1 /*
2 * Copyright (C) 2018 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <dlfcn.h>
18 #include <errno.h>
19 #include <fcntl.h>
20 #include <getopt.h>
21 #include <inttypes.h>
22 #include <limits.h>
23 #include <linux/fs.h>
24 #include <stdarg.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <sys/stat.h>
29 #include <sys/types.h>
30 #include <time.h>
31 #include <unistd.h>
32
33 #include <atomic>
34 #include <string>
35 #include <thread>
36 #include <vector>
37
38 #include <android-base/file.h>
39 #include <android-base/logging.h>
40 #include <android-base/properties.h>
41 #include <android-base/strings.h>
42 #include <android-base/unique_fd.h>
43 #include <bootloader_message/bootloader_message.h>
44 #include <cutils/android_reboot.h>
45 #include <cutils/sockets.h>
46 #include <private/android_logger.h> /* private pmsg functions */
47 #include <selinux/android.h>
48 #include <selinux/label.h>
49 #include <selinux/selinux.h>
50
51 #include "common.h"
52 #include "fastboot/fastboot.h"
53 #include "install/wipe_data.h"
54 #include "otautil/logging.h"
55 #include "otautil/paths.h"
56 #include "otautil/roots.h"
57 #include "otautil/sysutil.h"
58 #include "recovery.h"
59 #include "recovery_ui/device.h"
60 #include "recovery_ui/stub_ui.h"
61 #include "recovery_ui/ui.h"
62
63 static constexpr const char* COMMAND_FILE = "/cache/recovery/command";
64 static constexpr const char* LOCALE_FILE = "/cache/recovery/last_locale";
65
66 static constexpr const char* CACHE_ROOT = "/cache";
67
68 bool has_cache = false;
69
70 RecoveryUI* ui = nullptr;
71 struct selabel_handle* sehandle;
72
UiLogger(android::base::LogId,android::base::LogSeverity severity,const char *,const char *,unsigned int,const char * message)73 static void UiLogger(android::base::LogId /* id */, android::base::LogSeverity severity,
74 const char* /* tag */, const char* /* file */, unsigned int /* line */,
75 const char* message) {
76 static constexpr char log_characters[] = "VDIWEF";
77 if (severity >= android::base::ERROR && ui != nullptr) {
78 ui->Print("E:%s\n", message);
79 } else {
80 fprintf(stdout, "%c:%s\n", log_characters[severity], message);
81 }
82 }
83
84 // command line args come from, in decreasing precedence:
85 // - the actual command line
86 // - the bootloader control block (one per line, after "recovery")
87 // - the contents of COMMAND_FILE (one per line)
get_args(const int argc,char ** const argv)88 static std::vector<std::string> get_args(const int argc, char** const argv) {
89 CHECK_GT(argc, 0);
90
91 bootloader_message boot = {};
92 std::string err;
93 if (!read_bootloader_message(&boot, &err)) {
94 LOG(ERROR) << err;
95 // If fails, leave a zeroed bootloader_message.
96 boot = {};
97 }
98 stage = std::string(boot.stage);
99
100 std::string boot_command;
101 if (boot.command[0] != 0) {
102 if (memchr(boot.command, '\0', sizeof(boot.command))) {
103 boot_command = std::string(boot.command);
104 } else {
105 boot_command = std::string(boot.command, sizeof(boot.command));
106 }
107 LOG(INFO) << "Boot command: " << boot_command;
108 }
109
110 if (boot.status[0] != 0) {
111 std::string boot_status = std::string(boot.status, sizeof(boot.status));
112 LOG(INFO) << "Boot status: " << boot_status;
113 }
114
115 std::vector<std::string> args(argv, argv + argc);
116
117 // --- if arguments weren't supplied, look in the bootloader control block
118 if (args.size() == 1) {
119 boot.recovery[sizeof(boot.recovery) - 1] = '\0'; // Ensure termination
120 std::string boot_recovery(boot.recovery);
121 std::vector<std::string> tokens = android::base::Split(boot_recovery, "\n");
122 if (!tokens.empty() && tokens[0] == "recovery") {
123 for (auto it = tokens.begin() + 1; it != tokens.end(); it++) {
124 // Skip empty and '\0'-filled tokens.
