Do not use the implicit cast from unique_fd to int so
that it is clearer to the reader what the ownership model
is.
Test: pass
Change-Id: I66563eb2bd06f6a712a5afd4c6009f9b25a55de6
Do not use the implicit cast from unique_fd to int so
that it is clearer to the reader what the ownership model
is.
Test: pass
Change-Id: Iaf40a6eed3fcfd001651980c865ed5efb85ac0eb
load_sparse_files assumes that the client maintains
the lifetime of the input fd is longer than
the output sparse_file handle.
Bug: 183409401
Bug: 183223098
Test: flash super image
Change-Id: I295b912c665577b5767a133f3148e58a22733998
Added SPDX-license-identifier-Apache-2.0 to:
fastboot/testdata/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: I32847c8706facb4fe46ea8d4d6089a629cee2321
When a user issues `fastboot flash vendor_boot:foo ramdisk.img`, the fastboot driver
fetches the vendor_boot image from the device,
determines if `foo` is a valid vendor ramdisk fragment,
repacks a new vendor boot image, then
flash the vendor boot image back.
This requires vendor boot header V4.
As a convinent alias, `fastboot flash vendor_boot:default ramdisk.img`
flashes the whole vendor ramdisk image. This works on vendor boot header
V3 & 4.
Fixes: 173654501
Test: pass
Change-Id: I42b2483a736ea8aa9fd9372b960502a642934cdc
If fastboot flash vendor_boot:default, only
call has-slot on the first token, and append slot
to the first token only.
Test: fastboot flash vendor_boot:default
Bug: 173654501
Change-Id: I8ff7b3a0bafb964792ab8a788d64d14bc47ae83d
The `fastboot fetch` command is a wrapper around
the fetch protocol. It:
- getvar max-fetch-size
- get the size of the partition
- read the data by chunks, chunk size = max-fetch-size.
The name of the partition is passed directly to the device
(with the usual has-slot magic for flashing etc.) If we support
fetching partitions other than vendor_boot in the future, no change
in the driver is needed.
Bug: 173654501
Test: manual
Change-Id: Ie576eea668234df236b096a372e65c5e91c1e48c
Instead of allocating the buffer for the whole
upload (which can be arbitrary number of bytes as
the device determines), read 1 MiB at a time.
Test: pass
Bug: 173654501
Change-Id: Ib601b0341b10b7dccbb429cd21aad86a2d3bfda8
Refactor UploadInner and add a new RunAndReadBuffer helper function
that handles the generic procedure of:
1. Sending a command
2. Receiving a DATA response with N bytes
3. Receiving another response
Test: pass
Bug: 173654501
Change-Id: I568bea127315e42d8a111c23602fc582e7bc935b
fastboot_buffer owns the fd. Make ImageSource::Open()
returns a unique_fd and pass ownership all the way
down to the fastboot_buffer to avoid leaking fds.
Test: none
Change-Id: I9e7e176fc1da74c532a86d0fdba0113bdc81a166
O_CLOEXEC ensures fastbootd does not leak fds to the parent
process (recovery).
O_BINARY has no effect in Linux, but it is explicit that
the file (partition) to read is a binary file.
Test: pass
Bug: 173654501
Change-Id: Idba922965ce666af1b7ee460ec7449fabd511c35
When Write() is called on data > 256K, the written data
repeats every 256K because of the buggy line in this change.
Test: fastboot fetch vendor_boot.img
Fixes: 180654366
Change-Id: I33b129de27000d3f32f284469998daf540d4f856
Some devices, such as the Essential PH-1, don't have an
updated bootloader and the bootloader is appending an extra
underscore.
This patch works around that issue by sanitizing the slot to be
inline with modern expectations.
Offending commit: 42b18a518b
Most of the commit above is not needed because an underscore + slot
is automatically appended when flashing to a partition. Normally, this
would result in something like boot__b instead of boot_b, where b is the
current slot.
Test: flash an image on mata without specifying slot, boots
Change-Id: Ia0b7cee603a4f9ba2e3a61ce6e369ca8c07a7caf
* Only add owned header directories.
* Do not add extra quotes around -header-filter argument,
or the quotes will be part of the regex and fail to
match header file paths.
Bug: 179530304
Test: make with WITH_TIDY=1
Change-Id: Icea867cb22264fb2dbbff079a1fc914bf48bbdef
SnapshotManager::New() is now preferred in recovery. Previously we used
NewForFirstStageMount(), which is technically incorrect as that enables
code paths specifically for first-stage init.
We also explicitly label the snapuserd context, since rootfs in recovery
has unlabelled files.
Finally, we add a timeout to internal calls to
CreateSnapshotsAndLogicalPartitions. Without this, WaitForDevice() calls
will terminate immediately, which breaks VABC given the more complex
device stacking that is created.
Bug: 168258606
Test: fastboot snapshot-update merge
Change-Id: I3a663b95c0b1eabaf14e6fde409c6902653c3c5e
The pvmfw partition holds the protected VM firmware that is used by
Protected KVM to bootstrap the trust in protected VMs. Teach fastboot
about the partition so it gets flashed with flashall.
pvmfw is an AVB chained partition so is marked as BootCritical to allow
ABL's AVB verification to pass.
Test: tab complete and flashall
Bug: 171280178
Change-Id: Ie4cc478de25a945bc510488d87c2bee3aa5031f2
Right now fs_mgr_overlayfs_teardown() does slightly different things
when called from the userspace or recovery. This is accomplished by many
runtime checks, runtime assumptions and conditional execution of code.
