blob: d887d07fb1a9bec1ff1b2b9030cef0abe06ffaa7 [file] [log] [blame]
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -08001/*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <ctype.h>
Doug Zongker7c3ae452013-05-14 11:03:02 -070018#include <dirent.h>
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080019#include <errno.h>
20#include <fcntl.h>
21#include <getopt.h>
Tao Bao862a4c12016-06-02 11:16:50 -070022#include <inttypes.h>
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080023#include <limits.h>
Tao Bao862a4c12016-06-02 11:16:50 -070024#include <linux/fs.h>
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080025#include <linux/input.h>
Doug Zongker7c3ae452013-05-14 11:03:02 -070026#include <stdarg.h>
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080027#include <stdio.h>
28#include <stdlib.h>
29#include <string.h>
Patrick Tjincd055ee2014-12-09 11:26:40 -080030#include <sys/klog.h>
Doug Zongker23ceeea2010-07-08 17:27:55 -070031#include <sys/stat.h>
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080032#include <sys/types.h>
Tao Baocdcf28f2016-01-13 15:05:20 -080033#include <sys/wait.h>
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080034#include <time.h>
35#include <unistd.h>
36
Tao Baoc4a18ef2017-02-10 00:13:30 -080037#include <algorithm>
Tao Bao04ca4262015-09-10 15:32:24 -070038#include <chrono>
Tao Baoc4a18ef2017-02-10 00:13:30 -080039#include <memory>
Tao Bao862a4c12016-06-02 11:16:50 -070040#include <string>
41#include <vector>
Tao Bao04ca4262015-09-10 15:32:24 -070042
Elliott Hughes4b166f02015-12-04 15:30:20 -080043#include <android-base/file.h>
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -070044#include <android-base/logging.h>
Tianjie Xu3c62b672016-02-05 18:25:58 -080045#include <android-base/parseint.h>
Elliott Hughescb220402016-09-23 15:30:55 -070046#include <android-base/properties.h>
Elliott Hughes4b166f02015-12-04 15:30:20 -080047#include <android-base/stringprintf.h>
Tao Bao862a4c12016-06-02 11:16:50 -070048#include <android-base/strings.h>
49#include <android-base/unique_fd.h>
Yabin Cui8b309f62016-06-24 18:22:02 -070050#include <bootloader_message/bootloader_message.h>
Tao Bao75238632015-05-27 14:46:17 -070051#include <cutils/android_reboot.h>
Elliott Hughescb220402016-09-23 15:30:55 -070052#include <cutils/properties.h> /* for property_list */
Yifan Honge8e4c402017-11-08 14:56:03 -080053#include <health2/Health.h>
54#include <private/android_filesystem_config.h> /* for AID_SYSTEM */
55#include <private/android_logger.h> /* private pmsg functions */
Jeff Vander Stoepe35926e2017-06-14 15:30:39 -070056#include <selinux/android.h>
Elliott Hughes4bbd5bf2016-04-01 18:24:39 -070057#include <selinux/label.h>
58#include <selinux/selinux.h>
Tianjie Xu8cf5c8f2016-09-08 20:10:11 -070059#include <ziparchive/zip_archive.h>
Yabin Cui99281df2016-02-17 12:21:52 -080060
Tao Bao75238632015-05-27 14:46:17 -070061#include "adb_install.h"
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080062#include "common.h"
Tao Bao75238632015-05-27 14:46:17 -070063#include "device.h"
64#include "fuse_sdcard_provider.h"
65#include "fuse_sideload.h"
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080066#include "install.h"
Josh Gaoacb2a2f2016-08-26 18:24:34 -070067#include "minadbd/minadbd.h"
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080068#include "minui/minui.h"
Tianjie Xu8cf5c8f2016-09-08 20:10:11 -070069#include "otautil/DirUtil.h"
Tao Bao1fc5bf32017-10-06 07:43:41 -070070#include "otautil/error_code.h"
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080071#include "roots.h"
Tianjie Xue113e4d2016-10-21 17:46:13 -070072#include "rotate_logs.h"
Doug Zongker211aebc2011-10-28 15:13:10 -070073#include "screen_ui.h"
Sen Jiangd5304492016-12-09 16:20:49 -080074#include "stub_ui.h"
Tianjie Xue113e4d2016-10-21 17:46:13 -070075#include "ui.h"
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080076
77static const struct option OPTIONS[] = {
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080078 { "update_package", required_argument, NULL, 'u' },
Tianjie Xu3c62b672016-02-05 18:25:58 -080079 { "retry_count", required_argument, NULL, 'n' },
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080080 { "wipe_data", no_argument, NULL, 'w' },
81 { "wipe_cache", no_argument, NULL, 'c' },
Doug Zongker4bc98062010-09-03 11:00:13 -070082 { "show_text", no_argument, NULL, 't' },
Tao Baoc679f932015-03-30 09:43:49 -070083 { "sideload", no_argument, NULL, 's' },
84 { "sideload_auto_reboot", no_argument, NULL, 'a' },
Doug Zongkere5d5ac72012-04-12 11:01:22 -070085 { "just_exit", no_argument, NULL, 'x' },
Doug Zongker02ec6b82012-08-22 17:26:40 -070086 { "locale", required_argument, NULL, 'l' },
Doug Zongkerb1d12632014-03-18 10:32:12 -070087 { "shutdown_after", no_argument, NULL, 'p' },
Jeff Sharkeya6e13ae2014-09-24 11:46:17 -070088 { "reason", required_argument, NULL, 'r' },
Tianjie Xu35926c42016-04-28 18:06:26 -070089 { "security", no_argument, NULL, 'e'},
Yabin Cui8b309f62016-06-24 18:22:02 -070090 { "wipe_ab", no_argument, NULL, 0 },
Yabin Cuifd99a312016-06-09 14:09:39 -070091 { "wipe_package_size", required_argument, NULL, 0 },
Paul Crowley08404b42016-12-19 13:04:23 -080092 { "prompt_and_wipe_data", no_argument, NULL, 0 },
Doug Zongker988500b2009-10-06 14:41:38 -070093 { NULL, 0, NULL, 0 },
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -080094};
95
Tianjie Xu06e57ac2016-07-11 14:04:08 -070096// More bootreasons can be found in "system/core/bootstat/bootstat.cpp".
97static const std::vector<std::string> bootreason_blacklist {
98 "kernel_panic",
99 "Panic",
100};
101
Doug Zongker6d0d7ac2013-07-09 13:34:55 -0700102static const char *CACHE_LOG_DIR = "/cache/recovery";
Doug Zongkerd4208f92010-09-20 12:16:13 -0700103static const char *COMMAND_FILE = "/cache/recovery/command";
Doug Zongkerd4208f92010-09-20 12:16:13 -0700104static const char *LOG_FILE = "/cache/recovery/log";
Doug Zongkerd0181b82011-10-19 10:51:12 -0700105static const char *LAST_INSTALL_FILE = "/cache/recovery/last_install";
Doug Zongker8b240cc2012-08-29 15:19:29 -0700106static const char *LOCALE_FILE = "/cache/recovery/last_locale";
Paul Lawrence661f8a62016-02-25 12:42:19 -0800107static const char *CONVERT_FBE_DIR = "/tmp/convert_fbe";
108static const char *CONVERT_FBE_FILE = "/tmp/convert_fbe/convert_fbe";
Michael Ward9d2629c2011-06-23 22:14:24 -0700109static const char *CACHE_ROOT = "/cache";
Paul Lawrenced0db3372015-11-05 13:38:40 -0800110static const char *DATA_ROOT = "/data";
Doug Zongkerd4208f92010-09-20 12:16:13 -0700111static const char *SDCARD_ROOT = "/sdcard";
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800112static const char *TEMPORARY_LOG_FILE = "/tmp/recovery.log";
Doug Zongkerd0181b82011-10-19 10:51:12 -0700113static const char *TEMPORARY_INSTALL_FILE = "/tmp/last_install";
Tao Baof0124322015-04-11 02:04:11 +0000114static const char *LAST_KMSG_FILE = "/cache/recovery/last_kmsg";
Tao Baobef39712015-05-04 18:50:27 -0700115static const char *LAST_LOG_FILE = "/cache/recovery/last_log";
Tianjie Xu69575552017-05-16 15:51:46 -0700116// We will try to apply the update package 5 times at most in case of an I/O error or
117// bspatch | imgpatch error.
118static const int RETRY_LIMIT = 4;
Yabin Cui99281df2016-02-17 12:21:52 -0800119static const int BATTERY_READ_TIMEOUT_IN_SEC = 10;
120// GmsCore enters recovery mode to install package when having enough battery
121// percentage. Normally, the threshold is 40% without charger and 20% with charger.
122// So we should check battery with a slightly lower limitation.
123static const int BATTERY_OK_PERCENTAGE = 20;
124static const int BATTERY_WITH_CHARGER_OK_PERCENTAGE = 15;
Tao Baoac9d94d2016-11-03 11:37:15 -0700125static constexpr const char* RECOVERY_WIPE = "/etc/recovery.wipe";
Tianjie Xu2078b222017-03-22 12:27:26 -0700126static constexpr const char* DEFAULT_LOCALE = "en-US";
Nick Kralevicha9ad0322014-10-22 18:38:48 -0700127
Tao Baobd0ddcd2017-05-04 13:03:18 -0700128// We define RECOVERY_API_VERSION in Android.mk, which will be picked up by build system and packed
129// into target_files.zip. Assert the version defined in code and in Android.mk are consistent.
130static_assert(kRecoveryApiVersion == RECOVERY_API_VERSION, "Mismatching recovery API versions.");
131
Tao Baoac9d94d2016-11-03 11:37:15 -0700132static std::string locale;
Dan Albert8584fcf2016-10-27 03:08:08 +0000133static bool has_cache = false;
Tao Baoc0319b62016-10-13 15:17:04 -0700134
Tao Baoac9d94d2016-11-03 11:37:15 -0700135RecoveryUI* ui = nullptr;
136bool modified_flash = false;
Tao Baoa8d72bc2016-12-25 18:46:50 -0800137std::string stage;
Tao Baoac9d94d2016-11-03 11:37:15 -0700138const char* reason = nullptr;
139struct selabel_handle* sehandle;
140
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800141/*
142 * The recovery tool communicates with the main system through /cache files.
143 * /cache/recovery/command - INPUT - command line for tool, one arg per line
144 * /cache/recovery/log - OUTPUT - combined log file from recovery run(s)
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800145 *
146 * The arguments which may be supplied in the recovery.command file:
Doug Zongkerd4208f92010-09-20 12:16:13 -0700147 * --update_package=path - verify install an OTA package file
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800148 * --wipe_data - erase user data (and cache), then reboot
Paul Crowley08404b42016-12-19 13:04:23 -0800149 * --prompt_and_wipe_data - prompt the user that data is corrupt,
150 * with their consent erase user data (and cache), then reboot
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800151 * --wipe_cache - wipe cache (but not user data), then reboot
Oscar Montemayor05231562009-11-30 08:40:57 -0800152 * --set_encrypted_filesystem=on|off - enables / diasables encrypted fs
Doug Zongkere5d5ac72012-04-12 11:01:22 -0700153 * --just_exit - do nothing; exit and reboot
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800154 *
155 * After completing, we remove /cache/recovery/command and reboot.
156 * Arguments may also be supplied in the bootloader control block (BCB).
