am: 1f814d7630
* commit '1f814d7630c56cc9e825ed411e068414c97acb6c':
DO NOT MERGE Use updated libpng API
Change-Id: Ib381e8ccefe9181911a2144d7255ecadefb42b5c
am: 36acff7d7e
* commit '36acff7d7e88549bbeab6a08488ab48596d7fbc5':
DO NOT MERGE Use updated libpng API
Change-Id: I7f01d932235ef69640ed4859d0e62344b3b774de
am: a5bc59620f
* commit 'a5bc59620fd43c99621eb98ac84cbeea867d0c93':
DO NOT MERGE Use updated libpng API
Change-Id: I3d8d27b08fd1fd89c6b8d9c39b883a45aecb83ce
am: 839b4e592a
* commit '839b4e592a7c81bdebe08fae4eef6e909c89acd6':
DO NOT MERGE Use updated libpng API
Change-Id: I7bbece70a4129554d953fd22c71527b2ca11262e
This now gets done at the framework level. Doing it here breaks the signature on the partition.
This reverts commit ee19387905.
Bug: 19967123
Change-Id: I447b926b733ca145f11a916d9569ce39889db627
This should reduce errors if the device reboots before the blocks
are commited to disk.
Bug: 18481902
Change-Id: I13cda1c78955e4c83522fbcf87ddb16cc9f97683
This allows tune2fs to be executed from within OTA scripts,
allowing for file system modifications without formatting the
partition
Bug: 18430740
Change-Id: I0c2e05b5ef4a81ecea043e9b7b99b545d18fe5e6
We have seen cases where the boot partition is patched, but upon
recovery the partition appears to be corrupted. Open up all
patched files/partitions with O_SYNC, and do not ignore the
errors from fsync/close operations.
Bug: 18170529
Change-Id: I392ad0a321d937c4ad02eaeea9170be384a4744b
At the end of the OTA script, we walk through /system, updating
all the permissions on the filesystem, including the UID, GID,
standard UNIX permissions, capabilities, and SELinux labels.
In the case of a symbolic link, however, we want to skip most of
those operations. The UID, GID, UNIX permissions, and capabilities
don't meaningfully apply to symbolic links.
However, that's not true with SELinux labels. The SELinux label on
a symbolic link is important. We need to make sure the label on the
symbolic link is always updated, even if none of the other attributes
are updated.
This change unconditionally updates the SELinux label on the symbolic
link itself. lsetfilecon() is used, so that the link itself is updated,
not what it's pointing to.
In addition, drop the ENOTSUP special case. SELinux has been a
requirement since Android 4.4. Running without filesystem extended
attributes is no longer supported, and we shouldn't even try to handle
non-SELinux updates anymore. (Note: this could be problematic if
these scripts are ever used to produce OTA images for 4.2 devices)
Bug: 18079773
Change-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91
Create a new recovery UI option to allow the user to view
/cache/recovery/last_log for their device. This gives enhanced
debugging information which may be necessary when a failed
OTA occurs.
Bug: 18094012
Change-Id: Ic3228de96e9bfc2a0141c7aab4ce392a38140cf3
ueventd will wait for /dev/.booting to go away before giving up
on loading firmware.
The issue was introduced in Ifdd5dd1e95d7e064dde5c80b70198882d949a710
which forgot to update recovery's init.rc
Bug: 17993625
Change-Id: I91205fe6eea50aaef9b401d650ec8d6843a92a57
In version 2 of block image diffs, we support a new command to load
data from the image and store it in the "stash table" and then
subsequently use entries in the stash table to fill in missing bits of
source data we're not allowed to read when doing move/bsdiff/imgdiff
commands.
This leads to smaller update packages because we can break cycles in
the ordering of how pieces are updated by storing data away and using
it later, rather than not using the data as input to the patch system
at all. This comes at the cost of the RAM or scratch disk needed to
store the data.
The implementation is backwards compatible; it can still handle the
existing version 1 of the transfer file format.
Change-Id: I4559bfd76d5403859637aeac832f3a5e9e13b63a
