Merge "Wipe the metadata partition when we wipe data."
diff --git a/Android.mk b/Android.mk
index aea0957..e54db2d 100644
--- a/Android.mk
+++ b/Android.mk
@@ -203,4 +203,3 @@
$(LOCAL_PATH)/tests/Android.mk \
$(LOCAL_PATH)/tools/Android.mk \
$(LOCAL_PATH)/updater/Android.mk \
- $(LOCAL_PATH)/update_verifier/Android.mk \
diff --git a/applypatch/applypatch.cpp b/applypatch/applypatch.cpp
index 7104abd..db7530b 100644
--- a/applypatch/applypatch.cpp
+++ b/applypatch/applypatch.cpp
@@ -630,6 +630,11 @@
SHA_CTX ctx;
SHA1_Init(&ctx);
SinkFn sink = [&memory_sink_str, &ctx](const unsigned char* data, size_t len) {
+ if (len != 0) {
+ uint8_t digest[SHA_DIGEST_LENGTH];
+ SHA1(data, len, digest);
+ LOG(DEBUG) << "Appending " << len << " bytes data, sha1: " << short_sha1(digest);
+ }
SHA1_Update(&ctx, data, len);
memory_sink_str.append(reinterpret_cast<const char*>(data), len);
return len;
diff --git a/applypatch/imgpatch.cpp b/applypatch/imgpatch.cpp
index 2e4faaa..9794a48 100644
--- a/applypatch/imgpatch.cpp
+++ b/applypatch/imgpatch.cpp
@@ -182,6 +182,8 @@
printf("Failed to apply bsdiff patch.\n");
return -1;
}
+
+ LOG(DEBUG) << "Processed chunk type normal";
} else if (type == CHUNK_RAW) {
const char* raw_header = patch_header + pos;
pos += 4;
@@ -201,6 +203,8 @@
return -1;
}
pos += data_len;
+
+ LOG(DEBUG) << "Processed chunk type raw";
} else if (type == CHUNK_DEFLATE) {
// deflate chunks have an additional 60 bytes in their chunk header.
const char* deflate_header = patch_header + pos;
@@ -276,6 +280,7 @@
return -1;
}
+ LOG(DEBUG) << "Processed chunk type deflate";
} else {
printf("patch chunk %d is unknown type %d\n", i, type);
return -1;
diff --git a/tests/Android.mk b/tests/Android.mk
index b29ff50..fd44978 100644
--- a/tests/Android.mk
+++ b/tests/Android.mk
@@ -74,14 +74,6 @@
LOCAL_CFLAGS += -DAB_OTA_UPDATER=1
endif
-ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true)
-LOCAL_CFLAGS += -DPRODUCT_SUPPORTS_VERITY=1
-endif
-
-ifeq ($(BOARD_AVB_ENABLE),true)
-LOCAL_CFLAGS += -DBOARD_AVB_ENABLE=1
-endif
-
LOCAL_MODULE := recovery_component_test
LOCAL_COMPATIBILITY_SUITE := device-tests
LOCAL_C_INCLUDES := bootable/recovery
diff --git a/tests/component/applypatch_test.cpp b/tests/component/applypatch_test.cpp
index f19f28c..292d76e 100644
--- a/tests/component/applypatch_test.cpp
+++ b/tests/component/applypatch_test.cpp
@@ -31,6 +31,7 @@
#include <vector>
#include <android-base/file.h>
+#include <android-base/logging.h>
#include <android-base/stringprintf.h>
#include <android-base/test_utils.h>
#include <android-base/unique_fd.h>
@@ -46,7 +47,7 @@
using namespace std::string_literals;
static void sha1sum(const std::string& fname, std::string* sha1, size_t* fsize = nullptr) {
- ASSERT_NE(nullptr, sha1);
+ ASSERT_TRUE(sha1 != nullptr);
std::string data;
ASSERT_TRUE(android::base::ReadFileToString(fname, &data));
@@ -68,6 +69,14 @@
ASSERT_TRUE(android::base::WriteStringToFile(content, fname));
}
+static void test_logger(android::base::LogId /* id */, android::base::LogSeverity severity,
+ const char* /* tag */, const char* /* file */, unsigned int /* line */,
+ const char* message) {
+ if (severity >= android::base::GetMinimumLogSeverity()) {
+ fprintf(stdout, "%s\n", message);
+ }
+}
+
class ApplyPatchTest : public ::testing::Test {
public:
virtual void SetUp() override {
@@ -109,6 +118,8 @@
protected:
void SetUp() override {
CacheLocation::location().set_cache_temp_source(cache_source.path);
+ android::base::InitLogging(nullptr, &test_logger);
+ android::base::SetMinimumLogSeverity(android::base::LogSeverity::DEBUG);
}
TemporaryFile cache_source;
diff --git a/tests/component/update_verifier_test.cpp b/tests/component/update_verifier_test.cpp
