| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
bootloader_messages merges bootloader_message_writer
and bootloader.cpp, so we can use the same library to
manage bootloader_message in normal boot and recovery mode.
Bug: 29582118
Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To increase the security of wiping A/B devices, let uncrypt write
wipe package in misc partition. Then recovery verifies the wipe
package before wiping the device.
Bug: 29159185
Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168
|
|\|
| |
| |
| | |
Change-Id: I621cc47352f7ac552d9602485825ae3a6f9ae516
|
| |
| |
| |
| |
| |
| |
| |
| | |
init and vold also need to write bootloader message, so
split this function from uncrypt into a separate library.
Bug: 27176738
Change-Id: If9b0887b4f6ffab6162d9cb47a6ceb7eedd60b4d
|
| |\ |
|
| | |
| | |
| | |
| | |
| | | |
Bug: 27897229
Change-Id: Iab5e829af1676f7fcd8a4b00a194aa679ed4e372
|
| |/
| |
| |
| |
| | |
Bug: 27897241
Change-Id: I4f52ada58e8f204dba8c974ea0ae03876411ecf0
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We used to rely on files (e.g. /cache/recovery/command and
/cache/recovery/uncrypt_status) to communicate between uncrypt and its
caller (i.e. system_server). Since A/B devices may not have /cache
partitions anymore, we switch to socket communication instead.
We will keep the use of /cache/recovery/uncrypt_file to indicate the OTA
package to be uncrypt'd though. Because there is existing logic in
ShutdownThread.java that depends on the existence of the file to
detect pending uncrypt works. This part won't affect A/B devices without
/cache partitions, because such devices won't need uncrypt service (i.e
the real de-encrypt work) anyway.
Bug: 27176738
Change-Id: I481406e09e3ffc7b80f2c9e39003b9fca028742e
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The framework CL in [1] removes the use of "pre-recovery" service which
is basically to trigger a reboot into the recovery.
[1] commit e8a403d57c8ea540f8287cdaee8b90f0cf9626a3
Bug: 26830925
Change-Id: I131f31a228df59e4f9c3024b238bbdee0be2b157
|
| |
| |
| |
| |
| |
| | |
Bug: 26696173
Change-Id: I3a612f045aaa9e93e61ae45b05300d02b19bb3ad
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Writing map file directly can break consistency in map file if
it fails in the middle. Instead, we write a temporary file and
rename the temporary file to map file.
Bug: 26883096
Change-Id: I5e99e942e1b75e758af5f7a48f8a08a0b0041d6a
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `std::string package` variable goes out of scope but the input_path
variable is then used to access the memory as it's set to `c_str()`.
This was detected via OpenBSD malloc's junk filling feature.
Change-Id: Ic4b939347881b6ebebf71884e7e2272ce99510e2
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have the following warnings when compiling uncrypt on LP64 (e.g.
aosp_angler-userdebug).
bootable/recovery/uncrypt/uncrypt.cpp:77:53: warning: format specifies type 'long long' but the argument has type 'off64_t' (aka 'long') [-Wformat]
ALOGE("error seeking to offset %lld: %s\n", offset, strerror(errno));
~~~~ ^~~~~~
%ld
bootable/recovery/uncrypt/uncrypt.cpp:84:54: warning: format specifies type 'long long' but the argument has type 'unsigned long' [-Wformat]
ALOGE("error writing offset %lld: %s\n", (offset + written), strerror(errno));
~~~~ ^~~~~~~~~~~~~~~~~~
%lu
bootable/recovery/uncrypt/uncrypt.cpp:246:16: warning: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'off_t' (aka 'long') [-Wsign-compare]
while (pos < sb.st_size) {
~~~ ^ ~~~~~~~~~~
According to POSIX spec [1], we have:
off_t and blksize_t shall be signed integer types;
size_t shall be an unsigned integer type;
blksize_t and size_t are no greater than the width of type long.
And on Android, we always have a 64-bit st_size from stat(2)
(//bionic/libc/include/sys/stat.h).
Fix the type and add necessary casts to suppress the warnings.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_types.h.html
Change-Id: I5d64d5b7919c541441176c364752de047f9ecb20
|
| |
| |
| |
| | |
Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
|
| |
| |
| |
| |
| |
| |
| |
| | |
It turns out the standard explicitly states that if the pointer is
null, the deleter function won't be called. So it doesn't matter that
fclose(3) doesn't accept null.
Change-Id: I10e6e0d62209ec03ac60e673edd46f32ba279a04
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch removes costly O_SYNC flag for encrypted block device.
After writing whole decrypted blocks, fsync should guarantee their consistency
from further power failures.
This patch reduces the elapsed time significantly consumed by upgrading packages
on an encrypted partition, so that it could avoid another time-out failures too.
Change-Id: I1fb9022c83ecc00bad09d107fc87a6a09babb0ec
Signed-off-by: Jaegeuk Kim <jaegeuk@motorola.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move uncrypt from /init.rc to /system/etc/init/uncrypt.rc using the
LOCAL_INIT_RC mechanism
Bug 23186545
Change-Id: Ib8cb6dffd2212f524298279787fd557bc84aa7b9
|
| |
| |
| |
| |
| |
| |
| |
| | |
Clean up leaky file descriptors in uncrypt/uncrypt.cpp. Add unique_fd
for open() and unique_file for fopen() to close FDs on destruction.
Bug: 21496020
Change-Id: I0174db0de9d5f59cd43b44757b8ef0f5912c91a2
|
| |
| |
| |
| |
| |
| | |
Bug: 22534003
Change-Id: I2bc22418c416491da573875dce78daed24f2c046
(cherry picked from commit 6e9dda70cb00dd1f1948e071d7df7ca6e2bd8332)
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When it reboots into recovery for a factory reset, it still needs to
write the uncrypt status (-1) to the pipe.
Bug: 21511893
(cherry picked from commit 2c2cae8a4a18b85043bb6260a59ac7d1589016bf)
Change-Id: Ia5a75c5edf3afbd916153da1b4de4db2f00d0209
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
uncrypt needs to be triggered to prepare the OTA package before
rebooting into the recovery. Separate uncrypt into two modes. In
mode 1, it uncrypts the OTA package, but will not reboot the
device. In mode 2, it wipes the /misc partition and reboots.
Needs matching changes in frameworks/base, system/core and
external/sepolicy to work properly.
Bug: 20012567
Bug: 20949086
(cherry picked from commit 158e11d6738a751b754d09df7275add589c31191)
Change-Id: I349f6d368a0d6f6ee4332831c4cd4075a47426ff
|
| |
| |
| |
| |
| |
| | |
And a few trival fixes to suppress warnings.
Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
|
| |
| |
| |
| | |
Change-Id: I77564fe5c59e604f1377b278681b7d1bff53a77a
|
| |
| |
| |
| |
| |
| | |
Also apply some trivial changes like int -> bool and clean-ups.
Change-Id: Ic55fc8b82d7e91b321f69d10175be23d5c04eb92
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix the accidental change of behavior in [1]. OTA packages not on /data
partition should still go through the path that has validity checks and
wipe_misc() steps.
[1]: commit eaf33654c1817bd665831a13c5bd0c04daabee02.
Change-Id: Ice9a049f6259cd2368d2fb95a991f8a6a0120bdd
|
| |
| |
| |
| |
| |
| |
| | |
Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek.
Bug: http://b/20625546
Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In order to maintain compatibility with older trees, we now have
minadbd.old and minui.old. I had to use a TARGET_GLOBAL_CFLAG to
handle ifdef issues in minui/minui.d because healthd includes
minui/minui.h and there was no other alternative to make minui.h
compatible with older trees without having to modify healthd rules
which is outside of TWRP.
Note that the new minui does not currently have support for qcom
overlay graphics. Support for this graphics mode will likely be
added in a later patch set. If you are building in a 6.0 tree and
have a device that needs qcom overlay graphics, be warned, as off
mode charging may not work properly. A dead battery in this case
could potentially brick your device if it is unable to charge as
healthd handles charging duties.
Update rules for building toolbox and add rules for making toybox
Use permissive.sh in init.rc which will follow symlinks so we do
not have to worry about what binary is supplying the setenforce
functionality (toolbox, toybox, or busybox).
Fix a few warnings in the main recovery binary source code.
Fix a few includes that were missing that prevented compiling in
6.0
Change-Id: Ia67aa2107d260883da5e365475a19bea538e8b97
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When it reboots into recovery for a factory reset, it still needs to
write the uncrypt status (-1) to the pipe.
Bug: 21511893
Change-Id: I1a725820f1e1875146e49b5a6f28af2fbf284fc7
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
uncrypt needs to be triggered to prepare the OTA package before
rebooting into the recovery. Separate uncrypt into two modes. In
mode 1, it uncrypts the OTA package, but will not reboot the
device. In mode 2, it wipes the /misc partition and reboots.
Needs matching changes in frameworks/base, system/core and
external/sepolicy to work properly.
Bug: 20012567
Bug: 20949086
Change-Id: I14d25cb62770dd405cb56824d05d649c3a94f315
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also apply some trivial changes like int -> bool and clean-ups.
Change-Id: I5c6c42d34965305c394f4f2de78487bd1174992a
(cherry picked from commit 381f455cac0905b023dde79625b06c27b6165dd0)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix the accidental change of behavior in [1]. OTA packages not on /data
partition should still go through the path that has validity checks and
wipe_misc() steps.
[1]: commit eaf33654c1817bd665831a13c5bd0c04daabee02.
Change-Id: I3e86e19f06603bfe6ecc691c9aa66a8a8a79c5fb
(cherry picked from commit fb4ccef1df4f0bd8fa830c750f2970dd2df9e51b)
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek.
Bug: http://b/20625546
Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
(cherry picked from commit 7bad7c4646ee8fd8d6e6ed0ffd3ddbb0c1b41a2f)
|
| |\
| | |
| | |
| | |
| | | |
* commit 'aeecac5444ce55d2e82ee1b2aa35ff61a038c14e':
Add missing includes.
|
| | |
| | |
| | |
| | | |
Change-Id: I06ea08400efa511e627be37a4fd70fbdfadea2e6
|
| |\|
| | |
| | |
| | |
| | | |
* commit '538d7d838d82e29c738145431aa64c587dc84943':
Fix missing #includes in bootable/recovery.
|
| | |
| | |
| | |
| | | |
Change-Id: I58dfbac6ca1aa80d3659f53a8fad1bbbbdc9b941
|
|\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Android 5.1.0 release 1
Conflicts:
minui/graphics_fbdev.c
recovery.cpp
Change-Id: Iff8a34fa59d93fb1165e06fef1fafd50292324f0
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Factory reset fails if there is no file, for example, RECOVERY_COMMAND_FILE_TMP.
So create file as adding O_CREAT option if it does not exist.
error log:
--------- beginning of crash
12-10 02:35:17.190 3059 3059 F libc : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x30 in tid 3059 (uncrypt)
12-10 02:35:17.296 766 1528 W NativeCrashListener: Couldn't find ProcessRecord for pid 3059
12-10 02:35:17.296 191 191 I DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
12-10 02:35:17.296 191 191 E DEBUG : AM write failure (32 / Broken pipe)
12-10 02:35:17.296 191 191 I DEBUG : Build fingerprint: 'Android/aosp_hammerhead/hammerhead:5.1/LMP/hopemini12052127:userdebug/test-keys'
12-10 02:35:17.296 191 191 I DEBUG : Revision: '10'
12-10 02:35:17.297 191 191 I DEBUG : ABI: 'arm'
12-10 02:35:17.297 191 191 I DEBUG : pid: 3059, tid: 3059, name: uncrypt >>> /system/bin/uncrypt <<<
12-10 02:35:17.297 191 191 I DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x30
12-10 02:35:17.302 191 191 I DEBUG : r0 00000001 r1 be94b690 r2 fffffe90 r3 b6fdbf7c
12-10 02:35:17.302 191 191 I DEBUG : r4 00000000 r5 00000000 r6 b6fd8ca4 r7 be94b67c
12-10 02:35:17.302 191 191 I DEBUG : r8 00000000 r9 ffffffff sl b6ff582b fp be94b68d
12-10 02:35:17.302 191 191 I DEBUG : ip b6fcfd08 sp be94b648 lr b6f98fe5 pc b6f98fe4 cpsr 20070030
12-10 02:35:17.303 191 191 I DEBUG :
12-10 02:35:17.303 191 191 I DEBUG : backtrace:
12-10 02:35:17.303 191 191 I DEBUG : #00 pc 00032fe4 /system/lib/libc.so (fputs+29)
12-10 02:35:17.303 191 191 I DEBUG : #01 pc 000016a1 /system/bin/uncrypt
12-10 02:35:17.303 191 191 I DEBUG : #02 pc 0000114b /system/bin/uncrypt
12-10 02:35:17.303 191 191 I DEBUG : #03 pc 00012df5 /system/lib/libc.so (__libc_init+44)
12-10 02:35:17.303 191 191 I DEBUG : #04 pc 000013cc /system/bin/uncrypt
12-10 02:35:17.325 191 191 I DEBUG :
12-10 02:35:17.325 191 191 I DEBUG : Tombstone written to: /data/tombstones/tombstone_00
Bug: 18709330
Change-Id: Ib5dccdd366e829049938a188ea5f98d9e4e282db
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
This should reduce errors if the device reboots before the blocks
are commited to disk.
