summaryrefslogtreecommitdiffstats
path: root/recovery.cpp (unfollow)
Commit message (Collapse)AuthorFilesLines
2015-02-20Kill of most of the remainder of minadbd.Dan Albert1-2/+2
I think everything left now is here to stay (services.c might get massaged in to libadbd if it gets refactored). Bug: 17626262 Change-Id: I01faf8b277a601a40e3a0f4c3b8206c97f1d2ce6
2015-02-10recovery: Properly detect userdebug or eng buildsElliott Hughes1-3/+6
The recovery system behaves a little bit differently on userdebug or eng builds by presenting error reports to the user in the ui. This is controlled by checking the build fingerprint for the string :userdebug/ or :eng/. But with AOSP version numbers most AOSP builds blows the 92 char limit of ro.build.fingerprint and therefore the property is not set, so this condition will always be evaluated to false, for most builds. Instead of depending on the flaky ro.build.fingerprint this change uses ro.debuggable. Change-Id: I74bc00c655ac596aaf4b488ecea58f0a8de9c26b
2014-12-10Add basic navigation controls to log viewer.Patrick Tjin1-2/+36
Bug: 18642766 Change-Id: I95a6c8edf83513d421a041e79c15111b5c991dde Signed-off-by: Patrick Tjin <pattjin@google.com>
2014-12-10Save kernel logs to /cache/recoveryPatrick Tjin1-6/+60
Bug: 18642766 Change-Id: I6c8b7d8f9ffb688d3afdfe0d47c4142e711e421d Signed-off-by: Patrick Tjin <pattjin@google.com>
2014-10-23Make /cache/recovery/last_log available in recoveryNick Kralevich1-4/+73
Create a new recovery UI option to allow the user to view /cache/recovery/last_log for their device. This gives enhanced debugging information which may be necessary when a failed OTA occurs. Bug: 18094012 Change-Id: Ic3228de96e9bfc2a0141c7aab4ce392a38140cf3
2014-09-24Include reason when wiping data.Jeff Sharkey1-0/+4
This will help us track down who requested a data wipe. Bug: 17412160 Change-Id: I1c439fbd29f96b9851810baca9101f683a0f18d8
2014-08-06Erase PST partition if its marked to be erased.Andres Morales1-0/+2
We need to wipe the challenges on this partition if OEM unlock is enabled, as this is a signal that the user has opted out of factory reset protection. go/factory-reset Bug: 16633064 Change-Id: Icb8f1433bf99ca57813f5b72d5a3dd15fa94a263
2014-07-10do sdcard sideloading through the fuse filesystemDoug Zongker1-101/+9
Make a fuse filesystem that sits on top of the selected package file on the sdcard, so we can verify that the file contents don't change while being read and avoid copying the file to /tmp (that is, RAM) before verifying and installing it. Change-Id: Ifd982aa68bfe469eda5f839042648654bf7386a1
2014-07-08drop APPLY_CACHE and refactor APPLY_EXTDoug Zongker1-63/+45
Drop support for sideloading OTA packages of the cache partition (a half-solution that's long since been deprecated by "adb sideload"). Refactor the code to sideload OTA packages from SD cards: remove the installation code from the file browser. Change-Id: Id0dff6b27c4a5837546f174f50e2e1d0379c43db
2014-07-02sideload without holding the whole package in RAMDoug Zongker1-2/+2
Implement a new method of sideloading over ADB that does not require the entire package to be held in RAM (useful for low-RAM devices and devices using block OTA where we'd rather have more RAM available for binary patching). We communicate with the host using a new adb service called "sideload-host", which makes the host act as a server, sending us different parts of the package file on request. We create a FUSE filesystem that creates a virtual file "/sideload/package.zip" that is backed by the ADB connection -- users see a normal file, but when they read from the file we're actually fetching the data from the adb host. This file is then passed to the verification and installation systems like any other. To prevent a malicious adb host implementation from serving different data to the verification and installation phases of sideloading, the FUSE filesystem verifies that the contents of the file don't change between reads -- every time we fetch a block from the host we compare its hash to the previous hash for that block (if it was read before) and cause the read to fail if it changes. One necessary change is that the minadbd started by recovery in sideload mode no longer drops its root privileges (they're needed to mount the FUSE filesystem). We rely on SELinux enforcement to restrict the set of things that can be accessed. Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
