Merge "Allow for the DTB image to be built by the Android build system."
diff --git a/CleanSpec.mk b/CleanSpec.mk
index a82a0bd..1d0685d 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -627,6 +627,13 @@
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/adb_debug.prop)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/lib*/libjavacrypto.so)
+
+# Clean up old verity tools.
+$(call add-clean-step, rm -rf $(HOST_OUT_JAVA_LIBRARIES)/BootSignature.jar)
+$(call add-clean-step, rm -rf $(HOST_OUT_JAVA_LIBRARIES)/VeritySigner.jar)
+$(call add-clean-step, rm -rf $(HOST_OUT_EXECUTABLES)/build_verity_metadata.py)
+
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/lib*/libc_malloc*)
# ************************************************
# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
# ************************************************
diff --git a/Deprecation.md b/Deprecation.md
index 6468f46..0d925cb 100644
--- a/Deprecation.md
+++ b/Deprecation.md
@@ -12,11 +12,20 @@
[build/make/core/deprecation.mk] is the source of truth, but for easy browsing:
-| Module type | State |
-| -------------------------- | --------- |
-| `BUILD_HOST_TEST_CONFIG` | Warning |
-| `BUILD_TARGET_TEST_CONFIG` | Warning |
-| `BUILD_*` | Available |
+| Module type | State |
+| -------------------------------- | --------- |
+| `BUILD_AUX_EXECUTABLE` | Warning |
+| `BUILD_AUX_STATIC_LIBRARY` | Warning |
+| `BUILD_HOST_FUZZ_TEST` | Warning |
+| `BUILD_HOST_NATIVE_TEST` | Warning |
+| `BUILD_HOST_SHARED_TEST_LIBRARY` | Error |
+| `BUILD_HOST_STATIC_TEST_LIBRARY` | Warning |
+| `BUILD_HOST_TEST_CONFIG` | Error |
+| `BUILD_NATIVE_BENCHMARK` | Warning |
+| `BUILD_SHARED_TEST_LIBRARY` | Error |
+| `BUILD_STATIC_TEST_LIBRARY` | Warning |
+| `BUILD_TARGET_TEST_CONFIG` | Error |
+| `BUILD_*` | Available |
## Module Type Deprecation Process
diff --git a/core/Makefile b/core/Makefile
index c0a8acc..7b3e461 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -459,10 +459,11 @@
build_desc :=
-ifeq (,$(filter true, $(TARGET_NO_KERNEL) $(TARGET_NO_RECOVERY)))
-INSTALLED_RECOVERYIMAGE_TARGET := $(PRODUCT_OUT)/recovery.img
-else
INSTALLED_RECOVERYIMAGE_TARGET :=
+ifdef BUILDING_RECOVERY_IMAGE
+ifneq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
+INSTALLED_RECOVERYIMAGE_TARGET := $(PRODUCT_OUT)/recovery.img
+endif
endif
$(INSTALLED_BUILD_PROP_TARGET): $(intermediate_system_build_prop) $(INSTALLED_RECOVERYIMAGE_TARGET)
@@ -487,6 +488,12 @@
@echo Target vendor buildinfo: $@
@mkdir -p $(dir $@)
$(hide) echo > $@
+ifeq ($(PRODUCT_USE_DYNAMIC_PARTITIONS),true)
+ $(hide) echo ro.boot.dynamic_partitions=true >> $@
+endif
+ifeq ($(PRODUCT_RETROFIT_DYNAMIC_PARTITIONS),true)
+ $(hide) echo ro.boot.dynamic_partitions_retrofit=true >> $@
+endif
$(hide) grep 'ro.product.first_api_level' $(intermediate_system_build_prop) >> $@ || true
$(hide) echo ro.vendor.build.security_patch="$(VENDOR_SECURITY_PATCH)">>$@
$(hide) echo ro.vendor.product.cpu.abilist="$(TARGET_CPU_ABI_LIST)">>$@
@@ -504,7 +511,9 @@
$(hide) echo "#" >> $@; \
echo "# BOOTIMAGE_BUILD_PROPERTIES" >> $@; \
echo "#" >> $@;
- $(hide) $(call generate-common-build-props,bootimage,$@)
+ $(hide) echo ro.bootimage.build.date=`$(DATE_FROM_FILE)`>>$@
+ $(hide) echo ro.bootimage.build.date.utc=`$(DATE_FROM_FILE) +%s`>>$@
+ $(hide) echo ro.bootimage.build.fingerprint="$(BUILD_FINGERPRINT_FROM_FILE)">>$@
$(hide) echo "#" >> $@; \
echo "# ADDITIONAL VENDOR BUILD PROPERTIES" >> $@; \
echo "#" >> $@;
@@ -686,7 +695,7 @@
@echo APK certs list: $@
@mkdir -p $(dir $@)
@rm -f $@
- $(foreach p,$(PACKAGES),\
+ $(foreach p,$(sort $(PACKAGES)),\
$(if $(PACKAGES.$(p).EXTERNAL_KEY),\
$(call _apkcerts_write_line,$(p),"EXTERNAL","",$(PACKAGES.$(p).COMPRESSED),$@),\
$(call _apkcerts_write_line,$(p),$(PACKAGES.$(p).CERTIFICATE),$(PACKAGES.$(p).PRIVATE_KEY),$(PACKAGES.$(p).COMPRESSED),$@)))
@@ -899,13 +908,14 @@
endif # BUILDING_RAMDISK_IMAGE
-
-INSTALLED_BOOTIMAGE_TARGET := $(PRODUCT_OUT)/boot.img
-
-ifneq ($(strip $(TARGET_NO_KERNEL)),true)
-
# -----------------------------------------------------------------
# the boot image, which is a collection of other images.
+
+# This is defined here since we may be building recovery as boot
+# below and only want to define this once
+BUILT_BOOTIMAGE_TARGET := $(PRODUCT_OUT)/boot.img
+
+ifneq ($(strip $(TARGET_NO_KERNEL)),true)
INTERNAL_BOOTIMAGE_ARGS := \
$(addprefix --second ,$(INSTALLED_2NDBOOTLOADER_TARGET)) \
--kernel $(INSTALLED_KERNEL_TARGET)
@@ -944,8 +954,10 @@
--os_version $(PLATFORM_VERSION) \
--os_patch_level $(PLATFORM_SECURITY_PATCH)
-# We build recovery as boot image if BOARD_USES_RECOVERY_AS_BOOT is true.
-ifneq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
+# Define these only if we are building boot
+ifdef BUILDING_BOOT_IMAGE
+INSTALLED_BOOTIMAGE_TARGET := $(BUILT_BOOTIMAGE_TARGET)
+
ifeq ($(TARGET_BOOTIMAGE_USE_EXT2),true)
$(error TARGET_BOOTIMAGE_USE_EXT2 is not supported anymore)
@@ -1016,7 +1028,7 @@
$(hide) $(call assert-max-image-size,$(INSTALLED_BOOTIMAGE_TARGET),$(BOARD_BOOTIMAGE_PARTITION_SIZE))
endif # TARGET_BOOTIMAGE_USE_EXT2
-endif # BOARD_USES_RECOVERY_AS_BOOT
+endif # BUILDING_BOOT_IMAGE
else # TARGET_NO_KERNEL == "true"
ifdef BOARD_PREBUILT_BOOTIMAGE
@@ -1492,7 +1504,7 @@
# Recovery image
# Recovery image exists if we are building recovery, or building recovery as boot.
-ifneq (,$(INSTALLED_RECOVERYIMAGE_TARGET)$(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)))
+ifdef BUILDING_RECOVERY_IMAGE
INTERNAL_RECOVERYIMAGE_FILES := $(filter $(TARGET_RECOVERY_OUT)/%, \
$(ALL_DEFAULT_INSTALLED_MODULES))
@@ -1505,6 +1517,7 @@
# build-recoveryimage-target, which would touch the files under TARGET_RECOVERY_OUT and race with
# the call to FILELIST.
ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
+INSTALLED_BOOTIMAGE_TARGET := $(BUILT_BOOTIMAGE_TARGET)
$(INSTALLED_FILES_FILE_RECOVERY): $(INSTALLED_BOOTIMAGE_TARGET)
else
$(INSTALLED_FILES_FILE_RECOVERY): $(INSTALLED_RECOVERYIMAGE_TARGET)
@@ -1923,9 +1936,9 @@
@echo "make $@: ignoring dependencies"
$(call build-recoveryimage-target, $(INSTALLED_RECOVERYIMAGE_TARGET))
-else # INSTALLED_RECOVERYIMAGE_TARGET not defined
+else # BUILDING_RECOVERY_IMAGE
RECOVERY_RESOURCE_ZIP :=
-endif
+endif # BUILDING_RECOVERY_IMAGE
.PHONY: recoveryimage
recoveryimage: $(INSTALLED_RECOVERYIMAGE_TARGET) $(RECOVERY_RESOURCE_ZIP)
@@ -2029,17 +2042,40 @@
INTERNAL_DEBUG_BOOTIMAGE_ARGS := $(subst $(INSTALLED_RAMDISK_TARGET),$(INSTALLED_DEBUG_RAMDISK_TARGET), $(INTERNAL_BOOTIMAGE_ARGS))
endif
+# If boot.img is chained but boot-debug.img is not signed, libavb in bootloader
+# will fail to find valid AVB metadata from the end of /boot, thus stop booting.
+# Using a test key to sign boot-debug.img to continue booting with the mismatched
+# public key, if the device is unlocked.
+ifneq ($(BOARD_AVB_BOOT_KEY_PATH),)
+BOARD_AVB_DEBUG_BOOT_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
+$(INSTALLED_DEBUG_BOOTIMAGE_TARGET): PRIVATE_AVB_DEBUG_BOOT_SIGNING_ARGS := \
+ --algorithm SHA256_RSA2048 --key $(BOARD_AVB_DEBUG_BOOT_KEY_PATH)
+$(INSTALLED_DEBUG_BOOTIMAGE_TARGET): $(AVBTOOL) $(BOARD_AVB_DEBUG_BOOT_KEY_PATH)
+endif
+
# Depends on original boot.img and ramdisk-debug.img, to build the new boot-debug.img
$(INSTALLED_DEBUG_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(INSTALLED_BOOTIMAGE_TARGET) $(INSTALLED_DEBUG_RAMDISK_TARGET)
$(call pretty,"Target boot debug image: $@")
$(MKBOOTIMG) $(INTERNAL_DEBUG_BOOTIMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $@
- $(call assert-max-image-size,$@,$(BOARD_BOOTIMAGE_PARTITION_SIZE))
+ $(if $(BOARD_AVB_BOOT_KEY_PATH),\
+ $(call assert-max-image-size,$@,$(call get-hash-image-max-size,$(BOARD_BOOTIMAGE_PARTITION_SIZE))); \
+ $(AVBTOOL) add_hash_footer \
+ --image $@ \
+ --partition_size $(BOARD_BOOTIMAGE_PARTITION_SIZE) \
+ --partition_name boot $(PRIVATE_AVB_DEBUG_BOOT_SIGNING_ARGS), \
+ $(call assert-max-image-size,$@,$(BOARD_BOOTIMAGE_PARTITION_SIZE)))
.PHONY: bootimage_debug-nodeps
bootimage_debug-nodeps: $(MKBOOTIMG)
echo "make $@: ignoring dependencies"
$(MKBOOTIMG) $(INTERNAL_DEBUG_BOOTIMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $(INSTALLED_DEBUG_BOOTIMAGE_TARGET)
- $(call assert-max-image-size,$(INSTALLED_DEBUG_BOOTIMAGE_TARGET),$(BOARD_BOOTIMAGE_PARTITION_SIZE))
+ $(if $(BOARD_AVB_BOOT_KEY_PATH),\
+ $(call assert-max-image-size,$(INSTALLED_DEBUG_BOOTIMAGE_TARGET),$(call get-hash-image-max-size,$(BOARD_BOOTIMAGE_PARTITION_SIZE))); \
+ $(AVBTOOL) add_hash_footer \
+ --image $(INSTALLED_DEBUG_BOOTIMAGE_TARGET) \
+ --partition_size $(BOARD_BOOTIMAGE_PARTITION_SIZE) \
+ --partition_name boot $(PRIVATE_AVB_DEBUG_BOOT_SIGNING_ARGS), \
+ $(call assert-max-image-size,$(INSTALLED_DEBUG_BOOTIMAGE_TARGET),$(BOARD_BOOTIMAGE_PARTITION_SIZE)))
endif # TARGET_NO_KERNEL
@@ -2157,109 +2193,13 @@
endef
endif
-# Check that libraries that should only be in APEXes don't end up in the system
-# image. For the Runtime APEX this complements the checks in
-# art/build/apex/art_apex_test.py.
-# TODO(b/128708192): Implement this restriction in Soong instead.
-
-# TODO(b/124293228): Fix remaining bugs and add these libraries to the list:
-# libart-compiler.so
-# libart-dexlayout.so
-# libart.so
-# libartbase.so
-# libartpalette.so
-# libdexfile.so
-# libdexfile_external.so - aosp_marlin-userdebug gets this in a vndk-sp-Q subdirectory.
-# libicui18n.so
-# libicuuc.so
-# libnativehelper.so - cf_x86_phone-userdebug builds get this in system/lib/arm
-# libprofile.so
-# libsigchain.so - cf_x86_phone-userdebug builds get this in system/lib/arm
-# libtombstoned_client.so
-APEX_MODULE_LIBS := \
- libadbconnection.so \
- libandroidicu.so \
- libandroidio.so \
- libdt_fd_forward.so \
- libdt_socket.so \
- libjavacore.so \
- libjdwp.so \
- libnativebridge.so \
- libnativeloader.so \
- libnpt.so \
- libopenjdk.so \
- libopenjdkjvm.so \
- libopenjdkjvmti.so \
- libpac.so \
-
-# Conscrypt APEX_MODULE_LIBS
-APEX_MODULE_LIBS += \
- libjavacrypto.so \
-
-# An option to disable the check below, for local use since some build targets
-# still may create these libraries in /system (b/129006418).
-DISABLE_APEX_LIBS_ABSENCE_CHECK ?=
-
-# Exclude lib/arm and lib/arm64 which contain the native bridge proxy libs.
-# They are compiled for the guest architecture and used with an entirely
-# different linker config. The native libs are then linked to as usual via
-# exported interfaces, so the proxy libs do not violate the interface boundaries
-# on the native architecture.
-# TODO(b/130630776): Introduce a make variable for the appropriate directory
-# when native bridge is active.
-APEX_LIBS_ABSENCE_CHECK_EXCLUDE := lib/arm lib/arm64
-
-# Exclude vndk-sp-* subdirectories which contain prebuilts from older releases.
-APEX_LIBS_ABSENCE_CHECK_EXCLUDE += lib/vndk-% lib64/vndk-%
-
-# If the check below fails, some library has ended up in system/lib or
-# system/lib64 that is intended to only go into some APEX package. The likely
-# cause is that a library or binary in /system has grown a dependency that
-# directly or indirectly pulls in the prohibited library.
-#
-# To resolve this, look for the APEX package that the library belong to - search
-# for it in 'native_shared_lib' properties in 'apex' build modules (see
-# art/build/apex/Android.bp for an example). Then check if there is an exported
-# library in that APEX package that should be used instead, i.e. one listed in
-# its 'native_shared_lib' property for which the corresponding 'cc_library'
-# module has a 'stubs' clause (like libdexfile_external in
-# art/libdexfile/Android.bp).
-#
-# If you cannot find an APEX exported library that fits your needs, or you think
-# that the library you want to depend on should be allowed in /system, then
-# please contact the owners of the APEX package containing the library.
-#
-# If you get this error for a library that is exported in an APEX, then the APEX
-# might be misconfigured or something is wrong in the build system. Please reach
-# out to the APEX package owners and/or soong-team@, or
-# android-building@googlegroups.com externally.
-ifndef DISABLE_APEX_LIBS_ABSENCE_CHECK
-define check-apex-libs-absence
-$(hide) ( \
- cd $(TARGET_OUT) && \
- findres=$$(find lib* \
- $(foreach dir,$(APEX_LIBS_ABSENCE_CHECK_EXCLUDE),-path "$(subst %,*,$(dir))" -prune -o) \
- -type f \( -false $(foreach lib,$(APEX_MODULE_LIBS),-o -name $(lib)) \) \
- -print) && \
- if [ -n "$$findres" ]; then \
- echo "APEX libraries found in system image (see comment in build/make/core/Makefile for details):" 1>&2; \
- echo "$$findres" | sort 1>&2; \
- false; \
- fi; \
-)
-endef
-else
-define check-apex-libs-absence
-endef
-endif
-
# $(1): output file
define build-systemimage-target
@echo "Target system fs image: $(1)"
$(call create-system-vendor-symlink)
$(call create-system-product-symlink)
$(call create-system-product_services-symlink)
- $(call check-apex-libs-absence)
+ $(call check-apex-libs-absence-on-disk)
@mkdir -p $(dir $(1)) $(systemimage_intermediates) && rm -rf $(systemimage_intermediates)/system_image_info.txt
$(call generate-image-prop-dictionary, $(systemimage_intermediates)/system_image_info.txt,system, \
skip_fsck=true)
@@ -3128,18 +3068,30 @@
$(error BOARD_AVB_VBMETA_SYSTEM and BOARD_AVB_VBMETA_VENDOR cannot have duplicates)
endif
-# Appends security patch level as a AVB property descriptor
+# Appends os version and security patch level as a AVB property descriptor
BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS += \
+ --prop com.android.build.system.os_version:$(PLATFORM_VERSION) \
--prop com.android.build.system.security_patch:$(PLATFORM_SECURITY_PATCH)
BOARD_AVB_PRODUCT_ADD_HASHTREE_FOOTER_ARGS += \
+ --prop com.android.build.product.os_version:$(PLATFORM_VERSION) \
--prop com.android.build.product.security_patch:$(PLATFORM_SECURITY_PATCH)
BOARD_AVB_PRODUCT_SERVICES_ADD_HASHTREE_FOOTER_ARGS += \
+ --prop com.android.build.product_services.os_version:$(PLATFORM_VERSION) \
--prop com.android.build.product_services.security_patch:$(PLATFORM_SECURITY_PATCH)
-# The following vendor- and odm-specific images needs explicitly set per board.
+BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS += \
+ --prop com.android.build.boot.os_version:$(PLATFORM_VERSION)
+
+BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS += \
+ --prop com.android.build.vendor.os_version:$(PLATFORM_VERSION)
+
+BOARD_AVB_ODM_ADD_HASHTREE_FOOTER_ARGS += \
+ --prop com.android.build.odm.os_version:$(PLATFORM_VERSION)
+
+# The following vendor- and odm-specific images needs explicit SPL set per board.
ifdef BOOT_SECURITY_PATCH
BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS += \
--prop com.android.build.boot.security_patch:$(BOOT_SECURITY_PATCH)
@@ -3430,8 +3382,12 @@
.PHONY: check-all-partition-sizes check-all-partition-sizes-nodeps
+check_all_partition_sizes_file := $(call intermediates-dir-for,PACKAGING,check-all-partition-sizes)/timestamp
+
+check-all-partition-sizes: $(check_all_partition_sizes_file)
+
# Add image dependencies so that generated_*_image_info.txt are written before checking.
-check-all-partition-sizes: \
+$(check_all_partition_sizes_file): \
build/make/tools/releasetools/sparse_img.py \
$(call images-for-partitions,$(BOARD_SUPER_PARTITION_PARTITION_LIST))
@@ -3499,7 +3455,12 @@
fi
endef
-check-all-partition-sizes check-all-partition-sizes-nodeps:
+$(check_all_partition_sizes_file):
+ $(call check-all-partition-sizes-target)
+ $(call check-super-partition-size)
+ touch $@
+
+check-all-partition-sizes-nodeps:
$(call check-all-partition-sizes-target)
$(call check-super-partition-size)
@@ -3554,134 +3515,112 @@
endif
ifeq ($(build_otatools_package),true)
-OTATOOLS := $(HOST_OUT_EXECUTABLES)/minigzip \
- $(HOST_OUT_EXECUTABLES)/aapt \
- $(HOST_OUT_EXECUTABLES)/checkvintf \
- $(HOST_OUT_EXECUTABLES)/mkbootfs \
- $(HOST_OUT_EXECUTABLES)/mkbootimg \
- $(HOST_OUT_EXECUTABLES)/fs_config \
- $(HOST_OUT_EXECUTABLES)/zipalign \
- $(HOST_OUT_EXECUTABLES)/bsdiff \
- $(HOST_OUT_EXECUTABLES)/imgdiff \
- $(HOST_OUT_JAVA_LIBRARIES)/signapk.jar \
- $(HOST_OUT_JAVA_LIBRARIES)/BootSignature.jar \
- $(HOST_OUT_JAVA_LIBRARIES)/VeritySigner.jar \
- $(HOST_OUT_EXECUTABLES)/mke2fs \
- $(HOST_OUT_EXECUTABLES)/mkuserimg_mke2fs \
- $(HOST_OUT_EXECUTABLES)/e2fsdroid \
- $(HOST_OUT_EXECUTABLES)/tune2fs \
- $(HOST_OUT_EXECUTABLES)/mksquashfsimage.sh \
- $(HOST_OUT_EXECUTABLES)/mksquashfs \
- $(HOST_OUT_EXECUTABLES)/mkf2fsuserimg.sh \
- $(HOST_OUT_EXECUTABLES)/make_f2fs \
- $(HOST_OUT_EXECUTABLES)/sload_f2fs \
- $(HOST_OUT_EXECUTABLES)/simg2img \
- $(HOST_OUT_EXECUTABLES)/e2fsck \
- $(HOST_OUT_EXECUTABLES)/generate_verity_key \
- $(HOST_OUT_EXECUTABLES)/verity_signer \
- $(HOST_OUT_EXECUTABLES)/verity_verifier \
- $(HOST_OUT_EXECUTABLES)/append2simg \
- $(HOST_OUT_EXECUTABLES)/img2simg \
- $(HOST_OUT_EXECUTABLES)/boot_signer \
- $(HOST_OUT_EXECUTABLES)/fec \
- $(HOST_OUT_EXECUTABLES)/brillo_update_payload \
- $(HOST_OUT_EXECUTABLES)/lib/shflags/shflags \
- $(HOST_OUT_EXECUTABLES)/delta_generator \
- $(HOST_OUT_EXECUTABLES)/care_map_generator \
- $(HOST_OUT_EXECUTABLES)/fc_sort \
- $(HOST_OUT_EXECUTABLES)/sefcontext_compile \
- $(LPMAKE) \
- $(AVBTOOL) \
- $(BLK_ALLOC_TO_BASE_FS) \
- $(BROTLI) \
- $(BUILD_VERITY_METADATA) \
- $(BUILD_VERITY_TREE)
+
+INTERNAL_OTATOOLS_MODULES := \
+ aapt \
+ append2simg \
+ avbtool \
+ blk_alloc_to_base_fs \
+ boot_signer \
+ brillo_update_payload \
+ brotli \
+ bsdiff \
+ build_verity_metadata \
+ build_verity_tree \
+ care_map_generator \
+ checkvintf \
+ delta_generator \
+ e2fsck \
+ e2fsdroid \
+ fc_sort \
+ fec \
+ fs_config \
+ generate_verity_key \
+ img2simg \
+ imgdiff \
+ libconscrypt_openjdk_jni \
+ lpmake \
+ make_f2fs \
+ minigzip \
+ mkbootfs \
+ mkbootimg \
+ mke2fs \
+ mke2fs.conf \
+ mkf2fsuserimg.sh \
+ mksquashfs \
+ mksquashfsimage.sh \
+ mkuserimg_mke2fs \
+ sefcontext_compile \
+ shflags \
+ signapk \
+ simg2img \
+ sload_f2fs \
+ tune2fs \
+ verity_signer \
+ verity_verifier \
+ zipalign \
ifeq (true,$(PRODUCT_SUPPORTS_VBOOT))
-OTATOOLS += \
- $(FUTILITY) \
- $(VBOOT_SIGNER)
+INTERNAL_OTATOOLS_MODULES += \
+ futility \
+ vboot_signer
endif
-# Shared libraries.
