1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <ctype.h>
18 #include <dirent.h>
19 #include <errno.h>
20 #include <fcntl.h>
21 #include <getopt.h>
22 #include <limits.h>
23 #include <linux/input.h>
24 #include <stdarg.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <sys/klog.h>
29 #include <sys/stat.h>
30 #include <sys/types.h>
31 #include <sys/wait.h>
32 #include <time.h>
33 #include <unistd.h>
34
35 #include <chrono>
36
37 #include <adb.h>
38 #include <android/log.h> /* Android Log Priority Tags */
39 #include <android-base/file.h>
40 #include <android-base/parseint.h>
41 #include <android-base/stringprintf.h>
42 #include <cutils/android_reboot.h>
43 #include <cutils/properties.h>
44 #include <log/logger.h> /* Android Log packet format */
45 #include <private/android_logger.h> /* private pmsg functions */
46
47 #include <healthd/BatteryMonitor.h>
48
49 #include "adb_install.h"
50 #include "bootloader.h"
51 #include "common.h"
52 #include "device.h"
53 #include "error_code.h"
54 #include "fuse_sdcard_provider.h"
55 #include "fuse_sideload.h"
56 #include "install.h"
57 #include "minui/minui.h"
58 #include "minzip/DirUtil.h"
59 #include "roots.h"
60 #include "ui.h"
61 #include "screen_ui.h"
62
63 struct selabel_handle *sehandle;
64
65 static const struct option OPTIONS[] = {
66 { "send_intent", required_argument, NULL, 'i' },
67 { "update_package", required_argument, NULL, 'u' },
68 { "retry_count", required_argument, NULL, 'n' },
69 { "wipe_data", no_argument, NULL, 'w' },
70 { "wipe_cache", no_argument, NULL, 'c' },
71 { "show_text", no_argument, NULL, 't' },
72 { "sideload", no_argument, NULL, 's' },
73 { "sideload_auto_reboot", no_argument, NULL, 'a' },
74 { "just_exit", no_argument, NULL, 'x' },
75 { "locale", required_argument, NULL, 'l' },
76 { "stages", required_argument, NULL, 'g' },
77 { "shutdown_after", no_argument, NULL, 'p' },
78 { "reason", required_argument, NULL, 'r' },
79 { "security", no_argument, NULL, 'e'},
80 { NULL, 0, NULL, 0 },
81 };
82
83 static const char *CACHE_LOG_DIR = "/cache/recovery";
84 static const char *COMMAND_FILE = "/cache/recovery/command";
85 static const char *INTENT_FILE = "/cache/recovery/intent";
86 static const char *LOG_FILE = "/cache/recovery/log";
87 static const char *LAST_INSTALL_FILE = "/cache/recovery/last_install";
88 static const char *LOCALE_FILE = "/cache/recovery/last_locale";
89 static const char *CONVERT_FBE_DIR = "/tmp/convert_fbe";
90 static const char *CONVERT_FBE_FILE = "/tmp/convert_fbe/convert_fbe";
91 static const char *CACHE_ROOT = "/cache";
92 static const char *DATA_ROOT = "/data";
93 static const char *SDCARD_ROOT = "/sdcard";
94 static const char *TEMPORARY_LOG_FILE = "/tmp/recovery.log";
95 static const char *TEMPORARY_INSTALL_FILE = "/tmp/last_install";
96 static const char *LAST_KMSG_FILE = "/cache/recovery/last_kmsg";
97 static const char *LAST_LOG_FILE = "/cache/recovery/last_log";
98 static const int KEEP_LOG_COUNT = 10;
99 // We will try to apply the update package 5 times at most in case of an I/O error.
100 static const int EIO_RETRY_COUNT = 4;
101 static const int BATTERY_READ_TIMEOUT_IN_SEC = 10;
102 // GmsCore enters recovery mode to install package when having enough battery
103 // percentage. Normally, the threshold is 40% without charger and 20% with charger.
104 // So we should check battery with a slightly lower limitation.
105 static const int BATTERY_OK_PERCENTAGE = 20;
106 static const int BATTERY_WITH_CHARGER_OK_PERCENTAGE = 15;
107
108 RecoveryUI* ui = NULL;
109 static const char* locale = "en_US";
110 char* stage = NULL;
111 char* reason = NULL;
112 bool modified_flash = false;
113 static bool has_cache = false;
114
115 /*
116 * The recovery tool communicates with the main system through /cache files.
117 * /cache/recovery/command - INPUT - command line for tool, one arg per line
118 * /cache/recovery/log - OUTPUT - combined log file from recovery run(s)
119 * /cache/recovery/intent - OUTPUT - intent that was passed in
120 *
121 * The arguments which may be supplied in the recovery.command file:
122 * --send_intent=anystring - write the text out to recovery.intent
123 * --update_package=path - verify install an OTA package file
124 * --wipe_data - erase user data (and cache), then reboot
125 * --wipe_cache - wipe cache (but not user data), then reboot
126 * --set_encrypted_filesystem=on|off - enables / diasables encrypted fs
127 * --just_exit - do nothing; exit and reboot
128 *
129 * After completing, we remove /cache/recovery/command and reboot.
130 * Arguments may also be supplied in the bootloader control block (BCB).
131 * These important scenarios must be safely restartable at any point:
132 *
133 * FACTORY RESET
134 * 1. user selects "factory reset"
135 * 2. main system writes "--wipe_data" to /cache/recovery/command
136 * 3. main system reboots into recovery
137 * 4. get_args() writes BCB with "boot-recovery" and "--wipe_data"
138 * -- after this, rebooting will restart the erase --
139 * 5. erase_volume() reformats /data
140 * 6. erase_volume() reformats /cache
141 * 7. finish_recovery() erases BCB
142 * -- after this, rebooting will restart the main system --
143 * 8. main() calls reboot() to boot main system
144 *
145 * OTA INSTALL
146 * 1. main system downloads OTA package to /cache/some-filename.zip
147 * 2. main system writes "--update_package=/cache/some-filename.zip"
148 * 3. main system reboots into recovery
149 * 4. get_args() writes BCB with "boot-recovery" and "--update_package=..."
150 * -- after this, rebooting will attempt to reinstall the update --
151 * 5. install_package() attempts to install the update
152 * NOTE: the package install must itself be restartable from any point
153 * 6. finish_recovery() erases BCB
154 * -- after this, rebooting will (try to) restart the main system --
155 * 7. ** if install failed **
156 * 7a. prompt_and_wait() shows an error icon and waits for the user
157 * 7b; the user reboots (pulling the battery, etc) into the main system
158 * 8. main() calls maybe_install_firmware_update()
159 * ** if the update contained radio/hboot firmware **:
160 * 8a. m_i_f_u() writes BCB with "boot-recovery" and "--wipe_cache"
161 * -- after this, rebooting will reformat cache & restart main system --
162 * 8b. m_i_f_u() writes firmware image into raw cache partition
163 * 8c. m_i_f_u() writes BCB with "update-radio/hboot" and "--wipe_cache"
164 * -- after this, rebooting will attempt to reinstall firmware --
165 * 8d. bootloader tries to flash firmware
166 * 8e. bootloader writes BCB with "boot-recovery" (keeping "--wipe_cache")
167 * -- after this, rebooting will reformat cache & restart main system --
168 * 8f. erase_volume() reformats /cache
169 * 8g. finish_recovery() erases BCB
170 * -- after this, rebooting will (try to) restart the main system --
171 * 9. main() calls reboot() to boot main system
172 */
173
174 static const int MAX_ARG_LENGTH = 4096;
175 static const int MAX_ARGS = 100;
176
177 // open a given path, mounting partitions as necessary
fopen_path(const char * path,const char * mode)178 FILE* fopen_path(const char *path, const char *mode) {
179 if (ensure_path_mounted(path) != 0) {
180 LOGE("Can't mount %s\n", path);
181 return NULL;
182 }
183
184 // When writing, try to create the containing directory, if necessary.
