Merge "updater: Defer the creation of the new data writer."
diff --git a/Android.mk b/Android.mk
index 24da8b2..2575640 100644
--- a/Android.mk
+++ b/Android.mk
@@ -143,10 +143,6 @@
 
 LOCAL_CFLAGS := $(recovery_common_cflags)
 
-ifeq ($(AB_OTA_UPDATER),true)
-    LOCAL_CFLAGS += -DAB_OTA_UPDATER=1
-endif
-
 LOCAL_MODULE := librecovery
 
 LOCAL_STATIC_LIBRARIES := \
diff --git a/install.cpp b/install.cpp
index a4c6986..800847f 100644
--- a/install.cpp
+++ b/install.cpp
@@ -45,6 +45,7 @@
 #include <android-base/properties.h>
 #include <android-base/stringprintf.h>
 #include <android-base/strings.h>
+#include <android-base/unique_fd.h>
 #include <vintf/VintfObjectRecovery.h>
 #include <ziparchive/zip_archive.h>
 
@@ -124,11 +125,9 @@
   }
 }
 
-#ifdef AB_OTA_UPDATER
-
-// Parses the metadata of the OTA package in |zip| and checks whether we are
-// allowed to accept this A/B package. Downgrading is not allowed unless
-// explicitly enabled in the package and only for incremental packages.
+// Parses the metadata of the OTA package in |zip| and checks whether we are allowed to accept this
+// A/B package. Downgrading is not allowed unless explicitly enabled in the package and only for
+// incremental packages.
 static int check_newer_ab_build(ZipArchiveHandle zip) {
   std::string metadata_str;
   if (!read_metadata_from_package(zip, &metadata_str)) {
@@ -214,8 +213,7 @@
   return 0;
 }
 
-int update_binary_command(const std::string& package, ZipArchiveHandle zip,
-                          const std::string& binary_path, int /* retry_count */, int status_fd,
+int SetUpAbUpdateCommands(const std::string& package, ZipArchiveHandle zip, int status_fd,
                           std::vector<std::string>* cmd) {
   CHECK(cmd != nullptr);
   int ret = check_newer_ab_build(zip);
@@ -250,7 +248,7 @@
   }
   long payload_offset = payload_entry.offset;
   *cmd = {
-    binary_path,
+    "/sbin/update_engine_sideload",
     "--payload=file://" + package,
     android::base::StringPrintf("--offset=%ld", payload_offset),
     "--headers=" + std::string(payload_properties.begin(), payload_properties.end()),
@@ -259,14 +257,11 @@
   return 0;
 }
 
-#else  // !AB_OTA_UPDATER
-
-int update_binary_command(const std::string& package, ZipArchiveHandle zip,
-                          const std::string& binary_path, int retry_count, int status_fd,
-                          std::vector<std::string>* cmd) {
+int SetUpNonAbUpdateCommands(const std::string& package, ZipArchiveHandle zip, int retry_count,
+                             int status_fd, std::vector<std::string>* cmd) {
   CHECK(cmd != nullptr);
 
-  // On traditional updates we extract the update binary from the package.
+  // In non-A/B updates we extract the update binary from the package.
   static constexpr const char* UPDATE_BINARY_NAME = "META-INF/com/google/android/update-binary";
   ZipString binary_name(UPDATE_BINARY_NAME);
   ZipEntry binary_entry;
@@ -275,15 +270,16 @@
     return INSTALL_CORRUPT;
   }
 
+  const std::string binary_path = Paths::Get().temporary_update_binary();
   unlink(binary_path.c_str());
-  int fd = open(binary_path.c_str(), O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, 0755);
+  android::base::unique_fd fd(
+      open(binary_path.c_str(), O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, 0755));
   if (fd == -1) {
     PLOG(ERROR) << "Failed to create " << binary_path;
     return INSTALL_ERROR;
   }
 
   int32_t error = ExtractEntryToFile(zip, &binary_entry, fd);
-  close(fd);
   if (error != 0) {
     LOG(ERROR) << "Failed to extract " << UPDATE_BINARY_NAME << ": " << ErrorCodeString(error);
     return INSTALL_ERROR;
@@ -300,7 +296,6 @@
   }
   return 0;
 }
-#endif  // !AB_OTA_UPDATER
 
 static void log_max_temperature(int* max_temperature, const std::atomic<bool>& logger_finished) {
   CHECK(max_temperature != nullptr);
@@ -321,14 +316,10 @@
   int pipefd[2];
   pipe(pipefd);
 
