summaryrefslogtreecommitdiff
path: root/payload_consumer
Commit message (Collapse)AuthorAgeFilesLines
* Merge "Improve payload magic header handling" into r11.1Semavi Ulusoy2021-07-051-1/+13
|\
| * Improve payload magic header handlingKelvin Zhang2021-07-031-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, we use central directory's extra fields and filenames to determine starting position of a zipentry's file data. However, central directory's extra field might differ from extra field in local file header. For example, the Extended-Timestamp field has different formats depending on whether it's in local file header or central directory. We should use local file header for computing offsets. CRs-Fixed: 2804037 Test: Serve an OTA by update_device.py Change-Id: I00d150d874b9c874bb713569ea14938e036f854e (cherry picked from commit aba70abe81618542044dc20907f281a56b8b500e)
* | Revert "update_engine: Run backuptool only in debuggable builds"Pranav Vashi2021-06-301-2/+0
|/ | | | | | This reverts commit 5374eaa2b1824e0c7e6f2628c34baa438626127f. Change-Id: I36dd04f86612682344b08ff8674d3f1c8442661d
* Merge tag 'android-11.0.0_r32' into r11.1Ali B2021-03-021-20/+17
|\ | | | | | | | | | | Android 11.0.0 Release 32 (RQ2A.210305.006) Change-Id: I45f91ed8ffefbe0adec5bc01f52278cbd08ffb4a
| * Validate payload data for each operationTianjie2020-07-101-20/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For streaming update, we currently verify: 1. the hash of manifest before applying ops 2. the hash of the entire payload after we apply all ops 3. the final patched on filesystems after the update So there is some potential to exploit the patching libraries, if some attacker manage to provide us malicious patch data after the manifest verification. Therefore, this cl enables the validation of patch data for each install operation. The hash itself is embedded in the payload manifest; and thus has been verified upfront. Bug: 160800689 Test: unittests, apply an OTA Change-Id: Idd4cbe167ce63f197d821752f75e45add0ea829c (cherry picked from commit ef49160c9bd2621dd3084fa061f09d176304ca49)
* | Ignore timestamp check in DeltaPerformerSurge Raval2021-02-101-0/+2
| | | | | | | | Change-Id: I744addf6a87025515040cdad203c235c4a678de9
* | update_engine: Always disable signature and downgrade checksjhenrique092021-02-041-2/+4
| | | | | | | | Change-Id: Ibd9ca7d69f3824d5302c7c76c0baf4b9d41fced6
* | Don't verify payload signatures in recoveryAlessandro Astone2020-12-201-1/+6
| | | | | | | | Change-Id: I0ce626ef993c2a7c87e03f705ef2e866a3391db1
* | update_engine: Run backuptool only in debuggable buildsLuca Stefani2020-12-121-0/+2
| | | | | | | | Change-Id: If4da655396546ac3c13b9eb556055caa58bafcf0
* | update_engine: Transition to backuptool domainLuca Stefani2020-12-121-0/+13
| | | | | | | | | | | | | | * This way we can make backuptool permissive while leaving update_engine rules as clean as possible Change-Id: Ied17f31f7d0258319371f3badc891c7a6ecee901
* | update_engine: Run backuptool script before normal postinstall scriptDan Pasanen2020-12-121-0/+53
|/ | | | | | | | | | | | | | | | | | | | | * Check if the currently running /system has ever been mounted R/W. If it has, we can assume that running backuptool_ab scripts won't do anything catastrophic like break verity. Also this is a good indicator that the partition has been messed with since the initial installation of the rom (for instance if a gapps or su package had been added). * Mount the new target slot's /system partition at /postinstall R/W, before the normal dex preopt script is run, and perform backuptool_ab operations. This will allow retaining addon packages, similar to what we've historically used in recovery flashes for non-A/B devices. This, since it mounts the new /system R/W, will also ensure it gets triggered again on the next flash. * This assume that all backuptool operations are contained in /system and that we won't ever screw around with retaining things on /vendor. Change-Id: I00ca479ccc24080bf3457334a6c9e4c07dd20f45
* Allow forward merge on powerwash.Yifan Hong2020-03-271-1/+2
