Merge "Create system.prop for GSI Pi"
diff --git a/Changes.md b/Changes.md
index 7519096..b92342e 100644
--- a/Changes.md
+++ b/Changes.md
@@ -1,5 +1,16 @@
# Build System Changes for Android.mk Writers
+## Valid Module Names {#name}
+
+We've adopted lexical requirements very similar to [Bazel's
+requirements](https://docs.bazel.build/versions/master/build-ref.html#name) for
+target names. Valid characters are `a-z`, `A-Z`, `0-9`, and the special
+characters `_.+-=,@~/`. This currently applies to `LOCAL_PACKAGE_NAME`,
+`LOCAL_MODULE`, and `LOCAL_MODULE_SUFFIX`, and `LOCAL_MODULE_STEM*`.
+
+Many other characters already caused problems if you used them, so we don't
+expect this to have a large effect.
+
## PATH Tools {#PATH_Tools}
The build has started restricting the external host tools usable inside the
diff --git a/core/base_rules.mk b/core/base_rules.mk
index 63c6c52..41af27b 100644
--- a/core/base_rules.mk
+++ b/core/base_rules.mk
@@ -31,6 +31,7 @@
ifeq ($(LOCAL_MODULE),)
$(error $(LOCAL_PATH): LOCAL_MODULE is not defined)
endif
+$(call verify-module-name)
LOCAL_IS_HOST_MODULE := $(strip $(LOCAL_IS_HOST_MODULE))
LOCAL_IS_AUX_MODULE := $(strip $(LOCAL_IS_AUX_MODULE))
diff --git a/core/binary.mk b/core/binary.mk
index 6067615..2899d4d 100644
--- a/core/binary.mk
+++ b/core/binary.mk
@@ -407,7 +407,7 @@
# Extra cflags for projects under external/ directory
ifeq ($(my_clang),true)
-ifeq ($(filter external/%,$(LOCAL_PATH)),)
+ifneq ($(filter external/%,$(LOCAL_PATH)),)
my_cflags += $(CLANG_EXTERNAL_CFLAGS)
endif
endif
diff --git a/core/configure_module_stem.mk b/core/configure_module_stem.mk
index 48b7787..30df8ea 100644
--- a/core/configure_module_stem.mk
+++ b/core/configure_module_stem.mk
@@ -1,20 +1,26 @@
my_multilib_stem := $(LOCAL_MODULE_STEM_$(if $($(LOCAL_2ND_ARCH_VAR_PREFIX)$(my_prefix)IS_64_BIT),64,32))
ifdef my_multilib_stem
my_module_stem := $(my_multilib_stem)
+ $(call verify-module-stem,my_multilib_stem)
else ifdef LOCAL_MODULE_STEM
my_module_stem := $(LOCAL_MODULE_STEM)
+ $(call verify-module-stem,LOCAL_MODULE_STEM)
else
my_module_stem := $(LOCAL_MODULE)
endif
ifdef LOCAL_BUILT_MODULE_STEM
my_built_module_stem := $(LOCAL_BUILT_MODULE_STEM)
+ $(call verify-module-stem,LOCAL_BUILT_MODULE_STEM)
else
my_built_module_stem := $(my_module_stem)$(LOCAL_MODULE_SUFFIX)
+ $(call verify-module-stem,LOCAL_MODULE_SUFFIX)
endif
ifdef LOCAL_INSTALLED_MODULE_STEM
my_installed_module_stem := $(LOCAL_INSTALLED_MODULE_STEM)
+ $(call verify-module-stem,LOCAL_INSTALLED_MODULE_STEM)
else
my_installed_module_stem := $(my_module_stem)$(LOCAL_MODULE_SUFFIX)
+ $(call verify-module-stem,LOCAL_MODULE_SUFFIX)
endif
diff --git a/core/definitions.mk b/core/definitions.mk
index 8679714..07576f9 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -3456,10 +3456,18 @@
$(if $(call has-system-sdk-version,$(1)),$(patsubst system_%,%,$(1)),$(1)))
endef
-# Convert to lower case without requiring a shell, which isn't cacheable.
+###########################################################
+## Convert to lower case without requiring a shell, which isn't cacheable.
