From ba45ddf37cf4543143af6b2e27fc1214f3dbe892 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Mon, 27 Apr 2015 18:39:27 -0700 Subject: Stop using adb_strtok, and check argument validity. Change-Id: I323ffda71b82cc939aed446f9c9fb86ca78df153 --- minadbd/services.cpp | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/minadbd/services.cpp b/minadbd/services.cpp index a83256796..dd1fd7c4b 100644 --- a/minadbd/services.cpp +++ b/minadbd/services.cpp @@ -43,15 +43,16 @@ void* service_bootstrap_func(void* x) { return 0; } -static void sideload_host_service(int sfd, void* cookie) { - char* saveptr; - const char* s = adb_strtok_r(reinterpret_cast(cookie), ":", &saveptr); - uint64_t file_size = strtoull(s, NULL, 10); - s = adb_strtok_r(NULL, ":", &saveptr); - uint32_t block_size = strtoul(s, NULL, 10); - - printf("sideload-host file size %" PRIu64 " block size %" PRIu32 "\n", - file_size, block_size); +static void sideload_host_service(int sfd, void* data) { + const char* args = reinterpret_cast(data); + int file_size; + int block_size; + if (sscanf(args, "%d:%d", &file_size, &block_size) != 2) { + printf("bad sideload-host arguments: %s\n", args); + exit(1); + } + + printf("sideload-host file size %d block size %d\n", file_size, block_size); int result = run_adb_fuse(sfd, file_size, block_size); -- cgit v1.2.3 From 7bad7c4646ee8fd8d6e6ed0ffd3ddbb0c1b41a2f Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Tue, 28 Apr 2015 17:24:24 -0700 Subject: Check all lseek calls succeed. Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek. Bug: http://b/20625546 Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b --- adb_install.cpp | 2 +- applypatch/applypatch.c | 51 +++++++++++++++++++++-------------------- fuse_sdcard_provider.c | 16 ++++++------- fuse_sideload.c | 16 ++++++------- minui/events.cpp | 3 ++- minzip/SysUtil.c | 10 ++++---- minzip/Zip.c | 6 ++--- mtdutils/flash_image.c | 8 +++---- mtdutils/mtdutils.c | 54 ++++++++++++++++++-------------------------- mtdutils/mtdutils.h | 2 -- tools/ota/check-lost+found.c | 2 +- ui.cpp | 2 +- uncrypt/uncrypt.c | 20 +++++++++------- updater/blockimg.c | 48 ++++++++++++++++----------------------- 14 files changed, 112 insertions(+), 128 deletions(-) diff --git a/adb_install.cpp b/adb_install.cpp index ebd4cac00..e3b94ea59 100644 --- a/adb_install.cpp +++ b/adb_install.cpp @@ -42,7 +42,7 @@ set_usb_driver(bool enabled) { ui->Print("failed to open driver control: %s\n", strerror(errno)); return; } - if (write(fd, enabled ? "1" : "0", 1) < 0) { + if (TEMP_FAILURE_RETRY(write(fd, enabled ? "1" : "0", 1)) == -1) { ui->Print("failed to set driver control: %s\n", strerror(errno)); } if (close(fd) < 0) { diff --git a/applypatch/applypatch.c b/applypatch/applypatch.c index 2c86e0984..6f02a38ee 100644 --- a/applypatch/applypatch.c +++ b/applypatch/applypatch.c @@ -422,20 +422,19 @@ int WriteToPartition(unsigned char* data, size_t len, int attempt; for (attempt = 0; attempt < 2; ++attempt) { - lseek(fd, start, SEEK_SET); + if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1) { + printf("failed seek on %s: %s\n", + partition, strerror(errno)); + return -1; + } while (start < len) { size_t to_write = len - start; if (to_write > 1<<20) to_write = 1<<20; - ssize_t written = write(fd, data+start, to_write); - if (written < 0) { - if (errno == EINTR) { - written = 0; - } else { - printf("failed write writing to %s (%s)\n", - partition, strerror(errno)); - return -1; - } + ssize_t written = TEMP_FAILURE_RETRY(write(fd, data+start, to_write)); + if (written == -1) { + printf("failed write writing to %s: %s\n", partition, strerror(errno)); + return -1; } start += written; } @@ -460,13 +459,20 @@ int WriteToPartition(unsigned char* data, size_t len, // won't just be reading the cache. sync(); int dc = open("/proc/sys/vm/drop_caches", O_WRONLY); - write(dc, "3\n", 2); + if (TEMP_FAILURE_RETRY(write(dc, "3\n", 2)) == -1) { + printf("write to /proc/sys/vm/drop_caches failed: %s\n", strerror(errno)); + } else { + printf(" caches dropped\n"); + } close(dc); sleep(1); - printf(" caches dropped\n"); // verify - lseek(fd, 0, SEEK_SET); + if (TEMP_FAILURE_RETRY(lseek(fd, 0, SEEK_SET)) == -1) { + printf("failed to seek back to beginning of %s: %s\n", + partition, strerror(errno)); + return -1; + } unsigned char buffer[4096]; start = len; size_t p; @@ -476,15 +482,12 @@ int WriteToPartition(unsigned char* data, size_t len, size_t so_far = 0; while (so_far < to_read) { - ssize_t read_count = read(fd, buffer+so_far, to_read-so_far); - if (read_count < 0) { - if (errno == EINTR) { - read_count = 0; - } else { - printf("verify read error %s at %zu: %s\n", - partition, p, strerror(errno)); - return -1; - } + ssize_t read_count = + TEMP_FAILURE_RETRY(read(fd, buffer+so_far, to_read-so_far)); + if (read_count == -1) { + printf("verify read error %s at %zu: %s\n", + partition, p, strerror(errno)); + return -1; } if ((size_t)read_count < to_read) { printf("short verify read %s at %zu: %zd %zu %s\n", @@ -625,8 +628,8 @@ ssize_t FileSink(const unsigned char* data, ssize_t len, void* token) { ssize_t done = 0; ssize_t wrote; while (done < (ssize_t) len) { - wrote = write(fd, data+done, len-done); - if (wrote <= 0) { + wrote = TEMP_FAILURE_RETRY(write(fd, data+done, len-done)); + if (wrote == -1) { printf("error writing %d bytes: %s\n", (int)(len-done), strerror(errno)); return done; } diff --git a/fuse_sdcard_provider.c b/fuse_sdcard_provider.c index ca8c914f9..4565c7b5b 100644 --- a/fuse_sdcard_provider.c +++ b/fuse_sdcard_provider.c @@ -36,19 +36,17 @@ struct file_data { static int read_block_file(void* cookie, uint32_t block, uint8_t* buffer, uint32_t fetch_size) { struct file_data* fd = (struct file_data*)cookie; - if (lseek(fd->fd, block * fd->block_size, SEEK_SET) < 0) { - printf("seek on sdcard failed: %s\n", strerror(errno)); + off64_t offset = ((off64_t) block) * fd->block_size; + if (TEMP_FAILURE_RETRY(lseek64(fd->fd, offset, SEEK_SET)) == -1) { + fprintf(stderr, "seek on sdcard failed: %s\n", strerror(errno)); return -EIO; } while (fetch_size > 0) { - ssize_t r = read(fd->fd, buffer, fetch_size); - if (r < 0) { - if (r != -EINTR) { - printf("read on sdcard failed: %s\n", strerror(errno)); - return -EIO; - } - r = 0; + ssize_t r = TEMP_FAILURE_RETRY(read(fd->fd, buffer, fetch_size)); + if (r == -1) { + fprintf(stderr, "read on sdcard failed: %s\n", strerror(errno)); + return -EIO; } fetch_size -= r; buffer += r; diff --git a/fuse_sideload.c b/fuse_sideload.c index 1dd84e97a..48e6cc53a 100644 --- a/fuse_sideload.c +++ b/fuse_sideload.c @@ -442,14 +442,12 @@ int run_fuse_sideload(struct provider_vtab* vtab, void* cookie, } uint8_t request_buffer[sizeof(struct fuse_in_header) + PATH_MAX*8]; for (;;) { - ssize_t len = read(fd.ffd, request_buffer, sizeof(request_buffer)); - if (len < 0) { - if (errno != EINTR) { - perror("read request"); - if (errno == ENODEV) { - result = -1; - break; - } + ssize_t len = TEMP_FAILURE_RETRY(read(fd.ffd, request_buffer, sizeof(request_buffer))); + if (len == -1) { + perror("read request"); + if (errno == ENODEV) { + result = -1; + break; } continue; } @@ -508,7 +506,7 @@ int run_fuse_sideload(struct provider_vtab* vtab, void* cookie, outhdr.len = sizeof(outhdr); outhdr.error = result; outhdr.unique = hdr->unique; - write(fd.ffd, &outhdr, sizeof(outhdr)); + TEMP_FAILURE_RETRY(write(fd.ffd, &outhdr, sizeof(outhdr))); } } diff --git a/minui/events.cpp b/minui/events.cpp index 2d47a587f..3b2262a4b 100644 --- a/minui/events.cpp +++ b/minui/events.cpp @@ -15,6 +15,7 @@ */ #include +#include #include #include #include @@ -165,7 +166,7 @@ void ev_dispatch(void) { int ev_get_input(int fd, uint32_t epevents, input_event* ev) { if (epevents & EPOLLIN) { - ssize_t r = read(fd, ev, sizeof(*ev)); + ssize_t r = TEMP_FAILURE_RETRY(read(fd, ev, sizeof(*ev))); if (r == sizeof(*ev)) { return 0; } diff --git a/minzip/SysUtil.c b/minzip/SysUtil.c index ac6f5c33f..b160c9e3d 100644 --- a/minzip/SysUtil.c +++ b/minzip/SysUtil.c @@ -27,11 +27,13 @@ static int getFileStartAndLength(int fd, off_t *start_, size_t *length_) assert(start_ != NULL); assert(length_ != NULL); - start = lseek(fd, 0L, SEEK_CUR); - end = lseek(fd, 0L, SEEK_END); - (void) lseek(fd, start, SEEK_SET); + // TODO: isn't start always 0 for the single call site? just use fstat instead? - if (start == (off_t) -1 || end == (off_t) -1) { + start = TEMP_FAILURE_RETRY(lseek(fd, 0L, SEEK_CUR)); + end = TEMP_FAILURE_RETRY(lseek(fd, 0L, SEEK_END)); + + if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1 || + start == (off_t) -1 || end == (off_t) -1) { LOGE("could not determine length of file\n"); return -1; } diff --git a/minzip/Zip.c b/minzip/Zip.c index d3ff79be6..40712e03a 100644 --- a/minzip/Zip.c +++ b/minzip/Zip.c @@ -675,13 +675,11 @@ static bool writeProcessFunction(const unsigned char *data, int dataLen, } ssize_t soFar = 0; while (true) { - ssize_t n = write(fd, data+soFar, dataLen-soFar); + ssize_t n = TEMP_FAILURE_RETRY(write(fd, data+soFar, dataLen-soFar)); if (n <= 0) { LOGE("Error writing %zd bytes from zip file from %p: %s\n", dataLen-soFar, data+soFar, strerror(errno)); - if (errno != EINTR) { - return false; - } + return false; } else if (n > 0) { soFar += n; if (soFar == dataLen) return true; diff --git a/mtdutils/flash_image.c b/mtdutils/flash_image.c index 5657dfc82..36ffa1314 100644 --- a/mtdutils/flash_image.c +++ b/mtdutils/flash_image.c @@ -72,7 +72,7 @@ int main(int argc, char **argv) { if (fd < 0) die("error opening %s", argv[2]); char header[HEADER_SIZE]; - int headerlen = read(fd, header, sizeof(header)); + int headerlen = TEMP_FAILURE_RETRY(read(fd, header, sizeof(header))); if (headerlen <= 0) die("error reading %s header", argv[2]); MtdReadContext *in = mtd_read_partition(partition); @@ -104,7 +104,7 @@ int main(int argc, char **argv) { if (wrote != headerlen) die("error writing %s", argv[1]); int len; - while ((len = read(fd, buf, sizeof(buf))) > 0) { + while ((len = TEMP_FAILURE_RETRY(read(fd, buf, sizeof(buf)))) > 0) { wrote = mtd_write_data(out, buf, len); if (wrote != len) die("error writing %s", argv[1]); } @@ -125,13 +125,13 @@ int main(int argc, char **argv) { if (mtd_partition_info(partition, NULL, &block_size, NULL)) die("error getting %s block size", argv[1]); - if (lseek(fd, headerlen, SEEK_SET) != headerlen) + if (TEMP_FAILURE_RETRY(lseek(fd, headerlen, SEEK_SET)) != headerlen) die("error rewinding %s", argv[2]); int left = block_size - headerlen; while (left < 0) left += block_size; while (left > 0) { - len = read(fd, buf, left > (int)sizeof(buf) ? (int)sizeof(buf) : left); + len = TEMP_FAILURE_RETRY(read(fd, buf, left > (int)sizeof(buf) ? (int)sizeof(buf) : left)); if (len <= 0) die("error reading %s", argv[2]); if (mtd_write_data(out, buf, len) != len) die("error writing %s", argv[1]); diff --git a/mtdutils/mtdutils.c b/mtdutils/mtdutils.c index 9a17e38d8..cc3033444 100644 --- a/mtdutils/mtdutils.c +++ b/mtdutils/mtdutils.c @@ -108,7 +108,7 @@ mtd_scan_partitions() if (fd < 0) { goto bail; } - nbytes = read(fd, buf, sizeof(buf) - 1); + nbytes = TEMP_FAILURE_RETRY(read(fd, buf, sizeof(buf) - 1)); close(fd); if (nbytes < 0) { goto bail; @@ -279,12 +279,6 @@ MtdReadContext *mtd_read_partition(const MtdPartition *partition) return ctx; } -// Seeks to a location in the partition. Don't mix with reads of -// anything other than whole blocks; unpredictable things will result. -void mtd_read_skip_to(const MtdReadContext* ctx, size_t offset) { - lseek64(ctx->fd, offset, SEEK_SET); -} - static int read_block(const MtdPartition *partition, int fd, char *data) { struct mtd_ecc_stats before, after; @@ -293,13 +287,18 @@ static int read_block(const MtdPartition *partition, int fd, char *data) return -1; } - loff_t pos = lseek64(fd, 0, SEEK_CUR); + loff_t pos = TEMP_FAILURE_RETRY(lseek64(fd, 0, SEEK_CUR)); + if (pos == -1) { + printf("mtd: read_block: couldn't SEEK_CUR: %s\n", strerror(errno)); + return -1; + } ssize_t size = partition->erase_size; int mgbb; while (pos + size <= (int) partition->size) { - if (lseek64(fd, pos, SEEK_SET) != pos || read(fd, data, size) != size) { + if (TEMP_FAILURE_RETRY(lseek64(fd, pos, SEEK_SET)) != pos || + TEMP_FAILURE_RETRY(read(fd, data, size)) != size) { printf("mtd: read error at 0x%08llx (%s)\n", pos, strerror(errno)); } else if (ioctl(fd, ECCGETSTATS, &after)) { @@ -409,8 +408,11 @@ static int write_block(MtdWriteContext *ctx, const char *data) const MtdPartition *partition = ctx->partition; int fd = ctx->fd; - off_t pos = lseek(fd, 0, SEEK_CUR); - if (pos == (off_t) -1) return 1; + off_t pos = TEMP_FAILURE_RETRY(lseek(fd, 0, SEEK_CUR)); + if (pos == (off_t) -1) { + printf("mtd: write_block: couldn't SEEK_CUR: %s\n", strerror(errno)); + return -1; + } ssize_t size = partition->erase_size; while (pos + size <= (int) partition->size) { @@ -435,15 +437,15 @@ static int write_block(MtdWriteContext *ctx, const char *data) pos, strerror(errno)); continue; } - if (lseek(fd, pos, SEEK_SET) != pos || - write(fd, data, size) != size) { + if (TEMP_FAILURE_RETRY(lseek(fd, pos, SEEK_SET)) != pos || + TEMP_FAILURE_RETRY(write(fd, data, size)) != size) { printf("mtd: write error at 0x%08lx (%s)\n", pos, strerror(errno)); } char verify[size]; - if (lseek(fd, pos, SEEK_SET) != pos || - read(fd, verify, size) != size) { + if (TEMP_FAILURE_RETRY(lseek(fd, pos, SEEK_SET)) != pos || + TEMP_FAILURE_RETRY(read(fd, verify, size)) != size) { printf("mtd: re-read error at 0x%08lx (%s)\n", pos, strerror(errno)); continue; @@ -512,8 +514,11 @@ off_t mtd_erase_blocks(MtdWriteContext *ctx, int blocks) ctx->stored = 0; } - off_t pos = lseek(ctx->fd, 0, SEEK_CUR); - if ((off_t) pos == (off_t) -1) return pos; + off_t pos = TEMP_FAILURE_RETRY(lseek(ctx->fd, 0, SEEK_CUR)); + if ((off_t) pos == (off_t) -1) { + printf("mtd_erase_blocks: couldn't SEEK_CUR: %s\n", strerror(errno)); + return -1; + } const int total = (ctx->partition->size - pos) / ctx->partition->erase_size; if (blocks < 0) blocks = total; @@ -554,18 +559,3 @@ int mtd_write_close(MtdWriteContext *ctx) free(ctx); return r; } - -/* Return the offset of the first good block at or after pos (which - * might be pos itself). - */ -off_t mtd_find_write_start(MtdWriteContext *ctx, off_t pos) { - int i; - for (i = 0; i < ctx->bad_block_count; ++i) { - if (ctx->bad_block_offsets[i] == pos) { - pos += ctx->partition->erase_size; - } else if (ctx->bad_block_offsets[i] > pos) { - return pos; - } - } - return pos; -} diff --git a/mtdutils/mtdutils.h b/mtdutils/mtdutils.h index 2708c4318..8059d6a4d 100644 --- a/mtdutils/mtdutils.h +++ b/mtdutils/mtdutils.h @@ -49,12 +49,10 @@ typedef struct MtdWriteContext MtdWriteContext; MtdReadContext *mtd_read_partition(const MtdPartition *); ssize_t mtd_read_data(MtdReadContext *, char *data, size_t data_len); void mtd_read_close(MtdReadContext *); -void mtd_read_skip_to(const MtdReadContext *, size_t offset); MtdWriteContext *mtd_write_partition(const MtdPartition *); ssize_t mtd_write_data(MtdWriteContext *, const char *data, size_t data_len); off_t mtd_erase_blocks(MtdWriteContext *, int blocks); /* 0 ok, -1 for all */ -off_t mtd_find_write_start(MtdWriteContext *ctx, off_t pos); int mtd_write_close(MtdWriteContext *); #ifdef __cplusplus diff --git a/tools/ota/check-lost+found.c b/tools/ota/check-lost+found.c index cbf792629..8ce12d39f 100644 --- a/tools/ota/check-lost+found.c +++ b/tools/ota/check-lost+found.c @@ -78,7 +78,7 @@ int main(int argc __attribute__((unused)), char **argv __attribute__((unused))) snprintf(fn, sizeof(fn), "%s/%s", kPartitions[i], "dirty"); fd = open(fn, O_WRONLY|O_CREAT, 0444); if (fd >= 0) { // Don't sweat it if we can't write the file. - write(fd, fn, sizeof(fn)); // write, you know, some data + TEMP_FAILURE_RETRY(write(fd, fn, sizeof(fn))); // write, you know, some data close(fd); unlink(fn); } diff --git a/ui.cpp b/ui.cpp index dca325fea..1a0b079cc 100644 --- a/ui.cpp +++ b/ui.cpp @@ -251,7 +251,7 @@ bool RecoveryUI::IsUsbConnected() { char buf; // USB is connected if android_usb state is CONNECTED or CONFIGURED. - int connected = (read(fd, &buf, 1) == 1) && (buf == 'C'); + int connected = (TEMP_FAILURE_RETRY(read(fd, &buf, 1)) == 1) && (buf == 'C'); if (close(fd) < 0) { printf("failed to close /sys/class/android_usb/android0/state: %s\n", strerror(errno)); diff --git a/uncrypt/uncrypt.c b/uncrypt/uncrypt.c index aa75210b0..da035dfba 100644 --- a/uncrypt/uncrypt.c +++ b/uncrypt/uncrypt.c @@ -65,12 +65,15 @@ static struct fstab* fstab = NULL; static int write_at_offset(unsigned char* buffer, size_t size, int wfd, off64_t offset) { - lseek64(wfd, offset, SEEK_SET); + if (TEMP_FAILURE_RETRY(lseek64(wfd, offset, SEEK_SET)) == -1) { + ALOGE("error seeking to offset %lld: %s\n", offset, strerror(errno)); + return -1; + } size_t written = 0; while (written < size) { - ssize_t wrote = write(wfd, buffer + written, size - written); - if (wrote < 0) { - ALOGE("error writing offset %lld: %s\n", offset, strerror(errno)); + ssize_t wrote = TEMP_FAILURE_RETRY(write(wfd, buffer + written, size - written)); + if (wrote == -1) { + ALOGE("error writing offset %lld: %s\n", (offset + written), strerror(errno)); return -1; } written += wrote; @@ -275,8 +278,9 @@ int produce_block_map(const char* path, const char* map_file, const char* blk_de if (encrypted) { size_t so_far = 0; while (so_far < sb.st_blksize && pos < sb.st_size) { - ssize_t this_read = read(fd, buffers[tail] + so_far, sb.st_blksize - so_far); - if (this_read < 0) { + ssize_t this_read = + TEMP_FAILURE_RETRY(read(fd, buffers[tail] + so_far, sb.st_blksize - so_far)); + if (this_read == -1) { ALOGE("failed to read: %s\n", strerror(errno)); return -1; } @@ -340,8 +344,8 @@ void wipe_misc() { size_t written = 0; size_t size = sizeof(zeroes); while (written < size) { - ssize_t w = write(fd, zeroes, size-written); - if (w < 0 && errno != EINTR) { + ssize_t w = TEMP_FAILURE_RETRY(write(fd, zeroes, size-written)); + if (w == -1) { ALOGE("zero write failed: %s\n", strerror(errno)); return; } else { diff --git a/updater/blockimg.c b/updater/blockimg.c index d5344f991..532e7b845 100644 --- a/updater/blockimg.c +++ b/updater/blockimg.c @@ -113,13 +113,12 @@ static int range_overlaps(RangeSet* r1, RangeSet* r2) { static int read_all(int fd, uint8_t* data, size_t size) { size_t so_far = 0; while (so_far < size) { - ssize_t r = read(fd, data+so_far, size-so_far); - if (r < 0 && errno != EINTR) { + ssize_t r = TEMP_FAILURE_RETRY(read(fd, data+so_far, size-so_far)); + if (r == -1) { fprintf(stderr, "read failed: %s\n", strerror(errno)); return -1; - } else { - so_far += r; } + so_far += r; } return 0; } @@ -127,13 +126,12 @@ static int read_all(int fd, uint8_t* data, size_t size) { static int write_all(int fd, const uint8_t* data, size_t size) { size_t written = 0; while (written < size) { - ssize_t w = write(fd, data+written, size-written); - if (w < 0 && errno != EINTR) { + ssize_t w = TEMP_FAILURE_RETRY(write(fd, data+written, size-written)); + if (w == -1) { fprintf(stderr, "write failed: %s\n", strerror(errno)); return -1; - } else { - written += w; } + written += w; } if (fsync(fd) == -1) { @@ -144,19 +142,13 @@ static int write_all(int fd, const uint8_t* data, size_t size) { return 0; } -static int check_lseek(int fd, off64_t offset, int whence) { - while (true) { - off64_t ret = lseek64(fd, offset, whence); - if (ret < 0) { - if (errno != EINTR) { - fprintf(stderr, "lseek64 failed: %s\n", strerror(errno)); - return -1; - } - } else { - break; - } +static bool check_lseek(int fd, off64_t offset, int whence) { + off64_t rc = TEMP_FAILURE_RETRY(lseek64(fd, offset, whence)); + if (rc == -1) { + fprintf(stderr, "lseek64 failed: %s\n", strerror(errno)); + return false; } - return 0; + return true; } static void allocate(size_t size, uint8_t** buffer, size_t* buffer_alloc) { @@ -213,8 +205,8 @@ static ssize_t RangeSinkWrite(const uint8_t* data, ssize_t size, void* token) { rss->p_remain = (rss->tgt->pos[rss->p_block * 2 + 1] - rss->tgt->pos[rss->p_block * 2]) * BLOCKSIZE; - if (check_lseek(rss->fd, (off64_t)rss->tgt->pos[rss->p_block*2] * BLOCKSIZE, - SEEK_SET) == -1) { + if (!check_lseek(rss->fd, (off64_t)rss->tgt->pos[rss->p_block*2] * BLOCKSIZE, + SEEK_SET)) { break; } } else { @@ -306,7 +298,7 @@ static int ReadBlocks(RangeSet* src, uint8_t* buffer, int fd) { } for (i = 0; i < src->count; ++i) { - if (check_lseek(fd, (off64_t) src->pos[i * 2] * BLOCKSIZE, SEEK_SET) == -1) { + if (!check_lseek(fd, (off64_t) src->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { return -1; } @@ -332,7 +324,7 @@ static int WriteBlocks(RangeSet* tgt, uint8_t* buffer, int fd) { } for (i = 0; i < tgt->count; ++i) { - if (check_lseek(fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET) == -1) { + if (!check_lseek(fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { return -1; } @@ -1217,7 +1209,7 @@ static int PerformCommandZero(CommandParameters* params) { if (params->canwrite) { for (i = 0; i < tgt->count; ++i) { - if (check_lseek(params->fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET) == -1) { + if (!check_lseek(params->fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { goto pczout; } @@ -1271,7 +1263,7 @@ static int PerformCommandNew(CommandParameters* params) { rss.p_block = 0; rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; - if (check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET) == -1) { + if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { goto pcnout; } @@ -1367,7 +1359,7 @@ static int PerformCommandDiff(CommandParameters* params) { rss.p_block = 0; rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; - if (check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET) == -1) { + if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { goto pcdout; } @@ -1906,7 +1898,7 @@ Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { int i, j; for (i = 0; i < rs->count; ++i) { - if (check_lseek(fd, (off64_t)rs->pos[i*2] * BLOCKSIZE, SEEK_SET) == -1) { + if (!check_lseek(fd, (off64_t)rs->pos[i*2] * BLOCKSIZE, SEEK_SET)) { ErrorAbort(state, "failed to seek %s: %s", blockdev_filename->data, strerror(errno)); goto done; -- cgit v1.2.3 From 4039933c62f52dda06e6f355cf42ac9b392d0888 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Fri, 1 May 2015 17:07:44 -0700 Subject: Move minadb over to new API. Change-Id: I889bcf2222245c7665287513669cae8831e37081 --- minadbd/Android.mk | 3 ++- minadbd/fuse_adb_provider.cpp | 21 ++++++++------------- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/minadbd/Android.mk b/minadbd/Android.mk index cbfd76e4e..8398cefe4 100644 --- a/minadbd/Android.mk +++ b/minadbd/Android.mk @@ -20,6 +20,7 @@ LOCAL_CFLAGS := $(minadbd_cflags) LOCAL_CONLY_FLAGS := -Wimplicit-function-declaration LOCAL_C_INCLUDES := bootable/recovery system/core/adb LOCAL_WHOLE_STATIC_LIBRARIES := libadbd +LOCAL_STATIC_LIBRARIES := libbase include $(BUILD_STATIC_LIBRARY) @@ -31,6 +32,6 @@ LOCAL_SRC_FILES := fuse_adb_provider_test.cpp LOCAL_CFLAGS := $(minadbd_cflags) LOCAL_C_INCLUDES := $(LOCAL_PATH) system/core/adb LOCAL_STATIC_LIBRARIES := libminadbd -LOCAL_SHARED_LIBRARIES := liblog +LOCAL_SHARED_LIBRARIES := liblog libbase include $(BUILD_NATIVE_TEST) diff --git a/minadbd/fuse_adb_provider.cpp b/minadbd/fuse_adb_provider.cpp index 5da7fd76c..d71807dfb 100644 --- a/minadbd/fuse_adb_provider.cpp +++ b/minadbd/fuse_adb_provider.cpp @@ -26,13 +26,10 @@ #include "fuse_adb_provider.h" #include "fuse_sideload.h" -int read_block_adb(void* cookie, uint32_t block, uint8_t* buffer, - uint32_t fetch_size) { - struct adb_data* ad = (struct adb_data*)cookie; +int read_block_adb(void* data, uint32_t block, uint8_t* buffer, uint32_t fetch_size) { + adb_data* ad = reinterpret_cast(data); - char buf[10]; - snprintf(buf, sizeof(buf), "%08u", block); - if (!WriteStringFully(ad->sfd, buf)) { + if (!WriteFdFmt(ad->sfd, "%08u", block)) { fprintf(stderr, "failed to write to adb host: %s\n", strerror(errno)); return -EIO; } @@ -45,20 +42,18 @@ int read_block_adb(void* cookie, uint32_t block, uint8_t* buffer, return 0; } -static void close_adb(void* cookie) { - struct adb_data* ad = (struct adb_data*)cookie; - - WriteStringFully(ad->sfd, "DONEDONE"); +static void close_adb(void* data) { + adb_data* ad = reinterpret_cast(data); + WriteFdExactly(ad->sfd, "DONEDONE"); } int run_adb_fuse(int sfd, uint64_t file_size, uint32_t block_size) { - struct adb_data ad; - struct provider_vtab vtab; - + adb_data ad; ad.sfd = sfd; ad.file_size = file_size; ad.block_size = block_size; + provider_vtab vtab; vtab.read_block = read_block_adb; vtab.close = close_adb; -- cgit v1.2.3 From 3e7d82c621240bb80f9882c64377c4f5f3d97c7b Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Fri, 1 May 2015 17:25:24 -0700 Subject: Fix minadb_test build breakage. Change-Id: I98bb900debb7d7dd57d3f8f84d605163ec192b03 --- minadbd/Android.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/minadbd/Android.mk b/minadbd/Android.mk index cbfd76e4e..083063be1 100644 --- a/minadbd/Android.mk +++ b/minadbd/Android.mk @@ -31,6 +31,6 @@ LOCAL_SRC_FILES := fuse_adb_provider_test.cpp LOCAL_CFLAGS := $(minadbd_cflags) LOCAL_C_INCLUDES := $(LOCAL_PATH) system/core/adb LOCAL_STATIC_LIBRARIES := libminadbd -LOCAL_SHARED_LIBRARIES := liblog +LOCAL_SHARED_LIBRARIES := liblog libbase include $(BUILD_NATIVE_TEST) -- cgit v1.2.3 From dbb20c48633e63c7c244e84f3fea76e083e225d7 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Fri, 1 May 2015 22:29:01 -0700 Subject: Fix mips64 minadbd_test build. Looks like the mips64 linker isn't as good as the others at GCing unused stuff, which means it needs libcutils. Change-Id: I5f768e44514350fb81e5360351db3e9cc4201702 --- minadbd/Android.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/minadbd/Android.mk b/minadbd/Android.mk index 8398cefe4..a7a3e087d 100644 --- a/minadbd/Android.mk +++ b/minadbd/Android.mk @@ -32,6 +32,6 @@ LOCAL_SRC_FILES := fuse_adb_provider_test.cpp LOCAL_CFLAGS := $(minadbd_cflags) LOCAL_C_INCLUDES := $(LOCAL_PATH) system/core/adb LOCAL_STATIC_LIBRARIES := libminadbd -LOCAL_SHARED_LIBRARIES := liblog libbase +LOCAL_SHARED_LIBRARIES := liblog libbase libcutils include $(BUILD_NATIVE_TEST) -- cgit v1.2.3 From 785d22c88cda46972331c04ebc9df97371a696da Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Mon, 4 May 2015 09:34:29 -0700 Subject: Turn on text display for debuggable builds For userdebug and eng builds, turn on the text display automatically if no command is specified. Bug: http://b/17489952 Change-Id: I3d42ba2848b968da12164ddfda915ca69dcecba1 --- recovery.cpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/recovery.cpp b/recovery.cpp index 4dd827919..65172dfcc 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -1086,6 +1086,13 @@ main(int argc, char **argv) { } else if (!just_exit) { status = INSTALL_NONE; // No command specified ui->SetBackground(RecoveryUI::NO_COMMAND); + + // http://b/17489952 + // If this is an eng or userdebug build, automatically turn on the + // text display if no command is specified. + if (is_ro_debuggable()) { + ui->ShowText(true); + } } if (!sideload_auto_reboot && (status == INSTALL_ERROR || status == INSTALL_CORRUPT)) { -- cgit v1.2.3 From bef39710ff50cedf6a4de8eb6c7802f66930aab4 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Mon, 4 May 2015 18:50:27 -0700 Subject: Keep multiple kernel logs Currently we are keeping one copy of the kernel log (LAST_KMSG_FILE). This CL changes to keep up to KEEP_LOG_COUNT copies for kernel logs. Bug: http://b/18092237 Change-Id: I1bf5e230de3efd6a48a5b2ae5a34241cb4d9ca90 --- recovery.cpp | 155 ++++++++++++++++++++++++++++------------------------------- 1 file changed, 73 insertions(+), 82 deletions(-) diff --git a/recovery.cpp b/recovery.cpp index 65172dfcc..2c78bafac 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -31,6 +31,9 @@ #include #include +#include +#include + #include "bootloader.h" #include "common.h" #include "cutils/properties.h" @@ -65,8 +68,6 @@ static const struct option OPTIONS[] = { { NULL, 0, NULL, 0 }, }; -#define LAST_LOG_FILE "/cache/recovery/last_log" - static const char *CACHE_LOG_DIR = "/cache/recovery"; static const char *COMMAND_FILE = "/cache/recovery/command"; static const char *INTENT_FILE = "/cache/recovery/intent"; @@ -78,9 +79,8 @@ static const char *SDCARD_ROOT = "/sdcard"; static const char *TEMPORARY_LOG_FILE = "/tmp/recovery.log"; static const char *TEMPORARY_INSTALL_FILE = "/tmp/last_install"; static const char *LAST_KMSG_FILE = "/cache/recovery/last_kmsg"; -#define KLOG_DEFAULT_LEN (64 * 1024) - -#define KEEP_LOG_COUNT 10 +static const char *LAST_LOG_FILE = "/cache/recovery/last_log"; +static const int KEEP_LOG_COUNT = 10; RecoveryUI* ui = NULL; char* locale = NULL; @@ -267,72 +267,55 @@ set_sdcard_update_bootloader_message() { set_bootloader_message(&boot); } -// read from kernel log into buffer and write out to file -static void -save_kernel_log(const char *destination) { - int n; - char *buffer; - int klog_buf_len; - FILE *log; - - klog_buf_len = klogctl(KLOG_SIZE_BUFFER, 0, 0); +// Read from kernel log into buffer and write out to file. +static void save_kernel_log(const char* destination) { + int klog_buf_len = klogctl(KLOG_SIZE_BUFFER, 0, 0); if (klog_buf_len <= 0) { - LOGE("Error getting klog size (%s), using default\n", strerror(errno)); - klog_buf_len = KLOG_DEFAULT_LEN; - } - - buffer = (char *)malloc(klog_buf_len); - if (!buffer) { - LOGE("Can't alloc %d bytes for klog buffer\n", klog_buf_len); - return; - } - - n = klogctl(KLOG_READ_ALL, buffer, klog_buf_len); - if (n < 0) { - LOGE("Error in reading klog (%s)\n", strerror(errno)); - free(buffer); + LOGE("Error getting klog size: %s\n", strerror(errno)); return; } - log = fopen_path(destination, "w"); - if (log == NULL) { - LOGE("Can't open %s\n", destination); - free(buffer); + std::string buffer(klog_buf_len, 0); + int n = klogctl(KLOG_READ_ALL, &buffer[0], klog_buf_len); + if (n == -1) { + LOGE("Error in reading klog: %s\n", strerror(errno)); return; } - fwrite(buffer, n, 1, log); - check_and_fclose(log, destination); - free(buffer); + buffer.resize(n); + android::base::WriteStringToFile(buffer, destination); } // How much of the temp log we have copied to the copy in cache. static long tmplog_offset = 0; -static void -copy_log_file(const char* source, const char* destination, int append) { - FILE *log = fopen_path(destination, append ? "a" : "w"); - if (log == NULL) { +static void copy_log_file(const char* source, const char* destination, bool append) { + FILE* dest_fp = fopen_path(destination, append ? "a" : "w"); + if (dest_fp == nullptr) { LOGE("Can't open %s\n", destination); } else { - FILE *tmplog = fopen(source, "r"); - if (tmplog != NULL) { + FILE* source_fp = fopen(source, "r"); + if (source_fp != nullptr) { if (append) { - fseek(tmplog, tmplog_offset, SEEK_SET); // Since last write + fseek(source_fp, tmplog_offset, SEEK_SET); // Since last write } char buf[4096]; - while (fgets(buf, sizeof(buf), tmplog)) fputs(buf, log); + size_t bytes; + while ((bytes = fread(buf, 1, sizeof(buf), source_fp)) != 0) { + fwrite(buf, 1, bytes, dest_fp); + } if (append) { - tmplog_offset = ftell(tmplog); + tmplog_offset = ftell(source_fp); } - check_and_fclose(tmplog, source); + check_and_fclose(source_fp, source); } - check_and_fclose(log, destination); + check_and_fclose(dest_fp, destination); } } -// Rename last_log -> last_log.1 -> last_log.2 -> ... -> last_log.$max -// Overwrites any existing last_log.$max. -static void rotate_last_logs(int max) { +// Rename last_log -> last_log.1 -> last_log.2 -> ... -> last_log.$max. +// Similarly rename last_kmsg -> last_kmsg.1 -> ... -> last_kmsg.$max. +// Overwrite any existing last_log.$max and last_kmsg.$max. +static void rotate_logs(int max) { // Logs should only be rotated once. static bool rotated = false; if (rotated) { @@ -340,14 +323,19 @@ static void rotate_last_logs(int max) { } rotated = true; ensure_path_mounted(LAST_LOG_FILE); + ensure_path_mounted(LAST_KMSG_FILE); - char oldfn[256]; - char newfn[256]; for (int i = max-1; i >= 0; --i) { - snprintf(oldfn, sizeof(oldfn), (i==0) ? LAST_LOG_FILE : (LAST_LOG_FILE ".%d"), i); - snprintf(newfn, sizeof(newfn), LAST_LOG_FILE ".%d", i+1); - // ignore errors - rename(oldfn, newfn); + std::string old_log = android::base::StringPrintf((i == 0) ? "%s" : "%s.%d", + LAST_LOG_FILE, i); + std::string new_log = android::base::StringPrintf("%s.%d", LAST_LOG_FILE, i+1); + // Ignore errors if old_log doesn't exist. + rename(old_log.c_str(), new_log.c_str()); + + std::string old_kmsg = android::base::StringPrintf((i == 0) ? "%s" : "%s.%d", + LAST_KMSG_FILE, i); + std::string new_kmsg = android::base::StringPrintf("%s.%d", LAST_KMSG_FILE, i+1); + rename(old_kmsg.c_str(), new_kmsg.c_str()); } } @@ -360,7 +348,7 @@ static void copy_logs() { return; } - rotate_last_logs(KEEP_LOG_COUNT); + rotate_logs(KEEP_LOG_COUNT); // Copy logs to cache so the system can find out what happened. copy_log_file(TEMPORARY_LOG_FILE, LOG_FILE, true); @@ -439,9 +427,10 @@ erase_volume(const char *volume) { saved_log_file* head = NULL; if (is_cache) { - // If we're reformatting /cache, we load any - // "/cache/recovery/last*" files into memory, so we can restore - // them after the reformat. + // If we're reformatting /cache, we load any past logs + // (i.e. "/cache/recovery/last_*") and the current log + // ("/cache/recovery/log") into memory, so we can restore them after + // the reformat. ensure_path_mounted(volume); @@ -454,7 +443,7 @@ erase_volume(const char *volume) { strcat(path, "/"); int path_len = strlen(path); while ((de = readdir(d)) != NULL) { - if (strncmp(de->d_name, "last", 4) == 0) { + if (strncmp(de->d_name, "last_", 5) == 0 || strcmp(de->d_name, "log") == 0) { saved_log_file* p = (saved_log_file*) malloc(sizeof(saved_log_file)); strcpy(path+path_len, de->d_name); p->name = strdup(path); @@ -712,38 +701,40 @@ static bool wipe_cache(bool should_confirm, Device* device) { } static void choose_recovery_file(Device* device) { - unsigned int i; - unsigned int n; - static const char** title_headers = NULL; - char *filename; - // "Go back" + LAST_KMSG_FILE + KEEP_LOG_COUNT + terminating NULL entry - char* entries[KEEP_LOG_COUNT + 3]; + // "Go back" + KEEP_LOG_COUNT * 2 + terminating nullptr entry + char* entries[KEEP_LOG_COUNT * 2 + 2]; memset(entries, 0, sizeof(entries)); - n = 0; + unsigned int n = 0; entries[n++] = strdup("Go back"); - // Add kernel kmsg file if available - if ((ensure_path_mounted(LAST_KMSG_FILE) == 0) && (access(LAST_KMSG_FILE, R_OK) == 0)) { - entries[n++] = strdup(LAST_KMSG_FILE); - } - // Add LAST_LOG_FILE + LAST_LOG_FILE.x - for (i = 0; i < KEEP_LOG_COUNT; i++) { - char *filename; - if (asprintf(&filename, (i==0) ? LAST_LOG_FILE : (LAST_LOG_FILE ".%d"), i) == -1) { + // Add LAST_KMSG_FILE + LAST_KMSG_FILE.x + for (int i = 0; i < KEEP_LOG_COUNT; i++) { + char* log_file; + if (asprintf(&log_file, (i == 0) ? "%s" : "%s.%d", LAST_LOG_FILE, i) == -1) { // memory allocation failure - return early. Should never happen. return; } - if ((ensure_path_mounted(filename) != 0) || (access(filename, R_OK) == -1)) { - free(filename); - entries[n++] = NULL; - break; + if ((ensure_path_mounted(log_file) != 0) || (access(log_file, R_OK) == -1)) { + free(log_file); + } else { + entries[n++] = log_file; + } + + char* kmsg_file; + if (asprintf(&kmsg_file, (i == 0) ? "%s" : "%s.%d", LAST_KMSG_FILE, i) == -1) { + // memory allocation failure - return early. Should never happen. + return; + } + if ((ensure_path_mounted(kmsg_file) != 0) || (access(kmsg_file, R_OK) == -1)) { + free(kmsg_file); + } else { + entries[n++] = kmsg_file; } - entries[n++] = filename; } - const char* headers[] = { "Select file to view", NULL }; + const char* headers[] = { "Select file to view", nullptr }; while (true) { int chosen_item = get_menu_selection(headers, entries, 1, 0, device); @@ -755,7 +746,7 @@ static void choose_recovery_file(Device* device) { redirect_stdio(TEMPORARY_LOG_FILE); } - for (i = 0; i < (sizeof(entries) / sizeof(*entries)); i++) { + for (size_t i = 0; i < (sizeof(entries) / sizeof(*entries)); i++) { free(entries[i]); } } -- cgit v1.2.3 From 921431ffc0dbb3e3277db1215990c693be405276 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Tue, 5 May 2015 14:37:53 -0700 Subject: Track adb_thread_create API change. Change-Id: Ia3f30f3ba85c0246d4b667fb7723cfcdce299d4a --- minadbd/services.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/minadbd/services.cpp b/minadbd/services.cpp index dd1fd7c4b..859463caf 100644 --- a/minadbd/services.cpp +++ b/minadbd/services.cpp @@ -61,8 +61,7 @@ static void sideload_host_service(int sfd, void* data) { exit(result == 0 ? 0 : 1); } -static int create_service_thread(void (*func)(int, void *), void *cookie) -{ +static int create_service_thread(void (*func)(int, void *), void *cookie) { int s[2]; if(adb_socketpair(s)) { printf("cannot create service socket pair\n"); @@ -75,8 +74,7 @@ static int create_service_thread(void (*func)(int, void *), void *cookie) sti->cookie = cookie; sti->fd = s[1]; - adb_thread_t t; - if (adb_thread_create( &t, service_bootstrap_func, sti)){ + if (!adb_thread_create(service_bootstrap_func, sti)) { free(sti); adb_close(s[0]); adb_close(s[1]); -- cgit v1.2.3 From fb4ccef1df4f0bd8fa830c750f2970dd2df9e51b Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Mon, 4 May 2015 10:10:13 -0700 Subject: uncrypt: package on non-data partition should follow the right path Fix the accidental change of behavior in [1]. OTA packages not on /data partition should still go through the path that has validity checks and wipe_misc() steps. [1]: commit eaf33654c1817bd665831a13c5bd0c04daabee02. Change-Id: Ice9a049f6259cd2368d2fb95a991f8a6a0120bdd --- uncrypt/uncrypt.c | 61 +++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 41 insertions(+), 20 deletions(-) diff --git a/uncrypt/uncrypt.c b/uncrypt/uncrypt.c index da035dfba..42ae649cc 100644 --- a/uncrypt/uncrypt.c +++ b/uncrypt/uncrypt.c @@ -159,12 +159,13 @@ const char* find_block_device(const char* path, int* encryptable, int* encrypted return NULL; } -char* parse_recovery_command_file() +// Parse the command file RECOVERY_COMMAND_FILE to find the update package +// name. If it's on the /data partition, replace the package name with the +// block map file name and store it temporarily in RECOVERY_COMMAND_FILE_TMP. +// It will be renamed to RECOVERY_COMMAND_FILE if uncrypt finishes +// successfully. +static char* find_update_package() { - char* fn = NULL; - int count = 0; - char temp[1024]; - FILE* f = fopen(RECOVERY_COMMAND_FILE, "r"); if (f == NULL) { return NULL; @@ -175,17 +176,27 @@ char* parse_recovery_command_file() return NULL; } FILE* fo = fdopen(fd, "w"); - - while (fgets(temp, sizeof(temp), f)) { - printf("read: %s", temp); - if (strncmp(temp, "--update_package=/data/", strlen("--update_package=/data/")) == 0) { - fn = strdup(temp + strlen("--update_package=")); - strcpy(temp, "--update_package=@" CACHE_BLOCK_MAP "\n"); + char* fn = NULL; + char* line = NULL; + size_t len = 0; + while (getline(&line, &len, f) != -1) { + if (strncmp(line, "--update_package=", strlen("--update_package=")) == 0) { + fn = strdup(line + strlen("--update_package=")); + // Replace the package name with block map file if it's on /data partition. + if (strncmp(fn, "/data/", strlen("/data/")) == 0) { + fputs("--update_package=@" CACHE_BLOCK_MAP "\n", fo); + continue; + } } - fputs(temp, fo); + fputs(line, fo); } + free(line); fclose(f); - fsync(fd); + if (fsync(fd) == -1) { + ALOGE("failed to fsync \"%s\": %s\n", RECOVERY_COMMAND_FILE_TMP, strerror(errno)); + fclose(fo); + return NULL; + } fclose(fo); if (fn) { @@ -244,7 +255,6 @@ int produce_block_map(const char* path, const char* map_file, const char* blk_de ALOGE("failed to open fd for reading: %s\n", strerror(errno)); return -1; } - fsync(fd); int wfd = -1; if (encrypted) { @@ -319,11 +329,17 @@ int produce_block_map(const char* path, const char* map_file, const char* blk_de fprintf(mapf, "%d %d\n", ranges[i*2], ranges[i*2+1]); } - fsync(mapfd); + if (fsync(mapfd) == -1) { + ALOGE("failed to fsync \"%s\": %s\n", map_file, strerror(errno)); + return -1; + } fclose(mapf); close(fd); if (encrypted) { - fsync(wfd); + if (fsync(wfd) == -1) { + ALOGE("failed to fsync \"%s\": %s\n", blk_dev, strerror(errno)); + return -1; + } close(wfd); } @@ -352,7 +368,11 @@ void wipe_misc() { written += w; } } - fsync(fd); + if (fsync(fd) == -1) { + ALOGE("failed to fsync \"%s\": %s\n", v->blk_device, strerror(errno)); + close(fd); + return; + } close(fd); } } @@ -383,7 +403,7 @@ int main(int argc, char** argv) map_file = argv[2]; do_reboot = 0; } else { - input_path = parse_recovery_command_file(); + input_path = find_update_package(); if (input_path == NULL) { // if we're rebooting to recovery without a package (say, // to wipe data), then we don't need to do anything before @@ -432,15 +452,16 @@ int main(int argc, char** argv) if (strncmp(path, "/data/", 6) != 0) { // path does not start with "/data/"; leave it alone. unlink(RECOVERY_COMMAND_FILE_TMP); + wipe_misc(); } else { ALOGI("writing block map %s", map_file); if (produce_block_map(path, map_file, blk_dev, encrypted) != 0) { return 1; } + wipe_misc(); + rename(RECOVERY_COMMAND_FILE_TMP, RECOVERY_COMMAND_FILE); } - wipe_misc(); - rename(RECOVERY_COMMAND_FILE_TMP, RECOVERY_COMMAND_FILE); if (do_reboot) reboot_to_recovery(); return 0; } -- cgit v1.2.3 From 381f455cac0905b023dde79625b06c27b6165dd0 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Tue, 5 May 2015 18:36:45 -0700 Subject: uncrypt: Switch to C++ Also apply some trivial changes like int -> bool and clean-ups. Change-Id: Ic55fc8b82d7e91b321f69d10175be23d5c04eb92 --- uncrypt/Android.mk | 2 +- uncrypt/uncrypt.c | 467 ---------------------------------------------------- uncrypt/uncrypt.cpp | 465 +++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 466 insertions(+), 468 deletions(-) delete mode 100644 uncrypt/uncrypt.c create mode 100644 uncrypt/uncrypt.cpp diff --git a/uncrypt/Android.mk b/uncrypt/Android.mk index 878d2757e..d832d9724 100644 --- a/uncrypt/Android.mk +++ b/uncrypt/Android.mk @@ -16,7 +16,7 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) -LOCAL_SRC_FILES := uncrypt.c +LOCAL_SRC_FILES := uncrypt.cpp LOCAL_MODULE := uncrypt diff --git a/uncrypt/uncrypt.c b/uncrypt/uncrypt.c deleted file mode 100644 index 42ae649cc..000000000 --- a/uncrypt/uncrypt.c +++ /dev/null @@ -1,467 +0,0 @@ -/* - * Copyright (C) 2014 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// This program takes a file on an ext4 filesystem and produces a list -// of the blocks that file occupies, which enables the file contents -// to be read directly from the block device without mounting the -// filesystem. -// -// If the filesystem is using an encrypted block device, it will also -// read the file and rewrite it to the same blocks of the underlying -// (unencrypted) block device, so the file contents can be read -// without the need for the decryption key. -// -// The output of this program is a "block map" which looks like this: -// -// /dev/block/platform/msm_sdcc.1/by-name/userdata # block device -// 49652 4096 # file size in bytes, block size -// 3 # count of block ranges -// 1000 1008 # block range 0 -// 2100 2102 # ... block range 1 -// 30 33 # ... block range 2 -// -// Each block range represents a half-open interval; the line "30 33" -// reprents the blocks [30, 31, 32]. -// -// Recovery can take this block map file and retrieve the underlying -// file data to use as an update package. - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define LOG_TAG "uncrypt" -#include -#include -#include - -#define WINDOW_SIZE 5 -#define RECOVERY_COMMAND_FILE "/cache/recovery/command" -#define RECOVERY_COMMAND_FILE_TMP "/cache/recovery/command.tmp" -#define CACHE_BLOCK_MAP "/cache/recovery/block.map" - -static struct fstab* fstab = NULL; - -static int write_at_offset(unsigned char* buffer, size_t size, - int wfd, off64_t offset) -{ - if (TEMP_FAILURE_RETRY(lseek64(wfd, offset, SEEK_SET)) == -1) { - ALOGE("error seeking to offset %lld: %s\n", offset, strerror(errno)); - return -1; - } - size_t written = 0; - while (written < size) { - ssize_t wrote = TEMP_FAILURE_RETRY(write(wfd, buffer + written, size - written)); - if (wrote == -1) { - ALOGE("error writing offset %lld: %s\n", (offset + written), strerror(errno)); - return -1; - } - written += wrote; - } - return 0; -} - -void add_block_to_ranges(int** ranges, int* range_alloc, int* range_used, int new_block) -{ - // If the current block start is < 0, set the start to the new - // block. (This only happens for the very first block of the very - // first range.) - if ((*ranges)[*range_used*2-2] < 0) { - (*ranges)[*range_used*2-2] = new_block; - (*ranges)[*range_used*2-1] = new_block; - } - - if (new_block == (*ranges)[*range_used*2-1]) { - // If the new block comes immediately after the current range, - // all we have to do is extend the current range. - ++(*ranges)[*range_used*2-1]; - } else { - // We need to start a new range. - - // If there isn't enough room in the array, we need to expand it. - if (*range_used >= *range_alloc) { - *range_alloc *= 2; - *ranges = realloc(*ranges, *range_alloc * 2 * sizeof(int)); - } - - ++*range_used; - (*ranges)[*range_used*2-2] = new_block; - (*ranges)[*range_used*2-1] = new_block+1; - } -} - -static struct fstab* read_fstab() -{ - fstab = NULL; - - // The fstab path is always "/fstab.${ro.hardware}". - char fstab_path[PATH_MAX+1] = "/fstab."; - if (!property_get("ro.hardware", fstab_path+strlen(fstab_path), "")) { - ALOGE("failed to get ro.hardware\n"); - return NULL; - } - - fstab = fs_mgr_read_fstab(fstab_path); - if (!fstab) { - ALOGE("failed to read %s\n", fstab_path); - return NULL; - } - - return fstab; -} - -const char* find_block_device(const char* path, int* encryptable, int* encrypted) -{ - // Look for a volume whose mount point is the prefix of path and - // return its block device. Set encrypted if it's currently - // encrypted. - int i; - for (i = 0; i < fstab->num_entries; ++i) { - struct fstab_rec* v = &fstab->recs[i]; - if (!v->mount_point) continue; - int len = strlen(v->mount_point); - if (strncmp(path, v->mount_point, len) == 0 && - (path[len] == '/' || path[len] == 0)) { - *encrypted = 0; - *encryptable = 0; - if (fs_mgr_is_encryptable(v)) { - *encryptable = 1; - char buffer[PROPERTY_VALUE_MAX+1]; - if (property_get("ro.crypto.state", buffer, "") && - strcmp(buffer, "encrypted") == 0) { - *encrypted = 1; - } - } - return v->blk_device; - } - } - - return NULL; -} - -// Parse the command file RECOVERY_COMMAND_FILE to find the update package -// name. If it's on the /data partition, replace the package name with the -// block map file name and store it temporarily in RECOVERY_COMMAND_FILE_TMP. -// It will be renamed to RECOVERY_COMMAND_FILE if uncrypt finishes -// successfully. -static char* find_update_package() -{ - FILE* f = fopen(RECOVERY_COMMAND_FILE, "r"); - if (f == NULL) { - return NULL; - } - int fd = open(RECOVERY_COMMAND_FILE_TMP, O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR); - if (fd < 0) { - ALOGE("failed to open %s\n", RECOVERY_COMMAND_FILE_TMP); - return NULL; - } - FILE* fo = fdopen(fd, "w"); - char* fn = NULL; - char* line = NULL; - size_t len = 0; - while (getline(&line, &len, f) != -1) { - if (strncmp(line, "--update_package=", strlen("--update_package=")) == 0) { - fn = strdup(line + strlen("--update_package=")); - // Replace the package name with block map file if it's on /data partition. - if (strncmp(fn, "/data/", strlen("/data/")) == 0) { - fputs("--update_package=@" CACHE_BLOCK_MAP "\n", fo); - continue; - } - } - fputs(line, fo); - } - free(line); - fclose(f); - if (fsync(fd) == -1) { - ALOGE("failed to fsync \"%s\": %s\n", RECOVERY_COMMAND_FILE_TMP, strerror(errno)); - fclose(fo); - return NULL; - } - fclose(fo); - - if (fn) { - char* newline = strchr(fn, '\n'); - if (newline) *newline = 0; - } - return fn; -} - -int produce_block_map(const char* path, const char* map_file, const char* blk_dev, - int encrypted) -{ - struct stat sb; - int ret; - - int mapfd = open(map_file, O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR); - if (mapfd < 0) { - ALOGE("failed to open %s\n", map_file); - return -1; - } - FILE* mapf = fdopen(mapfd, "w"); - - ret = stat(path, &sb); - if (ret != 0) { - ALOGE("failed to stat %s\n", path); - return -1; - } - - ALOGI(" block size: %ld bytes\n", (long)sb.st_blksize); - - int blocks = ((sb.st_size-1) / sb.st_blksize) + 1; - ALOGI(" file size: %lld bytes, %d blocks\n", (long long)sb.st_size, blocks); - - int* ranges; - int range_alloc = 1; - int range_used = 1; - ranges = malloc(range_alloc * 2 * sizeof(int)); - ranges[0] = -1; - ranges[1] = -1; - - fprintf(mapf, "%s\n%lld %lu\n", blk_dev, (long long)sb.st_size, (unsigned long)sb.st_blksize); - - unsigned char* buffers[WINDOW_SIZE]; - int i; - if (encrypted) { - for (i = 0; i < WINDOW_SIZE; ++i) { - buffers[i] = malloc(sb.st_blksize); - } - } - int head_block = 0; - int head = 0, tail = 0; - size_t pos = 0; - - int fd = open(path, O_RDONLY); - if (fd < 0) { - ALOGE("failed to open fd for reading: %s\n", strerror(errno)); - return -1; - } - - int wfd = -1; - if (encrypted) { - wfd = open(blk_dev, O_WRONLY | O_SYNC); - if (wfd < 0) { - ALOGE("failed to open fd for writing: %s\n", strerror(errno)); - return -1; - } - } - - while (pos < sb.st_size) { - if ((tail+1) % WINDOW_SIZE == head) { - // write out head buffer - int block = head_block; - ret = ioctl(fd, FIBMAP, &block); - if (ret != 0) { - ALOGE("failed to find block %d\n", head_block); - return -1; - } - add_block_to_ranges(&ranges, &range_alloc, &range_used, block); - if (encrypted) { - if (write_at_offset(buffers[head], sb.st_blksize, wfd, (off64_t)sb.st_blksize * block) != 0) { - return -1; - } - } - head = (head + 1) % WINDOW_SIZE; - ++head_block; - } - - // read next block to tail - if (encrypted) { - size_t so_far = 0; - while (so_far < sb.st_blksize && pos < sb.st_size) { - ssize_t this_read = - TEMP_FAILURE_RETRY(read(fd, buffers[tail] + so_far, sb.st_blksize - so_far)); - if (this_read == -1) { - ALOGE("failed to read: %s\n", strerror(errno)); - return -1; - } - so_far += this_read; - pos += this_read; - } - } else { - // If we're not encrypting; we don't need to actually read - // anything, just skip pos forward as if we'd read a - // block. - pos += sb.st_blksize; - } - tail = (tail+1) % WINDOW_SIZE; - } - - while (head != tail) { - // write out head buffer - int block = head_block; - ret = ioctl(fd, FIBMAP, &block); - if (ret != 0) { - ALOGE("failed to find block %d\n", head_block); - return -1; - } - add_block_to_ranges(&ranges, &range_alloc, &range_used, block); - if (encrypted) { - if (write_at_offset(buffers[head], sb.st_blksize, wfd, (off64_t)sb.st_blksize * block) != 0) { - return -1; - } - } - head = (head + 1) % WINDOW_SIZE; - ++head_block; - } - - fprintf(mapf, "%d\n", range_used); - for (i = 0; i < range_used; ++i) { - fprintf(mapf, "%d %d\n", ranges[i*2], ranges[i*2+1]); - } - - if (fsync(mapfd) == -1) { - ALOGE("failed to fsync \"%s\": %s\n", map_file, strerror(errno)); - return -1; - } - fclose(mapf); - close(fd); - if (encrypted) { - if (fsync(wfd) == -1) { - ALOGE("failed to fsync \"%s\": %s\n", blk_dev, strerror(errno)); - return -1; - } - close(wfd); - } - - return 0; -} - -void wipe_misc() { - ALOGI("removing old commands from misc"); - int i; - for (i = 0; i < fstab->num_entries; ++i) { - struct fstab_rec* v = &fstab->recs[i]; - if (!v->mount_point) continue; - if (strcmp(v->mount_point, "/misc") == 0) { - int fd = open(v->blk_device, O_WRONLY | O_SYNC); - uint8_t zeroes[1088]; // sizeof(bootloader_message) from recovery - memset(zeroes, 0, sizeof(zeroes)); - - size_t written = 0; - size_t size = sizeof(zeroes); - while (written < size) { - ssize_t w = TEMP_FAILURE_RETRY(write(fd, zeroes, size-written)); - if (w == -1) { - ALOGE("zero write failed: %s\n", strerror(errno)); - return; - } else { - written += w; - } - } - if (fsync(fd) == -1) { - ALOGE("failed to fsync \"%s\": %s\n", v->blk_device, strerror(errno)); - close(fd); - return; - } - close(fd); - } - } -} - -void reboot_to_recovery() { - ALOGI("rebooting to recovery"); - property_set("sys.powerctl", "reboot,recovery"); - sleep(10); - ALOGE("reboot didn't succeed?"); -} - -int main(int argc, char** argv) -{ - const char* input_path; - const char* map_file; - int do_reboot = 1; - - if (argc != 1 && argc != 3) { - fprintf(stderr, "usage: %s [ ]\n", argv[0]); - return 2; - } - - if (argc == 3) { - // when command-line args are given this binary is being used - // for debugging; don't reboot to recovery at the end. - input_path = argv[1]; - map_file = argv[2]; - do_reboot = 0; - } else { - input_path = find_update_package(); - if (input_path == NULL) { - // if we're rebooting to recovery without a package (say, - // to wipe data), then we don't need to do anything before - // going to recovery. - ALOGI("no recovery command file or no update package arg"); - reboot_to_recovery(); - return 1; - } - map_file = CACHE_BLOCK_MAP; - } - - ALOGI("update package is %s", input_path); - - // Turn the name of the file we're supposed to convert into an - // absolute path, so we can find what filesystem it's on. - char path[PATH_MAX+1]; - if (realpath(input_path, path) == NULL) { - ALOGE("failed to convert %s to absolute path: %s", input_path, strerror(errno)); - return 1; - } - - int encryptable; - int encrypted; - if (read_fstab() == NULL) { - return 1; - } - const char* blk_dev = find_block_device(path, &encryptable, &encrypted); - if (blk_dev == NULL) { - ALOGE("failed to find block device for %s", path); - return 1; - } - - // If the filesystem it's on isn't encrypted, we only produce the - // block map, we don't rewrite the file contents (it would be - // pointless to do so). - ALOGI("encryptable: %s\n", encryptable ? "yes" : "no"); - ALOGI(" encrypted: %s\n", encrypted ? "yes" : "no"); - - // Recovery supports installing packages from 3 paths: /cache, - // /data, and /sdcard. (On a particular device, other locations - // may work, but those are three we actually expect.) - // - // On /data we want to convert the file to a block map so that we - // can read the package without mounting the partition. On /cache - // and /sdcard we leave the file alone. - if (strncmp(path, "/data/", 6) != 0) { - // path does not start with "/data/"; leave it alone. - unlink(RECOVERY_COMMAND_FILE_TMP); - wipe_misc(); - } else { - ALOGI("writing block map %s", map_file); - if (produce_block_map(path, map_file, blk_dev, encrypted) != 0) { - return 1; - } - wipe_misc(); - rename(RECOVERY_COMMAND_FILE_TMP, RECOVERY_COMMAND_FILE); - } - - if (do_reboot) reboot_to_recovery(); - return 0; -} diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp new file mode 100644 index 000000000..11766f14c --- /dev/null +++ b/uncrypt/uncrypt.cpp @@ -0,0 +1,465 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// This program takes a file on an ext4 filesystem and produces a list +// of the blocks that file occupies, which enables the file contents +// to be read directly from the block device without mounting the +// filesystem. +// +// If the filesystem is using an encrypted block device, it will also +// read the file and rewrite it to the same blocks of the underlying +// (unencrypted) block device, so the file contents can be read +// without the need for the decryption key. +// +// The output of this program is a "block map" which looks like this: +// +// /dev/block/platform/msm_sdcc.1/by-name/userdata # block device +// 49652 4096 # file size in bytes, block size +// 3 # count of block ranges +// 1000 1008 # block range 0 +// 2100 2102 # ... block range 1 +// 30 33 # ... block range 2 +// +// Each block range represents a half-open interval; the line "30 33" +// reprents the blocks [30, 31, 32]. +// +// Recovery can take this block map file and retrieve the underlying +// file data to use as an update package. + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define LOG_TAG "uncrypt" +#include +#include +#include + +#define WINDOW_SIZE 5 +#define RECOVERY_COMMAND_FILE "/cache/recovery/command" +#define RECOVERY_COMMAND_FILE_TMP "/cache/recovery/command.tmp" +#define CACHE_BLOCK_MAP "/cache/recovery/block.map" + +static struct fstab* fstab = NULL; + +static int write_at_offset(unsigned char* buffer, size_t size, int wfd, off64_t offset) { + if (TEMP_FAILURE_RETRY(lseek64(wfd, offset, SEEK_SET)) == -1) { + ALOGE("error seeking to offset %lld: %s\n", offset, strerror(errno)); + return -1; + } + size_t written = 0; + while (written < size) { + ssize_t wrote = TEMP_FAILURE_RETRY(write(wfd, buffer + written, size - written)); + if (wrote == -1) { + ALOGE("error writing offset %lld: %s\n", (offset + written), strerror(errno)); + return -1; + } + written += wrote; + } + return 0; +} + +static void add_block_to_ranges(int** ranges, int* range_alloc, int* range_used, int new_block) { + // If the current block start is < 0, set the start to the new + // block. (This only happens for the very first block of the very + // first range.) + if ((*ranges)[*range_used*2-2] < 0) { + (*ranges)[*range_used*2-2] = new_block; + (*ranges)[*range_used*2-1] = new_block; + } + + if (new_block == (*ranges)[*range_used*2-1]) { + // If the new block comes immediately after the current range, + // all we have to do is extend the current range. + ++(*ranges)[*range_used*2-1]; + } else { + // We need to start a new range. + + // If there isn't enough room in the array, we need to expand it. + if (*range_used >= *range_alloc) { + *range_alloc *= 2; + *ranges = reinterpret_cast(realloc(*ranges, *range_alloc * 2 * sizeof(int))); + } + + ++*range_used; + (*ranges)[*range_used*2-2] = new_block; + (*ranges)[*range_used*2-1] = new_block+1; + } +} + +static struct fstab* read_fstab() { + fstab = NULL; + + // The fstab path is always "/fstab.${ro.hardware}". + char fstab_path[PATH_MAX+1] = "/fstab."; + if (!property_get("ro.hardware", fstab_path+strlen(fstab_path), "")) { + ALOGE("failed to get ro.hardware\n"); + return NULL; + } + + fstab = fs_mgr_read_fstab(fstab_path); + if (!fstab) { + ALOGE("failed to read %s\n", fstab_path); + return NULL; + } + + return fstab; +} + +static const char* find_block_device(const char* path, bool* encryptable, bool* encrypted) { + // Look for a volume whose mount point is the prefix of path and + // return its block device. Set encrypted if it's currently + // encrypted. + for (int i = 0; i < fstab->num_entries; ++i) { + struct fstab_rec* v = &fstab->recs[i]; + if (!v->mount_point) { + continue; + } + int len = strlen(v->mount_point); + if (strncmp(path, v->mount_point, len) == 0 && + (path[len] == '/' || path[len] == 0)) { + *encrypted = false; + *encryptable = false; + if (fs_mgr_is_encryptable(v)) { + *encryptable = true; + char buffer[PROPERTY_VALUE_MAX+1]; + if (property_get("ro.crypto.state", buffer, "") && + strcmp(buffer, "encrypted") == 0) { + *encrypted = true; + } + } + return v->blk_device; + } + } + + return NULL; +} + +// Parse the command file RECOVERY_COMMAND_FILE to find the update package +// name. If it's on the /data partition, replace the package name with the +// block map file name and store it temporarily in RECOVERY_COMMAND_FILE_TMP. +// It will be renamed to RECOVERY_COMMAND_FILE if uncrypt finishes +// successfully. +static char* find_update_package() +{ + FILE* f = fopen(RECOVERY_COMMAND_FILE, "r"); + if (f == NULL) { + return NULL; + } + int fd = open(RECOVERY_COMMAND_FILE_TMP, O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR); + if (fd < 0) { + ALOGE("failed to open %s\n", RECOVERY_COMMAND_FILE_TMP); + return NULL; + } + FILE* fo = fdopen(fd, "w"); + char* fn = NULL; + char* line = NULL; + size_t len = 0; + while (getline(&line, &len, f) != -1) { + if (strncmp(line, "--update_package=", strlen("--update_package=")) == 0) { + fn = strdup(line + strlen("--update_package=")); + // Replace the package name with block map file if it's on /data partition. + if (strncmp(fn, "/data/", strlen("/data/")) == 0) { + fputs("--update_package=@" CACHE_BLOCK_MAP "\n", fo); + continue; + } + } + fputs(line, fo); + } + free(line); + fclose(f); + if (fsync(fd) == -1) { + ALOGE("failed to fsync \"%s\": %s\n", RECOVERY_COMMAND_FILE_TMP, strerror(errno)); + fclose(fo); + return NULL; + } + fclose(fo); + + if (fn) { + char* newline = strchr(fn, '\n'); + if (newline) { + *newline = 0; + } + } + return fn; +} + +static int produce_block_map(const char* path, const char* map_file, const char* blk_dev, + bool encrypted) { + + int mapfd = open(map_file, O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR); + if (mapfd < 0) { + ALOGE("failed to open %s\n", map_file); + return -1; + } + FILE* mapf = fdopen(mapfd, "w"); + + struct stat sb; + int ret = stat(path, &sb); + if (ret != 0) { + ALOGE("failed to stat %s\n", path); + return -1; + } + + ALOGI(" block size: %ld bytes\n", (long)sb.st_blksize); + + int blocks = ((sb.st_size-1) / sb.st_blksize) + 1; + ALOGI(" file size: %lld bytes, %d blocks\n", (long long)sb.st_size, blocks); + + int range_alloc = 1; + int range_used = 1; + int* ranges = reinterpret_cast(malloc(range_alloc * 2 * sizeof(int))); + ranges[0] = -1; + ranges[1] = -1; + + fprintf(mapf, "%s\n%lld %lu\n", blk_dev, (long long)sb.st_size, (unsigned long)sb.st_blksize); + + unsigned char* buffers[WINDOW_SIZE]; + if (encrypted) { + for (size_t i = 0; i < WINDOW_SIZE; ++i) { + buffers[i] = reinterpret_cast(malloc(sb.st_blksize)); + } + } + int head_block = 0; + int head = 0, tail = 0; + size_t pos = 0; + + int fd = open(path, O_RDONLY); + if (fd < 0) { + ALOGE("failed to open fd for reading: %s\n", strerror(errno)); + return -1; + } + + int wfd = -1; + if (encrypted) { + wfd = open(blk_dev, O_WRONLY | O_SYNC); + if (wfd < 0) { + ALOGE("failed to open fd for writing: %s\n", strerror(errno)); + return -1; + } + } + + while (pos < sb.st_size) { + if ((tail+1) % WINDOW_SIZE == head) { + // write out head buffer + int block = head_block; + ret = ioctl(fd, FIBMAP, &block); + if (ret != 0) { + ALOGE("failed to find block %d\n", head_block); + return -1; + } + add_block_to_ranges(&ranges, &range_alloc, &range_used, block); + if (encrypted) { + if (write_at_offset(buffers[head], sb.st_blksize, wfd, + (off64_t)sb.st_blksize * block) != 0) { + return -1; + } + } + head = (head + 1) % WINDOW_SIZE; + ++head_block; + } + + // read next block to tail + if (encrypted) { + size_t so_far = 0; + while (so_far < sb.st_blksize && pos < sb.st_size) { + ssize_t this_read = + TEMP_FAILURE_RETRY(read(fd, buffers[tail] + so_far, sb.st_blksize - so_far)); + if (this_read == -1) { + ALOGE("failed to read: %s\n", strerror(errno)); + return -1; + } + so_far += this_read; + pos += this_read; + } + } else { + // If we're not encrypting; we don't need to actually read + // anything, just skip pos forward as if we'd read a + // block. + pos += sb.st_blksize; + } + tail = (tail+1) % WINDOW_SIZE; + } + + while (head != tail) { + // write out head buffer + int block = head_block; + ret = ioctl(fd, FIBMAP, &block); + if (ret != 0) { + ALOGE("failed to find block %d\n", head_block); + return -1; + } + add_block_to_ranges(&ranges, &range_alloc, &range_used, block); + if (encrypted) { + if (write_at_offset(buffers[head], sb.st_blksize, wfd, + (off64_t)sb.st_blksize * block) != 0) { + return -1; + } + } + head = (head + 1) % WINDOW_SIZE; + ++head_block; + } + + fprintf(mapf, "%d\n", range_used); + for (int i = 0; i < range_used; ++i) { + fprintf(mapf, "%d %d\n", ranges[i*2], ranges[i*2+1]); + } + + if (fsync(mapfd) == -1) { + ALOGE("failed to fsync \"%s\": %s\n", map_file, strerror(errno)); + return -1; + } + fclose(mapf); + close(fd); + if (encrypted) { + if (fsync(wfd) == -1) { + ALOGE("failed to fsync \"%s\": %s\n", blk_dev, strerror(errno)); + return -1; + } + close(wfd); + } + + return 0; +} + +static void wipe_misc() { + ALOGI("removing old commands from misc"); + for (int i = 0; i < fstab->num_entries; ++i) { + struct fstab_rec* v = &fstab->recs[i]; + if (!v->mount_point) continue; + if (strcmp(v->mount_point, "/misc") == 0) { + int fd = open(v->blk_device, O_WRONLY | O_SYNC); + uint8_t zeroes[1088]; // sizeof(bootloader_message) from recovery + memset(zeroes, 0, sizeof(zeroes)); + + size_t written = 0; + size_t size = sizeof(zeroes); + while (written < size) { + ssize_t w = TEMP_FAILURE_RETRY(write(fd, zeroes, size-written)); + if (w == -1) { + ALOGE("zero write failed: %s\n", strerror(errno)); + return; + } else { + written += w; + } + } + if (fsync(fd) == -1) { + ALOGE("failed to fsync \"%s\": %s\n", v->blk_device, strerror(errno)); + close(fd); + return; + } + close(fd); + } + } +} + +static void reboot_to_recovery() { + ALOGI("rebooting to recovery"); + property_set("sys.powerctl", "reboot,recovery"); + sleep(10); + ALOGE("reboot didn't succeed?"); +} + +int main(int argc, char** argv) +{ + const char* input_path; + const char* map_file; + bool do_reboot = true; + + if (argc != 1 && argc != 3) { + fprintf(stderr, "usage: %s [ ]\n", argv[0]); + return 2; + } + + if (argc == 3) { + // when command-line args are given this binary is being used + // for debugging; don't reboot to recovery at the end. + input_path = argv[1]; + map_file = argv[2]; + do_reboot = false; + } else { + input_path = find_update_package(); + if (input_path == NULL) { + // if we're rebooting to recovery without a package (say, + // to wipe data), then we don't need to do anything before + // going to recovery. + ALOGI("no recovery command file or no update package arg"); + reboot_to_recovery(); + return 1; + } + map_file = CACHE_BLOCK_MAP; + } + + ALOGI("update package is %s", input_path); + + // Turn the name of the file we're supposed to convert into an + // absolute path, so we can find what filesystem it's on. + char path[PATH_MAX+1]; + if (realpath(input_path, path) == NULL) { + ALOGE("failed to convert %s to absolute path: %s", input_path, strerror(errno)); + return 1; + } + + if (read_fstab() == NULL) { + return 1; + } + + bool encryptable; + bool encrypted; + const char* blk_dev = find_block_device(path, &encryptable, &encrypted); + if (blk_dev == NULL) { + ALOGE("failed to find block device for %s", path); + return 1; + } + + // If the filesystem it's on isn't encrypted, we only produce the + // block map, we don't rewrite the file contents (it would be + // pointless to do so). + ALOGI("encryptable: %s\n", encryptable ? "yes" : "no"); + ALOGI(" encrypted: %s\n", encrypted ? "yes" : "no"); + + // Recovery supports installing packages from 3 paths: /cache, + // /data, and /sdcard. (On a particular device, other locations + // may work, but those are three we actually expect.) + // + // On /data we want to convert the file to a block map so that we + // can read the package without mounting the partition. On /cache + // and /sdcard we leave the file alone. + if (strncmp(path, "/data/", 6) != 0) { + // path does not start with "/data/"; leave it alone. + unlink(RECOVERY_COMMAND_FILE_TMP); + wipe_misc(); + } else { + ALOGI("writing block map %s", map_file); + if (produce_block_map(path, map_file, blk_dev, encrypted) != 0) { + return 1; + } + wipe_misc(); + rename(RECOVERY_COMMAND_FILE_TMP, RECOVERY_COMMAND_FILE); + } + + if (do_reboot) { + reboot_to_recovery(); + } + return 0; +} -- cgit v1.2.3 From c049163234003ef463bca018920622bc8269c69b Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Wed, 6 May 2015 12:40:05 -0700 Subject: Add an alternate screen for viewing recovery logs. This makes it easier to go back and forth without losing current output. Also make the display more like regular more(1). Bug: http://b/20834540 Change-Id: Icc5703e9c8a378cc7072d8ebb79e34451267ee1b --- recovery.cpp | 9 ++--- screen_ui.cpp | 110 ++++++++++++++++++++++++++++++++++------------------------ screen_ui.h | 15 +++++--- 3 files changed, 79 insertions(+), 55 deletions(-) diff --git a/recovery.cpp b/recovery.cpp index 2c78bafac..80a8c7ba5 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -701,12 +701,11 @@ static bool wipe_cache(bool should_confirm, Device* device) { } static void choose_recovery_file(Device* device) { - // "Go back" + KEEP_LOG_COUNT * 2 + terminating nullptr entry - char* entries[KEEP_LOG_COUNT * 2 + 2]; + // "Back" + KEEP_LOG_COUNT * 2 + terminating nullptr entry + char* entries[1 + KEEP_LOG_COUNT * 2 + 1]; memset(entries, 0, sizeof(entries)); unsigned int n = 0; - entries[n++] = strdup("Go back"); // Add LAST_LOG_FILE + LAST_LOG_FILE.x // Add LAST_KMSG_FILE + LAST_KMSG_FILE.x @@ -734,11 +733,13 @@ static void choose_recovery_file(Device* device) { } } + entries[n++] = strdup("Back"); + const char* headers[] = { "Select file to view", nullptr }; while (true) { int chosen_item = get_menu_selection(headers, entries, 1, 0, device); - if (chosen_item == 0) break; + if (strcmp(entries[chosen_item], "Back") == 0) break; // TODO: do we need to redirect? ShowFile could just avoid writing to stdio. redirect_stdio("/dev/null"); diff --git a/screen_ui.cpp b/screen_ui.cpp index 5e73d37c4..ff9591514 100644 --- a/screen_ui.cpp +++ b/screen_ui.cpp @@ -58,18 +58,19 @@ ScreenRecoveryUI::ScreenRecoveryUI() : progressScopeSize(0), progress(0), pagesIdentical(false), - text(nullptr), - text_cols(0), - text_rows(0), - text_col(0), - text_row(0), - text_top(0), + text_cols_(0), + text_rows_(0), + text_(nullptr), + text_col_(0), + text_row_(0), + text_top_(0), show_text(false), show_text_ever(false), - menu(nullptr), + menu_(nullptr), show_menu(false), menu_items(0), menu_sel(0), + file_viewer_text_(nullptr), animation_fps(20), installing_frames(-1), stage(-1), @@ -255,7 +256,7 @@ void ScreenRecoveryUI::draw_screen_locked() { DrawTextLines(&y, HasThreeButtons() ? REGULAR_HELP : LONG_PRESS_HELP); SetColor(HEADER); - DrawTextLines(&y, menu_headers); + DrawTextLines(&y, menu_headers_); SetColor(MENU); DrawHorizontalRule(&y); @@ -267,10 +268,10 @@ void ScreenRecoveryUI::draw_screen_locked() { gr_fill(0, y - 2, gr_fb_width(), y + char_height + 2); // Bold white text for the selected item. SetColor(MENU_SEL_FG); - gr_text(4, y, menu[i], true); + gr_text(4, y, menu_[i], true); SetColor(MENU); } else { - gr_text(4, y, menu[i], false); + gr_text(4, y, menu_[i], false); } y += char_height + 4; } @@ -281,14 +282,14 @@ void ScreenRecoveryUI::draw_screen_locked() { // screen, the bottom of the menu, or we've displayed the // entire text buffer. SetColor(LOG); - int row = (text_top+text_rows-1) % text_rows; + int row = (text_top_ + text_rows_ - 1) % text_rows_; size_t count = 0; for (int ty = gr_fb_height() - char_height; - ty >= y && count < text_rows; + ty >= y && count < text_rows_; ty -= char_height, ++count) { - gr_text(0, ty, text[row], false); + gr_text(0, ty, text_[row], false); --row; - if (row < 0) row = text_rows-1; + if (row < 0) row = text_rows_ - 1; } } } @@ -391,14 +392,15 @@ void ScreenRecoveryUI::Init() { gr_init(); gr_font_size(&char_width, &char_height); - text_rows = gr_fb_height() / char_height; - text_cols = gr_fb_width() / char_width; + text_rows_ = gr_fb_height() / char_height; + text_cols_ = gr_fb_width() / char_width; - text = Alloc2d(text_rows, text_cols + 1); - menu = Alloc2d(text_rows, text_cols + 1); + text_ = Alloc2d(text_rows_, text_cols_ + 1); + file_viewer_text_ = Alloc2d(text_rows_, text_cols_ + 1); + menu_ = Alloc2d(text_rows_, text_cols_ + 1); - text_col = text_row = 0; - text_top = 1; + text_col_ = text_row_ = 0; + text_top_ = 1; backgroundIcon[NONE] = nullptr; LoadBitmapArray("icon_installing", &installing_frames, &installation); @@ -514,17 +516,17 @@ void ScreenRecoveryUI::Print(const char *fmt, ...) { fputs(buf, stdout); pthread_mutex_lock(&updateMutex); - if (text_rows > 0 && text_cols > 0) { + if (text_rows_ > 0 && text_cols_ > 0) { for (const char* ptr = buf; *ptr != '\0'; ++ptr) { - if (*ptr == '\n' || text_col >= text_cols) { - text[text_row][text_col] = '\0'; - text_col = 0; - text_row = (text_row + 1) % text_rows; - if (text_row == text_top) text_top = (text_top + 1) % text_rows; + if (*ptr == '\n' || text_col_ >= text_cols_) { + text_[text_row_][text_col_] = '\0'; + text_col_ = 0; + text_row_ = (text_row_ + 1) % text_rows_; + if (text_row_ == text_top_) text_top_ = (text_top_ + 1) % text_rows_; } - if (*ptr != '\n') text[text_row][text_col++] = *ptr; + if (*ptr != '\n') text_[text_row_][text_col_++] = *ptr; } - text[text_row][text_col] = '\0'; + text_[text_row_][text_col_] = '\0'; update_screen_locked(); } pthread_mutex_unlock(&updateMutex); @@ -532,21 +534,23 @@ void ScreenRecoveryUI::Print(const char *fmt, ...) { void ScreenRecoveryUI::PutChar(char ch) { pthread_mutex_lock(&updateMutex); - if (ch != '\n') text[text_row][text_col++] = ch; - if (ch == '\n' || text_col >= text_cols) { - text_col = 0; - ++text_row; + if (ch != '\n') text_[text_row_][text_col_++] = ch; + if (ch == '\n' || text_col_ >= text_cols_) { + text_col_ = 0; + ++text_row_; + + if (text_row_ == text_top_) text_top_ = (text_top_ + 1) % text_rows_; } pthread_mutex_unlock(&updateMutex); } void ScreenRecoveryUI::ClearText() { pthread_mutex_lock(&updateMutex); - text_col = 0; - text_row = 0; - text_top = 1; - for (size_t i = 0; i < text_rows; ++i) { - memset(text[i], 0, text_cols + 1); + text_col_ = 0; + text_row_ = 0; + text_top_ = 1; + for (size_t i = 0; i < text_rows_; ++i) { + memset(text_[i], 0, text_cols_ + 1); } pthread_mutex_unlock(&updateMutex); } @@ -590,12 +594,11 @@ void ScreenRecoveryUI::ShowFile(FILE* fp) { int ch = getc(fp); if (ch == EOF) { - text_row = text_top = text_rows - 2; + while (text_row_ < text_rows_ - 1) PutChar('\n'); show_prompt = true; } else { PutChar(ch); - if (text_col == 0 && text_row >= text_rows - 2) { - text_top = text_row; + if (text_col_ == 0 && text_row_ >= text_rows_ - 1) { show_prompt = true; } } @@ -608,19 +611,34 @@ void ScreenRecoveryUI::ShowFile(const char* filename) { Print(" Unable to open %s: %s\n", filename, strerror(errno)); return; } + + char** old_text = text_; + size_t old_text_col = text_col_; + size_t old_text_row = text_row_; + size_t old_text_top = text_top_; + + // Swap in the alternate screen and clear it. + text_ = file_viewer_text_; + ClearText(); + ShowFile(fp); fclose(fp); + + text_ = old_text; + text_col_ = old_text_col; + text_row_ = old_text_row; + text_top_ = old_text_top; } void ScreenRecoveryUI::StartMenu(const char* const * headers, const char* const * items, int initial_selection) { pthread_mutex_lock(&updateMutex); - if (text_rows > 0 && text_cols > 0) { - menu_headers = headers; + if (text_rows_ > 0 && text_cols_ > 0) { + menu_headers_ = headers; size_t i = 0; - for (; i < text_rows && items[i] != nullptr; ++i) { - strncpy(menu[i], items[i], text_cols-1); - menu[i][text_cols-1] = '\0'; + for (; i < text_rows_ && items[i] != nullptr; ++i) { + strncpy(menu_[i], items[i], text_cols_ - 1); + menu_[i][text_cols_ - 1] = '\0'; } menu_items = i; show_menu = true; @@ -649,7 +667,7 @@ int ScreenRecoveryUI::SelectMenu(int sel) { void ScreenRecoveryUI::EndMenu() { pthread_mutex_lock(&updateMutex); - if (show_menu && text_rows > 0 && text_cols > 0) { + if (show_menu && text_rows_ > 0 && text_cols_ > 0) { show_menu = false; update_screen_locked(); } diff --git a/screen_ui.h b/screen_ui.h index 46165d90c..ea05bf15f 100644 --- a/screen_ui.h +++ b/screen_ui.h @@ -89,18 +89,23 @@ class ScreenRecoveryUI : public RecoveryUI { // true when both graphics pages are the same (except for the progress bar). bool pagesIdentical; + size_t text_cols_, text_rows_; + // Log text overlay, displayed when a magic key is pressed. - char** text; - size_t text_cols, text_rows; - size_t text_col, text_row, text_top; + char** text_; + size_t text_col_, text_row_, text_top_; + bool show_text; bool show_text_ever; // has show_text ever been true? - char** menu; - const char* const* menu_headers; + char** menu_; + const char* const* menu_headers_; bool show_menu; int menu_items, menu_sel; + // An alternate text screen, swapped with 'text_' when we're viewing a log file. + char** file_viewer_text_; + pthread_t progress_thread_; int animation_fps; -- cgit v1.2.3 From cc08a90cab4b8e1a039ce96ff6d0124cd2c8824a Mon Sep 17 00:00:00 2001 From: Dan Albert Date: Fri, 8 May 2015 10:39:33 -0700 Subject: Fix build following adb change. Change-Id: I2e0fb7e880e205b0bca324ff53ffdb5df9e34baf --- minadbd/adb_main.cpp | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/minadbd/adb_main.cpp b/minadbd/adb_main.cpp index f6e240108..0e65386c4 100644 --- a/minadbd/adb_main.cpp +++ b/minadbd/adb_main.cpp @@ -26,13 +26,9 @@ #include "adb.h" #include "transport.h" -int adb_main(int is_daemon, int server_port) -{ - atexit(usb_cleanup); - +int adb_main(int is_daemon, int server_port) { adb_device_banner = "sideload"; - // No SIGCHLD. Let the service subproc handle its children. signal(SIGPIPE, SIG_IGN); init_transport_registration(); -- cgit v1.2.3 From 4fd3446b4e7bb962c20bea022e917a903fce74e1 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Tue, 12 May 2015 14:35:31 -0700 Subject: init sets the default PATH itself, better. This fixes 'su' and 'strace' in the recovery image. Change-Id: I83c2664d32a15da92bb6092fbdfc772184013c88 --- etc/init.rc | 1 - 1 file changed, 1 deletion(-) diff --git a/etc/init.rc b/etc/init.rc index 6c07c6027..0a4c6e9df 100644 --- a/etc/init.rc +++ b/etc/init.rc @@ -5,7 +5,6 @@ on early-init start healthd on init - export PATH /sbin:/system/bin export ANDROID_ROOT /system export ANDROID_DATA /data export EXTERNAL_STORAGE /sdcard -- cgit v1.2.3 From f2bac04e1ba0a5b79f8adbc35b493923b776f8b2 Mon Sep 17 00:00:00 2001 From: Sami Tolvanen Date: Tue, 12 May 2015 12:48:46 +0100 Subject: Add error and range checks to parse_range Only trusted input is passed to parse_range, but check for invalid input to catch possible problems in transfer lists. Bug: 21033983 Bug: 21034030 Bug: 21034172 Bug: 21034406 Change-Id: Ia17537a2d23d5f701522fbc42ed38924e1ee3366 --- updater/blockimg.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 71 insertions(+), 10 deletions(-) diff --git a/updater/blockimg.c b/updater/blockimg.c index 532e7b845..a98cdcccf 100644 --- a/updater/blockimg.c +++ b/updater/blockimg.c @@ -60,30 +60,91 @@ typedef struct { int pos[0]; } RangeSet; +#define RANGESET_MAX_POINTS \ + ((int)((INT_MAX / sizeof(int)) - sizeof(RangeSet))) + static RangeSet* parse_range(char* text) { char* save; - int num; - num = strtol(strtok_r(text, ",", &save), NULL, 0); + char* token; + int i, num; + long int val; + RangeSet* out = NULL; + size_t bufsize; - RangeSet* out = malloc(sizeof(RangeSet) + num * sizeof(int)); - if (out == NULL) { - fprintf(stderr, "failed to allocate range of %zu bytes\n", - sizeof(RangeSet) + num * sizeof(int)); - exit(1); + if (!text) { + goto err; + } + + token = strtok_r(text, ",", &save); + + if (!token) { + goto err; + } + + val = strtol(token, NULL, 0); + + if (val < 2 || val > RANGESET_MAX_POINTS) { + goto err; + } else if (val % 2) { + goto err; // must be even + } + + num = (int) val; + bufsize = sizeof(RangeSet) + num * sizeof(int); + + out = malloc(bufsize); + + if (!out) { + fprintf(stderr, "failed to allocate range of %zu bytes\n", bufsize); + goto err; } + out->count = num / 2; out->size = 0; - int i; + for (i = 0; i < num; ++i) { - out->pos[i] = strtol(strtok_r(NULL, ",", &save), NULL, 0); - if (i%2) { + token = strtok_r(NULL, ",", &save); + + if (!token) { + goto err; + } + + val = strtol(token, NULL, 0); + + if (val < 0 || val > INT_MAX) { + goto err; + } + + out->pos[i] = (int) val; + + if (i % 2) { + if (out->pos[i - 1] >= out->pos[i]) { + goto err; // empty or negative range + } + + if (out->size > INT_MAX - out->pos[i]) { + goto err; // overflow + } + out->size += out->pos[i]; } else { + if (out->size < 0) { + goto err; + } + out->size -= out->pos[i]; } } + if (out->size <= 0) { + goto err; + } + return out; + +err: + fprintf(stderr, "failed to parse range '%s'\n", text ? text : "NULL"); + exit(1); } static int range_overlaps(RangeSet* r1, RangeSet* r2) { -- cgit v1.2.3 From b47afedb42866e85b76822736d915afd371ef5f0 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Fri, 15 May 2015 16:19:20 -0700 Subject: Don't use TEMP_FAILURE_RETRY on close in recovery. Bug: http://b/20501816 Change-Id: I35efcd8dcec7a6492ba70602d380d9980cdda31f --- updater/blockimg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater/blockimg.c b/updater/blockimg.c index 532e7b845..a0e9aec6a 100644 --- a/updater/blockimg.c +++ b/updater/blockimg.c @@ -694,7 +694,7 @@ static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buf wsout: if (fd != -1) { - TEMP_FAILURE_RETRY(close(fd)); + close(fd); } if (fn) { @@ -1732,7 +1732,7 @@ pbiudone: if (fsync(params.fd) == -1) { fprintf(stderr, "fsync failed: %s\n", strerror(errno)); } - TEMP_FAILURE_RETRY(close(params.fd)); + close(params.fd); } if (logcmd) { -- cgit v1.2.3 From e49a9e527a51f43db792263bb60bfc91293848da Mon Sep 17 00:00:00 2001 From: Dan Albert Date: Tue, 19 May 2015 11:33:18 -0700 Subject: Stop using libstdc++. These are already getting libc++, so it isn't necessary. If any of the other static libraries (such as adb) use new or delete from libc++, there will be symbol collisions. Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f --- Android.mk | 2 -- applypatch/Android.mk | 4 ++-- updater/Android.mk | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/Android.mk b/Android.mk index 0484065a1..3bcbeab03 100644 --- a/Android.mk +++ b/Android.mk @@ -76,7 +76,6 @@ LOCAL_STATIC_LIBRARIES := \ libcutils \ liblog \ libselinux \ - libstdc++ \ libm \ libc @@ -119,7 +118,6 @@ LOCAL_STATIC_LIBRARIES := \ libminui \ libminzip \ libcutils \ - libstdc++ \ libc include $(BUILD_EXECUTABLE) diff --git a/applypatch/Android.mk b/applypatch/Android.mk index 4984093dd..861edd24d 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -29,7 +29,7 @@ LOCAL_SRC_FILES := main.c LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz -LOCAL_SHARED_LIBRARIES += libz libcutils libstdc++ libc +LOCAL_SHARED_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) @@ -41,7 +41,7 @@ LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += bootable/recovery LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz -LOCAL_STATIC_LIBRARIES += libz libcutils libstdc++ libc +LOCAL_STATIC_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) diff --git a/updater/Android.mk b/updater/Android.mk index ff02a33b0..57f43da96 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -32,7 +32,7 @@ endif LOCAL_STATIC_LIBRARIES += $(TARGET_RECOVERY_UPDATER_LIBS) $(TARGET_RECOVERY_UPDATER_EXTRA_LIBS) LOCAL_STATIC_LIBRARIES += libapplypatch libedify libmtdutils libminzip libz LOCAL_STATIC_LIBRARIES += libmincrypt libbz -LOCAL_STATIC_LIBRARIES += libcutils liblog libstdc++ libc +LOCAL_STATIC_LIBRARIES += libcutils liblog libc LOCAL_STATIC_LIBRARIES += libselinux tune2fs_static_libraries := \ libext2_com_err \ -- cgit v1.2.3 From 074c1c2312746aba29e1ffdf133685c8213c7378 Mon Sep 17 00:00:00 2001 From: Gaelle Nassiet Date: Wed, 27 May 2015 10:39:29 +0200 Subject: recovery: change the way of rebooting when using power key combo The power key combo allow to reboot from recovery mode by pressing power button 7 times in a row. It calls directly the function android_reboot() and lead to permission denial errors because of SE Linux rules enforcement. The right way to reboot from recovery is to set the property "sys.powerctl" and let init handle it. Change-Id: I5a6c3c49b27cef305815cef96da729390e19c9bc Signed-off-by: Gaelle Nassiet --- ui.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ui.cpp b/ui.cpp index 1a0b079cc..2b1a6af05 100644 --- a/ui.cpp +++ b/ui.cpp @@ -174,7 +174,8 @@ void RecoveryUI::ProcessKey(int key_code, int updown) { case RecoveryUI::REBOOT: if (reboot_enabled) { - android_reboot(ANDROID_RB_RESTART, 0, 0); + property_set(ANDROID_RB_PROPERTY, "reboot,"); + while(1) { pause(); } } break; -- cgit v1.2.3 From 4e92ba400930857fdeb2f5625949e6d8f55c87a9 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Wed, 27 May 2015 13:35:46 +0000 Subject: Revert "recovery: change the way of rebooting when using power key combo" code doesn't compile: bootable/recovery/ui.cpp: In member function 'void RecoveryUI::ProcessKey(int, int)': bootable/recovery/ui.cpp:177:60: error: 'property_set' was not declared in this scope property_set(ANDROID_RB_PROPERTY, "reboot,"); ^ make: *** [out/target/product/generic/obj/EXECUTABLES/recovery_intermediates/ui.o] Error 1 This reverts commit 074c1c2312746aba29e1ffdf133685c8213c7378. Change-Id: I3e0a24279e202df29308ce41eaacc86bfde89e5a --- ui.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ui.cpp b/ui.cpp index 2b1a6af05..1a0b079cc 100644 --- a/ui.cpp +++ b/ui.cpp @@ -174,8 +174,7 @@ void RecoveryUI::ProcessKey(int key_code, int updown) { case RecoveryUI::REBOOT: if (reboot_enabled) { - property_set(ANDROID_RB_PROPERTY, "reboot,"); - while(1) { pause(); } + android_reboot(ANDROID_RB_RESTART, 0, 0); } break; -- cgit v1.2.3 From e5ce2a5a10076e6f939a3736f570b48aa9a7cd24 Mon Sep 17 00:00:00 2001 From: Gaelle Nassiet Date: Wed, 27 May 2015 10:39:29 +0200 Subject: recovery: change the way of rebooting when using power key combo The power key combo allow to reboot from recovery mode by pressing power button 7 times in a row. It calls directly the function android_reboot() and lead to permission denial errors because of SE Linux rules enforcement. The right way to reboot from recovery is to set the property "sys.powerctl" and let init handle it. Change-Id: Ic7b81e446c3ee13dfbad10cda13a6a1f93123b76 Signed-off-by: Gaelle Nassiet --- ui.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ui.cpp b/ui.cpp index 1a0b079cc..d88cbfeba 100644 --- a/ui.cpp +++ b/ui.cpp @@ -28,6 +28,7 @@ #include #include +#include #include #include "common.h" @@ -174,7 +175,8 @@ void RecoveryUI::ProcessKey(int key_code, int updown) { case RecoveryUI::REBOOT: if (reboot_enabled) { - android_reboot(ANDROID_RB_RESTART, 0, 0); + property_set(ANDROID_RB_PROPERTY, "reboot,"); + while(1) { pause(); } } break; -- cgit v1.2.3 From 752386319c0d9fb7e4e429a0644086b318d3b4b5 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 27 May 2015 14:46:17 -0700 Subject: Clean up the sleep()'s after poking init services Change-Id: I77564fe5c59e604f1377b278681b7d1bff53a77a --- recovery.cpp | 19 +++++++++++-------- ui.cpp | 2 +- uncrypt/uncrypt.cpp | 12 ++++++++---- 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/recovery.cpp b/recovery.cpp index 80a8c7ba5..bfc68950c 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -31,24 +31,24 @@ #include #include +#include #include #include +#include +#include +#include "adb_install.h" #include "bootloader.h" #include "common.h" -#include "cutils/properties.h" -#include "cutils/android_reboot.h" +#include "device.h" +#include "fuse_sdcard_provider.h" +#include "fuse_sideload.h" #include "install.h" #include "minui/minui.h" #include "minzip/DirUtil.h" #include "roots.h" #include "ui.h" #include "screen_ui.h" -#include "device.h" -#include "adb_install.h" -#include "adb.h" -#include "fuse_sideload.h" -#include "fuse_sdcard_provider.h" struct selabel_handle *sehandle; @@ -1119,6 +1119,9 @@ main(int argc, char **argv) { property_set(ANDROID_RB_PROPERTY, "reboot,"); break; } - sleep(5); // should reboot before this finishes + while (true) { + pause(); + } + // Should be unreachable. return EXIT_SUCCESS; } diff --git a/ui.cpp b/ui.cpp index d88cbfeba..2efb759db 100644 --- a/ui.cpp +++ b/ui.cpp @@ -176,7 +176,7 @@ void RecoveryUI::ProcessKey(int key_code, int updown) { case RecoveryUI::REBOOT: if (reboot_enabled) { property_set(ANDROID_RB_PROPERTY, "reboot,"); - while(1) { pause(); } + while (true) { pause(); } } break; diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 11766f14c..d71271d8e 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -40,18 +40,20 @@ // file data to use as an update package. #include +#include +#include +#include #include #include #include -#include #include #include -#include -#include #include +#include #define LOG_TAG "uncrypt" #include +#include #include #include @@ -376,7 +378,9 @@ static void wipe_misc() { static void reboot_to_recovery() { ALOGI("rebooting to recovery"); property_set("sys.powerctl", "reboot,recovery"); - sleep(10); + while (true) { + pause(); + } ALOGE("reboot didn't succeed?"); } -- cgit v1.2.3 From cc2428c8181d18c9a88db908fa4eabd2db5601ad Mon Sep 17 00:00:00 2001 From: Sami Tolvanen Date: Mon, 27 Apr 2015 11:24:29 +0100 Subject: Handle BLKDISCARD failures In the block updater, if BLKDISCARD fails, the error is silently ignored and some of the blocks may not be erased. This means the target partition will have inconsistent contents. If the ioctl fails, return an error and abort the update. Bug: 20614277 Change-Id: I33867ba9337c514de8ffae59f28584b285324067 --- updater/blockimg.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/updater/blockimg.c b/updater/blockimg.c index ce6360099..42060f547 100644 --- a/updater/blockimg.c +++ b/updater/blockimg.c @@ -1485,7 +1485,6 @@ static int PerformCommandErase(CommandParameters* params) { if (!S_ISBLK(st.st_mode)) { fprintf(stderr, "not a block device; skipping erase\n"); - rc = 0; goto pceout; } @@ -1509,7 +1508,7 @@ static int PerformCommandErase(CommandParameters* params) { if (ioctl(params->fd, BLKDISCARD, &blocks) == -1) { fprintf(stderr, "BLKDISCARD ioctl failed: %s\n", strerror(errno)); - // Continue anyway, nothing we can do + goto pceout; } } } -- cgit v1.2.3 From 3b4977638f48e59d23d7ea2bb6dde78552c257fb Mon Sep 17 00:00:00 2001 From: caozhiyuan Date: Tue, 19 May 2015 17:21:00 +0800 Subject: Use f_bavail to calculate free space Failures are seen on devices with Linux 3.10. And they are mainly due to this change: https://lwn.net/Articles/546473/ The blocks reserved in this change is not the same thing as what we think are reserved for common usage of root user. And this part is included in free blocks but not in available blocks. Change-Id: Ib29e12d775b86ef657c0af7fa7a944d2b1e12dc8 --- applypatch/applypatch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applypatch/applypatch.c b/applypatch/applypatch.c index 6f02a38ee..2358d4292 100644 --- a/applypatch/applypatch.c +++ b/applypatch/applypatch.c @@ -662,7 +662,7 @@ size_t FreeSpaceForFile(const char* filename) { printf("failed to statfs %s: %s\n", filename, strerror(errno)); return -1; } - return sf.f_bsize * sf.f_bfree; + return sf.f_bsize * sf.f_bavail; } int CacheSizeCheck(size_t bytes) { -- cgit v1.2.3 From b3ac676192a093c561b7f15064cbd67733407b12 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Thu, 28 May 2015 23:06:17 -0700 Subject: Really don't use TEMP_FAILURE_RETRY with close in recovery. I missed one last time. Bug: http://b/20501816 Change-Id: I9896ee2704237d61ee169f898680761e946e0a56 --- updater/blockimg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater/blockimg.c b/updater/blockimg.c index ce6360099..54f76ffd3 100644 --- a/updater/blockimg.c +++ b/updater/blockimg.c @@ -677,7 +677,7 @@ static int LoadStash(const char* base, const char* id, int verify, int* blocks, lsout: if (fd != -1) { - TEMP_FAILURE_RETRY(close(fd)); + close(fd); } if (fn) { -- cgit v1.2.3 From b6918c7c433054ac4352d5f7746f7c2bf2971083 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Tue, 19 May 2015 17:02:16 -0700 Subject: Log update outputs in order Although stdout and stderr are both redirected to log file with no buffering, we are seeing some outputs are mixed in random order. This is because ui_print commands from the updater are passed to the recovery binary via a pipe, which may interleave with other outputs that go to stderr directly. In recovery, adding ui::PrintOnScreenOnly() function to handle ui_print command, which skips printing to stdout. Meanwhile, updater prints the contents to stderr in addition to piping them to recovery. Change-Id: Idda93ea940d2e23a0276bb8ead4aa70a3cb97700 --- install.cpp | 4 ++-- screen_ui.cpp | 35 +++++++++++++++++++++++++---------- screen_ui.h | 2 ++ ui.h | 4 +++- updater/install.c | 6 ++++++ verifier_test.cpp | 6 ++++++ 6 files changed, 44 insertions(+), 13 deletions(-) diff --git a/install.cpp b/install.cpp index c7d382f3e..7d88ed72a 100644 --- a/install.cpp +++ b/install.cpp @@ -164,9 +164,9 @@ try_update_binary(const char* path, ZipArchive* zip, bool* wipe_cache) { } else if (strcmp(command, "ui_print") == 0) { char* str = strtok(NULL, "\n"); if (str) { - ui->Print("%s", str); + ui->PrintOnScreenOnly("%s", str); } else { - ui->Print("\n"); + ui->PrintOnScreenOnly("\n"); } fflush(stdout); } else if (strcmp(command, "wipe_cache") == 0) { diff --git a/screen_ui.cpp b/screen_ui.cpp index ff9591514..ddf85c19e 100644 --- a/screen_ui.cpp +++ b/screen_ui.cpp @@ -30,8 +30,10 @@ #include -#include "base/strings.h" -#include "cutils/properties.h" +#include +#include +#include + #include "common.h" #include "device.h" #include "minui/minui.h" @@ -506,18 +508,17 @@ void ScreenRecoveryUI::SetStage(int current, int max) { pthread_mutex_unlock(&updateMutex); } -void ScreenRecoveryUI::Print(const char *fmt, ...) { - char buf[256]; - va_list ap; - va_start(ap, fmt); - vsnprintf(buf, 256, fmt, ap); - va_end(ap); +void ScreenRecoveryUI::PrintV(const char* fmt, bool copy_to_stdout, va_list ap) { + std::string str; + android::base::StringAppendV(&str, fmt, ap); - fputs(buf, stdout); + if (copy_to_stdout) { + fputs(str.c_str(), stdout); + } pthread_mutex_lock(&updateMutex); if (text_rows_ > 0 && text_cols_ > 0) { - for (const char* ptr = buf; *ptr != '\0'; ++ptr) { + for (const char* ptr = str.c_str(); *ptr != '\0'; ++ptr) { if (*ptr == '\n' || text_col_ >= text_cols_) { text_[text_row_][text_col_] = '\0'; text_col_ = 0; @@ -532,6 +533,20 @@ void ScreenRecoveryUI::Print(const char *fmt, ...) { pthread_mutex_unlock(&updateMutex); } +void ScreenRecoveryUI::Print(const char* fmt, ...) { + va_list ap; + va_start(ap, fmt); + PrintV(fmt, true, ap); + va_end(ap); +} + +void ScreenRecoveryUI::PrintOnScreenOnly(const char *fmt, ...) { + va_list ap; + va_start(ap, fmt); + PrintV(fmt, false, ap); + va_end(ap); +} + void ScreenRecoveryUI::PutChar(char ch) { pthread_mutex_lock(&updateMutex); if (ch != '\n') text_[text_row_][text_col_++] = ch; diff --git a/screen_ui.h b/screen_ui.h index ea05bf15f..8e18864d7 100644 --- a/screen_ui.h +++ b/screen_ui.h @@ -49,6 +49,7 @@ class ScreenRecoveryUI : public RecoveryUI { // printing messages void Print(const char* fmt, ...) __printflike(2, 3); + void PrintOnScreenOnly(const char* fmt, ...) __printflike(2, 3); void ShowFile(const char* filename); // menu display @@ -125,6 +126,7 @@ class ScreenRecoveryUI : public RecoveryUI { void ProgressThreadLoop(); void ShowFile(FILE*); + void PrintV(const char*, bool, va_list); void PutChar(char); void ClearText(); diff --git a/ui.h b/ui.h index 4dcaa0f8d..ca72911db 100644 --- a/ui.h +++ b/ui.h @@ -62,8 +62,10 @@ class RecoveryUI { virtual bool WasTextEverVisible() = 0; // Write a message to the on-screen log (shown if the user has - // toggled on the text display). + // toggled on the text display). Print() will also dump the message + // to stdout / log file, while PrintOnScreenOnly() not. virtual void Print(const char* fmt, ...) __printflike(2, 3) = 0; + virtual void PrintOnScreenOnly(const char* fmt, ...) __printflike(2, 3) = 0; virtual void ShowFile(const char* filename) = 0; diff --git a/updater/install.c b/updater/install.c index 01a5dd24b..da6b57782 100644 --- a/updater/install.c +++ b/updater/install.c @@ -61,6 +61,12 @@ void uiPrint(State* state, char* buffer) { line = strtok(NULL, "\n"); } fprintf(ui->cmd_pipe, "ui_print\n"); + + // The recovery will only print the contents to screen for pipe command + // ui_print. We need to dump the contents to stderr (which has been + // redirected to the log file) directly. + fprintf(stderr, buffer); + fprintf(stderr, "\n"); } __attribute__((__format__(printf, 2, 3))) __nonnull((2)) diff --git a/verifier_test.cpp b/verifier_test.cpp index 82546edce..21633dc20 100644 --- a/verifier_test.cpp +++ b/verifier_test.cpp @@ -141,6 +141,12 @@ class FakeUI : public RecoveryUI { vfprintf(stderr, fmt, ap); va_end(ap); } + void PrintOnScreenOnly(const char* fmt, ...) { + va_list ap; + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + va_end(ap); + } void ShowFile(const char*) { } void StartMenu(const char* const * headers, const char* const * items, -- cgit v1.2.3 From 1eb9003b773d7957448efab3dc1f977e55a45fb7 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 3 Jun 2015 09:49:02 -0700 Subject: Fix build: fprintf without modifier Change-Id: I66ae21a25a25fa3c70837bc54a7d406182d4cf37 --- updater/install.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/updater/install.c b/updater/install.c index da6b57782..4a0e064c3 100644 --- a/updater/install.c +++ b/updater/install.c @@ -65,8 +65,7 @@ void uiPrint(State* state, char* buffer) { // The recovery will only print the contents to screen for pipe command // ui_print. We need to dump the contents to stderr (which has been // redirected to the log file) directly. - fprintf(stderr, buffer); - fprintf(stderr, "\n"); + fprintf(stderr, "%s", buffer); } __attribute__((__format__(printf, 2, 3))) __nonnull((2)) -- cgit v1.2.3 From 80e46e08de5f65702fa7f7cd3ef83f905d919bbc Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 3 Jun 2015 10:49:29 -0700 Subject: recovery: Switch to clang And a few trival fixes to suppress warnings. Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65 --- Android.mk | 6 ++++-- adb_install.cpp | 2 +- applypatch/Android.mk | 5 +++++ edify/Android.mk | 2 ++ minadbd/Android.mk | 1 + minui/Android.mk | 1 + minzip/Android.mk | 2 ++ minzip/Zip.c | 2 -- mtdutils/Android.mk | 2 ++ recovery.cpp | 21 +++++++++++++++------ tests/Android.mk | 1 + uncrypt/Android.mk | 2 ++ updater/Android.mk | 2 ++ 13 files changed, 38 insertions(+), 11 deletions(-) diff --git a/Android.mk b/Android.mk index 3bcbeab03..cfe303082 100644 --- a/Android.mk +++ b/Android.mk @@ -14,11 +14,10 @@ LOCAL_PATH := $(call my-dir) - include $(CLEAR_VARS) LOCAL_SRC_FILES := fuse_sideload.c - +LOCAL_CLANG := true LOCAL_CFLAGS := -O2 -g -DADB_HOST=0 -Wall -Wno-unused-parameter LOCAL_CFLAGS += -D_XOPEN_SOURCE -D_GNU_SOURCE @@ -54,6 +53,7 @@ RECOVERY_API_VERSION := 3 RECOVERY_FSTAB_VERSION := 2 LOCAL_CFLAGS += -DRECOVERY_API_VERSION=$(RECOVERY_API_VERSION) LOCAL_CFLAGS += -Wno-unused-parameter +LOCAL_CLANG := true LOCAL_C_INCLUDES += \ system/vold \ @@ -97,6 +97,7 @@ include $(BUILD_EXECUTABLE) # All the APIs for testing include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_MODULE := libverifier LOCAL_MODULE_TAGS := tests LOCAL_SRC_FILES := \ @@ -104,6 +105,7 @@ LOCAL_SRC_FILES := \ include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_MODULE := verifier_test LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := tests diff --git a/adb_install.cpp b/adb_install.cpp index e3b94ea59..4cfcb2ab8 100644 --- a/adb_install.cpp +++ b/adb_install.cpp @@ -91,7 +91,7 @@ apply_from_adb(RecoveryUI* ui_, bool* wipe_cache, const char* install_file) { // FUSE_SIDELOAD_HOST_PATHNAME will start to exist once the host // connects and starts serving a package. Poll for its // appearance. (Note that inotify doesn't work with FUSE.) - int result; + int result = INSTALL_ERROR; int status; bool waited = false; struct stat st; diff --git a/applypatch/Android.mk b/applypatch/Android.mk index 861edd24d..eb3e4580e 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -13,8 +13,10 @@ # limitations under the License. LOCAL_PATH := $(call my-dir) + include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_SRC_FILES := applypatch.c bspatch.c freecache.c imgpatch.c utils.c LOCAL_MODULE := libapplypatch LOCAL_MODULE_TAGS := eng @@ -25,6 +27,7 @@ include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_SRC_FILES := main.c LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery @@ -35,6 +38,7 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_SRC_FILES := main.c LOCAL_MODULE := applypatch_static LOCAL_FORCE_STATIC_EXECUTABLE := true @@ -47,6 +51,7 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_SRC_FILES := imgdiff.c utils.c bsdiff.c LOCAL_MODULE := imgdiff LOCAL_FORCE_STATIC_EXECUTABLE := true diff --git a/edify/Android.mk b/edify/Android.mk index 03c04e432..c36645045 100644 --- a/edify/Android.mk +++ b/edify/Android.mk @@ -25,6 +25,7 @@ LOCAL_CFLAGS := $(edify_cflags) -g -O0 LOCAL_MODULE := edify LOCAL_YACCFLAGS := -v LOCAL_CFLAGS += -Wno-unused-parameter +LOCAL_CLANG := true include $(BUILD_HOST_EXECUTABLE) @@ -38,5 +39,6 @@ LOCAL_SRC_FILES := $(edify_src_files) LOCAL_CFLAGS := $(edify_cflags) LOCAL_CFLAGS += -Wno-unused-parameter LOCAL_MODULE := libedify +LOCAL_CLANG := true include $(BUILD_STATIC_LIBRARY) diff --git a/minadbd/Android.mk b/minadbd/Android.mk index a7a3e087d..3db3b4114 100644 --- a/minadbd/Android.mk +++ b/minadbd/Android.mk @@ -15,6 +15,7 @@ LOCAL_SRC_FILES := \ fuse_adb_provider.cpp \ services.cpp \ +LOCAL_CLANG := true LOCAL_MODULE := libminadbd LOCAL_CFLAGS := $(minadbd_cflags) LOCAL_CONLY_FLAGS := -Wimplicit-function-declaration diff --git a/minui/Android.mk b/minui/Android.mk index 52f066256..5584612df 100644 --- a/minui/Android.mk +++ b/minui/Android.mk @@ -39,6 +39,7 @@ include $(BUILD_STATIC_LIBRARY) # Used by OEMs for factory test images. include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_MODULE := libminui LOCAL_WHOLE_STATIC_LIBRARIES += libminui LOCAL_SHARED_LIBRARIES := libpng diff --git a/minzip/Android.mk b/minzip/Android.mk index 045f35570..48d26bcb7 100644 --- a/minzip/Android.mk +++ b/minzip/Android.mk @@ -16,6 +16,8 @@ LOCAL_STATIC_LIBRARIES := libselinux LOCAL_MODULE := libminzip +LOCAL_CLANG := true + LOCAL_CFLAGS += -Wall include $(BUILD_STATIC_LIBRARY) diff --git a/minzip/Zip.c b/minzip/Zip.c index 40712e03a..a64c833f9 100644 --- a/minzip/Zip.c +++ b/minzip/Zip.c @@ -506,7 +506,6 @@ static bool processDeflatedEntry(const ZipArchive *pArchive, void *cookie) { long result = -1; - unsigned char readBuf[32 * 1024]; unsigned char procBuf[32 * 1024]; z_stream zstream; int zerr; @@ -603,7 +602,6 @@ bool mzProcessZipEntryContents(const ZipArchive *pArchive, void *cookie) { bool ret = false; - off_t oldOff; switch (pEntry->compression) { case STORED: diff --git a/mtdutils/Android.mk b/mtdutils/Android.mk index f04355b5e..b7d35c27a 100644 --- a/mtdutils/Android.mk +++ b/mtdutils/Android.mk @@ -6,10 +6,12 @@ LOCAL_SRC_FILES := \ mounts.c LOCAL_MODULE := libmtdutils +LOCAL_CLANG := true include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_SRC_FILES := flash_image.c LOCAL_MODULE := flash_image LOCAL_MODULE_TAGS := eng diff --git a/recovery.cpp b/recovery.cpp index bfc68950c..76149cd98 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -326,14 +326,18 @@ static void rotate_logs(int max) { ensure_path_mounted(LAST_KMSG_FILE); for (int i = max-1; i >= 0; --i) { - std::string old_log = android::base::StringPrintf((i == 0) ? "%s" : "%s.%d", - LAST_LOG_FILE, i); + std::string old_log = android::base::StringPrintf("%s", LAST_LOG_FILE); + if (i > 0) { + old_log += "." + std::to_string(i); + } std::string new_log = android::base::StringPrintf("%s.%d", LAST_LOG_FILE, i+1); // Ignore errors if old_log doesn't exist. rename(old_log.c_str(), new_log.c_str()); - std::string old_kmsg = android::base::StringPrintf((i == 0) ? "%s" : "%s.%d", - LAST_KMSG_FILE, i); + std::string old_kmsg = android::base::StringPrintf("%s", LAST_KMSG_FILE); + if (i > 0) { + old_kmsg += "." + std::to_string(i); + } std::string new_kmsg = android::base::StringPrintf("%s.%d", LAST_KMSG_FILE, i+1); rename(old_kmsg.c_str(), new_kmsg.c_str()); } @@ -711,7 +715,10 @@ static void choose_recovery_file(Device* device) { // Add LAST_KMSG_FILE + LAST_KMSG_FILE.x for (int i = 0; i < KEEP_LOG_COUNT; i++) { char* log_file; - if (asprintf(&log_file, (i == 0) ? "%s" : "%s.%d", LAST_LOG_FILE, i) == -1) { + int ret; + ret = (i == 0) ? asprintf(&log_file, "%s", LAST_LOG_FILE) : + asprintf(&log_file, "%s.%d", LAST_LOG_FILE, i); + if (ret == -1) { // memory allocation failure - return early. Should never happen. return; } @@ -722,7 +729,9 @@ static void choose_recovery_file(Device* device) { } char* kmsg_file; - if (asprintf(&kmsg_file, (i == 0) ? "%s" : "%s.%d", LAST_KMSG_FILE, i) == -1) { + ret = (i == 0) ? asprintf(&kmsg_file, "%s", LAST_KMSG_FILE) : + asprintf(&kmsg_file, "%s.%d", LAST_KMSG_FILE, i); + if (ret == -1) { // memory allocation failure - return early. Should never happen. return; } diff --git a/tests/Android.mk b/tests/Android.mk index 02a272a24..4ce00b457 100644 --- a/tests/Android.mk +++ b/tests/Android.mk @@ -17,6 +17,7 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk LOCAL_STATIC_LIBRARIES := libverifier LOCAL_SRC_FILES := asn1_decoder_test.cpp diff --git a/uncrypt/Android.mk b/uncrypt/Android.mk index d832d9724..6859e75e4 100644 --- a/uncrypt/Android.mk +++ b/uncrypt/Android.mk @@ -16,6 +16,8 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) +LOCAL_CLANG := true + LOCAL_SRC_FILES := uncrypt.cpp LOCAL_MODULE := uncrypt diff --git a/updater/Android.mk b/updater/Android.mk index 57f43da96..a0ea06fa5 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -17,6 +17,8 @@ include $(CLEAR_VARS) # needed only for OTA packages.) LOCAL_MODULE_TAGS := eng +LOCAL_CLANG := true + LOCAL_SRC_FILES := $(updater_src_files) ifeq ($(TARGET_USERIMAGES_USE_EXT4), true) -- cgit v1.2.3 From 96392b97f6bf1670d478494fb6df89a3410e53fa Mon Sep 17 00:00:00 2001 From: Sami Tolvanen Date: Tue, 9 Jun 2015 21:42:30 +0100 Subject: Zero blocks before BLKDISCARD Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3 --- updater/blockimg.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/updater/blockimg.c b/updater/blockimg.c index 5d0f1560c..dfba7e420 100644 --- a/updater/blockimg.c +++ b/updater/blockimg.c @@ -39,11 +39,6 @@ #define BLOCKSIZE 4096 -// Set this to 0 to interpret 'erase' transfers to mean do a -// BLKDISCARD ioctl (the normal behavior). Set to 1 to interpret -// erase to mean fill the region with zeroes. -#define DEBUG_ERASE 0 - #ifndef BLKDISCARD #define BLKDISCARD _IO(0x12,119) #endif @@ -1283,8 +1278,7 @@ static int PerformCommandZero(CommandParameters* params) { } if (params->cmdname[0] == 'z') { - // Update only for the zero command, as the erase command will call - // this if DEBUG_ERASE is defined. + // Update only for the zero command, as the erase command will call this params->written += tgt->size; } @@ -1470,8 +1464,10 @@ static int PerformCommandErase(CommandParameters* params) { struct stat st; uint64_t blocks[2]; - if (DEBUG_ERASE) { - return PerformCommandZero(params); + // Always zero the blocks first to work around possibly flaky BLKDISCARD + // Bug: 20881595 + if (PerformCommandZero(params) != 0) { + goto pceout; } if (!params) { -- cgit v1.2.3 From 383b00d0e498e1f3b84e9dcfc6dddec6a76379d7 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 21 May 2015 16:44:44 -0700 Subject: Separate uncrypt into two modes uncrypt needs to be triggered to prepare the OTA package before rebooting into the recovery. Separate uncrypt into two modes. In mode 1, it uncrypts the OTA package, but will not reboot the device. In mode 2, it wipes the /misc partition and reboots. Needs matching changes in frameworks/base, system/core and external/sepolicy to work properly. Bug: 20012567 Bug: 20949086 (cherry picked from commit 158e11d6738a751b754d09df7275add589c31191) Change-Id: I349f6d368a0d6f6ee4332831c4cd4075a47426ff --- uncrypt/Android.mk | 2 +- uncrypt/uncrypt.cpp | 185 ++++++++++++++++++++++++++-------------------------- 2 files changed, 92 insertions(+), 95 deletions(-) diff --git a/uncrypt/Android.mk b/uncrypt/Android.mk index 6859e75e4..e73c8f1b6 100644 --- a/uncrypt/Android.mk +++ b/uncrypt/Android.mk @@ -22,6 +22,6 @@ LOCAL_SRC_FILES := uncrypt.cpp LOCAL_MODULE := uncrypt -LOCAL_STATIC_LIBRARIES := libfs_mgr liblog libcutils +LOCAL_STATIC_LIBRARIES := libbase liblog libfs_mgr libcutils include $(BUILD_EXECUTABLE) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index d71271d8e..efdbdac3c 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -46,21 +46,25 @@ #include #include #include -#include -#include #include +#include +#include #include -#define LOG_TAG "uncrypt" -#include +#include +#include #include #include #include +#define LOG_TAG "uncrypt" +#include + #define WINDOW_SIZE 5 -#define RECOVERY_COMMAND_FILE "/cache/recovery/command" -#define RECOVERY_COMMAND_FILE_TMP "/cache/recovery/command.tmp" -#define CACHE_BLOCK_MAP "/cache/recovery/block.map" + +static const std::string cache_block_map = "/cache/recovery/block.map"; +static const std::string status_file = "/cache/recovery/uncrypt_status"; +static const std::string uncrypt_file = "/cache/recovery/uncrypt_file"; static struct fstab* fstab = NULL; @@ -157,65 +161,35 @@ static const char* find_block_device(const char* path, bool* encryptable, bool* return NULL; } -// Parse the command file RECOVERY_COMMAND_FILE to find the update package -// name. If it's on the /data partition, replace the package name with the -// block map file name and store it temporarily in RECOVERY_COMMAND_FILE_TMP. -// It will be renamed to RECOVERY_COMMAND_FILE if uncrypt finishes -// successfully. -static char* find_update_package() +// Parse uncrypt_file to find the update package name. +static bool find_uncrypt_package(std::string& package_name) { - FILE* f = fopen(RECOVERY_COMMAND_FILE, "r"); - if (f == NULL) { - return NULL; - } - int fd = open(RECOVERY_COMMAND_FILE_TMP, O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR); - if (fd < 0) { - ALOGE("failed to open %s\n", RECOVERY_COMMAND_FILE_TMP); - return NULL; - } - FILE* fo = fdopen(fd, "w"); - char* fn = NULL; - char* line = NULL; - size_t len = 0; - while (getline(&line, &len, f) != -1) { - if (strncmp(line, "--update_package=", strlen("--update_package=")) == 0) { - fn = strdup(line + strlen("--update_package=")); - // Replace the package name with block map file if it's on /data partition. - if (strncmp(fn, "/data/", strlen("/data/")) == 0) { - fputs("--update_package=@" CACHE_BLOCK_MAP "\n", fo); - continue; - } - } - fputs(line, fo); + if (!android::base::ReadFileToString(uncrypt_file, &package_name)) { + ALOGE("failed to open \"%s\": %s\n", uncrypt_file.c_str(), strerror(errno)); + return false; } - free(line); - fclose(f); - if (fsync(fd) == -1) { - ALOGE("failed to fsync \"%s\": %s\n", RECOVERY_COMMAND_FILE_TMP, strerror(errno)); - fclose(fo); - return NULL; - } - fclose(fo); - if (fn) { - char* newline = strchr(fn, '\n'); - if (newline) { - *newline = 0; - } - } - return fn; + // Remove the trailing '\n' if present. + package_name = android::base::Trim(package_name); + + return true; } static int produce_block_map(const char* path, const char* map_file, const char* blk_dev, - bool encrypted) { - + bool encrypted, int status_fd) { int mapfd = open(map_file, O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR); - if (mapfd < 0) { + if (mapfd == -1) { ALOGE("failed to open %s\n", map_file); return -1; } FILE* mapf = fdopen(mapfd, "w"); + // Make sure we can write to the status_file. + if (!android::base::WriteStringToFd("0\n", status_fd)) { + ALOGE("failed to update \"%s\"\n", status_file.c_str()); + return -1; + } + struct stat sb; int ret = stat(path, &sb); if (ret != 0) { @@ -261,7 +235,15 @@ static int produce_block_map(const char* path, const char* map_file, const char* } } + int last_progress = 0; while (pos < sb.st_size) { + // Update the status file, progress must be between [0, 99]. + int progress = static_cast(100 * (double(pos) / double(sb.st_size))); + if (progress > last_progress) { + last_progress = progress; + android::base::WriteStringToFd(std::to_string(progress) + "\n", status_fd); + } + if ((tail+1) % WINDOW_SIZE == head) { // write out head buffer int block = head_block; @@ -384,43 +366,15 @@ static void reboot_to_recovery() { ALOGE("reboot didn't succeed?"); } -int main(int argc, char** argv) -{ - const char* input_path; - const char* map_file; - bool do_reboot = true; +int uncrypt(const char* input_path, const char* map_file, int status_fd) { - if (argc != 1 && argc != 3) { - fprintf(stderr, "usage: %s [ ]\n", argv[0]); - return 2; - } - - if (argc == 3) { - // when command-line args are given this binary is being used - // for debugging; don't reboot to recovery at the end. - input_path = argv[1]; - map_file = argv[2]; - do_reboot = false; - } else { - input_path = find_update_package(); - if (input_path == NULL) { - // if we're rebooting to recovery without a package (say, - // to wipe data), then we don't need to do anything before - // going to recovery. - ALOGI("no recovery command file or no update package arg"); - reboot_to_recovery(); - return 1; - } - map_file = CACHE_BLOCK_MAP; - } - - ALOGI("update package is %s", input_path); + ALOGI("update package is \"%s\"", input_path); // Turn the name of the file we're supposed to convert into an // absolute path, so we can find what filesystem it's on. char path[PATH_MAX+1]; if (realpath(input_path, path) == NULL) { - ALOGE("failed to convert %s to absolute path: %s", input_path, strerror(errno)); + ALOGE("failed to convert \"%s\" to absolute path: %s", input_path, strerror(errno)); return 1; } @@ -449,21 +403,64 @@ int main(int argc, char** argv) // On /data we want to convert the file to a block map so that we // can read the package without mounting the partition. On /cache // and /sdcard we leave the file alone. - if (strncmp(path, "/data/", 6) != 0) { - // path does not start with "/data/"; leave it alone. - unlink(RECOVERY_COMMAND_FILE_TMP); - wipe_misc(); - } else { + if (strncmp(path, "/data/", 6) == 0) { ALOGI("writing block map %s", map_file); - if (produce_block_map(path, map_file, blk_dev, encrypted) != 0) { + if (produce_block_map(path, map_file, blk_dev, encrypted, status_fd) != 0) { return 1; } - wipe_misc(); - rename(RECOVERY_COMMAND_FILE_TMP, RECOVERY_COMMAND_FILE); } - if (do_reboot) { + return 0; +} + +int main(int argc, char** argv) { + const char* input_path; + const char* map_file; + + if (argc != 3 && argc != 1 && (argc == 2 && strcmp(argv[1], "--reboot") != 0)) { + fprintf(stderr, "usage: %s [--reboot] [ ]\n", argv[0]); + return 2; + } + + // When uncrypt is started with "--reboot", it wipes misc and reboots. + // Otherwise it uncrypts the package and writes the block map. + if (argc == 2) { + if (read_fstab() == NULL) { + return 1; + } + wipe_misc(); reboot_to_recovery(); + } else { + std::string package; + if (argc == 3) { + // when command-line args are given this binary is being used + // for debugging. + input_path = argv[1]; + map_file = argv[2]; + } else { + if (!find_uncrypt_package(package)) { + return 1; + } + input_path = package.c_str(); + map_file = cache_block_map.c_str(); + } + + // The pipe has been created by the system server. + int status_fd = open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR); + if (status_fd == -1) { + ALOGE("failed to open pipe \"%s\": %s\n", status_file.c_str(), strerror(errno)); + return 1; + } + int status = uncrypt(input_path, map_file, status_fd); + if (status != 0) { + android::base::WriteStringToFd("-1\n", status_fd); + close(status_fd); + return 1; + } + + android::base::WriteStringToFd("100\n", status_fd); + close(status_fd); } + return 0; } -- cgit v1.2.3 From ac6aa7ede0b0b1df18b4149fdb9846c3e486918a Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 29 May 2015 14:24:02 -0700 Subject: uncrypt: Write status when it reboots to factory reset When it reboots into recovery for a factory reset, it still needs to write the uncrypt status (-1) to the pipe. Bug: 21511893 (cherry picked from commit 2c2cae8a4a18b85043bb6260a59ac7d1589016bf) Change-Id: Ia5a75c5edf3afbd916153da1b4de4db2f00d0209 --- uncrypt/uncrypt.cpp | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index efdbdac3c..20a272949 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -431,26 +431,29 @@ int main(int argc, char** argv) { wipe_misc(); reboot_to_recovery(); } else { - std::string package; + // The pipe has been created by the system server. + int status_fd = open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR); + if (status_fd == -1) { + ALOGE("failed to open pipe \"%s\": %s\n", status_file.c_str(), strerror(errno)); + return 1; + } + if (argc == 3) { // when command-line args are given this binary is being used // for debugging. input_path = argv[1]; map_file = argv[2]; } else { + std::string package; if (!find_uncrypt_package(package)) { + android::base::WriteStringToFd("-1\n", status_fd); + close(status_fd); return 1; } input_path = package.c_str(); map_file = cache_block_map.c_str(); } - // The pipe has been created by the system server. - int status_fd = open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR); - if (status_fd == -1) { - ALOGE("failed to open pipe \"%s\": %s\n", status_file.c_str(), strerror(errno)); - return 1; - } int status = uncrypt(input_path, map_file, status_fd); if (status != 0) { android::base::WriteStringToFd("-1\n", status_fd); -- cgit v1.2.3 From b4effb9807786fdd9bf0ad1b5a117d2fbb044594 Mon Sep 17 00:00:00 2001 From: caozhiyuan Date: Wed, 10 Jun 2015 16:46:38 +0800 Subject: Unmount sdcard if no package file is selected. Change-Id: I12b4f880802135a98dbc11a19e74172a3a5ef921 --- recovery.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/recovery.cpp b/recovery.cpp index 76149cd98..a7dc6ed9c 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -772,6 +772,7 @@ static int apply_from_sdcard(Device* device, bool* wipe_cache) { char* path = browse_directory(SDCARD_ROOT, device); if (path == NULL) { ui->Print("\n-- No package file selected.\n"); + ensure_path_unmounted(SDCARD_ROOT); return INSTALL_ERROR; } -- cgit v1.2.3 From e82fa18d3db21cb770f21b1a4c4b00950120758d Mon Sep 17 00:00:00 2001 From: Sami Tolvanen Date: Wed, 10 Jun 2015 15:58:12 +0000 Subject: Revert "Zero blocks before BLKDISCARD" This reverts commit 96392b97f6bf1670d478494fb6df89a3410e53fa. Change-Id: I77acc27158bad3cd8948390a3955197646a43a31 --- updater/blockimg.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/updater/blockimg.c b/updater/blockimg.c index dfba7e420..5d0f1560c 100644 --- a/updater/blockimg.c +++ b/updater/blockimg.c @@ -39,6 +39,11 @@ #define BLOCKSIZE 4096 +// Set this to 0 to interpret 'erase' transfers to mean do a +// BLKDISCARD ioctl (the normal behavior). Set to 1 to interpret +// erase to mean fill the region with zeroes. +#define DEBUG_ERASE 0 + #ifndef BLKDISCARD #define BLKDISCARD _IO(0x12,119) #endif @@ -1278,7 +1283,8 @@ static int PerformCommandZero(CommandParameters* params) { } if (params->cmdname[0] == 'z') { - // Update only for the zero command, as the erase command will call this + // Update only for the zero command, as the erase command will call + // this if DEBUG_ERASE is defined. params->written += tgt->size; } @@ -1464,10 +1470,8 @@ static int PerformCommandErase(CommandParameters* params) { struct stat st; uint64_t blocks[2]; - // Always zero the blocks first to work around possibly flaky BLKDISCARD - // Bug: 20881595 - if (PerformCommandZero(params) != 0) { - goto pceout; + if (DEBUG_ERASE) { + return PerformCommandZero(params); } if (!params) { -- cgit v1.2.3 From a3c75e3ea60d61df93461f5c356befe825c429d2 Mon Sep 17 00:00:00 2001 From: Sami Tolvanen Date: Wed, 10 Jun 2015 17:07:05 +0100 Subject: Zero blocks before BLKDISCARD Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f --- updater/blockimg.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/updater/blockimg.c b/updater/blockimg.c index 5d0f1560c..fc35abe4d 100644 --- a/updater/blockimg.c +++ b/updater/blockimg.c @@ -1465,6 +1465,7 @@ pcdout: static int PerformCommandErase(CommandParameters* params) { char* range = NULL; int i; + int j; int rc = -1; RangeSet* tgt = NULL; struct stat st; @@ -1491,7 +1492,7 @@ static int PerformCommandErase(CommandParameters* params) { range = strtok_r(NULL, " ", ¶ms->cpos); if (range == NULL) { - fprintf(stderr, "missing target blocks for zero\n"); + fprintf(stderr, "missing target blocks for erase\n"); goto pceout; } @@ -1500,7 +1501,22 @@ static int PerformCommandErase(CommandParameters* params) { if (params->canwrite) { fprintf(stderr, " erasing %d blocks\n", tgt->size); + allocate(BLOCKSIZE, ¶ms->buffer, ¶ms->bufsize); + memset(params->buffer, 0, BLOCKSIZE); + for (i = 0; i < tgt->count; ++i) { + // Always zero the blocks first to work around possibly flaky BLKDISCARD + // Bug: 20881595 + if (!check_lseek(params->fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + goto pceout; + } + + for (j = tgt->pos[i * 2]; j < tgt->pos[i * 2 + 1]; ++j) { + if (write_all(params->fd, params->buffer, BLOCKSIZE) == -1) { + goto pceout; + } + } + // offset in bytes blocks[0] = tgt->pos[i * 2] * (uint64_t) BLOCKSIZE; // length in bytes -- cgit v1.2.3 From 945548ef7b3eee5dbfb46f6291465d4b0b6d02e1 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Fri, 5 Jun 2015 17:59:56 -0700 Subject: Split WipeData into PreWipeData and PostWipeData. Bug: http://b/21760064 Change-Id: Idde268fe4d7e27586ca4469de16783f1ffdc5069 --- device.h | 17 ++++++++++------- recovery.cpp | 29 ++++++++++++----------------- 2 files changed, 22 insertions(+), 24 deletions(-) diff --git a/device.h b/device.h index dad8ccd56..f74b6b047 100644 --- a/device.h +++ b/device.h @@ -91,13 +91,16 @@ class Device { static const int kHighlightDown = -3; static const int kInvokeItem = -4; - // Called when we do a wipe data/factory reset operation (either via a - // reboot from the main system with the --wipe_data flag, or when the - // user boots into recovery manually and selects the option from the - // menu.) Can perform whatever device-specific wiping actions are - // needed. Return 0 on success. The userdata and cache partitions - // are erased AFTER this returns (whether it returns success or not). - virtual int WipeData() { return 0; } + // Called before and after we do a wipe data/factory reset operation, + // either via a reboot from the main system with the --wipe_data flag, + // or when the user boots into recovery image manually and selects the + // option from the menu, to perform whatever device-specific wiping + // actions are needed. + // Return true on success; returning false from PreWipeData will prevent + // the regular wipe, and returning false from PostWipeData will cause + // the wipe to be considered a failure. + virtual bool PreWipeData() { return true; } + virtual bool PostWipeData() { return true; } private: RecoveryUI* ui_; diff --git a/recovery.cpp b/recovery.cpp index 76149cd98..6cda10c21 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -421,8 +421,7 @@ typedef struct _saved_log_file { struct _saved_log_file* next; } saved_log_file; -static int -erase_volume(const char *volume) { +static bool erase_volume(const char* volume) { bool is_cache = (strcmp(volume, CACHE_ROOT) == 0); ui->SetBackground(RecoveryUI::ERASING); @@ -503,7 +502,7 @@ erase_volume(const char *volume) { copy_logs(); } - return result; + return (result == 0); } static int @@ -677,13 +676,13 @@ static bool wipe_data(int should_confirm, Device* device) { modified_flash = true; ui->Print("\n-- Wiping data...\n"); - if (device->WipeData() == 0 && erase_volume("/data") == 0 && erase_volume("/cache") == 0) { - ui->Print("Data wipe complete.\n"); - return true; - } else { - ui->Print("Data wipe failed.\n"); - return false; - } + bool success = + device->PreWipeData() && + erase_volume("/data") && + erase_volume("/cache") && + device->PostWipeData(); + ui->Print("Data wipe %s.\n", success ? "complete" : "failed"); + return success; } // Return true on success. @@ -695,13 +694,9 @@ static bool wipe_cache(bool should_confirm, Device* device) { modified_flash = true; ui->Print("\n-- Wiping cache...\n"); - if (erase_volume("/cache") == 0) { - ui->Print("Cache wipe complete.\n"); - return true; - } else { - ui->Print("Cache wipe failed.\n"); - return false; - } + bool success = erase_volume("/cache"); + ui->Print("Cache wipe %s.\n", success ? "complete" : "failed"); + return success; } static void choose_recovery_file(Device* device) { -- cgit v1.2.3 From 9813f5ba57fe7d90d45cb1c2b6f65920ce580e72 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Tue, 23 Jun 2015 11:12:58 -0700 Subject: Allow sideloading without authentication. Bug: http://b/22025550 Change-Id: I20f09ae442536f924f19ede0abf6a2bcc0a5cedf --- minadbd/adb_main.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/minadbd/adb_main.cpp b/minadbd/adb_main.cpp index 0e65386c4..724f39c1d 100644 --- a/minadbd/adb_main.cpp +++ b/minadbd/adb_main.cpp @@ -19,11 +19,12 @@ #include #include -#define TRACE_TAG TRACE_ADB +#define TRACE_TAG TRACE_ADB #include "sysdeps.h" #include "adb.h" +#include "adb_auth.h" #include "transport.h" int adb_main(int is_daemon, int server_port) { @@ -31,6 +32,9 @@ int adb_main(int is_daemon, int server_port) { signal(SIGPIPE, SIG_IGN); + // We can't require authentication for sideloading. http://b/22025550. + auth_required = false; + init_transport_registration(); usb_init(); -- cgit v1.2.3 From f267dee1cadba106eee373f7b1732bd4be9ebe13 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Tue, 23 Jun 2015 12:31:02 -0700 Subject: Just use fstat in sysMapFile. Also turn on -Werror and remove a dead function. Change-Id: I436f0a91c40e36db985190b3b98b0a4527cf0eeb --- minzip/Android.mk | 2 +- minzip/SysUtil.c | 86 +++++++++++++++---------------------------------------- minzip/Zip.c | 7 ----- 3 files changed, 24 insertions(+), 71 deletions(-) diff --git a/minzip/Android.mk b/minzip/Android.mk index 48d26bcb7..22eabfbb1 100644 --- a/minzip/Android.mk +++ b/minzip/Android.mk @@ -18,6 +18,6 @@ LOCAL_MODULE := libminzip LOCAL_CLANG := true -LOCAL_CFLAGS += -Wall +LOCAL_CFLAGS += -Werror -Wall include $(BUILD_STATIC_LIBRARY) diff --git a/minzip/SysUtil.c b/minzip/SysUtil.c index b160c9e3d..3dd3572fe 100644 --- a/minzip/SysUtil.c +++ b/minzip/SysUtil.c @@ -3,86 +3,46 @@ * * System utilities. */ -#include +#include +#include +#include +#include +#include #include -#include +#include #include #include -#include #include -#include -#include -#include -#include +#include +#include #define LOG_TAG "sysutil" #include "Log.h" #include "SysUtil.h" -static int getFileStartAndLength(int fd, off_t *start_, size_t *length_) -{ - off_t start, end; - size_t length; - - assert(start_ != NULL); - assert(length_ != NULL); - - // TODO: isn't start always 0 for the single call site? just use fstat instead? - - start = TEMP_FAILURE_RETRY(lseek(fd, 0L, SEEK_CUR)); - end = TEMP_FAILURE_RETRY(lseek(fd, 0L, SEEK_END)); - - if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1 || - start == (off_t) -1 || end == (off_t) -1) { - LOGE("could not determine length of file\n"); - return -1; - } - - length = end - start; - if (length == 0) { - LOGE("file is empty\n"); - return -1; - } - - *start_ = start; - *length_ = length; - - return 0; -} - -/* - * Map a file (from fd's current offset) into a private, read-only memory - * segment. The file offset must be a multiple of the page size. - * - * On success, returns 0 and fills out "pMap". On failure, returns a nonzero - * value and does not disturb "pMap". - */ -static int sysMapFD(int fd, MemMapping* pMap) -{ - off_t start; - size_t length; - void* memPtr; - +static bool sysMapFD(int fd, MemMapping* pMap) { assert(pMap != NULL); - if (getFileStartAndLength(fd, &start, &length) < 0) - return -1; + struct stat sb; + if (fstat(fd, &sb) == -1) { + LOGW("fstat(%d) failed: %s\n", fd, strerror(errno)); + return false; + } - memPtr = mmap(NULL, length, PROT_READ, MAP_PRIVATE, fd, start); + void* memPtr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); if (memPtr == MAP_FAILED) { - LOGW("mmap(%d, R, PRIVATE, %d, %d) failed: %s\n", (int) length, - fd, (int) start, strerror(errno)); - return -1; + LOGW("mmap(%d, R, PRIVATE, %d, 0) failed: %s\n", (int) sb.st_size, fd, strerror(errno)); + return false; } pMap->addr = memPtr; - pMap->length = length; + pMap->length = sb.st_size; pMap->range_count = 1; pMap->ranges = malloc(sizeof(MappedRange)); pMap->ranges[0].addr = memPtr; - pMap->ranges[0].length = length; + pMap->ranges[0].length = sb.st_size; - return 0; + return true; } static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) @@ -180,13 +140,13 @@ int sysMapFile(const char* fn, MemMapping* pMap) fclose(mapf); } else { // This is a regular file. - int fd = open(fn, O_RDONLY, 0); - if (fd < 0) { + int fd = open(fn, O_RDONLY); + if (fd == -1) { LOGE("Unable to open '%s': %s\n", fn, strerror(errno)); return -1; } - if (sysMapFD(fd, pMap) != 0) { + if (!sysMapFD(fd, pMap)) { LOGE("Map of '%s' failed\n", fn); close(fd); return -1; diff --git a/minzip/Zip.c b/minzip/Zip.c index a64c833f9..c1dec742d 100644 --- a/minzip/Zip.c +++ b/minzip/Zip.c @@ -619,13 +619,6 @@ bool mzProcessZipEntryContents(const ZipArchive *pArchive, return ret; } -static bool crcProcessFunction(const unsigned char *data, int dataLen, - void *crc) -{ - *(unsigned long *)crc = crc32(*(unsigned long *)crc, data, dataLen); - return true; -} - typedef struct { char *buf; int bufLen; -- cgit v1.2.3 From 0b7dc1dfcdc5cd7946e958f01d0c302e18cc5dfd Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 24 Jun 2015 11:24:04 -0700 Subject: recovery: Use xxhdpi resources for 560dpi devices Create a symbolic link to res-xxhdpi for res-560dpi. 560dpi devices (like shamu) are currently using a fallback option of xhdpi (320dpi) resources. Now they can get closer ones (480dpi), such as larger fonts on UI screen. Change-Id: I427c3091d7e9892d9a7a1886be6adca14c122b06 --- res-560dpi | 1 + 1 file changed, 1 insertion(+) create mode 120000 res-560dpi diff --git a/res-560dpi b/res-560dpi new file mode 120000 index 000000000..8576a9b95 --- /dev/null +++ b/res-560dpi @@ -0,0 +1 @@ +res-xxhdpi \ No newline at end of file -- cgit v1.2.3 From c0f56ad76680df555689d4a2397487ef8c16b1a6 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 25 Jun 2015 14:00:31 -0700 Subject: More accurate checking for overlapped ranges. A RangeSet has half-closed half-open bounds. For example, "3,5" contains blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped. Bug: 22098085 Change-Id: I75e54a6506f2a20255d782ee710e889fad2eaf29 --- updater/blockimg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater/blockimg.c b/updater/blockimg.c index fc35abe4d..0bd2559f7 100644 --- a/updater/blockimg.c +++ b/updater/blockimg.c @@ -162,7 +162,7 @@ static int range_overlaps(RangeSet* r1, RangeSet* r2) { r2_0 = r2->pos[j * 2]; r2_1 = r2->pos[j * 2 + 1]; - if (!(r2_0 > r1_1 || r1_0 > r2_1)) { + if (!(r2_0 >= r1_1 || r1_0 >= r2_1)) { return 1; } } -- cgit v1.2.3 From 522ea7211682631bb514b899f4b308803a054329 Mon Sep 17 00:00:00 2001 From: Mohamad Ayyash Date: Mon, 29 Jun 2015 18:57:14 -0700 Subject: Allow mounting squashfs partitions Change-Id: Ifb8f84063a406db7aad3f9ef12c349ea09a54e07 Signed-off-by: Mohamad Ayyash (cherry picked from commit 0ddfa329acb1e6464fe5d66b58257013abf21116) --- roots.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/roots.cpp b/roots.cpp index f863cb277..2bd457efe 100644 --- a/roots.cpp +++ b/roots.cpp @@ -111,6 +111,7 @@ int ensure_path_mounted(const char* path) { } return mtd_mount_partition(partition, v->mount_point, v->fs_type, 0); } else if (strcmp(v->fs_type, "ext4") == 0 || + strcmp(v->fs_type, "squashfs") == 0 || strcmp(v->fs_type, "vfat") == 0) { result = mount(v->blk_device, v->mount_point, v->fs_type, v->flags, v->fs_options); -- cgit v1.2.3 From 90c75b0beb375b8d261e2df92292e9b542470f6e Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Mon, 6 Jul 2015 10:44:33 -0700 Subject: Change init sequence to support file level encryption File level encryption must get the key between mounting userdata and calling post_fs_data when the directories are created. This requires access to keymaster, which in turn is found from a system property. Split property loaded into system and data, and load in right order. Bug: 22233063 Change-Id: I409c12e3f4a8cef474eb48818e96760fe292cc49 --- etc/init.rc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/init.rc b/etc/init.rc index 6c07c6027..427727768 100644 --- a/etc/init.rc +++ b/etc/init.rc @@ -47,8 +47,8 @@ on boot class_start default # Load properties from /system/ + /factory after fs mount. -on load_all_props_action - load_all_props +on load_system_props_action + load_system_props on firmware_mounts_complete rm /dev/.booting @@ -63,7 +63,7 @@ on late-init # Load properties from /system/ + /factory after fs mount. Place # this in another action so that the load will be scheduled after the prior # issued fs triggers have completed. - trigger load_all_props_action + trigger load_system_props_action # Remove a file to wake up anything waiting for firmware trigger firmware_mounts_complete -- cgit v1.2.3 From 9c67aa2d2b60858d3315c09eb72f1a3ffeabd3f0 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Tue, 30 Jun 2015 23:09:12 -0700 Subject: Revert "Zero blocks before BLKDISCARD" This reverts commit b65f0272c860771f2105668accd175be1ed95ae9. It slows down the update too much on some devices (e.g. increased from 8 mins to 40 mins to take a full OTA update). Bug: 22129621 Change-Id: I016e3b47313e3113f01bb4f8eb3c14856bdc35e5 (cherry picked from commit 7125f9594db027ce4313d940ce2cafac67ae8c31) --- updater/blockimg.c | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/updater/blockimg.c b/updater/blockimg.c index 0bd2559f7..a6a389507 100644 --- a/updater/blockimg.c +++ b/updater/blockimg.c @@ -1465,7 +1465,6 @@ pcdout: static int PerformCommandErase(CommandParameters* params) { char* range = NULL; int i; - int j; int rc = -1; RangeSet* tgt = NULL; struct stat st; @@ -1492,7 +1491,7 @@ static int PerformCommandErase(CommandParameters* params) { range = strtok_r(NULL, " ", ¶ms->cpos); if (range == NULL) { - fprintf(stderr, "missing target blocks for erase\n"); + fprintf(stderr, "missing target blocks for zero\n"); goto pceout; } @@ -1501,22 +1500,7 @@ static int PerformCommandErase(CommandParameters* params) { if (params->canwrite) { fprintf(stderr, " erasing %d blocks\n", tgt->size); - allocate(BLOCKSIZE, ¶ms->buffer, ¶ms->bufsize); - memset(params->buffer, 0, BLOCKSIZE); - for (i = 0; i < tgt->count; ++i) { - // Always zero the blocks first to work around possibly flaky BLKDISCARD - // Bug: 20881595 - if (!check_lseek(params->fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { - goto pceout; - } - - for (j = tgt->pos[i * 2]; j < tgt->pos[i * 2 + 1]; ++j) { - if (write_all(params->fd, params->buffer, BLOCKSIZE) == -1) { - goto pceout; - } - } - // offset in bytes blocks[0] = tgt->pos[i * 2] * (uint64_t) BLOCKSIZE; // length in bytes -- cgit v1.2.3 From ba9a42aa7e10686de186636fe9fecbf8c4cc7c19 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Tue, 23 Jun 2015 23:23:33 -0700 Subject: recovery: Switch applypatch/ and updater/ to cpp. Mostly trivial changes to make cpp compiler happy. Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270 --- applypatch/Android.mk | 8 +- applypatch/applypatch.c | 1048 ------------------------ applypatch/applypatch.cpp | 1025 +++++++++++++++++++++++ applypatch/bsdiff.c | 410 ---------- applypatch/bsdiff.cpp | 410 ++++++++++ applypatch/bspatch.c | 256 ------ applypatch/bspatch.cpp | 255 ++++++ applypatch/freecache.c | 172 ---- applypatch/freecache.cpp | 186 +++++ applypatch/imgdiff.c | 1060 ------------------------ applypatch/imgdiff.cpp | 1068 ++++++++++++++++++++++++ applypatch/imgpatch.c | 234 ------ applypatch/imgpatch.cpp | 234 ++++++ applypatch/main.c | 214 ----- applypatch/main.cpp | 213 +++++ applypatch/utils.c | 65 -- applypatch/utils.cpp | 65 ++ minzip/Hash.h | 8 + roots.cpp | 2 - updater/Android.mk | 18 +- updater/blockimg.c | 1994 --------------------------------------------- updater/blockimg.cpp | 1991 ++++++++++++++++++++++++++++++++++++++++++++ updater/install.c | 1630 ------------------------------------ updater/install.cpp | 1622 ++++++++++++++++++++++++++++++++++++ updater/updater.c | 169 ---- updater/updater.cpp | 169 ++++ 26 files changed, 7265 insertions(+), 7261 deletions(-) delete mode 100644 applypatch/applypatch.c create mode 100644 applypatch/applypatch.cpp delete mode 100644 applypatch/bsdiff.c create mode 100644 applypatch/bsdiff.cpp delete mode 100644 applypatch/bspatch.c create mode 100644 applypatch/bspatch.cpp delete mode 100644 applypatch/freecache.c create mode 100644 applypatch/freecache.cpp delete mode 100644 applypatch/imgdiff.c create mode 100644 applypatch/imgdiff.cpp delete mode 100644 applypatch/imgpatch.c create mode 100644 applypatch/imgpatch.cpp delete mode 100644 applypatch/main.c create mode 100644 applypatch/main.cpp delete mode 100644 applypatch/utils.c create mode 100644 applypatch/utils.cpp delete mode 100644 updater/blockimg.c create mode 100644 updater/blockimg.cpp delete mode 100644 updater/install.c create mode 100644 updater/install.cpp delete mode 100644 updater/updater.c create mode 100644 updater/updater.cpp diff --git a/applypatch/Android.mk b/applypatch/Android.mk index eb3e4580e..1f73fd897 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -17,7 +17,7 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) LOCAL_CLANG := true -LOCAL_SRC_FILES := applypatch.c bspatch.c freecache.c imgpatch.c utils.c +LOCAL_SRC_FILES := applypatch.cpp bspatch.cpp freecache.cpp imgpatch.cpp utils.cpp LOCAL_MODULE := libapplypatch LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += external/bzip2 external/zlib bootable/recovery @@ -28,7 +28,7 @@ include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) LOCAL_CLANG := true -LOCAL_SRC_FILES := main.c +LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz @@ -39,7 +39,7 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) LOCAL_CLANG := true -LOCAL_SRC_FILES := main.c +LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch_static LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := eng @@ -52,7 +52,7 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) LOCAL_CLANG := true -LOCAL_SRC_FILES := imgdiff.c utils.c bsdiff.c +LOCAL_SRC_FILES := imgdiff.cpp utils.cpp bsdiff.cpp LOCAL_MODULE := imgdiff LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_C_INCLUDES += external/zlib external/bzip2 diff --git a/applypatch/applypatch.c b/applypatch/applypatch.c deleted file mode 100644 index 2358d4292..000000000 --- a/applypatch/applypatch.c +++ /dev/null @@ -1,1048 +0,0 @@ -/* - * Copyright (C) 2008 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "mincrypt/sha.h" -#include "applypatch.h" -#include "mtdutils/mtdutils.h" -#include "edify/expr.h" - -static int LoadPartitionContents(const char* filename, FileContents* file); -static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token); -static int GenerateTarget(FileContents* source_file, - const Value* source_patch_value, - FileContents* copy_file, - const Value* copy_patch_value, - const char* source_filename, - const char* target_filename, - const uint8_t target_sha1[SHA_DIGEST_SIZE], - size_t target_size, - const Value* bonus_data); - -static int mtd_partitions_scanned = 0; - -// Read a file into memory; store the file contents and associated -// metadata in *file. -// -// Return 0 on success. -int LoadFileContents(const char* filename, FileContents* file) { - file->data = NULL; - - // A special 'filename' beginning with "MTD:" or "EMMC:" means to - // load the contents of a partition. - if (strncmp(filename, "MTD:", 4) == 0 || - strncmp(filename, "EMMC:", 5) == 0) { - return LoadPartitionContents(filename, file); - } - - if (stat(filename, &file->st) != 0) { - printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); - return -1; - } - - file->size = file->st.st_size; - file->data = malloc(file->size); - - FILE* f = fopen(filename, "rb"); - if (f == NULL) { - printf("failed to open \"%s\": %s\n", filename, strerror(errno)); - free(file->data); - file->data = NULL; - return -1; - } - - ssize_t bytes_read = fread(file->data, 1, file->size, f); - if (bytes_read != file->size) { - printf("short read of \"%s\" (%ld bytes of %ld)\n", - filename, (long)bytes_read, (long)file->size); - free(file->data); - file->data = NULL; - return -1; - } - fclose(f); - - SHA_hash(file->data, file->size, file->sha1); - return 0; -} - -static size_t* size_array; -// comparison function for qsort()ing an int array of indexes into -// size_array[]. -static int compare_size_indices(const void* a, const void* b) { - int aa = *(int*)a; - int bb = *(int*)b; - if (size_array[aa] < size_array[bb]) { - return -1; - } else if (size_array[aa] > size_array[bb]) { - return 1; - } else { - return 0; - } -} - -// Load the contents of an MTD or EMMC partition into the provided -// FileContents. filename should be a string of the form -// "MTD::::::..." (or -// "EMMC::..."). The smallest size_n bytes for -// which that prefix of the partition contents has the corresponding -// sha1 hash will be loaded. It is acceptable for a size value to be -// repeated with different sha1s. Will return 0 on success. -// -// This complexity is needed because if an OTA installation is -// interrupted, the partition might contain either the source or the -// target data, which might be of different lengths. We need to know -// the length in order to read from a partition (there is no -// "end-of-file" marker), so the caller must specify the possible -// lengths and the hash of the data, and we'll do the load expecting -// to find one of those hashes. -enum PartitionType { MTD, EMMC }; - -static int LoadPartitionContents(const char* filename, FileContents* file) { - char* copy = strdup(filename); - const char* magic = strtok(copy, ":"); - - enum PartitionType type; - - if (strcmp(magic, "MTD") == 0) { - type = MTD; - } else if (strcmp(magic, "EMMC") == 0) { - type = EMMC; - } else { - printf("LoadPartitionContents called with bad filename (%s)\n", - filename); - return -1; - } - const char* partition = strtok(NULL, ":"); - - int i; - int colons = 0; - for (i = 0; filename[i] != '\0'; ++i) { - if (filename[i] == ':') { - ++colons; - } - } - if (colons < 3 || colons%2 == 0) { - printf("LoadPartitionContents called with bad filename (%s)\n", - filename); - } - - int pairs = (colons-1)/2; // # of (size,sha1) pairs in filename - int* index = malloc(pairs * sizeof(int)); - size_t* size = malloc(pairs * sizeof(size_t)); - char** sha1sum = malloc(pairs * sizeof(char*)); - - for (i = 0; i < pairs; ++i) { - const char* size_str = strtok(NULL, ":"); - size[i] = strtol(size_str, NULL, 10); - if (size[i] == 0) { - printf("LoadPartitionContents called with bad size (%s)\n", filename); - return -1; - } - sha1sum[i] = strtok(NULL, ":"); - index[i] = i; - } - - // sort the index[] array so it indexes the pairs in order of - // increasing size. - size_array = size; - qsort(index, pairs, sizeof(int), compare_size_indices); - - MtdReadContext* ctx = NULL; - FILE* dev = NULL; - - switch (type) { - case MTD: - if (!mtd_partitions_scanned) { - mtd_scan_partitions(); - mtd_partitions_scanned = 1; - } - - const MtdPartition* mtd = mtd_find_partition_by_name(partition); - if (mtd == NULL) { - printf("mtd partition \"%s\" not found (loading %s)\n", - partition, filename); - return -1; - } - - ctx = mtd_read_partition(mtd); - if (ctx == NULL) { - printf("failed to initialize read of mtd partition \"%s\"\n", - partition); - return -1; - } - break; - - case EMMC: - dev = fopen(partition, "rb"); - if (dev == NULL) { - printf("failed to open emmc partition \"%s\": %s\n", - partition, strerror(errno)); - return -1; - } - } - - SHA_CTX sha_ctx; - SHA_init(&sha_ctx); - uint8_t parsed_sha[SHA_DIGEST_SIZE]; - - // allocate enough memory to hold the largest size. - file->data = malloc(size[index[pairs-1]]); - char* p = (char*)file->data; - file->size = 0; // # bytes read so far - - for (i = 0; i < pairs; ++i) { - // Read enough additional bytes to get us up to the next size - // (again, we're trying the possibilities in order of increasing - // size). - size_t next = size[index[i]] - file->size; - size_t read = 0; - if (next > 0) { - switch (type) { - case MTD: - read = mtd_read_data(ctx, p, next); - break; - - case EMMC: - read = fread(p, 1, next, dev); - break; - } - if (next != read) { - printf("short read (%zu bytes of %zu) for partition \"%s\"\n", - read, next, partition); - free(file->data); - file->data = NULL; - return -1; - } - SHA_update(&sha_ctx, p, read); - file->size += read; - } - - // Duplicate the SHA context and finalize the duplicate so we can - // check it against this pair's expected hash. - SHA_CTX temp_ctx; - memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); - const uint8_t* sha_so_far = SHA_final(&temp_ctx); - - if (ParseSha1(sha1sum[index[i]], parsed_sha) != 0) { - printf("failed to parse sha1 %s in %s\n", - sha1sum[index[i]], filename); - free(file->data); - file->data = NULL; - return -1; - } - - if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_SIZE) == 0) { - // we have a match. stop reading the partition; we'll return - // the data we've read so far. - printf("partition read matched size %zu sha %s\n", - size[index[i]], sha1sum[index[i]]); - break; - } - - p += read; - } - - switch (type) { - case MTD: - mtd_read_close(ctx); - break; - - case EMMC: - fclose(dev); - break; - } - - - if (i == pairs) { - // Ran off the end of the list of (size,sha1) pairs without - // finding a match. - printf("contents of partition \"%s\" didn't match %s\n", - partition, filename); - free(file->data); - file->data = NULL; - return -1; - } - - const uint8_t* sha_final = SHA_final(&sha_ctx); - for (i = 0; i < SHA_DIGEST_SIZE; ++i) { - file->sha1[i] = sha_final[i]; - } - - // Fake some stat() info. - file->st.st_mode = 0644; - file->st.st_uid = 0; - file->st.st_gid = 0; - - free(copy); - free(index); - free(size); - free(sha1sum); - - return 0; -} - - -// Save the contents of the given FileContents object under the given -// filename. Return 0 on success. -int SaveFileContents(const char* filename, const FileContents* file) { - int fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); - if (fd < 0) { - printf("failed to open \"%s\" for write: %s\n", - filename, strerror(errno)); - return -1; - } - - ssize_t bytes_written = FileSink(file->data, file->size, &fd); - if (bytes_written != file->size) { - printf("short write of \"%s\" (%ld bytes of %ld) (%s)\n", - filename, (long)bytes_written, (long)file->size, - strerror(errno)); - close(fd); - return -1; - } - if (fsync(fd) != 0) { - printf("fsync of \"%s\" failed: %s\n", filename, strerror(errno)); - return -1; - } - if (close(fd) != 0) { - printf("close of \"%s\" failed: %s\n", filename, strerror(errno)); - return -1; - } - - if (chmod(filename, file->st.st_mode) != 0) { - printf("chmod of \"%s\" failed: %s\n", filename, strerror(errno)); - return -1; - } - if (chown(filename, file->st.st_uid, file->st.st_gid) != 0) { - printf("chown of \"%s\" failed: %s\n", filename, strerror(errno)); - return -1; - } - - return 0; -} - -// Write a memory buffer to 'target' partition, a string of the form -// "MTD:[:...]" or "EMMC::". Return 0 on -// success. -int WriteToPartition(unsigned char* data, size_t len, - const char* target) { - char* copy = strdup(target); - const char* magic = strtok(copy, ":"); - - enum PartitionType type; - if (strcmp(magic, "MTD") == 0) { - type = MTD; - } else if (strcmp(magic, "EMMC") == 0) { - type = EMMC; - } else { - printf("WriteToPartition called with bad target (%s)\n", target); - return -1; - } - const char* partition = strtok(NULL, ":"); - - if (partition == NULL) { - printf("bad partition target name \"%s\"\n", target); - return -1; - } - - switch (type) { - case MTD: - if (!mtd_partitions_scanned) { - mtd_scan_partitions(); - mtd_partitions_scanned = 1; - } - - const MtdPartition* mtd = mtd_find_partition_by_name(partition); - if (mtd == NULL) { - printf("mtd partition \"%s\" not found for writing\n", - partition); - return -1; - } - - MtdWriteContext* ctx = mtd_write_partition(mtd); - if (ctx == NULL) { - printf("failed to init mtd partition \"%s\" for writing\n", - partition); - return -1; - } - - size_t written = mtd_write_data(ctx, (char*)data, len); - if (written != len) { - printf("only wrote %zu of %zu bytes to MTD %s\n", - written, len, partition); - mtd_write_close(ctx); - return -1; - } - - if (mtd_erase_blocks(ctx, -1) < 0) { - printf("error finishing mtd write of %s\n", partition); - mtd_write_close(ctx); - return -1; - } - - if (mtd_write_close(ctx)) { - printf("error closing mtd write of %s\n", partition); - return -1; - } - break; - - case EMMC: - { - size_t start = 0; - int success = 0; - int fd = open(partition, O_RDWR | O_SYNC); - if (fd < 0) { - printf("failed to open %s: %s\n", partition, strerror(errno)); - return -1; - } - int attempt; - - for (attempt = 0; attempt < 2; ++attempt) { - if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1) { - printf("failed seek on %s: %s\n", - partition, strerror(errno)); - return -1; - } - while (start < len) { - size_t to_write = len - start; - if (to_write > 1<<20) to_write = 1<<20; - - ssize_t written = TEMP_FAILURE_RETRY(write(fd, data+start, to_write)); - if (written == -1) { - printf("failed write writing to %s: %s\n", partition, strerror(errno)); - return -1; - } - start += written; - } - if (fsync(fd) != 0) { - printf("failed to sync to %s (%s)\n", - partition, strerror(errno)); - return -1; - } - if (close(fd) != 0) { - printf("failed to close %s (%s)\n", - partition, strerror(errno)); - return -1; - } - fd = open(partition, O_RDONLY); - if (fd < 0) { - printf("failed to reopen %s for verify (%s)\n", - partition, strerror(errno)); - return -1; - } - - // drop caches so our subsequent verification read - // won't just be reading the cache. - sync(); - int dc = open("/proc/sys/vm/drop_caches", O_WRONLY); - if (TEMP_FAILURE_RETRY(write(dc, "3\n", 2)) == -1) { - printf("write to /proc/sys/vm/drop_caches failed: %s\n", strerror(errno)); - } else { - printf(" caches dropped\n"); - } - close(dc); - sleep(1); - - // verify - if (TEMP_FAILURE_RETRY(lseek(fd, 0, SEEK_SET)) == -1) { - printf("failed to seek back to beginning of %s: %s\n", - partition, strerror(errno)); - return -1; - } - unsigned char buffer[4096]; - start = len; - size_t p; - for (p = 0; p < len; p += sizeof(buffer)) { - size_t to_read = len - p; - if (to_read > sizeof(buffer)) to_read = sizeof(buffer); - - size_t so_far = 0; - while (so_far < to_read) { - ssize_t read_count = - TEMP_FAILURE_RETRY(read(fd, buffer+so_far, to_read-so_far)); - if (read_count == -1) { - printf("verify read error %s at %zu: %s\n", - partition, p, strerror(errno)); - return -1; - } - if ((size_t)read_count < to_read) { - printf("short verify read %s at %zu: %zd %zu %s\n", - partition, p, read_count, to_read, strerror(errno)); - } - so_far += read_count; - } - - if (memcmp(buffer, data+p, to_read)) { - printf("verification failed starting at %zu\n", p); - start = p; - break; - } - } - - if (start == len) { - printf("verification read succeeded (attempt %d)\n", attempt+1); - success = true; - break; - } - } - - if (!success) { - printf("failed to verify after all attempts\n"); - return -1; - } - - if (close(fd) != 0) { - printf("error closing %s (%s)\n", partition, strerror(errno)); - return -1; - } - sync(); - break; - } - } - - free(copy); - return 0; -} - - -// Take a string 'str' of 40 hex digits and parse it into the 20 -// byte array 'digest'. 'str' may contain only the digest or be of -// the form ":". Return 0 on success, -1 on any -// error. -int ParseSha1(const char* str, uint8_t* digest) { - int i; - const char* ps = str; - uint8_t* pd = digest; - for (i = 0; i < SHA_DIGEST_SIZE * 2; ++i, ++ps) { - int digit; - if (*ps >= '0' && *ps <= '9') { - digit = *ps - '0'; - } else if (*ps >= 'a' && *ps <= 'f') { - digit = *ps - 'a' + 10; - } else if (*ps >= 'A' && *ps <= 'F') { - digit = *ps - 'A' + 10; - } else { - return -1; - } - if (i % 2 == 0) { - *pd = digit << 4; - } else { - *pd |= digit; - ++pd; - } - } - if (*ps != '\0') return -1; - return 0; -} - -// Search an array of sha1 strings for one matching the given sha1. -// Return the index of the match on success, or -1 if no match is -// found. -int FindMatchingPatch(uint8_t* sha1, char* const * const patch_sha1_str, - int num_patches) { - int i; - uint8_t patch_sha1[SHA_DIGEST_SIZE]; - for (i = 0; i < num_patches; ++i) { - if (ParseSha1(patch_sha1_str[i], patch_sha1) == 0 && - memcmp(patch_sha1, sha1, SHA_DIGEST_SIZE) == 0) { - return i; - } - } - return -1; -} - -// Returns 0 if the contents of the file (argv[2]) or the cached file -// match any of the sha1's on the command line (argv[3:]). Returns -// nonzero otherwise. -int applypatch_check(const char* filename, - int num_patches, char** const patch_sha1_str) { - FileContents file; - file.data = NULL; - - // It's okay to specify no sha1s; the check will pass if the - // LoadFileContents is successful. (Useful for reading - // partitions, where the filename encodes the sha1s; no need to - // check them twice.) - if (LoadFileContents(filename, &file) != 0 || - (num_patches > 0 && - FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0)) { - printf("file \"%s\" doesn't have any of expected " - "sha1 sums; checking cache\n", filename); - - free(file.data); - file.data = NULL; - - // If the source file is missing or corrupted, it might be because - // we were killed in the middle of patching it. A copy of it - // should have been made in CACHE_TEMP_SOURCE. If that file - // exists and matches the sha1 we're looking for, the check still - // passes. - - if (LoadFileContents(CACHE_TEMP_SOURCE, &file) != 0) { - printf("failed to load cache file\n"); - return 1; - } - - if (FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0) { - printf("cache bits don't match any sha1 for \"%s\"\n", filename); - free(file.data); - return 1; - } - } - - free(file.data); - return 0; -} - -int ShowLicenses() { - ShowBSDiffLicense(); - return 0; -} - -ssize_t FileSink(const unsigned char* data, ssize_t len, void* token) { - int fd = *(int *)token; - ssize_t done = 0; - ssize_t wrote; - while (done < (ssize_t) len) { - wrote = TEMP_FAILURE_RETRY(write(fd, data+done, len-done)); - if (wrote == -1) { - printf("error writing %d bytes: %s\n", (int)(len-done), strerror(errno)); - return done; - } - done += wrote; - } - return done; -} - -typedef struct { - unsigned char* buffer; - ssize_t size; - ssize_t pos; -} MemorySinkInfo; - -ssize_t MemorySink(const unsigned char* data, ssize_t len, void* token) { - MemorySinkInfo* msi = (MemorySinkInfo*)token; - if (msi->size - msi->pos < len) { - return -1; - } - memcpy(msi->buffer + msi->pos, data, len); - msi->pos += len; - return len; -} - -// Return the amount of free space (in bytes) on the filesystem -// containing filename. filename must exist. Return -1 on error. -size_t FreeSpaceForFile(const char* filename) { - struct statfs sf; - if (statfs(filename, &sf) != 0) { - printf("failed to statfs %s: %s\n", filename, strerror(errno)); - return -1; - } - return sf.f_bsize * sf.f_bavail; -} - -int CacheSizeCheck(size_t bytes) { - if (MakeFreeSpaceOnCache(bytes) < 0) { - printf("unable to make %ld bytes available on /cache\n", (long)bytes); - return 1; - } else { - return 0; - } -} - -static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { - int i; - const char* hex = "0123456789abcdef"; - for (i = 0; i < 4; ++i) { - putchar(hex[(sha1[i]>>4) & 0xf]); - putchar(hex[sha1[i] & 0xf]); - } -} - -// This function applies binary patches to files in a way that is safe -// (the original file is not touched until we have the desired -// replacement for it) and idempotent (it's okay to run this program -// multiple times). -// -// - if the sha1 hash of is , -// does nothing and exits successfully. -// -// - otherwise, if the sha1 hash of is one of the -// entries in , the corresponding patch from -// (which must be a VAL_BLOB) is applied to produce a -// new file (the type of patch is automatically detected from the -// blob daat). If that new file has sha1 hash , -// moves it to replace , and exits successfully. -// Note that if and are not the -// same, is NOT deleted on success. -// may be the string "-" to mean "the same as -// source_filename". -// -// - otherwise, or if any error is encountered, exits with non-zero -// status. -// -// may refer to a partition to read the source data. -// See the comments for the LoadPartition Contents() function above -// for the format of such a filename. - -int applypatch(const char* source_filename, - const char* target_filename, - const char* target_sha1_str, - size_t target_size, - int num_patches, - char** const patch_sha1_str, - Value** patch_data, - Value* bonus_data) { - printf("patch %s: ", source_filename); - - if (target_filename[0] == '-' && - target_filename[1] == '\0') { - target_filename = source_filename; - } - - uint8_t target_sha1[SHA_DIGEST_SIZE]; - if (ParseSha1(target_sha1_str, target_sha1) != 0) { - printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); - return 1; - } - - FileContents copy_file; - FileContents source_file; - copy_file.data = NULL; - source_file.data = NULL; - const Value* source_patch_value = NULL; - const Value* copy_patch_value = NULL; - - // We try to load the target file into the source_file object. - if (LoadFileContents(target_filename, &source_file) == 0) { - if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { - // The early-exit case: the patch was already applied, this file - // has the desired hash, nothing for us to do. - printf("already "); - print_short_sha1(target_sha1); - putchar('\n'); - free(source_file.data); - return 0; - } - } - - if (source_file.data == NULL || - (target_filename != source_filename && - strcmp(target_filename, source_filename) != 0)) { - // Need to load the source file: either we failed to load the - // target file, or we did but it's different from the source file. - free(source_file.data); - source_file.data = NULL; - LoadFileContents(source_filename, &source_file); - } - - if (source_file.data != NULL) { - int to_use = FindMatchingPatch(source_file.sha1, - patch_sha1_str, num_patches); - if (to_use >= 0) { - source_patch_value = patch_data[to_use]; - } - } - - if (source_patch_value == NULL) { - free(source_file.data); - source_file.data = NULL; - printf("source file is bad; trying copy\n"); - - if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file) < 0) { - // fail. - printf("failed to read copy file\n"); - return 1; - } - - int to_use = FindMatchingPatch(copy_file.sha1, - patch_sha1_str, num_patches); - if (to_use >= 0) { - copy_patch_value = patch_data[to_use]; - } - - if (copy_patch_value == NULL) { - // fail. - printf("copy file doesn't match source SHA-1s either\n"); - free(copy_file.data); - return 1; - } - } - - int result = GenerateTarget(&source_file, source_patch_value, - ©_file, copy_patch_value, - source_filename, target_filename, - target_sha1, target_size, bonus_data); - free(source_file.data); - free(copy_file.data); - - return result; -} - -static int GenerateTarget(FileContents* source_file, - const Value* source_patch_value, - FileContents* copy_file, - const Value* copy_patch_value, - const char* source_filename, - const char* target_filename, - const uint8_t target_sha1[SHA_DIGEST_SIZE], - size_t target_size, - const Value* bonus_data) { - int retry = 1; - SHA_CTX ctx; - int output; - MemorySinkInfo msi; - FileContents* source_to_use; - char* outname; - int made_copy = 0; - - // assume that target_filename (eg "/system/app/Foo.apk") is located - // on the same filesystem as its top-level directory ("/system"). - // We need something that exists for calling statfs(). - char target_fs[strlen(target_filename)+1]; - char* slash = strchr(target_filename+1, '/'); - if (slash != NULL) { - int count = slash - target_filename; - strncpy(target_fs, target_filename, count); - target_fs[count] = '\0'; - } else { - strcpy(target_fs, target_filename); - } - - do { - // Is there enough room in the target filesystem to hold the patched - // file? - - if (strncmp(target_filename, "MTD:", 4) == 0 || - strncmp(target_filename, "EMMC:", 5) == 0) { - // If the target is a partition, we're actually going to - // write the output to /tmp and then copy it to the - // partition. statfs() always returns 0 blocks free for - // /tmp, so instead we'll just assume that /tmp has enough - // space to hold the file. - - // We still write the original source to cache, in case - // the partition write is interrupted. - if (MakeFreeSpaceOnCache(source_file->size) < 0) { - printf("not enough free space on /cache\n"); - return 1; - } - if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { - printf("failed to back up source file\n"); - return 1; - } - made_copy = 1; - retry = 0; - } else { - int enough_space = 0; - if (retry > 0) { - size_t free_space = FreeSpaceForFile(target_fs); - enough_space = - (free_space > (256 << 10)) && // 256k (two-block) minimum - (free_space > (target_size * 3 / 2)); // 50% margin of error - if (!enough_space) { - printf("target %ld bytes; free space %ld bytes; retry %d; enough %d\n", - (long)target_size, (long)free_space, retry, enough_space); - } - } - - if (!enough_space) { - retry = 0; - } - - if (!enough_space && source_patch_value != NULL) { - // Using the original source, but not enough free space. First - // copy the source file to cache, then delete it from the original - // location. - - if (strncmp(source_filename, "MTD:", 4) == 0 || - strncmp(source_filename, "EMMC:", 5) == 0) { - // It's impossible to free space on the target filesystem by - // deleting the source if the source is a partition. If - // we're ever in a state where we need to do this, fail. - printf("not enough free space for target but source " - "is partition\n"); - return 1; - } - - if (MakeFreeSpaceOnCache(source_file->size) < 0) { - printf("not enough free space on /cache\n"); - return 1; - } - - if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { - printf("failed to back up source file\n"); - return 1; - } - made_copy = 1; - unlink(source_filename); - - size_t free_space = FreeSpaceForFile(target_fs); - printf("(now %ld bytes free for target) ", (long)free_space); - } - } - - const Value* patch; - if (source_patch_value != NULL) { - source_to_use = source_file; - patch = source_patch_value; - } else { - source_to_use = copy_file; - patch = copy_patch_value; - } - - if (patch->type != VAL_BLOB) { - printf("patch is not a blob\n"); - return 1; - } - - SinkFn sink = NULL; - void* token = NULL; - output = -1; - outname = NULL; - if (strncmp(target_filename, "MTD:", 4) == 0 || - strncmp(target_filename, "EMMC:", 5) == 0) { - // We store the decoded output in memory. - msi.buffer = malloc(target_size); - if (msi.buffer == NULL) { - printf("failed to alloc %ld bytes for output\n", - (long)target_size); - return 1; - } - msi.pos = 0; - msi.size = target_size; - sink = MemorySink; - token = &msi; - } else { - // We write the decoded output to ".patch". - outname = (char*)malloc(strlen(target_filename) + 10); - strcpy(outname, target_filename); - strcat(outname, ".patch"); - - output = open(outname, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, - S_IRUSR | S_IWUSR); - if (output < 0) { - printf("failed to open output file %s: %s\n", - outname, strerror(errno)); - return 1; - } - sink = FileSink; - token = &output; - } - - char* header = patch->data; - ssize_t header_bytes_read = patch->size; - - SHA_init(&ctx); - - int result; - - if (header_bytes_read >= 8 && - memcmp(header, "BSDIFF40", 8) == 0) { - result = ApplyBSDiffPatch(source_to_use->data, source_to_use->size, - patch, 0, sink, token, &ctx); - } else if (header_bytes_read >= 8 && - memcmp(header, "IMGDIFF2", 8) == 0) { - result = ApplyImagePatch(source_to_use->data, source_to_use->size, - patch, sink, token, &ctx, bonus_data); - } else { - printf("Unknown patch file format\n"); - return 1; - } - - if (output >= 0) { - if (fsync(output) != 0) { - printf("failed to fsync file \"%s\" (%s)\n", outname, strerror(errno)); - result = 1; - } - if (close(output) != 0) { - printf("failed to close file \"%s\" (%s)\n", outname, strerror(errno)); - result = 1; - } - } - - if (result != 0) { - if (retry == 0) { - printf("applying patch failed\n"); - return result != 0; - } else { - printf("applying patch failed; retrying\n"); - } - if (outname != NULL) { - unlink(outname); - } - } else { - // succeeded; no need to retry - break; - } - } while (retry-- > 0); - - const uint8_t* current_target_sha1 = SHA_final(&ctx); - if (memcmp(current_target_sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { - printf("patch did not produce expected sha1\n"); - return 1; - } else { - printf("now "); - print_short_sha1(target_sha1); - putchar('\n'); - } - - if (output < 0) { - // Copy the temp file to the partition. - if (WriteToPartition(msi.buffer, msi.pos, target_filename) != 0) { - printf("write of patched data to %s failed\n", target_filename); - return 1; - } - free(msi.buffer); - } else { - // Give the .patch file the same owner, group, and mode of the - // original source file. - if (chmod(outname, source_to_use->st.st_mode) != 0) { - printf("chmod of \"%s\" failed: %s\n", outname, strerror(errno)); - return 1; - } - if (chown(outname, source_to_use->st.st_uid, - source_to_use->st.st_gid) != 0) { - printf("chown of \"%s\" failed: %s\n", outname, strerror(errno)); - return 1; - } - - // Finally, rename the .patch file to replace the target file. - if (rename(outname, target_filename) != 0) { - printf("rename of .patch to \"%s\" failed: %s\n", - target_filename, strerror(errno)); - return 1; - } - } - - // If this run of applypatch created the copy, and we're here, we - // can delete it. - if (made_copy) unlink(CACHE_TEMP_SOURCE); - - // Success! - return 0; -} diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp new file mode 100644 index 000000000..96bd88e88 --- /dev/null +++ b/applypatch/applypatch.cpp @@ -0,0 +1,1025 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "mincrypt/sha.h" +#include "applypatch.h" +#include "mtdutils/mtdutils.h" +#include "edify/expr.h" + +static int LoadPartitionContents(const char* filename, FileContents* file); +static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token); +static int GenerateTarget(FileContents* source_file, + const Value* source_patch_value, + FileContents* copy_file, + const Value* copy_patch_value, + const char* source_filename, + const char* target_filename, + const uint8_t target_sha1[SHA_DIGEST_SIZE], + size_t target_size, + const Value* bonus_data); + +static int mtd_partitions_scanned = 0; + +// Read a file into memory; store the file contents and associated +// metadata in *file. +// +// Return 0 on success. +int LoadFileContents(const char* filename, FileContents* file) { + file->data = NULL; + + // A special 'filename' beginning with "MTD:" or "EMMC:" means to + // load the contents of a partition. + if (strncmp(filename, "MTD:", 4) == 0 || + strncmp(filename, "EMMC:", 5) == 0) { + return LoadPartitionContents(filename, file); + } + + if (stat(filename, &file->st) != 0) { + printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); + return -1; + } + + file->size = file->st.st_size; + file->data = reinterpret_cast(malloc(file->size)); + + FILE* f = fopen(filename, "rb"); + if (f == NULL) { + printf("failed to open \"%s\": %s\n", filename, strerror(errno)); + free(file->data); + file->data = NULL; + return -1; + } + + size_t bytes_read = fread(file->data, 1, file->size, f); + if (bytes_read != static_cast(file->size)) { + printf("short read of \"%s\" (%zu bytes of %zd)\n", filename, bytes_read, file->size); + free(file->data); + file->data = NULL; + return -1; + } + fclose(f); + + SHA_hash(file->data, file->size, file->sha1); + return 0; +} + +static size_t* size_array; +// comparison function for qsort()ing an int array of indexes into +// size_array[]. +static int compare_size_indices(const void* a, const void* b) { + const int aa = *reinterpret_cast(a); + const int bb = *reinterpret_cast(b); + if (size_array[aa] < size_array[bb]) { + return -1; + } else if (size_array[aa] > size_array[bb]) { + return 1; + } else { + return 0; + } +} + +// Load the contents of an MTD or EMMC partition into the provided +// FileContents. filename should be a string of the form +// "MTD::::::..." (or +// "EMMC::..."). The smallest size_n bytes for +// which that prefix of the partition contents has the corresponding +// sha1 hash will be loaded. It is acceptable for a size value to be +// repeated with different sha1s. Will return 0 on success. +// +// This complexity is needed because if an OTA installation is +// interrupted, the partition might contain either the source or the +// target data, which might be of different lengths. We need to know +// the length in order to read from a partition (there is no +// "end-of-file" marker), so the caller must specify the possible +// lengths and the hash of the data, and we'll do the load expecting +// to find one of those hashes. +enum PartitionType { MTD, EMMC }; + +static int LoadPartitionContents(const char* filename, FileContents* file) { + char* copy = strdup(filename); + const char* magic = strtok(copy, ":"); + + enum PartitionType type; + + if (strcmp(magic, "MTD") == 0) { + type = MTD; + } else if (strcmp(magic, "EMMC") == 0) { + type = EMMC; + } else { + printf("LoadPartitionContents called with bad filename (%s)\n", filename); + return -1; + } + const char* partition = strtok(NULL, ":"); + + int i; + int colons = 0; + for (i = 0; filename[i] != '\0'; ++i) { + if (filename[i] == ':') { + ++colons; + } + } + if (colons < 3 || colons%2 == 0) { + printf("LoadPartitionContents called with bad filename (%s)\n", + filename); + } + + int pairs = (colons-1)/2; // # of (size,sha1) pairs in filename + int* index = reinterpret_cast(malloc(pairs * sizeof(int))); + size_t* size = reinterpret_cast(malloc(pairs * sizeof(size_t))); + char** sha1sum = reinterpret_cast(malloc(pairs * sizeof(char*))); + + for (i = 0; i < pairs; ++i) { + const char* size_str = strtok(NULL, ":"); + size[i] = strtol(size_str, NULL, 10); + if (size[i] == 0) { + printf("LoadPartitionContents called with bad size (%s)\n", filename); + return -1; + } + sha1sum[i] = strtok(NULL, ":"); + index[i] = i; + } + + // sort the index[] array so it indexes the pairs in order of + // increasing size. + size_array = size; + qsort(index, pairs, sizeof(int), compare_size_indices); + + MtdReadContext* ctx = NULL; + FILE* dev = NULL; + + switch (type) { + case MTD: { + if (!mtd_partitions_scanned) { + mtd_scan_partitions(); + mtd_partitions_scanned = 1; + } + + const MtdPartition* mtd = mtd_find_partition_by_name(partition); + if (mtd == NULL) { + printf("mtd partition \"%s\" not found (loading %s)\n", + partition, filename); + return -1; + } + + ctx = mtd_read_partition(mtd); + if (ctx == NULL) { + printf("failed to initialize read of mtd partition \"%s\"\n", + partition); + return -1; + } + break; + } + + case EMMC: + dev = fopen(partition, "rb"); + if (dev == NULL) { + printf("failed to open emmc partition \"%s\": %s\n", + partition, strerror(errno)); + return -1; + } + } + + SHA_CTX sha_ctx; + SHA_init(&sha_ctx); + uint8_t parsed_sha[SHA_DIGEST_SIZE]; + + // allocate enough memory to hold the largest size. + file->data = reinterpret_cast(malloc(size[index[pairs-1]])); + char* p = (char*)file->data; + file->size = 0; // # bytes read so far + + for (i = 0; i < pairs; ++i) { + // Read enough additional bytes to get us up to the next size + // (again, we're trying the possibilities in order of increasing + // size). + size_t next = size[index[i]] - file->size; + size_t read = 0; + if (next > 0) { + switch (type) { + case MTD: + read = mtd_read_data(ctx, p, next); + break; + + case EMMC: + read = fread(p, 1, next, dev); + break; + } + if (next != read) { + printf("short read (%zu bytes of %zu) for partition \"%s\"\n", + read, next, partition); + free(file->data); + file->data = NULL; + return -1; + } + SHA_update(&sha_ctx, p, read); + file->size += read; + } + + // Duplicate the SHA context and finalize the duplicate so we can + // check it against this pair's expected hash. + SHA_CTX temp_ctx; + memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); + const uint8_t* sha_so_far = SHA_final(&temp_ctx); + + if (ParseSha1(sha1sum[index[i]], parsed_sha) != 0) { + printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]], filename); + free(file->data); + file->data = NULL; + return -1; + } + + if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_SIZE) == 0) { + // we have a match. stop reading the partition; we'll return + // the data we've read so far. + printf("partition read matched size %zu sha %s\n", + size[index[i]], sha1sum[index[i]]); + break; + } + + p += read; + } + + switch (type) { + case MTD: + mtd_read_close(ctx); + break; + + case EMMC: + fclose(dev); + break; + } + + + if (i == pairs) { + // Ran off the end of the list of (size,sha1) pairs without + // finding a match. + printf("contents of partition \"%s\" didn't match %s\n", partition, filename); + free(file->data); + file->data = NULL; + return -1; + } + + const uint8_t* sha_final = SHA_final(&sha_ctx); + for (size_t i = 0; i < SHA_DIGEST_SIZE; ++i) { + file->sha1[i] = sha_final[i]; + } + + // Fake some stat() info. + file->st.st_mode = 0644; + file->st.st_uid = 0; + file->st.st_gid = 0; + + free(copy); + free(index); + free(size); + free(sha1sum); + + return 0; +} + + +// Save the contents of the given FileContents object under the given +// filename. Return 0 on success. +int SaveFileContents(const char* filename, const FileContents* file) { + int fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); + if (fd < 0) { + printf("failed to open \"%s\" for write: %s\n", filename, strerror(errno)); + return -1; + } + + ssize_t bytes_written = FileSink(file->data, file->size, &fd); + if (bytes_written != file->size) { + printf("short write of \"%s\" (%zd bytes of %zd) (%s)\n", + filename, bytes_written, file->size, strerror(errno)); + close(fd); + return -1; + } + if (fsync(fd) != 0) { + printf("fsync of \"%s\" failed: %s\n", filename, strerror(errno)); + return -1; + } + if (close(fd) != 0) { + printf("close of \"%s\" failed: %s\n", filename, strerror(errno)); + return -1; + } + + if (chmod(filename, file->st.st_mode) != 0) { + printf("chmod of \"%s\" failed: %s\n", filename, strerror(errno)); + return -1; + } + if (chown(filename, file->st.st_uid, file->st.st_gid) != 0) { + printf("chown of \"%s\" failed: %s\n", filename, strerror(errno)); + return -1; + } + + return 0; +} + +// Write a memory buffer to 'target' partition, a string of the form +// "MTD:[:...]" or "EMMC::". Return 0 on +// success. +int WriteToPartition(unsigned char* data, size_t len, const char* target) { + char* copy = strdup(target); + const char* magic = strtok(copy, ":"); + + enum PartitionType type; + if (strcmp(magic, "MTD") == 0) { + type = MTD; + } else if (strcmp(magic, "EMMC") == 0) { + type = EMMC; + } else { + printf("WriteToPartition called with bad target (%s)\n", target); + return -1; + } + const char* partition = strtok(NULL, ":"); + + if (partition == NULL) { + printf("bad partition target name \"%s\"\n", target); + return -1; + } + + switch (type) { + case MTD: { + if (!mtd_partitions_scanned) { + mtd_scan_partitions(); + mtd_partitions_scanned = 1; + } + + const MtdPartition* mtd = mtd_find_partition_by_name(partition); + if (mtd == NULL) { + printf("mtd partition \"%s\" not found for writing\n", partition); + return -1; + } + + MtdWriteContext* ctx = mtd_write_partition(mtd); + if (ctx == NULL) { + printf("failed to init mtd partition \"%s\" for writing\n", partition); + return -1; + } + + size_t written = mtd_write_data(ctx, reinterpret_cast(data), len); + if (written != len) { + printf("only wrote %zu of %zu bytes to MTD %s\n", written, len, partition); + mtd_write_close(ctx); + return -1; + } + + if (mtd_erase_blocks(ctx, -1) < 0) { + printf("error finishing mtd write of %s\n", partition); + mtd_write_close(ctx); + return -1; + } + + if (mtd_write_close(ctx)) { + printf("error closing mtd write of %s\n", partition); + return -1; + } + break; + } + + case EMMC: { + size_t start = 0; + bool success = false; + int fd = open(partition, O_RDWR | O_SYNC); + if (fd < 0) { + printf("failed to open %s: %s\n", partition, strerror(errno)); + return -1; + } + + for (int attempt = 0; attempt < 2; ++attempt) { + if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1) { + printf("failed seek on %s: %s\n", partition, strerror(errno)); + return -1; + } + while (start < len) { + size_t to_write = len - start; + if (to_write > 1<<20) to_write = 1<<20; + + ssize_t written = TEMP_FAILURE_RETRY(write(fd, data+start, to_write)); + if (written == -1) { + printf("failed write writing to %s: %s\n", partition, strerror(errno)); + return -1; + } + start += written; + } + if (fsync(fd) != 0) { + printf("failed to sync to %s (%s)\n", partition, strerror(errno)); + return -1; + } + if (close(fd) != 0) { + printf("failed to close %s (%s)\n", partition, strerror(errno)); + return -1; + } + fd = open(partition, O_RDONLY); + if (fd < 0) { + printf("failed to reopen %s for verify (%s)\n", partition, strerror(errno)); + return -1; + } + + // Drop caches so our subsequent verification read + // won't just be reading the cache. + sync(); + int dc = open("/proc/sys/vm/drop_caches", O_WRONLY); + if (TEMP_FAILURE_RETRY(write(dc, "3\n", 2)) == -1) { + printf("write to /proc/sys/vm/drop_caches failed: %s\n", strerror(errno)); + } else { + printf(" caches dropped\n"); + } + close(dc); + sleep(1); + + // verify + if (TEMP_FAILURE_RETRY(lseek(fd, 0, SEEK_SET)) == -1) { + printf("failed to seek back to beginning of %s: %s\n", + partition, strerror(errno)); + return -1; + } + unsigned char buffer[4096]; + start = len; + for (size_t p = 0; p < len; p += sizeof(buffer)) { + size_t to_read = len - p; + if (to_read > sizeof(buffer)) { + to_read = sizeof(buffer); + } + + size_t so_far = 0; + while (so_far < to_read) { + ssize_t read_count = + TEMP_FAILURE_RETRY(read(fd, buffer+so_far, to_read-so_far)); + if (read_count == -1) { + printf("verify read error %s at %zu: %s\n", + partition, p, strerror(errno)); + return -1; + } + if (static_cast(read_count) < to_read) { + printf("short verify read %s at %zu: %zd %zu %s\n", + partition, p, read_count, to_read, strerror(errno)); + } + so_far += read_count; + } + + if (memcmp(buffer, data+p, to_read) != 0) { + printf("verification failed starting at %zu\n", p); + start = p; + break; + } + } + + if (start == len) { + printf("verification read succeeded (attempt %d)\n", attempt+1); + success = true; + break; + } + } + + if (!success) { + printf("failed to verify after all attempts\n"); + return -1; + } + + if (close(fd) != 0) { + printf("error closing %s (%s)\n", partition, strerror(errno)); + return -1; + } + sync(); + break; + } + } + + free(copy); + return 0; +} + + +// Take a string 'str' of 40 hex digits and parse it into the 20 +// byte array 'digest'. 'str' may contain only the digest or be of +// the form ":". Return 0 on success, -1 on any +// error. +int ParseSha1(const char* str, uint8_t* digest) { + const char* ps = str; + uint8_t* pd = digest; + for (int i = 0; i < SHA_DIGEST_SIZE * 2; ++i, ++ps) { + int digit; + if (*ps >= '0' && *ps <= '9') { + digit = *ps - '0'; + } else if (*ps >= 'a' && *ps <= 'f') { + digit = *ps - 'a' + 10; + } else if (*ps >= 'A' && *ps <= 'F') { + digit = *ps - 'A' + 10; + } else { + return -1; + } + if (i % 2 == 0) { + *pd = digit << 4; + } else { + *pd |= digit; + ++pd; + } + } + if (*ps != '\0') return -1; + return 0; +} + +// Search an array of sha1 strings for one matching the given sha1. +// Return the index of the match on success, or -1 if no match is +// found. +int FindMatchingPatch(uint8_t* sha1, char* const * const patch_sha1_str, + int num_patches) { + uint8_t patch_sha1[SHA_DIGEST_SIZE]; + for (int i = 0; i < num_patches; ++i) { + if (ParseSha1(patch_sha1_str[i], patch_sha1) == 0 && + memcmp(patch_sha1, sha1, SHA_DIGEST_SIZE) == 0) { + return i; + } + } + return -1; +} + +// Returns 0 if the contents of the file (argv[2]) or the cached file +// match any of the sha1's on the command line (argv[3:]). Returns +// nonzero otherwise. +int applypatch_check(const char* filename, int num_patches, + char** const patch_sha1_str) { + FileContents file; + file.data = NULL; + + // It's okay to specify no sha1s; the check will pass if the + // LoadFileContents is successful. (Useful for reading + // partitions, where the filename encodes the sha1s; no need to + // check them twice.) + if (LoadFileContents(filename, &file) != 0 || + (num_patches > 0 && + FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0)) { + printf("file \"%s\" doesn't have any of expected " + "sha1 sums; checking cache\n", filename); + + free(file.data); + file.data = NULL; + + // If the source file is missing or corrupted, it might be because + // we were killed in the middle of patching it. A copy of it + // should have been made in CACHE_TEMP_SOURCE. If that file + // exists and matches the sha1 we're looking for, the check still + // passes. + + if (LoadFileContents(CACHE_TEMP_SOURCE, &file) != 0) { + printf("failed to load cache file\n"); + return 1; + } + + if (FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0) { + printf("cache bits don't match any sha1 for \"%s\"\n", filename); + free(file.data); + return 1; + } + } + + free(file.data); + return 0; +} + +int ShowLicenses() { + ShowBSDiffLicense(); + return 0; +} + +ssize_t FileSink(const unsigned char* data, ssize_t len, void* token) { + int fd = *reinterpret_cast(token); + ssize_t done = 0; + ssize_t wrote; + while (done < len) { + wrote = TEMP_FAILURE_RETRY(write(fd, data+done, len-done)); + if (wrote == -1) { + printf("error writing %zd bytes: %s\n", (len-done), strerror(errno)); + return done; + } + done += wrote; + } + return done; +} + +typedef struct { + unsigned char* buffer; + ssize_t size; + ssize_t pos; +} MemorySinkInfo; + +ssize_t MemorySink(const unsigned char* data, ssize_t len, void* token) { + MemorySinkInfo* msi = reinterpret_cast(token); + if (msi->size - msi->pos < len) { + return -1; + } + memcpy(msi->buffer + msi->pos, data, len); + msi->pos += len; + return len; +} + +// Return the amount of free space (in bytes) on the filesystem +// containing filename. filename must exist. Return -1 on error. +size_t FreeSpaceForFile(const char* filename) { + struct statfs sf; + if (statfs(filename, &sf) != 0) { + printf("failed to statfs %s: %s\n", filename, strerror(errno)); + return -1; + } + return sf.f_bsize * sf.f_bavail; +} + +int CacheSizeCheck(size_t bytes) { + if (MakeFreeSpaceOnCache(bytes) < 0) { + printf("unable to make %ld bytes available on /cache\n", (long)bytes); + return 1; + } else { + return 0; + } +} + +static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { + const char* hex = "0123456789abcdef"; + for (size_t i = 0; i < 4; ++i) { + putchar(hex[(sha1[i]>>4) & 0xf]); + putchar(hex[sha1[i] & 0xf]); + } +} + +// This function applies binary patches to files in a way that is safe +// (the original file is not touched until we have the desired +// replacement for it) and idempotent (it's okay to run this program +// multiple times). +// +// - if the sha1 hash of is , +// does nothing and exits successfully. +// +// - otherwise, if the sha1 hash of is one of the +// entries in , the corresponding patch from +// (which must be a VAL_BLOB) is applied to produce a +// new file (the type of patch is automatically detected from the +// blob daat). If that new file has sha1 hash , +// moves it to replace , and exits successfully. +// Note that if and are not the +// same, is NOT deleted on success. +// may be the string "-" to mean "the same as +// source_filename". +// +// - otherwise, or if any error is encountered, exits with non-zero +// status. +// +// may refer to a partition to read the source data. +// See the comments for the LoadPartition Contents() function above +// for the format of such a filename. + +int applypatch(const char* source_filename, + const char* target_filename, + const char* target_sha1_str, + size_t target_size, + int num_patches, + char** const patch_sha1_str, + Value** patch_data, + Value* bonus_data) { + printf("patch %s: ", source_filename); + + if (target_filename[0] == '-' && target_filename[1] == '\0') { + target_filename = source_filename; + } + + uint8_t target_sha1[SHA_DIGEST_SIZE]; + if (ParseSha1(target_sha1_str, target_sha1) != 0) { + printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); + return 1; + } + + FileContents copy_file; + FileContents source_file; + copy_file.data = NULL; + source_file.data = NULL; + const Value* source_patch_value = NULL; + const Value* copy_patch_value = NULL; + + // We try to load the target file into the source_file object. + if (LoadFileContents(target_filename, &source_file) == 0) { + if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { + // The early-exit case: the patch was already applied, this file + // has the desired hash, nothing for us to do. + printf("already "); + print_short_sha1(target_sha1); + putchar('\n'); + free(source_file.data); + return 0; + } + } + + if (source_file.data == NULL || + (target_filename != source_filename && + strcmp(target_filename, source_filename) != 0)) { + // Need to load the source file: either we failed to load the + // target file, or we did but it's different from the source file. + free(source_file.data); + source_file.data = NULL; + LoadFileContents(source_filename, &source_file); + } + + if (source_file.data != NULL) { + int to_use = FindMatchingPatch(source_file.sha1, patch_sha1_str, num_patches); + if (to_use >= 0) { + source_patch_value = patch_data[to_use]; + } + } + + if (source_patch_value == NULL) { + free(source_file.data); + source_file.data = NULL; + printf("source file is bad; trying copy\n"); + + if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file) < 0) { + // fail. + printf("failed to read copy file\n"); + return 1; + } + + int to_use = FindMatchingPatch(copy_file.sha1, patch_sha1_str, num_patches); + if (to_use >= 0) { + copy_patch_value = patch_data[to_use]; + } + + if (copy_patch_value == NULL) { + // fail. + printf("copy file doesn't match source SHA-1s either\n"); + free(copy_file.data); + return 1; + } + } + + int result = GenerateTarget(&source_file, source_patch_value, + ©_file, copy_patch_value, + source_filename, target_filename, + target_sha1, target_size, bonus_data); + free(source_file.data); + free(copy_file.data); + + return result; +} + +static int GenerateTarget(FileContents* source_file, + const Value* source_patch_value, + FileContents* copy_file, + const Value* copy_patch_value, + const char* source_filename, + const char* target_filename, + const uint8_t target_sha1[SHA_DIGEST_SIZE], + size_t target_size, + const Value* bonus_data) { + int retry = 1; + SHA_CTX ctx; + int output; + MemorySinkInfo msi; + FileContents* source_to_use; + char* outname; + int made_copy = 0; + + // assume that target_filename (eg "/system/app/Foo.apk") is located + // on the same filesystem as its top-level directory ("/system"). + // We need something that exists for calling statfs(). + char target_fs[strlen(target_filename)+1]; + char* slash = strchr(target_filename+1, '/'); + if (slash != NULL) { + int count = slash - target_filename; + strncpy(target_fs, target_filename, count); + target_fs[count] = '\0'; + } else { + strcpy(target_fs, target_filename); + } + + do { + // Is there enough room in the target filesystem to hold the patched + // file? + + if (strncmp(target_filename, "MTD:", 4) == 0 || + strncmp(target_filename, "EMMC:", 5) == 0) { + // If the target is a partition, we're actually going to + // write the output to /tmp and then copy it to the + // partition. statfs() always returns 0 blocks free for + // /tmp, so instead we'll just assume that /tmp has enough + // space to hold the file. + + // We still write the original source to cache, in case + // the partition write is interrupted. + if (MakeFreeSpaceOnCache(source_file->size) < 0) { + printf("not enough free space on /cache\n"); + return 1; + } + if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { + printf("failed to back up source file\n"); + return 1; + } + made_copy = 1; + retry = 0; + } else { + int enough_space = 0; + if (retry > 0) { + size_t free_space = FreeSpaceForFile(target_fs); + enough_space = + (free_space > (256 << 10)) && // 256k (two-block) minimum + (free_space > (target_size * 3 / 2)); // 50% margin of error + if (!enough_space) { + printf("target %zu bytes; free space %zu bytes; retry %d; enough %d\n", + target_size, free_space, retry, enough_space); + } + } + + if (!enough_space) { + retry = 0; + } + + if (!enough_space && source_patch_value != NULL) { + // Using the original source, but not enough free space. First + // copy the source file to cache, then delete it from the original + // location. + + if (strncmp(source_filename, "MTD:", 4) == 0 || + strncmp(source_filename, "EMMC:", 5) == 0) { + // It's impossible to free space on the target filesystem by + // deleting the source if the source is a partition. If + // we're ever in a state where we need to do this, fail. + printf("not enough free space for target but source is partition\n"); + return 1; + } + + if (MakeFreeSpaceOnCache(source_file->size) < 0) { + printf("not enough free space on /cache\n"); + return 1; + } + + if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { + printf("failed to back up source file\n"); + return 1; + } + made_copy = 1; + unlink(source_filename); + + size_t free_space = FreeSpaceForFile(target_fs); + printf("(now %zu bytes free for target) ", free_space); + } + } + + const Value* patch; + if (source_patch_value != NULL) { + source_to_use = source_file; + patch = source_patch_value; + } else { + source_to_use = copy_file; + patch = copy_patch_value; + } + + if (patch->type != VAL_BLOB) { + printf("patch is not a blob\n"); + return 1; + } + + SinkFn sink = NULL; + void* token = NULL; + output = -1; + outname = NULL; + if (strncmp(target_filename, "MTD:", 4) == 0 || + strncmp(target_filename, "EMMC:", 5) == 0) { + // We store the decoded output in memory. + msi.buffer = reinterpret_cast(malloc(target_size)); + if (msi.buffer == NULL) { + printf("failed to alloc %zu bytes for output\n", target_size); + return 1; + } + msi.pos = 0; + msi.size = target_size; + sink = MemorySink; + token = &msi; + } else { + // We write the decoded output to ".patch". + outname = reinterpret_cast(malloc(strlen(target_filename) + 10)); + strcpy(outname, target_filename); + strcat(outname, ".patch"); + + output = open(outname, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); + if (output < 0) { + printf("failed to open output file %s: %s\n", + outname, strerror(errno)); + return 1; + } + sink = FileSink; + token = &output; + } + + char* header = patch->data; + ssize_t header_bytes_read = patch->size; + + SHA_init(&ctx); + + int result; + + if (header_bytes_read >= 8 && + memcmp(header, "BSDIFF40", 8) == 0) { + result = ApplyBSDiffPatch(source_to_use->data, source_to_use->size, + patch, 0, sink, token, &ctx); + } else if (header_bytes_read >= 8 && + memcmp(header, "IMGDIFF2", 8) == 0) { + result = ApplyImagePatch(source_to_use->data, source_to_use->size, + patch, sink, token, &ctx, bonus_data); + } else { + printf("Unknown patch file format\n"); + return 1; + } + + if (output >= 0) { + if (fsync(output) != 0) { + printf("failed to fsync file \"%s\" (%s)\n", outname, strerror(errno)); + result = 1; + } + if (close(output) != 0) { + printf("failed to close file \"%s\" (%s)\n", outname, strerror(errno)); + result = 1; + } + } + + if (result != 0) { + if (retry == 0) { + printf("applying patch failed\n"); + return result != 0; + } else { + printf("applying patch failed; retrying\n"); + } + if (outname != NULL) { + unlink(outname); + } + } else { + // succeeded; no need to retry + break; + } + } while (retry-- > 0); + + const uint8_t* current_target_sha1 = SHA_final(&ctx); + if (memcmp(current_target_sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { + printf("patch did not produce expected sha1\n"); + return 1; + } else { + printf("now "); + print_short_sha1(target_sha1); + putchar('\n'); + } + + if (output < 0) { + // Copy the temp file to the partition. + if (WriteToPartition(msi.buffer, msi.pos, target_filename) != 0) { + printf("write of patched data to %s failed\n", target_filename); + return 1; + } + free(msi.buffer); + } else { + // Give the .patch file the same owner, group, and mode of the + // original source file. + if (chmod(outname, source_to_use->st.st_mode) != 0) { + printf("chmod of \"%s\" failed: %s\n", outname, strerror(errno)); + return 1; + } + if (chown(outname, source_to_use->st.st_uid, source_to_use->st.st_gid) != 0) { + printf("chown of \"%s\" failed: %s\n", outname, strerror(errno)); + return 1; + } + + // Finally, rename the .patch file to replace the target file. + if (rename(outname, target_filename) != 0) { + printf("rename of .patch to \"%s\" failed: %s\n", target_filename, strerror(errno)); + return 1; + } + } + + // If this run of applypatch created the copy, and we're here, we + // can delete it. + if (made_copy) { + unlink(CACHE_TEMP_SOURCE); + } + + // Success! + return 0; +} diff --git a/applypatch/bsdiff.c b/applypatch/bsdiff.c deleted file mode 100644 index b6d342b7a..000000000 --- a/applypatch/bsdiff.c +++ /dev/null @@ -1,410 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * Most of this code comes from bsdiff.c from the bsdiff-4.3 - * distribution, which is: - */ - -/*- - * Copyright 2003-2005 Colin Percival - * All rights reserved - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted providing that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING - * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#include - -#include -#include -#include -#include -#include -#include -#include - -#define MIN(x,y) (((x)<(y)) ? (x) : (y)) - -static void split(off_t *I,off_t *V,off_t start,off_t len,off_t h) -{ - off_t i,j,k,x,tmp,jj,kk; - - if(len<16) { - for(k=start;kstart) split(I,V,start,jj-start,h); - - for(i=0;ikk) split(I,V,kk,start+len-kk,h); -} - -static void qsufsort(off_t *I,off_t *V,u_char *old,off_t oldsize) -{ - off_t buckets[256]; - off_t i,h,len; - - for(i=0;i<256;i++) buckets[i]=0; - for(i=0;i0;i--) buckets[i]=buckets[i-1]; - buckets[0]=0; - - for(i=0;iy) { - *pos=I[st]; - return x; - } else { - *pos=I[en]; - return y; - } - }; - - x=st+(en-st)/2; - if(memcmp(old+I[x],new,MIN(oldsize-I[x],newsize))<0) { - return search(I,old,oldsize,new,newsize,x,en,pos); - } else { - return search(I,old,oldsize,new,newsize,st,x,pos); - }; -} - -static void offtout(off_t x,u_char *buf) -{ - off_t y; - - if(x<0) y=-x; else y=x; - - buf[0]=y%256;y-=buf[0]; - y=y/256;buf[1]=y%256;y-=buf[1]; - y=y/256;buf[2]=y%256;y-=buf[2]; - y=y/256;buf[3]=y%256;y-=buf[3]; - y=y/256;buf[4]=y%256;y-=buf[4]; - y=y/256;buf[5]=y%256;y-=buf[5]; - y=y/256;buf[6]=y%256;y-=buf[6]; - y=y/256;buf[7]=y%256; - - if(x<0) buf[7]|=0x80; -} - -// This is main() from bsdiff.c, with the following changes: -// -// - old, oldsize, new, newsize are arguments; we don't load this -// data from files. old and new are owned by the caller; we -// don't free them at the end. -// -// - the "I" block of memory is owned by the caller, who passes a -// pointer to *I, which can be NULL. This way if we call -// bsdiff() multiple times with the same 'old' data, we only do -// the qsufsort() step the first time. -// -int bsdiff(u_char* old, off_t oldsize, off_t** IP, u_char* new, off_t newsize, - const char* patch_filename) -{ - int fd; - off_t *I; - off_t scan,pos,len; - off_t lastscan,lastpos,lastoffset; - off_t oldscore,scsc; - off_t s,Sf,lenf,Sb,lenb; - off_t overlap,Ss,lens; - off_t i; - off_t dblen,eblen; - u_char *db,*eb; - u_char buf[8]; - u_char header[32]; - FILE * pf; - BZFILE * pfbz2; - int bz2err; - - if (*IP == NULL) { - off_t* V; - *IP = malloc((oldsize+1) * sizeof(off_t)); - V = malloc((oldsize+1) * sizeof(off_t)); - qsufsort(*IP, V, old, oldsize); - free(V); - } - I = *IP; - - if(((db=malloc(newsize+1))==NULL) || - ((eb=malloc(newsize+1))==NULL)) err(1,NULL); - dblen=0; - eblen=0; - - /* Create the patch file */ - if ((pf = fopen(patch_filename, "w")) == NULL) - err(1, "%s", patch_filename); - - /* Header is - 0 8 "BSDIFF40" - 8 8 length of bzip2ed ctrl block - 16 8 length of bzip2ed diff block - 24 8 length of new file */ - /* File is - 0 32 Header - 32 ?? Bzip2ed ctrl block - ?? ?? Bzip2ed diff block - ?? ?? Bzip2ed extra block */ - memcpy(header,"BSDIFF40",8); - offtout(0, header + 8); - offtout(0, header + 16); - offtout(newsize, header + 24); - if (fwrite(header, 32, 1, pf) != 1) - err(1, "fwrite(%s)", patch_filename); - - /* Compute the differences, writing ctrl as we go */ - if ((pfbz2 = BZ2_bzWriteOpen(&bz2err, pf, 9, 0, 0)) == NULL) - errx(1, "BZ2_bzWriteOpen, bz2err = %d", bz2err); - scan=0;len=0; - lastscan=0;lastpos=0;lastoffset=0; - while(scanoldscore+8)) break; - - if((scan+lastoffsetSf*2-lenf) { Sf=s; lenf=i; }; - }; - - lenb=0; - if(scan=lastscan+i)&&(pos>=i);i++) { - if(old[pos-i]==new[scan-i]) s++; - if(s*2-i>Sb*2-lenb) { Sb=s; lenb=i; }; - }; - }; - - if(lastscan+lenf>scan-lenb) { - overlap=(lastscan+lenf)-(scan-lenb); - s=0;Ss=0;lens=0; - for(i=0;iSs) { Ss=s; lens=i+1; }; - }; - - lenf+=lens-overlap; - lenb-=lens; - }; - - for(i=0;i + +#include +#include +#include +#include +#include +#include +#include + +#define MIN(x,y) (((x)<(y)) ? (x) : (y)) + +static void split(off_t *I,off_t *V,off_t start,off_t len,off_t h) +{ + off_t i,j,k,x,tmp,jj,kk; + + if(len<16) { + for(k=start;kstart) split(I,V,start,jj-start,h); + + for(i=0;ikk) split(I,V,kk,start+len-kk,h); +} + +static void qsufsort(off_t *I,off_t *V,u_char *old,off_t oldsize) +{ + off_t buckets[256]; + off_t i,h,len; + + for(i=0;i<256;i++) buckets[i]=0; + for(i=0;i0;i--) buckets[i]=buckets[i-1]; + buckets[0]=0; + + for(i=0;iy) { + *pos=I[st]; + return x; + } else { + *pos=I[en]; + return y; + } + }; + + x=st+(en-st)/2; + if(memcmp(old+I[x],newdata,MIN(oldsize-I[x],newsize))<0) { + return search(I,old,oldsize,newdata,newsize,x,en,pos); + } else { + return search(I,old,oldsize,newdata,newsize,st,x,pos); + }; +} + +static void offtout(off_t x,u_char *buf) +{ + off_t y; + + if(x<0) y=-x; else y=x; + + buf[0]=y%256;y-=buf[0]; + y=y/256;buf[1]=y%256;y-=buf[1]; + y=y/256;buf[2]=y%256;y-=buf[2]; + y=y/256;buf[3]=y%256;y-=buf[3]; + y=y/256;buf[4]=y%256;y-=buf[4]; + y=y/256;buf[5]=y%256;y-=buf[5]; + y=y/256;buf[6]=y%256;y-=buf[6]; + y=y/256;buf[7]=y%256; + + if(x<0) buf[7]|=0x80; +} + +// This is main() from bsdiff.c, with the following changes: +// +// - old, oldsize, newdata, newsize are arguments; we don't load this +// data from files. old and newdata are owned by the caller; we +// don't free them at the end. +// +// - the "I" block of memory is owned by the caller, who passes a +// pointer to *I, which can be NULL. This way if we call +// bsdiff() multiple times with the same 'old' data, we only do +// the qsufsort() step the first time. +// +int bsdiff(u_char* old, off_t oldsize, off_t** IP, u_char* newdata, off_t newsize, + const char* patch_filename) +{ + int fd; + off_t *I; + off_t scan,pos,len; + off_t lastscan,lastpos,lastoffset; + off_t oldscore,scsc; + off_t s,Sf,lenf,Sb,lenb; + off_t overlap,Ss,lens; + off_t i; + off_t dblen,eblen; + u_char *db,*eb; + u_char buf[8]; + u_char header[32]; + FILE * pf; + BZFILE * pfbz2; + int bz2err; + + if (*IP == NULL) { + off_t* V; + *IP = reinterpret_cast(malloc((oldsize+1) * sizeof(off_t))); + V = reinterpret_cast(malloc((oldsize+1) * sizeof(off_t))); + qsufsort(*IP, V, old, oldsize); + free(V); + } + I = *IP; + + if(((db=reinterpret_cast(malloc(newsize+1)))==NULL) || + ((eb=reinterpret_cast(malloc(newsize+1)))==NULL)) err(1,NULL); + dblen=0; + eblen=0; + + /* Create the patch file */ + if ((pf = fopen(patch_filename, "w")) == NULL) + err(1, "%s", patch_filename); + + /* Header is + 0 8 "BSDIFF40" + 8 8 length of bzip2ed ctrl block + 16 8 length of bzip2ed diff block + 24 8 length of new file */ + /* File is + 0 32 Header + 32 ?? Bzip2ed ctrl block + ?? ?? Bzip2ed diff block + ?? ?? Bzip2ed extra block */ + memcpy(header,"BSDIFF40",8); + offtout(0, header + 8); + offtout(0, header + 16); + offtout(newsize, header + 24); + if (fwrite(header, 32, 1, pf) != 1) + err(1, "fwrite(%s)", patch_filename); + + /* Compute the differences, writing ctrl as we go */ + if ((pfbz2 = BZ2_bzWriteOpen(&bz2err, pf, 9, 0, 0)) == NULL) + errx(1, "BZ2_bzWriteOpen, bz2err = %d", bz2err); + scan=0;len=0; + lastscan=0;lastpos=0;lastoffset=0; + while(scanoldscore+8)) break; + + if((scan+lastoffsetSf*2-lenf) { Sf=s; lenf=i; }; + }; + + lenb=0; + if(scan=lastscan+i)&&(pos>=i);i++) { + if(old[pos-i]==newdata[scan-i]) s++; + if(s*2-i>Sb*2-lenb) { Sb=s; lenb=i; }; + }; + }; + + if(lastscan+lenf>scan-lenb) { + overlap=(lastscan+lenf)-(scan-lenb); + s=0;Ss=0;lens=0; + for(i=0;iSs) { Ss=s; lens=i+1; }; + }; + + lenf+=lens-overlap; + lenb-=lens; + }; + + for(i=0;i -#include -#include -#include -#include -#include - -#include - -#include "mincrypt/sha.h" -#include "applypatch.h" - -void ShowBSDiffLicense() { - puts("The bsdiff library used herein is:\n" - "\n" - "Copyright 2003-2005 Colin Percival\n" - "All rights reserved\n" - "\n" - "Redistribution and use in source and binary forms, with or without\n" - "modification, are permitted providing that the following conditions\n" - "are met:\n" - "1. Redistributions of source code must retain the above copyright\n" - " notice, this list of conditions and the following disclaimer.\n" - "2. Redistributions in binary form must reproduce the above copyright\n" - " notice, this list of conditions and the following disclaimer in the\n" - " documentation and/or other materials provided with the distribution.\n" - "\n" - "THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n" - "IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n" - "WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n" - "ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY\n" - "DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n" - "DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n" - "OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n" - "HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n" - "STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING\n" - "IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\n" - "POSSIBILITY OF SUCH DAMAGE.\n" - "\n------------------\n\n" - "This program uses Julian R Seward's \"libbzip2\" library, available\n" - "from http://www.bzip.org/.\n" - ); -} - -static off_t offtin(u_char *buf) -{ - off_t y; - - y=buf[7]&0x7F; - y=y*256;y+=buf[6]; - y=y*256;y+=buf[5]; - y=y*256;y+=buf[4]; - y=y*256;y+=buf[3]; - y=y*256;y+=buf[2]; - y=y*256;y+=buf[1]; - y=y*256;y+=buf[0]; - - if(buf[7]&0x80) y=-y; - - return y; -} - -int FillBuffer(unsigned char* buffer, int size, bz_stream* stream) { - stream->next_out = (char*)buffer; - stream->avail_out = size; - while (stream->avail_out > 0) { - int bzerr = BZ2_bzDecompress(stream); - if (bzerr != BZ_OK && bzerr != BZ_STREAM_END) { - printf("bz error %d decompressing\n", bzerr); - return -1; - } - if (stream->avail_out > 0) { - printf("need %d more bytes\n", stream->avail_out); - } - } - return 0; -} - -int ApplyBSDiffPatch(const unsigned char* old_data, ssize_t old_size, - const Value* patch, ssize_t patch_offset, - SinkFn sink, void* token, SHA_CTX* ctx) { - - unsigned char* new_data; - ssize_t new_size; - if (ApplyBSDiffPatchMem(old_data, old_size, patch, patch_offset, - &new_data, &new_size) != 0) { - return -1; - } - - if (sink(new_data, new_size, token) < new_size) { - printf("short write of output: %d (%s)\n", errno, strerror(errno)); - return 1; - } - if (ctx) SHA_update(ctx, new_data, new_size); - free(new_data); - - return 0; -} - -int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size, - const Value* patch, ssize_t patch_offset, - unsigned char** new_data, ssize_t* new_size) { - // Patch data format: - // 0 8 "BSDIFF40" - // 8 8 X - // 16 8 Y - // 24 8 sizeof(newfile) - // 32 X bzip2(control block) - // 32+X Y bzip2(diff block) - // 32+X+Y ??? bzip2(extra block) - // with control block a set of triples (x,y,z) meaning "add x bytes - // from oldfile to x bytes from the diff block; copy y bytes from the - // extra block; seek forwards in oldfile by z bytes". - - unsigned char* header = (unsigned char*) patch->data + patch_offset; - if (memcmp(header, "BSDIFF40", 8) != 0) { - printf("corrupt bsdiff patch file header (magic number)\n"); - return 1; - } - - ssize_t ctrl_len, data_len; - ctrl_len = offtin(header+8); - data_len = offtin(header+16); - *new_size = offtin(header+24); - - if (ctrl_len < 0 || data_len < 0 || *new_size < 0) { - printf("corrupt patch file header (data lengths)\n"); - return 1; - } - - int bzerr; - - bz_stream cstream; - cstream.next_in = patch->data + patch_offset + 32; - cstream.avail_in = ctrl_len; - cstream.bzalloc = NULL; - cstream.bzfree = NULL; - cstream.opaque = NULL; - if ((bzerr = BZ2_bzDecompressInit(&cstream, 0, 0)) != BZ_OK) { - printf("failed to bzinit control stream (%d)\n", bzerr); - } - - bz_stream dstream; - dstream.next_in = patch->data + patch_offset + 32 + ctrl_len; - dstream.avail_in = data_len; - dstream.bzalloc = NULL; - dstream.bzfree = NULL; - dstream.opaque = NULL; - if ((bzerr = BZ2_bzDecompressInit(&dstream, 0, 0)) != BZ_OK) { - printf("failed to bzinit diff stream (%d)\n", bzerr); - } - - bz_stream estream; - estream.next_in = patch->data + patch_offset + 32 + ctrl_len + data_len; - estream.avail_in = patch->size - (patch_offset + 32 + ctrl_len + data_len); - estream.bzalloc = NULL; - estream.bzfree = NULL; - estream.opaque = NULL; - if ((bzerr = BZ2_bzDecompressInit(&estream, 0, 0)) != BZ_OK) { - printf("failed to bzinit extra stream (%d)\n", bzerr); - } - - *new_data = malloc(*new_size); - if (*new_data == NULL) { - printf("failed to allocate %ld bytes of memory for output file\n", - (long)*new_size); - return 1; - } - - off_t oldpos = 0, newpos = 0; - off_t ctrl[3]; - off_t len_read; - int i; - unsigned char buf[24]; - while (newpos < *new_size) { - // Read control data - if (FillBuffer(buf, 24, &cstream) != 0) { - printf("error while reading control stream\n"); - return 1; - } - ctrl[0] = offtin(buf); - ctrl[1] = offtin(buf+8); - ctrl[2] = offtin(buf+16); - - if (ctrl[0] < 0 || ctrl[1] < 0) { - printf("corrupt patch (negative byte counts)\n"); - return 1; - } - - // Sanity check - if (newpos + ctrl[0] > *new_size) { - printf("corrupt patch (new file overrun)\n"); - return 1; - } - - // Read diff string - if (FillBuffer(*new_data + newpos, ctrl[0], &dstream) != 0) { - printf("error while reading diff stream\n"); - return 1; - } - - // Add old data to diff string - for (i = 0; i < ctrl[0]; ++i) { - if ((oldpos+i >= 0) && (oldpos+i < old_size)) { - (*new_data)[newpos+i] += old_data[oldpos+i]; - } - } - - // Adjust pointers - newpos += ctrl[0]; - oldpos += ctrl[0]; - - // Sanity check - if (newpos + ctrl[1] > *new_size) { - printf("corrupt patch (new file overrun)\n"); - return 1; - } - - // Read extra string - if (FillBuffer(*new_data + newpos, ctrl[1], &estream) != 0) { - printf("error while reading extra stream\n"); - return 1; - } - - // Adjust pointers - newpos += ctrl[1]; - oldpos += ctrl[2]; - } - - BZ2_bzDecompressEnd(&cstream); - BZ2_bzDecompressEnd(&dstream); - BZ2_bzDecompressEnd(&estream); - return 0; -} diff --git a/applypatch/bspatch.cpp b/applypatch/bspatch.cpp new file mode 100644 index 000000000..9d201b477 --- /dev/null +++ b/applypatch/bspatch.cpp @@ -0,0 +1,255 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// This file is a nearly line-for-line copy of bspatch.c from the +// bsdiff-4.3 distribution; the primary differences being how the +// input and output data are read and the error handling. Running +// applypatch with the -l option will display the bsdiff license +// notice. + +#include +#include +#include +#include +#include +#include + +#include + +#include "mincrypt/sha.h" +#include "applypatch.h" + +void ShowBSDiffLicense() { + puts("The bsdiff library used herein is:\n" + "\n" + "Copyright 2003-2005 Colin Percival\n" + "All rights reserved\n" + "\n" + "Redistribution and use in source and binary forms, with or without\n" + "modification, are permitted providing that the following conditions\n" + "are met:\n" + "1. Redistributions of source code must retain the above copyright\n" + " notice, this list of conditions and the following disclaimer.\n" + "2. Redistributions in binary form must reproduce the above copyright\n" + " notice, this list of conditions and the following disclaimer in the\n" + " documentation and/or other materials provided with the distribution.\n" + "\n" + "THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n" + "IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n" + "WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n" + "ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY\n" + "DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n" + "DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n" + "OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n" + "HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n" + "STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING\n" + "IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\n" + "POSSIBILITY OF SUCH DAMAGE.\n" + "\n------------------\n\n" + "This program uses Julian R Seward's \"libbzip2\" library, available\n" + "from http://www.bzip.org/.\n" + ); +} + +static off_t offtin(u_char *buf) +{ + off_t y; + + y=buf[7]&0x7F; + y=y*256;y+=buf[6]; + y=y*256;y+=buf[5]; + y=y*256;y+=buf[4]; + y=y*256;y+=buf[3]; + y=y*256;y+=buf[2]; + y=y*256;y+=buf[1]; + y=y*256;y+=buf[0]; + + if(buf[7]&0x80) y=-y; + + return y; +} + +int FillBuffer(unsigned char* buffer, int size, bz_stream* stream) { + stream->next_out = (char*)buffer; + stream->avail_out = size; + while (stream->avail_out > 0) { + int bzerr = BZ2_bzDecompress(stream); + if (bzerr != BZ_OK && bzerr != BZ_STREAM_END) { + printf("bz error %d decompressing\n", bzerr); + return -1; + } + if (stream->avail_out > 0) { + printf("need %d more bytes\n", stream->avail_out); + } + } + return 0; +} + +int ApplyBSDiffPatch(const unsigned char* old_data, ssize_t old_size, + const Value* patch, ssize_t patch_offset, + SinkFn sink, void* token, SHA_CTX* ctx) { + + unsigned char* new_data; + ssize_t new_size; + if (ApplyBSDiffPatchMem(old_data, old_size, patch, patch_offset, + &new_data, &new_size) != 0) { + return -1; + } + + if (sink(new_data, new_size, token) < new_size) { + printf("short write of output: %d (%s)\n", errno, strerror(errno)); + return 1; + } + if (ctx) SHA_update(ctx, new_data, new_size); + free(new_data); + + return 0; +} + +int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size, + const Value* patch, ssize_t patch_offset, + unsigned char** new_data, ssize_t* new_size) { + // Patch data format: + // 0 8 "BSDIFF40" + // 8 8 X + // 16 8 Y + // 24 8 sizeof(newfile) + // 32 X bzip2(control block) + // 32+X Y bzip2(diff block) + // 32+X+Y ??? bzip2(extra block) + // with control block a set of triples (x,y,z) meaning "add x bytes + // from oldfile to x bytes from the diff block; copy y bytes from the + // extra block; seek forwards in oldfile by z bytes". + + unsigned char* header = (unsigned char*) patch->data + patch_offset; + if (memcmp(header, "BSDIFF40", 8) != 0) { + printf("corrupt bsdiff patch file header (magic number)\n"); + return 1; + } + + ssize_t ctrl_len, data_len; + ctrl_len = offtin(header+8); + data_len = offtin(header+16); + *new_size = offtin(header+24); + + if (ctrl_len < 0 || data_len < 0 || *new_size < 0) { + printf("corrupt patch file header (data lengths)\n"); + return 1; + } + + int bzerr; + + bz_stream cstream; + cstream.next_in = patch->data + patch_offset + 32; + cstream.avail_in = ctrl_len; + cstream.bzalloc = NULL; + cstream.bzfree = NULL; + cstream.opaque = NULL; + if ((bzerr = BZ2_bzDecompressInit(&cstream, 0, 0)) != BZ_OK) { + printf("failed to bzinit control stream (%d)\n", bzerr); + } + + bz_stream dstream; + dstream.next_in = patch->data + patch_offset + 32 + ctrl_len; + dstream.avail_in = data_len; + dstream.bzalloc = NULL; + dstream.bzfree = NULL; + dstream.opaque = NULL; + if ((bzerr = BZ2_bzDecompressInit(&dstream, 0, 0)) != BZ_OK) { + printf("failed to bzinit diff stream (%d)\n", bzerr); + } + + bz_stream estream; + estream.next_in = patch->data + patch_offset + 32 + ctrl_len + data_len; + estream.avail_in = patch->size - (patch_offset + 32 + ctrl_len + data_len); + estream.bzalloc = NULL; + estream.bzfree = NULL; + estream.opaque = NULL; + if ((bzerr = BZ2_bzDecompressInit(&estream, 0, 0)) != BZ_OK) { + printf("failed to bzinit extra stream (%d)\n", bzerr); + } + + *new_data = reinterpret_cast(malloc(*new_size)); + if (*new_data == NULL) { + printf("failed to allocate %zd bytes of memory for output file\n", *new_size); + return 1; + } + + off_t oldpos = 0, newpos = 0; + off_t ctrl[3]; + off_t len_read; + int i; + unsigned char buf[24]; + while (newpos < *new_size) { + // Read control data + if (FillBuffer(buf, 24, &cstream) != 0) { + printf("error while reading control stream\n"); + return 1; + } + ctrl[0] = offtin(buf); + ctrl[1] = offtin(buf+8); + ctrl[2] = offtin(buf+16); + + if (ctrl[0] < 0 || ctrl[1] < 0) { + printf("corrupt patch (negative byte counts)\n"); + return 1; + } + + // Sanity check + if (newpos + ctrl[0] > *new_size) { + printf("corrupt patch (new file overrun)\n"); + return 1; + } + + // Read diff string + if (FillBuffer(*new_data + newpos, ctrl[0], &dstream) != 0) { + printf("error while reading diff stream\n"); + return 1; + } + + // Add old data to diff string + for (i = 0; i < ctrl[0]; ++i) { + if ((oldpos+i >= 0) && (oldpos+i < old_size)) { + (*new_data)[newpos+i] += old_data[oldpos+i]; + } + } + + // Adjust pointers + newpos += ctrl[0]; + oldpos += ctrl[0]; + + // Sanity check + if (newpos + ctrl[1] > *new_size) { + printf("corrupt patch (new file overrun)\n"); + return 1; + } + + // Read extra string + if (FillBuffer(*new_data + newpos, ctrl[1], &estream) != 0) { + printf("error while reading extra stream\n"); + return 1; + } + + // Adjust pointers + newpos += ctrl[1]; + oldpos += ctrl[2]; + } + + BZ2_bzDecompressEnd(&cstream); + BZ2_bzDecompressEnd(&dstream); + BZ2_bzDecompressEnd(&estream); + return 0; +} diff --git a/applypatch/freecache.c b/applypatch/freecache.c deleted file mode 100644 index 9827fda06..000000000 --- a/applypatch/freecache.c +++ /dev/null @@ -1,172 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "applypatch.h" - -static int EliminateOpenFiles(char** files, int file_count) { - DIR* d; - struct dirent* de; - d = opendir("/proc"); - if (d == NULL) { - printf("error opening /proc: %s\n", strerror(errno)); - return -1; - } - while ((de = readdir(d)) != 0) { - int i; - for (i = 0; de->d_name[i] != '\0' && isdigit(de->d_name[i]); ++i); - if (de->d_name[i]) continue; - - // de->d_name[i] is numeric - - char path[FILENAME_MAX]; - strcpy(path, "/proc/"); - strcat(path, de->d_name); - strcat(path, "/fd/"); - - DIR* fdd; - struct dirent* fdde; - fdd = opendir(path); - if (fdd == NULL) { - printf("error opening %s: %s\n", path, strerror(errno)); - continue; - } - while ((fdde = readdir(fdd)) != 0) { - char fd_path[FILENAME_MAX]; - char link[FILENAME_MAX]; - strcpy(fd_path, path); - strcat(fd_path, fdde->d_name); - - int count; - count = readlink(fd_path, link, sizeof(link)-1); - if (count >= 0) { - link[count] = '\0'; - - // This is inefficient, but it should only matter if there are - // lots of files in /cache, and lots of them are open (neither - // of which should be true, especially in recovery). - if (strncmp(link, "/cache/", 7) == 0) { - int j; - for (j = 0; j < file_count; ++j) { - if (files[j] && strcmp(files[j], link) == 0) { - printf("%s is open by %s\n", link, de->d_name); - free(files[j]); - files[j] = NULL; - } - } - } - } - } - closedir(fdd); - } - closedir(d); - - return 0; -} - -int FindExpendableFiles(char*** names, int* entries) { - DIR* d; - struct dirent* de; - int size = 32; - *entries = 0; - *names = malloc(size * sizeof(char*)); - - char path[FILENAME_MAX]; - - // We're allowed to delete unopened regular files in any of these - // directories. - const char* dirs[2] = {"/cache", "/cache/recovery/otatest"}; - - unsigned int i; - for (i = 0; i < sizeof(dirs)/sizeof(dirs[0]); ++i) { - d = opendir(dirs[i]); - if (d == NULL) { - printf("error opening %s: %s\n", dirs[i], strerror(errno)); - continue; - } - - // Look for regular files in the directory (not in any subdirectories). - while ((de = readdir(d)) != 0) { - strcpy(path, dirs[i]); - strcat(path, "/"); - strcat(path, de->d_name); - - // We can't delete CACHE_TEMP_SOURCE; if it's there we might have - // restarted during installation and could be depending on it to - // be there. - if (strcmp(path, CACHE_TEMP_SOURCE) == 0) continue; - - struct stat st; - if (stat(path, &st) == 0 && S_ISREG(st.st_mode)) { - if (*entries >= size) { - size *= 2; - *names = realloc(*names, size * sizeof(char*)); - } - (*names)[(*entries)++] = strdup(path); - } - } - - closedir(d); - } - - printf("%d regular files in deletable directories\n", *entries); - - if (EliminateOpenFiles(*names, *entries) < 0) { - return -1; - } - - return 0; -} - -int MakeFreeSpaceOnCache(size_t bytes_needed) { - size_t free_now = FreeSpaceForFile("/cache"); - printf("%ld bytes free on /cache (%ld needed)\n", - (long)free_now, (long)bytes_needed); - - if (free_now >= bytes_needed) { - return 0; - } - - char** names; - int entries; - - if (FindExpendableFiles(&names, &entries) < 0) { - return -1; - } - - if (entries == 0) { - // nothing we can delete to free up space! - printf("no files can be deleted to free space on /cache\n"); - return -1; - } - - // We could try to be smarter about which files to delete: the - // biggest ones? the smallest ones that will free up enough space? - // the oldest? the newest? - // - // Instead, we'll be dumb. - - int i; - for (i = 0; i < entries && free_now < bytes_needed; ++i) { - if (names[i]) { - unlink(names[i]); - free_now = FreeSpaceForFile("/cache"); - printf("deleted %s; now %ld bytes free\n", names[i], (long)free_now); - free(names[i]); - } - } - - for (; i < entries; ++i) { - free(names[i]); - } - free(names); - - return (free_now >= bytes_needed) ? 0 : -1; -} diff --git a/applypatch/freecache.cpp b/applypatch/freecache.cpp new file mode 100644 index 000000000..2eb2f55ef --- /dev/null +++ b/applypatch/freecache.cpp @@ -0,0 +1,186 @@ +/* + * Copyright (C) 2010 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "applypatch.h" + +static int EliminateOpenFiles(char** files, int file_count) { + DIR* d; + struct dirent* de; + d = opendir("/proc"); + if (d == NULL) { + printf("error opening /proc: %s\n", strerror(errno)); + return -1; + } + while ((de = readdir(d)) != 0) { + int i; + for (i = 0; de->d_name[i] != '\0' && isdigit(de->d_name[i]); ++i); + if (de->d_name[i]) continue; + + // de->d_name[i] is numeric + + char path[FILENAME_MAX]; + strcpy(path, "/proc/"); + strcat(path, de->d_name); + strcat(path, "/fd/"); + + DIR* fdd; + struct dirent* fdde; + fdd = opendir(path); + if (fdd == NULL) { + printf("error opening %s: %s\n", path, strerror(errno)); + continue; + } + while ((fdde = readdir(fdd)) != 0) { + char fd_path[FILENAME_MAX]; + char link[FILENAME_MAX]; + strcpy(fd_path, path); + strcat(fd_path, fdde->d_name); + + int count; + count = readlink(fd_path, link, sizeof(link)-1); + if (count >= 0) { + link[count] = '\0'; + + // This is inefficient, but it should only matter if there are + // lots of files in /cache, and lots of them are open (neither + // of which should be true, especially in recovery). + if (strncmp(link, "/cache/", 7) == 0) { + int j; + for (j = 0; j < file_count; ++j) { + if (files[j] && strcmp(files[j], link) == 0) { + printf("%s is open by %s\n", link, de->d_name); + free(files[j]); + files[j] = NULL; + } + } + } + } + } + closedir(fdd); + } + closedir(d); + + return 0; +} + +int FindExpendableFiles(char*** names, int* entries) { + DIR* d; + struct dirent* de; + int size = 32; + *entries = 0; + *names = reinterpret_cast(malloc(size * sizeof(char*))); + + char path[FILENAME_MAX]; + + // We're allowed to delete unopened regular files in any of these + // directories. + const char* dirs[2] = {"/cache", "/cache/recovery/otatest"}; + + for (size_t i = 0; i < sizeof(dirs)/sizeof(dirs[0]); ++i) { + d = opendir(dirs[i]); + if (d == NULL) { + printf("error opening %s: %s\n", dirs[i], strerror(errno)); + continue; + } + + // Look for regular files in the directory (not in any subdirectories). + while ((de = readdir(d)) != 0) { + strcpy(path, dirs[i]); + strcat(path, "/"); + strcat(path, de->d_name); + + // We can't delete CACHE_TEMP_SOURCE; if it's there we might have + // restarted during installation and could be depending on it to + // be there. + if (strcmp(path, CACHE_TEMP_SOURCE) == 0) continue; + + struct stat st; + if (stat(path, &st) == 0 && S_ISREG(st.st_mode)) { + if (*entries >= size) { + size *= 2; + *names = reinterpret_cast(realloc(*names, size * sizeof(char*))); + } + (*names)[(*entries)++] = strdup(path); + } + } + + closedir(d); + } + + printf("%d regular files in deletable directories\n", *entries); + + if (EliminateOpenFiles(*names, *entries) < 0) { + return -1; + } + + return 0; +} + +int MakeFreeSpaceOnCache(size_t bytes_needed) { + size_t free_now = FreeSpaceForFile("/cache"); + printf("%zu bytes free on /cache (%zu needed)\n", free_now, bytes_needed); + + if (free_now >= bytes_needed) { + return 0; + } + + char** names; + int entries; + + if (FindExpendableFiles(&names, &entries) < 0) { + return -1; + } + + if (entries == 0) { + // nothing we can delete to free up space! + printf("no files can be deleted to free space on /cache\n"); + return -1; + } + + // We could try to be smarter about which files to delete: the + // biggest ones? the smallest ones that will free up enough space? + // the oldest? the newest? + // + // Instead, we'll be dumb. + + int i; + for (i = 0; i < entries && free_now < bytes_needed; ++i) { + if (names[i]) { + unlink(names[i]); + free_now = FreeSpaceForFile("/cache"); + printf("deleted %s; now %zu bytes free\n", names[i], free_now); + free(names[i]); + } + } + + for (; i < entries; ++i) { + free(names[i]); + } + free(names); + + return (free_now >= bytes_needed) ? 0 : -1; +} diff --git a/applypatch/imgdiff.c b/applypatch/imgdiff.c deleted file mode 100644 index 3bac8be91..000000000 --- a/applypatch/imgdiff.c +++ /dev/null @@ -1,1060 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * This program constructs binary patches for images -- such as boot.img - * and recovery.img -- that consist primarily of large chunks of gzipped - * data interspersed with uncompressed data. Doing a naive bsdiff of - * these files is not useful because small changes in the data lead to - * large changes in the compressed bitstream; bsdiff patches of gzipped - * data are typically as large as the data itself. - * - * To patch these usefully, we break the source and target images up into - * chunks of two types: "normal" and "gzip". Normal chunks are simply - * patched using a plain bsdiff. Gzip chunks are first expanded, then a - * bsdiff is applied to the uncompressed data, then the patched data is - * gzipped using the same encoder parameters. Patched chunks are - * concatenated together to create the output file; the output image - * should be *exactly* the same series of bytes as the target image used - * originally to generate the patch. - * - * To work well with this tool, the gzipped sections of the target - * image must have been generated using the same deflate encoder that - * is available in applypatch, namely, the one in the zlib library. - * In practice this means that images should be compressed using the - * "minigzip" tool included in the zlib distribution, not the GNU gzip - * program. - * - * An "imgdiff" patch consists of a header describing the chunk structure - * of the file and any encoding parameters needed for the gzipped - * chunks, followed by N bsdiff patches, one per chunk. - * - * For a diff to be generated, the source and target images must have the - * same "chunk" structure: that is, the same number of gzipped and normal - * chunks in the same order. Android boot and recovery images currently - * consist of five chunks: a small normal header, a gzipped kernel, a - * small normal section, a gzipped ramdisk, and finally a small normal - * footer. - * - * Caveats: we locate gzipped sections within the source and target - * images by searching for the byte sequence 1f8b0800: 1f8b is the gzip - * magic number; 08 specifies the "deflate" encoding [the only encoding - * supported by the gzip standard]; and 00 is the flags byte. We do not - * currently support any extra header fields (which would be indicated by - * a nonzero flags byte). We also don't handle the case when that byte - * sequence appears spuriously in the file. (Note that it would have to - * occur spuriously within a normal chunk to be a problem.) - * - * - * The imgdiff patch header looks like this: - * - * "IMGDIFF1" (8) [magic number and version] - * chunk count (4) - * for each chunk: - * chunk type (4) [CHUNK_{NORMAL, GZIP, DEFLATE, RAW}] - * if chunk type == CHUNK_NORMAL: - * source start (8) - * source len (8) - * bsdiff patch offset (8) [from start of patch file] - * if chunk type == CHUNK_GZIP: (version 1 only) - * source start (8) - * source len (8) - * bsdiff patch offset (8) [from start of patch file] - * source expanded len (8) [size of uncompressed source] - * target expected len (8) [size of uncompressed target] - * gzip level (4) - * method (4) - * windowBits (4) - * memLevel (4) - * strategy (4) - * gzip header len (4) - * gzip header (gzip header len) - * gzip footer (8) - * if chunk type == CHUNK_DEFLATE: (version 2 only) - * source start (8) - * source len (8) - * bsdiff patch offset (8) [from start of patch file] - * source expanded len (8) [size of uncompressed source] - * target expected len (8) [size of uncompressed target] - * gzip level (4) - * method (4) - * windowBits (4) - * memLevel (4) - * strategy (4) - * if chunk type == RAW: (version 2 only) - * target len (4) - * data (target len) - * - * All integers are little-endian. "source start" and "source len" - * specify the section of the input image that comprises this chunk, - * including the gzip header and footer for gzip chunks. "source - * expanded len" is the size of the uncompressed source data. "target - * expected len" is the size of the uncompressed data after applying - * the bsdiff patch. The next five parameters specify the zlib - * parameters to be used when compressing the patched data, and the - * next three specify the header and footer to be wrapped around the - * compressed data to create the output chunk (so that header contents - * like the timestamp are recreated exactly). - * - * After the header there are 'chunk count' bsdiff patches; the offset - * of each from the beginning of the file is specified in the header. - * - * This tool can take an optional file of "bonus data". This is an - * extra file of data that is appended to chunk #1 after it is - * compressed (it must be a CHUNK_DEFLATE chunk). The same file must - * be available (and passed to applypatch with -b) when applying the - * patch. This is used to reduce the size of recovery-from-boot - * patches by combining the boot image with recovery ramdisk - * information that is stored on the system partition. - */ - -#include -#include -#include -#include -#include -#include -#include - -#include "zlib.h" -#include "imgdiff.h" -#include "utils.h" - -typedef struct { - int type; // CHUNK_NORMAL, CHUNK_DEFLATE - size_t start; // offset of chunk in original image file - - size_t len; - unsigned char* data; // data to be patched (uncompressed, for deflate chunks) - - size_t source_start; - size_t source_len; - - off_t* I; // used by bsdiff - - // --- for CHUNK_DEFLATE chunks only: --- - - // original (compressed) deflate data - size_t deflate_len; - unsigned char* deflate_data; - - char* filename; // used for zip entries - - // deflate encoder parameters - int level, method, windowBits, memLevel, strategy; - - size_t source_uncompressed_len; -} ImageChunk; - -typedef struct { - int data_offset; - int deflate_len; - int uncomp_len; - char* filename; -} ZipFileEntry; - -static int fileentry_compare(const void* a, const void* b) { - int ao = ((ZipFileEntry*)a)->data_offset; - int bo = ((ZipFileEntry*)b)->data_offset; - if (ao < bo) { - return -1; - } else if (ao > bo) { - return 1; - } else { - return 0; - } -} - -// from bsdiff.c -int bsdiff(u_char* old, off_t oldsize, off_t** IP, u_char* new, off_t newsize, - const char* patch_filename); - -unsigned char* ReadZip(const char* filename, - int* num_chunks, ImageChunk** chunks, - int include_pseudo_chunk) { - struct stat st; - if (stat(filename, &st) != 0) { - printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); - return NULL; - } - - unsigned char* img = malloc(st.st_size); - FILE* f = fopen(filename, "rb"); - if (fread(img, 1, st.st_size, f) != st.st_size) { - printf("failed to read \"%s\" %s\n", filename, strerror(errno)); - fclose(f); - return NULL; - } - fclose(f); - - // look for the end-of-central-directory record. - - int i; - for (i = st.st_size-20; i >= 0 && i > st.st_size - 65600; --i) { - if (img[i] == 0x50 && img[i+1] == 0x4b && - img[i+2] == 0x05 && img[i+3] == 0x06) { - break; - } - } - // double-check: this archive consists of a single "disk" - if (!(img[i+4] == 0 && img[i+5] == 0 && img[i+6] == 0 && img[i+7] == 0)) { - printf("can't process multi-disk archive\n"); - return NULL; - } - - int cdcount = Read2(img+i+8); - int cdoffset = Read4(img+i+16); - - ZipFileEntry* temp_entries = malloc(cdcount * sizeof(ZipFileEntry)); - int entrycount = 0; - - unsigned char* cd = img+cdoffset; - for (i = 0; i < cdcount; ++i) { - if (!(cd[0] == 0x50 && cd[1] == 0x4b && cd[2] == 0x01 && cd[3] == 0x02)) { - printf("bad central directory entry %d\n", i); - return NULL; - } - - int clen = Read4(cd+20); // compressed len - int ulen = Read4(cd+24); // uncompressed len - int nlen = Read2(cd+28); // filename len - int xlen = Read2(cd+30); // extra field len - int mlen = Read2(cd+32); // file comment len - int hoffset = Read4(cd+42); // local header offset - - char* filename = malloc(nlen+1); - memcpy(filename, cd+46, nlen); - filename[nlen] = '\0'; - - int method = Read2(cd+10); - - cd += 46 + nlen + xlen + mlen; - - if (method != 8) { // 8 == deflate - free(filename); - continue; - } - - unsigned char* lh = img + hoffset; - - if (!(lh[0] == 0x50 && lh[1] == 0x4b && lh[2] == 0x03 && lh[3] == 0x04)) { - printf("bad local file header entry %d\n", i); - return NULL; - } - - if (Read2(lh+26) != nlen || memcmp(lh+30, filename, nlen) != 0) { - printf("central dir filename doesn't match local header\n"); - return NULL; - } - - xlen = Read2(lh+28); // extra field len; might be different from CD entry? - - temp_entries[entrycount].data_offset = hoffset+30+nlen+xlen; - temp_entries[entrycount].deflate_len = clen; - temp_entries[entrycount].uncomp_len = ulen; - temp_entries[entrycount].filename = filename; - ++entrycount; - } - - qsort(temp_entries, entrycount, sizeof(ZipFileEntry), fileentry_compare); - -#if 0 - printf("found %d deflated entries\n", entrycount); - for (i = 0; i < entrycount; ++i) { - printf("off %10d len %10d unlen %10d %p %s\n", - temp_entries[i].data_offset, - temp_entries[i].deflate_len, - temp_entries[i].uncomp_len, - temp_entries[i].filename, - temp_entries[i].filename); - } -#endif - - *num_chunks = 0; - *chunks = malloc((entrycount*2+2) * sizeof(ImageChunk)); - ImageChunk* curr = *chunks; - - if (include_pseudo_chunk) { - curr->type = CHUNK_NORMAL; - curr->start = 0; - curr->len = st.st_size; - curr->data = img; - curr->filename = NULL; - curr->I = NULL; - ++curr; - ++*num_chunks; - } - - int pos = 0; - int nextentry = 0; - - while (pos < st.st_size) { - if (nextentry < entrycount && pos == temp_entries[nextentry].data_offset) { - curr->type = CHUNK_DEFLATE; - curr->start = pos; - curr->deflate_len = temp_entries[nextentry].deflate_len; - curr->deflate_data = img + pos; - curr->filename = temp_entries[nextentry].filename; - curr->I = NULL; - - curr->len = temp_entries[nextentry].uncomp_len; - curr->data = malloc(curr->len); - - z_stream strm; - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = curr->deflate_len; - strm.next_in = curr->deflate_data; - - // -15 means we are decoding a 'raw' deflate stream; zlib will - // not expect zlib headers. - int ret = inflateInit2(&strm, -15); - - strm.avail_out = curr->len; - strm.next_out = curr->data; - ret = inflate(&strm, Z_NO_FLUSH); - if (ret != Z_STREAM_END) { - printf("failed to inflate \"%s\"; %d\n", curr->filename, ret); - return NULL; - } - - inflateEnd(&strm); - - pos += curr->deflate_len; - ++nextentry; - ++*num_chunks; - ++curr; - continue; - } - - // use a normal chunk to take all the data up to the start of the - // next deflate section. - - curr->type = CHUNK_NORMAL; - curr->start = pos; - if (nextentry < entrycount) { - curr->len = temp_entries[nextentry].data_offset - pos; - } else { - curr->len = st.st_size - pos; - } - curr->data = img + pos; - curr->filename = NULL; - curr->I = NULL; - pos += curr->len; - - ++*num_chunks; - ++curr; - } - - free(temp_entries); - return img; -} - -/* - * Read the given file and break it up into chunks, putting the number - * of chunks and their info in *num_chunks and **chunks, - * respectively. Returns a malloc'd block of memory containing the - * contents of the file; various pointers in the output chunk array - * will point into this block of memory. The caller should free the - * return value when done with all the chunks. Returns NULL on - * failure. - */ -unsigned char* ReadImage(const char* filename, - int* num_chunks, ImageChunk** chunks) { - struct stat st; - if (stat(filename, &st) != 0) { - printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); - return NULL; - } - - unsigned char* img = malloc(st.st_size + 4); - FILE* f = fopen(filename, "rb"); - if (fread(img, 1, st.st_size, f) != st.st_size) { - printf("failed to read \"%s\" %s\n", filename, strerror(errno)); - fclose(f); - return NULL; - } - fclose(f); - - // append 4 zero bytes to the data so we can always search for the - // four-byte string 1f8b0800 starting at any point in the actual - // file data, without special-casing the end of the data. - memset(img+st.st_size, 0, 4); - - size_t pos = 0; - - *num_chunks = 0; - *chunks = NULL; - - while (pos < st.st_size) { - unsigned char* p = img+pos; - - if (st.st_size - pos >= 4 && - p[0] == 0x1f && p[1] == 0x8b && - p[2] == 0x08 && // deflate compression - p[3] == 0x00) { // no header flags - // 'pos' is the offset of the start of a gzip chunk. - size_t chunk_offset = pos; - - *num_chunks += 3; - *chunks = realloc(*chunks, *num_chunks * sizeof(ImageChunk)); - ImageChunk* curr = *chunks + (*num_chunks-3); - - // create a normal chunk for the header. - curr->start = pos; - curr->type = CHUNK_NORMAL; - curr->len = GZIP_HEADER_LEN; - curr->data = p; - curr->I = NULL; - - pos += curr->len; - p += curr->len; - ++curr; - - curr->type = CHUNK_DEFLATE; - curr->filename = NULL; - curr->I = NULL; - - // We must decompress this chunk in order to discover where it - // ends, and so we can put the uncompressed data and its length - // into curr->data and curr->len. - - size_t allocated = 32768; - curr->len = 0; - curr->data = malloc(allocated); - curr->start = pos; - curr->deflate_data = p; - - z_stream strm; - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = st.st_size - pos; - strm.next_in = p; - - // -15 means we are decoding a 'raw' deflate stream; zlib will - // not expect zlib headers. - int ret = inflateInit2(&strm, -15); - - do { - strm.avail_out = allocated - curr->len; - strm.next_out = curr->data + curr->len; - ret = inflate(&strm, Z_NO_FLUSH); - if (ret < 0) { - printf("Error: inflate failed [%s] at file offset [%zu]\n" - "imgdiff only supports gzip kernel compression," - " did you try CONFIG_KERNEL_LZO?\n", - strm.msg, chunk_offset); - free(img); - return NULL; - } - curr->len = allocated - strm.avail_out; - if (strm.avail_out == 0) { - allocated *= 2; - curr->data = realloc(curr->data, allocated); - } - } while (ret != Z_STREAM_END); - - curr->deflate_len = st.st_size - strm.avail_in - pos; - inflateEnd(&strm); - pos += curr->deflate_len; - p += curr->deflate_len; - ++curr; - - // create a normal chunk for the footer - - curr->type = CHUNK_NORMAL; - curr->start = pos; - curr->len = GZIP_FOOTER_LEN; - curr->data = img+pos; - curr->I = NULL; - - pos += curr->len; - p += curr->len; - ++curr; - - // The footer (that we just skipped over) contains the size of - // the uncompressed data. Double-check to make sure that it - // matches the size of the data we got when we actually did - // the decompression. - size_t footer_size = Read4(p-4); - if (footer_size != curr[-2].len) { - printf("Error: footer size %d != decompressed size %d\n", - footer_size, curr[-2].len); - free(img); - return NULL; - } - } else { - // Reallocate the list for every chunk; we expect the number of - // chunks to be small (5 for typical boot and recovery images). - ++*num_chunks; - *chunks = realloc(*chunks, *num_chunks * sizeof(ImageChunk)); - ImageChunk* curr = *chunks + (*num_chunks-1); - curr->start = pos; - curr->I = NULL; - - // 'pos' is not the offset of the start of a gzip chunk, so scan - // forward until we find a gzip header. - curr->type = CHUNK_NORMAL; - curr->data = p; - - for (curr->len = 0; curr->len < (st.st_size - pos); ++curr->len) { - if (p[curr->len] == 0x1f && - p[curr->len+1] == 0x8b && - p[curr->len+2] == 0x08 && - p[curr->len+3] == 0x00) { - break; - } - } - pos += curr->len; - } - } - - return img; -} - -#define BUFFER_SIZE 32768 - -/* - * Takes the uncompressed data stored in the chunk, compresses it - * using the zlib parameters stored in the chunk, and checks that it - * matches exactly the compressed data we started with (also stored in - * the chunk). Return 0 on success. - */ -int TryReconstruction(ImageChunk* chunk, unsigned char* out) { - size_t p = 0; - -#if 0 - printf("trying %d %d %d %d %d\n", - chunk->level, chunk->method, chunk->windowBits, - chunk->memLevel, chunk->strategy); -#endif - - z_stream strm; - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = chunk->len; - strm.next_in = chunk->data; - int ret; - ret = deflateInit2(&strm, chunk->level, chunk->method, chunk->windowBits, - chunk->memLevel, chunk->strategy); - do { - strm.avail_out = BUFFER_SIZE; - strm.next_out = out; - ret = deflate(&strm, Z_FINISH); - size_t have = BUFFER_SIZE - strm.avail_out; - - if (memcmp(out, chunk->deflate_data+p, have) != 0) { - // mismatch; data isn't the same. - deflateEnd(&strm); - return -1; - } - p += have; - } while (ret != Z_STREAM_END); - deflateEnd(&strm); - if (p != chunk->deflate_len) { - // mismatch; ran out of data before we should have. - return -1; - } - return 0; -} - -/* - * Verify that we can reproduce exactly the same compressed data that - * we started with. Sets the level, method, windowBits, memLevel, and - * strategy fields in the chunk to the encoding parameters needed to - * produce the right output. Returns 0 on success. - */ -int ReconstructDeflateChunk(ImageChunk* chunk) { - if (chunk->type != CHUNK_DEFLATE) { - printf("attempt to reconstruct non-deflate chunk\n"); - return -1; - } - - size_t p = 0; - unsigned char* out = malloc(BUFFER_SIZE); - - // We only check two combinations of encoder parameters: level 6 - // (the default) and level 9 (the maximum). - for (chunk->level = 6; chunk->level <= 9; chunk->level += 3) { - chunk->windowBits = -15; // 32kb window; negative to indicate a raw stream. - chunk->memLevel = 8; // the default value. - chunk->method = Z_DEFLATED; - chunk->strategy = Z_DEFAULT_STRATEGY; - - if (TryReconstruction(chunk, out) == 0) { - free(out); - return 0; - } - } - - free(out); - return -1; -} - -/* - * Given source and target chunks, compute a bsdiff patch between them - * by running bsdiff in a subprocess. Return the patch data, placing - * its length in *size. Return NULL on failure. We expect the bsdiff - * program to be in the path. - */ -unsigned char* MakePatch(ImageChunk* src, ImageChunk* tgt, size_t* size) { - if (tgt->type == CHUNK_NORMAL) { - if (tgt->len <= 160) { - tgt->type = CHUNK_RAW; - *size = tgt->len; - return tgt->data; - } - } - - char ptemp[] = "/tmp/imgdiff-patch-XXXXXX"; - mkstemp(ptemp); - - int r = bsdiff(src->data, src->len, &(src->I), tgt->data, tgt->len, ptemp); - if (r != 0) { - printf("bsdiff() failed: %d\n", r); - return NULL; - } - - struct stat st; - if (stat(ptemp, &st) != 0) { - printf("failed to stat patch file %s: %s\n", - ptemp, strerror(errno)); - return NULL; - } - - unsigned char* data = malloc(st.st_size); - - if (tgt->type == CHUNK_NORMAL && tgt->len <= st.st_size) { - unlink(ptemp); - - tgt->type = CHUNK_RAW; - *size = tgt->len; - return tgt->data; - } - - *size = st.st_size; - - FILE* f = fopen(ptemp, "rb"); - if (f == NULL) { - printf("failed to open patch %s: %s\n", ptemp, strerror(errno)); - return NULL; - } - if (fread(data, 1, st.st_size, f) != st.st_size) { - printf("failed to read patch %s: %s\n", ptemp, strerror(errno)); - return NULL; - } - fclose(f); - - unlink(ptemp); - - tgt->source_start = src->start; - switch (tgt->type) { - case CHUNK_NORMAL: - tgt->source_len = src->len; - break; - case CHUNK_DEFLATE: - tgt->source_len = src->deflate_len; - tgt->source_uncompressed_len = src->len; - break; - } - - return data; -} - -/* - * Cause a gzip chunk to be treated as a normal chunk (ie, as a blob - * of uninterpreted data). The resulting patch will likely be about - * as big as the target file, but it lets us handle the case of images - * where some gzip chunks are reconstructible but others aren't (by - * treating the ones that aren't as normal chunks). - */ -void ChangeDeflateChunkToNormal(ImageChunk* ch) { - if (ch->type != CHUNK_DEFLATE) return; - ch->type = CHUNK_NORMAL; - free(ch->data); - ch->data = ch->deflate_data; - ch->len = ch->deflate_len; -} - -/* - * Return true if the data in the chunk is identical (including the - * compressed representation, for gzip chunks). - */ -int AreChunksEqual(ImageChunk* a, ImageChunk* b) { - if (a->type != b->type) return 0; - - switch (a->type) { - case CHUNK_NORMAL: - return a->len == b->len && memcmp(a->data, b->data, a->len) == 0; - - case CHUNK_DEFLATE: - return a->deflate_len == b->deflate_len && - memcmp(a->deflate_data, b->deflate_data, a->deflate_len) == 0; - - default: - printf("unknown chunk type %d\n", a->type); - return 0; - } -} - -/* - * Look for runs of adjacent normal chunks and compress them down into - * a single chunk. (Such runs can be produced when deflate chunks are - * changed to normal chunks.) - */ -void MergeAdjacentNormalChunks(ImageChunk* chunks, int* num_chunks) { - int out = 0; - int in_start = 0, in_end; - while (in_start < *num_chunks) { - if (chunks[in_start].type != CHUNK_NORMAL) { - in_end = in_start+1; - } else { - // in_start is a normal chunk. Look for a run of normal chunks - // that constitute a solid block of data (ie, each chunk begins - // where the previous one ended). - for (in_end = in_start+1; - in_end < *num_chunks && chunks[in_end].type == CHUNK_NORMAL && - (chunks[in_end].start == - chunks[in_end-1].start + chunks[in_end-1].len && - chunks[in_end].data == - chunks[in_end-1].data + chunks[in_end-1].len); - ++in_end); - } - - if (in_end == in_start+1) { -#if 0 - printf("chunk %d is now %d\n", in_start, out); -#endif - if (out != in_start) { - memcpy(chunks+out, chunks+in_start, sizeof(ImageChunk)); - } - } else { -#if 0 - printf("collapse normal chunks %d-%d into %d\n", in_start, in_end-1, out); -#endif - - // Merge chunks [in_start, in_end-1] into one chunk. Since the - // data member of each chunk is just a pointer into an in-memory - // copy of the file, this can be done without recopying (the - // output chunk has the first chunk's start location and data - // pointer, and length equal to the sum of the input chunk - // lengths). - chunks[out].type = CHUNK_NORMAL; - chunks[out].start = chunks[in_start].start; - chunks[out].data = chunks[in_start].data; - chunks[out].len = chunks[in_end-1].len + - (chunks[in_end-1].start - chunks[in_start].start); - } - - ++out; - in_start = in_end; - } - *num_chunks = out; -} - -ImageChunk* FindChunkByName(const char* name, - ImageChunk* chunks, int num_chunks) { - int i; - for (i = 0; i < num_chunks; ++i) { - if (chunks[i].type == CHUNK_DEFLATE && chunks[i].filename && - strcmp(name, chunks[i].filename) == 0) { - return chunks+i; - } - } - return NULL; -} - -void DumpChunks(ImageChunk* chunks, int num_chunks) { - int i; - for (i = 0; i < num_chunks; ++i) { - printf("chunk %d: type %d start %d len %d\n", - i, chunks[i].type, chunks[i].start, chunks[i].len); - } -} - -int main(int argc, char** argv) { - int zip_mode = 0; - - if (argc >= 2 && strcmp(argv[1], "-z") == 0) { - zip_mode = 1; - --argc; - ++argv; - } - - size_t bonus_size = 0; - unsigned char* bonus_data = NULL; - if (argc >= 3 && strcmp(argv[1], "-b") == 0) { - struct stat st; - if (stat(argv[2], &st) != 0) { - printf("failed to stat bonus file %s: %s\n", argv[2], strerror(errno)); - return 1; - } - bonus_size = st.st_size; - bonus_data = malloc(bonus_size); - FILE* f = fopen(argv[2], "rb"); - if (f == NULL) { - printf("failed to open bonus file %s: %s\n", argv[2], strerror(errno)); - return 1; - } - if (fread(bonus_data, 1, bonus_size, f) != bonus_size) { - printf("failed to read bonus file %s: %s\n", argv[2], strerror(errno)); - return 1; - } - fclose(f); - - argc -= 2; - argv += 2; - } - - if (argc != 4) { - usage: - printf("usage: %s [-z] [-b ] \n", - argv[0]); - return 2; - } - - int num_src_chunks; - ImageChunk* src_chunks; - int num_tgt_chunks; - ImageChunk* tgt_chunks; - int i; - - if (zip_mode) { - if (ReadZip(argv[1], &num_src_chunks, &src_chunks, 1) == NULL) { - printf("failed to break apart source zip file\n"); - return 1; - } - if (ReadZip(argv[2], &num_tgt_chunks, &tgt_chunks, 0) == NULL) { - printf("failed to break apart target zip file\n"); - return 1; - } - } else { - if (ReadImage(argv[1], &num_src_chunks, &src_chunks) == NULL) { - printf("failed to break apart source image\n"); - return 1; - } - if (ReadImage(argv[2], &num_tgt_chunks, &tgt_chunks) == NULL) { - printf("failed to break apart target image\n"); - return 1; - } - - // Verify that the source and target images have the same chunk - // structure (ie, the same sequence of deflate and normal chunks). - - if (!zip_mode) { - // Merge the gzip header and footer in with any adjacent - // normal chunks. - MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); - MergeAdjacentNormalChunks(src_chunks, &num_src_chunks); - } - - if (num_src_chunks != num_tgt_chunks) { - printf("source and target don't have same number of chunks!\n"); - printf("source chunks:\n"); - DumpChunks(src_chunks, num_src_chunks); - printf("target chunks:\n"); - DumpChunks(tgt_chunks, num_tgt_chunks); - return 1; - } - for (i = 0; i < num_src_chunks; ++i) { - if (src_chunks[i].type != tgt_chunks[i].type) { - printf("source and target don't have same chunk " - "structure! (chunk %d)\n", i); - printf("source chunks:\n"); - DumpChunks(src_chunks, num_src_chunks); - printf("target chunks:\n"); - DumpChunks(tgt_chunks, num_tgt_chunks); - return 1; - } - } - } - - for (i = 0; i < num_tgt_chunks; ++i) { - if (tgt_chunks[i].type == CHUNK_DEFLATE) { - // Confirm that given the uncompressed chunk data in the target, we - // can recompress it and get exactly the same bits as are in the - // input target image. If this fails, treat the chunk as a normal - // non-deflated chunk. - if (ReconstructDeflateChunk(tgt_chunks+i) < 0) { - printf("failed to reconstruct target deflate chunk %d [%s]; " - "treating as normal\n", i, tgt_chunks[i].filename); - ChangeDeflateChunkToNormal(tgt_chunks+i); - if (zip_mode) { - ImageChunk* src = FindChunkByName(tgt_chunks[i].filename, src_chunks, num_src_chunks); - if (src) { - ChangeDeflateChunkToNormal(src); - } - } else { - ChangeDeflateChunkToNormal(src_chunks+i); - } - continue; - } - - // If two deflate chunks are identical (eg, the kernel has not - // changed between two builds), treat them as normal chunks. - // This makes applypatch much faster -- it can apply a trivial - // patch to the compressed data, rather than uncompressing and - // recompressing to apply the trivial patch to the uncompressed - // data. - ImageChunk* src; - if (zip_mode) { - src = FindChunkByName(tgt_chunks[i].filename, src_chunks, num_src_chunks); - } else { - src = src_chunks+i; - } - - if (src == NULL || AreChunksEqual(tgt_chunks+i, src)) { - ChangeDeflateChunkToNormal(tgt_chunks+i); - if (src) { - ChangeDeflateChunkToNormal(src); - } - } - } - } - - // Merging neighboring normal chunks. - if (zip_mode) { - // For zips, we only need to do this to the target: deflated - // chunks are matched via filename, and normal chunks are patched - // using the entire source file as the source. - MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); - } else { - // For images, we need to maintain the parallel structure of the - // chunk lists, so do the merging in both the source and target - // lists. - MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); - MergeAdjacentNormalChunks(src_chunks, &num_src_chunks); - if (num_src_chunks != num_tgt_chunks) { - // This shouldn't happen. - printf("merging normal chunks went awry\n"); - return 1; - } - } - - // Compute bsdiff patches for each chunk's data (the uncompressed - // data, in the case of deflate chunks). - - DumpChunks(src_chunks, num_src_chunks); - - printf("Construct patches for %d chunks...\n", num_tgt_chunks); - unsigned char** patch_data = malloc(num_tgt_chunks * sizeof(unsigned char*)); - size_t* patch_size = malloc(num_tgt_chunks * sizeof(size_t)); - for (i = 0; i < num_tgt_chunks; ++i) { - if (zip_mode) { - ImageChunk* src; - if (tgt_chunks[i].type == CHUNK_DEFLATE && - (src = FindChunkByName(tgt_chunks[i].filename, src_chunks, - num_src_chunks))) { - patch_data[i] = MakePatch(src, tgt_chunks+i, patch_size+i); - } else { - patch_data[i] = MakePatch(src_chunks, tgt_chunks+i, patch_size+i); - } - } else { - if (i == 1 && bonus_data) { - printf(" using %d bytes of bonus data for chunk %d\n", bonus_size, i); - src_chunks[i].data = realloc(src_chunks[i].data, src_chunks[i].len + bonus_size); - memcpy(src_chunks[i].data+src_chunks[i].len, bonus_data, bonus_size); - src_chunks[i].len += bonus_size; - } - - patch_data[i] = MakePatch(src_chunks+i, tgt_chunks+i, patch_size+i); - } - printf("patch %3d is %d bytes (of %d)\n", - i, patch_size[i], tgt_chunks[i].source_len); - } - - // Figure out how big the imgdiff file header is going to be, so - // that we can correctly compute the offset of each bsdiff patch - // within the file. - - size_t total_header_size = 12; - for (i = 0; i < num_tgt_chunks; ++i) { - total_header_size += 4; - switch (tgt_chunks[i].type) { - case CHUNK_NORMAL: - total_header_size += 8*3; - break; - case CHUNK_DEFLATE: - total_header_size += 8*5 + 4*5; - break; - case CHUNK_RAW: - total_header_size += 4 + patch_size[i]; - break; - } - } - - size_t offset = total_header_size; - - FILE* f = fopen(argv[3], "wb"); - - // Write out the headers. - - fwrite("IMGDIFF2", 1, 8, f); - Write4(num_tgt_chunks, f); - for (i = 0; i < num_tgt_chunks; ++i) { - Write4(tgt_chunks[i].type, f); - - switch (tgt_chunks[i].type) { - case CHUNK_NORMAL: - printf("chunk %3d: normal (%10d, %10d) %10d\n", i, - tgt_chunks[i].start, tgt_chunks[i].len, patch_size[i]); - Write8(tgt_chunks[i].source_start, f); - Write8(tgt_chunks[i].source_len, f); - Write8(offset, f); - offset += patch_size[i]; - break; - - case CHUNK_DEFLATE: - printf("chunk %3d: deflate (%10d, %10d) %10d %s\n", i, - tgt_chunks[i].start, tgt_chunks[i].deflate_len, patch_size[i], - tgt_chunks[i].filename); - Write8(tgt_chunks[i].source_start, f); - Write8(tgt_chunks[i].source_len, f); - Write8(offset, f); - Write8(tgt_chunks[i].source_uncompressed_len, f); - Write8(tgt_chunks[i].len, f); - Write4(tgt_chunks[i].level, f); - Write4(tgt_chunks[i].method, f); - Write4(tgt_chunks[i].windowBits, f); - Write4(tgt_chunks[i].memLevel, f); - Write4(tgt_chunks[i].strategy, f); - offset += patch_size[i]; - break; - - case CHUNK_RAW: - printf("chunk %3d: raw (%10d, %10d)\n", i, - tgt_chunks[i].start, tgt_chunks[i].len); - Write4(patch_size[i], f); - fwrite(patch_data[i], 1, patch_size[i], f); - break; - } - } - - // Append each chunk's bsdiff patch, in order. - - for (i = 0; i < num_tgt_chunks; ++i) { - if (tgt_chunks[i].type != CHUNK_RAW) { - fwrite(patch_data[i], 1, patch_size[i], f); - } - } - - fclose(f); - - return 0; -} diff --git a/applypatch/imgdiff.cpp b/applypatch/imgdiff.cpp new file mode 100644 index 000000000..4d83ffb2e --- /dev/null +++ b/applypatch/imgdiff.cpp @@ -0,0 +1,1068 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * This program constructs binary patches for images -- such as boot.img + * and recovery.img -- that consist primarily of large chunks of gzipped + * data interspersed with uncompressed data. Doing a naive bsdiff of + * these files is not useful because small changes in the data lead to + * large changes in the compressed bitstream; bsdiff patches of gzipped + * data are typically as large as the data itself. + * + * To patch these usefully, we break the source and target images up into + * chunks of two types: "normal" and "gzip". Normal chunks are simply + * patched using a plain bsdiff. Gzip chunks are first expanded, then a + * bsdiff is applied to the uncompressed data, then the patched data is + * gzipped using the same encoder parameters. Patched chunks are + * concatenated together to create the output file; the output image + * should be *exactly* the same series of bytes as the target image used + * originally to generate the patch. + * + * To work well with this tool, the gzipped sections of the target + * image must have been generated using the same deflate encoder that + * is available in applypatch, namely, the one in the zlib library. + * In practice this means that images should be compressed using the + * "minigzip" tool included in the zlib distribution, not the GNU gzip + * program. + * + * An "imgdiff" patch consists of a header describing the chunk structure + * of the file and any encoding parameters needed for the gzipped + * chunks, followed by N bsdiff patches, one per chunk. + * + * For a diff to be generated, the source and target images must have the + * same "chunk" structure: that is, the same number of gzipped and normal + * chunks in the same order. Android boot and recovery images currently + * consist of five chunks: a small normal header, a gzipped kernel, a + * small normal section, a gzipped ramdisk, and finally a small normal + * footer. + * + * Caveats: we locate gzipped sections within the source and target + * images by searching for the byte sequence 1f8b0800: 1f8b is the gzip + * magic number; 08 specifies the "deflate" encoding [the only encoding + * supported by the gzip standard]; and 00 is the flags byte. We do not + * currently support any extra header fields (which would be indicated by + * a nonzero flags byte). We also don't handle the case when that byte + * sequence appears spuriously in the file. (Note that it would have to + * occur spuriously within a normal chunk to be a problem.) + * + * + * The imgdiff patch header looks like this: + * + * "IMGDIFF1" (8) [magic number and version] + * chunk count (4) + * for each chunk: + * chunk type (4) [CHUNK_{NORMAL, GZIP, DEFLATE, RAW}] + * if chunk type == CHUNK_NORMAL: + * source start (8) + * source len (8) + * bsdiff patch offset (8) [from start of patch file] + * if chunk type == CHUNK_GZIP: (version 1 only) + * source start (8) + * source len (8) + * bsdiff patch offset (8) [from start of patch file] + * source expanded len (8) [size of uncompressed source] + * target expected len (8) [size of uncompressed target] + * gzip level (4) + * method (4) + * windowBits (4) + * memLevel (4) + * strategy (4) + * gzip header len (4) + * gzip header (gzip header len) + * gzip footer (8) + * if chunk type == CHUNK_DEFLATE: (version 2 only) + * source start (8) + * source len (8) + * bsdiff patch offset (8) [from start of patch file] + * source expanded len (8) [size of uncompressed source] + * target expected len (8) [size of uncompressed target] + * gzip level (4) + * method (4) + * windowBits (4) + * memLevel (4) + * strategy (4) + * if chunk type == RAW: (version 2 only) + * target len (4) + * data (target len) + * + * All integers are little-endian. "source start" and "source len" + * specify the section of the input image that comprises this chunk, + * including the gzip header and footer for gzip chunks. "source + * expanded len" is the size of the uncompressed source data. "target + * expected len" is the size of the uncompressed data after applying + * the bsdiff patch. The next five parameters specify the zlib + * parameters to be used when compressing the patched data, and the + * next three specify the header and footer to be wrapped around the + * compressed data to create the output chunk (so that header contents + * like the timestamp are recreated exactly). + * + * After the header there are 'chunk count' bsdiff patches; the offset + * of each from the beginning of the file is specified in the header. + * + * This tool can take an optional file of "bonus data". This is an + * extra file of data that is appended to chunk #1 after it is + * compressed (it must be a CHUNK_DEFLATE chunk). The same file must + * be available (and passed to applypatch with -b) when applying the + * patch. This is used to reduce the size of recovery-from-boot + * patches by combining the boot image with recovery ramdisk + * information that is stored on the system partition. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "zlib.h" +#include "imgdiff.h" +#include "utils.h" + +typedef struct { + int type; // CHUNK_NORMAL, CHUNK_DEFLATE + size_t start; // offset of chunk in original image file + + size_t len; + unsigned char* data; // data to be patched (uncompressed, for deflate chunks) + + size_t source_start; + size_t source_len; + + off_t* I; // used by bsdiff + + // --- for CHUNK_DEFLATE chunks only: --- + + // original (compressed) deflate data + size_t deflate_len; + unsigned char* deflate_data; + + char* filename; // used for zip entries + + // deflate encoder parameters + int level, method, windowBits, memLevel, strategy; + + size_t source_uncompressed_len; +} ImageChunk; + +typedef struct { + int data_offset; + int deflate_len; + int uncomp_len; + char* filename; +} ZipFileEntry; + +static int fileentry_compare(const void* a, const void* b) { + int ao = ((ZipFileEntry*)a)->data_offset; + int bo = ((ZipFileEntry*)b)->data_offset; + if (ao < bo) { + return -1; + } else if (ao > bo) { + return 1; + } else { + return 0; + } +} + +// from bsdiff.c +int bsdiff(u_char* old, off_t oldsize, off_t** IP, u_char* newdata, off_t newsize, + const char* patch_filename); + +unsigned char* ReadZip(const char* filename, + int* num_chunks, ImageChunk** chunks, + int include_pseudo_chunk) { + struct stat st; + if (stat(filename, &st) != 0) { + printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); + return NULL; + } + + size_t sz = static_cast(st.st_size); + unsigned char* img = reinterpret_cast(malloc(sz)); + FILE* f = fopen(filename, "rb"); + if (fread(img, 1, sz, f) != sz) { + printf("failed to read \"%s\" %s\n", filename, strerror(errno)); + fclose(f); + return NULL; + } + fclose(f); + + // look for the end-of-central-directory record. + + int i; + for (i = st.st_size-20; i >= 0 && i > st.st_size - 65600; --i) { + if (img[i] == 0x50 && img[i+1] == 0x4b && + img[i+2] == 0x05 && img[i+3] == 0x06) { + break; + } + } + // double-check: this archive consists of a single "disk" + if (!(img[i+4] == 0 && img[i+5] == 0 && img[i+6] == 0 && img[i+7] == 0)) { + printf("can't process multi-disk archive\n"); + return NULL; + } + + int cdcount = Read2(img+i+8); + int cdoffset = Read4(img+i+16); + + ZipFileEntry* temp_entries = reinterpret_cast(malloc( + cdcount * sizeof(ZipFileEntry))); + int entrycount = 0; + + unsigned char* cd = img+cdoffset; + for (i = 0; i < cdcount; ++i) { + if (!(cd[0] == 0x50 && cd[1] == 0x4b && cd[2] == 0x01 && cd[3] == 0x02)) { + printf("bad central directory entry %d\n", i); + return NULL; + } + + int clen = Read4(cd+20); // compressed len + int ulen = Read4(cd+24); // uncompressed len + int nlen = Read2(cd+28); // filename len + int xlen = Read2(cd+30); // extra field len + int mlen = Read2(cd+32); // file comment len + int hoffset = Read4(cd+42); // local header offset + + char* filename = reinterpret_cast(malloc(nlen+1)); + memcpy(filename, cd+46, nlen); + filename[nlen] = '\0'; + + int method = Read2(cd+10); + + cd += 46 + nlen + xlen + mlen; + + if (method != 8) { // 8 == deflate + free(filename); + continue; + } + + unsigned char* lh = img + hoffset; + + if (!(lh[0] == 0x50 && lh[1] == 0x4b && lh[2] == 0x03 && lh[3] == 0x04)) { + printf("bad local file header entry %d\n", i); + return NULL; + } + + if (Read2(lh+26) != nlen || memcmp(lh+30, filename, nlen) != 0) { + printf("central dir filename doesn't match local header\n"); + return NULL; + } + + xlen = Read2(lh+28); // extra field len; might be different from CD entry? + + temp_entries[entrycount].data_offset = hoffset+30+nlen+xlen; + temp_entries[entrycount].deflate_len = clen; + temp_entries[entrycount].uncomp_len = ulen; + temp_entries[entrycount].filename = filename; + ++entrycount; + } + + qsort(temp_entries, entrycount, sizeof(ZipFileEntry), fileentry_compare); + +#if 0 + printf("found %d deflated entries\n", entrycount); + for (i = 0; i < entrycount; ++i) { + printf("off %10d len %10d unlen %10d %p %s\n", + temp_entries[i].data_offset, + temp_entries[i].deflate_len, + temp_entries[i].uncomp_len, + temp_entries[i].filename, + temp_entries[i].filename); + } +#endif + + *num_chunks = 0; + *chunks = reinterpret_cast(malloc((entrycount*2+2) * sizeof(ImageChunk))); + ImageChunk* curr = *chunks; + + if (include_pseudo_chunk) { + curr->type = CHUNK_NORMAL; + curr->start = 0; + curr->len = st.st_size; + curr->data = img; + curr->filename = NULL; + curr->I = NULL; + ++curr; + ++*num_chunks; + } + + int pos = 0; + int nextentry = 0; + + while (pos < st.st_size) { + if (nextentry < entrycount && pos == temp_entries[nextentry].data_offset) { + curr->type = CHUNK_DEFLATE; + curr->start = pos; + curr->deflate_len = temp_entries[nextentry].deflate_len; + curr->deflate_data = img + pos; + curr->filename = temp_entries[nextentry].filename; + curr->I = NULL; + + curr->len = temp_entries[nextentry].uncomp_len; + curr->data = reinterpret_cast(malloc(curr->len)); + + z_stream strm; + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = curr->deflate_len; + strm.next_in = curr->deflate_data; + + // -15 means we are decoding a 'raw' deflate stream; zlib will + // not expect zlib headers. + int ret = inflateInit2(&strm, -15); + + strm.avail_out = curr->len; + strm.next_out = curr->data; + ret = inflate(&strm, Z_NO_FLUSH); + if (ret != Z_STREAM_END) { + printf("failed to inflate \"%s\"; %d\n", curr->filename, ret); + return NULL; + } + + inflateEnd(&strm); + + pos += curr->deflate_len; + ++nextentry; + ++*num_chunks; + ++curr; + continue; + } + + // use a normal chunk to take all the data up to the start of the + // next deflate section. + + curr->type = CHUNK_NORMAL; + curr->start = pos; + if (nextentry < entrycount) { + curr->len = temp_entries[nextentry].data_offset - pos; + } else { + curr->len = st.st_size - pos; + } + curr->data = img + pos; + curr->filename = NULL; + curr->I = NULL; + pos += curr->len; + + ++*num_chunks; + ++curr; + } + + free(temp_entries); + return img; +} + +/* + * Read the given file and break it up into chunks, putting the number + * of chunks and their info in *num_chunks and **chunks, + * respectively. Returns a malloc'd block of memory containing the + * contents of the file; various pointers in the output chunk array + * will point into this block of memory. The caller should free the + * return value when done with all the chunks. Returns NULL on + * failure. + */ +unsigned char* ReadImage(const char* filename, + int* num_chunks, ImageChunk** chunks) { + struct stat st; + if (stat(filename, &st) != 0) { + printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); + return NULL; + } + + size_t sz = static_cast(st.st_size); + unsigned char* img = reinterpret_cast(malloc(sz + 4)); + FILE* f = fopen(filename, "rb"); + if (fread(img, 1, sz, f) != sz) { + printf("failed to read \"%s\" %s\n", filename, strerror(errno)); + fclose(f); + return NULL; + } + fclose(f); + + // append 4 zero bytes to the data so we can always search for the + // four-byte string 1f8b0800 starting at any point in the actual + // file data, without special-casing the end of the data. + memset(img+sz, 0, 4); + + size_t pos = 0; + + *num_chunks = 0; + *chunks = NULL; + + while (pos < sz) { + unsigned char* p = img+pos; + + if (sz - pos >= 4 && + p[0] == 0x1f && p[1] == 0x8b && + p[2] == 0x08 && // deflate compression + p[3] == 0x00) { // no header flags + // 'pos' is the offset of the start of a gzip chunk. + size_t chunk_offset = pos; + + *num_chunks += 3; + *chunks = reinterpret_cast(realloc(*chunks, + *num_chunks * sizeof(ImageChunk))); + ImageChunk* curr = *chunks + (*num_chunks-3); + + // create a normal chunk for the header. + curr->start = pos; + curr->type = CHUNK_NORMAL; + curr->len = GZIP_HEADER_LEN; + curr->data = p; + curr->I = NULL; + + pos += curr->len; + p += curr->len; + ++curr; + + curr->type = CHUNK_DEFLATE; + curr->filename = NULL; + curr->I = NULL; + + // We must decompress this chunk in order to discover where it + // ends, and so we can put the uncompressed data and its length + // into curr->data and curr->len. + + size_t allocated = 32768; + curr->len = 0; + curr->data = reinterpret_cast(malloc(allocated)); + curr->start = pos; + curr->deflate_data = p; + + z_stream strm; + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = sz - pos; + strm.next_in = p; + + // -15 means we are decoding a 'raw' deflate stream; zlib will + // not expect zlib headers. + int ret = inflateInit2(&strm, -15); + + do { + strm.avail_out = allocated - curr->len; + strm.next_out = curr->data + curr->len; + ret = inflate(&strm, Z_NO_FLUSH); + if (ret < 0) { + printf("Error: inflate failed [%s] at file offset [%zu]\n" + "imgdiff only supports gzip kernel compression," + " did you try CONFIG_KERNEL_LZO?