185 // Use generous permissions, the system (init.rc) will reset them.
186 if (strchr("wa", mode[0])) dirCreateHierarchy(path, 0777, NULL, 1, sehandle);
187
188 FILE *fp = fopen(path, mode);
189 return fp;
190 }
191
192 // close a file, log an error if the error indicator is set
check_and_fclose(FILE * fp,const char * name)193 static void check_and_fclose(FILE *fp, const char *name) {
194 fflush(fp);
195 if (ferror(fp)) LOGE("Error in %s\n(%s)\n", name, strerror(errno));
196 fclose(fp);
197 }
198
is_ro_debuggable()199 bool is_ro_debuggable() {
200 char value[PROPERTY_VALUE_MAX+1];
201 return (property_get("ro.debuggable", value, NULL) == 1 && value[0] == '1');
202 }
203
redirect_stdio(const char * filename)204 static void redirect_stdio(const char* filename) {
205 int pipefd[2];
206 if (pipe(pipefd) == -1) {
207 LOGE("pipe failed: %s\n", strerror(errno));
208
209 // Fall back to traditional logging mode without timestamps.
210 // If these fail, there's not really anywhere to complain...
211 freopen(filename, "a", stdout); setbuf(stdout, NULL);
212 freopen(filename, "a", stderr); setbuf(stderr, NULL);
213
214 return;
215 }
216
217 pid_t pid = fork();
218 if (pid == -1) {
219 LOGE("fork failed: %s\n", strerror(errno));
220
221 // Fall back to traditional logging mode without timestamps.
222 // If these fail, there's not really anywhere to complain...
223 freopen(filename, "a", stdout); setbuf(stdout, NULL);
224 freopen(filename, "a", stderr); setbuf(stderr, NULL);
225
226 return;
227 }
228
229 if (pid == 0) {
230 /// Close the unused write end.
231 close(pipefd[1]);
232
233 auto start = std::chrono::steady_clock::now();
234
235 // Child logger to actually write to the log file.
236 FILE* log_fp = fopen(filename, "a");
237 if (log_fp == nullptr) {
238 LOGE("fopen \"%s\" failed: %s\n", filename, strerror(errno));
239 close(pipefd[0]);
240 _exit(1);
241 }
242
243 FILE* pipe_fp = fdopen(pipefd[0], "r");
244 if (pipe_fp == nullptr) {
245 LOGE("fdopen failed: %s\n", strerror(errno));
246 check_and_fclose(log_fp, filename);
247 close(pipefd[0]);
248 _exit(1);
249 }
250
251 char* line = nullptr;
252 size_t len = 0;
253 while (getline(&line, &len, pipe_fp) != -1) {
254 auto now = std::chrono::steady_clock::now();
255 double duration = std::chrono::duration_cast<std::chrono::duration<double>>(
256 now - start).count();
257 if (line[0] == '\n') {
258 fprintf(log_fp, "[%12.6lf]\n", duration);
259 } else {
260 fprintf(log_fp, "[%12.6lf] %s", duration, line);
261 }
262 fflush(log_fp);
263 }
264
265 LOGE("getline failed: %s\n", strerror(errno));
266
267 free(line);
268 check_and_fclose(log_fp, filename);
269 close(pipefd[0]);
270 _exit(1);
271 } else {
272 // Redirect stdout/stderr to the logger process.
273 // Close the unused read end.
274 close(pipefd[0]);
275
276 setbuf(stdout, nullptr);
277 setbuf(stderr, nullptr);
278
279 if (dup2(pipefd[1], STDOUT_FILENO) == -1) {
280 LOGE("dup2 stdout failed: %s\n", strerror(errno));
281 }
282 if (dup2(pipefd[1], STDERR_FILENO) == -1) {
283 LOGE("dup2 stderr failed: %s\n", strerror(errno));
284 }
285
286 close(pipefd[1]);
287 }
288 }
289
290 // command line args come from, in decreasing precedence:
291 // - the actual command line
292 // - the bootloader control block (one per line, after "recovery")
293 // - the contents of COMMAND_FILE (one per line)
294 static void
get_args(int * argc,char *** argv)295 get_args(int *argc, char ***argv) {
296 struct bootloader_message boot;
297 memset(&boot, 0, sizeof(boot));
298 get_bootloader_message(&boot); // this may fail, leaving a zeroed structure
299 stage = strndup(boot.stage, sizeof(boot.stage));
300
301 if (boot.command[0] != 0 && boot.command[0] != 255) {
302 LOGI("Boot command: %.*s\n", (int)sizeof(boot.command), boot.command);
303 }
304
305 if (boot.status[0] != 0 && boot.status[0] != 255) {
306 LOGI("Boot status: %.*s\n", (int)sizeof(boot.status), boot.status);
307 }
308
309 // --- if arguments weren't supplied, look in the bootloader control block
310 if (*argc <= 1) {
311 boot.recovery[sizeof(boot.recovery) - 1] = '\0'; // Ensure termination
312 const char *arg = strtok(boot.recovery, "\n");
313 if (arg != NULL && !strcmp(arg, "recovery")) {
314 *argv = (char **) malloc(sizeof(char *) * MAX_ARGS);
315 (*argv)[0] = strdup(arg);
316 for (*argc = 1; *argc < MAX_ARGS; ++*argc) {
317 if ((arg = strtok(NULL, "\n")) == NULL) break;
318 (*argv)[*argc] = strdup(arg);
319 }
320 LOGI("Got arguments from boot message\n");
321 } else if (boot.recovery[0] != 0 && boot.recovery[0] != 255) {
322 LOGE("Bad boot message\n\"%.20s\"\n", boot.recovery);
323 }
324 }
325
326 // --- if that doesn't work, try the command file (if we have /cache).
327 if (*argc <= 1 && has_cache) {
328 FILE *fp = fopen_path(COMMAND_FILE, "r");
329 if (fp != NULL) {
330 char *token;
331 char *argv0 = (*argv)[0];
332 *argv = (char **) malloc(sizeof(char *) * MAX_ARGS);
333 (*argv)[0] = argv0; // use the same program name
334
335 char buf[MAX_ARG_LENGTH];
336 for (*argc = 1; *argc < MAX_ARGS; ++*argc) {
337 if (!fgets(buf, sizeof(buf), fp)) break;
338 token = strtok(buf, "\r\n");
339 if (token != NULL) {
340 (*argv)[*argc] = strdup(token); // Strip newline.
341 } else {
342 --*argc;
343 }
344 }
345
346 check_and_fclose(fp, COMMAND_FILE);
347 LOGI("Got arguments from %s\n", COMMAND_FILE);
348 }
349 }
350
351 // --> write the arguments we have back into the bootloader control block
352 // always boot into recovery after this (until finish_recovery() is called)
353 strlcpy(boot.command, "boot-recovery", sizeof(boot.command));
354 strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery));
355 int i;
356 for (i = 1; i < *argc; ++i) {
357 strlcat(boot.recovery, (*argv)[i], sizeof(boot.recovery));
358 strlcat(boot.recovery, "\n", sizeof(boot.recovery));
359 }
360 set_bootloader_message(&boot);
361 }
362
363 static void
set_sdcard_update_bootloader_message()364 set_sdcard_update_bootloader_message() {
365 struct bootloader_message boot;
366 memset(&boot, 0, sizeof(boot));
367 strlcpy(boot.command, "boot-recovery", sizeof(boot.command));
368 strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery));
369 set_bootloader_message(&boot);
370 }
371
372 // Read from kernel log into buffer and write out to file.
save_kernel_log(const char * destination)373 static void save_kernel_log(const char* destination) {
374 int klog_buf_len = klogctl(KLOG_SIZE_BUFFER, 0, 0);
375 if (klog_buf_len <= 0) {
376 LOGE("Error getting klog size: %s\n", strerror(errno));
377 return;
378 }
379
380 std::string buffer(klog_buf_len, 0);
381 int n = klogctl(KLOG_READ_ALL, &buffer[0], klog_buf_len);
382 if (n == -1) {
383 LOGE("Error in reading klog: %s\n", strerror(errno));
384 return;
385 }
386 buffer.resize(n);
387 android::base::WriteStringToFile(buffer, destination);
388 }
389
390 // write content to the current pmsg session.
