Commit graph

124 commits

Author SHA1 Message Date
Tao Bao
c3dddce205 More accurate checking for overlapped ranges.
A RangeSet has half-closed half-open bounds. For example, "3,5" contains
blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped.

Bug: 22098085
Change-Id: I362d259f8b5d62478858ad0422b635bc5068698d
(cherry picked from commit c0f56ad766)
2015-06-26 13:48:46 -07:00
Sami Tolvanen
b65f0272c8 Zero blocks before BLKDISCARD
Due to observed BLKDISCARD flakiness, overwrite blocks that we want
to discard with zeros first to avoid later issues with dm-verity if
BLKDISCARD is not successful.

Bug: 20614277
Bug: 20881595
Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f
(cherry picked from commit a3c75e3ea6)
2015-06-10 20:36:02 +01:00
Sami Tolvanen
6abd52f62b Revert "Zero blocks before BLKDISCARD"
This reverts commit 604c583c9d.

Change-Id: I2b0b283dc3f44bae55c5e9f7231d7c712630c2b5
2015-06-10 15:52:04 +00:00
Sami Tolvanen
604c583c9d Zero blocks before BLKDISCARD
Due to observed BLKDISCARD flakiness, overwrite blocks that we want
to discard with zeros first to avoid later issues with dm-verity if
BLKDISCARD is not successful.

Bug: 20614277
Bug: 20881595
Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3
(cherry picked from commit 96392b97f6)
2015-06-09 22:21:44 +01:00
Elliott Hughes
b5dabd25e1 Really don't use TEMP_FAILURE_RETRY with close in recovery.
I missed one last time.

Bug: http://b/20501816
Change-Id: I9896ee2704237d61ee169f898680761e946e0a56
(cherry picked from commit b3ac676192)
2015-05-29 11:03:44 -07:00
Sami Tolvanen
92eea1bc41 Handle BLKDISCARD failures
In the block updater, if BLKDISCARD fails, the error is silently
ignored and some of the blocks may not be erased. This means the
target partition will have inconsistent contents.

If the ioctl fails, return an error and abort the update.

Bug: 20614277
Change-Id: I33867ba9337c514de8ffae59f28584b285324067
(cherry picked from commit cc2428c818)
2015-05-29 09:02:14 +01:00
Elliott Hughes
1857a7f579 Don't use TEMP_FAILURE_RETRY on close in recovery.
Bug: http://b/20501816
Change-Id: I35efcd8dcec7a6492ba70602d380d9980cdda31f
(cherry picked from commit b47afedb42)
2015-05-15 18:09:33 -07:00
Elliott Hughes
2f5feedf1d Check all lseek calls succeed.
Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek.

Bug: http://b/20625546
Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
(cherry picked from commit 7bad7c4646)
2015-04-29 21:14:56 -07:00
Sami Tolvanen
43b748f254 Don't remove existing explicitly stashed blocks
When automatically stashing overlapping blocks, should the stash
file already exist due to an explicit stash command, it's not safe
to remove the stash file after the command has completed.

Note that it is safe to assume that the stash file will remain in
place during the execution of the next command, so we don't have
take other measures to preserve overlapping blocks.

The stash file itself will be removed by a free command when it's
no longer needed.

Bug: 20297065
Change-Id: I8ff1a798b94086adff183c5aac03260eb947ae2c
2015-04-17 13:07:08 +01:00
Elliott Hughes
1fdd452f47 Always use strerror to report errno in recovery.
Change-Id: I7009959043150fabf5853a43ee2448c7fbea176e
2015-03-23 13:33:57 -07:00
Narayan Kamath
9c0f5d6b34 Remove more dead code from minzip.
I've added explanatory comments to mzExtractRecursive because
that function will live on as a utility even after we move the
zip format related logic to libziparchive.

bug: 19472796

(cherry-picked from commit c9ccdfd7a42de08c47ab771b94dc5b9d1f957b95)

