auto import from //depot/cupcake/@135843
diff --git a/tools/applypatch/Android.mk b/tools/applypatch/Android.mk
new file mode 100644
index 0000000..09f9862
--- /dev/null
+++ b/tools/applypatch/Android.mk
@@ -0,0 +1,29 @@
+# Copyright (C) 2008 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+ifneq ($(TARGET_SIMULATOR),true)
+
+LOCAL_SRC_FILES := applypatch.c bsdiff.c freecache.c
+LOCAL_MODULE := applypatch
+LOCAL_FORCE_STATIC_EXECUTABLE := true
+LOCAL_MODULE_TAGS := eng
+LOCAL_C_INCLUDES += external/bzip2
+LOCAL_STATIC_LIBRARIES += libmincrypt libbz libc
+
+include $(BUILD_EXECUTABLE)
+
+endif # !TARGET_SIMULATOR
diff --git a/tools/applypatch/applypatch.c b/tools/applypatch/applypatch.c
new file mode 100644
index 0000000..9954869
--- /dev/null
+++ b/tools/applypatch/applypatch.c
@@ -0,0 +1,457 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <errno.h>
+#include <libgen.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/statfs.h>
+#include <unistd.h>
+
+#include "mincrypt/sha.h"
+#include "applypatch.h"
+
+// Read a file into memory; store it and its associated metadata in
+// *file. Return 0 on success.
+int LoadFileContents(const char* filename, FileContents* file) {
+ file->data = NULL;
+
+ if (stat(filename, &file->st) != 0) {
+ fprintf(stderr, "failed to stat \"%s\": %s\n", filename, strerror(errno));
+ return -1;
+ }
+
+ file->size = file->st.st_size;
+ file->data = malloc(file->size);
+
+ FILE* f = fopen(filename, "rb");
+ if (f == NULL) {
+ fprintf(stderr, "failed to open \"%s\": %s\n", filename, strerror(errno));
+ free(file->data);
+ return -1;
+ }
+
+ size_t bytes_read = fread(file->data, 1, file->size, f);
+ if (bytes_read != file->size) {
+ fprintf(stderr, "short read of \"%s\" (%d bytes of %d)\n",
+ filename, bytes_read, file->size);
+ free(file->data);
+ return -1;
+ }
+ fclose(f);
+
+ SHA(file->data, file->size, file->sha1);
+ return 0;
+}
+
+// Save the contents of the given FileContents object under the given
+// filename. Return 0 on success.
+int SaveFileContents(const char* filename, FileContents file) {
+ FILE* f = fopen(filename, "wb");
+ if (f == NULL) {
+ fprintf(stderr, "failed to open \"%s\" for write: %s\n",
+ filename, strerror(errno));
+ return -1;
+ }
+
+ size_t bytes_written = fwrite(file.data, 1, file.size, f);
+ if (bytes_written != file.size) {
+ fprintf(stderr, "short write of \"%s\" (%d bytes of %d)\n",
+ filename, bytes_written, file.size);
+ return -1;
+ }
+ fflush(f);
+ fsync(fileno(f));
+ fclose(f);
+
+ if (chmod(filename, file.st.st_mode) != 0) {
+ fprintf(stderr, "chmod of \"%s\" failed: %s\n", filename, strerror(errno));
+ return -1;
+ }
+ if (chown(filename, file.st.st_uid, file.st.st_gid) != 0) {
+ fprintf(stderr, "chown of \"%s\" failed: %s\n", filename, strerror(errno));
+ return -1;
+ }
+
+ return 0;
+}
+
+
+// Take a string 'str' of 40 hex digits and parse it into the 20
+// byte array 'digest'. 'str' may contain only the digest or be of
+// the form "<digest>:<anything>". Return 0 on success, -1 on any
+// error.
+int ParseSha1(const char* str, uint8_t* digest) {
+ int i;
+ const char* ps = str;
+ uint8_t* pd = digest;
+ for (i = 0; i < SHA_DIGEST_SIZE * 2; ++i, ++ps) {
+ int digit;
+ if (*ps >= '0' && *ps <= '9') {
+ digit = *ps - '0';
+ } else if (*ps >= 'a' && *ps <= 'f') {
+ digit = *ps - 'a' + 10;
+ } else if (*ps >= 'A' && *ps <= 'F') {
+ digit = *ps - 'A' + 10;
+ } else {
+ return -1;
+ }
+ if (i % 2 == 0) {
+ *pd = digit << 4;
+ } else {
+ *pd |= digit;
+ ++pd;
+ }
+ }
+ if (*ps != '\0' && *ps != ':') return -1;
+ return 0;
+}
+
+// Parse arguments (which should be of the form "<sha1>" or
+// "<sha1>:<filename>" into the array *patches, returning the number
+// of Patch objects in *num_patches. Return 0 on success.
+int ParseShaArgs(int argc, char** argv, Patch** patches, int* num_patches) {
+ *num_patches = argc;
+ *patches = malloc(*num_patches * sizeof(Patch));
+
+ int i;
+ for (i = 0; i < *num_patches; ++i) {
+ if (ParseSha1(argv[i], (*patches)[i].sha1) != 0) {
+ fprintf(stderr, "failed to parse sha1 \"%s\"\n", argv[i]);
+ return -1;
+ }
+ if (argv[i][SHA_DIGEST_SIZE*2] == '\0') {
+ (*patches)[i].patch_filename = NULL;
+ } else if (argv[i][SHA_DIGEST_SIZE*2] == ':') {
+ (*patches)[i].patch_filename = argv[i] + (SHA_DIGEST_SIZE*2+1);
+ } else {
+ fprintf(stderr, "failed to parse filename \"%s\"\n", argv[i]);
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+// Search an array of Patch objects for one matching the given sha1.
+// Return the Patch object on success, or NULL if no match is found.
