1. 14 Jan, 2016 1 commit
    • Tao Bao's avatar
      recovery: Fork a process for fuse when sideloading from SD card. · cdcf28f5
      Tao Bao authored
      For applying update from SD card, we used to use a thread to serve the
      file with fuse. Since accessing through fuse involves going from kernel
      to userspace to kernel, it may run into deadlock (e.g. for mmap_sem)
      when a page fault occurs. Switch to using a process instead.
      
      Bug: 23783099
      Bug: 26313124
      Change-Id: Iac0f55b1bdb078cadb520cfe1133e70fbb26eadd
      cdcf28f5
  2. 24 Jul, 2015 1 commit
  3. 20 Jul, 2015 1 commit
  4. 10 Apr, 2015 1 commit
  5. 10 Jul, 2014 2 commits
    • Doug Zongker's avatar
      do sdcard sideloading through the fuse filesystem · 945fc68c
      Doug Zongker authored
      Make a fuse filesystem that sits on top of the selected package file
      on the sdcard, so we can verify that the file contents don't change
      while being read and avoid copying the file to /tmp (that is, RAM)
      before verifying and installing it.
      
      Change-Id: Ifd982aa68bfe469eda5f839042648654bf7386a1
      945fc68c
    • Doug Zongker's avatar
      refactor fuse sideloading code · 18a78e0a
      Doug Zongker authored
      Split the adb-specific portions (fetching a block from the adb host
      and closing the connections) out from the rest of the FUSE filesystem
      code, so that we can reuse the fuse stuff for installing off sdcards
      as well.
      
      Change-Id: I0ba385fd35999c5f5cad27842bc82024a264dd14
      18a78e0a
  6. 02 Jul, 2014 1 commit
    • Doug Zongker's avatar
      sideload without holding the whole package in RAM · 075ad800
      Doug Zongker authored
      Implement a new method of sideloading over ADB that does not require
      the entire package to be held in RAM (useful for low-RAM devices and
      devices using block OTA where we'd rather have more RAM available for
      binary patching).
      
      We communicate with the host using a new adb service called
      "sideload-host", which makes the host act as a server, sending us
      different parts of the package file on request.
      
      We create a FUSE filesystem that creates a virtual file
      "/sideload/package.zip" that is backed by the ADB connection -- users
      see a normal file, but when they read from the file we're actually
      fetching the data from the adb host.  This file is then passed to the
      verification and installation systems like any other.
      
      To prevent a malicious adb host implementation from serving different
      data to the verification and installation phases of sideloading, the
      FUSE filesystem verifies that the contents of the file don't change
      between reads -- every time we fetch a block from the host we compare
      its hash to the previous hash for that block (if it was read before)
      and cause the read to fail if it changes.
      
      One necessary change is that the minadbd started by recovery in
      sideload mode no longer drops its root privileges (they're needed to
      mount the FUSE filesystem).  We rely on SELinux enforcement to
      restrict the set of things that can be accessed.
      
      Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
      075ad800
  7. 11 Jun, 2009 1 commit
    • Doug Zongker's avatar
      edify extensions for OTA package installation, part 1 · 9931f7f3
      Doug Zongker authored
      Adds the following edify functions:
      
        mount unmount format show_progress delete delete_recursive
        package_extract symlink set_perm set_perm_recursive
      
      This set is enough to extract and install the system part of a (full)
      OTA package.
      
      Adds the updater binary that extracts an edify script from the OTA
      package and then executes it.  Minor changes to the edify core (adds a
      sleep() builtin for debugging, adds "." to the set of characters that
      can appear in an unquoted string).
      9931f7f3
  8. 04 Mar, 2009 2 commits
  9. 21 Oct, 2008 1 commit