Commits · 7125f9594db027ce4313d940ce2cafac67ae8c31 · halo / bootable_recovery

30 Apr, 2015 1 commit

Check all lseek calls succeed. · 2f5feedf

Elliott Hughes authored 10 years ago

Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek.

Bug: http://b/20625546
Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
(cherry picked from commit 7bad7c46)

2f5feedf

23 Mar, 2015 1 commit
- Always use strerror to report errno in recovery. · 1fdd452f
  Elliott Hughes authored 10 years ago
```
Change-Id: I7009959043150fabf5853a43ee2448c7fbea176e
```
  1fdd452f
18 Sep, 2014 1 commit

Use the correct fuse_init_out structure size. · 1d30c2fe

Christopher Ferris authored 10 years ago

Kernel 2.6.16 is the first stable kernel with struct fuse_init_out
defined (fuse version 7.6). The structure is the same from 7.6 through
7.22. Beginning with 7.23, the structure increased in size and added
new parameters.

If the kernel only works on minor revs older than or equal to 22,
then use the older structure size since this code only uses the 7.22
version of the structure.

Change-Id: I00d7530e01e6b4718dcd04ad2484959d12ef4a65

1d30c2fe

10 Jul, 2014 1 commit

refactor fuse sideloading code · 18a78e0a

Doug Zongker authored 10 years ago

Split the adb-specific portions (fetching a block from the adb host
and closing the connections) out from the rest of the FUSE filesystem
code, so that we can reuse the fuse stuff for installing off sdcards
as well.

Change-Id: I0ba385fd35999c5f5cad27842bc82024a264dd14

18a78e0a

02 Jul, 2014 1 commit

sideload without holding the whole package in RAM · 075ad800

Doug Zongker authored 10 years ago

Implement a new method of sideloading over ADB that does not require
the entire package to be held in RAM (useful for low-RAM devices and
devices using block OTA where we'd rather have more RAM available for
binary patching).

We communicate with the host using a new adb service called
"sideload-host", which makes the host act as a server, sending us
different parts of the package file on request.

We create a FUSE filesystem that creates a virtual file
"/sideload/package.zip" that is backed by the ADB connection -- users
see a normal file, but when they read from the file we're actually
fetching the data from the adb host.  This file is then passed to the
verification and installation systems like any other.

To prevent a malicious adb host implementation from serving different
data to the verification and installation phases of sideloading, the
FUSE filesystem verifies that the contents of the file don't change
between reads -- every time we fetch a block from the host we compare
its hash to the previous hash for that block (if it was read before)
and cause the read to fail if it changes.

One necessary change is that the minadbd started by recovery in
sideload mode no longer drops its root privileges (they're needed to
mount the FUSE filesystem).  We rely on SELinux enforcement to
restrict the set of things that can be accessed.

Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114

075ad800