Bug: 26962907
Change-Id: I5f80636af1740badeff7d08193f08e23f4e4fee1

Bug: 26696173

Change-Id: I3a612f045aaa9e93e61ae45b05300d02b19bb3ad

Move to using std::vector and std::unique_ptr to manage key
certificates to stop memory leaks.

Bug: 26908001
Change-Id: Ia5f799bc8dcc036a0ffae5eaa8d9f6e09abd031c

Writing map file directly can break consistency in map file if
it fails in the middle. Instead, we write a temporary file and
rename the temporary file to map file.

Bug: 26883096
Change-Id: I5e99e942e1b75e758af5f7a48f8a08a0b0041d6a

Disable libimgpatch for non-Linux host.

Change-Id: Ib3615204b76564c691ddafaa29e59fef334d9d36

update_engine need it for the new IMGDIFF operation.

Also removed __unused in ApplyImagePatch() as I got error building it
for the host, and I think it's dangerous not checking the size of the
input.

Test: mma
Bug: 26628339

Change-Id: I22d4cd55c2c3f87697d6afdf10e8106fef7d1a9c

Bug: 24717917
Change-Id: I134cf00ae7efbc3703f976459a1b9f9a197e495d

Also some trivial clean-ups in bootloader control block (BCB) code.

Change-Id: I42828954caa4d08998310de40fd0391f76d99cbe

For applying update from SD card, we used to use a thread to serve the
file with fuse. Since accessing through fuse involves going from kernel
to userspace to kernel, it may run into deadlock (e.g. for mmap_sem)
when a page fault occurs. Switch to using a process instead.

Bug: 23783099
Bug: 26313124
Change-Id: Iac0f55b1bdb078cadb520cfe1133e70fbb26eadd

The `std::string package` variable goes out of scope but the input_path
variable is then used to access the memory as it's set to `c_str()`.

This was detected via OpenBSD malloc's junk filling feature.

Change-Id: Ic4b939347881b6ebebf71884e7e2272ce99510e2

Now to generate .cpp you need to use .ll/.yy.

Bug: 26492989
Change-Id: Ib078e03b3b0758f7a62595c343e52ae856bcb33f

Add and register a function to check if the device has been remounted
since last update during incremental OTA. This function reads block 0
and executes before partition recovery for version >= 4.

Bug: 21124327
Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
(cherry picked from commit 30bf4765)

dragon kernel is compressed via lz4 for boot speed and bootloader
support reasons and recent prebuilts happen to include the gzip header
sequence which is causing imgdiff to fail.

Detect a spurious gzip header and treat the section as a normal section.

Bug: 26133184
Change-Id: I369d7d576fd7d2c579c0780fc5c669a5b6ea0d3d
(cherry picked from commit 0f2f6a746af517afca9e5e089a4a17be0a9766d6)
Signed-off-by: David Riley <davidriley@google.com>

We allow vendor-specific icon installing image but have defined private
animation_fps that can't be overridden. This CL changes the image
generator to optionally embed FPS (otherwise use the default value of
20) into the generated image.

For wear devices, they are using individual images instead of the
interlaced one. Change the animation_fps from private to protected so
that it can be customized.

Bug: 26009230
Change-Id: I9fbf64ec717029d4c54f72316f6cb079e8dbfb5e

We are already using O_SYNC and fsync() for the recursive case
(package_extract_dir()). Make it consistent for the single-file case.

Bug: 20625549
Change-Id: I487736fe5a0647dd4a2428845e76bf642e0f0dff

Output messages in log when recovery is attempted or succeeded during
incremental OTA update.

Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda
(cherry picked from commit b686ba21)

[1] added a new API isSlotMarkedSuccessful() to actually query if a
given slot has been marked as successful.

[1]: commit 72c88c915d957bf2eba73950e7f0407b220d1ef4

Change-Id: I9155c9b9233882a295a9a6e607a844d9125e4c56

We have the following warnings when compiling uncrypt on LP64 (e.g.
aosp_angler-userdebug).

bootable/recovery/uncrypt/uncrypt.cpp:77:53: warning: format specifies type 'long long' but the argument has type 'off64_t' (aka 'long') [-Wformat]
        ALOGE("error seeking to offset %lld: %s\n", offset, strerror(errno));
                                       ~~~~         ^~~~~~
                                       %ld
bootable/recovery/uncrypt/uncrypt.cpp:84:54: warning: format specifies type 'long long' but the argument has type 'unsigned long' [-Wformat]
            ALOGE("error writing offset %lld: %s\n", (offset + written), strerror(errno));
                                        ~~~~         ^~~~~~~~~~~~~~~~~~
                                        %lu
bootable/recovery/uncrypt/uncrypt.cpp:246:16: warning: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'off_t' (aka 'long') [-Wsign-compare]
    while (pos < sb.st_size) {
           ~~~ ^ ~~~~~~~~~~

According to POSIX spec [1], we have:
  off_t and blksize_t shall be signed integer types;
  size_t shall be an unsigned integer type;
  blksize_t and size_t are no greater than the width of type long.

And on Android, we always have a 64-bit st_size from stat(2)
(//bionic/libc/include/sys/stat.h).

Fix the type and add necessary casts to suppress the warnings.

[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_types.h.html

Change-Id: I5d64d5b7919c541441176c364752de047f9ecb20

* changes:
  update_verifier: Log to logd instead of kernel log.
  Add update_verifier for A/B OTA update.

logd already gets started before we call update_verifier.

Bug: 26039641
Change-Id: If00669a77bf9a6e5534e33f4e50b42eabba2667a
(cherry picked from commit 45eac58e)

update_verifier checks the integrity of the updated system and vendor
partitions on the first boot post an A/B OTA update. It marks the
current slot as having booted successfully if it passes the verification.

This CL doesn't perform any actual verification work which will be
addressed in follow-up CLs.

Bug: 26039641
Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42
(cherry picked from commit 1171d3a1)

Change-Id: I36346fa199a3261da1ae1bc310b3557fe1716d96