Commit graph

177 commits

Author SHA1 Message Date
Doug Zongker
23ceeea85e make a copy of sideloaded packages in /tmp before verifying
Copy a sideloaded package into /tmp, then verify and install the copy,
to prevent malicious users from overwriting the package between
verification and install.

Bug: 2826890 package can be replaced during verification
Bug: 2058160 Recovery should copy sideloaded (sd card) update ...
Change-Id: I3de148b0f1a671f1974782b6855527caeaefda23
2010-07-08 17:27:55 -07:00
Kenny Root
c78a9698dd am ecc76ba5: Set adbd to be disabled by default in recovery
Merge commit 'ecc76ba5516d62a886f9c290906e0ca50702c9ab' into gingerbread

* commit 'ecc76ba5516d62a886f9c290906e0ca50702c9ab':
  Set adbd to be disabled by default in recovery
2010-06-28 12:24:16 -07:00
Kenny Root
ecc76ba551 Set adbd to be disabled by default in recovery
Change-Id: I74fa6edc4b001247b20be52e8301d18407fede2c
2010-06-28 09:01:22 -07:00
Nick Kralevich
21b97ed569 Add __attribute__((format(printf, a, b))) to printf like functions.
Fix potential string format bug.

Change-Id: Ie05aac53b2c45a48bd68e340b76ccb21edfd28b7
2010-06-24 16:11:17 -07:00
Colin Cross
dd6a0412b5 recovery: Add ueventd service
Change-Id: Iad448bc1608f88c5db2108475f35b88ea2877b07
2010-05-14 13:44:13 -07:00
Bruce Beare
be42930f0b am 97ca48e7: generic_x86 support
Merge commit '97ca48e7f4ac8d3842f74f92b8f40d0e74733f38' into kraken

* commit '97ca48e7f4ac8d3842f74f92b8f40d0e74733f38':
  generic_x86 support
2010-05-03 16:14:51 -07:00
Bruce Beare
97ca48e7f4 generic_x86 support
Add in Makefiles and support files for x86 builds
  Based on changes by: wonjong.lee <wonjong.lee@windriver.com>
  Additional changes by: Mark Gross <mark.gross@intel.com>
  Additional changes by: Bruce Beare <brucex.j.beare@intel.com>

Change-Id: I71fcf58f116e4e9047e7d03fdb28e3308553ce5c
2010-05-03 15:58:50 -07:00
Oscar Montemayor
52219a68a8 DO NOT MERGE
Encrypted File Systems integration. Recovery changes.

Change-Id: I932f73a6f937aac061128e1134eab08c30f0471d
2010-04-01 17:14:57 -07:00
Oscar Montemayor
51282faa8c am 2654f5aa: (-s ours) DO NOT MERGE Removing unused recovey options. Please refer to Bug#2502219 for more info.
Merge commit '2654f5aae18c67ad9aff6dbcdf9bc67b62e37d2d' into kraken

* commit '2654f5aae18c67ad9aff6dbcdf9bc67b62e37d2d':
  DO NOT MERGE
2010-03-29 16:19:49 -07:00
Oscar Montemayor
2654f5aae1 DO NOT MERGE
Removing unused recovey options.
Please refer to Bug#2502219 for more info.

Change-Id: I2fe3cdb0c8b93ed7e1cc4093824fbe181f5f0aea
2010-03-26 16:03:44 -07:00
Jean-Baptiste Queru
dcc38b3c15 Add an empty CleanSpec.mk
Change-Id: Icd177bd26120e0c8929faa8d1007f6c5bd446cb8
2010-03-08 18:04:03 -08:00
Doug Zongker
5b695f393e make StringValue wrapper okay to call on NULL
The docs say "don't do this", but it's trivial to make safe.  Make
StringValue(NULL) return NULL instead of crashing.

Change-Id: I2221bcb4c98d8adb4e25c764d7bdcfa787822bcf
2010-02-24 15:05:07 -08:00
Doug Zongker
c4351c7910 refactor applypatch and friends
Change the applypatch function to take meaningful arguments instead of
argc and argv.  Move all the parsing of arguments into main.c (for the
standalone binary) and into install.c (for the updater function).
applypatch() takes patches as Value objects, so we can pass in blobs
extracted from the package without ever writing them to temp files.