125 if (!it->empty() && (*it)[0] != '\0') args.push_back(std::move(*it));
126 }
127 LOG(INFO) << "Got " << args.size() << " arguments from boot message";
128 } else if (boot.recovery[0] != 0) {
129 LOG(ERROR) << "Bad boot message: \"" << boot_recovery << "\"";
130 }
131 }
132
133 // --- if that doesn't work, try the command file (if we have /cache).
134 if (args.size() == 1 && has_cache) {
135 std::string content;
136 if (ensure_path_mounted(COMMAND_FILE) == 0 &&
137 android::base::ReadFileToString(COMMAND_FILE, &content)) {
138 std::vector<std::string> tokens = android::base::Split(content, "\n");
139 // All the arguments in COMMAND_FILE are needed (unlike the BCB message,
140 // COMMAND_FILE doesn't use filename as the first argument).
141 for (auto it = tokens.begin(); it != tokens.end(); it++) {
142 // Skip empty and '\0'-filled tokens.
143 if (!it->empty() && (*it)[0] != '\0') args.push_back(std::move(*it));
144 }
145 LOG(INFO) << "Got " << args.size() << " arguments from " << COMMAND_FILE;
146 }
147 }
148
149 // Write the arguments (excluding the filename in args[0]) back into the
150 // bootloader control block. So the device will always boot into recovery to
151 // finish the pending work, until finish_recovery() is called.
152 std::vector<std::string> options(args.cbegin() + 1, args.cend());
153 if (!update_bootloader_message(options, &err)) {
154 LOG(ERROR) << "Failed to set BCB message: " << err;
155 }
156
157 // Finally, if no arguments were specified, check whether we should boot
158 // into fastboot or rescue mode.
159 if (args.size() == 1 && boot_command == "boot-fastboot") {
160 args.emplace_back("--fastboot");
161 } else if (args.size() == 1 && boot_command == "boot-rescue") {
162 args.emplace_back("--rescue");
163 }
164
165 return args;
166 }
167
load_locale_from_cache()168 static std::string load_locale_from_cache() {
169 if (ensure_path_mounted(LOCALE_FILE) != 0) {
170 LOG(ERROR) << "Can't mount " << LOCALE_FILE;
171 return "";
172 }
173
174 std::string content;
175 if (!android::base::ReadFileToString(LOCALE_FILE, &content)) {
176 PLOG(ERROR) << "Can't read " << LOCALE_FILE;
177 return "";
178 }
179
180 return android::base::Trim(content);
181 }
182
183 // Sets the usb config to 'state'.
SetUsbConfig(const std::string & state)184 static bool SetUsbConfig(const std::string& state) {
185 android::base::SetProperty("sys.usb.config", state);
186 return android::base::WaitForProperty("sys.usb.state", state);
187 }
188
ListenRecoverySocket(RecoveryUI * ui,std::atomic<Device::BuiltinAction> & action)189 static void ListenRecoverySocket(RecoveryUI* ui, std::atomic<Device::BuiltinAction>& action) {
190 android::base::unique_fd sock_fd(android_get_control_socket("recovery"));
191 if (sock_fd < 0) {
192 PLOG(ERROR) << "Failed to open recovery socket";
193 return;
194 }
195 listen(sock_fd, 4);
196
197 while (true) {
198 android::base::unique_fd connection_fd;
199 connection_fd.reset(accept(sock_fd, nullptr, nullptr));
200 if (connection_fd < 0) {
201 PLOG(ERROR) << "Failed to accept socket connection";
202 continue;
203 }
204 char msg;
205 constexpr char kSwitchToFastboot = 'f';
206 constexpr char kSwitchToRecovery = 'r';
207 ssize_t ret = TEMP_FAILURE_RETRY(read(connection_fd, &msg, sizeof(msg)));
208 if (ret != sizeof(msg)) {
209 PLOG(ERROR) << "Couldn't read from socket";
210 continue;
211 }
212 switch (msg) {
213 case kSwitchToRecovery:
214 action = Device::BuiltinAction::ENTER_RECOVERY;
215 break;
216 case kSwitchToFastboot:
217 action = Device::BuiltinAction::ENTER_FASTBOOT;
218 break;
219 default:
220 LOG(ERROR) << "Unrecognized char from socket " << msg;
221 continue;
222 }
223 ui->InterruptKey();
224 }
225 }
226
redirect_stdio(const char * filename)227 static void redirect_stdio(const char* filename) {
228 android::base::unique_fd pipe_read, pipe_write;
229 // Create a pipe that allows parent process sending logs over.