This makes the control flow of the function very hard to follow, and
assumptions becomes more fragile as the function becomes more complex.
This CL forks fs_mgr_overlayfs_teardown() and removes "recovery" bits
from it. A new entry point TeardownAllOverlayForMountPoint() is added
for recovery.
Recovery (fastbootd) should call TeardownAllOverlayForMountPoint() to
teardown overlays of all sources (cache dir, scratch device or DSU).
While fs_mgr_overlayfs_teardown() should only be called from the
userspace.
Also apply some linter suggestions.
Bug: 165925766
Test: adb-remount-test.sh
Change-Id: I7ff7e3409c910782e1ec207fcd02b967a9762bc1
This is a re-landing of the original CL, with a few changes:
- The correct device is now returned in MapUpdateSnapshot.
- The old API is used for tests, and the new API is only tested when
used on a VABC device.
- A sync() call has been added to ensure that writes to the base and
target snapshot devices have been fully flushed. This makes
IsPartitionUnchanged detect the MapUpdateSnapshot bug.
Implement OpenSnapshotWriter for non-compressed Virtual A/B. This is
done by adding an OnlineKernelSnapshotWriter class, which forwards all
writes to a dm-snapshot block device.
This also introduces a new ISnapshotWriter class which extends
ICowWriter, and adds features specific to libsnapshot (versus ICowWriter
which is intended only for the new COW format). The OpenSnapshotReader
call has been moved here since the writer retains all the information
needed to create the reader.
To test the new call, vts_libsnapshot_test has been modified to use
OpenSnapshotWriter.
As part of this change, all consumers of libsnapshot must now link to
libsnapshot_cow.
Bug: 168554689
Test: vts_libsnapshot_test
Test: full OTA with update_device.py
Test: incremental OTA with update_device.py
Change-Id: I90364a58902a4406a37cb14a816642c57a72bec2
Revert "Link to libsnapshot_cow everywhere libsnapshot is linked."
Revert submission 1433573-vab-libsnapshot-linkage
Reason for revert: b/169981170, update crash for droidfooders.
Reverted Changes:
Ie75bba98c:Link to libsnapshot_cow where libsnapshot is linke...
Ieedfadc55:libsnapshot: Partially implement OpenSnapshotWrite...
I28a5d4a88:Link to libsnapshot_cow everywhere libsnapshot is ...
Exempt-From-Owner-Approval: Revert to unblock dogfood
Change-Id: I0677df77672aca9fd54d94e009ac0be7c88a1a9d
When Android userdata partition has been erased in fastbootd, call
oem specific API doOemSpecificErase() to wipe other userdata in
device.
If oem doesn't implement this specific API in fastboot_hal lib,
fastbootd will receive 'NOT_SUPPORTED' return status.
Bug: 169173873
Change-Id: I9b6a5a4aaed31d1168e633418b189f9bb6d34d01
Implement OpenSnapshotWriter for non-compressed Virtual A/B. This is
done by adding an OnlineKernelSnapshotWriter class, which forwards all
writes to a dm-snapshot block device.
This also introduces a new ISnapshotWriter class which extends
ICowWriter, and adds features specific to libsnapshot (versus ICowWriter
which is intended only for the new COW format). The OpenSnapshotReader
call has been moved here since the writer retains all the information
needed to create the reader.
To test the new call, vts_libsnapshot_test has been modified to use
OpenSnapshotWriter.
As part of this change, all consumers of libsnapshot must now link to
libsnapshot_cow.
Bug: 168554689
Test: vts_libsnapshot_test
Change-Id: Ieedfadc557833c1e0540922aabc6e95c80266a64
When user input fastboot erase userdata, need a follow
up oem command to wipe other user data in device.
We support this new postwipedata command in
"fastboot erase userdata" only.
Bug: 150929955
Change-Id: I9b6a5a4aaed31d1168e633418b189f9bb6d34d01
Ignore-AOSP-First: I9b6a5a4aaed31d1168e633418b189f9bb6d34d01
The build system has added the new target named 'linux_cross' which is
the cross-compiled (i.e. arm on x86) host target. libfastboot is now
configured to use usb_linux.cpp not only for linux_glibc (which is the
native host target using glibc), but for all Linux-based host targets
including linux_glibc, linux_bionic, and the new linux_cross.
Note that the device target 'android' is also included in the 'linux'
target. But that doesn't cause a problem because libfastboot is a host
library which is not enabled for the device target.
Bug: 159685774
Test: HOST_CROSS_OS=linux_cross m
out/soong/host/linux_cross-arm64/bin/fastboot
Change-Id: I3a2191b0878a26914cb0282ecf41a45296827c04
The fastbootd over ethernet was implemented with IPv6 link-local
address. An IPv6 address may include many ':'. It will break this fuzzy
test. This new solution uses "tcp:" prefix to identify the fastboot
protocol, like the host fastboot command.
BUG: 157887327
Test: fuzzy_fastboot --serial=tcp:fe80::230:1bff:feba:8128%wlan0 \
--gtest_filter=*Logical*
Bug: http://b/166279510
Change-Id: I8fe7e6e3ade94a26e05a31ac20ed9ab3839dd342
Merged-In: I971fd9e25741e18bf7f5907d562556b09db1d624
Updating language to comply with Android’s inclusive language guidance.
See https://source.android.com/setup/contribute/respectful-code for reference.
