This reverts commit 4fd4f89591.
The reverted CL has a side effect that unintentionally installs
a copy of libminadbd_services.so to the system image. This breaks the
check with `build/soong/build_test.bash --dist` which detects and
prevents vendor modules from installing files to the system image.
Prior to fully converting `recovery` to be built with Soong, we have to
statically link recovery-specific modules into `recovery`.
Bug: 110380063
Test: `m -j bootimage` with aosp_marlin-userdebug
Test: Run minadbd_test on marlin.
Test: Boot into recovery and verify that sideloading still works.
Test: `build/soong/build_test.bash --dist`
Change-Id: I290d55c82e17aa60a5afdf2ff7f896afc4dae8b3
The former `minadbd` module is now built as a shared library
(`libminadbd_services.so`) that serves sideloading under recovery, with
a dynamic dependency on `libadbd.so`.
This allows sharing and reusing libadbd code on device (both of `adbd`
and `recovery` now uses `libadbd.so`). As a result, it reduces the size
of `recovery` binary from 1407360-byte to (1272880 + 33032)-byte
(aosp_marlin-userdebug).
Bug: 78793464
Test: `m -j bootimage` with aosp_marlin-userdebug
Test: Run minadbd_test on marlin.
Test: Boot into recovery and verify that sideloading still works.
Change-Id: I6c2bc3d351d5af71220a9b9f956c8c039e52c781
We used to statically link the device-specific recovery UI extension
(`TARGET_RECOVERY_UI_LIB`) into `recovery`. Such a logic can't be easily
migrated to Soong, as modules specified by `TARGET_RECOVERY_UI_LIB` may
not be built with Soong.
Instead of porting all the device-specific codes over, this CL builds
and installs the UI lib as a shared library with Android.mk. `recovery`
dlopen(3)'s and dlsym(3)'s `make_device` to invoke the device-specific
UI lib on start.
Note that in order to make dlopen(3) actually working, we have to switch
`recovery` to be dynamically linked (we will make the move later
anyway).
Bug: 110380063
Test: Build and boot into marlin recovery image. Check that
device-specific recovery UI is successfully loaded.
Change-Id: Ia9861c7559a95f3f50676534540c0cb87cae4574
The new command is part of the transfer.list and allows us to compute the hash
tree on non-ab devices.
The required arguments for the hash_tree computation are:
hash_tree_ranges
source_ranges
hash_algorithm
salt_hex
root_hash
Bug: 25170618
Test: unit tests pass; run simulator with compute_hash_tree
Change-Id: I8ff0d582cc8adabb8a060db7845f38b35b28e62c
Normally calling a UI method will block
indefinitely until the UI is actually
used. This creates a method to interrupt
the UI, causing waitKey to return -2. This
in turn, will cause ShowMenu to return -2.
This allows switching between recovery and
fastbootd via usb commands.
Test: adb shell /data/nativetest64/recovery_unit_test/recovery_unit_test
Bug: 78793464
Change-Id: I4c6c9aa18d79070877841a5c9818acf723fa6096
Switching to the protobuf format helps to make the care_map more
extensible. As we have such plans in the future, add the support to
parse the protobuf message in the update_verifier.
Bug: 77867897
Test: unit tests pass, update_verifier successfully verifies a care_map.pb
Change-Id: I9fe83cb4dd3cc8d6fd0260f2a47338fe142d3938
This applies to the standalone applypatch executable
(/system/bin/applypatch on device). This executable is only used when
installing (via patching or flashing) a recovery image on non-A/B
device.
This CL removes the support for patching non-eMMC targets from
applypatch that has been deprecated as part of file-based OTA. For
patching eMMC targets, it also drops the support for accepting multiple
patches (not useful, since the source file must be fixed).
This CL needs the matching change in the same topic, which writes the
script of "/system/bin/install-recovery.sh". Note that this CL doesn't
chanage the applypatch API signatures, in order to minimize the CL size.
*BEFORE*
usage: /system/bin/applypatch [-b <bonus-file>] <src-file> <tgt-file> <tgt-sha1> <tgt-size> [<src-sha1>:<patch> ...]
or /system/bin/applypatch -c <file> [<sha1> ...]
or /system/bin/applypatch -l
Filenames may be of the form
EMMC:<partition>:<len_1>:<sha1_1>:<len_2>:<sha1_2>:...
to specify reading from or writing to an EMMC partition.
*AFTER*
Usage:
check mode
applypatch --check EMMC:<target-file>:<target-size>:<target-sha1>
flash mode
applypatch --flash <source-file>
--target EMMC:<target-file>:<target-size>:<target-sha1>
patch mode
applypatch [--bonus <bonus-file>]
--patch <patch-file>
--target EMMC:<target-file>:<target-size>:<target-sha1>
--source EMMC:<source-file>:<source-size>:<source-sha1>
show license
applypatch --license
Bug: 110106408
Test: Run recovery_component_test and recovery_unit_test on marlin.
Test: Build a non-A/B target that has /system/bin/install-recovery.sh.
Verify that it installs recovery image successfully.
Test: Build a non-A/B target that has /system/bin/install-recovery.sh in
flashing mode. Verify that it installs recovery image successfully.
Change-Id: I71f9a71fb457e6f663e0b5511946949e65b4b78c
The getopt_long(3) implementation in Android (upstream freebsd) expects
a null-terminated array while parsing long options with required args.
if (long_options[match].has_arg == required_argument) {
optarg = nargv[optind++];
}
...
if (long_options[match].has_arg == required_argument && optarg == NULL) {
return (BADARG);
}
This seems to make sense in practice, as getopt(3) takes the first two
arguments of argc and argv that are "as passed to the main() function on
program invocation", and both of C and C++ spec say "the value of
argv[argc] shall be 0".
