commit 5fefac293d3d83e1f9a6e47a59b4655370ff19a8
author Julien Desprez <jdesprez@google.com> Fri Oct 16 20:00:22 2020 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Oct 16 20:00:22 2020 +0000
tree b229ed2e730b5a3206b99ef14647c4123daa3232
parent 07445235a852935b3efcd1db4b3a4518274540f6
parent 79af9880ecdada87be3bb9cacc8935421ae6e0c4

Merge "Update location of some files while moving them"

CleanSpec.mk

diff --git a/CleanSpec.mk b/CleanSpec.mk
index 67aca7c..41defb2 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -751,6 +751,10 @@
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/default.prop)
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/prop.default)
 
+# Workaround for Soong not being able to rebuild the host binary if its
+# JNI dependencies change: b/170389375
+$(call add-clean-step, rm -rf $(OUT_DIR)/soong/host/*/lib*/libconscrypt_openjdk_jni.so)
+
 # ************************************************
 # NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
 # ************************************************

OWNERS

diff --git a/OWNERS b/OWNERS
index 05f8b3d..4cac0f5 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,11 +1 @@
-# Core build team (MTV)
-ccross@android.com
-dwillemsen@google.com
-asmundak@google.com
-jungjw@google.com
-
-# To expedite LON reviews
-hansson@google.com
-
-# For version updates
-per-file version_defaults.mk = aseaton@google.com,elisapascual@google.com,lubomir@google.com,pscovanner@google.com
+include platform/build/soong:/OWNERS

core/Makefile

diff --git a/core/Makefile b/core/Makefile
index 467db19..2d7144a 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -1289,7 +1289,13 @@
 # Get a colon-separated list of search paths.
 INTERNAL_USERIMAGES_BINARY_PATHS := $(subst $(space),:,$(sort $(dir $(INTERNAL_USERIMAGES_DEPS))))
 
+# Collects file_contexts files from modules to be installed
+$(call merge-fc-files, \
+  $(sort $(foreach m,$(product_MODULES),$(ALL_MODULES.$(m).FILE_CONTEXTS))),\
+  $(call intermediates-dir-for,ETC,file_contexts.bin)/file_contexts.modules.tmp)
+
 SELINUX_FC := $(call intermediates-dir-for,ETC,file_contexts.bin)/file_contexts.bin
+
 INTERNAL_USERIMAGES_DEPS += $(SELINUX_FC)
 
 ifeq (true,$(PRODUCT_USE_DYNAMIC_PARTITIONS))
@@ -1329,6 +1335,7 @@
     $(if $(BOARD_USERDATAIMAGE_PARTITION_SIZE),$(hide) echo "userdata_size=$(BOARD_USERDATAIMAGE_PARTITION_SIZE)" >> $(1))
     $(if $(PRODUCT_FS_CASEFOLD),$(hide) echo "needs_casefold=$(PRODUCT_FS_CASEFOLD)" >> $(1))
     $(if $(PRODUCT_QUOTA_PROJID),$(hide) echo "needs_projid=$(PRODUCT_QUOTA_PROJID)" >> $(1))
+    $(if $(PRODUCT_FS_COMPRESSION),$(hide) echo "needs_compress=$(PRODUCT_FS_COMPRESSION)" >> $(1))
     $(hide) echo "userdata_selinux_fc=$(SELINUX_FC)" >> $(1)
     $(hide) echo "building_userdata_image=$(BUILDING_USERDATA_IMAGE)" >> $(1)
 )
@@ -1845,6 +1852,15 @@
 	$(hide) cat $(INSTALLED_SYSTEM_EXT_BUILD_PROP_TARGET) >> $@
 	$(call append-recovery-ui-properties,$(PRIVATE_RECOVERY_UI_PROPERTIES),$@)
 
+# Only install boot/etc/build.prop to recovery image on recovery_as_boot.
+# On device with dedicated recovery partition, the file should come from the boot
+# ramdisk.
+ifeq (true,$(BOARD_USES_RECOVERY_AS_BOOT))
+INSTALLED_RECOVERY_RAMDISK_BUILD_PROP_TARGET := $(TARGET_RECOVERY_ROOT_OUT)/$(RAMDISK_BUILD_PROP_REL_PATH)
+$(INSTALLED_RECOVERY_RAMDISK_BUILD_PROP_TARGET): $(INSTALLED_RAMDISK_BUILD_PROP_TARGET)
+	$(copy-file-to-target)
+endif
+
 ifeq (truetrue,$(strip $(BUILDING_VENDOR_BOOT_IMAGE))$(strip $(AB_OTA_UPDATER)))
   INTERNAL_RECOVERYIMAGE_ARGS := --ramdisk $(recovery_ramdisk)
 ifdef GENERIC_KERNEL_CMDLINE
@@ -1889,6 +1905,7 @@
 	    $(recovery_sepolicy) \
 	    $(INSTALLED_2NDBOOTLOADER_TARGET) \
 	    $(INSTALLED_RECOVERY_BUILD_PROP_TARGET) \
+	    $(INSTALLED_RECOVERY_RAMDISK_BUILD_PROP_TARGET) \
 	    $(recovery_resource_deps) \
 	    $(recovery_fstab)
 	# Making recovery image
@@ -2088,6 +2105,7 @@
 #
 # Note: it's intentional to skip signing for boot-debug.img, because it
 # can only be used if the device is unlocked with verification error.
+ifneq ($(INSTALLED_BOOTIMAGE_TARGET),)
 ifneq ($(strip $(TARGET_NO_KERNEL)),true)
 ifneq ($(strip $(BOARD_KERNEL_BINARIES)),)
   INSTALLED_DEBUG_BOOTIMAGE_TARGET := $(foreach k,$(subst kernel,boot-debug,$(BOARD_KERNEL_BINARIES)), \
@@ -2142,6 +2160,7 @@
 	$(foreach b,$(INSTALLED_DEBUG_BOOTIMAGE_TARGET),$(call build-debug-bootimage-target,$b))
 
 endif # TARGET_NO_KERNEL
+endif # INSTALLED_BOOTIMAGE_TARGET
 
 ifeq ($(BUILDING_VENDOR_BOOT_IMAGE),true)
 ifeq ($(BUILDING_RAMDISK_IMAGE),true)
@@ -3869,6 +3888,7 @@
   signapk \
   simg2img \
   sload_f2fs \
+  toybox \
   tune2fs \
   unpack_bootimg \
   update_host_simulator \
@@ -4375,6 +4395,7 @@
 	    $(INSTALLED_CUSTOMIMAGES_TARGET) \
 	    $(INSTALLED_ANDROID_INFO_TXT_TARGET) \
 	    $(INSTALLED_KERNEL_TARGET) \
+	    $(INSTALLED_RAMDISK_TARGET) \
 	    $(INSTALLED_DTBIMAGE_TARGET) \
 	    $(INSTALLED_2NDBOOTLOADER_TARGET) \
 	    $(BOARD_PREBUILT_DTBOIMAGE) \
@@ -4542,6 +4563,13 @@
 	@# Extra contents of the OTA package
 	$(hide) mkdir -p $(zip_root)/OTA
 	$(hide) cp $(INSTALLED_ANDROID_INFO_TXT_TARGET) $(zip_root)/OTA/
+ifdef BUILDING_RAMDISK_IMAGE
+ifeq (true,$(BOARD_IMG_USE_RAMDISK))
+	@# Contents of the ramdisk image
+	$(hide) mkdir -p $(zip_root)/IMAGES
+	$(hide) cp $(INSTALLED_RAMDISK_TARGET) $(zip_root)/IMAGES/
+endif
+endif
 ifeq ($(TARGET_OTA_ALLOW_NON_AB),true)
 ifneq ($(built_ota_tools),)
 	$(hide) mkdir -p $(zip_root)/OTA/bin
@@ -4765,7 +4793,7 @@
 
 $(INTERNAL_OTA_PACKAGE_TARGET): KEY_CERT_PAIR := $(DEFAULT_KEY_CERT_PAIR)
 $(INTERNAL_OTA_PACKAGE_TARGET): .KATI_IMPLICIT_OUTPUTS := $(INTERNAL_OTA_METADATA)
-$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTA_FROM_TARGET_FILES)
+$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTA_FROM_TARGET_FILES) $(INTERNAL_OTATOOLS_FILES)
 	@echo "Package OTA: $@"
 	$(call build-ota-package-target,$@,-k $(KEY_CERT_PAIR) --output_metadata_path $(INTERNAL_OTA_METADATA))
 
@@ -4783,7 +4811,8 @@
 $(INTERNAL_OTA_RETROFIT_DYNAMIC_PARTITIONS_PACKAGE_TARGET): KEY_CERT_PAIR := $(DEFAULT_KEY_CERT_PAIR)
 $(INTERNAL_OTA_RETROFIT_DYNAMIC_PARTITIONS_PACKAGE_TARGET): \
     $(BUILT_TARGET_FILES_PACKAGE) \
-    $(OTA_FROM_TARGET_FILES)
+    $(OTA_FROM_TARGET_FILES) \
+    $(INTERNAL_OTATOOLS_FILES)
 	@echo "Package OTA (retrofit dynamic partitions): $@"
 	$(call build-ota-package-target,$@,-k $(KEY_CERT_PAIR) --retrofit_dynamic_partitions)
 
@@ -4919,7 +4948,7 @@
 JACOCO_REPORT_CLASSES_ALL := $(PRODUCT_OUT)/jacoco-report-classes-all.jar
 $(JACOCO_REPORT_CLASSES_ALL) :
 	@echo "Collecting uninstrumented classes"
-	find $(TARGET_COMMON_OUT_ROOT) $(HOST_COMMON_OUT_ROOT) -name "jacoco-report-classes.jar" 2>/dev/null | sort > $@.list
+	find $(TARGET_COMMON_OUT_ROOT) $(HOST_COMMON_OUT_ROOT) -name "jacoco-report-classes.jar" -o -name "proguard_usage.zip" 2>/dev/null | sort > $@.list
 	$(SOONG_ZIP) -o $@ -L 0 -C $(OUT_DIR) -P out -l $@.list
 
 endif # EMMA_INSTRUMENT=true

core/OWNERS

diff --git a/core/OWNERS b/core/OWNERS
index 459683e..5456d4f 100644
--- a/core/OWNERS
+++ b/core/OWNERS
@@ -1,2 +1,6 @@
 per-file dex_preopt*.mk = ngeoffray@google.com,calin@google.com,mathewi@google.com,dbrazdil@google.com
 per-file verify_uses_libraries.sh = ngeoffray@google.com,calin@google.com,mathieuc@google.com
+
+# For version updates
+per-file version_defaults.mk = aseaton@google.com,elisapascual@google.com,lubomir@google.com,pscovanner@google.com
+

core/base_rules.mk

diff --git a/core/base_rules.mk b/core/base_rules.mk
index 58be7a2..adf61f1 100644
--- a/core/base_rules.mk
+++ b/core/base_rules.mk
@@ -987,6 +987,9 @@
 ALL_MODULES.$(my_register_name).TEST_CONFIG := $(test_config)
 ALL_MODULES.$(my_register_name).EXTRA_TEST_CONFIGS := $(LOCAL_EXTRA_FULL_TEST_CONFIGS)
 ALL_MODULES.$(my_register_name).TEST_MAINLINE_MODULES := $(LOCAL_TEST_MAINLINE_MODULES)
+ifndef LOCAL_IS_HOST_MODULE
+ALL_MODULES.$(my_register_name).FILE_CONTEXTS := $(LOCAL_FILE_CONTEXTS)
+endif
 test_config :=
 
 INSTALLABLE_FILES.$(LOCAL_INSTALLED_MODULE).MODULE := $(my_register_name)

core/board_config.mk

diff --git a/core/board_config.mk b/core/board_config.mk
index 95d8af8..05b6b29 100644
--- a/core/board_config.mk
+++ b/core/board_config.mk
@@ -342,23 +342,29 @@
 