+##
+## $(1): string
+###########################################################
to-lower=$(subst A,a,$(subst B,b,$(subst C,c,$(subst D,d,$(subst E,e,$(subst F,f,$(subst G,g,$(subst H,h,$(subst I,i,$(subst J,j,$(subst K,k,$(subst L,l,$(subst M,m,$(subst N,n,$(subst O,o,$(subst P,p,$(subst Q,q,$(subst R,r,$(subst S,s,$(subst T,t,$(subst U,u,$(subst V,v,$(subst W,w,$(subst X,x,$(subst Y,y,$(subst Z,z,$1))))))))))))))))))))))))))
-# Convert to upper case without requiring a shell, which isn't cacheable.
+###########################################################
+## Convert to upper case without requiring a shell, which isn't cacheable.
+##
+## $(1): string
+###########################################################
to-upper=$(subst a,A,$(subst b,B,$(subst c,C,$(subst d,D,$(subst e,E,$(subst f,F,$(subst g,G,$(subst h,H,$(subst i,I,$(subst j,J,$(subst k,K,$(subst l,L,$(subst m,M,$(subst n,N,$(subst o,O,$(subst p,P,$(subst q,Q,$(subst r,R,$(subst s,S,$(subst t,T,$(subst u,U,$(subst v,V,$(subst w,W,$(subst x,X,$(subst y,Y,$(subst z,Z,$1))))))))))))))))))))))))))
# Sanity-check to-lower and to-upper
@@ -3476,3 +3484,36 @@
lower :=
upper :=
+
+###########################################################
+## Verify module name meets character requirements:
+## a-z A-Z 0-9
+## _.+-=,@~/
+##
+## This is equivalent to bazel's target name restrictions:
+## https://docs.bazel.build/versions/master/build-ref.html#name
+###########################################################
+define verify-module-name
+$(if $(call _invalid-name-chars,$(LOCAL_MODULE)), \
+ $(call pretty-error,Invalid characters in module name: $(call _invalid-name-chars,$(LOCAL_MODULE))))
+endef
+define _invalid-name-chars
+$(subst /,,$(subst _,,$(subst .,,$(subst +,,$(subst -,,$(subst =,,$(subst $(comma),,$(subst @,,$(subst ~,,$(subst 0,,$(subst 1,,$(subst 2,,$(subst 3,,$(subst 4,,$(subst 5,,$(subst 6,,$(subst 7,,$(subst 8,,$(subst 9,,$(subst a,,$(subst b,,$(subst c,,$(subst d,,$(subst e,,$(subst f,,$(subst g,,$(subst h,,$(subst i,,$(subst j,,$(subst k,,$(subst l,,$(subst m,,$(subst n,,$(subst o,,$(subst p,,$(subst q,,$(subst r,,$(subst s,,$(subst t,,$(subst u,,$(subst v,,$(subst w,,$(subst x,,$(subst y,,$(subst z,,$(call to-lower,$(1)))))))))))))))))))))))))))))))))))))))))))))))
+endef
+.KATI_READONLY := verify-module-name _invalid-name-chars
+
+###########################################################
+## Verify module stem meets character requirements:
+## a-z A-Z 0-9
+## _.+-=,@~/
+##
+## This is a subset of bazel's target name restrictions:
+## https://docs.bazel.build/versions/master/build-ref.html#name
+##
+## $(1): The module stem variable to check
+###########################################################
+define verify-module-stem
+$(if $(call _invalid-name-chars,$($(1))), \
+ $(call pretty-error,Invalid characters in module stem ($(1)): $(call _invalid-name-chars,$($(1)))))
+endef
+.KATI_READONLY := verify-module-stem
diff --git a/target/board/generic/sepolicy/createns.te b/target/board/generic/sepolicy/createns.te
new file mode 100644
index 0000000..1eaf9ef
--- /dev/null
+++ b/target/board/generic/sepolicy/createns.te
@@ -0,0 +1,14 @@
+# Network namespace creation
+type createns, domain;
+type createns_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(createns)
+
+allow createns self:capability { sys_admin net_raw setuid setgid };
+allow createns varrun_file:dir { add_name search write };
+allow createns varrun_file:file { create mounton open read write };
+
+#Allow createns itself to be run by init in its own domain
+domain_auto_trans(goldfish_setup, createns_exec, createns);
+allow createns goldfish_setup:fd use;
+
diff --git a/target/board/generic/sepolicy/dhcpclient.te b/target/board/generic/sepolicy/dhcpclient.te
new file mode 100644
index 0000000..df71fca
--- /dev/null
+++ b/target/board/generic/sepolicy/dhcpclient.te
@@ -0,0 +1,20 @@
+# DHCP client
+type dhcpclient, domain;
+type dhcpclient_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(dhcpclient)
