Linked by Thom Holwerda on Mon 7th Aug 2017 20:16 UTC
Android

When you get that "out of space" error message during an update, you're only "out of space" on the user storage partition, which is just being used as a temporary download spot before the update is applied to the system partition. Starting with Android 8.0, the A/B system partition setup is being upgraded with a "streaming updates" feature. Update data will arrive from the Internet directly to the offline system partition, written block by block, in a ready-to-boot state. Instead of needing ~1GB of free space, Google will be bypassing user storage almost entirely, needing only ~100KB worth of free space for some metadata.

I promise not to make some snide remark about Android's update mess.

Order by: Score:
Comment by grandmasterphp
by grandmasterphp on Mon 7th Aug 2017 22:33 UTC
grandmasterphp
Member since:
2017-05-15

In other news I download files to the free space on my hard drive.

Reply Score: 1

RE: Comment by grandmasterphp
by cacheline on Tue 8th Aug 2017 01:18 UTC in reply to "Comment by grandmasterphp"
cacheline Member since:
2016-06-10

In a way, I could see that. But, it sounds more like they're just marking a portion of your free space as reserved, so in reality, it's not free to user apps or the system for storing data, cache, etc.

Reply Score: 2

Comment by tidux
by tidux on Tue 8th Aug 2017 00:54 UTC
tidux
Member since:
2011-08-13

So this is basically piping curl into dd of=/dev/mmcblk0pN without stopping to hash check the arriving binary? Fantastic, now we're one MITM away from giving network attackers full root. Intelligence agencies everywhere are nutting in their pants.

Reply Score: 3

RE: Comment by tidux
by cacheline on Tue 8th Aug 2017 01:17 UTC in reply to "Comment by tidux"
cacheline Member since:
2016-06-10

Wait, did I miss something in the article (if I did, please point me to it, not being facetious, I'd really like to know)? Where did it say they weren't doing any kind of validation on the incoming binary?

With all the kernel hardening and efforts they've gone to, I'd be surprised if they did NOT check the incoming update for that. But, if there's an indication they really did miss that, I'd like to know!

Reply Score: 1

RE[2]: Comment by tidux
by tidux on Tue 8th Aug 2017 17:42 UTC in reply to "RE: Comment by tidux"
tidux Member since:
2011-08-13

There's no way for them to do it ahead of time or while the transfer is running within the constraints imposed by the "100K of disk space" claim. At most they can do a hash check after the fact, and an attacker could force a reboot between the write and the hash check.

Reply Score: 2

RE[3]: Comment by tidux
by Licaon_Kter on Tue 8th Aug 2017 23:00 UTC in reply to "RE[2]: Comment by tidux"
Licaon_Kter Member since:
2010-03-19

Some ideas:
* 100kb is for metadata (eg. checksums I guess)
* it downloads to the "other" boot partition directly
* it could very well hash every chunk (think bittorrent, say every 4Mb)
* a reboot would not change to "other" boot until the update process validates and marks the switch

It sounds rather well.

Edited 2017-08-08 23:01 UTC

Reply Score: 1

RE[4]: Comment by tidux
by tidux on Wed 9th Aug 2017 10:44 UTC in reply to "RE[3]: Comment by tidux"
tidux Member since:
2011-08-13

> it downloads to the "other" boot partition directly

Nope, that's not what it does.

Reply Score: 2

RE[5]: Comment by tidux
by Licaon_Kter on Wed 9th Aug 2017 12:57 UTC in reply to "RE[4]: Comment by tidux"
Licaon_Kter Member since:
2010-03-19

The article says: "Update data will arrive from the Internet directly to the offline system partition"

What did I misunderstood exactly?

Do you have more info? Links?

Feel free to actually explain your "nope"

Reply Score: 1

RE[6]: Comment by tidux
by tidux on Wed 9th Aug 2017 20:27 UTC in reply to "RE[5]: Comment by tidux"
tidux Member since:
2011-08-13

The "offline" system partition refers specifically to the partition not currently in use by the running OS.

