aboutsummaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Merge tag 'android-10.0.0_r37' into ↵Kevin F. Haggerty2020-06-012-0/+29
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging/lineage-17.1_merge-android-10.0.0_r37 Android 10.0.0 Release 37 (QQ3A.200605.001) * tag 'android-10.0.0_r37': Import translations. DO NOT MERGE Force package installation with FUSE unless the package stores on device Conflicts: install/include/install/install.h recovery.cpp Change-Id: I8db96fa3db40754daff714872970965d169557ab
| * Force package installation with FUSE unless the package stores on deviceTianjie Xu2020-01-212-0/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Test: recovery_component_test - all passing Merged-In: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
* | Bring back file-based OTA edify functionsMichael Bestas2019-12-114-0/+469
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Author: Tom Marshall <tdm.code@gmail.com> Date: Wed Oct 25 20:27:08 2017 +0200 Revert "kill package_extract_dir" changes for P: - bring back the mkdir_recursively variant which takes a timestamp. - add libziparchive dependency - fix otautil header paths changes for Q: - change ziputil naming convention to lowercase This reverts commit 53c38b15381ace565227e49104a6fd64c4c28dcc. Change-Id: I71c488e96a1f23aace3c38fc283aae0165129a12 Author: Tom Marshall <tdm.code@gmail.com> Date: Thu Dec 14 22:37:17 2017 +0100 Revert "Remove the obsolete package_extract_dir() test" This reverts commit bb7e005a7906b02857ba328c5dfb11f1f3cb938e. Change-Id: I643235d6605d7da2a189eca10ec999b25c23e1f9 Author: Tom Marshall <tdm.code@gmail.com> Date: Wed Aug 23 18:14:00 2017 +0000 Revert "updater: Remove some obsoleted functions for file-based OTA." This reverts commit 63d786cf22cb44fe32e8b9c1f18b32da3c9d2e1b. These functions will be used for third party OTA zips, so keep them. Change-Id: I24b67ba4c86f8f86d0a41429a395fece1a383efd Author: Stricted <info@stricted.net> Date: Mon Mar 12 18:11:56 2018 +0100 recovery: updater: Fix SymlinkFn args Change-Id: If2ba1b7a8b5ac471a2db84f352273fd0ea7c81a2 Author: Simon Shields <simon@lineageos.org> Date: Thu Aug 9 01:17:21 2018 +1000 Revert "updater: Remove dead make_parents()." This reverts commit 5902691764e041bfed8edbc66a72e0854d18dfda. Change-Id: I69eadf1a091f6ecd45531789dedf72a178a055ba Author: Simon Shields <simon@lineageos.org> Date: Thu Aug 9 01:20:40 2018 +1000 Revert "otautil: Delete dirUnlinkHierarchy()." changes for P: - Fix missing PATH_MAX macro from limits.h This reverts commit 7934985e0cac4a3849418af3b8c9671f4d61078a. Change-Id: I67ce71a1644b58a393dce45a6c3dee97830b9ee4 [mikeioannina]: Squash for Q and run through clang-format Change-Id: I91973bc9e9f8d100688c0112fda9043fd45eb86a
* Add misc_writer.Tao Bao2019-05-201-0/+38
| | | | | | | | | | | | | | | | | | | | | | | bootloader_message.h currently divides /misc into four segments. The space between 2K and 16K is reserved for vendor use (e.g. bootloader persists flags). This CL adds a vendor tool "misc_writer", to allow writing data to the vendor space in /misc, before getting a dedicated HAL for accessing /misc partition (b/131775112). Targets need to explicitly include the module, then invoke the executable to write data. For example, the following command will write 3-byte data ("0xABCDEF") to offset 4 in vendor space (i.e. 2048 + 4 in /misc). $ /vendor/bin/misc_writer --vendor-space-offset 4 --hex-string 0xABCDEF Bug: 132906936 Test: Run recovery_unit_test on crosshatch. Test: Call the command via init.hardware.rc on crosshatch. Check that the call finishes successfully. Then check the contents written to /misc (`dd bs=1 skip=2048 if=/dev/block/sda2 count=32 | xxd`). Change-Id: I79548fc63fc79b705a0320868690569c3106949f Merged-In: I79548fc63fc79b705a0320868690569c3106949f (cherry picked from commit 7ae01698424cc3adf635c324961b1405594f5156)