index 1544bb2..f6ef6dc 100644
--- a/tests/component/update_verifier_test.cpp
+++ b/tests/component/update_verifier_test.cpp
@@ -17,6 +17,8 @@
#include <string>
#include <android-base/file.h>
+#include <android-base/properties.h>
+#include <android-base/strings.h>
#include <android-base/test_utils.h>
#include <gtest/gtest.h>
#include <update_verifier/update_verifier.h>
@@ -24,11 +26,8 @@
class UpdateVerifierTest : public ::testing::Test {
protected:
void SetUp() override {
-#if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE)
- verity_supported = true;
-#else
- verity_supported = false;
-#endif
+ std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", "");
+ verity_supported = android::base::EqualsIgnoreCase(verity_mode, "enforcing");
}
bool verity_supported;
diff --git a/update_verifier/Android.bp b/update_verifier/Android.bp
new file mode 100644
index 0000000..f6c7056
--- /dev/null
+++ b/update_verifier/Android.bp
@@ -0,0 +1,83 @@
+// Copyright (C) 2018 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_defaults {
+ name: "update_verifier_defaults",
+
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+
+ local_include_dirs: [
+ "include",
+ ],
+}
+
+cc_library_static {
+ name: "libupdate_verifier",
+
+ defaults: [
+ "update_verifier_defaults",
+ ],
+
+ srcs: [
+ "update_verifier.cpp",
+ ],
+
+ export_include_dirs: [
+ "include",
+ ],
+
+ static_libs: [
+ "libotautil",
+ ],
+
+ shared_libs: [
+ "android.hardware.boot@1.0",
+ "libbase",
+ "libcutils",
+ ],
+}
+
+cc_binary {
+ name: "update_verifier",
+
+ defaults: [
+ "update_verifier_defaults",
+ ],
+
+ srcs: [
+ "update_verifier_main.cpp",
+ ],
+
+ static_libs: [
+ "libupdate_verifier",
+ "libotautil",
+ ],
+
+ shared_libs: [
+ "android.hardware.boot@1.0",
+ "libbase",
+ "libcutils",
+ "libhardware",
+ "libhidlbase",
+ "liblog",
+ "libutils",
+ ],
+
+ init_rc: [
+ "update_verifier.rc",
+ ],
+}
diff --git a/update_verifier/Android.mk b/update_verifier/Android.mk
deleted file mode 100644
index 0ff8854..0000000
--- a/update_verifier/Android.mk
+++ /dev/null
@@ -1,77 +0,0 @@
-# Copyright (C) 2015 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-# libupdate_verifier (static library)
-# ===============================
-include $(CLEAR_VARS)
-
-LOCAL_SRC_FILES := \
- update_verifier.cpp
-
-LOCAL_MODULE := libupdate_verifier
-
-LOCAL_STATIC_LIBRARIES := \
- libotautil
-
-LOCAL_SHARED_LIBRARIES := \
- libbase \
- libcutils \
- android.hardware.boot@1.0
-
-LOCAL_CFLAGS := -Wall -Werror
-
-LOCAL_EXPORT_C_INCLUDE_DIRS := \
- $(LOCAL_PATH)/include
-
-LOCAL_C_INCLUDES := \
- $(LOCAL_PATH)/include
-
-ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true)
-LOCAL_CFLAGS += -DPRODUCT_SUPPORTS_VERITY=1
-endif
-
-ifeq ($(BOARD_AVB_ENABLE),true)
-LOCAL_CFLAGS += -DBOARD_AVB_ENABLE=1
-endif
-
-include $(BUILD_STATIC_LIBRARY)
-
-# update_verifier (executable)
-# ===============================
-include $(CLEAR_VARS)
-
-LOCAL_SRC_FILES := \
- update_verifier_main.cpp
-
-LOCAL_MODULE := update_verifier
-LOCAL_STATIC_LIBRARIES := \
- libupdate_verifier \
- libotautil
-
-LOCAL_SHARED_LIBRARIES := \
- libbase \
- libcutils \
- libhardware \
- liblog \
- libutils \
- libhidlbase \
- android.hardware.boot@1.0
-
-LOCAL_CFLAGS := -Wall -Werror
-
-LOCAL_INIT_RC := update_verifier.rc
-
-include $(BUILD_EXECUTABLE)
diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp
index 92d9313..dc72763 100644
--- a/update_verifier/update_verifier.cpp
+++ b/update_verifier/update_verifier.cpp
@@ -15,24 +15,26 @@
*/
/*
- * This program verifies the integrity of the partitions after an A/B OTA
- * update. It gets invoked by init, and will only perform the verification if
- * it's the first boot post an A/B OTA update.
