* HTC U11 Oreo is using keymaster3 FDE encryption which requires
the new services:
1- /system/bin/hwservicemanager
2- /vendor/bin/hw/android.hardware.keymaster@3.0-service
3- /vendor/bin/qseecomd (instead of /system/bin/qseecomd)
So in addition to /vendor/lib and /vendor/lib64 also
symlink /system/vendor/bin to /vendor/bin.
* vold_decrypt services now have separate prefixes:
1- 'sys_' referring to /system/bin
2- 'ven_' referring to /vendor/bin
* The additional (hwservicemanager, keymaster-3-0) and modified
(qseecomd) .rc files have been updated in the vold_decrypt
directory.
Comments were added directly in the .rc files, please check
them.
* /etc/recovery.fstab needs to be temporarily moved since
vold will use it if it finds the '/sbin/recovery' file
(refer to fs_mgr for the fstab load code https://goo.gl/8KaZyf).
Since fs_mgr cannot parse TWRP style fstab, we 'hide' it
and attempt to create a symlink to /fstab.{ro.hardware}.
Also remove shell dependencies, code cleanup, new error codes:
* Critical sections of vold_decrypt should not rely on the external
shell (and the available binaries) provided by TWFunc::Exec_Cmd.
Doing so may lead to failures resulting from different shell
provided binaries not working properly, especially since busybox
can be inconsistent across different trees.
In particular the following functions have been changed:
* run_vdc() no longer uses daisy chained commands, instead
it now forks and executes vdc directly including a 30 second
built in timeout.
* Symlink_Firmware_Files() no longer relies on the shell 'find'
command to retrieve the list of firmware/vendor files and instead
uses a built in function, Find_Firmware_Files(), which traverses
the system partition to retrieve the list of files.
* The code has also been cleaned up a little for better consistency,
and vold_decrypt will now return various error codes for the
different failures, as defined in vold_decrypt.h, which allows the
gui_msg to be moved back to partitionmanager.cpp.
Notes regarding pre Android 8.0 builds:
* Service names in .rc files cannot exceed 16 characters (including
the prepended 'sys_' or 'ven_') in Android 7.1 and below, so a
service name such as 'sys_hwservicemanager' is out of the question
for 7.1 and below.
* hwservicemanager will check ACLs on 'hwservicemanager' and 'ITokenManager'
if they are even allowed to run, otherwise the interfaces will fail.
The policies have only been introduced in 8.0, and although it is possible
to manually add them to the 7.1 policies it's not recommended.
* Therefore the best course of action is to build in 8.0.
* SIDE NOTE: On the HTC U11 we are actually using omni-7.1 with some changes
in the device tree to support both Nougat and Oreo decryption, please
refer to:
1- https://gerrit.twrp.me/c/2756/ for the necessary sepolicy and
BoardConfig changes.
2- The Android.mk file for vold_decrypt was modified to truncate
greater than 16 character service names (as mentioned therein)
Other changes:
* TW_CRYPTO_SYSTEM_VOLD_DISABLE_TIMEOUT is now deprecated due to built-
in fork and timeout.
* Output_dmesg_to_recovery_log() is also deprecated so upon a failed
decryption the recovery.log will no longer append it, instead you can
just use 'adb shell dmesg' to check it. Nonetheless if a true debug
build is needed use the original TW_CRYPTO_SYSTEM_VOLD_DEBUG flag as
outlined in the original commit message (see below).
Usage info:
This is an update to the initial vold_decrypt, for more info refer to
https://github.com/omnirom/android_bootable_recovery/commit/71c6c50d0da1f32dd18a749797e88de2358c5ba1
Change-Id: Id7129d125ae7f5dcba0779489825add718022ba3
Includes various minor fixes for building in Android 8 trees with r23+ tag
Update FBE extended header in libtar to version 2 and include the entire
ext4_encryption_policy structure now after translating the policy.
See this post for more details:
https://plus.google.com/u/1/+DeesTroy/posts/i33ygUi7tiu
Change-Id: I2af981e51f459b17fcd895fb8c2d3f6c8200e24b
Auto detect and support both the v1 and v2 fstab formats
Support putting TWRP style flags in a separate /etc/twrp.flags file
twrp.flags format is the same as twrp.fstab (v1 with TWRP flags)
Support using a wildcard in a block device and find all partitions:
/usb-otg vfat /dev/block/sda*
Support using sysfs entries (voldmanaged) and read uevents and scan for
wildcard partitions from uevent data. (twvold?)
May not be complete for some of the newer flags found in fstabs in newer
build trees and there is a slim chance of a crash if the user removes a
removable device while TWRP is performing actions. May need to add some
kind of mutex to prevent the 2 threads from causing this crash. We need
to start somewhere though and this change is pretty innocuous when not
using a v2 fstab.