\n", + strm.msg, chunk_offset); + free(img); + return NULL; + } + curr->len = allocated - strm.avail_out; + if (strm.avail_out == 0) { + allocated *= 2; + curr->data = reinterpret_cast(realloc(curr->data, allocated)); + } + } while (ret != Z_STREAM_END); + + curr->deflate_len = sz - strm.avail_in - pos; + inflateEnd(&strm); + pos += curr->deflate_len; + p += curr->deflate_len; + ++curr; + + // create a normal chunk for the footer + + curr->type = CHUNK_NORMAL; + curr->start = pos; + curr->len = GZIP_FOOTER_LEN; + curr->data = img+pos; + curr->I = NULL; + + pos += curr->len; + p += curr->len; + ++curr; + + // The footer (that we just skipped over) contains the size of + // the uncompressed data. Double-check to make sure that it + // matches the size of the data we got when we actually did + // the decompression. + size_t footer_size = Read4(p-4); + if (footer_size != curr[-2].len) { + printf("Error: footer size %zu != decompressed size %zu\n", + footer_size, curr[-2].len); + free(img); + return NULL; + } + } else { + // Reallocate the list for every chunk; we expect the number of + // chunks to be small (5 for typical boot and recovery images). + ++*num_chunks; + *chunks = reinterpret_cast(realloc(*chunks, *num_chunks * sizeof(ImageChunk))); + ImageChunk* curr = *chunks + (*num_chunks-1); + curr->start = pos; + curr->I = NULL; + + // 'pos' is not the offset of the start of a gzip chunk, so scan + // forward until we find a gzip header. + curr->type = CHUNK_NORMAL; + curr->data = p; + + for (curr->len = 0; curr->len < (sz - pos); ++curr->len) { + if (p[curr->len] == 0x1f && + p[curr->len+1] == 0x8b && + p[curr->len+2] == 0x08 && + p[curr->len+3] == 0x00) { + break; + } + } + pos += curr->len; + } + } + + return img; +} + +#define BUFFER_SIZE 32768 + +/* + * Takes the uncompressed data stored in the chunk, compresses it + * using the zlib parameters stored in the chunk, and checks that it + * matches exactly the compressed data we started with (also stored in + * the chunk). Return 0 on success. + */ +int TryReconstruction(ImageChunk* chunk, unsigned char* out) { + size_t p = 0; + +#if 0 + printf("trying %d %d %d %d %d\n", + chunk->level, chunk->method, chunk->windowBits, + chunk->memLevel, chunk->strategy); +#endif + + z_stream strm; + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = chunk->len; + strm.next_in = chunk->data; + int ret; + ret = deflateInit2(&strm, chunk->level, chunk->method, chunk->windowBits, + chunk->memLevel, chunk->strategy); + do { + strm.avail_out = BUFFER_SIZE; + strm.next_out = out; + ret = deflate(&strm, Z_FINISH); + size_t have = BUFFER_SIZE - strm.avail_out; + + if (memcmp(out, chunk->deflate_data+p, have) != 0) { + // mismatch; data isn't the same. + deflateEnd(&strm); + return -1; + } + p += have; + } while (ret != Z_STREAM_END); + deflateEnd(&strm); + if (p != chunk->deflate_len) { + // mismatch; ran out of data before we should have. + return -1; + } + return 0; +} + +/* + * Verify that we can reproduce exactly the same compressed data that + * we started with. Sets the level, method, windowBits, memLevel, and + * strategy fields in the chunk to the encoding parameters needed to + * produce the right output. Returns 0 on success. + */ +int ReconstructDeflateChunk(ImageChunk* chunk) { + if (chunk->type != CHUNK_DEFLATE) { + printf("attempt to reconstruct non-deflate chunk\n"); + return -1; + } + + size_t p = 0; + unsigned char* out = reinterpret_cast(malloc(BUFFER_SIZE)); + + // We only check two combinations of encoder parameters: level 6 + // (the default) and level 9 (the maximum). + for (chunk->level = 6; chunk->level <= 9; chunk->level += 3) { + chunk->windowBits = -15; // 32kb window; negative to indicate a raw stream. + chunk->memLevel = 8; // the default value. + chunk->method = Z_DEFLATED; + chunk->strategy = Z_DEFAULT_STRATEGY; + + if (TryReconstruction(chunk, out) == 0) { + free(out); + return 0; + } + } + + free(out); + return -1; +} + +/* + * Given source and target chunks, compute a bsdiff patch between them + * by running bsdiff in a subprocess. Return the patch data, placing + * its length in *size. Return NULL on failure. We expect the bsdiff + * program to be in the path. + */ +unsigned char* MakePatch(ImageChunk* src, ImageChunk* tgt, size_t* size) { + if (tgt->type == CHUNK_NORMAL) { + if (tgt->len <= 160) { + tgt->type = CHUNK_RAW; + *size = tgt->len; + return tgt->data; + } + } + + char ptemp[] = "/tmp/imgdiff-patch-XXXXXX"; + mkstemp(ptemp); + + int r = bsdiff(src->data, src->len, &(src->I), tgt->data, tgt->len, ptemp); + if (r != 0) { + printf("bsdiff() failed: %d\n", r); + return NULL; + } + + struct stat st; + if (stat(ptemp, &st) != 0) { + printf("failed to stat patch file %s: %s\n", + ptemp, strerror(errno)); + return NULL; + } + + size_t sz = static_cast(st.st_size); + // TODO: Memory leak on error return. + unsigned char* data = reinterpret_cast(malloc(sz)); + + if (tgt->type == CHUNK_NORMAL && tgt->len <= sz) { + unlink(ptemp); + + tgt->type = CHUNK_RAW; + *size = tgt->len; + return tgt->data; + } + + *size = sz; + + FILE* f = fopen(ptemp, "rb"); + if (f == NULL) { + printf("failed to open patch %s: %s\n", ptemp, strerror(errno)); + return NULL; + } + if (fread(data, 1, sz, f) != sz) { + printf("failed to read patch %s: %s\n", ptemp, strerror(errno)); + return NULL; + } + fclose(f); + + unlink(ptemp); + + tgt->source_start = src->start; + switch (tgt->type) { + case CHUNK_NORMAL: + tgt->source_len = src->len; + break; + case CHUNK_DEFLATE: + tgt->source_len = src->deflate_len; + tgt->source_uncompressed_len = src->len; + break; + } + + return data; +} + +/* + * Cause a gzip chunk to be treated as a normal chunk (ie, as a blob + * of uninterpreted data). The resulting patch will likely be about + * as big as the target file, but it lets us handle the case of images + * where some gzip chunks are reconstructible but others aren't (by + * treating the ones that aren't as normal chunks). + */ +void ChangeDeflateChunkToNormal(ImageChunk* ch) { + if (ch->type != CHUNK_DEFLATE) return; + ch->type = CHUNK_NORMAL; + free(ch->data); + ch->data = ch->deflate_data; + ch->len = ch->deflate_len; +} + +/* + * Return true if the data in the chunk is identical (including the + * compressed representation, for gzip chunks). + */ +int AreChunksEqual(ImageChunk* a, ImageChunk* b) { + if (a->type != b->type) return 0; + + switch (a->type) { + case CHUNK_NORMAL: + return a->len == b->len && memcmp(a->data, b->data, a->len) == 0; + + case CHUNK_DEFLATE: + return a->deflate_len == b->deflate_len && + memcmp(a->deflate_data, b->deflate_data, a->deflate_len) == 0; + + default: + printf("unknown chunk type %d\n", a->type); + return 0; + } +} + +/* + * Look for runs of adjacent normal chunks and compress them down into + * a single chunk. (Such runs can be produced when deflate chunks are + * changed to normal chunks.) + */ +void MergeAdjacentNormalChunks(ImageChunk* chunks, int* num_chunks) { + int out = 0; + int in_start = 0, in_end; + while (in_start < *num_chunks) { + if (chunks[in_start].type != CHUNK_NORMAL) { + in_end = in_start+1; + } else { + // in_start is a normal chunk. Look for a run of normal chunks + // that constitute a solid block of data (ie, each chunk begins + // where the previous one ended). + for (in_end = in_start+1; + in_end < *num_chunks && chunks[in_end].type == CHUNK_NORMAL && + (chunks[in_end].start == + chunks[in_end-1].start + chunks[in_end-1].len && + chunks[in_end].data == + chunks[in_end-1].data + chunks[in_end-1].len); + ++in_end); + } + + if (in_end == in_start+1) { +#if 0 + printf("chunk %d is now %d\n", in_start, out); +#endif + if (out != in_start) { + memcpy(chunks+out, chunks+in_start, sizeof(ImageChunk)); + } + } else { +#if 0 + printf("collapse normal chunks %d-%d into %d\n", in_start, in_end-1, out); +#endif + + // Merge chunks [in_start, in_end-1] into one chunk. Since the + // data member of each chunk is just a pointer into an in-memory + // copy of the file, this can be done without recopying (the + // output chunk has the first chunk's start location and data + // pointer, and length equal to the sum of the input chunk + // lengths). + chunks[out].type = CHUNK_NORMAL; + chunks[out].start = chunks[in_start].start; + chunks[out].data = chunks[in_start].data; + chunks[out].len = chunks[in_end-1].len + + (chunks[in_end-1].start - chunks[in_start].start); + } + + ++out; + in_start = in_end; + } + *num_chunks = out; +} + +ImageChunk* FindChunkByName(const char* name, + ImageChunk* chunks, int num_chunks) { + int i; + for (i = 0; i < num_chunks; ++i) { + if (chunks[i].type == CHUNK_DEFLATE && chunks[i].filename && + strcmp(name, chunks[i].filename) == 0) { + return chunks+i; + } + } + return NULL; +} + +void DumpChunks(ImageChunk* chunks, int num_chunks) { + for (int i = 0; i < num_chunks; ++i) { + printf("chunk %d: type %d start %zu len %zu\n", + i, chunks[i].type, chunks[i].start, chunks[i].len); + } +} + +int main(int argc, char** argv) { + int zip_mode = 0; + + if (argc >= 2 && strcmp(argv[1], "-z") == 0) { + zip_mode = 1; + --argc; + ++argv; + } + + size_t bonus_size = 0; + unsigned char* bonus_data = NULL; + if (argc >= 3 && strcmp(argv[1], "-b") == 0) { + struct stat st; + if (stat(argv[2], &st) != 0) { + printf("failed to stat bonus file %s: %s\n", argv[2], strerror(errno)); + return 1; + } + bonus_size = st.st_size; + bonus_data = reinterpret_cast(malloc(bonus_size)); + FILE* f = fopen(argv[2], "rb"); + if (f == NULL) { + printf("failed to open bonus file %s: %s\n", argv[2], strerror(errno)); + return 1; + } + if (fread(bonus_data, 1, bonus_size, f) != bonus_size) { + printf("failed to read bonus file %s: %s\n", argv[2], strerror(errno)); + return 1; + } + fclose(f); + + argc -= 2; + argv += 2; + } + + if (argc != 4) { + usage: + printf("usage: %s [-z] [-b ] \n", + argv[0]); + return 2; + } + + int num_src_chunks; + ImageChunk* src_chunks; + int num_tgt_chunks; + ImageChunk* tgt_chunks; + int i; + + if (zip_mode) { + if (ReadZip(argv[1], &num_src_chunks, &src_chunks, 1) == NULL) { + printf("failed to break apart source zip file\n"); + return 1; + } + if (ReadZip(argv[2], &num_tgt_chunks, &tgt_chunks, 0) == NULL) { + printf("failed to break apart target zip file\n"); + return 1; + } + } else { + if (ReadImage(argv[1], &num_src_chunks, &src_chunks) == NULL) { + printf("failed to break apart source image\n"); + return 1; + } + if (ReadImage(argv[2], &num_tgt_chunks, &tgt_chunks) == NULL) { + printf("failed to break apart target image\n"); + return 1; + } + + // Verify that the source and target images have the same chunk + // structure (ie, the same sequence of deflate and normal chunks). + + if (!zip_mode) { + // Merge the gzip header and footer in with any adjacent + // normal chunks. + MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); + MergeAdjacentNormalChunks(src_chunks, &num_src_chunks); + } + + if (num_src_chunks != num_tgt_chunks) { + printf("source and target don't have same number of chunks!\n"); + printf("source chunks:\n"); + DumpChunks(src_chunks, num_src_chunks); + printf("target chunks:\n"); + DumpChunks(tgt_chunks, num_tgt_chunks); + return 1; + } + for (i = 0; i < num_src_chunks; ++i) { + if (src_chunks[i].type != tgt_chunks[i].type) { + printf("source and target don't have same chunk " + "structure! (chunk %d)\n", i); + printf("source chunks:\n"); + DumpChunks(src_chunks, num_src_chunks); + printf("target chunks:\n"); + DumpChunks(tgt_chunks, num_tgt_chunks); + return 1; + } + } + } + + for (i = 0; i < num_tgt_chunks; ++i) { + if (tgt_chunks[i].type == CHUNK_DEFLATE) { + // Confirm that given the uncompressed chunk data in the target, we + // can recompress it and get exactly the same bits as are in the + // input target image. If this fails, treat the chunk as a normal + // non-deflated chunk. + if (ReconstructDeflateChunk(tgt_chunks+i) < 0) { + printf("failed to reconstruct target deflate chunk %d [%s]; " + "treating as normal\n", i, tgt_chunks[i].filename); + ChangeDeflateChunkToNormal(tgt_chunks+i); + if (zip_mode) { + ImageChunk* src = FindChunkByName(tgt_chunks[i].filename, src_chunks, num_src_chunks); + if (src) { + ChangeDeflateChunkToNormal(src); + } + } else { + ChangeDeflateChunkToNormal(src_chunks+i); + } + continue; + } + + // If two deflate chunks are identical (eg, the kernel has not + // changed between two builds), treat them as normal chunks. + // This makes applypatch much faster -- it can apply a trivial + // patch to the compressed data, rather than uncompressing and + // recompressing to apply the trivial patch to the uncompressed + // data. + ImageChunk* src; + if (zip_mode) { + src = FindChunkByName(tgt_chunks[i].filename, src_chunks, num_src_chunks); + } else { + src = src_chunks+i; + } + + if (src == NULL || AreChunksEqual(tgt_chunks+i, src)) { + ChangeDeflateChunkToNormal(tgt_chunks+i); + if (src) { + ChangeDeflateChunkToNormal(src); + } + } + } + } + + // Merging neighboring normal chunks. + if (zip_mode) { + // For zips, we only need to do this to the target: deflated + // chunks are matched via filename, and normal chunks are patched + // using the entire source file as the source. + MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); + } else { + // For images, we need to maintain the parallel structure of the + // chunk lists, so do the merging in both the source and target + // lists. + MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); + MergeAdjacentNormalChunks(src_chunks, &num_src_chunks); + if (num_src_chunks != num_tgt_chunks) { + // This shouldn't happen. + printf("merging normal chunks went awry\n"); + return 1; + } + } + + // Compute bsdiff patches for each chunk's data (the uncompressed + // data, in the case of deflate chunks). + + DumpChunks(src_chunks, num_src_chunks); + + printf("Construct patches for %d chunks...\n", num_tgt_chunks); + unsigned char** patch_data = reinterpret_cast(malloc( + num_tgt_chunks * sizeof(unsigned char*))); + size_t* patch_size = reinterpret_cast(malloc(num_tgt_chunks * sizeof(size_t))); + for (i = 0; i < num_tgt_chunks; ++i) { + if (zip_mode) { + ImageChunk* src; + if (tgt_chunks[i].type == CHUNK_DEFLATE && + (src = FindChunkByName(tgt_chunks[i].filename, src_chunks, + num_src_chunks))) { + patch_data[i] = MakePatch(src, tgt_chunks+i, patch_size+i); + } else { + patch_data[i] = MakePatch(src_chunks, tgt_chunks+i, patch_size+i); + } + } else { + if (i == 1 && bonus_data) { + printf(" using %zu bytes of bonus data for chunk %d\n", bonus_size, i); + src_chunks[i].data = reinterpret_cast(realloc(src_chunks[i].data, + src_chunks[i].len + bonus_size)); + memcpy(src_chunks[i].data+src_chunks[i].len, bonus_data, bonus_size); + src_chunks[i].len += bonus_size; + } + + patch_data[i] = MakePatch(src_chunks+i, tgt_chunks+i, patch_size+i); + } + printf("patch %3d is %zu bytes (of %zu)\n", + i, patch_size[i], tgt_chunks[i].source_len); + } + + // Figure out how big the imgdiff file header is going to be, so + // that we can correctly compute the offset of each bsdiff patch + // within the file. + + size_t total_header_size = 12; + for (i = 0; i < num_tgt_chunks; ++i) { + total_header_size += 4; + switch (tgt_chunks[i].type) { + case CHUNK_NORMAL: + total_header_size += 8*3; + break; + case CHUNK_DEFLATE: + total_header_size += 8*5 + 4*5; + break; + case CHUNK_RAW: + total_header_size += 4 + patch_size[i]; + break; + } + } + + size_t offset = total_header_size; + + FILE* f = fopen(argv[3], "wb"); + + // Write out the headers. + + fwrite("IMGDIFF2", 1, 8, f); + Write4(num_tgt_chunks, f); + for (i = 0; i < num_tgt_chunks; ++i) { + Write4(tgt_chunks[i].type, f); + + switch (tgt_chunks[i].type) { + case CHUNK_NORMAL: + printf("chunk %3d: normal (%10zu, %10zu) %10zu\n", i, + tgt_chunks[i].start, tgt_chunks[i].len, patch_size[i]); + Write8(tgt_chunks[i].source_start, f); + Write8(tgt_chunks[i].source_len, f); + Write8(offset, f); + offset += patch_size[i]; + break; + + case CHUNK_DEFLATE: + printf("chunk %3d: deflate (%10zu, %10zu) %10zu %s\n", i, + tgt_chunks[i].start, tgt_chunks[i].deflate_len, patch_size[i], + tgt_chunks[i].filename); + Write8(tgt_chunks[i].source_start, f); + Write8(tgt_chunks[i].source_len, f); + Write8(offset, f); + Write8(tgt_chunks[i].source_uncompressed_len, f); + Write8(tgt_chunks[i].len, f); + Write4(tgt_chunks[i].level, f); + Write4(tgt_chunks[i].method, f); + Write4(tgt_chunks[i].windowBits, f); + Write4(tgt_chunks[i].memLevel, f); + Write4(tgt_chunks[i].strategy, f); + offset += patch_size[i]; + break; + + case CHUNK_RAW: + printf("chunk %3d: raw (%10zu, %10zu)\n", i, + tgt_chunks[i].start, tgt_chunks[i].len); + Write4(patch_size[i], f); + fwrite(patch_data[i], 1, patch_size[i], f); + break; + } + } + + // Append each chunk's bsdiff patch, in order. + + for (i = 0; i < num_tgt_chunks; ++i) { + if (tgt_chunks[i].type != CHUNK_RAW) { + fwrite(patch_data[i], 1, patch_size[i], f); + } + } + + fclose(f); + + return 0; +} diff --git a/applypatch/imgpatch.c b/applypatch/imgpatch.c deleted file mode 100644 index 09b0a7397..000000000 --- a/applypatch/imgpatch.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// See imgdiff.c in this directory for a description of the patch file -// format. - -#include -#include -#include -#include -#include -#include -#include - -#include "zlib.h" -#include "mincrypt/sha.h" -#include "applypatch.h" -#include "imgdiff.h" -#include "utils.h" - -/* - * Apply the patch given in 'patch_filename' to the source data given - * by (old_data, old_size). Write the patched output to the 'output' - * file, and update the SHA context with the output data as well. - * Return 0 on success. - */ -int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size __unused, - const Value* patch, - SinkFn sink, void* token, SHA_CTX* ctx, - const Value* bonus_data) { - ssize_t pos = 12; - char* header = patch->data; - if (patch->size < 12) { - printf("patch too short to contain header\n"); - return -1; - } - - // IMGDIFF2 uses CHUNK_NORMAL, CHUNK_DEFLATE, and CHUNK_RAW. - // (IMGDIFF1, which is no longer supported, used CHUNK_NORMAL and - // CHUNK_GZIP.) - if (memcmp(header, "IMGDIFF2", 8) != 0) { - printf("corrupt patch file header (magic number)\n"); - return -1; - } - - int num_chunks = Read4(header+8); - - int i; - for (i = 0; i < num_chunks; ++i) { - // each chunk's header record starts with 4 bytes. - if (pos + 4 > patch->size) { - printf("failed to read chunk %d record\n", i); - return -1; - } - int type = Read4(patch->data + pos); - pos += 4; - - if (type == CHUNK_NORMAL) { - char* normal_header = patch->data + pos; - pos += 24; - if (pos > patch->size) { - printf("failed to read chunk %d normal header data\n", i); - return -1; - } - - size_t src_start = Read8(normal_header); - size_t src_len = Read8(normal_header+8); - size_t patch_offset = Read8(normal_header+16); - - ApplyBSDiffPatch(old_data + src_start, src_len, - patch, patch_offset, sink, token, ctx); - } else if (type == CHUNK_RAW) { - char* raw_header = patch->data + pos; - pos += 4; - if (pos > patch->size) { - printf("failed to read chunk %d raw header data\n", i); - return -1; - } - - ssize_t data_len = Read4(raw_header); - - if (pos + data_len > patch->size) { - printf("failed to read chunk %d raw data\n", i); - return -1; - } - if (ctx) SHA_update(ctx, patch->data + pos, data_len); - if (sink((unsigned char*)patch->data + pos, - data_len, token) != data_len) { - printf("failed to write chunk %d raw data\n", i); - return -1; - } - pos += data_len; - } else if (type == CHUNK_DEFLATE) { - // deflate chunks have an additional 60 bytes in their chunk header. - char* deflate_header = patch->data + pos; - pos += 60; - if (pos > patch->size) { - printf("failed to read chunk %d deflate header data\n", i); - return -1; - } - - size_t src_start = Read8(deflate_header); - size_t src_len = Read8(deflate_header+8); - size_t patch_offset = Read8(deflate_header+16); - size_t expanded_len = Read8(deflate_header+24); - size_t target_len = Read8(deflate_header+32); - int level = Read4(deflate_header+40); - int method = Read4(deflate_header+44); - int windowBits = Read4(deflate_header+48); - int memLevel = Read4(deflate_header+52); - int strategy = Read4(deflate_header+56); - - // Decompress the source data; the chunk header tells us exactly - // how big we expect it to be when decompressed. - - // Note: expanded_len will include the bonus data size if - // the patch was constructed with bonus data. The - // deflation will come up 'bonus_size' bytes short; these - // must be appended from the bonus_data value. - size_t bonus_size = (i == 1 && bonus_data != NULL) ? bonus_data->size : 0; - - unsigned char* expanded_source = malloc(expanded_len); - if (expanded_source == NULL) { - printf("failed to allocate %zu bytes for expanded_source\n", - expanded_len); - return -1; - } - - z_stream strm; - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = src_len; - strm.next_in = (unsigned char*)(old_data + src_start); - strm.avail_out = expanded_len; - strm.next_out = expanded_source; - - int ret; - ret = inflateInit2(&strm, -15); - if (ret != Z_OK) { - printf("failed to init source inflation: %d\n", ret); - return -1; - } - - // Because we've provided enough room to accommodate the output - // data, we expect one call to inflate() to suffice. - ret = inflate(&strm, Z_SYNC_FLUSH); - if (ret != Z_STREAM_END) { - printf("source inflation returned %d\n", ret); - return -1; - } - // We should have filled the output buffer exactly, except - // for the bonus_size. - if (strm.avail_out != bonus_size) { - printf("source inflation short by %zu bytes\n", strm.avail_out-bonus_size); - return -1; - } - inflateEnd(&strm); - - if (bonus_size) { - memcpy(expanded_source + (expanded_len - bonus_size), - bonus_data->data, bonus_size); - } - - // Next, apply the bsdiff patch (in memory) to the uncompressed - // data. - unsigned char* uncompressed_target_data; - ssize_t uncompressed_target_size; - if (ApplyBSDiffPatchMem(expanded_source, expanded_len, - patch, patch_offset, - &uncompressed_target_data, - &uncompressed_target_size) != 0) { - return -1; - } - - // Now compress the target data and append it to the output. - - // we're done with the expanded_source data buffer, so we'll - // reuse that memory to receive the output of deflate. - unsigned char* temp_data = expanded_source; - ssize_t temp_size = expanded_len; - if (temp_size < 32768) { - // ... unless the buffer is too small, in which case we'll - // allocate a fresh one. - free(temp_data); - temp_data = malloc(32768); - temp_size = 32768; - } - - // now the deflate stream - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = uncompressed_target_size; - strm.next_in = uncompressed_target_data; - ret = deflateInit2(&strm, level, method, windowBits, memLevel, strategy); - do { - strm.avail_out = temp_size; - strm.next_out = temp_data; - ret = deflate(&strm, Z_FINISH); - ssize_t have = temp_size - strm.avail_out; - - if (sink(temp_data, have, token) != have) { - printf("failed to write %ld compressed bytes to output\n", - (long)have); - return -1; - } - if (ctx) SHA_update(ctx, temp_data, have); - } while (ret != Z_STREAM_END); - deflateEnd(&strm); - - free(temp_data); - free(uncompressed_target_data); - } else { - printf("patch chunk %d is unknown type %d\n", i, type); - return -1; - } - } - - return 0; -} diff --git a/applypatch/imgpatch.cpp b/applypatch/imgpatch.cpp new file mode 100644 index 000000000..26888f8ee --- /dev/null +++ b/applypatch/imgpatch.cpp @@ -0,0 +1,234 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// See imgdiff.c in this directory for a description of the patch file +// format. + +#include +#include +#include +#include +#include +#include +#include + +#include "zlib.h" +#include "mincrypt/sha.h" +#include "applypatch.h" +#include "imgdiff.h" +#include "utils.h" + +/* + * Apply the patch given in 'patch_filename' to the source data given + * by (old_data, old_size). Write the patched output to the 'output' + * file, and update the SHA context with the output data as well. + * Return 0 on success. + */ +int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size __unused, + const Value* patch, + SinkFn sink, void* token, SHA_CTX* ctx, + const Value* bonus_data) { + ssize_t pos = 12; + char* header = patch->data; + if (patch->size < 12) { + printf("patch too short to contain header\n"); + return -1; + } + + // IMGDIFF2 uses CHUNK_NORMAL, CHUNK_DEFLATE, and CHUNK_RAW. + // (IMGDIFF1, which is no longer supported, used CHUNK_NORMAL and + // CHUNK_GZIP.) + if (memcmp(header, "IMGDIFF2", 8) != 0) { + printf("corrupt patch file header (magic number)\n"); + return -1; + } + + int num_chunks = Read4(header+8); + + int i; + for (i = 0; i < num_chunks; ++i) { + // each chunk's header record starts with 4 bytes. + if (pos + 4 > patch->size) { + printf("failed to read chunk %d record\n", i); + return -1; + } + int type = Read4(patch->data + pos); + pos += 4; + + if (type == CHUNK_NORMAL) { + char* normal_header = patch->data + pos; + pos += 24; + if (pos > patch->size) { + printf("failed to read chunk %d normal header data\n", i); + return -1; + } + + size_t src_start = Read8(normal_header); + size_t src_len = Read8(normal_header+8); + size_t patch_offset = Read8(normal_header+16); + + ApplyBSDiffPatch(old_data + src_start, src_len, + patch, patch_offset, sink, token, ctx); + } else if (type == CHUNK_RAW) { + char* raw_header = patch->data + pos; + pos += 4; + if (pos > patch->size) { + printf("failed to read chunk %d raw header data\n", i); + return -1; + } + + ssize_t data_len = Read4(raw_header); + + if (pos + data_len > patch->size) { + printf("failed to read chunk %d raw data\n", i); + return -1; + } + if (ctx) SHA_update(ctx, patch->data + pos, data_len); + if (sink((unsigned char*)patch->data + pos, + data_len, token) != data_len) { + printf("failed to write chunk %d raw data\n", i); + return -1; + } + pos += data_len; + } else if (type == CHUNK_DEFLATE) { + // deflate chunks have an additional 60 bytes in their chunk header. + char* deflate_header = patch->data + pos; + pos += 60; + if (pos > patch->size) { + printf("failed to read chunk %d deflate header data\n", i); + return -1; + } + + size_t src_start = Read8(deflate_header); + size_t src_len = Read8(deflate_header+8); + size_t patch_offset = Read8(deflate_header+16); + size_t expanded_len = Read8(deflate_header+24); + size_t target_len = Read8(deflate_header+32); + int level = Read4(deflate_header+40); + int method = Read4(deflate_header+44); + int windowBits = Read4(deflate_header+48); + int memLevel = Read4(deflate_header+52); + int strategy = Read4(deflate_header+56); + + // Decompress the source data; the chunk header tells us exactly + // how big we expect it to be when decompressed. + + // Note: expanded_len will include the bonus data size if + // the patch was constructed with bonus data. The + // deflation will come up 'bonus_size' bytes short; these + // must be appended from the bonus_data value. + size_t bonus_size = (i == 1 && bonus_data != NULL) ? bonus_data->size : 0; + + unsigned char* expanded_source = reinterpret_cast(malloc(expanded_len)); + if (expanded_source == NULL) { + printf("failed to allocate %zu bytes for expanded_source\n", + expanded_len); + return -1; + } + + z_stream strm; + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = src_len; + strm.next_in = (unsigned char*)(old_data + src_start); + strm.avail_out = expanded_len; + strm.next_out = expanded_source; + + int ret; + ret = inflateInit2(&strm, -15); + if (ret != Z_OK) { + printf("failed to init source inflation: %d\n", ret); + return -1; + } + + // Because we've provided enough room to accommodate the output + // data, we expect one call to inflate() to suffice. + ret = inflate(&strm, Z_SYNC_FLUSH); + if (ret != Z_STREAM_END) { + printf("source inflation returned %d\n", ret); + return -1; + } + // We should have filled the output buffer exactly, except + // for the bonus_size. + if (strm.avail_out != bonus_size) { + printf("source inflation short by %zu bytes\n", strm.avail_out-bonus_size); + return -1; + } + inflateEnd(&strm); + + if (bonus_size) { + memcpy(expanded_source + (expanded_len - bonus_size), + bonus_data->data, bonus_size); + } + + // Next, apply the bsdiff patch (in memory) to the uncompressed + // data. + unsigned char* uncompressed_target_data; + ssize_t uncompressed_target_size; + if (ApplyBSDiffPatchMem(expanded_source, expanded_len, + patch, patch_offset, + &uncompressed_target_data, + &uncompressed_target_size) != 0) { + return -1; + } + + // Now compress the target data and append it to the output. + + // we're done with the expanded_source data buffer, so we'll + // reuse that memory to receive the output of deflate. + unsigned char* temp_data = expanded_source; + ssize_t temp_size = expanded_len; + if (temp_size < 32768) { + // ... unless the buffer is too small, in which case we'll + // allocate a fresh one. + free(temp_data); + temp_data = reinterpret_cast(malloc(32768)); + temp_size = 32768; + } + + // now the deflate stream + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = uncompressed_target_size; + strm.next_in = uncompressed_target_data; + ret = deflateInit2(&strm, level, method, windowBits, memLevel, strategy); + do { + strm.avail_out = temp_size; + strm.next_out = temp_data; + ret = deflate(&strm, Z_FINISH); + ssize_t have = temp_size - strm.avail_out; + + if (sink(temp_data, have, token) != have) { + printf("failed to write %ld compressed bytes to output\n", + (long)have); + return -1; + } + if (ctx) SHA_update(ctx, temp_data, have); + } while (ret != Z_STREAM_END); + deflateEnd(&strm); + + free(temp_data); + free(uncompressed_target_data); + } else { + printf("patch chunk %d is unknown type %d\n", i, type); + return -1; + } + } + + return 0; +} diff --git a/applypatch/main.c b/applypatch/main.c deleted file mode 100644 index 8e9fe80ef..000000000 --- a/applypatch/main.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include - -#include "applypatch.h" -#include "edify/expr.h" -#include "mincrypt/sha.h" - -int CheckMode(int argc, char** argv) { - if (argc < 3) { - return 2; - } - return applypatch_check(argv[2], argc-3, argv+3); -} - -int SpaceMode(int argc, char** argv) { - if (argc != 3) { - return 2; - } - char* endptr; - size_t bytes = strtol(argv[2], &endptr, 10); - if (bytes == 0 && endptr == argv[2]) { - printf("can't parse \"%s\" as byte count\n\n", argv[2]); - return 1; - } - return CacheSizeCheck(bytes); -} - -// Parse arguments (which should be of the form "" or -// ":" into the new parallel arrays *sha1s and -// *patches (loading file contents into the patches). Returns 0 on -// success. -static int ParsePatchArgs(int argc, char** argv, - char*** sha1s, Value*** patches, int* num_patches) { - *num_patches = argc; - *sha1s = malloc(*num_patches * sizeof(char*)); - *patches = malloc(*num_patches * sizeof(Value*)); - memset(*patches, 0, *num_patches * sizeof(Value*)); - - uint8_t digest[SHA_DIGEST_SIZE]; - - int i; - for (i = 0; i < *num_patches; ++i) { - char* colon = strchr(argv[i], ':'); - if (colon != NULL) { - *colon = '\0'; - ++colon; - } - - if (ParseSha1(argv[i], digest) != 0) { - printf("failed to parse sha1 \"%s\"\n", argv[i]); - return -1; - } - - (*sha1s)[i] = argv[i]; - if (colon == NULL) { - (*patches)[i] = NULL; - } else { - FileContents fc; - if (LoadFileContents(colon, &fc) != 0) { - goto abort; - } - (*patches)[i] = malloc(sizeof(Value)); - (*patches)[i]->type = VAL_BLOB; - (*patches)[i]->size = fc.size; - (*patches)[i]->data = (char*)fc.data; - } - } - - return 0; - - abort: - for (i = 0; i < *num_patches; ++i) { - Value* p = (*patches)[i]; - if (p != NULL) { - free(p->data); - free(p); - } - } - free(*sha1s); - free(*patches); - return -1; -} - -int PatchMode(int argc, char** argv) { - Value* bonus = NULL; - if (argc >= 3 && strcmp(argv[1], "-b") == 0) { - FileContents fc; - if (LoadFileContents(argv[2], &fc) != 0) { - printf("failed to load bonus file %s\n", argv[2]); - return 1; - } - bonus = malloc(sizeof(Value)); - bonus->type = VAL_BLOB; - bonus->size = fc.size; - bonus->data = (char*)fc.data; - argc -= 2; - argv += 2; - } - - if (argc < 6) { - return 2; - } - - char* endptr; - size_t target_size = strtol(argv[4], &endptr, 10); - if (target_size == 0 && endptr == argv[4]) { - printf("can't parse \"%s\" as byte count\n\n", argv[4]); - return 1; - } - - char** sha1s; - Value** patches; - int num_patches; - if (ParsePatchArgs(argc-5, argv+5, &sha1s, &patches, &num_patches) != 0) { - printf("failed to parse patch args\n"); - return 1; - } - - int result = applypatch(argv[1], argv[2], argv[3], target_size, - num_patches, sha1s, patches, bonus); - - int i; - for (i = 0; i < num_patches; ++i) { - Value* p = patches[i]; - if (p != NULL) { - free(p->data); - free(p); - } - } - if (bonus) { - free(bonus->data); - free(bonus); - } - free(sha1s); - free(patches); - - return result; -} - -// This program applies binary patches to files in a way that is safe -// (the original file is not touched until we have the desired -// replacement for it) and idempotent (it's okay to run this program -// multiple times). -// -// - if the sha1 hash of is , does nothing and exits -// successfully. -// -// - otherwise, if the sha1 hash of is , applies the -// bsdiff to to produce a new file (the type of patch -// is automatically detected from the file header). If that new -// file has sha1 hash , moves it to replace , and -// exits successfully. Note that if and are -// not the same, is NOT deleted on success. -// may be the string "-" to mean "the same as src-file". -// -// - otherwise, or if any error is encountered, exits with non-zero -// status. -// -// (or in check mode) may refer to an MTD partition -// to read the source data. See the comments for the -// LoadMTDContents() function above for the format of such a filename. - -int main(int argc, char** argv) { - if (argc < 2) { - usage: - printf( - "usage: %s [-b ] " - "[: ...]\n" - " or %s -c [ ...]\n" - " or %s -s \n" - " or %s -l\n" - "\n" - "Filenames may be of the form\n" - " MTD::::::...\n" - "to specify reading from or writing to an MTD partition.\n\n", - argv[0], argv[0], argv[0], argv[0]); - return 2; - } - - int result; - - if (strncmp(argv[1], "-l", 3) == 0) { - result = ShowLicenses(); - } else if (strncmp(argv[1], "-c", 3) == 0) { - result = CheckMode(argc, argv); - } else if (strncmp(argv[1], "-s", 3) == 0) { - result = SpaceMode(argc, argv); - } else { - result = PatchMode(argc, argv); - } - - if (result == 2) { - goto usage; - } - return result; -} diff --git a/applypatch/main.cpp b/applypatch/main.cpp new file mode 100644 index 000000000..63ff5c2c0 --- /dev/null +++ b/applypatch/main.cpp @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include + +#include "applypatch.h" +#include "edify/expr.h" +#include "mincrypt/sha.h" + +static int CheckMode(int argc, char** argv) { + if (argc < 3) { + return 2; + } + return applypatch_check(argv[2], argc-3, argv+3); +} + +static int SpaceMode(int argc, char** argv) { + if (argc != 3) { + return 2; + } + char* endptr; + size_t bytes = strtol(argv[2], &endptr, 10); + if (bytes == 0 && endptr == argv[2]) { + printf("can't parse \"%s\" as byte count\n\n", argv[2]); + return 1; + } + return CacheSizeCheck(bytes); +} + +// Parse arguments (which should be of the form "" or +// ":" into the new parallel arrays *sha1s and +// *patches (loading file contents into the patches). Returns true on +// success. +static bool ParsePatchArgs(int argc, char** argv, + char*** sha1s, Value*** patches, int* num_patches) { + *num_patches = argc; + *sha1s = reinterpret_cast(malloc(*num_patches * sizeof(char*))); + *patches = reinterpret_cast(malloc(*num_patches * sizeof(Value*))); + memset(*patches, 0, *num_patches * sizeof(Value*)); + + uint8_t digest[SHA_DIGEST_SIZE]; + + for (int i = 0; i < *num_patches; ++i) { + char* colon = strchr(argv[i], ':'); + if (colon != NULL) { + *colon = '\0'; + ++colon; + } + + if (ParseSha1(argv[i], digest) != 0) { + printf("failed to parse sha1 \"%s\"\n", argv[i]); + return false; + } + + (*sha1s)[i] = argv[i]; + if (colon == NULL) { + (*patches)[i] = NULL; + } else { + FileContents fc; + if (LoadFileContents(colon, &fc) != 0) { + goto abort; + } + (*patches)[i] = reinterpret_cast(malloc(sizeof(Value))); + (*patches)[i]->type = VAL_BLOB; + (*patches)[i]->size = fc.size; + (*patches)[i]->data = reinterpret_cast(fc.data); + } + } + + return true; + + abort: + for (int i = 0; i < *num_patches; ++i) { + Value* p = (*patches)[i]; + if (p != NULL) { + free(p->data); + free(p); + } + } + free(*sha1s); + free(*patches); + return false; +} + +int PatchMode(int argc, char** argv) { + Value* bonus = NULL; + if (argc >= 3 && strcmp(argv[1], "-b") == 0) { + FileContents fc; + if (LoadFileContents(argv[2], &fc) != 0) { + printf("failed to load bonus file %s\n", argv[2]); + return 1; + } + bonus = reinterpret_cast(malloc(sizeof(Value))); + bonus->type = VAL_BLOB; + bonus->size = fc.size; + bonus->data = (char*)fc.data; + argc -= 2; + argv += 2; + } + + if (argc < 6) { + return 2; + } + + char* endptr; + size_t target_size = strtol(argv[4], &endptr, 10); + if (target_size == 0 && endptr == argv[4]) { + printf("can't parse \"%s\" as byte count\n\n", argv[4]); + return 1; + } + + char** sha1s; + Value** patches; + int num_patches; + if (!ParsePatchArgs(argc-5, argv+5, &sha1s, &patches, &num_patches)) { + printf("failed to parse patch args\n"); + return 1; + } + + int result = applypatch(argv[1], argv[2], argv[3], target_size, + num_patches, sha1s, patches, bonus); + + int i; + for (i = 0; i < num_patches; ++i) { + Value* p = patches[i]; + if (p != NULL) { + free(p->data); + free(p); + } + } + if (bonus) { + free(bonus->data); + free(bonus); + } + free(sha1s); + free(patches); + + return result; +} + +// This program applies binary patches to files in a way that is safe +// (the original file is not touched until we have the desired +// replacement for it) and idempotent (it's okay to run this program +// multiple times). +// +// - if the sha1 hash of is , does nothing and exits +// successfully. +// +// - otherwise, if the sha1 hash of is , applies the +// bsdiff to to produce a new file (the type of patch +// is automatically detected from the file header). If that new +// file has sha1 hash , moves it to replace , and +// exits successfully. Note that if and are +// not the same, is NOT deleted on success. +// may be the string "-" to mean "the same as src-file". +// +// - otherwise, or if any error is encountered, exits with non-zero +// status. +// +// (or in check mode) may refer to an MTD partition +// to read the source data. See the comments for the +// LoadMTDContents() function above for the format of such a filename. + +int main(int argc, char** argv) { + if (argc < 2) { + usage: + printf( + "usage: %s [-b ] " + "[: ...]\n" + " or %s -c [ ...]\n" + " or %s -s \n" + " or %s -l\n" + "\n" + "Filenames may be of the form\n" + " MTD::::::...\n" + "to specify reading from or writing to an MTD partition.\n\n", + argv[0], argv[0], argv[0], argv[0]); + return 2; + } + + int result; + + if (strncmp(argv[1], "-l", 3) == 0) { + result = ShowLicenses(); + } else if (strncmp(argv[1], "-c", 3) == 0) { + result = CheckMode(argc, argv); + } else if (strncmp(argv[1], "-s", 3) == 0) { + result = SpaceMode(argc, argv); + } else { + result = PatchMode(argc, argv); + } + + if (result == 2) { + goto usage; + } + return result; +} diff --git a/applypatch/utils.c b/applypatch/utils.c deleted file mode 100644 index 41ff676dc..000000000 --- a/applypatch/utils.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include "utils.h" - -/** Write a 4-byte value to f in little-endian order. */ -void Write4(int value, FILE* f) { - fputc(value & 0xff, f); - fputc((value >> 8) & 0xff, f); - fputc((value >> 16) & 0xff, f); - fputc((value >> 24) & 0xff, f); -} - -/** Write an 8-byte value to f in little-endian order. */ -void Write8(long long value, FILE* f) { - fputc(value & 0xff, f); - fputc((value >> 8) & 0xff, f); - fputc((value >> 16) & 0xff, f); - fputc((value >> 24) & 0xff, f); - fputc((value >> 32) & 0xff, f); - fputc((value >> 40) & 0xff, f); - fputc((value >> 48) & 0xff, f); - fputc((value >> 56) & 0xff, f); -} - -int Read2(void* pv) { - unsigned char* p = pv; - return (int)(((unsigned int)p[1] << 8) | - (unsigned int)p[0]); -} - -int Read4(void* pv) { - unsigned char* p = pv; - return (int)(((unsigned int)p[3] << 24) | - ((unsigned int)p[2] << 16) | - ((unsigned int)p[1] << 8) | - (unsigned int)p[0]); -} - -long long Read8(void* pv) { - unsigned char* p = pv; - return (long long)(((unsigned long long)p[7] << 56) | - ((unsigned long long)p[6] << 48) | - ((unsigned long long)p[5] << 40) | - ((unsigned long long)p[4] << 32) | - ((unsigned long long)p[3] << 24) | - ((unsigned long long)p[2] << 16) | - ((unsigned long long)p[1] << 8) | - (unsigned long long)p[0]); -} diff --git a/applypatch/utils.cpp b/applypatch/utils.cpp new file mode 100644 index 000000000..4a80be75f --- /dev/null +++ b/applypatch/utils.cpp @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "utils.h" + +/** Write a 4-byte value to f in little-endian order. */ +void Write4(int value, FILE* f) { + fputc(value & 0xff, f); + fputc((value >> 8) & 0xff, f); + fputc((value >> 16) & 0xff, f); + fputc((value >> 24) & 0xff, f); +} + +/** Write an 8-byte value to f in little-endian order. */ +void Write8(long long value, FILE* f) { + fputc(value & 0xff, f); + fputc((value >> 8) & 0xff, f); + fputc((value >> 16) & 0xff, f); + fputc((value >> 24) & 0xff, f); + fputc((value >> 32) & 0xff, f); + fputc((value >> 40) & 0xff, f); + fputc((value >> 48) & 0xff, f); + fputc((value >> 56) & 0xff, f); +} + +int Read2(void* pv) { + unsigned char* p = reinterpret_cast(pv); + return (int)(((unsigned int)p[1] << 8) | + (unsigned int)p[0]); +} + +int Read4(void* pv) { + unsigned char* p = reinterpret_cast(pv); + return (int)(((unsigned int)p[3] << 24) | + ((unsigned int)p[2] << 16) | + ((unsigned int)p[1] << 8) | + (unsigned int)p[0]); +} + +long long Read8(void* pv) { + unsigned char* p = reinterpret_cast(pv); + return (long long)(((unsigned long long)p[7] << 56) | + ((unsigned long long)p[6] << 48) | + ((unsigned long long)p[5] << 40) | + ((unsigned long long)p[4] << 32) | + ((unsigned long long)p[3] << 24) | + ((unsigned long long)p[2] << 16) | + ((unsigned long long)p[1] << 8) | + (unsigned long long)p[0]); +} diff --git a/minzip/Hash.h b/minzip/Hash.h index 8194537f3..e83eac414 100644 --- a/minzip/Hash.h +++ b/minzip/Hash.h @@ -15,6 +15,10 @@ #include #include +#ifdef __cplusplus +extern "C" { +#endif + /* compute the hash of an item with a specific type */ typedef unsigned int (*HashCompute)(const void* item); @@ -183,4 +187,8 @@ typedef unsigned int (*HashCalcFunc)(const void* item); void mzHashTableProbeCount(HashTable* pHashTable, HashCalcFunc calcFunc, HashCompareFunc cmpFunc); +#ifdef __cplusplus +} +#endif + #endif /*_MINZIP_HASH*/ diff --git a/roots.cpp b/roots.cpp index 2bd457efe..9288177e7 100644 --- a/roots.cpp +++ b/roots.cpp @@ -30,10 +30,8 @@ #include "roots.h" #include "common.h" #include "make_ext4fs.h" -extern "C" { #include "wipe.h" #include "cryptfs.h" -} static struct fstab *fstab = NULL; diff --git a/updater/Android.mk b/updater/Android.mk index a0ea06fa5..0d4179b23 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -1,11 +1,23 @@ # Copyright 2009 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. LOCAL_PATH := $(call my-dir) updater_src_files := \ - install.c \ - blockimg.c \ - updater.c + install.cpp \ + blockimg.cpp \ + updater.cpp # # Build a statically-linked binary to include in OTA packages diff --git a/updater/blockimg.c b/updater/blockimg.c deleted file mode 100644 index a6a389507..000000000 --- a/updater/blockimg.c +++ /dev/null @@ -1,1994 +0,0 @@ -/* - * Copyright (C) 2014 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "applypatch/applypatch.h" -#include "edify/expr.h" -#include "mincrypt/sha.h" -#include "minzip/Hash.h" -#include "updater.h" - -#define BLOCKSIZE 4096 - -// Set this to 0 to interpret 'erase' transfers to mean do a -// BLKDISCARD ioctl (the normal behavior). Set to 1 to interpret -// erase to mean fill the region with zeroes. -#define DEBUG_ERASE 0 - -#ifndef BLKDISCARD -#define BLKDISCARD _IO(0x12,119) -#endif - -#define STASH_DIRECTORY_BASE "/cache/recovery" -#define STASH_DIRECTORY_MODE 0700 -#define STASH_FILE_MODE 0600 - -char* PrintSha1(const uint8_t* digest); - -typedef struct { - int count; - int size; - int pos[0]; -} RangeSet; - -#define RANGESET_MAX_POINTS \ - ((int)((INT_MAX / sizeof(int)) - sizeof(RangeSet))) - -static RangeSet* parse_range(char* text) { - char* save; - char* token; - int i, num; - long int val; - RangeSet* out = NULL; - size_t bufsize; - - if (!text) { - goto err; - } - - token = strtok_r(text, ",", &save); - - if (!token) { - goto err; - } - - val = strtol(token, NULL, 0); - - if (val < 2 || val > RANGESET_MAX_POINTS) { - goto err; - } else if (val % 2) { - goto err; // must be even - } - - num = (int) val; - bufsize = sizeof(RangeSet) + num * sizeof(int); - - out = malloc(bufsize); - - if (!out) { - fprintf(stderr, "failed to allocate range of %zu bytes\n", bufsize); - goto err; - } - - out->count = num / 2; - out->size = 0; - - for (i = 0; i < num; ++i) { - token = strtok_r(NULL, ",", &save); - - if (!token) { - goto err; - } - - val = strtol(token, NULL, 0); - - if (val < 0 || val > INT_MAX) { - goto err; - } - - out->pos[i] = (int) val; - - if (i % 2) { - if (out->pos[i - 1] >= out->pos[i]) { - goto err; // empty or negative range - } - - if (out->size > INT_MAX - out->pos[i]) { - goto err; // overflow - } - - out->size += out->pos[i]; - } else { - if (out->size < 0) { - goto err; - } - - out->size -= out->pos[i]; - } - } - - if (out->size <= 0) { - goto err; - } - - return out; - -err: - fprintf(stderr, "failed to parse range '%s'\n", text ? text : "NULL"); - exit(1); -} - -static int range_overlaps(RangeSet* r1, RangeSet* r2) { - int i, j, r1_0, r1_1, r2_0, r2_1; - - if (!r1 || !r2) { - return 0; - } - - for (i = 0; i < r1->count; ++i) { - r1_0 = r1->pos[i * 2]; - r1_1 = r1->pos[i * 2 + 1]; - - for (j = 0; j < r2->count; ++j) { - r2_0 = r2->pos[j * 2]; - r2_1 = r2->pos[j * 2 + 1]; - - if (!(r2_0 >= r1_1 || r1_0 >= r2_1)) { - return 1; - } - } - } - - return 0; -} - -static int read_all(int fd, uint8_t* data, size_t size) { - size_t so_far = 0; - while (so_far < size) { - ssize_t r = TEMP_FAILURE_RETRY(read(fd, data+so_far, size-so_far)); - if (r == -1) { - fprintf(stderr, "read failed: %s\n", strerror(errno)); - return -1; - } - so_far += r; - } - return 0; -} - -static int write_all(int fd, const uint8_t* data, size_t size) { - size_t written = 0; - while (written < size) { - ssize_t w = TEMP_FAILURE_RETRY(write(fd, data+written, size-written)); - if (w == -1) { - fprintf(stderr, "write failed: %s\n", strerror(errno)); - return -1; - } - written += w; - } - - if (fsync(fd) == -1) { - fprintf(stderr, "fsync failed: %s\n", strerror(errno)); - return -1; - } - - return 0; -} - -static bool check_lseek(int fd, off64_t offset, int whence) { - off64_t rc = TEMP_FAILURE_RETRY(lseek64(fd, offset, whence)); - if (rc == -1) { - fprintf(stderr, "lseek64 failed: %s\n", strerror(errno)); - return false; - } - return true; -} - -static void allocate(size_t size, uint8_t** buffer, size_t* buffer_alloc) { - // if the buffer's big enough, reuse it. - if (size <= *buffer_alloc) return; - - free(*buffer); - - *buffer = (uint8_t*) malloc(size); - if (*buffer == NULL) { - fprintf(stderr, "failed to allocate %zu bytes\n", size); - exit(1); - } - *buffer_alloc = size; -} - -typedef struct { - int fd; - RangeSet* tgt; - int p_block; - size_t p_remain; -} RangeSinkState; - -static ssize_t RangeSinkWrite(const uint8_t* data, ssize_t size, void* token) { - RangeSinkState* rss = (RangeSinkState*) token; - - if (rss->p_remain <= 0) { - fprintf(stderr, "range sink write overrun"); - return 0; - } - - ssize_t written = 0; - while (size > 0) { - size_t write_now = size; - - if (rss->p_remain < write_now) { - write_now = rss->p_remain; - } - - if (write_all(rss->fd, data, write_now) == -1) { - break; - } - - data += write_now; - size -= write_now; - - rss->p_remain -= write_now; - written += write_now; - - if (rss->p_remain == 0) { - // move to the next block - ++rss->p_block; - if (rss->p_block < rss->tgt->count) { - rss->p_remain = (rss->tgt->pos[rss->p_block * 2 + 1] - - rss->tgt->pos[rss->p_block * 2]) * BLOCKSIZE; - - if (!check_lseek(rss->fd, (off64_t)rss->tgt->pos[rss->p_block*2] * BLOCKSIZE, - SEEK_SET)) { - break; - } - } else { - // we can't write any more; return how many bytes have - // been written so far. - break; - } - } - } - - return written; -} - -// All of the data for all the 'new' transfers is contained in one -// file in the update package, concatenated together in the order in -// which transfers.list will need it. We want to stream it out of the -// archive (it's compressed) without writing it to a temp file, but we -// can't write each section until it's that transfer's turn to go. -// -// To achieve this, we expand the new data from the archive in a -// background thread, and block that threads 'receive uncompressed -// data' function until the main thread has reached a point where we -// want some new data to be written. We signal the background thread -// with the destination for the data and block the main thread, -// waiting for the background thread to complete writing that section. -// Then it signals the main thread to wake up and goes back to -// blocking waiting for a transfer. -// -// NewThreadInfo is the struct used to pass information back and forth -// between the two threads. When the main thread wants some data -// written, it sets rss to the destination location and signals the -// condition. When the background thread is done writing, it clears -// rss and signals the condition again. - -typedef struct { - ZipArchive* za; - const ZipEntry* entry; - - RangeSinkState* rss; - - pthread_mutex_t mu; - pthread_cond_t cv; -} NewThreadInfo; - -static bool receive_new_data(const unsigned char* data, int size, void* cookie) { - NewThreadInfo* nti = (NewThreadInfo*) cookie; - - while (size > 0) { - // Wait for nti->rss to be non-NULL, indicating some of this - // data is wanted. - pthread_mutex_lock(&nti->mu); - while (nti->rss == NULL) { - pthread_cond_wait(&nti->cv, &nti->mu); - } - pthread_mutex_unlock(&nti->mu); - - // At this point nti->rss is set, and we own it. The main - // thread is waiting for it to disappear from nti. - ssize_t written = RangeSinkWrite(data, size, nti->rss); - data += written; - size -= written; - - if (nti->rss->p_block == nti->rss->tgt->count) { - // we have written all the bytes desired by this rss. - - pthread_mutex_lock(&nti->mu); - nti->rss = NULL; - pthread_cond_broadcast(&nti->cv); - pthread_mutex_unlock(&nti->mu); - } - } - - return true; -} - -static void* unzip_new_data(void* cookie) { - NewThreadInfo* nti = (NewThreadInfo*) cookie; - mzProcessZipEntryContents(nti->za, nti->entry, receive_new_data, nti); - return NULL; -} - -static int ReadBlocks(RangeSet* src, uint8_t* buffer, int fd) { - int i; - size_t p = 0; - size_t size; - - if (!src || !buffer) { - return -1; - } - - for (i = 0; i < src->count; ++i) { - if (!check_lseek(fd, (off64_t) src->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { - return -1; - } - - size = (src->pos[i * 2 + 1] - src->pos[i * 2]) * BLOCKSIZE; - - if (read_all(fd, buffer + p, size) == -1) { - return -1; - } - - p += size; - } - - return 0; -} - -static int WriteBlocks(RangeSet* tgt, uint8_t* buffer, int fd) { - int i; - size_t p = 0; - size_t size; - - if (!tgt || !buffer) { - return -1; - } - - for (i = 0; i < tgt->count; ++i) { - if (!check_lseek(fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { - return -1; - } - - size = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * BLOCKSIZE; - - if (write_all(fd, buffer + p, size) == -1) { - return -1; - } - - p += size; - } - - return 0; -} - -// Do a source/target load for move/bsdiff/imgdiff in version 1. -// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect -// to parse the remainder of the string as: -// -// -// -// The source range is loaded into the provided buffer, reallocating -// it to make it larger if necessary. The target ranges are returned -// in *tgt, if tgt is non-NULL. - -static int LoadSrcTgtVersion1(char** wordsave, RangeSet** tgt, int* src_blocks, - uint8_t** buffer, size_t* buffer_alloc, int fd) { - char* word; - int rc; - - word = strtok_r(NULL, " ", wordsave); - RangeSet* src = parse_range(word); - - if (tgt != NULL) { - word = strtok_r(NULL, " ", wordsave); - *tgt = parse_range(word); - } - - allocate(src->size * BLOCKSIZE, buffer, buffer_alloc); - rc = ReadBlocks(src, *buffer, fd); - *src_blocks = src->size; - - free(src); - return rc; -} - -static int VerifyBlocks(const char *expected, const uint8_t *buffer, - size_t blocks, int printerror) { - char* hexdigest = NULL; - int rc = -1; - uint8_t digest[SHA_DIGEST_SIZE]; - - if (!expected || !buffer) { - return rc; - } - - SHA_hash(buffer, blocks * BLOCKSIZE, digest); - hexdigest = PrintSha1(digest); - - if (hexdigest != NULL) { - rc = strcmp(expected, hexdigest); - - if (rc != 0 && printerror) { - fprintf(stderr, "failed to verify blocks (expected %s, read %s)\n", - expected, hexdigest); - } - - free(hexdigest); - } - - return rc; -} - -static char* GetStashFileName(const char* base, const char* id, const char* postfix) { - char* fn; - int len; - int res; - - if (base == NULL) { - return NULL; - } - - if (id == NULL) { - id = ""; - } - - if (postfix == NULL) { - postfix = ""; - } - - len = strlen(STASH_DIRECTORY_BASE) + 1 + strlen(base) + 1 + strlen(id) + strlen(postfix) + 1; - fn = malloc(len); - - if (fn == NULL) { - fprintf(stderr, "failed to malloc %d bytes for fn\n", len); - return NULL; - } - - res = snprintf(fn, len, STASH_DIRECTORY_BASE "/%s/%s%s", base, id, postfix); - - if (res < 0 || res >= len) { - fprintf(stderr, "failed to format file name (return value %d)\n", res); - free(fn); - return NULL; - } - - return fn; -} - -typedef void (*StashCallback)(const char*, void*); - -// Does a best effort enumeration of stash files. Ignores possible non-file -// items in the stash directory and continues despite of errors. Calls the -// 'callback' function for each file and passes 'data' to the function as a -// parameter. - -static void EnumerateStash(const char* dirname, StashCallback callback, void* data) { - char* fn; - DIR* directory; - int len; - int res; - struct dirent* item; - - if (dirname == NULL || callback == NULL) { - return; - } - - directory = opendir(dirname); - - if (directory == NULL) { - if (errno != ENOENT) { - fprintf(stderr, "opendir \"%s\" failed: %s\n", dirname, strerror(errno)); - } - return; - } - - while ((item = readdir(directory)) != NULL) { - if (item->d_type != DT_REG) { - continue; - } - - len = strlen(dirname) + 1 + strlen(item->d_name) + 1; - fn = malloc(len); - - if (fn == NULL) { - fprintf(stderr, "failed to malloc %d bytes for fn\n", len); - continue; - } - - res = snprintf(fn, len, "%s/%s", dirname, item->d_name); - - if (res < 0 || res >= len) { - fprintf(stderr, "failed to format file name (return value %d)\n", res); - free(fn); - continue; - } - - callback(fn, data); - free(fn); - } - - if (closedir(directory) == -1) { - fprintf(stderr, "closedir \"%s\" failed: %s\n", dirname, strerror(errno)); - } -} - -static void UpdateFileSize(const char* fn, void* data) { - int* size = (int*) data; - struct stat st; - - if (!fn || !data) { - return; - } - - if (stat(fn, &st) == -1) { - fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); - return; - } - - *size += st.st_size; -} - -// Deletes the stash directory and all files in it. Assumes that it only -// contains files. There is nothing we can do about unlikely, but possible -// errors, so they are merely logged. - -static void DeleteFile(const char* fn, void* data) { - if (fn) { - fprintf(stderr, "deleting %s\n", fn); - - if (unlink(fn) == -1 && errno != ENOENT) { - fprintf(stderr, "unlink \"%s\" failed: %s\n", fn, strerror(errno)); - } - } -} - -static void DeletePartial(const char* fn, void* data) { - if (fn && strstr(fn, ".partial") != NULL) { - DeleteFile(fn, data); - } -} - -static void DeleteStash(const char* base) { - char* dirname; - - if (base == NULL) { - return; - } - - dirname = GetStashFileName(base, NULL, NULL); - - if (dirname == NULL) { - return; - } - - fprintf(stderr, "deleting stash %s\n", base); - EnumerateStash(dirname, DeleteFile, NULL); - - if (rmdir(dirname) == -1) { - if (errno != ENOENT && errno != ENOTDIR) { - fprintf(stderr, "rmdir \"%s\" failed: %s\n", dirname, strerror(errno)); - } - } - - free(dirname); -} - -static int LoadStash(const char* base, const char* id, int verify, int* blocks, uint8_t** buffer, - size_t* buffer_alloc, int printnoent) { - char *fn = NULL; - int blockcount = 0; - int fd = -1; - int rc = -1; - int res; - struct stat st; - - if (!base || !id || !buffer || !buffer_alloc) { - goto lsout; - } - - if (!blocks) { - blocks = &blockcount; - } - - fn = GetStashFileName(base, id, NULL); - - if (fn == NULL) { - goto lsout; - } - - res = stat(fn, &st); - - if (res == -1) { - if (errno != ENOENT || printnoent) { - fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); - } - goto lsout; - } - - fprintf(stderr, " loading %s\n", fn); - - if ((st.st_size % BLOCKSIZE) != 0) { - fprintf(stderr, "%s size %zd not multiple of block size %d", fn, st.st_size, BLOCKSIZE); - goto lsout; - } - - fd = TEMP_FAILURE_RETRY(open(fn, O_RDONLY)); - - if (fd == -1) { - fprintf(stderr, "open \"%s\" failed: %s\n", fn, strerror(errno)); - goto lsout; - } - - allocate(st.st_size, buffer, buffer_alloc); - - if (read_all(fd, *buffer, st.st_size) == -1) { - goto lsout; - } - - *blocks = st.st_size / BLOCKSIZE; - - if (verify && VerifyBlocks(id, *buffer, *blocks, 1) != 0) { - fprintf(stderr, "unexpected contents in %s\n", fn); - DeleteFile(fn, NULL); - goto lsout; - } - - rc = 0; - -lsout: - if (fd != -1) { - close(fd); - } - - if (fn) { - free(fn); - } - - return rc; -} - -static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buffer, - int checkspace, int *exists) { - char *fn = NULL; - char *cn = NULL; - int fd = -1; - int rc = -1; - int res; - struct stat st; - - if (base == NULL || buffer == NULL) { - goto wsout; - } - - if (checkspace && CacheSizeCheck(blocks * BLOCKSIZE) != 0) { - fprintf(stderr, "not enough space to write stash\n"); - goto wsout; - } - - fn = GetStashFileName(base, id, ".partial"); - cn = GetStashFileName(base, id, NULL); - - if (fn == NULL || cn == NULL) { - goto wsout; - } - - if (exists) { - res = stat(cn, &st); - - if (res == 0) { - // The file already exists and since the name is the hash of the contents, - // it's safe to assume the contents are identical (accidental hash collisions - // are unlikely) - fprintf(stderr, " skipping %d existing blocks in %s\n", blocks, cn); - *exists = 1; - rc = 0; - goto wsout; - } - - *exists = 0; - } - - fprintf(stderr, " writing %d blocks to %s\n", blocks, cn); - - fd = TEMP_FAILURE_RETRY(open(fn, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, STASH_FILE_MODE)); - - if (fd == -1) { - fprintf(stderr, "failed to create \"%s\": %s\n", fn, strerror(errno)); - goto wsout; - } - - if (write_all(fd, buffer, blocks * BLOCKSIZE) == -1) { - goto wsout; - } - - if (fsync(fd) == -1) { - fprintf(stderr, "fsync \"%s\" failed: %s\n", fn, strerror(errno)); - goto wsout; - } - - if (rename(fn, cn) == -1) { - fprintf(stderr, "rename(\"%s\", \"%s\") failed: %s\n", fn, cn, strerror(errno)); - goto wsout; - } - - rc = 0; - -wsout: - if (fd != -1) { - close(fd); - } - - if (fn) { - free(fn); - } - - if (cn) { - free(cn); - } - - return rc; -} - -// Creates a directory for storing stash files and checks if the /cache partition -// hash enough space for the expected amount of blocks we need to store. Returns -// >0 if we created the directory, zero if it existed already, and <0 of failure. - -static int CreateStash(State* state, int maxblocks, const char* blockdev, char** base) { - char* dirname = NULL; - const uint8_t* digest; - int rc = -1; - int res; - int size = 0; - SHA_CTX ctx; - struct stat st; - - if (blockdev == NULL || base == NULL) { - goto csout; - } - - // Stash directory should be different for each partition to avoid conflicts - // when updating multiple partitions at the same time, so we use the hash of - // the block device name as the base directory - SHA_init(&ctx); - SHA_update(&ctx, blockdev, strlen(blockdev)); - digest = SHA_final(&ctx); - *base = PrintSha1(digest); - - if (*base == NULL) { - goto csout; - } - - dirname = GetStashFileName(*base, NULL, NULL); - - if (dirname == NULL) { - goto csout; - } - - res = stat(dirname, &st); - - if (res == -1 && errno != ENOENT) { - ErrorAbort(state, "stat \"%s\" failed: %s\n", dirname, strerror(errno)); - goto csout; - } else if (res != 0) { - fprintf(stderr, "creating stash %s\n", dirname); - res = mkdir(dirname, STASH_DIRECTORY_MODE); - - if (res != 0) { - ErrorAbort(state, "mkdir \"%s\" failed: %s\n", dirname, strerror(errno)); - goto csout; - } - - if (CacheSizeCheck(maxblocks * BLOCKSIZE) != 0) { - ErrorAbort(state, "not enough space for stash\n"); - goto csout; - } - - rc = 1; // Created directory - goto csout; - } - - fprintf(stderr, "using existing stash %s\n", dirname); - - // If the directory already exists, calculate the space already allocated to - // stash files and check if there's enough for all required blocks. Delete any - // partially completed stash files first. - - EnumerateStash(dirname, DeletePartial, NULL); - EnumerateStash(dirname, UpdateFileSize, &size); - - size = (maxblocks * BLOCKSIZE) - size; - - if (size > 0 && CacheSizeCheck(size) != 0) { - ErrorAbort(state, "not enough space for stash (%d more needed)\n", size); - goto csout; - } - - rc = 0; // Using existing directory - -csout: - if (dirname) { - free(dirname); - } - - return rc; -} - -static int SaveStash(const char* base, char** wordsave, uint8_t** buffer, size_t* buffer_alloc, - int fd, int usehash, int* isunresumable) { - char *id = NULL; - int res = -1; - int blocks = 0; - - if (!wordsave || !buffer || !buffer_alloc || !isunresumable) { - return -1; - } - - id = strtok_r(NULL, " ", wordsave); - - if (id == NULL) { - fprintf(stderr, "missing id field in stash command\n"); - return -1; - } - - if (usehash && LoadStash(base, id, 1, &blocks, buffer, buffer_alloc, 0) == 0) { - // Stash file already exists and has expected contents. Do not - // read from source again, as the source may have been already - // overwritten during a previous attempt. - return 0; - } - - if (LoadSrcTgtVersion1(wordsave, NULL, &blocks, buffer, buffer_alloc, fd) == -1) { - return -1; - } - - if (usehash && VerifyBlocks(id, *buffer, blocks, 1) != 0) { - // Source blocks have unexpected contents. If we actually need this - // data later, this is an unrecoverable error. However, the command - // that uses the data may have already completed previously, so the - // possible failure will occur during source block verification. - fprintf(stderr, "failed to load source blocks for stash %s\n", id); - return 0; - } - - fprintf(stderr, "stashing %d blocks to %s\n", blocks, id); - return WriteStash(base, id, blocks, *buffer, 0, NULL); -} - -static int FreeStash(const char* base, const char* id) { - char *fn = NULL; - - if (base == NULL || id == NULL) { - return -1; - } - - fn = GetStashFileName(base, id, NULL); - - if (fn == NULL) { - return -1; - } - - DeleteFile(fn, NULL); - free(fn); - - return 0; -} - -static void MoveRange(uint8_t* dest, RangeSet* locs, const uint8_t* source) { - // source contains packed data, which we want to move to the - // locations given in *locs in the dest buffer. source and dest - // may be the same buffer. - - int start = locs->size; - int i; - for (i = locs->count-1; i >= 0; --i) { - int blocks = locs->pos[i*2+1] - locs->pos[i*2]; - start -= blocks; - memmove(dest + (locs->pos[i*2] * BLOCKSIZE), source + (start * BLOCKSIZE), - blocks * BLOCKSIZE); - } -} - -// Do a source/target load for move/bsdiff/imgdiff in version 2. -// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect -// to parse the remainder of the string as one of: -// -// -// (loads data from source image only) -// -// - <[stash_id:stash_range] ...> -// (loads data from stashes only) -// -// <[stash_id:stash_range] ...> -// (loads data from both source image and stashes) -// -// On return, buffer is filled with the loaded source data (rearranged -// and combined with stashed data as necessary). buffer may be -// reallocated if needed to accommodate the source data. *tgt is the -// target RangeSet. Any stashes required are loaded using LoadStash. - -static int LoadSrcTgtVersion2(char** wordsave, RangeSet** tgt, int* src_blocks, - uint8_t** buffer, size_t* buffer_alloc, int fd, - const char* stashbase, int* overlap) { - char* word; - char* colonsave; - char* colon; - int id; - int res; - RangeSet* locs; - size_t stashalloc = 0; - uint8_t* stash = NULL; - - if (tgt != NULL) { - word = strtok_r(NULL, " ", wordsave); - *tgt = parse_range(word); - } - - word = strtok_r(NULL, " ", wordsave); - *src_blocks = strtol(word, NULL, 0); - - allocate(*src_blocks * BLOCKSIZE, buffer, buffer_alloc); - - word = strtok_r(NULL, " ", wordsave); - if (word[0] == '-' && word[1] == '\0') { - // no source ranges, only stashes - } else { - RangeSet* src = parse_range(word); - res = ReadBlocks(src, *buffer, fd); - - if (overlap && tgt) { - *overlap = range_overlaps(src, *tgt); - } - - free(src); - - if (res == -1) { - return -1; - } - - word = strtok_r(NULL, " ", wordsave); - if (word == NULL) { - // no stashes, only source range - return 0; - } - - locs = parse_range(word); - MoveRange(*buffer, locs, *buffer); - free(locs); - } - - while ((word = strtok_r(NULL, " ", wordsave)) != NULL) { - // Each word is a an index into the stash table, a colon, and - // then a rangeset describing where in the source block that - // stashed data should go. - colonsave = NULL; - colon = strtok_r(word, ":", &colonsave); - - res = LoadStash(stashbase, colon, 0, NULL, &stash, &stashalloc, 1); - - if (res == -1) { - // These source blocks will fail verification if used later, but we - // will let the caller decide if this is a fatal failure - fprintf(stderr, "failed to load stash %s\n", colon); - continue; - } - - colon = strtok_r(NULL, ":", &colonsave); - locs = parse_range(colon); - - MoveRange(*buffer, locs, stash); - free(locs); - } - - if (stash) { - free(stash); - } - - return 0; -} - -// Parameters for transfer list command functions -typedef struct { - char* cmdname; - char* cpos; - char* freestash; - char* stashbase; - int canwrite; - int createdstash; - int fd; - int foundwrites; - int isunresumable; - int version; - int written; - NewThreadInfo nti; - pthread_t thread; - size_t bufsize; - uint8_t* buffer; - uint8_t* patch_start; -} CommandParameters; - -// Do a source/target load for move/bsdiff/imgdiff in version 3. -// -// Parameters are the same as for LoadSrcTgtVersion2, except for 'onehash', which -// tells the function whether to expect separate source and targe block hashes, or -// if they are both the same and only one hash should be expected, and -// 'isunresumable', which receives a non-zero value if block verification fails in -// a way that the update cannot be resumed anymore. -// -// If the function is unable to load the necessary blocks or their contents don't -// match the hashes, the return value is -1 and the command should be aborted. -// -// If the return value is 1, the command has already been completed according to -// the contents of the target blocks, and should not be performed again. -// -// If the return value is 0, source blocks have expected content and the command -// can be performed. - -static int LoadSrcTgtVersion3(CommandParameters* params, RangeSet** tgt, int* src_blocks, - int onehash, int* overlap) { - char* srchash = NULL; - char* tgthash = NULL; - int stash_exists = 0; - int overlap_blocks = 0; - int rc = -1; - uint8_t* tgtbuffer = NULL; - - if (!params|| !tgt || !src_blocks || !overlap) { - goto v3out; - } - - srchash = strtok_r(NULL, " ", ¶ms->cpos); - - if (srchash == NULL) { - fprintf(stderr, "missing source hash\n"); - goto v3out; - } - - if (onehash) { - tgthash = srchash; - } else { - tgthash = strtok_r(NULL, " ", ¶ms->cpos); - - if (tgthash == NULL) { - fprintf(stderr, "missing target hash\n"); - goto v3out; - } - } - - if (LoadSrcTgtVersion2(¶ms->cpos, tgt, src_blocks, ¶ms->buffer, ¶ms->bufsize, - params->fd, params->stashbase, overlap) == -1) { - goto v3out; - } - - tgtbuffer = (uint8_t*) malloc((*tgt)->size * BLOCKSIZE); - - if (tgtbuffer == NULL) { - fprintf(stderr, "failed to allocate %d bytes\n", (*tgt)->size * BLOCKSIZE); - goto v3out; - } - - if (ReadBlocks(*tgt, tgtbuffer, params->fd) == -1) { - goto v3out; - } - - if (VerifyBlocks(tgthash, tgtbuffer, (*tgt)->size, 0) == 0) { - // Target blocks already have expected content, command should be skipped - rc = 1; - goto v3out; - } - - if (VerifyBlocks(srchash, params->buffer, *src_blocks, 1) == 0) { - // If source and target blocks overlap, stash the source blocks so we can - // resume from possible write errors - if (*overlap) { - fprintf(stderr, "stashing %d overlapping blocks to %s\n", *src_blocks, - srchash); - - if (WriteStash(params->stashbase, srchash, *src_blocks, params->buffer, 1, - &stash_exists) != 0) { - fprintf(stderr, "failed to stash overlapping source blocks\n"); - goto v3out; - } - - // Can be deleted when the write has completed - if (!stash_exists) { - params->freestash = srchash; - } - } - - // Source blocks have expected content, command can proceed - rc = 0; - goto v3out; - } - - if (*overlap && LoadStash(params->stashbase, srchash, 1, NULL, ¶ms->buffer, - ¶ms->bufsize, 1) == 0) { - // Overlapping source blocks were previously stashed, command can proceed. - // We are recovering from an interrupted command, so we don't know if the - // stash can safely be deleted after this command. - rc = 0; - goto v3out; - } - - // Valid source data not available, update cannot be resumed - fprintf(stderr, "partition has unexpected contents\n"); - params->isunresumable = 1; - -v3out: - if (tgtbuffer) { - free(tgtbuffer); - } - - return rc; -} - -static int PerformCommandMove(CommandParameters* params) { - int blocks = 0; - int overlap = 0; - int rc = -1; - int status = 0; - RangeSet* tgt = NULL; - - if (!params) { - goto pcmout; - } - - if (params->version == 1) { - status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd); - } else if (params->version == 2) { - status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd, params->stashbase, NULL); - } else if (params->version >= 3) { - status = LoadSrcTgtVersion3(params, &tgt, &blocks, 1, &overlap); - } - - if (status == -1) { - fprintf(stderr, "failed to read blocks for move\n"); - goto pcmout; - } - - if (status == 0) { - params->foundwrites = 1; - } else if (params->foundwrites) { - fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); - } - - if (params->canwrite) { - if (status == 0) { - fprintf(stderr, " moving %d blocks\n", blocks); - - if (WriteBlocks(tgt, params->buffer, params->fd) == -1) { - goto pcmout; - } - } else { - fprintf(stderr, "skipping %d already moved blocks\n", blocks); - } - - } - - if (params->freestash) { - FreeStash(params->stashbase, params->freestash); - params->freestash = NULL; - } - - params->written += tgt->size; - rc = 0; - -pcmout: - if (tgt) { - free(tgt); - } - - return rc; -} - -static int PerformCommandStash(CommandParameters* params) { - if (!params) { - return -1; - } - - return SaveStash(params->stashbase, ¶ms->cpos, ¶ms->buffer, ¶ms->bufsize, - params->fd, (params->version >= 3), ¶ms->isunresumable); -} - -static int PerformCommandFree(CommandParameters* params) { - if (!params) { - return -1; - } - - if (params->createdstash || params->canwrite) { - return FreeStash(params->stashbase, params->cpos); - } - - return 0; -} - -static int PerformCommandZero(CommandParameters* params) { - char* range = NULL; - int i; - int j; - int rc = -1; - RangeSet* tgt = NULL; - - if (!params) { - goto pczout; - } - - range = strtok_r(NULL, " ", ¶ms->cpos); - - if (range == NULL) { - fprintf(stderr, "missing target blocks for zero\n"); - goto pczout; - } - - tgt = parse_range(range); - - fprintf(stderr, " zeroing %d blocks\n", tgt->size); - - allocate(BLOCKSIZE, ¶ms->buffer, ¶ms->bufsize); - memset(params->buffer, 0, BLOCKSIZE); - - if (params->canwrite) { - for (i = 0; i < tgt->count; ++i) { - if (!check_lseek(params->fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { - goto pczout; - } - - for (j = tgt->pos[i * 2]; j < tgt->pos[i * 2 + 1]; ++j) { - if (write_all(params->fd, params->buffer, BLOCKSIZE) == -1) { - goto pczout; - } - } - } - } - - if (params->cmdname[0] == 'z') { - // Update only for the zero command, as the erase command will call - // this if DEBUG_ERASE is defined. - params->written += tgt->size; - } - - rc = 0; - -pczout: - if (tgt) { - free(tgt); - } - - return rc; -} - -static int PerformCommandNew(CommandParameters* params) { - char* range = NULL; - int rc = -1; - RangeSet* tgt = NULL; - RangeSinkState rss; - - if (!params) { - goto pcnout; - } - - range = strtok_r(NULL, " ", ¶ms->cpos); - - if (range == NULL) { - goto pcnout; - } - - tgt = parse_range(range); - - if (params->canwrite) { - fprintf(stderr, " writing %d blocks of new data\n", tgt->size); - - rss.fd = params->fd; - rss.tgt = tgt; - rss.p_block = 0; - rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; - - if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { - goto pcnout; - } - - pthread_mutex_lock(¶ms->nti.mu); - params->nti.rss = &rss; - pthread_cond_broadcast(¶ms->nti.cv); - - while (params->nti.rss) { - pthread_cond_wait(¶ms->nti.cv, ¶ms->nti.mu); - } - - pthread_mutex_unlock(¶ms->nti.mu); - } - - params->written += tgt->size; - rc = 0; - -pcnout: - if (tgt) { - free(tgt); - } - - return rc; -} - -static int PerformCommandDiff(CommandParameters* params) { - char* logparams = NULL; - char* value = NULL; - int blocks = 0; - int overlap = 0; - int rc = -1; - int status = 0; - RangeSet* tgt = NULL; - RangeSinkState rss; - size_t len = 0; - size_t offset = 0; - Value patch_value; - - if (!params) { - goto pcdout; - } - - logparams = strdup(params->cpos); - value = strtok_r(NULL, " ", ¶ms->cpos); - - if (value == NULL) { - fprintf(stderr, "missing patch offset for %s\n", params->cmdname); - goto pcdout; - } - - offset = strtoul(value, NULL, 0); - - value = strtok_r(NULL, " ", ¶ms->cpos); - - if (value == NULL) { - fprintf(stderr, "missing patch length for %s\n", params->cmdname); - goto pcdout; - } - - len = strtoul(value, NULL, 0); - - if (params->version == 1) { - status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd); - } else if (params->version == 2) { - status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd, params->stashbase, NULL); - } else if (params->version >= 3) { - status = LoadSrcTgtVersion3(params, &tgt, &blocks, 0, &overlap); - } - - if (status == -1) { - fprintf(stderr, "failed to read blocks for diff\n"); - goto pcdout; - } - - if (status == 0) { - params->foundwrites = 1; - } else if (params->foundwrites) { - fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); - } - - if (params->canwrite) { - if (status == 0) { - fprintf(stderr, "patching %d blocks to %d\n", blocks, tgt->size); - - patch_value.type = VAL_BLOB; - patch_value.size = len; - patch_value.data = (char*) (params->patch_start + offset); - - rss.fd = params->fd; - rss.tgt = tgt; - rss.p_block = 0; - rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; - - if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { - goto pcdout; - } - - if (params->cmdname[0] == 'i') { // imgdiff - ApplyImagePatch(params->buffer, blocks * BLOCKSIZE, &patch_value, - &RangeSinkWrite, &rss, NULL, NULL); - } else { - ApplyBSDiffPatch(params->buffer, blocks * BLOCKSIZE, &patch_value, - 0, &RangeSinkWrite, &rss, NULL); - } - - // We expect the output of the patcher to fill the tgt ranges exactly. - if (rss.p_block != tgt->count || rss.p_remain != 0) { - fprintf(stderr, "range sink underrun?\n"); - } - } else { - fprintf(stderr, "skipping %d blocks already patched to %d [%s]\n", - blocks, tgt->size, logparams); - } - } - - if (params->freestash) { - FreeStash(params->stashbase, params->freestash); - params->freestash = NULL; - } - - params->written += tgt->size; - rc = 0; - -pcdout: - if (logparams) { - free(logparams); - } - - if (tgt) { - free(tgt); - } - - return rc; -} - -static int PerformCommandErase(CommandParameters* params) { - char* range = NULL; - int i; - int rc = -1; - RangeSet* tgt = NULL; - struct stat st; - uint64_t blocks[2]; - - if (DEBUG_ERASE) { - return PerformCommandZero(params); - } - - if (!params) { - goto pceout; - } - - if (fstat(params->fd, &st) == -1) { - fprintf(stderr, "failed to fstat device to erase: %s\n", strerror(errno)); - goto pceout; - } - - if (!S_ISBLK(st.st_mode)) { - fprintf(stderr, "not a block device; skipping erase\n"); - goto pceout; - } - - range = strtok_r(NULL, " ", ¶ms->cpos); - - if (range == NULL) { - fprintf(stderr, "missing target blocks for zero\n"); - goto pceout; - } - - tgt = parse_range(range); - - if (params->canwrite) { - fprintf(stderr, " erasing %d blocks\n", tgt->size); - - for (i = 0; i < tgt->count; ++i) { - // offset in bytes - blocks[0] = tgt->pos[i * 2] * (uint64_t) BLOCKSIZE; - // length in bytes - blocks[1] = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * (uint64_t) BLOCKSIZE; - - if (ioctl(params->fd, BLKDISCARD, &blocks) == -1) { - fprintf(stderr, "BLKDISCARD ioctl failed: %s\n", strerror(errno)); - goto pceout; - } - } - } - - rc = 0; - -pceout: - if (tgt) { - free(tgt); - } - - return rc; -} - -// Definitions for transfer list command functions -typedef int (*CommandFunction)(CommandParameters*); - -typedef struct { - const char* name; - CommandFunction f; -} Command; - -// CompareCommands and CompareCommandNames are for the hash table - -static int CompareCommands(const void* c1, const void* c2) { - return strcmp(((const Command*) c1)->name, ((const Command*) c2)->name); -} - -static int CompareCommandNames(const void* c1, const void* c2) { - return strcmp(((const Command*) c1)->name, (const char*) c2); -} - -// HashString is used to hash command names for the hash table - -static unsigned int HashString(const char *s) { - unsigned int hash = 0; - if (s) { - while (*s) { - hash = hash * 33 + *s++; - } - } - return hash; -} - -// args: -// - block device (or file) to modify in-place -// - transfer list (blob) -// - new data stream (filename within package.zip) -// - patch stream (filename within package.zip, must be uncompressed) - -static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, Expr* argv[], - const Command* commands, int cmdcount, int dryrun) { - - char* line = NULL; - char* linesave = NULL; - char* logcmd = NULL; - char* transfer_list = NULL; - CommandParameters params; - const Command* cmd = NULL; - const ZipEntry* new_entry = NULL; - const ZipEntry* patch_entry = NULL; - FILE* cmd_pipe = NULL; - HashTable* cmdht = NULL; - int i; - int res; - int rc = -1; - int stash_max_blocks = 0; - int total_blocks = 0; - pthread_attr_t attr; - unsigned int cmdhash; - UpdaterInfo* ui = NULL; - Value* blockdev_filename = NULL; - Value* new_data_fn = NULL; - Value* patch_data_fn = NULL; - Value* transfer_list_value = NULL; - ZipArchive* za = NULL; - - memset(¶ms, 0, sizeof(params)); - params.canwrite = !dryrun; - - fprintf(stderr, "performing %s\n", dryrun ? "verification" : "update"); - - if (ReadValueArgs(state, argv, 4, &blockdev_filename, &transfer_list_value, - &new_data_fn, &patch_data_fn) < 0) { - goto pbiudone; - } - - if (blockdev_filename->type != VAL_STRING) { - ErrorAbort(state, "blockdev_filename argument to %s must be string", name); - goto pbiudone; - } - if (transfer_list_value->type != VAL_BLOB) { - ErrorAbort(state, "transfer_list argument to %s must be blob", name); - goto pbiudone; - } - if (new_data_fn->type != VAL_STRING) { - ErrorAbort(state, "new_data_fn argument to %s must be string", name); - goto pbiudone; - } - if (patch_data_fn->type != VAL_STRING) { - ErrorAbort(state, "patch_data_fn argument to %s must be string", name); - goto pbiudone; - } - - ui = (UpdaterInfo*) state->cookie; - - if (ui == NULL) { - goto pbiudone; - } - - cmd_pipe = ui->cmd_pipe; - za = ui->package_zip; - - if (cmd_pipe == NULL || za == NULL) { - goto pbiudone; - } - - patch_entry = mzFindZipEntry(za, patch_data_fn->data); - - if (patch_entry == NULL) { - fprintf(stderr, "%s(): no file \"%s\" in package", name, patch_data_fn->data); - goto pbiudone; - } - - params.patch_start = ui->package_zip_addr + mzGetZipEntryOffset(patch_entry); - new_entry = mzFindZipEntry(za, new_data_fn->data); - - if (new_entry == NULL) { - fprintf(stderr, "%s(): no file \"%s\" in package", name, new_data_fn->data); - goto pbiudone; - } - - params.fd = TEMP_FAILURE_RETRY(open(blockdev_filename->data, O_RDWR)); - - if (params.fd == -1) { - fprintf(stderr, "open \"%s\" failed: %s\n", blockdev_filename->data, strerror(errno)); - goto pbiudone; - } - - if (params.canwrite) { - params.nti.za = za; - params.nti.entry = new_entry; - - pthread_mutex_init(¶ms.nti.mu, NULL); - pthread_cond_init(¶ms.nti.cv, NULL); - pthread_attr_init(&attr); - pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); - - int error = pthread_create(¶ms.thread, &attr, unzip_new_data, ¶ms.nti); - if (error != 0) { - fprintf(stderr, "pthread_create failed: %s\n", strerror(error)); - goto pbiudone; - } - } - - // The data in transfer_list_value is not necessarily null-terminated, so we need - // to copy it to a new buffer and add the null that strtok_r will need. - transfer_list = malloc(transfer_list_value->size + 1); - - if (transfer_list == NULL) { - fprintf(stderr, "failed to allocate %zd bytes for transfer list\n", - transfer_list_value->size + 1); - goto pbiudone; - } - - memcpy(transfer_list, transfer_list_value->data, transfer_list_value->size); - transfer_list[transfer_list_value->size] = '\0'; - - // First line in transfer list is the version number - line = strtok_r(transfer_list, "\n", &linesave); - params.version = strtol(line, NULL, 0); - - if (params.version < 1 || params.version > 3) { - fprintf(stderr, "unexpected transfer list version [%s]\n", line); - goto pbiudone; - } - - fprintf(stderr, "blockimg version is %d\n", params.version); - - // Second line in transfer list is the total number of blocks we expect to write - line = strtok_r(NULL, "\n", &linesave); - total_blocks = strtol(line, NULL, 0); - - if (total_blocks < 0) { - ErrorAbort(state, "unexpected block count [%s]\n", line); - goto pbiudone; - } else if (total_blocks == 0) { - rc = 0; - goto pbiudone; - } - - if (params.version >= 2) { - // Third line is how many stash entries are needed simultaneously - line = strtok_r(NULL, "\n", &linesave); - fprintf(stderr, "maximum stash entries %s\n", line); - - // Fourth line is the maximum number of blocks that will be stashed simultaneously - line = strtok_r(NULL, "\n", &linesave); - stash_max_blocks = strtol(line, NULL, 0); - - if (stash_max_blocks < 0) { - ErrorAbort(state, "unexpected maximum stash blocks [%s]\n", line); - goto pbiudone; - } - - if (stash_max_blocks >= 0) { - res = CreateStash(state, stash_max_blocks, blockdev_filename->data, - ¶ms.stashbase); - - if (res == -1) { - goto pbiudone; - } - - params.createdstash = res; - } - } - - // Build a hash table of the available commands - cmdht = mzHashTableCreate(cmdcount, NULL); - - for (i = 0; i < cmdcount; ++i) { - cmdhash = HashString(commands[i].name); - mzHashTableLookup(cmdht, cmdhash, (void*) &commands[i], CompareCommands, true); - } - - // Subsequent lines are all individual transfer commands - for (line = strtok_r(NULL, "\n", &linesave); line; - line = strtok_r(NULL, "\n", &linesave)) { - - logcmd = strdup(line); - params.cmdname = strtok_r(line, " ", ¶ms.cpos); - - if (params.cmdname == NULL) { - fprintf(stderr, "missing command [%s]\n", line); - goto pbiudone; - } - - cmdhash = HashString(params.cmdname); - cmd = (const Command*) mzHashTableLookup(cmdht, cmdhash, params.cmdname, - CompareCommandNames, false); - - if (cmd == NULL) { - fprintf(stderr, "unexpected command [%s]\n", params.cmdname); - goto pbiudone; - } - - if (cmd->f != NULL && cmd->f(¶ms) == -1) { - fprintf(stderr, "failed to execute command [%s]\n", - logcmd ? logcmd : params.cmdname); - goto pbiudone; - } - - if (logcmd) { - free(logcmd); - logcmd = NULL; - } - - if (params.canwrite) { - fprintf(cmd_pipe, "set_progress %.4f\n", (double) params.written / total_blocks); - fflush(cmd_pipe); - } - } - - if (params.canwrite) { - pthread_join(params.thread, NULL); - - fprintf(stderr, "wrote %d blocks; expected %d\n", params.written, total_blocks); - fprintf(stderr, "max alloc needed was %zu\n", params.bufsize); - - // Delete stash only after successfully completing the update, as it - // may contain blocks needed to complete the update later. - DeleteStash(params.stashbase); - } else { - fprintf(stderr, "verified partition contents; update may be resumed\n"); - } - - rc = 0; - -pbiudone: - if (params.fd != -1) { - if (fsync(params.fd) == -1) { - fprintf(stderr, "fsync failed: %s\n", strerror(errno)); - } - close(params.fd); - } - - if (logcmd) { - free(logcmd); - } - - if (cmdht) { - mzHashTableFree(cmdht); - } - - if (params.buffer) { - free(params.buffer); - } - - if (transfer_list) { - free(transfer_list); - } - - if (blockdev_filename) { - FreeValue(blockdev_filename); - } - - if (transfer_list_value) { - FreeValue(transfer_list_value); - } - - if (new_data_fn) { - FreeValue(new_data_fn); - } - - if (patch_data_fn) { - FreeValue(patch_data_fn); - } - - // Only delete the stash if the update cannot be resumed, or it's - // a verification run and we created the stash. - if (params.isunresumable || (!params.canwrite && params.createdstash)) { - DeleteStash(params.stashbase); - } - - if (params.stashbase) { - free(params.stashbase); - } - - return StringValue(rc == 0 ? strdup("t") : strdup("")); -} - -// The transfer list is a text file containing commands to -// transfer data from one place to another on the target -// partition. We parse it and execute the commands in order: -// -// zero [rangeset] -// - fill the indicated blocks with zeros -// -// new [rangeset] -// - fill the blocks with data read from the new_data file -// -// erase [rangeset] -// - mark the given blocks as empty -// -// move <...> -// bsdiff <...> -// imgdiff <...> -// - read the source blocks, apply a patch (or not in the -// case of move), write result to target blocks. bsdiff or -// imgdiff specifies the type of patch; move means no patch -// at all. -// -// The format of <...> differs between versions 1 and 2; -// see the LoadSrcTgtVersion{1,2}() functions for a -// description of what's expected. -// -// stash -// - (version 2+ only) load the given source range and stash -// the data in the given slot of the stash table. -// -// The creator of the transfer list will guarantee that no block -// is read (ie, used as the source for a patch or move) after it -// has been written. -// -// In version 2, the creator will guarantee that a given stash is -// loaded (with a stash command) before it's used in a -// move/bsdiff/imgdiff command. -// -// Within one command the source and target ranges may overlap so -// in general we need to read the entire source into memory before -// writing anything to the target blocks. -// -// All the patch data is concatenated into one patch_data file in -// the update package. It must be stored uncompressed because we -// memory-map it in directly from the archive. (Since patches are -// already compressed, we lose very little by not compressing -// their concatenation.) -// -// In version 3, commands that read data from the partition (i.e. -// move/bsdiff/imgdiff/stash) have one or more additional hashes -// before the range parameters, which are used to check if the -// command has already been completed and verify the integrity of -// the source data. - -Value* BlockImageVerifyFn(const char* name, State* state, int argc, Expr* argv[]) { - // Commands which are not tested are set to NULL to skip them completely - const Command commands[] = { - { "bsdiff", PerformCommandDiff }, - { "erase", NULL }, - { "free", PerformCommandFree }, - { "imgdiff", PerformCommandDiff }, - { "move", PerformCommandMove }, - { "new", NULL }, - { "stash", PerformCommandStash }, - { "zero", NULL } - }; - - // Perform a dry run without writing to test if an update can proceed - return PerformBlockImageUpdate(name, state, argc, argv, commands, - sizeof(commands) / sizeof(commands[0]), 1); -} - -Value* BlockImageUpdateFn(const char* name, State* state, int argc, Expr* argv[]) { - const Command commands[] = { - { "bsdiff", PerformCommandDiff }, - { "erase", PerformCommandErase }, - { "free", PerformCommandFree }, - { "imgdiff", PerformCommandDiff }, - { "move", PerformCommandMove }, - { "new", PerformCommandNew }, - { "stash", PerformCommandStash }, - { "zero", PerformCommandZero } - }; - - return PerformBlockImageUpdate(name, state, argc, argv, commands, - sizeof(commands) / sizeof(commands[0]), 0); -} - -Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { - Value* blockdev_filename; - Value* ranges; - const uint8_t* digest = NULL; - if (ReadValueArgs(state, argv, 2, &blockdev_filename, &ranges) < 0) { - return NULL; - } - - if (blockdev_filename->type != VAL_STRING) { - ErrorAbort(state, "blockdev_filename argument to %s must be string", name); - goto done; - } - if (ranges->type != VAL_STRING) { - ErrorAbort(state, "ranges argument to %s must be string", name); - goto done; - } - - int fd = open(blockdev_filename->data, O_RDWR); - if (fd < 0) { - ErrorAbort(state, "open \"%s\" failed: %s", blockdev_filename->data, strerror(errno)); - goto done; - } - - RangeSet* rs = parse_range(ranges->data); - uint8_t buffer[BLOCKSIZE]; - - SHA_CTX ctx; - SHA_init(&ctx); - - int i, j; - for (i = 0; i < rs->count; ++i) { - if (!check_lseek(fd, (off64_t)rs->pos[i*2] * BLOCKSIZE, SEEK_SET)) { - ErrorAbort(state, "failed to seek %s: %s", blockdev_filename->data, - strerror(errno)); - goto done; - } - - for (j = rs->pos[i*2]; j < rs->pos[i*2+1]; ++j) { - if (read_all(fd, buffer, BLOCKSIZE) == -1) { - ErrorAbort(state, "failed to read %s: %s", blockdev_filename->data, - strerror(errno)); - goto done; - } - - SHA_update(&ctx, buffer, BLOCKSIZE); - } - } - digest = SHA_final(&ctx); - close(fd); - - done: - FreeValue(blockdev_filename); - FreeValue(ranges); - if (digest == NULL) { - return StringValue(strdup("")); - } else { - return StringValue(PrintSha1(digest)); - } -} - -void RegisterBlockImageFunctions() { - RegisterFunction("block_image_verify", BlockImageVerifyFn); - RegisterFunction("block_image_update", BlockImageUpdateFn); - RegisterFunction("range_sha1", RangeSha1Fn); -} diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp new file mode 100644 index 000000000..258d97552 --- /dev/null +++ b/updater/blockimg.cpp @@ -0,0 +1,1991 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "applypatch/applypatch.h" +#include "edify/expr.h" +#include "mincrypt/sha.h" +#include "minzip/Hash.h" +#include "updater.h" + +#define BLOCKSIZE 4096 + +// Set this to 0 to interpret 'erase' transfers to mean do a +// BLKDISCARD ioctl (the normal behavior). Set to 1 to interpret +// erase to mean fill the region with zeroes. +#define DEBUG_ERASE 0 + +#define STASH_DIRECTORY_BASE "/cache/recovery" +#define STASH_DIRECTORY_MODE 0700 +#define STASH_FILE_MODE 0600 + +char* PrintSha1(const uint8_t* digest); + +typedef struct { + int count; + int size; + int pos[0]; +} RangeSet; + +#define RANGESET_MAX_POINTS \ + ((int)((INT_MAX / sizeof(int)) - sizeof(RangeSet))) + +static RangeSet* parse_range(char* text) { + char* save; + char* token; + int num; + long int val; + RangeSet* out = NULL; + size_t bufsize; + + if (!text) { + goto err; + } + + token = strtok_r(text, ",", &save); + + if (!token) { + goto err; + } + + val = strtol(token, NULL, 0); + + if (val < 2 || val > RANGESET_MAX_POINTS) { + goto err; + } else if (val % 2) { + goto err; // must be even + } + + num = (int) val; + bufsize = sizeof(RangeSet) + num * sizeof(int); + + out = reinterpret_cast(malloc(bufsize)); + + if (!out) { + fprintf(stderr, "failed to allocate range of %zu bytes\n", bufsize); + goto err; + } + + out->count = num / 2; + out->size = 0; + + for (int i = 0; i < num; ++i) { + token = strtok_r(NULL, ",", &save); + + if (!token) { + goto err; + } + + val = strtol(token, NULL, 0); + + if (val < 0 || val > INT_MAX) { + goto err; + } + + out->pos[i] = (int) val; + + if (i % 2) { + if (out->pos[i - 1] >= out->pos[i]) { + goto err; // empty or negative range + } + + if (out->size > INT_MAX - out->pos[i]) { + goto err; // overflow + } + + out->size += out->pos[i]; + } else { + if (out->size < 0) { + goto err; + } + + out->size -= out->pos[i]; + } + } + + if (out->size <= 0) { + goto err; + } + + return out; + +err: + fprintf(stderr, "failed to parse range '%s'\n", text ? text : "NULL"); + exit(1); +} + +static int range_overlaps(RangeSet* r1, RangeSet* r2) { + int i, j, r1_0, r1_1, r2_0, r2_1; + + if (!r1 || !r2) { + return 0; + } + + for (i = 0; i < r1->count; ++i) { + r1_0 = r1->pos[i * 2]; + r1_1 = r1->pos[i * 2 + 1]; + + for (j = 0; j < r2->count; ++j) { + r2_0 = r2->pos[j * 2]; + r2_1 = r2->pos[j * 2 + 1]; + + if (!(r2_0 >= r1_1 || r1_0 >= r2_1)) { + return 1; + } + } + } + + return 0; +} + +static int read_all(int fd, uint8_t* data, size_t size) { + size_t so_far = 0; + while (so_far < size) { + ssize_t r = TEMP_FAILURE_RETRY(read(fd, data+so_far, size-so_far)); + if (r == -1) { + fprintf(stderr, "read failed: %s\n", strerror(errno)); + return -1; + } + so_far += r; + } + return 0; +} + +static int write_all(int fd, const uint8_t* data, size_t size) { + size_t written = 0; + while (written < size) { + ssize_t w = TEMP_FAILURE_RETRY(write(fd, data+written, size-written)); + if (w == -1) { + fprintf(stderr, "write failed: %s\n", strerror(errno)); + return -1; + } + written += w; + } + + if (fsync(fd) == -1) { + fprintf(stderr, "fsync failed: %s\n", strerror(errno)); + return -1; + } + + return 0; +} + +static bool check_lseek(int fd, off64_t offset, int whence) { + off64_t rc = TEMP_FAILURE_RETRY(lseek64(fd, offset, whence)); + if (rc == -1) { + fprintf(stderr, "lseek64 failed: %s\n", strerror(errno)); + return false; + } + return true; +} + +static void allocate(size_t size, uint8_t** buffer, size_t* buffer_alloc) { + // if the buffer's big enough, reuse it. + if (size <= *buffer_alloc) return; + + free(*buffer); + + *buffer = (uint8_t*) malloc(size); + if (*buffer == NULL) { + fprintf(stderr, "failed to allocate %zu bytes\n", size); + exit(1); + } + *buffer_alloc = size; +} + +typedef struct { + int fd; + RangeSet* tgt; + int p_block; + size_t p_remain; +} RangeSinkState; + +static ssize_t RangeSinkWrite(const uint8_t* data, ssize_t size, void* token) { + RangeSinkState* rss = (RangeSinkState*) token; + + if (rss->p_remain <= 0) { + fprintf(stderr, "range sink write overrun"); + return 0; + } + + ssize_t written = 0; + while (size > 0) { + size_t write_now = size; + + if (rss->p_remain < write_now) { + write_now = rss->p_remain; + } + + if (write_all(rss->fd, data, write_now) == -1) { + break; + } + + data += write_now; + size -= write_now; + + rss->p_remain -= write_now; + written += write_now; + + if (rss->p_remain == 0) { + // move to the next block + ++rss->p_block; + if (rss->p_block < rss->tgt->count) { + rss->p_remain = (rss->tgt->pos[rss->p_block * 2 + 1] - + rss->tgt->pos[rss->p_block * 2]) * BLOCKSIZE; + + if (!check_lseek(rss->fd, (off64_t)rss->tgt->pos[rss->p_block*2] * BLOCKSIZE, + SEEK_SET)) { + break; + } + } else { + // we can't write any more; return how many bytes have + // been written so far. + break; + } + } + } + + return written; +} + +// All of the data for all the 'new' transfers is contained in one +// file in the update package, concatenated together in the order in +// which transfers.list will need it. We want to stream it out of the +// archive (it's compressed) without writing it to a temp file, but we +// can't write each section until it's that transfer's turn to go. +// +// To achieve this, we expand the new data from the archive in a +// background thread, and block that threads 'receive uncompressed +// data' function until the main thread has reached a point where we +// want some new data to be written. We signal the background thread +// with the destination for the data and block the main thread, +// waiting for the background thread to complete writing that section. +// Then it signals the main thread to wake up and goes back to +// blocking waiting for a transfer. +// +// NewThreadInfo is the struct used to pass information back and forth +// between the two threads. When the main thread wants some data +// written, it sets rss to the destination location and signals the +// condition. When the background thread is done writing, it clears +// rss and signals the condition again. + +typedef struct { + ZipArchive* za; + const ZipEntry* entry; + + RangeSinkState* rss; + + pthread_mutex_t mu; + pthread_cond_t cv; +} NewThreadInfo; + +static bool receive_new_data(const unsigned char* data, int size, void* cookie) { + NewThreadInfo* nti = (NewThreadInfo*) cookie; + + while (size > 0) { + // Wait for nti->rss to be non-NULL, indicating some of this + // data is wanted. + pthread_mutex_lock(&nti->mu); + while (nti->rss == NULL) { + pthread_cond_wait(&nti->cv, &nti->mu); + } + pthread_mutex_unlock(&nti->mu); + + // At this point nti->rss is set, and we own it. The main + // thread is waiting for it to disappear from nti. + ssize_t written = RangeSinkWrite(data, size, nti->rss); + data += written; + size -= written; + + if (nti->rss->p_block == nti->rss->tgt->count) { + // we have written all the bytes desired by this rss. + + pthread_mutex_lock(&nti->mu); + nti->rss = NULL; + pthread_cond_broadcast(&nti->cv); + pthread_mutex_unlock(&nti->mu); + } + } + + return true; +} + +static void* unzip_new_data(void* cookie) { + NewThreadInfo* nti = (NewThreadInfo*) cookie; + mzProcessZipEntryContents(nti->za, nti->entry, receive_new_data, nti); + return NULL; +} + +static int ReadBlocks(RangeSet* src, uint8_t* buffer, int fd) { + int i; + size_t p = 0; + size_t size; + + if (!src || !buffer) { + return -1; + } + + for (i = 0; i < src->count; ++i) { + if (!check_lseek(fd, (off64_t) src->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + return -1; + } + + size = (src->pos[i * 2 + 1] - src->pos[i * 2]) * BLOCKSIZE; + + if (read_all(fd, buffer + p, size) == -1) { + return -1; + } + + p += size; + } + + return 0; +} + +static int WriteBlocks(RangeSet* tgt, uint8_t* buffer, int fd) { + int i; + size_t p = 0; + size_t size; + + if (!tgt || !buffer) { + return -1; + } + + for (i = 0; i < tgt->count; ++i) { + if (!check_lseek(fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + return -1; + } + + size = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * BLOCKSIZE; + + if (write_all(fd, buffer + p, size) == -1) { + return -1; + } + + p += size; + } + + return 0; +} + +// Do a source/target load for move/bsdiff/imgdiff in version 1. +// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect +// to parse the remainder of the string as: +// +// +// +// The source range is loaded into the provided buffer, reallocating +// it to make it larger if necessary. The target ranges are returned +// in *tgt, if tgt is non-NULL. + +static int LoadSrcTgtVersion1(char** wordsave, RangeSet** tgt, int* src_blocks, + uint8_t** buffer, size_t* buffer_alloc, int fd) { + char* word; + int rc; + + word = strtok_r(NULL, " ", wordsave); + RangeSet* src = parse_range(word); + + if (tgt != NULL) { + word = strtok_r(NULL, " ", wordsave); + *tgt = parse_range(word); + } + + allocate(src->size * BLOCKSIZE, buffer, buffer_alloc); + rc = ReadBlocks(src, *buffer, fd); + *src_blocks = src->size; + + free(src); + return rc; +} + +static int VerifyBlocks(const char *expected, const uint8_t *buffer, + size_t blocks, int printerror) { + char* hexdigest = NULL; + int rc = -1; + uint8_t digest[SHA_DIGEST_SIZE]; + + if (!expected || !buffer) { + return rc; + } + + SHA_hash(buffer, blocks * BLOCKSIZE, digest); + hexdigest = PrintSha1(digest); + + if (hexdigest != NULL) { + rc = strcmp(expected, hexdigest); + + if (rc != 0 && printerror) { + fprintf(stderr, "failed to verify blocks (expected %s, read %s)\n", + expected, hexdigest); + } + + free(hexdigest); + } + + return rc; +} + +static char* GetStashFileName(const char* base, const char* id, const char* postfix) { + char* fn; + int len; + int res; + + if (base == NULL) { + return NULL; + } + + if (id == NULL) { + id = ""; + } + + if (postfix == NULL) { + postfix = ""; + } + + len = strlen(STASH_DIRECTORY_BASE) + 1 + strlen(base) + 1 + strlen(id) + strlen(postfix) + 1; + fn = reinterpret_cast(malloc(len)); + + if (fn == NULL) { + fprintf(stderr, "failed to malloc %d bytes for fn\n", len); + return NULL; + } + + res = snprintf(fn, len, STASH_DIRECTORY_BASE "/%s/%s%s", base, id, postfix); + + if (res < 0 || res >= len) { + fprintf(stderr, "failed to format file name (return value %d)\n", res); + free(fn); + return NULL; + } + + return fn; +} + +typedef void (*StashCallback)(const char*, void*); + +// Does a best effort enumeration of stash files. Ignores possible non-file +// items in the stash directory and continues despite of errors. Calls the +// 'callback' function for each file and passes 'data' to the function as a +// parameter. + +static void EnumerateStash(const char* dirname, StashCallback callback, void* data) { + char* fn; + DIR* directory; + int len; + int res; + struct dirent* item; + + if (dirname == NULL || callback == NULL) { + return; + } + + directory = opendir(dirname); + + if (directory == NULL) { + if (errno != ENOENT) { + fprintf(stderr, "opendir \"%s\" failed: %s\n", dirname, strerror(errno)); + } + return; + } + + while ((item = readdir(directory)) != NULL) { + if (item->d_type != DT_REG) { + continue; + } + + len = strlen(dirname) + 1 + strlen(item->d_name) + 1; + fn = reinterpret_cast(malloc(len)); + + if (fn == NULL) { + fprintf(stderr, "failed to malloc %d bytes for fn\n", len); + continue; + } + + res = snprintf(fn, len, "%s/%s", dirname, item->d_name); + + if (res < 0 || res >= len) { + fprintf(stderr, "failed to format file name (return value %d)\n", res); + free(fn); + continue; + } + + callback(fn, data); + free(fn); + } + + if (closedir(directory) == -1) { + fprintf(stderr, "closedir \"%s\" failed: %s\n", dirname, strerror(errno)); + } +} + +static void UpdateFileSize(const char* fn, void* data) { + int* size = (int*) data; + struct stat st; + + if (!fn || !data) { + return; + } + + if (stat(fn, &st) == -1) { + fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); + return; + } + + *size += st.st_size; +} + +// Deletes the stash directory and all files in it. Assumes that it only +// contains files. There is nothing we can do about unlikely, but possible +// errors, so they are merely logged. + +static void DeleteFile(const char* fn, void* data) { + if (fn) { + fprintf(stderr, "deleting %s\n", fn); + + if (unlink(fn) == -1 && errno != ENOENT) { + fprintf(stderr, "unlink \"%s\" failed: %s\n", fn, strerror(errno)); + } + } +} + +static void DeletePartial(const char* fn, void* data) { + if (fn && strstr(fn, ".partial") != NULL) { + DeleteFile(fn, data); + } +} + +static void DeleteStash(const char* base) { + char* dirname; + + if (base == NULL) { + return; + } + + dirname = GetStashFileName(base, NULL, NULL); + + if (dirname == NULL) { + return; + } + + fprintf(stderr, "deleting stash %s\n", base); + EnumerateStash(dirname, DeleteFile, NULL); + + if (rmdir(dirname) == -1) { + if (errno != ENOENT && errno != ENOTDIR) { + fprintf(stderr, "rmdir \"%s\" failed: %s\n", dirname, strerror(errno)); + } + } + + free(dirname); +} + +static int LoadStash(const char* base, const char* id, int verify, int* blocks, uint8_t** buffer, + size_t* buffer_alloc, int printnoent) { + char *fn = NULL; + int blockcount = 0; + int fd = -1; + int rc = -1; + int res; + struct stat st; + + if (!base || !id || !buffer || !buffer_alloc) { + goto lsout; + } + + if (!blocks) { + blocks = &blockcount; + } + + fn = GetStashFileName(base, id, NULL); + + if (fn == NULL) { + goto lsout; + } + + res = stat(fn, &st); + + if (res == -1) { + if (errno != ENOENT || printnoent) { + fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); + } + goto lsout; + } + + fprintf(stderr, " loading %s\n", fn); + + if ((st.st_size % BLOCKSIZE) != 0) { + fprintf(stderr, "%s size %" PRId64 " not multiple of block size %d", + fn, static_cast(st.st_size), BLOCKSIZE); + goto lsout; + } + + fd = TEMP_FAILURE_RETRY(open(fn, O_RDONLY)); + + if (fd == -1) { + fprintf(stderr, "open \"%s\" failed: %s\n", fn, strerror(errno)); + goto lsout; + } + + allocate(st.st_size, buffer, buffer_alloc); + + if (read_all(fd, *buffer, st.st_size) == -1) { + goto lsout; + } + + *blocks = st.st_size / BLOCKSIZE; + + if (verify && VerifyBlocks(id, *buffer, *blocks, 1) != 0) { + fprintf(stderr, "unexpected contents in %s\n", fn); + DeleteFile(fn, NULL); + goto lsout; + } + + rc = 0; + +lsout: + if (fd != -1) { + close(fd); + } + + if (fn) { + free(fn); + } + + return rc; +} + +static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buffer, + int checkspace, int *exists) { + char *fn = NULL; + char *cn = NULL; + int fd = -1; + int rc = -1; + int res; + struct stat st; + + if (base == NULL || buffer == NULL) { + goto wsout; + } + + if (checkspace && CacheSizeCheck(blocks * BLOCKSIZE) != 0) { + fprintf(stderr, "not enough space to write stash\n"); + goto wsout; + } + + fn = GetStashFileName(base, id, ".partial"); + cn = GetStashFileName(base, id, NULL); + + if (fn == NULL || cn == NULL) { + goto wsout; + } + + if (exists) { + res = stat(cn, &st); + + if (res == 0) { + // The file already exists and since the name is the hash of the contents, + // it's safe to assume the contents are identical (accidental hash collisions + // are unlikely) + fprintf(stderr, " skipping %d existing blocks in %s\n", blocks, cn); + *exists = 1; + rc = 0; + goto wsout; + } + + *exists = 0; + } + + fprintf(stderr, " writing %d blocks to %s\n", blocks, cn); + + fd = TEMP_FAILURE_RETRY(open(fn, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, STASH_FILE_MODE)); + + if (fd == -1) { + fprintf(stderr, "failed to create \"%s\": %s\n", fn, strerror(errno)); + goto wsout; + } + + if (write_all(fd, buffer, blocks * BLOCKSIZE) == -1) { + goto wsout; + } + + if (fsync(fd) == -1) { + fprintf(stderr, "fsync \"%s\" failed: %s\n", fn, strerror(errno)); + goto wsout; + } + + if (rename(fn, cn) == -1) { + fprintf(stderr, "rename(\"%s\", \"%s\") failed: %s\n", fn, cn, strerror(errno)); + goto wsout; + } + + rc = 0; + +wsout: + if (fd != -1) { + close(fd); + } + + if (fn) { + free(fn); + } + + if (cn) { + free(cn); + } + + return rc; +} + +// Creates a directory for storing stash files and checks if the /cache partition +// hash enough space for the expected amount of blocks we need to store. Returns +// >0 if we created the directory, zero if it existed already, and <0 of failure. + +static int CreateStash(State* state, int maxblocks, const char* blockdev, char** base) { + char* dirname = NULL; + const uint8_t* digest; + int rc = -1; + int res; + int size = 0; + SHA_CTX ctx; + struct stat st; + + if (blockdev == NULL || base == NULL) { + goto csout; + } + + // Stash directory should be different for each partition to avoid conflicts + // when updating multiple partitions at the same time, so we use the hash of + // the block device name as the base directory + SHA_init(&ctx); + SHA_update(&ctx, blockdev, strlen(blockdev)); + digest = SHA_final(&ctx); + *base = PrintSha1(digest); + + if (*base == NULL) { + goto csout; + } + + dirname = GetStashFileName(*base, NULL, NULL); + + if (dirname == NULL) { + goto csout; + } + + res = stat(dirname, &st); + + if (res == -1 && errno != ENOENT) { + ErrorAbort(state, "stat \"%s\" failed: %s\n", dirname, strerror(errno)); + goto csout; + } else if (res != 0) { + fprintf(stderr, "creating stash %s\n", dirname); + res = mkdir(dirname, STASH_DIRECTORY_MODE); + + if (res != 0) { + ErrorAbort(state, "mkdir \"%s\" failed: %s\n", dirname, strerror(errno)); + goto csout; + } + + if (CacheSizeCheck(maxblocks * BLOCKSIZE) != 0) { + ErrorAbort(state, "not enough space for stash\n"); + goto csout; + } + + rc = 1; // Created directory + goto csout; + } + + fprintf(stderr, "using existing stash %s\n", dirname); + + // If the directory already exists, calculate the space already allocated to + // stash files and check if there's enough for all required blocks. Delete any + // partially completed stash files first. + + EnumerateStash(dirname, DeletePartial, NULL); + EnumerateStash(dirname, UpdateFileSize, &size); + + size = (maxblocks * BLOCKSIZE) - size; + + if (size > 0 && CacheSizeCheck(size) != 0) { + ErrorAbort(state, "not enough space for stash (%d more needed)\n", size); + goto csout; + } + + rc = 0; // Using existing directory + +csout: + if (dirname) { + free(dirname); + } + + return rc; +} + +static int SaveStash(const char* base, char** wordsave, uint8_t** buffer, size_t* buffer_alloc, + int fd, int usehash, int* isunresumable) { + char *id = NULL; + int blocks = 0; + + if (!wordsave || !buffer || !buffer_alloc || !isunresumable) { + return -1; + } + + id = strtok_r(NULL, " ", wordsave); + + if (id == NULL) { + fprintf(stderr, "missing id field in stash command\n"); + return -1; + } + + if (usehash && LoadStash(base, id, 1, &blocks, buffer, buffer_alloc, 0) == 0) { + // Stash file already exists and has expected contents. Do not + // read from source again, as the source may have been already + // overwritten during a previous attempt. + return 0; + } + + if (LoadSrcTgtVersion1(wordsave, NULL, &blocks, buffer, buffer_alloc, fd) == -1) { + return -1; + } + + if (usehash && VerifyBlocks(id, *buffer, blocks, 1) != 0) { + // Source blocks have unexpected contents. If we actually need this + // data later, this is an unrecoverable error. However, the command + // that uses the data may have already completed previously, so the + // possible failure will occur during source block verification. + fprintf(stderr, "failed to load source blocks for stash %s\n", id); + return 0; + } + + fprintf(stderr, "stashing %d blocks to %s\n", blocks, id); + return WriteStash(base, id, blocks, *buffer, 0, NULL); +} + +static int FreeStash(const char* base, const char* id) { + char *fn = NULL; + + if (base == NULL || id == NULL) { + return -1; + } + + fn = GetStashFileName(base, id, NULL); + + if (fn == NULL) { + return -1; + } + + DeleteFile(fn, NULL); + free(fn); + + return 0; +} + +static void MoveRange(uint8_t* dest, RangeSet* locs, const uint8_t* source) { + // source contains packed data, which we want to move to the + // locations given in *locs in the dest buffer. source and dest + // may be the same buffer. + + int start = locs->size; + int i; + for (i = locs->count-1; i >= 0; --i) { + int blocks = locs->pos[i*2+1] - locs->pos[i*2]; + start -= blocks; + memmove(dest + (locs->pos[i*2] * BLOCKSIZE), source + (start * BLOCKSIZE), + blocks * BLOCKSIZE); + } +} + +// Do a source/target load for move/bsdiff/imgdiff in version 2. +// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect +// to parse the remainder of the string as one of: +// +// +// (loads data from source image only) +// +// - <[stash_id:stash_range] ...> +// (loads data from stashes only) +// +// <[stash_id:stash_range] ...> +// (loads data from both source image and stashes) +// +// On return, buffer is filled with the loaded source data (rearranged +// and combined with stashed data as necessary). buffer may be +// reallocated if needed to accommodate the source data. *tgt is the +// target RangeSet. Any stashes required are loaded using LoadStash. + +static int LoadSrcTgtVersion2(char** wordsave, RangeSet** tgt, int* src_blocks, + uint8_t** buffer, size_t* buffer_alloc, int fd, + const char* stashbase, int* overlap) { + char* word; + char* colonsave; + char* colon; + int res; + RangeSet* locs; + size_t stashalloc = 0; + uint8_t* stash = NULL; + + if (tgt != NULL) { + word = strtok_r(NULL, " ", wordsave); + *tgt = parse_range(word); + } + + word = strtok_r(NULL, " ", wordsave); + *src_blocks = strtol(word, NULL, 0); + + allocate(*src_blocks * BLOCKSIZE, buffer, buffer_alloc); + + word = strtok_r(NULL, " ", wordsave); + if (word[0] == '-' && word[1] == '\0') { + // no source ranges, only stashes + } else { + RangeSet* src = parse_range(word); + res = ReadBlocks(src, *buffer, fd); + + if (overlap && tgt) { + *overlap = range_overlaps(src, *tgt); + } + + free(src); + + if (res == -1) { + return -1; + } + + word = strtok_r(NULL, " ", wordsave); + if (word == NULL) { + // no stashes, only source range + return 0; + } + + locs = parse_range(word); + MoveRange(*buffer, locs, *buffer); + free(locs); + } + + while ((word = strtok_r(NULL, " ", wordsave)) != NULL) { + // Each word is a an index into the stash table, a colon, and + // then a rangeset describing where in the source block that + // stashed data should go. + colonsave = NULL; + colon = strtok_r(word, ":", &colonsave); + + res = LoadStash(stashbase, colon, 0, NULL, &stash, &stashalloc, 1); + + if (res == -1) { + // These source blocks will fail verification if used later, but we + // will let the caller decide if this is a fatal failure + fprintf(stderr, "failed to load stash %s\n", colon); + continue; + } + + colon = strtok_r(NULL, ":", &colonsave); + locs = parse_range(colon); + + MoveRange(*buffer, locs, stash); + free(locs); + } + + if (stash) { + free(stash); + } + + return 0; +} + +// Parameters for transfer list command functions +typedef struct { + char* cmdname; + char* cpos; + char* freestash; + char* stashbase; + int canwrite; + int createdstash; + int fd; + int foundwrites; + int isunresumable; + int version; + int written; + NewThreadInfo nti; + pthread_t thread; + size_t bufsize; + uint8_t* buffer; + uint8_t* patch_start; +} CommandParameters; + +// Do a source/target load for move/bsdiff/imgdiff in version 3. +// +// Parameters are the same as for LoadSrcTgtVersion2, except for 'onehash', which +// tells the function whether to expect separate source and targe block hashes, or +// if they are both the same and only one hash should be expected, and +// 'isunresumable', which receives a non-zero value if block verification fails in +// a way that the update cannot be resumed anymore. +// +// If the function is unable to load the necessary blocks or their contents don't +// match the hashes, the return value is -1 and the command should be aborted. +// +// If the return value is 1, the command has already been completed according to +// the contents of the target blocks, and should not be performed again. +// +// If the return value is 0, source blocks have expected content and the command +// can be performed. + +static int LoadSrcTgtVersion3(CommandParameters* params, RangeSet** tgt, int* src_blocks, + int onehash, int* overlap) { + char* srchash = NULL; + char* tgthash = NULL; + int stash_exists = 0; + int rc = -1; + uint8_t* tgtbuffer = NULL; + + if (!params|| !tgt || !src_blocks || !overlap) { + goto v3out; + } + + srchash = strtok_r(NULL, " ", ¶ms->cpos); + + if (srchash == NULL) { + fprintf(stderr, "missing source hash\n"); + goto v3out; + } + + if (onehash) { + tgthash = srchash; + } else { + tgthash = strtok_r(NULL, " ", ¶ms->cpos); + + if (tgthash == NULL) { + fprintf(stderr, "missing target hash\n"); + goto v3out; + } + } + + if (LoadSrcTgtVersion2(¶ms->cpos, tgt, src_blocks, ¶ms->buffer, ¶ms->bufsize, + params->fd, params->stashbase, overlap) == -1) { + goto v3out; + } + + tgtbuffer = (uint8_t*) malloc((*tgt)->size * BLOCKSIZE); + + if (tgtbuffer == NULL) { + fprintf(stderr, "failed to allocate %d bytes\n", (*tgt)->size * BLOCKSIZE); + goto v3out; + } + + if (ReadBlocks(*tgt, tgtbuffer, params->fd) == -1) { + goto v3out; + } + + if (VerifyBlocks(tgthash, tgtbuffer, (*tgt)->size, 0) == 0) { + // Target blocks already have expected content, command should be skipped + rc = 1; + goto v3out; + } + + if (VerifyBlocks(srchash, params->buffer, *src_blocks, 1) == 0) { + // If source and target blocks overlap, stash the source blocks so we can + // resume from possible write errors + if (*overlap) { + fprintf(stderr, "stashing %d overlapping blocks to %s\n", *src_blocks, + srchash); + + if (WriteStash(params->stashbase, srchash, *src_blocks, params->buffer, 1, + &stash_exists) != 0) { + fprintf(stderr, "failed to stash overlapping source blocks\n"); + goto v3out; + } + + // Can be deleted when the write has completed + if (!stash_exists) { + params->freestash = srchash; + } + } + + // Source blocks have expected content, command can proceed + rc = 0; + goto v3out; + } + + if (*overlap && LoadStash(params->stashbase, srchash, 1, NULL, ¶ms->buffer, + ¶ms->bufsize, 1) == 0) { + // Overlapping source blocks were previously stashed, command can proceed. + // We are recovering from an interrupted command, so we don't know if the + // stash can safely be deleted after this command. + rc = 0; + goto v3out; + } + + // Valid source data not available, update cannot be resumed + fprintf(stderr, "partition has unexpected contents\n"); + params->isunresumable = 1; + +v3out: + if (tgtbuffer) { + free(tgtbuffer); + } + + return rc; +} + +static int PerformCommandMove(CommandParameters* params) { + int blocks = 0; + int overlap = 0; + int rc = -1; + int status = 0; + RangeSet* tgt = NULL; + + if (!params) { + goto pcmout; + } + + if (params->version == 1) { + status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, + ¶ms->bufsize, params->fd); + } else if (params->version == 2) { + status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, + ¶ms->bufsize, params->fd, params->stashbase, NULL); + } else if (params->version >= 3) { + status = LoadSrcTgtVersion3(params, &tgt, &blocks, 1, &overlap); + } + + if (status == -1) { + fprintf(stderr, "failed to read blocks for move\n"); + goto pcmout; + } + + if (status == 0) { + params->foundwrites = 1; + } else if (params->foundwrites) { + fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); + } + + if (params->canwrite) { + if (status == 0) { + fprintf(stderr, " moving %d blocks\n", blocks); + + if (WriteBlocks(tgt, params->buffer, params->fd) == -1) { + goto pcmout; + } + } else { + fprintf(stderr, "skipping %d already moved blocks\n", blocks); + } + + } + + if (params->freestash) { + FreeStash(params->stashbase, params->freestash); + params->freestash = NULL; + } + + params->written += tgt->size; + rc = 0; + +pcmout: + if (tgt) { + free(tgt); + } + + return rc; +} + +static int PerformCommandStash(CommandParameters* params) { + if (!params) { + return -1; + } + + return SaveStash(params->stashbase, ¶ms->cpos, ¶ms->buffer, ¶ms->bufsize, + params->fd, (params->version >= 3), ¶ms->isunresumable); +} + +static int PerformCommandFree(CommandParameters* params) { + if (!params) { + return -1; + } + + if (params->createdstash || params->canwrite) { + return FreeStash(params->stashbase, params->cpos); + } + + return 0; +} + +static int PerformCommandZero(CommandParameters* params) { + char* range = NULL; + int i; + int j; + int rc = -1; + RangeSet* tgt = NULL; + + if (!params) { + goto pczout; + } + + range = strtok_r(NULL, " ", ¶ms->cpos); + + if (range == NULL) { + fprintf(stderr, "missing target blocks for zero\n"); + goto pczout; + } + + tgt = parse_range(range); + + fprintf(stderr, " zeroing %d blocks\n", tgt->size); + + allocate(BLOCKSIZE, ¶ms->buffer, ¶ms->bufsize); + memset(params->buffer, 0, BLOCKSIZE); + + if (params->canwrite) { + for (i = 0; i < tgt->count; ++i) { + if (!check_lseek(params->fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + goto pczout; + } + + for (j = tgt->pos[i * 2]; j < tgt->pos[i * 2 + 1]; ++j) { + if (write_all(params->fd, params->buffer, BLOCKSIZE) == -1) { + goto pczout; + } + } + } + } + + if (params->cmdname[0] == 'z') { + // Update only for the zero command, as the erase command will call + // this if DEBUG_ERASE is defined. + params->written += tgt->size; + } + + rc = 0; + +pczout: + if (tgt) { + free(tgt); + } + + return rc; +} + +static int PerformCommandNew(CommandParameters* params) { + char* range = NULL; + int rc = -1; + RangeSet* tgt = NULL; + RangeSinkState rss; + + if (!params) { + goto pcnout; + } + + range = strtok_r(NULL, " ", ¶ms->cpos); + + if (range == NULL) { + goto pcnout; + } + + tgt = parse_range(range); + + if (params->canwrite) { + fprintf(stderr, " writing %d blocks of new data\n", tgt->size); + + rss.fd = params->fd; + rss.tgt = tgt; + rss.p_block = 0; + rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; + + if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { + goto pcnout; + } + + pthread_mutex_lock(¶ms->nti.mu); + params->nti.rss = &rss; + pthread_cond_broadcast(¶ms->nti.cv); + + while (params->nti.rss) { + pthread_cond_wait(¶ms->nti.cv, ¶ms->nti.mu); + } + + pthread_mutex_unlock(¶ms->nti.mu); + } + + params->written += tgt->size; + rc = 0; + +pcnout: + if (tgt) { + free(tgt); + } + + return rc; +} + +static int PerformCommandDiff(CommandParameters* params) { + char* logparams = NULL; + char* value = NULL; + int blocks = 0; + int overlap = 0; + int rc = -1; + int status = 0; + RangeSet* tgt = NULL; + RangeSinkState rss; + size_t len = 0; + size_t offset = 0; + Value patch_value; + + if (!params) { + goto pcdout; + } + + logparams = strdup(params->cpos); + value = strtok_r(NULL, " ", ¶ms->cpos); + + if (value == NULL) { + fprintf(stderr, "missing patch offset for %s\n", params->cmdname); + goto pcdout; + } + + offset = strtoul(value, NULL, 0); + + value = strtok_r(NULL, " ", ¶ms->cpos); + + if (value == NULL) { + fprintf(stderr, "missing patch length for %s\n", params->cmdname); + goto pcdout; + } + + len = strtoul(value, NULL, 0); + + if (params->version == 1) { + status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, + ¶ms->bufsize, params->fd); + } else if (params->version == 2) { + status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, + ¶ms->bufsize, params->fd, params->stashbase, NULL); + } else if (params->version >= 3) { + status = LoadSrcTgtVersion3(params, &tgt, &blocks, 0, &overlap); + } + + if (status == -1) { + fprintf(stderr, "failed to read blocks for diff\n"); + goto pcdout; + } + + if (status == 0) { + params->foundwrites = 1; + } else if (params->foundwrites) { + fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); + } + + if (params->canwrite) { + if (status == 0) { + fprintf(stderr, "patching %d blocks to %d\n", blocks, tgt->size); + + patch_value.type = VAL_BLOB; + patch_value.size = len; + patch_value.data = (char*) (params->patch_start + offset); + + rss.fd = params->fd; + rss.tgt = tgt; + rss.p_block = 0; + rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; + + if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { + goto pcdout; + } + + if (params->cmdname[0] == 'i') { // imgdiff + ApplyImagePatch(params->buffer, blocks * BLOCKSIZE, &patch_value, + &RangeSinkWrite, &rss, NULL, NULL); + } else { + ApplyBSDiffPatch(params->buffer, blocks * BLOCKSIZE, &patch_value, + 0, &RangeSinkWrite, &rss, NULL); + } + + // We expect the output of the patcher to fill the tgt ranges exactly. + if (rss.p_block != tgt->count || rss.p_remain != 0) { + fprintf(stderr, "range sink underrun?\n"); + } + } else { + fprintf(stderr, "skipping %d blocks already patched to %d [%s]\n", + blocks, tgt->size, logparams); + } + } + + if (params->freestash) { + FreeStash(params->stashbase, params->freestash); + params->freestash = NULL; + } + + params->written += tgt->size; + rc = 0; + +pcdout: + if (logparams) { + free(logparams); + } + + if (tgt) { + free(tgt); + } + + return rc; +} + +static int PerformCommandErase(CommandParameters* params) { + char* range = NULL; + int i; + int rc = -1; + RangeSet* tgt = NULL; + struct stat st; + uint64_t blocks[2]; + + if (DEBUG_ERASE) { + return PerformCommandZero(params); + } + + if (!params) { + goto pceout; + } + + if (fstat(params->fd, &st) == -1) { + fprintf(stderr, "failed to fstat device to erase: %s\n", strerror(errno)); + goto pceout; + } + + if (!S_ISBLK(st.st_mode)) { + fprintf(stderr, "not a block device; skipping erase\n"); + goto pceout; + } + + range = strtok_r(NULL, " ", ¶ms->cpos); + + if (range == NULL) { + fprintf(stderr, "missing target blocks for erase\n"); + goto pceout; + } + + tgt = parse_range(range); + + if (params->canwrite) { + fprintf(stderr, " erasing %d blocks\n", tgt->size); + + for (i = 0; i < tgt->count; ++i) { + // offset in bytes + blocks[0] = tgt->pos[i * 2] * (uint64_t) BLOCKSIZE; + // length in bytes + blocks[1] = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * (uint64_t) BLOCKSIZE; + + if (ioctl(params->fd, BLKDISCARD, &blocks) == -1) { + fprintf(stderr, "BLKDISCARD ioctl failed: %s\n", strerror(errno)); + goto pceout; + } + } + } + + rc = 0; + +pceout: + if (tgt) { + free(tgt); + } + + return rc; +} + +// Definitions for transfer list command functions +typedef int (*CommandFunction)(CommandParameters*); + +typedef struct { + const char* name; + CommandFunction f; +} Command; + +// CompareCommands and CompareCommandNames are for the hash table + +static int CompareCommands(const void* c1, const void* c2) { + return strcmp(((const Command*) c1)->name, ((const Command*) c2)->name); +} + +static int CompareCommandNames(const void* c1, const void* c2) { + return strcmp(((const Command*) c1)->name, (const char*) c2); +} + +// HashString is used to hash command names for the hash table + +static unsigned int HashString(const char *s) { + unsigned int hash = 0; + if (s) { + while (*s) { + hash = hash * 33 + *s++; + } + } + return hash; +} + +// args: +// - block device (or file) to modify in-place +// - transfer list (blob) +// - new data stream (filename within package.zip) +// - patch stream (filename within package.zip, must be uncompressed) + +static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, Expr* argv[], + const Command* commands, int cmdcount, int dryrun) { + + char* line = NULL; + char* linesave = NULL; + char* logcmd = NULL; + char* transfer_list = NULL; + CommandParameters params; + const Command* cmd = NULL; + const ZipEntry* new_entry = NULL; + const ZipEntry* patch_entry = NULL; + FILE* cmd_pipe = NULL; + HashTable* cmdht = NULL; + int i; + int res; + int rc = -1; + int stash_max_blocks = 0; + int total_blocks = 0; + pthread_attr_t attr; + unsigned int cmdhash; + UpdaterInfo* ui = NULL; + Value* blockdev_filename = NULL; + Value* new_data_fn = NULL; + Value* patch_data_fn = NULL; + Value* transfer_list_value = NULL; + ZipArchive* za = NULL; + + memset(¶ms, 0, sizeof(params)); + params.canwrite = !dryrun; + + fprintf(stderr, "performing %s\n", dryrun ? "verification" : "update"); + + if (ReadValueArgs(state, argv, 4, &blockdev_filename, &transfer_list_value, + &new_data_fn, &patch_data_fn) < 0) { + goto pbiudone; + } + + if (blockdev_filename->type != VAL_STRING) { + ErrorAbort(state, "blockdev_filename argument to %s must be string", name); + goto pbiudone; + } + if (transfer_list_value->type != VAL_BLOB) { + ErrorAbort(state, "transfer_list argument to %s must be blob", name); + goto pbiudone; + } + if (new_data_fn->type != VAL_STRING) { + ErrorAbort(state, "new_data_fn argument to %s must be string", name); + goto pbiudone; + } + if (patch_data_fn->type != VAL_STRING) { + ErrorAbort(state, "patch_data_fn argument to %s must be string", name); + goto pbiudone; + } + + ui = (UpdaterInfo*) state->cookie; + + if (ui == NULL) { + goto pbiudone; + } + + cmd_pipe = ui->cmd_pipe; + za = ui->package_zip; + + if (cmd_pipe == NULL || za == NULL) { + goto pbiudone; + } + + patch_entry = mzFindZipEntry(za, patch_data_fn->data); + + if (patch_entry == NULL) { + fprintf(stderr, "%s(): no file \"%s\" in package", name, patch_data_fn->data); + goto pbiudone; + } + + params.patch_start = ui->package_zip_addr + mzGetZipEntryOffset(patch_entry); + new_entry = mzFindZipEntry(za, new_data_fn->data); + + if (new_entry == NULL) { + fprintf(stderr, "%s(): no file \"%s\" in package", name, new_data_fn->data); + goto pbiudone; + } + + params.fd = TEMP_FAILURE_RETRY(open(blockdev_filename->data, O_RDWR)); + + if (params.fd == -1) { + fprintf(stderr, "open \"%s\" failed: %s\n", blockdev_filename->data, strerror(errno)); + goto pbiudone; + } + + if (params.canwrite) { + params.nti.za = za; + params.nti.entry = new_entry; + + pthread_mutex_init(¶ms.nti.mu, NULL); + pthread_cond_init(¶ms.nti.cv, NULL); + pthread_attr_init(&attr); + pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); + + int error = pthread_create(¶ms.thread, &attr, unzip_new_data, ¶ms.nti); + if (error != 0) { + fprintf(stderr, "pthread_create failed: %s\n", strerror(error)); + goto pbiudone; + } + } + + // The data in transfer_list_value is not necessarily null-terminated, so we need + // to copy it to a new buffer and add the null that strtok_r will need. + transfer_list = reinterpret_cast(malloc(transfer_list_value->size + 1)); + + if (transfer_list == NULL) { + fprintf(stderr, "failed to allocate %zd bytes for transfer list\n", + transfer_list_value->size + 1); + goto pbiudone; + } + + memcpy(transfer_list, transfer_list_value->data, transfer_list_value->size); + transfer_list[transfer_list_value->size] = '\0'; + + // First line in transfer list is the version number + line = strtok_r(transfer_list, "\n", &linesave); + params.version = strtol(line, NULL, 0); + + if (params.version < 1 || params.version > 3) { + fprintf(stderr, "unexpected transfer list version [%s]\n", line); + goto pbiudone; + } + + fprintf(stderr, "blockimg version is %d\n", params.version); + + // Second line in transfer list is the total number of blocks we expect to write + line = strtok_r(NULL, "\n", &linesave); + total_blocks = strtol(line, NULL, 0); + + if (total_blocks < 0) { + ErrorAbort(state, "unexpected block count [%s]\n", line); + goto pbiudone; + } else if (total_blocks == 0) { + rc = 0; + goto pbiudone; + } + + if (params.version >= 2) { + // Third line is how many stash entries are needed simultaneously + line = strtok_r(NULL, "\n", &linesave); + fprintf(stderr, "maximum stash entries %s\n", line); + + // Fourth line is the maximum number of blocks that will be stashed simultaneously + line = strtok_r(NULL, "\n", &linesave); + stash_max_blocks = strtol(line, NULL, 0); + + if (stash_max_blocks < 0) { + ErrorAbort(state, "unexpected maximum stash blocks [%s]\n", line); + goto pbiudone; + } + + if (stash_max_blocks >= 0) { + res = CreateStash(state, stash_max_blocks, blockdev_filename->data, + ¶ms.stashbase); + + if (res == -1) { + goto pbiudone; + } + + params.createdstash = res; + } + } + + // Build a hash table of the available commands + cmdht = mzHashTableCreate(cmdcount, NULL); + + for (i = 0; i < cmdcount; ++i) { + cmdhash = HashString(commands[i].name); + mzHashTableLookup(cmdht, cmdhash, (void*) &commands[i], CompareCommands, true); + } + + // Subsequent lines are all individual transfer commands + for (line = strtok_r(NULL, "\n", &linesave); line; + line = strtok_r(NULL, "\n", &linesave)) { + + logcmd = strdup(line); + params.cmdname = strtok_r(line, " ", ¶ms.cpos); + + if (params.cmdname == NULL) { + fprintf(stderr, "missing command [%s]\n", line); + goto pbiudone; + } + + cmdhash = HashString(params.cmdname); + cmd = (const Command*) mzHashTableLookup(cmdht, cmdhash, params.cmdname, + CompareCommandNames, false); + + if (cmd == NULL) { + fprintf(stderr, "unexpected command [%s]\n", params.cmdname); + goto pbiudone; + } + + if (cmd->f != NULL && cmd->f(¶ms) == -1) { + fprintf(stderr, "failed to execute command [%s]\n", + logcmd ? logcmd : params.cmdname); + goto pbiudone; + } + + if (logcmd) { + free(logcmd); + logcmd = NULL; + } + + if (params.canwrite) { + fprintf(cmd_pipe, "set_progress %.4f\n", (double) params.written / total_blocks); + fflush(cmd_pipe); + } + } + + if (params.canwrite) { + pthread_join(params.thread, NULL); + + fprintf(stderr, "wrote %d blocks; expected %d\n", params.written, total_blocks); + fprintf(stderr, "max alloc needed was %zu\n", params.bufsize); + + // Delete stash only after successfully completing the update, as it + // may contain blocks needed to complete the update later. + DeleteStash(params.stashbase); + } else { + fprintf(stderr, "verified partition contents; update may be resumed\n"); + } + + rc = 0; + +pbiudone: + if (params.fd != -1) { + if (fsync(params.fd) == -1) { + fprintf(stderr, "fsync failed: %s\n", strerror(errno)); + } + close(params.fd); + } + + if (logcmd) { + free(logcmd); + } + + if (cmdht) { + mzHashTableFree(cmdht); + } + + if (params.buffer) { + free(params.buffer); + } + + if (transfer_list) { + free(transfer_list); + } + + if (blockdev_filename) { + FreeValue(blockdev_filename); + } + + if (transfer_list_value) { + FreeValue(transfer_list_value); + } + + if (new_data_fn) { + FreeValue(new_data_fn); + } + + if (patch_data_fn) { + FreeValue(patch_data_fn); + } + + // Only delete the stash if the update cannot be resumed, or it's + // a verification run and we created the stash. + if (params.isunresumable || (!params.canwrite && params.createdstash)) { + DeleteStash(params.stashbase); + } + + if (params.stashbase) { + free(params.stashbase); + } + + return StringValue(rc == 0 ? strdup("t") : strdup("")); +} + +// The transfer list is a text file containing commands to +// transfer data from one place to another on the target +// partition. We parse it and execute the commands in order: +// +// zero [rangeset] +// - fill the indicated blocks with zeros +// +// new [rangeset] +// - fill the blocks with data read from the new_data file +// +// erase [rangeset] +// - mark the given blocks as empty +// +// move <...> +// bsdiff <...> +// imgdiff <...> +// - read the source blocks, apply a patch (or not in the +// case of move), write result to target blocks. bsdiff or +// imgdiff specifies the type of patch; move means no patch +// at all. +// +// The format of <...> differs between versions 1 and 2; +// see the LoadSrcTgtVersion{1,2}() functions for a +// description of what's expected. +// +// stash +// - (version 2+ only) load the given source range and stash +// the data in the given slot of the stash table. +// +// The creator of the transfer list will guarantee that no block +// is read (ie, used as the source for a patch or move) after it +// has been written. +// +// In version 2, the creator will guarantee that a given stash is +// loaded (with a stash command) before it's used in a +// move/bsdiff/imgdiff command. +// +// Within one command the source and target ranges may overlap so +// in general we need to read the entire source into memory before +// writing anything to the target blocks. +// +// All the patch data is concatenated into one patch_data file in +// the update package. It must be stored uncompressed because we +// memory-map it in directly from the archive. (Since patches are +// already compressed, we lose very little by not compressing +// their concatenation.) +// +// In version 3, commands that read data from the partition (i.e. +// move/bsdiff/imgdiff/stash) have one or more additional hashes +// before the range parameters, which are used to check if the +// command has already been completed and verify the integrity of +// the source data. + +Value* BlockImageVerifyFn(const char* name, State* state, int argc, Expr* argv[]) { + // Commands which are not tested are set to NULL to skip them completely + const Command commands[] = { + { "bsdiff", PerformCommandDiff }, + { "erase", NULL }, + { "free", PerformCommandFree }, + { "imgdiff", PerformCommandDiff }, + { "move", PerformCommandMove }, + { "new", NULL }, + { "stash", PerformCommandStash }, + { "zero", NULL } + }; + + // Perform a dry run without writing to test if an update can proceed + return PerformBlockImageUpdate(name, state, argc, argv, commands, + sizeof(commands) / sizeof(commands[0]), 1); +} + +Value* BlockImageUpdateFn(const char* name, State* state, int argc, Expr* argv[]) { + const Command commands[] = { + { "bsdiff", PerformCommandDiff }, + { "erase", PerformCommandErase }, + { "free", PerformCommandFree }, + { "imgdiff", PerformCommandDiff }, + { "move", PerformCommandMove }, + { "new", PerformCommandNew }, + { "stash", PerformCommandStash }, + { "zero", PerformCommandZero } + }; + + return PerformBlockImageUpdate(name, state, argc, argv, commands, + sizeof(commands) / sizeof(commands[0]), 0); +} + +Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { + Value* blockdev_filename; + Value* ranges; + const uint8_t* digest = NULL; + if (ReadValueArgs(state, argv, 2, &blockdev_filename, &ranges) < 0) { + return NULL; + } + + if (blockdev_filename->type != VAL_STRING) { + ErrorAbort(state, "blockdev_filename argument to %s must be string", name); + goto done; + } + if (ranges->type != VAL_STRING) { + ErrorAbort(state, "ranges argument to %s must be string", name); + goto done; + } + + int fd; + fd = open(blockdev_filename->data, O_RDWR); + if (fd < 0) { + ErrorAbort(state, "open \"%s\" failed: %s", blockdev_filename->data, strerror(errno)); + goto done; + } + + RangeSet* rs; + rs = parse_range(ranges->data); + uint8_t buffer[BLOCKSIZE]; + + SHA_CTX ctx; + SHA_init(&ctx); + + int i, j; + for (i = 0; i < rs->count; ++i) { + if (!check_lseek(fd, (off64_t)rs->pos[i*2] * BLOCKSIZE, SEEK_SET)) { + ErrorAbort(state, "failed to seek %s: %s", blockdev_filename->data, + strerror(errno)); + goto done; + } + + for (j = rs->pos[i*2]; j < rs->pos[i*2+1]; ++j) { + if (read_all(fd, buffer, BLOCKSIZE) == -1) { + ErrorAbort(state, "failed to read %s: %s", blockdev_filename->data, + strerror(errno)); + goto done; + } + + SHA_update(&ctx, buffer, BLOCKSIZE); + } + } + digest = SHA_final(&ctx); + close(fd); + + done: + FreeValue(blockdev_filename); + FreeValue(ranges); + if (digest == NULL) { + return StringValue(strdup("")); + } else { + return StringValue(PrintSha1(digest)); + } +} + +void RegisterBlockImageFunctions() { + RegisterFunction("block_image_verify", BlockImageVerifyFn); + RegisterFunction("block_image_update", BlockImageUpdateFn); + RegisterFunction("range_sha1", RangeSha1Fn); +} diff --git a/updater/install.c b/updater/install.c deleted file mode 100644 index 4a0e064c3..000000000 --- a/updater/install.c +++ /dev/null @@ -1,1630 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "bootloader.h" -#include "applypatch/applypatch.h" -#include "cutils/android_reboot.h" -#include "cutils/misc.h" -#include "cutils/properties.h" -#include "edify/expr.h" -#include "mincrypt/sha.h" -#include "minzip/DirUtil.h" -#include "mtdutils/mounts.h" -#include "mtdutils/mtdutils.h" -#include "updater.h" -#include "install.h" -#include "tune2fs.h" - -#ifdef USE_EXT4 -#include "make_ext4fs.h" -#include "wipe.h" -#endif - -void uiPrint(State* state, char* buffer) { - char* line = strtok(buffer, "\n"); - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - while (line) { - fprintf(ui->cmd_pipe, "ui_print %s\n", line); - line = strtok(NULL, "\n"); - } - fprintf(ui->cmd_pipe, "ui_print\n"); - - // The recovery will only print the contents to screen for pipe command - // ui_print. We need to dump the contents to stderr (which has been - // redirected to the log file) directly. - fprintf(stderr, "%s", buffer); -} - -__attribute__((__format__(printf, 2, 3))) __nonnull((2)) -void uiPrintf(State* state, const char* format, ...) { - char error_msg[1024]; - va_list ap; - va_start(ap, format); - vsnprintf(error_msg, sizeof(error_msg), format, ap); - va_end(ap); - uiPrint(state, error_msg); -} - -// Take a sha-1 digest and return it as a newly-allocated hex string. -char* PrintSha1(const uint8_t* digest) { - char* buffer = malloc(SHA_DIGEST_SIZE*2 + 1); - int i; - const char* alphabet = "0123456789abcdef"; - for (i = 0; i < SHA_DIGEST_SIZE; ++i) { - buffer[i*2] = alphabet[(digest[i] >> 4) & 0xf]; - buffer[i*2+1] = alphabet[digest[i] & 0xf]; - } - buffer[i*2] = '\0'; - return buffer; -} - -// mount(fs_type, partition_type, location, mount_point) -// -// fs_type="yaffs2" partition_type="MTD" location=partition -// fs_type="ext4" partition_type="EMMC" location=device -Value* MountFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 4 && argc != 5) { - return ErrorAbort(state, "%s() expects 4-5 args, got %d", name, argc); - } - char* fs_type; - char* partition_type; - char* location; - char* mount_point; - char* mount_options; - bool has_mount_options; - if (argc == 5) { - has_mount_options = true; - if (ReadArgs(state, argv, 5, &fs_type, &partition_type, - &location, &mount_point, &mount_options) < 0) { - return NULL; - } - } else { - has_mount_options = false; - if (ReadArgs(state, argv, 4, &fs_type, &partition_type, - &location, &mount_point) < 0) { - return NULL; - } - } - - if (strlen(fs_type) == 0) { - ErrorAbort(state, "fs_type argument to %s() can't be empty", name); - goto done; - } - if (strlen(partition_type) == 0) { - ErrorAbort(state, "partition_type argument to %s() can't be empty", - name); - goto done; - } - if (strlen(location) == 0) { - ErrorAbort(state, "location argument to %s() can't be empty", name); - goto done; - } - if (strlen(mount_point) == 0) { - ErrorAbort(state, "mount_point argument to %s() can't be empty", name); - goto done; - } - - char *secontext = NULL; - - if (sehandle) { - selabel_lookup(sehandle, &secontext, mount_point, 0755); - setfscreatecon(secontext); - } - - mkdir(mount_point, 0755); - - if (secontext) { - freecon(secontext); - setfscreatecon(NULL); - } - - if (strcmp(partition_type, "MTD") == 0) { - mtd_scan_partitions(); - const MtdPartition* mtd; - mtd = mtd_find_partition_by_name(location); - if (mtd == NULL) { - uiPrintf(state, "%s: no mtd partition named \"%s\"", - name, location); - result = strdup(""); - goto done; - } - if (mtd_mount_partition(mtd, mount_point, fs_type, 0 /* rw */) != 0) { - uiPrintf(state, "mtd mount of %s failed: %s\n", - location, strerror(errno)); - result = strdup(""); - goto done; - } - result = mount_point; - } else { - if (mount(location, mount_point, fs_type, - MS_NOATIME | MS_NODEV | MS_NODIRATIME, - has_mount_options ? mount_options : "") < 0) { - uiPrintf(state, "%s: failed to mount %s at %s: %s\n", - name, location, mount_point, strerror(errno)); - result = strdup(""); - } else { - result = mount_point; - } - } - -done: - free(fs_type); - free(partition_type); - free(location); - if (result != mount_point) free(mount_point); - if (has_mount_options) free(mount_options); - return StringValue(result); -} - - -// is_mounted(mount_point) -Value* IsMountedFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* mount_point; - if (ReadArgs(state, argv, 1, &mount_point) < 0) { - return NULL; - } - if (strlen(mount_point) == 0) { - ErrorAbort(state, "mount_point argument to unmount() can't be empty"); - goto done; - } - - scan_mounted_volumes(); - const MountedVolume* vol = find_mounted_volume_by_mount_point(mount_point); - if (vol == NULL) { - result = strdup(""); - } else { - result = mount_point; - } - -done: - if (result != mount_point) free(mount_point); - return StringValue(result); -} - - -Value* UnmountFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* mount_point; - if (ReadArgs(state, argv, 1, &mount_point) < 0) { - return NULL; - } - if (strlen(mount_point) == 0) { - ErrorAbort(state, "mount_point argument to unmount() can't be empty"); - goto done; - } - - scan_mounted_volumes(); - const MountedVolume* vol = find_mounted_volume_by_mount_point(mount_point); - if (vol == NULL) { - uiPrintf(state, "unmount of %s failed; no such volume\n", mount_point); - result = strdup(""); - } else { - int ret = unmount_mounted_volume(vol); - if (ret != 0) { - uiPrintf(state, "unmount of %s failed (%d): %s\n", - mount_point, ret, strerror(errno)); - } - result = mount_point; - } - -done: - if (result != mount_point) free(mount_point); - return StringValue(result); -} - -static int exec_cmd(const char* path, char* const argv[]) { - int status; - pid_t child; - if ((child = vfork()) == 0) { - execv(path, argv); - _exit(-1); - } - waitpid(child, &status, 0); - if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { - printf("%s failed with status %d\n", path, WEXITSTATUS(status)); - } - return WEXITSTATUS(status); -} - - -// format(fs_type, partition_type, location, fs_size, mount_point) -// -// fs_type="yaffs2" partition_type="MTD" location=partition fs_size= mount_point= -// fs_type="ext4" partition_type="EMMC" location=device fs_size= mount_point= -// fs_type="f2fs" partition_type="EMMC" location=device fs_size= mount_point= -// if fs_size == 0, then make fs uses the entire partition. -// if fs_size > 0, that is the size to use -// if fs_size < 0, then reserve that many bytes at the end of the partition (not for "f2fs") -Value* FormatFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 5) { - return ErrorAbort(state, "%s() expects 5 args, got %d", name, argc); - } - char* fs_type; - char* partition_type; - char* location; - char* fs_size; - char* mount_point; - - if (ReadArgs(state, argv, 5, &fs_type, &partition_type, &location, &fs_size, &mount_point) < 0) { - return NULL; - } - - if (strlen(fs_type) == 0) { - ErrorAbort(state, "fs_type argument to %s() can't be empty", name); - goto done; - } - if (strlen(partition_type) == 0) { - ErrorAbort(state, "partition_type argument to %s() can't be empty", - name); - goto done; - } - if (strlen(location) == 0) { - ErrorAbort(state, "location argument to %s() can't be empty", name); - goto done; - } - - if (strlen(mount_point) == 0) { - ErrorAbort(state, "mount_point argument to %s() can't be empty", name); - goto done; - } - - if (strcmp(partition_type, "MTD") == 0) { - mtd_scan_partitions(); - const MtdPartition* mtd = mtd_find_partition_by_name(location); - if (mtd == NULL) { - printf("%s: no mtd partition named \"%s\"", - name, location); - result = strdup(""); - goto done; - } - MtdWriteContext* ctx = mtd_write_partition(mtd); - if (ctx == NULL) { - printf("%s: can't write \"%s\"", name, location); - result = strdup(""); - goto done; - } - if (mtd_erase_blocks(ctx, -1) == -1) { - mtd_write_close(ctx); - printf("%s: failed to erase \"%s\"", name, location); - result = strdup(""); - goto done; - } - if (mtd_write_close(ctx) != 0) { - printf("%s: failed to close \"%s\"", name, location); - result = strdup(""); - goto done; - } - result = location; -#ifdef USE_EXT4 - } else if (strcmp(fs_type, "ext4") == 0) { - int status = make_ext4fs(location, atoll(fs_size), mount_point, sehandle); - if (status != 0) { - printf("%s: make_ext4fs failed (%d) on %s", - name, status, location); - result = strdup(""); - goto done; - } - result = location; - } else if (strcmp(fs_type, "f2fs") == 0) { - char *num_sectors; - if (asprintf(&num_sectors, "%lld", atoll(fs_size) / 512) <= 0) { - printf("format_volume: failed to create %s command for %s\n", fs_type, location); - result = strdup(""); - goto done; - } - const char *f2fs_path = "/sbin/mkfs.f2fs"; - const char* const f2fs_argv[] = {"mkfs.f2fs", "-t", "-d1", location, num_sectors, NULL}; - int status = exec_cmd(f2fs_path, (char* const*)f2fs_argv); - free(num_sectors); - if (status != 0) { - printf("%s: mkfs.f2fs failed (%d) on %s", - name, status, location); - result = strdup(""); - goto done; - } - result = location; -#endif - } else { - printf("%s: unsupported fs_type \"%s\" partition_type \"%s\"", - name, fs_type, partition_type); - } - -done: - free(fs_type); - free(partition_type); - if (result != location) free(location); - return StringValue(result); -} - -Value* RenameFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - - char* src_name; - char* dst_name; - - if (ReadArgs(state, argv, 2, &src_name, &dst_name) < 0) { - return NULL; - } - if (strlen(src_name) == 0) { - ErrorAbort(state, "src_name argument to %s() can't be empty", name); - goto done; - } - if (strlen(dst_name) == 0) { - ErrorAbort(state, "dst_name argument to %s() can't be empty", name); - goto done; - } - if (make_parents(dst_name) != 0) { - ErrorAbort(state, "Creating parent of %s failed, error %s", - dst_name, strerror(errno)); - } else if (access(dst_name, F_OK) == 0 && access(src_name, F_OK) != 0) { - // File was already moved - result = dst_name; - } else if (rename(src_name, dst_name) != 0) { - ErrorAbort(state, "Rename of %s to %s failed, error %s", - src_name, dst_name, strerror(errno)); - } else { - result = dst_name; - } - -done: - free(src_name); - if (result != dst_name) free(dst_name); - return StringValue(result); -} - -Value* DeleteFn(const char* name, State* state, int argc, Expr* argv[]) { - char** paths = malloc(argc * sizeof(char*)); - int i; - for (i = 0; i < argc; ++i) { - paths[i] = Evaluate(state, argv[i]); - if (paths[i] == NULL) { - int j; - for (j = 0; j < i; ++i) { - free(paths[j]); - } - free(paths); - return NULL; - } - } - - bool recursive = (strcmp(name, "delete_recursive") == 0); - - int success = 0; - for (i = 0; i < argc; ++i) { - if ((recursive ? dirUnlinkHierarchy(paths[i]) : unlink(paths[i])) == 0) - ++success; - free(paths[i]); - } - free(paths); - - char buffer[10]; - sprintf(buffer, "%d", success); - return StringValue(strdup(buffer)); -} - - -Value* ShowProgressFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - char* frac_str; - char* sec_str; - if (ReadArgs(state, argv, 2, &frac_str, &sec_str) < 0) { - return NULL; - } - - double frac = strtod(frac_str, NULL); - int sec = strtol(sec_str, NULL, 10); - - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - fprintf(ui->cmd_pipe, "progress %f %d\n", frac, sec); - - free(sec_str); - return StringValue(frac_str); -} - -Value* SetProgressFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* frac_str; - if (ReadArgs(state, argv, 1, &frac_str) < 0) { - return NULL; - } - - double frac = strtod(frac_str, NULL); - - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - fprintf(ui->cmd_pipe, "set_progress %f\n", frac); - - return StringValue(frac_str); -} - -// package_extract_dir(package_path, destination_path) -Value* PackageExtractDirFn(const char* name, State* state, - int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - char* zip_path; - char* dest_path; - if (ReadArgs(state, argv, 2, &zip_path, &dest_path) < 0) return NULL; - - ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; - - // To create a consistent system image, never use the clock for timestamps. - struct utimbuf timestamp = { 1217592000, 1217592000 }; // 8/1/2008 default - - bool success = mzExtractRecursive(za, zip_path, dest_path, - ×tamp, - NULL, NULL, sehandle); - free(zip_path); - free(dest_path); - return StringValue(strdup(success ? "t" : "")); -} - - -// package_extract_file(package_path, destination_path) -// or -// package_extract_file(package_path) -// to return the entire contents of the file as the result of this -// function (the char* returned is actually a FileContents*). -Value* PackageExtractFileFn(const char* name, State* state, - int argc, Expr* argv[]) { - if (argc < 1 || argc > 2) { - return ErrorAbort(state, "%s() expects 1 or 2 args, got %d", - name, argc); - } - bool success = false; - - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - - if (argc == 2) { - // The two-argument version extracts to a file. - - ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; - - char* zip_path; - char* dest_path; - if (ReadArgs(state, argv, 2, &zip_path, &dest_path) < 0) return NULL; - - const ZipEntry* entry = mzFindZipEntry(za, zip_path); - if (entry == NULL) { - printf("%s: no %s in package\n", name, zip_path); - goto done2; - } - - FILE* f = fopen(dest_path, "wb"); - if (f == NULL) { - printf("%s: can't open %s for write: %s\n", - name, dest_path, strerror(errno)); - goto done2; - } - success = mzExtractZipEntryToFile(za, entry, fileno(f)); - fclose(f); - - done2: - free(zip_path); - free(dest_path); - return StringValue(strdup(success ? "t" : "")); - } else { - // The one-argument version returns the contents of the file - // as the result. - - char* zip_path; - Value* v = malloc(sizeof(Value)); - v->type = VAL_BLOB; - v->size = -1; - v->data = NULL; - - if (ReadArgs(state, argv, 1, &zip_path) < 0) return NULL; - - ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; - const ZipEntry* entry = mzFindZipEntry(za, zip_path); - if (entry == NULL) { - printf("%s: no %s in package\n", name, zip_path); - goto done1; - } - - v->size = mzGetZipEntryUncompLen(entry); - v->data = malloc(v->size); - if (v->data == NULL) { - printf("%s: failed to allocate %ld bytes for %s\n", - name, (long)v->size, zip_path); - goto done1; - } - - success = mzExtractZipEntryToBuffer(za, entry, - (unsigned char *)v->data); - - done1: - free(zip_path); - if (!success) { - free(v->data); - v->data = NULL; - v->size = -1; - } - return v; - } -} - -// Create all parent directories of name, if necessary. -static int make_parents(char* name) { - char* p; - for (p = name + (strlen(name)-1); p > name; --p) { - if (*p != '/') continue; - *p = '\0'; - if (make_parents(name) < 0) return -1; - int result = mkdir(name, 0700); - if (result == 0) printf("created [%s]\n", name); - *p = '/'; - if (result == 0 || errno == EEXIST) { - // successfully created or already existed; we're done - return 0; - } else { - printf("failed to mkdir %s: %s\n", name, strerror(errno)); - return -1; - } - } - return 0; -} - -// symlink target src1 src2 ... -// unlinks any previously existing src1, src2, etc before creating symlinks. -Value* SymlinkFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc == 0) { - return ErrorAbort(state, "%s() expects 1+ args, got %d", name, argc); - } - char* target; - target = Evaluate(state, argv[0]); - if (target == NULL) return NULL; - - char** srcs = ReadVarArgs(state, argc-1, argv+1); - if (srcs == NULL) { - free(target); - return NULL; - } - - int bad = 0; - int i; - for (i = 0; i < argc-1; ++i) { - if (unlink(srcs[i]) < 0) { - if (errno != ENOENT) { - printf("%s: failed to remove %s: %s\n", - name, srcs[i], strerror(errno)); - ++bad; - } - } - if (make_parents(srcs[i])) { - printf("%s: failed to symlink %s to %s: making parents failed\n", - name, srcs[i], target); - ++bad; - } - if (symlink(target, srcs[i]) < 0) { - printf("%s: failed to symlink %s to %s: %s\n", - name, srcs[i], target, strerror(errno)); - ++bad; - } - free(srcs[i]); - } - free(srcs); - if (bad) { - return ErrorAbort(state, "%s: some symlinks failed", name); - } - return StringValue(strdup("")); -} - -struct perm_parsed_args { - bool has_uid; - uid_t uid; - bool has_gid; - gid_t gid; - bool has_mode; - mode_t mode; - bool has_fmode; - mode_t fmode; - bool has_dmode; - mode_t dmode; - bool has_selabel; - char* selabel; - bool has_capabilities; - uint64_t capabilities; -}; - -static struct perm_parsed_args ParsePermArgs(State * state, int argc, char** args) { - int i; - struct perm_parsed_args parsed; - int bad = 0; - static int max_warnings = 20; - - memset(&parsed, 0, sizeof(parsed)); - - for (i = 1; i < argc; i += 2) { - if (strcmp("uid", args[i]) == 0) { - int64_t uid; - if (sscanf(args[i+1], "%" SCNd64, &uid) == 1) { - parsed.uid = uid; - parsed.has_uid = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid UID \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("gid", args[i]) == 0) { - int64_t gid; - if (sscanf(args[i+1], "%" SCNd64, &gid) == 1) { - parsed.gid = gid; - parsed.has_gid = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid GID \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("mode", args[i]) == 0) { - int32_t mode; - if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { - parsed.mode = mode; - parsed.has_mode = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid mode \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("dmode", args[i]) == 0) { - int32_t mode; - if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { - parsed.dmode = mode; - parsed.has_dmode = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid dmode \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("fmode", args[i]) == 0) { - int32_t mode; - if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { - parsed.fmode = mode; - parsed.has_fmode = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid fmode \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("capabilities", args[i]) == 0) { - int64_t capabilities; - if (sscanf(args[i+1], "%" SCNi64, &capabilities) == 1) { - parsed.capabilities = capabilities; - parsed.has_capabilities = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid capabilities \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("selabel", args[i]) == 0) { - if (args[i+1][0] != '\0') { - parsed.selabel = args[i+1]; - parsed.has_selabel = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid selabel \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (max_warnings != 0) { - printf("ParsedPermArgs: unknown key \"%s\", ignoring\n", args[i]); - max_warnings--; - if (max_warnings == 0) { - printf("ParsedPermArgs: suppressing further warnings\n"); - } - } - } - return parsed; -} - -static int ApplyParsedPerms( - State * state, - const char* filename, - const struct stat *statptr, - struct perm_parsed_args parsed) -{ - int bad = 0; - - if (parsed.has_selabel) { - if (lsetfilecon(filename, parsed.selabel) != 0) { - uiPrintf(state, "ApplyParsedPerms: lsetfilecon of %s to %s failed: %s\n", - filename, parsed.selabel, strerror(errno)); - bad++; - } - } - - /* ignore symlinks */ - if (S_ISLNK(statptr->st_mode)) { - return bad; - } - - if (parsed.has_uid) { - if (chown(filename, parsed.uid, -1) < 0) { - uiPrintf(state, "ApplyParsedPerms: chown of %s to %d failed: %s\n", - filename, parsed.uid, strerror(errno)); - bad++; - } - } - - if (parsed.has_gid) { - if (chown(filename, -1, parsed.gid) < 0) { - uiPrintf(state, "ApplyParsedPerms: chgrp of %s to %d failed: %s\n", - filename, parsed.gid, strerror(errno)); - bad++; - } - } - - if (parsed.has_mode) { - if (chmod(filename, parsed.mode) < 0) { - uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", - filename, parsed.mode, strerror(errno)); - bad++; - } - } - - if (parsed.has_dmode && S_ISDIR(statptr->st_mode)) { - if (chmod(filename, parsed.dmode) < 0) { - uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", - filename, parsed.dmode, strerror(errno)); - bad++; - } - } - - if (parsed.has_fmode && S_ISREG(statptr->st_mode)) { - if (chmod(filename, parsed.fmode) < 0) { - uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", - filename, parsed.fmode, strerror(errno)); - bad++; - } - } - - if (parsed.has_capabilities && S_ISREG(statptr->st_mode)) { - if (parsed.capabilities == 0) { - if ((removexattr(filename, XATTR_NAME_CAPS) == -1) && (errno != ENODATA)) { - // Report failure unless it's ENODATA (attribute not set) - uiPrintf(state, "ApplyParsedPerms: removexattr of %s to %" PRIx64 " failed: %s\n", - filename, parsed.capabilities, strerror(errno)); - bad++; - } - } else { - struct vfs_cap_data cap_data; - memset(&cap_data, 0, sizeof(cap_data)); - cap_data.magic_etc = VFS_CAP_REVISION | VFS_CAP_FLAGS_EFFECTIVE; - cap_data.data[0].permitted = (uint32_t) (parsed.capabilities & 0xffffffff); - cap_data.data[0].inheritable = 0; - cap_data.data[1].permitted = (uint32_t) (parsed.capabilities >> 32); - cap_data.data[1].inheritable = 0; - if (setxattr(filename, XATTR_NAME_CAPS, &cap_data, sizeof(cap_data), 0) < 0) { - uiPrintf(state, "ApplyParsedPerms: setcap of %s to %" PRIx64 " failed: %s\n", - filename, parsed.capabilities, strerror(errno)); - bad++; - } - } - } - - return bad; -} - -// nftw doesn't allow us to pass along context, so we need to use -// global variables. *sigh* -static struct perm_parsed_args recursive_parsed_args; -static State* recursive_state; - -static int do_SetMetadataRecursive(const char* filename, const struct stat *statptr, - int fileflags, struct FTW *pfwt) { - return ApplyParsedPerms(recursive_state, filename, statptr, recursive_parsed_args); -} - -static Value* SetMetadataFn(const char* name, State* state, int argc, Expr* argv[]) { - int i; - int bad = 0; - static int nwarnings = 0; - struct stat sb; - Value* result = NULL; - - bool recursive = (strcmp(name, "set_metadata_recursive") == 0); - - if ((argc % 2) != 1) { - return ErrorAbort(state, "%s() expects an odd number of arguments, got %d", - name, argc); - } - - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) return NULL; - - if (lstat(args[0], &sb) == -1) { - result = ErrorAbort(state, "%s: Error on lstat of \"%s\": %s", name, args[0], strerror(errno)); - goto done; - } - - struct perm_parsed_args parsed = ParsePermArgs(state, argc, args); - - if (recursive) { - recursive_parsed_args = parsed; - recursive_state = state; - bad += nftw(args[0], do_SetMetadataRecursive, 30, FTW_CHDIR | FTW_DEPTH | FTW_PHYS); - memset(&recursive_parsed_args, 0, sizeof(recursive_parsed_args)); - recursive_state = NULL; - } else { - bad += ApplyParsedPerms(state, args[0], &sb, parsed); - } - -done: - for (i = 0; i < argc; ++i) { - free(args[i]); - } - free(args); - - if (result != NULL) { - return result; - } - - if (bad > 0) { - return ErrorAbort(state, "%s: some changes failed", name); - } - - return StringValue(strdup("")); -} - -Value* GetPropFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* key; - key = Evaluate(state, argv[0]); - if (key == NULL) return NULL; - - char value[PROPERTY_VALUE_MAX]; - property_get(key, value, ""); - free(key); - - return StringValue(strdup(value)); -} - - -// file_getprop(file, key) -// -// interprets 'file' as a getprop-style file (key=value pairs, one -// per line. # comment lines,blank lines, lines without '=' ignored), -// and returns the value for 'key' (or "" if it isn't defined). -Value* FileGetPropFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - char* buffer = NULL; - char* filename; - char* key; - if (ReadArgs(state, argv, 2, &filename, &key) < 0) { - return NULL; - } - - struct stat st; - if (stat(filename, &st) < 0) { - ErrorAbort(state, "%s: failed to stat \"%s\": %s", - name, filename, strerror(errno)); - goto done; - } - -#define MAX_FILE_GETPROP_SIZE 65536 - - if (st.st_size > MAX_FILE_GETPROP_SIZE) { - ErrorAbort(state, "%s too large for %s (max %d)", - filename, name, MAX_FILE_GETPROP_SIZE); - goto done; - } - - buffer = malloc(st.st_size+1); - if (buffer == NULL) { - ErrorAbort(state, "%s: failed to alloc %lld bytes", name, (long long)st.st_size+1); - goto done; - } - - FILE* f = fopen(filename, "rb"); - if (f == NULL) { - ErrorAbort(state, "%s: failed to open %s: %s", - name, filename, strerror(errno)); - goto done; - } - - if (fread(buffer, 1, st.st_size, f) != st.st_size) { - ErrorAbort(state, "%s: failed to read %lld bytes from %s", - name, (long long)st.st_size+1, filename); - fclose(f); - goto done; - } - buffer[st.st_size] = '\0'; - - fclose(f); - - char* line = strtok(buffer, "\n"); - do { - // skip whitespace at start of line - while (*line && isspace(*line)) ++line; - - // comment or blank line: skip to next line - if (*line == '\0' || *line == '#') continue; - - char* equal = strchr(line, '='); - if (equal == NULL) { - continue; - } - - // trim whitespace between key and '=' - char* key_end = equal-1; - while (key_end > line && isspace(*key_end)) --key_end; - key_end[1] = '\0'; - - // not the key we're looking for - if (strcmp(key, line) != 0) continue; - - // skip whitespace after the '=' to the start of the value - char* val_start = equal+1; - while(*val_start && isspace(*val_start)) ++val_start; - - // trim trailing whitespace - char* val_end = val_start + strlen(val_start)-1; - while (val_end > val_start && isspace(*val_end)) --val_end; - val_end[1] = '\0'; - - result = strdup(val_start); - break; - - } while ((line = strtok(NULL, "\n"))); - - if (result == NULL) result = strdup(""); - - done: - free(filename); - free(key); - free(buffer); - return StringValue(result); -} - - -static bool write_raw_image_cb(const unsigned char* data, - int data_len, void* ctx) { - int r = mtd_write_data((MtdWriteContext*)ctx, (const char *)data, data_len); - if (r == data_len) return true; - printf("%s\n", strerror(errno)); - return false; -} - -// write_raw_image(filename_or_blob, partition) -Value* WriteRawImageFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - - Value* partition_value; - Value* contents; - if (ReadValueArgs(state, argv, 2, &contents, &partition_value) < 0) { - return NULL; - } - - char* partition = NULL; - if (partition_value->type != VAL_STRING) { - ErrorAbort(state, "partition argument to %s must be string", name); - goto done; - } - partition = partition_value->data; - if (strlen(partition) == 0) { - ErrorAbort(state, "partition argument to %s can't be empty", name); - goto done; - } - if (contents->type == VAL_STRING && strlen((char*) contents->data) == 0) { - ErrorAbort(state, "file argument to %s can't be empty", name); - goto done; - } - - mtd_scan_partitions(); - const MtdPartition* mtd = mtd_find_partition_by_name(partition); - if (mtd == NULL) { - printf("%s: no mtd partition named \"%s\"\n", name, partition); - result = strdup(""); - goto done; - } - - MtdWriteContext* ctx = mtd_write_partition(mtd); - if (ctx == NULL) { - printf("%s: can't write mtd partition \"%s\"\n", - name, partition); - result = strdup(""); - goto done; - } - - bool success; - - if (contents->type == VAL_STRING) { - // we're given a filename as the contents - char* filename = contents->data; - FILE* f = fopen(filename, "rb"); - if (f == NULL) { - printf("%s: can't open %s: %s\n", - name, filename, strerror(errno)); - result = strdup(""); - goto done; - } - - success = true; - char* buffer = malloc(BUFSIZ); - int read; - while (success && (read = fread(buffer, 1, BUFSIZ, f)) > 0) { - int wrote = mtd_write_data(ctx, buffer, read); - success = success && (wrote == read); - } - free(buffer); - fclose(f); - } else { - // we're given a blob as the contents - ssize_t wrote = mtd_write_data(ctx, contents->data, contents->size); - success = (wrote == contents->size); - } - if (!success) { - printf("mtd_write_data to %s failed: %s\n", - partition, strerror(errno)); - } - - if (mtd_erase_blocks(ctx, -1) == -1) { - printf("%s: error erasing blocks of %s\n", name, partition); - } - if (mtd_write_close(ctx) != 0) { - printf("%s: error closing write of %s\n", name, partition); - } - - printf("%s %s partition\n", - success ? "wrote" : "failed to write", partition); - - result = success ? partition : strdup(""); - -done: - if (result != partition) FreeValue(partition_value); - FreeValue(contents); - return StringValue(result); -} - -// apply_patch_space(bytes) -Value* ApplyPatchSpaceFn(const char* name, State* state, - int argc, Expr* argv[]) { - char* bytes_str; - if (ReadArgs(state, argv, 1, &bytes_str) < 0) { - return NULL; - } - - char* endptr; - size_t bytes = strtol(bytes_str, &endptr, 10); - if (bytes == 0 && endptr == bytes_str) { - ErrorAbort(state, "%s(): can't parse \"%s\" as byte count\n\n", - name, bytes_str); - free(bytes_str); - return NULL; - } - - return StringValue(strdup(CacheSizeCheck(bytes) ? "" : "t")); -} - -// apply_patch(file, size, init_sha1, tgt_sha1, patch) - -Value* ApplyPatchFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc < 6 || (argc % 2) == 1) { - return ErrorAbort(state, "%s(): expected at least 6 args and an " - "even number, got %d", - name, argc); - } - - char* source_filename; - char* target_filename; - char* target_sha1; - char* target_size_str; - if (ReadArgs(state, argv, 4, &source_filename, &target_filename, - &target_sha1, &target_size_str) < 0) { - return NULL; - } - - char* endptr; - size_t target_size = strtol(target_size_str, &endptr, 10); - if (target_size == 0 && endptr == target_size_str) { - ErrorAbort(state, "%s(): can't parse \"%s\" as byte count", - name, target_size_str); - free(source_filename); - free(target_filename); - free(target_sha1); - free(target_size_str); - return NULL; - } - - int patchcount = (argc-4) / 2; - Value** patches = ReadValueVarArgs(state, argc-4, argv+4); - - int i; - for (i = 0; i < patchcount; ++i) { - if (patches[i*2]->type != VAL_STRING) { - ErrorAbort(state, "%s(): sha-1 #%d is not string", name, i); - break; - } - if (patches[i*2+1]->type != VAL_BLOB) { - ErrorAbort(state, "%s(): patch #%d is not blob", name, i); - break; - } - } - if (i != patchcount) { - for (i = 0; i < patchcount*2; ++i) { - FreeValue(patches[i]); - } - free(patches); - return NULL; - } - - char** patch_sha_str = malloc(patchcount * sizeof(char*)); - for (i = 0; i < patchcount; ++i) { - patch_sha_str[i] = patches[i*2]->data; - patches[i*2]->data = NULL; - FreeValue(patches[i*2]); - patches[i] = patches[i*2+1]; - } - - int result = applypatch(source_filename, target_filename, - target_sha1, target_size, - patchcount, patch_sha_str, patches, NULL); - - for (i = 0; i < patchcount; ++i) { - FreeValue(patches[i]); - } - free(patch_sha_str); - free(patches); - - return StringValue(strdup(result == 0 ? "t" : "")); -} - -// apply_patch_check(file, [sha1_1, ...]) -Value* ApplyPatchCheckFn(const char* name, State* state, - int argc, Expr* argv[]) { - if (argc < 1) { - return ErrorAbort(state, "%s(): expected at least 1 arg, got %d", - name, argc); - } - - char* filename; - if (ReadArgs(state, argv, 1, &filename) < 0) { - return NULL; - } - - int patchcount = argc-1; - char** sha1s = ReadVarArgs(state, argc-1, argv+1); - - int result = applypatch_check(filename, patchcount, sha1s); - - int i; - for (i = 0; i < patchcount; ++i) { - free(sha1s[i]); - } - free(sha1s); - - return StringValue(strdup(result == 0 ? "t" : "")); -} - -Value* UIPrintFn(const char* name, State* state, int argc, Expr* argv[]) { - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) { - return NULL; - } - - int size = 0; - int i; - for (i = 0; i < argc; ++i) { - size += strlen(args[i]); - } - char* buffer = malloc(size+1); - size = 0; - for (i = 0; i < argc; ++i) { - strcpy(buffer+size, args[i]); - size += strlen(args[i]); - free(args[i]); - } - free(args); - buffer[size] = '\0'; - uiPrint(state, buffer); - return StringValue(buffer); -} - -Value* WipeCacheFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 0) { - return ErrorAbort(state, "%s() expects no args, got %d", name, argc); - } - fprintf(((UpdaterInfo*)(state->cookie))->cmd_pipe, "wipe_cache\n"); - return StringValue(strdup("t")); -} - -Value* RunProgramFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc < 1) { - return ErrorAbort(state, "%s() expects at least 1 arg", name); - } - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) { - return NULL; - } - - char** args2 = malloc(sizeof(char*) * (argc+1)); - memcpy(args2, args, sizeof(char*) * argc); - args2[argc] = NULL; - - printf("about to run program [%s] with %d args\n", args2[0], argc); - - pid_t child = fork(); - if (child == 0) { - execv(args2[0], args2); - printf("run_program: execv failed: %s\n", strerror(errno)); - _exit(1); - } - int status; - waitpid(child, &status, 0); - if (WIFEXITED(status)) { - if (WEXITSTATUS(status) != 0) { - printf("run_program: child exited with status %d\n", - WEXITSTATUS(status)); - } - } else if (WIFSIGNALED(status)) { - printf("run_program: child terminated by signal %d\n", - WTERMSIG(status)); - } - - int i; - for (i = 0; i < argc; ++i) { - free(args[i]); - } - free(args); - free(args2); - - char buffer[20]; - sprintf(buffer, "%d", status); - - return StringValue(strdup(buffer)); -} - -// sha1_check(data) -// to return the sha1 of the data (given in the format returned by -// read_file). -// -// sha1_check(data, sha1_hex, [sha1_hex, ...]) -// returns the sha1 of the file if it matches any of the hex -// strings passed, or "" if it does not equal any of them. -// -Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc < 1) { - return ErrorAbort(state, "%s() expects at least 1 arg", name); - } - - Value** args = ReadValueVarArgs(state, argc, argv); - if (args == NULL) { - return NULL; - } - - if (args[0]->size < 0) { - return StringValue(strdup("")); - } - uint8_t digest[SHA_DIGEST_SIZE]; - SHA_hash(args[0]->data, args[0]->size, digest); - FreeValue(args[0]); - - if (argc == 1) { - return StringValue(PrintSha1(digest)); - } - - int i; - uint8_t* arg_digest = malloc(SHA_DIGEST_SIZE); - for (i = 1; i < argc; ++i) { - if (args[i]->type != VAL_STRING) { - printf("%s(): arg %d is not a string; skipping", - name, i); - } else if (ParseSha1(args[i]->data, arg_digest) != 0) { - // Warn about bad args and skip them. - printf("%s(): error parsing \"%s\" as sha-1; skipping", - name, args[i]->data); - } else if (memcmp(digest, arg_digest, SHA_DIGEST_SIZE) == 0) { - break; - } - FreeValue(args[i]); - } - if (i >= argc) { - // Didn't match any of the hex strings; return false. - return StringValue(strdup("")); - } - // Found a match; free all the remaining arguments and return the - // matched one. - int j; - for (j = i+1; j < argc; ++j) { - FreeValue(args[j]); - } - return args[i]; -} - -// Read a local file and return its contents (the Value* returned -// is actually a FileContents*). -Value* ReadFileFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* filename; - if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; - - Value* v = malloc(sizeof(Value)); - v->type = VAL_BLOB; - - FileContents fc; - if (LoadFileContents(filename, &fc) != 0) { - free(filename); - v->size = -1; - v->data = NULL; - free(fc.data); - return v; - } - - v->size = fc.size; - v->data = (char*)fc.data; - - free(filename); - return v; -} - -// Immediately reboot the device. Recovery is not finished normally, -// so if you reboot into recovery it will re-start applying the -// current package (because nothing has cleared the copy of the -// arguments stored in the BCB). -// -// The argument is the partition name passed to the android reboot -// property. It can be "recovery" to boot from the recovery -// partition, or "" (empty string) to boot from the regular boot -// partition. -Value* RebootNowFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - - char* filename; - char* property; - if (ReadArgs(state, argv, 2, &filename, &property) < 0) return NULL; - - char buffer[80]; - - // zero out the 'command' field of the bootloader message. - memset(buffer, 0, sizeof(((struct bootloader_message*)0)->command)); - FILE* f = fopen(filename, "r+b"); - fseek(f, offsetof(struct bootloader_message, command), SEEK_SET); - fwrite(buffer, sizeof(((struct bootloader_message*)0)->command), 1, f); - fclose(f); - free(filename); - - strcpy(buffer, "reboot,"); - if (property != NULL) { - strncat(buffer, property, sizeof(buffer)-10); - } - - property_set(ANDROID_RB_PROPERTY, buffer); - - sleep(5); - free(property); - ErrorAbort(state, "%s() failed to reboot", name); - return NULL; -} - -// Store a string value somewhere that future invocations of recovery -// can access it. This value is called the "stage" and can be used to -// drive packages that need to do reboots in the middle of -// installation and keep track of where they are in the multi-stage -// install. -// -// The first argument is the block device for the misc partition -// ("/misc" in the fstab), which is where this value is stored. The -// second argument is the string to store; it should not exceed 31 -// bytes. -Value* SetStageFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - - char* filename; - char* stagestr; - if (ReadArgs(state, argv, 2, &filename, &stagestr) < 0) return NULL; - - // Store this value in the misc partition, immediately after the - // bootloader message that the main recovery uses to save its - // arguments in case of the device restarting midway through - // package installation. - FILE* f = fopen(filename, "r+b"); - fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); - int to_write = strlen(stagestr)+1; - int max_size = sizeof(((struct bootloader_message*)0)->stage); - if (to_write > max_size) { - to_write = max_size; - stagestr[max_size-1] = 0; - } - fwrite(stagestr, to_write, 1, f); - fclose(f); - - free(stagestr); - return StringValue(filename); -} - -// Return the value most recently saved with SetStageFn. The argument -// is the block device for the misc partition. -Value* GetStageFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - - char* filename; - if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; - - char buffer[sizeof(((struct bootloader_message*)0)->stage)]; - FILE* f = fopen(filename, "rb"); - fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); - fread(buffer, sizeof(buffer), 1, f); - fclose(f); - buffer[sizeof(buffer)-1] = '\0'; - - return StringValue(strdup(buffer)); -} - -Value* WipeBlockDeviceFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - - char* filename; - char* len_str; - if (ReadArgs(state, argv, 2, &filename, &len_str) < 0) return NULL; - - size_t len = strtoull(len_str, NULL, 0); - int fd = open(filename, O_WRONLY, 0644); - int success = wipe_block_device(fd, len); - - free(filename); - free(len_str); - - close(fd); - - return StringValue(strdup(success ? "t" : "")); -} - -Value* EnableRebootFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 0) { - return ErrorAbort(state, "%s() expects no args, got %d", name, argc); - } - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - fprintf(ui->cmd_pipe, "enable_reboot\n"); - return StringValue(strdup("t")); -} - -Value* Tune2FsFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc == 0) { - return ErrorAbort(state, "%s() expects args, got %d", name, argc); - } - - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) { - return ErrorAbort(state, "%s() could not read args", name); - } - - int i; - char** args2 = malloc(sizeof(char*) * (argc+1)); - // Tune2fs expects the program name as its args[0] - args2[0] = strdup(name); - for (i = 0; i < argc; ++i) { - args2[i + 1] = args[i]; - } - int result = tune2fs_main(argc + 1, args2); - for (i = 0; i < argc; ++i) { - free(args[i]); - } - free(args); - - free(args2[0]); - free(args2); - if (result != 0) { - return ErrorAbort(state, "%s() returned error code %d", name, result); - } - return StringValue(strdup("t")); -} - -void RegisterInstallFunctions() { - RegisterFunction("mount", MountFn); - RegisterFunction("is_mounted", IsMountedFn); - RegisterFunction("unmount", UnmountFn); - RegisterFunction("format", FormatFn); - RegisterFunction("show_progress", ShowProgressFn); - RegisterFunction("set_progress", SetProgressFn); - RegisterFunction("delete", DeleteFn); - RegisterFunction("delete_recursive", DeleteFn); - RegisterFunction("package_extract_dir", PackageExtractDirFn); - RegisterFunction("package_extract_file", PackageExtractFileFn); - RegisterFunction("symlink", SymlinkFn); - - // Usage: - // set_metadata("filename", "key1", "value1", "key2", "value2", ...) - // Example: - // set_metadata("/system/bin/netcfg", "uid", 0, "gid", 3003, "mode", 02750, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); - RegisterFunction("set_metadata", SetMetadataFn); - - // Usage: - // set_metadata_recursive("dirname", "key1", "value1", "key2", "value2", ...) - // Example: - // set_metadata_recursive("/system", "uid", 0, "gid", 0, "fmode", 0644, "dmode", 0755, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); - RegisterFunction("set_metadata_recursive", SetMetadataFn); - - RegisterFunction("getprop", GetPropFn); - RegisterFunction("file_getprop", FileGetPropFn); - RegisterFunction("write_raw_image", WriteRawImageFn); - - RegisterFunction("apply_patch", ApplyPatchFn); - RegisterFunction("apply_patch_check", ApplyPatchCheckFn); - RegisterFunction("apply_patch_space", ApplyPatchSpaceFn); - - RegisterFunction("wipe_block_device", WipeBlockDeviceFn); - - RegisterFunction("read_file", ReadFileFn); - RegisterFunction("sha1_check", Sha1CheckFn); - RegisterFunction("rename", RenameFn); - - RegisterFunction("wipe_cache", WipeCacheFn); - - RegisterFunction("ui_print", UIPrintFn); - - RegisterFunction("run_program", RunProgramFn); - - RegisterFunction("reboot_now", RebootNowFn); - RegisterFunction("get_stage", GetStageFn); - RegisterFunction("set_stage", SetStageFn); - - RegisterFunction("enable_reboot", EnableRebootFn); - RegisterFunction("tune2fs", Tune2FsFn); -} diff --git a/updater/install.cpp b/updater/install.cpp new file mode 100644 index 000000000..422a1bb1e --- /dev/null +++ b/updater/install.cpp @@ -0,0 +1,1622 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "bootloader.h" +#include "applypatch/applypatch.h" +#include "cutils/android_reboot.h" +#include "cutils/misc.h" +#include "cutils/properties.h" +#include "edify/expr.h" +#include "mincrypt/sha.h" +#include "minzip/DirUtil.h" +#include "mtdutils/mounts.h" +#include "mtdutils/mtdutils.h" +#include "updater.h" +#include "install.h" +#include "tune2fs.h" + +#ifdef USE_EXT4 +#include "make_ext4fs.h" +#include "wipe.h" +#endif + +void uiPrint(State* state, char* buffer) { + char* line = strtok(buffer, "\n"); + UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); + while (line) { + fprintf(ui->cmd_pipe, "ui_print %s\n", line); + line = strtok(NULL, "\n"); + } + fprintf(ui->cmd_pipe, "ui_print\n"); + + // The recovery will only print the contents to screen for pipe command + // ui_print. We need to dump the contents to stderr (which has been + // redirected to the log file) directly. + fprintf(stderr, "%s", buffer); +} + +__attribute__((__format__(printf, 2, 3))) __nonnull((2)) +void uiPrintf(State* state, const char* format, ...) { + char error_msg[1024]; + va_list ap; + va_start(ap, format); + vsnprintf(error_msg, sizeof(error_msg), format, ap); + va_end(ap); + uiPrint(state, error_msg); +} + +// Take a sha-1 digest and return it as a newly-allocated hex string. +char* PrintSha1(const uint8_t* digest) { + char* buffer = reinterpret_cast(malloc(SHA_DIGEST_SIZE*2 + 1)); + const char* alphabet = "0123456789abcdef"; + size_t i; + for (i = 0; i < SHA_DIGEST_SIZE; ++i) { + buffer[i*2] = alphabet[(digest[i] >> 4) & 0xf]; + buffer[i*2+1] = alphabet[digest[i] & 0xf]; + } + buffer[i*2] = '\0'; + return buffer; +} + +// mount(fs_type, partition_type, location, mount_point) +// +// fs_type="yaffs2" partition_type="MTD" location=partition +// fs_type="ext4" partition_type="EMMC" location=device +Value* MountFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 4 && argc != 5) { + return ErrorAbort(state, "%s() expects 4-5 args, got %d", name, argc); + } + char* fs_type; + char* partition_type; + char* location; + char* mount_point; + char* mount_options; + bool has_mount_options; + if (argc == 5) { + has_mount_options = true; + if (ReadArgs(state, argv, 5, &fs_type, &partition_type, + &location, &mount_point, &mount_options) < 0) { + return NULL; + } + } else { + has_mount_options = false; + if (ReadArgs(state, argv, 4, &fs_type, &partition_type, + &location, &mount_point) < 0) { + return NULL; + } + } + + if (strlen(fs_type) == 0) { + ErrorAbort(state, "fs_type argument to %s() can't be empty", name); + goto done; + } + if (strlen(partition_type) == 0) { + ErrorAbort(state, "partition_type argument to %s() can't be empty", + name); + goto done; + } + if (strlen(location) == 0) { + ErrorAbort(state, "location argument to %s() can't be empty", name); + goto done; + } + if (strlen(mount_point) == 0) { + ErrorAbort(state, "mount_point argument to %s() can't be empty", name); + goto done; + } + + { + char *secontext = NULL; + + if (sehandle) { + selabel_lookup(sehandle, &secontext, mount_point, 0755); + setfscreatecon(secontext); + } + + mkdir(mount_point, 0755); + + if (secontext) { + freecon(secontext); + setfscreatecon(NULL); + } + } + + if (strcmp(partition_type, "MTD") == 0) { + mtd_scan_partitions(); + const MtdPartition* mtd; + mtd = mtd_find_partition_by_name(location); + if (mtd == NULL) { + uiPrintf(state, "%s: no mtd partition named \"%s\"", + name, location); + result = strdup(""); + goto done; + } + if (mtd_mount_partition(mtd, mount_point, fs_type, 0 /* rw */) != 0) { + uiPrintf(state, "mtd mount of %s failed: %s\n", + location, strerror(errno)); + result = strdup(""); + goto done; + } + result = mount_point; + } else { + if (mount(location, mount_point, fs_type, + MS_NOATIME | MS_NODEV | MS_NODIRATIME, + has_mount_options ? mount_options : "") < 0) { + uiPrintf(state, "%s: failed to mount %s at %s: %s\n", + name, location, mount_point, strerror(errno)); + result = strdup(""); + } else { + result = mount_point; + } + } + +done: + free(fs_type); + free(partition_type); + free(location); + if (result != mount_point) free(mount_point); + if (has_mount_options) free(mount_options); + return StringValue(result); +} + + +// is_mounted(mount_point) +Value* IsMountedFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* mount_point; + if (ReadArgs(state, argv, 1, &mount_point) < 0) { + return NULL; + } + if (strlen(mount_point) == 0) { + ErrorAbort(state, "mount_point argument to unmount() can't be empty"); + goto done; + } + + scan_mounted_volumes(); + { + const MountedVolume* vol = find_mounted_volume_by_mount_point(mount_point); + if (vol == NULL) { + result = strdup(""); + } else { + result = mount_point; + } + } + +done: + if (result != mount_point) free(mount_point); + return StringValue(result); +} + + +Value* UnmountFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* mount_point; + if (ReadArgs(state, argv, 1, &mount_point) < 0) { + return NULL; + } + if (strlen(mount_point) == 0) { + ErrorAbort(state, "mount_point argument to unmount() can't be empty"); + goto done; + } + + scan_mounted_volumes(); + { + const MountedVolume* vol = find_mounted_volume_by_mount_point(mount_point); + if (vol == NULL) { + uiPrintf(state, "unmount of %s failed; no such volume\n", mount_point); + result = strdup(""); + } else { + int ret = unmount_mounted_volume(vol); + if (ret != 0) { + uiPrintf(state, "unmount of %s failed (%d): %s\n", + mount_point, ret, strerror(errno)); + } + result = mount_point; + } + } + +done: + if (result != mount_point) free(mount_point); + return StringValue(result); +} + +static int exec_cmd(const char* path, char* const argv[]) { + int status; + pid_t child; + if ((child = vfork()) == 0) { + execv(path, argv); + _exit(-1); + } + waitpid(child, &status, 0); + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { + printf("%s failed with status %d\n", path, WEXITSTATUS(status)); + } + return WEXITSTATUS(status); +} + + +// format(fs_type, partition_type, location, fs_size, mount_point) +// +// fs_type="yaffs2" partition_type="MTD" location=partition fs_size= mount_point= +// fs_type="ext4" partition_type="EMMC" location=device fs_size= mount_point= +// fs_type="f2fs" partition_type="EMMC" location=device fs_size= mount_point= +// if fs_size == 0, then make fs uses the entire partition. +// if fs_size > 0, that is the size to use +// if fs_size < 0, then reserve that many bytes at the end of the partition (not for "f2fs") +Value* FormatFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 5) { + return ErrorAbort(state, "%s() expects 5 args, got %d", name, argc); + } + char* fs_type; + char* partition_type; + char* location; + char* fs_size; + char* mount_point; + + if (ReadArgs(state, argv, 5, &fs_type, &partition_type, &location, &fs_size, &mount_point) < 0) { + return NULL; + } + + if (strlen(fs_type) == 0) { + ErrorAbort(state, "fs_type argument to %s() can't be empty", name); + goto done; + } + if (strlen(partition_type) == 0) { + ErrorAbort(state, "partition_type argument to %s() can't be empty", + name); + goto done; + } + if (strlen(location) == 0) { + ErrorAbort(state, "location argument to %s() can't be empty", name); + goto done; + } + + if (strlen(mount_point) == 0) { + ErrorAbort(state, "mount_point argument to %s() can't be empty", name); + goto done; + } + + if (strcmp(partition_type, "MTD") == 0) { + mtd_scan_partitions(); + const MtdPartition* mtd = mtd_find_partition_by_name(location); + if (mtd == NULL) { + printf("%s: no mtd partition named \"%s\"", + name, location); + result = strdup(""); + goto done; + } + MtdWriteContext* ctx = mtd_write_partition(mtd); + if (ctx == NULL) { + printf("%s: can't write \"%s\"", name, location); + result = strdup(""); + goto done; + } + if (mtd_erase_blocks(ctx, -1) == -1) { + mtd_write_close(ctx); + printf("%s: failed to erase \"%s\"", name, location); + result = strdup(""); + goto done; + } + if (mtd_write_close(ctx) != 0) { + printf("%s: failed to close \"%s\"", name, location); + result = strdup(""); + goto done; + } + result = location; +#ifdef USE_EXT4 + } else if (strcmp(fs_type, "ext4") == 0) { + int status = make_ext4fs(location, atoll(fs_size), mount_point, sehandle); + if (status != 0) { + printf("%s: make_ext4fs failed (%d) on %s", + name, status, location); + result = strdup(""); + goto done; + } + result = location; + } else if (strcmp(fs_type, "f2fs") == 0) { + char *num_sectors; + if (asprintf(&num_sectors, "%lld", atoll(fs_size) / 512) <= 0) { + printf("format_volume: failed to create %s command for %s\n", fs_type, location); + result = strdup(""); + goto done; + } + const char *f2fs_path = "/sbin/mkfs.f2fs"; + const char* const f2fs_argv[] = {"mkfs.f2fs", "-t", "-d1", location, num_sectors, NULL}; + int status = exec_cmd(f2fs_path, (char* const*)f2fs_argv); + free(num_sectors); + if (status != 0) { + printf("%s: mkfs.f2fs failed (%d) on %s", + name, status, location); + result = strdup(""); + goto done; + } + result = location; +#endif + } else { + printf("%s: unsupported fs_type \"%s\" partition_type \"%s\"", + name, fs_type, partition_type); + } + +done: + free(fs_type); + free(partition_type); + if (result != location) free(location); + return StringValue(result); +} + +Value* RenameFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + + char* src_name; + char* dst_name; + + if (ReadArgs(state, argv, 2, &src_name, &dst_name) < 0) { + return NULL; + } + if (strlen(src_name) == 0) { + ErrorAbort(state, "src_name argument to %s() can't be empty", name); + goto done; + } + if (strlen(dst_name) == 0) { + ErrorAbort(state, "dst_name argument to %s() can't be empty", name); + goto done; + } + if (make_parents(dst_name) != 0) { + ErrorAbort(state, "Creating parent of %s failed, error %s", + dst_name, strerror(errno)); + } else if (access(dst_name, F_OK) == 0 && access(src_name, F_OK) != 0) { + // File was already moved + result = dst_name; + } else if (rename(src_name, dst_name) != 0) { + ErrorAbort(state, "Rename of %s to %s failed, error %s", + src_name, dst_name, strerror(errno)); + } else { + result = dst_name; + } + +done: + free(src_name); + if (result != dst_name) free(dst_name); + return StringValue(result); +} + +Value* DeleteFn(const char* name, State* state, int argc, Expr* argv[]) { + char** paths = reinterpret_cast(malloc(argc * sizeof(char*))); + for (int i = 0; i < argc; ++i) { + paths[i] = Evaluate(state, argv[i]); + if (paths[i] == NULL) { + int j; + for (j = 0; j < i; ++i) { + free(paths[j]); + } + free(paths); + return NULL; + } + } + + bool recursive = (strcmp(name, "delete_recursive") == 0); + + int success = 0; + for (int i = 0; i < argc; ++i) { + if ((recursive ? dirUnlinkHierarchy(paths[i]) : unlink(paths[i])) == 0) + ++success; + free(paths[i]); + } + free(paths); + + char buffer[10]; + sprintf(buffer, "%d", success); + return StringValue(strdup(buffer)); +} + + +Value* ShowProgressFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + char* frac_str; + char* sec_str; + if (ReadArgs(state, argv, 2, &frac_str, &sec_str) < 0) { + return NULL; + } + + double frac = strtod(frac_str, NULL); + int sec = strtol(sec_str, NULL, 10); + + UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); + fprintf(ui->cmd_pipe, "progress %f %d\n", frac, sec); + + free(sec_str); + return StringValue(frac_str); +} + +Value* SetProgressFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* frac_str; + if (ReadArgs(state, argv, 1, &frac_str) < 0) { + return NULL; + } + + double frac = strtod(frac_str, NULL); + + UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); + fprintf(ui->cmd_pipe, "set_progress %f\n", frac); + + return StringValue(frac_str); +} + +// package_extract_dir(package_path, destination_path) +Value* PackageExtractDirFn(const char* name, State* state, + int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + char* zip_path; + char* dest_path; + if (ReadArgs(state, argv, 2, &zip_path, &dest_path) < 0) return NULL; + + ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; + + // To create a consistent system image, never use the clock for timestamps. + struct utimbuf timestamp = { 1217592000, 1217592000 }; // 8/1/2008 default + + bool success = mzExtractRecursive(za, zip_path, dest_path, + ×tamp, + NULL, NULL, sehandle); + free(zip_path); + free(dest_path); + return StringValue(strdup(success ? "t" : "")); +} + + +// package_extract_file(package_path, destination_path) +// or +// package_extract_file(package_path) +// to return the entire contents of the file as the result of this +// function (the char* returned is actually a FileContents*). +Value* PackageExtractFileFn(const char* name, State* state, + int argc, Expr* argv[]) { + if (argc < 1 || argc > 2) { + return ErrorAbort(state, "%s() expects 1 or 2 args, got %d", + name, argc); + } + bool success = false; + + if (argc == 2) { + // The two-argument version extracts to a file. + + ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; + + char* zip_path; + char* dest_path; + if (ReadArgs(state, argv, 2, &zip_path, &dest_path) < 0) return NULL; + + const ZipEntry* entry = mzFindZipEntry(za, zip_path); + if (entry == NULL) { + printf("%s: no %s in package\n", name, zip_path); + goto done2; + } + + { + FILE* f = fopen(dest_path, "wb"); + if (f == NULL) { + printf("%s: can't open %s for write: %s\n", + name, dest_path, strerror(errno)); + goto done2; + } + success = mzExtractZipEntryToFile(za, entry, fileno(f)); + fclose(f); + } + + done2: + free(zip_path); + free(dest_path); + return StringValue(strdup(success ? "t" : "")); + } else { + // The one-argument version returns the contents of the file + // as the result. + + char* zip_path; + Value* v = reinterpret_cast(malloc(sizeof(Value))); + v->type = VAL_BLOB; + v->size = -1; + v->data = NULL; + + if (ReadArgs(state, argv, 1, &zip_path) < 0) return NULL; + + ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; + const ZipEntry* entry = mzFindZipEntry(za, zip_path); + if (entry == NULL) { + printf("%s: no %s in package\n", name, zip_path); + goto done1; + } + + v->size = mzGetZipEntryUncompLen(entry); + v->data = reinterpret_cast(malloc(v->size)); + if (v->data == NULL) { + printf("%s: failed to allocate %ld bytes for %s\n", + name, (long)v->size, zip_path); + goto done1; + } + + success = mzExtractZipEntryToBuffer(za, entry, + (unsigned char *)v->data); + + done1: + free(zip_path); + if (!success) { + free(v->data); + v->data = NULL; + v->size = -1; + } + return v; + } +} + +// Create all parent directories of name, if necessary. +static int make_parents(char* name) { + char* p; + for (p = name + (strlen(name)-1); p > name; --p) { + if (*p != '/') continue; + *p = '\0'; + if (make_parents(name) < 0) return -1; + int result = mkdir(name, 0700); + if (result == 0) printf("created [%s]\n", name); + *p = '/'; + if (result == 0 || errno == EEXIST) { + // successfully created or already existed; we're done + return 0; + } else { + printf("failed to mkdir %s: %s\n", name, strerror(errno)); + return -1; + } + } + return 0; +} + +// symlink target src1 src2 ... +// unlinks any previously existing src1, src2, etc before creating symlinks. +Value* SymlinkFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc == 0) { + return ErrorAbort(state, "%s() expects 1+ args, got %d", name, argc); + } + char* target; + target = Evaluate(state, argv[0]); + if (target == NULL) return NULL; + + char** srcs = ReadVarArgs(state, argc-1, argv+1); + if (srcs == NULL) { + free(target); + return NULL; + } + + int bad = 0; + int i; + for (i = 0; i < argc-1; ++i) { + if (unlink(srcs[i]) < 0) { + if (errno != ENOENT) { + printf("%s: failed to remove %s: %s\n", + name, srcs[i], strerror(errno)); + ++bad; + } + } + if (make_parents(srcs[i])) { + printf("%s: failed to symlink %s to %s: making parents failed\n", + name, srcs[i], target); + ++bad; + } + if (symlink(target, srcs[i]) < 0) { + printf("%s: failed to symlink %s to %s: %s\n", + name, srcs[i], target, strerror(errno)); + ++bad; + } + free(srcs[i]); + } + free(srcs); + if (bad) { + return ErrorAbort(state, "%s: some symlinks failed", name); + } + return StringValue(strdup("")); +} + +struct perm_parsed_args { + bool has_uid; + uid_t uid; + bool has_gid; + gid_t gid; + bool has_mode; + mode_t mode; + bool has_fmode; + mode_t fmode; + bool has_dmode; + mode_t dmode; + bool has_selabel; + char* selabel; + bool has_capabilities; + uint64_t capabilities; +}; + +static struct perm_parsed_args ParsePermArgs(State * state, int argc, char** args) { + int i; + struct perm_parsed_args parsed; + int bad = 0; + static int max_warnings = 20; + + memset(&parsed, 0, sizeof(parsed)); + + for (i = 1; i < argc; i += 2) { + if (strcmp("uid", args[i]) == 0) { + int64_t uid; + if (sscanf(args[i+1], "%" SCNd64, &uid) == 1) { + parsed.uid = uid; + parsed.has_uid = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid UID \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("gid", args[i]) == 0) { + int64_t gid; + if (sscanf(args[i+1], "%" SCNd64, &gid) == 1) { + parsed.gid = gid; + parsed.has_gid = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid GID \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("mode", args[i]) == 0) { + int32_t mode; + if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { + parsed.mode = mode; + parsed.has_mode = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid mode \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("dmode", args[i]) == 0) { + int32_t mode; + if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { + parsed.dmode = mode; + parsed.has_dmode = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid dmode \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("fmode", args[i]) == 0) { + int32_t mode; + if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { + parsed.fmode = mode; + parsed.has_fmode = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid fmode \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("capabilities", args[i]) == 0) { + int64_t capabilities; + if (sscanf(args[i+1], "%" SCNi64, &capabilities) == 1) { + parsed.capabilities = capabilities; + parsed.has_capabilities = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid capabilities \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("selabel", args[i]) == 0) { + if (args[i+1][0] != '\0') { + parsed.selabel = args[i+1]; + parsed.has_selabel = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid selabel \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (max_warnings != 0) { + printf("ParsedPermArgs: unknown key \"%s\", ignoring\n", args[i]); + max_warnings--; + if (max_warnings == 0) { + printf("ParsedPermArgs: suppressing further warnings\n"); + } + } + } + return parsed; +} + +static int ApplyParsedPerms( + State * state, + const char* filename, + const struct stat *statptr, + struct perm_parsed_args parsed) +{ + int bad = 0; + + if (parsed.has_selabel) { + if (lsetfilecon(filename, parsed.selabel) != 0) { + uiPrintf(state, "ApplyParsedPerms: lsetfilecon of %s to %s failed: %s\n", + filename, parsed.selabel, strerror(errno)); + bad++; + } + } + + /* ignore symlinks */ + if (S_ISLNK(statptr->st_mode)) { + return bad; + } + + if (parsed.has_uid) { + if (chown(filename, parsed.uid, -1) < 0) { + uiPrintf(state, "ApplyParsedPerms: chown of %s to %d failed: %s\n", + filename, parsed.uid, strerror(errno)); + bad++; + } + } + + if (parsed.has_gid) { + if (chown(filename, -1, parsed.gid) < 0) { + uiPrintf(state, "ApplyParsedPerms: chgrp of %s to %d failed: %s\n", + filename, parsed.gid, strerror(errno)); + bad++; + } + } + + if (parsed.has_mode) { + if (chmod(filename, parsed.mode) < 0) { + uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", + filename, parsed.mode, strerror(errno)); + bad++; + } + } + + if (parsed.has_dmode && S_ISDIR(statptr->st_mode)) { + if (chmod(filename, parsed.dmode) < 0) { + uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", + filename, parsed.dmode, strerror(errno)); + bad++; + } + } + + if (parsed.has_fmode && S_ISREG(statptr->st_mode)) { + if (chmod(filename, parsed.fmode) < 0) { + uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", + filename, parsed.fmode, strerror(errno)); + bad++; + } + } + + if (parsed.has_capabilities && S_ISREG(statptr->st_mode)) { + if (parsed.capabilities == 0) { + if ((removexattr(filename, XATTR_NAME_CAPS) == -1) && (errno != ENODATA)) { + // Report failure unless it's ENODATA (attribute not set) + uiPrintf(state, "ApplyParsedPerms: removexattr of %s to %" PRIx64 " failed: %s\n", + filename, parsed.capabilities, strerror(errno)); + bad++; + } + } else { + struct vfs_cap_data cap_data; + memset(&cap_data, 0, sizeof(cap_data)); + cap_data.magic_etc = VFS_CAP_REVISION | VFS_CAP_FLAGS_EFFECTIVE; + cap_data.data[0].permitted = (uint32_t) (parsed.capabilities & 0xffffffff); + cap_data.data[0].inheritable = 0; + cap_data.data[1].permitted = (uint32_t) (parsed.capabilities >> 32); + cap_data.data[1].inheritable = 0; + if (setxattr(filename, XATTR_NAME_CAPS, &cap_data, sizeof(cap_data), 0) < 0) { + uiPrintf(state, "ApplyParsedPerms: setcap of %s to %" PRIx64 " failed: %s\n", + filename, parsed.capabilities, strerror(errno)); + bad++; + } + } + } + + return bad; +} + +// nftw doesn't allow us to pass along context, so we need to use +// global variables. *sigh* +static struct perm_parsed_args recursive_parsed_args; +static State* recursive_state; + +static int do_SetMetadataRecursive(const char* filename, const struct stat *statptr, + int fileflags, struct FTW *pfwt) { + return ApplyParsedPerms(recursive_state, filename, statptr, recursive_parsed_args); +} + +static Value* SetMetadataFn(const char* name, State* state, int argc, Expr* argv[]) { + int bad = 0; + struct stat sb; + Value* result = NULL; + + bool recursive = (strcmp(name, "set_metadata_recursive") == 0); + + if ((argc % 2) != 1) { + return ErrorAbort(state, "%s() expects an odd number of arguments, got %d", name, argc); + } + + char** args = ReadVarArgs(state, argc, argv); + if (args == NULL) return NULL; + + if (lstat(args[0], &sb) == -1) { + result = ErrorAbort(state, "%s: Error on lstat of \"%s\": %s", name, args[0], strerror(errno)); + goto done; + } + + { + struct perm_parsed_args parsed = ParsePermArgs(state, argc, args); + + if (recursive) { + recursive_parsed_args = parsed; + recursive_state = state; + bad += nftw(args[0], do_SetMetadataRecursive, 30, FTW_CHDIR | FTW_DEPTH | FTW_PHYS); + memset(&recursive_parsed_args, 0, sizeof(recursive_parsed_args)); + recursive_state = NULL; + } else { + bad += ApplyParsedPerms(state, args[0], &sb, parsed); + } + } + +done: + for (int i = 0; i < argc; ++i) { + free(args[i]); + } + free(args); + + if (result != NULL) { + return result; + } + + if (bad > 0) { + return ErrorAbort(state, "%s: some changes failed", name); + } + + return StringValue(strdup("")); +} + +Value* GetPropFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* key = Evaluate(state, argv[0]); + if (key == NULL) return NULL; + + char value[PROPERTY_VALUE_MAX]; + property_get(key, value, ""); + free(key); + + return StringValue(strdup(value)); +} + + +// file_getprop(file, key) +// +// interprets 'file' as a getprop-style file (key=value pairs, one +// per line. # comment lines,blank lines, lines without '=' ignored), +// and returns the value for 'key' (or "" if it isn't defined). +Value* FileGetPropFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + char* buffer = NULL; + char* filename; + char* key; + if (ReadArgs(state, argv, 2, &filename, &key) < 0) { + return NULL; + } + + struct stat st; + if (stat(filename, &st) < 0) { + ErrorAbort(state, "%s: failed to stat \"%s\": %s", name, filename, strerror(errno)); + goto done; + } + +#define MAX_FILE_GETPROP_SIZE 65536 + + if (st.st_size > MAX_FILE_GETPROP_SIZE) { + ErrorAbort(state, "%s too large for %s (max %d)", filename, name, MAX_FILE_GETPROP_SIZE); + goto done; + } + + buffer = reinterpret_cast(malloc(st.st_size+1)); + if (buffer == NULL) { + ErrorAbort(state, "%s: failed to alloc %lld bytes", name, (long long)st.st_size+1); + goto done; + } + + FILE* f; + f = fopen(filename, "rb"); + if (f == NULL) { + ErrorAbort(state, "%s: failed to open %s: %s", name, filename, strerror(errno)); + goto done; + } + + if (fread(buffer, 1, st.st_size, f) != st.st_size) { + ErrorAbort(state, "%s: failed to read %lld bytes from %s", + name, (long long)st.st_size+1, filename); + fclose(f); + goto done; + } + buffer[st.st_size] = '\0'; + + fclose(f); + + char* line; + line = strtok(buffer, "\n"); + do { + // skip whitespace at start of line + while (*line && isspace(*line)) ++line; + + // comment or blank line: skip to next line + if (*line == '\0' || *line == '#') continue; + + char* equal = strchr(line, '='); + if (equal == NULL) { + continue; + } + + // trim whitespace between key and '=' + char* key_end = equal-1; + while (key_end > line && isspace(*key_end)) --key_end; + key_end[1] = '\0'; + + // not the key we're looking for + if (strcmp(key, line) != 0) continue; + + // skip whitespace after the '=' to the start of the value + char* val_start = equal+1; + while(*val_start && isspace(*val_start)) ++val_start; + + // trim trailing whitespace + char* val_end = val_start + strlen(val_start)-1; + while (val_end > val_start && isspace(*val_end)) --val_end; + val_end[1] = '\0'; + + result = strdup(val_start); + break; + + } while ((line = strtok(NULL, "\n"))); + + if (result == NULL) result = strdup(""); + + done: + free(filename); + free(key); + free(buffer); + return StringValue(result); +} + +// write_raw_image(filename_or_blob, partition) +Value* WriteRawImageFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + + Value* partition_value; + Value* contents; + if (ReadValueArgs(state, argv, 2, &contents, &partition_value) < 0) { + return NULL; + } + + char* partition = NULL; + if (partition_value->type != VAL_STRING) { + ErrorAbort(state, "partition argument to %s must be string", name); + goto done; + } + partition = partition_value->data; + if (strlen(partition) == 0) { + ErrorAbort(state, "partition argument to %s can't be empty", name); + goto done; + } + if (contents->type == VAL_STRING && strlen((char*) contents->data) == 0) { + ErrorAbort(state, "file argument to %s can't be empty", name); + goto done; + } + + mtd_scan_partitions(); + const MtdPartition* mtd; + mtd = mtd_find_partition_by_name(partition); + if (mtd == NULL) { + printf("%s: no mtd partition named \"%s\"\n", name, partition); + result = strdup(""); + goto done; + } + + MtdWriteContext* ctx; + ctx = mtd_write_partition(mtd); + if (ctx == NULL) { + printf("%s: can't write mtd partition \"%s\"\n", + name, partition); + result = strdup(""); + goto done; + } + + bool success; + + if (contents->type == VAL_STRING) { + // we're given a filename as the contents + char* filename = contents->data; + FILE* f = fopen(filename, "rb"); + if (f == NULL) { + printf("%s: can't open %s: %s\n", name, filename, strerror(errno)); + result = strdup(""); + goto done; + } + + success = true; + char* buffer = reinterpret_cast(malloc(BUFSIZ)); + int read; + while (success && (read = fread(buffer, 1, BUFSIZ, f)) > 0) { + int wrote = mtd_write_data(ctx, buffer, read); + success = success && (wrote == read); + } + free(buffer); + fclose(f); + } else { + // we're given a blob as the contents + ssize_t wrote = mtd_write_data(ctx, contents->data, contents->size); + success = (wrote == contents->size); + } + if (!success) { + printf("mtd_write_data to %s failed: %s\n", + partition, strerror(errno)); + } + + if (mtd_erase_blocks(ctx, -1) == -1) { + printf("%s: error erasing blocks of %s\n", name, partition); + } + if (mtd_write_close(ctx) != 0) { + printf("%s: error closing write of %s\n", name, partition); + } + + printf("%s %s partition\n", + success ? "wrote" : "failed to write", partition); + + result = success ? partition : strdup(""); + +done: + if (result != partition) FreeValue(partition_value); + FreeValue(contents); + return StringValue(result); +} + +// apply_patch_space(bytes) +Value* ApplyPatchSpaceFn(const char* name, State* state, + int argc, Expr* argv[]) { + char* bytes_str; + if (ReadArgs(state, argv, 1, &bytes_str) < 0) { + return NULL; + } + + char* endptr; + size_t bytes = strtol(bytes_str, &endptr, 10); + if (bytes == 0 && endptr == bytes_str) { + ErrorAbort(state, "%s(): can't parse \"%s\" as byte count\n\n", name, bytes_str); + free(bytes_str); + return NULL; + } + + return StringValue(strdup(CacheSizeCheck(bytes) ? "" : "t")); +} + +// apply_patch(file, size, init_sha1, tgt_sha1, patch) + +Value* ApplyPatchFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc < 6 || (argc % 2) == 1) { + return ErrorAbort(state, "%s(): expected at least 6 args and an " + "even number, got %d", + name, argc); + } + + char* source_filename; + char* target_filename; + char* target_sha1; + char* target_size_str; + if (ReadArgs(state, argv, 4, &source_filename, &target_filename, + &target_sha1, &target_size_str) < 0) { + return NULL; + } + + char* endptr; + size_t target_size = strtol(target_size_str, &endptr, 10); + if (target_size == 0 && endptr == target_size_str) { + ErrorAbort(state, "%s(): can't parse \"%s\" as byte count", + name, target_size_str); + free(source_filename); + free(target_filename); + free(target_sha1); + free(target_size_str); + return NULL; + } + + int patchcount = (argc-4) / 2; + Value** patches = ReadValueVarArgs(state, argc-4, argv+4); + + int i; + for (i = 0; i < patchcount; ++i) { + if (patches[i*2]->type != VAL_STRING) { + ErrorAbort(state, "%s(): sha-1 #%d is not string", name, i); + break; + } + if (patches[i*2+1]->type != VAL_BLOB) { + ErrorAbort(state, "%s(): patch #%d is not blob", name, i); + break; + } + } + if (i != patchcount) { + for (i = 0; i < patchcount*2; ++i) { + FreeValue(patches[i]); + } + free(patches); + return NULL; + } + + char** patch_sha_str = reinterpret_cast(malloc(patchcount * sizeof(char*))); + for (i = 0; i < patchcount; ++i) { + patch_sha_str[i] = patches[i*2]->data; + patches[i*2]->data = NULL; + FreeValue(patches[i*2]); + patches[i] = patches[i*2+1]; + } + + int result = applypatch(source_filename, target_filename, + target_sha1, target_size, + patchcount, patch_sha_str, patches, NULL); + + for (i = 0; i < patchcount; ++i) { + FreeValue(patches[i]); + } + free(patch_sha_str); + free(patches); + + return StringValue(strdup(result == 0 ? "t" : "")); +} + +// apply_patch_check(file, [sha1_1, ...]) +Value* ApplyPatchCheckFn(const char* name, State* state, + int argc, Expr* argv[]) { + if (argc < 1) { + return ErrorAbort(state, "%s(): expected at least 1 arg, got %d", + name, argc); + } + + char* filename; + if (ReadArgs(state, argv, 1, &filename) < 0) { + return NULL; + } + + int patchcount = argc-1; + char** sha1s = ReadVarArgs(state, argc-1, argv+1); + + int result = applypatch_check(filename, patchcount, sha1s); + + int i; + for (i = 0; i < patchcount; ++i) { + free(sha1s[i]); + } + free(sha1s); + + return StringValue(strdup(result == 0 ? "t" : "")); +} + +Value* UIPrintFn(const char* name, State* state, int argc, Expr* argv[]) { + char** args = ReadVarArgs(state, argc, argv); + if (args == NULL) { + return NULL; + } + + int size = 0; + int i; + for (i = 0; i < argc; ++i) { + size += strlen(args[i]); + } + char* buffer = reinterpret_cast(malloc(size+1)); + size = 0; + for (i = 0; i < argc; ++i) { + strcpy(buffer+size, args[i]); + size += strlen(args[i]); + free(args[i]); + } + free(args); + buffer[size] = '\0'; + uiPrint(state, buffer); + return StringValue(buffer); +} + +Value* WipeCacheFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 0) { + return ErrorAbort(state, "%s() expects no args, got %d", name, argc); + } + fprintf(((UpdaterInfo*)(state->cookie))->cmd_pipe, "wipe_cache\n"); + return StringValue(strdup("t")); +} + +Value* RunProgramFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc < 1) { + return ErrorAbort(state, "%s() expects at least 1 arg", name); + } + char** args = ReadVarArgs(state, argc, argv); + if (args == NULL) { + return NULL; + } + + char** args2 = reinterpret_cast(malloc(sizeof(char*) * (argc+1))); + memcpy(args2, args, sizeof(char*) * argc); + args2[argc] = NULL; + + printf("about to run program [%s] with %d args\n", args2[0], argc); + + pid_t child = fork(); + if (child == 0) { + execv(args2[0], args2); + printf("run_program: execv failed: %s\n", strerror(errno)); + _exit(1); + } + int status; + waitpid(child, &status, 0); + if (WIFEXITED(status)) { + if (WEXITSTATUS(status) != 0) { + printf("run_program: child exited with status %d\n", + WEXITSTATUS(status)); + } + } else if (WIFSIGNALED(status)) { + printf("run_program: child terminated by signal %d\n", + WTERMSIG(status)); + } + + int i; + for (i = 0; i < argc; ++i) { + free(args[i]); + } + free(args); + free(args2); + + char buffer[20]; + sprintf(buffer, "%d", status); + + return StringValue(strdup(buffer)); +} + +// sha1_check(data) +// to return the sha1 of the data (given in the format returned by +// read_file). +// +// sha1_check(data, sha1_hex, [sha1_hex, ...]) +// returns the sha1 of the file if it matches any of the hex +// strings passed, or "" if it does not equal any of them. +// +Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc < 1) { + return ErrorAbort(state, "%s() expects at least 1 arg", name); + } + + Value** args = ReadValueVarArgs(state, argc, argv); + if (args == NULL) { + return NULL; + } + + if (args[0]->size < 0) { + return StringValue(strdup("")); + } + uint8_t digest[SHA_DIGEST_SIZE]; + SHA_hash(args[0]->data, args[0]->size, digest); + FreeValue(args[0]); + + if (argc == 1) { + return StringValue(PrintSha1(digest)); + } + + int i; + uint8_t* arg_digest = reinterpret_cast(malloc(SHA_DIGEST_SIZE)); + for (i = 1; i < argc; ++i) { + if (args[i]->type != VAL_STRING) { + printf("%s(): arg %d is not a string; skipping", + name, i); + } else if (ParseSha1(args[i]->data, arg_digest) != 0) { + // Warn about bad args and skip them. + printf("%s(): error parsing \"%s\" as sha-1; skipping", + name, args[i]->data); + } else if (memcmp(digest, arg_digest, SHA_DIGEST_SIZE) == 0) { + break; + } + FreeValue(args[i]); + } + if (i >= argc) { + // Didn't match any of the hex strings; return false. + return StringValue(strdup("")); + } + // Found a match; free all the remaining arguments and return the + // matched one. + int j; + for (j = i+1; j < argc; ++j) { + FreeValue(args[j]); + } + return args[i]; +} + +// Read a local file and return its contents (the Value* returned +// is actually a FileContents*). +Value* ReadFileFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* filename; + if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; + + Value* v = reinterpret_cast(malloc(sizeof(Value))); + v->type = VAL_BLOB; + + FileContents fc; + if (LoadFileContents(filename, &fc) != 0) { + free(filename); + v->size = -1; + v->data = NULL; + free(fc.data); + return v; + } + + v->size = fc.size; + v->data = (char*)fc.data; + + free(filename); + return v; +} + +// Immediately reboot the device. Recovery is not finished normally, +// so if you reboot into recovery it will re-start applying the +// current package (because nothing has cleared the copy of the +// arguments stored in the BCB). +// +// The argument is the partition name passed to the android reboot +// property. It can be "recovery" to boot from the recovery +// partition, or "" (empty string) to boot from the regular boot +// partition. +Value* RebootNowFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + + char* filename; + char* property; + if (ReadArgs(state, argv, 2, &filename, &property) < 0) return NULL; + + char buffer[80]; + + // zero out the 'command' field of the bootloader message. + memset(buffer, 0, sizeof(((struct bootloader_message*)0)->command)); + FILE* f = fopen(filename, "r+b"); + fseek(f, offsetof(struct bootloader_message, command), SEEK_SET); + fwrite(buffer, sizeof(((struct bootloader_message*)0)->command), 1, f); + fclose(f); + free(filename); + + strcpy(buffer, "reboot,"); + if (property != NULL) { + strncat(buffer, property, sizeof(buffer)-10); + } + + property_set(ANDROID_RB_PROPERTY, buffer); + + sleep(5); + free(property); + ErrorAbort(state, "%s() failed to reboot", name); + return NULL; +} + +// Store a string value somewhere that future invocations of recovery +// can access it. This value is called the "stage" and can be used to +// drive packages that need to do reboots in the middle of +// installation and keep track of where they are in the multi-stage +// install. +// +// The first argument is the block device for the misc partition +// ("/misc" in the fstab), which is where this value is stored. The +// second argument is the string to store; it should not exceed 31 +// bytes. +Value* SetStageFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + + char* filename; + char* stagestr; + if (ReadArgs(state, argv, 2, &filename, &stagestr) < 0) return NULL; + + // Store this value in the misc partition, immediately after the + // bootloader message that the main recovery uses to save its + // arguments in case of the device restarting midway through + // package installation. + FILE* f = fopen(filename, "r+b"); + fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); + int to_write = strlen(stagestr)+1; + int max_size = sizeof(((struct bootloader_message*)0)->stage); + if (to_write > max_size) { + to_write = max_size; + stagestr[max_size-1] = 0; + } + fwrite(stagestr, to_write, 1, f); + fclose(f); + + free(stagestr); + return StringValue(filename); +} + +// Return the value most recently saved with SetStageFn. The argument +// is the block device for the misc partition. +Value* GetStageFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + + char* filename; + if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; + + char buffer[sizeof(((struct bootloader_message*)0)->stage)]; + FILE* f = fopen(filename, "rb"); + fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); + fread(buffer, sizeof(buffer), 1, f); + fclose(f); + buffer[sizeof(buffer)-1] = '\0'; + + return StringValue(strdup(buffer)); +} + +Value* WipeBlockDeviceFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + + char* filename; + char* len_str; + if (ReadArgs(state, argv, 2, &filename, &len_str) < 0) return NULL; + + size_t len = strtoull(len_str, NULL, 0); + int fd = open(filename, O_WRONLY, 0644); + int success = wipe_block_device(fd, len); + + free(filename); + free(len_str); + + close(fd); + + return StringValue(strdup(success ? "t" : "")); +} + +Value* EnableRebootFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 0) { + return ErrorAbort(state, "%s() expects no args, got %d", name, argc); + } + UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); + fprintf(ui->cmd_pipe, "enable_reboot\n"); + return StringValue(strdup("t")); +} + +Value* Tune2FsFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc == 0) { + return ErrorAbort(state, "%s() expects args, got %d", name, argc); + } + + char** args = ReadVarArgs(state, argc, argv); + if (args == NULL) { + return ErrorAbort(state, "%s() could not read args", name); + } + + char** args2 = reinterpret_cast(malloc(sizeof(char*) * (argc+1))); + // Tune2fs expects the program name as its args[0] + args2[0] = strdup(name); + for (int i = 0; i < argc; ++i) { + args2[i + 1] = args[i]; + } + int result = tune2fs_main(argc + 1, args2); + for (int i = 0; i < argc; ++i) { + free(args[i]); + } + free(args); + + free(args2[0]); + free(args2); + if (result != 0) { + return ErrorAbort(state, "%s() returned error code %d", name, result); + } + return StringValue(strdup("t")); +} + +void RegisterInstallFunctions() { + RegisterFunction("mount", MountFn); + RegisterFunction("is_mounted", IsMountedFn); + RegisterFunction("unmount", UnmountFn); + RegisterFunction("format", FormatFn); + RegisterFunction("show_progress", ShowProgressFn); + RegisterFunction("set_progress", SetProgressFn); + RegisterFunction("delete", DeleteFn); + RegisterFunction("delete_recursive", DeleteFn); + RegisterFunction("package_extract_dir", PackageExtractDirFn); + RegisterFunction("package_extract_file", PackageExtractFileFn); + RegisterFunction("symlink", SymlinkFn); + + // Usage: + // set_metadata("filename", "key1", "value1", "key2", "value2", ...) + // Example: + // set_metadata("/system/bin/netcfg", "uid", 0, "gid", 3003, "mode", 02750, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); + RegisterFunction("set_metadata", SetMetadataFn); + + // Usage: + // set_metadata_recursive("dirname", "key1", "value1", "key2", "value2", ...) + // Example: + // set_metadata_recursive("/system", "uid", 0, "gid", 0, "fmode", 0644, "dmode", 0755, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); + RegisterFunction("set_metadata_recursive", SetMetadataFn); + + RegisterFunction("getprop", GetPropFn); + RegisterFunction("file_getprop", FileGetPropFn); + RegisterFunction("write_raw_image", WriteRawImageFn); + + RegisterFunction("apply_patch", ApplyPatchFn); + RegisterFunction("apply_patch_check", ApplyPatchCheckFn); + RegisterFunction("apply_patch_space", ApplyPatchSpaceFn); + + RegisterFunction("wipe_block_device", WipeBlockDeviceFn); + + RegisterFunction("read_file", ReadFileFn); + RegisterFunction("sha1_check", Sha1CheckFn); + RegisterFunction("rename", RenameFn); + + RegisterFunction("wipe_cache", WipeCacheFn); + + RegisterFunction("ui_print", UIPrintFn); + + RegisterFunction("run_program", RunProgramFn); + + RegisterFunction("reboot_now", RebootNowFn); + RegisterFunction("get_stage", GetStageFn); + RegisterFunction("set_stage", SetStageFn); + + RegisterFunction("enable_reboot", EnableRebootFn); + RegisterFunction("tune2fs", Tune2FsFn); +} diff --git a/updater/updater.c b/updater/updater.c deleted file mode 100644 index 661f69587..000000000 --- a/updater/updater.c +++ /dev/null @@ -1,169 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include - -#include "edify/expr.h" -#include "updater.h" -#include "install.h" -#include "blockimg.h" -#include "minzip/Zip.h" -#include "minzip/SysUtil.h" - -// Generated by the makefile, this function defines the -// RegisterDeviceExtensions() function, which calls all the -// registration functions for device-specific extensions. -#include "register.inc" - -// Where in the package we expect to find the edify script to execute. -// (Note it's "updateR-script", not the older "update-script".) -#define SCRIPT_NAME "META-INF/com/google/android/updater-script" - -struct selabel_handle *sehandle; - -int main(int argc, char** argv) { - // Various things log information to stdout or stderr more or less - // at random (though we've tried to standardize on stdout). The - // log file makes more sense if buffering is turned off so things - // appear in the right order. - setbuf(stdout, NULL); - setbuf(stderr, NULL); - - if (argc != 4) { - printf("unexpected number of arguments (%d)\n", argc); - return 1; - } - - char* version = argv[1]; - if ((version[0] != '1' && version[0] != '2' && version[0] != '3') || - version[1] != '\0') { - // We support version 1, 2, or 3. - printf("wrong updater binary API; expected 1, 2, or 3; " - "got %s\n", - argv[1]); - return 2; - } - - // Set up the pipe for sending commands back to the parent process. - - int fd = atoi(argv[2]); - FILE* cmd_pipe = fdopen(fd, "wb"); - setlinebuf(cmd_pipe); - - // Extract the script from the package. - - const char* package_filename = argv[3]; - MemMapping map; - if (sysMapFile(package_filename, &map) != 0) { - printf("failed to map package %s\n", argv[3]); - return 3; - } - ZipArchive za; - int err; - err = mzOpenZipArchive(map.addr, map.length, &za); - if (err != 0) { - printf("failed to open package %s: %s\n", - argv[3], strerror(err)); - return 3; - } - - const ZipEntry* script_entry = mzFindZipEntry(&za, SCRIPT_NAME); - if (script_entry == NULL) { - printf("failed to find %s in %s\n", SCRIPT_NAME, package_filename); - return 4; - } - - char* script = malloc(script_entry->uncompLen+1); - if (!mzReadZipEntry(&za, script_entry, script, script_entry->uncompLen)) { - printf("failed to read script from package\n"); - return 5; - } - script[script_entry->uncompLen] = '\0'; - - // Configure edify's functions. - - RegisterBuiltins(); - RegisterInstallFunctions(); - RegisterBlockImageFunctions(); - RegisterDeviceExtensions(); - FinishRegistration(); - - // Parse the script. - - Expr* root; - int error_count = 0; - int error = parse_string(script, &root, &error_count); - if (error != 0 || error_count > 0) { - printf("%d parse errors\n", error_count); - return 6; - } - - struct selinux_opt seopts[] = { - { SELABEL_OPT_PATH, "/file_contexts" } - }; - - sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1); - - if (!sehandle) { - fprintf(cmd_pipe, "ui_print Warning: No file_contexts\n"); - } - - // Evaluate the parsed script. - - UpdaterInfo updater_info; - updater_info.cmd_pipe = cmd_pipe; - updater_info.package_zip = &za; - updater_info.version = atoi(version); - updater_info.package_zip_addr = map.addr; - updater_info.package_zip_len = map.length; - - State state; - state.cookie = &updater_info; - state.script = script; - state.errmsg = NULL; - - char* result = Evaluate(&state, root); - if (result == NULL) { - if (state.errmsg == NULL) { - printf("script aborted (no error message)\n"); - fprintf(cmd_pipe, "ui_print script aborted (no error message)\n"); - } else { - printf("script aborted: %s\n", state.errmsg); - char* line = strtok(state.errmsg, "\n"); - while (line) { - fprintf(cmd_pipe, "ui_print %s\n", line); - line = strtok(NULL, "\n"); - } - fprintf(cmd_pipe, "ui_print\n"); - } - free(state.errmsg); - return 7; - } else { - fprintf(cmd_pipe, "ui_print script succeeded: result was [%s]\n", result); - free(result); - } - - if (updater_info.package_zip) { - mzCloseZipArchive(updater_info.package_zip); - } - sysReleaseMap(&map); - free(script); - - return 0; -} diff --git a/updater/updater.cpp b/updater/updater.cpp new file mode 100644 index 000000000..0f22e6d04 --- /dev/null +++ b/updater/updater.cpp @@ -0,0 +1,169 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include + +#include "edify/expr.h" +#include "updater.h" +#include "install.h" +#include "blockimg.h" +#include "minzip/Zip.h" +#include "minzip/SysUtil.h" + +// Generated by the makefile, this function defines the +// RegisterDeviceExtensions() function, which calls all the +// registration functions for device-specific extensions. +#include "register.inc" + +// Where in the package we expect to find the edify script to execute. +// (Note it's "updateR-script", not the older "update-script".) +#define SCRIPT_NAME "META-INF/com/google/android/updater-script" + +struct selabel_handle *sehandle; + +int main(int argc, char** argv) { + // Various things log information to stdout or stderr more or less + // at random (though we've tried to standardize on stdout). The + // log file makes more sense if buffering is turned off so things + // appear in the right order. + setbuf(stdout, NULL); + setbuf(stderr, NULL); + + if (argc != 4) { + printf("unexpected number of arguments (%d)\n", argc); + return 1; + } + + char* version = argv[1]; + if ((version[0] != '1' && version[0] != '2' && version[0] != '3') || + version[1] != '\0') { + // We support version 1, 2, or 3. + printf("wrong updater binary API; expected 1, 2, or 3; " + "got %s\n", + argv[1]); + return 2; + } + + // Set up the pipe for sending commands back to the parent process. + + int fd = atoi(argv[2]); + FILE* cmd_pipe = fdopen(fd, "wb"); + setlinebuf(cmd_pipe); + + // Extract the script from the package. + + const char* package_filename = argv[3]; + MemMapping map; + if (sysMapFile(package_filename, &map) != 0) { + printf("failed to map package %s\n", argv[3]); + return 3; + } + ZipArchive za; + int err; + err = mzOpenZipArchive(map.addr, map.length, &za); + if (err != 0) { + printf("failed to open package %s: %s\n", + argv[3], strerror(err)); + return 3; + } + + const ZipEntry* script_entry = mzFindZipEntry(&za, SCRIPT_NAME); + if (script_entry == NULL) { + printf("failed to find %s in %s\n", SCRIPT_NAME, package_filename); + return 4; + } + + char* script = reinterpret_cast(malloc(script_entry->uncompLen+1)); + if (!mzReadZipEntry(&za, script_entry, script, script_entry->uncompLen)) { + printf("failed to read script from package\n"); + return 5; + } + script[script_entry->uncompLen] = '\0'; + + // Configure edify's functions. + + RegisterBuiltins(); + RegisterInstallFunctions(); + RegisterBlockImageFunctions(); + RegisterDeviceExtensions(); + FinishRegistration(); + + // Parse the script. + + Expr* root; + int error_count = 0; + int error = parse_string(script, &root, &error_count); + if (error != 0 || error_count > 0) { + printf("%d parse errors\n", error_count); + return 6; + } + + struct selinux_opt seopts[] = { + { SELABEL_OPT_PATH, "/file_contexts" } + }; + + sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1); + + if (!sehandle) { + fprintf(cmd_pipe, "ui_print Warning: No file_contexts\n"); + } + + // Evaluate the parsed script. + + UpdaterInfo updater_info; + updater_info.cmd_pipe = cmd_pipe; + updater_info.package_zip = &za; + updater_info.version = atoi(version); + updater_info.package_zip_addr = map.addr; + updater_info.package_zip_len = map.length; + + State state; + state.cookie = &updater_info; + state.script = script; + state.errmsg = NULL; + + char* result = Evaluate(&state, root); + if (result == NULL) { + if (state.errmsg == NULL) { + printf("script aborted (no error message)\n"); + fprintf(cmd_pipe, "ui_print script aborted (no error message)\n"); + } else { + printf("script aborted: %s\n", state.errmsg); + char* line = strtok(state.errmsg, "\n"); + while (line) { + fprintf(cmd_pipe, "ui_print %s\n", line); + line = strtok(NULL, "\n"); + } + fprintf(cmd_pipe, "ui_print\n"); + } + free(state.errmsg); + return 7; + } else { + fprintf(cmd_pipe, "ui_print script succeeded: result was [%s]\n", result); + free(result); + } + + if (updater_info.package_zip) { + mzCloseZipArchive(updater_info.package_zip); + } + sysReleaseMap(&map); + free(script); + + return 0; +} -- cgit v1.2.3 From 485b63702c312bf47a1fd4821fde7dcade41e09d Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Tue, 23 Jun 2015 23:23:33 -0700 Subject: recovery: Switch applypatch/ and updater/ to cpp. Mostly trivial changes to make cpp compiler happy. Change-Id: I1b0481465c67c3bbca35a839d0764190d84ff34e (cherry picked from commit ba9a42aa7e10686de186636fe9fecbf8c4cc7c19) --- applypatch/Android.mk | 8 +- applypatch/applypatch.c | 1048 ------------------------ applypatch/applypatch.cpp | 1025 +++++++++++++++++++++++ applypatch/bsdiff.c | 410 ---------- applypatch/bsdiff.cpp | 410 ++++++++++ applypatch/bspatch.c | 256 ------ applypatch/bspatch.cpp | 255 ++++++ applypatch/freecache.c | 172 ---- applypatch/freecache.cpp | 186 +++++ applypatch/imgdiff.c | 1060 ------------------------ applypatch/imgdiff.cpp | 1068 ++++++++++++++++++++++++ applypatch/imgpatch.c | 234 ------ applypatch/imgpatch.cpp | 234 ++++++ applypatch/main.c | 214 ----- applypatch/main.cpp | 213 +++++ applypatch/utils.c | 65 -- applypatch/utils.cpp | 65 ++ minzip/Hash.h | 8 + roots.cpp | 2 - updater/Android.mk | 18 +- updater/blockimg.c | 1994 --------------------------------------------- updater/blockimg.cpp | 1991 ++++++++++++++++++++++++++++++++++++++++++++ updater/install.c | 1630 ------------------------------------ updater/install.cpp | 1622 ++++++++++++++++++++++++++++++++++++ updater/updater.c | 169 ---- updater/updater.cpp | 169 ++++ 26 files changed, 7265 insertions(+), 7261 deletions(-) delete mode 100644 applypatch/applypatch.c create mode 100644 applypatch/applypatch.cpp delete mode 100644 applypatch/bsdiff.c create mode 100644 applypatch/bsdiff.cpp delete mode 100644 applypatch/bspatch.c create mode 100644 applypatch/bspatch.cpp delete mode 100644 applypatch/freecache.c create mode 100644 applypatch/freecache.cpp delete mode 100644 applypatch/imgdiff.c create mode 100644 applypatch/imgdiff.cpp delete mode 100644 applypatch/imgpatch.c create mode 100644 applypatch/imgpatch.cpp delete mode 100644 applypatch/main.c create mode 100644 applypatch/main.cpp delete mode 100644 applypatch/utils.c create mode 100644 applypatch/utils.cpp delete mode 100644 updater/blockimg.c create mode 100644 updater/blockimg.cpp delete mode 100644 updater/install.c create mode 100644 updater/install.cpp delete mode 100644 updater/updater.c create mode 100644 updater/updater.cpp diff --git a/applypatch/Android.mk b/applypatch/Android.mk index eb3e4580e..1f73fd897 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -17,7 +17,7 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) LOCAL_CLANG := true -LOCAL_SRC_FILES := applypatch.c bspatch.c freecache.c imgpatch.c utils.c +LOCAL_SRC_FILES := applypatch.cpp bspatch.cpp freecache.cpp imgpatch.cpp utils.cpp LOCAL_MODULE := libapplypatch LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += external/bzip2 external/zlib bootable/recovery @@ -28,7 +28,7 @@ include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) LOCAL_CLANG := true -LOCAL_SRC_FILES := main.c +LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz @@ -39,7 +39,7 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) LOCAL_CLANG := true -LOCAL_SRC_FILES := main.c +LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch_static LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := eng @@ -52,7 +52,7 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) LOCAL_CLANG := true -LOCAL_SRC_FILES := imgdiff.c utils.c bsdiff.c +LOCAL_SRC_FILES := imgdiff.cpp utils.cpp bsdiff.cpp LOCAL_MODULE := imgdiff LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_C_INCLUDES += external/zlib external/bzip2 diff --git a/applypatch/applypatch.c b/applypatch/applypatch.c deleted file mode 100644 index 2358d4292..000000000 --- a/applypatch/applypatch.c +++ /dev/null @@ -1,1048 +0,0 @@ -/* - * Copyright (C) 2008 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "mincrypt/sha.h" -#include "applypatch.h" -#include "mtdutils/mtdutils.h" -#include "edify/expr.h" - -static int LoadPartitionContents(const char* filename, FileContents* file); -static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token); -static int GenerateTarget(FileContents* source_file, - const Value* source_patch_value, - FileContents* copy_file, - const Value* copy_patch_value, - const char* source_filename, - const char* target_filename, - const uint8_t target_sha1[SHA_DIGEST_SIZE], - size_t target_size, - const Value* bonus_data); - -static int mtd_partitions_scanned = 0; - -// Read a file into memory; store the file contents and associated -// metadata in *file. -// -// Return 0 on success. -int LoadFileContents(const char* filename, FileContents* file) { - file->data = NULL; - - // A special 'filename' beginning with "MTD:" or "EMMC:" means to - // load the contents of a partition. - if (strncmp(filename, "MTD:", 4) == 0 || - strncmp(filename, "EMMC:", 5) == 0) { - return LoadPartitionContents(filename, file); - } - - if (stat(filename, &file->st) != 0) { - printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); - return -1; - } - - file->size = file->st.st_size; - file->data = malloc(file->size); - - FILE* f = fopen(filename, "rb"); - if (f == NULL) { - printf("failed to open \"%s\": %s\n", filename, strerror(errno)); - free(file->data); - file->data = NULL; - return -1; - } - - ssize_t bytes_read = fread(file->data, 1, file->size, f); - if (bytes_read != file->size) { - printf("short read of \"%s\" (%ld bytes of %ld)\n", - filename, (long)bytes_read, (long)file->size); - free(file->data); - file->data = NULL; - return -1; - } - fclose(f); - - SHA_hash(file->data, file->size, file->sha1); - return 0; -} - -static size_t* size_array; -// comparison function for qsort()ing an int array of indexes into -// size_array[]. -static int compare_size_indices(const void* a, const void* b) { - int aa = *(int*)a; - int bb = *(int*)b; - if (size_array[aa] < size_array[bb]) { - return -1; - } else if (size_array[aa] > size_array[bb]) { - return 1; - } else { - return 0; - } -} - -// Load the contents of an MTD or EMMC partition into the provided -// FileContents. filename should be a string of the form -// "MTD::::::..." (or -// "EMMC::..."). The smallest size_n bytes for -// which that prefix of the partition contents has the corresponding -// sha1 hash will be loaded. It is acceptable for a size value to be -// repeated with different sha1s. Will return 0 on success. -// -// This complexity is needed because if an OTA installation is -// interrupted, the partition might contain either the source or the -// target data, which might be of different lengths. We need to know -// the length in order to read from a partition (there is no -// "end-of-file" marker), so the caller must specify the possible -// lengths and the hash of the data, and we'll do the load expecting -// to find one of those hashes. -enum PartitionType { MTD, EMMC }; - -static int LoadPartitionContents(const char* filename, FileContents* file) { - char* copy = strdup(filename); - const char* magic = strtok(copy, ":"); - - enum PartitionType type; - - if (strcmp(magic, "MTD") == 0) { - type = MTD; - } else if (strcmp(magic, "EMMC") == 0) { - type = EMMC; - } else { - printf("LoadPartitionContents called with bad filename (%s)\n", - filename); - return -1; - } - const char* partition = strtok(NULL, ":"); - - int i; - int colons = 0; - for (i = 0; filename[i] != '\0'; ++i) { - if (filename[i] == ':') { - ++colons; - } - } - if (colons < 3 || colons%2 == 0) { - printf("LoadPartitionContents called with bad filename (%s)\n", - filename); - } - - int pairs = (colons-1)/2; // # of (size,sha1) pairs in filename - int* index = malloc(pairs * sizeof(int)); - size_t* size = malloc(pairs * sizeof(size_t)); - char** sha1sum = malloc(pairs * sizeof(char*)); - - for (i = 0; i < pairs; ++i) { - const char* size_str = strtok(NULL, ":"); - size[i] = strtol(size_str, NULL, 10); - if (size[i] == 0) { - printf("LoadPartitionContents called with bad size (%s)\n", filename); - return -1; - } - sha1sum[i] = strtok(NULL, ":"); - index[i] = i; - } - - // sort the index[] array so it indexes the pairs in order of - // increasing size. - size_array = size; - qsort(index, pairs, sizeof(int), compare_size_indices); - - MtdReadContext* ctx = NULL; - FILE* dev = NULL; - - switch (type) { - case MTD: - if (!mtd_partitions_scanned) { - mtd_scan_partitions(); - mtd_partitions_scanned = 1; - } - - const MtdPartition* mtd = mtd_find_partition_by_name(partition); - if (mtd == NULL) { - printf("mtd partition \"%s\" not found (loading %s)\n", - partition, filename); - return -1; - } - - ctx = mtd_read_partition(mtd); - if (ctx == NULL) { - printf("failed to initialize read of mtd partition \"%s\"\n", - partition); - return -1; - } - break; - - case EMMC: - dev = fopen(partition, "rb"); - if (dev == NULL) { - printf("failed to open emmc partition \"%s\": %s\n", - partition, strerror(errno)); - return -1; - } - } - - SHA_CTX sha_ctx; - SHA_init(&sha_ctx); - uint8_t parsed_sha[SHA_DIGEST_SIZE]; - - // allocate enough memory to hold the largest size. - file->data = malloc(size[index[pairs-1]]); - char* p = (char*)file->data; - file->size = 0; // # bytes read so far - - for (i = 0; i < pairs; ++i) { - // Read enough additional bytes to get us up to the next size - // (again, we're trying the possibilities in order of increasing - // size). - size_t next = size[index[i]] - file->size; - size_t read = 0; - if (next > 0) { - switch (type) { - case MTD: - read = mtd_read_data(ctx, p, next); - break; - - case EMMC: - read = fread(p, 1, next, dev); - break; - } - if (next != read) { - printf("short read (%zu bytes of %zu) for partition \"%s\"\n", - read, next, partition); - free(file->data); - file->data = NULL; - return -1; - } - SHA_update(&sha_ctx, p, read); - file->size += read; - } - - // Duplicate the SHA context and finalize the duplicate so we can - // check it against this pair's expected hash. - SHA_CTX temp_ctx; - memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); - const uint8_t* sha_so_far = SHA_final(&temp_ctx); - - if (ParseSha1(sha1sum[index[i]], parsed_sha) != 0) { - printf("failed to parse sha1 %s in %s\n", - sha1sum[index[i]], filename); - free(file->data); - file->data = NULL; - return -1; - } - - if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_SIZE) == 0) { - // we have a match. stop reading the partition; we'll return - // the data we've read so far. - printf("partition read matched size %zu sha %s\n", - size[index[i]], sha1sum[index[i]]); - break; - } - - p += read; - } - - switch (type) { - case MTD: - mtd_read_close(ctx); - break; - - case EMMC: - fclose(dev); - break; - } - - - if (i == pairs) { - // Ran off the end of the list of (size,sha1) pairs without - // finding a match. - printf("contents of partition \"%s\" didn't match %s\n", - partition, filename); - free(file->data); - file->data = NULL; - return -1; - } - - const uint8_t* sha_final = SHA_final(&sha_ctx); - for (i = 0; i < SHA_DIGEST_SIZE; ++i) { - file->sha1[i] = sha_final[i]; - } - - // Fake some stat() info. - file->st.st_mode = 0644; - file->st.st_uid = 0; - file->st.st_gid = 0; - - free(copy); - free(index); - free(size); - free(sha1sum); - - return 0; -} - - -// Save the contents of the given FileContents object under the given -// filename. Return 0 on success. -int SaveFileContents(const char* filename, const FileContents* file) { - int fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); - if (fd < 0) { - printf("failed to open \"%s\" for write: %s\n", - filename, strerror(errno)); - return -1; - } - - ssize_t bytes_written = FileSink(file->data, file->size, &fd); - if (bytes_written != file->size) { - printf("short write of \"%s\" (%ld bytes of %ld) (%s)\n", - filename, (long)bytes_written, (long)file->size, - strerror(errno)); - close(fd); - return -1; - } - if (fsync(fd) != 0) { - printf("fsync of \"%s\" failed: %s\n", filename, strerror(errno)); - return -1; - } - if (close(fd) != 0) { - printf("close of \"%s\" failed: %s\n", filename, strerror(errno)); - return -1; - } - - if (chmod(filename, file->st.st_mode) != 0) { - printf("chmod of \"%s\" failed: %s\n", filename, strerror(errno)); - return -1; - } - if (chown(filename, file->st.st_uid, file->st.st_gid) != 0) { - printf("chown of \"%s\" failed: %s\n", filename, strerror(errno)); - return -1; - } - - return 0; -} - -// Write a memory buffer to 'target' partition, a string of the form -// "MTD:[:...]" or "EMMC::". Return 0 on -// success. -int WriteToPartition(unsigned char* data, size_t len, - const char* target) { - char* copy = strdup(target); - const char* magic = strtok(copy, ":"); - - enum PartitionType type; - if (strcmp(magic, "MTD") == 0) { - type = MTD; - } else if (strcmp(magic, "EMMC") == 0) { - type = EMMC; - } else { - printf("WriteToPartition called with bad target (%s)\n", target); - return -1; - } - const char* partition = strtok(NULL, ":"); - - if (partition == NULL) { - printf("bad partition target name \"%s\"\n", target); - return -1; - } - - switch (type) { - case MTD: - if (!mtd_partitions_scanned) { - mtd_scan_partitions(); - mtd_partitions_scanned = 1; - } - - const MtdPartition* mtd = mtd_find_partition_by_name(partition); - if (mtd == NULL) { - printf("mtd partition \"%s\" not found for writing\n", - partition); - return -1; - } - - MtdWriteContext* ctx = mtd_write_partition(mtd); - if (ctx == NULL) { - printf("failed to init mtd partition \"%s\" for writing\n", - partition); - return -1; - } - - size_t written = mtd_write_data(ctx, (char*)data, len); - if (written != len) { - printf("only wrote %zu of %zu bytes to MTD %s\n", - written, len, partition); - mtd_write_close(ctx); - return -1; - } - - if (mtd_erase_blocks(ctx, -1) < 0) { - printf("error finishing mtd write of %s\n", partition); - mtd_write_close(ctx); - return -1; - } - - if (mtd_write_close(ctx)) { - printf("error closing mtd write of %s\n", partition); - return -1; - } - break; - - case EMMC: - { - size_t start = 0; - int success = 0; - int fd = open(partition, O_RDWR | O_SYNC); - if (fd < 0) { - printf("failed to open %s: %s\n", partition, strerror(errno)); - return -1; - } - int attempt; - - for (attempt = 0; attempt < 2; ++attempt) { - if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1) { - printf("failed seek on %s: %s\n", - partition, strerror(errno)); - return -1; - } - while (start < len) { - size_t to_write = len - start; - if (to_write > 1<<20) to_write = 1<<20; - - ssize_t written = TEMP_FAILURE_RETRY(write(fd, data+start, to_write)); - if (written == -1) { - printf("failed write writing to %s: %s\n", partition, strerror(errno)); - return -1; - } - start += written; - } - if (fsync(fd) != 0) { - printf("failed to sync to %s (%s)\n", - partition, strerror(errno)); - return -1; - } - if (close(fd) != 0) { - printf("failed to close %s (%s)\n", - partition, strerror(errno)); - return -1; - } - fd = open(partition, O_RDONLY); - if (fd < 0) { - printf("failed to reopen %s for verify (%s)\n", - partition, strerror(errno)); - return -1; - } - - // drop caches so our subsequent verification read - // won't just be reading the cache. - sync(); - int dc = open("/proc/sys/vm/drop_caches", O_WRONLY); - if (TEMP_FAILURE_RETRY(write(dc, "3\n", 2)) == -1) { - printf("write to /proc/sys/vm/drop_caches failed: %s\n", strerror(errno)); - } else { - printf(" caches dropped\n"); - } - close(dc); - sleep(1); - - // verify - if (TEMP_FAILURE_RETRY(lseek(fd, 0, SEEK_SET)) == -1) { - printf("failed to seek back to beginning of %s: %s\n", - partition, strerror(errno)); - return -1; - } - unsigned char buffer[4096]; - start = len; - size_t p; - for (p = 0; p < len; p += sizeof(buffer)) { - size_t to_read = len - p; - if (to_read > sizeof(buffer)) to_read = sizeof(buffer); - - size_t so_far = 0; - while (so_far < to_read) { - ssize_t read_count = - TEMP_FAILURE_RETRY(read(fd, buffer+so_far, to_read-so_far)); - if (read_count == -1) { - printf("verify read error %s at %zu: %s\n", - partition, p, strerror(errno)); - return -1; - } - if ((size_t)read_count < to_read) { - printf("short verify read %s at %zu: %zd %zu %s\n", - partition, p, read_count, to_read, strerror(errno)); - } - so_far += read_count; - } - - if (memcmp(buffer, data+p, to_read)) { - printf("verification failed starting at %zu\n", p); - start = p; - break; - } - } - - if (start == len) { - printf("verification read succeeded (attempt %d)\n", attempt+1); - success = true; - break; - } - } - - if (!success) { - printf("failed to verify after all attempts\n"); - return -1; - } - - if (close(fd) != 0) { - printf("error closing %s (%s)\n", partition, strerror(errno)); - return -1; - } - sync(); - break; - } - } - - free(copy); - return 0; -} - - -// Take a string 'str' of 40 hex digits and parse it into the 20 -// byte array 'digest'. 'str' may contain only the digest or be of -// the form ":". Return 0 on success, -1 on any -// error. -int ParseSha1(const char* str, uint8_t* digest) { - int i; - const char* ps = str; - uint8_t* pd = digest; - for (i = 0; i < SHA_DIGEST_SIZE * 2; ++i, ++ps) { - int digit; - if (*ps >= '0' && *ps <= '9') { - digit = *ps - '0'; - } else if (*ps >= 'a' && *ps <= 'f') { - digit = *ps - 'a' + 10; - } else if (*ps >= 'A' && *ps <= 'F') { - digit = *ps - 'A' + 10; - } else { - return -1; - } - if (i % 2 == 0) { - *pd = digit << 4; - } else { - *pd |= digit; - ++pd; - } - } - if (*ps != '\0') return -1; - return 0; -} - -// Search an array of sha1 strings for one matching the given sha1. -// Return the index of the match on success, or -1 if no match is -// found. -int FindMatchingPatch(uint8_t* sha1, char* const * const patch_sha1_str, - int num_patches) { - int i; - uint8_t patch_sha1[SHA_DIGEST_SIZE]; - for (i = 0; i < num_patches; ++i) { - if (ParseSha1(patch_sha1_str[i], patch_sha1) == 0 && - memcmp(patch_sha1, sha1, SHA_DIGEST_SIZE) == 0) { - return i; - } - } - return -1; -} - -// Returns 0 if the contents of the file (argv[2]) or the cached file -// match any of the sha1's on the command line (argv[3:]). Returns -// nonzero otherwise. -int applypatch_check(const char* filename, - int num_patches, char** const patch_sha1_str) { - FileContents file; - file.data = NULL; - - // It's okay to specify no sha1s; the check will pass if the - // LoadFileContents is successful. (Useful for reading - // partitions, where the filename encodes the sha1s; no need to - // check them twice.) - if (LoadFileContents(filename, &file) != 0 || - (num_patches > 0 && - FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0)) { - printf("file \"%s\" doesn't have any of expected " - "sha1 sums; checking cache\n", filename); - - free(file.data); - file.data = NULL; - - // If the source file is missing or corrupted, it might be because - // we were killed in the middle of patching it. A copy of it - // should have been made in CACHE_TEMP_SOURCE. If that file - // exists and matches the sha1 we're looking for, the check still - // passes. - - if (LoadFileContents(CACHE_TEMP_SOURCE, &file) != 0) { - printf("failed to load cache file\n"); - return 1; - } - - if (FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0) { - printf("cache bits don't match any sha1 for \"%s\"\n", filename); - free(file.data); - return 1; - } - } - - free(file.data); - return 0; -} - -int ShowLicenses() { - ShowBSDiffLicense(); - return 0; -} - -ssize_t FileSink(const unsigned char* data, ssize_t len, void* token) { - int fd = *(int *)token; - ssize_t done = 0; - ssize_t wrote; - while (done < (ssize_t) len) { - wrote = TEMP_FAILURE_RETRY(write(fd, data+done, len-done)); - if (wrote == -1) { - printf("error writing %d bytes: %s\n", (int)(len-done), strerror(errno)); - return done; - } - done += wrote; - } - return done; -} - -typedef struct { - unsigned char* buffer; - ssize_t size; - ssize_t pos; -} MemorySinkInfo; - -ssize_t MemorySink(const unsigned char* data, ssize_t len, void* token) { - MemorySinkInfo* msi = (MemorySinkInfo*)token; - if (msi->size - msi->pos < len) { - return -1; - } - memcpy(msi->buffer + msi->pos, data, len); - msi->pos += len; - return len; -} - -// Return the amount of free space (in bytes) on the filesystem -// containing filename. filename must exist. Return -1 on error. -size_t FreeSpaceForFile(const char* filename) { - struct statfs sf; - if (statfs(filename, &sf) != 0) { - printf("failed to statfs %s: %s\n", filename, strerror(errno)); - return -1; - } - return sf.f_bsize * sf.f_bavail; -} - -int CacheSizeCheck(size_t bytes) { - if (MakeFreeSpaceOnCache(bytes) < 0) { - printf("unable to make %ld bytes available on /cache\n", (long)bytes); - return 1; - } else { - return 0; - } -} - -static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { - int i; - const char* hex = "0123456789abcdef"; - for (i = 0; i < 4; ++i) { - putchar(hex[(sha1[i]>>4) & 0xf]); - putchar(hex[sha1[i] & 0xf]); - } -} - -// This function applies binary patches to files in a way that is safe -// (the original file is not touched until we have the desired -// replacement for it) and idempotent (it's okay to run this program -// multiple times). -// -// - if the sha1 hash of is , -// does nothing and exits successfully. -// -// - otherwise, if the sha1 hash of is one of the -// entries in , the corresponding patch from -// (which must be a VAL_BLOB) is applied to produce a -// new file (the type of patch is automatically detected from the -// blob daat). If that new file has sha1 hash , -// moves it to replace , and exits successfully. -// Note that if and are not the -// same, is NOT deleted on success. -// may be the string "-" to mean "the same as -// source_filename". -// -// - otherwise, or if any error is encountered, exits with non-zero -// status. -// -// may refer to a partition to read the source data. -// See the comments for the LoadPartition Contents() function above -// for the format of such a filename. - -int applypatch(const char* source_filename, - const char* target_filename, - const char* target_sha1_str, - size_t target_size, - int num_patches, - char** const patch_sha1_str, - Value** patch_data, - Value* bonus_data) { - printf("patch %s: ", source_filename); - - if (target_filename[0] == '-' && - target_filename[1] == '\0') { - target_filename = source_filename; - } - - uint8_t target_sha1[SHA_DIGEST_SIZE]; - if (ParseSha1(target_sha1_str, target_sha1) != 0) { - printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); - return 1; - } - - FileContents copy_file; - FileContents source_file; - copy_file.data = NULL; - source_file.data = NULL; - const Value* source_patch_value = NULL; - const Value* copy_patch_value = NULL; - - // We try to load the target file into the source_file object. - if (LoadFileContents(target_filename, &source_file) == 0) { - if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { - // The early-exit case: the patch was already applied, this file - // has the desired hash, nothing for us to do. - printf("already "); - print_short_sha1(target_sha1); - putchar('\n'); - free(source_file.data); - return 0; - } - } - - if (source_file.data == NULL || - (target_filename != source_filename && - strcmp(target_filename, source_filename) != 0)) { - // Need to load the source file: either we failed to load the - // target file, or we did but it's different from the source file. - free(source_file.data); - source_file.data = NULL; - LoadFileContents(source_filename, &source_file); - } - - if (source_file.data != NULL) { - int to_use = FindMatchingPatch(source_file.sha1, - patch_sha1_str, num_patches); - if (to_use >= 0) { - source_patch_value = patch_data[to_use]; - } - } - - if (source_patch_value == NULL) { - free(source_file.data); - source_file.data = NULL; - printf("source file is bad; trying copy\n"); - - if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file) < 0) { - // fail. - printf("failed to read copy file\n"); - return 1; - } - - int to_use = FindMatchingPatch(copy_file.sha1, - patch_sha1_str, num_patches); - if (to_use >= 0) { - copy_patch_value = patch_data[to_use]; - } - - if (copy_patch_value == NULL) { - // fail. - printf("copy file doesn't match source SHA-1s either\n"); - free(copy_file.data); - return 1; - } - } - - int result = GenerateTarget(&source_file, source_patch_value, - ©_file, copy_patch_value, - source_filename, target_filename, - target_sha1, target_size, bonus_data); - free(source_file.data); - free(copy_file.data); - - return result; -} - -static int GenerateTarget(FileContents* source_file, - const Value* source_patch_value, - FileContents* copy_file, - const Value* copy_patch_value, - const char* source_filename, - const char* target_filename, - const uint8_t target_sha1[SHA_DIGEST_SIZE], - size_t target_size, - const Value* bonus_data) { - int retry = 1; - SHA_CTX ctx; - int output; - MemorySinkInfo msi; - FileContents* source_to_use; - char* outname; - int made_copy = 0; - - // assume that target_filename (eg "/system/app/Foo.apk") is located - // on the same filesystem as its top-level directory ("/system"). - // We need something that exists for calling statfs(). - char target_fs[strlen(target_filename)+1]; - char* slash = strchr(target_filename+1, '/'); - if (slash != NULL) { - int count = slash - target_filename; - strncpy(target_fs, target_filename, count); - target_fs[count] = '\0'; - } else { - strcpy(target_fs, target_filename); - } - - do { - // Is there enough room in the target filesystem to hold the patched - // file? - - if (strncmp(target_filename, "MTD:", 4) == 0 || - strncmp(target_filename, "EMMC:", 5) == 0) { - // If the target is a partition, we're actually going to - // write the output to /tmp and then copy it to the - // partition. statfs() always returns 0 blocks free for - // /tmp, so instead we'll just assume that /tmp has enough - // space to hold the file. - - // We still write the original source to cache, in case - // the partition write is interrupted. - if (MakeFreeSpaceOnCache(source_file->size) < 0) { - printf("not enough free space on /cache\n"); - return 1; - } - if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { - printf("failed to back up source file\n"); - return 1; - } - made_copy = 1; - retry = 0; - } else { - int enough_space = 0; - if (retry > 0) { - size_t free_space = FreeSpaceForFile(target_fs); - enough_space = - (free_space > (256 << 10)) && // 256k (two-block) minimum - (free_space > (target_size * 3 / 2)); // 50% margin of error - if (!enough_space) { - printf("target %ld bytes; free space %ld bytes; retry %d; enough %d\n", - (long)target_size, (long)free_space, retry, enough_space); - } - } - - if (!enough_space) { - retry = 0; - } - - if (!enough_space && source_patch_value != NULL) { - // Using the original source, but not enough free space. First - // copy the source file to cache, then delete it from the original - // location. - - if (strncmp(source_filename, "MTD:", 4) == 0 || - strncmp(source_filename, "EMMC:", 5) == 0) { - // It's impossible to free space on the target filesystem by - // deleting the source if the source is a partition. If - // we're ever in a state where we need to do this, fail. - printf("not enough free space for target but source " - "is partition\n"); - return 1; - } - - if (MakeFreeSpaceOnCache(source_file->size) < 0) { - printf("not enough free space on /cache\n"); - return 1; - } - - if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { - printf("failed to back up source file\n"); - return 1; - } - made_copy = 1; - unlink(source_filename); - - size_t free_space = FreeSpaceForFile(target_fs); - printf("(now %ld bytes free for target) ", (long)free_space); - } - } - - const Value* patch; - if (source_patch_value != NULL) { - source_to_use = source_file; - patch = source_patch_value; - } else { - source_to_use = copy_file; - patch = copy_patch_value; - } - - if (patch->type != VAL_BLOB) { - printf("patch is not a blob\n"); - return 1; - } - - SinkFn sink = NULL; - void* token = NULL; - output = -1; - outname = NULL; - if (strncmp(target_filename, "MTD:", 4) == 0 || - strncmp(target_filename, "EMMC:", 5) == 0) { - // We store the decoded output in memory. - msi.buffer = malloc(target_size); - if (msi.buffer == NULL) { - printf("failed to alloc %ld bytes for output\n", - (long)target_size); - return 1; - } - msi.pos = 0; - msi.size = target_size; - sink = MemorySink; - token = &msi; - } else { - // We write the decoded output to ".patch". - outname = (char*)malloc(strlen(target_filename) + 10); - strcpy(outname, target_filename); - strcat(outname, ".patch"); - - output = open(outname, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, - S_IRUSR | S_IWUSR); - if (output < 0) { - printf("failed to open output file %s: %s\n", - outname, strerror(errno)); - return 1; - } - sink = FileSink; - token = &output; - } - - char* header = patch->data; - ssize_t header_bytes_read = patch->size; - - SHA_init(&ctx); - - int result; - - if (header_bytes_read >= 8 && - memcmp(header, "BSDIFF40", 8) == 0) { - result = ApplyBSDiffPatch(source_to_use->data, source_to_use->size, - patch, 0, sink, token, &ctx); - } else if (header_bytes_read >= 8 && - memcmp(header, "IMGDIFF2", 8) == 0) { - result = ApplyImagePatch(source_to_use->data, source_to_use->size, - patch, sink, token, &ctx, bonus_data); - } else { - printf("Unknown patch file format\n"); - return 1; - } - - if (output >= 0) { - if (fsync(output) != 0) { - printf("failed to fsync file \"%s\" (%s)\n", outname, strerror(errno)); - result = 1; - } - if (close(output) != 0) { - printf("failed to close file \"%s\" (%s)\n", outname, strerror(errno)); - result = 1; - } - } - - if (result != 0) { - if (retry == 0) { - printf("applying patch failed\n"); - return result != 0; - } else { - printf("applying patch failed; retrying\n"); - } - if (outname != NULL) { - unlink(outname); - } - } else { - // succeeded; no need to retry - break; - } - } while (retry-- > 0); - - const uint8_t* current_target_sha1 = SHA_final(&ctx); - if (memcmp(current_target_sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { - printf("patch did not produce expected sha1\n"); - return 1; - } else { - printf("now "); - print_short_sha1(target_sha1); - putchar('\n'); - } - - if (output < 0) { - // Copy the temp file to the partition. - if (WriteToPartition(msi.buffer, msi.pos, target_filename) != 0) { - printf("write of patched data to %s failed\n", target_filename); - return 1; - } - free(msi.buffer); - } else { - // Give the .patch file the same owner, group, and mode of the - // original source file. - if (chmod(outname, source_to_use->st.st_mode) != 0) { - printf("chmod of \"%s\" failed: %s\n", outname, strerror(errno)); - return 1; - } - if (chown(outname, source_to_use->st.st_uid, - source_to_use->st.st_gid) != 0) { - printf("chown of \"%s\" failed: %s\n", outname, strerror(errno)); - return 1; - } - - // Finally, rename the .patch file to replace the target file. - if (rename(outname, target_filename) != 0) { - printf("rename of .patch to \"%s\" failed: %s\n", - target_filename, strerror(errno)); - return 1; - } - } - - // If this run of applypatch created the copy, and we're here, we - // can delete it. - if (made_copy) unlink(CACHE_TEMP_SOURCE); - - // Success! - return 0; -} diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp new file mode 100644 index 000000000..96bd88e88 --- /dev/null +++ b/applypatch/applypatch.cpp @@ -0,0 +1,1025 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "mincrypt/sha.h" +#include "applypatch.h" +#include "mtdutils/mtdutils.h" +#include "edify/expr.h" + +static int LoadPartitionContents(const char* filename, FileContents* file); +static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token); +static int GenerateTarget(FileContents* source_file, + const Value* source_patch_value, + FileContents* copy_file, + const Value* copy_patch_value, + const char* source_filename, + const char* target_filename, + const uint8_t target_sha1[SHA_DIGEST_SIZE], + size_t target_size, + const Value* bonus_data); + +static int mtd_partitions_scanned = 0; + +// Read a file into memory; store the file contents and associated +// metadata in *file. +// +// Return 0 on success. +int LoadFileContents(const char* filename, FileContents* file) { + file->data = NULL; + + // A special 'filename' beginning with "MTD:" or "EMMC:" means to + // load the contents of a partition. + if (strncmp(filename, "MTD:", 4) == 0 || + strncmp(filename, "EMMC:", 5) == 0) { + return LoadPartitionContents(filename, file); + } + + if (stat(filename, &file->st) != 0) { + printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); + return -1; + } + + file->size = file->st.st_size; + file->data = reinterpret_cast(malloc(file->size)); + + FILE* f = fopen(filename, "rb"); + if (f == NULL) { + printf("failed to open \"%s\": %s\n", filename, strerror(errno)); + free(file->data); + file->data = NULL; + return -1; + } + + size_t bytes_read = fread(file->data, 1, file->size, f); + if (bytes_read != static_cast(file->size)) { + printf("short read of \"%s\" (%zu bytes of %zd)\n", filename, bytes_read, file->size); + free(file->data); + file->data = NULL; + return -1; + } + fclose(f); + + SHA_hash(file->data, file->size, file->sha1); + return 0; +} + +static size_t* size_array; +// comparison function for qsort()ing an int array of indexes into +// size_array[]. +static int compare_size_indices(const void* a, const void* b) { + const int aa = *reinterpret_cast(a); + const int bb = *reinterpret_cast(b); + if (size_array[aa] < size_array[bb]) { + return -1; + } else if (size_array[aa] > size_array[bb]) { + return 1; + } else { + return 0; + } +} + +// Load the contents of an MTD or EMMC partition into the provided +// FileContents. filename should be a string of the form +// "MTD::::::..." (or +// "EMMC::..."). The smallest size_n bytes for +// which that prefix of the partition contents has the corresponding +// sha1 hash will be loaded. It is acceptable for a size value to be +// repeated with different sha1s. Will return 0 on success. +// +// This complexity is needed because if an OTA installation is +// interrupted, the partition might contain either the source or the +// target data, which might be of different lengths. We need to know +// the length in order to read from a partition (there is no +// "end-of-file" marker), so the caller must specify the possible +// lengths and the hash of the data, and we'll do the load expecting +// to find one of those hashes. +enum PartitionType { MTD, EMMC }; + +static int LoadPartitionContents(const char* filename, FileContents* file) { + char* copy = strdup(filename); + const char* magic = strtok(copy, ":"); + + enum PartitionType type; + + if (strcmp(magic, "MTD") == 0) { + type = MTD; + } else if (strcmp(magic, "EMMC") == 0) { + type = EMMC; + } else { + printf("LoadPartitionContents called with bad filename (%s)\n", filename); + return -1; + } + const char* partition = strtok(NULL, ":"); + + int i; + int colons = 0; + for (i = 0; filename[i] != '\0'; ++i) { + if (filename[i] == ':') { + ++colons; + } + } + if (colons < 3 || colons%2 == 0) { + printf("LoadPartitionContents called with bad filename (%s)\n", + filename); + } + + int pairs = (colons-1)/2; // # of (size,sha1) pairs in filename + int* index = reinterpret_cast(malloc(pairs * sizeof(int))); + size_t* size = reinterpret_cast(malloc(pairs * sizeof(size_t))); + char** sha1sum = reinterpret_cast(malloc(pairs * sizeof(char*))); + + for (i = 0; i < pairs; ++i) { + const char* size_str = strtok(NULL, ":"); + size[i] = strtol(size_str, NULL, 10); + if (size[i] == 0) { + printf("LoadPartitionContents called with bad size (%s)\n", filename); + return -1; + } + sha1sum[i] = strtok(NULL, ":"); + index[i] = i; + } + + // sort the index[] array so it indexes the pairs in order of + // increasing size. + size_array = size; + qsort(index, pairs, sizeof(int), compare_size_indices); + + MtdReadContext* ctx = NULL; + FILE* dev = NULL; + + switch (type) { + case MTD: { + if (!mtd_partitions_scanned) { + mtd_scan_partitions(); + mtd_partitions_scanned = 1; + } + + const MtdPartition* mtd = mtd_find_partition_by_name(partition); + if (mtd == NULL) { + printf("mtd partition \"%s\" not found (loading %s)\n", + partition, filename); + return -1; + } + + ctx = mtd_read_partition(mtd); + if (ctx == NULL) { + printf("failed to initialize read of mtd partition \"%s\"\n", + partition); + return -1; + } + break; + } + + case EMMC: + dev = fopen(partition, "rb"); + if (dev == NULL) { + printf("failed to open emmc partition \"%s\": %s\n", + partition, strerror(errno)); + return -1; + } + } + + SHA_CTX sha_ctx; + SHA_init(&sha_ctx); + uint8_t parsed_sha[SHA_DIGEST_SIZE]; + + // allocate enough memory to hold the largest size. + file->data = reinterpret_cast(malloc(size[index[pairs-1]])); + char* p = (char*)file->data; + file->size = 0; // # bytes read so far + + for (i = 0; i < pairs; ++i) { + // Read enough additional bytes to get us up to the next size + // (again, we're trying the possibilities in order of increasing + // size). + size_t next = size[index[i]] - file->size; + size_t read = 0; + if (next > 0) { + switch (type) { + case MTD: + read = mtd_read_data(ctx, p, next); + break; + + case EMMC: + read = fread(p, 1, next, dev); + break; + } + if (next != read) { + printf("short read (%zu bytes of %zu) for partition \"%s\"\n", + read, next, partition); + free(file->data); + file->data = NULL; + return -1; + } + SHA_update(&sha_ctx, p, read); + file->size += read; + } + + // Duplicate the SHA context and finalize the duplicate so we can + // check it against this pair's expected hash. + SHA_CTX temp_ctx; + memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); + const uint8_t* sha_so_far = SHA_final(&temp_ctx); + + if (ParseSha1(sha1sum[index[i]], parsed_sha) != 0) { + printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]], filename); + free(file->data); + file->data = NULL; + return -1; + } + + if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_SIZE) == 0) { + // we have a match. stop reading the partition; we'll return + // the data we've read so far. + printf("partition read matched size %zu sha %s\n", + size[index[i]], sha1sum[index[i]]); + break; + } + + p += read; + } + + switch (type) { + case MTD: + mtd_read_close(ctx); + break; + + case EMMC: + fclose(dev); + break; + } + + + if (i == pairs) { + // Ran off the end of the list of (size,sha1) pairs without + // finding a match. + printf("contents of partition \"%s\" didn't match %s\n", partition, filename); + free(file->data); + file->data = NULL; + return -1; + } + + const uint8_t* sha_final = SHA_final(&sha_ctx); + for (size_t i = 0; i < SHA_DIGEST_SIZE; ++i) { + file->sha1[i] = sha_final[i]; + } + + // Fake some stat() info. + file->st.st_mode = 0644; + file->st.st_uid = 0; + file->st.st_gid = 0; + + free(copy); + free(index); + free(size); + free(sha1sum); + + return 0; +} + + +// Save the contents of the given FileContents object under the given +// filename. Return 0 on success. +int SaveFileContents(const char* filename, const FileContents* file) { + int fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); + if (fd < 0) { + printf("failed to open \"%s\" for write: %s\n", filename, strerror(errno)); + return -1; + } + + ssize_t bytes_written = FileSink(file->data, file->size, &fd); + if (bytes_written != file->size) { + printf("short write of \"%s\" (%zd bytes of %zd) (%s)\n", + filename, bytes_written, file->size, strerror(errno)); + close(fd); + return -1; + } + if (fsync(fd) != 0) { + printf("fsync of \"%s\" failed: %s\n", filename, strerror(errno)); + return -1; + } + if (close(fd) != 0) { + printf("close of \"%s\" failed: %s\n", filename, strerror(errno)); + return -1; + } + + if (chmod(filename, file->st.st_mode) != 0) { + printf("chmod of \"%s\" failed: %s\n", filename, strerror(errno)); + return -1; + } + if (chown(filename, file->st.st_uid, file->st.st_gid) != 0) { + printf("chown of \"%s\" failed: %s\n", filename, strerror(errno)); + return -1; + } + + return 0; +} + +// Write a memory buffer to 'target' partition, a string of the form +// "MTD:[:...]" or "EMMC::". Return 0 on +// success. +int WriteToPartition(unsigned char* data, size_t len, const char* target) { + char* copy = strdup(target); + const char* magic = strtok(copy, ":"); + + enum PartitionType type; + if (strcmp(magic, "MTD") == 0) { + type = MTD; + } else if (strcmp(magic, "EMMC") == 0) { + type = EMMC; + } else { + printf("WriteToPartition called with bad target (%s)\n", target); + return -1; + } + const char* partition = strtok(NULL, ":"); + + if (partition == NULL) { + printf("bad partition target name \"%s\"\n", target); + return -1; + } + + switch (type) { + case MTD: { + if (!mtd_partitions_scanned) { + mtd_scan_partitions(); + mtd_partitions_scanned = 1; + } + + const MtdPartition* mtd = mtd_find_partition_by_name(partition); + if (mtd == NULL) { + printf("mtd partition \"%s\" not found for writing\n", partition); + return -1; + } + + MtdWriteContext* ctx = mtd_write_partition(mtd); + if (ctx == NULL) { + printf("failed to init mtd partition \"%s\" for writing\n", partition); + return -1; + } + + size_t written = mtd_write_data(ctx, reinterpret_cast(data), len); + if (written != len) { + printf("only wrote %zu of %zu bytes to MTD %s\n", written, len, partition); + mtd_write_close(ctx); + return -1; + } + + if (mtd_erase_blocks(ctx, -1) < 0) { + printf("error finishing mtd write of %s\n", partition); + mtd_write_close(ctx); + return -1; + } + + if (mtd_write_close(ctx)) { + printf("error closing mtd write of %s\n", partition); + return -1; + } + break; + } + + case EMMC: { + size_t start = 0; + bool success = false; + int fd = open(partition, O_RDWR | O_SYNC); + if (fd < 0) { + printf("failed to open %s: %s\n", partition, strerror(errno)); + return -1; + } + + for (int attempt = 0; attempt < 2; ++attempt) { + if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1) { + printf("failed seek on %s: %s\n", partition, strerror(errno)); + return -1; + } + while (start < len) { + size_t to_write = len - start; + if (to_write > 1<<20) to_write = 1<<20; + + ssize_t written = TEMP_FAILURE_RETRY(write(fd, data+start, to_write)); + if (written == -1) { + printf("failed write writing to %s: %s\n", partition, strerror(errno)); + return -1; + } + start += written; + } + if (fsync(fd) != 0) { + printf("failed to sync to %s (%s)\n", partition, strerror(errno)); + return -1; + } + if (close(fd) != 0) { + printf("failed to close %s (%s)\n", partition, strerror(errno)); + return -1; + } + fd = open(partition, O_RDONLY); + if (fd < 0) { + printf("failed to reopen %s for verify (%s)\n", partition, strerror(errno)); + return -1; + } + + // Drop caches so our subsequent verification read + // won't just be reading the cache. + sync(); + int dc = open("/proc/sys/vm/drop_caches", O_WRONLY); + if (TEMP_FAILURE_RETRY(write(dc, "3\n", 2)) == -1) { + printf("write to /proc/sys/vm/drop_caches failed: %s\n", strerror(errno)); + } else { + printf(" caches dropped\n"); + } + close(dc); + sleep(1); + + // verify + if (TEMP_FAILURE_RETRY(lseek(fd, 0, SEEK_SET)) == -1) { + printf("failed to seek back to beginning of %s: %s\n", + partition, strerror(errno)); + return -1; + } + unsigned char buffer[4096]; + start = len; + for (size_t p = 0; p < len; p += sizeof(buffer)) { + size_t to_read = len - p; + if (to_read > sizeof(buffer)) { + to_read = sizeof(buffer); + } + + size_t so_far = 0; + while (so_far < to_read) { + ssize_t read_count = + TEMP_FAILURE_RETRY(read(fd, buffer+so_far, to_read-so_far)); + if (read_count == -1) { + printf("verify read error %s at %zu: %s\n", + partition, p, strerror(errno)); + return -1; + } + if (static_cast(read_count) < to_read) { + printf("short verify read %s at %zu: %zd %zu %s\n", + partition, p, read_count, to_read, strerror(errno)); + } + so_far += read_count; + } + + if (memcmp(buffer, data+p, to_read) != 0) { + printf("verification failed starting at %zu\n", p); + start = p; + break; + } + } + + if (start == len) { + printf("verification read succeeded (attempt %d)\n", attempt+1); + success = true; + break; + } + } + + if (!success) { + printf("failed to verify after all attempts\n"); + return -1; + } + + if (close(fd) != 0) { + printf("error closing %s (%s)\n", partition, strerror(errno)); + return -1; + } + sync(); + break; + } + } + + free(copy); + return 0; +} + + +// Take a string 'str' of 40 hex digits and parse it into the 20 +// byte array 'digest'. 