Commit graph

449 commits

Author SHA1 Message Date
Tao Bao
623fe7e701 Move error_code.h into otautil.
This way it stops requiring relative path ".." in LOCAL_C_INCLUDES
(uncrypt and edify). Soong doesn't accept non-local ".." in
"local_include_dirs".

Test: mmma bootable/recovery
Change-Id: Ia4649789cef2aaeb2785483660e9ea5a8b389c62
2017-10-04 08:55:24 -07:00
Tao Bao
d33b2f86b7 otafault: Move headers under otafault/.
Test: mmma bootable/recovery
Change-Id: I3ceb72f703c7c2857d656c137d71baa1fccd8238
2017-09-29 10:29:53 -07:00
Tianjie Xu
c89d1e7e2a Turn on -Wall for recovery modules
Turn on -Wall for all modules. Also remove the obsolete file_cmp() in
apply_patch test and now() in wear_ui.

The only exception is lib_edify due to the unused functions in the
intermediate cpp files generated from the lex files. It will be handled
in a seperate CL.

Bug: 64939312
Test: mma, unit tests pass
Change-Id: Ic53f76b60b6401ab20db3d98130d674c08e3702f
2017-08-28 21:56:33 -07:00
Tianjie Xu
b127fddf09 Merge "Move Image/ImageChunk/PatchChunk declaration into header files"
am: b4bc57ed39

Change-Id: If254ed9e24bc0cafa19db9766ed36643ca0fed49
2017-08-19 04:27:34 +00:00
Tianjie Xu
57dd961995 Move Image/ImageChunk/PatchChunk declaration into header files
1. Move the declaration of the Image classes to the header file to make
testing easier.
2. Also move rangeset.h to bootable/recovery to allow access in imgdiff.

Test: recovery component test
Change-Id: I68a863e60a3f2e7ae46ee48f48eb15391f5f4330
2017-08-18 17:56:22 -07:00
Tianjie Xu
fbd4b10310 Merge "Add implemention of SortedRangeSet"
am: 64cba55fbc

Change-Id: I2174e4f55c85fe57014b31625dbc2d06e41350be
2017-08-01 00:31:20 +00:00
Tianjie Xu
b9e7fc7fa9 Add implemention of SortedRangeSet
This is useful in imgdiff to maintain the block ranges of
splitted source image.

Bug: 34220646
Test: mma && unit tests pass
Change-Id: I6427f2ea50f0e3b0aa3dd01880ec0206679b7429
2017-07-31 15:13:55 -07:00
Tao Bao
ac634e3c9d Merge "updater: Remove dead make_parents()."
am: f5396eb8b2

Change-Id: Ief0557813324d49c5da64265dc49ab757ed3ae3f
2017-07-25 19:09:40 +00:00
Tao Bao
5902691764 updater: Remove dead make_parents().
Its former callers in RenameFn() and SymlinkFn() have been removed in
commit 63d786cf22.

Test: mmma -j bootable/recovery
Change-Id: I26ed126202554fc5840811ec7ae162da70593213
2017-07-25 08:42:52 -07:00
Tao Bao
248b4f9dca Merge "Remove the obsolete reference to /file_contexts."
am: 6b09b895be

Change-Id: I2b26ced9ffeb278ce01ff2ca7be4057b0ab6c61c
2017-07-23 04:03:34 +00:00
Tao Bao
338be53ed3 Remove the obsolete reference to /file_contexts.
This file no longer exists:
- /file_contexts has been split into plat_file_contexts and
  nonplat_file_contexts since commit
  b236eb6ca204cefcb926e19bd5682f9dcad4021d (system/sepolicy).
- It was named /file_contexts.bin prior to the split.

'-S file_contexts' is also no longer required by e2fsdroid, since commit
2fff6fb036cbbb6dedd7da3d208b312a9038a5ce (external/e2fsprogs). It will
load the file contexts via libselinux.

Test: Trigger the path by performing a data wipe for converting to FBE.
Change-Id: I179939da409e5c0415ae0ea0bf5ddb23f9e6331e
(cherry picked from commit 7af933b6a6)
2017-07-22 16:16:21 -07:00
Tianjie Xu
80acaab52f Merge "Fix a case when brotli writer fails to write last few blocks of data"
am: e45c8f0057

Change-Id: I337e8ec26f59a5245ab299080d7251331823e2da
2017-07-21 21:04:17 +00:00
Tianjie Xu
e45c8f0057 Merge "Fix a case when brotli writer fails to write last few blocks of data" 2017-07-21 20:59:24 +00:00
Jin Qian
9203641742 Merge "recovery: replace make_ext4 with e2fsprogs"
am: f7c00ddaf6

Change-Id: I17167b59242c709b18d09fccb52058b0bc25bf09
2017-07-21 19:06:06 +00:00
Tianjie Xu
6ed175d541 Fix a case when brotli writer fails to write last few blocks of data
receive_new_data may exit too early if the zip processor has sent all
the raw data. As a result, the last few 'new' commands will fail even
though the brotli decoder has more output in its buffer.

Restruct the code so that 'NewThreadInfo' owns the decoder state solely;
and receive_brotli_new_data is responsible for the decompression.

Also reduce the test data size to 100 blocks to avoid the test timeout.

Bug: 63802629
Test: recovery_component_test. on bullhead, apply full updates with and
w/o brotli compressed entries, apply an incremental update.

Change-Id: I9442f2536b74e48dbf7eeb062a8539c82c6dab47
2017-07-21 11:44:00 -07:00
Jin Qian
ded2dac082 recovery: replace make_ext4 with e2fsprogs
Execute mke2fs to create empty ext4 filesystem.
Execute e2fsdroid to add files to filesystem.

Test: enter recovery mode and wipe data
Bug: 35219933
Change-Id: I10a9f4c1f4754ad864b2df45b1f879180ab33876
(cherry picked from commit ac31808cd3)
2017-07-20 11:42:17 -07:00
Tianjie Xu
43bdf6cad6 Merge "Add support to decompress brotli compressed new data"
am: 918e6ea1b2

Change-Id: I4fd9cea71716ad1574ecb4bb7f612bc8734711c5
2017-07-10 22:33:37 +00:00
Tianjie Xu
107a34f9fc Add support to decompress brotli compressed new data
Add a new writer that can decode the brotli-compressed system/vendor
new data stored in the OTA zip.

Brotli generally gives better compression rate at the cost of slightly
increased time consumption. The patch.dat is already compressed
by BZ; so there's no point to further compress it.

For the given 1.9G bullhead system image:
Size: 875M -> 787M; ~10% reduction of package size.
Time: 147s -> 153s; ~4% increase of the block_image_update execution time.
(I guess I/O takes much longer time than decompression.)

Also it takes 4 minutes to compress the system image on my local
machine, 3 more minutes than zip.

Test: recovery tests pass && apply a full OTA with brotli compressed
system/vendor.new.dat on bullhead

Change-Id: I232335ebf662a9c55579ca073ad45265700a621e
2017-07-07 16:08:18 -07:00
Jeff Vander Stoep
eba11fa574 Fix "No file_contexts" warning
am: e35926e1af

Change-Id: Ia050561286c30d8198f3185da9e3cd31372b1d79
2017-06-16 02:57:57 +00:00
Jeff Vander Stoep
e35926e1af Fix "No file_contexts" warning
Fixed by Loading the file_contexts specified in libselinux, whereas
previously recovery loaded /file_contexts which no longer exists.

Bug: 62587423
Test: build and flash recovery on Angler. Warning is gone.
Test: Wipe data and cache.
Test: sideload OTA
Change-Id: I11581c878b860ac5f412e6e8e7acde811f37870f
(cherry picked from commit 2330dd8733)
2017-06-15 21:24:29 +00:00
Tianjie Xu
99e7216907 Merge "kill package_extract_dir" 2017-05-31 21:49:03 +00:00
Tianjie Xu
6957555e29 Retry the update if ApplyBSDiffPatch | ApplyImagePatch fails
We have seen one case when bspatch failed likely due to patch
corruption. Since the package has passed verification before, we want
to reboot and retry the patch command again since there's no
alternative for users.

