Commit graph

96 commits

Author SHA1 Message Date
Tao Bao
cdcf28f54f recovery: Fork a process for fuse when sideloading from SD card.
For applying update from SD card, we used to use a thread to serve the
file with fuse. Since accessing through fuse involves going from kernel
to userspace to kernel, it may run into deadlock (e.g. for mmap_sem)
when a page fault occurs. Switch to using a process instead.

Bug: 23783099
Bug: 26313124
Change-Id: Iac0f55b1bdb078cadb520cfe1133e70fbb26eadd
2016-01-13 21:29:20 -08:00
Elliott Hughes
4b166f0e69 Track rename from base/ to android-base/.
Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
2015-12-04 15:30:20 -08:00
Elliott Hughes
9f4fdb3def Track name change from adb_main to adb_server_main.
Change-Id: I835805348a9817c81639ad8471e3b49cae93c107
2015-11-20 13:03:24 -08:00
Tao Bao
04ca426362 recovery: Add timestamps in update logs.
Fork a logger process and send over the log lines through a pipe.
Prepend a timestamp to each line for debugging purpose. Timestamps are
relative to the start of the logger.

Example lines with the change in this CL:

[  445.948393] Verifying update package...
[  446.279139] I:comment is 1738 bytes; signature 1720 bytes from end
[  449.463652] I:whole-file signature verified against RSA key 0
[  449.463704] I:verify_file returned 0

Change-Id: I139d02ed8f2e944c1618c91d5cc43282efd50b99
2015-09-17 10:57:31 -07:00
Tao Bao
9a7fd80d2d recovery: Remove redirect_stdio() when calling ShowFile().
When calling ScreenRecoveryUI::ShowFile(), the only thing that gets
inadequately logged is the progress bar. Replace the call to
ScreenRecoveryUI::Print() with ScreenRecoveryUI::PrintOnScreenOnly() for
the progress bar, so we can avoid calling redirect_stdio().

Change-Id: I4d7c5d5b39bebe0d5880a99d7a72cee4f0b8f325
2015-09-10 13:42:05 -07:00
Tao Bao
ad509fd4a2 Merge "Fix potential crash" 2015-08-11 16:11:44 +00:00
Elliott Hughes
faa75006af Fix recovery image build.
A recent adb cleanup changed the signature of adb_main.

Change-Id: I98d084f999966f1a7aa94c63e9ed996b3375096d
2015-08-07 13:21:06 -07:00
Jeremy Compostella
1b7d9b7368 Fix potential crash
Malloc might fail when replacing package path. In this case, print a
clear error message in the logs and let the OTA fails.

Change-Id: I7209d95edc025e3ee1b4478f5e04f6e852d97205
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Signed-off-by: Gaelle Nassiet <gaellex.nassiet@intel.com>
2015-08-05 10:15:32 +02:00
Tao Bao
abb8f7785e recovery: Allow "Mount /system" for system_root_image.
When system images contain the root directory, there is no entry of
"/system" in the fstab. Change it to look for "/" instead if
ro.build.system_root_image is true. We actually mount the partition
to /system_root instead, and create a symlink to /system_root/system
for /system. This allows "adb shell" to work properly.

Bug: 22855115
Change-Id: Ibac493a5a9320c98ee3b60bd2cc635b925f5454a
2015-07-30 17:22:29 -07:00
Elliott Hughes
22ccc87a7d Merge "Unmount sdcard if no package file is selected." 2015-06-10 23:52:12 +00:00
Elliott Hughes
945548ef7b Split WipeData into PreWipeData and PostWipeData.
Bug: http://b/21760064
Change-Id: Idde268fe4d7e27586ca4469de16783f1ffdc5069
2015-06-10 14:09:31 -07:00
caozhiyuan
b4effb9807 Unmount sdcard if no package file is selected.
Change-Id: I12b4f880802135a98dbc11a19e74172a3a5ef921
2015-06-10 16:46:56 +08:00
Tao Bao
80e46e08de recovery: Switch to clang
And a few trival fixes to suppress warnings.

Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
2015-06-03 11:30:03 -07:00
Tao Bao
752386319c Clean up the sleep()'s after poking init services
Change-Id: I77564fe5c59e604f1377b278681b7d1bff53a77a
2015-05-27 14:48:56 -07:00
Elliott Hughes
c049163234 Add an alternate screen for viewing recovery logs.
This makes it easier to go back and forth without losing current output.

Also make the display more like regular more(1).