| | | | | | | | | | | | | If package schedules powerwash, snapshots on a Virtual A/B device will be deleted. Tell SnapshotManager to handle this case. Test: apply downgrade package Test: apply package with wipe Test: apply package then manually wipe Bug: 152094219 Change-Id: I8601b661924abcc82956788e2f33cdb70d71f778 (cherry picked from commit 7b3910a58bd0b8d9f0bd316fad5776ef0a8494ba) Merged-In: I8601b661924abcc82956788e2f33cdb70d71f778
* ShouldSkipOperation -> OptimizeOperationYifan Hong2020-03-121-13/+29
| | | | | | | | | | | | | | | | For SOURCE_COPY operations like 563412 -> 123456 OptimizeOperation optimizes it to 5612 -> 1256 and skip writing blocks that does not need to be written for snapshot partitions. Bug: 148623880 Test: update_engine_unittests Test: apply incremental OTA Change-Id: Ifd2c3851f703f272a74c8f0e9a1c9a82dbcce3e3 Merged-In: Ifd2c3851f703f272a74c8f0e9a1c9a82dbcce3e3
* DeltaPerformer: Don't destroy previously allocated spaceYifan Hong2020-01-162-5/+17
| | | | | | | | | | | | | After allocateSpaceForPayload() is called, applyPayload() with the same hash should not destroy the allocated files then re-allocate. Fix it so that DeltaPerformer::ResetUpdateProgress skip resetting the hash in this case. Bug: 138808058 Test: update_engine_client --allocate, then --apply Change-Id: Ibc2a7449a6953a707d1c4f23ee11d572f498457c
* DeltaPerformer: add static PreparePartitionsForUpdateYifan Hong2020-01-163-16/+75
| | | | | | | | | | | | | | | | | | | | | | | Expose a static PreparePartitionsForUpdate for implementation of AllocateSpaceForPayload. - If this function is called multiple times with the same 'update_check_response_hash', calls after the first call has no effect. - If this function is called again with a different 'update_check_response_hash', space is re-allocated. - DeltaPerformer::ResetUpdateProgress deletes the stored hash and cause the next PreparePartitionsForUpdate to always re-allocate space. - DeltaPerformer::ParseManifestPartitions now set error code to kNotEnoughSpace when appropriate. Test: apply an OTA manually Bug: 138808058 Change-Id: I6fb60016088a3133af3fc961196f63e7d079ae93
* DynamicPartitionControl: Add required_size to PrepareYifan Hong2020-01-161-1/+2
| | | | | | | | | | | Add out parameter required_size to PreparePartitionsForUpdate to indicate the total size required on /userdata in order to apply the update. Bug: 138808058 Test: update_engine_unittests Change-Id: I2768d13671e212fd24a1a22811b50c9738834459
* Allow update_engine to skip post-installTianjie Xu2020-01-142-9/+39
| | | | | | | | | | | | The postinstall steps take long time to finish, even though most of them are optional. Therefore, reuse the flag run_post_install in InstallPlan to allow skipping optional postinstalls. Bug: 136185424 Test: cancel the update during post-install, apply again with the header "RUN_POST_INSTALL=0", check the optional post-installs are skipped Change-Id: Ic5ab89b079dfd547714fd3d1664e044900f9eebe
* Only skip operation on snapshot partitionsYifan Hong2019-12-041-1/+3
| | | | | | | | | On Virtual A/B devices, don't skip SOURCE_COPY on static partitions. Test: update_engine_unittest Test: incremental update to self Change-Id: I5c93b501e09f50f559151eb77d83052373c90d0d
* DeltaPerformer uses ShouldSkipOperation()Alessio Balsini2019-12-041-12/+34
| | | | | | | | | | | | Enable DeltaPerformer request DynamicPartitionControl if a SOURCE_COPY operation can be skip. A SOURCE_COPY operation can still fail if its hash does not correspond to the partition's. Bug: 141207436 Test: manual OTA application Change-Id: Ib3d8c9343acb4d3655781150a4cca57985f20387 Signed-off-by: Alessio Balsini <balsini@google.com>
* Schedule a warm_reset after an OTATianjie Xu2019-11-151-0/+3
| | | | | | | | | | The property is set to inform kernel to do a warm_reset on the next reboot. This is useful to persist the logs to debug device boot failures. More details in http://go/rvc-ota-persist-logs. Bug: 143489994 Test: check the property sets after an update Change-Id: I776a6996e3b3ef77514da0acc91585d28e5cdf15
