We shouldn't load libraries from some random working directory.
For example it breaks busybox when you're in /system/lib.
Change-Id: Ia1f8f4fda9e6182c0cd8c5ac727c2b1eb09c84a2
If TWRP crypto fails to decrypt partition, mount the system
partition and use system's own vold to attempt decryption.
This provides a fallback for proprietary OEM encryption as well as
encryption methods which TWRP hasn't been updated for.
Requirements in device tree:
* fstab.{ro.hardware} in device/recovery/root
The fstab does not need to be complete, but it does need the
data partition and the encryption entries.
* 'TW_CRYPTO_USE_SYSTEM_VOLD := true' in BoardConfig
or
* 'TW_CRYPTO_USE_SYSTEM_VOLD := <list of services>'
Notes:
* Setting the flag to 'true' will just use system's vdc+vold
or
* Setting the flag with additional services, will also start them
prior to attempting vdc+vold decryption, eg: for qualcomm based
devices you usually need 'TW_CRYPTO_USE_SYSTEM_VOLD := qseecomd'
* For each service listed an additional import will be automatically
added to the vold_decrypt.rc file in the form of
init.recovery.vold_decrypt.{service}.rc
You will need to add any not already existing .rc files in
your device/recovery/root folder.
* The service names specified in the vold_decrypt.{service}.rc files
have to be named 'sys_{service}'
eg: 'service sys_qseecomd /system/bin/qseecomd'
* Any service already existing in TWRP as {service} or sbin{service} will
be stopped and restarted as needed.
* You can override the default init.recovery.vold_decrypt.rc file(s)
by placing same named ones in your device/recovery/root folder.
If you do, you'll need to manually add the needed imports.
* If /vendor and /firmware folders are temporarily moved and symlinked
to the folders and files in the system partition, the properties
'vold_decrypt.symlinked_vendor' and 'vold_decrypt.symlinked_firmware'
will be set to 1.
This allows for additional control in the .rc files for any extra
actions (symlinks, cp files, etc) that may be needed for decryption
by using: on property:vold_decrypt.symlinked_vendor=1 and/or
on property:vold_decrypt.symlinked_firmware=1 triggers.
Debug mode: 'TW_CRYPTO_SYSTEM_VOLD_DEBUG := true' in BoardConfig
* Specifying this flag, will enable strace on init and vdc, which will
create separate log files in /tmp for every process created, allowing
for detailed analysis of which services and files are being accessed.
* Note that enabling strace will expose the password in the logs!!
* You need to manually add strace to your build.
Thanks to @Captain_Throwback for co-authoring and testing.
Tested successfully on HTC devices:
M8 (KK through MM), M9 (MM and N), A9 (N), 10 (N), Bolt (N),
Desire 626s (MM), U Ultra (N)
HTC One X9 (MTK device)
And by Nikolay Jeliazkov on: Xiaomi Mi Max
Change-Id: I4d22ab55baf6a2a50adde2e4c1c510c142714227
Commit 'Do not toggle USB ID during MTP startup if not needed' changed
the default USB mode to 'mtp,adb'. Depending on the device, this can
result in an unfortunate side effect of crashing an ORS sideload
midway through the process (it's not clear to me whether the kernel or
the connected computer is responsible). Only put USB into mtp mode
when MTP storage is starting-up.
The hack to change the USB mode to adb when a user compiles TWRP
without MTP support is no longer necessary now that 'adb' is the
startup mode.
Change-Id: I8ed13d6ab8e85621533997b8c37ef7ebec0fcf85
This patch mirrors what was done in the main init.rc to relabel
/postinstall.
Bug: 27178350
Bug: 27177071
(cherry picked from commit 6bcc8af6e5)
Change-Id: I8320559f014cfb14216dcc350e016fc1db05cb14
logd, the init.recovery.logd.rc, and other related files were
included by default if your device configs specified
TARGET_USES_LOGD := true which would be the case for any device
that has a full ROM tree instead of a minimal TWRP tree.
Change-Id: Ia1e55703631f0f22beab2f4d4479599b88539e1a
Developers and device maintainers may find it useful to have access
to logcat in recovery. This patch set adds the following build flags:
TARGET_USES_LOGD - This is an Android build flag that enables logd
support. Devices that don't have built in kernel logging to dev/log/*
will need this flag for logcat. We'll also use this to include the
necessary support files for logd in TWRP.