230 if (!android::base::Pipe(&pipe_read, &pipe_write)) {
231 PLOG(ERROR) << "Failed to create pipe for redirecting stdio";
232
233 // Fall back to traditional logging mode without timestamps. If these fail, there's not really
234 // anywhere to complain...
235 freopen(filename, "a", stdout);
236 setbuf(stdout, nullptr);
237 freopen(filename, "a", stderr);
238 setbuf(stderr, nullptr);
239
240 return;
241 }
242
243 pid_t pid = fork();
244 if (pid == -1) {
245 PLOG(ERROR) << "Failed to fork for redirecting stdio";
246
247 // Fall back to traditional logging mode without timestamps. If these fail, there's not really
248 // anywhere to complain...
249 freopen(filename, "a", stdout);
250 setbuf(stdout, nullptr);
251 freopen(filename, "a", stderr);
252 setbuf(stderr, nullptr);
253
254 return;
255 }
256
257 if (pid == 0) {
258 // Child process reads the incoming logs and doesn't write to the pipe.
259 pipe_write.reset();
260
261 auto start = std::chrono::steady_clock::now();
262
263 // Child logger to actually write to the log file.
264 FILE* log_fp = fopen(filename, "ae");
265 if (log_fp == nullptr) {
266 PLOG(ERROR) << "fopen \"" << filename << "\" failed";
267 _exit(EXIT_FAILURE);
268 }
269
270 FILE* pipe_fp = android::base::Fdopen(std::move(pipe_read), "r");
271 if (pipe_fp == nullptr) {
272 PLOG(ERROR) << "fdopen failed";
273 check_and_fclose(log_fp, filename);
274 _exit(EXIT_FAILURE);
275 }
276
277 char* line = nullptr;
278 size_t len = 0;
279 while (getline(&line, &len, pipe_fp) != -1) {
280 auto now = std::chrono::steady_clock::now();
281 double duration =
282 std::chrono::duration_cast<std::chrono::duration<double>>(now - start).count();
283 if (line[0] == '\n') {
284 fprintf(log_fp, "[%12.6lf]\n", duration);
285 } else {
286 fprintf(log_fp, "[%12.6lf] %s", duration, line);
287 }
288 fflush(log_fp);
289 }
290
291 PLOG(ERROR) << "getline failed";
292
293 fclose(pipe_fp);
294 free(line);
295 check_and_fclose(log_fp, filename);
296 _exit(EXIT_FAILURE);
297 } else {
298 // Redirect stdout/stderr to the logger process. Close the unused read end.
299 pipe_read.reset();
300
301 setbuf(stdout, nullptr);
302 setbuf(stderr, nullptr);
303
304 if (dup2(pipe_write.get(), STDOUT_FILENO) == -1) {
305 PLOG(ERROR) << "dup2 stdout failed";
306 }
307 if (dup2(pipe_write.get(), STDERR_FILENO) == -1) {
308 PLOG(ERROR) << "dup2 stderr failed";
309 }
310 }
311 }
312
main(int argc,char ** argv)313 int main(int argc, char** argv) {
314 // We don't have logcat yet under recovery; so we'll print error on screen and log to stdout
315 // (which is redirected to recovery.log) as we used to do.
316 android::base::InitLogging(argv, &UiLogger);
317
318 // Take last pmsg contents and rewrite it to the current pmsg session.
319 static constexpr const char filter[] = "recovery/";
320 // Do we need to rotate?