2014-04-01add reboot-to-bootloader and power down options to recovery menuDoug Zongker1-17/+38
Useful when debugging or developing for recovery. Change-Id: Ic3ab42d5e848ad3488f1c575339b55e45c8a024b
2014-03-18add --shutdown_after option to recoveryDoug Zongker1-4/+10
The "--shutdown_after" option causes recovery to power down the device on completion rather than rebooting. Removes the last vestiges of the "--previous_runs" argument, which doesn't seem to be used for anything. Change-Id: I465eda2ef59d367e2b1c79a8dc69831263c69a4d Conflicts: recovery.cpp
2014-03-18add --shutdown_after option to recoveryDoug Zongker1-4/+10
The "--shutdown_after" option causes recovery to power down the device on completion rather than rebooting. Removes the last vestiges of the "--previous_runs" argument, which doesn't seem to be used for anything. Change-Id: I465eda2ef59d367e2b1c79a8dc69831263c69a4d
2014-03-17refactor image resource loading code in minuiDoug Zongker1-1/+1
Reduce the number of copies of libpng boilerplate. Rename res_create_* functions to be more clear. Make explicit the use of the framebuffer pixel format for images, and handle more combinations of input and output (eg, loading a grayscale image for display rather than use as a text alpha channel). Change-Id: I3d41c800a8f4c22b2f0167967ce6ee4d6b2b8846
2014-03-14Recovery 64-bit compile issuesMark Salyzyn1-2/+2
Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
2014-02-14clean up some warnings when building recoveryDoug Zongker1-1/+1
Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
2014-01-21log extra info for debuggingDoug Zongker1-1/+1
Make recovery log its PID, and when we use a block map file, log how many ranges it contains. Change-Id: I1b4299f8163af68a770b48c029ae25e6cb45d26b
2013-11-27add the functions for multi-stage packages to updaterDoug Zongker1-0/+18
In order to support multi-stage recovery packages, we add the set_stage() and get_stage() functions, which store a short string somewhere it can be accessed across invocations of recovery. We also add reboot_now() which updater can invoke to immediately reboot the device, without doing normal recovery cleanup. (It can also choose whether to boot off the boot or recovery partition.) If the stage string is of the form "#/#", recovery's UI will be augmented with a simple indicator of what stage you're in, so it doesn't look like a reboot loop. Change-Id: I62f7ff0bc802b549c9bcf3cc154a6bad99f94603
2013-09-04recovery: fix use of init reboot methodDoug Zongker1-1/+1
We need to set the system property to "reboot,", not an empty string. Bug: 10605007 Change-Id: I776e0d273764cf254651ab2b25c2743395b990e0
2013-09-03recovery: fix use of init reboot methodDoug Zongker1-1/+1
We need to set the system property to "reboot,", not an empty string. Bug: 10605007 Change-Id: I776e0d273764cf254651ab2b25c2743395b990e0
2013-08-30recovery: fix rebootingDoug Zongker1-1/+1
Change I84c0513acb549720cb0e8c9fcbda0050f5c396f5 moved reboot functionality into init but did not update the recovery partition; so "adb reboot" and /system/bin/reboot in recovery are both broken. Change-Id: Ie2d14627a686ffb5064256b6c399723636dff116
2013-08-21recovery: install packages in a known mount environmentDoug Zongker1-5/+0
When installing a package, we should have /tmp and /cache mounted and nothing else. Ensure this is true by explicitly mounting them and unmounting everything else as the first step of every install. Also fix an error in the progress bar that crops up when you do multiple package installs in one instance of recovery. Change-Id: I4837ed707cb419ddd3d9f6188b6355ba1bcfe2b2
2013-07-31notify about pending long pressDoug Zongker1-8/+6