__pmsg_write(const char * filename,const char * buf,size_t len)391 static ssize_t __pmsg_write(const char *filename, const char *buf, size_t len) {
392 return __android_log_pmsg_file_write(LOG_ID_SYSTEM, ANDROID_LOG_INFO,
393 filename, buf, len);
394 }
395
copy_log_file_to_pmsg(const char * source,const char * destination)396 static void copy_log_file_to_pmsg(const char* source, const char* destination) {
397 std::string content;
398 android::base::ReadFileToString(source, &content);
399 __pmsg_write(destination, content.c_str(), content.length());
400 }
401
402 // How much of the temp log we have copied to the copy in cache.
403 static long tmplog_offset = 0;
404
copy_log_file(const char * source,const char * destination,bool append)405 static void copy_log_file(const char* source, const char* destination, bool append) {
406 FILE* dest_fp = fopen_path(destination, append ? "a" : "w");
407 if (dest_fp == nullptr) {
408 LOGE("Can't open %s\n", destination);
409 } else {
410 FILE* source_fp = fopen(source, "r");
411 if (source_fp != nullptr) {
412 if (append) {
413 fseek(source_fp, tmplog_offset, SEEK_SET); // Since last write
414 }
415 char buf[4096];
416 size_t bytes;
417 while ((bytes = fread(buf, 1, sizeof(buf), source_fp)) != 0) {
418 fwrite(buf, 1, bytes, dest_fp);
419 }
420 if (append) {
421 tmplog_offset = ftell(source_fp);
422 }
423 check_and_fclose(source_fp, source);
424 }
425 check_and_fclose(dest_fp, destination);
426 }
427 }
428
429 // Rename last_log -> last_log.1 -> last_log.2 -> ... -> last_log.$max.
430 // Similarly rename last_kmsg -> last_kmsg.1 -> ... -> last_kmsg.$max.
431 // Overwrite any existing last_log.$max and last_kmsg.$max.
rotate_logs(int max)432 static void rotate_logs(int max) {
433 // Logs should only be rotated once.
434 static bool rotated = false;
435 if (rotated) {
436 return;
437 }
438 rotated = true;
439 ensure_path_mounted(LAST_LOG_FILE);
440 ensure_path_mounted(LAST_KMSG_FILE);
441
442 for (int i = max-1; i >= 0; --i) {
443 std::string old_log = android::base::StringPrintf("%s", LAST_LOG_FILE);
444 if (i > 0) {
445 old_log += "." + std::to_string(i);
446 }
447 std::string new_log = android::base::StringPrintf("%s.%d", LAST_LOG_FILE, i+1);
448 // Ignore errors if old_log doesn't exist.
449 rename(old_log.c_str(), new_log.c_str());
450
451 std::string old_kmsg = android::base::StringPrintf("%s", LAST_KMSG_FILE);
452 if (i > 0) {
453 old_kmsg += "." + std::to_string(i);
454 }
455 std::string new_kmsg = android::base::StringPrintf("%s.%d", LAST_KMSG_FILE, i+1);
456 rename(old_kmsg.c_str(), new_kmsg.c_str());
457 }
458 }
459
copy_logs()460 static void copy_logs() {
461 // We only rotate and record the log of the current session if there are
462 // actual attempts to modify the flash, such as wipes, installs from BCB
463 // or menu selections. This is to avoid unnecessary rotation (and
464 // possible deletion) of log files, if it does not do anything loggable.
465 if (!modified_flash) {
466 return;
467 }
468
469 // Always write to pmsg, this allows the OTA logs to be caught in logcat -L
470 copy_log_file_to_pmsg(TEMPORARY_LOG_FILE, LAST_LOG_FILE);
471 copy_log_file_to_pmsg(TEMPORARY_INSTALL_FILE, LAST_INSTALL_FILE);
472
473 // We can do nothing for now if there's no /cache partition.
474 if (!has_cache) {
475 return;
476 }
477
478 rotate_logs(KEEP_LOG_COUNT);
479
480 // Copy logs to cache so the system can find out what happened.
481 copy_log_file(TEMPORARY_LOG_FILE, LOG_FILE, true);
482 copy_log_file(TEMPORARY_LOG_FILE, LAST_LOG_FILE, false);
483 copy_log_file(TEMPORARY_INSTALL_FILE, LAST_INSTALL_FILE, false);
484 save_kernel_log(LAST_KMSG_FILE);
485 chmod(LOG_FILE, 0600);
486 chown(LOG_FILE, 1000, 1000); // system user
487 chmod(LAST_KMSG_FILE, 0600);
488 chown(LAST_KMSG_FILE, 1000, 1000); // system user
489 chmod(LAST_LOG_FILE, 0640);
490 chmod(LAST_INSTALL_FILE, 0644);
491 sync();
492 }
493
494 // clear the recovery command and prepare to boot a (hopefully working) system,
495 // copy our log file to cache as well (for the system to read), and
496 // record any intent we were asked to communicate back to the system.
497 // this function is idempotent: call it as many times as you like.
498 static void
finish_recovery(const char * send_intent)499 finish_recovery(const char *send_intent) {
500 // By this point, we're ready to return to the main system...
501 if (send_intent != NULL && has_cache) {
502 FILE *fp = fopen_path(INTENT_FILE, "w");
503 if (fp == NULL) {
504 LOGE("Can't open %s\n", INTENT_FILE);
505 } else {
506 fputs(send_intent, fp);
507 check_and_fclose(fp, INTENT_FILE);
508 }
509 }
510
511 // Save the locale to cache, so if recovery is next started up
512 // without a --locale argument (eg, directly from the bootloader)
513 // it will use the last-known locale.
514 if (locale != NULL) {
515 size_t len = strlen(locale);
516 __pmsg_write(LOCALE_FILE, locale, len);
517 if (has_cache) {
518 LOGI("Saving locale \"%s\"\n", locale);
519 FILE* fp = fopen_path(LOCALE_FILE, "w");
520 fwrite(locale, 1, len, fp);
521 fflush(fp);
522 fsync(fileno(fp));
523 check_and_fclose(fp, LOCALE_FILE);
524 }
525 }
526
527 copy_logs();
528
529 // Reset to normal system boot so recovery won't cycle indefinitely.
530 struct bootloader_message boot;
531 memset(&boot, 0, sizeof(boot));
532 set_bootloader_message(&boot);
533
534 // Remove the command file, so recovery won't repeat indefinitely.
535 if (has_cache) {
536 if (ensure_path_mounted(COMMAND_FILE) != 0 || (unlink(COMMAND_FILE) && errno != ENOENT)) {
537 LOGW("Can't unlink %s\n", COMMAND_FILE);
538 }
539 ensure_path_unmounted(CACHE_ROOT);
540 }
541
542 sync(); // For good measure.
543 }
544
545 typedef struct _saved_log_file {
546 char* name;
547 struct stat st;
548 unsigned char* data;
549 struct _saved_log_file* next;
550 } saved_log_file;
551
erase_volume(const char * volume)552 static bool erase_volume(const char* volume) {
553 bool is_cache = (strcmp(volume, CACHE_ROOT) == 0);
554 bool is_data = (strcmp(volume, DATA_ROOT) == 0);
555
556 ui->SetBackground(RecoveryUI::ERASING);
557 ui->SetProgressType(RecoveryUI::INDETERMINATE);
558
559 saved_log_file* head = NULL;
560
561 if (is_cache) {
562 // If we're reformatting /cache, we load any past logs
563 // (i.e. "/cache/recovery/last_*") and the current log
564 // ("/cache/recovery/log") into memory, so we can restore them after
565 // the reformat.
