non-AB is deprecated, remove unittets first. This CL also puts non-AB
libraries in a separate soong namepsace, which allows two copies of
non-AB code to co-exist temporarily during migration.
Test: th
Bug: 324360816
Merged-In: I3d82d9031446be355d8a1d077ab83283c7cc769c
Change-Id: Idd9386f4c8d32508734b1bfe9b9f76668aa710bc
When the updater compresses the file after the apply patch, unexpected results are generated, resulting in the failure of incremental OTA upgrade
Test: make imgdiff updater
Change-Id: I0d7652dca46c5b027f22670b254332fb8a5d5c98
Signed-off-by: luoqiangwei1 <luoqiangwei1@xiaomi.com>
mount_flags_list is a c-style NULL terminated array, but when
iterating over it via
for (const auto& [name, value] : mount_flags_list)
the last { 0, 0 } is considered a valid entry.
Then `name` is NULL but checked with (flag == name),
which causes SIGSEGV.
Also move the definition to within setMountFlag()
and make it an std::pair array
Change-Id: Ia6670113620c6e8f95151fda764c3ab40bc2d67e
On 32bit devices, an ZipEntry64 may have size > 2^32, we should check
for such cases before attempting to allocate memory.
Test: mm -j
Change-Id: I0f916ef4b2a692f167719a74bd6ff2e887c6c2ce
There's already library support for zip64 in libziparchive. We just need
to start using the new APIs.
Bug: 167951876
Test: Sideload a large ota package in recovery
Change-Id: I652741965f28de079d873c6822317ee9fa855201
This function appends androidboot.slot_suffix to the
value of the argument.
Test: apply update
Bug: 153581609
Change-Id: I28a4047b5f2051acc039084f65a71deb492d9dcb
(cherry picked from commit dff8004275)
Merged-In: I28a4047b5f2051acc039084f65a71deb492d9dcb
If device supports both A/B and non-A/B, when applying a
non-A/B package, add current slot suffix and apply the update
to the partition at current slot.
This includes:
- (un)map_partition in edify script. For example,
map_partition("system") will automatically append slot suffix
to "system" before calling CreateLogicalPartition.
- All operations in dynamic_partitions_op_list. For example,
add foo group_foo
will automatically append slot suffix to foo and group_foo
before editing the super partition metadata.
Test: apply update
Bug: 153581609
Change-Id: Idbd0bfea142529a33dddb4d2debfc74513290730
(cherry picked from commit bc7e1db211)
Merged-In: Idbd0bfea142529a33dddb4d2debfc74513290730
If enabling the oem partition, it will be mounted by updater before
reading product properties from it. To be safety, we want to enable AVB
to this oem partition. But this means the oem partition can never be
mounted to writable. Otherwise, that partition will be corrupted to AVB
verifying.
This change follows fs_mgr to allow to pass more mounting options to the
updater.
BUG: 150156957
Test: make ota package which mounts AVB oem partition to read only and
run OTA.
Change-Id: I2ebbe3c8ac53c70112f3fed2703fcba9170405a6
After a reboot function call, we should always wait for it to finish
without executing other instructions.
Bug: 151110322
Test: build
Change-Id: I1dda291a0835ff96df7eaf42eba1a38267a3beeb
The following warnngs generate when compile with WITH_TIDY=1
.../bootable/recovery/applypatch/imgdiff.cpp:968:7: warning: 'src_ranges' used after it was moved [bugprone-use-after-move]
src_ranges.Clear();
^
.../bootable/recovery/applypatch/imgdiff.cpp:966:27: note: move occurred here
split_src_ranges->push_back(std::move(src_ranges));
The logic itself seems correct since the class is meant to be cleared
after move. I feel the std::move in 966 is actually useful to call the
move constructor in RangeSet. So I just modify L968 to suppress the
warning.