Change-Id: I8b7fb6fa3eafb2e7ac080ef7a7eceb691b252d8a
2015-02-27 12:58:16 +00:00
Jesse Zhao
1df64d3278 Initialize stashbase even stash_max_blocks = 0
Change-Id: I480c02ffedd811f4dda9940ef979a05ff54f1435
Bug: 19410117
2015-02-17 17:09:29 -08:00
Elliott Hughes
2fd48fcca5 am 42b09d25: am 6a0d2fbc: Merge "There\'s no GPL code in \'updater\'."
* commit '42b09d255afdb47bc0546183cbc68e86147baaab':
  There's no GPL code in 'updater'.
2015-02-09 04:15:14 +00:00
Elliott Hughes
42b09d255a am 6a0d2fbc: Merge "There\'s no GPL code in \'updater\'."
* commit '6a0d2fbcaa1740da7bb0e7a0ef8280e8b7b9bb05':
  There's no GPL code in 'updater'.
2015-02-07 07:43:35 +00:00
Sami Tolvanen
0b52c91347 Merge "Support resuming block based OTAs" 2015-02-06 10:25:52 +00:00
Elliott Hughes
8a9014d572 There's no GPL code in 'updater'.
This notice was added for libsyspatch and libxdelta3, but that code
has been removed since.

Change-Id: I4008878ded56ca1d5094a8208728f8c02fe1fe03
2015-02-05 14:53:55 -08:00
Elliott Hughes
40862ab59e am aeecac54: Merge "Add missing includes."
* commit 'aeecac5444ce55d2e82ee1b2aa35ff61a038c14e':
  Add missing includes.
2015-01-30 21:16:36 +00:00
Sami Tolvanen
90221205a3 Support resuming block based OTAs
Add support for transfer list version 3, which allows us to
verify the status of each command and resume an interrupted
block based OTA update. Notes on the changes:

 - Move the previous BlockImageUpdateFn to a shorter and
   reusable PerformBlockImageUpdate, which can be used also
   in BlockImageVerifyFn for verification.

 - Split individual transfer list commands into separate
   functions with unified parameters for clarity, and use
   a hash table to locate them during execution.

 - Move common block reading and writing to ReadBlocks and
   WriteBlocks to reduce code duplication, and rename the
   readblock and writeblock to less confusing read_all and
   write_all.

The coding style of the new functions follows the existing
style in the updater/edify code.

Needs matching changes from
  Ia5c56379f570047f10f0aa7373a1025439495c98

Bug: 18262110
Change-Id: I1e752464134aeb2d396946348e6041acabe13942
2015-01-30 14:38:31 +00:00
Elliott Hughes
cd3c55ab40 Add missing includes.
Change-Id: I06ea08400efa511e627be37a4fd70fbdfadea2e6
2015-01-29 20:50:08 -08:00
Ying Wang
cdce7f7e55 am c43b17f0: Merge "Fix recovery image build for 32p"
* commit 'c43b17f0adac1092e221ce6166ca8bc464090525':
  Fix recovery image build for 32p
2014-12-02 00:07:35 +00:00
Bruce Beare
4c3c7a962f Fix recovery image build for 32p
When building for 32p, we need to be explicit that we wish to build
the 32bit version of the binaries that will be placed in the recovery
image. The recovery image doesn't actually care... but if we are not
explicit in this, the makefiles will ask for the 64bit binaries but the
Android.mk for the binaries will supply the 32bit images (causing the
build to fail).

Change-Id: Iea2d5f412740c082795da4358765751138a4b167
2014-11-30 19:21:19 -08:00
Michael Runge
5b9c4ce5a1 am b278c252: Add support for tune2fs file operations
* commit 'b278c252e148798346f85fc92eeea6afeb33fbf0':
  Add support for tune2fs file operations
2014-11-24 02:37:03 +00:00
Michael Runge
b278c252e1 Add support for tune2fs file operations
This allows tune2fs to be executed from within OTA scripts,
allowing for file system modifications without formatting the
partition

Bug: 18430740
Change-Id: I0c2e05b5ef4a81ecea043e9b7b99b545d18fe5e6
2014-11-21 13:02:03 -08:00
Michael Runge
fe8563f4f2 am 5ddf4293: Log mount/unmount errors to UI
* commit '5ddf4293df45a051c7900eeb62fb5ec4950b6cb6':
  Log mount/unmount errors to UI
2014-10-24 23:17:43 +00:00
Michael Runge
5ddf4293df Log mount/unmount errors to UI
Bug: 18092022
Change-Id: I6c42038ebeb1cfc1e7ca0d3e12310fdce1b990b0
2014-10-24 14:14:41 -07:00
Nick Kralevich
915d661ccc am 68802416: unconditionally apply SELinux labels to symlinks
* commit '688024169df70336cc128ea8cc929174c53a501e':
  unconditionally apply SELinux labels to symlinks
2014-10-24 17:43:15 +00:00
Nick Kralevich
688024169d unconditionally apply SELinux labels to symlinks
At the end of the OTA script, we walk through /system, updating
all the permissions on the filesystem, including the UID, GID,
standard UNIX permissions, capabilities, and SELinux labels.

