Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform...
Transcript of Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform...
![Page 1: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/1.jpg)
Android System UpdatesLecture 8
Security of Mobile Devices
2019
SMD Android System Updates, Lecture 8 1/50
![Page 2: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/2.jpg)
Unlocking the Bootloader
Fastboot
Recovery OS
System Updates
Bibliography
SMD Android System Updates, Lecture 8 2/50
![Page 3: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/3.jpg)
Outline
Unlocking the Bootloader
Fastboot
Recovery OS
System Updates
Bibliography
SMD Android System Updates, Lecture 8 3/50
![Page 4: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/4.jpg)
Bootloader
I Low-level program executed when device is powered
I Initialize hardware
I Identify and load the main OS
SMD Android System Updates, Lecture 8 4/50
![Page 5: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/5.jpg)
Bootloader
I Usually lockedI Boot only OS image signed by device manufacturerI Trusted and unmodified OS runs on the device
I Unlocking the bootloader is needed for:I Installing a custom Android buildI Installing a recent Android version on an old device
SMD Android System Updates, Lecture 8 5/50
![Page 6: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/6.jpg)
Unlocking the Bootloader via Fastboot
I Connect mobile device to host via USBI Start device in fastboot mode:
I adb reboot bootloaderI Or by pressing a key combination while booting
I In CLI:I fastboot oem unlock
SMD Android System Updates, Lecture 8 6/50
![Page 7: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/7.jpg)
Unlocking the Bootloader via Fastboot
I Confirmation screenI Warning regarding installing untested third-party buildsI Warning regarding deleting all your data
I Locking again:I fastboot oem lockI Prevents booting third-party builds
I tampered flagI Set when unlocking the bootloader for the first timeI Disallow certain operations / display warning
SMD Android System Updates, Lecture 8 7/50
![Page 8: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/8.jpg)
OEM unlocking via Settings
I Enable Developer optionsI Press a number of times on the Build number
I Enable OEM unlocking from Developer options
SMD Android System Updates, Lecture 8 8/50
![Page 9: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/9.jpg)
Outline
Unlocking the Bootloader
Fastboot
Recovery OS
System Updates
Bibliography
SMD Android System Updates, Lecture 8 9/50
![Page 10: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/10.jpg)
Fastboot
I Original purpose: write entire device partitionsI Partition image sent to the bootloaderI Written to a specific block device
I Porting Android to a new deviceI Factory reset
I Writing partition images from the device manufacturer
SMD Android System Updates, Lecture 8 10/50
![Page 11: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/11.jpg)
Partition Layout
Samsung Galaxy S7 Edge
h e r o 2 l t e : / # l s − l / dev / b l o ck / p l a t f o rm /155 a0000 . u f s /by−name/l rwxrwxrwx 1 r oo t r oo t 15 2018−01−06 17 :33 BOOT −> /dev/ b l o ck / sda5l rwxrwxrwx 1 r oo t r oo t 15 2018−01−06 17 :33 BOTA0 −> /dev/ b l o ck / sda1l rwxrwxrwx 1 r oo t r oo t 15 2018−01−06 17 :33 BOTA1 −> /dev/ b l o ck / sda2l rwxrwxrwx 1 r oo t r oo t 16 2018−01−06 17 :33 CACHE −> /dev/ b l o ck / sda15l rwxrwxrwx 1 r oo t r oo t 15 2018−01−06 17 :33 CPEFS −> /dev/ b l o ck / sdd1l rwxrwxrwx 1 r oo t r oo t 16 2018−01−06 17 :33 CP DEBUG −> /dev/ b l o ck / sda17l rwxrwxrwx 1 r oo t r oo t 16 2018−01−06 17 :33 DNT −> /dev/ b l o ck / sda10l rwxrwxrwx 1 r oo t r oo t 15 2018−01−06 17 :33 EFS −> /dev/ b l o ck / sda3l rwxrwxrwx 1 r oo t r oo t 16 2018−01−06 17 :33 HIDDEN −> /dev/ b l o ck / sda16l rwxrwxrwx 1 r oo t r oo t 15 2018−01−06 17 :33 OTA −> /dev/ b l o ck / sda7l rwxrwxrwx 1 r oo t r oo t 15 2018−01−06 17 :33 PARAM −> /dev/ b l o ck / sda4l rwxrwxrwx 1 r oo t r oo t 16 2018−01−06 17 :33 PERSDATA −> /dev/ b l o ck / sda13l rwxrwxrwx 1 r oo t r oo t 16 2018−01−06 17 :33 PERSISTENT −> /dev/ b l o ck / sda11l rwxrwxrwx 1 r oo t r oo t 15 2018−01−06 17 :33 RADIO −> /dev/ b l o ck / sda8l rwxrwxrwx 1 r oo t r oo t 15 2018−01−06 17 :33 RECOVERY −> /dev/ b l o ck / sda6l rwxrwxrwx 1 r oo t r oo t 16 2018−01−06 17 :33 STEADY −> /dev/ b l o ck / sda12l rwxrwxrwx 1 r oo t r oo t 16 2018−01−06 17 :33 SYSTEM −> /dev/ b l o ck / sda14l rwxrwxrwx 1 r oo t r oo t 15 2018−01−06 17 :33 TOMBSTONES −> /dev/ b l o ck / sda9l rwxrwxrwx 1 r oo t r oo t 16 2018−01−06 17 :33 USERDATA −> /dev/ b l o ck / sda18