+const Patch* FindMatchingPatch(uint8_t* sha1, Patch* patches, int num_patches) {
+ int i;
+ for (i = 0; i < num_patches; ++i) {
+ if (memcmp(patches[i].sha1, sha1, SHA_DIGEST_SIZE) == 0) {
+ return patches+i;
+ }
+ }
+ return NULL;
+}
+
+// Returns 0 if the contents of the file (argv[2]) or the cached file
+// match any of the sha1's on the command line (argv[3:]). Returns
+// nonzero otherwise.
+int CheckMode(int argc, char** argv) {
+ if (argc < 3) {
+ fprintf(stderr, "no filename given\n");
+ return 2;
+ }
+
+ int num_patches;
+ Patch* patches;
+ if (ParseShaArgs(argc-3, argv+3, &patches, &num_patches) != 0) { return 1; }
+
+ FileContents file;
+ file.data = NULL;
+
+ if (LoadFileContents(argv[2], &file) != 0 ||
+ FindMatchingPatch(file.sha1, patches, num_patches) == NULL) {
+ fprintf(stderr, "file \"%s\" doesn't have any of expected "
+ "sha1 sums; checking cache\n", argv[2]);
+
+ free(file.data);
+
+ // If the source file is missing or corrupted, it might be because
+ // we were killed in the middle of patching it. A copy of it
+ // should have been made in CACHE_TEMP_SOURCE. If that file
+ // exists and matches the sha1 we're looking for, the check still
+ // passes.
+
+ if (LoadFileContents(CACHE_TEMP_SOURCE, &file) != 0) {
+ fprintf(stderr, "failed to load cache file\n");
+ return 1;
+ }
+
+ if (FindMatchingPatch(file.sha1, patches, num_patches) == NULL) {
+ fprintf(stderr, "cache bits don't match any sha1 for \"%s\"\n",
+ argv[2]);
+ return 1;
+ }
+ }
+
+ free(file.data);
+ return 0;
+}
+
+int ShowLicenses() {
+ ShowBSDiffLicense();
+ return 0;
+}
+
+// Return the amount of free space (in bytes) on the filesystem
+// containing filename. filename must exist. Return -1 on error.
+size_t FreeSpaceForFile(const char* filename) {
+ struct statfs sf;
+ if (statfs(filename, &sf) != 0) {
+ fprintf(stderr, "failed to statfs %s: %s\n", filename, strerror(errno));
+ return -1;
+ }
+ return sf.f_bsize * sf.f_bfree;
+}
+
+// This program applies binary patches to files in a way that is safe
+// (the original file is not touched until we have the desired
+// replacement for it) and idempotent (it's okay to run this program
+// multiple times).
+//
+// - if the sha1 hash of <file> is <tgt-sha1>, does nothing and exits
+// successfully.
+//
+// - otherwise, if the sha1 hash of <file> is <src-sha1>, applies the
+// bsdiff <patch> to <file> to produce a new file (the type of patch
+// is automatically detected from the file header). If that new
+// file has sha1 hash <tgt-sha1>, moves it to replace <file>, and
+// exits successfully.
+//
+// - otherwise, or if any error is encountered, exits with non-zero
+// status.
+
+int main(int argc, char** argv) {
+ if (argc < 2) {
+ usage:
+ fprintf(stderr, "usage: %s <file> <tgt-sha1> <tgt-size> [<src-sha1>:<patch> ...]\n"
+ " or %s -c <file> [<sha1> ...]\n"
+ " or %s -s <bytes>\n"
+ " or %s -l\n",
+ argv[0], argv[0], argv[0], argv[0]);
+ return 1;
+ }
+
+ if (strncmp(argv[1], "-l", 3) == 0) {
+ return ShowLicenses();
+ }
+
+ if (strncmp(argv[1], "-c", 3) == 0) {
+ return CheckMode(argc, argv);
+ }
+
+ if (strncmp(argv[1], "-s", 3) == 0) {
+ if (argc != 3) {
+ goto usage;
+ }
+ size_t bytes = strtol(argv[2], NULL, 10);
+ if (MakeFreeSpaceOnCache(bytes) < 0) {
+ printf("unable to make %ld bytes available on /cache\n", (long)bytes);
+ return 1;
+ } else {
+ return 0;
+ }
+ }
+
+ uint8_t target_sha1[SHA_DIGEST_SIZE];
+
+ const char* source_filename = argv[1];
+
+ // assume that source_filename (eg "/system/app/Foo.apk") is located
+ // on the same filesystem as its top-level directory ("/system").
+ // We need something that exists for calling statfs().
+ char* source_fs = strdup(argv[1]);
+ char* slash = strchr(source_fs+1, '/');
+ if (slash != NULL) {
+ *slash = '\0';
+ }
+
+ if (ParseSha1(argv[2], target_sha1) != 0) {
+ fprintf(stderr, "failed to parse tgt-sha1 \"%s\"\n", argv[2]);
+ return 1;
+ }
+
+ unsigned long target_size = strtoul(argv[3], NULL, 0);
+
+ int num_patches;
+ Patch* patches;
+ if (ParseShaArgs(argc-4, argv+4, &patches, &num_patches) < 0) { return 1; }
+
+ FileContents copy_file;
+ FileContents source_file;
+ const char* source_patch_filename = NULL;
+ const char* copy_patch_filename = NULL;
+ int made_copy = 0;
+
+ if (LoadFileContents(source_filename, &source_file) == 0) {
+ if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) {
+ // The early-exit case: the patch was already applied, this file
+ // has the desired hash, nothing for us to do.