In the case of a symbolic link, however, we want to skip most of
those operations. The UID, GID, UNIX permissions, and capabilities
don't meaningfully apply to symbolic links.

However, that's not true with SELinux labels. The SELinux label on
a symbolic link is important. We need to make sure the label on the
symbolic link is always updated, even if none of the other attributes
are updated.

This change unconditionally updates the SELinux label on the symbolic
link itself. lsetfilecon() is used, so that the link itself is updated,
not what it's pointing to.

In addition, drop the ENOTSUP special case. SELinux has been a
requirement since Android 4.4. Running without filesystem extended
attributes is no longer supported, and we shouldn't even try to handle
non-SELinux updates anymore. (Note: this could be problematic if
these scripts are ever used to produce OTA images for 4.2 devices)

Bug: 18079773
Change-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91
2014-10-23 20:46:33 -07:00
Michael Runge
da500cecf5 am 168f7778: Allow passing of mount args to mountFn
* commit '168f77787700f0e9f66675beef33c593a777e64e':
  Allow passing of mount args to mountFn
2014-10-23 21:56:52 +00:00
Brian Carlstrom
4da9cdeab9 am 473967d8: Merge "Log to UI any metadata setting errors" into lmp-dev
* commit '473967d87ff9fc7a541c16ebdc56364c285d2862':
  Log to UI any metadata setting errors
2014-10-23 21:56:52 +00:00
Michael Runge
168f777877 Allow passing of mount args to mountFn
Bug: 18079773
Bug: 18092222

Change-Id: Ifc3f3e123de729dfbb2f49414b3207afa96268d5
2014-10-23 18:13:26 +00:00
Brian Carlstrom
473967d87f Merge "Log to UI any metadata setting errors" into lmp-dev 2014-10-23 17:18:13 +00:00
Michael Runge
d4a63426ef Log to UI any metadata setting errors
Bug: 18079773
Change-Id: Ic6fddbcbcb6ddb9e1cbd1698df98387c0033ae15
2014-10-23 10:06:33 -07:00
Michael Runge
3b5c6dca0a am 2f0ef730: Treat already-renamed files as having no problems.
* commit '2f0ef73029fc51c6404121f338b034c8b516652c':
  Treat already-renamed files as having no problems.
2014-10-23 16:34:38 +00:00
Michael Runge
2f0ef73029 Treat already-renamed files as having no problems.
This should help with reentrant OTAs.

Bug: 18079773

Change-Id: I102fd738e3b450483ecd4471384c12e89fc586e2
2014-10-23 00:04:36 +00:00
Doug Zongker
d83e4f1589 support for version 2 of block image diffs
In version 2 of block image diffs, we support a new command to load
data from the image and store it in the "stash table" and then
subsequently use entries in the stash table to fill in missing bits of
source data we're not allowed to read when doing move/bsdiff/imgdiff
commands.

This leads to smaller update packages because we can break cycles in
the ordering of how pieces are updated by storing data away and using
it later, rather than not using the data as input to the patch system
at all.  This comes at the cost of the RAM or scratch disk needed to
store the data.

The implementation is backwards compatible; it can still handle the
existing version 1 of the transfer file format.

Change-Id: I4559bfd76d5403859637aeac832f3a5e9e13b63a
2014-09-25 16:38:14 -07:00
Doug Zongker
40482ea2ae Merge "fix comment in blockimg updater code" into lmp-dev 2014-09-04 15:26:29 +00:00
Doug Zongker
f7bb09dae8 fix comment in blockimg updater code
The comment for the DEBUG_ERASE setting is exactly backwards.