Bug: 161896447
Test: Trivial changes
Change-Id: Ia84d47930b5d9ca4a5f7c809777c886bece4f512
If the flashed boot image is smaller than the block device, the AVB
footer will not be at the end of the partition. Although images are
normally created to match the partition size the GKI boot.img must work
on all devices, and the size of the boot partition will vary.
Copy the AVB footer to the end of the partition before flashing, if it
is not there already.
Bug: 159377163
Change-Id: I5a5e25fb54dc9d6a2930fda63434968808ffa1f0
Merged-In: I5a5e25fb54dc9d6a2930fda63434968808ffa1f0
If the flashed boot image is smaller than the block device, the AVB
footer will not be at the end of the partition. Although images are
normally created to match the partition size the GKI boot.img must work
on all devices, and the size of the boot partition will vary.
Copy the AVB footer to the end of the partition before flashing, if it
is not there already.
Bug: 159377163
Change-Id: I5a5e25fb54dc9d6a2930fda63434968808ffa1f0
Status() is called with an empty string to handle `fastboot oem`
commands. This currently emits a set of spaces and sets
last_start_time such that the epilog can track the time spent in this
command. Emitting the spaces is problematic however, since it results
in the follow:
$ fastboot oem device-info
(bootloader) Verity mode: false
(bootloader) Device unlocked: true
(bootloader) Device critical unlocked: true
(bootloader) Charger screen enabled: true
OKAY [ 0.000s]
Finished. Total time: 0.000s
If we skip emitting the spaces, then we get the correct result:
$ fastboot oem device-info
(bootloader) Verity mode: false
(bootloader) Device unlocked: true
(bootloader) Device critical unlocked: true
(bootloader) Charger screen enabled: true
OKAY [ 0.001s]
Finished. Total time: 0.001s
There are no other uses of Status() with an empty string, so this
changes won't impact other commands.
Bug: 158310284
Test: fastboot formats this and other commands correctly.
Change-Id: I6294acefc65a8399160c0944b3fbc2f2ace919ed
The Nexus 7 bootloader just returns the empty string for unknown
variables, which confused the new snapshot code.
Bug: https://issuetracker.google.com/158232468
Test: no Nexus 7 available during covid-19 :-(
Change-Id: I35ff8889b27944e8b7426eca4f513d9fa562c6d4
The fastbootd over ethernet was implemented with IPv6 link-local
address. An IPv6 address may include many ':'. It will break this fuzzy
test. This new solution uses "tcp:" prefix to identify the fastboot
protocol, like the host fastboot command.
BUG: 158040108
Test: fuzzy_fastboot --serial=tcp:fe80::230:1bff:feba:8128%wlan0 \
--gtest_filter=*Logical*
Change-Id: I971fd9e25741e18bf7f5907d562556b09db1d624
It's not possible to programmatically determine which fastboot mode a
device is in, without sending a getvar:is-userspace query. Unfortunately
this is not possible asynchronously, and may interrupt other queries
being processed.
This patch changes fastbootd's USB interface name to "fastbootd". Note
that tools use the protocol number/class and not this string, so it
should be safe to extend. When using "fastboot devices", the interface
name is now listed if set. Note that currently only the Linux version of
the fastboot tool is capable of reading the interface name.
Bug: 156966319
Test: fastboot devices on Linux
Change-Id: I57ccf2bec1dda573fe3ac628a646624b76f45905
The current fastbootd only supports USB protocol. But some Android TV
devices are built without USB port. The fastbootd cannot be used on
those ATV devices due to it.
This change adds TCP protocol for such devices and fastbootd.protocol
property is added to control which protocol to use.
BUG: 152544169
BUG: 155198345
Test: manual test.
Change-Id: Idc391e677eb6a1880036419ba5f6c4160e8dbcbc
Merged-In: Idc391e677eb6a1880036419ba5f6c4160e8dbcbc
If the flashed boot image is smaller than the block device, the AVB
footer will not be at the end of the partition. Although images are
normally created to match the partition size the GKI boot.img must work
on all devices, and the size of the boot partition will vary.
Copy the AVB footer to the end of the partition before flashing, if it
is not there already.
Bug: 156036850
Change-Id: I11f0c7d32d1b6c74edd4f84f815d175605280cb8
Merged-In: I11f0c7d32d1b6c74edd4f84f815d175605280cb8
The current fastbootd only supports USB protocol. But some Android TV
devices are built without USB port. The fastbootd cannot be used on
those ATV devices due to it.
This change adds TCP protocol for such devices and fastbootd.protocol
property is added to control which protocol to use.
BUG: 152544169
Test: manual test.
Change-Id: Idc391e677eb6a1880036419ba5f6c4160e8dbcbc
If the flashed boot image is smaller than the block device, the AVB
footer will not be at the end of the partition. Although images are
normally created to match the partition size the GKI boot.img must work
on all devices, and the size of the boot partition will vary.
Copy the AVB footer to the end of the partition before flashing, if it
is not there already.
Bug: 156036850
Change-Id: I11f0c7d32d1b6c74edd4f84f815d175605280cb8
When merging in recovery, the "imminent data wipe" code was used, which
made the assumption the /metadata and /data state would be zapped. This
caused future OTAs to error because the old snapshots were detected.
This CL allows OTAs to proceed even if unexpected snapshots are present.
It also forces the state to "MergeCompleted" after a merge in recovery,
so that the next normal boot can perform cleanup.