We won't delete the stash before reboot, and the src has passed SHA1
check. If there's an error on the patch, it will fail the package
verification during retry.

Bug: 37855643
Test: angler reboots and retries the update when bspatch fails.
Change-Id: I2ebac9621bd1f0649bb301b9a28a0dd079ed4e1d
2017-05-23 17:36:56 -07:00
Tianjie Xu
53c38b1538 kill package_extract_dir
It's only used by file-based OTA which has been deprecated for O.

Test: mma
Change-Id: I439c93155ca94554d827142c99aa6c0845cc7561
2017-05-23 17:09:45 -07:00
Tao Bao
397a8137a0 updater: Update the mkfs.f2fs argument to match f2fs-tools 1.8.0.
Commit adeb41a8c0 has switched the
argument for recovery. This CL handles the case for updater.

Note that there's a chance the updater may run against the old
recovery (and f2fs 1.4.1 binary). Not sending a 0-sector argument to
f2fs 1.4.1 also works.

Bug: 37758867
Test: Make an OTA package that calls format f2fs, with mkfs.f2fs 1.8.0
      and 1.4.1 binaries respectively.
Change-Id: I4d4bbe8c57544d1c514b7aa37fbf22a0aab14e2c
2017-05-12 12:09:16 -07:00
Tianjie Xu
89394632b1 Merge "Add a default error code when updater script aborts" 2017-05-03 17:34:45 +00:00
Tianjie Xu
e0c88793d1 Add a default error code when updater script aborts
We didn't report error/cause codes unless there's an explict "Abort()"
call inside the updater script. As a result, some cause codes set by
ErrorAbort() didn't show up in last_install.

To fix the issue, add a default error code when the script terminates
abnormally (i.e. with non zero status).

Bug: 37912405
Test: error/cause code shows up in last_install when argument parsing fails
Change-Id: Ic6d3bd1855b853aeaa0760071e593a00cf6f0209
2017-05-03 05:52:03 +00:00
Tao Bao
b656a154ea Move sysMapFile and sysReleaseMap into MemMapping class.
Test: recovery_component_test
Test: recovery_unit_test
Test: Apply an OTA on angler.
Change-Id: I7170f03e4ce1fe06184ca1d7bcce0a695f33ac4d
2017-05-01 21:51:54 -07:00
Dmitri Plotnikov
ed9db0fd73 Adding support for quiescent reboot to recovery
Bug: 37401320
Test: build and push OTA and hit adb reboot recovery,quiescent. The screen should remain off throughout the upgrade process.

(cherry picked from commit 8706a98aa6)

Change-Id: I79789a151f6faafda8ecc6198c2182cc2a91da70
2017-04-27 16:31:11 -07:00
Dmitri Plotnikov
8706a98aa6 Adding support for quiescent reboot to recovery
Bug: 37401320
Test: build and push OTA and hit adb reboot recovery,quiescent. The screen should remain off throughout the upgrade process.
Change-Id: Ibed3795c09e26c4fa73684d40b94e40c78394d3f
2017-04-19 14:43:08 -07:00
Tianjie Xu
3a8d98dd90 Abort the update if there's not enough new data
Right now the update stuck in a deadlock if there's less new data than
expection. Add some checkers and abort the update if such case happens.
Also add a corresponding test.

Bug: 36787146
Test: update aborts correctly on bullhead && recovery_component_test passes
Change-Id: I914e4a2a4cf157b99ef2fc65bd21c6981e38ca47
2017-04-07 17:19:46 -07:00
Tao Bao
bf5b77dbf7 Change the internal representation in RangeSet.
This CL makes the following changes to RangeSet:
 - Uses std::pair<size_t, size_t> to represent a Range;
 - Uses std::vector<Range> to represent a RangeSet;
 - Provides const iterators (forward and reverse);
 - Provides const accessor;
 - 'blocks()' returns the number of blocks (formerly 'size');
 - 'size()' returns the number of Range's (formerly 'count').

Test: recovery_unit_test
Test: Apply an incremental update with the new updater.
Change-Id: Ia1fbb343370a152e1f7aa050cf914c2da09b1396
2017-04-03 09:22:48 -07:00
Tao Bao
c97edcb4f4 updater: Keep the parsed parameters in std::unique_ptr.
We don't need to take raw pointers out of the parsed arguments.
std::unique_ptr handles the dereferencing automatically.

Test: mmma bootable/recovery
Change-Id: I1beabf6e04dc350bdad7b36cee5fb345c82b28f2
2017-03-31 12:24:22 -07:00
Tao Bao
8f23757ad4 Move parse_range() and range_overlaps() into RangeSet.
Also move RangeSet into a header file to make it testable, and add unit
tests.

In RangeSet::Parse() (the former parse_range()), use libbase logging to
do assertions. This has the same effect as the previous
exit(EXIT_FAILURE) to terminate the updater process and abort an update.
The difference lies in the exit status code (i.e. WEXITSTATUS(status) in
install.cpp), which changes from 1 (i.e. EXIT_FAILURE) to 0.

Test: recovery_unit_test
Test: Apply an incremental update with the new updater.
Change-Id: Ie8393c78b0d8ae0fd5f0ca0646d871308d71fff0
2017-03-31 00:04:56 -07:00
Tao Bao
65c065b4bb Merge "updater: Move RangeSinkWrite into RangeSinkState." 2017-03-30 23:56:14 +00:00
Tao Bao
0bbc764bbe updater: Don't append newline when calling uiPrint().
LOG(INFO) already appends a newline. Don't print redundant newline.

Test: No extra blank lines when calling ui_print(). And on-screen UI
      shows the same.
Change-Id: I74e9a8504a7146a6cb3dae02fe2406d0dd54069b
2017-03-30 10:28:37 -07:00
Tao Bao
60a70afc0a updater: Move RangeSinkWrite into RangeSinkState.
Then rename RangeSinkState to RangeSinkWriter. RangeSinkWriter reads
data from the given FD, and writes them to the desination RangeSet.

Test: Apply an incremental with the new updater.
Change-Id: I5e3ab6fc082efa1726562c55b56e2d418fe4acaf
2017-03-29 11:31:41 -07:00
Tao Bao
c0e1c46a70 applypatch: Let Apply{BSDiff,Image}Patch accept std::function.
Test: mmma bootable/recovery system/update_engine
Test: recovery_component_test
Change-Id: I93c2caa87bf94a53509bb37f98f2c02bcadb6f5c
2017-03-28 10:14:53 -07:00
Tao Bao
f7eb760fe7 applypatch: Change the ssize_t length parameters to size_t.
Mostly for applypatch family APIs like ApplyBSDiffPatch() and
ApplyImagePatch(). Changing to size_t doesn't indicate they would
necessarily work with very large size_t (e.g. > ssize_t), just
similar to write(2). But otherwise accepting negative length doesn't
make much sense.

Also change the return type of SinkFn from ssize_t to size_t. Callers
tell a successful sink by comparing the number of written bytes against
the desired value. Negative return values like -1 are not needed. This
also makes it consistent with bsdiff::bspatch interface.

Test: recovery_component_test
Test: Apply an incremental with the new updater.
Change-Id: I7ff1615203a5c9854134f75d019e266f4ea6e714
2017-03-28 10:13:38 -07:00
Tao Bao
d2aecd465b updater: Clean up LoadSrcTgtVersion2().
Rename to LoadSourceBlocks() by moving the target blocks parsing part
into the caller. This allows detecting whether the target blocks have
already had the expected data before loading the source blocks. It
doesn't affect anything when applying an update package for the first
time, but it skips loading the unneeded source blocks when resuming an
update. It additionally avoids unnecessarily dumping the "corrupt"
source/stash blocks when resuming an update.

