Commit graph

256 commits

Author SHA1 Message Date
Paul Lawrence
a8c56072ec Fix build break caused by vold change
cryptfs.h now includes sha header from libcrypto folder

Change-Id: Icd02c88971aedf96040c3bd9ca759e531546023b
2014-03-03 14:14:24 -08:00
Doug Zongker
0d32f259cd clean up some warnings when building recovery
Change-Id: I1541534ee6978ddf8d548433986679ce9507d508
2014-02-13 15:34:18 -08:00
Doug Zongker
a1bc148c7c remove 'retouch' ASLR support
Older versions of android supported an ASLR system where binaries were
randomly twiddled at OTA install time.  Remove support for this; we
now use the ASLR support in the linux kernel.

Change-Id: I8348eb0d6424692668dc1a00e2416fbef6c158a2
2014-02-13 15:18:19 -08:00
Doug Zongker
76adfc5309 program to store unencrypted files in an encrypted filesystem
uncrypt can read a file on an encrypted filesystem and rewrite it to
the same blocks on the underlying (unencrypted) block device.  This
destroys the contents of the file as far as the encrypted filesystem
is concerned, but allows the data to be read without the encryption
key if you know which blocks of the raw device to access.  uncrypt
produces a "block map" file which lists the blocks that contain the file.

For unencrypted filesystem, uncrypt will produce the block map without
touching the data.

Bug: 12188746
Change-Id: Ib7259b9e14dac8af406796b429d58378a00c7c63
2014-01-16 13:37:55 -08:00
Doug Zongker
99916f0496 do verification and extraction on memory, not files
Changes minzip and recovery's file signature verification to work on
memory regions, rather than files.

For packages which are regular files, install.cpp now mmap()s them
into memory and then passes the mapped memory to the verifier and to
the minzip library.

Support for files which are raw block maps (which will be used when we
have packages written to encrypted data partitions) is present but
largely untested so far.

Bug: 12188746
Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
2014-01-16 13:29:28 -08:00
Doug Zongker
f39989a36d recovery: wipe encryption metadata along with data partition
This assumes that the metadata is correctly defined in fstab.
Which apparently some devices don't do.


Bug: 8766487
Bug: 12112624
Change-Id: I1b14b9d4c888e9348527984be3dce04bdd9f4de0
2013-12-12 23:27:42 +00:00
Kenny Root
9f6bfa302a am fc7eab96: am f4a6ab27: Merge "Add support for ECDSA signatures"
* commit 'fc7eab961f9dc85ee88e8c37ca1dc31a7f7b8331':
  Add support for ECDSA signatures
2013-10-14 14:12:49 -07:00
Kenny Root
7a4adb5268 Add support for ECDSA signatures
This adds support for key version 5 which is an EC key using the NIST
P-256 curve parameters. OTAs may be signed with these keys using the
ECDSA signature algorithm with SHA-256.

Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
2013-10-10 14:19:19 -07:00
Doug Zongker
9e805d6ca0 allow CheckKey to request mounting /system
Also provide a default implementation of CheckKey that's reasonable
for many devices (those that have power and volume keys).

Change-Id: Icf6c7746ebd866152d402059dbd27fd16bd51ff8
2013-09-04 15:02:29 -07:00
Ying Wang
4e21482d97 Add liblog
Bug: 8580410
Change-Id: Ie60dade81c06589cb0daee431611ded34adef8e6
2013-04-09 21:41:29 -07:00
Ken Sumrall
f35d1cef7c Move to using the new unified fstab in recovery.
Instead of reading it's own fstab, have recovery invoke
fs_mgr to read the unified fstab.

