| Commit message (Collapse) | Author | Files | Lines |
|
Added SPDX-license-identifier-Apache-2.0 to:
applypatch/Android.bp
bootloader_message/Android.bp
edify/Android.bp
fuse_sideload/Android.bp
install/Android.bp
minadbd/Android.bp
minui/Android.bp
otautil/Android.bp
recovery_ui/Android.bp
recovery_utils/Android.bp
tests/Android.bp
tools/image_generator/Android.bp
tools/recovery_l10n/Android.bp
uncrypt/Android.bp
update_verifier/Android.bp
updater/Android.bp
updater/Android.mk
updater_sample/Android.bp
updater_sample/tests/Android.bp
Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-MIT
SPDX-license-identifier-OFL
to:
Android.bp
Android.mk
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: I3da761b525452838977297f773974000d4de7bd6
|
|
Revert submission 1433573-vab-libsnapshot-linkage
Reason for revert: b/169981170, update crash for droidfooders.
Reverted Changes:
Ie75bba98c:Link to libsnapshot_cow where libsnapshot is linke...
Ieedfadc55:libsnapshot: Partially implement OpenSnapshotWrite...
I28a5d4a88:Link to libsnapshot_cow everywhere libsnapshot is ...
Change-Id: I8c774ca4a8dec21dd308694bb8205861a19c3e12
|
|
Bug: 168554689
Test: recovery builds
Change-Id: I28a5d4a88914b10db1ca8298947afc2314a9ae8a
|
|
libsnapshot_nobinder uses update_metadata-protos. This
used to be optimized out, but now that SnapshotManager is
virtual, CreateUpdateSnapshots can no longer be optimized
out.
Bug: 148956645
Test: compiles
Change-Id: Iab1c9d92de2e558c73cf7da736c543b2ac8c0aa5
|
|
The non-A/B package installation is subject to TOC/TOU flaw if the
attacker can switch the package in the middle of installation. And the
most pratical case is to store the package on an external device, e.g. a
sdcard, and swap the device in the middle.
To prevent that, we can adopt the same protection as used in sideloading
a package with FUSE. Specifically, when we install the package with FUSE,
we read the entire package to cryptographically verify its signature.
The hash for each transfer block is recorded in the memory (TOC), and
the subsequent reads (TOU) will be rejected upon dectecting a mismatch.
This CL forces the package installation with FUSE when the package stays
on a removable media.
Bug: 136498130
Test: Run bin/recovery --update_package with various paths;
and packages are installed from FUSE as expected
Test: recovery_unit_test - no new failures
Change-Id: Ia5afd19854c3737110339fd59491b96708926ae5
Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
|
|
This reverts commit 5e6c4e9a91674826bf11cab604250b41a9326fd8.
Reason for revert: BUG: 149432069 - build failure on git_qt-qpr1-dev-plus-aosp on docs. 'otautil/roots.h' file not found is the error.
Forrest run: https://android-build.googleplex.com/builds/forrest/run/L85900000460577420
Change-Id: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
|
|
This code is dead. It was briefly used to support "adb remount" with
deduplicated partitions, but was very quickly obsoleted by overlayfs
support. There is no reason to include it anymore.
Bug: N/A
Test: N/A
Change-Id: I4cdcbf66bec80092f954826eaae037934ff37765
|
|
The non-A/B package installation is subject to TOC/TOU flaw if the
attacker can switch the package in the middle of installation. And the
most pratical case is to store the package on an external device, e.g. a
sdcard, and swap the device in the middle.
To prevent that, we can adopt the same protection as used in sideloading
a package with FUSE. Specifically, when we install the package with FUSE,
we read the entire package to cryptographically verify its signature.
The hash for each transfer block is recorded in the memory (TOC), and
the subsequent reads (TOU) will be rejected upon dectecting a mismatch.
This CL forces the package installation with FUSE when the package stays
on a removable media.
Bug: 136498130
Test: Run bin/recovery --update_package with various paths;
and packages are installed from FUSE as expected
Test: recovery_component_test - all passing
Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
Merged-In: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
|
|
The non-A/B package installation is subject to TOC/TOU flaw if the
attacker can switch the package in the middle of installation. And the
most pratical case is to store the package on an external device, e.g. a
sdcard, and swap the device in the middle.
