Cross Reference: /frameworks/base/core/java/android/os/RecoverySystem.java

History log of /frameworks/base/core/java/android/os/RecoverySystem.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
f4577a5c5c647a240e748871dcfacb91378e9faa	11-Jan-2018	Qingxi Li <qingxi@google.com>	Remove all the implementation for keep eSIM profile during FDR When we show the option to users to allow them decide whether they want to keep eSIM profiles during FDR, we remove erasing eSIM profiles from CompleteBootService. So there is no need to call EuiccManager#retainSubscriptionsForFactoryReset again. And when we don't show this option to users, we will always erase eSIM profiles with isWipeEuicc equals to true. Bug: 67500470 Test: E2E Change-Id: Ide4ee5fbfd4b2aadc78071f8ecb8e0424a37db44 /frameworks/base/core/java/android/os/RecoverySystem.java
c6097dbb5673264962c07d1f6674b70f4c159cfa	09-Jan-2018	Qingxi Li <qingxi@google.com>	Change RecoverySystem#wipeEuiccData to public This function is used to wipe the eSIM profiles from eUICC card which should not only be called from FDR and also from the network reset. This CL changes it to hide public API. Bug: 62961867 Test: TBC Change-Id: I1d716763720e9a2c897b9e85f95bab562fe150e2 /frameworks/base/core/java/android/os/RecoverySystem.java
e05f37e0a6fcf4719f1f12078ffd5eea690f8877	20-Jul-2017	Jeff Davidson <jpd@google.com>	Revert disabling of eSIM wipes/retains. This is a revert of change I414a16cde11e76ccc390e7a63a6803f5b402fe78. As an additional safety latch, we bypass all logic (either wipe or retain) if the eSIM has never been provisioned. An unprovisioned eSIM cannot possibly have profiles - indeed, we don't show the "Wipe eSIM" checkbox in this case - so there's no reason to tell the LPA to retain them. Bug: 63693573 Test: TreeHugger + factory reset local test Change-Id: I1fea50db317388e81823bf1bd0977ffe787a05e0 /frameworks/base/core/java/android/os/RecoverySystem.java
7615d11dd4b0dca37376730bb0161967f1215c4c	14-Jul-2017	Jeff Davidson <jpd@google.com>	Temporarily disable eUICC factory reset handling. This seems to be causing users who elect not to wipe their eUICC on a factory reset to end up on the eSIM slot after the reset instead of the pSIM slot. Bug: 63693573 Test: TreeHugger + factory reset local test Change-Id: I414a16cde11e76ccc390e7a63a6803f5b402fe78 /frameworks/base/core/java/android/os/RecoverySystem.java
aee0ab9eb91d55bf6df0676f128420e7fc54ea09	12-Jul-2017	qingxi <qingxi@google.com>	Fix the error that the broadcast receiver cannot be registered Factory reset of eSIM failed due to the euiccWipeFinishReceiver cannot be registered by the context directly. This CL changes the context to application context to solve this problem. Bug: 63610700 Test: E2E Change-Id: I7e4c8b75b5b5b4203efd7302677ffa5cf00198b5 /frameworks/base/core/java/android/os/RecoverySystem.java
e060ffd2ca90d998550dcd9501cc7a567fbf6bb1	24-Jun-2017	qingxi <qingxi@google.com>	Move eSIM factory reset implementation to RecoverySystem This CL reverts the implementation of eSIM factory reset in MasterClearReceiver and uses RecoverySystem#rebootWipeUserData to erase eSIM data. Besides this, when the eSIM data isn't erased, we should call EuiccManager#retainSubscriptionsForFactoryReset to let the fastboot know that. Bug: 62957212 Test: TreeHugger Merged-In: I08ab9d53ec4fc73a65e8e7d0c39ac95b2d44d012 Change-Id: I08ab9d53ec4fc73a65e8e7d0c39ac95b2d44d012 /frameworks/base/core/java/android/os/RecoverySystem.java
f4f9cec234bf147f0067cef2791a26eaa2cde0a0	19-Jun-2017	yinxu <yinxu@google.com>	Add flag to wipe eUICC data Add a new flag in the DevicePolicyManager so that we can Use EuiccManager#eraseSubscriptions(PendingIntent) to erase all the carrier data from eUICC chip if the user choose to "ERASE" from the Android device manager. Bug: 37277944 Test: E2E Change-Id: Ia78090a00d956c645725be4fd591e02ded8ec467 /frameworks/base/core/java/android/os/RecoverySystem.java
7a2e4a848602ddb861f9f35cb93edbdca32a7db1	06-Jun-2017	Jeff Sharkey <jsharkey@google.com>	Merge "Annotate @SystemApi with required permissions." into oc-dev am: c1406978a4 Change-Id: I305967cad945a807c3f8234efabaad0ef8b591d1
