The fopen_path will fail here e.g. if /cache is corrupt and could
not be mounted. Not properly handling an error code from
fopen_path() results in a boot loop into recovery as fwrite() on
a NULL FILE object will crash the recovery app.
Change-Id: I1ccff5a8cb620a32f32adfe97a3fae8e5e908f39
* Use const reference parameter type to avoid unnecessary copy.
* Use more efficient overloaded string methods.
Bug: 30407689
Bug: 30411878
Change-Id: Iefab05c077367f272abf545036b853e8a295c8cd
Test: build with WITH_TIDY=1
Skip the OTA installation when bootreason is 'kernel_panic',
'Panic' etc.
Change-Id: Ic1202492bffefa1a9d8d0e691b5af979285e552c
Test: On angler, ota installation skips for one bootreason in the blacklist.
Bug: 29978689
bootloader_messages merges bootloader_message_writer
and bootloader.cpp, so we can use the same library to
manage bootloader_message in normal boot and recovery mode.
Bug: 29582118
Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618
Increase the number of attempts of an OTA update from 3 to 5 in case
an I/O error happened. This should increase the success rate of the
update.
Bug: 29619468
Change-Id: I88a067d9debd55a07be22ed981f395f6e47ec28f
To increase the security of wiping A/B devices, let uncrypt write
wipe package in misc partition. Then recovery verifies the wipe
package before wiping the device.
Bug: 29159185
Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168
When recovery starts with --brick, it tries to brick the device by
securely wiping all the partitions as listed in /etc/recovery.brick.
This is designed to support bricking lost devices.
Bug: 27253717
Change-Id: Ib0bd4f0a3bdaca4febc91fce6b682e3ec74354e2
(cherry picked from commit 862a4c1119)
When recovery starts with --brick, it tries to brick the device by
securely wiping all the partitions as listed in /etc/recovery.brick.
This is designed to support bricking lost devices.
Bug: 27253717
Change-Id: Ib0bd4f0a3bdaca4febc91fce6b682e3ec74354e2
Write error code, cause code, and retry count into last_install. So we
can have more information about the reason of a failed OTA.
Example of new last_install:
@/cache/recovery/block.map package name
0 install result
retry: 1 retry count (new)
error: 30 error code (new)
cause: 12 error cause (new)
Details in:
go/android-ota-errorcode
Bug: 28471955
Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
An OTA may be skipped due to low battery. But we should always log it to
understand why an update _fails_ to apply.
Bug: 27893175
Change-Id: I50a3fbbb3e51035e0ac5f1cca150e283852825c3
(cherry picked from commit 5687001895)
An OTA may be skipped due to low battery. But we should always log it to
understand why an update _fails_ to apply.
Bug: 27893175
Change-Id: I50a3fbbb3e51035e0ac5f1cca150e283852825c3
Add a new command "--security" to boot commands. If this command is
observed as part of BCB, choose a different background text picture
for installing stage in recovery UI. As a result, users will see
"installing security update" instead of "installing system update"
when applying a security update package.
Bug: 27837319
Change-Id: I2e2253a124993ecc24804fa1ee0b918ac96837c5
Switch to a Wear-like intro/loop system. We don't have an intro yet,
but hopefully this will let Wear delete more code when they move to N.
Unlike them, we don't hard-code the number of frames: we just look to
see what we have available. We do hard-code the fps though.
Also add a graphics test mode so you can see a demo of the UI components
without having to actually apply an OTA.
Also fix a bug where default locale is null rather than en-US: it's
more useful to show _some_ text if we don't have a locale (which should
only be during development anyway).
Bug: http://b/26548285
Change-Id: I63422e3fef3c41109f924d96fb5ded0b3ae7815d
(cherry-pick from commit a4f701af93)
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.
Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
(cherry picked from commit 3c62b67faf)
Since we may not have /cache partition on A/B devices, let recovery
handle /cache related operations gracefully if /cache doesn't exist.
(1) Disable the wipe for /cache partition.
(2) Skip wiping /cache while wiping /data (i.e. factory reset).
(3) Disable logging-related features, until we figure out better
ways / places to store recovery logs (mainly for factory resets on A/B
devices).
Bug: 27176738
Change-Id: I7b14e53ce18960fe801ddfc15380dac6ceef1198
(cherry picked from commit 26112e5870)
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.
Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
Since we may not have /cache partition on A/B devices, let recovery
handle /cache related operations gracefully if /cache doesn't exist.
(1) Disable the wipe for /cache partition.
(2) Skip wiping /cache while wiping /data (i.e. factory reset).
(3) Disable logging-related features, until we figure out better
ways / places to store recovery logs (mainly for factory resets on A/B
devices).
Bug: 27176738
Change-Id: I7b14e53ce18960fe801ddfc15380dac6ceef1198
Johan Harvyl
Chih-Hung Hsieh
Tianjie Xu
Yabin Cui
Tao Bao
Elliott Hughes
Mark Salyzyn
Paul Lawrence