| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
-1 is not a valid exit status.
Also replace a few exit(1) with exit(EXIT_FAILURE).
Test: mmma bootable/recovery
Change-Id: I4596c8328b770bf95acccc06a4401bd5cabd4bfd
|
| |
|
|
|
|
|
| |
Bug: http://b/23102347
Test: boot into recovery.
Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e
Merged-In: Ib2ca560f1312961c21fbaa294bb068de19cb883e
|
| |\
| |
| |
| |
| |
| | |
am: 37450d7f42
Change-Id: Id9c78be08f2822ec92d54ba11693d3e5adb7b5aa
|
| | |
| |
| |
| | |
Change-Id: Ib97440bc0542003b84c45cb05f194ba20104dad6
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Write error code, cause code, and retry count into last_install. So we
can have more information about the reason of a failed OTA.
Example of new last_install:
@/cache/recovery/block.map package name
0 install result
retry: 1 retry count (new)
error: 30 error code (new)
cause: 12 error cause (new)
Details in:
go/android-ota-errorcode
Bug: 28471955
Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
|
| |
|
|
|
|
| |
And a few trival fixes to suppress warnings.
Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
|
| |
|
|
|
|
|
| |
Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek.
Bug: http://b/20625546
Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
|
| |
|
|
| |
Change-Id: I5afaf70caa590525627c676c88b445d3162de33e
|
| |
|
|
|
|
|
| |
The original attempt missed the fact that Print is a member function,
so the first argument is the implicit 'this'.
Change-Id: I963b668c5432804c767f0a2e3ef7dea5978a1218
|
| |
|
|
|
|
|
|
|
|
| |
Currently it rotates the log files every time it boots into the recovery
mode. We lose useful logs after ten times. This CL changes the rotation
condition so that it will rotate only if it performs some actual
operations that modify the flash (installs, wipes, sideloads and etc).
Bug: 19695622
Change-Id: Ie708ad955ef31aa500b6590c65faa72391705940
|
| |
|
|
| |
Change-Id: Ia897aa43e44d115bde6de91789b35723826ace22
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recovery system behaves a little bit differently on userdebug or
eng builds by presenting error reports to the user in the ui.
This is controlled by checking the build fingerprint for the string
:userdebug/ or :eng/. But with AOSP version numbers most AOSP
builds blows the 92 char limit of ro.build.fingerprint and therefore
the property is not set, so this condition will always be evaluated
to false, for most builds.
Instead of depending on the flaky ro.build.fingerprint this change
uses ro.debuggable.
Change-Id: I74bc00c655ac596aaf4b488ecea58f0a8de9c26b
|
| |
|
|
|
|
|
|
|
| |
Split the adb-specific portions (fetching a block from the adb host
and closing the connections) out from the rest of the FUSE filesystem
code, so that we can reuse the fuse stuff for installing off sdcards
as well.
Change-Id: I0ba385fd35999c5f5cad27842bc82024a264dd14
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement a new method of sideloading over ADB that does not require
the entire package to be held in RAM (useful for low-RAM devices and
devices using block OTA where we'd rather have more RAM available for
binary patching).
We communicate with the host using a new adb service called
"sideload-host", which makes the host act as a server, sending us
different parts of the package file on request.
We create a FUSE filesystem that creates a virtual file
"/sideload/package.zip" that is backed by the ADB connection -- users
see a normal file, but when they read from the file we're actually
fetching the data from the adb host. This file is then passed to the
verification and installation systems like any other.
To prevent a malicious adb host implementation from serving different
data to the verification and installation phases of sideloading, the
FUSE filesystem verifies that the contents of the file don't change
between reads -- every time we fetch a block from the host we compare
its hash to the previous hash for that block (if it was read before)
and cause the read to fail if it changes.
One necessary change is that the minadbd started by recovery in
sideload mode no longer drops its root privileges (they're needed to
mount the FUSE filesystem). We rely on SELinux enforcement to
restrict the set of things that can be accessed.
Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
|
|
|
Rather than depending on the existence of some place to store a file
that is accessible to users on an an unbootable device (eg, a physical
sdcard, external USB drive, etc.), add support for sideloading
packages sent to the device with adb.
This change adds a "minimal adbd" which supports nothing but receiving
a package over adb (with the "adb sideload" command) and storing it to
a fixed filename in the /tmp ramdisk, from where it can be verified
and sideloaded in the usual way. This should be leave available even
on locked user-build devices.
The user can select "apply package from ADB" from the recovery menu,
which starts minimal-adb mode (shutting down any real adbd that may be
running). Once minimal-adb has received a package it exits
(restarting real adbd if appropriate) and then verification and
installation of the received package proceeds.
Change-Id: I6fe13161ca064a98d06fa32104e1f432826582f5
|
