If device supports both A/B and non-A/B, when applying a
non-A/B package, add current slot suffix and apply the update
to the partition at current slot.
This includes:
- (un)map_partition in edify script. For example,
map_partition("system") will automatically append slot suffix
to "system" before calling CreateLogicalPartition.
- All operations in dynamic_partitions_op_list. For example,
add foo group_foo
will automatically append slot suffix to foo and group_foo
before editing the super partition metadata.
Test: apply update
Bug: 153581609
Change-Id: Idbd0bfea142529a33dddb4d2debfc74513290730
Check the package metadata to determine whether this is an
A/B or non-A/B update package. This is more accurate.
Also checks ro.virtual_ab.allow_non_ab flag. This is useful for
continuously supporting (and testing) non-A/B.
Bug: 153581609
Test: apply non-A/B update on cuttlefish
Change-Id: I629a533a67966d46d9cd87a59c6b9af26daf1667
After a reboot function call, we should always wait for it to finish
without executing other instructions.
Bug: 151110322
Test: build
Change-Id: I1dda291a0835ff96df7eaf42eba1a38267a3beeb
(cherry picked from commit 00c4aba9bf428717fc00e26a03e97401eca76ee8)
If enabling the oem partition, it will be mounted by updater before
reading product properties from it. To be safety, we want to enable AVB
to this oem partition. But this means the oem partition can never be
mounted to writable. Otherwise, that partition will be corrupted to AVB
verifying.
This change follows fs_mgr to allow to pass more mounting options to the
updater.
BUG: 150156957
Test: make ota package which mounts AVB oem partition to read only and
run OTA.
Change-Id: I2ebbe3c8ac53c70112f3fed2703fcba9170405a6
It should belong to the default /misc implementation of boot control
1.1. Right now, it's only used by cuttlefish. So move it over to reduce
confusion in bootloader_message.
Bug: 131775112
Test: build
Change-Id: If09bc6f4cc8adf74c8798048c8e54ec94566abaa
(cherry picked from commit dc4d2a70db40a302cb7001ddbc41816e7187d5c5)
am skip reason: Change-Id Ibc9b095036a2fa624e8edf6c347ed4f12aef072f with SHA-1 5e6c4e9a91 is in history
Change-Id: Idb8d1b20ddecef33a912ca41ae497a6bbe515db9
am skip reason: Change-Id Ibc9b095036a2fa624e8edf6c347ed4f12aef072f with SHA-1 5e6c4e9a91 is in history
Change-Id: I27862517a8dd9f64325226bcb73643f82da30398
am skip reason: Change-Id I35119c2334895aa0ef4ed71b3ddd08f280c0c031 with SHA-1 daaacea96e is in history
Change-Id: I703eec760ed1b6f70c656dc0630aef7ca22d1b3c
The non-A/B package installation is subject to TOC/TOU flaw if the
attacker can switch the package in the middle of installation. And the
most pratical case is to store the package on an external device, e.g. a
sdcard, and swap the device in the middle.
To prevent that, we can adopt the same protection as used in sideloading
a package with FUSE. Specifically, when we install the package with FUSE,
we read the entire package to cryptographically verify its signature.
The hash for each transfer block is recorded in the memory (TOC), and
the subsequent reads (TOU) will be rejected upon dectecting a mismatch.
This CL forces the package installation with FUSE when the package stays
on a removable media.
Bug: 136498130
Test: Run bin/recovery --update_package with various paths;
and packages are installed from FUSE as expected
Test: recovery_unit_test - no new failures
Change-Id: Ia5afd19854c3737110339fd59491b96708926ae5
Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
This reverts commit 5e6c4e9a91.
Reason for revert: BUG: 149432069 - build failure on git_qt-qpr1-dev-plus-aosp on docs. 'otautil/roots.h' file not found is the error.
Forrest run: https://android-build.googleplex.com/builds/forrest/run/L85900000460577420
Change-Id: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
am skip reason: Change-Id Ibc9b095036a2fa624e8edf6c347ed4f12aef072f with SHA-1 58a27693b2 is in history
Change-Id: Ia23da9ff1c70533fa8c8f215bd9aca241cf1bad0
Requires to add "metadata_csum" in fsmgr_flag of fstab.
Bug: 149039306
Change-Id: I2b95dcaaf2ba224135ad51f117b7b01bbf342b7e
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
This library is empty, and its functionality has moved
into libbinder/libhwbinder.
Bug: 148692216
Test: N/A
Change-Id: Ie50d9130a8e43de7d5b222883169c26ab958e6d7
For non A/B and Virtual A/B devices where sideloading may affect
the existing OS,
- If sideload has failed, show a warning message in recovery menu header.
- If sideload has interrupted, automatically reboot back into recovery and
show the warning message in recovery menu header.
Test: the above
Fixes: 140749209
Change-Id: Ifdfc28b45975cdc31b6fce2ecb99acc31bc61fa8