157 * These important scenarios must be safely restartable at any point:
158 *
159 * FACTORY RESET
160 * 1. user selects "factory reset"
161 * 2. main system writes "--wipe_data" to /cache/recovery/command
162 * 3. main system reboots into recovery
163 * 4. get_args() writes BCB with "boot-recovery" and "--wipe_data"
164 * -- after this, rebooting will restart the erase --
Doug Zongkerd4208f92010-09-20 12:16:13 -0700165 * 5. erase_volume() reformats /data
166 * 6. erase_volume() reformats /cache
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800167 * 7. finish_recovery() erases BCB
168 * -- after this, rebooting will restart the main system --
169 * 8. main() calls reboot() to boot main system
170 *
171 * OTA INSTALL
172 * 1. main system downloads OTA package to /cache/some-filename.zip
Doug Zongker9b125b02010-09-22 12:01:37 -0700173 * 2. main system writes "--update_package=/cache/some-filename.zip"
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800174 * 3. main system reboots into recovery
175 * 4. get_args() writes BCB with "boot-recovery" and "--update_package=..."
176 * -- after this, rebooting will attempt to reinstall the update --
177 * 5. install_package() attempts to install the update
178 * NOTE: the package install must itself be restartable from any point
179 * 6. finish_recovery() erases BCB
180 * -- after this, rebooting will (try to) restart the main system --
181 * 7. ** if install failed **
182 * 7a. prompt_and_wait() shows an error icon and waits for the user
Tao Baoc0336392016-12-13 22:29:49 -0800183 * 7b. the user reboots (pulling the battery, etc) into the main system
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800184 */
185
Tao Baoac3d1ed2017-07-23 00:01:02 -0700186// Open a given path, mounting partitions as necessary.
187FILE* fopen_path(const char* path, const char* mode) {
188 if (ensure_path_mounted(path) != 0) {
189 LOG(ERROR) << "Can't mount " << path;
190 return nullptr;
191 }
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800192
Tao Baoac3d1ed2017-07-23 00:01:02 -0700193 // When writing, try to create the containing directory, if necessary. Use generous permissions,
194 // the system (init.rc) will reset them.
195 if (strchr("wa", mode[0])) {
196 mkdir_recursively(path, 0777, true, sehandle);
197 }
198 return fopen(path, mode);
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800199}
200
Tao Bao04ca4262015-09-10 15:32:24 -0700201// close a file, log an error if the error indicator is set
202static void check_and_fclose(FILE *fp, const char *name) {
203 fflush(fp);
Tao Baoac9d94d2016-11-03 11:37:15 -0700204 if (fsync(fileno(fp)) == -1) {
205 PLOG(ERROR) << "Failed to fsync " << name;
206 }
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -0700207 if (ferror(fp)) {
208 PLOG(ERROR) << "Error in " << name;
209 }
Tao Bao04ca4262015-09-10 15:32:24 -0700210 fclose(fp);
211}
212
Elliott Hughesf14af802015-02-10 14:46:14 -0800213bool is_ro_debuggable() {
Elliott Hughescb220402016-09-23 15:30:55 -0700214 return android::base::GetBoolProperty("ro.debuggable", false);
Elliott Hughesf14af802015-02-10 14:46:14 -0800215}
216
Dmitri Plotnikov8706a982017-04-18 08:28:26 -0700217bool reboot(const std::string& command) {
218 std::string cmd = command;
219 if (android::base::GetBoolProperty("ro.boot.quiescent", false)) {
220 cmd += ",quiescent";
221 }
222 return android::base::SetProperty(ANDROID_RB_PROPERTY, cmd);
223}
224
Nick Kralevicha9ad0322014-10-22 18:38:48 -0700225static void redirect_stdio(const char* filename) {
Tao Bao04ca4262015-09-10 15:32:24 -0700226 int pipefd[2];
227 if (pipe(pipefd) == -1) {
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -0700228 PLOG(ERROR) << "pipe failed";
Nick Kralevicha9ad0322014-10-22 18:38:48 -0700229
Tao Bao04ca4262015-09-10 15:32:24 -0700230 // Fall back to traditional logging mode without timestamps.
231 // If these fail, there's not really anywhere to complain...
232 freopen(filename, "a", stdout); setbuf(stdout, NULL);
233 freopen(filename, "a", stderr); setbuf(stderr, NULL);
234
235 return;
236 }
237
238 pid_t pid = fork();
239 if (pid == -1) {
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -0700240 PLOG(ERROR) << "fork failed";
Tao Bao04ca4262015-09-10 15:32:24 -0700241
242 // Fall back to traditional logging mode without timestamps.
243 // If these fail, there's not really anywhere to complain...
244 freopen(filename, "a", stdout); setbuf(stdout, NULL);
245 freopen(filename, "a", stderr); setbuf(stderr, NULL);
246
247 return;
248 }
249
250 if (pid == 0) {
251 /// Close the unused write end.
252 close(pipefd[1]);
253
254 auto start = std::chrono::steady_clock::now();
255
256 // Child logger to actually write to the log file.
Tianjie Xude6735e2017-07-10 15:13:33 -0700257 FILE* log_fp = fopen(filename, "ae");
Tao Bao04ca4262015-09-10 15:32:24 -0700258 if (log_fp == nullptr) {
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -0700259 PLOG(ERROR) << "fopen \"" << filename << "\" failed";
Tao Bao04ca4262015-09-10 15:32:24 -0700260 close(pipefd[0]);
Tao Bao3da88012017-02-03 13:09:23 -0800261 _exit(EXIT_FAILURE);
Tao Bao04ca4262015-09-10 15:32:24 -0700262 }
263
264 FILE* pipe_fp = fdopen(pipefd[0], "r");
265 if (pipe_fp == nullptr) {
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -0700266 PLOG(ERROR) << "fdopen failed";
Tao Bao04ca4262015-09-10 15:32:24 -0700267 check_and_fclose(log_fp, filename);
268 close(pipefd[0]);
Tao Bao3da88012017-02-03 13:09:23 -0800269 _exit(EXIT_FAILURE);
Tao Bao04ca4262015-09-10 15:32:24 -0700270 }
271
272 char* line = nullptr;
273 size_t len = 0;
274 while (getline(&line, &len, pipe_fp) != -1) {
275 auto now = std::chrono::steady_clock::now();
276 double duration = std::chrono::duration_cast<std::chrono::duration<double>>(
277 now - start).count();
278 if (line[0] == '\n') {
279 fprintf(log_fp, "[%12.6lf]\n", duration);
280 } else {
281 fprintf(log_fp, "[%12.6lf] %s", duration, line);
282 }
283 fflush(log_fp);
284 }
285
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -0700286 PLOG(ERROR) << "getline failed";
Tao Bao04ca4262015-09-10 15:32:24 -0700287
288 free(line);
289 check_and_fclose(log_fp, filename);
290 close(pipefd[0]);
Tao Bao3da88012017-02-03 13:09:23 -0800291 _exit(EXIT_FAILURE);
Tao Bao04ca4262015-09-10 15:32:24 -0700292 } else {
293 // Redirect stdout/stderr to the logger process.
294 // Close the unused read end.
295 close(pipefd[0]);
296
297 setbuf(stdout, nullptr);
298 setbuf(stderr, nullptr);
299
300 if (dup2(pipefd[1], STDOUT_FILENO) == -1) {
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -0700301 PLOG(ERROR) << "dup2 stdout failed";
Tao Bao04ca4262015-09-10 15:32:24 -0700302 }
303 if (dup2(pipefd[1], STDERR_FILENO) == -1) {
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -0700304 PLOG(ERROR) << "dup2 stderr failed";
Tao Bao04ca4262015-09-10 15:32:24 -0700305 }
306
307 close(pipefd[1]);
308 }
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800309}
310
311// command line args come from, in decreasing precedence:
312// - the actual command line
313// - the bootloader control block (one per line, after "recovery")
314// - the contents of COMMAND_FILE (one per line)
Tao Baof0ed1592016-12-02 11:32:19 -0800315static std::vector<std::string> get_args(const int argc, char** const argv) {
316 CHECK_GT(argc, 0);
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800317
Tao Baof0ed1592016-12-02 11:32:19 -0800318 bootloader_message boot = {};
319 std::string err;
320 if (!read_bootloader_message(&boot, &err)) {
321 LOG(ERROR) << err;
322 // If fails, leave a zeroed bootloader_message.
323 boot = {};
324 }
Tao Baoa8d72bc2016-12-25 18:46:50 -0800325 stage = std::string(boot.stage);
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800326
Tao Baof0ed1592016-12-02 11:32:19 -0800327 if (boot.command[0] != 0) {
328 std::string boot_command = std::string(boot.command, sizeof(boot.command));
329 LOG(INFO) << "Boot command: " << boot_command;
330 }
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800331
Tao Baof0ed1592016-12-02 11:32:19 -0800332 if (boot.status[0] != 0) {
333 std::string boot_status = std::string(boot.status, sizeof(boot.status));
334 LOG(INFO) << "Boot status: " << boot_status;
335 }
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800336
Tao Baof0ed1592016-12-02 11:32:19 -0800337 std::vector<std::string> args(argv, argv + argc);
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800338
Tao Baof0ed1592016-12-02 11:32:19 -0800339 // --- if arguments weren't supplied, look in the bootloader control block
Tao Bao570af9d2017-01-09 10:29:59 -0800340 if (args.size() == 1) {
Tao Baof0ed1592016-12-02 11:32:19 -0800341 boot.recovery[sizeof(boot.recovery) - 1] = '\0'; // Ensure termination
342 std::string boot_recovery(boot.recovery);
343 std::vector<std::string> tokens = android::base::Split(boot_recovery, "\n");
344 if (!tokens.empty() && tokens[0] == "recovery") {
345 for (auto it = tokens.begin() + 1; it != tokens.end(); it++) {
346 // Skip empty and '\0'-filled tokens.
347 if (!it->empty() && (*it)[0] != '\0') args.push_back(std::move(*it));
348 }
349 LOG(INFO) << "Got " << args.size() << " arguments from boot message";
350 } else if (boot.recovery[0] != 0) {
351 LOG(ERROR) << "Bad boot message: \"" << boot_recovery << "\"";
352 }
353 }
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800354
Tao Baof0ed1592016-12-02 11:32:19 -0800355 // --- if that doesn't work, try the command file (if we have /cache).
Tao Bao570af9d2017-01-09 10:29:59 -0800356 if (args.size() == 1 && has_cache) {
Tao Baof0ed1592016-12-02 11:32:19 -0800357 std::string content;
Tao Bao7d34fa12016-12-08 18:10:48 -0800358 if (ensure_path_mounted(COMMAND_FILE) == 0 &&
359 android::base::ReadFileToString(COMMAND_FILE, &content)) {
Tao Baof0ed1592016-12-02 11:32:19 -0800360 std::vector<std::string> tokens = android::base::Split(content, "\n");
Tao Bao7d34fa12016-12-08 18:10:48 -0800361 // All the arguments in COMMAND_FILE are needed (unlike the BCB message,
362 // COMMAND_FILE doesn't use filename as the first argument).
363 for (auto it = tokens.begin(); it != tokens.end(); it++) {
Tao Baof0ed1592016-12-02 11:32:19 -0800364 // Skip empty and '\0'-filled tokens.
365 if (!it->empty() && (*it)[0] != '\0') args.push_back(std::move(*it));
366 }
367 LOG(INFO) << "Got " << args.size() << " arguments from " << COMMAND_FILE;
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800368 }
Tao Baof0ed1592016-12-02 11:32:19 -0800369 }
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800370
Tao Baof0ed1592016-12-02 11:32:19 -0800371 // Write the arguments (excluding the filename in args[0]) back into the
372 // bootloader control block. So the device will always boot into recovery to
373 // finish the pending work, until finish_recovery() is called.
374 std::vector<std::string> options(args.cbegin() + 1, args.cend());
Tao Bao2292db82016-12-13 21:53:31 -0800375 if (!update_bootloader_message(options, &err)) {
376 LOG(ERROR) << "Failed to set BCB message: " << err;
Tao Baof0ed1592016-12-02 11:32:19 -0800377 }
378
379 return args;
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800380}
381
Tao Bao2292db82016-12-13 21:53:31 -0800382// Set the BCB to reboot back into recovery (it won't resume the install from
383// sdcard though).