321 bool do_rotate = false;
322
323 __android_log_pmsg_file_read(LOG_ID_SYSTEM, ANDROID_LOG_INFO, filter, logbasename, &do_rotate);
324 // Take action to refresh pmsg contents
325 __android_log_pmsg_file_read(LOG_ID_SYSTEM, ANDROID_LOG_INFO, filter, logrotate, &do_rotate);
326
327 time_t start = time(nullptr);
328
329 // redirect_stdio should be called only in non-sideload mode. Otherwise we may have two logger
330 // instances with different timestamps.
331 redirect_stdio(Paths::Get().temporary_log_file().c_str());
332
333 load_volume_table();
334 has_cache = volume_for_mount_point(CACHE_ROOT) != nullptr;
335
336 std::vector<std::string> args = get_args(argc, argv);
337 auto args_to_parse = StringVectorToNullTerminatedArray(args);
338
339 static constexpr struct option OPTIONS[] = {
340 { "fastboot", no_argument, nullptr, 0 },
341 { "locale", required_argument, nullptr, 0 },
342 { "show_text", no_argument, nullptr, 't' },
343 { nullptr, 0, nullptr, 0 },
344 };
345
346 bool show_text = false;
347 bool fastboot = false;
348 std::string locale;
349
350 int arg;
351 int option_index;
352 while ((arg = getopt_long(args_to_parse.size() - 1, args_to_parse.data(), "", OPTIONS,
353 &option_index)) != -1) {
354 switch (arg) {
355 case 't':
356 show_text = true;
357 break;
358 case 0: {
359 std::string option = OPTIONS[option_index].name;
360 if (option == "locale") {
361 locale = optarg;
362 } else if (option == "fastboot" &&
363 android::base::GetBoolProperty("ro.boot.dynamic_partitions", false)) {
364 fastboot = true;
365 }
366 break;
367 }
368 }
369 }
370 optind = 1;
371
372 if (locale.empty()) {
373 if (has_cache) {
374 locale = load_locale_from_cache();
375 }
376
377 if (locale.empty()) {
378 static constexpr const char* DEFAULT_LOCALE = "en-US";
379 locale = DEFAULT_LOCALE;
380 }
381 }
382
383 static constexpr const char* kDefaultLibRecoveryUIExt = "librecovery_ui_ext.so";
384 // Intentionally not calling dlclose(3) to avoid potential gotchas (e.g. `make_device` may have
385 // handed out pointers to code or static [or thread-local] data and doesn't collect them all back
386 // in on dlclose).
387 void* librecovery_ui_ext = dlopen(kDefaultLibRecoveryUIExt, RTLD_NOW);
388
389 using MakeDeviceType = decltype(&make_device);
390 MakeDeviceType make_device_func = nullptr;
391 if (librecovery_ui_ext == nullptr) {
392 printf("Failed to dlopen %s: %s\n", kDefaultLibRecoveryUIExt, dlerror());
393 } else {
394 reinterpret_cast<void*&>(make_device_func) = dlsym(librecovery_ui_ext, "make_device");
395 if (make_device_func == nullptr) {
396 printf("Failed to dlsym make_device: %s\n", dlerror());
397 }
398 }
399
400 Device* device;
401 if (make_device_func == nullptr) {
402 printf("Falling back to the default make_device() instead\n");
403 device = make_device();
404 } else {
405 printf("Loading make_device from %s\n", kDefaultLibRecoveryUIExt);
406 device = (*make_device_func)();
407 }
408
409 if (android::base::GetBoolProperty("ro.boot.quiescent", false)) {
410 printf("Quiescent recovery mode.\n");
411 device->ResetUI(new StubRecoveryUI());
412 } else {
413 if (!device->GetUI()->Init(locale)) {
414 printf("Failed to initialize UI; using stub UI instead.\n");
415 device->ResetUI(new StubRecoveryUI());
416 }
417 }
418 ui = device->GetUI();
419
420 if (!has_cache) {
421 device->RemoveMenuItemForAction(Device::WIPE_CACHE);
422 }
423
