| Age | Commit message (Collapse) | Author |
|---|
|
DSU installation service could call this method to get a suggested
scratch partition size, if the DSU guest system would need overlayFS
(remount) feature. This size is just a suggestion, and is not guaranteed
to work. The caller (framework) should still check if the DSU scratch
partition is allocated successfully. The scratch partition allocation
could fail if the suggested size is larger than available free space.
Bug: 165925766
Test: TH
Change-Id: Ie6202d15a76a21f59219a80dc3a20e9405ed7f66
|
|
closePartition() closes an ongoing partition installation and does error
checking.
closePartition() returns a non-zero error code if the installation ends
with an error.
Bug: 165471299
Test: Observe the logcat of a failed DSU installation
Change-Id: I2ca7868834fa1f59bd534a7fef5eb7b3201d6789
|
|
Replace the original on demand start mechanism with the new dynamic
AIDL service infrastructure to resolve a possible race condition.
Bug: 149130673
Test: gsi_tool status
Change-Id: I141475b56191eb82efe222bf7522350fc66a7dac
|
|
Bug: 149790245
Bug: 149716497
Test: adb shell am start-activity \
-n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
-a android.os.image.action.START_INSTALL \
-d file:///storage/emulated/0/Download/system.raw.gz \
--el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \
--el KEY_USERDATA_SIZE 8589934592
Change-Id: I472566bd84591422ef67c9838b9c94a0a6f1e8aa
|
|
Retrieves AVB public key from an image's VBMeta block.
Bug: 146418878
Test: adb shell am start-activity \
-n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
-a android.os.image.action.START_INSTALL \
--el KEY_USERDATA_SIZE 8589934592 \
-d file:///storage/emulated/0/Download/aosp_arm64-dsu_test.zip
Test: adb shell gsi_tool status \
// command should show sha1 of public key for each partition
Change-Id: Ic529275a2678e6c1ce341910e4dbbe9af66742a7
|
|
Bug: 144247097
Test: adb shell gsi_tool install --gsi-size $(du -b system.raw|cut -f1) < system.raw
Change-Id: I17f4292fc3038040cc5848ce00081e96c79ae769
|
|
* Remove GsiInstallParams.aidl
* GsiInstaller -> PartitionInstaller
* beginGsiInstall -> open, close, createPartition
* wipeUserdata -> zeroPartition
* GetInstallation returns current installation
* SaveInstallation save current installation
Test: gsi_tool install & reboot
adb shell am start-activity \
-n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
-a android.os.image.action.START_INSTALL \
-d file:///storage/emulated/0/Download/system.raw.gz \
--el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \
--el KEY_USERDATA_SIZE 8589934592
Change-Id: I2be8b12130bd0a5f768a496c3a0ca8a3b2682c45
|
|
|
|
The gsid may function abnormally when an installation get interrupted.
case 1.
$ gsi_tool install
... use ctrl+C to stop ...
$ gsi_tool wipe
Could not remove GSI install.
case 2
When it's interrupted. The installer destructor does not have the
the chance to run therefore it can be a resource leak because the
backing files, e.g. system_gsi and userdata_gsi are not released.
Neither can they be enabled because the IsGsiInstalled() == false.
This CL fixes cases above by making a integrity model based on
IsGsiInstalled() as an atomic switch, e.g.
if (IsGsiInstalled()) {
The installation must be complete and the enableGsi() must work.
} else {
All resources that have been allocated must be cleaned up.
a. Clean up methods and command must work.
b. runStartup method must do the clean up.
}
All corresponding changes are based on this model.
Bug: 140014207
Test: \
1. gsi_tool install & reboot
2. gsi_tool install & ctrl+C & gsi_tool status & gsi_tool wipe & gsi_tool status
3. gsi_tool install & ctrl+C & gsi_tool status & reboot & gsi_tool status
Change-Id: I0dcf043d65b50f0dd82eac1f428a295e94c81812
|
|
The binder call is exposed through "gsid dump-device-mapper". Since this
requires linking to libgsid, also take the opportunity to move gsid
dependencies to static linkage.
Bug: 140204341
Test: dumpstate
Change-Id: I8858fde00cd5159be7794b22791fe14914af9a1c
|
|
Replace
boolean commitGsiChunkFromMemory(in byte[] bytes);
with
boolean setAshmem(in ParcelFileDescriptor stream, long size);
boolean commitGsiChunkFromAshmem(long bytes);
to reduce copies between binder buffer and process memory.