'str' may contain only the digest or be of +// the form ":". Return 0 on success, -1 on any +// error. +int ParseSha1(const char* str, uint8_t* digest) { + const char* ps = str; + uint8_t* pd = digest; + for (int i = 0; i < SHA_DIGEST_SIZE * 2; ++i, ++ps) { + int digit; + if (*ps >= '0' && *ps <= '9') { + digit = *ps - '0'; + } else if (*ps >= 'a' && *ps <= 'f') { + digit = *ps - 'a' + 10; + } else if (*ps >= 'A' && *ps <= 'F') { + digit = *ps - 'A' + 10; + } else { + return -1; + } + if (i % 2 == 0) { + *pd = digit << 4; + } else { + *pd |= digit; + ++pd; + } + } + if (*ps != '\0') return -1; + return 0; +} + +// Search an array of sha1 strings for one matching the given sha1. +// Return the index of the match on success, or -1 if no match is +// found. +int FindMatchingPatch(uint8_t* sha1, char* const * const patch_sha1_str, + int num_patches) { + uint8_t patch_sha1[SHA_DIGEST_SIZE]; + for (int i = 0; i < num_patches; ++i) { + if (ParseSha1(patch_sha1_str[i], patch_sha1) == 0 && + memcmp(patch_sha1, sha1, SHA_DIGEST_SIZE) == 0) { + return i; + } + } + return -1; +} + +// Returns 0 if the contents of the file (argv[2]) or the cached file +// match any of the sha1's on the command line (argv[3:]). Returns +// nonzero otherwise. +int applypatch_check(const char* filename, int num_patches, + char** const patch_sha1_str) { + FileContents file; + file.data = NULL; + + // It's okay to specify no sha1s; the check will pass if the + // LoadFileContents is successful. (Useful for reading + // partitions, where the filename encodes the sha1s; no need to + // check them twice.) + if (LoadFileContents(filename, &file) != 0 || + (num_patches > 0 && + FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0)) { + printf("file \"%s\" doesn't have any of expected " + "sha1 sums; checking cache\n", filename); + + free(file.data); + file.data = NULL; + + // If the source file is missing or corrupted, it might be because + // we were killed in the middle of patching it. A copy of it + // should have been made in CACHE_TEMP_SOURCE. If that file + // exists and matches the sha1 we're looking for, the check still + // passes. + + if (LoadFileContents(CACHE_TEMP_SOURCE, &file) != 0) { + printf("failed to load cache file\n"); + return 1; + } + + if (FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0) { + printf("cache bits don't match any sha1 for \"%s\"\n", filename); + free(file.data); + return 1; + } + } + + free(file.data); + return 0; +} + +int ShowLicenses() { + ShowBSDiffLicense(); + return 0; +} + +ssize_t FileSink(const unsigned char* data, ssize_t len, void* token) { + int fd = *reinterpret_cast(token); + ssize_t done = 0; + ssize_t wrote; + while (done < len) { + wrote = TEMP_FAILURE_RETRY(write(fd, data+done, len-done)); + if (wrote == -1) { + printf("error writing %zd bytes: %s\n", (len-done), strerror(errno)); + return done; + } + done += wrote; + } + return done; +} + +typedef struct { + unsigned char* buffer; + ssize_t size; + ssize_t pos; +} MemorySinkInfo; + +ssize_t MemorySink(const unsigned char* data, ssize_t len, void* token) { + MemorySinkInfo* msi = reinterpret_cast(token); + if (msi->size - msi->pos < len) { + return -1; + } + memcpy(msi->buffer + msi->pos, data, len); + msi->pos += len; + return len; +} + +// Return the amount of free space (in bytes) on the filesystem +// containing filename. filename must exist. Return -1 on error. +size_t FreeSpaceForFile(const char* filename) { + struct statfs sf; + if (statfs(filename, &sf) != 0) { + printf("failed to statfs %s: %s\n", filename, strerror(errno)); + return -1; + } + return sf.f_bsize * sf.f_bavail; +} + +int CacheSizeCheck(size_t bytes) { + if (MakeFreeSpaceOnCache(bytes) < 0) { + printf("unable to make %ld bytes available on /cache\n", (long)bytes); + return 1; + } else { + return 0; + } +} + +static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { + const char* hex = "0123456789abcdef"; + for (size_t i = 0; i < 4; ++i) { + putchar(hex[(sha1[i]>>4) & 0xf]); + putchar(hex[sha1[i] & 0xf]); + } +} + +// This function applies binary patches to files in a way that is safe +// (the original file is not touched until we have the desired +// replacement for it) and idempotent (it's okay to run this program +// multiple times). +// +// - if the sha1 hash of is , +// does nothing and exits successfully. +// +// - otherwise, if the sha1 hash of is one of the +// entries in , the corresponding patch from +// (which must be a VAL_BLOB) is applied to produce a +// new file (the type of patch is automatically detected from the +// blob daat). If that new file has sha1 hash , +// moves it to replace , and exits successfully. +// Note that if and are not the +// same, is NOT deleted on success. +// may be the string "-" to mean "the same as +// source_filename". +// +// - otherwise, or if any error is encountered, exits with non-zero +// status. +// +// may refer to a partition to read the source data. +// See the comments for the LoadPartition Contents() function above +// for the format of such a filename. + +int applypatch(const char* source_filename, + const char* target_filename, + const char* target_sha1_str, + size_t target_size, + int num_patches, + char** const patch_sha1_str, + Value** patch_data, + Value* bonus_data) { + printf("patch %s: ", source_filename); + + if (target_filename[0] == '-' && target_filename[1] == '\0') { + target_filename = source_filename; + } + + uint8_t target_sha1[SHA_DIGEST_SIZE]; + if (ParseSha1(target_sha1_str, target_sha1) != 0) { + printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); + return 1; + } + + FileContents copy_file; + FileContents source_file; + copy_file.data = NULL; + source_file.data = NULL; + const Value* source_patch_value = NULL; + const Value* copy_patch_value = NULL; + + // We try to load the target file into the source_file object. + if (LoadFileContents(target_filename, &source_file) == 0) { + if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { + // The early-exit case: the patch was already applied, this file + // has the desired hash, nothing for us to do. + printf("already "); + print_short_sha1(target_sha1); + putchar('\n'); + free(source_file.data); + return 0; + } + } + + if (source_file.data == NULL || + (target_filename != source_filename && + strcmp(target_filename, source_filename) != 0)) { + // Need to load the source file: either we failed to load the + // target file, or we did but it's different from the source file. + free(source_file.data); + source_file.data = NULL; + LoadFileContents(source_filename, &source_file); + } + + if (source_file.data != NULL) { + int to_use = FindMatchingPatch(source_file.sha1, patch_sha1_str, num_patches); + if (to_use >= 0) { + source_patch_value = patch_data[to_use]; + } + } + + if (source_patch_value == NULL) { + free(source_file.data); + source_file.data = NULL; + printf("source file is bad; trying copy\n"); + + if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file) < 0) { + // fail. + printf("failed to read copy file\n"); + return 1; + } + + int to_use = FindMatchingPatch(copy_file.sha1, patch_sha1_str, num_patches); + if (to_use >= 0) { + copy_patch_value = patch_data[to_use]; + } + + if (copy_patch_value == NULL) { + // fail. + printf("copy file doesn't match source SHA-1s either\n"); + free(copy_file.data); + return 1; + } + } + + int result = GenerateTarget(&source_file, source_patch_value, + ©_file, copy_patch_value, + source_filename, target_filename, + target_sha1, target_size, bonus_data); + free(source_file.data); + free(copy_file.data); + + return result; +} + +static int GenerateTarget(FileContents* source_file, + const Value* source_patch_value, + FileContents* copy_file, + const Value* copy_patch_value, + const char* source_filename, + const char* target_filename, + const uint8_t target_sha1[SHA_DIGEST_SIZE], + size_t target_size, + const Value* bonus_data) { + int retry = 1; + SHA_CTX ctx; + int output; + MemorySinkInfo msi; + FileContents* source_to_use; + char* outname; + int made_copy = 0; + + // assume that target_filename (eg "/system/app/Foo.apk") is located + // on the same filesystem as its top-level directory ("/system"). + // We need something that exists for calling statfs(). + char target_fs[strlen(target_filename)+1]; + char* slash = strchr(target_filename+1, '/'); + if (slash != NULL) { + int count = slash - target_filename; + strncpy(target_fs, target_filename, count); + target_fs[count] = '\0'; + } else { + strcpy(target_fs, target_filename); + } + + do { + // Is there enough room in the target filesystem to hold the patched + // file? + + if (strncmp(target_filename, "MTD:", 4) == 0 || + strncmp(target_filename, "EMMC:", 5) == 0) { + // If the target is a partition, we're actually going to + // write the output to /tmp and then copy it to the + // partition. statfs() always returns 0 blocks free for + // /tmp, so instead we'll just assume that /tmp has enough + // space to hold the file. + + // We still write the original source to cache, in case + // the partition write is interrupted. + if (MakeFreeSpaceOnCache(source_file->size) < 0) { + printf("not enough free space on /cache\n"); + return 1; + } + if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { + printf("failed to back up source file\n"); + return 1; + } + made_copy = 1; + retry = 0; + } else { + int enough_space = 0; + if (retry > 0) { + size_t free_space = FreeSpaceForFile(target_fs); + enough_space = + (free_space > (256 << 10)) && // 256k (two-block) minimum + (free_space > (target_size * 3 / 2)); // 50% margin of error + if (!enough_space) { + printf("target %zu bytes; free space %zu bytes; retry %d; enough %d\n", + target_size, free_space, retry, enough_space); + } + } + + if (!enough_space) { + retry = 0; + } + + if (!enough_space && source_patch_value != NULL) { + // Using the original source, but not enough free space. First + // copy the source file to cache, then delete it from the original + // location. + + if (strncmp(source_filename, "MTD:", 4) == 0 || + strncmp(source_filename, "EMMC:", 5) == 0) { + // It's impossible to free space on the target filesystem by + // deleting the source if the source is a partition. If + // we're ever in a state where we need to do this, fail. + printf("not enough free space for target but source is partition\n"); + return 1; + } + + if (MakeFreeSpaceOnCache(source_file->size) < 0) { + printf("not enough free space on /cache\n"); + return 1; + } + + if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { + printf("failed to back up source file\n"); + return 1; + } + made_copy = 1; + unlink(source_filename); + + size_t free_space = FreeSpaceForFile(target_fs); + printf("(now %zu bytes free for target) ", free_space); + } + } + + const Value* patch; + if (source_patch_value != NULL) { + source_to_use = source_file; + patch = source_patch_value; + } else { + source_to_use = copy_file; + patch = copy_patch_value; + } + + if (patch->type != VAL_BLOB) { + printf("patch is not a blob\n"); + return 1; + } + + SinkFn sink = NULL; + void* token = NULL; + output = -1; + outname = NULL; + if (strncmp(target_filename, "MTD:", 4) == 0 || + strncmp(target_filename, "EMMC:", 5) == 0) { + // We store the decoded output in memory. + msi.buffer = reinterpret_cast(malloc(target_size)); + if (msi.buffer == NULL) { + printf("failed to alloc %zu bytes for output\n", target_size); + return 1; + } + msi.pos = 0; + msi.size = target_size; + sink = MemorySink; + token = &msi; + } else { + // We write the decoded output to ".patch". + outname = reinterpret_cast(malloc(strlen(target_filename) + 10)); + strcpy(outname, target_filename); + strcat(outname, ".patch"); + + output = open(outname, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); + if (output < 0) { + printf("failed to open output file %s: %s\n", + outname, strerror(errno)); + return 1; + } + sink = FileSink; + token = &output; + } + + char* header = patch->data; + ssize_t header_bytes_read = patch->size; + + SHA_init(&ctx); + + int result; + + if (header_bytes_read >= 8 && + memcmp(header, "BSDIFF40", 8) == 0) { + result = ApplyBSDiffPatch(source_to_use->data, source_to_use->size, + patch, 0, sink, token, &ctx); + } else if (header_bytes_read >= 8 && + memcmp(header, "IMGDIFF2", 8) == 0) { + result = ApplyImagePatch(source_to_use->data, source_to_use->size, + patch, sink, token, &ctx, bonus_data); + } else { + printf("Unknown patch file format\n"); + return 1; + } + + if (output >= 0) { + if (fsync(output) != 0) { + printf("failed to fsync file \"%s\" (%s)\n", outname, strerror(errno)); + result = 1; + } + if (close(output) != 0) { + printf("failed to close file \"%s\" (%s)\n", outname, strerror(errno)); + result = 1; + } + } + + if (result != 0) { + if (retry == 0) { + printf("applying patch failed\n"); + return result != 0; + } else { + printf("applying patch failed; retrying\n"); + } + if (outname != NULL) { + unlink(outname); + } + } else { + // succeeded; no need to retry + break; + } + } while (retry-- > 0); + + const uint8_t* current_target_sha1 = SHA_final(&ctx); + if (memcmp(current_target_sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { + printf("patch did not produce expected sha1\n"); + return 1; + } else { + printf("now "); + print_short_sha1(target_sha1); + putchar('\n'); + } + + if (output < 0) { + // Copy the temp file to the partition. + if (WriteToPartition(msi.buffer, msi.pos, target_filename) != 0) { + printf("write of patched data to %s failed\n", target_filename); + return 1; + } + free(msi.buffer); + } else { + // Give the .patch file the same owner, group, and mode of the + // original source file. + if (chmod(outname, source_to_use->st.st_mode) != 0) { + printf("chmod of \"%s\" failed: %s\n", outname, strerror(errno)); + return 1; + } + if (chown(outname, source_to_use->st.st_uid, source_to_use->st.st_gid) != 0) { + printf("chown of \"%s\" failed: %s\n", outname, strerror(errno)); + return 1; + } + + // Finally, rename the .patch file to replace the target file. + if (rename(outname, target_filename) != 0) { + printf("rename of .patch to \"%s\" failed: %s\n", target_filename, strerror(errno)); + return 1; + } + } + + // If this run of applypatch created the copy, and we're here, we + // can delete it. + if (made_copy) { + unlink(CACHE_TEMP_SOURCE); + } + + // Success! + return 0; +} diff --git a/applypatch/bsdiff.c b/applypatch/bsdiff.c deleted file mode 100644 index b6d342b7a..000000000 --- a/applypatch/bsdiff.c +++ /dev/null @@ -1,410 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * Most of this code comes from bsdiff.c from the bsdiff-4.3 - * distribution, which is: - */ - -/*- - * Copyright 2003-2005 Colin Percival - * All rights reserved - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted providing that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING - * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#include - -#include -#include -#include -#include -#include -#include -#include - -#define MIN(x,y) (((x)<(y)) ? (x) : (y)) - -static void split(off_t *I,off_t *V,off_t start,off_t len,off_t h) -{ - off_t i,j,k,x,tmp,jj,kk; - - if(len<16) { - for(k=start;kstart) split(I,V,start,jj-start,h); - - for(i=0;ikk) split(I,V,kk,start+len-kk,h); -} - -static void qsufsort(off_t *I,off_t *V,u_char *old,off_t oldsize) -{ - off_t buckets[256]; - off_t i,h,len; - - for(i=0;i<256;i++) buckets[i]=0; - for(i=0;i0;i--) buckets[i]=buckets[i-1]; - buckets[0]=0; - - for(i=0;iy) { - *pos=I[st]; - return x; - } else { - *pos=I[en]; - return y; - } - }; - - x=st+(en-st)/2; - if(memcmp(old+I[x],new,MIN(oldsize-I[x],newsize))<0) { - return search(I,old,oldsize,new,newsize,x,en,pos); - } else { - return search(I,old,oldsize,new,newsize,st,x,pos); - }; -} - -static void offtout(off_t x,u_char *buf) -{ - off_t y; - - if(x<0) y=-x; else y=x; - - buf[0]=y%256;y-=buf[0]; - y=y/256;buf[1]=y%256;y-=buf[1]; - y=y/256;buf[2]=y%256;y-=buf[2]; - y=y/256;buf[3]=y%256;y-=buf[3]; - y=y/256;buf[4]=y%256;y-=buf[4]; - y=y/256;buf[5]=y%256;y-=buf[5]; - y=y/256;buf[6]=y%256;y-=buf[6]; - y=y/256;buf[7]=y%256; - - if(x<0) buf[7]|=0x80; -} - -// This is main() from bsdiff.c, with the following changes: -// -// - old, oldsize, new, newsize are arguments; we don't load this -// data from files. old and new are owned by the caller; we -// don't free them at the end. -// -// - the "I" block of memory is owned by the caller, who passes a -// pointer to *I, which can be NULL. This way if we call -// bsdiff() multiple times with the same 'old' data, we only do -// the qsufsort() step the first time. -// -int bsdiff(u_char* old, off_t oldsize, off_t** IP, u_char* new, off_t newsize, - const char* patch_filename) -{ - int fd; - off_t *I; - off_t scan,pos,len; - off_t lastscan,lastpos,lastoffset; - off_t oldscore,scsc; - off_t s,Sf,lenf,Sb,lenb; - off_t overlap,Ss,lens; - off_t i; - off_t dblen,eblen; - u_char *db,*eb; - u_char buf[8]; - u_char header[32]; - FILE * pf; - BZFILE * pfbz2; - int bz2err; - - if (*IP == NULL) { - off_t* V; - *IP = malloc((oldsize+1) * sizeof(off_t)); - V = malloc((oldsize+1) * sizeof(off_t)); - qsufsort(*IP, V, old, oldsize); - free(V); - } - I = *IP; - - if(((db=malloc(newsize+1))==NULL) || - ((eb=malloc(newsize+1))==NULL)) err(1,NULL); - dblen=0; - eblen=0; - - /* Create the patch file */ - if ((pf = fopen(patch_filename, "w")) == NULL) - err(1, "%s", patch_filename); - - /* Header is - 0 8 "BSDIFF40" - 8 8 length of bzip2ed ctrl block - 16 8 length of bzip2ed diff block - 24 8 length of new file */ - /* File is - 0 32 Header - 32 ?? Bzip2ed ctrl block - ?? ?? Bzip2ed diff block - ?? ?? Bzip2ed extra block */ - memcpy(header,"BSDIFF40",8); - offtout(0, header + 8); - offtout(0, header + 16); - offtout(newsize, header + 24); - if (fwrite(header, 32, 1, pf) != 1) - err(1, "fwrite(%s)", patch_filename); - - /* Compute the differences, writing ctrl as we go */ - if ((pfbz2 = BZ2_bzWriteOpen(&bz2err, pf, 9, 0, 0)) == NULL) - errx(1, "BZ2_bzWriteOpen, bz2err = %d", bz2err); - scan=0;len=0; - lastscan=0;lastpos=0;lastoffset=0; - while(scanoldscore+8)) break; - - if((scan+lastoffsetSf*2-lenf) { Sf=s; lenf=i; }; - }; - - lenb=0; - if(scan=lastscan+i)&&(pos>=i);i++) { - if(old[pos-i]==new[scan-i]) s++; - if(s*2-i>Sb*2-lenb) { Sb=s; lenb=i; }; - }; - }; - - if(lastscan+lenf>scan-lenb) { - overlap=(lastscan+lenf)-(scan-lenb); - s=0;Ss=0;lens=0; - for(i=0;iSs) { Ss=s; lens=i+1; }; - }; - - lenf+=lens-overlap; - lenb-=lens; - }; - - for(i=0;i + +#include +#include +#include +#include +#include +#include +#include + +#define MIN(x,y) (((x)<(y)) ? (x) : (y)) + +static void split(off_t *I,off_t *V,off_t start,off_t len,off_t h) +{ + off_t i,j,k,x,tmp,jj,kk; + + if(len<16) { + for(k=start;kstart) split(I,V,start,jj-start,h); + + for(i=0;ikk) split(I,V,kk,start+len-kk,h); +} + +static void qsufsort(off_t *I,off_t *V,u_char *old,off_t oldsize) +{ + off_t buckets[256]; + off_t i,h,len; + + for(i=0;i<256;i++) buckets[i]=0; + for(i=0;i0;i--) buckets[i]=buckets[i-1]; + buckets[0]=0; + + for(i=0;iy) { + *pos=I[st]; + return x; + } else { + *pos=I[en]; + return y; + } + }; + + x=st+(en-st)/2; + if(memcmp(old+I[x],newdata,MIN(oldsize-I[x],newsize))<0) { + return search(I,old,oldsize,newdata,newsize,x,en,pos); + } else { + return search(I,old,oldsize,newdata,newsize,st,x,pos); + }; +} + +static void offtout(off_t x,u_char *buf) +{ + off_t y; + + if(x<0) y=-x; else y=x; + + buf[0]=y%256;y-=buf[0]; + y=y/256;buf[1]=y%256;y-=buf[1]; + y=y/256;buf[2]=y%256;y-=buf[2]; + y=y/256;buf[3]=y%256;y-=buf[3]; + y=y/256;buf[4]=y%256;y-=buf[4]; + y=y/256;buf[5]=y%256;y-=buf[5]; + y=y/256;buf[6]=y%256;y-=buf[6]; + y=y/256;buf[7]=y%256; + + if(x<0) buf[7]|=0x80; +} + +// This is main() from bsdiff.c, with the following changes: +// +// - old, oldsize, newdata, newsize are arguments; we don't load this +// data from files. old and newdata are owned by the caller; we +// don't free them at the end. +// +// - the "I" block of memory is owned by the caller, who passes a +// pointer to *I, which can be NULL. This way if we call +// bsdiff() multiple times with the same 'old' data, we only do +// the qsufsort() step the first time. +// +int bsdiff(u_char* old, off_t oldsize, off_t** IP, u_char* newdata, off_t newsize, + const char* patch_filename) +{ + int fd; + off_t *I; + off_t scan,pos,len; + off_t lastscan,lastpos,lastoffset; + off_t oldscore,scsc; + off_t s,Sf,lenf,Sb,lenb; + off_t overlap,Ss,lens; + off_t i; + off_t dblen,eblen; + u_char *db,*eb; + u_char buf[8]; + u_char header[32]; + FILE * pf; + BZFILE * pfbz2; + int bz2err; + + if (*IP == NULL) { + off_t* V; + *IP = reinterpret_cast(malloc((oldsize+1) * sizeof(off_t))); + V = reinterpret_cast(malloc((oldsize+1) * sizeof(off_t))); + qsufsort(*IP, V, old, oldsize); + free(V); + } + I = *IP; + + if(((db=reinterpret_cast(malloc(newsize+1)))==NULL) || + ((eb=reinterpret_cast(malloc(newsize+1)))==NULL)) err(1,NULL); + dblen=0; + eblen=0; + + /* Create the patch file */ + if ((pf = fopen(patch_filename, "w")) == NULL) + err(1, "%s", patch_filename); + + /* Header is + 0 8 "BSDIFF40" + 8 8 length of bzip2ed ctrl block + 16 8 length of bzip2ed diff block + 24 8 length of new file */ + /* File is + 0 32 Header + 32 ?? Bzip2ed ctrl block + ?? ?? Bzip2ed diff block + ?? ?? Bzip2ed extra block */ + memcpy(header,"BSDIFF40",8); + offtout(0, header + 8); + offtout(0, header + 16); + offtout(newsize, header + 24); + if (fwrite(header, 32, 1, pf) != 1) + err(1, "fwrite(%s)", patch_filename); + + /* Compute the differences, writing ctrl as we go */ + if ((pfbz2 = BZ2_bzWriteOpen(&bz2err, pf, 9, 0, 0)) == NULL) + errx(1, "BZ2_bzWriteOpen, bz2err = %d", bz2err); + scan=0;len=0; + lastscan=0;lastpos=0;lastoffset=0; + while(scanoldscore+8)) break; + + if((scan+lastoffsetSf*2-lenf) { Sf=s; lenf=i; }; + }; + + lenb=0; + if(scan=lastscan+i)&&(pos>=i);i++) { + if(old[pos-i]==newdata[scan-i]) s++; + if(s*2-i>Sb*2-lenb) { Sb=s; lenb=i; }; + }; + }; + + if(lastscan+lenf>scan-lenb) { + overlap=(lastscan+lenf)-(scan-lenb); + s=0;Ss=0;lens=0; + for(i=0;iSs) { Ss=s; lens=i+1; }; + }; + + lenf+=lens-overlap; + lenb-=lens; + }; + + for(i=0;i -#include -#include -#include -#include -#include - -#include - -#include "mincrypt/sha.h" -#include "applypatch.h" - -void ShowBSDiffLicense() { - puts("The bsdiff library used herein is:\n" - "\n" - "Copyright 2003-2005 Colin Percival\n" - "All rights reserved\n" - "\n" - "Redistribution and use in source and binary forms, with or without\n" - "modification, are permitted providing that the following conditions\n" - "are met:\n" - "1. Redistributions of source code must retain the above copyright\n" - " notice, this list of conditions and the following disclaimer.\n" - "2. Redistributions in binary form must reproduce the above copyright\n" - " notice, this list of conditions and the following disclaimer in the\n" - " documentation and/or other materials provided with the distribution.\n" - "\n" - "THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n" - "IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n" - "WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n" - "ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY\n" - "DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n" - "DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n" - "OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n" - "HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n" - "STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING\n" - "IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\n" - "POSSIBILITY OF SUCH DAMAGE.\n" - "\n------------------\n\n" - "This program uses Julian R Seward's \"libbzip2\" library, available\n" - "from http://www.bzip.org/.\n" - ); -} - -static off_t offtin(u_char *buf) -{ - off_t y; - - y=buf[7]&0x7F; - y=y*256;y+=buf[6]; - y=y*256;y+=buf[5]; - y=y*256;y+=buf[4]; - y=y*256;y+=buf[3]; - y=y*256;y+=buf[2]; - y=y*256;y+=buf[1]; - y=y*256;y+=buf[0]; - - if(buf[7]&0x80) y=-y; - - return y; -} - -int FillBuffer(unsigned char* buffer, int size, bz_stream* stream) { - stream->next_out = (char*)buffer; - stream->avail_out = size; - while (stream->avail_out > 0) { - int bzerr = BZ2_bzDecompress(stream); - if (bzerr != BZ_OK && bzerr != BZ_STREAM_END) { - printf("bz error %d decompressing\n", bzerr); - return -1; - } - if (stream->avail_out > 0) { - printf("need %d more bytes\n", stream->avail_out); - } - } - return 0; -} - -int ApplyBSDiffPatch(const unsigned char* old_data, ssize_t old_size, - const Value* patch, ssize_t patch_offset, - SinkFn sink, void* token, SHA_CTX* ctx) { - - unsigned char* new_data; - ssize_t new_size; - if (ApplyBSDiffPatchMem(old_data, old_size, patch, patch_offset, - &new_data, &new_size) != 0) { - return -1; - } - - if (sink(new_data, new_size, token) < new_size) { - printf("short write of output: %d (%s)\n", errno, strerror(errno)); - return 1; - } - if (ctx) SHA_update(ctx, new_data, new_size); - free(new_data); - - return 0; -} - -int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size, - const Value* patch, ssize_t patch_offset, - unsigned char** new_data, ssize_t* new_size) { - // Patch data format: - // 0 8 "BSDIFF40" - // 8 8 X - // 16 8 Y - // 24 8 sizeof(newfile) - // 32 X bzip2(control block) - // 32+X Y bzip2(diff block) - // 32+X+Y ??? bzip2(extra block) - // with control block a set of triples (x,y,z) meaning "add x bytes - // from oldfile to x bytes from the diff block; copy y bytes from the - // extra block; seek forwards in oldfile by z bytes". - - unsigned char* header = (unsigned char*) patch->data + patch_offset; - if (memcmp(header, "BSDIFF40", 8) != 0) { - printf("corrupt bsdiff patch file header (magic number)\n"); - return 1; - } - - ssize_t ctrl_len, data_len; - ctrl_len = offtin(header+8); - data_len = offtin(header+16); - *new_size = offtin(header+24); - - if (ctrl_len < 0 || data_len < 0 || *new_size < 0) { - printf("corrupt patch file header (data lengths)\n"); - return 1; - } - - int bzerr; - - bz_stream cstream; - cstream.next_in = patch->data + patch_offset + 32; - cstream.avail_in = ctrl_len; - cstream.bzalloc = NULL; - cstream.bzfree = NULL; - cstream.opaque = NULL; - if ((bzerr = BZ2_bzDecompressInit(&cstream, 0, 0)) != BZ_OK) { - printf("failed to bzinit control stream (%d)\n", bzerr); - } - - bz_stream dstream; - dstream.next_in = patch->data + patch_offset + 32 + ctrl_len; - dstream.avail_in = data_len; - dstream.bzalloc = NULL; - dstream.bzfree = NULL; - dstream.opaque = NULL; - if ((bzerr = BZ2_bzDecompressInit(&dstream, 0, 0)) != BZ_OK) { - printf("failed to bzinit diff stream (%d)\n", bzerr); - } - - bz_stream estream; - estream.next_in = patch->data + patch_offset + 32 + ctrl_len + data_len; - estream.avail_in = patch->size - (patch_offset + 32 + ctrl_len + data_len); - estream.bzalloc = NULL; - estream.bzfree = NULL; - estream.opaque = NULL; - if ((bzerr = BZ2_bzDecompressInit(&estream, 0, 0)) != BZ_OK) { - printf("failed to bzinit extra stream (%d)\n", bzerr); - } - - *new_data = malloc(*new_size); - if (*new_data == NULL) { - printf("failed to allocate %ld bytes of memory for output file\n", - (long)*new_size); - return 1; - } - - off_t oldpos = 0, newpos = 0; - off_t ctrl[3]; - off_t len_read; - int i; - unsigned char buf[24]; - while (newpos < *new_size) { - // Read control data - if (FillBuffer(buf, 24, &cstream) != 0) { - printf("error while reading control stream\n"); - return 1; - } - ctrl[0] = offtin(buf); - ctrl[1] = offtin(buf+8); - ctrl[2] = offtin(buf+16); - - if (ctrl[0] < 0 || ctrl[1] < 0) { - printf("corrupt patch (negative byte counts)\n"); - return 1; - } - - // Sanity check - if (newpos + ctrl[0] > *new_size) { - printf("corrupt patch (new file overrun)\n"); - return 1; - } - - // Read diff string - if (FillBuffer(*new_data + newpos, ctrl[0], &dstream) != 0) { - printf("error while reading diff stream\n"); - return 1; - } - - // Add old data to diff string - for (i = 0; i < ctrl[0]; ++i) { - if ((oldpos+i >= 0) && (oldpos+i < old_size)) { - (*new_data)[newpos+i] += old_data[oldpos+i]; - } - } - - // Adjust pointers - newpos += ctrl[0]; - oldpos += ctrl[0]; - - // Sanity check - if (newpos + ctrl[1] > *new_size) { - printf("corrupt patch (new file overrun)\n"); - return 1; - } - - // Read extra string - if (FillBuffer(*new_data + newpos, ctrl[1], &estream) != 0) { - printf("error while reading extra stream\n"); - return 1; - } - - // Adjust pointers - newpos += ctrl[1]; - oldpos += ctrl[2]; - } - - BZ2_bzDecompressEnd(&cstream); - BZ2_bzDecompressEnd(&dstream); - BZ2_bzDecompressEnd(&estream); - return 0; -} diff --git a/applypatch/bspatch.cpp b/applypatch/bspatch.cpp new file mode 100644 index 000000000..9d201b477 --- /dev/null +++ b/applypatch/bspatch.cpp @@ -0,0 +1,255 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// This file is a nearly line-for-line copy of bspatch.c from the +// bsdiff-4.3 distribution; the primary differences being how the +// input and output data are read and the error handling. Running +// applypatch with the -l option will display the bsdiff license +// notice. + +#include +#include +#include +#include +#include +#include + +#include + +#include "mincrypt/sha.h" +#include "applypatch.h" + +void ShowBSDiffLicense() { + puts("The bsdiff library used herein is:\n" + "\n" + "Copyright 2003-2005 Colin Percival\n" + "All rights reserved\n" + "\n" + "Redistribution and use in source and binary forms, with or without\n" + "modification, are permitted providing that the following conditions\n" + "are met:\n" + "1. Redistributions of source code must retain the above copyright\n" + " notice, this list of conditions and the following disclaimer.\n" + "2. Redistributions in binary form must reproduce the above copyright\n" + " notice, this list of conditions and the following disclaimer in the\n" + " documentation and/or other materials provided with the distribution.\n" + "\n" + "THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n" + "IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n" + "WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n" + "ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY\n" + "DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n" + "DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n" + "OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n" + "HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n" + "STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING\n" + "IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\n" + "POSSIBILITY OF SUCH DAMAGE.\n" + "\n------------------\n\n" + "This program uses Julian R Seward's \"libbzip2\" library, available\n" + "from http://www.bzip.org/.\n" + ); +} + +static off_t offtin(u_char *buf) +{ + off_t y; + + y=buf[7]&0x7F; + y=y*256;y+=buf[6]; + y=y*256;y+=buf[5]; + y=y*256;y+=buf[4]; + y=y*256;y+=buf[3]; + y=y*256;y+=buf[2]; + y=y*256;y+=buf[1]; + y=y*256;y+=buf[0]; + + if(buf[7]&0x80) y=-y; + + return y; +} + +int FillBuffer(unsigned char* buffer, int size, bz_stream* stream) { + stream->next_out = (char*)buffer; + stream->avail_out = size; + while (stream->avail_out > 0) { + int bzerr = BZ2_bzDecompress(stream); + if (bzerr != BZ_OK && bzerr != BZ_STREAM_END) { + printf("bz error %d decompressing\n", bzerr); + return -1; + } + if (stream->avail_out > 0) { + printf("need %d more bytes\n", stream->avail_out); + } + } + return 0; +} + +int ApplyBSDiffPatch(const unsigned char* old_data, ssize_t old_size, + const Value* patch, ssize_t patch_offset, + SinkFn sink, void* token, SHA_CTX* ctx) { + + unsigned char* new_data; + ssize_t new_size; + if (ApplyBSDiffPatchMem(old_data, old_size, patch, patch_offset, + &new_data, &new_size) != 0) { + return -1; + } + + if (sink(new_data, new_size, token) < new_size) { + printf("short write of output: %d (%s)\n", errno, strerror(errno)); + return 1; + } + if (ctx) SHA_update(ctx, new_data, new_size); + free(new_data); + + return 0; +} + +int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size, + const Value* patch, ssize_t patch_offset, + unsigned char** new_data, ssize_t* new_size) { + // Patch data format: + // 0 8 "BSDIFF40" + // 8 8 X + // 16 8 Y + // 24 8 sizeof(newfile) + // 32 X bzip2(control block) + // 32+X Y bzip2(diff block) + // 32+X+Y ??? bzip2(extra block) + // with control block a set of triples (x,y,z) meaning "add x bytes + // from oldfile to x bytes from the diff block; copy y bytes from the + // extra block; seek forwards in oldfile by z bytes". + + unsigned char* header = (unsigned char*) patch->data + patch_offset; + if (memcmp(header, "BSDIFF40", 8) != 0) { + printf("corrupt bsdiff patch file header (magic number)\n"); + return 1; + } + + ssize_t ctrl_len, data_len; + ctrl_len = offtin(header+8); + data_len = offtin(header+16); + *new_size = offtin(header+24); + + if (ctrl_len < 0 || data_len < 0 || *new_size < 0) { + printf("corrupt patch file header (data lengths)\n"); + return 1; + } + + int bzerr; + + bz_stream cstream; + cstream.next_in = patch->data + patch_offset + 32; + cstream.avail_in = ctrl_len; + cstream.bzalloc = NULL; + cstream.bzfree = NULL; + cstream.opaque = NULL; + if ((bzerr = BZ2_bzDecompressInit(&cstream, 0, 0)) != BZ_OK) { + printf("failed to bzinit control stream (%d)\n", bzerr); + } + + bz_stream dstream; + dstream.next_in = patch->data + patch_offset + 32 + ctrl_len; + dstream.avail_in = data_len; + dstream.bzalloc = NULL; + dstream.bzfree = NULL; + dstream.opaque = NULL; + if ((bzerr = BZ2_bzDecompressInit(&dstream, 0, 0)) != BZ_OK) { + printf("failed to bzinit diff stream (%d)\n", bzerr); + } + + bz_stream estream; + estream.next_in = patch->data + patch_offset + 32 + ctrl_len + data_len; + estream.avail_in = patch->size - (patch_offset + 32 + ctrl_len + data_len); + estream.bzalloc = NULL; + estream.bzfree = NULL; + estream.opaque = NULL; + if ((bzerr = BZ2_bzDecompressInit(&estream, 0, 0)) != BZ_OK) { + printf("failed to bzinit extra stream (%d)\n", bzerr); + } + + *new_data = reinterpret_cast(malloc(*new_size)); + if (*new_data == NULL) { + printf("failed to allocate %zd bytes of memory for output file\n", *new_size); + return 1; + } + + off_t oldpos = 0, newpos = 0; + off_t ctrl[3]; + off_t len_read; + int i; + unsigned char buf[24]; + while (newpos < *new_size) { + // Read control data + if (FillBuffer(buf, 24, &cstream) != 0) { + printf("error while reading control stream\n"); + return 1; + } + ctrl[0] = offtin(buf); + ctrl[1] = offtin(buf+8); + ctrl[2] = offtin(buf+16); + + if (ctrl[0] < 0 || ctrl[1] < 0) { + printf("corrupt patch (negative byte counts)\n"); + return 1; + } + + // Sanity check + if (newpos + ctrl[0] > *new_size) { + printf("corrupt patch (new file overrun)\n"); + return 1; + } + + // Read diff string + if (FillBuffer(*new_data + newpos, ctrl[0], &dstream) != 0) { + printf("error while reading diff stream\n"); + return 1; + } + + // Add old data to diff string + for (i = 0; i < ctrl[0]; ++i) { + if ((oldpos+i >= 0) && (oldpos+i < old_size)) { + (*new_data)[newpos+i] += old_data[oldpos+i]; + } + } + + // Adjust pointers + newpos += ctrl[0]; + oldpos += ctrl[0]; + + // Sanity check + if (newpos + ctrl[1] > *new_size) { + printf("corrupt patch (new file overrun)\n"); + return 1; + } + + // Read extra string + if (FillBuffer(*new_data + newpos, ctrl[1], &estream) != 0) { + printf("error while reading extra stream\n"); + return 1; + } + + // Adjust pointers + newpos += ctrl[1]; + oldpos += ctrl[2]; + } + + BZ2_bzDecompressEnd(&cstream); + BZ2_bzDecompressEnd(&dstream); + BZ2_bzDecompressEnd(&estream); + return 0; +} diff --git a/applypatch/freecache.c b/applypatch/freecache.c deleted file mode 100644 index 9827fda06..000000000 --- a/applypatch/freecache.c +++ /dev/null @@ -1,172 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "applypatch.h" - -static int EliminateOpenFiles(char** files, int file_count) { - DIR* d; - struct dirent* de; - d = opendir("/proc"); - if (d == NULL) { - printf("error opening /proc: %s\n", strerror(errno)); - return -1; - } - while ((de = readdir(d)) != 0) { - int i; - for (i = 0; de->d_name[i] != '\0' && isdigit(de->d_name[i]); ++i); - if (de->d_name[i]) continue; - - // de->d_name[i] is numeric - - char path[FILENAME_MAX]; - strcpy(path, "/proc/"); - strcat(path, de->d_name); - strcat(path, "/fd/"); - - DIR* fdd; - struct dirent* fdde; - fdd = opendir(path); - if (fdd == NULL) { - printf("error opening %s: %s\n", path, strerror(errno)); - continue; - } - while ((fdde = readdir(fdd)) != 0) { - char fd_path[FILENAME_MAX]; - char link[FILENAME_MAX]; - strcpy(fd_path, path); - strcat(fd_path, fdde->d_name); - - int count; - count = readlink(fd_path, link, sizeof(link)-1); - if (count >= 0) { - link[count] = '\0'; - - // This is inefficient, but it should only matter if there are - // lots of files in /cache, and lots of them are open (neither - // of which should be true, especially in recovery). - if (strncmp(link, "/cache/", 7) == 0) { - int j; - for (j = 0; j < file_count; ++j) { - if (files[j] && strcmp(files[j], link) == 0) { - printf("%s is open by %s\n", link, de->d_name); - free(files[j]); - files[j] = NULL; - } - } - } - } - } - closedir(fdd); - } - closedir(d); - - return 0; -} - -int FindExpendableFiles(char*** names, int* entries) { - DIR* d; - struct dirent* de; - int size = 32; - *entries = 0; - *names = malloc(size * sizeof(char*)); - - char path[FILENAME_MAX]; - - // We're allowed to delete unopened regular files in any of these - // directories. - const char* dirs[2] = {"/cache", "/cache/recovery/otatest"}; - - unsigned int i; - for (i = 0; i < sizeof(dirs)/sizeof(dirs[0]); ++i) { - d = opendir(dirs[i]); - if (d == NULL) { - printf("error opening %s: %s\n", dirs[i], strerror(errno)); - continue; - } - - // Look for regular files in the directory (not in any subdirectories). - while ((de = readdir(d)) != 0) { - strcpy(path, dirs[i]); - strcat(path, "/"); - strcat(path, de->d_name); - - // We can't delete CACHE_TEMP_SOURCE; if it's there we might have - // restarted during installation and could be depending on it to - // be there. - if (strcmp(path, CACHE_TEMP_SOURCE) == 0) continue; - - struct stat st; - if (stat(path, &st) == 0 && S_ISREG(st.st_mode)) { - if (*entries >= size) { - size *= 2; - *names = realloc(*names, size * sizeof(char*)); - } - (*names)[(*entries)++] = strdup(path); - } - } - - closedir(d); - } - - printf("%d regular files in deletable directories\n", *entries); - - if (EliminateOpenFiles(*names, *entries) < 0) { - return -1; - } - - return 0; -} - -int MakeFreeSpaceOnCache(size_t bytes_needed) { - size_t free_now = FreeSpaceForFile("/cache"); - printf("%ld bytes free on /cache (%ld needed)\n", - (long)free_now, (long)bytes_needed); - - if (free_now >= bytes_needed) { - return 0; - } - - char** names; - int entries; - - if (FindExpendableFiles(&names, &entries) < 0) { - return -1; - } - - if (entries == 0) { - // nothing we can delete to free up space! - printf("no files can be deleted to free space on /cache\n"); - return -1; - } - - // We could try to be smarter about which files to delete: the - // biggest ones? the smallest ones that will free up enough space? - // the oldest? the newest? - // - // Instead, we'll be dumb. - - int i; - for (i = 0; i < entries && free_now < bytes_needed; ++i) { - if (names[i]) { - unlink(names[i]); - free_now = FreeSpaceForFile("/cache"); - printf("deleted %s; now %ld bytes free\n", names[i], (long)free_now); - free(names[i]); - } - } - - for (; i < entries; ++i) { - free(names[i]); - } - free(names); - - return (free_now >= bytes_needed) ? 0 : -1; -} diff --git a/applypatch/freecache.cpp b/applypatch/freecache.cpp new file mode 100644 index 000000000..2eb2f55ef --- /dev/null +++ b/applypatch/freecache.cpp @@ -0,0 +1,186 @@ +/* + * Copyright (C) 2010 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "applypatch.h" + +static int EliminateOpenFiles(char** files, int file_count) { + DIR* d; + struct dirent* de; + d = opendir("/proc"); + if (d == NULL) { + printf("error opening /proc: %s\n", strerror(errno)); + return -1; + } + while ((de = readdir(d)) != 0) { + int i; + for (i = 0; de->d_name[i] != '\0' && isdigit(de->d_name[i]); ++i); + if (de->d_name[i]) continue; + + // de->d_name[i] is numeric + + char path[FILENAME_MAX]; + strcpy(path, "/proc/"); + strcat(path, de->d_name); + strcat(path, "/fd/"); + + DIR* fdd; + struct dirent* fdde; + fdd = opendir(path); + if (fdd == NULL) { + printf("error opening %s: %s\n", path, strerror(errno)); + continue; + } + while ((fdde = readdir(fdd)) != 0) { + char fd_path[FILENAME_MAX]; + char link[FILENAME_MAX]; + strcpy(fd_path, path); + strcat(fd_path, fdde->d_name); + + int count; + count = readlink(fd_path, link, sizeof(link)-1); + if (count >= 0) { + link[count] = '\0'; + + // This is inefficient, but it should only matter if there are + // lots of files in /cache, and lots of them are open (neither + // of which should be true, especially in recovery). + if (strncmp(link, "/cache/", 7) == 0) { + int j; + for (j = 0; j < file_count; ++j) { + if (files[j] && strcmp(files[j], link) == 0) { + printf("%s is open by %s\n", link, de->d_name); + free(files[j]); + files[j] = NULL; + } + } + } + } + } + closedir(fdd); + } + closedir(d); + + return 0; +} + +int FindExpendableFiles(char*** names, int* entries) { + DIR* d; + struct dirent* de; + int size = 32; + *entries = 0; + *names = reinterpret_cast(malloc(size * sizeof(char*))); + + char path[FILENAME_MAX]; + + // We're allowed to delete unopened regular files in any of these + // directories. + const char* dirs[2] = {"/cache", "/cache/recovery/otatest"}; + + for (size_t i = 0; i < sizeof(dirs)/sizeof(dirs[0]); ++i) { + d = opendir(dirs[i]); + if (d == NULL) { + printf("error opening %s: %s\n", dirs[i], strerror(errno)); + continue; + } + + // Look for regular files in the directory (not in any subdirectories). + while ((de = readdir(d)) != 0) { + strcpy(path, dirs[i]); + strcat(path, "/"); + strcat(path, de->d_name); + + // We can't delete CACHE_TEMP_SOURCE; if it's there we might have + // restarted during installation and could be depending on it to + // be there. + if (strcmp(path, CACHE_TEMP_SOURCE) == 0) continue; + + struct stat st; + if (stat(path, &st) == 0 && S_ISREG(st.st_mode)) { + if (*entries >= size) { + size *= 2; + *names = reinterpret_cast(realloc(*names, size * sizeof(char*))); + } + (*names)[(*entries)++] = strdup(path); + } + } + + closedir(d); + } + + printf("%d regular files in deletable directories\n", *entries); + + if (EliminateOpenFiles(*names, *entries) < 0) { + return -1; + } + + return 0; +} + +int MakeFreeSpaceOnCache(size_t bytes_needed) { + size_t free_now = FreeSpaceForFile("/cache"); + printf("%zu bytes free on /cache (%zu needed)\n", free_now, bytes_needed); + + if (free_now >= bytes_needed) { + return 0; + } + + char** names; + int entries; + + if (FindExpendableFiles(&names, &entries) < 0) { + return -1; + } + + if (entries == 0) { + // nothing we can delete to free up space! + printf("no files can be deleted to free space on /cache\n"); + return -1; + } + + // We could try to be smarter about which files to delete: the + // biggest ones? the smallest ones that will free up enough space? + // the oldest? the newest? + // + // Instead, we'll be dumb. + + int i; + for (i = 0; i < entries && free_now < bytes_needed; ++i) { + if (names[i]) { + unlink(names[i]); + free_now = FreeSpaceForFile("/cache"); + printf("deleted %s; now %zu bytes free\n", names[i], free_now); + free(names[i]); + } + } + + for (; i < entries; ++i) { + free(names[i]); + } + free(names); + + return (free_now >= bytes_needed) ? 0 : -1; +} diff --git a/applypatch/imgdiff.c b/applypatch/imgdiff.c deleted file mode 100644 index 3bac8be91..000000000 --- a/applypatch/imgdiff.c +++ /dev/null @@ -1,1060 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * This program constructs binary patches for images -- such as boot.img - * and recovery.img -- that consist primarily of large chunks of gzipped - * data interspersed with uncompressed data. Doing a naive bsdiff of - * these files is not useful because small changes in the data lead to - * large changes in the compressed bitstream; bsdiff patches of gzipped - * data are typically as large as the data itself. - * - * To patch these usefully, we break the source and target images up into - * chunks of two types: "normal" and "gzip". Normal chunks are simply - * patched using a plain bsdiff. Gzip chunks are first expanded, then a - * bsdiff is applied to the uncompressed data, then the patched data is - * gzipped using the same encoder parameters. Patched chunks are - * concatenated together to create the output file; the output image - * should be *exactly* the same series of bytes as the target image used - * originally to generate the patch. - * - * To work well with this tool, the gzipped sections of the target - * image must have been generated using the same deflate encoder that - * is available in applypatch, namely, the one in the zlib library. - * In practice this means that images should be compressed using the - * "minigzip" tool included in the zlib distribution, not the GNU gzip - * program. - * - * An "imgdiff" patch consists of a header describing the chunk structure - * of the file and any encoding parameters needed for the gzipped - * chunks, followed by N bsdiff patches, one per chunk. - * - * For a diff to be generated, the source and target images must have the - * same "chunk" structure: that is, the same number of gzipped and normal - * chunks in the same order. Android boot and recovery images currently - * consist of five chunks: a small normal header, a gzipped kernel, a - * small normal section, a gzipped ramdisk, and finally a small normal - * footer. - * - * Caveats: we locate gzipped sections within the source and target - * images by searching for the byte sequence 1f8b0800: 1f8b is the gzip - * magic number; 08 specifies the "deflate" encoding [the only encoding - * supported by the gzip standard]; and 00 is the flags byte. We do not - * currently support any extra header fields (which would be indicated by - * a nonzero flags byte). We also don't handle the case when that byte - * sequence appears spuriously in the file. (Note that it would have to - * occur spuriously within a normal chunk to be a problem.) - * - * - * The imgdiff patch header looks like this: - * - * "IMGDIFF1" (8) [magic number and version] - * chunk count (4) - * for each chunk: - * chunk type (4) [CHUNK_{NORMAL, GZIP, DEFLATE, RAW}] - * if chunk type == CHUNK_NORMAL: - * source start (8) - * source len (8) - * bsdiff patch offset (8) [from start of patch file] - * if chunk type == CHUNK_GZIP: (version 1 only) - * source start (8) - * source len (8) - * bsdiff patch offset (8) [from start of patch file] - * source expanded len (8) [size of uncompressed source] - * target expected len (8) [size of uncompressed target] - * gzip level (4) - * method (4) - * windowBits (4) - * memLevel (4) - * strategy (4) - * gzip header len (4) - * gzip header (gzip header len) - * gzip footer (8) - * if chunk type == CHUNK_DEFLATE: (version 2 only) - * source start (8) - * source len (8) - * bsdiff patch offset (8) [from start of patch file] - * source expanded len (8) [size of uncompressed source] - * target expected len (8) [size of uncompressed target] - * gzip level (4) - * method (4) - * windowBits (4) - * memLevel (4) - * strategy (4) - * if chunk type == RAW: (version 2 only) - * target len (4) - * data (target len) - * - * All integers are little-endian. "source start" and "source len" - * specify the section of the input image that comprises this chunk, - * including the gzip header and footer for gzip chunks. "source - * expanded len" is the size of the uncompressed source data. "target - * expected len" is the size of the uncompressed data after applying - * the bsdiff patch. The next five parameters specify the zlib - * parameters to be used when compressing the patched data, and the - * next three specify the header and footer to be wrapped around the - * compressed data to create the output chunk (so that header contents - * like the timestamp are recreated exactly). - * - * After the header there are 'chunk count' bsdiff patches; the offset - * of each from the beginning of the file is specified in the header. - * - * This tool can take an optional file of "bonus data". This is an - * extra file of data that is appended to chunk #1 after it is - * compressed (it must be a CHUNK_DEFLATE chunk). The same file must - * be available (and passed to applypatch with -b) when applying the - * patch. This is used to reduce the size of recovery-from-boot - * patches by combining the boot image with recovery ramdisk - * information that is stored on the system partition. - */ - -#include -#include -#include -#include -#include -#include -#include - -#include "zlib.h" -#include "imgdiff.h" -#include "utils.h" - -typedef struct { - int type; // CHUNK_NORMAL, CHUNK_DEFLATE - size_t start; // offset of chunk in original image file - - size_t len; - unsigned char* data; // data to be patched (uncompressed, for deflate chunks) - - size_t source_start; - size_t source_len; - - off_t* I; // used by bsdiff - - // --- for CHUNK_DEFLATE chunks only: --- - - // original (compressed) deflate data - size_t deflate_len; - unsigned char* deflate_data; - - char* filename; // used for zip entries - - // deflate encoder parameters - int level, method, windowBits, memLevel, strategy; - - size_t source_uncompressed_len; -} ImageChunk; - -typedef struct { - int data_offset; - int deflate_len; - int uncomp_len; - char* filename; -} ZipFileEntry; - -static int fileentry_compare(const void* a, const void* b) { - int ao = ((ZipFileEntry*)a)->data_offset; - int bo = ((ZipFileEntry*)b)->data_offset; - if (ao < bo) { - return -1; - } else if (ao > bo) { - return 1; - } else { - return 0; - } -} - -// from bsdiff.c -int bsdiff(u_char* old, off_t oldsize, off_t** IP, u_char* new, off_t newsize, - const char* patch_filename); - -unsigned char* ReadZip(const char* filename, - int* num_chunks, ImageChunk** chunks, - int include_pseudo_chunk) { - struct stat st; - if (stat(filename, &st) != 0) { - printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); - return NULL; - } - - unsigned char* img = malloc(st.st_size); - FILE* f = fopen(filename, "rb"); - if (fread(img, 1, st.st_size, f) != st.st_size) { - printf("failed to read \"%s\" %s\n", filename, strerror(errno)); - fclose(f); - return NULL; - } - fclose(f); - - // look for the end-of-central-directory record. - - int i; - for (i = st.st_size-20; i >= 0 && i > st.st_size - 65600; --i) { - if (img[i] == 0x50 && img[i+1] == 0x4b && - img[i+2] == 0x05 && img[i+3] == 0x06) { - break; - } - } - // double-check: this archive consists of a single "disk" - if (!(img[i+4] == 0 && img[i+5] == 0 && img[i+6] == 0 && img[i+7] == 0)) { - printf("can't process multi-disk archive\n"); - return NULL; - } - - int cdcount = Read2(img+i+8); - int cdoffset = Read4(img+i+16); - - ZipFileEntry* temp_entries = malloc(cdcount * sizeof(ZipFileEntry)); - int entrycount = 0; - - unsigned char* cd = img+cdoffset; - for (i = 0; i < cdcount; ++i) { - if (!(cd[0] == 0x50 && cd[1] == 0x4b && cd[2] == 0x01 && cd[3] == 0x02)) { - printf("bad central directory entry %d\n", i); - return NULL; - } - - int clen = Read4(cd+20); // compressed len - int ulen = Read4(cd+24); // uncompressed len - int nlen = Read2(cd+28); // filename len - int xlen = Read2(cd+30); // extra field len - int mlen = Read2(cd+32); // file comment len - int hoffset = Read4(cd+42); // local header offset - - char* filename = malloc(nlen+1); - memcpy(filename, cd+46, nlen); - filename[nlen] = '\0'; - - int method = Read2(cd+10); - - cd += 46 + nlen + xlen + mlen; - - if (method != 8) { // 8 == deflate - free(filename); - continue; - } - - unsigned char* lh = img + hoffset; - - if (!(lh[0] == 0x50 && lh[1] == 0x4b && lh[2] == 0x03 && lh[3] == 0x04)) { - printf("bad local file header entry %d\n", i); - return NULL; - } - - if (Read2(lh+26) != nlen || memcmp(lh+30, filename, nlen) != 0) { - printf("central dir filename doesn't match local header\n"); - return NULL; - } - - xlen = Read2(lh+28); // extra field len; might be different from CD entry? - - temp_entries[entrycount].data_offset = hoffset+30+nlen+xlen; - temp_entries[entrycount].deflate_len = clen; - temp_entries[entrycount].uncomp_len = ulen; - temp_entries[entrycount].filename = filename; - ++entrycount; - } - - qsort(temp_entries, entrycount, sizeof(ZipFileEntry), fileentry_compare); - -#if 0 - printf("found %d deflated entries\n", entrycount); - for (i = 0; i < entrycount; ++i) { - printf("off %10d len %10d unlen %10d %p %s\n", - temp_entries[i].data_offset, - temp_entries[i].deflate_len, - temp_entries[i].uncomp_len, - temp_entries[i].filename, - temp_entries[i].filename); - } -#endif - - *num_chunks = 0; - *chunks = malloc((entrycount*2+2) * sizeof(ImageChunk)); - ImageChunk* curr = *chunks; - - if (include_pseudo_chunk) { - curr->type = CHUNK_NORMAL; - curr->start = 0; - curr->len = st.st_size; - curr->data = img; - curr->filename = NULL; - curr->I = NULL; - ++curr; - ++*num_chunks; - } - - int pos = 0; - int nextentry = 0; - - while (pos < st.st_size) { - if (nextentry < entrycount && pos == temp_entries[nextentry].data_offset) { - curr->type = CHUNK_DEFLATE; - curr->start = pos; - curr->deflate_len = temp_entries[nextentry].deflate_len; - curr->deflate_data = img + pos; - curr->filename = temp_entries[nextentry].filename; - curr->I = NULL; - - curr->len = temp_entries[nextentry].uncomp_len; - curr->data = malloc(curr->len); - - z_stream strm; - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = curr->deflate_len; - strm.next_in = curr->deflate_data; - - // -15 means we are decoding a 'raw' deflate stream; zlib will - // not expect zlib headers. - int ret = inflateInit2(&strm, -15); - - strm.avail_out = curr->len; - strm.next_out = curr->data; - ret = inflate(&strm, Z_NO_FLUSH); - if (ret != Z_STREAM_END) { - printf("failed to inflate \"%s\"; %d\n", curr->filename, ret); - return NULL; - } - - inflateEnd(&strm); - - pos += curr->deflate_len; - ++nextentry; - ++*num_chunks; - ++curr; - continue; - } - - // use a normal chunk to take all the data up to the start of the - // next deflate section. - - curr->type = CHUNK_NORMAL; - curr->start = pos; - if (nextentry < entrycount) { - curr->len = temp_entries[nextentry].data_offset - pos; - } else { - curr->len = st.st_size - pos; - } - curr->data = img + pos; - curr->filename = NULL; - curr->I = NULL; - pos += curr->len; - - ++*num_chunks; - ++curr; - } - - free(temp_entries); - return img; -} - -/* - * Read the given file and break it up into chunks, putting the number - * of chunks and their info in *num_chunks and **chunks, - * respectively. Returns a malloc'd block of memory containing the - * contents of the file; various pointers in the output chunk array - * will point into this block of memory. The caller should free the - * return value when done with all the chunks. Returns NULL on - * failure. - */ -unsigned char* ReadImage(const char* filename, - int* num_chunks, ImageChunk** chunks) { - struct stat st; - if (stat(filename, &st) != 0) { - printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); - return NULL; - } - - unsigned char* img = malloc(st.st_size + 4); - FILE* f = fopen(filename, "rb"); - if (fread(img, 1, st.st_size, f) != st.st_size) { - printf("failed to read \"%s\" %s\n", filename, strerror(errno)); - fclose(f); - return NULL; - } - fclose(f); - - // append 4 zero bytes to the data so we can always search for the - // four-byte string 1f8b0800 starting at any point in the actual - // file data, without special-casing the end of the data. - memset(img+st.st_size, 0, 4); - - size_t pos = 0; - - *num_chunks = 0; - *chunks = NULL; - - while (pos < st.st_size) { - unsigned char* p = img+pos; - - if (st.st_size - pos >= 4 && - p[0] == 0x1f && p[1] == 0x8b && - p[2] == 0x08 && // deflate compression - p[3] == 0x00) { // no header flags - // 'pos' is the offset of the start of a gzip chunk. - size_t chunk_offset = pos; - - *num_chunks += 3; - *chunks = realloc(*chunks, *num_chunks * sizeof(ImageChunk)); - ImageChunk* curr = *chunks + (*num_chunks-3); - - // create a normal chunk for the header. - curr->start = pos; - curr->type = CHUNK_NORMAL; - curr->len = GZIP_HEADER_LEN; - curr->data = p; - curr->I = NULL; - - pos += curr->len; - p += curr->len; - ++curr; - - curr->type = CHUNK_DEFLATE; - curr->filename = NULL; - curr->I = NULL; - - // We must decompress this chunk in order to discover where it - // ends, and so we can put the uncompressed data and its length - // into curr->data and curr->len. - - size_t allocated = 32768; - curr->len = 0; - curr->data = malloc(allocated); - curr->start = pos; - curr->deflate_data = p; - - z_stream strm; - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = st.st_size - pos; - strm.next_in = p; - - // -15 means we are decoding a 'raw' deflate stream; zlib will - // not expect zlib headers. - int ret = inflateInit2(&strm, -15); - - do { - strm.avail_out = allocated - curr->len; - strm.next_out = curr->data + curr->len; - ret = inflate(&strm, Z_NO_FLUSH); - if (ret < 0) { - printf("Error: inflate failed [%s] at file offset [%zu]\n" - "imgdiff only supports gzip kernel compression," - " did you try CONFIG_KERNEL_LZO?\n", - strm.msg, chunk_offset); - free(img); - return NULL; - } - curr->len = allocated - strm.avail_out; - if (strm.avail_out == 0) { - allocated *= 2; - curr->data = realloc(curr->data, allocated); - } - } while (ret != Z_STREAM_END); - - curr->deflate_len = st.st_size - strm.avail_in - pos; - inflateEnd(&strm); - pos += curr->deflate_len; - p += curr->deflate_len; - ++curr; - - // create a normal chunk for the footer - - curr->type = CHUNK_NORMAL; - curr->start = pos; - curr->len = GZIP_FOOTER_LEN; - curr->data = img+pos; - curr->I = NULL; - - pos += curr->len; - p += curr->len; - ++curr; - - // The footer (that we just skipped over) contains the size of - // the uncompressed data. Double-check to make sure that it - // matches the size of the data we got when we actually did - // the decompression. - size_t footer_size = Read4(p-4); - if (footer_size != curr[-2].len) { - printf("Error: footer size %d != decompressed size %d\n", - footer_size, curr[-2].len); - free(img); - return NULL; - } - } else { - // Reallocate the list for every chunk; we expect the number of - // chunks to be small (5 for typical boot and recovery images). - ++*num_chunks; - *chunks = realloc(*chunks, *num_chunks * sizeof(ImageChunk)); - ImageChunk* curr = *chunks + (*num_chunks-1); - curr->start = pos; - curr->I = NULL; - - // 'pos' is not the offset of the start of a gzip chunk, so scan - // forward until we find a gzip header. - curr->type = CHUNK_NORMAL; - curr->data = p; - - for (curr->len = 0; curr->len < (st.st_size - pos); ++curr->len) { - if (p[curr->len] == 0x1f && - p[curr->len+1] == 0x8b && - p[curr->len+2] == 0x08 && - p[curr->len+3] == 0x00) { - break; - } - } - pos += curr->len; - } - } - - return img; -} - -#define BUFFER_SIZE 32768 - -/* - * Takes the uncompressed data stored in the chunk, compresses it - * using the zlib parameters stored in the chunk, and checks that it - * matches exactly the compressed data we started with (also stored in - * the chunk). Return 0 on success. - */ -int TryReconstruction(ImageChunk* chunk, unsigned char* out) { - size_t p = 0; - -#if 0 - printf("trying %d %d %d %d %d\n", - chunk->level, chunk->method, chunk->windowBits, - chunk->memLevel, chunk->strategy); -#endif - - z_stream strm; - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = chunk->len; - strm.next_in = chunk->data; - int ret; - ret = deflateInit2(&strm, chunk->level, chunk->method, chunk->windowBits, - chunk->memLevel, chunk->strategy); - do { - strm.avail_out = BUFFER_SIZE; - strm.next_out = out; - ret = deflate(&strm, Z_FINISH); - size_t have = BUFFER_SIZE - strm.avail_out; - - if (memcmp(out, chunk->deflate_data+p, have) != 0) { - // mismatch; data isn't the same. - deflateEnd(&strm); - return -1; - } - p += have; - } while (ret != Z_STREAM_END); - deflateEnd(&strm); - if (p != chunk->deflate_len) { - // mismatch; ran out of data before we should have. - return -1; - } - return 0; -} - -/* - * Verify that we can reproduce exactly the same compressed data that - * we started with. Sets the level, method, windowBits, memLevel, and - * strategy fields in the chunk to the encoding parameters needed to - * produce the right output. Returns 0 on success. - */ -int ReconstructDeflateChunk(ImageChunk* chunk) { - if (chunk->type != CHUNK_DEFLATE) { - printf("attempt to reconstruct non-deflate chunk\n"); - return -1; - } - - size_t p = 0; - unsigned char* out = malloc(BUFFER_SIZE); - - // We only check two combinations of encoder parameters: level 6 - // (the default) and level 9 (the maximum). - for (chunk->level = 6; chunk->level <= 9; chunk->level += 3) { - chunk->windowBits = -15; // 32kb window; negative to indicate a raw stream. - chunk->memLevel = 8; // the default value. - chunk->method = Z_DEFLATED; - chunk->strategy = Z_DEFAULT_STRATEGY; - - if (TryReconstruction(chunk, out) == 0) { - free(out); - return 0; - } - } - - free(out); - return -1; -} - -/* - * Given source and target chunks, compute a bsdiff patch between them - * by running bsdiff in a subprocess. Return the patch data, placing - * its length in *size. Return NULL on failure. We expect the bsdiff - * program to be in the path. - */ -unsigned char* MakePatch(ImageChunk* src, ImageChunk* tgt, size_t* size) { - if (tgt->type == CHUNK_NORMAL) { - if (tgt->len <= 160) { - tgt->type = CHUNK_RAW; - *size = tgt->len; - return tgt->data; - } - } - - char ptemp[] = "/tmp/imgdiff-patch-XXXXXX"; - mkstemp(ptemp); - - int r = bsdiff(src->data, src->len, &(src->I), tgt->data, tgt->len, ptemp); - if (r != 0) { - printf("bsdiff() failed: %d\n", r); - return NULL; - } - - struct stat st; - if (stat(ptemp, &st) != 0) { - printf("failed to stat patch file %s: %s\n", - ptemp, strerror(errno)); - return NULL; - } - - unsigned char* data = malloc(st.st_size); - - if (tgt->type == CHUNK_NORMAL && tgt->len <= st.st_size) { - unlink(ptemp); - - tgt->type = CHUNK_RAW; - *size = tgt->len; - return tgt->data; - } - - *size = st.st_size; - - FILE* f = fopen(ptemp, "rb"); - if (f == NULL) { - printf("failed to open patch %s: %s\n", ptemp, strerror(errno)); - return NULL; - } - if (fread(data, 1, st.st_size, f) != st.st_size) { - printf("failed to read patch %s: %s\n", ptemp, strerror(errno)); - return NULL; - } - fclose(f); - - unlink(ptemp); - - tgt->source_start = src->start; - switch (tgt->type) { - case CHUNK_NORMAL: - tgt->source_len = src->len; - break; - case CHUNK_DEFLATE: - tgt->source_len = src->deflate_len; - tgt->source_uncompressed_len = src->len; - break; - } - - return data; -} - -/* - * Cause a gzip chunk to be treated as a normal chunk (ie, as a blob - * of uninterpreted data). The resulting patch will likely be about - * as big as the target file, but it lets us handle the case of images - * where some gzip chunks are reconstructible but others aren't (by - * treating the ones that aren't as normal chunks). - */ -void ChangeDeflateChunkToNormal(ImageChunk* ch) { - if (ch->type != CHUNK_DEFLATE) return; - ch->type = CHUNK_NORMAL; - free(ch->data); - ch->data = ch->deflate_data; - ch->len = ch->deflate_len; -} - -/* - * Return true if the data in the chunk is identical (including the - * compressed representation, for gzip chunks). - */ -int AreChunksEqual(ImageChunk* a, ImageChunk* b) { - if (a->type != b->type) return 0; - - switch (a->type) { - case CHUNK_NORMAL: - return a->len == b->len && memcmp(a->data, b->data, a->len) == 0; - - case CHUNK_DEFLATE: - return a->deflate_len == b->deflate_len && - memcmp(a->deflate_data, b->deflate_data, a->deflate_len) == 0; - - default: - printf("unknown chunk type %d\n", a->type); - return 0; - } -} - -/* - * Look for runs of adjacent normal chunks and compress them down into - * a single chunk. (Such runs can be produced when deflate chunks are - * changed to normal chunks.) - */ -void MergeAdjacentNormalChunks(ImageChunk* chunks, int* num_chunks) { - int out = 0; - int in_start = 0, in_end; - while (in_start < *num_chunks) { - if (chunks[in_start].type != CHUNK_NORMAL) { - in_end = in_start+1; - } else { - // in_start is a normal chunk. Look for a run of normal chunks - // that constitute a solid block of data (ie, each chunk begins - // where the previous one ended). - for (in_end = in_start+1; - in_end < *num_chunks && chunks[in_end].type == CHUNK_NORMAL && - (chunks[in_end].start == - chunks[in_end-1].start + chunks[in_end-1].len && - chunks[in_end].data == - chunks[in_end-1].data + chunks[in_end-1].len); - ++in_end); - } - - if (in_end == in_start+1) { -#if 0 - printf("chunk %d is now %d\n", in_start, out); -#endif - if (out != in_start) { - memcpy(chunks+out, chunks+in_start, sizeof(ImageChunk)); - } - } else { -#if 0 - printf("collapse normal chunks %d-%d into %d\n", in_start, in_end-1, out); -#endif - - // Merge chunks [in_start, in_end-1] into one chunk. Since the - // data member of each chunk is just a pointer into an in-memory - // copy of the file, this can be done without recopying (the - // output chunk has the first chunk's start location and data - // pointer, and length equal to the sum of the input chunk - // lengths). - chunks[out].type = CHUNK_NORMAL; - chunks[out].start = chunks[in_start].start; - chunks[out].data = chunks[in_start].data; - chunks[out].len = chunks[in_end-1].len + - (chunks[in_end-1].start - chunks[in_start].start); - } - - ++out; - in_start = in_end; - } - *num_chunks = out; -} - -ImageChunk* FindChunkByName(const char* name, - ImageChunk* chunks, int num_chunks) { - int i; - for (i = 0; i < num_chunks; ++i) { - if (chunks[i].type == CHUNK_DEFLATE && chunks[i].filename && - strcmp(name, chunks[i].filename) == 0) { - return chunks+i; - } - } - return NULL; -} - -void DumpChunks(ImageChunk* chunks, int num_chunks) { - int i; - for (i = 0; i < num_chunks; ++i) { - printf("chunk %d: type %d start %d len %d\n", - i, chunks[i].type, chunks[i].start, chunks[i].len); - } -} - -int main(int argc, char** argv) { - int zip_mode = 0; - - if (argc >= 2 && strcmp(argv[1], "-z") == 0) { - zip_mode = 1; - --argc; - ++argv; - } - - size_t bonus_size = 0; - unsigned char* bonus_data = NULL; - if (argc >= 3 && strcmp(argv[1], "-b") == 0) { - struct stat st; - if (stat(argv[2], &st) != 0) { - printf("failed to stat bonus file %s: %s\n", argv[2], strerror(errno)); - return 1; - } - bonus_size = st.st_size; - bonus_data = malloc(bonus_size); - FILE* f = fopen(argv[2], "rb"); - if (f == NULL) { - printf("failed to open bonus file %s: %s\n", argv[2], strerror(errno)); - return 1; - } - if (fread(bonus_data, 1, bonus_size, f) != bonus_size) { - printf("failed to read bonus file %s: %s\n", argv[2], strerror(errno)); - return 1; - } - fclose(f); - - argc -= 2; - argv += 2; - } - - if (argc != 4) { - usage: - printf("usage: %s [-z] [-b ] \n", - argv[0]); - return 2; - } - - int num_src_chunks; - ImageChunk* src_chunks; - int num_tgt_chunks; - ImageChunk* tgt_chunks; - int i; - - if (zip_mode) { - if (ReadZip(argv[1], &num_src_chunks, &src_chunks, 1) == NULL) { - printf("failed to break apart source zip file\n"); - return 1; - } - if (ReadZip(argv[2], &num_tgt_chunks, &tgt_chunks, 0) == NULL) { - printf("failed to break apart target zip file\n"); - return 1; - } - } else { - if (ReadImage(argv[1], &num_src_chunks, &src_chunks) == NULL) { - printf("failed to break apart source image\n"); - return 1; - } - if (ReadImage(argv[2], &num_tgt_chunks, &tgt_chunks) == NULL) { - printf("failed to break apart target image\n"); - return 1; - } - - // Verify that the source and target images have the same chunk - // structure (ie, the same sequence of deflate and normal chunks). - - if (!zip_mode) { - // Merge the gzip header and footer in with any adjacent - // normal chunks. - MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); - MergeAdjacentNormalChunks(src_chunks, &num_src_chunks); - } - - if (num_src_chunks != num_tgt_chunks) { - printf("source and target don't have same number of chunks!\n"); - printf("source chunks:\n"); - DumpChunks(src_chunks, num_src_chunks); - printf("target chunks:\n"); - DumpChunks(tgt_chunks, num_tgt_chunks); - return 1; - } - for (i = 0; i < num_src_chunks; ++i) { - if (src_chunks[i].type != tgt_chunks[i].type) { - printf("source and target don't have same chunk " - "structure! (chunk %d)\n", i); - printf("source chunks:\n"); - DumpChunks(src_chunks, num_src_chunks); - printf("target chunks:\n"); - DumpChunks(tgt_chunks, num_tgt_chunks); - return 1; - } - } - } - - for (i = 0; i < num_tgt_chunks; ++i) { - if (tgt_chunks[i].type == CHUNK_DEFLATE) { - // Confirm that given the uncompressed chunk data in the target, we - // can recompress it and get exactly the same bits as are in the - // input target image. If this fails, treat the chunk as a normal - // non-deflated chunk. - if (ReconstructDeflateChunk(tgt_chunks+i) < 0) { - printf("failed to reconstruct target deflate chunk %d [%s]; " - "treating as normal\n", i, tgt_chunks[i].filename); - ChangeDeflateChunkToNormal(tgt_chunks+i); - if (zip_mode) { - ImageChunk* src = FindChunkByName(tgt_chunks[i].filename, src_chunks, num_src_chunks); - if (src) { - ChangeDeflateChunkToNormal(src); - } - } else { - ChangeDeflateChunkToNormal(src_chunks+i); - } - continue; - } - - // If two deflate chunks are identical (eg, the kernel has not - // changed between two builds), treat them as normal chunks. - // This makes applypatch much faster -- it can apply a trivial - // patch to the compressed data, rather than uncompressing and - // recompressing to apply the trivial patch to the uncompressed - // data. - ImageChunk* src; - if (zip_mode) { - src = FindChunkByName(tgt_chunks[i].filename, src_chunks, num_src_chunks); - } else { - src = src_chunks+i; - } - - if (src == NULL || AreChunksEqual(tgt_chunks+i, src)) { - ChangeDeflateChunkToNormal(tgt_chunks+i); - if (src) { - ChangeDeflateChunkToNormal(src); - } - } - } - } - - // Merging neighboring normal chunks. - if (zip_mode) { - // For zips, we only need to do this to the target: deflated - // chunks are matched via filename, and normal chunks are patched - // using the entire source file as the source. - MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); - } else { - // For images, we need to maintain the parallel structure of the - // chunk lists, so do the merging in both the source and target - // lists. - MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); - MergeAdjacentNormalChunks(src_chunks, &num_src_chunks); - if (num_src_chunks != num_tgt_chunks) { - // This shouldn't happen. - printf("merging normal chunks went awry\n"); - return 1; - } - } - - // Compute bsdiff patches for each chunk's data (the uncompressed - // data, in the case of deflate chunks). - - DumpChunks(src_chunks, num_src_chunks); - - printf("Construct patches for %d chunks...\n", num_tgt_chunks); - unsigned char** patch_data = malloc(num_tgt_chunks * sizeof(unsigned char*)); - size_t* patch_size = malloc(num_tgt_chunks * sizeof(size_t)); - for (i = 0; i < num_tgt_chunks; ++i) { - if (zip_mode) { - ImageChunk* src; - if (tgt_chunks[i].type == CHUNK_DEFLATE && - (src = FindChunkByName(tgt_chunks[i].filename, src_chunks, - num_src_chunks))) { - patch_data[i] = MakePatch(src, tgt_chunks+i, patch_size+i); - } else { - patch_data[i] = MakePatch(src_chunks, tgt_chunks+i, patch_size+i); - } - } else { - if (i == 1 && bonus_data) { - printf(" using %d bytes of bonus data for chunk %d\n", bonus_size, i); - src_chunks[i].data = realloc(src_chunks[i].data, src_chunks[i].len + bonus_size); - memcpy(src_chunks[i].data+src_chunks[i].len, bonus_data, bonus_size); - src_chunks[i].len += bonus_size; - } - - patch_data[i] = MakePatch(src_chunks+i, tgt_chunks+i, patch_size+i); - } - printf("patch %3d is %d bytes (of %d)\n", - i, patch_size[i], tgt_chunks[i].source_len); - } - - // Figure out how big the imgdiff file header is going to be, so - // that we can correctly compute the offset of each bsdiff patch - // within the file. - - size_t total_header_size = 12; - for (i = 0; i < num_tgt_chunks; ++i) { - total_header_size += 4; - switch (tgt_chunks[i].type) { - case CHUNK_NORMAL: - total_header_size += 8*3; - break; - case CHUNK_DEFLATE: - total_header_size += 8*5 + 4*5; - break; - case CHUNK_RAW: - total_header_size += 4 + patch_size[i]; - break; - } - } - - size_t offset = total_header_size; - - FILE* f = fopen(argv[3], "wb"); - - // Write out the headers. - - fwrite("IMGDIFF2", 1, 8, f); - Write4(num_tgt_chunks, f); - for (i = 0; i < num_tgt_chunks; ++i) { - Write4(tgt_chunks[i].type, f); - - switch (tgt_chunks[i].type) { - case CHUNK_NORMAL: - printf("chunk %3d: normal (%10d, %10d) %10d\n", i, - tgt_chunks[i].start, tgt_chunks[i].len, patch_size[i]); - Write8(tgt_chunks[i].source_start, f); - Write8(tgt_chunks[i].source_len, f); - Write8(offset, f); - offset += patch_size[i]; - break; - - case CHUNK_DEFLATE: - printf("chunk %3d: deflate (%10d, %10d) %10d %s\n", i, - tgt_chunks[i].start, tgt_chunks[i].deflate_len, patch_size[i], - tgt_chunks[i].filename); - Write8(tgt_chunks[i].source_start, f); - Write8(tgt_chunks[i].source_len, f); - Write8(offset, f); - Write8(tgt_chunks[i].source_uncompressed_len, f); - Write8(tgt_chunks[i].len, f); - Write4(tgt_chunks[i].level, f); - Write4(tgt_chunks[i].method, f); - Write4(tgt_chunks[i].windowBits, f); - Write4(tgt_chunks[i].memLevel, f); - Write4(tgt_chunks[i].strategy, f); - offset += patch_size[i]; - break; - - case CHUNK_RAW: - printf("chunk %3d: raw (%10d, %10d)\n", i, - tgt_chunks[i].start, tgt_chunks[i].len); - Write4(patch_size[i], f); - fwrite(patch_data[i], 1, patch_size[i], f); - break; - } - } - - // Append each chunk's bsdiff patch, in order. - - for (i = 0; i < num_tgt_chunks; ++i) { - if (tgt_chunks[i].type != CHUNK_RAW) { - fwrite(patch_data[i], 1, patch_size[i], f); - } - } - - fclose(f); - - return 0; -} diff --git a/applypatch/imgdiff.cpp b/applypatch/imgdiff.cpp new file mode 100644 index 000000000..4d83ffb2e --- /dev/null +++ b/applypatch/imgdiff.cpp @@ -0,0 +1,1068 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * This program constructs binary patches for images -- such as boot.img + * and recovery.img -- that consist primarily of large chunks of gzipped + * data interspersed with uncompressed data. Doing a naive bsdiff of + * these files is not useful because small changes in the data lead to + * large changes in the compressed bitstream; bsdiff patches of gzipped + * data are typically as large as the data itself. + * + * To patch these usefully, we break the source and target images up into + * chunks of two types: "normal" and "gzip". Normal chunks are simply + * patched using a plain bsdiff. Gzip chunks are first expanded, then a + * bsdiff is applied to the uncompressed data, then the patched data is + * gzipped using the same encoder parameters. Patched chunks are + * concatenated together to create the output file; the output image + * should be *exactly* the same series of bytes as the target image used + * originally to generate the patch. + * + * To work well with this tool, the gzipped sections of the target + * image must have been generated using the same deflate encoder that + * is available in applypatch, namely, the one in the zlib library. + * In practice this means that images should be compressed using the + * "minigzip" tool included in the zlib distribution, not the GNU gzip + * program. + * + * An "imgdiff" patch consists of a header describing the chunk structure + * of the file and any encoding parameters needed for the gzipped + * chunks, followed by N bsdiff patches, one per chunk. + * + * For a diff to be generated, the source and target images must have the + * same "chunk" structure: that is, the same number of gzipped and normal + * chunks in the same order. Android boot and recovery images currently + * consist of five chunks: a small normal header, a gzipped kernel, a + * small normal section, a gzipped ramdisk, and finally a small normal + * footer. + * + * Caveats: we locate gzipped sections within the source and target + * images by searching for the byte sequence 1f8b0800: 1f8b is the gzip + * magic number; 08 specifies the "deflate" encoding [the only encoding + * supported by the gzip standard]; and 00 is the flags byte. We do not + * currently support any extra header fields (which would be indicated by + * a nonzero flags byte). We also don't handle the case when that byte + * sequence appears spuriously in the file. (Note that it would have to + * occur spuriously within a normal chunk to be a problem.) + * + * + * The imgdiff patch header looks like this: + * + * "IMGDIFF1" (8) [magic number and version] + * chunk count (4) + * for each chunk: + * chunk type (4) [CHUNK_{NORMAL, GZIP, DEFLATE, RAW}] + * if chunk type == CHUNK_NORMAL: + * source start (8) + * source len (8) + * bsdiff patch offset (8) [from start of patch file] + * if chunk type == CHUNK_GZIP: (version 1 only) + * source start (8) + * source len (8) + * bsdiff patch offset (8) [from start of patch file] + * source expanded len (8) [size of uncompressed source] + * target expected len (8) [size of uncompressed target] + * gzip level (4) + * method (4) + * windowBits (4) + * memLevel (4) + * strategy (4) + * gzip header len (4) + * gzip header (gzip header len) + * gzip footer (8) + * if chunk type == CHUNK_DEFLATE: (version 2 only) + * source start (8) + * source len (8) + * bsdiff patch offset (8) [from start of patch file] + * source expanded len (8) [size of uncompressed source] + * target expected len (8) [size of uncompressed target] + * gzip level (4) + * method (4) + * windowBits (4) + * memLevel (4) + * strategy (4) + * if chunk type == RAW: (version 2 only) + * target len (4) + * data (target len) + * + * All integers are little-endian. "source start" and "source len" + * specify the section of the input image that comprises this chunk, + * including the gzip header and footer for gzip chunks. "source + * expanded len" is the size of the uncompressed source data. "target + * expected len" is the size of the uncompressed data after applying + * the bsdiff patch. The next five parameters specify the zlib + * parameters to be used when compressing the patched data, and the + * next three specify the header and footer to be wrapped around the + * compressed data to create the output chunk (so that header contents + * like the timestamp are recreated exactly). + * + * After the header there are 'chunk count' bsdiff patches; the offset + * of each from the beginning of the file is specified in the header. + * + * This tool can take an optional file of "bonus data". This is an + * extra file of data that is appended to chunk #1 after it is + * compressed (it must be a CHUNK_DEFLATE chunk). The same file must + * be available (and passed to applypatch with -b) when applying the + * patch. This is used to reduce the size of recovery-from-boot + * patches by combining the boot image with recovery ramdisk + * information that is stored on the system partition. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "zlib.h" +#include "imgdiff.h" +#include "utils.h" + +typedef struct { + int type; // CHUNK_NORMAL, CHUNK_DEFLATE + size_t start; // offset of chunk in original image file + + size_t len; + unsigned char* data; // data to be patched (uncompressed, for deflate chunks) + + size_t source_start; + size_t source_len; + + off_t* I; // used by bsdiff + + // --- for CHUNK_DEFLATE chunks only: --- + + // original (compressed) deflate data + size_t deflate_len; + unsigned char* deflate_data; + + char* filename; // used for zip entries + + // deflate encoder parameters + int level, method, windowBits, memLevel, strategy; + + size_t source_uncompressed_len; +} ImageChunk; + +typedef struct { + int data_offset; + int deflate_len; + int uncomp_len; + char* filename; +} ZipFileEntry; + +static int fileentry_compare(const void* a, const void* b) { + int ao = ((ZipFileEntry*)a)->data_offset; + int bo = ((ZipFileEntry*)b)->data_offset; + if (ao < bo) { + return -1; + } else if (ao > bo) { + return 1; + } else { + return 0; + } +} + +// from bsdiff.c +int bsdiff(u_char* old, off_t oldsize, off_t** IP, u_char* newdata, off_t newsize, + const char* patch_filename); + +unsigned char* ReadZip(const char* filename, + int* num_chunks, ImageChunk** chunks, + int include_pseudo_chunk) { + struct stat st; + if (stat(filename, &st) != 0) { + printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); + return NULL; + } + + size_t sz = static_cast(st.st_size); + unsigned char* img = reinterpret_cast(malloc(sz)); + FILE* f = fopen(filename, "rb"); + if (fread(img, 1, sz, f) != sz) { + printf("failed to read \"%s\" %s\n", filename, strerror(errno)); + fclose(f); + return NULL; + } + fclose(f); + + // look for the end-of-central-directory record. + + int i; + for (i = st.st_size-20; i >= 0 && i > st.st_size - 65600; --i) { + if (img[i] == 0x50 && img[i+1] == 0x4b && + img[i+2] == 0x05 && img[i+3] == 0x06) { + break; + } + } + // double-check: this archive consists of a single "disk" + if (!(img[i+4] == 0 && img[i+5] == 0 && img[i+6] == 0 && img[i+7] == 0)) { + printf("can't process multi-disk archive\n"); + return NULL; + } + + int cdcount = Read2(img+i+8); + int cdoffset = Read4(img+i+16); + + ZipFileEntry* temp_entries = reinterpret_cast(malloc( + cdcount * sizeof(ZipFileEntry))); + int entrycount = 0; + + unsigned char* cd = img+cdoffset; + for (i = 0; i < cdcount; ++i) { + if (!(cd[0] == 0x50 && cd[1] == 0x4b && cd[2] == 0x01 && cd[3] == 0x02)) { + printf("bad central directory entry %d\n", i); + return NULL; + } + + int clen = Read4(cd+20); // compressed len + int ulen = Read4(cd+24); // uncompressed len + int nlen = Read2(cd+28); // filename len + int xlen = Read2(cd+30); // extra field len + int mlen = Read2(cd+32); // file comment len + int hoffset = Read4(cd+42); // local header offset + + char* filename = reinterpret_cast(malloc(nlen+1)); + memcpy(filename, cd+46, nlen); + filename[nlen] = '\0'; + + int method = Read2(cd+10); + + cd += 46 + nlen + xlen + mlen; + + if (method != 8) { // 8 == deflate + free(filename); + continue; + } + + unsigned char* lh = img + hoffset; + + if (!(lh[0] == 0x50 && lh[1] == 0x4b && lh[2] == 0x03 && lh[3] == 0x04)) { + printf("bad local file header entry %d\n", i); + return NULL; + } + + if (Read2(lh+26) != nlen || memcmp(lh+30, filename, nlen) != 0) { + printf("central dir filename doesn't match local header\n"); + return NULL; + } + + xlen = Read2(lh+28); // extra field len; might be different from CD entry? + + temp_entries[entrycount].data_offset = hoffset+30+nlen+xlen; + temp_entries[entrycount].deflate_len = clen; + temp_entries[entrycount].uncomp_len = ulen; + temp_entries[entrycount].filename = filename; + ++entrycount; + } + + qsort(temp_entries, entrycount, sizeof(ZipFileEntry), fileentry_compare); + +#if 0 + printf("found %d deflated entries\n", entrycount); + for (i = 0; i < entrycount; ++i) { + printf("off %10d len %10d unlen %10d %p %s\n", + temp_entries[i].data_offset, + temp_entries[i].deflate_len, + temp_entries[i].uncomp_len, + temp_entries[i].filename, + temp_entries[i].filename); + } +#endif + + *num_chunks = 0; + *chunks = reinterpret_cast(malloc((entrycount*2+2) * sizeof(ImageChunk))); + ImageChunk* curr = *chunks; + + if (include_pseudo_chunk) { + curr->type = CHUNK_NORMAL; + curr->start = 0; + curr->len = st.st_size; + curr->data = img; + curr->filename = NULL; + curr->I = NULL; + ++curr; + ++*num_chunks; + } + + int pos = 0; + int nextentry = 0; + + while (pos < st.st_size) { + if (nextentry < entrycount && pos == temp_entries[nextentry].data_offset) { + curr->type = CHUNK_DEFLATE; + curr->start = pos; + curr->deflate_len = temp_entries[nextentry].deflate_len; + curr->deflate_data = img + pos; + curr->filename = temp_entries[nextentry].filename; + curr->I = NULL; + + curr->len = temp_entries[nextentry].uncomp_len; + curr->data = reinterpret_cast(malloc(curr->len)); + + z_stream strm; + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = curr->deflate_len; + strm.next_in = curr->deflate_data; + + // -15 means we are decoding a 'raw' deflate stream; zlib will + // not expect zlib headers. + int ret = inflateInit2(&strm, -15); + + strm.avail_out = curr->len; + strm.next_out = curr->data; + ret = inflate(&strm, Z_NO_FLUSH); + if (ret != Z_STREAM_END) { + printf("failed to inflate \"%s\"; %d\n", curr->filename, ret); + return NULL; + } + + inflateEnd(&strm); + + pos += curr->deflate_len; + ++nextentry; + ++*num_chunks; + ++curr; + continue; + } + + // use a normal chunk to take all the data up to the start of the + // next deflate section. + + curr->type = CHUNK_NORMAL; + curr->start = pos; + if (nextentry < entrycount) { + curr->len = temp_entries[nextentry].data_offset - pos; + } else { + curr->len = st.st_size - pos; + } + curr->data = img + pos; + curr->filename = NULL; + curr->I = NULL; + pos += curr->len; + + ++*num_chunks; + ++curr; + } + + free(temp_entries); + return img; +} + +/* + * Read the given file and break it up into chunks, putting the number + * of chunks and their info in *num_chunks and **chunks, + * respectively. Returns a malloc'd block of memory containing the + * contents of the file; various pointers in the output chunk array + * will point into this block of memory. The caller should free the + * return value when done with all the chunks. Returns NULL on + * failure. + */ +unsigned char* ReadImage(const char* filename, + int* num_chunks, ImageChunk** chunks) { + struct stat st; + if (stat(filename, &st) != 0) { + printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); + return NULL; + } + + size_t sz = static_cast(st.st_size); + unsigned char* img = reinterpret_cast(malloc(sz + 4)); + FILE* f = fopen(filename, "rb"); + if (fread(img, 1, sz, f) != sz) { + printf("failed to read \"%s\" %s\n", filename, strerror(errno)); + fclose(f); + return NULL; + } + fclose(f); + + // append 4 zero bytes to the data so we can always search for the + // four-byte string 1f8b0800 starting at any point in the actual + // file data, without special-casing the end of the data. + memset(img+sz, 0, 4); + + size_t pos = 0; + + *num_chunks = 0; + *chunks = NULL; + + while (pos < sz) { + unsigned char* p = img+pos; + + if (sz - pos >= 4 && + p[0] == 0x1f && p[1] == 0x8b && + p[2] == 0x08 && // deflate compression + p[3] == 0x00) { // no header flags + // 'pos' is the offset of the start of a gzip chunk. + size_t chunk_offset = pos; + + *num_chunks += 3; + *chunks = reinterpret_cast(realloc(*chunks, + *num_chunks * sizeof(ImageChunk))); + ImageChunk* curr = *chunks + (*num_chunks-3); + + // create a normal chunk for the header. + curr->start = pos; + curr->type = CHUNK_NORMAL; + curr->len = GZIP_HEADER_LEN; + curr->data = p; + curr->I = NULL; + + pos += curr->len; + p += curr->len; + ++curr; + + curr->type = CHUNK_DEFLATE; + curr->filename = NULL; + curr->I = NULL; + + // We must decompress this chunk in order to discover where it + // ends, and so we can put the uncompressed data and its length + // into curr->data and curr->len. + + size_t allocated = 32768; + curr->len = 0; + curr->data = reinterpret_cast(malloc(allocated)); + curr->start = pos; + curr->deflate_data = p; + + z_stream strm; + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = sz - pos; + strm.next_in = p; + + // -15 means we are decoding a 'raw' deflate stream; zlib will + // not expect zlib headers. + int ret = inflateInit2(&strm, -15); + + do { + strm.avail_out = allocated - curr->len; + strm.next_out = curr->data + curr->len; + ret = inflate(&strm, Z_NO_FLUSH); + if (ret < 0) { + printf("Error: inflate failed [%s] at file offset [%zu]\n" + "imgdiff only supports gzip kernel compression," + " did you try CONFIG_KERNEL_LZO?\n", + strm.msg, chunk_offset); + free(img); + return NULL; + } + curr->len = allocated - strm.avail_out; + if (strm.avail_out == 0) { + allocated *= 2; + curr->data = reinterpret_cast(realloc(curr->data, allocated)); + } + } while (ret != Z_STREAM_END); + + curr->deflate_len = sz - strm.avail_in - pos; + inflateEnd(&strm); + pos += curr->deflate_len; + p += curr->deflate_len; + ++curr; + + // create a normal chunk for the footer + + curr->type = CHUNK_NORMAL; + curr->start = pos; + curr->len = GZIP_FOOTER_LEN; + curr->data = img+pos; + curr->I = NULL; + + pos += curr->len; + p += curr->len; + ++curr; + + // The footer (that we just skipped over) contains the size of + // the uncompressed data. Double-check to make sure that it + // matches the size of the data we got when we actually did + // the decompression. + size_t footer_size = Read4(p-4); + if (footer_size != curr[-2].len) { + printf("Error: footer size %zu != decompressed size %zu\n", + footer_size, curr[-2].len); + free(img); + return NULL; + } + } else { + // Reallocate the list for every chunk; we expect the number of + // chunks to be small (5 for typical boot and recovery images). + ++*num_chunks; + *chunks = reinterpret_cast(realloc(*chunks, *num_chunks * sizeof(ImageChunk))); + ImageChunk* curr = *chunks + (*num_chunks-1); + curr->start = pos; + curr->I = NULL; + + // 'pos' is not the offset of the start of a gzip chunk, so scan + // forward until we find a gzip header. + curr->type = CHUNK_NORMAL; + curr->data = p; + + for (curr->len = 0; curr->len < (sz - pos); ++curr->len) { + if (p[curr->len] == 0x1f && + p[curr->len+1] == 0x8b && + p[curr->len+2] == 0x08 && + p[curr->len+3] == 0x00) { + break; + } + } + pos += curr->len; + } + } + + return img; +} + +#define BUFFER_SIZE 32768 + +/* + * Takes the uncompressed data stored in the chunk, compresses it + * using the zlib parameters stored in the chunk, and checks that it + * matches exactly the compressed data we started with (also stored in + * the chunk). Return 0 on success. + */ +int TryReconstruction(ImageChunk* chunk, unsigned char* out) { + size_t p = 0; + +#if 0 + printf("trying %d %d %d %d %d\n", + chunk->level, chunk->method, chunk->windowBits, + chunk->memLevel, chunk->strategy); +#endif + + z_stream strm; + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = chunk->len; + strm.next_in = chunk->data; + int ret; + ret = deflateInit2(&strm, chunk->level, chunk->method, chunk->windowBits, + chunk->memLevel, chunk->strategy); + do { + strm.avail_out = BUFFER_SIZE; + strm.next_out = out; + ret = deflate(&strm, Z_FINISH); + size_t have = BUFFER_SIZE - strm.avail_out; + + if (memcmp(out, chunk->deflate_data+p, have) != 0) { + // mismatch; data isn't the same. + deflateEnd(&strm); + return -1; + } + p += have; + } while (ret != Z_STREAM_END); + deflateEnd(&strm); + if (p != chunk->deflate_len) { + // mismatch; ran out of data before we should have. + return -1; + } + return 0; +} + +/* + * Verify that we can reproduce exactly the same compressed data that + * we started with. Sets the level, method, windowBits, memLevel, and + * strategy fields in the chunk to the encoding parameters needed to + * produce the right output. Returns 0 on success. + */ +int ReconstructDeflateChunk(ImageChunk* chunk) { + if (chunk->type != CHUNK_DEFLATE) { + printf("attempt to reconstruct non-deflate chunk\n"); + return -1; + } + + size_t p = 0; + unsigned char* out = reinterpret_cast(malloc(BUFFER_SIZE)); + + // We only check two combinations of encoder parameters: level 6 + // (the default) and level 9 (the maximum). + for (chunk->level = 6; chunk->level <= 9; chunk->level += 3) { + chunk->windowBits = -15; // 32kb window; negative to indicate a raw stream. + chunk->memLevel = 8; // the default value. + chunk->method = Z_DEFLATED; + chunk->strategy = Z_DEFAULT_STRATEGY; + + if (TryReconstruction(chunk, out) == 0) { + free(out); + return 0; + } + } + + free(out); + return -1; +} + +/* + * Given source and target chunks, compute a bsdiff patch between them + * by running bsdiff in a subprocess. Return the patch data, placing + * its length in *size. Return NULL on failure. We expect the bsdiff + * program to be in the path. + */ +unsigned char* MakePatch(ImageChunk* src, ImageChunk* tgt, size_t* size) { + if (tgt->type == CHUNK_NORMAL) { + if (tgt->len <= 160) { + tgt->type = CHUNK_RAW; + *size = tgt->len; + return tgt->data; + } + } + + char ptemp[] = "/tmp/imgdiff-patch-XXXXXX"; + mkstemp(ptemp); + + int r = bsdiff(src->data, src->len, &(src->I), tgt->data, tgt->len, ptemp); + if (r != 0) { + printf("bsdiff() failed: %d\n", r); + return NULL; + } + + struct stat st; + if (stat(ptemp, &st) != 0) { + printf("failed to stat patch file %s: %s\n", + ptemp, strerror(errno)); + return NULL; + } + + size_t sz = static_cast(st.st_size); + // TODO: Memory leak on error return. + unsigned char* data = reinterpret_cast(malloc(sz)); + + if (tgt->type == CHUNK_NORMAL && tgt->len <= sz) { + unlink(ptemp); + + tgt->type = CHUNK_RAW; + *size = tgt->len; + return tgt->data; + } + + *size = sz; + + FILE* f = fopen(ptemp, "rb"); + if (f == NULL) { + printf("failed to open patch %s: %s\n", ptemp, strerror(errno)); + return NULL; + } + if (fread(data, 1, sz, f) != sz) { + printf("failed to read patch %s: %s\n", ptemp, strerror(errno)); + return NULL; + } + fclose(f); + + unlink(ptemp); + + tgt->source_start = src->start; + switch (tgt->type) { + case CHUNK_NORMAL: + tgt->source_len = src->len; + break; + case CHUNK_DEFLATE: + tgt->source_len = src->deflate_len; + tgt->source_uncompressed_len = src->len; + break; + } + + return data; +} + +/* + * Cause a gzip chunk to be treated as a normal chunk (ie, as a blob + * of uninterpreted data). The resulting patch will likely be about + * as big as the target file, but it lets us handle the case of images + * where some gzip chunks are reconstructible but others aren't (by + * treating the ones that aren't as normal chunks). + */ +void ChangeDeflateChunkToNormal(ImageChunk* ch) { + if (ch->type != CHUNK_DEFLATE) return; + ch->type = CHUNK_NORMAL; + free(ch->data); + ch->data = ch->deflate_data; + ch->len = ch->deflate_len; +} + +/* + * Return true if the data in the chunk is identical (including the + * compressed representation, for gzip chunks). + */ +int AreChunksEqual(ImageChunk* a, ImageChunk* b) { + if (a->type != b->type) return 0; + + switch (a->type) { + case CHUNK_NORMAL: + return a->len == b->len && memcmp(a->data, b->data, a->len) == 0; + + case CHUNK_DEFLATE: + return a->deflate_len == b->deflate_len && + memcmp(a->deflate_data, b->deflate_data, a->deflate_len) == 0; + + default: + printf("unknown chunk type %d\n", a->type); + return 0; + } +} + +/* + * Look for runs of adjacent normal chunks and compress them down into + * a single chunk. (Such runs can be produced when deflate chunks are + * changed to normal chunks.) + */ +void MergeAdjacentNormalChunks(ImageChunk* chunks, int* num_chunks) { + int out = 0; + int in_start = 0, in_end; + while (in_start < *num_chunks) { + if (chunks[in_start].type != CHUNK_NORMAL) { + in_end = in_start+1; + } else { + // in_start is a normal chunk. Look for a run of normal chunks + // that constitute a solid block of data (ie, each chunk begins + // where the previous one ended). + for (in_end = in_start+1; + in_end < *num_chunks && chunks[in_end].type == CHUNK_NORMAL && + (chunks[in_end].start == + chunks[in_end-1].start + chunks[in_end-1].len && + chunks[in_end].data == + chunks[in_end-1].data + chunks[in_end-1].len); + ++in_end); + } + + if (in_end == in_start+1) { +#if 0 + printf("chunk %d is now %d\n", in_start, out); +#endif + if (out != in_start) { + memcpy(chunks+out, chunks+in_start, sizeof(ImageChunk)); + } + } else { +#if 0 + printf("collapse normal chunks %d-%d into %d\n", in_start, in_end-1, out); +#endif + + // Merge chunks [in_start, in_end-1] into one chunk. Since the + // data member of each chunk is just a pointer into an in-memory + // copy of the file, this can be done without recopying (the + // output chunk has the first chunk's start location and data + // pointer, and length equal to the sum of the input chunk + // lengths). + chunks[out].type = CHUNK_NORMAL; + chunks[out].start = chunks[in_start].start; + chunks[out].data = chunks[in_start].data; + chunks[out].len = chunks[in_end-1].len + + (chunks[in_end-1].start - chunks[in_start].start); + } + + ++out; + in_start = in_end; + } + *num_chunks = out; +} + +ImageChunk* FindChunkByName(const char* name, + ImageChunk* chunks, int num_chunks) { + int i; + for (i = 0; i < num_chunks; ++i) { + if (chunks[i].type == CHUNK_DEFLATE && chunks[i].filename && + strcmp(name, chunks[i].filename) == 0) { + return chunks+i; + } + } + return NULL; +} + +void DumpChunks(ImageChunk* chunks, int num_chunks) { + for (int i = 0; i < num_chunks; ++i) { + printf("chunk %d: type %d start %zu len %zu\n", + i, chunks[i].type, chunks[i].start, chunks[i].len); + } +} + +int main(int argc, char** argv) { + int zip_mode = 0; + + if (argc >= 2 && strcmp(argv[1], "-z") == 0) { + zip_mode = 1; + --argc; + ++argv; + } + + size_t bonus_size = 0; + unsigned char* bonus_data = NULL; + if (argc >= 3 && strcmp(argv[1], "-b") == 0) { + struct stat st; + if (stat(argv[2], &st) != 0) { + printf("failed to stat bonus file %s: %s\n", argv[2], strerror(errno)); + return 1; + } + bonus_size = st.st_size; + bonus_data = reinterpret_cast(malloc(bonus_size)); + FILE* f = fopen(argv[2], "rb"); + if (f == NULL) { + printf("failed to open bonus file %s: %s\n", argv[2], strerror(errno)); + return 1; + } + if (fread(bonus_data, 1, bonus_size, f) != bonus_size) { + printf("failed to read bonus file %s: %s\n", argv[2], strerror(errno)); + return 1; + } + fclose(f); + + argc -= 2; + argv += 2; + } + + if (argc != 4) { + usage: + printf("usage: %s [-z] [-b ] \n", + argv[0]); + return 2; + } + + int num_src_chunks; + ImageChunk* src_chunks; + int num_tgt_chunks; + ImageChunk* tgt_chunks; + int i; + + if (zip_mode) { + if (ReadZip(argv[1], &num_src_chunks, &src_chunks, 1) == NULL) { + printf("failed to break apart source zip file\n"); + return 1; + } + if (ReadZip(argv[2], &num_tgt_chunks, &tgt_chunks, 0) == NULL) { + printf("failed to break apart target zip file\n"); + return 1; + } + } else { + if (ReadImage(argv[1], &num_src_chunks, &src_chunks) == NULL) { + printf("failed to break apart source image\n"); + return 1; + } + if (ReadImage(argv[2], &num_tgt_chunks, &tgt_chunks) == NULL) { + printf("failed to break apart target image\n"); + return 1; + } + + // Verify that the source and target images have the same chunk + // structure (ie, the same sequence of deflate and normal chunks). + + if (!zip_mode) { + // Merge the gzip header and footer in with any adjacent + // normal chunks. + MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); + MergeAdjacentNormalChunks(src_chunks, &num_src_chunks); + } + + if (num_src_chunks != num_tgt_chunks) { + printf("source and target don't have same number of chunks!\n"); + printf("source chunks:\n"); + DumpChunks(src_chunks, num_src_chunks); + printf("target chunks:\n"); + DumpChunks(tgt_chunks, num_tgt_chunks); + return 1; + } + for (i = 0; i < num_src_chunks; ++i) { + if (src_chunks[i].type != tgt_chunks[i].type) { + printf("source and target don't have same chunk " + "structure! (chunk %d)\n", i); + printf("source chunks:\n"); + DumpChunks(src_chunks, num_src_chunks); + printf("target chunks:\n"); + DumpChunks(tgt_chunks, num_tgt_chunks); + return 1; + } + } + } + + for (i = 0; i < num_tgt_chunks; ++i) { + if (tgt_chunks[i].type == CHUNK_DEFLATE) { + // Confirm that given the uncompressed chunk data in the target, we + // can recompress it and get exactly the same bits as are in the + // input target image. If this fails, treat the chunk as a normal + // non-deflated chunk. + if (ReconstructDeflateChunk(tgt_chunks+i) < 0) { + printf("failed to reconstruct target deflate chunk %d [%s]; " + "treating as normal\n", i, tgt_chunks[i].filename); + ChangeDeflateChunkToNormal(tgt_chunks+i); + if (zip_mode) { + ImageChunk* src = FindChunkByName(tgt_chunks[i].filename, src_chunks, num_src_chunks); + if (src) { + ChangeDeflateChunkToNormal(src); + } + } else { + ChangeDeflateChunkToNormal(src_chunks+i); + } + continue; + } + + // If two deflate chunks are identical (eg, the kernel has not + // changed between two builds), treat them as normal chunks. + // This makes applypatch much faster -- it can apply a trivial + // patch to the compressed data, rather than uncompressing and + // recompressing to apply the trivial patch to the uncompressed + // data. + ImageChunk* src; + if (zip_mode) { + src = FindChunkByName(tgt_chunks[i].filename, src_chunks, num_src_chunks); + } else { + src = src_chunks+i; + } + + if (src == NULL || AreChunksEqual(tgt_chunks+i, src)) { + ChangeDeflateChunkToNormal(tgt_chunks+i); + if (src) { + ChangeDeflateChunkToNormal(src); + } + } + } + } + + // Merging neighboring normal chunks. + if (zip_mode) { + // For zips, we only need to do this to the target: deflated + // chunks are matched via filename, and normal chunks are patched + // using the entire source file as the source. + MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); + } else { + // For images, we need to maintain the parallel structure of the + // chunk lists, so do the merging in both the source and target + // lists. + MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); + MergeAdjacentNormalChunks(src_chunks, &num_src_chunks); + if (num_src_chunks != num_tgt_chunks) { + // This shouldn't happen. + printf("merging normal chunks went awry\n"); + return 1; + } + } + + // Compute bsdiff patches for each chunk's data (the uncompressed + // data, in the case of deflate chunks). + + DumpChunks(src_chunks, num_src_chunks); + + printf("Construct patches for %d chunks...\n", num_tgt_chunks); + unsigned char** patch_data = reinterpret_cast(malloc( + num_tgt_chunks * sizeof(unsigned char*))); + size_t* patch_size = reinterpret_cast(malloc(num_tgt_chunks * sizeof(size_t))); + for (i = 0; i < num_tgt_chunks; ++i) { + if (zip_mode) { + ImageChunk* src; + if (tgt_chunks[i].type == CHUNK_DEFLATE && + (src = FindChunkByName(tgt_chunks[i].filename, src_chunks, + num_src_chunks))) { + patch_data[i] = MakePatch(src, tgt_chunks+i, patch_size+i); + } else { + patch_data[i] = MakePatch(src_chunks, tgt_chunks+i, patch_size+i); + } + } else { + if (i == 1 && bonus_data) { + printf(" using %zu bytes of bonus data for chunk %d\n", bonus_size, i); + src_chunks[i].data = reinterpret_cast(realloc(src_chunks[i].data, + src_chunks[i].len + bonus_size)); + memcpy(src_chunks[i].data+src_chunks[i].len, bonus_data, bonus_size); + src_chunks[i].len += bonus_size; + } + + patch_data[i] = MakePatch(src_chunks+i, tgt_chunks+i, patch_size+i); + } + printf("patch %3d is %zu bytes (of %zu)\n", + i, patch_size[i], tgt_chunks[i].source_len); + } + + // Figure out how big the imgdiff file header is going to be, so + // that we can correctly compute the offset of each bsdiff patch + // within the file. + + size_t total_header_size = 12; + for (i = 0; i < num_tgt_chunks; ++i) { + total_header_size += 4; + switch (tgt_chunks[i].type) { + case CHUNK_NORMAL: + total_header_size += 8*3; + break; + case CHUNK_DEFLATE: + total_header_size += 8*5 + 4*5; + break; + case CHUNK_RAW: + total_header_size += 4 + patch_size[i]; + break; + } + } + + size_t offset = total_header_size; + + FILE* f = fopen(argv[3], "wb"); + + // Write out the headers. + + fwrite("IMGDIFF2", 1, 8, f); + Write4(num_tgt_chunks, f); + for (i = 0; i < num_tgt_chunks; ++i) { + Write4(tgt_chunks[i].type, f); + + switch (tgt_chunks[i].type) { + case CHUNK_NORMAL: + printf("chunk %3d: normal (%10zu, %10zu) %10zu\n", i, + tgt_chunks[i].start, tgt_chunks[i].len, patch_size[i]); + Write8(tgt_chunks[i].source_start, f); + Write8(tgt_chunks[i].source_len, f); + Write8(offset, f); + offset += patch_size[i]; + break; + + case CHUNK_DEFLATE: + printf("chunk %3d: deflate (%10zu, %10zu) %10zu %s\n", i, + tgt_chunks[i].start, tgt_chunks[i].deflate_len, patch_size[i], + tgt_chunks[i].filename); + Write8(tgt_chunks[i].source_start, f); + Write8(tgt_chunks[i].source_len, f); + Write8(offset, f); + Write8(tgt_chunks[i].source_uncompressed_len, f); + Write8(tgt_chunks[i].len, f); + Write4(tgt_chunks[i].level, f); + Write4(tgt_chunks[i].method, f); + Write4(tgt_chunks[i].windowBits, f); + Write4(tgt_chunks[i].memLevel, f); + Write4(tgt_chunks[i].strategy, f); + offset += patch_size[i]; + break; + + case CHUNK_RAW: + printf("chunk %3d: raw (%10zu, %10zu)\n", i, + tgt_chunks[i].start, tgt_chunks[i].len); + Write4(patch_size[i], f); + fwrite(patch_data[i], 1, patch_size[i], f); + break; + } + } + + // Append each chunk's bsdiff patch, in order. + + for (i = 0; i < num_tgt_chunks; ++i) { + if (tgt_chunks[i].type != CHUNK_RAW) { + fwrite(patch_data[i], 1, patch_size[i], f); + } + } + + fclose(f); + + return 0; +} diff --git a/applypatch/imgpatch.c b/applypatch/imgpatch.c deleted file mode 100644 index 09b0a7397..000000000 --- a/applypatch/imgpatch.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// See imgdiff.c in this directory for a description of the patch file -// format. - -#include -#include -#include -#include -#include -#include -#include - -#include "zlib.h" -#include "mincrypt/sha.h" -#include "applypatch.h" -#include "imgdiff.h" -#include "utils.h" - -/* - * Apply the patch given in 'patch_filename' to the source data given - * by (old_data, old_size). Write the patched output to the 'output' - * file, and update the SHA context with the output data as well. - * Return 0 on success. - */ -int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size __unused, - const Value* patch, - SinkFn sink, void* token, SHA_CTX* ctx, - const Value* bonus_data) { - ssize_t pos = 12; - char* header = patch->data; - if (patch->size < 12) { - printf("patch too short to contain header\n"); - return -1; - } - - // IMGDIFF2 uses CHUNK_NORMAL, CHUNK_DEFLATE, and CHUNK_RAW. - // (IMGDIFF1, which is no longer supported, used CHUNK_NORMAL and - // CHUNK_GZIP.) - if (memcmp(header, "IMGDIFF2", 8) != 0) { - printf("corrupt patch file header (magic number)\n"); - return -1; - } - - int num_chunks = Read4(header+8); - - int i; - for (i = 0; i < num_chunks; ++i) { - // each chunk's header record starts with 4 bytes. - if (pos + 4 > patch->size) { - printf("failed to read chunk %d record\n", i); - return -1; - } - int type = Read4(patch->data + pos); - pos += 4; - - if (type == CHUNK_NORMAL) { - char* normal_header = patch->data + pos; - pos += 24; - if (pos > patch->size) { - printf("failed to read chunk %d normal header data\n", i); - return -1; - } - - size_t src_start = Read8(normal_header); - size_t src_len = Read8(normal_header+8); - size_t patch_offset = Read8(normal_header+16); - - ApplyBSDiffPatch(old_data + src_start, src_len, - patch, patch_offset, sink, token, ctx); - } else if (type == CHUNK_RAW) { - char* raw_header = patch->data + pos; - pos += 4; - if (pos > patch->size) { - printf("failed to read chunk %d raw header data\n", i); - return -1; - } - - ssize_t data_len = Read4(raw_header); - - if (pos + data_len > patch->size) { - printf("failed to read chunk %d raw data\n", i); - return -1; - } - if (ctx) SHA_update(ctx, patch->data + pos, data_len); - if (sink((unsigned char*)patch->data + pos, - data_len, token) != data_len) { - printf("failed to write chunk %d raw data\n", i); - return -1; - } - pos += data_len; - } else if (type == CHUNK_DEFLATE) { - // deflate chunks have an additional 60 bytes in their chunk header. - char* deflate_header = patch->data + pos; - pos += 60; - if (pos > patch->size) { - printf("failed to read chunk %d deflate header data\n", i); - return -1; - } - - size_t src_start = Read8(deflate_header); - size_t src_len = Read8(deflate_header+8); - size_t patch_offset = Read8(deflate_header+16); - size_t expanded_len = Read8(deflate_header+24); - size_t target_len = Read8(deflate_header+32); - int level = Read4(deflate_header+40); - int method = Read4(deflate_header+44); - int windowBits = Read4(deflate_header+48); - int memLevel = Read4(deflate_header+52); - int strategy = Read4(deflate_header+56); - - // Decompress the source data; the chunk header tells us exactly - // how big we expect it to be when decompressed. - - // Note: expanded_len will include the bonus data size if - // the patch was constructed with bonus data. The - // deflation will come up 'bonus_size' bytes short; these - // must be appended from the bonus_data value. - size_t bonus_size = (i == 1 && bonus_data != NULL) ? bonus_data->size : 0; - - unsigned char* expanded_source = malloc(expanded_len); - if (expanded_source == NULL) { - printf("failed to allocate %zu bytes for expanded_source\n", - expanded_len); - return -1; - } - - z_stream strm; - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = src_len; - strm.next_in = (unsigned char*)(old_data + src_start); - strm.avail_out = expanded_len; - strm.next_out = expanded_source; - - int ret; - ret = inflateInit2(&strm, -15); - if (ret != Z_OK) { - printf("failed to init source inflation: %d\n", ret); - return -1; - } - - // Because we've provided enough room to accommodate the output - // data, we expect one call to inflate() to suffice. - ret = inflate(&strm, Z_SYNC_FLUSH); - if (ret != Z_STREAM_END) { - printf("source inflation returned %d\n", ret); - return -1; - } - // We should have filled the output buffer exactly, except - // for the bonus_size. - if (strm.avail_out != bonus_size) { - printf("source inflation short by %zu bytes\n", strm.avail_out-bonus_size); - return -1; - } - inflateEnd(&strm); - - if (bonus_size) { - memcpy(expanded_source + (expanded_len - bonus_size), - bonus_data->data, bonus_size); - } - - // Next, apply the bsdiff patch (in memory) to the uncompressed - // data. - unsigned char* uncompressed_target_data; - ssize_t uncompressed_target_size; - if (ApplyBSDiffPatchMem(expanded_source, expanded_len, - patch, patch_offset, - &uncompressed_target_data, - &uncompressed_target_size) != 0) { - return -1; - } - - // Now compress the target data and append it to the output. - - // we're done with the expanded_source data buffer, so we'll - // reuse that memory to receive the output of deflate. - unsigned char* temp_data = expanded_source; - ssize_t temp_size = expanded_len; - if (temp_size < 32768) { - // ... unless the buffer is too small, in which case we'll - // allocate a fresh one. - free(temp_data); - temp_data = malloc(32768); - temp_size = 32768; - } - - // now the deflate stream - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = uncompressed_target_size; - strm.next_in = uncompressed_target_data; - ret = deflateInit2(&strm, level, method, windowBits, memLevel, strategy); - do { - strm.avail_out = temp_size; - strm.next_out = temp_data; - ret = deflate(&strm, Z_FINISH); - ssize_t have = temp_size - strm.avail_out; - - if (sink(temp_data, have, token) != have) { - printf("failed to write %ld compressed bytes to output\n", - (long)have); - return -1; - } - if (ctx) SHA_update(ctx, temp_data, have); - } while (ret != Z_STREAM_END); - deflateEnd(&strm); - - free(temp_data); - free(uncompressed_target_data); - } else { - printf("patch chunk %d is unknown type %d\n", i, type); - return -1; - } - } - - return 0; -} diff --git a/applypatch/imgpatch.cpp b/applypatch/imgpatch.cpp new file mode 100644 index 000000000..26888f8ee --- /dev/null +++ b/applypatch/imgpatch.cpp @@ -0,0 +1,234 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// See imgdiff.c in this directory for a description of the patch file +// format. + +#include +#include +#include +#include +#include +#include +#include + +#include "zlib.h" +#include "mincrypt/sha.h" +#include "applypatch.h" +#include "imgdiff.h" +#include "utils.h" + +/* + * Apply the patch given in 'patch_filename' to the source data given + * by (old_data, old_size). Write the patched output to the 'output' + * file, and update the SHA context with the output data as well. + * Return 0 on success. + */ +int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size __unused, + const Value* patch, + SinkFn sink, void* token, SHA_CTX* ctx, + const Value* bonus_data) { + ssize_t pos = 12; + char* header = patch->data; + if (patch->size < 12) { + printf("patch too short to contain header\n"); + return -1; + } + + // IMGDIFF2 uses CHUNK_NORMAL, CHUNK_DEFLATE, and CHUNK_RAW. + // (IMGDIFF1, which is no longer supported, used CHUNK_NORMAL and + // CHUNK_GZIP.) + if (memcmp(header, "IMGDIFF2", 8) != 0) { + printf("corrupt patch file header (magic number)\n"); + return -1; + } + + int num_chunks = Read4(header+8); + + int i; + for (i = 0; i < num_chunks; ++i) { + // each chunk's header record starts with 4 bytes. + if (pos + 4 > patch->size) { + printf("failed to read chunk %d record\n", i); + return -1; + } + int type = Read4(patch->data + pos); + pos += 4; + + if (type == CHUNK_NORMAL) { + char* normal_header = patch->data + pos; + pos += 24; + if (pos > patch->size) { + printf("failed to read chunk %d normal header data\n", i); + return -1; + } + + size_t src_start = Read8(normal_header); + size_t src_len = Read8(normal_header+8); + size_t patch_offset = Read8(normal_header+16); + + ApplyBSDiffPatch(old_data + src_start, src_len, + patch, patch_offset, sink, token, ctx); + } else if (type == CHUNK_RAW) { + char* raw_header = patch->data + pos; + pos += 4; + if (pos > patch->size) { + printf("failed to read chunk %d raw header data\n", i); + return -1; + } + + ssize_t data_len = Read4(raw_header); + + if (pos + data_len > patch->size) { + printf("failed to read chunk %d raw data\n", i); + return -1; + } + if (ctx) SHA_update(ctx, patch->data + pos, data_len); + if (sink((unsigned char*)patch->data + pos, + data_len, token) != data_len) { + printf("failed to write chunk %d raw data\n", i); + return -1; + } + pos += data_len; + } else if (type == CHUNK_DEFLATE) { + // deflate chunks have an additional 60 bytes in their chunk header. + char* deflate_header = patch->data + pos; + pos += 60; + if (pos > patch->size) { + printf("failed to read chunk %d deflate header data\n", i); + return -1; + } + + size_t src_start = Read8(deflate_header); + size_t src_len = Read8(deflate_header+8); + size_t patch_offset = Read8(deflate_header+16); + size_t expanded_len = Read8(deflate_header+24); + size_t target_len = Read8(deflate_header+32); + int level = Read4(deflate_header+40); + int method = Read4(deflate_header+44); + int windowBits = Read4(deflate_header+48); + int memLevel = Read4(deflate_header+52); + int strategy = Read4(deflate_header+56); + + // Decompress the source data; the chunk header tells us exactly + // how big we expect it to be when decompressed. + + // Note: expanded_len will include the bonus data size if + // the patch was constructed with bonus data. The + // deflation will come up 'bonus_size' bytes short; these + // must be appended from the bonus_data value. + size_t bonus_size = (i == 1 && bonus_data != NULL) ? bonus_data->size : 0; + + unsigned char* expanded_source = reinterpret_cast(malloc(expanded_len)); + if (expanded_source == NULL) { + printf("failed to allocate %zu bytes for expanded_source\n", + expanded_len); + return -1; + } + + z_stream strm; + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = src_len; + strm.next_in = (unsigned char*)(old_data + src_start); + strm.avail_out = expanded_len; + strm.next_out = expanded_source; + + int ret; + ret = inflateInit2(&strm, -15); + if (ret != Z_OK) { + printf("failed to init source inflation: %d\n", ret); + return -1; + } + + // Because we've provided enough room to accommodate the output + // data, we expect one call to inflate() to suffice. + ret = inflate(&strm, Z_SYNC_FLUSH); + if (ret != Z_STREAM_END) { + printf("source inflation returned %d\n", ret); + return -1; + } + // We should have filled the output buffer exactly, except + // for the bonus_size. + if (strm.avail_out != bonus_size) { + printf("source inflation short by %zu bytes\n", strm.avail_out-bonus_size); + return -1; + } + inflateEnd(&strm); + + if (bonus_size) { + memcpy(expanded_source + (expanded_len - bonus_size), + bonus_data->data, bonus_size); + } + + // Next, apply the bsdiff patch (in memory) to the uncompressed + // data. + unsigned char* uncompressed_target_data; + ssize_t uncompressed_target_size; + if (ApplyBSDiffPatchMem(expanded_source, expanded_len, + patch, patch_offset, + &uncompressed_target_data, + &uncompressed_target_size) != 0) { + return -1; + } + + // Now compress the target data and append it to the output. + + // we're done with the expanded_source data buffer, so we'll + // reuse that memory to receive the output of deflate. + unsigned char* temp_data = expanded_source; + ssize_t temp_size = expanded_len; + if (temp_size < 32768) { + // ... unless the buffer is too small, in which case we'll + // allocate a fresh one. + free(temp_data); + temp_data = reinterpret_cast(malloc(32768)); + temp_size = 32768; + } + + // now the deflate stream + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = uncompressed_target_size; + strm.next_in = uncompressed_target_data; + ret = deflateInit2(&strm, level, method, windowBits, memLevel, strategy); + do { + strm.avail_out = temp_size; + strm.next_out = temp_data; + ret = deflate(&strm, Z_FINISH); + ssize_t have = temp_size - strm.avail_out; + + if (sink(temp_data, have, token) != have) { + printf("failed to write %ld compressed bytes to output\n", + (long)have); + return -1; + } + if (ctx) SHA_update(ctx, temp_data, have); + } while (ret != Z_STREAM_END); + deflateEnd(&strm); + + free(temp_data); + free(uncompressed_target_data); + } else { + printf("patch chunk %d is unknown type %d\n", i, type); + return -1; + } + } + + return 0; +} diff --git a/applypatch/main.c b/applypatch/main.c deleted file mode 100644 index 8e9fe80ef..000000000 --- a/applypatch/main.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include - -#include "applypatch.h" -#include "edify/expr.h" -#include "mincrypt/sha.h" - -int CheckMode(int argc, char** argv) { - if (argc < 3) { - return 2; - } - return applypatch_check(argv[2], argc-3, argv+3); -} - -int SpaceMode(int argc, char** argv) { - if (argc != 3) { - return 2; - } - char* endptr; - size_t bytes = strtol(argv[2], &endptr, 10); - if (bytes == 0 && endptr == argv[2]) { - printf("can't parse \"%s\" as byte count\n\n", argv[2]); - return 1; - } - return CacheSizeCheck(bytes); -} - -// Parse arguments (which should be of the form "" or -// ":" into the new parallel arrays *sha1s and -// *patches (loading file contents into the patches). Returns 0 on -// success. -static int ParsePatchArgs(int argc, char** argv, - char*** sha1s, Value*** patches, int* num_patches) { - *num_patches = argc; - *sha1s = malloc(*num_patches * sizeof(char*)); - *patches = malloc(*num_patches * sizeof(Value*)); - memset(*patches, 0, *num_patches * sizeof(Value*)); - - uint8_t digest[SHA_DIGEST_SIZE]; - - int i; - for (i = 0; i < *num_patches; ++i) { - char* colon = strchr(argv[i], ':'); - if (colon != NULL) { - *colon = '\0'; - ++colon; - } - - if (ParseSha1(argv[i], digest) != 0) { - printf("failed to parse sha1 \"%s\"\n", argv[i]); - return -1; - } - - (*sha1s)[i] = argv[i]; - if (colon == NULL) { - (*patches)[i] = NULL; - } else { - FileContents fc; - if (LoadFileContents(colon, &fc) != 0) { - goto abort; - } - (*patches)[i] = malloc(sizeof(Value)); - (*patches)[i]->type = VAL_BLOB; - (*patches)[i]->size = fc.size; - (*patches)[i]->data = (char*)fc.data; - } - } - - return 0; - - abort: - for (i = 0; i < *num_patches; ++i) { - Value* p = (*patches)[i]; - if (p != NULL) { - free(p->data); - free(p); - } - } - free(*sha1s); - free(*patches); - return -1; -} - -int PatchMode(int argc, char** argv) { - Value* bonus = NULL; - if (argc >= 3 && strcmp(argv[1], "-b") == 0) { - FileContents fc; - if (LoadFileContents(argv[2], &fc) != 0) { - printf("failed to load bonus file %s\n", argv[2]); - return 1; - } - bonus = malloc(sizeof(Value)); - bonus->type = VAL_BLOB; - bonus->size = fc.size; - bonus->data = (char*)fc.data; - argc -= 2; - argv += 2; - } - - if (argc < 6) { - return 2; - } - - char* endptr; - size_t target_size = strtol(argv[4], &endptr, 10); - if (target_size == 0 && endptr == argv[4]) { - printf("can't parse \"%s\" as byte count\n\n", argv[4]); - return 1; - } - - char** sha1s; - Value** patches; - int num_patches; - if (ParsePatchArgs(argc-5, argv+5, &sha1s, &patches, &num_patches) != 0) { - printf("failed to parse patch args\n"); - return 1; - } - - int result = applypatch(argv[1], argv[2], argv[3], target_size, - num_patches, sha1s, patches, bonus); - - int i; - for (i = 0; i < num_patches; ++i) { - Value* p = patches[i]; - if (p != NULL) { - free(p->data); - free(p); - } - } - if (bonus) { - free(bonus->data); - free(bonus); - } - free(sha1s); - free(patches); - - return result; -} - -// This program applies binary patches to files in a way that is safe -// (the original file is not touched until we have the desired -// replacement for it) and idempotent (it's okay to run this program -// multiple times). -// -// - if the sha1 hash of is , does nothing and exits -// successfully. -// -// - otherwise, if the sha1 hash of is , applies the -// bsdiff to to produce a new file (the type of patch -// is automatically detected from the file header). If that new -// file has sha1 hash , moves it to replace , and -// exits successfully. Note that if and are -// not the same, is NOT deleted on success. -// may be the string "-" to mean "the same as src-file". -// -// - otherwise, or if any error is encountered, exits with non-zero -// status. -// -// (or in check mode) may refer to an MTD partition -// to read the source data. See the comments for the -// LoadMTDContents() function above for the format of such a filename. - -int main(int argc, char** argv) { - if (argc < 2) { - usage: - printf( - "usage: %s [-b ] " - "[: ...]\n" - " or %s -c [ ...]\n" - " or %s -s \n" - " or %s -l\n" - "\n" - "Filenames may be of the form\n" - " MTD::::::...\n" - "to specify reading from or writing to an MTD partition.\n\n", - argv[0], argv[0], argv[0], argv[0]); - return 2; - } - - int result; - - if (strncmp(argv[1], "-l", 3) == 0) { - result = ShowLicenses(); - } else if (strncmp(argv[1], "-c", 3) == 0) { - result = CheckMode(argc, argv); - } else if (strncmp(argv[1], "-s", 3) == 0) { - result = SpaceMode(argc, argv); - } else { - result = PatchMode(argc, argv); - } - - if (result == 2) { - goto usage; - } - return result; -} diff --git a/applypatch/main.cpp b/applypatch/main.cpp new file mode 100644 index 000000000..63ff5c2c0 --- /dev/null +++ b/applypatch/main.cpp @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include + +#include "applypatch.h" +#include "edify/expr.h" +#include "mincrypt/sha.h" + +static int CheckMode(int argc, char** argv) { + if (argc < 3) { + return 2; + } + return applypatch_check(argv[2], argc-3, argv+3); +} + +static int SpaceMode(int argc, char** argv) { + if (argc != 3) { + return 2; + } + char* endptr; + size_t bytes = strtol(argv[2], &endptr, 10); + if (bytes == 0 && endptr == argv[2]) { + printf("can't parse \"%s\" as byte count\n\n", argv[2]); + return 1; + } + return CacheSizeCheck(bytes); +} + +// Parse arguments (which should be of the form "" or +// ":" into the new parallel arrays *sha1s and +// *patches (loading file contents into the patches). Returns true on +// success. +static bool ParsePatchArgs(int argc, char** argv, + char*** sha1s, Value*** patches, int* num_patches) { + *num_patches = argc; + *sha1s = reinterpret_cast(malloc(*num_patches * sizeof(char*))); + *patches = reinterpret_cast(malloc(*num_patches * sizeof(Value*))); + memset(*patches, 0, *num_patches * sizeof(Value*)); + + uint8_t digest[SHA_DIGEST_SIZE]; + + for (int i = 0; i < *num_patches; ++i) { + char* colon = strchr(argv[i], ':'); + if (colon != NULL) { + *colon = '\0'; + ++colon; + } + + if (ParseSha1(argv[i], digest) != 0) { + printf("failed to parse sha1 \"%s\"\n", argv[i]); + return false; + } + + (*sha1s)[i] = argv[i]; + if (colon == NULL) { + (*patches)[i] = NULL; + } else { + FileContents fc; + if (LoadFileContents(colon, &fc) != 0) { + goto abort; + } + (*patches)[i] = reinterpret_cast(malloc(sizeof(Value))); + (*patches)[i]->type = VAL_BLOB; + (*patches)[i]->size = fc.size; + (*patches)[i]->data = reinterpret_cast(fc.data); + } + } + + return true; + + abort: + for (int i = 0; i < *num_patches; ++i) { + Value* p = (*patches)[i]; + if (p != NULL) { + free(p->data); + free(p); + } + } + free(*sha1s); + free(*patches); + return false; +} + +int PatchMode(int argc, char** argv) { + Value* bonus = NULL; + if (argc >= 3 && strcmp(argv[1], "-b") == 0) { + FileContents fc; + if (LoadFileContents(argv[2], &fc) != 0) { + printf("failed to load bonus file %s\n", argv[2]); + return 1; + } + bonus = reinterpret_cast(malloc(sizeof(Value))); + bonus->type = VAL_BLOB; + bonus->size = fc.size; + bonus->data = (char*)fc.data; + argc -= 2; + argv += 2; + } + + if (argc < 6) { + return 2; + } + + char* endptr; + size_t target_size = strtol(argv[4], &endptr, 10); + if (target_size == 0 && endptr == argv[4]) { + printf("can't parse \"%s\" as byte count\n\n", argv[4]); + return 1; + } + + char** sha1s; + Value** patches; + int num_patches; + if (!ParsePatchArgs(argc-5, argv+5, &sha1s, &patches, &num_patches)) { + printf("failed to parse patch args\n"); + return 1; + } + + int result = applypatch(argv[1], argv[2], argv[3], target_size, + num_patches, sha1s, patches, bonus); + + int i; + for (i = 0; i < num_patches; ++i) { + Value* p = patches[i]; + if (p != NULL) { + free(p->data); + free(p); + } + } + if (bonus) { + free(bonus->data); + free(bonus); + } + free(sha1s); + free(patches); + + return result; +} + +// This program applies binary patches to files in a way that is safe +// (the original file is not touched until we have the desired +// replacement for it) and idempotent (it's okay to run this program +// multiple times). +// +// - if the sha1 hash of is , does nothing and exits +// successfully. +// +// - otherwise, if the sha1 hash of is , applies the +// bsdiff to to produce a new file (the type of patch +// is automatically detected from the file header). If that new +// file has sha1 hash , moves it to replace , and +// exits successfully. Note that if and are +// not the same, is NOT deleted on success. +// may be the string "-" to mean "the same as src-file". +// +// - otherwise, or if any error is encountered, exits with non-zero +// status. +// +// (or in check mode) may refer to an MTD partition +// to read the source data. See the comments for the +// LoadMTDContents() function above for the format of such a filename. + +int main(int argc, char** argv) { + if (argc < 2) { + usage: + printf( + "usage: %s [-b ] " + "[: ...]\n" + " or %s -c [ ...]\n" + " or %s -s \n" + " or %s -l\n" + "\n" + "Filenames may be of the form\n" + " MTD::::::...\n" + "to specify reading from or writing to an MTD partition.\n\n", + argv[0], argv[0], argv[0], argv[0]); + return 2; + } + + int result; + + if (strncmp(argv[1], "-l", 3) == 0) { + result = ShowLicenses(); + } else if (strncmp(argv[1], "-c", 3) == 0) { + result = CheckMode(argc, argv); + } else if (strncmp(argv[1], "-s", 3) == 0) { + result = SpaceMode(argc, argv); + } else { + result = PatchMode(argc, argv); + } + + if (result == 2) { + goto usage; + } + return result; +} diff --git a/applypatch/utils.c b/applypatch/utils.c deleted file mode 100644 index 41ff676dc..000000000 --- a/applypatch/utils.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include "utils.h" - -/** Write a 4-byte value to f in little-endian order. */ -void Write4(int value, FILE* f) { - fputc(value & 0xff, f); - fputc((value >> 8) & 0xff, f); - fputc((value >> 16) & 0xff, f); - fputc((value >> 24) & 0xff, f); -} - -/** Write an 8-byte value to f in little-endian order. */ -void Write8(long long value, FILE* f) { - fputc(value & 0xff, f); - fputc((value >> 8) & 0xff, f); - fputc((value >> 16) & 0xff, f); - fputc((value >> 24) & 0xff, f); - fputc((value >> 32) & 0xff, f); - fputc((value >> 40) & 0xff, f); - fputc((value >> 48) & 0xff, f); - fputc((value >> 56) & 0xff, f); -} - -int Read2(void* pv) { - unsigned char* p = pv; - return (int)(((unsigned int)p[1] << 8) | - (unsigned int)p[0]); -} - -int Read4(void* pv) { - unsigned char* p = pv; - return (int)(((unsigned int)p[3] << 24) | - ((unsigned int)p[2] << 16) | - ((unsigned int)p[1] << 8) | - (unsigned int)p[0]); -} - -long long Read8(void* pv) { - unsigned char* p = pv; - return (long long)(((unsigned long long)p[7] << 56) | - ((unsigned long long)p[6] << 48) | - ((unsigned long long)p[5] << 40) | - ((unsigned long long)p[4] << 32) | - ((unsigned long long)p[3] << 24) | - ((unsigned long long)p[2] << 16) | - ((unsigned long long)p[1] << 8) | - (unsigned long long)p[0]); -} diff --git a/applypatch/utils.cpp b/applypatch/utils.cpp new file mode 100644 index 000000000..4a80be75f --- /dev/null +++ b/applypatch/utils.cpp @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "utils.h" + +/** Write a 4-byte value to f in little-endian order. */ +void Write4(int value, FILE* f) { + fputc(value & 0xff, f); + fputc((value >> 8) & 0xff, f); + fputc((value >> 16) & 0xff, f); + fputc((value >> 24) & 0xff, f); +} + +/** Write an 8-byte value to f in little-endian order. */ +void Write8(long long value, FILE* f) { + fputc(value & 0xff, f); + fputc((value >> 8) & 0xff, f); + fputc((value >> 16) & 0xff, f); + fputc((value >> 24) & 0xff, f); + fputc((value >> 32) & 0xff, f); + fputc((value >> 40) & 0xff, f); + fputc((value >> 48) & 0xff, f); + fputc((value >> 56) & 0xff, f); +} + +int Read2(void* pv) { + unsigned char* p = reinterpret_cast(pv); + return (int)(((unsigned int)p[1] << 8) | + (unsigned int)p[0]); +} + +int Read4(void* pv) { + unsigned char* p = reinterpret_cast(pv); + return (int)(((unsigned int)p[3] << 24) | + ((unsigned int)p[2] << 16) | + ((unsigned int)p[1] << 8) | + (unsigned int)p[0]); +} + +long long Read8(void* pv) { + unsigned char* p = reinterpret_cast(pv); + return (long long)(((unsigned long long)p[7] << 56) | + ((unsigned long long)p[6] << 48) | + ((unsigned long long)p[5] << 40) | + ((unsigned long long)p[4] << 32) | + ((unsigned long long)p[3] << 24) | + ((unsigned long long)p[2] << 16) | + ((unsigned long long)p[1] << 8) | + (unsigned long long)p[0]); +} diff --git a/minzip/Hash.h b/minzip/Hash.h index 8194537f3..e83eac414 100644 --- a/minzip/Hash.h +++ b/minzip/Hash.h @@ -15,6 +15,10 @@ #include #include +#ifdef __cplusplus +extern "C" { +#endif + /* compute the hash of an item with a specific type */ typedef unsigned int (*HashCompute)(const void* item); @@ -183,4 +187,8 @@ typedef unsigned int (*HashCalcFunc)(const void* item); void mzHashTableProbeCount(HashTable* pHashTable, HashCalcFunc calcFunc, HashCompareFunc cmpFunc); +#ifdef __cplusplus +} +#endif + #endif /*_MINZIP_HASH*/ diff --git a/roots.cpp b/roots.cpp index 2bd457efe..9288177e7 100644 --- a/roots.cpp +++ b/roots.cpp @@ -30,10 +30,8 @@ #include "roots.h" #include "common.h" #include "make_ext4fs.h" -extern "C" { #include "wipe.h" #include "cryptfs.h" -} static struct fstab *fstab = NULL; diff --git a/updater/Android.mk b/updater/Android.mk index a0ea06fa5..0d4179b23 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -1,11 +1,23 @@ # Copyright 2009 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. LOCAL_PATH := $(call my-dir) updater_src_files := \ - install.c \ - blockimg.c \ - updater.c + install.cpp \ + blockimg.cpp \ + updater.cpp # # Build a statically-linked binary to include in OTA packages diff --git a/updater/blockimg.c b/updater/blockimg.c deleted file mode 100644 index a6a389507..000000000 --- a/updater/blockimg.c +++ /dev/null @@ -1,1994 +0,0 @@ -/* - * Copyright (C) 2014 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "applypatch/applypatch.h" -#include "edify/expr.h" -#include "mincrypt/sha.h" -#include "minzip/Hash.h" -#include "updater.h" - -#define BLOCKSIZE 4096 - -// Set this to 0 to interpret 'erase' transfers to mean do a -// BLKDISCARD ioctl (the normal behavior). Set to 1 to interpret -// erase to mean fill the region with zeroes. -#define DEBUG_ERASE 0 - -#ifndef BLKDISCARD -#define BLKDISCARD _IO(0x12,119) -#endif - -#define STASH_DIRECTORY_BASE "/cache/recovery" -#define STASH_DIRECTORY_MODE 0700 -#define STASH_FILE_MODE 0600 - -char* PrintSha1(const uint8_t* digest); - -typedef struct { - int count; - int size; - int pos[0]; -} RangeSet; - -#define RANGESET_MAX_POINTS \ - ((int)((INT_MAX / sizeof(int)) - sizeof(RangeSet))) - -static RangeSet* parse_range(char* text) { - char* save; - char* token; - int i, num; - long int val; - RangeSet* out = NULL; - size_t bufsize; - - if (!text) { - goto err; - } - - token = strtok_r(text, ",", &save); - - if (!token) { - goto err; - } - - val = strtol(token, NULL, 0); - - if (val < 2 || val > RANGESET_MAX_POINTS) { - goto err; - } else if (val % 2) { - goto err; // must be even - } - - num = (int) val; - bufsize = sizeof(RangeSet) + num * sizeof(int); - - out = malloc(bufsize); - - if (!out) { - fprintf(stderr, "failed to allocate range of %zu bytes\n", bufsize); - goto err; - } - - out->count = num / 2; - out->size = 0; - - for (i = 0; i < num; ++i) { - token = strtok_r(NULL, ",", &save); - - if (!token) { - goto err; - } - - val = strtol(token, NULL, 0); - - if (val < 0 || val > INT_MAX) { - goto err; - } - - out->pos[i] = (int) val; - - if (i % 2) { - if (out->pos[i - 1] >= out->pos[i]) { - goto err; // empty or negative range - } - - if (out->size > INT_MAX - out->pos[i]) { - goto err; // overflow - } - - out->size += out->pos[i]; - } else { - if (out->size < 0) { - goto err; - } - - out->size -= out->pos[i]; - } - } - - if (out->size <= 0) { - goto err; - } - - return out; - -err: - fprintf(stderr, "failed to parse range '%s'\n", text ? text : "NULL"); - exit(1); -} - -static int range_overlaps(RangeSet* r1, RangeSet* r2) { - int i, j, r1_0, r1_1, r2_0, r2_1; - - if (!r1 || !r2) { - return 0; - } - - for (i = 0; i < r1->count; ++i) { - r1_0 = r1->pos[i * 2]; - r1_1 = r1->pos[i * 2 + 1]; - - for (j = 0; j < r2->count; ++j) { - r2_0 = r2->pos[j * 2]; - r2_1 = r2->pos[j * 2 + 1]; - - if (!(r2_0 >= r1_1 || r1_0 >= r2_1)) { - return 1; - } - } - } - - return 0; -} - -static int read_all(int fd, uint8_t* data, size_t size) { - size_t so_far = 0; - while (so_far < size) { - ssize_t r = TEMP_FAILURE_RETRY(read(fd, data+so_far, size-so_far)); - if (r == -1) { - fprintf(stderr, "read failed: %s\n", strerror(errno)); - return -1; - } - so_far += r; - } - return 0; -} - -static int write_all(int fd, const uint8_t* data, size_t size) { - size_t written = 0; - while (written < size) { - ssize_t w = TEMP_FAILURE_RETRY(write(fd, data+written, size-written)); - if (w == -1) { - fprintf(stderr, "write failed: %s\n", strerror(errno)); - return -1; - } - written += w; - } - - if (fsync(fd) == -1) { - fprintf(stderr, "fsync failed: %s\n", strerror(errno)); - return -1; - } - - return 0; -} - -static bool check_lseek(int fd, off64_t offset, int whence) { - off64_t rc = TEMP_FAILURE_RETRY(lseek64(fd, offset, whence)); - if (rc == -1) { - fprintf(stderr, "lseek64 failed: %s\n", strerror(errno)); - return false; - } - return true; -} - -static void allocate(size_t size, uint8_t** buffer, size_t* buffer_alloc) { - // if the buffer's big enough, reuse it. - if (size <= *buffer_alloc) return; - - free(*buffer); - - *buffer = (uint8_t*) malloc(size); - if (*buffer == NULL) { - fprintf(stderr, "failed to allocate %zu bytes\n", size); - exit(1); - } - *buffer_alloc = size; -} - -typedef struct { - int fd; - RangeSet* tgt; - int p_block; - size_t p_remain; -} RangeSinkState; - -static ssize_t RangeSinkWrite(const uint8_t* data, ssize_t size, void* token) { - RangeSinkState* rss = (RangeSinkState*) token; - - if (rss->p_remain <= 0) { - fprintf(stderr, "range sink write overrun"); - return 0; - } - - ssize_t written = 0; - while (size > 0) { - size_t write_now = size; - - if (rss->p_remain < write_now) { - write_now = rss->p_remain; - } - - if (write_all(rss->fd, data, write_now) == -1) { - break; - } - - data += write_now; - size -= write_now; - - rss->p_remain -= write_now; - written += write_now; - - if (rss->p_remain == 0) { - // move to the next block - ++rss->p_block; - if (rss->p_block < rss->tgt->count) { - rss->p_remain = (rss->tgt->pos[rss->p_block * 2 + 1] - - rss->tgt->pos[rss->p_block * 2]) * BLOCKSIZE; - - if (!check_lseek(rss->fd, (off64_t)rss->tgt->pos[rss->p_block*2] * BLOCKSIZE, - SEEK_SET)) { - break; - } - } else { - // we can't write any more; return how many bytes have - // been written so far. - break; - } - } - } - - return written; -} - -// All of the data for all the 'new' transfers is contained in one -// file in the update package, concatenated together in the order in -// which transfers.list will need it. We want to stream it out of the -// archive (it's compressed) without writing it to a temp file, but we -// can't write each section until it's that transfer's turn to go. -// -// To achieve this, we expand the new data from the archive in a -// background thread, and block that threads 'receive uncompressed -// data' function until the main thread has reached a point where we -// want some new data to be written. We signal the background thread -// with the destination for the data and block the main thread, -// waiting for the background thread to complete writing that section. -// Then it signals the main thread to wake up and goes back to -// blocking waiting for a transfer. -// -// NewThreadInfo is the struct used to pass information back and forth -// between the two threads. When the main thread wants some data -// written, it sets rss to the destination location and signals the -// condition. When the background thread is done writing, it clears -// rss and signals the condition again. - -typedef struct { - ZipArchive* za; - const ZipEntry* entry; - - RangeSinkState* rss; - - pthread_mutex_t mu; - pthread_cond_t cv; -} NewThreadInfo; - -static bool receive_new_data(const unsigned char* data, int size, void* cookie) { - NewThreadInfo* nti = (NewThreadInfo*) cookie; - - while (size > 0) { - // Wait for nti->rss to be non-NULL, indicating some of this - // data is wanted. - pthread_mutex_lock(&nti->mu); - while (nti->rss == NULL) { - pthread_cond_wait(&nti->cv, &nti->mu); - } - pthread_mutex_unlock(&nti->mu); - - // At this point nti->rss is set, and we own it. The main - // thread is waiting for it to disappear from nti. - ssize_t written = RangeSinkWrite(data, size, nti->rss); - data += written; - size -= written; - - if (nti->rss->p_block == nti->rss->tgt->count) { - // we have written all the bytes desired by this rss. - - pthread_mutex_lock(&nti->mu); - nti->rss = NULL; - pthread_cond_broadcast(&nti->cv); - pthread_mutex_unlock(&nti->mu); - } - } - - return true; -} - -static void* unzip_new_data(void* cookie) { - NewThreadInfo* nti = (NewThreadInfo*) cookie; - mzProcessZipEntryContents(nti->za, nti->entry, receive_new_data, nti); - return NULL; -} - -static int ReadBlocks(RangeSet* src, uint8_t* buffer, int fd) { - int i; - size_t p = 0; - size_t size; - - if (!src || !buffer) { - return -1; - } - - for (i = 0; i < src->count; ++i) { - if (!check_lseek(fd, (off64_t) src->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { - return -1; - } - - size = (src->pos[i * 2 + 1] - src->pos[i * 2]) * BLOCKSIZE; - - if (read_all(fd, buffer + p, size) == -1) { - return -1; - } - - p += size; - } - - return 0; -} - -static int WriteBlocks(RangeSet* tgt, uint8_t* buffer, int fd) { - int i; - size_t p = 0; - size_t size; - - if (!tgt || !buffer) { - return -1; - } - - for (i = 0; i < tgt->count; ++i) { - if (!check_lseek(fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { - return -1; - } - - size = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * BLOCKSIZE; - - if (write_all(fd, buffer + p, size) == -1) { - return -1; - } - - p += size; - } - - return 0; -} - -// Do a source/target load for move/bsdiff/imgdiff in version 1. -// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect -// to parse the remainder of the string as: -// -// -// -// The source range is loaded into the provided buffer, reallocating -// it to make it larger if necessary. The target ranges are returned -// in *tgt, if tgt is non-NULL. - -static int LoadSrcTgtVersion1(char** wordsave, RangeSet** tgt, int* src_blocks, - uint8_t** buffer, size_t* buffer_alloc, int fd) { - char* word; - int rc; - - word = strtok_r(NULL, " ", wordsave); - RangeSet* src = parse_range(word); - - if (tgt != NULL) { - word = strtok_r(NULL, " ", wordsave); - *tgt = parse_range(word); - } - - allocate(src->size * BLOCKSIZE, buffer, buffer_alloc); - rc = ReadBlocks(src, *buffer, fd); - *src_blocks = src->size; - - free(src); - return rc; -} - -static int VerifyBlocks(const char *expected, const uint8_t *buffer, - size_t blocks, int printerror) { - char* hexdigest = NULL; - int rc = -1; - uint8_t digest[SHA_DIGEST_SIZE]; - - if (!expected || !buffer) { - return rc; - } - - SHA_hash(buffer, blocks * BLOCKSIZE, digest); - hexdigest = PrintSha1(digest); - - if (hexdigest != NULL) { - rc = strcmp(expected, hexdigest); - - if (rc != 0 && printerror) { - fprintf(stderr, "failed to verify blocks (expected %s, read %s)\n", - expected, hexdigest); - } - - free(hexdigest); - } - - return rc; -} - -static char* GetStashFileName(const char* base, const char* id, const char* postfix) { - char* fn; - int len; - int res; - - if (base == NULL) { - return NULL; - } - - if (id == NULL) { - id = ""; - } - - if (postfix == NULL) { - postfix = ""; - } - - len = strlen(STASH_DIRECTORY_BASE) + 1 + strlen(base) + 1 + strlen(id) + strlen(postfix) + 1; - fn = malloc(len); - - if (fn == NULL) { - fprintf(stderr, "failed to malloc %d bytes for fn\n", len); - return NULL; - } - - res = snprintf(fn, len, STASH_DIRECTORY_BASE "/%s/%s%s", base, id, postfix); - - if (res < 0 || res >= len) { - fprintf(stderr, "failed to format file name (return value %d)\n", res); - free(fn); - return NULL; - } - - return fn; -} - -typedef void (*StashCallback)(const char*, void*); - -// Does a best effort enumeration of stash files. Ignores possible non-file -// items in the stash directory and continues despite of errors. Calls the -// 'callback' function for each file and passes 'data' to the function as a -// parameter. - -static void EnumerateStash(const char* dirname, StashCallback callback, void* data) { - char* fn; - DIR* directory; - int len; - int res; - struct dirent* item; - - if (dirname == NULL || callback == NULL) { - return; - } - - directory = opendir(dirname); - - if (directory == NULL) { - if (errno != ENOENT) { - fprintf(stderr, "opendir \"%s\" failed: %s\n", dirname, strerror(errno)); - } - return; - } - - while ((item = readdir(directory)) != NULL) { - if (item->d_type != DT_REG) { - continue; - } - - len = strlen(dirname) + 1 + strlen(item->d_name) + 1; - fn = malloc(len); - - if (fn == NULL) { - fprintf(stderr, "failed to malloc %d bytes for fn\n", len); - continue; - } - - res = snprintf(fn, len, "%s/%s", dirname, item->d_name); - - if (res < 0 || res >= len) { - fprintf(stderr, "failed to format file name (return value %d)\n", res); - free(fn); - continue; - } - - callback(fn, data); - free(fn); - } - - if (closedir(directory) == -1) { - fprintf(stderr, "closedir \"%s\" failed: %s\n", dirname, strerror(errno)); - } -} - -static void UpdateFileSize(const char* fn, void* data) { - int* size = (int*) data; - struct stat st; - - if (!fn || !data) { - return; - } - - if (stat(fn, &st) == -1) { - fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); - return; - } - - *size += st.st_size; -} - -// Deletes the stash directory and all files in it. Assumes that it only -// contains files. There is nothing we can do about unlikely, but possible -// errors, so they are merely logged. - -static void DeleteFile(const char* fn, void* data) { - if (fn) { - fprintf(stderr, "deleting %s\n", fn); - - if (unlink(fn) == -1 && errno != ENOENT) { - fprintf(stderr, "unlink \"%s\" failed: %s\n", fn, strerror(errno)); - } - } -} - -static void DeletePartial(const char* fn, void* data) { - if (fn && strstr(fn, ".partial") != NULL) { - DeleteFile(fn, data); - } -} - -static void DeleteStash(const char* base) { - char* dirname; - - if (base == NULL) { - return; - } - - dirname = GetStashFileName(base, NULL, NULL); - - if (dirname == NULL) { - return; - } - - fprintf(stderr, "deleting stash %s\n", base); - EnumerateStash(dirname, DeleteFile, NULL); - - if (rmdir(dirname) == -1) { - if (errno != ENOENT && errno != ENOTDIR) { - fprintf(stderr, "rmdir \"%s\" failed: %s\n", dirname, strerror(errno)); - } - } - - free(dirname); -} - -static int LoadStash(const char* base, const char* id, int verify, int* blocks, uint8_t** buffer, - size_t* buffer_alloc, int printnoent) { - char *fn = NULL; - int blockcount = 0; - int fd = -1; - int rc = -1; - int res; - struct stat st; - - if (!base || !id || !buffer || !buffer_alloc) { - goto lsout; - } - - if (!blocks) { - blocks = &blockcount; - } - - fn = GetStashFileName(base, id, NULL); - - if (fn == NULL) { - goto lsout; - } - - res = stat(fn, &st); - - if (res == -1) { - if (errno != ENOENT || printnoent) { - fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); - } - goto lsout; - } - - fprintf(stderr, " loading %s\n", fn); - - if ((st.st_size % BLOCKSIZE) != 0) { - fprintf(stderr, "%s size %zd not multiple of block size %d", fn, st.st_size, BLOCKSIZE); - goto lsout; - } - - fd = TEMP_FAILURE_RETRY(open(fn, O_RDONLY)); - - if (fd == -1) { - fprintf(stderr, "open \"%s\" failed: %s\n", fn, strerror(errno)); - goto lsout; - } - - allocate(st.st_size, buffer, buffer_alloc); - - if (read_all(fd, *buffer, st.st_size) == -1) { - goto lsout; - } - - *blocks = st.st_size / BLOCKSIZE; - - if (verify && VerifyBlocks(id, *buffer, *blocks, 1) != 0) { - fprintf(stderr, "unexpected contents in %s\n", fn); - DeleteFile(fn, NULL); - goto lsout; - } - - rc = 0; - -lsout: - if (fd != -1) { - close(fd); - } - - if (fn) { - free(fn); - } - - return rc; -} - -static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buffer, - int checkspace, int *exists) { - char *fn = NULL; - char *cn = NULL; - int fd = -1; - int rc = -1; - int res; - struct stat st; - - if (base == NULL || buffer == NULL) { - goto wsout; - } - - if (checkspace && CacheSizeCheck(blocks * BLOCKSIZE) != 0) { - fprintf(stderr, "not enough space to write stash\n"); - goto wsout; - } - - fn = GetStashFileName(base, id, ".partial"); - cn = GetStashFileName(base, id, NULL); - - if (fn == NULL || cn == NULL) { - goto wsout; - } - - if (exists) { - res = stat(cn, &st); - - if (res == 0) { - // The file already exists and since the name is the hash of the contents, - // it's safe to assume the contents are identical (accidental hash collisions - // are unlikely) - fprintf(stderr, " skipping %d existing blocks in %s\n", blocks, cn); - *exists = 1; - rc = 0; - goto wsout; - } - - *exists = 0; - } - - fprintf(stderr, " writing %d blocks to %s\n", blocks, cn); - - fd = TEMP_FAILURE_RETRY(open(fn, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, STASH_FILE_MODE)); - - if (fd == -1) { - fprintf(stderr, "failed to create \"%s\": %s\n", fn, strerror(errno)); - goto wsout; - } - - if (write_all(fd, buffer, blocks * BLOCKSIZE) == -1) { - goto wsout; - } - - if (fsync(fd) == -1) { - fprintf(stderr, "fsync \"%s\" failed: %s\n", fn, strerror(errno)); - goto wsout; - } - - if (rename(fn, cn) == -1) { - fprintf(stderr, "rename(\"%s\", \"%s\") failed: %s\n", fn, cn, strerror(errno)); - goto wsout; - } - - rc = 0; - -wsout: - if (fd != -1) { - close(fd); - } - - if (fn) { - free(fn); - } - - if (cn) { - free(cn); - } - - return rc; -} - -// Creates a directory for storing stash files and checks if the /cache partition -// hash enough space for the expected amount of blocks we need to store. Returns -// >0 if we created the directory, zero if it existed already, and <0 of failure. - -static int CreateStash(State* state, int maxblocks, const char* blockdev, char** base) { - char* dirname = NULL; - const uint8_t* digest; - int rc = -1; - int res; - int size = 0; - SHA_CTX ctx; - struct stat st; - - if (blockdev == NULL || base == NULL) { - goto csout; - } - - // Stash directory should be different for each partition to avoid conflicts - // when updating multiple partitions at the same time, so we use the hash of - // the block device name as the base directory - SHA_init(&ctx); - SHA_update(&ctx, blockdev, strlen(blockdev)); - digest = SHA_final(&ctx); - *base = PrintSha1(digest); - - if (*base == NULL) { - goto csout; - } - - dirname = GetStashFileName(*base, NULL, NULL); - - if (dirname == NULL) { - goto csout; - } - - res = stat(dirname, &st); - - if (res == -1 && errno != ENOENT) { - ErrorAbort(state, "stat \"%s\" failed: %s\n", dirname, strerror(errno)); - goto csout; - } else if (res != 0) { - fprintf(stderr, "creating stash %s\n", dirname); - res = mkdir(dirname, STASH_DIRECTORY_MODE); - - if (res != 0) { - ErrorAbort(state, "mkdir \"%s\" failed: %s\n", dirname, strerror(errno)); - goto csout; - } - - if (CacheSizeCheck(maxblocks * BLOCKSIZE) != 0) { - ErrorAbort(state, "not enough space for stash\n"); - goto csout; - } - - rc = 1; // Created directory - goto csout; - } - - fprintf(stderr, "using existing stash %s\n", dirname); - - // If the directory already exists, calculate the space already allocated to - // stash files and check if there's enough for all required blocks. Delete any - // partially completed stash files first. - - EnumerateStash(dirname, DeletePartial, NULL); - EnumerateStash(dirname, UpdateFileSize, &size); - - size = (maxblocks * BLOCKSIZE) - size; - - if (size > 0 && CacheSizeCheck(size) != 0) { - ErrorAbort(state, "not enough space for stash (%d more needed)\n", size); - goto csout; - } - - rc = 0; // Using existing directory - -csout: - if (dirname) { - free(dirname); - } - - return rc; -} - -static int SaveStash(const char* base, char** wordsave, uint8_t** buffer, size_t* buffer_alloc, - int fd, int usehash, int* isunresumable) { - char *id = NULL; - int res = -1; - int blocks = 0; - - if (!wordsave || !buffer || !buffer_alloc || !isunresumable) { - return -1; - } - - id = strtok_r(NULL, " ", wordsave); - - if (id == NULL) { - fprintf(stderr, "missing id field in stash command\n"); - return -1; - } - - if (usehash && LoadStash(base, id, 1, &blocks, buffer, buffer_alloc, 0) == 0) { - // Stash file already exists and has expected contents. Do not - // read from source again, as the source may have been already - // overwritten during a previous attempt. - return 0; - } - - if (LoadSrcTgtVersion1(wordsave, NULL, &blocks, buffer, buffer_alloc, fd) == -1) { - return -1; - } - - if (usehash && VerifyBlocks(id, *buffer, blocks, 1) != 0) { - // Source blocks have unexpected contents. If we actually need this - // data later, this is an unrecoverable error. However, the command - // that uses the data may have already completed previously, so the - // possible failure will occur during source block verification. - fprintf(stderr, "failed to load source blocks for stash %s\n", id); - return 0; - } - - fprintf(stderr, "stashing %d blocks to %s\n", blocks, id); - return WriteStash(base, id, blocks, *buffer, 0, NULL); -} - -static int FreeStash(const char* base, const char* id) { - char *fn = NULL; - - if (base == NULL || id == NULL) { - return -1; - } - - fn = GetStashFileName(base, id, NULL); - - if (fn == NULL) { - return -1; - } - - DeleteFile(fn, NULL); - free(fn); - - return 0; -} - -static void MoveRange(uint8_t* dest, RangeSet* locs, const uint8_t* source) { - // source contains packed data, which we want to move to the - // locations given in *locs in the dest buffer. source and dest - // may be the same buffer. - - int start = locs->size; - int i; - for (i = locs->count-1; i >= 0; --i) { - int blocks = locs->pos[i*2+1] - locs->pos[i*2]; - start -= blocks; - memmove(dest + (locs->pos[i*2] * BLOCKSIZE), source + (start * BLOCKSIZE), - blocks * BLOCKSIZE); - } -} - -// Do a source/target load for move/bsdiff/imgdiff in version 2. -// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect -// to parse the remainder of the string as one of: -// -// -// (loads data from source image only) -// -// - <[stash_id:stash_range] ...> -// (loads data from stashes only) -// -// <[stash_id:stash_range] ...> -// (loads data from both source image and stashes) -// -// On return, buffer is filled with the loaded source data (rearranged -// and combined with stashed data as necessary). buffer may be -// reallocated if needed to accommodate the source data. *tgt is the -// target RangeSet. Any stashes required are loaded using LoadStash. - -static int LoadSrcTgtVersion2(char** wordsave, RangeSet** tgt, int* src_blocks, - uint8_t** buffer, size_t* buffer_alloc, int fd, - const char* stashbase, int* overlap) { - char* word; - char* colonsave; - char* colon; - int id; - int res; - RangeSet* locs; - size_t stashalloc = 0; - uint8_t* stash = NULL; - - if (tgt != NULL) { - word = strtok_r(NULL, " ", wordsave); - *tgt = parse_range(word); - } - - word = strtok_r(NULL, " ", wordsave); - *src_blocks = strtol(word, NULL, 0); - - allocate(*src_blocks * BLOCKSIZE, buffer, buffer_alloc); - - word = strtok_r(NULL, " ", wordsave); - if (word[0] == '-' && word[1] == '\0') { - // no source ranges, only stashes - } else { - RangeSet* src = parse_range(word); - res = ReadBlocks(src, *buffer, fd); - - if (overlap && tgt) { - *overlap = range_overlaps(src, *tgt); - } - - free(src); - - if (res == -1) { - return -1; - } - - word = strtok_r(NULL, " ", wordsave); - if (word == NULL) { - // no stashes, only source range - return 0; - } - - locs = parse_range(word); - MoveRange(*buffer, locs, *buffer); - free(locs); - } - - while ((word = strtok_r(NULL, " ", wordsave)) != NULL) { - // Each word is a an index into the stash table, a colon, and - // then a rangeset describing where in the source block that - // stashed data should go. - colonsave = NULL; - colon = strtok_r(word, ":", &colonsave); - - res = LoadStash(stashbase, colon, 0, NULL, &stash, &stashalloc, 1); - - if (res == -1) { - // These source blocks will fail verification if used later, but we - // will let the caller decide if this is a fatal failure - fprintf(stderr, "failed to load stash %s\n", colon); - continue; - } - - colon = strtok_r(NULL, ":", &colonsave); - locs = parse_range(colon); - - MoveRange(*buffer, locs, stash); - free(locs); - } - - if (stash) { - free(stash); - } - - return 0; -} - -// Parameters for transfer list command functions -typedef struct { - char* cmdname; - char* cpos; - char* freestash; - char* stashbase; - int canwrite; - int createdstash; - int fd; - int foundwrites; - int isunresumable; - int version; - int written; - NewThreadInfo nti; - pthread_t thread; - size_t bufsize; - uint8_t* buffer; - uint8_t* patch_start; -} CommandParameters; - -// Do a source/target load for move/bsdiff/imgdiff in version 3. -// -// Parameters are the same as for LoadSrcTgtVersion2, except for 'onehash', which -// tells the function whether to expect separate source and targe block hashes, or -// if they are both the same and only one hash should be expected, and -// 'isunresumable', which receives a non-zero value if block verification fails in -// a way that the update cannot be resumed anymore. -// -// If the function is unable to load the necessary blocks or their contents don't -// match the hashes, the return value is -1 and the command should be aborted. -// -// If the return value is 1, the command has already been completed according to -// the contents of the target blocks, and should not be performed again. -// -// If the return value is 0, source blocks have expected content and the command -// can be performed. - -static int LoadSrcTgtVersion3(CommandParameters* params, RangeSet** tgt, int* src_blocks, - int onehash, int* overlap) { - char* srchash = NULL; - char* tgthash = NULL; - int stash_exists = 0; - int overlap_blocks = 0; - int rc = -1; - uint8_t* tgtbuffer = NULL; - - if (!params|| !tgt || !src_blocks || !overlap) { - goto v3out; - } - - srchash = strtok_r(NULL, " ", ¶ms->cpos); - - if (srchash == NULL) { - fprintf(stderr, "missing source hash\n"); - goto v3out; - } - - if (onehash) { - tgthash = srchash; - } else { - tgthash = strtok_r(NULL, " ", ¶ms->cpos); - - if (tgthash == NULL) { - fprintf(stderr, "missing target hash\n"); - goto v3out; - } - } - - if (LoadSrcTgtVersion2(¶ms->cpos, tgt, src_blocks, ¶ms->buffer, ¶ms->bufsize, - params->fd, params->stashbase, overlap) == -1) { - goto v3out; - } - - tgtbuffer = (uint8_t*) malloc((*tgt)->size * BLOCKSIZE); - - if (tgtbuffer == NULL) { - fprintf(stderr, "failed to allocate %d bytes\n", (*tgt)->size * BLOCKSIZE); - goto v3out; - } - - if (ReadBlocks(*tgt, tgtbuffer, params->fd) == -1) { - goto v3out; - } - - if (VerifyBlocks(tgthash, tgtbuffer, (*tgt)->size, 0) == 0) { - // Target blocks already have expected content, command should be skipped - rc = 1; - goto v3out; - } - - if (VerifyBlocks(srchash, params->buffer, *src_blocks, 1) == 0) { - // If source and target blocks overlap, stash the source blocks so we can - // resume from possible write errors - if (*overlap) { - fprintf(stderr, "stashing %d overlapping blocks to %s\n", *src_blocks, - srchash); - - if (WriteStash(params->stashbase, srchash, *src_blocks, params->buffer, 1, - &stash_exists) != 0) { - fprintf(stderr, "failed to stash overlapping source blocks\n"); - goto v3out; - } - - // Can be deleted when the write has completed - if (!stash_exists) { - params->freestash = srchash; - } - } - - // Source blocks have expected content, command can proceed - rc = 0; - goto v3out; - } - - if (*overlap && LoadStash(params->stashbase, srchash, 1, NULL, ¶ms->buffer, - ¶ms->bufsize, 1) == 0) { - // Overlapping source blocks were previously stashed, command can proceed. - // We are recovering from an interrupted command, so we don't know if the - // stash can safely be deleted after this command. - rc = 0; - goto v3out; - } - - // Valid source data not available, update cannot be resumed - fprintf(stderr, "partition has unexpected contents\n"); - params->isunresumable = 1; - -v3out: - if (tgtbuffer) { - free(tgtbuffer); - } - - return rc; -} - -static int PerformCommandMove(CommandParameters* params) { - int blocks = 0; - int overlap = 0; - int rc = -1; - int status = 0; - RangeSet* tgt = NULL; - - if (!params) { - goto pcmout; - } - - if (params->version == 1) { - status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd); - } else if (params->version == 2) { - status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd, params->stashbase, NULL); - } else if (params->version >= 3) { - status = LoadSrcTgtVersion3(params, &tgt, &blocks, 1, &overlap); - } - - if (status == -1) { - fprintf(stderr, "failed to read blocks for move\n"); - goto pcmout; - } - - if (status == 0) { - params->foundwrites = 1; - } else if (params->foundwrites) { - fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); - } - - if (params->canwrite) { - if (status == 0) { - fprintf(stderr, " moving %d blocks\n", blocks); - - if (WriteBlocks(tgt, params->buffer, params->fd) == -1) { - goto pcmout; - } - } else { - fprintf(stderr, "skipping %d already moved blocks\n", blocks); - } - - } - - if (params->freestash) { - FreeStash(params->stashbase, params->freestash); - params->freestash = NULL; - } - - params->written += tgt->size; - rc = 0; - -pcmout: - if (tgt) { - free(tgt); - } - - return rc; -} - -static int PerformCommandStash(CommandParameters* params) { - if (!params) { - return -1; - } - - return SaveStash(params->stashbase, ¶ms->cpos, ¶ms->buffer, ¶ms->bufsize, - params->fd, (params->version >= 3), ¶ms->isunresumable); -} - -static int PerformCommandFree(CommandParameters* params) { - if (!params) { - return -1; - } - - if (params->createdstash || params->canwrite) { - return FreeStash(params->stashbase, params->cpos); - } - - return 0; -} - -static int PerformCommandZero(CommandParameters* params) { - char* range = NULL; - int i; - int j; - int rc = -1; - RangeSet* tgt = NULL; - - if (!params) { - goto pczout; - } - - range = strtok_r(NULL, " ", ¶ms->cpos); - - if (range == NULL) { - fprintf(stderr, "missing target blocks for zero\n"); - goto pczout; - } - - tgt = parse_range(range); - - fprintf(stderr, " zeroing %d blocks\n", tgt->size); - - allocate(BLOCKSIZE, ¶ms->buffer, ¶ms->bufsize); - memset(params->buffer, 0, BLOCKSIZE); - - if (params->canwrite) { - for (i = 0; i < tgt->count; ++i) { - if (!check_lseek(params->fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { - goto pczout; - } - - for (j = tgt->pos[i * 2]; j < tgt->pos[i * 2 + 1]; ++j) { - if (write_all(params->fd, params->buffer, BLOCKSIZE) == -1) { - goto pczout; - } - } - } - } - - if (params->cmdname[0] == 'z') { - // Update only for the zero command, as the erase command will call - // this if DEBUG_ERASE is defined. - params->written += tgt->size; - } - - rc = 0; - -pczout: - if (tgt) { - free(tgt); - } - - return rc; -} - -static int PerformCommandNew(CommandParameters* params) { - char* range = NULL; - int rc = -1; - RangeSet* tgt = NULL; - RangeSinkState rss; - - if (!params) { - goto pcnout; - } - - range = strtok_r(NULL, " ", ¶ms->cpos); - - if (range == NULL) { - goto pcnout; - } - - tgt = parse_range(range); - - if (params->canwrite) { - fprintf(stderr, " writing %d blocks of new data\n", tgt->size); - - rss.fd = params->fd; - rss.tgt = tgt; - rss.p_block = 0; - rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; - - if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { - goto pcnout; - } - - pthread_mutex_lock(¶ms->nti.mu); - params->nti.rss = &rss; - pthread_cond_broadcast(¶ms->nti.cv); - - while (params->nti.rss) { - pthread_cond_wait(¶ms->nti.cv, ¶ms->nti.mu); - } - - pthread_mutex_unlock(¶ms->nti.mu); - } - - params->written += tgt->size; - rc = 0; - -pcnout: - if (tgt) { - free(tgt); - } - - return rc; -} - -static int PerformCommandDiff(CommandParameters* params) { - char* logparams = NULL; - char* value = NULL; - int blocks = 0; - int overlap = 0; - int rc = -1; - int status = 0; - RangeSet* tgt = NULL; - RangeSinkState rss; - size_t len = 0; - size_t offset = 0; - Value patch_value; - - if (!params) { - goto pcdout; - } - - logparams = strdup(params->cpos); - value = strtok_r(NULL, " ", ¶ms->cpos); - - if (value == NULL) { - fprintf(stderr, "missing patch offset for %s\n", params->cmdname); - goto pcdout; - } - - offset = strtoul(value, NULL, 0); - - value = strtok_r(NULL, " ", ¶ms->cpos); - - if (value == NULL) { - fprintf(stderr, "missing patch length for %s\n", params->cmdname); - goto pcdout; - } - - len = strtoul(value, NULL, 0); - - if (params->version == 1) { - status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd); - } else if (params->version == 2) { - status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd, params->stashbase, NULL); - } else if (params->version >= 3) { - status = LoadSrcTgtVersion3(params, &tgt, &blocks, 0, &overlap); - } - - if (status == -1) { - fprintf(stderr, "failed to read blocks for diff\n"); - goto pcdout; - } - - if (status == 0) { - params->foundwrites = 1; - } else if (params->foundwrites) { - fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); - } - - if (params->canwrite) { - if (status == 0) { - fprintf(stderr, "patching %d blocks to %d\n", blocks, tgt->size); - - patch_value.type = VAL_BLOB; - patch_value.size = len; - patch_value.data = (char*) (params->patch_start + offset); - - rss.fd = params->fd; - rss.tgt = tgt; - rss.p_block = 0; - rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; - - if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { - goto pcdout; - } - - if (params->cmdname[0] == 'i') { // imgdiff - ApplyImagePatch(params->buffer, blocks * BLOCKSIZE, &patch_value, - &RangeSinkWrite, &rss, NULL, NULL); - } else { - ApplyBSDiffPatch(params->buffer, blocks * BLOCKSIZE, &patch_value, - 0, &RangeSinkWrite, &rss, NULL); - } - - // We expect the output of the patcher to fill the tgt ranges exactly. - if (rss.p_block != tgt->count || rss.p_remain != 0) { - fprintf(stderr, "range sink underrun?\n"); - } - } else { - fprintf(stderr, "skipping %d blocks already patched to %d [%s]\n", - blocks, tgt->size, logparams); - } - } - - if (params->freestash) { - FreeStash(params->stashbase, params->freestash); - params->freestash = NULL; - } - - params->written += tgt->size; - rc = 0; - -pcdout: - if (logparams) { - free(logparams); - } - - if (tgt) { - free(tgt); - } - - return rc; -} - -static int PerformCommandErase(CommandParameters* params) { - char* range = NULL; - int i; - int rc = -1; - RangeSet* tgt = NULL; - struct stat st; - uint64_t blocks[2]; - - if (DEBUG_ERASE) { - return PerformCommandZero(params); - } - - if (!params) { - goto pceout; - } - - if (fstat(params->fd, &st) == -1) { - fprintf(stderr, "failed to fstat device to erase: %s\n", strerror(errno)); - goto pceout; - } - - if (!S_ISBLK(st.st_mode)) { - fprintf(stderr, "not a block device; skipping erase\n"); - goto pceout; - } - - range = strtok_r(NULL, " ", ¶ms->cpos); - - if (range == NULL) { - fprintf(stderr, "missing target blocks for zero\n"); - goto pceout; - } - - tgt = parse_range(range); - - if (params->canwrite) { - fprintf(stderr, " erasing %d blocks\n", tgt->size); - - for (i = 0; i < tgt->count; ++i) { - // offset in bytes - blocks[0] = tgt->pos[i * 2] * (uint64_t) BLOCKSIZE; - // length in bytes - blocks[1] = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * (uint64_t) BLOCKSIZE; - - if (ioctl(params->fd, BLKDISCARD, &blocks) == -1) { - fprintf(stderr, "BLKDISCARD ioctl failed: %s\n", strerror(errno)); - goto pceout; - } - } - } - - rc = 0; - -pceout: - if (tgt) { - free(tgt); - } - - return rc; -} - -// Definitions for transfer list command functions -typedef int (*CommandFunction)(CommandParameters*); - -typedef struct { - const char* name; - CommandFunction f; -} Command; - -// CompareCommands and CompareCommandNames are for the hash table - -static int CompareCommands(const void* c1, const void* c2) { - return strcmp(((const Command*) c1)->name, ((const Command*) c2)->name); -} - -static int CompareCommandNames(const void* c1, const void* c2) { - return strcmp(((const Command*) c1)->name, (const char*) c2); -} - -// HashString is used to hash command names for the hash table - -static unsigned int HashString(const char *s) { - unsigned int hash = 0; - if (s) { - while (*s) { - hash = hash * 33 + *s++; - } - } - return hash; -} - -// args: -// - block device (or file) to modify in-place -// - transfer list (blob) -// - new data stream (filename within package.zip) -// - patch stream (filename within package.zip, must be uncompressed) - -static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, Expr* argv[], - const Command* commands, int cmdcount, int dryrun) { - - char* line = NULL; - char* linesave = NULL; - char* logcmd = NULL; - char* transfer_list = NULL; - CommandParameters params; - const Command* cmd = NULL; - const ZipEntry* new_entry = NULL; - const ZipEntry* patch_entry = NULL; - FILE* cmd_pipe = NULL; - HashTable* cmdht = NULL; - int i; - int res; - int rc = -1; - int stash_max_blocks = 0; - int total_blocks = 0; - pthread_attr_t attr; - unsigned int cmdhash; - UpdaterInfo* ui = NULL; - Value* blockdev_filename = NULL; - Value* new_data_fn = NULL; - Value* patch_data_fn = NULL; - Value* transfer_list_value = NULL; - ZipArchive* za = NULL; - - memset(¶ms, 0, sizeof(params)); - params.canwrite = !dryrun; - - fprintf(stderr, "performing %s\n", dryrun ? "verification" : "update"); - - if (ReadValueArgs(state, argv, 4, &blockdev_filename, &transfer_list_value, - &new_data_fn, &patch_data_fn) < 0) { - goto pbiudone; - } - - if (blockdev_filename->type != VAL_STRING) { - ErrorAbort(state, "blockdev_filename argument to %s must be string", name); - goto pbiudone; - } - if (transfer_list_value->type != VAL_BLOB) { - ErrorAbort(state, "transfer_list argument to %s must be blob", name); - goto pbiudone; - } - if (new_data_fn->type != VAL_STRING) { - ErrorAbort(state, "new_data_fn argument to %s must be string", name); - goto pbiudone; - } - if (patch_data_fn->type != VAL_STRING) { - ErrorAbort(state, "patch_data_fn argument to %s must be string", name); - goto pbiudone; - } - - ui = (UpdaterInfo*) state->cookie; - - if (ui == NULL) { - goto pbiudone; - } - - cmd_pipe = ui->cmd_pipe; - za = ui->package_zip; - - if (cmd_pipe == NULL || za == NULL) { - goto pbiudone; - } - - patch_entry = mzFindZipEntry(za, patch_data_fn->data); - - if (patch_entry == NULL) { - fprintf(stderr, "%s(): no file \"%s\" in package", name, patch_data_fn->data); - goto pbiudone; - } - - params.patch_start = ui->package_zip_addr + mzGetZipEntryOffset(patch_entry); - new_entry = mzFindZipEntry(za, new_data_fn->data); - - if (new_entry == NULL) { - fprintf(stderr, "%s(): no file \"%s\" in package", name, new_data_fn->data); - goto pbiudone; - } - - params.fd = TEMP_FAILURE_RETRY(open(blockdev_filename->data, O_RDWR)); - - if (params.fd == -1) { - fprintf(stderr, "open \"%s\" failed: %s\n", blockdev_filename->data, strerror(errno)); - goto pbiudone; - } - - if (params.canwrite) { - params.nti.za = za; - params.nti.entry = new_entry; - - pthread_mutex_init(¶ms.nti.mu, NULL); - pthread_cond_init(¶ms.nti.cv, NULL); - pthread_attr_init(&attr); - pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); - - int error = pthread_create(¶ms.thread, &attr, unzip_new_data, ¶ms.nti); - if (error != 0) { - fprintf(stderr, "pthread_create failed: %s\n", strerror(error)); - goto pbiudone; - } - } - - // The data in transfer_list_value is not necessarily null-terminated, so we need - // to copy it to a new buffer and add the null that strtok_r will need. - transfer_list = malloc(transfer_list_value->size + 1); - - if (transfer_list == NULL) { - fprintf(stderr, "failed to allocate %zd bytes for transfer list\n", - transfer_list_value->size + 1); - goto pbiudone; - } - - memcpy(transfer_list, transfer_list_value->data, transfer_list_value->size); - transfer_list[transfer_list_value->size] = '\0'; - - // First line in transfer list is the version number - line = strtok_r(transfer_list, "\n", &linesave); - params.version = strtol(line, NULL, 0); - - if (params.version < 1 || params.version > 3) { - fprintf(stderr, "unexpected transfer list version [%s]\n", line); - goto pbiudone; - } - - fprintf(stderr, "blockimg version is %d\n", params.version); - - // Second line in transfer list is the total number of blocks we expect to write - line = strtok_r(NULL, "\n", &linesave); - total_blocks = strtol(line, NULL, 0); - - if (total_blocks < 0) { - ErrorAbort(state, "unexpected block count [%s]\n", line); - goto pbiudone; - } else if (total_blocks == 0) { - rc = 0; - goto pbiudone; - } - - if (params.version >= 2) { - // Third line is how many stash entries are needed simultaneously - line = strtok_r(NULL, "\n", &linesave); - fprintf(stderr, "maximum stash entries %s\n", line); - - // Fourth line is the maximum number of blocks that will be stashed simultaneously - line = strtok_r(NULL, "\n", &linesave); - stash_max_blocks = strtol(line, NULL, 0); - - if (stash_max_blocks < 0) { - ErrorAbort(state, "unexpected maximum stash blocks [%s]\n", line); - goto pbiudone; - } - - if (stash_max_blocks >= 0) { - res = CreateStash(state, stash_max_blocks, blockdev_filename->data, - ¶ms.stashbase); - - if (res == -1) { - goto pbiudone; - } - - params.createdstash = res; - } - } - - // Build a hash table of the available commands - cmdht = mzHashTableCreate(cmdcount, NULL); - - for (i = 0; i < cmdcount; ++i) { - cmdhash = HashString(commands[i].name); - mzHashTableLookup(cmdht, cmdhash, (void*) &commands[i], CompareCommands, true); - } - - // Subsequent lines are all individual transfer commands - for (line = strtok_r(NULL, "\n", &linesave); line; - line = strtok_r(NULL, "\n", &linesave)) { - - logcmd = strdup(line); - params.cmdname = strtok_r(line, " ", ¶ms.cpos); - - if (params.cmdname == NULL) { - fprintf(stderr, "missing command [%s]\n", line); - goto pbiudone; - } - - cmdhash = HashString(params.cmdname); - cmd = (const Command*) mzHashTableLookup(cmdht, cmdhash, params.cmdname, - CompareCommandNames, false); - - if (cmd == NULL) { - fprintf(stderr, "unexpected command [%s]\n", params.cmdname); - goto pbiudone; - } - - if (cmd->f != NULL && cmd->f(¶ms) == -1) { - fprintf(stderr, "failed to execute command [%s]\n", - logcmd ? logcmd : params.cmdname); - goto pbiudone; - } - - if (logcmd) { - free(logcmd); - logcmd = NULL; - } - - if (params.canwrite) { - fprintf(cmd_pipe, "set_progress %.4f\n", (double) params.written / total_blocks); - fflush(cmd_pipe); - } - } - - if (params.canwrite) { - pthread_join(params.thread, NULL); - - fprintf(stderr, "wrote %d blocks; expected %d\n", params.written, total_blocks); - fprintf(stderr, "max alloc needed was %zu\n", params.bufsize); - - // Delete stash only after successfully completing the update, as it - // may contain blocks needed to complete the update later. - DeleteStash(params.stashbase); - } else { - fprintf(stderr, "verified partition contents; update may be resumed\n"); - } - - rc = 0; - -pbiudone: - if (params.fd != -1) { - if (fsync(params.fd) == -1) { - fprintf(stderr, "fsync failed: %s\n", strerror(errno)); - } - close(params.fd); - } - - if (logcmd) { - free(logcmd); - } - - if (cmdht) { - mzHashTableFree(cmdht); - } - - if (params.buffer) { - free(params.buffer); - } - - if (transfer_list) { - free(transfer_list); - } - - if (blockdev_filename) { - FreeValue(blockdev_filename); - } - - if (transfer_list_value) { - FreeValue(transfer_list_value); - } - - if (new_data_fn) { - FreeValue(new_data_fn); - } - - if (patch_data_fn) { - FreeValue(patch_data_fn); - } - - // Only delete the stash if the update cannot be resumed, or it's - // a verification run and we created the stash. - if (params.isunresumable || (!params.canwrite && params.createdstash)) { - DeleteStash(params.stashbase); - } - - if (params.stashbase) { - free(params.stashbase); - } - - return StringValue(rc == 0 ? strdup("t") : strdup("")); -} - -// The transfer list is a text file containing commands to -// transfer data from one place to another on the target -// partition. We parse it and execute the commands in order: -// -// zero [rangeset] -// - fill the indicated blocks with zeros -// -// new [rangeset] -// - fill the blocks with data read from the new_data file -// -// erase [rangeset] -// - mark the given blocks as empty -// -// move <...> -// bsdiff <...> -// imgdiff <...> -// - read the source blocks, apply a patch (or not in the -// case of move), write result to target blocks. bsdiff or -// imgdiff specifies the type of patch; move means no patch -// at all. -// -// The format of <...> differs between versions 1 and 2; -// see the LoadSrcTgtVersion{1,2}() functions for a -// description of what's expected. -// -// stash -// - (version 2+ only) load the given source range and stash -// the data in the given slot of the stash table. -// -// The creator of the transfer list will guarantee that no block -// is read (ie, used as the source for a patch or move) after it -// has been written. -// -// In version 2, the creator will guarantee that a given stash is -// loaded (with a stash command) before it's used in a -// move/bsdiff/imgdiff command. -// -// Within one command the source and target ranges may overlap so -// in general we need to read the entire source into memory before -// writing anything to the target blocks. -// -// All the patch data is concatenated into one patch_data file in -// the update package. It must be stored uncompressed because we -// memory-map it in directly from the archive. (Since patches are -// already compressed, we lose very little by not compressing -// their concatenation.) -// -// In version 3, commands that read data from the partition (i.e. -// move/bsdiff/imgdiff/stash) have one or more additional hashes -// before the range parameters, which are used to check if the -// command has already been completed and verify the integrity of -// the source data. - -Value* BlockImageVerifyFn(const char* name, State* state, int argc, Expr* argv[]) { - // Commands which are not tested are set to NULL to skip them completely - const Command commands[] = { - { "bsdiff", PerformCommandDiff }, - { "erase", NULL }, - { "free", PerformCommandFree }, - { "imgdiff", PerformCommandDiff }, - { "move", PerformCommandMove }, - { "new", NULL }, - { "stash", PerformCommandStash }, - { "zero", NULL } - }; - - // Perform a dry run without writing to test if an update can proceed - return PerformBlockImageUpdate(name, state, argc, argv, commands, - sizeof(commands) / sizeof(commands[0]), 1); -} - -Value* BlockImageUpdateFn(const char* name, State* state, int argc, Expr* argv[]) { - const Command commands[] = { - { "bsdiff", PerformCommandDiff }, - { "erase", PerformCommandErase }, - { "free", PerformCommandFree }, - { "imgdiff", PerformCommandDiff }, - { "move", PerformCommandMove }, - { "new", PerformCommandNew }, - { "stash", PerformCommandStash }, - { "zero", PerformCommandZero } - }; - - return PerformBlockImageUpdate(name, state, argc, argv, commands, - sizeof(commands) / sizeof(commands[0]), 0); -} - -Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { - Value* blockdev_filename; - Value* ranges; - const uint8_t* digest = NULL; - if (ReadValueArgs(state, argv, 2, &blockdev_filename, &ranges) < 0) { - return NULL; - } - - if (blockdev_filename->type != VAL_STRING) { - ErrorAbort(state, "blockdev_filename argument to %s must be string", name); - goto done; - } - if (ranges->type != VAL_STRING) { - ErrorAbort(state, "ranges argument to %s must be string", name); - goto done; - } - - int fd = open(blockdev_filename->data, O_RDWR); - if (fd < 0) { - ErrorAbort(state, "open \"%s\" failed: %s", blockdev_filename->data, strerror(errno)); - goto done; - } - - RangeSet* rs = parse_range(ranges->data); - uint8_t buffer[BLOCKSIZE]; - - SHA_CTX ctx; - SHA_init(&ctx); - - int i, j; - for (i = 0; i < rs->count; ++i) { - if (!check_lseek(fd, (off64_t)rs->pos[i*2] * BLOCKSIZE, SEEK_SET)) { - ErrorAbort(state, "failed to seek %s: %s", blockdev_filename->data, - strerror(errno)); - goto done; - } - - for (j = rs->pos[i*2]; j < rs->pos[i*2+1]; ++j) { - if (read_all(fd, buffer, BLOCKSIZE) == -1) { - ErrorAbort(state, "failed to read %s: %s", blockdev_filename->data, - strerror(errno)); - goto done; - } - - SHA_update(&ctx, buffer, BLOCKSIZE); - } - } - digest = SHA_final(&ctx); - close(fd); - - done: - FreeValue(blockdev_filename); - FreeValue(ranges); - if (digest == NULL) { - return StringValue(strdup("")); - } else { - return StringValue(PrintSha1(digest)); - } -} - -void RegisterBlockImageFunctions() { - RegisterFunction("block_image_verify", BlockImageVerifyFn); - RegisterFunction("block_image_update", BlockImageUpdateFn); - RegisterFunction("range_sha1", RangeSha1Fn); -} diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp new file mode 100644 index 000000000..258d97552 --- /dev/null +++ b/updater/blockimg.cpp @@ -0,0 +1,1991 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "applypatch/applypatch.h" +#include "edify/expr.h" +#include "mincrypt/sha.h" +#include "minzip/Hash.h" +#include "updater.h" + +#define BLOCKSIZE 4096 + +// Set this to 0 to interpret 'erase' transfers to mean do a +// BLKDISCARD ioctl (the normal behavior). Set to 1 to interpret +// erase to mean fill the region with zeroes. +#define DEBUG_ERASE 0 + +#define STASH_DIRECTORY_BASE "/cache/recovery" +#define STASH_DIRECTORY_MODE 0700 +#define STASH_FILE_MODE 0600 + +char* PrintSha1(const uint8_t* digest); + +typedef struct { + int count; + int size; + int pos[0]; +} RangeSet; + +#define RANGESET_MAX_POINTS \ + ((int)((INT_MAX / sizeof(int)) - sizeof(RangeSet))) + +static RangeSet* parse_range(char* text) { + char* save; + char* token; + int num; + long int val; + RangeSet* out = NULL; + size_t bufsize; + + if (!text) { + goto err; + } + + token = strtok_r(text, ",", &save); + + if (!token) { + goto err; + } + + val = strtol(token, NULL, 0); + + if (val < 2 || val > RANGESET_MAX_POINTS) { + goto err; + } else if (val % 2) { + goto err; // must be even + } + + num = (int) val; + bufsize = sizeof(RangeSet) + num * sizeof(int); + + out = reinterpret_cast(malloc(bufsize)); + + if (!out) { + fprintf(stderr, "failed to allocate range of %zu bytes\n", bufsize); + goto err; + } + + out->count = num / 2; + out->size = 0; + + for (int i = 0; i < num; ++i) { + token = strtok_r(NULL, ",", &save); + + if (!token) { + goto err; + } + + val = strtol(token, NULL, 0); + + if (val < 0 || val > INT_MAX) { + goto err; + } + + out->pos[i] = (int) val; + + if (i % 2) { + if (out->pos[i - 1] >= out->pos[i]) { + goto err; // empty or negative range + } + + if (out->size > INT_MAX - out->pos[i]) { + goto err; // overflow + } + + out->size += out->pos[i]; + } else { + if (out->size < 0) { + goto err; + } + + out->size -= out->pos[i]; + } + } + + if (out->size <= 0) { + goto err; + } + + return out; + +err: + fprintf(stderr, "failed to parse range '%s'\n", text ? text : "NULL"); + exit(1); +} + +static int range_overlaps(RangeSet* r1, RangeSet* r2) { + int i, j, r1_0, r1_1, r2_0, r2_1; + + if (!r1 || !r2) { + return 0; + } + + for (i = 0; i < r1->count; ++i) { + r1_0 = r1->pos[i * 2]; + r1_1 = r1->pos[i * 2 + 1]; + + for (j = 0; j < r2->count; ++j) { + r2_0 = r2->pos[j * 2]; + r2_1 = r2->pos[j * 2 + 1]; + + if (!(r2_0 >= r1_1 || r1_0 >= r2_1)) { + return 1; + } + } + } + + return 0; +} + +static int read_all(int fd, uint8_t* data, size_t size) { + size_t so_far = 0; + while (so_far < size) { + ssize_t r = TEMP_FAILURE_RETRY(read(fd, data+so_far, size-so_far)); + if (r == -1) { + fprintf(stderr, "read failed: %s\n", strerror(errno)); + return -1; + } + so_far += r; + } + return 0; +} + +static int write_all(int fd, const uint8_t* data, size_t size) { + size_t written = 0; + while (written < size) { + ssize_t w = TEMP_FAILURE_RETRY(write(fd, data+written, size-written)); + if (w == -1) { + fprintf(stderr, "write failed: %s\n", strerror(errno)); + return -1; + } + written += w; + } + + if (fsync(fd) == -1) { + fprintf(stderr, "fsync failed: %s\n", strerror(errno)); + return -1; + } + + return 0; +} + +static bool check_lseek(int fd, off64_t offset, int whence) { + off64_t rc = TEMP_FAILURE_RETRY(lseek64(fd, offset, whence)); + if (rc == -1) { + fprintf(stderr, "lseek64 failed: %s\n", strerror(errno)); + return false; + } + return true; +} + +static void allocate(size_t size, uint8_t** buffer, size_t* buffer_alloc) { + // if the buffer's big enough, reuse it. + if (size <= *buffer_alloc) return; + + free(*buffer); + + *buffer = (uint8_t*) malloc(size); + if (*buffer == NULL) { + fprintf(stderr, "failed to allocate %zu bytes\n", size); + exit(1); + } + *buffer_alloc = size; +} + +typedef struct { + int fd; + RangeSet* tgt; + int p_block; + size_t p_remain; +} RangeSinkState; + +static ssize_t RangeSinkWrite(const uint8_t* data, ssize_t size, void* token) { + RangeSinkState* rss = (RangeSinkState*) token; + + if (rss->p_remain <= 0) { + fprintf(stderr, "range sink write overrun"); + return 0; + } + + ssize_t written = 0; + while (size > 0) { + size_t write_now = size; + + if (rss->p_remain < write_now) { + write_now = rss->p_remain; + } + + if (write_all(rss->fd, data, write_now) == -1) { + break; + } + + data += write_now; + size -= write_now; + + rss->p_remain -= write_now; + written += write_now; + + if (rss->p_remain == 0) { + // move to the next block + ++rss->p_block; + if (rss->p_block < rss->tgt->count) { + rss->p_remain = (rss->tgt->pos[rss->p_block * 2 + 1] - + rss->tgt->pos[rss->p_block * 2]) * BLOCKSIZE; + + if (!check_lseek(rss->fd, (off64_t)rss->tgt->pos[rss->p_block*2] * BLOCKSIZE, + SEEK_SET)) { + break; + } + } else { + // we can't write any more; return how many bytes have + // been written so far. + break; + } + } + } + + return written; +} + +// All of the data for all the 'new' transfers is contained in one +// file in the update package, concatenated together in the order in +// which transfers.list will need it. We want to stream it out of the +// archive (it's compressed) without writing it to a temp file, but we +// can't write each section until it's that transfer's turn to go. +// +// To achieve this, we expand the new data from the archive in a +// background thread, and block that threads 'receive uncompressed +// data' function until the main thread has reached a point where we +// want some new data to be written. We signal the background thread +// with the destination for the data and block the main thread, +// waiting for the background thread to complete writing that section. +// Then it signals the main thread to wake up and goes back to +// blocking waiting for a transfer. +// +// NewThreadInfo is the struct used to pass information back and forth +// between the two threads. When the main thread wants some data +// written, it sets rss to the destination location and signals the +// condition. When the background thread is done writing, it clears +// rss and signals the condition again. + +typedef struct { + ZipArchive* za; + const ZipEntry* entry; + + RangeSinkState* rss; + + pthread_mutex_t mu; + pthread_cond_t cv; +} NewThreadInfo; + +static bool receive_new_data(const unsigned char* data, int size, void* cookie) { + NewThreadInfo* nti = (NewThreadInfo*) cookie; + + while (size > 0) { + // Wait for nti->rss to be non-NULL, indicating some of this + // data is wanted. + pthread_mutex_lock(&nti->mu); + while (nti->rss == NULL) { + pthread_cond_wait(&nti->cv, &nti->mu); + } + pthread_mutex_unlock(&nti->mu); + + // At this point nti->rss is set, and we own it. The main + // thread is waiting for it to disappear from nti. + ssize_t written = RangeSinkWrite(data, size, nti->rss); + data += written; + size -= written; + + if (nti->rss->p_block == nti->rss->tgt->count) { + // we have written all the bytes desired by this rss. + + pthread_mutex_lock(&nti->mu); + nti->rss = NULL; + pthread_cond_broadcast(&nti->cv); + pthread_mutex_unlock(&nti->mu); + } + } + + return true; +} + +static void* unzip_new_data(void* cookie) { + NewThreadInfo* nti = (NewThreadInfo*) cookie; + mzProcessZipEntryContents(nti->za, nti->entry, receive_new_data, nti); + return NULL; +} + +static int ReadBlocks(RangeSet* src, uint8_t* buffer, int fd) { + int i; + size_t p = 0; + size_t size; + + if (!src || !buffer) { + return -1; + } + + for (i = 0; i < src->count; ++i) { + if (!check_lseek(fd, (off64_t) src->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + return -1; + } + + size = (src->pos[i * 2 + 1] - src->pos[i * 2]) * BLOCKSIZE; + + if (read_all(fd, buffer + p, size) == -1) { + return -1; + } + + p += size; + } + + return 0; +} + +static int WriteBlocks(RangeSet* tgt, uint8_t* buffer, int fd) { + int i; + size_t p = 0; + size_t size; + + if (!tgt || !buffer) { + return -1; + } + + for (i = 0; i < tgt->count; ++i) { + if (!check_lseek(fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + return -1; + } + + size = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * BLOCKSIZE; + + if (write_all(fd, buffer + p, size) == -1) { + return -1; + } + + p += size; + } + + return 0; +} + +// Do a source/target load for move/bsdiff/imgdiff in version 1. +// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect +// to parse the remainder of the string as: +// +// +// +// The source range is loaded into the provided buffer, reallocating +// it to make it larger if necessary. The target ranges are returned +// in *tgt, if tgt is non-NULL. + +static int LoadSrcTgtVersion1(char** wordsave, RangeSet** tgt, int* src_blocks, + uint8_t** buffer, size_t* buffer_alloc, int fd) { + char* word; + int rc; + + word = strtok_r(NULL, " ", wordsave); + RangeSet* src = parse_range(word); + + if (tgt != NULL) { + word = strtok_r(NULL, " ", wordsave); + *tgt = parse_range(word); + } + + allocate(src->size * BLOCKSIZE, buffer, buffer_alloc); + rc = ReadBlocks(src, *buffer, fd); + *src_blocks = src->size; + + free(src); + return rc; +} + +static int VerifyBlocks(const char *expected, const uint8_t *buffer, + size_t blocks, int printerror) { + char* hexdigest = NULL; + int rc = -1; + uint8_t digest[SHA_DIGEST_SIZE]; + + if (!expected || !buffer) { + return rc; + } + + SHA_hash(buffer, blocks * BLOCKSIZE, digest); + hexdigest = PrintSha1(digest); + + if (hexdigest != NULL) { + rc = strcmp(expected, hexdigest); + + if (rc != 0 && printerror) { + fprintf(stderr, "failed to verify blocks (expected %s, read %s)\n", + expected, hexdigest); + } + + free(hexdigest); + } + + return rc; +} + +static char* GetStashFileName(const char* base, const char* id, const char* postfix) { + char* fn; + int len; + int res; + + if (base == NULL) { + return NULL; + } + + if (id == NULL) { + id = ""; + } + + if (postfix == NULL) { + postfix = ""; + } + + len = strlen(STASH_DIRECTORY_BASE) + 1 + strlen(base) + 1 + strlen(id) + strlen(postfix) + 1; + fn = reinterpret_cast(malloc(len)); + + if (fn == NULL) { + fprintf(stderr, "failed to malloc %d bytes for fn\n", len); + return NULL; + } + + res = snprintf(fn, len, STASH_DIRECTORY_BASE "/%s/%s%s", base, id, postfix); + + if (res < 0 || res >= len) { + fprintf(stderr, "failed to format file name (return value %d)\n", res); + free(fn); + return NULL; + } + + return fn; +} + +typedef void (*StashCallback)(const char*, void*); + +// Does a best effort enumeration of stash files. Ignores possible non-file +// items in the stash directory and continues despite of errors. Calls the +// 'callback' function for each file and passes 'data' to the function as a +// parameter. + +static void EnumerateStash(const char* dirname, StashCallback callback, void* data) { + char* fn; + DIR* directory; + int len; + int res; + struct dirent* item; + + if (dirname == NULL || callback == NULL) { + return; + } + + directory = opendir(dirname); + + if (directory == NULL) { + if (errno != ENOENT) { + fprintf(stderr, "opendir \"%s\" failed: %s\n", dirname, strerror(errno)); + } + return; + } + + while ((item = readdir(directory)) != NULL) { + if (item->d_type != DT_REG) { + continue; + } + + len = strlen(dirname) + 1 + strlen(item->d_name) + 1; + fn = reinterpret_cast(malloc(len)); + + if (fn == NULL) { + fprintf(stderr, "failed to malloc %d bytes for fn\n", len); + continue; + } + + res = snprintf(fn, len, "%s/%s", dirname, item->d_name); + + if (res < 0 || res >= len) { + fprintf(stderr, "failed to format file name (return value %d)\n", res); + free(fn); + continue; + } + + callback(fn, data); + free(fn); + } + + if (closedir(directory) == -1) { + fprintf(stderr, "closedir \"%s\" failed: %s\n", dirname, strerror(errno)); + } +} + +static void UpdateFileSize(const char* fn, void* data) { + int* size = (int*) data; + struct stat st; + + if (!fn || !data) { + return; + } + + if (stat(fn, &st) == -1) { + fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); + return; + } + + *size += st.st_size; +} + +// Deletes the stash directory and all files in it. Assumes that it only +// contains files. There is nothing we can do about unlikely, but possible +// errors, so they are merely logged. + +static void DeleteFile(const char* fn, void* data) { + if (fn) { + fprintf(stderr, "deleting %s\n", fn); + + if (unlink(fn) == -1 && errno != ENOENT) { + fprintf(stderr, "unlink \"%s\" failed: %s\n", fn, strerror(errno)); + } + } +} + +static void DeletePartial(const char* fn, void* data) { + if (fn && strstr(fn, ".partial") != NULL) { + DeleteFile(fn, data); + } +} + +static void DeleteStash(const char* base) { + char* dirname; + + if (base == NULL) { + return; + } + + dirname = GetStashFileName(base, NULL, NULL); + + if (dirname == NULL) { + return; + } + + fprintf(stderr, "deleting stash %s\n", base); + EnumerateStash(dirname, DeleteFile, NULL); + + if (rmdir(dirname) == -1) { + if (errno != ENOENT && errno != ENOTDIR) { + fprintf(stderr, "rmdir \"%s\" failed: %s\n", dirname, strerror(errno)); + } + } + + free(dirname); +} + +static int LoadStash(const char* base, const char* id, int verify, int* blocks, uint8_t** buffer, + size_t* buffer_alloc, int printnoent) { + char *fn = NULL; + int blockcount = 0; + int fd = -1; + int rc = -1; + int res; + struct stat st; + + if (!base || !id || !buffer || !buffer_alloc) { + goto lsout; + } + + if (!blocks) { + blocks = &blockcount; + } + + fn = GetStashFileName(base, id, NULL); + + if (fn == NULL) { + goto lsout; + } + + res = stat(fn, &st); + + if (res == -1) { + if (errno != ENOENT || printnoent) { + fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); + } + goto lsout; + } + + fprintf(stderr, " loading %s\n", fn); + + if ((st.st_size % BLOCKSIZE) != 0) { + fprintf(stderr, "%s size %" PRId64 " not multiple of block size %d", + fn, static_cast(st.st_size), BLOCKSIZE); + goto lsout; + } + + fd = TEMP_FAILURE_RETRY(open(fn, O_RDONLY)); + + if (fd == -1) { + fprintf(stderr, "open \"%s\" failed: %s\n", fn, strerror(errno)); + goto lsout; + } + + allocate(st.st_size, buffer, buffer_alloc); + + if (read_all(fd, *buffer, st.st_size) == -1) { + goto lsout; + } + + *blocks = st.st_size / BLOCKSIZE; + + if (verify && VerifyBlocks(id, *buffer, *blocks, 1) != 0) { + fprintf(stderr, "unexpected contents in %s\n", fn); + DeleteFile(fn, NULL); + goto lsout; + } + + rc = 0; + +lsout: + if (fd != -1) { + close(fd); + } + + if (fn) { + free(fn); + } + + return rc; +} + +static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buffer, + int checkspace, int *exists) { + char *fn = NULL; + char *cn = NULL; + int fd = -1; + int rc = -1; + int res; + struct stat st; + + if (base == NULL || buffer == NULL) { + goto wsout; + } + + if (checkspace && CacheSizeCheck(blocks * BLOCKSIZE) != 0) { + fprintf(stderr, "not enough space to write stash\n"); + goto wsout; + } + + fn = GetStashFileName(base, id, ".partial"); + cn = GetStashFileName(base, id, NULL); + + if (fn == NULL || cn == NULL) { + goto wsout; + } + + if (exists) { + res = stat(cn, &st); + + if (res == 0) { + // The file already exists and since the name is the hash of the contents, + // it's safe to assume the contents are identical (accidental hash collisions + // are unlikely) + fprintf(stderr, " skipping %d existing blocks in %s\n", blocks, cn); + *exists = 1; + rc = 0; + goto wsout; + } + + *exists = 0; + } + + fprintf(stderr, " writing %d blocks to %s\n", blocks, cn); + + fd = TEMP_FAILURE_RETRY(open(fn, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, STASH_FILE_MODE)); + + if (fd == -1) { + fprintf(stderr, "failed to create \"%s\": %s\n", fn, strerror(errno)); + goto wsout; + } + + if (write_all(fd, buffer, blocks * BLOCKSIZE) == -1) { + goto wsout; + } + + if (fsync(fd) == -1) { + fprintf(stderr, "fsync \"%s\" failed: %s\n", fn, strerror(errno)); + goto wsout; + } + + if (rename(fn, cn) == -1) { + fprintf(stderr, "rename(\"%s\", \"%s\") failed: %s\n", fn, cn, strerror(errno)); + goto wsout; + } + + rc = 0; + +wsout: + if (fd != -1) { + close(fd); + } + + if (fn) { + free(fn); + } + + if (cn) { + free(cn); + } + + return rc; +} + +// Creates a directory for storing stash files and checks if the /cache partition +// hash enough space for the expected amount of blocks we need to store. Returns +// >0 if we created the directory, zero if it existed already, and <0 of failure. + +static int CreateStash(State* state, int maxblocks, const char* blockdev, char** base) { + char* dirname = NULL; + const uint8_t* digest; + int rc = -1; + int res; + int size = 0; + SHA_CTX ctx; + struct stat st; + + if (blockdev == NULL || base == NULL) { + goto csout; + } + + // Stash directory should be different for each partition to avoid conflicts + // when updating multiple partitions at the same time, so we use the hash of + // the block device name as the base directory + SHA_init(&ctx); + SHA_update(&ctx, blockdev, strlen(blockdev)); + digest = SHA_final(&ctx); + *base = PrintSha1(digest); + + if (*base == NULL) { + goto csout; + } + + dirname = GetStashFileName(*base, NULL, NULL); + + if (dirname == NULL) { + goto csout; + } + + res = stat(dirname, &st); + + if (res == -1 && errno != ENOENT) { + ErrorAbort(state, "stat \"%s\" failed: %s\n", dirname, strerror(errno)); + goto csout; + } else if (res != 0) { + fprintf(stderr, "creating stash %s\n", dirname); + res = mkdir(dirname, STASH_DIRECTORY_MODE); + + if (res != 0) { + ErrorAbort(state, "mkdir \"%s\" failed: %s\n", dirname, strerror(errno)); + goto csout; + } + + if (CacheSizeCheck(maxblocks * BLOCKSIZE) != 0) { + ErrorAbort(state, "not enough space for stash\n"); + goto csout; + } + + rc = 1; // Created directory + goto csout; + } + + fprintf(stderr, "using existing stash %s\n", dirname); + + // If the directory already exists, calculate the space already allocated to + // stash files and check if there's enough for all required blocks. Delete any + // partially completed stash files first. + + EnumerateStash(dirname, DeletePartial, NULL); + EnumerateStash(dirname, UpdateFileSize, &size); + + size = (maxblocks * BLOCKSIZE) - size; + + if (size > 0 && CacheSizeCheck(size) != 0) { + ErrorAbort(state, "not enough space for stash (%d more needed)\n", size); + goto csout; + } + + rc = 0; // Using existing directory + +csout: + if (dirname) { + free(dirname); + } + + return rc; +} + +static int SaveStash(const char* base, char** wordsave, uint8_t** buffer, size_t* buffer_alloc, + int fd, int usehash, int* isunresumable) { + char *id = NULL; + int blocks = 0; + + if (!wordsave || !buffer || !buffer_alloc || !isunresumable) { + return -1; + } + + id = strtok_r(NULL, " ", wordsave); + + if (id == NULL) { + fprintf(stderr, "missing id field in stash command\n"); + return -1; + } + + if (usehash && LoadStash(base, id, 1, &blocks, buffer, buffer_alloc, 0) == 0) { + // Stash file already exists and has expected contents. Do not + // read from source again, as the source may have been already + // overwritten during a previous attempt. + return 0; + } + + if (LoadSrcTgtVersion1(wordsave, NULL, &blocks, buffer, buffer_alloc, fd) == -1) { + return -1; + } + + if (usehash && VerifyBlocks(id, *buffer, blocks, 1) != 0) { + // Source blocks have unexpected contents. If we actually need this + // data later, this is an unrecoverable error. However, the command + // that uses the data may have already completed previously, so the + // possible failure will occur during source block verification. + fprintf(stderr, "failed to load source blocks for stash %s\n", id); + return 0; + } + + fprintf(stderr, "stashing %d blocks to %s\n", blocks, id); + return WriteStash(base, id, blocks, *buffer, 0, NULL); +} + +static int FreeStash(const char* base, const char* id) { + char *fn = NULL; + + if (base == NULL || id == NULL) { + return -1; + } + + fn = GetStashFileName(base, id, NULL); + + if (fn == NULL) { + return -1; + } + + DeleteFile(fn, NULL); + free(fn); + + return 0; +} + +static void MoveRange(uint8_t* dest, RangeSet* locs, const uint8_t* source) { + // source contains packed data, which we want to move to the + // locations given in *locs in the dest buffer. source and dest + // may be the same buffer. + + int start = locs->size; + int i; + for (i = locs->count-1; i >= 0; --i) { + int blocks = locs->pos[i*2+1] - locs->pos[i*2]; + start -= blocks; + memmove(dest + (locs->pos[i*2] * BLOCKSIZE), source + (start * BLOCKSIZE), + blocks * BLOCKSIZE); + } +} + +// Do a source/target load for move/bsdiff/imgdiff in version 2. +// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect +// to parse the remainder of the string as one of: +// +// +// (loads data from source image only) +// +// - <[stash_id:stash_range] ...> +// (loads data from stashes only) +// +// <[stash_id:stash_range] ...> +// (loads data from both source image and stashes) +// +// On return, buffer is filled with the loaded source data (rearranged +// and combined with stashed data as necessary). buffer may be +// reallocated if needed to accommodate the source data. *tgt is the +// target RangeSet. Any stashes required are loaded using LoadStash. + +static int LoadSrcTgtVersion2(char** wordsave, RangeSet** tgt, int* src_blocks, + uint8_t** buffer, size_t* buffer_alloc, int fd, + const char* stashbase, int* overlap) { + char* word; + char* colonsave; + char* colon; + int res; + RangeSet* locs; + size_t stashalloc = 0; + uint8_t* stash = NULL; + + if (tgt != NULL) { + word = strtok_r(NULL, " ", wordsave); + *tgt = parse_range(word); + } + + word = strtok_r(NULL, " ", wordsave); + *src_blocks = strtol(word, NULL, 0); + + allocate(*src_blocks * BLOCKSIZE, buffer, buffer_alloc); + + word = strtok_r(NULL, " ", wordsave); + if (word[0] == '-' && word[1] == '\0') { + // no source ranges, only stashes + } else { + RangeSet* src = parse_range(word); + res = ReadBlocks(src, *buffer, fd); + + if (overlap && tgt) { + *overlap = range_overlaps(src, *tgt); + } + + free(src); + + if (res == -1) { + return -1; + } + + word = strtok_r(NULL, " ", wordsave); + if (word == NULL) { + // no stashes, only source range + return 0; + } + + locs = parse_range(word); + MoveRange(*buffer, locs, *buffer); + free(locs); + } + + while ((word = strtok_r(NULL, " ", wordsave)) != NULL) { + // Each word is a an index into the stash table, a colon, and + // then a rangeset describing where in the source block that + // stashed data should go. + colonsave = NULL; + colon = strtok_r(word, ":", &colonsave); + + res = LoadStash(stashbase, colon, 0, NULL, &stash, &stashalloc, 1); + + if (res == -1) { + // These source blocks will fail verification if used later, but we + // will let the caller decide if this is a fatal failure + fprintf(stderr, "failed to load stash %s\n", colon); + continue; + } + + colon = strtok_r(NULL, ":", &colonsave); + locs = parse_range(colon); + + MoveRange(*buffer, locs, stash); + free(locs); + } + + if (stash) { + free(stash); + } + + return 0; +} + +// Parameters for transfer list command functions +typedef struct { + char* cmdname; + char* cpos; + char* freestash; + char* stashbase; + int canwrite; + int createdstash; + int fd; + int foundwrites; + int isunresumable; + int version; + int written; + NewThreadInfo nti; + pthread_t thread; + size_t bufsize; + uint8_t* buffer; + uint8_t* patch_start; +} CommandParameters; + +// Do a source/target load for move/bsdiff/imgdiff in version 3. +// +// Parameters are the same as for LoadSrcTgtVersion2, except for 'onehash', which +// tells the function whether to expect separate source and targe block hashes, or +// if they are both the same and only one hash should be expected, and +// 'isunresumable', which receives a non-zero value if block verification fails in +// a way that the update cannot be resumed anymore. +// +// If the function is unable to load the necessary blocks or their contents don't +// match the hashes, the return value is -1 and the command should be aborted. +// +// If the return value is 1, the command has already been completed according to +// the contents of the target blocks, and should not be performed again. +// +// If the return value is 0, source blocks have expected content and the command +// can be performed. + +static int LoadSrcTgtVersion3(CommandParameters* params, RangeSet** tgt, int* src_blocks, + int onehash, int* overlap) { + char* srchash = NULL; + char* tgthash = NULL; + int stash_exists = 0; + int rc = -1; + uint8_t* tgtbuffer = NULL; + + if (!params|| !tgt || !src_blocks || !overlap) { + goto v3out; + } + + srchash = strtok_r(NULL, " ", ¶ms->cpos); + + if (srchash == NULL) { + fprintf(stderr, "missing source hash\n"); + goto v3out; + } + + if (onehash) { + tgthash = srchash; + } else { + tgthash = strtok_r(NULL, " ", ¶ms->cpos); + + if (tgthash == NULL) { + fprintf(stderr, "missing target hash\n"); + goto v3out; + } + } + + if (LoadSrcTgtVersion2(¶ms->cpos, tgt, src_blocks, ¶ms->buffer, ¶ms->bufsize, + params->fd, params->stashbase, overlap) == -1) { + goto v3out; + } + + tgtbuffer = (uint8_t*) malloc((*tgt)->size * BLOCKSIZE); + + if (tgtbuffer == NULL) { + fprintf(stderr, "failed to allocate %d bytes\n", (*tgt)->size * BLOCKSIZE); + goto v3out; + } + + if (ReadBlocks(*tgt, tgtbuffer, params->fd) == -1) { + goto v3out; + } + + if (VerifyBlocks(tgthash, tgtbuffer, (*tgt)->size, 0) == 0) { + // Target blocks already have expected content, command should be skipped + rc = 1; + goto v3out; + } + + if (VerifyBlocks(srchash, params->buffer, *src_blocks, 1) == 0) { + // If source and target blocks overlap, stash the source blocks so we can + // resume from possible write errors + if (*overlap) { + fprintf(stderr, "stashing %d overlapping blocks to %s\n", *src_blocks, + srchash); + + if (WriteStash(params->stashbase, srchash, *src_blocks, params->buffer, 1, + &stash_exists) != 0) { + fprintf(stderr, "failed to stash overlapping source blocks\n"); + goto v3out; + } + + // Can be deleted when the write has completed + if (!stash_exists) { + params->freestash = srchash; + } + } + + // Source blocks have expected content, command can proceed + rc = 0; + goto v3out; + } + + if (*overlap && LoadStash(params->stashbase, srchash, 1, NULL, ¶ms->buffer, + ¶ms->bufsize, 1) == 0) { + // Overlapping source blocks were previously stashed, command can proceed. + // We are recovering from an interrupted command, so we don't know if the + // stash can safely be deleted after this command. + rc = 0; + goto v3out; + } + + // Valid source data not available, update cannot be resumed + fprintf(stderr, "partition has unexpected contents\n"); + params->isunresumable = 1; + +v3out: + if (tgtbuffer) { + free(tgtbuffer); + } + + return rc; +} + +static int PerformCommandMove(CommandParameters* params) { + int blocks = 0; + int overlap = 0; + int rc = -1; + int status = 0; + RangeSet* tgt = NULL; + + if (!params) { + goto pcmout; + } + + if (params->version == 1) { + status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, + ¶ms->bufsize, params->fd); + } else if (params->version == 2) { + status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, + ¶ms->bufsize, params->fd, params->stashbase, NULL); + } else if (params->version >= 3) { + status = LoadSrcTgtVersion3(params, &tgt, &blocks, 1, &overlap); + } + + if (status == -1) { + fprintf(stderr, "failed to read blocks for move\n"); + goto pcmout; + } + + if (status == 0) { + params->foundwrites = 1; + } else if (params->foundwrites) { + fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); + } + + if (params->canwrite) { + if (status == 0) { + fprintf(stderr, " moving %d blocks\n", blocks); + + if (WriteBlocks(tgt, params->buffer, params->fd) == -1) { + goto pcmout; + } + } else { + fprintf(stderr, "skipping %d already moved blocks\n", blocks); + } + + } + + if (params->freestash) { + FreeStash(params->stashbase, params->freestash); + params->freestash = NULL; + } + + params->written += tgt->size; + rc = 0; + +pcmout: + if (tgt) { + free(tgt); + } + + return rc; +} + +static int PerformCommandStash(CommandParameters* params) { + if (!params) { + return -1; + } + + return SaveStash(params->stashbase, ¶ms->cpos, ¶ms->buffer, ¶ms->bufsize, + params->fd, (params->version >= 3), ¶ms->isunresumable); +} + +static int PerformCommandFree(CommandParameters* params) { + if (!params) { + return -1; + } + + if (params->createdstash || params->canwrite) { + return FreeStash(params->stashbase, params->cpos); + } + + return 0; +} + +static int PerformCommandZero(CommandParameters* params) { + char* range = NULL; + int i; + int j; + int rc = -1; + RangeSet* tgt = NULL; + + if (!params) { + goto pczout; + } + + range = strtok_r(NULL, " ", ¶ms->cpos); + + if (range == NULL) { + fprintf(stderr, "missing target blocks for zero\n"); + goto pczout; + } + + tgt = parse_range(range); + + fprintf(stderr, " zeroing %d blocks\n", tgt->size); + + allocate(BLOCKSIZE, ¶ms->buffer, ¶ms->bufsize); + memset(params->buffer, 0, BLOCKSIZE); + + if (params->canwrite) { + for (i = 0; i < tgt->count; ++i) { + if (!check_lseek(params->fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + goto pczout; + } + + for (j = tgt->pos[i * 2]; j < tgt->pos[i * 2 + 1]; ++j) { + if (write_all(params->fd, params->buffer, BLOCKSIZE) == -1) { + goto pczout; + } + } + } + } + + if (params->cmdname[0] == 'z') { + // Update only for the zero command, as the erase command will call + // this if DEBUG_ERASE is defined. + params->written += tgt->size; + } + + rc = 0; + +pczout: + if (tgt) { + free(tgt); + } + + return rc; +} + +static int PerformCommandNew(CommandParameters* params) { + char* range = NULL; + int rc = -1; + RangeSet* tgt = NULL; + RangeSinkState rss; + + if (!params) { + goto pcnout; + } + + range = strtok_r(NULL, " ", ¶ms->cpos); + + if (range == NULL) { + goto pcnout; + } + + tgt = parse_range(range); + + if (params->canwrite) { + fprintf(stderr, " writing %d blocks of new data\n", tgt->size); + + rss.fd = params->fd; + rss.tgt = tgt; + rss.p_block = 0; + rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; + + if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { + goto pcnout; + } + + pthread_mutex_lock(¶ms->nti.mu); + params->nti.rss = &rss; + pthread_cond_broadcast(¶ms->nti.cv); + + while (params->nti.rss) { + pthread_cond_wait(¶ms->nti.cv, ¶ms->nti.mu); + } + + pthread_mutex_unlock(¶ms->nti.mu); + } + + params->written += tgt->size; + rc = 0; + +pcnout: + if (tgt) { + free(tgt); + } + + return rc; +} + +static int PerformCommandDiff(CommandParameters* params) { + char* logparams = NULL; + char* value = NULL; + int blocks = 0; + int overlap = 0; + int rc = -1; + int status = 0; + RangeSet* tgt = NULL; + RangeSinkState rss; + size_t len = 0; + size_t offset = 0; + Value patch_value; + + if (!params) { + goto pcdout; + } + + logparams = strdup(params->cpos); + value = strtok_r(NULL, " ", ¶ms->cpos); + + if (value == NULL) { + fprintf(stderr, "missing patch offset for %s\n", params->cmdname); + goto pcdout; + } + + offset = strtoul(value, NULL, 0); + + value = strtok_r(NULL, " ", ¶ms->cpos); + + if (value == NULL) { + fprintf(stderr, "missing patch length for %s\n", params->cmdname); + goto pcdout; + } + + len = strtoul(value, NULL, 0); + + if (params->version == 1) { + status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, + ¶ms->bufsize, params->fd); + } else if (params->version == 2) { + status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, + ¶ms->bufsize, params->fd, params->stashbase, NULL); + } else if (params->version >= 3) { + status = LoadSrcTgtVersion3(params, &tgt, &blocks, 0, &overlap); + } + + if (status == -1) { + fprintf(stderr, "failed to read blocks for diff\n"); + goto pcdout; + } + + if (status == 0) { + params->foundwrites = 1; + } else if (params->foundwrites) { + fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); + } + + if (params->canwrite) { + if (status == 0) { + fprintf(stderr, "patching %d blocks to %d\n", blocks, tgt->size); + + patch_value.type = VAL_BLOB; + patch_value.size = len; + patch_value.data = (char*) (params->patch_start + offset); + + rss.fd = params->fd; + rss.tgt = tgt; + rss.p_block = 0; + rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; + + if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { + goto pcdout; + } + + if (params->cmdname[0] == 'i') { // imgdiff + ApplyImagePatch(params->buffer, blocks * BLOCKSIZE, &patch_value, + &RangeSinkWrite, &rss, NULL, NULL); + } else { + ApplyBSDiffPatch(params->buffer, blocks * BLOCKSIZE, &patch_value, + 0, &RangeSinkWrite, &rss, NULL); + } + + // We expect the output of the patcher to fill the tgt ranges exactly. + if (rss.p_block != tgt->count || rss.p_remain != 0) { + fprintf(stderr, "range sink underrun?\n"); + } + } else { + fprintf(stderr, "skipping %d blocks already patched to %d [%s]\n", + blocks, tgt->size, logparams); + } + } + + if (params->freestash) { + FreeStash(params->stashbase, params->freestash); + params->freestash = NULL; + } + + params->written += tgt->size; + rc = 0; + +pcdout: + if (logparams) { + free(logparams); + } + + if (tgt) { + free(tgt); + } + + return rc; +} + +static int PerformCommandErase(CommandParameters* params) { + char* range = NULL; + int i; + int rc = -1; + RangeSet* tgt = NULL; + struct stat st; + uint64_t blocks[2]; + + if (DEBUG_ERASE) { + return PerformCommandZero(params); + } + + if (!params) { + goto pceout; + } + + if (fstat(params->fd, &st) == -1) { + fprintf(stderr, "failed to fstat device to erase: %s\n", strerror(errno)); + goto pceout; + } + + if (!S_ISBLK(st.st_mode)) { + fprintf(stderr, "not a block device; skipping erase\n"); + goto pceout; + } + + range = strtok_r(NULL, " ", ¶ms->cpos); + + if (range == NULL) { + fprintf(stderr, "missing target blocks for erase\n"); + goto pceout; + } + + tgt = parse_range(range); + + if (params->canwrite) { + fprintf(stderr, " erasing %d blocks\n", tgt->size); + + for (i = 0; i < tgt->count; ++i) { + // offset in bytes + blocks[0] = tgt->pos[i * 2] * (uint64_t) BLOCKSIZE; + // length in bytes + blocks[1] = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * (uint64_t) BLOCKSIZE; + + if (ioctl(params->fd, BLKDISCARD, &blocks) == -1) { + fprintf(stderr, "BLKDISCARD ioctl failed: %s\n", strerror(errno)); + goto pceout; + } + } + } + + rc = 0; + +pceout: + if (tgt) { + free(tgt); + } + + return rc; +} + +// Definitions for transfer list command functions +typedef int (*CommandFunction)(CommandParameters*); + +typedef struct { + const char* name; + CommandFunction f; +} Command; + +// CompareCommands and CompareCommandNames are for the hash table + +static int CompareCommands(const void* c1, const void* c2) { + return strcmp(((const Command*) c1)->name, ((const Command*) c2)->name); +} + +static int CompareCommandNames(const void* c1, const void* c2) { + return strcmp(((const Command*) c1)->name, (const char*) c2); +} + +// HashString is used to hash command names for the hash table + +static unsigned int HashString(const char *s) { + unsigned int hash = 0; + if (s) { + while (*s) { + hash = hash * 33 + *s++; + } + } + return hash; +} + +// args: +// - block device (or file) to modify in-place +// - transfer list (blob) +// - new data stream (filename within package.zip) +// - patch stream (filename within package.zip, must be uncompressed) + +static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, Expr* argv[], + const Command* commands, int cmdcount, int dryrun) { + + char* line = NULL; + char* linesave = NULL; + char* logcmd = NULL; + char* transfer_list = NULL; + CommandParameters params; + const Command* cmd = NULL; + const ZipEntry* new_entry = NULL; + const ZipEntry* patch_entry = NULL; + FILE* cmd_pipe = NULL; + HashTable* cmdht = NULL; + int i; + int res; + int rc = -1; + int stash_max_blocks = 0; + int total_blocks = 0; + pthread_attr_t attr; + unsigned int cmdhash; + UpdaterInfo* ui = NULL; + Value* blockdev_filename = NULL; + Value* new_data_fn = NULL; + Value* patch_data_fn = NULL; + Value* transfer_list_value = NULL; + ZipArchive* za = NULL; + + memset(¶ms, 0, sizeof(params)); + params.canwrite = !dryrun; + + fprintf(stderr, "performing %s\n", dryrun ? "verification" : "update"); + + if (ReadValueArgs(state, argv, 4, &blockdev_filename, &transfer_list_value, + &new_data_fn, &patch_data_fn) < 0) { + goto pbiudone; + } + + if (blockdev_filename->type != VAL_STRING) { + ErrorAbort(state, "blockdev_filename argument to %s must be string", name); + goto pbiudone; + } + if (transfer_list_value->type != VAL_BLOB) { + ErrorAbort(state, "transfer_list argument to %s must be blob", name); + goto pbiudone; + } + if (new_data_fn->type != VAL_STRING) { + ErrorAbort(state, "new_data_fn argument to %s must be string", name); + goto pbiudone; + } + if (patch_data_fn->type != VAL_STRING) { + ErrorAbort(state, "patch_data_fn argument to %s must be string", name); + goto pbiudone; + } + + ui = (UpdaterInfo*) state->cookie; + + if (ui == NULL) { + goto pbiudone; + } + + cmd_pipe = ui->cmd_pipe; + za = ui->package_zip; + + if (cmd_pipe == NULL || za == NULL) { + goto pbiudone; + } + + patch_entry = mzFindZipEntry(za, patch_data_fn->data); + + if (patch_entry == NULL) { + fprintf(stderr, "%s(): no file \"%s\" in package", name, patch_data_fn->data); + goto pbiudone; + } + + params.patch_start = ui->package_zip_addr + mzGetZipEntryOffset(patch_entry); + new_entry = mzFindZipEntry(za, new_data_fn->data); + + if (new_entry == NULL) { + fprintf(stderr, "%s(): no file \"%s\" in package", name, new_data_fn->data); + goto pbiudone; + } + + params.fd = TEMP_FAILURE_RETRY(open(blockdev_filename->data, O_RDWR)); + + if (params.fd == -1) { + fprintf(stderr, "open \"%s\" failed: %s\n", blockdev_filename->data, strerror(errno)); + goto pbiudone; + } + + if (params.canwrite) { + params.nti.za = za; + params.nti.entry = new_entry; + + pthread_mutex_init(¶ms.nti.mu, NULL); + pthread_cond_init(¶ms.nti.cv, NULL); + pthread_attr_init(&attr); + pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); + + int error = pthread_create(¶ms.thread, &attr, unzip_new_data, ¶ms.nti); + if (error != 0) { + fprintf(stderr, "pthread_create failed: %s\n", strerror(error)); + goto pbiudone; + } + } + + // The data in transfer_list_value is not necessarily null-terminated, so we need + // to copy it to a new buffer and add the null that strtok_r will need. + transfer_list = reinterpret_cast(malloc(transfer_list_value->size + 1)); + + if (transfer_list == NULL) { + fprintf(stderr, "failed to allocate %zd bytes for transfer list\n", + transfer_list_value->size + 1); + goto pbiudone; + } + + memcpy(transfer_list, transfer_list_value->data, transfer_list_value->size); + transfer_list[transfer_list_value->size] = '\0'; + + // First line in transfer list is the version number + line = strtok_r(transfer_list, "\n", &linesave); + params.version = strtol(line, NULL, 0); + + if (params.version < 1 || params.version > 3) { + fprintf(stderr, "unexpected transfer list version [%s]\n", line); + goto pbiudone; + } + + fprintf(stderr, "blockimg version is %d\n", params.version); + + // Second line in transfer list is the total number of blocks we expect to write + line = strtok_r(NULL, "\n", &linesave); + total_blocks = strtol(line, NULL, 0); + + if (total_blocks < 0) { + ErrorAbort(state, "unexpected block count [%s]\n", line); + goto pbiudone; + } else if (total_blocks == 0) { + rc = 0; + goto pbiudone; + } + + if (params.version >= 2) { + // Third line is how many stash entries are needed simultaneously + line = strtok_r(NULL, "\n", &linesave); + fprintf(stderr, "maximum stash entries %s\n", line); + + // Fourth line is the maximum number of blocks that will be stashed simultaneously + line = strtok_r(NULL, "\n", &linesave); + stash_max_blocks = strtol(line, NULL, 0); + + if (stash_max_blocks < 0) { + ErrorAbort(state, "unexpected maximum stash blocks [%s]\n", line); + goto pbiudone; + } + + if (stash_max_blocks >= 0) { + res = CreateStash(state, stash_max_blocks, blockdev_filename->data, + ¶ms.stashbase); + + if (res == -1) { + goto pbiudone; + } + + params.createdstash = res; + } + } + + // Build a hash table of the available commands + cmdht = mzHashTableCreate(cmdcount, NULL); + + for (i = 0; i < cmdcount; ++i) { + cmdhash = HashString(commands[i].name); + mzHashTableLookup(cmdht, cmdhash, (void*) &commands[i], CompareCommands, true); + } + + // Subsequent lines are all individual transfer commands + for (line = strtok_r(NULL, "\n", &linesave); line; + line = strtok_r(NULL, "\n", &linesave)) { + + logcmd = strdup(line); + params.cmdname = strtok_r(line, " ", ¶ms.cpos); + + if (params.cmdname == NULL) { + fprintf(stderr, "missing command [%s]\n", line); + goto pbiudone; + } + + cmdhash = HashString(params.cmdname); + cmd = (const Command*) mzHashTableLookup(cmdht, cmdhash, params.cmdname, + CompareCommandNames, false); + + if (cmd == NULL) { + fprintf(stderr, "unexpected command [%s]\n", params.cmdname); + goto pbiudone; + } + + if (cmd->f != NULL && cmd->f(¶ms) == -1) { + fprintf(stderr, "failed to execute command [%s]\n", + logcmd ? logcmd : params.cmdname); + goto pbiudone; + } + + if (logcmd) { + free(logcmd); + logcmd = NULL; + } + + if (params.canwrite) { + fprintf(cmd_pipe, "set_progress %.4f\n", (double) params.written / total_blocks); + fflush(cmd_pipe); + } + } + + if (params.canwrite) { + pthread_join(params.thread, NULL); + + fprintf(stderr, "wrote %d blocks; expected %d\n", params.written, total_blocks); + fprintf(stderr, "max alloc needed was %zu\n", params.bufsize); + + // Delete stash only after successfully completing the update, as it + // may contain blocks needed to complete the update later. + DeleteStash(params.stashbase); + } else { + fprintf(stderr, "verified partition contents; update may be resumed\n"); + } + + rc = 0; + +pbiudone: + if (params.fd != -1) { + if (fsync(params.fd) == -1) { + fprintf(stderr, "fsync failed: %s\n", strerror(errno)); + } + close(params.fd); + } + + if (logcmd) { + free(logcmd); + } + + if (cmdht) { + mzHashTableFree(cmdht); + } + + if (params.buffer) { + free(params.buffer); + } + + if (transfer_list) { + free(transfer_list); + } + + if (blockdev_filename) { + FreeValue(blockdev_filename); + } + + if (transfer_list_value) { + FreeValue(transfer_list_value); + } + + if (new_data_fn) { + FreeValue(new_data_fn); + } + + if (patch_data_fn) { + FreeValue(patch_data_fn); + } + + // Only delete the stash if the update cannot be resumed, or it's + // a verification run and we created the stash. + if (params.isunresumable || (!params.canwrite && params.createdstash)) { + DeleteStash(params.stashbase); + } + + if (params.stashbase) { + free(params.stashbase); + } + + return StringValue(rc == 0 ? strdup("t") : strdup("")); +} + +// The transfer list is a text file containing commands to +// transfer data from one place to another on the target +// partition. We parse it and execute the commands in order: +// +// zero [rangeset] +// - fill the indicated blocks with zeros +// +// new [rangeset] +// - fill the blocks with data read from the new_data file +// +// erase [rangeset] +// - mark the given blocks as empty +// +// move <...> +// bsdiff <...> +// imgdiff <...> +// - read the source blocks, apply a patch (or not in the +// case of move), write result to target blocks. bsdiff or +// imgdiff specifies the type of patch; move means no patch +// at all. +// +// The format of <...