aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Use more aggressive sync writing to applypatch.Michael Runge2014-10-291-8/+36
| | | | | | | | | | We have seen cases where the boot partition is patched, but upon recovery the partition appears to be corrupted. Open up all patched files/partitions with O_SYNC, and do not ignore the errors from fsync/close operations. Bug: 18170529 Change-Id: I392ad0a321d937c4ad02eaeea9170be384a4744b
* Force sync files written by minzip.Michael Runge2014-10-281-2/+8
| | | | | | | Some files appear to be missing their sync to disk. Bug: 18145574 Change-Id: Ic858624a4dd65bbfc54d30f3a13c607078270345
* Log mount/unmount errors to UIMichael Runge2014-10-241-5/+9
| | | | | Bug: 18092022 Change-Id: I6c42038ebeb1cfc1e7ca0d3e12310fdce1b990b0
* unconditionally apply SELinux labels to symlinksNick Kralevich2014-10-231-10/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | At the end of the OTA script, we walk through /system, updating all the permissions on the filesystem, including the UID, GID, standard UNIX permissions, capabilities, and SELinux labels. In the case of a symbolic link, however, we want to skip most of those operations. The UID, GID, UNIX permissions, and capabilities don't meaningfully apply to symbolic links. However, that's not true with SELinux labels. The SELinux label on a symbolic link is important. We need to make sure the label on the symbolic link is always updated, even if none of the other attributes are updated. This change unconditionally updates the SELinux label on the symbolic link itself. lsetfilecon() is used, so that the link itself is updated, not what it's pointing to. In addition, drop the ENOTSUP special case. SELinux has been a requirement since Android 4.4. Running without filesystem extended attributes is no longer supported, and we shouldn't even try to handle non-SELinux updates anymore. (Note: this could be problematic if these scripts are ever used to produce OTA images for 4.2 devices) Bug: 18079773 Change-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91
* Allow passing of mount args to mountFnMichael Runge2014-10-231-5/+18
| | | | | | | Bug: 18079773 Bug: 18092222 Change-Id: Ifc3f3e123de729dfbb2f49414b3207afa96268d5
* Merge "Log to UI any metadata setting errors" into lmp-devBrian Carlstrom2014-10-231-34/+50
|\
| * Log to UI any metadata setting errorsMichael Runge2014-10-231-34/+50
| | | | | | | | | | Bug: 18079773 Change-Id: Ic6fddbcbcb6ddb9e1cbd1698df98387c0033ae15
* | Merge "Make /cache/recovery/last_log available in recovery" into lmp-devNick Kralevich2014-10-233-5/+76
|\ \
| * | Make /cache/recovery/last_log available in recoveryNick Kralevich2014-10-223-5/+76
| |/ | | | | | | | | | | | | | | | | | | Create a new recovery UI option to allow the user to view /cache/recovery/last_log for their device. This gives enhanced debugging information which may be necessary when a failed OTA occurs. Bug: 18094012 Change-Id: Ic3228de96e9bfc2a0141c7aab4ce392a38140cf3
* | Treat already-renamed files as having no problems.Michael Runge2014-10-231-0/+3
|/ | | | | | | | This should help with reentrant OTAs. Bug: 18079773 Change-Id: I102fd738e3b450483ecd4471384c12e89fc586e2
* Include reason when wiping data.Jeff Sharkey2014-09-241-0/+4
| | | | | | | This will help us track down who requested a data wipe. Bug: 17412160 Change-Id: I1c439fbd29f96b9851810baca9101f683a0f18d8
* create block map for all update packages on /dataDoug Zongker2014-09-051-12/+9