* Remove the FD parameter from FuseDataProvider ctor.Tao Bao2019-04-261-7/+15
| | | | | | | | | | | | | This leaves the FD implementation details to subclasses. In particular, it allows minadbd to do additional works with the FD after sideloading. Bug: 128415917 Test: atest recovery_component_test Test: atest minadbd_test Test: Sideload package on taimen. Change-Id: I106bbaad05201227bbc5fe28890bbbb06fdcb67e Merged-In: I106bbaad05201227bbc5fe28890bbbb06fdcb67e (cherry picked from commit 2be9737cf449dd0650c85ee5168d09b12d386077)
* Move install to separate modulexunchang2019-03-295-10/+9
| | | | | | | | Build libinstall as a shared library. Also drop the dependency on the global variables in common.h. Test: unit tests pass, sideload an OTA Change-Id: I30a20047768ce00689fc0e7851c1c5d712a365a0
* Merge "Allow RSA 4096 key in package verification"Tianjie Xu2019-03-273-0/+46
|\
| * Allow RSA 4096 key in package verificationxunchang2019-03-263-0/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The RSA_verify sitll works for 4096 bits keys. And we just need to loose the check on modulus. Sample commands to generate the key & package: 1. openssl genrsa -out keypair.pem 4096 2. openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt \ -in keypair.pem -out private.pk8 3. openssl req -new -x509 -key keypair.pem -out public.x509.pem \ -days 365 4. java -Djava.library.path=prebuilts/sdk/tools/linux/lib64 -jar \ prebuilts/sdk/tools/lib/signapk.jar -w public.x509.pem private.pk8 \ unsigned.zip signed.zip Bug: 129163830 Test: unit tests pass Change-Id: I5a5ff539c9ff1955c02ec2ce4b17563cb92808a4
* | Move out the code to parse block map in MemMapxunchang2019-03-261-0/+61
|/ | | | | | | We will reuse them to implement the fuse provider from block maps. Test: unit tests pass, sideload an OTA Change-Id: Iaa409d19569c4ccc0bb24e12518044fcddb45c69
* Move librecovery_ui to a sub-directoryTianjie Xu2019-03-211-2/+2
| | | | | | | | | This helps to expose librecovery_ui for device specific RecoveryUi. Bug: 76436783 Test: mma, unit tests pass Change-Id: Ic6c3d301d5833e4a592e6ea9d9d059bc4e4919be (cherry picked from commit b5108c372c8b92671ea5ebb4eeff00757fcee187)
* Remove the provider_vtabxunchang2019-03-191-14/+17
| | | | | | | | | It's no longer needed with the newly added FuseDataProvider class. Also cleans up the parameters for run_fuse_sideload. Bug: 127071893 Test: unit tests pass, run a sideload Change-Id: I1ccd6798d187cfc6ac9f559ffb3f3edf08dad55c
* Create a FuseDataProvider base classxunchang2019-03-191-2/+2
| | | | | | | | | | | | The fuse data provider for adb/sdcard shares common code and structures. This cl creates a FuseDataProvider base class and provides implementations for adb and sdcard. In the follow cls, we can kill the provider_vtab struct; and also add another implementation to parse a block map file and provides data. Test: unit tests pass, sideload a package, apply a package from sdcard Change-Id: If8311666a52a2e3c0fbae0ee9688fa6d01e4ad09
* Implement FilePackage classxunchang2019-03-143-5/+129
| | | | | | | | | This is another implementation of the Package class. And we will later need it when reading the package from FUSE. Bug: 127071893 Test: unit tests pass, sideload a file package on sailfish Change-Id: I3de5d5ef60b29c8b73517d6de3498459d7d95975
* Update_verifier: Remove the support for legacy text format CareMapxunchang2019-03-131-41/+3