Prior to the CL, we may run into undefined behavior on malformed input
command line (e.g. missing arg for an option that requires one). This CL
fixes the issue by always appending a nullptr to the argument list (but
without counting that into argc).
Test: Build and boot into recovery with commands.
Change-Id: Ic6c37548f4db2f30aeabd40f387ca916eeca5392
TemporaryDir only deletes empty dirs (not done by its dtor because it
tries to keep the temporary files available on error exit).
Also change FreeCacheTest::MockFreeSpaceChecker to be static.
Test: Run recovery_unit_test on marlin. Check /data/local/tmp post-run.
Change-Id: I1bd54eb840e3094b4f22ee84c059eec2998773bf
Prior to this CL, FreeSpaceForFile() was returning `size_t`, which may
overflow on ILP32 when called on a partition with 4GiB+ free space.
Additionally, it was returning static_cast<size_t>(-1) on error, but the
caller in freecache.cpp didn't check for that.
This CL changes its return type to `int64_t`, and moves the function
into freecache.cpp since there's no external caller.
Test: Run recovery_unit_test on marlin.
Test: Code search shows no external user of FreeSpaceForFile().
Change-Id: I00f501a057726e1f1ab69f367c46c77b30f2d774
We already know the flakiness happens in bspatch, and the issue is
tracked in b/80193170.
Bug: 67849209
Test: unit tests pass
Change-Id: Ib4772b8f2f0225125096fe7407d083b5bb542cfb
It used to return a Value blob to be consumed by sha1_check() (which has
been deprecated). Currently there's no other generic updater function
that works with BLOB Values. This CL changes read_file() to return a
string Value to make it more useful (e.g. allowing equality check).
Test: Run recovery_component_test and recovery_unit_test on marlin.
Change-Id: Iba986ba649030112babefe898f26aa9ffe69eeb7
Also simplify the helper function expect() in {edify,updater}_test.cpp.
Test: Run recovery_component_test on marlin.
Change-Id: If54febba4b5013f6d71546318a1ca6b635204ac8
Test: mmma -j bootable/recovery
Test: Run recovery_component_test and recovery_unit_test on marlin.
Change-Id: I4b240e3e771c387b9694be9c0f2f74e0265ab4cb
Also fix an error-pone behavior in previous code when verifying an eMMC
target. As long as it loads the partition content successfully according
to the SHAs embedded in the filename, it shouldn't further check against
the SHAs given in the second argument. Because the loaded contents
relate to a specific partition size.
For example:
apply_patch_check(
"EMMC:/boot.img:src_size:src_hash:tgt_size:tgt_hash",
"src_hash");
Assume "/boot.img" already has the desired hash of "tgt_hash", the
previous code would give wrong verification result. The issue can be
addressed by additionally listing "tgt_hash" as one of the desired SHAs
(or by applying this CL).
Bug: 110106408
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I8daafdbecd083f687e24d563ab089caa25667633
The matching edify function has been removed from EdifyGenerator [1]. In
theory device-specific releasetools script may still use this function,
but it no longer looks useful. Because a) we should use range_sha1()
when asserting the SHA-1 hash of a block device; b) we should look into
the contents when asserting a text file.
[1] https://android-review.googlesource.com/c/platform/build/+/714104
Test: Run recovery_component_test on marlin.
Test: Code search shows no active user.
Change-Id: Id39439101534fb89cf8c5cea80a4b758c8a1a60d
This will be used for testing purpose only, replacing the previously
used "fail", to intentionally abort an update.
As we're separating the logic between commands parsing and execution,
"abort" needs to be considered as a valid command during the parsing.
Test: recovery_unit_test and recovery_component_test on marlin.
Change-Id: I47c41c423e62c41cc8515fd92f3c5959be08da02
... into unit/applypatch_test.cpp. And rename the file to
component/applypatch_modes_test.cpp.
Bug: 110106408
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: Ic23c4f054baa2fa0d5e8ea2fcffd22572f1f112e
Additionally checks for excess args when parsing ERASE, FREE, NEW, STASH
and ZERO. Note that the check for MOVE, BSDIFF, IMGDIFF has been covered
in Command::ParseTargetInfoAndSourceInfo.
Test: Run recovery_unit_test on marlin.
Change-Id: Ic8bc9b7a8dcf98f1f8db2e259607564508726857
The added codes are not used in the updater yet. The switch will happen
in subsequent CLs.
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I1ae8a233280f02c2171b43ef028bdccdacb39c59
This shortens the gap between A/B and non-A/B builds, by replacing the
dependency on build-time flag with runtime detection instead. It also
allows building and testing both paths regardless of the target OTA
type.
The size increase to /sbin/recovery looks negligible (< 0.01%).
- marlin: increased from 2084928 to 2085024;
- angler: increased from 2084776 to 2084896.
Test: Run recovery_component_test on angler and marlin.
Test: Sideload an A/B OTA package on marlin.
Test: Sideload a non-A/B OTA package on angler.
Change-Id: I1d927d1ede9713fb42f73b4fe324aa5705ee6f99
It addresses the ScreenRecoveryUITest failures on gce targets which
don't have any graphics backend. Probing for all backend devices in
tests could work, but would duplicate codes. This CL relies on the
result of gr_init().
As a side effect, it may give false negatives if gr_init() is supposed
to work but silently broken. But such issues are beyond
ScreenRecoveryUITest's concern, which should be captured by the tests
for minui or graphics backends instead.
Fixes: 79616356
Test: Run recovery_unit_test on marlin.
Test: Run recovery_unit_test on gce.
Change-Id: I121aacc61c8a614447509506057ecfd8d86163e4
