Commit graph

212 commits

Author SHA1 Message Date
Tao Bao
3e18f2bf40 roots: Fix an issue with volume_for_path().
The earlier commit in 2dfc1a3898
unintentionally changed the behavior. It gives a different result when
looking up non-existent mount points (e.g. /cache on marlin).

The logic behind volume_for_path("/xyz") is unclear:
- It's fine to return non-null value if it's called by
  ensure_path_mounted() before accessing that file "/xyz". (Just based
  on the function name, we're not actually having this case.)
- It should return nullptr if the caller is interested in the existence
  of that particular mount point "/xyz".

This CL renames the function to volume_for_mount_point(), which does an
exact match by querying the given mount point from libfs_mgr. The former
volume_for_path() has been moved down to function scope for serving
ensure_path_mounted() only.

Test: Build and boot into recovery on bullhead and marlin respectively.
      'View recovery logs'.
Test: 'Mount /system'
Test: 'Apply update from ADB'
Change-Id: I1a16390f57540cae08a2b8f3d439d17886975217
2017-10-02 11:18:13 -07:00
Tianjie Xu
29d5575fa8 Add a new option in recovery menu to test the background texts
Add a new option "Run locale test" to check the background text
images (i.e. texts for "erasing", "error", "no_command" and "installing"
with different locales.)

Use volume up/down button to cycle through all the locales embedded in
the png file, and power button to go back to recovery main menu.

Test: Run locale test with bullhead.
Change-Id: Ib16e119f372110cdb5e611ef497b0f9b9b418f51
2017-09-27 00:27:38 -07:00
Tao Bao
bd0ddcd5e8 Remove EXPAND/STRINGIFY macros.
This reverts commit 8be0f39fec to reland
the change that removes EXPAND/STRINGIFY macros.

It's error-prone by putting anything into a string (e.g.
EXPAND(RECOVERY_API_VERSION) would become "RECOVER_API_VERSION" if we
forgot to pass -DRECOVERY_API_VERSION=3).

The initial attempt put RECOVERY_API_VERSION into common.h, which might
be included by device-specific codes but without defining that when
compiling the module. This CL avoids the issue by using a constant
in the header, with a static_assert in recovery.cpp that guards the
consistency.

Test: recovery_component_test
Test: Sideload OTAs on bullhead and sailfish respectively.
Change-Id: I12af3f73392a85554ba703f04970ec9d984ccbaa
2017-09-13 10:51:09 -07:00
Tao Bao
623bac4ed9 Merge "screen_ui: Word-wrap menu headers."
am: 162b92323b

Change-Id: I93c959422c5b56a15875580159ecfc1a1d44087d
2017-08-16 05:07:55 +00:00
Tao Bao
2bbc6d642d screen_ui: Word-wrap menu headers.
This CL adds ScreenRecoveryUI::DrawWrappedTextLines() to better handle
long menu header texts. It does a word wrap at spaces, if available.
This avoids fixed-length menu headers being truncated on small screens.

Bug: 64293520
Test: On bullhead, boot into recovery with --prompt_and_wipe_data, and
      check the prompt texts.
Change-Id: Ia22746583516dd230567a267584aca558429395e
2017-08-15 15:10:21 -07:00
Tao Bao
5507c3d63c Merge "otautil: Clean up dirCreateHierarchy()."
am: 610712101b

Change-Id: I95350c4b2aab36dd89ea7813f2eb63d407b5f8ac
2017-07-31 00:15:43 +00:00
Tao Bao
ac3d1edca0 otautil: Clean up dirCreateHierarchy().
- Changed to std::string based implementation (mostly moved from the
  former make_parents() in updater/install.cpp);
- Removed the timestamp parameter, which is only neeed by file-based OTA;
- Changed the type of mode from int to mode_t;
- Renamed dirCreateHierarchy() to mkdir_recursively().

Test: recovery_unit_test passes.
Test: No external user of dirCreateHierarchy() in code search.
Change-Id: I71f8c4b29bab625513bbc3af6d0d1ecdc3a2719a
2017-07-27 10:33:07 -07:00
Tao Bao
276ff4cc33 Merge "recovery: Fix the flickering when turning on text mode."
am: 771dfb0016

Change-Id: Ic85356b782c6b83725d85f2104fb30fc81ad2ed1
2017-07-25 18:57:38 +00:00
Tao Bao
7022f33ec8 recovery: Fix the flickering when turning on text mode.
When there's no command specified when booting into debuggable builds
(such as using `adb reboot recovery`), we turn on the text mode (i.e.
recovery menu) directly. This CL fixes the issue to avoid showing the
background image in a flash while turning on the text mode.

