Merge "releasetools: Set the search path based on the current executable."
diff --git a/CleanSpec.mk b/CleanSpec.mk
index 4e06d80..8219afc 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -678,6 +678,9 @@
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/apex)
+# Migrate preopt files to system_other for some devices
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/*/*app/*/oat)
+
# ************************************************
# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
# ************************************************
diff --git a/core/Makefile b/core/Makefile
index 368624f..f02eb19 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -3303,26 +3303,41 @@
# Appends os version and security patch level as a AVB property descriptor
BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS += \
+ --prop com.android.build.system.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
--prop com.android.build.system.os_version:$(PLATFORM_VERSION) \
--prop com.android.build.system.security_patch:$(PLATFORM_SECURITY_PATCH)
BOARD_AVB_PRODUCT_ADD_HASHTREE_FOOTER_ARGS += \
+ --prop com.android.build.product.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
--prop com.android.build.product.os_version:$(PLATFORM_VERSION) \
--prop com.android.build.product.security_patch:$(PLATFORM_SECURITY_PATCH)
BOARD_AVB_SYSTEM_EXT_ADD_HASHTREE_FOOTER_ARGS += \
+ --prop com.android.build.system_ext.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
--prop com.android.build.system_ext.os_version:$(PLATFORM_VERSION) \
--prop com.android.build.system_ext.security_patch:$(PLATFORM_SECURITY_PATCH)
BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS += \
+ --prop com.android.build.boot.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
--prop com.android.build.boot.os_version:$(PLATFORM_VERSION)
+BOARD_AVB_VENDOR_BOOT_ADD_HASH_FOOTER_ARGS += \
+ --prop com.android.build.vendor_boot.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
+
+BOARD_AVB_RECOVERY_ADD_HASH_FOOTER_ARGS += \
+ --prop com.android.build.recovery.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE)
+
BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS += \
+ --prop com.android.build.vendor.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
--prop com.android.build.vendor.os_version:$(PLATFORM_VERSION)
BOARD_AVB_ODM_ADD_HASHTREE_FOOTER_ARGS += \
+ --prop com.android.build.odm.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE) \
--prop com.android.build.odm.os_version:$(PLATFORM_VERSION)
+BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS += \
+ --prop com.android.build.dtbo.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE)
+
# The following vendor- and odm-specific images needs explicit SPL set per board.
ifdef BOOT_SECURITY_PATCH
BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS += \
diff --git a/core/board_config.mk b/core/board_config.mk
index 9032aaf..9ecca58 100644
--- a/core/board_config.mk
+++ b/core/board_config.mk
@@ -506,9 +506,9 @@
###########################################
# Now we can substitute with the real value of TARGET_COPY_OUT_ODM
ifeq ($(TARGET_COPY_OUT_ODM),$(_odm_path_placeholder))
- TARGET_COPY_OUT_ODM := vendor/odm
-else ifeq ($(filter odm vendor/odm,$(TARGET_COPY_OUT_ODM)),)
- $(error TARGET_COPY_OUT_ODM must be either 'odm' or 'vendor/odm', seeing '$(TARGET_COPY_OUT_ODM)'.)
+ TARGET_COPY_OUT_ODM := $(TARGET_COPY_OUT_VENDOR)/odm
+else ifeq ($(filter odm system/vendor/odm vendor/odm,$(TARGET_COPY_OUT_ODM)),)
+ $(error TARGET_COPY_OUT_ODM must be either 'odm', 'system/vendor/odm' or 'vendor/odm', seeing '$(TARGET_COPY_OUT_ODM)'.)
endif
PRODUCT_COPY_FILES := $(subst $(_odm_path_placeholder),$(TARGET_COPY_OUT_ODM),$(PRODUCT_COPY_FILES))
diff --git a/core/definitions.mk b/core/definitions.mk
index 7450d4f..a8bf4d5 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -2279,7 +2279,7 @@
# Align STORED entries of a package on 4-byte boundaries to make them easier to mmap.
#
define align-package
-$(hide) if ! $(ZIPALIGN) -c $(ZIPALIGN_PAGE_ALIGN_FLAGS) 4 $@ >/dev/null ; then \
+$(hide) if ! $(ZIPALIGN) -c -p 4 $@ >/dev/null ; then \
mv $@ $@.unaligned; \
$(ZIPALIGN) \
-f \
diff --git a/core/dex_preopt_config.mk b/core/dex_preopt_config.mk
index 69eaea1..cfe918f 100644
--- a/core/dex_preopt_config.mk
+++ b/core/dex_preopt_config.mk
@@ -4,7 +4,8 @@
DEX_PREOPT_DEFAULT ?= true
# The default filter for which files go into the system_other image (if it is
-# being used). To bundle everything one should set this to '%'
+# being used). Note that each pattern p here matches both '/<p>' and /system/<p>'.
