am 8cd9e4f3: fix bug in applying patches

Merge commit '8cd9e4f3d4eba481b411482331293c8079ab24b2' into gingerbread

* commit '8cd9e4f3d4eba481b411482331293c8079ab24b2':
  fix bug in applying patches
diff --git a/Android.mk b/Android.mk
index 84421e7..b0fefbd 100644
--- a/Android.mk
+++ b/Android.mk
@@ -12,7 +12,8 @@
     install.c \
     roots.c \
     ui.c \
-    verifier.c
+    verifier.c \
+    encryptedfs_provisioning.c
 
 LOCAL_SRC_FILES += test_roots.c
 
diff --git a/applypatch/Android.mk b/applypatch/Android.mk
index bb024f6..e91e4bf 100644
--- a/applypatch/Android.mk
+++ b/applypatch/Android.mk
@@ -14,6 +14,7 @@
 
 ifneq ($(TARGET_SIMULATOR),true)
 
+ifeq ($(TARGET_ARCH),arm)
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 
@@ -58,4 +59,5 @@
 
 include $(BUILD_HOST_EXECUTABLE)
 
+endif   # TARGET_ARCH == arm
 endif  # !TARGET_SIMULATOR
diff --git a/common.h b/common.h
index ff577c2..1182d77 100644
--- a/common.h
+++ b/common.h
@@ -31,7 +31,7 @@
 // Write a message to the on-screen log shown with Alt-L (also to stderr).
 // The screen is small, and users may need to report these messages to support,
 // so keep the output short and not too cryptic.
-void ui_print(const char *fmt, ...);
+void ui_print(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
 
