Commit graph

89 commits

Author SHA1 Message Date
Mattias Nissler
452df6d99c Convert recovery to use BoringSSL instead of mincrypt.
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.

Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
2016-04-06 15:54:17 +02:00
Mark Salyzyn
a4f701af93 recovery: use __android_log_pmsg_file_write for log files
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
  allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
  in post-fs phase of init. We rely on pmsg eventually scrolling off
  to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
  pmsg to /data/misc/recovery/ directory if /cache is not mounted
  in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
  BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests

NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.

Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
2016-03-28 11:07:00 -07:00
Tao Bao
d80a99883d Fix the improper use of LOCAL_WHOLE_STATIC_LIBRARIES.
If two libraries both use LOCAL_WHOLE_STATIC_LIBRARIES and include a same
library, there would be linking errors when generating a shared library
(or executable) that depends on the two libraries both.

Also clean up Android.mk files.

Remove the "LOCAL_MODULE_TAGS := eng" line for the updater module. The
module will then default to "optional" which won't be built until needed.

Change-Id: I3ec227109b8aa744b7568e7f82f575aae3fe0e6f
2016-03-03 14:52:44 -08:00
Yabin Cui
53e7a0628f recovery: check battery level before installing package.
Bug: 26879394

Change-Id: I63dce5bc50c2e104129f1bcab7d3cad5682bf45d
2016-02-19 18:08:09 -08:00
Jed Estep
a7b9a4660c IO fault injection for OTA packages
Bug: 25951086
Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
(cherry-picked from commit f1fc48c6e6)
2016-02-10 10:49:38 -08:00
Jed Estep
432918603f Refactor existing tests to use gtest
Bug: 26962907
Change-Id: I5f80636af1740badeff7d08193f08e23f4e4fee1
2016-02-04 10:11:30 -08:00
Tao Bao
7197ee0e39 Add update_verifier for A/B OTA update.
update_verifier checks the integrity of the updated system and vendor
partitions on the first boot post an A/B OTA update. It marks the
current slot as having booted successfully if it passes the verification.

This CL doesn't perform any actual verification work which will be
addressed in follow-up CLs.

Bug: 26039641
Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42
(cherry picked from commit 1171d3a12b)
2015-12-08 11:24:11 -08:00
Tao Bao
4ea2b0c4ac Merge "recovery: Depend on mkfs.f2fs only if needed."
am: a412198699

* commit 'a4121986990d7dde7918252a96d87e4c3c11c13c':
  recovery: Depend on mkfs.f2fs only if needed.
2015-10-28 16:36:23 +00:00
Tao Bao
f68351209f recovery: Depend on mkfs.f2fs only if needed.
Don't build mkfs.f2fs unless device defines TARGET_USERIMAGES_USE_F2FS.

Change-Id: Ifac592c30315bbe7590c8fbf3a0844e6a7a31a1a
2015-10-27 22:00:35 -07:00
Tao Bao
ba781587cb am 337db14f: recovery: Factor out wear_ui.{cpp,h} into bootable/recovery.
* commit '337db14f274fc73dd540aa71d2c21c431fe686ec':
  recovery: Factor out wear_ui.{cpp,h} into bootable/recovery.
2015-08-25 01:23:18 +00:00
Tao Bao
337db14f27 recovery: Factor out wear_ui.{cpp,h} into bootable/recovery.
Every watch has a (mostly identical) copy of the wear_ui. Factor them
out into a single copy for easier maintenance. Device-specific settings
should be defined in recovery_ui.cpp that inherits WearRecoveryUI class.

Bug: 22451422
Change-Id: Id07efca37d1b1d330e6327506c7b73ccf6ae9241
2015-08-24 17:31:47 -07:00
Tao Bao
0d4e002670 recovery: Switch fuse_* to C++.
Change-Id: Id50c3e6febd0ab61f10a654b9b265cf21a2d1701
(cherry picked from commit 71dc365f25)
2015-07-24 11:22:05 -07:00
Tao Bao
71dc365f25 recovery: Switch fuse_* to C++.
Change-Id: I68770ad1a9e99caee292f8010cfd37dfea3acc64
2015-07-20 11:57:40 -07:00
Tao Bao
80e46e08de recovery: Switch to clang
And a few trival fixes to suppress warnings.

Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
2015-06-03 11:30:03 -07:00
Dan Albert
e49a9e527a Stop using libstdc++.
These are already getting libc++, so it isn't necessary. If any of the
other static libraries (such as adb) use new or delete from libc++,
there will be symbol collisions.

Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f
2015-05-19 11:33:18 -07:00
Elliott Hughes
8fd86d77f1 Move the menu header out of the menu.
This makes it easier for us to deal with arbitrary information at the
top, and means that headers added by specific commands don't overwrite
the default ones.

Add the fingerprint back, but broken up so it fits even on sprout's
display.

Change-Id: Id71da79ab1aa455a611d72756a3100a97ceb4c1c
2015-04-13 15:46:15 -07:00
Elliott Hughes
ec28340cf3 Move "Mount /system" to the main menu.
Everyone's adding secret key combinations for this anyway, and it's
very useful when debugging.