Recovery changes: - add a method to the UI class that is called when a key is held down long enough to be a "long press" (but before it is released). Device-specific subclasses can override this to indicate a long press. - do color selection for ScreenRecoveryUI's menu-and-log drawing function. Subclasses can override this to customize the colors they use for various elements. - Include the value of ro.build.display.id in the menu headers, so you can see on the screen what version of recovery you are running. Change-Id: I426a6daf892b9011638e2035aebfa2831d4f596d
2013-07-09recovery: preserve recovery logs across cache wipesDoug Zongker1-2/+76
When doing a cache wipe or a factory reset (which includes a cache wipe), save any last* log files in the /cache/recovery directory and write them back after reformatting the partition, so that wiping data doesn't lose useful log information. Change-Id: I1f52ae9131760b5e752e136645c19f71b7b166ee
2013-07-09recovery: move log output to stdoutDoug Zongker1-2/+1
Recovery currently has a random mix of messages printed to stdout and messages printed to stderr, which can make logs hard to read. Move everything to stdout. Change-Id: Ie33bd4a9e1272e731302569cdec918e0534c48a6
2013-07-02recovery: copy logs to cache more aggressivelyDoug Zongker1-9/+17
Copy logs to /cache immediately upon a package installation failure; don't wait for recovery to finish. (If the user reboots without exiting recovery the "right" way, the logs never get copied at all.) Change-Id: Iee342944e7ded63da5a4af33d11ebc876f6c0835
2013-06-04Fix the potential segmentation faultJin Feng1-1/+7
Extral newline can trigger recovery segmentation fault Test case: host$ adb shell 'echo -en "--update_package=ota_update.zip\n--show_text\n\n" > /cache/recovery/command' host$ adb reboot recovery Change-Id: If1781c1f5ad94a273f1cb122b67cedd9fb562433 Signed-off-by: Jin Feng <jin88.feng@gmail.com>
2013-05-21recovery: save logs from the last few invocations of recoveryDoug Zongker1-1/+19
Extends the last_log mechanism to save logs from the last six invocations of recovery, so that we're more likely to have useful logs even if the device has repeatedly booted into recovery. Change-Id: I08ae7a09553ada45f9e0733fe1e55e5a22efd9f9
2013-05-21recovery: turn on text display for install errors in debug buildsDoug Zongker1-2/+33
Hopefully this will reduce the number of OTA "bugs" reported that are really just someone having changed their system partition, invalidating future incremental OTAs. Also fixes a longstanding TODO about putting LOGE() output in the on-screen display. Change-Id: I44e5be65b2dee7ebce2cce28ccd920dc3d6e522e
2013-05-16recovery: save logs from the last few invocations of recoveryDoug Zongker1-1/+19
Extends the last_log mechanism to save logs from the last six invocations of recovery, so that we're more likely to have useful logs even if the device has repeatedly booted into recovery. Change-Id: I08ae7a09553ada45f9e0733fe1e55e5a22efd9f9
2013-05-16recovery: turn on text display for install errors in debug buildsDoug Zongker1-2/+33
Hopefully this will reduce the number of OTA "bugs" reported that are really just someone having changed their system partition, invalidating future incremental OTAs. Also fixes a longstanding TODO about putting LOGE() output in the on-screen display. Change-Id: I44e5be65b2dee7ebce2cce28ccd920dc3d6e522e
2013-03-07more font improvements and cleanupDoug Zongker1-1/+0
Get rid of the notion of a font's "ascent"; the reference point for drawing is the top-left corner of the character box rather than the baseline. Add some more space between the menu entries and make the highlight bar around the text. Replace the default font.png with two images; the build system will include one or the other based on the resolutions of the device. Restore the original compiled-in bitmap font, to fall back on when font.png can't be found (eg, in the charger binary). Add support for bold text (when a font.png image is used). Change-Id: I6d211a486a3636f20208502b1cd2aeae8b9f5b02