Bug: 155339165
Test: fastboot snapshot-update merge, then take another OTA
vts_libsnapshot_test
Change-Id: Ief6dea3ba76323044e61307272dda320a4494aea
Merged-In: Ief6dea3ba76323044e61307272dda320a4494aea
When merging in recovery, the "imminent data wipe" code was used, which
made the assumption the /metadata and /data state would be zapped. This
caused future OTAs to error because the old snapshots were detected.
This CL allows OTAs to proceed even if unexpected snapshots are present.
It also forces the state to "MergeCompleted" after a merge in recovery,
so that the next normal boot can perform cleanup.
Bug: 155339165
Test: fastboot snapshot-update merge, then take another OTA
vts_libsnapshot_test
Change-Id: Ief6dea3ba76323044e61307272dda320a4494aea
1. delete-logical-partition was deleted
- After merge "Don't require bootloader fastboot for VTS compliance." commit, delete-logical-partition sequence was deleted in LogicalPartitionCompliance test. "create-logical-partition failed" is occurred when run vts fastbootverification module. So restore this sequence.
Test: run vts -m VtsFastbootVerification
Bug: 153913610
Signed-off-by: Yongcheol LEE <yongcheol09.lee@lge.com>
Change-Id: I00366b281eafa5677b0941419a86f2702fb3484b
Merged-In: I00366b281eafa5677b0941419a86f2702fb3484b
libsnapshot* uses update_metadata-protos. This
used to be optimized out, but now that SnapshotManager is
virtual, CreateUpdateSnapshots can no longer be optimized out.
Bug: 148956645
Test: compiles
Change-Id: Ib67cafd156308bf5a477996ec32eb786f8e896db
Bug: 151896491
Test: local build
Exempt-From-Owner-Approval: This CL moves all tests in vts-core to vts.
It won't change test logic or behavior.
Change-Id: I24779951257ce37fc18929f214d3cf5f76c23a19
Merged-In: I24779951257ce37fc18929f214d3cf5f76c23a19
Bug: 151896491
Test: presubmit check
Exempt-From-Owner-Approval: This CL renames suite name vts-core to vts.
It won't change test logic or behavior.
Change-Id: I24779951257ce37fc18929f214d3cf5f76c23a19
This code path is effectively dead in adbd, and fastboot's dependency on
libadbd makes it hard to refactor adbd's dependencies.
Bug: http://b/150317254
Test: built and flashed aosp_walleye-eng
Change-Id: I5118136d32fdcbbd011559ed0a4a71e1dc7bf064
Merged-In: I5118136d32fdcbbd011559ed0a4a71e1dc7bf064
(cherry picked from commit 0871824de6)
There is a chance that devices are failing to reboot in the lab due to
sync() taking explicitly long during reboot. Let's add the sync()'s
here to ensure they get accounted for in the flashing process.
A side benefit is it's likely safer to sync immediately after
flashing than to hope init does it during reboot.
Bug: 150863651
Test: flash local devices successfully
Change-Id: I4c4b0114f3cde8af4b8b2cb283ec21f869ef9f6f
This code path is effectively dead in adbd, and fastboot's dependency on
libadbd makes it hard to refactor adbd's dependencies.
Bug: http://b/150317254
Test: built and flashed aosp_walleye-eng
Change-Id: I5118136d32fdcbbd011559ed0a4a71e1dc7bf064
Support v3 header format when changing the command line with
fastboot boot or using flash:raw.
Bug: 151750405
Test: fastboot boot and flash:raw with updated cmdline and v3 header
Merged-In: Ibf396e2d18d8b22cad50db290f3fd4e46ff85d9b
Change-Id: Ibf396e2d18d8b22cad50db290f3fd4e46ff85d9b
Support v3 header format when changing the command line with
fastboot boot or using flash:raw.
Bug: 151750405
Test: fastboot boot and flash:raw with updated cmdline and v3 header
Change-Id: Ibf396e2d18d8b22cad50db290f3fd4e46ff85d9b
1. delete-logical-partition was deleted
- After merge "Don't require bootloader fastboot for VTS compliance." commit, delete-logical-partition sequence was deleted in LogicalPartitionCompliance test. "create-logical-partition failed" is occurred when run vts fastbootverification module. So restore this sequence.
Signed-off-by: Yongcheol LEE <yongcheol09.lee@lge.com>
Test: VTS
Test: run vts -m VtsFastbootVerification
Change-Id: I00366b281eafa5677b0941419a86f2702fb3484b
Using FastbootDevice::GetCurrentSlot to get the current slot suffix
instead of reading the same from the device's boot control HAL
is required to account for the prior set_active commands issued via
fastbootd in the same boot.
Test: fuzzy_fastboot
--gtest_filter=Conformance.Slots:Conformance.SetActive --gtest_repeat=10
Bug: 146589281
Change-Id: I2edb0f024d93c2483659623423ef5c69c717c7af
Merged-In: I2edb0f024d93c2483659623423ef5c69c717c7af
Using FastbootDevice::GetCurrentSlot to get the current slot suffix
instead of reading the same from the device's boot control HAL
is required to account for the prior set_active commands issued via
fastbootd in the same boot.
Test: fuzzy_fastboot
--gtest_filter=Conformance.Slots:Conformance.SetActive --gtest_repeat=10
Bug: 146589281
Change-Id: I2edb0f024d93c2483659623423ef5c69c717c7af
Some output of `fastboot getvar` exceeds current message size.
Increases the message size to 256 to fix the issue.
Bug: 74445765
Bug: 144473561
Test: fastboot getvar system-fingerprint
Change-Id: Id5064be4bb500697ce87c473f662d86c7c344d65
Exporting more properties that can be useful for image compatibility
check, prior to run fastboot flash.