| | | | | | | | Always create the block map for packages on /data; don't only look at the encryptable/encrypted flags. Bug: 17395453 Change-Id: Iaa7643a32898328277841e324305b9419a9e071c
* Merge "fix comment in blockimg updater code" into lmp-devDoug Zongker2014-09-041-3/+3
|\
| * fix comment in blockimg updater codeDoug Zongker2014-09-041-3/+3
| | | | | | | | | | | | The comment for the DEBUG_ERASE setting is exactly backwards. Change-Id: I98ab5828365894217fc78976817a131e7d22d5c1
* | use lseek64 instead of lseekAndrew Boie2014-09-041-11/+11
|/ | | | | | | | Otherwise, overflow problems can occur with images larger than 2G since the offsets will overflow a 32-bit off_t. Change-Id: I05951a38ebeae83ad2cb938594e8d8adb323e2aa Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* remove code for original block OTA mechanismDoug Zongker2014-08-262-209/+6
| | | | | | | Superseded by newer code. Bug: 16984795 Change-Id: I842299f6a02af7ccf51ef2ca174d813ca53deef1
* open misc device in write-only modeDoug Zongker2014-08-262-19/+27
| | | | | | | | | | Opening the misc block device in read-write mode runs afoul of SELinux, which keeps the wipe code from working. Fix. Also change various things to log to logcat so we can see them happening, for future debugging. Bug: 16715412 Change-Id: Ia14066f0a371cd605fcb544547b58a41acca70b9
* fix two bugs in block image updaterDoug Zongker2014-08-211-18/+32
| | | | | | | | | The computation of file offsets was overflowing for partitions larger than 2 GB. The parsing of the transfer file could fail at the end if the data happened to not be properly null-terminated. Bug: 16984795 Change-Id: I3ce6eb3e54ab7b55aa9bbed252da5a7eacd3317a
* installer for new block OTA systemDoug Zongker2014-08-1910-10/+669
| | | | | | | (Cherry-pick back from master.) Bug: 16984795 Change-Id: Ifa3d8345c5e2a0be86fb28faa080ca82592a96b4
* clear BCB in misc partition before rebootingDoug Zongker2014-08-181-3/+43
| | | | | | | | | | | Something is leaving behind wipe commands in the BCB area of the /misc partition. We don't know what is doing that. It should always be safe to zero out that area from uncrypt, though (because if uncrypt is running then it's got the command we want in the recovery command file rather than the BCB). Bug: 16715412 Change-Id: Iad01124287f13b80ff71d6371db6371f43c43211
* revert uncrypt back to dynamic linking, fix libsDoug Zongker2014-08-141-6/+1
| | | | | Bug: 17029174, 17015157 Change-Id: I1d24f3402875dfb972daa6daef0f385baeff84e9
* change uncrypt to static linkingDoug Zongker2014-08-141-0/+2
| | | | | Bug: 17015157 Change-Id: I3c4bdcf4f11d44b617bb731a48413e3707044d1c
* Merge "Erase PST partition if its marked to be erased." into lmp-devAndres Morales2014-08-053-0/+44
|\
| * Erase PST partition if its marked to be erased.Andres Morales2014-08-063-0/+44
| | | | | | | | | | | | | | | | | | | | | | We need to wipe the challenges on this partition if OEM unlock is enabled, as this is a signal that the user has opted out of factory reset protection. go/factory-reset Bug: 16633064 Change-Id: Icb8f1433bf99ca57813f5b72d5a3dd15fa94a263
* | remove spurious parens from error messageDoug Zongker2014-08-061-4/+3
| | | | | | | | | | | | | | | | These error messages include empty parens after each string substition. Ill-advised cut and paste, probably. Bug: 16467401 Change-Id: Ib623172d6228354afdcc2e33442cc53a07f0ecbc
* | Fix length printing + formatsJP Abgrall2014-08-041-3/+3
| | | | | | | | | | | | | | | | | | Fix wrong argument order. Fix for 32 vs 64 bit. (reported by htc) Change-Id: Ie37a280bed2848199bcc075500e1326e371cd326