> differs between versions 1 and 2; +// see the LoadSrcTgtVersion{1,2}() functions for a +// description of what's expected. +// +// stash +// - (version 2+ only) load the given source range and stash +// the data in the given slot of the stash table. +// +// The creator of the transfer list will guarantee that no block +// is read (ie, used as the source for a patch or move) after it +// has been written. +// +// In version 2, the creator will guarantee that a given stash is +// loaded (with a stash command) before it's used in a +// move/bsdiff/imgdiff command. +// +// Within one command the source and target ranges may overlap so +// in general we need to read the entire source into memory before +// writing anything to the target blocks. +// +// All the patch data is concatenated into one patch_data file in +// the update package. It must be stored uncompressed because we +// memory-map it in directly from the archive. (Since patches are +// already compressed, we lose very little by not compressing +// their concatenation.) +// +// In version 3, commands that read data from the partition (i.e. +// move/bsdiff/imgdiff/stash) have one or more additional hashes +// before the range parameters, which are used to check if the +// command has already been completed and verify the integrity of +// the source data. + +Value* BlockImageVerifyFn(const char* name, State* state, int argc, Expr* argv[]) { + // Commands which are not tested are set to NULL to skip them completely + const Command commands[] = { + { "bsdiff", PerformCommandDiff }, + { "erase", NULL }, + { "free", PerformCommandFree }, + { "imgdiff", PerformCommandDiff }, + { "move", PerformCommandMove }, + { "new", NULL }, + { "stash", PerformCommandStash }, + { "zero", NULL } + }; + + // Perform a dry run without writing to test if an update can proceed + return PerformBlockImageUpdate(name, state, argc, argv, commands, + sizeof(commands) / sizeof(commands[0]), 1); +} + +Value* BlockImageUpdateFn(const char* name, State* state, int argc, Expr* argv[]) { + const Command commands[] = { + { "bsdiff", PerformCommandDiff }, + { "erase", PerformCommandErase }, + { "free", PerformCommandFree }, + { "imgdiff", PerformCommandDiff }, + { "move", PerformCommandMove }, + { "new", PerformCommandNew }, + { "stash", PerformCommandStash }, + { "zero", PerformCommandZero } + }; + + return PerformBlockImageUpdate(name, state, argc, argv, commands, + sizeof(commands) / sizeof(commands[0]), 0); +} + +Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { + Value* blockdev_filename; + Value* ranges; + const uint8_t* digest = NULL; + if (ReadValueArgs(state, argv, 2, &blockdev_filename, &ranges) < 0) { + return NULL; + } + + if (blockdev_filename->type != VAL_STRING) { + ErrorAbort(state, "blockdev_filename argument to %s must be string", name); + goto done; + } + if (ranges->type != VAL_STRING) { + ErrorAbort(state, "ranges argument to %s must be string", name); + goto done; + } + + int fd; + fd = open(blockdev_filename->data, O_RDWR); + if (fd < 0) { + ErrorAbort(state, "open \"%s\" failed: %s", blockdev_filename->data, strerror(errno)); + goto done; + } + + RangeSet* rs; + rs = parse_range(ranges->data); + uint8_t buffer[BLOCKSIZE]; + + SHA_CTX ctx; + SHA_init(&ctx); + + int i, j; + for (i = 0; i < rs->count; ++i) { + if (!check_lseek(fd, (off64_t)rs->pos[i*2] * BLOCKSIZE, SEEK_SET)) { + ErrorAbort(state, "failed to seek %s: %s", blockdev_filename->data, + strerror(errno)); + goto done; + } + + for (j = rs->pos[i*2]; j < rs->pos[i*2+1]; ++j) { + if (read_all(fd, buffer, BLOCKSIZE) == -1) { + ErrorAbort(state, "failed to read %s: %s", blockdev_filename->data, + strerror(errno)); + goto done; + } + + SHA_update(&ctx, buffer, BLOCKSIZE); + } + } + digest = SHA_final(&ctx); + close(fd); + + done: + FreeValue(blockdev_filename); + FreeValue(ranges); + if (digest == NULL) { + return StringValue(strdup("")); + } else { + return StringValue(PrintSha1(digest)); + } +} + +void RegisterBlockImageFunctions() { + RegisterFunction("block_image_verify", BlockImageVerifyFn); + RegisterFunction("block_image_update", BlockImageUpdateFn); + RegisterFunction("range_sha1", RangeSha1Fn); +} diff --git a/updater/install.c b/updater/install.c deleted file mode 100644 index 4a0e064c3..000000000 --- a/updater/install.c +++ /dev/null @@ -1,1630 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "bootloader.h" -#include "applypatch/applypatch.h" -#include "cutils/android_reboot.h" -#include "cutils/misc.h" -#include "cutils/properties.h" -#include "edify/expr.h" -#include "mincrypt/sha.h" -#include "minzip/DirUtil.h" -#include "mtdutils/mounts.h" -#include "mtdutils/mtdutils.h" -#include "updater.h" -#include "install.h" -#include "tune2fs.h" - -#ifdef USE_EXT4 -#include "make_ext4fs.h" -#include "wipe.h" -#endif - -void uiPrint(State* state, char* buffer) { - char* line = strtok(buffer, "\n"); - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - while (line) { - fprintf(ui->cmd_pipe, "ui_print %s\n", line); - line = strtok(NULL, "\n"); - } - fprintf(ui->cmd_pipe, "ui_print\n"); - - // The recovery will only print the contents to screen for pipe command - // ui_print. We need to dump the contents to stderr (which has been - // redirected to the log file) directly. - fprintf(stderr, "%s", buffer); -} - -__attribute__((__format__(printf, 2, 3))) __nonnull((2)) -void uiPrintf(State* state, const char* format, ...) { - char error_msg[1024]; - va_list ap; - va_start(ap, format); - vsnprintf(error_msg, sizeof(error_msg), format, ap); - va_end(ap); - uiPrint(state, error_msg); -} - -// Take a sha-1 digest and return it as a newly-allocated hex string. -char* PrintSha1(const uint8_t* digest) { - char* buffer = malloc(SHA_DIGEST_SIZE*2 + 1); - int i; - const char* alphabet = "0123456789abcdef"; - for (i = 0; i < SHA_DIGEST_SIZE; ++i) { - buffer[i*2] = alphabet[(digest[i] >> 4) & 0xf]; - buffer[i*2+1] = alphabet[digest[i] & 0xf]; - } - buffer[i*2] = '\0'; - return buffer; -} - -// mount(fs_type, partition_type, location, mount_point) -// -// fs_type="yaffs2" partition_type="MTD" location=partition -// fs_type="ext4" partition_type="EMMC" location=device -Value* MountFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 4 && argc != 5) { - return ErrorAbort(state, "%s() expects 4-5 args, got %d", name, argc); - } - char* fs_type; - char* partition_type; - char* location; - char* mount_point; - char* mount_options; - bool has_mount_options; - if (argc == 5) { - has_mount_options = true; - if (ReadArgs(state, argv, 5, &fs_type, &partition_type, - &location, &mount_point, &mount_options) < 0) { - return NULL; - } - } else { - has_mount_options = false; - if (ReadArgs(state, argv, 4, &fs_type, &partition_type, - &location, &mount_point) < 0) { - return NULL; - } - } - - if (strlen(fs_type) == 0) { - ErrorAbort(state, "fs_type argument to %s() can't be empty", name); - goto done; - } - if (strlen(partition_type) == 0) { - ErrorAbort(state, "partition_type argument to %s() can't be empty", - name); - goto done; - } - if (strlen(location) == 0) { - ErrorAbort(state, "location argument to %s() can't be empty", name); - goto done; - } - if (strlen(mount_point) == 0) { - ErrorAbort(state, "mount_point argument to %s() can't be empty", name); - goto done; - } - - char *secontext = NULL; - - if (sehandle) { - selabel_lookup(sehandle, &secontext, mount_point, 0755); - setfscreatecon(secontext); - } - - mkdir(mount_point, 0755); - - if (secontext) { - freecon(secontext); - setfscreatecon(NULL); - } - - if (strcmp(partition_type, "MTD") == 0) { - mtd_scan_partitions(); - const MtdPartition* mtd; - mtd = mtd_find_partition_by_name(location); - if (mtd == NULL) { - uiPrintf(state, "%s: no mtd partition named \"%s\"", - name, location); - result = strdup(""); - goto done; - } - if (mtd_mount_partition(mtd, mount_point, fs_type, 0 /* rw */) != 0) { - uiPrintf(state, "mtd mount of %s failed: %s\n", - location, strerror(errno)); - result = strdup(""); - goto done; - } - result = mount_point; - } else { - if (mount(location, mount_point, fs_type, - MS_NOATIME | MS_NODEV | MS_NODIRATIME, - has_mount_options ? mount_options : "") < 0) { - uiPrintf(state, "%s: failed to mount %s at %s: %s\n", - name, location, mount_point, strerror(errno)); - result = strdup(""); - } else { - result = mount_point; - } - } - -done: - free(fs_type); - free(partition_type); - free(location); - if (result != mount_point) free(mount_point); - if (has_mount_options) free(mount_options); - return StringValue(result); -} - - -// is_mounted(mount_point) -Value* IsMountedFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* mount_point; - if (ReadArgs(state, argv, 1, &mount_point) < 0) { - return NULL; - } - if (strlen(mount_point) == 0) { - ErrorAbort(state, "mount_point argument to unmount() can't be empty"); - goto done; - } - - scan_mounted_volumes(); - const MountedVolume* vol = find_mounted_volume_by_mount_point(mount_point); - if (vol == NULL) { - result = strdup(""); - } else { - result = mount_point; - } - -done: - if (result != mount_point) free(mount_point); - return StringValue(result); -} - - -Value* UnmountFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* mount_point; - if (ReadArgs(state, argv, 1, &mount_point) < 0) { - return NULL; - } - if (strlen(mount_point) == 0) { - ErrorAbort(state, "mount_point argument to unmount() can't be empty"); - goto done; - } - - scan_mounted_volumes(); - const MountedVolume* vol = find_mounted_volume_by_mount_point(mount_point); - if (vol == NULL) { - uiPrintf(state, "unmount of %s failed; no such volume\n", mount_point); - result = strdup(""); - } else { - int ret = unmount_mounted_volume(vol); - if (ret != 0) { - uiPrintf(state, "unmount of %s failed (%d): %s\n", - mount_point, ret, strerror(errno)); - } - result = mount_point; - } - -done: - if (result != mount_point) free(mount_point); - return StringValue(result); -} - -static int exec_cmd(const char* path, char* const argv[]) { - int status; - pid_t child; - if ((child = vfork()) == 0) { - execv(path, argv); - _exit(-1); - } - waitpid(child, &status, 0); - if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { - printf("%s failed with status %d\n", path, WEXITSTATUS(status)); - } - return WEXITSTATUS(status); -} - - -// format(fs_type, partition_type, location, fs_size, mount_point) -// -// fs_type="yaffs2" partition_type="MTD" location=partition fs_size= mount_point= -// fs_type="ext4" partition_type="EMMC" location=device fs_size= mount_point= -// fs_type="f2fs" partition_type="EMMC" location=device fs_size= mount_point= -// if fs_size == 0, then make fs uses the entire partition. -// if fs_size > 0, that is the size to use -// if fs_size < 0, then reserve that many bytes at the end of the partition (not for "f2fs") -Value* FormatFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 5) { - return ErrorAbort(state, "%s() expects 5 args, got %d", name, argc); - } - char* fs_type; - char* partition_type; - char* location; - char* fs_size; - char* mount_point; - - if (ReadArgs(state, argv, 5, &fs_type, &partition_type, &location, &fs_size, &mount_point) < 0) { - return NULL; - } - - if (strlen(fs_type) == 0) { - ErrorAbort(state, "fs_type argument to %s() can't be empty", name); - goto done; - } - if (strlen(partition_type) == 0) { - ErrorAbort(state, "partition_type argument to %s() can't be empty", - name); - goto done; - } - if (strlen(location) == 0) { - ErrorAbort(state, "location argument to %s() can't be empty", name); - goto done; - } - - if (strlen(mount_point) == 0) { - ErrorAbort(state, "mount_point argument to %s() can't be empty", name); - goto done; - } - - if (strcmp(partition_type, "MTD") == 0) { - mtd_scan_partitions(); - const MtdPartition* mtd = mtd_find_partition_by_name(location); - if (mtd == NULL) { - printf("%s: no mtd partition named \"%s\"", - name, location); - result = strdup(""); - goto done; - } - MtdWriteContext* ctx = mtd_write_partition(mtd); - if (ctx == NULL) { - printf("%s: can't write \"%s\"", name, location); - result = strdup(""); - goto done; - } - if (mtd_erase_blocks(ctx, -1) == -1) { - mtd_write_close(ctx); - printf("%s: failed to erase \"%s\"", name, location); - result = strdup(""); - goto done; - } - if (mtd_write_close(ctx) != 0) { - printf("%s: failed to close \"%s\"", name, location); - result = strdup(""); - goto done; - } - result = location; -#ifdef USE_EXT4 - } else if (strcmp(fs_type, "ext4") == 0) { - int status = make_ext4fs(location, atoll(fs_size), mount_point, sehandle); - if (status != 0) { - printf("%s: make_ext4fs failed (%d) on %s", - name, status, location); - result = strdup(""); - goto done; - } - result = location; - } else if (strcmp(fs_type, "f2fs") == 0) { - char *num_sectors; - if (asprintf(&num_sectors, "%lld", atoll(fs_size) / 512) <= 0) { - printf("format_volume: failed to create %s command for %s\n", fs_type, location); - result = strdup(""); - goto done; - } - const char *f2fs_path = "/sbin/mkfs.f2fs"; - const char* const f2fs_argv[] = {"mkfs.f2fs", "-t", "-d1", location, num_sectors, NULL}; - int status = exec_cmd(f2fs_path, (char* const*)f2fs_argv); - free(num_sectors); - if (status != 0) { - printf("%s: mkfs.f2fs failed (%d) on %s", - name, status, location); - result = strdup(""); - goto done; - } - result = location; -#endif - } else { - printf("%s: unsupported fs_type \"%s\" partition_type \"%s\"", - name, fs_type, partition_type); - } - -done: - free(fs_type); - free(partition_type); - if (result != location) free(location); - return StringValue(result); -} - -Value* RenameFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - - char* src_name; - char* dst_name; - - if (ReadArgs(state, argv, 2, &src_name, &dst_name) < 0) { - return NULL; - } - if (strlen(src_name) == 0) { - ErrorAbort(state, "src_name argument to %s() can't be empty", name); - goto done; - } - if (strlen(dst_name) == 0) { - ErrorAbort(state, "dst_name argument to %s() can't be empty", name); - goto done; - } - if (make_parents(dst_name) != 0) { - ErrorAbort(state, "Creating parent of %s failed, error %s", - dst_name, strerror(errno)); - } else if (access(dst_name, F_OK) == 0 && access(src_name, F_OK) != 0) { - // File was already moved - result = dst_name; - } else if (rename(src_name, dst_name) != 0) { - ErrorAbort(state, "Rename of %s to %s failed, error %s", - src_name, dst_name, strerror(errno)); - } else { - result = dst_name; - } - -done: - free(src_name); - if (result != dst_name) free(dst_name); - return StringValue(result); -} - -Value* DeleteFn(const char* name, State* state, int argc, Expr* argv[]) { - char** paths = malloc(argc * sizeof(char*)); - int i; - for (i = 0; i < argc; ++i) { - paths[i] = Evaluate(state, argv[i]); - if (paths[i] == NULL) { - int j; - for (j = 0; j < i; ++i) { - free(paths[j]); - } - free(paths); - return NULL; - } - } - - bool recursive = (strcmp(name, "delete_recursive") == 0); - - int success = 0; - for (i = 0; i < argc; ++i) { - if ((recursive ? dirUnlinkHierarchy(paths[i]) : unlink(paths[i])) == 0) - ++success; - free(paths[i]); - } - free(paths); - - char buffer[10]; - sprintf(buffer, "%d", success); - return StringValue(strdup(buffer)); -} - - -Value* ShowProgressFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - char* frac_str; - char* sec_str; - if (ReadArgs(state, argv, 2, &frac_str, &sec_str) < 0) { - return NULL; - } - - double frac = strtod(frac_str, NULL); - int sec = strtol(sec_str, NULL, 10); - - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - fprintf(ui->cmd_pipe, "progress %f %d\n", frac, sec); - - free(sec_str); - return StringValue(frac_str); -} - -Value* SetProgressFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* frac_str; - if (ReadArgs(state, argv, 1, &frac_str) < 0) { - return NULL; - } - - double frac = strtod(frac_str, NULL); - - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - fprintf(ui->cmd_pipe, "set_progress %f\n", frac); - - return StringValue(frac_str); -} - -// package_extract_dir(package_path, destination_path) -Value* PackageExtractDirFn(const char* name, State* state, - int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - char* zip_path; - char* dest_path; - if (ReadArgs(state, argv, 2, &zip_path, &dest_path) < 0) return NULL; - - ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; - - // To create a consistent system image, never use the clock for timestamps. - struct utimbuf timestamp = { 1217592000, 1217592000 }; // 8/1/2008 default - - bool success = mzExtractRecursive(za, zip_path, dest_path, - ×tamp, - NULL, NULL, sehandle); - free(zip_path); - free(dest_path); - return StringValue(strdup(success ? "t" : "")); -} - - -// package_extract_file(package_path, destination_path) -// or -// package_extract_file(package_path) -// to return the entire contents of the file as the result of this -// function (the char* returned is actually a FileContents*). -Value* PackageExtractFileFn(const char* name, State* state, - int argc, Expr* argv[]) { - if (argc < 1 || argc > 2) { - return ErrorAbort(state, "%s() expects 1 or 2 args, got %d", - name, argc); - } - bool success = false; - - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - - if (argc == 2) { - // The two-argument version extracts to a file. - - ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; - - char* zip_path; - char* dest_path; - if (ReadArgs(state, argv, 2, &zip_path, &dest_path) < 0) return NULL; - - const ZipEntry* entry = mzFindZipEntry(za, zip_path); - if (entry == NULL) { - printf("%s: no %s in package\n", name, zip_path); - goto done2; - } - - FILE* f = fopen(dest_path, "wb"); - if (f == NULL) { - printf("%s: can't open %s for write: %s\n", - name, dest_path, strerror(errno)); - goto done2; - } - success = mzExtractZipEntryToFile(za, entry, fileno(f)); - fclose(f); - - done2: - free(zip_path); - free(dest_path); - return StringValue(strdup(success ? "t" : "")); - } else { - // The one-argument version returns the contents of the file - // as the result. - - char* zip_path; - Value* v = malloc(sizeof(Value)); - v->type = VAL_BLOB; - v->size = -1; - v->data = NULL; - - if (ReadArgs(state, argv, 1, &zip_path) < 0) return NULL; - - ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; - const ZipEntry* entry = mzFindZipEntry(za, zip_path); - if (entry == NULL) { - printf("%s: no %s in package\n", name, zip_path); - goto done1; - } - - v->size = mzGetZipEntryUncompLen(entry); - v->data = malloc(v->size); - if (v->data == NULL) { - printf("%s: failed to allocate %ld bytes for %s\n", - name, (long)v->size, zip_path); - goto done1; - } - - success = mzExtractZipEntryToBuffer(za, entry, - (unsigned char *)v->data); - - done1: - free(zip_path); - if (!success) { - free(v->data); - v->data = NULL; - v->size = -1; - } - return v; - } -} - -// Create all parent directories of name, if necessary. -static int make_parents(char* name) { - char* p; - for (p = name + (strlen(name)-1); p > name; --p) { - if (*p != '/') continue; - *p = '\0'; - if (make_parents(name) < 0) return -1; - int result = mkdir(name, 0700); - if (result == 0) printf("created [%s]\n", name); - *p = '/'; - if (result == 0 || errno == EEXIST) { - // successfully created or already existed; we're done - return 0; - } else { - printf("failed to mkdir %s: %s\n", name, strerror(errno)); - return -1; - } - } - return 0; -} - -// symlink target src1 src2 ... -// unlinks any previously existing src1, src2, etc before creating symlinks. -Value* SymlinkFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc == 0) { - return ErrorAbort(state, "%s() expects 1+ args, got %d", name, argc); - } - char* target; - target = Evaluate(state, argv[0]); - if (target == NULL) return NULL; - - char** srcs = ReadVarArgs(state, argc-1, argv+1); - if (srcs == NULL) { - free(target); - return NULL; - } - - int bad = 0; - int i; - for (i = 0; i < argc-1; ++i) { - if (unlink(srcs[i]) < 0) { - if (errno != ENOENT) { - printf("%s: failed to remove %s: %s\n", - name, srcs[i], strerror(errno)); - ++bad; - } - } - if (make_parents(srcs[i])) { - printf("%s: failed to symlink %s to %s: making parents failed\n", - name, srcs[i], target); - ++bad; - } - if (symlink(target, srcs[i]) < 0) { - printf("%s: failed to symlink %s to %s: %s\n", - name, srcs[i], target, strerror(errno)); - ++bad; - } - free(srcs[i]); - } - free(srcs); - if (bad) { - return ErrorAbort(state, "%s: some symlinks failed", name); - } - return StringValue(strdup("")); -} - -struct perm_parsed_args { - bool has_uid; - uid_t uid; - bool has_gid; - gid_t gid; - bool has_mode; - mode_t mode; - bool has_fmode; - mode_t fmode; - bool has_dmode; - mode_t dmode; - bool has_selabel; - char* selabel; - bool has_capabilities; - uint64_t capabilities; -}; - -static struct perm_parsed_args ParsePermArgs(State * state, int argc, char** args) { - int i; - struct perm_parsed_args parsed; - int bad = 0; - static int max_warnings = 20; - - memset(&parsed, 0, sizeof(parsed)); - - for (i = 1; i < argc; i += 2) { - if (strcmp("uid", args[i]) == 0) { - int64_t uid; - if (sscanf(args[i+1], "%" SCNd64, &uid) == 1) { - parsed.uid = uid; - parsed.has_uid = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid UID \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("gid", args[i]) == 0) { - int64_t gid; - if (sscanf(args[i+1], "%" SCNd64, &gid) == 1) { - parsed.gid = gid; - parsed.has_gid = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid GID \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("mode", args[i]) == 0) { - int32_t mode; - if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { - parsed.mode = mode; - parsed.has_mode = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid mode \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("dmode", args[i]) == 0) { - int32_t mode; - if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { - parsed.dmode = mode; - parsed.has_dmode = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid dmode \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("fmode", args[i]) == 0) { - int32_t mode; - if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { - parsed.fmode = mode; - parsed.has_fmode = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid fmode \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("capabilities", args[i]) == 0) { - int64_t capabilities; - if (sscanf(args[i+1], "%" SCNi64, &capabilities) == 1) { - parsed.capabilities = capabilities; - parsed.has_capabilities = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid capabilities \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("selabel", args[i]) == 0) { - if (args[i+1][0] != '\0') { - parsed.selabel = args[i+1]; - parsed.has_selabel = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid selabel \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (max_warnings != 0) { - printf("ParsedPermArgs: unknown key \"%s\", ignoring\n", args[i]); - max_warnings--; - if (max_warnings == 0) { - printf("ParsedPermArgs: suppressing further warnings\n"); - } - } - } - return parsed; -} - -static int ApplyParsedPerms( - State * state, - const char* filename, - const struct stat *statptr, - struct perm_parsed_args parsed) -{ - int bad = 0; - - if (parsed.has_selabel) { - if (lsetfilecon(filename, parsed.selabel) != 0) { - uiPrintf(state, "ApplyParsedPerms: lsetfilecon of %s to %s failed: %s\n", - filename, parsed.selabel, strerror(errno)); - bad++; - } - } - - /* ignore symlinks */ - if (S_ISLNK(statptr->st_mode)) { - return bad; - } - - if (parsed.has_uid) { - if (chown(filename, parsed.uid, -1) < 0) { - uiPrintf(state, "ApplyParsedPerms: chown of %s to %d failed: %s\n", - filename, parsed.uid, strerror(errno)); - bad++; - } - } - - if (parsed.has_gid) { - if (chown(filename, -1, parsed.gid) < 0) { - uiPrintf(state, "ApplyParsedPerms: chgrp of %s to %d failed: %s\n", - filename, parsed.gid, strerror(errno)); - bad++; - } - } - - if (parsed.has_mode) { - if (chmod(filename, parsed.mode) < 0) { - uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", - filename, parsed.mode, strerror(errno)); - bad++; - } - } - - if (parsed.has_dmode && S_ISDIR(statptr->st_mode)) { - if (chmod(filename, parsed.dmode) < 0) { - uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", - filename, parsed.dmode, strerror(errno)); - bad++; - } - } - - if (parsed.has_fmode && S_ISREG(statptr->st_mode)) { - if (chmod(filename, parsed.fmode) < 0) { - uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", - filename, parsed.fmode, strerror(errno)); - bad++; - } - } - - if (parsed.has_capabilities && S_ISREG(statptr->st_mode)) { - if (parsed.capabilities == 0) { - if ((removexattr(filename, XATTR_NAME_CAPS) == -1) && (errno != ENODATA)) { - // Report failure unless it's ENODATA (attribute not set) - uiPrintf(state, "ApplyParsedPerms: removexattr of %s to %" PRIx64 " failed: %s\n", - filename, parsed.capabilities, strerror(errno)); - bad++; - } - } else { - struct vfs_cap_data cap_data; - memset(&cap_data, 0, sizeof(cap_data)); - cap_data.magic_etc = VFS_CAP_REVISION | VFS_CAP_FLAGS_EFFECTIVE; - cap_data.data[0].permitted = (uint32_t) (parsed.capabilities & 0xffffffff); - cap_data.data[0].inheritable = 0; - cap_data.data[1].permitted = (uint32_t) (parsed.capabilities >> 32); - cap_data.data[1].inheritable = 0; - if (setxattr(filename, XATTR_NAME_CAPS, &cap_data, sizeof(cap_data), 0) < 0) { - uiPrintf(state, "ApplyParsedPerms: setcap of %s to %" PRIx64 " failed: %s\n", - filename, parsed.capabilities, strerror(errno)); - bad++; - } - } - } - - return bad; -} - -// nftw doesn't allow us to pass along context, so we need to use -// global variables. *sigh* -static struct perm_parsed_args recursive_parsed_args; -static State* recursive_state; - -static int do_SetMetadataRecursive(const char* filename, const struct stat *statptr, - int fileflags, struct FTW *pfwt) { - return ApplyParsedPerms(recursive_state, filename, statptr, recursive_parsed_args); -} - -static Value* SetMetadataFn(const char* name, State* state, int argc, Expr* argv[]) { - int i; - int bad = 0; - static int nwarnings = 0; - struct stat sb; - Value* result = NULL; - - bool recursive = (strcmp(name, "set_metadata_recursive") == 0); - - if ((argc % 2) != 1) { - return ErrorAbort(state, "%s() expects an odd number of arguments, got %d", - name, argc); - } - - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) return NULL; - - if (lstat(args[0], &sb) == -1) { - result = ErrorAbort(state, "%s: Error on lstat of \"%s\": %s", name, args[0], strerror(errno)); - goto done; - } - - struct perm_parsed_args parsed = ParsePermArgs(state, argc, args); - - if (recursive) { - recursive_parsed_args = parsed; - recursive_state = state; - bad += nftw(args[0], do_SetMetadataRecursive, 30, FTW_CHDIR | FTW_DEPTH | FTW_PHYS); - memset(&recursive_parsed_args, 0, sizeof(recursive_parsed_args)); - recursive_state = NULL; - } else { - bad += ApplyParsedPerms(state, args[0], &sb, parsed); - } - -done: - for (i = 0; i < argc; ++i) { - free(args[i]); - } - free(args); - - if (result != NULL) { - return result; - } - - if (bad > 0) { - return ErrorAbort(state, "%s: some changes failed", name); - } - - return StringValue(strdup("")); -} - -Value* GetPropFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* key; - key = Evaluate(state, argv[0]); - if (key == NULL) return NULL; - - char value[PROPERTY_VALUE_MAX]; - property_get(key, value, ""); - free(key); - - return StringValue(strdup(value)); -} - - -// file_getprop(file, key) -// -// interprets 'file' as a getprop-style file (key=value pairs, one -// per line. # comment lines,blank lines, lines without '=' ignored), -// and returns the value for 'key' (or "" if it isn't defined). -Value* FileGetPropFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - char* buffer = NULL; - char* filename; - char* key; - if (ReadArgs(state, argv, 2, &filename, &key) < 0) { - return NULL; - } - - struct stat st; - if (stat(filename, &st) < 0) { - ErrorAbort(state, "%s: failed to stat \"%s\": %s", - name, filename, strerror(errno)); - goto done; - } - -#define MAX_FILE_GETPROP_SIZE 65536 - - if (st.st_size > MAX_FILE_GETPROP_SIZE) { - ErrorAbort(state, "%s too large for %s (max %d)", - filename, name, MAX_FILE_GETPROP_SIZE); - goto done; - } - - buffer = malloc(st.st_size+1); - if (buffer == NULL) { - ErrorAbort(state, "%s: failed to alloc %lld bytes", name, (long long)st.st_size+1); - goto done; - } - - FILE* f = fopen(filename, "rb"); - if (f == NULL) { - ErrorAbort(state, "%s: failed to open %s: %s", - name, filename, strerror(errno)); - goto done; - } - - if (fread(buffer, 1, st.st_size, f) != st.st_size) { - ErrorAbort(state, "%s: failed to read %lld bytes from %s", - name, (long long)st.st_size+1, filename); - fclose(f); - goto done; - } - buffer[st.st_size] = '\0'; - - fclose(f); - - char* line = strtok(buffer, "\n"); - do { - // skip whitespace at start of line - while (*line && isspace(*line)) ++line; - - // comment or blank line: skip to next line - if (*line == '\0' || *line == '#') continue; - - char* equal = strchr(line, '='); - if (equal == NULL) { - continue; - } - - // trim whitespace between key and '=' - char* key_end = equal-1; - while (key_end > line && isspace(*key_end)) --key_end; - key_end[1] = '\0'; - - // not the key we're looking for - if (strcmp(key, line) != 0) continue; - - // skip whitespace after the '=' to the start of the value - char* val_start = equal+1; - while(*val_start && isspace(*val_start)) ++val_start; - - // trim trailing whitespace - char* val_end = val_start + strlen(val_start)-1; - while (val_end > val_start && isspace(*val_end)) --val_end; - val_end[1] = '\0'; - - result = strdup(val_start); - break; - - } while ((line = strtok(NULL, "\n"))); - - if (result == NULL) result = strdup(""); - - done: - free(filename); - free(key); - free(buffer); - return StringValue(result); -} - - -static bool write_raw_image_cb(const unsigned char* data, - int data_len, void* ctx) { - int r = mtd_write_data((MtdWriteContext*)ctx, (const char *)data, data_len); - if (r == data_len) return true; - printf("%s\n", strerror(errno)); - return false; -} - -// write_raw_image(filename_or_blob, partition) -Value* WriteRawImageFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - - Value* partition_value; - Value* contents; - if (ReadValueArgs(state, argv, 2, &contents, &partition_value) < 0) { - return NULL; - } - - char* partition = NULL; - if (partition_value->type != VAL_STRING) { - ErrorAbort(state, "partition argument to %s must be string", name); - goto done; - } - partition = partition_value->data; - if (strlen(partition) == 0) { - ErrorAbort(state, "partition argument to %s can't be empty", name); - goto done; - } - if (contents->type == VAL_STRING && strlen((char*) contents->data) == 0) { - ErrorAbort(state, "file argument to %s can't be empty", name); - goto done; - } - - mtd_scan_partitions(); - const MtdPartition* mtd = mtd_find_partition_by_name(partition); - if (mtd == NULL) { - printf("%s: no mtd partition named \"%s\"\n", name, partition); - result = strdup(""); - goto done; - } - - MtdWriteContext* ctx = mtd_write_partition(mtd); - if (ctx == NULL) { - printf("%s: can't write mtd partition \"%s\"\n", - name, partition); - result = strdup(""); - goto done; - } - - bool success; - - if (contents->type == VAL_STRING) { - // we're given a filename as the contents - char* filename = contents->data; - FILE* f = fopen(filename, "rb"); - if (f == NULL) { - printf("%s: can't open %s: %s\n", - name, filename, strerror(errno)); - result = strdup(""); - goto done; - } - - success = true; - char* buffer = malloc(BUFSIZ); - int read; - while (success && (read = fread(buffer, 1, BUFSIZ, f)) > 0) { - int wrote = mtd_write_data(ctx, buffer, read); - success = success && (wrote == read); - } - free(buffer); - fclose(f); - } else { - // we're given a blob as the contents - ssize_t wrote = mtd_write_data(ctx, contents->data, contents->size); - success = (wrote == contents->size); - } - if (!success) { - printf("mtd_write_data to %s failed: %s\n", - partition, strerror(errno)); - } - - if (mtd_erase_blocks(ctx, -1) == -1) { - printf("%s: error erasing blocks of %s\n", name, partition); - } - if (mtd_write_close(ctx) != 0) { - printf("%s: error closing write of %s\n", name, partition); - } - - printf("%s %s partition\n", - success ? "wrote" : "failed to write", partition); - - result = success ? partition : strdup(""); - -done: - if (result != partition) FreeValue(partition_value); - FreeValue(contents); - return StringValue(result); -} - -// apply_patch_space(bytes) -Value* ApplyPatchSpaceFn(const char* name, State* state, - int argc, Expr* argv[]) { - char* bytes_str; - if (ReadArgs(state, argv, 1, &bytes_str) < 0) { - return NULL; - } - - char* endptr; - size_t bytes = strtol(bytes_str, &endptr, 10); - if (bytes == 0 && endptr == bytes_str) { - ErrorAbort(state, "%s(): can't parse \"%s\" as byte count\n\n", - name, bytes_str); - free(bytes_str); - return NULL; - } - - return StringValue(strdup(CacheSizeCheck(bytes) ? "" : "t")); -} - -// apply_patch(file, size, init_sha1, tgt_sha1, patch) - -Value* ApplyPatchFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc < 6 || (argc % 2) == 1) { - return ErrorAbort(state, "%s(): expected at least 6 args and an " - "even number, got %d", - name, argc); - } - - char* source_filename; - char* target_filename; - char* target_sha1; - char* target_size_str; - if (ReadArgs(state, argv, 4, &source_filename, &target_filename, - &target_sha1, &target_size_str) < 0) { - return NULL; - } - - char* endptr; - size_t target_size = strtol(target_size_str, &endptr, 10); - if (target_size == 0 && endptr == target_size_str) { - ErrorAbort(state, "%s(): can't parse \"%s\" as byte count", - name, target_size_str); - free(source_filename); - free(target_filename); - free(target_sha1); - free(target_size_str); - return NULL; - } - - int patchcount = (argc-4) / 2; - Value** patches = ReadValueVarArgs(state, argc-4, argv+4); - - int i; - for (i = 0; i < patchcount; ++i) { - if (patches[i*2]->type != VAL_STRING) { - ErrorAbort(state, "%s(): sha-1 #%d is not string", name, i); - break; - } - if (patches[i*2+1]->type != VAL_BLOB) { - ErrorAbort(state, "%s(): patch #%d is not blob", name, i); - break; - } - } - if (i != patchcount) { - for (i = 0; i < patchcount*2; ++i) { - FreeValue(patches[i]); - } - free(patches); - return NULL; - } - - char** patch_sha_str = malloc(patchcount * sizeof(char*)); - for (i = 0; i < patchcount; ++i) { - patch_sha_str[i] = patches[i*2]->data; - patches[i*2]->data = NULL; - FreeValue(patches[i*2]); - patches[i] = patches[i*2+1]; - } - - int result = applypatch(source_filename, target_filename, - target_sha1, target_size, - patchcount, patch_sha_str, patches, NULL); - - for (i = 0; i < patchcount; ++i) { - FreeValue(patches[i]); - } - free(patch_sha_str); - free(patches); - - return StringValue(strdup(result == 0 ? "t" : "")); -} - -// apply_patch_check(file, [sha1_1, ...]) -Value* ApplyPatchCheckFn(const char* name, State* state, - int argc, Expr* argv[]) { - if (argc < 1) { - return ErrorAbort(state, "%s(): expected at least 1 arg, got %d", - name, argc); - } - - char* filename; - if (ReadArgs(state, argv, 1, &filename) < 0) { - return NULL; - } - - int patchcount = argc-1; - char** sha1s = ReadVarArgs(state, argc-1, argv+1); - - int result = applypatch_check(filename, patchcount, sha1s); - - int i; - for (i = 0; i < patchcount; ++i) { - free(sha1s[i]); - } - free(sha1s); - - return StringValue(strdup(result == 0 ? "t" : "")); -} - -Value* UIPrintFn(const char* name, State* state, int argc, Expr* argv[]) { - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) { - return NULL; - } - - int size = 0; - int i; - for (i = 0; i < argc; ++i) { - size += strlen(args[i]); - } - char* buffer = malloc(size+1); - size = 0; - for (i = 0; i < argc; ++i) { - strcpy(buffer+size, args[i]); - size += strlen(args[i]); - free(args[i]); - } - free(args); - buffer[size] = '\0'; - uiPrint(state, buffer); - return StringValue(buffer); -} - -Value* WipeCacheFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 0) { - return ErrorAbort(state, "%s() expects no args, got %d", name, argc); - } - fprintf(((UpdaterInfo*)(state->cookie))->cmd_pipe, "wipe_cache\n"); - return StringValue(strdup("t")); -} - -Value* RunProgramFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc < 1) { - return ErrorAbort(state, "%s() expects at least 1 arg", name); - } - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) { - return NULL; - } - - char** args2 = malloc(sizeof(char*) * (argc+1)); - memcpy(args2, args, sizeof(char*) * argc); - args2[argc] = NULL; - - printf("about to run program [%s] with %d args\n", args2[0], argc); - - pid_t child = fork(); - if (child == 0) { - execv(args2[0], args2); - printf("run_program: execv failed: %s\n", strerror(errno)); - _exit(1); - } - int status; - waitpid(child, &status, 0); - if (WIFEXITED(status)) { - if (WEXITSTATUS(status) != 0) { - printf("run_program: child exited with status %d\n", - WEXITSTATUS(status)); - } - } else if (WIFSIGNALED(status)) { - printf("run_program: child terminated by signal %d\n", - WTERMSIG(status)); - } - - int i; - for (i = 0; i < argc; ++i) { - free(args[i]); - } - free(args); - free(args2); - - char buffer[20]; - sprintf(buffer, "%d", status); - - return StringValue(strdup(buffer)); -} - -// sha1_check(data) -// to return the sha1 of the data (given in the format returned by -// read_file). -// -// sha1_check(data, sha1_hex, [sha1_hex, ...]) -// returns the sha1 of the file if it matches any of the hex -// strings passed, or "" if it does not equal any of them. -// -Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc < 1) { - return ErrorAbort(state, "%s() expects at least 1 arg", name); - } - - Value** args = ReadValueVarArgs(state, argc, argv); - if (args == NULL) { - return NULL; - } - - if (args[0]->size < 0) { - return StringValue(strdup("")); - } - uint8_t digest[SHA_DIGEST_SIZE]; - SHA_hash(args[0]->data, args[0]->size, digest); - FreeValue(args[0]); - - if (argc == 1) { - return StringValue(PrintSha1(digest)); - } - - int i; - uint8_t* arg_digest = malloc(SHA_DIGEST_SIZE); - for (i = 1; i < argc; ++i) { - if (args[i]->type != VAL_STRING) { - printf("%s(): arg %d is not a string; skipping", - name, i); - } else if (ParseSha1(args[i]->data, arg_digest) != 0) { - // Warn about bad args and skip them. - printf("%s(): error parsing \"%s\" as sha-1; skipping", - name, args[i]->data); - } else if (memcmp(digest, arg_digest, SHA_DIGEST_SIZE) == 0) { - break; - } - FreeValue(args[i]); - } - if (i >= argc) { - // Didn't match any of the hex strings; return false. - return StringValue(strdup("")); - } - // Found a match; free all the remaining arguments and return the - // matched one. - int j; - for (j = i+1; j < argc; ++j) { - FreeValue(args[j]); - } - return args[i]; -} - -// Read a local file and return its contents (the Value* returned -// is actually a FileContents*). -Value* ReadFileFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* filename; - if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; - - Value* v = malloc(sizeof(Value)); - v->type = VAL_BLOB; - - FileContents fc; - if (LoadFileContents(filename, &fc) != 0) { - free(filename); - v->size = -1; - v->data = NULL; - free(fc.data); - return v; - } - - v->size = fc.size; - v->data = (char*)fc.data; - - free(filename); - return v; -} - -// Immediately reboot the device. Recovery is not finished normally, -// so if you reboot into recovery it will re-start applying the -// current package (because nothing has cleared the copy of the -// arguments stored in the BCB). -// -// The argument is the partition name passed to the android reboot -// property. It can be "recovery" to boot from the recovery -// partition, or "" (empty string) to boot from the regular boot -// partition. -Value* RebootNowFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - - char* filename; - char* property; - if (ReadArgs(state, argv, 2, &filename, &property) < 0) return NULL; - - char buffer[80]; - - // zero out the 'command' field of the bootloader message. - memset(buffer, 0, sizeof(((struct bootloader_message*)0)->command)); - FILE* f = fopen(filename, "r+b"); - fseek(f, offsetof(struct bootloader_message, command), SEEK_SET); - fwrite(buffer, sizeof(((struct bootloader_message*)0)->command), 1, f); - fclose(f); - free(filename); - - strcpy(buffer, "reboot,"); - if (property != NULL) { - strncat(buffer, property, sizeof(buffer)-10); - } - - property_set(ANDROID_RB_PROPERTY, buffer); - - sleep(5); - free(property); - ErrorAbort(state, "%s() failed to reboot", name); - return NULL; -} - -// Store a string value somewhere that future invocations of recovery -// can access it. This value is called the "stage" and can be used to -// drive packages that need to do reboots in the middle of -// installation and keep track of where they are in the multi-stage -// install. -// -// The first argument is the block device for the misc partition -// ("/misc" in the fstab), which is where this value is stored. The -// second argument is the string to store; it should not exceed 31 -// bytes. -Value* SetStageFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - - char* filename; - char* stagestr; - if (ReadArgs(state, argv, 2, &filename, &stagestr) < 0) return NULL; - - // Store this value in the misc partition, immediately after the - // bootloader message that the main recovery uses to save its - // arguments in case of the device restarting midway through - // package installation. - FILE* f = fopen(filename, "r+b"); - fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); - int to_write = strlen(stagestr)+1; - int max_size = sizeof(((struct bootloader_message*)0)->stage); - if (to_write > max_size) { - to_write = max_size; - stagestr[max_size-1] = 0; - } - fwrite(stagestr, to_write, 1, f); - fclose(f); - - free(stagestr); - return StringValue(filename); -} - -// Return the value most recently saved with SetStageFn. The argument -// is the block device for the misc partition. -Value* GetStageFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - - char* filename; - if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; - - char buffer[sizeof(((struct bootloader_message*)0)->stage)]; - FILE* f = fopen(filename, "rb"); - fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); - fread(buffer, sizeof(buffer), 1, f); - fclose(f); - buffer[sizeof(buffer)-1] = '\0'; - - return StringValue(strdup(buffer)); -} - -Value* WipeBlockDeviceFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - - char* filename; - char* len_str; - if (ReadArgs(state, argv, 2, &filename, &len_str) < 0) return NULL; - - size_t len = strtoull(len_str, NULL, 0); - int fd = open(filename, O_WRONLY, 0644); - int success = wipe_block_device(fd, len); - - free(filename); - free(len_str); - - close(fd); - - return StringValue(strdup(success ? "t" : "")); -} - -Value* EnableRebootFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 0) { - return ErrorAbort(state, "%s() expects no args, got %d", name, argc); - } - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - fprintf(ui->cmd_pipe, "enable_reboot\n"); - return StringValue(strdup("t")); -} - -Value* Tune2FsFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc == 0) { - return ErrorAbort(state, "%s() expects args, got %d", name, argc); - } - - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) { - return ErrorAbort(state, "%s() could not read args", name); - } - - int i; - char** args2 = malloc(sizeof(char*) * (argc+1)); - // Tune2fs expects the program name as its args[0] - args2[0] = strdup(name); - for (i = 0; i < argc; ++i) { - args2[i + 1] = args[i]; - } - int result = tune2fs_main(argc + 1, args2); - for (i = 0; i < argc; ++i) { - free(args[i]); - } - free(args); - - free(args2[0]); - free(args2); - if (result != 0) { - return ErrorAbort(state, "%s() returned error code %d", name, result); - } - return StringValue(strdup("t")); -} - -void RegisterInstallFunctions() { - RegisterFunction("mount", MountFn); - RegisterFunction("is_mounted", IsMountedFn); - RegisterFunction("unmount", UnmountFn); - RegisterFunction("format", FormatFn); - RegisterFunction("show_progress", ShowProgressFn); - RegisterFunction("set_progress", SetProgressFn); - RegisterFunction("delete", DeleteFn); - RegisterFunction("delete_recursive", DeleteFn); - RegisterFunction("package_extract_dir", PackageExtractDirFn); - RegisterFunction("package_extract_file", PackageExtractFileFn); - RegisterFunction("symlink", SymlinkFn); - - // Usage: - // set_metadata("filename", "key1", "value1", "key2", "value2", ...) - // Example: - // set_metadata("/system/bin/netcfg", "uid", 0, "gid", 3003, "mode", 02750, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); - RegisterFunction("set_metadata", SetMetadataFn); - - // Usage: - // set_metadata_recursive("dirname", "key1", "value1", "key2", "value2", ...) - // Example: - // set_metadata_recursive("/system", "uid", 0, "gid", 0, "fmode", 0644, "dmode", 0755, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); - RegisterFunction("set_metadata_recursive", SetMetadataFn); - - RegisterFunction("getprop", GetPropFn); - RegisterFunction("file_getprop", FileGetPropFn); - RegisterFunction("write_raw_image", WriteRawImageFn); - - RegisterFunction("apply_patch", ApplyPatchFn); - RegisterFunction("apply_patch_check", ApplyPatchCheckFn); - RegisterFunction("apply_patch_space", ApplyPatchSpaceFn); - - RegisterFunction("wipe_block_device", WipeBlockDeviceFn); - - RegisterFunction("read_file", ReadFileFn); - RegisterFunction("sha1_check", Sha1CheckFn); - RegisterFunction("rename", RenameFn); - - RegisterFunction("wipe_cache", WipeCacheFn); - - RegisterFunction("ui_print", UIPrintFn); - - RegisterFunction("run_program", RunProgramFn); - - RegisterFunction("reboot_now", RebootNowFn); - RegisterFunction("get_stage", GetStageFn); - RegisterFunction("set_stage", SetStageFn); - - RegisterFunction("enable_reboot", EnableRebootFn); - RegisterFunction("tune2fs", Tune2FsFn); -} diff --git a/updater/install.cpp b/updater/install.cpp new file mode 100644 index 000000000..422a1bb1e --- /dev/null +++ b/updater/install.cpp @@ -0,0 +1,1622 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "bootloader.h" +#include "applypatch/applypatch.h" +#include "cutils/android_reboot.h" +#include "cutils/misc.h" +#include "cutils/properties.h" +#include "edify/expr.h" +#include "mincrypt/sha.h" +#include "minzip/DirUtil.h" +#include "mtdutils/mounts.h" +#include "mtdutils/mtdutils.h" +#include "updater.h" +#include "install.h" +#include "tune2fs.h" + +#ifdef USE_EXT4 +#include "make_ext4fs.h" +#include "wipe.h" +#endif + +void uiPrint(State* state, char* buffer) { + char* line = strtok(buffer, "\n"); + UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); + while (line) { + fprintf(ui->cmd_pipe, "ui_print %s\n", line); + line = strtok(NULL, "\n"); + } + fprintf(ui->cmd_pipe, "ui_print\n"); + + // The recovery will only print the contents to screen for pipe command + // ui_print. We need to dump the contents to stderr (which has been + // redirected to the log file) directly. + fprintf(stderr, "%s", buffer); +} + +__attribute__((__format__(printf, 2, 3))) __nonnull((2)) +void uiPrintf(State* state, const char* format, ...) { + char error_msg[1024]; + va_list ap; + va_start(ap, format); + vsnprintf(error_msg, sizeof(error_msg), format, ap); + va_end(ap); + uiPrint(state, error_msg); +} + +// Take a sha-1 digest and return it as a newly-allocated hex string. +char* PrintSha1(const uint8_t* digest) { + char* buffer = reinterpret_cast(malloc(SHA_DIGEST_SIZE*2 + 1)); + const char* alphabet = "0123456789abcdef"; + size_t i; + for (i = 0; i < SHA_DIGEST_SIZE; ++i) { + buffer[i*2] = alphabet[(digest[i] >> 4) & 0xf]; + buffer[i*2+1] = alphabet[digest[i] & 0xf]; + } + buffer[i*2] = '\0'; + return buffer; +} + +// mount(fs_type, partition_type, location, mount_point) +// +// fs_type="yaffs2" partition_type="MTD" location=partition +// fs_type="ext4" partition_type="EMMC" location=device +Value* MountFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 4 && argc != 5) { + return ErrorAbort(state, "%s() expects 4-5 args, got %d", name, argc); + } + char* fs_type; + char* partition_type; + char* location; + char* mount_point; + char* mount_options; + bool has_mount_options; + if (argc == 5) { + has_mount_options = true; + if (ReadArgs(state, argv, 5, &fs_type, &partition_type, + &location, &mount_point, &mount_options) < 0) { + return NULL; + } + } else { + has_mount_options = false; + if (ReadArgs(state, argv, 4, &fs_type, &partition_type, + &location, &mount_point) < 0) { + return NULL; + } + } + + if (strlen(fs_type) == 0) { + ErrorAbort(state, "fs_type argument to %s() can't be empty", name); + goto done; + } + if (strlen(partition_type) == 0) { + ErrorAbort(state, "partition_type argument to %s() can't be empty", + name); + goto done; + } + if (strlen(location) == 0) { + ErrorAbort(state, "location argument to %s() can't be empty", name); + goto done; + } + if (strlen(mount_point) == 0) { + ErrorAbort(state, "mount_point argument to %s() can't be empty", name); + goto done; + } + + { + char *secontext = NULL; + + if (sehandle) { + selabel_lookup(sehandle, &secontext, mount_point, 0755); + setfscreatecon(secontext); + } + + mkdir(mount_point, 0755); + + if (secontext) { + freecon(secontext); + setfscreatecon(NULL); + } + } + + if (strcmp(partition_type, "MTD") == 0) { + mtd_scan_partitions(); + const MtdPartition* mtd; + mtd = mtd_find_partition_by_name(location); + if (mtd == NULL) { + uiPrintf(state, "%s: no mtd partition named \"%s\"", + name, location); + result = strdup(""); + goto done; + } + if (mtd_mount_partition(mtd, mount_point, fs_type, 0 /* rw */) != 0) { + uiPrintf(state, "mtd mount of %s failed: %s\n", + location, strerror(errno)); + result = strdup(""); + goto done; + } + result = mount_point; + } else { + if (mount(location, mount_point, fs_type, + MS_NOATIME | MS_NODEV | MS_NODIRATIME, + has_mount_options ? mount_options : "") < 0) { + uiPrintf(state, "%s: failed to mount %s at %s: %s\n", + name, location, mount_point, strerror(errno)); + result = strdup(""); + } else { + result = mount_point; + } + } + +done: + free(fs_type); + free(partition_type); + free(location); + if (result != mount_point) free(mount_point); + if (has_mount_options) free(mount_options); + return StringValue(result); +} + + +// is_mounted(mount_point) +Value* IsMountedFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* mount_point; + if (ReadArgs(state, argv, 1, &mount_point) < 0) { + return NULL; + } + if (strlen(mount_point) == 0) { + ErrorAbort(state, "mount_point argument to unmount() can't be empty"); + goto done; + } + + scan_mounted_volumes(); + { + const MountedVolume* vol = find_mounted_volume_by_mount_point(mount_point); + if (vol == NULL) { + result = strdup(""); + } else { + result = mount_point; + } + } + +done: + if (result != mount_point) free(mount_point); + return StringValue(result); +} + + +Value* UnmountFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* mount_point; + if (ReadArgs(state, argv, 1, &mount_point) < 0) { + return NULL; + } + if (strlen(mount_point) == 0) { + ErrorAbort(state, "mount_point argument to unmount() can't be empty"); + goto done; + } + + scan_mounted_volumes(); + { + const MountedVolume* vol = find_mounted_volume_by_mount_point(mount_point); + if (vol == NULL) { + uiPrintf(state, "unmount of %s failed; no such volume\n", mount_point); + result = strdup(""); + } else { + int ret = unmount_mounted_volume(vol); + if (ret != 0) { + uiPrintf(state, "unmount of %s failed (%d): %s\n", + mount_point, ret, strerror(errno)); + } + result = mount_point; + } + } + +done: + if (result != mount_point) free(mount_point); + return StringValue(result); +} + +static int exec_cmd(const char* path, char* const argv[]) { + int status; + pid_t child; + if ((child = vfork()) == 0) { + execv(path, argv); + _exit(-1); + } + waitpid(child, &status, 0); + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { + printf("%s failed with status %d\n", path, WEXITSTATUS(status)); + } + return WEXITSTATUS(status); +} + + +// format(fs_type, partition_type, location, fs_size, mount_point) +// +// fs_type="yaffs2" partition_type="MTD" location=partition fs_size= mount_point= +// fs_type="ext4" partition_type="EMMC" location=device fs_size= mount_point= +// fs_type="f2fs" partition_type="EMMC" location=device fs_size= mount_point= +// if fs_size == 0, then make fs uses the entire partition. +// if fs_size > 0, that is the size to use +// if fs_size < 0, then reserve that many bytes at the end of the partition (not for "f2fs") +Value* FormatFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 5) { + return ErrorAbort(state, "%s() expects 5 args, got %d", name, argc); + } + char* fs_type; + char* partition_type; + char* location; + char* fs_size; + char* mount_point; + + if (ReadArgs(state, argv, 5, &fs_type, &partition_type, &location, &fs_size, &mount_point) < 0) { + return NULL; + } + + if (strlen(fs_type) == 0) { + ErrorAbort(state, "fs_type argument to %s() can't be empty", name); + goto done; + } + if (strlen(partition_type) == 0) { + ErrorAbort(state, "partition_type argument to %s() can't be empty", + name); + goto done; + } + if (strlen(location) == 0) { + ErrorAbort(state, "location argument to %s() can't be empty", name); + goto done; + } + + if (strlen(mount_point) == 0) { + ErrorAbort(state, "mount_point argument to %s() can't be empty", name); + goto done; + } + + if (strcmp(partition_type, "MTD") == 0) { + mtd_scan_partitions(); + const MtdPartition* mtd = mtd_find_partition_by_name(location); + if (mtd == NULL) { + printf("%s: no mtd partition named \"%s\"", + name, location); + result = strdup(""); + goto done; + } + MtdWriteContext* ctx = mtd_write_partition(mtd); + if (ctx == NULL) { + printf("%s: can't write \"%s\"", name, location); + result = strdup(""); + goto done; + } + if (mtd_erase_blocks(ctx, -1) == -1) { + mtd_write_close(ctx); + printf("%s: failed to erase \"%s\"", name, location); + result = strdup(""); + goto done; + } + if (mtd_write_close(ctx) != 0) { + printf("%s: failed to close \"%s\"", name, location); + result = strdup(""); + goto done; + } + result = location; +#ifdef USE_EXT4 + } else if (strcmp(fs_type, "ext4") == 0) { + int status = make_ext4fs(location, atoll(fs_size), mount_point, sehandle); + if (status != 0) { + printf("%s: make_ext4fs failed (%d) on %s", + name, status, location); + result = strdup(""); + goto done; + } + result = location; + } else if (strcmp(fs_type, "f2fs") == 0) { + char *num_sectors; + if (asprintf(&num_sectors, "%lld", atoll(fs_size) / 512) <= 0) { + printf("format_volume: failed to create %s command for %s\n", fs_type, location); + result = strdup(""); + goto done; + } + const char *f2fs_path = "/sbin/mkfs.f2fs"; + const char* const f2fs_argv[] = {"mkfs.f2fs", "-t", "-d1", location, num_sectors, NULL}; + int status = exec_cmd(f2fs_path, (char* const*)f2fs_argv); + free(num_sectors); + if (status != 0) { + printf("%s: mkfs.f2fs failed (%d) on %s", + name, status, location); + result = strdup(""); + goto done; + } + result = location; +#endif + } else { + printf("%s: unsupported fs_type \"%s\" partition_type \"%s\"", + name, fs_type, partition_type); + } + +done: + free(fs_type); + free(partition_type); + if (result != location) free(location); + return StringValue(result); +} + +Value* RenameFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + + char* src_name; + char* dst_name; + + if (ReadArgs(state, argv, 2, &src_name, &dst_name) < 0) { + return NULL; + } + if (strlen(src_name) == 0) { + ErrorAbort(state, "src_name argument to %s() can't be empty", name); + goto done; + } + if (strlen(dst_name) == 0) { + ErrorAbort(state, "dst_name argument to %s() can't be empty", name); + goto done; + } + if (make_parents(dst_name) != 0) { + ErrorAbort(state, "Creating parent of %s failed, error %s", + dst_name, strerror(errno)); + } else if (access(dst_name, F_OK) == 0 && access(src_name, F_OK) != 0) { + // File was already moved + result = dst_name; + } else if (rename(src_name, dst_name) != 0) { + ErrorAbort(state, "Rename of %s to %s failed, error %s", + src_name, dst_name, strerror(errno)); + } else { + result = dst_name; + } + +done: + free(src_name); + if (result != dst_name) free(dst_name); + return StringValue(result); +} + +Value* DeleteFn(const char* name, State* state, int argc, Expr* argv[]) { + char** paths = reinterpret_cast(malloc(argc * sizeof(char*))); + for (int i = 0; i < argc; ++i) { + paths[i] = Evaluate(state, argv[i]); + if (paths[i] == NULL) { + int j; + for (j = 0; j < i; ++i) { + free(paths[j]); + } + free(paths); + return NULL; + } + } + + bool recursive = (strcmp(name, "delete_recursive") == 0); + + int success = 0; + for (int i = 0; i < argc; ++i) { + if ((recursive ? dirUnlinkHierarchy(paths[i]) : unlink(paths[i])) == 0) + ++success; + free(paths[i]); + } + free(paths); + + char buffer[10]; + sprintf(buffer, "%d", success); + return StringValue(strdup(buffer)); +} + + +Value* ShowProgressFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + char* frac_str; + char* sec_str; + if (ReadArgs(state, argv, 2, &frac_str, &sec_str) < 0) { + return NULL; + } + + double frac = strtod(frac_str, NULL); + int sec = strtol(sec_str, NULL, 10); + + UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); + fprintf(ui->cmd_pipe, "progress %f %d\n", frac, sec); + + free(sec_str); + return StringValue(frac_str); +} + +Value* SetProgressFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* frac_str; + if (ReadArgs(state, argv, 1, &frac_str) < 0) { + return NULL; + } + + double frac = strtod(frac_str, NULL); + + UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); + fprintf(ui->cmd_pipe, "set_progress %f\n", frac); + + return StringValue(frac_str); +} + +// package_extract_dir(package_path, destination_path) +Value* PackageExtractDirFn(const char* name, State* state, + int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + char* zip_path; + char* dest_path; + if (ReadArgs(state, argv, 2, &zip_path, &dest_path) < 0) return NULL; + + ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; + + // To create a consistent system image, never use the clock for timestamps. + struct utimbuf timestamp = { 1217592000, 1217592000 }; // 8/1/2008 default + + bool success = mzExtractRecursive(za, zip_path, dest_path, + ×tamp, + NULL, NULL, sehandle); + free(zip_path); + free(dest_path); + return StringValue(strdup(success ? "t" : "")); +} + + +// package_extract_file(package_path, destination_path) +// or +// package_extract_file(package_path) +// to return the entire contents of the file as the result of this +// function (the char* returned is actually a FileContents*). +Value* PackageExtractFileFn(const char* name, State* state, + int argc, Expr* argv[]) { + if (argc < 1 || argc > 2) { + return ErrorAbort(state, "%s() expects 1 or 2 args, got %d", + name, argc); + } + bool success = false; + + if (argc == 2) { + // The two-argument version extracts to a file. + + ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; + + char* zip_path; + char* dest_path; + if (ReadArgs(state, argv, 2, &zip_path, &dest_path) < 0) return NULL; + + const ZipEntry* entry = mzFindZipEntry(za, zip_path); + if (entry == NULL) { + printf("%s: no %s in package\n", name, zip_path); + goto done2; + } + + { + FILE* f = fopen(dest_path, "wb"); + if (f == NULL) { + printf("%s: can't open %s for write: %s\n", + name, dest_path, strerror(errno)); + goto done2; + } + success = mzExtractZipEntryToFile(za, entry, fileno(f)); + fclose(f); + } + + done2: + free(zip_path); + free(dest_path); + return StringValue(strdup(success ? "t" : "")); + } else { + // The one-argument version returns the contents of the file + // as the result. + + char* zip_path; + Value* v = reinterpret_cast(malloc(sizeof(Value))); + v->type = VAL_BLOB; + v->size = -1; + v->data = NULL; + + if (ReadArgs(state, argv, 1, &zip_path) < 0) return NULL; + + ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; + const ZipEntry* entry = mzFindZipEntry(za, zip_path); + if (entry == NULL) { + printf("%s: no %s in package\n", name, zip_path); + goto done1; + } + + v->size = mzGetZipEntryUncompLen(entry); + v->data = reinterpret_cast(malloc(v->size)); + if (v->data == NULL) { + printf("%s: failed to allocate %ld bytes for %s\n", + name, (long)v->size, zip_path); + goto done1; + } + + success = mzExtractZipEntryToBuffer(za, entry, + (unsigned char *)v->data); + + done1: + free(zip_path); + if (!success) { + free(v->data); + v->data = NULL; + v->size = -1; + } + return v; + } +} + +// Create all parent directories of name, if necessary. +static int make_parents(char* name) { + char* p; + for (p = name + (strlen(name)-1); p > name; --p) { + if (*p != '/') continue; + *p = '\0'; + if (make_parents(name) < 0) return -1; + int result = mkdir(name, 0700); + if (result == 0) printf("created [%s]\n", name); + *p = '/'; + if (result == 0 || errno == EEXIST) { + // successfully created or already existed; we're done + return 0; + } else { + printf("failed to mkdir %s: %s\n", name, strerror(errno)); + return -1; + } + } + return 0; +} + +// symlink target src1 src2 ... +// unlinks any previously existing src1, src2, etc before creating symlinks. +Value* SymlinkFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc == 0) { + return ErrorAbort(state, "%s() expects 1+ args, got %d", name, argc); + } + char* target; + target = Evaluate(state, argv[0]); + if (target == NULL) return NULL; + + char** srcs = ReadVarArgs(state, argc-1, argv+1); + if (srcs == NULL) { + free(target); + return NULL; + } + + int bad = 0; + int i; + for (i = 0; i < argc-1; ++i) { + if (unlink(srcs[i]) < 0) { + if (errno != ENOENT) { + printf("%s: failed to remove %s: %s\n", + name, srcs[i], strerror(errno)); + ++bad; + } + } + if (make_parents(srcs[i])) { + printf("%s: failed to symlink %s to %s: making parents failed\n", + name, srcs[i], target); + ++bad; + } + if (symlink(target, srcs[i]) < 0) { + printf("%s: failed to symlink %s to %s: %s\n", + name, srcs[i], target, strerror(errno)); + ++bad; + } + free(srcs[i]); + } + free(srcs); + if (bad) { + return ErrorAbort(state, "%s: some symlinks failed", name); + } + return StringValue(strdup("")); +} + +struct perm_parsed_args { + bool has_uid; + uid_t uid; + bool has_gid; + gid_t gid; + bool has_mode; + mode_t mode; + bool has_fmode; + mode_t fmode; + bool has_dmode; + mode_t dmode; + bool has_selabel; + char* selabel; + bool has_capabilities; + uint64_t capabilities; +}; + +static struct perm_parsed_args ParsePermArgs(State * state, int argc, char** args) { + int i; + struct perm_parsed_args parsed; + int bad = 0; + static int max_warnings = 20; + + memset(&parsed, 0, sizeof(parsed)); + + for (i = 1; i < argc; i += 2) { + if (strcmp("uid", args[i]) == 0) { + int64_t uid; + if (sscanf(args[i+1], "%" SCNd64, &uid) == 1) { + parsed.uid = uid; + parsed.has_uid = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid UID \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("gid", args[i]) == 0) { + int64_t gid; + if (sscanf(args[i+1], "%" SCNd64, &gid) == 1) { + parsed.gid = gid; + parsed.has_gid = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid GID \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("mode", args[i]) == 0) { + int32_t mode; + if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { + parsed.mode = mode; + parsed.has_mode = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid mode \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("dmode", args[i]) == 0) { + int32_t mode; + if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { + parsed.dmode = mode; + parsed.has_dmode = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid dmode \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("fmode", args[i]) == 0) { + int32_t mode; + if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { + parsed.fmode = mode; + parsed.has_fmode = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid fmode \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("capabilities", args[i]) == 0) { + int64_t capabilities; + if (sscanf(args[i+1], "%" SCNi64, &capabilities) == 1) { + parsed.capabilities = capabilities; + parsed.has_capabilities = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid capabilities \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("selabel", args[i]) == 0) { + if (args[i+1][0] != '\0') { + parsed.selabel = args[i+1]; + parsed.has_selabel = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid selabel \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (max_warnings != 0) { + printf("ParsedPermArgs: unknown key \"%s\", ignoring\n", args[i]); + max_warnings--; + if (max_warnings == 0) { + printf("ParsedPermArgs: suppressing further warnings\n"); + } + } + } + return parsed; +} + +static int ApplyParsedPerms( + State * state, + const char* filename, + const struct stat *statptr, + struct perm_parsed_args parsed) +{ + int bad = 0; + + if (parsed.has_selabel) { + if (lsetfilecon(filename, parsed.selabel) != 0) { + uiPrintf(state, "ApplyParsedPerms: lsetfilecon of %s to %s failed: %s\n", + filename, parsed.selabel, strerror(errno)); + bad++; + } + } + + /* ignore symlinks */ + if (S_ISLNK(statptr->st_mode)) { + return bad; + } + + if (parsed.has_uid) { + if (chown(filename, parsed.uid, -1) < 0) { + uiPrintf(state, "ApplyParsedPerms: chown of %s to %d failed: %s\n", + filename, parsed.uid, strerror(errno)); + bad++; + } + } + + if (parsed.has_gid) { + if (chown(filename, -1, parsed.gid) < 0) { + uiPrintf(state, "ApplyParsedPerms: chgrp of %s to %d failed: %s\n", + filename, parsed.gid, strerror(errno)); + bad++; + } + } + + if (parsed.has_mode) { + if (chmod(filename, parsed.mode) < 0) { + uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", + filename, parsed.mode, strerror(errno)); + bad++; + } + } + + if (parsed.has_dmode && S_ISDIR(statptr->st_mode)) { + if (chmod(filename, parsed.dmode) < 0) { + uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", + filename, parsed.dmode, strerror(errno)); + bad++; + } + } + + if (parsed.has_fmode && S_ISREG(statptr->st_mode)) { + if (chmod(filename, parsed.fmode) < 0) { + uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", + filename, parsed.fmode, strerror(errno)); + bad++; + } + } + + if (parsed.has_capabilities && S_ISREG(statptr->st_mode)) { + if (parsed.capabilities == 0) { + if ((removexattr(filename, XATTR_NAME_CAPS) == -1) && (errno != ENODATA)) { + // Report failure unless it's ENODATA (attribute not set) + uiPrintf(state, "ApplyParsedPerms: removexattr of %s to %" PRIx64 " failed: %s\n", + filename, parsed.capabilities, strerror(errno)); + bad++; + } + } else { + struct vfs_cap_data cap_data; + memset(&cap_data, 0, sizeof(cap_data)); + cap_data.magic_etc = VFS_CAP_REVISION | VFS_CAP_FLAGS_EFFECTIVE; + cap_data.data[0].permitted = (uint32_t) (parsed.capabilities & 0xffffffff); + cap_data.data[0].inheritable = 0; + cap_data.data[1].permitted = (uint32_t) (parsed.capabilities >> 32); + cap_data.data[1].inheritable = 0; + if (setxattr(filename, XATTR_NAME_CAPS, &cap_data, sizeof(cap_data), 0) < 0) { + uiPrintf(state, "ApplyParsedPerms: setcap of %s to %" PRIx64 " failed: %s\n", + filename, parsed.capabilities, strerror(errno)); + bad++; + } + } + } + + return bad; +} + +// nftw doesn't allow us to pass along context, so we need to use +// global variables. *sigh* +static struct perm_parsed_args recursive_parsed_args; +static State* recursive_state; + +static int do_SetMetadataRecursive(const char* filename, const struct stat *statptr, + int fileflags, struct FTW *pfwt) { + return ApplyParsedPerms(recursive_state, filename, statptr, recursive_parsed_args); +} + +static Value* SetMetadataFn(const char* name, State* state, int argc, Expr* argv[]) { + int bad = 0; + struct stat sb; + Value* result = NULL; + + bool recursive = (strcmp(name, "set_metadata_recursive") == 0); + + if ((argc % 2) != 1) { + return ErrorAbort(state, "%s() expects an odd number of arguments, got %d", name, argc); + } + + char** args = ReadVarArgs(state, argc, argv); + if (args == NULL) return NULL; + + if (lstat(args[0], &sb) == -1) { + result = ErrorAbort(state, "%s: Error on lstat of \"%s\": %s", name, args[0], strerror(errno)); + goto done; + } + + { + struct perm_parsed_args parsed = ParsePermArgs(state, argc, args); + + if (recursive) { + recursive_parsed_args = parsed; + recursive_state = state; + bad += nftw(args[0], do_SetMetadataRecursive, 30, FTW_CHDIR | FTW_DEPTH | FTW_PHYS); + memset(&recursive_parsed_args, 0, sizeof(recursive_parsed_args)); + recursive_state = NULL; + } else { + bad += ApplyParsedPerms(state, args[0], &sb, parsed); + } + } + +done: + for (int i = 0; i < argc; ++i) { + free(args[i]); + } + free(args); + + if (result != NULL) { + return result; + } + + if (bad > 0) { + return ErrorAbort(state, "%s: some changes failed", name); + } + + return StringValue(strdup("")); +} + +Value* GetPropFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* key = Evaluate(state, argv[0]); + if (key == NULL) return NULL; + + char value[PROPERTY_VALUE_MAX]; + property_get(key, value, ""); + free(key); + + return StringValue(strdup(value)); +} + + +// file_getprop(file, key) +// +// interprets 'file' as a getprop-style file (key=value pairs, one +// per line. # comment lines,blank lines, lines without '=' ignored), +// and returns the value for 'key' (or "" if it isn't defined). +Value* FileGetPropFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + char* buffer = NULL; + char* filename; + char* key; + if (ReadArgs(state, argv, 2, &filename, &key) < 0) { + return NULL; + } + + struct stat st; + if (stat(filename, &st) < 0) { + ErrorAbort(state, "%s: failed to stat \"%s\": %s", name, filename, strerror(errno)); + goto done; + } + +#define MAX_FILE_GETPROP_SIZE 65536 + + if (st.st_size > MAX_FILE_GETPROP_SIZE) { + ErrorAbort(state, "%s too large for %s (max %d)", filename, name, MAX_FILE_GETPROP_SIZE); + goto done; + } + + buffer = reinterpret_cast(malloc(st.st_size+1)); + if (buffer == NULL) { + ErrorAbort(state, "%s: failed to alloc %lld bytes", name, (long long)st.st_size+1); + goto done; + } + + FILE* f; + f = fopen(filename, "rb"); + if (f == NULL) { + ErrorAbort(state, "%s: failed to open %s: %s", name, filename, strerror(errno)); + goto done; + } + + if (fread(buffer, 1, st.st_size, f) != st.st_size) { + ErrorAbort(state, "%s: failed to read %lld bytes from %s", + name, (long long)st.st_size+1, filename); + fclose(f); + goto done; + } + buffer[st.st_size] = '\0'; + + fclose(f); + + char* line; + line = strtok(buffer, "\n"); + do { + // skip whitespace at start of line + while (*line && isspace(*line)) ++line; + + // comment or blank line: skip to next line + if (*line == '\0' || *line == '#') continue; + + char* equal = strchr(line, '='); + if (equal == NULL) { + continue; + } + + // trim whitespace between key and '=' + char* key_end = equal-1; + while (key_end > line && isspace(*key_end)) --key_end; + key_end[1] = '\0'; + + // not the key we're looking for + if (strcmp(key, line) != 0) continue; + + // skip whitespace after the '=' to the start of the value + char* val_start = equal+1; + while(*val_start && isspace(*val_start)) ++val_start; + + // trim trailing whitespace + char* val_end = val_start + strlen(val_start)-1; + while (val_end > val_start && isspace(*val_end)) --val_end; + val_end[1] = '\0'; + + result = strdup(val_start); + break; + + } while ((line = strtok(NULL, "\n"))); + + if (result == NULL) result = strdup(""); + + done: + free(filename); + free(key); + free(buffer); + return StringValue(result); +} + +// write_raw_image(filename_or_blob, partition) +Value* WriteRawImageFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + + Value* partition_value; + Value* contents; + if (ReadValueArgs(state, argv, 2, &contents, &partition_value) < 0) { + return NULL; + } + + char* partition = NULL; + if (partition_value->type != VAL_STRING) { + ErrorAbort(state, "partition argument to %s must be string", name); + goto done; + } + partition = partition_value->data; + if (strlen(partition) == 0) { + ErrorAbort(state, "partition argument to %s can't be empty", name); + goto done; + } + if (contents->type == VAL_STRING && strlen((char*) contents->data) == 0) { + ErrorAbort(state, "file argument to %s can't be empty", name); + goto done; + } + + mtd_scan_partitions(); + const MtdPartition* mtd; + mtd = mtd_find_partition_by_name(partition); + if (mtd == NULL) { + printf("%s: no mtd partition named \"%s\"\n", name, partition); + result = strdup(""); + goto done; + } + + MtdWriteContext* ctx; + ctx = mtd_write_partition(mtd); + if (ctx == NULL) { + printf("%s: can't write mtd partition \"%s\"\n", + name, partition); + result = strdup(""); + goto done; + } + + bool success; + + if (contents->type == VAL_STRING) { + // we're given a filename as the contents + char* filename = contents->data; + FILE* f = fopen(filename, "rb"); + if (f == NULL) { + printf("%s: can't open %s: %s\n", name, filename, strerror(errno)); + result = strdup(""); + goto done; + } + + success = true; + char* buffer = reinterpret_cast(malloc(BUFSIZ)); + int read; + while (success && (read = fread(buffer, 1, BUFSIZ, f)) > 0) { + int wrote = mtd_write_data(ctx, buffer, read); + success = success && (wrote == read); + } + free(buffer); + fclose(f); + } else { + // we're given a blob as the contents + ssize_t wrote = mtd_write_data(ctx, contents->data, contents->size); + success = (wrote == contents->size); + } + if (!success) { + printf("mtd_write_data to %s failed: %s\n", + partition, strerror(errno)); + } + + if (mtd_erase_blocks(ctx, -1) == -1) { + printf("%s: error erasing blocks of %s\n", name, partition); + } + if (mtd_write_close(ctx) != 0) { + printf("%s: error closing write of %s\n", name, partition); + } + + printf("%s %s partition\n", + success ? "wrote" : "failed to write", partition); + + result = success ? partition : strdup(""); + +done: + if (result != partition) FreeValue(partition_value); + FreeValue(contents); + return StringValue(result); +} + +// apply_patch_space(bytes) +Value* ApplyPatchSpaceFn(const char* name, State* state, + int argc, Expr* argv[]) { + char* bytes_str; + if (ReadArgs(state, argv, 1, &bytes_str) < 0) { + return NULL; + } + + char* endptr; + size_t bytes = strtol(bytes_str, &endptr, 10); + if (bytes == 0 && endptr == bytes_str) { + ErrorAbort(state, "%s(): can't parse \"%s\" as byte count\n\n", name, bytes_str); + free(bytes_str); + return NULL; + } + + return StringValue(strdup(CacheSizeCheck(bytes) ? "" : "t")); +} + +// apply_patch(file, size, init_sha1, tgt_sha1, patch) + +Value* ApplyPatchFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc < 6 || (argc % 2) == 1) { + return ErrorAbort(state, "%s(): expected at least 6 args and an " + "even number, got %d", + name, argc); + } + + char* source_filename; + char* target_filename; + char* target_sha1; + char* target_size_str; + if (ReadArgs(state, argv, 4, &source_filename, &target_filename, + &target_sha1, &target_size_str) < 0) { + return NULL; + } + + char* endptr; + size_t target_size = strtol(target_size_str, &endptr, 10); + if (target_size == 0 && endptr == target_size_str) { + ErrorAbort(state, "%s(): can't parse \"%s\" as byte count", + name, target_size_str); + free(source_filename); + free(target_filename); + free(target_sha1); + free(target_size_str); + return NULL; + } + + int patchcount = (argc-4) / 2; + Value** patches = ReadValueVarArgs(state, argc-4, argv+4); + + int i; + for (i = 0; i < patchcount; ++i) { + if (patches[i*2]->type != VAL_STRING) { + ErrorAbort(state, "%s(): sha-1 #%d is not string", name, i); + break; + } + if (patches[i*2+1]->type != VAL_BLOB) { + ErrorAbort(state, "%s(): patch #%d is not blob", name, i); + break; + } + } + if (i != patchcount) { + for (i = 0; i < patchcount*2; ++i) { + FreeValue(patches[i]); + } + free(patches); + return NULL; + } + + char** patch_sha_str = reinterpret_cast(malloc(patchcount * sizeof(char*))); + for (i = 0; i < patchcount; ++i) { + patch_sha_str[i] = patches[i*2]->data; + patches[i*2]->data = NULL; + FreeValue(patches[i*2]); + patches[i] = patches[i*2+1]; + } + + int result = applypatch(source_filename, target_filename, + target_sha1, target_size, + patchcount, patch_sha_str, patches, NULL); + + for (i = 0; i < patchcount; ++i) { + FreeValue(patches[i]); + } + free(patch_sha_str); + free(patches); + + return StringValue(strdup(result == 0 ? "t" : "")); +} + +// apply_patch_check(file, [sha1_1, ...]) +Value* ApplyPatchCheckFn(const char* name, State* state, + int argc, Expr* argv[]) { + if (argc < 1) { + return ErrorAbort(state, "%s(): expected at least 1 arg, got %d", + name, argc); + } + + char* filename; + if (ReadArgs(state, argv, 1, &filename) < 0) { + return NULL; + } + + int patchcount = argc-1; + char** sha1s = ReadVarArgs(state, argc-1, argv+1); + + int result = applypatch_check(filename, patchcount, sha1s); + + int i; + for (i = 0; i < patchcount; ++i) { + free(sha1s[i]); + } + free(sha1s); + + return StringValue(strdup(result == 0 ? "t" : "")); +} + +Value* UIPrintFn(const char* name, State* state, int argc, Expr* argv[]) { + char** args = ReadVarArgs(state, argc, argv); + if (args == NULL) { + return NULL; + } + + int size = 0; + int i; + for (i = 0; i < argc; ++i) { + size += strlen(args[i]); + } + char* buffer = reinterpret_cast(malloc(size+1)); + size = 0; + for (i = 0; i < argc; ++i) { + strcpy(buffer+size, args[i]); + size += strlen(args[i]); + free(args[i]); + } + free(args); + buffer[size] = '\0'; + uiPrint(state, buffer); + return StringValue(buffer); +} + +Value* WipeCacheFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 0) { + return ErrorAbort(state, "%s() expects no args, got %d", name, argc); + } + fprintf(((UpdaterInfo*)(state->cookie))->cmd_pipe, "wipe_cache\n"); + return StringValue(strdup("t")); +} + +Value* RunProgramFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc < 1) { + return ErrorAbort(state, "%s() expects at least 1 arg", name); + } + char** args = ReadVarArgs(state, argc, argv); + if (args == NULL) { + return NULL; + } + + char** args2 = reinterpret_cast(malloc(sizeof(char*) * (argc+1))); + memcpy(args2, args, sizeof(char*) * argc); + args2[argc] = NULL; + + printf("about to run program [%s] with %d args\n", args2[0], argc); + + pid_t child = fork(); + if (child == 0) { + execv(args2[0], args2); + printf("run_program: execv failed: %s\n", strerror(errno)); + _exit(1); + } + int status; + waitpid(child, &status, 0); + if (WIFEXITED(status)) { + if (WEXITSTATUS(status) != 0) { + printf("run_program: child exited with status %d\n", + WEXITSTATUS(status)); + } + } else if (WIFSIGNALED(status)) { + printf("run_program: child terminated by signal %d\n", + WTERMSIG(status)); + } + + int i; + for (i = 0; i < argc; ++i) { + free(args[i]); + } + free(args); + free(args2); + + char buffer[20]; + sprintf(buffer, "%d", status); + + return StringValue(strdup(buffer)); +} + +// sha1_check(data) +// to return the sha1 of the data (given in the format returned by +// read_file). +// +// sha1_check(data, sha1_hex, [sha1_hex, ...]) +// returns the sha1 of the file if it matches any of the hex +// strings passed, or "" if it does not equal any of them. +// +Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc < 1) { + return ErrorAbort(state, "%s() expects at least 1 arg", name); + } + + Value** args = ReadValueVarArgs(state, argc, argv); + if (args == NULL) { + return NULL; + } + + if (args[0]->size < 0) { + return StringValue(strdup("")); + } + uint8_t digest[SHA_DIGEST_SIZE]; + SHA_hash(args[0]->data, args[0]->size, digest); + FreeValue(args[0]); + + if (argc == 1) { + return StringValue(PrintSha1(digest)); + } + + int i; + uint8_t* arg_digest = reinterpret_cast(malloc(SHA_DIGEST_SIZE)); + for (i = 1; i < argc; ++i) { + if (args[i]->type != VAL_STRING) { + printf("%s(): arg %d is not a string; skipping", + name, i); + } else if (ParseSha1(args[i]->data, arg_digest) != 0) { + // Warn about bad args and skip them. + printf("%s(): error parsing \"%s\" as sha-1; skipping", + name, args[i]->data); + } else if (memcmp(digest, arg_digest, SHA_DIGEST_SIZE) == 0) { + break; + } + FreeValue(args[i]); + } + if (i >= argc) { + // Didn't match any of the hex strings; return false. + return StringValue(strdup("")); + } + // Found a match; free all the remaining arguments and return the + // matched one. + int j; + for (j = i+1; j < argc; ++j) { + FreeValue(args[j]); + } + return args[i]; +} + +// Read a local file and return its contents (the Value* returned +// is actually a FileContents*). +Value* ReadFileFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* filename; + if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; + + Value* v = reinterpret_cast(malloc(sizeof(Value))); + v->type = VAL_BLOB; + + FileContents fc; + if (LoadFileContents(filename, &fc) != 0) { + free(filename); + v->size = -1; + v->data = NULL; + free(fc.data); + return v; + } + + v->size = fc.size; + v->data = (char*)fc.data; + + free(filename); + return v; +} + +// Immediately reboot the device. Recovery is not finished normally, +// so if you reboot into recovery it will re-start applying the +// current package (because nothing has cleared the copy of the +// arguments stored in the BCB). +// +// The argument is the partition name passed to the android reboot +// property. It can be "recovery" to boot from the recovery +// partition, or "" (empty string) to boot from the regular boot +// partition. +Value* RebootNowFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + + char* filename; + char* property; + if (ReadArgs(state, argv, 2, &filename, &property) < 0) return NULL; + + char buffer[80]; + + // zero out the 'command' field of the bootloader message. + memset(buffer, 0, sizeof(((struct bootloader_message*)0)->command)); + FILE* f = fopen(filename, "r+b"); + fseek(f, offsetof(struct bootloader_message, command), SEEK_SET); + fwrite(buffer, sizeof(((struct bootloader_message*)0)->command), 1, f); + fclose(f); + free(filename); + + strcpy(buffer, "reboot,"); + if (property != NULL) { + strncat(buffer, property, sizeof(buffer)-10); + } + + property_set(ANDROID_RB_PROPERTY, buffer); + + sleep(5); + free(property); + ErrorAbort(state, "%s() failed to reboot", name); + return NULL; +} + +// Store a string value somewhere that future invocations of recovery +// can access it. This value is called the "stage" and can be used to +// drive packages that need to do reboots in the middle of +// installation and keep track of where they are in the multi-stage +// install. +// +// The first argument is the block device for the misc partition +// ("/misc" in the fstab), which is where this value is stored. The +// second argument is the string to store; it should not exceed 31 +// bytes. +Value* SetStageFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + + char* filename; + char* stagestr; + if (ReadArgs(state, argv, 2, &filename, &stagestr) < 0) return NULL; + + // Store this value in the misc partition, immediately after the + // bootloader message that the main recovery uses to save its + // arguments in case of the device restarting midway through + // package installation. + FILE* f = fopen(filename, "r+b"); + fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); + int to_write = strlen(stagestr)+1; + int max_size = sizeof(((struct bootloader_message*)0)->stage); + if (to_write > max_size) { + to_write = max_size; + stagestr[max_size-1] = 0; + } + fwrite(stagestr, to_write, 1, f); + fclose(f); + + free(stagestr); + return StringValue(filename); +} + +// Return the value most recently saved with SetStageFn. The argument +// is the block device for the misc partition. +Value* GetStageFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + + char* filename; + if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; + + char buffer[sizeof(((struct bootloader_message*)0)->stage)]; + FILE* f = fopen(filename, "rb"); + fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); + fread(buffer, sizeof(buffer), 1, f); + fclose(f); + buffer[sizeof(buffer)-1] = '\0'; + + return StringValue(strdup(buffer)); +} + +Value* WipeBlockDeviceFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + + char* filename; + char* len_str; + if (ReadArgs(state, argv, 2, &filename, &len_str) < 0) return NULL; + + size_t len = strtoull(len_str, NULL, 0); + int fd = open(filename, O_WRONLY, 0644); + int success = wipe_block_device(fd, len); + + free(filename); + free(len_str); + + close(fd); + + return StringValue(strdup(success ? "t" : "")); +} + +Value* EnableRebootFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 0) { + return ErrorAbort(state, "%s() expects no args, got %d", name, argc); + } + UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); + fprintf(ui->cmd_pipe, "enable_reboot\n"); + return StringValue(strdup("t")); +} + +Value* Tune2FsFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc == 0) { + return ErrorAbort(state, "%s() expects args, got %d", name, argc); + } + + char** args = ReadVarArgs(state, argc, argv); + if (args == NULL) { + return ErrorAbort(state, "%s() could not read args", name); + } + + char** args2 = reinterpret_cast(malloc(sizeof(char*) * (argc+1))); + // Tune2fs expects the program name as its args[0] + args2[0] = strdup(name); + for (int i = 0; i < argc; ++i) { + args2[i + 1] = args[i]; + } + int result = tune2fs_main(argc + 1, args2); + for (int i = 0; i < argc; ++i) { + free(args[i]); + } + free(args); + + free(args2[0]); + free(args2); + if (result != 0) { + return ErrorAbort(state, "%s() returned error code %d", name, result); + } + return StringValue(strdup("t")); +} + +void RegisterInstallFunctions() { + RegisterFunction("mount", MountFn); + RegisterFunction("is_mounted", IsMountedFn); + RegisterFunction("unmount", UnmountFn); + RegisterFunction("format", FormatFn); + RegisterFunction("show_progress", ShowProgressFn); + RegisterFunction("set_progress", SetProgressFn); + RegisterFunction("delete", DeleteFn); + RegisterFunction("delete_recursive", DeleteFn); + RegisterFunction("package_extract_dir", PackageExtractDirFn); + RegisterFunction("package_extract_file", PackageExtractFileFn); + RegisterFunction("symlink", SymlinkFn); + + // Usage: + // set_metadata("filename", "key1", "value1", "key2", "value2", ...) + // Example: + // set_metadata("/system/bin/netcfg", "uid", 0, "gid", 3003, "mode", 02750, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); + RegisterFunction("set_metadata", SetMetadataFn); + + // Usage: + // set_metadata_recursive("dirname", "key1", "value1", "key2", "value2", ...) + // Example: + // set_metadata_recursive("/system", "uid", 0, "gid", 0, "fmode", 0644, "dmode", 0755, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); + RegisterFunction("set_metadata_recursive", SetMetadataFn); + + RegisterFunction("getprop", GetPropFn); + RegisterFunction("file_getprop", FileGetPropFn); + RegisterFunction("write_raw_image", WriteRawImageFn); + + RegisterFunction("apply_patch", ApplyPatchFn); + RegisterFunction("apply_patch_check", ApplyPatchCheckFn); + RegisterFunction("apply_patch_space", ApplyPatchSpaceFn); + + RegisterFunction("wipe_block_device", WipeBlockDeviceFn); + + RegisterFunction("read_file", ReadFileFn); + RegisterFunction("sha1_check", Sha1CheckFn); + RegisterFunction("rename", RenameFn); + + RegisterFunction("wipe_cache", WipeCacheFn); + + RegisterFunction("ui_print", UIPrintFn); + + RegisterFunction("run_program", RunProgramFn); + + RegisterFunction("reboot_now", RebootNowFn); + RegisterFunction("get_stage", GetStageFn); + RegisterFunction("set_stage", SetStageFn); + + RegisterFunction("enable_reboot", EnableRebootFn); + RegisterFunction("tune2fs", Tune2FsFn); +} diff --git a/updater/updater.c b/updater/updater.c deleted file mode 100644 index 661f69587..000000000 --- a/updater/updater.c +++ /dev/null @@ -1,169 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include - -#include "edify/expr.h" -#include "updater.h" -#include "install.h" -#include "blockimg.h" -#include "minzip/Zip.h" -#include "minzip/SysUtil.h" - -// Generated by the makefile, this function defines the -// RegisterDeviceExtensions() function, which calls all the -// registration functions for device-specific extensions. -#include "register.inc" - -// Where in the package we expect to find the edify script to execute. -// (Note it's "updateR-script", not the older "update-script".) -#define SCRIPT_NAME "META-INF/com/google/android/updater-script" - -struct selabel_handle *sehandle; - -int main(int argc, char** argv) { - // Various things log information to stdout or stderr more or less - // at random (though we've tried to standardize on stdout). The - // log file makes more sense if buffering is turned off so things - // appear in the right order. - setbuf(stdout, NULL); - setbuf(stderr, NULL); - - if (argc != 4) { - printf("unexpected number of arguments (%d)\n", argc); - return 1; - } - - char* version = argv[1]; - if ((version[0] != '1' && version[0] != '2' && version[0] != '3') || - version[1] != '\0') { - // We support version 1, 2, or 3. - printf("wrong updater binary API; expected 1, 2, or 3; " - "got %s\n", - argv[1]); - return 2; - } - - // Set up the pipe for sending commands back to the parent process. - - int fd = atoi(argv[2]); - FILE* cmd_pipe = fdopen(fd, "wb"); - setlinebuf(cmd_pipe); - - // Extract the script from the package. - - const char* package_filename = argv[3]; - MemMapping map; - if (sysMapFile(package_filename, &map) != 0) { - printf("failed to map package %s\n", argv[3]); - return 3; - } - ZipArchive za; - int err; - err = mzOpenZipArchive(map.addr, map.length, &za); - if (err != 0) { - printf("failed to open package %s: %s\n", - argv[3], strerror(err)); - return 3; - } - - const ZipEntry* script_entry = mzFindZipEntry(&za, SCRIPT_NAME); - if (script_entry == NULL) { - printf("failed to find %s in %s\n", SCRIPT_NAME, package_filename); - return 4; - } - - char* script = malloc(script_entry->uncompLen+1); - if (!mzReadZipEntry(&za, script_entry, script, script_entry->uncompLen)) { - printf("failed to read script from package\n"); - return 5; - } - script[script_entry->uncompLen] = '\0'; - - // Configure edify's functions. - - RegisterBuiltins(); - RegisterInstallFunctions(); - RegisterBlockImageFunctions(); - RegisterDeviceExtensions(); - FinishRegistration(); - - // Parse the script. - - Expr* root; - int error_count = 0; - int error = parse_string(script, &root, &error_count); - if (error != 0 || error_count > 0) { - printf("%d parse errors\n", error_count); - return 6; - } - - struct selinux_opt seopts[] = { - { SELABEL_OPT_PATH, "/file_contexts" } - }; - - sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1); - - if (!sehandle) { - fprintf(cmd_pipe, "ui_print Warning: No file_contexts\n"); - } - - // Evaluate the parsed script. - - UpdaterInfo updater_info; - updater_info.cmd_pipe = cmd_pipe; - updater_info.package_zip = &za; - updater_info.version = atoi(version); - updater_info.package_zip_addr = map.addr; - updater_info.package_zip_len = map.length; - - State state; - state.cookie = &updater_info; - state.script = script; - state.errmsg = NULL; - - char* result = Evaluate(&state, root); - if (result == NULL) { - if (state.errmsg == NULL) { - printf("script aborted (no error message)\n"); - fprintf(cmd_pipe, "ui_print script aborted (no error message)\n"); - } else { - printf("script aborted: %s\n", state.errmsg); - char* line = strtok(state.errmsg, "\n"); - while (line) { - fprintf(cmd_pipe, "ui_print %s\n", line); - line = strtok(NULL, "\n"); - } - fprintf(cmd_pipe, "ui_print\n"); - } - free(state.errmsg); - return 7; - } else { - fprintf(cmd_pipe, "ui_print script succeeded: result was [%s]\n", result); - free(result); - } - - if (updater_info.package_zip) { - mzCloseZipArchive(updater_info.package_zip); - } - sysReleaseMap(&map); - free(script); - - return 0; -} diff --git a/updater/updater.cpp b/updater/updater.cpp new file mode 100644 index 000000000..0f22e6d04 --- /dev/null +++ b/updater/updater.cpp @@ -0,0 +1,169 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include + +#include "edify/expr.h" +#include "updater.h" +#include "install.h" +#include "blockimg.h" +#include "minzip/Zip.h" +#include "minzip/SysUtil.h" + +// Generated by the makefile, this function defines the +// RegisterDeviceExtensions() function, which calls all the +// registration functions for device-specific extensions. +#include "register.inc" + +// Where in the package we expect to find the edify script to execute. +// (Note it's "updateR-script", not the older "update-script".) +#define SCRIPT_NAME "META-INF/com/google/android/updater-script" + +struct selabel_handle *sehandle; + +int main(int argc, char** argv) { + // Various things log information to stdout or stderr more or less + // at random (though we've tried to standardize on stdout). The + // log file makes more sense if buffering is turned off so things + // appear in the right order. + setbuf(stdout, NULL); + setbuf(stderr, NULL); + + if (argc != 4) { + printf("unexpected number of arguments (%d)\n", argc); + return 1; + } + + char* version = argv[1]; + if ((version[0] != '1' && version[0] != '2' && version[0] != '3') || + version[1] != '\0') { + // We support version 1, 2, or 3. + printf("wrong updater binary API; expected 1, 2, or 3; " + "got %s\n", + argv[1]); + return 2; + } + + // Set up the pipe for sending commands back to the parent process. + + int fd = atoi(argv[2]); + FILE* cmd_pipe = fdopen(fd, "wb"); + setlinebuf(cmd_pipe); + + // Extract the script from the package. + + const char* package_filename = argv[3]; + MemMapping map; + if (sysMapFile(package_filename, &map) != 0) { + printf("failed to map package %s\n", argv[3]); + return 3; + } + ZipArchive za; + int err; + err = mzOpenZipArchive(map.addr, map.length, &za); + if (err != 0) { + printf("failed to open package %s: %s\n", + argv[3], strerror(err)); + return 3; + } + + const ZipEntry* script_entry = mzFindZipEntry(&za, SCRIPT_NAME); + if (script_entry == NULL) { + printf("failed to find %s in %s\n", SCRIPT_NAME, package_filename); + return 4; + } + + char* script = reinterpret_cast(malloc(script_entry->uncompLen+1)); + if (!mzReadZipEntry(&za, script_entry, script, script_entry->uncompLen)) { + printf("failed to read script from package\n"); + return 5; + } + script[script_entry->uncompLen] = '\0'; + + // Configure edify's functions. + + RegisterBuiltins(); + RegisterInstallFunctions(); + RegisterBlockImageFunctions(); + RegisterDeviceExtensions(); + FinishRegistration(); + + // Parse the script. + + Expr* root; + int error_count = 0; + int error = parse_string(script, &root, &error_count); + if (error != 0 || error_count > 0) { + printf("%d parse errors\n", error_count); + return 6; + } + + struct selinux_opt seopts[] = { + { SELABEL_OPT_PATH, "/file_contexts" } + }; + + sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1); + + if (!sehandle) { + fprintf(cmd_pipe, "ui_print Warning: No file_contexts\n"); + } + + // Evaluate the parsed script. + + UpdaterInfo updater_info; + updater_info.cmd_pipe = cmd_pipe; + updater_info.package_zip = &za; + updater_info.version = atoi(version); + updater_info.package_zip_addr = map.addr; + updater_info.package_zip_len = map.length; + + State state; + state.cookie = &updater_info; + state.script = script; + state.errmsg = NULL; + + char* result = Evaluate(&state, root); + if (result == NULL) { + if (state.errmsg == NULL) { + printf("script aborted (no error message)\n"); + fprintf(cmd_pipe, "ui_print script aborted (no error message)\n"); + } else { + printf("script aborted: %s\n", state.errmsg); + char* line = strtok(state.errmsg, "\n"); + while (line) { + fprintf(cmd_pipe, "ui_print %s\n", line); + line = strtok(NULL, "\n"); + } + fprintf(cmd_pipe, "ui_print\n"); + } + free(state.errmsg); + return 7; + } else { + fprintf(cmd_pipe, "ui_print script succeeded: result was [%s]\n", result); + free(result); + } + + if (updater_info.package_zip) { + mzCloseZipArchive(updater_info.package_zip); + } + sysReleaseMap(&map); + free(script); + + return 0; +} -- cgit v1.2.3 From d7d0f7503456c3d275a49f90be35e03f02c51bbd Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 15 Jul 2015 14:13:06 -0700 Subject: Clean up LOG functions. For fatal errors, use LOGE to show messages. Bug: 22236461 Change-Id: Ie2ce7ec769f4502d732fbb53fb7b303c0cf9ed68 --- minzip/Hash.c | 4 ++-- minzip/SysUtil.c | 22 +++++++++++----------- minzip/Zip.c | 14 +++++++------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/minzip/Hash.c b/minzip/Hash.c index 8f8ed68e5..49bcb3161 100644 --- a/minzip/Hash.c +++ b/minzip/Hash.c @@ -361,7 +361,7 @@ void mzHashTableProbeCount(HashTable* pHashTable, HashCalcFunc calcFunc, { const void* data = (const void*)mzHashIterData(&iter); int count; - + count = countProbes(pHashTable, (*calcFunc)(data), data, cmpFunc); numEntries++; @@ -373,7 +373,7 @@ void mzHashTableProbeCount(HashTable* pHashTable, HashCalcFunc calcFunc, totalProbe += count; } - LOGI("Probe: min=%d max=%d, total=%d in %d (%d), avg=%.3f\n", + LOGV("Probe: min=%d max=%d, total=%d in %d (%d), avg=%.3f\n", minProbe, maxProbe, totalProbe, numEntries, pHashTable->tableSize, (float) totalProbe / (float) numEntries); } diff --git a/minzip/SysUtil.c b/minzip/SysUtil.c index 3dd3572fe..09ec8768f 100644 --- a/minzip/SysUtil.c +++ b/minzip/SysUtil.c @@ -25,13 +25,13 @@ static bool sysMapFD(int fd, MemMapping* pMap) { struct stat sb; if (fstat(fd, &sb) == -1) { - LOGW("fstat(%d) failed: %s\n", fd, strerror(errno)); + LOGE("fstat(%d) failed: %s\n", fd, strerror(errno)); return false; } void* memPtr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); if (memPtr == MAP_FAILED) { - LOGW("mmap(%d, R, PRIVATE, %d, 0) failed: %s\n", (int) sb.st_size, fd, strerror(errno)); + LOGE("mmap(%d, R, PRIVATE, %d, 0) failed: %s\n", (int) sb.st_size, fd, strerror(errno)); return false; } @@ -55,7 +55,7 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) unsigned int i; if (fgets(block_dev, sizeof(block_dev), mapf) == NULL) { - LOGW("failed to read block device from header\n"); + LOGE("failed to read block device from header\n"); return -1; } for (i = 0; i < sizeof(block_dev); ++i) { @@ -66,7 +66,7 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) } if (fscanf(mapf, "%zu %u\n%u\n", &size, &blksize, &range_count) != 3) { - LOGW("failed to parse block map header\n"); + LOGE("failed to parse block map header\n"); return -1; } @@ -80,7 +80,7 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) unsigned char* reserve; reserve = mmap64(NULL, blocks * blksize, PROT_NONE, MAP_PRIVATE | MAP_ANON, -1, 0); if (reserve == MAP_FAILED) { - LOGW("failed to reserve address space: %s\n", strerror(errno)); + LOGE("failed to reserve address space: %s\n", strerror(errno)); return -1; } @@ -89,7 +89,7 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) int fd = open(block_dev, O_RDONLY); if (fd < 0) { - LOGW("failed to open block device %s: %s\n", block_dev, strerror(errno)); + LOGE("failed to open block device %s: %s\n", block_dev, strerror(errno)); return -1; } @@ -97,13 +97,13 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) for (i = 0; i < range_count; ++i) { int start, end; if (fscanf(mapf, "%d %d\n", &start, &end) != 2) { - LOGW("failed to parse range %d in block map\n", i); + LOGE("failed to parse range %d in block map\n", i); return -1; } void* addr = mmap64(next, (end-start)*blksize, PROT_READ, MAP_PRIVATE | MAP_FIXED, fd, ((off64_t)start)*blksize); if (addr == MAP_FAILED) { - LOGW("failed to map block %d: %s\n", i, strerror(errno)); + LOGE("failed to map block %d: %s\n", i, strerror(errno)); return -1; } pMap->ranges[i].addr = addr; @@ -128,12 +128,12 @@ int sysMapFile(const char* fn, MemMapping* pMap) // A map of blocks FILE* mapf = fopen(fn+1, "r"); if (mapf == NULL) { - LOGV("Unable to open '%s': %s\n", fn+1, strerror(errno)); + LOGE("Unable to open '%s': %s\n", fn+1, strerror(errno)); return -1; } if (sysMapBlockFile(mapf, pMap) != 0) { - LOGW("Map of '%s' failed\n", fn); + LOGE("Map of '%s' failed\n", fn); return -1; } @@ -165,7 +165,7 @@ void sysReleaseMap(MemMapping* pMap) int i; for (i = 0; i < pMap->range_count; ++i) { if (munmap(pMap->ranges[i].addr, pMap->ranges[i].length) < 0) { - LOGW("munmap(%p, %d) failed: %s\n", + LOGE("munmap(%p, %d) failed: %s\n", pMap->ranges[i].addr, (int)pMap->ranges[i].length, strerror(errno)); } } diff --git a/minzip/Zip.c b/minzip/Zip.c index c1dec742d..bdb565c64 100644 --- a/minzip/Zip.c +++ b/minzip/Zip.c @@ -198,10 +198,10 @@ static bool parseZipArchive(ZipArchive* pArchive) */ val = get4LE(pArchive->addr); if (val == ENDSIG) { - LOGI("Found Zip archive, but it looks empty\n"); + LOGW("Found Zip archive, but it looks empty\n"); goto bail; } else if (val != LOCSIG) { - LOGV("Not a Zip archive (found 0x%08x)\n", val); + LOGW("Not a Zip archive (found 0x%08x)\n", val); goto bail; } @@ -217,7 +217,7 @@ static bool parseZipArchive(ZipArchive* pArchive) ptr--; } if (ptr < (const unsigned char*) pArchive->addr) { - LOGI("Could not find end-of-central-directory in Zip\n"); + LOGW("Could not find end-of-central-directory in Zip\n"); goto bail; } @@ -429,7 +429,7 @@ int mzOpenZipArchive(unsigned char* addr, size_t length, ZipArchive* pArchive) if (length < ENDHDR) { err = -1; - LOGV("File '%s' too small to be zip (%zd)\n", fileName, map.length); + LOGW("Archive %p is too small to be zip (%zd)\n", pArchive, length); goto bail; } @@ -438,7 +438,7 @@ int mzOpenZipArchive(unsigned char* addr, size_t length, ZipArchive* pArchive) if (!parseZipArchive(pArchive)) { err = -1; - LOGV("Parsing '%s' failed\n", fileName); + LOGW("Parsing archive %p failed\n", pArchive); goto bail; } @@ -548,7 +548,7 @@ static bool processDeflatedEntry(const ZipArchive *pArchive, /* uncompress the data */ zerr = inflate(&zstream, Z_NO_FLUSH); if (zerr != Z_OK && zerr != Z_STREAM_END) { - LOGD("zlib inflate call failed (zerr=%d)\n", zerr); + LOGW("zlib inflate call failed (zerr=%d)\n", zerr); goto z_bail; } @@ -1007,7 +1007,7 @@ bool mzExtractRecursive(const ZipArchive *pArchive, if (callback != NULL) callback(targetFile, cookie); } - LOGD("Extracted %d file(s)\n", extractCount); + LOGV("Extracted %d file(s)\n", extractCount); free(helper.buf); free(zpath); -- cgit v1.2.3 From 6e9dda70cb00dd1f1948e071d7df7ca6e2bd8332 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 16 Jul 2015 20:04:13 -0700 Subject: uncrypt: Support file level encryption. Bug: 22534003 Change-Id: Iaf42a6e5b40cfef904de66e212ae8b77b2953ef7 --- uncrypt/uncrypt.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 1db3013c6..46da86d61 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -144,7 +144,7 @@ static const char* find_block_device(const char* path, bool* encryptable, bool* (path[len] == '/' || path[len] == 0)) { *encrypted = false; *encryptable = false; - if (fs_mgr_is_encryptable(v)) { + if (fs_mgr_is_encryptable(v) || fs_mgr_is_file_encrypted(v)) { *encryptable = true; char buffer[PROPERTY_VALUE_MAX+1]; if (property_get("ro.crypto.state", buffer, "") && -- cgit v1.2.3 From dd4d9818a8ed8a52e967389483d1a35491218af2 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 15 Jul 2015 14:13:06 -0700 Subject: Clean up LOG functions. For fatal errors, use LOGE to show messages. Bug: 22236461 Change-Id: I2b7d761576894ac37fcbadcba690ae14affe8f07 (cherry picked from commit d7d0f7503456c3d275a49f90be35e03f02c51bbd) --- minzip/Hash.c | 4 ++-- minzip/SysUtil.c | 22 +++++++++++----------- minzip/Zip.c | 14 +++++++------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/minzip/Hash.c b/minzip/Hash.c index 8f8ed68e5..49bcb3161 100644 --- a/minzip/Hash.c +++ b/minzip/Hash.c @@ -361,7 +361,7 @@ void mzHashTableProbeCount(HashTable* pHashTable, HashCalcFunc calcFunc, { const void* data = (const void*)mzHashIterData(&iter); int count; - + count = countProbes(pHashTable, (*calcFunc)(data), data, cmpFunc); numEntries++; @@ -373,7 +373,7 @@ void mzHashTableProbeCount(HashTable* pHashTable, HashCalcFunc calcFunc, totalProbe += count; } - LOGI("Probe: min=%d max=%d, total=%d in %d (%d), avg=%.3f\n", + LOGV("Probe: min=%d max=%d, total=%d in %d (%d), avg=%.3f\n", minProbe, maxProbe, totalProbe, numEntries, pHashTable->tableSize, (float) totalProbe / (float) numEntries); } diff --git a/minzip/SysUtil.c b/minzip/SysUtil.c index 3dd3572fe..09ec8768f 100644 --- a/minzip/SysUtil.c +++ b/minzip/SysUtil.c @@ -25,13 +25,13 @@ static bool sysMapFD(int fd, MemMapping* pMap) { struct stat sb; if (fstat(fd, &sb) == -1) { - LOGW("fstat(%d) failed: %s\n", fd, strerror(errno)); + LOGE("fstat(%d) failed: %s\n", fd, strerror(errno)); return false; } void* memPtr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); if (memPtr == MAP_FAILED) { - LOGW("mmap(%d, R, PRIVATE, %d, 0) failed: %s\n", (int) sb.st_size, fd, strerror(errno)); + LOGE("mmap(%d, R, PRIVATE, %d, 0) failed: %s\n", (int) sb.st_size, fd, strerror(errno)); return false; } @@ -55,7 +55,7 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) unsigned int i; if (fgets(block_dev, sizeof(block_dev), mapf) == NULL) { - LOGW("failed to read block device from header\n"); + LOGE("failed to read block device from header\n"); return -1; } for (i = 0; i < sizeof(block_dev); ++i) { @@ -66,7 +66,7 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) } if (fscanf(mapf, "%zu %u\n%u\n", &size, &blksize, &range_count) != 3) { - LOGW("failed to parse block map header\n"); + LOGE("failed to parse block map header\n"); return -1; } @@ -80,7 +80,7 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) unsigned char* reserve; reserve = mmap64(NULL, blocks * blksize, PROT_NONE, MAP_PRIVATE | MAP_ANON, -1, 0); if (reserve == MAP_FAILED) { - LOGW("failed to reserve address space: %s\n", strerror(errno)); + LOGE("failed to reserve address space: %s\n", strerror(errno)); return -1; } @@ -89,7 +89,7 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) int fd = open(block_dev, O_RDONLY); if (fd < 0) { - LOGW("failed to open block device %s: %s\n", block_dev, strerror(errno)); + LOGE("failed to open block device %s: %s\n", block_dev, strerror(errno)); return -1; } @@ -97,13 +97,13 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) for (i = 0; i < range_count; ++i) { int start, end; if (fscanf(mapf, "%d %d\n", &start, &end) != 2) { - LOGW("failed to parse range %d in block map\n", i); + LOGE("failed to parse range %d in block map\n", i); return -1; } void* addr = mmap64(next, (end-start)*blksize, PROT_READ, MAP_PRIVATE | MAP_FIXED, fd, ((off64_t)start)*blksize); if (addr == MAP_FAILED) { - LOGW("failed to map block %d: %s\n", i, strerror(errno)); + LOGE("failed to map block %d: %s\n", i, strerror(errno)); return -1; } pMap->ranges[i].addr = addr; @@ -128,12 +128,12 @@ int sysMapFile(const char* fn, MemMapping* pMap) // A map of blocks FILE* mapf = fopen(fn+1, "r"); if (mapf == NULL) { - LOGV("Unable to open '%s': %s\n", fn+1, strerror(errno)); + LOGE("Unable to open '%s': %s\n", fn+1, strerror(errno)); return -1; } if (sysMapBlockFile(mapf, pMap) != 0) { - LOGW("Map of '%s' failed\n", fn); + LOGE("Map of '%s' failed\n", fn); return -1; } @@ -165,7 +165,7 @@ void sysReleaseMap(MemMapping* pMap) int i; for (i = 0; i < pMap->range_count; ++i) { if (munmap(pMap->ranges[i].addr, pMap->ranges[i].length) < 0) { - LOGW("munmap(%p, %d) failed: %s\n", + LOGE("munmap(%p, %d) failed: %s\n", pMap->ranges[i].addr, (int)pMap->ranges[i].length, strerror(errno)); } } diff --git a/minzip/Zip.c b/minzip/Zip.c index c1dec742d..bdb565c64 100644 --- a/minzip/Zip.c +++ b/minzip/Zip.c @@ -198,10 +198,10 @@ static bool parseZipArchive(ZipArchive* pArchive) */ val = get4LE(pArchive->addr); if (val == ENDSIG) { - LOGI("Found Zip archive, but it looks empty\n"); + LOGW("Found Zip archive, but it looks empty\n"); goto bail; } else if (val != LOCSIG) { - LOGV("Not a Zip archive (found 0x%08x)\n", val); + LOGW("Not a Zip archive (found 0x%08x)\n", val); goto bail; } @@ -217,7 +217,7 @@ static bool parseZipArchive(ZipArchive* pArchive) ptr--; } if (ptr < (const unsigned char*) pArchive->addr) { - LOGI("Could not find end-of-central-directory in Zip\n"); + LOGW("Could not find end-of-central-directory in Zip\n"); goto bail; } @@ -429,7 +429,7 @@ int mzOpenZipArchive(unsigned char* addr, size_t length, ZipArchive* pArchive) if (length < ENDHDR) { err = -1; - LOGV("File '%s' too small to be zip (%zd)\n", fileName, map.length); + LOGW("Archive %p is too small to be zip (%zd)\n", pArchive, length); goto bail; } @@ -438,7 +438,7 @@ int mzOpenZipArchive(unsigned char* addr, size_t length, ZipArchive* pArchive) if (!parseZipArchive(pArchive)) { err = -1; - LOGV("Parsing '%s' failed\n", fileName); + LOGW("Parsing archive %p failed\n", pArchive); goto bail; } @@ -548,7 +548,7 @@ static bool processDeflatedEntry(const ZipArchive *pArchive, /* uncompress the data */ zerr = inflate(&zstream, Z_NO_FLUSH); if (zerr != Z_OK && zerr != Z_STREAM_END) { - LOGD("zlib inflate call failed (zerr=%d)\n", zerr); + LOGW("zlib inflate call failed (zerr=%d)\n", zerr); goto z_bail; } @@ -1007,7 +1007,7 @@ bool mzExtractRecursive(const ZipArchive *pArchive, if (callback != NULL) callback(targetFile, cookie); } - LOGD("Extracted %d file(s)\n", extractCount); + LOGV("Extracted %d file(s)\n", extractCount); free(helper.buf); free(zpath); -- cgit v1.2.3 From 0a47ce27de454e272a883a0c452fad627fd7f419 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 17 Jul 2015 11:47:44 -0700 Subject: applypatch: Refactor strtok(). We have android::base::Split() for the work. Change-Id: Ic529db42090f700e6455d465c8b84b7f52d34d63 --- applypatch/Android.mk | 6 +- applypatch/applypatch.cpp | 136 ++++++++++++++++++---------------------------- 2 files changed, 56 insertions(+), 86 deletions(-) diff --git a/applypatch/Android.mk b/applypatch/Android.mk index 1f73fd897..cc17a13ae 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -21,7 +21,7 @@ LOCAL_SRC_FILES := applypatch.cpp bspatch.cpp freecache.cpp imgpatch.cpp utils.c LOCAL_MODULE := libapplypatch LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += external/bzip2 external/zlib bootable/recovery -LOCAL_STATIC_LIBRARIES += libmtdutils libmincrypt libbz libz +LOCAL_STATIC_LIBRARIES += libbase libmtdutils libmincrypt libbz libz include $(BUILD_STATIC_LIBRARY) @@ -31,7 +31,7 @@ LOCAL_CLANG := true LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery -LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libmtdutils libmincrypt libbz LOCAL_SHARED_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) @@ -44,7 +44,7 @@ LOCAL_MODULE := applypatch_static LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += bootable/recovery -LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libmtdutils libmincrypt libbz LOCAL_STATIC_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 96bd88e88..026863330 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -25,6 +25,8 @@ #include #include +#include + #include "mincrypt/sha.h" #include "applypatch.h" #include "mtdutils/mtdutils.h" @@ -42,7 +44,7 @@ static int GenerateTarget(FileContents* source_file, size_t target_size, const Value* bonus_data); -static int mtd_partitions_scanned = 0; +static bool mtd_partitions_scanned = false; // Read a file into memory; store the file contents and associated // metadata in *file. @@ -87,21 +89,6 @@ int LoadFileContents(const char* filename, FileContents* file) { return 0; } -static size_t* size_array; -// comparison function for qsort()ing an int array of indexes into -// size_array[]. -static int compare_size_indices(const void* a, const void* b) { - const int aa = *reinterpret_cast(a); - const int bb = *reinterpret_cast(b); - if (size_array[aa] < size_array[bb]) { - return -1; - } else if (size_array[aa] > size_array[bb]) { - return 1; - } else { - return 0; - } -} - // Load the contents of an MTD or EMMC partition into the provided // FileContents. filename should be a string of the form // "MTD::::::..." (or @@ -120,53 +107,45 @@ static int compare_size_indices(const void* a, const void* b) { enum PartitionType { MTD, EMMC }; static int LoadPartitionContents(const char* filename, FileContents* file) { - char* copy = strdup(filename); - const char* magic = strtok(copy, ":"); + std::string copy(filename); + std::vector pieces = android::base::Split(copy, ":"); + if (pieces.size() < 4 || pieces.size() % 2 != 0) { + printf("LoadPartitionContents called with bad filename (%s)\n", filename); + return -1; + } enum PartitionType type; - - if (strcmp(magic, "MTD") == 0) { + if (pieces[0] == "MTD") { type = MTD; - } else if (strcmp(magic, "EMMC") == 0) { + } else if (pieces[0] == "EMMC") { type = EMMC; } else { printf("LoadPartitionContents called with bad filename (%s)\n", filename); return -1; } - const char* partition = strtok(NULL, ":"); + const char* partition = pieces[1].c_str(); - int i; - int colons = 0; - for (i = 0; filename[i] != '\0'; ++i) { - if (filename[i] == ':') { - ++colons; - } - } - if (colons < 3 || colons%2 == 0) { - printf("LoadPartitionContents called with bad filename (%s)\n", - filename); - } - - int pairs = (colons-1)/2; // # of (size,sha1) pairs in filename - int* index = reinterpret_cast(malloc(pairs * sizeof(int))); - size_t* size = reinterpret_cast(malloc(pairs * sizeof(size_t))); - char** sha1sum = reinterpret_cast(malloc(pairs * sizeof(char*))); + size_t pairs = (pieces.size() - 2) / 2; // # of (size, sha1) pairs in filename + std::vector index(pairs); + std::vector size(pairs); + std::vector sha1sum(pairs); - for (i = 0; i < pairs; ++i) { - const char* size_str = strtok(NULL, ":"); - size[i] = strtol(size_str, NULL, 10); + for (size_t i = 0; i < pairs; ++i) { + size[i] = strtol(pieces[i*2+2].c_str(), NULL, 10); if (size[i] == 0) { printf("LoadPartitionContents called with bad size (%s)\n", filename); return -1; } - sha1sum[i] = strtok(NULL, ":"); + sha1sum[i] = pieces[i*2+3].c_str(); index[i] = i; } - // sort the index[] array so it indexes the pairs in order of - // increasing size. - size_array = size; - qsort(index, pairs, sizeof(int), compare_size_indices); + // Sort the index[] array so it indexes the pairs in order of increasing size. + sort(index.begin(), index.end(), + [&](const size_t& i, const size_t& j) { + return (size[i] < size[j]); + } + ); MtdReadContext* ctx = NULL; FILE* dev = NULL; @@ -175,20 +154,18 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { case MTD: { if (!mtd_partitions_scanned) { mtd_scan_partitions(); - mtd_partitions_scanned = 1; + mtd_partitions_scanned = true; } const MtdPartition* mtd = mtd_find_partition_by_name(partition); if (mtd == NULL) { - printf("mtd partition \"%s\" not found (loading %s)\n", - partition, filename); + printf("mtd partition \"%s\" not found (loading %s)\n", partition, filename); return -1; } ctx = mtd_read_partition(mtd); if (ctx == NULL) { - printf("failed to initialize read of mtd partition \"%s\"\n", - partition); + printf("failed to initialize read of mtd partition \"%s\"\n", partition); return -1; } break; @@ -197,8 +174,7 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { case EMMC: dev = fopen(partition, "rb"); if (dev == NULL) { - printf("failed to open emmc partition \"%s\": %s\n", - partition, strerror(errno)); + printf("failed to open emmc partition \"%s\": %s\n", partition, strerror(errno)); return -1; } } @@ -207,15 +183,15 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { SHA_init(&sha_ctx); uint8_t parsed_sha[SHA_DIGEST_SIZE]; - // allocate enough memory to hold the largest size. + // Allocate enough memory to hold the largest size. file->data = reinterpret_cast(malloc(size[index[pairs-1]])); char* p = (char*)file->data; file->size = 0; // # bytes read so far + bool found = false; - for (i = 0; i < pairs; ++i) { - // Read enough additional bytes to get us up to the next size - // (again, we're trying the possibilities in order of increasing - // size). + for (size_t i = 0; i < pairs; ++i) { + // Read enough additional bytes to get us up to the next size. (Again, + // we're trying the possibilities in order of increasing size). size_t next = size[index[i]] - file->size; size_t read = 0; if (next > 0) { @@ -245,8 +221,8 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); const uint8_t* sha_so_far = SHA_final(&temp_ctx); - if (ParseSha1(sha1sum[index[i]], parsed_sha) != 0) { - printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]], filename); + if (ParseSha1(sha1sum[index[i]].c_str(), parsed_sha) != 0) { + printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]].c_str(), filename); free(file->data); file->data = NULL; return -1; @@ -256,7 +232,8 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { // we have a match. stop reading the partition; we'll return // the data we've read so far. printf("partition read matched size %zu sha %s\n", - size[index[i]], sha1sum[index[i]]); + size[index[i]], sha1sum[index[i]].c_str()); + found = true; break; } @@ -274,9 +251,8 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { } - if (i == pairs) { - // Ran off the end of the list of (size,sha1) pairs without - // finding a match. + if (!found) { + // Ran off the end of the list of (size,sha1) pairs without finding a match. printf("contents of partition \"%s\" didn't match %s\n", partition, filename); free(file->data); file->data = NULL; @@ -293,11 +269,6 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { file->st.st_uid = 0; file->st.st_gid = 0; - free(copy); - free(index); - free(size); - free(sha1sum); - return 0; } @@ -340,33 +311,33 @@ int SaveFileContents(const char* filename, const FileContents* file) { } // Write a memory buffer to 'target' partition, a string of the form -// "MTD:[:...]" or "EMMC::". Return 0 on +// "MTD:[:...]" or "EMMC:". Return 0 on // success. int WriteToPartition(unsigned char* data, size_t len, const char* target) { - char* copy = strdup(target); - const char* magic = strtok(copy, ":"); + std::string copy(target); + std::vector pieces = android::base::Split(copy, ":"); + + if (pieces.size() != 2) { + printf("WriteToPartition called with bad target (%s)\n", target); + return -1; + } enum PartitionType type; - if (strcmp(magic, "MTD") == 0) { + if (pieces[0] == "MTD") { type = MTD; - } else if (strcmp(magic, "EMMC") == 0) { + } else if (pieces[0] == "EMMC") { type = EMMC; } else { printf("WriteToPartition called with bad target (%s)\n", target); return -1; } - const char* partition = strtok(NULL, ":"); - - if (partition == NULL) { - printf("bad partition target name \"%s\"\n", target); - return -1; - } + const char* partition = pieces[1].c_str(); switch (type) { case MTD: { if (!mtd_partitions_scanned) { mtd_scan_partitions(); - mtd_partitions_scanned = 1; + mtd_partitions_scanned = true; } const MtdPartition* mtd = mtd_find_partition_by_name(partition); @@ -410,7 +381,7 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { return -1; } - for (int attempt = 0; attempt < 2; ++attempt) { + for (size_t attempt = 0; attempt < 2; ++attempt) { if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1) { printf("failed seek on %s: %s\n", partition, strerror(errno)); return -1; @@ -510,7 +481,6 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { } } - free(copy); return 0; } -- cgit v1.2.3 From 1b1ea17d554d127a970afe1d6004dd4627cd596e Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 17 Jul 2015 13:39:52 -0700 Subject: updater: libapplypatch needs libbase now. Change-Id: Ibe3173edd6274b61bd9ca5ec394d7f6b4a403639 --- updater/Android.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater/Android.mk b/updater/Android.mk index 0d4179b23..82fa7e265 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -44,7 +44,7 @@ LOCAL_STATIC_LIBRARIES += \ endif LOCAL_STATIC_LIBRARIES += $(TARGET_RECOVERY_UPDATER_LIBS) $(TARGET_RECOVERY_UPDATER_EXTRA_LIBS) -LOCAL_STATIC_LIBRARIES += libapplypatch libedify libmtdutils libminzip libz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libedify libmtdutils libminzip libz LOCAL_STATIC_LIBRARIES += libmincrypt libbz LOCAL_STATIC_LIBRARIES += libcutils liblog libc LOCAL_STATIC_LIBRARIES += libselinux -- cgit v1.2.3 From 71dc365f25676cfb3f62dbb7163697a8c3c5243d Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Sun, 19 Jul 2015 08:40:37 -0700 Subject: recovery: Switch fuse_* to C++. Change-Id: I68770ad1a9e99caee292f8010cfd37dfea3acc64 --- Android.mk | 4 +- fuse_sdcard_provider.c | 140 ------------- fuse_sdcard_provider.cpp | 140 +++++++++++++ fuse_sdcard_provider.h | 6 - fuse_sideload.c | 527 ----------------------------------------------- fuse_sideload.cpp | 524 ++++++++++++++++++++++++++++++++++++++++++++++ fuse_sideload.h | 6 - 7 files changed, 666 insertions(+), 681 deletions(-) delete mode 100644 fuse_sdcard_provider.c create mode 100644 fuse_sdcard_provider.cpp delete mode 100644 fuse_sideload.c create mode 100644 fuse_sideload.cpp diff --git a/Android.mk b/Android.mk index cfe303082..74e7b1da5 100644 --- a/Android.mk +++ b/Android.mk @@ -16,7 +16,7 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) -LOCAL_SRC_FILES := fuse_sideload.c +LOCAL_SRC_FILES := fuse_sideload.cpp LOCAL_CLANG := true LOCAL_CFLAGS := -O2 -g -DADB_HOST=0 -Wall -Wno-unused-parameter LOCAL_CFLAGS += -D_XOPEN_SOURCE -D_GNU_SOURCE @@ -33,7 +33,7 @@ LOCAL_SRC_FILES := \ asn1_decoder.cpp \ bootloader.cpp \ device.cpp \ - fuse_sdcard_provider.c \ + fuse_sdcard_provider.cpp \ install.cpp \ recovery.cpp \ roots.cpp \ diff --git a/fuse_sdcard_provider.c b/fuse_sdcard_provider.c deleted file mode 100644 index 4565c7b5b..000000000 --- a/fuse_sdcard_provider.c +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Copyright (C) 2014 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "fuse_sideload.h" - -struct file_data { - int fd; // the underlying sdcard file - - uint64_t file_size; - uint32_t block_size; -}; - -static int read_block_file(void* cookie, uint32_t block, uint8_t* buffer, uint32_t fetch_size) { - struct file_data* fd = (struct file_data*)cookie; - - off64_t offset = ((off64_t) block) * fd->block_size; - if (TEMP_FAILURE_RETRY(lseek64(fd->fd, offset, SEEK_SET)) == -1) { - fprintf(stderr, "seek on sdcard failed: %s\n", strerror(errno)); - return -EIO; - } - - while (fetch_size > 0) { - ssize_t r = TEMP_FAILURE_RETRY(read(fd->fd, buffer, fetch_size)); - if (r == -1) { - fprintf(stderr, "read on sdcard failed: %s\n", strerror(errno)); - return -EIO; - } - fetch_size -= r; - buffer += r; - } - - return 0; -} - -static void close_file(void* cookie) { - struct file_data* fd = (struct file_data*)cookie; - close(fd->fd); -} - -struct token { - pthread_t th; - const char* path; - int result; -}; - -static void* run_sdcard_fuse(void* cookie) { - struct token* t = (struct token*)cookie; - - struct stat sb; - if (stat(t->path, &sb) < 0) { - fprintf(stderr, "failed to stat %s: %s\n", t->path, strerror(errno)); - t->result = -1; - return NULL; - } - - struct file_data fd; - struct provider_vtab vtab; - - fd.fd = open(t->path, O_RDONLY); - if (fd.fd < 0) { - fprintf(stderr, "failed to open %s: %s\n", t->path, strerror(errno)); - t->result = -1; - return NULL; - } - fd.file_size = sb.st_size; - fd.block_size = 65536; - - vtab.read_block = read_block_file; - vtab.close = close_file; - - t->result = run_fuse_sideload(&vtab, &fd, fd.file_size, fd.block_size); - return NULL; -} - -// How long (in seconds) we wait for the fuse-provided package file to -// appear, before timing out. -#define SDCARD_INSTALL_TIMEOUT 10 - -void* start_sdcard_fuse(const char* path) { - struct token* t = malloc(sizeof(struct token)); - - t->path = path; - pthread_create(&(t->th), NULL, run_sdcard_fuse, t); - - struct stat st; - int i; - for (i = 0; i < SDCARD_INSTALL_TIMEOUT; ++i) { - if (stat(FUSE_SIDELOAD_HOST_PATHNAME, &st) != 0) { - if (errno == ENOENT && i < SDCARD_INSTALL_TIMEOUT-1) { - sleep(1); - continue; - } else { - return NULL; - } - } - } - - // The installation process expects to find the sdcard unmounted. - // Unmount it with MNT_DETACH so that our open file continues to - // work but new references see it as unmounted. - umount2("/sdcard", MNT_DETACH); - - return t; -} - -void finish_sdcard_fuse(void* cookie) { - if (cookie == NULL) return; - struct token* t = (struct token*)cookie; - - // Calling stat() on this magic filename signals the fuse - // filesystem to shut down. - struct stat st; - stat(FUSE_SIDELOAD_HOST_EXIT_PATHNAME, &st); - - pthread_join(t->th, NULL); - free(t); -} diff --git a/fuse_sdcard_provider.cpp b/fuse_sdcard_provider.cpp new file mode 100644 index 000000000..eb6454f1d --- /dev/null +++ b/fuse_sdcard_provider.cpp @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "fuse_sideload.h" + +struct file_data { + int fd; // the underlying sdcard file + + uint64_t file_size; + uint32_t block_size; +}; + +static int read_block_file(void* cookie, uint32_t block, uint8_t* buffer, uint32_t fetch_size) { + file_data* fd = reinterpret_cast(cookie); + + off64_t offset = ((off64_t) block) * fd->block_size; + if (TEMP_FAILURE_RETRY(lseek64(fd->fd, offset, SEEK_SET)) == -1) { + fprintf(stderr, "seek on sdcard failed: %s\n", strerror(errno)); + return -EIO; + } + + while (fetch_size > 0) { + ssize_t r = TEMP_FAILURE_RETRY(read(fd->fd, buffer, fetch_size)); + if (r == -1) { + fprintf(stderr, "read on sdcard failed: %s\n", strerror(errno)); + return -EIO; + } + fetch_size -= r; + buffer += r; + } + + return 0; +} + +static void close_file(void* cookie) { + file_data* fd = reinterpret_cast(cookie); + close(fd->fd); +} + +struct token { + pthread_t th; + const char* path; + int result; +}; + +static void* run_sdcard_fuse(void* cookie) { + token* t = reinterpret_cast(cookie); + + struct stat sb; + if (stat(t->path, &sb) < 0) { + fprintf(stderr, "failed to stat %s: %s\n", t->path, strerror(errno)); + t->result = -1; + return NULL; + } + + struct file_data fd; + struct provider_vtab vtab; + + fd.fd = open(t->path, O_RDONLY); + if (fd.fd < 0) { + fprintf(stderr, "failed to open %s: %s\n", t->path, strerror(errno)); + t->result = -1; + return NULL; + } + fd.file_size = sb.st_size; + fd.block_size = 65536; + + vtab.read_block = read_block_file; + vtab.close = close_file; + + t->result = run_fuse_sideload(&vtab, &fd, fd.file_size, fd.block_size); + return NULL; +} + +// How long (in seconds) we wait for the fuse-provided package file to +// appear, before timing out. +#define SDCARD_INSTALL_TIMEOUT 10 + +void* start_sdcard_fuse(const char* path) { + token* t = new token; + + t->path = path; + pthread_create(&(t->th), NULL, run_sdcard_fuse, t); + + struct stat st; + int i; + for (i = 0; i < SDCARD_INSTALL_TIMEOUT; ++i) { + if (stat(FUSE_SIDELOAD_HOST_PATHNAME, &st) != 0) { + if (errno == ENOENT && i < SDCARD_INSTALL_TIMEOUT-1) { + sleep(1); + continue; + } else { + return NULL; + } + } + } + + // The installation process expects to find the sdcard unmounted. + // Unmount it with MNT_DETACH so that our open file continues to + // work but new references see it as unmounted. + umount2("/sdcard", MNT_DETACH); + + return t; +} + +void finish_sdcard_fuse(void* cookie) { + if (cookie == NULL) return; + token* t = reinterpret_cast(cookie); + + // Calling stat() on this magic filename signals the fuse + // filesystem to shut down. + struct stat st; + stat(FUSE_SIDELOAD_HOST_EXIT_PATHNAME, &st); + + pthread_join(t->th, NULL); + delete t; +} diff --git a/fuse_sdcard_provider.h b/fuse_sdcard_provider.h index dbfbcd521..dc2982ca0 100644 --- a/fuse_sdcard_provider.h +++ b/fuse_sdcard_provider.h @@ -17,13 +17,7 @@ #ifndef __FUSE_SDCARD_PROVIDER_H #define __FUSE_SDCARD_PROVIDER_H -#include - -__BEGIN_DECLS - void* start_sdcard_fuse(const char* path); void finish_sdcard_fuse(void* token); -__END_DECLS - #endif diff --git a/fuse_sideload.c b/fuse_sideload.c deleted file mode 100644 index 48e6cc53a..000000000 --- a/fuse_sideload.c +++ /dev/null @@ -1,527 +0,0 @@ -/* - * Copyright (C) 2014 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// This module creates a special filesystem containing two files. -// -// "/sideload/package.zip" appears to be a normal file, but reading -// from it causes data to be fetched from the adb host. We can use -// this to sideload packages over an adb connection without having to -// store the entire package in RAM on the device. -// -// Because we may not trust the adb host, this filesystem maintains -// the following invariant: each read of a given position returns the -// same data as the first read at that position. That is, once a -// section of the file is read, future reads of that section return -// the same data. (Otherwise, a malicious adb host process could -// return one set of bits when the package is read for signature -// verification, and then different bits for when the package is -// accessed by the installer.) If the adb host returns something -// different than it did on the first read, the reader of the file -// will see their read fail with EINVAL. -// -// The other file, "/sideload/exit", is used to control the subprocess -// that creates this filesystem. Calling stat() on the exit file -// causes the filesystem to be unmounted and the adb process on the -// device shut down. -// -// Note that only the minimal set of file operations needed for these -// two files is implemented. In particular, you can't opendir() or -// readdir() on the "/sideload" directory; ls on it won't work. - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "mincrypt/sha256.h" -#include "fuse_sideload.h" - -#define PACKAGE_FILE_ID (FUSE_ROOT_ID+1) -#define EXIT_FLAG_ID (FUSE_ROOT_ID+2) - -#define NO_STATUS 1 -#define NO_STATUS_EXIT 2 - -struct fuse_data { - int ffd; // file descriptor for the fuse socket - - struct provider_vtab* vtab; - void* cookie; - - uint64_t file_size; // bytes - - uint32_t block_size; // block size that the adb host is using to send the file to us - uint32_t file_blocks; // file size in block_size blocks - - uid_t uid; - gid_t gid; - - uint32_t curr_block; // cache the block most recently read from the host - uint8_t* block_data; - - uint8_t* extra_block; // another block of storage for reads that - // span two blocks - - uint8_t* hashes; // SHA-256 hash of each block (all zeros - // if block hasn't been read yet) -}; - -static void fuse_reply(struct fuse_data* fd, __u64 unique, const void *data, size_t len) -{ - struct fuse_out_header hdr; - struct iovec vec[2]; - int res; - - hdr.len = len + sizeof(hdr); - hdr.error = 0; - hdr.unique = unique; - - vec[0].iov_base = &hdr; - vec[0].iov_len = sizeof(hdr); - vec[1].iov_base = /* const_cast */(void*)(data); - vec[1].iov_len = len; - - res = writev(fd->ffd, vec, 2); - if (res < 0) { - printf("*** REPLY FAILED *** %s\n", strerror(errno)); - } -} - -static int handle_init(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { - const struct fuse_init_in* req = data; - struct fuse_init_out out; - size_t fuse_struct_size; - - - /* Kernel 2.6.16 is the first stable kernel with struct fuse_init_out - * defined (fuse version 7.6). The structure is the same from 7.6 through - * 7.22. Beginning with 7.23, the structure increased in size and added - * new parameters. - */ - if (req->major != FUSE_KERNEL_VERSION || req->minor < 6) { - printf("Fuse kernel version mismatch: Kernel version %d.%d, Expected at least %d.6", - req->major, req->minor, FUSE_KERNEL_VERSION); - return -1; - } - - out.minor = MIN(req->minor, FUSE_KERNEL_MINOR_VERSION); - fuse_struct_size = sizeof(out); -#if defined(FUSE_COMPAT_22_INIT_OUT_SIZE) - /* FUSE_KERNEL_VERSION >= 23. */ - - /* If the kernel only works on minor revs older than or equal to 22, - * then use the older structure size since this code only uses the 7.22 - * version of the structure. */ - if (req->minor <= 22) { - fuse_struct_size = FUSE_COMPAT_22_INIT_OUT_SIZE; - } -#endif - - out.major = FUSE_KERNEL_VERSION; - out.max_readahead = req->max_readahead; - out.flags = 0; - out.max_background = 32; - out.congestion_threshold = 32; - out.max_write = 4096; - fuse_reply(fd, hdr->unique, &out, fuse_struct_size); - - return NO_STATUS; -} - -static void fill_attr(struct fuse_attr* attr, struct fuse_data* fd, - uint64_t nodeid, uint64_t size, uint32_t mode) { - memset(attr, 0, sizeof(*attr)); - attr->nlink = 1; - attr->uid = fd->uid; - attr->gid = fd->gid; - attr->blksize = 4096; - - attr->ino = nodeid; - attr->size = size; - attr->blocks = (size == 0) ? 0 : (((size-1) / attr->blksize) + 1); - attr->mode = mode; -} - -static int handle_getattr(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { - const struct fuse_getattr_in* req = data; - struct fuse_attr_out out; - memset(&out, 0, sizeof(out)); - out.attr_valid = 10; - - if (hdr->nodeid == FUSE_ROOT_ID) { - fill_attr(&(out.attr), fd, hdr->nodeid, 4096, S_IFDIR | 0555); - } else if (hdr->nodeid == PACKAGE_FILE_ID) { - fill_attr(&(out.attr), fd, PACKAGE_FILE_ID, fd->file_size, S_IFREG | 0444); - } else if (hdr->nodeid == EXIT_FLAG_ID) { - fill_attr(&(out.attr), fd, EXIT_FLAG_ID, 0, S_IFREG | 0); - } else { - return -ENOENT; - } - - fuse_reply(fd, hdr->unique, &out, sizeof(out)); - return (hdr->nodeid == EXIT_FLAG_ID) ? NO_STATUS_EXIT : NO_STATUS; -} - -static int handle_lookup(void* data, struct fuse_data* fd, - const struct fuse_in_header* hdr) { - struct fuse_entry_out out; - memset(&out, 0, sizeof(out)); - out.entry_valid = 10; - out.attr_valid = 10; - - if (strncmp(FUSE_SIDELOAD_HOST_FILENAME, data, - sizeof(FUSE_SIDELOAD_HOST_FILENAME)) == 0) { - out.nodeid = PACKAGE_FILE_ID; - out.generation = PACKAGE_FILE_ID; - fill_attr(&(out.attr), fd, PACKAGE_FILE_ID, fd->file_size, S_IFREG | 0444); - } else if (strncmp(FUSE_SIDELOAD_HOST_EXIT_FLAG, data, - sizeof(FUSE_SIDELOAD_HOST_EXIT_FLAG)) == 0) { - out.nodeid = EXIT_FLAG_ID; - out.generation = EXIT_FLAG_ID; - fill_attr(&(out.attr), fd, EXIT_FLAG_ID, 0, S_IFREG | 0); - } else { - return -ENOENT; - } - - fuse_reply(fd, hdr->unique, &out, sizeof(out)); - return (out.nodeid == EXIT_FLAG_ID) ? NO_STATUS_EXIT : NO_STATUS; -} - -static int handle_open(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { - const struct fuse_open_in* req = data; - - if (hdr->nodeid == EXIT_FLAG_ID) return -EPERM; - if (hdr->nodeid != PACKAGE_FILE_ID) return -ENOENT; - - struct fuse_open_out out; - memset(&out, 0, sizeof(out)); - out.fh = 10; // an arbitrary number; we always use the same handle - fuse_reply(fd, hdr->unique, &out, sizeof(out)); - return NO_STATUS; -} - -static int handle_flush(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { - return 0; -} - -static int handle_release(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { - return 0; -} - -// Fetch a block from the host into fd->curr_block and fd->block_data. -// Returns 0 on successful fetch, negative otherwise. -static int fetch_block(struct fuse_data* fd, uint32_t block) { - if (block == fd->curr_block) { - return 0; - } - - if (block >= fd->file_blocks) { - memset(fd->block_data, 0, fd->block_size); - fd->curr_block = block; - return 0; - } - - size_t fetch_size = fd->block_size; - if (block * fd->block_size + fetch_size > fd->file_size) { - // If we're reading the last (partial) block of the file, - // expect a shorter response from the host, and pad the rest - // of the block with zeroes. - fetch_size = fd->file_size - (block * fd->block_size); - memset(fd->block_data + fetch_size, 0, fd->block_size - fetch_size); - } - - int result = fd->vtab->read_block(fd->cookie, block, fd->block_data, fetch_size); - if (result < 0) return result; - - fd->curr_block = block; - - // Verify the hash of the block we just got from the host. - // - // - If the hash of the just-received data matches the stored hash - // for the block, accept it. - // - If the stored hash is all zeroes, store the new hash and - // accept the block (this is the first time we've read this - // block). - // - Otherwise, return -EINVAL for the read. - - uint8_t hash[SHA256_DIGEST_SIZE]; - SHA256_hash(fd->block_data, fd->block_size, hash); - uint8_t* blockhash = fd->hashes + block * SHA256_DIGEST_SIZE; - if (memcmp(hash, blockhash, SHA256_DIGEST_SIZE) == 0) { - return 0; - } - - int i; - for (i = 0; i < SHA256_DIGEST_SIZE; ++i) { - if (blockhash[i] != 0) { - fd->curr_block = -1; - return -EIO; - } - } - - memcpy(blockhash, hash, SHA256_DIGEST_SIZE); - return 0; -} - -static int handle_read(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { - const struct fuse_read_in* req = data; - struct fuse_out_header outhdr; - struct iovec vec[3]; - int vec_used; - int result; - - if (hdr->nodeid != PACKAGE_FILE_ID) return -ENOENT; - - uint64_t offset = req->offset; - uint32_t size = req->size; - - // The docs on the fuse kernel interface are vague about what to - // do when a read request extends past the end of the file. We - // can return a short read -- the return structure does include a - // length field -- but in testing that caused the program using - // the file to segfault. (I speculate that this is due to the - // reading program accessing it via mmap; maybe mmap dislikes when - // you return something short of a whole page?) To fix this we - // zero-pad reads that extend past the end of the file so we're - // always returning exactly as many bytes as were requested. - // (Users of the mapped file have to know its real length anyway.) - - outhdr.len = sizeof(outhdr) + size; - outhdr.error = 0; - outhdr.unique = hdr->unique; - vec[0].iov_base = &outhdr; - vec[0].iov_len = sizeof(outhdr); - - uint32_t block = offset / fd->block_size; - result = fetch_block(fd, block); - if (result != 0) return result; - - // Two cases: - // - // - the read request is entirely within this block. In this - // case we can reply immediately. - // - // - the read request goes over into the next block. Note that - // since we mount the filesystem with max_read=block_size, a - // read can never span more than two blocks. In this case we - // copy the block to extra_block and issue a fetch for the - // following block. - - uint32_t block_offset = offset - (block * fd->block_size); - - if (size + block_offset <= fd->block_size) { - // First case: the read fits entirely in the first block. - - vec[1].iov_base = fd->block_data + block_offset; - vec[1].iov_len = size; - vec_used = 2; - } else { - // Second case: the read spills over into the next block. - - memcpy(fd->extra_block, fd->block_data + block_offset, - fd->block_size - block_offset); - vec[1].iov_base = fd->extra_block; - vec[1].iov_len = fd->block_size - block_offset; - - result = fetch_block(fd, block+1); - if (result != 0) return result; - vec[2].iov_base = fd->block_data; - vec[2].iov_len = size - vec[1].iov_len; - vec_used = 3; - } - - if (writev(fd->ffd, vec, vec_used) < 0) { - printf("*** READ REPLY FAILED: %s ***\n", strerror(errno)); - } - return NO_STATUS; -} - -int run_fuse_sideload(struct provider_vtab* vtab, void* cookie, - uint64_t file_size, uint32_t block_size) -{ - int result; - - // If something's already mounted on our mountpoint, try to remove - // it. (Mostly in case of a previous abnormal exit.) - umount2(FUSE_SIDELOAD_HOST_MOUNTPOINT, MNT_FORCE); - - if (block_size < 1024) { - fprintf(stderr, "block size (%u) is too small\n", block_size); - return -1; - } - if (block_size > (1<<22)) { // 4 MiB - fprintf(stderr, "block size (%u) is too large\n", block_size); - return -1; - } - - struct fuse_data fd; - memset(&fd, 0, sizeof(fd)); - fd.vtab = vtab; - fd.cookie = cookie; - fd.file_size = file_size; - fd.block_size = block_size; - fd.file_blocks = (file_size == 0) ? 0 : (((file_size-1) / block_size) + 1); - - if (fd.file_blocks > (1<<18)) { - fprintf(stderr, "file has too many blocks (%u)\n", fd.file_blocks); - result = -1; - goto done; - } - - fd.hashes = (uint8_t*)calloc(fd.file_blocks, SHA256_DIGEST_SIZE); - if (fd.hashes == NULL) { - fprintf(stderr, "failed to allocate %d bites for hashes\n", - fd.file_blocks * SHA256_DIGEST_SIZE); - result = -1; - goto done; - } - - fd.uid = getuid(); - fd.gid = getgid(); - - fd.curr_block = -1; - fd.block_data = (uint8_t*)malloc(block_size); - if (fd.block_data == NULL) { - fprintf(stderr, "failed to allocate %d bites for block_data\n", block_size); - result = -1; - goto done; - } - fd.extra_block = (uint8_t*)malloc(block_size); - if (fd.extra_block == NULL) { - fprintf(stderr, "failed to allocate %d bites for extra_block\n", block_size); - result = -1; - goto done; - } - - fd.ffd = open("/dev/fuse", O_RDWR); - if (fd.ffd < 0) { - perror("open /dev/fuse"); - result = -1; - goto done; - } - - char opts[256]; - snprintf(opts, sizeof(opts), - ("fd=%d,user_id=%d,group_id=%d,max_read=%u," - "allow_other,rootmode=040000"), - fd.ffd, fd.uid, fd.gid, block_size); - - result = mount("/dev/fuse", FUSE_SIDELOAD_HOST_MOUNTPOINT, - "fuse", MS_NOSUID | MS_NODEV | MS_RDONLY | MS_NOEXEC, opts); - if (result < 0) { - perror("mount"); - goto done; - } - uint8_t request_buffer[sizeof(struct fuse_in_header) + PATH_MAX*8]; - for (;;) { - ssize_t len = TEMP_FAILURE_RETRY(read(fd.ffd, request_buffer, sizeof(request_buffer))); - if (len == -1) { - perror("read request"); - if (errno == ENODEV) { - result = -1; - break; - } - continue; - } - - if ((size_t)len < sizeof(struct fuse_in_header)) { - fprintf(stderr, "request too short: len=%zu\n", (size_t)len); - continue; - } - - struct fuse_in_header* hdr = (struct fuse_in_header*) request_buffer; - void* data = request_buffer + sizeof(struct fuse_in_header); - - result = -ENOSYS; - - switch (hdr->opcode) { - case FUSE_INIT: - result = handle_init(data, &fd, hdr); - break; - - case FUSE_LOOKUP: - result = handle_lookup(data, &fd, hdr); - break; - - case FUSE_GETATTR: - result = handle_getattr(data, &fd, hdr); - break; - - case FUSE_OPEN: - result = handle_open(data, &fd, hdr); - break; - - case FUSE_READ: - result = handle_read(data, &fd, hdr); - break; - - case FUSE_FLUSH: - result = handle_flush(data, &fd, hdr); - break; - - case FUSE_RELEASE: - result = handle_release(data, &fd, hdr); - break; - - default: - fprintf(stderr, "unknown fuse request opcode %d\n", hdr->opcode); - break; - } - - if (result == NO_STATUS_EXIT) { - result = 0; - break; - } - - if (result != NO_STATUS) { - struct fuse_out_header outhdr; - outhdr.len = sizeof(outhdr); - outhdr.error = result; - outhdr.unique = hdr->unique; - TEMP_FAILURE_RETRY(write(fd.ffd, &outhdr, sizeof(outhdr))); - } - } - - done: - fd.vtab->close(fd.cookie); - - result = umount2(FUSE_SIDELOAD_HOST_MOUNTPOINT, MNT_DETACH); - if (result < 0) { - printf("fuse_sideload umount failed: %s\n", strerror(errno)); - } - - if (fd.ffd) close(fd.ffd); - free(fd.hashes); - free(fd.block_data); - free(fd.extra_block); - - return result; -} diff --git a/fuse_sideload.cpp b/fuse_sideload.cpp new file mode 100644 index 000000000..9c3e75f89 --- /dev/null +++ b/fuse_sideload.cpp @@ -0,0 +1,524 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// This module creates a special filesystem containing two files. +// +// "/sideload/package.zip" appears to be a normal file, but reading +// from it causes data to be fetched from the adb host. We can use +// this to sideload packages over an adb connection without having to +// store the entire package in RAM on the device. +// +// Because we may not trust the adb host, this filesystem maintains +// the following invariant: each read of a given position returns the +// same data as the first read at that position. That is, once a +// section of the file is read, future reads of that section return +// the same data. (Otherwise, a malicious adb host process could +// return one set of bits when the package is read for signature +// verification, and then different bits for when the package is +// accessed by the installer.) If the adb host returns something +// different than it did on the first read, the reader of the file +// will see their read fail with EINVAL. +// +// The other file, "/sideload/exit", is used to control the subprocess +// that creates this filesystem. Calling stat() on the exit file +// causes the filesystem to be unmounted and the adb process on the +// device shut down. +// +// Note that only the minimal set of file operations needed for these +// two files is implemented. In particular, you can't opendir() or +// readdir() on the "/sideload" directory; ls on it won't work. + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "mincrypt/sha256.h" +#include "fuse_sideload.h" + +#define PACKAGE_FILE_ID (FUSE_ROOT_ID+1) +#define EXIT_FLAG_ID (FUSE_ROOT_ID+2) + +#define NO_STATUS 1 +#define NO_STATUS_EXIT 2 + +struct fuse_data { + int ffd; // file descriptor for the fuse socket + + struct provider_vtab* vtab; + void* cookie; + + uint64_t file_size; // bytes + + uint32_t block_size; // block size that the adb host is using to send the file to us + uint32_t file_blocks; // file size in block_size blocks + + uid_t uid; + gid_t gid; + + uint32_t curr_block; // cache the block most recently read from the host + uint8_t* block_data; + + uint8_t* extra_block; // another block of storage for reads that + // span two blocks + + uint8_t* hashes; // SHA-256 hash of each block (all zeros + // if block hasn't been read yet) +}; + +static void fuse_reply(struct fuse_data* fd, __u64 unique, const void *data, size_t len) +{ + struct fuse_out_header hdr; + struct iovec vec[2]; + int res; + + hdr.len = len + sizeof(hdr); + hdr.error = 0; + hdr.unique = unique; + + vec[0].iov_base = &hdr; + vec[0].iov_len = sizeof(hdr); + vec[1].iov_base = /* const_cast */(void*)(data); + vec[1].iov_len = len; + + res = writev(fd->ffd, vec, 2); + if (res < 0) { + printf("*** REPLY FAILED *** %s\n", strerror(errno)); + } +} + +static int handle_init(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { + const struct fuse_init_in* req = reinterpret_cast(data); + struct fuse_init_out out; + size_t fuse_struct_size; + + + /* Kernel 2.6.16 is the first stable kernel with struct fuse_init_out + * defined (fuse version 7.6). The structure is the same from 7.6 through + * 7.22. Beginning with 7.23, the structure increased in size and added + * new parameters. + */ + if (req->major != FUSE_KERNEL_VERSION || req->minor < 6) { + printf("Fuse kernel version mismatch: Kernel version %d.%d, Expected at least %d.6", + req->major, req->minor, FUSE_KERNEL_VERSION); + return -1; + } + + out.minor = MIN(req->minor, FUSE_KERNEL_MINOR_VERSION); + fuse_struct_size = sizeof(out); +#if defined(FUSE_COMPAT_22_INIT_OUT_SIZE) + /* FUSE_KERNEL_VERSION >= 23. */ + + /* If the kernel only works on minor revs older than or equal to 22, + * then use the older structure size since this code only uses the 7.22 + * version of the structure. */ + if (req->minor <= 22) { + fuse_struct_size = FUSE_COMPAT_22_INIT_OUT_SIZE; + } +#endif + + out.major = FUSE_KERNEL_VERSION; + out.max_readahead = req->max_readahead; + out.flags = 0; + out.max_background = 32; + out.congestion_threshold = 32; + out.max_write = 4096; + fuse_reply(fd, hdr->unique, &out, fuse_struct_size); + + return NO_STATUS; +} + +static void fill_attr(struct fuse_attr* attr, struct fuse_data* fd, + uint64_t nodeid, uint64_t size, uint32_t mode) { + memset(attr, 0, sizeof(*attr)); + attr->nlink = 1; + attr->uid = fd->uid; + attr->gid = fd->gid; + attr->blksize = 4096; + + attr->ino = nodeid; + attr->size = size; + attr->blocks = (size == 0) ? 0 : (((size-1) / attr->blksize) + 1); + attr->mode = mode; +} + +static int handle_getattr(void* /* data */, struct fuse_data* fd, const struct fuse_in_header* hdr) { + struct fuse_attr_out out; + memset(&out, 0, sizeof(out)); + out.attr_valid = 10; + + if (hdr->nodeid == FUSE_ROOT_ID) { + fill_attr(&(out.attr), fd, hdr->nodeid, 4096, S_IFDIR | 0555); + } else if (hdr->nodeid == PACKAGE_FILE_ID) { + fill_attr(&(out.attr), fd, PACKAGE_FILE_ID, fd->file_size, S_IFREG | 0444); + } else if (hdr->nodeid == EXIT_FLAG_ID) { + fill_attr(&(out.attr), fd, EXIT_FLAG_ID, 0, S_IFREG | 0); + } else { + return -ENOENT; + } + + fuse_reply(fd, hdr->unique, &out, sizeof(out)); + return (hdr->nodeid == EXIT_FLAG_ID) ? NO_STATUS_EXIT : NO_STATUS; +} + +static int handle_lookup(void* data, struct fuse_data* fd, + const struct fuse_in_header* hdr) { + struct fuse_entry_out out; + memset(&out, 0, sizeof(out)); + out.entry_valid = 10; + out.attr_valid = 10; + + if (strncmp(FUSE_SIDELOAD_HOST_FILENAME, reinterpret_cast(data), + sizeof(FUSE_SIDELOAD_HOST_FILENAME)) == 0) { + out.nodeid = PACKAGE_FILE_ID; + out.generation = PACKAGE_FILE_ID; + fill_attr(&(out.attr), fd, PACKAGE_FILE_ID, fd->file_size, S_IFREG | 0444); + } else if (strncmp(FUSE_SIDELOAD_HOST_EXIT_FLAG, reinterpret_cast(data), + sizeof(FUSE_SIDELOAD_HOST_EXIT_FLAG)) == 0) { + out.nodeid = EXIT_FLAG_ID; + out.generation = EXIT_FLAG_ID; + fill_attr(&(out.attr), fd, EXIT_FLAG_ID, 0, S_IFREG | 0); + } else { + return -ENOENT; + } + + fuse_reply(fd, hdr->unique, &out, sizeof(out)); + return (out.nodeid == EXIT_FLAG_ID) ? NO_STATUS_EXIT : NO_STATUS; +} + +static int handle_open(void* /* data */, struct fuse_data* fd, const struct fuse_in_header* hdr) { + if (hdr->nodeid == EXIT_FLAG_ID) return -EPERM; + if (hdr->nodeid != PACKAGE_FILE_ID) return -ENOENT; + + struct fuse_open_out out; + memset(&out, 0, sizeof(out)); + out.fh = 10; // an arbitrary number; we always use the same handle + fuse_reply(fd, hdr->unique, &out, sizeof(out)); + return NO_STATUS; +} + +static int handle_flush(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { + return 0; +} + +static int handle_release(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { + return 0; +} + +// Fetch a block from the host into fd->curr_block and fd->block_data. +// Returns 0 on successful fetch, negative otherwise. +static int fetch_block(struct fuse_data* fd, uint32_t block) { + if (block == fd->curr_block) { + return 0; + } + + if (block >= fd->file_blocks) { + memset(fd->block_data, 0, fd->block_size); + fd->curr_block = block; + return 0; + } + + size_t fetch_size = fd->block_size; + if (block * fd->block_size + fetch_size > fd->file_size) { + // If we're reading the last (partial) block of the file, + // expect a shorter response from the host, and pad the rest + // of the block with zeroes. + fetch_size = fd->file_size - (block * fd->block_size); + memset(fd->block_data + fetch_size, 0, fd->block_size - fetch_size); + } + + int result = fd->vtab->read_block(fd->cookie, block, fd->block_data, fetch_size); + if (result < 0) return result; + + fd->curr_block = block; + + // Verify the hash of the block we just got from the host. + // + // - If the hash of the just-received data matches the stored hash + // for the block, accept it. + // - If the stored hash is all zeroes, store the new hash and + // accept the block (this is the first time we've read this + // block). + // - Otherwise, return -EINVAL for the read. + + uint8_t hash[SHA256_DIGEST_SIZE]; + SHA256_hash(fd->block_data, fd->block_size, hash); + uint8_t* blockhash = fd->hashes + block * SHA256_DIGEST_SIZE; + if (memcmp(hash, blockhash, SHA256_DIGEST_SIZE) == 0) { + return 0; + } + + int i; + for (i = 0; i < SHA256_DIGEST_SIZE; ++i) { + if (blockhash[i] != 0) { + fd->curr_block = -1; + return -EIO; + } + } + + memcpy(blockhash, hash, SHA256_DIGEST_SIZE); + return 0; +} + +static int handle_read(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { + const struct fuse_read_in* req = reinterpret_cast(data); + struct fuse_out_header outhdr; + struct iovec vec[3]; + int vec_used; + int result; + + if (hdr->nodeid != PACKAGE_FILE_ID) return -ENOENT; + + uint64_t offset = req->offset; + uint32_t size = req->size; + + // The docs on the fuse kernel interface are vague about what to + // do when a read request extends past the end of the file. We + // can return a short read -- the return structure does include a + // length field -- but in testing that caused the program using + // the file to segfault. (I speculate that this is due to the + // reading program accessing it via mmap; maybe mmap dislikes when + // you return something short of a whole page?) To fix this we + // zero-pad reads that extend past the end of the file so we're + // always returning exactly as many bytes as were requested. + // (Users of the mapped file have to know its real length anyway.) + + outhdr.len = sizeof(outhdr) + size; + outhdr.error = 0; + outhdr.unique = hdr->unique; + vec[0].iov_base = &outhdr; + vec[0].iov_len = sizeof(outhdr); + + uint32_t block = offset / fd->block_size; + result = fetch_block(fd, block); + if (result != 0) return result; + + // Two cases: + // + // - the read request is entirely within this block. In this + // case we can reply immediately. + // + // - the read request goes over into the next block. Note that + // since we mount the filesystem with max_read=block_size, a + // read can never span more than two blocks. In this case we + // copy the block to extra_block and issue a fetch for the + // following block. + + uint32_t block_offset = offset - (block * fd->block_size); + + if (size + block_offset <= fd->block_size) { + // First case: the read fits entirely in the first block. + + vec[1].iov_base = fd->block_data + block_offset; + vec[1].iov_len = size; + vec_used = 2; + } else { + // Second case: the read spills over into the next block. + + memcpy(fd->extra_block, fd->block_data + block_offset, + fd->block_size - block_offset); + vec[1].iov_base = fd->extra_block; + vec[1].iov_len = fd->block_size - block_offset; + + result = fetch_block(fd, block+1); + if (result != 0) return result; + vec[2].iov_base = fd->block_data; + vec[2].iov_len = size - vec[1].iov_len; + vec_used = 3; + } + + if (writev(fd->ffd, vec, vec_used) < 0) { + printf("*** READ REPLY FAILED: %s ***\n", strerror(errno)); + } + return NO_STATUS; +} + +int run_fuse_sideload(struct provider_vtab* vtab, void* cookie, + uint64_t file_size, uint32_t block_size) +{ + int result; + + // If something's already mounted on our mountpoint, try to remove + // it. (Mostly in case of a previous abnormal exit.) + umount2(FUSE_SIDELOAD_HOST_MOUNTPOINT, MNT_FORCE); + + if (block_size < 1024) { + fprintf(stderr, "block size (%u) is too small\n", block_size); + return -1; + } + if (block_size > (1<<22)) { // 4 MiB + fprintf(stderr, "block size (%u) is too large\n", block_size); + return -1; + } + + struct fuse_data fd; + memset(&fd, 0, sizeof(fd)); + fd.vtab = vtab; + fd.cookie = cookie; + fd.file_size = file_size; + fd.block_size = block_size; + fd.file_blocks = (file_size == 0) ? 0 : (((file_size-1) / block_size) + 1); + + if (fd.file_blocks > (1<<18)) { + fprintf(stderr, "file has too many blocks (%u)\n", fd.file_blocks); + result = -1; + goto done; + } + + fd.hashes = (uint8_t*)calloc(fd.file_blocks, SHA256_DIGEST_SIZE); + if (fd.hashes == NULL) { + fprintf(stderr, "failed to allocate %d bites for hashes\n", + fd.file_blocks * SHA256_DIGEST_SIZE); + result = -1; + goto done; + } + + fd.uid = getuid(); + fd.gid = getgid(); + + fd.curr_block = -1; + fd.block_data = (uint8_t*)malloc(block_size); + if (fd.block_data == NULL) { + fprintf(stderr, "failed to allocate %d bites for block_data\n", block_size); + result = -1; + goto done; + } + fd.extra_block = (uint8_t*)malloc(block_size); + if (fd.extra_block == NULL) { + fprintf(stderr, "failed to allocate %d bites for extra_block\n", block_size); + result = -1; + goto done; + } + + fd.ffd = open("/dev/fuse", O_RDWR); + if (fd.ffd < 0) { + perror("open /dev/fuse"); + result = -1; + goto done; + } + + char opts[256]; + snprintf(opts, sizeof(opts), + ("fd=%d,user_id=%d,group_id=%d,max_read=%u," + "allow_other,rootmode=040000"), + fd.ffd, fd.uid, fd.gid, block_size); + + result = mount("/dev/fuse", FUSE_SIDELOAD_HOST_MOUNTPOINT, + "fuse", MS_NOSUID | MS_NODEV | MS_RDONLY | MS_NOEXEC, opts); + if (result < 0) { + perror("mount"); + goto done; + } + uint8_t request_buffer[sizeof(struct fuse_in_header) + PATH_MAX*8]; + for (;;) { + ssize_t len = TEMP_FAILURE_RETRY(read(fd.ffd, request_buffer, sizeof(request_buffer))); + if (len == -1) { + perror("read request"); + if (errno == ENODEV) { + result = -1; + break; + } + continue; + } + + if ((size_t)len < sizeof(struct fuse_in_header)) { + fprintf(stderr, "request too short: len=%zu\n", (size_t)len); + continue; + } + + struct fuse_in_header* hdr = (struct fuse_in_header*) request_buffer; + void* data = request_buffer + sizeof(struct fuse_in_header); + + result = -ENOSYS; + + switch (hdr->opcode) { + case FUSE_INIT: + result = handle_init(data, &fd, hdr); + break; + + case FUSE_LOOKUP: + result = handle_lookup(data, &fd, hdr); + break; + + case FUSE_GETATTR: + result = handle_getattr(data, &fd, hdr); + break; + + case FUSE_OPEN: + result = handle_open(data, &fd, hdr); + break; + + case FUSE_READ: + result = handle_read(data, &fd, hdr); + break; + + case FUSE_FLUSH: + result = handle_flush(data, &fd, hdr); + break; + + case FUSE_RELEASE: + result = handle_release(data, &fd, hdr); + break; + + default: + fprintf(stderr, "unknown fuse request opcode %d\n", hdr->opcode); + break; + } + + if (result == NO_STATUS_EXIT) { + result = 0; + break; + } + + if (result != NO_STATUS) { + struct fuse_out_header outhdr; + outhdr.len = sizeof(outhdr); + outhdr.error = result; + outhdr.unique = hdr->unique; + TEMP_FAILURE_RETRY(write(fd.ffd, &outhdr, sizeof(outhdr))); + } + } + + done: + fd.vtab->close(fd.cookie); + + result = umount2(FUSE_SIDELOAD_HOST_MOUNTPOINT, MNT_DETACH); + if (result < 0) { + printf("fuse_sideload umount failed: %s\n", strerror(errno)); + } + + if (fd.ffd) close(fd.ffd); + free(fd.hashes); + free(fd.block_data); + free(fd.extra_block); + + return result; +} diff --git a/fuse_sideload.h b/fuse_sideload.h index f9e3bf0d3..c0b16efbe 100644 --- a/fuse_sideload.h +++ b/fuse_sideload.h @@ -17,10 +17,6 @@ #ifndef __FUSE_SIDELOAD_H #define __FUSE_SIDELOAD_H -#include - -__BEGIN_DECLS - // define the filenames created by the sideload FUSE filesystem #define FUSE_SIDELOAD_HOST_MOUNTPOINT "/sideload" #define FUSE_SIDELOAD_HOST_FILENAME "package.zip" @@ -39,6 +35,4 @@ struct provider_vtab { int run_fuse_sideload(struct provider_vtab* vtab, void* cookie, uint64_t file_size, uint32_t block_size); -__END_DECLS - #endif -- cgit v1.2.3 From 68c5a6796737bb583a8bdfa4c9cd9c7f12ef4276 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 17 Jul 2015 18:11:12 -0700 Subject: applypatch: Support flash mode. We may carry a full copy of recovery image in the /system, and use /system/bin/install-recovery.sh to install the recovery. This CL adds support to flash the recovery partition with the given image. Bug: 22641135 Change-Id: I345eaaee269f6443527f45a9be7e4ee47f6b2b39 --- applypatch/applypatch.cpp | 84 ++++++++++++++++++++++++++++++++++++++++------- applypatch/applypatch.h | 2 ++ applypatch/main.cpp | 27 ++++++++++++--- 3 files changed, 97 insertions(+), 16 deletions(-) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 026863330..2446b2a68 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -43,6 +43,7 @@ static int GenerateTarget(FileContents* source_file, const uint8_t target_sha1[SHA_DIGEST_SIZE], size_t target_size, const Value* bonus_data); +static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]); static bool mtd_partitions_scanned = false; @@ -461,7 +462,7 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { } if (start == len) { - printf("verification read succeeded (attempt %d)\n", attempt+1); + printf("verification read succeeded (attempt %zu)\n", attempt+1); success = true; break; } @@ -628,12 +629,14 @@ int CacheSizeCheck(size_t bytes) { } } -static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { +static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { const char* hex = "0123456789abcdef"; + std::string result = ""; for (size_t i = 0; i < 4; ++i) { - putchar(hex[(sha1[i]>>4) & 0xf]); - putchar(hex[sha1[i] & 0xf]); + result.push_back(hex[(sha1[i]>>4) & 0xf]); + result.push_back(hex[sha1[i] & 0xf]); } + return result; } // This function applies binary patches to files in a way that is safe @@ -648,7 +651,7 @@ static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { // entries in , the corresponding patch from // (which must be a VAL_BLOB) is applied to produce a // new file (the type of patch is automatically detected from the -// blob daat). If that new file has sha1 hash , +// blob data). If that new file has sha1 hash , // moves it to replace , and exits successfully. // Note that if and are not the // same, is NOT deleted on success. @@ -659,7 +662,7 @@ static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { // status. // // may refer to a partition to read the source data. -// See the comments for the LoadPartition Contents() function above +// See the comments for the LoadPartitionContents() function above // for the format of such a filename. int applypatch(const char* source_filename, @@ -694,9 +697,7 @@ int applypatch(const char* source_filename, if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { // The early-exit case: the patch was already applied, this file // has the desired hash, nothing for us to do. - printf("already "); - print_short_sha1(target_sha1); - putchar('\n'); + printf("already %s\n", short_sha1(target_sha1).c_str()); free(source_file.data); return 0; } @@ -753,6 +754,67 @@ int applypatch(const char* source_filename, return result; } +/* + * This function flashes a given image to the target partition. It verifies + * the target cheksum first, and will return if target has the desired hash. + * It checks the checksum of the given source image before flashing, and + * verifies the target partition afterwards. The function is idempotent. + * Returns zero on success. + */ +int applypatch_flash(const char* source_filename, const char* target_filename, + const char* target_sha1_str, size_t target_size) { + printf("flash %s: ", target_filename); + + uint8_t target_sha1[SHA_DIGEST_SIZE]; + if (ParseSha1(target_sha1_str, target_sha1) != 0) { + printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); + return 1; + } + + FileContents source_file; + source_file.data = NULL; + std::string target_str(target_filename); + + std::vector pieces = android::base::Split(target_str, ":"); + if (pieces.size() != 2 || (pieces[0] != "MTD" && pieces[0] != "EMMC")) { + printf("invalid target name \"%s\"", target_filename); + return 1; + } + + // Load the target into the source_file object to see if already applied. + pieces.push_back(std::to_string(target_size)); + pieces.push_back(target_sha1_str); + std::string fullname = android::base::Join(pieces, ':'); + if (LoadPartitionContents(fullname.c_str(), &source_file) == 0 && + memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { + // The early-exit case: the image was already applied, this partition + // has the desired hash, nothing for us to do. + printf("already %s\n", short_sha1(target_sha1).c_str()); + free(source_file.data); + return 0; + } + + if (LoadFileContents(source_filename, &source_file) == 0) { + if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { + // The source doesn't have desired checksum. + printf("source \"%s\" doesn't have expected sha1 sum\n", source_filename); + printf("expected: %s, found: %s\n", short_sha1(target_sha1).c_str(), + short_sha1(source_file.sha1).c_str()); + free(source_file.data); + return 1; + } + } + + if (WriteToPartition(source_file.data, target_size, target_filename) != 0) { + printf("write of copied data to %s failed\n", target_filename); + free(source_file.data); + return 1; + } + + free(source_file.data); + return 0; +} + static int GenerateTarget(FileContents* source_file, const Value* source_patch_value, FileContents* copy_file, @@ -953,9 +1015,7 @@ static int GenerateTarget(FileContents* source_file, printf("patch did not produce expected sha1\n"); return 1; } else { - printf("now "); - print_short_sha1(target_sha1); - putchar('\n'); + printf("now %s\n", short_sha1(target_sha1).c_str()); } if (output < 0) { diff --git a/applypatch/applypatch.h b/applypatch/applypatch.h index edec84812..415bc1b3c 100644 --- a/applypatch/applypatch.h +++ b/applypatch/applypatch.h @@ -48,6 +48,8 @@ size_t FreeSpaceForFile(const char* filename); int CacheSizeCheck(size_t bytes); int ParseSha1(const char* str, uint8_t* digest); +int applypatch_flash(const char* source_filename, const char* target_filename, + const char* target_sha1_str, size_t target_size); int applypatch(const char* source_filename, const char* target_filename, const char* target_sha1_str, diff --git a/applypatch/main.cpp b/applypatch/main.cpp index 63ff5c2c0..966d8b91f 100644 --- a/applypatch/main.cpp +++ b/applypatch/main.cpp @@ -47,8 +47,8 @@ static int SpaceMode(int argc, char** argv) { // ":" into the new parallel arrays *sha1s and // *patches (loading file contents into the patches). Returns true on // success. -static bool ParsePatchArgs(int argc, char** argv, - char*** sha1s, Value*** patches, int* num_patches) { +static bool ParsePatchArgs(int argc, char** argv, char*** sha1s, + Value*** patches, int* num_patches) { *num_patches = argc; *sha1s = reinterpret_cast(malloc(*num_patches * sizeof(char*))); *patches = reinterpret_cast(malloc(*num_patches * sizeof(Value*))); @@ -98,7 +98,12 @@ static bool ParsePatchArgs(int argc, char** argv, return false; } -int PatchMode(int argc, char** argv) { +static int FlashMode(const char* src_filename, const char* tgt_filename, + const char* tgt_sha1, size_t tgt_size) { + return applypatch_flash(src_filename, tgt_filename, tgt_sha1, tgt_size); +} + +static int PatchMode(int argc, char** argv) { Value* bonus = NULL; if (argc >= 3 && strcmp(argv[1], "-b") == 0) { FileContents fc; @@ -114,7 +119,7 @@ int PatchMode(int argc, char** argv) { argv += 2; } - if (argc < 6) { + if (argc < 4) { return 2; } @@ -125,6 +130,16 @@ int PatchMode(int argc, char** argv) { return 1; } + // If no : is provided, it is in flash mode. + if (argc == 5) { + if (bonus != NULL) { + printf("bonus file not supported in flash mode\n"); + return 1; + } + return FlashMode(argv[1], argv[2], argv[3], target_size); + } + + char** sha1s; Value** patches; int num_patches; @@ -162,6 +177,10 @@ int PatchMode(int argc, char** argv) { // - if the sha1 hash of is , does nothing and exits // successfully. // +// - otherwise, if no : is provided, flashes with +// . must be a partition name, while must +// be a regular image file. will not be deleted on success. +// // - otherwise, if the sha1 hash of is , applies the // bsdiff to to produce a new file (the type of patch // is automatically detected from the file header). If that new -- cgit v1.2.3 From aca8e8960300b850aa1f5c8be73f5be6dba7a424 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 17 Jul 2015 11:47:44 -0700 Subject: applypatch: Refactor strtok(). We have android::base::Split() for the work. Change-Id: I0fb562feb203c9b15e2f431d8e84355fd682376a (cherry picked from commit 0a47ce27de454e272a883a0c452fad627fd7f419) --- applypatch/Android.mk | 6 +- applypatch/applypatch.cpp | 136 ++++++++++++++++++---------------------------- 2 files changed, 56 insertions(+), 86 deletions(-) diff --git a/applypatch/Android.mk b/applypatch/Android.mk index 1f73fd897..cc17a13ae 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -21,7 +21,7 @@ LOCAL_SRC_FILES := applypatch.cpp bspatch.cpp freecache.cpp imgpatch.cpp utils.c LOCAL_MODULE := libapplypatch LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += external/bzip2 external/zlib bootable/recovery -LOCAL_STATIC_LIBRARIES += libmtdutils libmincrypt libbz libz +LOCAL_STATIC_LIBRARIES += libbase libmtdutils libmincrypt libbz libz include $(BUILD_STATIC_LIBRARY) @@ -31,7 +31,7 @@ LOCAL_CLANG := true LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery -LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libmtdutils libmincrypt libbz LOCAL_SHARED_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) @@ -44,7 +44,7 @@ LOCAL_MODULE := applypatch_static LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += bootable/recovery -LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libmtdutils libmincrypt libbz LOCAL_STATIC_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 96bd88e88..026863330 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -25,6 +25,8 @@ #include #include +#include + #include "mincrypt/sha.h" #include "applypatch.h" #include "mtdutils/mtdutils.h" @@ -42,7 +44,7 @@ static int GenerateTarget(FileContents* source_file, size_t target_size, const Value* bonus_data); -static int mtd_partitions_scanned = 0; +static bool mtd_partitions_scanned = false; // Read a file into memory; store the file contents and associated // metadata in *file. @@ -87,21 +89,6 @@ int LoadFileContents(const char* filename, FileContents* file) { return 0; } -static size_t* size_array; -// comparison function for qsort()ing an int array of indexes into -// size_array[]. -static int compare_size_indices(const void* a, const void* b) { - const int aa = *reinterpret_cast(a); - const int bb = *reinterpret_cast(b); - if (size_array[aa] < size_array[bb]) { - return -1; - } else if (size_array[aa] > size_array[bb]) { - return 1; - } else { - return 0; - } -} - // Load the contents of an MTD or EMMC partition into the provided // FileContents. filename should be a string of the form // "MTD::::::..." (or @@ -120,53 +107,45 @@ static int compare_size_indices(const void* a, const void* b) { enum PartitionType { MTD, EMMC }; static int LoadPartitionContents(const char* filename, FileContents* file) { - char* copy = strdup(filename); - const char* magic = strtok(copy, ":"); + std::string copy(filename); + std::vector pieces = android::base::Split(copy, ":"); + if (pieces.size() < 4 || pieces.size() % 2 != 0) { + printf("LoadPartitionContents called with bad filename (%s)\n", filename); + return -1; + } enum PartitionType type; - - if (strcmp(magic, "MTD") == 0) { + if (pieces[0] == "MTD") { type = MTD; - } else if (strcmp(magic, "EMMC") == 0) { + } else if (pieces[0] == "EMMC") { type = EMMC; } else { printf("LoadPartitionContents called with bad filename (%s)\n", filename); return -1; } - const char* partition = strtok(NULL, ":"); + const char* partition = pieces[1].c_str(); - int i; - int colons = 0; - for (i = 0; filename[i] != '\0'; ++i) { - if (filename[i] == ':') { - ++colons; - } - } - if (colons < 3 || colons%2 == 0) { - printf("LoadPartitionContents called with bad filename (%s)\n", - filename); - } - - int pairs = (colons-1)/2; // # of (size,sha1) pairs in filename - int* index = reinterpret_cast(malloc(pairs * sizeof(int))); - size_t* size = reinterpret_cast(malloc(pairs * sizeof(size_t))); - char** sha1sum = reinterpret_cast(malloc(pairs * sizeof(char*))); + size_t pairs = (pieces.size() - 2) / 2; // # of (size, sha1) pairs in filename + std::vector index(pairs); + std::vector size(pairs); + std::vector sha1sum(pairs); - for (i = 0; i < pairs; ++i) { - const char* size_str = strtok(NULL, ":"); - size[i] = strtol(size_str, NULL, 10); + for (size_t i = 0; i < pairs; ++i) { + size[i] = strtol(pieces[i*2+2].c_str(), NULL, 10); if (size[i] == 0) { printf("LoadPartitionContents called with bad size (%s)\n", filename); return -1; } - sha1sum[i] = strtok(NULL, ":"); + sha1sum[i] = pieces[i*2+3].c_str(); index[i] = i; } - // sort the index[] array so it indexes the pairs in order of - // increasing size. - size_array = size; - qsort(index, pairs, sizeof(int), compare_size_indices); + // Sort the index[] array so it indexes the pairs in order of increasing size. + sort(index.begin(), index.end(), + [&](const size_t& i, const size_t& j) { + return (size[i] < size[j]); + } + ); MtdReadContext* ctx = NULL; FILE* dev = NULL; @@ -175,20 +154,18 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { case MTD: { if (!mtd_partitions_scanned) { mtd_scan_partitions(); - mtd_partitions_scanned = 1; + mtd_partitions_scanned = true; } const MtdPartition* mtd = mtd_find_partition_by_name(partition); if (mtd == NULL) { - printf("mtd partition \"%s\" not found (loading %s)\n", - partition, filename); + printf("mtd partition \"%s\" not found (loading %s)\n", partition, filename); return -1; } ctx = mtd_read_partition(mtd); if (ctx == NULL) { - printf("failed to initialize read of mtd partition \"%s\"\n", - partition); + printf("failed to initialize read of mtd partition \"%s\"\n", partition); return -1; } break; @@ -197,8 +174,7 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { case EMMC: dev = fopen(partition, "rb"); if (dev == NULL) { - printf("failed to open emmc partition \"%s\": %s\n", - partition, strerror(errno)); + printf("failed to open emmc partition \"%s\": %s\n", partition, strerror(errno)); return -1; } } @@ -207,15 +183,15 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { SHA_init(&sha_ctx); uint8_t parsed_sha[SHA_DIGEST_SIZE]; - // allocate enough memory to hold the largest size. + // Allocate enough memory to hold the largest size. file->data = reinterpret_cast(malloc(size[index[pairs-1]])); char* p = (char*)file->data; file->size = 0; // # bytes read so far + bool found = false; - for (i = 0; i < pairs; ++i) { - // Read enough additional bytes to get us up to the next size - // (again, we're trying the possibilities in order of increasing - // size). + for (size_t i = 0; i < pairs; ++i) { + // Read enough additional bytes to get us up to the next size. (Again, + // we're trying the possibilities in order of increasing size). size_t next = size[index[i]] - file->size; size_t read = 0; if (next > 0) { @@ -245,8 +221,8 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); const uint8_t* sha_so_far = SHA_final(&temp_ctx); - if (ParseSha1(sha1sum[index[i]], parsed_sha) != 0) { - printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]], filename); + if (ParseSha1(sha1sum[index[i]].c_str(), parsed_sha) != 0) { + printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]].c_str(), filename); free(file->data); file->data = NULL; return -1; @@ -256,7 +232,8 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { // we have a match. stop reading the partition; we'll return // the data we've read so far. printf("partition read matched size %zu sha %s\n", - size[index[i]], sha1sum[index[i]]); + size[index[i]], sha1sum[index[i]].c_str()); + found = true; break; } @@ -274,9 +251,8 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { } - if (i == pairs) { - // Ran off the end of the list of (size,sha1) pairs without - // finding a match. + if (!found) { + // Ran off the end of the list of (size,sha1) pairs without finding a match. printf("contents of partition \"%s\" didn't match %s\n", partition, filename); free(file->data); file->data = NULL; @@ -293,11 +269,6 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { file->st.st_uid = 0; file->st.st_gid = 0; - free(copy); - free(index); - free(size); - free(sha1sum); - return 0; } @@ -340,33 +311,33 @@ int SaveFileContents(const char* filename, const FileContents* file) { } // Write a memory buffer to 'target' partition, a string of the form -// "MTD:[:...]" or "EMMC::". Return 0 on +// "MTD:[:...]" or "EMMC:". Return 0 on // success. int WriteToPartition(unsigned char* data, size_t len, const char* target) { - char* copy = strdup(target); - const char* magic = strtok(copy, ":"); + std::string copy(target); + std::vector pieces = android::base::Split(copy, ":"); + + if (pieces.size() != 2) { + printf("WriteToPartition called with bad target (%s)\n", target); + return -1; + } enum PartitionType type; - if (strcmp(magic, "MTD") == 0) { + if (pieces[0] == "MTD") { type = MTD; - } else if (strcmp(magic, "EMMC") == 0) { + } else if (pieces[0] == "EMMC") { type = EMMC; } else { printf("WriteToPartition called with bad target (%s)\n", target); return -1; } - const char* partition = strtok(NULL, ":"); - - if (partition == NULL) { - printf("bad partition target name \"%s\"\n", target); - return -1; - } + const char* partition = pieces[1].c_str(); switch (type) { case MTD: { if (!mtd_partitions_scanned) { mtd_scan_partitions(); - mtd_partitions_scanned = 1; + mtd_partitions_scanned = true; } const MtdPartition* mtd = mtd_find_partition_by_name(partition); @@ -410,7 +381,7 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { return -1; } - for (int attempt = 0; attempt < 2; ++attempt) { + for (size_t attempt = 0; attempt < 2; ++attempt) { if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1) { printf("failed seek on %s: %s\n", partition, strerror(errno)); return -1; @@ -510,7 +481,6 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { } } - free(copy); return 0; } -- cgit v1.2.3 From ba8a6789f735bb74443a3c8670ff3d21781c96db Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 17 Jul 2015 13:39:52 -0700 Subject: updater: libapplypatch needs libbase now. Change-Id: I18da9e6da64fccab495dc5a96e3efd95cc6d88bf (cherry picked from commit 1b1ea17d554d127a970afe1d6004dd4627cd596e) --- updater/Android.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater/Android.mk b/updater/Android.mk index 0d4179b23..82fa7e265 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -44,7 +44,7 @@ LOCAL_STATIC_LIBRARIES += \ endif LOCAL_STATIC_LIBRARIES += $(TARGET_RECOVERY_UPDATER_LIBS) $(TARGET_RECOVERY_UPDATER_EXTRA_LIBS) -LOCAL_STATIC_LIBRARIES += libapplypatch libedify libmtdutils libminzip libz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libedify libmtdutils libminzip libz LOCAL_STATIC_LIBRARIES += libmincrypt libbz LOCAL_STATIC_LIBRARIES += libcutils liblog libc LOCAL_STATIC_LIBRARIES += libselinux -- cgit v1.2.3 From 7cf50c60b5c955010a8b8d0c23264f03ab673deb Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 16 Jul 2015 20:04:13 -0700 Subject: uncrypt: Support file level encryption. Bug: 22534003 Change-Id: I2bc22418c416491da573875dce78daed24f2c046 (cherry picked from commit 6e9dda70cb00dd1f1948e071d7df7ca6e2bd8332) --- uncrypt/uncrypt.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 20a272949..8785b29af 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -146,7 +146,7 @@ static const char* find_block_device(const char* path, bool* encryptable, bool* (path[len] == '/' || path[len] == 0)) { *encrypted = false; *encryptable = false; - if (fs_mgr_is_encryptable(v)) { + if (fs_mgr_is_encryptable(v) || fs_mgr_is_file_encrypted(v)) { *encryptable = true; char buffer[PROPERTY_VALUE_MAX+1]; if (property_get("ro.crypto.state", buffer, "") && -- cgit v1.2.3 From abba55b4c52cc347e8806ba833645f150f2965ce Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 17 Jul 2015 18:11:12 -0700 Subject: applypatch: Support flash mode. We may carry a full copy of recovery image in the /system, and use /system/bin/install-recovery.sh to install the recovery. This CL adds support to flash the recovery partition with the given image. Bug: 22641135 Change-Id: I7a275b62fdd1bf41f97f6aab62d0200f7dae5aa1 (cherry picked from commit 68c5a6796737bb583a8bdfa4c9cd9c7f12ef4276) --- applypatch/applypatch.cpp | 84 ++++++++++++++++++++++++++++++++++++++++------- applypatch/applypatch.h | 2 ++ applypatch/main.cpp | 27 ++++++++++++--- 3 files changed, 97 insertions(+), 16 deletions(-) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 026863330..2446b2a68 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -43,6 +43,7 @@ static int GenerateTarget(FileContents* source_file, const uint8_t target_sha1[SHA_DIGEST_SIZE], size_t target_size, const Value* bonus_data); +static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]); static bool mtd_partitions_scanned = false; @@ -461,7 +462,7 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { } if (start == len) { - printf("verification read succeeded (attempt %d)\n", attempt+1); + printf("verification read succeeded (attempt %zu)\n", attempt+1); success = true; break; } @@ -628,12 +629,14 @@ int CacheSizeCheck(size_t bytes) { } } -static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { +static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { const char* hex = "0123456789abcdef"; + std::string result = ""; for (size_t i = 0; i < 4; ++i) { - putchar(hex[(sha1[i]>>4) & 0xf]); - putchar(hex[sha1[i] & 0xf]); + result.push_back(hex[(sha1[i]>>4) & 0xf]); + result.push_back(hex[sha1[i] & 0xf]); } + return result; } // This function applies binary patches to files in a way that is safe @@ -648,7 +651,7 @@ static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { // entries in , the corresponding patch from // (which must be a VAL_BLOB) is applied to produce a // new file (the type of patch is automatically detected from the -// blob daat). If that new file has sha1 hash , +// blob data). If that new file has sha1 hash , // moves it to replace , and exits successfully. // Note that if and are not the // same, is NOT deleted on success. @@ -659,7 +662,7 @@ static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { // status. // // may refer to a partition to read the source data. -// See the comments for the LoadPartition Contents() function above +// See the comments for the LoadPartitionContents() function above // for the format of such a filename. int applypatch(const char* source_filename, @@ -694,9 +697,7 @@ int applypatch(const char* source_filename, if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { // The early-exit case: the patch was already applied, this file // has the desired hash, nothing for us to do. - printf("already "); - print_short_sha1(target_sha1); - putchar('\n'); + printf("already %s\n", short_sha1(target_sha1).c_str()); free(source_file.data); return 0; } @@ -753,6 +754,67 @@ int applypatch(const char* source_filename, return result; } +/* + * This function flashes a given image to the target partition. It verifies + * the target cheksum first, and will return if target has the desired hash. + * It checks the checksum of the given source image before flashing, and + * verifies the target partition afterwards. The function is idempotent. + * Returns zero on success. + */ +int applypatch_flash(const char* source_filename, const char* target_filename, + const char* target_sha1_str, size_t target_size) { + printf("flash %s: ", target_filename); + + uint8_t target_sha1[SHA_DIGEST_SIZE]; + if (ParseSha1(target_sha1_str, target_sha1) != 0) { + printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); + return 1; + } + + FileContents source_file; + source_file.data = NULL; + std::string target_str(target_filename); + + std::vector pieces = android::base::Split(target_str, ":"); + if (pieces.size() != 2 || (pieces[0] != "MTD" && pieces[0] != "EMMC")) { + printf("invalid target name \"%s\"", target_filename); + return 1; + } + + // Load the target into the source_file object to see if already applied. + pieces.push_back(std::to_string(target_size)); + pieces.push_back(target_sha1_str); + std::string fullname = android::base::Join(pieces, ':'); + if (LoadPartitionContents(fullname.c_str(), &source_file) == 0 && + memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { + // The early-exit case: the image was already applied, this partition + // has the desired hash, nothing for us to do. + printf("already %s\n", short_sha1(target_sha1).c_str()); + free(source_file.data); + return 0; + } + + if (LoadFileContents(source_filename, &source_file) == 0) { + if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { + // The source doesn't have desired checksum. + printf("source \"%s\" doesn't have expected sha1 sum\n", source_filename); + printf("expected: %s, found: %s\n", short_sha1(target_sha1).c_str(), + short_sha1(source_file.sha1).c_str()); + free(source_file.data); + return 1; + } + } + + if (WriteToPartition(source_file.data, target_size, target_filename) != 0) { + printf("write of copied data to %s failed\n", target_filename); + free(source_file.data); + return 1; + } + + free(source_file.data); + return 0; +} + static int GenerateTarget(FileContents* source_file, const Value* source_patch_value, FileContents* copy_file, @@ -953,9 +1015,7 @@ static int GenerateTarget(FileContents* source_file, printf("patch did not produce expected sha1\n"); return 1; } else { - printf("now "); - print_short_sha1(target_sha1); - putchar('\n'); + printf("now %s\n", short_sha1(target_sha1).c_str()); } if (output < 0) { diff --git a/applypatch/applypatch.h b/applypatch/applypatch.h index edec84812..415bc1b3c 100644 --- a/applypatch/applypatch.h +++ b/applypatch/applypatch.h @@ -48,6 +48,8 @@ size_t FreeSpaceForFile(const char* filename); int CacheSizeCheck(size_t bytes); int ParseSha1(const char* str, uint8_t* digest); +int applypatch_flash(const char* source_filename, const char* target_filename, + const char* target_sha1_str, size_t target_size); int applypatch(const char* source_filename, const char* target_filename, const char* target_sha1_str, diff --git a/applypatch/main.cpp b/applypatch/main.cpp index 63ff5c2c0..966d8b91f 100644 --- a/applypatch/main.cpp +++ b/applypatch/main.cpp @@ -47,8 +47,8 @@ static int SpaceMode(int argc, char** argv) { // ":" into the new parallel arrays *sha1s and // *patches (loading file contents into the patches). Returns true on // success. -static bool ParsePatchArgs(int argc, char** argv, - char*** sha1s, Value*** patches, int* num_patches) { +static bool ParsePatchArgs(int argc, char** argv, char*** sha1s, + Value*** patches, int* num_patches) { *num_patches = argc; *sha1s = reinterpret_cast(malloc(*num_patches * sizeof(char*))); *patches = reinterpret_cast(malloc(*num_patches * sizeof(Value*))); @@ -98,7 +98,12 @@ static bool ParsePatchArgs(int argc, char** argv, return false; } -int PatchMode(int argc, char** argv) { +static int FlashMode(const char* src_filename, const char* tgt_filename, + const char* tgt_sha1, size_t tgt_size) { + return applypatch_flash(src_filename, tgt_filename, tgt_sha1, tgt_size); +} + +static int PatchMode(int argc, char** argv) { Value* bonus = NULL; if (argc >= 3 && strcmp(argv[1], "-b") == 0) { FileContents fc; @@ -114,7 +119,7 @@ int PatchMode(int argc, char** argv) { argv += 2; } - if (argc < 6) { + if (argc < 4) { return 2; } @@ -125,6 +130,16 @@ int PatchMode(int argc, char** argv) { return 1; } + // If no : is provided, it is in flash mode. + if (argc == 5) { + if (bonus != NULL) { + printf("bonus file not supported in flash mode\n"); + return 1; + } + return FlashMode(argv[1], argv[2], argv[3], target_size); + } + + char** sha1s; Value** patches; int num_patches; @@ -162,6 +177,10 @@ int PatchMode(int argc, char** argv) { // - if the sha1 hash of is , does nothing and exits // successfully. // +// - otherwise, if no : is provided, flashes with +// . must be a partition name, while must +// be a regular image file. will not be deleted on success. +// // - otherwise, if the sha1 hash of is , applies the // bsdiff to to produce a new file (the type of patch // is automatically detected from the file header). If that new -- cgit v1.2.3 From 0d4e002670064157aa34ba8c391184151b7d402a Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Sun, 19 Jul 2015 08:40:37 -0700 Subject: recovery: Switch fuse_* to C++. Change-Id: Id50c3e6febd0ab61f10a654b9b265cf21a2d1701 (cherry picked from commit 71dc365f25676cfb3f62dbb7163697a8c3c5243d) --- Android.mk | 4 +- fuse_sdcard_provider.c | 140 ------------- fuse_sdcard_provider.cpp | 140 +++++++++++++ fuse_sdcard_provider.h | 6 - fuse_sideload.c | 527 ----------------------------------------------- fuse_sideload.cpp | 524 ++++++++++++++++++++++++++++++++++++++++++++++ fuse_sideload.h | 6 - 7 files changed, 666 insertions(+), 681 deletions(-) delete mode 100644 fuse_sdcard_provider.c create mode 100644 fuse_sdcard_provider.cpp delete mode 100644 fuse_sideload.c create mode 100644 fuse_sideload.cpp diff --git a/Android.mk b/Android.mk index cfe303082..74e7b1da5 100644 --- a/Android.mk +++ b/Android.mk @@ -16,7 +16,7 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) -LOCAL_SRC_FILES := fuse_sideload.c +LOCAL_SRC_FILES := fuse_sideload.cpp LOCAL_CLANG := true LOCAL_CFLAGS := -O2 -g -DADB_HOST=0 -Wall -Wno-unused-parameter LOCAL_CFLAGS += -D_XOPEN_SOURCE -D_GNU_SOURCE @@ -33,7 +33,7 @@ LOCAL_SRC_FILES := \ asn1_decoder.cpp \ bootloader.cpp \ device.cpp \ - fuse_sdcard_provider.c \ + fuse_sdcard_provider.cpp \ install.cpp \ recovery.cpp \ roots.cpp \ diff --git a/fuse_sdcard_provider.c b/fuse_sdcard_provider.c deleted file mode 100644 index 4565c7b5b..000000000 --- a/fuse_sdcard_provider.c +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Copyright (C) 2014 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "fuse_sideload.h" - -struct file_data { - int fd; // the underlying sdcard file - - uint64_t file_size; - uint32_t block_size; -}; - -static int read_block_file(void* cookie, uint32_t block, uint8_t* buffer, uint32_t fetch_size) { - struct file_data* fd = (struct file_data*)cookie; - - off64_t offset = ((off64_t) block) * fd->block_size; - if (TEMP_FAILURE_RETRY(lseek64(fd->fd, offset, SEEK_SET)) == -1) { - fprintf(stderr, "seek on sdcard failed: %s\n", strerror(errno)); - return -EIO; - } - - while (fetch_size > 0) { - ssize_t r = TEMP_FAILURE_RETRY(read(fd->fd, buffer, fetch_size)); - if (r == -1) { - fprintf(stderr, "read on sdcard failed: %s\n", strerror(errno)); - return -EIO; - } - fetch_size -= r; - buffer += r; - } - - return 0; -} - -static void close_file(void* cookie) { - struct file_data* fd = (struct file_data*)cookie; - close(fd->fd); -} - -struct token { - pthread_t th; - const char* path; - int result; -}; - -static void* run_sdcard_fuse(void* cookie) { - struct token* t = (struct token*)cookie; - - struct stat sb; - if (stat(t->path, &sb) < 0) { - fprintf(stderr, "failed to stat %s: %s\n", t->path, strerror(errno)); - t->result = -1; - return NULL; - } - - struct file_data fd; - struct provider_vtab vtab; - - fd.fd = open(t->path, O_RDONLY); - if (fd.fd < 0) { - fprintf(stderr, "failed to open %s: %s\n", t->path, strerror(errno)); - t->result = -1; - return NULL; - } - fd.file_size = sb.st_size; - fd.block_size = 65536; - - vtab.read_block = read_block_file; - vtab.close = close_file; - - t->result = run_fuse_sideload(&vtab, &fd, fd.file_size, fd.block_size); - return NULL; -} - -// How long (in seconds) we wait for the fuse-provided package file to -// appear, before timing out. -#define SDCARD_INSTALL_TIMEOUT 10 - -void* start_sdcard_fuse(const char* path) { - struct token* t = malloc(sizeof(struct token)); - - t->path = path; - pthread_create(&(t->th), NULL, run_sdcard_fuse, t); - - struct stat st; - int i; - for (i = 0; i < SDCARD_INSTALL_TIMEOUT; ++i) { - if (stat(FUSE_SIDELOAD_HOST_PATHNAME, &st) != 0) { - if (errno == ENOENT && i < SDCARD_INSTALL_TIMEOUT-1) { - sleep(1); - continue; - } else { - return NULL; - } - } - } - - // The installation process expects to find the sdcard unmounted. - // Unmount it with MNT_DETACH so that our open file continues to - // work but new references see it as unmounted. - umount2("/sdcard", MNT_DETACH); - - return t; -} - -void finish_sdcard_fuse(void* cookie) { - if (cookie == NULL) return; - struct token* t = (struct token*)cookie; - - // Calling stat() on this magic filename signals the fuse - // filesystem to shut down. - struct stat st; - stat(FUSE_SIDELOAD_HOST_EXIT_PATHNAME, &st); - - pthread_join(t->th, NULL); - free(t); -} diff --git a/fuse_sdcard_provider.cpp b/fuse_sdcard_provider.cpp new file mode 100644 index 000000000..eb6454f1d --- /dev/null +++ b/fuse_sdcard_provider.cpp @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "fuse_sideload.h" + +struct file_data { + int fd; // the underlying sdcard file + + uint64_t file_size; + uint32_t block_size; +}; + +static int read_block_file(void* cookie, uint32_t block, uint8_t* buffer, uint32_t fetch_size) { + file_data* fd = reinterpret_cast(cookie); + + off64_t offset = ((off64_t) block) * fd->block_size; + if (TEMP_FAILURE_RETRY(lseek64(fd->fd, offset, SEEK_SET)) == -1) { + fprintf(stderr, "seek on sdcard failed: %s\n", strerror(errno)); + return -EIO; + } + + while (fetch_size > 0) { + ssize_t r = TEMP_FAILURE_RETRY(read(fd->fd, buffer, fetch_size)); + if (r == -1) { + fprintf(stderr, "read on sdcard failed: %s\n", strerror(errno)); + return -EIO; + } + fetch_size -= r; + buffer += r; + } + + return 0; +} + +static void close_file(void* cookie) { + file_data* fd = reinterpret_cast(cookie); + close(fd->fd); +} + +struct token { + pthread_t th; + const char* path; + int result; +}; + +static void* run_sdcard_fuse(void* cookie) { + token* t = reinterpret_cast(cookie); + + struct stat sb; + if (stat(t->path, &sb) < 0) { + fprintf(stderr, "failed to stat %s: %s\n", t->path, strerror(errno)); + t->result = -1; + return NULL; + } + + struct file_data fd; + struct provider_vtab vtab; + + fd.fd = open(t->path, O_RDONLY); + if (fd.fd < 0) { + fprintf(stderr, "failed to open %s: %s\n", t->path, strerror(errno)); + t->result = -1; + return NULL; + } + fd.file_size = sb.st_size; + fd.block_size = 65536; + + vtab.read_block = read_block_file; + vtab.close = close_file; + + t->result = run_fuse_sideload(&vtab, &fd, fd.file_size, fd.block_size); + return NULL; +} + +// How long (in seconds) we wait for the fuse-provided package file to +// appear, before timing out. +#define SDCARD_INSTALL_TIMEOUT 10 + +void* start_sdcard_fuse(const char* path) { + token* t = new token; + + t->path = path; + pthread_create(&(t->th), NULL, run_sdcard_fuse, t); + + struct stat st; + int i; + for (i = 0; i < SDCARD_INSTALL_TIMEOUT; ++i) { + if (stat(FUSE_SIDELOAD_HOST_PATHNAME, &st) != 0) { + if (errno == ENOENT && i < SDCARD_INSTALL_TIMEOUT-1) { + sleep(1); + continue; + } else { + return NULL; + } + } + } + + // The installation process expects to find the sdcard unmounted. + // Unmount it with MNT_DETACH so that our open file continues to + // work but new references see it as unmounted. + umount2("/sdcard", MNT_DETACH); + + return t; +} + +void finish_sdcard_fuse(void* cookie) { + if (cookie == NULL) return; + token* t = reinterpret_cast(cookie); + + // Calling stat() on this magic filename signals the fuse + // filesystem to shut down. + struct stat st; + stat(FUSE_SIDELOAD_HOST_EXIT_PATHNAME, &st); + + pthread_join(t->th, NULL); + delete t; +} diff --git a/fuse_sdcard_provider.h b/fuse_sdcard_provider.h index dbfbcd521..dc2982ca0 100644 --- a/fuse_sdcard_provider.h +++ b/fuse_sdcard_provider.h @@ -17,13 +17,7 @@ #ifndef __FUSE_SDCARD_PROVIDER_H #define __FUSE_SDCARD_PROVIDER_H -#include - -__BEGIN_DECLS - void* start_sdcard_fuse(const char* path); void finish_sdcard_fuse(void* token); -__END_DECLS - #endif diff --git a/fuse_sideload.c b/fuse_sideload.c deleted file mode 100644 index 48e6cc53a..000000000 --- a/fuse_sideload.c +++ /dev/null @@ -1,527 +0,0 @@ -/* - * Copyright (C) 2014 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// This module creates a special filesystem containing two files. -// -// "/sideload/package.zip" appears to be a normal file, but reading -// from it causes data to be fetched from the adb host. We can use -// this to sideload packages over an adb connection without having to -// store the entire package in RAM on the device. -// -// Because we may not trust the adb host, this filesystem maintains -// the following invariant: each read of a given position returns the -// same data as the first read at that position. That is, once a -// section of the file is read, future reads of that section return -// the same data. (Otherwise, a malicious adb host process could -// return one set of bits when the package is read for signature -// verification, and then different bits for when the package is -// accessed by the installer.) If the adb host returns something -// different than it did on the first read, the reader of the file -// will see their read fail with EINVAL. -// -// The other file, "/sideload/exit", is used to control the subprocess -// that creates this filesystem. Calling stat() on the exit file -// causes the filesystem to be unmounted and the adb process on the -// device shut down. -// -// Note that only the minimal set of file operations needed for these -// two files is implemented. In particular, you can't opendir() or -// readdir() on the "/sideload" directory; ls on it won't work. - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "mincrypt/sha256.h" -#include "fuse_sideload.h" - -#define PACKAGE_FILE_ID (FUSE_ROOT_ID+1) -#define EXIT_FLAG_ID (FUSE_ROOT_ID+2) - -#define NO_STATUS 1 -#define NO_STATUS_EXIT 2 - -struct fuse_data { - int ffd; // file descriptor for the fuse socket - - struct provider_vtab* vtab; - void* cookie; - - uint64_t file_size; // bytes - - uint32_t block_size; // block size that the adb host is using to send the file to us - uint32_t file_blocks; // file size in block_size blocks - - uid_t uid; - gid_t gid; - - uint32_t curr_block; // cache the block most recently read from the host - uint8_t* block_data; - - uint8_t* extra_block; // another block of storage for reads that - // span two blocks - - uint8_t* hashes; // SHA-256 hash of each block (all zeros - // if block hasn't been read yet) -}; - -static void fuse_reply(struct fuse_data* fd, __u64 unique, const void *data, size_t len) -{ - struct fuse_out_header hdr; - struct iovec vec[2]; - int res; - - hdr.len = len + sizeof(hdr); - hdr.error = 0; - hdr.unique = unique; - - vec[0].iov_base = &hdr; - vec[0].iov_len = sizeof(hdr); - vec[1].iov_base = /* const_cast */(void*)(data); - vec[1].iov_len = len; - - res = writev(fd->ffd, vec, 2); - if (res < 0) { - printf("*** REPLY FAILED *** %s\n", strerror(errno)); - } -} - -static int handle_init(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { - const struct fuse_init_in* req = data; - struct fuse_init_out out; - size_t fuse_struct_size; - - - /* Kernel 2.6.16 is the first stable kernel with struct fuse_init_out - * defined (fuse version 7.6). The structure is the same from 7.6 through - * 7.22. Beginning with 7.23, the structure increased in size and added - * new parameters. - */ - if (req->major != FUSE_KERNEL_VERSION || req->minor < 6) { - printf("Fuse kernel version mismatch: Kernel version %d.%d, Expected at least %d.6", - req->major, req->minor, FUSE_KERNEL_VERSION); - return -1; - } - - out.minor = MIN(req->minor, FUSE_KERNEL_MINOR_VERSION); - fuse_struct_size = sizeof(out); -#if defined(FUSE_COMPAT_22_INIT_OUT_SIZE) - /* FUSE_KERNEL_VERSION >= 23. */ - - /* If the kernel only works on minor revs older than or equal to 22, - * then use the older structure size since this code only uses the 7.22 - * version of the structure. */ - if (req->minor <= 22) { - fuse_struct_size = FUSE_COMPAT_22_INIT_OUT_SIZE; - } -#endif - - out.major = FUSE_KERNEL_VERSION; - out.max_readahead = req->max_readahead; - out.flags = 0; - out.max_background = 32; - out.congestion_threshold = 32; - out.max_write = 4096; - fuse_reply(fd, hdr->unique, &out, fuse_struct_size); - - return NO_STATUS; -} - -static void fill_attr(struct fuse_attr* attr, struct fuse_data* fd, - uint64_t nodeid, uint64_t size, uint32_t mode) { - memset(attr, 0, sizeof(*attr)); - attr->nlink = 1; - attr->uid = fd->uid; - attr->gid = fd->gid; - attr->blksize = 4096; - - attr->ino = nodeid; - attr->size = size; - attr->blocks = (size == 0) ? 0 : (((size-1) / attr->blksize) + 1); - attr->mode = mode; -} - -static int handle_getattr(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { - const struct fuse_getattr_in* req = data; - struct fuse_attr_out out; - memset(&out, 0, sizeof(out)); - out.attr_valid = 10; - - if (hdr->nodeid == FUSE_ROOT_ID) { - fill_attr(&(out.attr), fd, hdr->nodeid, 4096, S_IFDIR | 0555); - } else if (hdr->nodeid == PACKAGE_FILE_ID) { - fill_attr(&(out.attr), fd, PACKAGE_FILE_ID, fd->file_size, S_IFREG | 0444); - } else if (hdr->nodeid == EXIT_FLAG_ID) { - fill_attr(&(out.attr), fd, EXIT_FLAG_ID, 0, S_IFREG | 0); - } else { - return -ENOENT; - } - - fuse_reply(fd, hdr->unique, &out, sizeof(out)); - return (hdr->nodeid == EXIT_FLAG_ID) ? NO_STATUS_EXIT : NO_STATUS; -} - -static int handle_lookup(void* data, struct fuse_data* fd, - const struct fuse_in_header* hdr) { - struct fuse_entry_out out; - memset(&out, 0, sizeof(out)); - out.entry_valid = 10; - out.attr_valid = 10; - - if (strncmp(FUSE_SIDELOAD_HOST_FILENAME, data, - sizeof(FUSE_SIDELOAD_HOST_FILENAME)) == 0) { - out.nodeid = PACKAGE_FILE_ID; - out.generation = PACKAGE_FILE_ID; - fill_attr(&(out.attr), fd, PACKAGE_FILE_ID, fd->file_size, S_IFREG | 0444); - } else if (strncmp(FUSE_SIDELOAD_HOST_EXIT_FLAG, data, - sizeof(FUSE_SIDELOAD_HOST_EXIT_FLAG)) == 0) { - out.nodeid = EXIT_FLAG_ID; - out.generation = EXIT_FLAG_ID; - fill_attr(&(out.attr), fd, EXIT_FLAG_ID, 0, S_IFREG | 0); - } else { - return -ENOENT; - } - - fuse_reply(fd, hdr->unique, &out, sizeof(out)); - return (out.nodeid == EXIT_FLAG_ID) ? NO_STATUS_EXIT : NO_STATUS; -} - -static int handle_open(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { - const struct fuse_open_in* req = data; - - if (hdr->nodeid == EXIT_FLAG_ID) return -EPERM; - if (hdr->nodeid != PACKAGE_FILE_ID) return -ENOENT; - - struct fuse_open_out out; - memset(&out, 0, sizeof(out)); - out.fh = 10; // an arbitrary number; we always use the same handle - fuse_reply(fd, hdr->unique, &out, sizeof(out)); - return NO_STATUS; -} - -static int handle_flush(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { - return 0; -} - -static int handle_release(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { - return 0; -} - -// Fetch a block from the host into fd->curr_block and fd->block_data. -// Returns 0 on successful fetch, negative otherwise. -static int fetch_block(struct fuse_data* fd, uint32_t block) { - if (block == fd->curr_block) { - return 0; - } - - if (block >= fd->file_blocks) { - memset(fd->block_data, 0, fd->block_size); - fd->curr_block = block; - return 0; - } - - size_t fetch_size = fd->block_size; - if (block * fd->block_size + fetch_size > fd->file_size) { - // If we're reading the last (partial) block of the file, - // expect a shorter response from the host, and pad the rest - // of the block with zeroes. - fetch_size = fd->file_size - (block * fd->block_size); - memset(fd->block_data + fetch_size, 0, fd->block_size - fetch_size); - } - - int result = fd->vtab->read_block(fd->cookie, block, fd->block_data, fetch_size); - if (result < 0) return result; - - fd->curr_block = block; - - // Verify the hash of the block we just got from the host. - // - // - If the hash of the just-received data matches the stored hash - // for the block, accept it. - // - If the stored hash is all zeroes, store the new hash and - // accept the block (this is the first time we've read this - // block). - // - Otherwise, return -EINVAL for the read. - - uint8_t hash[SHA256_DIGEST_SIZE]; - SHA256_hash(fd->block_data, fd->block_size, hash); - uint8_t* blockhash = fd->hashes + block * SHA256_DIGEST_SIZE; - if (memcmp(hash, blockhash, SHA256_DIGEST_SIZE) == 0) { - return 0; - } - - int i; - for (i = 0; i < SHA256_DIGEST_SIZE; ++i) { - if (blockhash[i] != 0) { - fd->curr_block = -1; - return -EIO; - } - } - - memcpy(blockhash, hash, SHA256_DIGEST_SIZE); - return 0; -} - -static int handle_read(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { - const struct fuse_read_in* req = data; - struct fuse_out_header outhdr; - struct iovec vec[3]; - int vec_used; - int result; - - if (hdr->nodeid != PACKAGE_FILE_ID) return -ENOENT; - - uint64_t offset = req->offset; - uint32_t size = req->size; - - // The docs on the fuse kernel interface are vague about what to - // do when a read request extends past the end of the file. We - // can return a short read -- the return structure does include a - // length field -- but in testing that caused the program using - // the file to segfault. (I speculate that this is due to the - // reading program accessing it via mmap; maybe mmap dislikes when - // you return something short of a whole page?) To fix this we - // zero-pad reads that extend past the end of the file so we're - // always returning exactly as many bytes as were requested. - // (Users of the mapped file have to know its real length anyway.) - - outhdr.len = sizeof(outhdr) + size; - outhdr.error = 0; - outhdr.unique = hdr->unique; - vec[0].iov_base = &outhdr; - vec[0].iov_len = sizeof(outhdr); - - uint32_t block = offset / fd->block_size; - result = fetch_block(fd, block); - if (result != 0) return result; - - // Two cases: - // - // - the read request is entirely within this block. In this - // case we can reply immediately. - // - // - the read request goes over into the next block. Note that - // since we mount the filesystem with max_read=block_size, a - // read can never span more than two blocks. In this case we - // copy the block to extra_block and issue a fetch for the - // following block. - - uint32_t block_offset = offset - (block * fd->block_size); - - if (size + block_offset <= fd->block_size) { - // First case: the read fits entirely in the first block. - - vec[1].iov_base = fd->block_data + block_offset; - vec[1].iov_len = size; - vec_used = 2; - } else { - // Second case: the read spills over into the next block. - - memcpy(fd->extra_block, fd->block_data + block_offset, - fd->block_size - block_offset); - vec[1].iov_base = fd->extra_block; - vec[1].iov_len = fd->block_size - block_offset; - - result = fetch_block(fd, block+1); - if (result != 0) return result; - vec[2].iov_base = fd->block_data; - vec[2].iov_len = size - vec[1].iov_len; - vec_used = 3; - } - - if (writev(fd->ffd, vec, vec_used) < 0) { - printf("*** READ REPLY FAILED: %s ***\n", strerror(errno)); - } - return NO_STATUS; -} - -int run_fuse_sideload(struct provider_vtab* vtab, void* cookie, - uint64_t file_size, uint32_t block_size) -{ - int result; - - // If something's already mounted on our mountpoint, try to remove - // it. (Mostly in case of a previous abnormal exit.) - umount2(FUSE_SIDELOAD_HOST_MOUNTPOINT, MNT_FORCE); - - if (block_size < 1024) { - fprintf(stderr, "block size (%u) is too small\n", block_size); - return -1; - } - if (block_size > (1<<22)) { // 4 MiB - fprintf(stderr, "block size (%u) is too large\n", block_size); - return -1; - } - - struct fuse_data fd; - memset(&fd, 0, sizeof(fd)); - fd.vtab = vtab; - fd.cookie = cookie; - fd.file_size = file_size; - fd.block_size = block_size; - fd.file_blocks = (file_size == 0) ? 0 : (((file_size-1) / block_size) + 1); - - if (fd.file_blocks > (1<<18)) { - fprintf(stderr, "file has too many blocks (%u)\n", fd.file_blocks); - result = -1; - goto done; - } - - fd.hashes = (uint8_t*)calloc(fd.file_blocks, SHA256_DIGEST_SIZE); - if (fd.hashes == NULL) { - fprintf(stderr, "failed to allocate %d bites for hashes\n", - fd.file_blocks * SHA256_DIGEST_SIZE); - result = -1; - goto done; - } - - fd.uid = getuid(); - fd.gid = getgid(); - - fd.curr_block = -1; - fd.block_data = (uint8_t*)malloc(block_size); - if (fd.block_data == NULL) { - fprintf(stderr, "failed to allocate %d bites for block_data\n", block_size); - result = -1; - goto done; - } - fd.extra_block = (uint8_t*)malloc(block_size); - if (fd.extra_block == NULL) { - fprintf(stderr, "failed to allocate %d bites for extra_block\n", block_size); - result = -1; - goto done; - } - - fd.ffd = open("/dev/fuse", O_RDWR); - if (fd.ffd < 0) { - perror("open /dev/fuse"); - result = -1; - goto done; - } - - char opts[256]; - snprintf(opts, sizeof(opts), - ("fd=%d,user_id=%d,group_id=%d,max_read=%u," - "allow_other,rootmode=040000"), - fd.ffd, fd.uid, fd.gid, block_size); - - result = mount("/dev/fuse", FUSE_SIDELOAD_HOST_MOUNTPOINT, - "fuse", MS_NOSUID | MS_NODEV | MS_RDONLY | MS_NOEXEC, opts); - if (result < 0) { - perror("mount"); - goto done; - } - uint8_t request_buffer[sizeof(struct fuse_in_header) + PATH_MAX*8]; - for (;;) { - ssize_t len = TEMP_FAILURE_RETRY(read(fd.ffd, request_buffer, sizeof(request_buffer))); - if (len == -1) { - perror("read request"); - if (errno == ENODEV) { - result = -1; - break; - } - continue; - } - - if ((size_t)len < sizeof(struct fuse_in_header)) { - fprintf(stderr, "request too short: len=%zu\n", (size_t)len); - continue; - } - - struct fuse_in_header* hdr = (struct fuse_in_header*) request_buffer; - void* data = request_buffer + sizeof(struct fuse_in_header); - - result = -ENOSYS; - - switch (hdr->opcode) { - case FUSE_INIT: - result = handle_init(data, &fd, hdr); - break; - - case FUSE_LOOKUP: - result = handle_lookup(data, &fd, hdr); - break; - - case FUSE_GETATTR: - result = handle_getattr(data, &fd, hdr); - break; - - case FUSE_OPEN: - result = handle_open(data, &fd, hdr); - break; - - case FUSE_READ: - result = handle_read(data, &fd, hdr); - break; - - case FUSE_FLUSH: - result = handle_flush(data, &fd, hdr); - break; - - case FUSE_RELEASE: - result = handle_release(data, &fd, hdr); - break; - - default: - fprintf(stderr, "unknown fuse request opcode %d\n", hdr->opcode); - break; - } - - if (result == NO_STATUS_EXIT) { - result = 0; - break; - } - - if (result != NO_STATUS) { - struct fuse_out_header outhdr; - outhdr.len = sizeof(outhdr); - outhdr.error = result; - outhdr.unique = hdr->unique; - TEMP_FAILURE_RETRY(write(fd.ffd, &outhdr, sizeof(outhdr))); - } - } - - done: - fd.vtab->close(fd.cookie); - - result = umount2(FUSE_SIDELOAD_HOST_MOUNTPOINT, MNT_DETACH); - if (result < 0) { - printf("fuse_sideload umount failed: %s\n", strerror(errno)); - } - - if (fd.ffd) close(fd.ffd); - free(fd.hashes); - free(fd.block_data); - free(fd.extra_block); - - return result; -} diff --git a/fuse_sideload.cpp b/fuse_sideload.cpp new file mode 100644 index 000000000..9c3e75f89 --- /dev/null +++ b/fuse_sideload.cpp @@ -0,0 +1,524 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// This module creates a special filesystem containing two files. +// +// "/sideload/package.zip" appears to be a normal file, but reading +// from it causes data to be fetched from the adb host. We can use +// this to sideload packages over an adb connection without having to +// store the entire package in RAM on the device. +// +// Because we may not trust the adb host, this filesystem maintains +// the following invariant: each read of a given position returns the +// same data as the first read at that position. That is, once a +// section of the file is read, future reads of that section return +// the same data. (Otherwise, a malicious adb host process could +// return one set of bits when the package is read for signature +// verification, and then different bits for when the package is +// accessed by the installer.) If the adb host returns something +// different than it did on the first read, the reader of the file +// will see their read fail with EINVAL. +// +// The other file, "/sideload/exit", is used to control the subprocess +// that creates this filesystem. Calling stat() on the exit file +// causes the filesystem to be unmounted and the adb process on the +// device shut down. +// +// Note that only the minimal set of file operations needed for these +// two files is implemented. In particular, you can't opendir() or +// readdir() on the "/sideload" directory; ls on it won't work. + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "mincrypt/sha256.h" +#include "fuse_sideload.h" + +#define PACKAGE_FILE_ID (FUSE_ROOT_ID+1) +#define EXIT_FLAG_ID (FUSE_ROOT_ID+2) + +#define NO_STATUS 1 +#define NO_STATUS_EXIT 2 + +struct fuse_data { + int ffd; // file descriptor for the fuse socket + + struct provider_vtab* vtab; + void* cookie; + + uint64_t file_size; // bytes + + uint32_t block_size; // block size that the adb host is using to send the file to us + uint32_t file_blocks; // file size in block_size blocks + + uid_t uid; + gid_t gid; + + uint32_t curr_block; // cache the block most recently read from the host + uint8_t* block_data; + + uint8_t* extra_block; // another block of storage for reads that + // span two blocks + + uint8_t* hashes; // SHA-256 hash of each block (all zeros + // if block hasn't been read yet) +}; + +static void fuse_reply(struct fuse_data* fd, __u64 unique, const void *data, size_t len) +{ + struct fuse_out_header hdr; + struct iovec vec[2]; + int res; + + hdr.len = len + sizeof(hdr); + hdr.error = 0; + hdr.unique = unique; + + vec[0].iov_base = &hdr; + vec[0].iov_len = sizeof(hdr); + vec[1].iov_base = /* const_cast */(void*)(data); + vec[1].iov_len = len; + + res = writev(fd->ffd, vec, 2); + if (res < 0) { + printf("*** REPLY FAILED *** %s\n", strerror(errno)); + } +} + +static int handle_init(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { + const struct fuse_init_in* req = reinterpret_cast(data); + struct fuse_init_out out; + size_t fuse_struct_size; + + + /* Kernel 2.6.16 is the first stable kernel with struct fuse_init_out + * defined (fuse version 7.6). The structure is the same from 7.6 through + * 7.22. Beginning with 7.23, the structure increased in size and added + * new parameters. + */ + if (req->major != FUSE_KERNEL_VERSION || req->minor < 6) { + printf("Fuse kernel version mismatch: Kernel version %d.%d, Expected at least %d.6", + req->major, req->minor, FUSE_KERNEL_VERSION); + return -1; + } + + out.minor = MIN(req->minor, FUSE_KERNEL_MINOR_VERSION); + fuse_struct_size = sizeof(out); +#if defined(FUSE_COMPAT_22_INIT_OUT_SIZE) + /* FUSE_KERNEL_VERSION >= 23. */ + + /* If the kernel only works on minor revs older than or equal to 22, + * then use the older structure size since this code only uses the 7.22 + * version of the structure. */ + if (req->minor <= 22) { + fuse_struct_size = FUSE_COMPAT_22_INIT_OUT_SIZE; + } +#endif + + out.major = FUSE_KERNEL_VERSION; + out.max_readahead = req->max_readahead; + out.flags = 0; + out.max_background = 32; + out.congestion_threshold = 32; + out.max_write = 4096; + fuse_reply(fd, hdr->unique, &out, fuse_struct_size); + + return NO_STATUS; +} + +static void fill_attr(struct fuse_attr* attr, struct fuse_data* fd, + uint64_t nodeid, uint64_t size, uint32_t mode) { + memset(attr, 0, sizeof(*attr)); + attr->nlink = 1; + attr->uid = fd->uid; + attr->gid = fd->gid; + attr->blksize = 4096; + + attr->ino = nodeid; + attr->size = size; + attr->blocks = (size == 0) ? 0 : (((size-1) / attr->blksize) + 1); + attr->mode = mode; +} + +static int handle_getattr(void* /* data */, struct fuse_data* fd, const struct fuse_in_header* hdr) { + struct fuse_attr_out out; + memset(&out, 0, sizeof(out)); + out.attr_valid = 10; + + if (hdr->nodeid == FUSE_ROOT_ID) { + fill_attr(&(out.attr), fd, hdr->nodeid, 4096, S_IFDIR | 0555); + } else if (hdr->nodeid == PACKAGE_FILE_ID) { + fill_attr(&(out.attr), fd, PACKAGE_FILE_ID, fd->file_size, S_IFREG | 0444); + } else if (hdr->nodeid == EXIT_FLAG_ID) { + fill_attr(&(out.attr), fd, EXIT_FLAG_ID, 0, S_IFREG | 0); + } else { + return -ENOENT; + } + + fuse_reply(fd, hdr->unique, &out, sizeof(out)); + return (hdr->nodeid == EXIT_FLAG_ID) ? NO_STATUS_EXIT : NO_STATUS; +} + +static int handle_lookup(void* data, struct fuse_data* fd, + const struct fuse_in_header* hdr) { + struct fuse_entry_out out; + memset(&out, 0, sizeof(out)); + out.entry_valid = 10; + out.attr_valid = 10; + + if (strncmp(FUSE_SIDELOAD_HOST_FILENAME, reinterpret_cast(data), + sizeof(FUSE_SIDELOAD_HOST_FILENAME)) == 0) { + out.nodeid = PACKAGE_FILE_ID; + out.generation = PACKAGE_FILE_ID; + fill_attr(&(out.attr), fd, PACKAGE_FILE_ID, fd->file_size, S_IFREG | 0444); + } else if (strncmp(FUSE_SIDELOAD_HOST_EXIT_FLAG, reinterpret_cast(data), + sizeof(FUSE_SIDELOAD_HOST_EXIT_FLAG)) == 0) { + out.nodeid = EXIT_FLAG_ID; + out.generation = EXIT_FLAG_ID; + fill_attr(&(out.attr), fd, EXIT_FLAG_ID, 0, S_IFREG | 0); + } else { + return -ENOENT; + } + + fuse_reply(fd, hdr->unique, &out, sizeof(out)); + return (out.nodeid == EXIT_FLAG_ID) ? NO_STATUS_EXIT : NO_STATUS; +} + +static int handle_open(void* /* data */, struct fuse_data* fd, const struct fuse_in_header* hdr) { + if (hdr->nodeid == EXIT_FLAG_ID) return -EPERM; + if (hdr->nodeid != PACKAGE_FILE_ID) return -ENOENT; + + struct fuse_open_out out; + memset(&out, 0, sizeof(out)); + out.fh = 10; // an arbitrary number; we always use the same handle + fuse_reply(fd, hdr->unique, &out, sizeof(out)); + return NO_STATUS; +} + +static int handle_flush(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { + return 0; +} + +static int handle_release(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { + return 0; +} + +// Fetch a block from the host into fd->curr_block and fd->block_data. +// Returns 0 on successful fetch, negative otherwise. +static int fetch_block(struct fuse_data* fd, uint32_t block) { + if (block == fd->curr_block) { + return 0; + } + + if (block >= fd->file_blocks) { + memset(fd->block_data, 0, fd->block_size); + fd->curr_block = block; + return 0; + } + + size_t fetch_size = fd->block_size; + if (block * fd->block_size + fetch_size > fd->file_size) { + // If we're reading the last (partial) block of the file, + // expect a shorter response from the host, and pad the rest + // of the block with zeroes. + fetch_size = fd->file_size - (block * fd->block_size); + memset(fd->block_data + fetch_size, 0, fd->block_size - fetch_size); + } + + int result = fd->vtab->read_block(fd->cookie, block, fd->block_data, fetch_size); + if (result < 0) return result; + + fd->curr_block = block; + + // Verify the hash of the block we just got from the host. + // + // - If the hash of the just-received data matches the stored hash + // for the block, accept it. + // - If the stored hash is all zeroes, store the new hash and + // accept the block (this is the first time we've read this + // block). + // - Otherwise, return -EINVAL for the read. + + uint8_t hash[SHA256_DIGEST_SIZE]; + SHA256_hash(fd->block_data, fd->block_size, hash); + uint8_t* blockhash = fd->hashes + block * SHA256_DIGEST_SIZE; + if (memcmp(hash, blockhash, SHA256_DIGEST_SIZE) == 0) { + return 0; + } + + int i; + for (i = 0; i < SHA256_DIGEST_SIZE; ++i) { + if (blockhash[i] != 0) { + fd->curr_block = -1; + return -EIO; + } + } + + memcpy(blockhash, hash, SHA256_DIGEST_SIZE); + return 0; +} + +static int handle_read(void* data, struct fuse_data* fd, const struct fuse_in_header* hdr) { + const struct fuse_read_in* req = reinterpret_cast(data); + struct fuse_out_header outhdr; + struct iovec vec[3]; + int vec_used; + int result; + + if (hdr->nodeid != PACKAGE_FILE_ID) return -ENOENT; + + uint64_t offset = req->offset; + uint32_t size = req->size; + + // The docs on the fuse kernel interface are vague about what to + // do when a read request extends past the end of the file. We + // can return a short read -- the return structure does include a + // length field -- but in testing that caused the program using + // the file to segfault. (I speculate that this is due to the + // reading program accessing it via mmap; maybe mmap dislikes when + // you return something short of a whole page?) To fix this we + // zero-pad reads that extend past the end of the file so we're + // always returning exactly as many bytes as were requested. + // (Users of the mapped file have to know its real length anyway.) + + outhdr.len = sizeof(outhdr) + size; + outhdr.error = 0; + outhdr.unique = hdr->unique; + vec[0].iov_base = &outhdr; + vec[0].iov_len = sizeof(outhdr); + + uint32_t block = offset / fd->block_size; + result = fetch_block(fd, block); + if (result != 0) return result; + + // Two cases: + // + // - the read request is entirely within this block. In this + // case we can reply immediately. + // + // - the read request goes over into the next block. Note that + // since we mount the filesystem with max_read=block_size, a + // read can never span more than two blocks. In this case we + // copy the block to extra_block and issue a fetch for the + // following block. + + uint32_t block_offset = offset - (block * fd->block_size); + + if (size + block_offset <= fd->block_size) { + // First case: the read fits entirely in the first block. + + vec[1].iov_base = fd->block_data + block_offset; + vec[1].iov_len = size; + vec_used = 2; + } else { + // Second case: the read spills over into the next block. + + memcpy(fd->extra_block, fd->block_data + block_offset, + fd->block_size - block_offset); + vec[1].iov_base = fd->extra_block; + vec[1].iov_len = fd->block_size - block_offset; + + result = fetch_block(fd, block+1); + if (result != 0) return result; + vec[2].iov_base = fd->block_data; + vec[2].iov_len = size - vec[1].iov_len; + vec_used = 3; + } + + if (writev(fd->ffd, vec, vec_used) < 0) { + printf("*** READ REPLY FAILED: %s ***\n", strerror(errno)); + } + return NO_STATUS; +} + +int run_fuse_sideload(struct provider_vtab* vtab, void* cookie, + uint64_t file_size, uint32_t block_size) +{ + int result; + + // If something's already mounted on our mountpoint, try to remove + // it. (Mostly in case of a previous abnormal exit.) + umount2(FUSE_SIDELOAD_HOST_MOUNTPOINT, MNT_FORCE); + + if (block_size < 1024) { + fprintf(stderr, "block size (%u) is too small\n", block_size); + return -1; + } + if (block_size > (1<<22)) { // 4 MiB + fprintf(stderr, "block size (%u) is too large\n", block_size); + return -1; + } + + struct fuse_data fd; + memset(&fd, 0, sizeof(fd)); + fd.vtab = vtab; + fd.cookie = cookie; + fd.file_size = file_size; + fd.block_size = block_size; + fd.file_blocks = (file_size == 0) ? 0 : (((file_size-1) / block_size) + 1); + + if (fd.file_blocks > (1<<18)) { + fprintf(stderr, "file has too many blocks (%u)\n", fd.file_blocks); + result = -1; + goto done; + } + + fd.hashes = (uint8_t*)calloc(fd.file_blocks, SHA256_DIGEST_SIZE); + if (fd.hashes == NULL) { + fprintf(stderr, "failed to allocate %d bites for hashes\n", + fd.file_blocks * SHA256_DIGEST_SIZE); + result = -1; + goto done; + } + + fd.uid = getuid(); + fd.gid = getgid(); + + fd.curr_block = -1; + fd.block_data = (uint8_t*)malloc(block_size); + if (fd.block_data == NULL) { + fprintf(stderr, "failed to allocate %d bites for block_data\n", block_size); + result = -1; + goto done; + } + fd.extra_block = (uint8_t*)malloc(block_size); + if (fd.extra_block == NULL) { + fprintf(stderr, "failed to allocate %d bites for extra_block\n", block_size); + result = -1; + goto done; + } + + fd.ffd = open("/dev/fuse", O_RDWR); + if (fd.ffd < 0) { + perror("open /dev/fuse"); + result = -1; + goto done; + } + + char opts[256]; + snprintf(opts, sizeof(opts), + ("fd=%d,user_id=%d,group_id=%d,max_read=%u," + "allow_other,rootmode=040000"), + fd.ffd, fd.uid, fd.gid, block_size); + + result = mount("/dev/fuse", FUSE_SIDELOAD_HOST_MOUNTPOINT, + "fuse", MS_NOSUID | MS_NODEV | MS_RDONLY | MS_NOEXEC, opts); + if (result < 0) { + perror("mount"); + goto done; + } + uint8_t request_buffer[sizeof(struct fuse_in_header) + PATH_MAX*8]; + for (;;) { + ssize_t len = TEMP_FAILURE_RETRY(read(fd.ffd, request_buffer, sizeof(request_buffer))); + if (len == -1) { + perror("read request"); + if (errno == ENODEV) { + result = -1; + break; + } + continue; + } + + if ((size_t)len < sizeof(struct fuse_in_header)) { + fprintf(stderr, "request too short: len=%zu\n", (size_t)len); + continue; + } + + struct fuse_in_header* hdr = (struct fuse_in_header*) request_buffer; + void* data = request_buffer + sizeof(struct fuse_in_header); + + result = -ENOSYS; + + switch (hdr->opcode) { + case FUSE_INIT: + result = handle_init(data, &fd, hdr); + break; + + case FUSE_LOOKUP: + result = handle_lookup(data, &fd, hdr); + break; + + case FUSE_GETATTR: + result = handle_getattr(data, &fd, hdr); + break; + + case FUSE_OPEN: + result = handle_open(data, &fd, hdr); + break; + + case FUSE_READ: + result = handle_read(data, &fd, hdr); + break; + + case FUSE_FLUSH: + result = handle_flush(data, &fd, hdr); + break; + + case FUSE_RELEASE: + result = handle_release(data, &fd, hdr); + break; + + default: + fprintf(stderr, "unknown fuse request opcode %d\n", hdr->opcode); + break; + } + + if (result == NO_STATUS_EXIT) { + result = 0; + break; + } + + if (result != NO_STATUS) { + struct fuse_out_header outhdr; + outhdr.len = sizeof(outhdr); + outhdr.error = result; + outhdr.unique = hdr->unique; + TEMP_FAILURE_RETRY(write(fd.ffd, &outhdr, sizeof(outhdr))); + } + } + + done: + fd.vtab->close(fd.cookie); + + result = umount2(FUSE_SIDELOAD_HOST_MOUNTPOINT, MNT_DETACH); + if (result < 0) { + printf("fuse_sideload umount failed: %s\n", strerror(errno)); + } + + if (fd.ffd) close(fd.ffd); + free(fd.hashes); + free(fd.block_data); + free(fd.extra_block); + + return result; +} diff --git a/fuse_sideload.h b/fuse_sideload.h index f9e3bf0d3..c0b16efbe 100644 --- a/fuse_sideload.h +++ b/fuse_sideload.h @@ -17,10 +17,6 @@ #ifndef __FUSE_SIDELOAD_H #define __FUSE_SIDELOAD_H -#include - -__BEGIN_DECLS - // define the filenames created by the sideload FUSE filesystem #define FUSE_SIDELOAD_HOST_MOUNTPOINT "/sideload" #define FUSE_SIDELOAD_HOST_FILENAME "package.zip" @@ -39,6 +35,4 @@ struct provider_vtab { int run_fuse_sideload(struct provider_vtab* vtab, void* cookie, uint64_t file_size, uint32_t block_size); -__END_DECLS - #endif -- cgit v1.2.3 From 1ce7a2a63db84527e6195a6b123b1617f87c0f38 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 24 Jul 2015 15:29:12 -0700 Subject: applypatch: Fix the checking in WriteToPartition(). WriteToPartition() should consider a target name as valid if it contains multiple colons. But only the first two fields will be used. Bug: 22725128 Change-Id: Ie9404375e24045c115595eec6ce5b6423da8fc3e --- applypatch/applypatch.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 2446b2a68..751d3e392 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -312,13 +312,14 @@ int SaveFileContents(const char* filename, const FileContents* file) { } // Write a memory buffer to 'target' partition, a string of the form -// "MTD:[:...]" or "EMMC:". Return 0 on -// success. +// "MTD:[:...]" or "EMMC:[:...]". The target name +// might contain multiple colons, but WriteToPartition() only uses the first +// two and ignores the rest. Return 0 on success. int WriteToPartition(unsigned char* data, size_t len, const char* target) { std::string copy(target); std::vector pieces = android::base::Split(copy, ":"); - if (pieces.size() != 2) { + if (pieces.size() < 2) { printf("WriteToPartition called with bad target (%s)\n", target); return -1; } -- cgit v1.2.3 From 187efff6f37bd6bd3ddae816a847afd16ff06c1d Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Mon, 27 Jul 2015 14:07:08 -0700 Subject: updater: Hoist fsync() to outer loop. Currently the fsync() inside write_all() may be called multiple times when performing a command. Move that to the outer loop and call it only after completing the command. Also remove the O_SYNC flag when writing a stash. Change-Id: I71e51d76051a2f7f504eef1aa585d2cb7a000d80 --- updater/blockimg.cpp | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 258d97552..77117db05 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -192,11 +192,6 @@ static int write_all(int fd, const uint8_t* data, size_t size) { written += w; } - if (fsync(fd) == -1) { - fprintf(stderr, "fsync failed: %s\n", strerror(errno)); - return -1; - } - return 0; } @@ -728,7 +723,7 @@ static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buf fprintf(stderr, " writing %d blocks to %s\n", blocks, cn); - fd = TEMP_FAILURE_RETRY(open(fn, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, STASH_FILE_MODE)); + fd = TEMP_FAILURE_RETRY(open(fn, O_WRONLY | O_CREAT | O_TRUNC, STASH_FILE_MODE)); if (fd == -1) { fprintf(stderr, "failed to create \"%s\": %s\n", fn, strerror(errno)); @@ -1762,6 +1757,10 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, } if (params.canwrite) { + if (fsync(params.fd) == -1) { + fprintf(stderr, "fsync failed: %s\n", strerror(errno)); + goto pbiudone; + } fprintf(cmd_pipe, "set_progress %.4f\n", (double) params.written / total_blocks); fflush(cmd_pipe); } -- cgit v1.2.3 From abb8f7785ee24eac42f6d28dbfef37872a06c7e9 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 30 Jul 2015 14:43:27 -0700 Subject: recovery: Allow "Mount /system" for system_root_image. When system images contain the root directory, there is no entry of "/system" in the fstab. Change it to look for "/" instead if ro.build.system_root_image is true. We actually mount the partition to /system_root instead, and create a symlink to /system_root/system for /system. This allows "adb shell" to work properly. Bug: 22855115 Change-Id: Ibac493a5a9320c98ee3b60bd2cc635b925f5454a --- recovery.cpp | 19 +++++++++++++++++-- roots.cpp | 26 ++++++++++++++++++-------- roots.h | 13 ++++--------- 3 files changed, 39 insertions(+), 19 deletions(-) diff --git a/recovery.cpp b/recovery.cpp index 83ca5812d..8123903ae 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -863,9 +863,24 @@ prompt_and_wait(Device* device, int status) { break; case Device::MOUNT_SYSTEM: - if (ensure_path_mounted("/system") != -1) { - ui->Print("Mounted /system.\n"); + char system_root_image[PROPERTY_VALUE_MAX]; + property_get("ro.build.system_root_image", system_root_image, ""); + + // For a system image built with the root directory (i.e. + // system_root_image == "true"), we mount it to /system_root, and symlink /system + // to /system_root/system to make adb shell work (the symlink is created through + // the build system). + // Bug: 22855115 + if (strcmp(system_root_image, "true") == 0) { + if (ensure_path_mounted_at("/", "/system_root") != -1) { + ui->Print("Mounted /system.\n"); + } + } else { + if (ensure_path_mounted("/system") != -1) { + ui->Print("Mounted /system.\n"); + } } + break; } } diff --git a/roots.cpp b/roots.cpp index 9288177e7..12c6b5ee2 100644 --- a/roots.cpp +++ b/roots.cpp @@ -70,7 +70,8 @@ Volume* volume_for_path(const char* path) { return fs_mgr_get_entry_for_mount_point(fstab, path); } -int ensure_path_mounted(const char* path) { +// Mount the volume specified by path at the given mount_point. +int ensure_path_mounted_at(const char* path, const char* mount_point) { Volume* v = volume_for_path(path); if (v == NULL) { LOGE("unknown volume for path [%s]\n", path); @@ -88,14 +89,18 @@ int ensure_path_mounted(const char* path) { return -1; } + if (!mount_point) { + mount_point = v->mount_point; + } + const MountedVolume* mv = - find_mounted_volume_by_mount_point(v->mount_point); + find_mounted_volume_by_mount_point(mount_point); if (mv) { // volume is already mounted return 0; } - mkdir(v->mount_point, 0755); // in case it doesn't already exist + mkdir(mount_point, 0755); // in case it doesn't already exist if (strcmp(v->fs_type, "yaffs2") == 0) { // mount an MTD partition as a YAFFS2 filesystem. @@ -104,25 +109,30 @@ int ensure_path_mounted(const char* path) { partition = mtd_find_partition_by_name(v->blk_device); if (partition == NULL) { LOGE("failed to find \"%s\" partition to mount at \"%s\"\n", - v->blk_device, v->mount_point); + v->blk_device, mount_point); return -1; } - return mtd_mount_partition(partition, v->mount_point, v->fs_type, 0); + return mtd_mount_partition(partition, mount_point, v->fs_type, 0); } else if (strcmp(v->fs_type, "ext4") == 0 || strcmp(v->fs_type, "squashfs") == 0 || strcmp(v->fs_type, "vfat") == 0) { - result = mount(v->blk_device, v->mount_point, v->fs_type, + result = mount(v->blk_device, mount_point, v->fs_type, v->flags, v->fs_options); if (result == 0) return 0; - LOGE("failed to mount %s (%s)\n", v->mount_point, strerror(errno)); + LOGE("failed to mount %s (%s)\n", mount_point, strerror(errno)); return -1; } - LOGE("unknown fs_type \"%s\" for %s\n", v->fs_type, v->mount_point); + LOGE("unknown fs_type \"%s\" for %s\n", v->fs_type, mount_point); return -1; } +int ensure_path_mounted(const char* path) { + // Mount at the default mount point. + return ensure_path_mounted_at(path, nullptr); +} + int ensure_path_unmounted(const char* path) { Volume* v = volume_for_path(path); if (v == NULL) { diff --git a/roots.h b/roots.h index 230d9ded3..6e3b24355 100644 --- a/roots.h +++ b/roots.h @@ -19,10 +19,6 @@ #include "common.h" -#ifdef __cplusplus -extern "C" { -#endif - // Load and parse volume data from /etc/recovery.fstab. void load_volume_table(); @@ -33,7 +29,10 @@ Volume* volume_for_path(const char* path); // success (volume is mounted). int ensure_path_mounted(const char* path); -// Make sure that the volume 'path' is on is mounted. Returns 0 on +// Similar to ensure_path_mounted, but allows one to specify the mount_point. +int ensure_path_mounted_at(const char* path, const char* mount_point); + +// Make sure that the volume 'path' is on is unmounted. Returns 0 on // success (volume is unmounted); int ensure_path_unmounted(const char* path); @@ -46,8 +45,4 @@ int format_volume(const char* volume); // mounted (/tmp and /cache) are mounted. Returns 0 on success. int setup_install_mounts(); -#ifdef __cplusplus -} -#endif - #endif // RECOVERY_ROOTS_H_ -- cgit v1.2.3 From dc3922622a94af4f6412fd68e8f075f839ab2348 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 31 Jul 2015 15:56:44 -0700 Subject: udpater: Call fsync() after rename(). We need to ensure the renamed filename reaches the underlying storage. Bug: 22840552 Change-Id: Ide2e753a2038691d472b6ee173cbf68ac998a084 --- updater/blockimg.cpp | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 77117db05..a7821f362 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -686,6 +687,7 @@ static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buf char *cn = NULL; int fd = -1; int rc = -1; + int dfd = -1; int res; struct stat st; @@ -744,6 +746,20 @@ static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buf goto wsout; } + const char* dname; + dname = dirname(cn); + dfd = TEMP_FAILURE_RETRY(open(dname, O_RDONLY | O_DIRECTORY)); + + if (dfd == -1) { + fprintf(stderr, "failed to open \"%s\" failed: %s\n", dname, strerror(errno)); + goto wsout; + } + + if (fsync(dfd) == -1) { + fprintf(stderr, "fsync \"%s\" failed: %s\n", dname, strerror(errno)); + goto wsout; + } + rc = 0; wsout: @@ -751,6 +767,10 @@ wsout: close(fd); } + if (dfd != -1) { + close(dfd); + } + if (fn) { free(fn); } -- cgit v1.2.3 From 1b7d9b736888096db9907031c5c9307cf4989a51 Mon Sep 17 00:00:00 2001 From: Jeremy Compostella Date: Wed, 29 Jul 2015 17:17:03 +0200 Subject: Fix potential crash Malloc might fail when replacing package path. In this case, print a clear error message in the logs and let the OTA fails. Change-Id: I7209d95edc025e3ee1b4478f5e04f6e852d97205 Signed-off-by: Jeremy Compostella Signed-off-by: Gaelle Nassiet --- recovery.cpp | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/recovery.cpp b/recovery.cpp index 8123903ae..d90e10a8b 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -1036,11 +1036,15 @@ main(int argc, char **argv) { if (strncmp(update_package, "CACHE:", 6) == 0) { int len = strlen(update_package) + 10; char* modified_path = (char*)malloc(len); - strlcpy(modified_path, "/cache/", len); - strlcat(modified_path, update_package+6, len); - printf("(replacing path \"%s\" with \"%s\")\n", - update_package, modified_path); - update_package = modified_path; + if (modified_path) { + strlcpy(modified_path, "/cache/", len); + strlcat(modified_path, update_package+6, len); + printf("(replacing path \"%s\" with \"%s\")\n", + update_package, modified_path); + update_package = modified_path; + } + else + printf("modified_path allocation failed\n"); } } printf("\n"); -- cgit v1.2.3 From e6aa3326c1dbebac95eebc320d2c419f0ae9f9b9 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 5 Aug 2015 15:20:27 -0700 Subject: updater: Clean up char* with std::string. So we can remove a few free()s. And also replace a few pointers with references. Change-Id: I4b6332216704f4f9ea4a044b8d4bb7aa42a7ef26 --- applypatch/applypatch.cpp | 12 +- bootloader.h | 8 - common.h | 8 - print_sha1.h | 43 +++++ updater/blockimg.cpp | 402 ++++++++++++++++------------------------------ 5 files changed, 185 insertions(+), 288 deletions(-) create mode 100644 print_sha1.h diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 751d3e392..1767761a8 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -31,6 +31,7 @@ #include "applypatch.h" #include "mtdutils/mtdutils.h" #include "edify/expr.h" +#include "print_sha1.h" static int LoadPartitionContents(const char* filename, FileContents* file); static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token); @@ -43,7 +44,6 @@ static int GenerateTarget(FileContents* source_file, const uint8_t target_sha1[SHA_DIGEST_SIZE], size_t target_size, const Value* bonus_data); -static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]); static bool mtd_partitions_scanned = false; @@ -630,16 +630,6 @@ int CacheSizeCheck(size_t bytes) { } } -static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { - const char* hex = "0123456789abcdef"; - std::string result = ""; - for (size_t i = 0; i < 4; ++i) { - result.push_back(hex[(sha1[i]>>4) & 0xf]); - result.push_back(hex[sha1[i] & 0xf]); - } - return result; -} - // This function applies binary patches to files in a way that is safe // (the original file is not touched until we have the desired // replacement for it) and idempotent (it's okay to run this program diff --git a/bootloader.h b/bootloader.h index c2895dd91..4e9fb0a0d 100644 --- a/bootloader.h +++ b/bootloader.h @@ -17,10 +17,6 @@ #ifndef _RECOVERY_BOOTLOADER_H #define _RECOVERY_BOOTLOADER_H -#ifdef __cplusplus -extern "C" { -#endif - /* Bootloader Message * * This structure describes the content of a block in flash @@ -64,8 +60,4 @@ struct bootloader_message { int get_bootloader_message(struct bootloader_message *out); int set_bootloader_message(const struct bootloader_message *in); -#ifdef __cplusplus -} -#endif - #endif diff --git a/common.h b/common.h index b818ceb84..de8b409fd 100644 --- a/common.h +++ b/common.h @@ -21,10 +21,6 @@ #include #include -#ifdef __cplusplus -extern "C" { -#endif - #define LOGE(...) ui_print("E:" __VA_ARGS__) #define LOGW(...) fprintf(stdout, "W:" __VA_ARGS__) #define LOGI(...) fprintf(stdout, "I:" __VA_ARGS__) @@ -50,8 +46,4 @@ void ui_print(const char* format, ...); bool is_ro_debuggable(); -#ifdef __cplusplus -} -#endif - #endif // RECOVERY_COMMON_H diff --git a/print_sha1.h b/print_sha1.h new file mode 100644 index 000000000..9e37c5fe3 --- /dev/null +++ b/print_sha1.h @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef RECOVERY_PRINT_SHA1_H +#define RECOVERY_PRINT_SHA1_H + +#include +#include + +#include "mincrypt/sha.h" + +static std::string print_sha1(const uint8_t sha1[SHA_DIGEST_SIZE], size_t len) { + const char* hex = "0123456789abcdef"; + std::string result = ""; + for (size_t i = 0; i < len; ++i) { + result.push_back(hex[(sha1[i]>>4) & 0xf]); + result.push_back(hex[sha1[i] & 0xf]); + } + return result; +} + +static std::string print_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { + return print_sha1(sha1, SHA_DIGEST_SIZE); +} + +static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { + return print_sha1(sha1, 4); +} + +#endif // RECOVERY_PRINT_SHA1_H diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index a7821f362..3a07da404 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -19,7 +19,6 @@ #include #include #include -#include #include #include #include @@ -33,11 +32,17 @@ #include #include +#include +#include + +#include + #include "applypatch/applypatch.h" #include "edify/expr.h" #include "mincrypt/sha.h" #include "minzip/Hash.h" #include "updater.h" +#include "print_sha1.h" #define BLOCKSIZE 4096 @@ -50,8 +55,6 @@ #define STASH_DIRECTORY_MODE 0700 #define STASH_FILE_MODE 0600 -char* PrintSha1(const uint8_t* digest); - typedef struct { int count; int size; @@ -145,28 +148,22 @@ err: exit(1); } -static int range_overlaps(RangeSet* r1, RangeSet* r2) { - int i, j, r1_0, r1_1, r2_0, r2_1; - - if (!r1 || !r2) { - return 0; - } - - for (i = 0; i < r1->count; ++i) { - r1_0 = r1->pos[i * 2]; - r1_1 = r1->pos[i * 2 + 1]; +static bool range_overlaps(const RangeSet& r1, const RangeSet& r2) { + for (int i = 0; i < r1.count; ++i) { + int r1_0 = r1.pos[i * 2]; + int r1_1 = r1.pos[i * 2 + 1]; - for (j = 0; j < r2->count; ++j) { - r2_0 = r2->pos[j * 2]; - r2_1 = r2->pos[j * 2 + 1]; + for (int j = 0; j < r2.count; ++j) { + int r2_0 = r2.pos[j * 2]; + int r2_1 = r2.pos[j * 2 + 1]; if (!(r2_0 >= r1_1 || r1_0 >= r2_1)) { - return 1; + return true; } } } - return 0; + return false; } static int read_all(int fd, uint8_t* data, size_t size) { @@ -405,7 +402,7 @@ static int WriteBlocks(RangeSet* tgt, uint8_t* buffer, int fd) { // in *tgt, if tgt is non-NULL. static int LoadSrcTgtVersion1(char** wordsave, RangeSet** tgt, int* src_blocks, - uint8_t** buffer, size_t* buffer_alloc, int fd) { + uint8_t** buffer, size_t* buffer_alloc, int fd) { char* word; int rc; @@ -426,8 +423,7 @@ static int LoadSrcTgtVersion1(char** wordsave, RangeSet** tgt, int* src_blocks, } static int VerifyBlocks(const char *expected, const uint8_t *buffer, - size_t blocks, int printerror) { - char* hexdigest = NULL; + size_t blocks, bool printerror) { int rc = -1; uint8_t digest[SHA_DIGEST_SIZE]; @@ -436,128 +432,75 @@ static int VerifyBlocks(const char *expected, const uint8_t *buffer, } SHA_hash(buffer, blocks * BLOCKSIZE, digest); - hexdigest = PrintSha1(digest); - if (hexdigest != NULL) { - rc = strcmp(expected, hexdigest); + std::string hexdigest = print_sha1(digest); - if (rc != 0 && printerror) { - fprintf(stderr, "failed to verify blocks (expected %s, read %s)\n", - expected, hexdigest); - } + rc = hexdigest != std::string(expected); - free(hexdigest); + if (rc != 0 && printerror) { + fprintf(stderr, "failed to verify blocks (expected %s, read %s)\n", + expected, hexdigest.c_str()); } return rc; } -static char* GetStashFileName(const char* base, const char* id, const char* postfix) { - char* fn; - int len; - int res; - - if (base == NULL) { - return NULL; - } - - if (id == NULL) { - id = ""; - } - - if (postfix == NULL) { - postfix = ""; - } - - len = strlen(STASH_DIRECTORY_BASE) + 1 + strlen(base) + 1 + strlen(id) + strlen(postfix) + 1; - fn = reinterpret_cast(malloc(len)); - - if (fn == NULL) { - fprintf(stderr, "failed to malloc %d bytes for fn\n", len); - return NULL; +static std::string GetStashFileName(const std::string& base, const std::string id, + const std::string postfix) { + if (base.empty()) { + return ""; } - res = snprintf(fn, len, STASH_DIRECTORY_BASE "/%s/%s%s", base, id, postfix); - - if (res < 0 || res >= len) { - fprintf(stderr, "failed to format file name (return value %d)\n", res); - free(fn); - return NULL; - } + std::string fn(STASH_DIRECTORY_BASE); + fn += "/" + base + "/" + id + postfix; return fn; } -typedef void (*StashCallback)(const char*, void*); +typedef void (*StashCallback)(const std::string&, void*); // Does a best effort enumeration of stash files. Ignores possible non-file // items in the stash directory and continues despite of errors. Calls the // 'callback' function for each file and passes 'data' to the function as a // parameter. -static void EnumerateStash(const char* dirname, StashCallback callback, void* data) { - char* fn; - DIR* directory; - int len; - int res; - struct dirent* item; - - if (dirname == NULL || callback == NULL) { +static void EnumerateStash(const std::string& dirname, StashCallback callback, void* data) { + if (dirname.empty() || callback == NULL) { return; } - directory = opendir(dirname); + std::unique_ptr directory(opendir(dirname.c_str()), closedir); if (directory == NULL) { if (errno != ENOENT) { - fprintf(stderr, "opendir \"%s\" failed: %s\n", dirname, strerror(errno)); + fprintf(stderr, "opendir \"%s\" failed: %s\n", dirname.c_str(), strerror(errno)); } return; } - while ((item = readdir(directory)) != NULL) { + struct dirent* item; + while ((item = readdir(directory.get())) != NULL) { if (item->d_type != DT_REG) { continue; } - len = strlen(dirname) + 1 + strlen(item->d_name) + 1; - fn = reinterpret_cast(malloc(len)); - - if (fn == NULL) { - fprintf(stderr, "failed to malloc %d bytes for fn\n", len); - continue; - } - - res = snprintf(fn, len, "%s/%s", dirname, item->d_name); - - if (res < 0 || res >= len) { - fprintf(stderr, "failed to format file name (return value %d)\n", res); - free(fn); - continue; - } - + std::string fn = dirname + "/" + std::string(item->d_name); callback(fn, data); - free(fn); - } - - if (closedir(directory) == -1) { - fprintf(stderr, "closedir \"%s\" failed: %s\n", dirname, strerror(errno)); } } -static void UpdateFileSize(const char* fn, void* data) { - int* size = (int*) data; - struct stat st; - - if (!fn || !data) { +static void UpdateFileSize(const std::string& fn, void* data) { + if (fn.empty() || !data) { return; } - if (stat(fn, &st) == -1) { - fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); + struct stat st; + if (stat(fn.c_str(), &st) == -1) { + fprintf(stderr, "stat \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); return; } + int* size = reinterpret_cast(data); *size += st.st_size; } @@ -565,57 +508,49 @@ static void UpdateFileSize(const char* fn, void* data) { // contains files. There is nothing we can do about unlikely, but possible // errors, so they are merely logged. -static void DeleteFile(const char* fn, void* data) { - if (fn) { - fprintf(stderr, "deleting %s\n", fn); +static void DeleteFile(const std::string& fn, void* data) { + if (!fn.empty()) { + fprintf(stderr, "deleting %s\n", fn.c_str()); - if (unlink(fn) == -1 && errno != ENOENT) { - fprintf(stderr, "unlink \"%s\" failed: %s\n", fn, strerror(errno)); + if (unlink(fn.c_str()) == -1 && errno != ENOENT) { + fprintf(stderr, "unlink \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); } } } -static void DeletePartial(const char* fn, void* data) { - if (fn && strstr(fn, ".partial") != NULL) { +static void DeletePartial(const std::string& fn, void* data) { + if (android::base::EndsWith(fn, ".partial")) { DeleteFile(fn, data); } } -static void DeleteStash(const char* base) { - char* dirname; - - if (base == NULL) { +static void DeleteStash(const std::string& base) { + if (base.empty()) { return; } - dirname = GetStashFileName(base, NULL, NULL); + fprintf(stderr, "deleting stash %s\n", base.c_str()); - if (dirname == NULL) { - return; - } - - fprintf(stderr, "deleting stash %s\n", base); + std::string dirname = GetStashFileName(base, "", ""); EnumerateStash(dirname, DeleteFile, NULL); - if (rmdir(dirname) == -1) { + if (rmdir(dirname.c_str()) == -1) { if (errno != ENOENT && errno != ENOTDIR) { - fprintf(stderr, "rmdir \"%s\" failed: %s\n", dirname, strerror(errno)); + fprintf(stderr, "rmdir \"%s\" failed: %s\n", dirname.c_str(), strerror(errno)); } } - - free(dirname); } -static int LoadStash(const char* base, const char* id, int verify, int* blocks, uint8_t** buffer, - size_t* buffer_alloc, int printnoent) { - char *fn = NULL; +static int LoadStash(const std::string& base, const char* id, int verify, int* blocks, + uint8_t** buffer, size_t* buffer_alloc, bool printnoent) { + std::string fn; int blockcount = 0; int fd = -1; int rc = -1; int res; struct stat st; - if (!base || !id || !buffer || !buffer_alloc) { + if (base.empty() || !id || !buffer || !buffer_alloc) { goto lsout; } @@ -623,33 +558,29 @@ static int LoadStash(const char* base, const char* id, int verify, int* blocks, blocks = &blockcount; } - fn = GetStashFileName(base, id, NULL); + fn = GetStashFileName(base, std::string(id), ""); - if (fn == NULL) { - goto lsout; - } - - res = stat(fn, &st); + res = stat(fn.c_str(), &st); if (res == -1) { if (errno != ENOENT || printnoent) { - fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); + fprintf(stderr, "stat \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); } goto lsout; } - fprintf(stderr, " loading %s\n", fn); + fprintf(stderr, " loading %s\n", fn.c_str()); if ((st.st_size % BLOCKSIZE) != 0) { fprintf(stderr, "%s size %" PRId64 " not multiple of block size %d", - fn, static_cast(st.st_size), BLOCKSIZE); + fn.c_str(), static_cast(st.st_size), BLOCKSIZE); goto lsout; } - fd = TEMP_FAILURE_RETRY(open(fn, O_RDONLY)); + fd = TEMP_FAILURE_RETRY(open(fn.c_str(), O_RDONLY)); if (fd == -1) { - fprintf(stderr, "open \"%s\" failed: %s\n", fn, strerror(errno)); + fprintf(stderr, "open \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); goto lsout; } @@ -661,8 +592,8 @@ static int LoadStash(const char* base, const char* id, int verify, int* blocks, *blocks = st.st_size / BLOCKSIZE; - if (verify && VerifyBlocks(id, *buffer, *blocks, 1) != 0) { - fprintf(stderr, "unexpected contents in %s\n", fn); + if (verify && VerifyBlocks(id, *buffer, *blocks, true) != 0) { + fprintf(stderr, "unexpected contents in %s\n", fn.c_str()); DeleteFile(fn, NULL); goto lsout; } @@ -674,24 +605,21 @@ lsout: close(fd); } - if (fn) { - free(fn); - } - return rc; } -static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buffer, - int checkspace, int *exists) { - char *fn = NULL; - char *cn = NULL; +static int WriteStash(const std::string& base, const char* id, int blocks, + uint8_t* buffer, bool checkspace, int *exists) { + std::string fn; + std::string cn; + std::string dname; int fd = -1; int rc = -1; int dfd = -1; int res; struct stat st; - if (base == NULL || buffer == NULL) { + if (base.empty() || buffer == NULL) { goto wsout; } @@ -700,21 +628,17 @@ static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buf goto wsout; } - fn = GetStashFileName(base, id, ".partial"); - cn = GetStashFileName(base, id, NULL); - - if (fn == NULL || cn == NULL) { - goto wsout; - } + fn = GetStashFileName(base, std::string(id), ".partial"); + cn = GetStashFileName(base, std::string(id), ""); if (exists) { - res = stat(cn, &st); + res = stat(cn.c_str(), &st); if (res == 0) { // The file already exists and since the name is the hash of the contents, // it's safe to assume the contents are identical (accidental hash collisions // are unlikely) - fprintf(stderr, " skipping %d existing blocks in %s\n", blocks, cn); + fprintf(stderr, " skipping %d existing blocks in %s\n", blocks, cn.c_str()); *exists = 1; rc = 0; goto wsout; @@ -723,12 +647,12 @@ static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buf *exists = 0; } - fprintf(stderr, " writing %d blocks to %s\n", blocks, cn); + fprintf(stderr, " writing %d blocks to %s\n", blocks, cn.c_str()); - fd = TEMP_FAILURE_RETRY(open(fn, O_WRONLY | O_CREAT | O_TRUNC, STASH_FILE_MODE)); + fd = TEMP_FAILURE_RETRY(open(fn.c_str(), O_WRONLY | O_CREAT | O_TRUNC, STASH_FILE_MODE)); if (fd == -1) { - fprintf(stderr, "failed to create \"%s\": %s\n", fn, strerror(errno)); + fprintf(stderr, "failed to create \"%s\": %s\n", fn.c_str(), strerror(errno)); goto wsout; } @@ -737,26 +661,26 @@ static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buf } if (fsync(fd) == -1) { - fprintf(stderr, "fsync \"%s\" failed: %s\n", fn, strerror(errno)); + fprintf(stderr, "fsync \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); goto wsout; } - if (rename(fn, cn) == -1) { - fprintf(stderr, "rename(\"%s\", \"%s\") failed: %s\n", fn, cn, strerror(errno)); + if (rename(fn.c_str(), cn.c_str()) == -1) { + fprintf(stderr, "rename(\"%s\", \"%s\") failed: %s\n", fn.c_str(), cn.c_str(), + strerror(errno)); goto wsout; } - const char* dname; - dname = dirname(cn); - dfd = TEMP_FAILURE_RETRY(open(dname, O_RDONLY | O_DIRECTORY)); + dname = GetStashFileName(base, "", ""); + dfd = TEMP_FAILURE_RETRY(open(dname.c_str(), O_RDONLY | O_DIRECTORY)); if (dfd == -1) { - fprintf(stderr, "failed to open \"%s\" failed: %s\n", dname, strerror(errno)); + fprintf(stderr, "failed to open \"%s\" failed: %s\n", dname.c_str(), strerror(errno)); goto wsout; } if (fsync(dfd) == -1) { - fprintf(stderr, "fsync \"%s\" failed: %s\n", dname, strerror(errno)); + fprintf(stderr, "fsync \"%s\" failed: %s\n", dname.c_str(), strerror(errno)); goto wsout; } @@ -771,14 +695,6 @@ wsout: close(dfd); } - if (fn) { - free(fn); - } - - if (cn) { - free(cn); - } - return rc; } @@ -786,103 +702,79 @@ wsout: // hash enough space for the expected amount of blocks we need to store. Returns // >0 if we created the directory, zero if it existed already, and <0 of failure. -static int CreateStash(State* state, int maxblocks, const char* blockdev, char** base) { - char* dirname = NULL; - const uint8_t* digest; - int rc = -1; - int res; - int size = 0; - SHA_CTX ctx; - struct stat st; - - if (blockdev == NULL || base == NULL) { - goto csout; +static int CreateStash(State* state, int maxblocks, const char* blockdev, + std::string& base) { + if (blockdev == NULL) { + return -1; } // Stash directory should be different for each partition to avoid conflicts // when updating multiple partitions at the same time, so we use the hash of // the block device name as the base directory + SHA_CTX ctx; SHA_init(&ctx); SHA_update(&ctx, blockdev, strlen(blockdev)); - digest = SHA_final(&ctx); - *base = PrintSha1(digest); - - if (*base == NULL) { - goto csout; - } + const uint8_t* digest = SHA_final(&ctx); + base = print_sha1(digest); - dirname = GetStashFileName(*base, NULL, NULL); - - if (dirname == NULL) { - goto csout; - } - - res = stat(dirname, &st); + std::string dirname = GetStashFileName(base, "", ""); + struct stat st; + int res = stat(dirname.c_str(), &st); if (res == -1 && errno != ENOENT) { - ErrorAbort(state, "stat \"%s\" failed: %s\n", dirname, strerror(errno)); - goto csout; + ErrorAbort(state, "stat \"%s\" failed: %s\n", dirname.c_str(), strerror(errno)); + return -1; } else if (res != 0) { - fprintf(stderr, "creating stash %s\n", dirname); - res = mkdir(dirname, STASH_DIRECTORY_MODE); + fprintf(stderr, "creating stash %s\n", dirname.c_str()); + res = mkdir(dirname.c_str(), STASH_DIRECTORY_MODE); if (res != 0) { - ErrorAbort(state, "mkdir \"%s\" failed: %s\n", dirname, strerror(errno)); - goto csout; + ErrorAbort(state, "mkdir \"%s\" failed: %s\n", dirname.c_str(), strerror(errno)); + return -1; } if (CacheSizeCheck(maxblocks * BLOCKSIZE) != 0) { ErrorAbort(state, "not enough space for stash\n"); - goto csout; + return -1; } - rc = 1; // Created directory - goto csout; + return 1; // Created directory } - fprintf(stderr, "using existing stash %s\n", dirname); + fprintf(stderr, "using existing stash %s\n", dirname.c_str()); // If the directory already exists, calculate the space already allocated to // stash files and check if there's enough for all required blocks. Delete any // partially completed stash files first. EnumerateStash(dirname, DeletePartial, NULL); + int size = 0; EnumerateStash(dirname, UpdateFileSize, &size); size = (maxblocks * BLOCKSIZE) - size; if (size > 0 && CacheSizeCheck(size) != 0) { ErrorAbort(state, "not enough space for stash (%d more needed)\n", size); - goto csout; - } - - rc = 0; // Using existing directory - -csout: - if (dirname) { - free(dirname); + return -1; } - return rc; + return 0; // Using existing directory } -static int SaveStash(const char* base, char** wordsave, uint8_t** buffer, size_t* buffer_alloc, - int fd, int usehash, int* isunresumable) { - char *id = NULL; - int blocks = 0; - +static int SaveStash(const std::string& base, char** wordsave, uint8_t** buffer, + size_t* buffer_alloc, int fd, int usehash, bool* isunresumable) { if (!wordsave || !buffer || !buffer_alloc || !isunresumable) { return -1; } - id = strtok_r(NULL, " ", wordsave); - + char *id = strtok_r(NULL, " ", wordsave); if (id == NULL) { fprintf(stderr, "missing id field in stash command\n"); return -1; } - if (usehash && LoadStash(base, id, 1, &blocks, buffer, buffer_alloc, 0) == 0) { + int blocks = 0; + if (usehash && LoadStash(base, id, 1, &blocks, buffer, buffer_alloc, false) == 0) { // Stash file already exists and has expected contents. Do not // read from source again, as the source may have been already // overwritten during a previous attempt. @@ -893,7 +785,7 @@ static int SaveStash(const char* base, char** wordsave, uint8_t** buffer, size_t return -1; } - if (usehash && VerifyBlocks(id, *buffer, blocks, 1) != 0) { + if (usehash && VerifyBlocks(id, *buffer, blocks, true) != 0) { // Source blocks have unexpected contents. If we actually need this // data later, this is an unrecoverable error. However, the command // that uses the data may have already completed previously, so the @@ -903,24 +795,17 @@ static int SaveStash(const char* base, char** wordsave, uint8_t** buffer, size_t } fprintf(stderr, "stashing %d blocks to %s\n", blocks, id); - return WriteStash(base, id, blocks, *buffer, 0, NULL); + return WriteStash(base, id, blocks, *buffer, false, NULL); } -static int FreeStash(const char* base, const char* id) { - char *fn = NULL; - - if (base == NULL || id == NULL) { +static int FreeStash(const std::string& base, const char* id) { + if (base.empty() || id == NULL) { return -1; } - fn = GetStashFileName(base, id, NULL); - - if (fn == NULL) { - return -1; - } + std::string fn = GetStashFileName(base, std::string(id), ""); DeleteFile(fn, NULL); - free(fn); return 0; } @@ -959,8 +844,8 @@ static void MoveRange(uint8_t* dest, RangeSet* locs, const uint8_t* source) { // target RangeSet. Any stashes required are loaded using LoadStash. static int LoadSrcTgtVersion2(char** wordsave, RangeSet** tgt, int* src_blocks, - uint8_t** buffer, size_t* buffer_alloc, int fd, - const char* stashbase, int* overlap) { + uint8_t** buffer, size_t* buffer_alloc, int fd, + const std::string& stashbase, bool* overlap) { char* word; char* colonsave; char* colon; @@ -987,7 +872,7 @@ static int LoadSrcTgtVersion2(char** wordsave, RangeSet** tgt, int* src_blocks, res = ReadBlocks(src, *buffer, fd); if (overlap && tgt) { - *overlap = range_overlaps(src, *tgt); + *overlap = range_overlaps(*src, **tgt); } free(src); @@ -1014,7 +899,7 @@ static int LoadSrcTgtVersion2(char** wordsave, RangeSet** tgt, int* src_blocks, colonsave = NULL; colon = strtok_r(word, ":", &colonsave); - res = LoadStash(stashbase, colon, 0, NULL, &stash, &stashalloc, 1); + res = LoadStash(stashbase, colon, 0, NULL, &stash, &stashalloc, true); if (res == -1) { // These source blocks will fail verification if used later, but we @@ -1042,12 +927,12 @@ typedef struct { char* cmdname; char* cpos; char* freestash; - char* stashbase; - int canwrite; + std::string stashbase; + bool canwrite; int createdstash; int fd; int foundwrites; - int isunresumable; + bool isunresumable; int version; int written; NewThreadInfo nti; @@ -1075,7 +960,7 @@ typedef struct { // can be performed. static int LoadSrcTgtVersion3(CommandParameters* params, RangeSet** tgt, int* src_blocks, - int onehash, int* overlap) { + int onehash, bool* overlap) { char* srchash = NULL; char* tgthash = NULL; int stash_exists = 0; @@ -1120,20 +1005,20 @@ static int LoadSrcTgtVersion3(CommandParameters* params, RangeSet** tgt, int* sr goto v3out; } - if (VerifyBlocks(tgthash, tgtbuffer, (*tgt)->size, 0) == 0) { + if (VerifyBlocks(tgthash, tgtbuffer, (*tgt)->size, false) == 0) { // Target blocks already have expected content, command should be skipped rc = 1; goto v3out; } - if (VerifyBlocks(srchash, params->buffer, *src_blocks, 1) == 0) { + if (VerifyBlocks(srchash, params->buffer, *src_blocks, true) == 0) { // If source and target blocks overlap, stash the source blocks so we can // resume from possible write errors if (*overlap) { fprintf(stderr, "stashing %d overlapping blocks to %s\n", *src_blocks, srchash); - if (WriteStash(params->stashbase, srchash, *src_blocks, params->buffer, 1, + if (WriteStash(params->stashbase, srchash, *src_blocks, params->buffer, true, &stash_exists) != 0) { fprintf(stderr, "failed to stash overlapping source blocks\n"); goto v3out; @@ -1151,7 +1036,7 @@ static int LoadSrcTgtVersion3(CommandParameters* params, RangeSet** tgt, int* sr } if (*overlap && LoadStash(params->stashbase, srchash, 1, NULL, ¶ms->buffer, - ¶ms->bufsize, 1) == 0) { + ¶ms->bufsize, true) == 0) { // Overlapping source blocks were previously stashed, command can proceed. // We are recovering from an interrupted command, so we don't know if the // stash can safely be deleted after this command. @@ -1161,7 +1046,7 @@ static int LoadSrcTgtVersion3(CommandParameters* params, RangeSet** tgt, int* sr // Valid source data not available, update cannot be resumed fprintf(stderr, "partition has unexpected contents\n"); - params->isunresumable = 1; + params->isunresumable = true; v3out: if (tgtbuffer) { @@ -1173,7 +1058,7 @@ v3out: static int PerformCommandMove(CommandParameters* params) { int blocks = 0; - int overlap = 0; + bool overlap = false; int rc = -1; int status = 0; RangeSet* tgt = NULL; @@ -1364,7 +1249,7 @@ static int PerformCommandDiff(CommandParameters* params) { char* logparams = NULL; char* value = NULL; int blocks = 0; - int overlap = 0; + bool overlap = false; int rc = -1; int status = 0; RangeSet* tgt = NULL; @@ -1570,7 +1455,7 @@ static unsigned int HashString(const char *s) { // - patch stream (filename within package.zip, must be uncompressed) static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, Expr* argv[], - const Command* commands, int cmdcount, int dryrun) { + const Command* commands, int cmdcount, bool dryrun) { char* line = NULL; char* linesave = NULL; @@ -1725,8 +1610,7 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, } if (stash_max_blocks >= 0) { - res = CreateStash(state, stash_max_blocks, blockdev_filename->data, - ¶ms.stashbase); + res = CreateStash(state, stash_max_blocks, blockdev_filename->data, params.stashbase); if (res == -1) { goto pbiudone; @@ -1847,10 +1731,6 @@ pbiudone: DeleteStash(params.stashbase); } - if (params.stashbase) { - free(params.stashbase); - } - return StringValue(rc == 0 ? strdup("t") : strdup("")); } @@ -1922,7 +1802,7 @@ Value* BlockImageVerifyFn(const char* name, State* state, int argc, Expr* argv[] // Perform a dry run without writing to test if an update can proceed return PerformBlockImageUpdate(name, state, argc, argv, commands, - sizeof(commands) / sizeof(commands[0]), 1); + sizeof(commands) / sizeof(commands[0]), true); } Value* BlockImageUpdateFn(const char* name, State* state, int argc, Expr* argv[]) { @@ -1938,7 +1818,7 @@ Value* BlockImageUpdateFn(const char* name, State* state, int argc, Expr* argv[] }; return PerformBlockImageUpdate(name, state, argc, argv, commands, - sizeof(commands) / sizeof(commands[0]), 0); + sizeof(commands) / sizeof(commands[0]), false); } Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { @@ -1999,7 +1879,7 @@ Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { if (digest == NULL) { return StringValue(strdup("")); } else { - return StringValue(PrintSha1(digest)); + return StringValue(strdup(print_sha1(digest).c_str())); } } -- cgit v1.2.3 From faa75006af4f5ff5b189a80c8a6666ff88787e42 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Fri, 7 Aug 2015 13:21:06 -0700 Subject: Fix recovery image build. A recent adb cleanup changed the signature of adb_main. Change-Id: I98d084f999966f1a7aa94c63e9ed996b3375096d --- minadbd/adb_main.cpp | 2 +- recovery.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/minadbd/adb_main.cpp b/minadbd/adb_main.cpp index 724f39c1d..514f19699 100644 --- a/minadbd/adb_main.cpp +++ b/minadbd/adb_main.cpp @@ -27,7 +27,7 @@ #include "adb_auth.h" #include "transport.h" -int adb_main(int is_daemon, int server_port) { +int adb_main(int is_daemon, int server_port, int /* reply_fd */) { adb_device_banner = "sideload"; signal(SIGPIPE, SIG_IGN); diff --git a/recovery.cpp b/recovery.cpp index 8123903ae..515470f96 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -942,7 +942,7 @@ main(int argc, char **argv) { // only way recovery should be run with this argument is when it // starts a copy of itself from the apply_from_adb() function. if (argc == 2 && strcmp(argv[1], "--adbd") == 0) { - adb_main(0, DEFAULT_ADB_PORT); + adb_main(0, DEFAULT_ADB_PORT, -1); return 0; } -- cgit v1.2.3 From b02e90f85cb60a6de0ff93147e988c10c4cf213a Mon Sep 17 00:00:00 2001 From: Dan Albert Date: Fri, 7 Aug 2015 17:24:49 -0700 Subject: Use CPPFLAGS instead of CFLAGS. While we build these as C, to the build system they are technically C++ and are subject to the global CPPFLAGS. Set LOCAL_CPPFLAGS here instead of LOCAL_CFLAGS so we can be sure we override anything provided by the build system. Bug: http://b/23043421 Change-Id: I344b54ae4ff9f142365a42c33ba160c1be17a342 --- edify/Android.mk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/edify/Android.mk b/edify/Android.mk index c36645045..eb366c287 100644 --- a/edify/Android.mk +++ b/edify/Android.mk @@ -21,10 +21,10 @@ LOCAL_SRC_FILES := \ $(edify_src_files) \ main.c -LOCAL_CFLAGS := $(edify_cflags) -g -O0 +LOCAL_CPPFLAGS := $(edify_cflags) -g -O0 LOCAL_MODULE := edify LOCAL_YACCFLAGS := -v -LOCAL_CFLAGS += -Wno-unused-parameter +LOCAL_CPPFLAGS += -Wno-unused-parameter LOCAL_CLANG := true include $(BUILD_HOST_EXECUTABLE) @@ -36,8 +36,8 @@ include $(CLEAR_VARS) LOCAL_SRC_FILES := $(edify_src_files) -LOCAL_CFLAGS := $(edify_cflags) -LOCAL_CFLAGS += -Wno-unused-parameter +LOCAL_CPPFLAGS := $(edify_cflags) +LOCAL_CPPFLAGS += -Wno-unused-parameter LOCAL_MODULE := libedify LOCAL_CLANG := true -- cgit v1.2.3 From c754792a07d340c30128b2fd064a58b1f15623da Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 6 Aug 2015 18:35:05 -0700 Subject: Use unique_ptr and unique_fd to manager FDs. Clean up leaky file descriptors in uncrypt/uncrypt.cpp. Add unique_fd for open() and unique_file for fopen() to close FDs on destruction. Bug: 21496020 Change-Id: I0174db0de9d5f59cd43b44757b8ef0f5912c91a2 --- uncrypt/Android.mk | 2 ++ uncrypt/uncrypt.cpp | 32 +++++++++++------------ unique_fd.h | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+), 16 deletions(-) create mode 100644 unique_fd.h diff --git a/uncrypt/Android.mk b/uncrypt/Android.mk index e73c8f1b6..f31db4243 100644 --- a/uncrypt/Android.mk +++ b/uncrypt/Android.mk @@ -20,6 +20,8 @@ LOCAL_CLANG := true LOCAL_SRC_FILES := uncrypt.cpp +LOCAL_C_INCLUDES := $(LOCAL_PATH)/.. + LOCAL_MODULE := uncrypt LOCAL_STATIC_LIBRARIES := libbase liblog libfs_mgr libcutils diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 8785b29af..aef480035 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -51,6 +51,8 @@ #include #include +#include + #include #include #include @@ -60,6 +62,8 @@ #define LOG_TAG "uncrypt" #include +#include "unique_fd.h" + #define WINDOW_SIZE 5 static const std::string cache_block_map = "/cache/recovery/block.map"; @@ -183,6 +187,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* return -1; } FILE* mapf = fdopen(mapfd, "w"); + unique_file mapf_holder(mapf); // Make sure we can write to the status_file. if (!android::base::WriteStringToFd("0\n", status_fd)) { @@ -191,8 +196,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* } struct stat sb; - int ret = stat(path, &sb); - if (ret != 0) { + if (stat(path, &sb) != 0) { ALOGE("failed to stat %s\n", path); return -1; } @@ -221,15 +225,18 @@ static int produce_block_map(const char* path, const char* map_file, const char* size_t pos = 0; int fd = open(path, O_RDONLY); - if (fd < 0) { + unique_fd fd_holder(fd); + if (fd == -1) { ALOGE("failed to open fd for reading: %s\n", strerror(errno)); return -1; } int wfd = -1; + unique_fd wfd_holder(wfd); if (encrypted) { wfd = open(blk_dev, O_WRONLY | O_SYNC); - if (wfd < 0) { + wfd_holder = unique_fd(wfd); + if (wfd == -1) { ALOGE("failed to open fd for writing: %s\n", strerror(errno)); return -1; } @@ -247,8 +254,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* if ((tail+1) % WINDOW_SIZE == head) { // write out head buffer int block = head_block; - ret = ioctl(fd, FIBMAP, &block); - if (ret != 0) { + if (ioctl(fd, FIBMAP, &block) != 0) { ALOGE("failed to find block %d\n", head_block); return -1; } @@ -288,8 +294,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* while (head != tail) { // write out head buffer int block = head_block; - ret = ioctl(fd, FIBMAP, &block); - if (ret != 0) { + if (ioctl(fd, FIBMAP, &block) != 0) { ALOGE("failed to find block %d\n", head_block); return -1; } @@ -313,14 +318,11 @@ static int produce_block_map(const char* path, const char* map_file, const char* ALOGE("failed to fsync \"%s\": %s\n", map_file, strerror(errno)); return -1; } - fclose(mapf); - close(fd); if (encrypted) { if (fsync(wfd) == -1) { ALOGE("failed to fsync \"%s\": %s\n", blk_dev, strerror(errno)); return -1; } - close(wfd); } return 0; @@ -333,6 +335,8 @@ static void wipe_misc() { if (!v->mount_point) continue; if (strcmp(v->mount_point, "/misc") == 0) { int fd = open(v->blk_device, O_WRONLY | O_SYNC); + unique_fd fd_holder(fd); + uint8_t zeroes[1088]; // sizeof(bootloader_message) from recovery memset(zeroes, 0, sizeof(zeroes)); @@ -349,10 +353,8 @@ static void wipe_misc() { } if (fsync(fd) == -1) { ALOGE("failed to fsync \"%s\": %s\n", v->blk_device, strerror(errno)); - close(fd); return; } - close(fd); } } } @@ -437,6 +439,7 @@ int main(int argc, char** argv) { ALOGE("failed to open pipe \"%s\": %s\n", status_file.c_str(), strerror(errno)); return 1; } + unique_fd status_fd_holder(status_fd); if (argc == 3) { // when command-line args are given this binary is being used @@ -447,7 +450,6 @@ int main(int argc, char** argv) { std::string package; if (!find_uncrypt_package(package)) { android::base::WriteStringToFd("-1\n", status_fd); - close(status_fd); return 1; } input_path = package.c_str(); @@ -457,12 +459,10 @@ int main(int argc, char** argv) { int status = uncrypt(input_path, map_file, status_fd); if (status != 0) { android::base::WriteStringToFd("-1\n", status_fd); - close(status_fd); return 1; } android::base::WriteStringToFd("100\n", status_fd); - close(status_fd); } return 0; diff --git a/unique_fd.h b/unique_fd.h new file mode 100644 index 000000000..98a7c7b67 --- /dev/null +++ b/unique_fd.h @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef UNIQUE_FD_H +#define UNIQUE_FD_H + +#include + +#include + +class unique_fd { + public: + unique_fd(int fd) : fd_(fd) { } + + unique_fd(unique_fd&& uf) { + fd_ = uf.fd_; + uf.fd_ = -1; + } + + ~unique_fd() { + if (fd_ != -1) { + close(fd_); + } + } + + int get() { + return fd_; + } + + // Movable. + unique_fd& operator=(unique_fd&& uf) { + fd_ = uf.fd_; + uf.fd_ = -1; + return *this; + } + + explicit operator bool() const { + return fd_ != -1; + } + + private: + int fd_; + + // Non-copyable. + unique_fd(const unique_fd&) = delete; + unique_fd& operator=(const unique_fd&) = delete; +}; + +// Custom deleter for unique_file to avoid fclose(NULL). +struct safe_fclose { + void operator()(FILE *fp) const { + if (fp) { + fclose(fp); + }; + } +}; + +using unique_file = std::unique_ptr; + +#endif // UNIQUE_FD_H -- cgit v1.2.3 From 2a5a49d3376eae890d76bb560e0d8ffc264ff5a6 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 20 Aug 2015 12:10:46 -0700 Subject: edify: Switch to C++. Change-Id: I71aede6e29af1dc4bb858a62016c8035db5d3452 --- edify/Android.mk | 16 +- edify/expr.c | 505 ------------------------------------------------------ edify/expr.cpp | 507 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ edify/expr.h | 10 +- edify/main.c | 214 ----------------------- edify/main.cpp | 214 +++++++++++++++++++++++ edify/parser.y | 8 +- 7 files changed, 732 insertions(+), 742 deletions(-) delete mode 100644 edify/expr.c create mode 100644 edify/expr.cpp delete mode 100644 edify/main.c create mode 100644 edify/main.cpp diff --git a/edify/Android.mk b/edify/Android.mk index eb366c287..9b859d42e 100644 --- a/edify/Android.mk +++ b/edify/Android.mk @@ -5,12 +5,7 @@ LOCAL_PATH := $(call my-dir) edify_src_files := \ lexer.l \ parser.y \ - expr.c - -# "-x c" forces the lex/yacc files to be compiled as c the build system -# otherwise forces them to be c++. Need to also add an explicit -std because the -# build system will soon default C++ to -std=c++11. -edify_cflags := -x c -std=gnu89 + expr.cpp # # Build the host-side command line tool @@ -19,12 +14,13 @@ include $(CLEAR_VARS) LOCAL_SRC_FILES := \ $(edify_src_files) \ - main.c + main.cpp -LOCAL_CPPFLAGS := $(edify_cflags) -g -O0 +LOCAL_CPPFLAGS := -g -O0 LOCAL_MODULE := edify LOCAL_YACCFLAGS := -v LOCAL_CPPFLAGS += -Wno-unused-parameter +LOCAL_CPPFLAGS += -Wno-deprecated-register LOCAL_CLANG := true include $(BUILD_HOST_EXECUTABLE) @@ -36,8 +32,8 @@ include $(CLEAR_VARS) LOCAL_SRC_FILES := $(edify_src_files) -LOCAL_CPPFLAGS := $(edify_cflags) -LOCAL_CPPFLAGS += -Wno-unused-parameter +LOCAL_CPPFLAGS := -Wno-unused-parameter +LOCAL_CPPFLAGS += -Wno-deprecated-register LOCAL_MODULE := libedify LOCAL_CLANG := true diff --git a/edify/expr.c b/edify/expr.c deleted file mode 100644 index 79f6282d8..000000000 --- a/edify/expr.c +++ /dev/null @@ -1,505 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include - -#include "expr.h" - -// Functions should: -// -// - return a malloc()'d string -// - if Evaluate() on any argument returns NULL, return NULL. - -int BooleanString(const char* s) { - return s[0] != '\0'; -} - -char* Evaluate(State* state, Expr* expr) { - Value* v = expr->fn(expr->name, state, expr->argc, expr->argv); - if (v == NULL) return NULL; - if (v->type != VAL_STRING) { - ErrorAbort(state, "expecting string, got value type %d", v->type); - FreeValue(v); - return NULL; - } - char* result = v->data; - free(v); - return result; -} - -Value* EvaluateValue(State* state, Expr* expr) { - return expr->fn(expr->name, state, expr->argc, expr->argv); -} - -Value* StringValue(char* str) { - if (str == NULL) return NULL; - Value* v = malloc(sizeof(Value)); - v->type = VAL_STRING; - v->size = strlen(str); - v->data = str; - return v; -} - -void FreeValue(Value* v) { - if (v == NULL) return; - free(v->data); - free(v); -} - -Value* ConcatFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc == 0) { - return StringValue(strdup("")); - } - char** strings = malloc(argc * sizeof(char*)); - int i; - for (i = 0; i < argc; ++i) { - strings[i] = NULL; - } - char* result = NULL; - int length = 0; - for (i = 0; i < argc; ++i) { - strings[i] = Evaluate(state, argv[i]); - if (strings[i] == NULL) { - goto done; - } - length += strlen(strings[i]); - } - - result = malloc(length+1); - int p = 0; - for (i = 0; i < argc; ++i) { - strcpy(result+p, strings[i]); - p += strlen(strings[i]); - } - result[p] = '\0'; - - done: - for (i = 0; i < argc; ++i) { - free(strings[i]); - } - free(strings); - return StringValue(result); -} - -Value* IfElseFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2 && argc != 3) { - free(state->errmsg); - state->errmsg = strdup("ifelse expects 2 or 3 arguments"); - return NULL; - } - char* cond = Evaluate(state, argv[0]); - if (cond == NULL) { - return NULL; - } - - if (BooleanString(cond) == true) { - free(cond); - return EvaluateValue(state, argv[1]); - } else { - if (argc == 3) { - free(cond); - return EvaluateValue(state, argv[2]); - } else { - return StringValue(cond); - } - } -} - -Value* AbortFn(const char* name, State* state, int argc, Expr* argv[]) { - char* msg = NULL; - if (argc > 0) { - msg = Evaluate(state, argv[0]); - } - free(state->errmsg); - if (msg) { - state->errmsg = msg; - } else { - state->errmsg = strdup("called abort()"); - } - return NULL; -} - -Value* AssertFn(const char* name, State* state, int argc, Expr* argv[]) { - int i; - for (i = 0; i < argc; ++i) { - char* v = Evaluate(state, argv[i]); - if (v == NULL) { - return NULL; - } - int b = BooleanString(v); - free(v); - if (!b) { - int prefix_len; - int len = argv[i]->end - argv[i]->start; - char* err_src = malloc(len + 20); - strcpy(err_src, "assert failed: "); - prefix_len = strlen(err_src); - memcpy(err_src + prefix_len, state->script + argv[i]->start, len); - err_src[prefix_len + len] = '\0'; - free(state->errmsg); - state->errmsg = err_src; - return NULL; - } - } - return StringValue(strdup("")); -} - -Value* SleepFn(const char* name, State* state, int argc, Expr* argv[]) { - char* val = Evaluate(state, argv[0]); - if (val == NULL) { - return NULL; - } - int v = strtol(val, NULL, 10); - sleep(v); - return StringValue(val); -} - -Value* StdoutFn(const char* name, State* state, int argc, Expr* argv[]) { - int i; - for (i = 0; i < argc; ++i) { - char* v = Evaluate(state, argv[i]); - if (v == NULL) { - return NULL; - } - fputs(v, stdout); - free(v); - } - return StringValue(strdup("")); -} - -Value* LogicalAndFn(const char* name, State* state, - int argc, Expr* argv[]) { - char* left = Evaluate(state, argv[0]); - if (left == NULL) return NULL; - if (BooleanString(left) == true) { - free(left); - return EvaluateValue(state, argv[1]); - } else { - return StringValue(left); - } -} - -Value* LogicalOrFn(const char* name, State* state, - int argc, Expr* argv[]) { - char* left = Evaluate(state, argv[0]); - if (left == NULL) return NULL; - if (BooleanString(left) == false) { - free(left); - return EvaluateValue(state, argv[1]); - } else { - return StringValue(left); - } -} - -Value* LogicalNotFn(const char* name, State* state, - int argc, Expr* argv[]) { - char* val = Evaluate(state, argv[0]); - if (val == NULL) return NULL; - bool bv = BooleanString(val); - free(val); - return StringValue(strdup(bv ? "" : "t")); -} - -Value* SubstringFn(const char* name, State* state, - int argc, Expr* argv[]) { - char* needle = Evaluate(state, argv[0]); - if (needle == NULL) return NULL; - char* haystack = Evaluate(state, argv[1]); - if (haystack == NULL) { - free(needle); - return NULL; - } - - char* result = strdup(strstr(haystack, needle) ? "t" : ""); - free(needle); - free(haystack); - return StringValue(result); -} - -Value* EqualityFn(const char* name, State* state, int argc, Expr* argv[]) { - char* left = Evaluate(state, argv[0]); - if (left == NULL) return NULL; - char* right = Evaluate(state, argv[1]); - if (right == NULL) { - free(left); - return NULL; - } - - char* result = strdup(strcmp(left, right) == 0 ? "t" : ""); - free(left); - free(right); - return StringValue(result); -} - -Value* InequalityFn(const char* name, State* state, int argc, Expr* argv[]) { - char* left = Evaluate(state, argv[0]); - if (left == NULL) return NULL; - char* right = Evaluate(state, argv[1]); - if (right == NULL) { - free(left); - return NULL; - } - - char* result = strdup(strcmp(left, right) != 0 ? "t" : ""); - free(left); - free(right); - return StringValue(result); -} - -Value* SequenceFn(const char* name, State* state, int argc, Expr* argv[]) { - Value* left = EvaluateValue(state, argv[0]); - if (left == NULL) return NULL; - FreeValue(left); - return EvaluateValue(state, argv[1]); -} - -Value* LessThanIntFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - free(state->errmsg); - state->errmsg = strdup("less_than_int expects 2 arguments"); - return NULL; - } - - char* left; - char* right; - if (ReadArgs(state, argv, 2, &left, &right) < 0) return NULL; - - bool result = false; - char* end; - - long l_int = strtol(left, &end, 10); - if (left[0] == '\0' || *end != '\0') { - goto done; - } - - long r_int = strtol(right, &end, 10); - if (right[0] == '\0' || *end != '\0') { - goto done; - } - - result = l_int < r_int; - - done: - free(left); - free(right); - return StringValue(strdup(result ? "t" : "")); -} - -Value* GreaterThanIntFn(const char* name, State* state, - int argc, Expr* argv[]) { - if (argc != 2) { - free(state->errmsg); - state->errmsg = strdup("greater_than_int expects 2 arguments"); - return NULL; - } - - Expr* temp[2]; - temp[0] = argv[1]; - temp[1] = argv[0]; - - return LessThanIntFn(name, state, 2, temp); -} - -Value* Literal(const char* name, State* state, int argc, Expr* argv[]) { - return StringValue(strdup(name)); -} - -Expr* Build(Function fn, YYLTYPE loc, int count, ...) { - va_list v; - va_start(v, count); - Expr* e = malloc(sizeof(Expr)); - e->fn = fn; - e->name = "(operator)"; - e->argc = count; - e->argv = malloc(count * sizeof(Expr*)); - int i; - for (i = 0; i < count; ++i) { - e->argv[i] = va_arg(v, Expr*); - } - va_end(v); - e->start = loc.start; - e->end = loc.end; - return e; -} - -// ----------------------------------------------------------------- -// the function table -// ----------------------------------------------------------------- - -static int fn_entries = 0; -static int fn_size = 0; -NamedFunction* fn_table = NULL; - -void RegisterFunction(const char* name, Function fn) { - if (fn_entries >= fn_size) { - fn_size = fn_size*2 + 1; - fn_table = realloc(fn_table, fn_size * sizeof(NamedFunction)); - } - fn_table[fn_entries].name = name; - fn_table[fn_entries].fn = fn; - ++fn_entries; -} - -static int fn_entry_compare(const void* a, const void* b) { - const char* na = ((const NamedFunction*)a)->name; - const char* nb = ((const NamedFunction*)b)->name; - return strcmp(na, nb); -} - -void FinishRegistration() { - qsort(fn_table, fn_entries, sizeof(NamedFunction), fn_entry_compare); -} - -Function FindFunction(const char* name) { - NamedFunction key; - key.name = name; - NamedFunction* nf = bsearch(&key, fn_table, fn_entries, - sizeof(NamedFunction), fn_entry_compare); - if (nf == NULL) { - return NULL; - } - return nf->fn; -} - -void RegisterBuiltins() { - RegisterFunction("ifelse", IfElseFn); - RegisterFunction("abort", AbortFn); - RegisterFunction("assert", AssertFn); - RegisterFunction("concat", ConcatFn); - RegisterFunction("is_substring", SubstringFn); - RegisterFunction("stdout", StdoutFn); - RegisterFunction("sleep", SleepFn); - - RegisterFunction("less_than_int", LessThanIntFn); - RegisterFunction("greater_than_int", GreaterThanIntFn); -} - - -// ----------------------------------------------------------------- -// convenience methods for functions -// ----------------------------------------------------------------- - -// Evaluate the expressions in argv, giving 'count' char* (the ... is -// zero or more char** to put them in). If any expression evaluates -// to NULL, free the rest and return -1. Return 0 on success. -int ReadArgs(State* state, Expr* argv[], int count, ...) { - char** args = malloc(count * sizeof(char*)); - va_list v; - va_start(v, count); - int i; - for (i = 0; i < count; ++i) { - args[i] = Evaluate(state, argv[i]); - if (args[i] == NULL) { - va_end(v); - int j; - for (j = 0; j < i; ++j) { - free(args[j]); - } - free(args); - return -1; - } - *(va_arg(v, char**)) = args[i]; - } - va_end(v); - free(args); - return 0; -} - -// Evaluate the expressions in argv, giving 'count' Value* (the ... is -// zero or more Value** to put them in). If any expression evaluates -// to NULL, free the rest and return -1. Return 0 on success. -int ReadValueArgs(State* state, Expr* argv[], int count, ...) { - Value** args = malloc(count * sizeof(Value*)); - va_list v; - va_start(v, count); - int i; - for (i = 0; i < count; ++i) { - args[i] = EvaluateValue(state, argv[i]); - if (args[i] == NULL) { - va_end(v); - int j; - for (j = 0; j < i; ++j) { - FreeValue(args[j]); - } - free(args); - return -1; - } - *(va_arg(v, Value**)) = args[i]; - } - va_end(v); - free(args); - return 0; -} - -// Evaluate the expressions in argv, returning an array of char* -// results. If any evaluate to NULL, free the rest and return NULL. -// The caller is responsible for freeing the returned array and the -// strings it contains. -char** ReadVarArgs(State* state, int argc, Expr* argv[]) { - char** args = (char**)malloc(argc * sizeof(char*)); - int i = 0; - for (i = 0; i < argc; ++i) { - args[i] = Evaluate(state, argv[i]); - if (args[i] == NULL) { - int j; - for (j = 0; j < i; ++j) { - free(args[j]); - } - free(args); - return NULL; - } - } - return args; -} - -// Evaluate the expressions in argv, returning an array of Value* -// results. If any evaluate to NULL, free the rest and return NULL. -// The caller is responsible for freeing the returned array and the -// Values it contains. -Value** ReadValueVarArgs(State* state, int argc, Expr* argv[]) { - Value** args = (Value**)malloc(argc * sizeof(Value*)); - int i = 0; - for (i = 0; i < argc; ++i) { - args[i] = EvaluateValue(state, argv[i]); - if (args[i] == NULL) { - int j; - for (j = 0; j < i; ++j) { - FreeValue(args[j]); - } - free(args); - return NULL; - } - } - return args; -} - -// Use printf-style arguments to compose an error message to put into -// *state. Returns NULL. -Value* ErrorAbort(State* state, const char* format, ...) { - char* buffer = malloc(4096); - va_list v; - va_start(v, format); - vsnprintf(buffer, 4096, format, v); - va_end(v); - free(state->errmsg); - state->errmsg = buffer; - return NULL; -} diff --git a/edify/expr.cpp b/edify/expr.cpp new file mode 100644 index 000000000..cd1e08726 --- /dev/null +++ b/edify/expr.cpp @@ -0,0 +1,507 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include + +#include "expr.h" + +// Functions should: +// +// - return a malloc()'d string +// - if Evaluate() on any argument returns NULL, return NULL. + +int BooleanString(const char* s) { + return s[0] != '\0'; +} + +char* Evaluate(State* state, Expr* expr) { + Value* v = expr->fn(expr->name, state, expr->argc, expr->argv); + if (v == NULL) return NULL; + if (v->type != VAL_STRING) { + ErrorAbort(state, "expecting string, got value type %d", v->type); + FreeValue(v); + return NULL; + } + char* result = v->data; + free(v); + return result; +} + +Value* EvaluateValue(State* state, Expr* expr) { + return expr->fn(expr->name, state, expr->argc, expr->argv); +} + +Value* StringValue(char* str) { + if (str == NULL) return NULL; + Value* v = reinterpret_cast(malloc(sizeof(Value))); + v->type = VAL_STRING; + v->size = strlen(str); + v->data = str; + return v; +} + +void FreeValue(Value* v) { + if (v == NULL) return; + free(v->data); + free(v); +} + +Value* ConcatFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc == 0) { + return StringValue(strdup("")); + } + char** strings = reinterpret_cast(malloc(argc * sizeof(char*))); + int i; + for (i = 0; i < argc; ++i) { + strings[i] = NULL; + } + char* result = NULL; + int length = 0; + for (i = 0; i < argc; ++i) { + strings[i] = Evaluate(state, argv[i]); + if (strings[i] == NULL) { + goto done; + } + length += strlen(strings[i]); + } + + result = reinterpret_cast(malloc(length+1)); + int p; + p = 0; + for (i = 0; i < argc; ++i) { + strcpy(result+p, strings[i]); + p += strlen(strings[i]); + } + result[p] = '\0'; + + done: + for (i = 0; i < argc; ++i) { + free(strings[i]); + } + free(strings); + return StringValue(result); +} + +Value* IfElseFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2 && argc != 3) { + free(state->errmsg); + state->errmsg = strdup("ifelse expects 2 or 3 arguments"); + return NULL; + } + char* cond = Evaluate(state, argv[0]); + if (cond == NULL) { + return NULL; + } + + if (BooleanString(cond) == true) { + free(cond); + return EvaluateValue(state, argv[1]); + } else { + if (argc == 3) { + free(cond); + return EvaluateValue(state, argv[2]); + } else { + return StringValue(cond); + } + } +} + +Value* AbortFn(const char* name, State* state, int argc, Expr* argv[]) { + char* msg = NULL; + if (argc > 0) { + msg = Evaluate(state, argv[0]); + } + free(state->errmsg); + if (msg) { + state->errmsg = msg; + } else { + state->errmsg = strdup("called abort()"); + } + return NULL; +} + +Value* AssertFn(const char* name, State* state, int argc, Expr* argv[]) { + int i; + for (i = 0; i < argc; ++i) { + char* v = Evaluate(state, argv[i]); + if (v == NULL) { + return NULL; + } + int b = BooleanString(v); + free(v); + if (!b) { + int prefix_len; + int len = argv[i]->end - argv[i]->start; + char* err_src = reinterpret_cast(malloc(len + 20)); + strcpy(err_src, "assert failed: "); + prefix_len = strlen(err_src); + memcpy(err_src + prefix_len, state->script + argv[i]->start, len); + err_src[prefix_len + len] = '\0'; + free(state->errmsg); + state->errmsg = err_src; + return NULL; + } + } + return StringValue(strdup("")); +} + +Value* SleepFn(const char* name, State* state, int argc, Expr* argv[]) { + char* val = Evaluate(state, argv[0]); + if (val == NULL) { + return NULL; + } + int v = strtol(val, NULL, 10); + sleep(v); + return StringValue(val); +} + +Value* StdoutFn(const char* name, State* state, int argc, Expr* argv[]) { + int i; + for (i = 0; i < argc; ++i) { + char* v = Evaluate(state, argv[i]); + if (v == NULL) { + return NULL; + } + fputs(v, stdout); + free(v); + } + return StringValue(strdup("")); +} + +Value* LogicalAndFn(const char* name, State* state, + int argc, Expr* argv[]) { + char* left = Evaluate(state, argv[0]); + if (left == NULL) return NULL; + if (BooleanString(left) == true) { + free(left); + return EvaluateValue(state, argv[1]); + } else { + return StringValue(left); + } +} + +Value* LogicalOrFn(const char* name, State* state, + int argc, Expr* argv[]) { + char* left = Evaluate(state, argv[0]); + if (left == NULL) return NULL; + if (BooleanString(left) == false) { + free(left); + return EvaluateValue(state, argv[1]); + } else { + return StringValue(left); + } +} + +Value* LogicalNotFn(const char* name, State* state, + int argc, Expr* argv[]) { + char* val = Evaluate(state, argv[0]); + if (val == NULL) return NULL; + bool bv = BooleanString(val); + free(val); + return StringValue(strdup(bv ? "" : "t")); +} + +Value* SubstringFn(const char* name, State* state, + int argc, Expr* argv[]) { + char* needle = Evaluate(state, argv[0]); + if (needle == NULL) return NULL; + char* haystack = Evaluate(state, argv[1]); + if (haystack == NULL) { + free(needle); + return NULL; + } + + char* result = strdup(strstr(haystack, needle) ? "t" : ""); + free(needle); + free(haystack); + return StringValue(result); +} + +Value* EqualityFn(const char* name, State* state, int argc, Expr* argv[]) { + char* left = Evaluate(state, argv[0]); + if (left == NULL) return NULL; + char* right = Evaluate(state, argv[1]); + if (right == NULL) { + free(left); + return NULL; + } + + char* result = strdup(strcmp(left, right) == 0 ? "t" : ""); + free(left); + free(right); + return StringValue(result); +} + +Value* InequalityFn(const char* name, State* state, int argc, Expr* argv[]) { + char* left = Evaluate(state, argv[0]); + if (left == NULL) return NULL; + char* right = Evaluate(state, argv[1]); + if (right == NULL) { + free(left); + return NULL; + } + + char* result = strdup(strcmp(left, right) != 0 ? "t" : ""); + free(left); + free(right); + return StringValue(result); +} + +Value* SequenceFn(const char* name, State* state, int argc, Expr* argv[]) { + Value* left = EvaluateValue(state, argv[0]); + if (left == NULL) return NULL; + FreeValue(left); + return EvaluateValue(state, argv[1]); +} + +Value* LessThanIntFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + free(state->errmsg); + state->errmsg = strdup("less_than_int expects 2 arguments"); + return NULL; + } + + char* left; + char* right; + if (ReadArgs(state, argv, 2, &left, &right) < 0) return NULL; + + bool result = false; + char* end; + + long l_int = strtol(left, &end, 10); + if (left[0] == '\0' || *end != '\0') { + goto done; + } + + long r_int; + r_int = strtol(right, &end, 10); + if (right[0] == '\0' || *end != '\0') { + goto done; + } + + result = l_int < r_int; + + done: + free(left); + free(right); + return StringValue(strdup(result ? "t" : "")); +} + +Value* GreaterThanIntFn(const char* name, State* state, + int argc, Expr* argv[]) { + if (argc != 2) { + free(state->errmsg); + state->errmsg = strdup("greater_than_int expects 2 arguments"); + return NULL; + } + + Expr* temp[2]; + temp[0] = argv[1]; + temp[1] = argv[0]; + + return LessThanIntFn(name, state, 2, temp); +} + +Value* Literal(const char* name, State* state, int argc, Expr* argv[]) { + return StringValue(strdup(name)); +} + +Expr* Build(Function fn, YYLTYPE loc, int count, ...) { + va_list v; + va_start(v, count); + Expr* e = reinterpret_cast(malloc(sizeof(Expr))); + e->fn = fn; + e->name = "(operator)"; + e->argc = count; + e->argv = reinterpret_cast(malloc(count * sizeof(Expr*))); + int i; + for (i = 0; i < count; ++i) { + e->argv[i] = va_arg(v, Expr*); + } + va_end(v); + e->start = loc.start; + e->end = loc.end; + return e; +} + +// ----------------------------------------------------------------- +// the function table +// ----------------------------------------------------------------- + +static int fn_entries = 0; +static int fn_size = 0; +NamedFunction* fn_table = NULL; + +void RegisterFunction(const char* name, Function fn) { + if (fn_entries >= fn_size) { + fn_size = fn_size*2 + 1; + fn_table = reinterpret_cast(realloc(fn_table, fn_size * sizeof(NamedFunction))); + } + fn_table[fn_entries].name = name; + fn_table[fn_entries].fn = fn; + ++fn_entries; +} + +static int fn_entry_compare(const void* a, const void* b) { + const char* na = ((const NamedFunction*)a)->name; + const char* nb = ((const NamedFunction*)b)->name; + return strcmp(na, nb); +} + +void FinishRegistration() { + qsort(fn_table, fn_entries, sizeof(NamedFunction), fn_entry_compare); +} + +Function FindFunction(const char* name) { + NamedFunction key; + key.name = name; + NamedFunction* nf = reinterpret_cast(bsearch(&key, fn_table, fn_entries, + sizeof(NamedFunction), fn_entry_compare)); + if (nf == NULL) { + return NULL; + } + return nf->fn; +} + +void RegisterBuiltins() { + RegisterFunction("ifelse", IfElseFn); + RegisterFunction("abort", AbortFn); + RegisterFunction("assert", AssertFn); + RegisterFunction("concat", ConcatFn); + RegisterFunction("is_substring", SubstringFn); + RegisterFunction("stdout", StdoutFn); + RegisterFunction("sleep", SleepFn); + + RegisterFunction("less_than_int", LessThanIntFn); + RegisterFunction("greater_than_int", GreaterThanIntFn); +} + + +// ----------------------------------------------------------------- +// convenience methods for functions +// ----------------------------------------------------------------- + +// Evaluate the expressions in argv, giving 'count' char* (the ... is +// zero or more char** to put them in). If any expression evaluates +// to NULL, free the rest and return -1. Return 0 on success. +int ReadArgs(State* state, Expr* argv[], int count, ...) { + char** args = reinterpret_cast(malloc(count * sizeof(char*))); + va_list v; + va_start(v, count); + int i; + for (i = 0; i < count; ++i) { + args[i] = Evaluate(state, argv[i]); + if (args[i] == NULL) { + va_end(v); + int j; + for (j = 0; j < i; ++j) { + free(args[j]); + } + free(args); + return -1; + } + *(va_arg(v, char**)) = args[i]; + } + va_end(v); + free(args); + return 0; +} + +// Evaluate the expressions in argv, giving 'count' Value* (the ... is +// zero or more Value** to put them in). If any expression evaluates +// to NULL, free the rest and return -1. Return 0 on success. +int ReadValueArgs(State* state, Expr* argv[], int count, ...) { + Value** args = reinterpret_cast(malloc(count * sizeof(Value*))); + va_list v; + va_start(v, count); + int i; + for (i = 0; i < count; ++i) { + args[i] = EvaluateValue(state, argv[i]); + if (args[i] == NULL) { + va_end(v); + int j; + for (j = 0; j < i; ++j) { + FreeValue(args[j]); + } + free(args); + return -1; + } + *(va_arg(v, Value**)) = args[i]; + } + va_end(v); + free(args); + return 0; +} + +// Evaluate the expressions in argv, returning an array of char* +// results. If any evaluate to NULL, free the rest and return NULL. +// The caller is responsible for freeing the returned array and the +// strings it contains. +char** ReadVarArgs(State* state, int argc, Expr* argv[]) { + char** args = (char**)malloc(argc * sizeof(char*)); + int i = 0; + for (i = 0; i < argc; ++i) { + args[i] = Evaluate(state, argv[i]); + if (args[i] == NULL) { + int j; + for (j = 0; j < i; ++j) { + free(args[j]); + } + free(args); + return NULL; + } + } + return args; +} + +// Evaluate the expressions in argv, returning an array of Value* +// results. If any evaluate to NULL, free the rest and return NULL. +// The caller is responsible for freeing the returned array and the +// Values it contains. +Value** ReadValueVarArgs(State* state, int argc, Expr* argv[]) { + Value** args = (Value**)malloc(argc * sizeof(Value*)); + int i = 0; + for (i = 0; i < argc; ++i) { + args[i] = EvaluateValue(state, argv[i]); + if (args[i] == NULL) { + int j; + for (j = 0; j < i; ++j) { + FreeValue(args[j]); + } + free(args); + return NULL; + } + } + return args; +} + +// Use printf-style arguments to compose an error message to put into +// *state. Returns NULL. +Value* ErrorAbort(State* state, const char* format, ...) { + char* buffer = reinterpret_cast(malloc(4096)); + va_list v; + va_start(v, format); + vsnprintf(buffer, 4096, format, v); + va_end(v); + free(state->errmsg); + state->errmsg = buffer; + return NULL; +} diff --git a/edify/expr.h b/edify/expr.h index a9ed2f9c5..36f8e9612 100644 --- a/edify/expr.h +++ b/edify/expr.h @@ -21,10 +21,6 @@ #include "yydefs.h" -#ifdef __cplusplus -extern "C" { -#endif - #define MAX_STRING_LEN 1024 typedef struct Expr Expr; @@ -59,7 +55,7 @@ typedef Value* (*Function)(const char* name, State* state, struct Expr { Function fn; - char* name; + const char* name; int argc; Expr** argv; int start, end; @@ -166,8 +162,4 @@ void FreeValue(Value* v); int parse_string(const char* str, Expr** root, int* error_count); -#ifdef __cplusplus -} // extern "C" -#endif - #endif // _EXPRESSION_H diff --git a/edify/main.c b/edify/main.c deleted file mode 100644 index b1baa0b13..000000000 --- a/edify/main.