Commit graph

77 commits

Author SHA1 Message Date
Alessandro Astone
8d10568ac6 recovery: symlink /sbin for script compatibility
Change-Id: I6548d65c1e6f775d2d1931864ebf7830d701fbaf
2024-09-08 01:07:55 +02:00
Vojtech Bocek
000dfae7c5 recovery: init: mount pstore fs
Change-Id: Id3bf8763ccde54f87fde5cdf2db511649c376aa4
Signed-off-by: Vojtech Bocek <vbocek@gmail.com>
2024-09-08 01:06:35 +02:00
Steven Moreland
0e8d497ee1 Merge "Explicit init .rc user." 2023-04-24 18:19:00 +00:00
Steven Moreland
98322a3775 Explicit init .rc user.
Set the user explicitly.
Bug: 276813155
Test: boot

Change-Id: I26ee9db2a82dc89b35e551782b6b1d942e72c8cd
2023-04-14 16:12:23 +00:00
Roy Luo
fe37b5ebbc Configure USB gadget maximum power
The default 2mA would be applied if the field is left
unconfigured. Configure the gadget to use full power.

Test: boot to userspace fastbootd and recovery
Bug: 277022505
Change-Id: I18abd98b62f5ce8d35062debad8100d87140bdba
2023-04-06 00:27:51 +00:00
Josh Gao
c40208c59f Make recovery/fastbootd USB VID/PID configurable.
Vendors are assigned their own USB vendor/product IDs for products by
the USB Implementers Forum. When booting from system, these are set
by the USB gadget HAL, but recovery has its USB gadgets configured via
init.rc, so there's no good way to configure these without copy/pasting
the init.rc and having to check whether it changed in every new Android
release. Add system properties to let vendors customize the recovery
USB IDs to make this easier.


Test: `adb reboot fastboot && fastboot wait-for-device && lsusb -d 18d1:`
Change-Id: I015a4c13c956b76972785fb38d45611bed27d4f4
2022-08-25 04:48:59 +00:00
Yifan Hong
0fa1707600 on boot class_start hal
Now that we have HALs in recovery, class_start hal
on boot trigger.

Test: manual
Bug: 170338625
Change-Id: Ibfaabb3573252b681279cf05bbf07f8776bd9063
2021-11-17 10:14:41 -08:00
Yifan Hong
8798099058 Start servicemanager on init in recovery mode.
This aligns with the behavior in normal boot,
where servicemanager is started on init.

Test: manual in recovery mode
Bug: 170338625
Change-Id: I91d322da9f6eaef21c7ee969375e63751b61513c
2021-11-17 10:14:41 -08:00
Yifan Hong
cb22b13418 Mount binderfs and add /dev/binder in recovery.
Test: recovery mode
Bug: 170338625
Change-Id: I6c64039b4139a48f739a62e15a26e624566d252c
2021-11-17 10:14:41 -08:00
Marco Ballesio
65851cad82 recovery: don't mount acct
/acct is not necessary anymore for process group creation (it migrated
to /sys/fs/cgroup and is automatically mounted by libprocessgroup)

Bug: 168907513
Test: booted in remote mode and tested adb sideload
Change-Id: Iaa455df65f393ac1f67ae81c6e78d8f4934d88a2
2021-02-11 16:36:50 -08:00
Kiyoung Kim
ea2b683f6e Do not execute linkerconfig from recovery
Linkerconfig binary itself should be built as static, so size of
executable is hard to be reduced. However, this used lots of space from
recovery so only small space left in it. To avoid this linker config
from recovery should be generated within build time and use prebuilt
one. Prebuilt ld.config.txt will be located under /system/etc as before,
and init will copy the file into /linkerconfig so we can use same
location for both recovery and normal boot.

Bug: 146384333
Test: m -j passed && crosshatch bootloader worked with this change
Change-Id: I96300f1c8301167234787274820086a4c6ea0e6e
2019-12-17 15:05:54 +09:00
Kiyoung Kim
3a88a1748b Generate linker config from recovery init
Generate linker config from recovery init to be used from recovery
processes.

Bug: 139638519
Test: Tested from crosshatch
Change-Id: I777a8baf08254b07375b8039bb252864637e29e7
2019-12-12 14:40:37 +09:00
Tom Cherry
8834b4ea0a Merge "Fixed typo during stopping fastboot" 2019-11-13 20:18:22 +00:00
Dmytro Prokopchuk
df35405a4b Fixed typo during stopping fastboot
Change-Id: I0a589d068807e255654c7e62831423f944b5cdc3
Signed-off-by: Dmytro Prokopchuk <dmytro.prokopchuk@globallogic.com>
2019-11-13 13:30:17 +02:00
Tom Cherry
bcd3f35462 Move init and ueventd scripts from / to /system/etc
There is no reason for these scripts to continue to exist in /, when
they are better suited for /system/etc.  There are problems keeping
them at / as well, particularly that they cannot be updated with
overlayfs.