To prevent that, we can adopt the same protection as used in sideloading
a package with FUSE. Specifically, when we install the package with FUSE,
we read the entire package to cryptographically verify its signature.
The hash for each transfer block is recorded in the memory (TOC), and
the subsequent reads (TOU) will be rejected upon dectecting a mismatch.
This CL forces the package installation with FUSE when the package stays
on a removable media.
Bug: 136498130
Test: Run bin/recovery --update_package with various paths;
and packages are installed from FUSE as expected
Test: recovery_component_test - all passing
Merged-In: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
|
|
This is part of the effort to remove libmetricslogger in platform.
Remove the reporting since the status from non-A/B update is less
important to us. Plus the gmscore already has a copy of the logic
to parse the contents from last_install and report non-A/B metrics
to the clearcut log.
bug: 147776349
Test: build
Change-Id: I4fc5d58fb616edb3eb1edadf4614d3eca15c7ce1
|
|
After an OTA is applied, a wipe in recovery may overwrite components of
dynamic partitions living in userdata. If the OTA has not yet begun
merging, we mark the current slot unbootable. If the OTA has begun
merging, we wait for the merge to complete. This logic is encapsulated
in libsnapshot.
Bug: 139156011
Test: manual test
Change-Id: Id6544a1b8583afcbba11559d46214ec2e68ffa40
|
|
There is no reason for these scripts to continue to exist in /, when
they are better suited for /system/etc. There are problems keeping
them at / as well, particularly that they cannot be updated with
overlayfs.
Bug: 131087886
Bug: 140313207
Test: build/boot + boot to recovery
Merged-In: I1fb6690d4302a1884d8521c21a9754b2ca710d5a
Change-Id: I1fb6690d4302a1884d8521c21a9754b2ca710d5a
|
|
There is no reason for these scripts to continue to exist in /, when
they are better suited for /system/etc. There are problems keeping
them at / as well, particularly that they cannot be updated with
overlayfs.
Bug: 131087886
Bug: 140313207
Test: build/boot + boot to recovery
Merged-In: I1fb6690d4302a1884d8521c21a9754b2ca710d5a
Change-Id: I1fb6690d4302a1884d8521c21a9754b2ca710d5a
|
|
The non-A/B package installation is subject to TOC/TOU flaw if the
attacker can switch the package in the middle of installation. And the
most pratical case is to store the package on an external device, e.g. a
sdcard, and swap the device in the middle.
To prevent that, we can adopt the same protection as used in sideloading
a package with FUSE. Specifically, when we install the package with FUSE,
we read the entire package to cryptographically verify its signature.
The hash for each transfer block is recorded in the memory (TOC), and
the subsequent reads (TOU) will be rejected upon dectecting a mismatch.
This CL forces the package installation with FUSE when the package stays
on a removable media.
Bug: 136498130
Test: Run bin/recovery --update_package with various paths;
and packages are installed from FUSE as expected
Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
|
|
Bug: 134560109
Test: Run recovery_unit_test.
Change-Id: Ibbcdcfd507fa23657ee7ff677208b0003ec382ba
|
|
A number of utility functions are intended for serving recovery's own
use. Exposing them via libotautil (which is a static lib) would pass the
dependencies onto libotautil's users (e.g. recovery image, updater, host
simulator, device-specific recovery UI/updater extensions etc). This CL
finds a new home for the utils that are private to recovery.
Test: mmma bootable/recovery
Change-Id: I575e97ad099b85fe1c1c8c7c9458a5a43d4e11e1
|
|
Therefore, libinstall becomes the sole owner to handle the request
from minadbd service.
The change also includes
1. move logging.cpp out of librecovery
2. drop the dependency on common.h
3. now it's more sensible to move the wipe_cache as part of
install_package. move the wipe_cache to the end of the function.
Bug: 130166585
Test: wipe data and cache from menu
Change-Id: I6f356dccdb38015c50acf756bac246f87c30fc1f
(cherry picked from commit 316e9717461890dd319dc370970069fe4532a561)
|
|
This cl adds a socket pair to support the communication between recovery
and minadbd. Therefore, minadbd will be able to issue multiple commands
to recovery and get back the status of each command.