384static void set_sdcard_update_bootloader_message() {
385 std::vector<std::string> options;
386 std::string err;
387 if (!update_bootloader_message(options, &err)) {
388 LOG(ERROR) << "Failed to set BCB message: " << err;
389 }
Doug Zongker34c98df2009-08-18 12:05:45 -0700390}
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800391
Tao Baobef39712015-05-04 18:50:27 -0700392// Read from kernel log into buffer and write out to file.
393static void save_kernel_log(const char* destination) {
394 int klog_buf_len = klogctl(KLOG_SIZE_BUFFER, 0, 0);
Patrick Tjincd055ee2014-12-09 11:26:40 -0800395 if (klog_buf_len <= 0) {
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -0700396 PLOG(ERROR) << "Error getting klog size";
Patrick Tjincd055ee2014-12-09 11:26:40 -0800397 return;
398 }
399
Tao Baobef39712015-05-04 18:50:27 -0700400 std::string buffer(klog_buf_len, 0);
401 int n = klogctl(KLOG_READ_ALL, &buffer[0], klog_buf_len);
402 if (n == -1) {
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -0700403 PLOG(ERROR) << "Error in reading klog";
Patrick Tjincd055ee2014-12-09 11:26:40 -0800404 return;
405 }
Tao Baobef39712015-05-04 18:50:27 -0700406 buffer.resize(n);
407 android::base::WriteStringToFile(buffer, destination);
Patrick Tjincd055ee2014-12-09 11:26:40 -0800408}
409
Mark Salyzyna4f701a2016-03-09 14:58:16 -0800410// write content to the current pmsg session.
411static ssize_t __pmsg_write(const char *filename, const char *buf, size_t len) {
412 return __android_log_pmsg_file_write(LOG_ID_SYSTEM, ANDROID_LOG_INFO,
413 filename, buf, len);
414}
415
416static void copy_log_file_to_pmsg(const char* source, const char* destination) {
417 std::string content;
418 android::base::ReadFileToString(source, &content);
419 __pmsg_write(destination, content.c_str(), content.length());
420}
421
Tao Baof0124322015-04-11 02:04:11 +0000422// How much of the temp log we have copied to the copy in cache.
Chih-Hung Hsieh54a27472016-04-18 11:30:55 -0700423static off_t tmplog_offset = 0;
Tao Baof0124322015-04-11 02:04:11 +0000424
Tao Baobef39712015-05-04 18:50:27 -0700425static void copy_log_file(const char* source, const char* destination, bool append) {
Tianjie Xude6735e2017-07-10 15:13:33 -0700426 FILE* dest_fp = fopen_path(destination, append ? "ae" : "we");
427 if (dest_fp == nullptr) {
428 PLOG(ERROR) << "Can't open " << destination;
429 } else {
430 FILE* source_fp = fopen(source, "re");
431 if (source_fp != nullptr) {
432 if (append) {
433 fseeko(source_fp, tmplog_offset, SEEK_SET); // Since last write
434 }
435 char buf[4096];
436 size_t bytes;
437 while ((bytes = fread(buf, 1, sizeof(buf), source_fp)) != 0) {
438 fwrite(buf, 1, bytes, dest_fp);
439 }
440 if (append) {
441 tmplog_offset = ftello(source_fp);
442 }
443 check_and_fclose(source_fp, source);
Doug Zongker2c3539e2010-09-29 13:21:30 -0700444 }
Tianjie Xude6735e2017-07-10 15:13:33 -0700445 check_and_fclose(dest_fp, destination);
446 }
Doug Zongker2c3539e2010-09-29 13:21:30 -0700447}
448
Tao Bao682c34b2015-04-07 17:16:35 -0700449static void copy_logs() {
450 // We only rotate and record the log of the current session if there are
451 // actual attempts to modify the flash, such as wipes, installs from BCB
452 // or menu selections. This is to avoid unnecessary rotation (and
453 // possible deletion) of log files, if it does not do anything loggable.
454 if (!modified_flash) {
455 return;
456 }
457
Mark Salyzyna4f701a2016-03-09 14:58:16 -0800458 // Always write to pmsg, this allows the OTA logs to be caught in logcat -L
459 copy_log_file_to_pmsg(TEMPORARY_LOG_FILE, LAST_LOG_FILE);
460 copy_log_file_to_pmsg(TEMPORARY_INSTALL_FILE, LAST_INSTALL_FILE);
461
462 // We can do nothing for now if there's no /cache partition.
463 if (!has_cache) {
464 return;
465 }
466
Tianjie Xue113e4d2016-10-21 17:46:13 -0700467 ensure_path_mounted(LAST_LOG_FILE);
468 ensure_path_mounted(LAST_KMSG_FILE);
469 rotate_logs(LAST_LOG_FILE, LAST_KMSG_FILE);
Tao Bao682c34b2015-04-07 17:16:35 -0700470
Doug Zongkerf24fd7e2013-07-02 11:43:25 -0700471 // Copy logs to cache so the system can find out what happened.
Tao Baof0124322015-04-11 02:04:11 +0000472 copy_log_file(TEMPORARY_LOG_FILE, LOG_FILE, true);
473 copy_log_file(TEMPORARY_LOG_FILE, LAST_LOG_FILE, false);
474 copy_log_file(TEMPORARY_INSTALL_FILE, LAST_INSTALL_FILE, false);
475 save_kernel_log(LAST_KMSG_FILE);
Doug Zongkerf24fd7e2013-07-02 11:43:25 -0700476 chmod(LOG_FILE, 0600);
Tao Baoe1905ad2017-03-22 14:57:04 -0700477 chown(LOG_FILE, AID_SYSTEM, AID_SYSTEM);
Tao Baof0124322015-04-11 02:04:11 +0000478 chmod(LAST_KMSG_FILE, 0600);
Tao Baoe1905ad2017-03-22 14:57:04 -0700479 chown(LAST_KMSG_FILE, AID_SYSTEM, AID_SYSTEM);
Doug Zongkerf24fd7e2013-07-02 11:43:25 -0700480 chmod(LAST_LOG_FILE, 0640);
481 chmod(LAST_INSTALL_FILE, 0644);
482 sync();
483}
484
Tao Baoec579032017-07-21 12:13:15 -0700485// Clear the recovery command and prepare to boot a (hopefully working) system,
Tianjie Xuc14d95d2016-03-24 11:50:34 -0700486// copy our log file to cache as well (for the system to read). This function is
487// idempotent: call it as many times as you like.
Tao Baoac9d94d2016-11-03 11:37:15 -0700488static void finish_recovery() {
Tao Baoec579032017-07-21 12:13:15 -0700489 // Save the locale to cache, so if recovery is next started up without a '--locale' argument
490 // (e.g., directly from the bootloader) it will use the last-known locale.
491 if (!locale.empty() && has_cache) {
492 LOG(INFO) << "Saving locale \"" << locale << "\"";
493 if (ensure_path_mounted(LOCALE_FILE) != 0) {
494 LOG(ERROR) << "Failed to mount " << LOCALE_FILE;
495 } else if (!android::base::WriteStringToFile(locale, LOCALE_FILE)) {
496 PLOG(ERROR) << "Failed to save locale to " << LOCALE_FILE;
Doug Zongker4f33e552012-08-23 13:16:12 -0700497 }
Tao Baoec579032017-07-21 12:13:15 -0700498 }
Doug Zongker4f33e552012-08-23 13:16:12 -0700499
Tao Baoec579032017-07-21 12:13:15 -0700500 copy_logs();
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800501
Tao Baoec579032017-07-21 12:13:15 -0700502 // Reset to normal system boot so recovery won't cycle indefinitely.
503 std::string err;
504 if (!clear_bootloader_message(&err)) {
505 LOG(ERROR) << "Failed to clear BCB message: " << err;
506 }
507
508 // Remove the command file, so recovery won't repeat indefinitely.
509 if (has_cache) {
510 if (ensure_path_mounted(COMMAND_FILE) != 0 || (unlink(COMMAND_FILE) && errno != ENOENT)) {
511 LOG(WARNING) << "Can't unlink " << COMMAND_FILE;
Yabin Cui8b309f62016-06-24 18:22:02 -0700512 }
Tao Baoec579032017-07-21 12:13:15 -0700513 ensure_path_unmounted(CACHE_ROOT);
514 }
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800515
Tao Baoec579032017-07-21 12:13:15 -0700516 sync(); // For good measure.
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800517}
518
Tao Bao3f5a3822016-12-13 11:14:37 -0800519struct saved_log_file {
520 std::string name;
521 struct stat sb;
522 std::string data;
523};
Doug Zongker6d0d7ac2013-07-09 13:34:55 -0700524
Elliott Hughes945548e2015-06-05 17:59:56 -0700525static bool erase_volume(const char* volume) {
Tao Bao3f5a3822016-12-13 11:14:37 -0800526 bool is_cache = (strcmp(volume, CACHE_ROOT) == 0);
527 bool is_data = (strcmp(volume, DATA_ROOT) == 0);
Doug Zongker6d0d7ac2013-07-09 13:34:55 -0700528
Tao Bao3f5a3822016-12-13 11:14:37 -0800529 ui->SetBackground(RecoveryUI::ERASING);
530 ui->SetProgressType(RecoveryUI::INDETERMINATE);
Doug Zongker6d0d7ac2013-07-09 13:34:55 -0700531
Tao Bao3f5a3822016-12-13 11:14:37 -0800532 std::vector<saved_log_file> log_files;
Doug Zongker6d0d7ac2013-07-09 13:34:55 -0700533
Tao Bao3f5a3822016-12-13 11:14:37 -0800534 if (is_cache) {
535 // If we're reformatting /cache, we load any past logs
536 // (i.e. "/cache/recovery/last_*") and the current log
537 // ("/cache/recovery/log") into memory, so we can restore them after
538 // the reformat.
Doug Zongker6d0d7ac2013-07-09 13:34:55 -0700539
Tao Bao3f5a3822016-12-13 11:14:37 -0800540 ensure_path_mounted(volume);
Doug Zongker6d0d7ac2013-07-09 13:34:55 -0700541
Tao Bao3f5a3822016-12-13 11:14:37 -0800542 struct dirent* de;
543 std::unique_ptr<DIR, decltype(&closedir)> d(opendir(CACHE_LOG_DIR), closedir);
544 if (d) {
545 while ((de = readdir(d.get())) != nullptr) {
546 if (strncmp(de->d_name, "last_", 5) == 0 || strcmp(de->d_name, "log") == 0) {
547 std::string path = android::base::StringPrintf("%s/%s", CACHE_LOG_DIR, de->d_name);
548
549 struct stat sb;
550 if (stat(path.c_str(), &sb) == 0) {
551 // truncate files to 512kb
552 if (sb.st_size > (1 << 19)) {
553 sb.st_size = 1 << 19;
Doug Zongker6d0d7ac2013-07-09 13:34:55 -0700554 }
Tao Bao3f5a3822016-12-13 11:14:37 -0800555
556 std::string data(sb.st_size, '\0');
Tianjie Xude6735e2017-07-10 15:13:33 -0700557 FILE* f = fopen(path.c_str(), "rbe");
Tao Bao3f5a3822016-12-13 11:14:37 -0800558 fread(&data[0], 1, data.size(), f);
559 fclose(f);
560
561 log_files.emplace_back(saved_log_file{ path, sb, data });
562 }
Doug Zongker6d0d7ac2013-07-09 13:34:55 -0700563 }
Tao Bao3f5a3822016-12-13 11:14:37 -0800564 }
Paul Lawrenced0db3372015-11-05 13:38:40 -0800565 } else {
Tao Bao3f5a3822016-12-13 11:14:37 -0800566 if (errno != ENOENT) {
567 PLOG(ERROR) << "Failed to opendir " << CACHE_LOG_DIR;
568 }
Paul Lawrenced0db3372015-11-05 13:38:40 -0800569 }
Tao Bao3f5a3822016-12-13 11:14:37 -0800570 }
Doug Zongkerd0181b82011-10-19 10:51:12 -0700571
Tao Bao3f5a3822016-12-13 11:14:37 -0800572 ui->Print("Formatting %s...\n", volume);
573
574 ensure_path_unmounted(volume);
575
576 int result;
577
578 if (is_data && reason && strcmp(reason, "convert_fbe") == 0) {
579 // Create convert_fbe breadcrumb file to signal to init
580 // to convert to file based encryption, not full disk encryption
581 if (mkdir(CONVERT_FBE_DIR, 0700) != 0) {
582 ui->Print("Failed to make convert_fbe dir %s\n", strerror(errno));
583 return true;
584 }
Tianjie Xude6735e2017-07-10 15:13:33 -0700585 FILE* f = fopen(CONVERT_FBE_FILE, "wbe");
Tao Bao3f5a3822016-12-13 11:14:37 -0800586 if (!f) {
587 ui->Print("Failed to convert to file encryption %s\n", strerror(errno));
588 return true;
589 }
590 fclose(f);
591 result = format_volume(volume, CONVERT_FBE_DIR);
592 remove(CONVERT_FBE_FILE);
593 rmdir(CONVERT_FBE_DIR);
594 } else {
595 result = format_volume(volume);
596 }
597
598 if (is_cache) {
599 // Re-create the log dir and write back the log entries.