2012-10-16Remove HAVE_SELINUX guardsKenny Root1-2/+0
Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
2012-10-09recovery: fix failure to unmount "/cache"Devin Kim1-0/+1
At load_locale_from_cache() function, LOCALE_FILE must get closed after it is opened and used. Otherwise it causes a failure to unmount "/cache" after load_locale_from_cache() function is called. Change-Id: I9cec0f29a8ec4452c8a6a52e2f3c8ce9930d5372 Signed-off-by: Iliyan Malchev <malchev@google.com>
2012-09-24display error state on OTA failureDoug Zongker1-4/+13
We need prompt_with_wait() to show either the ERROR or NO_COMMAND state as appropriate. Bug: 7221068 Change-Id: I191526cf12630d08b7a8250a2a81e724a4a5d972
2012-09-19localization for recovery messagesDoug Zongker1-1/+2
Add images of text for all locales we support. Make the progress bar fill the correct way for RTL languages. (Flip the direction the spinner turns, too, just for good measure.) Bug: 7064142 Change-Id: I5dddb26e02ee5275c57c4dc4a03c6d68432ac7ba
2012-09-18localization for recovery messagesDoug Zongker1-1/+2
Add images of text for all locales we support. Make the progress bar fill the correct way for RTL languages. (Flip the direction the spinner turns, too, just for good measure.) Bug: 7064142 Change-Id: I5dddb26e02ee5275c57c4dc4a03c6d68432ac7ba
2012-08-30recovery locale handling fixesDoug Zongker1-1/+1
- change locale filename to "last_locale" so the main system doesn't delete it - clean up some chatty logging - update images with real German (other languages TBD) Change-Id: I2ebb4ed4e054bd1808a3042d9efbb2c18f3a044d
2012-08-23change recovery images to android with spinnerDoug Zongker1-9/+12
Also make writing the locale a bit more robust. Change-Id: I803dd0aa0b9d6661fad74ea13fb085682402323c
2012-08-23add simple text to recovery UIDoug Zongker1-10/+53
- recovery takes a --locale argument, which will be passed by the main system - the locale is saved in cache, in case the --locale argument is missing (eg, when recovery is started from fastboot) - we include images that have prerendered text for many locales - we split the background states into four (installing update, erasing, no command, error) so that appropriate text can be shown. Change-Id: I731b8108e83d5ccc09a4aacfc1dbf7e86b397aaf
2012-04-12minor recovery changesDoug Zongker1-2/+6
- add the --just_exit option to make recovery exit normally without doing anything - make it possible to build updater extensions in C++ - add the clear_display command so that the updater binary can request recovery switch to the NONE background UI These are all used to support the notion of using OTA as a factory reflash mechanism. Change-Id: Ib00d1cbf540feff38f52a61a2cf198915b48488c
2012-04-08Update merge for SELinux to compileKenny Root1-1/+1
The contribution of SELinux things to AOSP had a call to the old ui_print that merged cleanly. This changes that call into the newer call so it will actually compile when enabled. Change-Id: I8368e937219b01d0bef06007fa46302415256d07
2012-01-18support "sideload over ADB" modeDoug Zongker1-0/+32
Rather than depending on the existence of some place to store a file that is accessible to users on an an unbootable device (eg, a physical sdcard, external USB drive, etc.), add support for sideloading packages sent to the device with adb. This change adds a "minimal adbd" which supports nothing but receiving a package over adb (with the "adb sideload" command) and storing it to a fixed filename in the /tmp ramdisk, from where it can be verified and sideloaded in the usual way. This should be leave available even on locked user-build devices. The user can select "apply package from ADB" from the recovery menu, which starts minimal-adb mode (shutting down any real adbd that may be running). Once minimal-adb has received a package it exits (restarting real adbd if appropriate) and then verification and installation of the received package proceeds. always initialize usb product, vendor, etc. for adb in recovery Set these values even on non-debuggable builds, so that the mini-adb now in recovery can work.