566
567 ensure_path_mounted(volume);
568
569 DIR* d;
570 struct dirent* de;
571 d = opendir(CACHE_LOG_DIR);
572 if (d) {
573 char path[PATH_MAX];
574 strcpy(path, CACHE_LOG_DIR);
575 strcat(path, "/");
576 int path_len = strlen(path);
577 while ((de = readdir(d)) != NULL) {
578 if (strncmp(de->d_name, "last_", 5) == 0 || strcmp(de->d_name, "log") == 0) {
579 saved_log_file* p = (saved_log_file*) malloc(sizeof(saved_log_file));
580 strcpy(path+path_len, de->d_name);
581 p->name = strdup(path);
582 if (stat(path, &(p->st)) == 0) {
583 // truncate files to 512kb
584 if (p->st.st_size > (1 << 19)) {
585 p->st.st_size = 1 << 19;
586 }
587 p->data = (unsigned char*) malloc(p->st.st_size);
588 FILE* f = fopen(path, "rb");
589 fread(p->data, 1, p->st.st_size, f);
590 fclose(f);
591 p->next = head;
592 head = p;
593 } else {
594 free(p);
595 }
596 }
597 }
598 closedir(d);
599 } else {
600 if (errno != ENOENT) {
601 printf("opendir failed: %s\n", strerror(errno));
602 }
603 }
604 }
605
606 ui->Print("Formatting %s...\n", volume);
607
608 ensure_path_unmounted(volume);
609
610 int result;
611
612 if (is_data && reason && strcmp(reason, "convert_fbe") == 0) {
613 // Create convert_fbe breadcrumb file to signal to init
614 // to convert to file based encryption, not full disk encryption
615 if (mkdir(CONVERT_FBE_DIR, 0700) != 0) {
616 ui->Print("Failed to make convert_fbe dir %s\n", strerror(errno));
617 return true;
618 }
619 FILE* f = fopen(CONVERT_FBE_FILE, "wb");
620 if (!f) {
621 ui->Print("Failed to convert to file encryption %s\n", strerror(errno));
622 return true;
623 }
624 fclose(f);
625 result = format_volume(volume, CONVERT_FBE_DIR);
626 remove(CONVERT_FBE_FILE);
627 rmdir(CONVERT_FBE_DIR);
628 } else {
629 result = format_volume(volume);
630 }
631
632 if (is_cache) {
633 while (head) {
634 FILE* f = fopen_path(head->name, "wb");
635 if (f) {
636 fwrite(head->data, 1, head->st.st_size, f);
637 fclose(f);
638 chmod(head->name, head->st.st_mode);
639 chown(head->name, head->st.st_uid, head->st.st_gid);
640 }
641 free(head->name);
642 free(head->data);
643 saved_log_file* temp = head->next;
644 free(head);
645 head = temp;
646 }
647
648 // Any part of the log we'd copied to cache is now gone.
649 // Reset the pointer so we copy from the beginning of the temp
650 // log.
651 tmplog_offset = 0;
652 copy_logs();
653 }
654
655 return (result == 0);
656 }
657
658 static int
get_menu_selection(const char * const * headers,const char * const * items,int menu_only,int initial_selection,Device * device)659 get_menu_selection(const char* const * headers, const char* const * items,
660 int menu_only, int initial_selection, Device* device) {
661 // throw away keys pressed previously, so user doesn't
662 // accidentally trigger menu items.
663 ui->FlushKeys();
664
665 ui->StartMenu(headers, items, initial_selection);
666 int selected = initial_selection;
667 int chosen_item = -1;
668
669 while (chosen_item < 0) {
670 int key = ui->WaitKey();
671 int visible = ui->IsTextVisible();
672
673 if (key == -1) { // ui_wait_key() timed out
674 if (ui->WasTextEverVisible()) {
675 continue;
676 } else {
677 LOGI("timed out waiting for key input; rebooting.\n");
678 ui->EndMenu();
679 return 0; // XXX fixme
680 }
681 }
682
683 int action = device->HandleMenuKey(key, visible);
684
685 if (action < 0) {
686 switch (action) {
687 case Device::kHighlightUp:
688 selected = ui->SelectMenu(--selected);
689 break;
690 case Device::kHighlightDown:
691 selected = ui->SelectMenu(++selected);
692 break;
693 case Device::kInvokeItem:
694 chosen_item = selected;
695 break;
696 case Device::kNoAction:
697 break;
698 }
699 } else if (!menu_only) {
700 chosen_item = action;
701 }
702 }
703
704 ui->EndMenu();
705 return chosen_item;
706 }
707
compare_string(const void * a,const void * b)708 static int compare_string(const void* a, const void* b) {
709 return strcmp(*(const char**)a, *(const char**)b);
710 }
711
712 // Returns a malloc'd path, or NULL.
browse_directory(const char * path,Device * device)713 static char* browse_directory(const char* path, Device* device) {
714 ensure_path_mounted(path);
715
716 DIR* d = opendir(path);
717 if (d == NULL) {
718 LOGE("error opening %s: %s\n", path, strerror(errno));
719 return NULL;
720 }
721
722 int d_size = 0;
723 int d_alloc = 10;
724 char** dirs = (char**)malloc(d_alloc * sizeof(char*));
725 int z_size = 1;
726 int z_alloc = 10;
727 char** zips = (char**)malloc(z_alloc * sizeof(char*));
728 zips[0] = strdup("../");
729
730 struct dirent* de;
731 while ((de = readdir(d)) != NULL) {
732 int name_len = strlen(de->d_name);
733
734 if (de->d_type == DT_DIR) {
735 // skip "." and ".." entries
736 if (name_len == 1 && de->d_name[0] == '.') continue;
737 if (name_len == 2 && de->d_name[0] == '.' &&
738 de->d_name[1] == '.') continue;
739
740 if (d_size >= d_alloc) {
741 d_alloc *= 2;
742 dirs = (char**)realloc(dirs, d_alloc * sizeof(char*));
743 }
744 dirs[d_size] = (char*)malloc(name_len + 2);
745 strcpy(dirs[d_size], de->d_name);
746 dirs[d_size][name_len] = '/';
747 dirs[d_size][name_len+1] = '\0';
748 ++d_size;
749 } else if (de->d_type == DT_REG &&
750 name_len >= 4 &&
751 strncasecmp(de->d_name + (name_len-4), ".zip", 4) == 0) {
752 if (z_size >= z_alloc) {
753 z_alloc *= 2;
754 zips = (char**)realloc(zips, z_alloc * sizeof(char*));
755 }
756 zips[z_size++] = strdup(de->d_name);
757 }
758 }
759 closedir(d);
760
761 qsort(dirs, d_size, sizeof(char*), compare_string);
762 qsort(zips, z_size, sizeof(char*), compare_string);
763
764 // append dirs to the zips list
765 if (d_size + z_size + 1 > z_alloc) {
766 z_alloc = d_size + z_size + 1;
767 zips = (char**)realloc(zips, z_alloc * sizeof(char*));
768 }
769 memcpy(zips + z_size, dirs, d_size * sizeof(char*));
770 free(dirs);
771 z_size += d_size;
772 zips[z_size] = NULL;
773
774 const char* headers[] = { "Choose a package to install:", path, NULL };
775
776 char* result;
777 int chosen_item = 0;
778 while (true) {
779 chosen_item = get_menu_selection(headers, zips, 1, chosen_item, device);
780
781 char* item = zips[chosen_item];
782 int item_len = strlen(item);
783 if (chosen_item == 0) { // item 0 is always "../"
784 // go up but continue browsing (if the caller is update_directory)
785 result = NULL;
786 break;
787 }
788
789 char new_path[PATH_MAX];
790 strlcpy(new_path, path, PATH_MAX);
791 strlcat(new_path, "/", PATH_MAX);
792 strlcat(new_path, item, PATH_MAX);
793
794 if (item[item_len-1] == '/') {
795 // recurse down into a subdirectory
796 new_path[strlen(new_path)-1] = '\0'; // truncate the trailing '/'
797 result = browse_directory(new_path, device);
798 if (result) break;
799 } else {
800 // selected a zip file: return the malloc'd path to the caller.