+# To bundle everything one should set this to '%'.
SYSTEM_OTHER_ODEX_FILTER ?= \
app/% \
priv-app/% \
diff --git a/core/main.mk b/core/main.mk
index e9d4390..5930abe 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -220,6 +220,9 @@
ADDITIONAL_BUILD_PROPERTIES += persist.debug.dalvik.vm.core_platform_api_policy=just-warn
endif
+# Define ro.sanitize.<name> properties for all global sanitizers.
+ADDITIONAL_BUILD_PROPERTIES += $(foreach s,$(SANITIZE_TARGET),ro.sanitize.$(s)=true)
+
# Sets the default value of ro.postinstall.fstab.prefix to /system.
# Device board config should override the value to /product when needed by:
#
diff --git a/target/product/mainline_system.mk b/target/product/mainline_system.mk
index b8f2838..a71f9b8 100644
--- a/target/product/mainline_system.mk
+++ b/target/product/mainline_system.mk
@@ -64,8 +64,8 @@
# For ringtones that rely on forward lock encryption
PRODUCT_PACKAGES += libfwdlockengine
-# System libraries commonly depended on by things on the product partition.
-# This list will be pruned periodically.
+# System libraries commonly depended on by things on the system_ext or product partitions.
+# These lists will be pruned periodically.
PRODUCT_PACKAGES += \
android.hardware.biometrics.fingerprint@2.1 \
android.hardware.radio@1.0 \
@@ -85,6 +85,13 @@
libnl \
libprotobuf-cpp-full \
+# These libraries are empty and have been combined into libhidlbase, but are still depended
+# on by things off /system.
+# TODO(b/135686713): remove these
+PRODUCT_PACKAGES += \
+ libhidltransport \
+ libhwbinder \
+
# Camera service uses 'libdepthphoto' for adding dynamic depth
# metadata inside depth jpegs.
PRODUCT_PACKAGES += \
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 710147b..0ef698e 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -153,6 +153,20 @@
OPTIONS.avb_extra_args = {}
+AVB_FOOTER_ARGS_BY_PARTITION = {
+ 'boot' : 'avb_boot_add_hash_footer_args',
+ 'dtbo' : 'avb_dtbo_add_hash_footer_args',
+ 'recovery' : 'avb_recovery_add_hash_footer_args',
+ 'system' : 'avb_system_add_hashtree_footer_args',
+ 'system_other' : 'avb_system_other_add_hashtree_footer_args',
+ 'vendor' : 'avb_vendor_add_hashtree_footer_args',
+ 'vendor_boot' : 'avb_vendor_boot_add_hash_footer_args',
+ 'vbmeta' : 'avb_vbmeta_args',
+ 'vbmeta_system' : 'avb_vbmeta_system_args',
+ 'vbmeta_vendor' : 'avb_vbmeta_vendor_args',
+}
+
+
def GetApkCerts(certmap):
# apply the key remapping to the contents of the file
for apk, cert in certmap.items():
@@ -622,6 +636,10 @@
# Replace the AVB signing keys, if any.
ReplaceAvbSigningKeys(misc_info)
+ # Rewrite the props in AVB signing args.
+ if misc_info.get('avb_enable') == 'true':
+ RewriteAvbProps(misc_info)
+
# Write back misc_info with the latest values.
ReplaceMiscInfoTxt(input_tf_zip, output_tf_zip, misc_info)
@@ -910,18 +928,6 @@
def ReplaceAvbSigningKeys(misc_info):
"""Replaces the AVB signing keys."""