Bug: http://b/20834540
Change-Id: Icc5703e9c8a378cc7072d8ebb79e34451267ee1b
2015-05-06 21:17:05 -07:00
Tao Bao
bef39710ff Keep multiple kernel logs
Currently we are keeping one copy of the kernel log (LAST_KMSG_FILE).
This CL changes to keep up to KEEP_LOG_COUNT copies for kernel logs.

Bug: http://b/18092237
Change-Id: I1bf5e230de3efd6a48a5b2ae5a34241cb4d9ca90
2015-05-05 14:09:29 -07:00
Tao Bao
785d22c88c Turn on text display for debuggable builds
For userdebug and eng builds, turn on the text display automatically
if no command is specified.

Bug: http://b/17489952
Change-Id: I3d42ba2848b968da12164ddfda915ca69dcecba1
2015-05-04 09:59:29 -07:00
Elliott Hughes
8fd86d77f1 Move the menu header out of the menu.
This makes it easier for us to deal with arbitrary information at the
top, and means that headers added by specific commands don't overwrite
the default ones.

Add the fingerprint back, but broken up so it fits even on sprout's
display.

Change-Id: Id71da79ab1aa455a611d72756a3100a97ceb4c1c
2015-04-13 15:46:15 -07:00
Elliott Hughes
e46066f269 Add missing \n after "Mounting /system." message.
Change-Id: I280a478526f033f5c0041d7e8a818fce6177d732
2015-04-13 13:29:38 -07:00
Tao Bao
f012432f96 Revert "Append kernel logs to last_log file"
This reverts commit 2ec803f435.

Change-Id: I419025a772ef99db4c0a78bfa7ef66767f3fa062
2015-04-11 02:04:11 +00:00
Tao Bao
2ec803f435 Append kernel logs to last_log file
Currently we are keeping one copy of the kernel log (LAST_KMSG_FILE).
This CL changes to append it to the recovery log.

Bug: 18092237
Change-Id: I06ad5629016846927153064f1663753a90296f79
2015-04-10 17:23:34 -07:00
Elliott Hughes
20531ef605 Switch minadb over to C++.
Change-Id: I5afaf70caa590525627c676c88b445d3162de33e
2015-04-10 13:59:19 -07:00
Elliott Hughes
642aaa7a3e Fix ScreenRecoveryUI to handle devices without power/up/down.
Currently fugu has a custom subclass to handle this. The default code
supports devices with trackballs but not all shipping Nexus devices?
That's just silly.

Change-Id: Id2779c91284899a26b4bb1af41e7033aa889df10
2015-04-10 12:47:46 -07:00
Elliott Hughes
ec28340cf3 Move "Mount /system" to the main menu.
Everyone's adding secret key combinations for this anyway, and it's
very useful when debugging.

Change-Id: Iad549452b872a7af963dd649f283ebcd3ea24234
2015-04-10 10:01:53 -07:00
Elliott Hughes
bb78d6286d Move the recovery image version out of the menu header.
Rather than add code to wrap menu items, let's just put output the
recovery version to the log. It'll be visible at the bottom of the
screen and automatically wrap.

Change-Id: I158fe2d85bc56b195e00619fba455321743923bd
2015-04-09 20:51:08 -07:00
Elliott Hughes
8de52078a4 Move file paging into ScreenRecoveryUI.
This fixes the N9 performance problem.

Change-Id: I00c10d4162ff266a6243285e5a5e768217f6f799
2015-04-08 20:06:50 -07:00
Elliott Hughes
018ed31c51 Enable printf format argument checking.
The original attempt missed the fact that Print is a member function,
so the first argument is the implicit 'this'.

Change-Id: I963b668c5432804c767f0a2e3ef7dea5978a1218
2015-04-08 16:56:17 -07:00
Tao Bao
682c34bbc3 Rotate logs only when there are actual operations
Currently it rotates the log files every time it boots into the recovery
mode. We lose useful logs after ten times. This CL changes the rotation
condition so that it will rotate only if it performs some actual
operations that modify the flash (installs, wipes, sideloads and etc).

Bug: 19695622
Change-Id: Ie708ad955ef31aa500b6590c65faa72391705940
2015-04-07 22:02:27 -07:00
Tao Bao
e39a9bc722 Refactor the codes to call wipe_data/wipe_cache functions
It also changes the return type of wipe_data/wipe_cache to bool, so the
caller can get the status accordingly.

