- 10 Apr, 2015 1 commit
-
-
Tao Bao authored
These commands are for the communication between the installer and the update binary (edify interpreter). Update the comments in sync with the codes. Change-Id: I7390f022b1447049a974b0b45697ef1d2e71d4e0
-
- 08 Apr, 2015 1 commit
-
-
Tao Bao authored
Currently it rotates the log files every time it boots into the recovery mode. We lose useful logs after ten times. This CL changes the rotation condition so that it will rotate only if it performs some actual operations that modify the flash (installs, wipes, sideloads and etc). Bug: 19695622 Change-Id: Ie708ad955ef31aa500b6590c65faa72391705940
-
- 25 Mar, 2015 1 commit
-
-
Tao Bao authored
Change-Id: Ia897aa43e44d115bde6de91789b35723826ace22
-
- 28 Jan, 2015 1 commit
-
-
Elliott Hughes authored
Change-Id: I0737456e0221ebe9cc854d65c95a7d37d0869d56
-
- 02 Jul, 2014 1 commit
-
-
Doug Zongker authored
Implement a new method of sideloading over ADB that does not require the entire package to be held in RAM (useful for low-RAM devices and devices using block OTA where we'd rather have more RAM available for binary patching). We communicate with the host using a new adb service called "sideload-host", which makes the host act as a server, sending us different parts of the package file on request. We create a FUSE filesystem that creates a virtual file "/sideload/package.zip" that is backed by the ADB connection -- users see a normal file, but when they read from the file we're actually fetching the data from the adb host. This file is then passed to the verification and installation systems like any other. To prevent a malicious adb host implementation from serving different data to the verification and installation phases of sideloading, the FUSE filesystem verifies that the contents of the file don't change between reads -- every time we fetch a block from the host we compare its hash to the previous hash for that block (if it was read before) and cause the read to fail if it changes. One necessary change is that the minadbd started by recovery in sideload mode no longer drops its root privileges (they're needed to mount the FUSE filesystem). We rely on SELinux enforcement to restrict the set of things that can be accessed. Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
-
- 23 May, 2014 1 commit
-
-
Doug Zongker authored
The default recovery UI will reboot the device when the power key is pressed 7 times in a row, regardless of what recovery is doing. Disable this feature during package installation, to minimize the chance of corrupting the device due to a mid-install reboot. (Debug packages can explicitly request that the feature be reenabled.) Change-Id: I20f3ec240ecd344615d452005ff26d8dd7775acf
-
- 16 Jan, 2014 1 commit
-
-
Doug Zongker authored
Changes minzip and recovery's file signature verification to work on memory regions, rather than files. For packages which are regular files, install.cpp now mmap()s them into memory and then passes the mapped memory to the verifier and to the minzip library. Support for files which are raw block maps (which will be used when we have packages written to encrypted data partitions) is present but largely untested so far. Bug: 12188746 Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
-
- 18 Nov, 2013 1 commit
-
-
Alistair Strachan authored
A system/core change made in Mar 26 2012 6ebf12f "init: Change umask of forked processes to 077" changed the default umask of services forked from init. Because recovery is forked from init, it has a umask of 077. Therefore when update-binary is forked from recovery, it too has a umask of 077. This umask is overly restrictive and can cause problems for scripts relying on minzip to extract binaries directly into the target filesystem. Any directories updated by minzip will have their permissions reset to r-x------ and created files will have similarly restrictive permissions. As it seems unlikely this security measure was intended to have this side effect on legacy sideloads that do not have chmods to repair the damage done by minzip, this change reverts the umask to 022 in the fork made for update-binary. Change-Id: Ib1a3fc83aa4ecc7480b5d0c00f3c7d0d040d4887
-
- 25 Sep, 2013 1 commit
-
-
Doug Zongker authored
(cherry picked from commit bac7fba0) Change-Id: I01c38d7fea088622a8b0bbf2c833fa2d969417af
-
- 21 Aug, 2013 1 commit
-
-
Doug Zongker authored
When installing a package, we should have /tmp and /cache mounted and nothing else. Ensure this is true by explicitly mounting them and unmounting everything else as the first step of every install. Also fix an error in the progress bar that crops up when you do multiple package installs in one instance of recovery. Change-Id: I4837ed707cb419ddd3d9f6188b6355ba1bcfe2b2
