)]}' { "log": [ { "commit": "18a78e0a162c35756628610307f41179816d3333", "tree": "0fc0d66dacdb35be53da27a80e77865f68dc8325", "parents": [ "93950229cf9a991589f6bb071a966b00349d18d6" ], "author": { "name": "Doug Zongker", "email": "dougz@google.com", "time": "Thu Jul 10 07:31:46 2014 -0700" }, "committer": { "name": "Doug Zongker", "email": "dougz@google.com", "time": "Thu Jul 10 10:55:07 2014 -0700" }, "message": "refactor fuse sideloading code\n\nSplit the adb-specific portions (fetching a block from the adb host\nand closing the connections) out from the rest of the FUSE filesystem\ncode, so that we can reuse the fuse stuff for installing off sdcards\nas well.\n\nChange-Id: I0ba385fd35999c5f5cad27842bc82024a264dd14\n" }, { "commit": "075ad800c539503d0515e5e0b4af160eccedead9", "tree": "0fa4e4f99556393317ae486eb66aeb3cbad220df", "parents": [ "e8d7dd4ed1a372cb9bf67a1f7ff55aaa3e152053" ], "author": { "name": "Doug Zongker", "email": "dougz@google.com", "time": "Thu Jun 26 15:35:51 2014 -0700" }, "committer": { "name": "Doug Zongker", "email": "dougz@google.com", "time": "Wed Jul 02 12:16:36 2014 -0700" }, "message": "sideload without holding the whole package in RAM\n\nImplement a new method of sideloading over ADB that does not require\nthe entire package to be held in RAM (useful for low-RAM devices and\ndevices using block OTA where we\u0027d rather have more RAM available for\nbinary patching).\n\nWe communicate with the host using a new adb service called\n\"sideload-host\", which makes the host act as a server, sending us\ndifferent parts of the package file on request.\n\nWe create a FUSE filesystem that creates a virtual file\n\"/sideload/package.zip\" that is backed by the ADB connection -- users\nsee a normal file, but when they read from the file we\u0027re actually\nfetching the data from the adb host. This file is then passed to the\nverification and installation systems like any other.\n\nTo prevent a malicious adb host implementation from serving different\ndata to the verification and installation phases of sideloading, the\nFUSE filesystem verifies that the contents of the file don\u0027t change\nbetween reads -- every time we fetch a block from the host we compare\nits hash to the previous hash for that block (if it was read before)\nand cause the read to fail if it changes.\n\nOne necessary change is that the minadbd started by recovery in\nsideload mode no longer drops its root privileges (they\u0027re needed to\nmount the FUSE filesystem). We rely on SELinux enforcement to\nrestrict the set of things that can be accessed.\n\nChange-Id: Ida7dbd3b04c1d4e27a2779d88c1da0c7c81fb114\n" }, { "commit": "9270a20a801403c9f60d6a701b39eae70d380403", "tree": "5bdb058af5b05a65112297a504018ee356e0ddbb", "parents": [ "210f887382e0fd7e51ec6ce071972374a76f0722" ], "author": { "name": "Doug Zongker", "email": "dougz@android.com", "time": "Mon Jan 09 15:16:13 2012 -0800" }, "committer": { "name": "Doug Zongker", "email": "dougz@android.com", "time": "Tue Jan 10 10:18:17 2012 -0800" }, "message": "support \"sideload over ADB\" mode\n\nRather than depending on the existence of some place to store a file\nthat is accessible to users on an an unbootable device (eg, a physical\nsdcard, external USB drive, etc.), add support for sideloading\npackages sent to the device with adb.\n\nThis change adds a \"minimal adbd\" which supports nothing but receiving\na package over adb (with the \"adb sideload\" command) and storing it to\na fixed filename in the /tmp ramdisk, from where it can be verified\nand sideloaded in the usual way. This should be leave available even\non locked user-build devices.\n\nThe user can select \"apply package from ADB\" from the recovery menu,\nwhich starts minimal-adb mode (shutting down any real adbd that may be\nrunning). Once minimal-adb has received a package it exits\n(restarting real adbd if appropriate) and then verification and\ninstallation of the received package proceeds.\n\nChange-Id: I6fe13161ca064a98d06fa32104e1f432826582f5\n" } ] }