- AVB_FOOTER_ARGS_BY_PARTITION = {
- 'boot' : 'avb_boot_add_hash_footer_args',
- 'dtbo' : 'avb_dtbo_add_hash_footer_args',
- 'recovery' : 'avb_recovery_add_hash_footer_args',
- 'system' : 'avb_system_add_hashtree_footer_args',
- 'system_other' : 'avb_system_other_add_hashtree_footer_args',
- 'vendor' : 'avb_vendor_add_hashtree_footer_args',
- 'vbmeta' : 'avb_vbmeta_args',
- 'vbmeta_system' : 'avb_vbmeta_system_args',
- 'vbmeta_vendor' : 'avb_vbmeta_vendor_args',
- }
-
def ReplaceAvbPartitionSigningKey(partition):
key = OPTIONS.avb_keys.get(partition)
if not key:
@@ -946,6 +952,32 @@
ReplaceAvbPartitionSigningKey(partition)
+def RewriteAvbProps(misc_info):
+ """Rewrites the props in AVB signing args."""
+ for partition, args_key in AVB_FOOTER_ARGS_BY_PARTITION.items():
+ args = misc_info.get(args_key)
+ if not args:
+ continue
+
+ tokens = []
+ changed = False
+ for token in args.split(' '):
+ fingerprint_key = 'com.android.build.{}.fingerprint'.format(partition)
+ if not token.startswith(fingerprint_key):
+ tokens.append(token)
+ continue
+ prefix, tag = token.rsplit('/', 1)
+ tokens.append('{}/{}'.format(prefix, EditTags(tag)))
+ changed = True
+
+ if changed:
+ result = ' '.join(tokens)
+ print('Rewriting AVB prop for {}:\n'.format(partition))
+ print(' replace: {}'.format(args))
+ print(' with: {}'.format(result))
+ misc_info[args_key] = result
+
+
def BuildKeyMap(misc_info, key_mapping_options):
for s, d in key_mapping_options:
if s is None: # -d option
diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py
index e0a635a..2b84413 100644
--- a/tools/releasetools/test_sign_target_files_apks.py
+++ b/tools/releasetools/test_sign_target_files_apks.py
@@ -23,7 +23,8 @@
import test_utils
from sign_target_files_apks import (
CheckApkAndApexKeysAvailable, EditTags, GetApkFileInfo, ReadApexKeysInfo,
- ReplaceCerts, ReplaceVerityKeyId, RewriteProps, WriteOtacerts)
+ ReplaceCerts, ReplaceVerityKeyId, RewriteAvbProps, RewriteProps,
+ WriteOtacerts)
class SignTargetFilesApksTest(test_utils.ReleaseToolsTestCase):
@@ -52,6 +53,40 @@
# Tags are sorted.
self.assertEqual(EditTags('xyz,abc,dev-keys,xyz'), ('abc,release-keys,xyz'))
+ def test_RewriteAvbProps(self):
+ misc_info = {
+ 'avb_boot_add_hash_footer_args':
+ ('--prop com.android.build.boot.os_version:R '
+ '--prop com.android.build.boot.security_patch:2019-09-05'),
+ 'avb_system_add_hashtree_footer_args':
+ ('--prop com.android.build.system.os_version:R '
+ '--prop com.android.build.system.security_patch:2019-09-05 '
+ '--prop com.android.build.system.fingerprint:'
+ 'Android/aosp_taimen/taimen:R/QT/foo:userdebug/test-keys'),
+ 'avb_vendor_add_hashtree_footer_args':
+ ('--prop com.android.build.vendor.os_version:R '
+ '--prop com.android.build.vendor.security_patch:2019-09-05 '
+ '--prop com.android.build.vendor.fingerprint:'
+ 'Android/aosp_taimen/taimen:R/QT/foo:userdebug/dev-keys'),
+ }
+ expected_dict = {
+ 'avb_boot_add_hash_footer_args':
+ ('--prop com.android.build.boot.os_version:R '
+ '--prop com.android.build.boot.security_patch:2019-09-05'),
+ 'avb_system_add_hashtree_footer_args':
+ ('--prop com.android.build.system.os_version:R '
+ '--prop com.android.build.system.security_patch:2019-09-05 '
+ '--prop com.android.build.system.fingerprint:'
+ 'Android/aosp_taimen/taimen:R/QT/foo:userdebug/release-keys'),
+ 'avb_vendor_add_hashtree_footer_args':
+ ('--prop com.android.build.vendor.os_version:R '
+ '--prop com.android.build.vendor.security_patch:2019-09-05 '
+ '--prop com.android.build.vendor.fingerprint:'
+ 'Android/aosp_taimen/taimen:R/QT/foo:userdebug/release-keys'),
+ }
+ RewriteAvbProps(misc_info)
+ self.assertDictEqual(expected_dict, misc_info)
+
def test_RewriteProps(self):
props = (
('', ''),