+ * update_verifier verifies the integrity of the partitions after an A/B OTA update. It gets invoked
+ * by init, and will only perform the verification if it's the first boot post an A/B OTA update
+ * (https://source.android.com/devices/tech/ota/ab/#after_reboot).
*
- * Update_verifier relies on dm-verity to capture any corruption on the partitions
- * being verified. And its behavior varies depending on the dm-verity mode.
- * Upon detection of failures:
+ * update_verifier relies on device-mapper-verity (dm-verity) to capture any corruption on the
+ * partitions being verified (https://source.android.com/security/verifiedboot). The verification
+ * will be skipped, if dm-verity is not enabled on the device.
+ *
+ * Upon detecting verification failures, the device will be rebooted, although the trigger of the
+ * reboot depends on the dm-verity mode.
* enforcing mode: dm-verity reboots the device
* eio mode: dm-verity fails the read and update_verifier reboots the device
* other mode: not supported and update_verifier reboots the device
*
- * After a predefined number of failing boot attempts, the bootloader should
- * mark the slot as unbootable and stops trying. Other dm-verity modes (
- * for example, veritymode=EIO) are not accepted and simply lead to a
- * verification failure.
+ * All these reboots prevent the device from booting into a known corrupt state. If the device
+ * continuously fails to boot into the new slot, the bootloader should mark the slot as unbootable
+ * and trigger a fallback to the old slot.
*
- * The current slot will be marked as having booted successfully if the
- * verifier reaches the end after the verification.
+ * The current slot will be marked as having booted successfully if the verifier reaches the end
+ * after the verification.
*/
#include "update_verifier/update_verifier.h"
@@ -103,12 +105,10 @@
PLOG(WARNING) << "Failed to read " << path;
} else {
std::string dm_block_name = android::base::Trim(content);
-#ifdef BOARD_AVB_ENABLE
// AVB is using 'vroot' for the root block device but we're expecting 'system'.
if (dm_block_name == "vroot") {
dm_block_name = "system";
}
-#endif
if (dm_block_name == partition) {
dm_block_device = DEV_PATH + std::string(namelist[n]->d_name);
while (n--) {
@@ -264,19 +264,13 @@
if (is_successful == BoolResult::FALSE) {
// The current slot has not booted successfully.
-#if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE)
bool skip_verification = false;
std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", "");
if (verity_mode.empty()) {
- // With AVB it's possible to disable verification entirely and
- // in this case ro.boot.veritymode is empty.
-#if defined(BOARD_AVB_ENABLE)
- LOG(WARNING) << "verification has been disabled; marking without verification.";
+ // Skip the verification if ro.boot.veritymode property is not set. This could be a result
+ // that device doesn't support dm-verity, or has disabled that.
+ LOG(WARNING) << "dm-verity not enabled; marking without verification.";
skip_verification = true;
-#else
- LOG(ERROR) << "Failed to get dm-verity mode.";
- return reboot_device();
-#endif
} else if (android::base::EqualsIgnoreCase(verity_mode, "eio")) {
// We shouldn't see verity in EIO mode if the current slot hasn't booted successfully before.
// Continue the verification until we fail to read some blocks.
@@ -285,7 +279,7 @@
LOG(WARNING) << "dm-verity in disabled mode; marking without verification.";
skip_verification = true;
} else if (verity_mode != "enforcing") {
- LOG(ERROR) << "Unexpected dm-verity mode : " << verity_mode << ", expecting enforcing.";
+ LOG(ERROR) << "Unexpected dm-verity mode: " << verity_mode << ", expecting enforcing.";
return reboot_device();
}
@@ -296,9 +290,6 @@
return reboot_device();
}
}
-#else
- LOG(WARNING) << "dm-verity not enabled; marking without verification.";
-#endif
CommandResult cr;
module->markBootSuccessful([&cr](CommandResult result) { cr = result; });