-OTATOOLS += \
- $(HOST_LIBRARY_PATH)/libc++$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/liblog$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libcutils$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libselinux$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libcrypto_utils$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libcrypto-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libext2fs-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libext2_blkid-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libext2_com_err-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libext2_e2p-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libext2_misc$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libext2_profile-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libext2_quota-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libext2_uuid-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libconscrypt_openjdk_jni$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libbrillo$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libbrillo-stream$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libchrome$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libcurl-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libevent-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libprotobuf-cpp-lite$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libssl-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libz-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libsparse-host$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libbase$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libpcre2$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libbrotli$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/liblp$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libext4_utils$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libfec$(HOST_SHLIB_SUFFIX) \
- $(HOST_LIBRARY_PATH)/libsquashfs_utils$(HOST_SHLIB_SUFFIX)
-
+INTERNAL_OTATOOLS_FILES := \
+ $(filter $(HOST_OUT)/%,$(call module-installed-files,$(INTERNAL_OTATOOLS_MODULES)))
.PHONY: otatools
-otatools: $(OTATOOLS)
+otatools: $(INTERNAL_OTATOOLS_FILES)
-BUILT_OTATOOLS_PACKAGE := $(PRODUCT_OUT)/otatools.zip
-$(BUILT_OTATOOLS_PACKAGE): zip_root := $(call intermediates-dir-for,PACKAGING,otatools)/otatools
+# For each module, recursively resolve its host shared library dependencies. Then we have a full
+# list of modules whose installed files need to be packed.
+INTERNAL_OTATOOLS_MODULES_WITH_DEPS := \
+ $(sort $(INTERNAL_OTATOOLS_MODULES) \
+ $(foreach m,$(INTERNAL_OTATOOLS_MODULES),$(call get-all-shared-libs-deps,$(m))))
-OTATOOLS_DEPS := \
- system/extras/ext4_utils/mke2fs.conf \
- $(sort $(shell find build/make/target/product/security -type f -name "*.x509.pem" -o -name "*.pk8" -o \
- -name verity_key))
+INTERNAL_OTATOOLS_PACKAGE_FILES := \
+ $(filter $(HOST_OUT)/%,$(call module-installed-files,$(INTERNAL_OTATOOLS_MODULES_WITH_DEPS)))
+
+INTERNAL_OTATOOLS_PACKAGE_FILES += \
+ $(sort $(shell find build/make/target/product/security -type f -name "*.x509.pem" -o \
+ -name "*.pk8" -o -name verity_key))
ifneq (,$(wildcard device))
-OTATOOLS_DEPS += \
+INTERNAL_OTATOOLS_PACKAGE_FILES += \
$(sort $(shell find device $(wildcard vendor) -type f -name "*.pk8" -o -name "verifiedboot*" -o \
-name "*.x509.pem" -o -name "oem*.prop"))
endif
ifneq (,$(wildcard external/avb))
-OTATOOLS_DEPS += \
+INTERNAL_OTATOOLS_PACKAGE_FILES += \
$(sort $(shell find external/avb/test/data -type f -name "testkey_*.pem" -o \
-name "atx_metadata.bin"))
endif
ifneq (,$(wildcard system/update_engine))
-OTATOOLS_DEPS += \
+INTERNAL_OTATOOLS_PACKAGE_FILES += \
$(sort $(shell find system/update_engine/scripts -name "*.pyc" -prune -o -type f -print))
endif
-
-OTATOOLS_RELEASETOOLS := \
- $(sort $(shell find build/make/tools/releasetools -name "*.pyc" -prune -o -type f))
-
ifeq (true,$(PRODUCT_SUPPORTS_VBOOT))
-OTATOOLS_DEPS += \
+INTERNAL_OTATOOLS_PACKAGE_FILES += \
$(sort $(shell find external/vboot_reference/tests/devkeys -type f))
endif
-$(BUILT_OTATOOLS_PACKAGE): $(OTATOOLS) $(OTATOOLS_DEPS) $(OTATOOLS_RELEASETOOLS) $(SOONG_ZIP)
+INTERNAL_OTATOOLS_RELEASETOOLS := \
+ $(sort $(shell find build/make/tools/releasetools -name "*.pyc" -prune -o \
+ \( -type f -o -type l \) -print))
+
+BUILT_OTATOOLS_PACKAGE := $(PRODUCT_OUT)/otatools.zip
+$(BUILT_OTATOOLS_PACKAGE): PRIVATE_ZIP_ROOT := $(call intermediates-dir-for,PACKAGING,otatools)/otatools
+$(BUILT_OTATOOLS_PACKAGE): PRIVATE_OTATOOLS_PACKAGE_FILES := $(INTERNAL_OTATOOLS_PACKAGE_FILES)
+$(BUILT_OTATOOLS_PACKAGE): PRIVATE_OTATOOLS_RELEASETOOLS := $(INTERNAL_OTATOOLS_RELEASETOOLS)
+$(BUILT_OTATOOLS_PACKAGE): $(INTERNAL_OTATOOLS_PACKAGE_FILES) $(INTERNAL_OTATOOLS_RELEASETOOLS)
+$(BUILT_OTATOOLS_PACKAGE): $(SOONG_ZIP)
@echo "Package OTA tools: $@"
- $(hide) rm -rf $@ $(zip_root)
- $(hide) mkdir -p $(dir $@) $(zip_root)/bin $(zip_root)/framework $(zip_root)/releasetools
- $(call copy-files-with-structure,$(OTATOOLS),$(HOST_OUT)/,$(zip_root))
- $(hide) cp $(SOONG_ZIP) $(zip_root)/bin/
- $(hide) cp -r -d -p build/make/tools/releasetools/* $(zip_root)/releasetools
- $(hide) rm -rf $@ $(zip_root)/releasetools/*.pyc
- $(hide) $(SOONG_ZIP) -o $@ -C $(zip_root) -D $(zip_root) \
- -C . $(addprefix -f ,$(OTATOOLS_DEPS))
+ rm -rf $@ $(PRIVATE_ZIP_ROOT)
+ mkdir -p $(dir $@)
+ $(call copy-files-with-structure,$(PRIVATE_OTATOOLS_PACKAGE_FILES),$(HOST_OUT)/,$(PRIVATE_ZIP_ROOT))
+ $(call copy-files-with-structure,$(PRIVATE_OTATOOLS_RELEASETOOLS),build/make/tools/,$(PRIVATE_ZIP_ROOT))
+ cp $(SOONG_ZIP) $(PRIVATE_ZIP_ROOT)/bin/
+ $(SOONG_ZIP) -o $@ -C $(PRIVATE_ZIP_ROOT) -D $(PRIVATE_ZIP_ROOT)
.PHONY: otatools-package
otatools-package: $(BUILT_OTATOOLS_PACKAGE)
@@ -3794,6 +3733,8 @@
echo "super_$(group)_partition_list=$(BOARD_$(call to-upper,$(group))_PARTITION_LIST)" >> $(1);))
$(if $(filter true,$(TARGET_USERIMAGES_SPARSE_EXT_DISABLED)), \
echo "build_non_sparse_super_partition=true" >> $(1))
+ $(if $(filter true,$(BOARD_SUPER_IMAGE_IN_UPDATE_PACKAGE)), \
+ echo "super_image_in_update_package=true" >> $(1))
endef
# By conditionally including the dependency of the target files package on the
@@ -3982,6 +3923,9 @@
ifdef BOARD_BOOTIMAGE_PARTITION_SIZE
$(hide) echo "boot_size=$(BOARD_BOOTIMAGE_PARTITION_SIZE)" >> $(zip_root)/META/misc_info.txt
endif
+ifeq ($(INSTALLED_BOOTIMAGE_TARGET),)
+ $(hide) echo "no_boot=true" >> $(zip_root)/META/misc_info.txt
+endif
ifeq ($(INSTALLED_RECOVERYIMAGE_TARGET),)
$(hide) echo "no_recovery=true" >> $(zip_root)/META/misc_info.txt
endif
@@ -4309,25 +4253,6 @@
endif # build_ota_package
# -----------------------------------------------------------------
-# The update package
-
-name := $(TARGET_PRODUCT)
-ifeq ($(TARGET_BUILD_TYPE),debug)
- name := $(name)_debug
-endif
-name := $(name)-img-$(FILE_NAME_TAG)
-
-INTERNAL_UPDATE_PACKAGE_TARGET := $(PRODUCT_OUT)/$(name).zip
-
-$(INTERNAL_UPDATE_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(ZIP2ZIP)
- @echo "Package: $@"
- $(hide) $(ZIP2ZIP) -i $(BUILT_TARGET_FILES_PACKAGE) -o $@ \
- OTA/android-info.txt:android-info.txt "IMAGES/*.img:."
-
-.PHONY: updatepackage
-updatepackage: $(INTERNAL_UPDATE_PACKAGE_TARGET)
-
-# -----------------------------------------------------------------
# A zip of the appcompat directory containing logs
APPCOMPAT_ZIP := $(PRODUCT_OUT)/appcompat.zip
# For apps_only build we'll establish the dependency later in build/make/core/main.mk.
@@ -4348,7 +4273,6 @@
$(hide) find $(PRODUCT_OUT)/appcompat | sort >$(PRIVATE_LIST_FILE)
$(hide) $(SOONG_ZIP) -d -o $@ -C $(PRODUCT_OUT)/appcompat -l $(PRIVATE_LIST_FILE)
-
# -----------------------------------------------------------------
# A zip of the symbols directory. Keep the full paths to make it
# more obvious where these files came from.
@@ -4378,7 +4302,7 @@
$(hide) rm -rf $@ $(PRIVATE_LIST_FILE)
$(hide) mkdir -p $(dir $@) $(TARGET_OUT_UNSTRIPPED) $(dir $(PRIVATE_LIST_FILE))
$(hide) find -L $(TARGET_OUT_UNSTRIPPED) -type f | sort >$(PRIVATE_LIST_FILE)
- $(hide) $(SOONG_ZIP) -d -o $@ -C $(OUT_DIR)/.. -l $(PRIVATE_LIST_FILE)
+ $(hide) $(SOONG_ZIP) --ignore_missing_files -d -o $@ -C $(OUT_DIR)/.. -l $(PRIVATE_LIST_FILE)
# -----------------------------------------------------------------
# A zip of the coverage directory.
#
@@ -4497,7 +4421,10 @@
PATH=$(dir $(LPMAKE)):$$PATH \
$(BUILD_SUPER_IMAGE) -v $(extracted_input_target_files) $@
+# Skip packing it in dist package because it is in update package.
+ifneq (true,$(BOARD_SUPER_IMAGE_IN_UPDATE_PACKAGE))
$(call dist-for-goals,dist_files,$(INTERNAL_SUPERIMAGE_DIST_TARGET))
+endif
.PHONY: superimage_dist
superimage_dist: $(INTERNAL_SUPERIMAGE_DIST_TARGET)
@@ -4581,6 +4508,50 @@
endif # BOARD_SUPER_PARTITION_SIZE != ""
endif # PRODUCT_BUILD_SUPER_PARTITION == "true"
+
+# -----------------------------------------------------------------
+# The update package
+
+name := $(TARGET_PRODUCT)
+ifeq ($(TARGET_BUILD_TYPE),debug)
+ name := $(name)_debug
+endif
+name := $(name)-img-$(FILE_NAME_TAG)
+
+INTERNAL_UPDATE_PACKAGE_TARGET := $(PRODUCT_OUT)/$(name).zip
+
+$(INTERNAL_UPDATE_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(ZIP2ZIP)
+
+ifeq (true,$(BOARD_SUPER_IMAGE_IN_UPDATE_PACKAGE))
+$(INTERNAL_UPDATE_PACKAGE_TARGET): $(INTERNAL_SUPERIMAGE_DIST_TARGET)
+ @echo "Package: $@"
+ # Filter out super_empty and images in BOARD_SUPER_PARTITION_PARTITION_LIST.
+ # Filter out system_other for launch DAP devices because it is in super image.
+ # Include OTA/super_*.img for retrofit devices and super.img for non-retrofit
+ # devices.
+ $(hide) $(ZIP2ZIP) -i $(BUILT_TARGET_FILES_PACKAGE) -o $@ \
+ -x IMAGES/super_empty.img \
+ $(foreach partition,$(BOARD_SUPER_PARTITION_PARTITION_LIST), \
+ -x IMAGES/$(partition).img) \
+ $(if $(filter system, $(BOARD_SUPER_PARTITION_PARTITION_LIST)), \
+ $(if $(filter true, $(PRODUCT_RETROFIT_DYNAMIC_PARTITIONS)),, \
+ -x IMAGES/system_other.img)) \
+ $(if $(filter true,$(PRODUCT_RETROFIT_DYNAMIC_PARTITIONS)), \
+ $(foreach device,$(BOARD_SUPER_PARTITION_BLOCK_DEVICES), \
+ OTA/super_$(device).img:super_$(device).img)) \
+ OTA/android-info.txt:android-info.txt "IMAGES/*.img:."
+ $(if $(INTERNAL_SUPERIMAGE_DIST_TARGET), zip -q -j -u $@ $(INTERNAL_SUPERIMAGE_DIST_TARGET))
+else
+$(INTERNAL_UPDATE_PACKAGE_TARGET):
+ @echo "Package: $@"
+ $(hide) $(ZIP2ZIP) -i $(BUILT_TARGET_FILES_PACKAGE) -o $@ \
+ OTA/android-info.txt:android-info.txt "IMAGES/*.img:."
+endif # BOARD_SUPER_IMAGE_IN_UPDATE_PACKAGE
+
+.PHONY: updatepackage
+updatepackage: $(INTERNAL_UPDATE_PACKAGE_TARGET)
+
+
# -----------------------------------------------------------------
# dalvik something
.PHONY: dalvikfiles
@@ -4588,13 +4559,20 @@
ifeq ($(BUILD_QEMU_IMAGES),true)
MK_QEMU_IMAGE_SH := device/generic/goldfish/tools/mk_qemu_image.sh
+MK_COMBINE_QEMU_IMAGE_SH := device/generic/goldfish/tools/mk_combined_img.py
SGDISK_HOST := $(HOST_OUT_EXECUTABLES)/sgdisk
ifdef INSTALLED_SYSTEMIMAGE_TARGET
INSTALLED_QEMU_SYSTEMIMAGE := $(PRODUCT_OUT)/system-qemu.img
-$(INSTALLED_QEMU_SYSTEMIMAGE): $(INSTALLED_SYSTEMIMAGE_TARGET) $(MK_QEMU_IMAGE_SH) $(SGDISK_HOST) $(SIMG2IMG)
- @echo Create system-qemu.img
- (export SGDISK=$(SGDISK_HOST) SIMG2IMG=$(SIMG2IMG); $(MK_QEMU_IMAGE_SH) $(INSTALLED_SYSTEMIMAGE_TARGET))
+INSTALLED_SYSTEM_QEMU_CONFIG := $(PRODUCT_OUT)/system-qemu-config.txt
+$(INSTALLED_SYSTEM_QEMU_CONFIG): $(INSTALLED_SUPERIMAGE_TARGET) $(INSTALLED_VBMETAIMAGE_TARGET)
+ @echo "$(PRODUCT_OUT)/vbmeta.img vbmeta 1" > $@
+ @echo "$(INSTALLED_SUPERIMAGE_TARGET) super 2" >> $@
+$(INSTALLED_QEMU_SYSTEMIMAGE): $(INSTALLED_VBMETAIMAGE_TARGET) $(MK_COMBINE_QEMU_IMAGE_SH) $(SGDISK_HOST) $(SIMG2IMG) \
+ $(INSTALLED_SUPERIMAGE_TARGET) $(INSTALLED_SYSTEM_QEMU_CONFIG)
+ @echo Create system-qemu.img now
+ (export SGDISK=$(SGDISK_HOST) SIMG2IMG=$(SIMG2IMG); \
+ $(MK_COMBINE_QEMU_IMAGE_SH) -i $(INSTALLED_SYSTEM_QEMU_CONFIG) -o $@)
systemimage: $(INSTALLED_QEMU_SYSTEMIMAGE)
droidcore: $(INSTALLED_QEMU_SYSTEMIMAGE)
@@ -4636,17 +4614,17 @@
droidcore: $(INSTALLED_QEMU_ODMIMAGE)
endif
-ifeq ($(BOARD_AVB_ENABLE),true)
QEMU_VERIFIED_BOOT_PARAMS := $(PRODUCT_OUT)/VerifiedBootParams.textproto
-MK_VERIFIED_BOOT_KERNEL_CMDLINE_SH := device/generic/goldfish/tools/mk_verified_boot_params.sh
-$(QEMU_VERIFIED_BOOT_PARAMS): $(INSTALLED_QEMU_SYSTEMIMAGE) $(MK_VERIFIED_BOOT_KERNEL_CMDLINE_SH) $(INSTALLED_VBMETAIMAGE_TARGET) $(SGDISK_HOST) $(AVBTOOL)
+MK_VBMETA_BOOT_KERNEL_CMDLINE_SH := device/generic/goldfish/tools/mk_vbmeta_boot_params.sh
+$(QEMU_VERIFIED_BOOT_PARAMS): $(INSTALLED_VBMETAIMAGE_TARGET) $(INSTALLED_SYSTEMIMAGE_TARGET) \
+ $(MK_VBMETA_BOOT_KERNEL_CMDLINE_SH) $(AVBTOOL)
@echo Creating $@
- (export SGDISK=$(SGDISK_HOST) AVBTOOL=$(AVBTOOL); $(MK_VERIFIED_BOOT_KERNEL_CMDLINE_SH) $(INSTALLED_VBMETAIMAGE_TARGET) $(INSTALLED_QEMU_SYSTEMIMAGE) $(QEMU_VERIFIED_BOOT_PARAMS))
-
+ (export AVBTOOL=$(AVBTOOL); $(MK_VBMETA_BOOT_KERNEL_CMDLINE_SH) $(INSTALLED_VBMETAIMAGE_TARGET) \
+ $(INSTALLED_SYSTEMIMAGE_TARGET) $(QEMU_VERIFIED_BOOT_PARAMS))
systemimage: $(QEMU_VERIFIED_BOOT_PARAMS)
droidcore: $(QEMU_VERIFIED_BOOT_PARAMS)
-endif
+
endif
# -----------------------------------------------------------------
# The emulator package
diff --git a/core/binary.mk b/core/binary.mk
index f3a50f1..a420c02 100644
--- a/core/binary.mk
+++ b/core/binary.mk
@@ -1402,9 +1402,6 @@
$(notice_target): | $(installed_static_library_notice_file_targets)
$(LOCAL_INSTALLED_MODULE): | $(notice_target)
-$(notice_target): | $(installed_static_library_notice_file_targets)
-$(LOCAL_INSTALLED_MODULE): | $(notice_target)
-
# Default is -fno-rtti.
ifeq ($(strip $(LOCAL_RTTI_FLAG)),)
LOCAL_RTTI_FLAG := -fno-rtti
diff --git a/core/board_config.mk b/core/board_config.mk
index c3c6646..e14ba00 100644
--- a/core/board_config.mk
+++ b/core/board_config.mk
@@ -181,7 +181,7 @@
# Sanity check to warn about likely cryptic errors later in the build.
ifeq ($(TARGET_IS_64_BIT),true)
ifeq (,$(filter true false,$(TARGET_SUPPORTS_64_BIT_APPS)))
- $(warning Building a 32-bit-app-only product on a 64-bit device. \
+ $(error Building a 32-bit-app-only product on a 64-bit device. \
If this is intentional, set TARGET_SUPPORTS_64_BIT_APPS := false)
endif
endif
@@ -290,8 +290,33 @@
endif
.KATI_READONLY := BUILDING_CACHE_IMAGE
-# TODO: Add BUILDING_BOOT_IMAGE / BUILDING_RECOVERY_IMAGE
-# This gets complicated with BOARD_USES_RECOVERY_AS_BOOT, so skipping for now.
+# Are we building a boot image
+BUILDING_BOOT_IMAGE :=
+ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
+ BUILDING_BOOT_IMAGE :=
+else ifeq ($(PRODUCT_BUILD_BOOT_IMAGE),)
+ ifdef BOARD_BOOTIMAGE_PARTITION_SIZE
+ BUILDING_BOOT_IMAGE := true
+ endif
+else ifeq ($(PRODUCT_BUILD_BOOT_IMAGE),true)
+ BUILDING_BOOT_IMAGE := true
+endif
+.KATI_READONLY := BUILDING_BOOT_IMAGE
+
+# Are we building a recovery image
+BUILDING_RECOVERY_IMAGE :=
+ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
+ BUILDING_RECOVERY_IMAGE := true
+else ifeq ($(PRODUCT_BUILD_RECOVERY_IMAGE),)
+ ifdef BOARD_RECOVERYIMAGE_PARTITION_SIZE
+ ifeq (,$(filter true, $(TARGET_NO_KERNEL) $(TARGET_NO_RECOVERY)))
+ BUILDING_RECOVERY_IMAGE := true
+ endif
+ endif
+else ifeq ($(PRODUCT_BUILD_RECOVERY_IMAGE),true)
+ BUILDING_RECOVERY_IMAGE := true
+endif
+.KATI_READONLY := BUILDING_RECOVERY_IMAGE
# Are we building a ramdisk image
BUILDING_RAMDISK_IMAGE := true
@@ -515,6 +540,14 @@
TARGET_VENDOR_TEST_SUFFIX :=
endif
+###########################################
+# APEXes are by default flattened, i.e. non-updatable.
+# It can be unflattened (and updatable) by inheriting from
+# updatable_apex.mk
+ifeq (,$(TARGET_FLATTEN_APEX))
+TARGET_FLATTEN_APEX := true
+endif
+
ifeq (,$(TARGET_BUILD_APPS))
ifdef PRODUCT_EXTRA_VNDK_VERSIONS
$(foreach v,$(PRODUCT_EXTRA_VNDK_VERSIONS),$(call check_vndk_version,$(v)))
diff --git a/core/config.mk b/core/config.mk
index 94928a2..57c1d7a 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -604,11 +604,11 @@
BUILD_IMAGE_SRCS := $(wildcard build/make/tools/releasetools/*.py)
APPEND2SIMG := $(HOST_OUT_EXECUTABLES)/append2simg
VERITY_SIGNER := $(HOST_OUT_EXECUTABLES)/verity_signer
-BUILD_VERITY_METADATA := $(HOST_OUT_EXECUTABLES)/build_verity_metadata.py
+BUILD_VERITY_METADATA := $(HOST_OUT_EXECUTABLES)/build_verity_metadata
BUILD_VERITY_TREE := $(HOST_OUT_EXECUTABLES)/build_verity_tree
BOOT_SIGNER := $(HOST_OUT_EXECUTABLES)/boot_signer
FUTILITY := $(HOST_OUT_EXECUTABLES)/futility-host
-VBOOT_SIGNER := prebuilts/misc/scripts/vboot_signer/vboot_signer.sh
+VBOOT_SIGNER := $(HOST_OUT_EXECUTABLES)/vboot_signer
FEC := $(HOST_OUT_EXECUTABLES)/fec
BRILLO_UPDATE_PAYLOAD := $(HOST_OUT_EXECUTABLES)/brillo_update_payload
@@ -624,11 +624,9 @@
USE_OPENJDK9 := true
-ifeq ($(EXPERIMENTAL_USE_OPENJDK9),)
+ifeq ($(EXPERIMENTAL_JAVA_LANGUAGE_LEVEL_9),)
TARGET_OPENJDK9 :=
-else ifeq ($(EXPERIMENTAL_USE_OPENJDK9),1.8)
-TARGET_OPENJDK9 :=
-else ifeq ($(EXPERIMENTAL_USE_OPENJDK9),true)
+else ifeq ($(EXPERIMENTAL_JAVA_LANGUAGE_LEVEL_9),true)
TARGET_OPENJDK9 := true
endif
@@ -815,15 +813,6 @@
PLATFORM_SEPOLICY_VERSION \
TOT_SEPOLICY_VERSION \
-ifeq ($(PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS),)
- ifdef PRODUCT_SHIPPING_API_LEVEL
- ifeq (true,$(call math_gt_or_eq,$(PRODUCT_SHIPPING_API_LEVEL),29))
- PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true
- endif
- endif
-endif
-.KATI_READONLY := PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS
-
ifeq ($(PRODUCT_RETROFIT_DYNAMIC_PARTITIONS),true)
ifneq ($(PRODUCT_USE_DYNAMIC_PARTITIONS),true)
$(error PRODUCT_USE_DYNAMIC_PARTITIONS must be true when PRODUCT_RETROFIT_DYNAMIC_PARTITIONS \
@@ -1113,7 +1102,7 @@
TARGET_AVAIALBLE_SDK_VERSIONS := $(call numerically_sort,$(TARGET_AVAILABLE_SDK_VERSIONS))
TARGET_SDK_VERSIONS_WITHOUT_JAVA_18_SUPPORT := $(call numbers_less_than,24,$(TARGET_AVAILABLE_SDK_VERSIONS))
-TARGET_SDK_VERSIONS_WITHOUT_JAVA_19_SUPPORT := $(call numbers_less_than,27,$(TARGET_AVAILABLE_SDK_VERSIONS))
+TARGET_SDK_VERSIONS_WITHOUT_JAVA_19_SUPPORT := $(call numbers_less_than,30,$(TARGET_AVAILABLE_SDK_VERSIONS))
ifndef INTERNAL_PLATFORM_PRIVATE_API_FILE
INTERNAL_PLATFORM_PRIVATE_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/private.txt
diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index d3adee5..ebce00b 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -235,12 +235,17 @@
my_sanitize := $(CLANG_DEFAULT_UB_CHECKS)
endif
-ifneq ($(filter coverage,$(my_sanitize)),)
- ifeq ($(filter address,$(my_sanitize)),)
- $(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of 'coverage' also requires 'address')
- endif
- my_cflags += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
- my_sanitize := $(filter-out coverage,$(my_sanitize))
+ifneq ($(filter fuzzer,$(my_sanitize)),)
+ # SANITIZE_TARGET='fuzzer' actually means to create the fuzzer coverage
+ # information, not to link against the fuzzer main().
