And set it to false when installing recovery image via applypatch. We
only need to back up the source partition when doing in-place update
(e.g. when updating a given partition under recovery). When installing
recovery image via applypatch, we won't touch the source partition (i.e.
/boot).
Removing the backup step also allows dropping the dac_override_allowed
permission. Previously it was needed due to the access to /cache.
Because applypatch runs as root:root, while /cache is owned by
system:cache with 0770.
Bug: 68319577
Test: Invoke the code that installs recovery image; check that recovery
is installed successfully without denials.
Test: recovery_unit_test passes on taimen.
Change-Id: I549a770b511762189d6672a2835b6e403d695919
Prior to this CL, applypatch was the only user of libbrotli.so and
libbz.so (update_engine and puffin have been using the static versions).
This CL switches applypatch to their static versions to save space in
/system.
Sizes prior to the change (aosp_taimen-userdebug):
/system/bin/applypatch 91296
/system/lib64/libbrotli.so 688536
/system/lib64/libbz.so 79560
After:
/system/bin/applypatch 272368
Test: `m dist`
Test: Check the built blueline-userdebug target. libbrotli.so and
libbz.so are not installed.
Change-Id: I08422a0d5a287bbac69aa9f6cfd9c97e5b2e9078
recovery_main is only interested in a subset of options. Suppress the
warning for unrecognized options (which are likely intended for
recovery).
Fixes: 141239600
Test: On Pixel 3a, write `--security` flag into /misc and reboot
recovery. Check that recovery_main no longer reports
"unrecognized option" warning.
# echo "recovery\n--security\n" | \
dd of=/dev/block/by-name/misc conv=notrunc bs=1 seek=64
# killall -9 recovery
# cat /tmp/recovery.log
Test: Write `--show_text=foo` instead, and check that recovery reports
"option `--show_text' doesn't allow an argument".
Change-Id: I1cb3a5ed6db91e41453b8aad00c8608f78ac1fa6
Tested by running recovery_unit_test as described in
https://android.googlesource.com/platform/bootable/recovery/+/refs/heads/master/README.md
Attempted to build and boot a recovery image with the
same change to confirm it still works, but
m recoveryimage-nodeps
fails for me.
Bug: 140940227
Test: See above
Change-Id: I00545968a0e5684823e505f2ddbe7e993319b5d4
updater is built in Make and statically links libcrypto,
so it needs to set LOCAL_INJECT_BSSL_HASH to make the FIPS self
test pass.
Bug: 137267623
Test: m checkbuild
Change-Id: Ib253c870090ac8026f5cbb005d6b0e935c73edd1
If the HAL is run on a non-A/B device, it does not fail gracefully; it
will segfault because the current_slot is -1 and methods do not protect
against this. Instead, have Init() fail if we can't determine the
current slot.
Bug: 130078382
Test: vts tests
Change-Id: I2d3094518a842b1a764427d2da9d46781a9f26da
This extracts the implementation of boot_control into a new library,
libboot_control. The bootctrl.default module now wraps this library.
This refactoring will allow us to re-use the same implementation in
HIDL.
Bug: 138861550
Test: mm bootctrl.default
Change-Id: Ic0558da3c2d8e6f5ebec63a497825c24b51623b7
Additionally kill the global variable: reason, stage; move them to a
separate BootState class instead. Vendor specific recovery code will
need to call getters from Device() class to access these variables.
Bug: 137705917
Test: unit tests pass, boot sailfish into recovery, code search and no
code includes common.h in vendor specific recovery.
Change-Id: Ia50a5ea951212c25548562f29cc9cf78505b5e34
In the old code, the recovery only enumerated the input devices at the
startup, and read the input events from these devices.
So if a USB input device is probed after the recovery startup, then the
recovery can't read the events from this device.
This patch use inotify to monitor /dev/input for new added input
device, then support input device hotplug in recovery mode.
Bug: 111847510
Test: can use USB keyboard hotplugged in recovery mode
Change-Id: I7e7dcbd619d3c66a2f40a43418f5dac6a50c859e
Signed-off-by: Liu Shuo A <shuo.a.liu@intel.com>
Signed-off-by: Ming Tan <ming.tan@intel.com>
A global std::string, even if not used, pollutes the bss section
unnecessarily. Since this object is only there for testing, make it
std::optional<std::string>, which is constexpr constructible.
Bug: 138856262
Test: Along with a fix in fs_mgr, see that the bss section for
libbootloader_message.so is now clean on cuttlefish for several
processes.
Change-Id: I6df837dded88d979ffe14d5b2770b120bcf87341
Add the command line option to select the work directory and save the
updated image files. Because some people might have interested in
getting updated images from an ota file.
Also, fix a minor issue that the destination of package_extract_file
needs to be updated if it's a block device. Otherwise, an unintended
file may be extracted in the callers' directory.
Test: run simulation, run unit tests
Change-Id: Ic6a7db0580bc1748d6e080102e4654da4e41fd8c
Then we can override this function in the device specific recovery ui;
and allow customizing the help message.
Bug: 137965958
Test: Check the menu on sailfish
Change-Id: I09f23166f4205c5edf6c62eb42c8ada0fa710b26
Some global variables are only used for recovery.cpp and
recovery_main.cpp, remove them from common.h and handle their usage
accordingly. Variables include:
static constexpr int kRecoveryApiVersion;
extern struct selabel_handle* sehandle;
extern RecoveryUI* ui;
extern bool has_cache;
bool is_ro_debuggable();
Test: unit tests pass, boot into recovery mode and run graphic tests
Change-Id: If83a005786c9b38412731da97aaf85af69a3b917
