summaryrefslogtreecommitdiffstats
path: root/install.h (unfollow)
Commit message (Collapse)AuthorFilesLines
2019-03-29Move install to separate modulexunchang1-71/+0
Build libinstall as a shared library. Also drop the dependency on the global variables in common.h. Test: unit tests pass, sideload an OTA Change-Id: I30a20047768ce00689fc0e7851c1c5d712a365a0
2019-03-12Use the package class for wipe packagesxunchang1-1/+1
The wipe package used to open the zip file directly from the content string. Switch to use the interface from the new package class instead. Bug: 127071893 Test: unit tests pass Change-Id: I990e7f00c5148710722d17140bab2e343eea3b6b
2019-03-11Create a wrapper class for update packagexunchang1-3/+5
Creates a new class handle the package in memory and package read from fd. Define the new interface functions, and make approximate changes to the verify and install functions. Bug: 127071893 Test: unit tests pass, sideload a package Change-Id: I66ab00654df92471184536fd147b237a86e9c5b5
2019-03-07Add a new entry in wipe package to list all wipe partitionsxunchang1-0/+4
This gives us finer control over the partitions to wipe on the host side. Bug: 127492427 Test: unit tests pass, install a wipe package on sailfish Change-Id: I612f8bac743a310f28e365b490ef388b278cfccb
2018-10-31Refactor the code to check the metadataTianjie Xu1-3/+15
The two functions check_wipe_package() and check_newer_ab_build() were using the same flow; and checked the same device properties against the metadata file in the package. These properties include: ota_type, pre-device, and serial number. Therefore, we can consolidate the checks to a single function; and continue to check the fingerprint and timestamp only for AB updates. This change also addresses the need to accept multiple serial number in the wipe package. Bug: 118401208 Test: unit tests pass Change-Id: Ia6bc48fb6effcae059a2ff2cf71764b4136b4c00
2018-09-12Allow switch to fastbootd when userdata wipe is requiredHridya Valsaraju1-2/+9
Bug: 114065789 Test: Able to use 'adb reboot fastboot' to switch to fastboot from recovery when a userdata wipe is required to boot. Change-Id: Ice6950444656f8d8857808531af030078f544b88
2018-04-26Rename CacheLocation to Paths.Tao Bao1-2/+5
We have a general need for overriding more paths (e.g. "/tmp"), mostly for testing purpose. Rename CacheLocation to Paths, and use that to manage TEMPORARY_{INSTALL,LOG}_FILE. Test: mmma -j bootable/recovery Test: recovery_component_test Change-Id: Ia8ce8e5695df37ca434f13ac4d3206de1e8e9396
2017-05-01recovery: Change install_package() to take std::string.Tao Bao1-6/+5
Also change the parameter type for log_buffer from reference to pointer, so the styles for parameters look consistent. Test: mmma bootable/recovery Test: sideload a package with the new recovery image Change-Id: I8f25580ccf22977624648b3e2181cca44dd67c1b
2017-04-13Verify the package compatibility with libvintf.Tao Bao1-0/+4
verify_package_compatibility() is added to parse the compatibility entry (compatibility.zip) in a given OTA package. If entry is present, the information is sent to libvintf to check the compatibility. This CL doesn't actually call libvintf, since the API there is not available yet. Bug: 36597505 Test: Doesn't break the install with existing packages (i.e. w/o the compatibility entry). Test: recovery_component_test Change-Id: I3903ffa5f6ba33a5c0d761602ade6290c6752596 (cherry picked from commit 62e0bc7586077b3bde82759fb34b51b982cea20f)
2017-04-12Verify the package compatibility with libvintf.Tao Bao1-0/+4
verify_package_compatibility() is added to parse the compatibility entry (compatibility.zip) in a given OTA package. If entry is present, the information is sent to libvintf to check the compatibility. This CL doesn't actually call libvintf, since the API there is not available yet. Bug: 36597505 Test: Doesn't break the install with existing packages (i.e. w/o the compatibility entry). Test: recovery_component_test Change-Id: I3903ffa5f6ba33a5c0d761602ade6290c6752596
2016-11-03Revert "Revert "Some cleanups to recovery.""Tao Bao1-2/+1
This reverts commit 8584fcf677dd45b30121bd0490b06297e6be1871. This CL re-lands commit c0319b60f56d445c2d1c74f551e01f069b028fe6. The "stage" and "reason" variables are now declared as global by dropping the static qualifier, because they may be used by vendor recovery libraries. Test: lunch aosp_angler-userdebug; mmma bootable/recovery Test: lunch aosp_dragon-userdebug; mmma bootable/recovery Change-Id: I252c346f450079478cff22bbff01590b8ab2e2b3
2016-10-27Revert "Some cleanups to recovery."Dan Albert1-1/+2
This reverts commit c0319b60f56d445c2d1c74f551e01f069b028fe6. Reason for revert: Broke builds. Change-Id: I82aa880b83de5ae6c36fd7567cb001920559a972
2016-10-26Some cleanups to recovery.Tao Bao1-2/+1
- Remove the duplicate gCurrentUI variable in recovery.cpp; - Refactor the load/save of locale functions; - Clean up ui_print() to get rid of 256-byte buffer limit; - Declare ui in common.h; - Move the typedef of Volume into roots.h. Test: Build and boot into recovery image. Change-Id: Ia28c116858ca754133127a5ff9c722af67ad55b7
