We should always use unique_fd or unique_file to hold the FD or FILE*
pointer when opening via ota_(f)open functions.
This CL avoids accidentally closing raw FDs or FILE* pointers that are
managed by unique_fd/unique_file.
Test: recovery_component_test passes.
Change-Id: If58eb8b5c5da507563f85efd5d56276472a1c957
Add read_bootloader_message_from() and write_bootloader_message_to() to
allow specifying the BCB device (/misc).
Also add testcases for set_stage() and get_stage().
Test: recovery_component_test passes.
Test: Build a recovery image and apply a two-step OTA package.
Change-Id: If5ab06a1aaaea168d2a9e5dd63c07c0a3190e4ae
write_value(value, filename) writes 'value' to 'filename'. It can be
used to tune device settings when applying an OTA package. For example,
write_value("960000", "/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq").
Bug: 32463933
Test: recovery_component_test passes.
Test: Apply an OTA package that contains a call to write_value(), and
check the result.
Change-Id: Ib009ecb8a45a94353f10c59e2383fe1f49796e35
'bool success = ExtractEntryToFile()' gives opposite result. Fix the
issue and add testcases.
Change the one-argument version of package_extract_file() to explicitly
abort for non-existent zip entry. Note that this is NOT changing the
behavior. Prior to this CL, it aborts from Evaluate() function, by
giving a general cause code. Now it returns kPackageExtractFileFailure.
BUg: 32903624
Test: recovery_component_test works.
Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f
Clean up SymlinkFn() a bit. Also clean up the temp files created when
running the tests; otherwise non-empty TemporaryDir won't be removed.
Test: recovery_component_test passes.
Change-Id: Id3844abebd168c40125c4dcec54e6ef680a83c3a
ReadArgs will switch to using std::string and std::unique_ptr. Also
cleanup the callers.
Test: mma & component test passed.
Change-Id: I4724406ae6c0c134a27bbd1cdd24ad5d343b2a3b
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.
Test: Update package installed successfully on angler.
Bug: 19472796
Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
Changing the field of 'Value' in edify to std::string from char*.
Meanwhile cleaning up the users of 'Value' and switching them to
cpp style.
Test: compontent tests passed.
Bug: 31713288
Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
- Remove dead declarations in expr.h: SetError(), GetError(),
ClearError().
- Remove the declaration of Build() out of expr.h.
- Use std::unordered_map to implement RegisterFunction() and
FindFunction(); kill FinishRegistration().
- Add a testcase for calling unknown functions.
Test: mmma bootable/recovery; recovery_component_test passes.
Change-Id: I9af6825ae677f92b22d716a4a5682f58522af03b
Also add a testcase for sha1_check().
Test: mmma bootable/recovery; recovery_component_test passes.
Change-Id: I4d06d551a771aec84e460148544f68b247a7e721
So that we can write native tests for updater functions. This CL adds a
testcase for getprop() function.
Test: mmma bootable/recovery; Run recovery_component_test on device.
Change-Id: Iff4c1ff63c5c71aded2f9686fed6b71cc298c228
This way we kill a few strdup() and free() calls.
Test: 1. recovery_component_test still passes;
2. Applying an update with the new updater works;
3. The error code in a script with abort("E310: xyz") is recorded into
last_install correctly.
Change-Id: Ibda4da5937346e058a0d7cc81764d6f02920010a
Also remove the 0xff comparison when validating the bootloader
message fields. As the fields won't be erased to 0xff after we
remove the MTD support.
Bug: 28202046
Test: The recovery folder compiles for aosp_x86-eng
Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
We might end up in an infinite loop if read(2) reached EOF unexpectedly.
The problematic code in uncrypt mentioned in the bug has been fixed
by switching to libbase ReadFully(). So I grepped through the recovery
code and fixed some other occurences of the issue.
Bug: 31073201
Change-Id: Ib867029158ba23363b8f85d61c25058a635c5a6b
Check the results from applypatch in PerformCommandDiff; and abort the
update on failure.
Bug:29339536
Change-Id: I5087d79ba532b54250f4c17560524255c8a4fabc
If the update is a retry, ioctl(BLKDISCARD) the destination blocks before
writing to these blocks.
Bug: 28990135
Change-Id: I1e703808e68ebb1292cd66afd76be8fd6946ee59
Write error code, cause code, and retry count into last_install. So we
can have more information about the reason of a failed OTA.
Example of new last_install:
@/cache/recovery/block.map package name
0 install result
retry: 1 retry count (new)
error: 30 error code (new)
cause: 12 error cause (new)
Details in:
go/android-ota-errorcode
Bug: 28471955
Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
am: dd874b1c87
* commit 'dd874b1c87eb04f28db0db2629df0adde568a74c':
Add time and I/O info to last_install
Change-Id: I02aa858d5ce488d3acbf5400811e2565cf7d9c75
Remove O_SYNC from mzExtractRecursive() and PackageExtractFileFn().
These functions deal with extracting whole files from the update
package onto a filesystem. If run on ext4 on a rotating disk, for
example, the O_SYNC flag will cause serious performance problems
and the extraction proecss can take over 30 minutes, with no
obvious benefits.
This API function already calls fsync(fd) after each file is
extracted to ensure data and metadata is written to the underlying
block device, so the O_SYNC calls should be superfluous and safely
removable.
This change does not affect the OTA patch paths or any modification
of the bootloader partition or writes to other 'emmc' partitions.