Bug: 63985334
Test: `fastboot boot $OUT/recovery.img` and it shows the recovery menu
      directly without the no command image in a flash.
Change-Id: Id86bbe346ab76c8defc95e2b423e695a86774b09
2017-07-25 09:59:31 -07:00
Tao Bao
4fb2825dc2 Merge "Avoid crashing recovery with unwritable /cache."
am: 9187f1cc51

Change-Id: Ie5708c2f703aefbfcad85ad0d2d24ae36b725c78
2017-07-21 23:22:31 +00:00
Tao Bao
ec57903a7e Avoid crashing recovery with unwritable /cache.
When /cache is unwritable, recovery hits a crash loop. Because it
passes nullptr to fileno(3) when writing back the locale file. This
prevents user from recovering a device - it cannot boot far enough to
recovery menu which allows wiping /cache.

Bug: 63927337
Test: Corrupt /cache and boot into recovery on bullhead:
 1. m -j recoveryimage
 2. fastboot erase cache
 3. fastboot boot $OUT/recovery.img
 4. recovery menu shows up.
Change-Id: I1407743f802049eb48add56a36298b665cb86139
2017-07-21 13:40:56 -07:00
Tianjie Xu
6d8827e0d3 Merge "Fix the android-cloexec-* warnings in bootable/recovery"
am: 94a8ea1797

Change-Id: I57ae57bab58f603540654bb24df9facca9a7d625
2017-07-19 23:06:50 +00:00
Tianjie Xu
de6735e80c Fix the android-cloexec-* warnings in bootable/recovery
Add the O_CLOEXEC or 'e' accordingly.

Bug: 63510015
Test: recovery tests pass
Change-Id: I7094bcc6af22c9687eb535116b2ca6a59178b303
2017-07-19 12:17:41 -07:00
Jeff Vander Stoep
eba11fa574 Fix "No file_contexts" warning
am: e35926e1af

Change-Id: Ia050561286c30d8198f3185da9e3cd31372b1d79
2017-06-16 02:57:57 +00:00
Jeff Vander Stoep
e35926e1af Fix "No file_contexts" warning
Fixed by Loading the file_contexts specified in libselinux, whereas
previously recovery loaded /file_contexts which no longer exists.

Bug: 62587423
Test: build and flash recovery on Angler. Warning is gone.
Test: Wipe data and cache.
Test: sideload OTA
Change-Id: I11581c878b860ac5f412e6e8e7acde811f37870f
(cherry picked from commit 2330dd8733)
2017-06-15 21:24:29 +00:00
Tianjie Xu
6957555e29 Retry the update if ApplyBSDiffPatch | ApplyImagePatch fails
We have seen one case when bspatch failed likely due to patch
corruption. Since the package has passed verification before, we want
to reboot and retry the patch command again since there's no
alternative for users.

We won't delete the stash before reboot, and the src has passed SHA1
check. If there's an error on the patch, it will fail the package
verification during retry.

Bug: 37855643
Test: angler reboots and retries the update when bspatch fails.
Change-Id: I2ebac9621bd1f0649bb301b9a28a0dd079ed4e1d
2017-05-23 17:36:56 -07:00
Tianjie Xu
539b08cfcf Fix the input parameter for "set_retry_bootloader_message"
We're not updating argc & argv during get_args(), so some boot
arguments missed when we set the boot message for retry.

Bug: 38383406
Test: boot command sets correctly during retry attempt.
Change-Id: Ie8583a22fad5e0084245e3431d4018518d508dfd
(cherry picked from commit 72449c9f99)
2017-05-17 11:52:17 -07:00
Tianjie Xu
72449c9f99 Fix the input parameter for "set_retry_bootloader_message"
We're not updating argc & argv during get_args(), so some boot
arguments missed when we set the boot message for retry.

Bug: 38383406
Test: boot command sets correctly during retry attempt.
Change-Id: Ie8583a22fad5e0084245e3431d4018518d508dfd
2017-05-17 18:09:35 +00:00
Tao Bao
8be0f39fec Revert "Remove EXPAND/STRINGIFY macros."
This reverts commit ec9706738f.

