From 9e805d6ca0101f6bfc458e5c1e9b48fecb495a72 Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Wed, 4 Sep 2013 13:44:38 -0700 Subject: allow CheckKey to request mounting /system Also provide a default implementation of CheckKey that's reasonable for many devices (those that have power and volume keys). Change-Id: Icf6c7746ebd866152d402059dbd27fd16bd51ff8 --- Android.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index 075fa2cfe..645a83534 100644 --- a/Android.mk +++ b/Android.mk @@ -82,6 +82,7 @@ include $(CLEAR_VARS) LOCAL_MODULE := verifier_test LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := tests +LOCAL_CFLAGS += -DNO_RECOVERY_MOUNT LOCAL_SRC_FILES := \ verifier_test.cpp \ verifier.cpp \ -- cgit v1.2.3 From 7a4adb5268ae71260c86788ccdeb7a699c80ee0a Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Wed, 9 Oct 2013 10:14:35 -0700 Subject: Add support for ECDSA signatures This adds support for key version 5 which is an EC key using the NIST P-256 curve parameters. OTAs may be signed with these keys using the ECDSA signature algorithm with SHA-256. Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567 --- Android.mk | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index 075fa2cfe..3d6156819 100644 --- a/Android.mk +++ b/Android.mk @@ -24,6 +24,7 @@ LOCAL_SRC_FILES := \ roots.cpp \ ui.cpp \ screen_ui.cpp \ + asn1_decoder.cpp \ verifier.cpp \ adb_install.cpp @@ -76,7 +77,13 @@ LOCAL_C_INCLUDES += system/extras/ext4_utils include $(BUILD_EXECUTABLE) - +# All the APIs for testing +include $(CLEAR_VARS) +LOCAL_MODULE := libverifier +LOCAL_MODULE_TAGS := tests +LOCAL_SRC_FILES := \ + asn1_decoder.cpp +include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) LOCAL_MODULE := verifier_test @@ -84,6 +91,7 @@ LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := tests LOCAL_SRC_FILES := \ verifier_test.cpp \ + asn1_decoder.cpp \ verifier.cpp \ ui.cpp LOCAL_STATIC_LIBRARIES := \ @@ -100,6 +108,7 @@ include $(LOCAL_PATH)/minui/Android.mk \ $(LOCAL_PATH)/minzip/Android.mk \ $(LOCAL_PATH)/minadbd/Android.mk \ $(LOCAL_PATH)/mtdutils/Android.mk \ + $(LOCAL_PATH)/tests/Android.mk \ $(LOCAL_PATH)/tools/Android.mk \ $(LOCAL_PATH)/edify/Android.mk \ $(LOCAL_PATH)/updater/Android.mk \ -- cgit v1.2.3 From f39989a36d4724a4852e28b9dca3d372d3f7873d Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Wed, 11 Dec 2013 15:40:28 -0800 Subject: recovery: wipe encryption metadata along with data partition This assumes that the metadata is correctly defined in fstab. Which apparently some devices don't do. Bug: 8766487 Bug: 12112624 Change-Id: I1b14b9d4c888e9348527984be3dce04bdd9f4de0 --- Android.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index 1308066df..c544db964 100644 --- a/Android.mk +++ b/Android.mk @@ -57,7 +57,7 @@ LOCAL_STATIC_LIBRARIES := \ ifeq ($(TARGET_USERIMAGES_USE_EXT4), true) LOCAL_CFLAGS += -DUSE_EXT4 - LOCAL_C_INCLUDES += system/extras/ext4_utils + LOCAL_C_INCLUDES += system/extras/ext4_utils system/vold LOCAL_STATIC_LIBRARIES += libext4_utils_static libz endif -- cgit v1.2.3 From 99916f0496cfe37891d40f21a9a0e387620a8a60 Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Mon, 13 Jan 2014 14:16:58 -0800 Subject: do verification and extraction on memory, not files Changes minzip and recovery's file signature verification to work on memory regions, rather than files. For packages which are regular files, install.cpp now mmap()s them into memory and then passes the mapped memory to the verifier and to the minzip library. Support for files which are raw block maps (which will be used when we have packages written to encrypted data partitions) is present but largely untested so far. Bug: 12188746 Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71 --- Android.