+  bool is_ab = android::base::GetBoolProperty("ro.build.ab_update", false);
   std::vector<std::string> args;
-#ifdef AB_OTA_UPDATER
-  int ret = update_binary_command(package, zip, "/sbin/update_engine_sideload", retry_count,
-                                  pipefd[1], &args);
-#else
-  int ret = update_binary_command(package, zip, "/tmp/update-binary", retry_count, pipefd[1],
-                                  &args);
-#endif
+  int ret = is_ab ? SetUpAbUpdateCommands(package, zip, pipefd[1], &args)
+                  : SetUpNonAbUpdateCommands(package, zip, retry_count, pipefd[1], &args);
   if (ret) {
     close(pipefd[0]);
     close(pipefd[1]);
diff --git a/otautil/include/otautil/paths.h b/otautil/include/otautil/paths.h
index 39088f1..f95741a 100644
--- a/otautil/include/otautil/paths.h
+++ b/otautil/include/otautil/paths.h
@@ -76,6 +76,13 @@
     temporary_log_file_ = log_file;
   }
 
+  std::string temporary_update_binary() const {
+    return temporary_update_binary_;
+  }
+  void set_temporary_update_binary(const std::string& update_binary) {
+    temporary_update_binary_ = update_binary;
+  }
+
  private:
   Paths();
   DISALLOW_COPY_AND_ASSIGN(Paths);
@@ -103,6 +110,9 @@
 
   // Path to the temporary log file while under recovery.
   std::string temporary_log_file_;
+
+  // Path to the temporary update binary while installing a non-A/B package.
+  std::string temporary_update_binary_;
 };
 
 #endif  // _OTAUTIL_PATHS_H_
diff --git a/otautil/paths.cpp b/otautil/paths.cpp
index f08e51c..33ab4a5 100644
--- a/otautil/paths.cpp
+++ b/otautil/paths.cpp
@@ -23,6 +23,7 @@
 constexpr const char kDefaultStashDirectoryBase[] = "/cache/recovery";
 constexpr const char kDefaultTemporaryInstallFile[] = "/tmp/last_install";
 constexpr const char kDefaultTemporaryLogFile[] = "/tmp/recovery.log";
+constexpr const char kDefaultTemporaryUpdateBinary[] = "/tmp/update-binary";
 
 Paths& Paths::Get() {
   static Paths paths;
@@ -36,4 +37,5 @@
       resource_dir_(kDefaultResourceDirectory),
       stash_directory_base_(kDefaultStashDirectoryBase),
       temporary_install_file_(kDefaultTemporaryInstallFile),
-      temporary_log_file_(kDefaultTemporaryLogFile) {}
+      temporary_log_file_(kDefaultTemporaryLogFile),
+      temporary_update_binary_(kDefaultTemporaryUpdateBinary) {}
diff --git a/private/install.h b/private/install.h
index ef64bd4..7fdc741 100644
--- a/private/install.h
+++ b/private/install.h
@@ -23,9 +23,17 @@
 