Bug: 138976291
Test: adb shell am start-activity \
-n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
-a android.os.image.action.START_INSTALL \
-d file:///storage/emulated/0/Download/system.raw.gz \
--el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \
--el KEY_USERDATA_SIZE 8589934592
Change-Id: Ic9b14a3f531f61aa6544f9158b199f05cdec04ec
Merged-In: Ic9b14a3f531f61aa6544f9158b199f05cdec04ec
|
|
remove: startGsiInstall
framework does not use the old prototype any more.
remove: getGsiStatus
framework does not use it any more.
rename: setGsiBootable -> enableGsi
make it consistent with its reverse action: disableGsi
rename: removeGsiInstall -> removeGsi
rename: disableGsiInstall -> disableGsi
the word install now refers to the installation session.
rename for consistency.
Bug: 138544413
Test: gsi_tool install/enable/disable
adb shell am start-activity \
-n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
-a android.os.image.action.START_INSTALL \
-d file:///storage/emulated/0/Download/system.raw.gz \
--el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \
--el KEY_USERDATA_SIZE 8589934592
Change-Id: I974d781d1eca82cecd813ad7bf557c5aec6f8f45
Merged-In: I974d781d1eca82cecd813ad7bf557c5aec6f8f45
|
|
libsnapshot has to work both in normal boot and in recovery. Normally,
we want libfiemap to be used through gsid, via binder, to consolidate the
necessary SELinux permissions. However binder is not available in
recovery, so instead we introduce a compile-time abstraction layer.
Recovery should link to libfiemap; otherwise, libfiemap_binder
should be used instead. They both present the same API.
Bug: 134536978
Test: manual test
Change-Id: I60370af2175723141e61f0ee301cad40d2f331c1
|
|
Consumers of gsiservice must now use IGsid for its top-level interface.
IGsiService can be acquired through IGsid::getClient. When the last
reference to IGsiService is dropped, gsid will cleanly exit. Callers
should no longer stop gsid through init.
Bug: 133528572
Test: gsid cleanly exits after gsi_tool runs
Change-Id: Ie5cb80fa63e61b143f9f27cca96999a5c71dab2c
Merged-In: Ie5cb80fa63e61b143f9f27cca96999a5c71dab2c
|
|
Since ImageManager was mostly lifted from gsi_installer.cpp, it is
straightforward to remove this code and transition entirely to
the new libfiemap.
Bug: 134536978
Test: gsi_tool install, enable/disable, status, wipe
Change-Id: Ic5e19906cfce9018fd5f9029e1e4de3852dbc5a9
|
|
README.md contains a full explanation. GsiInstaller's logic will be
removed in a follow-up CL.
Bug: 134536978
Test: libgsi_image_test gtest
Change-Id: I76f273e06bd8633c6c16e3f3c76ade28e59efe6f
|
|
This reverts commit 437290104689da057b26d57d254a5ef3184aa132.
Reason for revert: re-landing
Change-Id: I45f064e4f3b0bfacba1a179e186123f9d4b7c141
|
|
This reverts commit b60553bfbed5ef2b1694a2ed12db4924c310eee2.
Reason for revert: broke build
Change-Id: I81e0ae15c2c6dd74ca251d04aa6a62cbd50927e0
|
|
The only consumer of this library is gsid. This CL moves it from fs_mgr.
The code is identical with one exception: the namespace and library have
been renamed to "libfiemap".
Bug: 134536978
Test: gsid, fiemap_writer_test build
Change-Id: I2eb3c5224a92c49b36bcc816306b40cc2c79a001
|
|
Bug: 134185850
Test: gsi_tool install
reboot; skip setup wizard
reboot
gsi_tool wipe-data
gsi_tool enable
reboot; expect setup wizard
Change-Id: I44b676f9e08a890b14f056c7ab095c42158d9eb4
|
|
GsiService is getting to be pretty unreadable, in part because it's a
lot of code, but also because it mixes a lot of state in with the rest
of GsiService. It's not always clear when it's okay for GsiService to
rely on state set by the install process.
To make this much more clear, this patch separates all the installer
code into a separate GsiInstaller class, which has its own header and
source files. GsiService will instantiate a GsiInstaller as needed and
destroy it to either cancel or complete an install. As an added bonus,
install cleanup can now be handled in the GsiInstaller destructor,
rather than on an ad-hoc basis in GsiService.
Bug: N/A
Test: gsi_tool install
gsi_tool disable
gsi_tool enable
gsi_tool wipe
gsi_tool cancel
Change-Id: I26b2a48487a1df903d1805de80b0c6f2a074f997
|
|
Bug: N/A
Test: gsid builds
Change-Id: Ica52e0c7cc7cba214df274df85bfaf7d533b446e
|
|
This fixes a few issues with installing and re-enabling GSIs:
- Installs were not cleaned up after successful completion, so gsi_tool
disable did not work until reboot.