d86b8fea43ebb6e5c31691b44d8ceb0d8d3c9072	03-Jun-2017	Jeff Sharkey <jsharkey@android.com>	Annotate @SystemApi with required permissions. Most @SystemApi methods should be protected with system (or higher) permissions, so annotate common methods with @RequiresPermission to make automatic verification easier. Verification is really only relevant when calling into system services (where permissions checking can happen on the other side of a Binder call), so annotate managers with the new @SystemService annotation, which is now automatically documented. This is purely a docs change; no logic changes are being made. Test: make -j32 update-api && make -j32 offline-sdk-docs Bug: 62263906 Change-Id: I2554227202d84465676aa4ab0dd336b5c45fc651 /frameworks/base/core/java/android/os/RecoverySystem.java
a376eed2636cacea63d4857ea250e2851520e0a5	25-May-2017	Dmitri Plotnikov <dplotnikov@google.com>	Merge "Triggering quiescent reboot during OTA" into oc-dev am: d9417c53e0 Change-Id: I0b2b42d95d739701a367bd5d25bebbd64d033ad0
690c6bd9a371bd9f1f6562728368ab3e2c2e8cb3	11-May-2017	Dmitri Plotnikov <dplotnikov@google.com>	Triggering quiescent reboot during OTA Bug: 34201965 Test: follow instructions in https://docs.google.com/document/d/1RjvUGRi_Ys5-BRoJz6_SnixuipFiF-GAs6CNc7w-Qj0/edit and use fake-ota Change-Id: I540f86cf11746faefc25bc74319512eba6d0d783 /frameworks/base/core/java/android/os/RecoverySystem.java
f2e1a43ac572fbede72418df013ec25ce7584b48	03-May-2017	Tianjie Xu <xunchang@google.com>	Merge "Add error/cause code reporting for Non A/B OTA failures" am: 2db2f6d265 am: c2a0d6776c am: 1b0da0cdfd Change-Id: I967edc50dff44d830e475b94678c0194a379dba1
223edeb272e84105e0ad5cc4d68286f60fc4bd38	02-May-2017	Tianjie Xu <xunchang@google.com>	Add error/cause code reporting for Non A/B OTA failures Read and report the error_code & cause_code from last_install. Bug: 36866437 Test: mma & observe the sysui event in logcat -b events Change-Id: I5357861fc758e14ed3235bfc8cc76d7561ccea58 /frameworks/base/core/java/android/os/RecoverySystem.java
87daeb15fdc49c51798e6f97310f8aeb38c19c44	19-Apr-2017	Tao Bao <tbao@google.com>	RecoverySystem: Enable the package compatibility verification. Hook up to android.os.VintfObject.verify(). Bug: 36592877 Test: Flash on marlin; verify with package that has and doesn't have compatibility.zip entry. Change-Id: I4e73fa42f4e3fd2e1c5ffec2ffa6152538d62eee /frameworks/base/core/java/android/os/RecoverySystem.java
e01b520dd490935694a50f9f0abd7dc0564d95c5	11-Apr-2017	Tao Bao <tbao@google.com>	RecoverySystem: Verify the package compatibility. This CL extends the existing API RecoverySystem.verifyPackage() to verify the compatibility entry in an OTA package. It returns true directly if such an entry doesn't exist. Otherwise it reads and passes the contents to VintfObject to perform the verification. This CL also adds a new system API RecoverySystem.verifyPackageCompatibility() to verify a given compatibility zip file. It extracts all the entries and passes them to VintfObject.verify() to verify the package compatibility. This API is for streaming A/B OTAs only, where we don't download the full package but only needed entries. Bug: 36592877 Bug: 36596980 Test: RecoverySystem.verifyPackage() returns the same result for packages w/o a compatibility entry. Change-Id: I038be672868a91820c045d1da100e8e33b23d442 /frameworks/base/core/java/android/os/RecoverySystem.java
ea997a038db054a100141f516bd45c3f23a2cf25	29-Mar-2017	Tianjie Xu <xunchang@google.com>	Merge "Report the temperature during an OTA update" am: 47c7e7f41a am: 022682a721 am: 998c554463 Change-Id: I12a0f4c5fb768bdaa3a4baa4fa5bd7964b80110e (cherry picked from commit d580a85b20a57984a3cb77685f5a10af8e2f2506) /frameworks/base/core/java/android/os/RecoverySystem.java
47c7e7f41a5d29d17a210c574d472ae5a0a8f6be	29-Mar-2017	Tianjie Xu <xunchang@google.com>	Merge "Report the temperature during an OTA update"
42cfd56d47000dd85661656479dbcbdad8ba47ba	29-Mar-2017	Tianjie Xu <xunchang@google.com>	Report the temperature during an OTA update Bug: 32518487 Test: mma Change-Id: I00494aff91b473ae54eff8d56910198f88083d40 /frameworks/base/core/java/android/os/RecoverySystem.java