 #include <ziparchive/zip_archive.h>
 
-// Extract the update binary from the open zip archive |zip| located at |package| to |binary_path|.
-// Store the command line that should be called into |cmd|. The |status_fd| is the file descriptor
-// the child process should use to report back the progress of the update.
-int update_binary_command(const std::string& package, ZipArchiveHandle zip,
-                          const std::string& binary_path, int retry_count, int status_fd,
+// Sets up the commands for a non-A/B update. Extracts the updater binary from the open zip archive
+// |zip| located at |package|. Stores the command line that should be called into |cmd|. The
+// |status_fd| is the file descriptor the child process should use to report back the progress of
+// the update.
+int SetUpNonAbUpdateCommands(const std::string& package, ZipArchiveHandle zip, int retry_count,
+                             int status_fd, std::vector<std::string>* cmd);
+
+// Sets up the commands for an A/B update. Extracts the needed entries from the open zip archive
+// |zip| located at |package|. Stores the command line that should be called into |cmd|. The
+// |status_fd| is the file descriptor the child process should use to report back the progress of
+// the update. Note that since this applies to the sideloading flow only, it takes one less
+// parameter |retry_count| than the non-A/B version.
+int SetUpAbUpdateCommands(const std::string& package, ZipArchiveHandle zip, int status_fd,
                           std::vector<std::string>* cmd);
diff --git a/tests/Android.mk b/tests/Android.mk
index ff42066..a9e6491 100644
--- a/tests/Android.mk
+++ b/tests/Android.mk
@@ -72,10 +72,6 @@
     -Werror \
     -D_FILE_OFFSET_BITS=64
 
-ifeq ($(AB_OTA_UPDATER),true)
-LOCAL_CFLAGS += -DAB_OTA_UPDATER=1
-endif
-
 LOCAL_MODULE := recovery_component_test
 LOCAL_COMPATIBILITY_SUITE := device-tests
 LOCAL_C_INCLUDES := bootable/recovery
diff --git a/tests/component/install_test.cpp b/tests/component/install_test.cpp
index d19d788..b9af0b1 100644
--- a/tests/component/install_test.cpp
+++ b/tests/component/install_test.cpp
@@ -33,6 +33,7 @@
 #include <ziparchive/zip_writer.h>
 
 #include "install.h"
+#include "otautil/paths.h"
 #include "private/install.h"
 
 TEST(InstallTest, verify_package_compatibility_no_entry) {
@@ -199,8 +200,73 @@
   CloseArchive(zip);
 }
 
