At the end of the OTA script, we walk through /system, updating
all the permissions on the filesystem, including the UID, GID,
standard UNIX permissions, capabilities, and SELinux labels.
In the case of a symbolic link, however, we want to skip most of
those operations. The UID, GID, UNIX permissions, and capabilities
don't meaningfully apply to symbolic links.
However, that's not true with SELinux labels. The SELinux label on
a symbolic link is important. We need to make sure the label on the
symbolic link is always updated, even if none of the other attributes
are updated.
This change unconditionally updates the SELinux label on the symbolic
link itself. lsetfilecon() is used, so that the link itself is updated,
not what it's pointing to.
In addition, drop the ENOTSUP special case. SELinux has been a
requirement since Android 4.4. Running without filesystem extended
attributes is no longer supported, and we shouldn't even try to handle
non-SELinux updates anymore. (Note: this could be problematic if
these scripts are ever used to produce OTA images for 4.2 devices)
Bug: 18079773
Change-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91
Create a new recovery UI option to allow the user to view
/cache/recovery/last_log for their device. This gives enhanced
debugging information which may be necessary when a failed
OTA occurs.
Bug: 18094012
Change-Id: Ic3228de96e9bfc2a0141c7aab4ce392a38140cf3
ueventd will wait for /dev/.booting to go away before giving up
on loading firmware.
The issue was introduced in Ifdd5dd1e95d7e064dde5c80b70198882d949a710
which forgot to update recovery's init.rc
Bug: 17993625
Change-Id: I91205fe6eea50aaef9b401d650ec8d6843a92a57
In version 2 of block image diffs, we support a new command to load
data from the image and store it in the "stash table" and then
subsequently use entries in the stash table to fill in missing bits of
source data we're not allowed to read when doing move/bsdiff/imgdiff
commands.
This leads to smaller update packages because we can break cycles in
the ordering of how pieces are updated by storing data away and using
it later, rather than not using the data as input to the patch system
at all. This comes at the cost of the RAM or scratch disk needed to
store the data.
The implementation is backwards compatible; it can still handle the
existing version 1 of the transfer file format.
Change-Id: I4559bfd76d5403859637aeac832f3a5e9e13b63a
Always create the block map for packages on /data; don't only look at
the encryptable/encrypted flags.
Bug: 17395453
Change-Id: Iaa7643a32898328277841e324305b9419a9e071c
Otherwise, overflow problems can occur with images larger than
2G since the offsets will overflow a 32-bit off_t.
Change-Id: I05951a38ebeae83ad2cb938594e8d8adb323e2aa
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Opening the misc block device in read-write mode runs afoul of
SELinux, which keeps the wipe code from working. Fix. Also change
various things to log to logcat so we can see them happening, for
future debugging.
Bug: 16715412
Change-Id: Ia14066f0a371cd605fcb544547b58a41acca70b9
The computation of file offsets was overflowing for partitions larger
than 2 GB. The parsing of the transfer file could fail at the end if
the data happened to not be properly null-terminated.
Bug: 16984795
Change-Id: I3ce6eb3e54ab7b55aa9bbed252da5a7eacd3317a
Something is leaving behind wipe commands in the BCB area of the /misc
partition. We don't know what is doing that. It should always be
safe to zero out that area from uncrypt, though (because if uncrypt is
running then it's got the command we want in the recovery command file
rather than the BCB).
Bug: 16715412
Change-Id: Iad01124287f13b80ff71d6371db6371f43c43211