Bug: 33694730
Test: Apply an incremental update with the new updater.
Test: Resume an incremental update with the new updater.
Change-Id: I794fd0d1045be7b3b7f8619285dc0dade01398d0
2017-03-27 16:21:55 -07:00
Tao Bao
5212a00588 Merge "updater: Remove some redundant arguments." 2017-03-25 23:11:37 +00:00
Tao Bao
5479506c9c Merge "updater: Drop the support for BBOTA v1 and v2." 2017-03-24 23:06:56 +00:00
Tao Bao
110155a604 Merge "Removed C-style casts" 2017-03-24 20:28:00 +00:00
Tao Bao
bcf464988e updater: Remove some redundant arguments.
Clean up a few functions that take CommandParameters& as the first
parameter. We don't need to take duplicate arguments if they always come
from CommandParameters. This redundancy came from the point we replaced
strtok()s (commit baad2d454d).

Test: Apply an incremental update with the new updater.
Change-Id: I2912b8ce6bc7580bf7f566e125f12270e679e155
2017-03-24 00:34:36 -07:00
Tao Bao
3356777cae updater: Drop the support for BBOTA v1 and v2.
The script support for BBOTA v1 and v2 has been dropped in commit
8fad03e7712082eb880ffaaffb69eb13252ce220 (platform/build).

Bug: 33694730
Test: Apply an incremental with the new updater.
Test: recovery_component_test
Change-Id: I038b1bf8d10f030cab8ec0aa6ee565c5a9545dfd
2017-03-23 23:58:02 -07:00
Tao Bao
b56a3c2e3a Merge "Redundant checking of STL container element" 2017-03-23 21:13:47 +00:00
Mikhail Lappo
20791bdcd7 Removed C-style casts
In c++ code would be cleaner to use
c++ retinterpret cast instead of old
c-style notation

Change-Id: Ibeef5e0c374addf108c0a8876a6be45063d8e396
2017-03-23 21:52:04 +01:00
Tao Bao
577c668861 Merge "Fixed scanf modifier" 2017-03-23 19:55:25 +00:00
Mikhail Lappo
bb8bce932e Redundant checking of STL container element
As of C++ specification size_type erase( const key_type& key );
removes the element (if one exists). There is no need to perform
the check twice.

Change-Id: I4b057c08526abc7c2a483a60f9e166e4d8f56a74
2017-03-23 17:20:47 +01:00
Mikhail Lappo
17e6d3f3bc Fixed scanf modifier
Scanf expectation is to have same type
of pointer to store parsed value and
modifier in format string
2017-03-23 16:58:53 +01:00
Tao Bao
db56eb073e updater: Fix the broken case for apply_patch_check().
It's valid to provide only 1 argument to apply_patch_check(). We
shouldn't fail the argument parsing.

Bug: 36541737
Test: recovery_component_test passes.
Test: recovery_component_test captures the failure without the fix.
Test: The previously failed update applies successfully.
Change-Id: Iee4c54ed33b877fc4885945b085341ec5c64f663
2017-03-23 06:52:45 -07:00
Tianjie Xu
c444732540 Remove malloc in edify functions
And switch them to std::vector & std::unique_ptr

Bug: 32117870
Test: recovery tests passed on sailfish
Change-Id: I5a45951c4bdf895be311d6d760e52e7a1b0798c3
2017-03-22 14:20:57 -07:00
Tianjie Xu
d882b8892a Merge "Fix the permission of stashed blocks created by updater" 2017-03-22 18:32:57 +00:00
Tianjie Xu
a946b9e241 Fix the permission of stashed blocks created by updater
Our updater created the stashes with root permission. This causes an
access denial when the RecoverySystem service tries to clean up these
blocks after a failing update. As a result, the subsequent OTA updates
may fail due to insufficient cache space.

Bug: 36457133
Test: stashed blocks cleaned successfully after reboot
Change-Id: If0ca99638cdfa1033646f29d9cc92b5ff1bacac1
2017-03-21 17:40:01 -07:00
Dan Willemsen
edec27a5bd Fix updater include generation w/installclean
Since this was putting the intermediate file in obj/PACKAGING, every
installclean was removing it and triggering updater to rebuild. Instead,
use the standard generated-sources-dir. The dep file can also be removed
now that ninja will re-run the generator if the command line changes.

Test: m -j updater; m installclean; m -j updater
Test: Only change to aosp_fugu updater before/after is the debug info
Change-Id: I20928bd2049d4a3d4e21f83fd64d16cfdc541958
2017-03-21 16:46:24 -07:00
Tianjie Xu
2cd36ba522 Revert "Revert "Print SHA-1 in hex for corrupted blocks""
This reverts commit 90eff6a340.
Also fix the bug where stashed blocks are not freed.

Bug: 21124445
Test: Previous failed update succeeded on bullhead
Change-Id: I23d232331a2beb51b6dcc82c957c87bc247d0268
2017-03-16 23:33:01 -07:00
Tao Bao
ec8272f6e3 updater: Minor clean up to EnumerateStash().
Test: Apply an incremental BBOTA package with the new updater.
Test: Resume an interrupted BBOTA (so it cleans up the partial stash).
Change-Id: I620cc57ee6366845bcffbc19210f7a01e2196052
2017-03-16 00:00:46 -07:00
Tao Bao
90eff6a340 Revert "Print SHA-1 in hex for corrupted blocks"
This reverts commit bb0cd75a0e.

Broke the 'free' command that deletes a stash.

Bug: 36242722
Test: The previously failed incremental applies successfully.
Change-Id: I1237cb0a33adfbeea57e0465b629704862ba13aa
2017-03-15 09:57:06 -07:00
Tao Bao
342717d148 Merge "updater: Remove some obsoleted functions for file-based OTA." 2017-03-14 17:08:02 +00:00
Tianjie Xu
bb0cd75a0e Print SHA-1 in hex for corrupted blocks
It will be helpful for debug if we know which blocks are corrupted after
a verification failure. This CL prints the SHA-1 for each source block
in a transfer command if these blocks don't have an expected hash. And
along with the correct SHA-1, we will catch the corrupted blocks.

Bug: 21124445
Test: Printed the mismatched SHA-1 for bullhead during an update.
Change-Id: I683d4bdaf9a335035045b3f532b3a265b2fcbbfc
2017-03-13 11:32:56 -07:00
Tao Bao
63d786cf22 updater: Remove some obsoleted functions for file-based OTA.
This CL removes the updater support for delete(), symlink(), rename(),
set_metadata() and set_metadata_recursive(). Such functions have been
removed from the generation script in commit
f388104eaacd05cfa075d6478369e1d0df5ddbf3 (platform/build).

Note: This CL also removes delete_recursive() which seems to have never
been supported in generation script.

Bug: 35853185
Test: recovery_component_test passes.
Change-Id: I51e1ec946fa73761118fa1eaa082423df6d588e9
2017-03-13 10:02:08 -07:00
Sen Jiang
f9962dbfe2 Merge "Use bspatch from external/bsdiff." 2017-02-16 21:14:10 +00:00
Tao Bao
3da880156b Replace _exit(-1) with _exit(EXIT_FAILURE).
-1 is not a valid exit status.

Also replace a few exit(1) with exit(EXIT_FAILURE).

Test: mmma bootable/recovery
Change-Id: I4596c8328b770bf95acccc06a4401bd5cabd4bfd
2017-02-03 14:11:11 -08:00
Sen Jiang
25c56979dd Use bspatch from external/bsdiff.
Now ApplyBSDiffPatch() will stream the output to sink as we go instead
of sinking everything at the end.

Test: recovery_host_test
Bug: 26982501

Change-Id: I05b6ed40d45e4b1b19ae72784cf705b731b976e3
2017-02-02 14:41:05 -08:00
Alex Deymo
56ff8061b1 Merge "Remove '_static' suffix from libext2* references." 2017-01-25 23:48:43 +00:00
Alex Deymo
7c5dbd6751 Remove '_static' suffix from libext2* references.
Bug: 34220783
Test: make checkbuild
Change-Id: Iceea20e440a4bb6a3b254486a65a86401a2241ef
2017-01-23 15:18:29 -08:00
Tao Bao
f013642477 Print with newline for ui_print.
Currently the ui_print command between the recovery and updater doesn't
append newline. Updater has to send an extra "ui_print" command without
any argument to get the line break. This looks unnecessary. And not all
the callers (including the ones in bootable/recovery) are following this
protocol when sending the ui_print command.