Bug: 131087886
Bug: 140313207
Test: build/boot + boot to recovery
Merged-In: I1fb6690d4302a1884d8521c21a9754b2ca710d5a
Change-Id: I1fb6690d4302a1884d8521c21a9754b2ca710d5a
2019-11-07 11:29:06 -08:00
Tom Cherry
0a19ef8cb6 Stop setting usb config from recovery init script
We used to set sys.usb.config to adb in the init script. And the purpose
is to start adbd. This is a duplicate of code because we always check and
reset the usb config in recovery_main.

Test: check adbd starts
Change-Id: I6e2842ff8aebf6ccf3bd3f2ae85323899a2b9de4
2019-11-06 23:04:36 -08:00
Tianjie Xu
7d5c341962 Start adbd in user mode if bootloader is unlocked
During automatic tests, we sometimes want to reboot the device out of
the rescue party remotely. And per http://go/recovery-adb-access, one
option is to start adbd in user build if the device has an unlocked
bootloader. This should not add more surface of attack. Because verified
boot is off with the unlocked bootloader, and the user can always flash
a custom recovery image that always starts adbd.

Bug: 141247819
Test: check adbd doesn't start in user build, unlock bootloader, and
check adbd starts.

Change-Id: I851746245f862cb4dfb01e6c3ad035f2c9f9ccec
2019-10-30 10:26:56 -07:00
Tao Bao
a89c21c9e5 Start charger at /system/bin/charger.
Bug: 114042635
Test: Boot into recovery mode on walleye. Check that charger keeps
      working.
Change-Id: I818536a6d261c860dd6f6c08774c2355e14f4236
2018-09-14 15:52:29 -07:00
Hridya Valsaraju
e4ef453914 Fix sideload for user devices by adding a new sideload config
Bug: 113563995
Test: Tested the 'adb sideload' command on marlin user/userdebug builds
and walleye user/userdebug builds

Change-Id: I00d565547b85f2db87012e4a08316609e03395ac
2018-09-07 15:02:43 -07:00
Elliott Hughes
a4495b5ee2 Add /dev/stdin, /dev/stdout, and /dev/stderr in recovery too.
Now these are in the main image, there's some chance of code assuming
they're present in recovery too (or command-line users using them out
of habit).

Bug: http://b/31824379
Test: builds
Change-Id: Ia19272cd1959685765099f3e15d1d1e63babd279
2018-08-23 08:31:59 -07:00
Hridya Valsaraju
20c81b308d Add fastboot mode to recovery
Add a fastboot mode to recovery that can be
entered with command line args or with the ui.

Add usb property triggers to switch between
fastboot and adb configurations.

Allow switching between fastboot and adb through
usb commands by opening a unix socket. adbd/fastbootd
writes to this socket, which interrupts the ui and
switches to the new mode.

Test: Use fastboot mode
Bug: 78793464
Change-Id: I7891bb84427ec734a21a872036629b95ab3fb13c
2018-08-13 21:18:18 -07:00
Tom Cherry
aceb244401 Merge "ueventd is now at /system/bin/ueventd" 2018-08-07 16:08:55 +00:00
Hridya Valsaraju
cfb3c92302 Move recovery from /sbin to /system/bin
Executables should be in /system/bin
rather than sbin.

Bug: 78793464
Test: boot into recovery, try adb sideload
Change-Id: I194589119a099d29e56b0648f0906a5ae2aa6770
2018-07-26 17:12:40 -07:00
Tom Cherry
b2fd16841a ueventd is now at /system/bin/ueventd
Bug: 79758715
Test: boot into recovery
Change-Id: I9bf47b2487993e275419befdc9718cc0ac8d3ea7
2018-07-24 15:58:29 -07:00
Jiyong Park
8b7af4c0ee Recovery image is self-contained
Now recovery mode is self-contained, which means we don't need to mount
system.img to run shell, etc. What is needed in recovery mode is all in
the recovery ramdisk image.

Since we no longer use /system as the mount point for the system.img,
this allows us to have identical filesystem layout as the system.img.
Executables and libs are installed to /system/bin and /system/lib.
Right now, we only have adbd, sh, toybox in /system/bin but will move
static executables from /sbin to /system/bin as soon as they are
converted to dynamic executables.

system.img is mounted to /mnt/system instead.

