Merge changes from topic "vndk-no-vendor-variant"
* changes:
Add support for no-vendor-variant VNDK
Add module-target-built-files function
diff --git a/CleanSpec.mk b/CleanSpec.mk
index 51139ed..3d9a1ef 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -610,6 +610,9 @@
$(call add-clean-step, rm -rf $(TARGET_OUT_DATA)/*)
$(call add-clean-step, rm -rf $(HOST_OUT)/vts/*)
$(call add-clean-step, rm -rf $(HOST_OUT)/framework/vts-tradefed.jar)
+
+# Clean up old location of system_other.avbpubkey
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/security/avb/)
# ************************************************
# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
# ************************************************
diff --git a/core/Makefile b/core/Makefile
index 1b2e6c3..a0aa94f 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -730,6 +730,13 @@
$(call dist-for-goals,droidcore,$(BUILD_SYSTEM_STATS))
# -----------------------------------------------------------------
+# build /product/etc/security/avb/system_other.avbpubkey if needed
+ifdef BUILDING_SYSTEM_OTHER_IMAGE
+INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET := $(TARGET_OUT_PRODUCT_ETC)/security/avb/system_other.avbpubkey
+ALL_DEFAULT_INSTALLED_MODULES += $(INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET)
+endif # BUILDING_SYSTEM_OTHER_IMAGE
+
+# -----------------------------------------------------------------
# Modules ready to be converted to Soong, ordered by how many
# modules depend on them.
SOONG_CONV := $(sort $(SOONG_CONV))
@@ -1463,8 +1470,7 @@
$(if $(BOARD_AVB_ENABLE),\
$(if $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH),\
$(hide) echo "avb_system_other_key_path=$(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)" >> $(1)
- $(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1)
- $(hide) echo "avb_system_extract_system_other_key=true" >> $(1)))
+ $(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1)))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
$(if $(BOARD_AVB_ENABLE),\
@@ -2980,9 +2986,11 @@
BOARD_AVB_SYSTEM_OTHER_ALGORITHM := $(BOARD_AVB_ALGORITHM)
endif
-# To extract the public key of SYSTEM_OTHER_KEY_PATH will into system.img:
-# /system/etc/security/avb/system_other.avbpubkey.
-FULL_SYSTEMIMAGE_DEPS += $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)
+$(INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET): $(AVBTOOL) $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)
+ @echo Extracting system_other avb key: $@
+ @rm -f $@
+ @mkdir -p $(dir $@)
+ $(AVBTOOL) extract_public_key --key $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH) --output $@
ifndef BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX
BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
diff --git a/core/product-graph.mk b/core/product-graph.mk
index 1efc687..a114b65 100644
--- a/core/product-graph.mk
+++ b/core/product-graph.mk
@@ -36,8 +36,6 @@
this_makefile := build/make/core/product-graph.mk
-products_svg := $(OUT_DIR)/products.svg
-products_pdf := $(OUT_DIR)/products.pdf
products_graph := $(OUT_DIR)/products.dot
ifeq ($(strip $(ANDROID_PRODUCT_GRAPH)),)
products_list := $(INTERNAL_PRODUCT)
@@ -137,13 +135,8 @@
$(eval product_debug_files += $(call product-debug-filename, $(p))) \
)
-$(products_pdf): $(products_graph)
- @echo Product graph PDF: $@
- dot -Tpdf -Nshape=box -o $@ $<
-
-$(products_svg): $(products_graph) $(product_debug_files)
- @echo Product graph SVG: $@
- dot -Tsvg -Nshape=box -o $@ $<
-
-product-graph: $(products_pdf) $(products_svg)
.PHONY: product-graph
+product-graph: $(products_graph)
+ @echo Product graph .dot file: $(products_graph)
+ @echo Command to convert to pdf: dot -Tpdf -Nshape=box -o $(OUT_DIR)/products.pdf $(products_graph)
+ @echo Command to convert to svg: dot -Tsvg -Nshape=box -o $(OUT_DIR)/products.svg $(products_graph)
diff --git a/target/product/mainline_system.mk b/target/product/mainline_system.mk
index 0ddc3db..ecd5691 100644
--- a/target/product/mainline_system.mk
+++ b/target/product/mainline_system.mk
@@ -81,7 +81,6 @@
libminui \
libnl \
libprotobuf-cpp-full \
- libprotobuf-cpp-full-rtti \
PRODUCT_PACKAGES_DEBUG += \
avbctl \
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index bcbc921..d2f4e25 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -740,28 +740,6 @@
f.writelines(["%s=%s" % (key, value) for (key, value) in glob_dict.items()])
-def ExtractSystemOtherAvbKey(in_dir, glob_dict):
- if glob_dict.get("avb_system_extract_system_other_key") != "true":
- return
-
- extract_to = os.path.join(in_dir, "etc/security/avb/system_other.avbpubkey")
- extract_to_dir = os.path.dirname(extract_to)
-
- if os.path.isdir(extract_to_dir):
- shutil.rmtree(extract_to_dir)
- elif os.path.isfile(extract_to_dir):
- os.remove(extract_to_dir)
- os.mkdir(extract_to_dir);
-
- # Extracts the public key used to sign system_other.img, into system.img:
- # /system/etc/security/avb/system_other.avbpubkey.
