| Age | Commit message (Collapse) | Author |
|---|
|
Addresses https://gitlab.com/LineageOS/issues/android/-/issues/1893
Change-Id: I9fd731c3427c3a52641aa2e9c89eb9a20bafdd57
|
|
Upstream recovery doesn't provide a menu for non ENG/UserDebug
builds.
OPO-321
Change-Id: I01b285a40287be4147d15a70b91ad17a3c93da68
|
|
* So many users think they accidetally restored the stock
Recovery right now, as we haven't brough our custom UI
up yet. Make it easier to discern.
Change-Id: Ifce302ee77b4f97b324005d5102aa15b5589b3d3
|
|
Change-Id: If42732e4ac61233dcd4fd347c6ca94dca1ffa50d
|
|
Sdcard block path is now determined via /sys/block/mmcblk*/device/type
to know which mmcblk* has the sdcard.
CRs-Fixed: 2798402
Change-Id: I4a260069f979364998db943585f565bbe691b89a
|
|
Change-Id: I6f4fcd3e26f40439e96e02956963a20ea5487bfc
|
|
Change-Id: Id5994f4f512ab07cb3d7f1c24ce06da62c5e1026
|
|
c55e7fd95d
Original change: https://android-review.googlesource.com/c/platform/bootable/recovery/+/1398888
Change-Id: Ie2d0b0dc1d5f6383fac4142cab4391816a419ab1
|
|
Bug: 163613552
Test: mma
Change-Id: I204f6aa272c2b56725e658e5613530b27bd223c6
|
|
Original change: https://android-review.googlesource.com/c/platform/bootable/recovery/+/1371051
Change-Id: I9fdb4e98eebc0caa9aa1a2bcc9e188a2b6fa6a81
|
|
https: //source.android.com/setup/contribute/respectful-code
Test: Unit tests pass
Change-Id: If447b2cf923f6bc7a3a3fb5f69b9fbc06a200ebb
|
|
am: fb9d4fc54b
Change-Id: Idb4ae52052578e578d0844b479a4d0ede190337e
|
|
Change-Id: Ia91690b4826ce358a08766ebe6e756cb1fec0ba1
|
|
ro.bootimage.* sysprops will be removed as they are redundant. Read
ro.build.fingerprint instead.
This is safe because:
2) ro.bootimage.build.fingerprint is the same as other
ro.<partition>.build.fingerprint all of which are from
$(BUILD_FINGERPRINT_FILE).
3) BUILD_FINGERPRINT_FILE is composed of PRODUCT_BRAND, TARGET_PRODUCT,
TARGET_DEVICE, etc.
4) ro.build.fingerprint is auto-composed by init at runtime by the same
rule as #3.
Bug: 117892318
Test: enter into the recovery mode and manually inspect the title line
Change-Id: If28d710f45b98a0effc0159851bca6afb2aa5735
|
|
Change-Id: Ic3972bebe9b38b5101431e691331134b450fdc26
|
|
After a reboot function call, we should always wait for it to finish
without executing other instructions.
Bug: 151110322
Test: build
Change-Id: I1dda291a0835ff96df7eaf42eba1a38267a3beeb
(cherry picked from commit 00c4aba9bf428717fc00e26a03e97401eca76ee8)
|
|
Change-Id: I31c2402def47126ba364ef44b9c2fe5effc3ca94
|
|
Change-Id: I962b324436ab4139ed2fa24430599d9403a983e1
|
|
After a reboot function call, we should always wait for it to finish
without executing other instructions.
Bug: 151110322
Test: build
Change-Id: I1dda291a0835ff96df7eaf42eba1a38267a3beeb
|
|
The non-A/B package installation is subject to TOC/TOU flaw if the
attacker can switch the package in the middle of installation. And the
most pratical case is to store the package on an external device, e.g. a
sdcard, and swap the device in the middle.
To prevent that, we can adopt the same protection as used in sideloading
a package with FUSE. Specifically, when we install the package with FUSE,
we read the entire package to cryptographically verify its signature.
The hash for each transfer block is recorded in the memory (TOC), and
the subsequent reads (TOU) will be rejected upon dectecting a mismatch.
This CL forces the package installation with FUSE when the package stays
on a removable media.
Bug: 136498130
Test: Run bin/recovery --update_package with various paths;
and packages are installed from FUSE as expected
Test: recovery_unit_test - no new failures
Change-Id: Ia5afd19854c3737110339fd59491b96708926ae5
Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
|
|
stores on device"" into qt-qpr1-dev-plus-aosp
|
|
device"
This reverts commit 5e6c4e9a91674826bf11cab604250b41a9326fd8.
Reason for revert: BUG: 149432069 - build failure on git_qt-qpr1-dev-plus-aosp on docs. 'otautil/roots.h' file not found is the error.
Forrest run: https://android-build.googleplex.com/builds/forrest/run/L85900000460577420
Change-Id: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
|
|
device" into qt-qpr1-dev-plus-aosp
|
|
Change-Id: I56fa15862f1b9694d472b2f5a60fc26fbfb4a01c
|
|
e1d76ef395 am: d93d116134 am: 9763f002db
Change-Id: I987619c409d8fc9defb3184a51849ee2b81e25b8
|
|
For non A/B and Virtual A/B devices where sideloading may affect
the existing OS,
- If sideload has failed, show a warning message in recovery menu header.
- If sideload has interrupted, automatically reboot back into recovery and
show the warning message in recovery menu header.
Test: the above
Fixes: 140749209
Change-Id: Ifdfc28b45975cdc31b6fce2ecb99acc31bc61fa8
|
|
1b208af5d4 am: 05eec42808 am: 565397643b
Change-Id: I874e028ac058aac56430b6f2fb69d8217a3c13ec
|
|
If previous installation fails, menu item 'Reboot system now'
and 'Power off' now prompts for confirmation from the user.
Known issues:
- If the sideload is interrupted, it'll still boot into normal
Android in the next cycle.
- If 'Enter fastbootd' is chosen, and then 'Enter recovery', such
prompt do not show up.
Test: manual
Fixes: 142892891
Change-Id: I929b80e0520bd3b9f56d88a4b2203fcdd8d7b013
|
|
Change-Id: If590516c09963e73b304cca1b7e07b62271d7c5c
|
|
This code is dead. It was briefly used to support "adb remount" with
deduplicated partitions, but was very quickly obsoleted by overlayfs
support. There is no reason to include it anymore.
Bug: N/A
Test: N/A
Change-Id: I4cdcbf66bec80092f954826eaae037934ff37765
|
|
Change-Id: I1bb7cfbe0a70e1bb177535f02a6565312e7b1d57
|
|
The non-A/B package installation is subject to TOC/TOU flaw if the
attacker can switch the package in the middle of installation. And the
most pratical case is to store the package on an external device, e.g. a
sdcard, and swap the device in the middle.
To prevent that, we can adopt the same protection as used in sideloading
a package with FUSE. Specifically, when we install the package with FUSE,
we read the entire package to cryptographically verify its signature.
The hash for each transfer block is recorded in the memory (TOC), and
the subsequent reads (TOU) will be rejected upon dectecting a mismatch.
This CL forces the package installation with FUSE when the package stays
on a removable media.
Bug: 136498130
Test: Run bin/recovery --update_package with various paths;
and packages are installed from FUSE as expected
Test: recovery_component_test - all passing
Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
Merged-In: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
|
|
bc4b2b44e9 am: 367f7d173e
Change-Id: I5411bcca707627f0e821b4e4052476577e29faf4
|
|
Mounting /system in Virtual A/B devices may require the creation of the
associated snapshot devices.
This patch performs all the required initializations prior to attempting
the mount of /system.
Bug: 139157327
Test: manual /system partition mount on VAB device during OTA
Depends-on: I7337bdd38d7016d12d3ee42be1c7893b10e9116d
Change-Id: I71a9dfc57e1a1354f1f1edc5d287aca93c0c8924
Signed-off-by: Alessio Balsini <balsini@google.com>
|
|
Change-Id: I6f82b7b9f15d179b93276a754bb17c0aabac3c66
|
|
|
|
The non-A/B package installation is subject to TOC/TOU flaw if the
attacker can switch the package in the middle of installation. And the
most pratical case is to store the package on an external device, e.g. a
sdcard, and swap the device in the middle.
To prevent that, we can adopt the same protection as used in sideloading
a package with FUSE. Specifically, when we install the package with FUSE,
we read the entire package to cryptographically verify its signature.
The hash for each transfer block is recorded in the memory (TOC), and
the subsequent reads (TOU) will be rejected upon dectecting a mismatch.
This CL forces the package installation with FUSE when the package stays
on a removable media.
Bug: 136498130
Test: Run bin/recovery --update_package with various paths;
and packages are installed from FUSE as expected
Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
|
|
Bug: 134560109
Test: Run recovery_unit_test.