b1b38b322cc2079131929c549f44ec91af518112	28-Mar-2017	Tianjie Xu <xunchang@google.com>	Merge "improve the format of locale argument when calling recovery" am: 032c7a0a18 am: 1cd3a93288 am: bc0865bc78 Change-Id: I65bc4945d0701ecc10fd41f827c4566dfea912f9 (cherry picked from commit ee45a1f3abd50a7451cfd7b6d7e48b778021bac5) /frameworks/base/core/java/android/os/RecoverySystem.java
38715228da99594ba30dc0c3f3901a648d64cdff	22-Mar-2017	Tianjie Xu <xunchang@google.com>	improve the format of locale argument when calling recovery Switch the locale argument from Locale.toString() to Locale.toLanguageTag(). The new format is more readable and less error prone. Bug: 35215015 Test: recovery processes sr-Latn correctly Change-Id: I47e1cf54434cb841652d4b259e0e829104fb19a2 /frameworks/base/core/java/android/os/RecoverySystem.java
2d6c945b03a4f7d7f1757669409b0e9d37f91946	25-Jan-2017	Christopher Tate <ctate@google.com>	Make sure MASTER_CLEAR_NOTIFICATION goes to manifest receivers It sometimes needs to launch OEM-supplied apps for processing, so make sure it continues to do so. Bug 34587823 Test: verified dispatch via logcat/dumpsys Change-Id: Ic80e06582116cdd629492ed01a9b05b0e1b3822e /frameworks/base/core/java/android/os/RecoverySystem.java
fe6f85cac9e823fd33a134f7129fdf7310703293	20-Jan-2017	Jeff Sharkey <jsharkey@android.com>	Introduce RescueParty. When a device gets stuck in a crash loop, it's pretty much unusable and impossible for users to recover from. To help rescue devices from this state, this change introduces a new feature that watches for runtime restart loops and persistent app crash loops, and escalates through a series of increasingly aggressive rescue operations. Currently these rescue levels walk through clearing any experiments in SettingsProvider before finally rebooting and prompting the user to wipe data. Crash loops are detected based on a number of events in a specific window of time. App stats can be stored in memory, but boot stats need to be stored in system properties to be more robust. Start up RecoveryService much earlier during the boot so we can reboot into recovery when needed. Add properties tha push system_server or SystemUI into a crash loops for testing purposes. Test: builds, boots, forced crashing walks through modes Bug: 24872457, 30951331 Change-Id: I6cdd37682973fe18de0f08521e88f70ee7d7728b /frameworks/base/core/java/android/os/RecoverySystem.java
cc76991f37268eed1ef2c978720b32f0c103dc70	17-Jan-2017	Tao Bao <tbao@google.com>	Revert "RecoverySystem: Fix the issue in installPackage()." This reverts commit 9f7a0acd2d383b825bcdcbef25d6b42f9875acfe. Bug: 34350643 Bug: 34396955 Test: installPackage() doesn't cause deadlock if it doesn't call processPackage() prior to that. Change-Id: I1da055c86a3326ae341da1b4d5dc79ab4be256fb /frameworks/base/core/java/android/os/RecoverySystem.java
9f7a0acd2d383b825bcdcbef25d6b42f9875acfe	13-Jan-2017	Tao Bao <tbao@google.com>	RecoverySystem: Fix the issue in installPackage(). Commit 794c8b0b3fe16051843c22232d58d6b184dde49b fixed the race condition when requesting data wipes via uncrypt. We have similar issue with RecoverySystem.installPackage(). It first requests to set up the BCB, then triggers a reboot. These two steps should finish atomically. This CL switches to calling RecoverySystemService.rebootRecoveryWithCommand(), which guards the two steps with synchronized blocks. Bug: 34239871 Test: Having two apps: one calls RecoverySystem.cancelScheduledUpdate() continuously, and the other calls RecoverySystem.installPackage() just once. The install request should not be cancelled by the other. Change-Id: I5ec56fcaa70eae7c33e3cc8e6cfc7472b935ce4e /frameworks/base/core/java/android/os/RecoverySystem.java
2a327506cfe660d911f022f6713c5a6b30cc5461	30-Sep-2016	Tao Bao <tbao@google.com>	Merge "Handle the race condition when calling uncrypt services." am: 42d25b5992 am: 86df8ecdf3 am: ade17dea88 Change-Id: I617b48ed7e57a0903bdc577b18b45f9added0e65
42d25b5992c6c5967ca7d82001bc0e415f2887a6	30-Sep-2016	Tao Bao <tbao@google.com>	Merge "Handle the race condition when calling uncrypt services."