- avbtool = glob_dict.get("avb_avbtool")
- extract_from = glob_dict.get("avb_system_other_key_path")
- cmd = [avbtool, "extract_public_key", "--key", extract_from,
- "--output", extract_to]
- common.RunAndCheckOutput(cmd, verbose=False)
-
-
def main(argv):
if len(argv) < 4 or len(argv) > 5:
print(__doc__)
@@ -785,7 +763,6 @@
mount_point = ""
if image_filename == "system.img":
mount_point = "system"
- ExtractSystemOtherAvbKey(in_dir, glob_dict)
elif image_filename == "system_other.img":
mount_point = "system_other"
elif image_filename == "userdata.img":
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 71598e3..75a98fd 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -91,12 +91,12 @@
Replace the veritykeyid in BOOT/cmdline of input_target_file_zip
with keyid of the cert pointed by <path_to_X509_PEM_cert_file>.
- --avb_{boot,system,vendor,dtbo,vbmeta}_algorithm <algorithm>
- --avb_{boot,system,vendor,dtbo,vbmeta}_key <key>
+ --avb_{boot,system,system_other,vendor,dtbo,vbmeta}_algorithm <algorithm>
+ --avb_{boot,system,system_other,vendor,dtbo,vbmeta}_key <key>
Use the specified algorithm (e.g. SHA256_RSA4096) and the key to AVB-sign
the specified image. Otherwise it uses the existing values in info dict.
- --avb_{apex,boot,system,vendor,dtbo,vbmeta}_extra_args <args>
+ --avb_{apex,boot,system,system_other,vendor,dtbo,vbmeta}_extra_args <args>
Specify any additional args that are needed to AVB-sign the image
(e.g. "--signing_helper /path/to/helper"). The args will be appended to
the existing ones in info dict.
@@ -584,6 +584,18 @@
elif filename == "META/care_map.pb" or filename == "META/care_map.txt":
pass
+ # Updates system_other.avbpubkey in /product/etc/.
+ elif filename in (
+ "PRODUCT/etc/security/avb/system_other.avbpubkey",
+ "SYSTEM/product/etc/security/avb/system_other.avbpubkey"):
+ # Only update system_other's public key, if the corresponding signing
+ # key is specified via --avb_system_other_key.
+ signing_key = OPTIONS.avb_keys.get("system_other")
+ if signing_key:
+ public_key = common.ExtractAvbPublicKey(signing_key)
+ print(" Rewriting AVB public key of system_other in /product")
+ common.ZipWrite(output_tf_zip, public_key, filename)
+
# A non-APK file; copy it verbatim.
else:
common.ZipWriteStr(output_tf_zip, out_info, data)
@@ -934,6 +946,7 @@
'dtbo' : 'avb_dtbo_add_hash_footer_args',
'recovery' : 'avb_recovery_add_hash_footer_args',
'system' : 'avb_system_add_hashtree_footer_args',
+ 'system_other' : 'avb_system_other_add_hashtree_footer_args',
'vendor' : 'avb_vendor_add_hashtree_footer_args',
'vbmeta' : 'avb_vbmeta_args',
}
@@ -1153,6 +1166,12 @@
OPTIONS.avb_algorithms['system'] = a
elif o == "--avb_system_extra_args":
OPTIONS.avb_extra_args['system'] = a
+ elif o == "--avb_system_other_key":
+ OPTIONS.avb_keys['system_other'] = a
+ elif o == "--avb_system_other_algorithm":
+ OPTIONS.avb_algorithms['system_other'] = a
+ elif o == "--avb_system_other_extra_args":
+ OPTIONS.avb_extra_args['system_other'] = a
elif o == "--avb_vendor_key":
OPTIONS.avb_keys['vendor'] = a
elif o == "--avb_vendor_algorithm":
@@ -1192,6 +1211,9 @@
"avb_system_algorithm=",
"avb_system_key=",
"avb_system_extra_args=",
+ "avb_system_other_algorithm=",
+ "avb_system_other_key=",
+ "avb_system_other_extra_args=",
"avb_vendor_algorithm=",
"avb_vendor_key=",
"avb_vendor_extra_args=",