 # Are we building a boot image
 BUILDING_BOOT_IMAGE :=
-ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
-  BUILDING_BOOT_IMAGE :=
-else ifeq ($(PRODUCT_BUILD_BOOT_IMAGE),)
-  ifdef BOARD_BOOTIMAGE_PARTITION_SIZE
+ifeq ($(PRODUCT_BUILD_BOOT_IMAGE),)
+  ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
+    BUILDING_BOOT_IMAGE :=
+  else ifdef BOARD_BOOTIMAGE_PARTITION_SIZE
     BUILDING_BOOT_IMAGE := true
   endif
 else ifeq ($(PRODUCT_BUILD_BOOT_IMAGE),true)
-  BUILDING_BOOT_IMAGE := true
+  ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
+    $(warning *** PRODUCT_BUILD_BOOT_IMAGE is true, but so is BOARD_USES_RECOVERY_AS_BOOT.)
+    $(warning *** Skipping building boot image.)
+    BUILDING_BOOT_IMAGE :=
+  else
+    BUILDING_BOOT_IMAGE := true
+  endif
 endif
 .KATI_READONLY := BUILDING_BOOT_IMAGE
 
 # Are we building a recovery image
 BUILDING_RECOVERY_IMAGE :=
-ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
-  BUILDING_RECOVERY_IMAGE := true
-else ifeq ($(PRODUCT_BUILD_RECOVERY_IMAGE),)
-  ifdef BOARD_RECOVERYIMAGE_PARTITION_SIZE
+ifeq ($(PRODUCT_BUILD_RECOVERY_IMAGE),)
+  ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
+    BUILDING_RECOVERY_IMAGE := true
+  else ifdef BOARD_RECOVERYIMAGE_PARTITION_SIZE
     ifeq (,$(filter true, $(TARGET_NO_KERNEL) $(TARGET_NO_RECOVERY)))
       BUILDING_RECOVERY_IMAGE := true
     endif
@@ -372,7 +378,14 @@
 BUILDING_VENDOR_BOOT_IMAGE :=
 ifdef BOARD_BOOT_HEADER_VERSION
   ifneq ($(call math_gt_or_eq,$(BOARD_BOOT_HEADER_VERSION),3),)
-    ifneq ($(TARGET_NO_VENDOR_BOOT),true)
+    ifneq ($(TARGET_NO_VENDOR_BOOT),)
+      $(warning TARGET_NO_VENDOR_BOOT has been deprecated. Please use PRODUCT_BUILD_VENDOR_BOOT_IMAGE.)
+      ifneq ($(TARGET_NO_VENDOR_BOOT),true)
+        BUILDING_VENDOR_BOOT_IMAGE := true
+      endif
+    else ifeq ($(PRODUCT_BUILD_VENDOR_BOOT_IMAGE),)
+      BUILDING_VENDOR_BOOT_IMAGE := true
+    else ifeq ($(PRODUCT_BUILD_VENDOR_BOOT_IMAGE),true)
       BUILDING_VENDOR_BOOT_IMAGE := true
     endif
   endif

core/clear_vars.mk

diff --git a/core/clear_vars.mk b/core/clear_vars.mk
index d515db3..6e1cb68 100644
--- a/core/clear_vars.mk
+++ b/core/clear_vars.mk
@@ -74,7 +74,6 @@
 LOCAL_DROIDDOC_CUSTOM_ASSET_DIR:=
 LOCAL_DROIDDOC_CUSTOM_TEMPLATE_DIR:=
 LOCAL_DROIDDOC_DOC_ZIP :=
-LOCAL_DROIDDOC_JDIFF_DOC_ZIP :=
 LOCAL_DROIDDOC_HTML_DIR:=
 LOCAL_DROIDDOC_METADATA_ZIP:=
 LOCAL_DROIDDOC_OPTIONS:=
@@ -102,6 +101,7 @@
 LOCAL_EXTRACT_APK:=
 LOCAL_EXTRACT_DPI_APK:=
 LOCAL_FDO_SUPPORT:=
+LOCAL_FILE_CONTEXTS:=
 LOCAL_FINDBUGS_FLAGS:=
 LOCAL_FORCE_STATIC_EXECUTABLE:=
 LOCAL_FULL_CLASSES_JACOCO_JAR:=

core/config.mk

diff --git a/core/config.mk b/core/config.mk
index be0b55c..e197276 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -155,6 +155,8 @@
 $(KATI_obsolete_var COVERAGE_EXCLUDE_PATHS,Use NATIVE_COVERAGE_EXCLUDE_PATHS instead)
 $(KATI_obsolete_var BOARD_VNDK_RUNTIME_DISABLE,VNDK-Lite is no longer supported.)
 $(KATI_obsolete_var LOCAL_SANITIZE_BLACKLIST,Use LOCAL_SANITIZE_BLOCKLIST instead.)
+$(KATI_deprecated_var BOARD_PLAT_PUBLIC_SEPOLICY_DIR,Use SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS instead.)
+$(KATI_deprecated_var BOARD_PLAT_PRIVATE_SEPOLICY_DIR,Use SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS instead.)
 
 # Used to force goals to build.  Only use for conditionally defined goals.
 .PHONY: FORCE
@@ -994,16 +996,6 @@
 # Set up final options.
 # ###############################################################
 
-# We run gcc/clang with PWD=/proc/self/cwd to remove the $TOP
-# from the debug output. That way two builds in two different
-# directories will create the same output.
-# /proc doesn't exist on Darwin.
-ifeq ($(HOST_OS),linux)
-RELATIVE_PWD := PWD=/proc/self/cwd
-else
-RELATIVE_PWD :=
-endif
-
 # Flags for DEX2OAT
 first_non_empty_of_three = $(if $(1),$(1),$(if $(2),$(2),$(3)))
 DEX2OAT_TARGET_ARCH := $(TARGET_ARCH)

core/definitions.mk

diff --git a/core/definitions.mk b/core/definitions.mk
index bfbeee3..0a65a15 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -1179,7 +1179,7 @@
 @echo "$($(PRIVATE_PREFIX)DISPLAY) $(PRIVATE_ARM_MODE) C++: $(PRIVATE_MODULE) <= $<"
 @mkdir -p $(dir $@)
 $(if $(PRIVATE_TIDY_CHECKS),$(clang-tidy-cpp))
-$(hide) $(RELATIVE_PWD) $(PRIVATE_CXX) \
+$(hide) $(PRIVATE_CXX) \
   $(transform-cpp-to-o-compiler-args) \
   -MD -MF $(patsubst %.o,%.d,$@) -o $@ $<
 endef
@@ -1225,7 +1225,7 @@
 @echo "$($(PRIVATE_PREFIX)DISPLAY) $(PRIVATE_ARM_MODE) C: $(PRIVATE_MODULE) <= $<"
 @mkdir -p $(dir $@)
 $(if $(PRIVATE_TIDY_CHECKS),$(clang-tidy-c))
-$(hide) $(RELATIVE_PWD) $(PRIVATE_CC) \
+$(hide) $(PRIVATE_CC) \
   $(transform-c-to-o-compiler-args) \
   -MD -MF $(patsubst %.o,%.d,$@) -o $@ $<
 endef
@@ -1234,7 +1234,7 @@
 define transform-s-to-o
 @echo "$($(PRIVATE_PREFIX)DISPLAY) asm: $(PRIVATE_MODULE) <= $<"
 @mkdir -p $(dir $@)
-$(RELATIVE_PWD) $(PRIVATE_CC) \
+$(PRIVATE_CC) \
   $(call transform-c-or-s-to-o-compiler-args, $(PRIVATE_ASFLAGS)) \
   -MD -MF $(patsubst %.o,%.d,$@) -o $@ $<
 endef
@@ -1293,7 +1293,7 @@
 @echo "$($(PRIVATE_PREFIX)DISPLAY) C++: $(PRIVATE_MODULE) <= $<"
 @mkdir -p $(dir $@)
 $(if $(PRIVATE_TIDY_CHECKS),$(clang-tidy-host-cpp))
-$(hide) $(RELATIVE_PWD) $(PRIVATE_CXX) \
+$(hide) $(PRIVATE_CXX) \
   $(transform-host-cpp-to-o-compiler-args) \
   -MD -MF $(patsubst %.o,%.d,$@) -o $@ $<
 endef
@@ -1316,7 +1316,7 @@
 # $(1): extra flags
 define transform-host-c-or-s-to-o
 @mkdir -p $(dir $@)
-$(hide) $(RELATIVE_PWD) $(PRIVATE_CC) \
+$(hide) $(PRIVATE_CC) \
   $(transform-host-c-or-s-to-o-common-args) \
   $(1) \
   -MD -MF $(patsubst %.o,%.d,$@) -o $@ $<
@@ -1343,7 +1343,7 @@
 @echo "$($(PRIVATE_PREFIX)DISPLAY) C: $(PRIVATE_MODULE) <= $<"
 @mkdir -p $(dir $@)
 $(if $(PRIVATE_TIDY_CHECKS), $(clang-tidy-host-c))
-$(hide) $(RELATIVE_PWD) $(PRIVATE_CC) \
+$(hide) $(PRIVATE_CC) \
   $(transform-host-c-to-o-compiler-args) \
   -MD -MF $(patsubst %.o,%.d,$@) -o $@ $<
 endef

core/main.mk

diff --git a/core/main.mk b/core/main.mk
index 8c29045..40cc70f 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -1745,6 +1745,7 @@
     $(INSTALLED_PRODUCT_BUILD_PROP_TARGET):build.prop-product \
     $(INSTALLED_ODM_BUILD_PROP_TARGET):build.prop-odm \
     $(INSTALLED_SYSTEM_EXT_BUILD_PROP_TARGET):build.prop-system_ext \
+    $(INSTALLED_RAMDISK_BUILD_PROP_TARGET):build.prop-ramdisk \
     $(BUILT_TARGET_FILES_PACKAGE) \
     $(INSTALLED_ANDROID_INFO_TXT_TARGET) \
     $(INSTALLED_MISC_INFO_TARGET) \

core/ninja_config.mk

diff --git a/core/ninja_config.mk b/core/ninja_config.mk
index 6fccacd..2e1bd69 100644
--- a/core/ninja_config.mk
+++ b/core/ninja_config.mk
@@ -39,7 +39,6 @@
 	user \
 	userdataimage \
 	userdebug \
-	vts10 \
 	win_sdk \
 	winsdk-tools
 

core/notice_files.mk

diff --git a/core/notice_files.mk b/core/notice_files.mk
index 721a034..0430007 100644
--- a/core/notice_files.mk
+++ b/core/notice_files.mk
@@ -79,8 +79,9 @@
       endif
       module_installed_filename := \
           $(patsubst $(PRODUCT_OUT)/%,%,$($(my_prefix)OUT_JAVA_LIBRARIES))/$(module_leaf)
-    else ifeq ($(LOCAL_MODULE_CLASS),ETC)
-      # ETC modules may be uninstallable, yet still have a NOTICE file. e.g. apex components
+    else ifneq ($(filter ETC DATA,$(LOCAL_MODULE_CLASS)),)
+      # ETC and DATA modules may be uninstallable, yet still have a NOTICE file.
+      # e.g. apex components
       module_installed_filename :=
     else ifneq (,$(and $(filter %.sdk,$(LOCAL_MODULE)),$(filter $(patsubst %.sdk,%,$(LOCAL_MODULE)),$(SOONG_SDK_VARIANT_MODULES))))
       # Soong produces uninstallable *.sdk shared libraries for embedding in APKs.

core/product.mk

diff --git a/core/product.mk b/core/product.mk
index 624501e..666e390 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -380,6 +380,7 @@
 _product_single_value_vars += PRODUCT_BUILD_USERDATA_IMAGE
 _product_single_value_vars += PRODUCT_BUILD_RECOVERY_IMAGE
 _product_single_value_vars += PRODUCT_BUILD_BOOT_IMAGE
+_product_single_value_vars += PRODUCT_BUILD_VENDOR_BOOT_IMAGE
 _product_single_value_vars += PRODUCT_BUILD_VBMETA_IMAGE
 
 # List of boot jars delivered via apex

core/rbe.mk

diff --git a/core/rbe.mk b/core/rbe.mk
index 91606d4..90375c7 100644
--- a/core/rbe.mk
+++ b/core/rbe.mk
@@ -57,7 +57,7 @@
   java_r8_d8_platform := $(platform),Pool=java16
 
   RBE_WRAPPER := $(rbe_dir)/rewrapper
-  RBE_CXX := --labels=type=compile,lang=cpp,compiler=clang --env_var_allowlist=PWD --exec_strategy=$(cxx_rbe_exec_strategy) --platform=$(cxx_platform) --compare=$(cxx_compare)
+  RBE_CXX := --labels=type=compile,lang=cpp,compiler=clang --exec_strategy=$(cxx_rbe_exec_strategy) --platform=$(cxx_platform) --compare=$(cxx_compare)
 