Reason for revert: It's not a good idea to put RECOVERY_API_VERSION in
common.h, which might be included by device-specific codes (but with
RECOVERY_API_VERSION undefined).

Change-Id: I9feb9c64a5af3e9165164622a59b043aa28a8b8c
2017-05-04 00:31:11 +00:00
Tao Bao
ec9706738f Remove EXPAND/STRINGIFY macros.
They are error-prone by putting anything into a string (e.g.
EXPAND(RECOVERY_API_VERSION) would become "RECOVER_API_VERSION" if we
forgot to pass -DRECOVERY_API_VERSION=3).

RECOVERY_API_VERSION is the only user (in bootable/recovery) that gets
stringified. Assign it to a typed var and sanity check the value.

Don't see other reference to the macros from device-specific recovery
directories (they can still define that locally if really needed).

Test: recovery_component_test
Test: Sideload an OTA on angler and marlin respectively.
Change-Id: I358bbdf8f0a99db5ce4c7bc2fdcafe8013501b64
2017-05-03 11:26:00 -07:00
Tao Bao
0150d013eb adb_install: Stop passing RecoveryUI as a parameter.
It's already a global declared in common.h which is included by
adb_install.cpp.

Remove '#include "minadbd/fuse_adb_provider.h"' that's not needed by
adb_install.cpp (minadbd takes care of that).

Test: mmma bootable/recovery
Change-Id: I6d08b7abc706b4b05de2ef46a57ced2204ad297e
2017-05-01 11:47:43 -07:00
Dmitri Plotnikov
ed9db0fd73 Adding support for quiescent reboot to recovery
Bug: 37401320
Test: build and push OTA and hit adb reboot recovery,quiescent. The screen should remain off throughout the upgrade process.

(cherry picked from commit 8706a98aa6)

Change-Id: I79789a151f6faafda8ecc6198c2182cc2a91da70
2017-04-27 16:31:11 -07:00
Treehugger Robot
0481faef77 Merge "Adding support for quiescent reboot to recovery" 2017-04-27 22:34:16 +00:00
Tao Bao
d8039acce6 recovery: Remove the include of adb.h.
recovery.cpp doesn't have a direct dependency on adb.h (only minadbd
does). 'adb.h' was once needed for DEFAULT_ADB_PORT, until being killed
by commit acb2a2fa4c.

Test: mmma bootable/recovery
Change-Id: I84f87988d01c3f0c3d1383cc3cffde2e7d5e7aea
2017-04-24 12:22:44 -07:00
Tianjie Xu
d9d16297dd Reboot the device on user build after the install fails
Users can't do much after the install fails with the device showing
"error" under recovery. So our best choice is to reboot the device
since sometimes the system image is still bootable (i.e. on package
verification failure). At worst the device would stuck in a boot loop
where the users need the same professional knowledge to recover as
before.

Behaviors after installation failure (including data wipe):
If recovery text is visible:
No change.

If recovery text is not visible:
Old behavior: Wait under "error" screen. Reboot after UI timeout (120s)
              if not connected to usb charger.
New behavior: Wait for 5s (shortens from the 120s timeout) under "error"
              screen and reboot (w or w/o charger).

sideload-auto-reboot (only available for userdebug):
Old behavior: Reboot immediately after installation failure.
New behavior: Wait for 5s under "error" screen and reboot.

Bug: 35386985
Test: On angler user, device auto reboots 5s after a failing OTA.

Change-Id: I3ff0ead86e2ccec9445d6a2865bc2c463855f23c
2017-04-21 22:49:30 +00:00
Dmitri Plotnikov
8706a98aa6 Adding support for quiescent reboot to recovery
Bug: 37401320
Test: build and push OTA and hit adb reboot recovery,quiescent. The screen should remain off throughout the upgrade process.
Change-Id: Ibed3795c09e26c4fa73684d40b94e40c78394d3f
2017-04-19 14:43:08 -07:00
Tianjie Xu
0a599567ce Merge "Add the missing sr-Latn into png files and rename the png locale header" am: 713d915636 am: dc235b5ab9
am: 5ec12126f0

Change-Id: Ia6b861c91958d3be23a4a7456d6d5d8e4a1607c8
(cherry picked from commit 9166f66eee)
2017-03-28 22:23:40 +00:00
Tianjie Xu
713d915636 Merge "Add the missing sr-Latn into png files and rename the png locale header" 2017-03-28 19:42:54 +00:00
Tianjie Xu
2078b22e41 Add the missing sr-Latn into png files and rename the png locale header
Switch the locale header in the png files from Locale.toString() to
Locale.toLanguageTag(). For example, en_US --> en-us and sr__#Latn
--> sr-Latn. Also clean up recovery a bit to expect the new locale
format.