2012-01-10support "sideload over ADB" modeDoug Zongker1-0/+32
Rather than depending on the existence of some place to store a file that is accessible to users on an an unbootable device (eg, a physical sdcard, external USB drive, etc.), add support for sideloading packages sent to the device with adb. This change adds a "minimal adbd" which supports nothing but receiving a package over adb (with the "adb sideload" command) and storing it to a fixed filename in the /tmp ramdisk, from where it can be verified and sideloaded in the usual way. This should be leave available even on locked user-build devices. The user can select "apply package from ADB" from the recovery menu, which starts minimal-adb mode (shutting down any real adbd that may be running). Once minimal-adb has received a package it exits (restarting real adbd if appropriate) and then verification and installation of the received package proceeds. Change-Id: I6fe13161ca064a98d06fa32104e1f432826582f5
2011-12-14mount cache before sideloading from external storageDoug Zongker1-0/+4
Some packages expect to find cache mounted, since it always is for "real" OTAs. Bug: 5739915 Change-Id: I7a7cdd88a60c61e4bc7dc3e1f99956f6487c42e1
2011-11-04move key processing to RecoveryUIDoug Zongker1-3/+1
Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so it can be used by devices without screens. Remove the UIParameters struct and replace it with some new member variables in ScreenRecoveryUI. Change-Id: I70094ecbc4acbf76ce44d5b5ec2036c36bdc3414
2011-11-01move key processing to RecoveryUIDoug Zongker1-3/+1
Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so it can be used by devices without screens. Remove the UIParameters struct and replace it with some new member variables in ScreenRecoveryUI. Change-Id: I4c0e659edcbedc0b9e86ed261ae4dbb3c6097414
2011-10-31C++ class for device-specific codeDoug Zongker1-36/+34
Replace the device-specific functions with a class. Move some of the key handling (for log visibility toggling and rebooting) into the UI class. Fix up the key handling so there is less crosstalk between the immediate keys and the queued keys (an increasing annoyance on button-limited devices). Change-Id: I698f6fd21c67a1e55429312a0484b6c393cad46f
2011-10-31refactor ui functions into a classDoug Zongker1-44/+51
Move all the functions in ui.c to be members of a ScreenRecoveryUI class, which is a subclass of an abstract RecoveryUI class. Recovery then creates a global singleton instance of this class and then invoke the methods to drive the UI. We use this to allow substitution of a different RecoveryUI implementation for devices with radically different form factors (eg, that don't have a screen). Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
2011-10-31C++ class for device-specific codeDoug Zongker1-36/+34
Replace the device-specific functions with a class. Move some of the key handling (for log visibility toggling and rebooting) into the UI class. Fix up the key handling so there is less crosstalk between the immediate keys and the queued keys (an increasing annoyance on button-limited devices). Change-Id: I8bdea6505da7974631bf3d9ac3ee308f8c0f76e1
2011-10-31turn recovery into a C++ binaryDoug Zongker1-37/+38
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555
2011-10-28turn recovery into a C++ binaryDoug Zongker1-825/+0
Change-Id: I68a67a4c8edec9a74463b3d4766005ce27b51316
2011-10-19allow recovery packages to wipe cacheDoug Zongker1-14/+44
updater now has a function "wipe_cache();" which causes recovery to wipe the cache partition after the successful installation of the package. Move log copying around a bit so logs and the last_install flag file are copied to cache after it's wiped. Bug: 5314244 Change-Id: Id35a9eb6dcd626c8f3a3a0076074f462ed3d44bd
2011-06-24Allow applying an OTA package manually from cache.Michael Ward1-9/+31
Change-Id: I8f78377555c658a992ca95cadf11b67ddc93fed8
2011-04-12save a last_install file with the result of the last package install attemptDoug Zongker1-1/+1