   # Append rewrapper to existing *_WRAPPER variables so it's possible to
   # use both ccache and rewrapper.

core/soong_cc_prebuilt.mk

diff --git a/core/soong_cc_prebuilt.mk b/core/soong_cc_prebuilt.mk
index 770408c..a12ef66 100644
--- a/core/soong_cc_prebuilt.mk
+++ b/core/soong_cc_prebuilt.mk
@@ -151,7 +151,7 @@
 ifeq ($(LOCAL_IS_HOST_MODULE) $(if $(filter EXECUTABLES SHARED_LIBRARIES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),true,),true true)
 	$(copy-or-link-prebuilt-to-target)
   ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),)
-	[ -x $@ ] || $(call echo-error,$@,Target of symlink is not executable)
+	[ -x $@ ] || ( $(call echo-error,$@,Target of symlink is not executable); false )
   endif
 else
 	$(transform-prebuilt-to-target)

core/soong_config.mk

diff --git a/core/soong_config.mk b/core/soong_config.mk
index ad2e816..de60b5b 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -131,7 +131,7 @@
 $(call add_json_list, DeviceSystemSdkVersions,           $(BOARD_SYSTEMSDK_VERSIONS))
 $(call add_json_list, Platform_systemsdk_versions,       $(PLATFORM_SYSTEMSDK_VERSIONS))
 $(call add_json_bool, Malloc_not_svelte,                 $(call invert_bool,$(filter true,$(MALLOC_SVELTE))))
-$(call add_json_bool, Malloc_zero_contents,              $(MALLOC_ZERO_CONTENTS))
+$(call add_json_bool, Malloc_zero_contents,              $(call invert_bool,$(filter false,$(MALLOC_ZERO_CONTENTS))))
 $(call add_json_bool, Malloc_pattern_fill_contents,      $(MALLOC_PATTERN_FILL_CONTENTS))
 $(call add_json_str,  Override_rs_driver,                $(OVERRIDE_RS_DRIVER))
 
@@ -174,8 +174,9 @@
 $(call add_json_list, BoardOdmSepolicyDirs,              $(BOARD_ODM_SEPOLICY_DIRS))
 $(call add_json_list, BoardVendorDlkmSepolicyDirs,       $(BOARD_VENDOR_DLKM_SEPOLICY_DIRS))
 $(call add_json_list, BoardOdmDlkmSepolicyDirs,          $(BOARD_ODM_DLKM_SEPOLICY_DIRS))
-$(call add_json_list, BoardPlatPublicSepolicyDirs,       $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
-$(call add_json_list, BoardPlatPrivateSepolicyDirs,      $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
+# TODO: BOARD_PLAT_* dirs only kept for compatibility reasons. Will be a hard error on API level 31
+$(call add_json_list, SystemExtPublicSepolicyDirs,       $(SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS) $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
+$(call add_json_list, SystemExtPrivateSepolicyDirs,      $(SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS) $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
 $(call add_json_list, BoardSepolicyM4Defs,               $(BOARD_SEPOLICY_M4DEFS))
 
 $(call add_json_bool, Flatten_apex,                      $(filter true,$(TARGET_FLATTEN_APEX)))

core/soong_droiddoc_prebuilt.mk

diff --git a/core/soong_droiddoc_prebuilt.mk b/core/soong_droiddoc_prebuilt.mk
index c0467df..4dc5d08 100644
--- a/core/soong_droiddoc_prebuilt.mk
+++ b/core/soong_droiddoc_prebuilt.mk
@@ -29,16 +29,6 @@
 $(eval $(call copy-one-file,$(LOCAL_DROIDDOC_API_VERSIONS_XML),$(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/$(LOCAL_MODULE)_generated-api-versions.xml))
 endif
 
-ifdef LOCAL_DROIDDOC_JDIFF_DOC_ZIP
-$(eval $(call copy-one-file,$(LOCAL_DROIDDOC_JDIFF_DOC_ZIP),$(OUT_DOCS)/$(LOCAL_MODULE)-jdiff-docs.zip))
-$(call dist-for-goals,docs,$(OUT_DOCS)/$(LOCAL_MODULE)-jdiff-docs.zip)
-
-ALL_DOCS += $(OUT_DOCS)/$(LOCAL_MODULE)-jdiff-docs.zip
-
-.PHONY: $(LOCAL_MODULE) $(LOCAL_MODULE)-jdiff
-$(LOCAL_MODULE) $(LOCAL_MODULE)-jdiff : $(OUT_DOCS)/$(LOCAL_MODULE)-jdiff-docs.zip
-endif
-
 ifdef LOCAL_DROIDDOC_METADATA_ZIP
 $(eval $(call copy-one-file,$(LOCAL_DROIDDOC_METADATA_ZIP),$(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/$(LOCAL_MODULE)-metadata.zip))
 endif

core/soong_rust_prebuilt.mk

diff --git a/core/soong_rust_prebuilt.mk b/core/soong_rust_prebuilt.mk
index 2f4c6e7..dea7340 100644
--- a/core/soong_rust_prebuilt.mk
+++ b/core/soong_rust_prebuilt.mk
@@ -60,7 +60,7 @@
 ifeq ($(LOCAL_IS_HOST_MODULE) $(if $(filter EXECUTABLES SHARED_LIBRARIES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),true,),true true)
 	$(copy-or-link-prebuilt-to-target)
   ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),)
-	[ -x $@ ] || $(call echo-error,$@,Target of symlink is not executable)
+	[ -x $@ ] || ( $(call echo-error,$@,Target of symlink is not executable); false )
   endif
 else
 	$(transform-prebuilt-to-target)

core/sysprop.mk

diff --git a/core/sysprop.mk b/core/sysprop.mk
index 73dbec7..a74ff9f 100644
--- a/core/sysprop.mk
+++ b/core/sysprop.mk
@@ -429,3 +429,13 @@
     $(_prop_files_),\
     $(_prop_vars_),\
     $(empty)))
+
+# ----------------------------------------------------------------
+# ramdisk/boot/etc/build.prop
+#
+
+RAMDISK_BUILD_PROP_REL_PATH := system/etc/ramdisk/build.prop
+INSTALLED_RAMDISK_BUILD_PROP_TARGET := $(TARGET_RAMDISK_OUT)/$(RAMDISK_BUILD_PROP_REL_PATH)
+$(eval $(call build-properties,\
+    bootimage,\
+    $(INSTALLED_RAMDISK_BUILD_PROP_TARGET)))

core/tasks/apidiff.mk

diff --git a/core/tasks/apidiff.mk b/core/tasks/apidiff.mk
deleted file mode 100644
index 76e4749..0000000
--- a/core/tasks/apidiff.mk
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright (C) 2017 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#
-# Rules for building API diffs.
-#
-
-.PHONY: api-diff
-
-api-diff: api-stubs-docs-jdiff

core/tasks/tools/vts_package_utils.mk

diff --git a/core/tasks/tools/vts_package_utils.mk b/core/tasks/tools/vts_package_utils.mk
new file mode 100644
index 0000000..47bf29c
--- /dev/null
+++ b/core/tasks/tools/vts_package_utils.mk
@@ -0,0 +1,33 @@
+#
+# Copyright (C) 2020 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# $(1): List of target native files to copy.
+# $(2): Copy destination directory.
+# Evaluates to a list of ":"-separated pairs src:dst.
+define target-native-copy-pairs
+$(foreach m,$(1),\
+  $(eval _built_files := $(strip $(ALL_MODULES.$(m).BUILT_INSTALLED)\
+  $(ALL_MODULES.$(m)$(TARGET_2ND_ARCH_MODULE_SUFFIX).BUILT_INSTALLED)))\
+  $(foreach i, $(_built_files),\
+    $(eval bui_ins := $(subst :,$(space),$(i)))\
+    $(eval ins := $(word 2,$(bui_ins)))\
+    $(if $(filter $(TARGET_OUT_ROOT)/%,$(ins)),\
+      $(eval bui := $(word 1,$(bui_ins)))\
+      $(eval my_copy_dest := $(patsubst data/%,DATA/%,\
+                               $(patsubst system/%,DATA/%,\
+                                   $(patsubst $(PRODUCT_OUT)/%,%,$(ins)))))\
+      $(bui):$(2)/$(my_copy_dest))))
+endef

core/tasks/vts-core-tests.mk

diff --git a/core/tasks/vts-core-tests.mk b/core/tasks/vts-core-tests.mk
index a3247da..95c4d24 100644
--- a/core/tasks/vts-core-tests.mk
+++ b/core/tasks/vts-core-tests.mk
@@ -15,6 +15,8 @@
 -include external/linux-kselftest/android/kselftest_test_list.mk
 -include external/ltp/android/ltp_package_list.mk
 
+include $(BUILD_SYSTEM)/tasks/tools/vts_package_utils.mk
+
 test_suite_name := vts
 test_suite_tradefed := vts-tradefed
 test_suite_readme := test/vts/tools/vts-core-tradefed/README

core/version_defaults.mk

diff --git a/core/version_defaults.mk b/core/version_defaults.mk
index b507ca9..41696e8 100644
--- a/core/version_defaults.mk
+++ b/core/version_defaults.mk
@@ -240,7 +240,7 @@
     #  It must be of the form "YYYY-MM-DD" on production devices.
     #  It must match one of the Android Security Patch Level strings of the Public Security Bulletins.
     #  If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
-      PLATFORM_SECURITY_PATCH := 2020-09-05
+      PLATFORM_SECURITY_PATCH := 2020-10-05
 endif
 .KATI_READONLY := PLATFORM_SECURITY_PATCH
 

envsetup.sh

diff --git a/envsetup.sh b/envsetup.sh
index a3b07a7..82c4565 100644
--- a/envsetup.sh
+++ b/envsetup.sh
@@ -318,6 +318,59 @@
     #export HOST_EXTRACFLAGS="-I "$T/system/kernel_headers/host_include
 }
 
+function abazel()
+{
+    local T="$(gettop)"
+    if [ ! "$T" ]; then
+        echo "Couldn't locate the top of the tree.  Try setting TOP."
+        return
+    fi
+
+    case $(uname -s) in
+        Darwin)
+            ANDROID_BAZEL_PATH="${T}/prebuilts/bazel/darwin-x86_64/bazel"
+            ANDROID_BAZELRC_PATH="${T}/build/bazel/darwin.bazelrc"
+            ANDROID_BAZEL_JDK_PATH="${T}/prebuilts/jdk/jdk11/darwin-x86"
+            ;;
+        Linux)
+            ANDROID_BAZEL_PATH="${T}/prebuilts/bazel/linux-x86_64/bazel"
+            ANDROID_BAZELRC_PATH="${T}/build/bazel/linux.bazelrc"
+            ANDROID_BAZEL_JDK_PATH="${T}/prebuilts/jdk/jdk11/linux-x86"
+            ;;
+        *)
+            ANDROID_BAZEL_PATH=
+            ANDROID_BAZELRC_PATH=
+            ANDROID_BAZEL_JDK_PATH=
+            ;;
+    esac
+
+    if [ -n "$ANDROID_BAZEL_PATH" -a -f "$ANDROID_BAZEL_PATH" ]; then
+        export ANDROID_BAZEL_PATH
+    else
+        echo "Couldn't locate Bazel binary"
+        return
+    fi
+
+    if [ -n "$ANDROID_BAZELRC_PATH" -a -f "$ANDROID_BAZELRC_PATH" ]; then
+        export ANDROID_BAZELRC_PATH
+    else
+        echo "Couldn't locate bazelrc file for Bazel"
+        return
+    fi
+
+    if [ -n "$ANDROID_BAZEL_JDK_PATH" -a -d "$ANDROID_BAZEL_JDK_PATH" ]; then
+        export ANDROID_BAZEL_JDK_PATH
+    else
+        echo "Couldn't locate JDK to use for Bazel"
+        return
+    fi
+
+    echo "WARNING: Bazel support for the Android Platform is experimental and is undergoing development."
+    echo "WARNING: Currently, build stability is not guaranteed. Thank you."
+    echo
+    "${ANDROID_BAZEL_PATH}" --server_javabase="${ANDROID_BAZEL_JDK_PATH}" --bazelrc="${ANDROID_BAZELRC_PATH}" "$@"
+}
+
 function printconfig()
 {
     local T=$(gettop)
@@ -769,7 +822,7 @@
     local TOPFILE=build/make/core/envsetup.mk
     if [ -n "$TOP" -a -f "$TOP/$TOPFILE" ] ; then
         # The following circumlocution ensures we remove symlinks from TOP.
-        (cd $TOP; PWD= /bin/pwd)
+        (cd "$TOP"; PWD= /bin/pwd)
     else
         if [ -f $TOPFILE ] ; then
             # The following circumlocution (repeated below as well) ensures
@@ -779,13 +832,13 @@
         else
             local HERE=$PWD
             local T=
-            while [ \( ! \( -f $TOPFILE \) \) -a \( $PWD != "/" \) ]; do
+            while [ \( ! \( -f $TOPFILE \) \) -a \( "$PWD" != "/" \) ]; do
                 \cd ..
                 T=`PWD= /bin/pwd -P`
             done
-            \cd $HERE
+            \cd "$HERE"
             if [ -f "$T/$TOPFILE" ]; then
-                echo $T
+                echo "$T"
             fi
         fi
     fi
@@ -1600,25 +1653,26 @@
 # This allows loading only approved vendorsetup.sh files
 function source_vendorsetup() {
     unset VENDOR_PYTHONPATH
+    local T="$(gettop)"
     allowed=
-    for f in $(find -L device vendor product -maxdepth 4 -name 'allowed-vendorsetup_sh-files' 2>/dev/null | sort); do
+    for f in $(cd "$T" && find -L device vendor product -maxdepth 4 -name 'allowed-vendorsetup_sh-files' 2>/dev/null | sort); do
         if [ -n "$allowed" ]; then
             echo "More than one 'allowed_vendorsetup_sh-files' file found, not including any vendorsetup.sh files:"
             echo "  $allowed"
             echo "  $f"
             return
         fi
-        allowed="$f"
+        allowed="$T/$f"
     done
 
     allowed_files=
     [ -n "$allowed" ] && allowed_files=$(cat "$allowed")
     for dir in device vendor product; do
-        for f in $(test -d $dir && \
+        for f in $(cd "$T" && test -d $dir && \
             find -L $dir -maxdepth 4 -name 'vendorsetup.sh' 2>/dev/null | sort); do
 
             if [[ -z "$allowed" || "$allowed_files" =~ $f ]]; then
-                echo "including $f"; . "$f"
+                echo "including $f"; . "$T/$f"
             else
                 echo "ignoring $f, not in $allowed"
             fi

target/board/emulator_arm64/BoardConfig.mk

diff --git a/target/board/emulator_arm64/BoardConfig.mk b/target/board/emulator_arm64/BoardConfig.mk
index b34ccb4..a17cb75 100644
--- a/target/board/emulator_arm64/BoardConfig.mk
+++ b/target/board/emulator_arm64/BoardConfig.mk
@@ -23,7 +23,7 @@
 TARGET_2ND_CPU_ABI := armeabi-v7a
 TARGET_2ND_CPU_ABI2 := armeabi
 
-ifneq ($(TARGET_BUILD_APPS)$(filter cts sdk vts10,$(MAKECMDGOALS)),)
+ifneq ($(TARGET_BUILD_APPS)$(filter cts sdk,$(MAKECMDGOALS)),)
 # DO NOT USE
 # DO NOT USE
 #

target/board/emulator_arm64/device.mk

diff --git a/target/board/emulator_arm64/device.mk b/target/board/emulator_arm64/device.mk
index 73dc2f4..dc84192 100644
--- a/target/board/emulator_arm64/device.mk
+++ b/target/board/emulator_arm64/device.mk
@@ -19,7 +19,7 @@
 
 # Cuttlefish has GKI kernel prebuilts, so use those for the GKI boot.img.
 ifeq ($(TARGET_PREBUILT_KERNEL),)
-    LOCAL_KERNEL := device/google/cuttlefish_kernel/5.4-arm64/kernel
+    LOCAL_KERNEL := kernel/prebuilts/5.4/arm64/kernel-5.4-lz4
 else
     LOCAL_KERNEL := $(TARGET_PREBUILT_KERNEL)
 endif

target/board/generic_arm64/BoardConfig.mk

diff --git a/target/board/generic_arm64/BoardConfig.mk b/target/board/generic_arm64/BoardConfig.mk
index c45a8ab..d5331ad 100644
--- a/target/board/generic_arm64/BoardConfig.mk
+++ b/target/board/generic_arm64/BoardConfig.mk
@@ -23,7 +23,7 @@
 TARGET_2ND_CPU_ABI := armeabi-v7a
 TARGET_2ND_CPU_ABI2 := armeabi
 
-ifneq ($(TARGET_BUILD_APPS)$(filter cts sdk vts10,$(MAKECMDGOALS)),)
+ifneq ($(TARGET_BUILD_APPS)$(filter cts sdk,$(MAKECMDGOALS)),)
 # DO NOT USE
 # DO NOT USE
 #

target/board/generic_arm64/device.mk

diff --git a/target/board/generic_arm64/device.mk b/target/board/generic_arm64/device.mk
index 1585fbd..6f1bba0 100644
--- a/target/board/generic_arm64/device.mk
+++ b/target/board/generic_arm64/device.mk
@@ -16,16 +16,16 @@
 
 PRODUCT_COPY_FILES += \
     kernel/prebuilts/4.19/arm64/Image.gz:kernel-4.19-gz \
-    device/google/cuttlefish_kernel/5.4-arm64/kernel-5.4:kernel-5.4 \
-    device/google/cuttlefish_kernel/5.4-arm64/kernel-5.4-gz:kernel-5.4-gz \
-    device/google/cuttlefish_kernel/5.4-arm64/kernel-5.4-lz4:kernel-5.4-lz4 \
-    kernel/prebuilts/mainline/arm64/kernel-mainline:kernel-mainline \
-    kernel/prebuilts/mainline/arm64/kernel-mainline-gz:kernel-mainline-gz \
-    kernel/prebuilts/mainline/arm64/kernel-mainline-lz4:kernel-mainline-lz4
+    kernel/prebuilts/5.4/arm64/kernel-5.4:kernel-5.4 \
+    kernel/prebuilts/5.4/arm64/kernel-5.4-gz:kernel-5.4-gz \
+    kernel/prebuilts/5.4/arm64/kernel-5.4-lz4:kernel-5.4-lz4 \
+    kernel/prebuilts/mainline/arm64/kernel-mainline-allsyms:kernel-mainline \
+    kernel/prebuilts/mainline/arm64/kernel-mainline-gz-allsyms:kernel-mainline-gz \
+    kernel/prebuilts/mainline/arm64/kernel-mainline-lz4-allsyms:kernel-mainline-lz4
 
 ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
 PRODUCT_COPY_FILES += \
-    device/google/cuttlefish_kernel/5.4-arm64/kernel-5.4:kernel-5.4-allsyms \
-    device/google/cuttlefish_kernel/5.4-arm64/kernel-5.4-gz:kernel-5.4-gz-allsyms \
-    device/google/cuttlefish_kernel/5.4-arm64/kernel-5.4-lz4:kernel-5.4-lz4-allsyms
+    kernel/prebuilts/5.4/arm64/kernel-5.4:kernel-5.4-allsyms \
+    kernel/prebuilts/5.4/arm64/kernel-5.4-gz:kernel-5.4-gz-allsyms \
+    kernel/prebuilts/5.4/arm64/kernel-5.4-lz4:kernel-5.4-lz4-allsyms
 endif

target/product/base_product.mk

diff --git a/target/product/base_product.mk b/target/product/base_product.mk
index 2ed550c..0166ecc 100644
--- a/target/product/base_product.mk
+++ b/target/product/base_product.mk
@@ -21,3 +21,4 @@
     passwd_product \
     product_compatibility_matrix.xml \
     product_manifest.xml \
+    selinux_policy_product \

target/product/base_system.mk

diff --git a/target/product/base_system.mk b/target/product/base_system.mk
index 586c058..1a28cf0 100644
--- a/target/product/base_system.mk
+++ b/target/product/base_system.mk
@@ -38,7 +38,6 @@
     bcc \
     blank_screen \
     blkid \
-    service-blobstore \
     bmgr \
     bootanimation \
     bootstat \
@@ -117,7 +116,6 @@
     iptables \
     ip-up-vpn \
     javax.obex \
-    service-jobscheduler \
     keystore \
     credstore \
     ld.mc \

target/product/base_system_ext.mk

diff --git a/target/product/base_system_ext.mk b/target/product/base_system_ext.mk
index b67549a..58921d8 100644
--- a/target/product/base_system_ext.mk
+++ b/target/product/base_system_ext.mk
@@ -19,3 +19,4 @@
     group_system_ext \
     system_ext_manifest.xml \
     passwd_system_ext \
+    selinux_policy_system_ext \

target/product/gsi/current.txt

diff --git a/target/product/gsi/current.txt b/target/product/gsi/current.txt
index baf1382..f2ef002 100644
--- a/target/product/gsi/current.txt
+++ b/target/product/gsi/current.txt
@@ -19,6 +19,7 @@
 LLNDK: libvndksupport.so
 LLNDK: libvulkan.so
 VNDK-SP: android.hardware.common-V1-ndk_platform.so
+VNDK-SP: android.hardware.common.fmq-V1-ndk_platform.so
 VNDK-SP: android.hardware.graphics.common-V1-ndk_platform.so
 VNDK-SP: android.hardware.graphics.common@1.0.so
 VNDK-SP: android.hardware.graphics.common@1.1.so
@@ -79,6 +80,7 @@
 VNDK-core: android.hardware.vibrator-V1-ndk_platform.so
 VNDK-core: android.hidl.token@1.0-utils.so
 VNDK-core: android.hidl.token@1.0.so
+VNDK-core: android.system.keystore2-V1-ndk_platform.so
 VNDK-core: android.system.suspend@1.0.so
 VNDK-core: libadf.so
 VNDK-core: libaudioroute.so

target/product/runtime_libart.mk

diff --git a/target/product/runtime_libart.mk b/target/product/runtime_libart.mk
index 7633abe..ec30527 100644
--- a/target/product/runtime_libart.mk
+++ b/target/product/runtime_libart.mk
@@ -30,8 +30,8 @@
 # ART APEX module.
 # Note that this package includes the minimal boot classpath JARs (listed in
 # ART_APEX_JARS), which should no longer be added directly to PRODUCT_PACKAGES.
-PRODUCT_PACKAGES += com.android.art
-PRODUCT_HOST_PACKAGES += com.android.art
+PRODUCT_PACKAGES += com.android.art-autoselect
+PRODUCT_HOST_PACKAGES += com.android.art-autoselect
 
 # Certificates.
 PRODUCT_PACKAGES += \

tools/releasetools/Android.bp

diff --git a/tools/releasetools/Android.bp b/tools/releasetools/Android.bp
index 45e0514..e1543e7 100644
--- a/tools/releasetools/Android.bp
+++ b/tools/releasetools/Android.bp
@@ -125,6 +125,9 @@
     required: [
         "brillo_update_payload",
         "checkvintf",
+        "lz4",
+        "toybox",
+        "unpack_bootimg"
     ],
     target: {
         darwin: {

tools/releasetools/apex_utils.py

diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py
index 8783f25..3eb5196 100644
--- a/tools/releasetools/apex_utils.py
+++ b/tools/releasetools/apex_utils.py
@@ -177,7 +177,7 @@
 