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index c544db964..bd8d09b80 100644 --- a/Android.mk +++ b/Android.mk @@ -98,6 +98,7 @@ LOCAL_SRC_FILES := \ LOCAL_STATIC_LIBRARIES := \ libmincrypt \ libminui \ + libminzip \ libcutils \ libstdc++ \ libc -- cgit v1.2.3 From 76adfc5309936a07218ce53b5ab284d5746fa84c Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Mon, 13 Jan 2014 10:04:25 -0800 Subject: program to store unencrypted files in an encrypted filesystem uncrypt can read a file on an encrypted filesystem and rewrite it to the same blocks on the underlying (unencrypted) block device. This destroys the contents of the file as far as the encrypted filesystem is concerned, but allows the data to be read without the encryption key if you know which blocks of the raw device to access. uncrypt produces a "block map" file which lists the blocks that contain the file. For unencrypted filesystem, uncrypt will produce the block map without touching the data. Bug: 12188746 Change-Id: Ib7259b9e14dac8af406796b429d58378a00c7c63 --- Android.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index bd8d09b80..b1e3798c8 100644 --- a/Android.mk +++ b/Android.mk @@ -113,5 +113,6 @@ include $(LOCAL_PATH)/minui/Android.mk \ $(LOCAL_PATH)/tests/Android.mk \ $(LOCAL_PATH)/tools/Android.mk \ $(LOCAL_PATH)/edify/Android.mk \ + $(LOCAL_PATH)/uncrypt/Android.mk \ $(LOCAL_PATH)/updater/Android.mk \ $(LOCAL_PATH)/applypatch/Android.mk -- cgit v1.2.3 From a1bc148c7c81f886426c253f2ea7beb0f301f6b0 Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Thu, 13 Feb 2014 15:18:19 -0800 Subject: remove 'retouch' ASLR support Older versions of android supported an ASLR system where binaries were randomly twiddled at OTA install time. Remove support for this; we now use the ASLR support in the linux kernel. Change-Id: I8348eb0d6424692668dc1a00e2416fbef6c158a2 --- Android.mk | 1 - 1 file changed, 1 deletion(-) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index b1e3798c8..9773d5e83 100644 --- a/Android.mk +++ b/Android.mk @@ -106,7 +106,6 @@ include $(BUILD_EXECUTABLE) include $(LOCAL_PATH)/minui/Android.mk \ - $(LOCAL_PATH)/minelf/Android.mk \ $(LOCAL_PATH)/minzip/Android.mk \ $(LOCAL_PATH)/minadbd/Android.mk \ $(LOCAL_PATH)/mtdutils/Android.mk \ -- cgit v1.2.3 From 0d32f259cddeaf46917bdc4af3514114c206dd76 Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Thu, 13 Feb 2014 15:07:56 -0800 Subject: clean up some warnings when building recovery Change-Id: I1541534ee6978ddf8d548433986679ce9507d508 --- Android.mk | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index 9773d5e83..c910e7db7 100644 --- a/Android.mk +++ b/Android.mk @@ -35,6 +35,7 @@ LOCAL_FORCE_STATIC_EXECUTABLE := true RECOVERY_API_VERSION := 3 RECOVERY_FSTAB_VERSION := 2 LOCAL_CFLAGS += -DRECOVERY_API_VERSION=$(RECOVERY_API_VERSION) +LOCAL_CFLAGS += -Wno-unused-parameter LOCAL_STATIC_LIBRARIES := \ libext4_utils_static \ @@ -90,6 +91,7 @@ LOCAL_MODULE := verifier_test LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := tests LOCAL_CFLAGS += -DNO_RECOVERY_MOUNT +LOCAL_CFLAGS += -Wno-unused-parameter LOCAL_SRC_FILES := \ verifier_test.cpp \ asn1_decoder.cpp \ -- cgit v1.2.3 From a8c56072ecf826d5a1c49ea8d180092e7d6496e9 Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Mon, 3 Mar 2014 11:22:49 -0800 Subject: Fix build break caused by vold change cryptfs.h now includes sha header from libcrypto folder Change-Id: Icd02c88971aedf96040c3bd9ca759e531546023b --- Android.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index c910e7db7..3b899b5fc 100644 --- a/Android.mk +++ b/Android.mk @@ -75,6 +75,7 @@ else endif LOCAL_C_INCLUDES += system/extras/ext4_utils +LOCAL_C_INCLUDES += external/openssl/include include $(BUILD_EXECUTABLE) -- cgit v1.2.3 From 39cf417e17011a72dd39acfe4cc8c90af26bdbaf Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Thu, 6 Mar 2014 16:16:05 -0800 Subject: remove pixelflinger from recovery Recovery now draws directly to the framebuffer by rolling its own graphics code, rather than depending on libpixelflinger. The recovery UI is modified slightly to eliminate operations that are slow with the software implementation: when the text display / menu is turned on, it now appears on a black background instead of a dimmed version of the recovery icon. There's probably substantial room for optimization of the graphics operations. Bug: 12131110 Change-Id: Iab6520e0a7aaec39e2ce39377c10aef82ae0c595 --- Android.mk | 1 - 1 file changed, 1 