Commit Graph

71 Commits

Author SHA1 Message Date
Ethan Yonker a167416289 Merge in lollipop and attempt to fix merge conflicts
This will probably not compile and may need additional work.
For tracking purposes so we know what might still need looking at
as none of this has been compiled and tested, here is a list of
the merge conflicts that I attempted to fix before pushing this
set of changes:

git pull aosp lollipop-release
remote: Finding sources: 100% (992/992)
remote: Total 992 (delta 473), reused 992 (delta 473)
Receiving objects: 100% (992/992), 1.51 MiB | 516.00 KiB/s, done.
Resolving deltas: 100% (473/473), completed with 42 local objects.
From https://android.googlesource.com/platform/bootable/recovery
 * branch            lollipop-release -> FETCH_HEAD
 * [new branch]      lollipop-release -> aosp/lollipop-release
Auto-merging verifier_test.cpp
CONFLICT (content): Merge conflict in verifier_test.cpp
Auto-merging verifier.h
CONFLICT (content): Merge conflict in verifier.h
Auto-merging verifier.cpp
CONFLICT (content): Merge conflict in verifier.cpp
Auto-merging updater/updater.c
Auto-merging updater/install.c
CONFLICT (content): Merge conflict in updater/install.c
Auto-merging updater/Android.mk
CONFLICT (content): Merge conflict in updater/Android.mk
Auto-merging uncrypt/Android.mk
CONFLICT (content): Merge conflict in uncrypt/Android.mk
Auto-merging ui.cpp
CONFLICT (content): Merge conflict in ui.cpp
Auto-merging screen_ui.cpp
Auto-merging roots.cpp
CONFLICT (content): Merge conflict in roots.cpp
CONFLICT (rename/delete): res-hdpi/images/progress_fill.png deleted
in HEAD and renamed in cddb68b5ea.
Version cddb68b5ea of
res-hdpi/images/progress_fill.png left in tree.
CONFLICT (rename/delete): res-hdpi/images/progress_empty.png deleted
in HEAD and renamed in cddb68b5ea.
Version cddb68b5ea of
res-hdpi/images/progress_empty.png left in tree.
CONFLICT (rename/delete): res-hdpi/images/icon_error.png deleted
in HEAD and renamed in cddb68b5ea.
Version cddb68b5ea of
res-hdpi/images/icon_error.png left in tree.
Auto-merging recovery.cpp
CONFLICT (content): Merge conflict in recovery.cpp
Auto-merging minui/resources.c
CONFLICT (content): Merge conflict in minui/resources.c
Auto-merging minui/minui.h
CONFLICT (content): Merge conflict in minui/minui.h
Auto-merging minui/graphics.c
CONFLICT (content): Merge conflict in minui/graphics.c
Auto-merging minui/Android.mk
CONFLICT (content): Merge conflict in minui/Android.mk
Removing minelf/Retouch.h
Removing minelf/Retouch.c
Auto-merging minadbd/usb_linux_client.c
CONFLICT (content): Merge conflict in minadbd/usb_linux_client.c
Auto-merging minadbd/adb.h
CONFLICT (content): Merge conflict in minadbd/adb.h
Auto-merging minadbd/adb.c
CONFLICT (content): Merge conflict in minadbd/adb.c
Auto-merging minadbd/Android.mk
CONFLICT (content): Merge conflict in minadbd/Android.mk
Removing make-overlay.py
Auto-merging install.h
CONFLICT (content): Merge conflict in install.h
Auto-merging etc/init.rc
CONFLICT (content): Merge conflict in etc/init.rc
Auto-merging bootloader.h
Auto-merging applypatch/applypatch.c
Auto-merging applypatch/Android.mk
CONFLICT (content): Merge conflict in applypatch/Android.mk
Auto-merging adb_install.cpp
CONFLICT (content): Merge conflict in adb_install.cpp
Auto-merging Android.mk
CONFLICT (content): Merge conflict in Android.mk
Automatic merge failed; fix conflicts and then commit the result.

Change-Id: I3e0e03e48ad8550912111c7a5c9a140ed0267e2c
2014-11-06 08:35:13 -06:00
Michael Runge f15e31edf9 Log mount/unmount errors to UI
Bug: 18092022
Change-Id: I6c42038ebeb1cfc1e7ca0d3e12310fdce1b990b0
2014-10-24 16:05:13 -07:00
Nick Kralevich 6a821fe5f0 unconditionally apply SELinux labels to symlinks
At the end of the OTA script, we walk through /system, updating
all the permissions on the filesystem, including the UID, GID,
standard UNIX permissions, capabilities, and SELinux labels.