2016-10-19Verify wipe package when wiping A/B device in recovery.Yabin Cui1-7/+10
To increase the security of wiping A/B devices, let uncrypt write wipe package in misc partition. Then recovery verifies the wipe package before wiping the device. Based on the original cherrypick, this CL also has additional changes to address the LOG statements and libziparchive changes. Bug: 29159185 Test: Build and boot into recovery. Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168 (cherry picked from commit 6faf0265c9b58db2c15b53f6d29025629d52f882)
2016-06-21Verify wipe package when wiping A/B device in recovery.Yabin Cui1-7/+10
To increase the security of wiping A/B devices, let uncrypt write wipe package in misc partition. Then recovery verifies the wipe package before wiping the device. Bug: 29159185 Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168
2016-05-20Allow recovery to return error codesTianjie Xu1-2/+2
Write error code, cause code, and retry count into last_install. So we can have more information about the reason of a failed OTA. Example of new last_install: @/cache/recovery/block.map package name 0 install result retry: 1 retry count (new) error: 30 error code (new) cause: 12 error cause (new) Details in: go/android-ota-errorcode Bug: 28471955 Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
2016-03-10Reboot and retry on I/O errorsTianjie Xu1-1/+2
When I/O error happens, reboot and retry installation two times before we abort this OTA update. Bug: 25633753 Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69 (cherry picked from commit 3c62b67faf8a25f1dd1c44dc19759c3997fdfd36)
2016-03-03Reboot and retry on I/O errorsTianjie Xu1-1/+2
When I/O error happens, reboot and retry installation two times before we abort this OTA update. Bug: 25633753 Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
2016-02-23recovery: check battery level before installing package.Yabin Cui1-1/+1
Bug: 26879394 Change-Id: I63dce5bc50c2e104129f1bcab7d3cad5682bf45d (cherry picked from commit 53e7a0628f4acc95481f556ba51800df4a1de37d)
2016-02-20recovery: check battery level before installing package.Yabin Cui1-1/+1
Bug: 26879394 Change-Id: I63dce5bc50c2e104129f1bcab7d3cad5682bf45d
2015-03-25Factor out option variables from int to bool typesTao Bao1-1/+1
Change-Id: Ia897aa43e44d115bde6de91789b35723826ace22
2014-07-02sideload without holding the whole package in RAMDoug Zongker1-1/+1
Implement a new method of sideloading over ADB that does not require the entire package to be held in RAM (useful for low-RAM devices and devices using block OTA where we'd rather have more RAM available for binary patching). We communicate with the host using a new adb service called "sideload-host", which makes the host act as a server, sending us different parts of the package file on request. We create a FUSE filesystem that creates a virtual file "/sideload/package.zip" that is backed by the ADB connection -- users see a normal file, but when they read from the file we're actually fetching the data from the adb host. This file is then passed to the verification and installation systems like any other. To prevent a malicious adb host implementation from serving different data to the verification and installation phases of sideloading, the FUSE filesystem verifies that the contents of the file don't change between reads -- every time we fetch a block from the host we compare its hash to the previous hash for that block (if it was read before) and cause the read to fail if it changes. One necessary change is that the minadbd started by recovery in sideload mode no longer drops its root privileges (they're needed to mount the FUSE filesystem). We rely on SELinux enforcement to restrict the set of things that can be accessed. Change-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114
2012-08-23add simple text to recovery UIDoug Zongker1-1/+1
- recovery takes a --locale argument, which will be passed by the main system - the locale is saved in cache, in case the --locale argument is missing (eg, when recovery is started from fastboot) - we include images that have prerendered text for many locales - we split the background states into four (installing update, erasing, no command, error) so that appropriate text can be shown. Change-Id: I731b8108e83d5ccc09a4aacfc1dbf7e86b397aaf
2011-10-31turn recovery into a C++ binaryDoug Zongker1-0/+8
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555
2011-10-28turn recovery into a C++ binaryDoug Zongker1-0/+8
Change-Id: I68a67a4c8edec9a74463b3d4766005ce27b51316
2011-10-19allow recovery packages to wipe cacheDoug Zongker1-1/+5
updater now has a function "wipe_cache();" which causes recovery to wipe the cache partition after the successful installation of the package. Move log copying around a bit so logs and the last_install flag file are copied to cache after it's wiped. Bug: 5314244 Change-Id: Id35a9eb6dcd626c8f3a3a0076074f462ed3d44bd
2009-03-04auto import from //depot/cupcake/@135843The Android Open Source Project1-0/+25
2009-03-04auto import from //depot/cupcake/@135843The Android Open Source Project1-25/+0