+net_domain(dhcpclient)
+
+allow dhcpclient execns:fd use;
+
+set_prop(dhcpclient, net_eth0_prop);
+allow dhcpclient self:capability { net_admin net_raw };
+allow dhcpclient self:udp_socket create;
+allow dhcpclient self:netlink_route_socket { write nlmsg_write };
+allow dhcpclient varrun_file:dir search;
+allow dhcpclient self:packet_socket { create bind write read };
+allowxperm dhcpclient self:udp_socket ioctl { SIOCSIFFLAGS
+ SIOCSIFADDR
+ SIOCSIFNETMASK
+ SIOCSIFMTU
+ SIOCGIFHWADDR };
diff --git a/target/board/generic/sepolicy/dhcpserver.te b/target/board/generic/sepolicy/dhcpserver.te
new file mode 100644
index 0000000..7e8ba26
--- /dev/null
+++ b/target/board/generic/sepolicy/dhcpserver.te
@@ -0,0 +1,12 @@
+# DHCP server
+type dhcpserver, domain;
+type dhcpserver_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(dhcpserver)
+net_domain(dhcpserver)
+
+allow dhcpserver execns:fd use;
+
+get_prop(dhcpserver, net_eth0_prop);
+allow dhcpserver self:udp_socket { ioctl create setopt bind };
+allow dhcpserver self:capability { net_raw net_bind_service };
diff --git a/target/board/generic/sepolicy/execns.te b/target/board/generic/sepolicy/execns.te
new file mode 100644
index 0000000..dc6c424
--- /dev/null
+++ b/target/board/generic/sepolicy/execns.te
@@ -0,0 +1,27 @@
+# Network namespace transitions
+type execns, domain;
+type execns_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(execns)
+
+allow execns varrun_file:dir search;
+allow execns varrun_file:file r_file_perms;
+allow execns self:capability { sys_admin setuid setgid };
+allow execns nsfs:file { open read };
+
+#Allow execns itself to be run by init in its own domain
+domain_auto_trans(init, execns_exec, execns);
+
+# Allow dhcpclient to be run by execns in its own domain
+domain_auto_trans(execns, dhcpclient_exec, dhcpclient);
+
+# Allow dhcpserver to be run by execns in its own domain
+domain_auto_trans(execns, dhcpserver_exec, dhcpserver);
+
+# Allow hostapd_nohidl to be run by execns in its own domain
+domain_auto_trans(execns, hostapd_nohidl_exec, hostapd_nohidl);
+
+# Allow execns to read createns proc file to get the namespace file
+allow execns createns:file read;
+allow execns createns:dir search;
+allow execns createns:lnk_file read;
diff --git a/target/board/generic/sepolicy/file.te b/target/board/generic/sepolicy/file.te
new file mode 100644
index 0000000..b0aa217
--- /dev/null
+++ b/target/board/generic/sepolicy/file.te
@@ -0,0 +1,4 @@
+type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
+type varrun_file, file_type, data_file_type, mlstrustedobject;
+type mediadrm_vendor_data_file, file_type, data_file_type;
+type nsfs, fs_type;
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
index 521c65e..7cd79fe 100644
--- a/target/board/generic/sepolicy/file_contexts
+++ b/target/board/generic/sepolicy/file_contexts
@@ -17,7 +17,14 @@
/dev/ttyS2 u:object_r:console_device:s0
/vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0
+/vendor/bin/init\.wifi\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0
+/vendor/bin/createns u:object_r:createns_exec:s0
+/vendor/bin/execns u:object_r:execns_exec:s0
+/vendor/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0
+/vendor/bin/dhcpclient u:object_r:dhcpclient_exec:s0
+/vendor/bin/dhcpserver u:object_r:dhcpserver_exec:s0
+/vendor/bin/hostapd_nohidl u:object_r:hostapd_nohidl_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0
@@ -33,3 +40,8 @@
/vendor/lib(64)?/lib_renderControl_enc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv1_enc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv2_enc\.so u:object_r:same_process_hal_file:s0
+
+# data
+/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
+/data/vendor/var/run(/.*)? u:object_r:varrun_file:s0
+
diff --git a/target/board/generic/sepolicy/genfs_contexts b/target/board/generic/sepolicy/genfs_contexts
index 91cedf1..1b81626 100644
--- a/target/board/generic/sepolicy/genfs_contexts
+++ b/target/board/generic/sepolicy/genfs_contexts
@@ -15,3 +15,6 @@
