diff options
Diffstat (limited to 'recovery.cpp')
-rw-r--r-- | recovery.cpp | 178 |
1 files changed, 144 insertions, 34 deletions
diff --git a/recovery.cpp b/recovery.cpp index 45a6fe90c..6989fe00d 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -45,6 +45,7 @@ #include <android-base/stringprintf.h> #include <android-base/strings.h> #include <android-base/unique_fd.h> +#include <bootloader_message/bootloader_message.h> #include <cutils/android_reboot.h> #include <cutils/properties.h> #include <healthd/BatteryMonitor.h> @@ -54,7 +55,6 @@ #include <selinux/selinux.h> #include "adb_install.h" -#include "bootloader.h" #include "common.h" #include "device.h" #include "error_code.h" @@ -63,6 +63,7 @@ #include "install.h" #include "minui/minui.h" #include "minzip/DirUtil.h" +#include "minzip/Zip.h" #include "roots.h" #include "ui.h" #include "screen_ui.h" @@ -83,10 +84,17 @@ static const struct option OPTIONS[] = { { "shutdown_after", no_argument, NULL, 'p' }, { "reason", required_argument, NULL, 'r' }, { "security", no_argument, NULL, 'e'}, - { "brick", no_argument, NULL, 0 }, + { "wipe_ab", no_argument, NULL, 0 }, + { "wipe_package_size", required_argument, NULL, 0 }, { NULL, 0, NULL, 0 }, }; +// More bootreasons can be found in "system/core/bootstat/bootstat.cpp". +static const std::vector<std::string> bootreason_blacklist { + "kernel_panic", + "Panic", +}; + static const char *CACHE_LOG_DIR = "/cache/recovery"; static const char *COMMAND_FILE = "/cache/recovery/command"; static const char *LOG_FILE = "/cache/recovery/log"; @@ -110,7 +118,7 @@ static const int BATTERY_READ_TIMEOUT_IN_SEC = 10; // So we should check battery with a slightly lower limitation. static const int BATTERY_OK_PERCENTAGE = 20; static const int BATTERY_WITH_CHARGER_OK_PERCENTAGE = 15; -constexpr const char* RECOVERY_BRICK = "/etc/recovery.brick"; +constexpr const char* RECOVERY_WIPE = "/etc/recovery.wipe"; RecoveryUI* ui = NULL; static const char* locale = "en_US"; @@ -298,9 +306,13 @@ static void redirect_stdio(const char* filename) { // - the contents of COMMAND_FILE (one per line) static void get_args(int *argc, char ***argv) { - struct bootloader_message boot; - memset(&boot, 0, sizeof(boot)); - get_bootloader_message(&boot); // this may fail, leaving a zeroed structure + bootloader_message boot = {}; + std::string err; + if (!read_bootloader_message(&boot, &err)) { + LOGE("%s\n", err.c_str()); + // If fails, leave a zeroed bootloader_message. + memset(&boot, 0, sizeof(boot)); + } stage = strndup(boot.stage, sizeof(boot.stage)); if (boot.command[0] != 0 && boot.command[0] != 255) { @@ -362,16 +374,20 @@ get_args(int *argc, char ***argv) { strlcat(boot.recovery, (*argv)[i], sizeof(boot.recovery)); strlcat(boot.recovery, "\n", sizeof(boot.recovery)); } - set_bootloader_message(&boot); + if (!write_bootloader_message(boot, &err)) { + LOGE("%s\n", err.c_str()); + } } static void set_sdcard_update_bootloader_message() { - struct bootloader_message boot; - memset(&boot, 0, sizeof(boot)); + bootloader_message boot = {}; strlcpy(boot.command, "boot-recovery", sizeof(boot.command)); strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery)); - set_bootloader_message(&boot); + std::string err; + if (!write_bootloader_message(boot, &err)) { + LOGE("%s\n", err.c_str()); + } } // Read from kernel log into buffer and write out to file. @@ -522,9 +538,11 @@ finish_recovery() { copy_logs(); // Reset to normal system boot so recovery won't cycle indefinitely. - struct bootloader_message boot; - memset(&boot, 0, sizeof(boot)); - set_bootloader_message(&boot); + bootloader_message boot = {}; + std::string err; + if (!write_bootloader_message(boot, &err)) { + LOGE("%s\n", err.c_str()); + } // Remove the command file, so recovery won't repeat indefinitely. if (has_cache) { @@ -892,15 +910,79 @@ static bool secure_wipe_partition(const std::string& partition) { return true; } -// Brick the current device, with a secure wipe of all the partitions in -// RECOVERY_BRICK. -static bool brick_device() { +// Check if the wipe package matches expectation: +// 1. verify the package. +// 2. check metadata (ota-type, pre-device and serial number if having one). +static bool check_wipe_package(size_t wipe_package_size) { + if (wipe_package_size == 0) { + LOGE("wipe_package_size is zero.\n"); + return false; + } + std::string wipe_package; + std::string err_str; + if (!read_wipe_package(&wipe_package, wipe_package_size, &err_str)) { + LOGE("Failed to read wipe package: %s\n", err_str.c_str()); + return false; + } + if (!verify_package(reinterpret_cast<const unsigned char*>(wipe_package.data()), + wipe_package.size())) { + LOGE("Failed to verify package.