Change-Id: Ibbcdcfd507fa23657ee7ff677208b0003ec382ba
|
|
A number of utility functions are intended for serving recovery's own
use. Exposing them via libotautil (which is a static lib) would pass the
dependencies onto libotautil's users (e.g. recovery image, updater, host
simulator, device-specific recovery UI/updater extensions etc). This CL
finds a new home for the utils that are private to recovery.
Test: mmma bootable/recovery
Change-Id: I575e97ad099b85fe1c1c8c7c9458a5a43d4e11e1
|
|
Conflicts:
install/adb_install.cpp
install/fuse_install.cpp
install/install.cpp
recovery.cpp
Bug: 140199946
Change-Id: I43710878f1699aa9e70764980ec8aaad1916010b
|
|
Additionally kill the global variable: reason, stage; move them to a
separate BootState class instead. Vendor specific recovery code will
need to call getters from Device() class to access these variables.
Bug: 137705917
Test: unit tests pass, boot sailfish into recovery, code search and no
code includes common.h in vendor specific recovery.
Change-Id: Ia50a5ea951212c25548562f29cc9cf78505b5e34
|
|
Change-Id: Ibc1459f87b27a343a05bae4f31e176e3f85aeb80
|
|
Some global variables are only used for recovery.cpp and
recovery_main.cpp, remove them from common.h and handle their usage
accordingly. Variables include:
static constexpr int kRecoveryApiVersion;
extern struct selabel_handle* sehandle;
extern RecoveryUI* ui;
extern bool has_cache;
bool is_ro_debuggable();
Test: unit tests pass, boot into recovery mode and run graphic tests
Change-Id: If83a005786c9b38412731da97aaf85af69a3b917
|
|
We may fail to memory map the package on 32 bit builds for packages with
2GiB+ size. This cl tries to install the package with fuse when memory map
fails in such cases.
Bug: 127071893
Test: build 32 bit version sailfish, push package and block.map, reboot into recovery with
the corresponding update_package argument.
Change-Id: I5dae4f3e27ccaf8d64ff3657d36f0e75db2330b0
|
|
Factor out a new function from ApplyFromSdcard that installs a package
from a local path. Inside this function, we start the fuse and choose the
type of data provider depending on the path string. And similar to the
existing logic, we treat the package as a block map if the path starts
with a '@'.
This is part of the effort to install larger than 2GiB packages on ILP32
devices.
Bug: 127071893
Test: Build a 32 bit sailfish and create a 3GiB OTA package. Sideload
the package, uncrypt and install the package from sdcard.
Change-Id: I328ea34fa530731acbce7554bfc3059313ad6ece
|
|
Therefore InstallPackage() doesn't need to worry about the details of a
given Package.
Bug: 127071893
Test: run update from /bin/recovery --update_package=@path, sideload a package
Change-Id: I0caa36785b43924f884ee398e7ea640d7472a92e
|
|
shutdown and reboot should have a corresponding sub-reason.
Adding:
"reboot,userrequested,fastboot"
"reboot,userrequested,recovery"
"reboot,userrequested,recovery,ui"
"shutdown,userrequested,fastboot"
"shutdown,userrequested,recovery"
"reboot,unknown#" (Can't happen, debug)
Test: manual, multiple targets, enter recovery, be able to exit recovery
Bug: 133326470
Change-Id: Ibfcb2a23158e8e99922e8053edd815fb592150f2
|
|
This reverts commit 6f4e4db4f9e0911a07c6393d01e4380e844f7891.
Reason for revert: Booting out of recovery (choose `Reboot system now`)
on taimen is broken. Device keeps booting back into recovery.
Bug: 133326470
Test: Choose `Reboot system now` from recovery menu. Deivce attempts
normal boot.
Change-Id: I6e85fc248e18953a6fb94513c3abc7e7e0fb0477
|
|
shutdown and reboot should have a corresponding sub-reason.
Adding:
"reboot,fastboot_menu"
"reboot,recovery_menu"
"reboot,recovery_ui"
"shutdown,fastboot"
"shutdown,recovery"
"reboot,unknown#"
Test: none
Change-Id: Icf1ab0d462ec2de2272914a36994a095998d6186
|
|
Test: TreeHugger
Test: Boot into recovery on blueline. Choose "Mount system partition".
Change-Id: Iac475d18ce2415de09dc0bf009ad4cf0383ffede
|