genfscon sysfs /devices/pci0000:00/0000:00:08.0/virtio5/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/mac80211_hwsim/hwsim0/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/mac80211_hwsim/hwsim1/net u:object_r:sysfs_net:s0
+
+# /proc/<pid>/ns
+genfscon nsfs / u:object_r:nsfs:s0
diff --git a/target/board/generic/sepolicy/goldfish_setup.te b/target/board/generic/sepolicy/goldfish_setup.te
index eb913e9..3041436 100644
--- a/target/board/generic/sepolicy/goldfish_setup.te
+++ b/target/board/generic/sepolicy/goldfish_setup.te
@@ -4,10 +4,44 @@
init_daemon_domain(goldfish_setup)
-set_prop(goldfish_setup, debug_prop);
+# TODO(b/79502552): Invalid property access from emulator vendor
+#set_prop(goldfish_setup, debug_prop);
allow goldfish_setup self:capability { net_admin net_raw };
allow goldfish_setup self:udp_socket { create ioctl };
allow goldfish_setup vendor_toolbox_exec:file execute_no_trans;
allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
wakelock_use(goldfish_setup);
allow goldfish_setup vendor_shell_exec:file { rx_file_perms };
+
+# Set system properties to start services
+set_prop(goldfish_setup, ctl_default_prop);
+
+# Set up WiFi
+allow goldfish_setup self:netlink_route_socket { create nlmsg_write setopt bind getattr read write nlmsg_read };
+allow goldfish_setup self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow goldfish_setup self:capability { sys_module sys_admin };
+allow goldfish_setup varrun_file:dir { mounton open read write add_name search remove_name };
+allow goldfish_setup varrun_file:file { mounton getattr create read write open unlink };
+allow goldfish_setup execns_exec:file rx_file_perms;
+allow goldfish_setup proc_net:file rw_file_perms;
+allow goldfish_setup proc:file r_file_perms;
+allow goldfish_setup nsfs:file r_file_perms;
+allow goldfish_setup system_data_file:dir getattr;
+allow goldfish_setup kernel:system module_request;
+set_prop(goldfish_setup, qemu_prop);
+get_prop(goldfish_setup, net_share_prop);
+# Allow goldfish_setup to run /system/bin/ip and /system/bin/iw
+allow goldfish_setup system_file:file execute_no_trans;
+# Allow goldfish_setup to run init.wifi.sh
+allow goldfish_setup goldfish_setup_exec:file execute_no_trans;
+#Allow goldfish_setup to run createns in its own domain
+domain_auto_trans(goldfish_setup, createns_exec, createns);
+# iw
+allow goldfish_setup sysfs:file { read open };
+# iptables
+allow goldfish_setup system_file:file lock;
+allow goldfish_setup self:rawip_socket { create getopt setopt };
+# Allow goldfish_setup to read createns proc file to get the namespace file
+allow goldfish_setup createns:file { read };
+allow goldfish_setup createns:dir { search };
+allow goldfish_setup createns:lnk_file { read };
diff --git a/target/board/generic/sepolicy/hal_drm_widevine.te b/target/board/generic/sepolicy/hal_drm_widevine.te
index 42d462a..d49000d 100644
--- a/target/board/generic/sepolicy/hal_drm_widevine.te
+++ b/target/board/generic/sepolicy/hal_drm_widevine.te
@@ -10,3 +10,5 @@
vndbinder_use(hal_drm_widevine);
hal_client_domain(hal_drm_widevine, hal_graphics_composer);
+allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
+allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
diff --git a/target/board/generic/sepolicy/hal_gnss_default.te b/target/board/generic/sepolicy/hal_gnss_default.te
index ddc68cc..0dd3d03 100644
--- a/target/board/generic/sepolicy/hal_gnss_default.te
+++ b/target/board/generic/sepolicy/hal_gnss_default.te
@@ -1 +1,3 @@
-vndbinder_use(hal_gnss_default);
+#============= hal_gnss_default ==============
+allow hal_gnss_default vndbinder_device:chr_file { ioctl open read write };
+
diff --git a/target/board/generic/sepolicy/hal_graphics_composer_default.te b/target/board/generic/sepolicy/hal_graphics_composer_default.te
index 40ecda6..034bdef 100644
--- a/target/board/generic/sepolicy/hal_graphics_composer_default.te
+++ b/target/board/generic/sepolicy/hal_graphics_composer_default.te
@@ -1 +1,3 @@
-vndbinder_use(hal_graphics_composer_default);