This CL simplifies the protocol to always print with a newline for
ui_print command. When updating from an old recovery with the new
updater, all the ui_print'd strings would appear in one line as a side
effect. But a) it would only affect the text-mode UI, which won't be
shown to users; b) log files won't be affected.

Bug: 32305035
Test: Apply an update with the new updater on top of an old and new
      recovery image respectively.
Change-Id: I305a0ffc6f180daf60919cf99d24d1495d68749b
2017-01-21 20:43:45 -08:00
Alex Deymo
8031c2d2bb Merge changes from topic 'host_suffix_cleanup'
* changes:
  Remove "_static" suffix from libsparse
  Remove "_static" suffix from libext4_utils.
2017-01-12 21:23:10 +00:00
Alex Deymo
67f3aa8804 Remove "_static" suffix from libsparse
Bug: 34220783

Change-Id: I358f931f0b29f5bd526e1475180e477e2e90b936
2017-01-11 14:38:30 -08:00
Alex Deymo
31653660ad Remove "_static" suffix from libext4_utils.
Bug: 34220783
Change-Id: I34ccc3b11da0d1b48805967ad75b9ddade569930
2017-01-11 14:02:13 -08:00
Tianjie Xu
4728242070 Do not inject I/O fault on a retry
We could inject I/O faults during an OTA update for test purpose. But we
should skip the injection if the update is an retry. Otherwise the
update test will simply keeps failing.

Bug: 34159970
Test: Apply the same package on angler and the update succeeds on the 2nd try.
Change-Id: Id274e5475e3bc8d25d50a8cf61a77d2e32c569d6
2017-01-09 14:51:15 -08:00
Tao Bao
91f74c82cd Merge "updater: Clean up CreateStash()." 2017-01-05 21:14:43 +00:00
Tao Bao
c844c06faf updater: Refactor parse_range().
Returning the parsed RangeSet directly (as opposed to using some pointer
parameter) to make the code cleaner.

Test: Apply an incremental with the new updater.
Change-Id: I8c99e701f189eb6a3eacc0d647e5a3a85fbeb3eb
2017-01-03 17:51:30 -08:00
Tao Bao
5141221211 updater: Clean up CreateStash().
Change the stash size computation from int to size_t.

Test: Apply an incremental BBOTA with the new updater.
Change-Id: Ib45b71b826fec6aa0ffafc67c17735825634eae0
2016-12-28 16:22:16 -08:00
Tao Bao
0d3f84f237 updater: Update the header name for bootloader.h.
We should include "bootloader_message/bootloader_message.h" now.

Test: m updater
Change-Id: I65b22a8a0bcc5976ff1ba827bd30b46ee9d59c53
2016-12-28 15:09:20 -08:00
Tao Bao
5354f60f2b updater: Fix the operator order.
Shift operator ("<<") has a higher precedence level than ternary
operator ("?").

Test: BBOTA update log says "performing update" as opposed to
      "performing 0".

Change-Id: I0cf60cbfc11415e94f1f9f6effe75f14d13a1874
2016-12-14 11:34:49 -08:00
Tao Bao
039f2da3e4 updater: Switch to libbase logging.
Test: Build an updater into a package and apply it on device.
Change-Id: I289b5768e9b1e44ef78e0479c64dbaa36fb1a685
2016-11-30 23:44:41 -08:00
Tao Bao
358c2ec1dc Remove ota_close(int) and ota_fclose(FILE*).
We should always use unique_fd or unique_file to hold the FD or FILE*
pointer when opening via ota_(f)open functions.

This CL avoids accidentally closing raw FDs or FILE* pointers that are
managed by unique_fd/unique_file.

Test: recovery_component_test passes.
Change-Id: If58eb8b5c5da507563f85efd5d56276472a1c957
2016-11-28 12:09:39 -08:00
Tao Bao
bedf5fc11c updater: Refactor set_stage() and get_stage() functions.
Add read_bootloader_message_from() and write_bootloader_message_to() to
allow specifying the BCB device (/misc).

Also add testcases for set_stage() and get_stage().

Test: recovery_component_test passes.
Test: Build a recovery image and apply a two-step OTA package.
Change-Id: If5ab06a1aaaea168d2a9e5dd63c07c0a3190e4ae
2016-11-18 12:04:48 -08:00
Tao Bao
1036d36542 updater: Add testcase for package_extract_dir().
Test: recovery_component_test passes.
Change-Id: I3af4707bc42c7331ca961be8b967a53de82ea25b
2016-11-17 23:02:13 -08:00
Tao Bao
d0f3088aa9 updater: Add "write_value()" function.
write_value(value, filename) writes 'value' to 'filename'. It can be
used to tune device settings when applying an OTA package. For example,
write_value("960000", "/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq").

Bug: 32463933
Test: recovery_component_test passes.
Test: Apply an OTA package that contains a call to write_value(), and
      check the result.

Change-Id: Ib009ecb8a45a94353f10c59e2383fe1f49796e35
2016-11-16 15:51:53 -08:00
Tao Bao
ef0eb3b01b updater: Fix the wrong return value for package_extract_file().
'bool success = ExtractEntryToFile()' gives opposite result. Fix the
issue and add testcases.

Change the one-argument version of package_extract_file() to explicitly
abort for non-existent zip entry. Note that this is NOT changing the
behavior. Prior to this CL, it aborts from Evaluate() function, by
giving a general cause code. Now it returns kPackageExtractFileFailure.

BUg: 32903624
Test: recovery_component_test works.

Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f
2016-11-15 13:17:52 -08:00
Tao Bao
8992902aab updater: Add more testcase for symlink().
Clean up SymlinkFn() a bit. Also clean up the temp files created when
running the tests; otherwise non-empty TemporaryDir won't be removed.

Test: recovery_component_test passes.
Change-Id: Id3844abebd168c40125c4dcec54e6ef680a83c3a
2016-11-08 21:29:16 -08:00
Tianjie Xu
d75003d24c Make make_parent() to take const argument
Switch to use const std::string; and add corresponding tests.

Bug: 32649858
Test: Component tests pass
Change-Id: I640f3ec81f1481fa91aa310f8d4d96dac9649cb9
2016-11-08 10:11:03 -08:00
Tao Bao
a659d79b92 updater: Add a testcase for RenameFn().
Test: recovery_component_test passes.

Change-Id: Iba5a0fdf6c79e2bed6b30b8fc19a306c1ab29d8a
2016-11-03 23:35:42 -07:00
Tao Bao
0831d0b592 updater: Fix a bug in DeleteFn().
Also add a testcase for delete() function.

Test: recovery_component_test passes.
Change-Id: I064d1ad4693c3ed339d0a69eabadd08a61a2ea86
2016-11-03 23:28:36 -07:00
Tao Bao
51d516e913 updater: Fix an off-by-1 bug in file_getprop().
Also add a testcase for file_getprop().

Test: recovery_component_test passes.

Change-Id: I8eb2f9a5702b43997ac9f4b29665eea087b1c146
2016-11-03 14:58:54 -07:00
Tianjie Xu
5fe280ac96 Cleanup ReadArgs & ReadValueArgs usage
ReadArgs will switch to using std::string and std::unique_ptr. Also
cleanup the callers.

Test: mma & component test passed.
Change-Id: I4724406ae6c0c134a27bbd1cdd24ad5d343b2a3b
2016-11-01 15:03:06 -07:00
Tao Bao
fada91ccf2 applypatch: Switch the parameter of Value** to std::vector.
Test: Unit tests and install-recovery.sh pass on angler and dragon.

Change-Id: I328e6554edca667cf850f5584ebf1ac211e3d4d1
2016-10-28 16:46:12 -07:00
Tianjie Xu
8cf5c8f60f Replace minzip with libziparchive
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.

Test: Update package installed successfully on angler.
Bug: 19472796

Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
2016-10-17 17:41:51 -07:00
Tianjie Xu
aced5d9e4e Change StringValue to use std::string
Changing the field of 'Value' in edify to std::string from char*.
Meanwhile cleaning up the users of 'Value' and switching them to
cpp style.