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include - -#include "expr.h" -#include "parser.h" - -extern int yyparse(Expr** root, int* error_count); - -int expect(const char* expr_str, const char* expected, int* errors) { - Expr* e; - char* result; - - printf("."); - - int error_count = parse_string(expr_str, &e, &error_count); - if (error_count > 0) { - printf("error parsing \"%s\" (%d errors)\n", - expr_str, error_count); - ++*errors; - return 0; - } - - State state; - state.cookie = NULL; - state.script = strdup(expr_str); - state.errmsg = NULL; - - result = Evaluate(&state, e); - free(state.errmsg); - free(state.script); - if (result == NULL && expected != NULL) { - printf("error evaluating \"%s\"\n", expr_str); - ++*errors; - return 0; - } - - if (result == NULL && expected == NULL) { - return 1; - } - - if (strcmp(result, expected) != 0) { - printf("evaluating \"%s\": expected \"%s\", got \"%s\"\n", - expr_str, expected, result); - ++*errors; - free(result); - return 0; - } - - free(result); - return 1; -} - -int test() { - int errors = 0; - - expect("a", "a", &errors); - expect("\"a\"", "a", &errors); - expect("\"\\x61\"", "a", &errors); - expect("# this is a comment\n" - " a\n" - " \n", - "a", &errors); - - - // sequence operator - expect("a; b; c", "c", &errors); - - // string concat operator - expect("a + b", "ab", &errors); - expect("a + \n \"b\"", "ab", &errors); - expect("a + b +\nc\n", "abc", &errors); - - // string concat function - expect("concat(a, b)", "ab", &errors); - expect("concat(a,\n \"b\")", "ab", &errors); - expect("concat(a + b,\nc,\"d\")", "abcd", &errors); - expect("\"concat\"(a + b,\nc,\"d\")", "abcd", &errors); - - // logical and - expect("a && b", "b", &errors); - expect("a && \"\"", "", &errors); - expect("\"\" && b", "", &errors); - expect("\"\" && \"\"", "", &errors); - expect("\"\" && abort()", "", &errors); // test short-circuiting - expect("t && abort()", NULL, &errors); - - // logical or - expect("a || b", "a", &errors); - expect("a || \"\"", "a", &errors); - expect("\"\" || b", "b", &errors); - expect("\"\" || \"\"", "", &errors); - expect("a || abort()", "a", &errors); // test short-circuiting - expect("\"\" || abort()", NULL, &errors); - - // logical not - expect("!a", "", &errors); - expect("! \"\"", "t", &errors); - expect("!!a", "t", &errors); - - // precedence - expect("\"\" == \"\" && b", "b", &errors); - expect("a + b == ab", "t", &errors); - expect("ab == a + b", "t", &errors); - expect("a + (b == ab)", "a", &errors); - expect("(ab == a) + b", "b", &errors); - - // substring function - expect("is_substring(cad, abracadabra)", "t", &errors); - expect("is_substring(abrac, abracadabra)", "t", &errors); - expect("is_substring(dabra, abracadabra)", "t", &errors); - expect("is_substring(cad, abracxadabra)", "", &errors); - expect("is_substring(abrac, axbracadabra)", "", &errors); - expect("is_substring(dabra, abracadabrxa)", "", &errors); - - // ifelse function - expect("ifelse(t, yes, no)", "yes", &errors); - expect("ifelse(!t, yes, no)", "no", &errors); - expect("ifelse(t, yes, abort())", "yes", &errors); - expect("ifelse(!t, abort(), no)", "no", &errors); - - // if "statements" - expect("if t then yes else no endif", "yes", &errors); - expect("if \"\" then yes else no endif", "no", &errors); - expect("if \"\" then yes endif", "", &errors); - expect("if \"\"; t then yes endif", "yes", &errors); - - // numeric comparisons - expect("less_than_int(3, 14)", "t", &errors); - expect("less_than_int(14, 3)", "", &errors); - expect("less_than_int(x, 3)", "", &errors); - expect("less_than_int(3, x)", "", &errors); - expect("greater_than_int(3, 14)", "", &errors); - expect("greater_than_int(14, 3)", "t", &errors); - expect("greater_than_int(x, 3)", "", &errors); - expect("greater_than_int(3, x)", "", &errors); - - printf("\n"); - - return errors; -} - -void ExprDump(int depth, Expr* n, char* script) { - printf("%*s", depth*2, ""); - char temp = script[n->end]; - script[n->end] = '\0'; - printf("%s %p (%d-%d) \"%s\"\n", - n->name == NULL ? "(NULL)" : n->name, n->fn, n->start, n->end, - script+n->start); - script[n->end] = temp; - int i; - for (i = 0; i < n->argc; ++i) { - ExprDump(depth+1, n->argv[i], script); - } -} - -int main(int argc, char** argv) { - RegisterBuiltins(); - FinishRegistration(); - - if (argc == 1) { - return test() != 0; - } - - FILE* f = fopen(argv[1], "r"); - if (f == NULL) { - printf("%s: %s: No such file or directory\n", argv[0], argv[1]); - return 1; - } - char buffer[8192]; - int size = fread(buffer, 1, 8191, f); - fclose(f); - buffer[size] = '\0'; - - Expr* root; - int error_count = 0; - int error = parse_string(buffer, &root, &error_count); - printf("parse returned %d; %d errors encountered\n", error, error_count); - if (error == 0 || error_count > 0) { - - ExprDump(0, root, buffer); - - State state; - state.cookie = NULL; - state.script = buffer; - state.errmsg = NULL; - - char* result = Evaluate(&state, root); - if (result == NULL) { - printf("result was NULL, message is: %s\n", - (state.errmsg == NULL ? "(NULL)" : state.errmsg)); - free(state.errmsg); - } else { - printf("result is [%s]\n", result); - } - } - return 0; -} diff --git a/edify/main.cpp b/edify/main.cpp new file mode 100644 index 000000000..b1baa0b13 --- /dev/null +++ b/edify/main.cpp @@ -0,0 +1,214 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include "expr.h" +#include "parser.h" + +extern int yyparse(Expr** root, int* error_count); + +int expect(const char* expr_str, const char* expected, int* errors) { + Expr* e; + char* result; + + printf("."); + + int error_count = parse_string(expr_str, &e, &error_count); + if (error_count > 0) { + printf("error parsing \"%s\" (%d errors)\n", + expr_str, error_count); + ++*errors; + return 0; + } + + State state; + state.cookie = NULL; + state.script = strdup(expr_str); + state.errmsg = NULL; + + result = Evaluate(&state, e); + free(state.errmsg); + free(state.script); + if (result == NULL && expected != NULL) { + printf("error evaluating \"%s\"\n", expr_str); + ++*errors; + return 0; + } + + if (result == NULL && expected == NULL) { + return 1; + } + + if (strcmp(result, expected) != 0) { + printf("evaluating \"%s\": expected \"%s\", got \"%s\"\n", + expr_str, expected, result); + ++*errors; + free(result); + return 0; + } + + free(result); + return 1; +} + +int test() { + int errors = 0; + + expect("a", "a", &errors); + expect("\"a\"", "a", &errors); + expect("\"\\x61\"", "a", &errors); + expect("# this is a comment\n" + " a\n" + " \n", + "a", &errors); + + + // sequence operator + expect("a; b; c", "c", &errors); + + // string concat operator + expect("a + b", "ab", &errors); + expect("a + \n \"b\"", "ab", &errors); + expect("a + b +\nc\n", "abc", &errors); + + // string concat function + expect("concat(a, b)", "ab", &errors); + expect("concat(a,\n \"b\")", "ab", &errors); + expect("concat(a + b,\nc,\"d\")", "abcd", &errors); + expect("\"concat\"(a + b,\nc,\"d\")", "abcd", &errors); + + // logical and + expect("a && b", "b", &errors); + expect("a && \"\"", "", &errors); + expect("\"\" && b", "", &errors); + expect("\"\" && \"\"", "", &errors); + expect("\"\" && abort()", "", &errors); // test short-circuiting + expect("t && abort()", NULL, &errors); + + // logical or + expect("a || b", "a", &errors); + expect("a || \"\"", "a", &errors); + expect("\"\" || b", "b", &errors); + expect("\"\" || \"\"", "", &errors); + expect("a || abort()", "a", &errors); // test short-circuiting + expect("\"\" || abort()", NULL, &errors); + + // logical not + expect("!a", "", &errors); + expect("! \"\"", "t", &errors); + expect("!!a", "t", &errors); + + // precedence + expect("\"\" == \"\" && b", "b", &errors); + expect("a + b == ab", "t", &errors); + expect("ab == a + b", "t", &errors); + expect("a + (b == ab)", "a", &errors); + expect("(ab == a) + b", "b", &errors); + + // substring function + expect("is_substring(cad, abracadabra)", "t", &errors); + expect("is_substring(abrac, abracadabra)", "t", &errors); + expect("is_substring(dabra, abracadabra)", "t", &errors); + expect("is_substring(cad, abracxadabra)", "", &errors); + expect("is_substring(abrac, axbracadabra)", "", &errors); + expect("is_substring(dabra, abracadabrxa)", "", &errors); + + // ifelse function + expect("ifelse(t, yes, no)", "yes", &errors); + expect("ifelse(!t, yes, no)", "no", &errors); + expect("ifelse(t, yes, abort())", "yes", &errors); + expect("ifelse(!t, abort(), no)", "no", &errors); + + // if "statements" + expect("if t then yes else no endif", "yes", &errors); + expect("if \"\" then yes else no endif", "no", &errors); + expect("if \"\" then yes endif", "", &errors); + expect("if \"\"; t then yes endif", "yes", &errors); + + // numeric comparisons + expect("less_than_int(3, 14)", "t", &errors); + expect("less_than_int(14, 3)", "", &errors); + expect("less_than_int(x, 3)", "", &errors); + expect("less_than_int(3, x)", "", &errors); + expect("greater_than_int(3, 14)", "", &errors); + expect("greater_than_int(14, 3)", "t", &errors); + expect("greater_than_int(x, 3)", "", &errors); + expect("greater_than_int(3, x)", "", &errors); + + printf("\n"); + + return errors; +} + +void ExprDump(int depth, Expr* n, char* script) { + printf("%*s", depth*2, ""); + char temp = script[n->end]; + script[n->end] = '\0'; + printf("%s %p (%d-%d) \"%s\"\n", + n->name == NULL ? "(NULL)" : n->name, n->fn, n->start, n->end, + script+n->start); + script[n->end] = temp; + int i; + for (i = 0; i < n->argc; ++i) { + ExprDump(depth+1, n->argv[i], script); + } +} + +int main(int argc, char** argv) { + RegisterBuiltins(); + FinishRegistration(); + + if (argc == 1) { + return test() != 0; + } + + FILE* f = fopen(argv[1], "r"); + if (f == NULL) { + printf("%s: %s: No such file or directory\n", argv[0], argv[1]); + return 1; + } + char buffer[8192]; + int size = fread(buffer, 1, 8191, f); + fclose(f); + buffer[size] = '\0'; + + Expr* root; + int error_count = 0; + int error = parse_string(buffer, &root, &error_count); + printf("parse returned %d; %d errors encountered\n", error, error_count); + if (error == 0 || error_count > 0) { + + ExprDump(0, root, buffer); + + State state; + state.cookie = NULL; + state.script = buffer; + state.errmsg = NULL; + + char* result = Evaluate(&state, root); + if (result == NULL) { + printf("result was NULL, message is: %s\n", + (state.errmsg == NULL ? "(NULL)" : state.errmsg)); + free(state.errmsg); + } else { + printf("result is [%s]\n", result); + } + } + return 0; +} diff --git a/edify/parser.y b/edify/parser.y index f8fb2d12f..098a6370a 100644 --- a/edify/parser.y +++ b/edify/parser.y @@ -70,7 +70,7 @@ input: expr { *root = $1; } ; expr: STRING { - $$ = malloc(sizeof(Expr)); + $$ = reinterpret_cast(malloc(sizeof(Expr))); $$->fn = Literal; $$->name = $1; $$->argc = 0; @@ -91,7 +91,7 @@ expr: STRING { | IF expr THEN expr ENDIF { $$ = Build(IfElseFn, @$, 2, $2, $4); } | IF expr THEN expr ELSE expr ENDIF { $$ = Build(IfElseFn, @$, 3, $2, $4, $6); } | STRING '(' arglist ')' { - $$ = malloc(sizeof(Expr)); + $$ = reinterpret_cast(malloc(sizeof(Expr))); $$->fn = FindFunction($1); if ($$->fn == NULL) { char buffer[256]; @@ -113,12 +113,12 @@ arglist: /* empty */ { } | expr { $$.argc = 1; - $$.argv = malloc(sizeof(Expr*)); + $$.argv = reinterpret_cast(malloc(sizeof(Expr*))); $$.argv[0] = $1; } | arglist ',' expr { $$.argc = $1.argc + 1; - $$.argv = realloc($$.argv, $$.argc * sizeof(Expr*)); + $$.argv = reinterpret_cast(realloc($$.argv, $$.argc * sizeof(Expr*))); $$.argv[$$.argc-1] = $3; } ; -- cgit v1.2.3 From a6153df887d829c3d83231771358bfa1ee485b12 Mon Sep 17 00:00:00 2001 From: Shrinivas Sahukar Date: Wed, 19 Aug 2015 13:01:45 +0530 Subject: GOOGLEGMS-749 Fix integer overflow while applying block based OTA package There is an integer overflow when the size of system goes beyond the signed int limits. Hence changing pos to size_t. Change-Id: I6e5e1b2f0e72030b30a6df09a01642f4c82abc79 --- updater/blockimg.cpp | 94 +++++++++++++++++++++++++++------------------------- 1 file changed, 48 insertions(+), 46 deletions(-) mode change 100644 => 100755 updater/blockimg.cpp diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp old mode 100644 new mode 100755 index 3a07da404..d5c8bb195 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -56,9 +56,9 @@ #define STASH_FILE_MODE 0600 typedef struct { - int count; - int size; - int pos[0]; + size_t count; + size_t size; + size_t pos[0]; // Actual limit is INT_MAX. } RangeSet; #define RANGESET_MAX_POINTS \ @@ -82,16 +82,17 @@ static RangeSet* parse_range(char* text) { goto err; } + errno = 0; val = strtol(token, NULL, 0); - if (val < 2 || val > RANGESET_MAX_POINTS) { + if (errno != 0 || val < 2 || val > RANGESET_MAX_POINTS) { goto err; } else if (val % 2) { goto err; // must be even } num = (int) val; - bufsize = sizeof(RangeSet) + num * sizeof(int); + bufsize = sizeof(RangeSet) + num * sizeof(size_t); out = reinterpret_cast(malloc(bufsize)); @@ -103,41 +104,50 @@ static RangeSet* parse_range(char* text) { out->count = num / 2; out->size = 0; - for (int i = 0; i < num; ++i) { + for (int i = 0; i < num; i += 2) { token = strtok_r(NULL, ",", &save); if (!token) { goto err; } + errno = 0; val = strtol(token, NULL, 0); - if (val < 0 || val > INT_MAX) { + if (errno != 0 || val < 0 || val > INT_MAX) { goto err; } - out->pos[i] = (int) val; + out->pos[i] = static_cast(val); - if (i % 2) { - if (out->pos[i - 1] >= out->pos[i]) { - goto err; // empty or negative range - } + token = strtok_r(NULL, ",", &save); - if (out->size > INT_MAX - out->pos[i]) { - goto err; // overflow - } + if (!token) { + goto err; + } - out->size += out->pos[i]; - } else { - if (out->size < 0) { - goto err; - } + errno = 0; + val = strtol(token, NULL, 0); - out->size -= out->pos[i]; + if (errno != 0 || val < 0 || val > INT_MAX) { + goto err; } + + out->pos[i+1] = static_cast(val); + + if (out->pos[i] >= out->pos[i+1]) { + goto err; // empty or negative range + } + + size_t rs = out->pos[i+1] - out->pos[i]; + if (out->size > SIZE_MAX - rs) { + goto err; // overflow + } + + out->size += rs; } - if (out->size <= 0) { + if (out->size == 0) { goto err; } @@ -149,13 +159,13 @@ err: } static bool range_overlaps(const RangeSet& r1, const RangeSet& r2) { - for (int i = 0; i < r1.count; ++i) { - int r1_0 = r1.pos[i * 2]; - int r1_1 = r1.pos[i * 2 + 1]; + for (size_t i = 0; i < r1.count; ++i) { + size_t r1_0 = r1.pos[i * 2]; + size_t r1_1 = r1.pos[i * 2 + 1]; - for (int j = 0; j < r2.count; ++j) { - int r2_0 = r2.pos[j * 2]; - int r2_1 = r2.pos[j * 2 + 1]; + for (size_t j = 0; j < r2.count; ++j) { + size_t r2_0 = r2.pos[j * 2]; + size_t r2_1 = r2.pos[j * 2 + 1]; if (!(r2_0 >= r1_1 || r1_0 >= r2_1)) { return true; @@ -219,7 +229,7 @@ static void allocate(size_t size, uint8_t** buffer, size_t* buffer_alloc) { typedef struct { int fd; RangeSet* tgt; - int p_block; + size_t p_block; size_t p_remain; } RangeSinkState; @@ -340,20 +350,18 @@ static void* unzip_new_data(void* cookie) { } static int ReadBlocks(RangeSet* src, uint8_t* buffer, int fd) { - int i; size_t p = 0; - size_t size; if (!src || !buffer) { return -1; } - for (i = 0; i < src->count; ++i) { + for (size_t i = 0; i < src->count; ++i) { if (!check_lseek(fd, (off64_t) src->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { return -1; } - size = (src->pos[i * 2 + 1] - src->pos[i * 2]) * BLOCKSIZE; + size_t size = (src->pos[i * 2 + 1] - src->pos[i * 2]) * BLOCKSIZE; if (read_all(fd, buffer + p, size) == -1) { return -1; @@ -366,20 +374,18 @@ static int ReadBlocks(RangeSet* src, uint8_t* buffer, int fd) { } static int WriteBlocks(RangeSet* tgt, uint8_t* buffer, int fd) { - int i; size_t p = 0; - size_t size; if (!tgt || !buffer) { return -1; } - for (i = 0; i < tgt->count; ++i) { + for (size_t i = 0; i < tgt->count; ++i) { if (!check_lseek(fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { return -1; } - size = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * BLOCKSIZE; + size_t size = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * BLOCKSIZE; if (write_all(fd, buffer + p, size) == -1) { return -1; @@ -1140,8 +1146,6 @@ static int PerformCommandFree(CommandParameters* params) { static int PerformCommandZero(CommandParameters* params) { char* range = NULL; - int i; - int j; int rc = -1; RangeSet* tgt = NULL; @@ -1164,12 +1168,12 @@ static int PerformCommandZero(CommandParameters* params) { memset(params->buffer, 0, BLOCKSIZE); if (params->canwrite) { - for (i = 0; i < tgt->count; ++i) { + for (size_t i = 0; i < tgt->count; ++i) { if (!check_lseek(params->fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { goto pczout; } - for (j = tgt->pos[i * 2]; j < tgt->pos[i * 2 + 1]; ++j) { + for (size_t j = tgt->pos[i * 2]; j < tgt->pos[i * 2 + 1]; ++j) { if (write_all(params->fd, params->buffer, BLOCKSIZE) == -1) { goto pczout; } @@ -1359,7 +1363,6 @@ pcdout: static int PerformCommandErase(CommandParameters* params) { char* range = NULL; - int i; int rc = -1; RangeSet* tgt = NULL; struct stat st; @@ -1395,7 +1398,7 @@ static int PerformCommandErase(CommandParameters* params) { if (params->canwrite) { fprintf(stderr, " erasing %d blocks\n", tgt->size); - for (i = 0; i < tgt->count; ++i) { + for (size_t i = 0; i < tgt->count; ++i) { // offset in bytes blocks[0] = tgt->pos[i * 2] * (uint64_t) BLOCKSIZE; // length in bytes @@ -1852,15 +1855,14 @@ Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { SHA_CTX ctx; SHA_init(&ctx); - int i, j; - for (i = 0; i < rs->count; ++i) { + for (size_t i = 0; i < rs->count; ++i) { if (!check_lseek(fd, (off64_t)rs->pos[i*2] * BLOCKSIZE, SEEK_SET)) { ErrorAbort(state, "failed to seek %s: %s", blockdev_filename->data, strerror(errno)); goto done; } - for (j = rs->pos[i*2]; j < rs->pos[i*2+1]; ++j) { + for (size_t j = rs->pos[i*2]; j < rs->pos[i*2+1]; ++j) { if (read_all(fd, buffer, BLOCKSIZE) == -1) { ErrorAbort(state, "failed to read %s: %s", blockdev_filename->data, strerror(errno)); -- cgit v1.2.3 From 337db14f274fc73dd540aa71d2c21c431fe686ec Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 20 Aug 2015 14:52:57 -0700 Subject: recovery: Factor out wear_ui.{cpp,h} into bootable/recovery. Every watch has a (mostly identical) copy of the wear_ui. Factor them out into a single copy for easier maintenance. Device-specific settings should be defined in recovery_ui.cpp that inherits WearRecoveryUI class. Bug: 22451422 Change-Id: Id07efca37d1b1d330e6327506c7b73ccf6ae9241 --- Android.mk | 1 + wear_ui.cpp | 650 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ wear_ui.h | 137 +++++++++++++ 3 files changed, 788 insertions(+) create mode 100644 wear_ui.cpp create mode 100644 wear_ui.h diff --git a/Android.mk b/Android.mk index 0484065a1..b31f73017 100644 --- a/Android.mk +++ b/Android.mk @@ -41,6 +41,7 @@ LOCAL_SRC_FILES := \ screen_ui.cpp \ ui.cpp \ verifier.cpp \ + wear_ui.cpp \ LOCAL_MODULE := recovery diff --git a/wear_ui.cpp b/wear_ui.cpp new file mode 100644 index 000000000..4ae42c467 --- /dev/null +++ b/wear_ui.cpp @@ -0,0 +1,650 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "common.h" +#include "device.h" +#include "minui/minui.h" +#include "wear_ui.h" +#include "ui.h" +#include "cutils/properties.h" +#include "base/strings.h" + +static int char_width; +static int char_height; + +// There's only (at most) one of these objects, and global callbacks +// (for pthread_create, and the input event system) need to find it, +// so use a global variable. +static WearRecoveryUI* self = NULL; + +// Return the current time as a double (including fractions of a second). +static double now() { + struct timeval tv; + gettimeofday(&tv, NULL); + return tv.tv_sec + tv.tv_usec / 1000000.0; +} + +WearRecoveryUI::WearRecoveryUI() : + progress_bar_height(3), + progress_bar_width(200), + progress_bar_y(259), + outer_height(0), + outer_width(0), + menu_unusable_rows(0), + intro_frames(22), + loop_frames(60), + currentIcon(NONE), + intro_done(false), + current_frame(0), + animation_fps(30), + rtl_locale(false), + progressBarType(EMPTY), + progressScopeStart(0), + progressScopeSize(0), + progress(0), + text_cols(0), + text_rows(0), + text_col(0), + text_row(0), + text_top(0), + show_text(false), + show_text_ever(false), + show_menu(false), + menu_items(0), + menu_sel(0) { + + for (size_t i = 0; i < 5; i++) + backgroundIcon[i] = NULL; + + pthread_mutex_init(&updateMutex, NULL); + self = this; +} + +// Draw background frame on the screen. Does not flip pages. +// Should only be called with updateMutex locked. +void WearRecoveryUI::draw_background_locked(Icon icon) +{ + gr_color(0, 0, 0, 255); + gr_fill(0, 0, gr_fb_width(), gr_fb_height()); + + if (icon) { + GRSurface* surface; + if (icon == INSTALLING_UPDATE || icon == ERASING) { + if (!intro_done) { + surface = introFrames[current_frame]; + } else { + surface = loopFrames[current_frame]; + } + } + else { + surface = backgroundIcon[icon]; + } + + int width = gr_get_width(surface); + int height = gr_get_height(surface); + + int x = (gr_fb_width() - width) / 2; + int y = (gr_fb_height() - height) / 2; + + gr_blit(surface, 0, 0, width, height, x, y); + } +} + +// Draw the progress bar (if any) on the screen. Does not flip pages. +// Should only be called with updateMutex locked. +void WearRecoveryUI::draw_progress_locked() +{ + if (currentIcon == ERROR) return; + if (progressBarType != DETERMINATE) return; + + int width = progress_bar_width; + int height = progress_bar_height; + int dx = (gr_fb_width() - width)/2; + int dy = progress_bar_y; + + float p = progressScopeStart + progress * progressScopeSize; + int pos = (int) (p * width); + + gr_color(0x43, 0x43, 0x43, 0xff); + gr_fill(dx, dy, dx + width, dy + height); + + if (pos > 0) { + gr_color(0x02, 0xa8, 0xf3, 255); + if (rtl_locale) { + // Fill the progress bar from right to left. + gr_fill(dx + width - pos, dy, dx + width, dy + height); + } else { + // Fill the progress bar from left to right. + gr_fill(dx, dy, dx + pos, dy + height); + } + } +} + +void WearRecoveryUI::SetColor(UIElement e) { + switch (e) { + case HEADER: + gr_color(247, 0, 6, 255); + break; + case MENU: + case MENU_SEL_BG: + gr_color(0, 106, 157, 255); + break; + case MENU_SEL_FG: + gr_color(255, 255, 255, 255); + break; + case LOG: + gr_color(249, 194, 0, 255); + break; + case TEXT_FILL: + gr_color(0, 0, 0, 160); + break; + default: + gr_color(255, 255, 255, 255); + break; + } +} + +void WearRecoveryUI::DrawTextLine(int x, int* y, const char* line, bool bold) { + gr_text(x, *y, line, bold); + *y += char_height + 4; +} + +void WearRecoveryUI::DrawTextLines(int x, int* y, const char* const* lines) { + for (size_t i = 0; lines != nullptr && lines[i] != nullptr; ++i) { + DrawTextLine(x, y, lines[i], false); + } +} + +static const char* HEADERS[] = { + "Swipe up/down to move.", + "Swipe left/right to select.", + "", + NULL +}; + +void WearRecoveryUI::draw_screen_locked() +{ + draw_background_locked(currentIcon); + draw_progress_locked(); + char cur_selection_str[50]; + + if (show_text) { + SetColor(TEXT_FILL); + gr_fill(0, 0, gr_fb_width(), gr_fb_height()); + + int y = outer_height; + int x = outer_width; + if (show_menu) { + char recovery_fingerprint[PROPERTY_VALUE_MAX]; + property_get("ro.bootimage.build.fingerprint", recovery_fingerprint, ""); + SetColor(HEADER); + DrawTextLine(x + 4, &y, "Android Recovery", true); + for (auto& chunk: android::base::Split(recovery_fingerprint, ":")) { + DrawTextLine(x +4, &y, chunk.c_str(), false); + } + + // This is actually the help strings. + DrawTextLines(x + 4, &y, HEADERS); + SetColor(HEADER); + DrawTextLines(x + 4, &y, menu_headers_); + + // Show the current menu item number in relation to total number if + // items don't fit on the screen. + if (menu_items > menu_end - menu_start) { + sprintf(cur_selection_str, "Current item: %d/%d", menu_sel + 1, menu_items); + gr_text(x+4, y, cur_selection_str, 1); + y += char_height+4; + } + + // Menu begins here + SetColor(MENU); + + for (int i = menu_start; i < menu_end; ++i) { + + if (i == menu_sel) { + // draw the highlight bar + SetColor(MENU_SEL_BG); + gr_fill(x, y-2, gr_fb_width()-x, y+char_height+2); + // white text of selected item + SetColor(MENU_SEL_FG); + if (menu[i][0]) gr_text(x+4, y, menu[i], 1); + SetColor(MENU); + } else { + if (menu[i][0]) gr_text(x+4, y, menu[i], 0); + } + y += char_height+4; + } + SetColor(MENU); + y += 4; + gr_fill(0, y, gr_fb_width(), y+2); + y += 4; + } + + SetColor(LOG); + + // display from the bottom up, until we hit the top of the + // screen, the bottom of the menu, or we've displayed the + // entire text buffer. + int ty; + int row = (text_top+text_rows-1) % text_rows; + size_t count = 0; + for (int ty = gr_fb_height() - char_height - outer_height; + ty > y+2 && count < text_rows; + ty -= char_height, ++count) { + gr_text(x+4, ty, text[row], 0); + --row; + if (row < 0) row = text_rows-1; + } + } +} + +void WearRecoveryUI::update_screen_locked() +{ + draw_screen_locked(); + gr_flip(); +} + +// Keeps the progress bar updated, even when the process is otherwise busy. +void* WearRecoveryUI::progress_thread(void *cookie) { + self->progress_loop(); + return NULL; +} + +void WearRecoveryUI::progress_loop() { + double interval = 1.0 / animation_fps; + for (;;) { + double start = now(); + pthread_mutex_lock(&updateMutex); + int redraw = 0; + + if ((currentIcon == INSTALLING_UPDATE || currentIcon == ERASING) + && !show_text) { + if (!intro_done) { + if (current_frame == intro_frames - 1) { + intro_done = true; + current_frame = 0; + } else { + current_frame++; + } + } else { + current_frame = (current_frame + 1) % loop_frames; + } + redraw = 1; + } + + // move the progress bar forward on timed intervals, if configured + int duration = progressScopeDuration; + if (progressBarType == DETERMINATE && duration > 0) { + double elapsed = now() - progressScopeTime; + float p = 1.0 * elapsed / duration; + if (p > 1.0) p = 1.0; + if (p > progress) { + progress = p; + redraw = 1; + } + } + + if (redraw) + update_screen_locked(); + + pthread_mutex_unlock(&updateMutex); + double end = now(); + // minimum of 20ms delay between frames + double delay = interval - (end-start); + if (delay < 0.02) delay = 0.02; + usleep((long)(delay * 1000000)); + } +} + +void WearRecoveryUI::LoadBitmap(const char* filename, GRSurface** surface) { + int result = res_create_display_surface(filename, surface); + if (result < 0) { + LOGE("missing bitmap %s\n(Code %d)\n", filename, result); + } +} + +void WearRecoveryUI::Init() +{ + gr_init(); + + gr_font_size(&char_width, &char_height); + + text_col = text_row = 0; + text_rows = (gr_fb_height()) / char_height; + visible_text_rows = (gr_fb_height() - (outer_height * 2)) / char_height; + if (text_rows > kMaxRows) text_rows = kMaxRows; + text_top = 1; + + text_cols = (gr_fb_width() - (outer_width * 2)) / char_width; + if (text_cols > kMaxCols - 1) text_cols = kMaxCols - 1; + + LoadBitmap("icon_installing", &backgroundIcon[INSTALLING_UPDATE]); + backgroundIcon[ERASING] = backgroundIcon[INSTALLING_UPDATE]; + LoadBitmap("icon_error", &backgroundIcon[ERROR]); + backgroundIcon[NO_COMMAND] = backgroundIcon[ERROR]; + + introFrames = (GRSurface**)malloc(intro_frames * sizeof(GRSurface*)); + for (int i = 0; i < intro_frames; ++i) { + char filename[40]; + sprintf(filename, "intro%02d", i); + LoadBitmap(filename, introFrames + i); + } + + loopFrames = (GRSurface**)malloc(loop_frames * sizeof(GRSurface*)); + for (int i = 0; i < loop_frames; ++i) { + char filename[40]; + sprintf(filename, "loop%02d", i); + LoadBitmap(filename, loopFrames + i); + } + + pthread_create(&progress_t, NULL, progress_thread, NULL); + RecoveryUI::Init(); +} + +void WearRecoveryUI::SetLocale(const char* locale) { + if (locale) { + char* lang = strdup(locale); + for (char* p = lang; *p; ++p) { + if (*p == '_') { + *p = '\0'; + break; + } + } + + // A bit cheesy: keep an explicit list of supported languages + // that are RTL. + if (strcmp(lang, "ar") == 0 || // Arabic + strcmp(lang, "fa") == 0 || // Persian (Farsi) + strcmp(lang, "he") == 0 || // Hebrew (new language code) + strcmp(lang, "iw") == 0 || // Hebrew (old language code) + strcmp(lang, "ur") == 0) { // Urdu + rtl_locale = true; + } + free(lang); + } +} + +void WearRecoveryUI::SetBackground(Icon icon) +{ + pthread_mutex_lock(&updateMutex); + currentIcon = icon; + update_screen_locked(); + pthread_mutex_unlock(&updateMutex); +} + +void WearRecoveryUI::SetProgressType(ProgressType type) +{ + pthread_mutex_lock(&updateMutex); + if (progressBarType != type) { + progressBarType = type; + } + progressScopeStart = 0; + progressScopeSize = 0; + progress = 0; + update_screen_locked(); + pthread_mutex_unlock(&updateMutex); +} + +void WearRecoveryUI::ShowProgress(float portion, float seconds) +{ + pthread_mutex_lock(&updateMutex); + progressBarType = DETERMINATE; + progressScopeStart += progressScopeSize; + progressScopeSize = portion; + progressScopeTime = now(); + progressScopeDuration = seconds; + progress = 0; + update_screen_locked(); + pthread_mutex_unlock(&updateMutex); +} + +void WearRecoveryUI::SetProgress(float fraction) +{ + pthread_mutex_lock(&updateMutex); + if (fraction < 0.0) fraction = 0.0; + if (fraction > 1.0) fraction = 1.0; + if (progressBarType == DETERMINATE && fraction > progress) { + // Skip updates that aren't visibly different. + int width = progress_bar_width; + float scale = width * progressScopeSize; + if ((int) (progress * scale) != (int) (fraction * scale)) { + progress = fraction; + update_screen_locked(); + } + } + pthread_mutex_unlock(&updateMutex); +} + +void WearRecoveryUI::SetStage(int current, int max) +{ +} + +void WearRecoveryUI::Print(const char *fmt, ...) +{ + char buf[256]; + va_list ap; + va_start(ap, fmt); + vsnprintf(buf, 256, fmt, ap); + va_end(ap); + + fputs(buf, stdout); + + // This can get called before ui_init(), so be careful. + pthread_mutex_lock(&updateMutex); + if (text_rows > 0 && text_cols > 0) { + char *ptr; + for (ptr = buf; *ptr != '\0'; ++ptr) { + if (*ptr == '\n' || text_col >= text_cols) { + text[text_row][text_col] = '\0'; + text_col = 0; + text_row = (text_row + 1) % text_rows; + if (text_row == text_top) text_top = (text_top + 1) % text_rows; + } + if (*ptr != '\n') text[text_row][text_col++] = *ptr; + } + text[text_row][text_col] = '\0'; + update_screen_locked(); + } + pthread_mutex_unlock(&updateMutex); +} + +void WearRecoveryUI::StartMenu(const char* const * headers, const char* const * items, + int initial_selection) { + pthread_mutex_lock(&updateMutex); + if (text_rows > 0 && text_cols > 0) { + menu_headers_ = headers; + size_t i = 0; + for (; i < text_rows && items[i] != nullptr; i++) { + strncpy(menu[i], items[i], text_cols - 1); + menu[i][text_cols - 1] = '\0'; + } + menu_items = i; + show_menu = 1; + menu_sel = initial_selection; + menu_start = 0; + menu_end = visible_text_rows - 1 - menu_unusable_rows; + if (menu_items <= menu_end) + menu_end = menu_items; + update_screen_locked(); + } + pthread_mutex_unlock(&updateMutex); +} + +int WearRecoveryUI::SelectMenu(int sel) { + int old_sel; + pthread_mutex_lock(&updateMutex); + if (show_menu > 0) { + old_sel = menu_sel; + menu_sel = sel; + if (menu_sel < 0) menu_sel = 0; + if (menu_sel >= menu_items) menu_sel = menu_items-1; + if (menu_sel < menu_start) { + menu_start--; + menu_end--; + } else if (menu_sel >= menu_end && menu_sel < menu_items) { + menu_end++; + menu_start++; + } + sel = menu_sel; + if (menu_sel != old_sel) update_screen_locked(); + } + pthread_mutex_unlock(&updateMutex); + return sel; +} + +void WearRecoveryUI::EndMenu() { + int i; + pthread_mutex_lock(&updateMutex); + if (show_menu > 0 && text_rows > 0 && text_cols > 0) { + show_menu = 0; + update_screen_locked(); + } + pthread_mutex_unlock(&updateMutex); +} + +bool WearRecoveryUI::IsTextVisible() +{ + pthread_mutex_lock(&updateMutex); + int visible = show_text; + pthread_mutex_unlock(&updateMutex); + return visible; +} + +bool WearRecoveryUI::WasTextEverVisible() +{ + pthread_mutex_lock(&updateMutex); + int ever_visible = show_text_ever; + pthread_mutex_unlock(&updateMutex); + return ever_visible; +} + +void WearRecoveryUI::ShowText(bool visible) +{ + pthread_mutex_lock(&updateMutex); + // Don't show text during ota install or factory reset + if (currentIcon == INSTALLING_UPDATE || currentIcon == ERASING) { + pthread_mutex_unlock(&updateMutex); + return; + } + show_text = visible; + if (show_text) show_text_ever = 1; + update_screen_locked(); + pthread_mutex_unlock(&updateMutex); +} + +void WearRecoveryUI::Redraw() +{ + pthread_mutex_lock(&updateMutex); + update_screen_locked(); + pthread_mutex_unlock(&updateMutex); +} + +void WearRecoveryUI::ShowFile(FILE* fp) { + std::vector offsets; + offsets.push_back(ftell(fp)); + ClearText(); + + struct stat sb; + fstat(fileno(fp), &sb); + + bool show_prompt = false; + while (true) { + if (show_prompt) { + Print("--(%d%% of %d bytes)--", + static_cast(100 * (double(ftell(fp)) / double(sb.st_size))), + static_cast(sb.st_size)); + Redraw(); + while (show_prompt) { + show_prompt = false; + int key = WaitKey(); + if (key == KEY_POWER || key == KEY_ENTER) { + return; + } else if (key == KEY_UP || key == KEY_VOLUMEUP) { + if (offsets.size() <= 1) { + show_prompt = true; + } else { + offsets.pop_back(); + fseek(fp, offsets.back(), SEEK_SET); + } + } else { + if (feof(fp)) { + return; + } + offsets.push_back(ftell(fp)); + } + } + ClearText(); + } + + int ch = getc(fp); + if (ch == EOF) { + text_row = text_top = text_rows - 2; + show_prompt = true; + } else { + PutChar(ch); + if (text_col == 0 && text_row >= text_rows - 2) { + text_top = text_row; + show_prompt = true; + } + } + } +} + +void WearRecoveryUI::PutChar(char ch) { + pthread_mutex_lock(&updateMutex); + if (ch != '\n') text[text_row][text_col++] = ch; + if (ch == '\n' || text_col >= text_cols) { + text_col = 0; + ++text_row; + } + pthread_mutex_unlock(&updateMutex); +} + +void WearRecoveryUI::ShowFile(const char* filename) { + FILE* fp = fopen_path(filename, "re"); + if (fp == nullptr) { + Print(" Unable to open %s: %s\n", filename, strerror(errno)); + return; + } + ShowFile(fp); + fclose(fp); +} + +void WearRecoveryUI::ClearText() { + pthread_mutex_lock(&updateMutex); + text_col = 0; + text_row = 0; + text_top = 1; + for (size_t i = 0; i < text_rows; ++i) { + memset(text[i], 0, text_cols + 1); + } + pthread_mutex_unlock(&updateMutex); +} diff --git a/wear_ui.h b/wear_ui.h new file mode 100644 index 000000000..839a26438 --- /dev/null +++ b/wear_ui.h @@ -0,0 +1,137 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef RECOVERY_WEAR_UI_H +#define RECOVERY_WEAR_UI_H + +#include +#include + +#include "ui.h" +#include "minui/minui.h" + +class WearRecoveryUI : public RecoveryUI { + public: + WearRecoveryUI(); + + void Init(); + void SetLocale(const char* locale); + + // overall recovery state ("background image") + void SetBackground(Icon icon); + + // progress indicator + void SetProgressType(ProgressType type); + void ShowProgress(float portion, float seconds); + void SetProgress(float fraction); + + void SetStage(int current, int max); + + // text log + void ShowText(bool visible); + bool IsTextVisible(); + bool WasTextEverVisible(); + + // printing messages + void Print(const char* fmt, ...); + void ShowFile(const char* filename); + void ShowFile(FILE* fp); + + // menu display + void StartMenu(const char* const * headers, const char* const * items, + int initial_selection); + int SelectMenu(int sel); + void EndMenu(); + + void Redraw(); + + enum UIElement { HEADER, MENU, MENU_SEL_BG, MENU_SEL_FG, LOG, TEXT_FILL }; + virtual void SetColor(UIElement e); + + protected: + int progress_bar_height, progress_bar_width; + + // progress bar vertical position, it's centered horizontally + int progress_bar_y; + + // outer of window + int outer_height, outer_width; + + // Unusable rows when displaying the recovery menu, including the lines + // for headers (Android Recovery, build id and etc) and the bottom lines + // that may otherwise go out of the screen. + int menu_unusable_rows; + + // number of intro frames (default: 22) and loop frames (default: 60) + int intro_frames; + int loop_frames; + + private: + Icon currentIcon; + + bool intro_done; + + int current_frame; + + int animation_fps; + + bool rtl_locale; + + pthread_mutex_t updateMutex; + GRSurface* backgroundIcon[5]; + GRSurface* *introFrames; + GRSurface* *loopFrames; + + ProgressType progressBarType; + + float progressScopeStart, progressScopeSize, progress; + double progressScopeTime, progressScopeDuration; + + static const int kMaxCols = 96; + static const int kMaxRows = 96; + + // Log text overlay, displayed when a magic key is pressed + char text[kMaxRows][kMaxCols]; + size_t text_cols, text_rows; + // Number of text rows seen on screen + int visible_text_rows; + size_t text_col, text_row, text_top; + bool show_text; + bool show_text_ever; // has show_text ever been true? + + char menu[kMaxRows][kMaxCols]; + bool show_menu; + const char* const* menu_headers_; + int menu_items, menu_sel; + int menu_start, menu_end; + + pthread_t progress_t; + + private: + void draw_background_locked(Icon icon); + void draw_progress_locked(); + void draw_screen_locked(); + void update_screen_locked(); + static void* progress_thread(void* cookie); + void progress_loop(); + void LoadBitmap(const char* filename, GRSurface** surface); + void PutChar(char); + void ClearText(); + void DrawTextLine(int x, int* y, const char* line, bool bold); + void DrawTextLines(int x, int* y, const char* const* lines); +}; + +#endif // RECOVERY_WEAR_UI_H -- cgit v1.2.3 From 9739a2920cedc444fa9f0854f768a0a5c66e057b Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 5 Aug 2015 12:16:20 -0700 Subject: updater: Remove the unused isunresumable in SaveStash(). Change-Id: I6a8d9bea4c1cd8ea7b534682061b90e893b227a2 --- updater/blockimg.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index d5c8bb195..7da9adf5f 100755 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -768,8 +768,8 @@ static int CreateStash(State* state, int maxblocks, const char* blockdev, } static int SaveStash(const std::string& base, char** wordsave, uint8_t** buffer, - size_t* buffer_alloc, int fd, int usehash, bool* isunresumable) { - if (!wordsave || !buffer || !buffer_alloc || !isunresumable) { + size_t* buffer_alloc, int fd, bool usehash) { + if (!wordsave || !buffer || !buffer_alloc) { return -1; } @@ -1129,7 +1129,7 @@ static int PerformCommandStash(CommandParameters* params) { } return SaveStash(params->stashbase, ¶ms->cpos, ¶ms->buffer, ¶ms->bufsize, - params->fd, (params->version >= 3), ¶ms->isunresumable); + params->fd, (params->version >= 3)); } static int PerformCommandFree(CommandParameters* params) { -- cgit v1.2.3 From 0940fe17b0a872ecb4a9e23790ad0a09c0cb3810 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 27 Aug 2015 16:41:21 -0700 Subject: updater: Clean up C codes. Replace C-string with std::string, pointers with references, and variable-size arrays in struct with std::vector. Change-Id: I57f361a0e58286cbcd113e9be225981da56721b2 --- updater/blockimg.cpp | 1031 +++++++++++++++++++++----------------------------- 1 file changed, 429 insertions(+), 602 deletions(-) mode change 100755 => 100644 updater/blockimg.cpp diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp old mode 100755 new mode 100644 index 7da9adf5f..5f5f9bd72 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -34,6 +34,7 @@ #include #include +#include #include @@ -41,8 +42,9 @@ #include "edify/expr.h" #include "mincrypt/sha.h" #include "minzip/Hash.h" -#include "updater.h" #include "print_sha1.h" +#include "unique_fd.h" +#include "updater.h" #define BLOCKSIZE 4096 @@ -55,106 +57,77 @@ #define STASH_DIRECTORY_MODE 0700 #define STASH_FILE_MODE 0600 -typedef struct { - size_t count; +struct RangeSet { + size_t count; // Limit is INT_MAX. size_t size; - size_t pos[0]; // Actual limit is INT_MAX. -} RangeSet; + std::vector pos; // Actual limit is INT_MAX. +}; -#define RANGESET_MAX_POINTS \ - ((int)((INT_MAX / sizeof(int)) - sizeof(RangeSet))) - -static RangeSet* parse_range(char* text) { - char* save; - char* token; - int num; - long int val; - RangeSet* out = NULL; - size_t bufsize; +static void parse_range(const char* range_text, RangeSet& rs) { - if (!text) { - goto err; + if (range_text == nullptr) { + fprintf(stderr, "failed to parse range: null range\n"); + exit(1); } - token = strtok_r(text, ",", &save); + std::vector pieces = android::base::Split(std::string(range_text), ","); + long int val; - if (!token) { + if (pieces.size() < 3) { goto err; } errno = 0; - val = strtol(token, NULL, 0); + val = strtol(pieces[0].c_str(), nullptr, 0); - if (errno != 0 || val < 2 || val > RANGESET_MAX_POINTS) { + if (errno != 0 || val < 2 || val > INT_MAX) { goto err; } else if (val % 2) { goto err; // must be even - } - - num = (int) val; - bufsize = sizeof(RangeSet) + num * sizeof(size_t); - - out = reinterpret_cast(malloc(bufsize)); - - if (!out) { - fprintf(stderr, "failed to allocate range of %zu bytes\n", bufsize); + } else if (val != static_cast(pieces.size() - 1)) { goto err; } - out->count = num / 2; - out->size = 0; - - for (int i = 0; i < num; i += 2) { - token = strtok_r(NULL, ",", &save); + size_t num; + num = static_cast(val); - if (!token) { - goto err; - } + rs.pos.resize(num); + rs.count = num / 2; + rs.size = 0; + for (size_t i = 0; i < num; i += 2) { + const char* token = pieces[i+1].c_str(); errno = 0; - val = strtol(token, NULL, 0); - + val = strtol(token, nullptr, 0); if (errno != 0 || val < 0 || val > INT_MAX) { goto err; } + rs.pos[i] = static_cast(val); - out->pos[i] = static_cast(val); - - token = strtok_r(NULL, ",", &save); - - if (!token) { - goto err; - } - + token = pieces[i+2].c_str(); errno = 0; - val = strtol(token, NULL, 0); - + val = strtol(token, nullptr, 0); if (errno != 0 || val < 0 || val > INT_MAX) { goto err; } + rs.pos[i+1] = static_cast(val); - out->pos[i+1] = static_cast(val); - - if (out->pos[i] >= out->pos[i+1]) { + if (rs.pos[i] >= rs.pos[i+1]) { goto err; // empty or negative range } - size_t rs = out->pos[i+1] - out->pos[i]; - if (out->size > SIZE_MAX - rs) { + size_t sz = rs.pos[i+1] - rs.pos[i]; + if (rs.size > SIZE_MAX - sz) { goto err; // overflow } - out->size += rs; - } - - if (out->size == 0) { - goto err; + rs.size += sz; } - return out; + return; err: - fprintf(stderr, "failed to parse range '%s'\n", text ? text : "NULL"); + fprintf(stderr, "failed to parse range '%s'\n", range_text); exit(1); } @@ -219,24 +192,26 @@ static void allocate(size_t size, uint8_t** buffer, size_t* buffer_alloc) { free(*buffer); *buffer = (uint8_t*) malloc(size); - if (*buffer == NULL) { + if (*buffer == nullptr) { fprintf(stderr, "failed to allocate %zu bytes\n", size); exit(1); } *buffer_alloc = size; } -typedef struct { +struct RangeSinkState { + RangeSinkState(RangeSet& rs) : tgt(rs) { }; + int fd; - RangeSet* tgt; + const RangeSet& tgt; size_t p_block; size_t p_remain; -} RangeSinkState; +}; static ssize_t RangeSinkWrite(const uint8_t* data, ssize_t size, void* token) { - RangeSinkState* rss = (RangeSinkState*) token; + RangeSinkState* rss = reinterpret_cast(token); - if (rss->p_remain <= 0) { + if (rss->p_remain == 0) { fprintf(stderr, "range sink write overrun"); return 0; } @@ -262,11 +237,11 @@ static ssize_t RangeSinkWrite(const uint8_t* data, ssize_t size, void* token) { if (rss->p_remain == 0) { // move to the next block ++rss->p_block; - if (rss->p_block < rss->tgt->count) { - rss->p_remain = (rss->tgt->pos[rss->p_block * 2 + 1] - - rss->tgt->pos[rss->p_block * 2]) * BLOCKSIZE; + if (rss->p_block < rss->tgt.count) { + rss->p_remain = (rss->tgt.pos[rss->p_block * 2 + 1] - + rss->tgt.pos[rss->p_block * 2]) * BLOCKSIZE; - if (!check_lseek(rss->fd, (off64_t)rss->tgt->pos[rss->p_block*2] * BLOCKSIZE, + if (!check_lseek(rss->fd, (off64_t)rss->tgt.pos[rss->p_block*2] * BLOCKSIZE, SEEK_SET)) { break; } @@ -302,7 +277,7 @@ static ssize_t RangeSinkWrite(const uint8_t* data, ssize_t size, void* token) { // condition. When the background thread is done writing, it clears // rss and signals the condition again. -typedef struct { +struct NewThreadInfo { ZipArchive* za; const ZipEntry* entry; @@ -310,16 +285,16 @@ typedef struct { pthread_mutex_t mu; pthread_cond_t cv; -} NewThreadInfo; +}; static bool receive_new_data(const unsigned char* data, int size, void* cookie) { - NewThreadInfo* nti = (NewThreadInfo*) cookie; + NewThreadInfo* nti = reinterpret_cast(cookie); while (size > 0) { - // Wait for nti->rss to be non-NULL, indicating some of this + // Wait for nti->rss to be non-null, indicating some of this // data is wanted. pthread_mutex_lock(&nti->mu); - while (nti->rss == NULL) { + while (nti->rss == nullptr) { pthread_cond_wait(&nti->cv, &nti->mu); } pthread_mutex_unlock(&nti->mu); @@ -330,11 +305,11 @@ static bool receive_new_data(const unsigned char* data, int size, void* cookie) data += written; size -= written; - if (nti->rss->p_block == nti->rss->tgt->count) { + if (nti->rss->p_block == nti->rss->tgt.count) { // we have written all the bytes desired by this rss. pthread_mutex_lock(&nti->mu); - nti->rss = NULL; + nti->rss = nullptr; pthread_cond_broadcast(&nti->cv); pthread_mutex_unlock(&nti->mu); } @@ -346,22 +321,22 @@ static bool receive_new_data(const unsigned char* data, int size, void* cookie) static void* unzip_new_data(void* cookie) { NewThreadInfo* nti = (NewThreadInfo*) cookie; mzProcessZipEntryContents(nti->za, nti->entry, receive_new_data, nti); - return NULL; + return nullptr; } -static int ReadBlocks(RangeSet* src, uint8_t* buffer, int fd) { +static int ReadBlocks(const RangeSet& src, uint8_t* buffer, int fd) { size_t p = 0; - if (!src || !buffer) { + if (!buffer) { return -1; } - for (size_t i = 0; i < src->count; ++i) { - if (!check_lseek(fd, (off64_t) src->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + for (size_t i = 0; i < src.count; ++i) { + if (!check_lseek(fd, (off64_t) src.pos[i * 2] * BLOCKSIZE, SEEK_SET)) { return -1; } - size_t size = (src->pos[i * 2 + 1] - src->pos[i * 2]) * BLOCKSIZE; + size_t size = (src.pos[i * 2 + 1] - src.pos[i * 2]) * BLOCKSIZE; if (read_all(fd, buffer + p, size) == -1) { return -1; @@ -373,19 +348,18 @@ static int ReadBlocks(RangeSet* src, uint8_t* buffer, int fd) { return 0; } -static int WriteBlocks(RangeSet* tgt, uint8_t* buffer, int fd) { - size_t p = 0; - - if (!tgt || !buffer) { +static int WriteBlocks(const RangeSet& tgt, uint8_t* buffer, int fd) { + if (!buffer) { return -1; } - for (size_t i = 0; i < tgt->count; ++i) { - if (!check_lseek(fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + size_t p = 0; + for (size_t i = 0; i < tgt.count; ++i) { + if (!check_lseek(fd, (off64_t) tgt.pos[i * 2] * BLOCKSIZE, SEEK_SET)) { return -1; } - size_t size = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * BLOCKSIZE; + size_t size = (tgt.pos[i * 2 + 1] - tgt.pos[i * 2]) * BLOCKSIZE; if (write_all(fd, buffer + p, size) == -1) { return -1; @@ -405,54 +379,51 @@ static int WriteBlocks(RangeSet* tgt, uint8_t* buffer, int fd) { // // The source range is loaded into the provided buffer, reallocating // it to make it larger if necessary. The target ranges are returned -// in *tgt, if tgt is non-NULL. - -static int LoadSrcTgtVersion1(char** wordsave, RangeSet** tgt, int* src_blocks, - uint8_t** buffer, size_t* buffer_alloc, int fd) { - char* word; - int rc; +// in *tgt, if tgt is non-null. - word = strtok_r(NULL, " ", wordsave); - RangeSet* src = parse_range(word); +static int LoadSrcTgtVersion1(char** wordsave, RangeSet* tgt, size_t& src_blocks, + uint8_t** buffer, size_t* buffer_alloc, int fd) { + char* word = strtok_r(nullptr, " ", wordsave); + RangeSet src; + parse_range(word, src); - if (tgt != NULL) { - word = strtok_r(NULL, " ", wordsave); - *tgt = parse_range(word); + if (tgt != nullptr) { + word = strtok_r(nullptr, " ", wordsave); + parse_range(word, *tgt); } - allocate(src->size * BLOCKSIZE, buffer, buffer_alloc); - rc = ReadBlocks(src, *buffer, fd); - *src_blocks = src->size; + allocate(src.size * BLOCKSIZE, buffer, buffer_alloc); + int rc = ReadBlocks(src, *buffer, fd); + src_blocks = src.size; - free(src); return rc; } -static int VerifyBlocks(const char *expected, const uint8_t *buffer, - size_t blocks, bool printerror) { - int rc = -1; +static int VerifyBlocks(const std::string& expected, const uint8_t* buffer, + const size_t blocks, bool printerror) { uint8_t digest[SHA_DIGEST_SIZE]; - if (!expected || !buffer) { - return rc; + if (!buffer) { + return -1; } SHA_hash(buffer, blocks * BLOCKSIZE, digest); std::string hexdigest = print_sha1(digest); - rc = hexdigest != std::string(expected); - - if (rc != 0 && printerror) { - fprintf(stderr, "failed to verify blocks (expected %s, read %s)\n", - expected, hexdigest.c_str()); + if (hexdigest != expected) { + if (printerror) { + fprintf(stderr, "failed to verify blocks (expected %s, read %s)\n", + expected.c_str(), hexdigest.c_str()); + } + return -1; } - return rc; + return 0; } -static std::string GetStashFileName(const std::string& base, const std::string id, - const std::string postfix) { +static std::string GetStashFileName(const std::string& base, const std::string& id, + const std::string& postfix) { if (base.empty()) { return ""; } @@ -471,13 +442,13 @@ typedef void (*StashCallback)(const std::string&, void*); // parameter. static void EnumerateStash(const std::string& dirname, StashCallback callback, void* data) { - if (dirname.empty() || callback == NULL) { + if (dirname.empty() || callback == nullptr) { return; } std::unique_ptr directory(opendir(dirname.c_str()), closedir); - if (directory == NULL) { + if (directory == nullptr) { if (errno != ENOENT) { fprintf(stderr, "opendir \"%s\" failed: %s\n", dirname.c_str(), strerror(errno)); } @@ -485,7 +456,7 @@ static void EnumerateStash(const std::string& dirname, StashCallback callback, v } struct dirent* item; - while ((item = readdir(directory.get())) != NULL) { + while ((item = readdir(directory.get())) != nullptr) { if (item->d_type != DT_REG) { continue; } @@ -500,21 +471,21 @@ static void UpdateFileSize(const std::string& fn, void* data) { return; } - struct stat st; - if (stat(fn.c_str(), &st) == -1) { + struct stat sb; + if (stat(fn.c_str(), &sb) == -1) { fprintf(stderr, "stat \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); return; } int* size = reinterpret_cast(data); - *size += st.st_size; + *size += sb.st_size; } // Deletes the stash directory and all files in it. Assumes that it only // contains files. There is nothing we can do about unlikely, but possible // errors, so they are merely logged. -static void DeleteFile(const std::string& fn, void* data) { +static void DeleteFile(const std::string& fn, void* /* data */) { if (!fn.empty()) { fprintf(stderr, "deleting %s\n", fn.c_str()); @@ -538,7 +509,7 @@ static void DeleteStash(const std::string& base) { fprintf(stderr, "deleting stash %s\n", base.c_str()); std::string dirname = GetStashFileName(base, "", ""); - EnumerateStash(dirname, DeleteFile, NULL); + EnumerateStash(dirname, DeleteFile, nullptr); if (rmdir(dirname.c_str()) == -1) { if (errno != ENOENT && errno != ENOTDIR) { @@ -547,170 +518,141 @@ static void DeleteStash(const std::string& base) { } } -static int LoadStash(const std::string& base, const char* id, int verify, int* blocks, +static int LoadStash(const std::string& base, const std::string& id, bool verify, size_t* blocks, uint8_t** buffer, size_t* buffer_alloc, bool printnoent) { - std::string fn; - int blockcount = 0; - int fd = -1; - int rc = -1; - int res; - struct stat st; - - if (base.empty() || !id || !buffer || !buffer_alloc) { - goto lsout; + if (base.empty() || !buffer || !buffer_alloc) { + return -1; } + size_t blockcount = 0; + if (!blocks) { blocks = &blockcount; } - fn = GetStashFileName(base, std::string(id), ""); + std::string fn = GetStashFileName(base, id, ""); - res = stat(fn.c_str(), &st); + struct stat sb; + int res = stat(fn.c_str(), &sb); if (res == -1) { if (errno != ENOENT || printnoent) { fprintf(stderr, "stat \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); } - goto lsout; + return -1; } fprintf(stderr, " loading %s\n", fn.c_str()); - if ((st.st_size % BLOCKSIZE) != 0) { + if ((sb.st_size % BLOCKSIZE) != 0) { fprintf(stderr, "%s size %" PRId64 " not multiple of block size %d", - fn.c_str(), static_cast(st.st_size), BLOCKSIZE); - goto lsout; + fn.c_str(), static_cast(sb.st_size), BLOCKSIZE); + return -1; } - fd = TEMP_FAILURE_RETRY(open(fn.c_str(), O_RDONLY)); + int fd = TEMP_FAILURE_RETRY(open(fn.c_str(), O_RDONLY)); + unique_fd fd_holder(fd); if (fd == -1) { fprintf(stderr, "open \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); - goto lsout; + return -1; } - allocate(st.st_size, buffer, buffer_alloc); + allocate(sb.st_size, buffer, buffer_alloc); - if (read_all(fd, *buffer, st.st_size) == -1) { - goto lsout; + if (read_all(fd, *buffer, sb.st_size) == -1) { + return -1; } - *blocks = st.st_size / BLOCKSIZE; + *blocks = sb.st_size / BLOCKSIZE; if (verify && VerifyBlocks(id, *buffer, *blocks, true) != 0) { fprintf(stderr, "unexpected contents in %s\n", fn.c_str()); - DeleteFile(fn, NULL); - goto lsout; - } - - rc = 0; - -lsout: - if (fd != -1) { - close(fd); + DeleteFile(fn, nullptr); + return -1; } - return rc; + return 0; } -static int WriteStash(const std::string& base, const char* id, int blocks, - uint8_t* buffer, bool checkspace, int *exists) { - std::string fn; - std::string cn; - std::string dname; - int fd = -1; - int rc = -1; - int dfd = -1; - int res; - struct stat st; - - if (base.empty() || buffer == NULL) { - goto wsout; +static int WriteStash(const std::string& base, const std::string& id, int blocks, uint8_t* buffer, + bool checkspace, bool *exists) { + if (base.empty() || buffer == nullptr) { + return -1; } if (checkspace && CacheSizeCheck(blocks * BLOCKSIZE) != 0) { fprintf(stderr, "not enough space to write stash\n"); - goto wsout; + return -1; } - fn = GetStashFileName(base, std::string(id), ".partial"); - cn = GetStashFileName(base, std::string(id), ""); + std::string fn = GetStashFileName(base, id, ".partial"); + std::string cn = GetStashFileName(base, id, ""); if (exists) { - res = stat(cn.c_str(), &st); + struct stat sb; + int res = stat(cn.c_str(), &sb); if (res == 0) { // The file already exists and since the name is the hash of the contents, // it's safe to assume the contents are identical (accidental hash collisions // are unlikely) fprintf(stderr, " skipping %d existing blocks in %s\n", blocks, cn.c_str()); - *exists = 1; - rc = 0; - goto wsout; + *exists = true; + return 0; } - *exists = 0; + *exists = false; } fprintf(stderr, " writing %d blocks to %s\n", blocks, cn.c_str()); - fd = TEMP_FAILURE_RETRY(open(fn.c_str(), O_WRONLY | O_CREAT | O_TRUNC, STASH_FILE_MODE)); + int fd = TEMP_FAILURE_RETRY(open(fn.c_str(), O_WRONLY | O_CREAT | O_TRUNC, STASH_FILE_MODE)); + unique_fd fd_holder(fd); if (fd == -1) { fprintf(stderr, "failed to create \"%s\": %s\n", fn.c_str(), strerror(errno)); - goto wsout; + return -1; } if (write_all(fd, buffer, blocks * BLOCKSIZE) == -1) { - goto wsout; + return -1; } if (fsync(fd) == -1) { fprintf(stderr, "fsync \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); - goto wsout; + return -1; } if (rename(fn.c_str(), cn.c_str()) == -1) { fprintf(stderr, "rename(\"%s\", \"%s\") failed: %s\n", fn.c_str(), cn.c_str(), strerror(errno)); - goto wsout; + return -1; } - dname = GetStashFileName(base, "", ""); - dfd = TEMP_FAILURE_RETRY(open(dname.c_str(), O_RDONLY | O_DIRECTORY)); + std::string dname = GetStashFileName(base, "", ""); + int dfd = TEMP_FAILURE_RETRY(open(dname.c_str(), O_RDONLY | O_DIRECTORY)); + unique_fd dfd_holder(dfd); if (dfd == -1) { fprintf(stderr, "failed to open \"%s\" failed: %s\n", dname.c_str(), strerror(errno)); - goto wsout; + return -1; } if (fsync(dfd) == -1) { fprintf(stderr, "fsync \"%s\" failed: %s\n", dname.c_str(), strerror(errno)); - goto wsout; - } - - rc = 0; - -wsout: - if (fd != -1) { - close(fd); - } - - if (dfd != -1) { - close(dfd); + return -1; } - return rc; + return 0; } // Creates a directory for storing stash files and checks if the /cache partition // hash enough space for the expected amount of blocks we need to store. Returns // >0 if we created the directory, zero if it existed already, and <0 of failure. -static int CreateStash(State* state, int maxblocks, const char* blockdev, - std::string& base) { - if (blockdev == NULL) { +static int CreateStash(State* state, int maxblocks, const char* blockdev, std::string& base) { + if (blockdev == nullptr) { return -1; } @@ -724,8 +666,8 @@ static int CreateStash(State* state, int maxblocks, const char* blockdev, base = print_sha1(digest); std::string dirname = GetStashFileName(base, "", ""); - struct stat st; - int res = stat(dirname.c_str(), &st); + struct stat sb; + int res = stat(dirname.c_str(), &sb); if (res == -1 && errno != ENOENT) { ErrorAbort(state, "stat \"%s\" failed: %s\n", dirname.c_str(), strerror(errno)); @@ -753,11 +695,11 @@ static int CreateStash(State* state, int maxblocks, const char* blockdev, // stash files and check if there's enough for all required blocks. Delete any // partially completed stash files first. - EnumerateStash(dirname, DeletePartial, NULL); + EnumerateStash(dirname, DeletePartial, nullptr); int size = 0; EnumerateStash(dirname, UpdateFileSize, &size); - size = (maxblocks * BLOCKSIZE) - size; + size = maxblocks * BLOCKSIZE - size; if (size > 0 && CacheSizeCheck(size) != 0) { ErrorAbort(state, "not enough space for stash (%d more needed)\n", size); @@ -768,26 +710,27 @@ static int CreateStash(State* state, int maxblocks, const char* blockdev, } static int SaveStash(const std::string& base, char** wordsave, uint8_t** buffer, - size_t* buffer_alloc, int fd, bool usehash) { + size_t* buffer_alloc, int fd, bool usehash) { if (!wordsave || !buffer || !buffer_alloc) { return -1; } - char *id = strtok_r(NULL, " ", wordsave); - if (id == NULL) { + char *id_tok = strtok_r(nullptr, " ", wordsave); + if (id_tok == nullptr) { fprintf(stderr, "missing id field in stash command\n"); return -1; } + std::string id(id_tok); - int blocks = 0; - if (usehash && LoadStash(base, id, 1, &blocks, buffer, buffer_alloc, false) == 0) { + size_t blocks = 0; + if (usehash && LoadStash(base, id, true, &blocks, buffer, buffer_alloc, false) == 0) { // Stash file already exists and has expected contents. Do not // read from source again, as the source may have been already // overwritten during a previous attempt. return 0; } - if (LoadSrcTgtVersion1(wordsave, NULL, &blocks, buffer, buffer_alloc, fd) == -1) { + if (LoadSrcTgtVersion1(wordsave, nullptr, blocks, buffer, buffer_alloc, fd) == -1) { return -1; } @@ -796,37 +739,36 @@ static int SaveStash(const std::string& base, char** wordsave, uint8_t** buffer, // data later, this is an unrecoverable error. However, the command // that uses the data may have already completed previously, so the // possible failure will occur during source block verification. - fprintf(stderr, "failed to load source blocks for stash %s\n", id); + fprintf(stderr, "failed to load source blocks for stash %s\n", id.c_str()); return 0; } - fprintf(stderr, "stashing %d blocks to %s\n", blocks, id); - return WriteStash(base, id, blocks, *buffer, false, NULL); + fprintf(stderr, "stashing %zu blocks to %s\n", blocks, id.c_str()); + return WriteStash(base, id, blocks, *buffer, false, nullptr); } static int FreeStash(const std::string& base, const char* id) { - if (base.empty() || id == NULL) { + if (base.empty() || id == nullptr) { return -1; } std::string fn = GetStashFileName(base, std::string(id), ""); - DeleteFile(fn, NULL); + DeleteFile(fn, nullptr); return 0; } -static void MoveRange(uint8_t* dest, RangeSet* locs, const uint8_t* source) { +static void MoveRange(uint8_t* dest, const RangeSet& locs, const uint8_t* source) { // source contains packed data, which we want to move to the // locations given in *locs in the dest buffer. source and dest // may be the same buffer. - int start = locs->size; - int i; - for (i = locs->count-1; i >= 0; --i) { - int blocks = locs->pos[i*2+1] - locs->pos[i*2]; + size_t start = locs.size; + for (int i = locs.count-1; i >= 0; --i) { + size_t blocks = locs.pos[i*2+1] - locs.pos[i*2]; start -= blocks; - memmove(dest + (locs->pos[i*2] * BLOCKSIZE), source + (start * BLOCKSIZE), + memmove(dest + (locs.pos[i*2] * BLOCKSIZE), source + (start * BLOCKSIZE), blocks * BLOCKSIZE); } } @@ -849,63 +791,59 @@ static void MoveRange(uint8_t* dest, RangeSet* locs, const uint8_t* source) { // reallocated if needed to accommodate the source data. *tgt is the // target RangeSet. Any stashes required are loaded using LoadStash. -static int LoadSrcTgtVersion2(char** wordsave, RangeSet** tgt, int* src_blocks, - uint8_t** buffer, size_t* buffer_alloc, int fd, - const std::string& stashbase, bool* overlap) { +static int LoadSrcTgtVersion2(char** wordsave, RangeSet* tgt, size_t& src_blocks, uint8_t** buffer, + size_t* buffer_alloc, int fd, const std::string& stashbase, bool* overlap) { char* word; char* colonsave; char* colon; - int res; - RangeSet* locs; + RangeSet locs; size_t stashalloc = 0; - uint8_t* stash = NULL; + uint8_t* stash = nullptr; - if (tgt != NULL) { - word = strtok_r(NULL, " ", wordsave); - *tgt = parse_range(word); + if (tgt != nullptr) { + word = strtok_r(nullptr, " ", wordsave); + parse_range(word, *tgt); } - word = strtok_r(NULL, " ", wordsave); - *src_blocks = strtol(word, NULL, 0); + word = strtok_r(nullptr, " ", wordsave); + src_blocks = strtol(word, nullptr, 0); - allocate(*src_blocks * BLOCKSIZE, buffer, buffer_alloc); + allocate(src_blocks * BLOCKSIZE, buffer, buffer_alloc); - word = strtok_r(NULL, " ", wordsave); + word = strtok_r(nullptr, " ", wordsave); if (word[0] == '-' && word[1] == '\0') { // no source ranges, only stashes } else { - RangeSet* src = parse_range(word); - res = ReadBlocks(src, *buffer, fd); + RangeSet src; + parse_range(word, src); + int res = ReadBlocks(src, *buffer, fd); if (overlap && tgt) { - *overlap = range_overlaps(*src, **tgt); + *overlap = range_overlaps(src, *tgt); } - free(src); - if (res == -1) { return -1; } - word = strtok_r(NULL, " ", wordsave); - if (word == NULL) { + word = strtok_r(nullptr, " ", wordsave); + if (word == nullptr) { // no stashes, only source range return 0; } - locs = parse_range(word); + parse_range(word, locs); MoveRange(*buffer, locs, *buffer); - free(locs); } - while ((word = strtok_r(NULL, " ", wordsave)) != NULL) { + while ((word = strtok_r(nullptr, " ", wordsave)) != nullptr) { // Each word is a an index into the stash table, a colon, and // then a rangeset describing where in the source block that // stashed data should go. - colonsave = NULL; + colonsave = nullptr; colon = strtok_r(word, ":", &colonsave); - res = LoadStash(stashbase, colon, 0, NULL, &stash, &stashalloc, true); + int res = LoadStash(stashbase, std::string(colon), false, nullptr, &stash, &stashalloc, true); if (res == -1) { // These source blocks will fail verification if used later, but we @@ -914,11 +852,10 @@ static int LoadSrcTgtVersion2(char** wordsave, RangeSet** tgt, int* src_blocks, continue; } - colon = strtok_r(NULL, ":", &colonsave); - locs = parse_range(colon); + colon = strtok_r(nullptr, ":", &colonsave); + parse_range(colon, locs); MoveRange(*buffer, locs, stash); - free(locs); } if (stash) { @@ -929,7 +866,7 @@ static int LoadSrcTgtVersion2(char** wordsave, RangeSet** tgt, int* src_blocks, } // Parameters for transfer list command functions -typedef struct { +struct CommandParameters { char* cmdname; char* cpos; char* freestash; @@ -937,16 +874,16 @@ typedef struct { bool canwrite; int createdstash; int fd; - int foundwrites; + bool foundwrites; bool isunresumable; int version; - int written; + size_t written; NewThreadInfo nti; pthread_t thread; size_t bufsize; uint8_t* buffer; uint8_t* patch_start; -} CommandParameters; +}; // Do a source/target load for move/bsdiff/imgdiff in version 3. // @@ -965,464 +902,367 @@ typedef struct { // If the return value is 0, source blocks have expected content and the command // can be performed. -static int LoadSrcTgtVersion3(CommandParameters* params, RangeSet** tgt, int* src_blocks, - int onehash, bool* overlap) { - char* srchash = NULL; - char* tgthash = NULL; - int stash_exists = 0; - int rc = -1; - uint8_t* tgtbuffer = NULL; +static int LoadSrcTgtVersion3(CommandParameters& params, RangeSet* tgt, size_t& src_blocks, + bool onehash, bool& overlap) { - if (!params|| !tgt || !src_blocks || !overlap) { - goto v3out; + if (!tgt) { + return -1; } - srchash = strtok_r(NULL, " ", ¶ms->cpos); - - if (srchash == NULL) { + char* srchash = strtok_r(nullptr, " ", ¶ms.cpos); + if (srchash == nullptr) { fprintf(stderr, "missing source hash\n"); - goto v3out; + return -1; } + char* tgthash = nullptr; if (onehash) { tgthash = srchash; } else { - tgthash = strtok_r(NULL, " ", ¶ms->cpos); + tgthash = strtok_r(nullptr, " ", ¶ms.cpos); - if (tgthash == NULL) { + if (tgthash == nullptr) { fprintf(stderr, "missing target hash\n"); - goto v3out; + return -1; } } - if (LoadSrcTgtVersion2(¶ms->cpos, tgt, src_blocks, ¶ms->buffer, ¶ms->bufsize, - params->fd, params->stashbase, overlap) == -1) { - goto v3out; + if (LoadSrcTgtVersion2(¶ms.cpos, tgt, src_blocks, ¶ms.buffer, ¶ms.bufsize, + params.fd, params.stashbase, &overlap) == -1) { + return -1; } - tgtbuffer = (uint8_t*) malloc((*tgt)->size * BLOCKSIZE); + std::vector tgtbuffer(tgt->size * BLOCKSIZE); - if (tgtbuffer == NULL) { - fprintf(stderr, "failed to allocate %d bytes\n", (*tgt)->size * BLOCKSIZE); - goto v3out; - } - - if (ReadBlocks(*tgt, tgtbuffer, params->fd) == -1) { - goto v3out; + if (ReadBlocks(*tgt, tgtbuffer.data(), params.fd) == -1) { + return -1; } - if (VerifyBlocks(tgthash, tgtbuffer, (*tgt)->size, false) == 0) { + if (VerifyBlocks(tgthash, tgtbuffer.data(), tgt->size, false) == 0) { // Target blocks already have expected content, command should be skipped - rc = 1; - goto v3out; + fprintf(stderr, "verified, to return 1"); + return 1; } - if (VerifyBlocks(srchash, params->buffer, *src_blocks, true) == 0) { + if (VerifyBlocks(srchash, params.buffer, src_blocks, true) == 0) { // If source and target blocks overlap, stash the source blocks so we can // resume from possible write errors - if (*overlap) { - fprintf(stderr, "stashing %d overlapping blocks to %s\n", *src_blocks, - srchash); + if (overlap) { + fprintf(stderr, "stashing %zu overlapping blocks to %s\n", src_blocks, srchash); - if (WriteStash(params->stashbase, srchash, *src_blocks, params->buffer, true, - &stash_exists) != 0) { + bool stash_exists = false; + if (WriteStash(params.stashbase, std::string(srchash), src_blocks, params.buffer, true, + &stash_exists) != 0) { fprintf(stderr, "failed to stash overlapping source blocks\n"); - goto v3out; + return -1; } // Can be deleted when the write has completed if (!stash_exists) { - params->freestash = srchash; + params.freestash = srchash; } } // Source blocks have expected content, command can proceed - rc = 0; - goto v3out; + return 0; } - if (*overlap && LoadStash(params->stashbase, srchash, 1, NULL, ¶ms->buffer, - ¶ms->bufsize, true) == 0) { + if (overlap && LoadStash(params.stashbase, std::string(srchash), true, nullptr, ¶ms.buffer, + ¶ms.bufsize, true) == 0) { // Overlapping source blocks were previously stashed, command can proceed. // We are recovering from an interrupted command, so we don't know if the // stash can safely be deleted after this command. - rc = 0; - goto v3out; + return 0; } // Valid source data not available, update cannot be resumed fprintf(stderr, "partition has unexpected contents\n"); - params->isunresumable = true; - -v3out: - if (tgtbuffer) { - free(tgtbuffer); - } + params.isunresumable = true; - return rc; + return -1; } -static int PerformCommandMove(CommandParameters* params) { - int blocks = 0; +static int PerformCommandMove(CommandParameters& params) { + size_t blocks = 0; bool overlap = false; - int rc = -1; int status = 0; - RangeSet* tgt = NULL; + RangeSet tgt; - if (!params) { - goto pcmout; - } - - if (params->version == 1) { - status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd); - } else if (params->version == 2) { - status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd, params->stashbase, NULL); - } else if (params->version >= 3) { - status = LoadSrcTgtVersion3(params, &tgt, &blocks, 1, &overlap); + if (params.version == 1) { + status = LoadSrcTgtVersion1(¶ms.cpos, &tgt, blocks, ¶ms.buffer, + ¶ms.bufsize, params.fd); + } else if (params.version == 2) { + status = LoadSrcTgtVersion2(¶ms.cpos, &tgt, blocks, ¶ms.buffer, + ¶ms.bufsize, params.fd, params.stashbase, nullptr); + } else if (params.version >= 3) { + status = LoadSrcTgtVersion3(params, &tgt, blocks, true, overlap); } if (status == -1) { fprintf(stderr, "failed to read blocks for move\n"); - goto pcmout; + return -1; } if (status == 0) { - params->foundwrites = 1; - } else if (params->foundwrites) { - fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); + params.foundwrites = true; + } else if (params.foundwrites) { + fprintf(stderr, "warning: commands executed out of order [%s]\n", params.cmdname); } - if (params->canwrite) { + if (params.canwrite) { if (status == 0) { - fprintf(stderr, " moving %d blocks\n", blocks); + fprintf(stderr, " moving %zu blocks\n", blocks); - if (WriteBlocks(tgt, params->buffer, params->fd) == -1) { - goto pcmout; + if (WriteBlocks(tgt, params.buffer, params.fd) == -1) { + return -1; } } else { - fprintf(stderr, "skipping %d already moved blocks\n", blocks); + fprintf(stderr, "skipping %zu already moved blocks\n", blocks); } } - if (params->freestash) { - FreeStash(params->stashbase, params->freestash); - params->freestash = NULL; + if (params.freestash) { + FreeStash(params.stashbase, params.freestash); + params.freestash = nullptr; } - params->written += tgt->size; - rc = 0; + params.written += tgt.size; -pcmout: - if (tgt) { - free(tgt); - } - - return rc; + return 0; } -static int PerformCommandStash(CommandParameters* params) { - if (!params) { - return -1; - } - - return SaveStash(params->stashbase, ¶ms->cpos, ¶ms->buffer, ¶ms->bufsize, - params->fd, (params->version >= 3)); +static int PerformCommandStash(CommandParameters& params) { + return SaveStash(params.stashbase, ¶ms.cpos, ¶ms.buffer, ¶ms.bufsize, + params.fd, (params.version >= 3)); } -static int PerformCommandFree(CommandParameters* params) { - if (!params) { - return -1; - } - - if (params->createdstash || params->canwrite) { - return FreeStash(params->stashbase, params->cpos); +static int PerformCommandFree(CommandParameters& params) { + if (params.createdstash || params.canwrite) { + return FreeStash(params.stashbase, params.cpos); } return 0; } -static int PerformCommandZero(CommandParameters* params) { - char* range = NULL; - int rc = -1; - RangeSet* tgt = NULL; +static int PerformCommandZero(CommandParameters& params) { + char* range = strtok_r(nullptr, " ", ¶ms.cpos); - if (!params) { - goto pczout; - } - - range = strtok_r(NULL, " ", ¶ms->cpos); - - if (range == NULL) { + if (range == nullptr) { fprintf(stderr, "missing target blocks for zero\n"); - goto pczout; + return -1; } - tgt = parse_range(range); + RangeSet tgt; + parse_range(range, tgt); - fprintf(stderr, " zeroing %d blocks\n", tgt->size); + fprintf(stderr, " zeroing %zu blocks\n", tgt.size); - allocate(BLOCKSIZE, ¶ms->buffer, ¶ms->bufsize); - memset(params->buffer, 0, BLOCKSIZE); + allocate(BLOCKSIZE, ¶ms.buffer, ¶ms.bufsize); + memset(params.buffer, 0, BLOCKSIZE); - if (params->canwrite) { - for (size_t i = 0; i < tgt->count; ++i) { - if (!check_lseek(params->fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { - goto pczout; + if (params.canwrite) { + for (size_t i = 0; i < tgt.count; ++i) { + if (!check_lseek(params.fd, (off64_t) tgt.pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + return -1; } - for (size_t j = tgt->pos[i * 2]; j < tgt->pos[i * 2 + 1]; ++j) { - if (write_all(params->fd, params->buffer, BLOCKSIZE) == -1) { - goto pczout; + for (size_t j = tgt.pos[i * 2]; j < tgt.pos[i * 2 + 1]; ++j) { + if (write_all(params.fd, params.buffer, BLOCKSIZE) == -1) { + return -1; } } } } - if (params->cmdname[0] == 'z') { + if (params.cmdname[0] == 'z') { // Update only for the zero command, as the erase command will call // this if DEBUG_ERASE is defined. - params->written += tgt->size; - } - - rc = 0; - -pczout: - if (tgt) { - free(tgt); + params.written += tgt.size; } - return rc; + return 0; } -static int PerformCommandNew(CommandParameters* params) { - char* range = NULL; - int rc = -1; - RangeSet* tgt = NULL; - RangeSinkState rss; +static int PerformCommandNew(CommandParameters& params) { + char* range = strtok_r(nullptr, " ", ¶ms.cpos); - if (!params) { - goto pcnout; - } - - range = strtok_r(NULL, " ", ¶ms->cpos); - - if (range == NULL) { - goto pcnout; + if (range == nullptr) { + return -1; } - tgt = parse_range(range); + RangeSet tgt; + parse_range(range, tgt); - if (params->canwrite) { - fprintf(stderr, " writing %d blocks of new data\n", tgt->size); + if (params.canwrite) { + fprintf(stderr, " writing %zu blocks of new data\n", tgt.size); - rss.fd = params->fd; - rss.tgt = tgt; + RangeSinkState rss(tgt); + rss.fd = params.fd; rss.p_block = 0; - rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; + rss.p_remain = (tgt.pos[1] - tgt.pos[0]) * BLOCKSIZE; - if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { - goto pcnout; + if (!check_lseek(params.fd, (off64_t) tgt.pos[0] * BLOCKSIZE, SEEK_SET)) { + return -1; } - pthread_mutex_lock(¶ms->nti.mu); - params->nti.rss = &rss; - pthread_cond_broadcast(¶ms->nti.cv); + pthread_mutex_lock(¶ms.nti.mu); + params.nti.rss = &rss; + pthread_cond_broadcast(¶ms.nti.cv); - while (params->nti.rss) { - pthread_cond_wait(¶ms->nti.cv, ¶ms->nti.mu); + while (params.nti.rss) { + pthread_cond_wait(¶ms.nti.cv, ¶ms.nti.mu); } - pthread_mutex_unlock(¶ms->nti.mu); + pthread_mutex_unlock(¶ms.nti.mu); } - params->written += tgt->size; - rc = 0; - -pcnout: - if (tgt) { - free(tgt); - } + params.written += tgt.size; - return rc; + return 0; } -static int PerformCommandDiff(CommandParameters* params) { - char* logparams = NULL; - char* value = NULL; - int blocks = 0; +static int PerformCommandDiff(CommandParameters& params) { + char* value = nullptr; bool overlap = false; - int rc = -1; - int status = 0; - RangeSet* tgt = NULL; - RangeSinkState rss; - size_t len = 0; - size_t offset = 0; - Value patch_value; + RangeSet tgt; - if (!params) { - goto pcdout; - } + const std::string logparams(params.cpos); + value = strtok_r(nullptr, " ", ¶ms.cpos); - logparams = strdup(params->cpos); - value = strtok_r(NULL, " ", ¶ms->cpos); - - if (value == NULL) { - fprintf(stderr, "missing patch offset for %s\n", params->cmdname); - goto pcdout; + if (value == nullptr) { + fprintf(stderr, "missing patch offset for %s\n", params.cmdname); + return -1; } - offset = strtoul(value, NULL, 0); + size_t offset = strtoul(value, nullptr, 0); - value = strtok_r(NULL, " ", ¶ms->cpos); + value = strtok_r(nullptr, " ", ¶ms.cpos); - if (value == NULL) { - fprintf(stderr, "missing patch length for %s\n", params->cmdname); - goto pcdout; + if (value == nullptr) { + fprintf(stderr, "missing patch length for %s\n", params.cmdname); + return -1; } - len = strtoul(value, NULL, 0); + size_t len = strtoul(value, nullptr, 0); - if (params->version == 1) { - status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd); - } else if (params->version == 2) { - status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd, params->stashbase, NULL); - } else if (params->version >= 3) { - status = LoadSrcTgtVersion3(params, &tgt, &blocks, 0, &overlap); + size_t blocks = 0; + int status = 0; + if (params.version == 1) { + status = LoadSrcTgtVersion1(¶ms.cpos, &tgt, blocks, ¶ms.buffer, + ¶ms.bufsize, params.fd); + } else if (params.version == 2) { + status = LoadSrcTgtVersion2(¶ms.cpos, &tgt, blocks, ¶ms.buffer, + ¶ms.bufsize, params.fd, params.stashbase, nullptr); + } else if (params.version >= 3) { + status = LoadSrcTgtVersion3(params, &tgt, blocks, false, overlap); } if (status == -1) { fprintf(stderr, "failed to read blocks for diff\n"); - goto pcdout; + return -1; } if (status == 0) { - params->foundwrites = 1; - } else if (params->foundwrites) { - fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); + params.foundwrites = true; + } else if (params.foundwrites) { + fprintf(stderr, "warning: commands executed out of order [%s]\n", params.cmdname); } - if (params->canwrite) { + if (params.canwrite) { if (status == 0) { - fprintf(stderr, "patching %d blocks to %d\n", blocks, tgt->size); + fprintf(stderr, "patching %zu blocks to %zu\n", blocks, tgt.size); + Value patch_value; patch_value.type = VAL_BLOB; patch_value.size = len; - patch_value.data = (char*) (params->patch_start + offset); + patch_value.data = (char*) (params.patch_start + offset); - rss.fd = params->fd; - rss.tgt = tgt; + RangeSinkState rss(tgt); + rss.fd = params.fd; rss.p_block = 0; - rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; + rss.p_remain = (tgt.pos[1] - tgt.pos[0]) * BLOCKSIZE; - if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { - goto pcdout; + if (!check_lseek(params.fd, (off64_t) tgt.pos[0] * BLOCKSIZE, SEEK_SET)) { + return -1; } - if (params->cmdname[0] == 'i') { // imgdiff - ApplyImagePatch(params->buffer, blocks * BLOCKSIZE, &patch_value, - &RangeSinkWrite, &rss, NULL, NULL); + if (params.cmdname[0] == 'i') { // imgdiff + ApplyImagePatch(params.buffer, blocks * BLOCKSIZE, &patch_value, + &RangeSinkWrite, &rss, nullptr, nullptr); } else { - ApplyBSDiffPatch(params->buffer, blocks * BLOCKSIZE, &patch_value, - 0, &RangeSinkWrite, &rss, NULL); + ApplyBSDiffPatch(params.buffer, blocks * BLOCKSIZE, &patch_value, + 0, &RangeSinkWrite, &rss, nullptr); } // We expect the output of the patcher to fill the tgt ranges exactly. - if (rss.p_block != tgt->count || rss.p_remain != 0) { + if (rss.p_block != tgt.count || rss.p_remain != 0) { fprintf(stderr, "range sink underrun?\n"); } } else { - fprintf(stderr, "skipping %d blocks already patched to %d [%s]\n", - blocks, tgt->size, logparams); + fprintf(stderr, "skipping %zu blocks already patched to %zu [%s]\n", + blocks, tgt.size, logparams.c_str()); } } - if (params->freestash) { - FreeStash(params->stashbase, params->freestash); - params->freestash = NULL; + if (params.freestash) { + FreeStash(params.stashbase, params.freestash); + params.freestash = nullptr; } - params->written += tgt->size; - rc = 0; + params.written += tgt.size; -pcdout: - if (logparams) { - free(logparams); - } - - if (tgt) { - free(tgt); - } - - return rc; + return 0; } -static int PerformCommandErase(CommandParameters* params) { - char* range = NULL; - int rc = -1; - RangeSet* tgt = NULL; - struct stat st; - uint64_t blocks[2]; - +static int PerformCommandErase(CommandParameters& params) { if (DEBUG_ERASE) { return PerformCommandZero(params); } - if (!params) { - goto pceout; - } - - if (fstat(params->fd, &st) == -1) { + struct stat sb; + if (fstat(params.fd, &sb) == -1) { fprintf(stderr, "failed to fstat device to erase: %s\n", strerror(errno)); - goto pceout; + return -1; } - if (!S_ISBLK(st.st_mode)) { + if (!S_ISBLK(sb.st_mode)) { fprintf(stderr, "not a block device; skipping erase\n"); - goto pceout; + return -1; } - range = strtok_r(NULL, " ", ¶ms->cpos); + char* range = strtok_r(nullptr, " ", ¶ms.cpos); - if (range == NULL) { + if (range == nullptr) { fprintf(stderr, "missing target blocks for erase\n"); - goto pceout; + return -1; } - tgt = parse_range(range); + RangeSet tgt; + parse_range(range, tgt); - if (params->canwrite) { - fprintf(stderr, " erasing %d blocks\n", tgt->size); + if (params.canwrite) { + fprintf(stderr, " erasing %zu blocks\n", tgt.size); - for (size_t i = 0; i < tgt->count; ++i) { + for (size_t i = 0; i < tgt.count; ++i) { + uint64_t blocks[2]; // offset in bytes - blocks[0] = tgt->pos[i * 2] * (uint64_t) BLOCKSIZE; + blocks[0] = tgt.pos[i * 2] * (uint64_t) BLOCKSIZE; // length in bytes - blocks[1] = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * (uint64_t) BLOCKSIZE; + blocks[1] = (tgt.pos[i * 2 + 1] - tgt.pos[i * 2]) * (uint64_t) BLOCKSIZE; - if (ioctl(params->fd, BLKDISCARD, &blocks) == -1) { + if (ioctl(params.fd, BLKDISCARD, &blocks) == -1) { fprintf(stderr, "BLKDISCARD ioctl failed: %s\n", strerror(errno)); - goto pceout; + return -1; } } } - rc = 0; - -pceout: - if (tgt) { - free(tgt); - } - - return rc; + return 0; } // Definitions for transfer list command functions -typedef int (*CommandFunction)(CommandParameters*); +typedef int (*CommandFunction)(CommandParameters&); typedef struct { const char* name; @@ -1457,32 +1297,28 @@ static unsigned int HashString(const char *s) { // - new data stream (filename within package.zip) // - patch stream (filename within package.zip, must be uncompressed) -static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, Expr* argv[], - const Command* commands, int cmdcount, bool dryrun) { +static Value* PerformBlockImageUpdate(const char* name, State* state, int /* argc */, Expr* argv[], + const Command* commands, size_t cmdcount, bool dryrun) { - char* line = NULL; - char* linesave = NULL; - char* logcmd = NULL; - char* transfer_list = NULL; + char* line = nullptr; + char* linesave = nullptr; + char* transfer_list = nullptr; CommandParameters params; - const Command* cmd = NULL; - const ZipEntry* new_entry = NULL; - const ZipEntry* patch_entry = NULL; - FILE* cmd_pipe = NULL; - HashTable* cmdht = NULL; - int i; + const Command* cmd = nullptr; + const ZipEntry* new_entry = nullptr; + const ZipEntry* patch_entry = nullptr; + FILE* cmd_pipe = nullptr; + HashTable* cmdht = nullptr; int res; int rc = -1; - int stash_max_blocks = 0; int total_blocks = 0; pthread_attr_t attr; - unsigned int cmdhash; - UpdaterInfo* ui = NULL; - Value* blockdev_filename = NULL; - Value* new_data_fn = NULL; - Value* patch_data_fn = NULL; - Value* transfer_list_value = NULL; - ZipArchive* za = NULL; + UpdaterInfo* ui = nullptr; + Value* blockdev_filename = nullptr; + Value* new_data_fn = nullptr; + Value* patch_data_fn = nullptr; + Value* transfer_list_value = nullptr; + ZipArchive* za = nullptr; memset(¶ms, 0, sizeof(params)); params.canwrite = !dryrun; @@ -1513,20 +1349,20 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, ui = (UpdaterInfo*) state->cookie; - if (ui == NULL) { + if (ui == nullptr) { goto pbiudone; } cmd_pipe = ui->cmd_pipe; za = ui->package_zip; - if (cmd_pipe == NULL || za == NULL) { + if (cmd_pipe == nullptr || za == nullptr) { goto pbiudone; } patch_entry = mzFindZipEntry(za, patch_data_fn->data); - if (patch_entry == NULL) { + if (patch_entry == nullptr) { fprintf(stderr, "%s(): no file \"%s\" in package", name, patch_data_fn->data); goto pbiudone; } @@ -1534,7 +1370,7 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, params.patch_start = ui->package_zip_addr + mzGetZipEntryOffset(patch_entry); new_entry = mzFindZipEntry(za, new_data_fn->data); - if (new_entry == NULL) { + if (new_entry == nullptr) { fprintf(stderr, "%s(): no file \"%s\" in package", name, new_data_fn->data); goto pbiudone; } @@ -1550,8 +1386,8 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, params.nti.za = za; params.nti.entry = new_entry; - pthread_mutex_init(¶ms.nti.mu, NULL); - pthread_cond_init(¶ms.nti.cv, NULL); + pthread_mutex_init(¶ms.nti.mu, nullptr); + pthread_cond_init(¶ms.nti.cv, nullptr); pthread_attr_init(&attr); pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); @@ -1566,7 +1402,7 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, // to copy it to a new buffer and add the null that strtok_r will need. transfer_list = reinterpret_cast(malloc(transfer_list_value->size + 1)); - if (transfer_list == NULL) { + if (transfer_list == nullptr) { fprintf(stderr, "failed to allocate %zd bytes for transfer list\n", transfer_list_value->size + 1); goto pbiudone; @@ -1577,7 +1413,7 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, // First line in transfer list is the version number line = strtok_r(transfer_list, "\n", &linesave); - params.version = strtol(line, NULL, 0); + params.version = strtol(line, nullptr, 0); if (params.version < 1 || params.version > 3) { fprintf(stderr, "unexpected transfer list version [%s]\n", line); @@ -1587,8 +1423,8 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, fprintf(stderr, "blockimg version is %d\n", params.version); // Second line in transfer list is the total number of blocks we expect to write - line = strtok_r(NULL, "\n", &linesave); - total_blocks = strtol(line, NULL, 0); + line = strtok_r(nullptr, "\n", &linesave); + total_blocks = strtol(line, nullptr, 0); if (total_blocks < 0) { ErrorAbort(state, "unexpected block count [%s]\n", line); @@ -1600,12 +1436,12 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, if (params.version >= 2) { // Third line is how many stash entries are needed simultaneously - line = strtok_r(NULL, "\n", &linesave); + line = strtok_r(nullptr, "\n", &linesave); fprintf(stderr, "maximum stash entries %s\n", line); // Fourth line is the maximum number of blocks that will be stashed simultaneously - line = strtok_r(NULL, "\n", &linesave); - stash_max_blocks = strtol(line, NULL, 0); + line = strtok_r(nullptr, "\n", &linesave); + int stash_max_blocks = strtol(line, nullptr, 0); if (stash_max_blocks < 0) { ErrorAbort(state, "unexpected maximum stash blocks [%s]\n", line); @@ -1624,45 +1460,39 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, } // Build a hash table of the available commands - cmdht = mzHashTableCreate(cmdcount, NULL); + cmdht = mzHashTableCreate(cmdcount, nullptr); - for (i = 0; i < cmdcount; ++i) { - cmdhash = HashString(commands[i].name); + for (size_t i = 0; i < cmdcount; ++i) { + unsigned int cmdhash = HashString(commands[i].name); mzHashTableLookup(cmdht, cmdhash, (void*) &commands[i], CompareCommands, true); } // Subsequent lines are all individual transfer commands - for (line = strtok_r(NULL, "\n", &linesave); line; - line = strtok_r(NULL, "\n", &linesave)) { + for (line = strtok_r(nullptr, "\n", &linesave); line; + line = strtok_r(nullptr, "\n", &linesave)) { - logcmd = strdup(line); + const std::string logcmd(line); params.cmdname = strtok_r(line, " ", ¶ms.cpos); - if (params.cmdname == NULL) { + if (params.cmdname == nullptr) { fprintf(stderr, "missing command [%s]\n", line); goto pbiudone; } - cmdhash = HashString(params.cmdname); + unsigned int cmdhash = HashString(params.cmdname); cmd = (const Command*) mzHashTableLookup(cmdht, cmdhash, params.cmdname, CompareCommandNames, false); - if (cmd == NULL) { + if (cmd == nullptr) { fprintf(stderr, "unexpected command [%s]\n", params.cmdname); goto pbiudone; } - if (cmd->f != NULL && cmd->f(¶ms) == -1) { - fprintf(stderr, "failed to execute command [%s]\n", - logcmd ? logcmd : params.cmdname); + if (cmd->f != nullptr && cmd->f(params) == -1) { + fprintf(stderr, "failed to execute command [%s]\n", logcmd.c_str()); goto pbiudone; } - if (logcmd) { - free(logcmd); - logcmd = NULL; - } - if (params.canwrite) { if (fsync(params.fd) == -1) { fprintf(stderr, "fsync failed: %s\n", strerror(errno)); @@ -1674,9 +1504,9 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, } if (params.canwrite) { - pthread_join(params.thread, NULL); + pthread_join(params.thread, nullptr); - fprintf(stderr, "wrote %d blocks; expected %d\n", params.written, total_blocks); + fprintf(stderr, "wrote %zu blocks; expected %d\n", params.written, total_blocks); fprintf(stderr, "max alloc needed was %zu\n", params.bufsize); // Delete stash only after successfully completing the update, as it @@ -1696,10 +1526,6 @@ pbiudone: close(params.fd); } - if (logcmd) { - free(logcmd); - } - if (cmdht) { mzHashTableFree(cmdht); } @@ -1791,16 +1617,16 @@ pbiudone: // the source data. Value* BlockImageVerifyFn(const char* name, State* state, int argc, Expr* argv[]) { - // Commands which are not tested are set to NULL to skip them completely + // Commands which are not tested are set to nullptr to skip them completely const Command commands[] = { { "bsdiff", PerformCommandDiff }, - { "erase", NULL }, + { "erase", nullptr }, { "free", PerformCommandFree }, { "imgdiff", PerformCommandDiff }, { "move", PerformCommandMove }, - { "new", NULL }, + { "new", nullptr }, { "stash", PerformCommandStash }, - { "zero", NULL } + { "zero", nullptr } }; // Perform a dry run without writing to test if an update can proceed @@ -1824,12 +1650,14 @@ Value* BlockImageUpdateFn(const char* name, State* state, int argc, Expr* argv[] sizeof(commands) / sizeof(commands[0]), false); } -Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { +Value* RangeSha1Fn(const char* name, State* state, int /* argc */, Expr* argv[]) { Value* blockdev_filename; Value* ranges; - const uint8_t* digest = NULL; + const uint8_t* digest = nullptr; + RangeSet rs; + if (ReadValueArgs(state, argv, 2, &blockdev_filename, &ranges) < 0) { - return NULL; + return nullptr; } if (blockdev_filename->type != VAL_STRING) { @@ -1848,24 +1676,23 @@ Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { goto done; } - RangeSet* rs; - rs = parse_range(ranges->data); + parse_range(ranges->data, rs); uint8_t buffer[BLOCKSIZE]; SHA_CTX ctx; SHA_init(&ctx); - for (size_t i = 0; i < rs->count; ++i) { - if (!check_lseek(fd, (off64_t)rs->pos[i*2] * BLOCKSIZE, SEEK_SET)) { + for (size_t i = 0; i < rs.count; ++i) { + if (!check_lseek(fd, (off64_t)rs.pos[i*2] * BLOCKSIZE, SEEK_SET)) { ErrorAbort(state, "failed to seek %s: %s", blockdev_filename->data, - strerror(errno)); + strerror(errno)); goto done; } - for (size_t j = rs->pos[i*2]; j < rs->pos[i*2+1]; ++j) { + for (size_t j = rs.pos[i*2]; j < rs.pos[i*2+1]; ++j) { if (read_all(fd, buffer, BLOCKSIZE) == -1) { ErrorAbort(state, "failed to read %s: %s", blockdev_filename->data, - strerror(errno)); + strerror(errno)); goto done; } @@ -1878,7 +1705,7 @@ Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { done: FreeValue(blockdev_filename); FreeValue(ranges); - if (digest == NULL) { + if (digest == nullptr) { return StringValue(strdup("")); } else { return StringValue(strdup(print_sha1(digest).c_str())); -- cgit v1.2.3 From d85ae79dc9911cb2062cce24101f19885417fcaf Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 2 Sep 2015 15:49:58 -0400 Subject: Add slot_suffix field to struct bootloader_message. This is needed by fs_mgr for certain A/B implementations. Change-Id: I7bb404d61198eb7a962c2b693911f5156745daae --- bootloader.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/bootloader.h b/bootloader.h index 4e9fb0a0d..742a4abfb 100644 --- a/bootloader.h +++ b/bootloader.h @@ -39,6 +39,13 @@ * multiple times, so that the UI can reflect which invocation of the * package it is. If the value is of the format "#/#" (eg, "1/3"), * the UI will add a simple indicator of that status. + * + * The slot_suffix field is used for A/B implementations where the + * bootloader does not set the androidboot.ro.boot.slot_suffix kernel + * commandline parameter. This is used by fs_mgr to mount /system and + * other partitions with the slotselect flag set in fstab. A/B + * implementations are free to use all 32 bytes and may store private + * data past the first NUL-byte in this field. */ struct bootloader_message { char command[32]; @@ -51,7 +58,8 @@ struct bootloader_message { // stage string (for multistage packages) and possible future // expansion. char stage[32]; - char reserved[224]; + char slot_suffix[32]; + char reserved[192]; }; /* Read and write the bootloader command from the "misc" partition. -- cgit v1.2.3 From 8e9c68019f9c284b89155c71922ad8ac84af6ab6 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 2 Sep 2015 11:20:30 -0700 Subject: recovery: Fix the bug that truncates menu entries. When there are 20 entries (like 10 last_log* and 10 last_kmg* in "view recovery logs"), there's no "Back" entry. Because the number of entries (21) exceeds text_rows (20) in WearRecoveryUI::StartMenu(). Since we have scrollable menu, having more entries than text_rows won't be an issue. Bug: 23752519 Change-Id: I12573d7a34852a1a3d130c9e88522cee737eb08f --- wear_ui.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/wear_ui.cpp b/wear_ui.cpp index 4ae42c467..55b7afc8f 100644 --- a/wear_ui.cpp +++ b/wear_ui.cpp @@ -482,7 +482,12 @@ void WearRecoveryUI::StartMenu(const char* const * headers, const char* const * if (text_rows > 0 && text_cols > 0) { menu_headers_ = headers; size_t i = 0; - for (; i < text_rows && items[i] != nullptr; i++) { + // "i < text_rows" is removed from the loop termination condition, + // which is different from the one in ScreenRecoveryUI::StartMenu(). + // Because WearRecoveryUI supports scrollable menu, it's fine to have + // more entries than text_rows. The menu may be truncated otherwise. + // Bug: 23752519 + for (; items[i] != nullptr; i++) { strncpy(menu[i], items[i], text_cols - 1); menu[i][text_cols - 1] = '\0'; } -- cgit v1.2.3 From daa6d04434cdd104a39909aca38e96743689c92f Mon Sep 17 00:00:00 2001 From: Tom Cherry Date: Thu, 3 Sep 2015 16:32:39 -0700 Subject: move uncrypt from init.rc to uncrypt.rc Move uncrypt from /init.rc to /system/etc/init/uncrypt.rc using the LOCAL_INIT_RC mechanism Bug 23186545 Change-Id: Ib8cb6dffd2212f524298279787fd557bc84aa7b9 --- uncrypt/Android.mk | 2 ++ uncrypt/uncrypt.rc | 9 +++++++++ 2 files changed, 11 insertions(+) create mode 100644 uncrypt/uncrypt.rc diff --git a/uncrypt/Android.mk b/uncrypt/Android.mk index f31db4243..6422cb2f4 100644 --- a/uncrypt/Android.mk +++ b/uncrypt/Android.mk @@ -26,4 +26,6 @@ LOCAL_MODULE := uncrypt LOCAL_STATIC_LIBRARIES := libbase liblog libfs_mgr libcutils +LOCAL_INIT_RC := uncrypt.rc + include $(BUILD_EXECUTABLE) diff --git a/uncrypt/uncrypt.rc b/uncrypt/uncrypt.rc new file mode 100644 index 000000000..5f4c47936 --- /dev/null +++ b/uncrypt/uncrypt.rc @@ -0,0 +1,9 @@ +service uncrypt /system/bin/uncrypt + class main + disabled + oneshot + +service pre-recovery /system/bin/uncrypt --reboot + class main + disabled + oneshot -- cgit v1.2.3 From c3d4d535466eb939607651e12a490f92e9936763 Mon Sep 17 00:00:00 2001 From: David Pursell Date: Tue, 25 Aug 2015 12:50:47 -0700 Subject: minadbd: update service_to_fd() signature. No functional change, just matching the signature to an adb change. See https://android-review.googlesource.com/#/c/169601/. Change-Id: Ic826864e126054849b3a4d193ded8acc5ee5269c --- minadbd/services.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/minadbd/services.cpp b/minadbd/services.cpp index 859463caf..5c1d35614 100644 --- a/minadbd/services.cpp +++ b/minadbd/services.cpp @@ -86,7 +86,7 @@ static int create_service_thread(void (*func)(int, void *), void *cookie) { return s[0]; } -int service_to_fd(const char* name) { +int service_to_fd(const char* name, const atransport* transport) { int ret = -1; if (!strncmp(name, "sideload:", 9)) { -- cgit v1.2.3 From a91c66d7c13e0143f63f0ea9c1c74ce39aecd79e Mon Sep 17 00:00:00 2001 From: Jeremy Compostella Date: Tue, 8 Sep 2015 19:15:09 +0200 Subject: imgdiff: fix file descriptor leak mkstemp() allocates a file description that is never released. If MakePatch() is called too many time, imgdiff reaches the Operating System EMFILE (too many open files) limit. Change-Id: Icbe1399f6f6d32cfa1830f879cacf7d75bbd9fc3 Signed-off-by: Jeremy Compostella Signed-off-by: Gaelle Nassiet --- applypatch/imgdiff.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/applypatch/imgdiff.cpp b/applypatch/imgdiff.cpp index 4d83ffb2e..50cabbe6b 100644 --- a/applypatch/imgdiff.cpp +++ b/applypatch/imgdiff.cpp @@ -628,7 +628,15 @@ unsigned char* MakePatch(ImageChunk* src, ImageChunk* tgt, size_t* size) { } char ptemp[] = "/tmp/imgdiff-patch-XXXXXX"; - mkstemp(ptemp); + int fd = mkstemp(ptemp); + + if (fd == -1) { + printf("MakePatch failed to create a temporary file: %s\n", + strerror(errno)); + return NULL; + } + close(fd); // temporary file is created and we don't need its file + // descriptor int r = bsdiff(src->data, src->len, &(src->I), tgt->data, tgt->len, ptemp); if (r != 0) { -- cgit v1.2.3 From 34847b2c70b7ce0483d8bf9c2d66c8f7d6ab62e9 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Tue, 8 Sep 2015 11:05:49 -0700 Subject: updater: Replace the pointers in LoadSrcTgtVersion[1-3]() parameter. And inline the call to LoadSrcTgtVersion1() into SaveStash(). Change-Id: Ibf4ef2bfa2cc62df59c4e8de99fd7d8039e71ecf --- updater/blockimg.cpp | 55 +++++++++++++++++++++++++--------------------------- 1 file changed, 26 insertions(+), 29 deletions(-) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 5f5f9bd72..091bedf53 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -378,19 +378,16 @@ static int WriteBlocks(const RangeSet& tgt, uint8_t* buffer, int fd) { // // // The source range is loaded into the provided buffer, reallocating -// it to make it larger if necessary. The target ranges are returned -// in *tgt, if tgt is non-null. +// it to make it larger if necessary. -static int LoadSrcTgtVersion1(char** wordsave, RangeSet* tgt, size_t& src_blocks, +static int LoadSrcTgtVersion1(char** wordsave, RangeSet& tgt, size_t& src_blocks, uint8_t** buffer, size_t* buffer_alloc, int fd) { char* word = strtok_r(nullptr, " ", wordsave); RangeSet src; parse_range(word, src); - if (tgt != nullptr) { - word = strtok_r(nullptr, " ", wordsave); - parse_range(word, *tgt); - } + word = strtok_r(nullptr, " ", wordsave); + parse_range(word, tgt); allocate(src.size * BLOCKSIZE, buffer, buffer_alloc); int rc = ReadBlocks(src, *buffer, fd); @@ -730,9 +727,15 @@ static int SaveStash(const std::string& base, char** wordsave, uint8_t** buffer, return 0; } - if (LoadSrcTgtVersion1(wordsave, nullptr, blocks, buffer, buffer_alloc, fd) == -1) { + char* word = strtok_r(nullptr, " ", wordsave); + RangeSet src; + parse_range(word, src); + + allocate(src.size * BLOCKSIZE, buffer, buffer_alloc); + if (ReadBlocks(src, *buffer, fd) == -1) { return -1; } + blocks = src.size; if (usehash && VerifyBlocks(id, *buffer, blocks, true) != 0) { // Source blocks have unexpected contents. If we actually need this @@ -791,7 +794,7 @@ static void MoveRange(uint8_t* dest, const RangeSet& locs, const uint8_t* source // reallocated if needed to accommodate the source data. *tgt is the // target RangeSet. Any stashes required are loaded using LoadStash. -static int LoadSrcTgtVersion2(char** wordsave, RangeSet* tgt, size_t& src_blocks, uint8_t** buffer, +static int LoadSrcTgtVersion2(char** wordsave, RangeSet& tgt, size_t& src_blocks, uint8_t** buffer, size_t* buffer_alloc, int fd, const std::string& stashbase, bool* overlap) { char* word; char* colonsave; @@ -800,10 +803,8 @@ static int LoadSrcTgtVersion2(char** wordsave, RangeSet* tgt, size_t& src_blocks size_t stashalloc = 0; uint8_t* stash = nullptr; - if (tgt != nullptr) { - word = strtok_r(nullptr, " ", wordsave); - parse_range(word, *tgt); - } + word = strtok_r(nullptr, " ", wordsave); + parse_range(word, tgt); word = strtok_r(nullptr, " ", wordsave); src_blocks = strtol(word, nullptr, 0); @@ -818,8 +819,8 @@ static int LoadSrcTgtVersion2(char** wordsave, RangeSet* tgt, size_t& src_blocks parse_range(word, src); int res = ReadBlocks(src, *buffer, fd); - if (overlap && tgt) { - *overlap = range_overlaps(src, *tgt); + if (overlap) { + *overlap = range_overlaps(src, tgt); } if (res == -1) { @@ -902,13 +903,9 @@ struct CommandParameters { // If the return value is 0, source blocks have expected content and the command // can be performed. -static int LoadSrcTgtVersion3(CommandParameters& params, RangeSet* tgt, size_t& src_blocks, +static int LoadSrcTgtVersion3(CommandParameters& params, RangeSet& tgt, size_t& src_blocks, bool onehash, bool& overlap) { - if (!tgt) { - return -1; - } - char* srchash = strtok_r(nullptr, " ", ¶ms.cpos); if (srchash == nullptr) { fprintf(stderr, "missing source hash\n"); @@ -932,13 +929,13 @@ static int LoadSrcTgtVersion3(CommandParameters& params, RangeSet* tgt, size_t& return -1; } - std::vector tgtbuffer(tgt->size * BLOCKSIZE); + std::vector tgtbuffer(tgt.size * BLOCKSIZE); - if (ReadBlocks(*tgt, tgtbuffer.data(), params.fd) == -1) { + if (ReadBlocks(tgt, tgtbuffer.data(), params.fd) == -1) { return -1; } - if (VerifyBlocks(tgthash, tgtbuffer.data(), tgt->size, false) == 0) { + if (VerifyBlocks(tgthash, tgtbuffer.data(), tgt.size, false) == 0) { // Target blocks already have expected content, command should be skipped fprintf(stderr, "verified, to return 1"); return 1; @@ -989,13 +986,13 @@ static int PerformCommandMove(CommandParameters& params) { RangeSet tgt; if (params.version == 1) { - status = LoadSrcTgtVersion1(¶ms.cpos, &tgt, blocks, ¶ms.buffer, + status = LoadSrcTgtVersion1(¶ms.cpos, tgt, blocks, ¶ms.buffer, ¶ms.bufsize, params.fd); } else if (params.version == 2) { - status = LoadSrcTgtVersion2(¶ms.cpos, &tgt, blocks, ¶ms.buffer, + status = LoadSrcTgtVersion2(¶ms.cpos, tgt, blocks, ¶ms.buffer, ¶ms.bufsize, params.fd, params.stashbase, nullptr); } else if (params.version >= 3) { - status = LoadSrcTgtVersion3(params, &tgt, blocks, true, overlap); + status = LoadSrcTgtVersion3(params, tgt, blocks, true, overlap); } if (status == -1) { @@ -1149,13 +1146,13 @@ static int PerformCommandDiff(CommandParameters& params) { size_t blocks = 0; int status = 0; if (params.version == 1) { - status = LoadSrcTgtVersion1(¶ms.cpos, &tgt, blocks, ¶ms.buffer, + status = LoadSrcTgtVersion1(¶ms.cpos, tgt, blocks, ¶ms.buffer, ¶ms.bufsize, params.fd); } else if (params.version == 2) { - status = LoadSrcTgtVersion2(¶ms.cpos, &tgt, blocks, ¶ms.buffer, + status = LoadSrcTgtVersion2(¶ms.cpos, tgt, blocks, ¶ms.buffer, ¶ms.bufsize, params.fd, params.stashbase, nullptr); } else if (params.version >= 3) { - status = LoadSrcTgtVersion3(params, &tgt, blocks, false, overlap); + status = LoadSrcTgtVersion3(params, tgt, blocks, false, overlap); } if (status == -1) { -- cgit v1.2.3 From ec63d564a86ad5b30f75aa307b4bd271f6a96a56 Mon Sep 17 00:00:00 2001 From: Narayan Kamath Date: Wed, 2 Sep 2015 12:34:52 +0100 Subject: Track usage of Vector / SortedVector from libutils DO NOT MERGE bug: 22953624 Change-Id: Ifcc17e39433ac91ca41da5d336fb3006dfbb65a8 --- Android.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/Android.mk b/Android.mk index 075fa2cfe..2beb66208 100644 --- a/Android.mk +++ b/Android.mk @@ -51,6 +51,7 @@ LOCAL_STATIC_LIBRARIES := \ liblog \ libselinux \ libstdc++ \ + libutils \ libm \ libc -- cgit v1.2.3 From 612336ddc1108c3adf43f309a326111cf01b4bcd Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 27 Aug 2015 16:41:21 -0700 Subject: updater: Manage buffers with std::vector. Change-Id: Ide489e18dd8daf161b612f65b28921b61cdd8d8d --- updater/blockimg.cpp | 396 ++++++++++++++++++++++----------------------------- 1 file changed, 168 insertions(+), 228 deletions(-) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 091bedf53..6111d0d1e 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -162,6 +162,10 @@ static int read_all(int fd, uint8_t* data, size_t size) { return 0; } +static int read_all(int fd, std::vector& buffer, size_t size) { + return read_all(fd, buffer.data(), size); +} + static int write_all(int fd, const uint8_t* data, size_t size) { size_t written = 0; while (written < size) { @@ -176,6 +180,10 @@ static int write_all(int fd, const uint8_t* data, size_t size) { return 0; } +static int write_all(int fd, const std::vector& buffer, size_t size) { + return write_all(fd, buffer.data(), size); +} + static bool check_lseek(int fd, off64_t offset, int whence) { off64_t rc = TEMP_FAILURE_RETRY(lseek64(fd, offset, whence)); if (rc == -1) { @@ -185,18 +193,11 @@ static bool check_lseek(int fd, off64_t offset, int whence) { return true; } -static void allocate(size_t size, uint8_t** buffer, size_t* buffer_alloc) { +static void allocate(size_t size, std::vector& buffer) { // if the buffer's big enough, reuse it. - if (size <= *buffer_alloc) return; - - free(*buffer); + if (size <= buffer.size()) return; - *buffer = (uint8_t*) malloc(size); - if (*buffer == nullptr) { - fprintf(stderr, "failed to allocate %zu bytes\n", size); - exit(1); - } - *buffer_alloc = size; + buffer.resize(size); } struct RangeSinkState { @@ -324,12 +325,9 @@ static void* unzip_new_data(void* cookie) { return nullptr; } -static int ReadBlocks(const RangeSet& src, uint8_t* buffer, int fd) { +static int ReadBlocks(const RangeSet& src, std::vector& buffer, int fd) { size_t p = 0; - - if (!buffer) { - return -1; - } + uint8_t* data = buffer.data(); for (size_t i = 0; i < src.count; ++i) { if (!check_lseek(fd, (off64_t) src.pos[i * 2] * BLOCKSIZE, SEEK_SET)) { @@ -338,7 +336,7 @@ static int ReadBlocks(const RangeSet& src, uint8_t* buffer, int fd) { size_t size = (src.pos[i * 2 + 1] - src.pos[i * 2]) * BLOCKSIZE; - if (read_all(fd, buffer + p, size) == -1) { + if (read_all(fd, data + p, size) == -1) { return -1; } @@ -348,10 +346,8 @@ static int ReadBlocks(const RangeSet& src, uint8_t* buffer, int fd) { return 0; } -static int WriteBlocks(const RangeSet& tgt, uint8_t* buffer, int fd) { - if (!buffer) { - return -1; - } +static int WriteBlocks(const RangeSet& tgt, const std::vector& buffer, int fd) { + const uint8_t* data = buffer.data(); size_t p = 0; for (size_t i = 0; i < tgt.count; ++i) { @@ -361,7 +357,7 @@ static int WriteBlocks(const RangeSet& tgt, uint8_t* buffer, int fd) { size_t size = (tgt.pos[i * 2 + 1] - tgt.pos[i * 2]) * BLOCKSIZE; - if (write_all(fd, buffer + p, size) == -1) { + if (write_all(fd, data + p, size) == -1) { return -1; } @@ -381,30 +377,29 @@ static int WriteBlocks(const RangeSet& tgt, uint8_t* buffer, int fd) { // it to make it larger if necessary. static int LoadSrcTgtVersion1(char** wordsave, RangeSet& tgt, size_t& src_blocks, - uint8_t** buffer, size_t* buffer_alloc, int fd) { + std::vector& buffer, int fd) { + // char* word = strtok_r(nullptr, " ", wordsave); RangeSet src; parse_range(word, src); + // word = strtok_r(nullptr, " ", wordsave); parse_range(word, tgt); - allocate(src.size * BLOCKSIZE, buffer, buffer_alloc); - int rc = ReadBlocks(src, *buffer, fd); + allocate(src.size * BLOCKSIZE, buffer); + int rc = ReadBlocks(src, buffer, fd); src_blocks = src.size; return rc; } -static int VerifyBlocks(const std::string& expected, const uint8_t* buffer, +static int VerifyBlocks(const std::string& expected, const std::vector& buffer, const size_t blocks, bool printerror) { uint8_t digest[SHA_DIGEST_SIZE]; + const uint8_t* data = buffer.data(); - if (!buffer) { - return -1; - } - - SHA_hash(buffer, blocks * BLOCKSIZE, digest); + SHA_hash(data, blocks * BLOCKSIZE, digest); std::string hexdigest = print_sha1(digest); @@ -516,8 +511,8 @@ static void DeleteStash(const std::string& base) { } static int LoadStash(const std::string& base, const std::string& id, bool verify, size_t* blocks, - uint8_t** buffer, size_t* buffer_alloc, bool printnoent) { - if (base.empty() || !buffer || !buffer_alloc) { + std::vector& buffer, bool printnoent) { + if (base.empty()) { return -1; } @@ -555,15 +550,15 @@ static int LoadStash(const std::string& base, const std::string& id, bool verify return -1; } - allocate(sb.st_size, buffer, buffer_alloc); + allocate(sb.st_size, buffer); - if (read_all(fd, *buffer, sb.st_size) == -1) { + if (read_all(fd, buffer, sb.st_size) == -1) { return -1; } *blocks = sb.st_size / BLOCKSIZE; - if (verify && VerifyBlocks(id, *buffer, *blocks, true) != 0) { + if (verify && VerifyBlocks(id, buffer, *blocks, true) != 0) { fprintf(stderr, "unexpected contents in %s\n", fn.c_str()); DeleteFile(fn, nullptr); return -1; @@ -572,9 +567,9 @@ static int LoadStash(const std::string& base, const std::string& id, bool verify return 0; } -static int WriteStash(const std::string& base, const std::string& id, int blocks, uint8_t* buffer, - bool checkspace, bool *exists) { - if (base.empty() || buffer == nullptr) { +static int WriteStash(const std::string& base, const std::string& id, int blocks, + std::vector& buffer, bool checkspace, bool *exists) { + if (base.empty()) { return -1; } @@ -706,9 +701,9 @@ static int CreateStash(State* state, int maxblocks, const char* blockdev, std::s return 0; // Using existing directory } -static int SaveStash(const std::string& base, char** wordsave, uint8_t** buffer, - size_t* buffer_alloc, int fd, bool usehash) { - if (!wordsave || !buffer || !buffer_alloc) { +static int SaveStash(const std::string& base, char** wordsave, std::vector& buffer, + int fd, bool usehash) { + if (!wordsave) { return -1; } @@ -720,7 +715,7 @@ static int SaveStash(const std::string& base, char** wordsave, uint8_t** buffer, std::string id(id_tok); size_t blocks = 0; - if (usehash && LoadStash(base, id, true, &blocks, buffer, buffer_alloc, false) == 0) { + if (usehash && LoadStash(base, id, true, &blocks, buffer, false) == 0) { // Stash file already exists and has expected contents. Do not // read from source again, as the source may have been already // overwritten during a previous attempt. @@ -731,13 +726,13 @@ static int SaveStash(const std::string& base, char** wordsave, uint8_t** buffer, RangeSet src; parse_range(word, src); - allocate(src.size * BLOCKSIZE, buffer, buffer_alloc); - if (ReadBlocks(src, *buffer, fd) == -1) { + allocate(src.size * BLOCKSIZE, buffer); + if (ReadBlocks(src, buffer, fd) == -1) { return -1; } blocks = src.size; - if (usehash && VerifyBlocks(id, *buffer, blocks, true) != 0) { + if (usehash && VerifyBlocks(id, buffer, blocks, true) != 0) { // Source blocks have unexpected contents. If we actually need this // data later, this is an unrecoverable error. However, the command // that uses the data may have already completed previously, so the @@ -747,7 +742,7 @@ static int SaveStash(const std::string& base, char** wordsave, uint8_t** buffer, } fprintf(stderr, "stashing %zu blocks to %s\n", blocks, id.c_str()); - return WriteStash(base, id, blocks, *buffer, false, nullptr); + return WriteStash(base, id, blocks, buffer, false, nullptr); } static int FreeStash(const std::string& base, const char* id) { @@ -762,16 +757,19 @@ static int FreeStash(const std::string& base, const char* id) { return 0; } -static void MoveRange(uint8_t* dest, const RangeSet& locs, const uint8_t* source) { +static void MoveRange(std::vector& dest, const RangeSet& locs, + const std::vector& source) { // source contains packed data, which we want to move to the - // locations given in *locs in the dest buffer. source and dest + // locations given in locs in the dest buffer. source and dest // may be the same buffer. + const uint8_t* from = source.data(); + uint8_t* to = dest.data(); size_t start = locs.size; for (int i = locs.count-1; i >= 0; --i) { size_t blocks = locs.pos[i*2+1] - locs.pos[i*2]; start -= blocks; - memmove(dest + (locs.pos[i*2] * BLOCKSIZE), source + (start * BLOCKSIZE), + memmove(to + (locs.pos[i*2] * BLOCKSIZE), from + (start * BLOCKSIZE), blocks * BLOCKSIZE); } } @@ -794,30 +792,26 @@ static void MoveRange(uint8_t* dest, const RangeSet& locs, const uint8_t* source // reallocated if needed to accommodate the source data. *tgt is the // target RangeSet. Any stashes required are loaded using LoadStash. -static int LoadSrcTgtVersion2(char** wordsave, RangeSet& tgt, size_t& src_blocks, uint8_t** buffer, - size_t* buffer_alloc, int fd, const std::string& stashbase, bool* overlap) { - char* word; - char* colonsave; - char* colon; - RangeSet locs; - size_t stashalloc = 0; - uint8_t* stash = nullptr; - - word = strtok_r(nullptr, " ", wordsave); +static int LoadSrcTgtVersion2(char** wordsave, RangeSet& tgt, size_t& src_blocks, + std::vector& buffer, int fd, const std::string& stashbase, bool* overlap) { + // + char* word = strtok_r(nullptr, " ", wordsave); parse_range(word, tgt); + // word = strtok_r(nullptr, " ", wordsave); src_blocks = strtol(word, nullptr, 0); - allocate(src_blocks * BLOCKSIZE, buffer, buffer_alloc); + allocate(src_blocks * BLOCKSIZE, buffer); + // "-" or [] word = strtok_r(nullptr, " ", wordsave); if (word[0] == '-' && word[1] == '\0') { // no source ranges, only stashes } else { RangeSet src; parse_range(word, src); - int res = ReadBlocks(src, *buffer, fd); + int res = ReadBlocks(src, buffer, fd); if (overlap) { *overlap = range_overlaps(src, tgt); @@ -833,18 +827,22 @@ static int LoadSrcTgtVersion2(char** wordsave, RangeSet& tgt, size_t& src_blocks return 0; } + RangeSet locs; parse_range(word, locs); - MoveRange(*buffer, locs, *buffer); + MoveRange(buffer, locs, buffer); } + // <[stash_id:stash-range]> + char* colonsave; while ((word = strtok_r(nullptr, " ", wordsave)) != nullptr) { // Each word is a an index into the stash table, a colon, and // then a rangeset describing where in the source block that // stashed data should go. colonsave = nullptr; - colon = strtok_r(word, ":", &colonsave); + char* colon = strtok_r(word, ":", &colonsave); - int res = LoadStash(stashbase, std::string(colon), false, nullptr, &stash, &stashalloc, true); + std::vector stash; + int res = LoadStash(stashbase, std::string(colon), false, nullptr, stash, true); if (res == -1) { // These source blocks will fail verification if used later, but we @@ -854,13 +852,10 @@ static int LoadSrcTgtVersion2(char** wordsave, RangeSet& tgt, size_t& src_blocks } colon = strtok_r(nullptr, ":", &colonsave); + RangeSet locs; parse_range(colon, locs); - MoveRange(*buffer, locs, stash); - } - - if (stash) { - free(stash); + MoveRange(buffer, locs, stash); } return 0; @@ -881,8 +876,7 @@ struct CommandParameters { size_t written; NewThreadInfo nti; pthread_t thread; - size_t bufsize; - uint8_t* buffer; + std::vector buffer; uint8_t* patch_start; }; @@ -924,20 +918,19 @@ static int LoadSrcTgtVersion3(CommandParameters& params, RangeSet& tgt, size_t& } } - if (LoadSrcTgtVersion2(¶ms.cpos, tgt, src_blocks, ¶ms.buffer, ¶ms.bufsize, - params.fd, params.stashbase, &overlap) == -1) { + if (LoadSrcTgtVersion2(¶ms.cpos, tgt, src_blocks, params.buffer, params.fd, + params.stashbase, &overlap) == -1) { return -1; } std::vector tgtbuffer(tgt.size * BLOCKSIZE); - if (ReadBlocks(tgt, tgtbuffer.data(), params.fd) == -1) { + if (ReadBlocks(tgt, tgtbuffer, params.fd) == -1) { return -1; } - if (VerifyBlocks(tgthash, tgtbuffer.data(), tgt.size, false) == 0) { + if (VerifyBlocks(tgthash, tgtbuffer, tgt.size, false) == 0) { // Target blocks already have expected content, command should be skipped - fprintf(stderr, "verified, to return 1"); return 1; } @@ -948,7 +941,7 @@ static int LoadSrcTgtVersion3(CommandParameters& params, RangeSet& tgt, size_t& fprintf(stderr, "stashing %zu overlapping blocks to %s\n", src_blocks, srchash); bool stash_exists = false; - if (WriteStash(params.stashbase, std::string(srchash), src_blocks, params.buffer, true, + if (WriteStash(params.stashbase, srchash, src_blocks, params.buffer, true, &stash_exists) != 0) { fprintf(stderr, "failed to stash overlapping source blocks\n"); return -1; @@ -964,8 +957,7 @@ static int LoadSrcTgtVersion3(CommandParameters& params, RangeSet& tgt, size_t& return 0; } - if (overlap && LoadStash(params.stashbase, std::string(srchash), true, nullptr, ¶ms.buffer, - ¶ms.bufsize, true) == 0) { + if (overlap && LoadStash(params.stashbase, srchash, true, nullptr, params.buffer, true) == 0) { // Overlapping source blocks were previously stashed, command can proceed. // We are recovering from an interrupted command, so we don't know if the // stash can safely be deleted after this command. @@ -986,11 +978,10 @@ static int PerformCommandMove(CommandParameters& params) { RangeSet tgt; if (params.version == 1) { - status = LoadSrcTgtVersion1(¶ms.cpos, tgt, blocks, ¶ms.buffer, - ¶ms.bufsize, params.fd); + status = LoadSrcTgtVersion1(¶ms.cpos, tgt, blocks, params.buffer, params.fd); } else if (params.version == 2) { - status = LoadSrcTgtVersion2(¶ms.cpos, tgt, blocks, ¶ms.buffer, - ¶ms.bufsize, params.fd, params.stashbase, nullptr); + status = LoadSrcTgtVersion2(¶ms.cpos, tgt, blocks, params.buffer, params.fd, + params.stashbase, nullptr); } else if (params.version >= 3) { status = LoadSrcTgtVersion3(params, tgt, blocks, true, overlap); } @@ -1030,8 +1021,8 @@ static int PerformCommandMove(CommandParameters& params) { } static int PerformCommandStash(CommandParameters& params) { - return SaveStash(params.stashbase, ¶ms.cpos, ¶ms.buffer, ¶ms.bufsize, - params.fd, (params.version >= 3)); + return SaveStash(params.stashbase, ¶ms.cpos, params.buffer, params.fd, + (params.version >= 3)); } static int PerformCommandFree(CommandParameters& params) { @@ -1055,8 +1046,8 @@ static int PerformCommandZero(CommandParameters& params) { fprintf(stderr, " zeroing %zu blocks\n", tgt.size); - allocate(BLOCKSIZE, ¶ms.buffer, ¶ms.bufsize); - memset(params.buffer, 0, BLOCKSIZE); + allocate(BLOCKSIZE, params.buffer); + memset(params.buffer.data(), 0, BLOCKSIZE); if (params.canwrite) { for (size_t i = 0; i < tgt.count; ++i) { @@ -1120,12 +1111,9 @@ static int PerformCommandNew(CommandParameters& params) { } static int PerformCommandDiff(CommandParameters& params) { - char* value = nullptr; - bool overlap = false; - RangeSet tgt; const std::string logparams(params.cpos); - value = strtok_r(nullptr, " ", ¶ms.cpos); + char* value = strtok_r(nullptr, " ", ¶ms.cpos); if (value == nullptr) { fprintf(stderr, "missing patch offset for %s\n", params.cmdname); @@ -1143,14 +1131,15 @@ static int PerformCommandDiff(CommandParameters& params) { size_t len = strtoul(value, nullptr, 0); + RangeSet tgt; size_t blocks = 0; + bool overlap = false; int status = 0; if (params.version == 1) { - status = LoadSrcTgtVersion1(¶ms.cpos, tgt, blocks, ¶ms.buffer, - ¶ms.bufsize, params.fd); + status = LoadSrcTgtVersion1(¶ms.cpos, tgt, blocks, params.buffer, params.fd); } else if (params.version == 2) { - status = LoadSrcTgtVersion2(¶ms.cpos, tgt, blocks, ¶ms.buffer, - ¶ms.bufsize, params.fd, params.stashbase, nullptr); + status = LoadSrcTgtVersion2(¶ms.cpos, tgt, blocks, params.buffer, params.fd, + params.stashbase, nullptr); } else if (params.version >= 3) { status = LoadSrcTgtVersion3(params, tgt, blocks, false, overlap); } @@ -1185,11 +1174,11 @@ static int PerformCommandDiff(CommandParameters& params) { } if (params.cmdname[0] == 'i') { // imgdiff - ApplyImagePatch(params.buffer, blocks * BLOCKSIZE, &patch_value, + ApplyImagePatch(params.buffer.data(), blocks * BLOCKSIZE, &patch_value, &RangeSinkWrite, &rss, nullptr, nullptr); } else { - ApplyBSDiffPatch(params.buffer, blocks * BLOCKSIZE, &patch_value, - 0, &RangeSinkWrite, &rss, nullptr); + ApplyBSDiffPatch(params.buffer.data(), blocks * BLOCKSIZE, &patch_value, 0, + &RangeSinkWrite, &rss, nullptr); } // We expect the output of the patcher to fill the tgt ranges exactly. @@ -1261,10 +1250,10 @@ static int PerformCommandErase(CommandParameters& params) { // Definitions for transfer list command functions typedef int (*CommandFunction)(CommandParameters&); -typedef struct { +struct Command { const char* name; CommandFunction f; -} Command; +}; // CompareCommands and CompareCommandNames are for the hash table @@ -1297,86 +1286,76 @@ static unsigned int HashString(const char *s) { static Value* PerformBlockImageUpdate(const char* name, State* state, int /* argc */, Expr* argv[], const Command* commands, size_t cmdcount, bool dryrun) { - char* line = nullptr; - char* linesave = nullptr; - char* transfer_list = nullptr; CommandParameters params; - const Command* cmd = nullptr; - const ZipEntry* new_entry = nullptr; - const ZipEntry* patch_entry = nullptr; - FILE* cmd_pipe = nullptr; - HashTable* cmdht = nullptr; - int res; - int rc = -1; - int total_blocks = 0; - pthread_attr_t attr; - UpdaterInfo* ui = nullptr; - Value* blockdev_filename = nullptr; - Value* new_data_fn = nullptr; - Value* patch_data_fn = nullptr; - Value* transfer_list_value = nullptr; - ZipArchive* za = nullptr; - memset(¶ms, 0, sizeof(params)); params.canwrite = !dryrun; fprintf(stderr, "performing %s\n", dryrun ? "verification" : "update"); + Value* blockdev_filename = nullptr; + Value* transfer_list_value = nullptr; + Value* new_data_fn = nullptr; + Value* patch_data_fn = nullptr; if (ReadValueArgs(state, argv, 4, &blockdev_filename, &transfer_list_value, &new_data_fn, &patch_data_fn) < 0) { - goto pbiudone; + return StringValue(strdup("")); } + std::unique_ptr blockdev_filename_holder(blockdev_filename, + FreeValue); + std::unique_ptr transfer_list_value_holder(transfer_list_value, + FreeValue); + std::unique_ptr new_data_fn_holder(new_data_fn, FreeValue); + std::unique_ptr patch_data_fn_holder(patch_data_fn, FreeValue); if (blockdev_filename->type != VAL_STRING) { ErrorAbort(state, "blockdev_filename argument to %s must be string", name); - goto pbiudone; + return StringValue(strdup("")); } if (transfer_list_value->type != VAL_BLOB) { ErrorAbort(state, "transfer_list argument to %s must be blob", name); - goto pbiudone; + return StringValue(strdup("")); } if (new_data_fn->type != VAL_STRING) { ErrorAbort(state, "new_data_fn argument to %s must be string", name); - goto pbiudone; + return StringValue(strdup("")); } if (patch_data_fn->type != VAL_STRING) { ErrorAbort(state, "patch_data_fn argument to %s must be string", name); - goto pbiudone; + return StringValue(strdup("")); } - ui = (UpdaterInfo*) state->cookie; + UpdaterInfo* ui = reinterpret_cast(state->cookie); if (ui == nullptr) { - goto pbiudone; + return StringValue(strdup("")); } - cmd_pipe = ui->cmd_pipe; - za = ui->package_zip; + FILE* cmd_pipe = ui->cmd_pipe; + ZipArchive* za = ui->package_zip; if (cmd_pipe == nullptr || za == nullptr) { - goto pbiudone; + return StringValue(strdup("")); } - patch_entry = mzFindZipEntry(za, patch_data_fn->data); - + const ZipEntry* patch_entry = mzFindZipEntry(za, patch_data_fn->data); if (patch_entry == nullptr) { fprintf(stderr, "%s(): no file \"%s\" in package", name, patch_data_fn->data); - goto pbiudone; + return StringValue(strdup("")); } params.patch_start = ui->package_zip_addr + mzGetZipEntryOffset(patch_entry); - new_entry = mzFindZipEntry(za, new_data_fn->data); - + const ZipEntry* new_entry = mzFindZipEntry(za, new_data_fn->data); if (new_entry == nullptr) { fprintf(stderr, "%s(): no file \"%s\" in package", name, new_data_fn->data); - goto pbiudone; + return StringValue(strdup("")); } params.fd = TEMP_FAILURE_RETRY(open(blockdev_filename->data, O_RDWR)); + unique_fd fd_holder(params.fd); if (params.fd == -1) { fprintf(stderr, "open \"%s\" failed: %s\n", blockdev_filename->data, strerror(errno)); - goto pbiudone; + return StringValue(strdup("")); } if (params.canwrite) { @@ -1385,90 +1364,86 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg pthread_mutex_init(¶ms.nti.mu, nullptr); pthread_cond_init(¶ms.nti.cv, nullptr); + pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); int error = pthread_create(¶ms.thread, &attr, unzip_new_data, ¶ms.nti); if (error != 0) { fprintf(stderr, "pthread_create failed: %s\n", strerror(error)); - goto pbiudone; + return StringValue(strdup("")); } } // The data in transfer_list_value is not necessarily null-terminated, so we need // to copy it to a new buffer and add the null that strtok_r will need. - transfer_list = reinterpret_cast(malloc(transfer_list_value->size + 1)); - - if (transfer_list == nullptr) { - fprintf(stderr, "failed to allocate %zd bytes for transfer list\n", - transfer_list_value->size + 1); - goto pbiudone; - } - - memcpy(transfer_list, transfer_list_value->data, transfer_list_value->size); - transfer_list[transfer_list_value->size] = '\0'; + const std::string transfer_list(transfer_list_value->data, transfer_list_value->size); + std::vector lines = android::base::Split(transfer_list, "\n"); // First line in transfer list is the version number - line = strtok_r(transfer_list, "\n", &linesave); - params.version = strtol(line, nullptr, 0); - - if (params.version < 1 || params.version > 3) { - fprintf(stderr, "unexpected transfer list version [%s]\n", line); - goto pbiudone; + long int val; + errno = 0; + val = strtol(lines[0].c_str(), nullptr, 0); + if (errno != 0 || val < 1 || val > 3) { + fprintf(stderr, "unexpected transfer list version [%s]\n", lines[0].c_str()); + return StringValue(strdup("")); } + params.version = static_cast(val); fprintf(stderr, "blockimg version is %d\n", params.version); // Second line in transfer list is the total number of blocks we expect to write - line = strtok_r(nullptr, "\n", &linesave); - total_blocks = strtol(line, nullptr, 0); + int total_blocks = strtol(lines[1].c_str(), nullptr, 0); if (total_blocks < 0) { - ErrorAbort(state, "unexpected block count [%s]\n", line); - goto pbiudone; + ErrorAbort(state, "unexpected block count [%s]\n", lines[1].c_str()); + return StringValue(strdup("")); } else if (total_blocks == 0) { - rc = 0; - goto pbiudone; + return StringValue(strdup("t")); } + size_t start = 2; if (params.version >= 2) { // Third line is how many stash entries are needed simultaneously - line = strtok_r(nullptr, "\n", &linesave); - fprintf(stderr, "maximum stash entries %s\n", line); + fprintf(stderr, "maximum stash entries %s\n", lines[2].c_str()); // Fourth line is the maximum number of blocks that will be stashed simultaneously - line = strtok_r(nullptr, "\n", &linesave); - int stash_max_blocks = strtol(line, nullptr, 0); + int stash_max_blocks = strtol(lines[3].c_str(), nullptr, 0); if (stash_max_blocks < 0) { - ErrorAbort(state, "unexpected maximum stash blocks [%s]\n", line); - goto pbiudone; + ErrorAbort(state, "unexpected maximum stash blocks [%s]\n", lines[3].c_str()); + return StringValue(strdup("")); } if (stash_max_blocks >= 0) { - res = CreateStash(state, stash_max_blocks, blockdev_filename->data, params.stashbase); + int res = CreateStash(state, stash_max_blocks, blockdev_filename->data, + params.stashbase); if (res == -1) { - goto pbiudone; + return StringValue(strdup("")); } params.createdstash = res; } + + start += 2; } // Build a hash table of the available commands - cmdht = mzHashTableCreate(cmdcount, nullptr); + HashTable* cmdht = mzHashTableCreate(cmdcount, nullptr); + std::unique_ptr cmdht_holder(cmdht, mzHashTableFree); for (size_t i = 0; i < cmdcount; ++i) { unsigned int cmdhash = HashString(commands[i].name); mzHashTableLookup(cmdht, cmdhash, (void*) &commands[i], CompareCommands, true); } - // Subsequent lines are all individual transfer commands - for (line = strtok_r(nullptr, "\n", &linesave); line; - line = strtok_r(nullptr, "\n", &linesave)) { + int rc = -1; - const std::string logcmd(line); + // Subsequent lines are all individual transfer commands + for (auto it = lines.cbegin() + start; it != lines.cend(); it++) { + const std::string& line_str(*it); + char* line = strdup(line_str.c_str()); params.cmdname = strtok_r(line, " ", ¶ms.cpos); if (params.cmdname == nullptr) { @@ -1477,8 +1452,8 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg } unsigned int cmdhash = HashString(params.cmdname); - cmd = (const Command*) mzHashTableLookup(cmdht, cmdhash, params.cmdname, - CompareCommandNames, false); + const Command* cmd = reinterpret_cast(mzHashTableLookup(cmdht, cmdhash, + params.cmdname, CompareCommandNames, false)); if (cmd == nullptr) { fprintf(stderr, "unexpected command [%s]\n", params.cmdname); @@ -1486,7 +1461,7 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg } if (cmd->f != nullptr && cmd->f(params) == -1) { - fprintf(stderr, "failed to execute command [%s]\n", logcmd.c_str()); + fprintf(stderr, "failed to execute command [%s]\n", line_str.c_str()); goto pbiudone; } @@ -1504,7 +1479,7 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg pthread_join(params.thread, nullptr); fprintf(stderr, "wrote %zu blocks; expected %d\n", params.written, total_blocks); - fprintf(stderr, "max alloc needed was %zu\n", params.bufsize); + fprintf(stderr, "max alloc needed was %zu\n", params.buffer.size()); // Delete stash only after successfully completing the update, as it // may contain blocks needed to complete the update later. @@ -1523,34 +1498,6 @@ pbiudone: close(params.fd); } - if (cmdht) { - mzHashTableFree(cmdht); - } - - if (params.buffer) { - free(params.buffer); - } - - if (transfer_list) { - free(transfer_list); - } - - if (blockdev_filename) { - FreeValue(blockdev_filename); - } - - if (transfer_list_value) { - FreeValue(transfer_list_value); - } - - if (new_data_fn) { - FreeValue(new_data_fn); - } - - if (patch_data_fn) { - FreeValue(patch_data_fn); - } - // Only delete the stash if the update cannot be resumed, or it's // a verification run and we created the stash. if (params.isunresumable || (!params.canwrite && params.createdstash)) { @@ -1650,63 +1597,56 @@ Value* BlockImageUpdateFn(const char* name, State* state, int argc, Expr* argv[] Value* RangeSha1Fn(const char* name, State* state, int /* argc */, Expr* argv[]) { Value* blockdev_filename; Value* ranges; - const uint8_t* digest = nullptr; - RangeSet rs; if (ReadValueArgs(state, argv, 2, &blockdev_filename, &ranges) < 0) { - return nullptr; + return StringValue(strdup("")); } + std::unique_ptr ranges_holder(ranges, FreeValue); + std::unique_ptr blockdev_filename_holder(blockdev_filename, + FreeValue); if (blockdev_filename->type != VAL_STRING) { ErrorAbort(state, "blockdev_filename argument to %s must be string", name); - goto done; + return StringValue(strdup("")); } if (ranges->type != VAL_STRING) { ErrorAbort(state, "ranges argument to %s must be string", name); - goto done; + return StringValue(strdup("")); } - int fd; - fd = open(blockdev_filename->data, O_RDWR); + int fd = open(blockdev_filename->data, O_RDWR); + unique_fd fd_holder(fd); if (fd < 0) { ErrorAbort(state, "open \"%s\" failed: %s", blockdev_filename->data, strerror(errno)); - goto done; + return StringValue(strdup("")); } + RangeSet rs; parse_range(ranges->data, rs); - uint8_t buffer[BLOCKSIZE]; SHA_CTX ctx; SHA_init(&ctx); + std::vector buffer(BLOCKSIZE); for (size_t i = 0; i < rs.count; ++i) { if (!check_lseek(fd, (off64_t)rs.pos[i*2] * BLOCKSIZE, SEEK_SET)) { - ErrorAbort(state, "failed to seek %s: %s", blockdev_filename->data, - strerror(errno)); - goto done; + ErrorAbort(state, "failed to seek %s: %s", blockdev_filename->data, strerror(errno)); + return StringValue(strdup("")); } for (size_t j = rs.pos[i*2]; j < rs.pos[i*2+1]; ++j) { if (read_all(fd, buffer, BLOCKSIZE) == -1) { ErrorAbort(state, "failed to read %s: %s", blockdev_filename->data, strerror(errno)); - goto done; + return StringValue(strdup("")); } - SHA_update(&ctx, buffer, BLOCKSIZE); + SHA_update(&ctx, buffer.data(), BLOCKSIZE); } } - digest = SHA_final(&ctx); - close(fd); + const uint8_t* digest = SHA_final(&ctx); - done: - FreeValue(blockdev_filename); - FreeValue(ranges); - if (digest == nullptr) { - return StringValue(strdup("")); - } else { - return StringValue(strdup(print_sha1(digest).c_str())); - } + return StringValue(strdup(print_sha1(digest).c_str())); } void RegisterBlockImageFunctions() { -- cgit v1.2.3 From 1107d9674678b2a37dc7365a5aeaa5407cde7c55 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 9 Sep 2015 17:16:55 -0700 Subject: updater: Fix the line breaks in ui_print commands. When processing ui_print commands in the updater, it misses a line break when printing to the recovery log. Also clean up uiPrintf() and UIPrintFn() with std::string's. Change-Id: Ie5dbbfbc40b024929887d3c3ccd3a334249a8c9d --- updater/install.cpp | 58 +++++++++++++++++++++++++++++------------------------ 1 file changed, 32 insertions(+), 26 deletions(-) diff --git a/updater/install.cpp b/updater/install.cpp index 422a1bb1e..a6ed078ba 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -34,6 +34,9 @@ #include #include +#include +#include + #include "bootloader.h" #include "applypatch/applypatch.h" #include "cutils/android_reboot.h" @@ -53,28 +56,35 @@ #include "wipe.h" #endif -void uiPrint(State* state, char* buffer) { - char* line = strtok(buffer, "\n"); - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - while (line) { - fprintf(ui->cmd_pipe, "ui_print %s\n", line); - line = strtok(NULL, "\n"); +// Send over the buffer to recovery though the command pipe. +static void uiPrint(State* state, const std::string& buffer) { + UpdaterInfo* ui = reinterpret_cast(state->cookie); + + // "line1\nline2\n" will be split into 3 tokens: "line1", "line2" and "". + // So skip sending empty strings to UI. + std::vector lines = android::base::Split(buffer, "\n"); + for (auto& line: lines) { + if (!line.empty()) { + fprintf(ui->cmd_pipe, "ui_print %s\n", line.c_str()); + fprintf(ui->cmd_pipe, "ui_print\n"); + } } - fprintf(ui->cmd_pipe, "ui_print\n"); - // The recovery will only print the contents to screen for pipe command - // ui_print. We need to dump the contents to stderr (which has been - // redirected to the log file) directly. - fprintf(stderr, "%s", buffer); + // On the updater side, we need to dump the contents to stderr (which has + // been redirected to the log file). Because the recovery will only print + // the contents to screen when processing pipe command ui_print. + fprintf(stderr, "%s", buffer.c_str()); } __attribute__((__format__(printf, 2, 3))) __nonnull((2)) void uiPrintf(State* state, const char* format, ...) { - char error_msg[1024]; + std::string error_msg; + va_list ap; va_start(ap, format); - vsnprintf(error_msg, sizeof(error_msg), format, ap); + android::base::StringAppendV(&error_msg, format, ap); va_end(ap); + uiPrint(state, error_msg); } @@ -159,7 +169,7 @@ Value* MountFn(const char* name, State* state, int argc, Expr* argv[]) { const MtdPartition* mtd; mtd = mtd_find_partition_by_name(location); if (mtd == NULL) { - uiPrintf(state, "%s: no mtd partition named \"%s\"", + uiPrintf(state, "%s: no mtd partition named \"%s\"\n", name, location); result = strdup(""); goto done; @@ -1246,28 +1256,24 @@ Value* ApplyPatchCheckFn(const char* name, State* state, return StringValue(strdup(result == 0 ? "t" : "")); } +// This is the updater side handler for ui_print() in edify script. Contents +// will be sent over to the recovery side for on-screen display. Value* UIPrintFn(const char* name, State* state, int argc, Expr* argv[]) { char** args = ReadVarArgs(state, argc, argv); if (args == NULL) { return NULL; } - int size = 0; - int i; - for (i = 0; i < argc; ++i) { - size += strlen(args[i]); - } - char* buffer = reinterpret_cast(malloc(size+1)); - size = 0; - for (i = 0; i < argc; ++i) { - strcpy(buffer+size, args[i]); - size += strlen(args[i]); + std::string buffer; + for (int i = 0; i < argc; ++i) { + buffer += args[i]; free(args[i]); } free(args); - buffer[size] = '\0'; + + buffer += "\n"; uiPrint(state, buffer); - return StringValue(buffer); + return StringValue(strdup(buffer.c_str())); } Value* WipeCacheFn(const char* name, State* state, int argc, Expr* argv[]) { -- cgit v1.2.3 From 9a7fd80d2dd706343f24c91b0756771aca8504a5 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 10 Sep 2015 13:33:58 -0700 Subject: recovery: Remove redirect_stdio() when calling ShowFile(). When calling ScreenRecoveryUI::ShowFile(), the only thing that gets inadequately logged is the progress bar. Replace the call to ScreenRecoveryUI::Print() with ScreenRecoveryUI::PrintOnScreenOnly() for the progress bar, so we can avoid calling redirect_stdio(). Change-Id: I4d7c5d5b39bebe0d5880a99d7a72cee4f0b8f325 --- recovery.cpp | 3 --- screen_ui.cpp | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/recovery.cpp b/recovery.cpp index c683bae1d..379137a64 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -745,10 +745,7 @@ static void choose_recovery_file(Device* device) { int chosen_item = get_menu_selection(headers, entries, 1, 0, device); if (strcmp(entries[chosen_item], "Back") == 0) break; - // TODO: do we need to redirect? ShowFile could just avoid writing to stdio. - redirect_stdio("/dev/null"); ui->ShowFile(entries[chosen_item]); - redirect_stdio(TEMPORARY_LOG_FILE); } for (size_t i = 0; i < (sizeof(entries) / sizeof(*entries)); i++) { diff --git a/screen_ui.cpp b/screen_ui.cpp index ddf85c19e..f2fda2fb5 100644 --- a/screen_ui.cpp +++ b/screen_ui.cpp @@ -581,7 +581,7 @@ void ScreenRecoveryUI::ShowFile(FILE* fp) { bool show_prompt = false; while (true) { if (show_prompt) { - Print("--(%d%% of %d bytes)--", + PrintOnScreenOnly("--(%d%% of %d bytes)--", static_cast(100 * (double(ftell(fp)) / double(sb.st_size))), static_cast(sb.st_size)); Redraw(); -- cgit v1.2.3 From 04ca426362d759afe5d3de1120ead97dfd7591ff Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 10 Sep 2015 15:32:24 -0700 Subject: recovery: Add timestamps in update logs. Fork a logger process and send over the log lines through a pipe. Prepend a timestamp to each line for debugging purpose. Timestamps are relative to the start of the logger. Example lines with the change in this CL: [ 445.948393] Verifying update package... [ 446.279139] I:comment is 1738 bytes; signature 1720 bytes from end [ 449.463652] I:whole-file signature verified against RSA key 0 [ 449.463704] I:verify_file returned 0 Change-Id: I139d02ed8f2e944c1618c91d5cc43282efd50b99 --- recovery.cpp | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 98 insertions(+), 16 deletions(-) diff --git a/recovery.cpp b/recovery.cpp index 379137a64..5f3bfca43 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -31,6 +31,8 @@ #include #include +#include + #include #include #include @@ -151,8 +153,7 @@ static const int MAX_ARG_LENGTH = 4096; static const int MAX_ARGS = 100; // open a given path, mounting partitions as necessary -FILE* -fopen_path(const char *path, const char *mode) { +FILE* fopen_path(const char *path, const char *mode) { if (ensure_path_mounted(path) != 0) { LOGE("Can't mount %s\n", path); return NULL; @@ -166,23 +167,102 @@ fopen_path(const char *path, const char *mode) { return fp; } +// close a file, log an error if the error indicator is set +static void check_and_fclose(FILE *fp, const char *name) { + fflush(fp); + if (ferror(fp)) LOGE("Error in %s\n(%s)\n", name, strerror(errno)); + fclose(fp); +} + bool is_ro_debuggable() { char value[PROPERTY_VALUE_MAX+1]; return (property_get("ro.debuggable", value, NULL) == 1 && value[0] == '1'); } static void redirect_stdio(const char* filename) { - // If these fail, there's not really anywhere to complain... - freopen(filename, "a", stdout); setbuf(stdout, NULL); - freopen(filename, "a", stderr); setbuf(stderr, NULL); -} + int pipefd[2]; + if (pipe(pipefd) == -1) { + LOGE("pipe failed: %s\n", strerror(errno)); -// close a file, log an error if the error indicator is set -static void -check_and_fclose(FILE *fp, const char *name) { - fflush(fp); - if (ferror(fp)) LOGE("Error in %s\n(%s)\n", name, strerror(errno)); - fclose(fp); + // Fall back to traditional logging mode without timestamps. + // If these fail, there's not really anywhere to complain... + freopen(filename, "a", stdout); setbuf(stdout, NULL); + freopen(filename, "a", stderr); setbuf(stderr, NULL); + + return; + } + + pid_t pid = fork(); + if (pid == -1) { + LOGE("fork failed: %s\n", strerror(errno)); + + // Fall back to traditional logging mode without timestamps. + // If these fail, there's not really anywhere to complain... + freopen(filename, "a", stdout); setbuf(stdout, NULL); + freopen(filename, "a", stderr); setbuf(stderr, NULL); + + return; + } + + if (pid == 0) { + /// Close the unused write end. + close(pipefd[1]); + + auto start = std::chrono::steady_clock::now(); + + // Child logger to actually write to the log file. + FILE* log_fp = fopen(filename, "a"); + if (log_fp == nullptr) { + LOGE("fopen \"%s\" failed: %s\n", filename, strerror(errno)); + close(pipefd[0]); + _exit(1); + } + + FILE* pipe_fp = fdopen(pipefd[0], "r"); + if (pipe_fp == nullptr) { + LOGE("fdopen failed: %s\n", strerror(errno)); + check_and_fclose(log_fp, filename); + close(pipefd[0]); + _exit(1); + } + + char* line = nullptr; + size_t len = 0; + while (getline(&line, &len, pipe_fp) != -1) { + auto now = std::chrono::steady_clock::now(); + double duration = std::chrono::duration_cast>( + now - start).count(); + if (line[0] == '\n') { + fprintf(log_fp, "[%12.6lf]\n", duration); + } else { + fprintf(log_fp, "[%12.6lf] %s", duration, line); + } + fflush(log_fp); + } + + LOGE("getline failed: %s\n", strerror(errno)); + + free(line); + check_and_fclose(log_fp, filename); + close(pipefd[0]); + _exit(1); + } else { + // Redirect stdout/stderr to the logger process. + // Close the unused read end. + close(pipefd[0]); + + setbuf(stdout, nullptr); + setbuf(stderr, nullptr); + + if (dup2(pipefd[1], STDOUT_FILENO) == -1) { + LOGE("dup2 stdout failed: %s\n", strerror(errno)); + } + if (dup2(pipefd[1], STDERR_FILENO) == -1) { + LOGE("dup2 stderr failed: %s\n", strerror(errno)); + } + + close(pipefd[1]); + } } // command line args come from, in decreasing precedence: @@ -927,10 +1007,6 @@ ui_print(const char* format, ...) { int main(int argc, char **argv) { - time_t start = time(NULL); - - redirect_stdio(TEMPORARY_LOG_FILE); - // If this binary is started with the single argument "--adbd", // instead of being the normal recovery binary, it turns into kind // of a stripped-down version of adbd that only supports the @@ -943,6 +1019,12 @@ main(int argc, char **argv) { return 0; } + time_t start = time(NULL); + + // redirect_stdio should be called only in non-sideload mode. Otherwise + // we may have two logger instances with different timestamps. + redirect_stdio(TEMPORARY_LOG_FILE); + printf("Starting recovery (pid %d) on %s", getpid(), ctime(&start)); load_volume_table(); -- cgit v1.2.3 From 7c913e5faa1f3aa226c8de61cdc24e9be26ac422 Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Wed, 23 Sep 2015 16:03:11 -0700 Subject: minadbd: move from D() to VLOG(). Change-Id: I542e2ae8f5ef18b2d6b3dbc1888b3ce1e02a7404 --- minadbd/adb_main.cpp | 4 +--- minadbd/services.cpp | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/minadbd/adb_main.cpp b/minadbd/adb_main.cpp index 514f19699..c968204b2 100644 --- a/minadbd/adb_main.cpp +++ b/minadbd/adb_main.cpp @@ -19,8 +19,6 @@ #include #include -#define TRACE_TAG TRACE_ADB - #include "sysdeps.h" #include "adb.h" @@ -38,7 +36,7 @@ int adb_main(int is_daemon, int server_port, int /* reply_fd */) { init_transport_registration(); usb_init(); - D("Event loop starting\n"); + VLOG(ADB) << "Event loop starting"; fdevent_loop(); return 0; diff --git a/minadbd/services.cpp b/minadbd/services.cpp index 5c1d35614..2a3027bd8 100644 --- a/minadbd/services.cpp +++ b/minadbd/services.cpp @@ -23,7 +23,6 @@ #include "sysdeps.h" -#define TRACE_TAG TRACE_SERVICES #include "adb.h" #include "fdevent.h" #include "fuse_adb_provider.h" @@ -82,7 +81,7 @@ static int create_service_thread(void (*func)(int, void *), void *cookie) { return -1; } - D("service thread started, %d:%d\n",s[0], s[1]); + VLOG(SERVICES) << "service thread started, " << s[0] << ":" << s[1]; return s[0]; } -- cgit v1.2.3 From 5701d5829de3915e9de0f27a64554297ba88c8a4 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 24 Sep 2015 10:56:48 -0700 Subject: Suppress some compiler warnings due to signedness. Change-Id: I63f28b3b4ba4185c23b972fc8f93517295b1672a --- mtdutils/mtdutils.c | 8 ++++---- updater/install.cpp | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/mtdutils/mtdutils.c b/mtdutils/mtdutils.c index cc3033444..cd4f52cd5 100644 --- a/mtdutils/mtdutils.c +++ b/mtdutils/mtdutils.c @@ -300,20 +300,20 @@ static int read_block(const MtdPartition *partition, int fd, char *data) if (TEMP_FAILURE_RETRY(lseek64(fd, pos, SEEK_SET)) != pos || TEMP_FAILURE_RETRY(read(fd, data, size)) != size) { printf("mtd: read error at 0x%08llx (%s)\n", - pos, strerror(errno)); + (long long)pos, strerror(errno)); } else if (ioctl(fd, ECCGETSTATS, &after)) { printf("mtd: ECCGETSTATS error (%s)\n", strerror(errno)); return -1; } else if (after.failed != before.failed) { printf("mtd: ECC errors (%d soft, %d hard) at 0x%08llx\n", - after.corrected - before.corrected, - after.failed - before.failed, pos); + after.corrected - before.corrected, + after.failed - before.failed, (long long)pos); // copy the comparison baseline for the next read. memcpy(&before, &after, sizeof(struct mtd_ecc_stats)); } else if ((mgbb = ioctl(fd, MEMGETBADBLOCK, &pos))) { fprintf(stderr, "mtd: MEMGETBADBLOCK returned %d at 0x%08llx: %s\n", - mgbb, pos, strerror(errno)); + mgbb, (long long)pos, strerror(errno)); } else { return 0; // Success! } diff --git a/updater/install.cpp b/updater/install.cpp index a6ed078ba..68c990241 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -990,7 +990,7 @@ Value* FileGetPropFn(const char* name, State* state, int argc, Expr* argv[]) { goto done; } - if (fread(buffer, 1, st.st_size, f) != st.st_size) { + if (fread(buffer, 1, st.st_size, f) != static_cast(st.st_size)) { ErrorAbort(state, "%s: failed to read %lld bytes from %s", name, (long long)st.st_size+1, filename); fclose(f); -- cgit v1.2.3 From b15fd224edcab95732fbfaa237c7b9cde9c23812 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 24 Sep 2015 11:10:51 -0700 Subject: updater: Use android::base::ParseInt() to parse integers. Change-Id: Ic769eafc8d9535b1d517d3dcbd398c3fd65cddd9 --- updater/blockimg.cpp | 65 ++++++++++++++++++++-------------------------------- updater/install.cpp | 24 +++++++++---------- 2 files changed, 37 insertions(+), 52 deletions(-) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 6111d0d1e..ddb474ffd 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -36,6 +36,7 @@ #include #include +#include #include #include "applypatch/applypatch.h" @@ -77,40 +78,31 @@ static void parse_range(const char* range_text, RangeSet& rs) { goto err; } - errno = 0; - val = strtol(pieces[0].c_str(), nullptr, 0); - - if (errno != 0 || val < 2 || val > INT_MAX) { + size_t num; + if (!android::base::ParseUint(pieces[0].c_str(), &num, static_cast(INT_MAX))) { goto err; - } else if (val % 2) { + } + + if (num == 0 || num % 2) { goto err; // must be even - } else if (val != static_cast(pieces.size() - 1)) { + } else if (num != pieces.size() - 1) { goto err; } - size_t num; - num = static_cast(val); - rs.pos.resize(num); rs.count = num / 2; rs.size = 0; for (size_t i = 0; i < num; i += 2) { - const char* token = pieces[i+1].c_str(); - errno = 0; - val = strtol(token, nullptr, 0); - if (errno != 0 || val < 0 || val > INT_MAX) { + if (!android::base::ParseUint(pieces[i+1].c_str(), &rs.pos[i], + static_cast(INT_MAX))) { goto err; } - rs.pos[i] = static_cast(val); - token = pieces[i+2].c_str(); - errno = 0; - val = strtol(token, nullptr, 0); - if (errno != 0 || val < 0 || val > INT_MAX) { + if (!android::base::ParseUint(pieces[i+2].c_str(), &rs.pos[i+1], + static_cast(INT_MAX))) { goto err; } - rs.pos[i+1] = static_cast(val); if (rs.pos[i] >= rs.pos[i+1]) { goto err; // empty or negative range @@ -800,7 +792,7 @@ static int LoadSrcTgtVersion2(char** wordsave, RangeSet& tgt, size_t& src_blocks // word = strtok_r(nullptr, " ", wordsave); - src_blocks = strtol(word, nullptr, 0); + android::base::ParseUint(word, &src_blocks); allocate(src_blocks * BLOCKSIZE, buffer); @@ -1381,24 +1373,21 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg std::vector lines = android::base::Split(transfer_list, "\n"); // First line in transfer list is the version number - long int val; - errno = 0; - val = strtol(lines[0].c_str(), nullptr, 0); - if (errno != 0 || val < 1 || val > 3) { + if (!android::base::ParseInt(lines[0].c_str(), ¶ms.version, 1, 3)) { fprintf(stderr, "unexpected transfer list version [%s]\n", lines[0].c_str()); return StringValue(strdup("")); } - params.version = static_cast(val); fprintf(stderr, "blockimg version is %d\n", params.version); // Second line in transfer list is the total number of blocks we expect to write - int total_blocks = strtol(lines[1].c_str(), nullptr, 0); - - if (total_blocks < 0) { + int total_blocks; + if (!android::base::ParseInt(lines[1].c_str(), &total_blocks, 0)) { ErrorAbort(state, "unexpected block count [%s]\n", lines[1].c_str()); return StringValue(strdup("")); - } else if (total_blocks == 0) { + } + + if (total_blocks == 0) { return StringValue(strdup("t")); } @@ -1408,24 +1397,20 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg fprintf(stderr, "maximum stash entries %s\n", lines[2].c_str()); // Fourth line is the maximum number of blocks that will be stashed simultaneously - int stash_max_blocks = strtol(lines[3].c_str(), nullptr, 0); - - if (stash_max_blocks < 0) { + int stash_max_blocks; + if (!android::base::ParseInt(lines[3].c_str(), &stash_max_blocks, 0)) { ErrorAbort(state, "unexpected maximum stash blocks [%s]\n", lines[3].c_str()); return StringValue(strdup("")); } - if (stash_max_blocks >= 0) { - int res = CreateStash(state, stash_max_blocks, blockdev_filename->data, - params.stashbase); - - if (res == -1) { - return StringValue(strdup("")); - } + int res = CreateStash(state, stash_max_blocks, blockdev_filename->data, params.stashbase); - params.createdstash = res; + if (res == -1) { + return StringValue(strdup("")); } + params.createdstash = res; + start += 2; } diff --git a/updater/install.cpp b/updater/install.cpp index 68c990241..97e390560 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -34,6 +34,7 @@ #include #include +#include #include #include @@ -474,7 +475,8 @@ Value* ShowProgressFn(const char* name, State* state, int argc, Expr* argv[]) { } double frac = strtod(frac_str, NULL); - int sec = strtol(sec_str, NULL, 10); + int sec; + android::base::ParseInt(sec_str, &sec); UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); fprintf(ui->cmd_pipe, "progress %f %d\n", frac, sec); @@ -1145,12 +1147,11 @@ Value* ApplyPatchSpaceFn(const char* name, State* state, return NULL; } - char* endptr; - size_t bytes = strtol(bytes_str, &endptr, 10); - if (bytes == 0 && endptr == bytes_str) { + size_t bytes; + if (!android::base::ParseUint(bytes_str, &bytes)) { ErrorAbort(state, "%s(): can't parse \"%s\" as byte count\n\n", name, bytes_str); free(bytes_str); - return NULL; + return nullptr; } return StringValue(strdup(CacheSizeCheck(bytes) ? "" : "t")); @@ -1174,16 +1175,14 @@ Value* ApplyPatchFn(const char* name, State* state, int argc, Expr* argv[]) { return NULL; } - char* endptr; - size_t target_size = strtol(target_size_str, &endptr, 10); - if (target_size == 0 && endptr == target_size_str) { - ErrorAbort(state, "%s(): can't parse \"%s\" as byte count", - name, target_size_str); + size_t target_size; + if (!android::base::ParseUint(target_size_str, &target_size)) { + ErrorAbort(state, "%s(): can't parse \"%s\" as byte count", name, target_size_str); free(source_filename); free(target_filename); free(target_sha1); free(target_size_str); - return NULL; + return nullptr; } int patchcount = (argc-4) / 2; @@ -1523,7 +1522,8 @@ Value* WipeBlockDeviceFn(const char* name, State* state, int argc, Expr* argv[]) char* len_str; if (ReadArgs(state, argv, 2, &filename, &len_str) < 0) return NULL; - size_t len = strtoull(len_str, NULL, 0); + size_t len; + android::base::ParseUint(len_str, &len); int fd = open(filename, O_WRONLY, 0644); int success = wipe_block_device(fd, len); -- cgit v1.2.3 From 6a47dffde514b2510fac9a6842d0c1b160e42fc5 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 25 Sep 2015 17:12:28 -0700 Subject: updater: Skip empty lines in the transfer list file. We have the last line being empty as a result of android::base::Split("a\nb\n"), which leads to "missing command" warnings in the update. Just skip all the empty lines. Bug: 24373789 Change-Id: I5827e4600bd5cf0418d95477e4592fec47bbd3a9 --- updater/blockimg.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index ddb474ffd..54f2b6ed7 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -1428,6 +1428,10 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg // Subsequent lines are all individual transfer commands for (auto it = lines.cbegin() + start; it != lines.cend(); it++) { const std::string& line_str(*it); + if (line_str.empty()) { + continue; + } + char* line = strdup(line_str.c_str()); params.cmdname = strtok_r(line, " ", ¶ms.cpos); -- cgit v1.2.3 From c8a3c80603d4a78ff1f3c87dbf4206ac4306b150 Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Tue, 29 Sep 2015 18:05:30 -0700 Subject: minadbd: use strdup() to create argument for sideload thread. So sideload thread will not use argument which is to be freed in the main thread. Bug: 23968770 Change-Id: I9d6dadc6c33cfbe4b5759382a80fe14cd0d54355 --- minadbd/services.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/minadbd/services.cpp b/minadbd/services.cpp index 2a3027bd8..d25648fb4 100644 --- a/minadbd/services.cpp +++ b/minadbd/services.cpp @@ -43,13 +43,14 @@ void* service_bootstrap_func(void* x) { } static void sideload_host_service(int sfd, void* data) { - const char* args = reinterpret_cast(data); + char* args = reinterpret_cast(data); int file_size; int block_size; if (sscanf(args, "%d:%d", &file_size, &block_size) != 2) { printf("bad sideload-host arguments: %s\n", args); exit(1); } + free(args); printf("sideload-host file size %d block size %d\n", file_size, block_size); @@ -94,7 +95,8 @@ int service_to_fd(const char* name, const atransport* transport) { // sideload-host). exit(3); } else if (!strncmp(name, "sideload-host:", 14)) { - ret = create_service_thread(sideload_host_service, (void*)(name + 14)); + char* arg = strdup(name + 14); + ret = create_service_thread(sideload_host_service, arg); } if (ret >= 0) { close_on_exec(ret); -- cgit v1.2.3 From 0a7b47397db3648afe6f3aeb2abb175934c2cbca Mon Sep 17 00:00:00 2001 From: Sami Tolvanen Date: Thu, 25 Jun 2015 10:25:36 +0100 Subject: Error correction: Use libfec in blockimg.cpp for recovery Add block_image_recover function to rewrite corrupted blocks on the partition. This can be attempted if block_image_verify fails. Note that we cannot use libfec during block_image_update as it may overwrite blocks required for error correction. A separate recovery pass in case the image is corrupted is the only viable option. Bug: 21893453 Change-Id: I6ff25648fff68d5f50b41a601c95c509d1cc5bce --- updater/Android.mk | 3 ++- updater/blockimg.cpp | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 1 deletion(-) diff --git a/updater/Android.mk b/updater/Android.mk index 82fa7e265..dcf437474 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -33,12 +33,13 @@ LOCAL_CLANG := true LOCAL_SRC_FILES := $(updater_src_files) +LOCAL_STATIC_LIBRARIES += libfec libfec_rs libext4_utils_static libsquashfs_utils libcrypto_static + ifeq ($(TARGET_USERIMAGES_USE_EXT4), true) LOCAL_CFLAGS += -DUSE_EXT4 LOCAL_CFLAGS += -Wno-unused-parameter LOCAL_C_INCLUDES += system/extras/ext4_utils LOCAL_STATIC_LIBRARIES += \ - libext4_utils_static \ libsparse_static \ libz endif diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 54f2b6ed7..4a813b1d8 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -31,6 +31,7 @@ #include #include #include +#include #include #include @@ -1638,8 +1639,83 @@ Value* RangeSha1Fn(const char* name, State* state, int /* argc */, Expr* argv[]) return StringValue(strdup(print_sha1(digest).c_str())); } +Value* BlockImageRecoverFn(const char* name, State* state, int argc, Expr* argv[]) { + Value* arg_filename; + Value* arg_ranges; + + if (ReadValueArgs(state, argv, 2, &arg_filename, &arg_ranges) < 0) { + return NULL; + } + + std::unique_ptr filename(arg_filename, FreeValue); + std::unique_ptr ranges(arg_ranges, FreeValue); + + if (filename->type != VAL_STRING) { + ErrorAbort(state, "filename argument to %s must be string", name); + return StringValue(strdup("")); + } + if (ranges->type != VAL_STRING) { + ErrorAbort(state, "ranges argument to %s must be string", name); + return StringValue(strdup("")); + } + + // When opened with O_RDWR, libfec rewrites corrupted blocks when they are read + fec::io fh(filename->data, O_RDWR); + + if (!fh) { + ErrorAbort(state, "fec_open \"%s\" failed: %s", filename->data, strerror(errno)); + return StringValue(strdup("")); + } + + if (!fh.has_ecc() || !fh.has_verity()) { + ErrorAbort(state, "unable to use metadata to correct errors"); + return StringValue(strdup("")); + } + + fec_status status; + + if (!fh.get_status(status)) { + ErrorAbort(state, "failed to read FEC status"); + return StringValue(strdup("")); + } + + RangeSet rs; + parse_range(ranges->data, rs); + + uint8_t buffer[BLOCKSIZE]; + + for (size_t i = 0; i < rs.count; ++i) { + for (size_t j = rs.pos[i * 2]; j < rs.pos[i * 2 + 1]; ++j) { + // Stay within the data area, libfec validates and corrects metadata + if (status.data_size <= (uint64_t)j * BLOCKSIZE) { + continue; + } + + if (fh.pread(buffer, BLOCKSIZE, (off64_t)j * BLOCKSIZE) != BLOCKSIZE) { + ErrorAbort(state, "failed to recover %s (block %d): %s", filename->data, + j, strerror(errno)); + return StringValue(strdup("")); + } + + // If we want to be able to recover from a situation where rewriting a corrected + // block doesn't guarantee the same data will be returned when re-read later, we + // can save a copy of corrected blocks to /cache. Note: + // + // 1. Maximum space required from /cache is the same as the maximum number of + // corrupted blocks we can correct. For RS(255, 253) and a 2 GiB partition, + // this would be ~16 MiB, for example. + // + // 2. To find out if this block was corrupted, call fec_get_status after each + // read and check if the errors field value has increased. + } + } + + return StringValue(strdup("t")); +} + void RegisterBlockImageFunctions() { RegisterFunction("block_image_verify", BlockImageVerifyFn); RegisterFunction("block_image_update", BlockImageUpdateFn); + RegisterFunction("block_image_recover", BlockImageRecoverFn); RegisterFunction("range_sha1", RangeSha1Fn); } -- cgit v1.2.3 From 1fdec8685af858c5ff4f45d2e3059186ab5ed2ab Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 21 Oct 2015 14:57:44 -0700 Subject: updater: Bump up the BBOTA version to 4. To accommodate new changes in N release, such as error correction [1] and other potential changes to the updater. [1]: commit 0a7b47397db3648afe6f3aeb2abb175934c2cbca Change-Id: I4dd44417d07dd0a31729894628635a0aa1659008 --- updater/blockimg.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 4a813b1d8..dd6cf0d96 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -1374,7 +1374,7 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg std::vector lines = android::base::Split(transfer_list, "\n"); // First line in transfer list is the version number - if (!android::base::ParseInt(lines[0].c_str(), ¶ms.version, 1, 3)) { + if (!android::base::ParseInt(lines[0].c_str(), ¶ms.version, 1, 4)) { fprintf(stderr, "unexpected transfer list version [%s]\n", lines[0].c_str()); return StringValue(strdup("")); } -- cgit v1.2.3 From f68351209f25ac92d12deb827e6efb5400052ac2 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Tue, 27 Oct 2015 21:53:18 -0700 Subject: recovery: Depend on mkfs.f2fs only if needed. Don't build mkfs.f2fs unless device defines TARGET_USERIMAGES_USE_F2FS. Change-Id: Ifac592c30315bbe7590c8fbf3a0844e6a7a31a1a --- Android.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Android.mk b/Android.mk index 74e7b1da5..4ffa5c9de 100644 --- a/Android.mk +++ b/Android.mk @@ -45,9 +45,11 @@ LOCAL_MODULE := recovery LOCAL_FORCE_STATIC_EXECUTABLE := true +ifeq ($(TARGET_USERIMAGES_USE_F2FS),true) ifeq ($(HOST_OS),linux) LOCAL_REQUIRED_MODULES := mkfs.f2fs endif +endif RECOVERY_API_VERSION := 3 RECOVERY_FSTAB_VERSION := 2 -- cgit v1.2.3 From cc4e3c6002efc42bce314c98909ecfc2d2f2ab02 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Wed, 4 Nov 2015 11:43:58 -0800 Subject: uncrypt: remove O_SYNC to avoid time-out failures This patch removes costly O_SYNC flag for encrypted block device. After writing whole decrypted blocks, fsync should guarantee their consistency from further power failures. This patch reduces the elapsed time significantly consumed by upgrading packages on an encrypted partition, so that it could avoid another time-out failures too. Change-Id: I1fb9022c83ecc00bad09d107fc87a6a09babb0ec Signed-off-by: Jaegeuk Kim --- uncrypt/uncrypt.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index aef480035..6db438258 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -234,7 +234,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* int wfd = -1; unique_fd wfd_holder(wfd); if (encrypted) { - wfd = open(blk_dev, O_WRONLY | O_SYNC); + wfd = open(blk_dev, O_WRONLY); wfd_holder = unique_fd(wfd); if (wfd == -1) { ALOGE("failed to open fd for writing: %s\n", strerror(errno)); -- cgit v1.2.3 From 63b089e3aa9302206fbfa8260804e501e6483b83 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Thu, 12 Nov 2015 21:07:55 -0800 Subject: We can use fclose directly in std::unique_ptr. It turns out the standard explicitly states that if the pointer is null, the deleter function won't be called. So it doesn't matter that fclose(3) doesn't accept null. Change-Id: I10e6e0d62209ec03ac60e673edd46f32ba279a04 --- uncrypt/uncrypt.cpp | 10 +++++----- unique_fd.h | 11 ----------- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 6db438258..4956cc297 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -186,8 +186,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* ALOGE("failed to open %s\n", map_file); return -1; } - FILE* mapf = fdopen(mapfd, "w"); - unique_file mapf_holder(mapf); + std::unique_ptr mapf(fdopen(mapfd, "w"), fclose); // Make sure we can write to the status_file. if (!android::base::WriteStringToFd("0\n", status_fd)) { @@ -212,7 +211,8 @@ static int produce_block_map(const char* path, const char* map_file, const char* ranges[0] = -1; ranges[1] = -1; - fprintf(mapf, "%s\n%lld %lu\n", blk_dev, (long long)sb.st_size, (unsigned long)sb.st_blksize); + fprintf(mapf.get(), "%s\n%lld %lu\n", + blk_dev, (long long)sb.st_size, (unsigned long)sb.st_blksize); unsigned char* buffers[WINDOW_SIZE]; if (encrypted) { @@ -309,9 +309,9 @@ static int produce_block_map(const char* path, const char* map_file, const char* ++head_block; } - fprintf(mapf, "%d\n", range_used); + fprintf(mapf.get(), "%d\n", range_used); for (int i = 0; i < range_used; ++i) { - fprintf(mapf, "%d %d\n", ranges[i*2], ranges[i*2+1]); + fprintf(mapf.get(), "%d %d\n", ranges[i*2], ranges[i*2+1]); } if (fsync(mapfd) == -1) { diff --git a/unique_fd.h b/unique_fd.h index 98a7c7b67..cc85383f8 100644 --- a/unique_fd.h +++ b/unique_fd.h @@ -59,15 +59,4 @@ class unique_fd { unique_fd& operator=(const unique_fd&) = delete; }; -// Custom deleter for unique_file to avoid fclose(NULL). -struct safe_fclose { - void operator()(FILE *fp) const { - if (fp) { - fclose(fp); - }; - } -}; - -using unique_file = std::unique_ptr; - #endif // UNIQUE_FD_H -- cgit v1.2.3 From d0db337d727707977fa562bcc492b27270e67937 Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Thu, 5 Nov 2015 13:38:40 -0800 Subject: Create convert_fbe breadcrumb file to support conversion to FBE Change-Id: I38b29e1e34ea793e4b87cd27a1d39fa905fddf7a --- recovery.cpp | 24 +++++++++++++++++++++++- roots.cpp | 8 ++++++-- roots.h | 6 ++++++ 3 files changed, 35 insertions(+), 3 deletions(-) diff --git a/recovery.cpp b/recovery.cpp index 5f3bfca43..e348b84d0 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -76,7 +76,10 @@ static const char *INTENT_FILE = "/cache/recovery/intent"; static const char *LOG_FILE = "/cache/recovery/log"; static const char *LAST_INSTALL_FILE = "/cache/recovery/last_install"; static const char *LOCALE_FILE = "/cache/recovery/last_locale"; +static const char *CONVERT_FBE_DIR = "/cache/recovery/convert_fbe"; +static const char *CONVERT_FBE_FILE = "/cache/recovery/convert_fbe/convert_fbe"; static const char *CACHE_ROOT = "/cache"; +static const char *DATA_ROOT = "/data"; static const char *SDCARD_ROOT = "/sdcard"; static const char *TEMPORARY_LOG_FILE = "/tmp/recovery.log"; static const char *TEMPORARY_INSTALL_FILE = "/tmp/last_install"; @@ -503,6 +506,7 @@ typedef struct _saved_log_file { static bool erase_volume(const char* volume) { bool is_cache = (strcmp(volume, CACHE_ROOT) == 0); + bool is_data = (strcmp(volume, DATA_ROOT) == 0); ui->SetBackground(RecoveryUI::ERASING); ui->SetProgressType(RecoveryUI::INDETERMINATE); @@ -557,7 +561,25 @@ static bool erase_volume(const char* volume) { ui->Print("Formatting %s...\n", volume); ensure_path_unmounted(volume); - int result = format_volume(volume); + + int result; + + if (is_data && reason && strcmp(reason, "convert_fbe") == 0) { + // Create convert_fbe breadcrumb file to signal to init + // to convert to file based encryption, not full disk encryption + mkdir(CONVERT_FBE_DIR, 0700); + FILE* f = fopen(CONVERT_FBE_FILE, "wb"); + if (!f) { + ui->Print("Failed to convert to file encryption\n"); + return true; + } + fclose(f); + result = format_volume(volume, CONVERT_FBE_DIR); + remove(CONVERT_FBE_FILE); + rmdir(CONVERT_FBE_DIR); + } else { + result = format_volume(volume); + } if (is_cache) { while (head) { diff --git a/roots.cpp b/roots.cpp index 12c6b5ee2..f361cb8ca 100644 --- a/roots.cpp +++ b/roots.cpp @@ -175,7 +175,7 @@ static int exec_cmd(const char* path, char* const argv[]) { return WEXITSTATUS(status); } -int format_volume(const char* volume) { +int format_volume(const char* volume, const char* directory) { Volume* v = volume_for_path(volume); if (v == NULL) { LOGE("unknown volume \"%s\"\n", volume); @@ -241,7 +241,7 @@ int format_volume(const char* volume) { } int result; if (strcmp(v->fs_type, "ext4") == 0) { - result = make_ext4fs(v->blk_device, length, volume, sehandle); + result = make_ext4fs_directory(v->blk_device, length, volume, sehandle, directory); } else { /* Has to be f2fs because we checked earlier. */ if (v->key_loc != NULL && strcmp(v->key_loc, "footer") == 0 && length < 0) { LOGE("format_volume: crypt footer + negative length (%zd) not supported on %s\n", length, v->fs_type); @@ -273,6 +273,10 @@ int format_volume(const char* volume) { return -1; } +int format_volume(const char* volume) { + return format_volume(volume, NULL); +} + int setup_install_mounts() { if (fstab == NULL) { LOGE("can't set up install mounts: no fstab loaded\n"); diff --git a/roots.h b/roots.h index 6e3b24355..a14b7d971 100644 --- a/roots.h +++ b/roots.h @@ -41,6 +41,12 @@ int ensure_path_unmounted(const char* path); // it is mounted. int format_volume(const char* volume); +// Reformat the given volume (must be the mount point only, eg +// "/cache"), no paths permitted. Attempts to unmount the volume if +// it is mounted. +// Copies 'directory' to root of the newly formatted volume +int format_volume(const char* volume, const char* directory); + // Ensure that all and only the volumes that packages expect to find // mounted (/tmp and /cache) are mounted. Returns 0 on success. int setup_install_mounts(); -- cgit v1.2.3 From 7101b2e2854985727b7ef65e5b5057e0ecf2d034 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 3 Jun 2015 10:49:29 -0700 Subject: recovery: Switch to clang And a few trival fixes to suppress warnings. Change-Id: Id28e3581aaca4bda59826afa80c0c1cdfb0442fc (cherry picked from commit 80e46e08de5f65702fa7f7cd3ef83f905d919bbc) --- Android.mk | 6 ++++-- adb_install.cpp | 2 +- applypatch/Android.mk | 5 +++++ edify/Android.mk | 2 ++ minadbd/Android.mk | 1 + minui/Android.mk | 1 + minzip/Android.mk | 2 ++ minzip/Zip.c | 2 -- mtdutils/Android.mk | 2 ++ recovery.cpp | 21 +++++++++++++++------ tests/Android.mk | 1 + uncrypt/Android.mk | 2 ++ updater/Android.mk | 2 ++ 13 files changed, 38 insertions(+), 11 deletions(-) diff --git a/Android.mk b/Android.mk index b31f73017..ac1ef83d8 100644 --- a/Android.mk +++ b/Android.mk @@ -14,11 +14,10 @@ LOCAL_PATH := $(call my-dir) - include $(CLEAR_VARS) LOCAL_SRC_FILES := fuse_sideload.c - +LOCAL_CLANG := true LOCAL_CFLAGS := -O2 -g -DADB_HOST=0 -Wall -Wno-unused-parameter LOCAL_CFLAGS += -D_XOPEN_SOURCE -D_GNU_SOURCE @@ -55,6 +54,7 @@ RECOVERY_API_VERSION := 3 RECOVERY_FSTAB_VERSION := 2 LOCAL_CFLAGS += -DRECOVERY_API_VERSION=$(RECOVERY_API_VERSION) LOCAL_CFLAGS += -Wno-unused-parameter +LOCAL_CLANG := true LOCAL_C_INCLUDES += \ system/vold \ @@ -99,6 +99,7 @@ include $(BUILD_EXECUTABLE) # All the APIs for testing include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_MODULE := libverifier LOCAL_MODULE_TAGS := tests LOCAL_SRC_FILES := \ @@ -106,6 +107,7 @@ LOCAL_SRC_FILES := \ include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_MODULE := verifier_test LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := tests diff --git a/adb_install.cpp b/adb_install.cpp index e3b94ea59..4cfcb2ab8 100644 --- a/adb_install.cpp +++ b/adb_install.cpp @@ -91,7 +91,7 @@ apply_from_adb(RecoveryUI* ui_, bool* wipe_cache, const char* install_file) { // FUSE_SIDELOAD_HOST_PATHNAME will start to exist once the host // connects and starts serving a package. Poll for its // appearance. (Note that inotify doesn't work with FUSE.) - int result; + int result = INSTALL_ERROR; int status; bool waited = false; struct stat st; diff --git a/applypatch/Android.mk b/applypatch/Android.mk index 4984093dd..4936db2a2 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -13,8 +13,10 @@ # limitations under the License. LOCAL_PATH := $(call my-dir) + include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_SRC_FILES := applypatch.c bspatch.c freecache.c imgpatch.c utils.c LOCAL_MODULE := libapplypatch LOCAL_MODULE_TAGS := eng @@ -25,6 +27,7 @@ include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_SRC_FILES := main.c LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery @@ -35,6 +38,7 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_SRC_FILES := main.c LOCAL_MODULE := applypatch_static LOCAL_FORCE_STATIC_EXECUTABLE := true @@ -47,6 +51,7 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_SRC_FILES := imgdiff.c utils.c bsdiff.c LOCAL_MODULE := imgdiff LOCAL_FORCE_STATIC_EXECUTABLE := true diff --git a/edify/Android.mk b/edify/Android.mk index 03c04e432..c36645045 100644 --- a/edify/Android.mk +++ b/edify/Android.mk @@ -25,6 +25,7 @@ LOCAL_CFLAGS := $(edify_cflags) -g -O0 LOCAL_MODULE := edify LOCAL_YACCFLAGS := -v LOCAL_CFLAGS += -Wno-unused-parameter +LOCAL_CLANG := true include $(BUILD_HOST_EXECUTABLE) @@ -38,5 +39,6 @@ LOCAL_SRC_FILES := $(edify_src_files) LOCAL_CFLAGS := $(edify_cflags) LOCAL_CFLAGS += -Wno-unused-parameter LOCAL_MODULE := libedify +LOCAL_CLANG := true include $(BUILD_STATIC_LIBRARY) diff --git a/minadbd/Android.mk b/minadbd/Android.mk index a7a3e087d..3db3b4114 100644 --- a/minadbd/Android.mk +++ b/minadbd/Android.mk @@ -15,6 +15,7 @@ LOCAL_SRC_FILES := \ fuse_adb_provider.cpp \ services.cpp \ +LOCAL_CLANG := true LOCAL_MODULE := libminadbd LOCAL_CFLAGS := $(minadbd_cflags) LOCAL_CONLY_FLAGS := -Wimplicit-function-declaration diff --git a/minui/Android.mk b/minui/Android.mk index 97724fbf0..3057f452c 100644 --- a/minui/Android.mk +++ b/minui/Android.mk @@ -41,6 +41,7 @@ include $(BUILD_STATIC_LIBRARY) # Used by OEMs for factory test images. include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_MODULE := libminui LOCAL_WHOLE_STATIC_LIBRARIES += libminui LOCAL_SHARED_LIBRARIES := libpng diff --git a/minzip/Android.mk b/minzip/Android.mk index 045f35570..48d26bcb7 100644 --- a/minzip/Android.mk +++ b/minzip/Android.mk @@ -16,6 +16,8 @@ LOCAL_STATIC_LIBRARIES := libselinux LOCAL_MODULE := libminzip +LOCAL_CLANG := true + LOCAL_CFLAGS += -Wall include $(BUILD_STATIC_LIBRARY) diff --git a/minzip/Zip.c b/minzip/Zip.c index 40712e03a..a64c833f9 100644 --- a/minzip/Zip.c +++ b/minzip/Zip.c @@ -506,7 +506,6 @@ static bool processDeflatedEntry(const ZipArchive *pArchive, void *cookie) { long result = -1; - unsigned char readBuf[32 * 1024]; unsigned char procBuf[32 * 1024]; z_stream zstream; int zerr; @@ -603,7 +602,6 @@ bool mzProcessZipEntryContents(const ZipArchive *pArchive, void *cookie) { bool ret = false; - off_t oldOff; switch (pEntry->compression) { case STORED: diff --git a/mtdutils/Android.mk b/mtdutils/Android.mk index f04355b5e..b7d35c27a 100644 --- a/mtdutils/Android.mk +++ b/mtdutils/Android.mk @@ -6,10 +6,12 @@ LOCAL_SRC_FILES := \ mounts.c LOCAL_MODULE := libmtdutils +LOCAL_CLANG := true include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_SRC_FILES := flash_image.c LOCAL_MODULE := flash_image LOCAL_MODULE_TAGS := eng diff --git a/recovery.cpp b/recovery.cpp index b7a545898..a0c74524e 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -326,14 +326,18 @@ static void rotate_logs(int max) { ensure_path_mounted(LAST_KMSG_FILE); for (int i = max-1; i >= 0; --i) { - std::string old_log = android::base::StringPrintf((i == 0) ? "%s" : "%s.%d", - LAST_LOG_FILE, i); + std::string old_log = android::base::StringPrintf("%s", LAST_LOG_FILE); + if (i > 0) { + old_log += "." + std::to_string(i); + } std::string new_log = android::base::StringPrintf("%s.%d", LAST_LOG_FILE, i+1); // Ignore errors if old_log doesn't exist. rename(old_log.c_str(), new_log.c_str()); - std::string old_kmsg = android::base::StringPrintf((i == 0) ? "%s" : "%s.%d", - LAST_KMSG_FILE, i); + std::string old_kmsg = android::base::StringPrintf("%s", LAST_KMSG_FILE); + if (i > 0) { + old_kmsg += "." + std::to_string(i); + } std::string new_kmsg = android::base::StringPrintf("%s.%d", LAST_KMSG_FILE, i+1); rename(old_kmsg.c_str(), new_kmsg.c_str()); } @@ -706,7 +710,10 @@ static void choose_recovery_file(Device* device) { // Add LAST_KMSG_FILE + LAST_KMSG_FILE.x for (int i = 0; i < KEEP_LOG_COUNT; i++) { char* log_file; - if (asprintf(&log_file, (i == 0) ? "%s" : "%s.%d", LAST_LOG_FILE, i) == -1) { + int ret; + ret = (i == 0) ? asprintf(&log_file, "%s", LAST_LOG_FILE) : + asprintf(&log_file, "%s.%d", LAST_LOG_FILE, i); + if (ret == -1) { // memory allocation failure - return early. Should never happen. return; } @@ -717,7 +724,9 @@ static void choose_recovery_file(Device* device) { } char* kmsg_file; - if (asprintf(&kmsg_file, (i == 0) ? "%s" : "%s.%d", LAST_KMSG_FILE, i) == -1) { + ret = (i == 0) ? asprintf(&kmsg_file, "%s", LAST_KMSG_FILE) : + asprintf(&kmsg_file, "%s.%d", LAST_KMSG_FILE, i); + if (ret == -1) { // memory allocation failure - return early. Should never happen. return; } diff --git a/tests/Android.mk b/tests/Android.mk index 02a272a24..4ce00b457 100644 --- a/tests/Android.mk +++ b/tests/Android.mk @@ -17,6 +17,7 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) +LOCAL_CLANG := true LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk LOCAL_STATIC_LIBRARIES := libverifier LOCAL_SRC_FILES := asn1_decoder_test.cpp diff --git a/uncrypt/Android.mk b/uncrypt/Android.mk index c7d4d3746..e73c8f1b6 100644 --- a/uncrypt/Android.mk +++ b/uncrypt/Android.mk @@ -16,6 +16,8 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) +LOCAL_CLANG := true + LOCAL_SRC_FILES := uncrypt.cpp LOCAL_MODULE := uncrypt diff --git a/updater/Android.mk b/updater/Android.mk index ff02a33b0..a3df805ef 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -17,6 +17,8 @@ include $(CLEAR_VARS) # needed only for OTA packages.) LOCAL_MODULE_TAGS := eng +LOCAL_CLANG := true + LOCAL_SRC_FILES := $(updater_src_files) ifeq ($(TARGET_USERIMAGES_USE_EXT4), true) -- cgit v1.2.3 From 56deefba73fb318ba0498da49adc64de960a6e29 Mon Sep 17 00:00:00 2001 From: Dan Albert Date: Tue, 19 May 2015 11:33:18 -0700 Subject: Stop using libstdc++. These are already getting libc++, so it isn't necessary. If any of the other static libraries (such as adb) use new or delete from libc++, there will be symbol collisions. Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f (cherry picked from commit e49a9e527a51f43db792263bb60bfc91293848da) --- Android.mk | 2 -- applypatch/Android.mk | 4 ++-- updater/Android.mk | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/Android.mk b/Android.mk index ac1ef83d8..e43d55f66 100644 --- a/Android.mk +++ b/Android.mk @@ -77,7 +77,6 @@ LOCAL_STATIC_LIBRARIES := \ libcutils \ liblog \ libselinux \ - libstdc++ \ libm \ libc @@ -122,7 +121,6 @@ LOCAL_STATIC_LIBRARIES := \ libminui \ libminzip \ libcutils \ - libstdc++ \ libc include $(BUILD_EXECUTABLE) diff --git a/applypatch/Android.mk b/applypatch/Android.mk index 4936db2a2..eb3e4580e 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -32,7 +32,7 @@ LOCAL_SRC_FILES := main.c LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz -LOCAL_SHARED_LIBRARIES += libz libcutils libstdc++ libc +LOCAL_SHARED_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) @@ -45,7 +45,7 @@ LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += bootable/recovery LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz -LOCAL_STATIC_LIBRARIES += libz libcutils libstdc++ libc +LOCAL_STATIC_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) diff --git a/updater/Android.mk b/updater/Android.mk index a3df805ef..a0ea06fa5 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -34,7 +34,7 @@ endif LOCAL_STATIC_LIBRARIES += $(TARGET_RECOVERY_UPDATER_LIBS) $(TARGET_RECOVERY_UPDATER_EXTRA_LIBS) LOCAL_STATIC_LIBRARIES += libapplypatch libedify libmtdutils libminzip libz LOCAL_STATIC_LIBRARIES += libmincrypt libbz -LOCAL_STATIC_LIBRARIES += libcutils liblog libstdc++ libc +LOCAL_STATIC_LIBRARIES += libcutils liblog libc LOCAL_STATIC_LIBRARIES += libselinux tune2fs_static_libraries := \ libext2_com_err \ -- cgit v1.2.3 From 806f72f9e6ec0d15b550b79b0baa92a93fc646e3 Mon Sep 17 00:00:00 2001 From: Sami Tolvanen Date: Tue, 12 May 2015 12:48:46 +0100 Subject: Add error and range checks to parse_range Only trusted input is passed to parse_range, but check for invalid input to catch possible problems in transfer lists. Bug: 21033983 Bug: 21034030 Bug: 21034172 Bug: 21034406 Change-Id: I1e266de3de15c99ee596ebdb034419fdfe7eba1f (cherry picked from commit f2bac04e1ba0a5b79f8adbc35b493923b776f8b2) --- updater/blockimg.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 71 insertions(+), 10 deletions(-) diff --git a/updater/blockimg.c b/updater/blockimg.c index b006d10c5..e0be03917 100644 --- a/updater/blockimg.c +++ b/updater/blockimg.c @@ -61,30 +61,91 @@ typedef struct { int pos[0]; } RangeSet; +#define RANGESET_MAX_POINTS \ + ((int)((INT_MAX / sizeof(int)) - sizeof(RangeSet))) + static RangeSet* parse_range(char* text) { char* save; - int num; - num = strtol(strtok_r(text, ",", &save), NULL, 0); + char* token; + int i, num; + long int val; + RangeSet* out = NULL; + size_t bufsize; - RangeSet* out = malloc(sizeof(RangeSet) + num * sizeof(int)); - if (out == NULL) { - fprintf(stderr, "failed to allocate range of %zu bytes\n", - sizeof(RangeSet) + num * sizeof(int)); - exit(1); + if (!text) { + goto err; + } + + token = strtok_r(text, ",", &save); + + if (!token) { + goto err; + } + + val = strtol(token, NULL, 0); + + if (val < 2 || val > RANGESET_MAX_POINTS) { + goto err; + } else if (val % 2) { + goto err; // must be even + } + + num = (int) val; + bufsize = sizeof(RangeSet) + num * sizeof(int); + + out = malloc(bufsize); + + if (!out) { + fprintf(stderr, "failed to allocate range of %zu bytes\n", bufsize); + goto err; } + out->count = num / 2; out->size = 0; - int i; + for (i = 0; i < num; ++i) { - out->pos[i] = strtol(strtok_r(NULL, ",", &save), NULL, 0); - if (i%2) { + token = strtok_r(NULL, ",", &save); + + if (!token) { + goto err; + } + + val = strtol(token, NULL, 0); + + if (val < 0 || val > INT_MAX) { + goto err; + } + + out->pos[i] = (int) val; + + if (i % 2) { + if (out->pos[i - 1] >= out->pos[i]) { + goto err; // empty or negative range + } + + if (out->size > INT_MAX - out->pos[i]) { + goto err; // overflow + } + out->size += out->pos[i]; } else { + if (out->size < 0) { + goto err; + } + out->size -= out->pos[i]; } } + if (out->size <= 0) { + goto err; + } + return out; + +err: + fprintf(stderr, "failed to parse range '%s'\n", text ? text : "NULL"); + exit(1); } static int range_overlaps(RangeSet* r1, RangeSet* r2) { -- cgit v1.2.3 From 818fa781d1dbe35c0c5bfff3ebff1b45a2a676f0 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Tue, 23 Jun 2015 23:23:33 -0700 Subject: DO NOT MERGE recovery: Switch applypatch/ and updater/ to cpp. Mostly trivial changes to make cpp compiler happy. Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270 (cherry picked from commit ba9a42aa7e10686de186636fe9fecbf8c4cc7c19) --- applypatch/Android.mk | 8 +- applypatch/applypatch.c | 1048 ----------------------- applypatch/applypatch.cpp | 1025 +++++++++++++++++++++++ applypatch/bsdiff.c | 410 --------- applypatch/bsdiff.cpp | 410 +++++++++ applypatch/bspatch.c | 256 ------ applypatch/bspatch.cpp | 255 ++++++ applypatch/freecache.c | 172 ---- applypatch/freecache.cpp | 186 +++++ applypatch/imgdiff.c | 1060 ------------------------ applypatch/imgdiff.cpp | 1068 ++++++++++++++++++++++++ applypatch/imgpatch.c | 234 ------ applypatch/imgpatch.cpp | 234 ++++++ applypatch/main.c | 214 ----- applypatch/main.cpp | 213 +++++ applypatch/utils.c | 65 -- applypatch/utils.cpp | 65 ++ minzip/Hash.h | 8 + roots.cpp | 2 - updater/Android.mk | 18 +- updater/blockimg.c | 2014 --------------------------------------------- updater/blockimg.cpp | 2011 ++++++++++++++++++++++++++++++++++++++++++++ updater/install.c | 1625 ------------------------------------ updater/install.cpp | 1617 ++++++++++++++++++++++++++++++++++++ updater/updater.c | 169 ---- updater/updater.cpp | 169 ++++ 26 files changed, 7280 insertions(+), 7276 deletions(-) delete mode 100644 applypatch/applypatch.c create mode 100644 applypatch/applypatch.cpp delete mode 100644 applypatch/bsdiff.c create mode 100644 applypatch/bsdiff.cpp delete mode 100644 applypatch/bspatch.c create mode 100644 applypatch/bspatch.cpp delete mode 100644 applypatch/freecache.c create mode 100644 applypatch/freecache.cpp delete mode 100644 applypatch/imgdiff.c create mode 100644 applypatch/imgdiff.cpp delete mode 100644 applypatch/imgpatch.c create mode 100644 applypatch/imgpatch.cpp delete mode 100644 applypatch/main.c create mode 100644 applypatch/main.cpp delete mode 100644 applypatch/utils.c create mode 100644 applypatch/utils.cpp delete mode 100644 updater/blockimg.c create mode 100644 updater/blockimg.cpp delete mode 100644 updater/install.c create mode 100644 updater/install.cpp delete mode 100644 updater/updater.c create mode 100644 updater/updater.cpp diff --git a/applypatch/Android.mk b/applypatch/Android.mk index eb3e4580e..1f73fd897 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -17,7 +17,7 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) LOCAL_CLANG := true -LOCAL_SRC_FILES := applypatch.c bspatch.c freecache.c imgpatch.c utils.c +LOCAL_SRC_FILES := applypatch.cpp bspatch.cpp freecache.cpp imgpatch.cpp utils.cpp LOCAL_MODULE := libapplypatch LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += external/bzip2 external/zlib bootable/recovery @@ -28,7 +28,7 @@ include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) LOCAL_CLANG := true -LOCAL_SRC_FILES := main.c +LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz @@ -39,7 +39,7 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) LOCAL_CLANG := true -LOCAL_SRC_FILES := main.c +LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch_static LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := eng @@ -52,7 +52,7 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) LOCAL_CLANG := true -LOCAL_SRC_FILES := imgdiff.c utils.c bsdiff.c +LOCAL_SRC_FILES := imgdiff.cpp utils.cpp bsdiff.cpp LOCAL_MODULE := imgdiff LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_C_INCLUDES += external/zlib external/bzip2 diff --git a/applypatch/applypatch.c b/applypatch/applypatch.c deleted file mode 100644 index 2358d4292..000000000 --- a/applypatch/applypatch.c +++ /dev/null @@ -1,1048 +0,0 @@ -/* - * Copyright (C) 2008 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "mincrypt/sha.h" -#include "applypatch.h" -#include "mtdutils/mtdutils.h" -#include "edify/expr.h" - -static int LoadPartitionContents(const char* filename, FileContents* file); -static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token); -static int GenerateTarget(FileContents* source_file, - const Value* source_patch_value, - FileContents* copy_file, - const Value* copy_patch_value, - const char* source_filename, - const char* target_filename, - const uint8_t target_sha1[SHA_DIGEST_SIZE], - size_t target_size, - const Value* bonus_data); - -static int mtd_partitions_scanned = 0; - -// Read a file into memory; store the file contents and associated -// metadata in *file. -// -// Return 0 on success. -int LoadFileContents(const char* filename, FileContents* file) { - file->data = NULL; - - // A special 'filename' beginning with "MTD:" or "EMMC:" means to - // load the contents of a partition. - if (strncmp(filename, "MTD:", 4) == 0 || - strncmp(filename, "EMMC:", 5) == 0) { - return LoadPartitionContents(filename, file); - } - - if (stat(filename, &file->st) != 0) { - printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); - return -1; - } - - file->size = file->st.st_size; - file->data = malloc(file->size); - - FILE* f = fopen(filename, "rb"); - if (f == NULL) { - printf("failed to open \"%s\": %s\n", filename, strerror(errno)); - free(file->data); - file->data = NULL; - return -1; - } - - ssize_t bytes_read = fread(file->data, 1, file->size, f); - if (bytes_read != file->size) { - printf("short read of \"%s\" (%ld bytes of %ld)\n", - filename, (long)bytes_read, (long)file->size); - free(file->data); - file->data = NULL; - return -1; - } - fclose(f); - - SHA_hash(file->data, file->size, file->sha1); - return 0; -} - -static size_t* size_array; -// comparison function for qsort()ing an int array of indexes into -// size_array[]. -static int compare_size_indices(const void* a, const void* b) { - int aa = *(int*)a; - int bb = *(int*)b; - if (size_array[aa] < size_array[bb]) { - return -1; - } else if (size_array[aa] > size_array[bb]) { - return 1; - } else { - return 0; - } -} - -// Load the contents of an MTD or EMMC partition into the provided -// FileContents. filename should be a string of the form -// "MTD::::::..." (or -// "EMMC::..."). The smallest size_n bytes for -// which that prefix of the partition contents has the corresponding -// sha1 hash will be loaded. It is acceptable for a size value to be -// repeated with different sha1s. Will return 0 on success. -// -// This complexity is needed because if an OTA installation is -// interrupted, the partition might contain either the source or the -// target data, which might be of different lengths. We need to know -// the length in order to read from a partition (there is no -// "end-of-file" marker), so the caller must specify the possible -// lengths and the hash of the data, and we'll do the load expecting -// to find one of those hashes. -enum PartitionType { MTD, EMMC }; - -static int LoadPartitionContents(const char* filename, FileContents* file) { - char* copy = strdup(filename); - const char* magic = strtok(copy, ":"); - - enum PartitionType type; - - if (strcmp(magic, "MTD") == 0) { - type = MTD; - } else if (strcmp(magic, "EMMC") == 0) { - type = EMMC; - } else { - printf("LoadPartitionContents called with bad filename (%s)\n", - filename); - return -1; - } - const char* partition = strtok(NULL, ":"); - - int i; - int colons = 0; - for (i = 0; filename[i] != '\0'; ++i) { - if (filename[i] == ':') { - ++colons; - } - } - if (colons < 3 || colons%2 == 0) { - printf("LoadPartitionContents called with bad filename (%s)\n", - filename); - } - - int pairs = (colons-1)/2; // # of (size,sha1) pairs in filename - int* index = malloc(pairs * sizeof(int)); - size_t* size = malloc(pairs * sizeof(size_t)); - char** sha1sum = malloc(pairs * sizeof(char*)); - - for (i = 0; i < pairs; ++i) { - const char* size_str = strtok(NULL, ":"); - size[i] = strtol(size_str, NULL, 10); - if (size[i] == 0) { - printf("LoadPartitionContents called with bad size (%s)\n", filename); - return -1; - } - sha1sum[i] = strtok(NULL, ":"); - index[i] = i; - } - - // sort the index[] array so it indexes the pairs in order of - // increasing size. - size_array = size; - qsort(index, pairs, sizeof(int), compare_size_indices); - - MtdReadContext* ctx = NULL; - FILE* dev = NULL; - - switch (type) { - case MTD: - if (!mtd_partitions_scanned) { - mtd_scan_partitions(); - mtd_partitions_scanned = 1; - } - - const MtdPartition* mtd = mtd_find_partition_by_name(partition); - if (mtd == NULL) { - printf("mtd partition \"%s\" not found (loading %s)\n", - partition, filename); - return -1; - } - - ctx = mtd_read_partition(mtd); - if (ctx == NULL) { - printf("failed to initialize read of mtd partition \"%s\"\n", - partition); - return -1; - } - break; - - case EMMC: - dev = fopen(partition, "rb"); - if (dev == NULL) { - printf("failed to open emmc partition \"%s\": %s\n", - partition, strerror(errno)); - return -1; - } - } - - SHA_CTX sha_ctx; - SHA_init(&sha_ctx); - uint8_t parsed_sha[SHA_DIGEST_SIZE]; - - // allocate enough memory to hold the largest size. - file->data = malloc(size[index[pairs-1]]); - char* p = (char*)file->data; - file->size = 0; // # bytes read so far - - for (i = 0; i < pairs; ++i) { - // Read enough additional bytes to get us up to the next size - // (again, we're trying the possibilities in order of increasing - // size). - size_t next = size[index[i]] - file->size; - size_t read = 0; - if (next > 0) { - switch (type) { - case MTD: - read = mtd_read_data(ctx, p, next); - break; - - case EMMC: - read = fread(p, 1, next, dev); - break; - } - if (next != read) { - printf("short read (%zu bytes of %zu) for partition \"%s\"\n", - read, next, partition); - free(file->data); - file->data = NULL; - return -1; - } - SHA_update(&sha_ctx, p, read); - file->size += read; - } - - // Duplicate the SHA context and finalize the duplicate so we can - // check it against this pair's expected hash. - SHA_CTX temp_ctx; - memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); - const uint8_t* sha_so_far = SHA_final(&temp_ctx); - - if (ParseSha1(sha1sum[index[i]], parsed_sha) != 0) { - printf("failed to parse sha1 %s in %s\n", - sha1sum[index[i]], filename); - free(file->data); - file->data = NULL; - return -1; - } - - if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_SIZE) == 0) { - // we have a match. stop reading the partition; we'll return - // the data we've read so far. - printf("partition read matched size %zu sha %s\n", - size[index[i]], sha1sum[index[i]]); - break; - } - - p += read; - } - - switch (type) { - case MTD: - mtd_read_close(ctx); - break; - - case EMMC: - fclose(dev); - break; - } - - - if (i == pairs) { - // Ran off the end of the list of (size,sha1) pairs without - // finding a match. - printf("contents of partition \"%s\" didn't match %s\n", - partition, filename); - free(file->data); - file->data = NULL; - return -1; - } - - const uint8_t* sha_final = SHA_final(&sha_ctx); - for (i = 0; i < SHA_DIGEST_SIZE; ++i) { - file->sha1[i] = sha_final[i]; - } - - // Fake some stat() info. - file->st.st_mode = 0644; - file->st.st_uid = 0; - file->st.st_gid = 0; - - free(copy); - free(index); - free(size); - free(sha1sum); - - return 0; -} - - -// Save the contents of the given FileContents object under the given -// filename. Return 0 on success. -int SaveFileContents(const char* filename, const FileContents* file) { - int fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); - if (fd < 0) { - printf("failed to open \"%s\" for write: %s\n", - filename, strerror(errno)); - return -1; - } - - ssize_t bytes_written = FileSink(file->data, file->size, &fd); - if (bytes_written != file->size) { - printf("short write of \"%s\" (%ld bytes of %ld) (%s)\n", - filename, (long)bytes_written, (long)file->size, - strerror(errno)); - close(fd); - return -1; - } - if (fsync(fd) != 0) { - printf("fsync of \"%s\" failed: %s\n", filename, strerror(errno)); - return -1; - } - if (close(fd) != 0) { - printf("close of \"%s\" failed: %s\n", filename, strerror(errno)); - return -1; - } - - if (chmod(filename, file->st.st_mode) != 0) { - printf("chmod of \"%s\" failed: %s\n", filename, strerror(errno)); - return -1; - } - if (chown(filename, file->st.st_uid, file->st.st_gid) != 0) { - printf("chown of \"%s\" failed: %s\n", filename, strerror(errno)); - return -1; - } - - return 0; -} - -// Write a memory buffer to 'target' partition, a string of the form -// "MTD:[:...]" or "EMMC::". Return 0 on -// success. -int WriteToPartition(unsigned char* data, size_t len, - const char* target) { - char* copy = strdup(target); - const char* magic = strtok(copy, ":"); - - enum PartitionType type; - if (strcmp(magic, "MTD") == 0) { - type = MTD; - } else if (strcmp(magic, "EMMC") == 0) { - type = EMMC; - } else { - printf("WriteToPartition called with bad target (%s)\n", target); - return -1; - } - const char* partition = strtok(NULL, ":"); - - if (partition == NULL) { - printf("bad partition target name \"%s\"\n", target); - return -1; - } - - switch (type) { - case MTD: - if (!mtd_partitions_scanned) { - mtd_scan_partitions(); - mtd_partitions_scanned = 1; - } - - const MtdPartition* mtd = mtd_find_partition_by_name(partition); - if (mtd == NULL) { - printf("mtd partition \"%s\" not found for writing\n", - partition); - return -1; - } - - MtdWriteContext* ctx = mtd_write_partition(mtd); - if (ctx == NULL) { - printf("failed to init mtd partition \"%s\" for writing\n", - partition); - return -1; - } - - size_t written = mtd_write_data(ctx, (char*)data, len); - if (written != len) { - printf("only wrote %zu of %zu bytes to MTD %s\n", - written, len, partition); - mtd_write_close(ctx); - return -1; - } - - if (mtd_erase_blocks(ctx, -1) < 0) { - printf("error finishing mtd write of %s\n", partition); - mtd_write_close(ctx); - return -1; - } - - if (mtd_write_close(ctx)) { - printf("error closing mtd write of %s\n", partition); - return -1; - } - break; - - case EMMC: - { - size_t start = 0; - int success = 0; - int fd = open(partition, O_RDWR | O_SYNC); - if (fd < 0) { - printf("failed to open %s: %s\n", partition, strerror(errno)); - return -1; - } - int attempt; - - for (attempt = 0; attempt < 2; ++attempt) { - if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1) { - printf("failed seek on %s: %s\n", - partition, strerror(errno)); - return -1; - } - while (start < len) { - size_t to_write = len - start; - if (to_write > 1<<20) to_write = 1<<20; - - ssize_t written = TEMP_FAILURE_RETRY(write(fd, data+start, to_write)); - if (written == -1) { - printf("failed write writing to %s: %s\n", partition, strerror(errno)); - return -1; - } - start += written; - } - if (fsync(fd) != 0) { - printf("failed to sync to %s (%s)\n", - partition, strerror(errno)); - return -1; - } - if (close(fd) != 0) { - printf("failed to close %s (%s)\n", - partition, strerror(errno)); - return -1; - } - fd = open(partition, O_RDONLY); - if (fd < 0) { - printf("failed to reopen %s for verify (%s)\n", - partition, strerror(errno)); - return -1; - } - - // drop caches so our subsequent verification read - // won't just be reading the cache. - sync(); - int dc = open("/proc/sys/vm/drop_caches", O_WRONLY); - if (TEMP_FAILURE_RETRY(write(dc, "3\n", 2)) == -1) { - printf("write to /proc/sys/vm/drop_caches failed: %s\n", strerror(errno)); - } else { - printf(" caches dropped\n"); - } - close(dc); - sleep(1); - - // verify - if (TEMP_FAILURE_RETRY(lseek(fd, 0, SEEK_SET)) == -1) { - printf("failed to seek back to beginning of %s: %s\n", - partition, strerror(errno)); - return -1; - } - unsigned char buffer[4096]; - start = len; - size_t p; - for (p = 0; p < len; p += sizeof(buffer)) { - size_t to_read = len - p; - if (to_read > sizeof(buffer)) to_read = sizeof(buffer); - - size_t so_far = 0; - while (so_far < to_read) { - ssize_t read_count = - TEMP_FAILURE_RETRY(read(fd, buffer+so_far, to_read-so_far)); - if (read_count == -1) { - printf("verify read error %s at %zu: %s\n", - partition, p, strerror(errno)); - return -1; - } - if ((size_t)read_count < to_read) { - printf("short verify read %s at %zu: %zd %zu %s\n", - partition, p, read_count, to_read, strerror(errno)); - } - so_far += read_count; - } - - if (memcmp(buffer, data+p, to_read)) { - printf("verification failed starting at %zu\n", p); - start = p; - break; - } - } - - if (start == len) { - printf("verification read succeeded (attempt %d)\n", attempt+1); - success = true; - break; - } - } - - if (!success) { - printf("failed to verify after all attempts\n"); - return -1; - } - - if (close(fd) != 0) { - printf("error closing %s (%s)\n", partition, strerror(errno)); - return -1; - } - sync(); - break; - } - } - - free(copy); - return 0; -} - - -// Take a string 'str' of 40 hex digits and parse it into the 20 -// byte array 'digest'. 'str' may contain only the digest or be of -// the form ":". Return 0 on success, -1 on any -// error. -int ParseSha1(const char* str, uint8_t* digest) { - int i; - const char* ps = str; - uint8_t* pd = digest; - for (i = 0; i < SHA_DIGEST_SIZE * 2; ++i, ++ps) { - int digit; - if (*ps >= '0' && *ps <= '9') { - digit = *ps - '0'; - } else if (*ps >= 'a' && *ps <= 'f') { - digit = *ps - 'a' + 10; - } else if (*ps >= 'A' && *ps <= 'F') { - digit = *ps - 'A' + 10; - } else { - return -1; - } - if (i % 2 == 0) { - *pd = digit << 4; - } else { - *pd |= digit; - ++pd; - } - } - if (*ps != '\0') return -1; - return 0; -} - -// Search an array of sha1 strings for one matching the given sha1. -// Return the index of the match on success, or -1 if no match is -// found. -int FindMatchingPatch(uint8_t* sha1, char* const * const patch_sha1_str, - int num_patches) { - int i; - uint8_t patch_sha1[SHA_DIGEST_SIZE]; - for (i = 0; i < num_patches; ++i) { - if (ParseSha1(patch_sha1_str[i], patch_sha1) == 0 && - memcmp(patch_sha1, sha1, SHA_DIGEST_SIZE) == 0) { - return i; - } - } - return -1; -} - -// Returns 0 if the contents of the file (argv[2]) or the cached file -// match any of the sha1's on the command line (argv[3:]). Returns -// nonzero otherwise. -int applypatch_check(const char* filename, - int num_patches, char** const patch_sha1_str) { - FileContents file; - file.data = NULL; - - // It's okay to specify no sha1s; the check will pass if the - // LoadFileContents is successful. (Useful for reading - // partitions, where the filename encodes the sha1s; no need to - // check them twice.) - if (LoadFileContents(filename, &file) != 0 || - (num_patches > 0 && - FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0)) { - printf("file \"%s\" doesn't have any of expected " - "sha1 sums; checking cache\n", filename); - - free(file.data); - file.data = NULL; - - // If the source file is missing or corrupted, it might be because - // we were killed in the middle of patching it. A copy of it - // should have been made in CACHE_TEMP_SOURCE. If that file - // exists and matches the sha1 we're looking for, the check still - // passes. - - if (LoadFileContents(CACHE_TEMP_SOURCE, &file) != 0) { - printf("failed to load cache file\n"); - return 1; - } - - if (FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0) { - printf("cache bits don't match any sha1 for \"%s\"\n", filename); - free(file.data); - return 1; - } - } - - free(file.data); - return 0; -} - -int ShowLicenses() { - ShowBSDiffLicense(); - return 0; -} - -ssize_t FileSink(const unsigned char* data, ssize_t len, void* token) { - int fd = *(int *)token; - ssize_t done = 0; - ssize_t wrote; - while (done < (ssize_t) len) { - wrote = TEMP_FAILURE_RETRY(write(fd, data+done, len-done)); - if (wrote == -1) { - printf("error writing %d bytes: %s\n", (int)(len-done), strerror(errno)); - return done; - } - done += wrote; - } - return done; -} - -typedef struct { - unsigned char* buffer; - ssize_t size; - ssize_t pos; -} MemorySinkInfo; - -ssize_t MemorySink(const unsigned char* data, ssize_t len, void* token) { - MemorySinkInfo* msi = (MemorySinkInfo*)token; - if (msi->size - msi->pos < len) { - return -1; - } - memcpy(msi->buffer + msi->pos, data, len); - msi->pos += len; - return len; -} - -// Return the amount of free space (in bytes) on the filesystem -// containing filename. filename must exist. Return -1 on error. -size_t FreeSpaceForFile(const char* filename) { - struct statfs sf; - if (statfs(filename, &sf) != 0) { - printf("failed to statfs %s: %s\n", filename, strerror(errno)); - return -1; - } - return sf.f_bsize * sf.f_bavail; -} - -int CacheSizeCheck(size_t bytes) { - if (MakeFreeSpaceOnCache(bytes) < 0) { - printf("unable to make %ld bytes available on /cache\n", (long)bytes); - return 1; - } else { - return 0; - } -} - -static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { - int i; - const char* hex = "0123456789abcdef"; - for (i = 0; i < 4; ++i) { - putchar(hex[(sha1[i]>>4) & 0xf]); - putchar(hex[sha1[i] & 0xf]); - } -} - -// This function applies binary patches to files in a way that is safe -// (the original file is not touched until we have the desired -// replacement for it) and idempotent (it's okay to run this program -// multiple times). -// -// - if the sha1 hash of is , -// does nothing and exits successfully. -// -// - otherwise, if the sha1 hash of is one of the -// entries in , the corresponding patch from -// (which must be a VAL_BLOB) is applied to produce a -// new file (the type of patch is automatically detected from the -// blob daat). If that new file has sha1 hash , -// moves it to replace , and exits successfully. -// Note that if and are not the -// same, is NOT deleted on success. -// may be the string "-" to mean "the same as -// source_filename". -// -// - otherwise, or if any error is encountered, exits with non-zero -// status. -// -// may refer to a partition to read the source data. -// See the comments for the LoadPartition Contents() function above -// for the format of such a filename. - -int applypatch(const char* source_filename, - const char* target_filename, - const char* target_sha1_str, - size_t target_size, - int num_patches, - char** const patch_sha1_str, - Value** patch_data, - Value* bonus_data) { - printf("patch %s: ", source_filename); - - if (target_filename[0] == '-' && - target_filename[1] == '\0') { - target_filename = source_filename; - } - - uint8_t target_sha1[SHA_DIGEST_SIZE]; - if (ParseSha1(target_sha1_str, target_sha1) != 0) { - printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); - return 1; - } - - FileContents copy_file; - FileContents source_file; - copy_file.data = NULL; - source_file.data = NULL; - const Value* source_patch_value = NULL; - const Value* copy_patch_value = NULL; - - // We try to load the target file into the source_file object. - if (LoadFileContents(target_filename, &source_file) == 0) { - if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { - // The early-exit case: the patch was already applied, this file - // has the desired hash, nothing for us to do. - printf("already "); - print_short_sha1(target_sha1); - putchar('\n'); - free(source_file.data); - return 0; - } - } - - if (source_file.data == NULL || - (target_filename != source_filename && - strcmp(target_filename, source_filename) != 0)) { - // Need to load the source file: either we failed to load the - // target file, or we did but it's different from the source file. - free(source_file.data); - source_file.data = NULL; - LoadFileContents(source_filename, &source_file); - } - - if (source_file.data != NULL) { - int to_use = FindMatchingPatch(source_file.sha1, - patch_sha1_str, num_patches); - if (to_use >= 0) { - source_patch_value = patch_data[to_use]; - } - } - - if (source_patch_value == NULL) { - free(source_file.data); - source_file.data = NULL; - printf("source file is bad; trying copy\n"); - - if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file) < 0) { - // fail. - printf("failed to read copy file\n"); - return 1; - } - - int to_use = FindMatchingPatch(copy_file.sha1, - patch_sha1_str, num_patches); - if (to_use >= 0) { - copy_patch_value = patch_data[to_use]; - } - - if (copy_patch_value == NULL) { - // fail. - printf("copy file doesn't match source SHA-1s either\n"); - free(copy_file.data); - return 1; - } - } - - int result = GenerateTarget(&source_file, source_patch_value, - ©_file, copy_patch_value, - source_filename, target_filename, - target_sha1, target_size, bonus_data); - free(source_file.data); - free(copy_file.data); - - return result; -} - -static int GenerateTarget(FileContents* source_file, - const Value* source_patch_value, - FileContents* copy_file, - const Value* copy_patch_value, - const char* source_filename, - const char* target_filename, - const uint8_t target_sha1[SHA_DIGEST_SIZE], - size_t target_size, - const Value* bonus_data) { - int retry = 1; - SHA_CTX ctx; - int output; - MemorySinkInfo msi; - FileContents* source_to_use; - char* outname; - int made_copy = 0; - - // assume that target_filename (eg "/system/app/Foo.apk") is located - // on the same filesystem as its top-level directory ("/system"). - // We need something that exists for calling statfs(). - char target_fs[strlen(target_filename)+1]; - char* slash = strchr(target_filename+1, '/'); - if (slash != NULL) { - int count = slash - target_filename; - strncpy(target_fs, target_filename, count); - target_fs[count] = '\0'; - } else { - strcpy(target_fs, target_filename); - } - - do { - // Is there enough room in the target filesystem to hold the patched - // file? - - if (strncmp(target_filename, "MTD:", 4) == 0 || - strncmp(target_filename, "EMMC:", 5) == 0) { - // If the target is a partition, we're actually going to - // write the output to /tmp and then copy it to the - // partition. statfs() always returns 0 blocks free for - // /tmp, so instead we'll just assume that /tmp has enough - // space to hold the file. - - // We still write the original source to cache, in case - // the partition write is interrupted. - if (MakeFreeSpaceOnCache(source_file->size) < 0) { - printf("not enough free space on /cache\n"); - return 1; - } - if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { - printf("failed to back up source file\n"); - return 1; - } - made_copy = 1; - retry = 0; - } else { - int enough_space = 0; - if (retry > 0) { - size_t free_space = FreeSpaceForFile(target_fs); - enough_space = - (free_space > (256 << 10)) && // 256k (two-block) minimum - (free_space > (target_size * 3 / 2)); // 50% margin of error - if (!enough_space) { - printf("target %ld bytes; free space %ld bytes; retry %d; enough %d\n", - (long)target_size, (long)free_space, retry, enough_space); - } - } - - if (!enough_space) { - retry = 0; - } - - if (!enough_space && source_patch_value != NULL) { - // Using the original source, but not enough free space. First - // copy the source file to cache, then delete it from the original - // location. - - if (strncmp(source_filename, "MTD:", 4) == 0 || - strncmp(source_filename, "EMMC:", 5) == 0) { - // It's impossible to free space on the target filesystem by - // deleting the source if the source is a partition. If - // we're ever in a state where we need to do this, fail. - printf("not enough free space for target but source " - "is partition\n"); - return 1; - } - - if (MakeFreeSpaceOnCache(source_file->size) < 0) { - printf("not enough free space on /cache\n"); - return 1; - } - - if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { - printf("failed to back up source file\n"); - return 1; - } - made_copy = 1; - unlink(source_filename); - - size_t free_space = FreeSpaceForFile(target_fs); - printf("(now %ld bytes free for target) ", (long)free_space); - } - } - - const Value* patch; - if (source_patch_value != NULL) { - source_to_use = source_file; - patch = source_patch_value; - } else { - source_to_use = copy_file; - patch = copy_patch_value; - } - - if (patch->type != VAL_BLOB) { - printf("patch is not a blob\n"); - return 1; - } - - SinkFn sink = NULL; - void* token = NULL; - output = -1; - outname = NULL; - if (strncmp(target_filename, "MTD:", 4) == 0 || - strncmp(target_filename, "EMMC:", 5) == 0) { - // We store the decoded output in memory. - msi.buffer = malloc(target_size); - if (msi.buffer == NULL) { - printf("failed to alloc %ld bytes for output\n", - (long)target_size); - return 1; - } - msi.pos = 0; - msi.size = target_size; - sink = MemorySink; - token = &msi; - } else { - // We write the decoded output to ".patch". - outname = (char*)malloc(strlen(target_filename) + 10); - strcpy(outname, target_filename); - strcat(outname, ".patch"); - - output = open(outname, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, - S_IRUSR | S_IWUSR); - if (output < 0) { - printf("failed to open output file %s: %s\n", - outname, strerror(errno)); - return 1; - } - sink = FileSink; - token = &output; - } - - char* header = patch->data; - ssize_t header_bytes_read = patch->size; - - SHA_init(&ctx); - - int result; - - if (header_bytes_read >= 8 && - memcmp(header, "BSDIFF40", 8) == 0) { - result = ApplyBSDiffPatch(source_to_use->data, source_to_use->size, - patch, 0, sink, token, &ctx); - } else if (header_bytes_read >= 8 && - memcmp(header, "IMGDIFF2", 8) == 0) { - result = ApplyImagePatch(source_to_use->data, source_to_use->size, - patch, sink, token, &ctx, bonus_data); - } else { - printf("Unknown patch file format\n"); - return 1; - } - - if (output >= 0) { - if (fsync(output) != 0) { - printf("failed to fsync file \"%s\" (%s)\n", outname, strerror(errno)); - result = 1; - } - if (close(output) != 0) { - printf("failed to close file \"%s\" (%s)\n", outname, strerror(errno)); - result = 1; - } - } - - if (result != 0) { - if (retry == 0) { - printf("applying patch failed\n"); - return result != 0; - } else { - printf("applying patch failed; retrying\n"); - } - if (outname != NULL) { - unlink(outname); - } - } else { - // succeeded; no need to retry - break; - } - } while (retry-- > 0); - - const uint8_t* current_target_sha1 = SHA_final(&ctx); - if (memcmp(current_target_sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { - printf("patch did not produce expected sha1\n"); - return 1; - } else { - printf("now "); - print_short_sha1(target_sha1); - putchar('\n'); - } - - if (output < 0) { - // Copy the temp file to the partition. - if (WriteToPartition(msi.buffer, msi.pos, target_filename) != 0) { - printf("write of patched data to %s failed\n", target_filename); - return 1; - } - free(msi.buffer); - } else { - // Give the .patch file the same owner, group, and mode of the - // original source file. - if (chmod(outname, source_to_use->st.st_mode) != 0) { - printf("chmod of \"%s\" failed: %s\n", outname, strerror(errno)); - return 1; - } - if (chown(outname, source_to_use->st.st_uid, - source_to_use->st.st_gid) != 0) { - printf("chown of \"%s\" failed: %s\n", outname, strerror(errno)); - return 1; - } - - // Finally, rename the .patch file to replace the target file. - if (rename(outname, target_filename) != 0) { - printf("rename of .patch to \"%s\" failed: %s\n", - target_filename, strerror(errno)); - return 1; - } - } - - // If this run of applypatch created the copy, and we're here, we - // can delete it. - if (made_copy) unlink(CACHE_TEMP_SOURCE); - - // Success! - return 0; -} diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp new file mode 100644 index 000000000..96bd88e88 --- /dev/null +++ b/applypatch/applypatch.cpp @@ -0,0 +1,1025 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "mincrypt/sha.h" +#include "applypatch.h" +#include "mtdutils/mtdutils.h" +#include "edify/expr.h" + +static int LoadPartitionContents(const char* filename, FileContents* file); +static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token); +static int GenerateTarget(FileContents* source_file, + const Value* source_patch_value, + FileContents* copy_file, + const Value* copy_patch_value, + const char* source_filename, + const char* target_filename, + const uint8_t target_sha1[SHA_DIGEST_SIZE], + size_t target_size, + const Value* bonus_data); + +static int mtd_partitions_scanned = 0; + +// Read a file into memory; store the file contents and associated +// metadata in *file. +// +// Return 0 on success. +int LoadFileContents(const char* filename, FileContents* file) { + file->data = NULL; + + // A special 'filename' beginning with "MTD:" or "EMMC:" means to + // load the contents of a partition. + if (strncmp(filename, "MTD:", 4) == 0 || + strncmp(filename, "EMMC:", 5) == 0) { + return LoadPartitionContents(filename, file); + } + + if (stat(filename, &file->st) != 0) { + printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); + return -1; + } + + file->size = file->st.st_size; + file->data = reinterpret_cast(malloc(file->size)); + + FILE* f = fopen(filename, "rb"); + if (f == NULL) { + printf("failed to open \"%s\": %s\n", filename, strerror(errno)); + free(file->data); + file->data = NULL; + return -1; + } + + size_t bytes_read = fread(file->data, 1, file->size, f); + if (bytes_read != static_cast(file->size)) { + printf("short read of \"%s\" (%zu bytes of %zd)\n", filename, bytes_read, file->size); + free(file->data); + file->data = NULL; + return -1; + } + fclose(f); + + SHA_hash(file->data, file->size, file->sha1); + return 0; +} + +static size_t* size_array; +// comparison function for qsort()ing an int array of indexes into +// size_array[]. +static int compare_size_indices(const void* a, const void* b) { + const int aa = *reinterpret_cast(a); + const int bb = *reinterpret_cast(b); + if (size_array[aa] < size_array[bb]) { + return -1; + } else if (size_array[aa] > size_array[bb]) { + return 1; + } else { + return 0; + } +} + +// Load the contents of an MTD or EMMC partition into the provided +// FileContents. filename should be a string of the form +// "MTD::::::..." (or +// "EMMC::..."). The smallest size_n bytes for +// which that prefix of the partition contents has the corresponding +// sha1 hash will be loaded. It is acceptable for a size value to be +// repeated with different sha1s. Will return 0 on success. +// +// This complexity is needed because if an OTA installation is +// interrupted, the partition might contain either the source or the +// target data, which might be of different lengths. We need to know +// the length in order to read from a partition (there is no +// "end-of-file" marker), so the caller must specify the possible +// lengths and the hash of the data, and we'll do the load expecting +// to find one of those hashes. +enum PartitionType { MTD, EMMC }; + +static int LoadPartitionContents(const char* filename, FileContents* file) { + char* copy = strdup(filename); + const char* magic = strtok(copy, ":"); + + enum PartitionType type; + + if (strcmp(magic, "MTD") == 0) { + type = MTD; + } else if (strcmp(magic, "EMMC") == 0) { + type = EMMC; + } else { + printf("LoadPartitionContents called with bad filename (%s)\n", filename); + return -1; + } + const char* partition = strtok(NULL, ":"); + + int i; + int colons = 0; + for (i = 0; filename[i] != '\0'; ++i) { + if (filename[i] == ':') { + ++colons; + } + } + if (colons < 3 || colons%2 == 0) { + printf("LoadPartitionContents called with bad filename (%s)\n", + filename); + } + + int pairs = (colons-1)/2; // # of (size,sha1) pairs in filename + int* index = reinterpret_cast(malloc(pairs * sizeof(int))); + size_t* size = reinterpret_cast(malloc(pairs * sizeof(size_t))); + char** sha1sum = reinterpret_cast(malloc(pairs * sizeof(char*))); + + for (i = 0; i < pairs; ++i) { + const char* size_str = strtok(NULL, ":"); + size[i] = strtol(size_str, NULL, 10); + if (size[i] == 0) { + printf("LoadPartitionContents called with bad size (%s)\n", filename); + return -1; + } + sha1sum[i] = strtok(NULL, ":"); + index[i] = i; + } + + // sort the index[] array so it indexes the pairs in order of + // increasing size. + size_array = size; + qsort(index, pairs, sizeof(int), compare_size_indices); + + MtdReadContext* ctx = NULL; + FILE* dev = NULL; + + switch (type) { + case MTD: { + if (!mtd_partitions_scanned) { + mtd_scan_partitions(); + mtd_partitions_scanned = 1; + } + + const MtdPartition* mtd = mtd_find_partition_by_name(partition); + if (mtd == NULL) { + printf("mtd partition \"%s\" not found (loading %s)\n", + partition, filename); + return -1; + } + + ctx = mtd_read_partition(mtd); + if (ctx == NULL) { + printf("failed to initialize read of mtd partition \"%s\"\n", + partition); + return -1; + } + break; + } + + case EMMC: + dev = fopen(partition, "rb"); + if (dev == NULL) { + printf("failed to open emmc partition \"%s\": %s\n", + partition, strerror(errno)); + return -1; + } + } + + SHA_CTX sha_ctx; + SHA_init(&sha_ctx); + uint8_t parsed_sha[SHA_DIGEST_SIZE]; + + // allocate enough memory to hold the largest size. + file->data = reinterpret_cast(malloc(size[index[pairs-1]])); + char* p = (char*)file->data; + file->size = 0; // # bytes read so far + + for (i = 0; i < pairs; ++i) { + // Read enough additional bytes to get us up to the next size + // (again, we're trying the possibilities in order of increasing + // size). + size_t next = size[index[i]] - file->size; + size_t read = 0; + if (next > 0) { + switch (type) { + case MTD: + read = mtd_read_data(ctx, p, next); + break; + + case EMMC: + read = fread(p, 1, next, dev); + break; + } + if (next != read) { + printf("short read (%zu bytes of %zu) for partition \"%s\"\n", + read, next, partition); + free(file->data); + file->data = NULL; + return -1; + } + SHA_update(&sha_ctx, p, read); + file->size += read; + } + + // Duplicate the SHA context and finalize the duplicate so we can + // check it against this pair's expected hash. + SHA_CTX temp_ctx; + memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); + const uint8_t* sha_so_far = SHA_final(&temp_ctx); + + if (ParseSha1(sha1sum[index[i]], parsed_sha) != 0) { + printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]], filename); + free(file->data); + file->data = NULL; + return -1; + } + + if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_SIZE) == 0) { + // we have a match. stop reading the partition; we'll return + // the data we've read so far. + printf("partition read matched size %zu sha %s\n", + size[index[i]], sha1sum[index[i]]); + break; + } + + p += read; + } + + switch (type) { + case MTD: + mtd_read_close(ctx); + break; + + case EMMC: + fclose(dev); + break; + } + + + if (i == pairs) { + // Ran off the end of the list of (size,sha1) pairs without + // finding a match. + printf("contents of partition \"%s\" didn't match %s\n", partition, filename); + free(file->data); + file->data = NULL; + return -1; + } + + const uint8_t* sha_final = SHA_final(&sha_ctx); + for (size_t i = 0; i < SHA_DIGEST_SIZE; ++i) { + file->sha1[i] = sha_final[i]; + } + + // Fake some stat() info. + file->st.st_mode = 0644; + file->st.st_uid = 0; + file->st.st_gid = 0; + + free(copy); + free(index); + free(size); + free(sha1sum); + + return 0; +} + + +// Save the contents of the given FileContents object under the given +// filename. Return 0 on success. +int SaveFileContents(const char* filename, const FileContents* file) { + int fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); + if (fd < 0) { + printf("failed to open \"%s\" for write: %s\n", filename, strerror(errno)); + return -1; + } + + ssize_t bytes_written = FileSink(file->data, file->size, &fd); + if (bytes_written != file->size) { + printf("short write of \"%s\" (%zd bytes of %zd) (%s)\n", + filename, bytes_written, file->size, strerror(errno)); + close(fd); + return -1; + } + if (fsync(fd) != 0) { + printf("fsync of \"%s\" failed: %s\n", filename, strerror(errno)); + return -1; + } + if (close(fd) != 0) { + printf("close of \"%s\" failed: %s\n", filename, strerror(errno)); + return -1; + } + + if (chmod(filename, file->st.st_mode) != 0) { + printf("chmod of \"%s\" failed: %s\n", filename, strerror(errno)); + return -1; + } + if (chown(filename, file->st.st_uid, file->st.st_gid) != 0) { + printf("chown of \"%s\" failed: %s\n", filename, strerror(errno)); + return -1; + } + + return 0; +} + +// Write a memory buffer to 'target' partition, a string of the form +// "MTD:[:...]" or "EMMC::". Return 0 on +// success. +int WriteToPartition(unsigned char* data, size_t len, const char* target) { + char* copy = strdup(target); + const char* magic = strtok(copy, ":"); + + enum PartitionType type; + if (strcmp(magic, "MTD") == 0) { + type = MTD; + } else if (strcmp(magic, "EMMC") == 0) { + type = EMMC; + } else { + printf("WriteToPartition called with bad target (%s)\n", target); + return -1; + } + const char* partition = strtok(NULL, ":"); + + if (partition == NULL) { + printf("bad partition target name \"%s\"\n", target); + return -1; + } + + switch (type) { + case MTD: { + if (!mtd_partitions_scanned) { + mtd_scan_partitions(); + mtd_partitions_scanned = 1; + } + + const MtdPartition* mtd = mtd_find_partition_by_name(partition); + if (mtd == NULL) { + printf("mtd partition \"%s\" not found for writing\n", partition); + return -1; + } + + MtdWriteContext* ctx = mtd_write_partition(mtd); + if (ctx == NULL) { + printf("failed to init mtd partition \"%s\" for writing\n", partition); + return -1; + } + + size_t written = mtd_write_data(ctx, reinterpret_cast(data), len); + if (written != len) { + printf("only wrote %zu of %zu bytes to MTD %s\n", written, len, partition); + mtd_write_close(ctx); + return -1; + } + + if (mtd_erase_blocks(ctx, -1) < 0) { + printf("error finishing mtd write of %s\n", partition); + mtd_write_close(ctx); + return -1; + } + + if (mtd_write_close(ctx)) { + printf("error closing mtd write of %s\n", partition); + return -1; + } + break; + } + + case EMMC: { + size_t start = 0; + bool success = false; + int fd = open(partition, O_RDWR | O_SYNC); + if (fd < 0) { + printf("failed to open %s: %s\n", partition, strerror(errno)); + return -1; + } + + for (int attempt = 0; attempt < 2; ++attempt) { + if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1) { + printf("failed seek on %s: %s\n", partition, strerror(errno)); + return -1; + } + while (start < len) { + size_t to_write = len - start; + if (to_write > 1<<20) to_write = 1<<20; + + ssize_t written = TEMP_FAILURE_RETRY(write(fd, data+start, to_write)); + if (written == -1) { + printf("failed write writing to %s: %s\n", partition, strerror(errno)); + return -1; + } + start += written; + } + if (fsync(fd) != 0) { + printf("failed to sync to %s (%s)\n", partition, strerror(errno)); + return -1; + } + if (close(fd) != 0) { + printf("failed to close %s (%s)\n", partition, strerror(errno)); + return -1; + } + fd = open(partition, O_RDONLY); + if (fd < 0) { + printf("failed to reopen %s for verify (%s)\n", partition, strerror(errno)); + return -1; + } + + // Drop caches so our subsequent verification read + // won't just be reading the cache. + sync(); + int dc = open("/proc/sys/vm/drop_caches", O_WRONLY); + if (TEMP_FAILURE_RETRY(write(dc, "3\n", 2)) == -1) { + printf("write to /proc/sys/vm/drop_caches failed: %s\n", strerror(errno)); + } else { + printf(" caches dropped\n"); + } + close(dc); + sleep(1); + + // verify + if (TEMP_FAILURE_RETRY(lseek(fd, 0, SEEK_SET)) == -1) { + printf("failed to seek back to beginning of %s: %s\n", + partition, strerror(errno)); + return -1; + } + unsigned char buffer[4096]; + start = len; + for (size_t p = 0; p < len; p += sizeof(buffer)) { + size_t to_read = len - p; + if (to_read > sizeof(buffer)) { + to_read = sizeof(buffer); + } + + size_t so_far = 0; + while (so_far < to_read) { + ssize_t read_count = + TEMP_FAILURE_RETRY(read(fd, buffer+so_far, to_read-so_far)); + if (read_count == -1) { + printf("verify read error %s at %zu: %s\n", + partition, p, strerror(errno)); + return -1; + } + if (static_cast(read_count) < to_read) { + printf("short verify read %s at %zu: %zd %zu %s\n", + partition, p, read_count, to_read, strerror(errno)); + } + so_far += read_count; + } + + if (memcmp(buffer, data+p, to_read) != 0) { + printf("verification failed starting at %zu\n", p); + start = p; + break; + } + } + + if (start == len) { + printf("verification read succeeded (attempt %d)\n", attempt+1); + success = true; + break; + } + } + + if (!success) { + printf("failed to verify after all attempts\n"); + return -1; + } + + if (close(fd) != 0) { + printf("error closing %s (%s)\n", partition, strerror(errno)); + return -1; + } + sync(); + break; + } + } + + free(copy); + return 0; +} + + +// Take a string 'str' of 40 hex digits and parse it into the 20 +// byte array 'digest'. 'str' may contain only the digest or be of +// the form ":". Return 0 on success, -1 on any +// error. +int ParseSha1(const char* str, uint8_t* digest) { + const char* ps = str; + uint8_t* pd = digest; + for (int i = 0; i < SHA_DIGEST_SIZE * 2; ++i, ++ps) { + int digit; + if (*ps >= '0' && *ps <= '9') { + digit = *ps - '0'; + } else if (*ps >= 'a' && *ps <= 'f') { + digit = *ps - 'a' + 10; + } else if (*ps >= 'A' && *ps <= 'F') { + digit = *ps - 'A' + 10; + } else { + return -1; + } + if (i % 2 == 0) { + *pd = digit << 4; + } else { + *pd |= digit; + ++pd; + } + } + if (*ps != '\0') return -1; + return 0; +} + +// Search an array of sha1 strings for one matching the given sha1. +// Return the index of the match on success, or -1 if no match is +// found. +int FindMatchingPatch(uint8_t* sha1, char* const * const patch_sha1_str, + int num_patches) { + uint8_t patch_sha1[SHA_DIGEST_SIZE]; + for (int i = 0; i < num_patches; ++i) { + if (ParseSha1(patch_sha1_str[i], patch_sha1) == 0 && + memcmp(patch_sha1, sha1, SHA_DIGEST_SIZE) == 0) { + return i; + } + } + return -1; +} + +// Returns 0 if the contents of the file (argv[2]) or the cached file +// match any of the sha1's on the command line (argv[3:]). Returns +// nonzero otherwise. +int applypatch_check(const char* filename, int num_patches, + char** const patch_sha1_str) { + FileContents file; + file.data = NULL; + + // It's okay to specify no sha1s; the check will pass if the + // LoadFileContents is successful. (Useful for reading + // partitions, where the filename encodes the sha1s; no need to + // check them twice.) + if (LoadFileContents(filename, &file) != 0 || + (num_patches > 0 && + FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0)) { + printf("file \"%s\" doesn't have any of expected " + "sha1 sums; checking cache\n", filename); + + free(file.data); + file.data = NULL; + + // If the source file is missing or corrupted, it might be because + // we were killed in the middle of patching it. A copy of it + // should have been made in CACHE_TEMP_SOURCE. If that file + // exists and matches the sha1 we're looking for, the check still + // passes. + + if (LoadFileContents(CACHE_TEMP_SOURCE, &file) != 0) { + printf("failed to load cache file\n"); + return 1; + } + + if (FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0) { + printf("cache bits don't match any sha1 for \"%s\"\n", filename); + free(file.data); + return 1; + } + } + + free(file.data); + return 0; +} + +int ShowLicenses() { + ShowBSDiffLicense(); + return 0; +} + +ssize_t FileSink(const unsigned char* data, ssize_t len, void* token) { + int fd = *reinterpret_cast(token); + ssize_t done = 0; + ssize_t wrote; + while (done < len) { + wrote = TEMP_FAILURE_RETRY(write(fd, data+done, len-done)); + if (wrote == -1) { + printf("error writing %zd bytes: %s\n", (len-done), strerror(errno)); + return done; + } + done += wrote; + } + return done; +} + +typedef struct { + unsigned char* buffer; + ssize_t size; + ssize_t pos; +} MemorySinkInfo; + +ssize_t MemorySink(const unsigned char* data, ssize_t len, void* token) { + MemorySinkInfo* msi = reinterpret_cast(token); + if (msi->size - msi->pos < len) { + return -1; + } + memcpy(msi->buffer + msi->pos, data, len); + msi->pos += len; + return len; +} + +// Return the amount of free space (in bytes) on the filesystem +// containing filename. filename must exist. Return -1 on error. +size_t FreeSpaceForFile(const char* filename) { + struct statfs sf; + if (statfs(filename, &sf) != 0) { + printf("failed to statfs %s: %s\n", filename, strerror(errno)); + return -1; + } + return sf.f_bsize * sf.f_bavail; +} + +int CacheSizeCheck(size_t bytes) { + if (MakeFreeSpaceOnCache(bytes) < 0) { + printf("unable to make %ld bytes available on /cache\n", (long)bytes); + return 1; + } else { + return 0; + } +} + +static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { + const char* hex = "0123456789abcdef"; + for (size_t i = 0; i < 4; ++i) { + putchar(hex[(sha1[i]>>4) & 0xf]); + putchar(hex[sha1[i] & 0xf]); + } +} + +// This function applies binary patches to files in a way that is safe +// (the original file is not touched until we have the desired +// replacement for it) and idempotent (it's okay to run this program +// multiple times). +// +// - if the sha1 hash of is , +// does nothing and exits successfully. +// +// - otherwise, if the sha1 hash of is one of the +// entries in , the corresponding patch from +// (which must be a VAL_BLOB) is applied to produce a +// new file (the type of patch is automatically detected from the +// blob daat). If that new file has sha1 hash , +// moves it to replace , and exits successfully. +// Note that if and are not the +// same, is NOT deleted on success. +// may be the string "-" to mean "the same as +// source_filename". +// +// - otherwise, or if any error is encountered, exits with non-zero +// status. +// +// may refer to a partition to read the source data. +// See the comments for the LoadPartition Contents() function above +// for the format of such a filename. + +int applypatch(const char* source_filename, + const char* target_filename, + const char* target_sha1_str, + size_t target_size, + int num_patches, + char** const patch_sha1_str, + Value** patch_data, + Value* bonus_data) { + printf("patch %s: ", source_filename); + + if (target_filename[0] == '-' && target_filename[1] == '\0') { + target_filename = source_filename; + } + + uint8_t target_sha1[SHA_DIGEST_SIZE]; + if (ParseSha1(target_sha1_str, target_sha1) != 0) { + printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); + return 1; + } + + FileContents copy_file; + FileContents source_file; + copy_file.data = NULL; + source_file.data = NULL; + const Value* source_patch_value = NULL; + const Value* copy_patch_value = NULL; + + // We try to load the target file into the source_file object. + if (LoadFileContents(target_filename, &source_file) == 0) { + if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { + // The early-exit case: the patch was already applied, this file + // has the desired hash, nothing for us to do. + printf("already "); + print_short_sha1(target_sha1); + putchar('\n'); + free(source_file.data); + return 0; + } + } + + if (source_file.data == NULL || + (target_filename != source_filename && + strcmp(target_filename, source_filename) != 0)) { + // Need to load the source file: either we failed to load the + // target file, or we did but it's different from the source file. + free(source_file.data); + source_file.data = NULL; + LoadFileContents(source_filename, &source_file); + } + + if (source_file.data != NULL) { + int to_use = FindMatchingPatch(source_file.sha1, patch_sha1_str, num_patches); + if (to_use >= 0) { + source_patch_value = patch_data[to_use]; + } + } + + if (source_patch_value == NULL) { + free(source_file.data); + source_file.data = NULL; + printf("source file is bad; trying copy\n"); + + if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file) < 0) { + // fail. + printf("failed to read copy file\n"); + return 1; + } + + int to_use = FindMatchingPatch(copy_file.sha1, patch_sha1_str, num_patches); + if (to_use >= 0) { + copy_patch_value = patch_data[to_use]; + } + + if (copy_patch_value == NULL) { + // fail. + printf("copy file doesn't match source SHA-1s either\n"); + free(copy_file.data); + return 1; + } + } + + int result = GenerateTarget(&source_file, source_patch_value, + ©_file, copy_patch_value, + source_filename, target_filename, + target_sha1, target_size, bonus_data); + free(source_file.data); + free(copy_file.data); + + return result; +} + +static int GenerateTarget(FileContents* source_file, + const Value* source_patch_value, + FileContents* copy_file, + const Value* copy_patch_value, + const char* source_filename, + const char* target_filename, + const uint8_t target_sha1[SHA_DIGEST_SIZE], + size_t target_size, + const Value* bonus_data) { + int retry = 1; + SHA_CTX ctx; + int output; + MemorySinkInfo msi; + FileContents* source_to_use; + char* outname; + int made_copy = 0; + + // assume that target_filename (eg "/system/app/Foo.apk") is located + // on the same filesystem as its top-level directory ("/system"). + // We need something that exists for calling statfs(). + char target_fs[strlen(target_filename)+1]; + char* slash = strchr(target_filename+1, '/'); + if (slash != NULL) { + int count = slash - target_filename; + strncpy(target_fs, target_filename, count); + target_fs[count] = '\0'; + } else { + strcpy(target_fs, target_filename); + } + + do { + // Is there enough room in the target filesystem to hold the patched + // file? + + if (strncmp(target_filename, "MTD:", 4) == 0 || + strncmp(target_filename, "EMMC:", 5) == 0) { + // If the target is a partition, we're actually going to + // write the output to /tmp and then copy it to the + // partition. statfs() always returns 0 blocks free for + // /tmp, so instead we'll just assume that /tmp has enough + // space to hold the file. + + // We still write the original source to cache, in case + // the partition write is interrupted. + if (MakeFreeSpaceOnCache(source_file->size) < 0) { + printf("not enough free space on /cache\n"); + return 1; + } + if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { + printf("failed to back up source file\n"); + return 1; + } + made_copy = 1; + retry = 0; + } else { + int enough_space = 0; + if (retry > 0) { + size_t free_space = FreeSpaceForFile(target_fs); + enough_space = + (free_space > (256 << 10)) && // 256k (two-block) minimum + (free_space > (target_size * 3 / 2)); // 50% margin of error + if (!enough_space) { + printf("target %zu bytes; free space %zu bytes; retry %d; enough %d\n", + target_size, free_space, retry, enough_space); + } + } + + if (!enough_space) { + retry = 0; + } + + if (!enough_space && source_patch_value != NULL) { + // Using the original source, but not enough free space. First + // copy the source file to cache, then delete it from the original + // location. + + if (strncmp(source_filename, "MTD:", 4) == 0 || + strncmp(source_filename, "EMMC:", 5) == 0) { + // It's impossible to free space on the target filesystem by + // deleting the source if the source is a partition. If + // we're ever in a state where we need to do this, fail. + printf("not enough free space for target but source is partition\n"); + return 1; + } + + if (MakeFreeSpaceOnCache(source_file->size) < 0) { + printf("not enough free space on /cache\n"); + return 1; + } + + if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) { + printf("failed to back up source file\n"); + return 1; + } + made_copy = 1; + unlink(source_filename); + + size_t free_space = FreeSpaceForFile(target_fs); + printf("(now %zu bytes free for target) ", free_space); + } + } + + const Value* patch; + if (source_patch_value != NULL) { + source_to_use = source_file; + patch = source_patch_value; + } else { + source_to_use = copy_file; + patch = copy_patch_value; + } + + if (patch->type != VAL_BLOB) { + printf("patch is not a blob\n"); + return 1; + } + + SinkFn sink = NULL; + void* token = NULL; + output = -1; + outname = NULL; + if (strncmp(target_filename, "MTD:", 4) == 0 || + strncmp(target_filename, "EMMC:", 5) == 0) { + // We store the decoded output in memory. + msi.buffer = reinterpret_cast(malloc(target_size)); + if (msi.buffer == NULL) { + printf("failed to alloc %zu bytes for output\n", target_size); + return 1; + } + msi.pos = 0; + msi.size = target_size; + sink = MemorySink; + token = &msi; + } else { + // We write the decoded output to ".patch". + outname = reinterpret_cast(malloc(strlen(target_filename) + 10)); + strcpy(outname, target_filename); + strcat(outname, ".patch"); + + output = open(outname, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); + if (output < 0) { + printf("failed to open output file %s: %s\n", + outname, strerror(errno)); + return 1; + } + sink = FileSink; + token = &output; + } + + char* header = patch->data; + ssize_t header_bytes_read = patch->size; + + SHA_init(&ctx); + + int result; + + if (header_bytes_read >= 8 && + memcmp(header, "BSDIFF40", 8) == 0) { + result = ApplyBSDiffPatch(source_to_use->data, source_to_use->size, + patch, 0, sink, token, &ctx); + } else if (header_bytes_read >= 8 && + memcmp(header, "IMGDIFF2", 8) == 0) { + result = ApplyImagePatch(source_to_use->data, source_to_use->size, + patch, sink, token, &ctx, bonus_data); + } else { + printf("Unknown patch file format\n"); + return 1; + } + + if (output >= 0) { + if (fsync(output) != 0) { + printf("failed to fsync file \"%s\" (%s)\n", outname, strerror(errno)); + result = 1; + } + if (close(output) != 0) { + printf("failed to close file \"%s\" (%s)\n", outname, strerror(errno)); + result = 1; + } + } + + if (result != 0) { + if (retry == 0) { + printf("applying patch failed\n"); + return result != 0; + } else { + printf("applying patch failed; retrying\n"); + } + if (outname != NULL) { + unlink(outname); + } + } else { + // succeeded; no need to retry + break; + } + } while (retry-- > 0); + + const uint8_t* current_target_sha1 = SHA_final(&ctx); + if (memcmp(current_target_sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { + printf("patch did not produce expected sha1\n"); + return 1; + } else { + printf("now "); + print_short_sha1(target_sha1); + putchar('\n'); + } + + if (output < 0) { + // Copy the temp file to the partition. + if (WriteToPartition(msi.buffer, msi.pos, target_filename) != 0) { + printf("write of patched data to %s failed\n", target_filename); + return 1; + } + free(msi.buffer); + } else { + // Give the .patch file the same owner, group, and mode of the + // original source file. + if (chmod(outname, source_to_use->st.st_mode) != 0) { + printf("chmod of \"%s\" failed: %s\n", outname, strerror(errno)); + return 1; + } + if (chown(outname, source_to_use->st.st_uid, source_to_use->st.st_gid) != 0) { + printf("chown of \"%s\" failed: %s\n", outname, strerror(errno)); + return 1; + } + + // Finally, rename the .patch file to replace the target file. + if (rename(outname, target_filename) != 0) { + printf("rename of .patch to \"%s\" failed: %s\n", target_filename, strerror(errno)); + return 1; + } + } + + // If this run of applypatch created the copy, and we're here, we + // can delete it. + if (made_copy) { + unlink(CACHE_TEMP_SOURCE); + } + + // Success! + return 0; +} diff --git a/applypatch/bsdiff.c b/applypatch/bsdiff.c deleted file mode 100644 index b6d342b7a..000000000 --- a/applypatch/bsdiff.c +++ /dev/null @@ -1,410 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * Most of this code comes from bsdiff.c from the bsdiff-4.3 - * distribution, which is: - */ - -/*- - * Copyright 2003-2005 Colin Percival - * All rights reserved - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted providing that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING - * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#include - -#include -#include -#include -#include -#include -#include -#include - -#define MIN(x,y) (((x)<(y)) ? (x) : (y)) - -static void split(off_t *I,off_t *V,off_t start,off_t len,off_t h) -{ - off_t i,j,k,x,tmp,jj,kk; - - if(len<16) { - for(k=start;kstart) split(I,V,start,jj-start,h); - - for(i=0;ikk) split(I,V,kk,start+len-kk,h); -} - -static void qsufsort(off_t *I,off_t *V,u_char *old,off_t oldsize) -{ - off_t buckets[256]; - off_t i,h,len; - - for(i=0;i<256;i++) buckets[i]=0; - for(i=0;i0;i--) buckets[i]=buckets[i-1]; - buckets[0]=0; - - for(i=0;iy) { - *pos=I[st]; - return x; - } else { - *pos=I[en]; - return y; - } - }; - - x=st+(en-st)/2; - if(memcmp(old+I[x],new,MIN(oldsize-I[x],newsize))<0) { - return search(I,old,oldsize,new,newsize,x,en,pos); - } else { - return search(I,old,oldsize,new,newsize,st,x,pos); - }; -} - -static void offtout(off_t x,u_char *buf) -{ - off_t y; - - if(x<0) y=-x; else y=x; - - buf[0]=y%256;y-=buf[0]; - y=y/256;buf[1]=y%256;y-=buf[1]; - y=y/256;buf[2]=y%256;y-=buf[2]; - y=y/256;buf[3]=y%256;y-=buf[3]; - y=y/256;buf[4]=y%256;y-=buf[4]; - y=y/256;buf[5]=y%256;y-=buf[5]; - y=y/256;buf[6]=y%256;y-=buf[6]; - y=y/256;buf[7]=y%256; - - if(x<0) buf[7]|=0x80; -} - -// This is main() from bsdiff.c, with the following changes: -// -// - old, oldsize, new, newsize are arguments; we don't load this -// data from files. old and new are owned by the caller; we -// don't free them at the end. -// -// - the "I" block of memory is owned by the caller, who passes a -// pointer to *I, which can be NULL. This way if we call -// bsdiff() multiple times with the same 'old' data, we only do -// the qsufsort() step the first time. -// -int bsdiff(u_char* old, off_t oldsize, off_t** IP, u_char* new, off_t newsize, - const char* patch_filename) -{ - int fd; - off_t *I; - off_t scan,pos,len; - off_t lastscan,lastpos,lastoffset; - off_t oldscore,scsc; - off_t s,Sf,lenf,Sb,lenb; - off_t overlap,Ss,lens; - off_t i; - off_t dblen,eblen; - u_char *db,*eb; - u_char buf[8]; - u_char header[32]; - FILE * pf; - BZFILE * pfbz2; - int bz2err; - - if (*IP == NULL) { - off_t* V; - *IP = malloc((oldsize+1) * sizeof(off_t)); - V = malloc((oldsize+1) * sizeof(off_t)); - qsufsort(*IP, V, old, oldsize); - free(V); - } - I = *IP; - - if(((db=malloc(newsize+1))==NULL) || - ((eb=malloc(newsize+1))==NULL)) err(1,NULL); - dblen=0; - eblen=0; - - /* Create the patch file */ - if ((pf = fopen(patch_filename, "w")) == NULL) - err(1, "%s", patch_filename); - - /* Header is - 0 8 "BSDIFF40" - 8 8 length of bzip2ed ctrl block - 16 8 length of bzip2ed diff block - 24 8 length of new file */ - /* File is - 0 32 Header - 32 ?? Bzip2ed ctrl block - ?? ?? Bzip2ed diff block - ?? ?? Bzip2ed extra block */ - memcpy(header,"BSDIFF40",8); - offtout(0, header + 8); - offtout(0, header + 16); - offtout(newsize, header + 24); - if (fwrite(header, 32, 1, pf) != 1) - err(1, "fwrite(%s)", patch_filename); - - /* Compute the differences, writing ctrl as we go */ - if ((pfbz2 = BZ2_bzWriteOpen(&bz2err, pf, 9, 0, 0)) == NULL) - errx(1, "BZ2_bzWriteOpen, bz2err = %d", bz2err); - scan=0;len=0; - lastscan=0;lastpos=0;lastoffset=0; - while(scanoldscore+8)) break; - - if((scan+lastoffsetSf*2-lenf) { Sf=s; lenf=i; }; - }; - - lenb=0; - if(scan=lastscan+i)&&(pos>=i);i++) { - if(old[pos-i]==new[scan-i]) s++; - if(s*2-i>Sb*2-lenb) { Sb=s; lenb=i; }; - }; - }; - - if(lastscan+lenf>scan-lenb) { - overlap=(lastscan+lenf)-(scan-lenb); - s=0;Ss=0;lens=0; - for(i=0;iSs) { Ss=s; lens=i+1; }; - }; - - lenf+=lens-overlap; - lenb-=lens; - }; - - for(i=0;i + +#include +#include +#include +#include +#include +#include +#include + +#define MIN(x,y) (((x)<(y)) ? (x) : (y)) + +static void split(off_t *I,off_t *V,off_t start,off_t len,off_t h) +{ + off_t i,j,k,x,tmp,jj,kk; + + if(len<16) { + for(k=start;kstart) split(I,V,start,jj-start,h); + + for(i=0;ikk) split(I,V,kk,start+len-kk,h); +} + +static void qsufsort(off_t *I,off_t *V,u_char *old,off_t oldsize) +{ + off_t buckets[256]; + off_t i,h,len; + + for(i=0;i<256;i++) buckets[i]=0; + for(i=0;i0;i--) buckets[i]=buckets[i-1]; + buckets[0]=0; + + for(i=0;iy) { + *pos=I[st]; + return x; + } else { + *pos=I[en]; + return y; + } + }; + + x=st+(en-st)/2; + if(memcmp(old+I[x],newdata,MIN(oldsize-I[x],newsize))<0) { + return search(I,old,oldsize,newdata,newsize,x,en,pos); + } else { + return search(I,old,oldsize,newdata,newsize,st,x,pos); + }; +} + +static void offtout(off_t x,u_char *buf) +{ + off_t y; + + if(x<0) y=-x; else y=x; + + buf[0]=y%256;y-=buf[0]; + y=y/256;buf[1]=y%256;y-=buf[1]; + y=y/256;buf[2]=y%256;y-=buf[2]; + y=y/256;buf[3]=y%256;y-=buf[3]; + y=y/256;buf[4]=y%256;y-=buf[4]; + y=y/256;buf[5]=y%256;y-=buf[5]; + y=y/256;buf[6]=y%256;y-=buf[6]; + y=y/256;buf[7]=y%256; + + if(x<0) buf[7]|=0x80; +} + +// This is main() from bsdiff.c, with the following changes: +// +// - old, oldsize, newdata, newsize are arguments; we don't load this +// data from files. old and newdata are owned by the caller; we +// don't free them at the end. +// +// - the "I" block of memory is owned by the caller, who passes a +// pointer to *I, which can be NULL. This way if we call +// bsdiff() multiple times with the same 'old' data, we only do +// the qsufsort() step the first time. +// +int bsdiff(u_char* old, off_t oldsize, off_t** IP, u_char* newdata, off_t newsize, + const char* patch_filename) +{ + int fd; + off_t *I; + off_t scan,pos,len; + off_t lastscan,lastpos,lastoffset; + off_t oldscore,scsc; + off_t s,Sf,lenf,Sb,lenb; + off_t overlap,Ss,lens; + off_t i; + off_t dblen,eblen; + u_char *db,*eb; + u_char buf[8]; + u_char header[32]; + FILE * pf; + BZFILE * pfbz2; + int bz2err; + + if (*IP == NULL) { + off_t* V; + *IP = reinterpret_cast(malloc((oldsize+1) * sizeof(off_t))); + V = reinterpret_cast(malloc((oldsize+1) * sizeof(off_t))); + qsufsort(*IP, V, old, oldsize); + free(V); + } + I = *IP; + + if(((db=reinterpret_cast(malloc(newsize+1)))==NULL) || + ((eb=reinterpret_cast(malloc(newsize+1)))==NULL)) err(1,NULL); + dblen=0; + eblen=0; + + /* Create the patch file */ + if ((pf = fopen(patch_filename, "w")) == NULL) + err(1, "%s", patch_filename); + + /* Header is + 0 8 "BSDIFF40" + 8 8 length of bzip2ed ctrl block + 16 8 length of bzip2ed diff block + 24 8 length of new file */ + /* File is + 0 32 Header + 32 ?? Bzip2ed ctrl block + ?? ?? Bzip2ed diff block + ?? ?? Bzip2ed extra block */ + memcpy(header,"BSDIFF40",8); + offtout(0, header + 8); + offtout(0, header + 16); + offtout(newsize, header + 24); + if (fwrite(header, 32, 1, pf) != 1) + err(1, "fwrite(%s)", patch_filename); + + /* Compute the differences, writing ctrl as we go */ + if ((pfbz2 = BZ2_bzWriteOpen(&bz2err, pf, 9, 0, 0)) == NULL) + errx(1, "BZ2_bzWriteOpen, bz2err = %d", bz2err); + scan=0;len=0; + lastscan=0;lastpos=0;lastoffset=0; + while(scanoldscore+8)) break; + + if((scan+lastoffsetSf*2-lenf) { Sf=s; lenf=i; }; + }; + + lenb=0; + if(scan=lastscan+i)&&(pos>=i);i++) { + if(old[pos-i]==newdata[scan-i]) s++; + if(s*2-i>Sb*2-lenb) { Sb=s; lenb=i; }; + }; + }; + + if(lastscan+lenf>scan-lenb) { + overlap=(lastscan+lenf)-(scan-lenb); + s=0;Ss=0;lens=0; + for(i=0;iSs) { Ss=s; lens=i+1; }; + }; + + lenf+=lens-overlap; + lenb-=lens; + }; + + for(i=0;i -#include -#include -#include -#include -#include - -#include - -#include "mincrypt/sha.h" -#include "applypatch.h" - -void ShowBSDiffLicense() { - puts("The bsdiff library used herein is:\n" - "\n" - "Copyright 2003-2005 Colin Percival\n" - "All rights reserved\n" - "\n" - "Redistribution and use in source and binary forms, with or without\n" - "modification, are permitted providing that the following conditions\n" - "are met:\n" - "1. Redistributions of source code must retain the above copyright\n" - " notice, this list of conditions and the following disclaimer.\n" - "2. Redistributions in binary form must reproduce the above copyright\n" - " notice, this list of conditions and the following disclaimer in the\n" - " documentation and/or other materials provided with the distribution.\n" - "\n" - "THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n" - "IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n" - "WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n" - "ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY\n" - "DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n" - "DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n" - "OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n" - "HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n" - "STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING\n" - "IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\n" - "POSSIBILITY OF SUCH DAMAGE.\n" - "\n------------------\n\n" - "This program uses Julian R Seward's \"libbzip2\" library, available\n" - "from http://www.bzip.org/.\n" - ); -} - -static off_t offtin(u_char *buf) -{ - off_t y; - - y=buf[7]&0x7F; - y=y*256;y+=buf[6]; - y=y*256;y+=buf[5]; - y=y*256;y+=buf[4]; - y=y*256;y+=buf[3]; - y=y*256;y+=buf[2]; - y=y*256;y+=buf[1]; - y=y*256;y+=buf[0]; - - if(buf[7]&0x80) y=-y; - - return y; -} - -int FillBuffer(unsigned char* buffer, int size, bz_stream* stream) { - stream->next_out = (char*)buffer; - stream->avail_out = size; - while (stream->avail_out > 0) { - int bzerr = BZ2_bzDecompress(stream); - if (bzerr != BZ_OK && bzerr != BZ_STREAM_END) { - printf("bz error %d decompressing\n", bzerr); - return -1; - } - if (stream->avail_out > 0) { - printf("need %d more bytes\n", stream->avail_out); - } - } - return 0; -} - -int ApplyBSDiffPatch(const unsigned char* old_data, ssize_t old_size, - const Value* patch, ssize_t patch_offset, - SinkFn sink, void* token, SHA_CTX* ctx) { - - unsigned char* new_data; - ssize_t new_size; - if (ApplyBSDiffPatchMem(old_data, old_size, patch, patch_offset, - &new_data, &new_size) != 0) { - return -1; - } - - if (sink(new_data, new_size, token) < new_size) { - printf("short write of output: %d (%s)\n", errno, strerror(errno)); - return 1; - } - if (ctx) SHA_update(ctx, new_data, new_size); - free(new_data); - - return 0; -} - -int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size, - const Value* patch, ssize_t patch_offset, - unsigned char** new_data, ssize_t* new_size) { - // Patch data format: - // 0 8 "BSDIFF40" - // 8 8 X - // 16 8 Y - // 24 8 sizeof(newfile) - // 32 X bzip2(control block) - // 32+X Y bzip2(diff block) - // 32+X+Y ??? bzip2(extra block) - // with control block a set of triples (x,y,z) meaning "add x bytes - // from oldfile to x bytes from the diff block; copy y bytes from the - // extra block; seek forwards in oldfile by z bytes". - - unsigned char* header = (unsigned char*) patch->data + patch_offset; - if (memcmp(header, "BSDIFF40", 8) != 0) { - printf("corrupt bsdiff patch file header (magic number)\n"); - return 1; - } - - ssize_t ctrl_len, data_len; - ctrl_len = offtin(header+8); - data_len = offtin(header+16); - *new_size = offtin(header+24); - - if (ctrl_len < 0 || data_len < 0 || *new_size < 0) { - printf("corrupt patch file header (data lengths)\n"); - return 1; - } - - int bzerr; - - bz_stream cstream; - cstream.next_in = patch->data + patch_offset + 32; - cstream.avail_in = ctrl_len; - cstream.bzalloc = NULL; - cstream.bzfree = NULL; - cstream.opaque = NULL; - if ((bzerr = BZ2_bzDecompressInit(&cstream, 0, 0)) != BZ_OK) { - printf("failed to bzinit control stream (%d)\n", bzerr); - } - - bz_stream dstream; - dstream.next_in = patch->data + patch_offset + 32 + ctrl_len; - dstream.avail_in = data_len; - dstream.bzalloc = NULL; - dstream.bzfree = NULL; - dstream.opaque = NULL; - if ((bzerr = BZ2_bzDecompressInit(&dstream, 0, 0)) != BZ_OK) { - printf("failed to bzinit diff stream (%d)\n", bzerr); - } - - bz_stream estream; - estream.next_in = patch->data + patch_offset + 32 + ctrl_len + data_len; - estream.avail_in = patch->size - (patch_offset + 32 + ctrl_len + data_len); - estream.bzalloc = NULL; - estream.bzfree = NULL; - estream.opaque = NULL; - if ((bzerr = BZ2_bzDecompressInit(&estream, 0, 0)) != BZ_OK) { - printf("failed to bzinit extra stream (%d)\n", bzerr); - } - - *new_data = malloc(*new_size); - if (*new_data == NULL) { - printf("failed to allocate %ld bytes of memory for output file\n", - (long)*new_size); - return 1; - } - - off_t oldpos = 0, newpos = 0; - off_t ctrl[3]; - off_t len_read; - int i; - unsigned char buf[24]; - while (newpos < *new_size) { - // Read control data - if (FillBuffer(buf, 24, &cstream) != 0) { - printf("error while reading control stream\n"); - return 1; - } - ctrl[0] = offtin(buf); - ctrl[1] = offtin(buf+8); - ctrl[2] = offtin(buf+16); - - if (ctrl[0] < 0 || ctrl[1] < 0) { - printf("corrupt patch (negative byte counts)\n"); - return 1; - } - - // Sanity check - if (newpos + ctrl[0] > *new_size) { - printf("corrupt patch (new file overrun)\n"); - return 1; - } - - // Read diff string - if (FillBuffer(*new_data + newpos, ctrl[0], &dstream) != 0) { - printf("error while reading diff stream\n"); - return 1; - } - - // Add old data to diff string - for (i = 0; i < ctrl[0]; ++i) { - if ((oldpos+i >= 0) && (oldpos+i < old_size)) { - (*new_data)[newpos+i] += old_data[oldpos+i]; - } - } - - // Adjust pointers - newpos += ctrl[0]; - oldpos += ctrl[0]; - - // Sanity check - if (newpos + ctrl[1] > *new_size) { - printf("corrupt patch (new file overrun)\n"); - return 1; - } - - // Read extra string - if (FillBuffer(*new_data + newpos, ctrl[1], &estream) != 0) { - printf("error while reading extra stream\n"); - return 1; - } - - // Adjust pointers - newpos += ctrl[1]; - oldpos += ctrl[2]; - } - - BZ2_bzDecompressEnd(&cstream); - BZ2_bzDecompressEnd(&dstream); - BZ2_bzDecompressEnd(&estream); - return 0; -} diff --git a/applypatch/bspatch.cpp b/applypatch/bspatch.cpp new file mode 100644 index 000000000..9d201b477 --- /dev/null +++ b/applypatch/bspatch.cpp @@ -0,0 +1,255 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// This file is a nearly line-for-line copy of bspatch.c from the +// bsdiff-4.3 distribution; the primary differences being how the +// input and output data are read and the error handling. Running +// applypatch with the -l option will display the bsdiff license +// notice. + +#include +#include +#include +#include +#include +#include + +#include + +#include "mincrypt/sha.h" +#include "applypatch.h" + +void ShowBSDiffLicense() { + puts("The bsdiff library used herein is:\n" + "\n" + "Copyright 2003-2005 Colin Percival\n" + "All rights reserved\n" + "\n" + "Redistribution and use in source and binary forms, with or without\n" + "modification, are permitted providing that the following conditions\n" + "are met:\n" + "1. Redistributions of source code must retain the above copyright\n" + " notice, this list of conditions and the following disclaimer.\n" + "2. Redistributions in binary form must reproduce the above copyright\n" + " notice, this list of conditions and the following disclaimer in the\n" + " documentation and/or other materials provided with the distribution.\n" + "\n" + "THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n" + "IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n" + "WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n" + "ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY\n" + "DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n" + "DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n" + "OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n" + "HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n" + "STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING\n" + "IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\n" + "POSSIBILITY OF SUCH DAMAGE.\n" + "\n------------------\n\n" + "This program uses Julian R Seward's \"libbzip2\" library, available\n" + "from http://www.bzip.org/.\n" + ); +} + +static off_t offtin(u_char *buf) +{ + off_t y; + + y=buf[7]&0x7F; + y=y*256;y+=buf[6]; + y=y*256;y+=buf[5]; + y=y*256;y+=buf[4]; + y=y*256;y+=buf[3]; + y=y*256;y+=buf[2]; + y=y*256;y+=buf[1]; + y=y*256;y+=buf[0]; + + if(buf[7]&0x80) y=-y; + + return y; +} + +int FillBuffer(unsigned char* buffer, int size, bz_stream* stream) { + stream->next_out = (char*)buffer; + stream->avail_out = size; + while (stream->avail_out > 0) { + int bzerr = BZ2_bzDecompress(stream); + if (bzerr != BZ_OK && bzerr != BZ_STREAM_END) { + printf("bz error %d decompressing\n", bzerr); + return -1; + } + if (stream->avail_out > 0) { + printf("need %d more bytes\n", stream->avail_out); + } + } + return 0; +} + +int ApplyBSDiffPatch(const unsigned char* old_data, ssize_t old_size, + const Value* patch, ssize_t patch_offset, + SinkFn sink, void* token, SHA_CTX* ctx) { + + unsigned char* new_data; + ssize_t new_size; + if (ApplyBSDiffPatchMem(old_data, old_size, patch, patch_offset, + &new_data, &new_size) != 0) { + return -1; + } + + if (sink(new_data, new_size, token) < new_size) { + printf("short write of output: %d (%s)\n", errno, strerror(errno)); + return 1; + } + if (ctx) SHA_update(ctx, new_data, new_size); + free(new_data); + + return 0; +} + +int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size, + const Value* patch, ssize_t patch_offset, + unsigned char** new_data, ssize_t* new_size) { + // Patch data format: + // 0 8 "BSDIFF40" + // 8 8 X + // 16 8 Y + // 24 8 sizeof(newfile) + // 32 X bzip2(control block) + // 32+X Y bzip2(diff block) + // 32+X+Y ??? bzip2(extra block) + // with control block a set of triples (x,y,z) meaning "add x bytes + // from oldfile to x bytes from the diff block; copy y bytes from the + // extra block; seek forwards in oldfile by z bytes". + + unsigned char* header = (unsigned char*) patch->data + patch_offset; + if (memcmp(header, "BSDIFF40", 8) != 0) { + printf("corrupt bsdiff patch file header (magic number)\n"); + return 1; + } + + ssize_t ctrl_len, data_len; + ctrl_len = offtin(header+8); + data_len = offtin(header+16); + *new_size = offtin(header+24); + + if (ctrl_len < 0 || data_len < 0 || *new_size < 0) { + printf("corrupt patch file header (data lengths)\n"); + return 1; + } + + int bzerr; + + bz_stream cstream; + cstream.next_in = patch->data + patch_offset + 32; + cstream.avail_in = ctrl_len; + cstream.bzalloc = NULL; + cstream.bzfree = NULL; + cstream.opaque = NULL; + if ((bzerr = BZ2_bzDecompressInit(&cstream, 0, 0)) != BZ_OK) { + printf("failed to bzinit control stream (%d)\n", bzerr); + } + + bz_stream dstream; + dstream.next_in = patch->data + patch_offset + 32 + ctrl_len; + dstream.avail_in = data_len; + dstream.bzalloc = NULL; + dstream.bzfree = NULL; + dstream.opaque = NULL; + if ((bzerr = BZ2_bzDecompressInit(&dstream, 0, 0)) != BZ_OK) { + printf("failed to bzinit diff stream (%d)\n", bzerr); + } + + bz_stream estream; + estream.next_in = patch->data + patch_offset + 32 + ctrl_len + data_len; + estream.avail_in = patch->size - (patch_offset + 32 + ctrl_len + data_len); + estream.bzalloc = NULL; + estream.bzfree = NULL; + estream.opaque = NULL; + if ((bzerr = BZ2_bzDecompressInit(&estream, 0, 0)) != BZ_OK) { + printf("failed to bzinit extra stream (%d)\n", bzerr); + } + + *new_data = reinterpret_cast(malloc(*new_size)); + if (*new_data == NULL) { + printf("failed to allocate %zd bytes of memory for output file\n", *new_size); + return 1; + } + + off_t oldpos = 0, newpos = 0; + off_t ctrl[3]; + off_t len_read; + int i; + unsigned char buf[24]; + while (newpos < *new_size) { + // Read control data + if (FillBuffer(buf, 24, &cstream) != 0) { + printf("error while reading control stream\n"); + return 1; + } + ctrl[0] = offtin(buf); + ctrl[1] = offtin(buf+8); + ctrl[2] = offtin(buf+16); + + if (ctrl[0] < 0 || ctrl[1] < 0) { + printf("corrupt patch (negative byte counts)\n"); + return 1; + } + + // Sanity check + if (newpos + ctrl[0] > *new_size) { + printf("corrupt patch (new file overrun)\n"); + return 1; + } + + // Read diff string + if (FillBuffer(*new_data + newpos, ctrl[0], &dstream) != 0) { + printf("error while reading diff stream\n"); + return 1; + } + + // Add old data to diff string + for (i = 0; i < ctrl[0]; ++i) { + if ((oldpos+i >= 0) && (oldpos+i < old_size)) { + (*new_data)[newpos+i] += old_data[oldpos+i]; + } + } + + // Adjust pointers + newpos += ctrl[0]; + oldpos += ctrl[0]; + + // Sanity check + if (newpos + ctrl[1] > *new_size) { + printf("corrupt patch (new file overrun)\n"); + return 1; + } + + // Read extra string + if (FillBuffer(*new_data + newpos, ctrl[1], &estream) != 0) { + printf("error while reading extra stream\n"); + return 1; + } + + // Adjust pointers + newpos += ctrl[1]; + oldpos += ctrl[2]; + } + + BZ2_bzDecompressEnd(&cstream); + BZ2_bzDecompressEnd(&dstream); + BZ2_bzDecompressEnd(&estream); + return 0; +} diff --git a/applypatch/freecache.c b/applypatch/freecache.c deleted file mode 100644 index 9827fda06..000000000 --- a/applypatch/freecache.c +++ /dev/null @@ -1,172 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "applypatch.h" - -static int EliminateOpenFiles(char** files, int file_count) { - DIR* d; - struct dirent* de; - d = opendir("/proc"); - if (d == NULL) { - printf("error opening /proc: %s\n", strerror(errno)); - return -1; - } - while ((de = readdir(d)) != 0) { - int i; - for (i = 0; de->d_name[i] != '\0' && isdigit(de->d_name[i]); ++i); - if (de->d_name[i]) continue; - - // de->d_name[i] is numeric - - char path[FILENAME_MAX]; - strcpy(path, "/proc/"); - strcat(path, de->d_name); - strcat(path, "/fd/"); - - DIR* fdd; - struct dirent* fdde; - fdd = opendir(path); - if (fdd == NULL) { - printf("error opening %s: %s\n", path, strerror(errno)); - continue; - } - while ((fdde = readdir(fdd)) != 0) { - char fd_path[FILENAME_MAX]; - char link[FILENAME_MAX]; - strcpy(fd_path, path); - strcat(fd_path, fdde->d_name); - - int count; - count = readlink(fd_path, link, sizeof(link)-1); - if (count >= 0) { - link[count] = '\0'; - - // This is inefficient, but it should only matter if there are - // lots of files in /cache, and lots of them are open (neither - // of which should be true, especially in recovery). - if (strncmp(link, "/cache/", 7) == 0) { - int j; - for (j = 0; j < file_count; ++j) { - if (files[j] && strcmp(files[j], link) == 0) { - printf("%s is open by %s\n", link, de->d_name); - free(files[j]); - files[j] = NULL; - } - } - } - } - } - closedir(fdd); - } - closedir(d); - - return 0; -} - -int FindExpendableFiles(char*** names, int* entries) { - DIR* d; - struct dirent* de; - int size = 32; - *entries = 0; - *names = malloc(size * sizeof(char*)); - - char path[FILENAME_MAX]; - - // We're allowed to delete unopened regular files in any of these - // directories. - const char* dirs[2] = {"/cache", "/cache/recovery/otatest"}; - - unsigned int i; - for (i = 0; i < sizeof(dirs)/sizeof(dirs[0]); ++i) { - d = opendir(dirs[i]); - if (d == NULL) { - printf("error opening %s: %s\n", dirs[i], strerror(errno)); - continue; - } - - // Look for regular files in the directory (not in any subdirectories). - while ((de = readdir(d)) != 0) { - strcpy(path, dirs[i]); - strcat(path, "/"); - strcat(path, de->d_name); - - // We can't delete CACHE_TEMP_SOURCE; if it's there we might have - // restarted during installation and could be depending on it to - // be there. - if (strcmp(path, CACHE_TEMP_SOURCE) == 0) continue; - - struct stat st; - if (stat(path, &st) == 0 && S_ISREG(st.st_mode)) { - if (*entries >= size) { - size *= 2; - *names = realloc(*names, size * sizeof(char*)); - } - (*names)[(*entries)++] = strdup(path); - } - } - - closedir(d); - } - - printf("%d regular files in deletable directories\n", *entries); - - if (EliminateOpenFiles(*names, *entries) < 0) { - return -1; - } - - return 0; -} - -int MakeFreeSpaceOnCache(size_t bytes_needed) { - size_t free_now = FreeSpaceForFile("/cache"); - printf("%ld bytes free on /cache (%ld needed)\n", - (long)free_now, (long)bytes_needed); - - if (free_now >= bytes_needed) { - return 0; - } - - char** names; - int entries; - - if (FindExpendableFiles(&names, &entries) < 0) { - return -1; - } - - if (entries == 0) { - // nothing we can delete to free up space! - printf("no files can be deleted to free space on /cache\n"); - return -1; - } - - // We could try to be smarter about which files to delete: the - // biggest ones? the smallest ones that will free up enough space? - // the oldest? the newest? - // - // Instead, we'll be dumb. - - int i; - for (i = 0; i < entries && free_now < bytes_needed; ++i) { - if (names[i]) { - unlink(names[i]); - free_now = FreeSpaceForFile("/cache"); - printf("deleted %s; now %ld bytes free\n", names[i], (long)free_now); - free(names[i]); - } - } - - for (; i < entries; ++i) { - free(names[i]); - } - free(names); - - return (free_now >= bytes_needed) ? 0 : -1; -} diff --git a/applypatch/freecache.cpp b/applypatch/freecache.cpp new file mode 100644 index 000000000..2eb2f55ef --- /dev/null +++ b/applypatch/freecache.cpp @@ -0,0 +1,186 @@ +/* + * Copyright (C) 2010 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "applypatch.h" + +static int EliminateOpenFiles(char** files, int file_count) { + DIR* d; + struct dirent* de; + d = opendir("/proc"); + if (d == NULL) { + printf("error opening /proc: %s\n", strerror(errno)); + return -1; + } + while ((de = readdir(d)) != 0) { + int i; + for (i = 0; de->d_name[i] != '\0' && isdigit(de->d_name[i]); ++i); + if (de->d_name[i]) continue; + + // de->d_name[i] is numeric + + char path[FILENAME_MAX]; + strcpy(path, "/proc/"); + strcat(path, de->d_name); + strcat(path, "/fd/"); + + DIR* fdd; + struct dirent* fdde; + fdd = opendir(path); + if (fdd == NULL) { + printf("error opening %s: %s\n", path, strerror(errno)); + continue; + } + while ((fdde = readdir(fdd)) != 0) { + char fd_path[FILENAME_MAX]; + char link[FILENAME_MAX]; + strcpy(fd_path, path); + strcat(fd_path, fdde->d_name); + + int count; + count = readlink(fd_path, link, sizeof(link)-1); + if (count >= 0) { + link[count] = '\0'; + + // This is inefficient, but it should only matter if there are + // lots of files in /cache, and lots of them are open (neither + // of which should be true, especially in recovery). + if (strncmp(link, "/cache/", 7) == 0) { + int j; + for (j = 0; j < file_count; ++j) { + if (files[j] && strcmp(files[j], link) == 0) { + printf("%s is open by %s\n", link, de->d_name); + free(files[j]); + files[j] = NULL; + } + } + } + } + } + closedir(fdd); + } + closedir(d); + + return 0; +} + +int FindExpendableFiles(char*** names, int* entries) { + DIR* d; + struct dirent* de; + int size = 32; + *entries = 0; + *names = reinterpret_cast(malloc(size * sizeof(char*))); + + char path[FILENAME_MAX]; + + // We're allowed to delete unopened regular files in any of these + // directories. + const char* dirs[2] = {"/cache", "/cache/recovery/otatest"}; + + for (size_t i = 0; i < sizeof(dirs)/sizeof(dirs[0]); ++i) { + d = opendir(dirs[i]); + if (d == NULL) { + printf("error opening %s: %s\n", dirs[i], strerror(errno)); + continue; + } + + // Look for regular files in the directory (not in any subdirectories). + while ((de = readdir(d)) != 0) { + strcpy(path, dirs[i]); + strcat(path, "/"); + strcat(path, de->d_name); + + // We can't delete CACHE_TEMP_SOURCE; if it's there we might have + // restarted during installation and could be depending on it to + // be there. + if (strcmp(path, CACHE_TEMP_SOURCE) == 0) continue; + + struct stat st; + if (stat(path, &st) == 0 && S_ISREG(st.st_mode)) { + if (*entries >= size) { + size *= 2; + *names = reinterpret_cast(realloc(*names, size * sizeof(char*))); + } + (*names)[(*entries)++] = strdup(path); + } + } + + closedir(d); + } + + printf("%d regular files in deletable directories\n", *entries); + + if (EliminateOpenFiles(*names, *entries) < 0) { + return -1; + } + + return 0; +} + +int MakeFreeSpaceOnCache(size_t bytes_needed) { + size_t free_now = FreeSpaceForFile("/cache"); + printf("%zu bytes free on /cache (%zu needed)\n", free_now, bytes_needed); + + if (free_now >= bytes_needed) { + return 0; + } + + char** names; + int entries; + + if (FindExpendableFiles(&names, &entries) < 0) { + return -1; + } + + if (entries == 0) { + // nothing we can delete to free up space! + printf("no files can be deleted to free space on /cache\n"); + return -1; + } + + // We could try to be smarter about which files to delete: the + // biggest ones? the smallest ones that will free up enough space? + // the oldest? the newest? + // + // Instead, we'll be dumb. + + int i; + for (i = 0; i < entries && free_now < bytes_needed; ++i) { + if (names[i]) { + unlink(names[i]); + free_now = FreeSpaceForFile("/cache"); + printf("deleted %s; now %zu bytes free\n", names[i], free_now); + free(names[i]); + } + } + + for (; i < entries; ++i) { + free(names[i]); + } + free(names); + + return (free_now >= bytes_needed) ? 0 : -1; +} diff --git a/applypatch/imgdiff.c b/applypatch/imgdiff.c deleted file mode 100644 index 3bac8be91..000000000 --- a/applypatch/imgdiff.c +++ /dev/null @@ -1,1060 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * This program constructs binary patches for images -- such as boot.img - * and recovery.img -- that consist primarily of large chunks of gzipped - * data interspersed with uncompressed data. Doing a naive bsdiff of - * these files is not useful because small changes in the data lead to - * large changes in the compressed bitstream; bsdiff patches of gzipped - * data are typically as large as the data itself. - * - * To patch these usefully, we break the source and target images up into - * chunks of two types: "normal" and "gzip". Normal chunks are simply - * patched using a plain bsdiff. Gzip chunks are first expanded, then a - * bsdiff is applied to the uncompressed data, then the patched data is - * gzipped using the same encoder parameters. Patched chunks are - * concatenated together to create the output file; the output image - * should be *exactly* the same series of bytes as the target image used - * originally to generate the patch. - * - * To work well with this tool, the gzipped sections of the target - * image must have been generated using the same deflate encoder that - * is available in applypatch, namely, the one in the zlib library. - * In practice this means that images should be compressed using the - * "minigzip" tool included in the zlib distribution, not the GNU gzip - * program. - * - * An "imgdiff" patch consists of a header describing the chunk structure - * of the file and any encoding parameters needed for the gzipped - * chunks, followed by N bsdiff patches, one per chunk. - * - * For a diff to be generated, the source and target images must have the - * same "chunk" structure: that is, the same number of gzipped and normal - * chunks in the same order. Android boot and recovery images currently - * consist of five chunks: a small normal header, a gzipped kernel, a - * small normal section, a gzipped ramdisk, and finally a small normal - * footer. - * - * Caveats: we locate gzipped sections within the source and target - * images by searching for the byte sequence 1f8b0800: 1f8b is the gzip - * magic number; 08 specifies the "deflate" encoding [the only encoding - * supported by the gzip standard]; and 00 is the flags byte. We do not - * currently support any extra header fields (which would be indicated by - * a nonzero flags byte). We also don't handle the case when that byte - * sequence appears spuriously in the file. (Note that it would have to - * occur spuriously within a normal chunk to be a problem.) - * - * - * The imgdiff patch header looks like this: - * - * "IMGDIFF1" (8) [magic number and version] - * chunk count (4) - * for each chunk: - * chunk type (4) [CHUNK_{NORMAL, GZIP, DEFLATE, RAW}] - * if chunk type == CHUNK_NORMAL: - * source start (8) - * source len (8) - * bsdiff patch offset (8) [from start of patch file] - * if chunk type == CHUNK_GZIP: (version 1 only) - * source start (8) - * source len (8) - * bsdiff patch offset (8) [from start of patch file] - * source expanded len (8) [size of uncompressed source] - * target expected len (8) [size of uncompressed target] - * gzip level (4) - * method (4) - * windowBits (4) - * memLevel (4) - * strategy (4) - * gzip header len (4) - * gzip header (gzip header len) - * gzip footer (8) - * if chunk type == CHUNK_DEFLATE: (version 2 only) - * source start (8) - * source len (8) - * bsdiff patch offset (8) [from start of patch file] - * source expanded len (8) [size of uncompressed source] - * target expected len (8) [size of uncompressed target] - * gzip level (4) - * method (4) - * windowBits (4) - * memLevel (4) - * strategy (4) - * if chunk type == RAW: (version 2 only) - * target len (4) - * data (target len) - * - * All integers are little-endian. "source start" and "source len" - * specify the section of the input image that comprises this chunk, - * including the gzip header and footer for gzip chunks. "source - * expanded len" is the size of the uncompressed source data. "target - * expected len" is the size of the uncompressed data after applying - * the bsdiff patch. The next five parameters specify the zlib - * parameters to be used when compressing the patched data, and the - * next three specify the header and footer to be wrapped around the - * compressed data to create the output chunk (so that header contents - * like the timestamp are recreated exactly). - * - * After the header there are 'chunk count' bsdiff patches; the offset - * of each from the beginning of the file is specified in the header. - * - * This tool can take an optional file of "bonus data". This is an - * extra file of data that is appended to chunk #1 after it is - * compressed (it must be a CHUNK_DEFLATE chunk). The same file must - * be available (and passed to applypatch with -b) when applying the - * patch. This is used to reduce the size of recovery-from-boot - * patches by combining the boot image with recovery ramdisk - * information that is stored on the system partition. - */ - -#include -#include -#include -#include -#include -#include -#include - -#include "zlib.h" -#include "imgdiff.h" -#include "utils.h" - -typedef struct { - int type; // CHUNK_NORMAL, CHUNK_DEFLATE - size_t start; // offset of chunk in original image file - - size_t len; - unsigned char* data; // data to be patched (uncompressed, for deflate chunks) - - size_t source_start; - size_t source_len; - - off_t* I; // used by bsdiff - - // --- for CHUNK_DEFLATE chunks only: --- - - // original (compressed) deflate data - size_t deflate_len; - unsigned char* deflate_data; - - char* filename; // used for zip entries - - // deflate encoder parameters - int level, method, windowBits, memLevel, strategy; - - size_t source_uncompressed_len; -} ImageChunk; - -typedef struct { - int data_offset; - int deflate_len; - int uncomp_len; - char* filename; -} ZipFileEntry; - -static int fileentry_compare(const void* a, const void* b) { - int ao = ((ZipFileEntry*)a)->data_offset; - int bo = ((ZipFileEntry*)b)->data_offset; - if (ao < bo) { - return -1; - } else if (ao > bo) { - return 1; - } else { - return 0; - } -} - -// from bsdiff.c -int bsdiff(u_char* old, off_t oldsize, off_t** IP, u_char* new, off_t newsize, - const char* patch_filename); - -unsigned char* ReadZip(const char* filename, - int* num_chunks, ImageChunk** chunks, - int include_pseudo_chunk) { - struct stat st; - if (stat(filename, &st) != 0) { - printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); - return NULL; - } - - unsigned char* img = malloc(st.st_size); - FILE* f = fopen(filename, "rb"); - if (fread(img, 1, st.st_size, f) != st.st_size) { - printf("failed to read \"%s\" %s\n", filename, strerror(errno)); - fclose(f); - return NULL; - } - fclose(f); - - // look for the end-of-central-directory record. - - int i; - for (i = st.st_size-20; i >= 0 && i > st.st_size - 65600; --i) { - if (img[i] == 0x50 && img[i+1] == 0x4b && - img[i+2] == 0x05 && img[i+3] == 0x06) { - break; - } - } - // double-check: this archive consists of a single "disk" - if (!(img[i+4] == 0 && img[i+5] == 0 && img[i+6] == 0 && img[i+7] == 0)) { - printf("can't process multi-disk archive\n"); - return NULL; - } - - int cdcount = Read2(img+i+8); - int cdoffset = Read4(img+i+16); - - ZipFileEntry* temp_entries = malloc(cdcount * sizeof(ZipFileEntry)); - int entrycount = 0; - - unsigned char* cd = img+cdoffset; - for (i = 0; i < cdcount; ++i) { - if (!(cd[0] == 0x50 && cd[1] == 0x4b && cd[2] == 0x01 && cd[3] == 0x02)) { - printf("bad central directory entry %d\n", i); - return NULL; - } - - int clen = Read4(cd+20); // compressed len - int ulen = Read4(cd+24); // uncompressed len - int nlen = Read2(cd+28); // filename len - int xlen = Read2(cd+30); // extra field len - int mlen = Read2(cd+32); // file comment len - int hoffset = Read4(cd+42); // local header offset - - char* filename = malloc(nlen+1); - memcpy(filename, cd+46, nlen); - filename[nlen] = '\0'; - - int method = Read2(cd+10); - - cd += 46 + nlen + xlen + mlen; - - if (method != 8) { // 8 == deflate - free(filename); - continue; - } - - unsigned char* lh = img + hoffset; - - if (!(lh[0] == 0x50 && lh[1] == 0x4b && lh[2] == 0x03 && lh[3] == 0x04)) { - printf("bad local file header entry %d\n", i); - return NULL; - } - - if (Read2(lh+26) != nlen || memcmp(lh+30, filename, nlen) != 0) { - printf("central dir filename doesn't match local header\n"); - return NULL; - } - - xlen = Read2(lh+28); // extra field len; might be different from CD entry? - - temp_entries[entrycount].data_offset = hoffset+30+nlen+xlen; - temp_entries[entrycount].deflate_len = clen; - temp_entries[entrycount].uncomp_len = ulen; - temp_entries[entrycount].filename = filename; - ++entrycount; - } - - qsort(temp_entries, entrycount, sizeof(ZipFileEntry), fileentry_compare); - -#if 0 - printf("found %d deflated entries\n", entrycount); - for (i = 0; i < entrycount; ++i) { - printf("off %10d len %10d unlen %10d %p %s\n", - temp_entries[i].data_offset, - temp_entries[i].deflate_len, - temp_entries[i].uncomp_len, - temp_entries[i].filename, - temp_entries[i].filename); - } -#endif - - *num_chunks = 0; - *chunks = malloc((entrycount*2+2) * sizeof(ImageChunk)); - ImageChunk* curr = *chunks; - - if (include_pseudo_chunk) { - curr->type = CHUNK_NORMAL; - curr->start = 0; - curr->len = st.st_size; - curr->data = img; - curr->filename = NULL; - curr->I = NULL; - ++curr; - ++*num_chunks; - } - - int pos = 0; - int nextentry = 0; - - while (pos < st.st_size) { - if (nextentry < entrycount && pos == temp_entries[nextentry].data_offset) { - curr->type = CHUNK_DEFLATE; - curr->start = pos; - curr->deflate_len = temp_entries[nextentry].deflate_len; - curr->deflate_data = img + pos; - curr->filename = temp_entries[nextentry].filename; - curr->I = NULL; - - curr->len = temp_entries[nextentry].uncomp_len; - curr->data = malloc(curr->len); - - z_stream strm; - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = curr->deflate_len; - strm.next_in = curr->deflate_data; - - // -15 means we are decoding a 'raw' deflate stream; zlib will - // not expect zlib headers. - int ret = inflateInit2(&strm, -15); - - strm.avail_out = curr->len; - strm.next_out = curr->data; - ret = inflate(&strm, Z_NO_FLUSH); - if (ret != Z_STREAM_END) { - printf("failed to inflate \"%s\"; %d\n", curr->filename, ret); - return NULL; - } - - inflateEnd(&strm); - - pos += curr->deflate_len; - ++nextentry; - ++*num_chunks; - ++curr; - continue; - } - - // use a normal chunk to take all the data up to the start of the - // next deflate section. - - curr->type = CHUNK_NORMAL; - curr->start = pos; - if (nextentry < entrycount) { - curr->len = temp_entries[nextentry].data_offset - pos; - } else { - curr->len = st.st_size - pos; - } - curr->data = img + pos; - curr->filename = NULL; - curr->I = NULL; - pos += curr->len; - - ++*num_chunks; - ++curr; - } - - free(temp_entries); - return img; -} - -/* - * Read the given file and break it up into chunks, putting the number - * of chunks and their info in *num_chunks and **chunks, - * respectively. Returns a malloc'd block of memory containing the - * contents of the file; various pointers in the output chunk array - * will point into this block of memory. The caller should free the - * return value when done with all the chunks. Returns NULL on - * failure. - */ -unsigned char* ReadImage(const char* filename, - int* num_chunks, ImageChunk** chunks) { - struct stat st; - if (stat(filename, &st) != 0) { - printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); - return NULL; - } - - unsigned char* img = malloc(st.st_size + 4); - FILE* f = fopen(filename, "rb"); - if (fread(img, 1, st.st_size, f) != st.st_size) { - printf("failed to read \"%s\" %s\n", filename, strerror(errno)); - fclose(f); - return NULL; - } - fclose(f); - - // append 4 zero bytes to the data so we can always search for the - // four-byte string 1f8b0800 starting at any point in the actual - // file data, without special-casing the end of the data. - memset(img+st.st_size, 0, 4); - - size_t pos = 0; - - *num_chunks = 0; - *chunks = NULL; - - while (pos < st.st_size) { - unsigned char* p = img+pos; - - if (st.st_size - pos >= 4 && - p[0] == 0x1f && p[1] == 0x8b && - p[2] == 0x08 && // deflate compression - p[3] == 0x00) { // no header flags - // 'pos' is the offset of the start of a gzip chunk. - size_t chunk_offset = pos; - - *num_chunks += 3; - *chunks = realloc(*chunks, *num_chunks * sizeof(ImageChunk)); - ImageChunk* curr = *chunks + (*num_chunks-3); - - // create a normal chunk for the header. - curr->start = pos; - curr->type = CHUNK_NORMAL; - curr->len = GZIP_HEADER_LEN; - curr->data = p; - curr->I = NULL; - - pos += curr->len; - p += curr->len; - ++curr; - - curr->type = CHUNK_DEFLATE; - curr->filename = NULL; - curr->I = NULL; - - // We must decompress this chunk in order to discover where it - // ends, and so we can put the uncompressed data and its length - // into curr->data and curr->len. - - size_t allocated = 32768; - curr->len = 0; - curr->data = malloc(allocated); - curr->start = pos; - curr->deflate_data = p; - - z_stream strm; - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = st.st_size - pos; - strm.next_in = p; - - // -15 means we are decoding a 'raw' deflate stream; zlib will - // not expect zlib headers. - int ret = inflateInit2(&strm, -15); - - do { - strm.avail_out = allocated - curr->len; - strm.next_out = curr->data + curr->len; - ret = inflate(&strm, Z_NO_FLUSH); - if (ret < 0) { - printf("Error: inflate failed [%s] at file offset [%zu]\n" - "imgdiff only supports gzip kernel compression," - " did you try CONFIG_KERNEL_LZO?\n", - strm.msg, chunk_offset); - free(img); - return NULL; - } - curr->len = allocated - strm.avail_out; - if (strm.avail_out == 0) { - allocated *= 2; - curr->data = realloc(curr->data, allocated); - } - } while (ret != Z_STREAM_END); - - curr->deflate_len = st.st_size - strm.avail_in - pos; - inflateEnd(&strm); - pos += curr->deflate_len; - p += curr->deflate_len; - ++curr; - - // create a normal chunk for the footer - - curr->type = CHUNK_NORMAL; - curr->start = pos; - curr->len = GZIP_FOOTER_LEN; - curr->data = img+pos; - curr->I = NULL; - - pos += curr->len; - p += curr->len; - ++curr; - - // The footer (that we just skipped over) contains the size of - // the uncompressed data. Double-check to make sure that it - // matches the size of the data we got when we actually did - // the decompression. - size_t footer_size = Read4(p-4); - if (footer_size != curr[-2].len) { - printf("Error: footer size %d != decompressed size %d\n", - footer_size, curr[-2].len); - free(img); - return NULL; - } - } else { - // Reallocate the list for every chunk; we expect the number of - // chunks to be small (5 for typical boot and recovery images). - ++*num_chunks; - *chunks = realloc(*chunks, *num_chunks * sizeof(ImageChunk)); - ImageChunk* curr = *chunks + (*num_chunks-1); - curr->start = pos; - curr->I = NULL; - - // 'pos' is not the offset of the start of a gzip chunk, so scan - // forward until we find a gzip header. - curr->type = CHUNK_NORMAL; - curr->data = p; - - for (curr->len = 0; curr->len < (st.st_size - pos); ++curr->len) { - if (p[curr->len] == 0x1f && - p[curr->len+1] == 0x8b && - p[curr->len+2] == 0x08 && - p[curr->len+3] == 0x00) { - break; - } - } - pos += curr->len; - } - } - - return img; -} - -#define BUFFER_SIZE 32768 - -/* - * Takes the uncompressed data stored in the chunk, compresses it - * using the zlib parameters stored in the chunk, and checks that it - * matches exactly the compressed data we started with (also stored in - * the chunk). Return 0 on success. - */ -int TryReconstruction(ImageChunk* chunk, unsigned char* out) { - size_t p = 0; - -#if 0 - printf("trying %d %d %d %d %d\n", - chunk->level, chunk->method, chunk->windowBits, - chunk->memLevel, chunk->strategy); -#endif - - z_stream strm; - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = chunk->len; - strm.next_in = chunk->data; - int ret; - ret = deflateInit2(&strm, chunk->level, chunk->method, chunk->windowBits, - chunk->memLevel, chunk->strategy); - do { - strm.avail_out = BUFFER_SIZE; - strm.next_out = out; - ret = deflate(&strm, Z_FINISH); - size_t have = BUFFER_SIZE - strm.avail_out; - - if (memcmp(out, chunk->deflate_data+p, have) != 0) { - // mismatch; data isn't the same. - deflateEnd(&strm); - return -1; - } - p += have; - } while (ret != Z_STREAM_END); - deflateEnd(&strm); - if (p != chunk->deflate_len) { - // mismatch; ran out of data before we should have. - return -1; - } - return 0; -} - -/* - * Verify that we can reproduce exactly the same compressed data that - * we started with. Sets the level, method, windowBits, memLevel, and - * strategy fields in the chunk to the encoding parameters needed to - * produce the right output. Returns 0 on success. - */ -int ReconstructDeflateChunk(ImageChunk* chunk) { - if (chunk->type != CHUNK_DEFLATE) { - printf("attempt to reconstruct non-deflate chunk\n"); - return -1; - } - - size_t p = 0; - unsigned char* out = malloc(BUFFER_SIZE); - - // We only check two combinations of encoder parameters: level 6 - // (the default) and level 9 (the maximum). - for (chunk->level = 6; chunk->level <= 9; chunk->level += 3) { - chunk->windowBits = -15; // 32kb window; negative to indicate a raw stream. - chunk->memLevel = 8; // the default value. - chunk->method = Z_DEFLATED; - chunk->strategy = Z_DEFAULT_STRATEGY; - - if (TryReconstruction(chunk, out) == 0) { - free(out); - return 0; - } - } - - free(out); - return -1; -} - -/* - * Given source and target chunks, compute a bsdiff patch between them - * by running bsdiff in a subprocess. Return the patch data, placing - * its length in *size. Return NULL on failure. We expect the bsdiff - * program to be in the path. - */ -unsigned char* MakePatch(ImageChunk* src, ImageChunk* tgt, size_t* size) { - if (tgt->type == CHUNK_NORMAL) { - if (tgt->len <= 160) { - tgt->type = CHUNK_RAW; - *size = tgt->len; - return tgt->data; - } - } - - char ptemp[] = "/tmp/imgdiff-patch-XXXXXX"; - mkstemp(ptemp); - - int r = bsdiff(src->data, src->len, &(src->I), tgt->data, tgt->len, ptemp); - if (r != 0) { - printf("bsdiff() failed: %d\n", r); - return NULL; - } - - struct stat st; - if (stat(ptemp, &st) != 0) { - printf("failed to stat patch file %s: %s\n", - ptemp, strerror(errno)); - return NULL; - } - - unsigned char* data = malloc(st.st_size); - - if (tgt->type == CHUNK_NORMAL && tgt->len <= st.st_size) { - unlink(ptemp); - - tgt->type = CHUNK_RAW; - *size = tgt->len; - return tgt->data; - } - - *size = st.st_size; - - FILE* f = fopen(ptemp, "rb"); - if (f == NULL) { - printf("failed to open patch %s: %s\n", ptemp, strerror(errno)); - return NULL; - } - if (fread(data, 1, st.st_size, f) != st.st_size) { - printf("failed to read patch %s: %s\n", ptemp, strerror(errno)); - return NULL; - } - fclose(f); - - unlink(ptemp); - - tgt->source_start = src->start; - switch (tgt->type) { - case CHUNK_NORMAL: - tgt->source_len = src->len; - break; - case CHUNK_DEFLATE: - tgt->source_len = src->deflate_len; - tgt->source_uncompressed_len = src->len; - break; - } - - return data; -} - -/* - * Cause a gzip chunk to be treated as a normal chunk (ie, as a blob - * of uninterpreted data). The resulting patch will likely be about - * as big as the target file, but it lets us handle the case of images - * where some gzip chunks are reconstructible but others aren't (by - * treating the ones that aren't as normal chunks). - */ -void ChangeDeflateChunkToNormal(ImageChunk* ch) { - if (ch->type != CHUNK_DEFLATE) return; - ch->type = CHUNK_NORMAL; - free(ch->data); - ch->data = ch->deflate_data; - ch->len = ch->deflate_len; -} - -/* - * Return true if the data in the chunk is identical (including the - * compressed representation, for gzip chunks). - */ -int AreChunksEqual(ImageChunk* a, ImageChunk* b) { - if (a->type != b->type) return 0; - - switch (a->type) { - case CHUNK_NORMAL: - return a->len == b->len && memcmp(a->data, b->data, a->len) == 0; - - case CHUNK_DEFLATE: - return a->deflate_len == b->deflate_len && - memcmp(a->deflate_data, b->deflate_data, a->deflate_len) == 0; - - default: - printf("unknown chunk type %d\n", a->type); - return 0; - } -} - -/* - * Look for runs of adjacent normal chunks and compress them down into - * a single chunk. (Such runs can be produced when deflate chunks are - * changed to normal chunks.) - */ -void MergeAdjacentNormalChunks(ImageChunk* chunks, int* num_chunks) { - int out = 0; - int in_start = 0, in_end; - while (in_start < *num_chunks) { - if (chunks[in_start].type != CHUNK_NORMAL) { - in_end = in_start+1; - } else { - // in_start is a normal chunk. Look for a run of normal chunks - // that constitute a solid block of data (ie, each chunk begins - // where the previous one ended). - for (in_end = in_start+1; - in_end < *num_chunks && chunks[in_end].type == CHUNK_NORMAL && - (chunks[in_end].start == - chunks[in_end-1].start + chunks[in_end-1].len && - chunks[in_end].data == - chunks[in_end-1].data + chunks[in_end-1].len); - ++in_end); - } - - if (in_end == in_start+1) { -#if 0 - printf("chunk %d is now %d\n", in_start, out); -#endif - if (out != in_start) { - memcpy(chunks+out, chunks+in_start, sizeof(ImageChunk)); - } - } else { -#if 0 - printf("collapse normal chunks %d-%d into %d\n", in_start, in_end-1, out); -#endif - - // Merge chunks [in_start, in_end-1] into one chunk. Since the - // data member of each chunk is just a pointer into an in-memory - // copy of the file, this can be done without recopying (the - // output chunk has the first chunk's start location and data - // pointer, and length equal to the sum of the input chunk - // lengths). - chunks[out].type = CHUNK_NORMAL; - chunks[out].start = chunks[in_start].start; - chunks[out].data = chunks[in_start].data; - chunks[out].len = chunks[in_end-1].len + - (chunks[in_end-1].start - chunks[in_start].start); - } - - ++out; - in_start = in_end; - } - *num_chunks = out; -} - -ImageChunk* FindChunkByName(const char* name, - ImageChunk* chunks, int num_chunks) { - int i; - for (i = 0; i < num_chunks; ++i) { - if (chunks[i].type == CHUNK_DEFLATE && chunks[i].filename && - strcmp(name, chunks[i].filename) == 0) { - return chunks+i; - } - } - return NULL; -} - -void DumpChunks(ImageChunk* chunks, int num_chunks) { - int i; - for (i = 0; i < num_chunks; ++i) { - printf("chunk %d: type %d start %d len %d\n", - i, chunks[i].type, chunks[i].start, chunks[i].len); - } -} - -int main(int argc, char** argv) { - int zip_mode = 0; - - if (argc >= 2 && strcmp(argv[1], "-z") == 0) { - zip_mode = 1; - --argc; - ++argv; - } - - size_t bonus_size = 0; - unsigned char* bonus_data = NULL; - if (argc >= 3 && strcmp(argv[1], "-b") == 0) { - struct stat st; - if (stat(argv[2], &st) != 0) { - printf("failed to stat bonus file %s: %s\n", argv[2], strerror(errno)); - return 1; - } - bonus_size = st.st_size; - bonus_data = malloc(bonus_size); - FILE* f = fopen(argv[2], "rb"); - if (f == NULL) { - printf("failed to open bonus file %s: %s\n", argv[2], strerror(errno)); - return 1; - } - if (fread(bonus_data, 1, bonus_size, f) != bonus_size) { - printf("failed to read bonus file %s: %s\n", argv[2], strerror(errno)); - return 1; - } - fclose(f); - - argc -= 2; - argv += 2; - } - - if (argc != 4) { - usage: - printf("usage: %s [-z] [-b ] \n", - argv[0]); - return 2; - } - - int num_src_chunks; - ImageChunk* src_chunks; - int num_tgt_chunks; - ImageChunk* tgt_chunks; - int i; - - if (zip_mode) { - if (ReadZip(argv[1], &num_src_chunks, &src_chunks, 1) == NULL) { - printf("failed to break apart source zip file\n"); - return 1; - } - if (ReadZip(argv[2], &num_tgt_chunks, &tgt_chunks, 0) == NULL) { - printf("failed to break apart target zip file\n"); - return 1; - } - } else { - if (ReadImage(argv[1], &num_src_chunks, &src_chunks) == NULL) { - printf("failed to break apart source image\n"); - return 1; - } - if (ReadImage(argv[2], &num_tgt_chunks, &tgt_chunks) == NULL) { - printf("failed to break apart target image\n"); - return 1; - } - - // Verify that the source and target images have the same chunk - // structure (ie, the same sequence of deflate and normal chunks). - - if (!zip_mode) { - // Merge the gzip header and footer in with any adjacent - // normal chunks. - MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); - MergeAdjacentNormalChunks(src_chunks, &num_src_chunks); - } - - if (num_src_chunks != num_tgt_chunks) { - printf("source and target don't have same number of chunks!\n"); - printf("source chunks:\n"); - DumpChunks(src_chunks, num_src_chunks); - printf("target chunks:\n"); - DumpChunks(tgt_chunks, num_tgt_chunks); - return 1; - } - for (i = 0; i < num_src_chunks; ++i) { - if (src_chunks[i].type != tgt_chunks[i].type) { - printf("source and target don't have same chunk " - "structure! (chunk %d)\n", i); - printf("source chunks:\n"); - DumpChunks(src_chunks, num_src_chunks); - printf("target chunks:\n"); - DumpChunks(tgt_chunks, num_tgt_chunks); - return 1; - } - } - } - - for (i = 0; i < num_tgt_chunks; ++i) { - if (tgt_chunks[i].type == CHUNK_DEFLATE) { - // Confirm that given the uncompressed chunk data in the target, we - // can recompress it and get exactly the same bits as are in the - // input target image. If this fails, treat the chunk as a normal - // non-deflated chunk. - if (ReconstructDeflateChunk(tgt_chunks+i) < 0) { - printf("failed to reconstruct target deflate chunk %d [%s]; " - "treating as normal\n", i, tgt_chunks[i].filename); - ChangeDeflateChunkToNormal(tgt_chunks+i); - if (zip_mode) { - ImageChunk* src = FindChunkByName(tgt_chunks[i].filename, src_chunks, num_src_chunks); - if (src) { - ChangeDeflateChunkToNormal(src); - } - } else { - ChangeDeflateChunkToNormal(src_chunks+i); - } - continue; - } - - // If two deflate chunks are identical (eg, the kernel has not - // changed between two builds), treat them as normal chunks. - // This makes applypatch much faster -- it can apply a trivial - // patch to the compressed data, rather than uncompressing and - // recompressing to apply the trivial patch to the uncompressed - // data. - ImageChunk* src; - if (zip_mode) { - src = FindChunkByName(tgt_chunks[i].filename, src_chunks, num_src_chunks); - } else { - src = src_chunks+i; - } - - if (src == NULL || AreChunksEqual(tgt_chunks+i, src)) { - ChangeDeflateChunkToNormal(tgt_chunks+i); - if (src) { - ChangeDeflateChunkToNormal(src); - } - } - } - } - - // Merging neighboring normal chunks. - if (zip_mode) { - // For zips, we only need to do this to the target: deflated - // chunks are matched via filename, and normal chunks are patched - // using the entire source file as the source. - MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); - } else { - // For images, we need to maintain the parallel structure of the - // chunk lists, so do the merging in both the source and target - // lists. - MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); - MergeAdjacentNormalChunks(src_chunks, &num_src_chunks); - if (num_src_chunks != num_tgt_chunks) { - // This shouldn't happen. - printf("merging normal chunks went awry\n"); - return 1; - } - } - - // Compute bsdiff patches for each chunk's data (the uncompressed - // data, in the case of deflate chunks). - - DumpChunks(src_chunks, num_src_chunks); - - printf("Construct patches for %d chunks...\n", num_tgt_chunks); - unsigned char** patch_data = malloc(num_tgt_chunks * sizeof(unsigned char*)); - size_t* patch_size = malloc(num_tgt_chunks * sizeof(size_t)); - for (i = 0; i < num_tgt_chunks; ++i) { - if (zip_mode) { - ImageChunk* src; - if (tgt_chunks[i].type == CHUNK_DEFLATE && - (src = FindChunkByName(tgt_chunks[i].filename, src_chunks, - num_src_chunks))) { - patch_data[i] = MakePatch(src, tgt_chunks+i, patch_size+i); - } else { - patch_data[i] = MakePatch(src_chunks, tgt_chunks+i, patch_size+i); - } - } else { - if (i == 1 && bonus_data) { - printf(" using %d bytes of bonus data for chunk %d\n", bonus_size, i); - src_chunks[i].data = realloc(src_chunks[i].data, src_chunks[i].len + bonus_size); - memcpy(src_chunks[i].data+src_chunks[i].len, bonus_data, bonus_size); - src_chunks[i].len += bonus_size; - } - - patch_data[i] = MakePatch(src_chunks+i, tgt_chunks+i, patch_size+i); - } - printf("patch %3d is %d bytes (of %d)\n", - i, patch_size[i], tgt_chunks[i].source_len); - } - - // Figure out how big the imgdiff file header is going to be, so - // that we can correctly compute the offset of each bsdiff patch - // within the file. - - size_t total_header_size = 12; - for (i = 0; i < num_tgt_chunks; ++i) { - total_header_size += 4; - switch (tgt_chunks[i].type) { - case CHUNK_NORMAL: - total_header_size += 8*3; - break; - case CHUNK_DEFLATE: - total_header_size += 8*5 + 4*5; - break; - case CHUNK_RAW: - total_header_size += 4 + patch_size[i]; - break; - } - } - - size_t offset = total_header_size; - - FILE* f = fopen(argv[3], "wb"); - - // Write out the headers. - - fwrite("IMGDIFF2", 1, 8, f); - Write4(num_tgt_chunks, f); - for (i = 0; i < num_tgt_chunks; ++i) { - Write4(tgt_chunks[i].type, f); - - switch (tgt_chunks[i].type) { - case CHUNK_NORMAL: - printf("chunk %3d: normal (%10d, %10d) %10d\n", i, - tgt_chunks[i].start, tgt_chunks[i].len, patch_size[i]); - Write8(tgt_chunks[i].source_start, f); - Write8(tgt_chunks[i].source_len, f); - Write8(offset, f); - offset += patch_size[i]; - break; - - case CHUNK_DEFLATE: - printf("chunk %3d: deflate (%10d, %10d) %10d %s\n", i, - tgt_chunks[i].start, tgt_chunks[i].deflate_len, patch_size[i], - tgt_chunks[i].filename); - Write8(tgt_chunks[i].source_start, f); - Write8(tgt_chunks[i].source_len, f); - Write8(offset, f); - Write8(tgt_chunks[i].source_uncompressed_len, f); - Write8(tgt_chunks[i].len, f); - Write4(tgt_chunks[i].level, f); - Write4(tgt_chunks[i].method, f); - Write4(tgt_chunks[i].windowBits, f); - Write4(tgt_chunks[i].memLevel, f); - Write4(tgt_chunks[i].strategy, f); - offset += patch_size[i]; - break; - - case CHUNK_RAW: - printf("chunk %3d: raw (%10d, %10d)\n", i, - tgt_chunks[i].start, tgt_chunks[i].len); - Write4(patch_size[i], f); - fwrite(patch_data[i], 1, patch_size[i], f); - break; - } - } - - // Append each chunk's bsdiff patch, in order. - - for (i = 0; i < num_tgt_chunks; ++i) { - if (tgt_chunks[i].type != CHUNK_RAW) { - fwrite(patch_data[i], 1, patch_size[i], f); - } - } - - fclose(f); - - return 0; -} diff --git a/applypatch/imgdiff.cpp b/applypatch/imgdiff.cpp new file mode 100644 index 000000000..4d83ffb2e --- /dev/null +++ b/applypatch/imgdiff.cpp @@ -0,0 +1,1068 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * This program constructs binary patches for images -- such as boot.img + * and recovery.img -- that consist primarily of large chunks of gzipped + * data interspersed with uncompressed data. Doing a naive bsdiff of + * these files is not useful because small changes in the data lead to + * large changes in the compressed bitstream; bsdiff patches of gzipped + * data are typically as large as the data itself. + * + * To patch these usefully, we break the source and target images up into + * chunks of two types: "normal" and "gzip". Normal chunks are simply + * patched using a plain bsdiff. Gzip chunks are first expanded, then a + * bsdiff is applied to the uncompressed data, then the patched data is + * gzipped using the same encoder parameters. Patched chunks are + * concatenated together to create the output file; the output image + * should be *exactly* the same series of bytes as the target image used + * originally to generate the patch. + * + * To work well with this tool, the gzipped sections of the target + * image must have been generated using the same deflate encoder that + * is available in applypatch, namely, the one in the zlib library. + * In practice this means that images should be compressed using the + * "minigzip" tool included in the zlib distribution, not the GNU gzip + * program. + * + * An "imgdiff" patch consists of a header describing the chunk structure + * of the file and any encoding parameters needed for the gzipped + * chunks, followed by N bsdiff patches, one per chunk. + * + * For a diff to be generated, the source and target images must have the + * same "chunk" structure: that is, the same number of gzipped and normal + * chunks in the same order. Android boot and recovery images currently + * consist of five chunks: a small normal header, a gzipped kernel, a + * small normal section, a gzipped ramdisk, and finally a small normal + * footer. + * + * Caveats: we locate gzipped sections within the source and target + * images by searching for the byte sequence 1f8b0800: 1f8b is the gzip + * magic number; 08 specifies the "deflate" encoding [the only encoding + * supported by the gzip standard]; and 00 is the flags byte. We do not + * currently support any extra header fields (which would be indicated by + * a nonzero flags byte). We also don't handle the case when that byte + * sequence appears spuriously in the file. (Note that it would have to + * occur spuriously within a normal chunk to be a problem.) + * + * + * The imgdiff patch header looks like this: + * + * "IMGDIFF1" (8) [magic number and version] + * chunk count (4) + * for each chunk: + * chunk type (4) [CHUNK_{NORMAL, GZIP, DEFLATE, RAW}] + * if chunk type == CHUNK_NORMAL: + * source start (8) + * source len (8) + * bsdiff patch offset (8) [from start of patch file] + * if chunk type == CHUNK_GZIP: (version 1 only) + * source start (8) + * source len (8) + * bsdiff patch offset (8) [from start of patch file] + * source expanded len (8) [size of uncompressed source] + * target expected len (8) [size of uncompressed target] + * gzip level (4) + * method (4) + * windowBits (4) + * memLevel (4) + * strategy (4) + * gzip header len (4) + * gzip header (gzip header len) + * gzip footer (8) + * if chunk type == CHUNK_DEFLATE: (version 2 only) + * source start (8) + * source len (8) + * bsdiff patch offset (8) [from start of patch file] + * source expanded len (8) [size of uncompressed source] + * target expected len (8) [size of uncompressed target] + * gzip level (4) + * method (4) + * windowBits (4) + * memLevel (4) + * strategy (4) + * if chunk type == RAW: (version 2 only) + * target len (4) + * data (target len) + * + * All integers are little-endian. "source start" and "source len" + * specify the section of the input image that comprises this chunk, + * including the gzip header and footer for gzip chunks. "source + * expanded len" is the size of the uncompressed source data. "target + * expected len" is the size of the uncompressed data after applying + * the bsdiff patch. The next five parameters specify the zlib + * parameters to be used when compressing the patched data, and the + * next three specify the header and footer to be wrapped around the + * compressed data to create the output chunk (so that header contents + * like the timestamp are recreated exactly). + * + * After the header there are 'chunk count' bsdiff patches; the offset + * of each from the beginning of the file is specified in the header. + * + * This tool can take an optional file of "bonus data". This is an + * extra file of data that is appended to chunk #1 after it is + * compressed (it must be a CHUNK_DEFLATE chunk). The same file must + * be available (and passed to applypatch with -b) when applying the + * patch. This is used to reduce the size of recovery-from-boot + * patches by combining the boot image with recovery ramdisk + * information that is stored on the system partition. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "zlib.h" +#include "imgdiff.h" +#include "utils.h" + +typedef struct { + int type; // CHUNK_NORMAL, CHUNK_DEFLATE + size_t start; // offset of chunk in original image file + + size_t len; + unsigned char* data; // data to be patched (uncompressed, for deflate chunks) + + size_t source_start; + size_t source_len; + + off_t* I; // used by bsdiff + + // --- for CHUNK_DEFLATE chunks only: --- + + // original (compressed) deflate data + size_t deflate_len; + unsigned char* deflate_data; + + char* filename; // used for zip entries + + // deflate encoder parameters + int level, method, windowBits, memLevel, strategy; + + size_t source_uncompressed_len; +} ImageChunk; + +typedef struct { + int data_offset; + int deflate_len; + int uncomp_len; + char* filename; +} ZipFileEntry; + +static int fileentry_compare(const void* a, const void* b) { + int ao = ((ZipFileEntry*)a)->data_offset; + int bo = ((ZipFileEntry*)b)->data_offset; + if (ao < bo) { + return -1; + } else if (ao > bo) { + return 1; + } else { + return 0; + } +} + +// from bsdiff.c +int bsdiff(u_char* old, off_t oldsize, off_t** IP, u_char* newdata, off_t newsize, + const char* patch_filename); + +unsigned char* ReadZip(const char* filename, + int* num_chunks, ImageChunk** chunks, + int include_pseudo_chunk) { + struct stat st; + if (stat(filename, &st) != 0) { + printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); + return NULL; + } + + size_t sz = static_cast(st.st_size); + unsigned char* img = reinterpret_cast(malloc(sz)); + FILE* f = fopen(filename, "rb"); + if (fread(img, 1, sz, f) != sz) { + printf("failed to read \"%s\" %s\n", filename, strerror(errno)); + fclose(f); + return NULL; + } + fclose(f); + + // look for the end-of-central-directory record. + + int i; + for (i = st.st_size-20; i >= 0 && i > st.st_size - 65600; --i) { + if (img[i] == 0x50 && img[i+1] == 0x4b && + img[i+2] == 0x05 && img[i+3] == 0x06) { + break; + } + } + // double-check: this archive consists of a single "disk" + if (!(img[i+4] == 0 && img[i+5] == 0 && img[i+6] == 0 && img[i+7] == 0)) { + printf("can't process multi-disk archive\n"); + return NULL; + } + + int cdcount = Read2(img+i+8); + int cdoffset = Read4(img+i+16); + + ZipFileEntry* temp_entries = reinterpret_cast(malloc( + cdcount * sizeof(ZipFileEntry))); + int entrycount = 0; + + unsigned char* cd = img+cdoffset; + for (i = 0; i < cdcount; ++i) { + if (!(cd[0] == 0x50 && cd[1] == 0x4b && cd[2] == 0x01 && cd[3] == 0x02)) { + printf("bad central directory entry %d\n", i); + return NULL; + } + + int clen = Read4(cd+20); // compressed len + int ulen = Read4(cd+24); // uncompressed len + int nlen = Read2(cd+28); // filename len + int xlen = Read2(cd+30); // extra field len + int mlen = Read2(cd+32); // file comment len + int hoffset = Read4(cd+42); // local header offset + + char* filename = reinterpret_cast(malloc(nlen+1)); + memcpy(filename, cd+46, nlen); + filename[nlen] = '\0'; + + int method = Read2(cd+10); + + cd += 46 + nlen + xlen + mlen; + + if (method != 8) { // 8 == deflate + free(filename); + continue; + } + + unsigned char* lh = img + hoffset; + + if (!(lh[0] == 0x50 && lh[1] == 0x4b && lh[2] == 0x03 && lh[3] == 0x04)) { + printf("bad local file header entry %d\n", i); + return NULL; + } + + if (Read2(lh+26) != nlen || memcmp(lh+30, filename, nlen) != 0) { + printf("central dir filename doesn't match local header\n"); + return NULL; + } + + xlen = Read2(lh+28); // extra field len; might be different from CD entry? + + temp_entries[entrycount].data_offset = hoffset+30+nlen+xlen; + temp_entries[entrycount].deflate_len = clen; + temp_entries[entrycount].uncomp_len = ulen; + temp_entries[entrycount].filename = filename; + ++entrycount; + } + + qsort(temp_entries, entrycount, sizeof(ZipFileEntry), fileentry_compare); + +#if 0 + printf("found %d deflated entries\n", entrycount); + for (i = 0; i < entrycount; ++i) { + printf("off %10d len %10d unlen %10d %p %s\n", + temp_entries[i].data_offset, + temp_entries[i].deflate_len, + temp_entries[i].uncomp_len, + temp_entries[i].filename, + temp_entries[i].filename); + } +#endif + + *num_chunks = 0; + *chunks = reinterpret_cast(malloc((entrycount*2+2) * sizeof(ImageChunk))); + ImageChunk* curr = *chunks; + + if (include_pseudo_chunk) { + curr->type = CHUNK_NORMAL; + curr->start = 0; + curr->len = st.st_size; + curr->data = img; + curr->filename = NULL; + curr->I = NULL; + ++curr; + ++*num_chunks; + } + + int pos = 0; + int nextentry = 0; + + while (pos < st.st_size) { + if (nextentry < entrycount && pos == temp_entries[nextentry].data_offset) { + curr->type = CHUNK_DEFLATE; + curr->start = pos; + curr->deflate_len = temp_entries[nextentry].deflate_len; + curr->deflate_data = img + pos; + curr->filename = temp_entries[nextentry].filename; + curr->I = NULL; + + curr->len = temp_entries[nextentry].uncomp_len; + curr->data = reinterpret_cast(malloc(curr->len)); + + z_stream strm; + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = curr->deflate_len; + strm.next_in = curr->deflate_data; + + // -15 means we are decoding a 'raw' deflate stream; zlib will + // not expect zlib headers. + int ret = inflateInit2(&strm, -15); + + strm.avail_out = curr->len; + strm.next_out = curr->data; + ret = inflate(&strm, Z_NO_FLUSH); + if (ret != Z_STREAM_END) { + printf("failed to inflate \"%s\"; %d\n", curr->filename, ret); + return NULL; + } + + inflateEnd(&strm); + + pos += curr->deflate_len; + ++nextentry; + ++*num_chunks; + ++curr; + continue; + } + + // use a normal chunk to take all the data up to the start of the + // next deflate section. + + curr->type = CHUNK_NORMAL; + curr->start = pos; + if (nextentry < entrycount) { + curr->len = temp_entries[nextentry].data_offset - pos; + } else { + curr->len = st.st_size - pos; + } + curr->data = img + pos; + curr->filename = NULL; + curr->I = NULL; + pos += curr->len; + + ++*num_chunks; + ++curr; + } + + free(temp_entries); + return img; +} + +/* + * Read the given file and break it up into chunks, putting the number + * of chunks and their info in *num_chunks and **chunks, + * respectively. Returns a malloc'd block of memory containing the + * contents of the file; various pointers in the output chunk array + * will point into this block of memory. The caller should free the + * return value when done with all the chunks. Returns NULL on + * failure. + */ +unsigned char* ReadImage(const char* filename, + int* num_chunks, ImageChunk** chunks) { + struct stat st; + if (stat(filename, &st) != 0) { + printf("failed to stat \"%s\": %s\n", filename, strerror(errno)); + return NULL; + } + + size_t sz = static_cast(st.st_size); + unsigned char* img = reinterpret_cast(malloc(sz + 4)); + FILE* f = fopen(filename, "rb"); + if (fread(img, 1, sz, f) != sz) { + printf("failed to read \"%s\" %s\n", filename, strerror(errno)); + fclose(f); + return NULL; + } + fclose(f); + + // append 4 zero bytes to the data so we can always search for the + // four-byte string 1f8b0800 starting at any point in the actual + // file data, without special-casing the end of the data. + memset(img+sz, 0, 4); + + size_t pos = 0; + + *num_chunks = 0; + *chunks = NULL; + + while (pos < sz) { + unsigned char* p = img+pos; + + if (sz - pos >= 4 && + p[0] == 0x1f && p[1] == 0x8b && + p[2] == 0x08 && // deflate compression + p[3] == 0x00) { // no header flags + // 'pos' is the offset of the start of a gzip chunk. + size_t chunk_offset = pos; + + *num_chunks += 3; + *chunks = reinterpret_cast(realloc(*chunks, + *num_chunks * sizeof(ImageChunk))); + ImageChunk* curr = *chunks + (*num_chunks-3); + + // create a normal chunk for the header. + curr->start = pos; + curr->type = CHUNK_NORMAL; + curr->len = GZIP_HEADER_LEN; + curr->data = p; + curr->I = NULL; + + pos += curr->len; + p += curr->len; + ++curr; + + curr->type = CHUNK_DEFLATE; + curr->filename = NULL; + curr->I = NULL; + + // We must decompress this chunk in order to discover where it + // ends, and so we can put the uncompressed data and its length + // into curr->data and curr->len. + + size_t allocated = 32768; + curr->len = 0; + curr->data = reinterpret_cast(malloc(allocated)); + curr->start = pos; + curr->deflate_data = p; + + z_stream strm; + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = sz - pos; + strm.next_in = p; + + // -15 means we are decoding a 'raw' deflate stream; zlib will + // not expect zlib headers. + int ret = inflateInit2(&strm, -15); + + do { + strm.avail_out = allocated - curr->len; + strm.next_out = curr->data + curr->len; + ret = inflate(&strm, Z_NO_FLUSH); + if (ret < 0) { + printf("Error: inflate failed [%s] at file offset [%zu]\n" + "imgdiff only supports gzip kernel compression," + " did you try CONFIG_KERNEL_LZO?\n", + strm.msg, chunk_offset); + free(img); + return NULL; + } + curr->len = allocated - strm.avail_out; + if (strm.avail_out == 0) { + allocated *= 2; + curr->data = reinterpret_cast(realloc(curr->data, allocated)); + } + } while (ret != Z_STREAM_END); + + curr->deflate_len = sz - strm.avail_in - pos; + inflateEnd(&strm); + pos += curr->deflate_len; + p += curr->deflate_len; + ++curr; + + // create a normal chunk for the footer + + curr->type = CHUNK_NORMAL; + curr->start = pos; + curr->len = GZIP_FOOTER_LEN; + curr->data = img+pos; + curr->I = NULL; + + pos += curr->len; + p += curr->len; + ++curr; + + // The footer (that we just skipped over) contains the size of + // the uncompressed data. Double-check to make sure that it + // matches the size of the data we got when we actually did + // the decompression. + size_t footer_size = Read4(p-4); + if (footer_size != curr[-2].len) { + printf("Error: footer size %zu != decompressed size %zu\n", + footer_size, curr[-2].len); + free(img); + return NULL; + } + } else { + // Reallocate the list for every chunk; we expect the number of + // chunks to be small (5 for typical boot and recovery images). + ++*num_chunks; + *chunks = reinterpret_cast(realloc(*chunks, *num_chunks * sizeof(ImageChunk))); + ImageChunk* curr = *chunks + (*num_chunks-1); + curr->start = pos; + curr->I = NULL; + + // 'pos' is not the offset of the start of a gzip chunk, so scan + // forward until we find a gzip header. + curr->type = CHUNK_NORMAL; + curr->data = p; + + for (curr->len = 0; curr->len < (sz - pos); ++curr->len) { + if (p[curr->len] == 0x1f && + p[curr->len+1] == 0x8b && + p[curr->len+2] == 0x08 && + p[curr->len+3] == 0x00) { + break; + } + } + pos += curr->len; + } + } + + return img; +} + +#define BUFFER_SIZE 32768 + +/* + * Takes the uncompressed data stored in the chunk, compresses it + * using the zlib parameters stored in the chunk, and checks that it + * matches exactly the compressed data we started with (also stored in + * the chunk). Return 0 on success. + */ +int TryReconstruction(ImageChunk* chunk, unsigned char* out) { + size_t p = 0; + +#if 0 + printf("trying %d %d %d %d %d\n", + chunk->level, chunk->method, chunk->windowBits, + chunk->memLevel, chunk->strategy); +#endif + + z_stream strm; + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = chunk->len; + strm.next_in = chunk->data; + int ret; + ret = deflateInit2(&strm, chunk->level, chunk->method, chunk->windowBits, + chunk->memLevel, chunk->strategy); + do { + strm.avail_out = BUFFER_SIZE; + strm.next_out = out; + ret = deflate(&strm, Z_FINISH); + size_t have = BUFFER_SIZE - strm.avail_out; + + if (memcmp(out, chunk->deflate_data+p, have) != 0) { + // mismatch; data isn't the same. + deflateEnd(&strm); + return -1; + } + p += have; + } while (ret != Z_STREAM_END); + deflateEnd(&strm); + if (p != chunk->deflate_len) { + // mismatch; ran out of data before we should have. + return -1; + } + return 0; +} + +/* + * Verify that we can reproduce exactly the same compressed data that + * we started with. Sets the level, method, windowBits, memLevel, and + * strategy fields in the chunk to the encoding parameters needed to + * produce the right output. Returns 0 on success. + */ +int ReconstructDeflateChunk(ImageChunk* chunk) { + if (chunk->type != CHUNK_DEFLATE) { + printf("attempt to reconstruct non-deflate chunk\n"); + return -1; + } + + size_t p = 0; + unsigned char* out = reinterpret_cast(malloc(BUFFER_SIZE)); + + // We only check two combinations of encoder parameters: level 6 + // (the default) and level 9 (the maximum). + for (chunk->level = 6; chunk->level <= 9; chunk->level += 3) { + chunk->windowBits = -15; // 32kb window; negative to indicate a raw stream. + chunk->memLevel = 8; // the default value. + chunk->method = Z_DEFLATED; + chunk->strategy = Z_DEFAULT_STRATEGY; + + if (TryReconstruction(chunk, out) == 0) { + free(out); + return 0; + } + } + + free(out); + return -1; +} + +/* + * Given source and target chunks, compute a bsdiff patch between them + * by running bsdiff in a subprocess. Return the patch data, placing + * its length in *size. Return NULL on failure. We expect the bsdiff + * program to be in the path. + */ +unsigned char* MakePatch(ImageChunk* src, ImageChunk* tgt, size_t* size) { + if (tgt->type == CHUNK_NORMAL) { + if (tgt->len <= 160) { + tgt->type = CHUNK_RAW; + *size = tgt->len; + return tgt->data; + } + } + + char ptemp[] = "/tmp/imgdiff-patch-XXXXXX"; + mkstemp(ptemp); + + int r = bsdiff(src->data, src->len, &(src->I), tgt->data, tgt->len, ptemp); + if (r != 0) { + printf("bsdiff() failed: %d\n", r); + return NULL; + } + + struct stat st; + if (stat(ptemp, &st) != 0) { + printf("failed to stat patch file %s: %s\n", + ptemp, strerror(errno)); + return NULL; + } + + size_t sz = static_cast(st.st_size); + // TODO: Memory leak on error return. + unsigned char* data = reinterpret_cast(malloc(sz)); + + if (tgt->type == CHUNK_NORMAL && tgt->len <= sz) { + unlink(ptemp); + + tgt->type = CHUNK_RAW; + *size = tgt->len; + return tgt->data; + } + + *size = sz; + + FILE* f = fopen(ptemp, "rb"); + if (f == NULL) { + printf("failed to open patch %s: %s\n", ptemp, strerror(errno)); + return NULL; + } + if (fread(data, 1, sz, f) != sz) { + printf("failed to read patch %s: %s\n", ptemp, strerror(errno)); + return NULL; + } + fclose(f); + + unlink(ptemp); + + tgt->source_start = src->start; + switch (tgt->type) { + case CHUNK_NORMAL: + tgt->source_len = src->len; + break; + case CHUNK_DEFLATE: + tgt->source_len = src->deflate_len; + tgt->source_uncompressed_len = src->len; + break; + } + + return data; +} + +/* + * Cause a gzip chunk to be treated as a normal chunk (ie, as a blob + * of uninterpreted data). The resulting patch will likely be about + * as big as the target file, but it lets us handle the case of images + * where some gzip chunks are reconstructible but others aren't (by + * treating the ones that aren't as normal chunks). + */ +void ChangeDeflateChunkToNormal(ImageChunk* ch) { + if (ch->type != CHUNK_DEFLATE) return; + ch->type = CHUNK_NORMAL; + free(ch->data); + ch->data = ch->deflate_data; + ch->len = ch->deflate_len; +} + +/* + * Return true if the data in the chunk is identical (including the + * compressed representation, for gzip chunks). + */ +int AreChunksEqual(ImageChunk* a, ImageChunk* b) { + if (a->type != b->type) return 0; + + switch (a->type) { + case CHUNK_NORMAL: + return a->len == b->len && memcmp(a->data, b->data, a->len) == 0; + + case CHUNK_DEFLATE: + return a->deflate_len == b->deflate_len && + memcmp(a->deflate_data, b->deflate_data, a->deflate_len) == 0; + + default: + printf("unknown chunk type %d\n", a->type); + return 0; + } +} + +/* + * Look for runs of adjacent normal chunks and compress them down into + * a single chunk. (Such runs can be produced when deflate chunks are + * changed to normal chunks.) + */ +void MergeAdjacentNormalChunks(ImageChunk* chunks, int* num_chunks) { + int out = 0; + int in_start = 0, in_end; + while (in_start < *num_chunks) { + if (chunks[in_start].type != CHUNK_NORMAL) { + in_end = in_start+1; + } else { + // in_start is a normal chunk. Look for a run of normal chunks + // that constitute a solid block of data (ie, each chunk begins + // where the previous one ended). + for (in_end = in_start+1; + in_end < *num_chunks && chunks[in_end].type == CHUNK_NORMAL && + (chunks[in_end].start == + chunks[in_end-1].start + chunks[in_end-1].len && + chunks[in_end].data == + chunks[in_end-1].data + chunks[in_end-1].len); + ++in_end); + } + + if (in_end == in_start+1) { +#if 0 + printf("chunk %d is now %d\n", in_start, out); +#endif + if (out != in_start) { + memcpy(chunks+out, chunks+in_start, sizeof(ImageChunk)); + } + } else { +#if 0 + printf("collapse normal chunks %d-%d into %d\n", in_start, in_end-1, out); +#endif + + // Merge chunks [in_start, in_end-1] into one chunk. Since the + // data member of each chunk is just a pointer into an in-memory + // copy of the file, this can be done without recopying (the + // output chunk has the first chunk's start location and data + // pointer, and length equal to the sum of the input chunk + // lengths). + chunks[out].type = CHUNK_NORMAL; + chunks[out].start = chunks[in_start].start; + chunks[out].data = chunks[in_start].data; + chunks[out].len = chunks[in_end-1].len + + (chunks[in_end-1].start - chunks[in_start].start); + } + + ++out; + in_start = in_end; + } + *num_chunks = out; +} + +ImageChunk* FindChunkByName(const char* name, + ImageChunk* chunks, int num_chunks) { + int i; + for (i = 0; i < num_chunks; ++i) { + if (chunks[i].type == CHUNK_DEFLATE && chunks[i].filename && + strcmp(name, chunks[i].filename) == 0) { + return chunks+i; + } + } + return NULL; +} + +void DumpChunks(ImageChunk* chunks, int num_chunks) { + for (int i = 0; i < num_chunks; ++i) { + printf("chunk %d: type %d start %zu len %zu\n", + i, chunks[i].type, chunks[i].start, chunks[i].len); + } +} + +int main(int argc, char** argv) { + int zip_mode = 0; + + if (argc >= 2 && strcmp(argv[1], "-z") == 0) { + zip_mode = 1; + --argc; + ++argv; + } + + size_t bonus_size = 0; + unsigned char* bonus_data = NULL; + if (argc >= 3 && strcmp(argv[1], "-b") == 0) { + struct stat st; + if (stat(argv[2], &st) != 0) { + printf("failed to stat bonus file %s: %s\n", argv[2], strerror(errno)); + return 1; + } + bonus_size = st.st_size; + bonus_data = reinterpret_cast(malloc(bonus_size)); + FILE* f = fopen(argv[2], "rb"); + if (f == NULL) { + printf("failed to open bonus file %s: %s\n", argv[2], strerror(errno)); + return 1; + } + if (fread(bonus_data, 1, bonus_size, f) != bonus_size) { + printf("failed to read bonus file %s: %s\n", argv[2], strerror(errno)); + return 1; + } + fclose(f); + + argc -= 2; + argv += 2; + } + + if (argc != 4) { + usage: + printf("usage: %s [-z] [-b ] \n", + argv[0]); + return 2; + } + + int num_src_chunks; + ImageChunk* src_chunks; + int num_tgt_chunks; + ImageChunk* tgt_chunks; + int i; + + if (zip_mode) { + if (ReadZip(argv[1], &num_src_chunks, &src_chunks, 1) == NULL) { + printf("failed to break apart source zip file\n"); + return 1; + } + if (ReadZip(argv[2], &num_tgt_chunks, &tgt_chunks, 0) == NULL) { + printf("failed to break apart target zip file\n"); + return 1; + } + } else { + if (ReadImage(argv[1], &num_src_chunks, &src_chunks) == NULL) { + printf("failed to break apart source image\n"); + return 1; + } + if (ReadImage(argv[2], &num_tgt_chunks, &tgt_chunks) == NULL) { + printf("failed to break apart target image\n"); + return 1; + } + + // Verify that the source and target images have the same chunk + // structure (ie, the same sequence of deflate and normal chunks). + + if (!zip_mode) { + // Merge the gzip header and footer in with any adjacent + // normal chunks. + MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); + MergeAdjacentNormalChunks(src_chunks, &num_src_chunks); + } + + if (num_src_chunks != num_tgt_chunks) { + printf("source and target don't have same number of chunks!\n"); + printf("source chunks:\n"); + DumpChunks(src_chunks, num_src_chunks); + printf("target chunks:\n"); + DumpChunks(tgt_chunks, num_tgt_chunks); + return 1; + } + for (i = 0; i < num_src_chunks; ++i) { + if (src_chunks[i].type != tgt_chunks[i].type) { + printf("source and target don't have same chunk " + "structure! (chunk %d)\n", i); + printf("source chunks:\n"); + DumpChunks(src_chunks, num_src_chunks); + printf("target chunks:\n"); + DumpChunks(tgt_chunks, num_tgt_chunks); + return 1; + } + } + } + + for (i = 0; i < num_tgt_chunks; ++i) { + if (tgt_chunks[i].type == CHUNK_DEFLATE) { + // Confirm that given the uncompressed chunk data in the target, we + // can recompress it and get exactly the same bits as are in the + // input target image. If this fails, treat the chunk as a normal + // non-deflated chunk. + if (ReconstructDeflateChunk(tgt_chunks+i) < 0) { + printf("failed to reconstruct target deflate chunk %d [%s]; " + "treating as normal\n", i, tgt_chunks[i].filename); + ChangeDeflateChunkToNormal(tgt_chunks+i); + if (zip_mode) { + ImageChunk* src = FindChunkByName(tgt_chunks[i].filename, src_chunks, num_src_chunks); + if (src) { + ChangeDeflateChunkToNormal(src); + } + } else { + ChangeDeflateChunkToNormal(src_chunks+i); + } + continue; + } + + // If two deflate chunks are identical (eg, the kernel has not + // changed between two builds), treat them as normal chunks. + // This makes applypatch much faster -- it can apply a trivial + // patch to the compressed data, rather than uncompressing and + // recompressing to apply the trivial patch to the uncompressed + // data. + ImageChunk* src; + if (zip_mode) { + src = FindChunkByName(tgt_chunks[i].filename, src_chunks, num_src_chunks); + } else { + src = src_chunks+i; + } + + if (src == NULL || AreChunksEqual(tgt_chunks+i, src)) { + ChangeDeflateChunkToNormal(tgt_chunks+i); + if (src) { + ChangeDeflateChunkToNormal(src); + } + } + } + } + + // Merging neighboring normal chunks. + if (zip_mode) { + // For zips, we only need to do this to the target: deflated + // chunks are matched via filename, and normal chunks are patched + // using the entire source file as the source. + MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); + } else { + // For images, we need to maintain the parallel structure of the + // chunk lists, so do the merging in both the source and target + // lists. + MergeAdjacentNormalChunks(tgt_chunks, &num_tgt_chunks); + MergeAdjacentNormalChunks(src_chunks, &num_src_chunks); + if (num_src_chunks != num_tgt_chunks) { + // This shouldn't happen. + printf("merging normal chunks went awry\n"); + return 1; + } + } + + // Compute bsdiff patches for each chunk's data (the uncompressed + // data, in the case of deflate chunks). + + DumpChunks(src_chunks, num_src_chunks); + + printf("Construct patches for %d chunks...\n", num_tgt_chunks); + unsigned char** patch_data = reinterpret_cast(malloc( + num_tgt_chunks * sizeof(unsigned char*))); + size_t* patch_size = reinterpret_cast(malloc(num_tgt_chunks * sizeof(size_t))); + for (i = 0; i < num_tgt_chunks; ++i) { + if (zip_mode) { + ImageChunk* src; + if (tgt_chunks[i].type == CHUNK_DEFLATE && + (src = FindChunkByName(tgt_chunks[i].filename, src_chunks, + num_src_chunks))) { + patch_data[i] = MakePatch(src, tgt_chunks+i, patch_size+i); + } else { + patch_data[i] = MakePatch(src_chunks, tgt_chunks+i, patch_size+i); + } + } else { + if (i == 1 && bonus_data) { + printf(" using %zu bytes of bonus data for chunk %d\n", bonus_size, i); + src_chunks[i].data = reinterpret_cast(realloc(src_chunks[i].data, + src_chunks[i].len + bonus_size)); + memcpy(src_chunks[i].data+src_chunks[i].len, bonus_data, bonus_size); + src_chunks[i].len += bonus_size; + } + + patch_data[i] = MakePatch(src_chunks+i, tgt_chunks+i, patch_size+i); + } + printf("patch %3d is %zu bytes (of %zu)\n", + i, patch_size[i], tgt_chunks[i].source_len); + } + + // Figure out how big the imgdiff file header is going to be, so + // that we can correctly compute the offset of each bsdiff patch + // within the file. + + size_t total_header_size = 12; + for (i = 0; i < num_tgt_chunks; ++i) { + total_header_size += 4; + switch (tgt_chunks[i].type) { + case CHUNK_NORMAL: + total_header_size += 8*3; + break; + case CHUNK_DEFLATE: + total_header_size += 8*5 + 4*5; + break; + case CHUNK_RAW: + total_header_size += 4 + patch_size[i]; + break; + } + } + + size_t offset = total_header_size; + + FILE* f = fopen(argv[3], "wb"); + + // Write out the headers. + + fwrite("IMGDIFF2", 1, 8, f); + Write4(num_tgt_chunks, f); + for (i = 0; i < num_tgt_chunks; ++i) { + Write4(tgt_chunks[i].type, f); + + switch (tgt_chunks[i].type) { + case CHUNK_NORMAL: + printf("chunk %3d: normal (%10zu, %10zu) %10zu\n", i, + tgt_chunks[i].start, tgt_chunks[i].len, patch_size[i]); + Write8(tgt_chunks[i].source_start, f); + Write8(tgt_chunks[i].source_len, f); + Write8(offset, f); + offset += patch_size[i]; + break; + + case CHUNK_DEFLATE: + printf("chunk %3d: deflate (%10zu, %10zu) %10zu %s\n", i, + tgt_chunks[i].start, tgt_chunks[i].deflate_len, patch_size[i], + tgt_chunks[i].filename); + Write8(tgt_chunks[i].source_start, f); + Write8(tgt_chunks[i].source_len, f); + Write8(offset, f); + Write8(tgt_chunks[i].source_uncompressed_len, f); + Write8(tgt_chunks[i].len, f); + Write4(tgt_chunks[i].level, f); + Write4(tgt_chunks[i].method, f); + Write4(tgt_chunks[i].windowBits, f); + Write4(tgt_chunks[i].memLevel, f); + Write4(tgt_chunks[i].strategy, f); + offset += patch_size[i]; + break; + + case CHUNK_RAW: + printf("chunk %3d: raw (%10zu, %10zu)\n", i, + tgt_chunks[i].start, tgt_chunks[i].len); + Write4(patch_size[i], f); + fwrite(patch_data[i], 1, patch_size[i], f); + break; + } + } + + // Append each chunk's bsdiff patch, in order. + + for (i = 0; i < num_tgt_chunks; ++i) { + if (tgt_chunks[i].type != CHUNK_RAW) { + fwrite(patch_data[i], 1, patch_size[i], f); + } + } + + fclose(f); + + return 0; +} diff --git a/applypatch/imgpatch.c b/applypatch/imgpatch.c deleted file mode 100644 index 09b0a7397..000000000 --- a/applypatch/imgpatch.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// See imgdiff.c in this directory for a description of the patch file -// format. - -#include -#include -#include -#include -#include -#include -#include - -#include "zlib.h" -#include "mincrypt/sha.h" -#include "applypatch.h" -#include "imgdiff.h" -#include "utils.h" - -/* - * Apply the patch given in 'patch_filename' to the source data given - * by (old_data, old_size). Write the patched output to the 'output' - * file, and update the SHA context with the output data as well. - * Return 0 on success. - */ -int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size __unused, - const Value* patch, - SinkFn sink, void* token, SHA_CTX* ctx, - const Value* bonus_data) { - ssize_t pos = 12; - char* header = patch->data; - if (patch->size < 12) { - printf("patch too short to contain header\n"); - return -1; - } - - // IMGDIFF2 uses CHUNK_NORMAL, CHUNK_DEFLATE, and CHUNK_RAW. - // (IMGDIFF1, which is no longer supported, used CHUNK_NORMAL and - // CHUNK_GZIP.) - if (memcmp(header, "IMGDIFF2", 8) != 0) { - printf("corrupt patch file header (magic number)\n"); - return -1; - } - - int num_chunks = Read4(header+8); - - int i; - for (i = 0; i < num_chunks; ++i) { - // each chunk's header record starts with 4 bytes. - if (pos + 4 > patch->size) { - printf("failed to read chunk %d record\n", i); - return -1; - } - int type = Read4(patch->data + pos); - pos += 4; - - if (type == CHUNK_NORMAL) { - char* normal_header = patch->data + pos; - pos += 24; - if (pos > patch->size) { - printf("failed to read chunk %d normal header data\n", i); - return -1; - } - - size_t src_start = Read8(normal_header); - size_t src_len = Read8(normal_header+8); - size_t patch_offset = Read8(normal_header+16); - - ApplyBSDiffPatch(old_data + src_start, src_len, - patch, patch_offset, sink, token, ctx); - } else if (type == CHUNK_RAW) { - char* raw_header = patch->data + pos; - pos += 4; - if (pos > patch->size) { - printf("failed to read chunk %d raw header data\n", i); - return -1; - } - - ssize_t data_len = Read4(raw_header); - - if (pos + data_len > patch->size) { - printf("failed to read chunk %d raw data\n", i); - return -1; - } - if (ctx) SHA_update(ctx, patch->data + pos, data_len); - if (sink((unsigned char*)patch->data + pos, - data_len, token) != data_len) { - printf("failed to write chunk %d raw data\n", i); - return -1; - } - pos += data_len; - } else if (type == CHUNK_DEFLATE) { - // deflate chunks have an additional 60 bytes in their chunk header. - char* deflate_header = patch->data + pos; - pos += 60; - if (pos > patch->size) { - printf("failed to read chunk %d deflate header data\n", i); - return -1; - } - - size_t src_start = Read8(deflate_header); - size_t src_len = Read8(deflate_header+8); - size_t patch_offset = Read8(deflate_header+16); - size_t expanded_len = Read8(deflate_header+24); - size_t target_len = Read8(deflate_header+32); - int level = Read4(deflate_header+40); - int method = Read4(deflate_header+44); - int windowBits = Read4(deflate_header+48); - int memLevel = Read4(deflate_header+52); - int strategy = Read4(deflate_header+56); - - // Decompress the source data; the chunk header tells us exactly - // how big we expect it to be when decompressed. - - // Note: expanded_len will include the bonus data size if - // the patch was constructed with bonus data. The - // deflation will come up 'bonus_size' bytes short; these - // must be appended from the bonus_data value. - size_t bonus_size = (i == 1 && bonus_data != NULL) ? bonus_data->size : 0; - - unsigned char* expanded_source = malloc(expanded_len); - if (expanded_source == NULL) { - printf("failed to allocate %zu bytes for expanded_source\n", - expanded_len); - return -1; - } - - z_stream strm; - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = src_len; - strm.next_in = (unsigned char*)(old_data + src_start); - strm.avail_out = expanded_len; - strm.next_out = expanded_source; - - int ret; - ret = inflateInit2(&strm, -15); - if (ret != Z_OK) { - printf("failed to init source inflation: %d\n", ret); - return -1; - } - - // Because we've provided enough room to accommodate the output - // data, we expect one call to inflate() to suffice. - ret = inflate(&strm, Z_SYNC_FLUSH); - if (ret != Z_STREAM_END) { - printf("source inflation returned %d\n", ret); - return -1; - } - // We should have filled the output buffer exactly, except - // for the bonus_size. - if (strm.avail_out != bonus_size) { - printf("source inflation short by %zu bytes\n", strm.avail_out-bonus_size); - return -1; - } - inflateEnd(&strm); - - if (bonus_size) { - memcpy(expanded_source + (expanded_len - bonus_size), - bonus_data->data, bonus_size); - } - - // Next, apply the bsdiff patch (in memory) to the uncompressed - // data. - unsigned char* uncompressed_target_data; - ssize_t uncompressed_target_size; - if (ApplyBSDiffPatchMem(expanded_source, expanded_len, - patch, patch_offset, - &uncompressed_target_data, - &uncompressed_target_size) != 0) { - return -1; - } - - // Now compress the target data and append it to the output. - - // we're done with the expanded_source data buffer, so we'll - // reuse that memory to receive the output of deflate. - unsigned char* temp_data = expanded_source; - ssize_t temp_size = expanded_len; - if (temp_size < 32768) { - // ... unless the buffer is too small, in which case we'll - // allocate a fresh one. - free(temp_data); - temp_data = malloc(32768); - temp_size = 32768; - } - - // now the deflate stream - strm.zalloc = Z_NULL; - strm.zfree = Z_NULL; - strm.opaque = Z_NULL; - strm.avail_in = uncompressed_target_size; - strm.next_in = uncompressed_target_data; - ret = deflateInit2(&strm, level, method, windowBits, memLevel, strategy); - do { - strm.avail_out = temp_size; - strm.next_out = temp_data; - ret = deflate(&strm, Z_FINISH); - ssize_t have = temp_size - strm.avail_out; - - if (sink(temp_data, have, token) != have) { - printf("failed to write %ld compressed bytes to output\n", - (long)have); - return -1; - } - if (ctx) SHA_update(ctx, temp_data, have); - } while (ret != Z_STREAM_END); - deflateEnd(&strm); - - free(temp_data); - free(uncompressed_target_data); - } else { - printf("patch chunk %d is unknown type %d\n", i, type); - return -1; - } - } - - return 0; -} diff --git a/applypatch/imgpatch.cpp b/applypatch/imgpatch.cpp new file mode 100644 index 000000000..26888f8ee --- /dev/null +++ b/applypatch/imgpatch.cpp @@ -0,0 +1,234 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// See imgdiff.c in this directory for a description of the patch file +// format. + +#include +#include +#include +#include +#include +#include +#include + +#include "zlib.h" +#include "mincrypt/sha.h" +#include "applypatch.h" +#include "imgdiff.h" +#include "utils.h" + +/* + * Apply the patch given in 'patch_filename' to the source data given + * by (old_data, old_size). Write the patched output to the 'output' + * file, and update the SHA context with the output data as well. + * Return 0 on success. + */ +int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size __unused, + const Value* patch, + SinkFn sink, void* token, SHA_CTX* ctx, + const Value* bonus_data) { + ssize_t pos = 12; + char* header = patch->data; + if (patch->size < 12) { + printf("patch too short to contain header\n"); + return -1; + } + + // IMGDIFF2 uses CHUNK_NORMAL, CHUNK_DEFLATE, and CHUNK_RAW. + // (IMGDIFF1, which is no longer supported, used CHUNK_NORMAL and + // CHUNK_GZIP.) + if (memcmp(header, "IMGDIFF2", 8) != 0) { + printf("corrupt patch file header (magic number)\n"); + return -1; + } + + int num_chunks = Read4(header+8); + + int i; + for (i = 0; i < num_chunks; ++i) { + // each chunk's header record starts with 4 bytes. + if (pos + 4 > patch->size) { + printf("failed to read chunk %d record\n", i); + return -1; + } + int type = Read4(patch->data + pos); + pos += 4; + + if (type == CHUNK_NORMAL) { + char* normal_header = patch->data + pos; + pos += 24; + if (pos > patch->size) { + printf("failed to read chunk %d normal header data\n", i); + return -1; + } + + size_t src_start = Read8(normal_header); + size_t src_len = Read8(normal_header+8); + size_t patch_offset = Read8(normal_header+16); + + ApplyBSDiffPatch(old_data + src_start, src_len, + patch, patch_offset, sink, token, ctx); + } else if (type == CHUNK_RAW) { + char* raw_header = patch->data + pos; + pos += 4; + if (pos > patch->size) { + printf("failed to read chunk %d raw header data\n", i); + return -1; + } + + ssize_t data_len = Read4(raw_header); + + if (pos + data_len > patch->size) { + printf("failed to read chunk %d raw data\n", i); + return -1; + } + if (ctx) SHA_update(ctx, patch->data + pos, data_len); + if (sink((unsigned char*)patch->data + pos, + data_len, token) != data_len) { + printf("failed to write chunk %d raw data\n", i); + return -1; + } + pos += data_len; + } else if (type == CHUNK_DEFLATE) { + // deflate chunks have an additional 60 bytes in their chunk header. + char* deflate_header = patch->data + pos; + pos += 60; + if (pos > patch->size) { + printf("failed to read chunk %d deflate header data\n", i); + return -1; + } + + size_t src_start = Read8(deflate_header); + size_t src_len = Read8(deflate_header+8); + size_t patch_offset = Read8(deflate_header+16); + size_t expanded_len = Read8(deflate_header+24); + size_t target_len = Read8(deflate_header+32); + int level = Read4(deflate_header+40); + int method = Read4(deflate_header+44); + int windowBits = Read4(deflate_header+48); + int memLevel = Read4(deflate_header+52); + int strategy = Read4(deflate_header+56); + + // Decompress the source data; the chunk header tells us exactly + // how big we expect it to be when decompressed. + + // Note: expanded_len will include the bonus data size if + // the patch was constructed with bonus data. The + // deflation will come up 'bonus_size' bytes short; these + // must be appended from the bonus_data value. + size_t bonus_size = (i == 1 && bonus_data != NULL) ? bonus_data->size : 0; + + unsigned char* expanded_source = reinterpret_cast(malloc(expanded_len)); + if (expanded_source == NULL) { + printf("failed to allocate %zu bytes for expanded_source\n", + expanded_len); + return -1; + } + + z_stream strm; + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = src_len; + strm.next_in = (unsigned char*)(old_data + src_start); + strm.avail_out = expanded_len; + strm.next_out = expanded_source; + + int ret; + ret = inflateInit2(&strm, -15); + if (ret != Z_OK) { + printf("failed to init source inflation: %d\n", ret); + return -1; + } + + // Because we've provided enough room to accommodate the output + // data, we expect one call to inflate() to suffice. + ret = inflate(&strm, Z_SYNC_FLUSH); + if (ret != Z_STREAM_END) { + printf("source inflation returned %d\n", ret); + return -1; + } + // We should have filled the output buffer exactly, except + // for the bonus_size. + if (strm.avail_out != bonus_size) { + printf("source inflation short by %zu bytes\n", strm.avail_out-bonus_size); + return -1; + } + inflateEnd(&strm); + + if (bonus_size) { + memcpy(expanded_source + (expanded_len - bonus_size), + bonus_data->data, bonus_size); + } + + // Next, apply the bsdiff patch (in memory) to the uncompressed + // data. + unsigned char* uncompressed_target_data; + ssize_t uncompressed_target_size; + if (ApplyBSDiffPatchMem(expanded_source, expanded_len, + patch, patch_offset, + &uncompressed_target_data, + &uncompressed_target_size) != 0) { + return -1; + } + + // Now compress the target data and append it to the output. + + // we're done with the expanded_source data buffer, so we'll + // reuse that memory to receive the output of deflate. + unsigned char* temp_data = expanded_source; + ssize_t temp_size = expanded_len; + if (temp_size < 32768) { + // ... unless the buffer is too small, in which case we'll + // allocate a fresh one. + free(temp_data); + temp_data = reinterpret_cast(malloc(32768)); + temp_size = 32768; + } + + // now the deflate stream + strm.zalloc = Z_NULL; + strm.zfree = Z_NULL; + strm.opaque = Z_NULL; + strm.avail_in = uncompressed_target_size; + strm.next_in = uncompressed_target_data; + ret = deflateInit2(&strm, level, method, windowBits, memLevel, strategy); + do { + strm.avail_out = temp_size; + strm.next_out = temp_data; + ret = deflate(&strm, Z_FINISH); + ssize_t have = temp_size - strm.avail_out; + + if (sink(temp_data, have, token) != have) { + printf("failed to write %ld compressed bytes to output\n", + (long)have); + return -1; + } + if (ctx) SHA_update(ctx, temp_data, have); + } while (ret != Z_STREAM_END); + deflateEnd(&strm); + + free(temp_data); + free(uncompressed_target_data); + } else { + printf("patch chunk %d is unknown type %d\n", i, type); + return -1; + } + } + + return 0; +} diff --git a/applypatch/main.c b/applypatch/main.c deleted file mode 100644 index 8e9fe80ef..000000000 --- a/applypatch/main.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include - -#include "applypatch.h" -#include "edify/expr.h" -#include "mincrypt/sha.h" - -int CheckMode(int argc, char** argv) { - if (argc < 3) { - return 2; - } - return applypatch_check(argv[2], argc-3, argv+3); -} - -int SpaceMode(int argc, char** argv) { - if (argc != 3) { - return 2; - } - char* endptr; - size_t bytes = strtol(argv[2], &endptr, 10); - if (bytes == 0 && endptr == argv[2]) { - printf("can't parse \"%s\" as byte count\n\n", argv[2]); - return 1; - } - return CacheSizeCheck(bytes); -} - -// Parse arguments (which should be of the form "" or -// ":" into the new parallel arrays *sha1s and -// *patches (loading file contents into the patches). Returns 0 on -// success. -static int ParsePatchArgs(int argc, char** argv, - char*** sha1s, Value*** patches, int* num_patches) { - *num_patches = argc; - *sha1s = malloc(*num_patches * sizeof(char*)); - *patches = malloc(*num_patches * sizeof(Value*)); - memset(*patches, 0, *num_patches * sizeof(Value*)); - - uint8_t digest[SHA_DIGEST_SIZE]; - - int i; - for (i = 0; i < *num_patches; ++i) { - char* colon = strchr(argv[i], ':'); - if (colon != NULL) { - *colon = '\0'; - ++colon; - } - - if (ParseSha1(argv[i], digest) != 0) { - printf("failed to parse sha1 \"%s\"\n", argv[i]); - return -1; - } - - (*sha1s)[i] = argv[i]; - if (colon == NULL) { - (*patches)[i] = NULL; - } else { - FileContents fc; - if (LoadFileContents(colon, &fc) != 0) { - goto abort; - } - (*patches)[i] = malloc(sizeof(Value)); - (*patches)[i]->type = VAL_BLOB; - (*patches)[i]->size = fc.size; - (*patches)[i]->data = (char*)fc.data; - } - } - - return 0; - - abort: - for (i = 0; i < *num_patches; ++i) { - Value* p = (*patches)[i]; - if (p != NULL) { - free(p->data); - free(p); - } - } - free(*sha1s); - free(*patches); - return -1; -} - -int PatchMode(int argc, char** argv) { - Value* bonus = NULL; - if (argc >= 3 && strcmp(argv[1], "-b") == 0) { - FileContents fc; - if (LoadFileContents(argv[2], &fc) != 0) { - printf("failed to load bonus file %s\n", argv[2]); - return 1; - } - bonus = malloc(sizeof(Value)); - bonus->type = VAL_BLOB; - bonus->size = fc.size; - bonus->data = (char*)fc.data; - argc -= 2; - argv += 2; - } - - if (argc < 6) { - return 2; - } - - char* endptr; - size_t target_size = strtol(argv[4], &endptr, 10); - if (target_size == 0 && endptr == argv[4]) { - printf("can't parse \"%s\" as byte count\n\n", argv[4]); - return 1; - } - - char** sha1s; - Value** patches; - int num_patches; - if (ParsePatchArgs(argc-5, argv+5, &sha1s, &patches, &num_patches) != 0) { - printf("failed to parse patch args\n"); - return 1; - } - - int result = applypatch(argv[1], argv[2], argv[3], target_size, - num_patches, sha1s, patches, bonus); - - int i; - for (i = 0; i < num_patches; ++i) { - Value* p = patches[i]; - if (p != NULL) { - free(p->data); - free(p); - } - } - if (bonus) { - free(bonus->data); - free(bonus); - } - free(sha1s); - free(patches); - - return result; -} - -// This program applies binary patches to files in a way that is safe -// (the original file is not touched until we have the desired -// replacement for it) and idempotent (it's okay to run this program -// multiple times). -// -// - if the sha1 hash of is , does nothing and exits -// successfully. -// -// - otherwise, if the sha1 hash of is , applies the -// bsdiff to to produce a new file (the type of patch -// is automatically detected from the file header). If that new -// file has sha1 hash , moves it to replace , and -// exits successfully. Note that if and are -// not the same, is NOT deleted on success. -// may be the string "-" to mean "the same as src-file". -// -// - otherwise, or if any error is encountered, exits with non-zero -// status. -// -// (or in check mode) may refer to an MTD partition -// to read the source data. See the comments for the -// LoadMTDContents() function above for the format of such a filename. - -int main(int argc, char** argv) { - if (argc < 2) { - usage: - printf( - "usage: %s [-b ] " - "[: ...]\n" - " or %s -c [ ...]\n" - " or %s -s \n" - " or %s -l\n" - "\n" - "Filenames may be of the form\n" - " MTD::::::...\n" - "to specify reading from or writing to an MTD partition.\n\n", - argv[0], argv[0], argv[0], argv[0]); - return 2; - } - - int result; - - if (strncmp(argv[1], "-l", 3) == 0) { - result = ShowLicenses(); - } else if (strncmp(argv[1], "-c", 3) == 0) { - result = CheckMode(argc, argv); - } else if (strncmp(argv[1], "-s", 3) == 0) { - result = SpaceMode(argc, argv); - } else { - result = PatchMode(argc, argv); - } - - if (result == 2) { - goto usage; - } - return result; -} diff --git a/applypatch/main.cpp b/applypatch/main.cpp new file mode 100644 index 000000000..63ff5c2c0 --- /dev/null +++ b/applypatch/main.cpp @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include + +#include "applypatch.h" +#include "edify/expr.h" +#include "mincrypt/sha.h" + +static int CheckMode(int argc, char** argv) { + if (argc < 3) { + return 2; + } + return applypatch_check(argv[2], argc-3, argv+3); +} + +static int SpaceMode(int argc, char** argv) { + if (argc != 3) { + return 2; + } + char* endptr; + size_t bytes = strtol(argv[2], &endptr, 10); + if (bytes == 0 && endptr == argv[2]) { + printf("can't parse \"%s\" as byte count\n\n", argv[2]); + return 1; + } + return CacheSizeCheck(bytes); +} + +// Parse arguments (which should be of the form "" or +// ":" into the new parallel arrays *sha1s and +// *patches (loading file contents into the patches). Returns true on +// success. +static bool ParsePatchArgs(int argc, char** argv, + char*** sha1s, Value*** patches, int* num_patches) { + *num_patches = argc; + *sha1s = reinterpret_cast(malloc(*num_patches * sizeof(char*))); + *patches = reinterpret_cast(malloc(*num_patches * sizeof(Value*))); + memset(*patches, 0, *num_patches * sizeof(Value*)); + + uint8_t digest[SHA_DIGEST_SIZE]; + + for (int i = 0; i < *num_patches; ++i) { + char* colon = strchr(argv[i], ':'); + if (colon != NULL) { + *colon = '\0'; + ++colon; + } + + if (ParseSha1(argv[i], digest) != 0) { + printf("failed to parse sha1 \"%s\"\n", argv[i]); + return false; + } + + (*sha1s)[i] = argv[i]; + if (colon == NULL) { + (*patches)[i] = NULL; + } else { + FileContents fc; + if (LoadFileContents(colon, &fc) != 0) { + goto abort; + } + (*patches)[i] = reinterpret_cast(malloc(sizeof(Value))); + (*patches)[i]->type = VAL_BLOB; + (*patches)[i]->size = fc.size; + (*patches)[i]->data = reinterpret_cast(fc.data); + } + } + + return true; + + abort: + for (int i = 0; i < *num_patches; ++i) { + Value* p = (*patches)[i]; + if (p != NULL) { + free(p->data); + free(p); + } + } + free(*sha1s); + free(*patches); + return false; +} + +int PatchMode(int argc, char** argv) { + Value* bonus = NULL; + if (argc >= 3 && strcmp(argv[1], "-b") == 0) { + FileContents fc; + if (LoadFileContents(argv[2], &fc) != 0) { + printf("failed to load bonus file %s\n", argv[2]); + return 1; + } + bonus = reinterpret_cast(malloc(sizeof(Value))); + bonus->type = VAL_BLOB; + bonus->size = fc.size; + bonus->data = (char*)fc.data; + argc -= 2; + argv += 2; + } + + if (argc < 6) { + return 2; + } + + char* endptr; + size_t target_size = strtol(argv[4], &endptr, 10); + if (target_size == 0 && endptr == argv[4]) { + printf("can't parse \"%s\" as byte count\n\n", argv[4]); + return 1; + } + + char** sha1s; + Value** patches; + int num_patches; + if (!ParsePatchArgs(argc-5, argv+5, &sha1s, &patches, &num_patches)) { + printf("failed to parse patch args\n"); + return 1; + } + + int result = applypatch(argv[1], argv[2], argv[3], target_size, + num_patches, sha1s, patches, bonus); + + int i; + for (i = 0; i < num_patches; ++i) { + Value* p = patches[i]; + if (p != NULL) { + free(p->data); + free(p); + } + } + if (bonus) { + free(bonus->data); + free(bonus); + } + free(sha1s); + free(patches); + + return result; +} + +// This program applies binary patches to files in a way that is safe +// (the original file is not touched until we have the desired +// replacement for it) and idempotent (it's okay to run this program +// multiple times). +// +// - if the sha1 hash of is , does nothing and exits +// successfully. +// +// - otherwise, if the sha1 hash of is , applies the +// bsdiff to to produce a new file (the type of patch +// is automatically detected from the file header). If that new +// file has sha1 hash , moves it to replace , and +// exits successfully. Note that if and are +// not the same, is NOT deleted on success. +// may be the string "-" to mean "the same as src-file". +// +// - otherwise, or if any error is encountered, exits with non-zero +// status. +// +// (or in check mode) may refer to an MTD partition +// to read the source data. See the comments for the +// LoadMTDContents() function above for the format of such a filename. + +int main(int argc, char** argv) { + if (argc < 2) { + usage: + printf( + "usage: %s [-b ] " + "[: ...]\n" + " or %s -c [ ...]\n" + " or %s -s \n" + " or %s -l\n" + "\n" + "Filenames may be of the form\n" + " MTD::::::...\n" + "to specify reading from or writing to an MTD partition.\n\n", + argv[0], argv[0], argv[0], argv[0]); + return 2; + } + + int result; + + if (strncmp(argv[1], "-l", 3) == 0) { + result = ShowLicenses(); + } else if (strncmp(argv[1], "-c", 3) == 0) { + result = CheckMode(argc, argv); + } else if (strncmp(argv[1], "-s", 3) == 0) { + result = SpaceMode(argc, argv); + } else { + result = PatchMode(argc, argv); + } + + if (result == 2) { + goto usage; + } + return result; +} diff --git a/applypatch/utils.c b/applypatch/utils.c deleted file mode 100644 index 41ff676dc..000000000 --- a/applypatch/utils.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include "utils.h" - -/** Write a 4-byte value to f in little-endian order. */ -void Write4(int value, FILE* f) { - fputc(value & 0xff, f); - fputc((value >> 8) & 0xff, f); - fputc((value >> 16) & 0xff, f); - fputc((value >> 24) & 0xff, f); -} - -/** Write an 8-byte value to f in little-endian order. */ -void Write8(long long value, FILE* f) { - fputc(value & 0xff, f); - fputc((value >> 8) & 0xff, f); - fputc((value >> 16) & 0xff, f); - fputc((value >> 24) & 0xff, f); - fputc((value >> 32) & 0xff, f); - fputc((value >> 40) & 0xff, f); - fputc((value >> 48) & 0xff, f); - fputc((value >> 56) & 0xff, f); -} - -int Read2(void* pv) { - unsigned char* p = pv; - return (int)(((unsigned int)p[1] << 8) | - (unsigned int)p[0]); -} - -int Read4(void* pv) { - unsigned char* p = pv; - return (int)(((unsigned int)p[3] << 24) | - ((unsigned int)p[2] << 16) | - ((unsigned int)p[1] << 8) | - (unsigned int)p[0]); -} - -long long Read8(void* pv) { - unsigned char* p = pv; - return (long long)(((unsigned long long)p[7] << 56) | - ((unsigned long long)p[6] << 48) | - ((unsigned long long)p[5] << 40) | - ((unsigned long long)p[4] << 32) | - ((unsigned long long)p[3] << 24) | - ((unsigned long long)p[2] << 16) | - ((unsigned long long)p[1] << 8) | - (unsigned long long)p[0]); -} diff --git a/applypatch/utils.cpp b/applypatch/utils.cpp new file mode 100644 index 000000000..4a80be75f --- /dev/null +++ b/applypatch/utils.cpp @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "utils.h" + +/** Write a 4-byte value to f in little-endian order. */ +void Write4(int value, FILE* f) { + fputc(value & 0xff, f); + fputc((value >> 8) & 0xff, f); + fputc((value >> 16) & 0xff, f); + fputc((value >> 24) & 0xff, f); +} + +/** Write an 8-byte value to f in little-endian order. */ +void Write8(long long value, FILE* f) { + fputc(value & 0xff, f); + fputc((value >> 8) & 0xff, f); + fputc((value >> 16) & 0xff, f); + fputc((value >> 24) & 0xff, f); + fputc((value >> 32) & 0xff, f); + fputc((value >> 40) & 0xff, f); + fputc((value >> 48) & 0xff, f); + fputc((value >> 56) & 0xff, f); +} + +int Read2(void* pv) { + unsigned char* p = reinterpret_cast(pv); + return (int)(((unsigned int)p[1] << 8) | + (unsigned int)p[0]); +} + +int Read4(void* pv) { + unsigned char* p = reinterpret_cast(pv); + return (int)(((unsigned int)p[3] << 24) | + ((unsigned int)p[2] << 16) | + ((unsigned int)p[1] << 8) | + (unsigned int)p[0]); +} + +long long Read8(void* pv) { + unsigned char* p = reinterpret_cast(pv); + return (long long)(((unsigned long long)p[7] << 56) | + ((unsigned long long)p[6] << 48) | + ((unsigned long long)p[5] << 40) | + ((unsigned long long)p[4] << 32) | + ((unsigned long long)p[3] << 24) | + ((unsigned long long)p[2] << 16) | + ((unsigned long long)p[1] << 8) | + (unsigned long long)p[0]); +} diff --git a/minzip/Hash.h b/minzip/Hash.h index 8194537f3..e83eac414 100644 --- a/minzip/Hash.h +++ b/minzip/Hash.h @@ -15,6 +15,10 @@ #include #include +#ifdef __cplusplus +extern "C" { +#endif + /* compute the hash of an item with a specific type */ typedef unsigned int (*HashCompute)(const void* item); @@ -183,4 +187,8 @@ typedef unsigned int (*HashCalcFunc)(const void* item); void mzHashTableProbeCount(HashTable* pHashTable, HashCalcFunc calcFunc, HashCompareFunc cmpFunc); +#ifdef __cplusplus +} +#endif + #endif /*_MINZIP_HASH*/ diff --git a/roots.cpp b/roots.cpp index 2bd457efe..9288177e7 100644 --- a/roots.cpp +++ b/roots.cpp @@ -30,10 +30,8 @@ #include "roots.h" #include "common.h" #include "make_ext4fs.h" -extern "C" { #include "wipe.h" #include "cryptfs.h" -} static struct fstab *fstab = NULL; diff --git a/updater/Android.mk b/updater/Android.mk index a0ea06fa5..0d4179b23 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -1,11 +1,23 @@ # Copyright 2009 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. LOCAL_PATH := $(call my-dir) updater_src_files := \ - install.c \ - blockimg.c \ - updater.c + install.cpp \ + blockimg.cpp \ + updater.cpp # # Build a statically-linked binary to include in OTA packages diff --git a/updater/blockimg.c b/updater/blockimg.c deleted file mode 100644 index e0be03917..000000000 --- a/updater/blockimg.c +++ /dev/null @@ -1,2014 +0,0 @@ -/* - * Copyright (C) 2014 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "applypatch/applypatch.h" -#include "edify/expr.h" -#include "mincrypt/sha.h" -#include "minzip/Hash.h" -#include "updater.h" - -#define BLOCKSIZE 4096 - -// Set this to 0 to interpret 'erase' transfers to mean do a -// BLKDISCARD ioctl (the normal behavior). Set to 1 to interpret -// erase to mean fill the region with zeroes. -#define DEBUG_ERASE 0 - -#ifndef BLKDISCARD -#define BLKDISCARD _IO(0x12,119) -#endif - -#define STASH_DIRECTORY_BASE "/cache/recovery" -#define STASH_DIRECTORY_MODE 0700 -#define STASH_FILE_MODE 0600 - -char* PrintSha1(const uint8_t* digest); - -typedef struct { - int count; - int size; - int pos[0]; -} RangeSet; - -#define RANGESET_MAX_POINTS \ - ((int)((INT_MAX / sizeof(int)) - sizeof(RangeSet))) - -static RangeSet* parse_range(char* text) { - char* save; - char* token; - int i, num; - long int val; - RangeSet* out = NULL; - size_t bufsize; - - if (!text) { - goto err; - } - - token = strtok_r(text, ",", &save); - - if (!token) { - goto err; - } - - val = strtol(token, NULL, 0); - - if (val < 2 || val > RANGESET_MAX_POINTS) { - goto err; - } else if (val % 2) { - goto err; // must be even - } - - num = (int) val; - bufsize = sizeof(RangeSet) + num * sizeof(int); - - out = malloc(bufsize); - - if (!out) { - fprintf(stderr, "failed to allocate range of %zu bytes\n", bufsize); - goto err; - } - - out->count = num / 2; - out->size = 0; - - for (i = 0; i < num; ++i) { - token = strtok_r(NULL, ",", &save); - - if (!token) { - goto err; - } - - val = strtol(token, NULL, 0); - - if (val < 0 || val > INT_MAX) { - goto err; - } - - out->pos[i] = (int) val; - - if (i % 2) { - if (out->pos[i - 1] >= out->pos[i]) { - goto err; // empty or negative range - } - - if (out->size > INT_MAX - out->pos[i]) { - goto err; // overflow - } - - out->size += out->pos[i]; - } else { - if (out->size < 0) { - goto err; - } - - out->size -= out->pos[i]; - } - } - - if (out->size <= 0) { - goto err; - } - - return out; - -err: - fprintf(stderr, "failed to parse range '%s'\n", text ? text : "NULL"); - exit(1); -} - -static int range_overlaps(RangeSet* r1, RangeSet* r2) { - int i, j, r1_0, r1_1, r2_0, r2_1; - - if (!r1 || !r2) { - return 0; - } - - for (i = 0; i < r1->count; ++i) { - r1_0 = r1->pos[i * 2]; - r1_1 = r1->pos[i * 2 + 1]; - - for (j = 0; j < r2->count; ++j) { - r2_0 = r2->pos[j * 2]; - r2_1 = r2->pos[j * 2 + 1]; - - if (!(r2_0 >= r1_1 || r1_0 >= r2_1)) { - return 1; - } - } - } - - return 0; -} - -static int read_all(int fd, uint8_t* data, size_t size) { - size_t so_far = 0; - while (so_far < size) { - ssize_t r = TEMP_FAILURE_RETRY(read(fd, data+so_far, size-so_far)); - if (r == -1) { - fprintf(stderr, "read failed: %s\n", strerror(errno)); - return -1; - } - so_far += r; - } - return 0; -} - -static int write_all(int fd, const uint8_t* data, size_t size) { - size_t written = 0; - while (written < size) { - ssize_t w = TEMP_FAILURE_RETRY(write(fd, data+written, size-written)); - if (w == -1) { - fprintf(stderr, "write failed: %s\n", strerror(errno)); - return -1; - } - written += w; - } - - if (fsync(fd) == -1) { - fprintf(stderr, "fsync failed: %s\n", strerror(errno)); - return -1; - } - - return 0; -} - -static bool check_lseek(int fd, off64_t offset, int whence) { - off64_t rc = TEMP_FAILURE_RETRY(lseek64(fd, offset, whence)); - if (rc == -1) { - fprintf(stderr, "lseek64 failed: %s\n", strerror(errno)); - return false; - } - return true; -} - -static void allocate(size_t size, uint8_t** buffer, size_t* buffer_alloc) { - // if the buffer's big enough, reuse it. - if (size <= *buffer_alloc) return; - - free(*buffer); - - *buffer = (uint8_t*) malloc(size); - if (*buffer == NULL) { - fprintf(stderr, "failed to allocate %zu bytes\n", size); - exit(1); - } - *buffer_alloc = size; -} - -typedef struct { - int fd; - RangeSet* tgt; - int p_block; - size_t p_remain; -} RangeSinkState; - -static ssize_t RangeSinkWrite(const uint8_t* data, ssize_t size, void* token) { - RangeSinkState* rss = (RangeSinkState*) token; - - if (rss->p_remain <= 0) { - fprintf(stderr, "range sink write overrun"); - return 0; - } - - ssize_t written = 0; - while (size > 0) { - size_t write_now = size; - - if (rss->p_remain < write_now) { - write_now = rss->p_remain; - } - - if (write_all(rss->fd, data, write_now) == -1) { - break; - } - - data += write_now; - size -= write_now; - - rss->p_remain -= write_now; - written += write_now; - - if (rss->p_remain == 0) { - // move to the next block - ++rss->p_block; - if (rss->p_block < rss->tgt->count) { - rss->p_remain = (rss->tgt->pos[rss->p_block * 2 + 1] - - rss->tgt->pos[rss->p_block * 2]) * BLOCKSIZE; - - if (!check_lseek(rss->fd, (off64_t)rss->tgt->pos[rss->p_block*2] * BLOCKSIZE, - SEEK_SET)) { - break; - } - } else { - // we can't write any more; return how many bytes have - // been written so far. - break; - } - } - } - - return written; -} - -// All of the data for all the 'new' transfers is contained in one -// file in the update package, concatenated together in the order in -// which transfers.list will need it. We want to stream it out of the -// archive (it's compressed) without writing it to a temp file, but we -// can't write each section until it's that transfer's turn to go. -// -// To achieve this, we expand the new data from the archive in a -// background thread, and block that threads 'receive uncompressed -// data' function until the main thread has reached a point where we -// want some new data to be written. We signal the background thread -// with the destination for the data and block the main thread, -// waiting for the background thread to complete writing that section. -// Then it signals the main thread to wake up and goes back to -// blocking waiting for a transfer. -// -// NewThreadInfo is the struct used to pass information back and forth -// between the two threads. When the main thread wants some data -// written, it sets rss to the destination location and signals the -// condition. When the background thread is done writing, it clears -// rss and signals the condition again. - -typedef struct { - ZipArchive* za; - const ZipEntry* entry; - - RangeSinkState* rss; - - pthread_mutex_t mu; - pthread_cond_t cv; -} NewThreadInfo; - -static bool receive_new_data(const unsigned char* data, int size, void* cookie) { - NewThreadInfo* nti = (NewThreadInfo*) cookie; - - while (size > 0) { - // Wait for nti->rss to be non-NULL, indicating some of this - // data is wanted. - pthread_mutex_lock(&nti->mu); - while (nti->rss == NULL) { - pthread_cond_wait(&nti->cv, &nti->mu); - } - pthread_mutex_unlock(&nti->mu); - - // At this point nti->rss is set, and we own it. The main - // thread is waiting for it to disappear from nti. - ssize_t written = RangeSinkWrite(data, size, nti->rss); - data += written; - size -= written; - - if (nti->rss->p_block == nti->rss->tgt->count) { - // we have written all the bytes desired by this rss. - - pthread_mutex_lock(&nti->mu); - nti->rss = NULL; - pthread_cond_broadcast(&nti->cv); - pthread_mutex_unlock(&nti->mu); - } - } - - return true; -} - -static void* unzip_new_data(void* cookie) { - NewThreadInfo* nti = (NewThreadInfo*) cookie; - mzProcessZipEntryContents(nti->za, nti->entry, receive_new_data, nti); - return NULL; -} - -static int ReadBlocks(RangeSet* src, uint8_t* buffer, int fd) { - int i; - size_t p = 0; - size_t size; - - if (!src || !buffer) { - return -1; - } - - for (i = 0; i < src->count; ++i) { - if (!check_lseek(fd, (off64_t) src->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { - return -1; - } - - size = (src->pos[i * 2 + 1] - src->pos[i * 2]) * BLOCKSIZE; - - if (read_all(fd, buffer + p, size) == -1) { - return -1; - } - - p += size; - } - - return 0; -} - -static int WriteBlocks(RangeSet* tgt, uint8_t* buffer, int fd) { - int i; - size_t p = 0; - size_t size; - - if (!tgt || !buffer) { - return -1; - } - - for (i = 0; i < tgt->count; ++i) { - if (!check_lseek(fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { - return -1; - } - - size = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * BLOCKSIZE; - - if (write_all(fd, buffer + p, size) == -1) { - return -1; - } - - p += size; - } - - return 0; -} - -// Do a source/target load for move/bsdiff/imgdiff in version 1. -// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect -// to parse the remainder of the string as: -// -// -// -// The source range is loaded into the provided buffer, reallocating -// it to make it larger if necessary. The target ranges are returned -// in *tgt, if tgt is non-NULL. - -static int LoadSrcTgtVersion1(char** wordsave, RangeSet** tgt, int* src_blocks, - uint8_t** buffer, size_t* buffer_alloc, int fd) { - char* word; - int rc; - - word = strtok_r(NULL, " ", wordsave); - RangeSet* src = parse_range(word); - - if (tgt != NULL) { - word = strtok_r(NULL, " ", wordsave); - *tgt = parse_range(word); - } - - allocate(src->size * BLOCKSIZE, buffer, buffer_alloc); - rc = ReadBlocks(src, *buffer, fd); - *src_blocks = src->size; - - free(src); - return rc; -} - -static int VerifyBlocks(const char *expected, const uint8_t *buffer, - size_t blocks, int printerror) { - char* hexdigest = NULL; - int rc = -1; - uint8_t digest[SHA_DIGEST_SIZE]; - - if (!expected || !buffer) { - return rc; - } - - SHA_hash(buffer, blocks * BLOCKSIZE, digest); - hexdigest = PrintSha1(digest); - - if (hexdigest != NULL) { - rc = strcmp(expected, hexdigest); - - if (rc != 0 && printerror) { - fprintf(stderr, "failed to verify blocks (expected %s, read %s)\n", - expected, hexdigest); - } - - free(hexdigest); - } - - return rc; -} - -static char* GetStashFileName(const char* base, const char* id, const char* postfix) { - char* fn; - int len; - int res; - - if (base == NULL) { - return NULL; - } - - if (id == NULL) { - id = ""; - } - - if (postfix == NULL) { - postfix = ""; - } - - len = strlen(STASH_DIRECTORY_BASE) + 1 + strlen(base) + 1 + strlen(id) + strlen(postfix) + 1; - fn = malloc(len); - - if (fn == NULL) { - fprintf(stderr, "failed to malloc %d bytes for fn\n", len); - return NULL; - } - - res = snprintf(fn, len, STASH_DIRECTORY_BASE "/%s/%s%s", base, id, postfix); - - if (res < 0 || res >= len) { - fprintf(stderr, "failed to format file name (return value %d)\n", res); - free(fn); - return NULL; - } - - return fn; -} - -typedef void (*StashCallback)(const char*, void*); - -// Does a best effort enumeration of stash files. Ignores possible non-file -// items in the stash directory and continues despite of errors. Calls the -// 'callback' function for each file and passes 'data' to the function as a -// parameter. - -static void EnumerateStash(const char* dirname, StashCallback callback, void* data) { - char* fn; - DIR* directory; - int len; - int res; - struct dirent* item; - - if (dirname == NULL || callback == NULL) { - return; - } - - directory = opendir(dirname); - - if (directory == NULL) { - if (errno != ENOENT) { - fprintf(stderr, "opendir \"%s\" failed: %s\n", dirname, strerror(errno)); - } - return; - } - - while ((item = readdir(directory)) != NULL) { - if (item->d_type != DT_REG) { - continue; - } - - len = strlen(dirname) + 1 + strlen(item->d_name) + 1; - fn = malloc(len); - - if (fn == NULL) { - fprintf(stderr, "failed to malloc %d bytes for fn\n", len); - continue; - } - - res = snprintf(fn, len, "%s/%s", dirname, item->d_name); - - if (res < 0 || res >= len) { - fprintf(stderr, "failed to format file name (return value %d)\n", res); - free(fn); - continue; - } - - callback(fn, data); - free(fn); - } - - if (closedir(directory) == -1) { - fprintf(stderr, "closedir \"%s\" failed: %s\n", dirname, strerror(errno)); - } -} - -static void UpdateFileSize(const char* fn, void* data) { - int* size = (int*) data; - struct stat st; - - if (!fn || !data) { - return; - } - - if (stat(fn, &st) == -1) { - fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); - return; - } - - *size += st.st_size; -} - -// Deletes the stash directory and all files in it. Assumes that it only -// contains files. There is nothing we can do about unlikely, but possible -// errors, so they are merely logged. - -static void DeleteFile(const char* fn, void* data) { - if (fn) { - fprintf(stderr, "deleting %s\n", fn); - - if (unlink(fn) == -1 && errno != ENOENT) { - fprintf(stderr, "unlink \"%s\" failed: %s\n", fn, strerror(errno)); - } - } -} - -static void DeletePartial(const char* fn, void* data) { - if (fn && strstr(fn, ".partial") != NULL) { - DeleteFile(fn, data); - } -} - -static void DeleteStash(const char* base) { - char* dirname; - - if (base == NULL) { - return; - } - - dirname = GetStashFileName(base, NULL, NULL); - - if (dirname == NULL) { - return; - } - - fprintf(stderr, "deleting stash %s\n", base); - EnumerateStash(dirname, DeleteFile, NULL); - - if (rmdir(dirname) == -1) { - if (errno != ENOENT && errno != ENOTDIR) { - fprintf(stderr, "rmdir \"%s\" failed: %s\n", dirname, strerror(errno)); - } - } - - free(dirname); -} - -static int LoadStash(const char* base, const char* id, int verify, int* blocks, uint8_t** buffer, - size_t* buffer_alloc, int printnoent) { - char *fn = NULL; - int blockcount = 0; - int fd = -1; - int rc = -1; - int res; - struct stat st; - - if (!base || !id || !buffer || !buffer_alloc) { - goto lsout; - } - - if (!blocks) { - blocks = &blockcount; - } - - fn = GetStashFileName(base, id, NULL); - - if (fn == NULL) { - goto lsout; - } - - res = stat(fn, &st); - - if (res == -1) { - if (errno != ENOENT || printnoent) { - fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); - } - goto lsout; - } - - fprintf(stderr, " loading %s\n", fn); - - if ((st.st_size % BLOCKSIZE) != 0) { - fprintf(stderr, "%s size %zd not multiple of block size %d", fn, st.st_size, BLOCKSIZE); - goto lsout; - } - - fd = TEMP_FAILURE_RETRY(open(fn, O_RDONLY)); - - if (fd == -1) { - fprintf(stderr, "open \"%s\" failed: %s\n", fn, strerror(errno)); - goto lsout; - } - - allocate(st.st_size, buffer, buffer_alloc); - - if (read_all(fd, *buffer, st.st_size) == -1) { - goto lsout; - } - - *blocks = st.st_size / BLOCKSIZE; - - if (verify && VerifyBlocks(id, *buffer, *blocks, 1) != 0) { - fprintf(stderr, "unexpected contents in %s\n", fn); - DeleteFile(fn, NULL); - goto lsout; - } - - rc = 0; - -lsout: - if (fd != -1) { - close(fd); - } - - if (fn) { - free(fn); - } - - return rc; -} - -static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buffer, - int checkspace, int *exists) { - char *fn = NULL; - char *cn = NULL; - int fd = -1; - int rc = -1; - int dfd = -1; - int res; - struct stat st; - - if (base == NULL || buffer == NULL) { - goto wsout; - } - - if (checkspace && CacheSizeCheck(blocks * BLOCKSIZE) != 0) { - fprintf(stderr, "not enough space to write stash\n"); - goto wsout; - } - - fn = GetStashFileName(base, id, ".partial"); - cn = GetStashFileName(base, id, NULL); - - if (fn == NULL || cn == NULL) { - goto wsout; - } - - if (exists) { - res = stat(cn, &st); - - if (res == 0) { - // The file already exists and since the name is the hash of the contents, - // it's safe to assume the contents are identical (accidental hash collisions - // are unlikely) - fprintf(stderr, " skipping %d existing blocks in %s\n", blocks, cn); - *exists = 1; - rc = 0; - goto wsout; - } - - *exists = 0; - } - - fprintf(stderr, " writing %d blocks to %s\n", blocks, cn); - - fd = TEMP_FAILURE_RETRY(open(fn, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, STASH_FILE_MODE)); - - if (fd == -1) { - fprintf(stderr, "failed to create \"%s\": %s\n", fn, strerror(errno)); - goto wsout; - } - - if (write_all(fd, buffer, blocks * BLOCKSIZE) == -1) { - goto wsout; - } - - if (fsync(fd) == -1) { - fprintf(stderr, "fsync \"%s\" failed: %s\n", fn, strerror(errno)); - goto wsout; - } - - if (rename(fn, cn) == -1) { - fprintf(stderr, "rename(\"%s\", \"%s\") failed: %s\n", fn, cn, strerror(errno)); - goto wsout; - } - - const char* dname; - dname = dirname(cn); - dfd = TEMP_FAILURE_RETRY(open(dname, O_RDONLY | O_DIRECTORY)); - - if (dfd == -1) { - fprintf(stderr, "failed to open \"%s\" failed: %s\n", dname, strerror(errno)); - goto wsout; - } - - if (fsync(dfd) == -1) { - fprintf(stderr, "fsync \"%s\" failed: %s\n", dname, strerror(errno)); - goto wsout; - } - - rc = 0; - -wsout: - if (fd != -1) { - close(fd); - } - - if (dfd != -1) { - close(dfd); - } - - if (fn) { - free(fn); - } - - if (cn) { - free(cn); - } - - return rc; -} - -// Creates a directory for storing stash files and checks if the /cache partition -// hash enough space for the expected amount of blocks we need to store. Returns -// >0 if we created the directory, zero if it existed already, and <0 of failure. - -static int CreateStash(State* state, int maxblocks, const char* blockdev, char** base) { - char* dirname = NULL; - const uint8_t* digest; - int rc = -1; - int res; - int size = 0; - SHA_CTX ctx; - struct stat st; - - if (blockdev == NULL || base == NULL) { - goto csout; - } - - // Stash directory should be different for each partition to avoid conflicts - // when updating multiple partitions at the same time, so we use the hash of - // the block device name as the base directory - SHA_init(&ctx); - SHA_update(&ctx, blockdev, strlen(blockdev)); - digest = SHA_final(&ctx); - *base = PrintSha1(digest); - - if (*base == NULL) { - goto csout; - } - - dirname = GetStashFileName(*base, NULL, NULL); - - if (dirname == NULL) { - goto csout; - } - - res = stat(dirname, &st); - - if (res == -1 && errno != ENOENT) { - ErrorAbort(state, "stat \"%s\" failed: %s\n", dirname, strerror(errno)); - goto csout; - } else if (res != 0) { - fprintf(stderr, "creating stash %s\n", dirname); - res = mkdir(dirname, STASH_DIRECTORY_MODE); - - if (res != 0) { - ErrorAbort(state, "mkdir \"%s\" failed: %s\n", dirname, strerror(errno)); - goto csout; - } - - if (CacheSizeCheck(maxblocks * BLOCKSIZE) != 0) { - ErrorAbort(state, "not enough space for stash\n"); - goto csout; - } - - rc = 1; // Created directory - goto csout; - } - - fprintf(stderr, "using existing stash %s\n", dirname); - - // If the directory already exists, calculate the space already allocated to - // stash files and check if there's enough for all required blocks. Delete any - // partially completed stash files first. - - EnumerateStash(dirname, DeletePartial, NULL); - EnumerateStash(dirname, UpdateFileSize, &size); - - size = (maxblocks * BLOCKSIZE) - size; - - if (size > 0 && CacheSizeCheck(size) != 0) { - ErrorAbort(state, "not enough space for stash (%d more needed)\n", size); - goto csout; - } - - rc = 0; // Using existing directory - -csout: - if (dirname) { - free(dirname); - } - - return rc; -} - -static int SaveStash(const char* base, char** wordsave, uint8_t** buffer, size_t* buffer_alloc, - int fd, int usehash, int* isunresumable) { - char *id = NULL; - int res = -1; - int blocks = 0; - - if (!wordsave || !buffer || !buffer_alloc || !isunresumable) { - return -1; - } - - id = strtok_r(NULL, " ", wordsave); - - if (id == NULL) { - fprintf(stderr, "missing id field in stash command\n"); - return -1; - } - - if (usehash && LoadStash(base, id, 1, &blocks, buffer, buffer_alloc, 0) == 0) { - // Stash file already exists and has expected contents. Do not - // read from source again, as the source may have been already - // overwritten during a previous attempt. - return 0; - } - - if (LoadSrcTgtVersion1(wordsave, NULL, &blocks, buffer, buffer_alloc, fd) == -1) { - return -1; - } - - if (usehash && VerifyBlocks(id, *buffer, blocks, 1) != 0) { - // Source blocks have unexpected contents. If we actually need this - // data later, this is an unrecoverable error. However, the command - // that uses the data may have already completed previously, so the - // possible failure will occur during source block verification. - fprintf(stderr, "failed to load source blocks for stash %s\n", id); - return 0; - } - - fprintf(stderr, "stashing %d blocks to %s\n", blocks, id); - return WriteStash(base, id, blocks, *buffer, 0, NULL); -} - -static int FreeStash(const char* base, const char* id) { - char *fn = NULL; - - if (base == NULL || id == NULL) { - return -1; - } - - fn = GetStashFileName(base, id, NULL); - - if (fn == NULL) { - return -1; - } - - DeleteFile(fn, NULL); - free(fn); - - return 0; -} - -static void MoveRange(uint8_t* dest, RangeSet* locs, const uint8_t* source) { - // source contains packed data, which we want to move to the - // locations given in *locs in the dest buffer. source and dest - // may be the same buffer. - - int start = locs->size; - int i; - for (i = locs->count-1; i >= 0; --i) { - int blocks = locs->pos[i*2+1] - locs->pos[i*2]; - start -= blocks; - memmove(dest + (locs->pos[i*2] * BLOCKSIZE), source + (start * BLOCKSIZE), - blocks * BLOCKSIZE); - } -} - -// Do a source/target load for move/bsdiff/imgdiff in version 2. -// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect -// to parse the remainder of the string as one of: -// -// -// (loads data from source image only) -// -// - <[stash_id:stash_range] ...> -// (loads data from stashes only) -// -// <[stash_id:stash_range] ...> -// (loads data from both source image and stashes) -// -// On return, buffer is filled with the loaded source data (rearranged -// and combined with stashed data as necessary). buffer may be -// reallocated if needed to accommodate the source data. *tgt is the -// target RangeSet. Any stashes required are loaded using LoadStash. - -static int LoadSrcTgtVersion2(char** wordsave, RangeSet** tgt, int* src_blocks, - uint8_t** buffer, size_t* buffer_alloc, int fd, - const char* stashbase, int* overlap) { - char* word; - char* colonsave; - char* colon; - int id; - int res; - RangeSet* locs; - size_t stashalloc = 0; - uint8_t* stash = NULL; - - if (tgt != NULL) { - word = strtok_r(NULL, " ", wordsave); - *tgt = parse_range(word); - } - - word = strtok_r(NULL, " ", wordsave); - *src_blocks = strtol(word, NULL, 0); - - allocate(*src_blocks * BLOCKSIZE, buffer, buffer_alloc); - - word = strtok_r(NULL, " ", wordsave); - if (word[0] == '-' && word[1] == '\0') { - // no source ranges, only stashes - } else { - RangeSet* src = parse_range(word); - res = ReadBlocks(src, *buffer, fd); - - if (overlap && tgt) { - *overlap = range_overlaps(src, *tgt); - } - - free(src); - - if (res == -1) { - return -1; - } - - word = strtok_r(NULL, " ", wordsave); - if (word == NULL) { - // no stashes, only source range - return 0; - } - - locs = parse_range(word); - MoveRange(*buffer, locs, *buffer); - free(locs); - } - - while ((word = strtok_r(NULL, " ", wordsave)) != NULL) { - // Each word is a an index into the stash table, a colon, and - // then a rangeset describing where in the source block that - // stashed data should go. - colonsave = NULL; - colon = strtok_r(word, ":", &colonsave); - - res = LoadStash(stashbase, colon, 0, NULL, &stash, &stashalloc, 1); - - if (res == -1) { - // These source blocks will fail verification if used later, but we - // will let the caller decide if this is a fatal failure - fprintf(stderr, "failed to load stash %s\n", colon); - continue; - } - - colon = strtok_r(NULL, ":", &colonsave); - locs = parse_range(colon); - - MoveRange(*buffer, locs, stash); - free(locs); - } - - if (stash) { - free(stash); - } - - return 0; -} - -// Parameters for transfer list command functions -typedef struct { - char* cmdname; - char* cpos; - char* freestash; - char* stashbase; - int canwrite; - int createdstash; - int fd; - int foundwrites; - int isunresumable; - int version; - int written; - NewThreadInfo nti; - pthread_t thread; - size_t bufsize; - uint8_t* buffer; - uint8_t* patch_start; -} CommandParameters; - -// Do a source/target load for move/bsdiff/imgdiff in version 3. -// -// Parameters are the same as for LoadSrcTgtVersion2, except for 'onehash', which -// tells the function whether to expect separate source and targe block hashes, or -// if they are both the same and only one hash should be expected, and -// 'isunresumable', which receives a non-zero value if block verification fails in -// a way that the update cannot be resumed anymore. -// -// If the function is unable to load the necessary blocks or their contents don't -// match the hashes, the return value is -1 and the command should be aborted. -// -// If the return value is 1, the command has already been completed according to -// the contents of the target blocks, and should not be performed again. -// -// If the return value is 0, source blocks have expected content and the command -// can be performed. - -static int LoadSrcTgtVersion3(CommandParameters* params, RangeSet** tgt, int* src_blocks, - int onehash, int* overlap) { - char* srchash = NULL; - char* tgthash = NULL; - int stash_exists = 0; - int overlap_blocks = 0; - int rc = -1; - uint8_t* tgtbuffer = NULL; - - if (!params|| !tgt || !src_blocks || !overlap) { - goto v3out; - } - - srchash = strtok_r(NULL, " ", ¶ms->cpos); - - if (srchash == NULL) { - fprintf(stderr, "missing source hash\n"); - goto v3out; - } - - if (onehash) { - tgthash = srchash; - } else { - tgthash = strtok_r(NULL, " ", ¶ms->cpos); - - if (tgthash == NULL) { - fprintf(stderr, "missing target hash\n"); - goto v3out; - } - } - - if (LoadSrcTgtVersion2(¶ms->cpos, tgt, src_blocks, ¶ms->buffer, ¶ms->bufsize, - params->fd, params->stashbase, overlap) == -1) { - goto v3out; - } - - tgtbuffer = (uint8_t*) malloc((*tgt)->size * BLOCKSIZE); - - if (tgtbuffer == NULL) { - fprintf(stderr, "failed to allocate %d bytes\n", (*tgt)->size * BLOCKSIZE); - goto v3out; - } - - if (ReadBlocks(*tgt, tgtbuffer, params->fd) == -1) { - goto v3out; - } - - if (VerifyBlocks(tgthash, tgtbuffer, (*tgt)->size, 0) == 0) { - // Target blocks already have expected content, command should be skipped - rc = 1; - goto v3out; - } - - if (VerifyBlocks(srchash, params->buffer, *src_blocks, 1) == 0) { - // If source and target blocks overlap, stash the source blocks so we can - // resume from possible write errors - if (*overlap) { - fprintf(stderr, "stashing %d overlapping blocks to %s\n", *src_blocks, - srchash); - - if (WriteStash(params->stashbase, srchash, *src_blocks, params->buffer, 1, - &stash_exists) != 0) { - fprintf(stderr, "failed to stash overlapping source blocks\n"); - goto v3out; - } - - // Can be deleted when the write has completed - if (!stash_exists) { - params->freestash = srchash; - } - } - - // Source blocks have expected content, command can proceed - rc = 0; - goto v3out; - } - - if (*overlap && LoadStash(params->stashbase, srchash, 1, NULL, ¶ms->buffer, - ¶ms->bufsize, 1) == 0) { - // Overlapping source blocks were previously stashed, command can proceed. - // We are recovering from an interrupted command, so we don't know if the - // stash can safely be deleted after this command. - rc = 0; - goto v3out; - } - - // Valid source data not available, update cannot be resumed - fprintf(stderr, "partition has unexpected contents\n"); - params->isunresumable = 1; - -v3out: - if (tgtbuffer) { - free(tgtbuffer); - } - - return rc; -} - -static int PerformCommandMove(CommandParameters* params) { - int blocks = 0; - int overlap = 0; - int rc = -1; - int status = 0; - RangeSet* tgt = NULL; - - if (!params) { - goto pcmout; - } - - if (params->version == 1) { - status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd); - } else if (params->version == 2) { - status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd, params->stashbase, NULL); - } else if (params->version >= 3) { - status = LoadSrcTgtVersion3(params, &tgt, &blocks, 1, &overlap); - } - - if (status == -1) { - fprintf(stderr, "failed to read blocks for move\n"); - goto pcmout; - } - - if (status == 0) { - params->foundwrites = 1; - } else if (params->foundwrites) { - fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); - } - - if (params->canwrite) { - if (status == 0) { - fprintf(stderr, " moving %d blocks\n", blocks); - - if (WriteBlocks(tgt, params->buffer, params->fd) == -1) { - goto pcmout; - } - } else { - fprintf(stderr, "skipping %d already moved blocks\n", blocks); - } - - } - - if (params->freestash) { - FreeStash(params->stashbase, params->freestash); - params->freestash = NULL; - } - - params->written += tgt->size; - rc = 0; - -pcmout: - if (tgt) { - free(tgt); - } - - return rc; -} - -static int PerformCommandStash(CommandParameters* params) { - if (!params) { - return -1; - } - - return SaveStash(params->stashbase, ¶ms->cpos, ¶ms->buffer, ¶ms->bufsize, - params->fd, (params->version >= 3), ¶ms->isunresumable); -} - -static int PerformCommandFree(CommandParameters* params) { - if (!params) { - return -1; - } - - if (params->createdstash || params->canwrite) { - return FreeStash(params->stashbase, params->cpos); - } - - return 0; -} - -static int PerformCommandZero(CommandParameters* params) { - char* range = NULL; - int i; - int j; - int rc = -1; - RangeSet* tgt = NULL; - - if (!params) { - goto pczout; - } - - range = strtok_r(NULL, " ", ¶ms->cpos); - - if (range == NULL) { - fprintf(stderr, "missing target blocks for zero\n"); - goto pczout; - } - - tgt = parse_range(range); - - fprintf(stderr, " zeroing %d blocks\n", tgt->size); - - allocate(BLOCKSIZE, ¶ms->buffer, ¶ms->bufsize); - memset(params->buffer, 0, BLOCKSIZE); - - if (params->canwrite) { - for (i = 0; i < tgt->count; ++i) { - if (!check_lseek(params->fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { - goto pczout; - } - - for (j = tgt->pos[i * 2]; j < tgt->pos[i * 2 + 1]; ++j) { - if (write_all(params->fd, params->buffer, BLOCKSIZE) == -1) { - goto pczout; - } - } - } - } - - if (params->cmdname[0] == 'z') { - // Update only for the zero command, as the erase command will call - // this if DEBUG_ERASE is defined. - params->written += tgt->size; - } - - rc = 0; - -pczout: - if (tgt) { - free(tgt); - } - - return rc; -} - -static int PerformCommandNew(CommandParameters* params) { - char* range = NULL; - int rc = -1; - RangeSet* tgt = NULL; - RangeSinkState rss; - - if (!params) { - goto pcnout; - } - - range = strtok_r(NULL, " ", ¶ms->cpos); - - if (range == NULL) { - goto pcnout; - } - - tgt = parse_range(range); - - if (params->canwrite) { - fprintf(stderr, " writing %d blocks of new data\n", tgt->size); - - rss.fd = params->fd; - rss.tgt = tgt; - rss.p_block = 0; - rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; - - if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { - goto pcnout; - } - - pthread_mutex_lock(¶ms->nti.mu); - params->nti.rss = &rss; - pthread_cond_broadcast(¶ms->nti.cv); - - while (params->nti.rss) { - pthread_cond_wait(¶ms->nti.cv, ¶ms->nti.mu); - } - - pthread_mutex_unlock(¶ms->nti.mu); - } - - params->written += tgt->size; - rc = 0; - -pcnout: - if (tgt) { - free(tgt); - } - - return rc; -} - -static int PerformCommandDiff(CommandParameters* params) { - char* logparams = NULL; - char* value = NULL; - int blocks = 0; - int overlap = 0; - int rc = -1; - int status = 0; - RangeSet* tgt = NULL; - RangeSinkState rss; - size_t len = 0; - size_t offset = 0; - Value patch_value; - - if (!params) { - goto pcdout; - } - - logparams = strdup(params->cpos); - value = strtok_r(NULL, " ", ¶ms->cpos); - - if (value == NULL) { - fprintf(stderr, "missing patch offset for %s\n", params->cmdname); - goto pcdout; - } - - offset = strtoul(value, NULL, 0); - - value = strtok_r(NULL, " ", ¶ms->cpos); - - if (value == NULL) { - fprintf(stderr, "missing patch length for %s\n", params->cmdname); - goto pcdout; - } - - len = strtoul(value, NULL, 0); - - if (params->version == 1) { - status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd); - } else if (params->version == 2) { - status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, - ¶ms->bufsize, params->fd, params->stashbase, NULL); - } else if (params->version >= 3) { - status = LoadSrcTgtVersion3(params, &tgt, &blocks, 0, &overlap); - } - - if (status == -1) { - fprintf(stderr, "failed to read blocks for diff\n"); - goto pcdout; - } - - if (status == 0) { - params->foundwrites = 1; - } else if (params->foundwrites) { - fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); - } - - if (params->canwrite) { - if (status == 0) { - fprintf(stderr, "patching %d blocks to %d\n", blocks, tgt->size); - - patch_value.type = VAL_BLOB; - patch_value.size = len; - patch_value.data = (char*) (params->patch_start + offset); - - rss.fd = params->fd; - rss.tgt = tgt; - rss.p_block = 0; - rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; - - if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { - goto pcdout; - } - - if (params->cmdname[0] == 'i') { // imgdiff - ApplyImagePatch(params->buffer, blocks * BLOCKSIZE, &patch_value, - &RangeSinkWrite, &rss, NULL, NULL); - } else { - ApplyBSDiffPatch(params->buffer, blocks * BLOCKSIZE, &patch_value, - 0, &RangeSinkWrite, &rss, NULL); - } - - // We expect the output of the patcher to fill the tgt ranges exactly. - if (rss.p_block != tgt->count || rss.p_remain != 0) { - fprintf(stderr, "range sink underrun?\n"); - } - } else { - fprintf(stderr, "skipping %d blocks already patched to %d [%s]\n", - blocks, tgt->size, logparams); - } - } - - if (params->freestash) { - FreeStash(params->stashbase, params->freestash); - params->freestash = NULL; - } - - params->written += tgt->size; - rc = 0; - -pcdout: - if (logparams) { - free(logparams); - } - - if (tgt) { - free(tgt); - } - - return rc; -} - -static int PerformCommandErase(CommandParameters* params) { - char* range = NULL; - int i; - int rc = -1; - RangeSet* tgt = NULL; - struct stat st; - uint64_t blocks[2]; - - if (DEBUG_ERASE) { - return PerformCommandZero(params); - } - - if (!params) { - goto pceout; - } - - if (fstat(params->fd, &st) == -1) { - fprintf(stderr, "failed to fstat device to erase: %s\n", strerror(errno)); - goto pceout; - } - - if (!S_ISBLK(st.st_mode)) { - fprintf(stderr, "not a block device; skipping erase\n"); - goto pceout; - } - - range = strtok_r(NULL, " ", ¶ms->cpos); - - if (range == NULL) { - fprintf(stderr, "missing target blocks for zero\n"); - goto pceout; - } - - tgt = parse_range(range); - - if (params->canwrite) { - fprintf(stderr, " erasing %d blocks\n", tgt->size); - - for (i = 0; i < tgt->count; ++i) { - // offset in bytes - blocks[0] = tgt->pos[i * 2] * (uint64_t) BLOCKSIZE; - // length in bytes - blocks[1] = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * (uint64_t) BLOCKSIZE; - - if (ioctl(params->fd, BLKDISCARD, &blocks) == -1) { - fprintf(stderr, "BLKDISCARD ioctl failed: %s\n", strerror(errno)); - goto pceout; - } - } - } - - rc = 0; - -pceout: - if (tgt) { - free(tgt); - } - - return rc; -} - -// Definitions for transfer list command functions -typedef int (*CommandFunction)(CommandParameters*); - -typedef struct { - const char* name; - CommandFunction f; -} Command; - -// CompareCommands and CompareCommandNames are for the hash table - -static int CompareCommands(const void* c1, const void* c2) { - return strcmp(((const Command*) c1)->name, ((const Command*) c2)->name); -} - -static int CompareCommandNames(const void* c1, const void* c2) { - return strcmp(((const Command*) c1)->name, (const char*) c2); -} - -// HashString is used to hash command names for the hash table - -static unsigned int HashString(const char *s) { - unsigned int hash = 0; - if (s) { - while (*s) { - hash = hash * 33 + *s++; - } - } - return hash; -} - -// args: -// - block device (or file) to modify in-place -// - transfer list (blob) -// - new data stream (filename within package.zip) -// - patch stream (filename within package.zip, must be uncompressed) - -static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, Expr* argv[], - const Command* commands, int cmdcount, int dryrun) { - - char* line = NULL; - char* linesave = NULL; - char* logcmd = NULL; - char* transfer_list = NULL; - CommandParameters params; - const Command* cmd = NULL; - const ZipEntry* new_entry = NULL; - const ZipEntry* patch_entry = NULL; - FILE* cmd_pipe = NULL; - HashTable* cmdht = NULL; - int i; - int res; - int rc = -1; - int stash_max_blocks = 0; - int total_blocks = 0; - pthread_attr_t attr; - unsigned int cmdhash; - UpdaterInfo* ui = NULL; - Value* blockdev_filename = NULL; - Value* new_data_fn = NULL; - Value* patch_data_fn = NULL; - Value* transfer_list_value = NULL; - ZipArchive* za = NULL; - - memset(¶ms, 0, sizeof(params)); - params.canwrite = !dryrun; - - fprintf(stderr, "performing %s\n", dryrun ? "verification" : "update"); - - if (ReadValueArgs(state, argv, 4, &blockdev_filename, &transfer_list_value, - &new_data_fn, &patch_data_fn) < 0) { - goto pbiudone; - } - - if (blockdev_filename->type != VAL_STRING) { - ErrorAbort(state, "blockdev_filename argument to %s must be string", name); - goto pbiudone; - } - if (transfer_list_value->type != VAL_BLOB) { - ErrorAbort(state, "transfer_list argument to %s must be blob", name); - goto pbiudone; - } - if (new_data_fn->type != VAL_STRING) { - ErrorAbort(state, "new_data_fn argument to %s must be string", name); - goto pbiudone; - } - if (patch_data_fn->type != VAL_STRING) { - ErrorAbort(state, "patch_data_fn argument to %s must be string", name); - goto pbiudone; - } - - ui = (UpdaterInfo*) state->cookie; - - if (ui == NULL) { - goto pbiudone; - } - - cmd_pipe = ui->cmd_pipe; - za = ui->package_zip; - - if (cmd_pipe == NULL || za == NULL) { - goto pbiudone; - } - - patch_entry = mzFindZipEntry(za, patch_data_fn->data); - - if (patch_entry == NULL) { - fprintf(stderr, "%s(): no file \"%s\" in package", name, patch_data_fn->data); - goto pbiudone; - } - - params.patch_start = ui->package_zip_addr + mzGetZipEntryOffset(patch_entry); - new_entry = mzFindZipEntry(za, new_data_fn->data); - - if (new_entry == NULL) { - fprintf(stderr, "%s(): no file \"%s\" in package", name, new_data_fn->data); - goto pbiudone; - } - - params.fd = TEMP_FAILURE_RETRY(open(blockdev_filename->data, O_RDWR)); - - if (params.fd == -1) { - fprintf(stderr, "open \"%s\" failed: %s\n", blockdev_filename->data, strerror(errno)); - goto pbiudone; - } - - if (params.canwrite) { - params.nti.za = za; - params.nti.entry = new_entry; - - pthread_mutex_init(¶ms.nti.mu, NULL); - pthread_cond_init(¶ms.nti.cv, NULL); - pthread_attr_init(&attr); - pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); - - int error = pthread_create(¶ms.thread, &attr, unzip_new_data, ¶ms.nti); - if (error != 0) { - fprintf(stderr, "pthread_create failed: %s\n", strerror(error)); - goto pbiudone; - } - } - - // The data in transfer_list_value is not necessarily null-terminated, so we need - // to copy it to a new buffer and add the null that strtok_r will need. - transfer_list = malloc(transfer_list_value->size + 1); - - if (transfer_list == NULL) { - fprintf(stderr, "failed to allocate %zd bytes for transfer list\n", - transfer_list_value->size + 1); - goto pbiudone; - } - - memcpy(transfer_list, transfer_list_value->data, transfer_list_value->size); - transfer_list[transfer_list_value->size] = '\0'; - - // First line in transfer list is the version number - line = strtok_r(transfer_list, "\n", &linesave); - params.version = strtol(line, NULL, 0); - - if (params.version < 1 || params.version > 3) { - fprintf(stderr, "unexpected transfer list version [%s]\n", line); - goto pbiudone; - } - - fprintf(stderr, "blockimg version is %d\n", params.version); - - // Second line in transfer list is the total number of blocks we expect to write - line = strtok_r(NULL, "\n", &linesave); - total_blocks = strtol(line, NULL, 0); - - if (total_blocks < 0) { - ErrorAbort(state, "unexpected block count [%s]\n", line); - goto pbiudone; - } else if (total_blocks == 0) { - rc = 0; - goto pbiudone; - } - - if (params.version >= 2) { - // Third line is how many stash entries are needed simultaneously - line = strtok_r(NULL, "\n", &linesave); - fprintf(stderr, "maximum stash entries %s\n", line); - - // Fourth line is the maximum number of blocks that will be stashed simultaneously - line = strtok_r(NULL, "\n", &linesave); - stash_max_blocks = strtol(line, NULL, 0); - - if (stash_max_blocks < 0) { - ErrorAbort(state, "unexpected maximum stash blocks [%s]\n", line); - goto pbiudone; - } - - if (stash_max_blocks >= 0) { - res = CreateStash(state, stash_max_blocks, blockdev_filename->data, - ¶ms.stashbase); - - if (res == -1) { - goto pbiudone; - } - - params.createdstash = res; - } - } - - // Build a hash table of the available commands - cmdht = mzHashTableCreate(cmdcount, NULL); - - for (i = 0; i < cmdcount; ++i) { - cmdhash = HashString(commands[i].name); - mzHashTableLookup(cmdht, cmdhash, (void*) &commands[i], CompareCommands, true); - } - - // Subsequent lines are all individual transfer commands - for (line = strtok_r(NULL, "\n", &linesave); line; - line = strtok_r(NULL, "\n", &linesave)) { - - logcmd = strdup(line); - params.cmdname = strtok_r(line, " ", ¶ms.cpos); - - if (params.cmdname == NULL) { - fprintf(stderr, "missing command [%s]\n", line); - goto pbiudone; - } - - cmdhash = HashString(params.cmdname); - cmd = (const Command*) mzHashTableLookup(cmdht, cmdhash, params.cmdname, - CompareCommandNames, false); - - if (cmd == NULL) { - fprintf(stderr, "unexpected command [%s]\n", params.cmdname); - goto pbiudone; - } - - if (cmd->f != NULL && cmd->f(¶ms) == -1) { - fprintf(stderr, "failed to execute command [%s]\n", - logcmd ? logcmd : params.cmdname); - goto pbiudone; - } - - if (logcmd) { - free(logcmd); - logcmd = NULL; - } - - if (params.canwrite) { - fprintf(cmd_pipe, "set_progress %.4f\n", (double) params.written / total_blocks); - fflush(cmd_pipe); - } - } - - if (params.canwrite) { - pthread_join(params.thread, NULL); - - fprintf(stderr, "wrote %d blocks; expected %d\n", params.written, total_blocks); - fprintf(stderr, "max alloc needed was %zu\n", params.bufsize); - - // Delete stash only after successfully completing the update, as it - // may contain blocks needed to complete the update later. - DeleteStash(params.stashbase); - } else { - fprintf(stderr, "verified partition contents; update may be resumed\n"); - } - - rc = 0; - -pbiudone: - if (params.fd != -1) { - if (fsync(params.fd) == -1) { - fprintf(stderr, "fsync failed: %s\n", strerror(errno)); - } - close(params.fd); - } - - if (logcmd) { - free(logcmd); - } - - if (cmdht) { - mzHashTableFree(cmdht); - } - - if (params.buffer) { - free(params.buffer); - } - - if (transfer_list) { - free(transfer_list); - } - - if (blockdev_filename) { - FreeValue(blockdev_filename); - } - - if (transfer_list_value) { - FreeValue(transfer_list_value); - } - - if (new_data_fn) { - FreeValue(new_data_fn); - } - - if (patch_data_fn) { - FreeValue(patch_data_fn); - } - - // Only delete the stash if the update cannot be resumed, or it's - // a verification run and we created the stash. - if (params.isunresumable || (!params.canwrite && params.createdstash)) { - DeleteStash(params.stashbase); - } - - if (params.stashbase) { - free(params.stashbase); - } - - return StringValue(rc == 0 ? strdup("t") : strdup("")); -} - -// The transfer list is a text file containing commands to -// transfer data from one place to another on the target -// partition. We parse it and execute the commands in order: -// -// zero [rangeset] -// - fill the indicated blocks with zeros -// -// new [rangeset] -// - fill the blocks with data read from the new_data file -// -// erase [rangeset] -// - mark the given blocks as empty -// -// move <...> -// bsdiff <...> -// imgdiff <...> -// - read the source blocks, apply a patch (or not in the -// case of move), write result to target blocks. bsdiff or -// imgdiff specifies the type of patch; move means no patch -// at all. -// -// The format of <...> differs between versions 1 and 2; -// see the LoadSrcTgtVersion{1,2}() functions for a -// description of what's expected. -// -// stash -// - (version 2+ only) load the given source range and stash -// the data in the given slot of the stash table. -// -// The creator of the transfer list will guarantee that no block -// is read (ie, used as the source for a patch or move) after it -// has been written. -// -// In version 2, the creator will guarantee that a given stash is -// loaded (with a stash command) before it's used in a -// move/bsdiff/imgdiff command. -// -// Within one command the source and target ranges may overlap so -// in general we need to read the entire source into memory before -// writing anything to the target blocks. -// -// All the patch data is concatenated into one patch_data file in -// the update package. It must be stored uncompressed because we -// memory-map it in directly from the archive. (Since patches are -// already compressed, we lose very little by not compressing -// their concatenation.) -// -// In version 3, commands that read data from the partition (i.e. -// move/bsdiff/imgdiff/stash) have one or more additional hashes -// before the range parameters, which are used to check if the -// command has already been completed and verify the integrity of -// the source data. - -Value* BlockImageVerifyFn(const char* name, State* state, int argc, Expr* argv[]) { - // Commands which are not tested are set to NULL to skip them completely - const Command commands[] = { - { "bsdiff", PerformCommandDiff }, - { "erase", NULL }, - { "free", PerformCommandFree }, - { "imgdiff", PerformCommandDiff }, - { "move", PerformCommandMove }, - { "new", NULL }, - { "stash", PerformCommandStash }, - { "zero", NULL } - }; - - // Perform a dry run without writing to test if an update can proceed - return PerformBlockImageUpdate(name, state, argc, argv, commands, - sizeof(commands) / sizeof(commands[0]), 1); -} - -Value* BlockImageUpdateFn(const char* name, State* state, int argc, Expr* argv[]) { - const Command commands[] = { - { "bsdiff", PerformCommandDiff }, - { "erase", PerformCommandErase }, - { "free", PerformCommandFree }, - { "imgdiff", PerformCommandDiff }, - { "move", PerformCommandMove }, - { "new", PerformCommandNew }, - { "stash", PerformCommandStash }, - { "zero", PerformCommandZero } - }; - - return PerformBlockImageUpdate(name, state, argc, argv, commands, - sizeof(commands) / sizeof(commands[0]), 0); -} - -Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { - Value* blockdev_filename; - Value* ranges; - const uint8_t* digest = NULL; - if (ReadValueArgs(state, argv, 2, &blockdev_filename, &ranges) < 0) { - return NULL; - } - - if (blockdev_filename->type != VAL_STRING) { - ErrorAbort(state, "blockdev_filename argument to %s must be string", name); - goto done; - } - if (ranges->type != VAL_STRING) { - ErrorAbort(state, "ranges argument to %s must be string", name); - goto done; - } - - int fd = open(blockdev_filename->data, O_RDWR); - if (fd < 0) { - ErrorAbort(state, "open \"%s\" failed: %s", blockdev_filename->data, strerror(errno)); - goto done; - } - - RangeSet* rs = parse_range(ranges->data); - uint8_t buffer[BLOCKSIZE]; - - SHA_CTX ctx; - SHA_init(&ctx); - - int i, j; - for (i = 0; i < rs->count; ++i) { - if (!check_lseek(fd, (off64_t)rs->pos[i*2] * BLOCKSIZE, SEEK_SET)) { - ErrorAbort(state, "failed to seek %s: %s", blockdev_filename->data, - strerror(errno)); - goto done; - } - - for (j = rs->pos[i*2]; j < rs->pos[i*2+1]; ++j) { - if (read_all(fd, buffer, BLOCKSIZE) == -1) { - ErrorAbort(state, "failed to read %s: %s", blockdev_filename->data, - strerror(errno)); - goto done; - } - - SHA_update(&ctx, buffer, BLOCKSIZE); - } - } - digest = SHA_final(&ctx); - close(fd); - - done: - FreeValue(blockdev_filename); - FreeValue(ranges); - if (digest == NULL) { - return StringValue(strdup("")); - } else { - return StringValue(PrintSha1(digest)); - } -} - -void RegisterBlockImageFunctions() { - RegisterFunction("block_image_verify", BlockImageVerifyFn); - RegisterFunction("block_image_update", BlockImageUpdateFn); - RegisterFunction("range_sha1", RangeSha1Fn); -} diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp new file mode 100644 index 000000000..310bbf94c --- /dev/null +++ b/updater/blockimg.cpp @@ -0,0 +1,2011 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "applypatch/applypatch.h" +#include "edify/expr.h" +#include "mincrypt/sha.h" +#include "minzip/Hash.h" +#include "updater.h" + +#define BLOCKSIZE 4096 + +// Set this to 0 to interpret 'erase' transfers to mean do a +// BLKDISCARD ioctl (the normal behavior). Set to 1 to interpret +// erase to mean fill the region with zeroes. +#define DEBUG_ERASE 0 + +#define STASH_DIRECTORY_BASE "/cache/recovery" +#define STASH_DIRECTORY_MODE 0700 +#define STASH_FILE_MODE 0600 + +char* PrintSha1(const uint8_t* digest); + +typedef struct { + int count; + int size; + int pos[0]; +} RangeSet; + +#define RANGESET_MAX_POINTS \ + ((int)((INT_MAX / sizeof(int)) - sizeof(RangeSet))) + +static RangeSet* parse_range(char* text) { + char* save; + char* token; + int num; + long int val; + RangeSet* out = NULL; + size_t bufsize; + + if (!text) { + goto err; + } + + token = strtok_r(text, ",", &save); + + if (!token) { + goto err; + } + + val = strtol(token, NULL, 0); + + if (val < 2 || val > RANGESET_MAX_POINTS) { + goto err; + } else if (val % 2) { + goto err; // must be even + } + + num = (int) val; + bufsize = sizeof(RangeSet) + num * sizeof(int); + + out = reinterpret_cast(malloc(bufsize)); + + if (!out) { + fprintf(stderr, "failed to allocate range of %zu bytes\n", bufsize); + goto err; + } + + out->count = num / 2; + out->size = 0; + + for (int i = 0; i < num; ++i) { + token = strtok_r(NULL, ",", &save); + + if (!token) { + goto err; + } + + val = strtol(token, NULL, 0); + + if (val < 0 || val > INT_MAX) { + goto err; + } + + out->pos[i] = (int) val; + + if (i % 2) { + if (out->pos[i - 1] >= out->pos[i]) { + goto err; // empty or negative range + } + + if (out->size > INT_MAX - out->pos[i]) { + goto err; // overflow + } + + out->size += out->pos[i]; + } else { + if (out->size < 0) { + goto err; + } + + out->size -= out->pos[i]; + } + } + + if (out->size <= 0) { + goto err; + } + + return out; + +err: + fprintf(stderr, "failed to parse range '%s'\n", text ? text : "NULL"); + exit(1); +} + +static int range_overlaps(RangeSet* r1, RangeSet* r2) { + int i, j, r1_0, r1_1, r2_0, r2_1; + + if (!r1 || !r2) { + return 0; + } + + for (i = 0; i < r1->count; ++i) { + r1_0 = r1->pos[i * 2]; + r1_1 = r1->pos[i * 2 + 1]; + + for (j = 0; j < r2->count; ++j) { + r2_0 = r2->pos[j * 2]; + r2_1 = r2->pos[j * 2 + 1]; + + if (!(r2_0 >= r1_1 || r1_0 >= r2_1)) { + return 1; + } + } + } + + return 0; +} + +static int read_all(int fd, uint8_t* data, size_t size) { + size_t so_far = 0; + while (so_far < size) { + ssize_t r = TEMP_FAILURE_RETRY(read(fd, data+so_far, size-so_far)); + if (r == -1) { + fprintf(stderr, "read failed: %s\n", strerror(errno)); + return -1; + } + so_far += r; + } + return 0; +} + +static int write_all(int fd, const uint8_t* data, size_t size) { + size_t written = 0; + while (written < size) { + ssize_t w = TEMP_FAILURE_RETRY(write(fd, data+written, size-written)); + if (w == -1) { + fprintf(stderr, "write failed: %s\n", strerror(errno)); + return -1; + } + written += w; + } + + if (fsync(fd) == -1) { + fprintf(stderr, "fsync failed: %s\n", strerror(errno)); + return -1; + } + + return 0; +} + +static bool check_lseek(int fd, off64_t offset, int whence) { + off64_t rc = TEMP_FAILURE_RETRY(lseek64(fd, offset, whence)); + if (rc == -1) { + fprintf(stderr, "lseek64 failed: %s\n", strerror(errno)); + return false; + } + return true; +} + +static void allocate(size_t size, uint8_t** buffer, size_t* buffer_alloc) { + // if the buffer's big enough, reuse it. + if (size <= *buffer_alloc) return; + + free(*buffer); + + *buffer = (uint8_t*) malloc(size); + if (*buffer == NULL) { + fprintf(stderr, "failed to allocate %zu bytes\n", size); + exit(1); + } + *buffer_alloc = size; +} + +typedef struct { + int fd; + RangeSet* tgt; + int p_block; + size_t p_remain; +} RangeSinkState; + +static ssize_t RangeSinkWrite(const uint8_t* data, ssize_t size, void* token) { + RangeSinkState* rss = (RangeSinkState*) token; + + if (rss->p_remain <= 0) { + fprintf(stderr, "range sink write overrun"); + return 0; + } + + ssize_t written = 0; + while (size > 0) { + size_t write_now = size; + + if (rss->p_remain < write_now) { + write_now = rss->p_remain; + } + + if (write_all(rss->fd, data, write_now) == -1) { + break; + } + + data += write_now; + size -= write_now; + + rss->p_remain -= write_now; + written += write_now; + + if (rss->p_remain == 0) { + // move to the next block + ++rss->p_block; + if (rss->p_block < rss->tgt->count) { + rss->p_remain = (rss->tgt->pos[rss->p_block * 2 + 1] - + rss->tgt->pos[rss->p_block * 2]) * BLOCKSIZE; + + if (!check_lseek(rss->fd, (off64_t)rss->tgt->pos[rss->p_block*2] * BLOCKSIZE, + SEEK_SET)) { + break; + } + } else { + // we can't write any more; return how many bytes have + // been written so far. + break; + } + } + } + + return written; +} + +// All of the data for all the 'new' transfers is contained in one +// file in the update package, concatenated together in the order in +// which transfers.list will need it. We want to stream it out of the +// archive (it's compressed) without writing it to a temp file, but we +// can't write each section until it's that transfer's turn to go. +// +// To achieve this, we expand the new data from the archive in a +// background thread, and block that threads 'receive uncompressed +// data' function until the main thread has reached a point where we +// want some new data to be written. We signal the background thread +// with the destination for the data and block the main thread, +// waiting for the background thread to complete writing that section. +// Then it signals the main thread to wake up and goes back to +// blocking waiting for a transfer. +// +// NewThreadInfo is the struct used to pass information back and forth +// between the two threads. When the main thread wants some data +// written, it sets rss to the destination location and signals the +// condition. When the background thread is done writing, it clears +// rss and signals the condition again. + +typedef struct { + ZipArchive* za; + const ZipEntry* entry; + + RangeSinkState* rss; + + pthread_mutex_t mu; + pthread_cond_t cv; +} NewThreadInfo; + +static bool receive_new_data(const unsigned char* data, int size, void* cookie) { + NewThreadInfo* nti = (NewThreadInfo*) cookie; + + while (size > 0) { + // Wait for nti->rss to be non-NULL, indicating some of this + // data is wanted. + pthread_mutex_lock(&nti->mu); + while (nti->rss == NULL) { + pthread_cond_wait(&nti->cv, &nti->mu); + } + pthread_mutex_unlock(&nti->mu); + + // At this point nti->rss is set, and we own it. The main + // thread is waiting for it to disappear from nti. + ssize_t written = RangeSinkWrite(data, size, nti->rss); + data += written; + size -= written; + + if (nti->rss->p_block == nti->rss->tgt->count) { + // we have written all the bytes desired by this rss. + + pthread_mutex_lock(&nti->mu); + nti->rss = NULL; + pthread_cond_broadcast(&nti->cv); + pthread_mutex_unlock(&nti->mu); + } + } + + return true; +} + +static void* unzip_new_data(void* cookie) { + NewThreadInfo* nti = (NewThreadInfo*) cookie; + mzProcessZipEntryContents(nti->za, nti->entry, receive_new_data, nti); + return NULL; +} + +static int ReadBlocks(RangeSet* src, uint8_t* buffer, int fd) { + int i; + size_t p = 0; + size_t size; + + if (!src || !buffer) { + return -1; + } + + for (i = 0; i < src->count; ++i) { + if (!check_lseek(fd, (off64_t) src->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + return -1; + } + + size = (src->pos[i * 2 + 1] - src->pos[i * 2]) * BLOCKSIZE; + + if (read_all(fd, buffer + p, size) == -1) { + return -1; + } + + p += size; + } + + return 0; +} + +static int WriteBlocks(RangeSet* tgt, uint8_t* buffer, int fd) { + int i; + size_t p = 0; + size_t size; + + if (!tgt || !buffer) { + return -1; + } + + for (i = 0; i < tgt->count; ++i) { + if (!check_lseek(fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + return -1; + } + + size = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * BLOCKSIZE; + + if (write_all(fd, buffer + p, size) == -1) { + return -1; + } + + p += size; + } + + return 0; +} + +// Do a source/target load for move/bsdiff/imgdiff in version 1. +// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect +// to parse the remainder of the string as: +// +// +// +// The source range is loaded into the provided buffer, reallocating +// it to make it larger if necessary. The target ranges are returned +// in *tgt, if tgt is non-NULL. + +static int LoadSrcTgtVersion1(char** wordsave, RangeSet** tgt, int* src_blocks, + uint8_t** buffer, size_t* buffer_alloc, int fd) { + char* word; + int rc; + + word = strtok_r(NULL, " ", wordsave); + RangeSet* src = parse_range(word); + + if (tgt != NULL) { + word = strtok_r(NULL, " ", wordsave); + *tgt = parse_range(word); + } + + allocate(src->size * BLOCKSIZE, buffer, buffer_alloc); + rc = ReadBlocks(src, *buffer, fd); + *src_blocks = src->size; + + free(src); + return rc; +} + +static int VerifyBlocks(const char *expected, const uint8_t *buffer, + size_t blocks, int printerror) { + char* hexdigest = NULL; + int rc = -1; + uint8_t digest[SHA_DIGEST_SIZE]; + + if (!expected || !buffer) { + return rc; + } + + SHA_hash(buffer, blocks * BLOCKSIZE, digest); + hexdigest = PrintSha1(digest); + + if (hexdigest != NULL) { + rc = strcmp(expected, hexdigest); + + if (rc != 0 && printerror) { + fprintf(stderr, "failed to verify blocks (expected %s, read %s)\n", + expected, hexdigest); + } + + free(hexdigest); + } + + return rc; +} + +static char* GetStashFileName(const char* base, const char* id, const char* postfix) { + char* fn; + int len; + int res; + + if (base == NULL) { + return NULL; + } + + if (id == NULL) { + id = ""; + } + + if (postfix == NULL) { + postfix = ""; + } + + len = strlen(STASH_DIRECTORY_BASE) + 1 + strlen(base) + 1 + strlen(id) + strlen(postfix) + 1; + fn = reinterpret_cast(malloc(len)); + + if (fn == NULL) { + fprintf(stderr, "failed to malloc %d bytes for fn\n", len); + return NULL; + } + + res = snprintf(fn, len, STASH_DIRECTORY_BASE "/%s/%s%s", base, id, postfix); + + if (res < 0 || res >= len) { + fprintf(stderr, "failed to format file name (return value %d)\n", res); + free(fn); + return NULL; + } + + return fn; +} + +typedef void (*StashCallback)(const char*, void*); + +// Does a best effort enumeration of stash files. Ignores possible non-file +// items in the stash directory and continues despite of errors. Calls the +// 'callback' function for each file and passes 'data' to the function as a +// parameter. + +static void EnumerateStash(const char* dirname, StashCallback callback, void* data) { + char* fn; + DIR* directory; + int len; + int res; + struct dirent* item; + + if (dirname == NULL || callback == NULL) { + return; + } + + directory = opendir(dirname); + + if (directory == NULL) { + if (errno != ENOENT) { + fprintf(stderr, "opendir \"%s\" failed: %s\n", dirname, strerror(errno)); + } + return; + } + + while ((item = readdir(directory)) != NULL) { + if (item->d_type != DT_REG) { + continue; + } + + len = strlen(dirname) + 1 + strlen(item->d_name) + 1; + fn = reinterpret_cast(malloc(len)); + + if (fn == NULL) { + fprintf(stderr, "failed to malloc %d bytes for fn\n", len); + continue; + } + + res = snprintf(fn, len, "%s/%s", dirname, item->d_name); + + if (res < 0 || res >= len) { + fprintf(stderr, "failed to format file name (return value %d)\n", res); + free(fn); + continue; + } + + callback(fn, data); + free(fn); + } + + if (closedir(directory) == -1) { + fprintf(stderr, "closedir \"%s\" failed: %s\n", dirname, strerror(errno)); + } +} + +static void UpdateFileSize(const char* fn, void* data) { + int* size = (int*) data; + struct stat st; + + if (!fn || !data) { + return; + } + + if (stat(fn, &st) == -1) { + fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); + return; + } + + *size += st.st_size; +} + +// Deletes the stash directory and all files in it. Assumes that it only +// contains files. There is nothing we can do about unlikely, but possible +// errors, so they are merely logged. + +static void DeleteFile(const char* fn, void* data) { + if (fn) { + fprintf(stderr, "deleting %s\n", fn); + + if (unlink(fn) == -1 && errno != ENOENT) { + fprintf(stderr, "unlink \"%s\" failed: %s\n", fn, strerror(errno)); + } + } +} + +static void DeletePartial(const char* fn, void* data) { + if (fn && strstr(fn, ".partial") != NULL) { + DeleteFile(fn, data); + } +} + +static void DeleteStash(const char* base) { + char* dirname; + + if (base == NULL) { + return; + } + + dirname = GetStashFileName(base, NULL, NULL); + + if (dirname == NULL) { + return; + } + + fprintf(stderr, "deleting stash %s\n", base); + EnumerateStash(dirname, DeleteFile, NULL); + + if (rmdir(dirname) == -1) { + if (errno != ENOENT && errno != ENOTDIR) { + fprintf(stderr, "rmdir \"%s\" failed: %s\n", dirname, strerror(errno)); + } + } + + free(dirname); +} + +static int LoadStash(const char* base, const char* id, int verify, int* blocks, uint8_t** buffer, + size_t* buffer_alloc, int printnoent) { + char *fn = NULL; + int blockcount = 0; + int fd = -1; + int rc = -1; + int res; + struct stat st; + + if (!base || !id || !buffer || !buffer_alloc) { + goto lsout; + } + + if (!blocks) { + blocks = &blockcount; + } + + fn = GetStashFileName(base, id, NULL); + + if (fn == NULL) { + goto lsout; + } + + res = stat(fn, &st); + + if (res == -1) { + if (errno != ENOENT || printnoent) { + fprintf(stderr, "stat \"%s\" failed: %s\n", fn, strerror(errno)); + } + goto lsout; + } + + fprintf(stderr, " loading %s\n", fn); + + if ((st.st_size % BLOCKSIZE) != 0) { + fprintf(stderr, "%s size %" PRId64 " not multiple of block size %d", + fn, static_cast(st.st_size), BLOCKSIZE); + goto lsout; + } + + fd = TEMP_FAILURE_RETRY(open(fn, O_RDONLY)); + + if (fd == -1) { + fprintf(stderr, "open \"%s\" failed: %s\n", fn, strerror(errno)); + goto lsout; + } + + allocate(st.st_size, buffer, buffer_alloc); + + if (read_all(fd, *buffer, st.st_size) == -1) { + goto lsout; + } + + *blocks = st.st_size / BLOCKSIZE; + + if (verify && VerifyBlocks(id, *buffer, *blocks, 1) != 0) { + fprintf(stderr, "unexpected contents in %s\n", fn); + DeleteFile(fn, NULL); + goto lsout; + } + + rc = 0; + +lsout: + if (fd != -1) { + close(fd); + } + + if (fn) { + free(fn); + } + + return rc; +} + +static int WriteStash(const char* base, const char* id, int blocks, uint8_t* buffer, + int checkspace, int *exists) { + char *fn = NULL; + char *cn = NULL; + int fd = -1; + int rc = -1; + int dfd = -1; + int res; + struct stat st; + + if (base == NULL || buffer == NULL) { + goto wsout; + } + + if (checkspace && CacheSizeCheck(blocks * BLOCKSIZE) != 0) { + fprintf(stderr, "not enough space to write stash\n"); + goto wsout; + } + + fn = GetStashFileName(base, id, ".partial"); + cn = GetStashFileName(base, id, NULL); + + if (fn == NULL || cn == NULL) { + goto wsout; + } + + if (exists) { + res = stat(cn, &st); + + if (res == 0) { + // The file already exists and since the name is the hash of the contents, + // it's safe to assume the contents are identical (accidental hash collisions + // are unlikely) + fprintf(stderr, " skipping %d existing blocks in %s\n", blocks, cn); + *exists = 1; + rc = 0; + goto wsout; + } + + *exists = 0; + } + + fprintf(stderr, " writing %d blocks to %s\n", blocks, cn); + + fd = TEMP_FAILURE_RETRY(open(fn, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, STASH_FILE_MODE)); + + if (fd == -1) { + fprintf(stderr, "failed to create \"%s\": %s\n", fn, strerror(errno)); + goto wsout; + } + + if (write_all(fd, buffer, blocks * BLOCKSIZE) == -1) { + goto wsout; + } + + if (fsync(fd) == -1) { + fprintf(stderr, "fsync \"%s\" failed: %s\n", fn, strerror(errno)); + goto wsout; + } + + if (rename(fn, cn) == -1) { + fprintf(stderr, "rename(\"%s\", \"%s\") failed: %s\n", fn, cn, strerror(errno)); + goto wsout; + } + + const char* dname; + dname = dirname(cn); + dfd = TEMP_FAILURE_RETRY(open(dname, O_RDONLY | O_DIRECTORY)); + + if (dfd == -1) { + fprintf(stderr, "failed to open \"%s\" failed: %s\n", dname, strerror(errno)); + goto wsout; + } + + if (fsync(dfd) == -1) { + fprintf(stderr, "fsync \"%s\" failed: %s\n", dname, strerror(errno)); + goto wsout; + } + + rc = 0; + +wsout: + if (fd != -1) { + close(fd); + } + + if (dfd != -1) { + close(dfd); + } + + if (fn) { + free(fn); + } + + if (cn) { + free(cn); + } + + return rc; +} + +// Creates a directory for storing stash files and checks if the /cache partition +// hash enough space for the expected amount of blocks we need to store. Returns +// >0 if we created the directory, zero if it existed already, and <0 of failure. + +static int CreateStash(State* state, int maxblocks, const char* blockdev, char** base) { + char* dirname = NULL; + const uint8_t* digest; + int rc = -1; + int res; + int size = 0; + SHA_CTX ctx; + struct stat st; + + if (blockdev == NULL || base == NULL) { + goto csout; + } + + // Stash directory should be different for each partition to avoid conflicts + // when updating multiple partitions at the same time, so we use the hash of + // the block device name as the base directory + SHA_init(&ctx); + SHA_update(&ctx, blockdev, strlen(blockdev)); + digest = SHA_final(&ctx); + *base = PrintSha1(digest); + + if (*base == NULL) { + goto csout; + } + + dirname = GetStashFileName(*base, NULL, NULL); + + if (dirname == NULL) { + goto csout; + } + + res = stat(dirname, &st); + + if (res == -1 && errno != ENOENT) { + ErrorAbort(state, "stat \"%s\" failed: %s\n", dirname, strerror(errno)); + goto csout; + } else if (res != 0) { + fprintf(stderr, "creating stash %s\n", dirname); + res = mkdir(dirname, STASH_DIRECTORY_MODE); + + if (res != 0) { + ErrorAbort(state, "mkdir \"%s\" failed: %s\n", dirname, strerror(errno)); + goto csout; + } + + if (CacheSizeCheck(maxblocks * BLOCKSIZE) != 0) { + ErrorAbort(state, "not enough space for stash\n"); + goto csout; + } + + rc = 1; // Created directory + goto csout; + } + + fprintf(stderr, "using existing stash %s\n", dirname); + + // If the directory already exists, calculate the space already allocated to + // stash files and check if there's enough for all required blocks. Delete any + // partially completed stash files first. + + EnumerateStash(dirname, DeletePartial, NULL); + EnumerateStash(dirname, UpdateFileSize, &size); + + size = (maxblocks * BLOCKSIZE) - size; + + if (size > 0 && CacheSizeCheck(size) != 0) { + ErrorAbort(state, "not enough space for stash (%d more needed)\n", size); + goto csout; + } + + rc = 0; // Using existing directory + +csout: + if (dirname) { + free(dirname); + } + + return rc; +} + +static int SaveStash(const char* base, char** wordsave, uint8_t** buffer, size_t* buffer_alloc, + int fd, int usehash, int* isunresumable) { + char *id = NULL; + int blocks = 0; + + if (!wordsave || !buffer || !buffer_alloc || !isunresumable) { + return -1; + } + + id = strtok_r(NULL, " ", wordsave); + + if (id == NULL) { + fprintf(stderr, "missing id field in stash command\n"); + return -1; + } + + if (usehash && LoadStash(base, id, 1, &blocks, buffer, buffer_alloc, 0) == 0) { + // Stash file already exists and has expected contents. Do not + // read from source again, as the source may have been already + // overwritten during a previous attempt. + return 0; + } + + if (LoadSrcTgtVersion1(wordsave, NULL, &blocks, buffer, buffer_alloc, fd) == -1) { + return -1; + } + + if (usehash && VerifyBlocks(id, *buffer, blocks, 1) != 0) { + // Source blocks have unexpected contents. If we actually need this + // data later, this is an unrecoverable error. However, the command + // that uses the data may have already completed previously, so the + // possible failure will occur during source block verification. + fprintf(stderr, "failed to load source blocks for stash %s\n", id); + return 0; + } + + fprintf(stderr, "stashing %d blocks to %s\n", blocks, id); + return WriteStash(base, id, blocks, *buffer, 0, NULL); +} + +static int FreeStash(const char* base, const char* id) { + char *fn = NULL; + + if (base == NULL || id == NULL) { + return -1; + } + + fn = GetStashFileName(base, id, NULL); + + if (fn == NULL) { + return -1; + } + + DeleteFile(fn, NULL); + free(fn); + + return 0; +} + +static void MoveRange(uint8_t* dest, RangeSet* locs, const uint8_t* source) { + // source contains packed data, which we want to move to the + // locations given in *locs in the dest buffer. source and dest + // may be the same buffer. + + int start = locs->size; + int i; + for (i = locs->count-1; i >= 0; --i) { + int blocks = locs->pos[i*2+1] - locs->pos[i*2]; + start -= blocks; + memmove(dest + (locs->pos[i*2] * BLOCKSIZE), source + (start * BLOCKSIZE), + blocks * BLOCKSIZE); + } +} + +// Do a source/target load for move/bsdiff/imgdiff in version 2. +// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect +// to parse the remainder of the string as one of: +// +// +// (loads data from source image only) +// +// - <[stash_id:stash_range] ...> +// (loads data from stashes only) +// +// <[stash_id:stash_range] ...> +// (loads data from both source image and stashes) +// +// On return, buffer is filled with the loaded source data (rearranged +// and combined with stashed data as necessary). buffer may be +// reallocated if needed to accommodate the source data. *tgt is the +// target RangeSet. Any stashes required are loaded using LoadStash. + +static int LoadSrcTgtVersion2(char** wordsave, RangeSet** tgt, int* src_blocks, + uint8_t** buffer, size_t* buffer_alloc, int fd, + const char* stashbase, int* overlap) { + char* word; + char* colonsave; + char* colon; + int res; + RangeSet* locs; + size_t stashalloc = 0; + uint8_t* stash = NULL; + + if (tgt != NULL) { + word = strtok_r(NULL, " ", wordsave); + *tgt = parse_range(word); + } + + word = strtok_r(NULL, " ", wordsave); + *src_blocks = strtol(word, NULL, 0); + + allocate(*src_blocks * BLOCKSIZE, buffer, buffer_alloc); + + word = strtok_r(NULL, " ", wordsave); + if (word[0] == '-' && word[1] == '\0') { + // no source ranges, only stashes + } else { + RangeSet* src = parse_range(word); + res = ReadBlocks(src, *buffer, fd); + + if (overlap && tgt) { + *overlap = range_overlaps(src, *tgt); + } + + free(src); + + if (res == -1) { + return -1; + } + + word = strtok_r(NULL, " ", wordsave); + if (word == NULL) { + // no stashes, only source range + return 0; + } + + locs = parse_range(word); + MoveRange(*buffer, locs, *buffer); + free(locs); + } + + while ((word = strtok_r(NULL, " ", wordsave)) != NULL) { + // Each word is a an index into the stash table, a colon, and + // then a rangeset describing where in the source block that + // stashed data should go. + colonsave = NULL; + colon = strtok_r(word, ":", &colonsave); + + res = LoadStash(stashbase, colon, 0, NULL, &stash, &stashalloc, 1); + + if (res == -1) { + // These source blocks will fail verification if used later, but we + // will let the caller decide if this is a fatal failure + fprintf(stderr, "failed to load stash %s\n", colon); + continue; + } + + colon = strtok_r(NULL, ":", &colonsave); + locs = parse_range(colon); + + MoveRange(*buffer, locs, stash); + free(locs); + } + + if (stash) { + free(stash); + } + + return 0; +} + +// Parameters for transfer list command functions +typedef struct { + char* cmdname; + char* cpos; + char* freestash; + char* stashbase; + int canwrite; + int createdstash; + int fd; + int foundwrites; + int isunresumable; + int version; + int written; + NewThreadInfo nti; + pthread_t thread; + size_t bufsize; + uint8_t* buffer; + uint8_t* patch_start; +} CommandParameters; + +// Do a source/target load for move/bsdiff/imgdiff in version 3. +// +// Parameters are the same as for LoadSrcTgtVersion2, except for 'onehash', which +// tells the function whether to expect separate source and targe block hashes, or +// if they are both the same and only one hash should be expected, and +// 'isunresumable', which receives a non-zero value if block verification fails in +// a way that the update cannot be resumed anymore. +// +// If the function is unable to load the necessary blocks or their contents don't +// match the hashes, the return value is -1 and the command should be aborted. +// +// If the return value is 1, the command has already been completed according to +// the contents of the target blocks, and should not be performed again. +// +// If the return value is 0, source blocks have expected content and the command +// can be performed. + +static int LoadSrcTgtVersion3(CommandParameters* params, RangeSet** tgt, int* src_blocks, + int onehash, int* overlap) { + char* srchash = NULL; + char* tgthash = NULL; + int stash_exists = 0; + int rc = -1; + uint8_t* tgtbuffer = NULL; + + if (!params|| !tgt || !src_blocks || !overlap) { + goto v3out; + } + + srchash = strtok_r(NULL, " ", ¶ms->cpos); + + if (srchash == NULL) { + fprintf(stderr, "missing source hash\n"); + goto v3out; + } + + if (onehash) { + tgthash = srchash; + } else { + tgthash = strtok_r(NULL, " ", ¶ms->cpos); + + if (tgthash == NULL) { + fprintf(stderr, "missing target hash\n"); + goto v3out; + } + } + + if (LoadSrcTgtVersion2(¶ms->cpos, tgt, src_blocks, ¶ms->buffer, ¶ms->bufsize, + params->fd, params->stashbase, overlap) == -1) { + goto v3out; + } + + tgtbuffer = (uint8_t*) malloc((*tgt)->size * BLOCKSIZE); + + if (tgtbuffer == NULL) { + fprintf(stderr, "failed to allocate %d bytes\n", (*tgt)->size * BLOCKSIZE); + goto v3out; + } + + if (ReadBlocks(*tgt, tgtbuffer, params->fd) == -1) { + goto v3out; + } + + if (VerifyBlocks(tgthash, tgtbuffer, (*tgt)->size, 0) == 0) { + // Target blocks already have expected content, command should be skipped + rc = 1; + goto v3out; + } + + if (VerifyBlocks(srchash, params->buffer, *src_blocks, 1) == 0) { + // If source and target blocks overlap, stash the source blocks so we can + // resume from possible write errors + if (*overlap) { + fprintf(stderr, "stashing %d overlapping blocks to %s\n", *src_blocks, + srchash); + + if (WriteStash(params->stashbase, srchash, *src_blocks, params->buffer, 1, + &stash_exists) != 0) { + fprintf(stderr, "failed to stash overlapping source blocks\n"); + goto v3out; + } + + // Can be deleted when the write has completed + if (!stash_exists) { + params->freestash = srchash; + } + } + + // Source blocks have expected content, command can proceed + rc = 0; + goto v3out; + } + + if (*overlap && LoadStash(params->stashbase, srchash, 1, NULL, ¶ms->buffer, + ¶ms->bufsize, 1) == 0) { + // Overlapping source blocks were previously stashed, command can proceed. + // We are recovering from an interrupted command, so we don't know if the + // stash can safely be deleted after this command. + rc = 0; + goto v3out; + } + + // Valid source data not available, update cannot be resumed + fprintf(stderr, "partition has unexpected contents\n"); + params->isunresumable = 1; + +v3out: + if (tgtbuffer) { + free(tgtbuffer); + } + + return rc; +} + +static int PerformCommandMove(CommandParameters* params) { + int blocks = 0; + int overlap = 0; + int rc = -1; + int status = 0; + RangeSet* tgt = NULL; + + if (!params) { + goto pcmout; + } + + if (params->version == 1) { + status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, + ¶ms->bufsize, params->fd); + } else if (params->version == 2) { + status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, + ¶ms->bufsize, params->fd, params->stashbase, NULL); + } else if (params->version >= 3) { + status = LoadSrcTgtVersion3(params, &tgt, &blocks, 1, &overlap); + } + + if (status == -1) { + fprintf(stderr, "failed to read blocks for move\n"); + goto pcmout; + } + + if (status == 0) { + params->foundwrites = 1; + } else if (params->foundwrites) { + fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); + } + + if (params->canwrite) { + if (status == 0) { + fprintf(stderr, " moving %d blocks\n", blocks); + + if (WriteBlocks(tgt, params->buffer, params->fd) == -1) { + goto pcmout; + } + } else { + fprintf(stderr, "skipping %d already moved blocks\n", blocks); + } + + } + + if (params->freestash) { + FreeStash(params->stashbase, params->freestash); + params->freestash = NULL; + } + + params->written += tgt->size; + rc = 0; + +pcmout: + if (tgt) { + free(tgt); + } + + return rc; +} + +static int PerformCommandStash(CommandParameters* params) { + if (!params) { + return -1; + } + + return SaveStash(params->stashbase, ¶ms->cpos, ¶ms->buffer, ¶ms->bufsize, + params->fd, (params->version >= 3), ¶ms->isunresumable); +} + +static int PerformCommandFree(CommandParameters* params) { + if (!params) { + return -1; + } + + if (params->createdstash || params->canwrite) { + return FreeStash(params->stashbase, params->cpos); + } + + return 0; +} + +static int PerformCommandZero(CommandParameters* params) { + char* range = NULL; + int i; + int j; + int rc = -1; + RangeSet* tgt = NULL; + + if (!params) { + goto pczout; + } + + range = strtok_r(NULL, " ", ¶ms->cpos); + + if (range == NULL) { + fprintf(stderr, "missing target blocks for zero\n"); + goto pczout; + } + + tgt = parse_range(range); + + fprintf(stderr, " zeroing %d blocks\n", tgt->size); + + allocate(BLOCKSIZE, ¶ms->buffer, ¶ms->bufsize); + memset(params->buffer, 0, BLOCKSIZE); + + if (params->canwrite) { + for (i = 0; i < tgt->count; ++i) { + if (!check_lseek(params->fd, (off64_t) tgt->pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + goto pczout; + } + + for (j = tgt->pos[i * 2]; j < tgt->pos[i * 2 + 1]; ++j) { + if (write_all(params->fd, params->buffer, BLOCKSIZE) == -1) { + goto pczout; + } + } + } + } + + if (params->cmdname[0] == 'z') { + // Update only for the zero command, as the erase command will call + // this if DEBUG_ERASE is defined. + params->written += tgt->size; + } + + rc = 0; + +pczout: + if (tgt) { + free(tgt); + } + + return rc; +} + +static int PerformCommandNew(CommandParameters* params) { + char* range = NULL; + int rc = -1; + RangeSet* tgt = NULL; + RangeSinkState rss; + + if (!params) { + goto pcnout; + } + + range = strtok_r(NULL, " ", ¶ms->cpos); + + if (range == NULL) { + goto pcnout; + } + + tgt = parse_range(range); + + if (params->canwrite) { + fprintf(stderr, " writing %d blocks of new data\n", tgt->size); + + rss.fd = params->fd; + rss.tgt = tgt; + rss.p_block = 0; + rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; + + if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { + goto pcnout; + } + + pthread_mutex_lock(¶ms->nti.mu); + params->nti.rss = &rss; + pthread_cond_broadcast(¶ms->nti.cv); + + while (params->nti.rss) { + pthread_cond_wait(¶ms->nti.cv, ¶ms->nti.mu); + } + + pthread_mutex_unlock(¶ms->nti.mu); + } + + params->written += tgt->size; + rc = 0; + +pcnout: + if (tgt) { + free(tgt); + } + + return rc; +} + +static int PerformCommandDiff(CommandParameters* params) { + char* logparams = NULL; + char* value = NULL; + int blocks = 0; + int overlap = 0; + int rc = -1; + int status = 0; + RangeSet* tgt = NULL; + RangeSinkState rss; + size_t len = 0; + size_t offset = 0; + Value patch_value; + + if (!params) { + goto pcdout; + } + + logparams = strdup(params->cpos); + value = strtok_r(NULL, " ", ¶ms->cpos); + + if (value == NULL) { + fprintf(stderr, "missing patch offset for %s\n", params->cmdname); + goto pcdout; + } + + offset = strtoul(value, NULL, 0); + + value = strtok_r(NULL, " ", ¶ms->cpos); + + if (value == NULL) { + fprintf(stderr, "missing patch length for %s\n", params->cmdname); + goto pcdout; + } + + len = strtoul(value, NULL, 0); + + if (params->version == 1) { + status = LoadSrcTgtVersion1(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, + ¶ms->bufsize, params->fd); + } else if (params->version == 2) { + status = LoadSrcTgtVersion2(¶ms->cpos, &tgt, &blocks, ¶ms->buffer, + ¶ms->bufsize, params->fd, params->stashbase, NULL); + } else if (params->version >= 3) { + status = LoadSrcTgtVersion3(params, &tgt, &blocks, 0, &overlap); + } + + if (status == -1) { + fprintf(stderr, "failed to read blocks for diff\n"); + goto pcdout; + } + + if (status == 0) { + params->foundwrites = 1; + } else if (params->foundwrites) { + fprintf(stderr, "warning: commands executed out of order [%s]\n", params->cmdname); + } + + if (params->canwrite) { + if (status == 0) { + fprintf(stderr, "patching %d blocks to %d\n", blocks, tgt->size); + + patch_value.type = VAL_BLOB; + patch_value.size = len; + patch_value.data = (char*) (params->patch_start + offset); + + rss.fd = params->fd; + rss.tgt = tgt; + rss.p_block = 0; + rss.p_remain = (tgt->pos[1] - tgt->pos[0]) * BLOCKSIZE; + + if (!check_lseek(params->fd, (off64_t) tgt->pos[0] * BLOCKSIZE, SEEK_SET)) { + goto pcdout; + } + + if (params->cmdname[0] == 'i') { // imgdiff + ApplyImagePatch(params->buffer, blocks * BLOCKSIZE, &patch_value, + &RangeSinkWrite, &rss, NULL, NULL); + } else { + ApplyBSDiffPatch(params->buffer, blocks * BLOCKSIZE, &patch_value, + 0, &RangeSinkWrite, &rss, NULL); + } + + // We expect the output of the patcher to fill the tgt ranges exactly. + if (rss.p_block != tgt->count || rss.p_remain != 0) { + fprintf(stderr, "range sink underrun?\n"); + } + } else { + fprintf(stderr, "skipping %d blocks already patched to %d [%s]\n", + blocks, tgt->size, logparams); + } + } + + if (params->freestash) { + FreeStash(params->stashbase, params->freestash); + params->freestash = NULL; + } + + params->written += tgt->size; + rc = 0; + +pcdout: + if (logparams) { + free(logparams); + } + + if (tgt) { + free(tgt); + } + + return rc; +} + +static int PerformCommandErase(CommandParameters* params) { + char* range = NULL; + int i; + int rc = -1; + RangeSet* tgt = NULL; + struct stat st; + uint64_t blocks[2]; + + if (DEBUG_ERASE) { + return PerformCommandZero(params); + } + + if (!params) { + goto pceout; + } + + if (fstat(params->fd, &st) == -1) { + fprintf(stderr, "failed to fstat device to erase: %s\n", strerror(errno)); + goto pceout; + } + + if (!S_ISBLK(st.st_mode)) { + fprintf(stderr, "not a block device; skipping erase\n"); + goto pceout; + } + + range = strtok_r(NULL, " ", ¶ms->cpos); + + if (range == NULL) { + fprintf(stderr, "missing target blocks for erase\n"); + goto pceout; + } + + tgt = parse_range(range); + + if (params->canwrite) { + fprintf(stderr, " erasing %d blocks\n", tgt->size); + + for (i = 0; i < tgt->count; ++i) { + // offset in bytes + blocks[0] = tgt->pos[i * 2] * (uint64_t) BLOCKSIZE; + // length in bytes + blocks[1] = (tgt->pos[i * 2 + 1] - tgt->pos[i * 2]) * (uint64_t) BLOCKSIZE; + + if (ioctl(params->fd, BLKDISCARD, &blocks) == -1) { + fprintf(stderr, "BLKDISCARD ioctl failed: %s\n", strerror(errno)); + goto pceout; + } + } + } + + rc = 0; + +pceout: + if (tgt) { + free(tgt); + } + + return rc; +} + +// Definitions for transfer list command functions +typedef int (*CommandFunction)(CommandParameters*); + +typedef struct { + const char* name; + CommandFunction f; +} Command; + +// CompareCommands and CompareCommandNames are for the hash table + +static int CompareCommands(const void* c1, const void* c2) { + return strcmp(((const Command*) c1)->name, ((const Command*) c2)->name); +} + +static int CompareCommandNames(const void* c1, const void* c2) { + return strcmp(((const Command*) c1)->name, (const char*) c2); +} + +// HashString is used to hash command names for the hash table + +static unsigned int HashString(const char *s) { + unsigned int hash = 0; + if (s) { + while (*s) { + hash = hash * 33 + *s++; + } + } + return hash; +} + +// args: +// - block device (or file) to modify in-place +// - transfer list (blob) +// - new data stream (filename within package.zip) +// - patch stream (filename within package.zip, must be uncompressed) + +static Value* PerformBlockImageUpdate(const char* name, State* state, int argc, Expr* argv[], + const Command* commands, int cmdcount, int dryrun) { + + char* line = NULL; + char* linesave = NULL; + char* logcmd = NULL; + char* transfer_list = NULL; + CommandParameters params; + const Command* cmd = NULL; + const ZipEntry* new_entry = NULL; + const ZipEntry* patch_entry = NULL; + FILE* cmd_pipe = NULL; + HashTable* cmdht = NULL; + int i; + int res; + int rc = -1; + int stash_max_blocks = 0; + int total_blocks = 0; + pthread_attr_t attr; + unsigned int cmdhash; + UpdaterInfo* ui = NULL; + Value* blockdev_filename = NULL; + Value* new_data_fn = NULL; + Value* patch_data_fn = NULL; + Value* transfer_list_value = NULL; + ZipArchive* za = NULL; + + memset(¶ms, 0, sizeof(params)); + params.canwrite = !dryrun; + + fprintf(stderr, "performing %s\n", dryrun ? "verification" : "update"); + + if (ReadValueArgs(state, argv, 4, &blockdev_filename, &transfer_list_value, + &new_data_fn, &patch_data_fn) < 0) { + goto pbiudone; + } + + if (blockdev_filename->type != VAL_STRING) { + ErrorAbort(state, "blockdev_filename argument to %s must be string", name); + goto pbiudone; + } + if (transfer_list_value->type != VAL_BLOB) { + ErrorAbort(state, "transfer_list argument to %s must be blob", name); + goto pbiudone; + } + if (new_data_fn->type != VAL_STRING) { + ErrorAbort(state, "new_data_fn argument to %s must be string", name); + goto pbiudone; + } + if (patch_data_fn->type != VAL_STRING) { + ErrorAbort(state, "patch_data_fn argument to %s must be string", name); + goto pbiudone; + } + + ui = (UpdaterInfo*) state->cookie; + + if (ui == NULL) { + goto pbiudone; + } + + cmd_pipe = ui->cmd_pipe; + za = ui->package_zip; + + if (cmd_pipe == NULL || za == NULL) { + goto pbiudone; + } + + patch_entry = mzFindZipEntry(za, patch_data_fn->data); + + if (patch_entry == NULL) { + fprintf(stderr, "%s(): no file \"%s\" in package", name, patch_data_fn->data); + goto pbiudone; + } + + params.patch_start = ui->package_zip_addr + mzGetZipEntryOffset(patch_entry); + new_entry = mzFindZipEntry(za, new_data_fn->data); + + if (new_entry == NULL) { + fprintf(stderr, "%s(): no file \"%s\" in package", name, new_data_fn->data); + goto pbiudone; + } + + params.fd = TEMP_FAILURE_RETRY(open(blockdev_filename->data, O_RDWR)); + + if (params.fd == -1) { + fprintf(stderr, "open \"%s\" failed: %s\n", blockdev_filename->data, strerror(errno)); + goto pbiudone; + } + + if (params.canwrite) { + params.nti.za = za; + params.nti.entry = new_entry; + + pthread_mutex_init(¶ms.nti.mu, NULL); + pthread_cond_init(¶ms.nti.cv, NULL); + pthread_attr_init(&attr); + pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); + + int error = pthread_create(¶ms.thread, &attr, unzip_new_data, ¶ms.nti); + if (error != 0) { + fprintf(stderr, "pthread_create failed: %s\n", strerror(error)); + goto pbiudone; + } + } + + // The data in transfer_list_value is not necessarily null-terminated, so we need + // to copy it to a new buffer and add the null that strtok_r will need. + transfer_list = reinterpret_cast(malloc(transfer_list_value->size + 1)); + + if (transfer_list == NULL) { + fprintf(stderr, "failed to allocate %zd bytes for transfer list\n", + transfer_list_value->size + 1); + goto pbiudone; + } + + memcpy(transfer_list, transfer_list_value->data, transfer_list_value->size); + transfer_list[transfer_list_value->size] = '\0'; + + // First line in transfer list is the version number + line = strtok_r(transfer_list, "\n", &linesave); + params.version = strtol(line, NULL, 0); + + if (params.version < 1 || params.version > 3) { + fprintf(stderr, "unexpected transfer list version [%s]\n", line); + goto pbiudone; + } + + fprintf(stderr, "blockimg version is %d\n", params.version); + + // Second line in transfer list is the total number of blocks we expect to write + line = strtok_r(NULL, "\n", &linesave); + total_blocks = strtol(line, NULL, 0); + + if (total_blocks < 0) { + ErrorAbort(state, "unexpected block count [%s]\n", line); + goto pbiudone; + } else if (total_blocks == 0) { + rc = 0; + goto pbiudone; + } + + if (params.version >= 2) { + // Third line is how many stash entries are needed simultaneously + line = strtok_r(NULL, "\n", &linesave); + fprintf(stderr, "maximum stash entries %s\n", line); + + // Fourth line is the maximum number of blocks that will be stashed simultaneously + line = strtok_r(NULL, "\n", &linesave); + stash_max_blocks = strtol(line, NULL, 0); + + if (stash_max_blocks < 0) { + ErrorAbort(state, "unexpected maximum stash blocks [%s]\n", line); + goto pbiudone; + } + + if (stash_max_blocks >= 0) { + res = CreateStash(state, stash_max_blocks, blockdev_filename->data, + ¶ms.stashbase); + + if (res == -1) { + goto pbiudone; + } + + params.createdstash = res; + } + } + + // Build a hash table of the available commands + cmdht = mzHashTableCreate(cmdcount, NULL); + + for (i = 0; i < cmdcount; ++i) { + cmdhash = HashString(commands[i].name); + mzHashTableLookup(cmdht, cmdhash, (void*) &commands[i], CompareCommands, true); + } + + // Subsequent lines are all individual transfer commands + for (line = strtok_r(NULL, "\n", &linesave); line; + line = strtok_r(NULL, "\n", &linesave)) { + + logcmd = strdup(line); + params.cmdname = strtok_r(line, " ", ¶ms.cpos); + + if (params.cmdname == NULL) { + fprintf(stderr, "missing command [%s]\n", line); + goto pbiudone; + } + + cmdhash = HashString(params.cmdname); + cmd = (const Command*) mzHashTableLookup(cmdht, cmdhash, params.cmdname, + CompareCommandNames, false); + + if (cmd == NULL) { + fprintf(stderr, "unexpected command [%s]\n", params.cmdname); + goto pbiudone; + } + + if (cmd->f != NULL && cmd->f(¶ms) == -1) { + fprintf(stderr, "failed to execute command [%s]\n", + logcmd ? logcmd : params.cmdname); + goto pbiudone; + } + + if (logcmd) { + free(logcmd); + logcmd = NULL; + } + + if (params.canwrite) { + fprintf(cmd_pipe, "set_progress %.4f\n", (double) params.written / total_blocks); + fflush(cmd_pipe); + } + } + + if (params.canwrite) { + pthread_join(params.thread, NULL); + + fprintf(stderr, "wrote %d blocks; expected %d\n", params.written, total_blocks); + fprintf(stderr, "max alloc needed was %zu\n", params.bufsize); + + // Delete stash only after successfully completing the update, as it + // may contain blocks needed to complete the update later. + DeleteStash(params.stashbase); + } else { + fprintf(stderr, "verified partition contents; update may be resumed\n"); + } + + rc = 0; + +pbiudone: + if (params.fd != -1) { + if (fsync(params.fd) == -1) { + fprintf(stderr, "fsync failed: %s\n", strerror(errno)); + } + close(params.fd); + } + + if (logcmd) { + free(logcmd); + } + + if (cmdht) { + mzHashTableFree(cmdht); + } + + if (params.buffer) { + free(params.buffer); + } + + if (transfer_list) { + free(transfer_list); + } + + if (blockdev_filename) { + FreeValue(blockdev_filename); + } + + if (transfer_list_value) { + FreeValue(transfer_list_value); + } + + if (new_data_fn) { + FreeValue(new_data_fn); + } + + if (patch_data_fn) { + FreeValue(patch_data_fn); + } + + // Only delete the stash if the update cannot be resumed, or it's + // a verification run and we created the stash. + if (params.isunresumable || (!params.canwrite && params.createdstash)) { + DeleteStash(params.stashbase); + } + + if (params.stashbase) { + free(params.stashbase); + } + + return StringValue(rc == 0 ? strdup("t") : strdup("")); +} + +// The transfer list is a text file containing commands to +// transfer data from one place to another on the target +// partition. We parse it and execute the commands in order: +// +// zero [rangeset] +// - fill the indicated blocks with zeros +// +// new [rangeset] +// - fill the blocks with data read from the new_data file +// +// erase [rangeset] +// - mark the given blocks as empty +// +// move <...> +// bsdiff <...> +// imgdiff <...> +// - read the source blocks, apply a patch (or not in the +// case of move), write result to target blocks. bsdiff or +// imgdiff specifies the type of patch; move means no patch +// at all. +// +// The format of <...> differs between versions 1 and 2; +// see the LoadSrcTgtVersion{1,2}() functions for a +// description of what's expected. +// +// stash +// - (version 2+ only) load the given source range and stash +// the data in the given slot of the stash table. +// +// The creator of the transfer list will guarantee that no block +// is read (ie, used as the source for a patch or move) after it +// has been written. +// +// In version 2, the creator will guarantee that a given stash is +// loaded (with a stash command) before it's used in a +// move/bsdiff/imgdiff command. +// +// Within one command the source and target ranges may overlap so +// in general we need to read the entire source into memory before +// writing anything to the target blocks. +// +// All the patch data is concatenated into one patch_data file in +// the update package. It must be stored uncompressed because we +// memory-map it in directly from the archive. (Since patches are +// already compressed, we lose very little by not compressing +// their concatenation.) +// +// In version 3, commands that read data from the partition (i.e. +// move/bsdiff/imgdiff/stash) have one or more additional hashes +// before the range parameters, which are used to check if the +// command has already been completed and verify the integrity of +// the source data. + +Value* BlockImageVerifyFn(const char* name, State* state, int argc, Expr* argv[]) { + // Commands which are not tested are set to NULL to skip them completely + const Command commands[] = { + { "bsdiff", PerformCommandDiff }, + { "erase", NULL }, + { "free", PerformCommandFree }, + { "imgdiff", PerformCommandDiff }, + { "move", PerformCommandMove }, + { "new", NULL }, + { "stash", PerformCommandStash }, + { "zero", NULL } + }; + + // Perform a dry run without writing to test if an update can proceed + return PerformBlockImageUpdate(name, state, argc, argv, commands, + sizeof(commands) / sizeof(commands[0]), 1); +} + +Value* BlockImageUpdateFn(const char* name, State* state, int argc, Expr* argv[]) { + const Command commands[] = { + { "bsdiff", PerformCommandDiff }, + { "erase", PerformCommandErase }, + { "free", PerformCommandFree }, + { "imgdiff", PerformCommandDiff }, + { "move", PerformCommandMove }, + { "new", PerformCommandNew }, + { "stash", PerformCommandStash }, + { "zero", PerformCommandZero } + }; + + return PerformBlockImageUpdate(name, state, argc, argv, commands, + sizeof(commands) / sizeof(commands[0]), 0); +} + +Value* RangeSha1Fn(const char* name, State* state, int argc, Expr* argv[]) { + Value* blockdev_filename; + Value* ranges; + const uint8_t* digest = NULL; + if (ReadValueArgs(state, argv, 2, &blockdev_filename, &ranges) < 0) { + return NULL; + } + + if (blockdev_filename->type != VAL_STRING) { + ErrorAbort(state, "blockdev_filename argument to %s must be string", name); + goto done; + } + if (ranges->type != VAL_STRING) { + ErrorAbort(state, "ranges argument to %s must be string", name); + goto done; + } + + int fd; + fd = open(blockdev_filename->data, O_RDWR); + if (fd < 0) { + ErrorAbort(state, "open \"%s\" failed: %s", blockdev_filename->data, strerror(errno)); + goto done; + } + + RangeSet* rs; + rs = parse_range(ranges->data); + uint8_t buffer[BLOCKSIZE]; + + SHA_CTX ctx; + SHA_init(&ctx); + + int i, j; + for (i = 0; i < rs->count; ++i) { + if (!check_lseek(fd, (off64_t)rs->pos[i*2] * BLOCKSIZE, SEEK_SET)) { + ErrorAbort(state, "failed to seek %s: %s", blockdev_filename->data, + strerror(errno)); + goto done; + } + + for (j = rs->pos[i*2]; j < rs->pos[i*2+1]; ++j) { + if (read_all(fd, buffer, BLOCKSIZE) == -1) { + ErrorAbort(state, "failed to read %s: %s", blockdev_filename->data, + strerror(errno)); + goto done; + } + + SHA_update(&ctx, buffer, BLOCKSIZE); + } + } + digest = SHA_final(&ctx); + close(fd); + + done: + FreeValue(blockdev_filename); + FreeValue(ranges); + if (digest == NULL) { + return StringValue(strdup("")); + } else { + return StringValue(PrintSha1(digest)); + } +} + +void RegisterBlockImageFunctions() { + RegisterFunction("block_image_verify", BlockImageVerifyFn); + RegisterFunction("block_image_update", BlockImageUpdateFn); + RegisterFunction("range_sha1", RangeSha1Fn); +} diff --git a/updater/install.c b/updater/install.c deleted file mode 100644 index 01a5dd24b..000000000 --- a/updater/install.c +++ /dev/null @@ -1,1625 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "bootloader.h" -#include "applypatch/applypatch.h" -#include "cutils/android_reboot.h" -#include "cutils/misc.h" -#include "cutils/properties.h" -#include "edify/expr.h" -#include "mincrypt/sha.h" -#include "minzip/DirUtil.h" -#include "mtdutils/mounts.h" -#include "mtdutils/mtdutils.h" -#include "updater.h" -#include "install.h" -#include "tune2fs.h" - -#ifdef USE_EXT4 -#include "make_ext4fs.h" -#include "wipe.h" -#endif - -void uiPrint(State* state, char* buffer) { - char* line = strtok(buffer, "\n"); - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - while (line) { - fprintf(ui->cmd_pipe, "ui_print %s\n", line); - line = strtok(NULL, "\n"); - } - fprintf(ui->cmd_pipe, "ui_print\n"); -} - -__attribute__((__format__(printf, 2, 3))) __nonnull((2)) -void uiPrintf(State* state, const char* format, ...) { - char error_msg[1024]; - va_list ap; - va_start(ap, format); - vsnprintf(error_msg, sizeof(error_msg), format, ap); - va_end(ap); - uiPrint(state, error_msg); -} - -// Take a sha-1 digest and return it as a newly-allocated hex string. -char* PrintSha1(const uint8_t* digest) { - char* buffer = malloc(SHA_DIGEST_SIZE*2 + 1); - int i; - const char* alphabet = "0123456789abcdef"; - for (i = 0; i < SHA_DIGEST_SIZE; ++i) { - buffer[i*2] = alphabet[(digest[i] >> 4) & 0xf]; - buffer[i*2+1] = alphabet[digest[i] & 0xf]; - } - buffer[i*2] = '\0'; - return buffer; -} - -// mount(fs_type, partition_type, location, mount_point) -// -// fs_type="yaffs2" partition_type="MTD" location=partition -// fs_type="ext4" partition_type="EMMC" location=device -Value* MountFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 4 && argc != 5) { - return ErrorAbort(state, "%s() expects 4-5 args, got %d", name, argc); - } - char* fs_type; - char* partition_type; - char* location; - char* mount_point; - char* mount_options; - bool has_mount_options; - if (argc == 5) { - has_mount_options = true; - if (ReadArgs(state, argv, 5, &fs_type, &partition_type, - &location, &mount_point, &mount_options) < 0) { - return NULL; - } - } else { - has_mount_options = false; - if (ReadArgs(state, argv, 4, &fs_type, &partition_type, - &location, &mount_point) < 0) { - return NULL; - } - } - - if (strlen(fs_type) == 0) { - ErrorAbort(state, "fs_type argument to %s() can't be empty", name); - goto done; - } - if (strlen(partition_type) == 0) { - ErrorAbort(state, "partition_type argument to %s() can't be empty", - name); - goto done; - } - if (strlen(location) == 0) { - ErrorAbort(state, "location argument to %s() can't be empty", name); - goto done; - } - if (strlen(mount_point) == 0) { - ErrorAbort(state, "mount_point argument to %s() can't be empty", name); - goto done; - } - - char *secontext = NULL; - - if (sehandle) { - selabel_lookup(sehandle, &secontext, mount_point, 0755); - setfscreatecon(secontext); - } - - mkdir(mount_point, 0755); - - if (secontext) { - freecon(secontext); - setfscreatecon(NULL); - } - - if (strcmp(partition_type, "MTD") == 0) { - mtd_scan_partitions(); - const MtdPartition* mtd; - mtd = mtd_find_partition_by_name(location); - if (mtd == NULL) { - uiPrintf(state, "%s: no mtd partition named \"%s\"", - name, location); - result = strdup(""); - goto done; - } - if (mtd_mount_partition(mtd, mount_point, fs_type, 0 /* rw */) != 0) { - uiPrintf(state, "mtd mount of %s failed: %s\n", - location, strerror(errno)); - result = strdup(""); - goto done; - } - result = mount_point; - } else { - if (mount(location, mount_point, fs_type, - MS_NOATIME | MS_NODEV | MS_NODIRATIME, - has_mount_options ? mount_options : "") < 0) { - uiPrintf(state, "%s: failed to mount %s at %s: %s\n", - name, location, mount_point, strerror(errno)); - result = strdup(""); - } else { - result = mount_point; - } - } - -done: - free(fs_type); - free(partition_type); - free(location); - if (result != mount_point) free(mount_point); - if (has_mount_options) free(mount_options); - return StringValue(result); -} - - -// is_mounted(mount_point) -Value* IsMountedFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* mount_point; - if (ReadArgs(state, argv, 1, &mount_point) < 0) { - return NULL; - } - if (strlen(mount_point) == 0) { - ErrorAbort(state, "mount_point argument to unmount() can't be empty"); - goto done; - } - - scan_mounted_volumes(); - const MountedVolume* vol = find_mounted_volume_by_mount_point(mount_point); - if (vol == NULL) { - result = strdup(""); - } else { - result = mount_point; - } - -done: - if (result != mount_point) free(mount_point); - return StringValue(result); -} - - -Value* UnmountFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* mount_point; - if (ReadArgs(state, argv, 1, &mount_point) < 0) { - return NULL; - } - if (strlen(mount_point) == 0) { - ErrorAbort(state, "mount_point argument to unmount() can't be empty"); - goto done; - } - - scan_mounted_volumes(); - const MountedVolume* vol = find_mounted_volume_by_mount_point(mount_point); - if (vol == NULL) { - uiPrintf(state, "unmount of %s failed; no such volume\n", mount_point); - result = strdup(""); - } else { - int ret = unmount_mounted_volume(vol); - if (ret != 0) { - uiPrintf(state, "unmount of %s failed (%d): %s\n", - mount_point, ret, strerror(errno)); - } - result = mount_point; - } - -done: - if (result != mount_point) free(mount_point); - return StringValue(result); -} - -static int exec_cmd(const char* path, char* const argv[]) { - int status; - pid_t child; - if ((child = vfork()) == 0) { - execv(path, argv); - _exit(-1); - } - waitpid(child, &status, 0); - if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { - printf("%s failed with status %d\n", path, WEXITSTATUS(status)); - } - return WEXITSTATUS(status); -} - - -// format(fs_type, partition_type, location, fs_size, mount_point) -// -// fs_type="yaffs2" partition_type="MTD" location=partition fs_size= mount_point= -// fs_type="ext4" partition_type="EMMC" location=device fs_size= mount_point= -// fs_type="f2fs" partition_type="EMMC" location=device fs_size= mount_point= -// if fs_size == 0, then make fs uses the entire partition. -// if fs_size > 0, that is the size to use -// if fs_size < 0, then reserve that many bytes at the end of the partition (not for "f2fs") -Value* FormatFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 5) { - return ErrorAbort(state, "%s() expects 5 args, got %d", name, argc); - } - char* fs_type; - char* partition_type; - char* location; - char* fs_size; - char* mount_point; - - if (ReadArgs(state, argv, 5, &fs_type, &partition_type, &location, &fs_size, &mount_point) < 0) { - return NULL; - } - - if (strlen(fs_type) == 0) { - ErrorAbort(state, "fs_type argument to %s() can't be empty", name); - goto done; - } - if (strlen(partition_type) == 0) { - ErrorAbort(state, "partition_type argument to %s() can't be empty", - name); - goto done; - } - if (strlen(location) == 0) { - ErrorAbort(state, "location argument to %s() can't be empty", name); - goto done; - } - - if (strlen(mount_point) == 0) { - ErrorAbort(state, "mount_point argument to %s() can't be empty", name); - goto done; - } - - if (strcmp(partition_type, "MTD") == 0) { - mtd_scan_partitions(); - const MtdPartition* mtd = mtd_find_partition_by_name(location); - if (mtd == NULL) { - printf("%s: no mtd partition named \"%s\"", - name, location); - result = strdup(""); - goto done; - } - MtdWriteContext* ctx = mtd_write_partition(mtd); - if (ctx == NULL) { - printf("%s: can't write \"%s\"", name, location); - result = strdup(""); - goto done; - } - if (mtd_erase_blocks(ctx, -1) == -1) { - mtd_write_close(ctx); - printf("%s: failed to erase \"%s\"", name, location); - result = strdup(""); - goto done; - } - if (mtd_write_close(ctx) != 0) { - printf("%s: failed to close \"%s\"", name, location); - result = strdup(""); - goto done; - } - result = location; -#ifdef USE_EXT4 - } else if (strcmp(fs_type, "ext4") == 0) { - int status = make_ext4fs(location, atoll(fs_size), mount_point, sehandle); - if (status != 0) { - printf("%s: make_ext4fs failed (%d) on %s", - name, status, location); - result = strdup(""); - goto done; - } - result = location; - } else if (strcmp(fs_type, "f2fs") == 0) { - char *num_sectors; - if (asprintf(&num_sectors, "%lld", atoll(fs_size) / 512) <= 0) { - printf("format_volume: failed to create %s command for %s\n", fs_type, location); - result = strdup(""); - goto done; - } - const char *f2fs_path = "/sbin/mkfs.f2fs"; - const char* const f2fs_argv[] = {"mkfs.f2fs", "-t", "-d1", location, num_sectors, NULL}; - int status = exec_cmd(f2fs_path, (char* const*)f2fs_argv); - free(num_sectors); - if (status != 0) { - printf("%s: mkfs.f2fs failed (%d) on %s", - name, status, location); - result = strdup(""); - goto done; - } - result = location; -#endif - } else { - printf("%s: unsupported fs_type \"%s\" partition_type \"%s\"", - name, fs_type, partition_type); - } - -done: - free(fs_type); - free(partition_type); - if (result != location) free(location); - return StringValue(result); -} - -Value* RenameFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - - char* src_name; - char* dst_name; - - if (ReadArgs(state, argv, 2, &src_name, &dst_name) < 0) { - return NULL; - } - if (strlen(src_name) == 0) { - ErrorAbort(state, "src_name argument to %s() can't be empty", name); - goto done; - } - if (strlen(dst_name) == 0) { - ErrorAbort(state, "dst_name argument to %s() can't be empty", name); - goto done; - } - if (make_parents(dst_name) != 0) { - ErrorAbort(state, "Creating parent of %s failed, error %s", - dst_name, strerror(errno)); - } else if (access(dst_name, F_OK) == 0 && access(src_name, F_OK) != 0) { - // File was already moved - result = dst_name; - } else if (rename(src_name, dst_name) != 0) { - ErrorAbort(state, "Rename of %s to %s failed, error %s", - src_name, dst_name, strerror(errno)); - } else { - result = dst_name; - } - -done: - free(src_name); - if (result != dst_name) free(dst_name); - return StringValue(result); -} - -Value* DeleteFn(const char* name, State* state, int argc, Expr* argv[]) { - char** paths = malloc(argc * sizeof(char*)); - int i; - for (i = 0; i < argc; ++i) { - paths[i] = Evaluate(state, argv[i]); - if (paths[i] == NULL) { - int j; - for (j = 0; j < i; ++i) { - free(paths[j]); - } - free(paths); - return NULL; - } - } - - bool recursive = (strcmp(name, "delete_recursive") == 0); - - int success = 0; - for (i = 0; i < argc; ++i) { - if ((recursive ? dirUnlinkHierarchy(paths[i]) : unlink(paths[i])) == 0) - ++success; - free(paths[i]); - } - free(paths); - - char buffer[10]; - sprintf(buffer, "%d", success); - return StringValue(strdup(buffer)); -} - - -Value* ShowProgressFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - char* frac_str; - char* sec_str; - if (ReadArgs(state, argv, 2, &frac_str, &sec_str) < 0) { - return NULL; - } - - double frac = strtod(frac_str, NULL); - int sec = strtol(sec_str, NULL, 10); - - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - fprintf(ui->cmd_pipe, "progress %f %d\n", frac, sec); - - free(sec_str); - return StringValue(frac_str); -} - -Value* SetProgressFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* frac_str; - if (ReadArgs(state, argv, 1, &frac_str) < 0) { - return NULL; - } - - double frac = strtod(frac_str, NULL); - - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - fprintf(ui->cmd_pipe, "set_progress %f\n", frac); - - return StringValue(frac_str); -} - -// package_extract_dir(package_path, destination_path) -Value* PackageExtractDirFn(const char* name, State* state, - int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - char* zip_path; - char* dest_path; - if (ReadArgs(state, argv, 2, &zip_path, &dest_path) < 0) return NULL; - - ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; - - // To create a consistent system image, never use the clock for timestamps. - struct utimbuf timestamp = { 1217592000, 1217592000 }; // 8/1/2008 default - - bool success = mzExtractRecursive(za, zip_path, dest_path, - ×tamp, - NULL, NULL, sehandle); - free(zip_path); - free(dest_path); - return StringValue(strdup(success ? "t" : "")); -} - - -// package_extract_file(package_path, destination_path) -// or -// package_extract_file(package_path) -// to return the entire contents of the file as the result of this -// function (the char* returned is actually a FileContents*). -Value* PackageExtractFileFn(const char* name, State* state, - int argc, Expr* argv[]) { - if (argc < 1 || argc > 2) { - return ErrorAbort(state, "%s() expects 1 or 2 args, got %d", - name, argc); - } - bool success = false; - - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - - if (argc == 2) { - // The two-argument version extracts to a file. - - ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; - - char* zip_path; - char* dest_path; - if (ReadArgs(state, argv, 2, &zip_path, &dest_path) < 0) return NULL; - - const ZipEntry* entry = mzFindZipEntry(za, zip_path); - if (entry == NULL) { - printf("%s: no %s in package\n", name, zip_path); - goto done2; - } - - FILE* f = fopen(dest_path, "wb"); - if (f == NULL) { - printf("%s: can't open %s for write: %s\n", - name, dest_path, strerror(errno)); - goto done2; - } - success = mzExtractZipEntryToFile(za, entry, fileno(f)); - fclose(f); - - done2: - free(zip_path); - free(dest_path); - return StringValue(strdup(success ? "t" : "")); - } else { - // The one-argument version returns the contents of the file - // as the result. - - char* zip_path; - Value* v = malloc(sizeof(Value)); - v->type = VAL_BLOB; - v->size = -1; - v->data = NULL; - - if (ReadArgs(state, argv, 1, &zip_path) < 0) return NULL; - - ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; - const ZipEntry* entry = mzFindZipEntry(za, zip_path); - if (entry == NULL) { - printf("%s: no %s in package\n", name, zip_path); - goto done1; - } - - v->size = mzGetZipEntryUncompLen(entry); - v->data = malloc(v->size); - if (v->data == NULL) { - printf("%s: failed to allocate %ld bytes for %s\n", - name, (long)v->size, zip_path); - goto done1; - } - - success = mzExtractZipEntryToBuffer(za, entry, - (unsigned char *)v->data); - - done1: - free(zip_path); - if (!success) { - free(v->data); - v->data = NULL; - v->size = -1; - } - return v; - } -} - -// Create all parent directories of name, if necessary. -static int make_parents(char* name) { - char* p; - for (p = name + (strlen(name)-1); p > name; --p) { - if (*p != '/') continue; - *p = '\0'; - if (make_parents(name) < 0) return -1; - int result = mkdir(name, 0700); - if (result == 0) printf("created [%s]\n", name); - *p = '/'; - if (result == 0 || errno == EEXIST) { - // successfully created or already existed; we're done - return 0; - } else { - printf("failed to mkdir %s: %s\n", name, strerror(errno)); - return -1; - } - } - return 0; -} - -// symlink target src1 src2 ... -// unlinks any previously existing src1, src2, etc before creating symlinks. -Value* SymlinkFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc == 0) { - return ErrorAbort(state, "%s() expects 1+ args, got %d", name, argc); - } - char* target; - target = Evaluate(state, argv[0]); - if (target == NULL) return NULL; - - char** srcs = ReadVarArgs(state, argc-1, argv+1); - if (srcs == NULL) { - free(target); - return NULL; - } - - int bad = 0; - int i; - for (i = 0; i < argc-1; ++i) { - if (unlink(srcs[i]) < 0) { - if (errno != ENOENT) { - printf("%s: failed to remove %s: %s\n", - name, srcs[i], strerror(errno)); - ++bad; - } - } - if (make_parents(srcs[i])) { - printf("%s: failed to symlink %s to %s: making parents failed\n", - name, srcs[i], target); - ++bad; - } - if (symlink(target, srcs[i]) < 0) { - printf("%s: failed to symlink %s to %s: %s\n", - name, srcs[i], target, strerror(errno)); - ++bad; - } - free(srcs[i]); - } - free(srcs); - if (bad) { - return ErrorAbort(state, "%s: some symlinks failed", name); - } - return StringValue(strdup("")); -} - -struct perm_parsed_args { - bool has_uid; - uid_t uid; - bool has_gid; - gid_t gid; - bool has_mode; - mode_t mode; - bool has_fmode; - mode_t fmode; - bool has_dmode; - mode_t dmode; - bool has_selabel; - char* selabel; - bool has_capabilities; - uint64_t capabilities; -}; - -static struct perm_parsed_args ParsePermArgs(State * state, int argc, char** args) { - int i; - struct perm_parsed_args parsed; - int bad = 0; - static int max_warnings = 20; - - memset(&parsed, 0, sizeof(parsed)); - - for (i = 1; i < argc; i += 2) { - if (strcmp("uid", args[i]) == 0) { - int64_t uid; - if (sscanf(args[i+1], "%" SCNd64, &uid) == 1) { - parsed.uid = uid; - parsed.has_uid = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid UID \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("gid", args[i]) == 0) { - int64_t gid; - if (sscanf(args[i+1], "%" SCNd64, &gid) == 1) { - parsed.gid = gid; - parsed.has_gid = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid GID \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("mode", args[i]) == 0) { - int32_t mode; - if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { - parsed.mode = mode; - parsed.has_mode = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid mode \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("dmode", args[i]) == 0) { - int32_t mode; - if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { - parsed.dmode = mode; - parsed.has_dmode = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid dmode \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("fmode", args[i]) == 0) { - int32_t mode; - if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { - parsed.fmode = mode; - parsed.has_fmode = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid fmode \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("capabilities", args[i]) == 0) { - int64_t capabilities; - if (sscanf(args[i+1], "%" SCNi64, &capabilities) == 1) { - parsed.capabilities = capabilities; - parsed.has_capabilities = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid capabilities \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (strcmp("selabel", args[i]) == 0) { - if (args[i+1][0] != '\0') { - parsed.selabel = args[i+1]; - parsed.has_selabel = true; - } else { - uiPrintf(state, "ParsePermArgs: invalid selabel \"%s\"\n", args[i + 1]); - bad++; - } - continue; - } - if (max_warnings != 0) { - printf("ParsedPermArgs: unknown key \"%s\", ignoring\n", args[i]); - max_warnings--; - if (max_warnings == 0) { - printf("ParsedPermArgs: suppressing further warnings\n"); - } - } - } - return parsed; -} - -static int ApplyParsedPerms( - State * state, - const char* filename, - const struct stat *statptr, - struct perm_parsed_args parsed) -{ - int bad = 0; - - if (parsed.has_selabel) { - if (lsetfilecon(filename, parsed.selabel) != 0) { - uiPrintf(state, "ApplyParsedPerms: lsetfilecon of %s to %s failed: %s\n", - filename, parsed.selabel, strerror(errno)); - bad++; - } - } - - /* ignore symlinks */ - if (S_ISLNK(statptr->st_mode)) { - return bad; - } - - if (parsed.has_uid) { - if (chown(filename, parsed.uid, -1) < 0) { - uiPrintf(state, "ApplyParsedPerms: chown of %s to %d failed: %s\n", - filename, parsed.uid, strerror(errno)); - bad++; - } - } - - if (parsed.has_gid) { - if (chown(filename, -1, parsed.gid) < 0) { - uiPrintf(state, "ApplyParsedPerms: chgrp of %s to %d failed: %s\n", - filename, parsed.gid, strerror(errno)); - bad++; - } - } - - if (parsed.has_mode) { - if (chmod(filename, parsed.mode) < 0) { - uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", - filename, parsed.mode, strerror(errno)); - bad++; - } - } - - if (parsed.has_dmode && S_ISDIR(statptr->st_mode)) { - if (chmod(filename, parsed.dmode) < 0) { - uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", - filename, parsed.dmode, strerror(errno)); - bad++; - } - } - - if (parsed.has_fmode && S_ISREG(statptr->st_mode)) { - if (chmod(filename, parsed.fmode) < 0) { - uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", - filename, parsed.fmode, strerror(errno)); - bad++; - } - } - - if (parsed.has_capabilities && S_ISREG(statptr->st_mode)) { - if (parsed.capabilities == 0) { - if ((removexattr(filename, XATTR_NAME_CAPS) == -1) && (errno != ENODATA)) { - // Report failure unless it's ENODATA (attribute not set) - uiPrintf(state, "ApplyParsedPerms: removexattr of %s to %" PRIx64 " failed: %s\n", - filename, parsed.capabilities, strerror(errno)); - bad++; - } - } else { - struct vfs_cap_data cap_data; - memset(&cap_data, 0, sizeof(cap_data)); - cap_data.magic_etc = VFS_CAP_REVISION | VFS_CAP_FLAGS_EFFECTIVE; - cap_data.data[0].permitted = (uint32_t) (parsed.capabilities & 0xffffffff); - cap_data.data[0].inheritable = 0; - cap_data.data[1].permitted = (uint32_t) (parsed.capabilities >> 32); - cap_data.data[1].inheritable = 0; - if (setxattr(filename, XATTR_NAME_CAPS, &cap_data, sizeof(cap_data), 0) < 0) { - uiPrintf(state, "ApplyParsedPerms: setcap of %s to %" PRIx64 " failed: %s\n", - filename, parsed.capabilities, strerror(errno)); - bad++; - } - } - } - - return bad; -} - -// nftw doesn't allow us to pass along context, so we need to use -// global variables. *sigh* -static struct perm_parsed_args recursive_parsed_args; -static State* recursive_state; - -static int do_SetMetadataRecursive(const char* filename, const struct stat *statptr, - int fileflags, struct FTW *pfwt) { - return ApplyParsedPerms(recursive_state, filename, statptr, recursive_parsed_args); -} - -static Value* SetMetadataFn(const char* name, State* state, int argc, Expr* argv[]) { - int i; - int bad = 0; - static int nwarnings = 0; - struct stat sb; - Value* result = NULL; - - bool recursive = (strcmp(name, "set_metadata_recursive") == 0); - - if ((argc % 2) != 1) { - return ErrorAbort(state, "%s() expects an odd number of arguments, got %d", - name, argc); - } - - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) return NULL; - - if (lstat(args[0], &sb) == -1) { - result = ErrorAbort(state, "%s: Error on lstat of \"%s\": %s", name, args[0], strerror(errno)); - goto done; - } - - struct perm_parsed_args parsed = ParsePermArgs(state, argc, args); - - if (recursive) { - recursive_parsed_args = parsed; - recursive_state = state; - bad += nftw(args[0], do_SetMetadataRecursive, 30, FTW_CHDIR | FTW_DEPTH | FTW_PHYS); - memset(&recursive_parsed_args, 0, sizeof(recursive_parsed_args)); - recursive_state = NULL; - } else { - bad += ApplyParsedPerms(state, args[0], &sb, parsed); - } - -done: - for (i = 0; i < argc; ++i) { - free(args[i]); - } - free(args); - - if (result != NULL) { - return result; - } - - if (bad > 0) { - return ErrorAbort(state, "%s: some changes failed", name); - } - - return StringValue(strdup("")); -} - -Value* GetPropFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* key; - key = Evaluate(state, argv[0]); - if (key == NULL) return NULL; - - char value[PROPERTY_VALUE_MAX]; - property_get(key, value, ""); - free(key); - - return StringValue(strdup(value)); -} - - -// file_getprop(file, key) -// -// interprets 'file' as a getprop-style file (key=value pairs, one -// per line. # comment lines,blank lines, lines without '=' ignored), -// and returns the value for 'key' (or "" if it isn't defined). -Value* FileGetPropFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - char* buffer = NULL; - char* filename; - char* key; - if (ReadArgs(state, argv, 2, &filename, &key) < 0) { - return NULL; - } - - struct stat st; - if (stat(filename, &st) < 0) { - ErrorAbort(state, "%s: failed to stat \"%s\": %s", - name, filename, strerror(errno)); - goto done; - } - -#define MAX_FILE_GETPROP_SIZE 65536 - - if (st.st_size > MAX_FILE_GETPROP_SIZE) { - ErrorAbort(state, "%s too large for %s (max %d)", - filename, name, MAX_FILE_GETPROP_SIZE); - goto done; - } - - buffer = malloc(st.st_size+1); - if (buffer == NULL) { - ErrorAbort(state, "%s: failed to alloc %lld bytes", name, (long long)st.st_size+1); - goto done; - } - - FILE* f = fopen(filename, "rb"); - if (f == NULL) { - ErrorAbort(state, "%s: failed to open %s: %s", - name, filename, strerror(errno)); - goto done; - } - - if (fread(buffer, 1, st.st_size, f) != st.st_size) { - ErrorAbort(state, "%s: failed to read %lld bytes from %s", - name, (long long)st.st_size+1, filename); - fclose(f); - goto done; - } - buffer[st.st_size] = '\0'; - - fclose(f); - - char* line = strtok(buffer, "\n"); - do { - // skip whitespace at start of line - while (*line && isspace(*line)) ++line; - - // comment or blank line: skip to next line - if (*line == '\0' || *line == '#') continue; - - char* equal = strchr(line, '='); - if (equal == NULL) { - continue; - } - - // trim whitespace between key and '=' - char* key_end = equal-1; - while (key_end > line && isspace(*key_end)) --key_end; - key_end[1] = '\0'; - - // not the key we're looking for - if (strcmp(key, line) != 0) continue; - - // skip whitespace after the '=' to the start of the value - char* val_start = equal+1; - while(*val_start && isspace(*val_start)) ++val_start; - - // trim trailing whitespace - char* val_end = val_start + strlen(val_start)-1; - while (val_end > val_start && isspace(*val_end)) --val_end; - val_end[1] = '\0'; - - result = strdup(val_start); - break; - - } while ((line = strtok(NULL, "\n"))); - - if (result == NULL) result = strdup(""); - - done: - free(filename); - free(key); - free(buffer); - return StringValue(result); -} - - -static bool write_raw_image_cb(const unsigned char* data, - int data_len, void* ctx) { - int r = mtd_write_data((MtdWriteContext*)ctx, (const char *)data, data_len); - if (r == data_len) return true; - printf("%s\n", strerror(errno)); - return false; -} - -// write_raw_image(filename_or_blob, partition) -Value* WriteRawImageFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - - Value* partition_value; - Value* contents; - if (ReadValueArgs(state, argv, 2, &contents, &partition_value) < 0) { - return NULL; - } - - char* partition = NULL; - if (partition_value->type != VAL_STRING) { - ErrorAbort(state, "partition argument to %s must be string", name); - goto done; - } - partition = partition_value->data; - if (strlen(partition) == 0) { - ErrorAbort(state, "partition argument to %s can't be empty", name); - goto done; - } - if (contents->type == VAL_STRING && strlen((char*) contents->data) == 0) { - ErrorAbort(state, "file argument to %s can't be empty", name); - goto done; - } - - mtd_scan_partitions(); - const MtdPartition* mtd = mtd_find_partition_by_name(partition); - if (mtd == NULL) { - printf("%s: no mtd partition named \"%s\"\n", name, partition); - result = strdup(""); - goto done; - } - - MtdWriteContext* ctx = mtd_write_partition(mtd); - if (ctx == NULL) { - printf("%s: can't write mtd partition \"%s\"\n", - name, partition); - result = strdup(""); - goto done; - } - - bool success; - - if (contents->type == VAL_STRING) { - // we're given a filename as the contents - char* filename = contents->data; - FILE* f = fopen(filename, "rb"); - if (f == NULL) { - printf("%s: can't open %s: %s\n", - name, filename, strerror(errno)); - result = strdup(""); - goto done; - } - - success = true; - char* buffer = malloc(BUFSIZ); - int read; - while (success && (read = fread(buffer, 1, BUFSIZ, f)) > 0) { - int wrote = mtd_write_data(ctx, buffer, read); - success = success && (wrote == read); - } - free(buffer); - fclose(f); - } else { - // we're given a blob as the contents - ssize_t wrote = mtd_write_data(ctx, contents->data, contents->size); - success = (wrote == contents->size); - } - if (!success) { - printf("mtd_write_data to %s failed: %s\n", - partition, strerror(errno)); - } - - if (mtd_erase_blocks(ctx, -1) == -1) { - printf("%s: error erasing blocks of %s\n", name, partition); - } - if (mtd_write_close(ctx) != 0) { - printf("%s: error closing write of %s\n", name, partition); - } - - printf("%s %s partition\n", - success ? "wrote" : "failed to write", partition); - - result = success ? partition : strdup(""); - -done: - if (result != partition) FreeValue(partition_value); - FreeValue(contents); - return StringValue(result); -} - -// apply_patch_space(bytes) -Value* ApplyPatchSpaceFn(const char* name, State* state, - int argc, Expr* argv[]) { - char* bytes_str; - if (ReadArgs(state, argv, 1, &bytes_str) < 0) { - return NULL; - } - - char* endptr; - size_t bytes = strtol(bytes_str, &endptr, 10); - if (bytes == 0 && endptr == bytes_str) { - ErrorAbort(state, "%s(): can't parse \"%s\" as byte count\n\n", - name, bytes_str); - free(bytes_str); - return NULL; - } - - return StringValue(strdup(CacheSizeCheck(bytes) ? "" : "t")); -} - -// apply_patch(file, size, init_sha1, tgt_sha1, patch) - -Value* ApplyPatchFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc < 6 || (argc % 2) == 1) { - return ErrorAbort(state, "%s(): expected at least 6 args and an " - "even number, got %d", - name, argc); - } - - char* source_filename; - char* target_filename; - char* target_sha1; - char* target_size_str; - if (ReadArgs(state, argv, 4, &source_filename, &target_filename, - &target_sha1, &target_size_str) < 0) { - return NULL; - } - - char* endptr; - size_t target_size = strtol(target_size_str, &endptr, 10); - if (target_size == 0 && endptr == target_size_str) { - ErrorAbort(state, "%s(): can't parse \"%s\" as byte count", - name, target_size_str); - free(source_filename); - free(target_filename); - free(target_sha1); - free(target_size_str); - return NULL; - } - - int patchcount = (argc-4) / 2; - Value** patches = ReadValueVarArgs(state, argc-4, argv+4); - - int i; - for (i = 0; i < patchcount; ++i) { - if (patches[i*2]->type != VAL_STRING) { - ErrorAbort(state, "%s(): sha-1 #%d is not string", name, i); - break; - } - if (patches[i*2+1]->type != VAL_BLOB) { - ErrorAbort(state, "%s(): patch #%d is not blob", name, i); - break; - } - } - if (i != patchcount) { - for (i = 0; i < patchcount*2; ++i) { - FreeValue(patches[i]); - } - free(patches); - return NULL; - } - - char** patch_sha_str = malloc(patchcount * sizeof(char*)); - for (i = 0; i < patchcount; ++i) { - patch_sha_str[i] = patches[i*2]->data; - patches[i*2]->data = NULL; - FreeValue(patches[i*2]); - patches[i] = patches[i*2+1]; - } - - int result = applypatch(source_filename, target_filename, - target_sha1, target_size, - patchcount, patch_sha_str, patches, NULL); - - for (i = 0; i < patchcount; ++i) { - FreeValue(patches[i]); - } - free(patch_sha_str); - free(patches); - - return StringValue(strdup(result == 0 ? "t" : "")); -} - -// apply_patch_check(file, [sha1_1, ...]) -Value* ApplyPatchCheckFn(const char* name, State* state, - int argc, Expr* argv[]) { - if (argc < 1) { - return ErrorAbort(state, "%s(): expected at least 1 arg, got %d", - name, argc); - } - - char* filename; - if (ReadArgs(state, argv, 1, &filename) < 0) { - return NULL; - } - - int patchcount = argc-1; - char** sha1s = ReadVarArgs(state, argc-1, argv+1); - - int result = applypatch_check(filename, patchcount, sha1s); - - int i; - for (i = 0; i < patchcount; ++i) { - free(sha1s[i]); - } - free(sha1s); - - return StringValue(strdup(result == 0 ? "t" : "")); -} - -Value* UIPrintFn(const char* name, State* state, int argc, Expr* argv[]) { - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) { - return NULL; - } - - int size = 0; - int i; - for (i = 0; i < argc; ++i) { - size += strlen(args[i]); - } - char* buffer = malloc(size+1); - size = 0; - for (i = 0; i < argc; ++i) { - strcpy(buffer+size, args[i]); - size += strlen(args[i]); - free(args[i]); - } - free(args); - buffer[size] = '\0'; - uiPrint(state, buffer); - return StringValue(buffer); -} - -Value* WipeCacheFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 0) { - return ErrorAbort(state, "%s() expects no args, got %d", name, argc); - } - fprintf(((UpdaterInfo*)(state->cookie))->cmd_pipe, "wipe_cache\n"); - return StringValue(strdup("t")); -} - -Value* RunProgramFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc < 1) { - return ErrorAbort(state, "%s() expects at least 1 arg", name); - } - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) { - return NULL; - } - - char** args2 = malloc(sizeof(char*) * (argc+1)); - memcpy(args2, args, sizeof(char*) * argc); - args2[argc] = NULL; - - printf("about to run program [%s] with %d args\n", args2[0], argc); - - pid_t child = fork(); - if (child == 0) { - execv(args2[0], args2); - printf("run_program: execv failed: %s\n", strerror(errno)); - _exit(1); - } - int status; - waitpid(child, &status, 0); - if (WIFEXITED(status)) { - if (WEXITSTATUS(status) != 0) { - printf("run_program: child exited with status %d\n", - WEXITSTATUS(status)); - } - } else if (WIFSIGNALED(status)) { - printf("run_program: child terminated by signal %d\n", - WTERMSIG(status)); - } - - int i; - for (i = 0; i < argc; ++i) { - free(args[i]); - } - free(args); - free(args2); - - char buffer[20]; - sprintf(buffer, "%d", status); - - return StringValue(strdup(buffer)); -} - -// sha1_check(data) -// to return the sha1 of the data (given in the format returned by -// read_file). -// -// sha1_check(data, sha1_hex, [sha1_hex, ...]) -// returns the sha1 of the file if it matches any of the hex -// strings passed, or "" if it does not equal any of them. -// -Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc < 1) { - return ErrorAbort(state, "%s() expects at least 1 arg", name); - } - - Value** args = ReadValueVarArgs(state, argc, argv); - if (args == NULL) { - return NULL; - } - - if (args[0]->size < 0) { - return StringValue(strdup("")); - } - uint8_t digest[SHA_DIGEST_SIZE]; - SHA_hash(args[0]->data, args[0]->size, digest); - FreeValue(args[0]); - - if (argc == 1) { - return StringValue(PrintSha1(digest)); - } - - int i; - uint8_t* arg_digest = malloc(SHA_DIGEST_SIZE); - for (i = 1; i < argc; ++i) { - if (args[i]->type != VAL_STRING) { - printf("%s(): arg %d is not a string; skipping", - name, i); - } else if (ParseSha1(args[i]->data, arg_digest) != 0) { - // Warn about bad args and skip them. - printf("%s(): error parsing \"%s\" as sha-1; skipping", - name, args[i]->data); - } else if (memcmp(digest, arg_digest, SHA_DIGEST_SIZE) == 0) { - break; - } - FreeValue(args[i]); - } - if (i >= argc) { - // Didn't match any of the hex strings; return false. - return StringValue(strdup("")); - } - // Found a match; free all the remaining arguments and return the - // matched one. - int j; - for (j = i+1; j < argc; ++j) { - FreeValue(args[j]); - } - return args[i]; -} - -// Read a local file and return its contents (the Value* returned -// is actually a FileContents*). -Value* ReadFileFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - char* filename; - if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; - - Value* v = malloc(sizeof(Value)); - v->type = VAL_BLOB; - - FileContents fc; - if (LoadFileContents(filename, &fc) != 0) { - free(filename); - v->size = -1; - v->data = NULL; - free(fc.data); - return v; - } - - v->size = fc.size; - v->data = (char*)fc.data; - - free(filename); - return v; -} - -// Immediately reboot the device. Recovery is not finished normally, -// so if you reboot into recovery it will re-start applying the -// current package (because nothing has cleared the copy of the -// arguments stored in the BCB). -// -// The argument is the partition name passed to the android reboot -// property. It can be "recovery" to boot from the recovery -// partition, or "" (empty string) to boot from the regular boot -// partition. -Value* RebootNowFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - - char* filename; - char* property; - if (ReadArgs(state, argv, 2, &filename, &property) < 0) return NULL; - - char buffer[80]; - - // zero out the 'command' field of the bootloader message. - memset(buffer, 0, sizeof(((struct bootloader_message*)0)->command)); - FILE* f = fopen(filename, "r+b"); - fseek(f, offsetof(struct bootloader_message, command), SEEK_SET); - fwrite(buffer, sizeof(((struct bootloader_message*)0)->command), 1, f); - fclose(f); - free(filename); - - strcpy(buffer, "reboot,"); - if (property != NULL) { - strncat(buffer, property, sizeof(buffer)-10); - } - - property_set(ANDROID_RB_PROPERTY, buffer); - - sleep(5); - free(property); - ErrorAbort(state, "%s() failed to reboot", name); - return NULL; -} - -// Store a string value somewhere that future invocations of recovery -// can access it. This value is called the "stage" and can be used to -// drive packages that need to do reboots in the middle of -// installation and keep track of where they are in the multi-stage -// install. -// -// The first argument is the block device for the misc partition -// ("/misc" in the fstab), which is where this value is stored. The -// second argument is the string to store; it should not exceed 31 -// bytes. -Value* SetStageFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - - char* filename; - char* stagestr; - if (ReadArgs(state, argv, 2, &filename, &stagestr) < 0) return NULL; - - // Store this value in the misc partition, immediately after the - // bootloader message that the main recovery uses to save its - // arguments in case of the device restarting midway through - // package installation. - FILE* f = fopen(filename, "r+b"); - fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); - int to_write = strlen(stagestr)+1; - int max_size = sizeof(((struct bootloader_message*)0)->stage); - if (to_write > max_size) { - to_write = max_size; - stagestr[max_size-1] = 0; - } - fwrite(stagestr, to_write, 1, f); - fclose(f); - - free(stagestr); - return StringValue(filename); -} - -// Return the value most recently saved with SetStageFn. The argument -// is the block device for the misc partition. -Value* GetStageFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 1) { - return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); - } - - char* filename; - if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; - - char buffer[sizeof(((struct bootloader_message*)0)->stage)]; - FILE* f = fopen(filename, "rb"); - fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); - fread(buffer, sizeof(buffer), 1, f); - fclose(f); - buffer[sizeof(buffer)-1] = '\0'; - - return StringValue(strdup(buffer)); -} - -Value* WipeBlockDeviceFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 2) { - return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); - } - - char* filename; - char* len_str; - if (ReadArgs(state, argv, 2, &filename, &len_str) < 0) return NULL; - - size_t len = strtoull(len_str, NULL, 0); - int fd = open(filename, O_WRONLY, 0644); - int success = wipe_block_device(fd, len); - - free(filename); - free(len_str); - - close(fd); - - return StringValue(strdup(success ? "t" : "")); -} - -Value* EnableRebootFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc != 0) { - return ErrorAbort(state, "%s() expects no args, got %d", name, argc); - } - UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); - fprintf(ui->cmd_pipe, "enable_reboot\n"); - return StringValue(strdup("t")); -} - -Value* Tune2FsFn(const char* name, State* state, int argc, Expr* argv[]) { - if (argc == 0) { - return ErrorAbort(state, "%s() expects args, got %d", name, argc); - } - - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) { - return ErrorAbort(state, "%s() could not read args", name); - } - - int i; - char** args2 = malloc(sizeof(char*) * (argc+1)); - // Tune2fs expects the program name as its args[0] - args2[0] = strdup(name); - for (i = 0; i < argc; ++i) { - args2[i + 1] = args[i]; - } - int result = tune2fs_main(argc + 1, args2); - for (i = 0; i < argc; ++i) { - free(args[i]); - } - free(args); - - free(args2[0]); - free(args2); - if (result != 0) { - return ErrorAbort(state, "%s() returned error code %d", name, result); - } - return StringValue(strdup("t")); -} - -void RegisterInstallFunctions() { - RegisterFunction("mount", MountFn); - RegisterFunction("is_mounted", IsMountedFn); - RegisterFunction("unmount", UnmountFn); - RegisterFunction("format", FormatFn); - RegisterFunction("show_progress", ShowProgressFn); - RegisterFunction("set_progress", SetProgressFn); - RegisterFunction("delete", DeleteFn); - RegisterFunction("delete_recursive", DeleteFn); - RegisterFunction("package_extract_dir", PackageExtractDirFn); - RegisterFunction("package_extract_file", PackageExtractFileFn); - RegisterFunction("symlink", SymlinkFn); - - // Usage: - // set_metadata("filename", "key1", "value1", "key2", "value2", ...) - // Example: - // set_metadata("/system/bin/netcfg", "uid", 0, "gid", 3003, "mode", 02750, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); - RegisterFunction("set_metadata", SetMetadataFn); - - // Usage: - // set_metadata_recursive("dirname", "key1", "value1", "key2", "value2", ...) - // Example: - // set_metadata_recursive("/system", "uid", 0, "gid", 0, "fmode", 0644, "dmode", 0755, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); - RegisterFunction("set_metadata_recursive", SetMetadataFn); - - RegisterFunction("getprop", GetPropFn); - RegisterFunction("file_getprop", FileGetPropFn); - RegisterFunction("write_raw_image", WriteRawImageFn); - - RegisterFunction("apply_patch", ApplyPatchFn); - RegisterFunction("apply_patch_check", ApplyPatchCheckFn); - RegisterFunction("apply_patch_space", ApplyPatchSpaceFn); - - RegisterFunction("wipe_block_device", WipeBlockDeviceFn); - - RegisterFunction("read_file", ReadFileFn); - RegisterFunction("sha1_check", Sha1CheckFn); - RegisterFunction("rename", RenameFn); - - RegisterFunction("wipe_cache", WipeCacheFn); - - RegisterFunction("ui_print", UIPrintFn); - - RegisterFunction("run_program", RunProgramFn); - - RegisterFunction("reboot_now", RebootNowFn); - RegisterFunction("get_stage", GetStageFn); - RegisterFunction("set_stage", SetStageFn); - - RegisterFunction("enable_reboot", EnableRebootFn); - RegisterFunction("tune2fs", Tune2FsFn); -} diff --git a/updater/install.cpp b/updater/install.cpp new file mode 100644 index 000000000..a2bc4029f --- /dev/null +++ b/updater/install.cpp @@ -0,0 +1,1617 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "bootloader.h" +#include "applypatch/applypatch.h" +#include "cutils/android_reboot.h" +#include "cutils/misc.h" +#include "cutils/properties.h" +#include "edify/expr.h" +#include "mincrypt/sha.h" +#include "minzip/DirUtil.h" +#include "mtdutils/mounts.h" +#include "mtdutils/mtdutils.h" +#include "updater.h" +#include "install.h" +#include "tune2fs.h" + +#ifdef USE_EXT4 +#include "make_ext4fs.h" +#include "wipe.h" +#endif + +void uiPrint(State* state, char* buffer) { + char* line = strtok(buffer, "\n"); + UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); + while (line) { + fprintf(ui->cmd_pipe, "ui_print %s\n", line); + line = strtok(NULL, "\n"); + } + fprintf(ui->cmd_pipe, "ui_print\n"); +} + +__attribute__((__format__(printf, 2, 3))) __nonnull((2)) +void uiPrintf(State* state, const char* format, ...) { + char error_msg[1024]; + va_list ap; + va_start(ap, format); + vsnprintf(error_msg, sizeof(error_msg), format, ap); + va_end(ap); + uiPrint(state, error_msg); +} + +// Take a sha-1 digest and return it as a newly-allocated hex string. +char* PrintSha1(const uint8_t* digest) { + char* buffer = reinterpret_cast(malloc(SHA_DIGEST_SIZE*2 + 1)); + const char* alphabet = "0123456789abcdef"; + size_t i; + for (i = 0; i < SHA_DIGEST_SIZE; ++i) { + buffer[i*2] = alphabet[(digest[i] >> 4) & 0xf]; + buffer[i*2+1] = alphabet[digest[i] & 0xf]; + } + buffer[i*2] = '\0'; + return buffer; +} + +// mount(fs_type, partition_type, location, mount_point) +// +// fs_type="yaffs2" partition_type="MTD" location=partition +// fs_type="ext4" partition_type="EMMC" location=device +Value* MountFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 4 && argc != 5) { + return ErrorAbort(state, "%s() expects 4-5 args, got %d", name, argc); + } + char* fs_type; + char* partition_type; + char* location; + char* mount_point; + char* mount_options; + bool has_mount_options; + if (argc == 5) { + has_mount_options = true; + if (ReadArgs(state, argv, 5, &fs_type, &partition_type, + &location, &mount_point, &mount_options) < 0) { + return NULL; + } + } else { + has_mount_options = false; + if (ReadArgs(state, argv, 4, &fs_type, &partition_type, + &location, &mount_point) < 0) { + return NULL; + } + } + + if (strlen(fs_type) == 0) { + ErrorAbort(state, "fs_type argument to %s() can't be empty", name); + goto done; + } + if (strlen(partition_type) == 0) { + ErrorAbort(state, "partition_type argument to %s() can't be empty", + name); + goto done; + } + if (strlen(location) == 0) { + ErrorAbort(state, "location argument to %s() can't be empty", name); + goto done; + } + if (strlen(mount_point) == 0) { + ErrorAbort(state, "mount_point argument to %s() can't be empty", name); + goto done; + } + + { + char *secontext = NULL; + + if (sehandle) { + selabel_lookup(sehandle, &secontext, mount_point, 0755); + setfscreatecon(secontext); + } + + mkdir(mount_point, 0755); + + if (secontext) { + freecon(secontext); + setfscreatecon(NULL); + } + } + + if (strcmp(partition_type, "MTD") == 0) { + mtd_scan_partitions(); + const MtdPartition* mtd; + mtd = mtd_find_partition_by_name(location); + if (mtd == NULL) { + uiPrintf(state, "%s: no mtd partition named \"%s\"", + name, location); + result = strdup(""); + goto done; + } + if (mtd_mount_partition(mtd, mount_point, fs_type, 0 /* rw */) != 0) { + uiPrintf(state, "mtd mount of %s failed: %s\n", + location, strerror(errno)); + result = strdup(""); + goto done; + } + result = mount_point; + } else { + if (mount(location, mount_point, fs_type, + MS_NOATIME | MS_NODEV | MS_NODIRATIME, + has_mount_options ? mount_options : "") < 0) { + uiPrintf(state, "%s: failed to mount %s at %s: %s\n", + name, location, mount_point, strerror(errno)); + result = strdup(""); + } else { + result = mount_point; + } + } + +done: + free(fs_type); + free(partition_type); + free(location); + if (result != mount_point) free(mount_point); + if (has_mount_options) free(mount_options); + return StringValue(result); +} + + +// is_mounted(mount_point) +Value* IsMountedFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* mount_point; + if (ReadArgs(state, argv, 1, &mount_point) < 0) { + return NULL; + } + if (strlen(mount_point) == 0) { + ErrorAbort(state, "mount_point argument to unmount() can't be empty"); + goto done; + } + + scan_mounted_volumes(); + { + const MountedVolume* vol = find_mounted_volume_by_mount_point(mount_point); + if (vol == NULL) { + result = strdup(""); + } else { + result = mount_point; + } + } + +done: + if (result != mount_point) free(mount_point); + return StringValue(result); +} + + +Value* UnmountFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* mount_point; + if (ReadArgs(state, argv, 1, &mount_point) < 0) { + return NULL; + } + if (strlen(mount_point) == 0) { + ErrorAbort(state, "mount_point argument to unmount() can't be empty"); + goto done; + } + + scan_mounted_volumes(); + { + const MountedVolume* vol = find_mounted_volume_by_mount_point(mount_point); + if (vol == NULL) { + uiPrintf(state, "unmount of %s failed; no such volume\n", mount_point); + result = strdup(""); + } else { + int ret = unmount_mounted_volume(vol); + if (ret != 0) { + uiPrintf(state, "unmount of %s failed (%d): %s\n", + mount_point, ret, strerror(errno)); + } + result = mount_point; + } + } + +done: + if (result != mount_point) free(mount_point); + return StringValue(result); +} + +static int exec_cmd(const char* path, char* const argv[]) { + int status; + pid_t child; + if ((child = vfork()) == 0) { + execv(path, argv); + _exit(-1); + } + waitpid(child, &status, 0); + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { + printf("%s failed with status %d\n", path, WEXITSTATUS(status)); + } + return WEXITSTATUS(status); +} + + +// format(fs_type, partition_type, location, fs_size, mount_point) +// +// fs_type="yaffs2" partition_type="MTD" location=partition fs_size= mount_point= +// fs_type="ext4" partition_type="EMMC" location=device fs_size= mount_point= +// fs_type="f2fs" partition_type="EMMC" location=device fs_size= mount_point= +// if fs_size == 0, then make fs uses the entire partition. +// if fs_size > 0, that is the size to use +// if fs_size < 0, then reserve that many bytes at the end of the partition (not for "f2fs") +Value* FormatFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 5) { + return ErrorAbort(state, "%s() expects 5 args, got %d", name, argc); + } + char* fs_type; + char* partition_type; + char* location; + char* fs_size; + char* mount_point; + + if (ReadArgs(state, argv, 5, &fs_type, &partition_type, &location, &fs_size, &mount_point) < 0) { + return NULL; + } + + if (strlen(fs_type) == 0) { + ErrorAbort(state, "fs_type argument to %s() can't be empty", name); + goto done; + } + if (strlen(partition_type) == 0) { + ErrorAbort(state, "partition_type argument to %s() can't be empty", + name); + goto done; + } + if (strlen(location) == 0) { + ErrorAbort(state, "location argument to %s() can't be empty", name); + goto done; + } + + if (strlen(mount_point) == 0) { + ErrorAbort(state, "mount_point argument to %s() can't be empty", name); + goto done; + } + + if (strcmp(partition_type, "MTD") == 0) { + mtd_scan_partitions(); + const MtdPartition* mtd = mtd_find_partition_by_name(location); + if (mtd == NULL) { + printf("%s: no mtd partition named \"%s\"", + name, location); + result = strdup(""); + goto done; + } + MtdWriteContext* ctx = mtd_write_partition(mtd); + if (ctx == NULL) { + printf("%s: can't write \"%s\"", name, location); + result = strdup(""); + goto done; + } + if (mtd_erase_blocks(ctx, -1) == -1) { + mtd_write_close(ctx); + printf("%s: failed to erase \"%s\"", name, location); + result = strdup(""); + goto done; + } + if (mtd_write_close(ctx) != 0) { + printf("%s: failed to close \"%s\"", name, location); + result = strdup(""); + goto done; + } + result = location; +#ifdef USE_EXT4 + } else if (strcmp(fs_type, "ext4") == 0) { + int status = make_ext4fs(location, atoll(fs_size), mount_point, sehandle); + if (status != 0) { + printf("%s: make_ext4fs failed (%d) on %s", + name, status, location); + result = strdup(""); + goto done; + } + result = location; + } else if (strcmp(fs_type, "f2fs") == 0) { + char *num_sectors; + if (asprintf(&num_sectors, "%lld", atoll(fs_size) / 512) <= 0) { + printf("format_volume: failed to create %s command for %s\n", fs_type, location); + result = strdup(""); + goto done; + } + const char *f2fs_path = "/sbin/mkfs.f2fs"; + const char* const f2fs_argv[] = {"mkfs.f2fs", "-t", "-d1", location, num_sectors, NULL}; + int status = exec_cmd(f2fs_path, (char* const*)f2fs_argv); + free(num_sectors); + if (status != 0) { + printf("%s: mkfs.f2fs failed (%d) on %s", + name, status, location); + result = strdup(""); + goto done; + } + result = location; +#endif + } else { + printf("%s: unsupported fs_type \"%s\" partition_type \"%s\"", + name, fs_type, partition_type); + } + +done: + free(fs_type); + free(partition_type); + if (result != location) free(location); + return StringValue(result); +} + +Value* RenameFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + + char* src_name; + char* dst_name; + + if (ReadArgs(state, argv, 2, &src_name, &dst_name) < 0) { + return NULL; + } + if (strlen(src_name) == 0) { + ErrorAbort(state, "src_name argument to %s() can't be empty", name); + goto done; + } + if (strlen(dst_name) == 0) { + ErrorAbort(state, "dst_name argument to %s() can't be empty", name); + goto done; + } + if (make_parents(dst_name) != 0) { + ErrorAbort(state, "Creating parent of %s failed, error %s", + dst_name, strerror(errno)); + } else if (access(dst_name, F_OK) == 0 && access(src_name, F_OK) != 0) { + // File was already moved + result = dst_name; + } else if (rename(src_name, dst_name) != 0) { + ErrorAbort(state, "Rename of %s to %s failed, error %s", + src_name, dst_name, strerror(errno)); + } else { + result = dst_name; + } + +done: + free(src_name); + if (result != dst_name) free(dst_name); + return StringValue(result); +} + +Value* DeleteFn(const char* name, State* state, int argc, Expr* argv[]) { + char** paths = reinterpret_cast(malloc(argc * sizeof(char*))); + for (int i = 0; i < argc; ++i) { + paths[i] = Evaluate(state, argv[i]); + if (paths[i] == NULL) { + int j; + for (j = 0; j < i; ++i) { + free(paths[j]); + } + free(paths); + return NULL; + } + } + + bool recursive = (strcmp(name, "delete_recursive") == 0); + + int success = 0; + for (int i = 0; i < argc; ++i) { + if ((recursive ? dirUnlinkHierarchy(paths[i]) : unlink(paths[i])) == 0) + ++success; + free(paths[i]); + } + free(paths); + + char buffer[10]; + sprintf(buffer, "%d", success); + return StringValue(strdup(buffer)); +} + + +Value* ShowProgressFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + char* frac_str; + char* sec_str; + if (ReadArgs(state, argv, 2, &frac_str, &sec_str) < 0) { + return NULL; + } + + double frac = strtod(frac_str, NULL); + int sec = strtol(sec_str, NULL, 10); + + UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); + fprintf(ui->cmd_pipe, "progress %f %d\n", frac, sec); + + free(sec_str); + return StringValue(frac_str); +} + +Value* SetProgressFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* frac_str; + if (ReadArgs(state, argv, 1, &frac_str) < 0) { + return NULL; + } + + double frac = strtod(frac_str, NULL); + + UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); + fprintf(ui->cmd_pipe, "set_progress %f\n", frac); + + return StringValue(frac_str); +} + +// package_extract_dir(package_path, destination_path) +Value* PackageExtractDirFn(const char* name, State* state, + int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + char* zip_path; + char* dest_path; + if (ReadArgs(state, argv, 2, &zip_path, &dest_path) < 0) return NULL; + + ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; + + // To create a consistent system image, never use the clock for timestamps. + struct utimbuf timestamp = { 1217592000, 1217592000 }; // 8/1/2008 default + + bool success = mzExtractRecursive(za, zip_path, dest_path, + ×tamp, + NULL, NULL, sehandle); + free(zip_path); + free(dest_path); + return StringValue(strdup(success ? "t" : "")); +} + + +// package_extract_file(package_path, destination_path) +// or +// package_extract_file(package_path) +// to return the entire contents of the file as the result of this +// function (the char* returned is actually a FileContents*). +Value* PackageExtractFileFn(const char* name, State* state, + int argc, Expr* argv[]) { + if (argc < 1 || argc > 2) { + return ErrorAbort(state, "%s() expects 1 or 2 args, got %d", + name, argc); + } + bool success = false; + + if (argc == 2) { + // The two-argument version extracts to a file. + + ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; + + char* zip_path; + char* dest_path; + if (ReadArgs(state, argv, 2, &zip_path, &dest_path) < 0) return NULL; + + const ZipEntry* entry = mzFindZipEntry(za, zip_path); + if (entry == NULL) { + printf("%s: no %s in package\n", name, zip_path); + goto done2; + } + + { + FILE* f = fopen(dest_path, "wb"); + if (f == NULL) { + printf("%s: can't open %s for write: %s\n", + name, dest_path, strerror(errno)); + goto done2; + } + success = mzExtractZipEntryToFile(za, entry, fileno(f)); + fclose(f); + } + + done2: + free(zip_path); + free(dest_path); + return StringValue(strdup(success ? "t" : "")); + } else { + // The one-argument version returns the contents of the file + // as the result. + + char* zip_path; + Value* v = reinterpret_cast(malloc(sizeof(Value))); + v->type = VAL_BLOB; + v->size = -1; + v->data = NULL; + + if (ReadArgs(state, argv, 1, &zip_path) < 0) return NULL; + + ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; + const ZipEntry* entry = mzFindZipEntry(za, zip_path); + if (entry == NULL) { + printf("%s: no %s in package\n", name, zip_path); + goto done1; + } + + v->size = mzGetZipEntryUncompLen(entry); + v->data = reinterpret_cast(malloc(v->size)); + if (v->data == NULL) { + printf("%s: failed to allocate %ld bytes for %s\n", + name, (long)v->size, zip_path); + goto done1; + } + + success = mzExtractZipEntryToBuffer(za, entry, + (unsigned char *)v->data); + + done1: + free(zip_path); + if (!success) { + free(v->data); + v->data = NULL; + v->size = -1; + } + return v; + } +} + +// Create all parent directories of name, if necessary. +static int make_parents(char* name) { + char* p; + for (p = name + (strlen(name)-1); p > name; --p) { + if (*p != '/') continue; + *p = '\0'; + if (make_parents(name) < 0) return -1; + int result = mkdir(name, 0700); + if (result == 0) printf("created [%s]\n", name); + *p = '/'; + if (result == 0 || errno == EEXIST) { + // successfully created or already existed; we're done + return 0; + } else { + printf("failed to mkdir %s: %s\n", name, strerror(errno)); + return -1; + } + } + return 0; +} + +// symlink target src1 src2 ... +// unlinks any previously existing src1, src2, etc before creating symlinks. +Value* SymlinkFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc == 0) { + return ErrorAbort(state, "%s() expects 1+ args, got %d", name, argc); + } + char* target; + target = Evaluate(state, argv[0]); + if (target == NULL) return NULL; + + char** srcs = ReadVarArgs(state, argc-1, argv+1); + if (srcs == NULL) { + free(target); + return NULL; + } + + int bad = 0; + int i; + for (i = 0; i < argc-1; ++i) { + if (unlink(srcs[i]) < 0) { + if (errno != ENOENT) { + printf("%s: failed to remove %s: %s\n", + name, srcs[i], strerror(errno)); + ++bad; + } + } + if (make_parents(srcs[i])) { + printf("%s: failed to symlink %s to %s: making parents failed\n", + name, srcs[i], target); + ++bad; + } + if (symlink(target, srcs[i]) < 0) { + printf("%s: failed to symlink %s to %s: %s\n", + name, srcs[i], target, strerror(errno)); + ++bad; + } + free(srcs[i]); + } + free(srcs); + if (bad) { + return ErrorAbort(state, "%s: some symlinks failed", name); + } + return StringValue(strdup("")); +} + +struct perm_parsed_args { + bool has_uid; + uid_t uid; + bool has_gid; + gid_t gid; + bool has_mode; + mode_t mode; + bool has_fmode; + mode_t fmode; + bool has_dmode; + mode_t dmode; + bool has_selabel; + char* selabel; + bool has_capabilities; + uint64_t capabilities; +}; + +static struct perm_parsed_args ParsePermArgs(State * state, int argc, char** args) { + int i; + struct perm_parsed_args parsed; + int bad = 0; + static int max_warnings = 20; + + memset(&parsed, 0, sizeof(parsed)); + + for (i = 1; i < argc; i += 2) { + if (strcmp("uid", args[i]) == 0) { + int64_t uid; + if (sscanf(args[i+1], "%" SCNd64, &uid) == 1) { + parsed.uid = uid; + parsed.has_uid = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid UID \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("gid", args[i]) == 0) { + int64_t gid; + if (sscanf(args[i+1], "%" SCNd64, &gid) == 1) { + parsed.gid = gid; + parsed.has_gid = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid GID \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("mode", args[i]) == 0) { + int32_t mode; + if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { + parsed.mode = mode; + parsed.has_mode = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid mode \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("dmode", args[i]) == 0) { + int32_t mode; + if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { + parsed.dmode = mode; + parsed.has_dmode = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid dmode \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("fmode", args[i]) == 0) { + int32_t mode; + if (sscanf(args[i+1], "%" SCNi32, &mode) == 1) { + parsed.fmode = mode; + parsed.has_fmode = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid fmode \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("capabilities", args[i]) == 0) { + int64_t capabilities; + if (sscanf(args[i+1], "%" SCNi64, &capabilities) == 1) { + parsed.capabilities = capabilities; + parsed.has_capabilities = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid capabilities \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (strcmp("selabel", args[i]) == 0) { + if (args[i+1][0] != '\0') { + parsed.selabel = args[i+1]; + parsed.has_selabel = true; + } else { + uiPrintf(state, "ParsePermArgs: invalid selabel \"%s\"\n", args[i + 1]); + bad++; + } + continue; + } + if (max_warnings != 0) { + printf("ParsedPermArgs: unknown key \"%s\", ignoring\n", args[i]); + max_warnings--; + if (max_warnings == 0) { + printf("ParsedPermArgs: suppressing further warnings\n"); + } + } + } + return parsed; +} + +static int ApplyParsedPerms( + State * state, + const char* filename, + const struct stat *statptr, + struct perm_parsed_args parsed) +{ + int bad = 0; + + if (parsed.has_selabel) { + if (lsetfilecon(filename, parsed.selabel) != 0) { + uiPrintf(state, "ApplyParsedPerms: lsetfilecon of %s to %s failed: %s\n", + filename, parsed.selabel, strerror(errno)); + bad++; + } + } + + /* ignore symlinks */ + if (S_ISLNK(statptr->st_mode)) { + return bad; + } + + if (parsed.has_uid) { + if (chown(filename, parsed.uid, -1) < 0) { + uiPrintf(state, "ApplyParsedPerms: chown of %s to %d failed: %s\n", + filename, parsed.uid, strerror(errno)); + bad++; + } + } + + if (parsed.has_gid) { + if (chown(filename, -1, parsed.gid) < 0) { + uiPrintf(state, "ApplyParsedPerms: chgrp of %s to %d failed: %s\n", + filename, parsed.gid, strerror(errno)); + bad++; + } + } + + if (parsed.has_mode) { + if (chmod(filename, parsed.mode) < 0) { + uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", + filename, parsed.mode, strerror(errno)); + bad++; + } + } + + if (parsed.has_dmode && S_ISDIR(statptr->st_mode)) { + if (chmod(filename, parsed.dmode) < 0) { + uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", + filename, parsed.dmode, strerror(errno)); + bad++; + } + } + + if (parsed.has_fmode && S_ISREG(statptr->st_mode)) { + if (chmod(filename, parsed.fmode) < 0) { + uiPrintf(state, "ApplyParsedPerms: chmod of %s to %d failed: %s\n", + filename, parsed.fmode, strerror(errno)); + bad++; + } + } + + if (parsed.has_capabilities && S_ISREG(statptr->st_mode)) { + if (parsed.capabilities == 0) { + if ((removexattr(filename, XATTR_NAME_CAPS) == -1) && (errno != ENODATA)) { + // Report failure unless it's ENODATA (attribute not set) + uiPrintf(state, "ApplyParsedPerms: removexattr of %s to %" PRIx64 " failed: %s\n", + filename, parsed.capabilities, strerror(errno)); + bad++; + } + } else { + struct vfs_cap_data cap_data; + memset(&cap_data, 0, sizeof(cap_data)); + cap_data.magic_etc = VFS_CAP_REVISION | VFS_CAP_FLAGS_EFFECTIVE; + cap_data.data[0].permitted = (uint32_t) (parsed.capabilities & 0xffffffff); + cap_data.data[0].inheritable = 0; + cap_data.data[1].permitted = (uint32_t) (parsed.capabilities >> 32); + cap_data.data[1].inheritable = 0; + if (setxattr(filename, XATTR_NAME_CAPS, &cap_data, sizeof(cap_data), 0) < 0) { + uiPrintf(state, "ApplyParsedPerms: setcap of %s to %" PRIx64 " failed: %s\n", + filename, parsed.capabilities, strerror(errno)); + bad++; + } + } + } + + return bad; +} + +// nftw doesn't allow us to pass along context, so we need to use +// global variables. *sigh* +static struct perm_parsed_args recursive_parsed_args; +static State* recursive_state; + +static int do_SetMetadataRecursive(const char* filename, const struct stat *statptr, + int fileflags, struct FTW *pfwt) { + return ApplyParsedPerms(recursive_state, filename, statptr, recursive_parsed_args); +} + +static Value* SetMetadataFn(const char* name, State* state, int argc, Expr* argv[]) { + int bad = 0; + struct stat sb; + Value* result = NULL; + + bool recursive = (strcmp(name, "set_metadata_recursive") == 0); + + if ((argc % 2) != 1) { + return ErrorAbort(state, "%s() expects an odd number of arguments, got %d", name, argc); + } + + char** args = ReadVarArgs(state, argc, argv); + if (args == NULL) return NULL; + + if (lstat(args[0], &sb) == -1) { + result = ErrorAbort(state, "%s: Error on lstat of \"%s\": %s", name, args[0], strerror(errno)); + goto done; + } + + { + struct perm_parsed_args parsed = ParsePermArgs(state, argc, args); + + if (recursive) { + recursive_parsed_args = parsed; + recursive_state = state; + bad += nftw(args[0], do_SetMetadataRecursive, 30, FTW_CHDIR | FTW_DEPTH | FTW_PHYS); + memset(&recursive_parsed_args, 0, sizeof(recursive_parsed_args)); + recursive_state = NULL; + } else { + bad += ApplyParsedPerms(state, args[0], &sb, parsed); + } + } + +done: + for (int i = 0; i < argc; ++i) { + free(args[i]); + } + free(args); + + if (result != NULL) { + return result; + } + + if (bad > 0) { + return ErrorAbort(state, "%s: some changes failed", name); + } + + return StringValue(strdup("")); +} + +Value* GetPropFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* key = Evaluate(state, argv[0]); + if (key == NULL) return NULL; + + char value[PROPERTY_VALUE_MAX]; + property_get(key, value, ""); + free(key); + + return StringValue(strdup(value)); +} + + +// file_getprop(file, key) +// +// interprets 'file' as a getprop-style file (key=value pairs, one +// per line. # comment lines,blank lines, lines without '=' ignored), +// and returns the value for 'key' (or "" if it isn't defined). +Value* FileGetPropFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + char* buffer = NULL; + char* filename; + char* key; + if (ReadArgs(state, argv, 2, &filename, &key) < 0) { + return NULL; + } + + struct stat st; + if (stat(filename, &st) < 0) { + ErrorAbort(state, "%s: failed to stat \"%s\": %s", name, filename, strerror(errno)); + goto done; + } + +#define MAX_FILE_GETPROP_SIZE 65536 + + if (st.st_size > MAX_FILE_GETPROP_SIZE) { + ErrorAbort(state, "%s too large for %s (max %d)", filename, name, MAX_FILE_GETPROP_SIZE); + goto done; + } + + buffer = reinterpret_cast(malloc(st.st_size+1)); + if (buffer == NULL) { + ErrorAbort(state, "%s: failed to alloc %lld bytes", name, (long long)st.st_size+1); + goto done; + } + + FILE* f; + f = fopen(filename, "rb"); + if (f == NULL) { + ErrorAbort(state, "%s: failed to open %s: %s", name, filename, strerror(errno)); + goto done; + } + + if (fread(buffer, 1, st.st_size, f) != st.st_size) { + ErrorAbort(state, "%s: failed to read %lld bytes from %s", + name, (long long)st.st_size+1, filename); + fclose(f); + goto done; + } + buffer[st.st_size] = '\0'; + + fclose(f); + + char* line; + line = strtok(buffer, "\n"); + do { + // skip whitespace at start of line + while (*line && isspace(*line)) ++line; + + // comment or blank line: skip to next line + if (*line == '\0' || *line == '#') continue; + + char* equal = strchr(line, '='); + if (equal == NULL) { + continue; + } + + // trim whitespace between key and '=' + char* key_end = equal-1; + while (key_end > line && isspace(*key_end)) --key_end; + key_end[1] = '\0'; + + // not the key we're looking for + if (strcmp(key, line) != 0) continue; + + // skip whitespace after the '=' to the start of the value + char* val_start = equal+1; + while(*val_start && isspace(*val_start)) ++val_start; + + // trim trailing whitespace + char* val_end = val_start + strlen(val_start)-1; + while (val_end > val_start && isspace(*val_end)) --val_end; + val_end[1] = '\0'; + + result = strdup(val_start); + break; + + } while ((line = strtok(NULL, "\n"))); + + if (result == NULL) result = strdup(""); + + done: + free(filename); + free(key); + free(buffer); + return StringValue(result); +} + +// write_raw_image(filename_or_blob, partition) +Value* WriteRawImageFn(const char* name, State* state, int argc, Expr* argv[]) { + char* result = NULL; + + Value* partition_value; + Value* contents; + if (ReadValueArgs(state, argv, 2, &contents, &partition_value) < 0) { + return NULL; + } + + char* partition = NULL; + if (partition_value->type != VAL_STRING) { + ErrorAbort(state, "partition argument to %s must be string", name); + goto done; + } + partition = partition_value->data; + if (strlen(partition) == 0) { + ErrorAbort(state, "partition argument to %s can't be empty", name); + goto done; + } + if (contents->type == VAL_STRING && strlen((char*) contents->data) == 0) { + ErrorAbort(state, "file argument to %s can't be empty", name); + goto done; + } + + mtd_scan_partitions(); + const MtdPartition* mtd; + mtd = mtd_find_partition_by_name(partition); + if (mtd == NULL) { + printf("%s: no mtd partition named \"%s\"\n", name, partition); + result = strdup(""); + goto done; + } + + MtdWriteContext* ctx; + ctx = mtd_write_partition(mtd); + if (ctx == NULL) { + printf("%s: can't write mtd partition \"%s\"\n", + name, partition); + result = strdup(""); + goto done; + } + + bool success; + + if (contents->type == VAL_STRING) { + // we're given a filename as the contents + char* filename = contents->data; + FILE* f = fopen(filename, "rb"); + if (f == NULL) { + printf("%s: can't open %s: %s\n", name, filename, strerror(errno)); + result = strdup(""); + goto done; + } + + success = true; + char* buffer = reinterpret_cast(malloc(BUFSIZ)); + int read; + while (success && (read = fread(buffer, 1, BUFSIZ, f)) > 0) { + int wrote = mtd_write_data(ctx, buffer, read); + success = success && (wrote == read); + } + free(buffer); + fclose(f); + } else { + // we're given a blob as the contents + ssize_t wrote = mtd_write_data(ctx, contents->data, contents->size); + success = (wrote == contents->size); + } + if (!success) { + printf("mtd_write_data to %s failed: %s\n", + partition, strerror(errno)); + } + + if (mtd_erase_blocks(ctx, -1) == -1) { + printf("%s: error erasing blocks of %s\n", name, partition); + } + if (mtd_write_close(ctx) != 0) { + printf("%s: error closing write of %s\n", name, partition); + } + + printf("%s %s partition\n", + success ? "wrote" : "failed to write", partition); + + result = success ? partition : strdup(""); + +done: + if (result != partition) FreeValue(partition_value); + FreeValue(contents); + return StringValue(result); +} + +// apply_patch_space(bytes) +Value* ApplyPatchSpaceFn(const char* name, State* state, + int argc, Expr* argv[]) { + char* bytes_str; + if (ReadArgs(state, argv, 1, &bytes_str) < 0) { + return NULL; + } + + char* endptr; + size_t bytes = strtol(bytes_str, &endptr, 10); + if (bytes == 0 && endptr == bytes_str) { + ErrorAbort(state, "%s(): can't parse \"%s\" as byte count\n\n", name, bytes_str); + free(bytes_str); + return NULL; + } + + return StringValue(strdup(CacheSizeCheck(bytes) ? "" : "t")); +} + +// apply_patch(file, size, init_sha1, tgt_sha1, patch) + +Value* ApplyPatchFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc < 6 || (argc % 2) == 1) { + return ErrorAbort(state, "%s(): expected at least 6 args and an " + "even number, got %d", + name, argc); + } + + char* source_filename; + char* target_filename; + char* target_sha1; + char* target_size_str; + if (ReadArgs(state, argv, 4, &source_filename, &target_filename, + &target_sha1, &target_size_str) < 0) { + return NULL; + } + + char* endptr; + size_t target_size = strtol(target_size_str, &endptr, 10); + if (target_size == 0 && endptr == target_size_str) { + ErrorAbort(state, "%s(): can't parse \"%s\" as byte count", + name, target_size_str); + free(source_filename); + free(target_filename); + free(target_sha1); + free(target_size_str); + return NULL; + } + + int patchcount = (argc-4) / 2; + Value** patches = ReadValueVarArgs(state, argc-4, argv+4); + + int i; + for (i = 0; i < patchcount; ++i) { + if (patches[i*2]->type != VAL_STRING) { + ErrorAbort(state, "%s(): sha-1 #%d is not string", name, i); + break; + } + if (patches[i*2+1]->type != VAL_BLOB) { + ErrorAbort(state, "%s(): patch #%d is not blob", name, i); + break; + } + } + if (i != patchcount) { + for (i = 0; i < patchcount*2; ++i) { + FreeValue(patches[i]); + } + free(patches); + return NULL; + } + + char** patch_sha_str = reinterpret_cast(malloc(patchcount * sizeof(char*))); + for (i = 0; i < patchcount; ++i) { + patch_sha_str[i] = patches[i*2]->data; + patches[i*2]->data = NULL; + FreeValue(patches[i*2]); + patches[i] = patches[i*2+1]; + } + + int result = applypatch(source_filename, target_filename, + target_sha1, target_size, + patchcount, patch_sha_str, patches, NULL); + + for (i = 0; i < patchcount; ++i) { + FreeValue(patches[i]); + } + free(patch_sha_str); + free(patches); + + return StringValue(strdup(result == 0 ? "t" : "")); +} + +// apply_patch_check(file, [sha1_1, ...]) +Value* ApplyPatchCheckFn(const char* name, State* state, + int argc, Expr* argv[]) { + if (argc < 1) { + return ErrorAbort(state, "%s(): expected at least 1 arg, got %d", + name, argc); + } + + char* filename; + if (ReadArgs(state, argv, 1, &filename) < 0) { + return NULL; + } + + int patchcount = argc-1; + char** sha1s = ReadVarArgs(state, argc-1, argv+1); + + int result = applypatch_check(filename, patchcount, sha1s); + + int i; + for (i = 0; i < patchcount; ++i) { + free(sha1s[i]); + } + free(sha1s); + + return StringValue(strdup(result == 0 ? "t" : "")); +} + +Value* UIPrintFn(const char* name, State* state, int argc, Expr* argv[]) { + char** args = ReadVarArgs(state, argc, argv); + if (args == NULL) { + return NULL; + } + + int size = 0; + int i; + for (i = 0; i < argc; ++i) { + size += strlen(args[i]); + } + char* buffer = reinterpret_cast(malloc(size+1)); + size = 0; + for (i = 0; i < argc; ++i) { + strcpy(buffer+size, args[i]); + size += strlen(args[i]); + free(args[i]); + } + free(args); + buffer[size] = '\0'; + uiPrint(state, buffer); + return StringValue(buffer); +} + +Value* WipeCacheFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 0) { + return ErrorAbort(state, "%s() expects no args, got %d", name, argc); + } + fprintf(((UpdaterInfo*)(state->cookie))->cmd_pipe, "wipe_cache\n"); + return StringValue(strdup("t")); +} + +Value* RunProgramFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc < 1) { + return ErrorAbort(state, "%s() expects at least 1 arg", name); + } + char** args = ReadVarArgs(state, argc, argv); + if (args == NULL) { + return NULL; + } + + char** args2 = reinterpret_cast(malloc(sizeof(char*) * (argc+1))); + memcpy(args2, args, sizeof(char*) * argc); + args2[argc] = NULL; + + printf("about to run program [%s] with %d args\n", args2[0], argc); + + pid_t child = fork(); + if (child == 0) { + execv(args2[0], args2); + printf("run_program: execv failed: %s\n", strerror(errno)); + _exit(1); + } + int status; + waitpid(child, &status, 0); + if (WIFEXITED(status)) { + if (WEXITSTATUS(status) != 0) { + printf("run_program: child exited with status %d\n", + WEXITSTATUS(status)); + } + } else if (WIFSIGNALED(status)) { + printf("run_program: child terminated by signal %d\n", + WTERMSIG(status)); + } + + int i; + for (i = 0; i < argc; ++i) { + free(args[i]); + } + free(args); + free(args2); + + char buffer[20]; + sprintf(buffer, "%d", status); + + return StringValue(strdup(buffer)); +} + +// sha1_check(data) +// to return the sha1 of the data (given in the format returned by +// read_file). +// +// sha1_check(data, sha1_hex, [sha1_hex, ...]) +// returns the sha1 of the file if it matches any of the hex +// strings passed, or "" if it does not equal any of them. +// +Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc < 1) { + return ErrorAbort(state, "%s() expects at least 1 arg", name); + } + + Value** args = ReadValueVarArgs(state, argc, argv); + if (args == NULL) { + return NULL; + } + + if (args[0]->size < 0) { + return StringValue(strdup("")); + } + uint8_t digest[SHA_DIGEST_SIZE]; + SHA_hash(args[0]->data, args[0]->size, digest); + FreeValue(args[0]); + + if (argc == 1) { + return StringValue(PrintSha1(digest)); + } + + int i; + uint8_t* arg_digest = reinterpret_cast(malloc(SHA_DIGEST_SIZE)); + for (i = 1; i < argc; ++i) { + if (args[i]->type != VAL_STRING) { + printf("%s(): arg %d is not a string; skipping", + name, i); + } else if (ParseSha1(args[i]->data, arg_digest) != 0) { + // Warn about bad args and skip them. + printf("%s(): error parsing \"%s\" as sha-1; skipping", + name, args[i]->data); + } else if (memcmp(digest, arg_digest, SHA_DIGEST_SIZE) == 0) { + break; + } + FreeValue(args[i]); + } + if (i >= argc) { + // Didn't match any of the hex strings; return false. + return StringValue(strdup("")); + } + // Found a match; free all the remaining arguments and return the + // matched one. + int j; + for (j = i+1; j < argc; ++j) { + FreeValue(args[j]); + } + return args[i]; +} + +// Read a local file and return its contents (the Value* returned +// is actually a FileContents*). +Value* ReadFileFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + char* filename; + if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; + + Value* v = reinterpret_cast(malloc(sizeof(Value))); + v->type = VAL_BLOB; + + FileContents fc; + if (LoadFileContents(filename, &fc) != 0) { + free(filename); + v->size = -1; + v->data = NULL; + free(fc.data); + return v; + } + + v->size = fc.size; + v->data = (char*)fc.data; + + free(filename); + return v; +} + +// Immediately reboot the device. Recovery is not finished normally, +// so if you reboot into recovery it will re-start applying the +// current package (because nothing has cleared the copy of the +// arguments stored in the BCB). +// +// The argument is the partition name passed to the android reboot +// property. It can be "recovery" to boot from the recovery +// partition, or "" (empty string) to boot from the regular boot +// partition. +Value* RebootNowFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + + char* filename; + char* property; + if (ReadArgs(state, argv, 2, &filename, &property) < 0) return NULL; + + char buffer[80]; + + // zero out the 'command' field of the bootloader message. + memset(buffer, 0, sizeof(((struct bootloader_message*)0)->command)); + FILE* f = fopen(filename, "r+b"); + fseek(f, offsetof(struct bootloader_message, command), SEEK_SET); + fwrite(buffer, sizeof(((struct bootloader_message*)0)->command), 1, f); + fclose(f); + free(filename); + + strcpy(buffer, "reboot,"); + if (property != NULL) { + strncat(buffer, property, sizeof(buffer)-10); + } + + property_set(ANDROID_RB_PROPERTY, buffer); + + sleep(5); + free(property); + ErrorAbort(state, "%s() failed to reboot", name); + return NULL; +} + +// Store a string value somewhere that future invocations of recovery +// can access it. This value is called the "stage" and can be used to +// drive packages that need to do reboots in the middle of +// installation and keep track of where they are in the multi-stage +// install. +// +// The first argument is the block device for the misc partition +// ("/misc" in the fstab), which is where this value is stored. The +// second argument is the string to store; it should not exceed 31 +// bytes. +Value* SetStageFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + + char* filename; + char* stagestr; + if (ReadArgs(state, argv, 2, &filename, &stagestr) < 0) return NULL; + + // Store this value in the misc partition, immediately after the + // bootloader message that the main recovery uses to save its + // arguments in case of the device restarting midway through + // package installation. + FILE* f = fopen(filename, "r+b"); + fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); + int to_write = strlen(stagestr)+1; + int max_size = sizeof(((struct bootloader_message*)0)->stage); + if (to_write > max_size) { + to_write = max_size; + stagestr[max_size-1] = 0; + } + fwrite(stagestr, to_write, 1, f); + fclose(f); + + free(stagestr); + return StringValue(filename); +} + +// Return the value most recently saved with SetStageFn. The argument +// is the block device for the misc partition. +Value* GetStageFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 1) { + return ErrorAbort(state, "%s() expects 1 arg, got %d", name, argc); + } + + char* filename; + if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; + + char buffer[sizeof(((struct bootloader_message*)0)->stage)]; + FILE* f = fopen(filename, "rb"); + fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); + fread(buffer, sizeof(buffer), 1, f); + fclose(f); + buffer[sizeof(buffer)-1] = '\0'; + + return StringValue(strdup(buffer)); +} + +Value* WipeBlockDeviceFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 2) { + return ErrorAbort(state, "%s() expects 2 args, got %d", name, argc); + } + + char* filename; + char* len_str; + if (ReadArgs(state, argv, 2, &filename, &len_str) < 0) return NULL; + + size_t len = strtoull(len_str, NULL, 0); + int fd = open(filename, O_WRONLY, 0644); + int success = wipe_block_device(fd, len); + + free(filename); + free(len_str); + + close(fd); + + return StringValue(strdup(success ? "t" : "")); +} + +Value* EnableRebootFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc != 0) { + return ErrorAbort(state, "%s() expects no args, got %d", name, argc); + } + UpdaterInfo* ui = (UpdaterInfo*)(state->cookie); + fprintf(ui->cmd_pipe, "enable_reboot\n"); + return StringValue(strdup("t")); +} + +Value* Tune2FsFn(const char* name, State* state, int argc, Expr* argv[]) { + if (argc == 0) { + return ErrorAbort(state, "%s() expects args, got %d", name, argc); + } + + char** args = ReadVarArgs(state, argc, argv); + if (args == NULL) { + return ErrorAbort(state, "%s() could not read args", name); + } + + char** args2 = reinterpret_cast(malloc(sizeof(char*) * (argc+1))); + // Tune2fs expects the program name as its args[0] + args2[0] = strdup(name); + for (int i = 0; i < argc; ++i) { + args2[i + 1] = args[i]; + } + int result = tune2fs_main(argc + 1, args2); + for (int i = 0; i < argc; ++i) { + free(args[i]); + } + free(args); + + free(args2[0]); + free(args2); + if (result != 0) { + return ErrorAbort(state, "%s() returned error code %d", name, result); + } + return StringValue(strdup("t")); +} + +void RegisterInstallFunctions() { + RegisterFunction("mount", MountFn); + RegisterFunction("is_mounted", IsMountedFn); + RegisterFunction("unmount", UnmountFn); + RegisterFunction("format", FormatFn); + RegisterFunction("show_progress", ShowProgressFn); + RegisterFunction("set_progress", SetProgressFn); + RegisterFunction("delete", DeleteFn); + RegisterFunction("delete_recursive", DeleteFn); + RegisterFunction("package_extract_dir", PackageExtractDirFn); + RegisterFunction("package_extract_file", PackageExtractFileFn); + RegisterFunction("symlink", SymlinkFn); + + // Usage: + // set_metadata("filename", "key1", "value1", "key2", "value2", ...) + // Example: + // set_metadata("/system/bin/netcfg", "uid", 0, "gid", 3003, "mode", 02750, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); + RegisterFunction("set_metadata", SetMetadataFn); + + // Usage: + // set_metadata_recursive("dirname", "key1", "value1", "key2", "value2", ...) + // Example: + // set_metadata_recursive("/system", "uid", 0, "gid", 0, "fmode", 0644, "dmode", 0755, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0); + RegisterFunction("set_metadata_recursive", SetMetadataFn); + + RegisterFunction("getprop", GetPropFn); + RegisterFunction("file_getprop", FileGetPropFn); + RegisterFunction("write_raw_image", WriteRawImageFn); + + RegisterFunction("apply_patch", ApplyPatchFn); + RegisterFunction("apply_patch_check", ApplyPatchCheckFn); + RegisterFunction("apply_patch_space", ApplyPatchSpaceFn); + + RegisterFunction("wipe_block_device", WipeBlockDeviceFn); + + RegisterFunction("read_file", ReadFileFn); + RegisterFunction("sha1_check", Sha1CheckFn); + RegisterFunction("rename", RenameFn); + + RegisterFunction("wipe_cache", WipeCacheFn); + + RegisterFunction("ui_print", UIPrintFn); + + RegisterFunction("run_program", RunProgramFn); + + RegisterFunction("reboot_now", RebootNowFn); + RegisterFunction("get_stage", GetStageFn); + RegisterFunction("set_stage", SetStageFn); + + RegisterFunction("enable_reboot", EnableRebootFn); + RegisterFunction("tune2fs", Tune2FsFn); +} diff --git a/updater/updater.c b/updater/updater.c deleted file mode 100644 index 661f69587..000000000 --- a/updater/updater.c +++ /dev/null @@ -1,169 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include - -#include "edify/expr.h" -#include "updater.h" -#include "install.h" -#include "blockimg.h" -#include "minzip/Zip.h" -#include "minzip/SysUtil.h" - -// Generated by the makefile, this function defines the -// RegisterDeviceExtensions() function, which calls all the -// registration functions for device-specific extensions. -#include "register.inc" - -// Where in the package we expect to find the edify script to execute. -// (Note it's "updateR-script", not the older "update-script".) -#define SCRIPT_NAME "META-INF/com/google/android/updater-script" - -struct selabel_handle *sehandle; - -int main(int argc, char** argv) { - // Various things log information to stdout or stderr more or less - // at random (though we've tried to standardize on stdout). The - // log file makes more sense if buffering is turned off so things - // appear in the right order. - setbuf(stdout, NULL); - setbuf(stderr, NULL); - - if (argc != 4) { - printf("unexpected number of arguments (%d)\n", argc); - return 1; - } - - char* version = argv[1]; - if ((version[0] != '1' && version[0] != '2' && version[0] != '3') || - version[1] != '\0') { - // We support version 1, 2, or 3. - printf("wrong updater binary API; expected 1, 2, or 3; " - "got %s\n", - argv[1]); - return 2; - } - - // Set up the pipe for sending commands back to the parent process. - - int fd = atoi(argv[2]); - FILE* cmd_pipe = fdopen(fd, "wb"); - setlinebuf(cmd_pipe); - - // Extract the script from the package. - - const char* package_filename = argv[3]; - MemMapping map; - if (sysMapFile(package_filename, &map) != 0) { - printf("failed to map package %s\n", argv[3]); - return 3; - } - ZipArchive za; - int err; - err = mzOpenZipArchive(map.addr, map.length, &za); - if (err != 0) { - printf("failed to open package %s: %s\n", - argv[3], strerror(err)); - return 3; - } - - const ZipEntry* script_entry = mzFindZipEntry(&za, SCRIPT_NAME); - if (script_entry == NULL) { - printf("failed to find %s in %s\n", SCRIPT_NAME, package_filename); - return 4; - } - - char* script = malloc(script_entry->uncompLen+1); - if (!mzReadZipEntry(&za, script_entry, script, script_entry->uncompLen)) { - printf("failed to read script from package\n"); - return 5; - } - script[script_entry->uncompLen] = '\0'; - - // Configure edify's functions. - - RegisterBuiltins(); - RegisterInstallFunctions(); - RegisterBlockImageFunctions(); - RegisterDeviceExtensions(); - FinishRegistration(); - - // Parse the script. - - Expr* root; - int error_count = 0; - int error = parse_string(script, &root, &error_count); - if (error != 0 || error_count > 0) { - printf("%d parse errors\n", error_count); - return 6; - } - - struct selinux_opt seopts[] = { - { SELABEL_OPT_PATH, "/file_contexts" } - }; - - sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1); - - if (!sehandle) { - fprintf(cmd_pipe, "ui_print Warning: No file_contexts\n"); - } - - // Evaluate the parsed script. - - UpdaterInfo updater_info; - updater_info.cmd_pipe = cmd_pipe; - updater_info.package_zip = &za; - updater_info.version = atoi(version); - updater_info.package_zip_addr = map.addr; - updater_info.package_zip_len = map.length; - - State state; - state.cookie = &updater_info; - state.script = script; - state.errmsg = NULL; - - char* result = Evaluate(&state, root); - if (result == NULL) { - if (state.errmsg == NULL) { - printf("script aborted (no error message)\n"); - fprintf(cmd_pipe, "ui_print script aborted (no error message)\n"); - } else { - printf("script aborted: %s\n", state.errmsg); - char* line = strtok(state.errmsg, "\n"); - while (line) { - fprintf(cmd_pipe, "ui_print %s\n", line); - line = strtok(NULL, "\n"); - } - fprintf(cmd_pipe, "ui_print\n"); - } - free(state.errmsg); - return 7; - } else { - fprintf(cmd_pipe, "ui_print script succeeded: result was [%s]\n", result); - free(result); - } - - if (updater_info.package_zip) { - mzCloseZipArchive(updater_info.package_zip); - } - sysReleaseMap(&map); - free(script); - - return 0; -} diff --git a/updater/updater.cpp b/updater/updater.cpp new file mode 100644 index 000000000..0f22e6d04 --- /dev/null +++ b/updater/updater.cpp @@ -0,0 +1,169 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include + +#include "edify/expr.h" +#include "updater.h" +#include "install.h" +#include "blockimg.h" +#include "minzip/Zip.h" +#include "minzip/SysUtil.h" + +// Generated by the makefile, this function defines the +// RegisterDeviceExtensions() function, which calls all the +// registration functions for device-specific extensions. +#include "register.inc" + +// Where in the package we expect to find the edify script to execute. +// (Note it's "updateR-script", not the older "update-script".) +#define SCRIPT_NAME "META-INF/com/google/android/updater-script" + +struct selabel_handle *sehandle; + +int main(int argc, char** argv) { + // Various things log information to stdout or stderr more or less + // at random (though we've tried to standardize on stdout). The + // log file makes more sense if buffering is turned off so things + // appear in the right order. + setbuf(stdout, NULL); + setbuf(stderr, NULL); + + if (argc != 4) { + printf("unexpected number of arguments (%d)\n", argc); + return 1; + } + + char* version = argv[1]; + if ((version[0] != '1' && version[0] != '2' && version[0] != '3') || + version[1] != '\0') { + // We support version 1, 2, or 3. + printf("wrong updater binary API; expected 1, 2, or 3; " + "got %s\n", + argv[1]); + return 2; + } + + // Set up the pipe for sending commands back to the parent process. + + int fd = atoi(argv[2]); + FILE* cmd_pipe = fdopen(fd, "wb"); + setlinebuf(cmd_pipe); + + // Extract the script from the package. + + const char* package_filename = argv[3]; + MemMapping map; + if (sysMapFile(package_filename, &map) != 0) { + printf("failed to map package %s\n", argv[3]); + return 3; + } + ZipArchive za; + int err; + err = mzOpenZipArchive(map.addr, map.length, &za); + if (err != 0) { + printf("failed to open package %s: %s\n", + argv[3], strerror(err)); + return 3; + } + + const ZipEntry* script_entry = mzFindZipEntry(&za, SCRIPT_NAME); + if (script_entry == NULL) { + printf("failed to find %s in %s\n", SCRIPT_NAME, package_filename); + return 4; + } + + char* script = reinterpret_cast(malloc(script_entry->uncompLen+1)); + if (!mzReadZipEntry(&za, script_entry, script, script_entry->uncompLen)) { + printf("failed to read script from package\n"); + return 5; + } + script[script_entry->uncompLen] = '\0'; + + // Configure edify's functions. + + RegisterBuiltins(); + RegisterInstallFunctions(); + RegisterBlockImageFunctions(); + RegisterDeviceExtensions(); + FinishRegistration(); + + // Parse the script. + + Expr* root; + int error_count = 0; + int error = parse_string(script, &root, &error_count); + if (error != 0 || error_count > 0) { + printf("%d parse errors\n", error_count); + return 6; + } + + struct selinux_opt seopts[] = { + { SELABEL_OPT_PATH, "/file_contexts" } + }; + + sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1); + + if (!sehandle) { + fprintf(cmd_pipe, "ui_print Warning: No file_contexts\n"); + } + + // Evaluate the parsed script. + + UpdaterInfo updater_info; + updater_info.cmd_pipe = cmd_pipe; + updater_info.package_zip = &za; + updater_info.version = atoi(version); + updater_info.package_zip_addr = map.addr; + updater_info.package_zip_len = map.length; + + State state; + state.cookie = &updater_info; + state.script = script; + state.errmsg = NULL; + + char* result = Evaluate(&state, root); + if (result == NULL) { + if (state.errmsg == NULL) { + printf("script aborted (no error message)\n"); + fprintf(cmd_pipe, "ui_print script aborted (no error message)\n"); + } else { + printf("script aborted: %s\n", state.errmsg); + char* line = strtok(state.errmsg, "\n"); + while (line) { + fprintf(cmd_pipe, "ui_print %s\n", line); + line = strtok(NULL, "\n"); + } + fprintf(cmd_pipe, "ui_print\n"); + } + free(state.errmsg); + return 7; + } else { + fprintf(cmd_pipe, "ui_print script succeeded: result was [%s]\n", result); + free(result); + } + + if (updater_info.package_zip) { + mzCloseZipArchive(updater_info.package_zip); + } + sysReleaseMap(&map); + free(script); + + return 0; +} -- cgit v1.2.3 From 27604fcbee0010b800bfc16b5bf7a48c365c2cf3 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 17 Jul 2015 11:47:44 -0700 Subject: applypatch: Refactor strtok(). We have android::base::Split() for the work. Change-Id: Ic529db42090f700e6455d465c8b84b7f52d34d63 (cherry picked from commit 0a47ce27de454e272a883a0c452fad627fd7f419) --- applypatch/Android.mk | 6 +- applypatch/applypatch.cpp | 136 ++++++++++++++++++---------------------------- 2 files changed, 56 insertions(+), 86 deletions(-) diff --git a/applypatch/Android.mk b/applypatch/Android.mk index 1f73fd897..cc17a13ae 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -21,7 +21,7 @@ LOCAL_SRC_FILES := applypatch.cpp bspatch.cpp freecache.cpp imgpatch.cpp utils.c LOCAL_MODULE := libapplypatch LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += external/bzip2 external/zlib bootable/recovery -LOCAL_STATIC_LIBRARIES += libmtdutils libmincrypt libbz libz +LOCAL_STATIC_LIBRARIES += libbase libmtdutils libmincrypt libbz libz include $(BUILD_STATIC_LIBRARY) @@ -31,7 +31,7 @@ LOCAL_CLANG := true LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery -LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libmtdutils libmincrypt libbz LOCAL_SHARED_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) @@ -44,7 +44,7 @@ LOCAL_MODULE := applypatch_static LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += bootable/recovery -LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libmtdutils libmincrypt libbz LOCAL_STATIC_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 96bd88e88..026863330 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -25,6 +25,8 @@ #include #include +#include + #include "mincrypt/sha.h" #include "applypatch.h" #include "mtdutils/mtdutils.h" @@ -42,7 +44,7 @@ static int GenerateTarget(FileContents* source_file, size_t target_size, const Value* bonus_data); -static int mtd_partitions_scanned = 0; +static bool mtd_partitions_scanned = false; // Read a file into memory; store the file contents and associated // metadata in *file. @@ -87,21 +89,6 @@ int LoadFileContents(const char* filename, FileContents* file) { return 0; } -static size_t* size_array; -// comparison function for qsort()ing an int array of indexes into -// size_array[]. -static int compare_size_indices(const void* a, const void* b) { - const int aa = *reinterpret_cast(a); - const int bb = *reinterpret_cast(b); - if (size_array[aa] < size_array[bb]) { - return -1; - } else if (size_array[aa] > size_array[bb]) { - return 1; - } else { - return 0; - } -} - // Load the contents of an MTD or EMMC partition into the provided // FileContents. filename should be a string of the form // "MTD::::::..." (or @@ -120,53 +107,45 @@ static int compare_size_indices(const void* a, const void* b) { enum PartitionType { MTD, EMMC }; static int LoadPartitionContents(const char* filename, FileContents* file) { - char* copy = strdup(filename); - const char* magic = strtok(copy, ":"); + std::string copy(filename); + std::vector pieces = android::base::Split(copy, ":"); + if (pieces.size() < 4 || pieces.size() % 2 != 0) { + printf("LoadPartitionContents called with bad filename (%s)\n", filename); + return -1; + } enum PartitionType type; - - if (strcmp(magic, "MTD") == 0) { + if (pieces[0] == "MTD") { type = MTD; - } else if (strcmp(magic, "EMMC") == 0) { + } else if (pieces[0] == "EMMC") { type = EMMC; } else { printf("LoadPartitionContents called with bad filename (%s)\n", filename); return -1; } - const char* partition = strtok(NULL, ":"); + const char* partition = pieces[1].c_str(); - int i; - int colons = 0; - for (i = 0; filename[i] != '\0'; ++i) { - if (filename[i] == ':') { - ++colons; - } - } - if (colons < 3 || colons%2 == 0) { - printf("LoadPartitionContents called with bad filename (%s)\n", - filename); - } - - int pairs = (colons-1)/2; // # of (size,sha1) pairs in filename - int* index = reinterpret_cast(malloc(pairs * sizeof(int))); - size_t* size = reinterpret_cast(malloc(pairs * sizeof(size_t))); - char** sha1sum = reinterpret_cast(malloc(pairs * sizeof(char*))); + size_t pairs = (pieces.size() - 2) / 2; // # of (size, sha1) pairs in filename + std::vector index(pairs); + std::vector size(pairs); + std::vector sha1sum(pairs); - for (i = 0; i < pairs; ++i) { - const char* size_str = strtok(NULL, ":"); - size[i] = strtol(size_str, NULL, 10); + for (size_t i = 0; i < pairs; ++i) { + size[i] = strtol(pieces[i*2+2].c_str(), NULL, 10); if (size[i] == 0) { printf("LoadPartitionContents called with bad size (%s)\n", filename); return -1; } - sha1sum[i] = strtok(NULL, ":"); + sha1sum[i] = pieces[i*2+3].c_str(); index[i] = i; } - // sort the index[] array so it indexes the pairs in order of - // increasing size. - size_array = size; - qsort(index, pairs, sizeof(int), compare_size_indices); + // Sort the index[] array so it indexes the pairs in order of increasing size. + sort(index.begin(), index.end(), + [&](const size_t& i, const size_t& j) { + return (size[i] < size[j]); + } + ); MtdReadContext* ctx = NULL; FILE* dev = NULL; @@ -175,20 +154,18 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { case MTD: { if (!mtd_partitions_scanned) { mtd_scan_partitions(); - mtd_partitions_scanned = 1; + mtd_partitions_scanned = true; } const MtdPartition* mtd = mtd_find_partition_by_name(partition); if (mtd == NULL) { - printf("mtd partition \"%s\" not found (loading %s)\n", - partition, filename); + printf("mtd partition \"%s\" not found (loading %s)\n", partition, filename); return -1; } ctx = mtd_read_partition(mtd); if (ctx == NULL) { - printf("failed to initialize read of mtd partition \"%s\"\n", - partition); + printf("failed to initialize read of mtd partition \"%s\"\n", partition); return -1; } break; @@ -197,8 +174,7 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { case EMMC: dev = fopen(partition, "rb"); if (dev == NULL) { - printf("failed to open emmc partition \"%s\": %s\n", - partition, strerror(errno)); + printf("failed to open emmc partition \"%s\": %s\n", partition, strerror(errno)); return -1; } } @@ -207,15 +183,15 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { SHA_init(&sha_ctx); uint8_t parsed_sha[SHA_DIGEST_SIZE]; - // allocate enough memory to hold the largest size. + // Allocate enough memory to hold the largest size. file->data = reinterpret_cast(malloc(size[index[pairs-1]])); char* p = (char*)file->data; file->size = 0; // # bytes read so far + bool found = false; - for (i = 0; i < pairs; ++i) { - // Read enough additional bytes to get us up to the next size - // (again, we're trying the possibilities in order of increasing - // size). + for (size_t i = 0; i < pairs; ++i) { + // Read enough additional bytes to get us up to the next size. (Again, + // we're trying the possibilities in order of increasing size). size_t next = size[index[i]] - file->size; size_t read = 0; if (next > 0) { @@ -245,8 +221,8 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); const uint8_t* sha_so_far = SHA_final(&temp_ctx); - if (ParseSha1(sha1sum[index[i]], parsed_sha) != 0) { - printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]], filename); + if (ParseSha1(sha1sum[index[i]].c_str(), parsed_sha) != 0) { + printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]].c_str(), filename); free(file->data); file->data = NULL; return -1; @@ -256,7 +232,8 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { // we have a match. stop reading the partition; we'll return // the data we've read so far. printf("partition read matched size %zu sha %s\n", - size[index[i]], sha1sum[index[i]]); + size[index[i]], sha1sum[index[i]].c_str()); + found = true; break; } @@ -274,9 +251,8 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { } - if (i == pairs) { - // Ran off the end of the list of (size,sha1) pairs without - // finding a match. + if (!found) { + // Ran off the end of the list of (size,sha1) pairs without finding a match. printf("contents of partition \"%s\" didn't match %s\n", partition, filename); free(file->data); file->data = NULL; @@ -293,11 +269,6 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { file->st.st_uid = 0; file->st.st_gid = 0; - free(copy); - free(index); - free(size); - free(sha1sum); - return 0; } @@ -340,33 +311,33 @@ int SaveFileContents(const char* filename, const FileContents* file) { } // Write a memory buffer to 'target' partition, a string of the form -// "MTD:[:...]" or "EMMC::". Return 0 on +// "MTD:[:...]" or "EMMC:". Return 0 on // success. int WriteToPartition(unsigned char* data, size_t len, const char* target) { - char* copy = strdup(target); - const char* magic = strtok(copy, ":"); + std::string copy(target); + std::vector pieces = android::base::Split(copy, ":"); + + if (pieces.size() != 2) { + printf("WriteToPartition called with bad target (%s)\n", target); + return -1; + } enum PartitionType type; - if (strcmp(magic, "MTD") == 0) { + if (pieces[0] == "MTD") { type = MTD; - } else if (strcmp(magic, "EMMC") == 0) { + } else if (pieces[0] == "EMMC") { type = EMMC; } else { printf("WriteToPartition called with bad target (%s)\n", target); return -1; } - const char* partition = strtok(NULL, ":"); - - if (partition == NULL) { - printf("bad partition target name \"%s\"\n", target); - return -1; - } + const char* partition = pieces[1].c_str(); switch (type) { case MTD: { if (!mtd_partitions_scanned) { mtd_scan_partitions(); - mtd_partitions_scanned = 1; + mtd_partitions_scanned = true; } const MtdPartition* mtd = mtd_find_partition_by_name(partition); @@ -410,7 +381,7 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { return -1; } - for (int attempt = 0; attempt < 2; ++attempt) { + for (size_t attempt = 0; attempt < 2; ++attempt) { if (TEMP_FAILURE_RETRY(lseek(fd, start, SEEK_SET)) == -1) { printf("failed seek on %s: %s\n", partition, strerror(errno)); return -1; @@ -510,7 +481,6 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { } } - free(copy); return 0; } -- cgit v1.2.3 From 3b199267d6d4c279cbef3286a74e16bf92dd8d8a Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 17 Jul 2015 13:39:52 -0700 Subject: updater: libapplypatch needs libbase now. Change-Id: Ibe3173edd6274b61bd9ca5ec394d7f6b4a403639 (cherry picked from commit 1b1ea17d554d127a970afe1d6004dd4627cd596e) --- updater/Android.