Less important ones:
bootable/recovery/applypatch/applypatch_modes.cpp:79:34: warning: passing result of std::move() as a const reference argument; no move will actually happen [performance-move-const-arg]
bootable/recovery/applypatch/imgdiff.cpp:1038:30: warning: passing result of std::move() as a const reference argument; no move will actually happen [performance-move-const-arg]
bootable/recovery/applypatch/imgdiff.cpp:1054:48: warning: passing result of std::move() as a const reference argument; no move will actually happen [performance-move-const-arg]
bootable/recovery/updater/include/private/commands.h:310:16: warning: std::move of the variable 'patch' of the trivially-copyable type 'PatchInfo' has no effect; remove std::move() [performance-move-const-arg]
bootable/recovery/updater/install.cpp:663:43: warning: passing result of std::move() as a const reference argument; no move will actually happen [performance-move-const-arg]
Bug: 150955971
Test: build
Change-Id: Ieb75f0229c47d470d4f5ac93fab39c5698d3f914
We need to run the these tests when starting updater to verify the
statically linked libcrypto. The test function is based on the known
answer tests, and it doesn't compute the hash of the libcrypto library.
Bug: 141003171
Test: unit tests pass, run a updater on cuttlefish
Change-Id: I897918a54bca76ea0c928102e7287df27505e1cc
All the active users of mounts.h now live in updater/.
Test: mmma bootable/recovery
Test: Run recovery_unit_test on taimen.
Test: Code search shows no reference to otautil/mounts.h in device dirs.
Change-Id: I6c35d2e403e92a0111102d00aa4773f4f524650e
Replace libcrypto with libcrypto_static, which can be protected through
visibility to ensure only modules that don't affect FIPS certification
can use it.
Bug: 141248879
Test: m checkbuild
Change-Id: I0affaa292237bdbc772d3adc36086905ed6fbe9d
And set it to false when installing recovery image via applypatch. We
only need to back up the source partition when doing in-place update
(e.g. when updating a given partition under recovery). When installing
recovery image via applypatch, we won't touch the source partition (i.e.
/boot).
Removing the backup step also allows dropping the dac_override_allowed
permission. Previously it was needed due to the access to /cache.
Because applypatch runs as root:root, while /cache is owned by
system:cache with 0770.
Bug: 68319577
Test: Invoke the code that installs recovery image; check that recovery
is installed successfully without denials.
Test: recovery_unit_test passes on taimen.
Change-Id: I549a770b511762189d6672a2835b6e403d695919
Tested by running recovery_unit_test as described in
https://android.googlesource.com/platform/bootable/recovery/+/refs/heads/master/README.md
Attempted to build and boot a recovery image with the
same change to confirm it still works, but
m recoveryimage-nodeps
fails for me.
Bug: 140940227
Test: See above
Change-Id: I00545968a0e5684823e505f2ddbe7e993319b5d4
updater is built in Make and statically links libcrypto,
so it needs to set LOCAL_INJECT_BSSL_HASH to make the FIPS self
test pass.
Bug: 137267623
Test: m checkbuild
Change-Id: Ib253c870090ac8026f5cbb005d6b0e935c73edd1
Add the command line option to select the work directory and save the
updated image files. Because some people might have interested in
getting updated images from an ota file.
Also, fix a minor issue that the destination of package_extract_file
needs to be updated if it's a block device. Otherwise, an unintended
file may be extracted in the callers' directory.
Test: run simulation, run unit tests
Change-Id: Ic6a7db0580bc1748d6e080102e4654da4e41fd8c
Add a command line parser. Also add the support to parse the oem
property file and skip certain functions.
Bug: 131911365
Test: run simulator for wear builds
Change-Id: Ide306b53d3f42b29c02279969aeb18bec4045d6f
The device specific libs prevent us from building an universal simulator to add
to the otatools. Drop the support since there is currently no active users of the
simulator extension; plus we will unlikely to implement the device specific simulator
runtime.
As a alternation, we will add the commandline arguments to skip certain unsupported
functions, and move the simulator build to the bp file.
Bug: 131911365
Test: mma
Change-Id: I3ff0f45dbebe3ed72d5f4670a869b40e6cfd5a7c
As system_ext partition will be linked to system/system_ext, update
the path to system/system_ext.
Bug: 134359158
Test: build
Change-Id: I5a49adfe7e045e24bf6dfbf6990a965b8a5e1ce1
Corresponds to GetMappedPackageAddress.
There is at least one custom device recovery with an extension to copy
the package somewhere else as a backup. Ability to do this was removed
in change ag/955273.
Test: lunch cf_x86_tv-eng; make
Test: atest recovery_unit_test recovery_component_test
Change-Id: I0e61d8a8839c47721874526504ea03b9ca7bafa9
Make sure the simulator succeeds executing common non-A/B update
functions.