Test: compontent tests passed.
Bug: 31713288

Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
2016-10-15 01:18:23 +00:00
Tao Bao
39119ad8ec edify: Some clean-ups to libedify.
- Remove dead declarations in expr.h: SetError(), GetError(),
  ClearError().
- Remove the declaration of Build() out of expr.h.
- Use std::unordered_map to implement RegisterFunction() and
  FindFunction(); kill FinishRegistration().
- Add a testcase for calling unknown functions.

Test: mmma bootable/recovery; recovery_component_test passes.
Change-Id: I9af6825ae677f92b22d716a4a5682f58522af03b
2016-10-12 23:29:59 -07:00
Tao Bao
361342cbd2 updater: Kill the duplicate PrintSha1() in install.cpp.
Also add a testcase for sha1_check().

Test: mmma bootable/recovery; recovery_component_test passes.

Change-Id: I4d06d551a771aec84e460148544f68b247a7e721
2016-10-10 20:36:17 -07:00
Tao Bao
0c7839ac14 Refactor libupdater into a seperate module.
So that we can write native tests for updater functions. This CL adds a
testcase for getprop() function.

Test: mmma bootable/recovery; Run recovery_component_test on device.

Change-Id: Iff4c1ff63c5c71aded2f9686fed6b71cc298c228
2016-10-10 16:49:50 -07:00
Tao Bao
de40ba59c8 Update the header path for ext4_utils.
Test: `mmma bootable/recovery`
Change-Id: I70ccddb3ddf46bb012fdc5f632afc46ebdd5473e
2016-10-09 14:02:10 -07:00
Tao Bao
59dcb9cbea edify: Move State.script and State.errmsg to std::string.
This way we kill a few strdup() and free() calls.

Test: 1. recovery_component_test still passes;
2. Applying an update with the new updater works;
3. The error code in a script with abort("E310: xyz") is recorded into
last_install correctly.

Change-Id: Ibda4da5937346e058a0d7cc81764d6f02920010a
2016-10-04 14:24:32 -07:00
Tianjie Xu
7aa88748f6 Turn on -Werror for recovery
Also remove the 0xff comparison when validating the bootloader
message fields. As the fields won't be erased to 0xff after we
remove the MTD support.

Bug: 28202046
Test: The recovery folder compiles for aosp_x86-eng
Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
2016-09-29 19:21:24 -07:00
Elliott Hughes
cb22040c63 Switch to <android-base/properties.h>.
Bug: http://b/23102347
Test: boot into recovery.
Change-Id: Ib2ca560f1312961c21fbaa294bb068de19cb883e
Merged-In: Ib2ca560f1312961c21fbaa294bb068de19cb883e
2016-09-26 09:51:37 -07:00
Tianjie Xu
61590bbf0d Merge "Switch recovery to libbase logging" 2016-09-01 23:04:37 +00:00
Tianjie Xu
7b0ad9c638 Switch recovery to libbase logging
Clean up the recovery image and switch to libbase logging.

Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
2016-09-01 18:33:25 +00:00
Tianjie Xu
71e182bc38 Check an edge case when read(2) returns 0
We might end up in an infinite loop if read(2) reached EOF unexpectedly.
The problematic code in uncrypt mentioned in the bug has been fixed
by switching to libbase ReadFully(). So I grepped through the recovery
code and fixed some other occurences of the issue.

Bug: 31073201
Change-Id: Ib867029158ba23363b8f85d61c25058a635c5a6b
2016-08-31 19:11:41 -07:00
Josh Gao
dc97404346 Merge "Fix references to libcrypto_utils_static."
am: b97da5e0f0

Change-Id: Ia935df84e5ea36dfc6605b41872c36db69a114a0
2016-08-08 18:33:51 +00:00
Josh Gao
073164f24b Fix references to libcrypto_utils_static.
Bug: http://b/30708454
Change-Id: I7a5048beff1d8b783a9683dcb4a79606a77f20ee
2016-08-05 18:08:03 -07:00
Elliott Hughes
691db7ba77 Merge \"Fix install.h\'s use of attribute printf.\"
am: a82ee456bb

Change-Id: Ibcfabbb0e044d503f889f1afea271cf73ad93f45
2016-06-30 18:18:40 +00:00
Elliott Hughes
83ce755518 Fix install.h's use of attribute printf.
And move off the bionic __nonnull macro, which I'm removing.

Change-Id: I40b4424f4fd7bd8076e0eee3ec35de36c3ded8de
2016-06-30 09:28:42 -07:00
Tianjie Xu
93110c767f Check the results from applypatch
am: 31f8cc84cf

Change-Id: I2ea241fb3e688f5f8b0558d638dd3ed502223f97
2016-06-16 18:08:59 +00:00
Tianjie Xu
31f8cc84cf Check the results from applypatch
Check the results from applypatch in PerformCommandDiff; and abort the
update on failure.

Bug:29339536
Change-Id: I5087d79ba532b54250f4c17560524255c8a4fabc
2016-06-15 23:26:59 +00:00
Elliott Hughes
274d17dc0f resolve merge conflicts of 179c0d8 to stage-aosp-master
Change-Id: Iba5aec266444cabf83f600f2bdb45a3c027e5995
2016-06-15 15:22:17 -07:00
Elliott Hughes
179c0d80bc Merge "Remove obsolete MTD support." 2016-06-15 21:55:15 +00:00
Tao Bao
1e67422f37 Merge \\"updater: Fix the broken ReadFileFn.\\" am: 4ddd5edf31
am: 89dfe730d4

Change-Id: Ia465c92d341da4681d3490151a20e1e117271e52
2016-06-11 18:53:14 +00:00
Tao Bao
efacd80364 updater: Fix the broken ReadFileFn.
Was accidentally broken by the CL in [1].

[1]: commit d6c93afcc2

Change-Id: I851e13ccea6f5be6fcd47f712cc95867245f9934
2016-06-11 03:59:56 -07:00
Elliott Hughes
63a319201f Remove obsolete MTD support.
Bug: http://b/29250988
Change-Id: Ia97ba9082a165c37f74d6e1c3f71a367adc59945
2016-06-10 13:45:35 -07:00
Tianjie Xu
64f46fb16c resolve merge conflicts of 7ce287d to nyc-dev-plus-aosp
Change-Id: I2194d1170281f58eb508f2ef63b39c8729125f76
2016-06-03 15:44:52 -07:00
Tianjie Xu
7ce287d432 Call ioctl before each write on retry
If the update is a retry, ioctl(BLKDISCARD) the destination blocks before
writing to these blocks.

Bug: 28990135
Change-Id: I1e703808e68ebb1292cd66afd76be8fd6946ee59
2016-06-03 12:12:50 -07:00
Tianjie Xu
3f6eb86390 resolve merge conflicts of 50f6417
Fix a typo for ota_fclose().

Change-Id: Ia93e911aa5391afc604874fc3a09c5a45c094c80
2016-05-23 14:58:53 -07:00
Tianjie Xu
84478e8823 resolve merge conflicts of 50f6417 to nyc-dev-plus-aosp
Change-Id: I42c127f7946e678acf6596f6352f090abc0ca019
2016-05-23 12:24:28 -07:00
Tianjie Xu
162558382b Allow recovery to return error codes
Write error code, cause code, and retry count into last_install. So we
can have more information about the reason of a failed OTA.

Example of new last_install:
@/cache/recovery/block.map     package name
0                              install result
retry: 1                       retry count (new)
error: 30                      error code (new)
cause: 12                      error cause (new)

Details in:
go/android-ota-errorcode

Bug: 28471955
Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
2016-05-20 13:56:53 -07:00
Tianjie Xu
142b864ba1 Add time and I/O info to last_install
am: dd874b1c87

* commit 'dd874b1c87eb04f28db0db2629df0adde568a74c':
  Add time and I/O info to last_install

Change-Id: I02aa858d5ce488d3acbf5400811e2565cf7d9c75
2016-05-18 18:44:31 +00:00
Tianjie Xu
dd874b1c87 Add time and I/O info to last_install
One example of last_install is:

/sideload/package.zip
1
time_total: 101
bytes_written_system: 14574000
bytes_stashed_system: 100
bytes_written_vendor: 5107400
bytes_stashed_vendor: 0

Bug: 28658632
Change-Id: I4bf79ea71a609068d38fbce6b41bcb892524aa7a
2016-05-16 14:54:37 -07:00
Alistair Strachan
733285fea2 updater, minzip: Remove unnecessary O_SYNC flags.
Remove O_SYNC from mzExtractRecursive() and PackageExtractFileFn().
These functions deal with extracting whole files from the update
package onto a filesystem. If run on ext4 on a rotating disk, for
example, the O_SYNC flag will cause serious performance problems
and the extraction proecss can take over 30 minutes, with no
obvious benefits.

