Commit graph

450 commits

Author SHA1 Message Date
luoqiangwei1
2fb4c66b59 Fix the problem of incremental OTA upgrade failure (recovery part)
When the updater compresses the file after the apply patch, unexpected results are generated, resulting in the failure of incremental OTA upgrade

Test: make imgdiff updater
Change-Id: I0d7652dca46c5b027f22670b254332fb8a5d5c98
Signed-off-by: luoqiangwei1 <luoqiangwei1@xiaomi.com>
2024-01-08 20:19:35 +00:00
Elliott Hughes
a85d7a0936 Use gtest_prod_headers.
Bug: http://b/185916167
Test: treehugger
Change-Id: I3407052df4f12b01acc4a75c6bd0759f7a4b2c4c
2021-04-20 11:58:05 -07:00
Alessandro Astone
1dfb086ca8 updater: Do not null terminate mount_flags_list array
mount_flags_list is a c-style NULL terminated array, but when
iterating over it via
    for (const auto& [name, value] : mount_flags_list)
the last { 0, 0 } is considered a valid entry.
Then `name` is NULL but checked with (flag == name),
which causes SIGSEGV.

Also move the definition to within setMountFlag()
and make it an std::pair array

Change-Id: Ia6670113620c6e8f95151fda764c3ab40bc2d67e
2021-02-17 00:05:54 +01:00
Bob Badour
29be3f6ef1 [LSC] Add LOCAL_LICENSE_KINDS to bootable/recovery
Added SPDX-license-identifier-Apache-2.0 to:
  applypatch/Android.bp
  bootloader_message/Android.bp
  edify/Android.bp
  fuse_sideload/Android.bp
  install/Android.bp
  minadbd/Android.bp
  minui/Android.bp
  otautil/Android.bp
  recovery_ui/Android.bp
  recovery_utils/Android.bp
  tests/Android.bp
  tools/image_generator/Android.bp
  tools/recovery_l10n/Android.bp
  uncrypt/Android.bp
  update_verifier/Android.bp
  updater/Android.bp
  updater/Android.mk
  updater_sample/Android.bp
  updater_sample/tests/Android.bp

Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-MIT
    SPDX-license-identifier-OFL
to:
  Android.bp
  Android.mk

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all

Exempt-From-Owner-Approval: janitorial work
Change-Id: I3da761b525452838977297f773974000d4de7bd6
2021-02-14 10:37:20 -08:00
Kelvin Zhang
d1ba38f7c9 Check for overflow before allocating memory fore decompression.
On 32bit devices, an ZipEntry64 may have size > 2^32, we should check
for such cases before attempting to allocate memory.

Test: mm -j
Change-Id: I0f916ef4b2a692f167719a74bd6ff2e887c6c2ce
2020-09-18 17:41:51 -04:00
Kelvin Zhang
4f81130039 Switch to zip64 in recovery
There's already library support for zip64 in libziparchive. We just need
to start using the new APIs.

Bug: 167951876
Test: Sideload a large ota package in recovery
Change-Id: I652741965f28de079d873c6822317ee9fa855201
2020-09-16 14:21:37 -04:00
Tianjie
1bc976a74e Fix some wording to comply with respectful-code
https: //source.android.com/setup/contribute/respectful-code
Test: Unit tests pass
Change-Id: If447b2cf923f6bc7a3a3fb5f69b9fbc06a200ebb
2020-07-23 13:07:24 -07:00
Treehugger Robot
31deac96f4 Merge changes from topic "nonab_pkg"
* changes:
  Add add_slot_suffix function.
  Add slot suffix to DAP ops
  Detect non-A/B vs. A/B packages correctly.
2020-05-20 00:30:31 +00:00
Yifan Hong
0c328d02c1 Add add_slot_suffix function.
This function appends androidboot.slot_suffix to the
value of the argument.

Test: apply update
Bug: 153581609
Change-Id: I28a4047b5f2051acc039084f65a71deb492d9dcb
(cherry picked from commit dff8004275)
Merged-In: I28a4047b5f2051acc039084f65a71deb492d9dcb
2020-05-19 15:20:14 -07:00
Yifan Hong
35d5e9f4cf Add slot suffix to DAP ops
If device supports both A/B and non-A/B, when applying a
non-A/B package, add current slot suffix and apply the update
to the partition at current slot.

This includes:
- (un)map_partition in edify script. For example,
  map_partition("system") will automatically append slot suffix
  to "system" before calling CreateLogicalPartition.
- All operations in dynamic_partitions_op_list. For example,
  add foo group_foo
  will automatically append slot suffix to foo and group_foo
  before editing the super partition metadata.

Test: apply update
Bug: 153581609
Change-Id: Idbd0bfea142529a33dddb4d2debfc74513290730
(cherry picked from commit bc7e1db211)
Merged-In: Idbd0bfea142529a33dddb4d2debfc74513290730
2020-05-19 15:20:14 -07:00
Hongguang Chen
586565fd8b Add more mounting options to updater mount function.
If enabling the oem partition, it will be mounted by updater before
reading product properties from it. To be safety, we want to enable AVB
to this oem partition. But this means the oem partition can never be
mounted to writable. Otherwise, that partition will be corrupted to AVB
verifying.
This change follows fs_mgr to allow to pass more mounting options to the
updater.

BUG: 150156957
Test: make ota package which mounts AVB oem partition to read only and
run OTA.

Change-Id: I2ebbe3c8ac53c70112f3fed2703fcba9170405a6
2020-03-17 23:39:13 -07:00
Treehugger Robot
4577dff5a0 Merge "Address the warnings in recovery code" 2020-03-16 04:35:13 +00:00
Tianjie Xu
00c4aba9bf Consolidate the wait in recovery's reboot
After a reboot function call, we should always wait for it to finish
without executing other instructions.

Bug: 151110322
Test: build
Change-Id: I1dda291a0835ff96df7eaf42eba1a38267a3beeb
2020-03-13 16:09:48 -07:00
Tianjie Xu
fb08b015f2 Address the warnings in recovery code
The following warnngs generate when compile with WITH_TIDY=1

.../bootable/recovery/applypatch/imgdiff.cpp:968:7: warning: 'src_ranges' used after it was moved [bugprone-use-after-move]
      src_ranges.Clear();
      ^
.../bootable/recovery/applypatch/imgdiff.cpp:966:27: note: move occurred here
        split_src_ranges->push_back(std::move(src_ranges));

The logic itself seems correct since the class is meant to be cleared
after move. I feel the std::move in 966 is actually useful to call the
move constructor in RangeSet. So I just modify L968 to suppress the
warning.

Less important ones:
bootable/recovery/applypatch/applypatch_modes.cpp:79:34: warning: passing result of std::move() as a const reference argument; no move will actually happen [performance-move-const-arg]
bootable/recovery/applypatch/imgdiff.cpp:1038:30: warning: passing result of std::move() as a const reference argument; no move will actually happen [performance-move-const-arg]
bootable/recovery/applypatch/imgdiff.cpp:1054:48: warning: passing result of std::move() as a const reference argument; no move will actually happen [performance-move-const-arg]
bootable/recovery/updater/include/private/commands.h:310:16: warning: std::move of the variable 'patch' of the trivially-copyable type 'PatchInfo' has no effect; remove std::move() [performance-move-const-arg]
bootable/recovery/updater/install.cpp:663:43: warning: passing result of std::move() as a const reference argument; no move will actually happen [performance-move-const-arg]

Bug: 150955971
Test: build
Change-Id: Ieb75f0229c47d470d4f5ac93fab39c5698d3f914
2020-03-07 17:54:11 -08:00
Tianjie Xu
2bb374a86d Add libavb as a dependency
It's needed by libfec

Test: mma
Change-Id: Ic82671f6506e7718afa965a511261b1b329ea38f
2020-02-28 11:41:31 -08:00
Dan Willemsen
5a6784168f Convert update_host_simulator to Android.bp
Bug: 130696912
Test: m update_host_simulator
Change-Id: I7b3c0217268a3edcf76548a5c83030050b2d17f3
2020-01-15 09:39:13 -08:00
Tianjie Xu
97692467a1 Run BORINGSSL_self_test() in updater_main
We need to run the these tests when starting updater to verify the
statically linked libcrypto. The test function is based on the known
answer tests, and it doesn't compute the hash of the libcrypto library.