When installing a package, create /cache/recovery/last_install, which contains the filename of the package and a 1 or 0 for success or failure. Also, don't mount ext4 and vfat filesystems as read-only (on devices where /cache is ext4, we need it to be read-write). Change-Id: I0cf2a1921bbd65e06343aa74e2006577fac77c2c
2011-03-11Have recovery reboot using the new android_reboot() function.Ken Sumrall1-3/+2
The new android_reboot() function is a nicer way to reboot the system. I can optionally sync() and remount read-only writable filesystems. This fixes bug 3350709. Change-Id: Ic4c8676debd642e57bce3107b99dd810d90b6f82
2011-03-01make recovery UI images more general; allow for installation animationDoug Zongker1-0/+3
Change some of the UI parameters (# of indeterminate progress bar frames, fps, etc.) from #defined constants to variables that can be set by the device-specific recovery_ui code (via a new function). Support overlaying different images on top of the base installation icon to animate it. Make the FPS control more accurate. Change-Id: I9268b389b7ea6b3ed9e0c7eae37baf4272e60edd
2011-01-25make recovery reboot after 2 minutes of no activityDoug Zongker1-0/+10
If recovery sits for 2 minutes in prompt_and_wait(), and you've never turned the screen on via the magic keypress, go ahead and reboot. (We used to assume that the user could pull the battery to get out of this state, but on devices with nonremovable batteries...) If you've ever enabled display of the log/menu since recovery started, we assume you know what you're doing and will stay in recovery until you choose to reboot. Bug: 3387873 Bug: 3387274 Change-Id: I041621e5db132df9a925e6808845a7c45e1b427a
2011-01-18remove encrypted filesystem code from recoveryDoug Zongker1-63/+1
This was never used; encrypted filesystems are being done a different way now. Change-Id: I519c57b9be44d001f0b81516af7bfc252069892b
2010-11-01clear recovery framebuffers on allocation; display icon right after ui_initDoug Zongker1-0/+1
Make ui_init() clear the framebuffer memory it maps in so the user isn't treated to a visible flash of random bits on recovery startup. Call ui_set_background() (to show the installing icon) right after ui_init() to display something while device_recovery_start() is working (which can take a second or two on some devices). Bug: 3145331 Change-Id: I11e7859fab5847370ea4f4932c3fb1558af26c5d
2010-09-29save the log from recovery's last run in /cache/recovery/last_logDoug Zongker1-17/+40
Also, don't lose the start of the log whenever a wipe cache is performed. Change-Id: I29999762854eb36d1ff2bc20b4183c9077b19777
2010-09-22handle old-style CACHE: packagesDoug Zongker1-2/+18
Change-Id: I7bf52b56770c207ba1c8329243991b07ebb65779
2010-09-22mount sdcard only on demand; fix sideload installsDoug Zongker1-3/+6
Bug: 3009493 Change-Id: I1a7f99fc41a6a7012742e82f8c06a0c75584890a
2010-09-21remove the notion of "root path"; support mixed flash typesDoug Zongker1-76/+63
Remove the wacky notion of "roots" and "root paths" (those things that look like "FOO:some/path" instead of just "/foo/some/path"). Let each device specify its own table of available partitions and how to mount them (needed for devices that use both MTD/yaffs2 and EMMC/ext4 partitions). (Cherrypicked from gingerbread w/slight edits.) Change-Id: I2479ce76b13e73f1d12035c89386c3a82b3edf51
2010-09-21remove the notion of "root path"; support mixed flash types (do not merge)Doug Zongker1-76/+63
Remove the wacky notion of "roots" and "root paths" (those things that look like "FOO:some/path" instead of just "/foo/some/path"). Let each device specify its own table of available partitions and how to mount them (needed for devices that use both MTD/yaffs2 and EMMC/ext4 partitions). Change-Id: I18b0a572a71c5e087e0b7ae11b1774388339bfd1
2010-09-15support for ext4/EMMC filesystems in updater binaryDoug Zongker1-6/+6
Make the mount and format functions take extra parameters describing the filesystem type and add support for mounting and formatting ext4 filesystems on EMMC. Change recovery to consistently use stdout for status messages instead of mixing stdout and stderr.