+#============= hal_graphics_composer_default ==============
+allow hal_graphics_composer_default vndbinder_device:chr_file { ioctl open read write };
+
diff --git a/target/board/generic/sepolicy/hal_wifi_default.te b/target/board/generic/sepolicy/hal_wifi_default.te
new file mode 100644
index 0000000..de4b996
--- /dev/null
+++ b/target/board/generic/sepolicy/hal_wifi_default.te
@@ -0,0 +1 @@
+allow hal_wifi_default hal_wifi_default:netlink_route_socket { create bind write read nlmsg_read };
diff --git a/target/board/generic/sepolicy/hostapd_nohidl.te b/target/board/generic/sepolicy/hostapd_nohidl.te
new file mode 100644
index 0000000..add648a
--- /dev/null
+++ b/target/board/generic/sepolicy/hostapd_nohidl.te
@@ -0,0 +1,16 @@
+type hostapd_nohidl, domain;
+type hostapd_nohidl_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hostapd_nohidl)
+net_domain(hostapd_nohidl)
+
+allow hostapd_nohidl execns:fd use;
+
+allow hostapd_nohidl self:capability { net_admin net_raw };
+allow hostapd_nohidl self:netlink_generic_socket { bind create getattr read setopt write };
+allow hostapd_nohidl self:netlink_route_socket nlmsg_write;
+allow hostapd_nohidl self:packet_socket { create setopt };
+allowxperm hostapd_nohidl self:udp_socket ioctl priv_sock_ioctls;
+
+# hostapd will attempt to search sysfs but it's not needed and will spam the log
+dontaudit hostapd_nohidl sysfs_net:dir search;
diff --git a/target/board/generic/sepolicy/ipv6proxy.te b/target/board/generic/sepolicy/ipv6proxy.te
new file mode 100644
index 0000000..22976fe
--- /dev/null
+++ b/target/board/generic/sepolicy/ipv6proxy.te
@@ -0,0 +1,16 @@
+# IPv6 proxying
+type ipv6proxy, domain;
+type ipv6proxy_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(ipv6proxy)
+net_domain(ipv6proxy)
+
+# Allow ipv6proxy to be run by execns in its own domain
+domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy);
+allow ipv6proxy execns:fd use;
+
+allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw };
+allow ipv6proxy self:packet_socket { bind create read };
+allow ipv6proxy self:netlink_route_socket nlmsg_write;
+allow ipv6proxy varrun_file:dir search;
+allowxperm ipv6proxy self:udp_socket ioctl { SIOCSIFFLAGS SIOCGIFHWADDR };
diff --git a/target/board/generic/sepolicy/property.te b/target/board/generic/sepolicy/property.te
index 56e02ef..3593a39 100644
--- a/target/board/generic/sepolicy/property.te
+++ b/target/board/generic/sepolicy/property.te
@@ -1,3 +1,5 @@
type qemu_prop, property_type;
type qemu_cmdline, property_type;
type radio_noril_prop, property_type;
+type net_eth0_prop, property_type;
+type net_share_prop, property_type;
diff --git a/target/board/generic/sepolicy/property_contexts b/target/board/generic/sepolicy/property_contexts
index 3a61b6b..f7a241c 100644
--- a/target/board/generic/sepolicy/property_contexts
+++ b/target/board/generic/sepolicy/property_contexts
@@ -1,5 +1,8 @@
qemu. u:object_r:qemu_prop:s0
qemu.cmdline u:object_r:qemu_cmdline:s0
+vendor.qemu u:object_r:qemu_prop:s0
ro.emu. u:object_r:qemu_prop:s0
ro.emulator. u:object_r:qemu_prop:s0
ro.radio.noril u:object_r:radio_noril_prop:s0
+net.eth0. u:object_r:net_eth0_prop:s0
+net.shared_net_ip u:object_r:net_share_prop:s0
diff --git a/target/board/generic/sepolicy/qemu_props.te b/target/board/generic/sepolicy/qemu_props.te
index 0f5ec8c..b3e2d95 100644
--- a/target/board/generic/sepolicy/qemu_props.te
+++ b/target/board/generic/sepolicy/qemu_props.te
@@ -5,5 +5,6 @@
init_daemon_domain(qemu_props)
set_prop(qemu_props, qemu_prop)
-set_prop(qemu_props, dalvik_prop)
+# TODO(b/79502552): Invalid property access from emulator vendor
+#set_prop(qemu_props, qemu_cmdline)
set_prop(qemu_props, qemu_cmdline)
diff --git a/target/board/generic/sepolicy/radio.te b/target/board/generic/sepolicy/radio.te
new file mode 100644
index 0000000..742d3b2
--- /dev/null
+++ b/target/board/generic/sepolicy/radio.te
@@ -0,0 +1,3 @@
+# Allow the radio to read these properties, they only have an SELinux label in
+# the emulator.