This cl also switches the adb sideload from the recovery menu to use
this protocol; and moves minadbd to a separate binary.
Bug: 130166585
Test: sideload a package
Change-Id: I80d36d5c4e6fe1ae3ea23640907bc50c0dc0d482
(cherry picked from commit 34690ced91e22f5d9b5dd19c33b11c8e0b4bafa0)
|
|
It was once considered to be shared between recovery and minadbd, so
that the latter can start an install on its own. The plan has been
changed, since package install -- including device wipe operations --
could be device-specific, which should be done by recovery only.
This CL moves libinstall back to a static library, which also saves the
overall size (reducing from 140256 + 660576 to 555880 bytes on
aosp_taimen-userdebug).
Bug: 130166585
Test: Run recovery_component_test.
Test: `adb sideload` on taimen.
Change-Id: Ib1f5f79f235df4682c0bd104425c9c122f6091ba
|
|
Therefore, libinstall becomes the sole owner to handle the request
from minadbd service.
The change also includes
1. move logging.cpp out of librecovery
2. drop the dependency on common.h
3. now it's more sensible to move the wipe_cache as part of
install_package. move the wipe_cache to the end of the function.
Bug: 130166585
Test: wipe data and cache from menu
Change-Id: I6f356dccdb38015c50acf756bac246f87c30fc1f
|
|
This cl adds a socket pair to support the communication between recovery
and minadbd. Therefore, minadbd will be able to issue multiple commands
to recovery and get back the status of each command.
This cl also switches the adb sideload from the recovery menu to use
this protocol; and moves minadbd to a separate binary.
Bug: 130166585
Test: sideload a package
Change-Id: I80d36d5c4e6fe1ae3ea23640907bc50c0dc0d482
|
|
It was once considered to be shared between recovery and minadbd, so
that the latter can start an install on its own. The plan has been
changed, since package install -- including device wipe operations --
could be device-specific, which should be done by recovery only.
This CL moves libinstall back to a static library, which also saves the
overall size (reducing from 140256 + 660576 to 555880 bytes on
aosp_taimen-userdebug).
Bug: 130166585
Test: Run recovery_component_test.
Test: `adb sideload` on taimen.
Change-Id: Ib1f5f79f235df4682c0bd104425c9c122f6091ba
|
|
otautil/roots.h includes <fstab/fstab.h>, but users of otautil/roots.h
don't need to explicitly depend on libfstab unless they have a real
need.
Also remove the unneeded include of <fstab/fstab.h> from
fsck_unshare_blocks.cpp.
Test: mmma -j bootable/recovery
Change-Id: Id3dc995a4769e631ab242843ee439bd94b2bf0bc
|
|
Build libinstall as a shared library. Also drop the dependency on the
global variables in common.h.
Test: unit tests pass, sideload an OTA
Change-Id: I30a20047768ce00689fc0e7851c1c5d712a365a0
|
|
This helps to expose librecovery_ui for device specific RecoveryUi.
Bug: 76436783
Test: mma, unit tests pass
Change-Id: Ic6c3d301d5833e4a592e6ea9d9d059bc4e4919be
(cherry picked from commit b5108c372c8b92671ea5ebb4eeff00757fcee187)
|
|
This helps to expose librecovery_ui for device specific RecoveryUi.
Bug: 76436783
Test: mma, unit tests pass
Change-Id: Ic6c3d301d5833e4a592e6ea9d9d059bc4e4919be
|
|
The fuse data provider for adb/sdcard shares common code and structures.
This cl creates a FuseDataProvider base class and provides
implementations for adb and sdcard.
In the follow cls, we can kill the provider_vtab struct; and also add
another implementation to parse a block map file and provides data.
Test: unit tests pass, sideload a package, apply a package from sdcard
Change-Id: If8311666a52a2e3c0fbae0ee9688fa6d01e4ad09
|
|
This is another implementation of the Package class. And we will later
need it when reading the package from FUSE.
Bug: 127071893
Test: unit tests pass, sideload a file package on sailfish
Change-Id: I3de5d5ef60b29c8b73517d6de3498459d7d95975
|
|
Creates a new class handle the package in memory and package read from fd.
