1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <ctype.h>
18 #include <dirent.h>
19 #include <errno.h>
20 #include <fcntl.h>
21 #include <getopt.h>
22 #include <inttypes.h>
23 #include <limits.h>
24 #include <linux/fs.h>
25 #include <linux/input.h>
26 #include <stdarg.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <sys/klog.h>
31 #include <sys/stat.h>
32 #include <sys/types.h>
33 #include <sys/wait.h>
34 #include <time.h>
35 #include <unistd.h>
36
37 #include <algorithm>
38 #include <chrono>
39 #include <memory>
40 #include <string>
41 #include <vector>
42
43 #include <adb.h>
44 #include <android-base/file.h>
45 #include <android-base/logging.h>
46 #include <android-base/parseint.h>
47 #include <android-base/properties.h>
48 #include <android-base/stringprintf.h>
49 #include <android-base/strings.h>
50 #include <android-base/unique_fd.h>
51 #include <bootloader_message/bootloader_message.h>
52 #include <cutils/android_reboot.h>
53 #include <cutils/properties.h> /* for property_list */
54 #include <healthd/BatteryMonitor.h>
55 #include <private/android_logger.h> /* private pmsg functions */
56 #include <private/android_filesystem_config.h> /* for AID_SYSTEM */
57 #include <selinux/android.h>
58 #include <selinux/label.h>
59 #include <selinux/selinux.h>
60 #include <ziparchive/zip_archive.h>
61
62 #include "adb_install.h"
63 #include "common.h"
64 #include "device.h"
65 #include "error_code.h"
66 #include "fuse_sdcard_provider.h"
67 #include "fuse_sideload.h"
68 #include "install.h"
69 #include "minadbd/minadbd.h"
70 #include "minui/minui.h"
71 #include "otautil/DirUtil.h"
72 #include "roots.h"
73 #include "rotate_logs.h"
74 #include "screen_ui.h"
75 #include "stub_ui.h"
76 #include "ui.h"
77
78 static const struct option OPTIONS[] = {
79 { "update_package", required_argument, NULL, 'u' },
80 { "retry_count", required_argument, NULL, 'n' },
81 { "wipe_data", no_argument, NULL, 'w' },
82 { "wipe_cache", no_argument, NULL, 'c' },
83 { "show_text", no_argument, NULL, 't' },
84 { "sideload", no_argument, NULL, 's' },
85 { "sideload_auto_reboot", no_argument, NULL, 'a' },
86 { "just_exit", no_argument, NULL, 'x' },
87 { "locale", required_argument, NULL, 'l' },
88 { "shutdown_after", no_argument, NULL, 'p' },
89 { "reason", required_argument, NULL, 'r' },
90 { "security", no_argument, NULL, 'e'},
91 { "wipe_ab", no_argument, NULL, 0 },
92 { "wipe_package_size", required_argument, NULL, 0 },
93 { "prompt_and_wipe_data", no_argument, NULL, 0 },
94 { NULL, 0, NULL, 0 },
95 };
96
97 // More bootreasons can be found in "system/core/bootstat/bootstat.cpp".
98 static const std::vector<std::string> bootreason_blacklist {
99 "kernel_panic",
100 "Panic",
101 };
102
103 static const char *CACHE_LOG_DIR = "/cache/recovery";
104 static const char *COMMAND_FILE = "/cache/recovery/command";
105 static const char *LOG_FILE = "/cache/recovery/log";
106 static const char *LAST_INSTALL_FILE = "/cache/recovery/last_install";
107 static const char *LOCALE_FILE = "/cache/recovery/last_locale";
108 static const char *CONVERT_FBE_DIR = "/tmp/convert_fbe";
109 static const char *CONVERT_FBE_FILE = "/tmp/convert_fbe/convert_fbe";
110 static const char *CACHE_ROOT = "/cache";
111 static const char *DATA_ROOT = "/data";
112 static const char *SDCARD_ROOT = "/sdcard";
113 static const char *TEMPORARY_LOG_FILE = "/tmp/recovery.log";
114 static const char *TEMPORARY_INSTALL_FILE = "/tmp/last_install";
115 static const char *LAST_KMSG_FILE = "/cache/recovery/last_kmsg";
116 static const char *LAST_LOG_FILE = "/cache/recovery/last_log";
117 // We will try to apply the update package 5 times at most in case of an I/O error.
118 static const int EIO_RETRY_COUNT = 4;
119 static const int BATTERY_READ_TIMEOUT_IN_SEC = 10;
120 // GmsCore enters recovery mode to install package when having enough battery
121 // percentage. Normally, the threshold is 40% without charger and 20% with charger.
122 // So we should check battery with a slightly lower limitation.
123 static const int BATTERY_OK_PERCENTAGE = 20;
124 static const int BATTERY_WITH_CHARGER_OK_PERCENTAGE = 15;
125 static constexpr const char* RECOVERY_WIPE = "/etc/recovery.wipe";
126 static constexpr const char* DEFAULT_LOCALE = "en-US";
127
128 static std::string locale;
129 static bool has_cache = false;
130
131 RecoveryUI* ui = nullptr;
132 bool modified_flash = false;
133 std::string stage;
134 const char* reason = nullptr;
135 struct selabel_handle* sehandle;
136
137 /*
138 * The recovery tool communicates with the main system through /cache files.
139 * /cache/recovery/command - INPUT - command line for tool, one arg per line
140 * /cache/recovery/log - OUTPUT - combined log file from recovery run(s)
141 *
142 * The arguments which may be supplied in the recovery.command file:
143 * --update_package=path - verify install an OTA package file
144 * --wipe_data - erase user data (and cache), then reboot
145 * --prompt_and_wipe_data - prompt the user that data is corrupt,
146 * with their consent erase user data (and cache), then reboot
147 * --wipe_cache - wipe cache (but not user data), then reboot
148 * --set_encrypted_filesystem=on|off - enables / diasables encrypted fs
149 * --just_exit - do nothing; exit and reboot
150 *
151 * After completing, we remove /cache/recovery/command and reboot.
152 * Arguments may also be supplied in the bootloader control block (BCB).
153 * These important scenarios must be safely restartable at any point:
154 *
155 * FACTORY RESET
156 * 1. user selects "factory reset"
157 * 2. main system writes "--wipe_data" to /cache/recovery/command
158 * 3. main system reboots into recovery
159 * 4. get_args() writes BCB with "boot-recovery" and "--wipe_data"
160 * -- after this, rebooting will restart the erase --
161 * 5. erase_volume() reformats /data
162 * 6. erase_volume() reformats /cache
163 * 7. finish_recovery() erases BCB
164 * -- after this, rebooting will restart the main system --
165 * 8. main() calls reboot() to boot main system
166 *
167 * OTA INSTALL
168 * 1. main system downloads OTA package to /cache/some-filename.zip
169 * 2. main system writes "--update_package=/cache/some-filename.zip"
170 * 3. main system reboots into recovery
171 * 4. get_args() writes BCB with "boot-recovery" and "--update_package=..."
172 * -- after this, rebooting will attempt to reinstall the update --
173 * 5. install_package() attempts to install the update
174 * NOTE: the package install must itself be restartable from any point
175 * 6. finish_recovery() erases BCB
176 * -- after this, rebooting will (try to) restart the main system --
177 * 7. ** if install failed **
178 * 7a. prompt_and_wait() shows an error icon and waits for the user
179 * 7b. the user reboots (pulling the battery, etc) into the main system
180 */
181
182 // open a given path, mounting partitions as necessary
fopen_path(const char * path,const char * mode)183 FILE* fopen_path(const char *path, const char *mode) {
184 if (ensure_path_mounted(path) != 0) {
185 LOG(ERROR) << "Can't mount " << path;
186 return NULL;
187 }
188
189 // When writing, try to create the containing directory, if necessary.
190 // Use generous permissions, the system (init.rc) will reset them.
