Skip to content
Snippets Groups Projects
Select Git revision
0 results
Search by author
  • Any Author
0 authors
  1. Jul 23, 2020
  3. Jul 09, 2020
  5. Jun 10, 2020
  7. Apr 23, 2020
  9. Apr 10, 2020
  11. Apr 01, 2020
  13. Mar 17, 2020
  15. Feb 22, 2020
  17. Jan 21, 2020
    • Tianjie Xu's avatar
      Force package installation with FUSE unless the package stores on device · ba27adbb
      Tianjie Xu authored 
      The non-A/B package installation is subject to TOC/TOU flaw if the
attacker can switch the package in the middle of installation. And the
most pratical case is to store the package on an external device, e.g. a
sdcard, and swap the device in the middle.

To prevent that, we can adopt the same protection as used in sideloading
a package with FUSE. Specifically, when we install the package with FUSE,
we read the entire package to cryptographically verify its signature.
The hash for each transfer block is recorded in the memory (TOC), and
the subsequent reads (TOU) will be rejected upon dectecting a mismatch.

This CL forces the package installation with FUSE when the package stays
on a removable media.

Bug: 136498130
Test: Run bin/recovery --update_package with various paths;
and packages are installed from FUSE as expected
Test: recovery_component_test - all passing

Merged-In: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
      ba27adbb
  19. Jan 17, 2020
  21. Jan 14, 2020
  23. Jan 12, 2020
  25. Jan 11, 2020
  27. Dec 25, 2019
  29. Dec 16, 2019
  31. Oct 25, 2019
  33. Oct 13, 2019
  35. Oct 11, 2019
  37. Aug 25, 2019
  39. Jul 26, 2019
  41. Jul 25, 2019
  43. Jul 18, 2019
  45. Jul 17, 2019
    • android-build-team Robot's avatar
      Merge cherrypicks of [8673593, 8673409, 8673796, 8673797, 8673798, 8673855,... · 5a6cde8b
      android-build-team Robot authored 
      Merge cherrypicks of [8673593, 8673409, 8673796, 8673797, 8673798, 8673855, 8673151, 8673594, 8673499, 8673799, 8673895, 8673896] into qt-release

Change-Id: I7e089c85c21dbbad3bb7a4b56dfe2edcf2c1c54d
      5a6cde8b
    • Tao Bao's avatar
      minadbd sends heartbeat to rescue service for getprop command. · 793e8943
      Tao Bao authored 
      We start minadbd and rescue services in two processes. In particular,
minadbd handles the requests from host, then communicates with rescue
service to do install/wipe works. When resuce service doesn't see any
request in a pre-defined timeout (currently 300s), rescue service will
exit to avoid endless waiting.

This CL changes minadbd to additionally send a no-op command to rescue
service as a heartbeat signal, so that host side can finish
time-consuming operations (e.g. downloading over network) while keeping
rescue service alive.

Bug: 136457446
Test: Enter resuce mode on blueline. Send `adb rescue getprop
      ro.build.fingerprint` and check that rescue service doesn't exit.
Test: Stop sending the getprop command. Check that rescue service exits
      after 300s.
Change-Id: Ib9d5ed710cfa94ecfe6cf393a71a0b67b2539531
Merged-In: Ib9d5ed710cfa94ecfe6cf393a71a0b67b2539531
(cherry picked from commit 2223e6a9f8bf24b023e8ae3103b50c37def3147e)
(cherry picked from commit 0bbb2ed5)
(cherry picked from commit dd0158ac)
      793e8943
    • Tao Bao's avatar
      [automerger skipped] minadbd sends heartbeat to rescue service for getprop command. · ac6652d3
      Tao Bao authored 
      am: dd0158ac -s ours
am skip reason: change_id Ib9d5ed710cfa94ecfe6cf393a71a0b67b2539531 with SHA1 0bbb2ed5 is in history

Change-Id: I02a82fc0d026e06eadbadd6af0af85228ce2e044
      ac6652d3
  47. Jul 16, 2019
    • Tao Bao's avatar
      minadbd sends heartbeat to rescue service for getprop command. · dd0158ac
      Tao Bao authored 
      We start minadbd and rescue services in two processes. In particular,
minadbd handles the requests from host, then communicates with rescue
service to do install/wipe works. When resuce service doesn't see any
request in a pre-defined timeout (currently 300s), rescue service will
exit to avoid endless waiting.

This CL changes minadbd to additionally send a no-op command to rescue
service as a heartbeat signal, so that host side can finish
time-consuming operations (e.g. downloading over network) while keeping
rescue service alive.

Bug: 136457446
Test: Enter resuce mode on blueline. Send `adb rescue getprop
      ro.build.fingerprint` and check that rescue service doesn't exit.
Test: Stop sending the getprop command. Check that rescue service exits
      after 300s.
Change-Id: Ib9d5ed710cfa94ecfe6cf393a71a0b67b2539531
Merged-In: Ib9d5ed710cfa94ecfe6cf393a71a0b67b2539531
(cherry picked from commit 2223e6a9f8bf24b023e8ae3103b50c37def3147e)
(cherry picked from commit 0bbb2ed5)
      dd0158ac
  49. Jul 13, 2019
  51. Jul 11, 2019
    • Tao Bao's avatar
      minadbd sends heartbeat to rescue service for getprop command. · 0bbb2ed5
      Tao Bao authored 
      We start minadbd and rescue services in two processes. In particular,
minadbd handles the requests from host, then communicates with rescue
service to do install/wipe works. When resuce service doesn't see any
request in a pre-defined timeout (currently 300s), rescue service will
exit to avoid endless waiting.

This CL changes minadbd to additionally send a no-op command to rescue
service as a heartbeat signal, so that host side can finish
time-consuming operations (e.g. downloading over network) while keeping
rescue service alive.

Bug: 136457446
Test: Enter resuce mode on blueline. Send `adb rescue getprop
      ro.build.fingerprint` and check that rescue service doesn't exit.
Test: Stop sending the getprop command. Check that rescue service exits
      after 300s.
Change-Id: Ib9d5ed710cfa94ecfe6cf393a71a0b67b2539531
Merged-In: Ib9d5ed710cfa94ecfe6cf393a71a0b67b2539531
(cherry picked from commit 2223e6a9f8bf24b023e8ae3103b50c37def3147e)
      0bbb2ed5
  53. Jun 25, 2019
  55. Jun 21, 2019
  57. Jun 20, 2019
  59. Jun 19, 2019
  61. Jun 18, 2019