801 result = strdup(new_path);
802 break;
803 }
804 }
805
806 for (int i = 0; i < z_size; ++i) free(zips[i]);
807 free(zips);
808
809 return result;
810 }
811
yes_no(Device * device,const char * question1,const char * question2)812 static bool yes_no(Device* device, const char* question1, const char* question2) {
813 const char* headers[] = { question1, question2, NULL };
814 const char* items[] = { " No", " Yes", NULL };
815
816 int chosen_item = get_menu_selection(headers, items, 1, 0, device);
817 return (chosen_item == 1);
818 }
819
820 // Return true on success.
wipe_data(int should_confirm,Device * device)821 static bool wipe_data(int should_confirm, Device* device) {
822 if (should_confirm && !yes_no(device, "Wipe all user data?", " THIS CAN NOT BE UNDONE!")) {
823 return false;
824 }
825
826 modified_flash = true;
827
828 ui->Print("\n-- Wiping data...\n");
829 bool success =
830 device->PreWipeData() &&
831 erase_volume("/data") &&
832 (has_cache ? erase_volume("/cache") : true) &&
833 device->PostWipeData();
834 ui->Print("Data wipe %s.\n", success ? "complete" : "failed");
835 return success;
836 }
837
838 // Return true on success.
wipe_cache(bool should_confirm,Device * device)839 static bool wipe_cache(bool should_confirm, Device* device) {
840 if (!has_cache) {
841 ui->Print("No /cache partition found.\n");
842 return false;
843 }
844
845 if (should_confirm && !yes_no(device, "Wipe cache?", " THIS CAN NOT BE UNDONE!")) {
846 return false;
847 }
848
849 modified_flash = true;
850
851 ui->Print("\n-- Wiping cache...\n");
852 bool success = erase_volume("/cache");
853 ui->Print("Cache wipe %s.\n", success ? "complete" : "failed");
854 return success;
855 }
856
choose_recovery_file(Device * device)857 static void choose_recovery_file(Device* device) {
858 if (!has_cache) {
859 ui->Print("No /cache partition found.\n");
860 return;
861 }
862
863 // "Back" + KEEP_LOG_COUNT * 2 + terminating nullptr entry
864 char* entries[1 + KEEP_LOG_COUNT * 2 + 1];
865 memset(entries, 0, sizeof(entries));
866
867 unsigned int n = 0;
868
869 // Add LAST_LOG_FILE + LAST_LOG_FILE.x
870 // Add LAST_KMSG_FILE + LAST_KMSG_FILE.x
871 for (int i = 0; i < KEEP_LOG_COUNT; i++) {
872 char* log_file;
873 int ret;
874 ret = (i == 0) ? asprintf(&log_file, "%s", LAST_LOG_FILE) :
875 asprintf(&log_file, "%s.%d", LAST_LOG_FILE, i);
876 if (ret == -1) {
877 // memory allocation failure - return early. Should never happen.
878 return;
879 }
880 if ((ensure_path_mounted(log_file) != 0) || (access(log_file, R_OK) == -1)) {
881 free(log_file);
882 } else {
883 entries[n++] = log_file;
884 }
885
886 char* kmsg_file;
887 ret = (i == 0) ? asprintf(&kmsg_file, "%s", LAST_KMSG_FILE) :
888 asprintf(&kmsg_file, "%s.%d", LAST_KMSG_FILE, i);
889 if (ret == -1) {
890 // memory allocation failure - return early. Should never happen.
891 return;
892 }
893 if ((ensure_path_mounted(kmsg_file) != 0) || (access(kmsg_file, R_OK) == -1)) {
894 free(kmsg_file);
895 } else {
896 entries[n++] = kmsg_file;
897 }
898 }
899
900 entries[n++] = strdup("Back");
901
902 const char* headers[] = { "Select file to view", nullptr };
903
904 while (true) {
905 int chosen_item = get_menu_selection(headers, entries, 1, 0, device);
906 if (strcmp(entries[chosen_item], "Back") == 0) break;
907
908 ui->ShowFile(entries[chosen_item]);
909 }
910
911 for (size_t i = 0; i < (sizeof(entries) / sizeof(*entries)); i++) {
912 free(entries[i]);
913 }
914 }
915
run_graphics_test(Device * device)916 static void run_graphics_test(Device* device) {
917 // Switch to graphics screen.
918 ui->ShowText(false);
919
920 ui->SetProgressType(RecoveryUI::INDETERMINATE);
921 ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
922 sleep(1);
923
924 ui->SetBackground(RecoveryUI::ERROR);
925 sleep(1);
926
927 ui->SetBackground(RecoveryUI::NO_COMMAND);
928 sleep(1);
929
930 ui->SetBackground(RecoveryUI::ERASING);
931 sleep(1);
932
933 ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
934
935 ui->SetProgressType(RecoveryUI::DETERMINATE);
936 ui->ShowProgress(1.0, 10.0);
937 float fraction = 0.0;
938 for (size_t i = 0; i < 100; ++i) {
939 fraction += .01;
940 ui->SetProgress(fraction);
941 usleep(100000);
942 }
943
944 ui->ShowText(true);
945 }
946
947 // How long (in seconds) we wait for the fuse-provided package file to
948 // appear, before timing out.
949 #define SDCARD_INSTALL_TIMEOUT 10
950
apply_from_sdcard(Device * device,bool * wipe_cache)951 static int apply_from_sdcard(Device* device, bool* wipe_cache) {
952 modified_flash = true;
953
954 if (ensure_path_mounted(SDCARD_ROOT) != 0) {
955 ui->Print("\n-- Couldn't mount %s.\n", SDCARD_ROOT);
956 return INSTALL_ERROR;
957 }
958
959 char* path = browse_directory(SDCARD_ROOT, device);
960 if (path == NULL) {
961 ui->Print("\n-- No package file selected.\n");
962 ensure_path_unmounted(SDCARD_ROOT);
963 return INSTALL_ERROR;
964 }
965
966 ui->Print("\n-- Install %s ...\n", path);
967 set_sdcard_update_bootloader_message();
968
969 // We used to use fuse in a thread as opposed to a process. Since accessing
970 // through fuse involves going from kernel to userspace to kernel, it leads
971 // to deadlock when a page fault occurs. (Bug: 26313124)
972 pid_t child;
973 if ((child = fork()) == 0) {
974 bool status = start_sdcard_fuse(path);
975
976 _exit(status ? EXIT_SUCCESS : EXIT_FAILURE);
977 }
978
979 // FUSE_SIDELOAD_HOST_PATHNAME will start to exist once the fuse in child
980 // process is ready.
981 int result = INSTALL_ERROR;
982 int status;
983 bool waited = false;
984 for (int i = 0; i < SDCARD_INSTALL_TIMEOUT; ++i) {
985 if (waitpid(child, &status, WNOHANG) == -1) {
986 result = INSTALL_ERROR;
987 waited = true;
988 break;
989 }
990
991 struct stat sb;
992 if (stat(FUSE_SIDELOAD_HOST_PATHNAME, &sb) == -1) {
993 if (errno == ENOENT && i < SDCARD_INSTALL_TIMEOUT-1) {
994 sleep(1);
995 continue;
996 } else {
997 LOGE("Timed out waiting for the fuse-provided package.\n");
998 result = INSTALL_ERROR;
999 kill(child, SIGKILL);
1000 break;
1001 }
1002 }
1003
1004 result = install_package(FUSE_SIDELOAD_HOST_PATHNAME, wipe_cache,
1005 TEMPORARY_INSTALL_FILE, false, 0/*retry_count*/);
1006 break;
1007 }
1008
1009 if (!waited) {
1010 // Calling stat() on this magic filename signals the fuse
1011 // filesystem to shut down.
1012 struct stat sb;
1013 stat(FUSE_SIDELOAD_HOST_EXIT_PATHNAME, &sb);
1014
1015 waitpid(child, &status, 0);
1016 }
1017
1018 if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
1019 LOGE("Error exit from the fuse process: %d\n", WEXITSTATUS(status));
1020 }
1021
1022 ensure_path_unmounted(SDCARD_ROOT);
1023 return result;
1024 }
1025
1026 // Return REBOOT, SHUTDOWN, or REBOOT_BOOTLOADER. Returning NO_ACTION
1027 // means to take the default, which is to reboot or shutdown depending
1028 // on if the --shutdown_after flag was passed to recovery.
1029 static Device::BuiltinAction
prompt_and_wait(Device * device,int status)1030 prompt_and_wait(Device* device, int status) {
1031 for (;;) {
1032 finish_recovery(NULL);
1033 switch (status) {
1034 case INSTALL_SUCCESS:
1035 case INSTALL_NONE:
1036 ui->SetBackground(RecoveryUI::NO_COMMAND);
1037 break;
1038
1039 case INSTALL_ERROR:
1040 case INSTALL_CORRUPT:
1041 ui->SetBackground(RecoveryUI::ERROR);
1042 break;
1043 }
1044 ui->SetProgressType(RecoveryUI::EMPTY);
1045
1046 int chosen_item = get_menu_selection(nullptr, device->GetMenuItems(), 0, 0, device);
1047
1048 // device-specific code may take some action here. It may
1049 // return one of the core actions handled in the switch
1050 // statement below.
1051 Device::BuiltinAction chosen_action = device->InvokeMenuItem(chosen_item);
1052
1053 bool should_wipe_cache = false;
1054 switch (chosen_action) {
1055 case Device::NO_ACTION:
1056 break;
1057
1058 case Device::REBOOT:
1059 case Device::SHUTDOWN:
1060 case Device::REBOOT_BOOTLOADER:
1061 return chosen_action;
1062
1063 case Device::WIPE_DATA:
1064 wipe_data(ui->IsTextVisible(), device);
1065 if (!ui->IsTextVisible()) return Device::NO_ACTION;
1066 break;
1067
1068 case Device::WIPE_CACHE:
1069 wipe_cache(ui->IsTextVisible(), device);
1070 if (!ui->IsTextVisible()) return Device::NO_ACTION;
1071 break;
1072
1073 case Device::APPLY_ADB_SIDELOAD:
1074 case Device::APPLY_SDCARD:
1075 {
1076 bool adb = (chosen_action == Device::APPLY_ADB_SIDELOAD);
1077 if (adb) {
1078 status = apply_from_adb(ui, &should_wipe_cache, TEMPORARY_INSTALL_FILE);
1079 } else {
1080 status = apply_from_sdcard(device, &should_wipe_cache);
1081 }
1082
1083 if (status == INSTALL_SUCCESS && should_wipe_cache) {
1084 if (!wipe_cache(false, device)) {
1085 status = INSTALL_ERROR;
1086 }
1087 }
1088
1089 if (status != INSTALL_SUCCESS) {
1090 ui->SetBackground(RecoveryUI::ERROR);
1091 ui->Print("Installation aborted.\n");
1092 copy_logs();
1093 } else if (!ui->IsTextVisible()) {
1094 return Device::NO_ACTION; // reboot if logs aren't visible
1095 } else {
1096 ui->Print("\nInstall from %s complete.\n", adb ? "ADB" : "SD card");
1097 }
1098 }
1099 break;
1100
1101 case Device::VIEW_RECOVERY_LOGS:
1102 choose_recovery_file(device);
1103 break;
1104
1105 case Device::RUN_GRAPHICS_TEST:
1106 run_graphics_test(device);
1107 break;
1108
1109 case Device::MOUNT_SYSTEM:
1110 char system_root_image[PROPERTY_VALUE_MAX];
1111 property_get("ro.build.system_root_image", system_root_image, "");
1112
1113 // For a system image built with the root directory (i.e.
1114 // system_root_image == "true"), we mount it to /system_root, and symlink /system
1115 // to /system_root/system to make adb shell work (the symlink is created through
1116 // the build system).
1117 // Bug: 22855115
1118 if (strcmp(system_root_image, "true") == 0) {
1119 if (ensure_path_mounted_at("/", "/system_root") != -1) {
1120 ui->Print("Mounted /system.\n");
1121 }
1122 } else {
1123 if (ensure_path_mounted("/system") != -1) {
1124 ui->Print("Mounted /system.\n");
1125 }
1126 }
1127
1128 break;
1129 }
1130 }
1131 }
1132
1133 static void
print_property(const char * key,const char * name,void * cookie)1134 print_property(const char *key, const char *name, void *cookie) {
1135 printf("%s=%s\n", key, name);
1136 }
1137
1138 static void
load_locale_from_cache()1139 load_locale_from_cache() {
1140 FILE* fp = fopen_path(LOCALE_FILE, "r");
1141 char buffer[80];
1142 if (fp != NULL) {
1143 fgets(buffer, sizeof(buffer), fp);
1144 int j = 0;
1145 unsigned int i;
1146 for (i = 0; i < sizeof(buffer) && buffer[i]; ++i) {
1147 if (!isspace(buffer[i])) {
1148 buffer[j++] = buffer[i];
1149 }
1150 }
1151 buffer[j] = 0;
1152 locale = strdup(buffer);
1153 check_and_fclose(fp, LOCALE_FILE);
1154 }
1155 }
1156
1157 static RecoveryUI* gCurrentUI = NULL;
1158
1159 void
ui_print(const char * format,...)1160 ui_print(const char* format, ...) {
1161 char buffer[256];
1162
1163 va_list ap;
1164 va_start(ap, format);
1165 vsnprintf(buffer, sizeof(buffer), format, ap);
1166 va_end(ap);
1167
1168 if (gCurrentUI != NULL) {
1169 gCurrentUI->Print("%s", buffer);
1170 } else {
1171 fputs(buffer, stdout);
1172 }
1173 }
1174
is_battery_ok()1175 static bool is_battery_ok() {
1176 struct healthd_config healthd_config = {
1177 .batteryStatusPath = android::String8(android::String8::kEmptyString),
1178 .batteryHealthPath = android::String8(android::String8::kEmptyString),
1179 .batteryPresentPath = android::String8(android::String8::kEmptyString),
1180 .batteryCapacityPath = android::String8(android::String8::kEmptyString),
1181 .batteryVoltagePath = android::String8(android::String8::kEmptyString),
1182 .batteryTemperaturePath = android::String8(android::String8::kEmptyString),
1183 .batteryTechnologyPath = android::String8(android::String8::kEmptyString),
1184 .batteryCurrentNowPath = android::String8(android::String8::kEmptyString),
1185 .batteryCurrentAvgPath = android::String8(android::String8::kEmptyString),
1186 .batteryChargeCounterPath = android::String8(android::String8::kEmptyString),
1187 .batteryFullChargePath = android::String8(android::String8::kEmptyString),
1188 .batteryCycleCountPath = android::String8(android::String8::kEmptyString),
1189 .energyCounter = NULL,
1190 .boot_min_cap = 0,
1191 .screen_on = NULL
1192 };
1193 healthd_board_init(&healthd_config);
1194
1195 android::BatteryMonitor monitor;
1196 monitor.init(&healthd_config);
1197
1198 int wait_second = 0;
1199 while (true) {
1200 int charge_status = monitor.getChargeStatus();
1201 // Treat unknown status as charged.
