Replace libcrypto with libcrypto_static, which can be protected through
visibility to ensure only modules that don't affect FIPS certification
can use it.
Bug: 141248879
Test: m checkbuild
Change-Id: I0affaa292237bdbc772d3adc36086905ed6fbe9d
And set it to false when installing recovery image via applypatch. We
only need to back up the source partition when doing in-place update
(e.g. when updating a given partition under recovery). When installing
recovery image via applypatch, we won't touch the source partition (i.e.
/boot).
Removing the backup step also allows dropping the dac_override_allowed
permission. Previously it was needed due to the access to /cache.
Because applypatch runs as root:root, while /cache is owned by
system:cache with 0770.
Bug: 68319577
Test: Invoke the code that installs recovery image; check that recovery
is installed successfully without denials.
Test: recovery_unit_test passes on taimen.
Change-Id: I549a770b511762189d6672a2835b6e403d695919
Tested by running recovery_unit_test as described in
https://android.googlesource.com/platform/bootable/recovery/+/refs/heads/master/README.md
Attempted to build and boot a recovery image with the
same change to confirm it still works, but
m recoveryimage-nodeps
fails for me.
Bug: 140940227
Test: See above
Change-Id: I00545968a0e5684823e505f2ddbe7e993319b5d4
updater is built in Make and statically links libcrypto,
so it needs to set LOCAL_INJECT_BSSL_HASH to make the FIPS self
test pass.
Bug: 137267623
Test: m checkbuild
Change-Id: Ib253c870090ac8026f5cbb005d6b0e935c73edd1
Add the command line option to select the work directory and save the
updated image files. Because some people might have interested in
getting updated images from an ota file.
Also, fix a minor issue that the destination of package_extract_file
needs to be updated if it's a block device. Otherwise, an unintended
file may be extracted in the callers' directory.
Test: run simulation, run unit tests
Change-Id: Ic6a7db0580bc1748d6e080102e4654da4e41fd8c
Add a command line parser. Also add the support to parse the oem
property file and skip certain functions.
Bug: 131911365
Test: run simulator for wear builds
Change-Id: Ide306b53d3f42b29c02279969aeb18bec4045d6f
The device specific libs prevent us from building an universal simulator to add
to the otatools. Drop the support since there is currently no active users of the
simulator extension; plus we will unlikely to implement the device specific simulator
runtime.
As a alternation, we will add the commandline arguments to skip certain unsupported
functions, and move the simulator build to the bp file.
Bug: 131911365
Test: mma
Change-Id: I3ff0f45dbebe3ed72d5f4670a869b40e6cfd5a7c
As system_ext partition will be linked to system/system_ext, update
the path to system/system_ext.
Bug: 134359158
Test: build
Change-Id: I5a49adfe7e045e24bf6dfbf6990a965b8a5e1ce1
Corresponds to GetMappedPackageAddress.
There is at least one custom device recovery with an extension to copy
the package somewhere else as a backup. Ability to do this was removed
in change ag/955273.
Test: lunch cf_x86_tv-eng; make
Test: atest recovery_unit_test recovery_component_test
Change-Id: I0e61d8a8839c47721874526504ea03b9ca7bafa9
Make sure the simulator succeeds executing common non-A/B update
functions.
Bug: 131911365
Test: run unit tests
Change-Id: I520ce6a8827539b88a9e36f9e67eec30d8b586d4
This method no longer contains a timeout parameter; it has been
removed in favor of changes to libdm.
Bug: 135771280
Test: builds
Change-Id: Id8c0f17c2787412bc4588af5a1bc49cc8e6edd51
The simulator skips executing the operations for dynamic partitions, and
will use the logical images under target_files/IMAGES directly. (Similar
to the targets without DAP enabled)
Bug: 131911365
Test: run update on cuttlefish, run simulator
Change-Id: Id318d97ece4560df9f20dc5cabeb8b2e261bdf9c
The TargetFile class parses a target-file and provides functions to read
its contents. And the BuildInfo tries to simulate the device with files
on host. Some work it does includes parsing the build properties,
and extracting the image files for partitions specified in the fstab.
Bug: 131911365
Test: unit tests pass, run simulator with cuttlefish, wear devices and from extracted TF.
Change-Id: Iefe4a96d619d2e4b3d038e31480f11a0f9a70afa
Disable building the simulator and its support libraries to resolve the breakage
on mac host targets. Because the simulator is not intended to use on mac anyway.
Bug: 134047992
Test: mma
Change-Id: I488ab50cab1282f03250010b5334f1895d44f98b
Implement the simulator runtime and build the updater simulator as a host
executable. The code to parse the target-files and mocks the block devices
will be submitted in the follow-up.
Bug: 131911365
Test: unit tests pass
Change-Id: Ib1ba939aec8333ca68a45139514d772ad7a27ad8
Remove some unnecessary includes or forward declarations. And include
the correct headers to build host executables.
Bug: 131911365
Test: unit tests pass
Change-Id: I62e75f60678159fe24619a4bd386b1416f1a5b5d
This class adds a wrapper to the runtime dependent functions. Therefore,
the behavior of update on device stays the same, while simulators can
have their own implementations. Also change the caller side of the
registered updater functions to call these runtime wrappers.
Bug: 131911365
Test: unit tests pass, sideload an update on cuttlefish
Change-Id: Ib3ab67132991d67fc132f27120e4152439d16ac5
The hashtree computation is designed to execute after we write all the
bytes to the target block device. And executing the command during block
image verify will almost always fail since we are still on the source
build.