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater/Android.mk b/updater/Android.mk index 0d4179b23..82fa7e265 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -44,7 +44,7 @@ LOCAL_STATIC_LIBRARIES += \ endif LOCAL_STATIC_LIBRARIES += $(TARGET_RECOVERY_UPDATER_LIBS) $(TARGET_RECOVERY_UPDATER_EXTRA_LIBS) -LOCAL_STATIC_LIBRARIES += libapplypatch libedify libmtdutils libminzip libz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libedify libmtdutils libminzip libz LOCAL_STATIC_LIBRARIES += libmincrypt libbz LOCAL_STATIC_LIBRARIES += libcutils liblog libc LOCAL_STATIC_LIBRARIES += libselinux -- cgit v1.2.3 From f47259b18492c921445d9e437a9f9ed11c52fac6 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 17 Jul 2015 18:11:12 -0700 Subject: applypatch: Support flash mode. We may carry a full copy of recovery image in the /system, and use /system/bin/install-recovery.sh to install the recovery. This CL adds support to flash the recovery partition with the given image. Bug: 22641135 Change-Id: I345eaaee269f6443527f45a9be7e4ee47f6b2b39 (cherry picked from commit 68c5a6796737bb583a8bdfa4c9cd9c7f12ef4276) --- applypatch/applypatch.cpp | 84 ++++++++++++++++++++++++++++++++++++++++------- applypatch/applypatch.h | 2 ++ applypatch/main.cpp | 27 ++++++++++++--- 3 files changed, 97 insertions(+), 16 deletions(-) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 026863330..2446b2a68 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -43,6 +43,7 @@ static int GenerateTarget(FileContents* source_file, const uint8_t target_sha1[SHA_DIGEST_SIZE], size_t target_size, const Value* bonus_data); +static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]); static bool mtd_partitions_scanned = false; @@ -461,7 +462,7 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { } if (start == len) { - printf("verification read succeeded (attempt %d)\n", attempt+1); + printf("verification read succeeded (attempt %zu)\n", attempt+1); success = true; break; } @@ -628,12 +629,14 @@ int CacheSizeCheck(size_t bytes) { } } -static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { +static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { const char* hex = "0123456789abcdef"; + std::string result = ""; for (size_t i = 0; i < 4; ++i) { - putchar(hex[(sha1[i]>>4) & 0xf]); - putchar(hex[sha1[i] & 0xf]); + result.push_back(hex[(sha1[i]>>4) & 0xf]); + result.push_back(hex[sha1[i] & 0xf]); } + return result; } // This function applies binary patches to files in a way that is safe @@ -648,7 +651,7 @@ static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { // entries in , the corresponding patch from // (which must be a VAL_BLOB) is applied to produce a // new file (the type of patch is automatically detected from the -// blob daat). If that new file has sha1 hash , +// blob data). If that new file has sha1 hash , // moves it to replace , and exits successfully. // Note that if and are not the // same, is NOT deleted on success. @@ -659,7 +662,7 @@ static void print_short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { // status. // // may refer to a partition to read the source data. -// See the comments for the LoadPartition Contents() function above +// See the comments for the LoadPartitionContents() function above // for the format of such a filename. int applypatch(const char* source_filename, @@ -694,9 +697,7 @@ int applypatch(const char* source_filename, if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { // The early-exit case: the patch was already applied, this file // has the desired hash, nothing for us to do. - printf("already "); - print_short_sha1(target_sha1); - putchar('\n'); + printf("already %s\n", short_sha1(target_sha1).c_str()); free(source_file.data); return 0; } @@ -753,6 +754,67 @@ int applypatch(const char* source_filename, return result; } +/* + * This function flashes a given image to the target partition. It verifies + * the target cheksum first, and will return if target has the desired hash. + * It checks the checksum of the given source image before flashing, and + * verifies the target partition afterwards. The function is idempotent. + * Returns zero on success. + */ +int applypatch_flash(const char* source_filename, const char* target_filename, + const char* target_sha1_str, size_t target_size) { + printf("flash %s: ", target_filename); + + uint8_t target_sha1[SHA_DIGEST_SIZE]; + if (ParseSha1(target_sha1_str, target_sha1) != 0) { + printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); + return 1; + } + + FileContents source_file; + source_file.data = NULL; + std::string target_str(target_filename); + + std::vector pieces = android::base::Split(target_str, ":"); + if (pieces.size() != 2 || (pieces[0] != "MTD" && pieces[0] != "EMMC")) { + printf("invalid target name \"%s\"", target_filename); + return 1; + } + + // Load the target into the source_file object to see if already applied. + pieces.push_back(std::to_string(target_size)); + pieces.push_back(target_sha1_str); + std::string fullname = android::base::Join(pieces, ':'); + if (LoadPartitionContents(fullname.c_str(), &source_file) == 0 && + memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { + // The early-exit case: the image was already applied, this partition + // has the desired hash, nothing for us to do. + printf("already %s\n", short_sha1(target_sha1).c_str()); + free(source_file.data); + return 0; + } + + if (LoadFileContents(source_filename, &source_file) == 0) { + if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { + // The source doesn't have desired checksum. + printf("source \"%s\" doesn't have expected sha1 sum\n", source_filename); + printf("expected: %s, found: %s\n", short_sha1(target_sha1).c_str(), + short_sha1(source_file.sha1).c_str()); + free(source_file.data); + return 1; + } + } + + if (WriteToPartition(source_file.data, target_size, target_filename) != 0) { + printf("write of copied data to %s failed\n", target_filename); + free(source_file.data); + return 1; + } + + free(source_file.data); + return 0; +} + static int GenerateTarget(FileContents* source_file, const Value* source_patch_value, FileContents* copy_file, @@ -953,9 +1015,7 @@ static int GenerateTarget(FileContents* source_file, printf("patch did not produce expected sha1\n"); return 1; } else { - printf("now "); - print_short_sha1(target_sha1); - putchar('\n'); + printf("now %s\n", short_sha1(target_sha1).c_str()); } if (output < 0) { diff --git a/applypatch/applypatch.h b/applypatch/applypatch.h index edec84812..415bc1b3c 100644 --- a/applypatch/applypatch.h +++ b/applypatch/applypatch.h @@ -48,6 +48,8 @@ size_t FreeSpaceForFile(const char* filename); int CacheSizeCheck(size_t bytes); int ParseSha1(const char* str, uint8_t* digest); +int applypatch_flash(const char* source_filename, const char* target_filename, + const char* target_sha1_str, size_t target_size); int applypatch(const char* source_filename, const char* target_filename, const char* target_sha1_str, diff --git a/applypatch/main.cpp b/applypatch/main.cpp index 63ff5c2c0..966d8b91f 100644 --- a/applypatch/main.cpp +++ b/applypatch/main.cpp @@ -47,8 +47,8 @@ static int SpaceMode(int argc, char** argv) { // ":" into the new parallel arrays *sha1s and // *patches (loading file contents into the patches). Returns true on // success. -static bool ParsePatchArgs(int argc, char** argv, - char*** sha1s, Value*** patches, int* num_patches) { +static bool ParsePatchArgs(int argc, char** argv, char*** sha1s, + Value*** patches, int* num_patches) { *num_patches = argc; *sha1s = reinterpret_cast(malloc(*num_patches * sizeof(char*))); *patches = reinterpret_cast(malloc(*num_patches * sizeof(Value*))); @@ -98,7 +98,12 @@ static bool ParsePatchArgs(int argc, char** argv, return false; } -int PatchMode(int argc, char** argv) { +static int FlashMode(const char* src_filename, const char* tgt_filename, + const char* tgt_sha1, size_t tgt_size) { + return applypatch_flash(src_filename, tgt_filename, tgt_sha1, tgt_size); +} + +static int PatchMode(int argc, char** argv) { Value* bonus = NULL; if (argc >= 3 && strcmp(argv[1], "-b") == 0) { FileContents fc; @@ -114,7 +119,7 @@ int PatchMode(int argc, char** argv) { argv += 2; } - if (argc < 6) { + if (argc < 4) { return 2; } @@ -125,6 +130,16 @@ int PatchMode(int argc, char** argv) { return 1; } + // If no : is provided, it is in flash mode. + if (argc == 5) { + if (bonus != NULL) { + printf("bonus file not supported in flash mode\n"); + return 1; + } + return FlashMode(argv[1], argv[2], argv[3], target_size); + } + + char** sha1s; Value** patches; int num_patches; @@ -162,6 +177,10 @@ int PatchMode(int argc, char** argv) { // - if the sha1 hash of is , does nothing and exits // successfully. // +// - otherwise, if no : is provided, flashes with +// . must be a partition name, while must +// be a regular image file. will not be deleted on success. +// // - otherwise, if the sha1 hash of is , applies the // bsdiff to to produce a new file (the type of patch // is automatically detected from the file header). If that new -- cgit v1.2.3 From 32ac97675bade3681203c46d001f76b11a359fd5 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 24 Jul 2015 15:29:12 -0700 Subject: applypatch: Fix the checking in WriteToPartition(). WriteToPartition() should consider a target name as valid if it contains multiple colons. But only the first two fields will be used. Bug: 22725128 Change-Id: I9d0236eaf97df9db9704acf53690d0ef85188e45 (cherry picked from commit 1ce7a2a63db84527e6195a6b123b1617f87c0f38) --- applypatch/applypatch.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 2446b2a68..751d3e392 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -312,13 +312,14 @@ int SaveFileContents(const char* filename, const FileContents* file) { } // Write a memory buffer to 'target' partition, a string of the form -// "MTD:[:...]" or "EMMC:". Return 0 on -// success. +// "MTD:[:...]" or "EMMC:[:...]". The target name +// might contain multiple colons, but WriteToPartition() only uses the first +// two and ignores the rest. Return 0 on success. int WriteToPartition(unsigned char* data, size_t len, const char* target) { std::string copy(target); std::vector pieces = android::base::Split(copy, ":"); - if (pieces.size() != 2) { + if (pieces.size() < 2) { printf("WriteToPartition called with bad target (%s)\n", target); return -1; } -- cgit v1.2.3 From 8f90389966fabf532b24741d49245215279533e1 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 30 Jul 2015 14:43:27 -0700 Subject: recovery: Allow "Mount /system" for system_root_image. When system images contain the root directory, there is no entry of "/system" in the fstab. Change it to look for "/" instead if ro.build.system_root_image is true. We actually mount the partition to /system_root instead, and create a symlink to /system_root/system for /system. This allows "adb shell" to work properly. Bug: 22855115 Change-Id: I91864444950dc3229fda3cc133ddbadeb8817fb8 (cherry picked from commit abb8f7785ee24eac42f6d28dbfef37872a06c7e9) --- recovery.cpp | 19 +++++++++++++++++-- roots.cpp | 26 ++++++++++++++++++-------- roots.h | 13 ++++--------- 3 files changed, 39 insertions(+), 19 deletions(-) diff --git a/recovery.cpp b/recovery.cpp index a0c74524e..09b061d7d 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -862,9 +862,24 @@ prompt_and_wait(Device* device, int status) { break; case Device::MOUNT_SYSTEM: - if (ensure_path_mounted("/system") != -1) { - ui->Print("Mounted /system.\n"); + char system_root_image[PROPERTY_VALUE_MAX]; + property_get("ro.build.system_root_image", system_root_image, ""); + + // For a system image built with the root directory (i.e. + // system_root_image == "true"), we mount it to /system_root, and symlink /system + // to /system_root/system to make adb shell work (the symlink is created through + // the build system). + // Bug: 22855115 + if (strcmp(system_root_image, "true") == 0) { + if (ensure_path_mounted_at("/", "/system_root") != -1) { + ui->Print("Mounted /system.\n"); + } + } else { + if (ensure_path_mounted("/system") != -1) { + ui->Print("Mounted /system.\n"); + } } + break; } } diff --git a/roots.cpp b/roots.cpp index 9288177e7..12c6b5ee2 100644 --- a/roots.cpp +++ b/roots.cpp @@ -70,7 +70,8 @@ Volume* volume_for_path(const char* path) { return fs_mgr_get_entry_for_mount_point(fstab, path); } -int ensure_path_mounted(const char* path) { +// Mount the volume specified by path at the given mount_point. +int ensure_path_mounted_at(const char* path, const char* mount_point) { Volume* v = volume_for_path(path); if (v == NULL) { LOGE("unknown volume for path [%s]\n", path); @@ -88,14 +89,18 @@ int ensure_path_mounted(const char* path) { return -1; } + if (!mount_point) { + mount_point = v->mount_point; + } + const MountedVolume* mv = - find_mounted_volume_by_mount_point(v->mount_point); + find_mounted_volume_by_mount_point(mount_point); if (mv) { // volume is already mounted return 0; } - mkdir(v->mount_point, 0755); // in case it doesn't already exist + mkdir(mount_point, 0755); // in case it doesn't already exist if (strcmp(v->fs_type, "yaffs2") == 0) { // mount an MTD partition as a YAFFS2 filesystem. @@ -104,25 +109,30 @@ int ensure_path_mounted(const char* path) { partition = mtd_find_partition_by_name(v->blk_device); if (partition == NULL) { LOGE("failed to find \"%s\" partition to mount at \"%s\"\n", - v->blk_device, v->mount_point); + v->blk_device, mount_point); return -1; } - return mtd_mount_partition(partition, v->mount_point, v->fs_type, 0); + return mtd_mount_partition(partition, mount_point, v->fs_type, 0); } else if (strcmp(v->fs_type, "ext4") == 0 || strcmp(v->fs_type, "squashfs") == 0 || strcmp(v->fs_type, "vfat") == 0) { - result = mount(v->blk_device, v->mount_point, v->fs_type, + result = mount(v->blk_device, mount_point, v->fs_type, v->flags, v->fs_options); if (result == 0) return 0; - LOGE("failed to mount %s (%s)\n", v->mount_point, strerror(errno)); + LOGE("failed to mount %s (%s)\n", mount_point, strerror(errno)); return -1; } - LOGE("unknown fs_type \"%s\" for %s\n", v->fs_type, v->mount_point); + LOGE("unknown fs_type \"%s\" for %s\n", v->fs_type, mount_point); return -1; } +int ensure_path_mounted(const char* path) { + // Mount at the default mount point. + return ensure_path_mounted_at(path, nullptr); +} + int ensure_path_unmounted(const char* path) { Volume* v = volume_for_path(path); if (v == NULL) { diff --git a/roots.h b/roots.h index 230d9ded3..6e3b24355 100644 --- a/roots.h +++ b/roots.h @@ -19,10 +19,6 @@ #include "common.h" -#ifdef __cplusplus -extern "C" { -#endif - // Load and parse volume data from /etc/recovery.fstab. void load_volume_table(); @@ -33,7 +29,10 @@ Volume* volume_for_path(const char* path); // success (volume is mounted). int ensure_path_mounted(const char* path); -// Make sure that the volume 'path' is on is mounted. Returns 0 on +// Similar to ensure_path_mounted, but allows one to specify the mount_point. +int ensure_path_mounted_at(const char* path, const char* mount_point); + +// Make sure that the volume 'path' is on is unmounted. Returns 0 on // success (volume is unmounted); int ensure_path_unmounted(const char* path); @@ -46,8 +45,4 @@ int format_volume(const char* volume); // mounted (/tmp and /cache) are mounted. Returns 0 on success. int setup_install_mounts(); -#ifdef __cplusplus -} -#endif - #endif // RECOVERY_ROOTS_H_ -- cgit v1.2.3 From 846c094fee9e50ed2b2e63dee17f5bafb2b9d1ce Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 2 Sep 2015 15:49:58 -0400 Subject: Add slot_suffix field to struct bootloader_message. This is needed by fs_mgr for certain A/B implementations. Change-Id: I7bb404d61198eb7a962c2b693911f5156745daae --- bootloader.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/bootloader.h b/bootloader.h index c2895dd91..fd003a076 100644 --- a/bootloader.h +++ b/bootloader.h @@ -43,6 +43,13 @@ extern "C" { * multiple times, so that the UI can reflect which invocation of the * package it is. If the value is of the format "#/#" (eg, "1/3"), * the UI will add a simple indicator of that status. + * + * The slot_suffix field is used for A/B implementations where the + * bootloader does not set the androidboot.ro.boot.slot_suffix kernel + * commandline parameter. This is used by fs_mgr to mount /system and + * other partitions with the slotselect flag set in fstab. A/B + * implementations are free to use all 32 bytes and may store private + * data past the first NUL-byte in this field. */ struct bootloader_message { char command[32]; @@ -55,7 +62,8 @@ struct bootloader_message { // stage string (for multistage packages) and possible future // expansion. char stage[32]; - char reserved[224]; + char slot_suffix[32]; + char reserved[192]; }; /* Read and write the bootloader command from the "misc" partition. -- cgit v1.2.3 From 9f4fdb3def9264a80e05e473ac67ddc19c1a6ef2 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Fri, 20 Nov 2015 13:03:24 -0800 Subject: Track name change from adb_main to adb_server_main. Change-Id: I835805348a9817c81639ad8471e3b49cae93c107 --- minadbd/adb_main.cpp | 2 +- recovery.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/minadbd/adb_main.cpp b/minadbd/adb_main.cpp index c968204b2..0694280cb 100644 --- a/minadbd/adb_main.cpp +++ b/minadbd/adb_main.cpp @@ -25,7 +25,7 @@ #include "adb_auth.h" #include "transport.h" -int adb_main(int is_daemon, int server_port, int /* reply_fd */) { +int adb_server_main(int is_daemon, int server_port, int /* reply_fd */) { adb_device_banner = "sideload"; signal(SIGPIPE, SIG_IGN); diff --git a/recovery.cpp b/recovery.cpp index 5f3bfca43..aaca3e0fb 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -1015,7 +1015,7 @@ main(int argc, char **argv) { // only way recovery should be run with this argument is when it // starts a copy of itself from the apply_from_adb() function. if (argc == 2 && strcmp(argv[1], "--adbd") == 0) { - adb_main(0, DEFAULT_ADB_PORT, -1); + adb_server_main(0, DEFAULT_ADB_PORT, -1); return 0; } -- cgit v1.2.3 From f2448d0cd5c1e3d31b4692f559a33bd1951779bc Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 2 Dec 2015 14:00:54 -0800 Subject: Remove the building rules for applypatch_static. The CL in [1] has stopped building and packaging the obsolete applypatch_static tool. [1]: commit a04fca31bf1fadcdf982090c942ccbe4d9b95c71 Bug: 24621915 Change-Id: I5e98951ad7ea5c2a7b351af732fd6722763f59bd --- applypatch/Android.mk | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/applypatch/Android.mk b/applypatch/Android.mk index cc17a13ae..93a272997 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -38,19 +38,6 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) -LOCAL_CLANG := true -LOCAL_SRC_FILES := main.cpp -LOCAL_MODULE := applypatch_static -LOCAL_FORCE_STATIC_EXECUTABLE := true -LOCAL_MODULE_TAGS := eng -LOCAL_C_INCLUDES += bootable/recovery -LOCAL_STATIC_LIBRARIES += libapplypatch libbase libmtdutils libmincrypt libbz -LOCAL_STATIC_LIBRARIES += libz libcutils libc - -include $(BUILD_EXECUTABLE) - -include $(CLEAR_VARS) - LOCAL_CLANG := true LOCAL_SRC_FILES := imgdiff.cpp utils.cpp bsdiff.cpp LOCAL_MODULE := imgdiff -- cgit v1.2.3 From 4b166f0e69d46858ff998414da2a01e0266fa339 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Fri, 4 Dec 2015 15:30:20 -0800 Subject: Track rename from base/ to android-base/. Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f --- applypatch/applypatch.cpp | 2 +- recovery.cpp | 4 ++-- screen_ui.cpp | 4 ++-- uncrypt/uncrypt.cpp | 4 ++-- updater/blockimg.cpp | 4 ++-- updater/install.cpp | 6 +++--- wear_ui.cpp | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 1767761a8..f9425af93 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -25,7 +25,7 @@ #include #include -#include +#include #include "mincrypt/sha.h" #include "applypatch.h" diff --git a/recovery.cpp b/recovery.cpp index aaca3e0fb..dace52f98 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -34,8 +34,8 @@ #include #include -#include -#include +#include +#include #include #include diff --git a/screen_ui.cpp b/screen_ui.cpp index f2fda2fb5..23fc90154 100644 --- a/screen_ui.cpp +++ b/screen_ui.cpp @@ -30,8 +30,8 @@ #include -#include -#include +#include +#include #include #include "common.h" diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 4956cc297..482504192 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -53,8 +53,8 @@ #include -#include -#include +#include +#include #include #include #include diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index dd6cf0d96..a9d8cc68c 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -37,8 +37,8 @@ #include #include -#include -#include +#include +#include #include "applypatch/applypatch.h" #include "edify/expr.h" diff --git a/updater/install.cpp b/updater/install.cpp index 97e390560..e2b3db7ce 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -34,9 +34,9 @@ #include #include -#include -#include -#include +#include +#include +#include #include "bootloader.h" #include "applypatch/applypatch.h" diff --git a/wear_ui.cpp b/wear_ui.cpp index 55b7afc8f..3ee38e8a4 100644 --- a/wear_ui.cpp +++ b/wear_ui.cpp @@ -35,7 +35,7 @@ #include "wear_ui.h" #include "ui.h" #include "cutils/properties.h" -#include "base/strings.h" +#include "android-base/strings.h" static int char_width; static int char_height; -- cgit v1.2.3 From baad2d454dc07ce916442987a2908a93fe6ae298 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Sun, 6 Dec 2015 16:56:27 -0800 Subject: updater: Replace strtok() with android::base::Split(). Change-Id: I36346fa199a3261da1ae1bc310b3557fe1716d96 --- updater/blockimg.cpp | 277 ++++++++++++++++++++++++++------------------------- 1 file changed, 144 insertions(+), 133 deletions(-) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index a9d8cc68c..50067d479 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -65,16 +65,9 @@ struct RangeSet { std::vector pos; // Actual limit is INT_MAX. }; -static void parse_range(const char* range_text, RangeSet& rs) { - - if (range_text == nullptr) { - fprintf(stderr, "failed to parse range: null range\n"); - exit(1); - } - - std::vector pieces = android::base::Split(std::string(range_text), ","); - long int val; +static void parse_range(const std::string& range_text, RangeSet& rs) { + std::vector pieces = android::base::Split(range_text, ","); if (pieces.size() < 3) { goto err; } @@ -120,7 +113,7 @@ static void parse_range(const char* range_text, RangeSet& rs) { return; err: - fprintf(stderr, "failed to parse range '%s'\n", range_text); + fprintf(stderr, "failed to parse range '%s'\n", range_text.c_str()); exit(1); } @@ -360,25 +353,49 @@ static int WriteBlocks(const RangeSet& tgt, const std::vector& buffer, return 0; } +// Parameters for transfer list command functions +struct CommandParameters { + std::vector tokens; + size_t cpos; + const char* cmdname; + const char* cmdline; + std::string freestash; + std::string stashbase; + bool canwrite; + int createdstash; + int fd; + bool foundwrites; + bool isunresumable; + int version; + size_t written; + NewThreadInfo nti; + pthread_t thread; + std::vector buffer; + uint8_t* patch_start; +}; + // Do a source/target load for move/bsdiff/imgdiff in version 1. -// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect -// to parse the remainder of the string as: +// We expect to parse the remainder of the parameter tokens as: // // // // The source range is loaded into the provided buffer, reallocating // it to make it larger if necessary. -static int LoadSrcTgtVersion1(char** wordsave, RangeSet& tgt, size_t& src_blocks, +static int LoadSrcTgtVersion1(CommandParameters& params, RangeSet& tgt, size_t& src_blocks, std::vector& buffer, int fd) { + + if (params.cpos + 1 >= params.tokens.size()) { + fprintf(stderr, "invalid parameters\n"); + return -1; + } + // - char* word = strtok_r(nullptr, " ", wordsave); RangeSet src; - parse_range(word, src); + parse_range(params.tokens[params.cpos++], src); // - word = strtok_r(nullptr, " ", wordsave); - parse_range(word, tgt); + parse_range(params.tokens[params.cpos++], tgt); allocate(src.size * BLOCKSIZE, buffer); int rc = ReadBlocks(src, buffer, fd); @@ -694,18 +711,15 @@ static int CreateStash(State* state, int maxblocks, const char* blockdev, std::s return 0; // Using existing directory } -static int SaveStash(const std::string& base, char** wordsave, std::vector& buffer, - int fd, bool usehash) { - if (!wordsave) { - return -1; - } +static int SaveStash(CommandParameters& params, const std::string& base, + std::vector& buffer, int fd, bool usehash) { - char *id_tok = strtok_r(nullptr, " ", wordsave); - if (id_tok == nullptr) { - fprintf(stderr, "missing id field in stash command\n"); + // + if (params.cpos + 1 >= params.tokens.size()) { + fprintf(stderr, "missing id and/or src range fields in stash command\n"); return -1; } - std::string id(id_tok); + const std::string& id = params.tokens[params.cpos++]; size_t blocks = 0; if (usehash && LoadStash(base, id, true, &blocks, buffer, false) == 0) { @@ -715,9 +729,8 @@ static int SaveStash(const std::string& base, char** wordsave, std::vector& dest, const RangeSet& locs, } // Do a source/target load for move/bsdiff/imgdiff in version 2. -// 'wordsave' is the save_ptr of a strtok_r()-in-progress. We expect -// to parse the remainder of the string as one of: +// We expect to parse the remainder of the parameter tokens as one of: // // // (loads data from source image only) @@ -785,25 +796,35 @@ static void MoveRange(std::vector& dest, const RangeSet& locs, // reallocated if needed to accommodate the source data. *tgt is the // target RangeSet. Any stashes required are loaded using LoadStash. -static int LoadSrcTgtVersion2(char** wordsave, RangeSet& tgt, size_t& src_blocks, +static int LoadSrcTgtVersion2(CommandParameters& params, RangeSet& tgt, size_t& src_blocks, std::vector& buffer, int fd, const std::string& stashbase, bool* overlap) { + + // At least it needs to provide three parameters: , + // and "-"/. + if (params.cpos + 2 >= params.tokens.size()) { + fprintf(stderr, "invalid parameters\n"); + return -1; + } + // - char* word = strtok_r(nullptr, " ", wordsave); - parse_range(word, tgt); + parse_range(params.tokens[params.cpos++], tgt); // - word = strtok_r(nullptr, " ", wordsave); - android::base::ParseUint(word, &src_blocks); + const std::string& token = params.tokens[params.cpos++]; + if (!android::base::ParseUint(token.c_str(), &src_blocks)) { + fprintf(stderr, "invalid src_block_count \"%s\"\n", token.c_str()); + return -1; + } allocate(src_blocks * BLOCKSIZE, buffer); // "-" or [] - word = strtok_r(nullptr, " ", wordsave); - if (word[0] == '-' && word[1] == '\0') { + if (params.tokens[params.cpos] == "-") { // no source ranges, only stashes + params.cpos++; } else { RangeSet src; - parse_range(word, src); + parse_range(params.tokens[params.cpos++], src); int res = ReadBlocks(src, buffer, fd); if (overlap) { @@ -814,39 +835,39 @@ static int LoadSrcTgtVersion2(char** wordsave, RangeSet& tgt, size_t& src_blocks return -1; } - word = strtok_r(nullptr, " ", wordsave); - if (word == nullptr) { + if (params.cpos >= params.tokens.size()) { // no stashes, only source range return 0; } RangeSet locs; - parse_range(word, locs); + parse_range(params.tokens[params.cpos++], locs); MoveRange(buffer, locs, buffer); } - // <[stash_id:stash-range]> - char* colonsave; - while ((word = strtok_r(nullptr, " ", wordsave)) != nullptr) { + // <[stash_id:stash_range]> + while (params.cpos < params.tokens.size()) { // Each word is a an index into the stash table, a colon, and // then a rangeset describing where in the source block that // stashed data should go. - colonsave = nullptr; - char* colon = strtok_r(word, ":", &colonsave); + std::vector tokens = android::base::Split(params.tokens[params.cpos++], ":"); + if (tokens.size() != 2) { + fprintf(stderr, "invalid parameter\n"); + return -1; + } std::vector stash; - int res = LoadStash(stashbase, std::string(colon), false, nullptr, stash, true); + int res = LoadStash(stashbase, tokens[0], false, nullptr, stash, true); if (res == -1) { // These source blocks will fail verification if used later, but we // will let the caller decide if this is a fatal failure - fprintf(stderr, "failed to load stash %s\n", colon); + fprintf(stderr, "failed to load stash %s\n", tokens[0].c_str()); continue; } - colon = strtok_r(nullptr, ":", &colonsave); RangeSet locs; - parse_range(colon, locs); + parse_range(tokens[1], locs); MoveRange(buffer, locs, stash); } @@ -854,25 +875,6 @@ static int LoadSrcTgtVersion2(char** wordsave, RangeSet& tgt, size_t& src_blocks return 0; } -// Parameters for transfer list command functions -struct CommandParameters { - char* cmdname; - char* cpos; - char* freestash; - std::string stashbase; - bool canwrite; - int createdstash; - int fd; - bool foundwrites; - bool isunresumable; - int version; - size_t written; - NewThreadInfo nti; - pthread_t thread; - std::vector buffer; - uint8_t* patch_start; -}; - // Do a source/target load for move/bsdiff/imgdiff in version 3. // // Parameters are the same as for LoadSrcTgtVersion2, except for 'onehash', which @@ -893,26 +895,26 @@ struct CommandParameters { static int LoadSrcTgtVersion3(CommandParameters& params, RangeSet& tgt, size_t& src_blocks, bool onehash, bool& overlap) { - char* srchash = strtok_r(nullptr, " ", ¶ms.cpos); - if (srchash == nullptr) { + if (params.cpos >= params.tokens.size()) { fprintf(stderr, "missing source hash\n"); return -1; } - char* tgthash = nullptr; + std::string srchash = params.tokens[params.cpos++]; + std::string tgthash; + if (onehash) { tgthash = srchash; } else { - tgthash = strtok_r(nullptr, " ", ¶ms.cpos); - - if (tgthash == nullptr) { + if (params.cpos >= params.tokens.size()) { fprintf(stderr, "missing target hash\n"); return -1; } + tgthash = params.tokens[params.cpos++]; } - if (LoadSrcTgtVersion2(¶ms.cpos, tgt, src_blocks, params.buffer, params.fd, - params.stashbase, &overlap) == -1) { + if (LoadSrcTgtVersion2(params, tgt, src_blocks, params.buffer, params.fd, params.stashbase, + &overlap) == -1) { return -1; } @@ -931,7 +933,8 @@ static int LoadSrcTgtVersion3(CommandParameters& params, RangeSet& tgt, size_t& // If source and target blocks overlap, stash the source blocks so we can // resume from possible write errors if (overlap) { - fprintf(stderr, "stashing %zu overlapping blocks to %s\n", src_blocks, srchash); + fprintf(stderr, "stashing %zu overlapping blocks to %s\n", src_blocks, + srchash.c_str()); bool stash_exists = false; if (WriteStash(params.stashbase, srchash, src_blocks, params.buffer, true, @@ -971,9 +974,9 @@ static int PerformCommandMove(CommandParameters& params) { RangeSet tgt; if (params.version == 1) { - status = LoadSrcTgtVersion1(¶ms.cpos, tgt, blocks, params.buffer, params.fd); + status = LoadSrcTgtVersion1(params, tgt, blocks, params.buffer, params.fd); } else if (params.version == 2) { - status = LoadSrcTgtVersion2(¶ms.cpos, tgt, blocks, params.buffer, params.fd, + status = LoadSrcTgtVersion2(params, tgt, blocks, params.buffer, params.fd, params.stashbase, nullptr); } else if (params.version >= 3) { status = LoadSrcTgtVersion3(params, tgt, blocks, true, overlap); @@ -1003,9 +1006,9 @@ static int PerformCommandMove(CommandParameters& params) { } - if (params.freestash) { + if (!params.freestash.empty()) { FreeStash(params.stashbase, params.freestash); - params.freestash = nullptr; + params.freestash.clear(); } params.written += tgt.size; @@ -1014,28 +1017,33 @@ static int PerformCommandMove(CommandParameters& params) { } static int PerformCommandStash(CommandParameters& params) { - return SaveStash(params.stashbase, ¶ms.cpos, params.buffer, params.fd, + return SaveStash(params, params.stashbase, params.buffer, params.fd, (params.version >= 3)); } static int PerformCommandFree(CommandParameters& params) { + // + if (params.cpos >= params.tokens.size()) { + fprintf(stderr, "missing stash id in free command\n"); + return -1; + } + if (params.createdstash || params.canwrite) { - return FreeStash(params.stashbase, params.cpos); + return FreeStash(params.stashbase, params.tokens[params.cpos++]); } return 0; } static int PerformCommandZero(CommandParameters& params) { - char* range = strtok_r(nullptr, " ", ¶ms.cpos); - if (range == nullptr) { + if (params.cpos >= params.tokens.size()) { fprintf(stderr, "missing target blocks for zero\n"); return -1; } RangeSet tgt; - parse_range(range, tgt); + parse_range(params.tokens[params.cpos++], tgt); fprintf(stderr, " zeroing %zu blocks\n", tgt.size); @@ -1066,14 +1074,14 @@ static int PerformCommandZero(CommandParameters& params) { } static int PerformCommandNew(CommandParameters& params) { - char* range = strtok_r(nullptr, " ", ¶ms.cpos); - if (range == nullptr) { + if (params.cpos >= params.tokens.size()) { + fprintf(stderr, "missing target blocks for new\n"); return -1; } RangeSet tgt; - parse_range(range, tgt); + parse_range(params.tokens[params.cpos++], tgt); if (params.canwrite) { fprintf(stderr, " writing %zu blocks of new data\n", tgt.size); @@ -1105,33 +1113,32 @@ static int PerformCommandNew(CommandParameters& params) { static int PerformCommandDiff(CommandParameters& params) { - const std::string logparams(params.cpos); - char* value = strtok_r(nullptr, " ", ¶ms.cpos); - - if (value == nullptr) { - fprintf(stderr, "missing patch offset for %s\n", params.cmdname); + // + if (params.cpos + 1 >= params.tokens.size()) { + fprintf(stderr, "missing patch offset or length for %s\n", params.cmdname); return -1; } - size_t offset = strtoul(value, nullptr, 0); - - value = strtok_r(nullptr, " ", ¶ms.cpos); - - if (value == nullptr) { - fprintf(stderr, "missing patch length for %s\n", params.cmdname); + size_t offset; + if (!android::base::ParseUint(params.tokens[params.cpos++].c_str(), &offset)) { + fprintf(stderr, "invalid patch offset\n"); return -1; } - size_t len = strtoul(value, nullptr, 0); + size_t len; + if (!android::base::ParseUint(params.tokens[params.cpos++].c_str(), &len)) { + fprintf(stderr, "invalid patch offset\n"); + return -1; + } RangeSet tgt; size_t blocks = 0; bool overlap = false; int status = 0; if (params.version == 1) { - status = LoadSrcTgtVersion1(¶ms.cpos, tgt, blocks, params.buffer, params.fd); + status = LoadSrcTgtVersion1(params, tgt, blocks, params.buffer, params.fd); } else if (params.version == 2) { - status = LoadSrcTgtVersion2(¶ms.cpos, tgt, blocks, params.buffer, params.fd, + status = LoadSrcTgtVersion2(params, tgt, blocks, params.buffer, params.fd, params.stashbase, nullptr); } else if (params.version >= 3) { status = LoadSrcTgtVersion3(params, tgt, blocks, false, overlap); @@ -1180,13 +1187,13 @@ static int PerformCommandDiff(CommandParameters& params) { } } else { fprintf(stderr, "skipping %zu blocks already patched to %zu [%s]\n", - blocks, tgt.size, logparams.c_str()); + blocks, tgt.size, params.cmdline); } } - if (params.freestash) { + if (!params.freestash.empty()) { FreeStash(params.stashbase, params.freestash); - params.freestash = nullptr; + params.freestash.clear(); } params.written += tgt.size; @@ -1210,15 +1217,13 @@ static int PerformCommandErase(CommandParameters& params) { return -1; } - char* range = strtok_r(nullptr, " ", ¶ms.cpos); - - if (range == nullptr) { + if (params.cpos >= params.tokens.size()) { fprintf(stderr, "missing target blocks for erase\n"); return -1; } RangeSet tgt; - parse_range(range, tgt); + parse_range(params.tokens[params.cpos++], tgt); if (params.canwrite) { fprintf(stderr, " erasing %zu blocks\n", tgt.size); @@ -1278,7 +1283,6 @@ static unsigned int HashString(const char *s) { static Value* PerformBlockImageUpdate(const char* name, State* state, int /* argc */, Expr* argv[], const Command* commands, size_t cmdcount, bool dryrun) { - CommandParameters params; memset(¶ms, 0, sizeof(params)); params.canwrite = !dryrun; @@ -1368,10 +1372,14 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg } } - // The data in transfer_list_value is not necessarily null-terminated, so we need - // to copy it to a new buffer and add the null that strtok_r will need. + // Copy all the lines in transfer_list_value into std::string for + // processing. const std::string transfer_list(transfer_list_value->data, transfer_list_value->size); std::vector lines = android::base::Split(transfer_list, "\n"); + if (lines.size() < 2) { + ErrorAbort(state, "too few lines in the transfer list [%zd]\n", lines.size()); + return StringValue(strdup("")); + } // First line in transfer list is the version number if (!android::base::ParseInt(lines[0].c_str(), ¶ms.version, 1, 4)) { @@ -1394,6 +1402,11 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg size_t start = 2; if (params.version >= 2) { + if (lines.size() < 4) { + ErrorAbort(state, "too few lines in the transfer list [%zu]\n", lines.size()); + return StringValue(strdup("")); + } + // Third line is how many stash entries are needed simultaneously fprintf(stderr, "maximum stash entries %s\n", lines[2].c_str()); @@ -1405,7 +1418,6 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg } int res = CreateStash(state, stash_max_blocks, blockdev_filename->data, params.stashbase); - if (res == -1) { return StringValue(strdup("")); } @@ -1433,17 +1445,15 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg continue; } - char* line = strdup(line_str.c_str()); - params.cmdname = strtok_r(line, " ", ¶ms.cpos); - - if (params.cmdname == nullptr) { - fprintf(stderr, "missing command [%s]\n", line); - goto pbiudone; - } + params.tokens = android::base::Split(line_str, " "); + params.cpos = 0; + params.cmdname = params.tokens[params.cpos++].c_str(); + params.cmdline = line_str.c_str(); unsigned int cmdhash = HashString(params.cmdname); const Command* cmd = reinterpret_cast(mzHashTableLookup(cmdht, cmdhash, - params.cmdname, CompareCommandNames, false)); + const_cast(params.cmdname), CompareCommandNames, + false)); if (cmd == nullptr) { fprintf(stderr, "unexpected command [%s]\n", params.cmdname); @@ -1481,12 +1491,10 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg rc = 0; pbiudone: - if (params.fd != -1) { - if (fsync(params.fd) == -1) { - fprintf(stderr, "fsync failed: %s\n", strerror(errno)); - } - close(params.fd); + if (fsync(params.fd) == -1) { + fprintf(stderr, "fsync failed: %s\n", strerror(errno)); } + // params.fd will be automatically closed because of the fd_holder above. // Only delete the stash if the update cannot be resumed, or it's // a verification run and we created the stash. @@ -1526,6 +1534,9 @@ pbiudone: // - (version 2+ only) load the given source range and stash // the data in the given slot of the stash table. // +// free +// - (version 3+ only) free the given stash data. +// // The creator of the transfer list will guarantee that no block // is read (ie, used as the source for a patch or move) after it // has been written. @@ -1692,7 +1703,7 @@ Value* BlockImageRecoverFn(const char* name, State* state, int argc, Expr* argv[ } if (fh.pread(buffer, BLOCKSIZE, (off64_t)j * BLOCKSIZE) != BLOCKSIZE) { - ErrorAbort(state, "failed to recover %s (block %d): %s", filename->data, + ErrorAbort(state, "failed to recover %s (block %zu): %s", filename->data, j, strerror(errno)); return StringValue(strdup("")); } -- cgit v1.2.3 From 1171d3a12b13ca3f1d4301985cf068076e55ae26 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Sat, 5 Dec 2015 21:21:27 -0800 Subject: Add update_verifier for A/B OTA update. update_verifier checks the integrity of the updated system and vendor partitions on the first boot post an A/B OTA update. It marks the current slot as having booted successfully if it passes the verification. This CL doesn't perform any actual verification work which will be addressed in follow-up CLs. Bug: 26039641 Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42 --- Android.mk | 1 + update_verifier/Android.mk | 24 +++++++++++ update_verifier/update_verifier.cpp | 84 +++++++++++++++++++++++++++++++++++++ 3 files changed, 109 insertions(+) create mode 100644 update_verifier/Android.mk create mode 100644 update_verifier/update_verifier.cpp diff --git a/Android.mk b/Android.mk index e43d55f66..c2896f3fc 100644 --- a/Android.mk +++ b/Android.mk @@ -134,4 +134,5 @@ include $(LOCAL_PATH)/minui/Android.mk \ $(LOCAL_PATH)/edify/Android.mk \ $(LOCAL_PATH)/uncrypt/Android.mk \ $(LOCAL_PATH)/updater/Android.mk \ + $(LOCAL_PATH)/update_verifier/Android.mk \ $(LOCAL_PATH)/applypatch/Android.mk diff --git a/update_verifier/Android.mk b/update_verifier/Android.mk new file mode 100644 index 000000000..0bb054777 --- /dev/null +++ b/update_verifier/Android.mk @@ -0,0 +1,24 @@ +# Copyright (C) 2015 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +LOCAL_PATH := $(call my-dir) + +include $(CLEAR_VARS) + +LOCAL_CLANG := true +LOCAL_SRC_FILES := update_verifier.cpp +LOCAL_MODULE := update_verifier +LOCAL_SHARED_LIBRARIES := libcutils libhardware + +include $(BUILD_EXECUTABLE) diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp new file mode 100644 index 000000000..9ba792b86 --- /dev/null +++ b/update_verifier/update_verifier.cpp @@ -0,0 +1,84 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * This program verifies the integrity of the partitions after an A/B OTA + * update. It gets invoked by init, and will only perform the verification if + * it's the first boot post an A/B OTA update. + * + * It relies on dm-verity to capture any corruption on the partitions being + * verified. dm-verity must be in enforcing mode, so that it will reboot the + * device on dm-verity failures. When that happens, the bootloader should + * mark the slot as unbootable and stops trying. We should never see a device + * started in dm-verity logging mode but with isSlotBootable equals to 0. + * + * The current slot will be marked as having booted successfully if the + * verifier reaches the end after the verification. + * + * TODO: The actual verification part will be added later after we have the + * A/B OTA package format in place. + */ + +#include +#include + +#include + +#define LOG_TAG "update_verifier" +#define INFO(x...) KLOG_INFO(LOG_TAG, x) +#define ERROR(x...) KLOG_ERROR(LOG_TAG, x) + +int main(int argc, char** argv) { + klog_init(); + klog_set_level(6); + for (int i = 1; i < argc; i++) { + INFO("Started with arg %d: %s\n", i, argv[i]); + } + + const hw_module_t* hw_module; + if (hw_get_module("bootctrl", &hw_module) != 0) { + ERROR("Error getting bootctrl module.\n"); + return -1; + } + + boot_control_module_t* module = reinterpret_cast( + const_cast(hw_module)); + module->init(module); + + unsigned current_slot = module->getCurrentSlot(module); + int bootable = module->isSlotBootable(module, current_slot); + INFO("Booting slot %u: isSlotBootable=%d\n", current_slot, bootable); + + if (bootable == 0) { + // The current slot has not booted successfully. + + // TODO: Add the actual verification after we have the A/B OTA package + // format in place. + + // TODO: Assert the dm-verity mode. Bootloader should never boot a newly + // flashed slot (isSlotBootable == 0) with dm-verity logging mode. + + int ret = module->markBootSuccessful(module); + if (ret != 0) { + ERROR("Error marking booted successfully: %s\n", strerror(-ret)); + return -1; + } + INFO("Marked slot %u as booted successfully.\n", current_slot); + } + + INFO("Leaving update_verifier.\n"); + return 0; +} -- cgit v1.2.3 From 45eac58ef188679f6df2d80efc0391c6d7904cd8 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Mon, 7 Dec 2015 17:04:58 -0800 Subject: update_verifier: Log to logd instead of kernel log. logd already gets started before we call update_verifier. Bug: 26039641 Change-Id: If00669a77bf9a6e5534e33f4e50b42eabba2667a --- update_verifier/Android.mk | 2 +- update_verifier/update_verifier.cpp | 18 +++++++----------- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/update_verifier/Android.mk b/update_verifier/Android.mk index 0bb054777..7f28bcedc 100644 --- a/update_verifier/Android.mk +++ b/update_verifier/Android.mk @@ -19,6 +19,6 @@ include $(CLEAR_VARS) LOCAL_CLANG := true LOCAL_SRC_FILES := update_verifier.cpp LOCAL_MODULE := update_verifier -LOCAL_SHARED_LIBRARIES := libcutils libhardware +LOCAL_SHARED_LIBRARIES := libhardware liblog include $(BUILD_EXECUTABLE) diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp index 9ba792b86..5e8881571 100644 --- a/update_verifier/update_verifier.cpp +++ b/update_verifier/update_verifier.cpp @@ -32,25 +32,21 @@ * A/B OTA package format in place. */ -#include #include #include #define LOG_TAG "update_verifier" -#define INFO(x...) KLOG_INFO(LOG_TAG, x) -#define ERROR(x...) KLOG_ERROR(LOG_TAG, x) +#include int main(int argc, char** argv) { - klog_init(); - klog_set_level(6); for (int i = 1; i < argc; i++) { - INFO("Started with arg %d: %s\n", i, argv[i]); + SLOGI("Started with arg %d: %s\n", i, argv[i]); } const hw_module_t* hw_module; if (hw_get_module("bootctrl", &hw_module) != 0) { - ERROR("Error getting bootctrl module.\n"); + SLOGE("Error getting bootctrl module.\n"); return -1; } @@ -60,7 +56,7 @@ int main(int argc, char** argv) { unsigned current_slot = module->getCurrentSlot(module); int bootable = module->isSlotBootable(module, current_slot); - INFO("Booting slot %u: isSlotBootable=%d\n", current_slot, bootable); + SLOGI("Booting slot %u: isSlotBootable=%d\n", current_slot, bootable); if (bootable == 0) { // The current slot has not booted successfully. @@ -73,12 +69,12 @@ int main(int argc, char** argv) { int ret = module->markBootSuccessful(module); if (ret != 0) { - ERROR("Error marking booted successfully: %s\n", strerror(-ret)); + SLOGE("Error marking booted successfully: %s\n", strerror(-ret)); return -1; } - INFO("Marked slot %u as booted successfully.\n", current_slot); + SLOGI("Marked slot %u as booted successfully.\n", current_slot); } - INFO("Leaving update_verifier.\n"); + SLOGI("Leaving update_verifier.\n"); return 0; } -- cgit v1.2.3 From 7197ee0e39bebea3a1bbe5d980f4dbf1cfe58136 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Sat, 5 Dec 2015 21:21:27 -0800 Subject: Add update_verifier for A/B OTA update. update_verifier checks the integrity of the updated system and vendor partitions on the first boot post an A/B OTA update. It marks the current slot as having booted successfully if it passes the verification. This CL doesn't perform any actual verification work which will be addressed in follow-up CLs. Bug: 26039641 Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42 (cherry picked from commit 1171d3a12b13ca3f1d4301985cf068076e55ae26) --- Android.mk | 1 + update_verifier/Android.mk | 24 +++++++++++ update_verifier/update_verifier.cpp | 84 +++++++++++++++++++++++++++++++++++++ 3 files changed, 109 insertions(+) create mode 100644 update_verifier/Android.mk create mode 100644 update_verifier/update_verifier.cpp diff --git a/Android.mk b/Android.mk index 22e78027e..602a85673 100644 --- a/Android.mk +++ b/Android.mk @@ -136,4 +136,5 @@ include $(LOCAL_PATH)/minui/Android.mk \ $(LOCAL_PATH)/edify/Android.mk \ $(LOCAL_PATH)/uncrypt/Android.mk \ $(LOCAL_PATH)/updater/Android.mk \ + $(LOCAL_PATH)/update_verifier/Android.mk \ $(LOCAL_PATH)/applypatch/Android.mk diff --git a/update_verifier/Android.mk b/update_verifier/Android.mk new file mode 100644 index 000000000..0bb054777 --- /dev/null +++ b/update_verifier/Android.mk @@ -0,0 +1,24 @@ +# Copyright (C) 2015 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +LOCAL_PATH := $(call my-dir) + +include $(CLEAR_VARS) + +LOCAL_CLANG := true +LOCAL_SRC_FILES := update_verifier.cpp +LOCAL_MODULE := update_verifier +LOCAL_SHARED_LIBRARIES := libcutils libhardware + +include $(BUILD_EXECUTABLE) diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp new file mode 100644 index 000000000..9ba792b86 --- /dev/null +++ b/update_verifier/update_verifier.cpp @@ -0,0 +1,84 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * This program verifies the integrity of the partitions after an A/B OTA + * update. It gets invoked by init, and will only perform the verification if + * it's the first boot post an A/B OTA update. + * + * It relies on dm-verity to capture any corruption on the partitions being + * verified. dm-verity must be in enforcing mode, so that it will reboot the + * device on dm-verity failures. When that happens, the bootloader should + * mark the slot as unbootable and stops trying. We should never see a device + * started in dm-verity logging mode but with isSlotBootable equals to 0. + * + * The current slot will be marked as having booted successfully if the + * verifier reaches the end after the verification. + * + * TODO: The actual verification part will be added later after we have the + * A/B OTA package format in place. + */ + +#include +#include + +#include + +#define LOG_TAG "update_verifier" +#define INFO(x...) KLOG_INFO(LOG_TAG, x) +#define ERROR(x...) KLOG_ERROR(LOG_TAG, x) + +int main(int argc, char** argv) { + klog_init(); + klog_set_level(6); + for (int i = 1; i < argc; i++) { + INFO("Started with arg %d: %s\n", i, argv[i]); + } + + const hw_module_t* hw_module; + if (hw_get_module("bootctrl", &hw_module) != 0) { + ERROR("Error getting bootctrl module.\n"); + return -1; + } + + boot_control_module_t* module = reinterpret_cast( + const_cast(hw_module)); + module->init(module); + + unsigned current_slot = module->getCurrentSlot(module); + int bootable = module->isSlotBootable(module, current_slot); + INFO("Booting slot %u: isSlotBootable=%d\n", current_slot, bootable); + + if (bootable == 0) { + // The current slot has not booted successfully. + + // TODO: Add the actual verification after we have the A/B OTA package + // format in place. + + // TODO: Assert the dm-verity mode. Bootloader should never boot a newly + // flashed slot (isSlotBootable == 0) with dm-verity logging mode. + + int ret = module->markBootSuccessful(module); + if (ret != 0) { + ERROR("Error marking booted successfully: %s\n", strerror(-ret)); + return -1; + } + INFO("Marked slot %u as booted successfully.\n", current_slot); + } + + INFO("Leaving update_verifier.\n"); + return 0; +} -- cgit v1.2.3 From 740e01e2bd5dae3f77191699636a1d6b51f436f0 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Mon, 7 Dec 2015 17:04:58 -0800 Subject: update_verifier: Log to logd instead of kernel log. logd already gets started before we call update_verifier. Bug: 26039641 Change-Id: If00669a77bf9a6e5534e33f4e50b42eabba2667a (cherry picked from commit 45eac58ef188679f6df2d80efc0391c6d7904cd8) --- update_verifier/Android.mk | 2 +- update_verifier/update_verifier.cpp | 18 +++++++----------- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/update_verifier/Android.mk b/update_verifier/Android.mk index 0bb054777..7f28bcedc 100644 --- a/update_verifier/Android.mk +++ b/update_verifier/Android.mk @@ -19,6 +19,6 @@ include $(CLEAR_VARS) LOCAL_CLANG := true LOCAL_SRC_FILES := update_verifier.cpp LOCAL_MODULE := update_verifier -LOCAL_SHARED_LIBRARIES := libcutils libhardware +LOCAL_SHARED_LIBRARIES := libhardware liblog include $(BUILD_EXECUTABLE) diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp index 9ba792b86..5e8881571 100644 --- a/update_verifier/update_verifier.cpp +++ b/update_verifier/update_verifier.cpp @@ -32,25 +32,21 @@ * A/B OTA package format in place. */ -#include #include #include #define LOG_TAG "update_verifier" -#define INFO(x...) KLOG_INFO(LOG_TAG, x) -#define ERROR(x...) KLOG_ERROR(LOG_TAG, x) +#include int main(int argc, char** argv) { - klog_init(); - klog_set_level(6); for (int i = 1; i < argc; i++) { - INFO("Started with arg %d: %s\n", i, argv[i]); + SLOGI("Started with arg %d: %s\n", i, argv[i]); } const hw_module_t* hw_module; if (hw_get_module("bootctrl", &hw_module) != 0) { - ERROR("Error getting bootctrl module.\n"); + SLOGE("Error getting bootctrl module.\n"); return -1; } @@ -60,7 +56,7 @@ int main(int argc, char** argv) { unsigned current_slot = module->getCurrentSlot(module); int bootable = module->isSlotBootable(module, current_slot); - INFO("Booting slot %u: isSlotBootable=%d\n", current_slot, bootable); + SLOGI("Booting slot %u: isSlotBootable=%d\n", current_slot, bootable); if (bootable == 0) { // The current slot has not booted successfully. @@ -73,12 +69,12 @@ int main(int argc, char** argv) { int ret = module->markBootSuccessful(module); if (ret != 0) { - ERROR("Error marking booted successfully: %s\n", strerror(-ret)); + SLOGE("Error marking booted successfully: %s\n", strerror(-ret)); return -1; } - INFO("Marked slot %u as booted successfully.\n", current_slot); + SLOGI("Marked slot %u as booted successfully.\n", current_slot); } - INFO("Leaving update_verifier.\n"); + SLOGI("Leaving update_verifier.\n"); return 0; } -- cgit v1.2.3 From b8df5fb90e4b7244fa7925b9706cdd218e18a2aa Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Tue, 8 Dec 2015 22:47:25 -0800 Subject: uncrypt: Suppress the compiler warnings on LP64. We have the following warnings when compiling uncrypt on LP64 (e.g. aosp_angler-userdebug). bootable/recovery/uncrypt/uncrypt.cpp:77:53: warning: format specifies type 'long long' but the argument has type 'off64_t' (aka 'long') [-Wformat] ALOGE("error seeking to offset %lld: %s\n", offset, strerror(errno)); ~~~~ ^~~~~~ %ld bootable/recovery/uncrypt/uncrypt.cpp:84:54: warning: format specifies type 'long long' but the argument has type 'unsigned long' [-Wformat] ALOGE("error writing offset %lld: %s\n", (offset + written), strerror(errno)); ~~~~ ^~~~~~~~~~~~~~~~~~ %lu bootable/recovery/uncrypt/uncrypt.cpp:246:16: warning: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'off_t' (aka 'long') [-Wsign-compare] while (pos < sb.st_size) { ~~~ ^ ~~~~~~~~~~ According to POSIX spec [1], we have: off_t and blksize_t shall be signed integer types; size_t shall be an unsigned integer type; blksize_t and size_t are no greater than the width of type long. And on Android, we always have a 64-bit st_size from stat(2) (//bionic/libc/include/sys/stat.h). Fix the type and add necessary casts to suppress the warnings. [1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_types.h.html Change-Id: I5d64d5b7919c541441176c364752de047f9ecb20 --- uncrypt/uncrypt.cpp | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 482504192..20efbe4df 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -41,6 +41,7 @@ #include #include +#include #include #include #include @@ -74,14 +75,15 @@ static struct fstab* fstab = NULL; static int write_at_offset(unsigned char* buffer, size_t size, int wfd, off64_t offset) { if (TEMP_FAILURE_RETRY(lseek64(wfd, offset, SEEK_SET)) == -1) { - ALOGE("error seeking to offset %lld: %s\n", offset, strerror(errno)); + ALOGE("error seeking to offset %" PRId64 ": %s\n", offset, strerror(errno)); return -1; } size_t written = 0; while (written < size) { ssize_t wrote = TEMP_FAILURE_RETRY(write(wfd, buffer + written, size - written)); if (wrote == -1) { - ALOGE("error writing offset %lld: %s\n", (offset + written), strerror(errno)); + ALOGE("error writing offset %" PRId64 ": %s\n", + offset + static_cast(written), strerror(errno)); return -1; } written += wrote; @@ -200,10 +202,10 @@ static int produce_block_map(const char* path, const char* map_file, const char* return -1; } - ALOGI(" block size: %ld bytes\n", (long)sb.st_blksize); + ALOGI(" block size: %ld bytes\n", static_cast(sb.st_blksize)); int blocks = ((sb.st_size-1) / sb.st_blksize) + 1; - ALOGI(" file size: %lld bytes, %d blocks\n", (long long)sb.st_size, blocks); + ALOGI(" file size: %" PRId64 " bytes, %d blocks\n", sb.st_size, blocks); int range_alloc = 1; int range_used = 1; @@ -211,8 +213,8 @@ static int produce_block_map(const char* path, const char* map_file, const char* ranges[0] = -1; ranges[1] = -1; - fprintf(mapf.get(), "%s\n%lld %lu\n", - blk_dev, (long long)sb.st_size, (unsigned long)sb.st_blksize); + fprintf(mapf.get(), "%s\n%" PRId64 " %ld\n", + blk_dev, sb.st_size, static_cast(sb.st_blksize)); unsigned char* buffers[WINDOW_SIZE]; if (encrypted) { @@ -222,7 +224,6 @@ static int produce_block_map(const char* path, const char* map_file, const char* } int head_block = 0; int head = 0, tail = 0; - size_t pos = 0; int fd = open(path, O_RDONLY); unique_fd fd_holder(fd); @@ -242,6 +243,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* } } + off64_t pos = 0; int last_progress = 0; while (pos < sb.st_size) { // Update the status file, progress must be between [0, 99]. @@ -261,7 +263,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* add_block_to_ranges(&ranges, &range_alloc, &range_used, block); if (encrypted) { if (write_at_offset(buffers[head], sb.st_blksize, wfd, - (off64_t)sb.st_blksize * block) != 0) { + static_cast(sb.st_blksize) * block) != 0) { return -1; } } @@ -272,7 +274,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* // read next block to tail if (encrypted) { size_t so_far = 0; - while (so_far < sb.st_blksize && pos < sb.st_size) { + while (so_far < static_cast(sb.st_blksize) && pos < sb.st_size) { ssize_t this_read = TEMP_FAILURE_RETRY(read(fd, buffers[tail] + so_far, sb.st_blksize - so_far)); if (this_read == -1) { @@ -301,7 +303,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* add_block_to_ranges(&ranges, &range_alloc, &range_used, block); if (encrypted) { if (write_at_offset(buffers[head], sb.st_blksize, wfd, - (off64_t)sb.st_blksize * block) != 0) { + static_cast(sb.st_blksize) * block) != 0) { return -1; } } -- cgit v1.2.3 From 612161ef1c9e36add87ba40c30bc4092786cddb6 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 9 Dec 2015 14:41:40 -0800 Subject: update_verifier: Track the API change for isSlotBootable(). [1] added a new API isSlotMarkedSuccessful() to actually query if a given slot has been marked as successful. [1]: commit 72c88c915d957bf2eba73950e7f0407b220d1ef4 Change-Id: I9155c9b9233882a295a9a6e607a844d9125e4c56 --- update_verifier/update_verifier.cpp | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp index 5e8881571..be70cec7f 100644 --- a/update_verifier/update_verifier.cpp +++ b/update_verifier/update_verifier.cpp @@ -23,7 +23,8 @@ * verified. dm-verity must be in enforcing mode, so that it will reboot the * device on dm-verity failures. When that happens, the bootloader should * mark the slot as unbootable and stops trying. We should never see a device - * started in dm-verity logging mode but with isSlotBootable equals to 0. + * started in dm-verity logging mode but with isSlotMarkedSuccessful equals to + * 0. * * The current slot will be marked as having booted successfully if the * verifier reaches the end after the verification. @@ -55,17 +56,17 @@ int main(int argc, char** argv) { module->init(module); unsigned current_slot = module->getCurrentSlot(module); - int bootable = module->isSlotBootable(module, current_slot); - SLOGI("Booting slot %u: isSlotBootable=%d\n", current_slot, bootable); + int is_successful= module->isSlotMarkedSuccessful(module, current_slot); + SLOGI("Booting slot %u: isSlotMarkedSuccessful=%d\n", current_slot, is_successful); - if (bootable == 0) { + if (is_successful == 0) { // The current slot has not booted successfully. // TODO: Add the actual verification after we have the A/B OTA package // format in place. // TODO: Assert the dm-verity mode. Bootloader should never boot a newly - // flashed slot (isSlotBootable == 0) with dm-verity logging mode. + // flashed slot (isSlotMarkedSuccessful == 0) with dm-verity logging mode. int ret = module->markBootSuccessful(module); if (ret != 0) { -- cgit v1.2.3 From b686ba211443490111729ba9d82eb0c0b305e185 Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Wed, 9 Dec 2015 15:29:45 -0800 Subject: updater: Output msg when recovery is called Output messages in log when recovery is attempted or succeeded during incremental OTA update. Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda --- updater/blockimg.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index a9d8cc68c..9a76a2428 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -1659,6 +1659,9 @@ Value* BlockImageRecoverFn(const char* name, State* state, int argc, Expr* argv[ return StringValue(strdup("")); } + // Output notice to log when recover is attempted + fprintf(stderr, "%s image corrupted, attempting to recover...\n", filename->data); + // When opened with O_RDWR, libfec rewrites corrupted blocks when they are read fec::io fh(filename->data, O_RDWR); @@ -1709,7 +1712,7 @@ Value* BlockImageRecoverFn(const char* name, State* state, int argc, Expr* argv[ // read and check if the errors field value has increased. } } - + fprintf(stderr, "...%s image recovered successfully.\n", filename->data); return StringValue(strdup("t")); } -- cgit v1.2.3 From 3b010bc393b773e4efc6f353352459386c80ca8c Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Wed, 9 Dec 2015 15:29:45 -0800 Subject: updater: Output msg when recovery is called Output messages in log when recovery is attempted or succeeded during incremental OTA update. Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda (cherry picked from commit b686ba211443490111729ba9d82eb0c0b305e185) --- updater/blockimg.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 50067d479..3b26f057a 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -1670,6 +1670,9 @@ Value* BlockImageRecoverFn(const char* name, State* state, int argc, Expr* argv[ return StringValue(strdup("")); } + // Output notice to log when recover is attempted + fprintf(stderr, "%s image corrupted, attempting to recover...\n", filename->data); + // When opened with O_RDWR, libfec rewrites corrupted blocks when they are read fec::io fh(filename->data, O_RDWR); @@ -1720,7 +1723,7 @@ Value* BlockImageRecoverFn(const char* name, State* state, int argc, Expr* argv[ // read and check if the errors field value has increased. } } - + fprintf(stderr, "...%s image recovered successfully.\n", filename->data); return StringValue(strdup("t")); } -- cgit v1.2.3 From d3cac3443096c105cf1a1985677659105902cbdd Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Mon, 14 Dec 2015 15:53:25 -0800 Subject: updater: Use O_SYNC and fsync() for package_extract_file(). We are already using O_SYNC and fsync() for the recursive case (package_extract_dir()). Make it consistent for the single-file case. Bug: 20625549 Change-Id: I487736fe5a0647dd4a2428845e76bf642e0f0dff --- updater/install.cpp | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/updater/install.cpp b/updater/install.cpp index e2b3db7ce..b09086964 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -555,14 +555,21 @@ Value* PackageExtractFileFn(const char* name, State* state, } { - FILE* f = fopen(dest_path, "wb"); - if (f == NULL) { - printf("%s: can't open %s for write: %s\n", - name, dest_path, strerror(errno)); + int fd = TEMP_FAILURE_RETRY(open(dest_path, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, + S_IRUSR | S_IWUSR)); + if (fd == -1) { + printf("%s: can't open %s for write: %s\n", name, dest_path, strerror(errno)); goto done2; } - success = mzExtractZipEntryToFile(za, entry, fileno(f)); - fclose(f); + success = mzExtractZipEntryToFile(za, entry, fd); + if (fsync(fd) == -1) { + printf("fsync of \"%s\" failed: %s\n", dest_path, strerror(errno)); + success = false; + } + if (close(fd) == -1) { + printf("close of \"%s\" failed: %s\n", dest_path, strerror(errno)); + success = false; + } } done2: -- cgit v1.2.3 From b723f4f38f53a38502abb1a63165ac0749bc9cd9 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 11 Dec 2015 15:18:51 -0800 Subject: res: Embed FPS into icon_installing.png. We allow vendor-specific icon installing image but have defined private animation_fps that can't be overridden. This CL changes the image generator to optionally embed FPS (otherwise use the default value of 20) into the generated image. For wear devices, they are using individual images instead of the interlaced one. Change the animation_fps from private to protected so that it can be customized. Bug: 26009230 Change-Id: I9fbf64ec717029d4c54f72316f6cb079e8dbfb5e --- interlace-frames.py | 79 ++++++++++++++++++++++----------- minui/minui.h | 4 +- minui/resources.cpp | 21 ++++++--- res-hdpi/images/icon_installing.png | Bin 118562 -> 129975 bytes res-mdpi/images/icon_installing.png | Bin 118562 -> 129975 bytes res-xhdpi/images/icon_installing.png | Bin 118562 -> 129975 bytes res-xxhdpi/images/icon_installing.png | Bin 118562 -> 129975 bytes res-xxxhdpi/images/icon_installing.png | Bin 118562 -> 129975 bytes screen_ui.cpp | 9 ++-- screen_ui.h | 4 +- wear_ui.cpp | 2 +- wear_ui.h | 5 ++- 12 files changed, 82 insertions(+), 42 deletions(-) diff --git a/interlace-frames.py b/interlace-frames.py index 243e565e7..3e777b470 100644 --- a/interlace-frames.py +++ b/interlace-frames.py @@ -12,42 +12,69 @@ # See the License for the specific language governing permissions and # limitations under the License. -"""Script to take a set of frames (PNG files) for a recovery animation -and turn it into a single output image which contains the input frames -interlaced by row. Run with the names of all the input frames on the -command line, in order, followed by the name of the output file.""" +""" +Script to take a set of frames (PNG files) for a recovery animation and turn +it into a single output image which contains the input frames interlaced by +row. Run with the names of all the input frames on the command line. Specify +the name of the output file with -o (or --output), and optionally specify the +number of frames per second (FPS) with --fps (default: 20). +e.g. +interlace-frames.py --fps 20 --output output.png frame0.png frame1.png frame3.png +""" + +from __future__ import print_function + +import argparse import sys try: import Image import PngImagePlugin except ImportError: - print "This script requires the Python Imaging Library to be installed." + print("This script requires the Python Imaging Library to be installed.") sys.exit(1) -frames = [Image.open(fn).convert("RGB") for fn in sys.argv[1:-1]] -assert len(frames) > 0, "Must have at least one input frame." -sizes = set() -for fr in frames: - sizes.add(fr.size) -assert len(sizes) == 1, "All input images must have the same size." -w, h = sizes.pop() -N = len(frames) +def interlace(output, fps, inputs): + frames = [Image.open(fn).convert("RGB") for fn in inputs] + assert len(frames) > 0, "Must have at least one input frame." + sizes = set() + for fr in frames: + sizes.add(fr.size) + + assert len(sizes) == 1, "All input images must have the same size." + w, h = sizes.pop() + N = len(frames) + + out = Image.new("RGB", (w, h*N)) + for j in range(h): + for i in range(w): + for fn, f in enumerate(frames): + out.putpixel((i, j*N+fn), f.getpixel((i, j))) + + # When loading this image, the graphics library expects to find a text + # chunk that specifies how many frames this animation represents. If + # you post-process the output of this script with some kind of + # optimizer tool (eg pngcrush or zopflipng) make sure that your + # optimizer preserves this text chunk. + + meta = PngImagePlugin.PngInfo() + meta.add_text("Frames", str(N)) + meta.add_text("FPS", str(fps)) + + out.save(output, pnginfo=meta) + + +def main(argv): + parser = argparse.ArgumentParser() + parser.add_argument('--fps', default=20) + parser.add_argument('--output', '-o', required=True) + parser.add_argument('input', nargs='+') + args = parser.parse_args(argv) -out = Image.new("RGB", (w, h*N)) -for j in range(h): - for i in range(w): - for fn, f in enumerate(frames): - out.putpixel((i, j*N+fn), f.getpixel((i, j))) + interlace(args.output, args.fps, args.input) -# When loading this image, the graphics library expects to find a text -# chunk that specifies how many frames this animation represents. If -# you post-process the output of this script with some kind of -# optimizer tool (eg pngcrush or zopflipng) make sure that your -# optimizer preserves this text chunk. -meta = PngImagePlugin.PngInfo() -meta.add_text("Frames", str(N)) +if __name__ == '__main__': + main(sys.argv[1:]) -out.save(sys.argv[-1], pnginfo=meta) diff --git a/minui/minui.h b/minui/minui.h index bdde083f3..e3bc00548 100644 --- a/minui/minui.h +++ b/minui/minui.h @@ -101,8 +101,8 @@ int res_create_display_surface(const char* name, GRSurface** pSurface); // should have a 'Frames' text chunk whose value is the number of // frames this image represents. The pixel data itself is interlaced // by row. -int res_create_multi_display_surface(const char* name, - int* frames, GRSurface*** pSurface); +int res_create_multi_display_surface(const char* name, int* frames, + int* fps, GRSurface*** pSurface); // Load a single alpha surface from a grayscale PNG image. int res_create_alpha_surface(const char* name, GRSurface** pSurface); diff --git a/minui/resources.cpp b/minui/resources.cpp index 5e4789277..63a0dff28 100644 --- a/minui/resources.cpp +++ b/minui/resources.cpp @@ -237,14 +237,14 @@ int res_create_display_surface(const char* name, GRSurface** pSurface) { return result; } -int res_create_multi_display_surface(const char* name, int* frames, GRSurface*** pSurface) { +int res_create_multi_display_surface(const char* name, int* frames, int* fps, + GRSurface*** pSurface) { GRSurface** surface = NULL; int result = 0; png_structp png_ptr = NULL; png_infop info_ptr = NULL; png_uint_32 width, height; png_byte channels; - int i; png_textp text; int num_text; unsigned char* p_row; @@ -257,14 +257,23 @@ int res_create_multi_display_surface(const char* name, int* frames, GRSurface*** if (result < 0) return result; *frames = 1; + *fps = 20; if (png_get_text(png_ptr, info_ptr, &text, &num_text)) { - for (i = 0; i < num_text; ++i) { + for (int i = 0; i < num_text; ++i) { if (text[i].key && strcmp(text[i].key, "Frames") == 0 && text[i].text) { *frames = atoi(text[i].text); - break; + } else if (text[i].key && strcmp(text[i].key, "FPS") == 0 && text[i].text) { + *fps = atoi(text[i].text); } } printf(" found frames = %d\n", *frames); + printf(" found fps = %d\n", *fps); + } + + if (frames <= 0 || fps <= 0) { + printf("bad number of frames (%d) and/or FPS (%d)\n", *frames, *fps); + result = -10; + goto exit; } if (height % *frames != 0) { @@ -278,7 +287,7 @@ int res_create_multi_display_surface(const char* name, int* frames, GRSurface*** result = -8; goto exit; } - for (i = 0; i < *frames; ++i) { + for (int i = 0; i < *frames; ++i) { surface[i] = init_display_surface(width, height / *frames); if (surface[i] == NULL) { result = -8; @@ -307,7 +316,7 @@ exit: if (result < 0) { if (surface) { - for (i = 0; i < *frames; ++i) { + for (int i = 0; i < *frames; ++i) { if (surface[i]) free(surface[i]); } free(surface); diff --git a/res-hdpi/images/icon_installing.png b/res-hdpi/images/icon_installing.png index c2c020162..0fcfbc231 100644 Binary files a/res-hdpi/images/icon_installing.png and b/res-hdpi/images/icon_installing.png differ diff --git a/res-mdpi/images/icon_installing.png b/res-mdpi/images/icon_installing.png index c2c020162..0fcfbc231 100644 Binary files a/res-mdpi/images/icon_installing.png and b/res-mdpi/images/icon_installing.png differ diff --git a/res-xhdpi/images/icon_installing.png b/res-xhdpi/images/icon_installing.png index c2c020162..0fcfbc231 100644 Binary files a/res-xhdpi/images/icon_installing.png and b/res-xhdpi/images/icon_installing.png differ diff --git a/res-xxhdpi/images/icon_installing.png b/res-xxhdpi/images/icon_installing.png index c2c020162..0fcfbc231 100644 Binary files a/res-xxhdpi/images/icon_installing.png and b/res-xxhdpi/images/icon_installing.png differ diff --git a/res-xxxhdpi/images/icon_installing.png b/res-xxxhdpi/images/icon_installing.png index c2c020162..0fcfbc231 100644 Binary files a/res-xxxhdpi/images/icon_installing.png and b/res-xxxhdpi/images/icon_installing.png differ diff --git a/screen_ui.cpp b/screen_ui.cpp index 23fc90154..522aa6b23 100644 --- a/screen_ui.cpp +++ b/screen_ui.cpp @@ -73,7 +73,7 @@ ScreenRecoveryUI::ScreenRecoveryUI() : menu_items(0), menu_sel(0), file_viewer_text_(nullptr), - animation_fps(20), + animation_fps(-1), installing_frames(-1), stage(-1), max_stage(-1) { @@ -367,8 +367,9 @@ void ScreenRecoveryUI::LoadBitmap(const char* filename, GRSurface** surface) { } } -void ScreenRecoveryUI::LoadBitmapArray(const char* filename, int* frames, GRSurface*** surface) { - int result = res_create_multi_display_surface(filename, frames, surface); +void ScreenRecoveryUI::LoadBitmapArray(const char* filename, int* frames, int* fps, + GRSurface*** surface) { + int result = res_create_multi_display_surface(filename, frames, fps, surface); if (result < 0) { LOGE("missing bitmap %s\n(Code %d)\n", filename, result); } @@ -405,7 +406,7 @@ void ScreenRecoveryUI::Init() { text_top_ = 1; backgroundIcon[NONE] = nullptr; - LoadBitmapArray("icon_installing", &installing_frames, &installation); + LoadBitmapArray("icon_installing", &installing_frames, &animation_fps, &installation); backgroundIcon[INSTALLING_UPDATE] = installing_frames ? installation[0] : nullptr; backgroundIcon[ERASING] = backgroundIcon[INSTALLING_UPDATE]; LoadBitmap("icon_error", &backgroundIcon[ERROR]); diff --git a/screen_ui.h b/screen_ui.h index 8e18864d7..08a5f44a9 100644 --- a/screen_ui.h +++ b/screen_ui.h @@ -109,6 +109,8 @@ class ScreenRecoveryUI : public RecoveryUI { pthread_t progress_thread_; + // The following two are parsed from the image file + // (e.g. '/res/images/icon_installing.png'). int animation_fps; int installing_frames; @@ -135,7 +137,7 @@ class ScreenRecoveryUI : public RecoveryUI { void DrawTextLines(int* y, const char* const* lines); void LoadBitmap(const char* filename, GRSurface** surface); - void LoadBitmapArray(const char* filename, int* frames, GRSurface*** surface); + void LoadBitmapArray(const char* filename, int* frames, int* fps, GRSurface*** surface); void LoadLocalizedBitmap(const char* filename, GRSurface** surface); }; diff --git a/wear_ui.cpp b/wear_ui.cpp index 3ee38e8a4..50aeb3849 100644 --- a/wear_ui.cpp +++ b/wear_ui.cpp @@ -61,10 +61,10 @@ WearRecoveryUI::WearRecoveryUI() : menu_unusable_rows(0), intro_frames(22), loop_frames(60), + animation_fps(30), currentIcon(NONE), intro_done(false), current_frame(0), - animation_fps(30), rtl_locale(false), progressBarType(EMPTY), progressScopeStart(0), diff --git a/wear_ui.h b/wear_ui.h index 839a26438..63c1b6e6e 100644 --- a/wear_ui.h +++ b/wear_ui.h @@ -79,6 +79,9 @@ class WearRecoveryUI : public RecoveryUI { int intro_frames; int loop_frames; + // Number of frames per sec (default: 30) for both of intro and loop. + int animation_fps; + private: Icon currentIcon; @@ -86,8 +89,6 @@ class WearRecoveryUI : public RecoveryUI { int current_frame; - int animation_fps; - bool rtl_locale; pthread_mutex_t updateMutex; -- cgit v1.2.3 From 30bf4765593e639966df9f460df22c3fe912e7bf Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Tue, 15 Dec 2015 11:47:30 -0800 Subject: updater: Add a function to check first block Add and register a function to check if the device has been remounted since last update during incremental OTA. This function reads block 0 and executes before partition recovery for version >= 4. Bug: 21124327 Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f --- updater/blockimg.cpp | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++ updater/install.h | 3 +++ 2 files changed, 58 insertions(+) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 3b26f057a..c6daf7db5 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -42,6 +42,7 @@ #include "applypatch/applypatch.h" #include "edify/expr.h" +#include "install.h" #include "mincrypt/sha.h" #include "minzip/Hash.h" #include "print_sha1.h" @@ -1650,6 +1651,59 @@ Value* RangeSha1Fn(const char* name, State* state, int /* argc */, Expr* argv[]) return StringValue(strdup(print_sha1(digest).c_str())); } +// This function checks if a device has been remounted R/W prior to an incremental +// OTA update. This is an common cause of update abortion. The function reads the +// 1st block of each partition and check for mounting time/count. It return string "t" +// if executes successfully and an empty string otherwise. + +Value* CheckFirstBlockFn(const char* name, State* state, int argc, Expr* argv[]) { + Value* arg_filename; + + if (ReadValueArgs(state, argv, 1, &arg_filename) < 0) { + return nullptr; + } + std::unique_ptr filename(arg_filename, FreeValue); + + if (filename->type != VAL_STRING) { + ErrorAbort(state, "filename argument to %s must be string", name); + return StringValue(strdup("")); + } + + int fd = open(arg_filename->data, O_RDONLY); + unique_fd fd_holder(fd); + if (fd == -1) { + ErrorAbort(state, "open \"%s\" failed: %s", arg_filename->data, strerror(errno)); + return StringValue(strdup("")); + } + + RangeSet blk0 {1 /*count*/, 1/*size*/, std::vector {0, 1}/*position*/}; + std::vector block0_buffer(BLOCKSIZE); + + if (ReadBlocks(blk0, block0_buffer, fd) == -1) { + ErrorAbort(state, "failed to read %s: %s", arg_filename->data, + strerror(errno)); + return StringValue(strdup("")); + } + + // https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout + // Super block starts from block 0, offset 0x400 + // 0x2C: len32 Mount time + // 0x30: len32 Write time + // 0x34: len16 Number of mounts since the last fsck + // 0x38: len16 Magic signature 0xEF53 + + time_t mount_time = *reinterpret_cast(&block0_buffer[0x400+0x2C]); + uint16_t mount_count = *reinterpret_cast(&block0_buffer[0x400+0x34]); + + if (mount_count > 0) { + uiPrintf(state, "Device was remounted R/W %d times\n", mount_count); + uiPrintf(state, "Last remount happened on %s", ctime(&mount_time)); + } + + return StringValue(strdup("t")); +} + + Value* BlockImageRecoverFn(const char* name, State* state, int argc, Expr* argv[]) { Value* arg_filename; Value* arg_ranges; @@ -1731,5 +1785,6 @@ void RegisterBlockImageFunctions() { RegisterFunction("block_image_verify", BlockImageVerifyFn); RegisterFunction("block_image_update", BlockImageUpdateFn); RegisterFunction("block_image_recover", BlockImageRecoverFn); + RegisterFunction("check_first_block", CheckFirstBlockFn); RegisterFunction("range_sha1", RangeSha1Fn); } diff --git a/updater/install.h b/updater/install.h index 659c8b41c..70e343404 100644 --- a/updater/install.h +++ b/updater/install.h @@ -19,6 +19,9 @@ void RegisterInstallFunctions(); +// uiPrintf function prints msg to screen as well as logs +void uiPrintf(State* state, const char* format, ...); + static int make_parents(char* name); #endif -- cgit v1.2.3 From 0779fc98147a298eda6475c7744c5957ac382740 Mon Sep 17 00:00:00 2001 From: David Riley Date: Thu, 10 Dec 2015 10:18:25 -0800 Subject: imgdiff: skip spurious gzip headers in image files dragon kernel is compressed via lz4 for boot speed and bootloader support reasons and recent prebuilts happen to include the gzip header sequence which is causing imgdiff to fail. Detect a spurious gzip header and treat the section as a normal section. Bug: 26133184 Change-Id: I369d7d576fd7d2c579c0780fc5c669a5b6ea0d3d (cherry picked from commit 0f2f6a746af517afca9e5e089a4a17be0a9766d6) Signed-off-by: David Riley --- applypatch/imgdiff.cpp | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/applypatch/imgdiff.cpp b/applypatch/imgdiff.cpp index 50cabbe6b..f22502e38 100644 --- a/applypatch/imgdiff.cpp +++ b/applypatch/imgdiff.cpp @@ -407,6 +407,7 @@ unsigned char* ReadImage(const char* filename, while (pos < sz) { unsigned char* p = img+pos; + bool processed_deflate = false; if (sz - pos >= 4 && p[0] == 0x1f && p[1] == 0x8b && p[2] == 0x08 && // deflate compression @@ -460,18 +461,24 @@ unsigned char* ReadImage(const char* filename, strm.next_out = curr->data + curr->len; ret = inflate(&strm, Z_NO_FLUSH); if (ret < 0) { - printf("Error: inflate failed [%s] at file offset [%zu]\n" - "imgdiff only supports gzip kernel compression," - " did you try CONFIG_KERNEL_LZO?\n", - strm.msg, chunk_offset); - free(img); - return NULL; + if (!processed_deflate) { + // This is the first chunk, assume that it's just a spurious + // gzip header instead of a real one. + break; + } + printf("Error: inflate failed [%s] at file offset [%zu]\n" + "imgdiff only supports gzip kernel compression," + " did you try CONFIG_KERNEL_LZO?\n", + strm.msg, chunk_offset); + free(img); + return NULL; } curr->len = allocated - strm.avail_out; if (strm.avail_out == 0) { allocated *= 2; curr->data = reinterpret_cast(realloc(curr->data, allocated)); } + processed_deflate = true; } while (ret != Z_STREAM_END); curr->deflate_len = sz - strm.avail_in - pos; -- cgit v1.2.3 From f1fc48c6e62cfee42d25ad12f443e22d50c15d0b Mon Sep 17 00:00:00 2001 From: Jed Estep Date: Tue, 15 Dec 2015 16:04:53 -0800 Subject: IO fault injection for OTA packages Bug: 25951086 Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c --- Android.mk | 1 + applypatch/Android.mk | 4 +- applypatch/applypatch.cpp | 49 +++++++------- otafault/Android.mk | 58 +++++++++++++++++ otafault/ota_io.cpp | 160 ++++++++++++++++++++++++++++++++++++++++++++++ otafault/ota_io.h | 49 ++++++++++++++ otafault/test.cpp | 32 ++++++++++ updater/Android.mk | 2 +- updater/blockimg.cpp | 13 ++-- updater/install.cpp | 25 ++++---- 10 files changed, 348 insertions(+), 45 deletions(-) create mode 100644 otafault/Android.mk create mode 100644 otafault/ota_io.cpp create mode 100644 otafault/ota_io.h create mode 100644 otafault/test.cpp diff --git a/Android.mk b/Android.mk index 602a85673..13fc04bcc 100644 --- a/Android.mk +++ b/Android.mk @@ -135,6 +135,7 @@ include $(LOCAL_PATH)/minui/Android.mk \ $(LOCAL_PATH)/tools/Android.mk \ $(LOCAL_PATH)/edify/Android.mk \ $(LOCAL_PATH)/uncrypt/Android.mk \ + $(LOCAL_PATH)/otafault/Android.mk \ $(LOCAL_PATH)/updater/Android.mk \ $(LOCAL_PATH)/update_verifier/Android.mk \ $(LOCAL_PATH)/applypatch/Android.mk diff --git a/applypatch/Android.mk b/applypatch/Android.mk index 93a272997..49f9989ae 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -21,7 +21,7 @@ LOCAL_SRC_FILES := applypatch.cpp bspatch.cpp freecache.cpp imgpatch.cpp utils.c LOCAL_MODULE := libapplypatch LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += external/bzip2 external/zlib bootable/recovery -LOCAL_STATIC_LIBRARIES += libbase libmtdutils libmincrypt libbz libz +LOCAL_STATIC_LIBRARIES += libbase libotafault libmtdutils libmincrypt libbz libz include $(BUILD_STATIC_LIBRARY) @@ -31,7 +31,7 @@ LOCAL_CLANG := true LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery -LOCAL_STATIC_LIBRARIES += libapplypatch libbase libmtdutils libmincrypt libbz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libotafault libmtdutils libmincrypt libbz LOCAL_SHARED_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index f9425af93..93e6b25ac 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -32,6 +32,7 @@ #include "mtdutils/mtdutils.h" #include "edify/expr.h" #include "print_sha1.h" +#include "otafault/ota_io.h" static int LoadPartitionContents(const char* filename, FileContents* file); static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token); @@ -69,7 +70,7 @@ int LoadFileContents(const char* filename, FileContents* file) { file->size = file->st.st_size; file->data = reinterpret_cast(malloc(file->size)); - FILE* f = fopen(filename, "rb"); + FILE* f = ota_fopen(filename, "rb"); if (f == NULL) { printf("failed to open \"%s\": %s\n", filename, strerror(errno)); free(file->data); @@ -77,14 +78,14 @@ int LoadFileContents(const char* filename, FileContents* file) { return -1; } - size_t bytes_read = fread(file->data, 1, file->size, f); + size_t bytes_read = ota_fread(file->data, 1, file->size, f); if (bytes_read != static_cast(file->size)) { printf("short read of \"%s\" (%zu bytes of %zd)\n", filename, bytes_read, file->size); free(file->data); file->data = NULL; return -1; } - fclose(f); + ota_fclose(f); SHA_hash(file->data, file->size, file->sha1); return 0; @@ -173,7 +174,7 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { } case EMMC: - dev = fopen(partition, "rb"); + dev = ota_fopen(partition, "rb"); if (dev == NULL) { printf("failed to open emmc partition \"%s\": %s\n", partition, strerror(errno)); return -1; @@ -202,7 +203,7 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { break; case EMMC: - read = fread(p, 1, next, dev); + read = ota_fread(p, 1, next, dev); break; } if (next != read) { @@ -247,7 +248,7 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { break; case EMMC: - fclose(dev); + ota_fclose(dev); break; } @@ -277,7 +278,7 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { // Save the contents of the given FileContents object under the given // filename. Return 0 on success. int SaveFileContents(const char* filename, const FileContents* file) { - int fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); + int fd = ota_open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); if (fd < 0) { printf("failed to open \"%s\" for write: %s\n", filename, strerror(errno)); return -1; @@ -287,14 +288,14 @@ int SaveFileContents(const char* filename, const FileContents* file) { if (bytes_written != file->size) { printf("short write of \"%s\" (%zd bytes of %zd) (%s)\n", filename, bytes_written, file->size, strerror(errno)); - close(fd); + ota_close(fd); return -1; } - if (fsync(fd) != 0) { + if (ota_fsync(fd) != 0) { printf("fsync of \"%s\" failed: %s\n", filename, strerror(errno)); return -1; } - if (close(fd) != 0) { + if (ota_close(fd) != 0) { printf("close of \"%s\" failed: %s\n", filename, strerror(errno)); return -1; } @@ -377,7 +378,7 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { case EMMC: { size_t start = 0; bool success = false; - int fd = open(partition, O_RDWR | O_SYNC); + int fd = ota_open(partition, O_RDWR | O_SYNC); if (fd < 0) { printf("failed to open %s: %s\n", partition, strerror(errno)); return -1; @@ -392,22 +393,22 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { size_t to_write = len - start; if (to_write > 1<<20) to_write = 1<<20; - ssize_t written = TEMP_FAILURE_RETRY(write(fd, data+start, to_write)); + ssize_t written = TEMP_FAILURE_RETRY(ota_write(fd, data+start, to_write)); if (written == -1) { printf("failed write writing to %s: %s\n", partition, strerror(errno)); return -1; } start += written; } - if (fsync(fd) != 0) { + if (ota_fsync(fd) != 0) { printf("failed to sync to %s (%s)\n", partition, strerror(errno)); return -1; } - if (close(fd) != 0) { + if (ota_close(fd) != 0) { printf("failed to close %s (%s)\n", partition, strerror(errno)); return -1; } - fd = open(partition, O_RDONLY); + fd = ota_open(partition, O_RDONLY); if (fd < 0) { printf("failed to reopen %s for verify (%s)\n", partition, strerror(errno)); return -1; @@ -416,13 +417,13 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { // Drop caches so our subsequent verification read // won't just be reading the cache. sync(); - int dc = open("/proc/sys/vm/drop_caches", O_WRONLY); - if (TEMP_FAILURE_RETRY(write(dc, "3\n", 2)) == -1) { + int dc = ota_open("/proc/sys/vm/drop_caches", O_WRONLY); + if (TEMP_FAILURE_RETRY(ota_write(dc, "3\n", 2)) == -1) { printf("write to /proc/sys/vm/drop_caches failed: %s\n", strerror(errno)); } else { printf(" caches dropped\n"); } - close(dc); + ota_close(dc); sleep(1); // verify @@ -442,7 +443,7 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { size_t so_far = 0; while (so_far < to_read) { ssize_t read_count = - TEMP_FAILURE_RETRY(read(fd, buffer+so_far, to_read-so_far)); + TEMP_FAILURE_RETRY(ota_read(fd, buffer+so_far, to_read-so_far)); if (read_count == -1) { printf("verify read error %s at %zu: %s\n", partition, p, strerror(errno)); @@ -474,7 +475,7 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { return -1; } - if (close(fd) != 0) { + if (ota_close(fd) != 0) { printf("error closing %s (%s)\n", partition, strerror(errno)); return -1; } @@ -584,7 +585,7 @@ ssize_t FileSink(const unsigned char* data, ssize_t len, void* token) { ssize_t done = 0; ssize_t wrote; while (done < len) { - wrote = TEMP_FAILURE_RETRY(write(fd, data+done, len-done)); + wrote = TEMP_FAILURE_RETRY(ota_write(fd, data+done, len-done)); if (wrote == -1) { printf("error writing %zd bytes: %s\n", (len-done), strerror(errno)); return done; @@ -944,7 +945,7 @@ static int GenerateTarget(FileContents* source_file, strcpy(outname, target_filename); strcat(outname, ".patch"); - output = open(outname, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); + output = ota_open(outname, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); if (output < 0) { printf("failed to open output file %s: %s\n", outname, strerror(errno)); @@ -975,11 +976,11 @@ static int GenerateTarget(FileContents* source_file, } if (output >= 0) { - if (fsync(output) != 0) { + if (ota_fsync(output) != 0) { printf("failed to fsync file \"%s\" (%s)\n", outname, strerror(errno)); result = 1; } - if (close(output) != 0) { + if (ota_close(output) != 0) { printf("failed to close file \"%s\" (%s)\n", outname, strerror(errno)); result = 1; } diff --git a/otafault/Android.mk b/otafault/Android.mk new file mode 100644 index 000000000..75617a146 --- /dev/null +++ b/otafault/Android.mk @@ -0,0 +1,58 @@ +# Copyright 2015 The ANdroid Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific languae governing permissions and +# limitations under the License. + +LOCAL_PATH := $(call my-dir) + +empty := +space := $(empty) $(empty) +comma := , + +ifneq ($(TARGET_INJECT_FAULTS),) +TARGET_INJECT_FAULTS := $(subst $(comma),$(space),$(strip $(TARGET_INJECT_FAULTS))) +endif + +include $(CLEAR_VARS) + +LOCAL_SRC_FILES := ota_io.cpp +LOCAL_MODULE_TAGS := eng +LOCAL_MODULE := libotafault +LOCAL_CLANG := true + +ifneq ($(TARGET_INJECT_FAULTS),) +$(foreach ft,$(TARGET_INJECT_FAULTS),\ + $(eval LOCAL_CFLAGS += -DTARGET_$(ft)_FAULT=$(TARGET_$(ft)_FAULT_FILE))) +LOCAL_CFLAGS += -Wno-unused-parameter +LOCAL_CFLAGS += -DTARGET_INJECT_FAULTS +endif + +LOCAL_STATIC_LIBRARIES := libc + +include $(BUILD_STATIC_LIBRARY) + +include $(CLEAR_VARS) + +LOCAL_SRC_FILES := ota_io.cpp test.cpp +LOCAL_MODULE_TAGS := tests +LOCAL_MODULE := otafault_test +LOCAL_STATIC_LIBRARIES := libc +LOCAL_FORCE_STATIC_EXECUTABLE := true +LOCAL_CFLAGS += -Wno-unused-parameter -Wno-writable-strings + +ifneq ($(TARGET_INJECT_FAULTS),) +$(foreach ft,$(TARGET_INJECT_FAULTS),\ + $(eval LOCAL_CFLAGS += -DTARGET_$(ft)_FAULT=$(TARGET_$(ft)_FAULT_FILE))) +LOCAL_CFLAGS += -DTARGET_INJECT_FAULTS +endif + +include $(BUILD_EXECUTABLE) diff --git a/otafault/ota_io.cpp b/otafault/ota_io.cpp new file mode 100644 index 000000000..02e80f9bf --- /dev/null +++ b/otafault/ota_io.cpp @@ -0,0 +1,160 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if defined (TARGET_INJECT_FAULTS) +#include +#endif + +#include +#include +#include +#include +#include + +#include "ota_io.h" + +#if defined (TARGET_INJECT_FAULTS) +static std::map FilenameCache; +static std::string FaultFileName = +#if defined (TARGET_READ_FAULT) + TARGET_READ_FAULT; +#elif defined (TARGET_WRITE_FAULT) + TARGET_WRITE_FAULT; +#elif defined (TARGET_FSYNC_FAULT) + TARGET_FSYNC_FAULT; +#endif // defined (TARGET_READ_FAULT) +#endif // defined (TARGET_INJECT_FAULTS) + +int ota_open(const char* path, int oflags) { +#if defined (TARGET_INJECT_FAULTS) + // Let the caller handle errors; we do not care if open succeeds or fails + int fd = open(path, oflags); + FilenameCache[fd] = path; + return fd; +#else + return open(path, oflags); +#endif +} + +int ota_open(const char* path, int oflags, mode_t mode) { +#if defined (TARGET_INJECT_FAULTS) + int fd = open(path, oflags, mode); + FilenameCache[fd] = path; + return fd; +#else + return open(path, oflags, mode); +#endif +} + +FILE* ota_fopen(const char* path, const char* mode) { +#if defined (TARGET_INJECT_FAULTS) + FILE* fh = fopen(path, mode); + FilenameCache[(intptr_t)fh] = path; + return fh; +#else + return fopen(path, mode); +#endif +} + +int ota_close(int fd) { +#if defined (TARGET_INJECT_FAULTS) + // descriptors can be reused, so make sure not to leave them in the cahce + FilenameCache.erase(fd); +#endif + return close(fd); +} + +int ota_fclose(FILE* fh) { +#if defined (TARGET_INJECT_FAULTS) + FilenameCache.erase((intptr_t)fh); +#endif + return fclose(fh); +} + +size_t ota_fread(void* ptr, size_t size, size_t nitems, FILE* stream) { +#if defined (TARGET_READ_FAULT) + if (FilenameCache.find((intptr_t)stream) != FilenameCache.end() + && FilenameCache[(intptr_t)stream] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + return 0; + } else { + return fread(ptr, size, nitems, stream); + } +#else + return fread(ptr, size, nitems, stream); +#endif +} + +ssize_t ota_read(int fd, void* buf, size_t nbyte) { +#if defined (TARGET_READ_FAULT) + if (FilenameCache.find(fd) != FilenameCache.end() + && FilenameCache[fd] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + return -1; + } else { + return read(fd, buf, nbyte); + } +#else + return read(fd, buf, nbyte); +#endif +} + +size_t ota_fwrite(const void* ptr, size_t size, size_t count, FILE* stream) { +#if defined (TARGET_WRITE_FAULT) + if (FilenameCache.find((intptr_t)stream) != FilenameCache.end() + && FilenameCache[(intptr_t)stream] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + return 0; + } else { + return fwrite(ptr, size, count, stream); + } +#else + return fwrite(ptr, size, count, stream); +#endif +} + +ssize_t ota_write(int fd, const void* buf, size_t nbyte) { +#if defined (TARGET_WRITE_FAULT) + if (FilenameCache.find(fd) != FilenameCache.end() + && FilenameCache[fd] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + return -1; + } else { + return write(fd, buf, nbyte); + } +#else + return write(fd, buf, nbyte); +#endif +} + +int ota_fsync(int fd) { +#if defined (TARGET_FSYNC_FAULT) + if (FilenameCache.find(fd) != FilenameCache.end() + && FilenameCache[fd] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + return -1; + } else { + return fsync(fd); + } +#else + return fsync(fd); +#endif +} diff --git a/otafault/ota_io.h b/otafault/ota_io.h new file mode 100644 index 000000000..641a5ae0a --- /dev/null +++ b/otafault/ota_io.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * Provide a series of proxy functions for basic file accessors. + * The behavior of these functions can be changed to return different + * errors under a variety of conditions. + */ + +#ifndef _UPDATER_OTA_IO_H_ +#define _UPDATER_OTA_IO_H_ + +#include +#include + +int ota_open(const char* path, int oflags); + +int ota_open(const char* path, int oflags, mode_t mode); + +FILE* ota_fopen(const char* filename, const char* mode); + +int ota_close(int fd); + +int ota_fclose(FILE* fh); + +size_t ota_fread(void* ptr, size_t size, size_t nitems, FILE* stream); + +ssize_t ota_read(int fd, void* buf, size_t nbyte); + +size_t ota_fwrite(const void* ptr, size_t size, size_t count, FILE* stream); + +ssize_t ota_write(int fd, const void* buf, size_t nbyte); + +int ota_fsync(int fd); + +#endif diff --git a/otafault/test.cpp b/otafault/test.cpp new file mode 100644 index 000000000..a0f731517 --- /dev/null +++ b/otafault/test.cpp @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include "ota_io.h" + +int main(int argc, char **argv) { + int fd = open("testdata/test.file", O_RDWR); + char buf[8]; + char *out = "321"; + int readv = ota_read(fd, buf, 4); + printf("Read returned %d\n", readv); + int writev = ota_write(fd, out, 4); + printf("Write returned %d\n", writev); + return 0; +} diff --git a/updater/Android.mk b/updater/Android.mk index dcf437474..d74dffc0c 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -45,7 +45,7 @@ LOCAL_STATIC_LIBRARIES += \ endif LOCAL_STATIC_LIBRARIES += $(TARGET_RECOVERY_UPDATER_LIBS) $(TARGET_RECOVERY_UPDATER_EXTRA_LIBS) -LOCAL_STATIC_LIBRARIES += libapplypatch libbase libedify libmtdutils libminzip libz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libotafault libedify libmtdutils libminzip libz LOCAL_STATIC_LIBRARIES += libmincrypt libbz LOCAL_STATIC_LIBRARIES += libcutils liblog libc LOCAL_STATIC_LIBRARIES += libselinux diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 3b26f057a..86be47603 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -44,6 +44,7 @@ #include "edify/expr.h" #include "mincrypt/sha.h" #include "minzip/Hash.h" +#include "otafault/ota_io.h" #include "print_sha1.h" #include "unique_fd.h" #include "updater.h" @@ -138,7 +139,7 @@ static bool range_overlaps(const RangeSet& r1, const RangeSet& r2) { static int read_all(int fd, uint8_t* data, size_t size) { size_t so_far = 0; while (so_far < size) { - ssize_t r = TEMP_FAILURE_RETRY(read(fd, data+so_far, size-so_far)); + ssize_t r = TEMP_FAILURE_RETRY(ota_read(fd, data+so_far, size-so_far)); if (r == -1) { fprintf(stderr, "read failed: %s\n", strerror(errno)); return -1; @@ -155,7 +156,7 @@ static int read_all(int fd, std::vector& buffer, size_t size) { static int write_all(int fd, const uint8_t* data, size_t size) { size_t written = 0; while (written < size) { - ssize_t w = TEMP_FAILURE_RETRY(write(fd, data+written, size-written)); + ssize_t w = TEMP_FAILURE_RETRY(ota_write(fd, data+written, size-written)); if (w == -1) { fprintf(stderr, "write failed: %s\n", strerror(errno)); return -1; @@ -621,7 +622,7 @@ static int WriteStash(const std::string& base, const std::string& id, int blocks return -1; } - if (fsync(fd) == -1) { + if (ota_fsync(fd) == -1) { fprintf(stderr, "fsync \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); return -1; } @@ -641,7 +642,7 @@ static int WriteStash(const std::string& base, const std::string& id, int blocks return -1; } - if (fsync(dfd) == -1) { + if (ota_fsync(dfd) == -1) { fprintf(stderr, "fsync \"%s\" failed: %s\n", dname.c_str(), strerror(errno)); return -1; } @@ -1466,7 +1467,7 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg } if (params.canwrite) { - if (fsync(params.fd) == -1) { + if (ota_fsync(params.fd) == -1) { fprintf(stderr, "fsync failed: %s\n", strerror(errno)); goto pbiudone; } @@ -1491,7 +1492,7 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, int /* arg rc = 0; pbiudone: - if (fsync(params.fd) == -1) { + if (ota_fsync(params.fd) == -1) { fprintf(stderr, "fsync failed: %s\n", strerror(errno)); } // params.fd will be automatically closed because of the fd_holder above. diff --git a/updater/install.cpp b/updater/install.cpp index b09086964..be9735595 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -48,6 +48,7 @@ #include "minzip/DirUtil.h" #include "mtdutils/mounts.h" #include "mtdutils/mtdutils.h" +#include "otafault/ota_io.h" #include "updater.h" #include "install.h" #include "tune2fs.h" @@ -555,18 +556,18 @@ Value* PackageExtractFileFn(const char* name, State* state, } { - int fd = TEMP_FAILURE_RETRY(open(dest_path, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, + int fd = TEMP_FAILURE_RETRY(ota_open(dest_path, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR)); if (fd == -1) { printf("%s: can't open %s for write: %s\n", name, dest_path, strerror(errno)); goto done2; } success = mzExtractZipEntryToFile(za, entry, fd); - if (fsync(fd) == -1) { + if (ota_fsync(fd) == -1) { printf("fsync of \"%s\" failed: %s\n", dest_path, strerror(errno)); success = false; } - if (close(fd) == -1) { + if (ota_close(fd) == -1) { printf("close of \"%s\" failed: %s\n", dest_path, strerror(errno)); success = false; } @@ -999,7 +1000,7 @@ Value* FileGetPropFn(const char* name, State* state, int argc, Expr* argv[]) { goto done; } - if (fread(buffer, 1, st.st_size, f) != static_cast(st.st_size)) { + if (ota_fread(buffer, 1, st.st_size, f) != static_cast(st.st_size)) { ErrorAbort(state, "%s: failed to read %lld bytes from %s", name, (long long)st.st_size+1, filename); fclose(f); @@ -1102,7 +1103,7 @@ Value* WriteRawImageFn(const char* name, State* state, int argc, Expr* argv[]) { if (contents->type == VAL_STRING) { // we're given a filename as the contents char* filename = contents->data; - FILE* f = fopen(filename, "rb"); + FILE* f = ota_fopen(filename, "rb"); if (f == NULL) { printf("%s: can't open %s: %s\n", name, filename, strerror(errno)); result = strdup(""); @@ -1112,12 +1113,12 @@ Value* WriteRawImageFn(const char* name, State* state, int argc, Expr* argv[]) { success = true; char* buffer = reinterpret_cast(malloc(BUFSIZ)); int read; - while (success && (read = fread(buffer, 1, BUFSIZ, f)) > 0) { + while (success && (read = ota_fread(buffer, 1, BUFSIZ, f)) > 0) { int wrote = mtd_write_data(ctx, buffer, read); success = success && (wrote == read); } free(buffer); - fclose(f); + ota_fclose(f); } else { // we're given a blob as the contents ssize_t wrote = mtd_write_data(ctx, contents->data, contents->size); @@ -1445,7 +1446,7 @@ Value* RebootNowFn(const char* name, State* state, int argc, Expr* argv[]) { memset(buffer, 0, sizeof(((struct bootloader_message*)0)->command)); FILE* f = fopen(filename, "r+b"); fseek(f, offsetof(struct bootloader_message, command), SEEK_SET); - fwrite(buffer, sizeof(((struct bootloader_message*)0)->command), 1, f); + ota_fwrite(buffer, sizeof(((struct bootloader_message*)0)->command), 1, f); fclose(f); free(filename); @@ -1493,7 +1494,7 @@ Value* SetStageFn(const char* name, State* state, int argc, Expr* argv[]) { to_write = max_size; stagestr[max_size-1] = 0; } - fwrite(stagestr, to_write, 1, f); + ota_fwrite(stagestr, to_write, 1, f); fclose(f); free(stagestr); @@ -1513,7 +1514,7 @@ Value* GetStageFn(const char* name, State* state, int argc, Expr* argv[]) { char buffer[sizeof(((struct bootloader_message*)0)->stage)]; FILE* f = fopen(filename, "rb"); fseek(f, offsetof(struct bootloader_message, stage), SEEK_SET); - fread(buffer, sizeof(buffer), 1, f); + ota_fread(buffer, sizeof(buffer), 1, f); fclose(f); buffer[sizeof(buffer)-1] = '\0'; @@ -1531,13 +1532,13 @@ Value* WipeBlockDeviceFn(const char* name, State* state, int argc, Expr* argv[]) size_t len; android::base::ParseUint(len_str, &len); - int fd = open(filename, O_WRONLY, 0644); + int fd = ota_open(filename, O_WRONLY, 0644); int success = wipe_block_device(fd, len); free(filename); free(len_str); - close(fd); + ota_close(fd); return StringValue(strdup(success ? "t" : "")); } -- cgit v1.2.3 From 57bed6d8c9beace01b743580d6c878b0724d2f90 Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Tue, 15 Dec 2015 11:47:30 -0800 Subject: updater: Add a function to check first block Add and register a function to check if the device has been remounted since last update during incremental OTA. This function reads block 0 and executes before partition recovery for version >= 4. Bug: 21124327 Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f (cherry picked from commit 30bf4765593e639966df9f460df22c3fe912e7bf) --- updater/blockimg.cpp | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++ updater/install.h | 3 +++ 2 files changed, 58 insertions(+) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 3b26f057a..c6daf7db5 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -42,6 +42,7 @@ #include "applypatch/applypatch.h" #include "edify/expr.h" +#include "install.h" #include "mincrypt/sha.h" #include "minzip/Hash.h" #include "print_sha1.h" @@ -1650,6 +1651,59 @@ Value* RangeSha1Fn(const char* name, State* state, int /* argc */, Expr* argv[]) return StringValue(strdup(print_sha1(digest).c_str())); } +// This function checks if a device has been remounted R/W prior to an incremental +// OTA update. This is an common cause of update abortion. The function reads the +// 1st block of each partition and check for mounting time/count. It return string "t" +// if executes successfully and an empty string otherwise. + +Value* CheckFirstBlockFn(const char* name, State* state, int argc, Expr* argv[]) { + Value* arg_filename; + + if (ReadValueArgs(state, argv, 1, &arg_filename) < 0) { + return nullptr; + } + std::unique_ptr filename(arg_filename, FreeValue); + + if (filename->type != VAL_STRING) { + ErrorAbort(state, "filename argument to %s must be string", name); + return StringValue(strdup("")); + } + + int fd = open(arg_filename->data, O_RDONLY); + unique_fd fd_holder(fd); + if (fd == -1) { + ErrorAbort(state, "open \"%s\" failed: %s", arg_filename->data, strerror(errno)); + return StringValue(strdup("")); + } + + RangeSet blk0 {1 /*count*/, 1/*size*/, std::vector {0, 1}/*position*/}; + std::vector block0_buffer(BLOCKSIZE); + + if (ReadBlocks(blk0, block0_buffer, fd) == -1) { + ErrorAbort(state, "failed to read %s: %s", arg_filename->data, + strerror(errno)); + return StringValue(strdup("")); + } + + // https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout + // Super block starts from block 0, offset 0x400 + // 0x2C: len32 Mount time + // 0x30: len32 Write time + // 0x34: len16 Number of mounts since the last fsck + // 0x38: len16 Magic signature 0xEF53 + + time_t mount_time = *reinterpret_cast(&block0_buffer[0x400+0x2C]); + uint16_t mount_count = *reinterpret_cast(&block0_buffer[0x400+0x34]); + + if (mount_count > 0) { + uiPrintf(state, "Device was remounted R/W %d times\n", mount_count); + uiPrintf(state, "Last remount happened on %s", ctime(&mount_time)); + } + + return StringValue(strdup("t")); +} + + Value* BlockImageRecoverFn(const char* name, State* state, int argc, Expr* argv[]) { Value* arg_filename; Value* arg_ranges; @@ -1731,5 +1785,6 @@ void RegisterBlockImageFunctions() { RegisterFunction("block_image_verify", BlockImageVerifyFn); RegisterFunction("block_image_update", BlockImageUpdateFn); RegisterFunction("block_image_recover", BlockImageRecoverFn); + RegisterFunction("check_first_block", CheckFirstBlockFn); RegisterFunction("range_sha1", RangeSha1Fn); } diff --git a/updater/install.h b/updater/install.h index 659c8b41c..70e343404 100644 --- a/updater/install.h +++ b/updater/install.h @@ -19,6 +19,9 @@ void RegisterInstallFunctions(); +// uiPrintf function prints msg to screen as well as logs +void uiPrintf(State* state, const char* format, ...); + static int make_parents(char* name); #endif -- cgit v1.2.3 From a5d5082222b7420801cdb77f09305dd4c3afb4db Mon Sep 17 00:00:00 2001 From: Andriy Naborskyy Date: Fri, 8 Jan 2016 10:11:41 -0800 Subject: Revert "Byte swap to support BGRA in recovery mode" This reverts commit e5879c3639789d61803605c12371a4f291e0b3cc. The swap in page flip code is not needed any more. New changes take care of ABGR and BGRA formats swapping bytes in png and drawing routines See commit fd778e3e406a7e83536ea66776996f032f24af64 Bug: 26243152 Change-Id: I313ee41bee2c143b4e5412515285a65ac394ec77 --- minui/graphics_fbdev.cpp | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/minui/graphics_fbdev.cpp b/minui/graphics_fbdev.cpp index 997e9cac2..0788f7552 100644 --- a/minui/graphics_fbdev.cpp +++ b/minui/graphics_fbdev.cpp @@ -176,18 +176,6 @@ static GRSurface* fbdev_init(minui_backend* backend) { static GRSurface* fbdev_flip(minui_backend* backend __unused) { if (double_buffered) { -#if defined(RECOVERY_BGRA) - // In case of BGRA, do some byte swapping - unsigned int idx; - unsigned char tmp; - unsigned char* ucfb_vaddr = (unsigned char*)gr_draw->data; - for (idx = 0 ; idx < (gr_draw->height * gr_draw->row_bytes); - idx += 4) { - tmp = ucfb_vaddr[idx]; - ucfb_vaddr[idx ] = ucfb_vaddr[idx + 2]; - ucfb_vaddr[idx + 2] = tmp; - } -#endif // Change gr_draw to point to the buffer currently displayed, // then flip the driver so we're displaying the other buffer // instead. -- cgit v1.2.3 From c8abc4ec45ae9c5310097a02a406cd663e5457ea Mon Sep 17 00:00:00 2001 From: Ying Wang Date: Mon, 11 Jan 2016 18:14:17 -0800 Subject: Rename .l/.y to .ll/.yy Now to generate .cpp you need to use .ll/.yy. Bug: 26492989 Change-Id: Ib078e03b3b0758f7a62595c343e52ae856bcb33f --- edify/Android.mk | 4 +- edify/lexer.l | 112 -------------------------------------------- edify/lexer.ll | 112 ++++++++++++++++++++++++++++++++++++++++++++ edify/parser.y | 139 ------------------------------------------------------- edify/parser.yy | 139 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 253 insertions(+), 253 deletions(-) delete mode 100644 edify/lexer.l create mode 100644 edify/lexer.ll delete mode 100644 edify/parser.y create mode 100644 edify/parser.yy diff --git a/edify/Android.mk b/edify/Android.mk index 9b859d42e..038dec088 100644 --- a/edify/Android.mk +++ b/edify/Android.mk @@ -3,8 +3,8 @@ LOCAL_PATH := $(call my-dir) edify_src_files := \ - lexer.l \ - parser.y \ + lexer.ll \ + parser.yy \ expr.cpp # diff --git a/edify/lexer.l b/edify/lexer.l deleted file mode 100644 index fb2933bee..000000000 --- a/edify/lexer.l +++ /dev/null @@ -1,112 +0,0 @@ -%{ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include "expr.h" -#include "yydefs.h" -#include "parser.h" - -int gLine = 1; -int gColumn = 1; -int gPos = 0; - -// TODO: enforce MAX_STRING_LEN during lexing -char string_buffer[MAX_STRING_LEN]; -char* string_pos; - -#define ADVANCE do {yylloc.start=gPos; yylloc.end=gPos+yyleng; \ - gColumn+=yyleng; gPos+=yyleng;} while(0) - -%} - -%x STR - -%option noyywrap - -%% - - -\" { - BEGIN(STR); - string_pos = string_buffer; - yylloc.start = gPos; - ++gColumn; - ++gPos; -} - -{ - \" { - ++gColumn; - ++gPos; - BEGIN(INITIAL); - *string_pos = '\0'; - yylval.str = strdup(string_buffer); - yylloc.end = gPos; - return STRING; - } - - \\n { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\n'; } - \\t { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\t'; } - \\\" { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\"'; } - \\\\ { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\\'; } - - \\x[0-9a-fA-F]{2} { - gColumn += yyleng; - gPos += yyleng; - int val; - sscanf(yytext+2, "%x", &val); - *string_pos++ = val; - } - - \n { - ++gLine; - ++gPos; - gColumn = 1; - *string_pos++ = yytext[0]; - } - - . { - ++gColumn; - ++gPos; - *string_pos++ = yytext[0]; - } -} - -if ADVANCE; return IF; -then ADVANCE; return THEN; -else ADVANCE; return ELSE; -endif ADVANCE; return ENDIF; - -[a-zA-Z0-9_:/.]+ { - ADVANCE; - yylval.str = strdup(yytext); - return STRING; -} - -\&\& ADVANCE; return AND; -\|\| ADVANCE; return OR; -== ADVANCE; return EQ; -!= ADVANCE; return NE; - -[+(),!;] ADVANCE; return yytext[0]; - -[ \t]+ ADVANCE; - -(#.*)?\n gPos += yyleng; ++gLine; gColumn = 1; - -. return BAD; diff --git a/edify/lexer.ll b/edify/lexer.ll new file mode 100644 index 000000000..fb2933bee --- /dev/null +++ b/edify/lexer.ll @@ -0,0 +1,112 @@ +%{ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "expr.h" +#include "yydefs.h" +#include "parser.h" + +int gLine = 1; +int gColumn = 1; +int gPos = 0; + +// TODO: enforce MAX_STRING_LEN during lexing +char string_buffer[MAX_STRING_LEN]; +char* string_pos; + +#define ADVANCE do {yylloc.start=gPos; yylloc.end=gPos+yyleng; \ + gColumn+=yyleng; gPos+=yyleng;} while(0) + +%} + +%x STR + +%option noyywrap + +%% + + +\" { + BEGIN(STR); + string_pos = string_buffer; + yylloc.start = gPos; + ++gColumn; + ++gPos; +} + +{ + \" { + ++gColumn; + ++gPos; + BEGIN(INITIAL); + *string_pos = '\0'; + yylval.str = strdup(string_buffer); + yylloc.end = gPos; + return STRING; + } + + \\n { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\n'; } + \\t { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\t'; } + \\\" { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\"'; } + \\\\ { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\\'; } + + \\x[0-9a-fA-F]{2} { + gColumn += yyleng; + gPos += yyleng; + int val; + sscanf(yytext+2, "%x", &val); + *string_pos++ = val; + } + + \n { + ++gLine; + ++gPos; + gColumn = 1; + *string_pos++ = yytext[0]; + } + + . { + ++gColumn; + ++gPos; + *string_pos++ = yytext[0]; + } +} + +if ADVANCE; return IF; +then ADVANCE; return THEN; +else ADVANCE; return ELSE; +endif ADVANCE; return ENDIF; + +[a-zA-Z0-9_:/.]+ { + ADVANCE; + yylval.str = strdup(yytext); + return STRING; +} + +\&\& ADVANCE; return AND; +\|\| ADVANCE; return OR; +== ADVANCE; return EQ; +!= ADVANCE; return NE; + +[+(),!;] ADVANCE; return yytext[0]; + +[ \t]+ ADVANCE; + +(#.*)?\n gPos += yyleng; ++gLine; gColumn = 1; + +. return BAD; diff --git a/edify/parser.y b/edify/parser.y deleted file mode 100644 index 098a6370a..000000000 --- a/edify/parser.y +++ /dev/null @@ -1,139 +0,0 @@ -%{ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include - -#include "expr.h" -#include "yydefs.h" -#include "parser.h" - -extern int gLine; -extern int gColumn; - -void yyerror(Expr** root, int* error_count, const char* s); -int yyparse(Expr** root, int* error_count); - -struct yy_buffer_state; -void yy_switch_to_buffer(struct yy_buffer_state* new_buffer); -struct yy_buffer_state* yy_scan_string(const char* yystr); - -%} - -%locations - -%union { - char* str; - Expr* expr; - struct { - int argc; - Expr** argv; - } args; -} - -%token AND OR SUBSTR SUPERSTR EQ NE IF THEN ELSE ENDIF -%token STRING BAD -%type expr -%type arglist - -%parse-param {Expr** root} -%parse-param {int* error_count} -%error-verbose - -/* declarations in increasing order of precedence */ -%left ';' -%left ',' -%left OR -%left AND -%left EQ NE -%left '+' -%right '!' - -%% - -input: expr { *root = $1; } -; - -expr: STRING { - $$ = reinterpret_cast(malloc(sizeof(Expr))); - $$->fn = Literal; - $$->name = $1; - $$->argc = 0; - $$->argv = NULL; - $$->start = @$.start; - $$->end = @$.end; -} -| '(' expr ')' { $$ = $2; $$->start=@$.start; $$->end=@$.end; } -| expr ';' { $$ = $1; $$->start=@1.start; $$->end=@1.end; } -| expr ';' expr { $$ = Build(SequenceFn, @$, 2, $1, $3); } -| error ';' expr { $$ = $3; $$->start=@$.start; $$->end=@$.end; } -| expr '+' expr { $$ = Build(ConcatFn, @$, 2, $1, $3); } -| expr EQ expr { $$ = Build(EqualityFn, @$, 2, $1, $3); } -| expr NE expr { $$ = Build(InequalityFn, @$, 2, $1, $3); } -| expr AND expr { $$ = Build(LogicalAndFn, @$, 2, $1, $3); } -| expr OR expr { $$ = Build(LogicalOrFn, @$, 2, $1, $3); } -| '!' expr { $$ = Build(LogicalNotFn, @$, 1, $2); } -| IF expr THEN expr ENDIF { $$ = Build(IfElseFn, @$, 2, $2, $4); } -| IF expr THEN expr ELSE expr ENDIF { $$ = Build(IfElseFn, @$, 3, $2, $4, $6); } -| STRING '(' arglist ')' { - $$ = reinterpret_cast(malloc(sizeof(Expr))); - $$->fn = FindFunction($1); - if ($$->fn == NULL) { - char buffer[256]; - snprintf(buffer, sizeof(buffer), "unknown function \"%s\"", $1); - yyerror(root, error_count, buffer); - YYERROR; - } - $$->name = $1; - $$->argc = $3.argc; - $$->argv = $3.argv; - $$->start = @$.start; - $$->end = @$.end; -} -; - -arglist: /* empty */ { - $$.argc = 0; - $$.argv = NULL; -} -| expr { - $$.argc = 1; - $$.argv = reinterpret_cast(malloc(sizeof(Expr*))); - $$.argv[0] = $1; -} -| arglist ',' expr { - $$.argc = $1.argc + 1; - $$.argv = reinterpret_cast(realloc($$.argv, $$.argc * sizeof(Expr*))); - $$.argv[$$.argc-1] = $3; -} -; - -%% - -void yyerror(Expr** root, int* error_count, const char* s) { - if (strlen(s) == 0) { - s = "syntax error"; - } - printf("line %d col %d: %s\n", gLine, gColumn, s); - ++*error_count; -} - -int parse_string(const char* str, Expr** root, int* error_count) { - yy_switch_to_buffer(yy_scan_string(str)); - return yyparse(root, error_count); -} diff --git a/edify/parser.yy b/edify/parser.yy new file mode 100644 index 000000000..098a6370a --- /dev/null +++ b/edify/parser.yy @@ -0,0 +1,139 @@ +%{ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include "expr.h" +#include "yydefs.h" +#include "parser.h" + +extern int gLine; +extern int gColumn; + +void yyerror(Expr** root, int* error_count, const char* s); +int yyparse(Expr** root, int* error_count); + +struct yy_buffer_state; +void yy_switch_to_buffer(struct yy_buffer_state* new_buffer); +struct yy_buffer_state* yy_scan_string(const char* yystr); + +%} + +%locations + +%union { + char* str; + Expr* expr; + struct { + int argc; + Expr** argv; + } args; +} + +%token AND OR SUBSTR SUPERSTR EQ NE IF THEN ELSE ENDIF +%token STRING BAD +%type expr +%type arglist + +%parse-param {Expr** root} +%parse-param {int* error_count} +%error-verbose + +/* declarations in increasing order of precedence */ +%left ';' +%left ',' +%left OR +%left AND +%left EQ NE +%left '+' +%right '!' + +%% + +input: expr { *root = $1; } +; + +expr: STRING { + $$ = reinterpret_cast(malloc(sizeof(Expr))); + $$->fn = Literal; + $$->name = $1; + $$->argc = 0; + $$->argv = NULL; + $$->start = @$.start; + $$->end = @$.end; +} +| '(' expr ')' { $$ = $2; $$->start=@$.start; $$->end=@$.end; } +| expr ';' { $$ = $1; $$->start=@1.start; $$->end=@1.end; } +| expr ';' expr { $$ = Build(SequenceFn, @$, 2, $1, $3); } +| error ';' expr { $$ = $3; $$->start=@$.start; $$->end=@$.end; } +| expr '+' expr { $$ = Build(ConcatFn, @$, 2, $1, $3); } +| expr EQ expr { $$ = Build(EqualityFn, @$, 2, $1, $3); } +| expr NE expr { $$ = Build(InequalityFn, @$, 2, $1, $3); } +| expr AND expr { $$ = Build(LogicalAndFn, @$, 2, $1, $3); } +| expr OR expr { $$ = Build(LogicalOrFn, @$, 2, $1, $3); } +| '!' expr { $$ = Build(LogicalNotFn, @$, 1, $2); } +| IF expr THEN expr ENDIF { $$ = Build(IfElseFn, @$, 2, $2, $4); } +| IF expr THEN expr ELSE expr ENDIF { $$ = Build(IfElseFn, @$, 3, $2, $4, $6); } +| STRING '(' arglist ')' { + $$ = reinterpret_cast(malloc(sizeof(Expr))); + $$->fn = FindFunction($1); + if ($$->fn == NULL) { + char buffer[256]; + snprintf(buffer, sizeof(buffer), "unknown function \"%s\"", $1); + yyerror(root, error_count, buffer); + YYERROR; + } + $$->name = $1; + $$->argc = $3.argc; + $$->argv = $3.argv; + $$->start = @$.start; + $$->end = @$.end; +} +; + +arglist: /* empty */ { + $$.argc = 0; + $$.argv = NULL; +} +| expr { + $$.argc = 1; + $$.argv = reinterpret_cast(malloc(sizeof(Expr*))); + $$.argv[0] = $1; +} +| arglist ',' expr { + $$.argc = $1.argc + 1; + $$.argv = reinterpret_cast(realloc($$.argv, $$.argc * sizeof(Expr*))); + $$.argv[$$.argc-1] = $3; +} +; + +%% + +void yyerror(Expr** root, int* error_count, const char* s) { + if (strlen(s) == 0) { + s = "syntax error"; + } + printf("line %d col %d: %s\n", gLine, gColumn, s); + ++*error_count; +} + +int parse_string(const char* str, Expr** root, int* error_count) { + yy_switch_to_buffer(yy_scan_string(str)); + return yyparse(root, error_count); +} -- cgit v1.2.3 From c5631fc09666a9542d2882299d40500d18d1f68c Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 12 Jan 2016 16:54:44 -0500 Subject: uncrypt: avoid use-after-free The `std::string package` variable goes out of scope but the input_path variable is then used to access the memory as it's set to `c_str()`. This was detected via OpenBSD malloc's junk filling feature. Change-Id: Ic4b939347881b6ebebf71884e7e2272ce99510e2 --- uncrypt/uncrypt.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 20efbe4df..de7e48182 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -418,8 +418,6 @@ int uncrypt(const char* input_path, const char* map_file, int status_fd) { } int main(int argc, char** argv) { - const char* input_path; - const char* map_file; if (argc != 3 && argc != 1 && (argc == 2 && strcmp(argv[1], "--reboot") != 0)) { fprintf(stderr, "usage: %s [--reboot] [ ]\n", argv[0]); @@ -443,13 +441,16 @@ int main(int argc, char** argv) { } unique_fd status_fd_holder(status_fd); + std::string package; + const char* input_path; + const char* map_file; + if (argc == 3) { // when command-line args are given this binary is being used // for debugging. input_path = argv[1]; map_file = argv[2]; } else { - std::string package; if (!find_uncrypt_package(package)) { android::base::WriteStringToFd("-1\n", status_fd); return 1; -- cgit v1.2.3 From c577660702c5649fdcb38b1828c1d6a2bd02772c Mon Sep 17 00:00:00 2001 From: Ying Wang Date: Mon, 11 Jan 2016 18:14:17 -0800 Subject: Rename .l/.y to .ll/.yy Now to generate .cpp you need to use .ll/.yy. Bug: 26492989 Change-Id: Ib078e03b3b0758f7a62595c343e52ae856bcb33f --- edify/Android.mk | 4 +- edify/lexer.l | 112 -------------------------------------------- edify/lexer.ll | 112 ++++++++++++++++++++++++++++++++++++++++++++ edify/parser.y | 139 ------------------------------------------------------- edify/parser.yy | 139 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 253 insertions(+), 253 deletions(-) delete mode 100644 edify/lexer.l create mode 100644 edify/lexer.ll delete mode 100644 edify/parser.y create mode 100644 edify/parser.yy diff --git a/edify/Android.mk b/edify/Android.mk index 9b859d42e..038dec088 100644 --- a/edify/Android.mk +++ b/edify/Android.mk @@ -3,8 +3,8 @@ LOCAL_PATH := $(call my-dir) edify_src_files := \ - lexer.l \ - parser.y \ + lexer.ll \ + parser.yy \ expr.cpp # diff --git a/edify/lexer.l b/edify/lexer.l deleted file mode 100644 index fb2933bee..000000000 --- a/edify/lexer.l +++ /dev/null @@ -1,112 +0,0 @@ -%{ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include "expr.h" -#include "yydefs.h" -#include "parser.h" - -int gLine = 1; -int gColumn = 1; -int gPos = 0; - -// TODO: enforce MAX_STRING_LEN during lexing -char string_buffer[MAX_STRING_LEN]; -char* string_pos; - -#define ADVANCE do {yylloc.start=gPos; yylloc.end=gPos+yyleng; \ - gColumn+=yyleng; gPos+=yyleng;} while(0) - -%} - -%x STR - -%option noyywrap - -%% - - -\" { - BEGIN(STR); - string_pos = string_buffer; - yylloc.start = gPos; - ++gColumn; - ++gPos; -} - -{ - \" { - ++gColumn; - ++gPos; - BEGIN(INITIAL); - *string_pos = '\0'; - yylval.str = strdup(string_buffer); - yylloc.end = gPos; - return STRING; - } - - \\n { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\n'; } - \\t { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\t'; } - \\\" { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\"'; } - \\\\ { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\\'; } - - \\x[0-9a-fA-F]{2} { - gColumn += yyleng; - gPos += yyleng; - int val; - sscanf(yytext+2, "%x", &val); - *string_pos++ = val; - } - - \n { - ++gLine; - ++gPos; - gColumn = 1; - *string_pos++ = yytext[0]; - } - - . { - ++gColumn; - ++gPos; - *string_pos++ = yytext[0]; - } -} - -if ADVANCE; return IF; -then ADVANCE; return THEN; -else ADVANCE; return ELSE; -endif ADVANCE; return ENDIF; - -[a-zA-Z0-9_:/.]+ { - ADVANCE; - yylval.str = strdup(yytext); - return STRING; -} - -\&\& ADVANCE; return AND; -\|\| ADVANCE; return OR; -== ADVANCE; return EQ; -!= ADVANCE; return NE; - -[+(),!;] ADVANCE; return yytext[0]; - -[ \t]+ ADVANCE; - -(#.*)?\n gPos += yyleng; ++gLine; gColumn = 1; - -. return BAD; diff --git a/edify/lexer.ll b/edify/lexer.ll new file mode 100644 index 000000000..fb2933bee --- /dev/null +++ b/edify/lexer.ll @@ -0,0 +1,112 @@ +%{ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "expr.h" +#include "yydefs.h" +#include "parser.h" + +int gLine = 1; +int gColumn = 1; +int gPos = 0; + +// TODO: enforce MAX_STRING_LEN during lexing +char string_buffer[MAX_STRING_LEN]; +char* string_pos; + +#define ADVANCE do {yylloc.start=gPos; yylloc.end=gPos+yyleng; \ + gColumn+=yyleng; gPos+=yyleng;} while(0) + +%} + +%x STR + +%option noyywrap + +%% + + +\" { + BEGIN(STR); + string_pos = string_buffer; + yylloc.start = gPos; + ++gColumn; + ++gPos; +} + +{ + \" { + ++gColumn; + ++gPos; + BEGIN(INITIAL); + *string_pos = '\0'; + yylval.str = strdup(string_buffer); + yylloc.end = gPos; + return STRING; + } + + \\n { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\n'; } + \\t { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\t'; } + \\\" { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\"'; } + \\\\ { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\\'; } + + \\x[0-9a-fA-F]{2} { + gColumn += yyleng; + gPos += yyleng; + int val; + sscanf(yytext+2, "%x", &val); + *string_pos++ = val; + } + + \n { + ++gLine; + ++gPos; + gColumn = 1; + *string_pos++ = yytext[0]; + } + + . { + ++gColumn; + ++gPos; + *string_pos++ = yytext[0]; + } +} + +if ADVANCE; return IF; +then ADVANCE; return THEN; +else ADVANCE; return ELSE; +endif ADVANCE; return ENDIF; + +[a-zA-Z0-9_:/.]+ { + ADVANCE; + yylval.str = strdup(yytext); + return STRING; +} + +\&\& ADVANCE; return AND; +\|\| ADVANCE; return OR; +== ADVANCE; return EQ; +!= ADVANCE; return NE; + +[+(),!;] ADVANCE; return yytext[0]; + +[ \t]+ ADVANCE; + +(#.*)?\n gPos += yyleng; ++gLine; gColumn = 1; + +. return BAD; diff --git a/edify/parser.y b/edify/parser.y deleted file mode 100644 index 098a6370a..000000000 --- a/edify/parser.y +++ /dev/null @@ -1,139 +0,0 @@ -%{ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include - -#include "expr.h" -#include "yydefs.h" -#include "parser.h" - -extern int gLine; -extern int gColumn; - -void yyerror(Expr** root, int* error_count, const char* s); -int yyparse(Expr** root, int* error_count); - -struct yy_buffer_state; -void yy_switch_to_buffer(struct yy_buffer_state* new_buffer); -struct yy_buffer_state* yy_scan_string(const char* yystr); - -%} - -%locations - -%union { - char* str; - Expr* expr; - struct { - int argc; - Expr** argv; - } args; -} - -%token AND OR SUBSTR SUPERSTR EQ NE IF THEN ELSE ENDIF -%token STRING BAD -%type expr -%type arglist - -%parse-param {Expr** root} -%parse-param {int* error_count} -%error-verbose - -/* declarations in increasing order of precedence */ -%left ';' -%left ',' -%left OR -%left AND -%left EQ NE -%left '+' -%right '!' - -%% - -input: expr { *root = $1; } -; - -expr: STRING { - $$ = reinterpret_cast(malloc(sizeof(Expr))); - $$->fn = Literal; - $$->name = $1; - $$->argc = 0; - $$->argv = NULL; - $$->start = @$.start; - $$->end = @$.end; -} -| '(' expr ')' { $$ = $2; $$->start=@$.start; $$->end=@$.end; } -| expr ';' { $$ = $1; $$->start=@1.start; $$->end=@1.end; } -| expr ';' expr { $$ = Build(SequenceFn, @$, 2, $1, $3); } -| error ';' expr { $$ = $3; $$->start=@$.start; $$->end=@$.end; } -| expr '+' expr { $$ = Build(ConcatFn, @$, 2, $1, $3); } -| expr EQ expr { $$ = Build(EqualityFn, @$, 2, $1, $3); } -| expr NE expr { $$ = Build(InequalityFn, @$, 2, $1, $3); } -| expr AND expr { $$ = Build(LogicalAndFn, @$, 2, $1, $3); } -| expr OR expr { $$ = Build(LogicalOrFn, @$, 2, $1, $3); } -| '!' expr { $$ = Build(LogicalNotFn, @$, 1, $2); } -| IF expr THEN expr ENDIF { $$ = Build(IfElseFn, @$, 2, $2, $4); } -| IF expr THEN expr ELSE expr ENDIF { $$ = Build(IfElseFn, @$, 3, $2, $4, $6); } -| STRING '(' arglist ')' { - $$ = reinterpret_cast(malloc(sizeof(Expr))); - $$->fn = FindFunction($1); - if ($$->fn == NULL) { - char buffer[256]; - snprintf(buffer, sizeof(buffer), "unknown function \"%s\"", $1); - yyerror(root, error_count, buffer); - YYERROR; - } - $$->name = $1; - $$->argc = $3.argc; - $$->argv = $3.argv; - $$->start = @$.start; - $$->end = @$.end; -} -; - -arglist: /* empty */ { - $$.argc = 0; - $$.argv = NULL; -} -| expr { - $$.argc = 1; - $$.argv = reinterpret_cast(malloc(sizeof(Expr*))); - $$.argv[0] = $1; -} -| arglist ',' expr { - $$.argc = $1.argc + 1; - $$.argv = reinterpret_cast(realloc($$.argv, $$.argc * sizeof(Expr*))); - $$.argv[$$.argc-1] = $3; -} -; - -%% - -void yyerror(Expr** root, int* error_count, const char* s) { - if (strlen(s) == 0) { - s = "syntax error"; - } - printf("line %d col %d: %s\n", gLine, gColumn, s); - ++*error_count; -} - -int parse_string(const char* str, Expr** root, int* error_count) { - yy_switch_to_buffer(yy_scan_string(str)); - return yyparse(root, error_count); -} diff --git a/edify/parser.yy b/edify/parser.yy new file mode 100644 index 000000000..098a6370a --- /dev/null +++ b/edify/parser.yy @@ -0,0 +1,139 @@ +%{ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include "expr.h" +#include "yydefs.h" +#include "parser.h" + +extern int gLine; +extern int gColumn; + +void yyerror(Expr** root, int* error_count, const char* s); +int yyparse(Expr** root, int* error_count); + +struct yy_buffer_state; +void yy_switch_to_buffer(struct yy_buffer_state* new_buffer); +struct yy_buffer_state* yy_scan_string(const char* yystr); + +%} + +%locations + +%union { + char* str; + Expr* expr; + struct { + int argc; + Expr** argv; + } args; +} + +%token AND OR SUBSTR SUPERSTR EQ NE IF THEN ELSE ENDIF +%token STRING BAD +%type expr +%type arglist + +%parse-param {Expr** root} +%parse-param {int* error_count} +%error-verbose + +/* declarations in increasing order of precedence */ +%left ';' +%left ',' +%left OR +%left AND +%left EQ NE +%left '+' +%right '!' + +%% + +input: expr { *root = $1; } +; + +expr: STRING { + $$ = reinterpret_cast(malloc(sizeof(Expr))); + $$->fn = Literal; + $$->name = $1; + $$->argc = 0; + $$->argv = NULL; + $$->start = @$.start; + $$->end = @$.end; +} +| '(' expr ')' { $$ = $2; $$->start=@$.start; $$->end=@$.end; } +| expr ';' { $$ = $1; $$->start=@1.start; $$->end=@1.end; } +| expr ';' expr { $$ = Build(SequenceFn, @$, 2, $1, $3); } +| error ';' expr { $$ = $3; $$->start=@$.start; $$->end=@$.end; } +| expr '+' expr { $$ = Build(ConcatFn, @$, 2, $1, $3); } +| expr EQ expr { $$ = Build(EqualityFn, @$, 2, $1, $3); } +| expr NE expr { $$ = Build(InequalityFn, @$, 2, $1, $3); } +| expr AND expr { $$ = Build(LogicalAndFn, @$, 2, $1, $3); } +| expr OR expr { $$ = Build(LogicalOrFn, @$, 2, $1, $3); } +| '!' expr { $$ = Build(LogicalNotFn, @$, 1, $2); } +| IF expr THEN expr ENDIF { $$ = Build(IfElseFn, @$, 2, $2, $4); } +| IF expr THEN expr ELSE expr ENDIF { $$ = Build(IfElseFn, @$, 3, $2, $4, $6); } +| STRING '(' arglist ')' { + $$ = reinterpret_cast(malloc(sizeof(Expr))); + $$->fn = FindFunction($1); + if ($$->fn == NULL) { + char buffer[256]; + snprintf(buffer, sizeof(buffer), "unknown function \"%s\"", $1); + yyerror(root, error_count, buffer); + YYERROR; + } + $$->name = $1; + $$->argc = $3.argc; + $$->argv = $3.argv; + $$->start = @$.start; + $$->end = @$.end; +} +; + +arglist: /* empty */ { + $$.argc = 0; + $$.argv = NULL; +} +| expr { + $$.argc = 1; + $$.argv = reinterpret_cast(malloc(sizeof(Expr*))); + $$.argv[0] = $1; +} +| arglist ',' expr { + $$.argc = $1.argc + 1; + $$.argv = reinterpret_cast(realloc($$.argv, $$.argc * sizeof(Expr*))); + $$.argv[$$.argc-1] = $3; +} +; + +%% + +void yyerror(Expr** root, int* error_count, const char* s) { + if (strlen(s) == 0) { + s = "syntax error"; + } + printf("line %d col %d: %s\n", gLine, gColumn, s); + ++*error_count; +} + +int parse_string(const char* str, Expr** root, int* error_count) { + yy_switch_to_buffer(yy_scan_string(str)); + return yyparse(root, error_count); +} -- cgit v1.2.3 From cdcf28f54f085520a96f4f9e480b8df324c5decb Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 13 Jan 2016 15:05:20 -0800 Subject: recovery: Fork a process for fuse when sideloading from SD card. For applying update from SD card, we used to use a thread to serve the file with fuse. Since accessing through fuse involves going from kernel to userspace to kernel, it may run into deadlock (e.g. for mmap_sem) when a page fault occurs. Switch to using a process instead. Bug: 23783099 Bug: 26313124 Change-Id: Iac0f55b1bdb078cadb520cfe1133e70fbb26eadd --- fuse_sdcard_provider.cpp | 74 +++++++----------------------------------------- fuse_sdcard_provider.h | 3 +- recovery.cpp | 61 ++++++++++++++++++++++++++++++++++++--- 3 files changed, 69 insertions(+), 69 deletions(-) diff --git a/fuse_sdcard_provider.cpp b/fuse_sdcard_provider.cpp index eb6454f1d..df9631272 100644 --- a/fuse_sdcard_provider.cpp +++ b/fuse_sdcard_provider.cpp @@ -18,7 +18,6 @@ #include #include #include -#include #include #include #include @@ -60,81 +59,30 @@ static void close_file(void* cookie) { close(fd->fd); } -struct token { - pthread_t th; - const char* path; - int result; -}; - -static void* run_sdcard_fuse(void* cookie) { - token* t = reinterpret_cast(cookie); - +bool start_sdcard_fuse(const char* path) { struct stat sb; - if (stat(t->path, &sb) < 0) { - fprintf(stderr, "failed to stat %s: %s\n", t->path, strerror(errno)); - t->result = -1; - return NULL; + if (stat(path, &sb) == -1) { + fprintf(stderr, "failed to stat %s: %s\n", path, strerror(errno)); + return false; } - struct file_data fd; - struct provider_vtab vtab; - - fd.fd = open(t->path, O_RDONLY); - if (fd.fd < 0) { - fprintf(stderr, "failed to open %s: %s\n", t->path, strerror(errno)); - t->result = -1; - return NULL; + file_data fd; + fd.fd = open(path, O_RDONLY); + if (fd.fd == -1) { + fprintf(stderr, "failed to open %s: %s\n", path, strerror(errno)); + return false; } fd.file_size = sb.st_size; fd.block_size = 65536; + provider_vtab vtab; vtab.read_block = read_block_file; vtab.close = close_file; - t->result = run_fuse_sideload(&vtab, &fd, fd.file_size, fd.block_size); - return NULL; -} - -// How long (in seconds) we wait for the fuse-provided package file to -// appear, before timing out. -#define SDCARD_INSTALL_TIMEOUT 10 - -void* start_sdcard_fuse(const char* path) { - token* t = new token; - - t->path = path; - pthread_create(&(t->th), NULL, run_sdcard_fuse, t); - - struct stat st; - int i; - for (i = 0; i < SDCARD_INSTALL_TIMEOUT; ++i) { - if (stat(FUSE_SIDELOAD_HOST_PATHNAME, &st) != 0) { - if (errno == ENOENT && i < SDCARD_INSTALL_TIMEOUT-1) { - sleep(1); - continue; - } else { - return NULL; - } - } - } - // The installation process expects to find the sdcard unmounted. // Unmount it with MNT_DETACH so that our open file continues to // work but new references see it as unmounted. umount2("/sdcard", MNT_DETACH); - return t; -} - -void finish_sdcard_fuse(void* cookie) { - if (cookie == NULL) return; - token* t = reinterpret_cast(cookie); - - // Calling stat() on this magic filename signals the fuse - // filesystem to shut down. - struct stat st; - stat(FUSE_SIDELOAD_HOST_EXIT_PATHNAME, &st); - - pthread_join(t->th, NULL); - delete t; + return run_fuse_sideload(&vtab, &fd, fd.file_size, fd.block_size) == 0; } diff --git a/fuse_sdcard_provider.h b/fuse_sdcard_provider.h index dc2982ca0..bdc60f2ba 100644 --- a/fuse_sdcard_provider.h +++ b/fuse_sdcard_provider.h @@ -17,7 +17,6 @@ #ifndef __FUSE_SDCARD_PROVIDER_H #define __FUSE_SDCARD_PROVIDER_H -void* start_sdcard_fuse(const char* path); -void finish_sdcard_fuse(void* token); +bool start_sdcard_fuse(const char* path); #endif diff --git a/recovery.cpp b/recovery.cpp index dace52f98..17e9eb66f 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -28,6 +28,7 @@ #include #include #include +#include #include #include @@ -833,6 +834,10 @@ static void choose_recovery_file(Device* device) { } } +// How long (in seconds) we wait for the fuse-provided package file to +// appear, before timing out. +#define SDCARD_INSTALL_TIMEOUT 10 + static int apply_from_sdcard(Device* device, bool* wipe_cache) { modified_flash = true; @@ -850,14 +855,62 @@ static int apply_from_sdcard(Device* device, bool* wipe_cache) { ui->Print("\n-- Install %s ...\n", path); set_sdcard_update_bootloader_message(); - void* token = start_sdcard_fuse(path); - int status = install_package(FUSE_SIDELOAD_HOST_PATHNAME, wipe_cache, + // We used to use fuse in a thread as opposed to a process. Since accessing + // through fuse involves going from kernel to userspace to kernel, it leads + // to deadlock when a page fault occurs. (Bug: 26313124) + pid_t child; + if ((child = fork()) == 0) { + bool status = start_sdcard_fuse(path); + + _exit(status ? EXIT_SUCCESS : EXIT_FAILURE); + } + + // FUSE_SIDELOAD_HOST_PATHNAME will start to exist once the fuse in child + // process is ready. + int result = INSTALL_ERROR; + int status; + bool waited = false; + for (int i = 0; i < SDCARD_INSTALL_TIMEOUT; ++i) { + if (waitpid(child, &status, WNOHANG) == -1) { + result = INSTALL_ERROR; + waited = true; + break; + } + + struct stat sb; + if (stat(FUSE_SIDELOAD_HOST_PATHNAME, &sb) == -1) { + if (errno == ENOENT && i < SDCARD_INSTALL_TIMEOUT-1) { + sleep(1); + continue; + } else { + LOGE("Timed out waiting for the fuse-provided package.\n"); + result = INSTALL_ERROR; + kill(child, SIGKILL); + break; + } + } + + result = install_package(FUSE_SIDELOAD_HOST_PATHNAME, wipe_cache, TEMPORARY_INSTALL_FILE, false); + break; + } + + if (!waited) { + // Calling stat() on this magic filename signals the fuse + // filesystem to shut down. + struct stat sb; + stat(FUSE_SIDELOAD_HOST_EXIT_PATHNAME, &sb); + + waitpid(child, &status, 0); + } + + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { + LOGE("Error exit from the fuse process: %d\n", WEXITSTATUS(status)); + } - finish_sdcard_fuse(token); ensure_path_unmounted(SDCARD_ROOT); - return status; + return result; } // Return REBOOT, SHUTDOWN, or REBOOT_BOOTLOADER. Returning NO_ACTION -- cgit v1.2.3 From bd82b27341336f0b375c3bc2a7bf48b2ccc20c1f Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 21 Jan 2016 13:49:03 -0800 Subject: Change BCB to perform synchronous writes. Also some trivial clean-ups in bootloader control block (BCB) code. Change-Id: I42828954caa4d08998310de40fd0391f76d99cbe --- bootloader.cpp | 133 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 74 insertions(+), 59 deletions(-) diff --git a/bootloader.cpp b/bootloader.cpp index 600d238f5..d80c5e793 100644 --- a/bootloader.cpp +++ b/bootloader.cpp @@ -14,28 +14,33 @@ * limitations under the License. */ -#include -#include "bootloader.h" -#include "common.h" -#include "mtdutils/mtdutils.h" -#include "roots.h" - #include +#include +#include #include #include #include +#include #include -static int get_bootloader_message_mtd(struct bootloader_message *out, const Volume* v); -static int set_bootloader_message_mtd(const struct bootloader_message *in, const Volume* v); -static int get_bootloader_message_block(struct bootloader_message *out, const Volume* v); -static int set_bootloader_message_block(const struct bootloader_message *in, const Volume* v); +#include + +#include "bootloader.h" +#include "common.h" +#include "mtdutils/mtdutils.h" +#include "roots.h" +#include "unique_fd.h" + +static int get_bootloader_message_mtd(bootloader_message* out, const Volume* v); +static int set_bootloader_message_mtd(const bootloader_message* in, const Volume* v); +static int get_bootloader_message_block(bootloader_message* out, const Volume* v); +static int set_bootloader_message_block(const bootloader_message* in, const Volume* v); -int get_bootloader_message(struct bootloader_message *out) { +int get_bootloader_message(bootloader_message* out) { Volume* v = volume_for_path("/misc"); - if (v == NULL) { - LOGE("Cannot load volume /misc!\n"); - return -1; + if (v == nullptr) { + LOGE("Cannot load volume /misc!\n"); + return -1; } if (strcmp(v->fs_type, "mtd") == 0) { return get_bootloader_message_mtd(out, v); @@ -46,11 +51,11 @@ int get_bootloader_message(struct bootloader_message *out) { return -1; } -int set_bootloader_message(const struct bootloader_message *in) { +int set_bootloader_message(const bootloader_message* in) { Volume* v = volume_for_path("/misc"); - if (v == NULL) { - LOGE("Cannot load volume /misc!\n"); - return -1; + if (v == nullptr) { + LOGE("Cannot load volume /misc!\n"); + return -1; } if (strcmp(v->fs_type, "mtd") == 0) { return set_bootloader_message_mtd(in, v); @@ -68,69 +73,69 @@ int set_bootloader_message(const struct bootloader_message *in) { static const int MISC_PAGES = 3; // number of pages to save static const int MISC_COMMAND_PAGE = 1; // bootloader command is this page -static int get_bootloader_message_mtd(struct bootloader_message *out, +static int get_bootloader_message_mtd(bootloader_message* out, const Volume* v) { size_t write_size; mtd_scan_partitions(); - const MtdPartition *part = mtd_find_partition_by_name(v->blk_device); - if (part == NULL || mtd_partition_info(part, NULL, NULL, &write_size)) { - LOGE("Can't find %s\n", v->blk_device); + const MtdPartition* part = mtd_find_partition_by_name(v->blk_device); + if (part == nullptr || mtd_partition_info(part, nullptr, nullptr, &write_size)) { + LOGE("failed to find \"%s\"\n", v->blk_device); return -1; } - MtdReadContext *read = mtd_read_partition(part); - if (read == NULL) { - LOGE("Can't open %s\n(%s)\n", v->blk_device, strerror(errno)); + MtdReadContext* read = mtd_read_partition(part); + if (read == nullptr) { + LOGE("failed to open \"%s\": %s\n", v->blk_device, strerror(errno)); return -1; } const ssize_t size = write_size * MISC_PAGES; char data[size]; ssize_t r = mtd_read_data(read, data, size); - if (r != size) LOGE("Can't read %s\n(%s)\n", v->blk_device, strerror(errno)); + if (r != size) LOGE("failed to read \"%s\": %s\n", v->blk_device, strerror(errno)); mtd_read_close(read); if (r != size) return -1; memcpy(out, &data[write_size * MISC_COMMAND_PAGE], sizeof(*out)); return 0; } -static int set_bootloader_message_mtd(const struct bootloader_message *in, +static int set_bootloader_message_mtd(const bootloader_message* in, const Volume* v) { size_t write_size; mtd_scan_partitions(); - const MtdPartition *part = mtd_find_partition_by_name(v->blk_device); - if (part == NULL || mtd_partition_info(part, NULL, NULL, &write_size)) { - LOGE("Can't find %s\n", v->blk_device); + const MtdPartition* part = mtd_find_partition_by_name(v->blk_device); + if (part == nullptr || mtd_partition_info(part, nullptr, nullptr, &write_size)) { + LOGE("failed to find \"%s\"\n", v->blk_device); return -1; } - MtdReadContext *read = mtd_read_partition(part); - if (read == NULL) { - LOGE("Can't open %s\n(%s)\n", v->blk_device, strerror(errno)); + MtdReadContext* read = mtd_read_partition(part); + if (read == nullptr) { + LOGE("failed to open \"%s\": %s\n", v->blk_device, strerror(errno)); return -1; } ssize_t size = write_size * MISC_PAGES; char data[size]; ssize_t r = mtd_read_data(read, data, size); - if (r != size) LOGE("Can't read %s\n(%s)\n", v->blk_device, strerror(errno)); + if (r != size) LOGE("failed to read \"%s\": %s\n", v->blk_device, strerror(errno)); mtd_read_close(read); if (r != size) return -1; memcpy(&data[write_size * MISC_COMMAND_PAGE], in, sizeof(*in)); - MtdWriteContext *write = mtd_write_partition(part); - if (write == NULL) { - LOGE("Can't open %s\n(%s)\n", v->blk_device, strerror(errno)); + MtdWriteContext* write = mtd_write_partition(part); + if (write == nullptr) { + LOGE("failed to open \"%s\": %s\n", v->blk_device, strerror(errno)); return -1; } if (mtd_write_data(write, data, size) != size) { - LOGE("Can't write %s\n(%s)\n", v->blk_device, strerror(errno)); + LOGE("failed to write \"%s\": %s\n", v->blk_device, strerror(errno)); mtd_write_close(write); return -1; } if (mtd_write_close(write)) { - LOGE("Can't finish %s\n(%s)\n", v->blk_device, strerror(errno)); + LOGE("failed to finish \"%s\": %s\n", v->blk_device, strerror(errno)); return -1; } @@ -146,57 +151,67 @@ static int set_bootloader_message_mtd(const struct bootloader_message *in, static void wait_for_device(const char* fn) { int tries = 0; int ret; - struct stat buf; do { ++tries; + struct stat buf; ret = stat(fn, &buf); - if (ret) { - printf("stat %s try %d: %s\n", fn, tries, strerror(errno)); + if (ret == -1) { + printf("failed to stat \"%s\" try %d: %s\n", fn, tries, strerror(errno)); sleep(1); } } while (ret && tries < 10); + if (ret) { - printf("failed to stat %s\n", fn); + printf("failed to stat \"%s\"\n", fn); } } -static int get_bootloader_message_block(struct bootloader_message *out, +static int get_bootloader_message_block(bootloader_message* out, const Volume* v) { wait_for_device(v->blk_device); FILE* f = fopen(v->blk_device, "rb"); - if (f == NULL) { - LOGE("Can't open %s\n(%s)\n", v->blk_device, strerror(errno)); + if (f == nullptr) { + LOGE("failed to open \"%s\": %s\n", v->blk_device, strerror(errno)); return -1; } - struct bootloader_message temp; + bootloader_message temp; int count = fread(&temp, sizeof(temp), 1, f); if (count != 1) { - LOGE("Failed reading %s\n(%s)\n", v->blk_device, strerror(errno)); + LOGE("failed to read \"%s\": %s\n", v->blk_device, strerror(errno)); return -1; } if (fclose(f) != 0) { - LOGE("Failed closing %s\n(%s)\n", v->blk_device, strerror(errno)); + LOGE("failed to close \"%s\": %s\n", v->blk_device, strerror(errno)); return -1; } memcpy(out, &temp, sizeof(temp)); return 0; } -static int set_bootloader_message_block(const struct bootloader_message *in, +static int set_bootloader_message_block(const bootloader_message* in, const Volume* v) { wait_for_device(v->blk_device); - FILE* f = fopen(v->blk_device, "wb"); - if (f == NULL) { - LOGE("Can't open %s\n(%s)\n", v->blk_device, strerror(errno)); + unique_fd fd(open(v->blk_device, O_WRONLY | O_SYNC)); + if (fd.get() == -1) { + LOGE("failed to open \"%s\": %s\n", v->blk_device, strerror(errno)); return -1; } - int count = fwrite(in, sizeof(*in), 1, f); - if (count != 1) { - LOGE("Failed writing %s\n(%s)\n", v->blk_device, strerror(errno)); - return -1; + + size_t written = 0; + const uint8_t* start = reinterpret_cast(in); + size_t total = sizeof(*in); + while (written < total) { + ssize_t wrote = TEMP_FAILURE_RETRY(write(fd.get(), start + written, total - written)); + if (wrote == -1) { + LOGE("failed to write %" PRId64 " bytes: %s\n", + static_cast(written), strerror(errno)); + return -1; + } + written += wrote; } - if (fclose(f) != 0) { - LOGE("Failed closing %s\n(%s)\n", v->blk_device, strerror(errno)); + + if (fsync(fd.get()) == -1) { + LOGE("failed to fsync \"%s\": %s\n", v->blk_device, strerror(errno)); return -1; } return 0; -- cgit v1.2.3 From 12f499e86db50cbb1b4990c94668a9de37653907 Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Wed, 27 Jan 2016 12:26:18 -0800 Subject: edify: accept long string literal. Bug: 24717917 Change-Id: I134cf00ae7efbc3703f976459a1b9f9a197e495d --- edify/lexer.ll | 24 +++++++++++------------- edify/main.cpp | 5 +++++ 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/edify/lexer.ll b/edify/lexer.ll index fb2933bee..b764d1699 100644 --- a/edify/lexer.ll +++ b/edify/lexer.ll @@ -16,6 +16,7 @@ */ #include +#include #include "expr.h" #include "yydefs.h" @@ -25,9 +26,7 @@ int gLine = 1; int gColumn = 1; int gPos = 0; -// TODO: enforce MAX_STRING_LEN during lexing -char string_buffer[MAX_STRING_LEN]; -char* string_pos; +std::string string_buffer; #define ADVANCE do {yylloc.start=gPos; yylloc.end=gPos+yyleng; \ gColumn+=yyleng; gPos+=yyleng;} while(0) @@ -43,7 +42,7 @@ char* string_pos; \" { BEGIN(STR); - string_pos = string_buffer; + string_buffer.clear(); yylloc.start = gPos; ++gColumn; ++gPos; @@ -54,36 +53,35 @@ char* string_pos; ++gColumn; ++gPos; BEGIN(INITIAL); - *string_pos = '\0'; - yylval.str = strdup(string_buffer); + yylval.str = strdup(string_buffer.c_str()); yylloc.end = gPos; return STRING; } - \\n { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\n'; } - \\t { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\t'; } - \\\" { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\"'; } - \\\\ { gColumn += yyleng; gPos += yyleng; *string_pos++ = '\\'; } + \\n { gColumn += yyleng; gPos += yyleng; string_buffer.push_back('\n'); } + \\t { gColumn += yyleng; gPos += yyleng; string_buffer.push_back('\t'); } + \\\" { gColumn += yyleng; gPos += yyleng; string_buffer.push_back('\"'); } + \\\\ { gColumn += yyleng; gPos += yyleng; string_buffer.push_back('\\'); } \\x[0-9a-fA-F]{2} { gColumn += yyleng; gPos += yyleng; int val; sscanf(yytext+2, "%x", &val); - *string_pos++ = val; + string_buffer.push_back(static_cast(val)); } \n { ++gLine; ++gPos; gColumn = 1; - *string_pos++ = yytext[0]; + string_buffer.push_back(yytext[0]); } . { ++gColumn; ++gPos; - *string_pos++ = yytext[0]; + string_buffer.push_back(yytext[0]); } } diff --git a/edify/main.cpp b/edify/main.cpp index b1baa0b13..6007a3d58 100644 --- a/edify/main.cpp +++ b/edify/main.cpp @@ -18,6 +18,8 @@ #include #include +#include + #include "expr.h" #include "parser.h" @@ -151,6 +153,9 @@ int test() { expect("greater_than_int(x, 3)", "", &errors); expect("greater_than_int(3, x)", "", &errors); + // big string + expect(std::string(8192, 's').c_str(), std::string(8192, 's').c_str(), &errors); + printf("\n"); return errors; -- cgit v1.2.3 From 0cce9cda0c5cddf947ac42d60886293fab5d0afd Mon Sep 17 00:00:00 2001 From: Sen Jiang Date: Fri, 22 Jan 2016 20:49:07 +0800 Subject: applypatch: Compile libimgpatch for target and host. update_engine need it for the new IMGDIFF operation. Also removed __unused in ApplyImagePatch() as I got error building it for the host, and I think it's dangerous not checking the size of the input. Test: mma Bug: 26628339 Change-Id: I22d4cd55c2c3f87697d6afdf10e8106fef7d1a9c --- applypatch/Android.mk | 24 +++++++++++++++++++++++- applypatch/bspatch.cpp | 1 + applypatch/imgpatch.cpp | 20 +++++++++++++++++++- applypatch/include/applypatch/imgpatch.h | 26 ++++++++++++++++++++++++++ 4 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 applypatch/include/applypatch/imgpatch.h diff --git a/applypatch/Android.mk b/applypatch/Android.mk index 93a272997..3cb8bebde 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -20,13 +20,35 @@ LOCAL_CLANG := true LOCAL_SRC_FILES := applypatch.cpp bspatch.cpp freecache.cpp imgpatch.cpp utils.cpp LOCAL_MODULE := libapplypatch LOCAL_MODULE_TAGS := eng -LOCAL_C_INCLUDES += external/bzip2 external/zlib bootable/recovery +LOCAL_C_INCLUDES += bootable/recovery LOCAL_STATIC_LIBRARIES += libbase libmtdutils libmincrypt libbz libz include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) +LOCAL_CLANG := true +LOCAL_SRC_FILES := bspatch.cpp imgpatch.cpp utils.cpp +LOCAL_MODULE := libimgpatch +LOCAL_C_INCLUDES += bootable/recovery +LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include +LOCAL_STATIC_LIBRARIES += libmincrypt libbz libz + +include $(BUILD_STATIC_LIBRARY) + +include $(CLEAR_VARS) + +LOCAL_CLANG := true +LOCAL_SRC_FILES := bspatch.cpp imgpatch.cpp utils.cpp +LOCAL_MODULE := libimgpatch +LOCAL_C_INCLUDES += bootable/recovery +LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include +LOCAL_STATIC_LIBRARIES += libmincrypt libbz libz + +include $(BUILD_HOST_STATIC_LIBRARY) + +include $(CLEAR_VARS) + LOCAL_CLANG := true LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch diff --git a/applypatch/bspatch.cpp b/applypatch/bspatch.cpp index 9d201b477..75975ad6d 100644 --- a/applypatch/bspatch.cpp +++ b/applypatch/bspatch.cpp @@ -22,6 +22,7 @@ #include #include +#include #include #include #include diff --git a/applypatch/imgpatch.cpp b/applypatch/imgpatch.cpp index 26888f8ee..3e72b2cb5 100644 --- a/applypatch/imgpatch.cpp +++ b/applypatch/imgpatch.cpp @@ -31,13 +31,22 @@ #include "imgdiff.h" #include "utils.h" +int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size, + const unsigned char* patch_data, ssize_t patch_size, + SinkFn sink, void* token) { + Value patch = {VAL_BLOB, patch_size, + reinterpret_cast(const_cast(patch_data))}; + return ApplyImagePatch( + old_data, old_size, &patch, sink, token, nullptr, nullptr); +} + /* * Apply the patch given in 'patch_filename' to the source data given * by (old_data, old_size). Write the patched output to the 'output' * file, and update the SHA context with the output data as well. * Return 0 on success. */ -int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size __unused, +int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size, const Value* patch, SinkFn sink, void* token, SHA_CTX* ctx, const Value* bonus_data) { @@ -80,6 +89,10 @@ int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size __unused, size_t src_len = Read8(normal_header+8); size_t patch_offset = Read8(normal_header+16); + if (src_start + src_len > static_cast(old_size)) { + printf("source data too short\n"); + return -1; + } ApplyBSDiffPatch(old_data + src_start, src_len, patch, patch_offset, sink, token, ctx); } else if (type == CHUNK_RAW) { @@ -123,6 +136,11 @@ int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size __unused, int memLevel = Read4(deflate_header+52); int strategy = Read4(deflate_header+56); + if (src_start + src_len > static_cast(old_size)) { + printf("source data too short\n"); + return -1; + } + // Decompress the source data; the chunk header tells us exactly // how big we expect it to be when decompressed. diff --git a/applypatch/include/applypatch/imgpatch.h b/applypatch/include/applypatch/imgpatch.h new file mode 100644 index 000000000..64d9aa9eb --- /dev/null +++ b/applypatch/include/applypatch/imgpatch.h @@ -0,0 +1,26 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _IMGPATCH_H +#define _IMGPATCH_H + +typedef ssize_t (*SinkFn)(const unsigned char*, ssize_t, void*); + +int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size, + const unsigned char* patch_data, ssize_t patch_size, + SinkFn sink, void* token); + +#endif //_IMGPATCH_H -- cgit v1.2.3 From 8b0db11ebaabd0f4d254a8310ba733f26485b618 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 28 Jan 2016 21:56:06 -0800 Subject: Fix build. Disable libimgpatch for non-Linux host. Change-Id: Ib3615204b76564c691ddafaa29e59fef334d9d36 --- applypatch/Android.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/applypatch/Android.mk b/applypatch/Android.mk index 3cb8bebde..036b6f50d 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -36,6 +36,7 @@ LOCAL_STATIC_LIBRARIES += libmincrypt libbz libz include $(BUILD_STATIC_LIBRARY) +ifeq ($(HOST_OS),linux) include $(CLEAR_VARS) LOCAL_CLANG := true @@ -46,6 +47,7 @@ LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include LOCAL_STATIC_LIBRARIES += libmincrypt libbz libz include $(BUILD_HOST_STATIC_LIBRARY) +endif # HOST_OS == linux include $(CLEAR_VARS) -- cgit v1.2.3 From 25dd0386fe69460cd1d39de116197dd2c7bf9ec2 Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Mon, 1 Feb 2016 11:40:37 -0800 Subject: uncrypt: generate map file by renaming tmp file. Writing map file directly can break consistency in map file if it fails in the middle. Instead, we write a temporary file and rename the temporary file to map file. Bug: 26883096 Change-Id: I5e99e942e1b75e758af5f7a48f8a08a0b0041d6a --- uncrypt/uncrypt.cpp | 168 +++++++++++++++++++++++++++++----------------------- 1 file changed, 93 insertions(+), 75 deletions(-) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index de7e48182..098a7a979 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include @@ -52,9 +53,12 @@ #include #include +#include #include +#include #include +#include #include #include #include @@ -78,44 +82,22 @@ static int write_at_offset(unsigned char* buffer, size_t size, int wfd, off64_t ALOGE("error seeking to offset %" PRId64 ": %s\n", offset, strerror(errno)); return -1; } - size_t written = 0; - while (written < size) { - ssize_t wrote = TEMP_FAILURE_RETRY(write(wfd, buffer + written, size - written)); - if (wrote == -1) { - ALOGE("error writing offset %" PRId64 ": %s\n", - offset + static_cast(written), strerror(errno)); - return -1; - } - written += wrote; + if (!android::base::WriteFully(wfd, buffer, size)) { + ALOGE("error writing offset %" PRId64 ": %s\n", offset, strerror(errno)); + return -1; } return 0; } -static void add_block_to_ranges(int** ranges, int* range_alloc, int* range_used, int new_block) { - // If the current block start is < 0, set the start to the new - // block. (This only happens for the very first block of the very - // first range.) - if ((*ranges)[*range_used*2-2] < 0) { - (*ranges)[*range_used*2-2] = new_block; - (*ranges)[*range_used*2-1] = new_block; - } - - if (new_block == (*ranges)[*range_used*2-1]) { +static void add_block_to_ranges(std::vector& ranges, int new_block) { + if (!ranges.empty() && new_block == ranges.back()) { // If the new block comes immediately after the current range, // all we have to do is extend the current range. - ++(*ranges)[*range_used*2-1]; + ++ranges.back(); } else { // We need to start a new range. - - // If there isn't enough room in the array, we need to expand it. - if (*range_used >= *range_alloc) { - *range_alloc *= 2; - *ranges = reinterpret_cast(realloc(*ranges, *range_alloc * 2 * sizeof(int))); - } - - ++*range_used; - (*ranges)[*range_used*2-2] = new_block; - (*ranges)[*range_used*2-1] = new_block+1; + ranges.push_back(new_block); + ranges.push_back(new_block + 1); } } @@ -183,12 +165,17 @@ static bool find_uncrypt_package(std::string& package_name) static int produce_block_map(const char* path, const char* map_file, const char* blk_dev, bool encrypted, int status_fd) { - int mapfd = open(map_file, O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR); - if (mapfd == -1) { - ALOGE("failed to open %s\n", map_file); + std::string err; + if (!android::base::RemoveFileIfExists(map_file, &err)) { + ALOGE("failed to remove the existing map file %s: %s\n", map_file, err.c_str()); + return -1; + } + std::string tmp_map_file = std::string(map_file) + ".tmp"; + unique_fd mapfd(open(tmp_map_file.c_str(), O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR)); + if (!mapfd) { + ALOGE("failed to open %s: %s\n", tmp_map_file.c_str(), strerror(errno)); return -1; } - std::unique_ptr mapf(fdopen(mapfd, "w"), fclose); // Make sure we can write to the status_file. if (!android::base::WriteStringToFd("0\n", status_fd)) { @@ -207,37 +194,32 @@ static int produce_block_map(const char* path, const char* map_file, const char* int blocks = ((sb.st_size-1) / sb.st_blksize) + 1; ALOGI(" file size: %" PRId64 " bytes, %d blocks\n", sb.st_size, blocks); - int range_alloc = 1; - int range_used = 1; - int* ranges = reinterpret_cast(malloc(range_alloc * 2 * sizeof(int))); - ranges[0] = -1; - ranges[1] = -1; + std::vector ranges; - fprintf(mapf.get(), "%s\n%" PRId64 " %ld\n", - blk_dev, sb.st_size, static_cast(sb.st_blksize)); + std::string s = android::base::StringPrintf("%s\n%" PRId64 " %ld\n", + blk_dev, sb.st_size, static_cast(sb.st_blksize)); + if (!android::base::WriteStringToFd(s, mapfd.get())) { + ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno)); + return -1; + } - unsigned char* buffers[WINDOW_SIZE]; + std::vector> buffers; if (encrypted) { - for (size_t i = 0; i < WINDOW_SIZE; ++i) { - buffers[i] = reinterpret_cast(malloc(sb.st_blksize)); - } + buffers.resize(WINDOW_SIZE, std::vector(sb.st_blksize)); } int head_block = 0; int head = 0, tail = 0; - int fd = open(path, O_RDONLY); - unique_fd fd_holder(fd); - if (fd == -1) { - ALOGE("failed to open fd for reading: %s\n", strerror(errno)); + unique_fd fd(open(path, O_RDONLY)); + if (!fd) { + ALOGE("failed to open %s for reading: %s\n", path, strerror(errno)); return -1; } - int wfd = -1; - unique_fd wfd_holder(wfd); + unique_fd wfd(-1); if (encrypted) { wfd = open(blk_dev, O_WRONLY); - wfd_holder = unique_fd(wfd); - if (wfd == -1) { + if (!wfd) { ALOGE("failed to open fd for writing: %s\n", strerror(errno)); return -1; } @@ -256,13 +238,13 @@ static int produce_block_map(const char* path, const char* map_file, const char* if ((tail+1) % WINDOW_SIZE == head) { // write out head buffer int block = head_block; - if (ioctl(fd, FIBMAP, &block) != 0) { + if (ioctl(fd.get(), FIBMAP, &block) != 0) { ALOGE("failed to find block %d\n", head_block); return -1; } - add_block_to_ranges(&ranges, &range_alloc, &range_used, block); + add_block_to_ranges(ranges, block); if (encrypted) { - if (write_at_offset(buffers[head], sb.st_blksize, wfd, + if (write_at_offset(buffers[head].data(), sb.st_blksize, wfd.get(), static_cast(sb.st_blksize) * block) != 0) { return -1; } @@ -273,17 +255,13 @@ static int produce_block_map(const char* path, const char* map_file, const char* // read next block to tail if (encrypted) { - size_t so_far = 0; - while (so_far < static_cast(sb.st_blksize) && pos < sb.st_size) { - ssize_t this_read = - TEMP_FAILURE_RETRY(read(fd, buffers[tail] + so_far, sb.st_blksize - so_far)); - if (this_read == -1) { - ALOGE("failed to read: %s\n", strerror(errno)); - return -1; - } - so_far += this_read; - pos += this_read; + size_t to_read = static_cast( + std::min(static_cast(sb.st_blksize), sb.st_size - pos)); + if (!android::base::ReadFully(fd.get(), buffers[tail].data(), to_read)) { + ALOGE("failed to read: %s\n", strerror(errno)); + return -1; } + pos += to_read; } else { // If we're not encrypting; we don't need to actually read // anything, just skip pos forward as if we'd read a @@ -296,13 +274,13 @@ static int produce_block_map(const char* path, const char* map_file, const char* while (head != tail) { // write out head buffer int block = head_block; - if (ioctl(fd, FIBMAP, &block) != 0) { + if (ioctl(fd.get(), FIBMAP, &block) != 0) { ALOGE("failed to find block %d\n", head_block); return -1; } - add_block_to_ranges(&ranges, &range_alloc, &range_used, block); + add_block_to_ranges(ranges, block); if (encrypted) { - if (write_at_offset(buffers[head], sb.st_blksize, wfd, + if (write_at_offset(buffers[head].data(), sb.st_blksize, wfd.get(), static_cast(sb.st_blksize) * block) != 0) { return -1; } @@ -311,22 +289,62 @@ static int produce_block_map(const char* path, const char* map_file, const char* ++head_block; } - fprintf(mapf.get(), "%d\n", range_used); - for (int i = 0; i < range_used; ++i) { - fprintf(mapf.get(), "%d %d\n", ranges[i*2], ranges[i*2+1]); + if (!android::base::WriteStringToFd( + android::base::StringPrintf("%zu\n", ranges.size() / 2), mapfd.get())) { + ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno)); + return -1; + } + for (size_t i = 0; i < ranges.size(); i += 2) { + if (!android::base::WriteStringToFd( + android::base::StringPrintf("%d %d\n", ranges[i], ranges[i+1]), mapfd.get())) { + ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno)); + return -1; + } } - if (fsync(mapfd) == -1) { - ALOGE("failed to fsync \"%s\": %s\n", map_file, strerror(errno)); + if (fsync(mapfd.get()) == -1) { + ALOGE("failed to fsync \"%s\": %s\n", tmp_map_file.c_str(), strerror(errno)); + return -1; + } + if (close(mapfd.get() == -1)) { + ALOGE("failed to close %s: %s\n", tmp_map_file.c_str(), strerror(errno)); return -1; } + mapfd = -1; + if (encrypted) { - if (fsync(wfd) == -1) { + if (fsync(wfd.get()) == -1) { ALOGE("failed to fsync \"%s\": %s\n", blk_dev, strerror(errno)); return -1; } + if (close(wfd.get()) == -1) { + ALOGE("failed to close %s: %s\n", blk_dev, strerror(errno)); + return -1; + } + wfd = -1; } + if (rename(tmp_map_file.c_str(), map_file) == -1) { + ALOGE("failed to rename %s to %s: %s\n", tmp_map_file.c_str(), map_file, strerror(errno)); + return -1; + } + // Sync dir to make rename() result written to disk. + std::string file_name = map_file; + std::string dir_name = dirname(&file_name[0]); + unique_fd dfd(open(dir_name.c_str(), O_RDONLY | O_DIRECTORY)); + if (!dfd) { + ALOGE("failed to open dir %s: %s\n", dir_name.c_str(), strerror(errno)); + return -1; + } + if (fsync(dfd.get()) == -1) { + ALOGE("failed to fsync %s: %s\n", dir_name.c_str(), strerror(errno)); + return -1; + } + if (close(dfd.get() == -1)) { + ALOGE("failed to close %s: %s\n", dir_name.c_str(), strerror(errno)); + return -1; + } + dfd = -1; return 0; } -- cgit v1.2.3 From 71e3e09ec2ac4f022e8f9213657746d8cad5dd97 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Tue, 2 Feb 2016 14:02:27 -0800 Subject: recovery: Refactor verifier and verifier_test. Move to using std::vector and std::unique_ptr to manage key certificates to stop memory leaks. Bug: 26908001 Change-Id: Ia5f799bc8dcc036a0ffae5eaa8d9f6e09abd031c --- install.cpp | 13 ++- verifier.cpp | 265 +++++++++++++++++++++++++----------------------------- verifier.h | 23 +++-- verifier_test.cpp | 60 +++++-------- 4 files changed, 168 insertions(+), 193 deletions(-) diff --git a/install.cpp b/install.cpp index 7d88ed72a..c0d007709 100644 --- a/install.cpp +++ b/install.cpp @@ -23,6 +23,8 @@ #include #include +#include + #include "common.h" #include "install.h" #include "mincrypt/rsa.h" @@ -221,19 +223,16 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount) return INSTALL_CORRUPT; } - int numKeys; - Certificate* loadedKeys = load_keys(PUBLIC_KEYS_FILE, &numKeys); - if (loadedKeys == NULL) { + std::vector loadedKeys; + if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) { LOGE("Failed to load keys\n"); return INSTALL_CORRUPT; } - LOGI("%d key(s) loaded from %s\n", numKeys, PUBLIC_KEYS_FILE); + LOGI("%zu key(s) loaded from %s\n", loadedKeys.size(), PUBLIC_KEYS_FILE); ui->Print("Verifying update package...\n"); - int err; - err = verify_file(map.addr, map.length, loadedKeys, numKeys); - free(loadedKeys); + int err = verify_file(map.addr, map.length, loadedKeys); LOGI("verify_file returned %d\n", err); if (err != VERIFY_SUCCESS) { LOGE("signature verification failed\n"); diff --git a/verifier.cpp b/verifier.cpp index 61e5adf0b..9a2d60c66 100644 --- a/verifier.cpp +++ b/verifier.cpp @@ -113,7 +113,7 @@ static bool read_pkcs7(uint8_t* pkcs7_der, size_t pkcs7_der_len, uint8_t** sig_d // or no key matches the signature). int verify_file(unsigned char* addr, size_t length, - const Certificate* pKeys, unsigned int numKeys) { + const std::vector& keys) { ui->SetProgress(0.0); // An archive with a whole-file signature will end in six bytes: @@ -176,8 +176,7 @@ int verify_file(unsigned char* addr, size_t length, return VERIFY_FAILURE; } - size_t i; - for (i = 4; i < eocd_size-3; ++i) { + for (size_t i = 4; i < eocd_size-3; ++i) { if (eocd[i ] == 0x50 && eocd[i+1] == 0x4b && eocd[i+2] == 0x05 && eocd[i+3] == 0x06) { // if the sequence $50 $4b $05 $06 appears anywhere after @@ -193,8 +192,8 @@ int verify_file(unsigned char* addr, size_t length, bool need_sha1 = false; bool need_sha256 = false; - for (i = 0; i < numKeys; ++i) { - switch (pKeys[i].hash_len) { + for (const auto& key : keys) { + switch (key.hash_len) { case SHA_DIGEST_SIZE: need_sha1 = true; break; case SHA256_DIGEST_SIZE: need_sha256 = true; break; } @@ -225,7 +224,7 @@ int verify_file(unsigned char* addr, size_t length, const uint8_t* sha1 = SHA_final(&sha1_ctx); const uint8_t* sha256 = SHA256_final(&sha256_ctx); - uint8_t* sig_der = NULL; + uint8_t* sig_der = nullptr; size_t sig_der_length = 0; size_t signature_size = signature_start - FOOTER_SIZE; @@ -240,9 +239,10 @@ int verify_file(unsigned char* addr, size_t length, * any key can match, we need to try each before determining a verification * failure has happened. */ - for (i = 0; i < numKeys; ++i) { + size_t i = 0; + for (const auto& key : keys) { const uint8_t* hash; - switch (pKeys[i].hash_len) { + switch (key.hash_len) { case SHA_DIGEST_SIZE: hash = sha1; break; case SHA256_DIGEST_SIZE: hash = sha256; break; default: continue; @@ -250,15 +250,15 @@ int verify_file(unsigned char* addr, size_t length, // The 6 bytes is the "(signature_start) $ff $ff (comment_size)" that // the signing tool appends after the signature itself. - if (pKeys[i].key_type == Certificate::RSA) { + if (key.key_type == Certificate::RSA) { if (sig_der_length < RSANUMBYTES) { // "signature" block isn't big enough to contain an RSA block. LOGI("signature is too short for RSA key %zu\n", i); continue; } - if (!RSA_verify(pKeys[i].rsa, sig_der, RSANUMBYTES, - hash, pKeys[i].hash_len)) { + if (!RSA_verify(key.rsa.get(), sig_der, RSANUMBYTES, + hash, key.hash_len)) { LOGI("failed to verify against RSA key %zu\n", i); continue; } @@ -266,8 +266,8 @@ int verify_file(unsigned char* addr, size_t length, LOGI("whole-file signature verified against RSA key %zu\n", i); free(sig_der); return VERIFY_SUCCESS; - } else if (pKeys[i].key_type == Certificate::EC - && pKeys[i].hash_len == SHA256_DIGEST_SIZE) { + } else if (key.key_type == Certificate::EC + && key.hash_len == SHA256_DIGEST_SIZE) { p256_int r, s; if (!dsa_sig_unpack(sig_der, sig_der_length, &r, &s)) { LOGI("Not a DSA signature block for EC key %zu\n", i); @@ -276,7 +276,7 @@ int verify_file(unsigned char* addr, size_t length, p256_int p256_hash; p256_from_bin(hash, &p256_hash); - if (!p256_ecdsa_verify(&(pKeys[i].ec->x), &(pKeys[i].ec->y), + if (!p256_ecdsa_verify(&(key.ec->x), &(key.ec->y), &p256_hash, &r, &s)) { LOGI("failed to verify against EC key %zu\n", i); continue; @@ -286,8 +286,9 @@ int verify_file(unsigned char* addr, size_t length, free(sig_der); return VERIFY_SUCCESS; } else { - LOGI("Unknown key type %d\n", pKeys[i].key_type); + LOGI("Unknown key type %d\n", key.key_type); } + i++; } free(sig_der); LOGE("failed to verify whole-file signature\n"); @@ -323,140 +324,122 @@ int verify_file(unsigned char* addr, size_t length, // 4: 2048-bit RSA key with e=65537 and SHA-256 hash // 5: 256-bit EC key using the NIST P-256 curve parameters and SHA-256 hash // -// Returns NULL if the file failed to parse, or if it contain zero keys. -Certificate* -load_keys(const char* filename, int* numKeys) { - Certificate* out = NULL; - *numKeys = 0; - - FILE* f = fopen(filename, "r"); - if (f == NULL) { +// Returns true on success, and appends the found keys (at least one) to certs. +// Otherwise returns false if the file failed to parse, or if it contains zero +// keys. The contents in certs would be unspecified on failure. +bool load_keys(const char* filename, std::vector& certs) { + std::unique_ptr f(fopen(filename, "r"), fclose); + if (!f) { LOGE("opening %s: %s\n", filename, strerror(errno)); - goto exit; + return false; } - { - int i; - bool done = false; - while (!done) { - ++*numKeys; - out = (Certificate*)realloc(out, *numKeys * sizeof(Certificate)); - Certificate* cert = out + (*numKeys - 1); - memset(cert, '\0', sizeof(Certificate)); - - char start_char; - if (fscanf(f, " %c", &start_char) != 1) goto exit; - if (start_char == '{') { - // a version 1 key has no version specifier. - cert->key_type = Certificate::RSA; - cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); - cert->rsa->exponent = 3; - cert->hash_len = SHA_DIGEST_SIZE; - } else if (start_char == 'v') { - int version; - if (fscanf(f, "%d {", &version) != 1) goto exit; - switch (version) { - case 2: - cert->key_type = Certificate::RSA; - cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); - cert->rsa->exponent = 65537; - cert->hash_len = SHA_DIGEST_SIZE; - break; - case 3: - cert->key_type = Certificate::RSA; - cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); - cert->rsa->exponent = 3; - cert->hash_len = SHA256_DIGEST_SIZE; - break; - case 4: - cert->key_type = Certificate::RSA; - cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); - cert->rsa->exponent = 65537; - cert->hash_len = SHA256_DIGEST_SIZE; - break; - case 5: - cert->key_type = Certificate::EC; - cert->ec = (ECPublicKey*)calloc(1, sizeof(ECPublicKey)); - cert->hash_len = SHA256_DIGEST_SIZE; - break; - default: - goto exit; - } + while (true) { + certs.emplace_back(0, Certificate::RSA, nullptr, nullptr); + Certificate& cert = certs.back(); + + char start_char; + if (fscanf(f.get(), " %c", &start_char) != 1) return false; + if (start_char == '{') { + // a version 1 key has no version specifier. + cert.key_type = Certificate::RSA; + cert.rsa = std::unique_ptr(new RSAPublicKey); + cert.rsa->exponent = 3; + cert.hash_len = SHA_DIGEST_SIZE; + } else if (start_char == 'v') { + int version; + if (fscanf(f.get(), "%d {", &version) != 1) return false; + switch (version) { + case 2: + cert.key_type = Certificate::RSA; + cert.rsa = std::unique_ptr(new RSAPublicKey); + cert.rsa->exponent = 65537; + cert.hash_len = SHA_DIGEST_SIZE; + break; + case 3: + cert.key_type = Certificate::RSA; + cert.rsa = std::unique_ptr(new RSAPublicKey); + cert.rsa->exponent = 3; + cert.hash_len = SHA256_DIGEST_SIZE; + break; + case 4: + cert.key_type = Certificate::RSA; + cert.rsa = std::unique_ptr(new RSAPublicKey); + cert.rsa->exponent = 65537; + cert.hash_len = SHA256_DIGEST_SIZE; + break; + case 5: + cert.key_type = Certificate::EC; + cert.ec = std::unique_ptr(new ECPublicKey); + cert.hash_len = SHA256_DIGEST_SIZE; + break; + default: + return false; } + } - if (cert->key_type == Certificate::RSA) { - RSAPublicKey* key = cert->rsa; - if (fscanf(f, " %i , 0x%x , { %u", - &(key->len), &(key->n0inv), &(key->n[0])) != 3) { - goto exit; - } - if (key->len != RSANUMWORDS) { - LOGE("key length (%d) does not match expected size\n", key->len); - goto exit; - } - for (i = 1; i < key->len; ++i) { - if (fscanf(f, " , %u", &(key->n[i])) != 1) goto exit; - } - if (fscanf(f, " } , { %u", &(key->rr[0])) != 1) goto exit; - for (i = 1; i < key->len; ++i) { - if (fscanf(f, " , %u", &(key->rr[i])) != 1) goto exit; - } - fscanf(f, " } } "); - - LOGI("read key e=%d hash=%d\n", key->exponent, cert->hash_len); - } else if (cert->key_type == Certificate::EC) { - ECPublicKey* key = cert->ec; - int key_len; - unsigned int byte; - uint8_t x_bytes[P256_NBYTES]; - uint8_t y_bytes[P256_NBYTES]; - if (fscanf(f, " %i , { %u", &key_len, &byte) != 2) goto exit; - if (key_len != P256_NBYTES) { - LOGE("Key length (%d) does not match expected size %d\n", key_len, P256_NBYTES); - goto exit; - } - x_bytes[P256_NBYTES - 1] = byte; - for (i = P256_NBYTES - 2; i >= 0; --i) { - if (fscanf(f, " , %u", &byte) != 1) goto exit; - x_bytes[i] = byte; - } - if (fscanf(f, " } , { %u", &byte) != 1) goto exit; - y_bytes[P256_NBYTES - 1] = byte; - for (i = P256_NBYTES - 2; i >= 0; --i) { - if (fscanf(f, " , %u", &byte) != 1) goto exit; - y_bytes[i] = byte; - } - fscanf(f, " } } "); - p256_from_bin(x_bytes, &key->x); - p256_from_bin(y_bytes, &key->y); - } else { - LOGE("Unknown key type %d\n", cert->key_type); - goto exit; + if (cert.key_type == Certificate::RSA) { + RSAPublicKey* key = cert.rsa.get(); + if (fscanf(f.get(), " %i , 0x%x , { %u", &(key->len), &(key->n0inv), + &(key->n[0])) != 3) { + return false; } - - // if the line ends in a comma, this file has more keys. - switch (fgetc(f)) { - case ',': - // more keys to come. - break; - - case EOF: - done = true; - break; - - default: - LOGE("unexpected character between keys\n"); - goto exit; + if (key->len != RSANUMWORDS) { + LOGE("key length (%d) does not match expected size\n", key->len); + return false; + } + for (int i = 1; i < key->len; ++i) { + if (fscanf(f.get(), " , %u", &(key->n[i])) != 1) return false; + } + if (fscanf(f.get(), " } , { %u", &(key->rr[0])) != 1) return false; + for (int i = 1; i < key->len; ++i) { + if (fscanf(f.get(), " , %u", &(key->rr[i])) != 1) return false; + } + fscanf(f.get(), " } } "); + + LOGI("read key e=%d hash=%d\n", key->exponent, cert.hash_len); + } else if (cert.key_type == Certificate::EC) { + ECPublicKey* key = cert.ec.get(); + int key_len; + unsigned int byte; + uint8_t x_bytes[P256_NBYTES]; + uint8_t y_bytes[P256_NBYTES]; + if (fscanf(f.get(), " %i , { %u", &key_len, &byte) != 2) return false; + if (key_len != P256_NBYTES) { + LOGE("Key length (%d) does not match expected size %d\n", key_len, P256_NBYTES); + return false; + } + x_bytes[P256_NBYTES - 1] = byte; + for (int i = P256_NBYTES - 2; i >= 0; --i) { + if (fscanf(f.get(), " , %u", &byte) != 1) return false; + x_bytes[i] = byte; + } + if (fscanf(f.get(), " } , { %u", &byte) != 1) return false; + y_bytes[P256_NBYTES - 1] = byte; + for (int i = P256_NBYTES - 2; i >= 0; --i) { + if (fscanf(f.get(), " , %u", &byte) != 1) return false; + y_bytes[i] = byte; } + fscanf(f.get(), " } } "); + p256_from_bin(x_bytes, &key->x); + p256_from_bin(y_bytes, &key->y); + } else { + LOGE("Unknown key type %d\n", cert.key_type); + return false; } - } - fclose(f); - return out; + // if the line ends in a comma, this file has more keys. + int ch = fgetc(f.get()); + if (ch == ',') { + // more keys to come. + continue; + } else if (ch == EOF) { + break; + } else { + LOGE("unexpected character between keys\n"); + return false; + } + } -exit: - if (f) fclose(f); - free(out); - *numKeys = 0; - return NULL; + return true; } diff --git a/verifier.h b/verifier.h index 15f8d98e4..4eafc7565 100644 --- a/verifier.h +++ b/verifier.h @@ -17,6 +17,9 @@ #ifndef _RECOVERY_VERIFIER_H #define _RECOVERY_VERIFIER_H +#include +#include + #include "mincrypt/p256.h" #include "mincrypt/rsa.h" @@ -25,17 +28,25 @@ typedef struct { p256_int y; } ECPublicKey; -typedef struct { +struct Certificate { typedef enum { RSA, EC, } KeyType; + Certificate(int hash_len_, KeyType key_type_, + std::unique_ptr&& rsa_, + std::unique_ptr&& ec_) : + hash_len(hash_len_), + key_type(key_type_), + rsa(std::move(rsa_)), + ec(std::move(ec_)) { } + int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256) KeyType key_type; - RSAPublicKey* rsa; - ECPublicKey* ec; -} Certificate; + std::unique_ptr rsa; + std::unique_ptr ec; +}; /* addr and length define a an update package file that has been * loaded (or mmap'ed, or whatever) into memory. Verify that the file @@ -43,9 +54,9 @@ typedef struct { * one of the constants below. */ int verify_file(unsigned char* addr, size_t length, - const Certificate *pKeys, unsigned int numKeys); + const std::vector& keys); -Certificate* load_keys(const char* filename, int* numKeys); +bool load_keys(const char* filename, std::vector& certs); #define VERIFY_SUCCESS 0 #define VERIFY_FAILURE 1 diff --git a/verifier_test.cpp b/verifier_test.cpp index 21633dc20..2367e0052 100644 --- a/verifier_test.cpp +++ b/verifier_test.cpp @@ -23,6 +23,9 @@ #include #include +#include +#include + #include "common.h" #include "verifier.h" #include "ui.h" @@ -163,56 +166,43 @@ ui_print(const char* format, ...) { va_end(ap); } -static Certificate* add_certificate(Certificate** certsp, int* num_keys, - Certificate::KeyType key_type) { - int i = *num_keys; - *num_keys = *num_keys + 1; - *certsp = (Certificate*) realloc(*certsp, *num_keys * sizeof(Certificate)); - Certificate* certs = *certsp; - certs[i].rsa = NULL; - certs[i].ec = NULL; - certs[i].key_type = key_type; - certs[i].hash_len = SHA_DIGEST_SIZE; - return &certs[i]; -} - -int main(int argc, char **argv) { +int main(int argc, char** argv) { if (argc < 2) { fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file ] \n", argv[0]); return 2; } - Certificate* certs = NULL; - int num_keys = 0; + std::vector certs; int argn = 1; while (argn < argc) { if (strcmp(argv[argn], "-sha256") == 0) { - if (num_keys == 0) { + if (certs.empty()) { fprintf(stderr, "May only specify -sha256 after key type\n"); return 2; } ++argn; - Certificate* cert = &certs[num_keys - 1]; - cert->hash_len = SHA256_DIGEST_SIZE; + certs.back().hash_len = SHA256_DIGEST_SIZE; } else if (strcmp(argv[argn], "-ec") == 0) { ++argn; - Certificate* cert = add_certificate(&certs, &num_keys, Certificate::EC); - cert->ec = &test_ec_key; + certs.emplace_back(SHA_DIGEST_SIZE, Certificate::EC, + nullptr, std::unique_ptr(new ECPublicKey(test_ec_key))); } else if (strcmp(argv[argn], "-e3") == 0) { ++argn; - Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA); - cert->rsa = &test_key; + certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA, + std::unique_ptr(new RSAPublicKey(test_key)), nullptr); } else if (strcmp(argv[argn], "-f4") == 0) { ++argn; - Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA); - cert->rsa = &test_f4_key; + certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA, + std::unique_ptr(new RSAPublicKey(test_f4_key)), nullptr); } else if (strcmp(argv[argn], "-file") == 0) { - if (certs != NULL) { + if (!certs.empty()) { fprintf(stderr, "Cannot specify -file with other certs specified\n"); return 2; } ++argn; - certs = load_keys(argv[argn], &num_keys); + if (!load_keys(argv[argn], certs)) { + fprintf(stderr, "Cannot load keys from %s\n", argv[argn]); + } ++argn; } else if (argv[argn][0] == '-') { fprintf(stderr, "Unknown argument %s\n", argv[argn]); @@ -227,17 +217,9 @@ int main(int argc, char **argv) { return 2; } - if (num_keys == 0) { - certs = (Certificate*) calloc(1, sizeof(Certificate)); - if (certs == NULL) { - fprintf(stderr, "Failure allocating memory for default certificate\n"); - return 1; - } - certs->key_type = Certificate::RSA; - certs->rsa = &test_key; - certs->ec = NULL; - certs->hash_len = SHA_DIGEST_SIZE; - num_keys = 1; + if (certs.empty()) { + certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA, + std::unique_ptr(new RSAPublicKey(test_key)), nullptr); } ui = new FakeUI(); @@ -248,7 +230,7 @@ int main(int argc, char **argv) { return 4; } - int result = verify_file(map.addr, map.length, certs, num_keys); + int result = verify_file(map.addr, map.length, certs); if (result == VERIFY_SUCCESS) { printf("VERIFIED\n"); return 0; -- cgit v1.2.3 From 2d46da57e19612b0a29ee0b8601146cf8fb9ff5e Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Tue, 26 Jan 2016 16:50:15 -0800 Subject: uncrypt: add options to setup bcb and clear bcb. Bug: 26696173 Change-Id: I3a612f045aaa9e93e61ae45b05300d02b19bb3ad --- uncrypt/uncrypt.cpp | 292 +++++++++++++++++++++++++++++++++------------------- uncrypt/uncrypt.rc | 10 ++ 2 files changed, 198 insertions(+), 104 deletions(-) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 098a7a979..705744eb6 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -58,6 +58,7 @@ #include #include +#include #include #include #include @@ -67,23 +68,25 @@ #define LOG_TAG "uncrypt" #include +#include "bootloader.h" #include "unique_fd.h" #define WINDOW_SIZE 5 -static const std::string cache_block_map = "/cache/recovery/block.map"; -static const std::string status_file = "/cache/recovery/uncrypt_status"; -static const std::string uncrypt_file = "/cache/recovery/uncrypt_file"; +static const std::string CACHE_BLOCK_MAP = "/cache/recovery/block.map"; +static const std::string COMMAND_FILE = "/cache/recovery/command"; +static const std::string STATUS_FILE = "/cache/recovery/uncrypt_status"; +static const std::string UNCRYPT_PATH_FILE = "/cache/recovery/uncrypt_file"; static struct fstab* fstab = NULL; static int write_at_offset(unsigned char* buffer, size_t size, int wfd, off64_t offset) { if (TEMP_FAILURE_RETRY(lseek64(wfd, offset, SEEK_SET)) == -1) { - ALOGE("error seeking to offset %" PRId64 ": %s\n", offset, strerror(errno)); + ALOGE("error seeking to offset %" PRId64 ": %s", offset, strerror(errno)); return -1; } if (!android::base::WriteFully(wfd, buffer, size)) { - ALOGE("error writing offset %" PRId64 ": %s\n", offset, strerror(errno)); + ALOGE("error writing offset %" PRId64 ": %s", offset, strerror(errno)); return -1; } return 0; @@ -107,13 +110,13 @@ static struct fstab* read_fstab() { // The fstab path is always "/fstab.${ro.hardware}". char fstab_path[PATH_MAX+1] = "/fstab."; if (!property_get("ro.hardware", fstab_path+strlen(fstab_path), "")) { - ALOGE("failed to get ro.hardware\n"); + ALOGE("failed to get ro.hardware"); return NULL; } fstab = fs_mgr_read_fstab(fstab_path); if (!fstab) { - ALOGE("failed to read %s\n", fstab_path); + ALOGE("failed to read %s", fstab_path); return NULL; } @@ -150,16 +153,16 @@ static const char* find_block_device(const char* path, bool* encryptable, bool* } // Parse uncrypt_file to find the update package name. -static bool find_uncrypt_package(std::string& package_name) -{ - if (!android::base::ReadFileToString(uncrypt_file, &package_name)) { - ALOGE("failed to open \"%s\": %s\n", uncrypt_file.c_str(), strerror(errno)); +static bool find_uncrypt_package(const std::string& uncrypt_path_file, std::string* package_name) { + CHECK(package_name != nullptr); + std::string uncrypt_path; + if (!android::base::ReadFileToString(uncrypt_path_file, &uncrypt_path)) { + ALOGE("failed to open \"%s\": %s", uncrypt_path_file.c_str(), strerror(errno)); return false; } // Remove the trailing '\n' if present. - package_name = android::base::Trim(package_name); - + *package_name = android::base::Trim(uncrypt_path); return true; } @@ -167,7 +170,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* bool encrypted, int status_fd) { std::string err; if (!android::base::RemoveFileIfExists(map_file, &err)) { - ALOGE("failed to remove the existing map file %s: %s\n", map_file, err.c_str()); + ALOGE("failed to remove the existing map file %s: %s", map_file, err.c_str()); return -1; } std::string tmp_map_file = std::string(map_file) + ".tmp"; @@ -179,27 +182,27 @@ static int produce_block_map(const char* path, const char* map_file, const char* // Make sure we can write to the status_file. if (!android::base::WriteStringToFd("0\n", status_fd)) { - ALOGE("failed to update \"%s\"\n", status_file.c_str()); + ALOGE("failed to update \"%s\"\n", STATUS_FILE.c_str()); return -1; } struct stat sb; if (stat(path, &sb) != 0) { - ALOGE("failed to stat %s\n", path); + ALOGE("failed to stat %s", path); return -1; } - ALOGI(" block size: %ld bytes\n", static_cast(sb.st_blksize)); + ALOGI(" block size: %ld bytes", static_cast(sb.st_blksize)); int blocks = ((sb.st_size-1) / sb.st_blksize) + 1; - ALOGI(" file size: %" PRId64 " bytes, %d blocks\n", sb.st_size, blocks); + ALOGI(" file size: %" PRId64 " bytes, %d blocks", sb.st_size, blocks); std::vector ranges; std::string s = android::base::StringPrintf("%s\n%" PRId64 " %ld\n", blk_dev, sb.st_size, static_cast(sb.st_blksize)); if (!android::base::WriteStringToFd(s, mapfd.get())) { - ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno)); + ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno)); return -1; } @@ -212,7 +215,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* unique_fd fd(open(path, O_RDONLY)); if (!fd) { - ALOGE("failed to open %s for reading: %s\n", path, strerror(errno)); + ALOGE("failed to open %s for reading: %s", path, strerror(errno)); return -1; } @@ -220,7 +223,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* if (encrypted) { wfd = open(blk_dev, O_WRONLY); if (!wfd) { - ALOGE("failed to open fd for writing: %s\n", strerror(errno)); + ALOGE("failed to open fd for writing: %s", strerror(errno)); return -1; } } @@ -239,7 +242,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* // write out head buffer int block = head_block; if (ioctl(fd.get(), FIBMAP, &block) != 0) { - ALOGE("failed to find block %d\n", head_block); + ALOGE("failed to find block %d", head_block); return -1; } add_block_to_ranges(ranges, block); @@ -258,7 +261,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* size_t to_read = static_cast( std::min(static_cast(sb.st_blksize), sb.st_size - pos)); if (!android::base::ReadFully(fd.get(), buffers[tail].data(), to_read)) { - ALOGE("failed to read: %s\n", strerror(errno)); + ALOGE("failed to read: %s", strerror(errno)); return -1; } pos += to_read; @@ -275,7 +278,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* // write out head buffer int block = head_block; if (ioctl(fd.get(), FIBMAP, &block) != 0) { - ALOGE("failed to find block %d\n", head_block); + ALOGE("failed to find block %d", head_block); return -1; } add_block_to_ranges(ranges, block); @@ -291,41 +294,41 @@ static int produce_block_map(const char* path, const char* map_file, const char* if (!android::base::WriteStringToFd( android::base::StringPrintf("%zu\n", ranges.size() / 2), mapfd.get())) { - ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno)); + ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno)); return -1; } for (size_t i = 0; i < ranges.size(); i += 2) { if (!android::base::WriteStringToFd( android::base::StringPrintf("%d %d\n", ranges[i], ranges[i+1]), mapfd.get())) { - ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno)); + ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno)); return -1; } } if (fsync(mapfd.get()) == -1) { - ALOGE("failed to fsync \"%s\": %s\n", tmp_map_file.c_str(), strerror(errno)); + ALOGE("failed to fsync \"%s\": %s", tmp_map_file.c_str(), strerror(errno)); return -1; } if (close(mapfd.get() == -1)) { - ALOGE("failed to close %s: %s\n", tmp_map_file.c_str(), strerror(errno)); + ALOGE("failed to close %s: %s", tmp_map_file.c_str(), strerror(errno)); return -1; } mapfd = -1; if (encrypted) { if (fsync(wfd.get()) == -1) { - ALOGE("failed to fsync \"%s\": %s\n", blk_dev, strerror(errno)); + ALOGE("failed to fsync \"%s\": %s", blk_dev, strerror(errno)); return -1; } if (close(wfd.get()) == -1) { - ALOGE("failed to close %s: %s\n", blk_dev, strerror(errno)); + ALOGE("failed to close %s: %s", blk_dev, strerror(errno)); return -1; } wfd = -1; } if (rename(tmp_map_file.c_str(), map_file) == -1) { - ALOGE("failed to rename %s to %s: %s\n", tmp_map_file.c_str(), map_file, strerror(errno)); + ALOGE("failed to rename %s to %s: %s", tmp_map_file.c_str(), map_file, strerror(errno)); return -1; } // Sync dir to make rename() result written to disk. @@ -333,50 +336,74 @@ static int produce_block_map(const char* path, const char* map_file, const char* std::string dir_name = dirname(&file_name[0]); unique_fd dfd(open(dir_name.c_str(), O_RDONLY | O_DIRECTORY)); if (!dfd) { - ALOGE("failed to open dir %s: %s\n", dir_name.c_str(), strerror(errno)); + ALOGE("failed to open dir %s: %s", dir_name.c_str(), strerror(errno)); return -1; } if (fsync(dfd.get()) == -1) { - ALOGE("failed to fsync %s: %s\n", dir_name.c_str(), strerror(errno)); + ALOGE("failed to fsync %s: %s", dir_name.c_str(), strerror(errno)); return -1; } if (close(dfd.get() == -1)) { - ALOGE("failed to close %s: %s\n", dir_name.c_str(), strerror(errno)); + ALOGE("failed to close %s: %s", dir_name.c_str(), strerror(errno)); return -1; } dfd = -1; return 0; } -static void wipe_misc() { - ALOGI("removing old commands from misc"); +static std::string get_misc_blk_device() { + struct fstab* fstab = read_fstab(); + if (fstab == nullptr) { + return ""; + } for (int i = 0; i < fstab->num_entries; ++i) { - struct fstab_rec* v = &fstab->recs[i]; - if (!v->mount_point) continue; - if (strcmp(v->mount_point, "/misc") == 0) { - int fd = open(v->blk_device, O_WRONLY | O_SYNC); - unique_fd fd_holder(fd); - - uint8_t zeroes[1088]; // sizeof(bootloader_message) from recovery - memset(zeroes, 0, sizeof(zeroes)); - - size_t written = 0; - size_t size = sizeof(zeroes); - while (written < size) { - ssize_t w = TEMP_FAILURE_RETRY(write(fd, zeroes, size-written)); - if (w == -1) { - ALOGE("zero write failed: %s\n", strerror(errno)); - return; - } else { - written += w; - } - } - if (fsync(fd) == -1) { - ALOGE("failed to fsync \"%s\": %s\n", v->blk_device, strerror(errno)); - return; - } + fstab_rec* v = &fstab->recs[i]; + if (v->mount_point != nullptr && strcmp(v->mount_point, "/misc") == 0) { + return v->blk_device; } } + return ""; +} + +static int read_bootloader_message(bootloader_message* out) { + std::string misc_blk_device = get_misc_blk_device(); + if (misc_blk_device.empty()) { + ALOGE("failed to find /misc partition."); + return -1; + } + unique_fd fd(open(misc_blk_device.c_str(), O_RDONLY)); + if (!fd) { + ALOGE("failed to open %s: %s", misc_blk_device.c_str(), strerror(errno)); + return -1; + } + if (!android::base::ReadFully(fd.get(), out, sizeof(*out))) { + ALOGE("failed to read %s: %s", misc_blk_device.c_str(), strerror(errno)); + return -1; + } + return 0; +} + +static int write_bootloader_message(const bootloader_message* in) { + std::string misc_blk_device = get_misc_blk_device(); + if (misc_blk_device.empty()) { + ALOGE("failed to find /misc partition."); + return -1; + } + unique_fd fd(open(misc_blk_device.c_str(), O_WRONLY | O_SYNC)); + if (!fd) { + ALOGE("failed to open %s: %s", misc_blk_device.c_str(), strerror(errno)); + return -1; + } + if (!android::base::WriteFully(fd.get(), in, sizeof(*in))) { + ALOGE("failed to write %s: %s", misc_blk_device.c_str(), strerror(errno)); + return -1; + } + // TODO: O_SYNC and fsync() duplicates each other? + if (fsync(fd.get()) == -1) { + ALOGE("failed to fsync %s: %s", misc_blk_device.c_str(), strerror(errno)); + return -1; + } + return 0; } static void reboot_to_recovery() { @@ -388,7 +415,7 @@ static void reboot_to_recovery() { ALOGE("reboot didn't succeed?"); } -int uncrypt(const char* input_path, const char* map_file, int status_fd) { +static int uncrypt(const char* input_path, const char* map_file, int status_fd) { ALOGI("update package is \"%s\"", input_path); @@ -415,8 +442,8 @@ int uncrypt(const char* input_path, const char* map_file, int status_fd) { // If the filesystem it's on isn't encrypted, we only produce the // block map, we don't rewrite the file contents (it would be // pointless to do so). - ALOGI("encryptable: %s\n", encryptable ? "yes" : "no"); - ALOGI(" encrypted: %s\n", encrypted ? "yes" : "no"); + ALOGI("encryptable: %s", encryptable ? "yes" : "no"); + ALOGI(" encrypted: %s", encrypted ? "yes" : "no"); // Recovery supports installing packages from 3 paths: /cache, // /data, and /sdcard. (On a particular device, other locations @@ -435,56 +462,113 @@ int uncrypt(const char* input_path, const char* map_file, int status_fd) { return 0; } -int main(int argc, char** argv) { - - if (argc != 3 && argc != 1 && (argc == 2 && strcmp(argv[1], "--reboot") != 0)) { - fprintf(stderr, "usage: %s [--reboot] [ ]\n", argv[0]); - return 2; +static int uncrypt_wrapper(const char* input_path, const char* map_file, + const std::string& status_file) { + // The pipe has been created by the system server. + unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR)); + if (!status_fd) { + ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno)); + return 1; } - // When uncrypt is started with "--reboot", it wipes misc and reboots. - // Otherwise it uncrypts the package and writes the block map. - if (argc == 2) { - if (read_fstab() == NULL) { + std::string package; + if (input_path == nullptr) { + if (!find_uncrypt_package(UNCRYPT_PATH_FILE, &package)) { + android::base::WriteStringToFd("-1\n", status_fd.get()); return 1; } - wipe_misc(); - reboot_to_recovery(); - } else { - // The pipe has been created by the system server. - int status_fd = open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR); - if (status_fd == -1) { - ALOGE("failed to open pipe \"%s\": %s\n", status_file.c_str(), strerror(errno)); - return 1; - } - unique_fd status_fd_holder(status_fd); + input_path = package.c_str(); + } + CHECK(map_file != nullptr); + int status = uncrypt(input_path, map_file, status_fd.get()); + if (status != 0) { + android::base::WriteStringToFd("-1\n", status_fd.get()); + return 1; + } + android::base::WriteStringToFd("100\n", status_fd.get()); + return 0; +} - std::string package; - const char* input_path; - const char* map_file; +static int clear_bcb(const std::string& status_file) { + unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR)); + if (!status_fd) { + ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno)); + return 1; + } + bootloader_message boot = {}; + if (write_bootloader_message(&boot) != 0) { + android::base::WriteStringToFd("-1\n", status_fd.get()); + return 1; + } + android::base::WriteStringToFd("100\n", status_fd.get()); + return 0; +} + +static int setup_bcb(const std::string& command_file, const std::string& status_file) { + unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR)); + if (!status_fd) { + ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno)); + return 1; + } + std::string content; + if (!android::base::ReadFileToString(command_file, &content)) { + ALOGE("failed to read \"%s\": %s", command_file.c_str(), strerror(errno)); + android::base::WriteStringToFd("-1\n", status_fd.get()); + return 1; + } + bootloader_message boot = {}; + strlcpy(boot.command, "boot-recovery", sizeof(boot.command)); + strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery)); + strlcat(boot.recovery, content.c_str(), sizeof(boot.recovery)); + if (write_bootloader_message(&boot) != 0) { + ALOGE("failed to set bootloader message"); + android::base::WriteStringToFd("-1\n", status_fd.get()); + return 1; + } + android::base::WriteStringToFd("100\n", status_fd.get()); + return 0; +} +static int read_bcb() { + bootloader_message boot; + if (read_bootloader_message(&boot) != 0) { + ALOGE("failed to get bootloader message"); + return 1; + } + printf("bcb command: %s\n", boot.command); + printf("bcb recovery:\n%s\n", boot.recovery); + return 0; +} + +static void usage(const char* exename) { + fprintf(stderr, "Usage of %s:\n", exename); + fprintf(stderr, "%s [ ] Uncrypt ota package.\n", exename); + fprintf(stderr, "%s --reboot Clear BCB data and reboot to recovery.\n", exename); + fprintf(stderr, "%s --clear-bcb Clear BCB data in misc partition.\n", exename); + fprintf(stderr, "%s --setup-bcb Setup BCB data by command file.\n", exename); + fprintf(stderr, "%s --read-bcb Read BCB data from misc partition.\n", exename); +} + +int main(int argc, char** argv) { + if (argc == 2) { + if (strcmp(argv[1], "--reboot") == 0) { + reboot_to_recovery(); + } else if (strcmp(argv[1], "--clear-bcb") == 0) { + return clear_bcb(STATUS_FILE); + } else if (strcmp(argv[1], "--setup-bcb") == 0) { + return setup_bcb(COMMAND_FILE, STATUS_FILE); + } else if (strcmp(argv[1], "--read-bcb") == 0) { + return read_bcb(); + } + } else if (argc == 1 || argc == 3) { + const char* input_path = nullptr; + const char* map_file = CACHE_BLOCK_MAP.c_str(); if (argc == 3) { - // when command-line args are given this binary is being used - // for debugging. input_path = argv[1]; map_file = argv[2]; - } else { - if (!find_uncrypt_package(package)) { - android::base::WriteStringToFd("-1\n", status_fd); - return 1; - } - input_path = package.c_str(); - map_file = cache_block_map.c_str(); } - - int status = uncrypt(input_path, map_file, status_fd); - if (status != 0) { - android::base::WriteStringToFd("-1\n", status_fd); - return 1; - } - - android::base::WriteStringToFd("100\n", status_fd); + return uncrypt_wrapper(input_path, map_file, STATUS_FILE); } - - return 0; + usage(argv[0]); + return 2; } diff --git a/uncrypt/uncrypt.rc b/uncrypt/uncrypt.rc index 5f4c47936..b07c1dada 100644 --- a/uncrypt/uncrypt.rc +++ b/uncrypt/uncrypt.rc @@ -7,3 +7,13 @@ service pre-recovery /system/bin/uncrypt --reboot class main disabled oneshot + +service setup-bcb /system/bin/uncrypt --setup-bcb + class main + disabled + oneshot + +service clear-bcb /system/bin/uncrypt --clear-bcb + class main + disabled + oneshot \ No newline at end of file -- cgit v1.2.3 From c48cb5e5972bbeb1cacbe37b80a3e9f8003b54b7 Mon Sep 17 00:00:00 2001 From: Sen Jiang Date: Thu, 4 Feb 2016 16:23:21 +0800 Subject: Switch from mincrypt to BoringSSL in applypatch and updater. Bug: 18790686 Change-Id: I7d2136fb39b2266f5ae5be24819c617b08a6c21e --- applypatch/Android.mk | 8 ++++---- applypatch/applypatch.cpp | 47 +++++++++++++++++++++++------------------------ applypatch/applypatch.h | 6 +++--- applypatch/bspatch.cpp | 4 ++-- applypatch/imgpatch.cpp | 6 +++--- applypatch/main.cpp | 4 ++-- print_sha1.h | 10 +++++----- updater/Android.mk | 2 +- updater/blockimg.cpp | 19 +++++++++---------- updater/install.cpp | 14 +++++++------- 10 files changed, 59 insertions(+), 61 deletions(-) diff --git a/applypatch/Android.mk b/applypatch/Android.mk index 036b6f50d..22151941e 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -21,7 +21,7 @@ LOCAL_SRC_FILES := applypatch.cpp bspatch.cpp freecache.cpp imgpatch.cpp utils.c LOCAL_MODULE := libapplypatch LOCAL_MODULE_TAGS := eng LOCAL_C_INCLUDES += bootable/recovery -LOCAL_STATIC_LIBRARIES += libbase libmtdutils libmincrypt libbz libz +LOCAL_STATIC_LIBRARIES += libbase libmtdutils libcrypto_static libbz libz include $(BUILD_STATIC_LIBRARY) @@ -32,7 +32,7 @@ LOCAL_SRC_FILES := bspatch.cpp imgpatch.cpp utils.cpp LOCAL_MODULE := libimgpatch LOCAL_C_INCLUDES += bootable/recovery LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include -LOCAL_STATIC_LIBRARIES += libmincrypt libbz libz +LOCAL_STATIC_LIBRARIES += libcrypto_static libbz libz include $(BUILD_STATIC_LIBRARY) @@ -44,7 +44,7 @@ LOCAL_SRC_FILES := bspatch.cpp imgpatch.cpp utils.cpp LOCAL_MODULE := libimgpatch LOCAL_C_INCLUDES += bootable/recovery LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include -LOCAL_STATIC_LIBRARIES += libmincrypt libbz libz +LOCAL_STATIC_LIBRARIES += libcrypto_static libbz libz include $(BUILD_HOST_STATIC_LIBRARY) endif # HOST_OS == linux @@ -55,7 +55,7 @@ LOCAL_CLANG := true LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery -LOCAL_STATIC_LIBRARIES += libapplypatch libbase libmtdutils libmincrypt libbz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libmtdutils libcrypto_static libbz LOCAL_SHARED_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index f9425af93..75ffe0f08 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -27,7 +27,7 @@ #include -#include "mincrypt/sha.h" +#include "openssl/sha.h" #include "applypatch.h" #include "mtdutils/mtdutils.h" #include "edify/expr.h" @@ -41,7 +41,7 @@ static int GenerateTarget(FileContents* source_file, const Value* copy_patch_value, const char* source_filename, const char* target_filename, - const uint8_t target_sha1[SHA_DIGEST_SIZE], + const uint8_t target_sha1[SHA_DIGEST_LENGTH], size_t target_size, const Value* bonus_data); @@ -86,7 +86,7 @@ int LoadFileContents(const char* filename, FileContents* file) { } fclose(f); - SHA_hash(file->data, file->size, file->sha1); + SHA1(file->data, file->size, file->sha1); return 0; } @@ -181,8 +181,8 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { } SHA_CTX sha_ctx; - SHA_init(&sha_ctx); - uint8_t parsed_sha[SHA_DIGEST_SIZE]; + SHA1_Init(&sha_ctx); + uint8_t parsed_sha[SHA_DIGEST_LENGTH]; // Allocate enough memory to hold the largest size. file->data = reinterpret_cast(malloc(size[index[pairs-1]])); @@ -212,7 +212,7 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { file->data = NULL; return -1; } - SHA_update(&sha_ctx, p, read); + SHA1_Update(&sha_ctx, p, read); file->size += read; } @@ -220,7 +220,8 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { // check it against this pair's expected hash. SHA_CTX temp_ctx; memcpy(&temp_ctx, &sha_ctx, sizeof(SHA_CTX)); - const uint8_t* sha_so_far = SHA_final(&temp_ctx); + uint8_t sha_so_far[SHA_DIGEST_LENGTH]; + SHA1_Final(sha_so_far, &temp_ctx); if (ParseSha1(sha1sum[index[i]].c_str(), parsed_sha) != 0) { printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]].c_str(), filename); @@ -229,7 +230,7 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { return -1; } - if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_SIZE) == 0) { + if (memcmp(sha_so_far, parsed_sha, SHA_DIGEST_LENGTH) == 0) { // we have a match. stop reading the partition; we'll return // the data we've read so far. printf("partition read matched size %zu sha %s\n", @@ -260,10 +261,7 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { return -1; } - const uint8_t* sha_final = SHA_final(&sha_ctx); - for (size_t i = 0; i < SHA_DIGEST_SIZE; ++i) { - file->sha1[i] = sha_final[i]; - } + SHA1_Final(file->sha1, &sha_ctx); // Fake some stat() info. file->st.st_mode = 0644; @@ -494,7 +492,7 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { int ParseSha1(const char* str, uint8_t* digest) { const char* ps = str; uint8_t* pd = digest; - for (int i = 0; i < SHA_DIGEST_SIZE * 2; ++i, ++ps) { + for (int i = 0; i < SHA_DIGEST_LENGTH * 2; ++i, ++ps) { int digit; if (*ps >= '0' && *ps <= '9') { digit = *ps - '0'; @@ -521,10 +519,10 @@ int ParseSha1(const char* str, uint8_t* digest) { // found. int FindMatchingPatch(uint8_t* sha1, char* const * const patch_sha1_str, int num_patches) { - uint8_t patch_sha1[SHA_DIGEST_SIZE]; + uint8_t patch_sha1[SHA_DIGEST_LENGTH]; for (int i = 0; i < num_patches; ++i) { if (ParseSha1(patch_sha1_str[i], patch_sha1) == 0 && - memcmp(patch_sha1, sha1, SHA_DIGEST_SIZE) == 0) { + memcmp(patch_sha1, sha1, SHA_DIGEST_LENGTH) == 0) { return i; } } @@ -670,7 +668,7 @@ int applypatch(const char* source_filename, target_filename = source_filename; } - uint8_t target_sha1[SHA_DIGEST_SIZE]; + uint8_t target_sha1[SHA_DIGEST_LENGTH]; if (ParseSha1(target_sha1_str, target_sha1) != 0) { printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); return 1; @@ -685,7 +683,7 @@ int applypatch(const char* source_filename, // We try to load the target file into the source_file object. if (LoadFileContents(target_filename, &source_file) == 0) { - if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { + if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_LENGTH) == 0) { // The early-exit case: the patch was already applied, this file // has the desired hash, nothing for us to do. printf("already %s\n", short_sha1(target_sha1).c_str()); @@ -756,7 +754,7 @@ int applypatch_flash(const char* source_filename, const char* target_filename, const char* target_sha1_str, size_t target_size) { printf("flash %s: ", target_filename); - uint8_t target_sha1[SHA_DIGEST_SIZE]; + uint8_t target_sha1[SHA_DIGEST_LENGTH]; if (ParseSha1(target_sha1_str, target_sha1) != 0) { printf("failed to parse tgt-sha1 \"%s\"\n", target_sha1_str); return 1; @@ -777,7 +775,7 @@ int applypatch_flash(const char* source_filename, const char* target_filename, pieces.push_back(target_sha1_str); std::string fullname = android::base::Join(pieces, ':'); if (LoadPartitionContents(fullname.c_str(), &source_file) == 0 && - memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) { + memcmp(source_file.sha1, target_sha1, SHA_DIGEST_LENGTH) == 0) { // The early-exit case: the image was already applied, this partition // has the desired hash, nothing for us to do. printf("already %s\n", short_sha1(target_sha1).c_str()); @@ -786,7 +784,7 @@ int applypatch_flash(const char* source_filename, const char* target_filename, } if (LoadFileContents(source_filename, &source_file) == 0) { - if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { + if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_LENGTH) != 0) { // The source doesn't have desired checksum. printf("source \"%s\" doesn't have expected sha1 sum\n", source_filename); printf("expected: %s, found: %s\n", short_sha1(target_sha1).c_str(), @@ -812,7 +810,7 @@ static int GenerateTarget(FileContents* source_file, const Value* copy_patch_value, const char* source_filename, const char* target_filename, - const uint8_t target_sha1[SHA_DIGEST_SIZE], + const uint8_t target_sha1[SHA_DIGEST_LENGTH], size_t target_size, const Value* bonus_data) { int retry = 1; @@ -957,7 +955,7 @@ static int GenerateTarget(FileContents* source_file, char* header = patch->data; ssize_t header_bytes_read = patch->size; - SHA_init(&ctx); + SHA1_Init(&ctx); int result; @@ -1001,8 +999,9 @@ static int GenerateTarget(FileContents* source_file, } } while (retry-- > 0); - const uint8_t* current_target_sha1 = SHA_final(&ctx); - if (memcmp(current_target_sha1, target_sha1, SHA_DIGEST_SIZE) != 0) { + uint8_t current_target_sha1[SHA_DIGEST_LENGTH]; + SHA1_Final(current_target_sha1, &ctx); + if (memcmp(current_target_sha1, target_sha1, SHA_DIGEST_LENGTH) != 0) { printf("patch did not produce expected sha1\n"); return 1; } else { diff --git a/applypatch/applypatch.h b/applypatch/applypatch.h index 415bc1b3c..e0df104b5 100644 --- a/applypatch/applypatch.h +++ b/applypatch/applypatch.h @@ -18,16 +18,16 @@ #define _APPLYPATCH_H #include -#include "mincrypt/sha.h" +#include "openssl/sha.h" #include "edify/expr.h" typedef struct _Patch { - uint8_t sha1[SHA_DIGEST_SIZE]; + uint8_t sha1[SHA_DIGEST_LENGTH]; const char* patch_filename; } Patch; typedef struct _FileContents { - uint8_t sha1[SHA_DIGEST_SIZE]; + uint8_t sha1[SHA_DIGEST_LENGTH]; unsigned char* data; ssize_t size; struct stat st; diff --git a/applypatch/bspatch.cpp b/applypatch/bspatch.cpp index 75975ad6d..25171170a 100644 --- a/applypatch/bspatch.cpp +++ b/applypatch/bspatch.cpp @@ -30,7 +30,7 @@ #include -#include "mincrypt/sha.h" +#include "openssl/sha.h" #include "applypatch.h" void ShowBSDiffLicense() { @@ -114,7 +114,7 @@ int ApplyBSDiffPatch(const unsigned char* old_data, ssize_t old_size, printf("short write of output: %d (%s)\n", errno, strerror(errno)); return 1; } - if (ctx) SHA_update(ctx, new_data, new_size); + if (ctx) SHA1_Update(ctx, new_data, new_size); free(new_data); return 0; diff --git a/applypatch/imgpatch.cpp b/applypatch/imgpatch.cpp index 3e72b2cb5..c9944dfc1 100644 --- a/applypatch/imgpatch.cpp +++ b/applypatch/imgpatch.cpp @@ -26,7 +26,7 @@ #include #include "zlib.h" -#include "mincrypt/sha.h" +#include "openssl/sha.h" #include "applypatch.h" #include "imgdiff.h" #include "utils.h" @@ -109,7 +109,7 @@ int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size, printf("failed to read chunk %d raw data\n", i); return -1; } - if (ctx) SHA_update(ctx, patch->data + pos, data_len); + if (ctx) SHA1_Update(ctx, patch->data + pos, data_len); if (sink((unsigned char*)patch->data + pos, data_len, token) != data_len) { printf("failed to write chunk %d raw data\n", i); @@ -236,7 +236,7 @@ int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size, (long)have); return -1; } - if (ctx) SHA_update(ctx, temp_data, have); + if (ctx) SHA1_Update(ctx, temp_data, have); } while (ret != Z_STREAM_END); deflateEnd(&strm); diff --git a/applypatch/main.cpp b/applypatch/main.cpp index 966d8b91f..445a7fee7 100644 --- a/applypatch/main.cpp +++ b/applypatch/main.cpp @@ -21,7 +21,7 @@ #include "applypatch.h" #include "edify/expr.h" -#include "mincrypt/sha.h" +#include "openssl/sha.h" static int CheckMode(int argc, char** argv) { if (argc < 3) { @@ -54,7 +54,7 @@ static bool ParsePatchArgs(int argc, char** argv, char*** sha1s, *patches = reinterpret_cast(malloc(*num_patches * sizeof(Value*))); memset(*patches, 0, *num_patches * sizeof(Value*)); - uint8_t digest[SHA_DIGEST_SIZE]; + uint8_t digest[SHA_DIGEST_LENGTH]; for (int i = 0; i < *num_patches; ++i) { char* colon = strchr(argv[i], ':'); diff --git a/print_sha1.h b/print_sha1.h index 9e37c5fe3..fa3d7e009 100644 --- a/print_sha1.h +++ b/print_sha1.h @@ -20,9 +20,9 @@ #include #include -#include "mincrypt/sha.h" +#include "openssl/sha.h" -static std::string print_sha1(const uint8_t sha1[SHA_DIGEST_SIZE], size_t len) { +static std::string print_sha1(const uint8_t sha1[SHA_DIGEST_LENGTH], size_t len) { const char* hex = "0123456789abcdef"; std::string result = ""; for (size_t i = 0; i < len; ++i) { @@ -32,11 +32,11 @@ static std::string print_sha1(const uint8_t sha1[SHA_DIGEST_SIZE], size_t len) { return result; } -static std::string print_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { - return print_sha1(sha1, SHA_DIGEST_SIZE); +static std::string print_sha1(const uint8_t sha1[SHA_DIGEST_LENGTH]) { + return print_sha1(sha1, SHA_DIGEST_LENGTH); } -static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_SIZE]) { +static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_LENGTH]) { return print_sha1(sha1, 4); } diff --git a/updater/Android.mk b/updater/Android.mk index dcf437474..6fdd30895 100644 --- a/updater/Android.mk +++ b/updater/Android.mk @@ -46,7 +46,7 @@ endif LOCAL_STATIC_LIBRARIES += $(TARGET_RECOVERY_UPDATER_LIBS) $(TARGET_RECOVERY_UPDATER_EXTRA_LIBS) LOCAL_STATIC_LIBRARIES += libapplypatch libbase libedify libmtdutils libminzip libz -LOCAL_STATIC_LIBRARIES += libmincrypt libbz +LOCAL_STATIC_LIBRARIES += libbz LOCAL_STATIC_LIBRARIES += libcutils liblog libc LOCAL_STATIC_LIBRARIES += libselinux tune2fs_static_libraries := \ diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index c6daf7db5..6e056006c 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -43,7 +43,7 @@ #include "applypatch/applypatch.h" #include "edify/expr.h" #include "install.h" -#include "mincrypt/sha.h" +#include "openssl/sha.h" #include "minzip/Hash.h" #include "print_sha1.h" #include "unique_fd.h" @@ -407,10 +407,10 @@ static int LoadSrcTgtVersion1(CommandParameters& params, RangeSet& tgt, size_t& static int VerifyBlocks(const std::string& expected, const std::vector& buffer, const size_t blocks, bool printerror) { - uint8_t digest[SHA_DIGEST_SIZE]; + uint8_t digest[SHA_DIGEST_LENGTH]; const uint8_t* data = buffer.data(); - SHA_hash(data, blocks * BLOCKSIZE, digest); + SHA1(data, blocks * BLOCKSIZE, digest); std::string hexdigest = print_sha1(digest); @@ -662,10 +662,8 @@ static int CreateStash(State* state, int maxblocks, const char* blockdev, std::s // Stash directory should be different for each partition to avoid conflicts // when updating multiple partitions at the same time, so we use the hash of // the block device name as the base directory - SHA_CTX ctx; - SHA_init(&ctx); - SHA_update(&ctx, blockdev, strlen(blockdev)); - const uint8_t* digest = SHA_final(&ctx); + uint8_t digest[SHA_DIGEST_LENGTH]; + SHA1(reinterpret_cast(blockdev), strlen(blockdev), digest); base = print_sha1(digest); std::string dirname = GetStashFileName(base, "", ""); @@ -1627,7 +1625,7 @@ Value* RangeSha1Fn(const char* name, State* state, int /* argc */, Expr* argv[]) parse_range(ranges->data, rs); SHA_CTX ctx; - SHA_init(&ctx); + SHA1_Init(&ctx); std::vector buffer(BLOCKSIZE); for (size_t i = 0; i < rs.count; ++i) { @@ -1643,10 +1641,11 @@ Value* RangeSha1Fn(const char* name, State* state, int /* argc */, Expr* argv[]) return StringValue(strdup("")); } - SHA_update(&ctx, buffer.data(), BLOCKSIZE); + SHA1_Update(&ctx, buffer.data(), BLOCKSIZE); } } - const uint8_t* digest = SHA_final(&ctx); + uint8_t digest[SHA_DIGEST_LENGTH]; + SHA1_Final(digest, &ctx); return StringValue(strdup(print_sha1(digest).c_str())); } diff --git a/updater/install.cpp b/updater/install.cpp index b09086964..5326b12a8 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -44,7 +44,7 @@ #include "cutils/misc.h" #include "cutils/properties.h" #include "edify/expr.h" -#include "mincrypt/sha.h" +#include "openssl/sha.h" #include "minzip/DirUtil.h" #include "mtdutils/mounts.h" #include "mtdutils/mtdutils.h" @@ -91,10 +91,10 @@ void uiPrintf(State* state, const char* format, ...) { // Take a sha-1 digest and return it as a newly-allocated hex string. char* PrintSha1(const uint8_t* digest) { - char* buffer = reinterpret_cast(malloc(SHA_DIGEST_SIZE*2 + 1)); + char* buffer = reinterpret_cast(malloc(SHA_DIGEST_LENGTH*2 + 1)); const char* alphabet = "0123456789abcdef"; size_t i; - for (i = 0; i < SHA_DIGEST_SIZE; ++i) { + for (i = 0; i < SHA_DIGEST_LENGTH; ++i) { buffer[i*2] = alphabet[(digest[i] >> 4) & 0xf]; buffer[i*2+1] = alphabet[digest[i] & 0xf]; } @@ -1357,8 +1357,8 @@ Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { if (args[0]->size < 0) { return StringValue(strdup("")); } - uint8_t digest[SHA_DIGEST_SIZE]; - SHA_hash(args[0]->data, args[0]->size, digest); + uint8_t digest[SHA_DIGEST_LENGTH]; + SHA1(reinterpret_cast(args[0]->data), args[0]->size, digest); FreeValue(args[0]); if (argc == 1) { @@ -1366,7 +1366,7 @@ Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { } int i; - uint8_t* arg_digest = reinterpret_cast(malloc(SHA_DIGEST_SIZE)); + uint8_t* arg_digest = reinterpret_cast(malloc(SHA_DIGEST_LENGTH)); for (i = 1; i < argc; ++i) { if (args[i]->type != VAL_STRING) { printf("%s(): arg %d is not a string; skipping", @@ -1375,7 +1375,7 @@ Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { // Warn about bad args and skip them. printf("%s(): error parsing \"%s\" as sha-1; skipping", name, args[i]->data); - } else if (memcmp(digest, arg_digest, SHA_DIGEST_SIZE) == 0) { + } else if (memcmp(digest, arg_digest, SHA_DIGEST_LENGTH) == 0) { break; } FreeValue(args[i]); -- cgit v1.2.3 From 432918603f57de5a3acc6da9ff613d21c857d9fd Mon Sep 17 00:00:00 2001 From: Jed Estep Date: Wed, 3 Feb 2016 17:02:09 -0800 Subject: Refactor existing tests to use gtest Bug: 26962907 Change-Id: I5f80636af1740badeff7d08193f08e23f4e4fee1 --- Android.mk | 20 +-- README.md | 17 ++ testdata/alter-footer.zip | Bin 4009 -> 0 bytes testdata/alter-metadata.zip | Bin 4009 -> 0 bytes testdata/fake-eocd.zip | Bin 4313 -> 0 bytes testdata/jarsigned.zip | Bin 2271 -> 0 bytes testdata/otasigned.zip | Bin 4009 -> 0 bytes testdata/otasigned_ecdsa_sha256.zip | Bin 3085 -> 0 bytes testdata/otasigned_f4.zip | Bin 5195 -> 0 bytes testdata/otasigned_f4_sha256.zip | Bin 5319 -> 0 bytes testdata/otasigned_sha256.zip | Bin 5326 -> 0 bytes testdata/random.zip | Bin 1024 -> 0 bytes testdata/test_f4.pk8 | Bin 1217 -> 0 bytes testdata/test_f4.x509.pem | 25 --- testdata/test_f4_sha256.x509.pem | 25 --- testdata/testkey.pk8 | Bin 1217 -> 0 bytes testdata/testkey.x509.pem | 27 --- testdata/testkey_ecdsa.pk8 | Bin 138 -> 0 bytes testdata/testkey_ecdsa.x509.pem | 10 -- testdata/testkey_sha256.x509.pem | 27 --- testdata/unsigned.zip | Bin 376 -> 0 bytes tests/Android.mk | 35 +++- tests/asn1_decoder_test.cpp | 238 -------------------------- tests/component/verifier_test.cpp | 267 ++++++++++++++++++++++++++++++ tests/testdata/alter-footer.zip | Bin 0 -> 4009 bytes tests/testdata/alter-metadata.zip | Bin 0 -> 4009 bytes tests/testdata/fake-eocd.zip | Bin 0 -> 4313 bytes tests/testdata/jarsigned.zip | Bin 0 -> 2271 bytes tests/testdata/otasigned.zip | Bin 0 -> 4009 bytes tests/testdata/otasigned_ecdsa_sha256.zip | Bin 0 -> 3085 bytes tests/testdata/otasigned_f4.zip | Bin 0 -> 5195 bytes tests/testdata/otasigned_f4_sha256.zip | Bin 0 -> 5319 bytes tests/testdata/otasigned_sha256.zip | Bin 0 -> 5326 bytes tests/testdata/random.zip | Bin 0 -> 1024 bytes tests/testdata/test_f4.pk8 | Bin 0 -> 1217 bytes tests/testdata/test_f4.x509.pem | 25 +++ tests/testdata/test_f4_sha256.x509.pem | 25 +++ tests/testdata/testkey.pk8 | Bin 0 -> 1217 bytes tests/testdata/testkey.x509.pem | 27 +++ tests/testdata/testkey_ecdsa.pk8 | Bin 0 -> 138 bytes tests/testdata/testkey_ecdsa.x509.pem | 10 ++ tests/testdata/testkey_sha256.x509.pem | 27 +++ tests/testdata/unsigned.zip | Bin 0 -> 376 bytes tests/unit/asn1_decoder_test.cpp | 238 ++++++++++++++++++++++++++ verifier_test.cpp | 244 --------------------------- verifier_test.sh | 121 -------------- 46 files changed, 669 insertions(+), 739 deletions(-) delete mode 100644 testdata/alter-footer.zip delete mode 100644 testdata/alter-metadata.zip delete mode 100644 testdata/fake-eocd.zip delete mode 100644 testdata/jarsigned.zip delete mode 100644 testdata/otasigned.zip delete mode 100644 testdata/otasigned_ecdsa_sha256.zip delete mode 100644 testdata/otasigned_f4.zip delete mode 100644 testdata/otasigned_f4_sha256.zip delete mode 100644 testdata/otasigned_sha256.zip delete mode 100644 testdata/random.zip delete mode 100644 testdata/test_f4.pk8 delete mode 100644 testdata/test_f4.x509.pem delete mode 100644 testdata/test_f4_sha256.x509.pem delete mode 100644 testdata/testkey.pk8 delete mode 100644 testdata/testkey.x509.pem delete mode 100644 testdata/testkey_ecdsa.pk8 delete mode 100644 testdata/testkey_ecdsa.x509.pem delete mode 100644 testdata/testkey_sha256.x509.pem delete mode 100644 testdata/unsigned.zip delete mode 100644 tests/asn1_decoder_test.cpp create mode 100644 tests/component/verifier_test.cpp create mode 100644 tests/testdata/alter-footer.zip create mode 100644 tests/testdata/alter-metadata.zip create mode 100644 tests/testdata/fake-eocd.zip create mode 100644 tests/testdata/jarsigned.zip create mode 100644 tests/testdata/otasigned.zip create mode 100644 tests/testdata/otasigned_ecdsa_sha256.zip create mode 100644 tests/testdata/otasigned_f4.zip create mode 100644 tests/testdata/otasigned_f4_sha256.zip create mode 100644 tests/testdata/otasigned_sha256.zip create mode 100644 tests/testdata/random.zip create mode 100644 tests/testdata/test_f4.pk8 create mode 100644 tests/testdata/test_f4.x509.pem create mode 100644 tests/testdata/test_f4_sha256.x509.pem create mode 100644 tests/testdata/testkey.pk8 create mode 100644 tests/testdata/testkey.x509.pem create mode 100644 tests/testdata/testkey_ecdsa.pk8 create mode 100644 tests/testdata/testkey_ecdsa.x509.pem create mode 100644 tests/testdata/testkey_sha256.x509.pem create mode 100644 tests/testdata/unsigned.zip create mode 100644 tests/unit/asn1_decoder_test.cpp delete mode 100644 verifier_test.cpp delete mode 100755 verifier_test.sh diff --git a/Android.mk b/Android.mk index 602a85673..a48980fe8 100644 --- a/Android.mk +++ b/Android.mk @@ -104,28 +104,10 @@ LOCAL_CLANG := true LOCAL_MODULE := libverifier LOCAL_MODULE_TAGS := tests LOCAL_SRC_FILES := \ - asn1_decoder.cpp -include $(BUILD_STATIC_LIBRARY) - -include $(CLEAR_VARS) -LOCAL_CLANG := true -LOCAL_MODULE := verifier_test -LOCAL_FORCE_STATIC_EXECUTABLE := true -LOCAL_MODULE_TAGS := tests -LOCAL_CFLAGS += -Wno-unused-parameter -LOCAL_SRC_FILES := \ - verifier_test.cpp \ asn1_decoder.cpp \ verifier.cpp \ ui.cpp -LOCAL_STATIC_LIBRARIES := \ - libmincrypt \ - libminui \ - libminzip \ - libcutils \ - libc -include $(BUILD_EXECUTABLE) - +include $(BUILD_STATIC_LIBRARY) include $(LOCAL_PATH)/minui/Android.mk \ $(LOCAL_PATH)/minzip/Android.mk \ diff --git a/README.md b/README.md index bab7e87cd..01fab9465 100644 --- a/README.md +++ b/README.md @@ -10,3 +10,20 @@ Quick turn-around testing # without flashing the recovery partition: adb reboot bootloader fastboot boot $ANDROID_PRODUCT_OUT/recovery.img + +Running the tests +----------------- + # After setting up environment and lunch. + mmma -j bootable/recovery + + # Running the tests on device. + adb root + adb sync data + + # 32-bit device + adb shell /data/nativetest/recovery_unit_test/recovery_unit_test + adb shell /data/nativetest/recovery_component_test/recovery_component_test + + # Or 64-bit device + adb shell /data/nativetest64/recovery_unit_test/recovery_unit_test + adb shell /data/nativetest64/recovery_component_test/recovery_component_test diff --git a/testdata/alter-footer.zip b/testdata/alter-footer.zip deleted file mode 100644 index f497ec000..000000000 Binary files a/testdata/alter-footer.zip and /dev/null differ diff --git a/testdata/alter-metadata.zip b/testdata/alter-metadata.zip deleted file mode 100644 index 1c71fbc49..000000000 Binary files a/testdata/alter-metadata.zip and /dev/null differ diff --git a/testdata/fake-eocd.zip b/testdata/fake-eocd.zip deleted file mode 100644 index 15dc0a946..000000000 Binary files a/testdata/fake-eocd.zip and /dev/null differ diff --git a/testdata/jarsigned.zip b/testdata/jarsigned.zip deleted file mode 100644 index 8b1ef8bdd..000000000 Binary files a/testdata/jarsigned.zip and /dev/null differ diff --git a/testdata/otasigned.zip b/testdata/otasigned.zip deleted file mode 100644 index a6bc53e41..000000000 Binary files a/testdata/otasigned.zip and /dev/null differ diff --git a/testdata/otasigned_ecdsa_sha256.zip b/testdata/otasigned_ecdsa_sha256.zip deleted file mode 100644 index 999fcdd0f..000000000 Binary files a/testdata/otasigned_ecdsa_sha256.zip and /dev/null differ diff --git a/testdata/otasigned_f4.zip b/testdata/otasigned_f4.zip deleted file mode 100644 index dd1e4dd40..000000000 Binary files a/testdata/otasigned_f4.zip and /dev/null differ diff --git a/testdata/otasigned_f4_sha256.zip b/testdata/otasigned_f4_sha256.zip deleted file mode 100644 index 3af408c40..000000000 Binary files a/testdata/otasigned_f4_sha256.zip and /dev/null differ diff --git a/testdata/otasigned_sha256.zip b/testdata/otasigned_sha256.zip deleted file mode 100644 index 0ed4409b3..000000000 Binary files a/testdata/otasigned_sha256.zip and /dev/null differ diff --git a/testdata/random.zip b/testdata/random.zip deleted file mode 100644 index 18c0b3b9f..000000000 Binary files a/testdata/random.zip and /dev/null differ diff --git a/testdata/test_f4.pk8 b/testdata/test_f4.pk8 deleted file mode 100644 index 3052613c5..000000000 Binary files a/testdata/test_f4.pk8 and /dev/null differ diff --git a/testdata/test_f4.x509.pem b/testdata/test_f4.x509.pem deleted file mode 100644 index 814abcf99..000000000 --- a/testdata/test_f4.x509.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIENjCCAx6gAwIBAgIJAKhkCO1dDYMaMA0GCSqGSIb3DQEBBQUAMG8xCzAJBgNV -BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBW -aWV3MQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB0FuZHJvaWQxEDAOBgNVBAMT -B1Rlc3QxMjMwHhcNMTIwNzI1MTg1NzAzWhcNMzkxMjExMTg1NzAzWjBvMQswCQYD -VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g -VmlldzEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRAwDgYDVQQD -EwdUZXN0MTIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8WwMN9x -4Mz7YgkG2qy9g8/kl5ZoYrUM0ApHhaITAcL7RXLZaNipCf0w/YjYTQgj+75MK30x -TsnPeWNOEwA62gkHrZyyWfxBRO6kBYuIuI4roGDBJOmKQ1OEaDeIRKu7q5V8v3Cs -0wQDAQWTbhpxBZr9UYFgJUg8XWBfPrGJLVwsoiy4xrMhoTlNZKHfwOMMqVtSHkZX -qydYrcIzyjh+TO0e/xSNQ8MMRRbtqWgCHN6Rzhog3IHZu0RaPoukariopjXM/s0V -gTm3rHDHCOpna2pNblyiFlvbkoCs769mtNmx/yrDShO30jg/xaG8RypKDvTChzOT -oWW/XQ5VEXjbHwIDAQABo4HUMIHRMB0GA1UdDgQWBBRlT2dEZJY1tmUM8mZ0xnhS -GdD9TTCBoQYDVR0jBIGZMIGWgBRlT2dEZJY1tmUM8mZ0xnhSGdD9TaFzpHEwbzEL -MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 -YWluIFZpZXcxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHQW5kcm9pZDEQMA4G -A1UEAxMHVGVzdDEyM4IJAKhkCO1dDYMaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQEFBQADggEBAHqnXHtE+h3hvGmHh24GT51vGAYLc68WUUtCVlMIU85zQ757wlxZ -BmRypZ1i9hSqnXj5n+mETV5rFX3g2gvdAPVHkRycuDa2aUdZSE8cW4Z6qYFx6SaD -e+3SyXokpUquW64RuHJrf/yd/FnGjneBe3Qpm2reuzGWNH90qZGdbsfNaCm5kx2L -X+ZNHM3CcGMLaphY5++sM0JxSEcju5EK33ZYgLf4YdlbyMp8LDFVNd7ff0SFi9fF -0ZlAsJWoS3QmVCj2744BFdsCu7UHpnYpG6X3MT4SHAawdOaT5zSuaCl2xx6H0O7t -w/Fvbl/KVD1ZmLHgBKjDMNSh0OB9mSsDWpw= ------END CERTIFICATE----- diff --git a/testdata/test_f4_sha256.x509.pem b/testdata/test_f4_sha256.x509.pem deleted file mode 100644 index 9d5376b45..000000000 --- a/testdata/test_f4_sha256.x509.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIENjCCAx6gAwIBAgIJAKhkCO1dDYMaMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV -BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBW -aWV3MQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB0FuZHJvaWQxEDAOBgNVBAMT -B1Rlc3QxMjMwHhcNMTMwNDEwMTcyMzUyWhcNMTMwNTEwMTcyMzUyWjBvMQswCQYD -VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g -VmlldzEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRAwDgYDVQQD -EwdUZXN0MTIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8WwMN9x -4Mz7YgkG2qy9g8/kl5ZoYrUM0ApHhaITAcL7RXLZaNipCf0w/YjYTQgj+75MK30x -TsnPeWNOEwA62gkHrZyyWfxBRO6kBYuIuI4roGDBJOmKQ1OEaDeIRKu7q5V8v3Cs -0wQDAQWTbhpxBZr9UYFgJUg8XWBfPrGJLVwsoiy4xrMhoTlNZKHfwOMMqVtSHkZX -qydYrcIzyjh+TO0e/xSNQ8MMRRbtqWgCHN6Rzhog3IHZu0RaPoukariopjXM/s0V -gTm3rHDHCOpna2pNblyiFlvbkoCs769mtNmx/yrDShO30jg/xaG8RypKDvTChzOT -oWW/XQ5VEXjbHwIDAQABo4HUMIHRMB0GA1UdDgQWBBRlT2dEZJY1tmUM8mZ0xnhS -GdD9TTCBoQYDVR0jBIGZMIGWgBRlT2dEZJY1tmUM8mZ0xnhSGdD9TaFzpHEwbzEL -MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 -YWluIFZpZXcxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHQW5kcm9pZDEQMA4G -A1UEAxMHVGVzdDEyM4IJAKhkCO1dDYMaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQELBQADggEBAKWWQ9S0V9wWjrMJe8exj1gklwD1Ysi0vi+h2tfixahelrpsNkWi -EFjoUSHEkW9ThLmtui646uAlwSiWtSn1XkGGmIJ3s+gmAFUcMc0CaK0dgoq/M9zn -fQ0Vkzc1tK4MLsf+CbPDywPycb6+T3dBkerbWn9GUpjGl1ANWlciXZZ3657m61sL -HhwUOBxbZZ6sYP4ed2SVCf45GgMyJ0VoUg5yI2JzPAgOkGfeEIPVXE1M94edJY4G -8eHYvXovJZwXvKFI+ZyS0KBPx8cpfw89RB9qmkxqNBIm8qWb3qBiuBEIPj+NF/7w -sC/Fv8NNXkVquy0xa0qdyJBABzWE18zGcXs= ------END CERTIFICATE----- diff --git a/testdata/testkey.pk8 b/testdata/testkey.pk8 deleted file mode 100644 index 586c1bd5c..000000000 Binary files a/testdata/testkey.pk8 and /dev/null differ diff --git a/testdata/testkey.x509.pem b/testdata/testkey.x509.pem deleted file mode 100644 index e242d83e2..000000000 --- a/testdata/testkey.x509.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEqDCCA5CgAwIBAgIJAJNurL4H8gHfMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD -VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g -VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE -AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe -Fw0wODAyMjkwMTMzNDZaFw0zNTA3MTcwMTMzNDZaMIGUMQswCQYDVQQGEwJVUzET -MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G -A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p -ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI -hvcNAQEBBQADggENADCCAQgCggEBANaTGQTexgskse3HYuDZ2CU+Ps1s6x3i/waM -qOi8qM1r03hupwqnbOYOuw+ZNVn/2T53qUPn6D1LZLjk/qLT5lbx4meoG7+yMLV4 -wgRDvkxyGLhG9SEVhvA4oU6Jwr44f46+z4/Kw9oe4zDJ6pPQp8PcSvNQIg1QCAcy -4ICXF+5qBTNZ5qaU7Cyz8oSgpGbIepTYOzEJOmc3Li9kEsBubULxWBjf/gOBzAzU -RNps3cO4JFgZSAGzJWQTT7/emMkod0jb9WdqVA2BVMi7yge54kdVMxHEa5r3b97s -zI5p58ii0I54JiCUP5lyfTwE/nKZHZnfm644oLIXf6MdW2r+6R8CAQOjgfwwgfkw -HQYDVR0OBBYEFEhZAFY9JyxGrhGGBaR0GawJyowRMIHJBgNVHSMEgcEwgb6AFEhZ -AFY9JyxGrhGGBaR0GawJyowRoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE -CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH -QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG -CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJAJNurL4H8gHfMAwGA1Ud -EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHqvlozrUMRBBVEY0NqrrwFbinZa -J6cVosK0TyIUFf/azgMJWr+kLfcHCHJsIGnlw27drgQAvilFLAhLwn62oX6snb4Y -LCBOsVMR9FXYJLZW2+TcIkCRLXWG/oiVHQGo/rWuWkJgU134NDEFJCJGjDbiLCpe -+ZTWHdcwauTJ9pUbo8EvHRkU3cYfGmLaLfgn9gP+pWA7LFQNvXwBnDa6sppCccEX -31I828XzgXpJ4O+mDL1/dBd+ek8ZPUP0IgdyZm5MTYPhvVqGCHzzTy3sIeJFymwr -sBbmg2OAUNLEMO6nwmocSdN2ClirfxqCzJOLSDE4QyS9BAH6EhY6UFcOaE0= ------END CERTIFICATE----- diff --git a/testdata/testkey_ecdsa.pk8 b/testdata/testkey_ecdsa.pk8 deleted file mode 100644 index 9a521c8cf..000000000 Binary files a/testdata/testkey_ecdsa.pk8 and /dev/null differ diff --git a/testdata/testkey_ecdsa.x509.pem b/testdata/testkey_ecdsa.x509.pem deleted file mode 100644 index b12283645..000000000 --- a/testdata/testkey_ecdsa.x509.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBezCCASACCQC4g5wurPSmtzAKBggqhkjOPQQDAjBFMQswCQYDVQQGEwJBVTET -MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMB4XDTEzMTAwODIxMTAxM1oXDTE0MTAwODIxMTAxM1owRTELMAkGA1UE -BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp -ZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGcO1QDowF2E -RboWVmAYI2oXTr5MHAJ4xpMUFsrWVvoktYSN2RhNuOl5jZGvSBsQII9p/4qfjLmS -TBaCfQ0Xmt4wCgYIKoZIzj0EAwIDSQAwRgIhAIJjWmZAwngc2VcHUhYp2oSLoCQ+ -P+7AtbAn5242AqfOAiEAghO0t6jTKs0LUhLJrQwbOkHyZMVdZaG2vcwV9y9H5Qc= ------END CERTIFICATE----- diff --git a/testdata/testkey_sha256.x509.pem b/testdata/testkey_sha256.x509.pem deleted file mode 100644 index 002ce8968..000000000 --- a/testdata/testkey_sha256.x509.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEqDCCA5CgAwIBAgIJAJNurL4H8gHfMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD -VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g -VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE -AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe -Fw0xMzA0MTAxODA1MzZaFw0xMzA1MTAxODA1MzZaMIGUMQswCQYDVQQGEwJVUzET -MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G -A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p -ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI -hvcNAQEBBQADggENADCCAQgCggEBANaTGQTexgskse3HYuDZ2CU+Ps1s6x3i/waM -qOi8qM1r03hupwqnbOYOuw+ZNVn/2T53qUPn6D1LZLjk/qLT5lbx4meoG7+yMLV4 -wgRDvkxyGLhG9SEVhvA4oU6Jwr44f46+z4/Kw9oe4zDJ6pPQp8PcSvNQIg1QCAcy -4ICXF+5qBTNZ5qaU7Cyz8oSgpGbIepTYOzEJOmc3Li9kEsBubULxWBjf/gOBzAzU -RNps3cO4JFgZSAGzJWQTT7/emMkod0jb9WdqVA2BVMi7yge54kdVMxHEa5r3b97s -zI5p58ii0I54JiCUP5lyfTwE/nKZHZnfm644oLIXf6MdW2r+6R8CAQOjgfwwgfkw -HQYDVR0OBBYEFEhZAFY9JyxGrhGGBaR0GawJyowRMIHJBgNVHSMEgcEwgb6AFEhZ -AFY9JyxGrhGGBaR0GawJyowRoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE -CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH -QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG -CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJAJNurL4H8gHfMAwGA1Ud -EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKRVj9hOaozH1W8Wb4CNj7sCWixh -UMMZJXkxUtvUVHZGefp6MdtYiD/ZM7YRwZphm9aNhkykbHJdZ3lPzeL2csCa+sDQ -8sIzGu0/aD6p4zgIKQZmz0mZHqPGbHoLWOmA9EexRCFZ7vO/kO56ZbyhfFz2DI3S -Yez65CabErOFhNX6WukSPbV3zfsHRDD5JUStb/ko6t99HXsvIO0Ax9poj60PpCC1 -SiFzHZUY9mOnUfJFs+3NWCwKtP9nho3mZ3pJ1i+SeF6JiqbE3KHl4CDBeVGcu3CK -fiUZ8e8iXVN471Cgc5GD6Ud1pS7ifNZJsKhbETQ63KmvHCLRPi4NmP67uDE= ------END CERTIFICATE----- diff --git a/testdata/unsigned.zip b/testdata/unsigned.zip deleted file mode 100644 index 24e3eadac..000000000 Binary files a/testdata/unsigned.zip and /dev/null differ diff --git a/tests/Android.mk b/tests/Android.mk index 4ce00b457..3f3c433eb 100644 --- a/tests/Android.mk +++ b/tests/Android.mk @@ -16,11 +16,40 @@ LOCAL_PATH := $(call my-dir) +# Unit tests include $(CLEAR_VARS) LOCAL_CLANG := true +LOCAL_MODULE := recovery_unit_test LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk LOCAL_STATIC_LIBRARIES := libverifier -LOCAL_SRC_FILES := asn1_decoder_test.cpp -LOCAL_MODULE := asn1_decoder_test -LOCAL_C_INCLUDES := $(LOCAL_PATH)/.. +LOCAL_SRC_FILES := unit/asn1_decoder_test.cpp +LOCAL_C_INCLUDES := bootable/recovery +include $(BUILD_NATIVE_TEST) + +# Component tests +include $(CLEAR_VARS) +LOCAL_CLANG := true +LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk +LOCAL_MODULE := recovery_component_test +LOCAL_C_INCLUDES := bootable/recovery +LOCAL_SRC_FILES := component/verifier_test.cpp +LOCAL_FORCE_STATIC_EXECUTABLE := true +LOCAL_STATIC_LIBRARIES := \ + libbase \ + libverifier \ + libmincrypt \ + libminui \ + libminzip \ + libcutils \ + libc + +testdata_out_path := $(TARGET_OUT_DATA_NATIVE_TESTS)/$(LOCAL_MODULE) +testdata_files := $(call find-subdir-files, testdata/*) + +GEN := $(addprefix $(testdata_out_path)/, $(testdata_files)) +$(GEN): PRIVATE_PATH := $(LOCAL_PATH) +$(GEN): PRIVATE_CUSTOM_TOOL = cp $< $@ +$(GEN): $(testdata_out_path)/% : $(LOCAL_PATH)/% + $(transform-generated-source) +LOCAL_GENERATED_SOURCES += $(GEN) include $(BUILD_NATIVE_TEST) diff --git a/tests/asn1_decoder_test.cpp b/tests/asn1_decoder_test.cpp deleted file mode 100644 index af96d87d2..000000000 --- a/tests/asn1_decoder_test.cpp +++ /dev/null @@ -1,238 +0,0 @@ -/* - * Copyright (C) 2013 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#define LOG_TAG "asn1_decoder_test" - -#include -#include -#include -#include - -#include "asn1_decoder.h" - -namespace android { - -class Asn1DecoderTest : public testing::Test { -}; - -TEST_F(Asn1DecoderTest, Empty_Failure) { - uint8_t empty[] = { }; - asn1_context_t* ctx = asn1_context_new(empty, sizeof(empty)); - - EXPECT_EQ(NULL, asn1_constructed_get(ctx)); - EXPECT_FALSE(asn1_constructed_skip_all(ctx)); - EXPECT_EQ(0, asn1_constructed_type(ctx)); - EXPECT_EQ(NULL, asn1_sequence_get(ctx)); - EXPECT_EQ(NULL, asn1_set_get(ctx)); - EXPECT_FALSE(asn1_sequence_next(ctx)); - - uint8_t* junk; - size_t length; - EXPECT_FALSE(asn1_oid_get(ctx, &junk, &length)); - EXPECT_FALSE(asn1_octet_string_get(ctx, &junk, &length)); - - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, ConstructedGet_TruncatedLength_Failure) { - uint8_t truncated[] = { 0xA0, 0x82, }; - asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); - EXPECT_EQ(NULL, asn1_constructed_get(ctx)); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, ConstructedGet_LengthTooBig_Failure) { - uint8_t truncated[] = { 0xA0, 0x8a, 0xA5, 0x5A, 0xA5, 0x5A, - 0xA5, 0x5A, 0xA5, 0x5A, 0xA5, 0x5A, }; - asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); - EXPECT_EQ(NULL, asn1_constructed_get(ctx)); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, ConstructedGet_TooSmallForChild_Failure) { - uint8_t data[] = { 0xA5, 0x02, 0x06, 0x01, 0x01, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - asn1_context_t* ptr = asn1_constructed_get(ctx); - ASSERT_NE((asn1_context_t*)NULL, ptr); - EXPECT_EQ(5, asn1_constructed_type(ptr)); - uint8_t* oid; - size_t length; - EXPECT_FALSE(asn1_oid_get(ptr, &oid, &length)); - asn1_context_free(ptr); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, ConstructedGet_Success) { - uint8_t data[] = { 0xA5, 0x03, 0x06, 0x01, 0x01, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - asn1_context_t* ptr = asn1_constructed_get(ctx); - ASSERT_NE((asn1_context_t*)NULL, ptr); - EXPECT_EQ(5, asn1_constructed_type(ptr)); - uint8_t* oid; - size_t length; - ASSERT_TRUE(asn1_oid_get(ptr, &oid, &length)); - EXPECT_EQ(1U, length); - EXPECT_EQ(0x01U, *oid); - asn1_context_free(ptr); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, ConstructedSkipAll_TruncatedLength_Failure) { - uint8_t truncated[] = { 0xA2, 0x82, }; - asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); - EXPECT_FALSE(asn1_constructed_skip_all(ctx)); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, ConstructedSkipAll_Success) { - uint8_t data[] = { 0xA0, 0x03, 0x02, 0x01, 0x01, - 0xA1, 0x03, 0x02, 0x01, 0x01, - 0x06, 0x01, 0xA5, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - ASSERT_TRUE(asn1_constructed_skip_all(ctx)); - uint8_t* oid; - size_t length; - ASSERT_TRUE(asn1_oid_get(ctx, &oid, &length)); - EXPECT_EQ(1U, length); - EXPECT_EQ(0xA5U, *oid); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, SequenceGet_TruncatedLength_Failure) { - uint8_t truncated[] = { 0x30, 0x82, }; - asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); - EXPECT_EQ(NULL, asn1_sequence_get(ctx)); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, SequenceGet_TooSmallForChild_Failure) { - uint8_t data[] = { 0x30, 0x02, 0x06, 0x01, 0x01, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - asn1_context_t* ptr = asn1_sequence_get(ctx); - ASSERT_NE((asn1_context_t*)NULL, ptr); - uint8_t* oid; - size_t length; - EXPECT_FALSE(asn1_oid_get(ptr, &oid, &length)); - asn1_context_free(ptr); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, SequenceGet_Success) { - uint8_t data[] = { 0x30, 0x03, 0x06, 0x01, 0x01, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - asn1_context_t* ptr = asn1_sequence_get(ctx); - ASSERT_NE((asn1_context_t*)NULL, ptr); - uint8_t* oid; - size_t length; - ASSERT_TRUE(asn1_oid_get(ptr, &oid, &length)); - EXPECT_EQ(1U, length); - EXPECT_EQ(0x01U, *oid); - asn1_context_free(ptr); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, SetGet_TruncatedLength_Failure) { - uint8_t truncated[] = { 0x31, 0x82, }; - asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); - EXPECT_EQ(NULL, asn1_set_get(ctx)); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, SetGet_TooSmallForChild_Failure) { - uint8_t data[] = { 0x31, 0x02, 0x06, 0x01, 0x01, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - asn1_context_t* ptr = asn1_set_get(ctx); - ASSERT_NE((asn1_context_t*)NULL, ptr); - uint8_t* oid; - size_t length; - EXPECT_FALSE(asn1_oid_get(ptr, &oid, &length)); - asn1_context_free(ptr); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, SetGet_Success) { - uint8_t data[] = { 0x31, 0x03, 0x06, 0x01, 0xBA, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - asn1_context_t* ptr = asn1_set_get(ctx); - ASSERT_NE((asn1_context_t*)NULL, ptr); - uint8_t* oid; - size_t length; - ASSERT_TRUE(asn1_oid_get(ptr, &oid, &length)); - EXPECT_EQ(1U, length); - EXPECT_EQ(0xBAU, *oid); - asn1_context_free(ptr); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, OidGet_LengthZero_Failure) { - uint8_t data[] = { 0x06, 0x00, 0x01, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - uint8_t* oid; - size_t length; - EXPECT_FALSE(asn1_oid_get(ctx, &oid, &length)); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, OidGet_TooSmall_Failure) { - uint8_t data[] = { 0x06, 0x01, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - uint8_t* oid; - size_t length; - EXPECT_FALSE(asn1_oid_get(ctx, &oid, &length)); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, OidGet_Success) { - uint8_t data[] = { 0x06, 0x01, 0x99, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - uint8_t* oid; - size_t length; - ASSERT_TRUE(asn1_oid_get(ctx, &oid, &length)); - EXPECT_EQ(1U, length); - EXPECT_EQ(0x99U, *oid); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, OctetStringGet_LengthZero_Failure) { - uint8_t data[] = { 0x04, 0x00, 0x55, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - uint8_t* string; - size_t length; - ASSERT_FALSE(asn1_octet_string_get(ctx, &string, &length)); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, OctetStringGet_TooSmall_Failure) { - uint8_t data[] = { 0x04, 0x01, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - uint8_t* string; - size_t length; - ASSERT_FALSE(asn1_octet_string_get(ctx, &string, &length)); - asn1_context_free(ctx); -} - -TEST_F(Asn1DecoderTest, OctetStringGet_Success) { - uint8_t data[] = { 0x04, 0x01, 0xAA, }; - asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); - uint8_t* string; - size_t length; - ASSERT_TRUE(asn1_octet_string_get(ctx, &string, &length)); - EXPECT_EQ(1U, length); - EXPECT_EQ(0xAAU, *string); - asn1_context_free(ctx); -} - -} // namespace android diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp new file mode 100644 index 000000000..7f7b1b448 --- /dev/null +++ b/tests/component/verifier_test.cpp @@ -0,0 +1,267 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agree to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include + +#include "common.h" +#include "mincrypt/sha.h" +#include "mincrypt/sha256.h" +#include "minzip/SysUtil.h" +#include "ui.h" +#include "verifier.h" + +#if defined(__LP64__) +#define NATIVE_TEST_PATH "/nativetest64" +#else +#define NATIVE_TEST_PATH "/nativetest" +#endif + +static const char* DATA_PATH = getenv("ANDROID_DATA"); +static const char* TESTDATA_PATH = "/recovery_component_test/testdata/"; + +// This is build/target/product/security/testkey.x509.pem after being +// dumped out by dumpkey.jar. +RSAPublicKey test_key = + { 64, 0xc926ad21, + { 0x6afee91fu, 0x7fa31d5bu, 0x38a0b217u, 0x99df9baeu, + 0xfe72991du, 0x727d3c04u, 0x20943f99u, 0xd08e7826u, + 0x69e7c8a2u, 0xdeeccc8eu, 0x6b9af76fu, 0x553311c4u, + 0x07b9e247u, 0x54c8bbcau, 0x6a540d81u, 0x48dbf567u, + 0x98c92877u, 0x134fbfdeu, 0x01b32564u, 0x24581948u, + 0x6cddc3b8u, 0x0cd444dau, 0xfe0381ccu, 0xf15818dfu, + 0xc06e6d42u, 0x2e2f6412u, 0x093a6737u, 0x94d83b31u, + 0xa466c87au, 0xb3f284a0u, 0xa694ec2cu, 0x053359e6u, + 0x9717ee6au, 0x0732e080u, 0x220d5008u, 0xdc4af350u, + 0x93d0a7c3u, 0xe330c9eau, 0xcac3da1eu, 0x8ebecf8fu, + 0xc2be387fu, 0x38a14e89u, 0x211586f0u, 0x18b846f5u, + 0x43be4c72u, 0xb578c204u, 0x1bbfb230u, 0xf1e267a8u, + 0xa2d3e656u, 0x64b8e4feu, 0xe7e83d4bu, 0x3e77a943u, + 0x3559ffd9u, 0x0ebb0f99u, 0x0aa76ce6u, 0xd3786ea7u, + 0xbca8cd6bu, 0x068ca8e8u, 0xeb1de2ffu, 0x3e3ecd6cu, + 0xe0d9d825u, 0xb1edc762u, 0xdec60b24u, 0xd6931904u}, + { 0xccdcb989u, 0xe19281f9u, 0xa6e80accu, 0xb7f40560u, + 0x0efb0bccu, 0x7f12b0bbu, 0x1e90531au, 0x136d95d0u, + 0x9e660665u, 0x7d54918fu, 0xe3b93ea2u, 0x2f415d10u, + 0x3d2df6e6u, 0x7a627ecfu, 0xa6f22d70u, 0xb995907au, + 0x09de16b2u, 0xfeb8bd61u, 0xf24ec294u, 0x716a427fu, + 0x2e12046fu, 0xeaf3d56au, 0xd9b873adu, 0x0ced340bu, + 0xbc9cec09u, 0x73c65903u, 0xee39ce9bu, 0x3eede25au, + 0x397633b7u, 0x2583c165u, 0x8514f97du, 0xe9166510u, + 0x0b6fae99u, 0xa47139fdu, 0xdb8352f0u, 0xb2ad7f2cu, + 0xa11552e2u, 0xd4d490a7u, 0xe11e8568u, 0xe9e484dau, + 0xd3ef8449u, 0xa47055dau, 0x4edd9557u, 0x03a78ba1u, + 0x770e130du, 0x16762facu, 0x0cbdfcc4u, 0xf3070540u, + 0x008b6515u, 0x60e7e1b7u, 0xa72cf7f9u, 0xaff86e39u, + 0x4296faadu, 0xfc90430eu, 0x6cc8f377u, 0xb398fd43u, + 0x423c5997u, 0x991d59c4u, 0x6464bf73u, 0x96431575u, + 0x15e3d207u, 0x30532a7au, 0x8c4be618u, 0x460a4d76u }, + 3 + }; + +RSAPublicKey test_f4_key = + { 64, 0xc9bd1f21, + { 0x1178db1fu, 0xbf5d0e55u, 0x3393a165u, 0x0ef4c287u, + 0xbc472a4au, 0x383fc5a1u, 0x4a13b7d2u, 0xb1ff2ac3u, + 0xaf66b4d9u, 0x9280acefu, 0xa2165bdbu, 0x6a4d6e5cu, + 0x08ea676bu, 0xb7ac70c7u, 0xcd158139u, 0xa635ccfeu, + 0xa46ab8a8u, 0x445a3e8bu, 0xdc81d9bbu, 0x91ce1a20u, + 0x68021cdeu, 0x4516eda9u, 0x8d43c30cu, 0xed1eff14u, + 0xca387e4cu, 0x58adc233u, 0x4657ab27u, 0xa95b521eu, + 0xdfc0e30cu, 0x394d64a1u, 0xc6b321a1u, 0x2ca22cb8u, + 0xb1892d5cu, 0x5d605f3eu, 0x6025483cu, 0x9afd5181u, + 0x6e1a7105u, 0x03010593u, 0x70acd304u, 0xab957cbfu, + 0x8844abbbu, 0x53846837u, 0x24e98a43u, 0x2ba060c1u, + 0x8b88b88eu, 0x44eea405u, 0xb259fc41u, 0x0907ad9cu, + 0x13003adau, 0xcf79634eu, 0x7d314ec9u, 0xfbbe4c2bu, + 0xd84d0823u, 0xfd30fd88u, 0x68d8a909u, 0xfb4572d9u, + 0xa21301c2u, 0xd00a4785u, 0x6862b50cu, 0xcfe49796u, + 0xdaacbd83u, 0xfb620906u, 0xdf71e0ccu, 0xbbc5b030u }, + { 0x69a82189u, 0x1a8b22f4u, 0xcf49207bu, 0x68cc056au, + 0xb206b7d2u, 0x1d449bbdu, 0xe9d342f2u, 0x29daea58u, + 0xb19d011au, 0xc62f15e4u, 0x9452697au, 0xb62bb87eu, + 0x60f95cc2u, 0x279ebb2du, 0x17c1efd8u, 0xec47558bu, + 0xc81334d1u, 0x88fe7601u, 0x79992eb1u, 0xb4555615u, + 0x2022ac8cu, 0xc79a4b8cu, 0xb288b034u, 0xd6b942f0u, + 0x0caa32fbu, 0xa065ba51u, 0x4de9f154u, 0x29f64f6cu, + 0x7910af5eu, 0x3ed4636au, 0xe4c81911u, 0x9183f37du, + 0x5811e1c4u, 0x29c7a58cu, 0x9715d4d3u, 0xc7e2dce3u, + 0x140972ebu, 0xf4c8a69eu, 0xa104d424u, 0x5dabbdfbu, + 0x41cb4c6bu, 0xd7f44717u, 0x61785ff7u, 0x5e0bc273u, + 0x36426c70u, 0x2aa6f08eu, 0x083badbfu, 0x3cab941bu, + 0x8871da23u, 0x1ab3dbaeu, 0x7115a21du, 0xf5aa0965u, + 0xf766f562u, 0x7f110225u, 0x86d96a04u, 0xc50a120eu, + 0x3a751ca3u, 0xc21aa186u, 0xba7359d0u, 0x3ff2b257u, + 0xd116e8bbu, 0xfc1318c0u, 0x070e5b1du, 0x83b759a6u }, + 65537 + }; + +ECPublicKey test_ec_key = + { + { + {0xd656fa24u, 0x931416cau, 0x1c0278c6u, 0x174ebe4cu, + 0x6018236au, 0x45ba1656u, 0xe8c05d84u, 0x670ed500u} + }, + { + {0x0d179adeu, 0x4c16827du, 0x9f8cb992u, 0x8f69ff8au, + 0x481b1020u, 0x798d91afu, 0x184db8e9u, 0xb5848dd9u} + } + }; + +RecoveryUI* ui = NULL; + +class MockUI : public RecoveryUI { + void Init() { } + void SetStage(int, int) { } + void SetLocale(const char*) { } + void SetBackground(Icon icon) { } + + void SetProgressType(ProgressType determinate) { } + void ShowProgress(float portion, float seconds) { } + void SetProgress(float fraction) { } + + void ShowText(bool visible) { } + bool IsTextVisible() { return false; } + bool WasTextEverVisible() { return false; } + void Print(const char* fmt, ...) { + va_list ap; + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + va_end(ap); + } + void PrintOnScreenOnly(const char* fmt, ...) { + va_list ap; + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + va_end(ap); + } + void ShowFile(const char*) { } + + void StartMenu(const char* const * headers, const char* const * items, + int initial_selection) { } + int SelectMenu(int sel) { return 0; } + void EndMenu() { } +}; + +void +ui_print(const char* format, ...) { + va_list ap; + va_start(ap, format); + vfprintf(stdout, format, ap); + va_end(ap); +} + +class VerifierTest : public testing::TestWithParam> { + public: + MemMapping memmap; + std::vector certs; + + virtual void SetUp() { + std::vector args = GetParam(); + std::string package = android::base::StringPrintf("%s%s%s%s", DATA_PATH, NATIVE_TEST_PATH, + TESTDATA_PATH, args[0].c_str()); + for (auto it = ++(args.cbegin()); it != args.cend(); ++it) { + if (it->substr(it->length() - 3, it->length()) == "256") { + if (certs.empty()) { + FAIL() << "May only specify -sha256 after key type\n"; + } + certs.back().hash_len = SHA256_DIGEST_SIZE; + } else if (*it == "ec") { + certs.emplace_back(SHA_DIGEST_SIZE, Certificate::EC, + nullptr, std::unique_ptr(new ECPublicKey(test_ec_key))); + } else if (*it == "e3") { + certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA, + std::unique_ptr(new RSAPublicKey(test_key)), nullptr); + } else if (*it == "f4") { + certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA, + std::unique_ptr(new RSAPublicKey(test_f4_key)), nullptr); + } + } + if (certs.empty()) { + certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA, + std::unique_ptr(new RSAPublicKey(test_key)), nullptr); + } + if (sysMapFile(package.c_str(), &memmap) != 0) { + FAIL() << "Failed to mmap " << package << ": " << strerror(errno) << "\n"; + } + } + + static void SetUpTestCase() { + ui = new MockUI(); + } +}; + +class VerifierSuccessTest : public VerifierTest { +}; + +class VerifierFailureTest : public VerifierTest { +}; + +TEST_P(VerifierSuccessTest, VerifySucceed) { + ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs), VERIFY_SUCCESS); +} + +TEST_P(VerifierFailureTest, VerifyFailure) { + ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs), VERIFY_FAILURE); +} + +INSTANTIATE_TEST_CASE_P(SingleKeySuccess, VerifierSuccessTest, + ::testing::Values( + std::vector({"otasigned.zip", "e3"}), + std::vector({"otasigned_f4.zip", "f4"}), + std::vector({"otasigned_sha256.zip", "e3", "sha256"}), + std::vector({"otasigned_f4_sha256.zip", "f4", "sha256"}), + std::vector({"otasigned_ecdsa_sha256.zip", "ec", "sha256"}))); + +INSTANTIATE_TEST_CASE_P(MultiKeySuccess, VerifierSuccessTest, + ::testing::Values( + std::vector({"otasigned.zip", "f4", "e3"}), + std::vector({"otasigned_f4.zip", "ec", "f4"}), + std::vector({"otasigned_sha256.zip", "ec", "e3", "e3", "sha256"}), + std::vector({"otasigned_f4_sha256.zip", "ec", "sha256", "e3", "f4", "sha256"}), + std::vector({"otasigned_ecdsa_sha256.zip", "f4", "sha256", "e3", "ec", "sha256"}))); + +INSTANTIATE_TEST_CASE_P(WrongKey, VerifierFailureTest, + ::testing::Values( + std::vector({"otasigned.zip", "f4"}), + std::vector({"otasigned_f4.zip", "e3"}), + std::vector({"otasigned_ecdsa_sha256.zip", "e3", "sha256"}))); + +INSTANTIATE_TEST_CASE_P(WrongHash, VerifierFailureTest, + ::testing::Values( + std::vector({"otasigned.zip", "e3", "sha256"}), + std::vector({"otasigned_f4.zip", "f4", "sha256"}), + std::vector({"otasigned_sha256.zip"}), + std::vector({"otasigned_f4_sha256.zip", "f4"}), + std::vector({"otasigned_ecdsa_sha256.zip"}))); + +INSTANTIATE_TEST_CASE_P(BadPackage, VerifierFailureTest, + ::testing::Values( + std::vector({"random.zip"}), + std::vector({"fake-eocd.zip"}), + std::vector({"alter-metadata.zip"}), + std::vector({"alter-footer.zip"}))); diff --git a/tests/testdata/alter-footer.zip b/tests/testdata/alter-footer.zip new file mode 100644 index 000000000..f497ec000 Binary files /dev/null and b/tests/testdata/alter-footer.zip differ diff --git a/tests/testdata/alter-metadata.zip b/tests/testdata/alter-metadata.zip new file mode 100644 index 000000000..1c71fbc49 Binary files /dev/null and b/tests/testdata/alter-metadata.zip differ diff --git a/tests/testdata/fake-eocd.zip b/tests/testdata/fake-eocd.zip new file mode 100644 index 000000000..15dc0a946 Binary files /dev/null and b/tests/testdata/fake-eocd.zip differ diff --git a/tests/testdata/jarsigned.zip b/tests/testdata/jarsigned.zip new file mode 100644 index 000000000..8b1ef8bdd Binary files /dev/null and b/tests/testdata/jarsigned.zip differ diff --git a/tests/testdata/otasigned.zip b/tests/testdata/otasigned.zip new file mode 100644 index 000000000..a6bc53e41 Binary files /dev/null and b/tests/testdata/otasigned.zip differ diff --git a/tests/testdata/otasigned_ecdsa_sha256.zip b/tests/testdata/otasigned_ecdsa_sha256.zip new file mode 100644 index 000000000..999fcdd0f Binary files /dev/null and b/tests/testdata/otasigned_ecdsa_sha256.zip differ diff --git a/tests/testdata/otasigned_f4.zip b/tests/testdata/otasigned_f4.zip new file mode 100644 index 000000000..dd1e4dd40 Binary files /dev/null and b/tests/testdata/otasigned_f4.zip differ diff --git a/tests/testdata/otasigned_f4_sha256.zip b/tests/testdata/otasigned_f4_sha256.zip new file mode 100644 index 000000000..3af408c40 Binary files /dev/null and b/tests/testdata/otasigned_f4_sha256.zip differ diff --git a/tests/testdata/otasigned_sha256.zip b/tests/testdata/otasigned_sha256.zip new file mode 100644 index 000000000..0ed4409b3 Binary files /dev/null and b/tests/testdata/otasigned_sha256.zip differ diff --git a/tests/testdata/random.zip b/tests/testdata/random.zip new file mode 100644 index 000000000..18c0b3b9f Binary files /dev/null and b/tests/testdata/random.zip differ diff --git a/tests/testdata/test_f4.pk8 b/tests/testdata/test_f4.pk8 new file mode 100644 index 000000000..3052613c5 Binary files /dev/null and b/tests/testdata/test_f4.pk8 differ diff --git a/tests/testdata/test_f4.x509.pem b/tests/testdata/test_f4.x509.pem new file mode 100644 index 000000000..814abcf99 --- /dev/null +++ b/tests/testdata/test_f4.x509.