2010-09-15(cherry-pick) support installing any .zip file on the sdcardDoug Zongker1-25/+140
Replaces the "install sdcard:update zip" menu option with one that displays a menu of zip files (and subdirs) on the sdcard and lets you pick which one to install. Change-Id: Icff541525f2fdfc8939a91af626ecc386ac9dd07
2010-09-03add --show_text option to recoveryDoug Zongker1-0/+2
Change-Id: Ie6c6c920260dfa759fbb15b1f352d6bb0fa7146c
2010-09-01Revert 21f0f97ebabb47adcbfe8d38b02685f2019b4eb3Ying Wang1-2/+1
Change-Id: I46e4d7fe76e4219207e46f19e50188e38bb932b7
2010-08-31Fix for crespo.Ying Wang1-1/+2
Change-Id: I008510bf614606a46a630c7adc39464ce1143ec3
2010-08-02don't go into file select menu when mounting external storage failsDoug Zongker1-1/+4
Change-Id: If0efeddc28e1dbb52d9e52abf53323e2cc97c8f0
2010-07-30generalize "install from sdcard" to "install from external storage"Doug Zongker1-4/+6
Allow sideloading of OTA packages from USB drives that appear as /dev/block/sda1. Change-Id: I1908576c24547cd0088475d8c8917699cd906868
2010-07-09make a copy of sideloaded packages in /tmp before verifyingDoug Zongker1-2/+112
Copy a sideloaded package into /tmp, then verify and install the copy, to prevent malicious users from overwriting the package between verification and install. Bug: 2826890 package can be replaced during verification Bug: 2058160 Recovery should copy sideloaded (sd card) update ... Change-Id: I3de148b0f1a671f1974782b6855527caeaefda23
2010-07-02support for ext4/EMMC filesystems in updater binaryDoug Zongker1-6/+6
Make the mount and format functions take extra parameters describing the filesystem type and add support for mounting and formatting ext4 filesystems on EMMC. Change recovery to consistently use stdout for status messages instead of mixing stdout and stderr.
2010-04-08support installing any .zip file on the sdcardDoug Zongker1-20/+140
Replaces the "install sdcard:update zip" menu option with one that displays a menu of zip files (and subdirs) on the sdcard and lets you pick which one to install. Change-Id: I85c94c0e9bc8e05ca52031fc29ca2624c2695ced
2010-04-02DO NOT MERGEOscar Montemayor1-18/+18
Encrypted File Systems integration. Recovery changes. Change-Id: I932f73a6f937aac061128e1134eab08c30f0471d
2010-03-27DO NOT MERGEOscar Montemayor1-43/+1
Removing unused recovey options. Please refer to Bug#2502219 for more info. Change-Id: I2fe3cdb0c8b93ed7e1cc4093824fbe181f5f0aea
2010-03-15Encrypted File Systems part 3. Recovery changes.Oscar Montemayor1-18/+18
Change-Id: I932f73a6f937aac061128e1134eab08c30f0471d
2010-02-03bump updater API version to 3; deprecate firmware update commandDoug Zongker1-10/+1
Remove support for the HTC-specific "firmware" update command and the corresponding edify function write_firmware_update(). This functionality is now done by an edify extension library that lives in vendor/htc. Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
2010-02-02change log recovery to generic device_recovery_start functionDoug Zongker1-3/+3
Remove (or at least stop calling) the HTC-specific mechanism for preserving the recovery log from before a radio or hboot update. Replace it with a generic device_recovery_start() function which each device's code can implement to do whatever it wants on recovery startup. Change-Id: If3cca4b498c0b1cf0565236404ecf56a1fc46123
2010-01-21save the recovery log from before HTC firmware updatesDoug Zongker1-1/+3
When doing a firmware (radio or hboot) update on HTC devices, save the recovery log in block 1 of the cache partition, before the firmware image and the UI bitmaps. When we boot back into recovery after the firmware update to reformat the cache partition, copy that log out of cache before reformatting it and dump it into the current invocation's log. The practical upshot of all this is that we can see the log output from radio and hboot updates. Change-Id: Ie0e89566754c88f4bed6a90d8a0aa04047b01a27
2009-12-10Recovery changes for Encrypted File Systems.Oscar Montemayor1-14/+71
This change enables/disables the Encrypted file systems feature. It reads some properties form the data partition, wipes the partition out, and then rewrites the proper properties again into the data partition to signal that encrypted FS are enabled.
