| Commit message (Collapse) | Author | Files | Lines |
|
I think everything left now is here to stay (services.c might get
massaged in to libadbd if it gets refactored).
Bug: 17626262
Change-Id: I01faf8b277a601a40e3a0f4c3b8206c97f1d2ce6
|
|
The recovery system behaves a little bit differently on userdebug or
eng builds by presenting error reports to the user in the ui.
This is controlled by checking the build fingerprint for the string
:userdebug/ or :eng/. But with AOSP version numbers most AOSP
builds blows the 92 char limit of ro.build.fingerprint and therefore
the property is not set, so this condition will always be evaluated
to false, for most builds.
Instead of depending on the flaky ro.build.fingerprint this change
uses ro.debuggable.
Change-Id: I74bc00c655ac596aaf4b488ecea58f0a8de9c26b
|
|
Bug: 18642766
Change-Id: I95a6c8edf83513d421a041e79c15111b5c991dde
Signed-off-by: Patrick Tjin <pattjin@google.com>
|
|
Bug: 18642766
Change-Id: I6c8b7d8f9ffb688d3afdfe0d47c4142e711e421d
Signed-off-by: Patrick Tjin <pattjin@google.com>
|
|
Create a new recovery UI option to allow the user to view
/cache/recovery/last_log for their device. This gives enhanced
debugging information which may be necessary when a failed
OTA occurs.
Bug: 18094012
Change-Id: Ic3228de96e9bfc2a0141c7aab4ce392a38140cf3
|
|
This will help us track down who requested a data wipe.
Bug: 17412160
Change-Id: I1c439fbd29f96b9851810baca9101f683a0f18d8
|
|
We need to wipe the challenges on this partition
if OEM unlock is enabled, as this is a signal that
the user has opted out of factory reset protection.
go/factory-reset
Bug: 16633064
Change-Id: Icb8f1433bf99ca57813f5b72d5a3dd15fa94a263
|
|
Make a fuse filesystem that sits on top of the selected package file
on the sdcard, so we can verify that the file contents don't change
while being read and avoid copying the file to /tmp (that is, RAM)
before verifying and installing it.
Change-Id: Ifd982aa68bfe469eda5f839042648654bf7386a1
|
|
Drop support for sideloading OTA packages of the cache partition (a
half-solution that's long since been deprecated by "adb sideload").
Refactor the code to sideload OTA packages from SD cards: remove the
installation code from the file browser.
Change-Id: Id0dff6b27c4a5837546f174f50e2e1d0379c43db
|
|
Implement a new method of sideloading over ADB that does not require
the entire package to be held in RAM (useful for low-RAM devices and
devices using block OTA where we'd rather have more RAM available for
binary patching).
We communicate with the host using a new adb service called
"sideload-host", which makes the host act as a server, sending us
different parts of the package file on request.
We create a FUSE filesystem that creates a virtual file
"/sideload/package.zip" that is backed by the ADB connection -- users
see a normal file, but when they read from the file we're actually
fetching the data from the adb host. This file is then passed to the
verification and installation systems like any other.
To prevent a malicious adb host implementation from serving different
data to the verification and installation phases of sideloading, the
FUSE filesystem verifies that the contents of the file don't change
between reads -- every time we fetch a block from the host we compare
its hash to the previous hash for that block (if it was read before)
and cause the read to fail if it changes.
One necessary change is that the minadbd started by recovery in
sideload mode no longer drops its root privileges (they're needed to
mount the FUSE filesystem). We rely on SELinux enforcement to
restrict the set of things that can be accessed.
Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
|
|
Useful when debugging or developing for recovery.
Change-Id: Ic3ab42d5e848ad3488f1c575339b55e45c8a024b
|
|
The "--shutdown_after" option causes recovery to power down the device
on completion rather than rebooting.
Removes the last vestiges of the "--previous_runs" argument, which
doesn't seem to be used for anything.
Change-Id: I465eda2ef59d367e2b1c79a8dc69831263c69a4d
Conflicts:
recovery.cpp
|
|
The "--shutdown_after" option causes recovery to power down the device
on completion rather than rebooting.