Bug: 35215015
Test: sr-Latn shows correctly under graphic tests && recovery tests pass
Change-Id: Ic62bab7756cdc6e5f98f26076f7c2dd046f811db
2017-03-24 16:54:52 -07:00
Tao Bao
6014db5da6 Merge "Fix the wrong parameter when calling read_metadata_from_package()." 2017-03-24 20:11:53 +00:00
Tao Bao
1b2a98bda3 Fix the wrong parameter when calling read_metadata_from_package().
The call to read_metadata_from_package() is broken due to being passed
an invalid pointer (ZipArchiveHandle vs ZipArchiveHandle*). It's
introduced when switching from minzip to libziparchive. Compiler didn't
complain, because ZipArchiveHandle is typedef'd as void*, which legitly
accepts a void**.

Also clean up secure_wipe_partition() logs a bit by using android-base
logging.

Bug: 36427762
Test: Send a wipe package.
Change-Id: I791a0f09a066f1c257dae890e7ae13d02a02e78b
2017-03-24 11:02:05 -07:00
Paul Crowley
31ac0c61fe Reword the wipe warning message to be more comprehensible.
Test: My device was crashing anyway, so observed message on crash.
Bug: 34669779
Change-Id: Ib85d1d137139f5e14f735c972c2312acce2caf5f
2017-03-23 14:54:20 -07:00
Tao Bao
e1905adf66 recovery: Replace the hard-coded 1000 with AID_SYSTEM.
Test: mmma bootable/recovery
Change-Id: Icea5bd91a976957e8b6ab46e367345ff69a53ca4
2017-03-22 14:58:58 -07:00
Tao Bao
50dd532934 recovery: Fix the FIXME in get_menu_selection().
It used to return a REBOOT action on timeout, until the CL in commit
daefc1d442 that redefined the return value
of get_menu_selection() (changing from action to a menu index).

Prior to this CL, it was returning 0 (i.e. the value of Device::REBOOT)
to trigger the reboot. This CL specifies a return value of -1 to
indicate the timeout.

Test: Boot into a user build recovery; it reboots automatically on
      timeout (120 sec).
Change-Id: I4aedb7a4628bf258017078fe73eb8b48a21d0ea8
2017-03-07 15:35:17 -08:00
Tao Bao
fc5499f22b recovery: Move a few int to bool.
Most of the changes are trivial.

Also update a dead reference to device_handle_key() in device.h comment,
and add some comments to get_menu_selection() function.

Test: `mmma bootable/recovery`
Change-Id: I59ef9213ec88ab35c0e7b8a7813ccf9c56dbd5c5
2017-03-07 15:35:12 -08:00
Tao Bao
9bd1dced90 Merge "recovery: Drop the "--stages" / '-g' argument." 2017-03-07 20:28:06 +00:00
Tao Bao
1a575f8d5f Merge "recovery: Add SetStage() into 'Run graphics test'." 2017-03-07 20:02:15 +00:00
Tao Bao
08fc6beef8 recovery: Minor clean up to choose_recovery_file().
Test: 'View recovery logs' on bullhead and sailfish.
Change-Id: I53272b121e3e55e6fe4c77b71e3c2e819e72cb64
2017-03-07 00:57:08 -08:00
Tao Bao
a8d72bc3b4 recovery: Drop the "--stages" / '-g' argument.
This was introduced in commit c87bab1018.
But the stage info should be passed through BCB only (there's a
dedicated field in struct bootloader_message).

This CL removes it from recovery arguments, and also moves 'stage'
variable to std::string.

Test: 'stage' variable is not used by any device-specific recovery code.
Test: Code search shows no hit of '--stages' use.
Change-Id: Iccbde578a13255f2b55dd4a928e9ecf487f16b97
2017-03-07 00:12:06 -08:00
Tao Bao
db7e898080 recovery: Add SetStage() into 'Run graphics test'.
This allows a quicker test for stage UI.