In the case of a symbolic link, however, we want to skip most of
those operations. The UID, GID, UNIX permissions, and capabilities
don't meaningfully apply to symbolic links.

However, that's not true with SELinux labels. The SELinux label on
a symbolic link is important. We need to make sure the label on the
symbolic link is always updated, even if none of the other attributes
are updated.

This change unconditionally updates the SELinux label on the symbolic
link itself. lsetfilecon() is used, so that the link itself is updated,
not what it's pointing to.

In addition, drop the ENOTSUP special case. SELinux has been a
requirement since Android 4.4. Running without filesystem extended
attributes is no longer supported, and we shouldn't even try to handle
non-SELinux updates anymore. (Note: this could be problematic if
these scripts are ever used to produce OTA images for 4.2 devices)

Bug: 18079773
Change-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91
2014-10-24 16:05:13 -07:00
Michael Runge bd6138cffe Allow passing of mount args to mountFn
Bug: 18079773
Bug: 18092222

Change-Id: Ifc3f3e123de729dfbb2f49414b3207afa96268d5
2014-10-23 17:35:13 -07:00
Michael Runge 7548025bdd Log to UI any metadata setting errors
Bug: 18079773
Change-Id: Ic6fddbcbcb6ddb9e1cbd1698df98387c0033ae15
2014-10-23 17:35:13 -07:00
Michael Runge d5b1727765 Treat already-renamed files as having no problems.
This should help with reentrant OTAs.

Bug: 18079773

Change-Id: I102fd738e3b450483ecd4471384c12e89fc586e2
2014-10-22 17:44:33 -07:00
Doug Zongker 5f875bf577 remove code for original block OTA mechanism
Superseded by newer code.

Bug: 16984795
Change-Id: I842299f6a02af7ccf51ef2ca174d813ca53deef1
2014-08-26 13:54:24 -07:00
Doug Zongker bc7ffeda98 installer for new block OTA system
(Cherry-pick back from master.)

Bug: 16984795
Change-Id: Ifa3d8345c5e2a0be86fb28faa080ca82592a96b4
2014-08-19 16:53:39 -07:00
Doug Zongker 2b5f0e0f76 remove spurious parens from error message
These error messages include empty parens after each string
substition.  Ill-advised cut and paste, probably.

Bug: 16467401
Change-Id: Ib623172d6228354afdcc2e33442cc53a07f0ecbc
2014-08-06 08:25:03 -07:00
Michael Runge a91ecc59b2 Auto create parent directories for rename support
Sometimes renames will move a file into a directory
that does not yet exist.  This will create the
parent directories, using the same symlink logic,
to ensure that there is a valid destination.

Change-Id: Iaa005a12ce800c39f4db20f7c25a2a68cb40a52d
2014-07-21 17:40:02 -07:00
JP Abgrall 37aedb3faf Support F2FS for the data partition
This adds F2FS support
- for wiping a device
- for the install "format" command.

Note: crypto data in "footer" with a default/negative length
is not supported, unlike with "ext4".

Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870
Signed-off-by: JP Abgrall <jpa@google.com>
2014-06-16 19:07:39 -07:00
Doug Zongker 43772d26a5 advance progress bar during block OTA installations
While executing syspatch and package_extract_file() calls with don't
care maps (both of which are used to rewrite the system image in
incremental and full block OTAs, respectively), pass a progress
callback in and use it to update the visible progress bar.

Change-Id: I1d3742d167c1bb2130571eb5103b7795c65ff371
2014-06-09 14:15:22 -07:00
Doug Zongker c704e06ce5 disable async reboot during package installation
The default recovery UI will reboot the device when the power key is
pressed 7 times in a row, regardless of what recovery is doing.
Disable this feature during package installation, to minimize the
chance of corrupting the device due to a mid-install reboot.  (Debug
packages can explicitly request that the feature be reenabled.)

Change-Id: I20f3ec240ecd344615d452005ff26d8dd7775acf
2014-05-23 08:52:31 -07:00
Michael Runge aa1a31e83d Allow lines without = signs.
The new build.prop for Sprout includes lines of the format:
import xxx.prop

These can be safely ignored when reading the property file.