1202 bool charged = (charge_status != android::BATTERY_STATUS_DISCHARGING &&
1203 charge_status != android::BATTERY_STATUS_NOT_CHARGING);
1204 android::BatteryProperty capacity;
1205 android::status_t status = monitor.getProperty(android::BATTERY_PROP_CAPACITY, &capacity);
1206 ui_print("charge_status %d, charged %d, status %d, capacity %lld\n", charge_status,
1207 charged, status, capacity.valueInt64);
1208 // At startup, the battery drivers in devices like N5X/N6P take some time to load
1209 // the battery profile. Before the load finishes, it reports value 50 as a fake
1210 // capacity. BATTERY_READ_TIMEOUT_IN_SEC is set that the battery drivers are expected
1211 // to finish loading the battery profile earlier than 10 seconds after kernel startup.
1212 if (status == 0 && capacity.valueInt64 == 50) {
1213 if (wait_second < BATTERY_READ_TIMEOUT_IN_SEC) {
1214 sleep(1);
1215 wait_second++;
1216 continue;
1217 }
1218 }
1219 // If we can't read battery percentage, it may be a device without battery. In this
1220 // situation, use 100 as a fake battery percentage.
1221 if (status != 0) {
1222 capacity.valueInt64 = 100;
1223 }
1224 return (charged && capacity.valueInt64 >= BATTERY_WITH_CHARGER_OK_PERCENTAGE) ||
1225 (!charged && capacity.valueInt64 >= BATTERY_OK_PERCENTAGE);
1226 }
1227 }
1228
set_retry_bootloader_message(int retry_count,int argc,char ** argv)1229 static void set_retry_bootloader_message(int retry_count, int argc, char** argv) {
1230 struct bootloader_message boot {};
1231 strlcpy(boot.command, "boot-recovery", sizeof(boot.command));
1232 strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery));
1233
1234 for (int i = 1; i < argc; ++i) {
1235 if (strstr(argv[i], "retry_count") == nullptr) {
1236 strlcat(boot.recovery, argv[i], sizeof(boot.recovery));
1237 strlcat(boot.recovery, "\n", sizeof(boot.recovery));
1238 }
1239 }
1240
1241 // Initialize counter to 1 if it's not in BCB, otherwise increment it by 1.
1242 if (retry_count == 0) {
1243 strlcat(boot.recovery, "--retry_count=1\n", sizeof(boot.recovery));
1244 } else {
1245 char buffer[20];
1246 snprintf(buffer, sizeof(buffer), "--retry_count=%d\n", retry_count+1);
1247 strlcat(boot.recovery, buffer, sizeof(boot.recovery));
1248 }
1249 set_bootloader_message(&boot);
1250 }
1251
logbasename(log_id_t,char,const char * filename,const char *,size_t len,void * arg)1252 static ssize_t logbasename(
1253 log_id_t /* logId */,
1254 char /* prio */,
1255 const char *filename,
1256 const char * /* buf */, size_t len,
1257 void *arg) {
1258 if (strstr(LAST_KMSG_FILE, filename) ||
1259 strstr(LAST_LOG_FILE, filename)) {
1260 bool *doRotate = reinterpret_cast<bool *>(arg);
1261 *doRotate = true;
1262 }
1263 return len;
1264 }
1265
logrotate(log_id_t logId,char prio,const char * filename,const char * buf,size_t len,void * arg)1266 static ssize_t logrotate(
1267 log_id_t logId,
1268 char prio,
1269 const char *filename,
1270 const char *buf, size_t len,
1271 void *arg) {
1272 bool *doRotate = reinterpret_cast<bool *>(arg);
1273 if (!*doRotate) {
1274 return __android_log_pmsg_file_write(logId, prio, filename, buf, len);
1275 }
1276
1277 std::string name(filename);
1278 size_t dot = name.find_last_of(".");
1279 std::string sub = name.substr(0, dot);
1280
1281 if (!strstr(LAST_KMSG_FILE, sub.c_str()) &&
1282 !strstr(LAST_LOG_FILE, sub.c_str())) {
1283 return __android_log_pmsg_file_write(logId, prio, filename, buf, len);
1284 }
1285
1286 // filename rotation
1287 if (dot == std::string::npos) {
1288 name += ".1";
1289 } else {
1290 std::string number = name.substr(dot + 1);
1291 if (!isdigit(number.data()[0])) {
1292 name += ".1";
1293 } else {
1294 unsigned long long i = std::stoull(number);
1295 name = sub + "." + std::to_string(i + 1);
1296 }
1297 }
1298
1299 return __android_log_pmsg_file_write(logId, prio, name.c_str(), buf, len);
1300 }
1301
main(int argc,char ** argv)1302 int main(int argc, char **argv) {
1303 // Take last pmsg contents and rewrite it to the current pmsg session.
1304 static const char filter[] = "recovery/";
1305 // Do we need to rotate?
1306 bool doRotate = false;
1307 __android_log_pmsg_file_read(
1308 LOG_ID_SYSTEM, ANDROID_LOG_INFO, filter,
1309 logbasename, &doRotate);
1310 // Take action to refresh pmsg contents
1311 __android_log_pmsg_file_read(
1312 LOG_ID_SYSTEM, ANDROID_LOG_INFO, filter,
1313 logrotate, &doRotate);
1314
1315 // If this binary is started with the single argument "--adbd",
1316 // instead of being the normal recovery binary, it turns into kind
1317 // of a stripped-down version of adbd that only supports the
1318 // 'sideload' command. Note this must be a real argument, not
1319 // anything in the command file or bootloader control block; the
1320 // only way recovery should be run with this argument is when it
1321 // starts a copy of itself from the apply_from_adb() function.
1322 if (argc == 2 && strcmp(argv[1], "--adbd") == 0) {
1323 adb_server_main(0, DEFAULT_ADB_PORT, -1);
1324 return 0;
1325 }
1326
1327 time_t start = time(NULL);
1328
1329 // redirect_stdio should be called only in non-sideload mode. Otherwise
1330 // we may have two logger instances with different timestamps.
1331 redirect_stdio(TEMPORARY_LOG_FILE);
1332
1333 printf("Starting recovery (pid %d) on %s", getpid(), ctime(&start));
1334
1335 load_volume_table();
1336 has_cache = volume_for_path(CACHE_ROOT) != nullptr;
1337
1338 get_args(&argc, &argv);
1339
1340 const char *send_intent = NULL;
1341 const char *update_package = NULL;
1342 bool should_wipe_data = false;
1343 bool should_wipe_cache = false;
1344 bool show_text = false;
1345 bool sideload = false;
1346 bool sideload_auto_reboot = false;
1347 bool just_exit = false;
1348 bool shutdown_after = false;
1349 int retry_count = 0;
1350 bool security_update = false;
1351
1352 int arg;
1353 while ((arg = getopt_long(argc, argv, "", OPTIONS, NULL)) != -1) {
1354 switch (arg) {
1355 case 'i': send_intent = optarg; break;
1356 case 'n': android::base::ParseInt(optarg, &retry_count, 0); break;
1357 case 'u': update_package = optarg; break;
1358 case 'w': should_wipe_data = true; break;
1359 case 'c': should_wipe_cache = true; break;
1360 case 't': show_text = true; break;
1361 case 's': sideload = true; break;
1362 case 'a': sideload = true; sideload_auto_reboot = true; break;
1363 case 'x': just_exit = true; break;
1364 case 'l': locale = optarg; break;
1365 case 'g': {
1366 if (stage == NULL || *stage == '\0') {
1367 char buffer[20] = "1/";
1368 strncat(buffer, optarg, sizeof(buffer)-3);
1369 stage = strdup(buffer);
1370 }
1371 break;
1372 }
1373 case 'p': shutdown_after = true; break;
1374 case 'r': reason = optarg; break;
1375 case 'e': security_update = true; break;
1376 case '?':
1377 LOGE("Invalid command argument\n");
1378 continue;
1379 }
1380 }
1381
1382 if (locale == nullptr && has_cache) {
1383 load_locale_from_cache();
1384 }
1385 printf("locale is [%s]\n", locale);
1386 printf("stage is [%s]\n", stage);
1387 printf("reason is [%s]\n", reason);
1388
1389 Device* device = make_device();
1390 ui = device->GetUI();
1391 gCurrentUI = ui;
1392
1393 ui->SetLocale(locale);
1394 ui->Init();
1395 // Set background string to "installing security update" for security update,
1396 // otherwise set it to "installing system update".