The patching code is changed to read the patch from memory instead of
a file.

A bunch of compiler warnings (mostly about signed vs unsigned types)
are fixed.

Support for the IMGDIFF1 format is dropped.  (We've been generating
IMGDIFF2 packages for some time now.)

Change-Id: I217563c500012750f27110db821928a06211323f
2010-02-22 15:30:33 -08:00
Doug Zongker
583fc12c3d add missing includes to fix mac build (maybe)
Change-Id: Id2712940c4929f3a8b3ba5d4e9e03bb8034747ee
2010-02-19 16:07:57 -08:00
Doug Zongker
512536a54a relocate applypatch; add type system and new functions to edify
- Move applypatch to this package (from build).

- Add a rudimentary type system to edify:  instead of just returning a
  char*, functions now return a Value*, which is a struct that can
  carry different types of value (currently just STRING and BLOB).
  Convert all functions to this new scheme.

- Change the one-argument form of package_extract_file to return a
  Value of the new BLOB type.

- Add read_file() to load a local file and return a blob, and
  sha1_check() to test a blob (or string) against a set of possible
  sha1s.  read_file() uses the file-loading code from applypatch so it
  can read MTD partitions as well.

This is the start of better integration between applypatch and the
rest of edify.

b/2361316 - VZW Issue PP628: Continuous reset to Droid logo:
            framework-res.apk update failed (CR LIBtt59130)

Change-Id: Ibd038074749a4d515de1f115c498c6c589ee91e5
2010-02-18 14:22:12 -08:00
Kenny Root
21854ccdb2 Filename check and free allocated strings
Make sure file is valid before we try to read it. Also free all the
strings we allocate in various functions so we don't leak memory.

Change-Id: Ica3c8dae992e73718c79c12ff5d7e315c290caea
2010-02-17 18:33:44 -08:00
The Android Open Source Project
2e068dc330 am da846fcf: am 4c382b13: reconcile main tree with open-source eclair
Merge commit 'da846fcf1b6a7bbd2f9f30c965b25f084568ef75'

* commit 'da846fcf1b6a7bbd2f9f30c965b25f084568ef75':
  android-2.1_r1 snapshot
2010-02-05 14:09:04 -08:00
The Android Open Source Project
da846fcf1b am 4c382b13: reconcile main tree with open-source eclair
Merge commit '4c382b13657be5d949e7dfc9ef46a66f2eb496e0' into eclair-plus-aosp

* commit '4c382b13657be5d949e7dfc9ef46a66f2eb496e0':
  android-2.1_r1 snapshot
2010-02-05 08:22:49 -08:00
The Android Open Source Project
4c382b1365 reconcile main tree with open-source eclair 2010-02-05 08:09:31 -08:00
Doug Zongker
e08991e02a bump updater API version to 3; deprecate firmware update command
Remove support for the HTC-specific "firmware" update command and the
corresponding edify function write_firmware_update().  This
functionality is now done by an edify extension library that lives in
vendor/htc.

Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
2010-02-03 09:20:07 -08:00
Doug Zongker
93dbe07ff6 Merge "change log recovery to generic device_recovery_start function" 2010-02-02 08:54:10 -08:00
Doug Zongker
efa1bab94c change log recovery to generic device_recovery_start function
Remove (or at least stop calling) the HTC-specific mechanism for
preserving the recovery log from before a radio or hboot update.
Replace it with a generic device_recovery_start() function which each
device's code can implement to do whatever it wants on recovery
startup.

Change-Id: If3cca4b498c0b1cf0565236404ecf56a1fc46123
2010-02-01 15:59:12 -08:00
Doug Zongker
6aece33b3f add a one-argument version of package_extract_file
Add a version of package_extract_file that returns the file data as
its return value (to be consumed by some other edify function that
expects to receive a bunch of binary data as an argument).  Lets us
avoid having two copies of a big file in memory (extracting it into
/tmp, which is a ramdisk, and then having something load it into
memory) when doing things like radio updates.

Change-Id: Ie26ece5fbae457eb0ddcd8a13d74d78a769fbc70
2010-02-01 14:40:12 -08:00
The Android Open Source Project
b551724ceb reconcile android-2.1_r1 snapshot 2010-01-29 14:07:31 -08:00
Doug Zongker
aa062531aa fix parsing of dumpkeys output
%i can't be used to read unsigned ints (though it happens to work with
bionic).  Change to %x and %u as appropriate.