Bug: 74445765
Bug: 144473561
Test: fastboot getvar <new variable>
Change-Id: I2ddfa2c1e9e719e05a3a64b9ca1d608957aebf11
This is for the test to run without packaging libc++.so in vts-core
suite.
Bug: 147249791
Test: atest FastbootVerifyUserspaceTest
Change-Id: I0263d13a2dd08186502b30b2fad25d4f0f3a6be8
The binary is required by FastbootVerifyUserspaceTest.
Disable test config generation as fuzzy_fasboot itself is not part of
vts-core suite.
Bug: 147249791
Test: atest FastbootVerifyUserspaceTest
Change-Id: Ief86f33b41990a354497b128e154da04fec58ae9
fs_mgr_overlayfs needs access to /metadata to tell whether or not the
scratch partition exists on /data.
Bug: 134949511
Test: adb remount, fastboot flash system
Change-Id: I3a09aae495d691e9c1a1e25a8fb3514e355ecd05
CPU ABI info, e.g., arm64-v8a, can be useful to determine image
compatibility, prior to flash. Adding this info in fastbootd.
Bug: 74445765
Test: fastboot getvar cpu-abi # arm64-v8a
Change-Id: Ied494b646c551320295956b7890c0102fdb88382
When a snapshot is applied or is merging, requests to erase or flash
userdata, metadata, or misc must be protected. In addition, the
set_active command must be restricted when a merge is in progress.
In addition, introduce a "snapshot-update merge" command for assisting
with erase requests when a merge is in progress. As in recovery, this
will force a merge to complete.
Bug: 139154945
Test: apply update
fastboot erase userdata
fastboot erase metadata
fastboot erase misc
fastboot set_active
Change-Id: I152446464335c62c39ffb4cc6366be9de19eac30
This introduces two new commands to the fastboot protocol:
- getvar snapshot-update-status - Return "none", "snapshotted", or
"merging" depending on the current status set by the boot control
HAL.
- snapshot-update [cancel] - Cancel any pending snapshot-based updates
via the boot control HAL. After this, the HAL should return
MergeStatus::CANCELLED and "update-merge-status" should be "none".
If no argument is specified, the snapshot-update-status is returned
via an INFO response.
Bootloaders are expected to implement this in a manner consistent with
the boot control HAL.
Fastboot-based tooling should expect wipes of userdata to fail when
update-merge-status returns "merging". Thus, the force flag now cancel
any pending snapshots.
Bug: 139154945
Test: fastboot getvar snapshot-update-status
fastboot snapshot-update cancel
fastboot snapshot-update
Change-Id: Idc423fe7656b212e929e64eb0e6b85b453e0e8dc
If top-level vbmeta struct is in 'boot' partition,
the "flags" element offset of top-level vbmeta header
from the beginning of boot partition is 123 plus
top-level vbmeta offset recorded in the boot image footer.
Bug: 139639521
Test: m fastboot
Test: fastboot --disable-verification flashall
Test: fastboot --disable-verification flash boot boot.img, checks the
flag isn't changed if the device has vbmeta partition
Test: fastboot --disable-verification flash vbmeta vbmeta.img
Change-Id: Ibf73c9330639e971ee3873ac19f072cf7baed55b
load_buf_fd() attempts to find the size of the file that it is about
to load by first calling sparse_file_import_auto() then using
sparse_file_len() upon success or falling back to the file size on the
filesystem on failure.
This is problematic however as sparse_file_import_auto() creates a
sparse_file out of the normal file, but does not resparse it, so an
assertion fails during the sparse_file_len() call.
This is fixed by using sparse_file_import() instead. This will fail
in the case that the file is not sparse and the call to
sparse_file_len() will be properly skipped.
Bug: 140538105
Test: flash blueline factory image with assertions enabled in
libsparse/sparse.cpp
Change-Id: I0283be33563a3301ce5b09bde41105a20f91086c
Skip importing COW group because they are dynamically
created by OTA clients and will never show up in built
images.
Test: flash
Change-Id: I44e7693cfb4c15e64455b56212a02f9abde88d61
Since these were combined into libhidlbase.
Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I0bdffced6af52695c0ef98c9dd659348e56f7aa6
We must initialize UploadInner dsize value to 0, in case
stuck in ReadBuffer when receive DATA packet which dsize
is 0 or non DATA type packet. This will lead to fastboot
hang up unless USB unplugged.
Change-Id: I1e9752585c3d1013b1b1da38ead9ba4c532c2d34
Signed-off-by: qiwu chen <qiwuchen55@gmail.com>
originally if wants_wipe=true, program will erase and format partitions,
but after fb->Erase(), partition type should be raw(all 0xFFs),
then following fb_perform_format() will miss its original partition_type
Now we call fb_perform_format() with original fs type to keep the
partition consistent after wiping.
Change-Id: Ic778850588d5dd6fee23169d20c26bcbaa510627
When flashing or resizing partitions, remove the
LP_PARTITION_ATTR_UPDATED flag. This will cause first-stage init to skip
any snapshots for that partition, and the backing storage (if any)
will later be reclaimed.
Bug: 139155473
Test: manual test
Change-Id: I3b185f68dfecb5a93636af0b5ae289ead1363fd0
The vendor_boot partition has been created, so add it to the list of
images which may be flashed.