600 if (ensure_path_mounted(CACHE_LOG_DIR) == 0 &&
Tao Baoac3d1ed2017-07-23 00:01:02 -0700601 mkdir_recursively(CACHE_LOG_DIR, 0777, false, sehandle) == 0) {
Tao Bao3f5a3822016-12-13 11:14:37 -0800602 for (const auto& log : log_files) {
603 if (!android::base::WriteStringToFile(log.data, log.name, log.sb.st_mode, log.sb.st_uid,
604 log.sb.st_gid)) {
605 PLOG(ERROR) << "Failed to write to " << log.name;
Doug Zongker6d0d7ac2013-07-09 13:34:55 -0700606 }
Tao Bao3f5a3822016-12-13 11:14:37 -0800607 }
608 } else {
609 PLOG(ERROR) << "Failed to mount / create " << CACHE_LOG_DIR;
Doug Zongker2c3539e2010-09-29 13:21:30 -0700610 }
611
Tao Bao3f5a3822016-12-13 11:14:37 -0800612 // Any part of the log we'd copied to cache is now gone.
613 // Reset the pointer so we copy from the beginning of the temp
614 // log.
615 tmplog_offset = 0;
616 copy_logs();
617 }
618
619 return (result == 0);
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800620}
621
Tao Baofc5499f2017-02-23 19:06:53 -0800622// Display a menu with the specified 'headers' and 'items'. Device specific HandleMenuKey() may
623// return a positive number beyond the given range. Caller sets 'menu_only' to true to ensure only
Tao Bao50dd5322017-03-07 14:57:04 -0800624// a menu item gets selected. 'initial_selection' controls the initial cursor location. Returns the
625// (non-negative) chosen item number, or -1 if timed out waiting for input.
Tao Baofc5499f2017-02-23 19:06:53 -0800626static int get_menu_selection(const char* const* headers, const char* const* items, bool menu_only,
627 int initial_selection, Device* device) {
628 // Throw away keys pressed previously, so user doesn't accidentally trigger menu items.
629 ui->FlushKeys();
Doug Zongkerf93d8162009-09-22 15:16:02 -0700630
Tao Baofc5499f2017-02-23 19:06:53 -0800631 ui->StartMenu(headers, items, initial_selection);
Tao Bao50dd5322017-03-07 14:57:04 -0800632
Tao Baofc5499f2017-02-23 19:06:53 -0800633 int selected = initial_selection;
634 int chosen_item = -1;
Tao Baofc5499f2017-02-23 19:06:53 -0800635 while (chosen_item < 0) {
636 int key = ui->WaitKey();
Tao Bao50dd5322017-03-07 14:57:04 -0800637 if (key == -1) { // WaitKey() timed out.
Tao Baofc5499f2017-02-23 19:06:53 -0800638 if (ui->WasTextEverVisible()) {
639 continue;
640 } else {
Tao Bao50dd5322017-03-07 14:57:04 -0800641 LOG(INFO) << "Timed out waiting for key input; rebooting.";
Tao Baofc5499f2017-02-23 19:06:53 -0800642 ui->EndMenu();
Tao Bao50dd5322017-03-07 14:57:04 -0800643 return -1;
Tao Baofc5499f2017-02-23 19:06:53 -0800644 }
Doug Zongkerf93d8162009-09-22 15:16:02 -0700645 }
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800646
Tao Baofc5499f2017-02-23 19:06:53 -0800647 bool visible = ui->IsTextVisible();
648 int action = device->HandleMenuKey(key, visible);
649
650 if (action < 0) {
651 switch (action) {
652 case Device::kHighlightUp:
653 selected = ui->SelectMenu(--selected);
654 break;
655 case Device::kHighlightDown:
656 selected = ui->SelectMenu(++selected);
657 break;
658 case Device::kInvokeItem:
659 chosen_item = selected;
660 break;
661 case Device::kNoAction:
662 break;
663 }
664 } else if (!menu_only) {
665 chosen_item = action;
666 }
667 }
668
669 ui->EndMenu();
670 return chosen_item;
Doug Zongkerf93d8162009-09-22 15:16:02 -0700671}
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800672
Tao Baoc4a18ef2017-02-10 00:13:30 -0800673// Returns the selected filename, or an empty string.
674static std::string browse_directory(const std::string& path, Device* device) {
675 ensure_path_mounted(path.c_str());
Doug Zongker8674a722010-09-15 11:08:23 -0700676
Tao Baoc4a18ef2017-02-10 00:13:30 -0800677 std::unique_ptr<DIR, decltype(&closedir)> d(opendir(path.c_str()), closedir);
678 if (!d) {
679 PLOG(ERROR) << "error opening " << path;
680 return "";
681 }
Doug Zongkerc18eeb82010-09-21 16:49:26 -0700682
Tao Baoc4a18ef2017-02-10 00:13:30 -0800683 std::vector<std::string> dirs;
684 std::vector<std::string> zips = { "../" }; // "../" is always the first entry.
685
686 dirent* de;
687 while ((de = readdir(d.get())) != nullptr) {
688 std::string name(de->d_name);
689
690 if (de->d_type == DT_DIR) {
691 // Skip "." and ".." entries.
692 if (name == "." || name == "..") continue;
693 dirs.push_back(name + "/");
694 } else if (de->d_type == DT_REG && android::base::EndsWithIgnoreCase(name, ".zip")) {
695 zips.push_back(name);
696 }
697 }
698
699 std::sort(dirs.begin(), dirs.end());
700 std::sort(zips.begin(), zips.end());
701
702 // Append dirs to the zips list.
703 zips.insert(zips.end(), dirs.begin(), dirs.end());
704
705 const char* entries[zips.size() + 1];
706 entries[zips.size()] = nullptr;
707 for (size_t i = 0; i < zips.size(); i++) {
708 entries[i] = zips[i].c_str();
709 }
710
711 const char* headers[] = { "Choose a package to install:", path.c_str(), nullptr };
712
713 int chosen_item = 0;
714 while (true) {
Tao Baofc5499f2017-02-23 19:06:53 -0800715 chosen_item = get_menu_selection(headers, entries, true, chosen_item, device);
Tao Baoc4a18ef2017-02-10 00:13:30 -0800716
717 const std::string& item = zips[chosen_item];
718 if (chosen_item == 0) {
719 // Go up but continue browsing (if the caller is browse_directory).
720 return "";
Doug Zongker8674a722010-09-15 11:08:23 -0700721 }
722
Tao Baoc4a18ef2017-02-10 00:13:30 -0800723 std::string new_path = path + "/" + item;
724 if (new_path.back() == '/') {
725 // Recurse down into a subdirectory.
726 new_path.pop_back();
727 std::string result = browse_directory(new_path, device);
728 if (!result.empty()) return result;
729 } else {
730 // Selected a zip file: return the path to the caller.
731 return new_path;
Doug Zongker8674a722010-09-15 11:08:23 -0700732 }
Tao Baoc4a18ef2017-02-10 00:13:30 -0800733 }
Doug Zongker8674a722010-09-15 11:08:23 -0700734
Tao Baoc4a18ef2017-02-10 00:13:30 -0800735 // Unreachable.
Doug Zongker8674a722010-09-15 11:08:23 -0700736}
737
Elliott Hughes30694c92015-03-25 15:16:51 -0700738static bool yes_no(Device* device, const char* question1, const char* question2) {
Elliott Hughes8fd86d72015-04-13 14:36:02 -0700739 const char* headers[] = { question1, question2, NULL };
Elliott Hughes30694c92015-03-25 15:16:51 -0700740 const char* items[] = { " No", " Yes", NULL };
Doug Zongkerddd6a282009-06-09 12:22:33 -0700741
Tao Baofc5499f2017-02-23 19:06:53 -0800742 int chosen_item = get_menu_selection(headers, items, true, 0, device);
Elliott Hughes30694c92015-03-25 15:16:51 -0700743 return (chosen_item == 1);
744}
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -0800745
Paul Crowley08404b42016-12-19 13:04:23 -0800746static bool ask_to_wipe_data(Device* device) {
747 return yes_no(device, "Wipe all user data?", " THIS CAN NOT BE UNDONE!");
748}
Doug Zongker1066d2c2009-04-01 13:57:40 -0700749
Paul Crowley08404b42016-12-19 13:04:23 -0800750// Return true on success.
751static bool wipe_data(Device* device) {
Tao Bao682c34b2015-04-07 17:16:35 -0700752 modified_flash = true;
753
Doug Zongker211aebc2011-10-28 15:13:10 -0700754 ui->Print("\n-- Wiping data...\n");
Elliott Hughes945548e2015-06-05 17:59:56 -0700755 bool success =
756 device->PreWipeData() &&
757 erase_volume("/data") &&
Tao Bao26112e52016-02-25 12:29:40 -0800758 (has_cache ? erase_volume("/cache") : true) &&
Elliott Hughes945548e2015-06-05 17:59:56 -0700759 device->PostWipeData();
760 ui->Print("Data wipe %s.\n", success ? "complete" : "failed");
761 return success;
Doug Zongkerf93d8162009-09-22 15:16:02 -0700762}
763
Paul Crowley08404b42016-12-19 13:04:23 -0800764static bool prompt_and_wipe_data(Device* device) {
Tao Bao2bbc6d62017-08-13 23:48:55 -0700765 // Use a single string and let ScreenRecoveryUI handles the wrapping.
Tao Baofc5499f2017-02-23 19:06:53 -0800766 const char* const headers[] = {
Tao Bao2bbc6d62017-08-13 23:48:55 -0700767 "Can't load Android system. Your data may be corrupt. "
768 "If you continue to get this message, you may need to "
769 "perform a factory data reset and erase all user data "
Paul Crowley31ac0c62017-03-23 12:32:40 -0700770 "stored on this device.",
Tao Bao2bbc6d62017-08-13 23:48:55 -0700771 nullptr
Tao Baofc5499f2017-02-23 19:06:53 -0800772 };
773 const char* const items[] = {
Paul Crowley31ac0c62017-03-23 12:32:40 -0700774 "Try again",
775 "Factory data reset",
Tao Baofc5499f2017-02-23 19:06:53 -0800776 NULL
777 };
778 for (;;) {
779 int chosen_item = get_menu_selection(headers, items, true, 0, device);
780 if (chosen_item != 1) {
781 return true; // Just reboot, no wipe; not a failure, user asked for it
Paul Crowley08404b42016-12-19 13:04:23 -0800782 }
Tao Baofc5499f2017-02-23 19:06:53 -0800783 if (ask_to_wipe_data(device)) {
784 return wipe_data(device);
785 }
786 }
Paul Crowley08404b42016-12-19 13:04:23 -0800787}
788
Tao Baoe39a9bc2015-03-31 12:19:05 -0700789// Return true on success.