- Factored out can_use_devicemapper_ initialization into a helper
method, so it can be called from ReenableGsi().
- Set up more install state within ReenableGsi(), so that it looks like
an install is in progress. This will allow calling helper methods.
Long term this state will be factored out into a separate class.
Bug: 124012129
Test: gsi_tool install works
gsi_tool disable after install works
gsi_tool enable works
Change-Id: I76bba70884b8173560e999a7cf6c12752e3f601f
|
|
Bug: 126230649
Test: gsi_tool install works on hikey960 to /mnt/media_rw/...
gsi_tool install works on hikey960 to /data/gsi
Change-Id: I92b3b5230eff8444a3bec00445a3df17b6fb6f93
|
|
In order to re-enable the Gsi from framework, we need a method to
query the current enable status.
Bug: 125079548
Test: use the status command
Change-Id: Ia6c0ae12e2e6613f112a241d2cf5733f8bf22984
|
|
The StartInstall may take more than one mintue. This CL adds an
aborting_ flag to notify the allocating procedure to exit once
the flag is set. It also adds a "cancel" command to gsi_tool for
testing purpose.
Test: open two adb consoles: one starts the installation and
another uses the cancel command to abort.
Bug: 125599267
Change-Id: I8f8fc460df526abda81ed6e0ac8f7176a28e9df3
|
|
This patch follows up on the previous change which removed hardcoding of
/data/gsi. Now, the install path can be specified by gsi_tool or
IGsiService::beginGsiInstall. The path is normalized and then validated.
Currently, only /data/gsi is allowed, however this will be changed in
the near future.
This patch also introduces a new GsiInstallParams parcelable and
startGsiInstall will be deprecated.
Bug: 126230649
Test: gsi_tool --install-dir=/data/gsi works
Change-Id: Ic654f7c7475c17855b65e5917ebcb9ee60e32b79
|
|
This patch removes hardcoding of /data/gsi. Instead, StartInstall is
given an installation directory, and this is saved in
/metadata/gsi/install_dir. When wiping or re-enabling a GSI, image paths
are recovered from install_dir.
This does not actually make the path configurable: it is a refactoring
to no longer rely on hardcoded image paths.
Included are some minor cleanups to ensure that cancelled installs
delete files properly.
Bug: 126230649
Test: gsi_tool install, enable, wipe
Change-Id: Ieb788e84d19127e8e3375909f3c522e16462d384
|
|
This patch switches GsiService entirely from FiemapWriter to
SplitFiemap. This had a few side effects:
First, the ImageMap that gets passed around is now a class member. This
simplifies a lot of code, and it means we can access SplitFiemaps
throughout the installation process. Note that FiemapWriter no longer
keeps an open descriptor, so we're not keeping a bunch of handles open
for no reason.
Second, writes will either flow to an fd (backed by device-mapper), or
to a SplitFiemap (potentially backed by many fds). To make this seamless
there is now a WriteHelper interface that has two methods: Write, and
Flush.
Finally, the way pinning is checked has changed. For individual writes,
it is now the responsibility of the WriteHelper. At the end, we verify
that each partition is still pinned via a helper in SplitFiemap.
Bug: 126230649
Test: gsi_tool install works
Change-Id: Ic243dd0c582567f924052106c4f414f5d53cd528
|
|
Previously, init would always write "disabled" back to
/metadata/gsi/install_status, to effectively restore the host image
after the GSI reboots. This is not always desirable, so this patch
introduces a new "one_shot_boot" file. If present, the GSI will only
boot once, otherwise, it can persist until manually disabled.
This also adds a new getGsiBootStatus() method to IGsiService, so the UI
can determine whether the GSI is in single-boot mode or not.
Bug: 126148526
Test: install GSI, reboot twice - back to normal image
gsi_tool enable --single-boot, reboot twice, back to normal image
gsi_tool enable, reboot twice, still in GSI
Change-Id: I49bffea09bc9871502ce7bf3c27518a435357ecd
|
|
If FiemapWriter needs to bump up the image file size due to alignment,
gsid must track the actual requested size separately for AVB to work.
Otherwise, libavb will be unable to find the vbmeta footer at the end of
the partition.
The actual size can be recovered from /metadata/gsi/lp_metadata, as long
as the extent list is truncated appropriately.