+ fprintf(stderr, "\"%s\" is already target; no patch needed\n",
+ source_filename);
+ return 0;
+ }
+
+ const Patch* to_use =
+ FindMatchingPatch(source_file.sha1, patches, num_patches);
+ if (to_use != NULL) {
+ source_patch_filename = to_use->patch_filename;
+ }
+ }
+
+ if (source_patch_filename == NULL) {
+ free(source_file.data);
+ fprintf(stderr, "source file is bad; trying copy\n");
+
+ if (LoadFileContents(CACHE_TEMP_SOURCE, ©_file) < 0) {
+ // fail.
+ fprintf(stderr, "failed to read copy file\n");
+ return 1;
+ }
+
+ const Patch* to_use =
+ FindMatchingPatch(copy_file.sha1, patches, num_patches);
+ if (to_use != NULL) {
+ copy_patch_filename = to_use->patch_filename;
+ }
+
+ if (copy_patch_filename == NULL) {
+ // fail.
+ fprintf(stderr, "copy file doesn't match source SHA-1s either\n");
+ return 1;
+ }
+ }
+
+ // Is there enough room in the target filesystem to hold the patched file?
+ size_t free_space = FreeSpaceForFile(source_fs);
+ int enough_space = free_space > (target_size * 3 / 2); // 50% margin of error
+ printf("target %ld bytes; free space %ld bytes; enough %d\n",
+ (long)target_size, (long)free_space, enough_space);
+
+ if (!enough_space && source_patch_filename != NULL) {
+ // Using the original source, but not enough free space. First
+ // copy the source file to cache, then delete it from the original
+ // location.
+ if (MakeFreeSpaceOnCache(source_file.size) < 0) {
+ fprintf(stderr, "not enough free space on /cache\n");
+ return 1;
+ }
+
+ if (SaveFileContents(CACHE_TEMP_SOURCE, source_file) < 0) {
+ fprintf(stderr, "failed to back up source file\n");
+ return 1;
+ }
+ made_copy = 1;
+ unlink(source_filename);
+
+ size_t free_space = FreeSpaceForFile(source_fs);
+ printf("(now %ld bytes free for source)\n", (long)free_space);
+ }
+
+ FileContents* source_to_use;
+ const char* patch_filename;
+ if (source_patch_filename != NULL) {
+ source_to_use = &source_file;
+ patch_filename = source_patch_filename;
+ } else {
+ source_to_use = ©_file;
+ patch_filename = copy_patch_filename;
+ }
+
+ // We write the decoded output to "<file>.patch".
+ char* outname = (char*)malloc(strlen(source_filename) + 10);
+ strcpy(outname, source_filename);
+ strcat(outname, ".patch");
+ FILE* output = fopen(outname, "wb");
+ if (output == NULL) {
+ fprintf(stderr, "failed to patch file %s: %s\n",
+ source_filename, strerror(errno));
+ return 1;
+ }
+
+#define MAX_HEADER_LENGTH 8
+ unsigned char header[MAX_HEADER_LENGTH];
+ FILE* patchf = fopen(patch_filename, "rb");
+ if (patchf == NULL) {
+ fprintf(stderr, "failed to open patch file %s: %s\n",
+ patch_filename, strerror(errno));
+ return 1;
+ }
+ int header_bytes_read = fread(header, 1, MAX_HEADER_LENGTH, patchf);
+ fclose(patchf);
+
+ SHA_CTX ctx;
+ SHA_init(&ctx);
+
+ if (header_bytes_read >= 4 &&
+ header[0] == 0xd6 && header[1] == 0xc3 &&
+ header[2] == 0xc4 && header[3] == 0) {
+ // xdelta3 patches begin "VCD" (with the high bits set) followed
+ // by a zero byte (the version number).
+ fprintf(stderr, "error: xdelta3 patches no longer supported\n");
+ return 1;
+ } else if (header_bytes_read >= 8 &&
+ memcmp(header, "BSDIFF40", 8) == 0) {
+ int result = ApplyBSDiffPatch(source_to_use->data, source_to_use->size,
+ patch_filename, output, &ctx);
+ if (result != 0) {
+ fprintf(stderr, "ApplyBSDiffPatch failed\n");
+ return result;
+ }
+ } else {
+ fprintf(stderr, "Unknown patch file format");
+ return 1;
+ }
+
+ fflush(output);
+ fsync(fileno(output));
+ fclose(output);
+
+ const uint8_t* current_target_sha1 = SHA_final(&ctx);
+ if (memcmp(current_target_sha1, target_sha1, SHA_DIGEST_SIZE) != 0) {
+ fprintf(stderr, "patch did not produce expected sha1\n");
+ return 1;
+ }
+
+ // Give the .patch file the same owner, group, and mode of the
+ // original source file.
+ if (chmod(outname, source_to_use->st.st_mode) != 0) {
+ fprintf(stderr, "chmod of \"%s\" failed: %s\n", outname, strerror(errno));
+ return 1;
+ }
+ if (chown(outname, source_to_use->st.st_uid, source_to_use->st.st_gid) != 0) {
+ fprintf(stderr, "chown of \"%s\" failed: %s\n", outname, strerror(errno));
+ return 1;
+ }
+
+ // Finally, rename the .patch file to replace the original source file.
+ if (rename(outname, source_filename) != 0) {
+ fprintf(stderr, "rename of .patch to \"%s\" failed: %s\n",
+ source_filename, strerror(errno));
+ return 1;
+ }
+
+ // If this run of applypatch created the copy, and we're here, we
+ // can delete it.
+ if (made_copy) unlink(CACHE_TEMP_SOURCE);
+
+ // Success!
+ return 0;
+}
diff --git a/tools/applypatch/applypatch.h b/tools/applypatch/applypatch.h
new file mode 100644
index 0000000..76fc80a
--- /dev/null
+++ b/tools/applypatch/applypatch.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _APPLYPATCH_H
+#define _APPLYPATCH_H
+
+#include "mincrypt/sha.h"
+
+typedef struct _Patch {
+ uint8_t sha1[SHA_DIGEST_SIZE];
+ const char* patch_filename;
+} Patch;
+
+typedef struct _FileContents {
+ uint8_t sha1[SHA_DIGEST_SIZE];
+ unsigned char* data;
+ size_t size;
+ struct stat st;
+} FileContents;
+
+// When there isn't enough room on the target filesystem to hold the
+// patched version of the file, we copy the original here and delete
+// it to free up space. If the expected source file doesn't exist, or
+// is corrupted, we look to see if this file contains the bits we want
+// and use it as the source instead.