+ my_sanitize := $(filter-out fuzzer,$(my_sanitize))
+ my_sanitize += fuzzer-no-link
+
+ # TODO(b/131771163): Disable LTO for fuzzer builds. Note that Cfi causes
+ # dependency on LTO.
+ my_sanitize := $(filter-out cfi,$(my_sanitize))
+ my_cflags += -fno-lto
+ my_ldflags += -fno-lto
endif
ifneq ($(filter integer_overflow,$(my_sanitize)),)
@@ -280,7 +285,12 @@
my_cflags += -fsanitize=$(fsanitize_arg)
my_asflags += -fsanitize=$(fsanitize_arg)
- ifdef LOCAL_IS_HOST_MODULE
+ # When fuzzing, we wish to crash with diagnostics on any bug.
+ ifneq ($(filter fuzzer-no-link,$(my_sanitize)),)
+ my_cflags += -fno-sanitize-trap=all
+ my_cflags += -fno-sanitize-recover=all
+ my_ldflags += -fsanitize=fuzzer-no-link
+ else ifdef LOCAL_IS_HOST_MODULE
my_cflags += -fno-sanitize-recover=all
my_ldflags += -fsanitize=$(fsanitize_arg)
else
@@ -378,7 +388,7 @@
ifneq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize)),)
ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize_diag)),)
ifeq ($(filter cfi,$(my_sanitize_diag)),)
- ifeq ($(filter address hwaddress,$(my_sanitize)),)
+ ifeq ($(filter address hwaddress fuzzer-no-link,$(my_sanitize)),)
my_cflags += -fsanitize-minimal-runtime
my_cflags += -fno-sanitize-trap=integer
my_cflags += -fno-sanitize-recover=integer
diff --git a/core/definitions.mk b/core/definitions.mk
index aa2a2a9..af6248d 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -2094,9 +2094,9 @@
$(addprefix --bootclasspath ,$(strip $(PRIVATE_BOOTCLASSPATH))) \
$(addprefix --classpath ,$(strip $(PRIVATE_ALL_JAVA_HEADER_LIBRARIES))) \
|| ( rm -rf $(dir $@)/classes-turbine ; exit 41 ) && \
- $(MERGE_ZIPS) -j --ignore-duplicates -stripDir META-INF $@.tmp $@.premerged $(call reverse-list,$(PRIVATE_STATIC_JAVA_HEADER_LIBRARIES)) ; \
+ $(MERGE_ZIPS) -j --ignore-duplicates -stripDir META-INF $@.tmp $@.premerged $(PRIVATE_STATIC_JAVA_HEADER_LIBRARIES) ; \
else \
- $(MERGE_ZIPS) -j --ignore-duplicates -stripDir META-INF $@.tmp $(call reverse-list,$(PRIVATE_STATIC_JAVA_HEADER_LIBRARIES)) ; \
+ $(MERGE_ZIPS) -j --ignore-duplicates -stripDir META-INF $@.tmp $(PRIVATE_STATIC_JAVA_HEADER_LIBRARIES) ; \
fi
$(hide) $(ZIPTIME) $@.tmp
$(hide) $(call commit-change-for-toc,$@)
diff --git a/core/deprecation.mk b/core/deprecation.mk
index cbc938a..11fe290 100644
--- a/core/deprecation.mk
+++ b/core/deprecation.mk
@@ -1,7 +1,5 @@
# These module types can still be used without warnings or errors.
AVAILABLE_BUILD_MODULE_TYPES :=$= \
- BUILD_AUX_EXECUTABLE \
- BUILD_AUX_STATIC_LIBRARY \
BUILD_COPY_HEADERS \
BUILD_EXECUTABLE \
BUILD_FUZZ_TEST \
@@ -9,17 +7,12 @@
BUILD_HOST_DALVIK_JAVA_LIBRARY \
BUILD_HOST_DALVIK_STATIC_JAVA_LIBRARY \
BUILD_HOST_EXECUTABLE \
- BUILD_HOST_FUZZ_TEST \
BUILD_HOST_JAVA_LIBRARY \
- BUILD_HOST_NATIVE_TEST \
BUILD_HOST_PREBUILT \
BUILD_HOST_SHARED_LIBRARY \
- BUILD_HOST_SHARED_TEST_LIBRARY \
BUILD_HOST_STATIC_LIBRARY \
- BUILD_HOST_STATIC_TEST_LIBRARY \
BUILD_JAVA_LIBRARY \
BUILD_MULTI_PREBUILT \
- BUILD_NATIVE_BENCHMARK \
BUILD_NATIVE_TEST \
BUILD_NOTICE_FILE \
BUILD_PACKAGE \
@@ -27,27 +20,34 @@
BUILD_PREBUILT \
BUILD_RRO_PACKAGE \
BUILD_SHARED_LIBRARY \
- BUILD_SHARED_TEST_LIBRARY \
BUILD_STATIC_JAVA_LIBRARY \
BUILD_STATIC_LIBRARY \
- BUILD_STATIC_TEST_LIBRARY \
# These are BUILD_* variables that will throw a warning when used. This is
# generally a temporary state until all the devices are marked with the
# relevant BUILD_BROKEN_USES_BUILD_* variables, then these would move to
# DEFAULT_ERROR_BUILD_MODULE_TYPES.
DEFAULT_WARNING_BUILD_MODULE_TYPES :=$= \
- BUILD_HOST_TEST_CONFIG \
- BUILD_TARGET_TEST_CONFIG \
+ BUILD_AUX_EXECUTABLE \
+ BUILD_AUX_STATIC_LIBRARY \
+ BUILD_HOST_FUZZ_TEST \
+ BUILD_HOST_NATIVE_TEST \
+ BUILD_HOST_STATIC_TEST_LIBRARY \
+ BUILD_NATIVE_BENCHMARK \
+ BUILD_STATIC_TEST_LIBRARY \
# These are BUILD_* variables that are errors to reference, but you can set
# BUILD_BROKEN_USES_BUILD_* in your BoardConfig.mk in order to turn them back
# to warnings.
DEFAULT_ERROR_BUILD_MODULE_TYPES :=$= \
+ BUILD_HOST_TEST_CONFIG \
+ BUILD_TARGET_TEST_CONFIG \
# These are BUILD_* variables that are always errors to reference.
# Setting the BUILD_BROKEN_USES_BUILD_* variables is also an error.
OBSOLETE_BUILD_MODULE_TYPES :=$= \
+ BUILD_HOST_SHARED_TEST_LIBRARY \
+ BUILD_SHARED_TEST_LIBRARY \
$(foreach m,$(OBSOLETE_BUILD_MODULE_TYPES),\
$(KATI_obsolete_var $(m),Please convert to Soong) \
diff --git a/core/dex_preopt.mk b/core/dex_preopt.mk
index 180edaf..32690fe 100644
--- a/core/dex_preopt.mk
+++ b/core/dex_preopt.mk
@@ -26,7 +26,7 @@
# We can do this only if preopt is enabled and if the product uses libart config (which sets the
# default properties for preopting).
ifeq ($(WITH_DEXPREOPT), true)
-ifeq ($(PRODUCT_USES_ART), true)
+ifeq ($(PRODUCT_USES_DEFAULT_ART_CONFIG), true)
boot_zip := $(PRODUCT_OUT)/boot.zip
bootclasspath_jars := $(DEXPREOPT_BOOTCLASSPATH_DEX_FILES)
@@ -45,5 +45,5 @@
$(call dist-for-goals, droidcore, $(boot_zip))
-endif #PRODUCT_USES_ART
+endif #PRODUCT_USES_DEFAULT_ART_CONFIG
endif #WITH_DEXPREOPT
diff --git a/core/dex_preopt_config.mk b/core/dex_preopt_config.mk
index a494991..c44e4bd 100644
--- a/core/dex_preopt_config.mk
+++ b/core/dex_preopt_config.mk
@@ -1,4 +1,4 @@
-DEX_PREOPT_CONFIG := $(PRODUCT_OUT)/dexpreopt.config
+DEX_PREOPT_CONFIG := $(SOONG_OUT_DIR)/dexpreopt.config
# The default value for LOCAL_DEX_PREOPT
DEX_PREOPT_DEFAULT ?= true
@@ -111,6 +111,7 @@
$(call add_json_bool, GenerateDmFiles, $(PRODUCT_DEX_PREOPT_GENERATE_DM_FILES))
$(call add_json_bool, NeverAllowStripping, $(PRODUCT_DEX_PREOPT_NEVER_ALLOW_STRIPPING))
$(call add_json_bool, NoDebugInfo, $(filter false,$(WITH_DEXPREOPT_DEBUG_INFO)))
+ $(call add_json_bool, DontResolveStartupStrings, $(filter false,$(PRODUCT_DEX_PREOPT_RESOLVE_STARTUP_STRINGS)))
$(call add_json_bool, AlwaysSystemServerDebugInfo, $(filter true,$(PRODUCT_SYSTEM_SERVER_DEBUG_INFO)))
$(call add_json_bool, NeverSystemServerDebugInfo, $(filter false,$(PRODUCT_SYSTEM_SERVER_DEBUG_INFO)))
$(call add_json_bool, AlwaysOtherDebugInfo, $(filter true,$(PRODUCT_OTHER_JAVA_DEBUG_INFO)))
@@ -168,12 +169,6 @@
fi)
endif
-# Dummy rule to create dexpreopt.config, it will already have been created
-# by the $(file) call above, but a rule needs to exist to keep the dangling
-# rule check happy.
-$(DEX_PREOPT_CONFIG):
- @#empty
-
DEXPREOPT_GEN_DEPS := \
$(SOONG_HOST_OUT_EXECUTABLES)/profman \
$(DEX2OAT) \
diff --git a/core/dex_preopt_odex_install.mk b/core/dex_preopt_odex_install.mk
index 85ddbfa..266ebd2 100644
--- a/core/dex_preopt_odex_install.mk
+++ b/core/dex_preopt_odex_install.mk
@@ -242,12 +242,12 @@
.KATI_RESTAT: $(my_dexpreopt_script) $(my_strip_script)
$(my_dexpreopt_script): PRIVATE_MODULE := $(LOCAL_MODULE)
- $(my_dexpreopt_script): PRIVATE_GLOBAL_CONFIG := $(PRODUCT_OUT)/dexpreopt.config
+ $(my_dexpreopt_script): PRIVATE_GLOBAL_CONFIG := $(DEX_PREOPT_CONFIG_FOR_MAKE)
$(my_dexpreopt_script): PRIVATE_MODULE_CONFIG := $(my_dexpreopt_config)
$(my_dexpreopt_script): PRIVATE_STRIP_SCRIPT := $(my_strip_script)
$(my_dexpreopt_script): .KATI_IMPLICIT_OUTPUTS := $(my_strip_script)
$(my_dexpreopt_script): $(DEXPREOPT_GEN)
- $(my_dexpreopt_script): $(my_dexpreopt_config) $(PRODUCT_OUT)/dexpreopt.config
+ $(my_dexpreopt_script): $(my_dexpreopt_config) $(DEX_PREOPT_CONFIG_FOR_MAKE)
@echo "$(PRIVATE_MODULE) dexpreopt gen"
$(DEXPREOPT_GEN) -global $(PRIVATE_GLOBAL_CONFIG) -module $(PRIVATE_MODULE_CONFIG) \
-dexpreopt_script $@ -strip_script $(PRIVATE_STRIP_SCRIPT) \
diff --git a/core/fuzz_test.mk b/core/fuzz_test.mk
index 2cc2e2c..f5bdef0 100644
--- a/core/fuzz_test.mk
+++ b/core/fuzz_test.mk
@@ -15,8 +15,7 @@
my_fuzzer:=$(TARGET_FUZZ_ENGINE)
endif
-
-LOCAL_CFLAGS += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
+LOCAL_SANITIZE += fuzzer
ifeq ($(my_fuzzer),libFuzzer)
LOCAL_STATIC_LIBRARIES += libFuzzer
diff --git a/core/generate_enforce_rro.mk b/core/generate_enforce_rro.mk
index f7877f2..6a23aeb 100644
--- a/core/generate_enforce_rro.mk
+++ b/core/generate_enforce_rro.mk
@@ -34,7 +34,6 @@
endif
LOCAL_FULL_MANIFEST_FILE := $(rro_android_manifest_file)
-LOCAL_CERTIFICATE := platform
LOCAL_AAPT_FLAGS += --auto-add-overlay
LOCAL_RESOURCE_DIR := $(enforce_rro_source_overlays)
diff --git a/core/host_dalvik_java_library.mk b/core/host_dalvik_java_library.mk
index 1545f63..423575c 100644
--- a/core/host_dalvik_java_library.mk
+++ b/core/host_dalvik_java_library.mk
@@ -141,7 +141,7 @@
$(PRIVATE_JAR_MANIFEST) > $(dir $@)/manifest.mf)
$(MERGE_ZIPS) -j --ignore-duplicates $(if $(PRIVATE_JAR_MANIFEST),-m $(dir $@)/manifest.mf) \
$(if $(PRIVATE_DONT_DELETE_JAR_META_INF),,-stripDir META-INF -zipToNotStrip $<) \
- $@ $< $(call reverse-list,$(PRIVATE_STATIC_JAVA_LIBRARIES))
+ $@ $< $(PRIVATE_STATIC_JAVA_LIBRARIES)
# Run jarjar if necessary, otherwise just copy the file.
ifneq ($(strip $(LOCAL_JARJAR_RULES)),)
diff --git a/core/host_fuzz_test.mk b/core/host_fuzz_test.mk
index 556e02f..54c6577 100644
--- a/core/host_fuzz_test.mk
+++ b/core/host_fuzz_test.mk
@@ -4,7 +4,7 @@
################################################
$(call record-module-type,HOST_FUZZ_TEST)
-LOCAL_CFLAGS += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
+LOCAL_SANITIZE += fuzzer
LOCAL_STATIC_LIBRARIES += libLLVMFuzzer
include $(BUILD_HOST_EXECUTABLE)
diff --git a/core/host_java_library.mk b/core/host_java_library.mk
index f7bf337..1225fa9 100644
--- a/core/host_java_library.mk
+++ b/core/host_java_library.mk
@@ -103,7 +103,7 @@
$(PRIVATE_JAR_MANIFEST) > $(dir $@)/manifest.mf)
$(MERGE_ZIPS) -j --ignore-duplicates $(if $(PRIVATE_JAR_MANIFEST),-m $(dir $@)/manifest.mf) \
$(if $(PRIVATE_DONT_DELETE_JAR_META_INF),,-stripDir META-INF -zipToNotStrip $<) \
- $@ $< $(call reverse-list,$(PRIVATE_STATIC_JAVA_LIBRARIES))
+ $@ $< $(PRIVATE_STATIC_JAVA_LIBRARIES)
# Run jarjar if necessary, otherwise just copy the file.
ifneq ($(strip $(LOCAL_JARJAR_RULES)),)
diff --git a/core/host_static_test_lib.mk b/core/host_static_test_lib.mk
index a24cd62..a9e39b1 100644
--- a/core/host_static_test_lib.mk
+++ b/core/host_static_test_lib.mk
@@ -6,4 +6,4 @@
include $(BUILD_SYSTEM)/host_test_internal.mk
-include $(BUILD_HOST_STATIC_LIBRARY)
+include $(BUILD_SYSTEM)/host_static_library.mk
diff --git a/core/java.mk b/core/java.mk
index afc77d6..41a1686 100644
--- a/core/java.mk
+++ b/core/java.mk
@@ -240,6 +240,8 @@
$(java_source_list_file): $(java_sources_deps)
$(write-java-source-list)
+ALL_MODULES.$(my_register_name).SRCJARS := $(LOCAL_SRCJARS)
+
ifneq ($(TURBINE_ENABLED),false)
$(full_classes_turbine_jar): PRIVATE_JAVACFLAGS := $(LOCAL_JAVACFLAGS) $(annotation_processor_flags)
@@ -309,7 +311,7 @@
$(PRIVATE_JAR_MANIFEST) > $(dir $@)/manifest.mf)
$(MERGE_ZIPS) -j --ignore-duplicates $(if $(PRIVATE_JAR_MANIFEST),-m $(dir $@)/manifest.mf) \
$(if $(PRIVATE_DONT_DELETE_JAR_META_INF),,-stripDir META-INF -zipToNotStrip $<) \
- $@ $< $(call reverse-list,$(PRIVATE_STATIC_JAVA_LIBRARIES))
+ $@ $< $(PRIVATE_STATIC_JAVA_LIBRARIES)
ifdef LOCAL_JAR_PROCESSOR
# LOCAL_JAR_PROCESSOR_ARGS must be evaluated here to set up the rule-local
diff --git a/core/main.mk b/core/main.mk
index 7e1bdd5..0225c89 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -243,14 +243,6 @@
ADDITIONAL_DEFAULT_PROPERTIES += ro.actionable_compatible_property.enabled=${PRODUCT_COMPATIBLE_PROPERTY}
endif
-ifeq ($(PRODUCT_USE_DYNAMIC_PARTITIONS),true)
-ADDITIONAL_PRODUCT_PROPERTIES += ro.boot.dynamic_partitions=true
-endif
-
-ifeq ($(PRODUCT_RETROFIT_DYNAMIC_PARTITIONS),true)
-ADDITIONAL_PRODUCT_PROPERTIES += ro.boot.dynamic_partitions_retrofit=true
-endif
-
# Add the system server compiler filter if they are specified for the product.
ifneq (,$(PRODUCT_SYSTEM_SERVER_COMPILER_FILTER))
ADDITIONAL_PRODUCT_PROPERTIES += dalvik.vm.systemservercompilerfilter=$(PRODUCT_SYSTEM_SERVER_COMPILER_FILTER)
@@ -722,7 +714,7 @@
$(eval req_files := )\
$(foreach req_mod,$(req_mods), \
$(eval req_file := $(filter $(TARGET_OUT_ROOT)/%, $(call module-installed-files,$(req_mod)))) \
- $(if $(strip $(req_file)),\
+ $(if $(strip $(req_file))$(ONE_SHOT_MAKEFILE),\
,\
$(error $(m).LOCAL_TARGET_REQUIRED_MODULES : illegal value $(req_mod) : not a device module. If you want to specify host modules to be required to be installed along with your host module, add those module names to LOCAL_REQUIRED_MODULES instead)\
)\
@@ -748,7 +740,7 @@
$(eval req_files := )\
$(foreach req_mod,$(req_mods), \
$(eval req_file := $(filter $(HOST_OUT)/%, $(call module-installed-files,$(req_mod)))) \
- $(if $(strip $(req_file)),\
+ $(if $(strip $(req_file))$(ONE_SHOT_MAKEFILE),\
,\
$(error $(m).LOCAL_HOST_REQUIRED_MODULES : illegal value $(req_mod) : not a host module. If you want to specify target modules to be required to be installed along with your target module, add those module names to LOCAL_REQUIRED_MODULES instead)\
)\
@@ -1200,6 +1192,135 @@
)
endef
+# Check that libraries that should only be in APEXes don't end up in the system
+# image. For the Runtime APEX this complements the checks in
+# art/build/apex/art_apex_test.py.
+# TODO(b/128708192): Implement this restriction in Soong instead.
+
+# Runtime APEX libraries
+APEX_MODULE_LIBS := \
+ libadbconnection.so \
+ libadbconnectiond.so \
+ libandroidicu.so \
+ libandroidio.so \
+ libart-compiler.so \
+ libart-dexlayout.so \
+ libart-disassembler.so \
+ libart.so \
+ libartbase.so \
+ libartbased.so \
+ libartd-compiler.so \
+ libartd-dexlayout.so \
+ libartd.so \
+ libartpalette.so \
+ libc.so \
+ libc_malloc_debug.so \
+ libc_malloc_hooks.so \
+ libdexfile.so \
+ libdexfile_external.so \
+ libdexfiled.so \
+ libdexfiled_external.so \
+ libdl.so \
+ libdt_fd_forward.so \
+ libdt_socket.so \
+ libicui18n.so \
+ libicuuc.so \
+ libjavacore.so \
+ libjdwp.so \
+ libm.so \
+ libnativebridge.so \
+ libnativehelper.so \
+ libnativeloader.so \
+ libnpt.so \
+ libopenjdk.so \
+ libopenjdkjvm.so \
+ libopenjdkjvmd.so \
+ libopenjdkjvmti.so \
+ libopenjdkjvmtid.so \
+ libpac.so \
+ libprofile.so \
+ libprofiled.so \
+ libsigchain.so \
+
+# Conscrypt APEX libraries
+APEX_MODULE_LIBS += \
+ libjavacrypto.so \
+
+# An option to disable the check below, for local use since some build targets
+# still may create these libraries in /system (b/129006418).
+DISABLE_APEX_LIBS_ABSENCE_CHECK ?=
+
+# Bionic should not be in /system, except for the bootstrap instance.
+APEX_LIBS_ABSENCE_CHECK_EXCLUDE := lib/bootstrap lib64/bootstrap
+
+# Exclude lib/arm and lib/arm64 which contain the native bridge proxy libs. They
+# are compiled for the guest architecture and used with an entirely different
+# linker config. The native libs are then linked to as usual via exported
+# interfaces, so the proxy libs do not violate the interface boundaries on the
+# native architecture.
+# TODO(b/130630776): Introduce a make variable for the appropriate directory
+# when native bridge is active.
+APEX_LIBS_ABSENCE_CHECK_EXCLUDE += lib/arm lib/arm64
+
+# Exclude vndk-* subdirectories which contain prebuilts from older releases.
+APEX_LIBS_ABSENCE_CHECK_EXCLUDE += lib/vndk-% lib64/vndk-%
+
+ifdef DISABLE_APEX_LIBS_ABSENCE_CHECK
+ check-apex-libs-absence :=
+ check-apex-libs-absence-on-disk :=
+else
+ # If the check below fails, some library has ended up in system/lib or
+ # system/lib64 that is intended to only go into some APEX package. The likely
+ # cause is that a library or binary in /system has grown a dependency that
+ # directly or indirectly pulls in the prohibited library.
+ #
+ # To resolve this, look for the APEX package that the library belong to -
+ # search for it in 'native_shared_lib' properties in 'apex' build modules (see
+ # art/build/apex/Android.bp for an example). Then check if there is an
+ # exported library in that APEX package that should be used instead, i.e. one
+ # listed in its 'native_shared_lib' property for which the corresponding
+ # 'cc_library' module has a 'stubs' clause (like libdexfile_external in
+ # art/libdexfile/Android.bp).
+ #
+ # If you cannot find an APEX exported library that fits your needs, or you
+ # think that the library you want to depend on should be allowed in /system,
+ # then please contact the owners of the APEX package containing the library.
+ #
+ # If you get this error for a library that is exported in an APEX, then the
+ # APEX might be misconfigured or something is wrong in the build system.
+ # Please reach out to the APEX package owners and/or soong-team@, or
+ # android-building@googlegroups.com externally.