Bug: 126230649
Test: gsi install works
Change-Id: If5b580691d9399dfefceef89cc7e574d422f06e2
|
|
For unencrypted devices, or devices with FBE and no metadata encryption,
then userdata cannot be used with device-mapper since the mount has
exclusive access. This poses a problem since normally we need
device-mapper to bypass encryption.
Luckily in both of these cases, we can simply perform normal unencrypted
writes to /data/gsi instead.
Bug: 126249541
Test: GSI installation works on devices with no encryption or FBE
devices with no metadata encryption
Change-Id: I4ac21dbeec7a46fdd74a63601dc52f7119aeb3a9
|
|
Bug: 123716647
Test: manual test
Change-Id: Ia7987ed007e9de57e32df87cd63d999d76402ccc
|
|
Bug: N/A
Test: manual test
Change-Id: Ic19b24a32ca8a42a23bc37ac72da8128d5f0ff57
|
|
This patch makes the following changes to gsid:
- It now runs on startup and is no longer a one-shot service.
- /data/gsi is now created via init, with the appropriate permissions.
- gsi_tool no longer starts/stops gsid.
- /metadata/gsi is readable by the system group, so system_server can
read /metadata/gsi/booted.
Bug: 122556707
Test: manual test
Change-Id: I08c0c6e9a155a0dea113c8535e71bda5aeda0ff6
|
|
Currently the image creation/extent mapping process is hardcoded to two
partitions, system_gsi and userdata_gsi. Adding a third case stretches
the maintainability of this code, so this patch refactors things. Each
image/partition gets added to an ImageMap that can be handed off to
CreateMetadata.
Bug: 123777418
Test: builds
Change-Id: I5824674faddc4b2cf2f639f18cae974a870025fb
|
|
It is useful to distinguish errors like "not enough free space" from "random
syscall failed for unknown reason". To do this, let's introduce some
error codes to IGsiService::startGsiInstall and setGsiBootable.
Bug: 122556707
Test: manual test
Change-Id: I227720129cb0d44599ae7d6f797a071431e0b057
|
|
This patch introduces a getInstallProgress API call to IGsiService. It
is intended to be called while startGsiInstall or
commitGsiChunkFromStream are in progress, and will return details about
the current state. These details include the number of bytes left to
process and which step of the function is blocking.
Callers should invoke getInstallProgress on a separate thread. It is
safe to invoke when no operations are in progress. The caller must take
care to handle state transitions that are missed due to delays or sleep
calls. For example, call #1 may return step A at 50%, and call #2 may
return step B at 10%. It is the caller's responsibility to note that
the previous step successfully completed. gsi_tool contains sample code
for using this API.
Bug: 122556707
Test: manual test
Change-Id: I9af952368834bc3b5b5dadbbee6e91094d237cad
|
|
This change introduces two new commands to gsi_tool: enable and disable.
Disable is similar to "wipe", in that it allows reboot back into the
normal system image. However unlike "wipe" the GSI images will not be
deleted on startup.
The GSI install can then be re-enabled with the "enable" command.
Unfortunately, this currently has a high probability of hitting a bug in
F2FS where the file cannot be repinned. This can happen if the device
has been used or rebooted extensively in between disabling and
re-enabling the GSI.
In addition, the semantics of the "install" command have changed. It
will now attempt to re-use an existing userdata if one exists. To force
a clean userdata, the --wipe parameter can be specified.
To disable a GSI install:
gsi_tool disable
adb reboot
To re-enable a GSI install:
gsi_tool enable
adb reboot
To install a GSI and preserve userdata:
gsi_tool install --gsi-size=SIZE < image
To install a GSI and create a userdata if none exists:
gsi_tool install --gsi-size=SIZE --userdata-size=SIZE < image
To install a GSI and wipe userdata:
gsi_tool install --gsi-size=SIZE --userdata-size=SIZE --wipe < image
Bug: 122556707
Test: manual test
Change-Id: Ia55ca930b0b7f6b2b97a6390568555b4166e2605
|
|
Bug: 122556707
Test: manual test
Change-Id: I75457b95aef9d74bbf4121850f2f29fdc887386c
|
|
Bug: 122556707
Test: m platform-java
Change-Id: Ib0dcb332d049c2f240cd8ffd29a628ba04622191
Merged-In: Ib0dcb332d049c2f240cd8ffd29a628ba04622191
Signed-off-by: Sandeep Patil <sspatil@google.com>
|
|
Bug: 122556707
Test: manual test
Change-Id: I96d833f77740e6b791992336e590dd1a089895c9
|