-#ifdef AB_OTA_UPDATER
-static void VerifyAbUpdateBinaryCommand(const std::string& serialno, bool success = true) {
+TEST(InstallTest, SetUpNonAbUpdateCommands) {
+  TemporaryFile temp_file;
+  FILE* zip_file = fdopen(temp_file.release(), "w");
+  ZipWriter writer(zip_file);
+  static constexpr const char* UPDATE_BINARY_NAME = "META-INF/com/google/android/update-binary";
+  ASSERT_EQ(0, writer.StartEntry(UPDATE_BINARY_NAME, kCompressStored));
+  ASSERT_EQ(0, writer.FinishEntry());
+  ASSERT_EQ(0, writer.Finish());
+  ASSERT_EQ(0, fclose(zip_file));
+
+  ZipArchiveHandle zip;
+  ASSERT_EQ(0, OpenArchive(temp_file.path, &zip));
+  int status_fd = 10;
+  std::string package = "/path/to/update.zip";
+  TemporaryDir td;
+  std::string binary_path = std::string(td.path) + "/update_binary";
+  Paths::Get().set_temporary_update_binary(binary_path);
+  std::vector<std::string> cmd;
+  ASSERT_EQ(0, SetUpNonAbUpdateCommands(package, zip, 0, status_fd, &cmd));
+  ASSERT_EQ(4U, cmd.size());
+  ASSERT_EQ(binary_path, cmd[0]);
+  ASSERT_EQ("3", cmd[1]);  // RECOVERY_API_VERSION
+  ASSERT_EQ(std::to_string(status_fd), cmd[2]);
+  ASSERT_EQ(package, cmd[3]);
+  struct stat sb;
+  ASSERT_EQ(0, stat(binary_path.c_str(), &sb));
+  ASSERT_EQ(static_cast<mode_t>(0755), sb.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO));
+
+  // With non-zero retry count. update_binary will be removed automatically.
+  cmd.clear();
+  ASSERT_EQ(0, SetUpNonAbUpdateCommands(package, zip, 2, status_fd, &cmd));
+  ASSERT_EQ(5U, cmd.size());
+  ASSERT_EQ(binary_path, cmd[0]);
+  ASSERT_EQ("3", cmd[1]);  // RECOVERY_API_VERSION
+  ASSERT_EQ(std::to_string(status_fd), cmd[2]);
+  ASSERT_EQ(package, cmd[3]);
+  ASSERT_EQ("retry", cmd[4]);
+  sb = {};
+  ASSERT_EQ(0, stat(binary_path.c_str(), &sb));
+  ASSERT_EQ(static_cast<mode_t>(0755), sb.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO));
+
+  CloseArchive(zip);
+}
+
+TEST(InstallTest, SetUpNonAbUpdateCommands_MissingUpdateBinary) {
+  TemporaryFile temp_file;
+  FILE* zip_file = fdopen(temp_file.release(), "w");
+  ZipWriter writer(zip_file);
+  // The archive must have something to be opened correctly.
+  ASSERT_EQ(0, writer.StartEntry("dummy_entry", 0));
+  ASSERT_EQ(0, writer.FinishEntry());
+  ASSERT_EQ(0, writer.Finish());
+  ASSERT_EQ(0, fclose(zip_file));
+
+  // Missing update binary.
+  ZipArchiveHandle zip;
+  ASSERT_EQ(0, OpenArchive(temp_file.path, &zip));
+  int status_fd = 10;
+  std::string package = "/path/to/update.zip";
+  TemporaryDir td;
+  Paths::Get().set_temporary_update_binary(std::string(td.path) + "/update_binary");
+  std::vector<std::string> cmd;
+  ASSERT_EQ(INSTALL_CORRUPT, SetUpNonAbUpdateCommands(package, zip, 0, status_fd, &cmd));
+  CloseArchive(zip);
+}
+
+static void VerifyAbUpdateCommands(const std::string& serialno, bool success = true) {
   TemporaryFile temp_file;
   FILE* zip_file = fdopen(temp_file.release(), "w");
   ZipWriter writer(zip_file);
@@ -235,73 +301,27 @@
   ASSERT_EQ(0, FindEntry(zip, payload_name, &payload_entry));
   int status_fd = 10;
   std::string package = "/path/to/update.zip";
-  std::string binary_path = "/sbin/update_engine_sideload";
   std::vector<std::string> cmd;
   if (success) {
-    ASSERT_EQ(0, update_binary_command(package, zip, binary_path, 0, status_fd, &cmd));
+    ASSERT_EQ(0, SetUpAbUpdateCommands(package, zip, status_fd, &cmd));
     ASSERT_EQ(5U, cmd.size());
-    ASSERT_EQ(binary_path, cmd[0]);
+    ASSERT_EQ("/sbin/update_engine_sideload", cmd[0]);
     ASSERT_EQ("--payload=file://" + package, cmd[1]);
     ASSERT_EQ("--offset=" + std::to_string(payload_entry.offset), cmd[2]);
     ASSERT_EQ("--headers=" + properties, cmd[3]);
     ASSERT_EQ("--status_fd=" + std::to_string(status_fd), cmd[4]);
   } else {
-    ASSERT_EQ(INSTALL_ERROR, update_binary_command(package, zip, binary_path, 0, status_fd, &cmd));
+    ASSERT_EQ(INSTALL_ERROR, SetUpAbUpdateCommands(package, zip, status_fd, &cmd));
   }
   CloseArchive(zip);
 }
-#endif  // AB_OTA_UPDATER
 