     # Add the payload image back to the apex file.
     common.ZipDelete(self.apex_path, APEX_PAYLOAD_IMAGE)
-    with zipfile.ZipFile(self.apex_path, 'a') as output_apex:
+    with zipfile.ZipFile(self.apex_path, 'a', allowZip64=True) as output_apex:
       common.ZipWrite(output_apex, payload_img, APEX_PAYLOAD_IMAGE,
                       compress_type=zipfile.ZIP_STORED)
     return self.apex_path
@@ -351,7 +351,7 @@
   common.ZipDelete(apex_file, APEX_PAYLOAD_IMAGE)
   if APEX_PUBKEY in zip_items:
     common.ZipDelete(apex_file, APEX_PUBKEY)
-  apex_zip = zipfile.ZipFile(apex_file, 'a')
+  apex_zip = zipfile.ZipFile(apex_file, 'a', allowZip64=True)
   common.ZipWrite(apex_zip, payload_file, arcname=APEX_PAYLOAD_IMAGE)
   common.ZipWrite(apex_zip, payload_public_key, arcname=APEX_PUBKEY)
   common.ZipClose(apex_zip)

tools/releasetools/build_image.py

diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index 9cc072f..169a112 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -250,6 +250,7 @@
   run_e2fsck = False
   needs_projid = prop_dict.get("needs_projid", 0)
   needs_casefold = prop_dict.get("needs_casefold", 0)
+  needs_compress = prop_dict.get("needs_compress", 0)
 
   if fs_type.startswith("ext"):
     build_command = [prop_dict["ext_mkuserimg"]]
@@ -337,6 +338,8 @@
       build_command.append("--prjquota")
     if (needs_casefold):
       build_command.append("--casefold")
+    if (needs_compress):
+      build_command.append("--compression")
   else:
     raise BuildImageError(
         "Error: unknown filesystem type: {}".format(fs_type))
@@ -610,6 +613,7 @@
     copy_prop("userdata_selinux_fc", "selinux_fc")
     copy_prop("needs_casefold", "needs_casefold")
     copy_prop("needs_projid", "needs_projid")
+    copy_prop("needs_compress", "needs_compress")
   elif mount_point == "cache":
     copy_prop("cache_fs_type", "fs_type")
     copy_prop("cache_size", "partition_size")

tools/releasetools/check_ota_package_signature.py

diff --git a/tools/releasetools/check_ota_package_signature.py b/tools/releasetools/check_ota_package_signature.py
index 0d990f1..58510a5 100755
--- a/tools/releasetools/check_ota_package_signature.py
+++ b/tools/releasetools/check_ota_package_signature.py
@@ -140,7 +140,7 @@
 
 def VerifyAbOtaPayload(cert, package):
   """Verifies the payload and metadata signatures in an A/B OTA payload."""
-  package_zip = zipfile.ZipFile(package, 'r')
+  package_zip = zipfile.ZipFile(package, 'r', allowZip64=True)
   if 'payload.bin' not in package_zip.namelist():
     common.ZipClose(package_zip)
     return

tools/releasetools/check_target_files_vintf.py

diff --git a/tools/releasetools/check_target_files_vintf.py b/tools/releasetools/check_target_files_vintf.py
index 0edefac..3c2406c 100755
--- a/tools/releasetools/check_target_files_vintf.py
+++ b/tools/releasetools/check_target_files_vintf.py
@@ -252,7 +252,7 @@
     if os.path.isdir(target_files):
       return os.path.isdir(os.path.join(target_files, "VENDOR"))
     if zipfile.is_zipfile(target_files):
-      return HasPartition(zipfile.ZipFile(target_files), "vendor")
+      return HasPartition(zipfile.ZipFile(target_files, allowZip64=True), "vendor")
     raise ValueError("Unknown target_files argument")
 
   return (HasVendorPartition(target_files) and

tools/releasetools/common.py

diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index c77d8c6..f256900 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -814,6 +814,15 @@
     props._LoadBuildProp(data)
     return props
 
+  @staticmethod
+  def FromBuildPropFile(name, build_prop_file):
+    """Constructs an instance from a build prop file."""
+
+    props = PartitionBuildProps("unknown", name)
+    with open(build_prop_file) as f:
+      props._LoadBuildProp(f.read())
+    return props
+
   def _LoadBuildProp(self, data):
     for line in data.split('\n'):
       line = line.strip()
@@ -1568,7 +1577,7 @@
   cmd = ["unzip", "-o", "-q", filename, "-d", dirname]
   if patterns is not None:
     # Filter out non-matching patterns. unzip will complain otherwise.
-    with zipfile.ZipFile(filename) as input_zip:
+    with zipfile.ZipFile(filename, allowZip64=True) as input_zip:
       names = input_zip.namelist()
     filtered = [
         pattern for pattern in patterns if fnmatch.filter(names, pattern)]

tools/releasetools/ota_from_target_files.py

diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index 2833397..18b2b76 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -656,7 +656,7 @@
   target_file = common.MakeTempFile(prefix="targetfiles-", suffix=".zip")
   target_zip = zipfile.ZipFile(target_file, 'w', allowZip64=True)
 
-  with zipfile.ZipFile(input_file, 'r') as input_zip:
+  with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip:
     infolist = input_zip.infolist()
 
   input_tmp = common.UnzipTemp(input_file, UNZIP_PATTERN)
@@ -719,7 +719,7 @@
     The filename of target-files.zip that doesn't contain postinstall config.
   """
   # We should only make a copy if postinstall_config entry exists.
-  with zipfile.ZipFile(input_file, 'r') as input_zip:
+  with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip:
     if POSTINSTALL_CONFIG not in input_zip.namelist():
       return input_file
 
@@ -754,7 +754,7 @@
   target_file = common.MakeTempFile(prefix="targetfiles-", suffix=".zip")
   shutil.copyfile(input_file, target_file)
 
-  with zipfile.ZipFile(input_file) as input_zip:
+  with zipfile.ZipFile(input_file, allowZip64=True) as input_zip:
     namelist = input_zip.namelist()
 
   input_tmp = common.UnzipTemp(input_file, RETROFIT_DAP_UNZIP_PATTERN)
@@ -822,7 +822,7 @@
   else:
     staging_file = output_file
   output_zip = zipfile.ZipFile(staging_file, "w",
-                               compression=zipfile.ZIP_DEFLATED)
+                               compression=zipfile.ZIP_DEFLATED, allowZip64=True)
 
   if source_file is not None:
     assert "ab_partitions" in OPTIONS.source_info_dict, \
@@ -893,7 +893,7 @@
 
   # If dm-verity is supported for the device, copy contents of care_map
   # into A/B OTA package.
-  target_zip = zipfile.ZipFile(target_file, "r")
+  target_zip = zipfile.ZipFile(target_file, "r", allowZip64=True)
   if (target_info.get("verity") == "true" or
           target_info.get("avb_enable") == "true"):
     care_map_list = [x for x in ["care_map.pb", "care_map.txt"] if
@@ -1069,7 +1069,7 @@
   if OPTIONS.extracted_input is not None:
     OPTIONS.info_dict = common.LoadInfoDict(OPTIONS.extracted_input)
   else:
-    with zipfile.ZipFile(args[0], 'r') as input_zip:
+    with zipfile.ZipFile(args[0], 'r', allowZip64=True) as input_zip:
       OPTIONS.info_dict = common.LoadInfoDict(input_zip)
 
   logger.info("--- target info ---")
@@ -1078,7 +1078,7 @@
   # Load the source build dict if applicable.
   if OPTIONS.incremental_source is not None:
     OPTIONS.target_info_dict = OPTIONS.info_dict
-    with zipfile.ZipFile(OPTIONS.incremental_source, 'r') as source_zip:
+    with zipfile.ZipFile(OPTIONS.incremental_source, 'r', allowZip64=True) as source_zip:
       OPTIONS.source_info_dict = common.LoadInfoDict(source_zip)
 
     logger.info("--- source info ---")

tools/releasetools/ota_package_parser.py

diff --git a/tools/releasetools/ota_package_parser.py b/tools/releasetools/ota_package_parser.py
index 331122b..1e733b9 100755
--- a/tools/releasetools/ota_package_parser.py
+++ b/tools/releasetools/ota_package_parser.py
@@ -215,7 +215,7 @@
   logging.basicConfig(level=logging.INFO, format=logging_format)
 
   try:
-    with zipfile.ZipFile(args.ota_package, 'r') as package:
+    with zipfile.ZipFile(args.ota_package, 'r', allowZip64=True) as package:
       package_parser = OtaPackageParser(package)
       package_parser.Analyze()
   except:

tools/releasetools/ota_utils.py

diff --git a/tools/releasetools/ota_utils.py b/tools/releasetools/ota_utils.py
index d444d41..cb0f6e6 100644
--- a/tools/releasetools/ota_utils.py
+++ b/tools/releasetools/ota_utils.py
@@ -14,14 +14,17 @@
 
 import copy
 import itertools
+import logging
 import os
 import zipfile
 
 import ota_metadata_pb2
 from common import (ZipDelete, ZipClose, OPTIONS, MakeTempFile,
                     ZipWriteStr, BuildInfo, LoadDictionaryFromFile,
-                    SignFile, PARTITIONS_WITH_CARE_MAP, PartitionBuildProps)
+                    SignFile, PARTITIONS_WITH_CARE_MAP, PartitionBuildProps,
+                    MakeTempDir, RunAndCheckOutput, ExternalError)
 
+logger = logging.getLogger(__name__)
 
 OPTIONS.no_signing = False
 OPTIONS.force_non_ab = False
@@ -38,6 +41,9 @@
 METADATA_PROTO_NAME = 'META-INF/com/android/metadata.pb'
 UNZIP_PATTERN = ['IMAGES/*', 'META/*', 'OTA/*', 'RADIO/*']
 
+# See sysprop.mk. If file is moved, add new search paths here; don't remove
+# existing search paths.
+RAMDISK_BUILD_PROP_REL_PATHS = ['system/etc/ramdisk/build.prop']
 
 def FinalizeMetadata(metadata, input_file, output_file, needed_property_files):
   """Finalizes the metadata and signs an A/B OTA package.
@@ -62,7 +68,7 @@
 
   def ComputeAllPropertyFiles(input_file, needed_property_files):
     # Write the current metadata entry with placeholders.
-    with zipfile.ZipFile(input_file) as input_zip:
+    with zipfile.ZipFile(input_file, allowZip64=True) as input_zip:
       for property_files in needed_property_files:
         metadata.property_files[property_files.name] = property_files.Compute(
             input_zip)
@@ -70,7 +76,7 @@
 
     if METADATA_NAME in namelist or METADATA_PROTO_NAME in namelist:
       ZipDelete(input_file, [METADATA_NAME, METADATA_PROTO_NAME])
-    output_zip = zipfile.ZipFile(input_file, 'a')
+    output_zip = zipfile.ZipFile(input_file, 'a', allowZip64=True)
     WriteMetadata(metadata, output_zip)
     ZipClose(output_zip)
 
@@ -82,7 +88,7 @@
     return prelim_signing
 
   def FinalizeAllPropertyFiles(prelim_signing, needed_property_files):
-    with zipfile.ZipFile(prelim_signing) as prelim_signing_zip:
+    with zipfile.ZipFile(prelim_signing, allowZip64=True) as prelim_signing_zip:
       for property_files in needed_property_files:
         metadata.property_files[property_files.name] = property_files.Finalize(
             prelim_signing_zip,
@@ -108,7 +114,7 @@
 
   # Replace the METADATA entry.
   ZipDelete(prelim_signing, [METADATA_NAME, METADATA_PROTO_NAME])
-  output_zip = zipfile.ZipFile(prelim_signing, 'a')
+  output_zip = zipfile.ZipFile(prelim_signing, 'a', allowZip64=True)
   WriteMetadata(metadata, output_zip)
   ZipClose(output_zip)
 
@@ -119,7 +125,7 @@
     SignOutput(prelim_signing, output_file)
 
   # Reopen the final signed zip to double check the streaming metadata.
-  with zipfile.ZipFile(output_file) as output_zip:
+  with zipfile.ZipFile(output_file, allowZip64=True) as output_zip:
     for property_files in needed_property_files:
       property_files.Verify(
           output_zip, metadata.property_files[property_files.name].strip())
@@ -363,7 +369,7 @@
       partition_prop_key = "{}.build.prop".format(partition)
       input_file = info_dict[partition_prop_key].input_file
       if isinstance(input_file, zipfile.ZipFile):
-        with zipfile.ZipFile(input_file.filename) as input_zip:
+        with zipfile.ZipFile(input_file.filename, allowZip64=True) as input_zip:
           info_dict[partition_prop_key] = \
               PartitionBuildProps.FromInputFile(input_zip, partition,
                                                 placeholder_values)
@@ -561,3 +567,55 @@
 