TWRP_INCLUDE_LOGCAT - This enables logcat support in recovery.
I pulled the init entries from my HTC One M8 GPE boot.img,
so I'm not certain whether these will work for all devices
or if they're all necessary.
Feedback is welcome.
PS2: Use "TARGET_USES_LOGD" instead as this flag already exists, and
previous flag was named incorrectly (logd isn't kernel logging)
PS3: Start logd service on load_persist_props action, needed for 6.0+
PS4: More info on "TARGET_USES_LOGD" flag as related to liblog
compilation can be found at the below links:
https://android.googlesource.com/platform/system/core/+/android-6.0.1_r10/liblog/Android.mk#27https://android.googlesource.com/platform/system/core/+/android-6.0.1_r10/liblog/Android.mk#50
Whether or not this flag is needed for logcat in TWRP is dependent
on whether liblog was compiled with this flag.
PS5: Update commit message to better describe "TARGET_USES_LOGD" flag
PS6: Another commit message update
Change-Id: Iaac6c6c822dc93fbe4b6eadcf24eef6995dd6b50
Both Omni and CM split props loading into load_system_props_action and
load_persist_props_actions in Android 6.0 instead of all_props action.
Add these triggers. Unrecognized triggers do not cause failures in init
for versions of Android which do not have these.
Change-Id: I9682690ff7d378dc0d5e1598754f7a29600c1c2d
Reinstate some SELinux stuff in the default init.rc (noticed by
Kra1o5)
Add permissive.sh script to dependencies list for CM trees.
Change-Id: I36ade54378c413081d202002488309af35486d5f
Use sys.usb.config also for ums, but leave sys.storage.ums.enabled for compatibility with custom init.rc that use it.
PS2: Rebased - moved updates to init.recovery.usb.rc
Change-Id: Iad3441d23ac37612e58f63e4038d05c5c1a37b25
In order to maintain compatibility with older trees, we now have
minadbd.old and minui.old. I had to use a TARGET_GLOBAL_CFLAG to
handle ifdef issues in minui/minui.d because healthd includes
minui/minui.h and there was no other alternative to make minui.h
compatible with older trees without having to modify healthd rules
which is outside of TWRP.
Note that the new minui does not currently have support for qcom
overlay graphics. Support for this graphics mode will likely be
added in a later patch set. If you are building in a 6.0 tree and
have a device that needs qcom overlay graphics, be warned, as off
mode charging may not work properly. A dead battery in this case
could potentially brick your device if it is unable to charge as
healthd handles charging duties.
Update rules for building toolbox and add rules for making toybox
Use permissive.sh in init.rc which will follow symlinks so we do
not have to worry about what binary is supplying the setenforce
functionality (toolbox, toybox, or busybox).
Fix a few warnings in the main recovery binary source code.
Fix a few includes that were missing that prevented compiling in
6.0
Change-Id: Ia67aa2107d260883da5e365475a19bea538e8b97
This enables devices to provide their own USB configuration. The
contents of init.recovery.usb.rc can most simply be modified and
included in a device's init.recovery.${ro.hardware}.rc.
Use option:
TW_EXCLUDE_DEFAULT_USB_INIT := true
Rationale: Some devices handle USB pid switching in the kernel. In this
case, USB init provides switching functions which differ from the
standard on property:sys.usb.config=xyz. Other devices should not see
USB attempt mtp,adb mode when TW_EXCLUDE_MTP is set.
Cherry-picked from android-5.0
Change-Id: Ief0fcaf46a1782102166fc1b733a34b1a1ba0802
File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.
Split property loaded into system and data, and load in right order.
Bug: 22233063
Change-Id: I409c12e3f4a8cef474eb48818e96760fe292cc49
File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.
Split property loaded into system and data, and load in right order.
Bug: 22233063
Change-Id: I409c12e3f4a8cef474eb48818e96760fe292cc49
The proper order is mass_storage,adb.
Some systems cannot recognize the mass storage otherwise.
