GitLab

We need to ensure the renamed filename reaches the underlying storage.

Bug: 22840552
Change-Id: I824b6e9d8a9c5966035be7b42a73678d07376342
(cherry picked from commit dc392262)

This reverts commit b65f0272.

It slows down the update too much on some devices (e.g. increased
from 8 mins to 40 mins to take a full OTA update).

Bug: 22129621
Change-Id: I4e8d4f6734967caf4f0d19c734027f7b6c107370

A RangeSet has half-closed half-open bounds. For example, "3,5" contains
blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped.

Bug: 22098085
Change-Id: I362d259f8b5d62478858ad0422b635bc5068698d
(cherry picked from commit c0f56ad7)

Due to observed BLKDISCARD flakiness, overwrite blocks that we want
to discard with zeros first to avoid later issues with dm-verity if
BLKDISCARD is not successful.

Bug: 20614277
Bug: 20881595
Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f
(cherry picked from commit a3c75e3e)

This reverts commit 604c583c.

Change-Id: I2b0b283dc3f44bae55c5e9f7231d7c712630c2b5

This reverts commit 604c583c.

Change-Id: I2b0b283dc3f44bae55c5e9f7231d7c712630c2b5

Due to observed BLKDISCARD flakiness, overwrite blocks that we want
to discard with zeros first to avoid later issues with dm-verity if
BLKDISCARD is not successful.

Bug: 20614277
Bug: 20881595
Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3
(cherry picked from commit 96392b97)

I missed one last time.

Bug: http://b/20501816
Change-Id: I9896ee2704237d61ee169f898680761e946e0a56
(cherry picked from commit b3ac6761)

In the block updater, if BLKDISCARD fails, the error is silently
ignored and some of the blocks may not be erased. This means the
target partition will have inconsistent contents.

If the ioctl fails, return an error and abort the update.

Bug: 20614277
Change-Id: I33867ba9337c514de8ffae59f28584b285324067
(cherry picked from commit cc2428c8)

Bug: http://b/20501816
Change-Id: I35efcd8dcec7a6492ba70602d380d9980cdda31f
(cherry picked from commit b47afedb)

Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek.

Bug: http://b/20625546
Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
(cherry picked from commit 7bad7c46)

When automatically stashing overlapping blocks, should the stash
file already exist due to an explicit stash command, it's not safe
to remove the stash file after the command has completed.

Note that it is safe to assume that the stash file will remain in
place during the execution of the next command, so we don't have
take other measures to preserve overlapping blocks.

The stash file itself will be removed by a free command when it's
no longer needed.

Bug: 20297065
Change-Id: I8ff1a798b94086adff183c5aac03260eb947ae2c

Change-Id: I7009959043150fabf5853a43ee2448c7fbea176e

Return NULL to abort the update process. Note that returning ""
won't stop the script.

Change-Id: Ifd108c1356f7c92a905c8776247a8842c6445319

I've added explanatory comments to mzExtractRecursive because
that function will live on as a utility even after we move the
zip format related logic to libziparchive.

bug: 19472796

Change-Id: Id69db859b9b90c13429134d40ba72c1d7c17aa8e

I've added explanatory comments to mzExtractRecursive because
that function will live on as a utility even after we move the
zip format related logic to libziparchive.

bug: 19472796

(cherry-picked from commit c9ccdfd7a42de08c47ab771b94dc5b9d1f957b95)

Change-Id: I8b7fb6fa3eafb2e7ac080ef7a7eceb691b252d8a

warning: format '%lu' expects argument of type 'long unsigned int', but
   argument 3 has type 'unsigned int' [-Wformat] sizeof(RangeSet) + num * sizeof(int));

Change-Id: I4a3c6fc8d40c08ea84f8f5ee13f39350e4264027

Change-Id: I480c02ffedd811f4dda9940ef979a05ff54f1435
Bug: 19410117

This notice was added for libsyspatch and libxdelta3, but that code
has been removed since.

Change-Id: I4008878ded56ca1d5094a8208728f8c02fe1fe03

Add support for transfer list version 3, which allows us to
verify the status of each command and resume an interrupted
block based OTA update. Notes on the changes:

 - Move the previous BlockImageUpdateFn to a shorter and
   reusable PerformBlockImageUpdate, which can be used also
   in BlockImageVerifyFn for verification.

 - Split individual transfer list commands into separate
   functions with unified parameters for clarity, and use
   a hash table to locate them during execution.

 - Move common block reading and writing to ReadBlocks and
   WriteBlocks to reduce code duplication, and rename the
   readblock and writeblock to less confusing read_all and
   write_all.

The coding style of the new functions follows the existing
style in the updater/edify code.

Needs matching changes from
  Ia5c56379f570047f10f0aa7373a1025439495c98

Bug: 18262110
Change-Id: I1e752464134aeb2d396946348e6041acabe13942

Change-Id: I06ea08400efa511e627be37a4fd70fbdfadea2e6

When building for 32p, we need to be explicit that we wish to build
the 32bit version of the binaries that will be placed in the recovery
image. The recovery image doesn't actually care... but if we are not
explicit in this, the makefiles will ask for the 64bit binaries but the
Android.mk for the binaries will supply the 32bit images (causing the
build to fail).