Bug: 137297791
Change-Id: I27eaa16656a83dbcb8289680844bf58dd1fccf24
Introduce a parameter struct to eliminate parameter explosion, and refactor
existing callers to use the new helper.
Test: manual test
Bug: 135752105
Change-Id: I0c5ebe4e084ad7503c2ac6c65886a71505d50d00
This is no longer needed as CreateLogicalPartition() ensures the
obtained path will not race with device deletion.
Bug: 135771280
Test: device builds, flashes
Change-Id: I821290aa08fede99d5c51cd68681c351a1ea97bc
Update adb, fastboot and mount point
Bug: 134359158
Test: build and check if system_ext.img can be flashed
Change-Id: I6219f72242c5fe42a508008c0b1fd218d74da5b6
Usage: fastboot wipe-super [super_empty.img]
This command will read the given super_empty.img (using the default one
in ANDROID_PRODUCT_OUT if not specified), and flash by generating a
temporary super.img with no partition data. This command will even work
on retrofit devices.
This command is intended to be used either during device bringup or with
scripts that will manually flash individual dynamic partitions, in place
of using "fastboot flashall".
Bug: 136282057
Test: fastboot wipe-super on retrofit and non-retrofit device
Change-Id: Icab368a63ff36fcce9ac9304eb3966dd38bd78c4
These tend to get manually, so let's promote to actual helpers.
Bug: 134536978
Test: liblp_test gtest
Change-Id: Ifb79c8d6f247cc3f9635bf6adfd1c99907340002
We recently changed 'xfer' to a size_t, so update the DBG format
accordingly. We also fix a long standing issue with format for
the unsigned 'read'.
Test: TreeHugger
Change-Id: I3dc5f26a033fea64119016802bc9cdb54bbb7b52
Read function exits before reading all requested bytes. Fix that by
looping until the len requested is completed.
This will fix the issue execting get_staged command for a staged image
bigger than 1MB
Test: fastboot get_staged file.txt
Change-Id: Ic70ab48f3a8c8d78c225db638892501d4dc20b13
Signed-off-by: Fernando Lugo <flugo@google.com>
non-aio USB read function was stuck in a loop waiting for more data
because data length parameter is always set 64 for fastbootd commands.
It should be a normal case to get less data than expected
since lengths of these commands are usually less than 64.
Add logic to check this and one more parameter to distinguish
fastbootd from general adbd case.
Bug: 133189029
Test: try various fastbootd commands
Change-Id: I6690324840d78f3f1e04235040301520329976db
Merged-In: I6690324840d78f3f1e04235040301520329976db
Currently, during a 'fastboot flashall/fastboot update', the 'getvar
max-download-size' command is issued once to the device when it is in
bootloader mode and the same value is used even after the device boots
into fastbootd. If the max-download-size returned by bootloader is
greater than the max-download-size in fastbootd, this could break flash
as large images are broken down into chunks before downloading by using
the max-download-size variable. This will cause fastbootd to return
an error since it checks whether the buffer being downloaded has a size
greater than the max-download-size limit.
Test: fastboot flashall
Bug: 536870912
Change-Id: Ife7c1ec0583d80d4a31ecf01f1fc14a8365afe0d
We can't create interface iterators for all devices (e.g. the keyboard,
touchbar, etc.), so we get multiple instances of this log spam on every
command.
Demote it to a warning that only shows up on debug builds.
Test: none
Change-Id: I20581b9134c05360d5723b09ffe8de8c4cfd6a3f
Switch FindEntry and the ZipString constructor to std::string_view. This
lets us accept an over-long name so that we can reject it as too long.
Also fastboot changes to track the API change.
Bug: http://b/129068177
Test: treehugger
Change-Id: I7df7acd1fe2c46380b789c25f8909e0553e2d55e
Currently if the device is unplugged from host,
there is a lot of log spamming since fastbootd
does not not recognize that the device has been
disconnected and keeps trying to read/write to the
device.
2856 printk messages dropped ** [ 169.941904] c7 579 fastbootd: aio: got error event on
read total bufs 1: No such devie
** 2960 printk messages dropped ** [ 169.953328] c7 579 fastbootd: Fastboot command:
** 2074 printk messages dropped ** [ 169.961355] c7 579 fastbootd: aio: got error event
on read total bufs 1: No such devie
Bug: 121333158
Test: unplug device and check for log spam multiple times
Change-Id: I1d4c6f48f34e313c5ebce23d62a4fe6a6373f94f
Vendor must be a logical partition and boot must not be a logical
partition.
Test: fuzzy_fastboot --gtest_filter=*Logical*
Bug: 117220134
Change-Id: Ifc6f2f715ca92cd1fe779e8fce2d6a10a1f140b9
This is required for read() to function correctly
in Windows since it behaves differently in text mode and
binary mode and may cause unpredictable behavior depending
on the contents of the image file.
Bug: 129281908
Test: fastboot.exe flashall
Change-Id: I64370af44a050bafea60ff1b0b2be18cc531480a
The function do_for_partitions() takes a const std::string
reference, so it's inefficient to pass a std::string::c_str().
Test: TreeHugger
Change-Id: Ia84ed9ec691ee2f524c61dd25a81b2995bb0bb33
As part of a refactor, commit db511207ed
added a timeout for receving responses for commands. Unfortunately,
the timeout is optimistic as to how quickly target devices can complete
such operations. Flash and erase commands can be quite slow on devices
with traditional flash chips. The fastboot protocol is already adept
at handling such cases because it allows for sending INFO packets during
these periods. We may receive one or more INFO packets during tehse long
operations. Every time we receive an INFO packet, it proves the remote
end is alive, but busy, which should reset our timeout timer.