+get_prop(radio, net_eth0_prop);
diff --git a/target/board/generic/sepolicy/rild.te b/target/board/generic/sepolicy/rild.te
new file mode 100644
index 0000000..ea18373
--- /dev/null
+++ b/target/board/generic/sepolicy/rild.te
@@ -0,0 +1,3 @@
+# Allow rild to read these properties, they only have an SELinux label in the
+# emulator.
+get_prop(rild, net_eth0_prop);
diff --git a/target/board/generic/sepolicy/vendor_init.te b/target/board/generic/sepolicy/vendor_init.te
new file mode 100644
index 0000000..b18d391
--- /dev/null
+++ b/target/board/generic/sepolicy/vendor_init.te
@@ -0,0 +1 @@
+set_prop(vendor_init, qemu_prop)
diff --git a/target/product/base.mk b/target/product/base.mk
index b8ba52b..ed95f30 100644
--- a/target/product/base.mk
+++ b/target/product/base.mk
@@ -18,63 +18,97 @@
PRODUCT_PACKAGES += \
20-dns.conf \
95-configured \
- org.apache.http.legacy \
- appwidget \
- appops \
am \
+ android.hardware.cas@1.0-service \
+ android.hardware.media.omx@1.0-service \
+ android.hidl.base-V1.0-java \
+ android.hidl.manager-V1.0-java \
android.policy \
android.test.mock \
android.test.runner \
- app_process \
applypatch \
+ appops \
+ app_process \
+ appwidget \
audioserver \
+ BackupRestoreConfirmation \
+ bcc \
bit \
blkid \
bmgr \
bpfloader \
+ bu \
bugreport \
bugreportz \
cameraserver \
+ com.android.location.provider \
+ com.android.location.provider.xml \
content \
+ CtsShimPrebuilt \
+ CtsShimPrivPrebuilt \
dnsmasq \
dpm \
+ e2fsck \
+ ExtServices \
+ ExtShared \
framework \
+ framework-res \
framework-sysconfig.xml \
fsck_msdos \
+ gatekeeperd \
hid \
ime \
- incidentd \
+ ims-common \
incident \
+ incidentd \
incident_report \
input \
+ installd \
+ ip \
+ ip6tables \
+ iptables \
+ ip-up-vpn \
javax.obex \
+ keystore \
+ ld.config.txt \
+ ld.mc \
+ libaaudio \
libandroid \
libandroid_runtime \
libandroid_servers \
libaudioeffect_jni \
libaudioflinger \
- libaudiopolicyservice \
libaudiopolicymanager \
+ libaudiopolicyservice \
libbundlewrapper \
+ libcamera2ndk \
libcamera_client \
libcameraservice \
- libcamera2ndk \
- libdrmclearkeyplugin \
libclearkeycasplugin \
+ libdownmix \
+ libdrmclearkeyplugin \
+ libdrmframework \
+ libdrmframework_jni \
libeffectproxy \
libeffects \
+ libfilterfw \
+ libgatekeeper \
libinput \
libinputflinger \
libiprouteutil \
libjnigraphics \
+ libkeystore \
libldnhncr \
libmedia \
libmedia_jni \
+ libmediandk \
libmediaplayerservice \
libmtp \
libnetd_client \
libnetlink \
libnetutils \
+ libOpenMAXAL \
+ libOpenSLES \
libpdfium \
libradio_metadata \
libreference-ril \
@@ -99,53 +133,64 @@
libusbhost \
libvisualizer \
libvorbisidec \
- libmediandk \
libvulkan \
libwifi-service \
+ libwilhelm \
locksettings \
+ logd \
media \
media_cmd \
mediadrmserver \
- mediaserver \
- mediametrics \
mediaextractor \
+ mediametrics \
+ media_profiles_V1_0.dtd \
+ mediaserver \
+ mke2fs \
monkey \
mtpd \
ndc \
netd \
+ org.apache.http.legacy \
perfetto \
ping \
ping6 \
platform.xml \
- privapp-permissions-platform.xml \
- pppd \
pm \
+ pppd \
+ privapp-permissions-platform.xml \
racoon \
+ resize2fs \
run-as \
schedtest \
+ screencap \
sdcard \
secdiscard \
+ sensorservice \
services \
settings \
+ SettingsProvider \
sgdisk \
+ Shell \
sm \
svc \
tc \
telecom \
+ telephony-common \
traced \
traced_probes \
+ tune2fs \
+ uiautomator \
+ uncrypt \
vdc \
+ voip-common \
vold \
- wm
+ WallpaperBackup \
+ wificond \
+ wifi-service \
+ wm \