Bug: 141003171
Test: unit tests pass, run a updater on cuttlefish
Change-Id: I897918a54bca76ea0c928102e7287df27505e1cc
2019-10-05 17:06:48 -07:00
Tao Bao
d628cfc153 Move mounts.cpp from libotautil into libupdater.
All the active users of mounts.h now live in updater/.

Test: mmma bootable/recovery
Test: Run recovery_unit_test on taimen.
Test: Code search shows no reference to otautil/mounts.h in device dirs.
Change-Id: I6c35d2e403e92a0111102d00aa4773f4f524650e
2019-10-01 12:13:04 -07:00
Colin Cross
4c4c7dc26b Merge "Use libcrypto_static instead of libcrypto" 2019-09-26 14:32:33 +00:00
Colin Cross
0e643e4d7f Use libcrypto_static instead of libcrypto
Replace libcrypto with libcrypto_static, which can be protected through
visibility to ensure only modules that don't affect FIPS certification
can use it.

Bug: 141248879
Test: m checkbuild
Change-Id: I0affaa292237bdbc772d3adc36086905ed6fbe9d
2019-09-23 13:54:09 -07:00
Tao Bao
5234ad466c applypatch: Add backup_source parameter to PatchPartition.
And set it to false when installing recovery image via applypatch. We
only need to back up the source partition when doing in-place update
(e.g. when updating a given partition under recovery). When installing
recovery image via applypatch, we won't touch the source partition (i.e.
/boot).

Removing the backup step also allows dropping the dac_override_allowed
permission. Previously it was needed due to the access to /cache.
Because applypatch runs as root:root, while /cache is owned by
system:cache with 0770.

Bug: 68319577
Test: Invoke the code that installs recovery image; check that recovery
      is installed successfully without denials.
Test: recovery_unit_test passes on taimen.
Change-Id: I549a770b511762189d6672a2835b6e403d695919
2019-09-23 11:26:48 -07:00
Tobias Thierer
54100d3348 Merge "Link libcrypto dynamically for recovery unit tests." 2019-09-13 16:56:06 +00:00
Pete Bentley
189d424ced Link libcrypto dynamically for recovery unit tests.
Tested by running recovery_unit_test as described in
https://android.googlesource.com/platform/bootable/recovery/+/refs/heads/master/README.md

Attempted to build and boot a recovery image with the
same change to confirm it still works, but
m recoveryimage-nodeps
fails for me.

Bug: 140940227
Test: See above
Change-Id: I00545968a0e5684823e505f2ddbe7e993319b5d4
2019-09-13 12:18:44 +01:00
Colin Cross
d81519400c Set LOCAL_INJECT_BSSL_HASH for updater
updater is built in Make and statically links libcrypto,
so it needs to set LOCAL_INJECT_BSSL_HASH to make the FIPS self
test pass.

Bug: 137267623
Test: m checkbuild
Change-Id: Ib253c870090ac8026f5cbb005d6b0e935c73edd1
2019-09-05 15:34:50 -07:00
David Anderson
3cbd7ae687 updater: Fix build for new CreateLogicalPartition signature.
Bug: 135752105
Test: mm libupdater_device
Change-Id: I9dc6dc1e9112177ee5c0a96b8969dc3dc02d95f2
2019-08-14 12:32:55 -07:00
Tianjie Xu
60b242cfd5 Simulator: add the argument to keep the updated images
Add the command line option to select the work directory and save the
updated image files. Because some people might have interested in
getting updated images from an ota file.

Also, fix a minor issue that the destination of package_extract_file
needs to be updated if it's a block device. Otherwise, an unintended
file may be extracted in the callers' directory.

Test: run simulation, run unit tests

Change-Id: Ic6a7db0580bc1748d6e080102e4654da4e41fd8c
2019-07-30 17:11:35 -07:00
Tianjie Xu
7efd23338a Add command line parser for simulator
Add a command line parser. Also add the support to parse the oem
property file and skip certain functions.