794c8b0b3fe16051843c22232d58d6b184dde49b	27-Sep-2016	Tao Bao <tbao@google.com>	Handle the race condition when calling uncrypt services. We call uncrypt services to setup / clear bootloader control block (BCB) for scheduling tasks under recovery (applying OTAs, performing FDR). However, we cannot start multiple requests simultaneously. Because they all use the same socket (/dev/socket/uncrypt) for communication and init deletes the socket on service exits. This CL fixes the issue by a) adding synchronized blocks for the service requests; b) checking the availability of the socket before initiating a new one. Note that adding synchronized blocks to RecoverySystem doesn't help, because the calls could be made from different processes (e.g. priv-app, system_server). Bug: 31526152 Test: FDR works while a priv-app keeps calling clear BCB. Change-Id: I95308989e849a9c98a9503ac509f2bc51ed3de19 /frameworks/base/core/java/android/os/RecoverySystem.java
96ce9d16ed84d2f50cafbf74dfd30d88271aa60b	28-Sep-2016	Tianjie Xu <xunchang@google.com>	Merge "Log the error when uncrypt timeouts" am: c1973ecbd2 am: c68e6d6708 am: 3aeade44a9 Change-Id: I913474dbf87b30683267d8f6a458927b7d331c4c
036d08638e6a5f849847a32d794ad34d7dec1368	25-Sep-2016	Tianjie Xu <xunchang@google.com>	Log the error when uncrypt timeouts Log the error code to uncrypt_status if uncrypt gets killed because of timeout. Test: We log the error code correctly in uncrypt_status when uncrypt timeouts. Bug: 31603820 Change-Id: Ia623c333714295e68f4269257fbb4297a867e42b /frameworks/base/core/java/android/os/RecoverySystem.java
43921537535aceccf18cb908046b25ddc8b85e47	16-Sep-2016	Tianjie Xu <xunchang@google.com>	Merge "Collect status on uncrypt time cost" am: bc19e00d35 am: 79d27bdeac am: 1579ce8a1d Change-Id: I17fe7d518a0bc5876d91373b643dd95779be2c54
3477efce30b1d7f6f8bd07e31d9f1befadda2a34	09-Sep-2016	Tianjie Xu <xunchang@google.com>	Collect status on uncrypt time cost Read and report time cost of uncrypt (in seconds) from last_install. Bug: 31383361 Change-Id: I283970c33b2a0324f2f51cde328e3e527eff7c58 /frameworks/base/core/java/android/os/RecoverySystem.java
a92b4737c6fc1afa55076d8c2a5f52405bdbd2fa	15-Jun-2016	Tianjie Xu <xunchang@google.com>	Merge \\"Fix a naming typo for source_build\\" into nyc-dev am: dfa654edfe am: 5b767d1218 Change-Id: Iba0740a38e7f9fd97175542ee5255548470b510c
5fabe69fc891278b1f70a136d9b47c50ec995f7f	15-Jun-2016	Tianjie Xu <xunchang@google.com>	Fix a naming typo for source_build When parsing the last_install, the variable name is supposed to be source_build instead of source_version. Bug: 28658632 Change-Id: I1e0ed7150e04885f904b6a3efa18bd5cfe17cc96 /frameworks/base/core/java/android/os/RecoverySystem.java
9aa66d57c6a8440b0280f31f94b5e3c05980e6a2	13-Jun-2016	Tao Bao <tbao@google.com>	Merge "Add RecoverySystem.rebootWipeAb() system API." into nyc-mr1-dev
9331178a6d8c77da1b099a47ca2a645f1f01e3a8	10-Jun-2016	Tianjie Xu <xunchang@google.com>	Merge \"Collect statistics of source build version\" into nyc-dev am: 8872a604b9 Change-Id: Ic920aced4f17c31a09bea55480f92252f20d728d
1327a97a076d67f296f338653678cc383ebfa002	02-Jun-2016	Tao Bao <tbao@google.com>	Add RecoverySystem.rebootWipeAb() system API. It reboots into recovery and securely wipes an A/B device. Bug: 27253717 Bug: 29159185 Change-Id: I8252894db5c1df48bc4a8728b7f0e0f18aebc44c /frameworks/base/core/java/android/os/RecoverySystem.java
c1ff246f1a37d6619c238cf392e486ca4cf299d3	09-Jun-2016	Tianjie Xu <xunchang@google.com>	Collect statistics of source build version Parse the last_install and report the source build version of an ota update. Related CL in: ag/1121141 Bug: 28658632 Change-Id: I5e835c144aabe97fda681f60397ebf4416f7bd4f /frameworks/base/core/java/android/os/RecoverySystem.java
ebfa28ccf8abe0bb512a307f187874bdc5e7f00f	08-Jun-2016	Tianjie Xu <xunchang@google.com>	Merge \"Change unit of I/O statistics to MiB\" into nyc-dev am: 00681d0e78 Change-Id: I150ccc3c3164ee487bf4c726b080d885f8b39696
a2fe5517bcd966c22827150287f55d683d493573	02-Jun-2016	Tianjie Xu <xunchang@google.com>	Change unit of I/O statistics to MiB I/O in bytes are too large and it may cause overflow. Moreover, data with large numbers are grouped in the same bucket of the histogram. This adds difficulty to the analysis. Changing unit of I/O to MiB so that we can have a better data distribution. Bug: 28658632 Change-Id: Id9913d71e62b36ce5d5d2e57676953f4dbd0c7c9 /frameworks/base/core/java/android/os/RecoverySystem.java