Bug: 27804510
Test: 'Run graphices test' with the new recovery image.
Change-Id: I47689ae8e4cac6d7e5d1f6a10b9e393d50d713f3
2017-03-06 23:53:16 -08:00
Tao Bao
c9447cc505 recovery: Remember the last log position.
After reading one log entry, it should stay at the same menu position.

Test: 'View recovery logs' -> Read -> Exit
Change-Id: I4b579be4c2fe1e3a1dcc4873e128fd0b2d619ba3
2017-02-28 15:27:08 -08:00
Tao Bao
f7f1da3fb5 recovery: Don't show "No /cache partition found" on screen.
People have been confused by the message and thought that's an error.

Test: Boot recovery on sailfish; choose 'View recovery logs'.
Change-Id: I2c540f18d6493c1a129233d10ecbc96823dd3601
2017-02-24 10:16:18 -08:00
Tao Bao
c4a18efa84 recovery: Clean up browse_directory().
Get rid of the malloc/realloc/free'd menus.

browse_directory() will only be called on devices with SD card. Tested
the CL by temporarily setting SDCARD_ROOT to a different location.

Test: See above.
Change-Id: I935e1bf4bad0273e3dff87fa2536924f1219adb5
2017-02-10 21:21:52 -08:00
Tao Bao
3da880156b Replace _exit(-1) with _exit(EXIT_FAILURE).
-1 is not a valid exit status.

Also replace a few exit(1) with exit(EXIT_FAILURE).

Test: mmma bootable/recovery
Change-Id: I4596c8328b770bf95acccc06a4401bd5cabd4bfd
2017-02-03 14:11:11 -08:00
Tao Bao
efc35594dd recovery: Move property_get() to android::base::GetProperty().
Test: Apply two A/B incremental OTAs with the new recovery image. The
      one with incorrect pre-build should be blocked, while the other
      works fine.

Change-Id: I94d97eb8798599da1630f66343fb603e87464187
2017-01-13 12:08:34 -08:00
Tao Bao
570af9dca3 recovery: Fix the argument parsing.
Commit f0ed159f48 unintentionally changed
the behavior when parsing the arguments from BCB and command file. It
should only parse the command file for arguments if BCB doesn't supply
any.

As a result, it shows the following from the log:
I:Got 2 arguments from boot message
I:Got 3 arguments from /cache/recovery/command

Test: Set arguments in BCB and command file both. It should only use the
      arguments from BCB.

Change-Id: Idf371137aa9177f1b2dfdfecf0c9f46959d2ee76
2017-01-09 10:35:42 -08:00
Tao Bao
736d59c567 recovery: Fix the broken UI text.
UI text is broken (doesn't show any text during FDR) due to commit
d530449e54, which reordered the calls to
RecoveryUI::SetLocale() and RecoveryUI::Init().

Because Init() uses the locale info to load the localized texts (from
images), the locale must be set prior to that via SetLocale(). This CL
refactors Init() to take the locale parameter, and removes the odd
SetLocale() API.

Bug: 34029338
Test: 'Run graphics test' under recovery.
Change-Id: I620394a3d4e3705e9af5a1f6299285d143ae1b01
2017-01-03 22:40:03 -08:00
Paul Crowley
08404b48f7 Support a "ask before wiping" boot flag.
In the event of a catastrophic data error which should never happen,
ask the user before wiping the device.

Test: Cause an init builtin to fail and generate this error, observe.
Bug: 28693324
Change-Id: I38a2b815157d816cba1f30ad37eb4cdcc01db582
2016-12-21 13:38:48 -08:00
Tao Bao
2292db819b Add update_bootloader_message() to fix two-step OTAs.
This is a retry of commit 7e31f421a5.

Commit bd56f1590c switches to calling
write_bootloader_message(<options>) in get_args(), which
unintentionally resets the stage field thus breaks two-step OTAs.

This CL adds update_bootloader_message(<options>), which only sets
the command field (to "boot-recovery") and the recovery field (with
the specified options).

Bug: 33534933
Test: Apply a two-step package.
Test: recovery_component_test passes.
Change-Id: Ie0b1ed4053d2d3c97d9cb84310d616b28fcfc72e
2016-12-15 12:36:26 -08:00
Sen Jiang
8c1584feaf Merge "Add a stub recovery UI." 2016-12-14 21:50:49 +00:00