+ define check-apex-libs-absence
+ $(call maybe-print-list-and-error, \
+ $(filter $(foreach lib,$(APEX_MODULE_LIBS),%/$(lib)), \
+ $(filter-out $(foreach dir,$(APEX_LIBS_ABSENCE_CHECK_EXCLUDE), \
+ $(TARGET_OUT)/$(if $(findstring %,$(dir)),$(dir),$(dir)/%)), \
+ $(filter $(TARGET_OUT)/lib/% $(TARGET_OUT)/lib64/%,$(1)))), \
+ APEX libraries found in system image (see comment for check-apex-libs-absence in \
+ build/make/core/main.mk for details))
+ endef
+
+ # TODO(b/129006418): The check above catches libraries through product
+ # dependencies visible to make, but as long as they have install rules in
+ # /system they may still be created there through other make targets. To catch
+ # that we also do a check on disk just before the system image is built.
+ define check-apex-libs-absence-on-disk
+ $(hide) ( \
+ cd $(TARGET_OUT) && \
+ findres=$$(find lib* \
+ $(foreach dir,$(APEX_LIBS_ABSENCE_CHECK_EXCLUDE),-path "$(subst %,*,$(dir))" -prune -o) \
+ -type f \( -false $(foreach lib,$(APEX_MODULE_LIBS),-o -name $(lib)) \) \
+ -print) && \
+ if [ -n "$$findres" ]; then \
+ echo "APEX libraries found in system image (see comment for check-apex-libs-absence" 1>&2; \
+ echo "in build/make/core/main.mk for details):" 1>&2; \
+ echo "$$findres" | sort 1>&2; \
+ false; \
+ fi; \
+ )
+ endef
+endif
+
ifdef FULL_BUILD
ifneq (true,$(ALLOW_MISSING_DEPENDENCIES))
# Check to ensure that all modules in PRODUCT_PACKAGES exist (opt in per product)
@@ -1312,6 +1433,8 @@
rm -f $@
$(foreach f,$(sort $(all_offending_files)),echo $(f) >> $@;)
endif
+
+ $(call check-apex-libs-absence,$(product_target_FILES))
else
# We're not doing a full build, and are probably only including
# a subset of the module makefiles. Don't try to build any modules
diff --git a/core/node_fns.mk b/core/node_fns.mk
index ccfcc25..b81d60c 100644
--- a/core/node_fns.mk
+++ b/core/node_fns.mk
@@ -142,7 +142,8 @@
#
# $(1): context prefix
# $(2): name of this node
-# $(3): list of variable names
+# $(3): list of node variable names
+# $(4): list of single value variable names (subset of $(3))
#
define _expand-inherited-values
$(foreach v,$(3), \
@@ -154,15 +155,21 @@
$(patsubst $(INHERIT_TAG)%,%, \
$(filter $(INHERIT_TAG)%, $($(_eiv_tv)) \
)))) \
+ $(eval ### "Whether this variable should only take a single value") \
+ $(eval _eiv_sv := $(filter $(v),$(4))) \
$(foreach i,$(_eiv_i), \
$(eval ### "Make sure that this inherit appears only once") \
$(eval $(_eiv_tv) := \
$(call uniq-word,$($(_eiv_tv)),$(INHERIT_TAG)$(i))) \
+ $(eval ### "The expanded value, empty if we want a single value and have one") \
+ $(eval _eiv_ev := \
+ $(if $(and $(_eiv_sv),$(filter-out $(INHERIT_TAG)%,$($(_eiv_tv)))),,\
+ $($(1).$(i).$(v)) \
+ ) \
+ ) \
$(eval ### "Expand the inherit tag") \
$(eval $(_eiv_tv) := \
- $(strip \
- $(patsubst $(INHERIT_TAG)$(i),$($(1).$(i).$(v)), \
- $($(_eiv_tv))))) \
+ $(strip $(patsubst $(INHERIT_TAG)$(i),$(_eiv_ev),$($(_eiv_tv))))) \
$(eval ### "Clear the child so DAGs don't create duplicate entries" ) \
$(eval $(1).$(i).$(v) :=) \
$(eval ### "If we just inherited ourselves, it's a cycle.") \
@@ -180,6 +187,7 @@
# $(1): context prefix
# $(2): makefile representing this node
# $(3): list of node variable names
+# $(4): list of single value variable names (subset of $(3))
#
# _include_stack contains the list of included files, with the most recent files first.
define _import-node
@@ -198,7 +206,7 @@
$(call get-inherited-nodes,$(1).$(2),$(3)))
$(call _import-nodes-inner,$(1),$($(1).$(2).inherited),$(3))
- $(call _expand-inherited-values,$(1),$(2),$(3))
+ $(call _expand-inherited-values,$(1),$(2),$(3),$(4))
$(eval $(1).$(2).inherited :=)
$(eval _include_stack := $(wordlist 2,9999,$$(_include_stack)))
@@ -215,6 +223,7 @@
# $(1): context prefix
# $(2): list of makefiles representing nodes to import
# $(3): list of node variable names
+# $(4): list of single value variable names (subset of $(3))
#
#TODO: Make the "does not exist" message more helpful;
# should print out the name of the file trying to include it.
@@ -225,7 +234,7 @@
$(eval ### "skipping already-imported $(_in)") \
, \
$(eval $(1).$(_in).seen := true) \
- $(call _import-node,$(1),$(strip $(_in)),$(3)) \
+ $(call _import-node,$(1),$(strip $(_in)),$(3),$(4)) \
) \
, \
$(error $(1): "$(_in)" does not exist) \
@@ -237,6 +246,8 @@
# $(1): output list variable name, like "PRODUCTS" or "DEVICES"
# $(2): list of makefiles representing nodes to import
# $(3): list of node variable names
+# $(4): list with subset of variable names that take only a single value, instead
+# of the default list semantics
#
define import-nodes
$(if \
@@ -245,7 +256,7 @@
$(if $(_include_stack),$(eval $(error ASSERTION FAILED: _include_stack \
should be empty here: $(_include_stack))),) \
$(eval _include_stack := ) \
- $(call _import-nodes-inner,$(_node_import_context),$(_in),$(3)) \
+ $(call _import-nodes-inner,$(_node_import_context),$(_in),$(3),$(4)) \
$(call move-var-list,$(_node_import_context).$(_in),$(1).$(_in),$(3)) \
$(eval _node_import_context :=) \
$(eval $(1) := $($(1)) $(_in)) \
diff --git a/core/product.mk b/core/product.mk
index 192d58c..838673c 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -106,30 +106,37 @@
$(call get-product-makefiles,$(_find-android-products-files))
endef
-_product_var_list :=
-_product_var_list += PRODUCT_NAME
-_product_var_list += PRODUCT_MODEL
+# Variables that are meant to hold only a single value.
+# - The value set in the current makefile takes precedence over inherited values
+# - If multiple inherited makefiles set the var, the first-inherited value wins
+_product_single_value_vars :=
+
+# Variables that are lists of values.
+_product_list_vars :=
+
+_product_single_value_vars += PRODUCT_NAME
+_product_single_value_vars += PRODUCT_MODEL
# The resoure configuration options to use for this product.
-_product_var_list += PRODUCT_LOCALES
-_product_var_list += PRODUCT_AAPT_CONFIG
-_product_var_list += PRODUCT_AAPT_PREF_CONFIG
-_product_var_list += PRODUCT_AAPT_PREBUILT_DPI
-_product_var_list += PRODUCT_HOST_PACKAGES
-_product_var_list += PRODUCT_PACKAGES
-_product_var_list += PRODUCT_PACKAGES_DEBUG
-_product_var_list += PRODUCT_PACKAGES_DEBUG_ASAN
-_product_var_list += PRODUCT_PACKAGES_ENG
-_product_var_list += PRODUCT_PACKAGES_TESTS
+_product_list_vars += PRODUCT_LOCALES
+_product_list_vars += PRODUCT_AAPT_CONFIG
+_product_list_vars += PRODUCT_AAPT_PREF_CONFIG
+_product_list_vars += PRODUCT_AAPT_PREBUILT_DPI
+_product_list_vars += PRODUCT_HOST_PACKAGES
+_product_list_vars += PRODUCT_PACKAGES
+_product_list_vars += PRODUCT_PACKAGES_DEBUG
+_product_list_vars += PRODUCT_PACKAGES_DEBUG_ASAN
+_product_list_vars += PRODUCT_PACKAGES_ENG
+_product_list_vars += PRODUCT_PACKAGES_TESTS
# The device that this product maps to.
-_product_var_list += PRODUCT_DEVICE
-_product_var_list += PRODUCT_MANUFACTURER
-_product_var_list += PRODUCT_BRAND
+_product_single_value_vars += PRODUCT_DEVICE
+_product_single_value_vars += PRODUCT_MANUFACTURER
+_product_single_value_vars += PRODUCT_BRAND
# These PRODUCT_SYSTEM_* flags, if defined, are used in place of the
# corresponding PRODUCT_* flags for the sysprops on /system.
-_product_var_list += \
+_product_single_value_vars += \
PRODUCT_SYSTEM_NAME \
PRODUCT_SYSTEM_MODEL \
PRODUCT_SYSTEM_DEVICE \
@@ -138,24 +145,26 @@
# A list of property assignments, like "key = value", with zero or more
# whitespace characters on either side of the '='.
-_product_var_list += PRODUCT_PROPERTY_OVERRIDES
+_product_list_vars += PRODUCT_PROPERTY_OVERRIDES
# A list of property assignments, like "key = value", with zero or more
# whitespace characters on either side of the '='.
# used for adding properties to default.prop
-_product_var_list += PRODUCT_DEFAULT_PROPERTY_OVERRIDES
+_product_list_vars += PRODUCT_DEFAULT_PROPERTY_OVERRIDES
# A list of property assignments, like "key = value", with zero or more
# whitespace characters on either side of the '='.
# used for adding properties to build.prop of product partition
-_product_var_list += PRODUCT_PRODUCT_PROPERTIES
+_product_list_vars += PRODUCT_PRODUCT_PROPERTIES
# A list of property assignments, like "key = value", with zero or more
# whitespace characters on either side of the '='.
# used for adding properties to build.prop of product partition
-_product_var_list += PRODUCT_PRODUCT_SERVICES_PROPERTIES
-_product_var_list += PRODUCT_ODM_PROPERTIES
-_product_var_list += PRODUCT_CHARACTERISTICS
+_product_list_vars += PRODUCT_PRODUCT_SERVICES_PROPERTIES
+_product_list_vars += PRODUCT_ODM_PROPERTIES
+
+# The characteristics of the product, which among other things is passed to aapt
+_product_single_value_vars += PRODUCT_CHARACTERISTICS
# A list of words like <source path>:<destination path>[:<owner>].
# The file at the source path should be copied to the destination path
@@ -163,156 +172,163 @@
# $(PRODUCT_OUT), so it should look like, e.g., "system/etc/file.xml".
# The rules for these copy steps are defined in build/make/core/Makefile.
# The optional :<owner> is used to indicate the owner of a vendor file.
-_product_var_list += PRODUCT_COPY_FILES
+_product_list_vars += PRODUCT_COPY_FILES
# The OTA key(s) specified by the product config, if any. The names
# of these keys are stored in the target-files zip so that post-build
# signing tools can substitute them for the test key embedded by
# default.
-_product_var_list += PRODUCT_OTA_PUBLIC_KEYS
-_product_var_list += PRODUCT_EXTRA_RECOVERY_KEYS
+_product_list_vars += PRODUCT_OTA_PUBLIC_KEYS
+_product_list_vars += PRODUCT_EXTRA_RECOVERY_KEYS
# Should we use the default resources or add any product specific overlays
-_product_var_list += PRODUCT_PACKAGE_OVERLAYS
-_product_var_list += DEVICE_PACKAGE_OVERLAYS
+_product_list_vars += PRODUCT_PACKAGE_OVERLAYS
+_product_list_vars += DEVICE_PACKAGE_OVERLAYS
# Resource overlay list which must be excluded from enforcing RRO.
-_product_var_list += PRODUCT_ENFORCE_RRO_EXCLUDED_OVERLAYS
+_product_list_vars += PRODUCT_ENFORCE_RRO_EXCLUDED_OVERLAYS
# Package list to apply enforcing RRO.
-_product_var_list += PRODUCT_ENFORCE_RRO_TARGETS
+_product_list_vars += PRODUCT_ENFORCE_RRO_TARGETS
-_product_var_list += PRODUCT_SDK_ATREE_FILES
-_product_var_list += PRODUCT_SDK_ADDON_NAME
-_product_var_list += PRODUCT_SDK_ADDON_COPY_FILES
-_product_var_list += PRODUCT_SDK_ADDON_COPY_MODULES
-_product_var_list += PRODUCT_SDK_ADDON_DOC_MODULES
-_product_var_list += PRODUCT_SDK_ADDON_SYS_IMG_SOURCE_PROP
+_product_list_vars += PRODUCT_SDK_ATREE_FILES
+_product_list_vars += PRODUCT_SDK_ADDON_NAME
+_product_list_vars += PRODUCT_SDK_ADDON_COPY_FILES
+_product_list_vars += PRODUCT_SDK_ADDON_COPY_MODULES
+_product_list_vars += PRODUCT_SDK_ADDON_DOC_MODULES
+_product_list_vars += PRODUCT_SDK_ADDON_SYS_IMG_SOURCE_PROP
# which Soong namespaces to export to Make
-_product_var_list += PRODUCT_SOONG_NAMESPACES
+_product_list_vars += PRODUCT_SOONG_NAMESPACES
-_product_var_list += PRODUCT_DEFAULT_WIFI_CHANNELS
-_product_var_list += PRODUCT_DEFAULT_DEV_CERTIFICATE
-_product_var_list += PRODUCT_RESTRICT_VENDOR_FILES
+_product_list_vars += PRODUCT_DEFAULT_WIFI_CHANNELS
+_product_list_vars += PRODUCT_DEFAULT_DEV_CERTIFICATE
+_product_list_vars += PRODUCT_RESTRICT_VENDOR_FILES
# The list of product-specific kernel header dirs
-_product_var_list += PRODUCT_VENDOR_KERNEL_HEADERS
+_product_list_vars += PRODUCT_VENDOR_KERNEL_HEADERS
# A list of module names of BOOTCLASSPATH (jar files)
-_product_var_list += PRODUCT_BOOT_JARS
-_product_var_list += PRODUCT_SUPPORTS_BOOT_SIGNER
-_product_var_list += PRODUCT_SUPPORTS_VBOOT
-_product_var_list += PRODUCT_SUPPORTS_VERITY
-_product_var_list += PRODUCT_SUPPORTS_VERITY_FEC
-_product_var_list += PRODUCT_OEM_PROPERTIES
+_product_list_vars += PRODUCT_BOOT_JARS
+_product_list_vars += PRODUCT_SUPPORTS_BOOT_SIGNER
+_product_list_vars += PRODUCT_SUPPORTS_VBOOT
+_product_list_vars += PRODUCT_SUPPORTS_VERITY
+_product_list_vars += PRODUCT_SUPPORTS_VERITY_FEC
+_product_list_vars += PRODUCT_OEM_PROPERTIES
# A list of property assignments, like "key = value", with zero or more
# whitespace characters on either side of the '='.
# used for adding properties to default.prop of system partition
-_product_var_list += PRODUCT_SYSTEM_DEFAULT_PROPERTIES
+_product_list_vars += PRODUCT_SYSTEM_DEFAULT_PROPERTIES
-_product_var_list += PRODUCT_SYSTEM_PROPERTY_BLACKLIST
-_product_var_list += PRODUCT_VENDOR_PROPERTY_BLACKLIST
-_product_var_list += PRODUCT_SYSTEM_SERVER_APPS
-_product_var_list += PRODUCT_SYSTEM_SERVER_JARS
+_product_list_vars += PRODUCT_SYSTEM_PROPERTY_BLACKLIST
+_product_list_vars += PRODUCT_VENDOR_PROPERTY_BLACKLIST
+_product_list_vars += PRODUCT_SYSTEM_SERVER_APPS
+_product_list_vars += PRODUCT_SYSTEM_SERVER_JARS
# All of the apps that we force preopt, this overrides WITH_DEXPREOPT.
-_product_var_list += PRODUCT_ALWAYS_PREOPT_EXTRACTED_APK
-_product_var_list += PRODUCT_DEXPREOPT_SPEED_APPS
-_product_var_list += PRODUCT_LOADED_BY_PRIVILEGED_MODULES
-_product_var_list += PRODUCT_VBOOT_SIGNING_KEY
-_product_var_list += PRODUCT_VBOOT_SIGNING_SUBKEY
-_product_var_list += PRODUCT_VERITY_SIGNING_KEY
-_product_var_list += PRODUCT_SYSTEM_VERITY_PARTITION
-_product_var_list += PRODUCT_VENDOR_VERITY_PARTITION
-_product_var_list += PRODUCT_PRODUCT_VERITY_PARTITION
-_product_var_list += PRODUCT_PRODUCT_SERVICES_VERITY_PARTITION
-_product_var_list += PRODUCT_ODM_VERITY_PARTITION
-_product_var_list += PRODUCT_SYSTEM_SERVER_DEBUG_INFO
-_product_var_list += PRODUCT_OTHER_JAVA_DEBUG_INFO
+_product_list_vars += PRODUCT_ALWAYS_PREOPT_EXTRACTED_APK
+_product_list_vars += PRODUCT_DEXPREOPT_SPEED_APPS
+_product_list_vars += PRODUCT_LOADED_BY_PRIVILEGED_MODULES
+_product_single_value_vars += PRODUCT_VBOOT_SIGNING_KEY
+_product_single_value_vars += PRODUCT_VBOOT_SIGNING_SUBKEY
+_product_single_value_vars += PRODUCT_VERITY_SIGNING_KEY
+_product_single_value_vars += PRODUCT_SYSTEM_VERITY_PARTITION
+_product_single_value_vars += PRODUCT_VENDOR_VERITY_PARTITION
+_product_single_value_vars += PRODUCT_PRODUCT_VERITY_PARTITION
+_product_single_value_vars += PRODUCT_PRODUCT_SERVICES_VERITY_PARTITION
+_product_single_value_vars += PRODUCT_ODM_VERITY_PARTITION
+_product_single_value_vars += PRODUCT_SYSTEM_SERVER_DEBUG_INFO
+_product_single_value_vars += PRODUCT_OTHER_JAVA_DEBUG_INFO
# Per-module dex-preopt configs.
-_product_var_list += PRODUCT_DEX_PREOPT_MODULE_CONFIGS
-_product_var_list += PRODUCT_DEX_PREOPT_DEFAULT_COMPILER_FILTER
-_product_var_list += PRODUCT_DEX_PREOPT_DEFAULT_FLAGS
-_product_var_list += PRODUCT_DEX_PREOPT_BOOT_FLAGS
-_product_var_list += PRODUCT_DEX_PREOPT_PROFILE_DIR
-_product_var_list += PRODUCT_DEX_PREOPT_GENERATE_DM_FILES
-_product_var_list += PRODUCT_DEX_PREOPT_NEVER_ALLOW_STRIPPING
+_product_list_vars += PRODUCT_DEX_PREOPT_MODULE_CONFIGS
+_product_list_vars += PRODUCT_DEX_PREOPT_DEFAULT_COMPILER_FILTER
+_product_list_vars += PRODUCT_DEX_PREOPT_DEFAULT_FLAGS
+_product_list_vars += PRODUCT_DEX_PREOPT_BOOT_FLAGS
+_product_list_vars += PRODUCT_DEX_PREOPT_PROFILE_DIR
+_product_list_vars += PRODUCT_DEX_PREOPT_GENERATE_DM_FILES
+_product_list_vars += PRODUCT_DEX_PREOPT_NEVER_ALLOW_STRIPPING
+_product_list_vars += PRODUCT_DEX_PREOPT_RESOLVE_STARTUP_STRINGS
# Boot image options.
-_product_var_list += \
+_product_single_value_vars += \
PRODUCT_USE_PROFILE_FOR_BOOT_IMAGE \
PRODUCT_DEX_PREOPT_BOOT_IMAGE_PROFILE_LOCATION \
- PRODUCT_USES_ART \
+ PRODUCT_USES_DEFAULT_ART_CONFIG \
-_product_var_list += PRODUCT_SYSTEM_SERVER_COMPILER_FILTER
+_product_list_vars += PRODUCT_SYSTEM_SERVER_COMPILER_FILTER
# Per-module sanitizer configs
-_product_var_list += PRODUCT_SANITIZER_MODULE_CONFIGS
-_product_var_list += PRODUCT_SYSTEM_BASE_FS_PATH
-_product_var_list += PRODUCT_VENDOR_BASE_FS_PATH
-_product_var_list += PRODUCT_PRODUCT_BASE_FS_PATH
-_product_var_list += PRODUCT_PRODUCT_SERVICES_BASE_FS_PATH
-_product_var_list += PRODUCT_ODM_BASE_FS_PATH
-_product_var_list += PRODUCT_SHIPPING_API_LEVEL
-_product_var_list += VENDOR_PRODUCT_RESTRICT_VENDOR_FILES
-_product_var_list += VENDOR_EXCEPTION_MODULES
-_product_var_list += VENDOR_EXCEPTION_PATHS
+_product_list_vars += PRODUCT_SANITIZER_MODULE_CONFIGS
+_product_single_value_vars += PRODUCT_SYSTEM_BASE_FS_PATH
+_product_single_value_vars += PRODUCT_VENDOR_BASE_FS_PATH
+_product_single_value_vars += PRODUCT_PRODUCT_BASE_FS_PATH
+_product_single_value_vars += PRODUCT_PRODUCT_SERVICES_BASE_FS_PATH
+_product_single_value_vars += PRODUCT_ODM_BASE_FS_PATH
+# The first API level this product shipped with
+_product_single_value_vars += PRODUCT_SHIPPING_API_LEVEL
+
+_product_list_vars += VENDOR_PRODUCT_RESTRICT_VENDOR_FILES
+_product_list_vars += VENDOR_EXCEPTION_MODULES
+_product_list_vars += VENDOR_EXCEPTION_PATHS
# Whether the product wants to ship libartd. For rules and meaning, see art/Android.mk.
-_product_var_list += PRODUCT_ART_TARGET_INCLUDE_DEBUG_BUILD
+_product_single_value_vars += PRODUCT_ART_TARGET_INCLUDE_DEBUG_BUILD
# Make this art variable visible to soong_config.mk.
-_product_var_list += PRODUCT_ART_USE_READ_BARRIER
+_product_single_value_vars += PRODUCT_ART_USE_READ_BARRIER
# Whether the product is an Android Things variant.
-_product_var_list += PRODUCT_IOT
+_product_single_value_vars += PRODUCT_IOT
# Add reserved headroom to a system image.
-_product_var_list += PRODUCT_SYSTEM_HEADROOM
+_product_single_value_vars += PRODUCT_SYSTEM_HEADROOM
# Whether to save disk space by minimizing java debug info
-_product_var_list += PRODUCT_MINIMIZE_JAVA_DEBUG_INFO
+_product_single_value_vars += PRODUCT_MINIMIZE_JAVA_DEBUG_INFO
# Whether any paths are excluded from sanitization when SANITIZE_TARGET=integer_overflow
-_product_var_list += PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS
+_product_list_vars += PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS
-_product_var_list += PRODUCT_ADB_KEYS
+_product_single_value_vars += PRODUCT_ADB_KEYS
# Whether any paths should have CFI enabled for components
-_product_var_list += PRODUCT_CFI_INCLUDE_PATHS
+_product_list_vars += PRODUCT_CFI_INCLUDE_PATHS
# Whether any paths are excluded from sanitization when SANITIZE_TARGET=cfi
-_product_var_list += PRODUCT_CFI_EXCLUDE_PATHS
+_product_list_vars += PRODUCT_CFI_EXCLUDE_PATHS
# Whether the Scudo hardened allocator is disabled platform-wide
-_product_var_list += PRODUCT_DISABLE_SCUDO
+_product_single_value_vars += PRODUCT_DISABLE_SCUDO
# A flag to override PRODUCT_COMPATIBLE_PROPERTY
-_product_var_list += PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE
+_product_single_value_vars += PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE
+
+# List of extra VNDK versions to be included
+_product_list_vars += PRODUCT_EXTRA_VNDK_VERSIONS
# Whether the whitelist of actionable compatible properties should be disabled or not
-_product_var_list += PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE
-_product_var_list += PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS
-_product_var_list += PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT
-_product_var_list += PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST
-_product_var_list += PRODUCT_ARTIFACT_PATH_REQUIREMENT_HINT
-_product_var_list += PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST
+_product_single_value_vars += PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE
+
+_product_single_value_vars += PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS
+_product_single_value_vars += PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT
+_product_list_vars += PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST
+_product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_HINT
+_product_list_vars += PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST
# List of modules that should be forcefully unmarked from being LOCAL_PRODUCT_MODULE, and hence
# installed on /system directory by default.
-_product_var_list += PRODUCT_FORCE_PRODUCT_MODULES_TO_SYSTEM_PARTITION
+_product_list_vars += PRODUCT_FORCE_PRODUCT_MODULES_TO_SYSTEM_PARTITION
# When this is true, dynamic partitions is retrofitted on a device that has
# already been launched without dynamic partitions. Otherwise, the device
# is launched with dynamic partitions.
# This flag implies PRODUCT_USE_DYNAMIC_PARTITIONS.
-_product_var_list += PRODUCT_RETROFIT_DYNAMIC_PARTITIONS
+_product_single_value_vars += PRODUCT_RETROFIT_DYNAMIC_PARTITIONS
# Other dynamic partition feature flags.PRODUCT_USE_DYNAMIC_PARTITION_SIZE and
# PRODUCT_BUILD_SUPER_PARTITION default to the value of PRODUCT_USE_DYNAMIC_PARTITIONS.
-_product_var_list += \
+_product_single_value_vars += \
PRODUCT_USE_DYNAMIC_PARTITIONS \
PRODUCT_USE_DYNAMIC_PARTITION_SIZE \
PRODUCT_BUILD_SUPER_PARTITION \
@@ -321,33 +337,40 @@
# during OTA). Otherwise, kernel configuration requirements are enforced in VTS.
# Devices that checks the running kernel (instead of the kernel in OTA package) should not
# set this variable to prevent OTA failures.
-_product_var_list += PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS
+_product_list_vars += PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS
# If set to true, this product builds a generic OTA package, which installs generic system images
# onto matching devices. The product may only build a subset of system images (e.g. only
# system.img), so devices need to install the package in a system-only OTA manner.
-_product_var_list += PRODUCT_BUILD_GENERIC_OTA_PACKAGE
+_product_single_value_vars += PRODUCT_BUILD_GENERIC_OTA_PACKAGE
# Whether any paths are excluded from being set XOM when ENABLE_XOM=true
-_product_var_list += PRODUCT_XOM_EXCLUDE_PATHS
-_product_var_list += PRODUCT_MANIFEST_PACKAGE_NAME_OVERRIDES
-_product_var_list += PRODUCT_PACKAGE_NAME_OVERRIDES
-_product_var_list += PRODUCT_CERTIFICATE_OVERRIDES
-_product_var_list += PRODUCT_BUILD_SYSTEM_IMAGE
-_product_var_list += PRODUCT_BUILD_SYSTEM_OTHER_IMAGE
-_product_var_list += PRODUCT_BUILD_VENDOR_IMAGE
-_product_var_list += PRODUCT_BUILD_PRODUCT_IMAGE
-_product_var_list += PRODUCT_BUILD_PRODUCT_SERVICES_IMAGE
-_product_var_list += PRODUCT_BUILD_ODM_IMAGE
-_product_var_list += PRODUCT_BUILD_CACHE_IMAGE
-_product_var_list += PRODUCT_BUILD_RAMDISK_IMAGE
-_product_var_list += PRODUCT_BUILD_USERDATA_IMAGE
-_product_var_list += PRODUCT_UPDATABLE_BOOT_MODULES
-_product_var_list += PRODUCT_UPDATABLE_BOOT_LOCATIONS
+_product_list_vars += PRODUCT_XOM_EXCLUDE_PATHS
+_product_list_vars += PRODUCT_MANIFEST_PACKAGE_NAME_OVERRIDES
+_product_list_vars += PRODUCT_PACKAGE_NAME_OVERRIDES
+_product_list_vars += PRODUCT_CERTIFICATE_OVERRIDES
+
+# Controls for whether different partitions are built for the current product.
+_product_single_value_vars += PRODUCT_BUILD_SYSTEM_IMAGE
+_product_single_value_vars += PRODUCT_BUILD_SYSTEM_OTHER_IMAGE
+_product_single_value_vars += PRODUCT_BUILD_VENDOR_IMAGE
+_product_single_value_vars += PRODUCT_BUILD_PRODUCT_IMAGE
+_product_single_value_vars += PRODUCT_BUILD_PRODUCT_SERVICES_IMAGE
+_product_single_value_vars += PRODUCT_BUILD_ODM_IMAGE
+_product_single_value_vars += PRODUCT_BUILD_CACHE_IMAGE
+_product_single_value_vars += PRODUCT_BUILD_RAMDISK_IMAGE
+_product_single_value_vars += PRODUCT_BUILD_USERDATA_IMAGE
+_product_single_value_vars += PRODUCT_BUILD_RECOVERY_IMAGE
+_product_single_value_vars += PRODUCT_BUILD_BOOT_IMAGE
+
+_product_list_vars += PRODUCT_UPDATABLE_BOOT_MODULES
+_product_list_vars += PRODUCT_UPDATABLE_BOOT_LOCATIONS
# Whether the product would like to check prebuilt ELF files.
-_product_var_list += PRODUCT_CHECK_ELF_FILES
-.KATI_READONLY := _product_var_list
+_product_single_value_vars += PRODUCT_CHECK_ELF_FILES
+
+.KATI_READONLY := _product_single_value_vars _product_list_vars
+_product_var_list :=$= $(_product_single_value_vars) $(_product_list_vars)
define dump-product
$(warning ==== $(1) ====)\
@@ -421,7 +444,7 @@
#
#TODO: check to make sure that products have all the necessary vars defined
define import-products
-$(call import-nodes,PRODUCTS,$(1),$(_product_var_list))
+$(call import-nodes,PRODUCTS,$(1),$(_product_var_list),$(_product_single_value_vars))
endef
diff --git a/core/product_config.mk b/core/product_config.mk
index a088f06..cb58cf4 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -376,6 +376,23 @@
PRODUCT_BUILD_SUPER_PARTITION := $(PRODUCT_USE_DYNAMIC_PARTITIONS)
endif
+ifeq ($(PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS),)
+ ifdef PRODUCT_SHIPPING_API_LEVEL
+ ifeq (true,$(call math_gt_or_eq,$(PRODUCT_SHIPPING_API_LEVEL),29))
+ PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true
+ endif
+ endif
+endif
+
+# If build command defines OVERRIDE_PRODUCT_EXTRA_VNDK_VERSIONS,
+# override PRODUCT_EXTRA_VNDK_VERSIONS with it.
+ifdef OVERRIDE_PRODUCT_EXTRA_VNDK_VERSIONS
+ PRODUCT_EXTRA_VNDK_VERSIONS := $(OVERRIDE_PRODUCT_EXTRA_VNDK_VERSIONS)
+endif
+
+$(KATI_obsolete_var OVERRIDE_PRODUCT_EXTRA_VNDK_VERSIONS \
+ ,Use PRODUCT_EXTRA_VNDK_VERSIONS instead)
+
define product-overrides-config
$$(foreach rule,$$(PRODUCT_$(1)_OVERRIDES),\
$$(if $$(filter 2,$$(words $$(subst :,$$(space),$$(rule)))),,\
@@ -390,7 +407,6 @@
# Macro to use below. $(1) is the name of the partition
define product-build-image-config
-PRODUCT_BUILD_$(1)_IMAGE := $$(firstword $$(PRODUCT_BUILD_$(1)_IMAGE))
ifneq ($$(filter-out true false,$$(PRODUCT_BUILD_$(1)_IMAGE)),)
$$(error Invalid PRODUCT_BUILD_$(1)_IMAGE: $$(PRODUCT_BUILD_$(1)_IMAGE) -- true false and empty are supported)
endif
@@ -406,7 +422,9 @@
ODM \
CACHE \
RAMDISK \
- USERDATA, \
+ USERDATA \
+ BOOT \
+ RECOVERY, \
$(eval $(call product-build-image-config,$(image))))
product-build-image-config :=
diff --git a/core/soong_app_prebuilt.mk b/core/soong_app_prebuilt.mk
index 8153d78..d873cc4 100644
--- a/core/soong_app_prebuilt.mk
+++ b/core/soong_app_prebuilt.mk
@@ -129,7 +129,15 @@
my_2nd_arch_prefix :=
PACKAGES := $(PACKAGES) $(LOCAL_MODULE)
-ifdef LOCAL_CERTIFICATE
+ifeq ($(LOCAL_CERTIFICATE),PRESIGNED)
+ # The magic string "PRESIGNED" means this package is already checked
+ # signed with its release key.
+ #
+ # By setting .CERTIFICATE but not .PRIVATE_KEY, this package will be
+ # mentioned in apkcerts.txt (with certificate set to "PRESIGNED")
+ # but the dexpreopt process will not try to re-sign the app.
+ PACKAGES.$(LOCAL_MODULE).CERTIFICATE := PRESIGNED
+else ifneq ($(LOCAL_CERTIFICATE),)
PACKAGES.$(LOCAL_MODULE).CERTIFICATE := $(LOCAL_CERTIFICATE)
PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(patsubst %.x509.pem,%.pk8,$(LOCAL_CERTIFICATE))
endif
diff --git a/core/soong_cc_prebuilt.mk b/core/soong_cc_prebuilt.mk
index 31b0e63..7a8f46e 100644
--- a/core/soong_cc_prebuilt.mk
+++ b/core/soong_cc_prebuilt.mk
@@ -223,7 +223,9 @@
#
# Filter out some NDK libraries that are not being exported.
my_static_libraries := \
- $(filter-out ndk_libc++_static ndk_libc++abi ndk_libandroid_support ndk_libunwind, \
+ $(filter-out ndk_libc++_static ndk_libc++abi ndk_libandroid_support ndk_libunwind \
+ ndk_libc++_static.native_bridge ndk_libc++abi.native_bridge \
+ ndk_libandroid_support.native_bridge ndk_libunwind.native_bridge, \
$(LOCAL_STATIC_LIBRARIES))
installed_static_library_notice_file_targets := \
$(foreach lib,$(my_static_libraries) $(LOCAL_WHOLE_STATIC_LIBRARIES), \
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 19326dd..220e2c8 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -58,6 +58,16 @@
$(call add_json_str, DeviceSecondaryCpuVariant, $(TARGET_2ND_CPU_VARIANT))
$(call add_json_list, DeviceSecondaryAbi, $(TARGET_2ND_CPU_ABI) $(TARGET_2ND_CPU_ABI2))
+$(call add_json_str, NativeBridgeArch, $(TARGET_NATIVE_BRIDGE_ARCH))
+$(call add_json_str, NativeBridgeArchVariant, $(TARGET_NATIVE_BRIDGE_ARCH_VARIANT))
+$(call add_json_str, NativeBridgeCpuVariant, $(TARGET_NATIVE_BRIDGE_CPU_VARIANT))
+$(call add_json_list, NativeBridgeAbi, $(TARGET_NATIVE_BRIDGE_ABI))
+
+$(call add_json_str, NativeBridgeSecondaryArch, $(TARGET_NATIVE_BRIDGE_2ND_ARCH))
+$(call add_json_str, NativeBridgeSecondaryArchVariant, $(TARGET_NATIVE_BRIDGE_2ND_ARCH_VARIANT))
+$(call add_json_str, NativeBridgeSecondaryCpuVariant, $(TARGET_NATIVE_BRIDGE_2ND_CPU_VARIANT))
+$(call add_json_list, NativeBridgeSecondaryAbi, $(TARGET_NATIVE_BRIDGE_2ND_ABI))
+
$(call add_json_str, HostArch, $(HOST_ARCH))
$(call add_json_str, HostSecondaryArch, $(HOST_2ND_ARCH))
$(call add_json_bool, HostStaticBinaries, $(BUILD_HOST_static))
@@ -111,6 +121,7 @@
$(call add_json_str, DeviceVndkVersion, $(BOARD_VNDK_VERSION))
$(call add_json_str, Platform_vndk_version, $(PLATFORM_VNDK_VERSION))
$(call add_json_list, ExtraVndkVersions, $(PRODUCT_EXTRA_VNDK_VERSIONS))
+$(call add_json_bool, BoardVndkRuntimeDisable, $(BOARD_VNDK_RUNTIME_DISABLE))
$(call add_json_list, DeviceSystemSdkVersions, $(BOARD_SYSTEMSDK_VERSIONS))
$(call add_json_list, Platform_systemsdk_versions, $(PLATFORM_SYSTEMSDK_VERSIONS))
$(call add_json_bool, Malloc_not_svelte, $(call invert_bool,$(filter true,$(MALLOC_SVELTE))))
diff --git a/core/tasks/check_boot_jars/package_whitelist.txt b/core/tasks/check_boot_jars/package_whitelist.txt
index b0becba..3b63843 100644
--- a/core/tasks/check_boot_jars/package_whitelist.txt
+++ b/core/tasks/check_boot_jars/package_whitelist.txt
@@ -46,6 +46,8 @@
java\.util\.spi
java\.util\.stream
java\.util\.zip
+# TODO: Remove javax.annotation.processing if possible, see http://b/132338110:
+javax\.annotation\.processing
javax\.crypto
javax\.crypto\.interfaces
javax\.crypto\.spec
diff --git a/core/tasks/module-info.mk b/core/tasks/module-info.mk
index 2c56162..2d93128 100644
--- a/core/tasks/module-info.mk
+++ b/core/tasks/module-info.mk
@@ -17,6 +17,7 @@
'"test_config": [$(if $(ALL_MODULES.$(m).TEST_CONFIG),"$(ALL_MODULES.$(m).TEST_CONFIG)")], ' \
'"dependencies": [$(foreach w,$(sort $(ALL_DEPS.$(m).ALL_DEPS)),"$(w)", )], ' \
'"srcs": [$(foreach w,$(sort $(ALL_MODULES.$(m).SRCS)),"$(w)", )], ' \
+ '"srcjars": [$(foreach w,$(sort $(ALL_MODULES.$(m).SRCJARS)),"$(w)", )], ' \
'},\n' \
) | sed -e 's/, *\]/]/g' -e 's/, *\}/ }/g' -e '$$s/,$$//' >> $@
$(hide) echo '}' >> $@
diff --git a/core/tasks/vndk.mk b/core/tasks/vndk.mk
index 9420638..90ebd92 100644
--- a/core/tasks/vndk.mk
+++ b/core/tasks/vndk.mk
@@ -27,11 +27,10 @@
#
# Args:
# $(1): list of module and filename pairs (e.g., ld.config.txt:ld.config.27.txt ...)
-# $(2): if not empty, evaluates for TARGET_2ND_ARCH
define paths-of-intermediates
$(strip \
$(foreach pair,$(1), \
- $(eval module := $(call word-colon,1,$(pair))$(if $(2),$(TARGET_2ND_ARCH_MODULE_SUFFIX))) \
+ $(eval module := $(call word-colon,1,$(pair))) \
$(eval built := $(ALL_MODULES.$(module).BUILT_INSTALLED)) \
$(eval filename := $(call word-colon,2,$(pair))) \
$(if $(wordlist 2,100,$(built)), \
@@ -41,30 +40,6 @@
)
endef
-# Returns src:dest list of notice files
-#
-# Args:
-# $(1): list of lib names (e.g., libfoo.vendor)
-define paths-of-notice-files
-$(strip \
- $(foreach lib,$(1), \
- $(eval notice := $(sort \
- $(ALL_MODULES.$(lib).NOTICES) \
- $(if $(TARGET_2ND_ARCH),
- $(ALL_MODULES.$(lib)$(TARGET_2ND_ARCH_MODULE_SUFFIX).NOTICES)))) \
- $(if $(wordlist 2,100,$(notice)), \
- $(error Unable to handle multiple notice files ($(lib)): $(notice))) \
- $(if $(notice),$(notice):$(subst .vendor,,$(lib)).so.txt)))
-endef
-
-vndk_core_libs := $(addsuffix .vendor,$(VNDK_CORE_LIBRARIES))
-vndk_sp_libs := $(addsuffix .vendor,$(VNDK_SAMEPROCESS_LIBRARIES))
-vndk_private_libs := $(addsuffix .vendor,$(VNDK_PRIVATE_LIBRARIES))
-
-vndk_snapshot_libs := \
- $(vndk_core_libs) \
- $(vndk_sp_libs)
-
vndk_prebuilt_txts := \
ld.config.txt \
vndksp.libraries.txt \
@@ -75,47 +50,6 @@
vndk_snapshot_configs_out := $(vndk_snapshot_top)/configs
#######################################
-# vndkcore.libraries.txt
-vndkcore.libraries.txt := $(vndk_snapshot_configs_out)/vndkcore.libraries.txt
-$(vndkcore.libraries.txt): PRIVATE_LIBS := $(vndk_core_libs)
-$(vndkcore.libraries.txt):
- @echo 'Generating: $@'
- @rm -f $@
- @mkdir -p $(dir $@)
- $(hide) echo -n > $@
- $(hide) $(foreach lib,$(PRIVATE_LIBS),echo $(patsubst %.vendor,%,$(lib)).so >> $@;)
-
-
-#######################################
-# vndkprivate.libraries.txt
-vndkprivate.libraries.txt := $(vndk_snapshot_configs_out)/vndkprivate.libraries.txt
-$(vndkprivate.libraries.txt): PRIVATE_LIBS := $(vndk_private_libs)
-$(vndkprivate.libraries.txt):
- @echo 'Generating: $@'
- @rm -f $@
- @mkdir -p $(dir $@)
- $(hide) echo -n > $@
- $(hide) $(foreach lib,$(PRIVATE_LIBS),echo $(patsubst %.vendor,%,$(lib)).so >> $@;)
-
-
-#######################################
-# module_paths.txt
-module_paths.txt := $(vndk_snapshot_configs_out)/module_paths.txt
-$(module_paths.txt): PRIVATE_LIBS := $(vndk_snapshot_libs)
-$(module_paths.txt):
- @echo 'Generating: $@'
- @rm -f $@
- @mkdir -p $(dir $@)
- $(hide) echo -n > $@
- $(hide) $(foreach lib,$(PRIVATE_LIBS),echo $(patsubst %.vendor,%,$(lib)).so $(ALL_MODULES.$(lib).PATH) >> $@;)
-
-
-vndk_snapshot_configs := \
- $(vndkcore.libraries.txt) \
- $(vndkprivate.libraries.txt) \
- $(module_paths.txt)
-
-#######################################
# vndk_snapshot_zip
vndk_snapshot_variant := $(vndk_snapshot_out)/$(TARGET_ARCH)
binder :=
@@ -130,44 +64,46 @@
$(vndk_snapshot_zip): PRIVATE_VNDK_SNAPSHOT_OUT := $(vndk_snapshot_out)
-deps := $(call paths-of-intermediates,$(foreach lib,$(vndk_core_libs),$(lib):$(subst .vendor,,$(lib)).so))
+prebuilts := $(SOONG_VNDK_SNAPSHOT_CORE_LIBS)
$(vndk_snapshot_zip): PRIVATE_VNDK_CORE_OUT := $(vndk_lib_dir)/shared/vndk-core
-$(vndk_snapshot_zip): PRIVATE_VNDK_CORE_INTERMEDIATES := $(deps)
-$(vndk_snapshot_zip): $(foreach d,$(deps),$(call word-colon,1,$(d)))
-deps :=
+$(vndk_snapshot_zip): PRIVATE_VNDK_CORE_SOONG_PREBUILTS := $(prebuilts)
+$(vndk_snapshot_zip): $(prebuilts)
+prebuilts :=
-deps := $(call paths-of-intermediates,$(foreach lib,$(vndk_sp_libs),$(lib):$(subst .vendor,,$(lib)).so))
+prebuilts := $(SOONG_VNDK_SNAPSHOT_SP_LIBS)
$(vndk_snapshot_zip): PRIVATE_VNDK_SP_OUT := $(vndk_lib_dir)/shared/vndk-sp
-$(vndk_snapshot_zip): PRIVATE_VNDK_SP_INTERMEDIATES := $(deps)
-$(vndk_snapshot_zip): $(foreach d,$(deps),$(call word-colon,1,$(d)))
-deps :=
+$(vndk_snapshot_zip): PRIVATE_VNDK_SP_SOONG_PREBUILTS := $(prebuilts)
+$(vndk_snapshot_zip): $(prebuilts)
+prebuilts :=
deps := $(call paths-of-intermediates,$(foreach txt,$(vndk_prebuilt_txts), \
- $(txt):$(patsubst %.txt,%.$(PLATFORM_VNDK_VERSION).txt,$(txt)))) \
- $(foreach config,$(vndk_snapshot_configs),$(config):$(notdir $(config)))
+ $(txt):$(patsubst %.txt,%.$(PLATFORM_VNDK_VERSION).txt,$(txt))))
+prebuilts := $(SOONG_VNDK_SNAPSHOT_CONFIGS)
$(vndk_snapshot_zip): PRIVATE_CONFIGS_OUT := $(vndk_snapshot_variant)/configs
$(vndk_snapshot_zip): PRIVATE_CONFIGS_INTERMEDIATES := $(deps)
-$(vndk_snapshot_zip): $(foreach d,$(deps),$(call word-colon,1,$(d)))
+$(vndk_snapshot_zip): PRIVATE_CONFIGS_SOONG_PREBUILTS := $(prebuilts)
+$(vndk_snapshot_zip): $(foreach d,$(deps),$(call word-colon,1,$(d))) $(prebuilts)
deps :=
+prebuilts :=
-notices := $(call paths-of-notice-files,$(vndk_core_libs) $(vndk_sp_libs))
+prebuilts := $(SOONG_VNDK_SNAPSHOT_NOTICES)
$(vndk_snapshot_zip): PRIVATE_NOTICE_FILES_OUT := $(vndk_snapshot_variant)/NOTICE_FILES
-$(vndk_snapshot_zip): PRIVATE_NOTICE_FILES_INTERMEDIATES := $(notices)
-$(vndk_snapshot_zip): $(foreach n,$(notices),$(call word-colon,1,$(n)))
-notices :=
+$(vndk_snapshot_zip): PRIVATE_NOTICE_FILES_SOONG_PREBUILTS := $(prebuilts)
+$(vndk_snapshot_zip): $(prebuilts)
+prebuilts :=
ifdef TARGET_2ND_ARCH
-deps := $(call paths-of-intermediates,$(foreach lib,$(vndk_core_libs),$(lib):$(subst .vendor,,$(lib)).so),true)
+prebuilts := $(SOONG_VNDK_SNAPSHOT_CORE_LIBS_2ND)
$(vndk_snapshot_zip): PRIVATE_VNDK_CORE_OUT_2ND := $(vndk_lib_dir_2nd)/shared/vndk-core
-$(vndk_snapshot_zip): PRIVATE_VNDK_CORE_INTERMEDIATES_2ND := $(deps)
-$(vndk_snapshot_zip): $(foreach d,$(deps),$(call word-colon,1,$(d)))
-deps :=
+$(vndk_snapshot_zip): PRIVATE_VNDK_CORE_SOONG_PREBUILTS_2ND := $(prebuilts)
+$(vndk_snapshot_zip): $(prebuilts)
+prebuilts :=
-deps := $(call paths-of-intermediates,$(foreach lib,$(vndk_sp_libs),$(lib):$(subst .vendor,,$(lib)).so),true)
+prebuilts := $(SOONG_VNDK_SNAPSHOT_SP_LIBS_2ND)
$(vndk_snapshot_zip): PRIVATE_VNDK_SP_OUT_2ND := $(vndk_lib_dir_2nd)/shared/vndk-sp
-$(vndk_snapshot_zip): PRIVATE_VNDK_SP_INTERMEDIATES_2ND := $(deps)
-$(vndk_snapshot_zip): $(foreach d,$(deps),$(call word-colon,1,$(d)))
-deps :=
+$(vndk_snapshot_zip): PRIVATE_VNDK_SP_SOONG_PREBUILTS_2ND := $(prebuilts)
+$(vndk_snapshot_zip): $(prebuilts)
+prebuilts :=
endif
# Args
@@ -182,6 +118,15 @@
true \
))
+# Args
+# $(1): destination directory
+# $(2): list of prebuilts to copy
+$(vndk_snapshot_zip): private-copy-prebuilts = \
+ $(if $(2),$(strip \
+ @mkdir -p $(1) && \
+ $(foreach file, $(2), cp $(file) $(1) && ) \
+ true \
+ ))
$(vndk_snapshot_zip): $(SOONG_ZIP)
@echo 'Generating VNDK snapshot: $@'
@@ -189,18 +134,20 @@
@rm -rf $(PRIVATE_VNDK_SNAPSHOT_OUT)
@mkdir -p $(PRIVATE_VNDK_SNAPSHOT_OUT)
$(call private-copy-intermediates, \
- $(PRIVATE_VNDK_CORE_OUT),$(PRIVATE_VNDK_CORE_INTERMEDIATES))
- $(call private-copy-intermediates, \
- $(PRIVATE_VNDK_SP_OUT),$(PRIVATE_VNDK_SP_INTERMEDIATES))
- $(call private-copy-intermediates, \
$(PRIVATE_CONFIGS_OUT),$(PRIVATE_CONFIGS_INTERMEDIATES))
- $(call private-copy-intermediates, \
- $(PRIVATE_NOTICE_FILES_OUT),$(PRIVATE_NOTICE_FILES_INTERMEDIATES))
+ $(call private-copy-prebuilts, \
+ $(PRIVATE_VNDK_CORE_OUT),$(PRIVATE_VNDK_CORE_SOONG_PREBUILTS))
+ $(call private-copy-prebuilts, \
+ $(PRIVATE_VNDK_SP_OUT),$(PRIVATE_VNDK_SP_SOONG_PREBUILTS))
+ $(call private-copy-prebuilts, \
+ $(PRIVATE_CONFIGS_OUT),$(PRIVATE_CONFIGS_SOONG_PREBUILTS))
+ $(call private-copy-prebuilts, \
+ $(PRIVATE_NOTICE_FILES_OUT),$(PRIVATE_NOTICE_FILES_SOONG_PREBUILTS))
ifdef TARGET_2ND_ARCH
- $(call private-copy-intermediates, \
- $(PRIVATE_VNDK_CORE_OUT_2ND),$(PRIVATE_VNDK_CORE_INTERMEDIATES_2ND))
- $(call private-copy-intermediates, \
- $(PRIVATE_VNDK_SP_OUT_2ND),$(PRIVATE_VNDK_SP_INTERMEDIATES_2ND))
+ $(call private-copy-prebuilts, \
+ $(PRIVATE_VNDK_CORE_OUT_2ND),$(PRIVATE_VNDK_CORE_SOONG_PREBUILTS_2ND))
+ $(call private-copy-prebuilts, \
+ $(PRIVATE_VNDK_SP_OUT_2ND),$(PRIVATE_VNDK_SP_SOONG_PREBUILTS_2ND))
endif
$(hide) $(SOONG_ZIP) -o $@ -C $(PRIVATE_VNDK_SNAPSHOT_OUT) -D $(PRIVATE_VNDK_SNAPSHOT_OUT)