Removes the last vestiges of the "--previous_runs" argument, which
doesn't seem to be used for anything.
Change-Id: I465eda2ef59d367e2b1c79a8dc69831263c69a4d
|
|
Reduce the number of copies of libpng boilerplate. Rename
res_create_* functions to be more clear. Make explicit the use of the
framebuffer pixel format for images, and handle more combinations of
input and output (eg, loading a grayscale image for display rather
than use as a text alpha channel).
Change-Id: I3d41c800a8f4c22b2f0167967ce6ee4d6b2b8846
|
|
Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
|
|
Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
|
|
Make recovery log its PID, and when we use a block map file, log how
many ranges it contains.
Change-Id: I1b4299f8163af68a770b48c029ae25e6cb45d26b
|
|
In order to support multi-stage recovery packages, we add the
set_stage() and get_stage() functions, which store a short string
somewhere it can be accessed across invocations of recovery. We also
add reboot_now() which updater can invoke to immediately reboot the
device, without doing normal recovery cleanup. (It can also choose
whether to boot off the boot or recovery partition.)
If the stage string is of the form "#/#", recovery's UI will be
augmented with a simple indicator of what stage you're in, so it
doesn't look like a reboot loop.
Change-Id: I62f7ff0bc802b549c9bcf3cc154a6bad99f94603
|
|
We need to set the system property to "reboot,", not an empty string.
Bug: 10605007
Change-Id: I776e0d273764cf254651ab2b25c2743395b990e0
|
|
We need to set the system property to "reboot,", not an empty string.
Bug: 10605007
Change-Id: I776e0d273764cf254651ab2b25c2743395b990e0
|
|
Change I84c0513acb549720cb0e8c9fcbda0050f5c396f5 moved reboot
functionality into init but did not update the recovery partition; so
"adb reboot" and /system/bin/reboot in recovery are both broken.
Change-Id: Ie2d14627a686ffb5064256b6c399723636dff116
|
|
When installing a package, we should have /tmp and /cache mounted and
nothing else. Ensure this is true by explicitly mounting them and
unmounting everything else as the first step of every install.
Also fix an error in the progress bar that crops up when you do
multiple package installs in one instance of recovery.
Change-Id: I4837ed707cb419ddd3d9f6188b6355ba1bcfe2b2
|
|
Recovery changes:
- add a method to the UI class that is called when a key is held down
long enough to be a "long press" (but before it is released).
Device-specific subclasses can override this to indicate a long
press.
- do color selection for ScreenRecoveryUI's menu-and-log drawing
function. Subclasses can override this to customize the colors they
use for various elements.
- Include the value of ro.build.display.id in the menu headers, so you
can see on the screen what version of recovery you are running.
Change-Id: I426a6daf892b9011638e2035aebfa2831d4f596d
|
|
When doing a cache wipe or a factory reset (which includes a cache
wipe), save any last* log files in the /cache/recovery directory and
write them back after reformatting the partition, so that wiping data
doesn't lose useful log information.
Change-Id: I1f52ae9131760b5e752e136645c19f71b7b166ee
|
|
Recovery currently has a random mix of messages printed to stdout and
messages printed to stderr, which can make logs hard to read. Move
everything to stdout.
Change-Id: Ie33bd4a9e1272e731302569cdec918e0534c48a6
|
|
Copy logs to /cache immediately upon a package installation failure;
don't wait for recovery to finish. (If the user reboots without
exiting recovery the "right" way, the logs never get copied at all.)
Change-Id: Iee342944e7ded63da5a4af33d11ebc876f6c0835
|
|
Extral newline can trigger recovery segmentation fault
Test case:
host$ adb shell 'echo -en "--update_package=ota_update.zip\n--show_text\n\n" > /cache/recovery/command'
host$ adb reboot recovery
Change-Id: If1781c1f5ad94a273f1cb122b67cedd9fb562433
Signed-off-by: Jin Feng <jin88.feng@gmail.com>
|
|
Extends the last_log mechanism to save logs from the last six
invocations of recovery, so that we're more likely to have useful logs
even if the device has repeatedly booted into recovery.