 // Display some header text followed by a menu of items, which appears
 // at the top of the screen (in place of any scrolling ui_print()
diff --git a/encryptedfs_provisioning.c b/encryptedfs_provisioning.c
new file mode 100644
index 0000000..2bcfec1
--- /dev/null
+++ b/encryptedfs_provisioning.c
@@ -0,0 +1,284 @@
+/*
+ * Copyright (C) 2009 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "encryptedfs_provisioning.h"
+#include "cutils/misc.h"
+#include "cutils/properties.h"
+#include "common.h"
+#include "mtdutils/mtdutils.h"
+#include "mtdutils/mounts.h"
+#include "roots.h"
+
+const char* encrypted_fs_enabled_property      = "persist.security.secfs.enabled";
+const char* encrypted_fs_property_dir          = "/data/property/";
+const char* encrypted_fs_system_dir            = "/data/system/";
+const char* encrypted_fs_key_file_name         = "/data/fs_key.dat";
+const char* encrypted_fs_salt_file_name        = "/data/hash_salt.dat";
+const char* encrypted_fs_hash_file_src_name    = "/data/system/password.key";
+const char* encrypted_fs_hash_file_dst_name    = "/data/hash.dat";
+const char* encrypted_fs_entropy_file_src_name = "/data/system/entropy.dat";
+const char* encrypted_fs_entropy_file_dst_name = "/data/ported_entropy.dat";
+
+void get_property_file_name(char *buffer, const char *property_name) {
+    sprintf(buffer, "%s%s", encrypted_fs_property_dir, property_name);
+}
+
+int get_binary_file_contents(char *buffer, int buf_size, const char *file_name, int *out_size) {
+    FILE *in_file;
+    int read_bytes;
+
+    in_file = fopen(file_name, "r");
+    if (in_file == NULL) {
+        LOGE("Secure FS: error accessing key file.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    read_bytes = fread(buffer, 1, buf_size, in_file);
+    if (out_size == NULL) {
+        if (read_bytes != buf_size) {
+            // Error or unexpected data
+            fclose(in_file);
+            LOGE("Secure FS: error reading conmplete key.");
+            return ENCRYPTED_FS_ERROR;
+        }
+    } else {
+        *out_size = read_bytes;
+    }
+    fclose(in_file);
+    return ENCRYPTED_FS_OK;
+}
+
+int set_binary_file_contents(char *buffer, int buf_size, const char *file_name) {
+    FILE *out_file;
+    int write_bytes;
+
+    out_file = fopen(file_name, "w");
+    if (out_file == NULL) {
+        LOGE("Secure FS: error setting up key file.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    write_bytes = fwrite(buffer, 1, buf_size, out_file);
+    if (write_bytes != buf_size) {
+        // Error or unexpected data
+        fclose(out_file);
+        LOGE("Secure FS: error reading conmplete key.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    fclose(out_file);
+    return ENCRYPTED_FS_OK;
+}
+
+int get_text_file_contents(char *buffer, int buf_size, char *file_name) {
+    FILE *in_file;
+    char *read_data;
+
+    in_file = fopen(file_name, "r");
+    if (in_file == NULL) {
+        LOGE("Secure FS: error accessing properties.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    read_data = fgets(buffer, buf_size, in_file);
+    if (read_data == NULL) {
+        // Error or unexpected data
+        fclose(in_file);
+        LOGE("Secure FS: error accessing properties.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    fclose(in_file);
+    return ENCRYPTED_FS_OK;
+}
+
+int set_text_file_contents(char *buffer, char *file_name) {
+    FILE *out_file;
+    int result;
+
+    out_file = fopen(file_name, "w");
+    if (out_file == NULL) {
+        LOGE("Secure FS: error setting up properties.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    result = fputs(buffer, out_file);
+    if (result != 0) {
+        // Error or unexpected data
+        fclose(out_file);
+        LOGE("Secure FS: error setting up properties.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    fflush(out_file);
+    fclose(out_file);
+    return ENCRYPTED_FS_OK;
+}
+
+int read_encrypted_fs_boolean_property(const char *prop_name, int *value) {
+    char prop_file_name[PROPERTY_KEY_MAX + 32];
+    char prop_value[PROPERTY_VALUE_MAX];
+    int result;
+
+    get_property_file_name(prop_file_name, prop_name);
+    result = get_text_file_contents(prop_value, PROPERTY_VALUE_MAX, prop_file_name);
+
+    if (result < 0) {
+        return result;
+    }
+
+    if (strncmp(prop_value, "1", 1) == 0) {
+        *value = 1;
+    } else if (strncmp(prop_value, "0", 1) == 0) {
+        *value = 0;
+    } else {
+        LOGE("Secure FS: error accessing properties.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    return ENCRYPTED_FS_OK;
+}
+
+int write_encrypted_fs_boolean_property(const char *prop_name, int value) {
+    char prop_file_name[PROPERTY_KEY_MAX + 32];
+    char prop_value[PROPERTY_VALUE_MAX];
+    int result;
+
+    get_property_file_name(prop_file_name, prop_name);
+
+    // Create the directory if needed
+    mkdir(encrypted_fs_property_dir, 0755);
+    if (value == 1) {
+        result = set_text_file_contents("1", prop_file_name);
+    } else if (value == 0) {
+        result = set_text_file_contents("0", prop_file_name);
+    } else {