@@ -212,12 +159,7 @@
# clear global vars
clang-ubsan-vndk-core :=
paths-of-intermediates :=
-paths-of-notice-files :=
-vndk_core_libs :=
-vndk_sp_libs :=
-vndk_snapshot_libs :=
vndk_prebuilt_txts :=
-vndk_snapshot_configs :=
vndk_snapshot_top :=
vndk_snapshot_out :=
vndk_snapshot_configs_out :=
diff --git a/core/version_defaults.mk b/core/version_defaults.mk
index b248fd3..2714f83 100644
--- a/core/version_defaults.mk
+++ b/core/version_defaults.mk
@@ -261,7 +261,7 @@
# It must be of the form "YYYY-MM-DD" on production devices.
# It must match one of the Android Security Patch Level strings of the Public Security Bulletins.
# If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
- PLATFORM_SECURITY_PATCH := 2019-04-05
+ PLATFORM_SECURITY_PATCH := 2019-05-05
endif
.KATI_READONLY := PLATFORM_SECURITY_PATCH
diff --git a/envsetup.sh b/envsetup.sh
index 9e381a2..5292d38 100644
--- a/envsetup.sh
+++ b/envsetup.sh
@@ -22,7 +22,7 @@
- jgrep: Greps on all local Java files.
- resgrep: Greps on all local res/*.xml files.
- mangrep: Greps on all local AndroidManifest.xml files.
-- mgrep: Greps on all local Makefiles files.
+- mgrep: Greps on all local Makefiles and *.bp files.
- sepgrep: Greps on all local sepolicy files.
- sgrep: Greps on all local source files.
- godir: Go to the directory containing a file.
diff --git a/target/board/BoardConfigEmuCommon.mk b/target/board/BoardConfigEmuCommon.mk
index c871d7e..3ab5f12 100644
--- a/target/board/BoardConfigEmuCommon.mk
+++ b/target/board/BoardConfigEmuCommon.mk
@@ -23,15 +23,35 @@
# Emulator doesn't support sparse image format.
TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
-# ~140 MB vendor image. Please adjust system image / vendor image sizes
-# when finalizing them. The partition size needs to be a multiple of image
-# block size: 4096.
-BOARD_VENDORIMAGE_PARTITION_SIZE := 140963840
+ifeq ($(PRODUCT_USE_DYNAMIC_PARTITIONS),true)
+ # emulator is Non-A/B device
+ AB_OTA_UPDATER := false
+
+ # emulator needs super.img
+ BOARD_BUILD_SUPER_IMAGE_BY_DEFAULT := true
+
+ BOARD_EXT4_SHARE_DUP_BLOCKS := true
+
+ # 3G + header
+ BOARD_SUPER_PARTITION_SIZE := 3229614080
+ BOARD_SUPER_PARTITION_GROUPS := emulator_dynamic_partitions
+ BOARD_EMULATOR_DYNAMIC_PARTITIONS_PARTITION_LIST := \
+ system \
+ vendor
+
+ # 3G
+ BOARD_EMULATOR_DYNAMIC_PARTITIONS_SIZE := 3221225472
+else ifeq ($(PRODUCT_USE_DYNAMIC_PARTITION_SIZE),true)
+ # Enable dynamic system image size and reserved 64MB in it.
+ BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE := 67108864
+ BOARD_VENDORIMAGE_PARTITION_RESERVED_SIZE := 67108864
+else
+ BOARD_SYSTEMIMAGE_PARTITION_SIZE := 3221225472
+ BOARD_VENDORIMAGE_PARTITION_SIZE := 146800640
+endif
+
BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE := ext4
BOARD_FLASH_BLOCK_SIZE := 512
DEVICE_MATRIX_FILE := device/generic/goldfish/compatibility_matrix.xml
BOARD_SEPOLICY_DIRS += device/generic/goldfish/sepolicy/common
-
-# TODO(b/125540538): Remove when emulator uses dynamic partitions
-BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
diff --git a/target/board/BoardConfigGsiCommon.mk b/target/board/BoardConfigGsiCommon.mk
index d4025c3..96fd07b 100644
--- a/target/board/BoardConfigGsiCommon.mk
+++ b/target/board/BoardConfigGsiCommon.mk
@@ -28,16 +28,9 @@
BOARD_USES_METADATA_PARTITION := true
# Android Verified Boot (AVB):
-# Set AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED (--flags 2) in
-# vbmeta.img to disable AVB verification. Also set the rollback index
-# to zero, to prevent the device bootloader from updating the last seen
-# rollback index in the tamper-evident storage.
-#
-# To disable AVB for GSI, use the vbmeta.img and the GSI together.
-# To enable AVB for GSI, include the GSI public key into the device-specific
-# vbmeta.img.
+# Set the rollback index to zero, to prevent the device bootloader from
+# updating the last seen rollback index in the tamper-evident storage.
BOARD_AVB_ROLLBACK_INDEX := 0
-BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 2
# Enable chain partition for system.
BOARD_AVB_SYSTEM_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
diff --git a/target/board/BoardConfigMainlineCommon.mk b/target/board/BoardConfigMainlineCommon.mk
index 6c56671..be7c804 100644
--- a/target/board/BoardConfigMainlineCommon.mk
+++ b/target/board/BoardConfigMainlineCommon.mk
@@ -36,9 +36,6 @@
BOARD_CHARGER_ENABLE_SUSPEND := true
-# Enable A/B update
-AB_OTA_UPDATER := true
-
# Enable system property split for Treble
BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk
index b61a7fd..8624ed7 100644
--- a/target/board/generic/BoardConfig.mk
+++ b/target/board/generic/BoardConfig.mk
@@ -29,8 +29,8 @@
TARGET_CPU_ABI := armeabi-v7a
TARGET_CPU_ABI2 := armeabi
-include build/make/target/board/BoardConfigEmuCommon.mk
include build/make/target/board/BoardConfigGsiCommon.mk
+include build/make/target/board/BoardConfigEmuCommon.mk
BOARD_USERDATAIMAGE_PARTITION_SIZE := 576716800
diff --git a/target/board/generic_arm64/BoardConfig.mk b/target/board/generic_arm64/BoardConfig.mk
index 7d92b7d..ecc547f 100644
--- a/target/board/generic_arm64/BoardConfig.mk
+++ b/target/board/generic_arm64/BoardConfig.mk
@@ -52,8 +52,8 @@
TARGET_2ND_CPU_VARIANT := generic
endif
-include build/make/target/board/BoardConfigEmuCommon.mk
include build/make/target/board/BoardConfigGsiCommon.mk
+include build/make/target/board/BoardConfigEmuCommon.mk
BOARD_USERDATAIMAGE_PARTITION_SIZE := 576716800
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk
index 650073e..83d7ecc 100644
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -20,8 +20,8 @@
TARGET_PRELINK_MODULE := false
-include build/make/target/board/BoardConfigEmuCommon.mk
include build/make/target/board/BoardConfigGsiCommon.mk
+include build/make/target/board/BoardConfigEmuCommon.mk
# Resize to 4G to accomodate ASAN and CTS
BOARD_USERDATAIMAGE_PARTITION_SIZE := 4294967296
diff --git a/target/board/generic_x86_64/BoardConfig.mk b/target/board/generic_x86_64/BoardConfig.mk
index 1426630..07bbc07 100755
--- a/target/board/generic_x86_64/BoardConfig.mk
+++ b/target/board/generic_x86_64/BoardConfig.mk
@@ -23,9 +23,8 @@
TARGET_2ND_ARCH_VARIANT := x86_64
TARGET_PRELINK_MODULE := false
-
-include build/make/target/board/BoardConfigEmuCommon.mk
include build/make/target/board/BoardConfigGsiCommon.mk
+include build/make/target/board/BoardConfigEmuCommon.mk
BOARD_USERDATAIMAGE_PARTITION_SIZE := 576716800
diff --git a/target/board/generic_x86_arm/BoardConfig.mk b/target/board/generic_x86_arm/BoardConfig.mk
index ab2089d..6fae411 100644
--- a/target/board/generic_x86_arm/BoardConfig.mk
+++ b/target/board/generic_x86_arm/BoardConfig.mk
@@ -30,8 +30,8 @@
BUILD_BROKEN_DUP_RULES := true
-include build/make/target/board/BoardConfigEmuCommon.mk
include build/make/target/board/BoardConfigGsiCommon.mk
+include build/make/target/board/BoardConfigEmuCommon.mk
# Resize to 4G to accomodate ASAN and CTS
BOARD_USERDATAIMAGE_PARTITION_SIZE := 4294967296
diff --git a/target/board/mainline_arm64/BoardConfig.mk b/target/board/mainline_arm64/BoardConfig.mk
index 8bb6212..70505f4 100644
--- a/target/board/mainline_arm64/BoardConfig.mk
+++ b/target/board/mainline_arm64/BoardConfig.mk
@@ -28,6 +28,8 @@
TARGET_NO_KERNEL := true
+# Build generic A/B format system-only OTA.
+AB_OTA_UPDATER := true
AB_OTA_PARTITIONS := system
BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE := ext4
diff --git a/target/product/aosp_arm.mk b/target/product/aosp_arm.mk
index 400fa6a..0fdd313 100644
--- a/target/product/aosp_arm.mk
+++ b/target/product/aosp_arm.mk
@@ -14,6 +14,8 @@
# limitations under the License.
#
+PRODUCT_USE_DYNAMIC_PARTITIONS := true
+
# The system image of aosp_arm-userdebug is a GSI for the devices with:
# - ARM 32 bits user space
# - 64 bits binder interface
diff --git a/target/product/aosp_arm64.mk b/target/product/aosp_arm64.mk
index aa6ec4d..8ef2023 100644
--- a/target/product/aosp_arm64.mk
+++ b/target/product/aosp_arm64.mk
@@ -14,6 +14,8 @@
# limitations under the License.
#
+PRODUCT_USE_DYNAMIC_PARTITIONS := true
+
# The system image of aosp_arm64-userdebug is a GSI for the devices with:
# - ARM 64 bits user space
# - 64 bits binder interface
diff --git a/target/product/aosp_x86.mk b/target/product/aosp_x86.mk
index b16b5ed..1c71948 100644
--- a/target/product/aosp_x86.mk
+++ b/target/product/aosp_x86.mk
@@ -14,6 +14,8 @@
# limitations under the License.
#
+PRODUCT_USE_DYNAMIC_PARTITIONS := true
+
# The system image of aosp_x86-userdebug is a GSI for the devices with:
# - x86 32 bits user space
# - 64 bits binder interface
diff --git a/target/product/aosp_x86_64.mk b/target/product/aosp_x86_64.mk
index f7e2056..9dfa2f4 100644
--- a/target/product/aosp_x86_64.mk
+++ b/target/product/aosp_x86_64.mk
@@ -14,6 +14,8 @@
# limitations under the License.
#
+PRODUCT_USE_DYNAMIC_PARTITIONS := true
+
# The system image of aosp_x86_64-userdebug is a GSI for the devices with:
# - x86 64 bits user space
# - 64 bits binder interface
diff --git a/target/product/aosp_x86_arm.mk b/target/product/aosp_x86_arm.mk
index b921c97..70aa64e 100644
--- a/target/product/aosp_x86_arm.mk
+++ b/target/product/aosp_x86_arm.mk
@@ -14,6 +14,7 @@
# limitations under the License.
#
+PRODUCT_USE_DYNAMIC_PARTITIONS := true
# aosp_x86 with arm libraries needed by binary translation.
@@ -31,13 +32,6 @@
# Enable dynamic partition size
PRODUCT_USE_DYNAMIC_PARTITION_SIZE := true
-# Enable A/B update
-AB_OTA_UPDATER := true
-AB_OTA_PARTITIONS := system
-PRODUCT_PACKAGES += \
- update_engine \
- update_verifier
-
# Needed by Pi newly launched device to pass VtsTrebleSysProp on GSI
PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE := true
diff --git a/target/product/base_system.mk b/target/product/base_system.mk
index 23289f5..606a605 100644
--- a/target/product/base_system.mk
+++ b/target/product/base_system.mk
@@ -122,8 +122,6 @@
libcamera2ndk \
libcamera_client \
libcameraservice \
- libc_malloc_debug \
- libc_malloc_hooks \
libcutils \
libdl.bootstrap \
libdrmframework \
diff --git a/target/product/mainline_system.mk b/target/product/mainline_system.mk
index 66207df..87393d4 100644
--- a/target/product/mainline_system.mk
+++ b/target/product/mainline_system.mk
@@ -19,7 +19,7 @@
$(call inherit-product, $(SRC_TARGET_DIR)/product/telephony_system.mk)
$(call inherit-product, $(SRC_TARGET_DIR)/product/languages_default.mk)
# Enable updating of APEXes
-$(call inherit-product, $(SRC_TARGET_DIR)/product/updatable_apex.mk)
+#$(call inherit-product, $(SRC_TARGET_DIR)/product/updatable_apex.mk)
# Add adb keys to debuggable AOSP builds (if they exist)
$(call inherit-product-if-exists, vendor/google/security/adb/vendor_key.mk)
diff --git a/target/product/runtime_libart.mk b/target/product/runtime_libart.mk
index a88ba3c..5db32f2 100644
--- a/target/product/runtime_libart.mk
+++ b/target/product/runtime_libart.mk
@@ -96,4 +96,4 @@
PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
ro.iorapd.enable=false
-PRODUCT_USES_ART := true
+PRODUCT_USES_DEFAULT_ART_CONFIG := true
diff --git a/target/product/security/Android.bp b/target/product/security/Android.bp
new file mode 100644
index 0000000..080706b
--- /dev/null
+++ b/target/product/security/Android.bp
@@ -0,0 +1,5 @@
+// AOSP test certificate
+android_app_certificate {
+ name: "aosp-testkey",
+ certificate: "testkey",
+}
diff --git a/target/product/updatable_apex.mk b/target/product/updatable_apex.mk
index 4b31578..038f66e 100644
--- a/target/product/updatable_apex.mk
+++ b/target/product/updatable_apex.mk
@@ -18,3 +18,4 @@
PRODUCT_PROPERTY_OVERRIDES := ro.apex.updatable=true
PRODUCT_PACKAGES := com.android.apex.cts.shim.v1_prebuilt
+TARGET_FLATTEN_APEX := false
diff --git a/tools/droiddoc/Android.bp b/tools/droiddoc/Android.bp
new file mode 100644
index 0000000..0428068
--- /dev/null
+++ b/tools/droiddoc/Android.bp
@@ -0,0 +1,18 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+droiddoc_exported_dir {
+ name: "droiddoc-templates-pdk",
+ path: "templates-pdk",
+}
diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index 4af10ca..4156c8b 100755
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -113,7 +113,7 @@
Returns:
(which, care_map_ranges): care_map_ranges is the raw string of the care_map
- RangeSet; or an empty list.
+ RangeSet; or None.
"""
assert which in common.PARTITIONS_WITH_CARE_MAP
@@ -123,7 +123,7 @@
# invalid reads.
image_size = OPTIONS.info_dict.get(which + "_image_size")
if not image_size:
- return []
+ return None
image_blocks = int(image_size) / 4096 - 1
assert image_blocks > 0, "blocks for {} must be positive".format(which)
@@ -592,7 +592,11 @@
OPTIONS.info_dict.get(avb_hashtree_enable) == "true"):
image_path = image_paths[partition]
assert os.path.exists(image_path)
- care_map_list += GetCareMap(partition, image_path)
+
+ care_map = GetCareMap(partition, image_path)
+ if not care_map:
+ continue
+ care_map_list += care_map
# adds fingerprint field to the care_map
build_props = OPTIONS.info_dict.get(partition + ".build.prop", {})
@@ -726,6 +730,7 @@
OPTIONS.info_dict = common.LoadInfoDict(OPTIONS.input_tmp, repacking=True)
has_recovery = OPTIONS.info_dict.get("no_recovery") != "true"
+ has_boot = OPTIONS.info_dict.get("no_boot") != "true"
# {vendor,odm,product,product_services}.img are unlike system.img or
# system_other.img. Because it could be built from source, or dropped into
@@ -773,17 +778,19 @@
def banner(s):
logger.info("\n\n++++ " + s + " ++++\n\n")
- banner("boot")
- # common.GetBootableImage() returns the image directly if present.
- boot_image = common.GetBootableImage(
- "IMAGES/boot.img", "boot.img", OPTIONS.input_tmp, "BOOT")
- # boot.img may be unavailable in some targets (e.g. aosp_arm64).
- if boot_image:
- partitions['boot'] = os.path.join(OPTIONS.input_tmp, "IMAGES", "boot.img")
- if not os.path.exists(partitions['boot']):
- boot_image.WriteToDir(OPTIONS.input_tmp)
- if output_zip:
- boot_image.AddToZip(output_zip)
+ boot_image = None
+ if has_boot:
+ banner("boot")
+ # common.GetBootableImage() returns the image directly if present.
+ boot_image = common.GetBootableImage(
+ "IMAGES/boot.img", "boot.img", OPTIONS.input_tmp, "BOOT")
+ # boot.img may be unavailable in some targets (e.g. aosp_arm64).
+ if boot_image:
+ partitions['boot'] = os.path.join(OPTIONS.input_tmp, "IMAGES", "boot.img")
+ if not os.path.exists(partitions['boot']):
+ boot_image.WriteToDir(OPTIONS.input_tmp)
+ if output_zip:
+ boot_image.AddToZip(output_zip)
recovery_image = None
if has_recovery:
diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py
index d14c94f..fb4ca76 100644
--- a/tools/releasetools/apex_utils.py
+++ b/tools/releasetools/apex_utils.py
@@ -19,11 +19,14 @@
import re
import shlex
import sys
+import zipfile
import common
logger = logging.getLogger(__name__)
+OPTIONS = common.OPTIONS
+
class ApexInfoError(Exception):
"""An Exception raised during Apex Information command."""
@@ -145,3 +148,72 @@
'Failed to find {} prop in {}'.format(key, payload_path))
return payload_info
+
+
+def SignApex(apex_data, payload_key, container_key, container_pw,
+ codename_to_api_level_map, signing_args=None):
+ """Signs the current APEX with the given payload/container keys.
+
+ Args:
+ apex_data: Raw APEX data.
+ payload_key: The path to payload signing key (w/ extension).
+ container_key: The path to container signing key (w/o extension).
+ container_pw: The matching password of the container_key, or None.
+ codename_to_api_level_map: A dict that maps from codename to API level.
+ signing_args: Additional args to be passed to the payload signer.
+
+ Returns:
+ The path to the signed APEX file.
+ """
+ apex_file = common.MakeTempFile(prefix='apex-', suffix='.apex')
+ with open(apex_file, 'wb') as apex_fp:
+ apex_fp.write(apex_data)
+
+ APEX_PAYLOAD_IMAGE = 'apex_payload.img'
+ APEX_PUBKEY = 'apex_pubkey'
+
+ # 1a. Extract and sign the APEX_PAYLOAD_IMAGE entry with the given
+ # payload_key.
+ payload_dir = common.MakeTempDir(prefix='apex-payload-')
+ with zipfile.ZipFile(apex_file) as apex_fd:
+ payload_file = apex_fd.extract(APEX_PAYLOAD_IMAGE, payload_dir)
+
+ payload_info = ParseApexPayloadInfo(payload_file)
+ SignApexPayload(
+ payload_file,
+ payload_key,
+ payload_info['apex.key'],
+ payload_info['Algorithm'],
+ payload_info['Salt'],
+ signing_args)
+
+ # 1b. Update the embedded payload public key.
+ payload_public_key = common.ExtractAvbPublicKey(payload_key)
+
+ common.ZipDelete(apex_file, APEX_PAYLOAD_IMAGE)
+ common.ZipDelete(apex_file, APEX_PUBKEY)
+ apex_zip = zipfile.ZipFile(apex_file, 'a')
+ common.ZipWrite(apex_zip, payload_file, arcname=APEX_PAYLOAD_IMAGE)
+ common.ZipWrite(apex_zip, payload_public_key, arcname=APEX_PUBKEY)
+ common.ZipClose(apex_zip)
+
+ # 2. Align the files at page boundary (same as in apexer).
+ aligned_apex = common.MakeTempFile(prefix='apex-container-', suffix='.apex')
+ common.RunAndCheckOutput(['zipalign', '-f', '4096', apex_file, aligned_apex])
+
+ # 3. Sign the APEX container with container_key.
+ signed_apex = common.MakeTempFile(prefix='apex-container-', suffix='.apex')
+
+ # Specify the 4K alignment when calling SignApk.
+ extra_signapk_args = OPTIONS.extra_signapk_args[:]
+ extra_signapk_args.extend(['-a', '4096'])
+
+ common.SignFile(
+ aligned_apex,
+ signed_apex,
+ container_key,
+ container_pw,
+ codename_to_api_level_map=codename_to_api_level_map,
+ extra_signapk_args=extra_signapk_args)
+
+ return signed_apex
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 495fec3..e642297 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -332,10 +332,8 @@
raise ValueError("Failed to find 'fstab_version'")
if repacking:
- # We carry a copy of file_contexts.bin under META/. If not available, search
- # BOOT/RAMDISK/. Note that sometimes we may need a different file to build
- # images than the one running on device, in that case, we must have the one
- # for image generation copied to META/.
+ # "selinux_fc" should point to the file_contexts file (file_contexts.bin)
+ # under META/.
fc_basename = os.path.basename(d.get("selinux_fc", "file_contexts"))
fc_config = os.path.join(input_file, "META", fc_basename)
assert os.path.exists(fc_config)
diff --git a/tools/releasetools/img_from_target_files.py b/tools/releasetools/img_from_target_files.py
index e1105bb..8fb9871 100755
--- a/tools/releasetools/img_from_target_files.py
+++ b/tools/releasetools/img_from_target_files.py
@@ -22,7 +22,8 @@
input_target_files: one of the following:
- directory containing extracted target files. It will load info from
- OTA/android-info.txt and build the image zipfile using images from IMAGES/.