Define the new interface functions, and make approximate changes to the
verify and install functions.
Bug: 127071893
Test: unit tests pass, sideload a package
Change-Id: I66ab00654df92471184536fd147b237a86e9c5b5
|
|
Also add libfstab dependencies where needed. Previously the
`typedef struct FstabEntry Volume;` line served to both define a
`struct FstabEntry` as well as alias Volume to it. With the new
namespace for android::fs_mgr::FstabEntry, `struct FstabEntry` isn't
compatible anymore, so we need to alias Volume to the real
android::fs_mgr::FstabEntry.
In doing so, we need to include <fstab/fstab.h> and this requires
libfstab as a library, which a few modules did not have before.
Test: treehugger
Change-Id: I655209a0efb304b3e0568db0748bd5cf7cecbdb7
|
|
Test: builds
Change-Id: I91923da25f470621189589711c50f3d67e435c68
|
|
Add a function to parse the zip archive and load the certificate from
all the zip entries with the suffix "x509.pem".
Bug: 116655889
Test: unittests pass
Change-Id: I93bf7aef7462c0623e89fc2d466d7af2d3a758bc
|
|
The recovery-persist used to look for the related recovery logs in
persist storage, and copy them under /data/misc/recovery during the
normal boot process.
As we also want to find out the sideload information from last_install,
it makes more sense to move the parse & report of non-a/b metrics to
recovery-persist. Thus we can avoid the race condition of the file
system between the native code and RecoverySystem.
Bug: 114278989
Test: unit test pass, check the event buffer for metrics report
Change-Id: I32d7b2b831bc74a61a70af9a2f0b8a7e9b3e36ee
|
|
And add the first few users.
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: Ifdf093d011478b6a1dd0405b0ba48c145b509cc8
|
|
Bug: 112780007
Test: `m dist` along with other changes in the topic. Check the file
under recovery. Trigger factory reset from recovery UI.
Change-Id: I2fb6954576eefecea60712a21506a2aeb1cecc53
|
|
Also separate libupdater_defaults out to be shareable.
It turns out the `data` property in `cc_test` doesn't follow symlinks as
LOCAL_TEST_DATA does in Android.mk. This CL creates a filegroup in
top-level Android.bp in order to pick up the testdata for ResourcesTest.
Test: `mmma -j bootable/recovery` with aosp_marlin-userdebug
Test: Run recovery_{unit,component,manual}_test on marlin.
Test: Run recovery_host_test.
Change-Id: I4532ab25aeb83c0b0baa8051d5fe34ba7b910a35
|
|
They're only needed in past when we statically linked libs that had
dependencies on them. Dropping them doesn't affect the recovery image
size, as there're still other users of the libs. But this would avoid
the false dependencies on them.
Test: `mmma -j bootable/recovery`
Change-Id: Ib43cc42221edde9efea1f12357cfc2f2232ec520
|
|
Add a fastboot mode to recovery that can be
entered with command line args or with the ui.
Add usb property triggers to switch between
fastboot and adb configurations.
Allow switching between fastboot and adb through
usb commands by opening a unix socket. adbd/fastbootd
writes to this socket, which interrupts the ui and
switches to the new mode.
Test: Use fastboot mode
Bug: 78793464
Change-Id: I7891bb84427ec734a21a872036629b95ab3fb13c
|
|
recovery is_battery_ok function uses get_health_service(),
which calls IHealth::getService("default") then
IHealth::getService("backup").
- An OEM can provide the default instance by installing
android.hardware.health@2.0-impl-<device>.so to recovery
partition.
- If that's not found, the "backup" instance is provided
to the recovery partition by default.
Test: call is_battery_ok() in recovery, successfully
get battery information.
Bug: 80132328
Change-Id: Ibfee80636325a07bc20b24d044d007a60b3dd7c2
|
|
This relands the previously reverted CL in commit
c70446ce7b4db79f296833b16ce38eb8a01d83df ("Build and use minadbd as a
shared library."). `recovery` has been built with Soong, so the previous
concern (unintentionally installing `libminadbd_services.so` to normal
system image) no longer holds.
Note that `reocvery` can't use `libminadbd_services.a`, as functions
like `daemon_service_to_fd()` (needed by `libadbd.so`) won't be linked
into `recovery`.