191 if (strchr("wa", mode[0])) dirCreateHierarchy(path, 0777, NULL, 1, sehandle);
192
193 FILE *fp = fopen(path, mode);
194 return fp;
195 }
196
197 // close a file, log an error if the error indicator is set
check_and_fclose(FILE * fp,const char * name)198 static void check_and_fclose(FILE *fp, const char *name) {
199 fflush(fp);
200 if (fsync(fileno(fp)) == -1) {
201 PLOG(ERROR) << "Failed to fsync " << name;
202 }
203 if (ferror(fp)) {
204 PLOG(ERROR) << "Error in " << name;
205 }
206 fclose(fp);
207 }
208
is_ro_debuggable()209 bool is_ro_debuggable() {
210 return android::base::GetBoolProperty("ro.debuggable", false);
211 }
212
reboot(const std::string & command)213 bool reboot(const std::string& command) {
214 std::string cmd = command;
215 if (android::base::GetBoolProperty("ro.boot.quiescent", false)) {
216 cmd += ",quiescent";
217 }
218 return android::base::SetProperty(ANDROID_RB_PROPERTY, cmd);
219 }
220
redirect_stdio(const char * filename)221 static void redirect_stdio(const char* filename) {
222 int pipefd[2];
223 if (pipe(pipefd) == -1) {
224 PLOG(ERROR) << "pipe failed";
225
226 // Fall back to traditional logging mode without timestamps.
227 // If these fail, there's not really anywhere to complain...
228 freopen(filename, "a", stdout); setbuf(stdout, NULL);
229 freopen(filename, "a", stderr); setbuf(stderr, NULL);
230
231 return;
232 }
233
234 pid_t pid = fork();
235 if (pid == -1) {
236 PLOG(ERROR) << "fork failed";
237
238 // Fall back to traditional logging mode without timestamps.
239 // If these fail, there's not really anywhere to complain...
240 freopen(filename, "a", stdout); setbuf(stdout, NULL);
241 freopen(filename, "a", stderr); setbuf(stderr, NULL);
242
243 return;
244 }
245
246 if (pid == 0) {
247 /// Close the unused write end.
248 close(pipefd[1]);
249
250 auto start = std::chrono::steady_clock::now();
251
252 // Child logger to actually write to the log file.
253 FILE* log_fp = fopen(filename, "a");
254 if (log_fp == nullptr) {
255 PLOG(ERROR) << "fopen \"" << filename << "\" failed";
256 close(pipefd[0]);
257 _exit(EXIT_FAILURE);
258 }
259
260 FILE* pipe_fp = fdopen(pipefd[0], "r");
261 if (pipe_fp == nullptr) {
262 PLOG(ERROR) << "fdopen failed";
263 check_and_fclose(log_fp, filename);
264 close(pipefd[0]);
265 _exit(EXIT_FAILURE);
266 }
267
268 char* line = nullptr;
269 size_t len = 0;
270 while (getline(&line, &len, pipe_fp) != -1) {
271 auto now = std::chrono::steady_clock::now();
272 double duration = std::chrono::duration_cast<std::chrono::duration<double>>(
273 now - start).count();
274 if (line[0] == '\n') {
275 fprintf(log_fp, "[%12.6lf]\n", duration);
276 } else {
277 fprintf(log_fp, "[%12.6lf] %s", duration, line);
278 }
279 fflush(log_fp);
280 }
281
282 PLOG(ERROR) << "getline failed";
283
284 free(line);
285 check_and_fclose(log_fp, filename);
286 close(pipefd[0]);
287 _exit(EXIT_FAILURE);
288 } else {
289 // Redirect stdout/stderr to the logger process.
290 // Close the unused read end.
291 close(pipefd[0]);
292
293 setbuf(stdout, nullptr);
294 setbuf(stderr, nullptr);
295
296 if (dup2(pipefd[1], STDOUT_FILENO) == -1) {
297 PLOG(ERROR) << "dup2 stdout failed";
298 }
299 if (dup2(pipefd[1], STDERR_FILENO) == -1) {
300 PLOG(ERROR) << "dup2 stderr failed";
301 }
302
303 close(pipefd[1]);
304 }
305 }
306
307 // command line args come from, in decreasing precedence:
308 // - the actual command line
309 // - the bootloader control block (one per line, after "recovery")
310 // - the contents of COMMAND_FILE (one per line)
get_args(const int argc,char ** const argv)311 static std::vector<std::string> get_args(const int argc, char** const argv) {
312 CHECK_GT(argc, 0);
313
314 bootloader_message boot = {};
315 std::string err;
316 if (!read_bootloader_message(&boot, &err)) {
317 LOG(ERROR) << err;
318 // If fails, leave a zeroed bootloader_message.
319 boot = {};
320 }
321 stage = std::string(boot.stage);
322
323 if (boot.command[0] != 0) {
324 std::string boot_command = std::string(boot.command, sizeof(boot.command));
325 LOG(INFO) << "Boot command: " << boot_command;
326 }
327
328 if (boot.status[0] != 0) {
329 std::string boot_status = std::string(boot.status, sizeof(boot.status));
330 LOG(INFO) << "Boot status: " << boot_status;
331 }
332
333 std::vector<std::string> args(argv, argv + argc);
334
335 // --- if arguments weren't supplied, look in the bootloader control block
336 if (args.size() == 1) {
337 boot.recovery[sizeof(boot.recovery) - 1] = '\0'; // Ensure termination
338 std::string boot_recovery(boot.recovery);
339 std::vector<std::string> tokens = android::base::Split(boot_recovery, "\n");
340 if (!tokens.empty() && tokens[0] == "recovery") {
341 for (auto it = tokens.begin() + 1; it != tokens.end(); it++) {
342 // Skip empty and '\0'-filled tokens.
343 if (!it->empty() && (*it)[0] != '\0') args.push_back(std::move(*it));
344 }
345 LOG(INFO) << "Got " << args.size() << " arguments from boot message";
346 } else if (boot.recovery[0] != 0) {
347 LOG(ERROR) << "Bad boot message: \"" << boot_recovery << "\"";
348 }
349 }
350
351 // --- if that doesn't work, try the command file (if we have /cache).
352 if (args.size() == 1 && has_cache) {
353 std::string content;
354 if (ensure_path_mounted(COMMAND_FILE) == 0 &&
355 android::base::ReadFileToString(COMMAND_FILE, &content)) {
356 std::vector<std::string> tokens = android::base::Split(content, "\n");
357 // All the arguments in COMMAND_FILE are needed (unlike the BCB message,
358 // COMMAND_FILE doesn't use filename as the first argument).
359 for (auto it = tokens.begin(); it != tokens.end(); it++) {
360 // Skip empty and '\0'-filled tokens.
361 if (!it->empty() && (*it)[0] != '\0') args.push_back(std::move(*it));
362 }
363 LOG(INFO) << "Got " << args.size() << " arguments from " << COMMAND_FILE;
364 }
365 }
366
367 // Write the arguments (excluding the filename in args[0]) back into the
368 // bootloader control block. So the device will always boot into recovery to
369 // finish the pending work, until finish_recovery() is called.
370 std::vector<std::string> options(args.cbegin() + 1, args.cend());
371 if (!update_bootloader_message(options, &err)) {
372 LOG(ERROR) << "Failed to set BCB message: " << err;
373 }
374
375 return args;
376 }
377
378 // Set the BCB to reboot back into recovery (it won't resume the install from
379 // sdcard though).
set_sdcard_update_bootloader_message()380 static void set_sdcard_update_bootloader_message() {
381 std::vector<std::string> options;
382 std::string err;
383 if (!update_bootloader_message(options, &err)) {
384 LOG(ERROR) << "Failed to set BCB message: " << err;
385 }
386 }
387
388 // Read from kernel log into buffer and write out to file.
save_kernel_log(const char * destination)389 static void save_kernel_log(const char* destination) {
390 int klog_buf_len = klogctl(KLOG_SIZE_BUFFER, 0, 0);
391 if (klog_buf_len <= 0) {
392 PLOG(ERROR) << "Error getting klog size";
393 return;
394 }
395
396 std::string buffer(klog_buf_len, 0);
397 int n = klogctl(KLOG_READ_ALL, &buffer[0], klog_buf_len);
398 if (n == -1) {
399 PLOG(ERROR) << "Error in reading klog";
400 return;
401 }
402 buffer.resize(n);
403 android::base::WriteStringToFile(buffer, destination);
404 }
405
406 // write content to the current pmsg session.
