diff options
Diffstat (limited to 'bootloader_message_twrp')
-rw-r--r-- | bootloader_message_twrp/Android.mk | 35 | ||||
-rw-r--r-- | bootloader_message_twrp/bootloader_message.cpp | 386 | ||||
-rw-r--r-- | bootloader_message_twrp/include/bootloader_message_twrp/bootloader_message.h | 236 |
3 files changed, 657 insertions, 0 deletions
diff --git a/bootloader_message_twrp/Android.mk b/bootloader_message_twrp/Android.mk new file mode 100644 index 000000000..5a24dc43f --- /dev/null +++ b/bootloader_message_twrp/Android.mk @@ -0,0 +1,35 @@ +# Copyright (C) 2016 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +LOCAL_PATH := $(call my-dir) + +include $(CLEAR_VARS) +LOCAL_CLANG := true +LOCAL_SRC_FILES := bootloader_message.cpp +LOCAL_MODULE := libbootloader_message_twrp +LOCAL_C_INCLUDES += bionic $(LOCAL_PATH)/include +ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 22; echo $$?),0) + LOCAL_C_INCLUDES += external/stlport/stlport + LOCAL_SHARED_LIBRARIES += libstlport +else + LOCAL_C_INCLUDES += external/libcxx/include + LOCAL_SHARED_LIBRARIES += libc++ +endif +LOCAL_CFLAGS := -Werror -std=c++11 +# ignore bootloader's factory reset command even when written to /misc +ifeq ($(TW_IGNORE_MISC_WIPE_DATA), true) + LOCAL_CFLAGS += -DIGNORE_MISC_WIPE_DATA +endif +LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include +include $(BUILD_SHARED_LIBRARY) diff --git a/bootloader_message_twrp/bootloader_message.cpp b/bootloader_message_twrp/bootloader_message.cpp new file mode 100644 index 000000000..55d3a5d9e --- /dev/null +++ b/bootloader_message_twrp/bootloader_message.cpp @@ -0,0 +1,386 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <bootloader_message_twrp/bootloader_message.h> + +#include <errno.h> +#include <fcntl.h> +#include <string.h> +#include <stdlib.h> +#include <sys/stat.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/system_properties.h> + +#include <string> +#include <vector> + +static std::string misc_blkdev; + +void set_misc_device(const char* name) { + misc_blkdev = name; +} + +static std::string get_misc_blk_device(std::string* err) { + *err = ""; + return misc_blkdev; +} + +// In recovery mode, recovery can get started and try to access the misc +// device before the kernel has actually created it. +static bool wait_for_device(const std::string& blk_device, std::string* err) { + int tries = 0; + int ret; + err->clear(); + do { + ++tries; + struct stat buf; + ret = stat(blk_device.c_str(), &buf); + if (ret == -1) { + char buffer[2048]; + sprintf(buffer, "failed to stat %s try %d: %s\n", + blk_device.c_str(), tries, strerror(errno)); + *err += buffer; + /* + *err += android::base::StringPrintf("failed to stat %s try %d: %s\n", + blk_device.c_str(), tries, strerror(errno)); + */ + sleep(1); + } + } while (ret && tries < 10); + + if (ret) { + *err += "failed to stat " + blk_device + "\n"; + /* + *err += android::base::StringPrintf("failed to stat %s\n", blk_device.c_str()); + */ + } + return ret == 0; +} + +static bool read_misc_partition(void* p, size_t size, const std::string& misc_blk_device, + size_t offset, std::string* err) { + if (!wait_for_device(misc_blk_device, err)) { + return false; + } + + int fd(open(misc_blk_device.c_str(), O_RDONLY)); + if (fd < 0) { + *err = "failed to open " + misc_blk_device + ": "; + *err += strerror(errno); + /* + android::base::unique_fd fd(open(misc_blk_device.c_str(), O_RDONLY)); + if (fd == -1) { + *err = android::base::StringPrintf("failed to open %s: %s", misc_blk_device.c_str(), + strerror(errno)); + */ + return false; + } + if (lseek(fd, static_cast<off_t>(offset), SEEK_SET) != static_cast<off_t>(offset)) { + *err = "failed to lseek " + misc_blk_device + ": "; + *err += strerror(errno); + close(fd); + /* + + *err = android::base::StringPrintf("failed to lseek %s: %s", misc_blk_device.c_str(), + strerror(errno)); + */ + return false; + } + + if ((size_t)read(fd, p, size) != size) { + *err = "failed to read " + misc_blk_device + ": "; + *err += strerror(errno); + close(fd); + /* + if (!android::base::ReadFully(fd, p, size)) { + *err = android::base::StringPrintf("failed to read %s: %s", misc_blk_device.c_str(), + strerror(errno)); + */ + return false; + } + close(fd); + return true; +} + +static bool write_misc_partition(const void* p, size_t size, size_t offset, std::string* err) { + std::string misc_blk_device = get_misc_blk_device(err); + if (misc_blk_device.empty()) { + *err = "no misc device set"; + return false; + } + int fd = (open(misc_blk_device.c_str(), O_WRONLY | O_SYNC)); + if (fd == -1) { + *err = "failed to open " + misc_blk_device + ": "; + *err += strerror(errno); + /* +static bool write_misc_partition(const void* p, size_t size, const std::string& misc_blk_device, + size_t offset, std::string* err) { + android::base::unique_fd fd(open(misc_blk_device.c_str(), O_WRONLY)); + if (fd == -1) { + *err = android::base::StringPrintf("failed to open %s: %s", misc_blk_device.c_str(), + strerror(errno)); + */ + return false; + } + if (lseek(fd, static_cast<off_t>(offset), SEEK_SET) != static_cast<off_t>(offset)) { + *err = "failed to lseek " + misc_blk_device + ": "; + *err += strerror(errno); + close(fd); + /* + *err = android::base::StringPrintf("failed to lseek %s: %s", misc_blk_device.c_str(), + strerror(errno)); + */ + return false; + } + if ((size_t)write(fd, p, size) != size) { + *err = "failed to write " + misc_blk_device + ": "; + *err += strerror(errno); + close(fd); + /* + if (!android::base::WriteFully(fd, p, size)) { + *err = android::base::StringPrintf("failed to write %s: %s", misc_blk_device.c_str(), + strerror(errno)); + */ + return false; + } + + // TODO: O_SYNC and fsync duplicates each other? + if (fsync(fd) == -1) { + *err = "failed to fsync " + misc_blk_device + ": "; + *err += strerror(errno); + close(fd); + /* + if (fsync(fd) == -1) { + *err = android::base::StringPrintf("failed to fsync %s: %s", misc_blk_device.c_str(), + strerror(errno)); + */ + return false; + } + close(fd); + return true; +} + +bool read_bootloader_message_from(bootloader_message* boot, const std::string& misc_blk_device, + std::string* err) { + return read_misc_partition(boot, sizeof(*boot), misc_blk_device, + BOOTLOADER_MESSAGE_OFFSET_IN_MISC, err); +} + +bool read_bootloader_message(bootloader_message* boot, std::string* err) { + std::string misc_blk_device = get_misc_blk_device(err); + if (misc_blk_device.empty()) { + return false; + } + return read_bootloader_message_from(boot, misc_blk_device, err); +} + +bool write_bootloader_message_to(const bootloader_message& boot, __unused const std::string& misc_blk_device, + std::string* err) { + return write_misc_partition(&boot, sizeof(boot), + BOOTLOADER_MESSAGE_OFFSET_IN_MISC, err); +} + +bool write_bootloader_message(const bootloader_message& boot, std::string* err) { + std::string misc_blk_device = get_misc_blk_device(err); + if (misc_blk_device.empty()) { + return false; + } + return write_bootloader_message_to(boot, misc_blk_device, err); +} + +// libc++ in 5.1 does not know how to handle a std::string* so this craziness is needed +bool clear_bootloader_message(void* err) { + std::string &s = *(static_cast<std::string*>(err)); + return clear_bootloader_message(&s); +} + +bool clear_bootloader_message(std::string* err) { + bootloader_message boot = {}; + return write_bootloader_message(boot, err); +} + +bool write_bootloader_message(const std::vector<std::string>& options, std::string* err) { + bootloader_message boot = {}; + strlcpy(boot.command, "boot-recovery", sizeof(boot.command)); + strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery)); + for (const auto& s : options) { + strlcat(boot.recovery, s.c_str(), sizeof(boot.recovery)); + if (s.substr(s.size() - 1) != "\n") { + strlcat(boot.recovery, "\n", sizeof(boot.recovery)); + } + } + return write_bootloader_message(boot, err); +} + +bool update_bootloader_message(const std::vector<std::string>& options, std::string* err) { + bootloader_message boot; + if (!read_bootloader_message(&boot, err)) { + return false; + } + + // Zero out the entire fields. + memset(boot.command, 0, sizeof(boot.command)); + memset(boot.recovery, 0, sizeof(boot.recovery)); + + strlcpy(boot.command, "boot-recovery", sizeof(boot.command)); + strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery)); + for (const auto& s : options) { + strlcat(boot.recovery, s.c_str(), sizeof(boot.recovery)); + if (s.back() != '\n') { + strlcat(boot.recovery, "\n", sizeof(boot.recovery)); + } + } + return write_bootloader_message(boot, err); +} + +bool write_reboot_bootloader(std::string* err) { + bootloader_message boot; + if (!read_bootloader_message(&boot, err)) { + return false; + } + if (boot.command[0] != '\0') { + *err = "Bootloader command pending."; + return false; + } + strlcpy(boot.command, "bootonce-bootloader", sizeof(boot.command)); + return write_bootloader_message(boot, err); +} + +bool read_wipe_package(std::string* package_data, size_t size, std::string* err) { + std::string misc_blk_device = get_misc_blk_device(err); + if (misc_blk_device.empty()) { + return false; + } + package_data->resize(size); + return read_misc_partition(&(*package_data)[0], size, misc_blk_device, + WIPE_PACKAGE_OFFSET_IN_MISC, err); +} + +bool write_wipe_package(const std::string& package_data, std::string* err) { + std::string misc_blk_device = get_misc_blk_device(err); + if (misc_blk_device.empty()) { + return false; + } + return write_misc_partition(package_data.data(), package_data.size(), + WIPE_PACKAGE_OFFSET_IN_MISC, err); +} + +extern "C" bool write_reboot_bootloader(void) { + std::string err; + return write_reboot_bootloader(&err); +} + +extern "C" bool write_bootloader_message(const char* options) { + std::string err; + bootloader_message boot = {}; + memcpy(&boot, options, sizeof(boot)); + return write_bootloader_message(boot, &err); +} + +static const char *COMMAND_FILE = "/cache/recovery/command"; +static const int MAX_ARG_LENGTH = 4096; +static const int MAX_ARGS = 100; + +// command line args come from, in decreasing precedence: +// - the actual command line +// - the bootloader control block (one per line, after "recovery") +// - the contents of COMMAND_FILE (one per line) +void +get_args(int *argc, char ***argv) { + bootloader_message boot = {}; + std::string err; + if (!read_bootloader_message(&boot, &err)) { + printf("%s\n", err.c_str()); + // If fails, leave a zeroed bootloader_message. + memset(&boot, 0, sizeof(boot)); + } + //stage = strndup(boot.stage, sizeof(boot.stage)); + + if (boot.command[0] != 0 && boot.command[0] != 255) { + printf("Boot command: %.*s\n", (int)sizeof(boot.command), boot.command); + } + + if (boot.status[0] != 0 && boot.status[0] != 255) { + printf("Boot status: %.*s\n", (int)sizeof(boot.status), boot.status); + } + + // --- if arguments weren't supplied, look in the bootloader control block + if (*argc <= 1) { + boot.recovery[sizeof(boot.recovery) - 1] = '\0'; // Ensure termination + const char *arg = strtok(boot.recovery, "\n"); + if (arg != NULL && !strcmp(arg, "recovery")) { + *argv = (char **) malloc(sizeof(char *) * MAX_ARGS); + (*argv)[0] = strdup(arg); + for (*argc = 1; *argc < MAX_ARGS; ++*argc) { + if ((arg = strtok(NULL, "\n")) == NULL) break; + +// if the device does not have an own recovery key combo we just want to open TWRP after +// walking through the factory reset screen - without actually doing a factory reset +#ifdef IGNORE_MISC_WIPE_DATA + if (!strcmp(arg, "--wipe_data")) { + (*argv)[*argc] = ""; + *argc = *argc -1; + printf("Bootloader arg \"%s\" ignored because TWRP was compiled with TW_IGNORE_MISC_WIPE_DATA\n", arg); + continue; + } +#endif + (*argv)[*argc] = strdup(arg); + } + printf("Got arguments from boot message\n"); + } else if (boot.recovery[0] != 0 && boot.recovery[0] != 255) { + printf("Bad boot message\n\"%.20s\"\n", boot.recovery); + } + } + + // --- if that doesn't work, try the command file (if we have /cache). + if (*argc <= 1/* && has_cache*/) { + FILE *fp = fopen(COMMAND_FILE, "r"); + if (fp != NULL) { + char *token; + char *argv0 = (*argv)[0]; + *argv = (char **) malloc(sizeof(char *) * MAX_ARGS); + (*argv)[0] = argv0; // use the same program name + + char buf[MAX_ARG_LENGTH]; + for (*argc = 1; *argc < MAX_ARGS; ++*argc) { + if (!fgets(buf, sizeof(buf), fp)) break; + token = strtok(buf, "\r\n"); + if (token != NULL) { + (*argv)[*argc] = strdup(token); // Strip newline. + } else { + --*argc; + } + } + + fclose(fp); + printf("Got arguments from %s\n", COMMAND_FILE); + } + } + + // --> write the arguments we have back into the bootloader control block + // always boot into recovery after this (until finish_recovery() is called) + strlcpy(boot.command, "boot-recovery", sizeof(boot.command)); + strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery)); + int i; + for (i = 1; i < *argc; ++i) { + strlcat(boot.recovery, (*argv)[i], sizeof(boot.recovery)); + strlcat(boot.recovery, "\n", sizeof(boot.recovery)); + } + if (!write_bootloader_message(boot, &err)) { + printf("%s\n", err.c_str()); + } +} diff --git