   SignFile(temp_zip_name, output_zip_name, OPTIONS.package_key, pw,
            whole_file=True)
+
+
+def GetBootImageTimestamp(boot_img):
+  """
+  Get timestamp from ramdisk within the boot image
+
+  Args:
+    boot_img: the boot image file. Ramdisk must be compressed with lz4 format.
+
+  Return:
+    An integer that corresponds to the timestamp of the boot image, or None
+    if file has unknown format. Raise exception if an unexpected error has
+    occurred.
+  """
+
+  tmp_dir = MakeTempDir('boot_', suffix='.img')
+  try:
+    RunAndCheckOutput(['unpack_bootimg', '--boot_img', boot_img, '--out', tmp_dir])
+    ramdisk = os.path.join(tmp_dir, 'ramdisk')
+    if not os.path.isfile(ramdisk):
+      logger.warning('Unable to get boot image timestamp: no ramdisk in boot')
+      return None
+    uncompressed_ramdisk = os.path.join(tmp_dir, 'uncompressed_ramdisk')
+    RunAndCheckOutput(['lz4', '-d', ramdisk, uncompressed_ramdisk])
+
+    abs_uncompressed_ramdisk = os.path.abspath(uncompressed_ramdisk)
+    extracted_ramdisk = MakeTempDir('extracted_ramdisk')
+    # Use "toybox cpio" instead of "cpio" because the latter invokes cpio from
+    # the host environment.
+    RunAndCheckOutput(['toybox', 'cpio', '-F', abs_uncompressed_ramdisk, '-i'],
+               cwd=extracted_ramdisk)
+
+    prop_file = None
+    for search_path in RAMDISK_BUILD_PROP_REL_PATHS:
+      prop_file = os.path.join(extracted_ramdisk, search_path)
+      if os.path.isfile(prop_file):
+        break
+      logger.warning('Unable to get boot image timestamp: no %s in ramdisk', search_path)
+
+    if not prop_file:
+      return None
+
+    props = PartitionBuildProps.FromBuildPropFile('boot', prop_file)
+    timestamp = props.GetProp('ro.bootimage.build.date.utc')
+    if timestamp:
+      return int(timestamp)
+    logger.warning('Unable to get boot image timestamp: ro.bootimage.build.date.utc is undefined')
+    return None
+
+  except ExternalError as e:
+    logger.warning('Unable to get boot image timestamp: %s', e)
+    return None

tools/releasetools/sign_target_files_apks.py

diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index b4646b7..220f519 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -813,7 +813,7 @@
     keys: A list of public keys to use during OTA package verification.
   """
   temp_file = io.BytesIO()
-  certs_zip = zipfile.ZipFile(temp_file, "w")
+  certs_zip = zipfile.ZipFile(temp_file, "w", allowZip64=True)
   for k in keys:
     common.ZipWrite(certs_zip, k)
   common.ZipClose(certs_zip)
@@ -1294,7 +1294,7 @@
 
   common.InitLogging()
 
-  input_zip = zipfile.ZipFile(args[0], "r")
+  input_zip = zipfile.ZipFile(args[0], "r", allowZip64=True)
   output_zip = zipfile.ZipFile(args[1], "w",
                                compression=zipfile.ZIP_DEFLATED,
                                allowZip64=True)

tools/releasetools/test_add_img_to_target_files.py

diff --git a/tools/releasetools/test_add_img_to_target_files.py b/tools/releasetools/test_add_img_to_target_files.py
index efa60b6..6b7a7db 100644
--- a/tools/releasetools/test_add_img_to_target_files.py
+++ b/tools/releasetools/test_add_img_to_target_files.py
@@ -93,10 +93,10 @@
 
     # Set up the output zip.
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       AddPackRadioImages(output_zip, images)
 
-    with zipfile.ZipFile(output_file, 'r') as verify_zip:
+    with zipfile.ZipFile(output_file, 'r', allowZip64=True) as verify_zip:
       for image in images:
         self.assertIn('IMAGES/' + image + '.img', verify_zip.namelist())
 
@@ -344,12 +344,12 @@
     image_paths = self._test_AddCareMapForAbOta()
 
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       AddCareMapForAbOta(output_zip, ['system', 'vendor'], image_paths)
 
     care_map_name = "META/care_map.pb"
     temp_dir = common.MakeTempDir()
-    with zipfile.ZipFile(output_file, 'r') as verify_zip:
+    with zipfile.ZipFile(output_file, 'r', allowZip64=True) as verify_zip:
       self.assertTrue(care_map_name in verify_zip.namelist())
       verify_zip.extract(care_map_name, path=temp_dir)
 
@@ -367,7 +367,7 @@
     image_paths = self._test_AddCareMapForAbOta()
 
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       # Create an existing META/care_map.pb entry.
       common.ZipWriteStr(output_zip, 'META/care_map.pb',
                          'fake care_map.pb')

tools/releasetools/test_apex_utils.py

diff --git a/tools/releasetools/test_apex_utils.py b/tools/releasetools/test_apex_utils.py
index 339ddc7..71f6433 100644
--- a/tools/releasetools/test_apex_utils.py
+++ b/tools/releasetools/test_apex_utils.py
@@ -174,8 +174,8 @@
   @test_utils.SkipIfExternalToolsUnavailable()
   def test_ApexApkSigner_noAssetDir(self):
     no_asset = common.MakeTempFile(suffix='.apex')
-    with zipfile.ZipFile(no_asset, 'w') as output_zip:
-      with zipfile.ZipFile(self.apex_with_apk, 'r') as input_zip:
+    with zipfile.ZipFile(no_asset, 'w', allowZip64=True) as output_zip:
+      with zipfile.ZipFile(self.apex_with_apk, 'r', allowZip64=True) as input_zip:
         name_list = input_zip.namelist()
         for name in name_list:
           if not name.startswith('assets'):

tools/releasetools/test_common.py

diff --git a/tools/releasetools/test_common.py b/tools/releasetools/test_common.py
index 81ee53d..22fc85a 100644
--- a/tools/releasetools/test_common.py
+++ b/tools/releasetools/test_common.py
@@ -363,7 +363,7 @@
       self.assertEqual(int(expected_stat.st_mtime), int(new_stat.st_mtime))
 
     # Reopen the zip file to verify.
-    zip_file = zipfile.ZipFile(zip_file_name, "r")
+    zip_file = zipfile.ZipFile(zip_file_name, "r", allowZip64=True)
 
     # Verify the timestamp.
     info = zip_file.getinfo(arcname)
@@ -399,7 +399,7 @@
       arcname = arcname[1:]
 
     zip_file.close()
-    zip_file = zipfile.ZipFile(zip_file_name, "w")
+    zip_file = zipfile.ZipFile(zip_file_name, "w", allowZip64=True)
 
     try:
       sha1_hash = sha1()
@@ -431,7 +431,7 @@
     zip_file_name = zip_file.name
     zip_file.close()
 
-    zip_file = zipfile.ZipFile(zip_file_name, "w")
+    zip_file = zipfile.ZipFile(zip_file_name, "w", allowZip64=True)
 
     try:
       expected_compress_type = extra_args.get("compress_type",
@@ -475,7 +475,7 @@
       arcname_large = arcname_large[1:]
 
     zip_file.close()
-    zip_file = zipfile.ZipFile(zip_file_name, "w")
+    zip_file = zipfile.ZipFile(zip_file_name, "w", allowZip64=True)
 
     try:
       sha1_hash = sha1()
@@ -599,7 +599,7 @@
 
     try:
       random_string = os.urandom(1024)
-      zip_file = zipfile.ZipFile(zip_file_name, "w")
+      zip_file = zipfile.ZipFile(zip_file_name, "w", allowZip64=True)
       # Default perms should be 0o644 when passing the filename.
       common.ZipWriteStr(zip_file, "foo", random_string)
       # Honor the specified perms.
@@ -644,7 +644,7 @@
 
     try:
       common.ZipDelete(zip_file.name, 'Test2')
-      with zipfile.ZipFile(zip_file.name, 'r') as check_zip:
+      with zipfile.ZipFile(zip_file.name, 'r', allowZip64=True) as check_zip:
         entries = check_zip.namelist()
         self.assertTrue('Test1' in entries)
         self.assertFalse('Test2' in entries)
@@ -652,21 +652,21 @@
 
       self.assertRaises(
           common.ExternalError, common.ZipDelete, zip_file.name, 'Test2')
-      with zipfile.ZipFile(zip_file.name, 'r') as check_zip:
+      with zipfile.ZipFile(zip_file.name, 'r', allowZip64=True) as check_zip:
         entries = check_zip.namelist()
         self.assertTrue('Test1' in entries)
         self.assertFalse('Test2' in entries)
         self.assertTrue('Test3' in entries)
 
       common.ZipDelete(zip_file.name, ['Test3'])
-      with zipfile.ZipFile(zip_file.name, 'r') as check_zip:
+      with zipfile.ZipFile(zip_file.name, 'r', allowZip64=True) as check_zip:
         entries = check_zip.namelist()
         self.assertTrue('Test1' in entries)
         self.assertFalse('Test2' in entries)
         self.assertFalse('Test3' in entries)
 
       common.ZipDelete(zip_file.name, ['Test1', 'Test2'])
-      with zipfile.ZipFile(zip_file.name, 'r') as check_zip:
+      with zipfile.ZipFile(zip_file.name, 'r', allowZip64=True) as check_zip:
         entries = check_zip.namelist()
         self.assertFalse('Test1' in entries)
         self.assertFalse('Test2' in entries)
@@ -834,7 +834,7 @@
     if additional is None:
       additional = []
     target_files = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.writestr('META/apkcerts.txt', apkcerts_txt)
       for entry in additional:
         target_files_zip.writestr(entry, '')
@@ -842,7 +842,7 @@
 
   def test_ReadApkCerts_NoncompressedApks(self):
     target_files = self._write_apkcerts_txt(self.APKCERTS_TXT1)
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       certmap, ext = common.ReadApkCerts(input_zip)
 
     self.assertDictEqual(self.APKCERTS_CERTMAP1, certmap)
@@ -855,7 +855,7 @@
         self.APKCERTS_TXT2,
         ['Compressed1.apk.gz', 'Compressed3.apk'])
 
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       certmap, ext = common.ReadApkCerts(input_zip)
 
     self.assertDictEqual(self.APKCERTS_CERTMAP2, certmap)
@@ -865,7 +865,7 @@
     target_files = self._write_apkcerts_txt(
         self.APKCERTS_TXT3, ['Compressed4.apk.xz'])
 
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       certmap, ext = common.ReadApkCerts(input_zip)
 
     self.assertDictEqual(self.APKCERTS_CERTMAP3, certmap)
@@ -876,7 +876,7 @@
         self.APKCERTS_TXT1 + self.APKCERTS_TXT2,
         ['Compressed1.apk.gz', 'Compressed3.apk'])
 
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       certmap, ext = common.ReadApkCerts(input_zip)
 
     certmap_merged = self.APKCERTS_CERTMAP1.copy()
@@ -889,7 +889,7 @@
         self.APKCERTS_TXT2 + self.APKCERTS_TXT3,
         ['Compressed1.apk.gz', 'Compressed4.apk.xz'])
 
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       self.assertRaises(ValueError, common.ReadApkCerts, input_zip)
 
   def test_ReadApkCerts_MismatchingKeys(self):
@@ -899,12 +899,12 @@
     )
     target_files = self._write_apkcerts_txt(malformed_apkcerts_txt)
 
