| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| | |
am: c37c5c3410
Change-Id: Idfc957d24e6f5efe32cf68dc696355c456ffde34
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Increase the number of attempts of an OTA update from 3 to 5 in case
an I/O error happened. This should increase the success rate of the
update.
Bug: 29619468
Change-Id: I88a067d9debd55a07be22ed981f395f6e47ec28f
|
|\ \
| | |
| | |
| | | |
Change-Id: I18ecc333a76860405028b90b0baf2fba78d3942e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When recovery starts with --brick, it tries to brick the device by
securely wiping all the partitions as listed in /etc/recovery.brick.
This is designed to support bricking lost devices.
Bug: 27253717
Change-Id: Ib0bd4f0a3bdaca4febc91fce6b682e3ec74354e2
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
An OTA may be skipped due to low battery. But we should always log it to
understand why an update _fails_ to apply.
Bug: 27893175
Change-Id: I50a3fbbb3e51035e0ac5f1cca150e283852825c3
(cherry picked from commit 568700189528c69a6cdd7a246127ce01463e033d)
|
|\ \ \
| | |/
| |/|
| | | |
Change-Id: I42c127f7946e678acf6596f6352f090abc0ca019
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Write error code, cause code, and retry count into last_install. So we
can have more information about the reason of a failed OTA.
Example of new last_install:
@/cache/recovery/block.map package name
0 install result
retry: 1 retry count (new)
error: 30 error code (new)
cause: 12 error cause (new)
Details in:
go/android-ota-errorcode
Bug: 28471955
Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
|
|\| |
| | |
| | |
| | | |
Change-Id: I4ec33904a6af38d81b422c7be6f40b828fbc7525
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a new command "--security" to boot commands. If this command is
observed as part of BCB, choose a different background text picture
for installing stage in recovery UI. As a result, users will see
"installing security update" instead of "installing system update"
when applying a security update package.
Bug: 27837319
Change-Id: I2e2253a124993ecc24804fa1ee0b918ac96837c5
|
|\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 5687001895
* commit '568700189528c69a6cdd7a246127ce01463e033d':
recovery: Always log the update attempt.
Change-Id: Ibf0d564c26bb5045fe24466a415dea13cd3a5a18
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
An OTA may be skipped due to low battery. But we should always log it to
understand why an update _fails_ to apply.
Bug: 27893175
Change-Id: I50a3fbbb3e51035e0ac5f1cca150e283852825c3
|
|\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
am: bcad1d1
* commit 'bcad1d1ced730478c94f951034d252e777661332':
Fix google-runtime-int warnings.
Change-Id: Ifad31026502e3375f4833899056662da540319b5
|
| | |
| | |
| | |
| | |
| | | |
Bug: 28220065
Change-Id: Ida199c66692a1638be6990d583d2ed42583fb592
|
|\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
am: e8d0ecc
* commit 'e8d0ecccf7e54e73418cac94b0b136bfed94d51a':
Update the system update animation.
Change-Id: I5d0ad44b13a505bca62a5316447603fab4d280aa
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Switch to a Wear-like intro/loop system. We don't have an intro yet,
but hopefully this will let Wear delete more code when they move to N.
Unlike them, we don't hard-code the number of frames: we just look to
see what we have available. We do hard-code the fps though.
Also add a graphics test mode so you can see a demo of the UI components
without having to actually apply an OTA.
Also fix a bug where default locale is null rather than en-US: it's
more useful to show _some_ text if we don't have a locale (which should
only be during development anyway).
Bug: http://b/26548285
Change-Id: I63422e3fef3c41109f924d96fb5ded0b3ae7815d
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
(cherry-pick from commit a4f701af93a5a739f34823cde0c493dfbc63537a)
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.
Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
(cherry picked from commit 3c62b67faf8a25f1dd1c44dc19759c3997fdfd36)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since we may not have /cache partition on A/B devices, let recovery
handle /cache related operations gracefully if /cache doesn't exist.
(1) Disable the wipe for /cache partition.
(2) Skip wiping /cache while wiping /data (i.e. factory reset).
(3) Disable logging-related features, until we figure out better
ways / places to store recovery logs (mainly for factory resets on A/B
devices).