a/bootloader_message_twrp/include/bootloader_message_twrp/bootloader_message.h b/bootloader_message_twrp/include/bootloader_message_twrp/bootloader_message.h new file mode 100644 index 000000000..52c1b86f0 --- /dev/null +++ b/bootloader_message_twrp/include/bootloader_message_twrp/bootloader_message.h @@ -0,0 +1,236 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _BOOTLOADER_MESSAGE_TWRP_H +#define _BOOTLOADER_MESSAGE_TWRP_H + +#include <assert.h> +#include <stddef.h> +#include <stdint.h> + +// Spaces used by misc partition are as below: +// 0 - 2K For bootloader_message +// 2K - 16K Used by Vendor's bootloader (the 2K - 4K range may be optionally used +// as bootloader_message_ab struct) +// 16K - 64K Used by uncrypt and recovery to store wipe_package for A/B devices +// Note that these offsets are admitted by bootloader,recovery and uncrypt, so they +// are not configurable without changing all of them. +#ifdef BOARD_RECOVERY_BLDRMSG_OFFSET +static const size_t BOOTLOADER_MESSAGE_OFFSET_IN_MISC = BOARD_RECOVERY_BLDRMSG_OFFSET; +static const size_t WIPE_PACKAGE_OFFSET_IN_MISC = 16 * 1024 + BOOTLOADER_MESSAGE_OFFSET_IN_MISC; +#else +static const size_t BOOTLOADER_MESSAGE_OFFSET_IN_MISC = 0; +static const size_t WIPE_PACKAGE_OFFSET_IN_MISC = 16 * 1024; +#endif + +/* Bootloader Message (2-KiB) + * + * This structure describes the content of a block in flash + * that is used for recovery and the bootloader to talk to + * each other. + * + * The command field is updated by linux when it wants to + * reboot into recovery or to update radio or bootloader firmware. + * It is also updated by the bootloader when firmware update + * is complete (to boot into recovery for any final cleanup) + * + * The status field was used by the bootloader after the completion + * of an "update-radio" or "update-hboot" command, which has been + * deprecated since Froyo. + * + * The recovery field is only written by linux and used + * for the system to send a message to recovery or the + * other way around. + * + * The stage field is written by packages which restart themselves + * multiple times, so that the UI can reflect which invocation of the + * package it is. If the value is of the format "#/#" (eg, "1/3"), + * the UI will add a simple indicator of that status. + * + * We used to have slot_suffix field for A/B boot control metadata in + * this struct, which gets unintentionally cleared by recovery or + * uncrypt. Move it into struct bootloader_message_ab to avoid the + * issue. + */ +struct bootloader_message { + char command[32]; + char status[32]; + char recovery[768]; + + // The 'recovery' field used to be 1024 bytes. It has only ever + // been used to store the recovery command line, so 768 bytes + // should be plenty. We carve off the last 256 bytes to store the + // stage string (for multistage packages) and possible future + // expansion. + char stage[32]; + + // The 'reserved' field used to be 224 bytes when it was initially + // carved off from the 1024-byte recovery field. Bump it up to + // 1184-byte so that the entire bootloader_message struct rounds up + // to 2048-byte. + char reserved[1184]; +}; + +/** + * We must be cautious when changing the bootloader_message struct size, + * because A/B-specific fields may end up with different offsets. + */ +/*#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus) +static_assert(sizeof(struct bootloader_message) == 2048, + "struct bootloader_message size changes, which may break A/B devices"); +#endif*/ + +/** + * The A/B-specific bootloader message structure (4-KiB). + * + * We separate A/B boot control metadata from the regular bootloader + * message struct and keep it here. Everything that's A/B-specific + * stays after struct bootloader_message, which should be managed by + * the A/B-bootloader or boot control HAL. + * + * The slot_suffix field is used for A/B implementations where the + * bootloader does not set the androidboot.ro.boot.slot_suffix kernel + * commandline parameter. This is used by fs_mgr to mount /system and + * other partitions with the slotselect flag set in fstab. A/B + * implementations are free to use all 32 bytes and may store private + * data past the first NUL-byte in this field. It is encouraged, but + * not mandatory, to use 'struct bootloader_control' described below. + */ +struct bootloader_message_ab { + struct