SMD Android System Updates, Lecture 8 11/50
![Page 12: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/12.jpg)
Partition Layout
I Most partitions - device-specific and proprietary data
I aboot - bootloader
I modem - baseband software
I boot - kernel and rootfs RAM disk image
I system - all other system files
I userdata - user files
I cache - temporary files and OTA images
I recovery - recovery OS image
SMD Android System Updates, Lecture 8 12/50
![Page 13: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/13.jpg)
Fastboot Protocol
I Over USB
I Host sends commands and data to the bootloader
I Bootloader responds with OKAY, FAIL, INFO or DATA
I Flash or boot custom kernels only if bootloader is unlocked
SMD Android System Updates, Lecture 8 13/50
![Page 14: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/14.jpg)
Fastboot Commands
I devices - connected devices that support fastboot
I getvar - information about the bootloader
I reboot the device
I reboot-bootloader - reboot in fastboot mode
I erase, format a partition
SMD Android System Updates, Lecture 8 14/50
![Page 15: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/15.jpg)
Fastboot Commands - Writting and Booting Images
I flash patition image-name - write a disk image to a partition
I update zip-file - write multiple partition images
I flashall - writes boot.img, system.img and recovery.img toboot, system and recovery partitions
I flash:raw boot kernel ramdisk - creates boot image fromkernel and RAM disk and writes it to boot partition
I boot boot-image - boot an image without writing it to thedevice
I boot kernel ramdisk - boot an image created from kernel andRAM disk
SMD Android System Updates, Lecture 8 15/50
![Page 16: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/16.jpg)
Fastboot Commands - Example
I Pixel XL
$ f a s t b o o t d e v i c e sHT73L0203468 f a s t b o o t
$ f a s t b o o t g e t v a r v e r s i o n−boo t l o a d e rv e r s i o n−boo t l o a d e r : 8996−012001−1710040120f i n i s h e d . t o t a l t ime : 0 .050 s
$ f a s t b o o t g e t v a r v e r s i o n−basebandv e r s i o n−baseband : 8996−130091−1710201747f i n i s h e d . t o t a l t ime : 0 .050 s
SMD Android System Updates, Lecture 8 16/50
![Page 17: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/17.jpg)
Writing Images on Samsung Devices
I No fastboot on Samsung devices
I Images written in Download mode with Odin program onWindows
SMD Android System Updates, Lecture 8 17/50
![Page 18: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/18.jpg)
Outline
Unlocking the Bootloader
Fastboot
Recovery OS
System Updates
Bibliography
SMD Android System Updates, Lecture 8 18/50
![Page 19: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/19.jpg)
Recovery OS
I Minimal OS used for factory reset and OTA updatesI Started using:
I adb reboot recoveryI Or a specific combination of keys
I Stock or custom recovery
SMD Android System Updates, Lecture 8 19/50
![Page 20: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/20.jpg)
Stock Recovery
I Minimal functionality
I Update system software
I Without erasing user data
I Simple UI, operated with buttonsI Menu:
I rebootI apply update from ADBI factory resetI wipe cache partition
SMD Android System Updates, Lecture 8 20/50
![Page 21: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/21.jpg)
Custom Recoveries
I Created by third party
I Not signed with manufacturer’s keys
I Needs an unlocked bootloader
I Boot: fastboot boot recovery.img
I Flash fastboot flash recovery recovery.img
SMD Android System Updates, Lecture 8 21/50
![Page 22: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/22.jpg)
Custom Recoveries - Features
I Provides additional functionalityI Full partition backup and restoreI Root shell with a full set of device management utilitiesI Support for mounting external USB devicesI Disable OTA package signature checking
I OS modificationI Custom OS
SMD Android System Updates, Lecture 8 22/50
![Page 23: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/23.jpg)
TWRP
I Team Win Recovery Project (TWRP)
I Many additional features
I Open Source, actively maintained
I Based on AOSP stock recovery