__pmsg_write(const char * filename,const char * buf,size_t len)407 static ssize_t __pmsg_write(const char *filename, const char *buf, size_t len) {
408 return __android_log_pmsg_file_write(LOG_ID_SYSTEM, ANDROID_LOG_INFO,
409 filename, buf, len);
410 }
411
copy_log_file_to_pmsg(const char * source,const char * destination)412 static void copy_log_file_to_pmsg(const char* source, const char* destination) {
413 std::string content;
414 android::base::ReadFileToString(source, &content);
415 __pmsg_write(destination, content.c_str(), content.length());
416 }
417
418 // How much of the temp log we have copied to the copy in cache.
419 static off_t tmplog_offset = 0;
420
copy_log_file(const char * source,const char * destination,bool append)421 static void copy_log_file(const char* source, const char* destination, bool append) {
422 FILE* dest_fp = fopen_path(destination, append ? "a" : "w");
423 if (dest_fp == nullptr) {
424 PLOG(ERROR) << "Can't open " << destination;
425 } else {
426 FILE* source_fp = fopen(source, "r");
427 if (source_fp != nullptr) {
428 if (append) {
429 fseeko(source_fp, tmplog_offset, SEEK_SET); // Since last write
430 }
431 char buf[4096];
432 size_t bytes;
433 while ((bytes = fread(buf, 1, sizeof(buf), source_fp)) != 0) {
434 fwrite(buf, 1, bytes, dest_fp);
435 }
436 if (append) {
437 tmplog_offset = ftello(source_fp);
438 }
439 check_and_fclose(source_fp, source);
440 }
441 check_and_fclose(dest_fp, destination);
442 }
443 }
444
copy_logs()445 static void copy_logs() {
446 // We only rotate and record the log of the current session if there are
447 // actual attempts to modify the flash, such as wipes, installs from BCB
448 // or menu selections. This is to avoid unnecessary rotation (and
449 // possible deletion) of log files, if it does not do anything loggable.
450 if (!modified_flash) {
451 return;
452 }
453
454 // Always write to pmsg, this allows the OTA logs to be caught in logcat -L
455 copy_log_file_to_pmsg(TEMPORARY_LOG_FILE, LAST_LOG_FILE);
456 copy_log_file_to_pmsg(TEMPORARY_INSTALL_FILE, LAST_INSTALL_FILE);
457
458 // We can do nothing for now if there's no /cache partition.
459 if (!has_cache) {
460 return;
461 }
462
463 ensure_path_mounted(LAST_LOG_FILE);
464 ensure_path_mounted(LAST_KMSG_FILE);
465 rotate_logs(LAST_LOG_FILE, LAST_KMSG_FILE);
466
467 // Copy logs to cache so the system can find out what happened.
468 copy_log_file(TEMPORARY_LOG_FILE, LOG_FILE, true);
469 copy_log_file(TEMPORARY_LOG_FILE, LAST_LOG_FILE, false);
470 copy_log_file(TEMPORARY_INSTALL_FILE, LAST_INSTALL_FILE, false);
471 save_kernel_log(LAST_KMSG_FILE);
472 chmod(LOG_FILE, 0600);
473 chown(LOG_FILE, AID_SYSTEM, AID_SYSTEM);
474 chmod(LAST_KMSG_FILE, 0600);
475 chown(LAST_KMSG_FILE, AID_SYSTEM, AID_SYSTEM);
476 chmod(LAST_LOG_FILE, 0640);
477 chmod(LAST_INSTALL_FILE, 0644);
478 sync();
479 }
480
481 // clear the recovery command and prepare to boot a (hopefully working) system,
482 // copy our log file to cache as well (for the system to read). This function is
483 // idempotent: call it as many times as you like.
finish_recovery()484 static void finish_recovery() {
485 // Save the locale to cache, so if recovery is next started up
486 // without a --locale argument (eg, directly from the bootloader)
487 // it will use the last-known locale.
488 if (!locale.empty() && has_cache) {
489 LOG(INFO) << "Saving locale \"" << locale << "\"";
490
491 FILE* fp = fopen_path(LOCALE_FILE, "w");
492 if (!android::base::WriteStringToFd(locale, fileno(fp))) {
493 PLOG(ERROR) << "Failed to save locale to " << LOCALE_FILE;
494 }
495 check_and_fclose(fp, LOCALE_FILE);
496 }
497
498 copy_logs();
499
500 // Reset to normal system boot so recovery won't cycle indefinitely.
501 std::string err;
502 if (!clear_bootloader_message(&err)) {
503 LOG(ERROR) << "Failed to clear BCB message: " << err;
504 }
505
506 // Remove the command file, so recovery won't repeat indefinitely.
507 if (has_cache) {
508 if (ensure_path_mounted(COMMAND_FILE) != 0 || (unlink(COMMAND_FILE) && errno != ENOENT)) {
509 LOG(WARNING) << "Can't unlink " << COMMAND_FILE;
510 }
511 ensure_path_unmounted(CACHE_ROOT);
512 }
513
514 sync(); // For good measure.
515 }
516
517 struct saved_log_file {
518 std::string name;
519 struct stat sb;
520 std::string data;
521 };
522
erase_volume(const char * volume)523 static bool erase_volume(const char* volume) {
524 bool is_cache = (strcmp(volume, CACHE_ROOT) == 0);
525 bool is_data = (strcmp(volume, DATA_ROOT) == 0);
526
527 ui->SetBackground(RecoveryUI::ERASING);
528 ui->SetProgressType(RecoveryUI::INDETERMINATE);
529
530 std::vector<saved_log_file> log_files;
531
532 if (is_cache) {
533 // If we're reformatting /cache, we load any past logs
534 // (i.e. "/cache/recovery/last_*") and the current log
535 // ("/cache/recovery/log") into memory, so we can restore them after
536 // the reformat.
537
538 ensure_path_mounted(volume);
539
540 struct dirent* de;
541 std::unique_ptr<DIR, decltype(&closedir)> d(opendir(CACHE_LOG_DIR), closedir);
542 if (d) {
543 while ((de = readdir(d.get())) != nullptr) {
544 if (strncmp(de->d_name, "last_", 5) == 0 || strcmp(de->d_name, "log") == 0) {
545 std::string path = android::base::StringPrintf("%s/%s", CACHE_LOG_DIR, de->d_name);
546
547 struct stat sb;
548 if (stat(path.c_str(), &sb) == 0) {
549 // truncate files to 512kb
550 if (sb.st_size > (1 << 19)) {
551 sb.st_size = 1 << 19;
552 }
553
554 std::string data(sb.st_size, '\0');
555 FILE* f = fopen(path.c_str(), "rb");
556 fread(&data[0], 1, data.size(), f);
557 fclose(f);
558
559 log_files.emplace_back(saved_log_file{ path, sb, data });
560 }
561 }
562 }
563 } else {
564 if (errno != ENOENT) {
565 PLOG(ERROR) << "Failed to opendir " << CACHE_LOG_DIR;
566 }
567 }
568 }
569
570 ui->Print("Formatting %s...\n", volume);
571
572 ensure_path_unmounted(volume);
573
574 int result;
575
576 if (is_data && reason && strcmp(reason, "convert_fbe") == 0) {
577 // Create convert_fbe breadcrumb file to signal to init
578 // to convert to file based encryption, not full disk encryption
579 if (mkdir(CONVERT_FBE_DIR, 0700) != 0) {
580 ui->Print("Failed to make convert_fbe dir %s\n", strerror(errno));
581 return true;
582 }
583 FILE* f = fopen(CONVERT_FBE_FILE, "wb");
584 if (!f) {
585 ui->Print("Failed to convert to file encryption %s\n", strerror(errno));
586 return true;
587 }
588 fclose(f);
589 result = format_volume(volume, CONVERT_FBE_DIR);
590 remove(CONVERT_FBE_FILE);
591 rmdir(CONVERT_FBE_DIR);
592 } else {
593 result = format_volume(volume);
594 }
595
596 if (is_cache) {
597 // Re-create the log dir and write back the log entries.
598 if (ensure_path_mounted(CACHE_LOG_DIR) == 0 &&
599 dirCreateHierarchy(CACHE_LOG_DIR, 0777, nullptr, false, sehandle) == 0) {
600 for (const auto& log : log_files) {
601 if (!android::base::WriteStringToFile(log.data, log.name, log.sb.st_mode, log.sb.st_uid,
602 log.sb.st_gid)) {
603 PLOG(ERROR) << "Failed to write to " << log.name;
604 }
605 }
606 } else {
607 PLOG(ERROR) << "Failed to mount / create " << CACHE_LOG_DIR;
608 }
609
610 // Any part of the log we'd copied to cache is now gone.