| | | | | | | | | | | | | | We have already switched to the protobuf format for new builds, and the downgrade packages will require a data wipe. So it should be safe to drop the support for text format. This also helps to save the issue when users sideload a package with a pending OTA, because the new CareMap contains the fingerprint of the intended build. Bug: 128536706 Test: unit tests pass, run update_verifier with legacy CareMap Change-Id: I1c4d0e54ec591f16cc0a65dac76767725ff9e7c4
* Use the package class for wipe packagesxunchang2019-03-121-1/+4
| | | | | | | | | The wipe package used to open the zip file directly from the content string. Switch to use the interface from the new package class instead. Bug: 127071893 Test: unit tests pass Change-Id: I990e7f00c5148710722d17140bab2e343eea3b6b
* Create a wrapper class for update packagexunchang2019-03-111-27/+27
| | | | | | | | | | Creates a new class handle the package in memory and package read from fd. Define the new interface functions, and make approximate changes to the verify and install functions. Bug: 127071893 Test: unit tests pass, sideload a package Change-Id: I66ab00654df92471184536fd147b237a86e9c5b5
* Add a new entry in wipe package to list all wipe partitionsxunchang2019-03-061-0/+23
| | | | | | | | | This gives us finer control over the partitions to wipe on the host side. Bug: 127492427 Test: unit tests pass, install a wipe package on sailfish Change-Id: I612f8bac743a310f28e365b490ef388b278cfccb
* Recovery test: Fix an parameter issue in string constructionxunchang2019-02-051-2/+2
| | | | | | | | | The intended string constructor is supposed be basic_string(size_type count, CharT ch). But the parameter is accidentally reversed when calling the constructor in install_test. Test: A failed unit test pass Change-Id: Id9765bfa7d2368ff0d7fbeea45c9c8357864e060
* DO NOT MERGE: Revert "Revert "Add libprocessgroup dependency""Suren Baghdasaryan2019-01-251-0/+1
| | | | | | | | | This reverts commit 9ce1d14ef621459a4ac62ee1bda0b9f51cfa4c38. Reason for revert: AOSP is fixed with new vendor image Change-Id: Ie5a9748acdae22a2b9862cb2ecedda7031f77264 Signed-off-by: Suren Baghdasaryan <surenb@google.com>
* DO NOT MERGE: Revert "Add libprocessgroup dependency"Suren Baghdasaryan2019-01-231-1/+0
| | | | | | | | | This reverts commit 62d0c7873cf81d63078b932edd23ae78677408cd. Reason for revert: Broke AOSP Change-Id: I88ef00ebce797f7fdca3678ab93fcae364453a8c Signed-off-by: Suren Baghdasaryan <surenb@google.com>
* Add libprocessgroup dependencySuren Baghdasaryan2019-01-201-0/+1
| | | | | | | | | | | | | | Because set_sched_policy is moved into libprocessgroup an additional dependency is requred for recovery_component_test to build. Exempt-From-Owner-Approval: janitorial Bug: 111307099 Test: builds, boots Merged-In: I7cf75e473ee1e2837940606c71d15be26db0c3f2 Change-Id: I7cf75e473ee1e2837940606c71d15be26db0c3f2 Signed-off-by: Suren Baghdasaryan <surenb@google.com>
* Merge changes from topic "vintf_object_recovery_mount"Yifan Hong2018-12-191-0/+1
|\ | | | | | | | | | | * changes: roots.cpp: convert to C++ Fstab Move parts of roots.cpp to libfs_mgr
| * Move parts of roots.cpp to libfs_mgrYifan Hong2018-12-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | Move some mounting functionalities to libfs_mgr. Test: run recovery tests Bug: 118634720 Bug: 113182233 Change-Id: Ie59376664a744992429f0262ec96d13a1aed30f9
* | tests: Temporarily disable ScreenRecoveryUITest tests.Tao Bao2018-12-061-18/+18
|/ | | | | | | | | | Seems they're racing with SurfaceFlinger in acquiring the display, which occasionally takes down the device and leads to test failures. Bug: 120601844 Test: Run recovery_unit_test on marlin. ScreenRecoveryUITest not triggered. Change-Id: I80b21595247a87fc1f2f95aa68df59f58bdf0257
* minui: GRSurface::Create() computes data_size on its own.Tao Bao2018-11-262-14/+24
