On non-DAP devices, fastboot flash <partition> will spam error messages
about not being able to read super_empty.img. We should check that
super_empty.img exists before trying to read it.
Bug: 120429424
Test: fastboot flash system on non-DAP device
Change-Id: I6c4eec19cb3ef8d24595a75e072e1d75baaa8cdd
When the update-super command is issued, we want overlayfs overrides
to disappear without a doubt, which includes non-A/B utilizing
/cache/overlay/ tree. Call fs_mgr_overlayfs_teardown() on successful
return.
Test: adb-remount-test.sh
Bug: 120034852
Change-Id: Ia5cdb797f7e8350b5591a51fc8ae5f323901aee4
On retrofit devices, if both slots contain dynamic partition builds,
then "flashall" will attempt to write secondary images to dynamic
partitions in the other slot. At worst, this can fail with an error. At
best, it will result in the "other" partition not being mounted on first
boot.
This patch therefore deletes logical partitions for secondary images, on
retrofit devices only. On a Pixel device on the "b" slot, this means
"system_a" and "vendor_a" will be deleted before flashing, and therefore
system_other and vendor_other will be flashed to physical partitions
instead.
Bug: 120034852
Test: fastboot set_active a
fastboot flashall
fastboot set_active b
fastboot flashall
Change-Id: I6affe9a6c639b0495bffc77fcf20f329b86ad159
When checking for existence of "super_empty.img" to determine if
flash image product set is meant for logical partitions, we die if
ANDROID_PRODUCT_OUT environment is unset or empty. This check
is done before we look at the flash image name to determine if it
is a candidate to look at the logical metadata.
Instead, allow this check to conservatively fail for now.
Test: export ANDROID_PRODUCT_OUT=
fastboot flash bootloader
Bug: 120041144
Change-Id: I43f124015f9d26c79a0feb9123522432fe937343
Merged-In: I43f124015f9d26c79a0feb9123522432fe937343
Retrofit devices will have two super partitions, spanning the A and B
slots separately. By design an OTA will never cause "A" or "B"
partitions to be assigned to the wrong super. However, the same is not
true of fastbootd, where it is possible to flash the inactive slot. We
do not want, for example, logical "system_a" flashing to super_b.
When interacting with partitions, fastbootd now extracts the slot suffix
from a GetSuperSlotSuffix() helper. On retrofit devices, if the partition
name has a slot, that slot will override FastbootDevice::GetCurrentSlot.
This forces partitions in the inactive slot to be assigned to the correct
super.
There are two consequences of this. First, partitions with no slot
suffix will default to the current slot. That means it is possible to
wind up with two "scratch" partitions, if "adb remount" is used on both
the "A" and "B" slots. However, only the active slot's "scratch" will be
visible to the user (either through adb or fastboot).
Second, if one slot does not have dynamic partitions, flashing will
default to fixed partitions. For example, if the A slot is logical and B
is not, flashing "system_a" will be logical and "system_b" will be
fixed. This works no matter which slot is active. We do not try to
upgrade the inactive slot to dynamic partitions.
Bug: 116802789
Test: fastboot set_active a
fastboot flashall # dynamic partitions
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # false
fastboot set_active b
fastboot flashall --skip-secondary
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # true
Booting both slots works.
Change-Id: Ib3c91944aaee1a96b2f5ad69c90e215bd6c5a2e8
On retrofit devices, it is easy to accidentally overwrite
system/vendor/product by flashing system in the bootloader. The reason
is that GPT system_a is really the super partition, and the bootloader
doesn't know it.
Addressing this in bootloaders would require two separate commands: one
that rejects flashing system/vendor/product, and another for
expert/factory use that would allow direct flashing.
This patch introduces protection into the host fastboot tool instead.
It's not mutually exclusive with bootloader changes; having protection
in the host tool affords us better and consistent UI. However it does
rely on users having newer builds.
With this change, the following will not work in the bootloader:
fastboot flash system # or vendor, product, etc
The message is the same whether or not the device is a retrofit. To
continue anyway, you can do:
fastboot flash --force system
If we decide on bootloader protection as well, the --force flag can be
re-used.
Bug: 119689480
Test: fastboot flash system # disallowed in bootloader, allowed in fastbootd
fastboot flash --force system # allowed in bootloader
Change-Id: I0861e3f28a15be925886d5c30c7ebd4b20c477cf
Removes a few more Android.mk files.
Test: check for adb, mkbootfs, and fastboot in the build artifacts
Change-Id: Ie4e50a363a734d0b9207f0d0098c54719f038e76
Similar to the change to adb in Id26760bc62c89a1f7ef67511b21f9d9252ab69f3,
pin the interface version to IOUSBFamily 5.0.0.