790static bool wipe_cache(bool should_confirm, Device* device) {
Tao Bao26112e52016-02-25 12:29:40 -0800791 if (!has_cache) {
792 ui->Print("No /cache partition found.\n");
793 return false;
794 }
795
Elliott Hughes30694c92015-03-25 15:16:51 -0700796 if (should_confirm && !yes_no(device, "Wipe cache?", " THIS CAN NOT BE UNDONE!")) {
Tao Baoe39a9bc2015-03-31 12:19:05 -0700797 return false;
Elliott Hughes30694c92015-03-25 15:16:51 -0700798 }
799
Tao Bao682c34b2015-04-07 17:16:35 -0700800 modified_flash = true;
801
Elliott Hughes30694c92015-03-25 15:16:51 -0700802 ui->Print("\n-- Wiping cache...\n");
Elliott Hughes945548e2015-06-05 17:59:56 -0700803 bool success = erase_volume("/cache");
804 ui->Print("Cache wipe %s.\n", success ? "complete" : "failed");
805 return success;
Elliott Hughes30694c92015-03-25 15:16:51 -0700806}
807
Tao Bao1b2a98b2017-03-24 10:45:34 -0700808// Secure-wipe a given partition. It uses BLKSECDISCARD, if supported. Otherwise, it goes with
809// BLKDISCARD (if device supports BLKDISCARDZEROES) or BLKZEROOUT.
Tao Bao862a4c12016-06-02 11:16:50 -0700810static bool secure_wipe_partition(const std::string& partition) {
Tao Bao1b2a98b2017-03-24 10:45:34 -0700811 android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(partition.c_str(), O_WRONLY)));
812 if (fd == -1) {
813 PLOG(ERROR) << "Failed to open \"" << partition << "\"";
814 return false;
815 }
816
817 uint64_t range[2] = { 0, 0 };
818 if (ioctl(fd, BLKGETSIZE64, &range[1]) == -1 || range[1] == 0) {
819 PLOG(ERROR) << "Failed to get partition size";
820 return false;
821 }
822 LOG(INFO) << "Secure-wiping \"" << partition << "\" from " << range[0] << " to " << range[1];
823
824 LOG(INFO) << " Trying BLKSECDISCARD...";
825 if (ioctl(fd, BLKSECDISCARD, &range) == -1) {
826 PLOG(WARNING) << " Failed";
827
828 // Use BLKDISCARD if it zeroes out blocks, otherwise use BLKZEROOUT.
829 unsigned int zeroes;
830 if (ioctl(fd, BLKDISCARDZEROES, &zeroes) == 0 && zeroes != 0) {
831 LOG(INFO) << " Trying BLKDISCARD...";
832 if (ioctl(fd, BLKDISCARD, &range) == -1) {
833 PLOG(ERROR) << " Failed";
Tao Bao862a4c12016-06-02 11:16:50 -0700834 return false;
Tao Bao1b2a98b2017-03-24 10:45:34 -0700835 }
836 } else {
837 LOG(INFO) << " Trying BLKZEROOUT...";
838 if (ioctl(fd, BLKZEROOUT, &range) == -1) {
839 PLOG(ERROR) << " Failed";
Tao Bao862a4c12016-06-02 11:16:50 -0700840 return false;
Tao Bao1b2a98b2017-03-24 10:45:34 -0700841 }
Tao Bao862a4c12016-06-02 11:16:50 -0700842 }
Tao Bao1b2a98b2017-03-24 10:45:34 -0700843 }
Tao Bao862a4c12016-06-02 11:16:50 -0700844
Tao Bao1b2a98b2017-03-24 10:45:34 -0700845 LOG(INFO) << " Done";
846 return true;
Tao Bao862a4c12016-06-02 11:16:50 -0700847}
848
Yabin Cuifd99a312016-06-09 14:09:39 -0700849// Check if the wipe package matches expectation:
850// 1. verify the package.
851// 2. check metadata (ota-type, pre-device and serial number if having one).
852static bool check_wipe_package(size_t wipe_package_size) {
853 if (wipe_package_size == 0) {
854 LOG(ERROR) << "wipe_package_size is zero";
855 return false;
856 }
857 std::string wipe_package;
858 std::string err_str;
859 if (!read_wipe_package(&wipe_package, wipe_package_size, &err_str)) {
860 PLOG(ERROR) << "Failed to read wipe package";
861 return false;
862 }
863 if (!verify_package(reinterpret_cast<const unsigned char*>(wipe_package.data()),
864 wipe_package.size())) {
865 LOG(ERROR) << "Failed to verify package";
866 return false;
867 }
868
869 // Extract metadata
870 ZipArchiveHandle zip;
Tao Baoefc35592017-01-08 22:45:47 -0800871 int err = OpenArchiveFromMemory(static_cast<void*>(&wipe_package[0]), wipe_package.size(),
872 "wipe_package", &zip);
Yabin Cuifd99a312016-06-09 14:09:39 -0700873 if (err != 0) {
874 LOG(ERROR) << "Can't open wipe package : " << ErrorCodeString(err);
875 return false;
876 }
877 std::string metadata;
Tao Bao1b2a98b2017-03-24 10:45:34 -0700878 if (!read_metadata_from_package(zip, &metadata)) {
Yabin Cuifd99a312016-06-09 14:09:39 -0700879 CloseArchive(zip);
880 return false;
881 }
882 CloseArchive(zip);
883
884 // Check metadata
885 std::vector<std::string> lines = android::base::Split(metadata, "\n");
886 bool ota_type_matched = false;
887 bool device_type_matched = false;
888 bool has_serial_number = false;
889 bool serial_number_matched = false;
890 for (const auto& line : lines) {
891 if (line == "ota-type=BRICK") {
892 ota_type_matched = true;
893 } else if (android::base::StartsWith(line, "pre-device=")) {
894 std::string device_type = line.substr(strlen("pre-device="));
Tao Baoefc35592017-01-08 22:45:47 -0800895 std::string real_device_type = android::base::GetProperty("ro.build.product", "");
Yabin Cuifd99a312016-06-09 14:09:39 -0700896 device_type_matched = (device_type == real_device_type);
897 } else if (android::base::StartsWith(line, "serialno=")) {
898 std::string serial_no = line.substr(strlen("serialno="));
Tao Baoefc35592017-01-08 22:45:47 -0800899 std::string real_serial_no = android::base::GetProperty("ro.serialno", "");
Yabin Cuifd99a312016-06-09 14:09:39 -0700900 has_serial_number = true;
901 serial_number_matched = (serial_no == real_serial_no);
902 }
903 }
904 return ota_type_matched && device_type_matched && (!has_serial_number || serial_number_matched);
905}
906
Yabin Cui8b309f62016-06-24 18:22:02 -0700907// Wipe the current A/B device, with a secure wipe of all the partitions in
908// RECOVERY_WIPE.
Yabin Cuifd99a312016-06-09 14:09:39 -0700909static bool wipe_ab_device(size_t wipe_package_size) {
Tao Bao862a4c12016-06-02 11:16:50 -0700910 ui->SetBackground(RecoveryUI::ERASING);
911 ui->SetProgressType(RecoveryUI::INDETERMINATE);
912
Yabin Cuifd99a312016-06-09 14:09:39 -0700913 if (!check_wipe_package(wipe_package_size)) {
914 LOG(ERROR) << "Failed to verify wipe package";
915 return false;
916 }
Tao Bao862a4c12016-06-02 11:16:50 -0700917 std::string partition_list;
Yabin Cui8b309f62016-06-24 18:22:02 -0700918 if (!android::base::ReadFileToString(RECOVERY_WIPE, &partition_list)) {
919 LOG(ERROR) << "failed to read \"" << RECOVERY_WIPE << "\"";
Tao Bao862a4c12016-06-02 11:16:50 -0700920 return false;
921 }
922
923 std::vector<std::string> lines = android::base::Split(partition_list, "\n");
924 for (const std::string& line : lines) {
925 std::string partition = android::base::Trim(line);
926 // Ignore '#' comment or empty lines.
927 if (android::base::StartsWith(partition, "#") || partition.empty()) {
928 continue;
929 }
930
931 // Proceed anyway even if it fails to wipe some partition.
932 secure_wipe_partition(partition);
933 }
934 return true;
935}
936
Nick Kralevicha9ad0322014-10-22 18:38:48 -0700937static void choose_recovery_file(Device* device) {
Tao Bao08fc6be2017-03-07 00:56:27 -0800938 std::vector<std::string> entries;
939 if (has_cache) {
940 for (int i = 0; i < KEEP_LOG_COUNT; i++) {
941 auto add_to_entries = [&](const char* filename) {
942 std::string log_file(filename);
943 if (i > 0) {
944 log_file += "." + std::to_string(i);
Tao Baobef39712015-05-04 18:50:27 -0700945 }
Tao Bao08fc6be2017-03-07 00:56:27 -0800946
947 if (ensure_path_mounted(log_file.c_str()) == 0 && access(log_file.c_str(), R_OK) == 0) {
948 entries.push_back(std::move(log_file));
949 }
950 };
951
952 // Add LAST_LOG_FILE + LAST_LOG_FILE.x
953 add_to_entries(LAST_LOG_FILE);
954
955 // Add LAST_KMSG_FILE + LAST_KMSG_FILE.x
956 add_to_entries(LAST_KMSG_FILE);
957 }
958 } else {
959 // If cache partition is not found, view /tmp/recovery.log instead.
960 if (access(TEMPORARY_LOG_FILE, R_OK) == -1) {
961 return;
Tianjie Xua54f75e2016-08-17 12:02:46 -0700962 } else {
Tao Bao08fc6be2017-03-07 00:56:27 -0800963 entries.push_back(TEMPORARY_LOG_FILE);
Nick Kralevicha9ad0322014-10-22 18:38:48 -0700964 }
Tao Bao08fc6be2017-03-07 00:56:27 -0800965 }
Nick Kralevicha9ad0322014-10-22 18:38:48 -0700966
Tao Bao08fc6be2017-03-07 00:56:27 -0800967 entries.push_back("Back");
Elliott Hughesc0491632015-05-06 12:40:05 -0700968
Tao Bao08fc6be2017-03-07 00:56:27 -0800969 std::vector<const char*> menu_entries(entries.size());
970 std::transform(entries.cbegin(), entries.cend(), menu_entries.begin(),
971 [](const std::string& entry) { return entry.c_str(); });
972 menu_entries.push_back(nullptr);
Nick Kralevicha9ad0322014-10-22 18:38:48 -0700973
Tao Bao08fc6be2017-03-07 00:56:27 -0800974 const char* headers[] = { "Select file to view", nullptr };
Elliott Hughes8de52072015-04-08 20:06:50 -0700975
Tao Bao08fc6be2017-03-07 00:56:27 -0800976 int chosen_item = 0;
977 while (true) {
Tao Baofc5499f2017-02-23 19:06:53 -0800978 chosen_item = get_menu_selection(headers, menu_entries.data(), true, chosen_item, device);
Tao Bao08fc6be2017-03-07 00:56:27 -0800979 if (entries[chosen_item] == "Back") break;
Nick Kralevicha9ad0322014-10-22 18:38:48 -0700980
Tao Bao08fc6be2017-03-07 00:56:27 -0800981 ui->ShowFile(entries[chosen_item].c_str());
982 }
Nick Kralevicha9ad0322014-10-22 18:38:48 -0700983}
984
Tao Baodb7e8982017-03-06 23:53:16 -0800985static void run_graphics_test() {
986 // Switch to graphics screen.