Change-Id: I617d97c7db332cbe671a9d2b8ad98b3d9c4f03cc
Restore adb backup files that TWRP made to your PC.
Put files in your backup directory to see them.
e.g. /sdcard/TWRP/BACKUPS/<sn>
Change-Id: I2c57970d77b64c39a302159041456e761c185259
* Revert: Make legacy props an option disabled by default
(reverted from commit 75aa615767)
* Instead check for ANDROID_PROPERTY_WORKSPACE in the updater-
binary to determine whether legacy property service can be
used
Change-Id: If68d5cca9a2b56edcb1c73db0474668cf46d8c91
* When you format the system partition, it will remain
in a mounted state.
* Subsequently restoring a system_image (even though
successfully) the Update_System_Details() function
will not correctly update the system partition
details.
* Reproducible by:
1- Advanced wipe: System
2- Restore: System_Image
3- Reboot -> No OS prompt
* eg: [
~ # twrp get tw_min_system
tw_min_system = 50
~ # twrp get tw_backup_system_size
tw_backup_system_size = 8
~ # mount -o ro /system
~ # du -sh /system
3.5G /system
]
Change-Id: I99f75274816788dd38eccdd387f7ac691e1f3fab
* current_archive_type is not properly initialized
leading to a potential random close(fd) in closeTar()
Change-Id: I1598ba4d524b723b8175ee847e2b1c5aeedbd938
If the user selects to skip digest creation, Backup_Partition always returned
false. This patch fixes this problem and somewhat cleans up the error
handling.
Change-Id: I1db0e285cd5ed2bd93756cd27c6f56b8415ffa86
This patch is to refactor twrpDigest using polymorphism
and inheritance to use the same call patterns for creating and
reading a digest. Now a library.
Use SHA2 from libcrypto. SHA2 is default if device has libcrypto.
Change string MD5 everywhere to use digest or Digest instead. Updated
string tags to digest. Translation will be required.
Switch out digest code into a driver class from partitionmanager.
SHA2 is better for digest creation due to decreased collision space
compared to MD5 and SHA1.
See https://en.wikipedia.org/wiki/SHA-2
Change-Id: I74b5546789990b12aa4ce2e389d25f80a3fe213f
Fixed by Loading the file_contexts specified in libselinux, whereas
previously recovery loaded /file_contexts which no longer exists.
Bug: 62587423
Test: build and flash recovery on Angler. Warning is gone.
Test: Wipe data and cache.
Test: sideload OTA
Change-Id: I11581c878b860ac5f412e6e8e7acde811f37870f
(cherry picked from commit 2330dd8733)
In trees where TWRP is the primary recovery, minui.h was not setting rules
properly for healthd because healthd uses clang. Must use
CLANG_TARGET_GLOBAL_CFLAGS to set global flags.
Change-Id: I4cd9c88f8fcaec345fe012d09abcb9f24be06ef4
* Partition information should be updated after successful
decryption (both userdata and adopted) and then logged
* Fix adopted storage nickname being ""
Change-Id: Idcdab84f339e932e62880089bad36e206920dd70
This will allow the gzip compression header to be
written properly to the adb stream.
Thanks to nkk71 for finding the issue.
Change-Id: I3d88c5f575ca3fac904d8279f1f246994be2b02f
There were a few memory errors while restoring a backup via adb (created
using `adb backup --twrp`).
On my device (S5 mini) it resulted in this error message:
FORTIFY: strlen: prevented read past end of buffer
This commit fixes this issue and a few other potential issues.
Change-Id: I5022c94c961217238b3fefec0b2c4b8c6fa26ec7
* The dm-crypt device needs to be removed from
the device-mapper driver list otherwise it will
remain busy and cannot be used later on by
other processes (eg vold_decrypt) or for further
testing/debugging in recovery.
Change-Id: I35e43a79ecc3de234ddb9f87f7d75c6439ea7454
We're not updating argc & argv during get_args(), so some boot
arguments missed when we set the boot message for retry.
Bug: 38383406
Test: boot command sets correctly during retry attempt.
Change-Id: Ie8583a22fad5e0084245e3431d4018518d508dfd
(cherry picked from commit 72449c9f99)
We shouldn't load libraries from some random working directory.
For example it breaks busybox when you're in /system/lib.
Change-Id: Ia1f8f4fda9e6182c0cd8c5ac727c2b1eb09c84a2
Ethan Yonker
bigbiff bigbiff
nkk71
leskal
Michael Bestas
kaneawk
android-build-team Robot
Jeff Vander Stoep
Pierre Roth
nailyk-fr
Ayke van Laethem
Tianjie Xu
that
Michael Bestas