Signed-off-by: Alistair Strachan <alistair.strachan@imgtec.com>
Change-Id: I9cbb98a98e6278bf5c0d7efaae340773d1fbfcd2
[1] switched a few things to android::base::unique_fd including
CommandParameters.fd. However, we were using memset(3) to zero out the
struct, which effectively assigned unique_fd(0) to fd. When it called
fd.reset(), file descriptor 0 was unintentionally closed. When FD 0 was
later reassigned via open(2), it led to lseek(2) errors: "Bad file
descriptor".
This CL switches to using braced-init (i.e. '= {}') instead, so that the
default constructor unique_fd(-1) would be called.
[1]: commit bcabd09293
Bug: 28391985
Change-Id: If1f99932b15552714c399e65c8b80550344b758a
Currently block_image_verify() stashes source blocks to /cache and
in some case triggers I/O errors. To avoid this risk, We create
a map from the hash value to the source blocks' range_set. When
executing stash command in verify mode, source range is saved but block
contents aren't stashed. And load_stash could get its value from
either the stashed file from the previous update, or the contents on
the source partition specified by the saved range.
Bug: 27584487
Bug: 25633753
Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
(cherry picked from commit 0188935d55)
Currently block_image_verify() stashes source blocks to /cache and
in some case triggers I/O errors. To avoid this risk, We create
a map from the hash value to the source blocks' range_set. When
executing stash command in verify mode, source range is saved but block
contents aren't stashed. And load_stash could get its value from
either the stashed file from the previous update, or the contents on
the source partition specified by the saved range.
Bug: 27584487
Bug: 25633753
Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
Cherry pick this patch because it fixes the problem that
a newed Value is released by free().
Bug: 26906416
Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43
(cherry picked from commit d6c93afcc2)
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.
Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
(cherry picked from commit 3c62b67faf)
If two libraries both use LOCAL_WHOLE_STATIC_LIBRARIES and include a same
library, there would be linking errors when generating a shared library
(or executable) that depends on the two libraries both.
Also clean up Android.mk files.
Remove the "LOCAL_MODULE_TAGS := eng" line for the updater module. The
module will then default to "optional" which won't be built until needed.
Change-Id: I3ec227109b8aa744b7568e7f82f575aae3fe0e6f
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.
Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
Add and register a function to check if the device has been remounted
since last update during incremental OTA. This function reads block 0
and executes before partition recovery for version >= 4.
Bug: 21124327
Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
(cherry picked from commit 30bf476559)
Add and register a function to check if the device has been remounted
since last update during incremental OTA. This function reads block 0
and executes before partition recovery for version >= 4.
Bug: 21124327
Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
We are already using O_SYNC and fsync() for the recursive case
(package_extract_dir()). Make it consistent for the single-file case.
Bug: 20625549
Change-Id: I487736fe5a0647dd4a2428845e76bf642e0f0dff
Output messages in log when recovery is attempted or succeeded during
incremental OTA update.
Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda
(cherry picked from commit b686ba2114)
To accommodate new changes in N release, such as error correction [1]
and other potential changes to the updater.
[1]: commit 0a7b47397d
Change-Id: I4dd44417d07dd0a31729894628635a0aa1659008
Add block_image_recover function to rewrite corrupted blocks on the
partition. This can be attempted if block_image_verify fails.
Note that we cannot use libfec during block_image_update as it may
overwrite blocks required for error correction. A separate recovery
pass in case the image is corrupted is the only viable option.
Bug: 21893453
Change-Id: I6ff25648fff68d5f50b41a601c95c509d1cc5bce
We have the last line being empty as a result of
android::base::Split("a\nb\n"), which leads to "missing command"
warnings in the update. Just skip all the empty lines.
Bug: 24373789
Change-Id: I5827e4600bd5cf0418d95477e4592fec47bbd3a9
When processing ui_print commands in the updater, it misses a line break
when printing to the recovery log.
Also clean up uiPrintf() and UIPrintFn() with std::string's.
Change-Id: Ie5dbbfbc40b024929887d3c3ccd3a334249a8c9d
Replace C-string with std::string, pointers with references, and
variable-size arrays in struct with std::vector.
Change-Id: I57f361a0e58286cbcd113e9be225981da56721b2
There is an integer overflow when the size of system goes beyond the
signed int limits. Hence changing pos to size_t.
Change-Id: I6e5e1b2f0e72030b30a6df09a01642f4c82abc79
Currently the fsync() inside write_all() may be called multiple times
when performing a command. Move that to the outer loop and call it
only after completing the command.
Also remove the O_SYNC flag when writing a stash.
Change-Id: I71e51d76051a2f7f504eef1aa585d2cb7a000d80
This reverts commit b65f0272c8.
It slows down the update too much on some devices (e.g. increased
from 8 mins to 40 mins to take a full OTA update).
Bug: 22129621
Change-Id: I016e3b47313e3113f01bb4f8eb3c14856bdc35e5
(cherry picked from commit 7125f9594d)
A RangeSet has half-closed half-open bounds. For example, "3,5" contains
blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped.
Bug: 22098085
Change-Id: I75e54a6506f2a20255d782ee710e889fad2eaf29
Due to observed BLKDISCARD flakiness, overwrite blocks that we want
to discard with zeros first to avoid later issues with dm-verity if
BLKDISCARD is not successful.
Bug: 20614277
Bug: 20881595
Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f
Due to observed BLKDISCARD flakiness, overwrite blocks that we want
to discard with zeros first to avoid later issues with dm-verity if
BLKDISCARD is not successful.
Bug: 20614277
Bug: 20881595
Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3