Change-Id: I98ab5828365894217fc78976817a131e7d22d5c1
2014-09-04 08:10:32 -07:00
Andrew Boie
8328922ff0 use lseek64 instead of lseek
Otherwise, overflow problems can occur with images larger than
2G since the offsets will overflow a 32-bit off_t.

Change-Id: I05951a38ebeae83ad2cb938594e8d8adb323e2aa
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2014-09-04 07:54:17 -07:00
Doug Zongker
5f875bf577 remove code for original block OTA mechanism
Superseded by newer code.

Bug: 16984795
Change-Id: I842299f6a02af7ccf51ef2ca174d813ca53deef1
2014-08-26 13:54:24 -07:00
Doug Zongker
1d5d6098f4 fix two bugs in block image updater
The computation of file offsets was overflowing for partitions larger
than 2 GB.  The parsing of the transfer file could fail at the end if
the data happened to not be properly null-terminated.

Bug: 16984795
Change-Id: I3ce6eb3e54ab7b55aa9bbed252da5a7eacd3317a
2014-08-21 10:47:24 -07:00
Doug Zongker
bc7ffeda98 installer for new block OTA system
(Cherry-pick back from master.)

Bug: 16984795
Change-Id: Ifa3d8345c5e2a0be86fb28faa080ca82592a96b4
2014-08-19 16:53:39 -07:00
Doug Zongker
2b5f0e0f76 remove spurious parens from error message
These error messages include empty parens after each string
substition.  Ill-advised cut and paste, probably.

Bug: 16467401
Change-Id: Ib623172d6228354afdcc2e33442cc53a07f0ecbc
2014-08-06 08:25:03 -07:00
Michael Runge
a91ecc59b2 Auto create parent directories for rename support
Sometimes renames will move a file into a directory
that does not yet exist.  This will create the
parent directories, using the same symlink logic,
to ensure that there is a valid destination.

Change-Id: Iaa005a12ce800c39f4db20f7c25a2a68cb40a52d
2014-07-21 17:40:02 -07:00
JP Abgrall
37aedb3faf Support F2FS for the data partition
This adds F2FS support
- for wiping a device
- for the install "format" command.

Note: crypto data in "footer" with a default/negative length
is not supported, unlike with "ext4".

Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870
Signed-off-by: JP Abgrall <jpa@google.com>
2014-06-16 19:07:39 -07:00
Doug Zongker
43772d26a5 advance progress bar during block OTA installations
While executing syspatch and package_extract_file() calls with don't
care maps (both of which are used to rewrite the system image in
incremental and full block OTAs, respectively), pass a progress
callback in and use it to update the visible progress bar.

Change-Id: I1d3742d167c1bb2130571eb5103b7795c65ff371
2014-06-09 14:15:22 -07:00
Doug Zongker
c704e06ce5 disable async reboot during package installation
The default recovery UI will reboot the device when the power key is
pressed 7 times in a row, regardless of what recovery is doing.
Disable this feature during package installation, to minimize the
chance of corrupting the device due to a mid-install reboot.  (Debug
packages can explicitly request that the feature be reenabled.)

Change-Id: I20f3ec240ecd344615d452005ff26d8dd7775acf
2014-05-23 08:52:31 -07:00
Michael Runge
aa1a31e83d Allow lines without = signs.
The new build.prop for Sprout includes lines of the format:
import xxx.prop

These can be safely ignored when reading the property file.

Change-Id: Ia84a138e71461ffe8e591e88143b9787873def29
2014-05-01 18:37:40 -07:00
Mark Salyzyn
679baa06b7 am 4b6de1ba: am 026ebe02: Merge "Recovery 64-bit compile issues"
* commit '4b6de1ba1ce0fff95c18a8abb7ba6e5762006d49':
  Recovery 64-bit compile issues
2014-03-14 21:35:41 +00:00
Mark Salyzyn
4b6de1ba1c am 026ebe02: Merge "Recovery 64-bit compile issues"
* commit '026ebe0214d6c1c9b3ddc22c35e9ac37e5f622bc':
  Recovery 64-bit compile issues
2014-03-14 20:59:56 +00:00
Mark Salyzyn
f3bb31c32f Recovery 64-bit compile issues
Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
2014-03-14 13:51:39 -07:00