Change-Id: Iad549452b872a7af963dd649f283ebcd3ea24234
2015-04-10 10:01:53 -07:00
Elliott Hughes
9e7ae8a626 Move default implementations into Device.
The current abstract class was a nice idea but has led to a lot of
copy & paste in practice. Right now, no one we know of has any extra
menu items, so let's make the default menu available to everyone.

(If we assume that someone somewhere really does need custom
device-specific menu options, a better API would let them add to
our menu rather than replacing it.)

Change-Id: I59f6a92f3ecd830c2ce78ce9da19eaaf472c5dfa
2015-04-09 13:40:31 -07:00
Ying Wang
5a50b1bce5 Install the recovery binary directly to the recovery image.
This eliminated the previous hack, that doesn't work reliably with the
"LOCAL_REQUIRED_MODULES := mkfs.f2fs".

Bug: 19666886
Change-Id: I1f0a2d41129f402c0165f3b86b6fda077291f282
2015-03-10 11:58:37 -07:00
Dan Albert
f3a5726919 Kill of most of the remainder of minadbd.
I think everything left now is here to stay (services.c might get
massaged in to libadbd if it gets refactored).

Bug: 17626262
Change-Id: I01faf8b277a601a40e3a0f4c3b8206c97f1d2ce6
2015-02-19 15:41:35 -08:00
Dan Albert
1ddd350504 Use headers from adb.
adb.h has diverged a bit, so that one will be more involved, but these
three are all trivial, unimportant changes.

Change-Id: Ief8474c1c2927d7e955adf04f887c76ab37077a6
2015-02-18 16:14:16 -08:00
Dan Albert
8f1bfead3f Lose USB transport code to libadb.
Bug: 17626262
Change-Id: If41031ba20a3a75fa510f155c654a482b47e409d
2015-02-18 15:11:29 -08:00
Elliott Hughes
5db3f97877 Merge "Fix build when TARGET_USERIMAGES_USE_EXT4 is not defined" 2015-02-11 01:37:49 +00:00
Dan Albert
eaeb55f745 Merge "Start losing code to libadb." 2015-01-27 00:51:09 +00:00
Adam Langley
6ed899a9b6 Remove superfluous OpenSSL include paths.
This include path was needed because system/vold/cryptfs.h included an
OpenSSL header just to get the length of a SHA-256 hash. This has been
fixed in https://android-review.googlesource.com/#/c/124477/1.

Change-Id: I06a8ba0ee5b9efcc3260598f07d9819f065711de
2015-01-22 16:47:36 -08:00
Dan Albert
a01ce3a229 Start losing code to libadb.
Bug: 17626262
Change-Id: I8ce7cff2b7789f39f35a4211d7120d072c05a863
2014-11-25 10:59:42 -08:00
Adrien Grassein
3cd669fd5d Fix build when TARGET_USERIMAGES_USE_EXT4 is not defined
The cryptfs.h files is always included, but its path is only included when TARGET_USERIMAGES_USE_EXT4 is defined.

Change-Id: Iec6aa4601a56a1feac456a21a53a08557dc1d00d
2014-11-07 08:30:41 +01:00
Doug Zongker
945fc68c62 do sdcard sideloading through the fuse filesystem
Make a fuse filesystem that sits on top of the selected package file
on the sdcard, so we can verify that the file contents don't change
while being read and avoid copying the file to /tmp (that is, RAM)
before verifying and installing it.

Change-Id: Ifd982aa68bfe469eda5f839042648654bf7386a1
2014-07-10 10:58:35 -07:00
Doug Zongker
18a78e0a16 refactor fuse sideloading code
Split the adb-specific portions (fetching a block from the adb host
and closing the connections) out from the rest of the FUSE filesystem
code, so that we can reuse the fuse stuff for installing off sdcards
as well.

Change-Id: I0ba385fd35999c5f5cad27842bc82024a264dd14
2014-07-10 10:55:07 -07:00
Ji-Hwan Lee
b9afc2bf15 Use LOCAL_REQUIRED_MODULES for mkfs.f2fs
Instead of LOCAL_ADDITIONAL_DEPENDENCIES.

Bug: 15702524
Change-Id: Ic152ae60354bf09eccdb9a85dcd04f0f076a6422
2014-06-18 17:30:14 +00:00
JP Abgrall
37aedb3faf Support F2FS for the data partition
This adds F2FS support
- for wiping a device
- for the install "format" command.

Note: crypto data in "footer" with a default/negative length
is not supported, unlike with "ext4".

Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870
Signed-off-by: JP Abgrall <jpa@google.com>
2014-06-16 19:07:39 -07:00
Paul Lawrence
276f37e4d4 Merge "Fix build break caused by vold change" 2014-03-21 20:11:09 +00:00
Doug Zongker
39cf417e17 remove pixelflinger from recovery
Recovery now draws directly to the framebuffer by rolling its own
graphics code, rather than depending on libpixelflinger.

The recovery UI is modified slightly to eliminate operations that are
slow with the software implementation: when the text display / menu is
turned on, it now appears on a black background instead of a dimmed
version of the recovery icon.

