_OK)); - ASSERT_FALSE(SetupPackageMount(uncanonical_package_path, &install_with_fuse)); -} -- cgit v1.2.3 From cd8faf7eeead6fd6ee5912ddd26dab5ab6c7dda7 Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Tue, 6 Aug 2019 12:32:05 -0700 Subject: Force off-device package installation with FUSE The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Test: recovery_unit_test - no new failures Change-Id: Ia5afd19854c3737110339fd59491b96708926ae5 Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031 --- Android.bp | 2 ++ install/include/install/install.h | 4 ++++ install/install.cpp | 47 +++++++++++++++++++++++++++++++++++++++ recovery.cpp | 6 ++++- tests/Android.bp | 1 + tests/unit/install_test.cpp | 28 +++++++++++++++++++++++ 6 files changed, 87 insertions(+), 1 deletion(-) diff --git a/Android.bp b/Android.bp index 4032bcc19..e7e1938b8 100644 --- a/Android.bp +++ b/Android.bp @@ -72,6 +72,7 @@ cc_defaults { ], static_libs: [ + "libc++fs", "libinstall", "librecovery_fastboot", "libminui", @@ -94,6 +95,7 @@ cc_library_static { ], shared_libs: [ + "libfusesideload", "librecovery_ui", ], } diff --git a/install/include/install/install.h b/install/include/install/install.h index 87d43ab09..bef23e9ca 100644 --- a/install/include/install/install.h +++ b/install/include/install/install.h @@ -63,3 +63,7 @@ bool ReadMetadataFromPackage(ZipArchiveHandle zip, std::map& metadata, OtaType ota_type); + +// Ensures the path to the update package is mounted. Also set the |should_use_fuse| to true if the +// package stays on a removable media. +bool SetupPackageMount(const std::string& package_path, bool* should_use_fuse); diff --git a/install/install.cpp b/install/install.cpp index 4bb0903cc..1c9bf2fd2 100644 --- a/install/install.cpp +++ b/install/install.cpp @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -641,3 +642,49 @@ bool verify_package(Package* package, RecoveryUI* ui) { } return true; } + +bool SetupPackageMount(const std::string& package_path, bool* should_use_fuse) { + CHECK(should_use_fuse != nullptr); + + if (package_path.empty()) { + return false; + } + + *should_use_fuse = true; + if (package_path[0] == '@') { + auto block_map_path = package_path.substr(1); + if (ensure_path_mounted(block_map_path) != 0) { + LOG(ERROR) << "Failed to mount " << block_map_path; + return false; + } + // uncrypt only produces block map only if the package stays on /data. + *should_use_fuse = false; + return true; + } + + // Package is not a block map file. + if (ensure_path_mounted(package_path) != 0) { + LOG(ERROR) << "Failed to mount " << package_path; + return false; + } + + // Reject the package if the input path doesn't equal the canonicalized path. + // e.g. /cache/../sdcard/update_package. + std::error_code ec; + auto canonical_path = std::filesystem::canonical(package_path, ec); + if (ec) { + LOG(ERROR) << "Failed to get canonical of " << package_path << ", " << ec.message(); + return false; + } + if (canonical_path.string() != package_path) { + LOG(ERROR) << "Installation aborts. The canonical path " << canonical_path.string() + << " doesn't equal the original path " << package_path; + return false; + } + + constexpr const char* CACHE_ROOT = "/cache"; + if (android::base::StartsWith(package_path, CACHE_ROOT)) { + *should_use_fuse = false; + } + return