+#define CACHE_TEMP_SOURCE "/cache/saved.file"
+
+// applypatch.c
+size_t FreeSpaceForFile(const char* filename);
+
+// bsdiff.c
+void ShowBSDiffLicense();
+int ApplyBSDiffPatch(const unsigned char* old_data, ssize_t old_size,
+ const char* patch_filename,
+ FILE* output, SHA_CTX* ctx);
+
+// freecache.c
+int MakeFreeSpaceOnCache(size_t bytes_needed);
+
+#endif
diff --git a/tools/applypatch/applypatch.sh b/tools/applypatch/applypatch.sh
new file mode 100755
index 0000000..181cd5c
--- /dev/null
+++ b/tools/applypatch/applypatch.sh
@@ -0,0 +1,272 @@
+#!/bin/bash
+#
+# A test suite for applypatch. Run in a client where you have done
+# envsetup, choosecombo, etc.
+#
+# DO NOT RUN THIS ON A DEVICE YOU CARE ABOUT. It will mess up your
+# system partition.
+#
+#
+# TODO: find some way to get this run regularly along with the rest of
+# the tests.
+
+EMULATOR_PORT=5580
+DATA_DIR=$ANDROID_BUILD_TOP/build/tools/applypatch/testdata
+
+# This must be the filename that applypatch uses for its copies.
+CACHE_TEMP_SOURCE=/cache/saved.file
+
+# Put all binaries and files here. We use /cache because it's a
+# temporary filesystem in the emulator; it's created fresh each time
+# the emulator starts.
+WORK_DIR=/system
+
+# partition that WORK_DIR is located on, without the leading slash
+WORK_FS=system
+
+# ------------------------
+
+tmpdir=$(mktemp -d)
+
+emulator -wipe-data -noaudio -no-window -port $EMULATOR_PORT &
+pid_emulator=$!
+
+ADB="adb -s emulator-$EMULATOR_PORT "
+
+echo "emulator is $pid_emulator; waiting for startup"
+$ADB wait-for-device
+echo "device is available"
+$ADB remount
+# free up enough space on the system partition for the test to run.
+$ADB shell rm -r /system/media
+
+# run a command on the device; exit with the exit status of the device
+# command.
+run_command() {
+ $ADB shell "$@" \; echo \$? | awk '{if (b) {print a}; a=$0; b=1} END {exit a}'
+}
+
+testname() {
+ echo
+ echo "$1"...
+ testname="$1"
+}
+
+fail() {
+ echo
+ echo FAIL: $testname
+ echo
+ kill $pid_emulator
+ exit 1
+}
+
+sha1() {
+ sha1sum $1 | awk '{print $1}'
+}
+
+free_space() {
+ run_command df | awk "/$1/ {print gensub(/K/, \"\", \"g\", \$6)}"
+}
+
+
+$ADB push $ANDROID_PRODUCT_OUT/system/bin/applypatch $WORK_DIR/applypatch
+
+BAD1_SHA1=$(printf "%040x" $RANDOM)
+BAD2_SHA1=$(printf "%040x" $RANDOM)
+OLD_SHA1=$(sha1 $DATA_DIR/old.file)
+NEW_SHA1=$(sha1 $DATA_DIR/new.file)
+NEW_SIZE=$(stat -c %s $DATA_DIR/new.file)
+
+# --------------- basic execution ----------------------
+
+testname "usage message"
+run_command $WORK_DIR/applypatch && fail
+
+testname "display license"
+run_command $WORK_DIR/applypatch -l | grep -q -i copyright || fail
+
+
+# --------------- check mode ----------------------
+
+$ADB push $DATA_DIR/old.file $WORK_DIR
+
+testname "check mode single"
+run_command $WORK_DIR/applypatch -c $WORK_DIR/old.file $OLD_SHA1 || fail
+
+testname "check mode multiple"
+run_command $WORK_DIR/applypatch -c $WORK_DIR/old.file $BAD1_SHA1 $OLD_SHA1 $BAD2_SHA1|| fail
+
+testname "check mode failure"
+run_command $WORK_DIR/applypatch -c $WORK_DIR/old.file $BAD2_SHA1 $BAD1_SHA1 && fail
+
+$ADB push $DATA_DIR/old.file $CACHE_TEMP_SOURCE
+# put some junk in the old file
+run_command dd if=/dev/urandom of=$WORK_DIR/old.file count=100 bs=1024 || fail
+
+testname "check mode cache (corrupted) single"
+run_command $WORK_DIR/applypatch -c $WORK_DIR/old.file $OLD_SHA1 || fail
+
+testname "check mode cache (corrupted) multiple"
+run_command $WORK_DIR/applypatch -c $WORK_DIR/old.file $BAD1_SHA1 $OLD_SHA1 $BAD2_SHA1|| fail
+
+testname "check mode cache (corrupted) failure"
+run_command $WORK_DIR/applypatch -c $WORK_DIR/old.file $BAD2_SHA1 $BAD1_SHA1 && fail
+
+# remove the old file entirely
+run_command rm $WORK_DIR/old.file
+
+testname "check mode cache (missing) single"
+run_command $WORK_DIR/applypatch -c $WORK_DIR/old.file $OLD_SHA1 || fail
+
+testname "check mode cache (missing) multiple"
+run_command $WORK_DIR/applypatch -c $WORK_DIR/old.file $BAD1_SHA1 $OLD_SHA1 $BAD2_SHA1|| fail
+
+testname "check mode cache (missing) failure"
+run_command $WORK_DIR/applypatch -c $WORK_DIR/old.file $BAD2_SHA1 $BAD1_SHA1 && fail
+
+
+# --------------- apply patch ----------------------
+
+$ADB push $DATA_DIR/old.file $WORK_DIR
+$ADB push $DATA_DIR/patch.bsdiff $WORK_DIR
+
+# Check that the partition has enough space to apply the patch without
+# copying. If it doesn't, we'll be testing the low-space condition
+# when we intend to test the not-low-space condition.
