Copy a sideloaded package into /tmp, then verify and install the copy,
to prevent malicious users from overwriting the package between
verification and install.
Bug: 2826890 package can be replaced during verification
Bug: 2058160 Recovery should copy sideloaded (sd card) update ...
Change-Id: I3de148b0f1a671f1974782b6855527caeaefda23
Merge commit 'ecc76ba5516d62a886f9c290906e0ca50702c9ab' into gingerbread
* commit 'ecc76ba5516d62a886f9c290906e0ca50702c9ab':
Set adbd to be disabled by default in recovery
Add in Makefiles and support files for x86 builds
Based on changes by: wonjong.lee <wonjong.lee@windriver.com>
Additional changes by: Mark Gross <mark.gross@intel.com>
Additional changes by: Bruce Beare <brucex.j.beare@intel.com>
Change-Id: I71fcf58f116e4e9047e7d03fdb28e3308553ce5c
The docs say "don't do this", but it's trivial to make safe. Make
StringValue(NULL) return NULL instead of crashing.
Change-Id: I2221bcb4c98d8adb4e25c764d7bdcfa787822bcf
Change the applypatch function to take meaningful arguments instead of
argc and argv. Move all the parsing of arguments into main.c (for the
standalone binary) and into install.c (for the updater function).
applypatch() takes patches as Value objects, so we can pass in blobs
extracted from the package without ever writing them to temp files.
The patching code is changed to read the patch from memory instead of
a file.
A bunch of compiler warnings (mostly about signed vs unsigned types)
are fixed.
Support for the IMGDIFF1 format is dropped. (We've been generating
IMGDIFF2 packages for some time now.)
Change-Id: I217563c500012750f27110db821928a06211323f
- Move applypatch to this package (from build).
- Add a rudimentary type system to edify: instead of just returning a
char*, functions now return a Value*, which is a struct that can
carry different types of value (currently just STRING and BLOB).
Convert all functions to this new scheme.
- Change the one-argument form of package_extract_file to return a
Value of the new BLOB type.
- Add read_file() to load a local file and return a blob, and
sha1_check() to test a blob (or string) against a set of possible
sha1s. read_file() uses the file-loading code from applypatch so it
can read MTD partitions as well.
This is the start of better integration between applypatch and the
rest of edify.
b/2361316 - VZW Issue PP628: Continuous reset to Droid logo:
framework-res.apk update failed (CR LIBtt59130)
Change-Id: Ibd038074749a4d515de1f115c498c6c589ee91e5
Make sure file is valid before we try to read it. Also free all the
strings we allocate in various functions so we don't leak memory.
Change-Id: Ica3c8dae992e73718c79c12ff5d7e315c290caea
Remove support for the HTC-specific "firmware" update command and the
corresponding edify function write_firmware_update(). This
functionality is now done by an edify extension library that lives in
vendor/htc.
Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
Remove (or at least stop calling) the HTC-specific mechanism for
preserving the recovery log from before a radio or hboot update.
Replace it with a generic device_recovery_start() function which each
device's code can implement to do whatever it wants on recovery
startup.
Change-Id: If3cca4b498c0b1cf0565236404ecf56a1fc46123
Add a version of package_extract_file that returns the file data as
its return value (to be consumed by some other edify function that
expects to receive a bunch of binary data as an argument). Lets us
avoid having two copies of a big file in memory (extracting it into
/tmp, which is a ramdisk, and then having something load it into
memory) when doing things like radio updates.
Change-Id: Ie26ece5fbae457eb0ddcd8a13d74d78a769fbc70
%i can't be used to read unsigned ints (though it happens to work with
bionic). Change to %x and %u as appropriate.
Change-Id: I8ea9ca16a939501757cf70fc5953abee26c8231c
http://b/2402231 - Parser for /res/keys interprets n0inv as a signed int
When doing a firmware (radio or hboot) update on HTC devices, save the
recovery log in block 1 of the cache partition, before the firmware
image and the UI bitmaps. When we boot back into recovery after the
firmware update to reformat the cache partition, copy that log out of
cache before reformatting it and dump it into the current invocation's
log.
The practical upshot of all this is that we can see the log output
from radio and hboot updates.
Change-Id: Ie0e89566754c88f4bed6a90d8a0aa04047b01a27
Merge commit '4e9332cb0bb84df4c08bbb469e59a54eab2a9df0'
* commit '4e9332cb0bb84df4c08bbb469e59a54eab2a9df0':
make offsets in firmware update header not point to bad blocks
Merge commit '22d79a5c5eab9c1e86ff2af210bb072689e2d630' into eclair-plus-aosp
* commit '22d79a5c5eab9c1e86ff2af210bb072689e2d630':
make offsets in firmware update header not point to bad blocks
(This is being cherry-picked from master.)
hboot will apparently fail to install if the first block of the image
(the one pointed to by the offset in the block 0 header) is a bad
block. (Hopefully it handles subsequent bad blocks.)
This change makes the MTD write code keep track of the bad blocks it
has skipped over, so that the offset in the header can be adjusted to
be the address of the first successfully written block.
http://b/2358012 - passion: failure to flash hboot (bad blocks?)
hboot will apparently fail to install if the first block of the image
(the one pointed to by the offset in the block 0 header) is a bad
block. (Hopefully it handles subsequent bad blocks.)
This change makes the MTD write code keep track of the bad blocks it
has skipped over, so that the offset in the header can be adjusted to
be the address of the first successfully written block.
Change-Id: I45d58e32a36d0c1dbc0a7f871bd5985b6c8ff524
http://b/2358012 - passion: failure to flash hboot (bad blocks?)
Merge commit 'd36308c26d3f2947f4ff49f2ecc22cbb659fdf37'
* commit 'd36308c26d3f2947f4ff49f2ecc22cbb659fdf37':
use MEMGETBADBLOCK to look for bad blocks when reading MTD partitions
Merge commit '17a47098d2a4214397f8b30e2692c9487d7ab5ff' into eclair-plus-aosp
* commit '17a47098d2a4214397f8b30e2692c9487d7ab5ff':
use MEMGETBADBLOCK to look for bad blocks when reading MTD partitions
Merge commit '9b430e11d6c4fb907d0aa96667142e2c00585e09'
* commit '9b430e11d6c4fb907d0aa96667142e2c00585e09':
add a simple unit test for the OTA package verifier
Merge commit '73ae31ce0ac09c0e45924d817644261c87ab1a60' into eclair-mr2-plus-aosp
* commit '73ae31ce0ac09c0e45924d817644261c87ab1a60':
add a simple unit test for the OTA package verifier
* changes:
Recovery changes for Encrypted File Systems. This change enables/disables the Encrypted file systems feature. It reads some properties form the data partition, wipes the partition out, and then rewrites the proper properties again into the data partition to signal that encrypted FS are enabled.
This change enables/disables the Encrypted file systems feature. It reads some properties form the data partition, wipes the partition out, and then rewrites the proper properties again into the data partition to signal that encrypted FS are enabled.