| Commit message (Collapse) | Author | Files | Lines |
|
It fails to build recovery_component_test with the following errors:
out/soong/.intermediates/hardware/interfaces/boot/1.0/android.hardware.boot@1.0_genc++_headers/gen/android/hardware/boot/1.0/types.h:14:
error: undefined reference to 'android::hardware::hidl_string::hidl_string(android::hardware::hidl_string const&)'
out/soong/.intermediates/hardware/interfaces/boot/1.0/android.hardware.boot@1.0_genc++_headers/gen/android/hardware/boot/1.0/types.h:14:
error: undefined reference to 'android::hardware::hidl_string::operator=(android::hardware::hidl_string
const&)'
out/soong/.intermediates/hardware/interfaces/boot/1.0/android.hardware.boot@1.0_genc++_headers/gen/android/hardware/boot/1.0/types.h:14:
error: undefined reference to 'android::hardware::hidl_string::~hidl_string()'
libupdate_verifier includes <android/hardware/boot/1.0/IBootControl.h>,
which includes the 'types.h' above. In 'types.h', it defines struct
CommandResult that's using android::hardware::hidl_string.
Since libhidlbase doesn't have a static library target, remove
'LOCAL_FORCE_STATIC_EXECUTABLE := true', which isn't required for
running tests.
Test: mmma -j bootable/recovery
Bug: 64538692
Change-Id: Iaa7c08adc241128d787274fcaea9b363e7ff93f4
(cherry picked from commit 102016ce1fe62190ace7016f2e7484b37f6391ea)
|
|
This is useful in imgdiff to maintain the block ranges of
splitted source image.
Bug: 34220646
Test: mma && unit tests pass
Change-Id: I6427f2ea50f0e3b0aa3dd01880ec0206679b7429
|
|
- Changed to std::string based implementation (mostly moved from the
former make_parents() in updater/install.cpp);
- Removed the timestamp parameter, which is only neeed by file-based OTA;
- Changed the type of mode from int to mode_t;
- Renamed dirCreateHierarchy() to mkdir_recursively().
Test: recovery_unit_test passes.
Test: No external user of dirCreateHierarchy() in code search.
Change-Id: I71f8c4b29bab625513bbc3af6d0d1ecdc3a2719a
|
|
This function has become obsolete since we've removed file-based OTA
support (it was needed by 'delete_recursive' edify function earlier).
Test: mmma -j bootable/recovery
Test: Code search shows no active user of the function.
Change-Id: If6faaa759d4c849b79acba4e6adb82baadc89f7a
|
|
This is to cover the code added by commit
5a1dee01df3af346729b5791606b72d59b8e9815, where an O update_verifier
should not reject N care_map.txt.
Bug: 63544345
Test: recovery_component_test passes on marlin.
Change-Id: Ia944e16cba3cc635098b3ffd92842d725b570fec
|
|
receive_new_data may exit too early if the zip processor has sent all
the raw data. As a result, the last few 'new' commands will fail even
though the brotli decoder has more output in its buffer.
Restruct the code so that 'NewThreadInfo' owns the decoder state solely;
and receive_brotli_new_data is responsible for the decompression.
Also reduce the test data size to 100 blocks to avoid the test timeout.
Bug: 63802629
Test: recovery_component_test. on bullhead, apply full updates with and
w/o brotli compressed entries, apply an incremental update.
Change-Id: I9442f2536b74e48dbf7eeb062a8539c82c6dab47
|
|
Add the O_CLOEXEC or 'e' accordingly.
Bug: 63510015
Test: recovery tests pass
Change-Id: I7094bcc6af22c9687eb535116b2ca6a59178b303
|
|
Add a new writer that can decode the brotli-compressed system/vendor
new data stored in the OTA zip.
Brotli generally gives better compression rate at the cost of slightly
increased time consumption. The patch.dat is already compressed
by BZ; so there's no point to further compress it.
For the given 1.9G bullhead system image:
Size: 875M -> 787M; ~10% reduction of package size.
Time: 147s -> 153s; ~4% increase of the block_image_update execution time.
(I guess I/O takes much longer time than decompression.)
Also it takes 4 minutes to compress the system image on my local
machine, 3 more minutes than zip.
Test: recovery tests pass && apply a full OTA with brotli compressed
system/vendor.new.dat on bullhead
Change-Id: I232335ebf662a9c55579ca073ad45265700a621e
|
|
In a rare case, a random chunk will pass both the gzip header check
and the inflation process; but fail the uncompressed length check in the
footer. This leads to a imgdiff failure. So, we should treat this chunk
as 'normal' instead of 'inflated' while generating the patch.
Bug: 63334984
Test: imgdiff generates patch successfully on previous failing images.
Change-Id: Ice84f22d3653bce9756bda91e70528c0d2f264a0
|
|
package_extract_dir() was removed in go/aog/402383, and the
corresponding UpdaterTest should be removed as well.
Bug: 62918308
Test: mma && code search
Change-Id: Ibe9c473a5d41d2fa4d26abca5684e71b104891b0
|
|
When using AVB, PRODUCT_SUPPORTS_VERITY is not set so check for
BOARD_ENABLE_AVB as well. Also AVB sets up the root filesystem as
'vroot' so map that to 'system' since this is what is
expected. Managed to test at least that the code is at least compiled
in:
$ fastboot --set-active=_a
Setting current slot to 'a'...
