This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Cherry-pick of 452df6d99c, with
merge conflict resolution, extra logging in verifier.cpp, and
an increase in the hash chunk size from 4KiB to 1MiB.
Bug: http://b/28135231
Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
init and vold also need to write bootloader message, so
split this function from uncrypt into a separate library.
Bug: 27176738
Change-Id: If9b0887b4f6ffab6162d9cb47a6ceb7eedd60b4d
(cherry pick from commit 5f7111ff4d)
- Volantis console-ramoops-0 (upstream correct)
- Angler console-ramoops
- Bullhead console-ramoops
- Shamu console-ramoops
NB: Shamu also has kernel crashes in other pstore files,
not merging them in.
Bug: 27176738
Change-Id: Ib6eef3e25475935b89252f51c960719c7860511a
(cherry-pick from commit a4f701af93)
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
Currently block_image_verify() stashes source blocks to /cache and
in some case triggers I/O errors. To avoid this risk, We create
a map from the hash value to the source blocks' range_set. When
executing stash command in verify mode, source range is saved but block
contents aren't stashed. And load_stash could get its value from
either the stashed file from the previous update, or the contents on
the source partition specified by the saved range.
Bug: 27584487
Bug: 25633753
Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
The SwipeDetector class is used almost unchanged in all locations.
This patch moves it into the recovery module, from which devices can
reference it if required.
The class is now renamed to WearSwipeDetector.
Bug: 27407422
Change-Id: Ifd3c7069a287548b89b14ab5d6d2b90a298e0145
There was one case (ota_fsync, under TARGET_SYNC_FAULT, when the
filename was cached) where we were not setting have_eio_error
prior to returning. We fix that.
Change-Id: I2b0aa61fb1e821f0e77881aba04db95cd8396812
The only difference from SetColor in ScreenRecoveryUI is the that the
LOG messages have slightly different colors. That's not enough to
warrant a duplicate function. So this patch removes SetColor and uses
the parent class version.
This patch also moves the DrawTextLine* functions into ScreenRecoveryUI
since they're mostly the same. It also moves char_width and char_height
into the class instead of keeping them as static variables.
Bug: 27407422
Change-Id: I30428c9433baab8410cf710a01c9b1c44c217bf1
Cherry pick this patch because it fixes the problem that
a newed Value is released by free().
Bug: 26906416
Change-Id: Ib53b445cd415a1ed5e95733fbc4073f9ef4dbc43
(cherry picked from commit d6c93afcc2)
The function that modifies rtl_locale exists only in the base class,
and so the variable should not have a duplicate in the derived class,
otherwise there may be incosistent values when it is read by the derived
class (the thinking being that invoking the function will modify the
base class version of the variable, and not the derived class version).
Remove the updateMutex variable, and instead re-use the one in the base
class.
Also remove LoadBitmap from WearUI since it is identical to the one in
ScreenRecoveryUI.
Bug: 27407422
Change-Id: Idd823fa93dfa16d7b2c9c7160f8d0c2559d28731
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.
Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
(cherry picked from commit 3c62b67faf)
This reverts commit 1c7b2230d8.
This change can lead to the derived class indirectly (and incorrectly) calling some functions from the base class, which can lead to unpredictable behavior.
Bug: 27407422
Change-Id: I126a7489b0787dc195e942e2ceea6769de20d70c
This patch performs the following modifications:
- Remove setBackground function, and currentIcon member variable.
- Remove common Progress*, Redraw and EndMenu functions.
Bug: 27407422
Change-Id: Ic3c0e16b67941484c3bc1d04c9b61288e8896808
Signed-off-by: Prashant Malani <pmalani@google.com>
This is the first of a series of changes which move WearUI to subclass
ScreenRecoveryUI, to take advantage of several functions which are
common between the two recovery UI implementations, and already defined
in ScreenRecoveryUI.
This patch changes the base class of WearUI, removes redundant
header includes, and also removes a common function.
Bug: 27407422
Change-Id: I8fd90826900f69272a82e23bd099790e8004d511
This patch mirrors what was done in the main init.rc to relabel
/postinstall.
Bug: 27178350
Bug: 27177071
(cherry picked from commit 6bcc8af6e5)
Change-Id: I8320559f014cfb14216dcc350e016fc1db05cb14
Since we may not have /cache partition on A/B devices, let recovery
handle /cache related operations gracefully if /cache doesn't exist.
(1) Disable the wipe for /cache partition.
(2) Skip wiping /cache while wiping /data (i.e. factory reset).
(3) Disable logging-related features, until we figure out better
ways / places to store recovery logs (mainly for factory resets on A/B
devices).
Bug: 27176738
Change-Id: I7b14e53ce18960fe801ddfc15380dac6ceef1198
(cherry picked from commit 26112e5870)
We used to rely on files (e.g. /cache/recovery/command and
/cache/recovery/uncrypt_status) to communicate between uncrypt and its
caller (i.e. system_server). Since A/B devices may not have /cache
partitions anymore, we switch to socket communication instead.
We will keep the use of /cache/recovery/uncrypt_file to indicate the OTA
package to be uncrypt'd though. Because there is existing logic in
ShutdownThread.java that depends on the existence of the file to
detect pending uncrypt works. This part won't affect A/B devices without
/cache partitions, because such devices won't need uncrypt service (i.e
the real de-encrypt work) anyway.
Bug: 27176738
Change-Id: I481406e09e3ffc7b80f2c9e39003b9fca028742e