Reply Score: 2

RE[7]: Comment by tidux
by CATs on Thu 10th Aug 2017 06:53 UTC in reply to "RE[6]: Comment by tidux"
CATs Member since:
2017-06-09

The "offline" system partition refers specifically to the partition not currently in use by the running OS.

And now you are disagreeing with yourself. Nice job.

Reply Score: 1

RE[3]: Comment by tidux
by jgfenix on Thu 10th Aug 2017 20:12 UTC in reply to "RE[2]: Comment by tidux"
jgfenix Member since:
2006-05-25

Yes, but it has two system partitions. This is how I think it works.
1) System partition A is active. If there is a reboot or power failure it will boot to A.
2) The updater downloads the update and writes to system partition B.
3) After finishing the update B is validated. If the validation fails it's marked as invalid (an the update is attempted again/postponed/it gives an error/A is copied in B/whatever). If it's ok it's marked as valid.
4) It reboots and B is marked as active so it boots to B.
5) The usual Android update (optimizing apps, etc).
6) The system boots up.
7) B is copied in A. A is validated the same as B. If it's a success both partitions are marked as valid.
8) Now the update is finished.

Edited 2017-08-10 20:13 UTC

Reply Score: 2

Thom: what about Project Treble?
by cacheline on Tue 8th Aug 2017 01:21 UTC
cacheline
Member since:
2016-06-10

I agree Android's updating mechanism has been a mess (more for non-Google branded phones than anything else). And as an Android dev, I'd love to drop support for KitKat (almost there, just not quite yet), as so many things become easier once you do. But, I'm looking with eager anticipation to see what Project Treble does. If they did their job well, in 2 years from now (once everyone can upgrade phones), we might well see users upgrading about as fast as iOS users do. That's a day I'd love to see. So, I'd rather give Google the benefit of the doubt here, and have some optimism...

https://arstechnica.com/gadgets/2017/05/google-hopes-to-fix-android-...

Reply Score: 1

bassbeast Member since:
2007-11-11

Dude you know how many NEW devices are still being sold with KitKat? Go look on amazon and have your hopes crushed like a bug at getting rid of KitKat anytime soon.

BTW I hope you really like supporting Lollipop as that looks like the next Android version they are gonna pump out for years, going to several phone stores with my wife I noticed that many of them had frankly insane amounts of new phones running 5.1.

IDK if its device drivers, ease of support, or what but it seems like the OEMs lock onto one version of Android and then just skip 2-3 releases before moving up to the next release and repeating the process.

Reply Score: 2

Comment by sarreq
by sarreq on Wed 9th Aug 2017 01:28 UTC
sarreq
Member since:
2010-03-14

I want to like this, but if something happens DURING a streamed update, there better be some kind of backup.

Reply Score: 1

RE: Comment by sarreq
by CATs on Wed 9th Aug 2017 07:05 UTC in reply to "Comment by sarreq"
CATs Member since:
2017-06-09

I want to like this, but if something happens DURING a streamed update, there better be some kind of backup.

Well duh... That's what a second partition is for.

Reply Score: 1

RE: Comment by sarreq
by zlynx on Wed 9th Aug 2017 23:11 UTC in reply to "Comment by sarreq"
zlynx Member since:
2005-07-20

So many people seem to think this is a simple file download and instantly find problems with it.

What makes you think Google didn't already think of those problems?

The phone isn't going to boot from the updated partition until it has verified the new downloaded image is correct.

Why would anyone think that it would?

Reply Score: 2

RE[2]: Comment by sarreq
by CATs on Thu 10th Aug 2017 06:54 UTC in reply to "RE: Comment by sarreq"
CATs Member since:
2017-06-09

Mainly, because people are dumb, but think they are very smart (so smart they outsmarted Google's engineers in few minutes).

Reply Score: 1