+ OTA/android-info.txt, META/misc_info.txt and build the image zipfile using
+ images from IMAGES/.
- target files package. Same as above, but extracts the archive before
building the image zipfile.
@@ -42,6 +43,7 @@
import zipfile
import common
+from build_super_image import BuildSuperImage
if sys.hexversion < 0x02070000:
print("Python 2.7 or newer is required.", file=sys.stderr)
@@ -52,13 +54,102 @@
OPTIONS = common.OPTIONS
-def CopyInfo(output_zip):
+def LoadOptions(input_file):
+ """
+ Load information from input_file to OPTIONS.
+
+ Args:
+ input_file: A Zipfile instance of input zip file, or path to the directory
+ of extracted zip.
+ """
+ info = OPTIONS.info_dict = common.LoadInfoDict(input_file)
+
+ OPTIONS.put_super = info.get("super_image_in_update_package") == "true"
+ OPTIONS.dynamic_partition_list = info.get("dynamic_partition_list",
+ "").strip().split()
+ OPTIONS.super_device_list = info.get("super_block_devices",
+ "").strip().split()
+ OPTIONS.retrofit_dap = info.get("dynamic_partition_retrofit") == "true"
+ OPTIONS.build_super = info.get("build_super_partition") == "true"
+ OPTIONS.sparse_userimages = bool(info.get("extfs_sparse_flag"))
+
+
+def CopyInfo(input_tmp, output_zip):
"""Copy the android-info.txt file from the input to the output."""
common.ZipWrite(
- output_zip, os.path.join(OPTIONS.input_tmp, "OTA", "android-info.txt"),
+ output_zip, os.path.join(input_tmp, "OTA", "android-info.txt"),
"android-info.txt")
+def CopyUserImages(input_tmp, output_zip):
+ """
+ Copy user images from the unzipped input and write to output_zip.
+
+ Args:
+ input_tmp: path to the unzipped input.
+ output_zip: a ZipFile instance to write images to.
+ """
+ dynamic_images = [p + ".img" for p in OPTIONS.dynamic_partition_list]
+
+ # Filter out system_other for launch DAP devices because it is in super image.
+ if not OPTIONS.retrofit_dap and "system" in OPTIONS.dynamic_partition_list:
+ dynamic_images.append("system_other.img")
+
+ images_path = os.path.join(input_tmp, "IMAGES")
+ # A target-files zip must contain the images since Lollipop.
+ assert os.path.exists(images_path)
+ for image in sorted(os.listdir(images_path)):
+ if OPTIONS.bootable_only and image not in ("boot.img", "recovery.img"):
+ continue
+ if not image.endswith(".img"):
+ continue
+ if image == "recovery-two-step.img":
+ continue
+ if OPTIONS.put_super:
+ if image == "super_empty.img":
+ continue
+ if image in dynamic_images:
+ continue
+ logger.info("writing %s to archive...", os.path.join("IMAGES", image))
+ common.ZipWrite(output_zip, os.path.join(images_path, image), image)
+
+
+def WriteSuperImages(input_tmp, output_zip):
+ """
+ Write super images from the unzipped input and write to output_zip. This is
+ only done if super_image_in_update_package is set to "true".
+
+ - For retrofit dynamic partition devices, copy split super images from target
+ files package.
+ - For devices launched with dynamic partitions, build super image from target
+ files package.
+
+ Args:
+ input_tmp: path to the unzipped input.
+ output_zip: a ZipFile instance to write images to.
+ """
+ if not OPTIONS.build_super or not OPTIONS.put_super:
+ return
+
+ if OPTIONS.retrofit_dap:
+ # retrofit devices already have split super images under OTA/
+ images_path = os.path.join(input_tmp, "OTA")
+ for device in OPTIONS.super_device_list:
+ image = "super_%s.img" % device
+ image_path = os.path.join(images_path, image)
+ assert os.path.exists(image_path)
+ logger.info("writing %s to archive...", os.path.join("OTA", image))
+ common.ZipWrite(output_zip, image_path, image)
+ else:
+ # super image for non-retrofit devices aren't in target files package,
+ # so build it.
+ super_file = common.MakeTempFile("super_", ".img")
+ logger.info("building super image %s...", super_file)
+ BuildSuperImage(input_tmp, super_file)
+ logger.info("writing super.img to archive...")
+ common.ZipWrite(output_zip, super_file, "super.img")
+
+
def main(argv):
# This allows modifying the value from inner function.
bootable_only_array = [False]
@@ -75,7 +166,7 @@
extra_long_opts=["bootable_zip"],
extra_option_handler=option_handler)
- bootable_only = bootable_only_array[0]
+ OPTIONS.bootable_only = bootable_only_array[0]
if len(args) != 2:
common.Usage(__doc__)
@@ -89,26 +180,21 @@
OPTIONS.input_tmp = target_files
elif zipfile.is_zipfile(target_files):
logger.info("Building image zip from target files zip.")
- OPTIONS.input_tmp = common.UnzipTemp(args[0], ["IMAGES/*", "OTA/*"])
+ # We need files under IMAGES/, OTA/, META/ for img_from_target_files.py.
+ # However, common.LoadInfoDict() may read additional files under BOOT/,
+ # RECOVERY/ and ROOT/. So unzip everything from the target_files.zip.
+ OPTIONS.input_tmp = common.UnzipTemp(target_files)
else:
raise ValueError("%s is not a valid path." % target_files)
- output_zip = zipfile.ZipFile(args[1], "w", compression=zipfile.ZIP_DEFLATED)
- CopyInfo(output_zip)
+ LoadOptions(OPTIONS.input_tmp)
+ output_zip = zipfile.ZipFile(args[1], "w", compression=zipfile.ZIP_DEFLATED,
+ allowZip64=not OPTIONS.sparse_userimages)
try:
- images_path = os.path.join(OPTIONS.input_tmp, "IMAGES")
- # A target-files zip must contain the images since Lollipop.
- assert os.path.exists(images_path)
- for image in sorted(os.listdir(images_path)):
- if bootable_only and image not in ("boot.img", "recovery.img"):
- continue
- if not image.endswith(".img"):
- continue
- if image == "recovery-two-step.img":
- continue
- common.ZipWrite(output_zip, os.path.join(images_path, image), image)
-
+ CopyInfo(OPTIONS.input_tmp, output_zip)
+ CopyUserImages(OPTIONS.input_tmp, output_zip)
+ WriteSuperImages(OPTIONS.input_tmp, output_zip)
finally:
logger.info("cleaning up...")
common.ZipClose(output_zip)
diff --git a/tools/releasetools/merge_target_files.py b/tools/releasetools/merge_target_files.py
index 689e095..2a722c5 100755
--- a/tools/releasetools/merge_target_files.py
+++ b/tools/releasetools/merge_target_files.py
@@ -160,6 +160,7 @@
default_other_item_list = [
'META/boot_filesystem_config.txt',
+ 'META/file_contexts.bin',
'META/otakeys.txt',
'META/releasetools.py',
'META/vendor_filesystem_config.txt',
@@ -184,6 +185,26 @@
]
+def write_sorted_data(data, path):
+ """Write the sorted contents of either a list or dict to file.
+
+ This function sorts the contents of the list or dict and then
+ writes the resulting sorted contents to a file specified by path.
+
+ Args:
+ data: The list or dict to sort and write.
+ path: Path to the file to write the sorted values to. The file at path will
+ be overridden if it exists.
+ """
+ with open(path, 'w') as output:
+ sorted_data = sorted(data.keys()) if isinstance(data,
+ dict) else sorted(data)
+ for entry in sorted_data:
+ out_str = '{}={}\n'.format(entry, data[entry]) if isinstance(
+ data, dict) else '{}\n'.format(entry)
+ output.write(out_str)
+
+
def extract_items(target_files, target_files_temp_dir, extract_item_list):
"""Extract items from target files to temporary directory.
@@ -340,9 +361,7 @@
output_ab_partitions_txt = os.path.join(output_target_files_temp_dir, 'META',
'ab_partitions.txt')
- with open(output_ab_partitions_txt, 'w') as output:
- for partition in sorted(output_ab_partitions):
- output.write('%s\n' % partition)
+ write_sorted_data(data=output_ab_partitions, path=output_ab_partitions_txt)
def append_recovery_to_filesystem_config(output_target_files_temp_dir):
@@ -371,6 +390,63 @@
'selabel=u:object_r:install_recovery_exec:s0 capabilities=0x0\n')
+def merge_dynamic_partition_info_dicts(system_dict,
+ other_dict,
+ include_dynamic_partition_list=True,
+ size_prefix='',
+ size_suffix='',
+ list_prefix='',
+ list_suffix=''):
+ """Merges dynamic partition info variables.
+
+ Args:
+ system_dict: The dictionary of dynamic partition info variables from the
+ partial system target files.
+ other_dict: The dictionary of dynamic partition info variables from the
+ partial other target files.
+ include_dynamic_partition_list: If true, merges the dynamic_partition_list
+ variable. Not all use cases need this variable merged.
+ size_prefix: The prefix in partition group size variables that precedes the
+ name of the partition group. For example, partition group 'group_a' with
+ corresponding size variable 'super_group_a_group_size' would have the
+ size_prefix 'super_'.
+ size_suffix: Similar to size_prefix but for the variable's suffix. For
+ example, 'super_group_a_group_size' would have size_suffix '_group_size'.
+ list_prefix: Similar to size_prefix but for the partition group's
+ partition_list variable.
+ list_suffix: Similar to size_suffix but for the partition group's
+ partition_list variable.
+
+ Returns:
+ The merged dynamic partition info dictionary.
+ """
+ merged_dict = {}
+ # Partition groups and group sizes are defined by the other (non-system)
+ # dict because these values may vary for each board that uses a shared system
+ # image.
+ merged_dict['super_partition_groups'] = other_dict['super_partition_groups']
+ if include_dynamic_partition_list:
+ system_dynamic_partition_list = system_dict.get('dynamic_partition_list',
+ '')
+ other_dynamic_partition_list = other_dict.get('dynamic_partition_list', '')
+ merged_dict['dynamic_partition_list'] = (
+ '%s %s' %
+ (system_dynamic_partition_list, other_dynamic_partition_list)).strip()
+ for partition_group in merged_dict['super_partition_groups'].split(' '):
+ # Set the partition group's size using the value from the other dict.
+ key = '%s%s%s' % (size_prefix, partition_group, size_suffix)
+ if key not in other_dict:
+ raise ValueError('Other dict does not contain required key %s.' % key)
+ merged_dict[key] = other_dict[key]
+
+ # Set the partition group's partition list using a concatenation of the
+ # system and other partition lists.
+ key = '%s%s%s' % (list_prefix, partition_group, list_suffix)
+ merged_dict[key] = (
+ '%s %s' % (system_dict.get(key, ''), other_dict.get(key, ''))).strip()
+ return merged_dict
+
+
def process_misc_info_txt(system_target_files_temp_dir,
other_target_files_temp_dir,
output_target_files_temp_dir, system_misc_info_keys):
@@ -416,107 +492,120 @@
# Merge misc info keys used for Dynamic Partitions.
if (merged_info_dict.get('use_dynamic_partitions') == 'true') and (
system_info_dict.get('use_dynamic_partitions') == 'true'):
- merged_info_dict['dynamic_partition_list'] = '%s %s' % (
- system_info_dict.get('dynamic_partition_list', ''),
- merged_info_dict.get('dynamic_partition_list', ''))
- # Partition groups and group sizes are defined by the other (non-system)
- # misc info file because these values may vary for each board that uses
- # a shared system image.
- for partition_group in merged_info_dict['super_partition_groups'].split(
- ' '):
- if ('super_%s_group_size' % partition_group) not in merged_info_dict:
- raise ValueError(
- 'Other META/misc_info.txt does not contain required key '
- 'super_%s_group_size.' % partition_group)
- key = 'super_%s_partition_list' % partition_group
- merged_info_dict[key] = '%s %s' % (system_info_dict.get(
- key, ''), merged_info_dict.get(key, ''))
+ merged_dynamic_partitions_dict = merge_dynamic_partition_info_dicts(
+ system_dict=system_info_dict,
+ other_dict=merged_info_dict,
+ size_prefix='super_',
+ size_suffix='_group_size',
+ list_prefix='super_',
+ list_suffix='_partition_list')
+ merged_info_dict.update(merged_dynamic_partitions_dict)
output_misc_info_txt = os.path.join(output_target_files_temp_dir, 'META',
'misc_info.txt')
-
- sorted_keys = sorted(merged_info_dict.keys())
-
- with open(output_misc_info_txt, 'w') as output:
- for key in sorted_keys:
- output.write('{}={}\n'.format(key, merged_info_dict[key]))
+ write_sorted_data(data=merged_info_dict, path=output_misc_info_txt)
-def process_file_contexts_bin(temp_dir, output_target_files_temp_dir):
- """Perform special processing for META/file_contexts.bin.
+def process_dynamic_partitions_info_txt(system_target_files_dir,
+ other_target_files_dir,
+ output_target_files_dir):
+ """Perform special processing for META/dynamic_partitions_info.txt.
- This function combines plat_file_contexts and vendor_file_contexts, which are
- expected to already be extracted in temp_dir, to produce a merged
- file_contexts.bin that will land in temp_dir at META/file_contexts.bin.
+ This function merges the contents of the META/dynamic_partitions_info.txt
+ files from the system directory and the other directory, placing the merged
+ result in the output directory.
+
+ This function does nothing if META/dynamic_partitions_info.txt from the other
+ directory does not exist.
Args:
- temp_dir: The name of a scratch directory that this function can use for
- intermediate files generated during processing.
- output_target_files_temp_dir: The name of the working directory that must
- already contain plat_file_contexts and vendor_file_contexts (in the
- appropriate sub directories), and to which META/file_contexts.bin will be
- written.
+ system_target_files_dir: The name of a directory containing the special
+ items extracted from the system target files package.
+ other_target_files_dir: The name of a directory containing the special items
+ extracted from the other target files package.
+ output_target_files_dir: The name of a directory that will be used to create
+ the output target files package after all the special cases are processed.
"""
- # To create a merged file_contexts.bin file, we use the system and vendor
- # file contexts files as input, the m4 tool to combine them, the sorting tool
- # to sort, and finally the sefcontext_compile tool to generate the final
- # output. We currently omit a checkfc step since the files had been checked
- # as part of the build.
+ if not os.path.exists(
+ os.path.join(other_target_files_dir, 'META',
+ 'dynamic_partitions_info.txt')):
+ return
- # The m4 step concatenates the two input files contexts files. Since m4
- # writes to stdout, we receive that into an array of bytes, and then write it
- # to a file.
+ def read_helper(d):
+ dynamic_partitions_info_txt = os.path.join(d, 'META',
+ 'dynamic_partitions_info.txt')
+ with open(dynamic_partitions_info_txt) as f:
+ return list(f.read().splitlines())
- # Collect the file contexts that we're going to combine from SYSTEM, VENDOR,
- # PRODUCT, and ODM. We require SYSTEM and VENDOR, but others are optional.
+ system_dynamic_partitions_dict = common.LoadDictionaryFromLines(
+ read_helper(system_target_files_dir))
+ other_dynamic_partitions_dict = common.LoadDictionaryFromLines(
+ read_helper(other_target_files_dir))
- file_contexts_list = []
+ merged_dynamic_partitions_dict = merge_dynamic_partition_info_dicts(
+ system_dict=system_dynamic_partitions_dict,
+ other_dict=other_dynamic_partitions_dict,
+ # META/dynamic_partitions_info.txt does not use dynamic_partition_list.
+ include_dynamic_partition_list=False,
+ size_suffix='_size',
+ list_suffix='_partition_list')
- for partition in ['SYSTEM', 'VENDOR', 'PRODUCT', 'ODM']:
- prefix = 'plat' if partition == 'SYSTEM' else partition.lower()
-
- file_contexts = os.path.join(output_target_files_temp_dir, partition, 'etc',
- 'selinux', prefix + '_file_contexts')
-
- mandatory = partition in ['SYSTEM', 'VENDOR']
-
- if mandatory or os.path.isfile(file_contexts):
- file_contexts_list.append(file_contexts)
- else:
- logger.warning('file not found: %s', file_contexts)
-
- command = ['m4', '--fatal-warnings', '-s'] + file_contexts_list
-
- merged_content = common.RunAndCheckOutput(command, verbose=False)
-
- merged_file_contexts_txt = os.path.join(temp_dir, 'merged_file_contexts.txt')
-
- with open(merged_file_contexts_txt, 'wb') as f:
- f.write(merged_content)
-
- # The sort step sorts the concatenated file.
-
- sorted_file_contexts_txt = os.path.join(temp_dir, 'sorted_file_contexts.txt')
- command = ['fc_sort', merged_file_contexts_txt, sorted_file_contexts_txt]
- common.RunAndWait(command, verbose=True)
-
- # Finally, the compile step creates the final META/file_contexts.bin.
-
- file_contexts_bin = os.path.join(output_target_files_temp_dir, 'META',
- 'file_contexts.bin')
-
- command = [
- 'sefcontext_compile',
- '-o',
- file_contexts_bin,
- sorted_file_contexts_txt,
- ]
-
- common.RunAndWait(command, verbose=True)
+ output_dynamic_partitions_info_txt = os.path.join(
+ output_target_files_dir, 'META', 'dynamic_partitions_info.txt')
+ write_sorted_data(
+ data=merged_dynamic_partitions_dict,
+ path=output_dynamic_partitions_info_txt)
-def process_special_cases(temp_dir, system_target_files_temp_dir,
+def process_apex_keys_apk_certs_common(system_target_files_dir,
+ other_target_files_dir,
+ output_target_files_dir, file_name):
+ """Perform special processing for META/apexkeys.txt or META/apkcerts.txt.
+
+ This function merges the contents of the META/apexkeys.txt or
+ META/apkcerts.txt
+ files from the system directory and the other directory, placing the merged
+ result in the output directory. The precondition in that the files are already
+ extracted.
+ The post condition is that the output META/apexkeys.txt or META/apkcerts.txt
+ contains the merged content.
+
+ Args:
+ system_target_files_dir: The name of a directory containing the special
+ items extracted from the system target files package.
+ other_target_files_dir: The name of a directory containing the special items
+ extracted from the other target files package.
+ output_target_files_dir: The name of a directory that will be used to create
+ the output target files package after all the special cases are processed.
+ file_name: The name of the file to merge. One of apkcerts.txt or
+ apexkeys.txt.
+ """
+
+ def read_helper(d):
+ temp = {}
+ file_path = os.path.join(d, 'META', file_name)
+ with open(file_path) as f:
+ for line in f:
+ if line.strip():
+ temp[line.split()[0]] = line.strip()
+ return temp
+
+ system_dict = read_helper(system_target_files_dir)
+ other_dict = read_helper(other_target_files_dir)
+
+ for key in system_dict:
+ if key in other_dict and other_dict[key] != system_dict[key]:
+ raise ValueError('Conflicting entries found in %s:\n %s and\n %s' %
+ (file_name, system_dict[key], other_dict[key]))
+ other_dict[key] = system_dict[key]
+
+ output_file = os.path.join(output_target_files_dir, 'META', file_name)
+
+ write_sorted_data(data=other_dict.values(), path=output_file)
+
+
+def process_special_cases(system_target_files_temp_dir,
other_target_files_temp_dir,
output_target_files_temp_dir, system_misc_info_keys,
rebuild_recovery):
@@ -526,8 +615,6 @@
processing. This function performs all that special-case processing.
Args:
- temp_dir: The name of a scratch directory that this function can use for
- intermediate files generated during processing.
system_target_files_temp_dir: The name of a directory containing the special
items extracted from the system target files package.
other_target_files_temp_dir: The name of a directory containing the special
@@ -557,9 +644,22 @@
output_target_files_temp_dir=output_target_files_temp_dir,
system_misc_info_keys=system_misc_info_keys)
- process_file_contexts_bin(
- temp_dir=temp_dir,
- output_target_files_temp_dir=output_target_files_temp_dir)
+ process_dynamic_partitions_info_txt(
+ system_target_files_dir=system_target_files_temp_dir,
+ other_target_files_dir=other_target_files_temp_dir,
+ output_target_files_dir=output_target_files_temp_dir)
+
+ process_apex_keys_apk_certs_common(
+ system_target_files_dir=system_target_files_temp_dir,
+ other_target_files_dir=other_target_files_temp_dir,
+ output_target_files_dir=output_target_files_temp_dir,
+ file_name='apkcerts.txt')
+
+ process_apex_keys_apk_certs_common(
+ system_target_files_dir=system_target_files_temp_dir,
+ other_target_files_dir=other_target_files_temp_dir,
+ output_target_files_dir=output_target_files_temp_dir,
+ file_name='apexkeys.txt')
def merge_target_files(temp_dir, system_target_files, system_item_list,
@@ -655,7 +755,6 @@
# files package are in place.
process_special_cases(
- temp_dir=temp_dir,
system_target_files_temp_dir=system_target_files_temp_dir,
other_target_files_temp_dir=other_target_files_temp_dir,
output_target_files_temp_dir=output_target_files_temp_dir,
@@ -728,7 +827,8 @@
output_target_files_meta_dir,
]
find_process = common.Run(find_command, stdout=subprocess.PIPE, verbose=False)
- meta_content = common.RunAndCheckOutput(['sort'], stdin=find_process.stdout,
+ meta_content = common.RunAndCheckOutput(['sort'],
+ stdin=find_process.stdout,
verbose=False)
find_command = [
@@ -736,7 +836,8 @@
output_target_files_meta_dir, '-prune', '-o', '-print'
]
find_process = common.Run(find_command, stdout=subprocess.PIPE, verbose=False)
- other_content = common.RunAndCheckOutput(['sort'], stdin=find_process.stdout,
+ other_content = common.RunAndCheckOutput(['sort'],
+ stdin=find_process.stdout,
verbose=False)
with open(output_target_files_list, 'wb') as f:
@@ -766,7 +867,6 @@
ota_from_target_files.main(ota_from_target_files_args)
-
def call_func_with_temp_dir(func, keep_tmp):
"""Manage the creation and cleanup of the temporary directory.
diff --git a/tools/releasetools/sign_apex.py b/tools/releasetools/sign_apex.py
new file mode 100755
index 0000000..1778615
--- /dev/null
+++ b/tools/releasetools/sign_apex.py
@@ -0,0 +1,103 @@
+#!/usr/bin/env python
+#
+# Copyright (C) 2019 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Signs a standalone APEX file.
+
+Usage: sign_apex [flags] input_apex_file output_apex_file
+
+ --container_key <key>
+ Mandatory flag that specifies the container signing key.
+
+ --payload_key <key>
+ Mandatory flag that specifies the payload signing key.
+
+ --payload_extra_args <args>
+ Optional flag that specifies any extra args to be passed to payload signer
+ (e.g. --payload_extra_args="--signing_helper_with_files /path/to/helper").
+"""
+
+import logging
+import shutil
+import sys
+
+import apex_utils
+import common
+
+logger = logging.getLogger(__name__)
+
+
+def main(argv):
+
+ options = {}
+
+ def option_handler(o, a):
+ if o == '--container_key':
+ # Strip the suffix if any, as common.SignFile expects no suffix.
+ DEFAULT_CONTAINER_KEY_SUFFIX = '.x509.pem'
+ if a.endswith(DEFAULT_CONTAINER_KEY_SUFFIX):
+ a = a[:-len(DEFAULT_CONTAINER_KEY_SUFFIX)]
+ options['container_key'] = a
+ elif o == '--payload_key':
+ options['payload_key'] = a
+ elif o == '--payload_extra_args':
+ options['payload_extra_args'] = a
+ else:
+ return False
+ return True
+
+ args = common.ParseOptions(
+ argv, __doc__,
+ extra_opts='',
+ extra_long_opts=[
+ 'container_key=',
+ 'payload_extra_args=',
+ 'payload_key=',
+ ],
+ extra_option_handler=option_handler)
+
+ if (len(args) != 2 or 'container_key' not in options or
+ 'payload_key' not in options):
+ common.Usage(__doc__)
+ sys.exit(1)
+
+ common.InitLogging()
+
+ input_zip = args[0]
+ output_zip = args[1]
+ with open(input_zip) as input_fp:
+ apex_data = input_fp.read()
+
+ signed_apex = apex_utils.SignApex(
+ apex_data,
+ payload_key=options['payload_key'],
+ container_key=options['container_key'],
+ container_pw=None,
+ codename_to_api_level_map=None,
+ signing_args=options.get('payload_extra_args'))
+
+ shutil.copyfile(signed_apex, output_zip)
+ logger.info("done.")