Change-Id: I3022dcdadd6504dac757a52c2932d1176ffd1918
2015-03-31 12:45:12 -07:00
Andres Morales
c277762de1 Revert "Erase PST partition if its marked to be erased."
This now gets done at the framework level.
Doing it here breaks the signature on the partition.

This reverts commit ee19387905.

Bug: 19967123
Change-Id: I2a977cb0f0ba94defa1bf9091219398ddc1d3528
(cherry picked from commit 037444642b)
2015-03-31 09:48:50 -07:00
Tao Bao
c679f93da3 Add support to enter sideload mode directly
When the command file contains "--sideload" (as a result of 'adb reboot
sideload'), it goes into sideload mode directly. Text display will be
turned on by default. It waits for user interaction upon finishing.

When the command file contains "--sideload_auto_reboot", it enters
sideload mode silently. And it will reboot after the installation
regardless of its result, which is designed for automated testing purpose.

Change-Id: Ifdf173351221c7bbf635cfd32463b48e1fff5740
2015-03-30 14:13:18 -07:00
Elliott Hughes
30694c9e2f Factor out the "yes/no" menu and use it for "Wipe cache" too.
It's surprising that only one of the wipe options asks for confirmation.
This change makes it easier to add confirmation to any action.

I've also removed the version information from all but the main menu,
because I find I'm not really reading the red text because there's
so much of it all the time.

(Given that fingerprints are long and menu items aren't wrapped, we
might want to go with an actual "About" menu item instead.)

Change-Id: I7d809fdd53f9af32efc78bee618f98a69883fffe
2015-03-25 16:49:01 -07:00
Tao Bao
145d861460 Factor out option variables from int to bool types
Change-Id: Ia897aa43e44d115bde6de91789b35723826ace22
2015-03-25 15:56:15 -07:00
Christian Poetzsch
4ec58a4ee5 Fix wipe command when using sideload in recovery
Add support for the wipe command when using sideload within the
recovery. All the support for this command is in place, only the
execution of the actual wipe command itself was missing.

Change-Id: Ia9cdfc912bfb9f558fa89b9f0ed54e843ede41f2
Signed-off-by: Christian Poetzsch <christian.potzsch@imgtec.com>
2015-03-24 11:26:42 -07:00
Elliott Hughes
c51ac89f0e Add "Apply update from sdcard" to default recovery image.
At the moment, this is the only difference in the sprout recovery
image. That's silly. Let's just improve the error handling slightly
and always have this option present.

Also make the obscure "<3e>" less unclear.

Also use "power button" as the default text rather than "enter button",
because it's been years since anyone had one of those. (Longer term we
should let subclassers tell us the keycode and we translate it to the
correct string.)

Also move the two "Reboot" options together, put "Power off" at the
bottom (and use that terminology, like the real UI, rather than
"Power down"), and use capitals throughout.

Finally, add a README.md with some useful instructions.

Change-Id: I94fb19f73d79c54fed2dda30cefb884426641b5c
2015-03-22 18:16:31 -07:00
Dan Albert
552fceb85c am 2d102225: Merge "Kill of most of the remainder of minadbd."
* commit '2d1022250941873f8748e6a159d4e5bf976e511f':
  Kill of most of the remainder of minadbd.
2015-02-20 00:05:30 +00:00
Dan Albert
f3a5726919 Kill of most of the remainder of minadbd.
I think everything left now is here to stay (services.c might get
massaged in to libadbd if it gets refactored).

Bug: 17626262
Change-Id: I01faf8b277a601a40e3a0f4c3b8206c97f1d2ce6
2015-02-19 15:41:35 -08:00
Elliott Hughes
dcbf4fc571 resolved conflicts for merge of 35efcd27 to lmp-mr1-dev-plus-aosp
Change-Id: I6f2ea07df2ab80a44301d9c3a2a8841c40a46002
2015-02-10 16:20:53 -08:00
Elliott Hughes
f14af80a14 recovery: Properly detect userdebug or eng builds
The recovery system behaves a little bit differently on userdebug or
eng builds by presenting error reports to the user in the ui.
This is controlled by checking the build fingerprint for the string
:userdebug/ or :eng/. But with AOSP version numbers most AOSP
builds blows the 92 char limit of ro.build.fingerprint and therefore
the property is not set, so this condition will always be evaluated
to false, for most builds.

Instead of depending on the flaky ro.build.fingerprint this change
uses ro.debuggable.

Change-Id: I74bc00c655ac596aaf4b488ecea58f0a8de9c26b
2015-02-10 14:46:14 -08:00
Patrick Tjin
f59b994264 Add basic navigation controls to log viewer.
Bug: 18642766

Change-Id: I95a6c8edf83513d421a041e79c15111b5c991dde
Signed-off-by: Patrick Tjin <pattjin@google.com>
2014-12-10 05:18:05 +00:00
Patrick Tjin
cd055ee72a Save kernel logs to /cache/recovery
Bug: 18642766

Change-Id: I6c8b7d8f9ffb688d3afdfe0d47c4142e711e421d
Signed-off-by: Patrick Tjin <pattjin@google.com>
2014-12-10 05:17:14 +00:00
Nick Kralevich
a9ad0324d1 Make /cache/recovery/last_log available in recovery
Create a new recovery UI option to allow the user to view
/cache/recovery/last_log for their device. This gives enhanced
debugging information which may be necessary when a failed
OTA occurs.

Bug: 18094012
Change-Id: Ic3228de96e9bfc2a0141c7aab4ce392a38140cf3
2014-10-22 21:43:08 -07:00
Jeff Sharkey
a6e13ae01b Include reason when wiping data.
This will help us track down who requested a data wipe.

Bug: 17412160
Change-Id: I1c439fbd29f96b9851810baca9101f683a0f18d8
2014-09-24 11:46:17 -07:00
Andres Morales
ee19387905 Erase PST partition if its marked to be erased.
We need to wipe the challenges on this partition
if OEM unlock is enabled, as this is a signal that
the user has opted out of factory reset protection.

go/factory-reset

Bug: 16633064
Change-Id: Icb8f1433bf99ca57813f5b72d5a3dd15fa94a263
2014-08-06 09:58:55 -07:00
Doug Zongker
945fc68c62 do sdcard sideloading through the fuse filesystem
Make a fuse filesystem that sits on top of the selected package file
on the sdcard, so we can verify that the file contents don't change
while being read and avoid copying the file to /tmp (that is, RAM)
before verifying and installing it.

Change-Id: Ifd982aa68bfe469eda5f839042648654bf7386a1
2014-07-10 10:58:35 -07:00
Doug Zongker
93950229cf drop APPLY_CACHE and refactor APPLY_EXT
Drop support for sideloading OTA packages of the cache partition (a
half-solution that's long since been deprecated by "adb sideload").
Refactor the code to sideload OTA packages from SD cards: remove the
installation code from the file browser.

Change-Id: Id0dff6b27c4a5837546f174f50e2e1d0379c43db
2014-07-08 14:10:23 -07:00
Doug Zongker
075ad800c5 sideload without holding the whole package in RAM
Implement a new method of sideloading over ADB that does not require
the entire package to be held in RAM (useful for low-RAM devices and
devices using block OTA where we'd rather have more RAM available for
binary patching).

We communicate with the host using a new adb service called
"sideload-host", which makes the host act as a server, sending us
different parts of the package file on request.

We create a FUSE filesystem that creates a virtual file
"/sideload/package.zip" that is backed by the ADB connection -- users
see a normal file, but when they read from the file we're actually
fetching the data from the adb host.  This file is then passed to the
verification and installation systems like any other.

To prevent a malicious adb host implementation from serving different
data to the verification and installation phases of sideloading, the
FUSE filesystem verifies that the contents of the file don't change
between reads -- every time we fetch a block from the host we compare
its hash to the previous hash for that block (if it was read before)
and cause the read to fail if it changes.

One necessary change is that the minadbd started by recovery in
sideload mode no longer drops its root privileges (they're needed to
mount the FUSE filesystem).  We rely on SELinux enforcement to
restrict the set of things that can be accessed.

Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
2014-07-02 12:16:36 -07:00
Doug Zongker
8d9d3d5cbe add reboot-to-bootloader and power down options to recovery menu
Useful when debugging or developing for recovery.

Change-Id: Ic3ab42d5e848ad3488f1c575339b55e45c8a024b
2014-04-01 13:20:23 -07:00
Doug Zongker
a898c52b64 am b4bbf887: resolved conflicts for merge of 708aa238 to klp-modular-dev-plus-aosp
* commit 'b4bbf8878c3a6b2a17a3a96f1a23300748dbd81a':
  add --shutdown_after option to recovery
2014-03-18 20:52:43 +00:00
Doug Zongker
b4bbf8878c resolved conflicts for merge of 708aa238 to klp-modular-dev-plus-aosp
Change-Id: I3d00437d519f93652ccae6b361e89e853ccae9b3
2014-03-18 10:56:32 -07:00