f9d5e6a3db7eb8c378cc2ac78e976aa0312f2c6e	26-May-2016	Benjamin Franz <bfranz@google.com>	Add an intent extra to force master clear Currently, if a priv-app sends ACTION_MASTER_CLEAR, whilst DISALLOW_FACTORY_RESET is set, the factory reset is blocked. This CL introduces a new extra for master clear that let's the priv-app bypass the user restriction. Bug: 28689894 Change-Id: I4bf979a3826454e977f1abff4562f85c8d0eec4a /frameworks/base/core/java/android/os/RecoverySystem.java
dcd3644f224da72ec95c590394ed656915bba481	13-May-2016	Tianjie Xu <xunchang@google.com>	Report OTA time statistics Read time and I/O for OTA update from last_install, and report the statistics using MetricsLogger.histogram. Bug: 28658632 Change-Id: I7fd06a82cbabd346d6d44f81ebad08f6baf4b8d0 /frameworks/base/core/java/android/os/RecoverySystem.java
ac75f1effae79d4bccd3faf65f9a281824a2803e	29-Apr-2016	Tianjie Xu <xunchang@google.com>	Set security update label in framework GmsCore will use different filenames to distinguish a security update from a normal update. (update.zip for normal update and update_s.zip for security update.) So, if framework observes the filename as "update_s.zip", write command "--security" to BCB. This cmd ask the recovery image to choose the right background string for update. Bug: 27837319 Change-Id: I2ef12267a6be57d8a81f7f9f34c09aea54530c1f /frameworks/base/core/java/android/os/RecoverySystem.java
36baafe92cdf9139ec9c2215cbe62d6df1b32b3f	15-Mar-2016	Tao Bao <tbao@google.com>	Don't reboot into recovery if block map file is missing. We added a third parameter to RecoverySystem.installPackage() to let the caller to indicate the package has been processed (uncrypt'd). We need to ensure the caller's claim is true by checking the existence of the block map. Otherwise the device will fail for sure when booting into recovery. Bug: 27620932 Change-Id: I6325455253480055f14eb0cf020689ac37328602 /frameworks/base/core/java/android/os/RecoverySystem.java
e8a403d57c8ea540f8287cdaee8b90f0cf9626a3	31-Dec-2015	Tao Bao <tbao@google.com>	Add support for update-on-boot feature. Add a separate system service RecoverySystemService to handle recovery related requests (calling uncrypt to de-encrypt the OTA package on the /data partition, setting up bootloader control block (aka BCB) and etc). We used to trigger uncrypt in ShutdownThread before rebooting into recovery. Now we expose new SystemApi (RecoverySystem.processPackage()) to allow the caller (e.g. GmsCore) to call that upfront before initiating a reboot. This will reduce the reboot time and get rid of the progress bar ("processing update package"). However, we need to reserve the functionality in ShutdownThread to optionally call uncrypt if finding that's still needed. In order to support the update-on-boot feature, we also add new SystemApis scheduleUpdateOnBoot() and cancelScheduledUpdate() into android.os.RecoverySystem. They allow the caller (e.g. GmsCore) to schedule / cancel an update by setting up the BCB, which will be read by the bootloader and the recovery image. With the new SystemApis, an update package can be processed (uncrypt'd) in the background and scheduled to be installed at the next boot. Bug: 26830925 Change-Id: Ic606fcf5b31c54ce54f0ab12c1768fef0fa64560 /frameworks/base/core/java/android/os/RecoverySystem.java
e8217ff4a725004e495ed1506928334f97e5bbf1	02-Feb-2016	Tao Bao <tbao@google.com>	Condionally remove the block map file. We used to unconditionally remove the block map file on boot. Because the package might be half-way uncrypt'd in a corrupt state. CL in [1] changes uncrypt to ensure that block.map only gets created at the end of a successful uncrypt. So we can change to keep the fully uncrypt'd package and the block map. This is to reduce the work for GmsCore to avoid re-downloading everything again. [1]: commit 25dd0386fe69460cd1d39de116197dd2c7bf9ec2. Bug: 26883096 Change-Id: I58ca22064141bf5d42fa48146a980712c8ce21d9 /frameworks/base/core/java/android/os/RecoverySystem.java
9ad08ec5be0d1e225c9f463fd395ba852b6b5bba	09-Jul-2015	Przemyslaw Szczepaniak <pszczepaniak@google.com>	Switch RecoverySystem impl to use sun.security.pkcs Due to org.apache.harmony.security package removal, RecoverySystem#verifyPackage was rewritten to use sun.security.pkcs package for verifining package signature. (cherry-picked from 84acbd76f7e1300e8404ac1b94f008826f9cc0fb) Change-Id: I3a2058982beadab1aaae793c25db5c6f7387a72b /frameworks/base/core/java/android/os/RecoverySystem.java
48d7b31b4b5b4d68be4b5362950965fb85fae1c7	21-Oct-2015	Tao Bao <tbao@google.com>	Merge "Clean up the uncrypted OTA package on bootup." am: 5d562d4d2f am: ac140e7f76 am: db33bfc2a9 * commit 'db33bfc2a96c38eba5b67c82cb4fee69c52b80ad': Clean up the uncrypted OTA package on bootup.