Change-Id: Ia3bba21c497b22639b626d89711ecd4eb02504ed
Signed-off-by: Dima Zavin <dmitriyz@waymo.com>
Previously, system_clock was used for remote command timeouts
which can get disturbed by NTP adjustments (jumps).
Change-Id: I0ffc159bf34d12e8d3713044524114d60a6a45ca
Signed-off-by: Dima Zavin <dmitriyz@waymo.com>
This command erroneously reports that no GSI is installed, because
/metadata is not mounted in recovery. To address this, temporarily mount
/metadata when the gsi command is invoked.
Bug: 122556707
Test: fastboot gsi disable
fastboot gsi wipe
Change-Id: Ib21971b49b46fd580b902ff75f01cfb96192afc0
And deprecate one more old style function that is not used after this
change.
Test: boot, disable and enable verity
Change-Id: Id509f479850120352b4ea4dc3b6c40f6e8e2e53e
New arguments 'dtb' and 'dtb-offset' have been added to
support boot image header version 2 for the 'fastboot boot'
and 'fastboot flash:raw boot' commands.
Test: fastboot boot Image.lz4 --dtb <dtb_path> --header-version 2
Test: fastboot flash:raw boot Image.lz4 --dtb <dtb_path>
--header-version 2
Bug: 111136242
Change-Id: Idf5c2eb138609dc7e915e80c4db64677c89f24b6
Note: this only removes the bootable marker, since we're unable to
remove the userdata files within recovery.
Bug: 121210348
Test: fastboot gsi wipe
fastboot gsi disable
Change-Id: I64fe848c787d426ae9d18a1557a9d6b340bfc2cf
On non-DAP devices, fastboot flash <partition> will spam error messages
about not being able to read super_empty.img. We should check that
super_empty.img exists before trying to read it.
Bug: 120429424
Test: fastboot flash system on non-DAP device
Change-Id: I6c4eec19cb3ef8d24595a75e072e1d75baaa8cdd
When the update-super command is issued, we want overlayfs overrides
to disappear without a doubt, which includes non-A/B utilizing
/cache/overlay/ tree. Call fs_mgr_overlayfs_teardown() on successful
return.
Test: adb-remount-test.sh
Bug: 120034852
Change-Id: Ia5cdb797f7e8350b5591a51fc8ae5f323901aee4
On retrofit devices, if both slots contain dynamic partition builds,
then "flashall" will attempt to write secondary images to dynamic
partitions in the other slot. At worst, this can fail with an error. At
best, it will result in the "other" partition not being mounted on first
boot.
This patch therefore deletes logical partitions for secondary images, on
retrofit devices only. On a Pixel device on the "b" slot, this means
"system_a" and "vendor_a" will be deleted before flashing, and therefore
system_other and vendor_other will be flashed to physical partitions
instead.
Bug: 120034852
Test: fastboot set_active a
fastboot flashall
fastboot set_active b
fastboot flashall
Change-Id: I6affe9a6c639b0495bffc77fcf20f329b86ad159
When checking for existence of "super_empty.img" to determine if
flash image product set is meant for logical partitions, we die if
ANDROID_PRODUCT_OUT environment is unset or empty. This check
is done before we look at the flash image name to determine if it
is a candidate to look at the logical metadata.
Instead, allow this check to conservatively fail for now.
Test: export ANDROID_PRODUCT_OUT=
fastboot flash bootloader
Bug: 120041144
Change-Id: I43f124015f9d26c79a0feb9123522432fe937343
Merged-In: I43f124015f9d26c79a0feb9123522432fe937343
Retrofit devices will have two super partitions, spanning the A and B
slots separately. By design an OTA will never cause "A" or "B"
partitions to be assigned to the wrong super. However, the same is not
true of fastbootd, where it is possible to flash the inactive slot. We
do not want, for example, logical "system_a" flashing to super_b.
When interacting with partitions, fastbootd now extracts the slot suffix
from a GetSuperSlotSuffix() helper. On retrofit devices, if the partition
name has a slot, that slot will override FastbootDevice::GetCurrentSlot.
This forces partitions in the inactive slot to be assigned to the correct
super.
There are two consequences of this. First, partitions with no slot
suffix will default to the current slot. That means it is possible to
wind up with two "scratch" partitions, if "adb remount" is used on both
the "A" and "B" slots. However, only the active slot's "scratch" will be
visible to the user (either through adb or fastboot).
Second, if one slot does not have dynamic partitions, flashing will
default to fixed partitions. For example, if the A slot is logical and B
is not, flashing "system_a" will be logical and "system_b" will be
fixed. This works no matter which slot is active. We do not try to
upgrade the inactive slot to dynamic partitions.
Bug: 116802789
Test: fastboot set_active a
fastboot flashall # dynamic partitions
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # false
fastboot set_active b
fastboot flashall --skip-secondary
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # true
Booting both slots works.
Change-Id: Ib3c91944aaee1a96b2f5ad69c90e215bd6c5a2e8
On retrofit devices, it is easy to accidentally overwrite
system/vendor/product by flashing system in the bootloader. The reason
is that GPT system_a is really the super partition, and the bootloader
doesn't know it.
Addressing this in bootloaders would require two separate commands: one
that rejects flashing system/vendor/product, and another for
expert/factory use that would allow direct flashing.
This patch introduces protection into the host fastboot tool instead.