-# Essential HAL modules
-PRODUCT_PACKAGES += \
- android.hardware.cas@1.0-service \
- android.hardware.media.omx@1.0-service
-
-# XML schema files
-PRODUCT_PACKAGES += \
- media_profiles_V1_0.dtd
+PRODUCT_DEFAULT_PROPERTY_OVERRIDES += ro.zygote=zygote32
+PRODUCT_COPY_FILES += system/core/rootdir/init.zygote32.rc:root/init.zygote32.rc
# Packages included only for eng or userdebug builds, previously debug tagged
PRODUCT_PACKAGES_DEBUG := \
@@ -159,7 +204,7 @@
# Packages included only for eng/userdebug builds, when building with SANITIZE_TARGET=address
PRODUCT_PACKAGES_DEBUG_ASAN :=
-PRODUCT_COPY_FILES := $(call add-to-product-copy-files-if-exists,\
+PRODUCT_COPY_FILES += $(call add-to-product-copy-files-if-exists,\
frameworks/base/config/preloaded-classes:system/etc/preloaded-classes)
# Note: it is acceptable to not have a dirty-image-objects file. In that case, the special bin
@@ -167,4 +212,10 @@
PRODUCT_COPY_FILES += $(call add-to-product-copy-files-if-exists,\
frameworks/base/config/dirty-image-objects:system/etc/dirty-image-objects)
+PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \
+ ro.zygote=zygote32
+PRODUCT_COPY_FILES += \
+ system/core/rootdir/init.zygote32.rc:root/init.zygote32.rc
+
+$(call inherit-product, $(SRC_TARGET_DIR)/product/runtime_libart.mk)
$(call inherit-product, $(SRC_TARGET_DIR)/product/embedded.mk)
diff --git a/target/product/core_minimal.mk b/target/product/core_minimal.mk
index fe23add..7f7bd41 100644
--- a/target/product/core_minimal.mk
+++ b/target/product/core_minimal.mk
@@ -23,76 +23,29 @@
PRODUCT_NAME := core
PRODUCT_PACKAGES += \
- BackupRestoreConfirmation \
- CompanionDeviceManager \
- CtsShimPrebuilt \
- CtsShimPrivPrebuilt \
- DownloadProvider \
- ExtShared \
- ExtServices \
- HTMLViewer \
- MediaProvider \
- PackageInstaller \
- SettingsProvider \
- Shell \
- StatementService \
- WallpaperBackup \
- android.hidl.base-V1.0-java \
- android.hidl.manager-V1.0-java \
- bcc \
- bu \
com.android.future.usb.accessory \
- com.android.location.provider \
- com.android.location.provider.xml \
+ com.android.mediadrm.signer \
com.android.media.remotedisplay \
com.android.media.remotedisplay.xml \
- com.android.mediadrm.signer \
+ CompanionDeviceManager \
+ DownloadProvider \
drmserver \
ethernet-service \
- framework-res \
+ fsck.f2fs \
+ HTMLViewer \
idmap \
- installd \
- ims-common \
- ip \
- ip-up-vpn \
- ip6tables \
- iptables \
- gatekeeperd \
- keystore \
- ld.config.txt \
- ld.mc \
- libaaudio \
- libOpenMAXAL \
- libOpenSLES \
- libdownmix \
- libdrmframework \
- libdrmframework_jni \
- libfilterfw \
- libkeystore \
- libgatekeeper \
libneuralnetworks \
libwebviewchromium_loader \
libwebviewchromium_plat_support \
- libwilhelm \
logd \
- mke2fs \
- e2fsck \
- resize2fs \
- tune2fs \
- screencap \
- sensorservice \
- telephony-common \
- uiautomator \
- uncrypt \
+ make_f2fs \
+ MediaProvider \
+ PackageInstaller \
+ StatementService \
vndk_snapshot_package \
- voip-common \
webview \
webview_zygote \
-# Wifi modules
-PRODUCT_PACKAGES += \
- wifi-service \
- wificond \
PRODUCT_COPY_FILES += \
frameworks/native/data/etc/android.software.webview.xml:system/etc/permissions/android.software.webview.xml
@@ -131,18 +84,6 @@
SettingsProvider \
WallpaperBackup
-# Adoptable external storage supports both ext4 and f2fs
-PRODUCT_PACKAGES += \
- e2fsck \
- mke2fs \
- fsck.f2fs \
- make_f2fs \
-
-PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \
- ro.zygote=zygote32
-PRODUCT_COPY_FILES += \
- system/core/rootdir/init.zygote32.rc:root/init.zygote32.rc
-
PRODUCT_COPY_FILES += \
system/core/rootdir/etc/public.libraries.android.txt:system/etc/public.libraries.txt
@@ -164,5 +105,4 @@
ro.logd.size.stats=64K \
log.tag.stats_log=I
-$(call inherit-product, $(SRC_TARGET_DIR)/product/runtime_libart.mk)
$(call inherit-product, $(SRC_TARGET_DIR)/product/base.mk)
diff --git a/target/product/core_tiny.mk b/target/product/core_tiny.mk
index c6bc72c..0ec475b 100644
--- a/target/product/core_tiny.mk
+++ b/target/product/core_tiny.mk
@@ -17,77 +17,22 @@
# No telephony
PRODUCT_PACKAGES := \
+ audio.primary.default \
Bluetooth \
CalendarProvider \
- ContactsProvider \
CertInstaller \
- FusedLocation \
- InputDevices
-
-PRODUCT_PACKAGES += \
clatd \
clatd.conf \
- pppd
-
-PRODUCT_PACKAGES += \
- audio.primary.default \
- local_time.default \
- power.default
-
-PRODUCT_PACKAGES += \
- BackupRestoreConfirmation \
- CtsShimPrebuilt \
- CtsShimPrivPrebuilt \
+ ContactsProvider \
DefaultContainerService \
- ExtShared \
- ExtServices \
- SettingsProvider \
- Shell \
- WallpaperBackup \
- android.hidl.base-V1.0-java \
- android.hidl.manager-V1.0-java \
- bcc \
- bu \
- com.android.location.provider \
- com.android.location.provider.xml \
- framework-res \
- installd \
- ims-common \
- ip \
- ip-up-vpn \
- ip6tables \
- iptables \
- gatekeeperd \
- keystore \
- ld.config.txt \
- ld.mc \
- libaaudio \
- libOpenMAXAL \
- libOpenSLES \
- libdownmix \
- libfilterfw \
- libgatekeeper \
- libkeystore \
- libwilhelm \
- libdrmframework_jni \
- libdrmframework \
- mke2fs \
- e2fsck \
- resize2fs \
- tune2fs \
- nullwebview \
- screencap \
- sensorservice \
- uiautomator \
- uncrypt \
- telephony-common \
- voip-common \
+ FusedLocation \
+ InputDevices \
+ local_time.default \
logd \
+ nullwebview \
+ power.default \
+ pppd \
-# Wifi modules
-PRODUCT_PACKAGES += \
- wifi-service \
- wificond \
ifeq ($(TARGET_CORE_JARS),)
$(error TARGET_CORE_JARS is empty; cannot initialize PRODUCT_BOOT_JARS variable)
@@ -122,15 +67,9 @@
# The set of packages we want to force 'speed' compilation on.
PRODUCT_DEXPREOPT_SPEED_APPS := \
-PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \
- ro.zygote=zygote32
-PRODUCT_COPY_FILES += \
- system/core/rootdir/init.zygote32.rc:root/init.zygote32.rc
-
PRODUCT_PROPERTY_OVERRIDES += \
ro.carrier=unknown
-$(call inherit-product, $(SRC_TARGET_DIR)/product/runtime_libart.mk)
$(call inherit-product, $(SRC_TARGET_DIR)/product/base.mk)
$(call inherit-product-if-exists, frameworks/base/data/fonts/fonts.mk)
$(call inherit-product-if-exists, external/roboto-fonts/fonts.mk)
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index 968fd77..a8c821f 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -1517,10 +1517,16 @@
common.ZipWriteStr(output_zip, "patch/boot.img.p", d)
+ # TODO(b/110106408): Remove after properly handling the SHA-1 embedded in
+ # the filename argument in updater code. Prior to that, explicitly list
+ # the SHA-1 of the source image, in case the updater tries to find a
+ # matching backup from /cache. Similarly for the call to
+ # script.ApplyPatch() below.
script.PatchCheck("%s:%s:%d:%s:%d:%s" %
(boot_type, boot_device,
source_boot.size, source_boot.sha1,
- target_boot.size, target_boot.sha1))
+ target_boot.size, target_boot.sha1),
+ source_boot.sha1)
size.append(target_boot.size)
if size: