Copy a sideloaded package into /tmp, then verify and install the copy,
to prevent malicious users from overwriting the package between
verification and install.
Bug: 2826890 package can be replaced during verification
Bug: 2058160 Recovery should copy sideloaded (sd card) update ...
Change-Id: I3de148b0f1a671f1974782b6855527caeaefda23
Make the mount and format functions take extra parameters describing
the filesystem type and add support for mounting and formatting ext4
filesystems on EMMC.
Change recovery to consistently use stdout for status messages instead
of mixing stdout and stderr.
Replaces the "install sdcard:update zip" menu option with one that
displays a menu of zip files (and subdirs) on the sdcard and lets you
pick which one to install.
Change-Id: I85c94c0e9bc8e05ca52031fc29ca2624c2695ced
Remove support for the HTC-specific "firmware" update command and the
corresponding edify function write_firmware_update(). This
functionality is now done by an edify extension library that lives in
vendor/htc.
Change-Id: I80858951ff10ed8dfff98aefb796bef009e05efb
Remove (or at least stop calling) the HTC-specific mechanism for
preserving the recovery log from before a radio or hboot update.
Replace it with a generic device_recovery_start() function which each
device's code can implement to do whatever it wants on recovery
startup.
Change-Id: If3cca4b498c0b1cf0565236404ecf56a1fc46123
When doing a firmware (radio or hboot) update on HTC devices, save the
recovery log in block 1 of the cache partition, before the firmware
image and the UI bitmaps. When we boot back into recovery after the
firmware update to reformat the cache partition, copy that log out of
cache before reformatting it and dump it into the current invocation's
log.
The practical upshot of all this is that we can see the log output
from radio and hboot updates.
Change-Id: Ie0e89566754c88f4bed6a90d8a0aa04047b01a27
This change enables/disables the Encrypted file systems feature. It reads some properties form the data partition, wipes the partition out, and then rewrites the proper properties again into the data partition to signal that encrypted FS are enabled.
Merge commit 'f93d8166ef4c06f6ad71293ffa8a4ce469df4fa5' into eclair-plus-aosp
* commit 'f93d8166ef4c06f6ad71293ffa8a4ce469df4fa5':
confirm before wiping user data in recovery
When using the hidden menu to wipe data in recovery, confirm before
starting the wipe. (This does not affect booting with the --wipe_data
flag, or using Alt+W on dream with the menu hidden -- those still wipe
data immediately.)
Yank all the code to install OTA packages out of the recovery binary
itself. Now packages are installed by a binary included in the
package (run as a child of recovery), so we can make improvements in
the installation process without waiting for a new release to use
them.
Some devices want to do special things when recovery wipes data (eg,
wipe data in their baseband processor as well). Add a hook in the
device-specific recovery library that gets called when data is wiped.
Also add an amend root for the "mbm" partition.
To do a firmware-install-on-reboot, the update binary tells recovery
what file to install before rebooting. Let this file be specified as
"PACKAGE:<foo>" to indicate taking the file out of the OTA package,
avoiding an extra copy to /tmp. Bump the API version number to
reflect this change.
Take some device-specific details of the recovery UI (eg, what keys to
press to bring up the interface and perform actions, exact text of the
menu, etc.) and split them out into separate C functions. Arrange to
take implementations of those functions from the appropriate vendor
directory at build time. Provide a default implementation in case no
vendor-specific one is available.
Amend (aka the recovery command language) had a half-implemented
scheme of limiting which commands OTA packages were allowed to
execute. It's not clear what this was ever supposed to be good for.
Remove it.
Change the recovery UI so that when there is a hboot or radio update
pending (which the user most do a home+back reboot to actually
install), the UI tells them so, instead of saying "Install from sdcard
complete."