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       self.assertRaises(ValueError, common.ReadApkCerts, input_zip)
 
   def test_ReadApkCerts_WithWithoutOptionalFields(self):
     target_files = self._write_apkcerts_txt(self.APKCERTS_TXT4)
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       certmap, ext = common.ReadApkCerts(input_zip)
 
     self.assertDictEqual(self.APKCERTS_CERTMAP4, certmap)
@@ -973,7 +973,7 @@
   @test_utils.SkipIfExternalToolsUnavailable()
   def test_GetSparseImage_emptyBlockMapFile(self):
     target_files = common.MakeTempFile(prefix='target_files-', suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.write(
           test_utils.construct_sparse_image([
               (0xCAC1, 6),
@@ -985,7 +985,7 @@
       target_files_zip.writestr('SYSTEM/file2', os.urandom(4096 * 3))
 
     tempdir = common.UnzipTemp(target_files)
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       sparse_image = common.GetSparseImage('system', tempdir, input_zip, False)
 
     self.assertDictEqual(
@@ -1006,7 +1006,7 @@
   @test_utils.SkipIfExternalToolsUnavailable()
   def test_GetSparseImage_missingBlockMapFile(self):
     target_files = common.MakeTempFile(prefix='target_files-', suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.write(
           test_utils.construct_sparse_image([
               (0xCAC1, 6),
@@ -1017,7 +1017,7 @@
       target_files_zip.writestr('SYSTEM/file2', os.urandom(4096 * 3))
 
     tempdir = common.UnzipTemp(target_files)
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       self.assertRaises(
           AssertionError, common.GetSparseImage, 'system', tempdir, input_zip,
           False)
@@ -1026,7 +1026,7 @@
   def test_GetSparseImage_sharedBlocks_notAllowed(self):
     """Tests the case of having overlapping blocks but disallowed."""
     target_files = common.MakeTempFile(prefix='target_files-', suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.write(
           test_utils.construct_sparse_image([(0xCAC2, 16)]),
           arcname='IMAGES/system.img')
@@ -1040,7 +1040,7 @@
       target_files_zip.writestr('SYSTEM/file2', os.urandom(4096 * 3))
 
     tempdir = common.UnzipTemp(target_files)
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       self.assertRaises(
           AssertionError, common.GetSparseImage, 'system', tempdir, input_zip,
           False)
@@ -1049,7 +1049,7 @@
   def test_GetSparseImage_sharedBlocks_allowed(self):
     """Tests the case for target using BOARD_EXT4_SHARE_DUP_BLOCKS := true."""
     target_files = common.MakeTempFile(prefix='target_files-', suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       # Construct an image with a care_map of "0-5 9-12".
       target_files_zip.write(
           test_utils.construct_sparse_image([(0xCAC2, 16)]),
@@ -1064,7 +1064,7 @@
       target_files_zip.writestr('SYSTEM/file2', os.urandom(4096 * 3))
 
     tempdir = common.UnzipTemp(target_files)
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       sparse_image = common.GetSparseImage('system', tempdir, input_zip, True)
 
     self.assertDictEqual(
@@ -1094,7 +1094,7 @@
   def test_GetSparseImage_incompleteRanges(self):
     """Tests the case of ext4 images with holes."""
     target_files = common.MakeTempFile(prefix='target_files-', suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.write(
           test_utils.construct_sparse_image([(0xCAC2, 16)]),
           arcname='IMAGES/system.img')
@@ -1108,7 +1108,7 @@
       target_files_zip.writestr('SYSTEM/file2', os.urandom(4096 * 3))
 
     tempdir = common.UnzipTemp(target_files)
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       sparse_image = common.GetSparseImage('system', tempdir, input_zip, False)
 
     self.assertEqual(
@@ -1119,7 +1119,7 @@
   @test_utils.SkipIfExternalToolsUnavailable()
   def test_GetSparseImage_systemRootImage_filenameWithExtraLeadingSlash(self):
     target_files = common.MakeTempFile(prefix='target_files-', suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.write(
           test_utils.construct_sparse_image([(0xCAC2, 16)]),
           arcname='IMAGES/system.img')
@@ -1136,7 +1136,7 @@
       target_files_zip.writestr('SYSTEM/app/file3', os.urandom(4096 * 4))
 
     tempdir = common.UnzipTemp(target_files)
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       sparse_image = common.GetSparseImage('system', tempdir, input_zip, False)
 
     self.assertEqual(
@@ -1149,7 +1149,7 @@
   @test_utils.SkipIfExternalToolsUnavailable()
   def test_GetSparseImage_systemRootImage_nonSystemFiles(self):
     target_files = common.MakeTempFile(prefix='target_files-', suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.write(
           test_utils.construct_sparse_image([(0xCAC2, 16)]),
           arcname='IMAGES/system.img')
@@ -1163,7 +1163,7 @@
       target_files_zip.writestr('ROOT/init.rc', os.urandom(4096 * 4))
 
     tempdir = common.UnzipTemp(target_files)
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       sparse_image = common.GetSparseImage('system', tempdir, input_zip, False)
 
     self.assertEqual(
@@ -1174,7 +1174,7 @@
   @test_utils.SkipIfExternalToolsUnavailable()
   def test_GetSparseImage_fileNotFound(self):
     target_files = common.MakeTempFile(prefix='target_files-', suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.write(
           test_utils.construct_sparse_image([(0xCAC2, 16)]),
           arcname='IMAGES/system.img')
@@ -1186,7 +1186,7 @@
       target_files_zip.writestr('SYSTEM/file1', os.urandom(4096 * 7))
 
     tempdir = common.UnzipTemp(target_files)
-    with zipfile.ZipFile(target_files, 'r') as input_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as input_zip:
       self.assertRaises(
           AssertionError, common.GetSparseImage, 'system', tempdir, input_zip,
           False)
@@ -1274,7 +1274,7 @@
   @staticmethod
   def _test_LoadInfoDict_createTargetFiles(info_dict, fstab_path):
     target_files = common.MakeTempFile(prefix='target_files-', suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       info_values = ''.join(
           ['{}={}\n'.format(k, v) for k, v in sorted(info_dict.items())])
       common.ZipWriteStr(target_files_zip, 'META/misc_info.txt', info_values)
@@ -1294,7 +1294,7 @@
     target_files = self._test_LoadInfoDict_createTargetFiles(
         self.INFO_DICT_DEFAULT,
         'BOOT/RAMDISK/system/etc/recovery.fstab')
-    with zipfile.ZipFile(target_files, 'r') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as target_files_zip:
       loaded_dict = common.LoadInfoDict(target_files_zip)
       self.assertEqual(3, loaded_dict['recovery_api_version'])
       self.assertEqual(2, loaded_dict['fstab_version'])
@@ -1305,7 +1305,7 @@
     target_files = self._test_LoadInfoDict_createTargetFiles(
         self.INFO_DICT_DEFAULT,
         'BOOT/RAMDISK/etc/recovery.fstab')
-    with zipfile.ZipFile(target_files, 'r') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as target_files_zip:
       loaded_dict = common.LoadInfoDict(target_files_zip)
       self.assertEqual(3, loaded_dict['recovery_api_version'])
       self.assertEqual(2, loaded_dict['fstab_version'])
@@ -1346,7 +1346,7 @@
     target_files = self._test_LoadInfoDict_createTargetFiles(
         info_dict,
         'RECOVERY/RAMDISK/system/etc/recovery.fstab')
-    with zipfile.ZipFile(target_files, 'r') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as target_files_zip:
       loaded_dict = common.LoadInfoDict(target_files_zip)
       self.assertEqual(3, loaded_dict['recovery_api_version'])
       self.assertEqual(2, loaded_dict['fstab_version'])
@@ -1362,7 +1362,7 @@
     target_files = self._test_LoadInfoDict_createTargetFiles(
         info_dict,
         'RECOVERY/RAMDISK/system/etc/recovery.fstab')
-    with zipfile.ZipFile(target_files, 'r') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as target_files_zip:
       loaded_dict = common.LoadInfoDict(target_files_zip)
       self.assertEqual(3, loaded_dict['recovery_api_version'])
       self.assertEqual(2, loaded_dict['fstab_version'])
@@ -1376,7 +1376,7 @@
     target_files = self._test_LoadInfoDict_createTargetFiles(
         info_dict,
         'RECOVERY/RAMDISK/system/etc/recovery.fstab')
-    with zipfile.ZipFile(target_files, 'r') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as target_files_zip:
       loaded_dict = common.LoadInfoDict(target_files_zip)
       self.assertEqual(3, loaded_dict['recovery_api_version'])
       self.assertEqual(2, loaded_dict['fstab_version'])
@@ -1388,7 +1388,7 @@
         self.INFO_DICT_DEFAULT,
         'BOOT/RAMDISK/system/etc/recovery.fstab')
     common.ZipDelete(target_files, 'META/misc_info.txt')
-    with zipfile.ZipFile(target_files, 'r') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as target_files_zip:
       self.assertRaises(ValueError, common.LoadInfoDict, target_files_zip)
 
   @test_utils.SkipIfExternalToolsUnavailable()
@@ -1412,7 +1412,7 @@
     target_files = self._test_LoadInfoDict_createTargetFiles(
         self.INFO_DICT_DEFAULT,
         'BOOT/RAMDISK/system/etc/recovery.fstab')
-    with zipfile.ZipFile(target_files, 'r') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'r', allowZip64=True) as target_files_zip:
       self.assertRaises(
           AssertionError, common.LoadInfoDict, target_files_zip, True)
 
@@ -1704,7 +1704,7 @@
 
   @staticmethod
   def get_op_list(output_path):
-    with zipfile.ZipFile(output_path) as output_zip:
+    with zipfile.ZipFile(output_path, allowZip64=True) as output_zip:
       with output_zip.open('dynamic_partitions_op_list') as op_list:
         return [line.decode().strip() for line in op_list.readlines()
                 if not line.startswith(b'#')]
@@ -1724,7 +1724,7 @@
                    MockBlockDifference("vendor", FakeSparseImage(1 * GiB))]
 
     dp_diff = common.DynamicPartitionsDifference(target_info, block_diffs)
-    with zipfile.ZipFile(self.output_path, 'w') as output_zip:
+    with zipfile.ZipFile(self.output_path, 'w', allowZip64=True) as output_zip:
       dp_diff.WriteScript(self.script, output_zip, write_verify_script=True)
 
     self.assertEqual(str(self.script).strip(), """
@@ -1772,7 +1772,7 @@
     dp_diff = common.DynamicPartitionsDifference(target_info,
                                                  block_diffs=[],
                                                  source_info_dict=source_info)
-    with zipfile.ZipFile(self.output_path, 'w') as output_zip:
+    with zipfile.ZipFile(self.output_path, 'w', allowZip64=True) as output_zip:
       dp_diff.WriteScript(self.script, output_zip, write_verify_script=True)
 
     lines = self.get_op_list(self.output_path)
@@ -1816,7 +1816,7 @@
 
     dp_diff = common.DynamicPartitionsDifference(target_info, block_diffs,
                                                  source_info_dict=source_info)
-    with zipfile.ZipFile(self.output_path, 'w') as output_zip:
+    with zipfile.ZipFile(self.output_path, 'w', allowZip64=True) as output_zip:
       dp_diff.WriteScript(self.script, output_zip, write_verify_script=True)
 
     metadata_idx = self.script.lines.index(
@@ -1887,7 +1887,7 @@
 
     dp_diff = common.DynamicPartitionsDifference(target_info, block_diffs,
                                                  source_info_dict=source_info)
-    with zipfile.ZipFile(self.output_path, 'w') as output_zip:
+    with zipfile.ZipFile(self.output_path, 'w', allowZip64=True) as output_zip:
       dp_diff.WriteScript(self.script, output_zip, write_verify_script=True)
 
     self.assertNotIn("block_image_update", str(self.script),
@@ -1910,7 +1910,7 @@
   @staticmethod
   def _BuildZipFile(entries):
     input_file = common.MakeTempFile(prefix='target_files-', suffix='.zip')
-    with zipfile.ZipFile(input_file, 'w') as input_zip:
+    with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
       for name, content in entries.items():
         input_zip.writestr(name, content)
 
@@ -1927,7 +1927,7 @@
         'ODM/etc/build.prop': '\n'.join(build_prop),
     })
 
-    with zipfile.ZipFile(input_file, 'r') as input_zip:
+    with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip:
       placeholder_values = {
           'ro.boot.product.device_name': ['std', 'pro']
       }
@@ -1959,7 +1959,7 @@
         'ODM/etc/build_pro.prop': '\n'.join(build_pro_prop),
     })
 
-    with zipfile.ZipFile(input_file, 'r') as input_zip:
+    with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip:
       placeholder_values = {
           'ro.boot.product.device_name': 'std'
       }
@@ -1974,7 +1974,7 @@
       'ro.product.odm.name': 'product1',
     }, partition_props.build_props)
 
-    with zipfile.ZipFile(input_file, 'r') as input_zip:
+    with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip:
       placeholder_values = {
           'ro.boot.product.device_name': 'pro'
       }
@@ -1995,7 +1995,7 @@
         'ODM/etc/build.prop': '\n'.join(build_prop),
     })
 
-    with zipfile.ZipFile(input_file, 'r') as input_zip:
+    with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip:
       partition_props = common.PartitionBuildProps.FromInputFile(
           input_zip, 'odm')
 
@@ -2038,7 +2038,7 @@
         'ODM/etc/build_product2.prop': '\n'.join(product2_prop),
     })
 
-    with zipfile.ZipFile(input_file, 'r') as input_zip:
+    with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip:
       placeholder_values = {
           'ro.boot.product.device_name': 'std',
           'ro.boot.product.product_name': 'product1',
@@ -2055,7 +2055,7 @@
         'ro.product.odm.name': 'product1'
     }, partition_props.build_props)
 