Change-Id: I8ea9ca16a939501757cf70fc5953abee26c8231c
http://b/2402231 - Parser for /res/keys interprets n0inv as a signed int
2010-01-28 16:51:00 -08:00
Doug Zongker
687bc12ccf save the recovery log from before HTC firmware updates
When doing a firmware (radio or hboot) update on HTC devices, save the
recovery log in block 1 of the cache partition, before the firmware
image and the UI bitmaps.  When we boot back into recovery after the
firmware update to reformat the cache partition, copy that log out of
cache before reformatting it and dump it into the current invocation's
log.

The practical upshot of all this is that we can see the log output
from radio and hboot updates.

Change-Id: Ie0e89566754c88f4bed6a90d8a0aa04047b01a27
2010-01-21 12:50:04 -08:00
Doug Zongker
883b4c8be5 am 4e9332cb: am 22d79a5c: make offsets in firmware update header not point to bad blocks
Merge commit '4e9332cb0bb84df4c08bbb469e59a54eab2a9df0'

* commit '4e9332cb0bb84df4c08bbb469e59a54eab2a9df0':
  make offsets in firmware update header not point to bad blocks
2010-01-13 12:17:11 -08:00
Doug Zongker
4e9332cb0b am 22d79a5c: make offsets in firmware update header not point to bad blocks
Merge commit '22d79a5c5eab9c1e86ff2af210bb072689e2d630' into eclair-plus-aosp

* commit '22d79a5c5eab9c1e86ff2af210bb072689e2d630':
  make offsets in firmware update header not point to bad blocks
2010-01-13 11:24:42 -08:00
Doug Zongker
22d79a5c5e make offsets in firmware update header not point to bad blocks
(This is being cherry-picked from master.)

hboot will apparently fail to install if the first block of the image
(the one pointed to by the offset in the block 0 header) is a bad
block.  (Hopefully it handles subsequent bad blocks.)

This change makes the MTD write code keep track of the bad blocks it
has skipped over, so that the offset in the header can be adjusted to
be the address of the first successfully written block.

http://b/2358012 - passion: failure to flash hboot (bad blocks?)
2010-01-13 10:07:28 -08:00
Doug Zongker
4c5f9f3416 make offsets in firmware update header not point to bad blocks
hboot will apparently fail to install if the first block of the image
(the one pointed to by the offset in the block 0 header) is a bad
block.  (Hopefully it handles subsequent bad blocks.)

This change makes the MTD write code keep track of the bad blocks it
has skipped over, so that the offset in the header can be adjusted to
be the address of the first successfully written block.

Change-Id: I45d58e32a36d0c1dbc0a7f871bd5985b6c8ff524
http://b/2358012 - passion: failure to flash hboot (bad blocks?)
2010-01-13 09:21:25 -08:00
The Android Open Source Project
b765729081 android-2.1_r1 snapshot 2010-01-12 15:18:06 -08:00
Jean-Baptiste Queru
be47155f75 am 158657bc: merge from open-source master
Merge commit '158657bc5ce438d3cf1f601255896b854fd49103'

* commit '158657bc5ce438d3cf1f601255896b854fd49103':
  Security: Fix typo in recovery EOCD detection.
2009-12-21 15:47:17 -08:00
Jean-Baptiste Queru
158657bc5c merge from open-source master 2009-12-21 15:31:49 -08:00
Doug Zongker
9b514530a6 am d36308c2: am 17a47098: use MEMGETBADBLOCK to look for bad blocks when reading MTD partitions
Merge commit 'd36308c26d3f2947f4ff49f2ecc22cbb659fdf37'

* commit 'd36308c26d3f2947f4ff49f2ecc22cbb659fdf37':
  use MEMGETBADBLOCK to look for bad blocks when reading MTD partitions
2009-12-15 15:04:32 -08:00
Doug Zongker
d36308c26d am 17a47098: use MEMGETBADBLOCK to look for bad blocks when reading MTD partitions
Merge commit '17a47098d2a4214397f8b30e2692c9487d7ab5ff' into eclair-plus-aosp

