We need to run the these tests when starting updater to verify the
statically linked libcrypto. The test function is based on the known
answer tests, and it doesn't compute the hash of the libcrypto library.
Bug: 141003171
Test: unit tests pass, run a updater on cuttlefish
Change-Id: I897918a54bca76ea0c928102e7287df27505e1cc
This change is part of a topic that moves the recovery resources from the
system partition to the vendor partition, if it exists, or the vendor directory
on the system partition otherwise. The recovery resources are moving from the
system image to the vendor partition so that a single system image may be used
with either an A/B or a non-A/B vendor image. The topic removes a delta in the
system image that prevented such reuse in the past.
The recovery resources that are moving are involved with updating the recovery
partition after an update. In a non-A/B configuration, the system boots from
the recovery partition, updates the other partitions (system, vendor, etc.)
Then, the next time the system boots normally, a script updates the recovery
partition (if necessary). This script, the executables it invokes, and the data
files that it uses were previously on the system partition. The resources that
are moving include the following.
* install-recovery.sh
* applypatch
* recovery-resource.dat (if present)
* recovery-from-boot.p (if present)
This makes the applypatch executable a vendor module.
This change supports making dependencies of the applypatch executable available
to applypatch, which is now on vendor.
Since install-recovery.sh is now a vendor service, we add the
applypatch/vendor_flash_recovery.rc file to /vendor/etc/init to start the
service.
Bug: 68319577
Test: Ensure that recovery partition is updated correctly.
Change-Id: I01c0800ee6078aa6c9d716d5f154ad2d63c7af84
A number of utility functions are intended for serving recovery's own
use. Exposing them via libotautil (which is a static lib) would pass the
dependencies onto libotautil's users (e.g. recovery image, updater, host
simulator, device-specific recovery UI/updater extensions etc). This CL
finds a new home for the utils that are private to recovery.
Test: mmma bootable/recovery
Change-Id: I575e97ad099b85fe1c1c8c7c9458a5a43d4e11e1
All the active users of mounts.h now live in updater/.
Test: mmma bootable/recovery
Test: Run recovery_unit_test on taimen.
Test: Code search shows no reference to otautil/mounts.h in device dirs.
Change-Id: I6c35d2e403e92a0111102d00aa4773f4f524650e
Commit 0f339e27bb moved part of the mounts
implementation into libfs_mgr. As a result, otautil/roots.cpp no longer
depends on anything in the local otautil/mounts.h.
Test: mmma bootable/recovery
Change-Id: If16c3e19a62933358fb0002a10e8556a99f9d29a
Since this was combined into libhidlbase.
Bug: 135686713
Test: build only (libhidltransport is empty)
Change-Id: I253e50726967044714275ab995fb8a8a57bcde36
Replace libcrypto with libcrypto_static, which can be protected through
visibility to ensure only modules that don't affect FIPS certification
can use it.
Bug: 141248879
Test: m checkbuild
Change-Id: I0affaa292237bdbc772d3adc36086905ed6fbe9d
And set it to false when installing recovery image via applypatch. We
only need to back up the source partition when doing in-place update
(e.g. when updating a given partition under recovery). When installing
recovery image via applypatch, we won't touch the source partition (i.e.
/boot).
Removing the backup step also allows dropping the dac_override_allowed
permission. Previously it was needed due to the access to /cache.
Because applypatch runs as root:root, while /cache is owned by
system:cache with 0770.
Bug: 68319577
Test: Invoke the code that installs recovery image; check that recovery
is installed successfully without denials.
Test: recovery_unit_test passes on taimen.
Change-Id: I549a770b511762189d6672a2835b6e403d695919
Prior to this CL, applypatch was the only user of libbrotli.so and
libbz.so (update_engine and puffin have been using the static versions).
This CL switches applypatch to their static versions to save space in
/system.
Sizes prior to the change (aosp_taimen-userdebug):
/system/bin/applypatch 91296
/system/lib64/libbrotli.so 688536
/system/lib64/libbz.so 79560
After:
/system/bin/applypatch 272368
Test: `m dist`
Test: Check the built blueline-userdebug target. libbrotli.so and
libbz.so are not installed.
Change-Id: I08422a0d5a287bbac69aa9f6cfd9c97e5b2e9078
recovery_main is only interested in a subset of options. Suppress the
warning for unrecognized options (which are likely intended for
recovery).
Fixes: 141239600
Test: On Pixel 3a, write `--security` flag into /misc and reboot
recovery. Check that recovery_main no longer reports
"unrecognized option" warning.
# echo "recovery\n--security\n" | \
dd of=/dev/block/by-name/misc conv=notrunc bs=1 seek=64
# killall -9 recovery
# cat /tmp/recovery.log
Test: Write `--show_text=foo` instead, and check that recovery reports
"option `--show_text' doesn't allow an argument".
Change-Id: I1cb3a5ed6db91e41453b8aad00c8608f78ac1fa6
Tested by running recovery_unit_test as described in
https://android.googlesource.com/platform/bootable/recovery/+/refs/heads/master/README.md
Attempted to build and boot a recovery image with the
same change to confirm it still works, but
m recoveryimage-nodeps
fails for me.
Bug: 140940227
Test: See above
Change-Id: I00545968a0e5684823e505f2ddbe7e993319b5d4
updater is built in Make and statically links libcrypto,
so it needs to set LOCAL_INJECT_BSSL_HASH to make the FIPS self
test pass.
Bug: 137267623
Test: m checkbuild
Change-Id: Ib253c870090ac8026f5cbb005d6b0e935c73edd1
If the HAL is run on a non-A/B device, it does not fail gracefully; it
will segfault because the current_slot is -1 and methods do not protect
against this. Instead, have Init() fail if we can't determine the
current slot.
Bug: 130078382
Test: vts tests
Change-Id: I2d3094518a842b1a764427d2da9d46781a9f26da