Change-Id: I08ae7a09553ada45f9e0733fe1e55e5a22efd9f9
|
|
Hopefully this will reduce the number of OTA "bugs" reported that are
really just someone having changed their system partition,
invalidating future incremental OTAs.
Also fixes a longstanding TODO about putting LOGE() output in the
on-screen display.
Change-Id: I44e5be65b2dee7ebce2cce28ccd920dc3d6e522e
|
|
Extends the last_log mechanism to save logs from the last six
invocations of recovery, so that we're more likely to have useful logs
even if the device has repeatedly booted into recovery.
Change-Id: I08ae7a09553ada45f9e0733fe1e55e5a22efd9f9
|
|
Hopefully this will reduce the number of OTA "bugs" reported that are
really just someone having changed their system partition,
invalidating future incremental OTAs.
Also fixes a longstanding TODO about putting LOGE() output in the
on-screen display.
Change-Id: I44e5be65b2dee7ebce2cce28ccd920dc3d6e522e
|
|
Get rid of the notion of a font's "ascent"; the reference point for
drawing is the top-left corner of the character box rather than the
baseline. Add some more space between the menu entries and make the
highlight bar around the text.
Replace the default font.png with two images; the build system will
include one or the other based on the resolutions of the device.
Restore the original compiled-in bitmap font, to fall back on when
font.png can't be found (eg, in the charger binary).
Add support for bold text (when a font.png image is used).
Change-Id: I6d211a486a3636f20208502b1cd2aeae8b9f5b02
|
|
Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
|
|
At load_locale_from_cache() function, LOCALE_FILE must get closed
after it is opened and used. Otherwise it causes a failure to
unmount "/cache" after load_locale_from_cache() function is called.
Change-Id: I9cec0f29a8ec4452c8a6a52e2f3c8ce9930d5372
Signed-off-by: Iliyan Malchev <malchev@google.com>
|
|
We need prompt_with_wait() to show either the ERROR or NO_COMMAND
state as appropriate.
Bug: 7221068
Change-Id: I191526cf12630d08b7a8250a2a81e724a4a5d972
|
|
Add images of text for all locales we support. Make the progress bar
fill the correct way for RTL languages. (Flip the direction the
spinner turns, too, just for good measure.)
Bug: 7064142
Change-Id: I5dddb26e02ee5275c57c4dc4a03c6d68432ac7ba
|
|
Add images of text for all locales we support. Make the progress bar
fill the correct way for RTL languages. (Flip the direction the
spinner turns, too, just for good measure.)
Bug: 7064142
Change-Id: I5dddb26e02ee5275c57c4dc4a03c6d68432ac7ba
|
|
- change locale filename to "last_locale" so the main system doesn't
delete it
- clean up some chatty logging
- update images with real German (other languages TBD)
Change-Id: I2ebb4ed4e054bd1808a3042d9efbb2c18f3a044d
|
|
Also make writing the locale a bit more robust.
Change-Id: I803dd0aa0b9d6661fad74ea13fb085682402323c
|
|
- recovery takes a --locale argument, which will be passed by the main
system
- the locale is saved in cache, in case the --locale argument is
missing (eg, when recovery is started from fastboot)
- we include images that have prerendered text for many locales
- we split the background states into four (installing update,
erasing, no command, error) so that appropriate text can be shown.
Change-Id: I731b8108e83d5ccc09a4aacfc1dbf7e86b397aaf
|
|
- add the --just_exit option to make recovery exit normally without doing anything
- make it possible to build updater extensions in C++
- add the clear_display command so that the updater binary can request
recovery switch to the NONE background UI
These are all used to support the notion of using OTA as a factory
reflash mechanism.
Change-Id: Ib00d1cbf540feff38f52a61a2cf198915b48488c
|
|
The contribution of SELinux things to AOSP had a call to the old
ui_print that merged cleanly. This changes that call into the newer
call so it will actually compile when enabled.
Change-Id: I8368e937219b01d0bef06007fa46302415256d07
|
|
Rather than depending on the existence of some place to store a file
that is accessible to users on an an unbootable device (eg, a physical
sdcard, external USB drive, etc.), add support for sideloading
packages sent to the device with adb.