Change-Id: I80c75d2c53b809ac60a4a69f0ef7ebfa707c39e9
2013-02-19 17:37:22 -08:00
Kenny Root
cd74108cda resolved conflicts for merge of 78afed1c to jb-mr1-dev-plus-aosp
Change-Id: I861e3a6aa07c448909b2ae54618bba178bd6e457
2012-10-16 17:44:21 -07:00
Kenny Root
7eb7567aa3 Remove HAVE_SELINUX guards
Change-Id: Ia96201f20f7838d7d9e8926208977d3f8318ced4
2012-10-16 12:57:26 -07:00
Stephen Hines
91eb721969 Add libm due to libpng dependency.
Change-Id: I0bdc2df5ef358813587f613a1b50eaa850e95782
2012-08-23 15:20:16 -07:00
Joe Onorato
4eeb379886 Use the static version of libsparse
Change-Id: I664f8dc7939f8f902e4775eaaf6476fcd4ab8ed2
2012-07-23 19:14:30 -07:00
Joe Onorato
6396e70d3f Multiple modules with the same name are going away.
Change-Id: I4154db066865d6031caa3c2c3b94064b2f28076e
2012-07-21 15:41:15 -07:00
Colin Cross
cde94f309c Link against libsparse
libext4_utils requires libsparse, link against it as well.

Change-Id: I4d6aec0e5edcf1ed42118b7b77adcded2858d3dd
2012-07-17 17:59:47 -07:00
Kenny Root
41dda82d84 resolved conflicts for merge of 0b1fee1b to master
Change-Id: I2e8298ff5988a96754f56f80a5186c9605ad9928
2012-03-30 21:26:01 -07:00
Stephen Smalley
779701db51 Extend recovery and updater to support setting file security contexts.
Extend minzip, recovery, and updater to set the security context on
files based on the file_contexts configuration included in the package.

Change-Id: Ied379f266a16c64f2b4dca15dc39b98fcce16f29
2012-03-30 09:32:46 -04:00
Elliott Hughes
74a6279eb4 libz is a superset of libunz, so we don't need both.
Change-Id: I082995c338feaf5d11288300768624cd51b027a4
2012-01-30 17:05:07 -08:00
Stephen Smalley
1a11449495 Add libselinux to LOCAL_STATIC_LIBRARIES wherever libext4_utils is used.
libext4_utils now calls libselinux in order to determine the
file security context to set on files when creating ext4 images.

Change-Id: I09fb9d563d22ee106bf100eacd4cd9c6300b1152
2012-01-24 15:16:31 -05:00
Doug Zongker
9270a20a80 support "sideload over ADB" mode
Rather than depending on the existence of some place to store a file
that is accessible to users on an an unbootable device (eg, a physical
sdcard, external USB drive, etc.), add support for sideloading
packages sent to the device with adb.

This change adds a "minimal adbd" which supports nothing but receiving
a package over adb (with the "adb sideload" command) and storing it to
a fixed filename in the /tmp ramdisk, from where it can be verified
and sideloaded in the usual way.  This should be leave available even
on locked user-build devices.

The user can select "apply package from ADB" from the recovery menu,
which starts minimal-adb mode (shutting down any real adbd that may be
running).  Once minimal-adb has received a package it exits
(restarting real adbd if appropriate) and then verification and
installation of the received package proceeds.

Change-Id: I6fe13161ca064a98d06fa32104e1f432826582f5
2012-01-10 10:18:17 -08:00
Doug Zongker
32a0a47a59 move key processing to RecoveryUI
Move the key for handling keys from ScreenRecoveryUI to RecoveryUI, so
it can be used by devices without screens.  Remove the UIParameters
struct and replace it with some new member variables in
ScreenRecoveryUI.

Change-Id: I70094ecbc4acbf76ce44d5b5ec2036c36bdc3414
2011-11-04 14:09:48 -07:00
Doug Zongker
daefc1d442 C++ class for device-specific code
Replace the device-specific functions with a class.  Move some of the
key handling (for log visibility toggling and rebooting) into the UI
class.  Fix up the key handling so there is less crosstalk between the
immediate keys and the queued keys (an increasing annoyance on
button-limited devices).

Change-Id: I698f6fd21c67a1e55429312a0484b6c393cad46f
2011-10-31 15:51:07 -07:00
Doug Zongker
b88aea8a89 temporarily remove verifier_test binary
Change-Id: I61f249861b27180225fb786901275d2da611531b
2011-10-31 14:43:43 -07:00
Doug Zongker
211aebc4e0 refactor ui functions into a class
Move all the functions in ui.c to be members of a ScreenRecoveryUI
class, which is a subclass of an abstract RecoveryUI class.  Recovery
then creates a global singleton instance of this class and then invoke
the methods to drive the UI.  We use this to allow substitution of a
different RecoveryUI implementation for devices with radically
different form factors (eg, that don't have a screen).

Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
2011-10-31 14:15:02 -07:00
Doug Zongker
28ce47cfa6 turn recovery into a C++ binary
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555
2011-10-31 10:24:09 -07:00
Jeff Brown
b0462e6ae2 Remove the simulator target from all makefiles.
Bug: 5010576

Change-Id: Ib465fdb42c8621899bea15c04a427d7ab1641a8c
2011-07-11 22:11:45 -07:00
Ying Wang
4c05d95112 Fix x86 build.
Change-Id: Iada6268b0a72ee832113ea397334cc7950a37051
2011-02-08 19:51:07 -08:00
Doug Zongker
540d57f25a remove encrypted filesystem code from recovery
This was never used; encrypted filesystems are being done a different
way now.

Change-Id: I519c57b9be44d001f0b81516af7bfc252069892b
2011-01-18 13:36:58 -08:00
Doug Zongker
cc8cd3f3ca remove the notion of "root path"; support mixed flash types
Remove the wacky notion of "roots" and "root paths" (those things that
look like "FOO:some/path" instead of just "/foo/some/path").  Let each
device specify its own table of available partitions and how to mount
them (needed for devices that use both MTD/yaffs2 and EMMC/ext4
partitions).

(Cherrypicked from gingerbread w/slight edits.)

Change-Id: I2479ce76b13e73f1d12035c89386c3a82b3edf51
2010-09-21 14:13:45 -07:00
Hristo Bojinov
db314d69f0 Working ASLR implementation
Separate files for retouch functionality are in minelf/*

ASLR for shared libraries is controlled by "-a" in ota_from_target_files.
Binary files are self-contained. Retouch logic can recover from crashes.

Signed-off-by: Hristo Bojinov <hristo@google.com>
Change-Id: I76c596abf4febd68c14f9d807ac62e8751e0b1bd
2010-08-02 14:17:33 -07:00
Doug Zongker
49c73a76a3 support userdata and cache partitions using emmc/ext4 instead of mtd/yaffs
Change-Id: I827af624c9ec7c64decb702de8c0310cf19b4141
2010-06-29 17:36:28 -07:00
Oscar Montemayor
31f6ee88ce Encrypted File Systems part 3. Recovery changes.
Change-Id: I932f73a6f937aac061128e1134eab08c30f0471d
2010-03-15 09:45:49 -07:00
Doug Zongker
512536a54a relocate applypatch; add type system and new functions to edify
- Move applypatch to this package (from build).

- Add a rudimentary type system to edify:  instead of just returning a
  char*, functions now return a Value*, which is a struct that can
  carry different types of value (currently just STRING and BLOB).
  Convert all functions to this new scheme.

- Change the one-argument form of package_extract_file to return a
  Value of the new BLOB type.

- Add read_file() to load a local file and return a blob, and
  sha1_check() to test a blob (or string) against a set of possible
  sha1s.  read_file() uses the file-loading code from applypatch so it
  can read MTD partitions as well.

This is the start of better integration between applypatch and the
rest of edify.

b/2361316 - VZW Issue PP628: Continuous reset to Droid logo:
            framework-res.apk update failed (CR LIBtt59130)

Change-Id: Ibd038074749a4d515de1f115c498c6c589ee91e5
2010-02-18 14:22:12 -08:00
Doug Zongker
e08991e02a bump updater API version to 3; deprecate firmware update command
Remove support for the HTC-specific "firmware" update command and the
corresponding edify function write_firmware_update().  This
functionality is now done by an edify extension library that lives in
vendor/htc.

Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
2010-02-03 09:20:07 -08:00
Doug Zongker
25215285c4 am 9b430e11: am 73ae31ce: add a simple unit test for the OTA package verifier
Merge commit '9b430e11d6c4fb907d0aa96667142e2c00585e09'