* | only do uncryption on packages in /dataDoug Zongker2014-07-311-1/+1
|/ | | | | | | If recovery is invoked with a package somewhere other than /data, leave it alone. Change-Id: Ief358b53df467ae24a65e30e7a631da59bf13683
* Auto create parent directories for rename supportMichael Runge2014-07-212-3/+7
| | | | | | | | | Sometimes renames will move a file into a directory that does not yet exist. This will create the parent directories, using the same symlink logic, to ensure that there is a valid destination. Change-Id: Iaa005a12ce800c39f4db20f7c25a2a68cb40a52d
* do sdcard sideloading through the fuse filesystemDoug Zongker2014-07-104-102/+175
| | | | | | | | | Make a fuse filesystem that sits on top of the selected package file on the sdcard, so we can verify that the file contents don't change while being read and avoid copying the file to /tmp (that is, RAM) before verifying and installing it. Change-Id: Ifd982aa68bfe469eda5f839042648654bf7386a1
* refactor fuse sideloading codeDoug Zongker2014-07-109-43/+152
| | | | | | | | | Split the adb-specific portions (fetching a block from the adb host and closing the connections) out from the rest of the FUSE filesystem code, so that we can reuse the fuse stuff for installing off sdcards as well. Change-Id: I0ba385fd35999c5f5cad27842bc82024a264dd14
* drop APPLY_CACHE and refactor APPLY_EXTDoug Zongker2014-07-082-64/+47
| | | | | | | | | Drop support for sideloading OTA packages of the cache partition (a half-solution that's long since been deprecated by "adb sideload"). Refactor the code to sideload OTA packages from SD cards: remove the installation code from the file browser. Change-Id: Id0dff6b27c4a5837546f174f50e2e1d0379c43db
* sideload without holding the whole package in RAMDoug Zongker2014-07-0211-71/+618
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a new method of sideloading over ADB that does not require the entire package to be held in RAM (useful for low-RAM devices and devices using block OTA where we'd rather have more RAM available for binary patching). We communicate with the host using a new adb service called "sideload-host", which makes the host act as a server, sending us different parts of the package file on request. We create a FUSE filesystem that creates a virtual file "/sideload/package.zip" that is backed by the ADB connection -- users see a normal file, but when they read from the file we're actually fetching the data from the adb host. This file is then passed to the verification and installation systems like any other. To prevent a malicious adb host implementation from serving different data to the verification and installation phases of sideloading, the FUSE filesystem verifies that the contents of the file don't change between reads -- every time we fetch a block from the host we compare its hash to the previous hash for that block (if it was read before) and cause the read to fail if it changes. One necessary change is that the minadbd started by recovery in sideload mode no longer drops its root privileges (they're needed to mount the FUSE filesystem). We rely on SELinux enforcement to restrict the set of things that can be accessed. Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
* am 3e0fc39e: am 974fe112: Merge "Fix recovery mode."Riley Andrews2014-06-251-1/+19
|\ | | | | | | | | * commit '3e0fc39ec27c0ed96ffd2a617f1841fe3bf3c8f6': Fix recovery mode.
| * am 974fe112: Merge "Fix recovery mode."Riley Andrews2014-06-251-1/+19
| |\ | | | | | | | | | | | | * commit '974fe112ae6df95ca6d49688d6e3e459d87e16de': Fix recovery mode.