| | | | | | | | | | | | | GRSurface::Create() doesn't need to rely on caller specifying the buffer size, as it can compute that info based on the given args. This CL also uses `size_t` for all the parameters in GRSurface::Create(). Test: Run recovery_unit_test on marlin. Test: Build and boot into blueline recovery. `Run graphics test`. Test: Build and boot into blueline charger mode. Change-Id: Idec9381079196abf13553a475006fefcfca10950
* minui: Fix a wrong arg in calling GRSurface::Create().Tao Bao2018-11-262-0/+37
| | | | | | | | | | | | | | | | | | This is a bug introduced while refactoring init_display_surface(), in [1]. As a result, user of res_create_multi_display_surface(), which is effectively `charger` right now, crashes due to buffer overrun. This CL fixes the wrong arg and adds a sanity test for res_create_multi_display_surface(). The testdata (battery_scale.png) is copied from system/core/healthd/images/battery_scale.png. [1] commit 44820ac1e31ffa029ab5baa71238a11b6db3e6cc. Bug: 119122296 Test: Run recovery_unit_test on marlin. Test: Build and boot into charger mode on blueline. Verify that `charger` no longer crashes. Change-Id: Ib6d083e1512a9c3c6eb63874d26d22658921d693
* Merge "switch to using android-base/file.h instead of android-base/test_utils.h"Treehugger Robot2018-11-1515-15/+3
|\
| * switch to using android-base/file.h instead of android-base/test_utils.hMark Salyzyn2018-11-1415-15/+3
| | | | | | | | | | | | Test: compile Bug: 119313545 Change-Id: I664fb32522d01909c603d7b903475c4e9aea9223
* | Adjust the background text image width to reduce its sizeTianjie Xu2018-11-151-1/+1
|/ | | | | | | | | | | | | | We can adjust the image width with respect to the maximum width of the wrapped text. This will remove some black margins and reduce the final size of the images, especially for those with short strings, e.g. "recovery_error". Also, add an option to centrally align the text; and fix a boundary check in the recovery resource test. Bug: 74397117 Test: Generate and check the image Change-Id: Ib6cf61a9c99c4aeede16751dc0adfa23ce3f5424
* Use the non-LTO/PGO hwbinder in recovery_component_testPirama Arumuga Nainar2018-11-141-1/+1
| | | | | | | | | | | | | Bug: http://b/119560349 Bug: http://b/112277682 Currently, any binary links in a PGO-enabled static library also needs to opt into PGO. With b/119560349, this should be done automatically by the build system. Until then, use the non-PGO version of libhwbinder in recovery_component_test. Test: m ANDROID_PGO_INSTRUMENT=all Change-Id: Ic6e44c1cb6d6f13e60e11a46fd7e5ef54238942b
* tests: Add a testcase for updater overrun while patching.Tao Bao2018-11-051-80/+85
| | | | | | | | For any patching command, the resulting data should always exactly fill up the given target range. Test: Run recovery_component_test on marlin. Change-Id: Ib3cc1fc5c11094e2eab3fe370753db51c7c4135c
* Merge "ui: Manage loaded resources with smart pointers."Treehugger Robot2018-11-061-15/+15
|\
| * ui: Manage loaded resources with smart pointers.Tao Bao2018-11-051-15/+15
| | | | | | | | | | | | Test: Run recovery_unit_test on marlin. Test: `Run graphics test` on marlin. Change-Id: I8239c3d9fb288f80ee11f615402768ff8ef8ecd0
* | Merge "updater: Error out on underrun during patching."Tao Bao2018-11-051-0/+42
|\ \
| * | updater: Error out on underrun during patching.Tao Bao2018-11-051-0/+42
| |/ | | | | | | | | Test: Run recovery_component_test on marlin. Change-Id: If23baf42aeacb48500edabc2eadd2e7119a848da
* / tests: Remove obsolete testdata files.Tao Bao2018-11-053-0/+0
|/ | | | | | | | | | | | testdata/jarsigned.zip and testdata/unsigned.zip became dead since commit 432918603f57de5a3acc6da9ff613d21c857d9fd ("Refactor existing tests to use gtest"). testdata/patch.bsdiff became dead when applypatch/applypatch.sh was deleted (commit c3ef089dfac921ef6ca04d5341a4035e8c4feb51). Test: Run recovery_unit_test and recovery_component_test. Change-Id: Ie1a7f8850878593fcb7d4554759a539271ffb207