This change adds a "minimal adbd" which supports nothing but receiving
a package over adb (with the "adb sideload" command) and storing it to
a fixed filename in the /tmp ramdisk, from where it can be verified
and sideloaded in the usual way. This should be leave available even
on locked user-build devices.
The user can select "apply package from ADB" from the recovery menu,
which starts minimal-adb mode (shutting down any real adbd that may be
running). Once minimal-adb has received a package it exits
(restarting real adbd if appropriate) and then verification and
installation of the received package proceeds.
always initialize usb product, vendor, etc. for adb in recovery
Set these values even on non-debuggable builds, so that the mini-adb
now in recovery can work.
|
|
Rather than depending on the existence of some place to store a file
that is accessible to users on an an unbootable device (eg, a physical
sdcard, external USB drive, etc.), add support for sideloading
packages sent to the device with adb.
This change adds a "minimal adbd" which supports nothing but receiving
a package over adb (with the "adb sideload" command) and storing it to
a fixed filename in the /tmp ramdisk, from where it can be verified
and sideloaded in the usual way. This should be leave available even
on locked user-build devices.
The user can select "apply package from ADB" from the recovery menu,
which starts minimal-adb mode (shutting down any real adbd that may be
running). Once minimal-adb has received a package it exits
(restarting real adbd if appropriate) and then verification and
installation of the received package proceeds.
Change-Id: I6fe13161ca064a98d06fa32104e1f432826582f5
|
|
Some packages expect to find cache mounted, since it always is for
"real" OTAs.
Bug: 5739915
Change-Id: I7a7cdd88a60c61e4bc7dc3e1f99956f6487c42e1
|
|
Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so
it can be used by devices without screens. Remove the UIParameters
struct and replace it with some new member variables in
ScreenRecoveryUI.
Change-Id: I70094ecbc4acbf76ce44d5b5ec2036c36bdc3414
|
|
Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so
it can be used by devices without screens. Remove the UIParameters
struct and replace it with some new member variables in
ScreenRecoveryUI.
Change-Id: I4c0e659edcbedc0b9e86ed261ae4dbb3c6097414
|
|
Replace the device-specific functions with a class. Move some of the
key handling (for log visibility toggling and rebooting) into the UI
class. Fix up the key handling so there is less crosstalk between the
immediate keys and the queued keys (an increasing annoyance on
button-limited devices).
Change-Id: I698f6fd21c67a1e55429312a0484b6c393cad46f
|
|
Move all the functions in ui.c to be members of a ScreenRecoveryUI
class, which is a subclass of an abstract RecoveryUI class. Recovery
then creates a global singleton instance of this class and then invoke
the methods to drive the UI. We use this to allow substitution of a
different RecoveryUI implementation for devices with radically
different form factors (eg, that don't have a screen).
Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
|
|
Replace the device-specific functions with a class. Move some of the
key handling (for log visibility toggling and rebooting) into the UI
class. Fix up the key handling so there is less crosstalk between the
immediate keys and the queued keys (an increasing annoyance on
button-limited devices).
Change-Id: I8bdea6505da7974631bf3d9ac3ee308f8c0f76e1
|
|
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555
|
|
Change-Id: I68a67a4c8edec9a74463b3d4766005ce27b51316
|
|
updater now has a function "wipe_cache();" which causes recovery to
wipe the cache partition after the successful installation of the
package. Move log copying around a bit so logs and the last_install
flag file are copied to cache after it's wiped.
Bug: 5314244
Change-Id: Id35a9eb6dcd626c8f3a3a0076074f462ed3d44bd
|
|
Change-Id: I8f78377555c658a992ca95cadf11b67ddc93fed8
|
|
When installing a package, create /cache/recovery/last_install, which
contains the filename of the package and a 1 or 0 for success or
failure.
Also, don't mount ext4 and vfat filesystems as read-only (on devices
where /cache is ext4, we need it to be read-write).
Change-Id: I0cf2a1921bbd65e06343aa74e2006577fac77c2c
|
|
The new android_reboot() function is a nicer way to reboot the
system. I can optionally sync() and remount read-only writable
filesystems. This fixes bug 3350709.