+testname "apply patches (with enough space)"
+free_kb=$(free_space $WORK_FS)
+echo "${free_kb}kb free on /$WORK_FS."
+if (( free_kb * 1024 < NEW_SIZE * 3 / 2 )); then
+ echo "Not enough space on /$WORK_FS to patch test file."
+ echo
+ echo "This doesn't mean that applypatch is necessarily broken;"
+ echo "just that /$WORK_FS doesn't have enough free space to"
+ echo "properly run this test."
+ exit 1
+fi
+
+testname "apply bsdiff patch"
+run_command $WORK_DIR/applypatch $WORK_DIR/old.file $NEW_SHA1 $NEW_SIZE $BAD1_SHA1:$WORK_DIR/foo $OLD_SHA1:$WORK_DIR/patch.bsdiff || fail
+$ADB pull $WORK_DIR/old.file $tmpdir/patched
+diff -q $DATA_DIR/new.file $tmpdir/patched || fail
+
+testname "reapply bsdiff patch"
+run_command $WORK_DIR/applypatch $WORK_DIR/old.file $NEW_SHA1 $NEW_SIZE $BAD1_SHA1:$WORK_DIR/foo $OLD_SHA1:$WORK_DIR/patch.bsdiff || fail
+$ADB pull $WORK_DIR/old.file $tmpdir/patched
+diff -q $DATA_DIR/new.file $tmpdir/patched || fail
+
+
+# --------------- apply patch with low space on /system ----------------------
+
+$ADB push $DATA_DIR/old.file $WORK_DIR
+$ADB push $DATA_DIR/patch.bsdiff $WORK_DIR
+
+free_kb=$(free_space $WORK_FS)
+echo "${free_kb}kb free on /$WORK_FS; we'll soon fix that."
+echo run_command dd if=/dev/zero of=$WORK_DIR/bloat.dat count=$((free_kb-512)) bs=1024 || fail
+run_command dd if=/dev/zero of=$WORK_DIR/bloat.dat count=$((free_kb-512)) bs=1024 || fail
+free_kb=$(free_space $WORK_FS)
+echo "${free_kb}kb free on /$WORK_FS now."
+
+testname "apply bsdiff patch with low space"
+run_command $WORK_DIR/applypatch $WORK_DIR/old.file $NEW_SHA1 $NEW_SIZE $BAD1_SHA1:$WORK_DIR/foo $OLD_SHA1:$WORK_DIR/patch.bsdiff || fail
+$ADB pull $WORK_DIR/old.file $tmpdir/patched
+diff -q $DATA_DIR/new.file $tmpdir/patched || fail
+
+testname "reapply bsdiff patch with low space"
+run_command $WORK_DIR/applypatch $WORK_DIR/old.file $NEW_SHA1 $NEW_SIZE $BAD1_SHA1:$WORK_DIR/foo $OLD_SHA1:$WORK_DIR/patch.bsdiff || fail
+$ADB pull $WORK_DIR/old.file $tmpdir/patched
+diff -q $DATA_DIR/new.file $tmpdir/patched || fail
+
+# --------------- apply patch with low space on /system and /cache ----------------------
+
+$ADB push $DATA_DIR/old.file $WORK_DIR
+$ADB push $DATA_DIR/patch.bsdiff $WORK_DIR
+
+free_kb=$(free_space $WORK_FS)
+echo "${free_kb}kb free on /$WORK_FS"
+
+run_command mkdir /cache/subdir
+run_command 'echo > /cache/subdir/a.file'
+run_command 'echo > /cache/a.file'
+run_command mkdir /cache/recovery /cache/recovery/otatest
+run_command 'echo > /cache/recovery/otatest/b.file'
+run_command "echo > $CACHE_TEMP_SOURCE"
+free_kb=$(free_space cache)
+echo "${free_kb}kb free on /cache; we'll soon fix that."
+run_command dd if=/dev/zero of=/cache/bloat_small.dat count=128 bs=1024 || fail
+run_command dd if=/dev/zero of=/cache/bloat_large.dat count=$((free_kb-640)) bs=1024 || fail
+free_kb=$(free_space cache)
+echo "${free_kb}kb free on /cache now."
+
+testname "apply bsdiff patch with low space, full cache, can't delete enough"
+$ADB shell 'cat >> /cache/bloat_large.dat' & open_pid=$!