424 if (!android::base::GetBoolProperty("ro.boot.dynamic_partitions", false)) {
425 device->RemoveMenuItemForAction(Device::ENTER_FASTBOOT);
426 }
427
428 if (!is_ro_debuggable()) {
429 device->RemoveMenuItemForAction(Device::ENTER_RESCUE);
430 }
431
432 ui->SetBackground(RecoveryUI::NONE);
433 if (show_text) ui->ShowText(true);
434
435 LOG(INFO) << "Starting recovery (pid " << getpid() << ") on " << ctime(&start);
436 LOG(INFO) << "locale is [" << locale << "]";
437
438 sehandle = selinux_android_file_context_handle();
439 selinux_android_set_sehandle(sehandle);
440 if (!sehandle) {
441 ui->Print("Warning: No file_contexts\n");
442 }
443
444 SetLoggingSehandle(sehandle);
445
446 std::atomic<Device::BuiltinAction> action;
447 std::thread listener_thread(ListenRecoverySocket, ui, std::ref(action));
448 listener_thread.detach();
449
450 while (true) {
451 std::string usb_config = fastboot ? "fastboot" : is_ro_debuggable() ? "adb" : "none";
452 std::string usb_state = android::base::GetProperty("sys.usb.state", "none");
453 if (usb_config != usb_state) {
454 if (!SetUsbConfig("none")) {
455 LOG(ERROR) << "Failed to clear USB config";
456 }
457 if (!SetUsbConfig(usb_config)) {
458 LOG(ERROR) << "Failed to set USB config to " << usb_config;
459 }
460 }
461
462 ui->SetEnableFastbootdLogo(fastboot);
463
464 auto ret = fastboot ? StartFastboot(device, args) : start_recovery(device, args);
465
466 if (ret == Device::KEY_INTERRUPTED) {
467 ret = action.exchange(ret);
468 if (ret == Device::NO_ACTION) {
469 continue;
470 }
471 }
472 switch (ret) {
473 case Device::SHUTDOWN:
474 ui->Print("Shutting down...\n");
475 // TODO: Move all the reboots to reboot(), which should conditionally set quiescent flag.
476 android::base::SetProperty(ANDROID_RB_PROPERTY, "shutdown,");
477 break;
478
479 case Device::REBOOT_BOOTLOADER:
480 ui->Print("Rebooting to bootloader...\n");
481 android::base::SetProperty(ANDROID_RB_PROPERTY, "reboot,bootloader");
482 break;
483
484 case Device::REBOOT_FASTBOOT:
485 ui->Print("Rebooting to recovery/fastboot...\n");
486 android::base::SetProperty(ANDROID_RB_PROPERTY, "reboot,fastboot");
487 break;
488
489 case Device::REBOOT_RECOVERY:
490 ui->Print("Rebooting to recovery...\n");
491 reboot("reboot,recovery");
492 break;
493
494 case Device::REBOOT_RESCUE: {
495 // Not using `reboot("reboot,rescue")`, as it requires matching support in kernel and/or
496 // bootloader.
497 bootloader_message boot = {};
498 strlcpy(boot.command, "boot-rescue", sizeof(boot.command));
499 std::string err;
500 if (!write_bootloader_message(boot, &err)) {
501 LOG(ERROR) << "Failed to write bootloader message: " << err;
502 // Stay under recovery on failure.
503 continue;
504 }
505 ui->Print("Rebooting to recovery/rescue...\n");
506 reboot("reboot,recovery");
507 break;
508 }
509
510 case Device::ENTER_FASTBOOT:
511 if (logical_partitions_mapped()) {
512 ui->Print("Partitions may be mounted - rebooting to enter fastboot.");
513 android::base::SetProperty(ANDROID_RB_PROPERTY, "reboot,fastboot");
514 } else {
515 LOG(INFO) << "Entering fastboot";
516 fastboot = true;
517 }
518 break;
519
520 case Device::ENTER_RECOVERY:
521 LOG(INFO) << "Entering recovery";
522 fastboot = false;
523 break;
524
525 default:
526 ui->Print("Rebooting...\n");
527 reboot("reboot,");
528 break;
529 }
530 }
531
532 // Should be unreachable.
533 return EXIT_SUCCESS;
534 }
535