Change-Id: Ic4c8676debd642e57bce3107b99dd810d90b6f82
|
|
Change some of the UI parameters (# of indeterminate progress bar
frames, fps, etc.) from #defined constants to variables that can be
set by the device-specific recovery_ui code (via a new function).
Support overlaying different images on top of the base installation
icon to animate it. Make the FPS control more accurate.
Change-Id: I9268b389b7ea6b3ed9e0c7eae37baf4272e60edd
|
|
If recovery sits for 2 minutes in prompt_and_wait(), and you've never
turned the screen on via the magic keypress, go ahead and reboot. (We
used to assume that the user could pull the battery to get out of this
state, but on devices with nonremovable batteries...)
If you've ever enabled display of the log/menu since recovery started,
we assume you know what you're doing and will stay in recovery until
you choose to reboot.
Bug: 3387873
Bug: 3387274
Change-Id: I041621e5db132df9a925e6808845a7c45e1b427a
|
|
This was never used; encrypted filesystems are being done a different
way now.
Change-Id: I519c57b9be44d001f0b81516af7bfc252069892b
|
|
Make ui_init() clear the framebuffer memory it maps in so the user
isn't treated to a visible flash of random bits on recovery startup.
Call ui_set_background() (to show the installing icon) right after
ui_init() to display something while device_recovery_start() is
working (which can take a second or two on some devices).
Bug: 3145331
Change-Id: I11e7859fab5847370ea4f4932c3fb1558af26c5d
|
|
Also, don't lose the start of the log whenever a wipe cache is
performed.
Change-Id: I29999762854eb36d1ff2bc20b4183c9077b19777
|
|
Change-Id: I7bf52b56770c207ba1c8329243991b07ebb65779
|
|
Bug: 3009493
Change-Id: I1a7f99fc41a6a7012742e82f8c06a0c75584890a
|
|
Remove the wacky notion of "roots" and "root paths" (those things that
look like "FOO:some/path" instead of just "/foo/some/path"). Let each
device specify its own table of available partitions and how to mount
them (needed for devices that use both MTD/yaffs2 and EMMC/ext4
partitions).
(Cherrypicked from gingerbread w/slight edits.)
Change-Id: I2479ce76b13e73f1d12035c89386c3a82b3edf51
|
|
Remove the wacky notion of "roots" and "root paths" (those things that
look like "FOO:some/path" instead of just "/foo/some/path"). Let each
device specify its own table of available partitions and how to mount
them (needed for devices that use both MTD/yaffs2 and EMMC/ext4
partitions).
Change-Id: I18b0a572a71c5e087e0b7ae11b1774388339bfd1
|
|
Make the mount and format functions take extra parameters describing
the filesystem type and add support for mounting and formatting ext4
filesystems on EMMC.
Change recovery to consistently use stdout for status messages instead
of mixing stdout and stderr.
|
|
Replaces the "install sdcard:update zip" menu option with one that
displays a menu of zip files (and subdirs) on the sdcard and lets you
pick which one to install.
Change-Id: Icff541525f2fdfc8939a91af626ecc386ac9dd07
|
|
Change-Id: Ie6c6c920260dfa759fbb15b1f352d6bb0fa7146c
|
|
Change-Id: I46e4d7fe76e4219207e46f19e50188e38bb932b7
|
|
Change-Id: I008510bf614606a46a630c7adc39464ce1143ec3
|
|
Change-Id: If0efeddc28e1dbb52d9e52abf53323e2cc97c8f0
|
|
Allow sideloading of OTA packages from USB drives that appear as
/dev/block/sda1.
Change-Id: I1908576c24547cd0088475d8c8917699cd906868
|
|
Copy a sideloaded package into /tmp, then verify and install the copy,
to prevent malicious users from overwriting the package between
verification and install.
Bug: 2826890 package can be replaced during verification
Bug: 2058160 Recovery should copy sideloaded (sd card) update ...