It's not mutually exclusive with bootloader changes; having protection
in the host tool affords us better and consistent UI. However it does
rely on users having newer builds.
With this change, the following will not work in the bootloader:
fastboot flash system # or vendor, product, etc
The message is the same whether or not the device is a retrofit. To
continue anyway, you can do:
fastboot flash --force system
If we decide on bootloader protection as well, the --force flag can be
re-used.
Bug: 119689480
Test: fastboot flash system # disallowed in bootloader, allowed in fastbootd
fastboot flash --force system # allowed in bootloader
Change-Id: I0861e3f28a15be925886d5c30c7ebd4b20c477cf
Removes a few more Android.mk files.
Test: check for adb, mkbootfs, and fastboot in the build artifacts
Change-Id: Ie4e50a363a734d0b9207f0d0098c54719f038e76
Similar to the change to adb in Id26760bc62c89a1f7ef67511b21f9d9252ab69f3,
pin the interface version to IOUSBFamily 5.0.0.
Bug: 119264733
Test: Manual
Change-Id: Ied9164532c0ba6f20415dafecb0c774578aa5c57
This patch adds a new variable, "super-partition-name", to query the
name of the super partition (with a slot suffix if it has one). The
fastboot flashing tool has been updated to query this variable.
Since the super partition name can no longer be determined without
fastbootd, the presence of super_empty.img is used to test for
dynamic partition support rather than the presence of a super partition.
Bug: 116802789
Test: fastboot flashall on retrofit device
Change-Id: If830768eba6de7f31ac3183c64167fae973c77a4
When updating the super partition, attempt to preserve partitions from
the other slot. If any partition can't be preserved, fail and require a
wipe (-w) to proceed. This allows two bootable builds to be flashed to
both slots.
The preserve operation can fail if the metadata is not compatible with
the old partition layout. For example, if the partition references a
group that no longer exists, or a group changed its capacity, or the
metadata's block device list or list contents changed.
Bug: N/A
Test: liblp_test gtest
fastboot flashall --skip-secondary
Change-Id: I53fdd29bc1f0ef132005a93d3cf1cdcd7f2fc05f
Without this, it is much more difficult to ensure that the "a" and "b"
slots are both bootable during development. We already update all
metadata slots for update-super, so we should here as well.
Bug: N/A
Test: fastboot flashall
fastboot set_active other
fastboot flashall
Change-Id: Ib661e35fa89171a68a0b1da195dc5ba0375d72e4
Arrange to delete the overlayfs backing when a specified partition
has been flashed.
Test: manual
Bug: 109821005
Bug: 117605276
Change-Id: I1c6a0341c6cd2ecfbb7c71bec5679a74d579aadd
The purpose of this code was to support preserving partitions across a
flashall operation. Since we are not supporting persistent read-write
partitions, this merging code is effectively useless - it is preserving
only partitions that will be deleted.
Additionally, this code does not merge partition group changes, since
doing so accurately is difficult. Partition size changes aren't sent
until after update-super resolves, so a valid re-grouping could be
rejected during update-super if the existing partitions are too big.
This patch removes the update-super merging code until a use case comes
along and we can properly evaluate how it should work.
Bug: N/A
Test: fastboot flashall
Change-Id: I1d622b23dabdf031897be9de49f59fc8cf3caf3b
The libziparchive public headers that refer to `off64_t` also need the
Mac workaround.
In fastboot, there's a stray `lseek64` but since it's only for offset 0,
any kind of seek is fine.
Bug: N/A
Test: builds
Change-Id: I68b4f95202623ebf07ffe6c3e0e21437e7922c5b
If an image size changes slightly in between "flashall" and some change
in the build, it's inconvenient to have to reflash the whole device again.
This patch resizes partitions when using a normal flash command, to
improve the developer workflow.
Bug: N/A
Test: fastboot flash system
Change-Id: I349364a4742a0c15748f545fcfda946107720d45
After rebooting to userspace fastboot, the first command issued is
"update-super". If we wound up in the bootloader by accident (as
happened to a few users with a busted vbmeta_system), the resulting
error message will be very misleading ("update-super" will be an
unrecognized command).
Instead, this patch explicitly errors if we did not successfully boot
into fastbootd.
Bug: N/A
Test: fastboot flashall
Change-Id: I7d5bd64db540978bd0bae884f40ce8c3df48f856
This allows us to remove libziparchive's dependency on libutils.
Bug: http://b/79112958
Test: ran libbase and libziparchive tests, ran fastboot manually
Change-Id: I95c651976dad222863e5b8c37d4514b778f5dce7
Cleanup to utilize all the manifest values in constants.h.
If the cli command _and_ the protocol name match, use a common
source of convenient truth. This should set a pattern for future
additional commands. When the command and the protocol differ,
we want to introduce resistance as it results in confusion and
maintenance issues.
Test: compile
Change-Id: Idad413c63cbbfcb6e851856105a5d5a9ef53ef29
Bug: 78793464
Test: fastboot flashall
Sparse images with CRC are not supported by the Android build
system and hence the calculated CRC is unused.
Change-Id: Ia48b2f7e29f2adea26d185c5a8f2337c4cbe6dcb
Boot control HAL implementations will return the current boot
slot as the active slot. If a set_active command is issued on another
slot, it should be considered as the new active slot and subsequent
flashes should flash the same.
Test: fastboot set_active "b", fastboot getvar current-slot
Bug: 78793464
Change-Id: Ida3817670de8e74a7d7ae2a905e7ac1756c6bdf1