Bug: 27176738
Change-Id: I7b14e53ce18960fe801ddfc15380dac6ceef1198
(cherry picked from commit 26112e587084e8b066c28a696533328adde406a9)
|
|\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
am: dc91161
* commit 'dc91161a56c74bb6c73560d728d92b115f0f6e75':
Move selinux dependencies out of header files.
Change-Id: I439d352c9366dbed201a5592059b886968324633
|
| | |
| | |
| | |
| | |
| | | |
Bug: http://b/27764900
Change-Id: Ib62a59edcb13054f40f514c404d32b87b14ed5f1
|
|\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
am: 6f83130
* commit '6f83130d7acd85df89a80e691d3aa63bd2ceda39':
recovery: use __android_log_pmsg_file_write for log files
Change-Id: Id2e7a76bae8eb061f6f57249dd912f25cd6332c6
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
|
|\| |
| | |
| | |
| | |
| | |
| | |
| | | |
am: 7e18ce2
* commit '7e18ce221fac387d5f08da2519879c1fc2046a4a':
Clean up intent_file related code in recovery.cpp
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
No one in recovery or framework is utilizing intent file. Clean
up the code.
Bug:27725880
Change-Id: I78b37ff94261793e0d6a86a0fa6d27dcfe3f4783
|
|\| |
| | |
| | |
| | |
| | |
| | |
| | | |
am: 90f01a4203
* commit '90f01a4203de453a2c6b940c39289b629ae3b654':
Reboot and retry on I/O errors
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.
Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
|
|\| | |
| |_|/
|/| |
| | |
| | |
| | |
| | | |
am: f2726712ea
* commit 'f2726712ea1e02fdabf595ece1cfeab9a6147386':
recovery: Handle devices without /cache partition.
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since we may not have /cache partition on A/B devices, let recovery
handle /cache related operations gracefully if /cache doesn't exist.
(1) Disable the wipe for /cache partition.
(2) Skip wiping /cache while wiping /data (i.e. factory reset).
(3) Disable logging-related features, until we figure out better
ways / places to store recovery logs (mainly for factory resets on A/B
devices).
Bug: 27176738
Change-Id: I7b14e53ce18960fe801ddfc15380dac6ceef1198
|
| |
| |
| |
| |
| |
| | |
Bug: 26879394
Change-Id: I63dce5bc50c2e104129f1bcab7d3cad5682bf45d
|
| |
| |
| |
| |
| |
| |
| | |
The cache folder is no longer available at this time
Bug: 27355824
Change-Id: I74e33266c1ff407364981b186613f81319dd22dc
|
| |
| |
| |
| |
| |
| |
| | |
Bug: 26879394
Change-Id: I63dce5bc50c2e104129f1bcab7d3cad5682bf45d
(cherry picked from commit 53e7a0628f4acc95481f556ba51800df4a1de37d)
|
|\|
| |
| |
| |
| |
| |
| | |
am: ce46828e08
* commit 'ce46828e08281dc507d4e40ba9e8b770bc21cf0b':
recovery: Fork a process for fuse when sideloading from SD card.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For applying update from SD card, we used to use a thread to serve the
file with fuse. Since accessing through fuse involves going from kernel
to userspace to kernel, it may run into deadlock (e.g. for mmap_sem)
when a page fault occurs. Switch to using a process instead.
Bug: 23783099
Bug: 26313124
Change-Id: Iac0f55b1bdb078cadb520cfe1133e70fbb26eadd
|
|\|
| |
| |
| |
| |
| |
| | |
am: ff4c2c07e8
* commit 'ff4c2c07e899ab049c7499f2818cd8a45e0213d3':
Track rename from base/ to android-base/.
|
| |
| |
| |
| | |
Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
|
|\|
| |
| |
| |
| |
| |
| | |
am: cca6ca0953
* commit 'cca6ca0953b56176ebb406fa89766e326f4d72ac':
Track name change from adb_main to adb_server_main.
|
| |
| |
| |
| | |
Change-Id: I835805348a9817c81639ad8471e3b49cae93c107
|
|/
|
|
| |
Change-Id: I38b29e1e34ea793e4b87cd27a1d39fa905fddf7a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fork a logger process and send over the log lines through a pipe.
Prepend a timestamp to each line for debugging purpose. Timestamps are
relative to the start of the logger.