OKAY [ 0.023s]
finished. total time: 0.023s
$ fastboot reboot
rebooting...
finished. total time: 0.050s
$ adb wait-for-device
$ adb logcat |grep update_verifier
03-04 05:28:56.773 630 630 I /system/bin/update_verifier: Started with arg 1: nonencrypted
03-04 05:28:56.776 630 630 I /system/bin/update_verifier: Booting slot 0: isSlotMarkedSuccessful=0
03-04 05:28:56.776 630 630 W /system/bin/update_verifier: Failed to open /data/ota_package/care_map.txt: No such file or directory
03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Marked slot 0 as booted successfully.
03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Leaving update_verifier.
Bug: None
Test: Manually tested on device using AVB bootloader.
Change-Id: I13c0fe1cc5d0f397e36f5e62fcc05c8dfee5fd85
|
|
It's only used by file-based OTA which has been deprecated for O.
Test: mma
Change-Id: I439c93155ca94554d827142c99aa6c0845cc7561
|
|
This will help us to identify the patch corruption.
Meanwhile fix a wrong size parameter passed to bspatch.
(patch->data.size() into patch->data.size() - patch_offset).
Also remove the only usage of "ApplyBSDiffPatchMem()" and inline its
Sink function for simplicity.
Bug: 37855643
Test: Prints SHA1 for corrupted patch in imgdiff_test.
Change-Id: Ibf2db8c08b0ded1409bb7c91a3547a6bf99c601d
|
|
This allows writing native tests for non-A/B update_binary_command().
Prior to this CL, it was extracting the updater to a hard-coded
location (/tmp/update_binary) that's not available under the test
environment.
Test: recovery_component_test on angler and marlin respectively.
Test: Sideload OTA packages on angler and marlin respectively.
Change-Id: I78b9cc211d90c0a16a84e94e339b65759300e2a8
|
|
run_fuse_sideload() is passing the block size as the max_read
option, so it will only handle a request that involves at most two
blocks at a time. However, the minimal allowed value was set to 1024
prior to this CL, which is inconsistent with the kernel code
(fs/fuse/inode.c) that sets it to the greater of 4096 and the passed-in
max_read option. This would fail the calls with a block size / max_read
less than 4096 due to the wrongly computed block indices.
Note that we didn't observe real issue in practice, because we have been
using 64 KiB block sizes for both of adb and sdcard sideload calls. The
issue only shows up in my local CL (to come later) that uses 1024 block
size in run_fuse_sideload() tests.
Test: recovery_component_test
Test: adb sideload with the new recovery image on angler
Change-Id: Id9f0cfea13d0d193dcb7cd41a1553a23739545f2
|
|
Test: recovery_component_test
Test: recovery_unit_test
Test: Apply an OTA on angler.
Change-Id: I7170f03e4ce1fe06184ca1d7bcce0a695f33ac4d
|
|
Enable -Wall and expose verify_image() for testing purpose.
Test: mmma bootable/recovery
Test: recovery_component_test
Change-Id: I1ee1db2a775bafdc1112e25a1bc7194d8d6aee4f
|
|
The SpaceMode (applypatch -s) was used in amend script (cupcake) only,
which has been removed since commit
9ce2ebf5d300eba5f6086583b0941ef68a3e4b42 (platform/build). The later
(and current) edify script uses apply_patch_space().
Note that other modes (PatchMode, CheckMode) of applypatch executable
are mostly used by install-recovery.sh script.
Test: No active user of "applypatch -s".
Test: recovery_component_test
Change-Id: I1d689b7fedd3884077e88ed1d6c22f7a2198859d
|
|
This now covers the actual calls to libvintf, and asserts we're getting
identical results through verify_package_compatibility() and by calling
libvintf directly.
We were missing the coverage and introduced the double free bug (fixed
by commit f978278995d02a58e311fe017bdbb2c3702dd3bc).
Bug: 37413730
Test: recovery_component_test passes.
Test: recovery_component_test fails w/o commit
f978278995d02a58e311fe017bdbb2c3702dd3bc.
Change-Id: If5195ea1c583fd7c440a1de289da82145e80e23c
(cherry picked from commit f2784b6a43e54ed67bc30ac456f66f11bd16bc74)
|
|
ApplyPatchFullTest and ApplyPatchDoubleCacheTest were used for defining
testcases for file-based OTA. The testcases have already been removed by
commit 40e144dae877654f75e65242535036058ea48f58. This CL removes the
obsolete class defnitions.
Bug: 37559618
Test: recovery_component_test on angler and marlin respectively.
Change-Id: I3f4f1dfc8580cf010365e671de256f68bbc0d99a
|
|
This now covers the actual calls to libvintf, and asserts we're getting
identical results through verify_package_compatibility() and by calling
libvintf directly.
We were missing the coverage and introduced the double free bug (fixed
by commit f978278995d02a58e311fe017bdbb2c3702dd3bc).
Bug: 37413730
Test: recovery_component_test passes.
Test: recovery_component_test fails w/o commit
f978278995d02a58e311fe017bdbb2c3702dd3bc.
Change-Id: If5195ea1c583fd7c440a1de289da82145e80e23c
|
|
The libvintf API has landed. Hook up to do the actual verification.
Bug: 36597505
Test: recovery_component_test
Test: m recoveryimage; adb sideload on angler and sailfish, with
packages that contain dummy compatibility entries.