611 // Reset the pointer so we copy from the beginning of the temp
612 // log.
613 tmplog_offset = 0;
614 copy_logs();
615 }
616
617 return (result == 0);
618 }
619
620 // Display a menu with the specified 'headers' and 'items'. Device specific HandleMenuKey() may
621 // return a positive number beyond the given range. Caller sets 'menu_only' to true to ensure only
622 // a menu item gets selected. 'initial_selection' controls the initial cursor location. Returns the
623 // (non-negative) chosen item number, or -1 if timed out waiting for input.
get_menu_selection(const char * const * headers,const char * const * items,bool menu_only,int initial_selection,Device * device)624 static int get_menu_selection(const char* const* headers, const char* const* items, bool menu_only,
625 int initial_selection, Device* device) {
626 // Throw away keys pressed previously, so user doesn't accidentally trigger menu items.
627 ui->FlushKeys();
628
629 ui->StartMenu(headers, items, initial_selection);
630
631 int selected = initial_selection;
632 int chosen_item = -1;
633 while (chosen_item < 0) {
634 int key = ui->WaitKey();
635 if (key == -1) { // WaitKey() timed out.
636 if (ui->WasTextEverVisible()) {
637 continue;
638 } else {
639 LOG(INFO) << "Timed out waiting for key input; rebooting.";
640 ui->EndMenu();
641 return -1;
642 }
643 }
644
645 bool visible = ui->IsTextVisible();
646 int action = device->HandleMenuKey(key, visible);
647
648 if (action < 0) {
649 switch (action) {
650 case Device::kHighlightUp:
651 selected = ui->SelectMenu(--selected);
652 break;
653 case Device::kHighlightDown:
654 selected = ui->SelectMenu(++selected);
655 break;
656 case Device::kInvokeItem:
657 chosen_item = selected;
658 break;
659 case Device::kNoAction:
660 break;
661 }
662 } else if (!menu_only) {
663 chosen_item = action;
664 }
665 }
666
667 ui->EndMenu();
668 return chosen_item;
669 }
670
671 // Returns the selected filename, or an empty string.
browse_directory(const std::string & path,Device * device)672 static std::string browse_directory(const std::string& path, Device* device) {
673 ensure_path_mounted(path.c_str());
674
675 std::unique_ptr<DIR, decltype(&closedir)> d(opendir(path.c_str()), closedir);
676 if (!d) {
677 PLOG(ERROR) << "error opening " << path;
678 return "";
679 }
680
681 std::vector<std::string> dirs;
682 std::vector<std::string> zips = { "../" }; // "../" is always the first entry.
683
684 dirent* de;
685 while ((de = readdir(d.get())) != nullptr) {
686 std::string name(de->d_name);
687
688 if (de->d_type == DT_DIR) {
689 // Skip "." and ".." entries.
690 if (name == "." || name == "..") continue;
691 dirs.push_back(name + "/");
692 } else if (de->d_type == DT_REG && android::base::EndsWithIgnoreCase(name, ".zip")) {
693 zips.push_back(name);
694 }
695 }
696
697 std::sort(dirs.begin(), dirs.end());
698 std::sort(zips.begin(), zips.end());
699
700 // Append dirs to the zips list.
701 zips.insert(zips.end(), dirs.begin(), dirs.end());
702
703 const char* entries[zips.size() + 1];
704 entries[zips.size()] = nullptr;
705 for (size_t i = 0; i < zips.size(); i++) {
706 entries[i] = zips[i].c_str();
707 }
708
709 const char* headers[] = { "Choose a package to install:", path.c_str(), nullptr };
710
711 int chosen_item = 0;
712 while (true) {
713 chosen_item = get_menu_selection(headers, entries, true, chosen_item, device);
714
715 const std::string& item = zips[chosen_item];
716 if (chosen_item == 0) {
717 // Go up but continue browsing (if the caller is browse_directory).
718 return "";
719 }
720
721 std::string new_path = path + "/" + item;
722 if (new_path.back() == '/') {
723 // Recurse down into a subdirectory.
724 new_path.pop_back();
725 std::string result = browse_directory(new_path, device);
726 if (!result.empty()) return result;
727 } else {
728 // Selected a zip file: return the path to the caller.
729 return new_path;
730 }
731 }
732
733 // Unreachable.
734 }
735
yes_no(Device * device,const char * question1,const char * question2)736 static bool yes_no(Device* device, const char* question1, const char* question2) {
737 const char* headers[] = { question1, question2, NULL };
738 const char* items[] = { " No", " Yes", NULL };
739
740 int chosen_item = get_menu_selection(headers, items, true, 0, device);
741 return (chosen_item == 1);
742 }
743
ask_to_wipe_data(Device * device)744 static bool ask_to_wipe_data(Device* device) {
745 return yes_no(device, "Wipe all user data?", " THIS CAN NOT BE UNDONE!");
746 }
747
748 // Return true on success.
wipe_data(Device * device)749 static bool wipe_data(Device* device) {
750 modified_flash = true;
751
752 ui->Print("\n-- Wiping data...\n");
753 bool success =
754 device->PreWipeData() &&
755 erase_volume("/data") &&
756 (has_cache ? erase_volume("/cache") : true) &&
757 device->PostWipeData();
758 ui->Print("Data wipe %s.\n", success ? "complete" : "failed");
759 return success;
760 }
761
prompt_and_wipe_data(Device * device)762 static bool prompt_and_wipe_data(Device* device) {
763 const char* const headers[] = {
764 "Can't load Android system. Your data may be corrupt.",
765 "If you continue to get this message, you may need to",
766 "perform a factory data reset and erase all user data",
767 "stored on this device.",
768 NULL
769 };
770 const char* const items[] = {
771 "Try again",
772 "Factory data reset",
773 NULL
774 };
775 for (;;) {
776 int chosen_item = get_menu_selection(headers, items, true, 0, device);
777 if (chosen_item != 1) {
778 return true; // Just reboot, no wipe; not a failure, user asked for it
779 }
780 if (ask_to_wipe_data(device)) {
781 return wipe_data(device);
782 }
783 }
784 }
785
786 // Return true on success.
wipe_cache(bool should_confirm,Device * device)787 static bool wipe_cache(bool should_confirm, Device* device) {
788 if (!has_cache) {
789 ui->Print("No /cache partition found.\n");
790 return false;
791 }
792
793 if (should_confirm && !yes_no(device, "Wipe cache?", " THIS CAN NOT BE UNDONE!")) {
794 return false;
795 }
796
797 modified_flash = true;
798
799 ui->Print("\n-- Wiping cache...\n");
800 bool success = erase_volume("/cache");
801 ui->Print("Cache wipe %s.\n", success ? "complete" : "failed");
802 return success;
803 }
804
805 // Secure-wipe a given partition. It uses BLKSECDISCARD, if supported. Otherwise, it goes with
806 // BLKDISCARD (if device supports BLKDISCARDZEROES) or BLKZEROOUT.
secure_wipe_partition(const std::string & partition)807 static bool secure_wipe_partition(const std::string& partition) {
808 android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(partition.c_str(), O_WRONLY)));
809 if (fd == -1) {
810 PLOG(ERROR) << "Failed to open \"" << partition << "\"";
811 return false;
812 }
813
814 uint64_t range[2] = { 0, 0 };
815 if (ioctl(fd, BLKGETSIZE64, &range[1]) == -1 || range[1] == 0) {
816 PLOG(ERROR) << "Failed to get partition size";
817 return false;
818 }
819 LOG(INFO) << "Secure-wiping \"" << partition << "\" from " << range[0] << " to " << range[1];
820
821 LOG(INFO) << " Trying BLKSECDISCARD...";
822 if (ioctl(fd, BLKSECDISCARD, &range) == -1) {
823 PLOG(WARNING) << " Failed";
824
825 // Use BLKDISCARD if it zeroes out blocks, otherwise use BLKZEROOUT.