+
+
+if __name__ == '__main__':
+ try:
+ main(sys.argv[1:])
+ except common.ExternalError:
+ logger.exception("\n ERROR:\n")
+ sys.exit(1)
+ finally:
+ common.Cleanup()
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 7b5f000..7de0978 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -91,12 +91,15 @@
Replace the veritykeyid in BOOT/cmdline of input_target_file_zip
with keyid of the cert pointed by <path_to_X509_PEM_cert_file>.
- --avb_{boot,system,system_other,vendor,dtbo,vbmeta}_algorithm <algorithm>
- --avb_{boot,system,system_other,vendor,dtbo,vbmeta}_key <key>
+ --avb_{boot,system,system_other,vendor,dtbo,vbmeta,vbmeta_system,
+ vbmeta_vendor}_algorithm <algorithm>
+ --avb_{boot,system,system_other,vendor,dtbo,vbmeta,vbmeta_system,
+ vbmeta_vendor}_key <key>
Use the specified algorithm (e.g. SHA256_RSA4096) and the key to AVB-sign
the specified image. Otherwise it uses the existing values in info dict.
- --avb_{apex,boot,system,system_other,vendor,dtbo,vbmeta}_extra_args <args>
+ --avb_{apex,boot,system,system_other,vendor,dtbo,vbmeta,vbmeta_system,
+ vbmeta_vendor}_extra_args <args>
Specify any additional args that are needed to AVB-sign the image
(e.g. "--signing_helper /path/to/helper"). The args will be appended to
the existing ones in info dict.
@@ -400,77 +403,6 @@
return data
-def SignApex(apex_data, payload_key, container_key, container_pw,
- codename_to_api_level_map, signing_args=None):
- """Signs the current APEX with the given payload/container keys.
-
- Args:
- apex_data: Raw APEX data.
- payload_key: The path to payload signing key (w/ extension).
- container_key: The path to container signing key (w/o extension).
- container_pw: The matching password of the container_key, or None.
- codename_to_api_level_map: A dict that maps from codename to API level.
- signing_args: Additional args to be passed to the payload signer.
-
- Returns:
- The path to the signed APEX file.
- """
- apex_file = common.MakeTempFile(prefix='apex-', suffix='.apex')
- with open(apex_file, 'wb') as apex_fp:
- apex_fp.write(apex_data)
-
- APEX_PAYLOAD_IMAGE = 'apex_payload.img'
- APEX_PUBKEY = 'apex_pubkey'
-
- # 1a. Extract and sign the APEX_PAYLOAD_IMAGE entry with the given
- # payload_key.
- payload_dir = common.MakeTempDir(prefix='apex-payload-')
- with zipfile.ZipFile(apex_file) as apex_fd:
- payload_file = apex_fd.extract(APEX_PAYLOAD_IMAGE, payload_dir)
-
- payload_info = apex_utils.ParseApexPayloadInfo(payload_file)
- apex_utils.SignApexPayload(
- payload_file,
- payload_key,
- payload_info['apex.key'],
- payload_info['Algorithm'],
- payload_info['Salt'],
- signing_args)
-
- # 1b. Update the embedded payload public key.
- payload_public_key = common.ExtractAvbPublicKey(payload_key)
-
- common.ZipDelete(apex_file, APEX_PAYLOAD_IMAGE)
- common.ZipDelete(apex_file, APEX_PUBKEY)
- apex_zip = zipfile.ZipFile(apex_file, 'a')
- common.ZipWrite(apex_zip, payload_file, arcname=APEX_PAYLOAD_IMAGE)
- common.ZipWrite(apex_zip, payload_public_key, arcname=APEX_PUBKEY)
- common.ZipClose(apex_zip)
-
- # 2. Align the files at page boundary (same as in apexer).
- aligned_apex = common.MakeTempFile(
- prefix='apex-container-', suffix='.apex')
- common.RunAndCheckOutput(
- ['zipalign', '-f', '4096', apex_file, aligned_apex])
-
- # 3. Sign the APEX container with container_key.
- signed_apex = common.MakeTempFile(prefix='apex-container-', suffix='.apex')
-
- # Specify the 4K alignment when calling SignApk.
- extra_signapk_args = OPTIONS.extra_signapk_args[:]
- extra_signapk_args.extend(['-a', '4096'])
-
- common.SignFile(
- aligned_apex,
- signed_apex,
- container_key,
- container_pw,
- codename_to_api_level_map=codename_to_api_level_map,
- extra_signapk_args=extra_signapk_args)
-
- return signed_apex
-
-
def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
apk_keys, apex_keys, key_passwords,
platform_api_level, codename_to_api_level_map,
@@ -535,7 +467,7 @@
print(" : %-*s payload (%s)" % (
maxsize, name, payload_key))
- signed_apex = SignApex(
+ signed_apex = apex_utils.SignApex(
data,
payload_key,
container_key,
@@ -558,6 +490,13 @@
# System properties.
elif filename in ("SYSTEM/build.prop",
"VENDOR/build.prop",
+ "SYSTEM/vendor/build.prop",
+ "ODM/build.prop",
+ "VENDOR/odm/build.prop",
+ "PRODUCT/build.prop",
+ "SYSTEM/product/build.prop",
+ "PRODUCT_SERVICES/build.prop",
+ "SYSTEM/product_services/build.prop",
"SYSTEM/etc/prop.default",
"BOOT/RAMDISK/prop.default",
"BOOT/RAMDISK/default.prop", # legacy
@@ -752,8 +691,8 @@
original_line = line
if line and line[0] != '#' and "=" in line:
key, value = line.split("=", 1)
- if key in ("ro.build.fingerprint", "ro.build.thumbprint",
- "ro.vendor.build.fingerprint", "ro.vendor.build.thumbprint"):
+ if (key.startswith("ro.") and
+ key.endswith((".build.fingerprint", ".build.thumbprint"))):
pieces = value.split("/")
pieces[-1] = EditTags(pieces[-1])
value = "/".join(pieces)
@@ -766,7 +705,7 @@
assert len(pieces) == 5
pieces[-1] = EditTags(pieces[-1])
value = " ".join(pieces)
- elif key == "ro.build.tags":
+ elif key.startswith("ro.") and key.endswith(".build.tags"):
value = EditTags(value)
elif key == "ro.build.display.id":
# change, eg, "JWR66N dev-keys" to "JWR66N"
@@ -959,6 +898,8 @@
'system_other' : 'avb_system_other_add_hashtree_footer_args',
'vendor' : 'avb_vendor_add_hashtree_footer_args',
'vbmeta' : 'avb_vbmeta_args',
+ 'vbmeta_system' : 'avb_vbmeta_system_args',
+ 'vbmeta_vendor' : 'avb_vbmeta_vendor_args',
}
def ReplaceAvbPartitionSigningKey(partition):
@@ -1186,6 +1127,18 @@
OPTIONS.avb_algorithms['vendor'] = a
elif o == "--avb_vendor_extra_args":
OPTIONS.avb_extra_args['vendor'] = a
+ elif o == "--avb_vbmeta_system_key":
+ OPTIONS.avb_keys['vbmeta_system'] = a
+ elif o == "--avb_vbmeta_system_algorithm":
+ OPTIONS.avb_algorithms['vbmeta_system'] = a
+ elif o == "--avb_vbmeta_system_extra_args":
+ OPTIONS.avb_extra_args['vbmeta_system'] = a
+ elif o == "--avb_vbmeta_vendor_key":
+ OPTIONS.avb_keys['vbmeta_vendor'] = a
+ elif o == "--avb_vbmeta_vendor_algorithm":
+ OPTIONS.avb_algorithms['vbmeta_vendor'] = a
+ elif o == "--avb_vbmeta_vendor_extra_args":
+ OPTIONS.avb_extra_args['vbmeta_vendor'] = a
elif o == "--avb_apex_extra_args":
OPTIONS.avb_extra_args['apex'] = a
else:
@@ -1225,6 +1178,12 @@
"avb_vendor_algorithm=",
"avb_vendor_key=",
"avb_vendor_extra_args=",
+ "avb_vbmeta_system_algorithm=",
+ "avb_vbmeta_system_key=",
+ "avb_vbmeta_system_extra_args=",
+ "avb_vbmeta_vendor_algorithm=",
+ "avb_vbmeta_vendor_key=",
+ "avb_vbmeta_vendor_extra_args=",
],
extra_option_handler=option_handler)
diff --git a/tools/releasetools/test_add_img_to_target_files.py b/tools/releasetools/test_add_img_to_target_files.py
index 422262c..08e0190 100644
--- a/tools/releasetools/test_add_img_to_target_files.py
+++ b/tools/releasetools/test_add_img_to_target_files.py
@@ -283,6 +283,35 @@
self._verifyCareMap(expected, care_map_file)
+ @test_utils.SkipIfExternalToolsUnavailable()
+ def test_AddCareMapForAbOta_skipPartition(self):
+ image_paths = self._test_AddCareMapForAbOta()
+
+ # Remove vendor_image_size to invalidate the care_map for vendor.img.
+ del OPTIONS.info_dict['vendor_image_size']
+
+ AddCareMapForAbOta(None, ['system', 'vendor'], image_paths)
+
+ care_map_file = os.path.join(OPTIONS.input_tmp, 'META', 'care_map.pb')
+ expected = ['system', RangeSet("0-5 10-15").to_string_raw(),
+ "ro.system.build.fingerprint",
+ "google/sailfish/12345:user/dev-keys"]
+
+ self._verifyCareMap(expected, care_map_file)
+
+ @test_utils.SkipIfExternalToolsUnavailable()
+ def test_AddCareMapForAbOta_skipAllPartitions(self):
+ image_paths = self._test_AddCareMapForAbOta()
+
+ # Remove the image_size properties for all the partitions.
+ del OPTIONS.info_dict['system_image_size']
+ del OPTIONS.info_dict['vendor_image_size']
+
+ AddCareMapForAbOta(None, ['system', 'vendor'], image_paths)
+
+ self.assertFalse(
+ os.path.exists(os.path.join(OPTIONS.input_tmp, 'META', 'care_map.pb')))
+
def test_AddCareMapForAbOta_verityNotEnabled(self):
"""No care_map.pb should be generated if verity not enabled."""
image_paths = self._test_AddCareMapForAbOta()
diff --git a/tools/releasetools/test_merge_target_files.py b/tools/releasetools/test_merge_target_files.py
index 7e18a34..1e29fde 100644
--- a/tools/releasetools/test_merge_target_files.py
+++ b/tools/releasetools/test_merge_target_files.py
@@ -21,7 +21,9 @@
from merge_target_files import (read_config_list, validate_config_lists,
default_system_item_list,
default_other_item_list,
- default_system_misc_info_keys, copy_items)
+ default_system_misc_info_keys, copy_items,
+ merge_dynamic_partition_info_dicts,
+ process_apex_keys_apk_certs_common)
class MergeTargetFilesTest(test_utils.ReleaseToolsTestCase):
@@ -128,3 +130,86 @@
self.assertFalse(
validate_config_lists(default_system_item_list, system_misc_info_keys,
default_other_item_list))
+
+ def test_merge_dynamic_partition_info_dicts_ReturnsMergedDict(self):
+ system_dict = {
+ 'super_partition_groups': 'group_a',
+ 'dynamic_partition_list': 'system',
+ 'super_group_a_list': 'system',
+ }
+ other_dict = {
+ 'super_partition_groups': 'group_a group_b',
+ 'dynamic_partition_list': 'vendor product',
+ 'super_group_a_list': 'vendor',
+ 'super_group_a_size': '1000',
+ 'super_group_b_list': 'product',
+ 'super_group_b_size': '2000',
+ }
+ merged_dict = merge_dynamic_partition_info_dicts(
+ system_dict=system_dict,
+ other_dict=other_dict,
+ size_prefix='super_',
+ size_suffix='_size',
+ list_prefix='super_',
+ list_suffix='_list')
+ expected_merged_dict = {
+ 'super_partition_groups': 'group_a group_b',
+ 'dynamic_partition_list': 'system vendor product',
+ 'super_group_a_list': 'system vendor',
+ 'super_group_a_size': '1000',
+ 'super_group_b_list': 'product',
+ 'super_group_b_size': '2000',
+ }
+ self.assertEqual(merged_dict, expected_merged_dict)
+
+ def test_process_apex_keys_apk_certs_ReturnsTrueIfNoConflicts(self):
+ output_dir = common.MakeTempDir()
+ os.makedirs(os.path.join(output_dir, 'META'))
+
+ system_dir = common.MakeTempDir()
+ os.makedirs(os.path.join(system_dir, 'META'))
+ os.symlink(
+ os.path.join(self.testdata_dir, 'apexkeys_system.txt'),
+ os.path.join(system_dir, 'META', 'apexkeys.txt'))
+
+ other_dir = common.MakeTempDir()
+ os.makedirs(os.path.join(other_dir, 'META'))
+ os.symlink(
+ os.path.join(self.testdata_dir, 'apexkeys_other.txt'),
+ os.path.join(other_dir, 'META', 'apexkeys.txt'))
+
+ process_apex_keys_apk_certs_common(system_dir, other_dir, output_dir,
+ 'apexkeys.txt')
+
+ merged_entries = []
+ merged_path = os.path.join(self.testdata_dir, 'apexkeys_merge.txt')
+
+ with open(merged_path) as f:
+ merged_entries = f.read().split('\n')
+
+ output_entries = []
+ output_path = os.path.join(output_dir, 'META', 'apexkeys.txt')
+
+ with open(output_path) as f:
+ output_entries = f.read().split('\n')
+
+ return self.assertEqual(merged_entries, output_entries)
+
+ def test_process_apex_keys_apk_certs_ReturnsFalseIfConflictsPresent(self):
+ output_dir = common.MakeTempDir()
+ os.makedirs(os.path.join(output_dir, 'META'))
+
+ system_dir = common.MakeTempDir()
+ os.makedirs(os.path.join(system_dir, 'META'))
+ os.symlink(
+ os.path.join(self.testdata_dir, 'apexkeys_system.txt'),
+ os.path.join(system_dir, 'META', 'apexkeys.txt'))
+
+ conflict_dir = common.MakeTempDir()
+ os.makedirs(os.path.join(conflict_dir, 'META'))
+ os.symlink(
+ os.path.join(self.testdata_dir, 'apexkeys_system_conflict.txt'),
+ os.path.join(conflict_dir, 'META', 'apexkeys.txt'))
+
+ self.assertRaises(ValueError, process_apex_keys_apk_certs_common,
+ system_dir, conflict_dir, output_dir, 'apexkeys.txt')
diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py
index a7bf977..e142ebb 100644
--- a/tools/releasetools/test_sign_target_files_apks.py
+++ b/tools/releasetools/test_sign_target_files_apks.py
@@ -53,36 +53,60 @@
def test_RewriteProps(self):
props = (
- ('', '\n'),
+ ('', ''),
('ro.build.fingerprint=foo/bar/dev-keys',
- 'ro.build.fingerprint=foo/bar/release-keys\n'),
+ 'ro.build.fingerprint=foo/bar/release-keys'),
('ro.build.thumbprint=foo/bar/dev-keys',
- 'ro.build.thumbprint=foo/bar/release-keys\n'),
+ 'ro.build.thumbprint=foo/bar/release-keys'),
('ro.vendor.build.fingerprint=foo/bar/dev-keys',
- 'ro.vendor.build.fingerprint=foo/bar/release-keys\n'),
+ 'ro.vendor.build.fingerprint=foo/bar/release-keys'),
('ro.vendor.build.thumbprint=foo/bar/dev-keys',
- 'ro.vendor.build.thumbprint=foo/bar/release-keys\n'),
- ('# comment line 1', '# comment line 1\n'),
+ 'ro.vendor.build.thumbprint=foo/bar/release-keys'),
+ ('ro.odm.build.fingerprint=foo/bar/test-keys',
+ 'ro.odm.build.fingerprint=foo/bar/release-keys'),
+ ('ro.odm.build.thumbprint=foo/bar/test-keys',
+ 'ro.odm.build.thumbprint=foo/bar/release-keys'),
+ ('ro.product.build.fingerprint=foo/bar/dev-keys',
+ 'ro.product.build.fingerprint=foo/bar/release-keys'),
+ ('ro.product.build.thumbprint=foo/bar/dev-keys',
+ 'ro.product.build.thumbprint=foo/bar/release-keys'),
+ ('ro.product_services.build.fingerprint=foo/bar/test-keys',
+ 'ro.product_services.build.fingerprint=foo/bar/release-keys'),
+ ('ro.product_services.build.thumbprint=foo/bar/test-keys',
+ 'ro.product_services.build.thumbprint=foo/bar/release-keys'),
+ ('# comment line 1', '# comment line 1'),
('ro.bootimage.build.fingerprint=foo/bar/dev-keys',
- 'ro.bootimage.build.fingerprint=foo/bar/release-keys\n'),
+ 'ro.bootimage.build.fingerprint=foo/bar/release-keys'),
('ro.build.description='
'sailfish-user 8.0.0 OPR6.170623.012 4283428 dev-keys',
'ro.build.description='
- 'sailfish-user 8.0.0 OPR6.170623.012 4283428 release-keys\n'),
- ('ro.build.tags=dev-keys', 'ro.build.tags=release-keys\n'),
- ('# comment line 2', '# comment line 2\n'),
+ 'sailfish-user 8.0.0 OPR6.170623.012 4283428 release-keys'),
+ ('ro.build.tags=dev-keys', 'ro.build.tags=release-keys'),
+ ('ro.build.tags=test-keys', 'ro.build.tags=release-keys'),
+ ('ro.system.build.tags=dev-keys',
+ 'ro.system.build.tags=release-keys'),
+ ('ro.vendor.build.tags=dev-keys',
+ 'ro.vendor.build.tags=release-keys'),
+ ('ro.odm.build.tags=dev-keys',
+ 'ro.odm.build.tags=release-keys'),
+ ('ro.product.build.tags=dev-keys',
+ 'ro.product.build.tags=release-keys'),
+ ('ro.product_services.build.tags=dev-keys',
+ 'ro.product_services.build.tags=release-keys'),
+ ('# comment line 2', '# comment line 2'),
('ro.build.display.id=OPR6.170623.012 dev-keys',
- 'ro.build.display.id=OPR6.170623.012\n'),
- ('# comment line 3', '# comment line 3\n'),
+ 'ro.build.display.id=OPR6.170623.012'),
+ ('# comment line 3', '# comment line 3'),
)
# Assert the case for each individual line.
- for prop, output in props:
- self.assertEqual(RewriteProps(prop), output)
+ for prop, expected in props:
+ self.assertEqual(expected + '\n', RewriteProps(prop))
# Concatenate all the input lines.
- self.assertEqual(RewriteProps('\n'.join([prop[0] for prop in props])),
- ''.join([prop[1] for prop in props]))
+ self.assertEqual(
+ '\n'.join([prop[1] for prop in props]) + '\n',
+ RewriteProps('\n'.join([prop[0] for prop in props])))
def test_ReplaceVerityKeyId(self):
BOOT_CMDLINE1 = (
diff --git a/tools/releasetools/testdata/apexkeys_merge.txt b/tools/releasetools/testdata/apexkeys_merge.txt
new file mode 100644
index 0000000..48e789f
--- /dev/null
+++ b/tools/releasetools/testdata/apexkeys_merge.txt
@@ -0,0 +1,4 @@
+name="com.android.conscrypt.apex" public_key="external/conscrypt/apex/com.android.conscrypt.avbpubkey" private_key="external/conscrypt/apex/com.android.conscrypt.pem" container_certificate="external/conscrypt/apex/com.android.conscrypt.x509.pem" container_private_key="external/conscrypt/apex/com.android.conscrypt.pk8"
+name="com.android.runtime.debug.apex" public_key="art/build/apex/com.android.runtime.avbpubkey" private_key="art/build/apex/com.android.runtime.pem" container_certificate="art/build/apex/com.android.runtime.debug.x509.pem" container_private_key="art/build/apex/com.android.runtime.debug.pk8"
+name="com.android.runtime.release.apex" public_key="art/build/apex/com.android.runtime.avbpubkey" private_key="art/build/apex/com.android.runtime.pem" container_certificate="art/build/apex/com.android.runtime.release.x509.pem" container_private_key="art/build/apex/com.android.runtime.release.pk8"
+name="com.android.support.apexer.apex" public_key="system/apex/apexer/etc/com.android.support.apexer.avbpubkey" private_key="system/apex/apexer/etc/com.android.support.apexer.pem" container_certificate="build/target/product/security/testkey.x509.pem" container_private_key="build/target/product/security/testkey.pk8"
diff --git a/tools/releasetools/testdata/apexkeys_other.txt b/tools/releasetools/testdata/apexkeys_other.txt
new file mode 100644
index 0000000..b751227
--- /dev/null
+++ b/tools/releasetools/testdata/apexkeys_other.txt
@@ -0,0 +1,3 @@
+name="com.android.runtime.release.apex" public_key="art/build/apex/com.android.runtime.avbpubkey" private_key="art/build/apex/com.android.runtime.pem" container_certificate="art/build/apex/com.android.runtime.release.x509.pem" container_private_key="art/build/apex/com.android.runtime.release.pk8"
+name="com.android.support.apexer.apex" public_key="system/apex/apexer/etc/com.android.support.apexer.avbpubkey" private_key="system/apex/apexer/etc/com.android.support.apexer.pem" container_certificate="build/target/product/security/testkey.x509.pem" container_private_key="build/target/product/security/testkey.pk8"
+name="com.android.runtime.debug.apex" public_key="art/build/apex/com.android.runtime.avbpubkey" private_key="art/build/apex/com.android.runtime.pem" container_certificate="art/build/apex/com.android.runtime.debug.x509.pem" container_private_key="art/build/apex/com.android.runtime.debug.pk8"
diff --git a/tools/releasetools/testdata/apexkeys_system.txt b/tools/releasetools/testdata/apexkeys_system.txt
new file mode 100644
index 0000000..2346668
--- /dev/null
+++ b/tools/releasetools/testdata/apexkeys_system.txt
@@ -0,0 +1,2 @@
+name="com.android.runtime.debug.apex" public_key="art/build/apex/com.android.runtime.avbpubkey" private_key="art/build/apex/com.android.runtime.pem" container_certificate="art/build/apex/com.android.runtime.debug.x509.pem" container_private_key="art/build/apex/com.android.runtime.debug.pk8"
+name="com.android.conscrypt.apex" public_key="external/conscrypt/apex/com.android.conscrypt.avbpubkey" private_key="external/conscrypt/apex/com.android.conscrypt.pem" container_certificate="external/conscrypt/apex/com.android.conscrypt.x509.pem" container_private_key="external/conscrypt/apex/com.android.conscrypt.pk8"
diff --git a/tools/releasetools/testdata/apexkeys_system_conflict.txt b/tools/releasetools/testdata/apexkeys_system_conflict.txt
new file mode 100644
index 0000000..caa21c2
--- /dev/null
+++ b/tools/releasetools/testdata/apexkeys_system_conflict.txt
@@ -0,0 +1 @@
+name="com.android.runtime.debug.apex" public_key="art/build/apex/com.android.runtime.avbpubkey" private_key="art/build/apex/com.android.runtime.pem" container_certificate="art/build/apex/com.android.runtime.release.x509.pem" container_private_key="art/build/apex/com.android.runtime.debug.pk8"
diff --git a/tools/releasetools/verity_utils.py b/tools/releasetools/verity_utils.py
index 3a58755..3063800 100644
--- a/tools/releasetools/verity_utils.py
+++ b/tools/releasetools/verity_utils.py
@@ -52,7 +52,7 @@
def GetVerityMetadataSize(image_size):
- cmd = ["build_verity_metadata.py", "size", str(image_size)]
+ cmd = ["build_verity_metadata", "size", str(image_size)]
output = common.RunAndCheckOutput(cmd, verbose=False)
return int(output)
@@ -97,7 +97,7 @@
def BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt,
block_device, signer_path, key, signer_args,
verity_disable):
- cmd = ["build_verity_metadata.py", "build", str(image_size),
+ cmd = ["build_verity_metadata", "build", str(image_size),
verity_metadata_path, root_hash, salt, block_device, signer_path, key]
if signer_args:
cmd.append("--signer_args=\"%s\"" % (' '.join(signer_args),))