I Touch screen
SMD Android System Updates, Lecture 8 23/50
![Page 24: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/24.jpg)
TWRP - Features
I Supports encrypted partition backups
I Installs system updates from USB devices
I Backup and restore to/from external devices
I Integrated file manager
I Scripting language to specify actions from main OS
SMD Android System Updates, Lecture 8 24/50
![Page 25: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/25.jpg)
Outline
Unlocking the Bootloader
Fastboot
Recovery OS
System Updates
Bibliography
SMD Android System Updates, Lecture 8 25/50
![Page 26: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/26.jpg)
System Updates
I Updates applied by stock recoveryI OTA updates
I Main OS downloads the OTA packageI Instructs recovery OS to apply update
I Tethered updatesI User downloads OTA package on PCI adb sideload otafile.zip
I Same updating process, different ways to obtain the package
SMD Android System Updates, Lecture 8 26/50
![Page 27: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/27.jpg)
Controlling Recovery Operations
I Main OS controls recovery throughandroid.os.RecoverySystem API
I Writes options to /cache/recovery/command
I /sbin/recovery process reads the command fileI Options:
I –send-intentI –update-packageI –wipe-dataI –wipe-cache
SMD Android System Updates, Lecture 8 27/50
![Page 28: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/28.jpg)
Download OTA package
I Device checks OTA servers periodically
I Obtains URL of OTA package and description
I Download package to cache or data partition
I Verify signature
I Ask user to install update
SMD Android System Updates, Lecture 8 28/50
![Page 29: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/29.jpg)
OTA Signature Verification
I Package is code signed
I Signature applied over the whole fileI Verification, in main OS:
I verifyPackage() of RecoverySystemI Zip file with X.509 certificatesI Default: /system/etc/security/otacerts.zip
I Success -> reboot in recovery mode to apply update
SMD Android System Updates, Lecture 8 29/50
![Page 30: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/30.jpg)
OTA Signature Verification
I Verification in recovery OS:I Using set of public keys from recovery OSI Extracted from OTA signing certificatesI In mincrypt format in file /res/keys
I Signature algorithms:I 2048-bit RSA with SHA-1I 2048-bit RSA with SHA-256I ECDSA with SHA-256I 256-bit EC keys using NIST P-256 curve
SMD Android System Updates, Lecture 8 30/50
![Page 31: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/31.jpg)
System Update General Steps
I Data from OTA packageI Update boot, system, vendor partitions
I File containing new recovery saved on system partitionI Device rebooted normally
I Load boot partitionI That loads system partitionI Executes binaries from system partition
I Compare recovery partition with the file saved on systemI Flash recovery with file contents
SMD Android System Updates, Lecture 8 31/50
![Page 32: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/32.jpg)
System Update Process
I Execute the update command from OTA packageI META-INF/com/google/android/update-binaryI Recovery API version, pipe file descriptor, path to OTA
package
I Executes updater-script (edify language)I Sequence of function calls to apply updateI Copying, deleting, and patching filesI Formatting and mounting volumesI Setting file permissions and SELinux labels
SMD Android System Updates, Lecture 8 32/50
![Page 33: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/33.jpg)
Updater-script (1)
I Mounts system partitionI Verifies device model and current build
I Incompatible build => soft brick
I Verifies the hash of each patched fileI OTA - binary patches applied on previous file version
I Verifies partitions without filesystem (e.q. boot, modem)
SMD Android System Updates, Lecture 8 33/50
![Page 34: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/34.jpg)
Updater-script (2)
I Patches all filesystems and partitions
I Extracts new recovery patch in /system/
I File owner, permissions and capabilities of patched filesI Set SELinux security labels of all files
I u:object_r:system_file:s0
SMD Android System Updates, Lecture 8 34/50
![Page 35: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/35.jpg)
Updater-script (3)
I Patch baseband software (in modem partition)