* commit '9b430e11d6c4fb907d0aa96667142e2c00585e09':
  add a simple unit test for the OTA package verifier
2009-12-10 15:52:09 -08:00
Oscar Montemayor
0523156775 Recovery changes for Encrypted File Systems.
This change enables/disables the Encrypted file systems feature. It reads some properties form the data partition, wipes the partition out, and then rewrites the proper properties again into the data partition to signal that encrypted FS are enabled.
2009-12-10 14:49:04 -08:00
Doug Zongker
73ae31ce0a add a simple unit test for the OTA package verifier 2009-12-09 17:01:45 -08:00
Doug Zongker
608fa02e1a resolved conflicts for merge of 64893ccc to master 2009-07-15 18:10:28 -07:00
Doug Zongker
64893ccc09 remove amend
Yank all the code to install OTA packages out of the recovery binary
itself.  Now packages are installed by a binary included in the
package (run as a child of recovery), so we can make improvements in
the installation process without waiting for a new release to use
them.
2009-07-14 16:58:42 -07:00
Doug Zongker
d683785ec9 resolved conflicts for merge of fb2e3af3 to master 2009-06-17 22:07:13 -07:00
Doug Zongker
fb2e3af3f9 let the "firmware" command take the file straight from the package
To do a firmware-install-on-reboot, the update binary tells recovery
what file to install before rebooting.  Let this file be specified as
"PACKAGE:<foo>" to indicate taking the file out of the OTA package,
avoiding an extra copy to /tmp.  Bump the API version number to
reflect this change.
2009-06-17 18:12:16 -07:00
Doug Zongker
6c301e244d am 9931f7f3: edify extensions for OTA package installation, part 1
Merge commit '9931f7f3c1288171319e9ff7d053ebaad07db720'

* commit '9931f7f3c1288171319e9ff7d053ebaad07db720':
  edify extensions for OTA package installation, part 1
2009-06-12 08:25:38 -07:00
Doug Zongker
9dbc027b5f fix sim build in donut, too 2009-06-11 17:32:55 -07:00
Doug Zongker
c3885fabda fix simulator build by excluding more of recovery 2009-06-11 17:05:58 -07:00
Doug Zongker
9931f7f3c1 edify extensions for OTA package installation, part 1
Adds the following edify functions:

  mount unmount format show_progress delete delete_recursive
  package_extract symlink set_perm set_perm_recursive

This set is enough to extract and install the system part of a (full)
OTA package.

Adds the updater binary that extracts an edify script from the OTA
package and then executes it.  Minor changes to the edify core (adds a
sleep() builtin for debugging, adds "." to the set of characters that
can appear in an unquoted string).
2009-06-11 16:25:29 -07:00
Doug Zongker
ddd6a2865d split out device-specific recovery UI code into vendor directories
Take some device-specific details of the recovery UI (eg, what keys to
press to bring up the interface and perform actions, exact text of the
menu, etc.) and split them out into separate C functions.  Arrange to
take implementations of those functions from the appropriate vendor
directory at build time.  Provide a default implementation in case no
vendor-specific one is available.
2009-06-11 14:50:33 -07:00
Doug Zongker
796901d3b0 AI 144132: am: CL 144130 Don't build OTA package keys into the recovery binary; read
them from an external file in the recovery image.  Use the
  test-keys for all builds.
  Original author: dougz
  Merged from: //branches/donutburger/...

Automated import of CL 144132
2009-04-02 10:12:24 -07:00
Doug Zongker
d1b19b9c98 AI 144130: Don't build OTA package keys into the recovery binary; read
them from an external file in the recovery image.  Use the
  test-keys for all builds.

Automated import of CL 144130
2009-04-01 15:48:46 -07:00
Doug Zongker
19faefad05 AI 143289: am: CL 143128 Use PNG instead of BMP for recovery image icons. This saves
about 60k from the recovery and system images.
  Original author: dougz
  Merged from: //branches/donutburger/...

Automated import of CL 143289
2009-03-27 17:06:24 -07:00
Doug Zongker
58bde316e2 AI 143128: Use PNG instead of BMP for recovery image icons. This saves
about 60k from the recovery and system images.

Automated import of CL 143128
2009-03-27 13:25:30 -07:00
The Android Open Source Project
c24a8e688a auto import from //depot/cupcake/@135843 2009-03-03 19:28:42 -08:00
The Android Open Source Project
ffb48f64fe auto import from //depot/cupcake/@135843 2009-03-03 18:28:14 -08:00
The Android Open Source Project
ff3d93821e Code drop from //branches/cupcake/...@124589 2008-12-17 18:03:49 -08:00
The Android Open Source Project
23580ca27a Initial Contribution 2008-10-21 07:00:00 -07:00