deletion(-) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index c910e7db7..929afd97d 100644 --- a/Android.mk +++ b/Android.mk @@ -46,7 +46,6 @@ LOCAL_STATIC_LIBRARIES := \ libmincrypt \ libminadbd \ libminui \ - libpixelflinger_static \ libpng \ libfs_mgr \ libcutils \ -- cgit v1.2.3 From 37aedb3fafcccd0da5bd9089987f05895c27492d Mon Sep 17 00:00:00 2001 From: JP Abgrall Date: Mon, 16 Jun 2014 19:07:39 -0700 Subject: Support F2FS for the data partition This adds F2FS support - for wiping a device - for the install "format" command. Note: crypto data in "footer" with a default/negative length is not supported, unlike with "ext4". Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870 Signed-off-by: JP Abgrall --- Android.mk | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index 577679c06..1970956b5 100644 --- a/Android.mk +++ b/Android.mk @@ -32,6 +32,12 @@ LOCAL_MODULE := recovery LOCAL_FORCE_STATIC_EXECUTABLE := true +# Not working as expected? +# LOCAL_ADDITIONAL_DEPENDENCIES := mkfs.f2fs +# LOCAL_ADDITIONAL_DEPENDENCIES := $(TARGET_RECOVERY_ROOT_OUT)/sbin/mkfs.f2fs +LOCAL_ADDITIONAL_DEPENDENCIES := $(TARGET_ROOT_OUT_SBIN)/mkfs.f2fs + + RECOVERY_API_VERSION := 3 RECOVERY_FSTAB_VERSION := 2 LOCAL_CFLAGS += -DRECOVERY_API_VERSION=$(RECOVERY_API_VERSION) -- cgit v1.2.3 From b9afc2bf15822d09af188912ac27bd81bf078394 Mon Sep 17 00:00:00 2001 From: Ji-Hwan Lee Date: Thu, 19 Jun 2014 02:02:50 +0900 Subject: Use LOCAL_REQUIRED_MODULES for mkfs.f2fs Instead of LOCAL_ADDITIONAL_DEPENDENCIES. Bug: 15702524 Change-Id: Ic152ae60354bf09eccdb9a85dcd04f0f076a6422 --- Android.mk | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index 1970956b5..1165acba4 100644 --- a/Android.mk +++ b/Android.mk @@ -32,11 +32,9 @@ LOCAL_MODULE := recovery LOCAL_FORCE_STATIC_EXECUTABLE := true -# Not working as expected? -# LOCAL_ADDITIONAL_DEPENDENCIES := mkfs.f2fs -# LOCAL_ADDITIONAL_DEPENDENCIES := $(TARGET_RECOVERY_ROOT_OUT)/sbin/mkfs.f2fs -LOCAL_ADDITIONAL_DEPENDENCIES := $(TARGET_ROOT_OUT_SBIN)/mkfs.f2fs - +ifeq ($(HOST_OS),linux) +LOCAL_REQUIRED_MODULES := mkfs.f2fs +endif RECOVERY_API_VERSION := 3 RECOVERY_FSTAB_VERSION := 2 -- cgit v1.2.3 From 18a78e0a162c35756628610307f41179816d3333 Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Thu, 10 Jul 2014 07:31:46 -0700 Subject: refactor fuse sideloading code Split the adb-specific portions (fetching a block from the adb host and closing the connections) out from the rest of the FUSE filesystem code, so that we can reuse the fuse stuff for installing off sdcards as well. Change-Id: I0ba385fd35999c5f5cad27842bc82024a264dd14 --- Android.mk | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index 1165acba4..f469182ef 100644 --- a/Android.mk +++ b/Android.mk @@ -15,6 +15,18 @@ LOCAL_PATH := $(call my-dir) +include $(CLEAR_VARS) + +LOCAL_SRC_FILES := fuse_sideload.c + +LOCAL_CFLAGS := -O2 -g -DADB_HOST=0 -Wall -Wno-unused-parameter +LOCAL_CFLAGS += -D_XOPEN_SOURCE -D_GNU_SOURCE + +LOCAL_MODULE := libfusesideload + +LOCAL_STATIC_LIBRARIES := libcutils libc libmincrypt +include $(BUILD_STATIC_LIBRARY) + include $(CLEAR_VARS) LOCAL_SRC_FILES := \ @@ -49,6 +61,7 @@ LOCAL_STATIC_LIBRARIES := \ libmtdutils \ libmincrypt \ libminadbd \ + libfusesideload \ libminui \ libpng \ libfs_mgr \ -- cgit v1.2.3 From 945fc68c62692467ddb8b7d714bcf0bf01c783c2 Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Thu, 10 Jul 2014 10:50:39 -0700 Subject: do sdcard sideloading through the fuse filesystem Make a fuse filesystem that sits on top of the selected package file on the sdcard, so we can verify that the file contents don't change while being read and avoid copying the file to /tmp (that is, RAM) before verifying and installing it. Change-Id: Ifd982aa68bfe469eda5f839042648654bf7386a1 --- Android.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Android.mk') diff --git a/Android.mk b/Android.mk index f469182ef..1a91f0029 100644 --- a/Android.mk +++ b/Android.mk @@ -38,7 +38,8 @@ LOCAL_SRC_FILES := \ screen_ui.cpp \ asn1_decoder.cpp \ verifier.cpp \ - adb_install.cpp + adb_install.cpp \ + fuse_sdcard_provider.c LOCAL_MODULE := recovery -- cgit v1.2.3