I Unmount system partitionI Finally recovery:
I Clears the cache partitionI Saves logs to /cache/recoveryI No errors -> reboots in main OSI Errors -> Restarts update process after reboot
SMD Android System Updates, Lecture 8 35/50
![Page 36: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/36.jpg)
Update Recovery OS
I Recovery patch extracted by not appliedI Interrupted recovery update -> unusable system
I Recovery updated from the main OSI After main OS update and boot
I flash_recovery service in init.rc
SMD Android System Updates, Lecture 8 36/50
![Page 37: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/37.jpg)
Update Recovery OS
I /system/etc/install-recovery.sh script
I Verifies the recovery partition
I Hash is ok -> Applies patch
I Hash not ok -> Logs message
SMD Android System Updates, Lecture 8 37/50
![Page 38: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/38.jpg)
Block OTA Updates
I From Android 5.0
I Handles entire partition as one file
I Aplies a single binary patch
I Enables dm-verity for system partition
SMD Android System Updates, Lecture 8 38/50
![Page 39: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/39.jpg)
Block OTA - Update Types
I Applies update at block level, not filesystem levelI Full update:
I Large package, full imageI Same result as flashing the image with fastboot
I Incremental update:I Smaller package, patches
SMD Android System Updates, Lecture 8 39/50
![Page 40: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/40.jpg)
A/B System Updates - Advantages
I Recent method
I Uses 2 sets of patitions called slots
I Workable booting system while OTA update
I Reduce chance of obtaining an unusable device after updateI While the system is running, while user is using the device
I Reboot to updated disk partitionI Does not take a longer time
SMD Android System Updates, Lecture 8 40/50
![Page 41: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/41.jpg)
A/B System Updates - Advantages
I OTA update fails -> old OS
I OTA applied but fails to boot -> old OS
I dm-verity error => old image is bootedI Streamed updates
I No need to download entire package before installationI Useful when not enough free space
SMD Android System Updates, Lecture 8 41/50
![Page 42: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/42.jpg)
A/B System Updates
I Two sets of partitions called slots (A and B)
I System runs from current slot - other slot is not used
I One slot is updated - other slot has a working system
I In case of errors -> rollback to the working system
I No partition in the current slot should be updated
SMD Android System Updates, Lecture 8 42/50
![Page 43: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/43.jpg)
A/B System Updates - Attributes
I Bootable attribute = includes a functional system that canboot
I Current slot is bootable, the other slot may be:I Old, functional versionI New versionI Invalid data
I Only one active/preferred slot - used on the next boot
SMD Android System Updates, Lecture 8 43/50
![Page 44: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/44.jpg)
A/B System Updates - Attributes
I Successful attributeI Set in userspaceI Slot with the attribute bootableI Slot able to boot, run, update
I Bootable slot not marked successful (after several attempts)I Becomes unbootableI Change active slot to another bootable slot
SMD Android System Updates, Lecture 8 44/50
![Page 45: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/45.jpg)
Outline
Unlocking the Bootloader
Fastboot
Recovery OS
System Updates
Bibliography
SMD Android System Updates, Lecture 8 45/50
![Page 46: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/46.jpg)
Bibliography
I Android Security Internals, Nicolay Elenkov, 2015
I Android Hacker’s Handbook, Joshua J. Drake, 2014
I https://source.android.com/devices/tech/ota/
SMD Android System Updates, Lecture 8 46/50
![Page 47: Android System Updates - pub.ro · Samsung Galaxy S7 Edge hero2lte :/ # ls l /dev/block/platform /155a0000 . ufs/by name/ lrwxrwxrwx 1 root root 15 2018 01 06 17:33 BOOT > /dev/block/sda5](https://reader033.fdocuments.us/reader033/viewer/2022053005/5f08d0287e708231d423d82c/html5/thumbnails/47.jpg)
Keywords
I Bootloader
I OEM Unlock
I Fastboot
I System partition
I Boot partition
I Recovery partition
I Stock Recovery
I Custom Recovery
I TWRP
I OTA Update
I Block OTA Update
I A/B Update
SMD Android System Updates, Lecture 8 47/50