There's probably substantial room for optimization of the graphics
operations.

Bug: 12131110
Change-Id: Iab6520e0a7aaec39e2ce39377c10aef82ae0c595
2014-03-11 11:10:00 -07:00
Paul Lawrence
a8c56072ec Fix build break caused by vold change
cryptfs.h now includes sha header from libcrypto folder

Change-Id: Icd02c88971aedf96040c3bd9ca759e531546023b
2014-03-03 14:14:24 -08:00
Doug Zongker
0d32f259cd clean up some warnings when building recovery
Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
2014-02-13 15:34:18 -08:00
Doug Zongker
a1bc148c7c remove 'retouch' ASLR support
Older versions of android supported an ASLR system where binaries were
randomly twiddled at OTA install time.  Remove support for this; we
now use the ASLR support in the linux kernel.

Change-Id: I8348eb0d6424692668dc1a00e2416fbef6c158a2
2014-02-13 15:18:19 -08:00
Doug Zongker
76adfc5309 program to store unencrypted files in an encrypted filesystem
uncrypt can read a file on an encrypted filesystem and rewrite it to
the same blocks on the underlying (unencrypted) block device.  This
destroys the contents of the file as far as the encrypted filesystem
is concerned, but allows the data to be read without the encryption
key if you know which blocks of the raw device to access.  uncrypt
produces a "block map" file which lists the blocks that contain the file.

For unencrypted filesystem, uncrypt will produce the block map without
touching the data.

Bug: 12188746
Change-Id: Ib7259b9e14dac8af406796b429d58378a00c7c63
2014-01-16 13:37:55 -08:00
Doug Zongker
99916f0496 do verification and extraction on memory, not files
Changes minzip and recovery's file signature verification to work on
memory regions, rather than files.

For packages which are regular files, install.cpp now mmap()s them
into memory and then passes the mapped memory to the verifier and to
the minzip library.

Support for files which are raw block maps (which will be used when we
have packages written to encrypted data partitions) is present but
largely untested so far.

Bug: 12188746
Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
2014-01-16 13:29:28 -08:00
Doug Zongker
f39989a36d recovery: wipe encryption metadata along with data partition
This assumes that the metadata is correctly defined in fstab.
Which apparently some devices don't do.


Bug: 8766487
Bug: 12112624
Change-Id: I1b14b9d4c888e9348527984be3dce04bdd9f4de0
2013-12-12 23:27:42 +00:00
Kenny Root
9f6bfa302a am fc7eab96: am f4a6ab27: Merge "Add support for ECDSA signatures"
* commit 'fc7eab961f9dc85ee88e8c37ca1dc31a7f7b8331':
  Add support for ECDSA signatures
2013-10-14 14:12:49 -07:00
Kenny Root
7a4adb5268 Add support for ECDSA signatures
This adds support for key version 5 which is an EC key using the NIST
P-256 curve parameters. OTAs may be signed with these keys using the
ECDSA signature algorithm with SHA-256.

Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
2013-10-10 14:19:19 -07:00
Doug Zongker
9e805d6ca0 allow CheckKey to request mounting /system
Also provide a default implementation of CheckKey that's reasonable
for many devices (those that have power and volume keys).

Change-Id: Icf6c7746ebd866152d402059dbd27fd16bd51ff8
2013-09-04 15:02:29 -07:00
Ying Wang
4e21482d97 Add liblog
Bug: 8580410
Change-Id: Ie60dade81c06589cb0daee431611ded34adef8e6
2013-04-09 21:41:29 -07:00
Ken Sumrall
f35d1cef7c Move to using the new unified fstab in recovery.
Instead of reading it's own fstab, have recovery invoke
fs_mgr to read the unified fstab.

Change-Id: I80c75d2c53b809ac60a4a69f0ef7ebfa707c39e9
2013-02-19 17:37:22 -08:00
Kenny Root
cd74108cda resolved conflicts for merge of 78afed1c to jb-mr1-dev-plus-aosp
Change-Id: I861e3a6aa07c448909b2ae54618bba178bd6e457
2012-10-16 17:44:21 -07:00
Kenny Root
7eb7567aa3 Remove HAVE_SELINUX guards
Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
2012-10-16 12:57:26 -07:00
Stephen Hines
91eb721969 Add libm due to libpng dependency.
Change-Id: I0bdc2df5ef358813587f613a1b50eaa850e95782
2012-08-23 15:20:16 -07:00
Joe Onorato
4eeb379886 Use the static version of libsparse
Change-Id: I664f8dc7939f8f902e4775eaaf6476fcd4ab8ed2
2012-07-23 19:14:30 -07:00
Joe Onorato
6396e70d3f Multiple modules with the same name are going away.
Change-Id: I4154db066865d6031caa3c2c3b94064b2f28076e
2012-07-21 15:41:15 -07:00
Colin Cross
cde94f309c Link against libsparse
libext4_utils requires libsparse, link against it as well.

Change-Id: I4d6aec0e5edcf1ed42118b7b77adcded2858d3dd
2012-07-17 17:59:47 -07:00