Example lines with the change in this CL:
[ 445.948393] Verifying update package...
[ 446.279139] I:comment is 1738 bytes; signature 1720 bytes from end
[ 449.463652] I:whole-file signature verified against RSA key 0
[ 449.463704] I:verify_file returned 0
Change-Id: I139d02ed8f2e944c1618c91d5cc43282efd50b99
|
|
|
|
|
|
|
|
|
| |
When calling ScreenRecoveryUI::ShowFile(), the only thing that gets
inadequately logged is the progress bar. Replace the call to
ScreenRecoveryUI::Print() with ScreenRecoveryUI::PrintOnScreenOnly() for
the progress bar, so we can avoid calling redirect_stdio().
Change-Id: I4d7c5d5b39bebe0d5880a99d7a72cee4f0b8f325
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Malloc might fail when replacing package path. In this case, print a
clear error message in the logs and let the OTA fails.
Change-Id: I7209d95edc025e3ee1b4478f5e04f6e852d97205
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Signed-off-by: Gaelle Nassiet <gaellex.nassiet@intel.com>
|
|/
|
|
|
|
| |
A recent adb cleanup changed the signature of adb_main.
Change-Id: I98d084f999966f1a7aa94c63e9ed996b3375096d
|
|
|
|
|
|
|
|
|
|
|
| |
When system images contain the root directory, there is no entry of
"/system" in the fstab. Change it to look for "/" instead if
ro.build.system_root_image is true. We actually mount the partition
to /system_root instead, and create a symlink to /system_root/system
for /system. This allows "adb shell" to work properly.
Bug: 22855115
Change-Id: Ibac493a5a9320c98ee3b60bd2cc635b925f5454a
|
|\ |
|
| |
| |
| |
| | |
Change-Id: I12b4f880802135a98dbc11a19e74172a3a5ef921
|
|/
|
|
|
| |
Bug: http://b/21760064
Change-Id: Idde268fe4d7e27586ca4469de16783f1ffdc5069
|
|
|
|
|
|
| |
And a few trival fixes to suppress warnings.
Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
|
|
|
|
| |
Change-Id: I77564fe5c59e604f1377b278681b7d1bff53a77a
|
|
|
|
|
|
|
|
|
| |
This makes it easier to go back and forth without losing current output.
Also make the display more like regular more(1).
Bug: http://b/20834540
Change-Id: Icc5703e9c8a378cc7072d8ebb79e34451267ee1b
|
|
|
|
|
|
|
|
| |
Currently we are keeping one copy of the kernel log (LAST_KMSG_FILE).
This CL changes to keep up to KEEP_LOG_COUNT copies for kernel logs.
Bug: http://b/18092237
Change-Id: I1bf5e230de3efd6a48a5b2ae5a34241cb4d9ca90
|
|
|
|
|
|
|
|
| |
For userdebug and eng builds, turn on the text display automatically
if no command is specified.
Bug: http://b/17489952
Change-Id: I3d42ba2848b968da12164ddfda915ca69dcecba1
|
|
|
|
|
|
|
|
|
|
|
| |
This makes it easier for us to deal with arbitrary information at the
top, and means that headers added by specific commands don't overwrite
the default ones.
Add the fingerprint back, but broken up so it fits even on sprout's
display.
Change-Id: Id71da79ab1aa455a611d72756a3100a97ceb4c1c
|
|
|
|
| |
Change-Id: I280a478526f033f5c0041d7e8a818fce6177d732
|
|
|
|
|
|
| |
This reverts commit 2ec803f4350f7b72f5dd65c5f27656c6807e2966.
Change-Id: I419025a772ef99db4c0a78bfa7ef66767f3fa062
|
|
|
|
|
|
|
|
| |
Currently we are keeping one copy of the kernel log (LAST_KMSG_FILE).
This CL changes to append it to the recovery log.
Bug: 18092237
Change-Id: I06ad5629016846927153064f1663753a90296f79
|
|
|
|
| |
Change-Id: I5afaf70caa590525627c676c88b445d3162de33e
|
|
|
|
|
|
|
|
| |
Currently fugu has a custom subclass to handle this. The default code
supports devices with trackballs but not all shipping Nexus devices?
That's just silly.
Change-Id: Id2779c91284899a26b4bb1af41e7033aa889df10
|
|
|
|
|
|
|
| |
Everyone's adding secret key combinations for this anyway, and it's
very useful when debugging.
Change-Id: Iad549452b872a7af963dd649f283ebcd3ea24234
|
|
|
|
|
|
|
|
| |
Rather than add code to wrap menu items, let's just put output the
recovery version to the log. It'll be visible at the bottom of the
screen and automatically wrap.
Change-Id: I158fe2d85bc56b195e00619fba455321743923bd
|
|
|
|
|
|
| |
This fixes the N9 performance problem.
Change-Id: I00c10d4162ff266a6243285e5a5e768217f6f799
|
|
|
|
|
|
|
| |
The original attempt missed the fact that Print is a member function,
so the first argument is the implicit 'this'.
Change-Id: I963b668c5432804c767f0a2e3ef7dea5978a1218
|
|
|
|
|
|
|
|
|
|
| |
Currently it rotates the log files every time it boots into the recovery
mode. We lose useful logs after ten times. This CL changes the rotation
condition so that it will rotate only if it performs some actual
operations that modify the flash (installs, wipes, sideloads and etc).
Bug: 19695622
Change-Id: Ie708ad955ef31aa500b6590c65faa72391705940
|
|
|
|
|
|
|
| |
It also changes the return type of wipe_data/wipe_cache to bool, so the
caller can get the status accordingly.
Change-Id: I3022dcdadd6504dac757a52c2932d1176ffd1918
|
|
|
|
|
|
|
|
|
|
|
| |
This now gets done at the framework level.
Doing it here breaks the signature on the partition.
This reverts commit ee19387905650cab5da7dd97ada5502cd17ac93d.
Bug: 19967123
Change-Id: I2a977cb0f0ba94defa1bf9091219398ddc1d3528
(cherry picked from commit 037444642bc32d8fed3bb996823b6a62faa57195)
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the command file contains "--sideload" (as a result of 'adb reboot
sideload'), it goes into sideload mode directly. Text display will be
turned on by default. It waits for user interaction upon finishing.
When the command file contains "--sideload_auto_reboot", it enters
sideload mode silently. And it will reboot after the installation
regardless of its result, which is designed for automated testing purpose.
Change-Id: Ifdf173351221c7bbf635cfd32463b48e1fff5740
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's surprising that only one of the wipe options asks for confirmation.
This change makes it easier to add confirmation to any action.
I've also removed the version information from all but the main menu,
because I find I'm not really reading the red text because there's
so much of it all the time.
(Given that fingerprints are long and menu items aren't wrapped, we
might want to go with an actual "About" menu item instead.)
Change-Id: I7d809fdd53f9af32efc78bee618f98a69883fffe
|
|
|
|
| |
Change-Id: Ia897aa43e44d115bde6de91789b35723826ace22
|
|
|
|
|
|
|
|
|
| |
Add support for the wipe command when using sideload within the
recovery. All the support for this command is in place, only the
execution of the actual wipe command itself was missing.
Change-Id: Ia9cdfc912bfb9f558fa89b9f0ed54e843ede41f2
Signed-off-by: Christian Poetzsch <christian.potzsch@imgtec.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment, this is the only difference in the sprout recovery
image. That's silly. Let's just improve the error handling slightly
and always have this option present.
Also make the obscure "<3e>" less unclear.
Also use "power button" as the default text rather than "enter button",
because it's been years since anyone had one of those. (Longer term we
should let subclassers tell us the keycode and we translate it to the
correct string.)
Also move the two "Reboot" options together, put "Power off" at the
bottom (and use that terminology, like the real UI, rather than
"Power down"), and use capitals throughout.
Finally, add a README.md with some useful instructions.
Change-Id: I94fb19f73d79c54fed2dda30cefb884426641b5c
|
|\
| |
| |
| |
| | |
* commit '2d1022250941873f8748e6a159d4e5bf976e511f':
Kill of most of the remainder of minadbd.
|
| |
| |
| |
| |
| |
| |
| |
| | |
I think everything left now is here to stay (services.c might get
massaged in to libadbd if it gets refactored).
Bug: 17626262
Change-Id: I01faf8b277a601a40e3a0f4c3b8206c97f1d2ce6
|
|\|
| |
| |
| | |
Change-Id: I6f2ea07df2ab80a44301d9c3a2a8841c40a46002
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The recovery system behaves a little bit differently on userdebug or
eng builds by presenting error reports to the user in the ui.
This is controlled by checking the build fingerprint for the string
:userdebug/ or :eng/. But with AOSP version numbers most AOSP
builds blows the 92 char limit of ro.build.fingerprint and therefore
the property is not set, so this condition will always be evaluated
to false, for most builds.
Instead of depending on the flaky ro.build.fingerprint this change
uses ro.debuggable.
Change-Id: I74bc00c655ac596aaf4b488ecea58f0a8de9c26b
|
| |
| |
| |
| |
| |
| |
| | |
Bug: 18642766
Change-Id: I95a6c8edf83513d421a041e79c15111b5c991dde
Signed-off-by: Patrick Tjin <pattjin@google.com>
|
| |
| |
| |
| |
| |
| |
| | |
Bug: 18642766
Change-Id: I6c8b7d8f9ffb688d3afdfe0d47c4142e711e421d
Signed-off-by: Patrick Tjin <pattjin@google.com>
|
|/
|
|
|
|
|
|
|
|
| |
Create a new recovery UI option to allow the user to view
/cache/recovery/last_log for their device. This gives enhanced
debugging information which may be necessary when a failed
OTA occurs.
Bug: 18094012
Change-Id: Ic3228de96e9bfc2a0141c7aab4ce392a38140cf3
|
|
|
|
|
|
|
| |
This will help us track down who requested a data wipe.
Bug: 17412160
Change-Id: I1c439fbd29f96b9851810baca9101f683a0f18d8
|
|
|
|
|
|
|
|
|
|
|
| |
We need to wipe the challenges on this partition
if OEM unlock is enabled, as this is a signal that
the user has opted out of factory reset protection.
go/factory-reset
Bug: 16633064
Change-Id: Icb8f1433bf99ca57813f5b72d5a3dd15fa94a263
|
|
|
|
|
|
|
|
|
| |
Make a fuse filesystem that sits on top of the selected package file
on the sdcard, so we can verify that the file contents don't change
while being read and avoid copying the file to /tmp (that is, RAM)
before verifying and installing it.
Change-Id: Ifd982aa68bfe469eda5f839042648654bf7386a1
|
|
|
|
|
|
|
|
|
| |
Drop support for sideloading OTA packages of the cache partition (a
half-solution that's long since been deprecated by "adb sideload").
Refactor the code to sideload OTA packages from SD cards: remove the
installation code from the file browser.
Change-Id: Id0dff6b27c4a5837546f174f50e2e1d0379c43db
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement a new method of sideloading over ADB that does not require
the entire package to be held in RAM (useful for low-RAM devices and
devices using block OTA where we'd rather have more RAM available for
binary patching).
We communicate with the host using a new adb service called
"sideload-host", which makes the host act as a server, sending us
different parts of the package file on request.
We create a FUSE filesystem that creates a virtual file
"/sideload/package.zip" that is backed by the ADB connection -- users
see a normal file, but when they read from the file we're actually
fetching the data from the adb host. This file is then passed to the
verification and installation systems like any other.
To prevent a malicious adb host implementation from serving different
data to the verification and installation phases of sideloading, the
FUSE filesystem verifies that the contents of the file don't change
between reads -- every time we fetch a block from the host we compare
its hash to the previous hash for that block (if it was read before)
and cause the read to fail if it changes.
One necessary change is that the minadbd started by recovery in
sideload mode no longer drops its root privileges (they're needed to
mount the FUSE filesystem). We rely on SELinux enforcement to
restrict the set of things that can be accessed.
Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
|
|
|
|
|
|
| |
Useful when debugging or developing for recovery.
Change-Id: Ic3ab42d5e848ad3488f1c575339b55e45c8a024b
|
|\
| |
| |
| |
| | |
* commit 'b4bbf8878c3a6b2a17a3a96f1a23300748dbd81a':
add --shutdown_after option to recovery
|
| |\
| | |
| | |
| | | |
Change-Id: I3d00437d519f93652ccae6b361e89e853ccae9b3
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The "--shutdown_after" option causes recovery to power down the device
on completion rather than rebooting.
Removes the last vestiges of the "--previous_runs" argument, which
doesn't seem to be used for anything.
Change-Id: I465eda2ef59d367e2b1c79a8dc69831263c69a4d
|
|\| |
| | |
| | |
| | |
| | | |
* commit '80c1a386d3f614919708b37986919ecaf74ee738':
refactor image resource loading code in minui
|
| |\|
| | |
| | |
| | | |
Change-Id: Ib95b5bcd8d24014e1f2a956d2f31c99a471d3e30
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reduce the number of copies of libpng boilerplate. Rename
res_create_* functions to be more clear. Make explicit the use of the
framebuffer pixel format for images, and handle more combinations of
input and output (eg, loading a grayscale image for display rather
than use as a text alpha channel).
Change-Id: I3d41c800a8f4c22b2f0167967ce6ee4d6b2b8846
|
|\| |
| | |
| | |
| | |
| | | |
* commit '4b6de1ba1ce0fff95c18a8abb7ba6e5762006d49':
Recovery 64-bit compile issues
|
| |\|
| | |
| | |
| | |
| | | |
* commit '026ebe0214d6c1c9b3ddc22c35e9ac37e5f622bc':
Recovery 64-bit compile issues
|
| | |
| | |
| | |
| | | |
Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
|
| | |
| | |
| | |
| | | |
Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
|
|/ /
| |
| |
| |
| |
| |
| | |
Make recovery log its PID, and when we use a block map file, log how
many ranges it contains.
Change-Id: I1b4299f8163af68a770b48c029ae25e6cb45d26b
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to support multi-stage recovery packages, we add the
set_stage() and get_stage() functions, which store a short string
somewhere it can be accessed across invocations of recovery. We also
add reboot_now() which updater can invoke to immediately reboot the
device, without doing normal recovery cleanup. (It can also choose
whether to boot off the boot or recovery partition.)
If the stage string is of the form "#/#", recovery's UI will be
augmented with a simple indicator of what stage you're in, so it
doesn't look like a reboot loop.
Change-Id: I62f7ff0bc802b549c9bcf3cc154a6bad99f94603
|
|
|
|
|
|
|
| |
We need to set the system property to "reboot,", not an empty string.
Bug: 10605007
Change-Id: I776e0d273764cf254651ab2b25c2743395b990e0
|
|
|
|
|
|
|
|
| |
Change I84c0513acb549720cb0e8c9fcbda0050f5c396f5 moved reboot
functionality into init but did not update the recovery partition; so
"adb reboot" and /system/bin/reboot in recovery are both broken.
Change-Id: Ie2d14627a686ffb5064256b6c399723636dff116
|
|
|
|
|
|
|
|
|
|
|
| |
When installing a package, we should have /tmp and /cache mounted and
nothing else. Ensure this is true by explicitly mounting them and
unmounting everything else as the first step of every install.
Also fix an error in the progress bar that crops up when you do
multiple package installs in one instance of recovery.
Change-Id: I4837ed707cb419ddd3d9f6188b6355ba1bcfe2b2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recovery changes:
- add a method to the UI class that is called when a key is held down
long enough to be a "long press" (but before it is released).
Device-specific subclasses can override this to indicate a long
press.
- do color selection for ScreenRecoveryUI's menu-and-log drawing
function. Subclasses can override this to customize the colors they
use for various elements.
- Include the value of ro.build.display.id in the menu headers, so you
can see on the screen what version of recovery you are running.
Change-Id: I426a6daf892b9011638e2035aebfa2831d4f596d
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When doing a cache wipe or a factory reset (which includes a cache
wipe), save any last* log files in the /cache/recovery directory and
write them back after reformatting the partition, so that wiping data
doesn't lose useful log information.
Change-Id: I1f52ae9131760b5e752e136645c19f71b7b166ee
|
|/
|
|
|
|
|
|
| |
Recovery currently has a random mix of messages printed to stdout and
messages printed to stderr, which can make logs hard to read. Move
everything to stdout.
Change-Id: Ie33bd4a9e1272e731302569cdec918e0534c48a6
|
|
|
|
|
|
|
|
| |
Copy logs to /cache immediately upon a package installation failure;
don't wait for recovery to finish. (If the user reboots without
exiting recovery the "right" way, the logs never get copied at all.)
Change-Id: Iee342944e7ded63da5a4af33d11ebc876f6c0835
|
|\
| |
| |
| |
| | |
* commit 'd51bfc9b1fe89321af3c629e7b23a747050332e1':
Fix the potential segmentation fault
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Extral newline can trigger recovery segmentation fault
Test case:
host$ adb shell 'echo -en "--update_package=ota_update.zip\n--show_text\n\n" > /cache/recovery/command'
host$ adb reboot recovery
Change-Id: If1781c1f5ad94a273f1cb122b67cedd9fb562433
Signed-off-by: Jin Feng <jin88.feng@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Extends the last_log mechanism to save logs from the last six
invocations of recovery, so that we're more likely to have useful logs
even if the device has repeatedly booted into recovery.
Change-Id: I08ae7a09553ada45f9e0733fe1e55e5a22efd9f9
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Hopefully this will reduce the number of OTA "bugs" reported that are
really just someone having changed their system partition,
invalidating future incremental OTAs.
Also fixes a longstanding TODO about putting LOGE() output in the
on-screen display.
Change-Id: I44e5be65b2dee7ebce2cce28ccd920dc3d6e522e
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Get rid of the notion of a font's "ascent"; the reference point for
drawing is the top-left corner of the character box rather than the
baseline. Add some more space between the menu entries and make the
highlight bar around the text.
Replace the default font.png with two images; the build system will
include one or the other based on the resolutions of the device.
Restore the original compiled-in bitmap font, to fall back on when
font.png can't be found (eg, in the charger binary).
Add support for bold text (when a font.png image is used).
Change-Id: I6d211a486a3636f20208502b1cd2aeae8b9f5b02
|
|\
| |
| |
| | |
Change-Id: I861e3a6aa07c448909b2ae54618bba178bd6e457
|
| |
| |
| |
| | |
Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
At load_locale_from_cache() function, LOCALE_FILE must get closed
after it is opened and used. Otherwise it causes a failure to
unmount "/cache" after load_locale_from_cache() function is called.
Change-Id: I9cec0f29a8ec4452c8a6a52e2f3c8ce9930d5372
Signed-off-by: Iliyan Malchev <malchev@google.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
We need prompt_with_wait() to show either the ERROR or NO_COMMAND
state as appropriate.
Bug: 7221068
Change-Id: I191526cf12630d08b7a8250a2a81e724a4a5d972
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add images of text for all locales we support. Make the progress bar
fill the correct way for RTL languages. (Flip the direction the
spinner turns, too, just for good measure.)
Bug: 7064142
Change-Id: I5dddb26e02ee5275c57c4dc4a03c6d68432ac7ba
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- change locale filename to "last_locale" so the main system doesn't
delete it
- clean up some chatty logging
- update images with real German (other languages TBD)
Change-Id: I2ebb4ed4e054bd1808a3042d9efbb2c18f3a044d
|
| |
| |
| |
| |
| |
| | |
Also make writing the locale a bit more robust.
Change-Id: I803dd0aa0b9d6661fad74ea13fb085682402323c
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- recovery takes a --locale argument, which will be passed by the main
system
- the locale is saved in cache, in case the --locale argument is
missing (eg, when recovery is started from fastboot)
- we include images that have prerendered text for many locales
- we split the background states into four (installing update,
erasing, no command, error) so that appropriate text can be shown.
Change-Id: I731b8108e83d5ccc09a4aacfc1dbf7e86b397aaf
|
|\
| |
| |
| |
| | |
* commit 'e5d5ac76cc8e5d11867aeff6a1d068215c1c3a7c':
minor recovery changes
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- add the --just_exit option to make recovery exit normally without doing anything
- make it possible to build updater extensions in C++
- add the clear_display command so that the updater binary can request
recovery switch to the NONE background UI
These are all used to support the notion of using OTA as a factory
reflash mechanism.
Change-Id: Ib00d1cbf540feff38f52a61a2cf198915b48488c
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rather than depending on the existence of some place to store a file
that is accessible to users on an an unbootable device (eg, a physical
sdcard, external USB drive, etc.), add support for sideloading
packages sent to the device with adb.