This API function already calls fsync(fd) after each file is
extracted to ensure data and metadata is written to the underlying
block device, so the O_SYNC calls should be superfluous and safely
removable.

This change does not affect the OTA patch paths or any modification
of the bootloader partition or writes to other 'emmc' partitions.

Signed-off-by: Alistair Strachan <alistair.strachan@imgtec.com>
Change-Id: I9cbb98a98e6278bf5c0d7efaae340773d1fbfcd2
2016-05-05 16:04:58 -07:00
Chih-hung Hsieh
fafa6a6531 Merge "Fix google-explicit-constructor warnings." 2016-04-29 22:26:41 +00:00
Chih-Hung Hsieh
49c5c79df1 Fix google-explicit-constructor warnings.
Bug: 28341362
Change-Id: I5b35ae16c069e7e9229e66963386f322bd808af1
2016-04-29 14:16:35 -07:00
Tao Bao
730646199b updater: Don't zero out CommandParameters with memset(3).
[1] switched a few things to android::base::unique_fd including
CommandParameters.fd. However, we were using memset(3) to zero out the
struct, which effectively assigned unique_fd(0) to fd. When it called
fd.reset(), file descriptor 0 was unintentionally closed. When FD 0 was
later reassigned via open(2), it led to lseek(2) errors: "Bad file
descriptor".

This CL switches to using braced-init (i.e. '= {}') instead, so that the
default constructor unique_fd(-1) would be called.

[1]: commit bcabd09293

Bug: 28391985
Change-Id: If1f99932b15552714c399e65c8b80550344b758a
2016-04-26 17:36:13 -07:00
Chih-Hung Hsieh
54a2747ef3 Fix google-runtime-int warnings.
Bug: 28220065
Change-Id: Ida199c66692a1638be6990d583d2ed42583fb592
2016-04-18 12:29:30 -07:00
Mattias Nissler
452df6d99c Convert recovery to use BoringSSL instead of mincrypt.
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.

Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
2016-04-06 15:54:17 +02:00
Elliott Hughes
4bbd5bf8a6 Move selinux dependencies out of header files.
Bug: http://b/27764900
Change-Id: Ib62a59edcb13054f40f514c404d32b87b14ed5f1
2016-04-01 18:24:39 -07:00
Elliott Hughes
bcabd09293 Switch to <android-base/unique_fd.h>.
Change-Id: I13ba3f40bd52b5f3e3fe9002a45a9a8630040129
2016-03-29 08:18:34 -07:00
Tianjie Xu
7eca97e75d Skip stashing source blocks in verify mode
Currently block_image_verify() stashes source blocks to /cache and
in some case triggers I/O errors. To avoid this risk, We create
a map from the hash value to the source blocks' range_set. When
executing stash command in verify mode, source range is saved but block
contents aren't stashed. And load_stash could get its value from
either the stashed file from the previous update, or the contents on
the source partition specified by the saved range.

Bug: 27584487
Bug: 25633753
Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
(cherry picked from commit 0188935d55)
2016-03-25 14:56:21 -07:00
Tianjie Xu
0188935d55 Skip stashing source blocks in verify mode
Currently block_image_verify() stashes source blocks to /cache and
in some case triggers I/O errors. To avoid this risk, We create
a map from the hash value to the source blocks' range_set. When
executing stash command in verify mode, source range is saved but block
contents aren't stashed. And load_stash could get its value from
either the stashed file from the previous update, or the contents on
the source partition specified by the saved range.

Bug: 27584487
Bug: 25633753
Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
2016-03-23 15:19:18 -07:00
Jed Estep
f73abf36bc DO NOT MERGE Control fault injection with config files instead of build flags
Bug: 26570379
Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
2016-03-16 12:36:57 -07:00
Yabin Cui
1c522df25f applypatch: use vector to store data in FileContents.
Cherry pick this patch because it fixes the problem that
a newed Value is released by free().

Bug: 26906416
Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43
(cherry picked from commit d6c93afcc2)
2016-03-11 11:11:11 -08:00
Tianjie Xu
fa12b9737d Reboot and retry on I/O errors
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.

Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
(cherry picked from commit 3c62b67faf)
2016-03-10 11:50:28 -08:00
Tianjie Xu
94dc34148c Merge "Reboot and retry on I/O errors" 2016-03-07 23:47:14 +00:00
Tao Bao
d80a99883d Fix the improper use of LOCAL_WHOLE_STATIC_LIBRARIES.
If two libraries both use LOCAL_WHOLE_STATIC_LIBRARIES and include a same
library, there would be linking errors when generating a shared library
(or executable) that depends on the two libraries both.

Also clean up Android.mk files.

Remove the "LOCAL_MODULE_TAGS := eng" line for the updater module. The
module will then default to "optional" which won't be built until needed.

Change-Id: I3ec227109b8aa744b7568e7f82f575aae3fe0e6f
2016-03-03 14:52:44 -08:00
Tianjie Xu
3c62b67faf Reboot and retry on I/O errors
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.

Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
2016-03-02 17:31:05 -08:00
Jed Estep
39c1b5e872 Control fault injection with config files instead of build flags
Bug: 26570379
Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
(cherry picked from commit d940887dde)
2016-02-22 17:31:12 -08:00
Yabin Cui
d6c93afcc2 applypatch: use vector to store data in FileContents.
Bug: 26906416
Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43
2016-02-11 18:10:31 -08:00
Jed Estep
a7b9a4660c IO fault injection for OTA packages
Bug: 25951086
Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
(cherry-picked from commit f1fc48c6e6)
2016-02-10 10:49:38 -08:00
Yabin Cui
6ab3c817ff Merge "updater: fix memory leak based on static analysis." am: e50d447692
am: 66b02c4ce5

* commit '66b02c4ce5b175451e723c463e6e9d19ab7872fa':
  updater: fix memory leak based on static analysis.
2016-02-05 17:25:49 +00:00
Yabin Cui
64be2135d8 updater: fix memory leak based on static analysis.
Bug: 26907377
Change-Id: I384c0131322b2d12f0ef489735e70e86819846a4
2016-02-04 14:49:06 -08:00
Tao Bao
50aa63f9bd resolve merge conflicts of 7b6027dde4 to master.
Change-Id: I1d5232f61744bb18ca5de3a16a340bc3afd110bb
2016-02-04 11:26:29 -08:00
Sen Jiang
c48cb5e597 Switch from mincrypt to BoringSSL in applypatch and updater.
Bug: 18790686
Change-Id: I7d2136fb39b2266f5ae5be24819c617b08a6c21e
2016-02-04 16:27:43 +08:00
Jed Estep
b1cc5d8434 Merge "IO fault injection for OTA packages" 2016-01-08 23:28:32 +00:00
Tianjie Xu
57bed6d8c9 updater: Add a function to check first block
Add and register a function to check if the device has been remounted
since last update during incremental OTA. This function reads block 0
and executes before partition recovery for version >= 4.

Bug: 21124327
Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
(cherry picked from commit 30bf476559)
2016-01-07 11:19:48 -08:00
Jed Estep
f1fc48c6e6 IO fault injection for OTA packages
Bug: 25951086
Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
2016-01-06 12:23:42 -08:00
Tianjie Xu
30bf476559 updater: Add a function to check first block
Add and register a function to check if the device has been remounted
since last update during incremental OTA. This function reads block 0
and executes before partition recovery for version >= 4.

Bug: 21124327
Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
2015-12-18 13:35:35 -08:00
Tao Bao
d3cac34430 updater: Use O_SYNC and fsync() for package_extract_file().
We are already using O_SYNC and fsync() for the recursive case
(package_extract_dir()). Make it consistent for the single-file case.