Test: m recoveryimage; adb sideload on angler and sailfish, with
packages that don't contain any compatibility entries.
Change-Id: Idbd6f5aaef605ca51b20e667505d686de5ac781f
(cherry picked from commit da320ac6ab53395ddff3cc08b88a61f977ed939a)
|
|
The libvintf API has landed. Hook up to do the actual verification.
Bug: 36597505
Test: recovery_component_test
Test: m recoveryimage; adb sideload on angler and sailfish, with
packages that contain dummy compatibility entries.
Test: m recoveryimage; adb sideload on angler and sailfish, with
packages that don't contain any compatibility entries.
Change-Id: Idbd6f5aaef605ca51b20e667505d686de5ac781f
|
|
Test: recovery_component_test
Change-Id: I672a6a4f101c72e82b9f25f165dccd1c9520627b
|
|
Expose update_binary_command() through private/install.h for testing
purpose.
Also make minor clean-ups to install.cpp: a) adding more verbose logging
on ExtractToMemory failures; b) update_binary_command() taking
std::string instead of const char*; c) moving a few macro and global
constants into update_binary_command().
Bug: 37300957
Test: recovery_component_test on marlin
Test: Build new recovery and adb sideload on angler and sailfish.
Change-Id: Ib2d9068af3fee038f01c90940ccaeb0a7da374fc
Merged-In: Ib2d9068af3fee038f01c90940ccaeb0a7da374fc
(cherry picked from commit bc4b1fe4c4305ebf0fbfc891b9b508c14b5c8ef8)
|
|
Expose update_binary_command() through private/install.h for testing
purpose.
Also make minor clean-ups to install.cpp: a) adding more verbose logging
on ExtractToMemory failures; b) update_binary_command() taking
std::string instead of const char*; c) moving a few macro and global
constants into update_binary_command().
Bug: 37300957
Test: recovery_component_test on marlin
Test: Build new recovery and adb sideload on angler and sailfish.
Change-Id: Ib2d9068af3fee038f01c90940ccaeb0a7da374fc
|
|
verify_package_compatibility() is added to parse the compatibility entry
(compatibility.zip) in a given OTA package. If entry is present, the
information is sent to libvintf to check the compatibility.
This CL doesn't actually call libvintf, since the API there is not
available yet.
Bug: 36597505
Test: Doesn't break the install with existing packages (i.e. w/o the
compatibility entry).
Test: recovery_component_test
Change-Id: I3903ffa5f6ba33a5c0d761602ade6290c6752596
(cherry picked from commit 62e0bc7586077b3bde82759fb34b51b982cea20f)
|
|
verify_package_compatibility() is added to parse the compatibility entry
(compatibility.zip) in a given OTA package. If entry is present, the
information is sent to libvintf to check the compatibility.
This CL doesn't actually call libvintf, since the API there is not
available yet.
Bug: 36597505
Test: Doesn't break the install with existing packages (i.e. w/o the
compatibility entry).
Test: recovery_component_test
Change-Id: I3903ffa5f6ba33a5c0d761602ade6290c6752596
|
|
Right now the update stuck in a deadlock if there's less new data than
expection. Add some checkers and abort the update if such case happens.
Also add a corresponding test.
Bug: 36787146
Test: update aborts correctly on bullhead && recovery_component_test passes
Change-Id: I914e4a2a4cf157b99ef2fc65bd21c6981e38ca47
|
|
Since commit fb00d82f32446804f7149bc6846dcc580cf0db1d has added
get_bootloader_message_blk_device() as an API, switch the tests-local
implementation to it.
Test: recovery_component_test on angler.
Test: recovery_component_test on a local build that doesn't have /misc.
Change-Id: I4f5f542cb9ef58292c587a677da73d8822db7262
|
|
This CL makes the following changes to RangeSet:
- Uses std::pair<size_t, size_t> to represent a Range;
- Uses std::vector<Range> to represent a RangeSet;
- Provides const iterators (forward and reverse);
- Provides const accessor;
- 'blocks()' returns the number of blocks (formerly 'size');
- 'size()' returns the number of Range's (formerly 'count').
Test: recovery_unit_test
Test: Apply an incremental update with the new updater.
Change-Id: Ia1fbb343370a152e1f7aa050cf914c2da09b1396
|
|
Also move RangeSet into a header file to make it testable, and add unit
tests.
In RangeSet::Parse() (the former parse_range()), use libbase logging to
do assertions. This has the same effect as the previous
exit(EXIT_FAILURE) to terminate the updater process and abort an update.
The difference lies in the exit status code (i.e. WEXITSTATUS(status) in
install.cpp), which changes from 1 (i.e. EXIT_FAILURE) to 0.
Test: recovery_unit_test
Test: Apply an incremental update with the new updater.
Change-Id: Ie8393c78b0d8ae0fd5f0ca0646d871308d71fff0
|
|
Per the comment in build/make/core/base_rules.mk:
Ninja has an implicit dependency on the command being run, and kati will
regenerate the ninja manifest if any read makefile changes, so there is no
need to have dependencies on makefiles.
Test: mmma bootable/recovery
Change-Id: I27b97df10d40f39ad966be70b33811175a665439
|
|
Design doc:
Generalized Suites & the Unification of APCT & CTS Workflows Design/Roadmap
https://docs.google.com/document/d/1eabK3srlBLouMiBMrNP3xJPiRRdcoCquNxC8gBWPvx8/edit#heading=h.78vup5eivwzo
Details about test configs changes are tracked in doc
https://docs.google.com/document/d/1EWUjJ7fjy8ge_Nk0YQbFdRp8DSHo3z6GU0R8jLgrAcw/edit#
Bug: 35882476
Test: local test
Change-Id: I51e1b410536469d254ae7a353bc61a7df06c8324
|
|
am: 5ec12126f0
Change-Id: Ia6b861c91958d3be23a4a7456d6d5d8e4a1607c8
(cherry picked from commit 9166f66eee883d6d6cc280a6c355e5528bb4a3f0)
|
|
Also factor out the common parts in {setup,clear}_bcb into a separate
function.
Test: recovery_component_test
Change-Id: I7b95cced925c8135e020dcb791ca2425d4f28449
|
|
Test: mmma bootable/recovery system/update_engine
Test: recovery_component_test
Change-Id: I93c2caa87bf94a53509bb37f98f2c02bcadb6f5c
|
|
Mostly for applypatch family APIs like ApplyBSDiffPatch() and
ApplyImagePatch(). Changing to size_t doesn't indicate they would
necessarily work with very large size_t (e.g. > ssize_t), just
similar to write(2). But otherwise accepting negative length doesn't
make much sense.
Also change the return type of SinkFn from ssize_t to size_t. Callers
tell a successful sink by comparing the number of written bytes against
the desired value. Negative return values like -1 are not needed. This
also makes it consistent with bsdiff::bspatch interface.
Test: recovery_component_test
Test: Apply an incremental with the new updater.
Change-Id: I7ff1615203a5c9854134f75d019e266f4ea6e714
|
|
For the BadPackage tests from VerifierTest: one alters the footer, and
the other alters the metadata. Move the two tests to be based on
otasigned_v3.zip (they're based on otasigned_v1.zip previously). Also
construct the testdata files dynamically (to save the space and for
better readability).
Test: recovery_component_test
Change-Id: I7604d563f8b4fa0c55fec8730c063384158e3abc
|
|
Test: Observe the same failure with recovery_component_test ("signature
start: 65535 is larger than comment size: 0").
Change-Id: I98c357b5df2fa4caa9d8eed63af2e945ed99f18a
|
|
Switch the locale header in the png files from Locale.toString() to
Locale.toLanguageTag(). For example, en_US --> en-us and sr__#Latn
--> sr-Latn. Also clean up recovery a bit to expect the new locale
format.
Bug: 35215015
Test: sr-Latn shows correctly under graphic tests && recovery tests pass
Change-Id: Ic62bab7756cdc6e5f98f26076f7c2dd046f811db
|
|
It's valid to provide only 1 argument to apply_patch_check(). We
shouldn't fail the argument parsing.
Bug: 36541737
Test: recovery_component_test passes.
Test: recovery_component_test captures the failure without the fix.
Test: The previously failed update applies successfully.
Change-Id: Iee4c54ed33b877fc4885945b085341ec5c64f663
|
|
And switch them to std::vector & std::unique_ptr
Bug: 32117870
Test: recovery tests passed on sailfish
Change-Id: I5a45951c4bdf895be311d6d760e52e7a1b0798c3
|
|
Test: mmma bootable/recovery
Test: recovery_unit_test passes.
Test: recovery_component_test passes.
Change-Id: If0bf25993158eaebeedff55ba4f4dd0f6e5f937d
|
|
We should not touch any data while verifying packages (or parsing the
in-memory ASN.1 structures).
Test: mmma bootable/recovery
Test: recovery_component_test passes.
Test: recovery_unit_test passes.
Change-Id: Ie990662c6451ec066a1807b3081c9296afbdb0bf
|
|
Test: recovery_component_test passes.
Change-Id: I6276b59981c87c50736d69d4af7647c8ed892965
|
|
A follow-up to commit 5e535014dd7961fbf812abeaa27f3339775031f1.
Also clean up Android.mk, since libverifier no longer needs anything
from libminui.
Test: mmma bootable/recovery
Test: recovery_component_test passes.
Change-Id: I1c11e4bbeef67ca34a2054debf1f5b280d509217
|
|
verify_file() has a dependency on the global variable of 'ui' for
posting the verification progress, which requires the users of
libverifier to provide a UI instance.
This CL adds an optional argument to verify_file() so that it can
post the progress through the provided callback function. As a result,
we can drop the MockUI class in verifier_test.cpp.
Test: recovery_component_test passes.
Test: verify_file() posts progress update when installing an OTA.
Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1
(cherry picked from commit 5e535014dd7961fbf812abeaa27f3339775031f1)
|
|
verify_file() has a dependency on the global variable of 'ui' for
posting the verification progress, which requires the users of
libverifier to provide a UI instance.
This CL adds an optional argument to verify_file() so that it can
post the progress through the provided callback function. As a result,
we can drop the MockUI class in verifier_test.cpp.
Test: recovery_component_test passes.
Test: verify_file() posts progress update when installing an OTA.
Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1
|
|
Add the following tests:
stash src
bspatch stashed_src tgt
free stashed_src
(expected a successful update)
stash src
free stashed_src
fail_the_update
(expected stashed_src freed)
Bug: 36242722
Test: Test identified unfreed stashes correctly.
Change-Id: I5a136e8dc31774367972fbfe8c63cbc1ddb3a113
|
|
Also remove the utils in applypatch and replace them with the
corresponding libbase functions.
Test: recovery tests pass.
Change-Id: I77254c141bd3e7d3d6894c23b60e866009516f81
|
|
Patching regular files is used in file-based OTA only, which has become
obsolete.
Bug: 35853185
Test: Apply an incremental that patches the boot.img.
Test: /system/bin/install-recovery.sh works.
Test: recovery_component_test passes.
Change-Id: Id44e42c4bc63f2162ecc8a6df1cb528b7ae6b0a9
|
|
This CL removes the updater support for delete(), symlink(), rename(),
set_metadata() and set_metadata_recursive(). Such functions have been
removed from the generation script in commit
f388104eaacd05cfa075d6478369e1d0df5ddbf3 (platform/build).
Note: This CL also removes delete_recursive() which seems to have never
been supported in generation script.
Bug: 35853185
Test: recovery_component_test passes.
Change-Id: I51e1ec946fa73761118fa1eaa082423df6d588e9
|
|
The fstab settings of early-mounted partitions (e.g., /vendor) will be in
kernel device tree. Switch to the new API to get the whole settings with
those in device tree:
fs_mgr_read_fstab_with_dt("/etc/recovery.fstab")
The original default /fstab.{ro.hardware} might be moved to
/vendor/etc/. or /odm/etc/. Use another new API to get the default fstab
instead of using the hard-coded /fstab.{ro.hardware}. This API also
includes the settings from device tree:
fs_mgr_read_fstab_default()
Bug: 35811655
Test: boot sailfish recovery
Change-Id: Iaa56ac7f7b4c4dfc7180c65f03e9a37b94f1de09
|
|
Put ImageChunk and some helper functions into a class. Also switch to
using std::vector instead of malloc.
Bug: 18606652
Test: imgdiff_test passed on host. Also generate a complete incremental OTA package.
The file content is the same and time consumption is similar.
Change-Id: Id603ada4e130ef521218400761a119001a86ca79
|
|
The test should not clear bcb during teardown on devices without
/misc.
Bug: 35712836
Test: The test tears down without errors after /misc removed from the fstab.
Change-Id: I42df89feb18fac5a435cd17eef97a6bad0f44545
|
|
FUSE FS is required in recovery sideload functionalites.
This CL is to add a native test to flag when FUSE is not
supported in the device kernel.
Bug: 35768196
Test: mma, run recovery_component_test on marlin and pass all
Change-Id: I43b6dbee658010df56ba4d4b0e91baa7fd1c4480
|
|
Skip these two tests if /misc partition is not found in fstab.
Bug: 35712836
Test: Both test skip correctly if there's no /misc in fstab.${hardware}.
Change-Id: I38417a8677030229a335e43eaef85ae70c4e0845
|
|
Now ApplyBSDiffPatch() will stream the output to sink as we go instead
of sinking everything at the end.
Test: recovery_host_test
Bug: 26982501
Change-Id: I05b6ed40d45e4b1b19ae72784cf705b731b976e3
|
|
Bug: 34220783
Test: make checkbuild
Change-Id: Iceea20e440a4bb6a3b254486a65a86401a2241ef
|
|
match_locale() will return false for empty locale string in the PNG
file. Also add a manual test to validate if a PNG file is qualified to
use under recovery.
Bug: 34054052
Test: recovery_manual_test catches invalid PNG files successfully & Locale_test passed
Change-Id: Id7e2136e1d8abf20da15825aa7901effbced8b03
|
|
Bug: 34220783
Change-Id: I358f931f0b29f5bd526e1475180e477e2e90b936
|
|
Bug: 34220783
Change-Id: I34ccc3b11da0d1b48805967ad75b9ddade569930
|
|
Test: recovery_component_test passes.
Change-Id: I4f00d0171cf86699e9ce747d07d7d44a01906e81
|
|
UI text is broken (doesn't show any text during FDR) due to commit
d530449e54bd327e9c26209ffa0490c6508afe6c, which reordered the calls to
RecoveryUI::SetLocale() and RecoveryUI::Init().
Because Init() uses the locale info to load the localized texts (from
images), the locale must be set prior to that via SetLocale(). This CL
refactors Init() to take the locale parameter, and removes the odd
SetLocale() API.
Bug: 34029338
Test: 'Run graphics test' under recovery.
Change-Id: I620394a3d4e3705e9af5a1f6299285d143ae1b01
|
|
When the input image ends with the magic value sequence of 0x1f, 0x8b,
0x0b (optionally with 0x00), the image parsing code will be stuck in an
infinite loop.
Test: recovery_component_test passes.
Change-Id: Ie3629dfdc41360387b19cc3e0359c95ae4fb998e
|
|
Test: recovery_unit_test passes.
Change-Id: I764c56404c7ccdd57ae5486c946fbc9ac6ae7bc9
|
|
Test: recovery_unit_test passes.
Change-Id: I8ad364e88aaee31579ed7206aad8e5620518d797
|
|
Although O_RDONLY gives the same value as F_OK (0), it's not the right
friend of access(2).
Also clean up the temporary files from ZipTest (TemporaryDir doesn't
like non-empty directory).
Test: recovery_unit_test passes and has no leftover.
Change-Id: I66b90e43c0954c89ce08b36b9e2b4e84183b28f5
|
|
Factor out libimgdiff static library for testing purpose.
This CL adds the imgdiff tests on host and on target both (similar to
libimgpatch). In practice, we only need imgdiff binary on host, and
libimgpatch on target. But they should build and pass tests on both
platforms.
Test: recovery_host_test passes; recovery_component_test passes.
Change-Id: I0eafb7faf727cdf70066310e845af6ee245d4f60
|
|
The 'signature_start' variable marks the location of the signature
from the end of a zip archive. And a boundary check is missing where
'signature_start' should be within the EOCD comment field. This causes
problems when sideloading a malicious package. Also add a corresponding
test.
Bug: 31914369
Test: Verification fails correctly when sideloading recovery_test.zip on
angler.
Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1
|
|
This is a retry of commit 7e31f421a514da09b90e46dbd642a5e9b16e0003.
Commit bd56f1590c967205dc45eb2ec298aa8d2aacb740 switches to calling
write_bootloader_message(<options>) in get_args(), which
unintentionally resets the stage field thus breaks two-step OTAs.
This CL adds update_bootloader_message(<options>), which only sets
the command field (to "boot-recovery") and the recovery field (with
the specified options).
Bug: 33534933
Test: Apply a two-step package.
Test: recovery_component_test passes.
Change-Id: Ie0b1ed4053d2d3c97d9cb84310d616b28fcfc72e
|
|
Test: recovery_component_test passes.
Change-Id: Ib9aa2ffd6b018546223c76b7424f4ba355f5b088
|
|
Bug: http://b/33534933
Test: recovery_component_test passes (and fails on buggy build due to
the CL in [1]).
[1]: commit 7e31f421a514da09b90e46dbd642a5e9b16e0003
Change-Id: I120498048ec1db8f9fcbb3cf135c05d3a48cfcdf
|
|
This allows recovery to work on devices without screen.
The stub recovery UI does nothing except print to stdout.
Test: write 'recovery\n--wipe_data\n--reason=wipe_data_from_ota\n'
to misc and boot to recovery on a device without screen.
Bug: 33175036
Change-Id: Icde698aa2e2e29f4b3d0532dfd3c6a939ac2bc63
|
|
There're two types of targets in applypatch: regular files and EMMC
targets. We have two sets of functions to handle them respectively.
This CL adds testcases to use "EMMC:filename:size:sha1" as the target
name, which triggers the code path for patching EMMC targets.
Bug: 33034669
Test: recovery_component_test passes.
Change-Id: I8f10c6c8d2c1fb083f06a83de91d9e23cb41fb6d
|
|
Add read_bootloader_message_from() and write_bootloader_message_to() to
allow specifying the BCB device (/misc).
Also add testcases for set_stage() and get_stage().
Test: recovery_component_test passes.
Test: Build a recovery image and apply a two-step OTA package.
Change-Id: If5ab06a1aaaea168d2a9e5dd63c07c0a3190e4ae
|
|
Test: recovery_component_test passes.
Change-Id: I3af4707bc42c7331ca961be8b967a53de82ea25b
|
|
write_value(value, filename) writes 'value' to 'filename'. It can be
used to tune device settings when applying an OTA package. For example,
write_value("960000", "/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq").
Bug: 32463933
Test: recovery_component_test passes.
Test: Apply an OTA package that contains a call to write_value(), and
check the result.
Change-Id: Ib009ecb8a45a94353f10c59e2383fe1f49796e35
|
|
'bool success = ExtractEntryToFile()' gives opposite result. Fix the
issue and add testcases.
Change the one-argument version of package_extract_file() to explicitly
abort for non-existent zip entry. Note that this is NOT changing the
behavior. Prior to this CL, it aborts from Evaluate() function, by
giving a general cause code. Now it returns kPackageExtractFileFailure.
BUg: 32903624
Test: recovery_component_test works.
Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f
(cherry picked from commit ef0eb3b01b66fbbc97908667a3dd1e02d710cbb7)
|
|
'bool success = ExtractEntryToFile()' gives opposite result. Fix the
issue and add testcases.
Change the one-argument version of package_extract_file() to explicitly
abort for non-existent zip entry. Note that this is NOT changing the
behavior. Prior to this CL, it aborts from Evaluate() function, by
giving a general cause code. Now it returns kPackageExtractFileFailure.
BUg: 32903624
Test: recovery_component_test works.
Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f
|
|
Clean up SymlinkFn() a bit. Also clean up the temp files created when
running the tests; otherwise non-empty TemporaryDir won't be removed.
Test: recovery_component_test passes.
Change-Id: Id3844abebd168c40125c4dcec54e6ef680a83c3a
|
|
Move recovery-refresh/persist tests out because these tests need special
steps to run. Also switch the constants to std::string.
Test: recovery_manual_test passed on an A/B device
Change-Id: I60b3ec6f094044945c3aafc1fae540896a6ddea6
|
|
Switch to use const std::string; and add corresponding tests.
Bug: 32649858
Test: Component tests pass
Change-Id: I640f3ec81f1481fa91aa310f8d4d96dac9649cb9
|
|
Add unit testcases for sysMapFile().
Test: recovery_unit_test passes.
Test: Build and use the new recovery image to sideload a package.
Test: Build and use the new recovery image to install an update.
Change-Id: I77d8f1ea151ab513865d992c256ba93a1fcb51a4
(cherry picked from commit c3292f3fcbb3cd608cc19b7459751fa5bb64ab84)
|
|
Add unit testcases for sysMapFile().
Test: recovery_unit_test passes.
Test: Build and use the new recovery image to sideload a package.
Test: Build and use the new recovery image to install an update.
Change-Id: I77d8f1ea151ab513865d992c256ba93a1fcb51a4
|
|
It's accidentally broken when refactoring the testdata path. Also clean
up the testcase a bit by simplying the file reading.
Test: recovery_unit_test passes.
Change-Id: I592a1cf5a4eb9a7a5f4eecbc6426baeedeb02781
|
|
Test: recovery_component_test passes.
Change-Id: Iba5a0fdf6c79e2bed6b30b8fc19a306c1ab29d8a
|
|
Also add a testcase for delete() function.
Test: recovery_component_test passes.
Change-Id: I064d1ad4693c3ed339d0a69eabadd08a61a2ea86
|
|
Also add a testcase for file_getprop().
Test: recovery_component_test passes.
Change-Id: I8eb2f9a5702b43997ac9f4b29665eea087b1c146
|
|
continuous_native_tests expects the testdata under DATA/ in
continuous_native_tests.zip. This CL packs a copy of the testdata into
continuous_native_tests.zip as DATA/nativetest/recovery/testdata (via
LOCAL_PICKUP_FILES).
This CL also removes the extra copy for nativetest64. Testdata will
always stay at /data/nativetest/recovery/testdata, even for 64-bit
version. Otherwise we will unnecessarily get four copies (two for data/
and another two for DATA/).
Bug: 32123241
Test: mmma bootable/recovery && adb sync data. On bullhead,
/data/nativetest/recovery_component_test/recovery_component_test works;
/data/nativetest64/recovery_component_test/recovery_component_test works.
Test: m continuous_native_test; DATA/nativetest/recovery/testdata exists.
Change-Id: Ifefa0309de7af23c77654e8e450848ca2da218c2
|
|
Refactor applypatch/main.cpp into libapplypatch_modes so that we can add
testcases.
Some changes to applypatch/main.cpp:
- Replace char** argv with const char**;
- Use android::base::Split() to split ":";
- Use android::base::ParseUInt().
Bug: 32383590
Test: Unit tests pass, install-recovery.sh works.
Change-Id: I44e7bfa5ab717d439ea1d0ee9ddb7b2c40bb95a4
|
|
Test: Unit tests and install-recovery.sh pass on angler and dragon.
Change-Id: I328e6554edca667cf850f5584ebf1ac211e3d4d1
|
|
We currently only copy the testdata to
$(TARGET_OUT_DATA_NATIVE_TESTS)/recovery, which fails the tests
generated for 2nd arch (TARGET_2ND_ARCH). For example, on angler
/data/nativetest/recovery_component_test/recovery_component_test fails
due to missing testdata.
Bug: 32123241
Test: Both of /data/nativetest/recovery... and /data/nativetest64/recovery...
work on angler.
Change-Id: Ib76264b4408d01c08b2619c8ac84b2476ea5a8bc
|
|
If no sha1 is specified, applypatch_check should pass as long as
the file content loads successfully. Add a unit case acccordingly.
Test: Unit tests passed
Bug: 32243751
Change-Id: I8c013be67c197d2935e11cf6acc59fb9b943cfd9
|
|
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.
Test: Update package installed successfully on angler.
Bug: 19472796
Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
|
|
Changing the field of 'Value' in edify to std::string from char*.
Meanwhile cleaning up the users of 'Value' and switching them to
cpp style.
Test: compontent tests passed.
Bug: 31713288
Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
|
|
- Remove dead declarations in expr.h: SetError(), GetError(),
ClearError().
- Remove the declaration of Build() out of expr.h.
- Use std::unordered_map to implement RegisterFunction() and
FindFunction(); kill FinishRegistration().
- Add a testcase for calling unknown functions.
Test: mmma bootable/recovery; recovery_component_test passes.
Change-Id: I9af6825ae677f92b22d716a4a5682f58522af03b
|
|
Also add a testcase for sha1_check().
Test: mmma bootable/recovery; recovery_component_test passes.
Change-Id: I4d06d551a771aec84e460148544f68b247a7e721
|
|
So that we can write native tests for updater functions. This CL adds a
testcase for getprop() function.
Test: mmma bootable/recovery; Run recovery_component_test on device.
Change-Id: Iff4c1ff63c5c71aded2f9686fed6b71cc298c228
|
|
This way we kill a few strdup() and free() calls.
Test: 1. recovery_component_test still passes;
2. Applying an update with the new updater works;
3. The error code in a script with abort("E310: xyz") is recorded into
last_install correctly.
Change-Id: Ibda4da5937346e058a0d7cc81764d6f02920010a
(cherry picked from commit 59dcb9cbea8fb70ab933fd10d35582b08cd13f37)
|
|
This way we kill a few strdup() and free() calls.
Test: 1. recovery_component_test still passes;
2. Applying an update with the new updater works;
3. The error code in a script with abort("E310: xyz") is recorded into
last_install correctly.
Change-Id: Ibda4da5937346e058a0d7cc81764d6f02920010a
|
|
private/android_logger.h contains all we need.
Test: compile
Bug: 26552300
Bug: 31289077
Bug: 31456426
Change-Id: I6714d730372dc81f784e7f9dfee8a33848643a5d
|
|
Now they live in tests/component/edify_test.cpp.
Also rename edify/main.cpp to edify/edify_parser.cpp. It becomes a
host-side debugging tool that validates the input edify script. However,
it supports edify builtin functions only and doesn't recognize the ones
defined via updater.
Test: recovery_component_test passes on device.
Change-Id: Ib94a787bf15098a9cc078d256b6a6dc96ff12b2e
|
|
Also remove the 0xff comparison when validating the bootloader
message fields. As the fields won't be erased to 0xff after we
remove the MTD support.
Bug: 28202046
Test: The recovery folder compiles for aosp_x86-eng
Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
(cherry picked from commit 7aa88748f6ec4e53333d1a15747bc44826ccc410)
|
|
Also remove the 0xff comparison when validating the bootloader
message fields. As the fields won't be erased to 0xff after we
remove the MTD support.
Bug: 28202046
Test: The recovery folder compiles for aosp_x86-eng
Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
|
|
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
(cherry picked from commit 747781433fb01f745529c7e9dd97c5599070ad0d)
|
|
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
|
|
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
|
|
* Use const reference type for read-only parameters.
Bug: 30407689
* Use faster overloaded string find function.
Bug: 30411878
* Add parentheses around macro parameters.
Bug: 28705665
Test: build with WITH_TIDY=1
Change-Id: I4e8e5748bfa4ae89871f1fb5fa4624d372530d75
|
|
Bug: http://b/30708454
Change-Id: I7a5048beff1d8b783a9683dcb4a79606a77f20ee
|
|
A Certificate is a pair of an RSAPublicKey and a particular hash. So v1
and v3 differ in the hash algorithm (SHA-1 vs SHA-256), similarly for
v2 and v4.
In verifier testcases, we used to load v1/v2 keys with an explicit
argument of "sha256" to test the v3/v4 keys. This CL switches to loading
v3/v4 keys directly and lets load_keys() to handle that, which is the
actual flow we use in practice.
Also remove the "fallback to v1 key" in the testcases, which is not the
actual behavior.
Bug: 30415901
Test: Run the verifier_test component test on device.
Change-Id: I3a2baa64826f1b6c4c367a560090df384c4521bb
|
|
Track the change in commit 63a319201fc0f5c34c1c62b446527e06f57f8d40 and
fix builds.
Bug: http://b/29250988
Change-Id: Iad5be953e102020931649629afc980d585ed2931
(cherry picked from commit ab2fb94bf48483d761ba3aa85e0acf851895566f)
|
|
Track the change in commit 63a319201fc0f5c34c1c62b446527e06f57f8d40 and
fix builds.
Bug: http://b/29250988
Change-Id: Iad5be953e102020931649629afc980d585ed2931
(cherry picked from commit ab2fb94bf48483d761ba3aa85e0acf851895566f)
|
|
Track the change in commit 63a319201fc0f5c34c1c62b446527e06f57f8d40 and
fix builds.
Bug: http://b/29250988
Change-Id: Iad5be953e102020931649629afc980d585ed2931
|
|
Add a new command "--security" to boot commands. If this command is
observed as part of BCB, choose a different background text picture
for installing stage in recovery UI. As a result, users will see
"installing security update" instead of "installing system update"
when applying a security update package.
Bug: 27837319
Change-Id: I2e2253a124993ecc24804fa1ee0b918ac96837c5
|
|
matches_locale was expecting input locale string to have at most one
underscore; as a result "zh_CN_#Hans" ignores "zh_CN" and matches into
"zh". Fix the match function and add unit tests.
Bug: 27837319
Change-Id: I4e8a66f91cae6ac2a46b6bf21f670d5ea564c7c8
|
|
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with
merge conflict resolution, extra logging in verifier.cpp, and
an increase in the hash chunk size from 4KiB to 1MiB.
Bug: http://b/28135231
Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
|
|
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
|
|
(cherry-pick from commit a4f701af93a5a739f34823cde0c493dfbc63537a)
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
|
|
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
|
|
Bug: 27135282
Change-Id: If53682b591397ddfdb84860a3779b612904d4489
|
|
Change-Id: I7ffba0be5a6befc875ce59b51a008c1892e7d34b
|
|
Test data needs to go outside the gtest module.
Change-Id: Ic444ca838cbafa651ec97ff8730129da84fafc09
|
|
Change-Id: I51fec30114c0a31efc9c2ac8472654baf8bb3e84
|
|
Bug: 26962907
Change-Id: I5f80636af1740badeff7d08193f08e23f4e4fee1
|
|
And a few trival fixes to suppress warnings.
Change-Id: Id28e3581aaca4bda59826afa80c0c1cdfb0442fc
(cherry picked from commit 80e46e08de5f65702fa7f7cd3ef83f905d919bbc)
|
|
And a few trival fixes to suppress warnings.
Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
|
|
Global variables kill.
No need to manually link gtest, and that causes problems with
libc++.
Change-Id: If804cdd436cf1addfa9a777708efbc37c27770b6
|
|
This adds support for key version 5 which is an EC key using the NIST
P-256 curve parameters. OTAs may be signed with these keys using the
ECDSA signature algorithm with SHA-256.
Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
|