This change adds a "minimal adbd" which supports nothing but receiving
a package over adb (with the "adb sideload" command) and storing it to
a fixed filename in the /tmp ramdisk, from where it can be verified
and sideloaded in the usual way. This should be leave available even
on locked user-build devices.
The user can select "apply package from ADB" from the recovery menu,
which starts minimal-adb mode (shutting down any real adbd that may be
running). Once minimal-adb has received a package it exits
(restarting real adbd if appropriate) and then verification and
installation of the received package proceeds.
always initialize usb product, vendor, etc. for adb in recovery
Set these values even on non-debuggable builds, so that the mini-adb
now in recovery can work.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so
it can be used by devices without screens. Remove the UIParameters
struct and replace it with some new member variables in
ScreenRecoveryUI.
Change-Id: I4c0e659edcbedc0b9e86ed261ae4dbb3c6097414
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace the device-specific functions with a class. Move some of the
key handling (for log visibility toggling and rebooting) into the UI
class. Fix up the key handling so there is less crosstalk between the
immediate keys and the queued keys (an increasing annoyance on
button-limited devices).
Change-Id: I8bdea6505da7974631bf3d9ac3ee308f8c0f76e1
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move all the functions in ui.c to be members of a ScreenRecoveryUI
class, which is a subclass of an abstract RecoveryUI class. Recovery
then creates a global singleton instance of this class and then invoke
the methods to drive the UI. We use this to allow substitution of a
different RecoveryUI implementation for devices with radically
different form factors (eg, that don't have a screen).
Change-Id: I7fd8b2949d0db5a3f47c52978bca183966c86f33
|
|
|
|
| |
Change-Id: I68a67a4c8edec9a74463b3d4766005ce27b51316
|
|
|
|
|
|
|
|
| |
The contribution of SELinux things to AOSP had a call to the old
ui_print that merged cleanly. This changes that call into the newer
call so it will actually compile when enabled.
Change-Id: I8368e937219b01d0bef06007fa46302415256d07
|
|
|
|
| |
Change-Id: I2e8298ff5988a96754f56f80a5186c9605ad9928
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than depending on the existence of some place to store a file
that is accessible to users on an an unbootable device (eg, a physical
sdcard, external USB drive, etc.), add support for sideloading
packages sent to the device with adb.
This change adds a "minimal adbd" which supports nothing but receiving
a package over adb (with the "adb sideload" command) and storing it to
a fixed filename in the /tmp ramdisk, from where it can be verified
and sideloaded in the usual way. This should be leave available even
on locked user-build devices.
The user can select "apply package from ADB" from the recovery menu,
which starts minimal-adb mode (shutting down any real adbd that may be
running). Once minimal-adb has received a package it exits
(restarting real adbd if appropriate) and then verification and
installation of the received package proceeds.
Change-Id: I6fe13161ca064a98d06fa32104e1f432826582f5
|
|
|
|
|
|
|
|
| |
Some packages expect to find cache mounted, since it always is for
"real" OTAs.
Bug: 5739915
Change-Id: I7a7cdd88a60c61e4bc7dc3e1f99956f6487c42e1
|
|
|
|
|
|
|
|
|
| |
Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so
it can be used by devices without screens. Remove the UIParameters
struct and replace it with some new member variables in
ScreenRecoveryUI.
Change-Id: I70094ecbc4acbf76ce44d5b5ec2036c36bdc3414
|
|
|
|
|
|
|
|
|
|
| |
Replace the device-specific functions with a class. Move some of the
key handling (for log visibility toggling and rebooting) into the UI
class. Fix up the key handling so there is less crosstalk between the
immediate keys and the queued keys (an increasing annoyance on
button-limited devices).
Change-Id: I698f6fd21c67a1e55429312a0484b6c393cad46f
|
|
|
|
|
|
|
|
|
|
|
| |
Move all the functions in ui.c to be members of a ScreenRecoveryUI
class, which is a subclass of an abstract RecoveryUI class. Recovery
then creates a global singleton instance of this class and then invoke
the methods to drive the UI. We use this to allow substitution of a
different RecoveryUI implementation for devices with radically
different form factors (eg, that don't have a screen).
Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
|
|
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555
|