+echo "open_pid is $open_pid"
+
+# size check should fail even though it deletes some stuff
+run_command $WORK_DIR/applypatch -s $NEW_SIZE && fail
+run_command ls /cache/bloat_small.dat && fail # was deleted
+run_command ls /cache/a.file && fail # was deleted
+run_command ls /cache/recovery/otatest/b.file && fail # was deleted
+run_command ls /cache/bloat_large.dat || fail # wasn't deleted because it was open
+run_command ls /cache/subdir/a.file || fail # wasn't deleted because it's in a subdir
+run_command ls $CACHE_TEMP_SOURCE || fail # wasn't deleted because it's the source file copy
+
+# should fail; not enough files can be deleted
+run_command $WORK_DIR/applypatch $WORK_DIR/old.file $NEW_SHA1 $NEW_SIZE $BAD1_SHA1:$WORK_DIR/foo $OLD_SHA1:$WORK_DIR/patch.bsdiff && fail
+run_command ls /cache/bloat_large.dat || fail # wasn't deleted because it was open
+run_command ls /cache/subdir/a.file || fail # wasn't deleted because it's in a subdir
+run_command ls $CACHE_TEMP_SOURCE || fail # wasn't deleted because it's the source file copy
+
+kill $open_pid # /cache/bloat_large.dat is no longer open
+
+testname "apply bsdiff patch with low space, full cache, can delete enough"
+
+# should succeed after deleting /cache/bloat_large.dat
+run_command $WORK_DIR/applypatch -s $NEW_SIZE || fail
+run_command ls /cache/bloat_large.dat && fail # was deleted
+run_command ls /cache/subdir/a.file || fail # still wasn't deleted because it's in a subdir
+run_command ls $CACHE_TEMP_SOURCE || fail # wasn't deleted because it's the source file copy
+
+# should succeed
+run_command $WORK_DIR/applypatch $WORK_DIR/old.file $NEW_SHA1 $NEW_SIZE $BAD1_SHA1:$WORK_DIR/foo $OLD_SHA1:$WORK_DIR/patch.bsdiff || fail
+$ADB pull $WORK_DIR/old.file $tmpdir/patched
+diff -q $DATA_DIR/new.file $tmpdir/patched || fail
+run_command ls /cache/subdir/a.file || fail # still wasn't deleted because it's in a subdir
+run_command ls $CACHE_TEMP_SOURCE && fail # was deleted because patching overwrote it, then deleted it
+
+# --------------- apply patch from cache ----------------------
+
+$ADB push $DATA_DIR/old.file $CACHE_TEMP_SOURCE
+# put some junk in the old file
+run_command dd if=/dev/urandom of=$WORK_DIR/old.file count=100 bs=1024 || fail
+
+testname "apply bsdiff patch from cache (corrupted source) with low space"
+run_command $WORK_DIR/applypatch $WORK_DIR/old.file $NEW_SHA1 $NEW_SIZE $BAD1_SHA1:$WORK_DIR/foo $OLD_SHA1:$WORK_DIR/patch.bsdiff || fail
+$ADB pull $WORK_DIR/old.file $tmpdir/patched
+diff -q $DATA_DIR/new.file $tmpdir/patched || fail
+
+$ADB push $DATA_DIR/old.file $CACHE_TEMP_SOURCE
+# remove the old file entirely
+run_command rm $WORK_DIR/old.file
+
+testname "apply bsdiff patch from cache (missing source) with low space"
+run_command $WORK_DIR/applypatch $WORK_DIR/old.file $NEW_SHA1 $NEW_SIZE $BAD1_SHA1:$WORK_DIR/foo $OLD_SHA1:$WORK_DIR/patch.bsdiff || fail
+$ADB pull $WORK_DIR/old.file $tmpdir/patched
+diff -q $DATA_DIR/new.file $tmpdir/patched || fail
+
+
+# --------------- cleanup ----------------------
+
+# not necessary if we're about to kill the emulator, but nice for
+# running on real devices or already-running emulators.
+run_command rm /cache/bloat*.dat $WORK_DIR/bloat.dat $CACHE_TEMP_SOURCE $WORK_DIR/old.file $WORK_DIR/patch.xdelta3 $WORK_DIR/patch.bsdiff $WORK_DIR/applypatch
+
+kill $pid_emulator
+
+rm -rf $tmpdir
+
+echo
+echo PASS
+echo
+
diff --git a/tools/applypatch/bsdiff.c b/tools/applypatch/bsdiff.c
new file mode 100644
index 0000000..a2851f9
--- /dev/null
+++ b/tools/applypatch/bsdiff.c
@@ -0,0 +1,232 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// This file is a nearly line-for-line copy of bspatch.c from the
+// bsdiff-4.3 distribution; the primary differences being how the
+// input and output data are read and the error handling. Running
+// applypatch with the -l option will display the bsdiff license
+// notice.
+
+#include <stdio.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
+
+#include <bzlib.h>
+
+#include "mincrypt/sha.h"
+
+void ShowBSDiffLicense() {
+ puts("The bsdiff library used herein is:\n"
+ "\n"
+ "Copyright 2003-2005 Colin Percival\n"
+ "All rights reserved\n"
+ "\n"
+ "Redistribution and use in source and binary forms, with or without\n"
+ "modification, are permitted providing that the following conditions\n"
+ "are met:\n"
+ "1. Redistributions of source code must retain the above copyright\n"
+ " notice, this list of conditions and the following disclaimer.\n"
+ "2. Redistributions in binary form must reproduce the above copyright\n"
+ " notice, this list of conditions and the following disclaimer in the\n"
+ " documentation and/or other materials provided with the distribution.\n"
+ "\n"
+ "THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n"
+ "IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n"
+ "WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n"
+ "ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY\n"
+ "DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n"
+ "DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n"
+ "OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n"
+ "HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n"
+ "STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING\n"
+ "IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\n"
+ "POSSIBILITY OF SUCH DAMAGE.\n"
+ "\n------------------\n\n"
+ "This program uses Julian R Seward's \"libbzip2\" library, available\n"
+ "from http://www.bzip.org/.\n"
+ );
+}
+
+static off_t offtin(u_char *buf)
+{
+ off_t y;
+
+ y=buf[7]&0x7F;
+ y=y*256;y+=buf[6];
+ y=y*256;y+=buf[5];
+ y=y*256;y+=buf[4];
+ y=y*256;y+=buf[3];
+ y=y*256;y+=buf[2];
+ y=y*256;y+=buf[1];
+ y=y*256;y+=buf[0];
+
+ if(buf[7]&0x80) y=-y;
+
+ return y;
+}
+
+int ApplyBSDiffPatch(const unsigned char* old_data, ssize_t old_size,
+ const char* patch_filename,
+ FILE* output, SHA_CTX* ctx) {
+
+ FILE* f;
+ if ((f = fopen(patch_filename, "rb")) == NULL) {
+ fprintf(stderr, "failed to open patch file\n");
+ return 1;
+ }
+
+ // File format:
+ // 0 8 "BSDIFF40"
+ // 8 8 X
+ // 16 8 Y
+ // 24 8 sizeof(newfile)
+ // 32 X bzip2(control block)
+ // 32+X Y bzip2(diff block)
+ // 32+X+Y ??? bzip2(extra block)
+ // with control block a set of triples (x,y,z) meaning "add x bytes
+ // from oldfile to x bytes from the diff block; copy y bytes from the
+ // extra block; seek forwards in oldfile by z bytes".
