Commit graph

169 commits

Author SHA1 Message Date
Tao Bao
730646199b updater: Don't zero out CommandParameters with memset(3).
[1] switched a few things to android::base::unique_fd including
CommandParameters.fd. However, we were using memset(3) to zero out the
struct, which effectively assigned unique_fd(0) to fd. When it called
fd.reset(), file descriptor 0 was unintentionally closed. When FD 0 was
later reassigned via open(2), it led to lseek(2) errors: "Bad file
descriptor".

This CL switches to using braced-init (i.e. '= {}') instead, so that the
default constructor unique_fd(-1) would be called.

[1]: commit bcabd09293

Bug: 28391985
Change-Id: If1f99932b15552714c399e65c8b80550344b758a
2016-04-26 17:36:13 -07:00
Chih-Hung Hsieh
54a2747ef3 Fix google-runtime-int warnings.
Bug: 28220065
Change-Id: Ida199c66692a1638be6990d583d2ed42583fb592
2016-04-18 12:29:30 -07:00
Mattias Nissler
452df6d99c Convert recovery to use BoringSSL instead of mincrypt.
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.

Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
2016-04-06 15:54:17 +02:00
Elliott Hughes
4bbd5bf8a6 Move selinux dependencies out of header files.
Bug: http://b/27764900
Change-Id: Ib62a59edcb13054f40f514c404d32b87b14ed5f1
2016-04-01 18:24:39 -07:00
Elliott Hughes
bcabd09293 Switch to <android-base/unique_fd.h>.
Change-Id: I13ba3f40bd52b5f3e3fe9002a45a9a8630040129
2016-03-29 08:18:34 -07:00
Tianjie Xu
7eca97e75d Skip stashing source blocks in verify mode
Currently block_image_verify() stashes source blocks to /cache and
in some case triggers I/O errors. To avoid this risk, We create
a map from the hash value to the source blocks' range_set. When
executing stash command in verify mode, source range is saved but block
contents aren't stashed. And load_stash could get its value from
either the stashed file from the previous update, or the contents on
the source partition specified by the saved range.

Bug: 27584487
Bug: 25633753
Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
(cherry picked from commit 0188935d55)
2016-03-25 14:56:21 -07:00
Tianjie Xu
94dc34148c Merge "Reboot and retry on I/O errors" 2016-03-07 23:47:14 +00:00
Tao Bao
d80a99883d Fix the improper use of LOCAL_WHOLE_STATIC_LIBRARIES.
If two libraries both use LOCAL_WHOLE_STATIC_LIBRARIES and include a same
library, there would be linking errors when generating a shared library
(or executable) that depends on the two libraries both.

Also clean up Android.mk files.

Remove the "LOCAL_MODULE_TAGS := eng" line for the updater module. The
module will then default to "optional" which won't be built until needed.

Change-Id: I3ec227109b8aa744b7568e7f82f575aae3fe0e6f
2016-03-03 14:52:44 -08:00
Tianjie Xu
3c62b67faf Reboot and retry on I/O errors
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.

Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
2016-03-02 17:31:05 -08:00
Jed Estep
39c1b5e872 Control fault injection with config files instead of build flags
Bug: 26570379
Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
(cherry picked from commit d940887dde)
2016-02-22 17:31:12 -08:00
Yabin Cui
d6c93afcc2 applypatch: use vector to store data in FileContents.
Bug: 26906416
Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43
2016-02-11 18:10:31 -08:00
Jed Estep
a7b9a4660c IO fault injection for OTA packages
Bug: 25951086
Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
(cherry-picked from commit f1fc48c6e6)
2016-02-10 10:49:38 -08:00
Yabin Cui
64be2135d8 updater: fix memory leak based on static analysis.
Bug: 26907377
Change-Id: I384c0131322b2d12f0ef489735e70e86819846a4
2016-02-04 14:49:06 -08:00
Sen Jiang
c48cb5e597 Switch from mincrypt to BoringSSL in applypatch and updater.
Bug: 18790686
Change-Id: I7d2136fb39b2266f5ae5be24819c617b08a6c21e
2016-02-04 16:27:43 +08:00
Tianjie Xu
57bed6d8c9 updater: Add a function to check first block
Add and register a function to check if the device has been remounted
since last update during incremental OTA. This function reads block 0
and executes before partition recovery for version >= 4.

Bug: 21124327
Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
(cherry picked from commit 30bf476559)
2016-01-07 11:19:48 -08:00
Tao Bao
d3cac34430 updater: Use O_SYNC and fsync() for package_extract_file().
We are already using O_SYNC and fsync() for the recursive case
(package_extract_dir()). Make it consistent for the single-file case.

Bug: 20625549
Change-Id: I487736fe5a0647dd4a2428845e76bf642e0f0dff
2015-12-14 17:13:34 -08:00
Tianjie Xu
3b010bc393 updater: Output msg when recovery is called
Output messages in log when recovery is attempted or succeeded during
incremental OTA update.

Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda
(cherry picked from commit b686ba2114)
2015-12-10 16:20:48 -08:00
Tao Bao
baad2d454d updater: Replace strtok() with android::base::Split().
Change-Id: I36346fa199a3261da1ae1bc310b3557fe1716d96
2015-12-06 16:56:27 -08:00
Elliott Hughes
4b166f0e69 Track rename from base/ to android-base/.
Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
2015-12-04 15:30:20 -08:00
Tao Bao
1fdec8685a updater: Bump up the BBOTA version to 4.
To accommodate new changes in N release, such as error correction [1]
and other potential changes to the updater.

[1]: commit 0a7b47397d

Change-Id: I4dd44417d07dd0a31729894628635a0aa1659008
2015-10-22 17:04:28 -07:00
Sami Tolvanen
0a7b47397d Error correction: Use libfec in blockimg.cpp for recovery
Add block_image_recover function to rewrite corrupted blocks on the
partition. This can be attempted if block_image_verify fails.

Note that we cannot use libfec during block_image_update as it may
overwrite blocks required for error correction. A separate recovery
pass in case the image is corrupted is the only viable option.

Bug: 21893453
Change-Id: I6ff25648fff68d5f50b41a601c95c509d1cc5bce
2015-10-19 10:04:38 +01:00
Tao Bao
6a47dffde5 updater: Skip empty lines in the transfer list file.
We have the last line being empty as a result of
android::base::Split("a\nb\n"), which leads to "missing command"
warnings in the update. Just skip all the empty lines.

Bug: 24373789
Change-Id: I5827e4600bd5cf0418d95477e4592fec47bbd3a9
2015-09-25 17:12:28 -07:00
Tao Bao
b15fd224ed updater: Use android::base::ParseInt() to parse integers.
Change-Id: Ic769eafc8d9535b1d517d3dcbd398c3fd65cddd9
2015-09-24 12:14:37 -07:00
Tao Bao
5701d5829d Suppress some compiler warnings due to signedness.
Change-Id: I63f28b3b4ba4185c23b972fc8f93517295b1672a
2015-09-24 11:06:58 -07:00
Tao Bao
a42a322d8f Merge "updater: Manage buffers with std::vector." 2015-09-16 19:12:14 +00:00
Tao Bao
1107d96746 updater: Fix the line breaks in ui_print commands.
When processing ui_print commands in the updater, it misses a line break
when printing to the recovery log.

Also clean up uiPrintf() and UIPrintFn() with std::string's.

Change-Id: Ie5dbbfbc40b024929887d3c3ccd3a334249a8c9d
2015-09-10 10:17:56 -07:00
Tao Bao
612336ddc1 updater: Manage buffers with std::vector.
Change-Id: Ide489e18dd8daf161b612f65b28921b61cdd8d8d
2015-09-09 17:44:23 -07:00
Tao Bao
34847b2c70 updater: Replace the pointers in LoadSrcTgtVersion[1-3]() parameter.
And inline the call to LoadSrcTgtVersion1() into SaveStash().

Change-Id: Ibf4ef2bfa2cc62df59c4e8de99fd7d8039e71ecf
2015-09-08 11:08:00 -07:00
Tao Bao
0940fe17b0 updater: Clean up C codes.
Replace C-string with std::string, pointers with references, and
variable-size arrays in struct with std::vector.

Change-Id: I57f361a0e58286cbcd113e9be225981da56721b2
2015-09-01 12:57:35 -07:00
Tao Bao
9739a2920c updater: Remove the unused isunresumable in SaveStash().
Change-Id: I6a8d9bea4c1cd8ea7b534682061b90e893b227a2
2015-08-25 18:05:38 -07:00
Shrinivas Sahukar
a6153df887 GOOGLEGMS-749 Fix integer overflow while applying block based OTA package
There is an integer overflow when the size of system goes beyond the
signed int limits. Hence changing pos to size_t.

Change-Id: I6e5e1b2f0e72030b30a6df09a01642f4c82abc79
2015-08-21 15:59:28 -07:00
Tao Bao
e6aa3326c1 updater: Clean up char* with std::string.
So we can remove a few free()s. And also replace a few pointers with
references.

Change-Id: I4b6332216704f4f9ea4a044b8d4bb7aa42a7ef26
2015-08-06 13:05:00 -07:00
Tao Bao
dc3922622a udpater: Call fsync() after rename().
We need to ensure the renamed filename reaches the underlying storage.

Bug: 22840552
Change-Id: Ide2e753a2038691d472b6ee173cbf68ac998a084
2015-08-03 21:35:05 -07:00
Tao Bao
187efff6f3 updater: Hoist fsync() to outer loop.
Currently the fsync() inside write_all() may be called multiple times
when performing a command. Move that to the outer loop and call it
only after completing the command.

Also remove the O_SYNC flag when writing a stash.

Change-Id: I71e51d76051a2f7f504eef1aa585d2cb7a000d80
2015-07-27 14:17:09 -07:00
Tao Bao
ba8a6789f7 updater: libapplypatch needs libbase now.
Change-Id: I18da9e6da64fccab495dc5a96e3efd95cc6d88bf
(cherry picked from commit 1b1ea17d55)
2015-07-24 11:09:36 -07:00
Tao Bao
ba9a42aa7e recovery: Switch applypatch/ and updater/ to cpp.
Mostly trivial changes to make cpp compiler happy.

Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270
2015-07-13 17:21:31 -07:00
Tao Bao
9c67aa2d2b Revert "Zero blocks before BLKDISCARD"
This reverts commit b65f0272c8.

It slows down the update too much on some devices (e.g. increased
from 8 mins to 40 mins to take a full OTA update).

Bug: 22129621
Change-Id: I016e3b47313e3113f01bb4f8eb3c14856bdc35e5
(cherry picked from commit 7125f9594d)
2015-07-11 08:35:55 -07:00
Tao Bao
c0f56ad766 More accurate checking for overlapped ranges.
A RangeSet has half-closed half-open bounds. For example, "3,5" contains
blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped.

Bug: 22098085
Change-Id: I75e54a6506f2a20255d782ee710e889fad2eaf29
2015-06-25 17:07:45 -07:00
Sami Tolvanen
a3c75e3ea6 Zero blocks before BLKDISCARD
Due to observed BLKDISCARD flakiness, overwrite blocks that we want
to discard with zeros first to avoid later issues with dm-verity if
BLKDISCARD is not successful.

Bug: 20614277
Bug: 20881595
Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f
2015-06-10 17:09:48 +01:00
Sami Tolvanen
e82fa18d3d Revert "Zero blocks before BLKDISCARD"
This reverts commit 96392b97f6.

Change-Id: I77acc27158bad3cd8948390a3955197646a43a31
2015-06-10 15:58:12 +00:00
Sami Tolvanen
96392b97f6 Zero blocks before BLKDISCARD
Due to observed BLKDISCARD flakiness, overwrite blocks that we want
to discard with zeros first to avoid later issues with dm-verity if
BLKDISCARD is not successful.

Bug: 20614277
Bug: 20881595
Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3
2015-06-09 21:57:06 +01:00
Tao Bao
80e46e08de recovery: Switch to clang
And a few trival fixes to suppress warnings.

Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
2015-06-03 11:30:03 -07:00
Tao Bao
1eb9003b77 Fix build: fprintf without modifier
Change-Id: I66ae21a25a25fa3c70837bc54a7d406182d4cf37
2015-06-03 09:55:38 -07:00
Tao Bao
a69e608a52 Merge "Log update outputs in order" 2015-06-03 16:15:50 +00:00
Tao Bao
b6918c7c43 Log update outputs in order
Although stdout and stderr are both redirected to log file with no
buffering, we are seeing some outputs are mixed in random order.
This is because ui_print commands from the updater are passed to the
recovery binary via a pipe, which may interleave with other outputs
that go to stderr directly.

In recovery, adding ui::PrintOnScreenOnly() function to handle
ui_print command, which skips printing to stdout. Meanwhile, updater
prints the contents to stderr in addition to piping them to recovery.

Change-Id: Idda93ea940d2e23a0276bb8ead4aa70a3cb97700
2015-06-02 22:15:40 -07:00
Elliott Hughes
1441a9654f Merge "Really don't use TEMP_FAILURE_RETRY with close in recovery." 2015-05-29 18:02:57 +00:00
Elliott Hughes
b3ac676192 Really don't use TEMP_FAILURE_RETRY with close in recovery.
I missed one last time.

Bug: http://b/20501816
Change-Id: I9896ee2704237d61ee169f898680761e946e0a56
2015-05-28 23:06:17 -07:00
Sami Tolvanen
cc2428c818 Handle BLKDISCARD failures
In the block updater, if BLKDISCARD fails, the error is silently
ignored and some of the blocks may not be erased. This means the
target partition will have inconsistent contents.

If the ioctl fails, return an error and abort the update.

Bug: 20614277
Change-Id: I33867ba9337c514de8ffae59f28584b285324067
2015-05-28 09:09:02 +01:00
Dan Albert
e49a9e527a Stop using libstdc++.
These are already getting libc++, so it isn't necessary. If any of the
other static libraries (such as adb) use new or delete from libc++,
there will be symbol collisions.

Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f
2015-05-19 11:33:18 -07:00
Sami Tolvanen
6253753ab9 Merge "Add error and range checks to parse_range" 2015-05-18 08:08:54 +00:00