Test: run simulator
Change-Id: If8ebb66739969520367a0815f5f8f89f6fae47cf
The UpdaterInfo class is merely a collection of pointers and POD types.
We can replace it with a Updater class that has the ownership of the
resources. This also makes this class extensible as we plan to add more
functionality in the host simulator.
Bug: 131911365
Test: unit tests pass, run an update on cuttlefish and check last_install
Change-Id: I07ca5963bbee8ae3cb85ccc184464910aa73d4e4
Test: Choose `Reboot system now`, `Power off`, `Reboot to bootloader`
from recovery UI respectively.
Test: `adb reboot recovery` while under sideload mode.
Change-Id: I0f3d55b80b472178ea4f6970b29cd9df0778b639
Switch to 64 bit integers since the size of the entire src/tgt images may
not fit in size_t of ILP32.
There are other theoretical overflow cases in memory allocation and I/O
functions. However, they reside within a single transfer command and are
less likely to happen. I will evaluate and address them in separate
cls.
Test: unit tests pass
Bug: 122461124
Change-Id: Ib719ee695920877458fcfaa25c6ac058a5bbabf2
Test: sideload full OTA on cuttlefish
Test: sideload incremental OTA on cuttlefish (that grows
system, shrinks vendor, and move vendor to group foo)
Test: verify that /cache/recovery/cc46ebfd04058569d0c6c1431c6af6c1328458e4
exists (sha1sum of "system")
Bug: 111801737
Change-Id: Ibdf6565bc1b60f3665c01739b4c95a85f0261ae5
When applying an OTA package onto the device in OTA mode,
if the recovery logs haven't been viewed, there is a chance
that /cache/recovery does not exist. Then, stash creation will
fail. Create stash directories recursively to avoid this error.
Test: without /cache/recovery, sideload the OTA on cuttlefish
Change-Id: I5cc01a067d866476a3594e795dcb5b15649e817b
It also reduces the space cost for devices using f2fs (e.g. crosshatch).
/sbin/mkfs.f2fs 722560 => /system/bin/make_f2fs 49568
/sbin/sload.f2fs 1182456 => /system/bin/sload_f2fs 150032
Test: Build and boot recovery on crosshatch. Factory reset.
Test: Install a non-A/B OTA package that formats a f2fs partition.
Change-Id: Ibe70c8d91a1d07e1c78ff9eac19b1f7955800161
Test: Build and boot into recovery on marlin. Factory reset.
Test: Build and install a non-A/B OTA that calls format.
Change-Id: I72416e775e237fc15ca5eff1036175a9eef43b76
applypatch() was initially designed for file-based OTA, operating on
individual files. It was later extended to allow patching eMMC targets
as a whole, in favor of block-based updates.
As we have deprecated file-based OTA since Oreo, part of the code in
applypatch() has become obsolete. This CL refactors the related
functions, by removing the obsolete logic and focusing on eMMC targets.
Since this CL substantially changes applypatch APIs, it adds new
functions to avoid unintentionally mixing them together. In particular,
it removes `applypatch()`, `applypatch_check()`, `applypatch_flash()`,
and adds `PatchPartition()`, `PatchPartitionCheck()`, `FlashPartition()`
and `CheckPartition()`. It also replaces the old Edify functions
`apply_patch()` and `apply_patch_check()` with `patch_partition()` and
`patch_partition_check()` respectively.
This CL requires matching changes to OTA generation script (in the same
topic).
Bug: 110106408
Test: Run recovery_unit_test and recovery_component_test on marlin.
Test: `m dist` with non-A/B target. Verify
/system/bin/install-recovery.sh on device.
Test: `m dist` with non-A/B target using BOARD_USES_FULL_RECOVERY_IMAGE.
Verify /system/bin/install-recovery.sh on device.
Test: Install an incremental OTA with the new updater and scripts.
Change-Id: Ia34a90114bb227f4216eb478c22dc98c8194cb7f
Now it's less beneficial to inject I/O faults since we don't see many of
them. Remove the library that mocks I/O failures. And switch to android::base
I/O when possible.
Bug: 113032079
Test: unit tests pass
Change-Id: I9f2a92b7ba80f4da6ff9e2abc27f2680138f942c
This would be the top-level class that represents and holds the info
parsed from a transfer list file.
Bug: 112151972
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I83b54df9d1411542eeeb8ef4a2db167e97f989c3
Also separate libupdater_defaults out to be shareable.
It turns out the `data` property in `cc_test` doesn't follow symlinks as
LOCAL_TEST_DATA does in Android.mk. This CL creates a filegroup in
top-level Android.bp in order to pick up the testdata for ResourcesTest.
Test: `mmma -j bootable/recovery` with aosp_marlin-userdebug
Test: Run recovery_{unit,component,manual}_test on marlin.
Test: Run recovery_host_test.
Change-Id: I4532ab25aeb83c0b0baa8051d5fe34ba7b910a35
Add hash_tree_info to represent the hash tree computation arguments in
the transfer commands 'compute_hash_tree'. Also add its parsing code in
the Command class.
Bug: 25170618
Test: unit tests pass
Change-Id: Ie8607968377968e8fb3e58d1af0b8ca315e145be
Test: mmma -j bootable/recovery
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I2617b87d13c585addf0ed2fbae8c3ce443ea7200
The new command is part of the transfer.list and allows us to compute the hash
tree on non-ab devices.
The required arguments for the hash_tree computation are:
hash_tree_ranges
source_ranges
hash_algorithm
salt_hex
root_hash
Bug: 25170618
Test: unit tests pass; run simulator with compute_hash_tree
Change-Id: I8ff0d582cc8adabb8a060db7845f38b35b28e62c