* minui: Add GRSurface::Clone().Tao Bao2018-11-011-1/+13
| | | | | | | Clone() allows duplicating the image that's stored in the GRSurface. Test: Run recovery_unit_test. Change-Id: Ia50d507c6200f2de5f17143775de805247a60e1f
* Merge "Refactor the code to check the metadata"Tianjie Xu2018-11-011-16/+264
|\
| * Refactor the code to check the metadataTianjie Xu2018-10-311-16/+264
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The two functions check_wipe_package() and check_newer_ab_build() were using the same flow; and checked the same device properties against the metadata file in the package. These properties include: ota_type, pre-device, and serial number. Therefore, we can consolidate the checks to a single function; and continue to check the fingerprint and timestamp only for AB updates. This change also addresses the need to accept multiple serial number in the wipe package. Bug: 118401208 Test: unit tests pass Change-Id: Ia6bc48fb6effcae059a2ff2cf71764b4136b4c00
* | tests: Use FRIEND_TEST in ScreenRecoveryUITest.Tao Bao2018-10-311-24/+14
| | | | | | | | | | Test: Run recovery_unit_test on marlin. Change-Id: I93ec6df8c056b2c485200822f18db0b852595242
* | minui: Add a protected GRSurface ctor.Tao Bao2018-10-312-22/+21
|/ | | | | | | | | This prepares for the removal of the default and copy ctors, by making GRSurface::Create() as the only way to get GRSurface instances. Test: mmma -j bootable/recovery Test: Run recovery_unit_test on marlin. Change-Id: I0c34c3f3967e252deb020907c83acbac8a8f36b9
* Clean up the zipfile creation in InstallTestTianjie Xu2018-10-291-99/+40
| | | | | | | Consolidate them into a static function. Test: unit tests pass Change-Id: If05b62215940b221fc499d779eedc5079f68a060
* Merge "Remove the load_keys function"Tianjie Xu2018-10-251-75/+9
|\
| * Remove the load_keys functionTianjie Xu2018-10-241-75/+9
| | | | | | | | | | | | | | | | | | This function is used to parse the result of dumpKeys. It's no longer needed as we are now parsing the public keys from the zipfile. Bug: 116655889 Test: unit tests pass Change-Id: I817906e451664058c644f4329ff499bbe4587ebb
* | Merge "Add sanity check when loading public keys for OTA package"Tianjie Xu2018-10-251-0/+32
|\|
| * Add sanity check when loading public keys for OTA packageTianjie Xu2018-10-241-0/+32
| | | | | | | | | | | | | | | | | | | | For RSA keys, check if it has a 2048 bits modulus, and its public exponent is 3 or 65537. For EC keys, check if the field size is 256 bits for its curve. Bug: 116655889 Test: unit tests pass Change-Id: I5c00f4d2b61c98c434f0b49db232155d5d0770ec
* | Merge "ui: Add constness to Draw- functions."Treehugger Robot2018-10-241-9/+9
|\ \ | |/ |/|
| * ui: Add constness to Draw- functions.Tao Bao2018-10-231-9/+9
| | | | | | | | | | | | | | | | | | | | These functions take the given GRSurface instances as inputs, which shouldn't be altered. Test: mmma -j bootable/recovery Test: Run recovery_unit_test. Test: `Run graphics test` on marlin. Change-Id: I51bf408e85faae2b497d4f148ab1dec22dd16c93
* | Add a function to construct the GRSurface in testTianjie Xu2018-10-231-3/+14
| | | | | | | | | | | | | | | | | | This fixes the build error as the initializer list no longer work without the proper constructor for c++ class. Bug: 74397117 Test: unit tests pass Change-Id: If3ff508a1a01ad5326413dab8e05bacae8a946c8
* | Merge "Add function to show localized rescue party menu"Tianjie Xu2018-10-231-0/+37
|\ \ | |/ |/|
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 07:12:20 +0000