+
+ unsigned char header[32];
+ if (fread(header, 1, 32, f) < 32) {
+ fprintf(stderr, "failed to read patch file header\n");
+ return 1;
+ }
+
+ if (memcmp(header, "BSDIFF40", 8) != 0) {
+ fprintf(stderr, "corrupt patch file header (magic number)\n");
+ return 1;
+ }
+
+ ssize_t ctrl_len, data_len;
+ ssize_t new_size;
+ ctrl_len = offtin(header+8);
+ data_len = offtin(header+16);
+ new_size = offtin(header+24);
+
+ if (ctrl_len < 0 || data_len < 0 || new_size < 0) {
+ fprintf(stderr, "corrupt patch file header (data lengths)\n");
+ return 1;
+ }
+
+ fclose(f);
+
+ int bzerr;
+
+#define OPEN_AT(f, bzf, offset) \
+ FILE* f; \
+ BZFILE* bzf; \
+ if ((f = fopen(patch_filename, "rb")) == NULL) { \
+ fprintf(stderr, "failed to open patch file\n"); \
+ return 1; \
+ } \
+ if (fseeko(f, offset, SEEK_SET)) { \
+ fprintf(stderr, "failed to seek in patch file\n"); \
+ return 1; \
+ } \
+ if ((bzf = BZ2_bzReadOpen(&bzerr, f, 0, 0, NULL, 0)) == NULL) { \
+ fprintf(stderr, "failed to bzReadOpen in patch file (%d)\n", bzerr); \
+ return 1; \
+ }
+
+ OPEN_AT(cpf, cpfbz2, 32);
+ OPEN_AT(dpf, dpfbz2, 32+ctrl_len);
+ OPEN_AT(epf, epfbz2, 32+ctrl_len+data_len);
+
+#undef OPEN_AT
+
+ unsigned char* new_data = malloc(new_size);
+ if (new_data == NULL) {
+ fprintf(stderr, "failed to allocate memory for output file\n");
+ return 1;
+ }
+
+ off_t oldpos = 0, newpos = 0;
+ off_t ctrl[3];
+ off_t len_read;
+ int i;
+ unsigned char buf[8];
+ while (newpos < new_size) {
+ // Read control data
+ for (i = 0; i < 3; ++i) {
+ len_read = BZ2_bzRead(&bzerr, cpfbz2, buf, 8);
+ if (len_read < 8 || !(bzerr == BZ_OK || bzerr == BZ_STREAM_END)) {
+ fprintf(stderr, "corrupt patch (read control)\n");
+ return 1;
+ }
+ ctrl[i] = offtin(buf);
+ }
+
+ // Sanity check
+ if (newpos + ctrl[0] > new_size) {
+ fprintf(stderr, "corrupt patch (new file overrun)\n");
+ return 1;
+ }
+
+ // Read diff string
+ len_read = BZ2_bzRead(&bzerr, dpfbz2, new_data + newpos, ctrl[0]);
+ if (len_read < ctrl[0] || !(bzerr == BZ_OK || bzerr == BZ_STREAM_END)) {
+ fprintf(stderr, "corrupt patch (read diff)\n");
+ return 1;
+ }
+
+ // Add old data to diff string
+ for (i = 0; i < ctrl[0]; ++i) {
+ if ((oldpos+i >= 0) && (oldpos+i < old_size)) {
+ new_data[newpos+i] += old_data[oldpos+i];
+ }
+ }
+
+ // Adjust pointers
+ newpos += ctrl[0];
+ oldpos += ctrl[0];
+
+ // Sanity check
+ if (newpos + ctrl[1] > new_size) {
+ fprintf(stderr, "corrupt patch (new file overrun)\n");
+ return 1;
+ }
+
+ // Read extra string
+ len_read = BZ2_bzRead(&bzerr, epfbz2, new_data + newpos, ctrl[1]);
+ if (len_read < ctrl[1] || !(bzerr == BZ_OK || bzerr == BZ_STREAM_END)) {
+ fprintf(stderr, "corrupt patch (read extra)\n");
+ return 1;
+ }
+
+ // Adjust pointers
+ newpos += ctrl[1];
+ oldpos += ctrl[2];
+ }
+
+ BZ2_bzReadClose(&bzerr, cpfbz2);
+ BZ2_bzReadClose(&bzerr, dpfbz2);
+ BZ2_bzReadClose(&bzerr, epfbz2);
+ fclose(cpf);
+ fclose(dpf);
+ fclose(epf);
+
+ if (fwrite(new_data, 1, new_size, output) < new_size) {
+ fprintf(stderr, "short write of output: %d (%s)\n", errno, strerror(errno));
+ return 1;
+ }
+ SHA_update(ctx, new_data, new_size);
+ free(new_data);
+
+ return 0;
+}
diff --git a/tools/applypatch/freecache.c b/tools/applypatch/freecache.c
new file mode 100644
index 0000000..ab71b81
--- /dev/null
+++ b/tools/applypatch/freecache.c
@@ -0,0 +1,172 @@
+#include <errno.h>
+#include <libgen.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/statfs.h>
+#include <unistd.h>
+#include <dirent.h>
+#include <ctype.h>
+
+#include "applypatch.h"
+
+static int EliminateOpenFiles(char** files, int file_count) {
+ DIR* d;
+ struct dirent* de;
+ d = opendir("/proc");
+ if (d == NULL) {
+ fprintf(stderr, "error opening /proc: %s\n", strerror(errno));
+ return -1;
+ }
+ while ((de = readdir(d)) != 0) {
+ int i;
+ for (i = 0; de->d_name[i] != '\0' && isdigit(de->d_name[i]); ++i);
+ if (de->d_name[i]) continue;
+
+ // de->d_name[i] is numeric
+
+ char path[FILENAME_MAX];
+ strcpy(path, "/proc/");
+ strcat(path, de->d_name);
+ strcat(path, "/fd/");
+
+ DIR* fdd;
+ struct dirent* fdde;
+ fdd = opendir(path);
+ if (fdd == NULL) {
+ fprintf(stderr, "error opening %s: %s\n", path, strerror(errno));
+ continue;
+ }
+ while ((fdde = readdir(fdd)) != 0) {
+ char fd_path[FILENAME_MAX];
+ char link[FILENAME_MAX];
+ strcpy(fd_path, path);
+ strcat(fd_path, fdde->d_name);
+
+ int count;
+ count = readlink(fd_path, link, sizeof(link)-1);
+ if (count >= 0) {
+ link[count] = '\0';
+
+ // This is inefficient, but it should only matter if there are
+ // lots of files in /cache, and lots of them are open (neither
+ // of which should be true, especially in recovery).