Bug: 63673171
Test: `adb reboot recovery; adb devices` shows the device ID
Test: `adb root && adb shell` and then
$ lsof -p `pidof adbd` shows that libm.so, libc.so, etc. are loaded from
the /lib directory.

Change-Id: I801ebd18f3e0a112db3d9a11e4fbb4e49181652a
2018-06-07 23:24:33 +09:00
Elliott Hughes
4dca6f12db Add a /bin symlink for consistency.
Bug: http://b/63142920
Test: builds
Change-Id: I1f96935daca4d79f753e172067e07f8e27ea819e
2017-12-06 08:41:50 -08:00
Tom Cherry
c58e03ec23 Merge "init.rc: Remove sys.powerctl action" am: 9848209088 am: 9fcc7c8253
am: 6e575ccd0f

Change-Id: Iec1eb05ea5ec85c035d6ae7e232699ab3a6f6878
2017-04-18 18:33:09 +00:00
Tom Cherry
4608daf0fe init.rc: Remove sys.powerctl action
Init now handles this property change directly.

Bug: 37209359
Bug: 37415192

Test: Init reboots normally.
Change-Id: I9a4925897fb83bed180d12c871d9a71126fa4aa8
2017-04-17 16:55:54 -07:00
Jerry Zhang
a61a672674 Write aliases before ffs mount in recovery
This is necessary to support kernel changes
that allow for multiple ffs functions. Some
kernels require aliases in order to name
function instances before mount time.

Test: Reboot into recovery, verify adb works
Bug: 34070894
Change-Id: I8376304d92af9b3e8c734fdb8cc77f0dc8bc4850
2017-01-04 11:20:19 -08:00
Jerry Zhang
e66f861a7c Write aliases before ffs mount in recovery
This is necessary to support kernel changes
that allow for multiple ffs functions. Some
kernels require aliases in order to name
function instances before mount time.

Test: Reboot into recovery, verify adb works
Bug: 34070894
Change-Id: I8376304d92af9b3e8c734fdb8cc77f0dc8bc4850
2017-01-04 11:16:02 -08:00
Sandeep Patil
c4b381c44b healthd: change how charger is launched in recovery.
This is triggered by changes in healthd which spits out 2 binaries.
Recovery needs to use static binary which is now renamed to 'charger'.
So, change the .rc file to match the rename.

Update the seclable according to new healthd-charger split

Test: Tested recovery on angler using 'reboot recovery' to ensure
healthd is working as before

Change-Id: I9e6018156e677e7224dd2e5894941ed2a7cac1d0
Signed-off-by: Sandeep Patil <sspatil@google.com>
2016-11-01 14:27:23 -07:00
Andriy Naborskyy
544a1562d9 init: move healthd to late-init
Starting healthd in early-init is not needed and can delay coldboot done
Now healthd is starting at boot as usual service.

Test: check kmsg that healthd starting after /dev/.coldboot_done

Bug: 30292927
Change-Id: I367d022f5885122da49181db3db536012e83f564
2016-10-10 17:29:11 -07:00
Elliott Hughes
48ebb07211 init now uses libprocessgroup, so set up /acct.
Change-Id: Iec1492dfaf2ceae6f4d8618dd725d07316ee960b
2016-06-15 15:15:15 -07:00
Elliott Hughes
ad29b10c00 Remove etc/META-INF/com/google/android/update-script.
Bug: http://b/29250988
Change-Id: I61f8c6717b38de2242e4ea8e0913237c1ce5bfea
2016-06-09 18:03:05 -07:00
Alex Deymo
6bcc8af6e5 Restore labels on /postinstall during recovery.
This patch mirrors what was done in the main init.rc to relabel
/postinstall.

Bug: 27178350
Bug: 27177071
Change-Id: I39cd03f3c55a42c03367957e8c259c9a3155203c
2016-03-02 14:35:51 -08:00
Paul Lawrence
a91335aedc am 90c75b0b: Change init sequence to support file level encryption
* commit '90c75b0beb375b8d261e2df92292e9b542470f6e':
  Change init sequence to support file level encryption
2015-07-13 17:53:14 +00:00
Paul Lawrence
90c75b0beb Change init sequence to support file level encryption
File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.

Split property loaded into system and data, and load in right order.

Bug: 22233063
Change-Id: I409c12e3f4a8cef474eb48818e96760fe292cc49
2015-07-07 13:26:17 -07:00
Paul Lawrence
b6b31549df am 10cf0942: Merge "Revert "Change init sequence to support file level encryption"" into mnc-dev
* commit '10cf0942a7f4b2bfd539416e4767aaaf866a6527':
  Revert "Change init sequence to support file level encryption"
2015-07-07 18:20:23 +00:00
Paul Lawrence
392879eec0 Revert "Change init sequence to support file level encryption"
This reverts commit 98c1a3de23.

Change-Id: I524060418de18f97c3865ebc4435f501015e92ee
2015-07-07 17:05:39 +00:00
Paul Lawrence
3cc5148007 am d6b2b65d: Merge "Change init sequence to support file level encryption" into mnc-dev
* commit 'd6b2b65dc40c5af7feecf634b8ae55bf14fe8e6c':
  Change init sequence to support file level encryption
2015-07-06 20:22:20 +00:00
Paul Lawrence
98c1a3de23 Change init sequence to support file level encryption
File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.

Split property loaded into system and data, and load in right order.

Bug: 22233063
Change-Id: I409c12e3f4a8cef474eb48818e96760fe292cc49
2015-07-06 10:44:33 -07:00
Elliott Hughes
4fd3446b4e init sets the default PATH itself, better.
This fixes 'su' and 'strace' in the recovery image.

Change-Id: I83c2664d32a15da92bb6092fbdfc772184013c88
2015-05-12 14:35:31 -07:00
Elliott Hughes
6f76dd58f4 Revert "Revert "init re-execs to set its security context now.""
This reverts commit c819dbe95b.

Bug: http://b/19702273
Change-Id: I5c75b148a12e644dd247a4df4f67dc9b4b9ff8cf
2015-04-24 12:42:46 -07:00
Nick Kralevich
c819dbe95b Revert "init re-execs to set its security context now."
shamu isn't booting now

This reverts commit c57453d537.

Change-Id: I8efbf6260f5fcf983e5056fac6d03916415b944e
2015-04-24 16:58:33 +00:00
Elliott Hughes
c57453d537 init re-execs to set its security context now.
Change-Id: I0a014f8dddfe775159903b5d6fa632733fef692c
2015-04-23 20:26:56 -07:00
Jesse Zhao
5bf74b238b Bump up max_map_count value.
Change-Id: Id3e2c0795b817db9a85bc84cba2aa05d20179d39
Bug: 18503789
2015-01-08 16:02:46 -08:00
JP Abgrall
9eb8c8bdbe init.rc: Inidicate that booting is complete wrt firwmare requests
ueventd will wait for /dev/.booting to go away before giving up
on loading firmware.
The issue was introduced in Ifdd5dd1e95d7e064dde5c80b70198882d949a710
which forgot to update recovery's init.rc

Bug: 17993625
Change-Id: I91205fe6eea50aaef9b401d650ec8d6843a92a57
2014-10-20 20:02:57 -07:00
Doug Zongker
075ad800c5 sideload without holding the whole package in RAM
Implement a new method of sideloading over ADB that does not require
the entire package to be held in RAM (useful for low-RAM devices and
devices using block OTA where we'd rather have more RAM available for
binary patching).

We communicate with the host using a new adb service called
"sideload-host", which makes the host act as a server, sending us
different parts of the package file on request.

We create a FUSE filesystem that creates a virtual file
"/sideload/package.zip" that is backed by the ADB connection -- users
see a normal file, but when they read from the file we're actually
fetching the data from the adb host.  This file is then passed to the
verification and installation systems like any other.

To prevent a malicious adb host implementation from serving different
data to the verification and installation phases of sideloading, the
FUSE filesystem verifies that the contents of the file don't change
between reads -- every time we fetch a block from the host we compare
its hash to the previous hash for that block (if it was read before)
and cause the read to fail if it changes.

One necessary change is that the minadbd started by recovery in
sideload mode no longer drops its root privileges (they're needed to
mount the FUSE filesystem).  We rely on SELinux enforcement to
restrict the set of things that can be accessed.

Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
2014-07-02 12:16:36 -07:00
Riley Andrews
e8d7dd4ed1 am 3e0fc39e: am 974fe112: Merge "Fix recovery mode."
* commit '3e0fc39ec27c0ed96ffd2a617f1841fe3bf3c8f6':
  Fix recovery mode.
2014-06-25 00:44:02 +00:00
Colin Cross
22bcf97a59 recovery: enable panic_on_oops
Set panic_on_oops=1 to reboot if the kernel panics.

Change-Id: Id9e8689a570229db2ea2a3d72b52784f8a1ed107
2014-06-24 13:43:39 -07:00