Bug: 131911365
Test: run simulator for wear builds
Change-Id: Ide306b53d3f42b29c02279969aeb18bec4045d6f
2019-07-16 13:03:41 -07:00
Tianjie Xu
fc2ad88770 Merge "Drop the device specific support for update host simulator" 2019-07-14 22:49:59 +00:00
David Anderson
4c8e6eae28 Merge "Fix build for API change to DestroyLogicalPartition()." 2019-07-13 18:02:05 +00:00
Tianjie Xu
b42281a423 Drop the device specific support for update host simulator
The device specific libs prevent us from building an universal simulator to add
to the otatools. Drop the support since there is currently no active users of the
simulator extension; plus we will unlikely to implement the device specific simulator
runtime.

As a alternation, we will add the commandline arguments to skip certain unsupported
functions, and move the simulator build to the bp file.

Bug: 131911365
Test: mma
Change-Id: I3ff0f45dbebe3ed72d5f4670a869b40e6cfd5a7c
2019-07-12 11:55:59 -07:00
Justin Yun
ea3c4a4948 Change the symlink to system_ext
As system_ext partition will be linked to system/system_ext, update
the path to system/system_ext.

Bug: 134359158
Test: build
Change-Id: I5a49adfe7e045e24bf6dfbf6990a965b8a5e1ce1
2019-07-09 23:33:26 +00:00
Robin Lee
1cf8eb7559 Add a GetMappedPackageLength to Updater
Corresponds to GetMappedPackageAddress.

There is at least one custom device recovery with an extension to copy
the package somewhere else as a backup. Ability to do this was removed
in change ag/955273.

Test: lunch cf_x86_tv-eng; make
Test: atest recovery_unit_test recovery_component_test
Change-Id: I0e61d8a8839c47721874526504ea03b9ca7bafa9
2019-07-08 19:30:11 +02:00
Tianjie Xu
4955648c4c Merge "Add unit tests for simulator" 2019-06-28 17:47:23 +00:00
Justin Yun
7ba8f18590 Rename product_services to system_ext
Bug: 134359158
Test: build and boot
Change-Id: I2ea21a0e528bdbab7d2479b48c73e7f2274ecca5
2019-06-28 16:17:26 +09:00
Tianjie Xu
c3a161e2b8 Add unit tests for simulator
Make sure the simulator succeeds executing common non-A/B update
functions.

Bug: 131911365
Test: run unit tests
Change-Id: I520ce6a8827539b88a9e36f9e67eec30d8b586d4
2019-06-27 16:17:05 -07:00
David Anderson
32148d9a0a Fix build for API change to DestroyLogicalPartition().
This method no longer contains a timeout parameter; it has been
removed in favor of changes to libdm.

Bug: 135771280
Test: builds
Change-Id: Id8c0f17c2787412bc4588af5a1bc49cc8e6edd51
2019-06-24 13:51:43 -07:00
Tianjie Xu
d118833f3e Implement updater runtime for dynamic partitions
The simulator skips executing the operations for dynamic partitions, and
will use the logical images under target_files/IMAGES directly. (Similar
to the targets without DAP enabled)

Bug: 131911365
Test: run update on cuttlefish, run simulator
Change-Id: Id318d97ece4560df9f20dc5cabeb8b2e261bdf9c
2019-06-24 12:46:28 -07:00
Tianjie Xu
74b0f7cce0 Implement the TargetFile and BuildInfo
The TargetFile class parses a target-file and provides functions to read
its contents. And the BuildInfo tries to simulate the device with files
on host. Some work it does includes parsing the build properties,
and extracting the image files for partitions specified in the fstab.

Bug: 131911365
Test: unit tests pass, run simulator with cuttlefish, wear devices and from extracted TF.
Change-Id: Iefe4a96d619d2e4b3d038e31480f11a0f9a70afa
2019-05-31 17:55:36 -07:00
Tianjie Xu
76e165d143 Disable building simulator for mac
Disable building the simulator and its support libraries to resolve the breakage
on mac host targets. Because the simulator is not intended to use on mac anyway.

Bug: 134047992
Test: mma
Change-Id: I488ab50cab1282f03250010b5334f1895d44f98b
2019-05-30 10:49:18 -07:00
Tianjie Xu
c1a5e26fd9 Implement an update simulator to verify BB OTA packages on host
Implement the simulator runtime and build the updater simulator as a host
executable. The code to parse the target-files and mocks the block devices
will be submitted in the follow-up.