+        return ENCRYPTED_FS_ERROR;
+    }
+    if (result < 0) {
+        return result;
+    }
+
+    return ENCRYPTED_FS_OK;
+}
+
+int read_encrypted_fs_info(encrypted_fs_info *encrypted_fs_data) {
+    int result;
+    int value;
+    result = ensure_root_path_mounted("DATA:");
+    if (result != 0) {
+        LOGE("Secure FS: error mounting userdata partition.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    // Read the pre-generated encrypted FS key, password hash and salt.
+    result = get_binary_file_contents(encrypted_fs_data->key, ENCRYPTED_FS_KEY_SIZE,
+            encrypted_fs_key_file_name, NULL);
+    if (result != 0) {
+        LOGE("Secure FS: error reading generated file system key.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    result = get_binary_file_contents(encrypted_fs_data->salt, ENCRYPTED_FS_SALT_SIZE,
+            encrypted_fs_salt_file_name, &(encrypted_fs_data->salt_length));
+    if (result != 0) {
+        LOGE("Secure FS: error reading file system salt.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    result = get_binary_file_contents(encrypted_fs_data->hash, ENCRYPTED_FS_MAX_HASH_SIZE,
+            encrypted_fs_hash_file_src_name, &(encrypted_fs_data->hash_length));
+    if (result != 0) {
+        LOGE("Secure FS: error reading password hash.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    result = get_binary_file_contents(encrypted_fs_data->entropy, ENTROPY_MAX_SIZE,
+            encrypted_fs_entropy_file_src_name, &(encrypted_fs_data->entropy_length));
+    if (result != 0) {
+        LOGE("Secure FS: error reading ported entropy.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    result = ensure_root_path_unmounted("DATA:");
+    if (result != 0) {
+        LOGE("Secure FS: error unmounting data partition.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    return ENCRYPTED_FS_OK;
+}
+
+int restore_encrypted_fs_info(encrypted_fs_info *encrypted_fs_data) {
+    int result;
+    result = ensure_root_path_mounted("DATA:");
+    if (result != 0) {
+        LOGE("Secure FS: error mounting userdata partition.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    // Write the pre-generated secure FS key, password hash and salt.
+    result = set_binary_file_contents(encrypted_fs_data->key, ENCRYPTED_FS_KEY_SIZE,
+            encrypted_fs_key_file_name);
+    if (result != 0) {
+        LOGE("Secure FS: error writing generated file system key.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    result = set_binary_file_contents(encrypted_fs_data->salt, encrypted_fs_data->salt_length,
+        encrypted_fs_salt_file_name);
+    if (result != 0) {
+        LOGE("Secure FS: error writing file system salt.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    result = set_binary_file_contents(encrypted_fs_data->hash, encrypted_fs_data->hash_length,
+            encrypted_fs_hash_file_dst_name);
+    if (result != 0) {
+        LOGE("Secure FS: error writing password hash.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    result = set_binary_file_contents(encrypted_fs_data->entropy, encrypted_fs_data->entropy_length,
+            encrypted_fs_entropy_file_dst_name);
+    if (result != 0) {
+        LOGE("Secure FS: error writing ported entropy.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    // Set the secure FS properties to their respective values
+    result = write_encrypted_fs_boolean_property(encrypted_fs_enabled_property, encrypted_fs_data->mode);
+    if (result != 0) {
+        return result;
+    }
+
+    result = ensure_root_path_unmounted("DATA:");
+    if (result != 0) {
+        LOGE("Secure FS: error unmounting data partition.");
+        return ENCRYPTED_FS_ERROR;
+    }
+
+    return ENCRYPTED_FS_OK;
+}
+
diff --git a/encryptedfs_provisioning.h b/encryptedfs_provisioning.h
new file mode 100644
index 0000000..284605d
--- /dev/null
+++ b/encryptedfs_provisioning.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2009 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+
+#ifndef __ENCRYPTEDFS_PROVISIONING_H__
+#define __ENCRYPTEDFS_PROVISIONING_H__
+
+#define MODE_ENCRYPTED_FS_DISABLED    0
+#define MODE_ENCRYPTED_FS_ENABLED     1
+
+#define ENCRYPTED_FS_OK               0
+#define ENCRYPTED_FS_ERROR          (-1)
+
+#define ENCRYPTED_FS_KEY_SIZE        16
+#define ENCRYPTED_FS_SALT_SIZE       16
+#define ENCRYPTED_FS_MAX_HASH_SIZE  128
+#define ENTROPY_MAX_SIZE        4096
+
+struct encrypted_fs_info {
+    int mode;
+    char key[ENCRYPTED_FS_KEY_SIZE];
+    char salt[ENCRYPTED_FS_SALT_SIZE];
+    int salt_length;
+    char hash[ENCRYPTED_FS_MAX_HASH_SIZE];
+    int hash_length;
+    char entropy[ENTROPY_MAX_SIZE];
+    int entropy_length;
+};
+
+typedef struct encrypted_fs_info encrypted_fs_info;
+
+int read_encrypted_fs_info(encrypted_fs_info *secure_fs_data);
+
+int restore_encrypted_fs_info(encrypted_fs_info *secure_data);
+
+#endif /* __ENCRYPTEDFS_PROVISIONING_H__ */
+
diff --git a/etc/init.rc b/etc/init.rc
index 02c10a9..a675a4b 100644
--- a/etc/init.rc
+++ b/etc/init.rc
@@ -1,3 +1,5 @@
+on early-init
+    start ueventd
 