This CL moves the dependency of `libminadbd_services` from `librecovery`
into `recovery`, as only the latter actually relies on it (via
`recovery_main.cpp`). Note that we no longer need to list the transitive
dependency on `libadbd` or `libasyncio`.
Bug: 112494634
Test: `mmma -j bootable/recovery`
Test: Build and boot into recovery with aosp_taimen-userdebug. Verify that
sideloading keeps working.
Test: `build/soong/build_test.bash --dist`
Change-Id: Ic086470b86d6770bede317e0f5534f608fa7b7d2
|
|
Fixes: 110380063
Test: `mmma -j bootable/recovery` with aosp_taimen-userdebug
Test: Build and boot into recovery on taimen. Check the basic
functionalities (`Apply update from ADB`, `View recovery logs`,
`Run graphics test`).
Test: Run recovery_unit_test and recovery_component_test on marlin.
Test: Modify `recovery.cpp` locally to trigger the call to
is_battery_ok(). Check that the battery info is reported
correctly.
Test: `build/soong/build_test.bash --dist`
Change-Id: I391eb201d57c760e457ba2bf2410ceb72596795c
|
|
Bug: 110380063
Test: `m -j installclean && mmma -j bootable/recovery` with
aosp_taimen-userdebug
Test: Build (`m -j bootimage`) and boot into recovery. Check that
`adb sideload` and `Run graphics test` both work.
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: Ie6ed0e7cafa352d5faff9d1b6ccef724a0415e65
|
|
Move common logging related functions to
rotate_logs.cpp, and rename that to logging.cpp.
Test: Recovery works
Bug: 78793464
Merged-In: I00f20a79a296680122b8437d54a87897c5cb2fc7
Change-Id: I00f20a79a296680122b8437d54a87897c5cb2fc7
|
|
Move common logging related functions to
rotate_logs.cpp, and rename that to logging.cpp.
Test: Recovery works
Bug: 78793464
Change-Id: I00f20a79a296680122b8437d54a87897c5cb2fc7
(cherry picked from commit 3c3f211d1e5698da6eea9e83584acb2dee4ca46e)
|
|
Move common logging related functions to
rotate_logs.cpp, and rename that to logging.cpp.
Test: Recovery works
Bug: 78793464
Change-Id: I00f20a79a296680122b8437d54a87897c5cb2fc7
|
|
Export its header (mounts.h) from there, and drop the dot dot dependency
from libupdater / updater.
Test: mmma bootable/recovery
Test: recovery_component_test
Change-Id: Ic26a6b9b78a34dbe1f178b138f3abaafffbec44c
|
|
libmounts
librecovery_ui_default
librecovery_ui_wear
librecovery_ui_vr
libverifier
recovery-persist
recovery-refresh
They are all trivially converted.
Test: mmma -j bootable/recovery
Change-Id: Id783b3eec32bd15e74f42df17053732db5666675
|
|
The "subdirs=" statement no longer has any effect (with the CL in [1]
that's merged last November). All the Android.bp's will be picked up
automatically.
[1] commit 4f21237342e715cbbac6e409cd67e86a304483c4 in
https://android-review.googlesource.com/c/platform/build/blueprint/+/530115.
Test: mmma -j bootable/recovery
Change-Id: Idd39af1fff907e8c1886f91eea0dd4a9e38a4079
|
|
Test: mmma -j bootable/recovery
Change-Id: I405f2a70f51904c02c49a287c23cbc115a4c5132
|
|
Test: mmma bootable/recovery
Change-Id: Ie163aff1c4c2b3b15bb705825779ada6bc38ad67
|
|
Also make matching changes to applypatch modules which include
edify/expr.h.
Test: mmma bootable/recovery
Change-Id: Ia72be3caa010d7f56a70add2da345e631b306378
|
|
Test: mmma bootable/recovery
Change-Id: I5f2520ea457ba66743aa3aa1d5b3b488a93084a3
|
|
Test: build
Change-Id: Ia0c2e141673e37eea29306817d2f4b2c944213b0
|
|
Test: flash and boot recovery on internal angler
Change-Id: Id8845b4b422d0078b251333eb6d30ce14771ef10
|