-TEST(InstallTest, update_binary_command_smoke) {
-#ifdef AB_OTA_UPDATER
+TEST(InstallTest, SetUpAbUpdateCommands) {
   // Empty serialno will pass the verification.
-  VerifyAbUpdateBinaryCommand({});
-#else
-  TemporaryFile temp_file;
-  FILE* zip_file = fdopen(temp_file.release(), "w");
-  ZipWriter writer(zip_file);
-  static constexpr const char* UPDATE_BINARY_NAME = "META-INF/com/google/android/update-binary";
-  ASSERT_EQ(0, writer.StartEntry(UPDATE_BINARY_NAME, kCompressStored));
-  ASSERT_EQ(0, writer.FinishEntry());
-  ASSERT_EQ(0, writer.Finish());
-  ASSERT_EQ(0, fclose(zip_file));
-
-  ZipArchiveHandle zip;
-  ASSERT_EQ(0, OpenArchive(temp_file.path, &zip));
-  int status_fd = 10;
-  std::string package = "/path/to/update.zip";
-  TemporaryDir td;
-  std::string binary_path = std::string(td.path) + "/update_binary";
-  std::vector<std::string> cmd;
-  ASSERT_EQ(0, update_binary_command(package, zip, binary_path, 0, status_fd, &cmd));
-  ASSERT_EQ(4U, cmd.size());
-  ASSERT_EQ(binary_path, cmd[0]);
-  ASSERT_EQ("3", cmd[1]);  // RECOVERY_API_VERSION
-  ASSERT_EQ(std::to_string(status_fd), cmd[2]);
-  ASSERT_EQ(package, cmd[3]);
-  struct stat sb;
-  ASSERT_EQ(0, stat(binary_path.c_str(), &sb));
-  ASSERT_EQ(static_cast<mode_t>(0755), sb.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO));
-
-  // With non-zero retry count. update_binary will be removed automatically.
-  cmd.clear();
-  ASSERT_EQ(0, update_binary_command(package, zip, binary_path, 2, status_fd, &cmd));
-  ASSERT_EQ(5U, cmd.size());
-  ASSERT_EQ(binary_path, cmd[0]);
-  ASSERT_EQ("3", cmd[1]);  // RECOVERY_API_VERSION
-  ASSERT_EQ(std::to_string(status_fd), cmd[2]);
-  ASSERT_EQ(package, cmd[3]);
-  ASSERT_EQ("retry", cmd[4]);
-  sb = {};
-  ASSERT_EQ(0, stat(binary_path.c_str(), &sb));
-  ASSERT_EQ(static_cast<mode_t>(0755), sb.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO));
-
-  CloseArchive(zip);
-#endif  // AB_OTA_UPDATER
+  VerifyAbUpdateCommands({});
 }
 
-TEST(InstallTest, update_binary_command_invalid) {
-#ifdef AB_OTA_UPDATER
+TEST(InstallTest, SetUpAbUpdateCommands_MissingPayloadPropertiesTxt) {
   TemporaryFile temp_file;
   FILE* zip_file = fdopen(temp_file.release(), "w");
   ZipWriter writer(zip_file);
@@ -328,60 +348,36 @@
   ASSERT_EQ(0, OpenArchive(temp_file.path, &zip));
   int status_fd = 10;
   std::string package = "/path/to/update.zip";
-  std::string binary_path = "/sbin/update_engine_sideload";
   std::vector<std::string> cmd;
-  ASSERT_EQ(INSTALL_CORRUPT, update_binary_command(package, zip, binary_path, 0, status_fd, &cmd));
+  ASSERT_EQ(INSTALL_CORRUPT, SetUpAbUpdateCommands(package, zip, status_fd, &cmd));
   CloseArchive(zip);
-#else
-  TemporaryFile temp_file;
-  FILE* zip_file = fdopen(temp_file.release(), "w");
-  ZipWriter writer(zip_file);
-  // The archive must have something to be opened correctly.
-  ASSERT_EQ(0, writer.StartEntry("dummy_entry", 0));
-  ASSERT_EQ(0, writer.FinishEntry());
-  ASSERT_EQ(0, writer.Finish());
-  ASSERT_EQ(0, fclose(zip_file));
-
-  // Missing update binary.
-  ZipArchiveHandle zip;
-  ASSERT_EQ(0, OpenArchive(temp_file.path, &zip));
-  int status_fd = 10;
-  std::string package = "/path/to/update.zip";
-  TemporaryDir td;
-  std::string binary_path = std::string(td.path) + "/update_binary";
-  std::vector<std::string> cmd;
-  ASSERT_EQ(INSTALL_CORRUPT, update_binary_command(package, zip, binary_path, 0, status_fd, &cmd));
-  CloseArchive(zip);
-#endif  // AB_OTA_UPDATER
 }
 