Bug: 20625549
Change-Id: I487736fe5a0647dd4a2428845e76bf642e0f0dff
2015-12-14 17:13:34 -08:00
Tianjie Xu
3b010bc393 updater: Output msg when recovery is called
Output messages in log when recovery is attempted or succeeded during
incremental OTA update.

Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda
(cherry picked from commit b686ba2114)
2015-12-10 16:20:48 -08:00
Tao Bao
baad2d454d updater: Replace strtok() with android::base::Split().
Change-Id: I36346fa199a3261da1ae1bc310b3557fe1716d96
2015-12-06 16:56:27 -08:00
Elliott Hughes
4b166f0e69 Track rename from base/ to android-base/.
Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
2015-12-04 15:30:20 -08:00
Tao Bao
1fdec8685a updater: Bump up the BBOTA version to 4.
To accommodate new changes in N release, such as error correction [1]
and other potential changes to the updater.

[1]: commit 0a7b47397d

Change-Id: I4dd44417d07dd0a31729894628635a0aa1659008
2015-10-22 17:04:28 -07:00
Sami Tolvanen
0a7b47397d Error correction: Use libfec in blockimg.cpp for recovery
Add block_image_recover function to rewrite corrupted blocks on the
partition. This can be attempted if block_image_verify fails.

Note that we cannot use libfec during block_image_update as it may
overwrite blocks required for error correction. A separate recovery
pass in case the image is corrupted is the only viable option.

Bug: 21893453
Change-Id: I6ff25648fff68d5f50b41a601c95c509d1cc5bce
2015-10-19 10:04:38 +01:00
Tao Bao
6a47dffde5 updater: Skip empty lines in the transfer list file.
We have the last line being empty as a result of
android::base::Split("a\nb\n"), which leads to "missing command"
warnings in the update. Just skip all the empty lines.

Bug: 24373789
Change-Id: I5827e4600bd5cf0418d95477e4592fec47bbd3a9
2015-09-25 17:12:28 -07:00
Tao Bao
b15fd224ed updater: Use android::base::ParseInt() to parse integers.
Change-Id: Ic769eafc8d9535b1d517d3dcbd398c3fd65cddd9
2015-09-24 12:14:37 -07:00
Tao Bao
5701d5829d Suppress some compiler warnings due to signedness.
Change-Id: I63f28b3b4ba4185c23b972fc8f93517295b1672a
2015-09-24 11:06:58 -07:00
Tao Bao
a42a322d8f Merge "updater: Manage buffers with std::vector." 2015-09-16 19:12:14 +00:00
Tao Bao
1107d96746 updater: Fix the line breaks in ui_print commands.
When processing ui_print commands in the updater, it misses a line break
when printing to the recovery log.

Also clean up uiPrintf() and UIPrintFn() with std::string's.

Change-Id: Ie5dbbfbc40b024929887d3c3ccd3a334249a8c9d
2015-09-10 10:17:56 -07:00
Tao Bao
612336ddc1 updater: Manage buffers with std::vector.
Change-Id: Ide489e18dd8daf161b612f65b28921b61cdd8d8d
2015-09-09 17:44:23 -07:00
Tao Bao
34847b2c70 updater: Replace the pointers in LoadSrcTgtVersion[1-3]() parameter.
And inline the call to LoadSrcTgtVersion1() into SaveStash().

Change-Id: Ibf4ef2bfa2cc62df59c4e8de99fd7d8039e71ecf
2015-09-08 11:08:00 -07:00
Tao Bao
0940fe17b0 updater: Clean up C codes.
Replace C-string with std::string, pointers with references, and
variable-size arrays in struct with std::vector.

Change-Id: I57f361a0e58286cbcd113e9be225981da56721b2
2015-09-01 12:57:35 -07:00
Tao Bao
9739a2920c updater: Remove the unused isunresumable in SaveStash().
Change-Id: I6a8d9bea4c1cd8ea7b534682061b90e893b227a2
2015-08-25 18:05:38 -07:00
Shrinivas Sahukar
a6153df887 GOOGLEGMS-749 Fix integer overflow while applying block based OTA package
There is an integer overflow when the size of system goes beyond the
signed int limits. Hence changing pos to size_t.

Change-Id: I6e5e1b2f0e72030b30a6df09a01642f4c82abc79
2015-08-21 15:59:28 -07:00
Tao Bao
e6aa3326c1 updater: Clean up char* with std::string.
So we can remove a few free()s. And also replace a few pointers with
references.

Change-Id: I4b6332216704f4f9ea4a044b8d4bb7aa42a7ef26
2015-08-06 13:05:00 -07:00
Tao Bao
dc3922622a udpater: Call fsync() after rename().
We need to ensure the renamed filename reaches the underlying storage.

Bug: 22840552
Change-Id: Ide2e753a2038691d472b6ee173cbf68ac998a084
2015-08-03 21:35:05 -07:00
Tao Bao
187efff6f3 updater: Hoist fsync() to outer loop.
Currently the fsync() inside write_all() may be called multiple times
when performing a command. Move that to the outer loop and call it
only after completing the command.

Also remove the O_SYNC flag when writing a stash.

Change-Id: I71e51d76051a2f7f504eef1aa585d2cb7a000d80
2015-07-27 14:17:09 -07:00
Tao Bao
ba8a6789f7 updater: libapplypatch needs libbase now.
Change-Id: I18da9e6da64fccab495dc5a96e3efd95cc6d88bf
(cherry picked from commit 1b1ea17d55)
2015-07-24 11:09:36 -07:00
Tao Bao
ba9a42aa7e recovery: Switch applypatch/ and updater/ to cpp.
Mostly trivial changes to make cpp compiler happy.

Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270
2015-07-13 17:21:31 -07:00
Tao Bao
9c67aa2d2b Revert "Zero blocks before BLKDISCARD"
This reverts commit b65f0272c8.

It slows down the update too much on some devices (e.g. increased
from 8 mins to 40 mins to take a full OTA update).

Bug: 22129621
Change-Id: I016e3b47313e3113f01bb4f8eb3c14856bdc35e5
(cherry picked from commit 7125f9594d)
2015-07-11 08:35:55 -07:00
Tao Bao
c0f56ad766 More accurate checking for overlapped ranges.
A RangeSet has half-closed half-open bounds. For example, "3,5" contains
blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped.

Bug: 22098085
Change-Id: I75e54a6506f2a20255d782ee710e889fad2eaf29
2015-06-25 17:07:45 -07:00
Sami Tolvanen
a3c75e3ea6 Zero blocks before BLKDISCARD
Due to observed BLKDISCARD flakiness, overwrite blocks that we want
to discard with zeros first to avoid later issues with dm-verity if
BLKDISCARD is not successful.

Bug: 20614277
Bug: 20881595
Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f
2015-06-10 17:09:48 +01:00
Sami Tolvanen
e82fa18d3d Revert "Zero blocks before BLKDISCARD"
This reverts commit 96392b97f6.

Change-Id: I77acc27158bad3cd8948390a3955197646a43a31
2015-06-10 15:58:12 +00:00
Sami Tolvanen
96392b97f6 Zero blocks before BLKDISCARD
Due to observed BLKDISCARD flakiness, overwrite blocks that we want
to discard with zeros first to avoid later issues with dm-verity if
BLKDISCARD is not successful.

Bug: 20614277
Bug: 20881595
Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3
2015-06-09 21:57:06 +01:00
Tao Bao
80e46e08de recovery: Switch to clang
And a few trival fixes to suppress warnings.

Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
2015-06-03 11:30:03 -07:00
Tao Bao
1eb9003b77 Fix build: fprintf without modifier
Change-Id: I66ae21a25a25fa3c70837bc54a7d406182d4cf37
2015-06-03 09:55:38 -07:00
Tao Bao
a69e608a52 Merge "Log update outputs in order" 2015-06-03 16:15:50 +00:00
Tao Bao
b6918c7c43 Log update outputs in order
Although stdout and stderr are both redirected to log file with no
buffering, we are seeing some outputs are mixed in random order.
This is because ui_print commands from the updater are passed to the
recovery binary via a pipe, which may interleave with other outputs
that go to stderr directly.

