update_verifier checks the integrity of the updated system and vendor
partitions on the first boot post an A/B OTA update. It marks the
current slot as having booted successfully if it passes the verification.
This CL doesn't perform any actual verification work which will be
addressed in follow-up CLs.
Bug: 26039641
Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42
When system images contain the root directory, there is no entry of
"/system" in the fstab. Change it to look for "/" instead if
ro.build.system_root_image is true. We actually mount the partition
to /system_root instead, and create a symlink to /system_root/system
for /system. This allows "adb shell" to work properly.
Bug: 22855115
Change-Id: I91864444950dc3229fda3cc133ddbadeb8817fb8
(cherry picked from commit abb8f7785e)
WriteToPartition() should consider a target name as valid if it contains
multiple colons. But only the first two fields will be used.
Bug: 22725128
Change-Id: I9d0236eaf97df9db9704acf53690d0ef85188e45
(cherry picked from commit 1ce7a2a63d)
We may carry a full copy of recovery image in the /system, and use
/system/bin/install-recovery.sh to install the recovery. This CL adds
support to flash the recovery partition with the given image.
Bug: 22641135
Change-Id: I345eaaee269f6443527f45a9be7e4ee47f6b2b39
(cherry picked from commit 68c5a67967)
Only trusted input is passed to parse_range, but check for invalid
input to catch possible problems in transfer lists.
Bug: 21033983
Bug: 21034030
Bug: 21034172
Bug: 21034406
Change-Id: I1e266de3de15c99ee596ebdb034419fdfe7eba1f
(cherry picked from commit f2bac04e1b)
These are already getting libc++, so it isn't necessary. If any of the
other static libraries (such as adb) use new or delete from libc++,
there will be symbol collisions.
Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f
(cherry picked from commit e49a9e527a)
When there are 20 entries (like 10 last_log* and 10 last_kmg* in "view
recovery logs"), there's no "Back" entry. Because the number of entries
(21) exceeds text_rows (20) in WearRecoveryUI::StartMenu(). Since we
have scrollable menu, having more entries than text_rows won't be an
issue.
Bug: 23752519
Change-Id: I12573d7a34852a1a3d130c9e88522cee737eb08f
Every watch has a (mostly identical) copy of the wear_ui. Factor them
out into a single copy for easier maintenance. Device-specific settings
should be defined in recovery_ui.cpp that inherits WearRecoveryUI class.
Bug: 22451422
Change-Id: Id07efca37d1b1d330e6327506c7b73ccf6ae9241
We need to ensure the renamed filename reaches the underlying storage.
Bug: 22840552
Change-Id: I824b6e9d8a9c5966035be7b42a73678d07376342
(cherry picked from commit dc3922622a)
File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.
Split property loaded into system and data, and load in right order.
Bug: 22233063
Change-Id: I409c12e3f4a8cef474eb48818e96760fe292cc49
File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.
Split property loaded into system and data, and load in right order.
Bug: 22233063
Change-Id: I409c12e3f4a8cef474eb48818e96760fe292cc49
This reverts commit b65f0272c8.
It slows down the update too much on some devices (e.g. increased
from 8 mins to 40 mins to take a full OTA update).
Bug: 22129621
Change-Id: I4e8d4f6734967caf4f0d19c734027f7b6c107370
A RangeSet has half-closed half-open bounds. For example, "3,5" contains
blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped.
Bug: 22098085
Change-Id: I362d259f8b5d62478858ad0422b635bc5068698d
(cherry picked from commit c0f56ad766)
Failures are seen on devices with
Linux 3.10. And they are mainly due to this change:
https://lwn.net/Articles/546473/
The blocks reserved in this change is not the same thing as what we
think are reserved for common usage of root user. And this part is
included in free blocks but not in available blocks.
Bug: 22118089
Change-Id: I81c9531703298019a4fc11839f28d2cc8b9df34e
(cherry picked from commit 3b4977638f)
Due to observed BLKDISCARD flakiness, overwrite blocks that we want
to discard with zeros first to avoid later issues with dm-verity if
BLKDISCARD is not successful.
Bug: 20614277
Bug: 20881595
Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f
(cherry picked from commit a3c75e3ea6)
Due to observed BLKDISCARD flakiness, overwrite blocks that we want
to discard with zeros first to avoid later issues with dm-verity if
BLKDISCARD is not successful.
Bug: 20614277
Bug: 20881595
Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3
(cherry picked from commit 96392b97f6)
When it reboots into recovery for a factory reset, it still needs to
write the uncrypt status (-1) to the pipe.
Bug: 21511893
Change-Id: I1a725820f1e1875146e49b5a6f28af2fbf284fc7
In the block updater, if BLKDISCARD fails, the error is silently
ignored and some of the blocks may not be erased. This means the
target partition will have inconsistent contents.
If the ioctl fails, return an error and abort the update.
Bug: 20614277
Change-Id: I33867ba9337c514de8ffae59f28584b285324067
(cherry picked from commit cc2428c818)
uncrypt needs to be triggered to prepare the OTA package before
rebooting into the recovery. Separate uncrypt into two modes. In
mode 1, it uncrypts the OTA package, but will not reboot the
device. In mode 2, it wipes the /misc partition and reboots.
Needs matching changes in frameworks/base, system/core and
external/sepolicy to work properly.
Bug: 20012567
Bug: 20949086
Change-Id: I14d25cb62770dd405cb56824d05d649c3a94f315