* Don't FinishUpdate() in BootControl*::SetActiveBootSlot()Yifan Hong2019-11-131-1/+2
| | | | | | | | | | | | Instead, callers call GetDynamicPartitionControl()->FinishUpdate() directly. This is one more step forward for keeping BootControlAndroid a thin wrapper over the boot control HAL. Test: builds Test: update_engine_unittests Change-Id: I95773ed7f230d1a666d5391bec7783e42b90bf64
* Remove BootControlInterface::PreparePartitionsForUpdateYifan Hong2019-11-131-2/+5
| | | | | | | | Replace with GetDynamicPartitionControl()->PreparePartitionsForUpdate( GetCurrentSlot(), ...). Test: update_engine_unittests Change-Id: Ib03ee97a25727a9292cbb0c9aab5dbe75a2b6913
* Allow skipping timestamp check in certain debug conditionsTianjie Xu2019-10-311-1/+5
| | | | | | | | | | | As proposed in go/ota-downgrade, the android auto team wants to install a full OTA with the older timestamp. We will only allow it on devices with userdebug build, and has the property "ro.ota.allow_downgrade" set. Data wipe is almost inevitable due to the probability of security patch level and database rollback. Test: set the property and install a full payload with older timestamp. Change-Id: I897bbb19bfec820340f791abf3c6d8138995fa90
* Fix the behavior for metadata verification when no public key presentsTianjie Xu2019-10-221-7/+8
| | | | | | | | | | The old behavior actually checks if the hash check is mandatory (install_plan_->hash_checks_mandatory). And it reports an warning instead of an error for non-mandatory checks when there is no public key presents. Change the logic to match the old behavior. Test: unit tests pass, run 'brillo_update_payload verify' without a source image. Change-Id: Ie9be7553ec018c1c7fd515a462190c2376c67e4c
* Allow update engine read public keys from otacerts.zipTianjie Xu2019-10-1514-74/+491
| | | | | | | | | | | | | | | The android build system installs both otacerts.zip and update-payload-key.pub.pem on the device. And the latter is converted from the X509 certificates inside the otacerts.zip during the build time. We can consolidate these two by letting update engine to parse the public keys from otacerts.zip directly. This also allows update engine to use multiple keys to verify the payload. Bug: 116660991 Test: unittests pass Change-Id: I0a499405f2835e1ff8b7916452cb3123046306a7
* Add EC key signing supportTianjie Xu2019-10-102-89/+173
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The DER encoded signature size of ECDSA with P-256 NIST CURVE is nondeterministic for different input of sha256 hash. For example, the signature size can be 70, 71, 72 bytes with the maximum possible size of 72 bytes. However, we need the size of the serialized signatures protobuf string to be fixed before signing; because the size is part of the content to be signed. To achieve that, we can add padding to the signature; and update the definition of the signature proto to include the unpadded signature size. message Signatures { message Signature { optional uint32 version = 1; optional bytes data = 2; optional fixed32 unpadded_signature_size = 3; } repeated Signature signatures = 1; } Therefore the payload verifier will read the unpadded signature and use it to verify against the public keys. For RSA signatures, the signature data already has the correct size. So the legacy update_engine on the old devices will still be able to verify these signatures in new proto format. We also need to update the version in signature proto, and the minor version of update_engine. The EC key in the unittest is generated with the command: openssl ecparam -name prime256v1 -genkey -noout -out prime256v1-key.pem openssl pkey -in prime256v1-key.pem -out unittest_key_EC.pem Bug: 141244025 Test: unit tests pass, sign a package with EC key and and install on sailfish Change-Id: I0a16c9f2f2c7fe9ccc1070c87fbbd6b94bc1f542
* Factor out the RSA verification in payload verifierTianjie Xu2019-10-044-68/+119