-
- 09 Jul, 2013 1 commit
-
-
Doug Zongker authored
Recovery currently has a random mix of messages printed to stdout and messages printed to stderr, which can make logs hard to read. Move everything to stdout. Change-Id: Ie33bd4a9e1272e731302569cdec918e0534c48a6
-
- 10 Apr, 2013 1 commit
-
-
Doug Zongker authored
Change-Id: Ifd5a29d459acf101311fa1c220f728c3d0ac2e4e
-
- 02 Nov, 2012 1 commit
-
-
Doug Zongker authored
Add an option to verifier_test to load keys from a file, the way the recovery does. Change-Id: Icba0e391164f2c1a9fefeab4b0bcb878e91d17b4
-
- 23 Aug, 2012 1 commit
-
-
Doug Zongker authored
- recovery takes a --locale argument, which will be passed by the main system - the locale is saved in cache, in case the --locale argument is missing (eg, when recovery is started from fastboot) - we include images that have prerendered text for many locales - we split the background states into four (installing update, erasing, no command, error) so that appropriate text can be shown. Change-Id: I731b8108e83d5ccc09a4aacfc1dbf7e86b397aaf
-
- 25 Jul, 2012 1 commit
-
-
Doug Zongker authored
Change-Id: I9849c69777d513bb12926c8c622d1c12d2da568a
-
- 12 Apr, 2012 1 commit
-
-
Doug Zongker authored
- add the --just_exit option to make recovery exit normally without doing anything - make it possible to build updater extensions in C++ - add the clear_display command so that the updater binary can request recovery switch to the NONE background UI These are all used to support the notion of using OTA as a factory reflash mechanism. Change-Id: Ib00d1cbf540feff38f52a61a2cf198915b48488c
-
- 31 Oct, 2011 2 commits
-
-
Doug Zongker authored
Move all the functions in ui.c to be members of a ScreenRecoveryUI class, which is a subclass of an abstract RecoveryUI class. Recovery then creates a global singleton instance of this class and then invoke the methods to drive the UI. We use this to allow substitution of a different RecoveryUI implementation for devices with radically different form factors (eg, that don't have a screen). Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
-
Doug Zongker authored
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555
-
- 28 Oct, 2011 1 commit
-
-
Doug Zongker authored
Change-Id: I68a67a4c8edec9a74463b3d4766005ce27b51316
-
- 19 Oct, 2011 1 commit
-
-
Doug Zongker authored
updater now has a function "wipe_cache();" which causes recovery to wipe the cache partition after the successful installation of the package. Move log copying around a bit so logs and the last_install flag file are copied to cache after it's wiped. Bug: 5314244 Change-Id: Id35a9eb6dcd626c8f3a3a0076074f462ed3d44bd
-
- 12 Apr, 2011 1 commit
-
-
Doug Zongker authored
When installing a package, create /cache/recovery/last_install, which contains the filename of the package and a 1 or 0 for success or failure. Also, don't mount ext4 and vfat filesystems as read-only (on devices where /cache is ext4, we need it to be read-write). Change-Id: I0cf2a1921bbd65e06343aa74e2006577fac77c2c
-
- 21 Sep, 2010 2 commits
-
-
Doug Zongker authored
Remove the wacky notion of "roots" and "root paths" (those things that look like "FOO:some/path" instead of just "/foo/some/path"). Let each device specify its own table of available partitions and how to mount them (needed for devices that use both MTD/yaffs2 and EMMC/ext4 partitions). (Cherrypicked from gingerbread w/slight edits.) Change-Id: I2479ce76b13e73f1d12035c89386c3a82b3edf51
-
Doug Zongker authored
Remove the wacky notion of "roots" and "root paths" (those things that look like "FOO:some/path" instead of just "/foo/some/path"). Let each device specify its own table of available partitions and how to mount them (needed for devices that use both MTD/yaffs2 and EMMC/ext4 partitions). Change-Id: I18b0a572a71c5e087e0b7ae11b1774388339bfd1
-
- 17 Sep, 2010 1 commit
-
-
Doug Zongker authored
Recovery itself no longer needs to access all these partitions; manipulation of them is done by the updater binary. This is a small first step towards removing roots entirely. Change-Id: I3fbcada32079a37db4cc097861dfa91e0a08da30
-
- 15 Sep, 2010 2 commits
-
-
Doug Zongker authored
Make the mount and format functions take extra parameters describing the filesystem type and add support for mounting and formatting ext4 filesystems on EMMC. Change recovery to consistently use stdout for status messages instead of mixing stdout and stderr.