bootloader_message message; + char slot_suffix[32]; + + // Round up the entire struct to 4096-byte. + char reserved[2016]; +}; + +/** + * Be cautious about the struct size change, in case we put anything post + * bootloader_message_ab struct (b/29159185). + */ +/*#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus) +static_assert(sizeof(struct bootloader_message_ab) == 4096, + "struct bootloader_message_ab size changes"); +#endif*/ + +#define BOOT_CTRL_MAGIC 0x42414342 /* Bootloader Control AB */ +#define BOOT_CTRL_VERSION 1 + +struct slot_metadata { + // Slot priority with 15 meaning highest priority, 1 lowest + // priority and 0 the slot is unbootable. + uint8_t priority : 4; + // Number of times left attempting to boot this slot. + uint8_t tries_remaining : 3; + // 1 if this slot has booted successfully, 0 otherwise. + uint8_t successful_boot : 1; + // 1 if this slot is corrupted from a dm-verity corruption, 0 + // otherwise. + uint8_t verity_corrupted : 1; + // Reserved for further use. + uint8_t reserved : 7; +} __attribute__((packed)); + +/* Bootloader Control AB + * + * This struct can be used to manage A/B metadata. It is designed to + * be put in the 'slot_suffix' field of the 'bootloader_message' + * structure described above. It is encouraged to use the + * 'bootloader_control' structure to store the A/B metadata, but not + * mandatory. + */ +struct bootloader_control { + // NUL terminated active slot suffix. + char slot_suffix[4]; + // Bootloader Control AB magic number (see BOOT_CTRL_MAGIC). + uint32_t magic; + // Version of struct being used (see BOOT_CTRL_VERSION). + uint8_t version; + // Number of slots being managed. + uint8_t nb_slot : 3; + // Number of times left attempting to boot recovery. + uint8_t recovery_tries_remaining : 3; + // Ensure 4-bytes alignment for slot_info field. + uint8_t reserved0[2]; + // Per-slot information. Up to 4 slots. + struct slot_metadata slot_info[4]; + // Reserved for further use. + uint8_t reserved1[8]; + // CRC32 of all 28 bytes preceding this field (little endian + // format). + uint32_t crc32_le; +} __attribute__((packed)); + +/*#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus) +static_assert(sizeof(struct bootloader_control) == + sizeof(((struct bootloader_message_ab *)0)->slot_suffix), + "struct bootloader_control has wrong size"); +#endif*/ + +#ifdef __cplusplus + +#include <string.h> +#include <vector> + +// Read bootloader message into boot. Error message will be set in err. +bool read_bootloader_message(bootloader_message* boot, std::string* err); + +// Read bootloader message from the specified misc device into boot. +bool read_bootloader_message_from(bootloader_message* boot, const std::string& misc_blk_device, + std::string* err); + +// Write bootloader message to BCB. +bool write_bootloader_message(const bootloader_message& boot, std::string* err); + +// Write bootloader message to the specified BCB device. +bool write_bootloader_message_to(const bootloader_message& boot, + const std::string& misc_blk_device, std::string* err); + +// Write bootloader message (boots into recovery with the options) to BCB. Will +// set the command and recovery fields, and reset the rest. +bool write_bootloader_message(const std::vector<std::string>& options, std::string* err); + +// Update bootloader message (boots into recovery with the options) to BCB. Will +// only update the command and recovery fields. +bool update_bootloader_message(const std::vector<std::string>& options, std::string* err); + +// Clear BCB. +bool clear_bootloader_message(void* err); +bool clear_bootloader_message(std::string* err); + +// Writes the reboot-bootloader reboot reason to the bootloader_message. +bool write_reboot_bootloader(std::string* err); + +// Read the wipe package from BCB (from offset WIPE_PACKAGE_OFFSET_IN_MISC). +bool read_wipe_package(std::string* package_data, size_t size, std::string* err); + +void set_misc_device(const char* name); +void get_args(int *argc, char ***argv); + +// Write the wipe package into BCB (to offset WIPE_PACKAGE_OFFSET_IN_MISC). +bool write_wipe_package(const std::string& package_data, std::string* err); + +#else + +#include <stdbool.h> + +// C Interface. +bool write_bootloader_message(const char* options); +bool write_reboot_bootloader(void); + +#endif // ifdef __cplusplus + +#endif // _BOOTLOADER_MESSAGE_TWRP_H |