\n"); + return false; + } + + // Extract metadata + ZipArchive zip; + int err = mzOpenZipArchive(reinterpret_cast<unsigned char*>(&wipe_package[0]), + wipe_package.size(), &zip); + if (err != 0) { + LOGE("Can't open wipe package: %s\n", err != -1 ? strerror(err) : "bad"); + return false; + } + std::string metadata; + if (!read_metadata_from_package(&zip, &metadata)) { + mzCloseZipArchive(&zip); + return false; + } + mzCloseZipArchive(&zip); + + // Check metadata + std::vector<std::string> lines = android::base::Split(metadata, "\n"); + bool ota_type_matched = false; + bool device_type_matched = false; + bool has_serial_number = false; + bool serial_number_matched = false; + for (const auto& line : lines) { + if (line == "ota-type=BRICK") { + ota_type_matched = true; + } else if (android::base::StartsWith(line, "pre-device=")) { + std::string device_type = line.substr(strlen("pre-device=")); + char real_device_type[PROPERTY_VALUE_MAX]; + property_get("ro.build.product", real_device_type, ""); + device_type_matched = (device_type == real_device_type); + } else if (android::base::StartsWith(line, "serialno=")) { + std::string serial_no = line.substr(strlen("serialno=")); + char real_serial_no[PROPERTY_VALUE_MAX]; + property_get("ro.serialno", real_serial_no, ""); + has_serial_number = true; + serial_number_matched = (serial_no == real_serial_no); + } + } + return ota_type_matched && device_type_matched && (!has_serial_number || serial_number_matched); +} + +// Wipe the current A/B device, with a secure wipe of all the partitions in +// RECOVERY_WIPE. +static bool wipe_ab_device(size_t wipe_package_size) { ui->SetBackground(RecoveryUI::ERASING); ui->SetProgressType(RecoveryUI::INDETERMINATE); + if (!check_wipe_package(wipe_package_size)) { + LOGE("Failed to verify wipe package\n"); + return false; + } std::string partition_list; - if (!android::base::ReadFileToString(RECOVERY_BRICK, &partition_list)) { - LOGE("failed to read \"%s\".\n", RECOVERY_BRICK); + if (!android::base::ReadFileToString(RECOVERY_WIPE, &partition_list)) { + LOGE("failed to read \"%s\".\n", RECOVERY_WIPE); return false; } @@ -1296,7 +1378,7 @@ static bool is_battery_ok() { } static void set_retry_bootloader_message(int retry_count, int argc, char** argv) { - struct bootloader_message boot {}; + bootloader_message boot = {}; strlcpy(boot.command, "boot-recovery", sizeof(boot.command)); strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery)); @@ -1315,7 +1397,34 @@ static void set_retry_bootloader_message(int retry_count, int argc, char** argv) snprintf(buffer, sizeof(buffer), "--retry_count=%d\n", retry_count+1); strlcat(boot.recovery, buffer, sizeof(boot.recovery)); } - set_bootloader_message(&boot); + std::string err; + if (!write_bootloader_message(boot, &err)) { + LOGE("%s\n", err.c_str()); + } +} + +static bool bootreason_in_blacklist() { + char bootreason[PROPERTY_VALUE_MAX]; + if (property_get("ro.boot.bootreason", bootreason, nullptr) > 0) { + for (const auto& str : bootreason_blacklist) { + if (strcasecmp(str.c_str(), bootreason) == 0) { + return true; + } + } + } + return false; +} + +static void log_failure_code(ErrorCode code, const char *update_package) { + FILE* install_log = fopen_path(TEMPORARY_INSTALL_FILE, "w"); + if (install_log != nullptr) { + fprintf(install_log, "%s\n", update_package); + fprintf(install_log, "0\n"); + fprintf(install_log, "error: %d\n", code); + fclose(install_log); + } else { + LOGE("failed to open last_install: %s\n", strerror(errno)); + } } static ssize_t logbasename( @@ -1409,7 +1518,8 @@ int main(int argc, char **argv) { const char *update_package = NULL; bool should_wipe_data = false; bool should_wipe_cache = false; - bool should_brick = false; + bool should_wipe_ab = false; + size_t wipe_package_size = 0; bool show_text = false; bool sideload = false; bool sideload_auto_reboot = false; @@ -1443,8 +1553,11 @@ int main(int argc, char **argv) { case 'r': reason = optarg; break; case 'e': security_update = true; break; case 0: { - if (strcmp(OPTIONS[option_index].name, "brick") == 0) { - should_brick = true; + if (strcmp(OPTIONS[option_index].name, "wipe_ab") == 0) { + should_wipe_ab = true; + break; + } else if (strcmp(OPTIONS[option_index].name, "wipe_package_size") == 0) { + android::base::ParseUint(optarg, &wipe_package_size); break; } break; @@ -1535,15 +1648,12 @@ int main(int argc, char **argv) { BATTERY_OK_PERCENTAGE); // Log the error code to last_install when installation skips due to // low battery. - FILE* install_log = fopen_path(LAST_INSTALL_FILE, "w"); - if (install_log != nullptr) { - fprintf(install_log, "%s\n", update_package); - fprintf(install_log, "0\n"); - fprintf(install_log, "error: %d\n", kLowBattery); - fclose(install_log); - } else { - LOGE("failed to open last_install: %s\n", strerror(errno)); - } + log_failure_code(kLowBattery, update_package); + status = INSTALL_SKIPPED; + } else if (bootreason_in_blacklist()) { + // Skip update-on-reboot when bootreason is kernel_panic or similar + ui->Print("bootreason is in the blacklist; skip OTA installation\n"); + log_failure_code(kBootreasonInBlacklist, update_package); status = INSTALL_SKIPPED; } else { status = install_package(update_package, &should_wipe_cache, @@ -1587,8 +1697,8 @@ int main(int argc, char **argv) { if (!wipe_cache(false, device)) { status = INSTALL_ERROR; } - } else if (should_brick) { - if (!brick_device()) { + } else if (should_wipe_ab) { + if (!wipe_ab_device(wipe_package_size)) { status = INSTALL_ERROR; } } else if (sideload) { |