To increase the security of wiping A/B devices, let uncrypt write
wipe package in misc partition. Then recovery verifies the wipe
package before wiping the device.
Based on the original cherrypick, this CL also has additional changes to
address the LOG statements and libziparchive changes.
Bug: 29159185
Test: Build and boot into recovery.
Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168
(cherry picked from commit 6faf0265c9)
bootloader_messages merges bootloader_message_writer
and bootloader.cpp, so we can use the same library to
manage bootloader_message in normal boot and recovery mode.
Bug: 29582118
Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618
(cherry picked from commit 2f272c0551)
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.
Test: Update package installed successfully on angler.
Bug: 19472796
Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
Also remove the 0xff comparison when validating the bootloader
message fields. As the fields won't be erased to 0xff after we
remove the MTD support.
Bug: 28202046
Test: The recovery folder compiles for aosp_x86-eng
Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
Currently we save the OTA metrics in last_install, which keeps the data
for the _last_ install only. This CL logs the same content into last_log
so that we keep the metrics for every install.
Bug: 31607469
Test: Apply an update (via OTA and sideload) and check last_log and last_install.
Change-Id: Id8f174d79534fddc9f06d72a4e69b2b1d8ab186c
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
adb_server_main in adb refers to the adb server on the host, not adbd.
Since there doesn't seem to be a good reason to reuse the declaration
from adb's headers, give minadbd a main function of its own.
Change-Id: I748f1a6822dc14c726cb73ef3b533c57a6615608
For A/B devices, "view recovery logs" doesn't work due to the lack
of cache partition. To help debugging, we'll show /tmp/recovery.log
instead if /cache is not found.
Change-Id: Idb77c3a4c30388148a210b38d732a7b27e757bba
Test: Tested on an A/B device and /tmp/recovery.log showed up.
Bug: 30905700
The fopen_path will fail here e.g. if /cache is corrupt and could
not be mounted. Not properly handling an error code from
fopen_path() results in a boot loop into recovery as fwrite() on
a NULL FILE object will crash the recovery app.
Change-Id: I1ccff5a8cb620a32f32adfe97a3fae8e5e908f39
* Use const reference parameter type to avoid unnecessary copy.
* Use more efficient overloaded string methods.
Bug: 30407689
Bug: 30411878
Change-Id: Iefab05c077367f272abf545036b853e8a295c8cd
Test: build with WITH_TIDY=1
Increase the number of attempts of an OTA update from 3 to 5 in case
an I/O error happened. This should increase the success rate of the
update.
Bug: 29619468
Change-Id: I88a067d9debd55a07be22ed981f395f6e47ec28f
When recovery starts with --brick, it tries to brick the device by
securely wiping all the partitions as listed in /etc/recovery.brick.
This is designed to support bricking lost devices.
Bug: 27253717
Change-Id: Ib0bd4f0a3bdaca4febc91fce6b682e3ec74354e2
Write error code, cause code, and retry count into last_install. So we
can have more information about the reason of a failed OTA.
Example of new last_install:
@/cache/recovery/block.map package name
0 install result
retry: 1 retry count (new)
error: 30 error code (new)
cause: 12 error cause (new)
Details in:
go/android-ota-errorcode
Bug: 28471955
Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
An OTA may be skipped due to low battery. But we should always log it to
understand why an update _fails_ to apply.
Bug: 27893175
Change-Id: I50a3fbbb3e51035e0ac5f1cca150e283852825c3
(cherry picked from commit 5687001895)
An OTA may be skipped due to low battery. But we should always log it to
understand why an update _fails_ to apply.
Bug: 27893175
Change-Id: I50a3fbbb3e51035e0ac5f1cca150e283852825c3
Add a new command "--security" to boot commands. If this command is
observed as part of BCB, choose a different background text picture
for installing stage in recovery UI. As a result, users will see
"installing security update" instead of "installing system update"
when applying a security update package.
Bug: 27837319
Change-Id: I2e2253a124993ecc24804fa1ee0b918ac96837c5
Switch to a Wear-like intro/loop system. We don't have an intro yet,
but hopefully this will let Wear delete more code when they move to N.
Unlike them, we don't hard-code the number of frames: we just look to
see what we have available. We do hard-code the fps though.
Also add a graphics test mode so you can see a demo of the UI components
without having to actually apply an OTA.
Also fix a bug where default locale is null rather than en-US: it's
more useful to show _some_ text if we don't have a locale (which should
only be during development anyway).
Bug: http://b/26548285
Change-Id: I63422e3fef3c41109f924d96fb5ded0b3ae7815d
(cherry-pick from commit a4f701af93)
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.
Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
(cherry picked from commit 3c62b67faf)
Since we may not have /cache partition on A/B devices, let recovery
handle /cache related operations gracefully if /cache doesn't exist.
(1) Disable the wipe for /cache partition.
(2) Skip wiping /cache while wiping /data (i.e. factory reset).
(3) Disable logging-related features, until we figure out better
ways / places to store recovery logs (mainly for factory resets on A/B
devices).
Bug: 27176738
Change-Id: I7b14e53ce18960fe801ddfc15380dac6ceef1198
(cherry picked from commit 26112e5870)
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.
Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
Since we may not have /cache partition on A/B devices, let recovery
handle /cache related operations gracefully if /cache doesn't exist.
(1) Disable the wipe for /cache partition.
(2) Skip wiping /cache while wiping /data (i.e. factory reset).
(3) Disable logging-related features, until we figure out better
ways / places to store recovery logs (mainly for factory resets on A/B
devices).
Bug: 27176738
Change-Id: I7b14e53ce18960fe801ddfc15380dac6ceef1198