| | | | | | | | | | | | | Right now, the payload is always signed with a RSA key, and the payload verifier takes the public key as a PEM encoded string. As we want to support payload signing with EC keys, we need to figure out the key types first in the verifier. So, add an overload function in payload verifier to accept EVP_PKEY as the public key. Bug: 141244025 Test: unittests pass Change-Id: Ibbdac5a7a3de48347100861aeac0013bff43da6f
* Signature size now uses size_tTianjie Xu2019-10-011-6/+6
| | | | | | | | Signature size shouldn't have negative values. Make its usage more consistent. Test: mma Change-Id: Ie6cbf49694fcbe0348d6338373423d77d3edfdd4
* [REFACTOR] Pass DeltaArchiveManifest to DynamicPartitionControlYifan Hong2019-09-232-34/+10
| | | | | | | | | | | | | | DynamicPartitionControl need the list of operations to calculate COW sizes. - Remove BootControlInterface::PartitionMetadata. Replace all references with DeltaArchiveManifest. DeltaArchiveManifest has all information that PartitionMetadata has. - Rename all InitPartitionMetadata to PreparePartitionsForUpdate - Change all PreparePartitionsForUpdate to use new signature Bug: 138816109 Test: update_enigne_unittests --gtest_filter=*BootControl*:*Dynamic* Change-Id: I4389ba2b1801addf8c3bc8395e2ea6a9a3ed27a0
* Enable update_engine to access OTA package via file descriptorKyeongkab.Nam2019-07-131-1/+9
| | | | | | | | | | | | | Due to the restriction of Treble, update_engine cannot access to OTA packages located on non-core domain area. (e.g. /data/vendor/upgrade/xxx.zip) To solve such problem, update_engine needs to have a new interface which accepts a file descriptor (FD) of OTA package file instead of its URI and to read package file while updating via FD. Test: Manual update Bug: 130209137 Change-Id: Ieb7173dc958ba3eb21af708e616ef7078cd17b3e
* Set the block device to be writable before writing verity dataxunchang2019-04-251-0/+3
| | | | | | | | | | | | | | | | | | The block device is set to be writable when the delta performer opens the partition to perfrom writes. But if the update interrupts and the device reboots during the verity data calculation, update engine will consider the write actions done on resumes and skip setting the writable flag. As a result, the resumed update will fail to write the hashtree with EPERM. A possible fix is to explicltly set the flag when the FilesystemVerifierAction wants to write verity data. Bug: 131232680 Test: Interrupt the update during verity writing, reboot and check the update resumes correctly Change-Id: I1007414139e4ae5be3fc60ec73b18264d4baa60e
* Support signing payload with 4096 bits RSA keysxunchang2019-04-024-74/+74
| | | | | | | | | | | | | | | | | | | The 32 bytes sha256 hash was padded to 256 bytes before payload signing and verification. During the padding, we appended a hard coded header according to RFC3447 spec. As we want to support signing with 4096 bits keys, the format of the padding doesn't change but the length needs adjustion. Now callers will pass in the RSA size in bytes in the padding function. And the verification function will now take the raw 32 bytes sha256 hash instead of the padded value. The new key for unittest is generated by: openssl genrsa -out unittest_key_RSA4096.pem 4096 Bug: 129163830 Test: unit tests pass, create and install an update signed by 4096 bits key. Change-Id: I8e0d02ddb1472e22976c0f170e8bf2b8b094c7d4
* Allow creation of a logical partitionHridya Valsaraju2019-03-013-21/+66
| | | | | | | | | | | | | | | | | | - InstallPlan: allow source partition to be missing if size == 0 - DeltaPerformer: don't open source partition if size == 0 Also: - DeltaPerformer: test for source_fd_ before using it (to avoid segfault) - Fix DeltaPerformerTest to generate payloads with correct source sizes and paths. Previously, this works because source_path is always set even when source_size = 0. Bug: 124958572 Test: python system/update_engine/scripts/update_device.py <ota-img> Test: update_engine_unittests Change-Id: I53bda1d12accdf91e7fa616be5da562e189038d5
* Use InstallOperation::Type instead of InstallOperation_Type.Sen Jiang2019-02-262-2/+2
| | | | | Test: mma Change-Id: I4d23856904eab70ece686fe571c2db517b60835b