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIJAKhkCO1dDYMaMA0GCSqGSIb3DQEBBQUAMG8xCzAJBgNV +BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBW +aWV3MQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB0FuZHJvaWQxEDAOBgNVBAMT +B1Rlc3QxMjMwHhcNMTIwNzI1MTg1NzAzWhcNMzkxMjExMTg1NzAzWjBvMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g +VmlldzEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRAwDgYDVQQD +EwdUZXN0MTIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8WwMN9x +4Mz7YgkG2qy9g8/kl5ZoYrUM0ApHhaITAcL7RXLZaNipCf0w/YjYTQgj+75MK30x +TsnPeWNOEwA62gkHrZyyWfxBRO6kBYuIuI4roGDBJOmKQ1OEaDeIRKu7q5V8v3Cs +0wQDAQWTbhpxBZr9UYFgJUg8XWBfPrGJLVwsoiy4xrMhoTlNZKHfwOMMqVtSHkZX +qydYrcIzyjh+TO0e/xSNQ8MMRRbtqWgCHN6Rzhog3IHZu0RaPoukariopjXM/s0V +gTm3rHDHCOpna2pNblyiFlvbkoCs769mtNmx/yrDShO30jg/xaG8RypKDvTChzOT +oWW/XQ5VEXjbHwIDAQABo4HUMIHRMB0GA1UdDgQWBBRlT2dEZJY1tmUM8mZ0xnhS +GdD9TTCBoQYDVR0jBIGZMIGWgBRlT2dEZJY1tmUM8mZ0xnhSGdD9TaFzpHEwbzEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHQW5kcm9pZDEQMA4G +A1UEAxMHVGVzdDEyM4IJAKhkCO1dDYMaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQEFBQADggEBAHqnXHtE+h3hvGmHh24GT51vGAYLc68WUUtCVlMIU85zQ757wlxZ +BmRypZ1i9hSqnXj5n+mETV5rFX3g2gvdAPVHkRycuDa2aUdZSE8cW4Z6qYFx6SaD +e+3SyXokpUquW64RuHJrf/yd/FnGjneBe3Qpm2reuzGWNH90qZGdbsfNaCm5kx2L +X+ZNHM3CcGMLaphY5++sM0JxSEcju5EK33ZYgLf4YdlbyMp8LDFVNd7ff0SFi9fF +0ZlAsJWoS3QmVCj2744BFdsCu7UHpnYpG6X3MT4SHAawdOaT5zSuaCl2xx6H0O7t +w/Fvbl/KVD1ZmLHgBKjDMNSh0OB9mSsDWpw= +-----END CERTIFICATE----- diff --git a/tests/testdata/test_f4_sha256.x509.pem b/tests/testdata/test_f4_sha256.x509.pem new file mode 100644 index 000000000..9d5376b45 --- /dev/null +++ b/tests/testdata/test_f4_sha256.x509.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIJAKhkCO1dDYMaMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV +BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBW +aWV3MQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB0FuZHJvaWQxEDAOBgNVBAMT +B1Rlc3QxMjMwHhcNMTMwNDEwMTcyMzUyWhcNMTMwNTEwMTcyMzUyWjBvMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g +VmlldzEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRAwDgYDVQQD +EwdUZXN0MTIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8WwMN9x +4Mz7YgkG2qy9g8/kl5ZoYrUM0ApHhaITAcL7RXLZaNipCf0w/YjYTQgj+75MK30x +TsnPeWNOEwA62gkHrZyyWfxBRO6kBYuIuI4roGDBJOmKQ1OEaDeIRKu7q5V8v3Cs +0wQDAQWTbhpxBZr9UYFgJUg8XWBfPrGJLVwsoiy4xrMhoTlNZKHfwOMMqVtSHkZX +qydYrcIzyjh+TO0e/xSNQ8MMRRbtqWgCHN6Rzhog3IHZu0RaPoukariopjXM/s0V +gTm3rHDHCOpna2pNblyiFlvbkoCs769mtNmx/yrDShO30jg/xaG8RypKDvTChzOT +oWW/XQ5VEXjbHwIDAQABo4HUMIHRMB0GA1UdDgQWBBRlT2dEZJY1tmUM8mZ0xnhS +GdD9TTCBoQYDVR0jBIGZMIGWgBRlT2dEZJY1tmUM8mZ0xnhSGdD9TaFzpHEwbzEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHQW5kcm9pZDEQMA4G +A1UEAxMHVGVzdDEyM4IJAKhkCO1dDYMaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQELBQADggEBAKWWQ9S0V9wWjrMJe8exj1gklwD1Ysi0vi+h2tfixahelrpsNkWi +EFjoUSHEkW9ThLmtui646uAlwSiWtSn1XkGGmIJ3s+gmAFUcMc0CaK0dgoq/M9zn +fQ0Vkzc1tK4MLsf+CbPDywPycb6+T3dBkerbWn9GUpjGl1ANWlciXZZ3657m61sL +HhwUOBxbZZ6sYP4ed2SVCf45GgMyJ0VoUg5yI2JzPAgOkGfeEIPVXE1M94edJY4G +8eHYvXovJZwXvKFI+ZyS0KBPx8cpfw89RB9qmkxqNBIm8qWb3qBiuBEIPj+NF/7w +sC/Fv8NNXkVquy0xa0qdyJBABzWE18zGcXs= +-----END CERTIFICATE----- diff --git a/tests/testdata/testkey.pk8 b/tests/testdata/testkey.pk8 new file mode 100644 index 000000000..586c1bd5c Binary files /dev/null and b/tests/testdata/testkey.pk8 differ diff --git a/tests/testdata/testkey.x509.pem b/tests/testdata/testkey.x509.pem new file mode 100644 index 000000000..e242d83e2 --- /dev/null +++ b/tests/testdata/testkey.x509.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqDCCA5CgAwIBAgIJAJNurL4H8gHfMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g +VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE +AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe +Fw0wODAyMjkwMTMzNDZaFw0zNTA3MTcwMTMzNDZaMIGUMQswCQYDVQQGEwJVUzET +MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G +A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p +ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI +hvcNAQEBBQADggENADCCAQgCggEBANaTGQTexgskse3HYuDZ2CU+Ps1s6x3i/waM +qOi8qM1r03hupwqnbOYOuw+ZNVn/2T53qUPn6D1LZLjk/qLT5lbx4meoG7+yMLV4 +wgRDvkxyGLhG9SEVhvA4oU6Jwr44f46+z4/Kw9oe4zDJ6pPQp8PcSvNQIg1QCAcy +4ICXF+5qBTNZ5qaU7Cyz8oSgpGbIepTYOzEJOmc3Li9kEsBubULxWBjf/gOBzAzU +RNps3cO4JFgZSAGzJWQTT7/emMkod0jb9WdqVA2BVMi7yge54kdVMxHEa5r3b97s +zI5p58ii0I54JiCUP5lyfTwE/nKZHZnfm644oLIXf6MdW2r+6R8CAQOjgfwwgfkw +HQYDVR0OBBYEFEhZAFY9JyxGrhGGBaR0GawJyowRMIHJBgNVHSMEgcEwgb6AFEhZ +AFY9JyxGrhGGBaR0GawJyowRoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE +CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH +QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG +CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJAJNurL4H8gHfMAwGA1Ud +EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHqvlozrUMRBBVEY0NqrrwFbinZa +J6cVosK0TyIUFf/azgMJWr+kLfcHCHJsIGnlw27drgQAvilFLAhLwn62oX6snb4Y +LCBOsVMR9FXYJLZW2+TcIkCRLXWG/oiVHQGo/rWuWkJgU134NDEFJCJGjDbiLCpe ++ZTWHdcwauTJ9pUbo8EvHRkU3cYfGmLaLfgn9gP+pWA7LFQNvXwBnDa6sppCccEX +31I828XzgXpJ4O+mDL1/dBd+ek8ZPUP0IgdyZm5MTYPhvVqGCHzzTy3sIeJFymwr +sBbmg2OAUNLEMO6nwmocSdN2ClirfxqCzJOLSDE4QyS9BAH6EhY6UFcOaE0= +-----END CERTIFICATE----- diff --git a/tests/testdata/testkey_ecdsa.pk8 b/tests/testdata/testkey_ecdsa.pk8 new file mode 100644 index 000000000..9a521c8cf Binary files /dev/null and b/tests/testdata/testkey_ecdsa.pk8 differ diff --git a/tests/testdata/testkey_ecdsa.x509.pem b/tests/testdata/testkey_ecdsa.x509.pem new file mode 100644 index 000000000..b12283645 --- /dev/null +++ b/tests/testdata/testkey_ecdsa.x509.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBezCCASACCQC4g5wurPSmtzAKBggqhkjOPQQDAjBFMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMB4XDTEzMTAwODIxMTAxM1oXDTE0MTAwODIxMTAxM1owRTELMAkGA1UE +BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp +ZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGcO1QDowF2E +RboWVmAYI2oXTr5MHAJ4xpMUFsrWVvoktYSN2RhNuOl5jZGvSBsQII9p/4qfjLmS +TBaCfQ0Xmt4wCgYIKoZIzj0EAwIDSQAwRgIhAIJjWmZAwngc2VcHUhYp2oSLoCQ+ +P+7AtbAn5242AqfOAiEAghO0t6jTKs0LUhLJrQwbOkHyZMVdZaG2vcwV9y9H5Qc= +-----END CERTIFICATE----- diff --git a/tests/testdata/testkey_sha256.x509.pem b/tests/testdata/testkey_sha256.x509.pem new file mode 100644 index 000000000..002ce8968 --- /dev/null +++ b/tests/testdata/testkey_sha256.x509.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqDCCA5CgAwIBAgIJAJNurL4H8gHfMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g +VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE +AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe +Fw0xMzA0MTAxODA1MzZaFw0xMzA1MTAxODA1MzZaMIGUMQswCQYDVQQGEwJVUzET +MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G +A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p +ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI +hvcNAQEBBQADggENADCCAQgCggEBANaTGQTexgskse3HYuDZ2CU+Ps1s6x3i/waM +qOi8qM1r03hupwqnbOYOuw+ZNVn/2T53qUPn6D1LZLjk/qLT5lbx4meoG7+yMLV4 +wgRDvkxyGLhG9SEVhvA4oU6Jwr44f46+z4/Kw9oe4zDJ6pPQp8PcSvNQIg1QCAcy +4ICXF+5qBTNZ5qaU7Cyz8oSgpGbIepTYOzEJOmc3Li9kEsBubULxWBjf/gOBzAzU +RNps3cO4JFgZSAGzJWQTT7/emMkod0jb9WdqVA2BVMi7yge54kdVMxHEa5r3b97s +zI5p58ii0I54JiCUP5lyfTwE/nKZHZnfm644oLIXf6MdW2r+6R8CAQOjgfwwgfkw +HQYDVR0OBBYEFEhZAFY9JyxGrhGGBaR0GawJyowRMIHJBgNVHSMEgcEwgb6AFEhZ +AFY9JyxGrhGGBaR0GawJyowRoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE +CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH +QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG +CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJAJNurL4H8gHfMAwGA1Ud +EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKRVj9hOaozH1W8Wb4CNj7sCWixh +UMMZJXkxUtvUVHZGefp6MdtYiD/ZM7YRwZphm9aNhkykbHJdZ3lPzeL2csCa+sDQ +8sIzGu0/aD6p4zgIKQZmz0mZHqPGbHoLWOmA9EexRCFZ7vO/kO56ZbyhfFz2DI3S +Yez65CabErOFhNX6WukSPbV3zfsHRDD5JUStb/ko6t99HXsvIO0Ax9poj60PpCC1 +SiFzHZUY9mOnUfJFs+3NWCwKtP9nho3mZ3pJ1i+SeF6JiqbE3KHl4CDBeVGcu3CK +fiUZ8e8iXVN471Cgc5GD6Ud1pS7ifNZJsKhbETQ63KmvHCLRPi4NmP67uDE= +-----END CERTIFICATE----- diff --git a/tests/testdata/unsigned.zip b/tests/testdata/unsigned.zip new file mode 100644 index 000000000..24e3eadac Binary files /dev/null and b/tests/testdata/unsigned.zip differ diff --git a/tests/unit/asn1_decoder_test.cpp b/tests/unit/asn1_decoder_test.cpp new file mode 100644 index 000000000..af96d87d2 --- /dev/null +++ b/tests/unit/asn1_decoder_test.cpp @@ -0,0 +1,238 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define LOG_TAG "asn1_decoder_test" + +#include +#include +#include +#include + +#include "asn1_decoder.h" + +namespace android { + +class Asn1DecoderTest : public testing::Test { +}; + +TEST_F(Asn1DecoderTest, Empty_Failure) { + uint8_t empty[] = { }; + asn1_context_t* ctx = asn1_context_new(empty, sizeof(empty)); + + EXPECT_EQ(NULL, asn1_constructed_get(ctx)); + EXPECT_FALSE(asn1_constructed_skip_all(ctx)); + EXPECT_EQ(0, asn1_constructed_type(ctx)); + EXPECT_EQ(NULL, asn1_sequence_get(ctx)); + EXPECT_EQ(NULL, asn1_set_get(ctx)); + EXPECT_FALSE(asn1_sequence_next(ctx)); + + uint8_t* junk; + size_t length; + EXPECT_FALSE(asn1_oid_get(ctx, &junk, &length)); + EXPECT_FALSE(asn1_octet_string_get(ctx, &junk, &length)); + + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, ConstructedGet_TruncatedLength_Failure) { + uint8_t truncated[] = { 0xA0, 0x82, }; + asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); + EXPECT_EQ(NULL, asn1_constructed_get(ctx)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, ConstructedGet_LengthTooBig_Failure) { + uint8_t truncated[] = { 0xA0, 0x8a, 0xA5, 0x5A, 0xA5, 0x5A, + 0xA5, 0x5A, 0xA5, 0x5A, 0xA5, 0x5A, }; + asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); + EXPECT_EQ(NULL, asn1_constructed_get(ctx)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, ConstructedGet_TooSmallForChild_Failure) { + uint8_t data[] = { 0xA5, 0x02, 0x06, 0x01, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + asn1_context_t* ptr = asn1_constructed_get(ctx); + ASSERT_NE((asn1_context_t*)NULL, ptr); + EXPECT_EQ(5, asn1_constructed_type(ptr)); + uint8_t* oid; + size_t length; + EXPECT_FALSE(asn1_oid_get(ptr, &oid, &length)); + asn1_context_free(ptr); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, ConstructedGet_Success) { + uint8_t data[] = { 0xA5, 0x03, 0x06, 0x01, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + asn1_context_t* ptr = asn1_constructed_get(ctx); + ASSERT_NE((asn1_context_t*)NULL, ptr); + EXPECT_EQ(5, asn1_constructed_type(ptr)); + uint8_t* oid; + size_t length; + ASSERT_TRUE(asn1_oid_get(ptr, &oid, &length)); + EXPECT_EQ(1U, length); + EXPECT_EQ(0x01U, *oid); + asn1_context_free(ptr); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, ConstructedSkipAll_TruncatedLength_Failure) { + uint8_t truncated[] = { 0xA2, 0x82, }; + asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); + EXPECT_FALSE(asn1_constructed_skip_all(ctx)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, ConstructedSkipAll_Success) { + uint8_t data[] = { 0xA0, 0x03, 0x02, 0x01, 0x01, + 0xA1, 0x03, 0x02, 0x01, 0x01, + 0x06, 0x01, 0xA5, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + ASSERT_TRUE(asn1_constructed_skip_all(ctx)); + uint8_t* oid; + size_t length; + ASSERT_TRUE(asn1_oid_get(ctx, &oid, &length)); + EXPECT_EQ(1U, length); + EXPECT_EQ(0xA5U, *oid); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, SequenceGet_TruncatedLength_Failure) { + uint8_t truncated[] = { 0x30, 0x82, }; + asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); + EXPECT_EQ(NULL, asn1_sequence_get(ctx)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, SequenceGet_TooSmallForChild_Failure) { + uint8_t data[] = { 0x30, 0x02, 0x06, 0x01, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + asn1_context_t* ptr = asn1_sequence_get(ctx); + ASSERT_NE((asn1_context_t*)NULL, ptr); + uint8_t* oid; + size_t length; + EXPECT_FALSE(asn1_oid_get(ptr, &oid, &length)); + asn1_context_free(ptr); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, SequenceGet_Success) { + uint8_t data[] = { 0x30, 0x03, 0x06, 0x01, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + asn1_context_t* ptr = asn1_sequence_get(ctx); + ASSERT_NE((asn1_context_t*)NULL, ptr); + uint8_t* oid; + size_t length; + ASSERT_TRUE(asn1_oid_get(ptr, &oid, &length)); + EXPECT_EQ(1U, length); + EXPECT_EQ(0x01U, *oid); + asn1_context_free(ptr); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, SetGet_TruncatedLength_Failure) { + uint8_t truncated[] = { 0x31, 0x82, }; + asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); + EXPECT_EQ(NULL, asn1_set_get(ctx)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, SetGet_TooSmallForChild_Failure) { + uint8_t data[] = { 0x31, 0x02, 0x06, 0x01, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + asn1_context_t* ptr = asn1_set_get(ctx); + ASSERT_NE((asn1_context_t*)NULL, ptr); + uint8_t* oid; + size_t length; + EXPECT_FALSE(asn1_oid_get(ptr, &oid, &length)); + asn1_context_free(ptr); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, SetGet_Success) { + uint8_t data[] = { 0x31, 0x03, 0x06, 0x01, 0xBA, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + asn1_context_t* ptr = asn1_set_get(ctx); + ASSERT_NE((asn1_context_t*)NULL, ptr); + uint8_t* oid; + size_t length; + ASSERT_TRUE(asn1_oid_get(ptr, &oid, &length)); + EXPECT_EQ(1U, length); + EXPECT_EQ(0xBAU, *oid); + asn1_context_free(ptr); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, OidGet_LengthZero_Failure) { + uint8_t data[] = { 0x06, 0x00, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + uint8_t* oid; + size_t length; + EXPECT_FALSE(asn1_oid_get(ctx, &oid, &length)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, OidGet_TooSmall_Failure) { + uint8_t data[] = { 0x06, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + uint8_t* oid; + size_t length; + EXPECT_FALSE(asn1_oid_get(ctx, &oid, &length)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, OidGet_Success) { + uint8_t data[] = { 0x06, 0x01, 0x99, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + uint8_t* oid; + size_t length; + ASSERT_TRUE(asn1_oid_get(ctx, &oid, &length)); + EXPECT_EQ(1U, length); + EXPECT_EQ(0x99U, *oid); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, OctetStringGet_LengthZero_Failure) { + uint8_t data[] = { 0x04, 0x00, 0x55, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + uint8_t* string; + size_t length; + ASSERT_FALSE(asn1_octet_string_get(ctx, &string, &length)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, OctetStringGet_TooSmall_Failure) { + uint8_t data[] = { 0x04, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + uint8_t* string; + size_t length; + ASSERT_FALSE(asn1_octet_string_get(ctx, &string, &length)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, OctetStringGet_Success) { + uint8_t data[] = { 0x04, 0x01, 0xAA, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + uint8_t* string; + size_t length; + ASSERT_TRUE(asn1_octet_string_get(ctx, &string, &length)); + EXPECT_EQ(1U, length); + EXPECT_EQ(0xAAU, *string); + asn1_context_free(ctx); +} + +} // namespace android diff --git a/verifier_test.cpp b/verifier_test.cpp deleted file mode 100644 index 2367e0052..000000000 --- a/verifier_test.cpp +++ /dev/null @@ -1,244 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include "common.h" -#include "verifier.h" -#include "ui.h" -#include "mincrypt/sha.h" -#include "mincrypt/sha256.h" -#include "minzip/SysUtil.h" - -// This is build/target/product/security/testkey.x509.pem after being -// dumped out by dumpkey.jar. -RSAPublicKey test_key = - { 64, 0xc926ad21, - { 0x6afee91fu, 0x7fa31d5bu, 0x38a0b217u, 0x99df9baeu, - 0xfe72991du, 0x727d3c04u, 0x20943f99u, 0xd08e7826u, - 0x69e7c8a2u, 0xdeeccc8eu, 0x6b9af76fu, 0x553311c4u, - 0x07b9e247u, 0x54c8bbcau, 0x6a540d81u, 0x48dbf567u, - 0x98c92877u, 0x134fbfdeu, 0x01b32564u, 0x24581948u, - 0x6cddc3b8u, 0x0cd444dau, 0xfe0381ccu, 0xf15818dfu, - 0xc06e6d42u, 0x2e2f6412u, 0x093a6737u, 0x94d83b31u, - 0xa466c87au, 0xb3f284a0u, 0xa694ec2cu, 0x053359e6u, - 0x9717ee6au, 0x0732e080u, 0x220d5008u, 0xdc4af350u, - 0x93d0a7c3u, 0xe330c9eau, 0xcac3da1eu, 0x8ebecf8fu, - 0xc2be387fu, 0x38a14e89u, 0x211586f0u, 0x18b846f5u, - 0x43be4c72u, 0xb578c204u, 0x1bbfb230u, 0xf1e267a8u, - 0xa2d3e656u, 0x64b8e4feu, 0xe7e83d4bu, 0x3e77a943u, - 0x3559ffd9u, 0x0ebb0f99u, 0x0aa76ce6u, 0xd3786ea7u, - 0xbca8cd6bu, 0x068ca8e8u, 0xeb1de2ffu, 0x3e3ecd6cu, - 0xe0d9d825u, 0xb1edc762u, 0xdec60b24u, 0xd6931904u}, - { 0xccdcb989u, 0xe19281f9u, 0xa6e80accu, 0xb7f40560u, - 0x0efb0bccu, 0x7f12b0bbu, 0x1e90531au, 0x136d95d0u, - 0x9e660665u, 0x7d54918fu, 0xe3b93ea2u, 0x2f415d10u, - 0x3d2df6e6u, 0x7a627ecfu, 0xa6f22d70u, 0xb995907au, - 0x09de16b2u, 0xfeb8bd61u, 0xf24ec294u, 0x716a427fu, - 0x2e12046fu, 0xeaf3d56au, 0xd9b873adu, 0x0ced340bu, - 0xbc9cec09u, 0x73c65903u, 0xee39ce9bu, 0x3eede25au, - 0x397633b7u, 0x2583c165u, 0x8514f97du, 0xe9166510u, - 0x0b6fae99u, 0xa47139fdu, 0xdb8352f0u, 0xb2ad7f2cu, - 0xa11552e2u, 0xd4d490a7u, 0xe11e8568u, 0xe9e484dau, - 0xd3ef8449u, 0xa47055dau, 0x4edd9557u, 0x03a78ba1u, - 0x770e130du, 0x16762facu, 0x0cbdfcc4u, 0xf3070540u, - 0x008b6515u, 0x60e7e1b7u, 0xa72cf7f9u, 0xaff86e39u, - 0x4296faadu, 0xfc90430eu, 0x6cc8f377u, 0xb398fd43u, - 0x423c5997u, 0x991d59c4u, 0x6464bf73u, 0x96431575u, - 0x15e3d207u, 0x30532a7au, 0x8c4be618u, 0x460a4d76u }, - 3 - }; - -RSAPublicKey test_f4_key = - { 64, 0xc9bd1f21, - { 0x1178db1fu, 0xbf5d0e55u, 0x3393a165u, 0x0ef4c287u, - 0xbc472a4au, 0x383fc5a1u, 0x4a13b7d2u, 0xb1ff2ac3u, - 0xaf66b4d9u, 0x9280acefu, 0xa2165bdbu, 0x6a4d6e5cu, - 0x08ea676bu, 0xb7ac70c7u, 0xcd158139u, 0xa635ccfeu, - 0xa46ab8a8u, 0x445a3e8bu, 0xdc81d9bbu, 0x91ce1a20u, - 0x68021cdeu, 0x4516eda9u, 0x8d43c30cu, 0xed1eff14u, - 0xca387e4cu, 0x58adc233u, 0x4657ab27u, 0xa95b521eu, - 0xdfc0e30cu, 0x394d64a1u, 0xc6b321a1u, 0x2ca22cb8u, - 0xb1892d5cu, 0x5d605f3eu, 0x6025483cu, 0x9afd5181u, - 0x6e1a7105u, 0x03010593u, 0x70acd304u, 0xab957cbfu, - 0x8844abbbu, 0x53846837u, 0x24e98a43u, 0x2ba060c1u, - 0x8b88b88eu, 0x44eea405u, 0xb259fc41u, 0x0907ad9cu, - 0x13003adau, 0xcf79634eu, 0x7d314ec9u, 0xfbbe4c2bu, - 0xd84d0823u, 0xfd30fd88u, 0x68d8a909u, 0xfb4572d9u, - 0xa21301c2u, 0xd00a4785u, 0x6862b50cu, 0xcfe49796u, - 0xdaacbd83u, 0xfb620906u, 0xdf71e0ccu, 0xbbc5b030u }, - { 0x69a82189u, 0x1a8b22f4u, 0xcf49207bu, 0x68cc056au, - 0xb206b7d2u, 0x1d449bbdu, 0xe9d342f2u, 0x29daea58u, - 0xb19d011au, 0xc62f15e4u, 0x9452697au, 0xb62bb87eu, - 0x60f95cc2u, 0x279ebb2du, 0x17c1efd8u, 0xec47558bu, - 0xc81334d1u, 0x88fe7601u, 0x79992eb1u, 0xb4555615u, - 0x2022ac8cu, 0xc79a4b8cu, 0xb288b034u, 0xd6b942f0u, - 0x0caa32fbu, 0xa065ba51u, 0x4de9f154u, 0x29f64f6cu, - 0x7910af5eu, 0x3ed4636au, 0xe4c81911u, 0x9183f37du, - 0x5811e1c4u, 0x29c7a58cu, 0x9715d4d3u, 0xc7e2dce3u, - 0x140972ebu, 0xf4c8a69eu, 0xa104d424u, 0x5dabbdfbu, - 0x41cb4c6bu, 0xd7f44717u, 0x61785ff7u, 0x5e0bc273u, - 0x36426c70u, 0x2aa6f08eu, 0x083badbfu, 0x3cab941bu, - 0x8871da23u, 0x1ab3dbaeu, 0x7115a21du, 0xf5aa0965u, - 0xf766f562u, 0x7f110225u, 0x86d96a04u, 0xc50a120eu, - 0x3a751ca3u, 0xc21aa186u, 0xba7359d0u, 0x3ff2b257u, - 0xd116e8bbu, 0xfc1318c0u, 0x070e5b1du, 0x83b759a6u }, - 65537 - }; - -ECPublicKey test_ec_key = - { - { - {0xd656fa24u, 0x931416cau, 0x1c0278c6u, 0x174ebe4cu, - 0x6018236au, 0x45ba1656u, 0xe8c05d84u, 0x670ed500u} - }, - { - {0x0d179adeu, 0x4c16827du, 0x9f8cb992u, 0x8f69ff8au, - 0x481b1020u, 0x798d91afu, 0x184db8e9u, 0xb5848dd9u} - } - }; - -RecoveryUI* ui = NULL; - -// verifier expects to find a UI object; we provide one that does -// nothing but print. -class FakeUI : public RecoveryUI { - void Init() { } - void SetStage(int, int) { } - void SetLocale(const char*) { } - void SetBackground(Icon icon) { } - - void SetProgressType(ProgressType determinate) { } - void ShowProgress(float portion, float seconds) { } - void SetProgress(float fraction) { } - - void ShowText(bool visible) { } - bool IsTextVisible() { return false; } - bool WasTextEverVisible() { return false; } - void Print(const char* fmt, ...) { - va_list ap; - va_start(ap, fmt); - vfprintf(stderr, fmt, ap); - va_end(ap); - } - void PrintOnScreenOnly(const char* fmt, ...) { - va_list ap; - va_start(ap, fmt); - vfprintf(stderr, fmt, ap); - va_end(ap); - } - void ShowFile(const char*) { } - - void StartMenu(const char* const * headers, const char* const * items, - int initial_selection) { } - int SelectMenu(int sel) { return 0; } - void EndMenu() { } -}; - -void -ui_print(const char* format, ...) { - va_list ap; - va_start(ap, format); - vfprintf(stdout, format, ap); - va_end(ap); -} - -int main(int argc, char** argv) { - if (argc < 2) { - fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file ] \n", argv[0]); - return 2; - } - - std::vector certs; - int argn = 1; - while (argn < argc) { - if (strcmp(argv[argn], "-sha256") == 0) { - if (certs.empty()) { - fprintf(stderr, "May only specify -sha256 after key type\n"); - return 2; - } - ++argn; - certs.back().hash_len = SHA256_DIGEST_SIZE; - } else if (strcmp(argv[argn], "-ec") == 0) { - ++argn; - certs.emplace_back(SHA_DIGEST_SIZE, Certificate::EC, - nullptr, std::unique_ptr(new ECPublicKey(test_ec_key))); - } else if (strcmp(argv[argn], "-e3") == 0) { - ++argn; - certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA, - std::unique_ptr(new RSAPublicKey(test_key)), nullptr); - } else if (strcmp(argv[argn], "-f4") == 0) { - ++argn; - certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA, - std::unique_ptr(new RSAPublicKey(test_f4_key)), nullptr); - } else if (strcmp(argv[argn], "-file") == 0) { - if (!certs.empty()) { - fprintf(stderr, "Cannot specify -file with other certs specified\n"); - return 2; - } - ++argn; - if (!load_keys(argv[argn], certs)) { - fprintf(stderr, "Cannot load keys from %s\n", argv[argn]); - } - ++argn; - } else if (argv[argn][0] == '-') { - fprintf(stderr, "Unknown argument %s\n", argv[argn]); - return 2; - } else { - break; - } - } - - if (argn == argc) { - fprintf(stderr, "Must specify package to verify\n"); - return 2; - } - - if (certs.empty()) { - certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA, - std::unique_ptr(new RSAPublicKey(test_key)), nullptr); - } - - ui = new FakeUI(); - - MemMapping map; - if (sysMapFile(argv[argn], &map) != 0) { - fprintf(stderr, "failed to mmap %s: %s\n", argv[argn], strerror(errno)); - return 4; - } - - int result = verify_file(map.addr, map.length, certs); - if (result == VERIFY_SUCCESS) { - printf("VERIFIED\n"); - return 0; - } else if (result == VERIFY_FAILURE) { - printf("NOT VERIFIED\n"); - return 1; - } else { - printf("bad return value\n"); - return 3; - } -} diff --git a/verifier_test.sh b/verifier_test.sh deleted file mode 100755 index 4761cef4a..000000000 --- a/verifier_test.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash -# -# A test suite for recovery's package signature verifier. Run in a -# client where you have done envsetup, lunch, etc. -# -# TODO: find some way to get this run regularly along with the rest of -# the tests. - -EMULATOR_PORT=5580 -DATA_DIR=$ANDROID_BUILD_TOP/bootable/recovery/testdata - -WORK_DIR=/data/local/tmp - -# set to 0 to use a device instead -USE_EMULATOR=0 - -# ------------------------ - -if [ "$USE_EMULATOR" == 1 ]; then - emulator -wipe-data -noaudio -no-window -port $EMULATOR_PORT & - pid_emulator=$! - ADB="adb -s emulator-$EMULATOR_PORT " -else - ADB="adb -d " -fi - -echo "waiting to connect to device" -$ADB wait-for-device - -# run a command on the device; exit with the exit status of the device -# command. -run_command() { - $ADB shell "$@" \; echo \$? | awk '{if (b) {print a}; a=$0; b=1} END {exit a}' -} - -testname() { - echo - echo "::: testing $1 :::" - testname="$1" -} - -fail() { - echo - echo FAIL: $testname - echo - [ "$open_pid" == "" ] || kill $open_pid - [ "$pid_emulator" == "" ] || kill $pid_emulator - exit 1 -} - - -cleanup() { - # not necessary if we're about to kill the emulator, but nice for - # running on real devices or already-running emulators. - run_command rm $WORK_DIR/verifier_test - run_command rm $WORK_DIR/package.zip - - [ "$pid_emulator" == "" ] || kill $pid_emulator -} - -$ADB push $ANDROID_PRODUCT_OUT/system/bin/verifier_test \ - $WORK_DIR/verifier_test - -expect_succeed() { - testname "$1 (should succeed)" - $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip - shift - run_command $WORK_DIR/verifier_test "$@" $WORK_DIR/package.zip || fail -} - -expect_fail() { - testname "$1 (should fail)" - $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip - shift - run_command $WORK_DIR/verifier_test "$@" $WORK_DIR/package.zip && fail -} - -# not signed at all -expect_fail unsigned.zip -# signed in the pre-donut way -expect_fail jarsigned.zip - -# success cases -expect_succeed otasigned.zip -e3 -expect_succeed otasigned_f4.zip -f4 -expect_succeed otasigned_sha256.zip -e3 -sha256 -expect_succeed otasigned_f4_sha256.zip -f4 -sha256 -expect_succeed otasigned_ecdsa_sha256.zip -ec -sha256 - -# success with multiple keys -expect_succeed otasigned.zip -f4 -e3 -expect_succeed otasigned_f4.zip -ec -f4 -expect_succeed otasigned_sha256.zip -ec -e3 -e3 -sha256 -expect_succeed otasigned_f4_sha256.zip -ec -sha256 -e3 -f4 -sha256 -expect_succeed otasigned_ecdsa_sha256.zip -f4 -sha256 -e3 -ec -sha256 - -# verified against different key -expect_fail otasigned.zip -f4 -expect_fail otasigned_f4.zip -e3 -expect_fail otasigned_ecdsa_sha256.zip -e3 -sha256 - -# verified against right key but wrong hash algorithm -expect_fail otasigned.zip -e3 -sha256 -expect_fail otasigned_f4.zip -f4 -sha256 -expect_fail otasigned_sha256.zip -expect_fail otasigned_f4_sha256.zip -f4 -expect_fail otasigned_ecdsa_sha256.zip - -# various other cases -expect_fail random.zip -expect_fail fake-eocd.zip -expect_fail alter-metadata.zip -expect_fail alter-footer.zip - -# --------------- cleanup ---------------------- - -cleanup - -echo -echo PASS -echo -- cgit v1.2.3 From 64be2135d8f4df070c65c1e89753e888822bb5e3 Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Wed, 3 Feb 2016 18:16:02 -0800 Subject: updater: fix memory leak based on static analysis. Bug: 26907377 Change-Id: I384c0131322b2d12f0ef489735e70e86819846a4 --- updater/install.cpp | 83 +++++++++++++++++++++++++---------------------------- 1 file changed, 39 insertions(+), 44 deletions(-) diff --git a/updater/install.cpp b/updater/install.cpp index 5326b12a8..45bbf2bc1 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -34,6 +34,9 @@ #include #include +#include +#include + #include #include #include @@ -439,8 +442,7 @@ Value* DeleteFn(const char* name, State* state, int argc, Expr* argv[]) { for (int i = 0; i < argc; ++i) { paths[i] = Evaluate(state, argv[i]); if (paths[i] == NULL) { - int j; - for (j = 0; j < i; ++i) { + for (int j = 0; j < i; ++j) { free(paths[j]); } free(paths); @@ -581,13 +583,13 @@ Value* PackageExtractFileFn(const char* name, State* state, // as the result. char* zip_path; + if (ReadArgs(state, argv, 1, &zip_path) < 0) return NULL; + Value* v = reinterpret_cast(malloc(sizeof(Value))); v->type = VAL_BLOB; v->size = -1; v->data = NULL; - if (ReadArgs(state, argv, 1, &zip_path) < 0) return NULL; - ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip; const ZipEntry* entry = mzFindZipEntry(za, zip_path); if (entry == NULL) { @@ -1193,44 +1195,40 @@ Value* ApplyPatchFn(const char* name, State* state, int argc, Expr* argv[]) { } int patchcount = (argc-4) / 2; - Value** patches = ReadValueVarArgs(state, argc-4, argv+4); + std::unique_ptr arg_values(ReadValueVarArgs(state, argc-4, argv+4), + free); + if (!arg_values) { + return nullptr; + } + std::vector> patch_shas; + std::vector> patches; + // Protect values by unique_ptrs first to get rid of memory leak. + for (int i = 0; i < patchcount * 2; i += 2) { + patch_shas.emplace_back(arg_values.get()[i], FreeValue); + patches.emplace_back(arg_values.get()[i+1], FreeValue); + } - int i; - for (i = 0; i < patchcount; ++i) { - if (patches[i*2]->type != VAL_STRING) { + for (int i = 0; i < patchcount; ++i) { + if (patch_shas[i]->type != VAL_STRING) { ErrorAbort(state, "%s(): sha-1 #%d is not string", name, i); - break; + return nullptr; } - if (patches[i*2+1]->type != VAL_BLOB) { + if (patches[i]->type != VAL_BLOB) { ErrorAbort(state, "%s(): patch #%d is not blob", name, i); - break; + return nullptr; } } - if (i != patchcount) { - for (i = 0; i < patchcount*2; ++i) { - FreeValue(patches[i]); - } - free(patches); - return NULL; - } - char** patch_sha_str = reinterpret_cast(malloc(patchcount * sizeof(char*))); - for (i = 0; i < patchcount; ++i) { - patch_sha_str[i] = patches[i*2]->data; - patches[i*2]->data = NULL; - FreeValue(patches[i*2]); - patches[i] = patches[i*2+1]; + std::vector patch_sha_str; + std::vector patch_ptrs; + for (int i = 0; i < patchcount; ++i) { + patch_sha_str.push_back(patch_shas[i]->data); + patch_ptrs.push_back(patches[i].get()); } int result = applypatch(source_filename, target_filename, target_sha1, target_size, - patchcount, patch_sha_str, patches, NULL); - - for (i = 0; i < patchcount; ++i) { - FreeValue(patches[i]); - } - free(patch_sha_str); - free(patches); + patchcount, patch_sha_str.data(), patch_ptrs.data(), NULL); return StringValue(strdup(result == 0 ? "t" : "")); } @@ -1349,9 +1347,13 @@ Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { return ErrorAbort(state, "%s() expects at least 1 arg", name); } - Value** args = ReadValueVarArgs(state, argc, argv); - if (args == NULL) { - return NULL; + std::unique_ptr arg_values(ReadValueVarArgs(state, argc, argv), free); + if (arg_values == nullptr) { + return nullptr; + } + std::vector> args; + for (int i = 0; i < argc; ++i) { + args.emplace_back(arg_values.get()[i], FreeValue); } if (args[0]->size < 0) { @@ -1359,14 +1361,13 @@ Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { } uint8_t digest[SHA_DIGEST_LENGTH]; SHA1(reinterpret_cast(args[0]->data), args[0]->size, digest); - FreeValue(args[0]); if (argc == 1) { return StringValue(PrintSha1(digest)); } int i; - uint8_t* arg_digest = reinterpret_cast(malloc(SHA_DIGEST_LENGTH)); + uint8_t arg_digest[SHA_DIGEST_LENGTH]; for (i = 1; i < argc; ++i) { if (args[i]->type != VAL_STRING) { printf("%s(): arg %d is not a string; skipping", @@ -1378,19 +1379,13 @@ Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) { } else if (memcmp(digest, arg_digest, SHA_DIGEST_LENGTH) == 0) { break; } - FreeValue(args[i]); } if (i >= argc) { // Didn't match any of the hex strings; return false. return StringValue(strdup("")); } - // Found a match; free all the remaining arguments and return the - // matched one. - int j; - for (j = i+1; j < argc; ++j) { - FreeValue(args[j]); - } - return args[i]; + // Found a match. + return args[i].release(); } // Read a local file and return its contents (the Value* returned -- cgit v1.2.3 From d483c20a7e459bd2f8e5e134355a923282175977 Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Wed, 3 Feb 2016 17:08:52 -0800 Subject: applypatch: fix memory leaks reported by static analysis. Bug: 26906416 Change-Id: I163df5a8f3abda3ba5d4ed81dfc8567054eceb27 --- applypatch/Android.mk | 2 +- applypatch/applypatch.cpp | 179 +++++++++++++++++++++------------------------- applypatch/applypatch.h | 11 +-- applypatch/bspatch.cpp | 37 ++++------ applypatch/freecache.cpp | 141 +++++++++++++----------------------- applypatch/imgpatch.cpp | 56 ++++++--------- applypatch/main.cpp | 79 +++++++------------- 7 files changed, 202 insertions(+), 303 deletions(-) diff --git a/applypatch/Android.mk b/applypatch/Android.mk index 22151941e..23d0f7bb1 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -55,7 +55,7 @@ LOCAL_CLANG := true LOCAL_SRC_FILES := main.cpp LOCAL_MODULE := applypatch LOCAL_C_INCLUDES += bootable/recovery -LOCAL_STATIC_LIBRARIES += libapplypatch libbase libmtdutils libcrypto_static libbz +LOCAL_STATIC_LIBRARIES += libapplypatch libbase libmtdutils libcrypto_static libbz libedify LOCAL_SHARED_LIBRARIES += libz libcutils libc include $(BUILD_EXECUTABLE) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 75ffe0f08..75d77372e 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -25,6 +25,9 @@ #include #include +#include +#include + #include #include "openssl/sha.h" @@ -67,25 +70,29 @@ int LoadFileContents(const char* filename, FileContents* file) { } file->size = file->st.st_size; - file->data = reinterpret_cast(malloc(file->size)); + file->data = nullptr; + + std::unique_ptr data( + static_cast(malloc(file->size)), free); + if (data == nullptr) { + printf("failed to allocate memory: %s\n", strerror(errno)); + return -1; + } FILE* f = fopen(filename, "rb"); if (f == NULL) { printf("failed to open \"%s\": %s\n", filename, strerror(errno)); - free(file->data); - file->data = NULL; return -1; } - size_t bytes_read = fread(file->data, 1, file->size, f); + size_t bytes_read = fread(data.get(), 1, file->size, f); if (bytes_read != static_cast(file->size)) { printf("short read of \"%s\" (%zu bytes of %zd)\n", filename, bytes_read, file->size); - free(file->data); - file->data = NULL; + fclose(f); return -1; } fclose(f); - + file->data = data.release(); SHA1(file->data, file->size, file->sha1); return 0; } @@ -185,7 +192,7 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { uint8_t parsed_sha[SHA_DIGEST_LENGTH]; // Allocate enough memory to hold the largest size. - file->data = reinterpret_cast(malloc(size[index[pairs-1]])); + file->data = static_cast(malloc(size[index[pairs-1]])); char* p = (char*)file->data; file->size = 0; // # bytes read so far bool found = false; @@ -313,7 +320,7 @@ int SaveFileContents(const char* filename, const FileContents* file) { // "MTD:[:...]" or "EMMC:[:...]". The target name // might contain multiple colons, but WriteToPartition() only uses the first // two and ignores the rest. Return 0 on success. -int WriteToPartition(unsigned char* data, size_t len, const char* target) { +int WriteToPartition(const unsigned char* data, size_t len, const char* target) { std::string copy(target); std::vector pieces = android::base::Split(copy, ":"); @@ -352,7 +359,7 @@ int WriteToPartition(unsigned char* data, size_t len, const char* target) { return -1; } - size_t written = mtd_write_data(ctx, reinterpret_cast(data), len); + size_t written = mtd_write_data(ctx, reinterpret_cast(data), len); if (written != len) { printf("only wrote %zu of %zu bytes to MTD %s\n", written, len, partition); mtd_write_close(ctx); @@ -578,7 +585,7 @@ int ShowLicenses() { } ssize_t FileSink(const unsigned char* data, ssize_t len, void* token) { - int fd = *reinterpret_cast(token); + int fd = *static_cast(token); ssize_t done = 0; ssize_t wrote; while (done < len) { @@ -592,19 +599,9 @@ ssize_t FileSink(const unsigned char* data, ssize_t len, void* token) { return done; } -typedef struct { - unsigned char* buffer; - ssize_t size; - ssize_t pos; -} MemorySinkInfo; - ssize_t MemorySink(const unsigned char* data, ssize_t len, void* token) { - MemorySinkInfo* msi = reinterpret_cast(token); - if (msi->size - msi->pos < len) { - return -1; - } - memcpy(msi->buffer + msi->pos, data, len); - msi->pos += len; + std::string* s = static_cast(token); + s->append(reinterpret_cast(data), len); return len; } @@ -815,31 +812,52 @@ static int GenerateTarget(FileContents* source_file, const Value* bonus_data) { int retry = 1; SHA_CTX ctx; - int output; - MemorySinkInfo msi; + std::string memory_sink_str; FileContents* source_to_use; - char* outname; int made_copy = 0; + bool target_is_partition = (strncmp(target_filename, "MTD:", 4) == 0 || + strncmp(target_filename, "EMMC:", 5) == 0); + const std::string tmp_target_filename = std::string(target_filename) + ".patch"; + // assume that target_filename (eg "/system/app/Foo.apk") is located // on the same filesystem as its top-level directory ("/system"). // We need something that exists for calling statfs(). - char target_fs[strlen(target_filename)+1]; - char* slash = strchr(target_filename+1, '/'); - if (slash != NULL) { - int count = slash - target_filename; - strncpy(target_fs, target_filename, count); - target_fs[count] = '\0'; + std::string target_fs = target_filename; + auto slash_pos = target_fs.find('/', 1); + if (slash_pos != std::string::npos) { + target_fs.resize(slash_pos); + } + + const Value* patch; + if (source_patch_value != NULL) { + source_to_use = source_file; + patch = source_patch_value; } else { - strcpy(target_fs, target_filename); + source_to_use = copy_file; + patch = copy_patch_value; + } + if (patch->type != VAL_BLOB) { + printf("patch is not a blob\n"); + return 1; + } + char* header = patch->data; + ssize_t header_bytes_read = patch->size; + bool use_bsdiff = false; + if (header_bytes_read >= 8 && memcmp(header, "BSDIFF40", 8) == 0) { + use_bsdiff = true; + } else if (header_bytes_read >= 8 && memcmp(header, "IMGDIFF2", 8) == 0) { + use_bsdiff = false; + } else { + printf("Unknown patch file format\n"); + return 1; } do { // Is there enough room in the target filesystem to hold the patched // file? - if (strncmp(target_filename, "MTD:", 4) == 0 || - strncmp(target_filename, "EMMC:", 5) == 0) { + if (target_is_partition) { // If the target is a partition, we're actually going to // write the output to /tmp and then copy it to the // partition. statfs() always returns 0 blocks free for @@ -861,7 +879,7 @@ static int GenerateTarget(FileContents* source_file, } else { int enough_space = 0; if (retry > 0) { - size_t free_space = FreeSpaceForFile(target_fs); + size_t free_space = FreeSpaceForFile(target_fs.c_str()); enough_space = (free_space > (256 << 10)) && // 256k (two-block) minimum (free_space > (target_size * 3 / 2)); // 50% margin of error @@ -901,84 +919,53 @@ static int GenerateTarget(FileContents* source_file, made_copy = 1; unlink(source_filename); - size_t free_space = FreeSpaceForFile(target_fs); + size_t free_space = FreeSpaceForFile(target_fs.c_str()); printf("(now %zu bytes free for target) ", free_space); } } - const Value* patch; - if (source_patch_value != NULL) { - source_to_use = source_file; - patch = source_patch_value; - } else { - source_to_use = copy_file; - patch = copy_patch_value; - } - - if (patch->type != VAL_BLOB) { - printf("patch is not a blob\n"); - return 1; - } SinkFn sink = NULL; void* token = NULL; - output = -1; - outname = NULL; - if (strncmp(target_filename, "MTD:", 4) == 0 || - strncmp(target_filename, "EMMC:", 5) == 0) { + int output_fd = -1; + if (target_is_partition) { // We store the decoded output in memory. - msi.buffer = reinterpret_cast(malloc(target_size)); - if (msi.buffer == NULL) { - printf("failed to alloc %zu bytes for output\n", target_size); - return 1; - } - msi.pos = 0; - msi.size = target_size; sink = MemorySink; - token = &msi; + token = &memory_sink_str; } else { // We write the decoded output to ".patch". - outname = reinterpret_cast(malloc(strlen(target_filename) + 10)); - strcpy(outname, target_filename); - strcat(outname, ".patch"); - - output = open(outname, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, S_IRUSR | S_IWUSR); - if (output < 0) { - printf("failed to open output file %s: %s\n", - outname, strerror(errno)); + output_fd = open(tmp_target_filename.c_str(), O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, + S_IRUSR | S_IWUSR); + if (output_fd < 0) { + printf("failed to open output file %s: %s\n", tmp_target_filename.c_str(), + strerror(errno)); return 1; } sink = FileSink; - token = &output; + token = &output_fd; } - char* header = patch->data; - ssize_t header_bytes_read = patch->size; SHA1_Init(&ctx); int result; - - if (header_bytes_read >= 8 && - memcmp(header, "BSDIFF40", 8) == 0) { + if (use_bsdiff) { result = ApplyBSDiffPatch(source_to_use->data, source_to_use->size, patch, 0, sink, token, &ctx); - } else if (header_bytes_read >= 8 && - memcmp(header, "IMGDIFF2", 8) == 0) { + } else { result = ApplyImagePatch(source_to_use->data, source_to_use->size, patch, sink, token, &ctx, bonus_data); - } else { - printf("Unknown patch file format\n"); - return 1; } - if (output >= 0) { - if (fsync(output) != 0) { - printf("failed to fsync file \"%s\" (%s)\n", outname, strerror(errno)); + if (!target_is_partition) { + if (fsync(output_fd) != 0) { + printf("failed to fsync file \"%s\" (%s)\n", tmp_target_filename.c_str(), + strerror(errno)); result = 1; } - if (close(output) != 0) { - printf("failed to close file \"%s\" (%s)\n", outname, strerror(errno)); + if (close(output_fd) != 0) { + printf("failed to close file \"%s\" (%s)\n", tmp_target_filename.c_str(), + strerror(errno)); result = 1; } } @@ -990,8 +977,8 @@ static int GenerateTarget(FileContents* source_file, } else { printf("applying patch failed; retrying\n"); } - if (outname != NULL) { - unlink(outname); + if (!target_is_partition) { + unlink(tmp_target_filename.c_str()); } } else { // succeeded; no need to retry @@ -1008,27 +995,27 @@ static int GenerateTarget(FileContents* source_file, printf("now %s\n", short_sha1(target_sha1).c_str()); } - if (output < 0) { + if (target_is_partition) { // Copy the temp file to the partition. - if (WriteToPartition(msi.buffer, msi.pos, target_filename) != 0) { + if (WriteToPartition(reinterpret_cast(memory_sink_str.c_str()), + memory_sink_str.size(), target_filename) != 0) { printf("write of patched data to %s failed\n", target_filename); return 1; } - free(msi.buffer); } else { // Give the .patch file the same owner, group, and mode of the // original source file. - if (chmod(outname, source_to_use->st.st_mode) != 0) { - printf("chmod of \"%s\" failed: %s\n", outname, strerror(errno)); + if (chmod(tmp_target_filename.c_str(), source_to_use->st.st_mode) != 0) { + printf("chmod of \"%s\" failed: %s\n", tmp_target_filename.c_str(), strerror(errno)); return 1; } - if (chown(outname, source_to_use->st.st_uid, source_to_use->st.st_gid) != 0) { - printf("chown of \"%s\" failed: %s\n", outname, strerror(errno)); + if (chown(tmp_target_filename.c_str(), source_to_use->st.st_uid, source_to_use->st.st_gid) != 0) { + printf("chown of \"%s\" failed: %s\n", tmp_target_filename.c_str(), strerror(errno)); return 1; } // Finally, rename the .patch file to replace the target file. - if (rename(outname, target_filename) != 0) { + if (rename(tmp_target_filename.c_str(), target_filename) != 0) { printf("rename of .patch to \"%s\" failed: %s\n", target_filename, strerror(errno)); return 1; } diff --git a/applypatch/applypatch.h b/applypatch/applypatch.h index e0df104b5..14fb490ba 100644 --- a/applypatch/applypatch.h +++ b/applypatch/applypatch.h @@ -18,6 +18,9 @@ #define _APPLYPATCH_H #include + +#include + #include "openssl/sha.h" #include "edify/expr.h" @@ -68,22 +71,22 @@ void FreeFileContents(FileContents* file); int FindMatchingPatch(uint8_t* sha1, char* const * const patch_sha1_str, int num_patches); -// bsdiff.c +// bsdiff.cpp void ShowBSDiffLicense(); int ApplyBSDiffPatch(const unsigned char* old_data, ssize_t old_size, const Value* patch, ssize_t patch_offset, SinkFn sink, void* token, SHA_CTX* ctx); int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size, const Value* patch, ssize_t patch_offset, - unsigned char** new_data, ssize_t* new_size); + std::vector* new_data); -// imgpatch.c +// imgpatch.cpp int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size, const Value* patch, SinkFn sink, void* token, SHA_CTX* ctx, const Value* bonus_data); -// freecache.c +// freecache.cpp int MakeFreeSpaceOnCache(size_t bytes_needed); #endif diff --git a/applypatch/bspatch.cpp b/applypatch/bspatch.cpp index 25171170a..ebb55f1d1 100644 --- a/applypatch/bspatch.cpp +++ b/applypatch/bspatch.cpp @@ -24,7 +24,6 @@ #include #include #include -#include #include #include @@ -103,26 +102,22 @@ int ApplyBSDiffPatch(const unsigned char* old_data, ssize_t old_size, const Value* patch, ssize_t patch_offset, SinkFn sink, void* token, SHA_CTX* ctx) { - unsigned char* new_data; - ssize_t new_size; - if (ApplyBSDiffPatchMem(old_data, old_size, patch, patch_offset, - &new_data, &new_size) != 0) { + std::vector new_data; + if (ApplyBSDiffPatchMem(old_data, old_size, patch, patch_offset, &new_data) != 0) { return -1; } - if (sink(new_data, new_size, token) < new_size) { + if (sink(new_data.data(), new_data.size(), token) < static_cast(new_data.size())) { printf("short write of output: %d (%s)\n", errno, strerror(errno)); return 1; } - if (ctx) SHA1_Update(ctx, new_data, new_size); - free(new_data); - + if (ctx) SHA1_Update(ctx, new_data.data(), new_data.size()); return 0; } int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size, const Value* patch, ssize_t patch_offset, - unsigned char** new_data, ssize_t* new_size) { + std::vector* new_data) { // Patch data format: // 0 8 "BSDIFF40" // 8 8 X @@ -141,12 +136,12 @@ int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size, return 1; } - ssize_t ctrl_len, data_len; + ssize_t ctrl_len, data_len, new_size; ctrl_len = offtin(header+8); data_len = offtin(header+16); - *new_size = offtin(header+24); + new_size = offtin(header+24); - if (ctrl_len < 0 || data_len < 0 || *new_size < 0) { + if (ctrl_len < 0 || data_len < 0 || new_size < 0) { printf("corrupt patch file header (data lengths)\n"); return 1; } @@ -183,18 +178,14 @@ int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size, printf("failed to bzinit extra stream (%d)\n", bzerr); } - *new_data = reinterpret_cast(malloc(*new_size)); - if (*new_data == NULL) { - printf("failed to allocate %zd bytes of memory for output file\n", *new_size); - return 1; - } + new_data->resize(new_size); off_t oldpos = 0, newpos = 0; off_t ctrl[3]; off_t len_read; int i; unsigned char buf[24]; - while (newpos < *new_size) { + while (newpos < new_size) { // Read control data if (FillBuffer(buf, 24, &cstream) != 0) { printf("error while reading control stream\n"); @@ -210,13 +201,13 @@ int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size, } // Sanity check - if (newpos + ctrl[0] > *new_size) { + if (newpos + ctrl[0] > new_size) { printf("corrupt patch (new file overrun)\n"); return 1; } // Read diff string - if (FillBuffer(*new_data + newpos, ctrl[0], &dstream) != 0) { + if (FillBuffer(new_data->data() + newpos, ctrl[0], &dstream) != 0) { printf("error while reading diff stream\n"); return 1; } @@ -233,13 +224,13 @@ int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size, oldpos += ctrl[0]; // Sanity check - if (newpos + ctrl[1] > *new_size) { + if (newpos + ctrl[1] > new_size) { printf("corrupt patch (new file overrun)\n"); return 1; } // Read extra string - if (FillBuffer(*new_data + newpos, ctrl[1], &estream) != 0) { + if (FillBuffer(new_data->data() + newpos, ctrl[1], &estream) != 0) { printf("error while reading extra stream\n"); return 1; } diff --git a/applypatch/freecache.cpp b/applypatch/freecache.cpp index 2eb2f55ef..c84f42797 100644 --- a/applypatch/freecache.cpp +++ b/applypatch/freecache.cpp @@ -25,119 +25,90 @@ #include #include +#include +#include +#include + +#include +#include + #include "applypatch.h" -static int EliminateOpenFiles(char** files, int file_count) { - DIR* d; - struct dirent* de; - d = opendir("/proc"); - if (d == NULL) { +static int EliminateOpenFiles(std::set* files) { + std::unique_ptr d(opendir("/proc"), closedir); + if (!d) { printf("error opening /proc: %s\n", strerror(errno)); return -1; } - while ((de = readdir(d)) != 0) { - int i; - for (i = 0; de->d_name[i] != '\0' && isdigit(de->d_name[i]); ++i); - if (de->d_name[i]) continue; - - // de->d_name[i] is numeric - - char path[FILENAME_MAX]; - strcpy(path, "/proc/"); - strcat(path, de->d_name); - strcat(path, "/fd/"); + struct dirent* de; + while ((de = readdir(d.get())) != 0) { + unsigned int pid; + if (!android::base::ParseUint(de->d_name, &pid)) { + continue; + } + std::string path = android::base::StringPrintf("/proc/%s/fd/", de->d_name); - DIR* fdd; struct dirent* fdde; - fdd = opendir(path); - if (fdd == NULL) { - printf("error opening %s: %s\n", path, strerror(errno)); + std::unique_ptr fdd(opendir(path.c_str()), closedir); + if (!fdd) { + printf("error opening %s: %s\n", path.c_str(), strerror(errno)); continue; } - while ((fdde = readdir(fdd)) != 0) { - char fd_path[FILENAME_MAX]; + while ((fdde = readdir(fdd.get())) != 0) { + std::string fd_path = path + fdde->d_name; char link[FILENAME_MAX]; - strcpy(fd_path, path); - strcat(fd_path, fdde->d_name); - int count; - count = readlink(fd_path, link, sizeof(link)-1); + int count = readlink(fd_path.c_str(), link, sizeof(link)-1); if (count >= 0) { link[count] = '\0'; - - // This is inefficient, but it should only matter if there are - // lots of files in /cache, and lots of them are open (neither - // of which should be true, especially in recovery). if (strncmp(link, "/cache/", 7) == 0) { - int j; - for (j = 0; j < file_count; ++j) { - if (files[j] && strcmp(files[j], link) == 0) { - printf("%s is open by %s\n", link, de->d_name); - free(files[j]); - files[j] = NULL; - } + if (files->erase(link) > 0) { + printf("%s is open by %s\n", link, de->d_name); } } } } - closedir(fdd); } - closedir(d); - return 0; } -int FindExpendableFiles(char*** names, int* entries) { - DIR* d; - struct dirent* de; - int size = 32; - *entries = 0; - *names = reinterpret_cast(malloc(size * sizeof(char*))); - - char path[FILENAME_MAX]; - +static std::set FindExpendableFiles() { + std::set files; // We're allowed to delete unopened regular files in any of these // directories. const char* dirs[2] = {"/cache", "/cache/recovery/otatest"}; for (size_t i = 0; i < sizeof(dirs)/sizeof(dirs[0]); ++i) { - d = opendir(dirs[i]); - if (d == NULL) { + std::unique_ptr d(opendir(dirs[i]), closedir); + if (!d) { printf("error opening %s: %s\n", dirs[i], strerror(errno)); continue; } // Look for regular files in the directory (not in any subdirectories). - while ((de = readdir(d)) != 0) { - strcpy(path, dirs[i]); - strcat(path, "/"); - strcat(path, de->d_name); + struct dirent* de; + while ((de = readdir(d.get())) != 0) { + std::string path = std::string(dirs[i]) + "/" + de->d_name; // We can't delete CACHE_TEMP_SOURCE; if it's there we might have // restarted during installation and could be depending on it to // be there. - if (strcmp(path, CACHE_TEMP_SOURCE) == 0) continue; + if (path == CACHE_TEMP_SOURCE) { + continue; + } struct stat st; - if (stat(path, &st) == 0 && S_ISREG(st.st_mode)) { - if (*entries >= size) { - size *= 2; - *names = reinterpret_cast(realloc(*names, size * sizeof(char*))); - } - (*names)[(*entries)++] = strdup(path); + if (stat(path.c_str(), &st) == 0 && S_ISREG(st.st_mode)) { + files.insert(path); } } - - closedir(d); } - printf("%d regular files in deletable directories\n", *entries); - - if (EliminateOpenFiles(*names, *entries) < 0) { - return -1; + printf("%zu regular files in deletable directories\n", files.size()); + if (EliminateOpenFiles(&files) < 0) { + return std::set(); } - - return 0; + return files; } int MakeFreeSpaceOnCache(size_t bytes_needed) { @@ -147,15 +118,8 @@ int MakeFreeSpaceOnCache(size_t bytes_needed) { if (free_now >= bytes_needed) { return 0; } - - char** names; - int entries; - - if (FindExpendableFiles(&names, &entries) < 0) { - return -1; - } - - if (entries == 0) { + std::set files = FindExpendableFiles(); + if (files.empty()) { // nothing we can delete to free up space! printf("no files can be deleted to free space on /cache\n"); return -1; @@ -167,20 +131,13 @@ int MakeFreeSpaceOnCache(size_t bytes_needed) { // // Instead, we'll be dumb. - int i; - for (i = 0; i < entries && free_now < bytes_needed; ++i) { - if (names[i]) { - unlink(names[i]); - free_now = FreeSpaceForFile("/cache"); - printf("deleted %s; now %zu bytes free\n", names[i], free_now); - free(names[i]); + for (const auto& file : files) { + unlink(file.c_str()); + free_now = FreeSpaceForFile("/cache"); + printf("deleted %s; now %zu bytes free\n", file.c_str(), free_now); + if (free_now < bytes_needed) { + break; } } - - for (; i < entries; ++i) { - free(names[i]); - } - free(names); - return (free_now >= bytes_needed) ? 0 : -1; } diff --git a/applypatch/imgpatch.cpp b/applypatch/imgpatch.cpp index c9944dfc1..8824038ea 100644 --- a/applypatch/imgpatch.cpp +++ b/applypatch/imgpatch.cpp @@ -21,10 +21,11 @@ #include #include #include -#include #include #include +#include + #include "zlib.h" #include "openssl/sha.h" #include "applypatch.h" @@ -129,7 +130,6 @@ int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size, size_t src_len = Read8(deflate_header+8); size_t patch_offset = Read8(deflate_header+16); size_t expanded_len = Read8(deflate_header+24); - size_t target_len = Read8(deflate_header+32); int level = Read4(deflate_header+40); int method = Read4(deflate_header+44); int windowBits = Read4(deflate_header+48); @@ -150,13 +150,7 @@ int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size, // must be appended from the bonus_data value. size_t bonus_size = (i == 1 && bonus_data != NULL) ? bonus_data->size : 0; - unsigned char* expanded_source = reinterpret_cast(malloc(expanded_len)); - if (expanded_source == NULL) { - printf("failed to allocate %zu bytes for expanded_source\n", - expanded_len); - return -1; - } - + std::vector expanded_source(expanded_len); z_stream strm; strm.zalloc = Z_NULL; strm.zfree = Z_NULL; @@ -164,7 +158,7 @@ int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size, strm.avail_in = src_len; strm.next_in = (unsigned char*)(old_data + src_start); strm.avail_out = expanded_len; - strm.next_out = expanded_source; + strm.next_out = expanded_source.data(); int ret; ret = inflateInit2(&strm, -15); @@ -189,18 +183,16 @@ int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size, inflateEnd(&strm); if (bonus_size) { - memcpy(expanded_source + (expanded_len - bonus_size), + memcpy(expanded_source.data() + (expanded_len - bonus_size), bonus_data->data, bonus_size); } // Next, apply the bsdiff patch (in memory) to the uncompressed // data. - unsigned char* uncompressed_target_data; - ssize_t uncompressed_target_size; - if (ApplyBSDiffPatchMem(expanded_source, expanded_len, + std::vector uncompressed_target_data; + if (ApplyBSDiffPatchMem(expanded_source.data(), expanded_len, patch, patch_offset, - &uncompressed_target_data, - &uncompressed_target_size) != 0) { + &uncompressed_target_data) != 0) { return -1; } @@ -208,40 +200,36 @@ int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size, // we're done with the expanded_source data buffer, so we'll // reuse that memory to receive the output of deflate. - unsigned char* temp_data = expanded_source; - ssize_t temp_size = expanded_len; - if (temp_size < 32768) { - // ... unless the buffer is too small, in which case we'll - // allocate a fresh one. - free(temp_data); - temp_data = reinterpret_cast(malloc(32768)); - temp_size = 32768; + if (expanded_source.size() < 32768U) { + expanded_source.resize(32768U); } + std::vector& temp_data = expanded_source; // now the deflate stream strm.zalloc = Z_NULL; strm.zfree = Z_NULL; strm.opaque = Z_NULL; - strm.avail_in = uncompressed_target_size; - strm.next_in = uncompressed_target_data; + strm.avail_in = uncompressed_target_data.size(); + strm.next_in = uncompressed_target_data.data(); ret = deflateInit2(&strm, level, method, windowBits, memLevel, strategy); + if (ret != Z_OK) { + printf("failed to init uncompressed data deflation: %d\n", ret); + return -1; + } do { - strm.avail_out = temp_size; - strm.next_out = temp_data; + strm.avail_out = temp_data.size(); + strm.next_out = temp_data.data(); ret = deflate(&strm, Z_FINISH); - ssize_t have = temp_size - strm.avail_out; + ssize_t have = temp_data.size() - strm.avail_out; - if (sink(temp_data, have, token) != have) { + if (sink(temp_data.data(), have, token) != have) { printf("failed to write %ld compressed bytes to output\n", (long)have); return -1; } - if (ctx) SHA1_Update(ctx, temp_data, have); + if (ctx) SHA1_Update(ctx, temp_data.data(), have); } while (ret != Z_STREAM_END); deflateEnd(&strm); - - free(temp_data); - free(uncompressed_target_data); } else { printf("patch chunk %d is unknown type %d\n", i, type); return -1; diff --git a/applypatch/main.cpp b/applypatch/main.cpp index 445a7fee7..7606d5d3c 100644 --- a/applypatch/main.cpp +++ b/applypatch/main.cpp @@ -19,6 +19,9 @@ #include #include +#include +#include + #include "applypatch.h" #include "edify/expr.h" #include "openssl/sha.h" @@ -47,16 +50,11 @@ static int SpaceMode(int argc, char** argv) { // ":" into the new parallel arrays *sha1s and // *patches (loading file contents into the patches). Returns true on // success. -static bool ParsePatchArgs(int argc, char** argv, char*** sha1s, - Value*** patches, int* num_patches) { - *num_patches = argc; - *sha1s = reinterpret_cast(malloc(*num_patches * sizeof(char*))); - *patches = reinterpret_cast(malloc(*num_patches * sizeof(Value*))); - memset(*patches, 0, *num_patches * sizeof(Value*)); - +static bool ParsePatchArgs(int argc, char** argv, std::vector* sha1s, + std::vector>* patches) { uint8_t digest[SHA_DIGEST_LENGTH]; - for (int i = 0; i < *num_patches; ++i) { + for (int i = 0; i < argc; ++i) { char* colon = strchr(argv[i], ':'); if (colon != NULL) { *colon = '\0'; @@ -68,34 +66,22 @@ static bool ParsePatchArgs(int argc, char** argv, char*** sha1s, return false; } - (*sha1s)[i] = argv[i]; + sha1s->push_back(argv[i]); if (colon == NULL) { - (*patches)[i] = NULL; + patches->emplace_back(nullptr, FreeValue); } else { FileContents fc; if (LoadFileContents(colon, &fc) != 0) { - goto abort; + return false; } - (*patches)[i] = reinterpret_cast(malloc(sizeof(Value))); - (*patches)[i]->type = VAL_BLOB; - (*patches)[i]->size = fc.size; - (*patches)[i]->data = reinterpret_cast(fc.data); + std::unique_ptr value(new Value, FreeValue); + value->type = VAL_BLOB; + value->size = fc.size; + value->data = reinterpret_cast(fc.data); + patches->push_back(std::move(value)); } } - return true; - - abort: - for (int i = 0; i < *num_patches; ++i) { - Value* p = (*patches)[i]; - if (p != NULL) { - free(p->data); - free(p); - } - } - free(*sha1s); - free(*patches); - return false; } static int FlashMode(const char* src_filename, const char* tgt_filename, @@ -104,17 +90,17 @@ static int FlashMode(const char* src_filename, const char* tgt_filename, } static int PatchMode(int argc, char** argv) { - Value* bonus = NULL; + std::unique_ptr bonus(nullptr, FreeValue); if (argc >= 3 && strcmp(argv[1], "-b") == 0) { FileContents fc; if (LoadFileContents(argv[2], &fc) != 0) { printf("failed to load bonus file %s\n", argv[2]); return 1; } - bonus = reinterpret_cast(malloc(sizeof(Value))); + bonus.reset(new Value); bonus->type = VAL_BLOB; bonus->size = fc.size; - bonus->data = (char*)fc.data; + bonus->data = reinterpret_cast(fc.data); argc -= 2; argv += 2; } @@ -140,33 +126,20 @@ static int PatchMode(int argc, char** argv) { } - char** sha1s; - Value** patches; - int num_patches; - if (!ParsePatchArgs(argc-5, argv+5, &sha1s, &patches, &num_patches)) { + std::vector sha1s; + std::vector> patches; + if (!ParsePatchArgs(argc-5, argv+5, &sha1s, &patches)) { printf("failed to parse patch args\n"); return 1; } - int result = applypatch(argv[1], argv[2], argv[3], target_size, - num_patches, sha1s, patches, bonus); - - int i; - for (i = 0; i < num_patches; ++i) { - Value* p = patches[i]; - if (p != NULL) { - free(p->data); - free(p); - } - } - if (bonus) { - free(bonus->data); - free(bonus); + std::vector patch_ptrs; + for (const auto& p : patches) { + patch_ptrs.push_back(p.get()); } - free(sha1s); - free(patches); - - return result; + return applypatch(argv[1], argv[2], argv[3], target_size, + patch_ptrs.size(), sha1s.data(), + patch_ptrs.data(), bonus.get()); } // This program applies binary patches to files in a way that is safe -- cgit v1.2.3 From 8559bbfb3b988b1b8790702d277715fc429cc1d8 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 18 Feb 2016 17:09:10 -0800 Subject: DO NOT MERGE ANYWHERE Use synchronous writes when setting up BCB. Commit [1] made similar changes into AOSP code, but it requires multiple CLs to cherry-pick into cw-e branch. So we make a separate CL to fix the issue. [1] commit bd82b27341336f0b375c3bc2a7bf48b2ccc20c1f Bug: 27247370 Change-Id: Id5c08a6a29284353f891cdbaa224feee891f3807 --- bootloader.cpp | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/bootloader.cpp b/bootloader.cpp index 600d238f5..1c2097983 100644 --- a/bootloader.cpp +++ b/bootloader.cpp @@ -21,9 +21,12 @@ #include "roots.h" #include +#include +#include #include #include #include +#include #include static int get_bootloader_message_mtd(struct bootloader_message *out, const Volume* v); @@ -185,18 +188,30 @@ static int get_bootloader_message_block(struct bootloader_message *out, static int set_bootloader_message_block(const struct bootloader_message *in, const Volume* v) { wait_for_device(v->blk_device); - FILE* f = fopen(v->blk_device, "wb"); - if (f == NULL) { + int fd = open(v->blk_device, O_WRONLY | O_SYNC); + if (fd == -1) { LOGE("Can't open %s\n(%s)\n", v->blk_device, strerror(errno)); return -1; } - int count = fwrite(in, sizeof(*in), 1, f); - if (count != 1) { - LOGE("Failed writing %s\n(%s)\n", v->blk_device, strerror(errno)); + size_t written = 0; + const uint8_t* start = reinterpret_cast(in); + size_t total = sizeof(*in); + while (written < total) { + ssize_t wrote = TEMP_FAILURE_RETRY(write(fd, start + written, total - written)); + if (wrote == -1) { + LOGE("failed to write %" PRId64 " bytes: %s\n", + static_cast(written), strerror(errno)); + return -1; + } + written += wrote; + } + + if (fsync(fd) == -1) { + LOGE("failed to fsync \"%s\": %s\n", v->blk_device, strerror(errno)); return -1; } - if (fclose(f) != 0) { - LOGE("Failed closing %s\n(%s)\n", v->blk_device, strerror(errno)); + if (close(fd) == -1) { + LOGE("failed to close %s: %s\n", v->blk_device, strerror(errno)); return -1; } return 0; -- cgit v1.2.3 From e1305768f69ed8a3cf810f1204a3a2c519747716 Mon Sep 17 00:00:00 2001 From: Jed Estep Date: Mon, 22 Feb 2016 10:59:37 -0800 Subject: Fix verifier test base testdata directory after merge conflict Change-Id: I7ffba0be5a6befc875ce59b51a008c1892e7d34b --- tests/component/verifier_test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp index 7f7b1b448..c54aa111f 100644 --- a/tests/component/verifier_test.cpp +++ b/tests/component/verifier_test.cpp @@ -42,7 +42,7 @@ #endif static const char* DATA_PATH = getenv("ANDROID_DATA"); -static const char* TESTDATA_PATH = "/recovery_component_test/testdata/"; +static const char* TESTDATA_PATH = "/recovery/testdata/"; // This is build/target/product/security/testkey.x509.pem after being // dumped out by dumpkey.jar. -- cgit v1.2.3 From 4f2df162c6ab4a71ca86e4b38735b681729c353b Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Thu, 18 Feb 2016 11:32:10 -0800 Subject: Fix integer overflows in recovery procedure. Bug: 26960931 Change-Id: Ieae45caccfb4728fcf514f0d920976585d8e6caf (cherry picked from commit a029c9a45888141a2fa382e0b1868e55db1f36d2) --- minzip/SysUtil.c | 69 ++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 54 insertions(+), 15 deletions(-) diff --git a/minzip/SysUtil.c b/minzip/SysUtil.c index b160c9e3d..b1fb4556d 100644 --- a/minzip/SysUtil.c +++ b/minzip/SysUtil.c @@ -3,6 +3,8 @@ * * System utilities. */ +#include +#include #include #include #include @@ -79,6 +81,11 @@ static int sysMapFD(int fd, MemMapping* pMap) pMap->length = length; pMap->range_count = 1; pMap->ranges = malloc(sizeof(MappedRange)); + if (pMap->ranges == NULL) { + LOGE("malloc failed: %s\n", strerror(errno)); + munmap(memPtr, length); + return -1; + } pMap->ranges[0].addr = memPtr; pMap->ranges[0].length = length; @@ -90,7 +97,7 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) char block_dev[PATH_MAX+1]; size_t size; unsigned int blksize; - unsigned int blocks; + size_t blocks; unsigned int range_count; unsigned int i; @@ -109,49 +116,80 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) LOGW("failed to parse block map header\n"); return -1; } - - blocks = ((size-1) / blksize) + 1; + if (blksize != 0) { + blocks = ((size-1) / blksize) + 1; + } + if (size == 0 || blksize == 0 || blocks > SIZE_MAX / blksize || range_count == 0) { + LOGE("invalid data in block map file: size %zu, blksize %u, range_count %u\n", + size, blksize, range_count); + return -1; + } pMap->range_count = range_count; - pMap->ranges = malloc(range_count * sizeof(MappedRange)); - memset(pMap->ranges, 0, range_count * sizeof(MappedRange)); + pMap->ranges = calloc(range_count, sizeof(MappedRange)); + if (pMap->ranges == NULL) { + LOGE("calloc(%u, %zu) failed: %s\n", range_count, sizeof(MappedRange), strerror(errno)); + return -1; + } // Reserve enough contiguous address space for the whole file. unsigned char* reserve; reserve = mmap64(NULL, blocks * blksize, PROT_NONE, MAP_PRIVATE | MAP_ANON, -1, 0); if (reserve == MAP_FAILED) { LOGW("failed to reserve address space: %s\n", strerror(errno)); + free(pMap->ranges); return -1; } - pMap->ranges[range_count-1].addr = reserve; - pMap->ranges[range_count-1].length = blocks * blksize; - int fd = open(block_dev, O_RDONLY); if (fd < 0) { LOGW("failed to open block device %s: %s\n", block_dev, strerror(errno)); + munmap(reserve, blocks * blksize); + free(pMap->ranges); return -1; } unsigned char* next = reserve; + size_t remaining_size = blocks * blksize; + bool success = true; for (i = 0; i < range_count; ++i) { - int start, end; - if (fscanf(mapf, "%d %d\n", &start, &end) != 2) { + size_t start, end; + if (fscanf(mapf, "%zu %zu\n", &start, &end) != 2) { LOGW("failed to parse range %d in block map\n", i); - return -1; + success = false; + break; + } + size_t length = (end - start) * blksize; + if (end <= start || (end - start) > SIZE_MAX / blksize || length > remaining_size) { + LOGE("unexpected range in block map: %zu %zu\n", start, end); + success = false; + break; } - void* addr = mmap64(next, (end-start)*blksize, PROT_READ, MAP_PRIVATE | MAP_FIXED, fd, ((off64_t)start)*blksize); + void* addr = mmap64(next, length, PROT_READ, MAP_PRIVATE | MAP_FIXED, fd, ((off64_t)start)*blksize); if (addr == MAP_FAILED) { LOGW("failed to map block %d: %s\n", i, strerror(errno)); - return -1; + success = false; + break; } pMap->ranges[i].addr = addr; - pMap->ranges[i].length = (end-start)*blksize; + pMap->ranges[i].length = length; - next += pMap->ranges[i].length; + next += length; + remaining_size -= length; + } + if (success && remaining_size != 0) { + LOGE("ranges in block map are invalid: remaining_size = %zu\n", remaining_size); + success = false; + } + if (!success) { + close(fd); + munmap(reserve, blocks * blksize); + free(pMap->ranges); + return -1; } + close(fd); pMap->addr = reserve; pMap->length = size; @@ -174,6 +212,7 @@ int sysMapFile(const char* fn, MemMapping* pMap) if (sysMapBlockFile(mapf, pMap) != 0) { LOGW("Map of '%s' failed\n", fn); + fclose(mapf); return -1; } -- cgit v1.2.3 From cd324766ab2a73af4106f65cd53dc0a91de5e2e9 Mon Sep 17 00:00:00 2001 From: Josh Gao Date: Fri, 12 Feb 2016 15:00:52 -0800 Subject: minadbd: update for adb_thread_create signature change. Change-Id: Ifa0b4d8c1cf0bb39abac61984ff165e82e41222c (cherry picked from commit cc07b3556510d03e389a8994a8e5dbed3f3bbbb4) --- minadbd/services.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/minadbd/services.cpp b/minadbd/services.cpp index d25648fb4..658a43f36 100644 --- a/minadbd/services.cpp +++ b/minadbd/services.cpp @@ -35,11 +35,10 @@ struct stinfo { void *cookie; }; -void* service_bootstrap_func(void* x) { +void service_bootstrap_func(void* x) { stinfo* sti = reinterpret_cast(x); sti->func(sti->fd, sti->cookie); free(sti); - return 0; } static void sideload_host_service(int sfd, void* data) { -- cgit v1.2.3 From 5b3b373a4938b8359bb55c62057fc5771e689add Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Mon, 22 Feb 2016 17:33:14 -0800 Subject: uncrypt: Retire pre-recovery service. The framework CL in [1] removes the use of "pre-recovery" service which is basically to trigger a reboot into the recovery. [1] commit e8a403d57c8ea540f8287cdaee8b90f0cf9626a3 Bug: 26830925 Change-Id: I131f31a228df59e4f9c3024b238bbdee0be2b157 --- uncrypt/uncrypt.cpp | 14 +------------- uncrypt/uncrypt.rc | 7 +------ 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 705744eb6..2a32108a3 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -406,15 +406,6 @@ static int write_bootloader_message(const bootloader_message* in) { return 0; } -static void reboot_to_recovery() { - ALOGI("rebooting to recovery"); - property_set("sys.powerctl", "reboot,recovery"); - while (true) { - pause(); - } - ALOGE("reboot didn't succeed?"); -} - static int uncrypt(const char* input_path, const char* map_file, int status_fd) { ALOGI("update package is \"%s\"", input_path); @@ -543,7 +534,6 @@ static int read_bcb() { static void usage(const char* exename) { fprintf(stderr, "Usage of %s:\n", exename); fprintf(stderr, "%s [ ] Uncrypt ota package.\n", exename); - fprintf(stderr, "%s --reboot Clear BCB data and reboot to recovery.\n", exename); fprintf(stderr, "%s --clear-bcb Clear BCB data in misc partition.\n", exename); fprintf(stderr, "%s --setup-bcb Setup BCB data by command file.\n", exename); fprintf(stderr, "%s --read-bcb Read BCB data from misc partition.\n", exename); @@ -551,9 +541,7 @@ static void usage(const char* exename) { int main(int argc, char** argv) { if (argc == 2) { - if (strcmp(argv[1], "--reboot") == 0) { - reboot_to_recovery(); - } else if (strcmp(argv[1], "--clear-bcb") == 0) { + if (strcmp(argv[1], "--clear-bcb") == 0) { return clear_bcb(STATUS_FILE); } else if (strcmp(argv[1], "--setup-bcb") == 0) { return setup_bcb(COMMAND_FILE, STATUS_FILE); diff --git a/uncrypt/uncrypt.rc b/uncrypt/uncrypt.rc index b07c1dada..d5d803b9f 100644 --- a/uncrypt/uncrypt.rc +++ b/uncrypt/uncrypt.rc @@ -3,11 +3,6 @@ service uncrypt /system/bin/uncrypt disabled oneshot -service pre-recovery /system/bin/uncrypt --reboot - class main - disabled - oneshot - service setup-bcb /system/bin/uncrypt --setup-bcb class main disabled @@ -16,4 +11,4 @@ service setup-bcb /system/bin/uncrypt --setup-bcb service clear-bcb /system/bin/uncrypt --clear-bcb class main disabled - oneshot \ No newline at end of file + oneshot -- cgit v1.2.3 From 1273956e69a7d1d5b636f269050b446e0ced3f9b Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Thu, 18 Feb 2016 11:32:10 -0800 Subject: Fix integer overflows in recovery procedure. Bug: 26960931 Change-Id: Ieae45caccfb4728fcf514f0d920976585d8e6caf (cherry picked from commit 4f2df162c6ab4a71ca86e4b38735b681729c353b) --- minzip/SysUtil.c | 69 ++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 54 insertions(+), 15 deletions(-) diff --git a/minzip/SysUtil.c b/minzip/SysUtil.c index ac6f5c33f..860159100 100644 --- a/minzip/SysUtil.c +++ b/minzip/SysUtil.c @@ -3,6 +3,8 @@ * * System utilities. */ +#include +#include #include #include #include @@ -77,6 +79,11 @@ static int sysMapFD(int fd, MemMapping* pMap) pMap->length = length; pMap->range_count = 1; pMap->ranges = malloc(sizeof(MappedRange)); + if (pMap->ranges == NULL) { + LOGE("malloc failed: %s\n", strerror(errno)); + munmap(memPtr, length); + return -1; + } pMap->ranges[0].addr = memPtr; pMap->ranges[0].length = length; @@ -88,7 +95,7 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) char block_dev[PATH_MAX+1]; size_t size; unsigned int blksize; - unsigned int blocks; + size_t blocks; unsigned int range_count; unsigned int i; @@ -107,49 +114,80 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) LOGW("failed to parse block map header\n"); return -1; } - - blocks = ((size-1) / blksize) + 1; + if (blksize != 0) { + blocks = ((size-1) / blksize) + 1; + } + if (size == 0 || blksize == 0 || blocks > SIZE_MAX / blksize || range_count == 0) { + LOGE("invalid data in block map file: size %zu, blksize %u, range_count %u\n", + size, blksize, range_count); + return -1; + } pMap->range_count = range_count; - pMap->ranges = malloc(range_count * sizeof(MappedRange)); - memset(pMap->ranges, 0, range_count * sizeof(MappedRange)); + pMap->ranges = calloc(range_count, sizeof(MappedRange)); + if (pMap->ranges == NULL) { + LOGE("calloc(%u, %zu) failed: %s\n", range_count, sizeof(MappedRange), strerror(errno)); + return -1; + } // Reserve enough contiguous address space for the whole file. unsigned char* reserve; reserve = mmap64(NULL, blocks * blksize, PROT_NONE, MAP_PRIVATE | MAP_ANON, -1, 0); if (reserve == MAP_FAILED) { LOGW("failed to reserve address space: %s\n", strerror(errno)); + free(pMap->ranges); return -1; } - pMap->ranges[range_count-1].addr = reserve; - pMap->ranges[range_count-1].length = blocks * blksize; - int fd = open(block_dev, O_RDONLY); if (fd < 0) { LOGW("failed to open block device %s: %s\n", block_dev, strerror(errno)); + munmap(reserve, blocks * blksize); + free(pMap->ranges); return -1; } unsigned char* next = reserve; + size_t remaining_size = blocks * blksize; + bool success = true; for (i = 0; i < range_count; ++i) { - int start, end; - if (fscanf(mapf, "%d %d\n", &start, &end) != 2) { + size_t start, end; + if (fscanf(mapf, "%zu %zu\n", &start, &end) != 2) { LOGW("failed to parse range %d in block map\n", i); - return -1; + success = false; + break; + } + size_t length = (end - start) * blksize; + if (end <= start || (end - start) > SIZE_MAX / blksize || length > remaining_size) { + LOGE("unexpected range in block map: %zu %zu\n", start, end); + success = false; + break; } - void* addr = mmap64(next, (end-start)*blksize, PROT_READ, MAP_PRIVATE | MAP_FIXED, fd, ((off64_t)start)*blksize); + void* addr = mmap64(next, length, PROT_READ, MAP_PRIVATE | MAP_FIXED, fd, ((off64_t)start)*blksize); if (addr == MAP_FAILED) { LOGW("failed to map block %d: %s\n", i, strerror(errno)); - return -1; + success = false; + break; } pMap->ranges[i].addr = addr; - pMap->ranges[i].length = (end-start)*blksize; + pMap->ranges[i].length = length; - next += pMap->ranges[i].length; + next += length; + remaining_size -= length; + } + if (success && remaining_size != 0) { + LOGE("ranges in block map are invalid: remaining_size = %zu\n", remaining_size); + success = false; + } + if (!success) { + close(fd); + munmap(reserve, blocks * blksize); + free(pMap->ranges); + return -1; } + close(fd); pMap->addr = reserve; pMap->length = size; @@ -172,6 +210,7 @@ int sysMapFile(const char* fn, MemMapping* pMap) if (sysMapBlockFile(mapf, pMap) != 0) { LOGW("Map of '%s' failed\n", fn); + fclose(mapf); return -1; } -- cgit v1.2.3 From 99281df8e2eb6a302ccbcfd790a6889392541264 Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Wed, 17 Feb 2016 12:21:52 -0800 Subject: recovery: check battery level before installing package. Bug: 26879394 Change-Id: I63dce5bc50c2e104129f1bcab7d3cad5682bf45d (cherry picked from commit 53e7a0628f4acc95481f556ba51800df4a1de37d) --- Android.mk | 4 +++ install.h | 2 +- recovery.cpp | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++--------- 3 files changed, 89 insertions(+), 16 deletions(-) diff --git a/Android.mk b/Android.mk index 4da34eef5..4477fefe3 100644 --- a/Android.mk +++ b/Android.mk @@ -64,6 +64,7 @@ LOCAL_C_INCLUDES += \ system/core/adb \ LOCAL_STATIC_LIBRARIES := \ + libbatterymonitor \ libext4_utils_static \ libsparse_static \ libminzip \ @@ -77,11 +78,14 @@ LOCAL_STATIC_LIBRARIES := \ libfs_mgr \ libbase \ libcutils \ + libutils \ liblog \ libselinux \ libm \ libc +LOCAL_HAL_STATIC_LIBRARIES := libhealthd + ifeq ($(TARGET_USERIMAGES_USE_EXT4), true) LOCAL_CFLAGS += -DUSE_EXT4 LOCAL_C_INCLUDES += system/extras/ext4_utils diff --git a/install.h b/install.h index 680499db3..f92f061df 100644 --- a/install.h +++ b/install.h @@ -23,7 +23,7 @@ extern "C" { #endif -enum { INSTALL_SUCCESS, INSTALL_ERROR, INSTALL_CORRUPT, INSTALL_NONE }; +enum { INSTALL_SUCCESS, INSTALL_ERROR, INSTALL_CORRUPT, INSTALL_NONE, INSTALL_SKIPPED }; // Install the package specified by root_path. If INSTALL_SUCCESS is // returned and *wipe_cache is true on exit, caller should wipe the // cache partition. diff --git a/recovery.cpp b/recovery.cpp index ee2fb43fc..593d0945f 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -40,6 +40,8 @@ #include #include +#include + #include "adb_install.h" #include "bootloader.h" #include "common.h" @@ -87,6 +89,12 @@ static const char *TEMPORARY_INSTALL_FILE = "/tmp/last_install"; static const char *LAST_KMSG_FILE = "/cache/recovery/last_kmsg"; static const char *LAST_LOG_FILE = "/cache/recovery/last_log"; static const int KEEP_LOG_COUNT = 10; +static const int BATTERY_READ_TIMEOUT_IN_SEC = 10; +// GmsCore enters recovery mode to install package when having enough battery +// percentage. Normally, the threshold is 40% without charger and 20% with charger. +// So we should check battery with a slightly lower limitation. +static const int BATTERY_OK_PERCENTAGE = 20; +static const int BATTERY_WITH_CHARGER_OK_PERCENTAGE = 15; RecoveryUI* ui = NULL; char* locale = NULL; @@ -1080,8 +1088,61 @@ ui_print(const char* format, ...) { } } -int -main(int argc, char **argv) { +static bool is_battery_ok() { + struct healthd_config healthd_config = { + .batteryStatusPath = android::String8(android::String8::kEmptyString), + .batteryHealthPath = android::String8(android::String8::kEmptyString), + .batteryPresentPath = android::String8(android::String8::kEmptyString), + .batteryCapacityPath = android::String8(android::String8::kEmptyString), + .batteryVoltagePath = android::String8(android::String8::kEmptyString), + .batteryTemperaturePath = android::String8(android::String8::kEmptyString), + .batteryTechnologyPath = android::String8(android::String8::kEmptyString), + .batteryCurrentNowPath = android::String8(android::String8::kEmptyString), + .batteryCurrentAvgPath = android::String8(android::String8::kEmptyString), + .batteryChargeCounterPath = android::String8(android::String8::kEmptyString), + .batteryFullChargePath = android::String8(android::String8::kEmptyString), + .batteryCycleCountPath = android::String8(android::String8::kEmptyString), + .energyCounter = NULL, + .boot_min_cap = 0, + .screen_on = NULL + }; + healthd_board_init(&healthd_config); + + android::BatteryMonitor monitor; + monitor.init(&healthd_config); + + int wait_second = 0; + while (true) { + int charge_status = monitor.getChargeStatus(); + // Treat unknown status as charged. + bool charged = (charge_status != android::BATTERY_STATUS_DISCHARGING && + charge_status != android::BATTERY_STATUS_NOT_CHARGING); + android::BatteryProperty capacity; + android::status_t status = monitor.getProperty(android::BATTERY_PROP_CAPACITY, &capacity); + ui_print("charge_status %d, charged %d, status %d, capacity %lld\n", charge_status, + charged, status, capacity.valueInt64); + // At startup, the battery drivers in devices like N5X/N6P take some time to load + // the battery profile. Before the load finishes, it reports value 50 as a fake + // capacity. BATTERY_READ_TIMEOUT_IN_SEC is set that the battery drivers are expected + // to finish loading the battery profile earlier than 10 seconds after kernel startup. + if (status == 0 && capacity.valueInt64 == 50) { + if (wait_second < BATTERY_READ_TIMEOUT_IN_SEC) { + sleep(1); + wait_second++; + continue; + } + } + // If we can't read battery percentage, it may be a device without battery. In this + // situation, use 100 as a fake battery percentage. + if (status != 0) { + capacity.valueInt64 = 100; + } + return (charged && capacity.valueInt64 >= BATTERY_WITH_CHARGER_OK_PERCENTAGE) || + (!charged && capacity.valueInt64 >= BATTERY_OK_PERCENTAGE); + } +} + +int main(int argc, char **argv) { // If this binary is started with the single argument "--adbd", // instead of being the normal recovery binary, it turns into kind // of a stripped-down version of adbd that only supports the @@ -1211,18 +1272,25 @@ main(int argc, char **argv) { int status = INSTALL_SUCCESS; if (update_package != NULL) { - status = install_package(update_package, &should_wipe_cache, TEMPORARY_INSTALL_FILE, true); - if (status == INSTALL_SUCCESS && should_wipe_cache) { - wipe_cache(false, device); - } - if (status != INSTALL_SUCCESS) { - ui->Print("Installation aborted.\n"); - - // If this is an eng or userdebug build, then automatically - // turn the text display on if the script fails so the error - // message is visible. - if (is_ro_debuggable()) { - ui->ShowText(true); + if (!is_battery_ok()) { + ui->Print("battery capacity is not enough for installing package, needed is %d%%\n", + BATTERY_OK_PERCENTAGE); + status = INSTALL_SKIPPED; + } else { + status = install_package(update_package, &should_wipe_cache, + TEMPORARY_INSTALL_FILE, true); + if (status == INSTALL_SUCCESS && should_wipe_cache) { + wipe_cache(false, device); + } + if (status != INSTALL_SUCCESS) { + ui->Print("Installation aborted.\n"); + + // If this is an eng or userdebug build, then automatically + // turn the text display on if the script fails so the error + // message is visible. + if (is_ro_debuggable()) { + ui->ShowText(true); + } } } } else if (should_wipe_data) { @@ -1271,7 +1339,8 @@ main(int argc, char **argv) { } Device::BuiltinAction after = shutdown_after ? Device::SHUTDOWN : Device::REBOOT; - if ((status != INSTALL_SUCCESS && !sideload_auto_reboot) || ui->IsTextVisible()) { + if ((status != INSTALL_SUCCESS && status != INSTALL_SKIPPED && !sideload_auto_reboot) || + ui->IsTextVisible()) { Device::BuiltinAction temp = prompt_and_wait(device, status); if (temp != Device::NO_ACTION) { after = temp; -- cgit v1.2.3 From 661f8a69f2b12f3244deed664ab69a9d2efad7fb Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Thu, 25 Feb 2016 12:42:19 -0800 Subject: Move recovery's convert_fbe folder to /tmp The cache folder is no longer available at this time Bug: 27355824 Change-Id: I74e33266c1ff407364981b186613f81319dd22dc --- recovery.cpp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/recovery.cpp b/recovery.cpp index 593d0945f..4ae685f6a 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -79,8 +79,8 @@ static const char *INTENT_FILE = "/cache/recovery/intent"; static const char *LOG_FILE = "/cache/recovery/log"; static const char *LAST_INSTALL_FILE = "/cache/recovery/last_install"; static const char *LOCALE_FILE = "/cache/recovery/last_locale"; -static const char *CONVERT_FBE_DIR = "/cache/recovery/convert_fbe"; -static const char *CONVERT_FBE_FILE = "/cache/recovery/convert_fbe/convert_fbe"; +static const char *CONVERT_FBE_DIR = "/tmp/convert_fbe"; +static const char *CONVERT_FBE_FILE = "/tmp/convert_fbe/convert_fbe"; static const char *CACHE_ROOT = "/cache"; static const char *DATA_ROOT = "/data"; static const char *SDCARD_ROOT = "/sdcard"; @@ -576,10 +576,13 @@ static bool erase_volume(const char* volume) { if (is_data && reason && strcmp(reason, "convert_fbe") == 0) { // Create convert_fbe breadcrumb file to signal to init // to convert to file based encryption, not full disk encryption - mkdir(CONVERT_FBE_DIR, 0700); + if (mkdir(CONVERT_FBE_DIR, 0700) != 0) { + ui->Print("Failed to make convert_fbe dir %s\n", strerror(errno)); + return true; + } FILE* f = fopen(CONVERT_FBE_FILE, "wb"); if (!f) { - ui->Print("Failed to convert to file encryption\n"); + ui->Print("Failed to convert to file encryption %s\n", strerror(errno)); return true; } fclose(f); -- cgit v1.2.3 From ddcbb8ec9cc0971691ba60344941d4d93b10269b Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Thu, 25 Feb 2016 12:42:19 -0800 Subject: Move recovery's convert_fbe folder to /tmp The cache folder is no longer available at this time Bug: 27355824 Change-Id: I74e33266c1ff407364981b186613f81319dd22dc --- recovery.cpp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/recovery.cpp b/recovery.cpp index 593d0945f..4ae685f6a 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -79,8 +79,8 @@ static const char *INTENT_FILE = "/cache/recovery/intent"; static const char *LOG_FILE = "/cache/recovery/log"; static const char *LAST_INSTALL_FILE = "/cache/recovery/last_install"; static const char *LOCALE_FILE = "/cache/recovery/last_locale"; -static const char *CONVERT_FBE_DIR = "/cache/recovery/convert_fbe"; -static const char *CONVERT_FBE_FILE = "/cache/recovery/convert_fbe/convert_fbe"; +static const char *CONVERT_FBE_DIR = "/tmp/convert_fbe"; +static const char *CONVERT_FBE_FILE = "/tmp/convert_fbe/convert_fbe"; static const char *CACHE_ROOT = "/cache"; static const char *DATA_ROOT = "/data"; static const char *SDCARD_ROOT = "/sdcard"; @@ -576,10 +576,13 @@ static bool erase_volume(const char* volume) { if (is_data && reason && strcmp(reason, "convert_fbe") == 0) { // Create convert_fbe breadcrumb file to signal to init // to convert to file based encryption, not full disk encryption - mkdir(CONVERT_FBE_DIR, 0700); + if (mkdir(CONVERT_FBE_DIR, 0700) != 0) { + ui->Print("Failed to make convert_fbe dir %s\n", strerror(errno)); + return true; + } FILE* f = fopen(CONVERT_FBE_FILE, "wb"); if (!f) { - ui->Print("Failed to convert to file encryption\n"); + ui->Print("Failed to convert to file encryption %s\n", strerror(errno)); return true; } fclose(f); -- cgit v1.2.3 From 0eb41c3f370e89ff40cf1a3bd17e7b785b74641e Mon Sep 17 00:00:00 2001 From: Prashant Malani Date: Thu, 25 Feb 2016 18:27:03 -0800 Subject: Fixes to wear recovery for N Bug: 27336841 Change-Id: If4632e9791cce2c39590a4012687271f59a60af1 --- wear_ui.cpp | 33 +++++++++++++++++++++++++++++++++ wear_ui.h | 2 ++ 2 files changed, 35 insertions(+) diff --git a/wear_ui.cpp b/wear_ui.cpp index 50aeb3849..8a57cfffa 100644 --- a/wear_ui.cpp +++ b/wear_ui.cpp @@ -36,6 +36,7 @@ #include "ui.h" #include "cutils/properties.h" #include "android-base/strings.h" +#include "android-base/stringprintf.h" static int char_width; static int char_height; @@ -653,3 +654,35 @@ void WearRecoveryUI::ClearText() { } pthread_mutex_unlock(&updateMutex); } + +void WearRecoveryUI::PrintOnScreenOnly(const char *fmt, ...) { + va_list ap; + va_start(ap, fmt); + PrintV(fmt, false, ap); + va_end(ap); +} + +void WearRecoveryUI::PrintV(const char* fmt, bool copy_to_stdout, va_list ap) { + std::string str; + android::base::StringAppendV(&str, fmt, ap); + + if (copy_to_stdout) { + fputs(str.c_str(), stdout); + } + + pthread_mutex_lock(&updateMutex); + if (text_rows > 0 && text_cols > 0) { + for (const char* ptr = str.c_str(); *ptr != '\0'; ++ptr) { + if (*ptr == '\n' || text_col >= text_cols) { + text[text_row][text_col] = '\0'; + text_col = 0; + text_row = (text_row + 1) % text_rows; + if (text_row == text_top) text_top = (text_top + 1) % text_rows; + } + if (*ptr != '\n') text[text_row][text_col++] = *ptr; + } + text[text_row][text_col] = '\0'; + update_screen_locked(); + } + pthread_mutex_unlock(&updateMutex); +} diff --git a/wear_ui.h b/wear_ui.h index 63c1b6e6e..768141ccc 100644 --- a/wear_ui.h +++ b/wear_ui.h @@ -47,6 +47,7 @@ class WearRecoveryUI : public RecoveryUI { // printing messages void Print(const char* fmt, ...); + void PrintOnScreenOnly(const char* fmt, ...) __printflike(2, 3); void ShowFile(const char* filename); void ShowFile(FILE* fp); @@ -133,6 +134,7 @@ class WearRecoveryUI : public RecoveryUI { void ClearText(); void DrawTextLine(int x, int* y, const char* line, bool bold); void DrawTextLines(int x, int* y, const char* const* lines); + void PrintV(const char*, bool, va_list); }; #endif // RECOVERY_WEAR_UI_H -- cgit v1.2.3 From 3a2bb594df4b48c6afb1f029041dd6db0735de58 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 25 Feb 2016 12:38:53 -0800 Subject: uncrypt: Communicate via /dev/socket/uncrypt. We used to rely on files (e.g. /cache/recovery/command and /cache/recovery/uncrypt_status) to communicate between uncrypt and its caller (i.e. system_server). Since A/B devices may not have /cache partitions anymore, we switch to socket communication instead. We will keep the use of /cache/recovery/uncrypt_file to indicate the OTA package to be uncrypt'd though. Because there is existing logic in ShutdownThread.java that depends on the existence of the file to detect pending uncrypt works. This part won't affect A/B devices without /cache partitions, because such devices won't need uncrypt service (i.e the real de-encrypt work) anyway. Bug: 27176738 Change-Id: I481406e09e3ffc7b80f2c9e39003b9fca028742e --- uncrypt/uncrypt.cpp | 260 ++++++++++++++++++++++++++++++++++++---------------- uncrypt/uncrypt.rc | 3 + 2 files changed, 184 insertions(+), 79 deletions(-) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 2a32108a3..e783b9e7a 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -39,6 +39,53 @@ // Recovery can take this block map file and retrieve the underlying // file data to use as an update package. +/** + * In addition to the uncrypt work, uncrypt also takes care of setting and + * clearing the bootloader control block (BCB) at /misc partition. + * + * uncrypt is triggered as init services on demand. It uses socket to + * communicate with its caller (i.e. system_server). The socket is managed by + * init (i.e. created prior to the service starts, and destroyed when uncrypt + * exits). + * + * Below is the uncrypt protocol. + * + * a. caller b. init c. uncrypt + * --------------- ------------ -------------- + * a1. ctl.start: + * setup-bcb / + * clear-bcb / + * uncrypt + * + * b2. create socket at + * /dev/socket/uncrypt + * + * c3. listen and accept + * + * a4. send a 4-byte int + * (message length) + * c5. receive message length + * a6. send message + * c7. receive message + * c8. + * a9. + * c10. + * send "100" or "-1" + * + * a11. receive status code + * a12. send a 4-byte int to + * ack the receive of the + * final status code + * c13. receive and exit + * + * b14. destroy the socket + * + * Note that a12 and c13 are necessary to ensure a11 happens before the socket + * gets destroyed in b14. + */ + +#include #include #include #include @@ -49,6 +96,7 @@ #include #include #include +#include #include #include #include @@ -63,6 +111,7 @@ #include #include #include +#include #include #define LOG_TAG "uncrypt" @@ -73,12 +122,21 @@ #define WINDOW_SIZE 5 +// uncrypt provides three services: SETUP_BCB, CLEAR_BCB and UNCRYPT. +// +// SETUP_BCB and CLEAR_BCB services use socket communication and do not rely +// on /cache partitions. They will handle requests to reboot into recovery +// (for applying updates for non-A/B devices, or factory resets for all +// devices). +// +// UNCRYPT service still needs files on /cache partition (UNCRYPT_PATH_FILE +// and CACHE_BLOCK_MAP). It will be working (and needed) only for non-A/B +// devices, on which /cache partitions always exist. static const std::string CACHE_BLOCK_MAP = "/cache/recovery/block.map"; -static const std::string COMMAND_FILE = "/cache/recovery/command"; -static const std::string STATUS_FILE = "/cache/recovery/uncrypt_status"; static const std::string UNCRYPT_PATH_FILE = "/cache/recovery/uncrypt_file"; +static const std::string UNCRYPT_SOCKET = "uncrypt"; -static struct fstab* fstab = NULL; +static struct fstab* fstab = nullptr; static int write_at_offset(unsigned char* buffer, size_t size, int wfd, off64_t offset) { if (TEMP_FAILURE_RETRY(lseek64(wfd, offset, SEEK_SET)) == -1) { @@ -152,6 +210,11 @@ static const char* find_block_device(const char* path, bool* encryptable, bool* return NULL; } +static bool write_status_to_socket(int status, int socket) { + int status_out = htonl(status); + return android::base::WriteFully(socket, &status_out, sizeof(int)); +} + // Parse uncrypt_file to find the update package name. static bool find_uncrypt_package(const std::string& uncrypt_path_file, std::string* package_name) { CHECK(package_name != nullptr); @@ -167,7 +230,7 @@ static bool find_uncrypt_package(const std::string& uncrypt_path_file, std::stri } static int produce_block_map(const char* path, const char* map_file, const char* blk_dev, - bool encrypted, int status_fd) { + bool encrypted, int socket) { std::string err; if (!android::base::RemoveFileIfExists(map_file, &err)) { ALOGE("failed to remove the existing map file %s: %s", map_file, err.c_str()); @@ -180,9 +243,9 @@ static int produce_block_map(const char* path, const char* map_file, const char* return -1; } - // Make sure we can write to the status_file. - if (!android::base::WriteStringToFd("0\n", status_fd)) { - ALOGE("failed to update \"%s\"\n", STATUS_FILE.c_str()); + // Make sure we can write to the socket. + if (!write_status_to_socket(0, socket)) { + ALOGE("failed to write to socket %d\n", socket); return -1; } @@ -234,8 +297,8 @@ static int produce_block_map(const char* path, const char* map_file, const char* // Update the status file, progress must be between [0, 99]. int progress = static_cast(100 * (double(pos) / double(sb.st_size))); if (progress > last_progress) { - last_progress = progress; - android::base::WriteStringToFd(std::to_string(progress) + "\n", status_fd); + last_progress = progress; + write_status_to_socket(progress, socket); } if ((tail+1) % WINDOW_SIZE == head) { @@ -352,15 +415,12 @@ static int produce_block_map(const char* path, const char* map_file, const char* } static std::string get_misc_blk_device() { - struct fstab* fstab = read_fstab(); if (fstab == nullptr) { return ""; } - for (int i = 0; i < fstab->num_entries; ++i) { - fstab_rec* v = &fstab->recs[i]; - if (v->mount_point != nullptr && strcmp(v->mount_point, "/misc") == 0) { - return v->blk_device; - } + struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, "/misc"); + if (rec != nullptr) { + return rec->blk_device; } return ""; } @@ -406,8 +466,7 @@ static int write_bootloader_message(const bootloader_message* in) { return 0; } -static int uncrypt(const char* input_path, const char* map_file, int status_fd) { - +static int uncrypt(const char* input_path, const char* map_file, const int socket) { ALOGI("update package is \"%s\"", input_path); // Turn the name of the file we're supposed to convert into an @@ -418,10 +477,6 @@ static int uncrypt(const char* input_path, const char* map_file, int status_fd) return 1; } - if (read_fstab() == NULL) { - return 1; - } - bool encryptable; bool encrypted; const char* blk_dev = find_block_device(path, &encryptable, &encrypted); @@ -445,7 +500,7 @@ static int uncrypt(const char* input_path, const char* map_file, int status_fd) // and /sdcard we leave the file alone. if (strncmp(path, "/data/", 6) == 0) { ALOGI("writing block map %s", map_file); - if (produce_block_map(path, map_file, blk_dev, encrypted, status_fd) != 0) { + if (produce_block_map(path, map_file, blk_dev, encrypted, socket) != 0) { return 1; } } @@ -453,71 +508,66 @@ static int uncrypt(const char* input_path, const char* map_file, int status_fd) return 0; } -static int uncrypt_wrapper(const char* input_path, const char* map_file, - const std::string& status_file) { - // The pipe has been created by the system server. - unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR)); - if (!status_fd) { - ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno)); - return 1; - } - +static bool uncrypt_wrapper(const char* input_path, const char* map_file, const int socket) { std::string package; if (input_path == nullptr) { if (!find_uncrypt_package(UNCRYPT_PATH_FILE, &package)) { - android::base::WriteStringToFd("-1\n", status_fd.get()); - return 1; + write_status_to_socket(-1, socket); + return false; } input_path = package.c_str(); } CHECK(map_file != nullptr); - int status = uncrypt(input_path, map_file, status_fd.get()); + int status = uncrypt(input_path, map_file, socket); if (status != 0) { - android::base::WriteStringToFd("-1\n", status_fd.get()); - return 1; + write_status_to_socket(-1, socket); + return false; } - android::base::WriteStringToFd("100\n", status_fd.get()); - return 0; + write_status_to_socket(100, socket); + return true; } -static int clear_bcb(const std::string& status_file) { - unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR)); - if (!status_fd) { - ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno)); - return 1; - } +static bool clear_bcb(const int socket) { bootloader_message boot = {}; if (write_bootloader_message(&boot) != 0) { - android::base::WriteStringToFd("-1\n", status_fd.get()); - return 1; + write_status_to_socket(-1, socket); + return false; } - android::base::WriteStringToFd("100\n", status_fd.get()); - return 0; + write_status_to_socket(100, socket); + return true; } -static int setup_bcb(const std::string& command_file, const std::string& status_file) { - unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR)); - if (!status_fd) { - ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno)); - return 1; +static bool setup_bcb(const int socket) { + // c5. receive message length + int length; + if (!android::base::ReadFully(socket, &length, 4)) { + ALOGE("failed to read the length: %s", strerror(errno)); + return false; } + length = ntohl(length); + + // c7. receive message std::string content; - if (!android::base::ReadFileToString(command_file, &content)) { - ALOGE("failed to read \"%s\": %s", command_file.c_str(), strerror(errno)); - android::base::WriteStringToFd("-1\n", status_fd.get()); - return 1; + content.resize(length); + if (!android::base::ReadFully(socket, &content[0], length)) { + ALOGE("failed to read the length: %s", strerror(errno)); + return false; } + ALOGI(" received command: [%s] (%zu)", content.c_str(), content.size()); + + // c8. setup the bcb command bootloader_message boot = {}; strlcpy(boot.command, "boot-recovery", sizeof(boot.command)); strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery)); strlcat(boot.recovery, content.c_str(), sizeof(boot.recovery)); if (write_bootloader_message(&boot) != 0) { ALOGE("failed to set bootloader message"); - android::base::WriteStringToFd("-1\n", status_fd.get()); - return 1; + write_status_to_socket(-1, socket); + return false; } - android::base::WriteStringToFd("100\n", status_fd.get()); - return 0; + // c10. send "100" status + write_status_to_socket(100, socket); + return true; } static int read_bcb() { @@ -540,23 +590,75 @@ static void usage(const char* exename) { } int main(int argc, char** argv) { - if (argc == 2) { - if (strcmp(argv[1], "--clear-bcb") == 0) { - return clear_bcb(STATUS_FILE); - } else if (strcmp(argv[1], "--setup-bcb") == 0) { - return setup_bcb(COMMAND_FILE, STATUS_FILE); - } else if (strcmp(argv[1], "--read-bcb") == 0) { - return read_bcb(); - } - } else if (argc == 1 || argc == 3) { - const char* input_path = nullptr; - const char* map_file = CACHE_BLOCK_MAP.c_str(); - if (argc == 3) { - input_path = argv[1]; - map_file = argv[2]; - } - return uncrypt_wrapper(input_path, map_file, STATUS_FILE); + enum { UNCRYPT, SETUP_BCB, CLEAR_BCB } action; + const char* input_path = nullptr; + const char* map_file = CACHE_BLOCK_MAP.c_str(); + + if (argc == 2 && strcmp(argv[1], "--clear-bcb") == 0) { + action = CLEAR_BCB; + } else if (argc == 2 && strcmp(argv[1], "--setup-bcb") == 0) { + action = SETUP_BCB; + } else if (argc ==2 && strcmp(argv[1], "--read-bcb") == 0) { + return read_bcb(); + } else if (argc == 1) { + action = UNCRYPT; + } else if (argc == 3) { + input_path = argv[1]; + map_file = argv[2]; + action = UNCRYPT; + } else { + usage(argv[0]); + return 2; + } + + if ((fstab = read_fstab()) == nullptr) { + return 1; + } + + // c3. The socket is created by init when starting the service. uncrypt + // will use the socket to communicate with its caller. + unique_fd service_socket(android_get_control_socket(UNCRYPT_SOCKET.c_str())); + if (!service_socket) { + ALOGE("failed to open socket \"%s\": %s", UNCRYPT_SOCKET.c_str(), strerror(errno)); + return 1; + } + fcntl(service_socket.get(), F_SETFD, FD_CLOEXEC); + + if (listen(service_socket.get(), 1) == -1) { + ALOGE("failed to listen on socket %d: %s", service_socket.get(), strerror(errno)); + return 1; + } + + unique_fd socket_fd(accept4(service_socket.get(), nullptr, nullptr, SOCK_CLOEXEC)); + if (!socket_fd) { + ALOGE("failed to accept on socket %d: %s", service_socket.get(), strerror(errno)); + return 1; + } + + bool success = false; + switch (action) { + case UNCRYPT: + success = uncrypt_wrapper(input_path, map_file, socket_fd.get()); + break; + case SETUP_BCB: + success = setup_bcb(socket_fd.get()); + break; + case CLEAR_BCB: + success = clear_bcb(socket_fd.get()); + break; + default: // Should never happen. + ALOGE("Invalid uncrypt action code: %d", action); + return 1; + } + + // c13. Read a 4-byte code from the client before uncrypt exits. This is to + // ensure the client to receive the last status code before the socket gets + // destroyed. + int code; + if (android::base::ReadFully(socket_fd.get(), &code, 4)) { + ALOGI(" received %d, exiting now", code); + } else { + ALOGE("failed to read the code: %s", strerror(errno)); } - usage(argv[0]); - return 2; + return success ? 0 : 1; } diff --git a/uncrypt/uncrypt.rc b/uncrypt/uncrypt.rc index d5d803b9f..52f564eb6 100644 --- a/uncrypt/uncrypt.rc +++ b/uncrypt/uncrypt.rc @@ -1,14 +1,17 @@ service uncrypt /system/bin/uncrypt class main + socket uncrypt stream 600 system system disabled oneshot service setup-bcb /system/bin/uncrypt --setup-bcb class main + socket uncrypt stream 600 system system disabled oneshot service clear-bcb /system/bin/uncrypt --clear-bcb class main + socket uncrypt stream 600 system system disabled oneshot -- cgit v1.2.3 From ae6408d1a2edc9950a2bff3af448cddecc7adf13 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 25 Feb 2016 12:29:40 -0800 Subject: recovery: Handle devices without /cache partition. Since we may not have /cache partition on A/B devices, let recovery handle /cache related operations gracefully if /cache doesn't exist. (1) Disable the wipe for /cache partition. (2) Skip wiping /cache while wiping /data (i.e. factory reset). (3) Disable logging-related features, until we figure out better ways / places to store recovery logs (mainly for factory resets on A/B devices). Bug: 27176738 Change-Id: I7b14e53ce18960fe801ddfc15380dac6ceef1198 (cherry picked from commit 26112e587084e8b066c28a696533328adde406a9) --- recovery.cpp | 39 +++++++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/recovery.cpp b/recovery.cpp index 4ae685f6a..fe6793da0 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -101,6 +101,7 @@ char* locale = NULL; char* stage = NULL; char* reason = NULL; bool modified_flash = false; +static bool has_cache = false; /* * The recovery tool communicates with the main system through /cache files. @@ -313,8 +314,8 @@ get_args(int *argc, char ***argv) { } } - // --- if that doesn't work, try the command file - if (*argc <= 1) { + // --- if that doesn't work, try the command file (if we have /cache). + if (*argc <= 1 && has_cache) { FILE *fp = fopen_path(COMMAND_FILE, "r"); if (fp != NULL) { char *token; @@ -436,6 +437,11 @@ static void rotate_logs(int max) { } static void copy_logs() { + // We can do nothing for now if there's no /cache partition. + if (!has_cache) { + return; + } + // We only rotate and record the log of the current session if there are // actual attempts to modify the flash, such as wipes, installs from BCB // or menu selections. This is to avoid unnecessary rotation (and @@ -467,7 +473,7 @@ static void copy_logs() { static void finish_recovery(const char *send_intent) { // By this point, we're ready to return to the main system... - if (send_intent != NULL) { + if (send_intent != NULL && has_cache) { FILE *fp = fopen_path(INTENT_FILE, "w"); if (fp == NULL) { LOGE("Can't open %s\n", INTENT_FILE); @@ -480,7 +486,7 @@ finish_recovery(const char *send_intent) { // Save the locale to cache, so if recovery is next started up // without a --locale argument (eg, directly from the bootloader) // it will use the last-known locale. - if (locale != NULL) { + if (locale != NULL && has_cache) { LOGI("Saving locale \"%s\"\n", locale); FILE* fp = fopen_path(LOCALE_FILE, "w"); fwrite(locale, 1, strlen(locale), fp); @@ -497,12 +503,13 @@ finish_recovery(const char *send_intent) { set_bootloader_message(&boot); // Remove the command file, so recovery won't repeat indefinitely. - if (ensure_path_mounted(COMMAND_FILE) != 0 || - (unlink(COMMAND_FILE) && errno != ENOENT)) { - LOGW("Can't unlink %s\n", COMMAND_FILE); + if (has_cache) { + if (ensure_path_mounted(COMMAND_FILE) != 0 || (unlink(COMMAND_FILE) && errno != ENOENT)) { + LOGW("Can't unlink %s\n", COMMAND_FILE); + } + ensure_path_unmounted(CACHE_ROOT); } - ensure_path_unmounted(CACHE_ROOT); sync(); // For good measure. } @@ -793,7 +800,7 @@ static bool wipe_data(int should_confirm, Device* device) { bool success = device->PreWipeData() && erase_volume("/data") && - erase_volume("/cache") && + (has_cache ? erase_volume("/cache") : true) && device->PostWipeData(); ui->Print("Data wipe %s.\n", success ? "complete" : "failed"); return success; @@ -801,6 +808,11 @@ static bool wipe_data(int should_confirm, Device* device) { // Return true on success. static bool wipe_cache(bool should_confirm, Device* device) { + if (!has_cache) { + ui->Print("No /cache partition found.\n"); + return false; + } + if (should_confirm && !yes_no(device, "Wipe cache?", " THIS CAN NOT BE UNDONE!")) { return false; } @@ -814,6 +826,11 @@ static bool wipe_cache(bool should_confirm, Device* device) { } static void choose_recovery_file(Device* device) { + if (!has_cache) { + ui->Print("No /cache partition found.\n"); + return; + } + // "Back" + KEEP_LOG_COUNT * 2 + terminating nullptr entry char* entries[1 + KEEP_LOG_COUNT * 2 + 1]; memset(entries, 0, sizeof(entries)); @@ -1167,6 +1184,8 @@ int main(int argc, char **argv) { printf("Starting recovery (pid %d) on %s", getpid(), ctime(&start)); load_volume_table(); + has_cache = volume_for_path(CACHE_ROOT) != nullptr; + get_args(&argc, &argv); const char *send_intent = NULL; @@ -1207,7 +1226,7 @@ int main(int argc, char **argv) { } } - if (locale == NULL) { + if (locale == nullptr && has_cache) { load_locale_from_cache(); } printf("locale is [%s]\n", locale); -- cgit v1.2.3 From 080f522fb9d58a9c47c0c3b79c32a61ba3c2bfc8 Mon Sep 17 00:00:00 2001 From: Alex Deymo Date: Wed, 2 Mar 2016 14:21:02 -0800 Subject: Restore labels on /postinstall during recovery. This patch mirrors what was done in the main init.rc to relabel /postinstall. Bug: 27178350 Bug: 27177071 (cherry picked from commit 6bcc8af6e5a5bf9cc0987305cdfa24d4f6e4afa9) Change-Id: I8320559f014cfb14216dcc350e016fc1db05cb14 --- etc/init.rc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/etc/init.rc b/etc/init.rc index dc1865986..5915b8d80 100644 --- a/etc/init.rc +++ b/etc/init.rc @@ -1,6 +1,9 @@ import /init.recovery.${ro.hardware}.rc on early-init + # Set the security context of /postinstall if present. + restorecon /postinstall + start ueventd start healthd -- cgit v1.2.3 From 7d9fd96dc99a6008979811e36bb06f3afad18508 Mon Sep 17 00:00:00 2001 From: Prashant Malani Date: Tue, 8 Mar 2016 13:18:45 -0800 Subject: recovery: Begin refactor of WearUI to use ScreenRecoveryUI This is the first of a series of changes which move WearUI to subclass ScreenRecoveryUI, to take advantage of several functions which are common between the two recovery UI implementations, and already defined in ScreenRecoveryUI. This patch changes the base class of WearUI, removes redundant header includes, and also removes a common function. Bug: 27407422 Change-Id: I8fd90826900f69272a82e23bd099790e8004d511 --- wear_ui.cpp | 27 --------------------------- wear_ui.h | 10 ++-------- 2 files changed, 2 insertions(+), 35 deletions(-) diff --git a/wear_ui.cpp b/wear_ui.cpp index 8a57cfffa..65bcd8494 100644 --- a/wear_ui.cpp +++ b/wear_ui.cpp @@ -16,9 +16,7 @@ #include #include -#include #include -#include #include #include #include @@ -31,9 +29,7 @@ #include "common.h" #include "device.h" -#include "minui/minui.h" #include "wear_ui.h" -#include "ui.h" #include "cutils/properties.h" #include "android-base/strings.h" #include "android-base/stringprintf.h" @@ -370,29 +366,6 @@ void WearRecoveryUI::Init() RecoveryUI::Init(); } -void WearRecoveryUI::SetLocale(const char* locale) { - if (locale) { - char* lang = strdup(locale); - for (char* p = lang; *p; ++p) { - if (*p == '_') { - *p = '\0'; - break; - } - } - - // A bit cheesy: keep an explicit list of supported languages - // that are RTL. - if (strcmp(lang, "ar") == 0 || // Arabic - strcmp(lang, "fa") == 0 || // Persian (Farsi) - strcmp(lang, "he") == 0 || // Hebrew (new language code) - strcmp(lang, "iw") == 0 || // Hebrew (old language code) - strcmp(lang, "ur") == 0) { // Urdu - rtl_locale = true; - } - free(lang); - } -} - void WearRecoveryUI::SetBackground(Icon icon) { pthread_mutex_lock(&updateMutex); diff --git a/wear_ui.h b/wear_ui.h index 768141ccc..35ea51660 100644 --- a/wear_ui.h +++ b/wear_ui.h @@ -17,19 +17,13 @@ #ifndef RECOVERY_WEAR_UI_H #define RECOVERY_WEAR_UI_H -#include -#include +#include "screen_ui.h" -#include "ui.h" -#include "minui/minui.h" - -class WearRecoveryUI : public RecoveryUI { +class WearRecoveryUI : public ScreenRecoveryUI { public: WearRecoveryUI(); void Init(); - void SetLocale(const char* locale); - // overall recovery state ("background image") void SetBackground(Icon icon); -- cgit v1.2.3 From 1c7b2230d8aac9f064f68c48b6aa26aca000cc9d Mon Sep 17 00:00:00 2001 From: Prashant Malani Date: Tue, 8 Mar 2016 15:23:51 -0800 Subject: recovery: More refactoring of WearUI This patch performs the following modifications: - Remove setBackground function, and currentIcon member variable. - Remove common Progress*, Redraw and EndMenu functions. Bug: 27407422 Change-Id: Ic3c0e16b67941484c3bc1d04c9b61288e8896808 Signed-off-by: Prashant Malani --- screen_ui.cpp | 4 ++-- screen_ui.h | 3 ++- wear_ui.cpp | 69 ----------------------------------------------------------- wear_ui.h | 12 ----------- 4 files changed, 4 insertions(+), 84 deletions(-) diff --git a/screen_ui.cpp b/screen_ui.cpp index 522aa6b23..dc596314c 100644 --- a/screen_ui.cpp +++ b/screen_ui.cpp @@ -51,7 +51,6 @@ static double now() { } ScreenRecoveryUI::ScreenRecoveryUI() : - currentIcon(NONE), installingFrame(0), locale(nullptr), rtl_locale(false), @@ -76,7 +75,8 @@ ScreenRecoveryUI::ScreenRecoveryUI() : animation_fps(-1), installing_frames(-1), stage(-1), - max_stage(-1) { + max_stage(-1), + currentIcon(NONE) { for (int i = 0; i < 5; i++) { backgroundIcon[i] = nullptr; diff --git a/screen_ui.h b/screen_ui.h index 08a5f44a9..386deac2d 100644 --- a/screen_ui.h +++ b/screen_ui.h @@ -68,7 +68,6 @@ class ScreenRecoveryUI : public RecoveryUI { void SetColor(UIElement e); private: - Icon currentIcon; int installingFrame; const char* locale; bool rtl_locale; @@ -139,6 +138,8 @@ class ScreenRecoveryUI : public RecoveryUI { void LoadBitmap(const char* filename, GRSurface** surface); void LoadBitmapArray(const char* filename, int* frames, int* fps, GRSurface*** surface); void LoadLocalizedBitmap(const char* filename, GRSurface** surface); + protected: + Icon currentIcon; }; #endif // RECOVERY_UI_H diff --git a/wear_ui.cpp b/wear_ui.cpp index 65bcd8494..ef48b788b 100644 --- a/wear_ui.cpp +++ b/wear_ui.cpp @@ -59,7 +59,6 @@ WearRecoveryUI::WearRecoveryUI() : intro_frames(22), loop_frames(60), animation_fps(30), - currentIcon(NONE), intro_done(false), current_frame(0), rtl_locale(false), @@ -366,57 +365,6 @@ void WearRecoveryUI::Init() RecoveryUI::Init(); } -void WearRecoveryUI::SetBackground(Icon icon) -{ - pthread_mutex_lock(&updateMutex); - currentIcon = icon; - update_screen_locked(); - pthread_mutex_unlock(&updateMutex); -} - -void WearRecoveryUI::SetProgressType(ProgressType type) -{ - pthread_mutex_lock(&updateMutex); - if (progressBarType != type) { - progressBarType = type; - } - progressScopeStart = 0; - progressScopeSize = 0; - progress = 0; - update_screen_locked(); - pthread_mutex_unlock(&updateMutex); -} - -void WearRecoveryUI::ShowProgress(float portion, float seconds) -{ - pthread_mutex_lock(&updateMutex); - progressBarType = DETERMINATE; - progressScopeStart += progressScopeSize; - progressScopeSize = portion; - progressScopeTime = now(); - progressScopeDuration = seconds; - progress = 0; - update_screen_locked(); - pthread_mutex_unlock(&updateMutex); -} - -void WearRecoveryUI::SetProgress(float fraction) -{ - pthread_mutex_lock(&updateMutex); - if (fraction < 0.0) fraction = 0.0; - if (fraction > 1.0) fraction = 1.0; - if (progressBarType == DETERMINATE && fraction > progress) { - // Skip updates that aren't visibly different. - int width = progress_bar_width; - float scale = width * progressScopeSize; - if ((int) (progress * scale) != (int) (fraction * scale)) { - progress = fraction; - update_screen_locked(); - } - } - pthread_mutex_unlock(&updateMutex); -} - void WearRecoveryUI::SetStage(int current, int max) { } @@ -499,16 +447,6 @@ int WearRecoveryUI::SelectMenu(int sel) { return sel; } -void WearRecoveryUI::EndMenu() { - int i; - pthread_mutex_lock(&updateMutex); - if (show_menu > 0 && text_rows > 0 && text_cols > 0) { - show_menu = 0; - update_screen_locked(); - } - pthread_mutex_unlock(&updateMutex); -} - bool WearRecoveryUI::IsTextVisible() { pthread_mutex_lock(&updateMutex); @@ -539,13 +477,6 @@ void WearRecoveryUI::ShowText(bool visible) pthread_mutex_unlock(&updateMutex); } -void WearRecoveryUI::Redraw() -{ - pthread_mutex_lock(&updateMutex); - update_screen_locked(); - pthread_mutex_unlock(&updateMutex); -} - void WearRecoveryUI::ShowFile(FILE* fp) { std::vector offsets; offsets.push_back(ftell(fp)); diff --git a/wear_ui.h b/wear_ui.h index 35ea51660..63a257244 100644 --- a/wear_ui.h +++ b/wear_ui.h @@ -24,13 +24,6 @@ class WearRecoveryUI : public ScreenRecoveryUI { WearRecoveryUI(); void Init(); - // overall recovery state ("background image") - void SetBackground(Icon icon); - - // progress indicator - void SetProgressType(ProgressType type); - void ShowProgress(float portion, float seconds); - void SetProgress(float fraction); void SetStage(int current, int max); @@ -49,9 +42,6 @@ class WearRecoveryUI : public ScreenRecoveryUI { void StartMenu(const char* const * headers, const char* const * items, int initial_selection); int SelectMenu(int sel); - void EndMenu(); - - void Redraw(); enum UIElement { HEADER, MENU, MENU_SEL_BG, MENU_SEL_FG, LOG, TEXT_FILL }; virtual void SetColor(UIElement e); @@ -78,8 +68,6 @@ class WearRecoveryUI : public ScreenRecoveryUI { int animation_fps; private: - Icon currentIcon; - bool intro_done; int current_frame; -- cgit v1.2.3 From f7f9e50528761022989c4f0cac6a92716b54674f Mon Sep 17 00:00:00 2001 From: Prashant Malani Date: Thu, 10 Mar 2016 03:40:20 +0000 Subject: Revert "recovery: More refactoring of WearUI" This reverts commit 1c7b2230d8aac9f064f68c48b6aa26aca000cc9d. This change can lead to the derived class indirectly (and incorrectly) calling some functions from the base class, which can lead to unpredictable behavior. Bug: 27407422 Change-Id: I126a7489b0787dc195e942e2ceea6769de20d70c --- screen_ui.cpp | 4 ++-- screen_ui.h | 3 +-- wear_ui.cpp | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ wear_ui.h | 12 +++++++++++ 4 files changed, 84 insertions(+), 4 deletions(-) diff --git a/screen_ui.cpp b/screen_ui.cpp index dc596314c..522aa6b23 100644 --- a/screen_ui.cpp +++ b/screen_ui.cpp @@ -51,6 +51,7 @@ static double now() { } ScreenRecoveryUI::ScreenRecoveryUI() : + currentIcon(NONE), installingFrame(0), locale(nullptr), rtl_locale(false), @@ -75,8 +76,7 @@ ScreenRecoveryUI::ScreenRecoveryUI() : animation_fps(-1), installing_frames(-1), stage(-1), - max_stage(-1), - currentIcon(NONE) { + max_stage(-1) { for (int i = 0; i < 5; i++) { backgroundIcon[i] = nullptr; diff --git a/screen_ui.h b/screen_ui.h index 386deac2d..08a5f44a9 100644 --- a/screen_ui.h +++ b/screen_ui.h @@ -68,6 +68,7 @@ class ScreenRecoveryUI : public RecoveryUI { void SetColor(UIElement e); private: + Icon currentIcon; int installingFrame; const char* locale; bool rtl_locale; @@ -138,8 +139,6 @@ class ScreenRecoveryUI : public RecoveryUI { void LoadBitmap(const char* filename, GRSurface** surface); void LoadBitmapArray(const char* filename, int* frames, int* fps, GRSurface*** surface); void LoadLocalizedBitmap(const char* filename, GRSurface** surface); - protected: - Icon currentIcon; }; #endif // RECOVERY_UI_H diff --git a/wear_ui.cpp b/wear_ui.cpp index ef48b788b..65bcd8494 100644 --- a/wear_ui.cpp +++ b/wear_ui.cpp @@ -59,6 +59,7 @@ WearRecoveryUI::WearRecoveryUI() : intro_frames(22), loop_frames(60), animation_fps(30), + currentIcon(NONE), intro_done(false), current_frame(0), rtl_locale(false), @@ -365,6 +366,57 @@ void WearRecoveryUI::Init() RecoveryUI::Init(); } +void WearRecoveryUI::SetBackground(Icon icon) +{ + pthread_mutex_lock(&updateMutex); + currentIcon = icon; + update_screen_locked(); + pthread_mutex_unlock(&updateMutex); +} + +void WearRecoveryUI::SetProgressType(ProgressType type) +{ + pthread_mutex_lock(&updateMutex); + if (progressBarType != type) { + progressBarType = type; + } + progressScopeStart = 0; + progressScopeSize = 0; + progress = 0; + update_screen_locked(); + pthread_mutex_unlock(&updateMutex); +} + +void WearRecoveryUI::ShowProgress(float portion, float seconds) +{ + pthread_mutex_lock(&updateMutex); + progressBarType = DETERMINATE; + progressScopeStart += progressScopeSize; + progressScopeSize = portion; + progressScopeTime = now(); + progressScopeDuration = seconds; + progress = 0; + update_screen_locked(); + pthread_mutex_unlock(&updateMutex); +} + +void WearRecoveryUI::SetProgress(float fraction) +{ + pthread_mutex_lock(&updateMutex); + if (fraction < 0.0) fraction = 0.0; + if (fraction > 1.0) fraction = 1.0; + if (progressBarType == DETERMINATE && fraction > progress) { + // Skip updates that aren't visibly different. + int width = progress_bar_width; + float scale = width * progressScopeSize; + if ((int) (progress * scale) != (int) (fraction * scale)) { + progress = fraction; + update_screen_locked(); + } + } + pthread_mutex_unlock(&updateMutex); +} + void WearRecoveryUI::SetStage(int current, int max) { } @@ -447,6 +499,16 @@ int WearRecoveryUI::SelectMenu(int sel) { return sel; } +void WearRecoveryUI::EndMenu() { + int i; + pthread_mutex_lock(&updateMutex); + if (show_menu > 0 && text_rows > 0 && text_cols > 0) { + show_menu = 0; + update_screen_locked(); + } + pthread_mutex_unlock(&updateMutex); +} + bool WearRecoveryUI::IsTextVisible() { pthread_mutex_lock(&updateMutex); @@ -477,6 +539,13 @@ void WearRecoveryUI::ShowText(bool visible) pthread_mutex_unlock(&updateMutex); } +void WearRecoveryUI::Redraw() +{ + pthread_mutex_lock(&updateMutex); + update_screen_locked(); + pthread_mutex_unlock(&updateMutex); +} + void WearRecoveryUI::ShowFile(FILE* fp) { std::vector offsets; offsets.push_back(ftell(fp)); diff --git a/wear_ui.h b/wear_ui.h index 63a257244..35ea51660 100644 --- a/wear_ui.h +++ b/wear_ui.h @@ -24,6 +24,13 @@ class WearRecoveryUI : public ScreenRecoveryUI { WearRecoveryUI(); void Init(); + // overall recovery state ("background image") + void SetBackground(Icon icon); + + // progress indicator + void SetProgressType(ProgressType type); + void ShowProgress(float portion, float seconds); + void SetProgress(float fraction); void SetStage(int current, int max); @@ -42,6 +49,9 @@ class WearRecoveryUI : public ScreenRecoveryUI { void StartMenu(const char* const * headers, const char* const * items, int initial_selection); int SelectMenu(int sel); + void EndMenu(); + + void Redraw(); enum UIElement { HEADER, MENU, MENU_SEL_BG, MENU_SEL_FG, LOG, TEXT_FILL }; virtual void SetColor(UIElement e); @@ -68,6 +78,8 @@ class WearRecoveryUI : public ScreenRecoveryUI { int animation_fps; private: + Icon currentIcon; + bool intro_done; int current_frame; -- cgit v1.2.3 From fa12b9737dd4ab36c3b4abaf25eb79f692e6eba6 Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Fri, 5 Feb 2016 18:25:58 -0800 Subject: Reboot and retry on I/O errors When I/O error happens, reboot and retry installation two times before we abort this OTA update. Bug: 25633753 Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69 (cherry picked from commit 3c62b67faf8a25f1dd1c44dc19759c3997fdfd36) --- install.cpp | 6 +++++ install.h | 3 ++- otafault/ota_io.cpp | 68 +++++++++++++++++++++++++++++++++++++++++++++-------- recovery.cpp | 47 +++++++++++++++++++++++++++++++++++- updater/updater.cpp | 7 ++++++ 5 files changed, 119 insertions(+), 12 deletions(-) diff --git a/install.cpp b/install.cpp index c0d007709..8a82d7bc4 100644 --- a/install.cpp +++ b/install.cpp @@ -144,6 +144,7 @@ try_update_binary(const char* path, ZipArchive* zip, bool* wipe_cache) { close(pipefd[1]); *wipe_cache = false; + bool retry_update = false; char buffer[1024]; FILE* from_child = fdopen(pipefd[0], "r"); @@ -180,6 +181,8 @@ try_update_binary(const char* path, ZipArchive* zip, bool* wipe_cache) { // to be able to reboot during installation (useful for // debugging packages that don't exit). ui->SetEnableReboot(true); + } else if (strcmp(command, "retry_update") == 0) { + retry_update = true; } else { LOGE("unknown command [%s]\n", command); } @@ -188,6 +191,9 @@ try_update_binary(const char* path, ZipArchive* zip, bool* wipe_cache) { int status; waitpid(pid, &status, 0); + if (retry_update) { + return INSTALL_RETRY; + } if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { LOGE("Error in %s\n(Status %d)\n", path, WEXITSTATUS(status)); return INSTALL_ERROR; diff --git a/install.h b/install.h index f92f061df..fd08e3c49 100644 --- a/install.h +++ b/install.h @@ -23,7 +23,8 @@ extern "C" { #endif -enum { INSTALL_SUCCESS, INSTALL_ERROR, INSTALL_CORRUPT, INSTALL_NONE, INSTALL_SKIPPED }; +enum { INSTALL_SUCCESS, INSTALL_ERROR, INSTALL_CORRUPT, INSTALL_NONE, INSTALL_SKIPPED, + INSTALL_RETRY }; // Install the package specified by root_path. If INSTALL_SUCCESS is // returned and *wipe_cache is true on exit, caller should wipe the // cache partition. diff --git a/otafault/ota_io.cpp b/otafault/ota_io.cpp index 02e80f9bf..a37804088 100644 --- a/otafault/ota_io.cpp +++ b/otafault/ota_io.cpp @@ -38,6 +38,8 @@ static std::string FaultFileName = #endif // defined (TARGET_READ_FAULT) #endif // defined (TARGET_INJECT_FAULTS) +bool have_eio_error = false; + int ota_open(const char* path, int oflags) { #if defined (TARGET_INJECT_FAULTS) // Let the caller handle errors; we do not care if open succeeds or fails @@ -90,12 +92,22 @@ size_t ota_fread(void* ptr, size_t size, size_t nitems, FILE* stream) { && FilenameCache[(intptr_t)stream] == FaultFileName) { FaultFileName = ""; errno = EIO; + have_eio_error = true; return 0; } else { - return fread(ptr, size, nitems, stream); + size_t status = fread(ptr, size, nitems, stream); + // If I/O error occurs, set the retry-update flag. + if (status != nitems && errno == EIO) { + have_eio_error = true; + } + return status; } #else - return fread(ptr, size, nitems, stream); + size_t status = fread(ptr, size, nitems, stream); + if (status != nitems && errno == EIO) { + have_eio_error = true; + } + return status; #endif } @@ -105,12 +117,21 @@ ssize_t ota_read(int fd, void* buf, size_t nbyte) { && FilenameCache[fd] == FaultFileName) { FaultFileName = ""; errno = EIO; + have_eio_error = true; return -1; } else { - return read(fd, buf, nbyte); + ssize_t status = read(fd, buf, nbyte); + if (status == -1 && errno == EIO) { + have_eio_error = true; + } + return status; } #else - return read(fd, buf, nbyte); + ssize_t status = read(fd, buf, nbyte); + if (status == -1 && errno == EIO) { + have_eio_error = true; + } + return status; #endif } @@ -120,12 +141,21 @@ size_t ota_fwrite(const void* ptr, size_t size, size_t count, FILE* stream) { && FilenameCache[(intptr_t)stream] == FaultFileName) { FaultFileName = ""; errno = EIO; + have_eio_error = true; return 0; } else { - return fwrite(ptr, size, count, stream); + size_t status = fwrite(ptr, size, count, stream); + if (status != count && errno == EIO) { + have_eio_error = true; + } + return status; } #else - return fwrite(ptr, size, count, stream); + size_t status = fwrite(ptr, size, count, stream); + if (status != count && errno == EIO) { + have_eio_error = true; + } + return status; #endif } @@ -135,12 +165,21 @@ ssize_t ota_write(int fd, const void* buf, size_t nbyte) { && FilenameCache[fd] == FaultFileName) { FaultFileName = ""; errno = EIO; + have_eio_error = true; return -1; } else { - return write(fd, buf, nbyte); + ssize_t status = write(fd, buf, nbyte); + if (status == -1 && errno == EIO) { + have_eio_error = true; + } + return status; } #else - return write(fd, buf, nbyte); + ssize_t status = write(fd, buf, nbyte); + if (status == -1 && errno == EIO) { + have_eio_error = true; + } + return status; #endif } @@ -151,10 +190,19 @@ int ota_fsync(int fd) { FaultFileName = ""; errno = EIO; return -1; + have_eio_error = true; } else { - return fsync(fd); + int status = fsync(fd); + if (status == -1 && errno == EIO) { + have_eio_error = true; + } + return status; } #else - return fsync(fd); + int status = fsync(fd); + if (status == -1 && errno == EIO) { + have_eio_error = true; + } + return status; #endif } diff --git a/recovery.cpp b/recovery.cpp index fe6793da0..7620f1a00 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -36,6 +36,7 @@ #include #include +#include #include #include #include @@ -60,6 +61,7 @@ struct selabel_handle *sehandle; static const struct option OPTIONS[] = { { "send_intent", required_argument, NULL, 'i' }, { "update_package", required_argument, NULL, 'u' }, + { "retry_count", required_argument, NULL, 'n' }, { "wipe_data", no_argument, NULL, 'w' }, { "wipe_cache", no_argument, NULL, 'c' }, { "show_text", no_argument, NULL, 't' }, @@ -89,6 +91,7 @@ static const char *TEMPORARY_INSTALL_FILE = "/tmp/last_install"; static const char *LAST_KMSG_FILE = "/cache/recovery/last_kmsg"; static const char *LAST_LOG_FILE = "/cache/recovery/last_log"; static const int KEEP_LOG_COUNT = 10; +static const int EIO_RETRY_COUNT = 2; static const int BATTERY_READ_TIMEOUT_IN_SEC = 10; // GmsCore enters recovery mode to install package when having enough battery // percentage. Normally, the threshold is 40% without charger and 20% with charger. @@ -1162,6 +1165,29 @@ static bool is_battery_ok() { } } +static void set_retry_bootloader_message(int retry_count, int argc, char** argv) { + struct bootloader_message boot {}; + strlcpy(boot.command, "boot-recovery", sizeof(boot.command)); + strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery)); + + for (int i = 1; i < argc; ++i) { + if (strstr(argv[i], "retry_count") == nullptr) { + strlcat(boot.recovery, argv[i], sizeof(boot.recovery)); + strlcat(boot.recovery, "\n", sizeof(boot.recovery)); + } + } + + // Initialize counter to 1 if it's not in BCB, otherwise increment it by 1. + if (retry_count == 0) { + strlcat(boot.recovery, "--retry_count=1\n", sizeof(boot.recovery)); + } else { + char buffer[20]; + snprintf(buffer, sizeof(buffer), "--retry_count=%d\n", retry_count+1); + strlcat(boot.recovery, buffer, sizeof(boot.recovery)); + } + set_bootloader_message(&boot); +} + int main(int argc, char **argv) { // If this binary is started with the single argument "--adbd", // instead of being the normal recovery binary, it turns into kind @@ -1197,11 +1223,13 @@ int main(int argc, char **argv) { bool sideload_auto_reboot = false; bool just_exit = false; bool shutdown_after = false; + int retry_count = 0; int arg; while ((arg = getopt_long(argc, argv, "", OPTIONS, NULL)) != -1) { switch (arg) { case 'i': send_intent = optarg; break; + case 'n': android::base::ParseInt(optarg, &retry_count, 0); break; case 'u': update_package = optarg; break; case 'w': should_wipe_data = true; break; case 'c': should_wipe_cache = true; break; @@ -1306,7 +1334,24 @@ int main(int argc, char **argv) { } if (status != INSTALL_SUCCESS) { ui->Print("Installation aborted.\n"); - + // When I/O error happens, reboot and retry installation EIO_RETRY_COUNT + // times before we abandon this OTA update. + if (status == INSTALL_RETRY && retry_count < EIO_RETRY_COUNT) { + copy_logs(); + set_retry_bootloader_message(retry_count, argc, argv); + // Print retry count on screen. + ui->Print("Retry attempt %d\n", retry_count); + + // Reboot and retry the update + int ret = property_set(ANDROID_RB_PROPERTY, "reboot,recovery"); + if (ret < 0) { + ui->Print("Reboot failed\n"); + } else { + while (true) { + pause(); + } + } + } // If this is an eng or userdebug build, then automatically // turn the text display on if the script fails so the error // message is visible. diff --git a/updater/updater.cpp b/updater/updater.cpp index 0f22e6d04..ddc01e125 100644 --- a/updater/updater.cpp +++ b/updater/updater.cpp @@ -35,6 +35,8 @@ // (Note it's "updateR-script", not the older "update-script".) #define SCRIPT_NAME "META-INF/com/google/android/updater-script" +extern bool have_eio_error; + struct selabel_handle *sehandle; int main(int argc, char** argv) { @@ -139,6 +141,11 @@ int main(int argc, char** argv) { state.errmsg = NULL; char* result = Evaluate(&state, root); + + if (have_eio_error) { + fprintf(cmd_pipe, "retry_update\n"); + } + if (result == NULL) { if (state.errmsg == NULL) { printf("script aborted (no error message)\n"); -- cgit v1.2.3 From 0ba21cff07ceafeaa43e17aa26e341d961f6f29f Mon Sep 17 00:00:00 2001 From: Prashant Malani Date: Thu, 10 Mar 2016 14:51:25 -0800 Subject: recovery: Remove duplicate variables and functions The function that modifies rtl_locale exists only in the base class, and so the variable should not have a duplicate in the derived class, otherwise there may be incosistent values when it is read by the derived class (the thinking being that invoking the function will modify the base class version of the variable, and not the derived class version). Remove the updateMutex variable, and instead re-use the one in the base class. Also remove LoadBitmap from WearUI since it is identical to the one in ScreenRecoveryUI. Bug: 27407422 Change-Id: Idd823fa93dfa16d7b2c9c7160f8d0c2559d28731 --- screen_ui.cpp | 4 ++-- screen_ui.h | 7 ++++--- wear_ui.cpp | 9 --------- wear_ui.h | 4 ---- 4 files changed, 6 insertions(+), 18 deletions(-) diff --git a/screen_ui.cpp b/screen_ui.cpp index 522aa6b23..9f72de4b8 100644 --- a/screen_ui.cpp +++ b/screen_ui.cpp @@ -54,7 +54,6 @@ ScreenRecoveryUI::ScreenRecoveryUI() : currentIcon(NONE), installingFrame(0), locale(nullptr), - rtl_locale(false), progressBarType(EMPTY), progressScopeStart(0), progressScopeSize(0), @@ -76,7 +75,8 @@ ScreenRecoveryUI::ScreenRecoveryUI() : animation_fps(-1), installing_frames(-1), stage(-1), - max_stage(-1) { + max_stage(-1), + rtl_locale(false) { for (int i = 0; i < 5; i++) { backgroundIcon[i] = nullptr; diff --git a/screen_ui.h b/screen_ui.h index 08a5f44a9..6d1191087 100644 --- a/screen_ui.h +++ b/screen_ui.h @@ -71,9 +71,7 @@ class ScreenRecoveryUI : public RecoveryUI { Icon currentIcon; int installingFrame; const char* locale; - bool rtl_locale; - pthread_mutex_t updateMutex; GRSurface* backgroundIcon[5]; GRSurface* backgroundText[5]; GRSurface** installation; @@ -136,9 +134,12 @@ class ScreenRecoveryUI : public RecoveryUI { void DrawTextLine(int* y, const char* line, bool bold); void DrawTextLines(int* y, const char* const* lines); - void LoadBitmap(const char* filename, GRSurface** surface); void LoadBitmapArray(const char* filename, int* frames, int* fps, GRSurface*** surface); void LoadLocalizedBitmap(const char* filename, GRSurface** surface); + protected: + pthread_mutex_t updateMutex; + bool rtl_locale; + void LoadBitmap(const char* filename, GRSurface** surface); }; #endif // RECOVERY_UI_H diff --git a/wear_ui.cpp b/wear_ui.cpp index 65bcd8494..e76af8d6b 100644 --- a/wear_ui.cpp +++ b/wear_ui.cpp @@ -62,7 +62,6 @@ WearRecoveryUI::WearRecoveryUI() : currentIcon(NONE), intro_done(false), current_frame(0), - rtl_locale(false), progressBarType(EMPTY), progressScopeStart(0), progressScopeSize(0), @@ -81,7 +80,6 @@ WearRecoveryUI::WearRecoveryUI() : for (size_t i = 0; i < 5; i++) backgroundIcon[i] = NULL; - pthread_mutex_init(&updateMutex, NULL); self = this; } @@ -321,13 +319,6 @@ void WearRecoveryUI::progress_loop() { } } -void WearRecoveryUI::LoadBitmap(const char* filename, GRSurface** surface) { - int result = res_create_display_surface(filename, surface); - if (result < 0) { - LOGE("missing bitmap %s\n(Code %d)\n", filename, result); - } -} - void WearRecoveryUI::Init() { gr_init(); diff --git a/wear_ui.h b/wear_ui.h index 35ea51660..92cd320bb 100644 --- a/wear_ui.h +++ b/wear_ui.h @@ -84,9 +84,6 @@ class WearRecoveryUI : public ScreenRecoveryUI { int current_frame; - bool rtl_locale; - - pthread_mutex_t updateMutex; GRSurface* backgroundIcon[5]; GRSurface* *introFrames; GRSurface* *loopFrames; @@ -123,7 +120,6 @@ class WearRecoveryUI : public ScreenRecoveryUI { void update_screen_locked(); static void* progress_thread(void* cookie); void progress_loop(); - void LoadBitmap(const char* filename, GRSurface** surface); void PutChar(char); void ClearText(); void DrawTextLine(int x, int* y, const char* line, bool bold); -- cgit v1.2.3 From 1c522df25f9524eaa0273538b3de0b9ad1b8fcea Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Wed, 10 Feb 2016 16:41:10 -0800 Subject: applypatch: use vector to store data in FileContents. Cherry pick this patch because it fixes the problem that a newed Value is released by free(). Bug: 26906416 Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43 (cherry picked from commit d6c93afcc28cc65217ba65eeb646009c4f15a2ad) --- applypatch/applypatch.cpp | 105 +++++++++++++++------------------------------- applypatch/applypatch.h | 12 ++---- applypatch/main.cpp | 67 ++++++++++++++--------------- updater/install.cpp | 21 +++++----- 4 files changed, 78 insertions(+), 127 deletions(-) diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 9f5e2f200..9d8a21797 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -56,8 +56,6 @@ static bool mtd_partitions_scanned = false; // // Return 0 on success. int LoadFileContents(const char* filename, FileContents* file) { - file->data = NULL; - // A special 'filename' beginning with "MTD:" or "EMMC:" means to // load the contents of a partition. if (strncmp(filename, "MTD:", 4) == 0 || @@ -70,31 +68,22 @@ int LoadFileContents(const char* filename, FileContents* file) { return -1; } - file->size = file->st.st_size; - file->data = nullptr; - - std::unique_ptr data( - static_cast(malloc(file->size)), free); - if (data == nullptr) { - printf("failed to allocate memory: %s\n", strerror(errno)); - return -1; - } - + std::vector data(file->st.st_size); FILE* f = ota_fopen(filename, "rb"); if (f == NULL) { printf("failed to open \"%s\": %s\n", filename, strerror(errno)); return -1; } - size_t bytes_read = ota_fread(data.get(), 1, file->size, f); - if (bytes_read != static_cast(file->size)) { - printf("short read of \"%s\" (%zu bytes of %zd)\n", filename, bytes_read, file->size); - fclose(f); + size_t bytes_read = ota_fread(data.data(), 1, data.size(), f); + if (bytes_read != data.size()) { + printf("short read of \"%s\" (%zu bytes of %zd)\n", filename, bytes_read, data.size()); + ota_fclose(f); return -1; } ota_fclose(f); - file->data = data.release(); - SHA1(file->data, file->size, file->sha1); + file->data = std::move(data); + SHA1(file->data.data(), file->data.size(), file->sha1); return 0; } @@ -193,17 +182,17 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { uint8_t parsed_sha[SHA_DIGEST_LENGTH]; // Allocate enough memory to hold the largest size. - file->data = static_cast(malloc(size[index[pairs-1]])); - char* p = (char*)file->data; - file->size = 0; // # bytes read so far + std::vector data(size[index[pairs-1]]); + char* p = reinterpret_cast(data.data()); + size_t data_size = 0; // # bytes read so far bool found = false; for (size_t i = 0; i < pairs; ++i) { // Read enough additional bytes to get us up to the next size. (Again, // we're trying the possibilities in order of increasing size). - size_t next = size[index[i]] - file->size; - size_t read = 0; + size_t next = size[index[i]] - data_size; if (next > 0) { + size_t read = 0; switch (type) { case MTD: read = mtd_read_data(ctx, p, next); @@ -216,12 +205,11 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { if (next != read) { printf("short read (%zu bytes of %zu) for partition \"%s\"\n", read, next, partition); - free(file->data); - file->data = NULL; return -1; } SHA1_Update(&sha_ctx, p, read); - file->size += read; + data_size += read; + p += read; } // Duplicate the SHA context and finalize the duplicate so we can @@ -233,8 +221,6 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { if (ParseSha1(sha1sum[index[i]].c_str(), parsed_sha) != 0) { printf("failed to parse sha1 %s in %s\n", sha1sum[index[i]].c_str(), filename); - free(file->data); - file->data = NULL; return -1; } @@ -246,8 +232,6 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { found = true; break; } - - p += read; } switch (type) { @@ -264,13 +248,13 @@ static int LoadPartitionContents(const char* filename, FileContents* file) { if (!found) { // Ran off the end of the list of (size,sha1) pairs without finding a match. printf("contents of partition \"%s\" didn't match %s\n", partition, filename); - free(file->data); - file->data = NULL; return -1; } SHA1_Final(file->sha1, &sha_ctx); + data.resize(data_size); + file->data = std::move(data); // Fake some stat() info. file->st.st_mode = 0644; file->st.st_uid = 0; @@ -289,10 +273,10 @@ int SaveFileContents(const char* filename, const FileContents* file) { return -1; } - ssize_t bytes_written = FileSink(file->data, file->size, &fd); - if (bytes_written != file->size) { - printf("short write of \"%s\" (%zd bytes of %zd) (%s)\n", - filename, bytes_written, file->size, strerror(errno)); + ssize_t bytes_written = FileSink(file->data.data(), file->data.size(), &fd); + if (bytes_written != static_cast(file->data.size())) { + printf("short write of \"%s\" (%zd bytes of %zu) (%s)\n", + filename, bytes_written, file->data.size(), strerror(errno)); ota_close(fd); return -1; } @@ -543,7 +527,6 @@ int FindMatchingPatch(uint8_t* sha1, char* const * const patch_sha1_str, int applypatch_check(const char* filename, int num_patches, char** const patch_sha1_str) { FileContents file; - file.data = NULL; // It's okay to specify no sha1s; the check will pass if the // LoadFileContents is successful. (Useful for reading @@ -555,9 +538,6 @@ int applypatch_check(const char* filename, int num_patches, printf("file \"%s\" doesn't have any of expected " "sha1 sums; checking cache\n", filename); - free(file.data); - file.data = NULL; - // If the source file is missing or corrupted, it might be because // we were killed in the middle of patching it. A copy of it // should have been made in CACHE_TEMP_SOURCE. If that file @@ -571,12 +551,9 @@ int applypatch_check(const char* filename, int num_patches, if (FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0) { printf("cache bits don't match any sha1 for \"%s\"\n", filename); - free(file.data); return 1; } } - - free(file.data); return 0; } @@ -674,8 +651,6 @@ int applypatch(const char* source_filename, FileContents copy_file; FileContents source_file; - copy_file.data = NULL; - source_file.data = NULL; const Value* source_patch_value = NULL; const Value* copy_patch_value = NULL; @@ -685,22 +660,20 @@ int applypatch(const char* source_filename, // The early-exit case: the patch was already applied, this file // has the desired hash, nothing for us to do. printf("already %s\n", short_sha1(target_sha1).c_str()); - free(source_file.data); return 0; } } - if (source_file.data == NULL || + if (source_file.data.empty() || (target_filename != source_filename && strcmp(target_filename, source_filename) != 0)) { // Need to load the source file: either we failed to load the // target file, or we did but it's different from the source file. - free(source_file.data); - source_file.data = NULL; + source_file.data.clear(); LoadFileContents(source_filename, &source_file); } - if (source_file.data != NULL) { + if (!source_file.data.empty()) { int to_use = FindMatchingPatch(source_file.sha1, patch_sha1_str, num_patches); if (to_use >= 0) { source_patch_value = patch_data[to_use]; @@ -708,8 +681,7 @@ int applypatch(const char* source_filename, } if (source_patch_value == NULL) { - free(source_file.data); - source_file.data = NULL; + source_file.data.clear(); printf("source file is bad; trying copy\n"); if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file) < 0) { @@ -726,19 +698,14 @@ int applypatch(const char* source_filename, if (copy_patch_value == NULL) { // fail. printf("copy file doesn't match source SHA-1s either\n"); - free(copy_file.data); return 1; } } - int result = GenerateTarget(&source_file, source_patch_value, - ©_file, copy_patch_value, - source_filename, target_filename, - target_sha1, target_size, bonus_data); - free(source_file.data); - free(copy_file.data); - - return result; + return GenerateTarget(&source_file, source_patch_value, + ©_file, copy_patch_value, + source_filename, target_filename, + target_sha1, target_size, bonus_data); } /* @@ -759,7 +726,6 @@ int applypatch_flash(const char* source_filename, const char* target_filename, } FileContents source_file; - source_file.data = NULL; std::string target_str(target_filename); std::vector pieces = android::base::Split(target_str, ":"); @@ -777,7 +743,6 @@ int applypatch_flash(const char* source_filename, const char* target_filename, // The early-exit case: the image was already applied, this partition // has the desired hash, nothing for us to do. printf("already %s\n", short_sha1(target_sha1).c_str()); - free(source_file.data); return 0; } @@ -787,18 +752,14 @@ int applypatch_flash(const char* source_filename, const char* target_filename, printf("source \"%s\" doesn't have expected sha1 sum\n", source_filename); printf("expected: %s, found: %s\n", short_sha1(target_sha1).c_str(), short_sha1(source_file.sha1).c_str()); - free(source_file.data); return 1; } } - if (WriteToPartition(source_file.data, target_size, target_filename) != 0) { + if (WriteToPartition(source_file.data.data(), target_size, target_filename) != 0) { printf("write of copied data to %s failed\n", target_filename); - free(source_file.data); return 1; } - - free(source_file.data); return 0; } @@ -867,7 +828,7 @@ static int GenerateTarget(FileContents* source_file, // We still write the original source to cache, in case // the partition write is interrupted. - if (MakeFreeSpaceOnCache(source_file->size) < 0) { + if (MakeFreeSpaceOnCache(source_file->data.size()) < 0) { printf("not enough free space on /cache\n"); return 1; } @@ -908,7 +869,7 @@ static int GenerateTarget(FileContents* source_file, return 1; } - if (MakeFreeSpaceOnCache(source_file->size) < 0) { + if (MakeFreeSpaceOnCache(source_file->data.size()) < 0) { printf("not enough free space on /cache\n"); return 1; } @@ -951,10 +912,10 @@ static int GenerateTarget(FileContents* source_file, int result; if (use_bsdiff) { - result = ApplyBSDiffPatch(source_to_use->data, source_to_use->size, + result = ApplyBSDiffPatch(source_to_use->data.data(), source_to_use->data.size(), patch, 0, sink, token, &ctx); } else { - result = ApplyImagePatch(source_to_use->data, source_to_use->size, + result = ApplyImagePatch(source_to_use->data.data(), source_to_use->data.size(), patch, sink, token, &ctx, bonus_data); } diff --git a/applypatch/applypatch.h b/applypatch/applypatch.h index 14fb490ba..f392c5534 100644 --- a/applypatch/applypatch.h +++ b/applypatch/applypatch.h @@ -24,17 +24,11 @@ #include "openssl/sha.h" #include "edify/expr.h" -typedef struct _Patch { +struct FileContents { uint8_t sha1[SHA_DIGEST_LENGTH]; - const char* patch_filename; -} Patch; - -typedef struct _FileContents { - uint8_t sha1[SHA_DIGEST_LENGTH]; - unsigned char* data; - ssize_t size; + std::vector data; struct stat st; -} FileContents; +}; // When there isn't enough room on the target filesystem to hold the // patched version of the file, we copy the original here and delete diff --git a/applypatch/main.cpp b/applypatch/main.cpp index 7606d5d3c..9013760c4 100644 --- a/applypatch/main.cpp +++ b/applypatch/main.cpp @@ -46,40 +46,32 @@ static int SpaceMode(int argc, char** argv) { return CacheSizeCheck(bytes); } -// Parse arguments (which should be of the form "" or -// ":" into the new parallel arrays *sha1s and -// *patches (loading file contents into the patches). Returns true on +// Parse arguments (which should be of the form ":" +// into the new parallel arrays *sha1s and *files.Returns true on // success. static bool ParsePatchArgs(int argc, char** argv, std::vector* sha1s, - std::vector>* patches) { + std::vector* files) { uint8_t digest[SHA_DIGEST_LENGTH]; for (int i = 0; i < argc; ++i) { char* colon = strchr(argv[i], ':'); - if (colon != NULL) { - *colon = '\0'; - ++colon; + if (colon == nullptr) { + printf("no ':' in patch argument \"%s\"\n", argv[i]); + return false; } - + *colon = '\0'; + ++colon; if (ParseSha1(argv[i], digest) != 0) { printf("failed to parse sha1 \"%s\"\n", argv[i]); return false; } sha1s->push_back(argv[i]); - if (colon == NULL) { - patches->emplace_back(nullptr, FreeValue); - } else { - FileContents fc; - if (LoadFileContents(colon, &fc) != 0) { - return false; - } - std::unique_ptr value(new Value, FreeValue); - value->type = VAL_BLOB; - value->size = fc.size; - value->data = reinterpret_cast(fc.data); - patches->push_back(std::move(value)); + FileContents fc; + if (LoadFileContents(colon, &fc) != 0) { + return false; } + files->push_back(std::move(fc)); } return true; } @@ -90,17 +82,19 @@ static int FlashMode(const char* src_filename, const char* tgt_filename, } static int PatchMode(int argc, char** argv) { - std::unique_ptr bonus(nullptr, FreeValue); + FileContents bonusFc; + Value bonusValue; + Value* bonus = nullptr; + if (argc >= 3 && strcmp(argv[1], "-b") == 0) { - FileContents fc; - if (LoadFileContents(argv[2], &fc) != 0) { + if (LoadFileContents(argv[2], &bonusFc) != 0) { printf("failed to load bonus file %s\n", argv[2]); return 1; } - bonus.reset(new Value); + bonus = &bonusValue; bonus->type = VAL_BLOB; - bonus->size = fc.size; - bonus->data = reinterpret_cast(fc.data); + bonus->size = bonusFc.data.size(); + bonus->data = reinterpret_cast(bonusFc.data.data()); argc -= 2; argv += 2; } @@ -118,28 +112,29 @@ static int PatchMode(int argc, char** argv) { // If no : is provided, it is in flash mode. if (argc == 5) { - if (bonus != NULL) { + if (bonus != nullptr) { printf("bonus file not supported in flash mode\n"); return 1; } return FlashMode(argv[1], argv[2], argv[3], target_size); } - - std::vector sha1s; - std::vector> patches; - if (!ParsePatchArgs(argc-5, argv+5, &sha1s, &patches)) { + std::vector files; + if (!ParsePatchArgs(argc-5, argv+5, &sha1s, &files)) { printf("failed to parse patch args\n"); return 1; } - - std::vector patch_ptrs; - for (const auto& p : patches) { - patch_ptrs.push_back(p.get()); + std::vector patches(files.size()); + std::vector patch_ptrs(files.size()); + for (size_t i = 0; i < files.size(); ++i) { + patches[i].type = VAL_BLOB; + patches[i].size = files[i].data.size(); + patches[i].data = reinterpret_cast(files[i].data.data()); + patch_ptrs[i] = &patches[i]; } return applypatch(argv[1], argv[2], argv[3], target_size, patch_ptrs.size(), sha1s.data(), - patch_ptrs.data(), bonus.get()); + patch_ptrs.data(), bonus); } // This program applies binary patches to files in a way that is safe diff --git a/updater/install.cpp b/updater/install.cpp index a2efc0b97..b7d9e85a2 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -1398,21 +1398,22 @@ Value* ReadFileFn(const char* name, State* state, int argc, Expr* argv[]) { char* filename; if (ReadArgs(state, argv, 1, &filename) < 0) return NULL; - Value* v = reinterpret_cast(malloc(sizeof(Value))); + Value* v = static_cast(malloc(sizeof(Value))); + if (v == nullptr) { + return nullptr; + } v->type = VAL_BLOB; + v->size = -1; + v->data = nullptr; FileContents fc; if (LoadFileContents(filename, &fc) != 0) { - free(filename); - v->size = -1; - v->data = NULL; - free(fc.data); - return v; + v->data = static_cast(malloc(fc.data.size())); + if (v->data != nullptr) { + memcpy(v->data, fc.data.data(), fc.data.size()); + v->size = fc.data.size(); + } } - - v->size = fc.size; - v->data = (char*)fc.data; - free(filename); return v; } -- cgit v1.2.3 From 7a491225bbbb24593a4eda5dabe2fc1850d60dd1 Mon Sep 17 00:00:00 2001 From: Prashant Malani Date: Fri, 11 Mar 2016 10:00:55 -0800 Subject: recovery: Remove SetColor, and other refactoring for WearUI The only difference from SetColor in ScreenRecoveryUI is the that the LOG messages have slightly different colors. That's not enough to warrant a duplicate function. So this patch removes SetColor and uses the parent class version. This patch also moves the DrawTextLine* functions into ScreenRecoveryUI since they're mostly the same. It also moves char_width and char_height into the class instead of keeping them as static variables. Bug: 27407422 Change-Id: I30428c9433baab8410cf710a01c9b1c44c217bf1 --- screen_ui.cpp | 36 ++++++++++++++++++------------------ screen_ui.h | 6 ++++-- wear_ui.cpp | 56 +++++++++----------------------------------------------- wear_ui.h | 5 ----- 4 files changed, 31 insertions(+), 72 deletions(-) diff --git a/screen_ui.cpp b/screen_ui.cpp index 9f72de4b8..3614e7a83 100644 --- a/screen_ui.cpp +++ b/screen_ui.cpp @@ -40,8 +40,7 @@ #include "screen_ui.h" #include "ui.h" -static int char_width; -static int char_height; +#define TEXT_INDENT 4 // Return the current time as a double (including fractions of a second). static double now() { @@ -213,14 +212,14 @@ void ScreenRecoveryUI::DrawHorizontalRule(int* y) { *y += 4; } -void ScreenRecoveryUI::DrawTextLine(int* y, const char* line, bool bold) { - gr_text(4, *y, line, bold); - *y += char_height + 4; +void ScreenRecoveryUI::DrawTextLine(int x, int* y, const char* line, bool bold) { + gr_text(x, *y, line, bold); + *y += char_height_ + 4; } -void ScreenRecoveryUI::DrawTextLines(int* y, const char* const* lines) { +void ScreenRecoveryUI::DrawTextLines(int x, int* y, const char* const* lines) { for (size_t i = 0; lines != nullptr && lines[i] != nullptr; ++i) { - DrawTextLine(y, lines[i], false); + DrawTextLine(x, y, lines[i], false); } } @@ -251,14 +250,15 @@ void ScreenRecoveryUI::draw_screen_locked() { property_get("ro.bootimage.build.fingerprint", recovery_fingerprint, ""); SetColor(INFO); - DrawTextLine(&y, "Android Recovery", true); + DrawTextLine(TEXT_INDENT, &y, "Android Recovery", true); for (auto& chunk : android::base::Split(recovery_fingerprint, ":")) { - DrawTextLine(&y, chunk.c_str(), false); + DrawTextLine(TEXT_INDENT, &y, chunk.c_str(), false); } - DrawTextLines(&y, HasThreeButtons() ? REGULAR_HELP : LONG_PRESS_HELP); + DrawTextLines(TEXT_INDENT, &y, + HasThreeButtons() ? REGULAR_HELP : LONG_PRESS_HELP); SetColor(HEADER); - DrawTextLines(&y, menu_headers_); + DrawTextLines(TEXT_INDENT, &y, menu_headers_); SetColor(MENU); DrawHorizontalRule(&y); @@ -267,7 +267,7 @@ void ScreenRecoveryUI::draw_screen_locked() { if (i == menu_sel) { // Draw the highlight bar. SetColor(IsLongPress() ? MENU_SEL_BG_ACTIVE : MENU_SEL_BG); - gr_fill(0, y - 2, gr_fb_width(), y + char_height + 2); + gr_fill(0, y - 2, gr_fb_width(), y + char_height_ + 2); // Bold white text for the selected item. SetColor(MENU_SEL_FG); gr_text(4, y, menu_[i], true); @@ -275,7 +275,7 @@ void ScreenRecoveryUI::draw_screen_locked() { } else { gr_text(4, y, menu_[i], false); } - y += char_height + 4; + y += char_height_ + 4; } DrawHorizontalRule(&y); } @@ -286,9 +286,9 @@ void ScreenRecoveryUI::draw_screen_locked() { SetColor(LOG); int row = (text_top_ + text_rows_ - 1) % text_rows_; size_t count = 0; - for (int ty = gr_fb_height() - char_height; + for (int ty = gr_fb_height() - char_height_; ty >= y && count < text_rows_; - ty -= char_height, ++count) { + ty -= char_height_, ++count) { gr_text(0, ty, text_[row], false); --row; if (row < 0) row = text_rows_ - 1; @@ -394,9 +394,9 @@ static char** Alloc2d(size_t rows, size_t cols) { void ScreenRecoveryUI::Init() { gr_init(); - gr_font_size(&char_width, &char_height); - text_rows_ = gr_fb_height() / char_height; - text_cols_ = gr_fb_width() / char_width; + gr_font_size(&char_width_, &char_height_); + text_rows_ = gr_fb_height() / char_height_; + text_cols_ = gr_fb_width() / char_width_; text_ = Alloc2d(text_rows_, text_cols_ + 1); file_viewer_text_ = Alloc2d(text_rows_, text_cols_ + 1); diff --git a/screen_ui.h b/screen_ui.h index 6d1191087..9e1b2dfa1 100644 --- a/screen_ui.h +++ b/screen_ui.h @@ -131,15 +131,17 @@ class ScreenRecoveryUI : public RecoveryUI { void ClearText(); void DrawHorizontalRule(int* y); - void DrawTextLine(int* y, const char* line, bool bold); - void DrawTextLines(int* y, const char* const* lines); void LoadBitmapArray(const char* filename, int* frames, int* fps, GRSurface*** surface); void LoadLocalizedBitmap(const char* filename, GRSurface** surface); protected: + int char_width_; + int char_height_; pthread_mutex_t updateMutex; bool rtl_locale; void LoadBitmap(const char* filename, GRSurface** surface); + void DrawTextLine(int x, int* y, const char* line, bool bold); + void DrawTextLines(int x, int* y, const char* const* lines); }; #endif // RECOVERY_UI_H diff --git a/wear_ui.cpp b/wear_ui.cpp index e76af8d6b..2502313ff 100644 --- a/wear_ui.cpp +++ b/wear_ui.cpp @@ -34,9 +34,6 @@ #include "android-base/strings.h" #include "android-base/stringprintf.h" -static int char_width; -static int char_height; - // There's only (at most) one of these objects, and global callbacks // (for pthread_create, and the input event system) need to find it, // so use a global variable. @@ -143,41 +140,6 @@ void WearRecoveryUI::draw_progress_locked() } } -void WearRecoveryUI::SetColor(UIElement e) { - switch (e) { - case HEADER: - gr_color(247, 0, 6, 255); - break; - case MENU: - case MENU_SEL_BG: - gr_color(0, 106, 157, 255); - break; - case MENU_SEL_FG: - gr_color(255, 255, 255, 255); - break; - case LOG: - gr_color(249, 194, 0, 255); - break; - case TEXT_FILL: - gr_color(0, 0, 0, 160); - break; - default: - gr_color(255, 255, 255, 255); - break; - } -} - -void WearRecoveryUI::DrawTextLine(int x, int* y, const char* line, bool bold) { - gr_text(x, *y, line, bold); - *y += char_height + 4; -} - -void WearRecoveryUI::DrawTextLines(int x, int* y, const char* const* lines) { - for (size_t i = 0; lines != nullptr && lines[i] != nullptr; ++i) { - DrawTextLine(x, y, lines[i], false); - } -} - static const char* HEADERS[] = { "Swipe up/down to move.", "Swipe left/right to select.", @@ -216,7 +178,7 @@ void WearRecoveryUI::draw_screen_locked() if (menu_items > menu_end - menu_start) { sprintf(cur_selection_str, "Current item: %d/%d", menu_sel + 1, menu_items); gr_text(x+4, y, cur_selection_str, 1); - y += char_height+4; + y += char_height_+4; } // Menu begins here @@ -227,7 +189,7 @@ void WearRecoveryUI::draw_screen_locked() if (i == menu_sel) { // draw the highlight bar SetColor(MENU_SEL_BG); - gr_fill(x, y-2, gr_fb_width()-x, y+char_height+2); + gr_fill(x, y-2, gr_fb_width()-x, y+char_height_+2); // white text of selected item SetColor(MENU_SEL_FG); if (menu[i][0]) gr_text(x+4, y, menu[i], 1); @@ -235,7 +197,7 @@ void WearRecoveryUI::draw_screen_locked() } else { if (menu[i][0]) gr_text(x+4, y, menu[i], 0); } - y += char_height+4; + y += char_height_+4; } SetColor(MENU); y += 4; @@ -251,9 +213,9 @@ void WearRecoveryUI::draw_screen_locked() int ty; int row = (text_top+text_rows-1) % text_rows; size_t count = 0; - for (int ty = gr_fb_height() - char_height - outer_height; + for (int ty = gr_fb_height() - char_height_ - outer_height; ty > y+2 && count < text_rows; - ty -= char_height, ++count) { + ty -= char_height_, ++count) { gr_text(x+4, ty, text[row], 0); --row; if (row < 0) row = text_rows-1; @@ -323,15 +285,15 @@ void WearRecoveryUI::Init() { gr_init(); - gr_font_size(&char_width, &char_height); + gr_font_size(&char_width_, &char_height_); text_col = text_row = 0; - text_rows = (gr_fb_height()) / char_height; - visible_text_rows = (gr_fb_height() - (outer_height * 2)) / char_height; + text_rows = (gr_fb_height()) / char_height_; + visible_text_rows = (gr_fb_height() - (outer_height * 2)) / char_height_; if (text_rows > kMaxRows) text_rows = kMaxRows; text_top = 1; - text_cols = (gr_fb_width() - (outer_width * 2)) / char_width; + text_cols = (gr_fb_width() - (outer_width * 2)) / char_width_; if (text_cols > kMaxCols - 1) text_cols = kMaxCols - 1; LoadBitmap("icon_installing", &backgroundIcon[INSTALLING_UPDATE]); diff --git a/wear_ui.h b/wear_ui.h index 92cd320bb..e2d6fe072 100644 --- a/wear_ui.h +++ b/wear_ui.h @@ -53,9 +53,6 @@ class WearRecoveryUI : public ScreenRecoveryUI { void Redraw(); - enum UIElement { HEADER, MENU, MENU_SEL_BG, MENU_SEL_FG, LOG, TEXT_FILL }; - virtual void SetColor(UIElement e); - protected: int progress_bar_height, progress_bar_width; @@ -122,8 +119,6 @@ class WearRecoveryUI : public ScreenRecoveryUI { void progress_loop(); void PutChar(char); void ClearText(); - void DrawTextLine(int x, int* y, const char* line, bool bold); - void DrawTextLines(int x, int* y, const char* const* lines); void PrintV(const char*, bool, va_list); }; -- cgit v1.2.3 From b8a693bbc73808924f4be8c4d47bbc4da0647e3a Mon Sep 17 00:00:00 2001 From: Jed Estep Date: Wed, 9 Mar 2016 17:51:34 -0800 Subject: Port applypatch.sh tests to recovery_component_tests Bug: 27135282 Change-Id: If53682b591397ddfdb84860a3779b612904d4489 --- tests/Android.mk | 13 +- tests/common/test_constants.h | 25 +++ tests/component/applypatch_test.cpp | 392 ++++++++++++++++++++++++++++++++++++ tests/component/verifier_test.cpp | 7 +- tests/testdata/new.file | Bin 0 -> 1388877 bytes tests/testdata/old.file | Bin 0 -> 1348051 bytes tests/testdata/patch.bsdiff | Bin 0 -> 57476 bytes 7 files changed, 429 insertions(+), 8 deletions(-) create mode 100644 tests/common/test_constants.h create mode 100644 tests/component/applypatch_test.cpp create mode 100644 tests/testdata/new.file create mode 100644 tests/testdata/old.file create mode 100644 tests/testdata/patch.bsdiff diff --git a/tests/Android.mk b/tests/Android.mk index 3f3c433eb..9d83c9a49 100644 --- a/tests/Android.mk +++ b/tests/Android.mk @@ -29,21 +29,30 @@ include $(BUILD_NATIVE_TEST) # Component tests include $(CLEAR_VARS) LOCAL_CLANG := true +LOCAL_CFLAGS += -Wno-unused-parameter LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk LOCAL_MODULE := recovery_component_test LOCAL_C_INCLUDES := bootable/recovery -LOCAL_SRC_FILES := component/verifier_test.cpp +LOCAL_SRC_FILES := \ + component/verifier_test.cpp \ + component/applypatch_test.cpp LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_STATIC_LIBRARIES := \ + libapplypatch \ + libotafault \ + libmtdutils \ libbase \ libverifier \ libmincrypt \ + libcrypto_static \ libminui \ libminzip \ libcutils \ + libbz \ + libz \ libc -testdata_out_path := $(TARGET_OUT_DATA_NATIVE_TESTS)/$(LOCAL_MODULE) +testdata_out_path := $(TARGET_OUT_DATA_NATIVE_TESTS)/recovery testdata_files := $(call find-subdir-files, testdata/*) GEN := $(addprefix $(testdata_out_path)/, $(testdata_files)) diff --git a/tests/common/test_constants.h b/tests/common/test_constants.h new file mode 100644 index 000000000..3490f6805 --- /dev/null +++ b/tests/common/test_constants.h @@ -0,0 +1,25 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Licensed under the Apache License, version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agree to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef _OTA_TEST_CONSTANTS_H +#define _OTA_TEST_CONSTANTS_H + +#if defined(__LP64__) +#define NATIVE_TEST_PATH "/nativetest64" +#else +#define NATIVE_TEST_PATH "/nativetest" +#endif + +#endif diff --git a/tests/component/applypatch_test.cpp b/tests/component/applypatch_test.cpp new file mode 100644 index 000000000..b44ddd17c --- /dev/null +++ b/tests/component/applypatch_test.cpp @@ -0,0 +1,392 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Licensed under the Apache License, version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agree to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include +#include + +#include "applypatch/applypatch.h" +#include "common/test_constants.h" +#include "openssl/sha.h" +#include "print_sha1.h" + +static const std::string DATA_PATH = getenv("ANDROID_DATA"); +static const std::string TESTDATA_PATH = "/recovery/testdata"; +static const std::string WORK_FS = "/data"; + +static std::string sha1sum(const std::string& fname) { + uint8_t digest[SHA_DIGEST_LENGTH]; + std::string data; + android::base::ReadFileToString(fname, &data); + + SHA1((const uint8_t*)data.c_str(), data.size(), digest); + return print_sha1(digest); +} + +static void mangle_file(const std::string& fname) { + FILE* fh = fopen(&fname[0], "w"); + int r; + for (int i=0; i < 1024; i++) { + r = rand(); + fwrite(&r, sizeof(short), 1, fh); + } + fclose(fh); +} + +static bool file_cmp(std::string& f1, std::string& f2) { + std::string c1; + std::string c2; + android::base::ReadFileToString(f1, &c1); + android::base::ReadFileToString(f2, &c2); + return c1 == c2; +} + +static std::string from_testdata_base(const std::string fname) { + return android::base::StringPrintf("%s%s%s/%s", + &DATA_PATH[0], + &NATIVE_TEST_PATH[0], + &TESTDATA_PATH[0], + &fname[0]); +} + +class ApplyPatchTest : public ::testing::Test { + public: + static void SetUpTestCase() { + // set up files + old_file = from_testdata_base("old.file"); + new_file = from_testdata_base("new.file"); + patch_file = from_testdata_base("patch.bsdiff"); + rand_file = "/cache/applypatch_test_rand.file"; + cache_file = "/cache/saved.file"; + + // write stuff to rand_file + android::base::WriteStringToFile("hello", rand_file); + + // set up SHA constants + old_sha1 = sha1sum(old_file); + new_sha1 = sha1sum(new_file); + srand(time(NULL)); + bad_sha1_a = android::base::StringPrintf("%040x", rand()); + bad_sha1_b = android::base::StringPrintf("%040x", rand()); + + struct stat st; + stat(&new_file[0], &st); + new_size = st.st_size; + } + + static std::string old_file; + static std::string new_file; + static std::string rand_file; + static std::string cache_file; + static std::string patch_file; + + static std::string old_sha1; + static std::string new_sha1; + static std::string bad_sha1_a; + static std::string bad_sha1_b; + + static size_t new_size; +}; + +std::string ApplyPatchTest::old_file; +std::string ApplyPatchTest::new_file; + +static void cp(std::string src, std::string tgt) { + std::string cmd = android::base::StringPrintf("cp %s %s", + &src[0], + &tgt[0]); + system(&cmd[0]); +} + +static void backup_old() { + cp(ApplyPatchTest::old_file, ApplyPatchTest::cache_file); +} + +static void restore_old() { + cp(ApplyPatchTest::cache_file, ApplyPatchTest::old_file); +} + +class ApplyPatchCacheTest : public ApplyPatchTest { + public: + virtual void SetUp() { + backup_old(); + } + + virtual void TearDown() { + restore_old(); + } +}; + +class ApplyPatchFullTest : public ApplyPatchCacheTest { + public: + static void SetUpTestCase() { + ApplyPatchTest::SetUpTestCase(); + unsigned long free_kb = FreeSpaceForFile(&WORK_FS[0]); + ASSERT_GE(free_kb * 1024, new_size * 3 / 2); + output_f = new TemporaryFile(); + output_loc = std::string(output_f->path); + + struct FileContents fc; + + ASSERT_EQ(0, LoadFileContents(&rand_file[0], &fc)); + Value* patch1 = new Value(); + patch1->type = VAL_BLOB; + patch1->size = fc.data.size(); + patch1->data = static_cast(malloc(fc.data.size())); + memcpy(patch1->data, fc.data.data(), fc.data.size()); + patches.push_back(patch1); + + ASSERT_EQ(0, LoadFileContents(&patch_file[0], &fc)); + Value* patch2 = new Value(); + patch2->type = VAL_BLOB; + patch2->size = fc.st.st_size; + patch2->data = static_cast(malloc(fc.data.size())); + memcpy(patch2->data, fc.data.data(), fc.data.size()); + patches.push_back(patch2); + } + static void TearDownTestCase() { + delete output_f; + for (auto it = patches.begin(); it != patches.end(); ++it) { + free((*it)->data); + delete *it; + } + patches.clear(); + } + + static std::vector patches; + static TemporaryFile* output_f; + static std::string output_loc; +}; + +class ApplyPatchDoubleCacheTest : public ApplyPatchFullTest { + public: + virtual void SetUp() { + ApplyPatchCacheTest::SetUp(); + cp(cache_file, "/cache/reallysaved.file"); + } + + virtual void TearDown() { + cp("/cache/reallysaved.file", cache_file); + ApplyPatchCacheTest::TearDown(); + } +}; + +std::string ApplyPatchTest::rand_file; +std::string ApplyPatchTest::patch_file; +std::string ApplyPatchTest::cache_file; +std::string ApplyPatchTest::old_sha1; +std::string ApplyPatchTest::new_sha1; +std::string ApplyPatchTest::bad_sha1_a; +std::string ApplyPatchTest::bad_sha1_b; + +size_t ApplyPatchTest::new_size; + +std::vector ApplyPatchFullTest::patches; +TemporaryFile* ApplyPatchFullTest::output_f; +std::string ApplyPatchFullTest::output_loc; + +TEST_F(ApplyPatchTest, CheckModeSingle) { + char* s = &old_sha1[0]; + ASSERT_EQ(0, applypatch_check(&old_file[0], 1, &s)); +} + +TEST_F(ApplyPatchTest, CheckModeMultiple) { + char* argv[3] = { + &bad_sha1_a[0], + &old_sha1[0], + &bad_sha1_b[0] + }; + ASSERT_EQ(0, applypatch_check(&old_file[0], 3, argv)); +} + +TEST_F(ApplyPatchTest, CheckModeFailure) { + char* argv[2] = { + &bad_sha1_a[0], + &bad_sha1_b[0] + }; + ASSERT_NE(0, applypatch_check(&old_file[0], 2, argv)); +} + +TEST_F(ApplyPatchCacheTest, CheckCacheCorruptedSingle) { + mangle_file(old_file); + char* s = &old_sha1[0]; + ASSERT_EQ(0, applypatch_check(&old_file[0], 1, &s)); +} + +TEST_F(ApplyPatchCacheTest, CheckCacheCorruptedMultiple) { + mangle_file(old_file); + char* argv[3] = { + &bad_sha1_a[0], + &old_sha1[0], + &bad_sha1_b[0] + }; + ASSERT_EQ(0, applypatch_check(&old_file[0], 3, argv)); +} + +TEST_F(ApplyPatchCacheTest, CheckCacheCorruptedFailure) { + mangle_file(old_file); + char* argv[2] = { + &bad_sha1_a[0], + &bad_sha1_b[0] + }; + ASSERT_NE(0, applypatch_check(&old_file[0], 2, argv)); +} + +TEST_F(ApplyPatchCacheTest, CheckCacheMissingSingle) { + unlink(&old_file[0]); + char* s = &old_sha1[0]; + ASSERT_EQ(0, applypatch_check(&old_file[0], 1, &s)); +} + +TEST_F(ApplyPatchCacheTest, CheckCacheMissingMultiple) { + unlink(&old_file[0]); + char* argv[3] = { + &bad_sha1_a[0], + &old_sha1[0], + &bad_sha1_b[0] + }; + ASSERT_EQ(0, applypatch_check(&old_file[0], 3, argv)); +} + +TEST_F(ApplyPatchCacheTest, CheckCacheMissingFailure) { + unlink(&old_file[0]); + char* argv[2] = { + &bad_sha1_a[0], + &bad_sha1_b[0] + }; + ASSERT_NE(0, applypatch_check(&old_file[0], 2, argv)); +} + +TEST_F(ApplyPatchFullTest, ApplyInPlace) { + std::vector sha1s; + sha1s.push_back(&bad_sha1_a[0]); + sha1s.push_back(&old_sha1[0]); + + int ap_result = applypatch(&old_file[0], + "-", + &new_sha1[0], + new_size, + 2, + sha1s.data(), + patches.data(), + nullptr); + ASSERT_EQ(0, ap_result); + ASSERT_TRUE(file_cmp(old_file, new_file)); + // reapply, applypatch is idempotent so it should succeed + ap_result = applypatch(&old_file[0], + "-", + &new_sha1[0], + new_size, + 2, + sha1s.data(), + patches.data(), + nullptr); + ASSERT_EQ(0, ap_result); + ASSERT_TRUE(file_cmp(old_file, new_file)); +} + +TEST_F(ApplyPatchFullTest, ApplyInNewLocation) { + std::vector sha1s; + sha1s.push_back(&bad_sha1_a[0]); + sha1s.push_back(&old_sha1[0]); + int ap_result = applypatch(&old_file[0], + &output_loc[0], + &new_sha1[0], + new_size, + 2, + sha1s.data(), + patches.data(), + nullptr); + ASSERT_EQ(0, ap_result); + ASSERT_TRUE(file_cmp(output_loc, new_file)); + ap_result = applypatch(&old_file[0], + &output_loc[0], + &new_sha1[0], + new_size, + 2, + sha1s.data(), + patches.data(), + nullptr); + ASSERT_EQ(0, ap_result); + ASSERT_TRUE(file_cmp(output_loc, new_file)); +} + +TEST_F(ApplyPatchFullTest, ApplyCorruptedInNewLocation) { + mangle_file(old_file); + std::vector sha1s; + sha1s.push_back(&bad_sha1_a[0]); + sha1s.push_back(&old_sha1[0]); + int ap_result = applypatch(&old_file[0], + &output_loc[0], + &new_sha1[0], + new_size, + 2, + sha1s.data(), + patches.data(), + nullptr); + ASSERT_EQ(0, ap_result); + ASSERT_TRUE(file_cmp(output_loc, new_file)); + ap_result = applypatch(&old_file[0], + &output_loc[0], + &new_sha1[0], + new_size, + 2, + sha1s.data(), + patches.data(), + nullptr); + ASSERT_EQ(0, ap_result); + ASSERT_TRUE(file_cmp(output_loc, new_file)); +} + +TEST_F(ApplyPatchDoubleCacheTest, ApplyDoubleCorruptedInNewLocation) { + mangle_file(old_file); + mangle_file(cache_file); + + std::vector sha1s; + sha1s.push_back(&bad_sha1_a[0]); + sha1s.push_back(&old_sha1[0]); + int ap_result = applypatch(&old_file[0], + &output_loc[0], + &new_sha1[0], + new_size, + 2, + sha1s.data(), + patches.data(), + nullptr); + ASSERT_NE(0, ap_result); + ASSERT_FALSE(file_cmp(output_loc, new_file)); + ap_result = applypatch(&old_file[0], + &output_loc[0], + &new_sha1[0], + new_size, + 2, + sha1s.data(), + patches.data(), + nullptr); + ASSERT_NE(0, ap_result); + ASSERT_FALSE(file_cmp(output_loc, new_file)); +} diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp index c54aa111f..73f6ac9c4 100644 --- a/tests/component/verifier_test.cpp +++ b/tests/component/verifier_test.cpp @@ -29,18 +29,13 @@ #include #include "common.h" +#include "common/test_constants.h" #include "mincrypt/sha.h" #include "mincrypt/sha256.h" #include "minzip/SysUtil.h" #include "ui.h" #include "verifier.h" -#if defined(__LP64__) -#define NATIVE_TEST_PATH "/nativetest64" -#else -#define NATIVE_TEST_PATH "/nativetest" -#endif - static const char* DATA_PATH = getenv("ANDROID_DATA"); static const char* TESTDATA_PATH = "/recovery/testdata/"; diff --git a/tests/testdata/new.file b/tests/testdata/new.file new file mode 100644 index 000000000..cdeb8fd50 Binary files /dev/null and b/tests/testdata/new.file differ diff --git a/tests/testdata/old.file b/tests/testdata/old.file new file mode 100644 index 000000000..166c8732e Binary files /dev/null and b/tests/testdata/old.file differ diff --git a/tests/testdata/patch.bsdiff b/tests/testdata/patch.bsdiff new file mode 100644 index 000000000..b78d38573 Binary files /dev/null and b/tests/testdata/patch.bsdiff differ -- cgit v1.2.3 From f4300bc1269619b74be0a659a496d4ca4ce8b47e Mon Sep 17 00:00:00 2001 From: Greg Kaiser Date: Mon, 14 Mar 2016 12:15:24 -0700 Subject: otafault: Fix setting of have_eio_error. There was one case (ota_fsync, under TARGET_SYNC_FAULT, when the filename was cached) where we were not setting have_eio_error prior to returning. We fix that. Change-Id: I2b0aa61fb1e821f0e77881aba04db95cd8396812 --- otafault/ota_io.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/otafault/ota_io.cpp b/otafault/ota_io.cpp index a37804088..9434ebea3 100644 --- a/otafault/ota_io.cpp +++ b/otafault/ota_io.cpp @@ -189,8 +189,8 @@ int ota_fsync(int fd) { && FilenameCache[fd] == FaultFileName) { FaultFileName = ""; errno = EIO; - return -1; have_eio_error = true; + return -1; } else { int status = fsync(fd); if (status == -1 && errno == EIO) { -- cgit v1.2.3 From f73abf36bcfd433a3fdd1664a77e8e531346c1b1 Mon Sep 17 00:00:00 2001 From: Jed Estep Date: Tue, 15 Dec 2015 16:04:53 -0800 Subject: DO NOT MERGE Control fault injection with config files instead of build flags Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c --- applypatch/applypatch.cpp | 2 +- otafault/Android.mk | 43 ++++-------- otafault/config.cpp | 65 +++++++++++++++++ otafault/config.h | 74 ++++++++++++++++++++ otafault/ota_io.cpp | 174 +++++++++++++++++++--------------------------- otafault/ota_io.h | 4 ++ otafault/test.cpp | 6 +- updater/blockimg.cpp | 2 +- updater/install.cpp | 2 +- updater/updater.cpp | 2 + 10 files changed, 237 insertions(+), 137 deletions(-) create mode 100644 otafault/config.cpp create mode 100644 otafault/config.h diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 9d8a21797..7985fc0c6 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -34,8 +34,8 @@ #include "applypatch.h" #include "mtdutils/mtdutils.h" #include "edify/expr.h" +#include "ota_io.h" #include "print_sha1.h" -#include "otafault/ota_io.h" static int LoadPartitionContents(const char* filename, FileContents* file); static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token); diff --git a/otafault/Android.mk b/otafault/Android.mk index 75617a146..7468de6c4 100644 --- a/otafault/Android.mk +++ b/otafault/Android.mk @@ -1,10 +1,10 @@ -# Copyright 2015 The ANdroid Open Source Project +# Copyright 2015 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -14,45 +14,30 @@ LOCAL_PATH := $(call my-dir) -empty := -space := $(empty) $(empty) -comma := , - -ifneq ($(TARGET_INJECT_FAULTS),) -TARGET_INJECT_FAULTS := $(subst $(comma),$(space),$(strip $(TARGET_INJECT_FAULTS))) -endif - include $(CLEAR_VARS) -LOCAL_SRC_FILES := ota_io.cpp +otafault_static_libs := \ + libminzip \ + libz \ + libselinux \ + +LOCAL_SRC_FILES := config.cpp ota_io.cpp LOCAL_MODULE_TAGS := eng LOCAL_MODULE := libotafault LOCAL_CLANG := true - -ifneq ($(TARGET_INJECT_FAULTS),) -$(foreach ft,$(TARGET_INJECT_FAULTS),\ - $(eval LOCAL_CFLAGS += -DTARGET_$(ft)_FAULT=$(TARGET_$(ft)_FAULT_FILE))) -LOCAL_CFLAGS += -Wno-unused-parameter -LOCAL_CFLAGS += -DTARGET_INJECT_FAULTS -endif - -LOCAL_STATIC_LIBRARIES := libc +LOCAL_C_INCLUDES := bootable/recovery +LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) +LOCAL_WHOLE_STATIC_LIBRARIES := $(otafault_static_libs) include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) -LOCAL_SRC_FILES := ota_io.cpp test.cpp +LOCAL_SRC_FILES := config.cpp ota_io.cpp test.cpp LOCAL_MODULE_TAGS := tests LOCAL_MODULE := otafault_test -LOCAL_STATIC_LIBRARIES := libc +LOCAL_STATIC_LIBRARIES := $(otafault_static_libs) +LOCAL_C_INCLUDES := bootable/recovery LOCAL_FORCE_STATIC_EXECUTABLE := true -LOCAL_CFLAGS += -Wno-unused-parameter -Wno-writable-strings - -ifneq ($(TARGET_INJECT_FAULTS),) -$(foreach ft,$(TARGET_INJECT_FAULTS),\ - $(eval LOCAL_CFLAGS += -DTARGET_$(ft)_FAULT=$(TARGET_$(ft)_FAULT_FILE))) -LOCAL_CFLAGS += -DTARGET_INJECT_FAULTS -endif include $(BUILD_EXECUTABLE) diff --git a/otafault/config.cpp b/otafault/config.cpp new file mode 100644 index 000000000..c87f9a631 --- /dev/null +++ b/otafault/config.cpp @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include +#include + +#include "minzip/Zip.h" +#include "config.h" +#include "ota_io.h" + +#define OTAIO_MAX_FNAME_SIZE 128 + +static ZipArchive* archive; +static std::map should_inject_cache; + +static const char* get_type_path(const char* io_type) { + char* path = (char*)calloc(strlen(io_type) + strlen(OTAIO_BASE_DIR) + 2, sizeof(char)); + sprintf(path, "%s/%s", OTAIO_BASE_DIR, io_type); + return path; +} + +void ota_io_init(ZipArchive* za) { + archive = za; + ota_set_fault_files(); +} + +bool should_fault_inject(const char* io_type) { + if (should_inject_cache.find(io_type) != should_inject_cache.end()) { + return should_inject_cache[io_type]; + } + const char* type_path = get_type_path(io_type); + const ZipEntry* entry = mzFindZipEntry(archive, type_path); + should_inject_cache[type_path] = entry != nullptr; + free((void*)type_path); + return entry != NULL; +} + +bool should_hit_cache() { + return should_fault_inject(OTAIO_CACHE); +} + +std::string fault_fname(const char* io_type) { + const char* type_path = get_type_path(io_type); + char* fname = (char*) calloc(OTAIO_MAX_FNAME_SIZE, sizeof(char)); + const ZipEntry* entry = mzFindZipEntry(archive, type_path); + mzReadZipEntry(archive, entry, fname, OTAIO_MAX_FNAME_SIZE); + free((void*)type_path); + return std::string(fname); +} diff --git a/otafault/config.h b/otafault/config.h new file mode 100644 index 000000000..4430be3fb --- /dev/null +++ b/otafault/config.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * Read configuration files in the OTA package to determine which files, if any, will trigger errors. + * + * OTA packages can be modified to trigger errors by adding a top-level + * directory called .libotafault, which may optionally contain up to three + * files called READ, WRITE, and FSYNC. Each one of these optional files + * contains the name of a single file on the device disk which will cause + * an IO error on the first call of the appropriate I/O action to that file. + * + * Example: + * ota.zip + * + * .libotafault + * WRITE + * + * If the contents of the file WRITE were /system/build.prop, the first write + * action to /system/build.prop would fail with EIO. Note that READ and + * FSYNC files are absent, so these actions will not cause an error. + */ + +#ifndef _UPDATER_OTA_IO_CFG_H_ +#define _UPDATER_OTA_IO_CFG_H_ + +#include + +#include + +#include "minzip/Zip.h" + +#define OTAIO_BASE_DIR ".libotafault" +#define OTAIO_READ "READ" +#define OTAIO_WRITE "WRITE" +#define OTAIO_FSYNC "FSYNC" +#define OTAIO_CACHE "CACHE" + +/* + * Initialize libotafault by providing a reference to the OTA package. + */ +void ota_io_init(ZipArchive* za); + +/* + * Return true if a config file is present for the given IO type. + */ +bool should_fault_inject(const char* io_type); + +/* + * Return true if an EIO should occur on the next hit to /cache/saved.file + * instead of the next hit to the specified file. + */ +bool should_hit_cache(); + +/* + * Return the name of the file that should cause an error for the + * given IO type. + */ +std::string fault_fname(const char* io_type); + +#endif diff --git a/otafault/ota_io.cpp b/otafault/ota_io.cpp index 9434ebea3..04458537b 100644 --- a/otafault/ota_io.cpp +++ b/otafault/ota_io.cpp @@ -14,9 +14,7 @@ * limitations under the License. */ -#if defined (TARGET_INJECT_FAULTS) #include -#endif #include #include @@ -24,185 +22,155 @@ #include #include +#include "config.h" #include "ota_io.h" -#if defined (TARGET_INJECT_FAULTS) -static std::map FilenameCache; -static std::string FaultFileName = -#if defined (TARGET_READ_FAULT) - TARGET_READ_FAULT; -#elif defined (TARGET_WRITE_FAULT) - TARGET_WRITE_FAULT; -#elif defined (TARGET_FSYNC_FAULT) - TARGET_FSYNC_FAULT; -#endif // defined (TARGET_READ_FAULT) -#endif // defined (TARGET_INJECT_FAULTS) +static std::map filename_cache; +static std::string read_fault_file_name = ""; +static std::string write_fault_file_name = ""; +static std::string fsync_fault_file_name = ""; + +static bool get_hit_file(const char* cached_path, std::string ffn) { + return should_hit_cache() + ? !strncmp(cached_path, OTAIO_CACHE_FNAME, strlen(cached_path)) + : !strncmp(cached_path, ffn.c_str(), strlen(cached_path)); +} + +void ota_set_fault_files() { + if (should_fault_inject(OTAIO_READ)) { + read_fault_file_name = fault_fname(OTAIO_READ); + } + if (should_fault_inject(OTAIO_WRITE)) { + write_fault_file_name = fault_fname(OTAIO_WRITE); + } + if (should_fault_inject(OTAIO_FSYNC)) { + fsync_fault_file_name = fault_fname(OTAIO_FSYNC); + } +} bool have_eio_error = false; int ota_open(const char* path, int oflags) { -#if defined (TARGET_INJECT_FAULTS) // Let the caller handle errors; we do not care if open succeeds or fails int fd = open(path, oflags); - FilenameCache[fd] = path; + filename_cache[fd] = path; return fd; -#else - return open(path, oflags); -#endif } int ota_open(const char* path, int oflags, mode_t mode) { -#if defined (TARGET_INJECT_FAULTS) int fd = open(path, oflags, mode); - FilenameCache[fd] = path; - return fd; -#else - return open(path, oflags, mode); -#endif -} + filename_cache[fd] = path; + return fd; } FILE* ota_fopen(const char* path, const char* mode) { -#if defined (TARGET_INJECT_FAULTS) FILE* fh = fopen(path, mode); - FilenameCache[(intptr_t)fh] = path; + filename_cache[(intptr_t)fh] = path; return fh; -#else - return fopen(path, mode); -#endif } int ota_close(int fd) { -#if defined (TARGET_INJECT_FAULTS) - // descriptors can be reused, so make sure not to leave them in the cahce - FilenameCache.erase(fd); -#endif + // descriptors can be reused, so make sure not to leave them in the cache + filename_cache.erase(fd); return close(fd); } int ota_fclose(FILE* fh) { -#if defined (TARGET_INJECT_FAULTS) - FilenameCache.erase((intptr_t)fh); -#endif + filename_cache.erase((intptr_t)fh); return fclose(fh); } size_t ota_fread(void* ptr, size_t size, size_t nitems, FILE* stream) { -#if defined (TARGET_READ_FAULT) - if (FilenameCache.find((intptr_t)stream) != FilenameCache.end() - && FilenameCache[(intptr_t)stream] == FaultFileName) { - FaultFileName = ""; - errno = EIO; - have_eio_error = true; - return 0; - } else { - size_t status = fread(ptr, size, nitems, stream); - // If I/O error occurs, set the retry-update flag. - if (status != nitems && errno == EIO) { + if (should_fault_inject(OTAIO_READ)) { + auto cached = filename_cache.find((intptr_t)stream); + const char* cached_path = cached->second; + if (cached != filename_cache.end() && + get_hit_file(cached_path, read_fault_file_name)) { + read_fault_file_name = ""; + errno = EIO; have_eio_error = true; + return 0; } - return status; } -#else size_t status = fread(ptr, size, nitems, stream); if (status != nitems && errno == EIO) { have_eio_error = true; } return status; -#endif } ssize_t ota_read(int fd, void* buf, size_t nbyte) { -#if defined (TARGET_READ_FAULT) - if (FilenameCache.find(fd) != FilenameCache.end() - && FilenameCache[fd] == FaultFileName) { - FaultFileName = ""; - errno = EIO; - have_eio_error = true; - return -1; - } else { - ssize_t status = read(fd, buf, nbyte); - if (status == -1 && errno == EIO) { + if (should_fault_inject(OTAIO_READ)) { + auto cached = filename_cache.find(fd); + const char* cached_path = cached->second; + if (cached != filename_cache.end() + && get_hit_file(cached_path, read_fault_file_name)) { + read_fault_file_name = ""; + errno = EIO; have_eio_error = true; + return -1; } - return status; } -#else ssize_t status = read(fd, buf, nbyte); if (status == -1 && errno == EIO) { have_eio_error = true; } return status; -#endif } size_t ota_fwrite(const void* ptr, size_t size, size_t count, FILE* stream) { -#if defined (TARGET_WRITE_FAULT) - if (FilenameCache.find((intptr_t)stream) != FilenameCache.end() - && FilenameCache[(intptr_t)stream] == FaultFileName) { - FaultFileName = ""; - errno = EIO; - have_eio_error = true; - return 0; - } else { - size_t status = fwrite(ptr, size, count, stream); - if (status != count && errno == EIO) { + if (should_fault_inject(OTAIO_WRITE)) { + auto cached = filename_cache.find((intptr_t)stream); + const char* cached_path = cached->second; + if (cached != filename_cache.end() && + get_hit_file(cached_path, write_fault_file_name)) { + write_fault_file_name = ""; + errno = EIO; have_eio_error = true; + return 0; } - return status; } -#else size_t status = fwrite(ptr, size, count, stream); if (status != count && errno == EIO) { have_eio_error = true; } return status; -#endif } ssize_t ota_write(int fd, const void* buf, size_t nbyte) { -#if defined (TARGET_WRITE_FAULT) - if (FilenameCache.find(fd) != FilenameCache.end() - && FilenameCache[fd] == FaultFileName) { - FaultFileName = ""; - errno = EIO; - have_eio_error = true; - return -1; - } else { - ssize_t status = write(fd, buf, nbyte); - if (status == -1 && errno == EIO) { + if (should_fault_inject(OTAIO_WRITE)) { + auto cached = filename_cache.find(fd); + const char* cached_path = cached->second; + if (cached != filename_cache.end() && + get_hit_file(cached_path, write_fault_file_name)) { + write_fault_file_name = ""; + errno = EIO; have_eio_error = true; + return -1; } - return status; } -#else ssize_t status = write(fd, buf, nbyte); if (status == -1 && errno == EIO) { have_eio_error = true; } return status; -#endif } int ota_fsync(int fd) { -#if defined (TARGET_FSYNC_FAULT) - if (FilenameCache.find(fd) != FilenameCache.end() - && FilenameCache[fd] == FaultFileName) { - FaultFileName = ""; - errno = EIO; - have_eio_error = true; - return -1; - } else { - int status = fsync(fd); - if (status == -1 && errno == EIO) { + if (should_fault_inject(OTAIO_FSYNC)) { + auto cached = filename_cache.find(fd); + const char* cached_path = cached->second; + if (cached != filename_cache.end() && + get_hit_file(cached_path, fsync_fault_file_name)) { + fsync_fault_file_name = ""; + errno = EIO; have_eio_error = true; + return -1; } - return status; } -#else int status = fsync(fd); if (status == -1 && errno == EIO) { have_eio_error = true; } return status; -#endif } + diff --git a/otafault/ota_io.h b/otafault/ota_io.h index 641a5ae0a..84187a76e 100644 --- a/otafault/ota_io.h +++ b/otafault/ota_io.h @@ -26,6 +26,10 @@ #include #include +#define OTAIO_CACHE_FNAME "/cache/saved.file" + +void ota_set_fault_files(); + int ota_open(const char* path, int oflags); int ota_open(const char* path, int oflags, mode_t mode); diff --git a/otafault/test.cpp b/otafault/test.cpp index a0f731517..6514782bf 100644 --- a/otafault/test.cpp +++ b/otafault/test.cpp @@ -17,16 +17,18 @@ #include #include #include +#include #include "ota_io.h" -int main(int argc, char **argv) { +int main(int /* argc */, char** /* argv */) { int fd = open("testdata/test.file", O_RDWR); char buf[8]; - char *out = "321"; + const char* out = "321"; int readv = ota_read(fd, buf, 4); printf("Read returned %d\n", readv); int writev = ota_write(fd, out, 4); printf("Write returned %d\n", writev); + close(fd); return 0; } diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index e9c8ddbc0..faa7008c5 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -45,7 +45,7 @@ #include "install.h" #include "openssl/sha.h" #include "minzip/Hash.h" -#include "otafault/ota_io.h" +#include "ota_io.h" #include "print_sha1.h" #include "unique_fd.h" #include "updater.h" diff --git a/updater/install.cpp b/updater/install.cpp index b7d9e85a2..6ae1e5fbf 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -51,7 +51,7 @@ #include "minzip/DirUtil.h" #include "mtdutils/mounts.h" #include "mtdutils/mtdutils.h" -#include "otafault/ota_io.h" +#include "ota_io.h" #include "updater.h" #include "install.h" #include "tune2fs.h" diff --git a/updater/updater.cpp b/updater/updater.cpp index ddc01e125..1693fa1db 100644 --- a/updater/updater.cpp +++ b/updater/updater.cpp @@ -25,6 +25,7 @@ #include "blockimg.h" #include "minzip/Zip.h" #include "minzip/SysUtil.h" +#include "config.h" // Generated by the makefile, this function defines the // RegisterDeviceExtensions() function, which calls all the @@ -84,6 +85,7 @@ int main(int argc, char** argv) { argv[3], strerror(err)); return 3; } + ota_io_init(&za); const ZipEntry* script_entry = mzFindZipEntry(&za, SCRIPT_NAME); if (script_entry == NULL) { -- cgit v1.2.3 From ce5868862a04a348967fb5bdad291b2b27b6e506 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 17 Mar 2016 22:29:23 +0000 Subject: Revert "DO NOT MERGE Control fault injection with config files instead of build flags" This reverts commit f73abf36bcfd433a3fdd1664a77e8e531346c1b1. Bug: 27724259 Change-Id: I1301fdad15650837d0b1febd0c3239134e2b94fb --- applypatch/applypatch.cpp | 2 +- otafault/Android.mk | 43 ++++++++---- otafault/config.cpp | 65 ----------------- otafault/config.h | 74 -------------------- otafault/ota_io.cpp | 174 +++++++++++++++++++++++++++------------------- otafault/ota_io.h | 4 -- otafault/test.cpp | 6 +- updater/blockimg.cpp | 2 +- updater/install.cpp | 2 +- updater/updater.cpp | 2 - 10 files changed, 137 insertions(+), 237 deletions(-) delete mode 100644 otafault/config.cpp delete mode 100644 otafault/config.h diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 7985fc0c6..9d8a21797 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -34,8 +34,8 @@ #include "applypatch.h" #include "mtdutils/mtdutils.h" #include "edify/expr.h" -#include "ota_io.h" #include "print_sha1.h" +#include "otafault/ota_io.h" static int LoadPartitionContents(const char* filename, FileContents* file); static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token); diff --git a/otafault/Android.mk b/otafault/Android.mk index 7468de6c4..75617a146 100644 --- a/otafault/Android.mk +++ b/otafault/Android.mk @@ -1,10 +1,10 @@ -# Copyright 2015 The Android Open Source Project +# Copyright 2015 The ANdroid Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -14,30 +14,45 @@ LOCAL_PATH := $(call my-dir) -include $(CLEAR_VARS) +empty := +space := $(empty) $(empty) +comma := , + +ifneq ($(TARGET_INJECT_FAULTS),) +TARGET_INJECT_FAULTS := $(subst $(comma),$(space),$(strip $(TARGET_INJECT_FAULTS))) +endif -otafault_static_libs := \ - libminzip \ - libz \ - libselinux \ +include $(CLEAR_VARS) -LOCAL_SRC_FILES := config.cpp ota_io.cpp +LOCAL_SRC_FILES := ota_io.cpp LOCAL_MODULE_TAGS := eng LOCAL_MODULE := libotafault LOCAL_CLANG := true -LOCAL_C_INCLUDES := bootable/recovery -LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) -LOCAL_WHOLE_STATIC_LIBRARIES := $(otafault_static_libs) + +ifneq ($(TARGET_INJECT_FAULTS),) +$(foreach ft,$(TARGET_INJECT_FAULTS),\ + $(eval LOCAL_CFLAGS += -DTARGET_$(ft)_FAULT=$(TARGET_$(ft)_FAULT_FILE))) +LOCAL_CFLAGS += -Wno-unused-parameter +LOCAL_CFLAGS += -DTARGET_INJECT_FAULTS +endif + +LOCAL_STATIC_LIBRARIES := libc include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) -LOCAL_SRC_FILES := config.cpp ota_io.cpp test.cpp +LOCAL_SRC_FILES := ota_io.cpp test.cpp LOCAL_MODULE_TAGS := tests LOCAL_MODULE := otafault_test -LOCAL_STATIC_LIBRARIES := $(otafault_static_libs) -LOCAL_C_INCLUDES := bootable/recovery +LOCAL_STATIC_LIBRARIES := libc LOCAL_FORCE_STATIC_EXECUTABLE := true +LOCAL_CFLAGS += -Wno-unused-parameter -Wno-writable-strings + +ifneq ($(TARGET_INJECT_FAULTS),) +$(foreach ft,$(TARGET_INJECT_FAULTS),\ + $(eval LOCAL_CFLAGS += -DTARGET_$(ft)_FAULT=$(TARGET_$(ft)_FAULT_FILE))) +LOCAL_CFLAGS += -DTARGET_INJECT_FAULTS +endif include $(BUILD_EXECUTABLE) diff --git a/otafault/config.cpp b/otafault/config.cpp deleted file mode 100644 index c87f9a631..000000000 --- a/otafault/config.cpp +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (C) 2015 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include - -#include -#include - -#include "minzip/Zip.h" -#include "config.h" -#include "ota_io.h" - -#define OTAIO_MAX_FNAME_SIZE 128 - -static ZipArchive* archive; -static std::map should_inject_cache; - -static const char* get_type_path(const char* io_type) { - char* path = (char*)calloc(strlen(io_type) + strlen(OTAIO_BASE_DIR) + 2, sizeof(char)); - sprintf(path, "%s/%s", OTAIO_BASE_DIR, io_type); - return path; -} - -void ota_io_init(ZipArchive* za) { - archive = za; - ota_set_fault_files(); -} - -bool should_fault_inject(const char* io_type) { - if (should_inject_cache.find(io_type) != should_inject_cache.end()) { - return should_inject_cache[io_type]; - } - const char* type_path = get_type_path(io_type); - const ZipEntry* entry = mzFindZipEntry(archive, type_path); - should_inject_cache[type_path] = entry != nullptr; - free((void*)type_path); - return entry != NULL; -} - -bool should_hit_cache() { - return should_fault_inject(OTAIO_CACHE); -} - -std::string fault_fname(const char* io_type) { - const char* type_path = get_type_path(io_type); - char* fname = (char*) calloc(OTAIO_MAX_FNAME_SIZE, sizeof(char)); - const ZipEntry* entry = mzFindZipEntry(archive, type_path); - mzReadZipEntry(archive, entry, fname, OTAIO_MAX_FNAME_SIZE); - free((void*)type_path); - return std::string(fname); -} diff --git a/otafault/config.h b/otafault/config.h deleted file mode 100644 index 4430be3fb..000000000 --- a/otafault/config.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (C) 2015 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * Read configuration files in the OTA package to determine which files, if any, will trigger errors. - * - * OTA packages can be modified to trigger errors by adding a top-level - * directory called .libotafault, which may optionally contain up to three - * files called READ, WRITE, and FSYNC. Each one of these optional files - * contains the name of a single file on the device disk which will cause - * an IO error on the first call of the appropriate I/O action to that file. - * - * Example: - * ota.zip - * - * .libotafault - * WRITE - * - * If the contents of the file WRITE were /system/build.prop, the first write - * action to /system/build.prop would fail with EIO. Note that READ and - * FSYNC files are absent, so these actions will not cause an error. - */ - -#ifndef _UPDATER_OTA_IO_CFG_H_ -#define _UPDATER_OTA_IO_CFG_H_ - -#include - -#include - -#include "minzip/Zip.h" - -#define OTAIO_BASE_DIR ".libotafault" -#define OTAIO_READ "READ" -#define OTAIO_WRITE "WRITE" -#define OTAIO_FSYNC "FSYNC" -#define OTAIO_CACHE "CACHE" - -/* - * Initialize libotafault by providing a reference to the OTA package. - */ -void ota_io_init(ZipArchive* za); - -/* - * Return true if a config file is present for the given IO type. - */ -bool should_fault_inject(const char* io_type); - -/* - * Return true if an EIO should occur on the next hit to /cache/saved.file - * instead of the next hit to the specified file. - */ -bool should_hit_cache(); - -/* - * Return the name of the file that should cause an error for the - * given IO type. - */ -std::string fault_fname(const char* io_type); - -#endif diff --git a/otafault/ota_io.cpp b/otafault/ota_io.cpp index 04458537b..9434ebea3 100644 --- a/otafault/ota_io.cpp +++ b/otafault/ota_io.cpp @@ -14,7 +14,9 @@ * limitations under the License. */ +#if defined (TARGET_INJECT_FAULTS) #include +#endif #include #include @@ -22,155 +24,185 @@ #include #include -#include "config.h" #include "ota_io.h" -static std::map filename_cache; -static std::string read_fault_file_name = ""; -static std::string write_fault_file_name = ""; -static std::string fsync_fault_file_name = ""; - -static bool get_hit_file(const char* cached_path, std::string ffn) { - return should_hit_cache() - ? !strncmp(cached_path, OTAIO_CACHE_FNAME, strlen(cached_path)) - : !strncmp(cached_path, ffn.c_str(), strlen(cached_path)); -} - -void ota_set_fault_files() { - if (should_fault_inject(OTAIO_READ)) { - read_fault_file_name = fault_fname(OTAIO_READ); - } - if (should_fault_inject(OTAIO_WRITE)) { - write_fault_file_name = fault_fname(OTAIO_WRITE); - } - if (should_fault_inject(OTAIO_FSYNC)) { - fsync_fault_file_name = fault_fname(OTAIO_FSYNC); - } -} +#if defined (TARGET_INJECT_FAULTS) +static std::map FilenameCache; +static std::string FaultFileName = +#if defined (TARGET_READ_FAULT) + TARGET_READ_FAULT; +#elif defined (TARGET_WRITE_FAULT) + TARGET_WRITE_FAULT; +#elif defined (TARGET_FSYNC_FAULT) + TARGET_FSYNC_FAULT; +#endif // defined (TARGET_READ_FAULT) +#endif // defined (TARGET_INJECT_FAULTS) bool have_eio_error = false; int ota_open(const char* path, int oflags) { +#if defined (TARGET_INJECT_FAULTS) // Let the caller handle errors; we do not care if open succeeds or fails int fd = open(path, oflags); - filename_cache[fd] = path; + FilenameCache[fd] = path; return fd; +#else + return open(path, oflags); +#endif } int ota_open(const char* path, int oflags, mode_t mode) { +#if defined (TARGET_INJECT_FAULTS) int fd = open(path, oflags, mode); - filename_cache[fd] = path; - return fd; } + FilenameCache[fd] = path; + return fd; +#else + return open(path, oflags, mode); +#endif +} FILE* ota_fopen(const char* path, const char* mode) { +#if defined (TARGET_INJECT_FAULTS) FILE* fh = fopen(path, mode); - filename_cache[(intptr_t)fh] = path; + FilenameCache[(intptr_t)fh] = path; return fh; +#else + return fopen(path, mode); +#endif } int ota_close(int fd) { - // descriptors can be reused, so make sure not to leave them in the cache - filename_cache.erase(fd); +#if defined (TARGET_INJECT_FAULTS) + // descriptors can be reused, so make sure not to leave them in the cahce + FilenameCache.erase(fd); +#endif return close(fd); } int ota_fclose(FILE* fh) { - filename_cache.erase((intptr_t)fh); +#if defined (TARGET_INJECT_FAULTS) + FilenameCache.erase((intptr_t)fh); +#endif return fclose(fh); } size_t ota_fread(void* ptr, size_t size, size_t nitems, FILE* stream) { - if (should_fault_inject(OTAIO_READ)) { - auto cached = filename_cache.find((intptr_t)stream); - const char* cached_path = cached->second; - if (cached != filename_cache.end() && - get_hit_file(cached_path, read_fault_file_name)) { - read_fault_file_name = ""; - errno = EIO; +#if defined (TARGET_READ_FAULT) + if (FilenameCache.find((intptr_t)stream) != FilenameCache.end() + && FilenameCache[(intptr_t)stream] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + have_eio_error = true; + return 0; + } else { + size_t status = fread(ptr, size, nitems, stream); + // If I/O error occurs, set the retry-update flag. + if (status != nitems && errno == EIO) { have_eio_error = true; - return 0; } + return status; } +#else size_t status = fread(ptr, size, nitems, stream); if (status != nitems && errno == EIO) { have_eio_error = true; } return status; +#endif } ssize_t ota_read(int fd, void* buf, size_t nbyte) { - if (should_fault_inject(OTAIO_READ)) { - auto cached = filename_cache.find(fd); - const char* cached_path = cached->second; - if (cached != filename_cache.end() - && get_hit_file(cached_path, read_fault_file_name)) { - read_fault_file_name = ""; - errno = EIO; +#if defined (TARGET_READ_FAULT) + if (FilenameCache.find(fd) != FilenameCache.end() + && FilenameCache[fd] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + have_eio_error = true; + return -1; + } else { + ssize_t status = read(fd, buf, nbyte); + if (status == -1 && errno == EIO) { have_eio_error = true; - return -1; } + return status; } +#else ssize_t status = read(fd, buf, nbyte); if (status == -1 && errno == EIO) { have_eio_error = true; } return status; +#endif } size_t ota_fwrite(const void* ptr, size_t size, size_t count, FILE* stream) { - if (should_fault_inject(OTAIO_WRITE)) { - auto cached = filename_cache.find((intptr_t)stream); - const char* cached_path = cached->second; - if (cached != filename_cache.end() && - get_hit_file(cached_path, write_fault_file_name)) { - write_fault_file_name = ""; - errno = EIO; +#if defined (TARGET_WRITE_FAULT) + if (FilenameCache.find((intptr_t)stream) != FilenameCache.end() + && FilenameCache[(intptr_t)stream] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + have_eio_error = true; + return 0; + } else { + size_t status = fwrite(ptr, size, count, stream); + if (status != count && errno == EIO) { have_eio_error = true; - return 0; } + return status; } +#else size_t status = fwrite(ptr, size, count, stream); if (status != count && errno == EIO) { have_eio_error = true; } return status; +#endif } ssize_t ota_write(int fd, const void* buf, size_t nbyte) { - if (should_fault_inject(OTAIO_WRITE)) { - auto cached = filename_cache.find(fd); - const char* cached_path = cached->second; - if (cached != filename_cache.end() && - get_hit_file(cached_path, write_fault_file_name)) { - write_fault_file_name = ""; - errno = EIO; +#if defined (TARGET_WRITE_FAULT) + if (FilenameCache.find(fd) != FilenameCache.end() + && FilenameCache[fd] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + have_eio_error = true; + return -1; + } else { + ssize_t status = write(fd, buf, nbyte); + if (status == -1 && errno == EIO) { have_eio_error = true; - return -1; } + return status; } +#else ssize_t status = write(fd, buf, nbyte); if (status == -1 && errno == EIO) { have_eio_error = true; } return status; +#endif } int ota_fsync(int fd) { - if (should_fault_inject(OTAIO_FSYNC)) { - auto cached = filename_cache.find(fd); - const char* cached_path = cached->second; - if (cached != filename_cache.end() && - get_hit_file(cached_path, fsync_fault_file_name)) { - fsync_fault_file_name = ""; - errno = EIO; +#if defined (TARGET_FSYNC_FAULT) + if (FilenameCache.find(fd) != FilenameCache.end() + && FilenameCache[fd] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + have_eio_error = true; + return -1; + } else { + int status = fsync(fd); + if (status == -1 && errno == EIO) { have_eio_error = true; - return -1; } + return status; } +#else int status = fsync(fd); if (status == -1 && errno == EIO) { have_eio_error = true; } return status; +#endif } - diff --git a/otafault/ota_io.h b/otafault/ota_io.h index 84187a76e..641a5ae0a 100644 --- a/otafault/ota_io.h +++ b/otafault/ota_io.h @@ -26,10 +26,6 @@ #include #include -#define OTAIO_CACHE_FNAME "/cache/saved.file" - -void ota_set_fault_files(); - int ota_open(const char* path, int oflags); int ota_open(const char* path, int oflags, mode_t mode); diff --git a/otafault/test.cpp b/otafault/test.cpp index 6514782bf..a0f731517 100644 --- a/otafault/test.cpp +++ b/otafault/test.cpp @@ -17,18 +17,16 @@ #include #include #include -#include #include "ota_io.h" -int main(int /* argc */, char** /* argv */) { +int main(int argc, char **argv) { int fd = open("testdata/test.file", O_RDWR); char buf[8]; - const char* out = "321"; + char *out = "321"; int readv = ota_read(fd, buf, 4); printf("Read returned %d\n", readv); int writev = ota_write(fd, out, 4); printf("Write returned %d\n", writev); - close(fd); return 0; } diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index faa7008c5..e9c8ddbc0 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -45,7 +45,7 @@ #include "install.h" #include "openssl/sha.h" #include "minzip/Hash.h" -#include "ota_io.h" +#include "otafault/ota_io.h" #include "print_sha1.h" #include "unique_fd.h" #include "updater.h" diff --git a/updater/install.cpp b/updater/install.cpp index 6ae1e5fbf..b7d9e85a2 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -51,7 +51,7 @@ #include "minzip/DirUtil.h" #include "mtdutils/mounts.h" #include "mtdutils/mtdutils.h" -#include "ota_io.h" +#include "otafault/ota_io.h" #include "updater.h" #include "install.h" #include "tune2fs.h" diff --git a/updater/updater.cpp b/updater/updater.cpp index 1693fa1db..ddc01e125 100644 --- a/updater/updater.cpp +++ b/updater/updater.cpp @@ -25,7 +25,6 @@ #include "blockimg.h" #include "minzip/Zip.h" #include "minzip/SysUtil.h" -#include "config.h" // Generated by the makefile, this function defines the // RegisterDeviceExtensions() function, which calls all the @@ -85,7 +84,6 @@ int main(int argc, char** argv) { argv[3], strerror(err)); return 3; } - ota_io_init(&za); const ZipEntry* script_entry = mzFindZipEntry(&za, SCRIPT_NAME); if (script_entry == NULL) { -- cgit v1.2.3 From b1e4100011d2d81eb1da97a50d99d8b261d61c0c Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Thu, 17 Mar 2016 22:29:23 +0000 Subject: Revert "DO NOT MERGE Control fault injection with config files instead of build flags" This reverts commit f73abf36bcfd433a3fdd1664a77e8e531346c1b1. Bug: 27724259 Change-Id: I1301fdad15650837d0b1febd0c3239134e2b94fb --- applypatch/applypatch.cpp | 2 +- otafault/Android.mk | 43 ++++++++---- otafault/config.cpp | 65 ----------------- otafault/config.h | 74 -------------------- otafault/ota_io.cpp | 174 +++++++++++++++++++++++++++------------------- otafault/ota_io.h | 4 -- otafault/test.cpp | 6 +- updater/blockimg.cpp | 2 +- updater/install.cpp | 2 +- updater/updater.cpp | 2 - 10 files changed, 137 insertions(+), 237 deletions(-) delete mode 100644 otafault/config.cpp delete mode 100644 otafault/config.h diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 7985fc0c6..9d8a21797 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -34,8 +34,8 @@ #include "applypatch.h" #include "mtdutils/mtdutils.h" #include "edify/expr.h" -#include "ota_io.h" #include "print_sha1.h" +#include "otafault/ota_io.h" static int LoadPartitionContents(const char* filename, FileContents* file); static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token); diff --git a/otafault/Android.mk b/otafault/Android.mk index 7468de6c4..75617a146 100644 --- a/otafault/Android.mk +++ b/otafault/Android.mk @@ -1,10 +1,10 @@ -# Copyright 2015 The Android Open Source Project +# Copyright 2015 The ANdroid Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -14,30 +14,45 @@ LOCAL_PATH := $(call my-dir) -include $(CLEAR_VARS) +empty := +space := $(empty) $(empty) +comma := , + +ifneq ($(TARGET_INJECT_FAULTS),) +TARGET_INJECT_FAULTS := $(subst $(comma),$(space),$(strip $(TARGET_INJECT_FAULTS))) +endif -otafault_static_libs := \ - libminzip \ - libz \ - libselinux \ +include $(CLEAR_VARS) -LOCAL_SRC_FILES := config.cpp ota_io.cpp +LOCAL_SRC_FILES := ota_io.cpp LOCAL_MODULE_TAGS := eng LOCAL_MODULE := libotafault LOCAL_CLANG := true -LOCAL_C_INCLUDES := bootable/recovery -LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) -LOCAL_WHOLE_STATIC_LIBRARIES := $(otafault_static_libs) + +ifneq ($(TARGET_INJECT_FAULTS),) +$(foreach ft,$(TARGET_INJECT_FAULTS),\ + $(eval LOCAL_CFLAGS += -DTARGET_$(ft)_FAULT=$(TARGET_$(ft)_FAULT_FILE))) +LOCAL_CFLAGS += -Wno-unused-parameter +LOCAL_CFLAGS += -DTARGET_INJECT_FAULTS +endif + +LOCAL_STATIC_LIBRARIES := libc include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) -LOCAL_SRC_FILES := config.cpp ota_io.cpp test.cpp +LOCAL_SRC_FILES := ota_io.cpp test.cpp LOCAL_MODULE_TAGS := tests LOCAL_MODULE := otafault_test -LOCAL_STATIC_LIBRARIES := $(otafault_static_libs) -LOCAL_C_INCLUDES := bootable/recovery +LOCAL_STATIC_LIBRARIES := libc LOCAL_FORCE_STATIC_EXECUTABLE := true +LOCAL_CFLAGS += -Wno-unused-parameter -Wno-writable-strings + +ifneq ($(TARGET_INJECT_FAULTS),) +$(foreach ft,$(TARGET_INJECT_FAULTS),\ + $(eval LOCAL_CFLAGS += -DTARGET_$(ft)_FAULT=$(TARGET_$(ft)_FAULT_FILE))) +LOCAL_CFLAGS += -DTARGET_INJECT_FAULTS +endif include $(BUILD_EXECUTABLE) diff --git a/otafault/config.cpp b/otafault/config.cpp deleted file mode 100644 index c87f9a631..000000000 --- a/otafault/config.cpp +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (C) 2015 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include - -#include -#include - -#include "minzip/Zip.h" -#include "config.h" -#include "ota_io.h" - -#define OTAIO_MAX_FNAME_SIZE 128 - -static ZipArchive* archive; -static std::map should_inject_cache; - -static const char* get_type_path(const char* io_type) { - char* path = (char*)calloc(strlen(io_type) + strlen(OTAIO_BASE_DIR) + 2, sizeof(char)); - sprintf(path, "%s/%s", OTAIO_BASE_DIR, io_type); - return path; -} - -void ota_io_init(ZipArchive* za) { - archive = za; - ota_set_fault_files(); -} - -bool should_fault_inject(const char* io_type) { - if (should_inject_cache.find(io_type) != should_inject_cache.end()) { - return should_inject_cache[io_type]; - } - const char* type_path = get_type_path(io_type); - const ZipEntry* entry = mzFindZipEntry(archive, type_path); - should_inject_cache[type_path] = entry != nullptr; - free((void*)type_path); - return entry != NULL; -} - -bool should_hit_cache() { - return should_fault_inject(OTAIO_CACHE); -} - -std::string fault_fname(const char* io_type) { - const char* type_path = get_type_path(io_type); - char* fname = (char*) calloc(OTAIO_MAX_FNAME_SIZE, sizeof(char)); - const ZipEntry* entry = mzFindZipEntry(archive, type_path); - mzReadZipEntry(archive, entry, fname, OTAIO_MAX_FNAME_SIZE); - free((void*)type_path); - return std::string(fname); -} diff --git a/otafault/config.h b/otafault/config.h deleted file mode 100644 index 4430be3fb..000000000 --- a/otafault/config.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (C) 2015 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * Read configuration files in the OTA package to determine which files, if any, will trigger errors. - * - * OTA packages can be modified to trigger errors by adding a top-level - * directory called .libotafault, which may optionally contain up to three - * files called READ, WRITE, and FSYNC. Each one of these optional files - * contains the name of a single file on the device disk which will cause - * an IO error on the first call of the appropriate I/O action to that file. - * - * Example: - * ota.zip - * - * .libotafault - * WRITE - * - * If the contents of the file WRITE were /system/build.prop, the first write - * action to /system/build.prop would fail with EIO. Note that READ and - * FSYNC files are absent, so these actions will not cause an error. - */ - -#ifndef _UPDATER_OTA_IO_CFG_H_ -#define _UPDATER_OTA_IO_CFG_H_ - -#include - -#include - -#include "minzip/Zip.h" - -#define OTAIO_BASE_DIR ".libotafault" -#define OTAIO_READ "READ" -#define OTAIO_WRITE "WRITE" -#define OTAIO_FSYNC "FSYNC" -#define OTAIO_CACHE "CACHE" - -/* - * Initialize libotafault by providing a reference to the OTA package. - */ -void ota_io_init(ZipArchive* za); - -/* - * Return true if a config file is present for the given IO type. - */ -bool should_fault_inject(const char* io_type); - -/* - * Return true if an EIO should occur on the next hit to /cache/saved.file - * instead of the next hit to the specified file. - */ -bool should_hit_cache(); - -/* - * Return the name of the file that should cause an error for the - * given IO type. - */ -std::string fault_fname(const char* io_type); - -#endif diff --git a/otafault/ota_io.cpp b/otafault/ota_io.cpp index 04458537b..9434ebea3 100644 --- a/otafault/ota_io.cpp +++ b/otafault/ota_io.cpp @@ -14,7 +14,9 @@ * limitations under the License. */ +#if defined (TARGET_INJECT_FAULTS) #include +#endif #include #include @@ -22,155 +24,185 @@ #include #include -#include "config.h" #include "ota_io.h" -static std::map filename_cache; -static std::string read_fault_file_name = ""; -static std::string write_fault_file_name = ""; -static std::string fsync_fault_file_name = ""; - -static bool get_hit_file(const char* cached_path, std::string ffn) { - return should_hit_cache() - ? !strncmp(cached_path, OTAIO_CACHE_FNAME, strlen(cached_path)) - : !strncmp(cached_path, ffn.c_str(), strlen(cached_path)); -} - -void ota_set_fault_files() { - if (should_fault_inject(OTAIO_READ)) { - read_fault_file_name = fault_fname(OTAIO_READ); - } - if (should_fault_inject(OTAIO_WRITE)) { - write_fault_file_name = fault_fname(OTAIO_WRITE); - } - if (should_fault_inject(OTAIO_FSYNC)) { - fsync_fault_file_name = fault_fname(OTAIO_FSYNC); - } -} +#if defined (TARGET_INJECT_FAULTS) +static std::map FilenameCache; +static std::string FaultFileName = +#if defined (TARGET_READ_FAULT) + TARGET_READ_FAULT; +#elif defined (TARGET_WRITE_FAULT) + TARGET_WRITE_FAULT; +#elif defined (TARGET_FSYNC_FAULT) + TARGET_FSYNC_FAULT; +#endif // defined (TARGET_READ_FAULT) +#endif // defined (TARGET_INJECT_FAULTS) bool have_eio_error = false; int ota_open(const char* path, int oflags) { +#if defined (TARGET_INJECT_FAULTS) // Let the caller handle errors; we do not care if open succeeds or fails int fd = open(path, oflags); - filename_cache[fd] = path; + FilenameCache[fd] = path; return fd; +#else + return open(path, oflags); +#endif } int ota_open(const char* path, int oflags, mode_t mode) { +#if defined (TARGET_INJECT_FAULTS) int fd = open(path, oflags, mode); - filename_cache[fd] = path; - return fd; } + FilenameCache[fd] = path; + return fd; +#else + return open(path, oflags, mode); +#endif +} FILE* ota_fopen(const char* path, const char* mode) { +#if defined (TARGET_INJECT_FAULTS) FILE* fh = fopen(path, mode); - filename_cache[(intptr_t)fh] = path; + FilenameCache[(intptr_t)fh] = path; return fh; +#else + return fopen(path, mode); +#endif } int ota_close(int fd) { - // descriptors can be reused, so make sure not to leave them in the cache - filename_cache.erase(fd); +#if defined (TARGET_INJECT_FAULTS) + // descriptors can be reused, so make sure not to leave them in the cahce + FilenameCache.erase(fd); +#endif return close(fd); } int ota_fclose(FILE* fh) { - filename_cache.erase((intptr_t)fh); +#if defined (TARGET_INJECT_FAULTS) + FilenameCache.erase((intptr_t)fh); +#endif return fclose(fh); } size_t ota_fread(void* ptr, size_t size, size_t nitems, FILE* stream) { - if (should_fault_inject(OTAIO_READ)) { - auto cached = filename_cache.find((intptr_t)stream); - const char* cached_path = cached->second; - if (cached != filename_cache.end() && - get_hit_file(cached_path, read_fault_file_name)) { - read_fault_file_name = ""; - errno = EIO; +#if defined (TARGET_READ_FAULT) + if (FilenameCache.find((intptr_t)stream) != FilenameCache.end() + && FilenameCache[(intptr_t)stream] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + have_eio_error = true; + return 0; + } else { + size_t status = fread(ptr, size, nitems, stream); + // If I/O error occurs, set the retry-update flag. + if (status != nitems && errno == EIO) { have_eio_error = true; - return 0; } + return status; } +#else size_t status = fread(ptr, size, nitems, stream); if (status != nitems && errno == EIO) { have_eio_error = true; } return status; +#endif } ssize_t ota_read(int fd, void* buf, size_t nbyte) { - if (should_fault_inject(OTAIO_READ)) { - auto cached = filename_cache.find(fd); - const char* cached_path = cached->second; - if (cached != filename_cache.end() - && get_hit_file(cached_path, read_fault_file_name)) { - read_fault_file_name = ""; - errno = EIO; +#if defined (TARGET_READ_FAULT) + if (FilenameCache.find(fd) != FilenameCache.end() + && FilenameCache[fd] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + have_eio_error = true; + return -1; + } else { + ssize_t status = read(fd, buf, nbyte); + if (status == -1 && errno == EIO) { have_eio_error = true; - return -1; } + return status; } +#else ssize_t status = read(fd, buf, nbyte); if (status == -1 && errno == EIO) { have_eio_error = true; } return status; +#endif } size_t ota_fwrite(const void* ptr, size_t size, size_t count, FILE* stream) { - if (should_fault_inject(OTAIO_WRITE)) { - auto cached = filename_cache.find((intptr_t)stream); - const char* cached_path = cached->second; - if (cached != filename_cache.end() && - get_hit_file(cached_path, write_fault_file_name)) { - write_fault_file_name = ""; - errno = EIO; +#if defined (TARGET_WRITE_FAULT) + if (FilenameCache.find((intptr_t)stream) != FilenameCache.end() + && FilenameCache[(intptr_t)stream] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + have_eio_error = true; + return 0; + } else { + size_t status = fwrite(ptr, size, count, stream); + if (status != count && errno == EIO) { have_eio_error = true; - return 0; } + return status; } +#else size_t status = fwrite(ptr, size, count, stream); if (status != count && errno == EIO) { have_eio_error = true; } return status; +#endif } ssize_t ota_write(int fd, const void* buf, size_t nbyte) { - if (should_fault_inject(OTAIO_WRITE)) { - auto cached = filename_cache.find(fd); - const char* cached_path = cached->second; - if (cached != filename_cache.end() && - get_hit_file(cached_path, write_fault_file_name)) { - write_fault_file_name = ""; - errno = EIO; +#if defined (TARGET_WRITE_FAULT) + if (FilenameCache.find(fd) != FilenameCache.end() + && FilenameCache[fd] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + have_eio_error = true; + return -1; + } else { + ssize_t status = write(fd, buf, nbyte); + if (status == -1 && errno == EIO) { have_eio_error = true; - return -1; } + return status; } +#else ssize_t status = write(fd, buf, nbyte); if (status == -1 && errno == EIO) { have_eio_error = true; } return status; +#endif } int ota_fsync(int fd) { - if (should_fault_inject(OTAIO_FSYNC)) { - auto cached = filename_cache.find(fd); - const char* cached_path = cached->second; - if (cached != filename_cache.end() && - get_hit_file(cached_path, fsync_fault_file_name)) { - fsync_fault_file_name = ""; - errno = EIO; +#if defined (TARGET_FSYNC_FAULT) + if (FilenameCache.find(fd) != FilenameCache.end() + && FilenameCache[fd] == FaultFileName) { + FaultFileName = ""; + errno = EIO; + have_eio_error = true; + return -1; + } else { + int status = fsync(fd); + if (status == -1 && errno == EIO) { have_eio_error = true; - return -1; } + return status; } +#else int status = fsync(fd); if (status == -1 && errno == EIO) { have_eio_error = true; } return status; +#endif } - diff --git a/otafault/ota_io.h b/otafault/ota_io.h index 84187a76e..641a5ae0a 100644 --- a/otafault/ota_io.h +++ b/otafault/ota_io.h @@ -26,10 +26,6 @@ #include #include -#define OTAIO_CACHE_FNAME "/cache/saved.file" - -void ota_set_fault_files(); - int ota_open(const char* path, int oflags); int ota_open(const char* path, int oflags, mode_t mode); diff --git a/otafault/test.cpp b/otafault/test.cpp index 6514782bf..a0f731517 100644 --- a/otafault/test.cpp +++ b/otafault/test.cpp @@ -17,18 +17,16 @@ #include #include #include -#include #include "ota_io.h" -int main(int /* argc */, char** /* argv */) { +int main(int argc, char **argv) { int fd = open("testdata/test.file", O_RDWR); char buf[8]; - const char* out = "321"; + char *out = "321"; int readv = ota_read(fd, buf, 4); printf("Read returned %d\n", readv); int writev = ota_write(fd, out, 4); printf("Write returned %d\n", writev); - close(fd); return 0; } diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index faa7008c5..e9c8ddbc0 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -45,7 +45,7 @@ #include "install.h" #include "openssl/sha.h" #include "minzip/Hash.h" -#include "ota_io.h" +#include "otafault/ota_io.h" #include "print_sha1.h" #include "unique_fd.h" #include "updater.h" diff --git a/updater/install.cpp b/updater/install.cpp index 6ae1e5fbf..b7d9e85a2 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -51,7 +51,7 @@ #include "minzip/DirUtil.h" #include "mtdutils/mounts.h" #include "mtdutils/mtdutils.h" -#include "ota_io.h" +#include "otafault/ota_io.h" #include "updater.h" #include "install.h" #include "tune2fs.h" diff --git a/updater/updater.cpp b/updater/updater.cpp index 1693fa1db..ddc01e125 100644 --- a/updater/updater.cpp +++ b/updater/updater.cpp @@ -25,7 +25,6 @@ #include "blockimg.h" #include "minzip/Zip.h" #include "minzip/SysUtil.h" -#include "config.h" // Generated by the makefile, this function defines the // RegisterDeviceExtensions() function, which calls all the @@ -85,7 +84,6 @@ int main(int argc, char** argv) { argv[3], strerror(err)); return 3; } - ota_io_init(&za); const ZipEntry* script_entry = mzFindZipEntry(&za, SCRIPT_NAME); if (script_entry == NULL) { -- cgit v1.2.3 From 9020e0f141d1c26dcf8b6fa4212ee94b7891d53f Mon Sep 17 00:00:00 2001 From: Prashant Malani Date: Fri, 11 Mar 2016 11:57:10 -0800 Subject: recovery: Move SwipeDetector into common location The SwipeDetector class is used almost unchanged in all locations. This patch moves it into the recovery module, from which devices can reference it if required. The class is now renamed to WearSwipeDetector. Bug: 27407422 Change-Id: Ifd3c7069a287548b89b14ab5d6d2b90a298e0145 --- Android.mk | 1 + wear_touch.cpp | 177 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ wear_touch.h | 58 +++++++++++++++++++ 3 files changed, 236 insertions(+) create mode 100644 wear_touch.cpp create mode 100644 wear_touch.h diff --git a/Android.mk b/Android.mk index 4477fefe3..5b488ca6d 100644 --- a/Android.mk +++ b/Android.mk @@ -41,6 +41,7 @@ LOCAL_SRC_FILES := \ ui.cpp \ verifier.cpp \ wear_ui.cpp \ + wear_touch.cpp \ LOCAL_MODULE := recovery diff --git a/wear_touch.cpp b/wear_touch.cpp new file mode 100644 index 000000000..f22d40b88 --- /dev/null +++ b/wear_touch.cpp @@ -0,0 +1,177 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" +#include "wear_touch.h" + +#include +#include +#include +#include +#include +#include +#include + +#include + +#define DEVICE_PATH "/dev/input" + +WearSwipeDetector::WearSwipeDetector(int low, int high, OnSwipeCallback callback, void* cookie): + mLowThreshold(low), + mHighThreshold(high), + mCallback(callback), + mCookie(cookie), + mCurrentSlot(-1) { + pthread_create(&mThread, NULL, touch_thread, this); +} + +WearSwipeDetector::~WearSwipeDetector() { +} + +void WearSwipeDetector::detect(int dx, int dy) { + enum SwipeDirection direction; + + if (abs(dy) < mLowThreshold && abs(dx) > mHighThreshold) { + direction = dx < 0 ? LEFT : RIGHT; + } else if (abs(dx) < mLowThreshold && abs(dy) > mHighThreshold) { + direction = dy < 0 ? UP : DOWN; + } else { + LOGD("Ignore %d %d\n", dx, dy); + return; + } + + LOGD("Swipe direction=%d\n", direction); + mCallback(mCookie, direction); +} + +void WearSwipeDetector::process(struct input_event *event) { + if (mCurrentSlot < 0) { + mCallback(mCookie, UP); + mCurrentSlot = 0; + } + + if (event->type == EV_ABS) { + if (event->code == ABS_MT_SLOT) + mCurrentSlot = event->value; + + // Ignore other fingers + if (mCurrentSlot > 0) { + return; + } + + switch (event->code) { + case ABS_MT_POSITION_X: + mX = event->value; + mFingerDown = true; + break; + + case ABS_MT_POSITION_Y: + mY = event->value; + mFingerDown = true; + break; + + case ABS_MT_TRACKING_ID: + if (event->value < 0) + mFingerDown = false; + break; + } + } else if (event->type == EV_SYN) { + if (event->code == SYN_REPORT) { + if (mFingerDown && !mSwiping) { + mStartX = mX; + mStartY = mY; + mSwiping = true; + } else if (!mFingerDown && mSwiping) { + mSwiping = false; + detect(mX - mStartX, mY - mStartY); + } + } + } +} + +void WearSwipeDetector::run() { + int fd = findDevice(DEVICE_PATH); + if (fd < 0) { + LOGE("no input devices found\n"); + return; + } + + struct input_event event; + while (read(fd, &event, sizeof(event)) == sizeof(event)) { + process(&event); + } + + close(fd); +} + +void* WearSwipeDetector::touch_thread(void* cookie) { + ((WearSwipeDetector*)cookie)->run(); + return NULL; +} + +#define test_bit(bit, array) (array[bit/8] & (1<<(bit%8))) + +int WearSwipeDetector::openDevice(const char *device) { + int fd = open(device, O_RDONLY); + if (fd < 0) { + LOGE("could not open %s, %s\n", device, strerror(errno)); + return false; + } + + char name[80]; + name[sizeof(name) - 1] = '\0'; + if (ioctl(fd, EVIOCGNAME(sizeof(name) - 1), &name) < 1) { + LOGE("could not get device name for %s, %s\n", device, strerror(errno)); + name[0] = '\0'; + } + + uint8_t bits[512]; + memset(bits, 0, sizeof(bits)); + int ret = ioctl(fd, EVIOCGBIT(EV_ABS, sizeof(bits)), bits); + if (ret > 0) { + if (test_bit(ABS_MT_POSITION_X, bits) && test_bit(ABS_MT_POSITION_Y, bits)) { + LOGD("Found %s %s\n", device, name); + return fd; + } + } + + close(fd); + return -1; +} + +int WearSwipeDetector::findDevice(const char* path) { + DIR* dir = opendir(path); + if (dir == NULL) { + LOGE("Could not open directory %s", path); + return false; + } + + struct dirent* entry; + int ret = -1; + while (ret < 0 && (entry = readdir(dir)) != NULL) { + if (entry->d_name[0] == '.') continue; + + char device[PATH_MAX]; + device[PATH_MAX-1] = '\0'; + snprintf(device, PATH_MAX-1, "%s/%s", path, entry->d_name); + + ret = openDevice(device); + } + + closedir(dir); + return ret; +} + diff --git a/wear_touch.h b/wear_touch.h new file mode 100644 index 000000000..9a1d3150c --- /dev/null +++ b/wear_touch.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __WEAR_TOUCH_H +#define __WEAR_TOUCH_H + +#include + +class WearSwipeDetector { + +public: + enum SwipeDirection { UP, DOWN, RIGHT, LEFT }; + typedef void (*OnSwipeCallback)(void* cookie, enum SwipeDirection direction); + + WearSwipeDetector(int low, int high, OnSwipeCallback cb, void* cookie); + ~WearSwipeDetector(); + +private: + void run(); + void process(struct input_event *event); + void detect(int dx, int dy); + + pthread_t mThread; + static void* touch_thread(void* cookie); + + int findDevice(const char* path); + int openDevice(const char* device); + + int mLowThreshold; + int mHighThreshold; + + OnSwipeCallback mCallback; + void *mCookie; + + int mX; + int mY; + int mStartX; + int mStartY; + + int mCurrentSlot; + bool mFingerDown; + bool mSwiping; +}; + +#endif // __WEAR_TOUCH_H -- cgit v1.2.3 From ff6df890a2a01bf3bf56d3f430b17a5ef69055cf Mon Sep 17 00:00:00 2001 From: Jed Estep Date: Tue, 15 Dec 2015 16:04:53 -0800 Subject: Control fault injection with config files instead of build flags Bug: 27724259 Change-Id: I65bdefed10b3fb85fcb9e1147eaf0687d7d438f4 --- applypatch/applypatch.cpp | 2 +- otafault/Android.mk | 43 ++++-------- otafault/config.cpp | 70 +++++++++++++++++++ otafault/config.h | 74 ++++++++++++++++++++ otafault/ota_io.cpp | 174 +++++++++++++++++++--------------------------- otafault/ota_io.h | 4 ++ otafault/test.cpp | 6 +- updater/blockimg.cpp | 2 +- updater/install.cpp | 2 +- updater/updater.cpp | 2 + 10 files changed, 242 insertions(+), 137 deletions(-) create mode 100644 otafault/config.cpp create mode 100644 otafault/config.h diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp index 9d8a21797..7985fc0c6 100644 --- a/applypatch/applypatch.cpp +++ b/applypatch/applypatch.cpp @@ -34,8 +34,8 @@ #include "applypatch.h" #include "mtdutils/mtdutils.h" #include "edify/expr.h" +#include "ota_io.h" #include "print_sha1.h" -#include "otafault/ota_io.h" static int LoadPartitionContents(const char* filename, FileContents* file); static ssize_t FileSink(const unsigned char* data, ssize_t len, void* token); diff --git a/otafault/Android.mk b/otafault/Android.mk index 75617a146..7468de6c4 100644 --- a/otafault/Android.mk +++ b/otafault/Android.mk @@ -1,10 +1,10 @@ -# Copyright 2015 The ANdroid Open Source Project +# Copyright 2015 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -14,45 +14,30 @@ LOCAL_PATH := $(call my-dir) -empty := -space := $(empty) $(empty) -comma := , - -ifneq ($(TARGET_INJECT_FAULTS),) -TARGET_INJECT_FAULTS := $(subst $(comma),$(space),$(strip $(TARGET_INJECT_FAULTS))) -endif - include $(CLEAR_VARS) -LOCAL_SRC_FILES := ota_io.cpp +otafault_static_libs := \ + libminzip \ + libz \ + libselinux \ + +LOCAL_SRC_FILES := config.cpp ota_io.cpp LOCAL_MODULE_TAGS := eng LOCAL_MODULE := libotafault LOCAL_CLANG := true - -ifneq ($(TARGET_INJECT_FAULTS),) -$(foreach ft,$(TARGET_INJECT_FAULTS),\ - $(eval LOCAL_CFLAGS += -DTARGET_$(ft)_FAULT=$(TARGET_$(ft)_FAULT_FILE))) -LOCAL_CFLAGS += -Wno-unused-parameter -LOCAL_CFLAGS += -DTARGET_INJECT_FAULTS -endif - -LOCAL_STATIC_LIBRARIES := libc +LOCAL_C_INCLUDES := bootable/recovery +LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) +LOCAL_WHOLE_STATIC_LIBRARIES := $(otafault_static_libs) include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) -LOCAL_SRC_FILES := ota_io.cpp test.cpp +LOCAL_SRC_FILES := config.cpp ota_io.cpp test.cpp LOCAL_MODULE_TAGS := tests LOCAL_MODULE := otafault_test -LOCAL_STATIC_LIBRARIES := libc +LOCAL_STATIC_LIBRARIES := $(otafault_static_libs) +LOCAL_C_INCLUDES := bootable/recovery LOCAL_FORCE_STATIC_EXECUTABLE := true -LOCAL_CFLAGS += -Wno-unused-parameter -Wno-writable-strings - -ifneq ($(TARGET_INJECT_FAULTS),) -$(foreach ft,$(TARGET_INJECT_FAULTS),\ - $(eval LOCAL_CFLAGS += -DTARGET_$(ft)_FAULT=$(TARGET_$(ft)_FAULT_FILE))) -LOCAL_CFLAGS += -DTARGET_INJECT_FAULTS -endif include $(BUILD_EXECUTABLE) diff --git a/otafault/config.cpp b/otafault/config.cpp new file mode 100644 index 000000000..aa4b4d5ce --- /dev/null +++ b/otafault/config.cpp @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include +#include + +#include "minzip/Zip.h" +#include "config.h" +#include "ota_io.h" + +#define OTAIO_MAX_FNAME_SIZE 128 + +static ZipArchive* archive; +static std::map should_inject_cache; + +static const char* get_type_path(const char* io_type) { + char* path = (char*)calloc(strlen(io_type) + strlen(OTAIO_BASE_DIR) + 2, sizeof(char)); + sprintf(path, "%s/%s", OTAIO_BASE_DIR, io_type); + return path; +} + +void ota_io_init(ZipArchive* za) { + archive = za; + ota_set_fault_files(); +} + +bool should_fault_inject(const char* io_type) { + // archive will be NULL if we used an entry point other + // than updater/updater.cpp:main + if (archive == NULL) { + return false; + } + if (should_inject_cache.find(io_type) != should_inject_cache.end()) { + return should_inject_cache[io_type]; + } + const char* type_path = get_type_path(io_type); + const ZipEntry* entry = mzFindZipEntry(archive, type_path); + should_inject_cache[type_path] = entry != nullptr; + free((void*)type_path); + return entry != NULL; +} + +bool should_hit_cache() { + return should_fault_inject(OTAIO_CACHE); +} + +std::string fault_fname(const char* io_type) { + const char* type_path = get_type_path(io_type); + char* fname = (char*) calloc(OTAIO_MAX_FNAME_SIZE, sizeof(char)); + const ZipEntry* entry = mzFindZipEntry(archive, type_path); + mzReadZipEntry(archive, entry, fname, OTAIO_MAX_FNAME_SIZE); + free((void*)type_path); + return std::string(fname); +} diff --git a/otafault/config.h b/otafault/config.h new file mode 100644 index 000000000..4430be3fb --- /dev/null +++ b/otafault/config.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * Read configuration files in the OTA package to determine which files, if any, will trigger errors. + * + * OTA packages can be modified to trigger errors by adding a top-level + * directory called .libotafault, which may optionally contain up to three + * files called READ, WRITE, and FSYNC. Each one of these optional files + * contains the name of a single file on the device disk which will cause + * an IO error on the first call of the appropriate I/O action to that file. + * + * Example: + * ota.zip + * + * .libotafault + * WRITE + * + * If the contents of the file WRITE were /system/build.prop, the first write + * action to /system/build.prop would fail with EIO. Note that READ and + * FSYNC files are absent, so these actions will not cause an error. + */ + +#ifndef _UPDATER_OTA_IO_CFG_H_ +#define _UPDATER_OTA_IO_CFG_H_ + +#include + +#include + +#include "minzip/Zip.h" + +#define OTAIO_BASE_DIR ".libotafault" +#define OTAIO_READ "READ" +#define OTAIO_WRITE "WRITE" +#define OTAIO_FSYNC "FSYNC" +#define OTAIO_CACHE "CACHE" + +/* + * Initialize libotafault by providing a reference to the OTA package. + */ +void ota_io_init(ZipArchive* za); + +/* + * Return true if a config file is present for the given IO type. + */ +bool should_fault_inject(const char* io_type); + +/* + * Return true if an EIO should occur on the next hit to /cache/saved.file + * instead of the next hit to the specified file. + */ +bool should_hit_cache(); + +/* + * Return the name of the file that should cause an error for the + * given IO type. + */ +std::string fault_fname(const char* io_type); + +#endif diff --git a/otafault/ota_io.cpp b/otafault/ota_io.cpp index 9434ebea3..04458537b 100644 --- a/otafault/ota_io.cpp +++ b/otafault/ota_io.cpp @@ -14,9 +14,7 @@ * limitations under the License. */ -#if defined (TARGET_INJECT_FAULTS) #include -#endif #include #include @@ -24,185 +22,155 @@ #include #include +#include "config.h" #include "ota_io.h" -#if defined (TARGET_INJECT_FAULTS) -static std::map FilenameCache; -static std::string FaultFileName = -#if defined (TARGET_READ_FAULT) - TARGET_READ_FAULT; -#elif defined (TARGET_WRITE_FAULT) - TARGET_WRITE_FAULT; -#elif defined (TARGET_FSYNC_FAULT) - TARGET_FSYNC_FAULT; -#endif // defined (TARGET_READ_FAULT) -#endif // defined (TARGET_INJECT_FAULTS) +static std::map filename_cache; +static std::string read_fault_file_name = ""; +static std::string write_fault_file_name = ""; +static std::string fsync_fault_file_name = ""; + +static bool get_hit_file(const char* cached_path, std::string ffn) { + return should_hit_cache() + ? !strncmp(cached_path, OTAIO_CACHE_FNAME, strlen(cached_path)) + : !strncmp(cached_path, ffn.c_str(), strlen(cached_path)); +} + +void ota_set_fault_files() { + if (should_fault_inject(OTAIO_READ)) { + read_fault_file_name = fault_fname(OTAIO_READ); + } + if (should_fault_inject(OTAIO_WRITE)) { + write_fault_file_name = fault_fname(OTAIO_WRITE); + } + if (should_fault_inject(OTAIO_FSYNC)) { + fsync_fault_file_name = fault_fname(OTAIO_FSYNC); + } +} bool have_eio_error = false; int ota_open(const char* path, int oflags) { -#if defined (TARGET_INJECT_FAULTS) // Let the caller handle errors; we do not care if open succeeds or fails int fd = open(path, oflags); - FilenameCache[fd] = path; + filename_cache[fd] = path; return fd; -#else - return open(path, oflags); -#endif } int ota_open(const char* path, int oflags, mode_t mode) { -#if defined (TARGET_INJECT_FAULTS) int fd = open(path, oflags, mode); - FilenameCache[fd] = path; - return fd; -#else - return open(path, oflags, mode); -#endif -} + filename_cache[fd] = path; + return fd; } FILE* ota_fopen(const char* path, const char* mode) { -#if defined (TARGET_INJECT_FAULTS) FILE* fh = fopen(path, mode); - FilenameCache[(intptr_t)fh] = path; + filename_cache[(intptr_t)fh] = path; return fh; -#else - return fopen(path, mode); -#endif } int ota_close(int fd) { -#if defined (TARGET_INJECT_FAULTS) - // descriptors can be reused, so make sure not to leave them in the cahce - FilenameCache.erase(fd); -#endif + // descriptors can be reused, so make sure not to leave them in the cache + filename_cache.erase(fd); return close(fd); } int ota_fclose(FILE* fh) { -#if defined (TARGET_INJECT_FAULTS) - FilenameCache.erase((intptr_t)fh); -#endif + filename_cache.erase((intptr_t)fh); return fclose(fh); } size_t ota_fread(void* ptr, size_t size, size_t nitems, FILE* stream) { -#if defined (TARGET_READ_FAULT) - if (FilenameCache.find((intptr_t)stream) != FilenameCache.end() - && FilenameCache[(intptr_t)stream] == FaultFileName) { - FaultFileName = ""; - errno = EIO; - have_eio_error = true; - return 0; - } else { - size_t status = fread(ptr, size, nitems, stream); - // If I/O error occurs, set the retry-update flag. - if (status != nitems && errno == EIO) { + if (should_fault_inject(OTAIO_READ)) { + auto cached = filename_cache.find((intptr_t)stream); + const char* cached_path = cached->second; + if (cached != filename_cache.end() && + get_hit_file(cached_path, read_fault_file_name)) { + read_fault_file_name = ""; + errno = EIO; have_eio_error = true; + return 0; } - return status; } -#else size_t status = fread(ptr, size, nitems, stream); if (status != nitems && errno == EIO) { have_eio_error = true; } return status; -#endif } ssize_t ota_read(int fd, void* buf, size_t nbyte) { -#if defined (TARGET_READ_FAULT) - if (FilenameCache.find(fd) != FilenameCache.end() - && FilenameCache[fd] == FaultFileName) { - FaultFileName = ""; - errno = EIO; - have_eio_error = true; - return -1; - } else { - ssize_t status = read(fd, buf, nbyte); - if (status == -1 && errno == EIO) { + if (should_fault_inject(OTAIO_READ)) { + auto cached = filename_cache.find(fd); + const char* cached_path = cached->second; + if (cached != filename_cache.end() + && get_hit_file(cached_path, read_fault_file_name)) { + read_fault_file_name = ""; + errno = EIO; have_eio_error = true; + return -1; } - return status; } -#else ssize_t status = read(fd, buf, nbyte); if (status == -1 && errno == EIO) { have_eio_error = true; } return status; -#endif } size_t ota_fwrite(const void* ptr, size_t size, size_t count, FILE* stream) { -#if defined (TARGET_WRITE_FAULT) - if (FilenameCache.find((intptr_t)stream) != FilenameCache.end() - && FilenameCache[(intptr_t)stream] == FaultFileName) { - FaultFileName = ""; - errno = EIO; - have_eio_error = true; - return 0; - } else { - size_t status = fwrite(ptr, size, count, stream); - if (status != count && errno == EIO) { + if (should_fault_inject(OTAIO_WRITE)) { + auto cached = filename_cache.find((intptr_t)stream); + const char* cached_path = cached->second; + if (cached != filename_cache.end() && + get_hit_file(cached_path, write_fault_file_name)) { + write_fault_file_name = ""; + errno = EIO; have_eio_error = true; + return 0; } - return status; } -#else size_t status = fwrite(ptr, size, count, stream); if (status != count && errno == EIO) { have_eio_error = true; } return status; -#endif } ssize_t ota_write(int fd, const void* buf, size_t nbyte) { -#if defined (TARGET_WRITE_FAULT) - if (FilenameCache.find(fd) != FilenameCache.end() - && FilenameCache[fd] == FaultFileName) { - FaultFileName = ""; - errno = EIO; - have_eio_error = true; - return -1; - } else { - ssize_t status = write(fd, buf, nbyte); - if (status == -1 && errno == EIO) { + if (should_fault_inject(OTAIO_WRITE)) { + auto cached = filename_cache.find(fd); + const char* cached_path = cached->second; + if (cached != filename_cache.end() && + get_hit_file(cached_path, write_fault_file_name)) { + write_fault_file_name = ""; + errno = EIO; have_eio_error = true; + return -1; } - return status; } -#else ssize_t status = write(fd, buf, nbyte); if (status == -1 && errno == EIO) { have_eio_error = true; } return status; -#endif } int ota_fsync(int fd) { -#if defined (TARGET_FSYNC_FAULT) - if (FilenameCache.find(fd) != FilenameCache.end() - && FilenameCache[fd] == FaultFileName) { - FaultFileName = ""; - errno = EIO; - have_eio_error = true; - return -1; - } else { - int status = fsync(fd); - if (status == -1 && errno == EIO) { + if (should_fault_inject(OTAIO_FSYNC)) { + auto cached = filename_cache.find(fd); + const char* cached_path = cached->second; + if (cached != filename_cache.end() && + get_hit_file(cached_path, fsync_fault_file_name)) { + fsync_fault_file_name = ""; + errno = EIO; have_eio_error = true; + return -1; } - return status; } -#else int status = fsync(fd); if (status == -1 && errno == EIO) { have_eio_error = true; } return status; -#endif } + diff --git a/otafault/ota_io.h b/otafault/ota_io.h index 641a5ae0a..84187a76e 100644 --- a/otafault/ota_io.h +++ b/otafault/ota_io.h @@ -26,6 +26,10 @@ #include #include +#define OTAIO_CACHE_FNAME "/cache/saved.file" + +void ota_set_fault_files(); + int ota_open(const char* path, int oflags); int ota_open(const char* path, int oflags, mode_t mode); diff --git a/otafault/test.cpp b/otafault/test.cpp index a0f731517..6514782bf 100644 --- a/otafault/test.cpp +++ b/otafault/test.cpp @@ -17,16 +17,18 @@ #include #include #include +#include #include "ota_io.h" -int main(int argc, char **argv) { +int main(int /* argc */, char** /* argv */) { int fd = open("testdata/test.file", O_RDWR); char buf[8]; - char *out = "321"; + const char* out = "321"; int readv = ota_read(fd, buf, 4); printf("Read returned %d\n", readv); int writev = ota_write(fd, out, 4); printf("Write returned %d\n", writev); + close(fd); return 0; } diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index e9c8ddbc0..faa7008c5 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -45,7 +45,7 @@ #include "install.h" #include "openssl/sha.h" #include "minzip/Hash.h" -#include "otafault/ota_io.h" +#include "ota_io.h" #include "print_sha1.h" #include "unique_fd.h" #include "updater.h" diff --git a/updater/install.cpp b/updater/install.cpp index b7d9e85a2..6ae1e5fbf 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -51,7 +51,7 @@ #include "minzip/DirUtil.h" #include "mtdutils/mounts.h" #include "mtdutils/mtdutils.h" -#include "otafault/ota_io.h" +#include "ota_io.h" #include "updater.h" #include "install.h" #include "tune2fs.h" diff --git a/updater/updater.cpp b/updater/updater.cpp index ddc01e125..1693fa1db 100644 --- a/updater/updater.cpp +++ b/updater/updater.cpp @@ -25,6 +25,7 @@ #include "blockimg.h" #include "minzip/Zip.h" #include "minzip/SysUtil.h" +#include "config.h" // Generated by the makefile, this function defines the // RegisterDeviceExtensions() function, which calls all the @@ -84,6 +85,7 @@ int main(int argc, char** argv) { argv[3], strerror(err)); return 3; } + ota_io_init(&za); const ZipEntry* script_entry = mzFindZipEntry(&za, SCRIPT_NAME); if (script_entry == NULL) { -- cgit v1.2.3 From 88dd7796a1fd4c64d57afb20021bf66cb26fa886 Mon Sep 17 00:00:00 2001 From: Jed Estep Date: Tue, 22 Mar 2016 15:25:27 -0700 Subject: Correct caching behavior for should_inject_cache Bug: 27800498 Change-Id: I5255283c1d04a385ed719c5bc2be461cae9f3648 --- otafault/Android.mk | 3 ++- otafault/config.cpp | 31 +++++++++++++++---------------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/otafault/Android.mk b/otafault/Android.mk index 7468de6c4..ba7add855 100644 --- a/otafault/Android.mk +++ b/otafault/Android.mk @@ -17,9 +17,10 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) otafault_static_libs := \ + libbase \ libminzip \ libz \ - libselinux \ + libselinux LOCAL_SRC_FILES := config.cpp ota_io.cpp LOCAL_MODULE_TAGS := eng diff --git a/otafault/config.cpp b/otafault/config.cpp index aa4b4d5ce..b4567392d 100644 --- a/otafault/config.cpp +++ b/otafault/config.cpp @@ -20,6 +20,8 @@ #include #include +#include + #include "minzip/Zip.h" #include "config.h" #include "ota_io.h" @@ -27,12 +29,10 @@ #define OTAIO_MAX_FNAME_SIZE 128 static ZipArchive* archive; -static std::map should_inject_cache; +static std::map should_inject_cache; -static const char* get_type_path(const char* io_type) { - char* path = (char*)calloc(strlen(io_type) + strlen(OTAIO_BASE_DIR) + 2, sizeof(char)); - sprintf(path, "%s/%s", OTAIO_BASE_DIR, io_type); - return path; +static std::string get_type_path(const char* io_type) { + return android::base::StringPrintf("%s/%s", OTAIO_BASE_DIR, io_type); } void ota_io_init(ZipArchive* za) { @@ -46,13 +46,12 @@ bool should_fault_inject(const char* io_type) { if (archive == NULL) { return false; } - if (should_inject_cache.find(io_type) != should_inject_cache.end()) { - return should_inject_cache[io_type]; + const std::string type_path = get_type_path(io_type); + if (should_inject_cache.find(type_path) != should_inject_cache.end()) { + return should_inject_cache[type_path]; } - const char* type_path = get_type_path(io_type); - const ZipEntry* entry = mzFindZipEntry(archive, type_path); + const ZipEntry* entry = mzFindZipEntry(archive, type_path.c_str()); should_inject_cache[type_path] = entry != nullptr; - free((void*)type_path); return entry != NULL; } @@ -61,10 +60,10 @@ bool should_hit_cache() { } std::string fault_fname(const char* io_type) { - const char* type_path = get_type_path(io_type); - char* fname = (char*) calloc(OTAIO_MAX_FNAME_SIZE, sizeof(char)); - const ZipEntry* entry = mzFindZipEntry(archive, type_path); - mzReadZipEntry(archive, entry, fname, OTAIO_MAX_FNAME_SIZE); - free((void*)type_path); - return std::string(fname); + std::string type_path = get_type_path(io_type); + std::string fname; + fname.resize(OTAIO_MAX_FNAME_SIZE); + const ZipEntry* entry = mzFindZipEntry(archive, type_path.c_str()); + mzReadZipEntry(archive, entry, &fname[0], OTAIO_MAX_FNAME_SIZE); + return fname; } -- cgit v1.2.3 From 0188935d55206e8c2becb29e995f166cb7040355 Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Tue, 22 Mar 2016 18:08:12 -0700 Subject: Skip stashing source blocks in verify mode Currently block_image_verify() stashes source blocks to /cache and in some case triggers I/O errors. To avoid this risk, We create a map from the hash value to the source blocks' range_set. When executing stash command in verify mode, source range is saved but block contents aren't stashed. And load_stash could get its value from either the stashed file from the previous update, or the contents on the source partition specified by the saved range. Bug: 27584487 Bug: 25633753 Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996 --- updater/blockimg.cpp | 54 ++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 46 insertions(+), 8 deletions(-) diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index faa7008c5..c20bad904 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -33,6 +33,7 @@ #include #include +#include #include #include #include @@ -67,6 +68,8 @@ struct RangeSet { std::vector pos; // Actual limit is INT_MAX. }; +static std::map stash_map; + static void parse_range(const std::string& range_text, RangeSet& rs) { std::vector pieces = android::base::Split(range_text, ","); @@ -522,8 +525,28 @@ static void DeleteStash(const std::string& base) { } } -static int LoadStash(const std::string& base, const std::string& id, bool verify, size_t* blocks, - std::vector& buffer, bool printnoent) { +static int LoadStash(CommandParameters& params, const std::string& base, const std::string& id, + bool verify, size_t* blocks, std::vector& buffer, bool printnoent) { + // In verify mode, if source range_set was saved for the given hash, + // check contents in the source blocks first. If the check fails, + // search for the stashed files on /cache as usual. + if (!params.canwrite) { + if (stash_map.find(id) != stash_map.end()) { + const RangeSet& src = stash_map[id]; + allocate(src.size * BLOCKSIZE, buffer); + + if (ReadBlocks(src, buffer, params.fd) == -1) { + fprintf(stderr, "failed to read source blocks in stash map.\n"); + return -1; + } + if (VerifyBlocks(id, buffer, src.size, true) != 0) { + fprintf(stderr, "failed to verify loaded source blocks in stash map.\n"); + return -1; + } + return 0; + } + } + if (base.empty()) { return -1; } @@ -722,7 +745,7 @@ static int SaveStash(CommandParameters& params, const std::string& base, const std::string& id = params.tokens[params.cpos++]; size_t blocks = 0; - if (usehash && LoadStash(base, id, true, &blocks, buffer, false) == 0) { + if (usehash && LoadStash(params, base, id, true, &blocks, buffer, false) == 0) { // Stash file already exists and has expected contents. Do not // read from source again, as the source may have been already // overwritten during a previous attempt. @@ -747,6 +770,12 @@ static int SaveStash(CommandParameters& params, const std::string& base, return 0; } + // In verify mode, save source range_set instead of stashing blocks. + if (!params.canwrite && usehash) { + stash_map[id] = src; + return 0; + } + fprintf(stderr, "stashing %zu blocks to %s\n", blocks, id.c_str()); return WriteStash(base, id, blocks, buffer, false, nullptr); } @@ -857,7 +886,7 @@ static int LoadSrcTgtVersion2(CommandParameters& params, RangeSet& tgt, size_t& } std::vector stash; - int res = LoadStash(stashbase, tokens[0], false, nullptr, stash, true); + int res = LoadStash(params, stashbase, tokens[0], false, nullptr, stash, true); if (res == -1) { // These source blocks will fail verification if used later, but we @@ -931,8 +960,9 @@ static int LoadSrcTgtVersion3(CommandParameters& params, RangeSet& tgt, size_t& if (VerifyBlocks(srchash, params.buffer, src_blocks, true) == 0) { // If source and target blocks overlap, stash the source blocks so we can - // resume from possible write errors - if (overlap) { + // resume from possible write errors. In verify mode, we can skip stashing + // because the source blocks won't be overwritten. + if (overlap && params.canwrite) { fprintf(stderr, "stashing %zu overlapping blocks to %s\n", src_blocks, srchash.c_str()); @@ -953,7 +983,8 @@ static int LoadSrcTgtVersion3(CommandParameters& params, RangeSet& tgt, size_t& return 0; } - if (overlap && LoadStash(params.stashbase, srchash, true, nullptr, params.buffer, true) == 0) { + if (overlap && LoadStash(params, params.stashbase, srchash, true, nullptr, params.buffer, + true) == 0) { // Overlapping source blocks were previously stashed, command can proceed. // We are recovering from an interrupted command, so we don't know if the // stash can safely be deleted after this command. @@ -1028,8 +1059,15 @@ static int PerformCommandFree(CommandParameters& params) { return -1; } + const std::string& id = params.tokens[params.cpos++]; + + if (!params.canwrite && stash_map.find(id) != stash_map.end()) { + stash_map.erase(id); + return 0; + } + if (params.createdstash || params.canwrite) { - return FreeStash(params.stashbase, params.tokens[params.cpos++]); + return FreeStash(params.stashbase, id); } return 0; -- cgit v1.2.3 From cc79490fa83fe2dea6cbcd219751d346645ca7ec Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Tue, 22 Mar 2016 21:18:58 -0700 Subject: Move recovery_l10n here from development/tools. Bug: http://b/27837319 (cherry picked from commit 3d0153a807042dd1bdb7e9fd81d16429a205d9ce) Change-Id: Iec2cd10fa77ed1881d55ac4e0ab48e45172f0cf7 --- tools/recovery_l10n/Android.mk | 12 + tools/recovery_l10n/AndroidManifest.xml | 18 ++ tools/recovery_l10n/res/layout/main.xml | 31 ++ tools/recovery_l10n/res/values-af/strings.xml | 8 + tools/recovery_l10n/res/values-am/strings.xml | 8 + tools/recovery_l10n/res/values-ar/strings.xml | 8 + tools/recovery_l10n/res/values-az-rAZ/strings.xml | 8 + tools/recovery_l10n/res/values-bg/strings.xml | 8 + tools/recovery_l10n/res/values-bn-rBD/strings.xml | 8 + tools/recovery_l10n/res/values-ca/strings.xml | 8 + tools/recovery_l10n/res/values-cs/strings.xml | 8 + tools/recovery_l10n/res/values-da/strings.xml | 8 + tools/recovery_l10n/res/values-de/strings.xml | 8 + tools/recovery_l10n/res/values-el/strings.xml | 8 + tools/recovery_l10n/res/values-en-rAU/strings.xml | 8 + tools/recovery_l10n/res/values-en-rGB/strings.xml | 8 + tools/recovery_l10n/res/values-en-rIN/strings.xml | 8 + tools/recovery_l10n/res/values-es-rUS/strings.xml | 8 + tools/recovery_l10n/res/values-es/strings.xml | 8 + tools/recovery_l10n/res/values-et-rEE/strings.xml | 8 + tools/recovery_l10n/res/values-eu-rES/strings.xml | 8 + tools/recovery_l10n/res/values-fa/strings.xml | 8 + tools/recovery_l10n/res/values-fi/strings.xml | 8 + tools/recovery_l10n/res/values-fr-rCA/strings.xml | 8 + tools/recovery_l10n/res/values-fr/strings.xml | 8 + tools/recovery_l10n/res/values-gl-rES/strings.xml | 8 + tools/recovery_l10n/res/values-gu-rIN/strings.xml | 8 + tools/recovery_l10n/res/values-hi/strings.xml | 8 + tools/recovery_l10n/res/values-hr/strings.xml | 8 + tools/recovery_l10n/res/values-hu/strings.xml | 8 + tools/recovery_l10n/res/values-hy-rAM/strings.xml | 8 + tools/recovery_l10n/res/values-in/strings.xml | 8 + tools/recovery_l10n/res/values-is-rIS/strings.xml | 8 + tools/recovery_l10n/res/values-it/strings.xml | 8 + tools/recovery_l10n/res/values-iw/strings.xml | 8 + tools/recovery_l10n/res/values-ja/strings.xml | 8 + tools/recovery_l10n/res/values-ka-rGE/strings.xml | 8 + tools/recovery_l10n/res/values-kk-rKZ/strings.xml | 8 + tools/recovery_l10n/res/values-km-rKH/strings.xml | 8 + tools/recovery_l10n/res/values-kn-rIN/strings.xml | 8 + tools/recovery_l10n/res/values-ko/strings.xml | 8 + tools/recovery_l10n/res/values-ky-rKG/strings.xml | 8 + tools/recovery_l10n/res/values-lo-rLA/strings.xml | 8 + tools/recovery_l10n/res/values-lt/strings.xml | 8 + tools/recovery_l10n/res/values-lv/strings.xml | 8 + tools/recovery_l10n/res/values-mk-rMK/strings.xml | 8 + tools/recovery_l10n/res/values-ml-rIN/strings.xml | 8 + tools/recovery_l10n/res/values-mn-rMN/strings.xml | 8 + tools/recovery_l10n/res/values-mr-rIN/strings.xml | 8 + tools/recovery_l10n/res/values-ms-rMY/strings.xml | 8 + tools/recovery_l10n/res/values-my-rMM/strings.xml | 8 + tools/recovery_l10n/res/values-nb/strings.xml | 8 + tools/recovery_l10n/res/values-ne-rNP/strings.xml | 8 + tools/recovery_l10n/res/values-nl/strings.xml | 8 + tools/recovery_l10n/res/values-pa-rIN/strings.xml | 8 + tools/recovery_l10n/res/values-pl/strings.xml | 8 + tools/recovery_l10n/res/values-pt-rBR/strings.xml | 8 + tools/recovery_l10n/res/values-pt-rPT/strings.xml | 8 + tools/recovery_l10n/res/values-pt/strings.xml | 8 + tools/recovery_l10n/res/values-ro/strings.xml | 8 + tools/recovery_l10n/res/values-ru/strings.xml | 8 + tools/recovery_l10n/res/values-si-rLK/strings.xml | 8 + tools/recovery_l10n/res/values-sk/strings.xml | 8 + tools/recovery_l10n/res/values-sl/strings.xml | 8 + tools/recovery_l10n/res/values-sq-rAL/strings.xml | 8 + tools/recovery_l10n/res/values-sr/strings.xml | 8 + tools/recovery_l10n/res/values-sv/strings.xml | 8 + tools/recovery_l10n/res/values-sw/strings.xml | 8 + tools/recovery_l10n/res/values-ta-rIN/strings.xml | 8 + tools/recovery_l10n/res/values-te-rIN/strings.xml | 8 + tools/recovery_l10n/res/values-th/strings.xml | 8 + tools/recovery_l10n/res/values-tl/strings.xml | 8 + tools/recovery_l10n/res/values-tr/strings.xml | 8 + tools/recovery_l10n/res/values-uk/strings.xml | 8 + tools/recovery_l10n/res/values-ur-rPK/strings.xml | 8 + tools/recovery_l10n/res/values-uz-rUZ/strings.xml | 8 + tools/recovery_l10n/res/values-vi/strings.xml | 8 + tools/recovery_l10n/res/values-zh-rCN/strings.xml | 8 + tools/recovery_l10n/res/values-zh-rHK/strings.xml | 8 + tools/recovery_l10n/res/values-zh-rTW/strings.xml | 8 + tools/recovery_l10n/res/values-zu/strings.xml | 8 + tools/recovery_l10n/res/values/strings.xml | 34 +++ .../src/com/android/recovery_l10n/Main.java | 319 +++++++++++++++++++++ 83 files changed, 1038 insertions(+) create mode 100644 tools/recovery_l10n/Android.mk create mode 100644 tools/recovery_l10n/AndroidManifest.xml create mode 100644 tools/recovery_l10n/res/layout/main.xml create mode 100644 tools/recovery_l10n/res/values-af/strings.xml create mode 100644 tools/recovery_l10n/res/values-am/strings.xml create mode 100644 tools/recovery_l10n/res/values-ar/strings.xml create mode 100644 tools/recovery_l10n/res/values-az-rAZ/strings.xml create mode 100644 tools/recovery_l10n/res/values-bg/strings.xml create mode 100644 tools/recovery_l10n/res/values-bn-rBD/strings.xml create mode 100644 tools/recovery_l10n/res/values-ca/strings.xml create mode 100644 tools/recovery_l10n/res/values-cs/strings.xml create mode 100644 tools/recovery_l10n/res/values-da/strings.xml create mode 100644 tools/recovery_l10n/res/values-de/strings.xml create mode 100644 tools/recovery_l10n/res/values-el/strings.xml create mode 100644 tools/recovery_l10n/res/values-en-rAU/strings.xml create mode 100644 tools/recovery_l10n/res/values-en-rGB/strings.xml create mode 100644 tools/recovery_l10n/res/values-en-rIN/strings.xml create mode 100644 tools/recovery_l10n/res/values-es-rUS/strings.xml create mode 100644 tools/recovery_l10n/res/values-es/strings.xml create mode 100644 tools/recovery_l10n/res/values-et-rEE/strings.xml create mode 100644 tools/recovery_l10n/res/values-eu-rES/strings.xml create mode 100644 tools/recovery_l10n/res/values-fa/strings.xml create mode 100644 tools/recovery_l10n/res/values-fi/strings.xml create mode 100644 tools/recovery_l10n/res/values-fr-rCA/strings.xml create mode 100644 tools/recovery_l10n/res/values-fr/strings.xml create mode 100644 tools/recovery_l10n/res/values-gl-rES/strings.xml create mode 100644 tools/recovery_l10n/res/values-gu-rIN/strings.xml create mode 100644 tools/recovery_l10n/res/values-hi/strings.xml create mode 100644 tools/recovery_l10n/res/values-hr/strings.xml create mode 100644 tools/recovery_l10n/res/values-hu/strings.xml create mode 100644 tools/recovery_l10n/res/values-hy-rAM/strings.xml create mode 100644 tools/recovery_l10n/res/values-in/strings.xml create mode 100644 tools/recovery_l10n/res/values-is-rIS/strings.xml create mode 100644 tools/recovery_l10n/res/values-it/strings.xml create mode 100644 tools/recovery_l10n/res/values-iw/strings.xml create mode 100644 tools/recovery_l10n/res/values-ja/strings.xml create mode 100644 tools/recovery_l10n/res/values-ka-rGE/strings.xml create mode 100644 tools/recovery_l10n/res/values-kk-rKZ/strings.xml create mode 100644 tools/recovery_l10n/res/values-km-rKH/strings.xml create mode 100644 tools/recovery_l10n/res/values-kn-rIN/strings.xml create mode 100644 tools/recovery_l10n/res/values-ko/strings.xml create mode 100644 tools/recovery_l10n/res/values-ky-rKG/strings.xml create mode 100644 tools/recovery_l10n/res/values-lo-rLA/strings.xml create mode 100644 tools/recovery_l10n/res/values-lt/strings.xml create mode 100644 tools/recovery_l10n/res/values-lv/strings.xml create mode 100644 tools/recovery_l10n/res/values-mk-rMK/strings.xml create mode 100644 tools/recovery_l10n/res/values-ml-rIN/strings.xml create mode 100644 tools/recovery_l10n/res/values-mn-rMN/strings.xml create mode 100644 tools/recovery_l10n/res/values-mr-rIN/strings.xml create mode 100644 tools/recovery_l10n/res/values-ms-rMY/strings.xml create mode 100644 tools/recovery_l10n/res/values-my-rMM/strings.xml create mode 100644 tools/recovery_l10n/res/values-nb/strings.xml create mode 100644 tools/recovery_l10n/res/values-ne-rNP/strings.xml create mode 100644 tools/recovery_l10n/res/values-nl/strings.xml create mode 100644 tools/recovery_l10n/res/values-pa-rIN/strings.xml create mode 100644 tools/recovery_l10n/res/values-pl/strings.xml create mode 100644 tools/recovery_l10n/res/values-pt-rBR/strings.xml create mode 100644 tools/recovery_l10n/res/values-pt-rPT/strings.xml create mode 100644 tools/recovery_l10n/res/values-pt/strings.xml create mode 100644 tools/recovery_l10n/res/values-ro/strings.xml create mode 100644 tools/recovery_l10n/res/values-ru/strings.xml create mode 100644 tools/recovery_l10n/res/values-si-rLK/strings.xml create mode 100644 tools/recovery_l10n/res/values-sk/strings.xml create mode 100644 tools/recovery_l10n/res/values-sl/strings.xml create mode 100644 tools/recovery_l10n/res/values-sq-rAL/strings.xml create mode 100644 tools/recovery_l10n/res/values-sr/strings.xml create mode 100644 tools/recovery_l10n/res/values-sv/strings.xml create mode 100644 tools/recovery_l10n/res/values-sw/strings.xml create mode 100644 tools/recovery_l10n/res/values-ta-rIN/strings.xml create mode 100644 tools/recovery_l10n/res/values-te-rIN/strings.xml create mode 100644 tools/recovery_l10n/res/values-th/strings.xml create mode 100644 tools/recovery_l10n/res/values-tl/strings.xml create mode 100644 tools/recovery_l10n/res/values-tr/strings.xml create mode 100644 tools/recovery_l10n/res/values-uk/strings.xml create mode 100644 tools/recovery_l10n/res/values-ur-rPK/strings.xml create mode 100644 tools/recovery_l10n/res/values-uz-rUZ/strings.xml create mode 100644 tools/recovery_l10n/res/values-vi/strings.xml create mode 100644 tools/recovery_l10n/res/values-zh-rCN/strings.xml create mode 100644 tools/recovery_l10n/res/values-zh-rHK/strings.xml create mode 100644 tools/recovery_l10n/res/values-zh-rTW/strings.xml create mode 100644 tools/recovery_l10n/res/values-zu/strings.xml create mode 100644 tools/recovery_l10n/res/values/strings.xml create mode 100644 tools/recovery_l10n/src/com/android/recovery_l10n/Main.java diff --git a/tools/recovery_l10n/Android.mk b/tools/recovery_l10n/Android.mk new file mode 100644 index 000000000..937abd1e1 --- /dev/null +++ b/tools/recovery_l10n/Android.mk @@ -0,0 +1,12 @@ +# Copyright 2012 Google Inc. All Rights Reserved. + +LOCAL_PATH := $(call my-dir) + +include $(CLEAR_VARS) + +LOCAL_PACKAGE_NAME := RecoveryLocalizer +LOCAL_MODULE_TAGS := optional + +LOCAL_SRC_FILES := $(call all-java-files-under, src) + +include $(BUILD_PACKAGE) diff --git a/tools/recovery_l10n/AndroidManifest.xml b/tools/recovery_l10n/AndroidManifest.xml new file mode 100644 index 000000000..8c51a4e08 --- /dev/null +++ b/tools/recovery_l10n/AndroidManifest.xml @@ -0,0 +1,18 @@ + + + + + + + + + + + + + + + + diff --git a/tools/recovery_l10n/res/layout/main.xml b/tools/recovery_l10n/res/layout/main.xml new file mode 100644 index 000000000..0900b1102 --- /dev/null +++ b/tools/recovery_l10n/res/layout/main.xml @@ -0,0 +1,31 @@ + + + + + +