87212ad6a86088f9b6342aadc480934e2f6548f7	19-Oct-2015	Tao Bao <tbao@google.com>	Clean up the uncrypted OTA package on bootup. An OTA package needs to be uncrypted before rebooting into recovery if it sits on an encrypted /data partition. Once uncrypt gets started, we cannot re-run it on the package again. Because the file may have been fully or particially uncrypted and we may end up with a corrupt file under recovery. Always clean up the package when the device boots into the normal system to avoid that. Bug: 24973532 Change-Id: I91682c103d1f2b603626c4bf8d818bced71e3674 /frameworks/base/core/java/android/os/RecoverySystem.java
e4de5a0d3b6e0c897c1cea0912b58e11db962365	23-Sep-2015	Xiaohui Chen <xiaohuic@google.com>	Cleanup OWNER references. Bug: 19913735 Change-Id: I2150c6baaab80fe11312e4401394a2a8da52e595 /frameworks/base/core/java/android/os/RecoverySystem.java
efb71f442c6dbdb75113d29df49106217f22cea3	19-Aug-2015	Tao Bao <tbao@google.com>	am 2e3746ab: am 9bcb0fcc: Merge "Recursively delete directories in handleAftermath()." * commit '2e3746abc7d70dd72f60a7912cd45472f3032acb': Recursively delete directories in handleAftermath().
9d995335f0c8d5090ba6c774853fe261037177eb	19-Aug-2015	Tao Bao <tbao@google.com>	am 2e3746ab: am 9bcb0fcc: Merge "Recursively delete directories in handleAftermath()." * commit '2e3746abc7d70dd72f60a7912cd45472f3032acb': Recursively delete directories in handleAftermath().
5065e12dbe9918b3558f4fc0e0497580d5840171	18-Aug-2015	Tao Bao <tbao@google.com>	Recursively delete directories in handleAftermath(). RecoverySystem.handleAftermath() is called to clean up recovery-related files. It needs to handle non-empty directories as well such as leftover stashes from failed OTAs. Bug: 23199081 Change-Id: I33fb326d376d04c793ad7b5948a10e8c1c572812 /frameworks/base/core/java/android/os/RecoverySystem.java
fa861429f7ec0b9f83a2baacc3c6fb680467039b	22-May-2015	Tao Bao <tbao@google.com>	Wait for uncrypt to finish before rebooting /system/bin/uncrypt needs to be triggered to prepare the OTA package before rebooting into the recovery. For larger packages, uncrypt may be killed before it finishes the work after the timeout. Change to monitor the uncrypt status and show the progress to user. Needs matching changes in bootable/recovery/uncrypt, system/core and external/sepolicy. Also pick up the two NPE fixes in commits 9bb765448df43d41e0a3edb7de1d1641c9251c35 and da3f63ffb87397943546a7c5c893ce98f2489df2. Bug: 20012567 Bug: 20949086 (cherry picked from commit 90237f7beb55dae79cdcba5271f96be778573737) Change-Id: Ibf2fc80032967e5f6cda3cd469005dd29665c87c /frameworks/base/core/java/android/os/RecoverySystem.java
90237f7beb55dae79cdcba5271f96be778573737	22-May-2015	Tao Bao <tbao@google.com>	Wait for uncrypt to finish before rebooting /system/bin/uncrypt needs to be triggered to prepare the OTA package before rebooting into the recovery. For larger packages, uncrypt may be killed before it finishes the work after the timeout. Change to monitor the uncrypt status and show the progress to user. Needs matching changes in bootable/recovery/uncrypt, system/core and external/sepolicy. Bug: 20012567 Bug: 20949086 Change-Id: I2348a98312c4dae81f618b45a2ee3b4cf6246ff5 /frameworks/base/core/java/android/os/RecoverySystem.java
70e21e61ac728c3e02d6d54a52b53199b4ebf9df	19-Mar-2015	Andreas Gampe <agampe@google.com>	Frameworks/base: Fix a constructor The constructor of RecoverySystem was accidentally made public before. @Removed it. Bug: 19797138 Change-Id: I4c7bba99695a3aeb56da9c126125c3e9075c0181 /frameworks/base/core/java/android/os/RecoverySystem.java
8c80efeaebeebce9f62a944f08f26823e146f1b7	16-Mar-2015	Andreas Gampe <agampe@google.com>	Revert "Frameworks/base: Fix a constructor" The constructor was public API, doh. Gotta do this differently. This reverts commit 33c5b2a62f3e62382c41e24c6b527119978816a0. Change-Id: Iadca87fe6a8866a8bd9d6f2a91578ec0d4c44691 /frameworks/base/core/java/android/os/RecoverySystem.java
33c5b2a62f3e62382c41e24c6b527119978816a0	15-Mar-2015	Andreas Gampe <agampe@google.com>	Frameworks/base: Fix a constructor This was meant to be a constructor, according to the comment. Change-Id: Ief49011b392e58b37d9acb4a3f754f1828b256af /frameworks/base/core/java/android/os/RecoverySystem.java
004a4b20f8d3116e6a711525960d433fcfea4ee4	24-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Include reason when wiping data. This will help us track down who requested a data wipe. Bug: 17412160 Change-Id: If8413e5d6377773f37e8b34ae3d26347226a027c /frameworks/base/core/java/android/os/RecoverySystem.java
183415e521d599ca5e33e5022fec5ec7dfe1c055	12-Aug-2014	Doug Zongker <dougz@google.com>	@hide RECOVERY permission Bug: 16959027 Change-Id: I99fbdf24d5e8bce4beb32fa872e0caa6bfdbe1e9 /frameworks/base/core/java/android/os/RecoverySystem.java
fe0538098403b49ebd9219bf77236471bb5ca63b	30-Jun-2014	Julia Reynolds <juliacr@google.com>	Restrict factory reset with user restrictions. Bug: 15985879 Change-Id: I524bd8a790798a85a679aa195e634f6e0227d09f /frameworks/base/core/java/android/os/RecoverySystem.java
e27ae55d6db8b5f80fb76c3e7637a834a14f5f0d	25-Apr-2014	Christopher Tate <ctate@google.com>	Send factory reset notification broadcasts at foreground priority Bug 14296706 Change-Id: I07b39e808dbf724f5edd4a11445de3e47c9e862b /frameworks/base/core/java/android/os/RecoverySystem.java
cdf008883921c2eb7daf10c82687e9a36461eb16	18-Mar-2014	Doug Zongker <dougz@google.com>	add option to shutdown after factory reset Add a new hidden method to recovery system to trigger a factory reset followed by a shutdown, rather than a reboot back to the regular system. Use this flag when the MASTER_CLEAR intent is broadcast with a boolean extra "shutdown" set to true. Change-Id: I2ceb25b715d9f0ef492a75b3d287d1e17cec89ef /frameworks/base/core/java/android/os/RecoverySystem.java
7a2f4ae13223bb804417e9ce3294b22bd9bda49a	14-Oct-2013	Kenny Root <kroot@google.com>	am 69779458: am 7878883e: Merge "Remove direct reference to X509CertImpl" * commit '69779458aeef3fa9d9c6f54487784cf558c850e8': Remove direct reference to X509CertImpl
27e549428eb5ae77a0ae536f778b204430f8c743	14-Oct-2013	Kenny Root <kroot@google.com>	Remove direct reference to X509CertImpl This should use the system default X.509 certificate provider. Change-Id: Ibdfd800a9d10f9dc566a360401efe7c3dc6cef5d /frameworks/base/core/java/android/os/RecoverySystem.java
c9a9ffc5264c2c9405b7b98e1e993279e10f994f	10-Apr-2013	Doug Zongker <dougz@android.com>	RecoverySystem: update comment to reflect signature changes No functionality change is needed. Change-Id: I2dd4775e484ffa96daa0d8778add5feb6c257424 /frameworks/base/core/java/android/os/RecoverySystem.java
5ac72a29593ab9a20337a2225df52bdf4754be02	30-Aug-2012	Dianne Hackborn <hackbod@google.com>	Improve multi-user broadcasts. You can now use ALL and CURRENT when sending broadcasts, to specify where the broadcast goes. Sticky broadcasts are now correctly separated per user, and registered receivers are filtered based on the requested target user. New Context APIs for more kinds of sending broadcasts as users. Updating a bunch of system code that sends broadcasts to explicitly specify which user the broadcast goes to. Made a single version of the code for interpreting the requested target user ID that all entries to activity manager (start activity, send broadcast, start service) use. Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c /frameworks/base/core/java/android/os/RecoverySystem.java
e33b4007ee56e843d5e99cfb92627425a551058d	23-Aug-2012	Doug Zongker <dougz@google.com>	pass --locale argument to recovery When RecoverySystem boots into recovery (to install an update or wipe data and/or cache), pass the --locale argument with the currently selected locale. Change-Id: Ib280330932a402be2011207bff8f05caa9b999cd /frameworks/base/core/java/android/os/RecoverySystem.java
e2d58e95a09590a63f1c597bb808b925bcab9a69	04-Nov-2011	Doug Zongker <dougz@android.com>	close input streams obtained from otacerts zip file Quells a StrictMode warning from OTA verification. Change-Id: Ie3e4c345551d1925fcc37c3ae9ce5c45713be93a /frameworks/base/core/java/android/os/RecoverySystem.java
33651201375d3670672964503994c410b8eeed7b	19-Jul-2011	Doug Zongker <dougz@android.com>	add rebootWipeCache call to RecoverySystem API Also remove the never-used encrypted-filesystem-via-recovery stuff that was stripped out of recovery a while ago. Change-Id: I3349cba83daa9bc4765bd9b3f96d15000a801824 /frameworks/base/core/java/android/os/RecoverySystem.java
3d5040f8d474713a1e148b0d64f16bb0435d6388	12-Apr-2011	Doug Zongker <dougz@android.com>	protect all /cache/recovery/last_* files from deletion Preserve any files name /cache/recovery/last_*, not just last_log, when booting. Change-Id: Ie36da5b9552e4a7100ecf3774fb1a8aaa22bfdbd /frameworks/base/core/java/android/os/RecoverySystem.java
5ee250aa744720c90b264966f9721cfb9d256e96	05-Apr-2011	Jason parks <jparks@google.com>	am 1d733625: am cca2f2f9: Merge "Send out a broadcast that the system is being factory reset." into gingerbread * commit '1d73362597c49f4692a580460bc8697a8f1d0efa': Send out a broadcast that the system is being factory reset.