* commit '17a47098d2a4214397f8b30e2692c9487d7ab5ff':
  use MEMGETBADBLOCK to look for bad blocks when reading MTD partitions
2009-12-15 07:42:36 -08:00
Android Git Automerger
8fae8279fa Merge commit 'goog/eclair-plus-aosp' 2009-12-15 00:44:04 -08:00
Doug Zongker
17a47098d2 use MEMGETBADBLOCK to look for bad blocks when reading MTD partitions 2009-12-14 18:27:03 -08:00
Doug Zongker
25215285c4 am 9b430e11: am 73ae31ce: add a simple unit test for the OTA package verifier
Merge commit '9b430e11d6c4fb907d0aa96667142e2c00585e09'

* commit '9b430e11d6c4fb907d0aa96667142e2c00585e09':
  add a simple unit test for the OTA package verifier
2009-12-10 15:52:09 -08:00
Doug Zongker
9b430e11d6 am 73ae31ce: add a simple unit test for the OTA package verifier
Merge commit '73ae31ce0ac09c0e45924d817644261c87ab1a60' into eclair-mr2-plus-aosp

* commit '73ae31ce0ac09c0e45924d817644261c87ab1a60':
  add a simple unit test for the OTA package verifier
2009-12-10 15:35:23 -08:00
Android (Google) Code Review
bd6181ad58 Merge change I117fdea9
* changes:
  Recovery changes for Encrypted File Systems. This change enables/disables the Encrypted file systems feature. It reads some properties form the data partition, wipes the partition out, and then rewrites the proper properties again into the data partition to signal that encrypted FS are enabled.
2009-12-10 14:51:10 -08:00
Oscar Montemayor
0523156775 Recovery changes for Encrypted File Systems.
This change enables/disables the Encrypted file systems feature. It reads some properties form the data partition, wipes the partition out, and then rewrites the proper properties again into the data partition to signal that encrypted FS are enabled.
2009-12-10 14:49:04 -08:00
Doug Zongker
002c9dfb80 am 2278a04a: am 9acf28a3: am c652e41d: fix cut-and-paste error in verifier
Merge commit '2278a04a0921007d726e9e1ec4b668860f961f88'

* commit '2278a04a0921007d726e9e1ec4b668860f961f88':
  fix cut-and-paste error in verifier
2009-12-10 14:37:57 -08:00
Doug Zongker
73ae31ce0a add a simple unit test for the OTA package verifier 2009-12-09 17:01:45 -08:00
Doug Zongker
2278a04a09 am 9acf28a3: am c652e41d: fix cut-and-paste error in verifier
Merge commit '9acf28a390aab3e0f394c701bc3cda6cbc9393b3' into eclair-mr2-plus-aosp

* commit '9acf28a390aab3e0f394c701bc3cda6cbc9393b3':
  fix cut-and-paste error in verifier
2009-12-09 15:54:14 -08:00
Steve Kondik
3b0f484776 Security: Fix typo in recovery EOCD detection.
This issue results in the ability to modify the contents of a signed
OTA recovery image.
2009-12-09 01:31:06 -05:00
Doug Zongker
9acf28a390 am c652e41d: fix cut-and-paste error in verifier
Merge commit 'c652e41d9173e299a8e1805ae1b2bba75a34ae12' into eclair-mr2

* commit 'c652e41d9173e299a8e1805ae1b2bba75a34ae12':
  fix cut-and-paste error in verifier
2009-12-08 15:54:50 -08:00
Doug Zongker
6149073651 am c652e41d: fix cut-and-paste error in verifier
Merge commit 'c652e41d9173e299a8e1805ae1b2bba75a34ae12' into eclair-plus-aosp

* commit 'c652e41d9173e299a8e1805ae1b2bba75a34ae12':
  fix cut-and-paste error in verifier
2009-12-08 15:54:32 -08:00
Doug Zongker
c652e41d91 fix cut-and-paste error in verifier
Oops.
2009-12-08 15:30:09 -08:00
Jean-Baptiste Queru
b8f506fb37 am 6e5be9b2: merge from open-source master
Merge commit '6e5be9b24c232be4cfc22b7cbabb0fdf6d869f7c'

* commit '6e5be9b24c232be4cfc22b7cbabb0fdf6d869f7c':
  eclair snapshot
2009-11-15 15:00:59 -08:00
Jean-Baptiste Queru
6e5be9b24c merge from open-source master 2009-11-15 14:55:00 -08:00