Bug: 119264733
Test: Manual
Change-Id: Ied9164532c0ba6f20415dafecb0c774578aa5c57
This patch adds a new variable, "super-partition-name", to query the
name of the super partition (with a slot suffix if it has one). The
fastboot flashing tool has been updated to query this variable.
Since the super partition name can no longer be determined without
fastbootd, the presence of super_empty.img is used to test for
dynamic partition support rather than the presence of a super partition.
Bug: 116802789
Test: fastboot flashall on retrofit device
Change-Id: If830768eba6de7f31ac3183c64167fae973c77a4
When updating the super partition, attempt to preserve partitions from
the other slot. If any partition can't be preserved, fail and require a
wipe (-w) to proceed. This allows two bootable builds to be flashed to
both slots.
The preserve operation can fail if the metadata is not compatible with
the old partition layout. For example, if the partition references a
group that no longer exists, or a group changed its capacity, or the
metadata's block device list or list contents changed.
Bug: N/A
Test: liblp_test gtest
fastboot flashall --skip-secondary
Change-Id: I53fdd29bc1f0ef132005a93d3cf1cdcd7f2fc05f
Without this, it is much more difficult to ensure that the "a" and "b"
slots are both bootable during development. We already update all
metadata slots for update-super, so we should here as well.
Bug: N/A
Test: fastboot flashall
fastboot set_active other
fastboot flashall
Change-Id: Ib661e35fa89171a68a0b1da195dc5ba0375d72e4
Arrange to delete the overlayfs backing when a specified partition
has been flashed.
Test: manual
Bug: 109821005
Bug: 117605276
Change-Id: I1c6a0341c6cd2ecfbb7c71bec5679a74d579aadd
The purpose of this code was to support preserving partitions across a
flashall operation. Since we are not supporting persistent read-write
partitions, this merging code is effectively useless - it is preserving
only partitions that will be deleted.
Additionally, this code does not merge partition group changes, since
doing so accurately is difficult. Partition size changes aren't sent
until after update-super resolves, so a valid re-grouping could be
rejected during update-super if the existing partitions are too big.
This patch removes the update-super merging code until a use case comes
along and we can properly evaluate how it should work.
Bug: N/A
Test: fastboot flashall
Change-Id: I1d622b23dabdf031897be9de49f59fc8cf3caf3b
The libziparchive public headers that refer to `off64_t` also need the
Mac workaround.
In fastboot, there's a stray `lseek64` but since it's only for offset 0,
any kind of seek is fine.
Bug: N/A
Test: builds
Change-Id: I68b4f95202623ebf07ffe6c3e0e21437e7922c5b
If an image size changes slightly in between "flashall" and some change
in the build, it's inconvenient to have to reflash the whole device again.
This patch resizes partitions when using a normal flash command, to
improve the developer workflow.
Bug: N/A
Test: fastboot flash system
Change-Id: I349364a4742a0c15748f545fcfda946107720d45
After rebooting to userspace fastboot, the first command issued is
"update-super". If we wound up in the bootloader by accident (as
happened to a few users with a busted vbmeta_system), the resulting
error message will be very misleading ("update-super" will be an
unrecognized command).
Instead, this patch explicitly errors if we did not successfully boot
into fastbootd.
Bug: N/A
Test: fastboot flashall
Change-Id: I7d5bd64db540978bd0bae884f40ce8c3df48f856
This allows us to remove libziparchive's dependency on libutils.
Bug: http://b/79112958
Test: ran libbase and libziparchive tests, ran fastboot manually
Change-Id: I95c651976dad222863e5b8c37d4514b778f5dce7
Cleanup to utilize all the manifest values in constants.h.
If the cli command _and_ the protocol name match, use a common
source of convenient truth. This should set a pattern for future
additional commands. When the command and the protocol differ,
we want to introduce resistance as it results in confusion and
maintenance issues.
Test: compile
Change-Id: Idad413c63cbbfcb6e851856105a5d5a9ef53ef29
Bug: 78793464
Test: fastboot flashall
Sparse images with CRC are not supported by the Android build
system and hence the calculated CRC is unused.
Change-Id: Ia48b2f7e29f2adea26d185c5a8f2337c4cbe6dcb
Boot control HAL implementations will return the current boot
slot as the active slot. If a set_active command is issued on another
slot, it should be considered as the new active slot and subsequent
flashes should flash the same.
Test: fastboot set_active "b", fastboot getvar current-slot
Bug: 78793464
Change-Id: Ida3817670de8e74a7d7ae2a905e7ac1756c6bdf1
This is required to pass fuzzy_fastboot conformance tests.