-#ifdef AB_OTA_UPDATER
-TEST(InstallTest, update_binary_command_multiple_serialno) {
+TEST(InstallTest, SetUpAbUpdateCommands_MultipleSerialnos) {
   std::string serialno = android::base::GetProperty("ro.serialno", "");
   ASSERT_NE("", serialno);
 
   // Single matching serialno will pass the verification.
-  VerifyAbUpdateBinaryCommand(serialno);
+  VerifyAbUpdateCommands(serialno);
 
   static constexpr char alphabet[] =
       "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
   auto generator = []() { return alphabet[rand() % (sizeof(alphabet) - 1)]; };
 
   // Generate 900 random serial numbers.
-  std::string random_serial;
+  std::string random_serialno;
   for (size_t i = 0; i < 900; i++) {
-    generate_n(back_inserter(random_serial), serialno.size(), generator);
-    random_serial.append("|");
+    generate_n(back_inserter(random_serialno), serialno.size(), generator);
+    random_serialno.append("|");
   }
   // Random serialnos should fail the verification.
-  VerifyAbUpdateBinaryCommand(random_serial, false);
+  VerifyAbUpdateCommands(random_serialno, false);
 
-  std::string long_serial = random_serial + serialno + "|";
+  std::string long_serialno = random_serialno + serialno + "|";
   for (size_t i = 0; i < 99; i++) {
-    generate_n(back_inserter(long_serial), serialno.size(), generator);
-    long_serial.append("|");
+    generate_n(back_inserter(long_serialno), serialno.size(), generator);
+    long_serialno.append("|");
   }
   // String with the matching serialno should pass the verification.
-  VerifyAbUpdateBinaryCommand(long_serial);
+  VerifyAbUpdateCommands(long_serialno);
 }
-#endif  // AB_OTA_UPDATER
diff --git a/updater_sample/Android.mk b/updater_sample/Android.mk
index 7662111..cff5b0c 100644
--- a/updater_sample/Android.mk
+++ b/updater_sample/Android.mk
@@ -18,11 +18,10 @@
 include $(CLEAR_VARS)
 
 LOCAL_PACKAGE_NAME := SystemUpdaterSample
-LOCAL_MODULE_TAGS := samples
 LOCAL_SDK_VERSION := system_current
+LOCAL_PRIVILEGED_MODULE := true
 
-# TODO: enable proguard and use proguard.flags file
-LOCAL_PROGUARD_ENABLED := disabled
+LOCAL_PROGUARD_FLAG_FILES := proguard.flags
 
 LOCAL_SRC_FILES := $(call all-java-files-under, src)
 
diff --git a/updater_sample/AndroidManifest.xml b/updater_sample/AndroidManifest.xml
index 4b44484..18d8425 100644
--- a/updater_sample/AndroidManifest.xml
+++ b/updater_sample/AndroidManifest.xml
@@ -19,6 +19,8 @@
 
     <uses-sdk android:minSdkVersion="27" android:targetSdkVersion="27" />
 
+    <uses-permission android:name="android.permission.ACCESS_CACHE_FILESYSTEM" />
+
     <application
         android:icon="@mipmap/ic_launcher"
         android:label="@string/app_name"
diff --git a/updater_sample/README.md b/updater_sample/README.md
index 11b55eb..f6a2a04 100644
--- a/updater_sample/README.md
+++ b/updater_sample/README.md
@@ -31,7 +31,7 @@
 `/data/user/0/com.example.android.systemupdatersample/files/configs/`.
 