Change-Id: I2a79ac6dfd7247032f774125c75586e45fea7633
Signed-off-by: ramsudharsan <ramsudharsanm@gmail.com>
* pstore filesystem is evolution of ram_console and contains
kmsg from previous boot (previously in /proc/last_kmsg).
* Lollipop init.rc does this. If device doesn't have
pstore fs, it will simply be ignored
Change-Id: Id3bf8763ccde54f87fde5cdf2db511649c376aa4
Signed-off-by: Vojtech Bocek <vbocek@gmail.com>
In most cases MTP is enabled so it is better to start our init.rc
with MTP enabled and try not to toggle USB IDs during TWRP boot so
that we can keep adb running to make debugging easier.
Change-Id: Idf122c5ad4deeef7e1ed775d495989c502ddfb19
This will only work if the sepolicy is changed by also applying:
https://gerrit.omnirom.org/10924
Otherwise the sepolicy will deny the request.
Change-Id: I8a52cdfdd38bda19aa89686ff0ad31b90e1aa3b7
Migrate previous minzip to minzipold replacing the existing
minzipold. This will break compatibility with trees that do not
support selinux (ICS and older). Migrate former verifier files to
verifierold.
Add fuse.h to recovery source because older trees do not have it.
Add LOCAL_MODULE_TAGS where needed for 4.1 tree.
Change-Id: Iade57cb2b0115af7fce9f56aa98636b1744a1ef4
This will probably not compile and may need additional work.
For tracking purposes so we know what might still need looking at
as none of this has been compiled and tested, here is a list of
the merge conflicts that I attempted to fix before pushing this
set of changes:
git pull aosp lollipop-release
remote: Finding sources: 100% (992/992)
remote: Total 992 (delta 473), reused 992 (delta 473)
Receiving objects: 100% (992/992), 1.51 MiB | 516.00 KiB/s, done.
Resolving deltas: 100% (473/473), completed with 42 local objects.
From https://android.googlesource.com/platform/bootable/recovery
* branch lollipop-release -> FETCH_HEAD
* [new branch] lollipop-release -> aosp/lollipop-release
Auto-merging verifier_test.cpp
CONFLICT (content): Merge conflict in verifier_test.cpp
Auto-merging verifier.h
CONFLICT (content): Merge conflict in verifier.h
Auto-merging verifier.cpp
CONFLICT (content): Merge conflict in verifier.cpp
Auto-merging updater/updater.c
Auto-merging updater/install.c
CONFLICT (content): Merge conflict in updater/install.c
Auto-merging updater/Android.mk
CONFLICT (content): Merge conflict in updater/Android.mk
Auto-merging uncrypt/Android.mk
CONFLICT (content): Merge conflict in uncrypt/Android.mk
Auto-merging ui.cpp
CONFLICT (content): Merge conflict in ui.cpp
Auto-merging screen_ui.cpp
Auto-merging roots.cpp
CONFLICT (content): Merge conflict in roots.cpp
CONFLICT (rename/delete): res-hdpi/images/progress_fill.png deleted
in HEAD and renamed in cddb68b5ea.
Version cddb68b5ea of
res-hdpi/images/progress_fill.png left in tree.
CONFLICT (rename/delete): res-hdpi/images/progress_empty.png deleted
in HEAD and renamed in cddb68b5ea.
Version cddb68b5ea of
res-hdpi/images/progress_empty.png left in tree.
CONFLICT (rename/delete): res-hdpi/images/icon_error.png deleted
in HEAD and renamed in cddb68b5ea.
Version cddb68b5ea of
res-hdpi/images/icon_error.png left in tree.