| | * Merge "Fix recovery mode."Riley Andrews2014-06-241-1/+19
| | |\
| | | * Fix recovery mode.Riley Andrews2014-06-241-1/+19
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | Duplicate changes made to init.rc for https://android-review.googlesource.com/98852 in the init.rc used for recovery mode. Bug 15849856 Change-Id: Ia376ddf6373a28718653f7fb1435bf7ecb33d813
* | | recovery: enable panic_on_oopsColin Cross2014-06-241-0/+2
| | | | | | | | | | | | | | | | | | Set panic_on_oops=1 to reboot if the kernel panics. Change-Id: Id9e8689a570229db2ea2a3d72b52784f8a1ed107
* | | Use LOCAL_REQUIRED_MODULES for mkfs.f2fsJi-Hwan Lee2014-06-181-5/+3
| | | | | | | | | | | | | | | | | | Instead of LOCAL_ADDITIONAL_DEPENDENCIES. Bug: 15702524 Change-Id: Ic152ae60354bf09eccdb9a85dcd04f0f076a6422
* | | Support F2FS for the data partitionJP Abgrall2014-06-163-15/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds F2FS support - for wiping a device - for the install "format" command. Note: crypto data in "footer" with a default/negative length is not supported, unlike with "ext4". Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870 Signed-off-by: JP Abgrall <jpa@google.com>
* | | minui: avoid random screen frame at startupJoey Pan2014-06-121-0/+2
| | | | | | | | | | | | | | | | | | | | | Clear framebuffer at init. [toddpoynor@google.com: forward port] Change-Id: Ie98c7724cd974dcacef3e3559a6fe492864a5e72
* | | advance progress bar during block OTA installationsDoug Zongker2014-06-091-2/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | While executing syspatch and package_extract_file() calls with don't care maps (both of which are used to rewrite the system image in incremental and full block OTAs, respectively), pass a progress callback in and use it to update the visible progress bar. Change-Id: I1d3742d167c1bb2130571eb5103b7795c65ff371
* | | am dff8afe1: (-s ours) restore holo UI in recovery -- DO NOT MERGEDoug Zongker2014-06-060-0/+0
|\ \ \ | | | | | | | | | | | | | | | | * commit 'dff8afe1b21c6ffe09269434f9f8f0d166e1a848': restore holo UI in recovery -- DO NOT MERGE
| * | | restore holo UI in recovery -- DO NOT MERGEDoug Zongker2014-06-0312-16/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we don't have quantum assets for recovery yet, go back to the holo appearance (dark background, blue glowing progress bar) for lmp-preview. Change-Id: Id4d3f23e0a6251a12aa42f3793cff347f38b4243
* | | | Merge "restore holo UI in recovery"Doug Zongker2014-06-0612-16/+16
|\ \ \ \
| * | | | restore holo UI in recoveryDoug Zongker2014-06-0612-16/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Return to the recovery to the holo appearance. Bug: 15424396 Change-Id: Id4d3f23e0a6251a12aa42f3793cff347f38b4243
* | | | | am 54a61179: am cfd4b286: Merge "recovery: initialize keys press tracking ↵Doug Zongker2014-06-061-0/+1
|\ \ \ \ \ | |/ / / / |/| | / / | | |/ / | |/| | | | | | | | | | status" * commit '54a6117935fe7470d23f7a538aeec9d6b139791b': recovery: initialize keys press tracking status
| * | | am cfd4b286: Merge "recovery: initialize keys press tracking status"Doug Zongker2014-06-061-0/+1
| |\ \ \ | | | |/ | | |/| | | | | | | | | * commit 'cfd4b2864534f062a01730d81b2cd7e054087e8f': recovery: initialize keys press tracking status
| | * | Merge "recovery: initialize keys press tracking status"Doug Zongker2014-06-061-0/+1
| | |\ \
| | | * | recovery: initialize keys press tracking statusMihai Serban2014-06-061-0/+1
| | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Checks for keys pressed return random results because of an uninitialized data structure. Change-Id: Ic8b3d453d62347921aa893403079b374c16a092e Signed-off-by: Mihai Serban <mihai.serban@intel.com>
* | | | disable async reboot during package installationDoug Zongker2014-05-234-4/+47
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | The default recovery UI will reboot the device when the power key is pressed 7 times in a row, regardless of what recovery is doing. Disable this feature during package installation, to minimize the chance of corrupting the device due to a mid-install reboot. (Debug packages can explicitly request that the feature be reenabled.) Change-Id: I20f3ec240ecd344615d452005ff26d8dd7775acf
generated by cgit v1.1 at 2024-06-27 23:55:06 +0000