1397 ui->SetSystemUpdateText(security_update);
1398
1399 int st_cur, st_max;
1400 if (stage != NULL && sscanf(stage, "%d/%d", &st_cur, &st_max) == 2) {
1401 ui->SetStage(st_cur, st_max);
1402 }
1403
1404 ui->SetBackground(RecoveryUI::NONE);
1405 if (show_text) ui->ShowText(true);
1406
1407 struct selinux_opt seopts[] = {
1408 { SELABEL_OPT_PATH, "/file_contexts" }
1409 };
1410
1411 sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1);
1412
1413 if (!sehandle) {
1414 ui->Print("Warning: No file_contexts\n");
1415 }
1416
1417 device->StartRecovery();
1418
1419 printf("Command:");
1420 for (arg = 0; arg < argc; arg++) {
1421 printf(" \"%s\"", argv[arg]);
1422 }
1423 printf("\n");
1424
1425 if (update_package) {
1426 // For backwards compatibility on the cache partition only, if
1427 // we're given an old 'root' path "CACHE:foo", change it to
1428 // "/cache/foo".
1429 if (strncmp(update_package, "CACHE:", 6) == 0) {
1430 int len = strlen(update_package) + 10;
1431 char* modified_path = (char*)malloc(len);
1432 if (modified_path) {
1433 strlcpy(modified_path, "/cache/", len);
1434 strlcat(modified_path, update_package+6, len);
1435 printf("(replacing path \"%s\" with \"%s\")\n",
1436 update_package, modified_path);
1437 update_package = modified_path;
1438 }
1439 else
1440 printf("modified_path allocation failed\n");
1441 }
1442 }
1443 printf("\n");
1444
1445 property_list(print_property, NULL);
1446 printf("\n");
1447
1448 ui->Print("Supported API: %d\n", RECOVERY_API_VERSION);
1449
1450 int status = INSTALL_SUCCESS;
1451
1452 if (update_package != NULL) {
1453 // It's not entirely true that we will modify the flash. But we want
1454 // to log the update attempt since update_package is non-NULL.
1455 modified_flash = true;
1456
1457 if (!is_battery_ok()) {
1458 ui->Print("battery capacity is not enough for installing package, needed is %d%%\n",
1459 BATTERY_OK_PERCENTAGE);
1460 // Log the error code to last_install when installation skips due to
1461 // low battery.
1462 FILE* install_log = fopen_path(LAST_INSTALL_FILE, "w");
1463 if (install_log != nullptr) {
1464 fprintf(install_log, "%s\n", update_package);
1465 fprintf(install_log, "0\n");
1466 fprintf(install_log, "error: %d\n", kLowBattery);
1467 fclose(install_log);
1468 } else {
1469 LOGE("failed to open last_install: %s\n", strerror(errno));
1470 }
1471 status = INSTALL_SKIPPED;
1472 } else {
1473 status = install_package(update_package, &should_wipe_cache,
1474 TEMPORARY_INSTALL_FILE, true, retry_count);
1475 if (status == INSTALL_SUCCESS && should_wipe_cache) {
1476 wipe_cache(false, device);
1477 }
1478 if (status != INSTALL_SUCCESS) {
1479 ui->Print("Installation aborted.\n");
1480 // When I/O error happens, reboot and retry installation EIO_RETRY_COUNT
1481 // times before we abandon this OTA update.
1482 if (status == INSTALL_RETRY && retry_count < EIO_RETRY_COUNT) {
1483 copy_logs();
1484 set_retry_bootloader_message(retry_count, argc, argv);
1485 // Print retry count on screen.
1486 ui->Print("Retry attempt %d\n", retry_count);
1487
1488 // Reboot and retry the update
1489 int ret = property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
1490 if (ret < 0) {
1491 ui->Print("Reboot failed\n");
1492 } else {
1493 while (true) {
1494 pause();
1495 }
1496 }
1497 }
1498 // If this is an eng or userdebug build, then automatically
1499 // turn the text display on if the script fails so the error
1500 // message is visible.
1501 if (is_ro_debuggable()) {
1502 ui->ShowText(true);
1503 }
1504 }
1505 }
1506 } else if (should_wipe_data) {
1507 if (!wipe_data(false, device)) {
1508 status = INSTALL_ERROR;
1509 }
1510 } else if (should_wipe_cache) {
1511 if (!wipe_cache(false, device)) {
1512 status = INSTALL_ERROR;
1513 }
1514 } else if (sideload) {
1515 // 'adb reboot sideload' acts the same as user presses key combinations
1516 // to enter the sideload mode. When 'sideload-auto-reboot' is used, text
1517 // display will NOT be turned on by default. And it will reboot after
1518 // sideload finishes even if there are errors. Unless one turns on the
1519 // text display during the installation. This is to enable automated
1520 // testing.
1521 if (!sideload_auto_reboot) {
1522 ui->ShowText(true);
1523 }
1524 status = apply_from_adb(ui, &should_wipe_cache, TEMPORARY_INSTALL_FILE);
1525 if (status == INSTALL_SUCCESS && should_wipe_cache) {
1526 if (!wipe_cache(false, device)) {
1527 status = INSTALL_ERROR;
1528 }
1529 }
1530 ui->Print("\nInstall from ADB complete (status: %d).\n", status);
1531 if (sideload_auto_reboot) {
1532 ui->Print("Rebooting automatically.\n");
1533 }
1534 } else if (!just_exit) {
1535 status = INSTALL_NONE; // No command specified
1536 ui->SetBackground(RecoveryUI::NO_COMMAND);
1537
1538 // http://b/17489952
1539 // If this is an eng or userdebug build, automatically turn on the
1540 // text display if no command is specified.
1541 if (is_ro_debuggable()) {
1542 ui->ShowText(true);
1543 }
1544 }
1545
1546 if (!sideload_auto_reboot && (status == INSTALL_ERROR || status == INSTALL_CORRUPT)) {
1547 copy_logs();
1548 ui->SetBackground(RecoveryUI::ERROR);
1549 }
1550
1551 Device::BuiltinAction after = shutdown_after ? Device::SHUTDOWN : Device::REBOOT;
1552 if ((status != INSTALL_SUCCESS && status != INSTALL_SKIPPED && !sideload_auto_reboot) ||
1553 ui->IsTextVisible()) {
1554 Device::BuiltinAction temp = prompt_and_wait(device, status);
1555 if (temp != Device::NO_ACTION) {
1556 after = temp;
1557 }
1558 }
1559
1560 // Save logs and clean up before rebooting or shutting down.
1561 finish_recovery(send_intent);
1562
1563 switch (after) {
1564 case Device::SHUTDOWN:
1565 ui->Print("Shutting down...\n");
1566 property_set(ANDROID_RB_PROPERTY, "shutdown,");
1567 break;
1568
1569 case Device::REBOOT_BOOTLOADER:
1570 ui->Print("Rebooting to bootloader...\n");
1571 property_set(ANDROID_RB_PROPERTY, "reboot,bootloader");
1572 break;
1573
1574 default:
1575 ui->Print("Rebooting...\n");
1576 property_set(ANDROID_RB_PROPERTY, "reboot,");
1577 break;
1578 }
1579 while (true) {
1580 pause();
1581 }
1582 // Should be unreachable.
1583 return EXIT_SUCCESS;
1584 }
1585