Bug: 131911365
Test: run unit tests
Change-Id: I520ce6a8827539b88a9e36f9e67eec30d8b586d4
This method no longer contains a timeout parameter; it has been
removed in favor of changes to libdm.
Bug: 135771280
Test: builds
Change-Id: Id8c0f17c2787412bc4588af5a1bc49cc8e6edd51
The simulator skips executing the operations for dynamic partitions, and
will use the logical images under target_files/IMAGES directly. (Similar
to the targets without DAP enabled)
Bug: 131911365
Test: run update on cuttlefish, run simulator
Change-Id: Id318d97ece4560df9f20dc5cabeb8b2e261bdf9c
The TargetFile class parses a target-file and provides functions to read
its contents. And the BuildInfo tries to simulate the device with files
on host. Some work it does includes parsing the build properties,
and extracting the image files for partitions specified in the fstab.
Bug: 131911365
Test: unit tests pass, run simulator with cuttlefish, wear devices and from extracted TF.
Change-Id: Iefe4a96d619d2e4b3d038e31480f11a0f9a70afa
Disable building the simulator and its support libraries to resolve the breakage
on mac host targets. Because the simulator is not intended to use on mac anyway.
Bug: 134047992
Test: mma
Change-Id: I488ab50cab1282f03250010b5334f1895d44f98b
Implement the simulator runtime and build the updater simulator as a host
executable. The code to parse the target-files and mocks the block devices
will be submitted in the follow-up.
Bug: 131911365
Test: unit tests pass
Change-Id: Ib1ba939aec8333ca68a45139514d772ad7a27ad8
Remove some unnecessary includes or forward declarations. And include
the correct headers to build host executables.
Bug: 131911365
Test: unit tests pass
Change-Id: I62e75f60678159fe24619a4bd386b1416f1a5b5d
This class adds a wrapper to the runtime dependent functions. Therefore,
the behavior of update on device stays the same, while simulators can
have their own implementations. Also change the caller side of the
registered updater functions to call these runtime wrappers.
Bug: 131911365
Test: unit tests pass, sideload an update on cuttlefish
Change-Id: Ib3ab67132991d67fc132f27120e4152439d16ac5
The hashtree computation is designed to execute after we write all the
bytes to the target block device. And executing the command during block
image verify will almost always fail since we are still on the source
build.
Test: run simulator
Change-Id: If8ebb66739969520367a0815f5f8f89f6fae47cf
The UpdaterInfo class is merely a collection of pointers and POD types.
We can replace it with a Updater class that has the ownership of the
resources. This also makes this class extensible as we plan to add more
functionality in the host simulator.
Bug: 131911365
Test: unit tests pass, run an update on cuttlefish and check last_install
Change-Id: I07ca5963bbee8ae3cb85ccc184464910aa73d4e4
Test: Choose `Reboot system now`, `Power off`, `Reboot to bootloader`
from recovery UI respectively.
Test: `adb reboot recovery` while under sideload mode.
Change-Id: I0f3d55b80b472178ea4f6970b29cd9df0778b639
Switch to 64 bit integers since the size of the entire src/tgt images may
not fit in size_t of ILP32.
There are other theoretical overflow cases in memory allocation and I/O
functions. However, they reside within a single transfer command and are
less likely to happen. I will evaluate and address them in separate
cls.
Test: unit tests pass
Bug: 122461124
Change-Id: Ib719ee695920877458fcfaa25c6ac058a5bbabf2
Test: sideload full OTA on cuttlefish
Test: sideload incremental OTA on cuttlefish (that grows
system, shrinks vendor, and move vendor to group foo)
Test: verify that /cache/recovery/cc46ebfd04058569d0c6c1431c6af6c1328458e4
exists (sha1sum of "system")
Bug: 111801737
Change-Id: Ibdf6565bc1b60f3665c01739b4c95a85f0261ae5
When applying an OTA package onto the device in OTA mode,
if the recovery logs haven't been viewed, there is a chance
that /cache/recovery does not exist. Then, stash creation will
fail. Create stash directories recursively to avoid this error.
Test: without /cache/recovery, sideload the OTA on cuttlefish
Change-Id: I5cc01a067d866476a3594e795dcb5b15649e817b