Change-Id: Ia84a138e71461ffe8e591e88143b9787873def29
2014-05-01 18:37:40 -07:00
Mark Salyzyn 679baa06b7 am 4b6de1ba: am 026ebe02: Merge "Recovery 64-bit compile issues"
* commit '4b6de1ba1ce0fff95c18a8abb7ba6e5762006d49':
  Recovery 64-bit compile issues
2014-03-14 21:35:41 +00:00
Mark Salyzyn 4b6de1ba1c am 026ebe02: Merge "Recovery 64-bit compile issues"
* commit '026ebe0214d6c1c9b3ddc22c35e9ac37e5f622bc':
  Recovery 64-bit compile issues
2014-03-14 20:59:56 +00:00
Mark Salyzyn f3bb31c32f Recovery 64-bit compile issues
Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
2014-03-14 13:51:39 -07:00
Doug Zongker c9d6e4ff51 support don't-care maps when writing the system image
Make package_extract_file() take an optional third argument which is
the pathname (in the package zip) of a map of don't-care regions to
skip over when writing the file.

Modify syspatch() to take source and target don't-care maps and use
them when patching the system partition.

Add the wipe_block_device() function to do a discard of all data on
the partition.

Change-Id: I8c856054edfb6aab2f3e5177f16d9d78add20be4
2014-02-24 16:02:50 -08:00
Doug Zongker 0d32f259cd clean up some warnings when building recovery
Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
2014-02-13 15:34:18 -08:00
Doug Zongker a1bc148c7c remove 'retouch' ASLR support
Older versions of android supported an ASLR system where binaries were
randomly twiddled at OTA install time.  Remove support for this; we
now use the ASLR support in the linux kernel.

Change-Id: I8348eb0d6424692668dc1a00e2416fbef6c158a2
2014-02-13 15:18:19 -08:00
Doug Zongker 52b4036eb8 add syspatch support to updater
Add the syspatch() function, which can apply xdelta3+xz patches using
the libsyspatch library.

Change-Id: Idc1921e449020923bcaf425a1983bec0833e47ed
2014-02-13 14:15:26 -08:00
Michael Runge 15f5fe1bcd am f9dd42de: Merge "Don\'t abort on read_file if the file is missing." into klp-dev
* commit 'f9dd42de6034ab09f9fa649ed1fbea25bc05e598':
  Don't abort on read_file if the file is missing.
2013-12-26 15:33:28 -08:00
Michael Runge 6eed224771 Don't abort on read_file if the file is missing.
Change-Id: I85726bf736203d602428114145c3b98692580656
2013-12-13 17:13:11 -08:00
Doug Zongker d327c63af6 am c87bab10: add the functions for multi-stage packages to updater
* commit 'c87bab101893e8322b49d7c8600e3367b20ab50a':
  add the functions for multi-stage packages to updater
2013-11-27 10:57:44 -08:00
Doug Zongker c87bab1018 add the functions for multi-stage packages to updater
In order to support multi-stage recovery packages, we add the
set_stage() and get_stage() functions, which store a short string
somewhere it can be accessed across invocations of recovery.  We also
add reboot_now() which updater can invoke to immediately reboot the
device, without doing normal recovery cleanup.  (It can also choose
whether to boot off the boot or recovery partition.)

If the stage string is of the form "#/#", recovery's UI will be
augmented with a simple indicator of what stage you're in, so it
doesn't look like a reboot loop.

Change-Id: I62f7ff0bc802b549c9bcf3cc154a6bad99f94603
2013-11-26 15:46:57 -08:00
Michael Runge 40dfc474c4 am c64e76c7: Merge "Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add." into klp-dev
* commit 'c64e76c75088b951f61a7f7bacf8af6eccd2ccfa':
  Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add.
2013-11-07 15:00:42 -08:00
Michael Runge ce7ca7165b Enable incremental builder to find files that moved, and
try to process them via patch + rename, instead of
delete + add.

b/11437930

Change-Id: I984349fbc9a8dac4379e00c0d66fc7d22c4eb834
2013-11-07 12:29:14 -08:00
Dees Troy bb4c0cbc4b Fix merge conflicts and update for 4.4 kitkat
Make a copy of libmincrypt in TWRP source so we do not have to
ifdef verifier.cpp for various versions of mincrypt.

Remove reboot tool from toolbox (it was removed from 4.4 and did
not compile properly on some devices in older trees)
2013-11-02 20:43:26 +00:00
Nick Kralevich 46ab1b6138 updater: Delete dead code
set_perm and set_perm_recursive are no longer used. Delete.