987 ui->ShowText(false);
Elliott Hughes498cda62016-04-14 16:49:04 -0700988
Tao Baodb7e8982017-03-06 23:53:16 -0800989 ui->SetProgressType(RecoveryUI::INDETERMINATE);
990 ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
991 sleep(1);
Elliott Hughes498cda62016-04-14 16:49:04 -0700992
Tao Baodb7e8982017-03-06 23:53:16 -0800993 ui->SetBackground(RecoveryUI::ERROR);
994 sleep(1);
Elliott Hughes498cda62016-04-14 16:49:04 -0700995
Tao Baodb7e8982017-03-06 23:53:16 -0800996 ui->SetBackground(RecoveryUI::NO_COMMAND);
997 sleep(1);
Elliott Hughes498cda62016-04-14 16:49:04 -0700998
Tao Baodb7e8982017-03-06 23:53:16 -0800999 ui->SetBackground(RecoveryUI::ERASING);
1000 sleep(1);
Elliott Hughes498cda62016-04-14 16:49:04 -07001001
Tao Baodb7e8982017-03-06 23:53:16 -08001002 // Calling SetBackground() after SetStage() to trigger a redraw.
1003 ui->SetStage(1, 3);
1004 ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
1005 sleep(1);
1006 ui->SetStage(2, 3);
1007 ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
1008 sleep(1);
1009 ui->SetStage(3, 3);
1010 ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
1011 sleep(1);
Elliott Hughes498cda62016-04-14 16:49:04 -07001012
Tao Baodb7e8982017-03-06 23:53:16 -08001013 ui->SetStage(-1, -1);
1014 ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
Elliott Hughes498cda62016-04-14 16:49:04 -07001015
Tao Baodb7e8982017-03-06 23:53:16 -08001016 ui->SetProgressType(RecoveryUI::DETERMINATE);
1017 ui->ShowProgress(1.0, 10.0);
1018 float fraction = 0.0;
1019 for (size_t i = 0; i < 100; ++i) {
1020 fraction += .01;
1021 ui->SetProgress(fraction);
1022 usleep(100000);
1023 }
1024
1025 ui->ShowText(true);
Elliott Hughes498cda62016-04-14 16:49:04 -07001026}
1027
Tao Baocdcf28f2016-01-13 15:05:20 -08001028// How long (in seconds) we wait for the fuse-provided package file to
1029// appear, before timing out.
1030#define SDCARD_INSTALL_TIMEOUT 10
1031
Tao Bao145d8612015-03-25 15:51:15 -07001032static int apply_from_sdcard(Device* device, bool* wipe_cache) {
Tao Bao682c34b2015-04-07 17:16:35 -07001033 modified_flash = true;
1034
Christian Poetzsch4ec58a42015-02-19 10:42:39 +00001035 if (ensure_path_mounted(SDCARD_ROOT) != 0) {
1036 ui->Print("\n-- Couldn't mount %s.\n", SDCARD_ROOT);
1037 return INSTALL_ERROR;
1038 }
1039
Tao Baoc4a18ef2017-02-10 00:13:30 -08001040 std::string path = browse_directory(SDCARD_ROOT, device);
1041 if (path.empty()) {
Elliott Hughes018ed312015-04-08 16:51:36 -07001042 ui->Print("\n-- No package file selected.\n");
caozhiyuanb4effb92015-06-10 16:46:38 +08001043 ensure_path_unmounted(SDCARD_ROOT);
Christian Poetzsch4ec58a42015-02-19 10:42:39 +00001044 return INSTALL_ERROR;
1045 }
1046
Tao Baoc4a18ef2017-02-10 00:13:30 -08001047 ui->Print("\n-- Install %s ...\n", path.c_str());
Christian Poetzsch4ec58a42015-02-19 10:42:39 +00001048 set_sdcard_update_bootloader_message();
Christian Poetzsch4ec58a42015-02-19 10:42:39 +00001049
Tao Baocdcf28f2016-01-13 15:05:20 -08001050 // We used to use fuse in a thread as opposed to a process. Since accessing
1051 // through fuse involves going from kernel to userspace to kernel, it leads
1052 // to deadlock when a page fault occurs. (Bug: 26313124)
1053 pid_t child;
1054 if ((child = fork()) == 0) {
Tao Baoc4a18ef2017-02-10 00:13:30 -08001055 bool status = start_sdcard_fuse(path.c_str());
Tao Baocdcf28f2016-01-13 15:05:20 -08001056
1057 _exit(status ? EXIT_SUCCESS : EXIT_FAILURE);
1058 }
1059
1060 // FUSE_SIDELOAD_HOST_PATHNAME will start to exist once the fuse in child
1061 // process is ready.
1062 int result = INSTALL_ERROR;
1063 int status;
1064 bool waited = false;
1065 for (int i = 0; i < SDCARD_INSTALL_TIMEOUT; ++i) {
1066 if (waitpid(child, &status, WNOHANG) == -1) {
1067 result = INSTALL_ERROR;
1068 waited = true;
1069 break;
1070 }
1071
1072 struct stat sb;
1073 if (stat(FUSE_SIDELOAD_HOST_PATHNAME, &sb) == -1) {
1074 if (errno == ENOENT && i < SDCARD_INSTALL_TIMEOUT-1) {
1075 sleep(1);
1076 continue;
1077 } else {
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -07001078 LOG(ERROR) << "Timed out waiting for the fuse-provided package.";
Tao Baocdcf28f2016-01-13 15:05:20 -08001079 result = INSTALL_ERROR;
1080 kill(child, SIGKILL);
1081 break;
1082 }
1083 }
1084
1085 result = install_package(FUSE_SIDELOAD_HOST_PATHNAME, wipe_cache,
Tianjie Xu16255832016-04-30 11:49:59 -07001086 TEMPORARY_INSTALL_FILE, false, 0/*retry_count*/);
Tao Baocdcf28f2016-01-13 15:05:20 -08001087 break;
1088 }
Christian Poetzsch4ec58a42015-02-19 10:42:39 +00001089
Tao Baocdcf28f2016-01-13 15:05:20 -08001090 if (!waited) {
1091 // Calling stat() on this magic filename signals the fuse
1092 // filesystem to shut down.
1093 struct stat sb;
1094 stat(FUSE_SIDELOAD_HOST_EXIT_PATHNAME, &sb);
1095
1096 waitpid(child, &status, 0);
1097 }
1098
1099 if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -07001100 LOG(ERROR) << "Error exit from the fuse process: " << WEXITSTATUS(status);
Tao Baocdcf28f2016-01-13 15:05:20 -08001101 }
1102
Christian Poetzsch4ec58a42015-02-19 10:42:39 +00001103 ensure_path_unmounted(SDCARD_ROOT);
Tao Baocdcf28f2016-01-13 15:05:20 -08001104 return result;
Christian Poetzsch4ec58a42015-02-19 10:42:39 +00001105}
1106
Tao Bao50dd5322017-03-07 14:57:04 -08001107// Returns REBOOT, SHUTDOWN, or REBOOT_BOOTLOADER. Returning NO_ACTION means to take the default,
1108// which is to reboot or shutdown depending on if the --shutdown_after flag was passed to recovery.
1109static Device::BuiltinAction prompt_and_wait(Device* device, int status) {
1110 for (;;) {
1111 finish_recovery();
1112 switch (status) {
1113 case INSTALL_SUCCESS:
1114 case INSTALL_NONE:
1115 ui->SetBackground(RecoveryUI::NO_COMMAND);
1116 break;
Doug Zongker6c8553d2012-09-24 10:40:47 -07001117
Tao Bao50dd5322017-03-07 14:57:04 -08001118 case INSTALL_ERROR:
1119 case INSTALL_CORRUPT:
1120 ui->SetBackground(RecoveryUI::ERROR);
1121 break;
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -08001122 }
Tao Bao50dd5322017-03-07 14:57:04 -08001123 ui->SetProgressType(RecoveryUI::EMPTY);
1124
1125 int chosen_item = get_menu_selection(nullptr, device->GetMenuItems(), false, 0, device);
1126
1127 // Device-specific code may take some action here. It may return one of the core actions
1128 // handled in the switch statement below.
1129 Device::BuiltinAction chosen_action =
1130 (chosen_item == -1) ? Device::REBOOT : device->InvokeMenuItem(chosen_item);
1131
1132 bool should_wipe_cache = false;
1133 switch (chosen_action) {
1134 case Device::NO_ACTION:
1135 break;
1136
1137 case Device::REBOOT:
1138 case Device::SHUTDOWN:
1139 case Device::REBOOT_BOOTLOADER:
1140 return chosen_action;
1141
1142 case Device::WIPE_DATA:
1143 if (ui->IsTextVisible()) {
1144 if (ask_to_wipe_data(device)) {
1145 wipe_data(device);
1146 }
1147 } else {
1148 wipe_data(device);
1149 return Device::NO_ACTION;
1150 }
1151 break;
1152
1153 case Device::WIPE_CACHE:
1154 wipe_cache(ui->IsTextVisible(), device);
1155 if (!ui->IsTextVisible()) return Device::NO_ACTION;
1156 break;
1157
1158 case Device::APPLY_ADB_SIDELOAD:
1159 case Device::APPLY_SDCARD:
1160 {
1161 bool adb = (chosen_action == Device::APPLY_ADB_SIDELOAD);
1162 if (adb) {
Tao Bao0150d012017-05-01 11:31:28 -07001163 status = apply_from_adb(&should_wipe_cache, TEMPORARY_INSTALL_FILE);
Tao Bao50dd5322017-03-07 14:57:04 -08001164 } else {
1165 status = apply_from_sdcard(device, &should_wipe_cache);
1166 }
1167
1168 if (status == INSTALL_SUCCESS && should_wipe_cache) {
1169 if (!wipe_cache(false, device)) {
1170 status = INSTALL_ERROR;
1171 }
1172 }
1173
1174 if (status != INSTALL_SUCCESS) {
1175 ui->SetBackground(RecoveryUI::ERROR);
1176 ui->Print("Installation aborted.\n");
1177 copy_logs();
1178 } else if (!ui->IsTextVisible()) {
1179 return Device::NO_ACTION; // reboot if logs aren't visible
1180 } else {
1181 ui->Print("\nInstall from %s complete.\n", adb ? "ADB" : "SD card");
1182 }
1183 }
1184 break;
1185
1186 case Device::VIEW_RECOVERY_LOGS:
1187 choose_recovery_file(device);
1188 break;
1189
1190 case Device::RUN_GRAPHICS_TEST:
1191 run_graphics_test();
1192 break;
1193
Tianjie Xu29d55752017-09-20 17:53:46 -07001194 case Device::RUN_LOCALE_TEST: {
1195 ScreenRecoveryUI* screen_ui = static_cast<ScreenRecoveryUI*>(ui);
1196 screen_ui->CheckBackgroundTextImages(locale);
1197 break;
1198 }
Tao Bao50dd5322017-03-07 14:57:04 -08001199 case Device::MOUNT_SYSTEM:
1200 // For a system image built with the root directory (i.e. system_root_image == "true"), we
1201 // mount it to /system_root, and symlink /system to /system_root/system to make adb shell
1202 // work (the symlink is created through the build system). (Bug: 22855115)
1203 if (android::base::GetBoolProperty("ro.build.system_root_image", false)) {
1204 if (ensure_path_mounted_at("/", "/system_root") != -1) {
1205 ui->Print("Mounted /system.\n");
1206 }
1207 } else {
1208 if (ensure_path_mounted("/system") != -1) {
1209 ui->Print("Mounted /system.\n");
1210 }
1211 }
1212 break;
1213 }
1214 }
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -08001215}
1216
Tao Bao99f0d9e2016-10-13 12:46:38 -07001217static void print_property(const char* key, const char* name, void* /* cookie */) {
1218 printf("%s=%s\n", key, name);
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -08001219}