 SystemUpdaterSample app downloads OTA package from `url`. In this sample app
-`url` is expected to point to file system, e.g. `file:///data/sample-builds/ota-002.zip`.
+`url` is expected to point to file system, e.g. `file:///data/my-sample-ota-builds-dir/ota-002.zip`.
 
 If `ab_install_type` is `NON_STREAMING` then app checks if `url` starts
 with `file://` and passes `url` to the `update_engine`.
@@ -52,19 +52,6 @@
 Running `./tools/gen_update_config.py --help` shows usage of the script.
 
 
-## Running on a device
-
-The commands expected to be run from `$ANDROID_BUILD_TOP` and for demo
-purpose only.
-
-1. Compile the app `$ mmma bootable/recovery/updater_sample`.
-2. Install the app to the device using `$ adb install <APK_PATH>`.
-3. Change permissions on `/data/ota_package/` to `0777` on the device.
-4. Set SELinux mode to permissive. See instructions below.
-5. Add update config files.
-6. Push OTA packages to the device.
-
-
 ## Sample App State vs UpdateEngine Status
 
 UpdateEngine provides status for different stages of update application
@@ -165,7 +152,54 @@
 
 ### Callback: onPayloadApplicationComplete
 
-Called whenever an update attempt is completed.
+Called whenever an update attempt is completed or failed.
+
+
+## Running on a device
+
+The commands are expected to be run from `$ANDROID_BUILD_TOP` and for demo
+purpose only.
+
+### Without the privileged system permissions
+
+1. Compile the app `mmma -j bootable/recovery/updater_sample`.
+2. Install the app to the device using `adb install <APK_PATH>`.
+3. Change permissions on `/data/ota_package/` to `0777` on the device.
+4. Set SELinux mode to permissive. See instructions below.
+5. Add update config files; look above at [Update Config file](#Update-Config-file).
+6. Push OTA packages to the device.
+7. Run the sample app.
+
+### With the privileged system permissions
+
+To run sample app as a privileged system app, it needs to be installed in `/system/priv-app/`.
+This directory is expected to be read-only, unless explicitly remounted.
+
+The recommended way to run the app is to build and install it as a
+privileged system app, so it's granted the required permissions to access
+`update_engine` service as well as OTA package files. Detailed steps are as follows:
+
+1. [Prepare to build](https://source.android.com/setup/build/building)
+2. Add the module (SystemUpdaterSample) to the `PRODUCT_PACKAGES` list for the lunch target.
+   e.g. add a line containing `PRODUCT_PACKAGES += SystemUpdaterSample`
+   to `device/google/marlin/device-common.mk`.
+3. [Whitelist the sample app](https://source.android.com/devices/tech/config/perms-whitelist)
+   * Add
+   ```
+    <privapp-permissions package="com.example.android.systemupdatersample">
+        <permission name="android.permission.ACCESS_CACHE_FILESYSTEM"/>
+    </privapp-permissions>
+   ```
+   to `frameworks/base/data/etc/privapp-permissions-platform.xml`
+5. Build sample app `mmma -j bootable/recovery/updater_sample`.
+6. Build Android `make -j`
+7. [Flash the device](https://source.android.com/setup/build/running)
+8. Add update config files; look above at `## Update Config file`;
+   `adb root` might be required.
+9. Push OTA packages to the device if there is no server to stream packages from;
+   changing of SELinux labels of OTA packages directory might be required
+   `chcon -R u:object_r:ota_package_file:s0 /data/my-sample-ota-builds-dir`
+10. Run the sample app.
 