(cherry picked from commit 08ef9a9570)

Change-Id: I1bcc90ae19af9df4f0705496c5876987159f75ac
2013-09-17 10:20:45 -07:00
Nick Kralevich e461251e2c Don't apply permission changes to symlink.
Bug: 10183961
Bug: 10186213
Bug: 8985290
Change-Id: I57cb14af59682c5f25f1e091564548bdbf20f74e
2013-09-10 15:34:19 -07:00
Nick Kralevich 5dbdef0e5b updater: introduce and set_metadata and set_metadata_recursive
Introduce two new updater functions:

* set_metadata
* set_metadata_recursive

Long term, these functions are intended to be more flexible replacements
for the following methods:

* set_perm
* set_perm_recursive

Usage:

  set_metadata("filename", "key1", "value1", "key2", "value2", ...)
  set_metadata_recursive("dirname", "key1", "value1", "key2", "value2", ...)

Description:

set_metadata() and set_metadata_recursive() set the attributes on a file/directory
according to the key/value pairs provided. Today, the following keys are
supported:

* uid
* gid
* mode (set_perm_extd only)
* fmode (set_perm_extd_recursive only)
* dmode (set_perm_extd_recursive only)
* selabel
* capabilities

Unknown keys are logged as warnings, but are not fatal errors.

Examples:

* set_metadata("/system/bin/netcfg", "selabel", "u:object_r:system_file:s0");

This sets the SELinux label of /system/bin/netcfg to u:object_r:system_file:s0.
No other changes occur.

* set_metadata("/system/bin/netcfg", "uid", 0, "gid", 3003, "mode", 02750, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0);

This sets /system/bin/netcfg to uid=0, gid=3003, mode=02750,
selinux label=u:object_r:system_file:s0, and clears the capabilities
associated with the file.

* set_metadata_recursive("/system", "uid", 0, "gid", 0, "fmode", 0644, "dmode", 0755, "selabel", "u:object_r:system_file:s0", "capabilities", 0x0);

All files and directories under /system are set to uid=0, gid=0,
and selinux label=u:object_r:system_file:s0. Directories are set to
mode=0755.  Files are set to mode=0644 and all capabilities are cleared.

Bug: 10183961
Bug: 10186213
Bug: 8985290
Change-Id: Ifdcf186a7ed45265511dc493c4036e1ac5e3d0af
2013-09-10 10:24:24 -07:00
Nick Kralevich 3328e3bc81 Revert "Update OTA installer to understand SELinux filesystem labels"
This reverts commit 627eb30f73.

Bug: 10183961
Bug: 10186213
2013-09-09 10:47:14 -07:00
Dees_Troy 512376ccc7 Extract file_contexts from zips if it exists
Update binary will now extract file_contexts if it exists in the
root of the zip to /tmp

Recovery will replace the existing /file_contexts in the ramdisk
if file_contexts exists in the root of the zip.

This ensure that the proper contexts are used during zip installs.

Change-Id: If22c41101868643b67e6dba6177677c078fcd877
2013-09-05 13:06:16 +00:00
Dees_Troy 1669f89dd2 Update to latest AOSP master
Merge in latest commits from AOSP master and fix merge conflicts
2013-09-04 19:00:58 +00:00
Nick Kralevich 627eb30f73 Update OTA installer to understand SELinux filesystem labels
Modify the OTA installer to understand SELinux filesystem labels.

We do this by introducing new set_perm2 / set_perm2_recursive
calls, which understand SELinux filesystem labels. These filesystem
labels are applied at the same time that we apply the
UID / GID / permission changes.

For compatibility, we preserve the behavior of the existing
set_perm / set_perm_recursive calls.

If the destination kernel doesn't support security labels, don't
fail. SELinux isn't enabled on all kernels.

Bug: 8985290
Change-Id: I99800499f01784199e4918a82e3e2db1089cf25b
2013-07-18 15:21:12 -07:00
Doug Zongker fafc85b4ad recovery: move log output to stdout
Recovery currently has a random mix of messages printed to stdout and
messages printed to stderr, which can make logs hard to read.  Move
everything to stdout.