1220
Tao Baoac9d94d2016-11-03 11:37:15 -07001221static std::string load_locale_from_cache() {
1222 if (ensure_path_mounted(LOCALE_FILE) != 0) {
1223 LOG(ERROR) << "Can't mount " << LOCALE_FILE;
1224 return "";
Doug Zongker02ec6b82012-08-22 17:26:40 -07001225 }
Tao Baoac9d94d2016-11-03 11:37:15 -07001226
1227 std::string content;
1228 if (!android::base::ReadFileToString(LOCALE_FILE, &content)) {
1229 PLOG(ERROR) << "Can't read " << LOCALE_FILE;
1230 return "";
1231 }
1232
1233 return android::base::Trim(content);
Doug Zongker02ec6b82012-08-22 17:26:40 -07001234}
1235
Tao Baoac9d94d2016-11-03 11:37:15 -07001236void ui_print(const char* format, ...) {
1237 std::string buffer;
Doug Zongker7c3ae452013-05-14 11:03:02 -07001238 va_list ap;
1239 va_start(ap, format);
Tao Baoac9d94d2016-11-03 11:37:15 -07001240 android::base::StringAppendV(&buffer, format, ap);
Doug Zongker7c3ae452013-05-14 11:03:02 -07001241 va_end(ap);
1242
Tao Baoac9d94d2016-11-03 11:37:15 -07001243 if (ui != nullptr) {
1244 ui->Print("%s", buffer.c_str());
Doug Zongker7c3ae452013-05-14 11:03:02 -07001245 } else {
Tao Baoac9d94d2016-11-03 11:37:15 -07001246 fputs(buffer.c_str(), stdout);
Doug Zongker7c3ae452013-05-14 11:03:02 -07001247 }
1248}
1249
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -07001250static constexpr char log_characters[] = "VDIWEF";
1251
Tao Bao99f0d9e2016-10-13 12:46:38 -07001252void UiLogger(android::base::LogId /* id */, android::base::LogSeverity severity,
1253 const char* /* tag */, const char* /* file */, unsigned int /* line */,
1254 const char* message) {
1255 if (severity >= android::base::ERROR && ui != nullptr) {
1256 ui->Print("E:%s\n", message);
1257 } else {
1258 fprintf(stdout, "%c:%s\n", log_characters[severity], message);
1259 }
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -07001260}
1261
Yabin Cui99281df2016-02-17 12:21:52 -08001262static bool is_battery_ok() {
Yifan Honge8e4c402017-11-08 14:56:03 -08001263 using android::hardware::health::V1_0::BatteryStatus;
1264 using android::hardware::health::V2_0::Result;
1265 using android::hardware::health::V2_0::toString;
1266 using android::hardware::health::V2_0::implementation::Health;
Yabin Cui99281df2016-02-17 12:21:52 -08001267
Yifan Honge8e4c402017-11-08 14:56:03 -08001268 struct healthd_config healthd_config = {
1269 .batteryStatusPath = android::String8(android::String8::kEmptyString),
1270 .batteryHealthPath = android::String8(android::String8::kEmptyString),
1271 .batteryPresentPath = android::String8(android::String8::kEmptyString),
1272 .batteryCapacityPath = android::String8(android::String8::kEmptyString),
1273 .batteryVoltagePath = android::String8(android::String8::kEmptyString),
1274 .batteryTemperaturePath = android::String8(android::String8::kEmptyString),
1275 .batteryTechnologyPath = android::String8(android::String8::kEmptyString),
1276 .batteryCurrentNowPath = android::String8(android::String8::kEmptyString),
1277 .batteryCurrentAvgPath = android::String8(android::String8::kEmptyString),
1278 .batteryChargeCounterPath = android::String8(android::String8::kEmptyString),
1279 .batteryFullChargePath = android::String8(android::String8::kEmptyString),
1280 .batteryCycleCountPath = android::String8(android::String8::kEmptyString),
1281 .energyCounter = NULL,
1282 .boot_min_cap = 0,
1283 .screen_on = NULL
1284 };
Yabin Cui99281df2016-02-17 12:21:52 -08001285
Yifan Honge8e4c402017-11-08 14:56:03 -08001286 auto health =
1287 android::hardware::health::V2_0::implementation::Health::initInstance(&healthd_config);
1288
1289 int wait_second = 0;
1290 while (true) {
1291 auto charge_status = BatteryStatus::UNKNOWN;
1292 health
1293 ->getChargeStatus([&charge_status](auto res, auto out_status) {
1294 if (res == Result::SUCCESS) {
1295 charge_status = out_status;
1296 }
1297 })
1298 .isOk(); // should not have transport error
1299
1300 // Treat unknown status as charged.
1301 bool charged = (charge_status != BatteryStatus::DISCHARGING &&
1302 charge_status != BatteryStatus::NOT_CHARGING);
1303
1304 Result res = Result::UNKNOWN;
1305 int32_t capacity = INT32_MIN;
1306 health
1307 ->getCapacity([&res, &capacity](auto out_res, auto out_capacity) {
1308 res = out_res;
1309 capacity = out_capacity;
1310 })
1311 .isOk(); // should not have transport error
1312
1313 ui_print("charge_status %d, charged %d, status %s, capacity %" PRId32 "\n", charge_status,
1314 charged, toString(res).c_str(), capacity);
1315 // At startup, the battery drivers in devices like N5X/N6P take some time to load
1316 // the battery profile. Before the load finishes, it reports value 50 as a fake
1317 // capacity. BATTERY_READ_TIMEOUT_IN_SEC is set that the battery drivers are expected
1318 // to finish loading the battery profile earlier than 10 seconds after kernel startup.
1319 if (res == Result::SUCCESS && capacity == 50) {
1320 if (wait_second < BATTERY_READ_TIMEOUT_IN_SEC) {
1321 sleep(1);
1322 wait_second++;
1323 continue;
1324 }
1325 }
1326 // If we can't read battery percentage, it may be a device without battery. In this
1327 // situation, use 100 as a fake battery percentage.
1328 if (res != Result::SUCCESS) {
1329 capacity = 100;
1330 }
1331 return (charged && capacity >= BATTERY_WITH_CHARGER_OK_PERCENTAGE) ||
1332 (!charged && capacity >= BATTERY_OK_PERCENTAGE);
Yabin Cui99281df2016-02-17 12:21:52 -08001333 }
1334}
1335
Tianjie Xu99b73be2017-11-28 17:23:06 -08001336// Set the retry count to |retry_count| in BCB.
Tianjie Xu72449c92017-05-16 18:07:31 -07001337static void set_retry_bootloader_message(int retry_count, const std::vector<std::string>& args) {
1338 std::vector<std::string> options;
1339 for (const auto& arg : args) {
1340 if (!android::base::StartsWith(arg, "--retry_count")) {
1341 options.push_back(arg);
Tianjie Xu3c62b672016-02-05 18:25:58 -08001342 }
Tianjie Xu72449c92017-05-16 18:07:31 -07001343 }
Tianjie Xu3c62b672016-02-05 18:25:58 -08001344
Tianjie Xu99b73be2017-11-28 17:23:06 -08001345 // Update the retry counter in BCB.
1346 options.push_back(android::base::StringPrintf("--retry_count=%d", retry_count));
Tianjie Xu72449c92017-05-16 18:07:31 -07001347 std::string err;
1348 if (!update_bootloader_message(options, &err)) {
1349 LOG(ERROR) << err;
1350 }
Tianjie Xu3c62b672016-02-05 18:25:58 -08001351}
1352
Tianjie Xu06e57ac2016-07-11 14:04:08 -07001353static bool bootreason_in_blacklist() {
Tao Baoefc35592017-01-08 22:45:47 -08001354 std::string bootreason = android::base::GetProperty("ro.boot.bootreason", "");
1355 if (!bootreason.empty()) {
1356 for (const auto& str : bootreason_blacklist) {
1357 if (strcasecmp(str.c_str(), bootreason.c_str()) == 0) {
1358 return true;
1359 }
Tianjie Xu06e57ac2016-07-11 14:04:08 -07001360 }
Tao Baoefc35592017-01-08 22:45:47 -08001361 }
1362 return false;
Tianjie Xu06e57ac2016-07-11 14:04:08 -07001363}
1364
1365static void log_failure_code(ErrorCode code, const char *update_package) {
1366 std::vector<std::string> log_buffer = {
1367 update_package,
1368 "0", // install result
1369 "error: " + std::to_string(code),
1370 };
1371 std::string log_content = android::base::Join(log_buffer, "\n");
1372 if (!android::base::WriteStringToFile(log_content, TEMPORARY_INSTALL_FILE)) {
Tao Baoac9d94d2016-11-03 11:37:15 -07001373 PLOG(ERROR) << "failed to write " << TEMPORARY_INSTALL_FILE;
Tianjie Xu06e57ac2016-07-11 14:04:08 -07001374 }
1375
1376 // Also write the info into last_log.
1377 LOG(INFO) << log_content;
1378}
1379
Yabin Cui99281df2016-02-17 12:21:52 -08001380int main(int argc, char **argv) {
Tianjie Xu99b73be2017-11-28 17:23:06 -08001381 // We don't have logcat yet under recovery; so we'll print error on screen and
1382 // log to stdout (which is redirected to recovery.log) as we used to do.
1383 android::base::InitLogging(argv, &UiLogger);
Tianjie Xu7b0ad9c2016-08-05 18:00:04 -07001384
Tianjie Xu99b73be2017-11-28 17:23:06 -08001385 // Take last pmsg contents and rewrite it to the current pmsg session.
1386 static const char filter[] = "recovery/";
1387 // Do we need to rotate?
1388 bool doRotate = false;
Tianjie Xue113e4d2016-10-21 17:46:13 -07001389
Tianjie Xu99b73be2017-11-28 17:23:06 -08001390 __android_log_pmsg_file_read(LOG_ID_SYSTEM, ANDROID_LOG_INFO, filter, logbasename, &doRotate);
1391 // Take action to refresh pmsg contents
1392 __android_log_pmsg_file_read(LOG_ID_SYSTEM, ANDROID_LOG_INFO, filter, logrotate, &doRotate);
Mark Salyzyna4f701a2016-03-09 14:58:16 -08001393
Tianjie Xu99b73be2017-11-28 17:23:06 -08001394 // If this binary is started with the single argument "--adbd",
1395 // instead of being the normal recovery binary, it turns into kind
1396 // of a stripped-down version of adbd that only supports the
1397 // 'sideload' command. Note this must be a real argument, not
1398 // anything in the command file or bootloader control block; the
1399 // only way recovery should be run with this argument is when it
1400 // starts a copy of itself from the apply_from_adb() function.
1401 if (argc == 2 && strcmp(argv[1], "--adbd") == 0) {
1402 minadbd_main();
1403 return 0;
1404 }
1405
1406 time_t start = time(nullptr);
1407
1408 // redirect_stdio should be called only in non-sideload mode. Otherwise
1409 // we may have two logger instances with different timestamps.