In recovery, adding ui::PrintOnScreenOnly() function to handle
ui_print command, which skips printing to stdout. Meanwhile, updater
prints the contents to stderr in addition to piping them to recovery.

Change-Id: Idda93ea940d2e23a0276bb8ead4aa70a3cb97700
2015-06-02 22:15:40 -07:00
Elliott Hughes
1441a9654f Merge "Really don't use TEMP_FAILURE_RETRY with close in recovery." 2015-05-29 18:02:57 +00:00
Elliott Hughes
b3ac676192 Really don't use TEMP_FAILURE_RETRY with close in recovery.
I missed one last time.

Bug: http://b/20501816
Change-Id: I9896ee2704237d61ee169f898680761e946e0a56
2015-05-28 23:06:17 -07:00
Sami Tolvanen
cc2428c818 Handle BLKDISCARD failures
In the block updater, if BLKDISCARD fails, the error is silently
ignored and some of the blocks may not be erased. This means the
target partition will have inconsistent contents.

If the ioctl fails, return an error and abort the update.

Bug: 20614277
Change-Id: I33867ba9337c514de8ffae59f28584b285324067
2015-05-28 09:09:02 +01:00
Dan Albert
e49a9e527a Stop using libstdc++.
These are already getting libc++, so it isn't necessary. If any of the
other static libraries (such as adb) use new or delete from libc++,
there will be symbol collisions.

Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f
2015-05-19 11:33:18 -07:00
Sami Tolvanen
6253753ab9 Merge "Add error and range checks to parse_range" 2015-05-18 08:08:54 +00:00
Elliott Hughes
b47afedb42 Don't use TEMP_FAILURE_RETRY on close in recovery.
Bug: http://b/20501816
Change-Id: I35efcd8dcec7a6492ba70602d380d9980cdda31f
2015-05-15 16:19:20 -07:00
Sami Tolvanen
f2bac04e1b Add error and range checks to parse_range
Only trusted input is passed to parse_range, but check for invalid
input to catch possible problems in transfer lists.

Bug: 21033983
Bug: 21034030
Bug: 21034172
Bug: 21034406
Change-Id: Ia17537a2d23d5f701522fbc42ed38924e1ee3366
2015-05-15 18:48:28 +01:00
Elliott Hughes
7bad7c4646 Check all lseek calls succeed.
Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek.

Bug: http://b/20625546
Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
2015-04-29 17:46:43 -07:00
Sami Tolvanen
43b748f254 Don't remove existing explicitly stashed blocks
When automatically stashing overlapping blocks, should the stash
file already exist due to an explicit stash command, it's not safe
to remove the stash file after the command has completed.

Note that it is safe to assume that the stash file will remain in
place during the execution of the next command, so we don't have
take other measures to preserve overlapping blocks.

The stash file itself will be removed by a free command when it's
no longer needed.

Bug: 20297065
Change-Id: I8ff1a798b94086adff183c5aac03260eb947ae2c
2015-04-17 13:07:08 +01:00
Elliott Hughes
1fdd452f47 Always use strerror to report errno in recovery.
Change-Id: I7009959043150fabf5853a43ee2448c7fbea176e
2015-03-23 13:33:57 -07:00
Narayan Kamath
9c0f5d6b34 Remove more dead code from minzip.
I've added explanatory comments to mzExtractRecursive because
that function will live on as a utility even after we move the
zip format related logic to libziparchive.

bug: 19472796

(cherry-picked from commit c9ccdfd7a42de08c47ab771b94dc5b9d1f957b95)

Change-Id: I8b7fb6fa3eafb2e7ac080ef7a7eceb691b252d8a
2015-02-27 12:58:16 +00:00
Jesse Zhao
1df64d3278 Initialize stashbase even stash_max_blocks = 0
Change-Id: I480c02ffedd811f4dda9940ef979a05ff54f1435
Bug: 19410117
2015-02-17 17:09:29 -08:00
Elliott Hughes
2fd48fcca5 am 42b09d25: am 6a0d2fbc: Merge "There\'s no GPL code in \'updater\'."
* commit '42b09d255afdb47bc0546183cbc68e86147baaab':
  There's no GPL code in 'updater'.
2015-02-09 04:15:14 +00:00
Elliott Hughes
42b09d255a am 6a0d2fbc: Merge "There\'s no GPL code in \'updater\'."
* commit '6a0d2fbcaa1740da7bb0e7a0ef8280e8b7b9bb05':
  There's no GPL code in 'updater'.
2015-02-07 07:43:35 +00:00
Sami Tolvanen
0b52c91347 Merge "Support resuming block based OTAs" 2015-02-06 10:25:52 +00:00
Elliott Hughes
8a9014d572 There's no GPL code in 'updater'.
This notice was added for libsyspatch and libxdelta3, but that code
has been removed since.

Change-Id: I4008878ded56ca1d5094a8208728f8c02fe1fe03
2015-02-05 14:53:55 -08:00
Elliott Hughes
40862ab59e am aeecac54: Merge "Add missing includes."
* commit 'aeecac5444ce55d2e82ee1b2aa35ff61a038c14e':
  Add missing includes.
2015-01-30 21:16:36 +00:00
Sami Tolvanen
90221205a3 Support resuming block based OTAs
Add support for transfer list version 3, which allows us to
verify the status of each command and resume an interrupted
block based OTA update. Notes on the changes:

 - Move the previous BlockImageUpdateFn to a shorter and
   reusable PerformBlockImageUpdate, which can be used also
   in BlockImageVerifyFn for verification.

 - Split individual transfer list commands into separate
   functions with unified parameters for clarity, and use
   a hash table to locate them during execution.

 - Move common block reading and writing to ReadBlocks and
   WriteBlocks to reduce code duplication, and rename the
   readblock and writeblock to less confusing read_all and
   write_all.

The coding style of the new functions follows the existing
style in the updater/edify code.

Needs matching changes from
  Ia5c56379f570047f10f0aa7373a1025439495c98

Bug: 18262110
Change-Id: I1e752464134aeb2d396946348e6041acabe13942
2015-01-30 14:38:31 +00:00
Elliott Hughes
cd3c55ab40 Add missing includes.
Change-Id: I06ea08400efa511e627be37a4fd70fbdfadea2e6
2015-01-29 20:50:08 -08:00
Ying Wang
cdce7f7e55 am c43b17f0: Merge "Fix recovery image build for 32p"
* commit 'c43b17f0adac1092e221ce6166ca8bc464090525':
  Fix recovery image build for 32p
2014-12-02 00:07:35 +00:00
Bruce Beare
4c3c7a962f Fix recovery image build for 32p
When building for 32p, we need to be explicit that we wish to build
the 32bit version of the binaries that will be placed in the recovery
image. The recovery image doesn't actually care... but if we are not
explicit in this, the makefiles will ask for the 64bit binaries but the
Android.mk for the binaries will supply the 32bit images (causing the
build to fail).

Change-Id: Iea2d5f412740c082795da4358765751138a4b167
2014-11-30 19:21:19 -08:00
Michael Runge
5b9c4ce5a1 am b278c252: Add support for tune2fs file operations
* commit 'b278c252e148798346f85fc92eeea6afeb33fbf0':
  Add support for tune2fs file operations
2014-11-24 02:37:03 +00:00
Michael Runge
b278c252e1 Add support for tune2fs file operations
This allows tune2fs to be executed from within OTA scripts,
allowing for file system modifications without formatting the
partition

Bug: 18430740
Change-Id: I0c2e05b5ef4a81ecea043e9b7b99b545d18fe5e6
2014-11-21 13:02:03 -08:00
Michael Runge
fe8563f4f2 am 5ddf4293: Log mount/unmount errors to UI
* commit '5ddf4293df45a051c7900eeb62fb5ec4950b6cb6':
  Log mount/unmount errors to UI
2014-10-24 23:17:43 +00:00
Michael Runge
5ddf4293df Log mount/unmount errors to UI
Bug: 18092022
Change-Id: I6c42038ebeb1cfc1e7ca0d3e12310fdce1b990b0
2014-10-24 14:14:41 -07:00