826 unsigned int zeroes;
827 if (ioctl(fd, BLKDISCARDZEROES, &zeroes) == 0 && zeroes != 0) {
828 LOG(INFO) << " Trying BLKDISCARD...";
829 if (ioctl(fd, BLKDISCARD, &range) == -1) {
830 PLOG(ERROR) << " Failed";
831 return false;
832 }
833 } else {
834 LOG(INFO) << " Trying BLKZEROOUT...";
835 if (ioctl(fd, BLKZEROOUT, &range) == -1) {
836 PLOG(ERROR) << " Failed";
837 return false;
838 }
839 }
840 }
841
842 LOG(INFO) << " Done";
843 return true;
844 }
845
846 // Check if the wipe package matches expectation:
847 // 1. verify the package.
848 // 2. check metadata (ota-type, pre-device and serial number if having one).
check_wipe_package(size_t wipe_package_size)849 static bool check_wipe_package(size_t wipe_package_size) {
850 if (wipe_package_size == 0) {
851 LOG(ERROR) << "wipe_package_size is zero";
852 return false;
853 }
854 std::string wipe_package;
855 std::string err_str;
856 if (!read_wipe_package(&wipe_package, wipe_package_size, &err_str)) {
857 PLOG(ERROR) << "Failed to read wipe package";
858 return false;
859 }
860 if (!verify_package(reinterpret_cast<const unsigned char*>(wipe_package.data()),
861 wipe_package.size())) {
862 LOG(ERROR) << "Failed to verify package";
863 return false;
864 }
865
866 // Extract metadata
867 ZipArchiveHandle zip;
868 int err = OpenArchiveFromMemory(static_cast<void*>(&wipe_package[0]), wipe_package.size(),
869 "wipe_package", &zip);
870 if (err != 0) {
871 LOG(ERROR) << "Can't open wipe package : " << ErrorCodeString(err);
872 return false;
873 }
874 std::string metadata;
875 if (!read_metadata_from_package(zip, &metadata)) {
876 CloseArchive(zip);
877 return false;
878 }
879 CloseArchive(zip);
880
881 // Check metadata
882 std::vector<std::string> lines = android::base::Split(metadata, "\n");
883 bool ota_type_matched = false;
884 bool device_type_matched = false;
885 bool has_serial_number = false;
886 bool serial_number_matched = false;
887 for (const auto& line : lines) {
888 if (line == "ota-type=BRICK") {
889 ota_type_matched = true;
890 } else if (android::base::StartsWith(line, "pre-device=")) {
891 std::string device_type = line.substr(strlen("pre-device="));
892 std::string real_device_type = android::base::GetProperty("ro.build.product", "");
893 device_type_matched = (device_type == real_device_type);
894 } else if (android::base::StartsWith(line, "serialno=")) {
895 std::string serial_no = line.substr(strlen("serialno="));
896 std::string real_serial_no = android::base::GetProperty("ro.serialno", "");
897 has_serial_number = true;
898 serial_number_matched = (serial_no == real_serial_no);
899 }
900 }
901 return ota_type_matched && device_type_matched && (!has_serial_number || serial_number_matched);
902 }
903
904 // Wipe the current A/B device, with a secure wipe of all the partitions in
905 // RECOVERY_WIPE.
wipe_ab_device(size_t wipe_package_size)906 static bool wipe_ab_device(size_t wipe_package_size) {
907 ui->SetBackground(RecoveryUI::ERASING);
908 ui->SetProgressType(RecoveryUI::INDETERMINATE);
909
910 if (!check_wipe_package(wipe_package_size)) {
911 LOG(ERROR) << "Failed to verify wipe package";
912 return false;
913 }
914 std::string partition_list;
915 if (!android::base::ReadFileToString(RECOVERY_WIPE, &partition_list)) {
916 LOG(ERROR) << "failed to read \"" << RECOVERY_WIPE << "\"";
917 return false;
918 }
919
920 std::vector<std::string> lines = android::base::Split(partition_list, "\n");
921 for (const std::string& line : lines) {
922 std::string partition = android::base::Trim(line);
923 // Ignore '#' comment or empty lines.
924 if (android::base::StartsWith(partition, "#") || partition.empty()) {
925 continue;
926 }
927
928 // Proceed anyway even if it fails to wipe some partition.
929 secure_wipe_partition(partition);
930 }
931 return true;
932 }
933
choose_recovery_file(Device * device)934 static void choose_recovery_file(Device* device) {
935 std::vector<std::string> entries;
936 if (has_cache) {
937 for (int i = 0; i < KEEP_LOG_COUNT; i++) {
938 auto add_to_entries = [&](const char* filename) {
939 std::string log_file(filename);
940 if (i > 0) {
941 log_file += "." + std::to_string(i);
942 }
943
944 if (ensure_path_mounted(log_file.c_str()) == 0 && access(log_file.c_str(), R_OK) == 0) {
945 entries.push_back(std::move(log_file));
946 }
947 };
948
949 // Add LAST_LOG_FILE + LAST_LOG_FILE.x
950 add_to_entries(LAST_LOG_FILE);
951
952 // Add LAST_KMSG_FILE + LAST_KMSG_FILE.x
953 add_to_entries(LAST_KMSG_FILE);
954 }
955 } else {
956 // If cache partition is not found, view /tmp/recovery.log instead.
957 if (access(TEMPORARY_LOG_FILE, R_OK) == -1) {
958 return;
959 } else {
960 entries.push_back(TEMPORARY_LOG_FILE);
961 }
962 }
963
964 entries.push_back("Back");
965
966 std::vector<const char*> menu_entries(entries.size());
967 std::transform(entries.cbegin(), entries.cend(), menu_entries.begin(),
968 [](const std::string& entry) { return entry.c_str(); });
969 menu_entries.push_back(nullptr);
970
971 const char* headers[] = { "Select file to view", nullptr };
972
973 int chosen_item = 0;
974 while (true) {
975 chosen_item = get_menu_selection(headers, menu_entries.data(), true, chosen_item, device);
976 if (entries[chosen_item] == "Back") break;
977
978 ui->ShowFile(entries[chosen_item].c_str());
979 }
980 }
981
run_graphics_test()982 static void run_graphics_test() {
983 // Switch to graphics screen.
984 ui->ShowText(false);
985
986 ui->SetProgressType(RecoveryUI::INDETERMINATE);
987 ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
988 sleep(1);
989
990 ui->SetBackground(RecoveryUI::ERROR);
991 sleep(1);
992
993 ui->SetBackground(RecoveryUI::NO_COMMAND);
994 sleep(1);
995
996 ui->SetBackground(RecoveryUI::ERASING);
997 sleep(1);
998
999 // Calling SetBackground() after SetStage() to trigger a redraw.
1000 ui->SetStage(1, 3);
1001 ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
1002 sleep(1);
1003 ui->SetStage(2, 3);
1004 ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
1005 sleep(1);
1006 ui->SetStage(3, 3);
1007 ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
1008 sleep(1);
1009
1010 ui->SetStage(-1, -1);
1011 ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
1012
1013 ui->SetProgressType(RecoveryUI::DETERMINATE);
1014 ui->ShowProgress(1.0, 10.0);
1015 float fraction = 0.0;
1016 for (size_t i = 0; i < 100; ++i) {
1017 fraction += .01;
1018 ui->SetProgress(fraction);
1019 usleep(100000);
1020 }
1021
1022 ui->ShowText(true);
1023 }
1024
1025 // How long (in seconds) we wait for the fuse-provided package file to
1026 // appear, before timing out.
1027 #define SDCARD_INSTALL_TIMEOUT 10
1028
apply_from_sdcard(Device * device,bool * wipe_cache)1029 static int apply_from_sdcard(Device* device, bool* wipe_cache) {
1030 modified_flash = true;
1031
1032 if (ensure_path_mounted(SDCARD_ROOT) != 0) {
1033 ui->Print("\n-- Couldn't mount %s.\n", SDCARD_ROOT);
1034 return INSTALL_ERROR;
1035 }
1036
1037 std::string path = browse_directory(SDCARD_ROOT, device);
1038 if (path.empty()) {
1039 ui->Print("\n-- No package file selected.\n");
1040 ensure_path_unmounted(SDCARD_ROOT);
1041 return INSTALL_ERROR;
1042 }
1043
1044 ui->Print("\n-- Install %s ...\n", path.c_str());
1045 set_sdcard_update_bootloader_message();
1046
1047 // We used to use fuse in a thread as opposed to a process. Since accessing
1048 // through fuse involves going from kernel to userspace to kernel, it leads
1049 // to deadlock when a page fault occurs. (Bug: 26313124)
1050 pid_t child;
1051 if ((child = fork()) == 0) {
1052 bool status = start_sdcard_fuse(path.c_str());
1053
1054 _exit(status ? EXIT_SUCCESS : EXIT_FAILURE);
1055 }
1056
1057 // FUSE_SIDELOAD_HOST_PATHNAME will start to exist once the fuse in child
1058 // process is ready.
1059 int result = INSTALL_ERROR;
1060 int status;
1061 bool waited = false;
1062 for (int i = 0; i < SDCARD_INSTALL_TIMEOUT; ++i) {
1063 if (waitpid(child, &status, WNOHANG) == -1) {
1064 result = INSTALL_ERROR;
1065 waited = true;
1066 break;
1067 }
1068
1069 struct stat sb;
1070 if (stat(FUSE_SIDELOAD_HOST_PATHNAME, &sb) == -1) {
1071 if (errno == ENOENT && i < SDCARD_INSTALL_TIMEOUT-1) {
1072 sleep(1);
1073 continue;
1074 } else {
1075 LOG(ERROR) << "Timed out waiting for the fuse-provided package.";
1076 result = INSTALL_ERROR;
1077 kill(child, SIGKILL);
1078 break;
1079 }
1080 }
1081
1082 result = install_package(FUSE_SIDELOAD_HOST_PATHNAME, wipe_cache,
1083 TEMPORARY_INSTALL_FILE, false, 0/*retry_count*/);
1084 break;
1085 }
1086
1087 if (!waited) {
1088 // Calling stat() on this magic filename signals the fuse
1089 // filesystem to shut down.
1090 struct stat sb;
1091 stat(FUSE_SIDELOAD_HOST_EXIT_PATHNAME, &sb);
1092
1093 waitpid(child, &status, 0);
1094 }
1095
1096 if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
1097 LOG(ERROR) << "Error exit from the fuse process: " << WEXITSTATUS(status);
1098 }
1099
1100 ensure_path_unmounted(SDCARD_ROOT);
1101 return result;
1102 }
1103
1104 // Returns REBOOT, SHUTDOWN, or REBOOT_BOOTLOADER. Returning NO_ACTION means to take the default,
1105 // which is to reboot or shutdown depending on if the --shutdown_after flag was passed to recovery.
prompt_and_wait(Device * device,int status)1106 static Device::BuiltinAction prompt_and_wait(Device* device, int status) {
1107 for (;;) {
1108 finish_recovery();
1109 switch (status) {
1110 case INSTALL_SUCCESS:
1111 case INSTALL_NONE:
1112 ui->SetBackground(RecoveryUI::NO_COMMAND);
1113 break;
1114
1115 case INSTALL_ERROR:
1116 case INSTALL_CORRUPT:
1117 ui->SetBackground(RecoveryUI::ERROR);
1118 break;
1119 }
1120 ui->SetProgressType(RecoveryUI::EMPTY);
1121
1122 int chosen_item = get_menu_selection(nullptr, device->GetMenuItems(), false, 0, device);
1123
1124 // Device-specific code may take some action here. It may return one of the core actions
1125 // handled in the switch statement below.
1126 Device::BuiltinAction chosen_action =
1127 (chosen_item == -1) ? Device::REBOOT : device->InvokeMenuItem(chosen_item);
1128
1129 bool should_wipe_cache = false;
1130 switch (chosen_action) {
1131 case Device::NO_ACTION:
1132 break;
1133
1134 case Device::REBOOT:
1135 case Device::SHUTDOWN:
1136 case Device::REBOOT_BOOTLOADER:
1137 return chosen_action;
1138
1139 case Device::WIPE_DATA:
1140 if (ui->IsTextVisible()) {
1141 if (ask_to_wipe_data(device)) {
1142 wipe_data(device);
1143 }
1144 } else {
1145 wipe_data(device);
1146 return Device::NO_ACTION;
1147 }
1148 break;
1149
1150 case Device::WIPE_CACHE:
1151 wipe_cache(ui->IsTextVisible(), device);
1152 if (!ui->IsTextVisible()) return Device::NO_ACTION;
1153 break;
1154
1155 case Device::APPLY_ADB_SIDELOAD:
1156 case Device::APPLY_SDCARD:
1157 {
1158 bool adb = (chosen_action == Device::APPLY_ADB_SIDELOAD);
1159 if (adb) {
1160 status = apply_from_adb(ui, &should_wipe_cache, TEMPORARY_INSTALL_FILE);
1161 } else {
1162 status = apply_from_sdcard(device, &should_wipe_cache);
1163 }
1164
1165 if (status == INSTALL_SUCCESS && should_wipe_cache) {
1166 if (!wipe_cache(false, device)) {
1167 status = INSTALL_ERROR;
1168 }
1169 }
1170
1171 if (status != INSTALL_SUCCESS) {
1172 ui->SetBackground(RecoveryUI::ERROR);
1173 ui->Print("Installation aborted.\n");
1174 copy_logs();
1175 } else if (!ui->IsTextVisible()) {
1176 return Device::NO_ACTION; // reboot if logs aren't visible
1177 } else {
1178 ui->Print("\nInstall from %s complete.\n", adb ? "ADB" : "SD card");
1179 }
1180 }
1181 break;
1182
1183 case Device::VIEW_RECOVERY_LOGS:
1184 choose_recovery_file(device);
1185 break;
1186
1187 case Device::RUN_GRAPHICS_TEST:
1188 run_graphics_test();
1189 break;
1190
1191 case Device::MOUNT_SYSTEM:
1192 // For a system image built with the root directory (i.e. system_root_image == "true"), we
1193 // mount it to /system_root, and symlink /system to /system_root/system to make adb shell
1194 // work (the symlink is created through the build system). (Bug: 22855115)
1195 if (android::base::GetBoolProperty("ro.build.system_root_image", false)) {
1196 if (ensure_path_mounted_at("/", "/system_root") != -1) {
1197 ui->Print("Mounted /system.\n");
1198 }
1199 } else {
1200 if (ensure_path_mounted("/system") != -1) {
1201 ui->Print("Mounted /system.\n");
1202 }
1203 }
1204 break;
1205 }
1206 }
1207 }
1208
1209 static void
print_property(const char * key,const char * name,void * cookie)1210 print_property(const char *key, const char *name, void *cookie) {
1211 printf("%s=%s\n", key, name);
1212 }
1213
load_locale_from_cache()1214 static std::string load_locale_from_cache() {
1215 if (ensure_path_mounted(LOCALE_FILE) != 0) {
1216 LOG(ERROR) << "Can't mount " << LOCALE_FILE;
1217 return "";
1218 }
1219
1220 std::string content;
1221 if (!android::base::ReadFileToString(LOCALE_FILE, &content)) {
1222 PLOG(ERROR) << "Can't read " << LOCALE_FILE;
1223 return "";
1224 }
1225
1226 return android::base::Trim(content);
1227 }
1228
ui_print(const char * format,...)1229 void ui_print(const char* format, ...) {
1230 std::string buffer;
1231 va_list ap;
1232 va_start(ap, format);
1233 android::base::StringAppendV(&buffer, format, ap);
1234 va_end(ap);
1235
1236 if (ui != nullptr) {
1237 ui->Print("%s", buffer.c_str());
1238 } else {
1239 fputs(buffer.c_str(), stdout);
1240 }
1241 }
1242
1243 static constexpr char log_characters[] = "VDIWEF";
1244
UiLogger(android::base::LogId id,android::base::LogSeverity severity,const char * tag,const char * file,unsigned int line,const char * message)1245 void UiLogger(android::base::LogId id, android::base::LogSeverity severity,
1246 const char* tag, const char* file, unsigned int line,
1247 const char* message) {
1248 if (severity >= android::base::ERROR && ui != nullptr) {
1249 ui->Print("E:%s\n", message);
1250 } else {
1251 fprintf(stdout, "%c:%s\n", log_characters[severity], message);
1252 }
1253 }
1254
is_battery_ok()1255 static bool is_battery_ok() {
1256 struct healthd_config healthd_config = {
1257 .batteryStatusPath = android::String8(android::String8::kEmptyString),
1258 .batteryHealthPath = android::String8(android::String8::kEmptyString),
1259 .batteryPresentPath = android::String8(android::String8::kEmptyString),
1260 .batteryCapacityPath = android::String8(android::String8::kEmptyString),
1261 .batteryVoltagePath = android::String8(android::String8::kEmptyString),
1262 .batteryTemperaturePath = android::String8(android::String8::kEmptyString),
1263 .batteryTechnologyPath = android::String8(android::String8::kEmptyString),
1264 .batteryCurrentNowPath = android::String8(android::String8::kEmptyString),
1265 .batteryCurrentAvgPath = android::String8(android::String8::kEmptyString),
1266 .batteryChargeCounterPath = android::String8(android::String8::kEmptyString),
1267 .batteryFullChargePath = android::String8(android::String8::kEmptyString),
1268 .batteryCycleCountPath = android::String8(android::String8::kEmptyString),
1269 .energyCounter = NULL,
1270 .boot_min_cap = 0,
1271 .screen_on = NULL
1272 };
1273 healthd_board_init(&healthd_config);
1274
1275 android::BatteryMonitor monitor;
1276 monitor.init(&healthd_config);
1277
1278 int wait_second = 0;
1279 while (true) {
1280 int charge_status = monitor.getChargeStatus();
1281 // Treat unknown status as charged.
1282 bool charged = (charge_status != android::BATTERY_STATUS_DISCHARGING &&
1283 charge_status != android::BATTERY_STATUS_NOT_CHARGING);
1284 android::BatteryProperty capacity;
1285 android::status_t status = monitor.getProperty(android::BATTERY_PROP_CAPACITY, &capacity);
1286 ui_print("charge_status %d, charged %d, status %d, capacity %lld\n", charge_status,
1287 charged, status, capacity.valueInt64);
1288 // At startup, the battery drivers in devices like N5X/N6P take some time to load
1289 // the battery profile. Before the load finishes, it reports value 50 as a fake
1290 // capacity. BATTERY_READ_TIMEOUT_IN_SEC is set that the battery drivers are expected
1291 // to finish loading the battery profile earlier than 10 seconds after kernel startup.
1292 if (status == 0 && capacity.valueInt64 == 50) {
1293 if (wait_second < BATTERY_READ_TIMEOUT_IN_SEC) {
1294 sleep(1);
1295 wait_second++;
1296 continue;
1297 }
1298 }
1299 // If we can't read battery percentage, it may be a device without battery. In this
1300 // situation, use 100 as a fake battery percentage.
1301 if (status != 0) {
1302 capacity.valueInt64 = 100;
1303 }
1304 return (charged && capacity.valueInt64 >= BATTERY_WITH_CHARGER_OK_PERCENTAGE) ||
1305 (!charged && capacity.valueInt64 >= BATTERY_OK_PERCENTAGE);
1306 }
1307 }
1308
set_retry_bootloader_message(int retry_count,const std::vector<std::string> & args)1309 static void set_retry_bootloader_message(int retry_count, const std::vector<std::string>& args) {
1310 std::vector<std::string> options;
1311 for (const auto& arg : args) {
1312 if (!android::base::StartsWith(arg, "--retry_count")) {
1313 options.push_back(arg);
1314 }
1315 }
1316
1317 // Increment the retry counter by 1.
1318 options.push_back(android::base::StringPrintf("--retry_count=%d", retry_count + 1));
1319 std::string err;
1320 if (!update_bootloader_message(options, &err)) {
1321 LOG(ERROR) << err;
1322 }
1323 }
1324
bootreason_in_blacklist()1325 static bool bootreason_in_blacklist() {
1326 std::string bootreason = android::base::GetProperty("ro.boot.bootreason", "");
1327 if (!bootreason.empty()) {
1328 for (const auto& str : bootreason_blacklist) {
1329 if (strcasecmp(str.c_str(), bootreason.c_str()) == 0) {
1330 return true;
1331 }
1332 }
1333 }
1334 return false;
1335 }
1336
log_failure_code(ErrorCode code,const char * update_package)1337 static void log_failure_code(ErrorCode code, const char *update_package) {
1338 std::vector<std::string> log_buffer = {
1339 update_package,
1340 "0", // install result
1341 "error: " + std::to_string(code),
1342 };
1343 std::string log_content = android::base::Join(log_buffer, "\n");
1344 if (!android::base::WriteStringToFile(log_content, TEMPORARY_INSTALL_FILE)) {
1345 PLOG(ERROR) << "failed to write " << TEMPORARY_INSTALL_FILE;
1346 }
1347
1348 // Also write the info into last_log.
1349 LOG(INFO) << log_content;
1350 }
1351
main(int argc,char ** argv)1352 int main(int argc, char **argv) {
1353 // We don't have logcat yet under recovery; so we'll print error on screen and
1354 // log to stdout (which is redirected to recovery.log) as we used to do.
1355 android::base::InitLogging(argv, &UiLogger);
1356
1357 // Take last pmsg contents and rewrite it to the current pmsg session.
1358 static const char filter[] = "recovery/";
1359 // Do we need to rotate?
1360 bool doRotate = false;
1361
1362 __android_log_pmsg_file_read(
1363 LOG_ID_SYSTEM, ANDROID_LOG_INFO, filter,
1364 logbasename, &doRotate);
1365 // Take action to refresh pmsg contents
1366 __android_log_pmsg_file_read(
1367 LOG_ID_SYSTEM, ANDROID_LOG_INFO, filter,
1368 logrotate, &doRotate);
1369
1370 // If this binary is started with the single argument "--adbd",
1371 // instead of being the normal recovery binary, it turns into kind
1372 // of a stripped-down version of adbd that only supports the
1373 // 'sideload' command. Note this must be a real argument, not
1374 // anything in the command file or bootloader control block; the
1375 // only way recovery should be run with this argument is when it
1376 // starts a copy of itself from the apply_from_adb() function.
1377 if (argc == 2 && strcmp(argv[1], "--adbd") == 0) {
1378 minadbd_main();
1379 return 0;
1380 }
1381
1382 time_t start = time(NULL);
1383
1384 // redirect_stdio should be called only in non-sideload mode. Otherwise
1385 // we may have two logger instances with different timestamps.
1386 redirect_stdio(TEMPORARY_LOG_FILE);
1387
1388 printf("Starting recovery (pid %d) on %s", getpid(), ctime(&start));
1389
1390 load_volume_table();
1391 has_cache = volume_for_path(CACHE_ROOT) != nullptr;
1392
1393 std::vector<std::string> args = get_args(argc, argv);
1394 std::vector<char*> args_to_parse(args.size());
1395 std::transform(args.cbegin(), args.cend(), args_to_parse.begin(),
1396 [](const std::string& arg) { return const_cast<char*>(arg.c_str()); });
1397
1398 const char *update_package = NULL;
1399 bool should_wipe_data = false;
1400 bool should_prompt_and_wipe_data = false;
1401 bool should_wipe_cache = false;
1402 bool should_wipe_ab = false;
1403 size_t wipe_package_size = 0;
1404 bool show_text = false;
1405 bool sideload = false;
1406 bool sideload_auto_reboot = false;
1407 bool just_exit = false;
1408 bool shutdown_after = false;
1409 int retry_count = 0;
1410 bool security_update = false;
1411
1412 int arg;
1413 int option_index;
1414 while ((arg = getopt_long(args_to_parse.size(), args_to_parse.data(), "", OPTIONS,
1415 &option_index)) != -1) {
1416 switch (arg) {
1417 case 'n': android::base::ParseInt(optarg, &retry_count, 0); break;
1418 case 'u': update_package = optarg; break;
1419 case 'w': should_wipe_data = true; break;
1420 case 'c': should_wipe_cache = true; break;
1421 case 't': show_text = true; break;
1422 case 's': sideload = true; break;
1423 case 'a': sideload = true; sideload_auto_reboot = true; break;
1424 case 'x': just_exit = true; break;
1425 case 'l': locale = optarg; break;
1426 case 'p': shutdown_after = true; break;
1427 case 'r': reason = optarg; break;
1428 case 'e': security_update = true; break;
1429 case 0: {
1430 std::string option = OPTIONS[option_index].name;
1431 if (option == "wipe_ab") {
1432 should_wipe_ab = true;
1433 } else if (option == "wipe_package_size") {
1434 android::base::ParseUint(optarg, &wipe_package_size);
1435 } else if (option == "prompt_and_wipe_data") {
1436 should_prompt_and_wipe_data = true;
1437 }
1438 break;
1439 }
1440 case '?':
1441 LOG(ERROR) << "Invalid command argument";
1442 continue;
1443 }
1444 }
1445
1446 if (locale.empty()) {
1447 if (has_cache) {
1448 locale = load_locale_from_cache();
1449 }
1450
1451 if (locale.empty()) {
1452 locale = DEFAULT_LOCALE;
1453 }
1454 }
1455
1456 printf("locale is [%s]\n", locale.c_str());
1457 printf("stage is [%s]\n", stage.c_str());
1458 printf("reason is [%s]\n", reason);
1459
1460 Device* device = make_device();
1461 if (android::base::GetBoolProperty("ro.boot.quiescent", false)) {
1462 printf("Quiescent recovery mode.\n");
1463 ui = new StubRecoveryUI();
1464 } else {
1465 ui = device->GetUI();
1466
1467 if (!ui->Init(locale)) {
1468 printf("Failed to initialize UI, use stub UI instead.\n");
1469 ui = new StubRecoveryUI();
1470 }
1471 }
1472
1473 // Set background string to "installing security update" for security update,
1474 // otherwise set it to "installing system update".
1475 ui->SetSystemUpdateText(security_update);
1476
1477 int st_cur, st_max;
1478 if (!stage.empty() && sscanf(stage.c_str(), "%d/%d", &st_cur, &st_max) == 2) {
1479 ui->SetStage(st_cur, st_max);
1480 }
1481
1482 ui->SetBackground(RecoveryUI::NONE);
1483 if (show_text) ui->ShowText(true);
1484
1485 sehandle = selinux_android_file_context_handle();
1486 selinux_android_set_sehandle(sehandle);
1487 if (!sehandle) {
1488 ui->Print("Warning: No file_contexts\n");
1489 }
1490
1491 device->StartRecovery();
1492
1493 printf("Command:");
1494 for (const auto& arg : args) {
1495 printf(" \"%s\"", arg.c_str());
1496 }
1497 printf("\n\n");
1498
1499 property_list(print_property, NULL);
1500 printf("\n");
1501
1502 ui->Print("Supported API: %d\n", RECOVERY_API_VERSION);
1503
1504 int status = INSTALL_SUCCESS;
1505
1506 if (update_package != NULL) {
1507 // It's not entirely true that we will modify the flash. But we want
1508 // to log the update attempt since update_package is non-NULL.
1509 modified_flash = true;
1510
1511 if (!is_battery_ok()) {
1512 ui->Print("battery capacity is not enough for installing package, needed is %d%%\n",
1513 BATTERY_OK_PERCENTAGE);
1514 // Log the error code to last_install when installation skips due to
1515 // low battery.
1516 log_failure_code(kLowBattery, update_package);
1517 status = INSTALL_SKIPPED;
1518 } else if (bootreason_in_blacklist()) {
1519 // Skip update-on-reboot when bootreason is kernel_panic or similar
1520 ui->Print("bootreason is in the blacklist; skip OTA installation\n");
1521 log_failure_code(kBootreasonInBlacklist, update_package);
1522 status = INSTALL_SKIPPED;
1523 } else {
1524 status = install_package(update_package, &should_wipe_cache,
1525 TEMPORARY_INSTALL_FILE, true, retry_count);
1526 if (status == INSTALL_SUCCESS && should_wipe_cache) {
1527 wipe_cache(false, device);
1528 }
1529 if (status != INSTALL_SUCCESS) {
1530 ui->Print("Installation aborted.\n");
1531 // When I/O error happens, reboot and retry installation EIO_RETRY_COUNT
1532 // times before we abandon this OTA update.
1533 if (status == INSTALL_RETRY && retry_count < EIO_RETRY_COUNT) {
1534 copy_logs();
1535 set_retry_bootloader_message(retry_count, args);
1536 // Print retry count on screen.
1537 ui->Print("Retry attempt %d\n", retry_count);
1538
1539 // Reboot and retry the update
1540 if (!reboot("reboot,recovery")) {
1541 ui->Print("Reboot failed\n");
1542 } else {
1543 while (true) {
1544 pause();
1545 }
1546 }
1547 }
1548 // If this is an eng or userdebug build, then automatically
1549 // turn the text display on if the script fails so the error
1550 // message is visible.
1551 if (is_ro_debuggable()) {
1552 ui->ShowText(true);
1553 }
1554 }
1555 }
1556 } else if (should_wipe_data) {
1557 if (!wipe_data(device)) {
1558 status = INSTALL_ERROR;
1559 }
1560 } else if (should_prompt_and_wipe_data) {
1561 ui->ShowText(true);
1562 ui->SetBackground(RecoveryUI::ERROR);
1563 if (!prompt_and_wipe_data(device)) {
1564 status = INSTALL_ERROR;
1565 }
1566 ui->ShowText(false);
1567 } else if (should_wipe_cache) {
1568 if (!wipe_cache(false, device)) {
1569 status = INSTALL_ERROR;
1570 }
1571 } else if (should_wipe_ab) {
1572 if (!wipe_ab_device(wipe_package_size)) {
1573 status = INSTALL_ERROR;
1574 }
1575 } else if (sideload) {
1576 // 'adb reboot sideload' acts the same as user presses key combinations
1577 // to enter the sideload mode. When 'sideload-auto-reboot' is used, text
1578 // display will NOT be turned on by default. And it will reboot after
1579 // sideload finishes even if there are errors. Unless one turns on the
1580 // text display during the installation. This is to enable automated
1581 // testing.
1582 if (!sideload_auto_reboot) {
1583 ui->ShowText(true);
1584 }
1585 status = apply_from_adb(ui, &should_wipe_cache, TEMPORARY_INSTALL_FILE);
1586 if (status == INSTALL_SUCCESS && should_wipe_cache) {
1587 if (!wipe_cache(false, device)) {
1588 status = INSTALL_ERROR;
1589 }
1590 }
1591 ui->Print("\nInstall from ADB complete (status: %d).\n", status);
1592 if (sideload_auto_reboot) {
1593 ui->Print("Rebooting automatically.\n");
1594 }
1595 } else if (!just_exit) {
1596 status = INSTALL_NONE; // No command specified
1597 ui->SetBackground(RecoveryUI::NO_COMMAND);
1598
1599 // http://b/17489952
1600 // If this is an eng or userdebug build, automatically turn on the
1601 // text display if no command is specified.
1602 if (is_ro_debuggable()) {
1603 ui->ShowText(true);
1604 }
1605 }
1606
1607 if (!sideload_auto_reboot && (status == INSTALL_ERROR || status == INSTALL_CORRUPT)) {
1608 copy_logs();
1609 ui->SetBackground(RecoveryUI::ERROR);
1610 }
1611
1612 Device::BuiltinAction after = shutdown_after ? Device::SHUTDOWN : Device::REBOOT;
1613 if ((status != INSTALL_SUCCESS && status != INSTALL_SKIPPED && !sideload_auto_reboot) ||
1614 ui->IsTextVisible()) {
1615 Device::BuiltinAction temp = prompt_and_wait(device, status);
1616 if (temp != Device::NO_ACTION) {
1617 after = temp;
1618 }
1619 }
1620
1621 // Save logs and clean up before rebooting or shutting down.
1622 finish_recovery();
1623
1624 switch (after) {
1625 case Device::SHUTDOWN:
1626 ui->Print("Shutting down...\n");
1627 android::base::SetProperty(ANDROID_RB_PROPERTY, "shutdown,");
1628 break;
1629
1630 case Device::REBOOT_BOOTLOADER:
1631 ui->Print("Rebooting to bootloader...\n");
1632 android::base::SetProperty(ANDROID_RB_PROPERTY, "reboot,bootloader");
1633 break;
1634
1635 default:
1636 ui->Print("Rebooting...\n");
1637 reboot("reboot,");
1638 break;
1639 }
1640 while (true) {
1641 pause();
1642 }
1643 // Should be unreachable.
1644 return EXIT_SUCCESS;
1645 }
1646