For applying update from SD card, we used to use a thread to serve the
file with fuse. Since accessing through fuse involves going from kernel
to userspace to kernel, it may run into deadlock (e.g. for mmap_sem)
when a page fault occurs. Switch to using a process instead.
Bug: 23783099
Bug: 26313124
Change-Id: Iac0f55b1bdb078cadb520cfe1133e70fbb26eadd
The `std::string package` variable goes out of scope but the input_path
variable is then used to access the memory as it's set to `c_str()`.
This was detected via OpenBSD malloc's junk filling feature.
Change-Id: Ic4b939347881b6ebebf71884e7e2272ce99510e2
Add and register a function to check if the device has been remounted
since last update during incremental OTA. This function reads block 0
and executes before partition recovery for version >= 4.
Bug: 21124327
Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
(cherry picked from commit 30bf476559)
dragon kernel is compressed via lz4 for boot speed and bootloader
support reasons and recent prebuilts happen to include the gzip header
sequence which is causing imgdiff to fail.
Detect a spurious gzip header and treat the section as a normal section.
Bug: 26133184
Change-Id: I369d7d576fd7d2c579c0780fc5c669a5b6ea0d3d
(cherry picked from commit 0f2f6a746af517afca9e5e089a4a17be0a9766d6)
Signed-off-by: David Riley <davidriley@google.com>
We allow vendor-specific icon installing image but have defined private
animation_fps that can't be overridden. This CL changes the image
generator to optionally embed FPS (otherwise use the default value of
20) into the generated image.
For wear devices, they are using individual images instead of the
interlaced one. Change the animation_fps from private to protected so
that it can be customized.
Bug: 26009230
Change-Id: I9fbf64ec717029d4c54f72316f6cb079e8dbfb5e
We are already using O_SYNC and fsync() for the recursive case
(package_extract_dir()). Make it consistent for the single-file case.
Bug: 20625549
Change-Id: I487736fe5a0647dd4a2428845e76bf642e0f0dff
Output messages in log when recovery is attempted or succeeded during
incremental OTA update.
Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda
(cherry picked from commit b686ba2114)
[1] added a new API isSlotMarkedSuccessful() to actually query if a
given slot has been marked as successful.
[1]: commit 72c88c915d957bf2eba73950e7f0407b220d1ef4
Change-Id: I9155c9b9233882a295a9a6e607a844d9125e4c56
We have the following warnings when compiling uncrypt on LP64 (e.g.
aosp_angler-userdebug).
bootable/recovery/uncrypt/uncrypt.cpp:77:53: warning: format specifies type 'long long' but the argument has type 'off64_t' (aka 'long') [-Wformat]
ALOGE("error seeking to offset %lld: %s\n", offset, strerror(errno));
~~~~ ^~~~~~
%ld
bootable/recovery/uncrypt/uncrypt.cpp:84:54: warning: format specifies type 'long long' but the argument has type 'unsigned long' [-Wformat]
ALOGE("error writing offset %lld: %s\n", (offset + written), strerror(errno));
~~~~ ^~~~~~~~~~~~~~~~~~
%lu
bootable/recovery/uncrypt/uncrypt.cpp:246:16: warning: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'off_t' (aka 'long') [-Wsign-compare]
while (pos < sb.st_size) {
~~~ ^ ~~~~~~~~~~
According to POSIX spec [1], we have:
off_t and blksize_t shall be signed integer types;
size_t shall be an unsigned integer type;
blksize_t and size_t are no greater than the width of type long.
And on Android, we always have a 64-bit st_size from stat(2)
(//bionic/libc/include/sys/stat.h).
Fix the type and add necessary casts to suppress the warnings.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_types.h.html
Change-Id: I5d64d5b7919c541441176c364752de047f9ecb20
logd already gets started before we call update_verifier.
Bug: 26039641
Change-Id: If00669a77bf9a6e5534e33f4e50b42eabba2667a
(cherry picked from commit 45eac58ef1)
update_verifier checks the integrity of the updated system and vendor
partitions on the first boot post an A/B OTA update. It marks the
current slot as having booted successfully if it passes the verification.
This CL doesn't perform any actual verification work which will be
addressed in follow-up CLs.
Bug: 26039641
Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42
(cherry picked from commit 1171d3a12b)
The CL in [1] has stopped building and packaging the obsolete
applypatch_static tool.
[1]: commit a04fca31bf1fadcdf982090c942ccbe4d9b95c71
Bug: 24621915
Change-Id: I5e98951ad7ea5c2a7b351af732fd6722763f59bd
It turns out the standard explicitly states that if the pointer is
null, the deleter function won't be called. So it doesn't matter that
fclose(3) doesn't accept null.
Change-Id: I10e6e0d62209ec03ac60e673edd46f32ba279a04
This patch removes costly O_SYNC flag for encrypted block device.
After writing whole decrypted blocks, fsync should guarantee their consistency
from further power failures.
This patch reduces the elapsed time significantly consumed by upgrading packages
on an encrypted partition, so that it could avoid another time-out failures too.
Change-Id: I1fb9022c83ecc00bad09d107fc87a6a09babb0ec
Signed-off-by: Jaegeuk Kim <jaegeuk@motorola.com>
To accommodate new changes in N release, such as error correction [1]
and other potential changes to the updater.
[1]: commit 0a7b47397d
Change-Id: I4dd44417d07dd0a31729894628635a0aa1659008
Add block_image_recover function to rewrite corrupted blocks on the
partition. This can be attempted if block_image_verify fails.
Note that we cannot use libfec during block_image_update as it may
overwrite blocks required for error correction. A separate recovery
pass in case the image is corrupted is the only viable option.
Bug: 21893453
Change-Id: I6ff25648fff68d5f50b41a601c95c509d1cc5bce