Change-Id: Iea2d5f412740c082795da4358765751138a4b167

This allows tune2fs to be executed from within OTA scripts,
allowing for file system modifications without formatting the
partition

Bug: 18430740
Change-Id: I0c2e05b5ef4a81ecea043e9b7b99b545d18fe5e6

This allows tune2fs to be executed from within OTA scripts,
allowing for file system modifications without formatting the
partition

Bug: 18430740
Change-Id: I0c2e05b5ef4a81ecea043e9b7b99b545d18fe5e6

Bug: 18092022
Change-Id: I6c42038ebeb1cfc1e7ca0d3e12310fdce1b990b0

At the end of the OTA script, we walk through /system, updating
all the permissions on the filesystem, including the UID, GID,
standard UNIX permissions, capabilities, and SELinux labels.

In the case of a symbolic link, however, we want to skip most of
those operations. The UID, GID, UNIX permissions, and capabilities
don't meaningfully apply to symbolic links.

However, that's not true with SELinux labels. The SELinux label on
a symbolic link is important. We need to make sure the label on the
symbolic link is always updated, even if none of the other attributes
are updated.

This change unconditionally updates the SELinux label on the symbolic
link itself. lsetfilecon() is used, so that the link itself is updated,
not what it's pointing to.

In addition, drop the ENOTSUP special case. SELinux has been a
requirement since Android 4.4. Running without filesystem extended
attributes is no longer supported, and we shouldn't even try to handle
non-SELinux updates anymore. (Note: this could be problematic if
these scripts are ever used to produce OTA images for 4.2 devices)

Bug: 18079773
Change-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91

Bug: 18079773
Bug: 18092222

Change-Id: Ifc3f3e123de729dfbb2f49414b3207afa96268d5

Bug: 18079773
Change-Id: Ic6fddbcbcb6ddb9e1cbd1698df98387c0033ae15

This should help with reentrant OTAs.

Bug: 18079773

Change-Id: I102fd738e3b450483ecd4471384c12e89fc586e2

In version 2 of block image diffs, we support a new command to load
data from the image and store it in the "stash table" and then
subsequently use entries in the stash table to fill in missing bits of
source data we're not allowed to read when doing move/bsdiff/imgdiff
commands.

This leads to smaller update packages because we can break cycles in
the ordering of how pieces are updated by storing data away and using
it later, rather than not using the data as input to the patch system
at all.  This comes at the cost of the RAM or scratch disk needed to
store the data.

The implementation is backwards compatible; it can still handle the
existing version 1 of the transfer file format.

Change-Id: I4559bfd76d5403859637aeac832f3a5e9e13b63a

In version 2 of block image diffs, we support a new command to load
data from the image and store it in the "stash table" and then
subsequently use entries in the stash table to fill in missing bits of
source data we're not allowed to read when doing move/bsdiff/imgdiff
commands.

This leads to smaller update packages because we can break cycles in
the ordering of how pieces are updated by storing data away and using
it later, rather than not using the data as input to the patch system
at all.  This comes at the cost of the RAM or scratch disk needed to
store the data.

The implementation is backwards compatible; it can still handle the
existing version 1 of the transfer file format.

Change-Id: I7fafe741d86b92d82d46feb2939ecf5a3890dc64

The comment for the DEBUG_ERASE setting is exactly backwards.

Change-Id: I98ab5828365894217fc78976817a131e7d22d5c1

Otherwise, overflow problems can occur with images larger than
2G since the offsets will overflow a 32-bit off_t.

Change-Id: I05951a38ebeae83ad2cb938594e8d8adb323e2aa
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>

Superseded by newer code.

Bug: 16984795
Change-Id: I842299f6a02af7ccf51ef2ca174d813ca53deef1

Superseded by newer code.

Bug: 16984795
Change-Id: I70c1d29dc03287b06ea909d17f729ec51ccb0344

The computation of file offsets was overflowing for partitions larger
than 2 GB.  The parsing of the transfer file could fail at the end if
the data happened to not be properly null-terminated.

Bug: 16984795
Change-Id: I3ce6eb3e54ab7b55aa9bbed252da5a7eacd3317a

(Cherry-pick back from master.)

Bug: 16984795
Change-Id: Ifa3d8345c5e2a0be86fb28faa080ca82592a96b4

Bug: 16984795
Change-Id: I90f958446baed83dec658de2430c8fc5e9c3047e

These error messages include empty parens after each string
substition.  Ill-advised cut and paste, probably.

Bug: 16467401
Change-Id: Ib623172d6228354afdcc2e33442cc53a07f0ecbc

Sometimes renames will move a file into a directory
that does not yet exist.  This will create the
parent directories, using the same symlink logic,
to ensure that there is a valid destination.

Bug: 16458395
Change-Id: Iaa005a12ce800c39f4db20f7c25a2a68cb40a52d