-
Doug Zongker authored
Close the update package before invoking the binary, to allow the installer to unmount /cache if it wants to. Add a function to allow remounting of a mount as read-only. Change-Id: Idfcc96c3da66083295177f729263560be58034e4
-
- 01 Jul, 2010 1 commit
-
-
Doug Zongker authored
Make the mount and format functions take extra parameters describing the filesystem type and add support for mounting and formatting ext4 filesystems on EMMC. Change recovery to consistently use stdout for status messages instead of mixing stdout and stderr.
-
- 24 Jun, 2010 1 commit
-
-
Nick Kralevich authored
Fix potential string format bug. Change-Id: Ie05aac53b2c45a48bd68e340b76ccb21edfd28b7
-
- 03 Feb, 2010 1 commit
-
-
Doug Zongker authored
Remove support for the HTC-specific "firmware" update command and the corresponding edify function write_firmware_update(). This functionality is now done by an edify extension library that lives in vendor/htc. Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
-
- 29 Jan, 2010 1 commit
-
-
Doug Zongker authored
%i can't be used to read unsigned ints (though it happens to work with bionic). Change to %x and %u as appropriate. Change-Id: I8ea9ca16a939501757cf70fc5953abee26c8231c http://b/2402231 - Parser for /res/keys interprets n0inv as a signed int
-
- 13 Nov, 2009 1 commit
-
-
Jean-Baptiste Queru authored
-
- 17 Aug, 2009 1 commit
-
-
Doug Zongker authored
-
- 15 Aug, 2009 1 commit
-
-
Doug Zongker authored
In recovery, verify a signature that covers the entire zip file, instead of using the jarsigner format to verify individual files. Bug: 1328985
-
- 14 Jul, 2009 1 commit
-
-
Doug Zongker authored
Yank all the code to install OTA packages out of the recovery binary itself. Now packages are installed by a binary included in the package (run as a child of recovery), so we can make improvements in the installation process without waiting for a new release to use them.
-
- 24 Jun, 2009 1 commit
-
-
Doug Zongker authored
Let recovery accept set_progress commands to control progress over the 'current segment' of the bar. Add a set_progress() builtin to the updater binary.
-
- 18 Jun, 2009 1 commit
-
-
Doug Zongker authored
To do a firmware-install-on-reboot, the update binary tells recovery what file to install before rebooting. Let this file be specified as "PACKAGE:<foo>" to indicate taking the file out of the OTA package, avoiding an extra copy to /tmp. Bump the API version number to reflect this change.
-
- 12 Jun, 2009 2 commits
-
-
Doug Zongker authored
A few more changes to edify: - fix write_raw_image(); my last change neglected to close the write context, so the written image was corrupt. - each expression tracks the span of the source code from which it was compiled, so that assert()'s error message can include the source of the expression that failed. - the 'cookie' argument to each Function is replaced with a State object, which contains the cookie, the source script (for use with the above spans), and the current error message (replacing the global variables that were used for this purpose). - in the recovery image, a new command "ui_print" can be sent back through the command pipe to cause text to appear on the screen. Add a new ui_print() function to print things from scripts. Rename existing "print" function to "stdout".
-
Doug Zongker authored
Adds more edify functions for OTAs: is_mounted getprop apply_patch apply_patch_check apply_patch_space write_raw_image write_firmware_image package_extract_file This allows us to install radios, hboots, boot images, and install incremental OTA packages. Fixes a couple of dumb bugs in edify itself: - we were doubling the size of the function table each time it was *not* full, rather than each time it was full - "no such function" errors weren't visible to the parser, so they didn't prevent execution of the script.
-
- 11 Jun, 2009 1 commit
-
-
Doug Zongker authored
Adds the following edify functions: mount unmount format show_progress delete delete_recursive package_extract symlink set_perm set_perm_recursive This set is enough to extract and install the system part of a (full) OTA package. Adds the updater binary that extracts an edify script from the OTA package and then executes it. Minor changes to the edify core (adds a sleep() builtin for debugging, adds "." to the set of characters that can appear in an unquoted string).
-
- 04 Jun, 2009 1 commit
-
-
Doug Zongker authored
Allow installation of OTA packages which do not contain an update-script, but instead contain an update-binary.
-