 
 ## Development
@@ -192,16 +226,16 @@
 
 ## Running tests
 
-1. Build `$ mmma bootable/recovery/updater_sample/`
+1. Build `mmma bootable/recovery/updater_sample/`
 2. Install app
-   `$ adb install $OUT/system/app/SystemUpdaterSample/SystemUpdaterSample.apk`
+   `adb install $OUT/system/app/SystemUpdaterSample/SystemUpdaterSample.apk`
 3. Install tests
-   `$ adb install $OUT/testcases/SystemUpdaterSampleTests/SystemUpdaterSampleTests.apk`
+   `adb install $OUT/testcases/SystemUpdaterSampleTests/SystemUpdaterSampleTests.apk`
 4. Run tests
-   `$ adb shell am instrument -w com.example.android.systemupdatersample.tests/android.support.test.runner.AndroidJUnitRunner`
+   `adb shell am instrument -w com.example.android.systemupdatersample.tests/android.support.test.runner.AndroidJUnitRunner`
 5. Run a test file
    ```
-   $ adb shell am instrument \
+   adb shell am instrument \
      -w com.example.android.systemupdatersample.tests/android.support.test.runner.AndroidJUnitRunner \
      -c com.example.android.systemupdatersample.util.PayloadSpecsTest
    ```
@@ -214,13 +248,7 @@
 
 ## Getting read/write access to `/data/ota_package/`
 
-Following must be included in `AndroidManifest.xml`:
-
-```xml
-    <uses-permission android:name="android.permission.ACCESS_CACHE_FILESYSTEM" />
-```
-
-Note: access to cache filesystem is granted only to system apps.
+Access to cache filesystem is granted only to system apps.
 
 
 ## Setting SELinux mode to permissive (0)
diff --git a/updater_sample/proguard.flags b/updater_sample/proguard.flags
new file mode 100644
index 0000000..97ab534
--- /dev/null
+++ b/updater_sample/proguard.flags
@@ -0,0 +1,24 @@
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Keep, used in tests.
+-keep public class com.example.android.systemupdatersample.UpdateManager {
+   public int getUpdaterState();
+}
+
+# Keep, used in tests.
+-keep public class com.example.android.systemupdatersample.UpdateConfig {
+   public <init>(java.lang.String, java.lang.String, int);
+}
+
diff --git a/updater_sample/tests/Android.mk b/updater_sample/tests/Android.mk
index 9aec372..4157604 100644
--- a/updater_sample/tests/Android.mk
+++ b/updater_sample/tests/Android.mk
@@ -22,10 +22,10 @@
 LOCAL_MODULE_TAGS := tests
 LOCAL_JAVA_LIBRARIES := \
     android.test.base.stubs \
-    android.test.runner.stubs \
-    guava
+    android.test.runner.stubs
 LOCAL_STATIC_JAVA_LIBRARIES := android-support-test \
-    mockito-target-minus-junit4
+    mockito-target-minus-junit4 \
+    guava
 LOCAL_INSTRUMENTATION_FOR := SystemUpdaterSample
 LOCAL_PROGUARD_ENABLED := disabled
 
diff --git a/updater_sample/tests/res/raw/update_config_002_stream.json b/updater_sample/tests/res/raw/update_config_002_stream.json
index 5d7874c..40c8fe1 100644
--- a/updater_sample/tests/res/raw/update_config_002_stream.json
+++ b/updater_sample/tests/res/raw/update_config_002_stream.json
@@ -39,5 +39,5 @@
         ]
     },
     "name": "S ota_002_package",
-    "url": "file:///data/sample-ota-packages/ota_002_package.zip"
+    "url": "file:///data/my-sample-ota-builds-dir/ota_002_package.zip"
 }
\ No newline at end of file
diff --git a/updater_sample/tests/res/raw/update_config_003_nonstream.json b/updater_sample/tests/res/raw/update_config_003_nonstream.json
index 4175c35..7c78b9d 100644
--- a/updater_sample/tests/res/raw/update_config_003_nonstream.json
+++ b/updater_sample/tests/res/raw/update_config_003_nonstream.json
@@ -5,5 +5,5 @@
     },
     "ab_install_type": "NON_STREAMING",
     "name": "S ota_002_package",
-    "url": "file:///data/sample-ota-packages/ota_003_package.zip"
+    "url": "file:///data/my-sample-ota-builds-dir/ota_003_package.zip"
 }
\ No newline at end of file