 on init
     export PATH /sbin
@@ -21,6 +23,8 @@
 
     class_start default
 
+service ueventd /sbin/ueventd
+    critical
 
 service recovery /sbin/recovery
 
diff --git a/install.c b/install.c
index 37a4f07..35ba6ca 100644
--- a/install.c
+++ b/install.c
@@ -136,7 +136,7 @@
         } else if (strcmp(command, "ui_print") == 0) {
             char* str = strtok(NULL, "\n");
             if (str) {
-                ui_print(str);
+                ui_print("%s", str);
             } else {
                 ui_print("\n");
             }
diff --git a/recovery.c b/recovery.c
index 087258f..04bf657 100644
--- a/recovery.c
+++ b/recovery.c
@@ -24,6 +24,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <sys/reboot.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <time.h>
 #include <unistd.h>
@@ -36,12 +37,14 @@
 #include "minzip/DirUtil.h"
 #include "roots.h"
 #include "recovery_ui.h"
+#include "encryptedfs_provisioning.h"
 
 static const struct option OPTIONS[] = {
   { "send_intent", required_argument, NULL, 's' },
   { "update_package", required_argument, NULL, 'u' },
   { "wipe_data", no_argument, NULL, 'w' },
   { "wipe_cache", no_argument, NULL, 'c' },
+  { "set_encrypted_filesystems", required_argument, NULL, 'e' },
   { NULL, 0, NULL, 0 },
 };
 
@@ -50,6 +53,7 @@
 static const char *LOG_FILE = "CACHE:recovery/log";
 static const char *SDCARD_PACKAGE_FILE = "SDCARD:update.zip";
 static const char *TEMPORARY_LOG_FILE = "/tmp/recovery.log";
+static const char *SIDELOAD_TEMP_DIR = "TMP:sideload";
 
 /*
  * The recovery tool communicates with the main system through /cache files.
@@ -108,9 +112,9 @@
  *        -- after this, rebooting will (try to) restart the main system --
  * 9. main() calls reboot() to boot main system
  *
- * ENCRYPTED FILE SYSTEMS ENABLE/DISABLE
+ * SECURE FILE SYSTEMS ENABLE/DISABLE
  * 1. user selects "enable encrypted file systems"
- * 2. main system writes "--set_encrypted_filesystem=on|off" to
+ * 2. main system writes "--set_encrypted_filesystems=on|off" to
  *    /cache/recovery/command
  * 3. main system reboots into recovery
  * 4. get_args() writes BCB with "boot-recovery" and
@@ -297,6 +301,109 @@
     return format_root_device(root);
 }
 