* Use string for Signatures protobuf.Sen Jiang2019-02-226-23/+22
| | | | | | | | To avoid conversion between brillo::Blob and string. Also use SerializeToString() instead of AppendToString(). Test: update_engine_unittests Change-Id: I0ad0fb5f45223f9f51f940de727660a9e62052bb
* update_engine: Add support for enterprise rollback powerwashZentaro Kavanagh2019-01-222-2/+6
| | | | | | | | | | | | | | | - Adds the additional flag "rollback" to the powerwash file - This flag allows additional data to be preserved over a powerwash - Adds tests BUG=chromium:881341 TEST=unittests Change-Id: I4487f4de856ea8d2d0255e8de4cd1ba0762a8e53 Reviewed-on: https://chromium-review.googlesource.com/1412683 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Zentaro Kavanagh <zentaro@chromium.org> Reviewed-by: Amin Hassani <ahassani@chromium.org> Reviewed-by: Sen Jiang <senj@chromium.org>
* update_engine: Run clang-format on payload_consumerAmin Hassani2019-01-1528-467/+506
| | | | | | | | | | | | | | We just did a AOSP merge, so it is a good time to clean things up. BUG=none TEST=unittest Change-Id: I4fe9cef5eb8709344d6b78bc298c0f1c03308ffc Reviewed-on: https://chromium-review.googlesource.com/1407540 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Amin Hassani <ahassani@chromium.org> Reviewed-by: Sen Jiang <senj@chromium.org> Reviewed-by: Xiaochu Liu <xiaochu@chromium.org>
* update_engine: Merge remote-tracking branch 'cros/upstream' into 'cros/master'Amin Hassani2019-01-118-117/+117
|\ | | | | | | | | | | | | | | | | Do another merge to get a few important very recent CLs. BUG=chromium:916593 TEST=unittests Change-Id: Iee29b797270d8733838e755f9da0acaa405fd770
| * Use base::TimeTicks.Sen Jiang2019-01-102-4/+4
| | | | | | | | | | | | | | | | base::Time is wall clock time which might be decreased, base::TimeTicks should be used to track the time difference. Test: unit test Change-Id: I1ed2c74137955a8351815ebda8e6c7330d7b1012
| * Force the last checkpoint to be saved.Sen Jiang2019-01-102-9/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | We throttle the checkpoint if it's less than 1 second, but this could lead to the last checkpoint not being saved, reset the checkpoint time to make sure the last checkpoint will be saved. Also improved logging when payload size mismatch happens. Fixes: 122628007 Test: cancel update during postinstall, resume the update Change-Id: Ia38e036ea81c9a09a16a3e589983e675ab2982cc
| * Remove unused functions in test_utils.Sen Jiang2019-01-101-0/+1
| | | | | | | | | | | | | | Also cleaned up unused includes. Test: mma Change-Id: I8e19648f4d866615de9ae5abeb29d8c8b8f37b36
| * Don't use temp file for public key.Sen Jiang2019-01-097-104/+96
| | | | | | | | | | | | | | | | | | If using public key from Omaha response, we wrote it to a temp file which will be read back, this is unnecessary since we can keep it in memory. Test: update_engine_unittests Change-Id: Ib9f7a9292b71b9d91a0b24c687cc989b79d3812b
* | update_engine: Merge remote-tracking branch 'cros/upstream' into cros/masterAmin Hassani2019-01-0832-382/+1039
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since libchrome in AOSP is ahead of CrOS I had to guard against BASE_VER in a few places to satisfy older libchromes. file_fetcher.cc is now needed in delta_generator. A few unittests need to be run as root. BUG=chromium:916593 TEST=unittest TEST=cros_generate_update_payload TEST=cros flash CQ-DEPEND=CL:1399261 Change-Id: If3497549e88e559f8ecc38f414259b9c774f4a44
| * Merge aosp/upstream-master into aosp/master.Sen Jiang2019-01-042-0/+15
| |\ | |/ |/| | | | | | | | | Added BinderUpdateEngineClient::AttemptInstall(). Test: update_engine_unittests Change-Id: Id6911f49d763b0d572658acb7d66857016bf6969
* | Revert "Partially Revert 2b9d241"Hidehiko Abe2018-11-213-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 71818c8409812c5a08124627c19aa8ea0625a72e. This patch was created because the upstream update_engine was using the new version of libchrome and the Chrome OS one was not. Now that we are upreving libchrome on Chrome OS we can revert this. BUG=b:37434548 TEST=Build CQ-DEPEND=CL:1240033 Change-Id: I98b7d124212087292500701782de08b3d3ecc559 Reviewed-on: https://chromium-review.googlesource.com/1239818 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Hidehiko Abe <hidehiko@chromium.org> Reviewed-by: Amin Hassani <ahassani@chromium.org>
* | update_engine: Reduce prefs writes during updateColin Howes2018-11-062-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we checkpoint after every operation during an update in order to allow us to resume if an update is interrupted for some reason. In addition, we write the current uptime duration every time we receive data over the network in order to collect total uptime metrics when an update finishes, even if it was interrupted by a restart. In practice, this results in a massive number of writes to prefs files during an update (~70000 calls to creat on the samus build I tested). This change introduces rate limiting to both of these mechanisms, such that checkpoints and changes in uptime are persisted at most once per second. This reduces the number of calls to creat to around 650. BUG=chromium:898648 TEST=Perform an update while running strace: strace -p <pidof update_engine> -f -e '!read,write,sendto,recvfrom' Change-Id: Icadc8de4efdebf480ef37c6ef69603e250212102 Reviewed-on: https://chromium-review.googlesource.com/1316467 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Amin Hassani <ahassani@chromium.org> Reviewed-by: Amin Hassani <ahassani@chromium.org>
| * Call InitPartitionMetadata when resuming an update.Tao Bao2019-01-042-13/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | BootControlAndroid::InitPartitionMetadata() should always be called when starting / resuming an update that uses dynamic partitions. This allows updating the metadata for the target slot, as well as setting up the internal state for accessing the dynamic partitions in the target slot. Bug: 122097567 Test: Run update_engine_unittests on taimen and blueline. Test: Apply a payload that uses dynamic partitions. Reboot before it finishes, then resume the update. Change-Id: I1353f7460a61c0183654b6349689beaa9bf12129
| * Improve the logic for mapping target dynamic partitions.Yifan Hong2018-12-143-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While applying a retrofit update on a dynamic-partitions-enabled build, it should always use static target partitions. Otherwise reading them from the updated partition metadata would end up using mismatching info. This CL improves the logic in detecting and handling such a case. - It identifies a retrofit or regular update based on the absence of DynamicPartitionMetadata field. - Upon seeing that, it skips updating partition metadata for the target slot, and looks up target partitions as static partitions. - Source partitions will always be loaded according to the actual state. This CL also removes the re-mapping of the target partitions from InitPartitionMetadata(). It only needs to unmap those partitions, since they may become inconsistent with the updated metadata. However, it's unnecessary to re-map them, which will be done later as part of GetDynamicPartitionDevice(). Also updated tests to reflect this. Bug: 120775936 Test: update_engine_unittests Test: Apply an update with dynamic partitions; abort and resume. Test: Apply a retrofit update; abort and resume the update. Change-Id: Ic07bd98847e91a003101266e426c4d23666810f2
| * Revert "Remove kPrefsDynamicPartitionMetadataInitialized."Yifan Hong2018-12-132-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 09f6e0f8f5340e2e8f6bf14e08adf25798eab360. Reason for revert: Should not re-initialize metadata when resuming from an update. Bug: 120465293 Bug: 120775936 Test: manual OTA, interrupt and resume Change-Id: Ib1626dfa4a766e9a5ffaf2d9d74ec2b04c76052d
| * DO NOT MERGE - Merge pie-platform-release (PPRL.181205.001) into masterXin Li2018-12-111-1/+13
| |\ | | | | | | | | | | | | Bug: 120502534 Change-Id: I823ab5b0896ee5ccacfc9a0699a0243f0d283de3
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 09:16:17 +0000