Bug: 18481902
Change-Id: I13cda1c78955e4c83522fbcf87ddb16cc9f97683
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Migrate previous minzip to minzipold replacing the existing
minzipold. This will break compatibility with trees that do not
support selinux (ICS and older). Migrate former verifier files to
verifierold.
Add fuse.h to recovery source because older trees do not have it.
Add LOCAL_MODULE_TAGS where needed for 4.1 tree.
Change-Id: Iade57cb2b0115af7fce9f56aa98636b1744a1ef4
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will probably not compile and may need additional work.
For tracking purposes so we know what might still need looking at
as none of this has been compiled and tested, here is a list of
the merge conflicts that I attempted to fix before pushing this
set of changes:
git pull aosp lollipop-release
remote: Finding sources: 100% (992/992)
remote: Total 992 (delta 473), reused 992 (delta 473)
Receiving objects: 100% (992/992), 1.51 MiB | 516.00 KiB/s, done.
Resolving deltas: 100% (473/473), completed with 42 local objects.
From https://android.googlesource.com/platform/bootable/recovery
* branch lollipop-release -> FETCH_HEAD
* [new branch] lollipop-release -> aosp/lollipop-release
Auto-merging verifier_test.cpp
CONFLICT (content): Merge conflict in verifier_test.cpp
Auto-merging verifier.h
CONFLICT (content): Merge conflict in verifier.h
Auto-merging verifier.cpp
CONFLICT (content): Merge conflict in verifier.cpp
Auto-merging updater/updater.c
Auto-merging updater/install.c
CONFLICT (content): Merge conflict in updater/install.c
Auto-merging updater/Android.mk
CONFLICT (content): Merge conflict in updater/Android.mk
Auto-merging uncrypt/Android.mk
CONFLICT (content): Merge conflict in uncrypt/Android.mk
Auto-merging ui.cpp
CONFLICT (content): Merge conflict in ui.cpp
Auto-merging screen_ui.cpp
Auto-merging roots.cpp
CONFLICT (content): Merge conflict in roots.cpp
CONFLICT (rename/delete): res-hdpi/images/progress_fill.png deleted
in HEAD and renamed in cddb68b5eafbeba696d5276bda1f1a9f70bbde42.
Version cddb68b5eafbeba696d5276bda1f1a9f70bbde42 of
res-hdpi/images/progress_fill.png left in tree.
CONFLICT (rename/delete): res-hdpi/images/progress_empty.png deleted
in HEAD and renamed in cddb68b5eafbeba696d5276bda1f1a9f70bbde42.
Version cddb68b5eafbeba696d5276bda1f1a9f70bbde42 of
res-hdpi/images/progress_empty.png left in tree.
CONFLICT (rename/delete): res-hdpi/images/icon_error.png deleted
in HEAD and renamed in cddb68b5eafbeba696d5276bda1f1a9f70bbde42.
Version cddb68b5eafbeba696d5276bda1f1a9f70bbde42 of
res-hdpi/images/icon_error.png left in tree.