true; +} diff --git a/recovery.cpp b/recovery.cpp index 9ea616e13..526e1a556 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -752,7 +752,11 @@ Device::BuiltinAction start_recovery(Device* device, const std::vector& file_map, int fd, int compression_type) { @@ -513,3 +514,30 @@ TEST(InstallTest, CheckPackageMetadata_ab_post_timestamp) { "\n"); TestCheckPackageMetadata(metadata, OtaType::AB, true); } + +TEST(InstallTest, SetupPackageMount_package_path) { + load_volume_table(); + bool install_with_fuse; + + // Setup should fail if the input path doesn't exist. + ASSERT_FALSE(SetupPackageMount("/does_not_exist", &install_with_fuse)); + + // Package should be installed with fuse if it's not in /cache. + TemporaryDir temp_dir; + TemporaryFile update_package(temp_dir.path); + ASSERT_TRUE(SetupPackageMount(update_package.path, &install_with_fuse)); + ASSERT_TRUE(install_with_fuse); + + // Setup should fail if the input path isn't canonicalized. + std::string uncanonical_package_path = android::base::Join( + std::vector{ + temp_dir.path, + "..", + android::base::Basename(temp_dir.path), + android::base::Basename(update_package.path), + }, + '/'); + + ASSERT_EQ(0, access(uncanonical_package_path.c_str(), R_OK)); + ASSERT_FALSE(SetupPackageMount(uncanonical_package_path, &install_with_fuse)); +} -- cgit v1.2.3 From 2f6ed0524eabdad3daaa1c4ff08a4f7889696f1f Mon Sep 17 00:00:00 2001 From: Bill Yi Date: Mon, 16 Mar 2020 19:53:58 -0700 Subject: Import translations. DO NOT MERGE Auto-generated-cl: translation import Change-Id: I05a2df29e459400e5af878922f6e73a8b94f042b --- tools/recovery_l10n/res/values-ar/strings.xml | 4 ++-- tools/recovery_l10n/res/values-hy/strings.xml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/recovery_l10n/res/values-ar/strings.xml b/tools/recovery_l10n/res/values-ar/strings.xml index 2af36d64a..a9cd2d133 100644 --- a/tools/recovery_l10n/res/values-ar/strings.xml +++ b/tools/recovery_l10n/res/values-ar/strings.xml @@ -6,9 +6,9 @@ "ليس هناك أي أمر" "خطأ!" "جارٍ تثبيت تحديث الأمان" - "‏يتعذَّر تحميل نظام Android، حيث قد تكون بياناتك تالفة. وإذا استمر ظهور هذه الرسالة، قد يتعيَّن عليك إجراء إعادة الضبط بحسب بيانات المصنع ومحو جميع بيانات المستخدم المُخزَّنة على هذا الجهاز." + "‏يتعذَّر تحميل نظام Android، حيث قد تكون بياناتك تالفة. وإذا استمر ظهور هذه الرسالة، قد يتعيَّن عليك إجراء إعادة الضبط على الإعدادات الأصلية ومحو جميع بيانات المستخدم المُخزَّنة على هذا الجهاز." "إعادة المحاولة" - "إعادة الضبط بحسب بيانات المصنع" + "إعادة الضبط على الإعدادات الأصلية" "هل تريد حجب كل بيانات المستخدم؟\n\n لا يمكن التراجع عن هذا الإجراء." "إلغاء" diff --git a/tools/recovery_l10n/res/values-hy/strings.xml b/tools/recovery_l10n/res/values-hy/strings.xml index 35a0ab113..76c28a707 100644 --- a/tools/recovery_l10n/res/values-hy/strings.xml +++ b/tools/recovery_l10n/res/values-hy/strings.xml @@ -9,6 +9,6 @@ "Չհաջողվեց բեռնել Android համակարգը։ Հնարավոր է՝ ձեր տվյալները վնասված են։ Եթե նորից տեսնեք այս հաղորդագրությունը, փորձեք վերակայել սարքի կարգավորումները և ջնջել օգտատիրոջ բոլոր տվյալները։" "Նորից փորձել" "Վերակայել բոլոր տվյալները" - "Մաքրե՞լ օգտատիրոջ բոլոր տվյալները։\n\n ԱՅՍ ԳՈՐԾՈՂՈՒԹՅՈՒՆԸ ՀՆԱՐԱՎՈՐ ՉԻ ԼԻՆԻ ՀԵՏԱՐԿԵԼ" + "Ջնջե՞լ օգտատիրոջ բոլոր տվյալները։\n\n ԱՅՍ ԳՈՐԾՈՂՈՒԹՅՈՒՆԸ ՀՆԱՐԱՎՈՐ ՉԻ ԼԻՆԻ ՀԵՏԱՐԿԵԼ" "Չեղարկել" -- cgit v1.2.3