+ if (strncmp(link, "/cache/", 7) == 0) {
+ int j;
+ for (j = 0; j < file_count; ++j) {
+ if (files[j] && strcmp(files[j], link) == 0) {
+ printf("%s is open by %s\n", link, de->d_name);
+ free(files[j]);
+ files[j] = NULL;
+ }
+ }
+ }
+ }
+ }
+ closedir(fdd);
+ }
+ closedir(d);
+
+ return 0;
+}
+
+int FindExpendableFiles(char*** names, int* entries) {
+ DIR* d;
+ struct dirent* de;
+ int size = 32;
+ *entries = 0;
+ *names = malloc(size * sizeof(char*));
+
+ char path[FILENAME_MAX];
+
+ // We're allowed to delete unopened regular files in any of these
+ // directories.
+ const char* dirs[2] = {"/cache", "/cache/recovery/otatest"};
+
+ unsigned int i;
+ for (i = 0; i < sizeof(dirs)/sizeof(dirs[0]); ++i) {
+ d = opendir(dirs[i]);
+ if (d == NULL) {
+ fprintf(stderr, "error opening %s: %s\n", dirs[i], strerror(errno));
+ continue;
+ }
+
+ // Look for regular files in the directory (not in any subdirectories).
+ while ((de = readdir(d)) != 0) {
+ strcpy(path, dirs[i]);
+ strcat(path, "/");
+ strcat(path, de->d_name);
+
+ // We can't delete CACHE_TEMP_SOURCE; if it's there we might have
+ // restarted during installation and could be depending on it to
+ // be there.
+ if (strcmp(path, CACHE_TEMP_SOURCE) == 0) continue;
+
+ struct stat st;
+ if (stat(path, &st) == 0 && S_ISREG(st.st_mode)) {
+ if (*entries >= size) {
+ size *= 2;
+ *names = realloc(*names, size * sizeof(char*));
+ }
+ (*names)[(*entries)++] = strdup(path);
+ }
+ }
+
+ closedir(d);
+ }
+
+ printf("%d regular files in deletable directories\n", *entries);
+
+ if (EliminateOpenFiles(*names, *entries) < 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
+int MakeFreeSpaceOnCache(size_t bytes_needed) {
+ size_t free_now = FreeSpaceForFile("/cache");
+ printf("%ld bytes free on /cache (%ld needed)\n",
+ (long)free_now, (long)bytes_needed);
+
+ if (free_now >= bytes_needed) {
+ return 0;
+ }
+
+ char** names;
+ int entries;
+
+ if (FindExpendableFiles(&names, &entries) < 0) {
+ return -1;
+ }
+
+ if (entries == 0) {
+ // nothing we can delete to free up space!
+ fprintf(stderr, "no files can be deleted to free space on /cache\n");
+ return -1;
+ }
+
+ // We could try to be smarter about which files to delete: the
+ // biggest ones? the smallest ones that will free up enough space?
+ // the oldest? the newest?
+ //
+ // Instead, we'll be dumb.
+
+ int i;
+ for (i = 0; i < entries && free_now < bytes_needed; ++i) {
+ if (names[i]) {
+ unlink(names[i]);
+ free_now = FreeSpaceForFile("/cache");
+ printf("deleted %s; now %ld bytes free\n", names[i], (long)free_now);
+ free(names[i]);
+ }
+ }
+
+ for (; i < entries; ++i) {
+ free(names[i]);
+ }
+ free(names);
+
+ return (free_now >= bytes_needed) ? 0 : -1;
+}
diff --git a/tools/applypatch/testdata/new.file b/tools/applypatch/testdata/new.file
new file mode 100644
index 0000000..cdeb8fd
--- /dev/null
+++ b/tools/applypatch/testdata/new.file
Binary files differ
diff --git a/tools/applypatch/testdata/old.file b/tools/applypatch/testdata/old.file
new file mode 100644
index 0000000..166c873
--- /dev/null
+++ b/tools/applypatch/testdata/old.file
Binary files differ
diff --git a/tools/applypatch/testdata/patch.bsdiff b/tools/applypatch/testdata/patch.bsdiff
new file mode 100644
index 0000000..b78d385
--- /dev/null
+++ b/tools/applypatch/testdata/patch.bsdiff
Binary files differ