Auto-merging recovery.cpp
CONFLICT (content): Merge conflict in recovery.cpp
Auto-merging minui/resources.c
CONFLICT (content): Merge conflict in minui/resources.c
Auto-merging minui/minui.h
CONFLICT (content): Merge conflict in minui/minui.h
Auto-merging minui/graphics.c
CONFLICT (content): Merge conflict in minui/graphics.c
Auto-merging minui/Android.mk
CONFLICT (content): Merge conflict in minui/Android.mk
Removing minelf/Retouch.h
Removing minelf/Retouch.c
Auto-merging minadbd/usb_linux_client.c
CONFLICT (content): Merge conflict in minadbd/usb_linux_client.c
Auto-merging minadbd/adb.h
CONFLICT (content): Merge conflict in minadbd/adb.h
Auto-merging minadbd/adb.c
CONFLICT (content): Merge conflict in minadbd/adb.c
Auto-merging minadbd/Android.mk
CONFLICT (content): Merge conflict in minadbd/Android.mk
Removing make-overlay.py
Auto-merging install.h
CONFLICT (content): Merge conflict in install.h
Auto-merging etc/init.rc
CONFLICT (content): Merge conflict in etc/init.rc
Auto-merging bootloader.h
Auto-merging applypatch/applypatch.c
Auto-merging applypatch/Android.mk
CONFLICT (content): Merge conflict in applypatch/Android.mk
Auto-merging adb_install.cpp
CONFLICT (content): Merge conflict in adb_install.cpp
Auto-merging Android.mk
CONFLICT (content): Merge conflict in Android.mk
Automatic merge failed; fix conflicts and then commit the result.
Change-Id: I3e0e03e48ad8550912111c7a5c9a140ed0267e2c
ueventd will wait for /dev/.booting to go away before giving up
on loading firmware.
The issue was introduced in Ifdd5dd1e95d7e064dde5c80b70198882d949a710
which forgot to update recovery's init.rc
Bug: 17993625
Change-Id: I91205fe6eea50aaef9b401d650ec8d6843a92a57
In kernel 3.10, f_adb has been removed and adbd can use functionfs
instead. Mount functionfs on boot for adbd. On older kernels, mount
will fail silently and adbd will revert to f_adb.
Change-Id: I5db57aaf35b35859ea88c7d0e0661d8c553e5811
Implement a new method of sideloading over ADB that does not require
the entire package to be held in RAM (useful for low-RAM devices and
devices using block OTA where we'd rather have more RAM available for
binary patching).
We communicate with the host using a new adb service called
"sideload-host", which makes the host act as a server, sending us
different parts of the package file on request.
We create a FUSE filesystem that creates a virtual file
"/sideload/package.zip" that is backed by the ADB connection -- users
see a normal file, but when they read from the file we're actually
fetching the data from the adb host. This file is then passed to the
verification and installation systems like any other.
To prevent a malicious adb host implementation from serving different
data to the verification and installation phases of sideloading, the
FUSE filesystem verifies that the contents of the file don't change
between reads -- every time we fetch a block from the host we compare
its hash to the previous hash for that block (if it was read before)
and cause the read to fail if it changes.
One necessary change is that the minadbd started by recovery in
sideload mode no longer drops its root privileges (they're needed to
mount the FUSE filesystem). We rely on SELinux enforcement to
restrict the set of things that can be accessed.
Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
Duplicate changes made to init.rc for https://android-review.googlesource.com/98852
in the init.rc used for recovery mode.
Bug 15849856
Change-Id: Ia376ddf6373a28718653f7fb1435bf7ecb33d813
The syntax of init's mount command changed in April 2008 but
recovery's init.rc was never updated, so recovery's /tmp has been on
the root fs all this time. Fix.
Also add /system/bin to the PATH in recovery, which is handy for
debugging.
Change-Id: I9e60d18803906bc75c263f12c8863cfd6a14147b
In kernel 3.10, f_adb has been removed and adbd can use functionfs
instead. Mount functionfs on boot for adbd. On older kernels, mount
will fail silently and adbd will revert to f_adb.
Change-Id: I5db57aaf35b35859ea88c7d0e0661d8c553e5811
When adbd runs as root, it should transition into the
su domain. This is needed to run the adbd and shell
domains in enforcing on userdebug / eng devices without
breaking developer workflows.
Use the new device_banner command line option.
Change-Id: Ib33c0dd2dd6172035230514ac84fcaed2ecf44d6
The syntax of init's mount command changed in April 2008 but
recovery's init.rc was never updated, so recovery's /tmp has been on
the root fs all this time. Fix.
Also add /system/bin to the PATH in recovery, which is handy for
debugging.
Change-Id: I39f7ae435a8ce3bad691e4b7c307db0bd8de1302