Auto-merging recovery.cpp
CONFLICT (content): Merge conflict in recovery.cpp
Auto-merging minui/resources.c
CONFLICT (content): Merge conflict in minui/resources.c
Auto-merging minui/minui.h
CONFLICT (content): Merge conflict in minui/minui.h
Auto-merging minui/graphics.c
CONFLICT (content): Merge conflict in minui/graphics.c
Auto-merging minui/Android.mk
CONFLICT (content): Merge conflict in minui/Android.mk
Removing minelf/Retouch.h
Removing minelf/Retouch.c
Auto-merging minadbd/usb_linux_client.c
CONFLICT (content): Merge conflict in minadbd/usb_linux_client.c
Auto-merging minadbd/adb.h
CONFLICT (content): Merge conflict in minadbd/adb.h
Auto-merging minadbd/adb.c
CONFLICT (content): Merge conflict in minadbd/adb.c
Auto-merging minadbd/Android.mk
CONFLICT (content): Merge conflict in minadbd/Android.mk
Removing make-overlay.py
Auto-merging install.h
CONFLICT (content): Merge conflict in install.h
Auto-merging etc/init.rc
CONFLICT (content): Merge conflict in etc/init.rc
Auto-merging bootloader.h
Auto-merging applypatch/applypatch.c
Auto-merging applypatch/Android.mk
CONFLICT (content): Merge conflict in applypatch/Android.mk
Auto-merging adb_install.cpp
CONFLICT (content): Merge conflict in adb_install.cpp
Auto-merging Android.mk
CONFLICT (content): Merge conflict in Android.mk
Automatic merge failed; fix conflicts and then commit the result.
Change-Id: I3e0e03e48ad8550912111c7a5c9a140ed0267e2c
|
|
|
|
|
|
|
|
| |
Always create the block map for packages on /data; don't only look at
the encryptable/encrypted flags.
Bug: 17395453
Change-Id: Iaa7643a32898328277841e324305b9419a9e071c
|
|
|
|
|
|
|
|
|
|
| |
Opening the misc block device in read-write mode runs afoul of
SELinux, which keeps the wipe code from working. Fix. Also change
various things to log to logcat so we can see them happening, for
future debugging.
Bug: 16715412
Change-Id: Ia14066f0a371cd605fcb544547b58a41acca70b9
|
|
|
|
|
|
|
|
|
|
|
| |
Something is leaving behind wipe commands in the BCB area of the /misc
partition. We don't know what is doing that. It should always be
safe to zero out that area from uncrypt, though (because if uncrypt is
running then it's got the command we want in the recovery command file
rather than the BCB).
Bug: 16715412
Change-Id: Iad01124287f13b80ff71d6371db6371f43c43211
|
|
|
|
|
| |
Bug: 17029174, 17015157
Change-Id: I1d24f3402875dfb972daa6daef0f385baeff84e9
|
|
|
|
|
| |
Bug: 17015157
Change-Id: I3c4bdcf4f11d44b617bb731a48413e3707044d1c
|
|
|
|
|
|
|
| |
If recovery is invoked with a package somewhere other than /data,
leave it alone.
Change-Id: Ief358b53df467ae24a65e30e7a631da59bf13683
|
|
|
|
| |
Change-Id: Ie88c49dea13cce5f4eb428e97f5a0956f2656a30
|
|
|
|
|
|
|
|
|
| |
When going into recovery mode withoug recovery command file present, uncrypt crashes
and the device gets stuck and eventually shuts down.
Check that the command file is present before trying to read from it.
Change-Id: If0192d597032be0067738e437188d92993ce56f7
|
|
uncrypt can read a file on an encrypted filesystem and rewrite it to
the same blocks on the underlying (unencrypted) block device. This
destroys the contents of the file as far as the encrypted filesystem
is concerned, but allows the data to be read without the encryption
key if you know which blocks of the raw device to access. uncrypt
produces a "block map" file which lists the blocks that contain the file.
For unencrypted filesystem, uncrypt will produce the block map without
touching the data.
Bug: 12188746
Change-Id: Ib7259b9e14dac8af406796b429d58378a00c7c63
|