Change-Id: Ie33bd4a9e1272e731302569cdec918e0534c48a6
2013-07-09 12:50:24 -07:00
Dees_Troy 76a1d41429 Fix write_raw_image to work with mmc 2013-04-20 13:54:35 +00:00
Doug Zongker bac7fba027 verifier: update to support certificates using SHA-256
Change-Id: Ifd5a29d459acf101311fa1c220f728c3d0ac2e4e
2013-04-10 11:32:17 -07:00
Kenny Root cd74108cda resolved conflicts for merge of 78afed1c to jb-mr1-dev-plus-aosp
Change-Id: I861e3a6aa07c448909b2ae54618bba178bd6e457
2012-10-16 17:44:21 -07:00
Kenny Root 7eb7567aa3 Remove HAVE_SELINUX guards
Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
2012-10-16 12:57:26 -07:00
Doug Zongker a3ccba6d31 add bonus data feature to imgdiff/imgpatch/applypatch
The bonus data option lets you give an additional blob of uncompressed
data to be used when constructing a patch for chunk #1 of an image.
The same blob must be available at patch time, and can be passed to
the command-line applypatch tool (this feature is not accessible from
edify scripts).

This will be used to reduce the size of recovery-from-boot patches by
storing parts of the recovery ramdisk (the UI images) on the system
partition.

Change-Id: Iac1959cdf7f5e4582f8d434e83456e483b64c02c
2012-08-20 15:28:02 -07:00
Doug Zongker a23075fb0e fix the symlink() command to create directories if needed
Full OTAs currently fail if the build contains a directory containing
only symlinks, because nothing creates that directory.  Change the
symlink() command to create any ancestor directories that don't exist.
They're created as owner root perms 0700 because we assume that in
practice subsequent set_perm_recursive() calls will fix up their
ownership and permissions.

Change-Id: I4681cbc85863d9778e36b924f0532b2b3ef14310
2012-08-06 16:35:18 -07:00
Kenny Root 1e4469a786 am 78911bdf: am 2a4ab824: Merge "Change the format command to always take the mount point as an argument."
* commit '78911bdf4f9dfff6583f3f8150a3257212ceea13':
  Change the format command to always take the mount point as an argument.
2012-04-06 18:05:56 -07:00
Stephen Smalley 516e4e2372 Change the format command to always take the mount point as an argument.
Requires I5a63fd61a7e74d386d0803946d06bcf2fa8a857e

Change-Id: Ica5fb73d6f2ffb981b74d1896538988dbc4d9b24
2012-04-03 13:35:11 -04:00
Kenny Root 41dda82d84 resolved conflicts for merge of 0b1fee1b to master
Change-Id: I2e8298ff5988a96754f56f80a5186c9605ad9928
2012-03-30 21:26:01 -07:00
Stephen Smalley 779701db51 Extend recovery and updater to support setting file security contexts.
Extend minzip, recovery, and updater to set the security context on
files based on the file_contexts configuration included in the package.

Change-Id: Ied379f266a16c64f2b4dca15dc39b98fcce16f29
2012-03-30 09:32:46 -04:00
Doug Zongker acd73ed156 fail edify script if set_perm() or symlink() fails
It's surprising if these fail, so abort the whole edify script to
catch any problems early.

Bug: 2284848
Change-Id: Ia2a0b60e7f086fc590b242616028905a229c9e05
2012-03-22 14:33:53 -07:00
Doug Zongker 35a35a6766 remove retouching code from updater
Removes the retouch_binaries and undo_retouch_binaries from updater;
newly generated OTA packages should not call them any more.

Note that applypatch retains the ability to unretouch a file as it
reads it.  This will be needed as long as we want to support OTAs from
devices that were installed with retouching.

Change-Id: Ib3f6baeae90c84ba85983f626d821ab7e436ceb2
2012-02-28 12:30:13 -08:00
Doug Zongker daefc1d442 C++ class for device-specific code
Replace the device-specific functions with a class.  Move some of the
key handling (for log visibility toggling and rebooting) into the UI
class.  Fix up the key handling so there is less crosstalk between the
immediate keys and the queued keys (an increasing annoyance on
button-limited devices).

Change-Id: I698f6fd21c67a1e55429312a0484b6c393cad46f
2011-10-31 15:51:07 -07:00
Doug Zongker d0181b8fcd allow recovery packages to wipe cache
updater now has a function "wipe_cache();" which causes recovery to
wipe the cache partition after the successful installation of the
package.  Move log copying around a bit so logs and the last_install
flag file are copied to cache after it's wiped.

Bug: 5314244
Change-Id: Id35a9eb6dcd626c8f3a3a0076074f462ed3d44bd
2011-10-19 11:26:18 -07:00