1410 redirect_stdio(TEMPORARY_LOG_FILE);
1411
1412 printf("Starting recovery (pid %d) on %s", getpid(), ctime(&start));
1413
1414 load_volume_table();
1415 has_cache = volume_for_mount_point(CACHE_ROOT) != nullptr;
1416
1417 std::vector<std::string> args = get_args(argc, argv);
1418 std::vector<char*> args_to_parse(args.size());
1419 std::transform(args.cbegin(), args.cend(), args_to_parse.begin(),
1420 [](const std::string& arg) { return const_cast<char*>(arg.c_str()); });
1421
1422 const char* update_package = nullptr;
1423 bool should_wipe_data = false;
1424 bool should_prompt_and_wipe_data = false;
1425 bool should_wipe_cache = false;
1426 bool should_wipe_ab = false;
1427 size_t wipe_package_size = 0;
1428 bool show_text = false;
1429 bool sideload = false;
1430 bool sideload_auto_reboot = false;
1431 bool just_exit = false;
1432 bool shutdown_after = false;
1433 int retry_count = 0;
1434 bool security_update = false;
1435
1436 int arg;
1437 int option_index;
1438 while ((arg = getopt_long(args_to_parse.size(), args_to_parse.data(), "", OPTIONS,
1439 &option_index)) != -1) {
1440 switch (arg) {
1441 case 'n':
1442 android::base::ParseInt(optarg, &retry_count, 0);
1443 break;
1444 case 'u':
1445 update_package = optarg;
1446 break;
1447 case 'w':
1448 should_wipe_data = true;
1449 break;
1450 case 'c':
1451 should_wipe_cache = true;
1452 break;
1453 case 't':
1454 show_text = true;
1455 break;
1456 case 's':
1457 sideload = true;
1458 break;
1459 case 'a':
1460 sideload = true;
1461 sideload_auto_reboot = true;
1462 break;
1463 case 'x':
1464 just_exit = true;
1465 break;
1466 case 'l':
1467 locale = optarg;
1468 break;
1469 case 'p':
1470 shutdown_after = true;
1471 break;
1472 case 'r':
1473 reason = optarg;
1474 break;
1475 case 'e':
1476 security_update = true;
1477 break;
1478 case 0: {
1479 std::string option = OPTIONS[option_index].name;
1480 if (option == "wipe_ab") {
1481 should_wipe_ab = true;
1482 } else if (option == "wipe_package_size") {
1483 android::base::ParseUint(optarg, &wipe_package_size);
1484 } else if (option == "prompt_and_wipe_data") {
1485 should_prompt_and_wipe_data = true;
1486 }
1487 break;
1488 }
1489 case '?':
1490 LOG(ERROR) << "Invalid command argument";
1491 continue;
Doug Zongker9270a202012-01-09 15:16:13 -08001492 }
Tianjie Xu99b73be2017-11-28 17:23:06 -08001493 }
Doug Zongker9270a202012-01-09 15:16:13 -08001494
Tianjie Xu99b73be2017-11-28 17:23:06 -08001495 if (locale.empty()) {
1496 if (has_cache) {
1497 locale = load_locale_from_cache();
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -08001498 }
1499
Tao Baoac9d94d2016-11-03 11:37:15 -07001500 if (locale.empty()) {
Tianjie Xu99b73be2017-11-28 17:23:06 -08001501 locale = DEFAULT_LOCALE;
Doug Zongker02ec6b82012-08-22 17:26:40 -07001502 }
Tianjie Xu99b73be2017-11-28 17:23:06 -08001503 }
Tao Baoac9d94d2016-11-03 11:37:15 -07001504
Tianjie Xu99b73be2017-11-28 17:23:06 -08001505 printf("locale is [%s]\n", locale.c_str());
1506 printf("stage is [%s]\n", stage.c_str());
1507 printf("reason is [%s]\n", reason);
Doug Zongker02ec6b82012-08-22 17:26:40 -07001508
Tianjie Xu99b73be2017-11-28 17:23:06 -08001509 Device* device = make_device();
1510 if (android::base::GetBoolProperty("ro.boot.quiescent", false)) {
1511 printf("Quiescent recovery mode.\n");
1512 ui = new StubRecoveryUI();
1513 } else {
1514 ui = device->GetUI();
1515
1516 if (!ui->Init(locale)) {
1517 printf("Failed to initialize UI, use stub UI instead.\n");
1518 ui = new StubRecoveryUI();
1519 }
1520 }
1521
1522 // Set background string to "installing security update" for security update,
1523 // otherwise set it to "installing system update".
1524 ui->SetSystemUpdateText(security_update);
1525
1526 int st_cur, st_max;
1527 if (!stage.empty() && sscanf(stage.c_str(), "%d/%d", &st_cur, &st_max) == 2) {
1528 ui->SetStage(st_cur, st_max);
1529 }
1530
1531 ui->SetBackground(RecoveryUI::NONE);
1532 if (show_text) ui->ShowText(true);
1533
1534 sehandle = selinux_android_file_context_handle();
1535 selinux_android_set_sehandle(sehandle);
1536 if (!sehandle) {
1537 ui->Print("Warning: No file_contexts\n");
1538 }
1539
1540 device->StartRecovery();
1541
1542 printf("Command:");
1543 for (const auto& arg : args) {
1544 printf(" \"%s\"", arg.c_str());
1545 }
1546 printf("\n\n");
1547
1548 property_list(print_property, nullptr);
1549 printf("\n");
1550
1551 ui->Print("Supported API: %d\n", kRecoveryApiVersion);
1552
1553 int status = INSTALL_SUCCESS;
1554
1555 if (update_package != nullptr) {
1556 // It's not entirely true that we will modify the flash. But we want
1557 // to log the update attempt since update_package is non-NULL.
1558 modified_flash = true;
1559
1560 if (!is_battery_ok()) {
1561 ui->Print("battery capacity is not enough for installing package, needed is %d%%\n",
1562 BATTERY_OK_PERCENTAGE);
1563 // Log the error code to last_install when installation skips due to
1564 // low battery.
1565 log_failure_code(kLowBattery, update_package);
1566 status = INSTALL_SKIPPED;
1567 } else if (bootreason_in_blacklist()) {
1568 // Skip update-on-reboot when bootreason is kernel_panic or similar
1569 ui->Print("bootreason is in the blacklist; skip OTA installation\n");
1570 log_failure_code(kBootreasonInBlacklist, update_package);
1571 status = INSTALL_SKIPPED;
Dmitri Plotnikov8706a982017-04-18 08:28:26 -07001572 } else {
Tianjie Xu99b73be2017-11-28 17:23:06 -08001573 // It's a fresh update. Initialize the retry_count in the BCB to 1; therefore we can later
1574 // identify the interrupted update due to unexpected reboots.
1575 if (retry_count == 0) {
1576 set_retry_bootloader_message(retry_count + 1, args);
Tao Bao7022f332017-07-25 09:52:36 -07001577 }
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -08001578
Tianjie Xu99b73be2017-11-28 17:23:06 -08001579 status = install_package(update_package, &should_wipe_cache, TEMPORARY_INSTALL_FILE, true,
1580 retry_count);
1581 if (status == INSTALL_SUCCESS && should_wipe_cache) {
1582 wipe_cache(false, device);
1583 }
1584 if (status != INSTALL_SUCCESS) {
1585 ui->Print("Installation aborted.\n");
1586 // When I/O error happens, reboot and retry installation RETRY_LIMIT
1587 // times before we abandon this OTA update.
1588 if (status == INSTALL_RETRY && retry_count < RETRY_LIMIT) {
1589 copy_logs();
1590 retry_count += 1;
1591 set_retry_bootloader_message(retry_count, args);
1592 // Print retry count on screen.
1593 ui->Print("Retry attempt %d\n", retry_count);
1594
1595 // Reboot and retry the update
1596 if (!reboot("reboot,recovery")) {
1597 ui->Print("Reboot failed\n");
1598 } else {
1599 while (true) {
1600 pause();
1601 }
1602 }
Tianjie Xud9d16292017-04-20 18:08:21 -07001603 }
Tianjie Xu99b73be2017-11-28 17:23:06 -08001604 // If this is an eng or userdebug build, then automatically
1605 // turn the text display on if the script fails so the error
1606 // message is visible.
1607 if (is_ro_debuggable()) {
1608 ui->ShowText(true);
Tao Baoc679f932015-03-30 09:43:49 -07001609 }
Tianjie Xu99b73be2017-11-28 17:23:06 -08001610 }
Doug Zongker8674a722010-09-15 11:08:23 -07001611 }
Tianjie Xu99b73be2017-11-28 17:23:06 -08001612 } else if (should_wipe_data) {
1613 if (!wipe_data(device)) {
1614 status = INSTALL_ERROR;
Doug Zongkerb1d12632014-03-18 10:32:12 -07001615 }
Tianjie Xu99b73be2017-11-28 17:23:06 -08001616 } else if (should_prompt_and_wipe_data) {
1617 ui->ShowText(true);
1618 ui->SetBackground(RecoveryUI::ERROR);
1619 if (!prompt_and_wipe_data(device)) {
1620 status = INSTALL_ERROR;
Tao Bao75238632015-05-27 14:46:17 -07001621 }
Tianjie Xu99b73be2017-11-28 17:23:06 -08001622 ui->ShowText(false);
1623 } else if (should_wipe_cache) {
1624 if (!wipe_cache(false, device)) {
1625 status = INSTALL_ERROR;
1626 }
1627 } else if (should_wipe_ab) {
1628 if (!wipe_ab_device(wipe_package_size)) {
1629 status = INSTALL_ERROR;
1630 }
1631 } else if (sideload) {
1632 // 'adb reboot sideload' acts the same as user presses key combinations
1633 // to enter the sideload mode. When 'sideload-auto-reboot' is used, text
1634 // display will NOT be turned on by default. And it will reboot after
1635 // sideload finishes even if there are errors. Unless one turns on the
1636 // text display during the installation. This is to enable automated
1637 // testing.
1638 if (!sideload_auto_reboot) {
1639 ui->ShowText(true);
1640 }
1641 status = apply_from_adb(&should_wipe_cache, TEMPORARY_INSTALL_FILE);
1642 if (status == INSTALL_SUCCESS && should_wipe_cache) {
1643 if (!wipe_cache(false, device)) {
1644 status = INSTALL_ERROR;
1645 }
1646 }
1647 ui->Print("\nInstall from ADB complete (status: %d).\n", status);
1648 if (sideload_auto_reboot) {
1649 ui->Print("Rebooting automatically.\n");
1650 }
1651 } else if (!just_exit) {
1652 // If this is an eng or userdebug build, automatically turn on the text display if no command
1653 // is specified. Note that this should be called before setting the background to avoid
1654 // flickering the background image.
1655 if (is_ro_debuggable()) {
1656 ui->ShowText(true);
1657 }
1658 status = INSTALL_NONE; // No command specified
1659 ui->SetBackground(RecoveryUI::NO_COMMAND);
1660 }
1661
1662 if (status == INSTALL_ERROR || status == INSTALL_CORRUPT) {
1663 ui->SetBackground(RecoveryUI::ERROR);
1664 if (!ui->IsTextVisible()) {
1665 sleep(5);
1666 }
1667 }
1668
1669 Device::BuiltinAction after = shutdown_after ? Device::SHUTDOWN : Device::REBOOT;
1670 // 1. If the recovery menu is visible, prompt and wait for commands.
1671 // 2. If the state is INSTALL_NONE, wait for commands. (i.e. In user build, manually reboot into
1672 // recovery to sideload a package.)
1673 // 3. sideload_auto_reboot is an option only available in user-debug build, reboot the device
1674 // without waiting.
1675 // 4. In all other cases, reboot the device. Therefore, normal users will observe the device
1676 // reboot after it shows the "error" screen for 5s.
1677 if ((status == INSTALL_NONE && !sideload_auto_reboot) || ui->IsTextVisible()) {
1678 Device::BuiltinAction temp = prompt_and_wait(device, status);
1679 if (temp != Device::NO_ACTION) {
1680 after = temp;
1681 }
1682 }
1683
1684 // Save logs and clean up before rebooting or shutting down.
1685 finish_recovery();
1686
1687 switch (after) {
1688 case Device::SHUTDOWN:
1689 ui->Print("Shutting down...\n");
1690 android::base::SetProperty(ANDROID_RB_PROPERTY, "shutdown,");
1691 break;
1692
1693 case Device::REBOOT_BOOTLOADER:
1694 ui->Print("Rebooting to bootloader...\n");
1695 android::base::SetProperty(ANDROID_RB_PROPERTY, "reboot,bootloader");
1696 break;
1697
1698 default:
1699 ui->Print("Rebooting...\n");
1700 reboot("reboot,");
1701 break;
1702 }
1703 while (true) {
1704 pause();
1705 }
1706 // Should be unreachable.
1707 return EXIT_SUCCESS;
The Android Open Source Projectc24a8e62009-03-03 19:28:42 -08001708}