+static char*
+copy_sideloaded_package(const char* original_root_path) {
+  if (ensure_root_path_mounted(original_root_path) != 0) {
+    LOGE("Can't mount %s\n", original_root_path);
+    return NULL;
+  }
+
+  char original_path[PATH_MAX] = "";
+  if (translate_root_path(original_root_path, original_path,
+                          sizeof(original_path)) == NULL) {
+    LOGE("Bad path %s\n", original_root_path);
+    return NULL;
+  }
+
+  if (ensure_root_path_mounted(SIDELOAD_TEMP_DIR) != 0) {
+    LOGE("Can't mount %s\n", SIDELOAD_TEMP_DIR);
+    return NULL;
+  }
+
+  char copy_path[PATH_MAX] = "";
+  if (translate_root_path(SIDELOAD_TEMP_DIR, copy_path,
+                          sizeof(copy_path)) == NULL) {
+    LOGE("Bad path %s\n", SIDELOAD_TEMP_DIR);
+    return NULL;
+  }
+
+  if (mkdir(copy_path, 0700) != 0) {
+    if (errno != EEXIST) {
+      LOGE("Can't mkdir %s (%s)\n", SIDELOAD_TEMP_DIR, strerror(errno));
+      return NULL;
+    }
+  }
+
+  struct stat st;
+  if (stat(copy_path, &st) != 0) {
+    LOGE("failed to stat %s (%s)\n", copy_path, strerror(errno));
+    return NULL;
+  }
+  if (!S_ISDIR(st.st_mode)) {
+    LOGE("%s isn't a directory\n", copy_path);
+    return NULL;
+  }
+  if ((st.st_mode & 0777) != 0700) {
+    LOGE("%s has perms %o\n", copy_path, st.st_mode);
+    return NULL;
+  }
+  if (st.st_uid != 0) {
+    LOGE("%s owned by %lu; not root\n", copy_path, st.st_uid);
+    return NULL;
+  }
+
+  strcat(copy_path, "/package.zip");
+
+  char* buffer = malloc(BUFSIZ);
+  if (buffer == NULL) {
+    LOGE("Failed to allocate buffer\n");
+    return NULL;
+  }
+
+  size_t read;
+  FILE* fin = fopen(original_path, "rb");
+  if (fin == NULL) {
+    LOGE("Failed to open %s (%s)\n", original_path, strerror(errno));
+    return NULL;
+  }
+  FILE* fout = fopen(copy_path, "wb");
+  if (fout == NULL) {
+    LOGE("Failed to open %s (%s)\n", copy_path, strerror(errno));
+    return NULL;
+  }
+
+  while ((read = fread(buffer, 1, BUFSIZ, fin)) > 0) {
+    if (fwrite(buffer, 1, read, fout) != read) {
+      LOGE("Short write of %s (%s)\n", copy_path, strerror(errno));
+      return NULL;
+    }
+  }
+
+  free(buffer);
+
+  if (fclose(fout) != 0) {
+    LOGE("Failed to close %s (%s)\n", copy_path, strerror(errno));
+    return NULL;
+  }
+
+  if (fclose(fin) != 0) {
+    LOGE("Failed to close %s (%s)\n", original_path, strerror(errno));
+    return NULL;
+  }
+
+  // "adb push" is happy to overwrite read-only files when it's
+  // running as root, but we'll try anyway.
+  if (chmod(copy_path, 0400) != 0) {
+    LOGE("Failed to chmod %s (%s)\n", copy_path, strerror(errno));
+    return NULL;
+  }
+
+  char* copy_root_path = malloc(strlen(SIDELOAD_TEMP_DIR) + 20);
+  strcpy(copy_root_path, SIDELOAD_TEMP_DIR);
+  strcat(copy_root_path, "/package.zip");
+  return copy_root_path;
+}
+
 static char**
 prepend_title(char** headers) {
     char* title[] = { "Android system recovery <"
@@ -433,8 +540,13 @@
 
             case ITEM_APPLY_SDCARD:
                 ui_print("\n-- Install from sdcard...\n");
-                set_sdcard_update_bootloader_message();
-                int status = install_package(SDCARD_PACKAGE_FILE);
+                int status = INSTALL_CORRUPT;
+                char* copy = copy_sideloaded_package(SDCARD_PACKAGE_FILE);
+                if (copy != NULL) {
+                  set_sdcard_update_bootloader_message();
+                  status = install_package(copy);
+                  free(copy);
+                }
                 if (status != INSTALL_SUCCESS) {
                     ui_set_background(BACKGROUND_ICON_ERROR);
                     ui_print("Installation aborted.\n");
@@ -468,7 +580,10 @@
     int previous_runs = 0;
     const char *send_intent = NULL;
     const char *update_package = NULL;
+    const char *encrypted_fs_mode = NULL;
     int wipe_data = 0, wipe_cache = 0;
+    int toggle_secure_fs = 0;
+    encrypted_fs_info encrypted_fs_data;
 
     int arg;
     while ((arg = getopt_long(argc, argv, "", OPTIONS, NULL)) != -1) {
@@ -478,6 +593,7 @@
         case 'u': update_package = optarg; break;
         case 'w': wipe_data = wipe_cache = 1; break;
         case 'c': wipe_cache = 1; break;
+        case 'e': encrypted_fs_mode = optarg; toggle_secure_fs = 1; break;
         case '?':
             LOGE("Invalid command argument\n");
             continue;
@@ -497,7 +613,43 @@
 
     int status = INSTALL_SUCCESS;
 