Bug: 131911365
Test: unit tests pass

Change-Id: Ib1ba939aec8333ca68a45139514d772ad7a27ad8
2019-05-28 15:18:25 -07:00
Tianjie Xu
27556d089f Some clean ups to the updater
Remove some unnecessary includes or forward declarations. And include
the correct headers to build host executables.

Bug: 131911365
Test: unit tests pass
Change-Id: I62e75f60678159fe24619a4bd386b1416f1a5b5d
2019-05-22 14:58:28 -07:00
Tianjie Xu
1536db887f Add UpdaterRuntime class
This class adds a wrapper to the runtime dependent functions. Therefore,
the behavior of update on device stays the same, while simulators can
have their own implementations. Also change the caller side of the
registered updater functions to call these runtime wrappers.

Bug: 131911365
Test: unit tests pass, sideload an update on cuttlefish
Change-Id: Ib3ab67132991d67fc132f27120e4152439d16ac5
2019-05-20 18:03:27 -07:00
Tianjie Xu
3fda5d6508 Skip hashtree computation during block image verify
The hashtree computation is designed to execute after we write all the
bytes to the target block device. And executing the command during block
image verify will almost always fail since we are still on the source
build.

Test: run simulator
Change-Id: If8ebb66739969520367a0815f5f8f89f6fae47cf
2019-05-09 10:58:10 -07:00
Tianjie Xu
58d59129e1 Add Updater class and remove UpdaterInfo
The UpdaterInfo class is merely a collection of pointers and POD types.
We can replace it with a Updater class that has the ownership of the
resources. This also makes this class extensible as we plan to add more
functionality in the host simulator.

Bug: 131911365
Test: unit tests pass, run an update on cuttlefish and check last_install
Change-Id: I07ca5963bbee8ae3cb85ccc184464910aa73d4e4
2019-05-08 23:07:04 -07:00
Elliott Hughes
a86dddbfa5 Track libziparchive API change.
Bug: http://b/129068177
Test: treehugger
Change-Id: Ie5b2b0cff087f2e9e65a4e77c187e3173357f3ad
2019-05-06 10:28:14 -07:00
Tao Bao
782dcc1996 Consolidate the codes that handle reboot/shutdown.
Test: Choose `Reboot system now`, `Power off`, `Reboot to bootloader`
      from recovery UI respectively.
Test: `adb reboot recovery` while under sideload mode.
Change-Id: I0f3d55b80b472178ea4f6970b29cd9df0778b639
2019-04-29 12:12:25 -07:00
xunchang
53158e51d0 Fix potential size overflow in blockimg.cpp
Switch to 64 bit integers since the size of the entire src/tgt images may
not fit in size_t of ILP32.

There are other theoretical overflow cases in memory allocation and I/O
functions. However, they reside within a single transfer command and are
less likely to happen. I will evaluate and address them in separate
cls.

Test: unit tests pass
Bug: 122461124
Change-Id: Ib719ee695920877458fcfaa25c6ac058a5bbabf2
2019-01-17 09:26:12 -08:00
Yifan Hong
8ff84d7cfb updater: add functions to modify dynamic partition metadata
Test: sideload full OTA on cuttlefish
Test: sideload incremental OTA on cuttlefish (that grows
      system, shrinks vendor, and move vendor to group foo)
Test: verify that /cache/recovery/cc46ebfd04058569d0c6c1431c6af6c1328458e4
      exists (sha1sum of "system")

Bug: 111801737

Change-Id: Ibdf6565bc1b60f3665c01739b4c95a85f0261ae5
2019-01-14 14:01:13 -08:00
Yifan Hong
63f5260c6c Create stash dir recursively.
When applying an OTA package onto the device in OTA mode,
if the recovery logs haven't been viewed, there is a chance
that /cache/recovery does not exist. Then, stash creation will
fail. Create stash directories recursively to avoid this error.

Test: without /cache/recovery, sideload the OTA on cuttlefish
Change-Id: I5cc01a067d866476a3594e795dcb5b15649e817b
2019-01-11 15:13:22 -08:00
Tao Bao
22a27f9965 Merge "Use dynamically linked f2fs executables." 2019-01-08 19:49:20 +00:00