Change-Id: I3de148b0f1a671f1974782b6855527caeaefda23
|
|
Make the mount and format functions take extra parameters describing
the filesystem type and add support for mounting and formatting ext4
filesystems on EMMC.
Change recovery to consistently use stdout for status messages instead
of mixing stdout and stderr.
|
|
Replaces the "install sdcard:update zip" menu option with one that
displays a menu of zip files (and subdirs) on the sdcard and lets you
pick which one to install.
Change-Id: I85c94c0e9bc8e05ca52031fc29ca2624c2695ced
|
|
Encrypted File Systems integration. Recovery changes.
Change-Id: I932f73a6f937aac061128e1134eab08c30f0471d
|
|
Removing unused recovey options.
Please refer to Bug#2502219 for more info.
Change-Id: I2fe3cdb0c8b93ed7e1cc4093824fbe181f5f0aea
|
|
Change-Id: I932f73a6f937aac061128e1134eab08c30f0471d
|
|
Remove support for the HTC-specific "firmware" update command and the
corresponding edify function write_firmware_update(). This
functionality is now done by an edify extension library that lives in
vendor/htc.
Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
|
|
Remove (or at least stop calling) the HTC-specific mechanism for
preserving the recovery log from before a radio or hboot update.
Replace it with a generic device_recovery_start() function which each
device's code can implement to do whatever it wants on recovery
startup.
Change-Id: If3cca4b498c0b1cf0565236404ecf56a1fc46123
|
|
When doing a firmware (radio or hboot) update on HTC devices, save the
recovery log in block 1 of the cache partition, before the firmware
image and the UI bitmaps. When we boot back into recovery after the
firmware update to reformat the cache partition, copy that log out of
cache before reformatting it and dump it into the current invocation's
log.
The practical upshot of all this is that we can see the log output
from radio and hboot updates.
Change-Id: Ie0e89566754c88f4bed6a90d8a0aa04047b01a27
|
|
This change enables/disables the Encrypted file systems feature. It reads some properties form the data partition, wipes the partition out, and then rewrites the proper properties again into the data partition to signal that encrypted FS are enabled.
|
|
|
|
http://b/2170691 - recovery argument parsing is broken
|
|
When using the hidden menu to wipe data in recovery, confirm before
starting the wipe. (This does not affect booting with the --wipe_data
flag, or using Alt+W on dream with the menu hidden -- those still wipe
data immediately.)
|
|
Example: E:Can't open /cache/recovery/command.
|
|
|
|
after a power loss
Submitted on behalf of Hong-Bin Wang <hong-binwang@motorola.com>
Signed-off-by: Jared Suttles <jared.suttles@motorola.com>
|
|
Yank all the code to install OTA packages out of the recovery binary
itself. Now packages are installed by a binary included in the
package (run as a child of recovery), so we can make improvements in
the installation process without waiting for a new release to use
them.
|
|
Some devices want to do special things when recovery wipes data (eg,
wipe data in their baseband processor as well). Add a hook in the
device-specific recovery library that gets called when data is wiped.
Also add an amend root for the "mbm" partition.
|
|
To do a firmware-install-on-reboot, the update binary tells recovery
what file to install before rebooting. Let this file be specified as
"PACKAGE:<foo>" to indicate taking the file out of the OTA package,
avoiding an extra copy to /tmp. Bump the API version number to
reflect this change.
|
|
Take some device-specific details of the recovery UI (eg, what keys to
press to bring up the interface and perform actions, exact text of the
menu, etc.) and split them out into separate C functions. Arrange to
take implementations of those functions from the appropriate vendor
directory at build time. Provide a default implementation in case no
vendor-specific one is available.
|
|
Amend (aka the recovery command language) had a half-implemented
scheme of limiting which commands OTA packages were allowed to
execute. It's not clear what this was ever supposed to be good for.
Remove it.
|
|
Change the recovery UI so that when there is a hboot or radio update
pending (which the user most do a home+back reboot to actually
install), the UI tells them so, instead of saying "Install from sdcard
complete."
|
|
Original author: dougz
Merged from: //branches/donutburger/...
Automated import of CL 144101
|
|
Automated import of CL 144070
|
|
|
|
|
|
|
|
|