-    if (update_package != NULL) {
+    if (toggle_secure_fs) {
+        if (strcmp(encrypted_fs_mode,"on") == 0) {
+            encrypted_fs_data.mode = MODE_ENCRYPTED_FS_ENABLED;
+            ui_print("Enabling Encrypted FS.\n");
+        } else if (strcmp(encrypted_fs_mode,"off") == 0) {
+            encrypted_fs_data.mode = MODE_ENCRYPTED_FS_DISABLED;
+            ui_print("Disabling Encrypted FS.\n");
+        } else {
+            ui_print("Error: invalid Encrypted FS setting.\n");
+            status = INSTALL_ERROR;
+        }
+
+        // Recovery strategy: if the data partition is damaged, disable encrypted file systems.
+        // This preventsthe device recycling endlessly in recovery mode.
+        if ((encrypted_fs_data.mode == MODE_ENCRYPTED_FS_ENABLED) &&
+                (read_encrypted_fs_info(&encrypted_fs_data))) {
+            ui_print("Encrypted FS change aborted, resetting to disabled state.\n");
+            encrypted_fs_data.mode = MODE_ENCRYPTED_FS_DISABLED;
+        }
+
+        if (status != INSTALL_ERROR) {
+            if (erase_root("DATA:")) {
+                ui_print("Data wipe failed.\n");
+                status = INSTALL_ERROR;
+            } else if (erase_root("CACHE:")) {
+                ui_print("Cache wipe failed.\n");
+                status = INSTALL_ERROR;
+            } else if ((encrypted_fs_data.mode == MODE_ENCRYPTED_FS_ENABLED) &&
+                      (restore_encrypted_fs_info(&encrypted_fs_data))) {
+                ui_print("Encrypted FS change aborted.\n");
+                status = INSTALL_ERROR;
+            } else {
+                ui_print("Successfully updated Encrypted FS.\n");
+                status = INSTALL_SUCCESS;
+            }
+        }
+    } else if (update_package != NULL) {
         status = install_package(update_package);
         if (status != INSTALL_SUCCESS) ui_print("Installation aborted.\n");
     } else if (wipe_data) {
diff --git a/roots.c b/roots.c
index 8f8dace..d5754db 100644
--- a/roots.c
+++ b/roots.c
@@ -42,6 +42,7 @@
 static const char g_mtd_device[] = "@\0g_mtd_device";
 static const char g_raw[] = "@\0g_raw";
 static const char g_package_file[] = "@\0g_package_file";
+static const char g_ramdisk[] = "@\0g_ramdisk";
 
 static RootInfo g_roots[] = {
     { "BOOT:", g_mtd_device, NULL, "boot", NULL, g_raw },
@@ -53,7 +54,7 @@
     { "SDCARD:", "/dev/block/mmcblk0p1", "/dev/block/mmcblk0", NULL, "/sdcard", "vfat" },
     { "SYSTEM:", g_mtd_device, NULL, "system", "/system", "yaffs2" },
     { "MBM:", g_mtd_device, NULL, "mbm", NULL, g_raw },
-    { "TMP:", NULL, NULL, NULL, "/tmp", NULL },
+    { "TMP:", NULL, NULL, NULL, "/tmp", g_ramdisk },
 };
 #define NUM_ROOTS (sizeof(g_roots) / sizeof(g_roots[0]))
 
@@ -180,7 +181,9 @@
     if (info->mount_point == NULL) {
         return -1;
     }
-//xxx if TMP: (or similar) just say "yes"
+    if (info->filesystem == g_ramdisk) {
+      return 0;
+    }
 
     /* See if this root is already mounted.
      */