4ca74dc4c2e0c68803e777cf47ed8e01b8e8444e	14-Mar-2011	Jason parks <jparks@google.com>	Send out a broadcast that the system is being factory reset. Change-Id: I339b7ce58cb3f48316103be49b582d4f7e9b63bf /frameworks/base/core/java/android/os/RecoverySystem.java
66e40c36b3145f4d2f3ddd547bd66f27b12f6324	25-Jan-2011	Jesse Wilson <jessewilson@google.com>	Prefer the overload of getDigestAlgorithm spelled correctly. Change-Id: Iaf1c031b982890c2ef21607bdf80acd652646e19 /frameworks/base/core/java/android/os/RecoverySystem.java
d059055fb3c1c979933a608bb85779f23fc11f70	29-Sep-2010	Doug Zongker <dougz@android.com>	don't delete /cache/recovery/last_log on boot Change-Id: I7739d7a61f4f0d0c2bc6324580404f61d435d716 /frameworks/base/core/java/android/os/RecoverySystem.java
4baf641e7d96375eba3f9a3aff5400b9e3d28cd6	20-Sep-2010	Doug Zongker <dougz@android.com>	recovery just takes a filename as an argument now (do not merge) Change-Id: I900cb3e7392c38b40f8c08ae5282cd5c05a4a009 /frameworks/base/core/java/android/os/RecoverySystem.java
6883c1769f089904b395e1bdf35472cf893c1602	09-Apr-2010	Jeff Brown <jeffbrown@google.com>	am 6c099149: am 37d2f5d1: Merge "Remove @link to hidden ACCESS_CACHE_FILESYSTEM permission." into froyo Merge commit '6c099149daff56ca04ab40a86950e7b61caf6505' into kraken * commit '6c099149daff56ca04ab40a86950e7b61caf6505': Remove @link to hidden ACCESS_CACHE_FILESYSTEM permission.
64010e835057d4b85e2d90cf75cc562f3b5eb552	09-Apr-2010	Jeff Brown <jeffbrown@google.com>	Remove @link to hidden ACCESS_CACHE_FILESYSTEM permission. Change-Id: I4be691f20f650b412beb22b199a4cbef879b2668 /frameworks/base/core/java/android/os/RecoverySystem.java
1f4df90bfab8ca42eabe95f19eadff3432eee7fd	27-Mar-2010	Oscar Montemayor <oam@google.com>	DO NOT MERGE Removing unused features from source tree. Please refer to Bug#2502219. Change-Id: I879c29bfd5ffe933f64bb1082aaae7c956450a5a /frameworks/base/core/java/android/os/RecoverySystem.java
c95142d4a0ab7bebb899167da17c70c3196abbe4	11-Mar-2010	Dan Egnor <egnor@google.com>	Move boot log file writing into a background thread to avoid ANR. Bug: 2507228 Change-Id: I35695f89f1d62b907f04511e3e6b71722008949b /frameworks/base/core/java/android/os/RecoverySystem.java
cb95657326add53f81cd2f8a0ae0a1a0527ae799	11-Mar-2010	Doug Zongker <dougz@android.com>	make RecoverySystem.verifyPackage interruptible Change-Id: I09f6746914ef63c81312efd3a8959b0c28f6003a /frameworks/base/core/java/android/os/RecoverySystem.java
0cb047c0de7fe6a775bc6e9cff194af9dcb726cf	06-Jan-2010	Doug Zongker <dougz@android.com>	unhide the RecoverySystem class The recovery system is already part of the platform; this class defines an interface for interacting with it from the regular system. Change-Id: I87dff8d6c1dbd11ac8f397a3f34ea5cb16d2d227 /frameworks/base/core/java/android/os/RecoverySystem.java
1af33d0ddc2f50ade146e4d48e2feb6f1d553427	05-Jan-2010	Doug Zongker <dougz@android.com>	add recovery system interface to API Adds android.os.RecoverySystem (marked as pending) to replace the (hidden) com.android.internal.os.RecoverySystem. RecoverySystem contains methods for: - verifying the signature of an update package - rebooting to install a package - rebooting to wipe user data (The reboot functions require "android.permission.REBOOT" and "android.permission.ACCESS_CACHE_FILESYSTEM".) Providing these simplifies implementation of OTA update for device builders. Change-Id: I63ce743b156e7a1a0327fd395b0e4a82c0eda79a /frameworks/base/core/java/android/os/RecoverySystem.java