2009-11-13eclair snapshotJean-Baptiste Queru1-94/+152
2009-10-06add terminator to recovery's getopt_long options arrayDoug Zongker1-0/+1
http://b/2170691 - recovery argument parsing is broken
2009-09-23confirm before wiping user data in recoveryDoug Zongker1-69/+107
When using the hidden menu to wipe data in recovery, confirm before starting the wipe. (This does not affect booting with the --wipe_data flag, or using Alt+W on dream with the menu hidden -- those still wipe data immediately.)
2009-08-25Not all failures to fopen_root_path() are serious.Jay Freeman (saurik)1-3/+6
Example: E:Can't open /cache/recovery/command.
2009-08-18do not merge: cherry-pick of c2d666bd4f6eb5f7a9f17b10435c161cb105b7c5 from masterDoug Zongker1-0/+10
2009-08-18Recovery: When updating from SD card, update can't resume automaticallyJared Suttles1-0/+10
after a power loss Submitted on behalf of Hong-Bin Wang <hong-binwang@motorola.com> Signed-off-by: Jared Suttles <jared.suttles@motorola.com>
2009-07-15remove amendDoug Zongker1-28/+1
Yank all the code to install OTA packages out of the recovery binary itself. Now packages are installed by a binary included in the package (run as a child of recovery), so we can make improvements in the installation process without waiting for a new release to use them.
2009-06-19add function for device-specific wipe data featuresDoug Zongker1-2/+7
Some devices want to do special things when recovery wipes data (eg, wipe data in their baseband processor as well). Add a hook in the device-specific recovery library that gets called when data is wiped. Also add an amend root for the "mbm" partition.
2009-06-18let the "firmware" command take the file straight from the packageDoug Zongker1-1/+2
To do a firmware-install-on-reboot, the update binary tells recovery what file to install before rebooting. Let this file be specified as "PACKAGE:<foo>" to indicate taking the file out of the OTA package, avoiding an extra copy to /tmp. Bump the API version number to reflect this change.
2009-06-11split out device-specific recovery UI code into vendor directoriesDoug Zongker1-42/+29
Take some device-specific details of the recovery UI (eg, what keys to press to bring up the interface and perform actions, exact text of the menu, etc.) and split them out into separate C functions. Arrange to take implementations of those functions from the appropriate vendor directory at build time. Provide a default implementation in case no vendor-specific one is available.
2009-06-03remove unused permissions scheme from amendDoug Zongker1-4/+0
Amend (aka the recovery command language) had a half-implemented scheme of limiting which commands OTA packages were allowed to execute. It's not clear what this was ever supposed to be good for. Remove it.
2009-05-29don't say "install complete" when it really isn'tDoug Zongker1-1/+6
Change the recovery UI so that when there is a hboot or radio update pending (which the user most do a home+back reboot to actually install), the UI tells them so, instead of saying "Install from sdcard complete."
2009-04-02AI 144101: am: CL 144070 Add an option to wipe cache (only) to the recovery menu.Doug Zongker1-0/+9
Original author: dougz Merged from: //branches/donutburger/... Automated import of CL 144101
2009-04-01AI 144070: Add an option to wipe cache (only) to the recovery menu.Doug Zongker1-0/+9
Automated import of CL 144070
2009-03-04auto import from //depot/cupcake/@135843The Android Open Source Project1-0/+471
2009-03-04auto import from //depot/cupcake/@135843The Android Open Source Project1-471/+0
2009-02-11auto import from //branches/cupcake/...@130745The Android Open Source Project1-23/+78
2009-01-10auto import from //branches/cupcake/...@125939The Android Open Source Project1-24/+79