Also, allow for zero sized partitions in fuzzy_fastboot.
Test: ./fuzzy_fastboot --gtest_filter=Conformance.Slots
Bug: 117220134
Change-Id: Ifb12994a7796b081215084cb68b37674210aaa12
Return lock status of true if unable to read kernel command line.
Test: fastboot getvar unlocked
Bug: 117275849
Change-Id: Id6c00c769bcdcdf87fcc9e88902713a8eff3e320
Sparse images with CRC are currently not supported by the
Android build system.
Test: ./fuzzy_fastboot --gtest_filter=Conformance.*
Change-Id: I6a73fb0dc5d4c77a3d1a0384c137789eb06fa956
If a device has logical partitions but does not use a partition called
"super", we will need this to be configurable. Note that the "slot"
argument is currently unused, but will be necessary for update_engine if
there are A and B super partitions.
Bug: 116608795
Test: super partition works
Change-Id: Ieb548a158faeb423f3561230f26d582325efbc6b
Replace the remnants of engine.cpp with better functionality in
FastBootDriver. Particularly, add prolog() and epilog()
callbacks to FastBootDriver for printing actions and their result to
the console. Then clean up the rest of fastboot.cpp to directly use
FastBootDriver.
Test: fastboot works
Change-Id: I0ff01d6a10f75e9dc1c82b46c6e9bb3bc4c68638
CheckRequirements() had various issues that are cleaned up here,
1) Move from C string parsing to C++
2) Moved from C data structures to C++, including fixing memory leaks.
3) Removed the 'cur_product' global and the 'query_save' function that
stores it
4) Actually writing tests for the parsing function for
android-info.txt
5) Check that a variable needs to be checked for a given product before
trying to read it. Previously, fastboot would fail if a variable
isn't recognized on a device, even if the check should be ignored.
A lot of flexibility is allowed for the input strings, to keep
backwards compatibility with the previous parsers.
Test: fastboot works, unit tests
Change-Id: Idc3bba8b8fe829d8eefe5f6c495e63a9441c0b60
Note that in addition to waiting for the path to appear, we must also
wait for it to be unlinked. Otherwise, we could accidentally access an
older device when opening and closing the same partition twice in a row.
Bug: 114198005
Test: fastboot flashall works
Change-Id: Iddffc34e1ac8aa066c28e7b1a92b09b6dfd7945c
UsbTransportSniffer invokes the virtual method Close() within
its destructor. This usage is fine right now, but if a future
class inherited from UsbTransportSniffer and overrode the Close()
method, then this destructor would not act as expected.
To protect against this, we declare Close() 'final' in
UsbTransportSniffer, and add a comment.
Test: Treehugger
Change-Id: I6182d84e7caf67cb06f37c22c6203ad6d6e57f34
There is little advantage and increasingly much disadvantage to
queueing up fastboot commands before executing them. This change
removes the queue in the most simple way possible to enable further
clean up.
Test: fastboot works
Change-Id: I9abab05df07ed167dbe6a42e1eb9eab8f8d4f157
Partition sizes must be reported with an "0x" prefix for fuzzy_fastboot.
Also, with dynamic partitions, the size of a partition can be 0.
Bug: 78793464
Test: fuzzy_fastboot Conformance.PartitionInfo does not error on
partition sizes when using fastbootd
Change-Id: I4148440bd9ed420878940829618cbf8cee85bf6a
This change moves Transport ownership back out of FastBootDriver.
Callers of set_transport must ensure that the previous transport is
destroyed. In addition, deleting a transport now ensures that it is
closed.
Bug: 78793464
Test: fastboot, fuzzy_fastboot works
Change-Id: I8f9ed2f7d5b09fd0820b2677d087a027378f26db
This implements getvar all by invoking each callback and writing an INFO
status for each result. For commands that take arguments, the variable
handler can specify a function that returns all possible arguments.
Currently this only applies to partition variables.
Bug: 78793464
Test: fastboot getvar all works
Change-Id: I1cf84e06bf67614b6f56171c0ee6ca5d7ac383c9
It is easier to implement getvar all if we can invoke each variable
handler and collect their results. This change reverts the handlers to
return their messages as an outparam, rather than going through
FastbootDevice.
Bug: 78793464
Test: fastboot getvar works
Change-Id: I8544251ce517526b26435526756359ce220520cc
The Carbon framework isn't on the list of libraries that Soong allows
linking against, so this broke the Mac build. This compiles just fine
without Carbon though, and I don't see any references to Carbon in the
code.
Test: mma
Change-Id: I83044d244f7cec778c8b8b6132249c0f016c10fc
David Anderson