-    with zipfile.ZipFile(input_file, 'r') as input_zip:
+    with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip:
       placeholder_values = {
           'ro.boot.product.device_name': 'pro',
           'ro.boot.product.product_name': 'product2',
@@ -2089,7 +2089,7 @@
         'ODM/etc/build_pro.prop': '\n'.join(build_pro_prop),
     })
 
-    with zipfile.ZipFile(input_file, 'r') as input_zip:
+    with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip:
       placeholder_values = {
           'ro.boot.product.device_name': 'std',
       }
@@ -2126,7 +2126,7 @@
         'ODM/etc/build_product2.prop': '\n'.join(product2_prop),
     })
 
-    with zipfile.ZipFile(input_file, 'r') as input_zip:
+    with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip:
       placeholder_values = {
           'ro.boot.product.device_name': 'std',
           'ro.boot.product.product_name': 'product1',

tools/releasetools/test_ota_from_target_files.py

diff --git a/tools/releasetools/test_ota_from_target_files.py b/tools/releasetools/test_ota_from_target_files.py
index 84cd4c8..f96bc7b 100644
--- a/tools/releasetools/test_ota_from_target_files.py
+++ b/tools/releasetools/test_ota_from_target_files.py
@@ -37,7 +37,7 @@
 def construct_target_files(secondary=False):
   """Returns a target-files.zip file for generating OTA packages."""
   target_files = common.MakeTempFile(prefix='target_files-', suffix='.zip')
-  with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+  with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
     # META/update_engine_config.txt
     target_files_zip.writestr(
         'META/update_engine_config.txt',
@@ -417,7 +417,7 @@
         'super_google_dynamic_partitions_partition_list=system vendor product',
     ])
 
-    with zipfile.ZipFile(input_file, 'a') as append_zip:
+    with zipfile.ZipFile(input_file, 'a', allowZip64=True) as append_zip:
       common.ZipWriteStr(append_zip, 'META/misc_info.txt', misc_info)
       common.ZipWriteStr(append_zip, 'META/dynamic_partitions_info.txt',
                          dynamic_partitions_info)
@@ -472,7 +472,7 @@
     zip_file = PropertyFilesTest.construct_zip_package(entries)
     # Add a large entry of 1 GiB if requested.
     if large_entry:
-      with zipfile.ZipFile(zip_file, 'a') as zip_fp:
+      with zipfile.ZipFile(zip_file, 'a', allowZip64=True) as zip_fp:
         zip_fp.writestr(
             # Using 'zoo' so that the entry stays behind others after signing.
             'zoo',
@@ -514,7 +514,7 @@
         'optional-entry2',
     ]
     zip_file = PropertyFilesTest.construct_zip_package(entries)
-    with zipfile.ZipFile(zip_file, 'a') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'a', allowZip64=True) as zip_fp:
       zip_fp.writestr(
           # 'foo-entry1' will appear ahead of all other entries (in alphabetical
           # order) after the signing, which will in turn trigger the
@@ -558,7 +558,7 @@
     )
     zip_file = self.construct_zip_package(entries)
     property_files = TestPropertyFiles()
-    with zipfile.ZipFile(zip_file, 'r') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'r', allowZip64=True) as zip_fp:
       property_files_string = property_files.Compute(zip_fp)
 
     tokens = self._parse_property_files_string(property_files_string)
@@ -574,7 +574,7 @@
     )
     zip_file = self.construct_zip_package(entries)
     property_files = TestPropertyFiles()
-    with zipfile.ZipFile(zip_file, 'r') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'r', allowZip64=True) as zip_fp:
       property_files_string = property_files.Compute(zip_fp)
 
     tokens = self._parse_property_files_string(property_files_string)
@@ -587,7 +587,7 @@
     )
     zip_file = self.construct_zip_package(entries)
     property_files = TestPropertyFiles()
-    with zipfile.ZipFile(zip_file, 'r') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'r', allowZip64=True) as zip_fp:
       self.assertRaises(KeyError, property_files.Compute, zip_fp)
 
   @test_utils.SkipIfExternalToolsUnavailable()
@@ -600,7 +600,7 @@
     ]
     zip_file = self.construct_zip_package(entries)
     property_files = TestPropertyFiles()
-    with zipfile.ZipFile(zip_file, 'r') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'r', allowZip64=True) as zip_fp:
       raw_metadata = property_files.GetPropertyFilesString(
           zip_fp, reserve_space=False)
       streaming_metadata = property_files.Finalize(zip_fp, len(raw_metadata))
@@ -625,7 +625,7 @@
     )
     zip_file = self.construct_zip_package(entries)
     property_files = TestPropertyFiles()
-    with zipfile.ZipFile(zip_file, 'r') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'r', allowZip64=True) as zip_fp:
       # First get the raw metadata string (i.e. without padding space).
       raw_metadata = property_files.GetPropertyFilesString(
           zip_fp, reserve_space=False)
@@ -660,7 +660,7 @@
     )
     zip_file = self.construct_zip_package(entries)
     property_files = TestPropertyFiles()
-    with zipfile.ZipFile(zip_file, 'r') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'r', allowZip64=True) as zip_fp:
       # First get the raw metadata string (i.e. without padding space).
       raw_metadata = property_files.GetPropertyFilesString(
           zip_fp, reserve_space=False)
@@ -702,7 +702,7 @@
     )
     zip_file = self.construct_zip_package(entries)
     property_files = StreamingPropertyFiles()
-    with zipfile.ZipFile(zip_file, 'r') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'r', allowZip64=True) as zip_fp:
       property_files_string = property_files.Compute(zip_fp)
 
     tokens = self._parse_property_files_string(property_files_string)
@@ -720,7 +720,7 @@
     ]
     zip_file = self.construct_zip_package(entries)
     property_files = StreamingPropertyFiles()
-    with zipfile.ZipFile(zip_file, 'r') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'r', allowZip64=True) as zip_fp:
       raw_metadata = property_files.GetPropertyFilesString(
           zip_fp, reserve_space=False)
       streaming_metadata = property_files.Finalize(zip_fp, len(raw_metadata))
@@ -744,7 +744,7 @@
     )
     zip_file = self.construct_zip_package(entries)
     property_files = StreamingPropertyFiles()
-    with zipfile.ZipFile(zip_file, 'r') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'r', allowZip64=True) as zip_fp:
       # First get the raw metadata string (i.e. without padding space).
       raw_metadata = property_files.GetPropertyFilesString(
           zip_fp, reserve_space=False)
@@ -802,7 +802,7 @@
     payload.Sign(payload_signer)
 
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       payload.WriteToZip(output_zip)
 
     # Find out the payload metadata offset and size.
@@ -867,7 +867,7 @@
     payload.Sign(payload_signer)
 
     zip_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(zip_file, 'w') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'w', allowZip64=True) as zip_fp:
       # 'payload.bin',
       payload.WriteToZip(zip_fp)
 
@@ -889,7 +889,7 @@
   def test_Compute(self):
     zip_file = self.construct_zip_package_withValidPayload()
     property_files = AbOtaPropertyFiles()
-    with zipfile.ZipFile(zip_file, 'r') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'r', allowZip64=True) as zip_fp:
       property_files_string = property_files.Compute(zip_fp)
 
     tokens = self._parse_property_files_string(property_files_string)
@@ -903,7 +903,7 @@
   def test_Finalize(self):
     zip_file = self.construct_zip_package_withValidPayload(with_metadata=True)
     property_files = AbOtaPropertyFiles()
-    with zipfile.ZipFile(zip_file, 'r') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'r', allowZip64=True) as zip_fp:
       raw_metadata = property_files.GetPropertyFilesString(
           zip_fp, reserve_space=False)
       property_files_string = property_files.Finalize(
@@ -920,7 +920,7 @@
   def test_Verify(self):
     zip_file = self.construct_zip_package_withValidPayload(with_metadata=True)
     property_files = AbOtaPropertyFiles()
-    with zipfile.ZipFile(zip_file, 'r') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'r', allowZip64=True) as zip_fp:
       raw_metadata = property_files.GetPropertyFilesString(
           zip_fp, reserve_space=False)
 
@@ -1087,7 +1087,7 @@
     payload.Sign(PayloadSigner())
 
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       payload.WriteToZip(output_zip)
 
     import check_ota_package_signature
@@ -1101,7 +1101,7 @@
     payload.Sign(PayloadSigner())
 
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       payload.WriteToZip(output_zip)
 
     import check_ota_package_signature
@@ -1140,7 +1140,7 @@
     payload.Sign(PayloadSigner())
 
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       payload.WriteToZip(output_zip)
 
     with zipfile.ZipFile(output_file) as verify_zip:
@@ -1162,14 +1162,14 @@
     payload = self._create_payload_full()
 
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       self.assertRaises(AssertionError, payload.WriteToZip, output_zip)
 
     # Also test with incremental payload.
     payload = self._create_payload_incremental()
 
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       self.assertRaises(AssertionError, payload.WriteToZip, output_zip)
 
   @test_utils.SkipIfExternalToolsUnavailable()
@@ -1178,7 +1178,7 @@
     payload.Sign(PayloadSigner())
 
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       payload.WriteToZip(output_zip)
 
     with zipfile.ZipFile(output_file) as verify_zip:

tools/releasetools/test_sign_target_files_apks.py

diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py
index 308172f..18e4858 100644
--- a/tools/releasetools/test_sign_target_files_apks.py
+++ b/tools/releasetools/test_sign_target_files_apks.py
@@ -164,15 +164,15 @@
         "veritykeyid=id:d24f2590e9abab5cff5f59da4c4f0366e3f43e94\n")
 
     input_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(input_file, 'w') as input_zip:
+    with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
       input_zip.writestr('BOOT/cmdline', BOOT_CMDLINE1)
 
     # Test with the first certificate.
     cert_file = os.path.join(self.testdata_dir, 'verity.x509.pem')
 
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(input_file, 'r') as input_zip, \
-         zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip, \
+         zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       ReplaceVerityKeyId(input_zip, output_zip, cert_file)
 
     with zipfile.ZipFile(output_file) as output_zip:
@@ -181,8 +181,8 @@
     # Test with the second certificate.
     cert_file = os.path.join(self.testdata_dir, 'testkey.x509.pem')
 
-    with zipfile.ZipFile(input_file, 'r') as input_zip, \
-         zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip, \
+         zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       ReplaceVerityKeyId(input_zip, output_zip, cert_file)
 
     with zipfile.ZipFile(output_file) as output_zip:
@@ -195,12 +195,12 @@
         "loop.max_part=7\n")
 
     input_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(input_file, 'w') as input_zip:
+    with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
       input_zip.writestr('BOOT/cmdline', BOOT_CMDLINE)
 
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(input_file, 'r') as input_zip, \
-         zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(input_file, 'r', allowZip64=True) as input_zip, \
+         zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       ReplaceVerityKeyId(input_zip, output_zip, None)
 
     with zipfile.ZipFile(output_file) as output_zip:
@@ -284,7 +284,7 @@
     ]
     entry_name = 'SYSTEM/etc/security/otacerts.zip'
     output_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(output_file, 'w') as output_zip:
+    with zipfile.ZipFile(output_file, 'w', allowZip64=True) as output_zip:
       WriteOtacerts(output_zip, entry_name, certs)
     with zipfile.ZipFile(output_file) as input_zip:
       self.assertIn(entry_name, input_zip.namelist())
@@ -294,7 +294,7 @@
 
   def test_CheckApkAndApexKeysAvailable(self):
     input_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(input_file, 'w') as input_zip:
+    with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
       input_zip.writestr('SYSTEM/app/App1.apk', "App1-content")
       input_zip.writestr('SYSTEM/app/App2.apk.gz', "App2-content")
 
@@ -318,7 +318,7 @@
 
   def test_CheckApkAndApexKeysAvailable_invalidApexKeys(self):
     input_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(input_file, 'w') as input_zip:
+    with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
       input_zip.writestr('SYSTEM/apex/Apex1.apex', "Apex1-content")
       input_zip.writestr('SYSTEM/apex/Apex2.apex', "Apex2-content")
 
@@ -466,10 +466,10 @@
 
   def test_ReadApexKeysInfo(self):
     target_files = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.writestr('META/apexkeys.txt', self.APEX_KEYS_TXT)
 
-    with zipfile.ZipFile(target_files) as target_files_zip:
+    with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
       keys_info = ReadApexKeysInfo(target_files_zip)
 
     self.assertEqual({
@@ -491,10 +491,10 @@
         'container_private_key="build/make/target/product/security/testkey2.pk8" '
         'partition="system"')
     target_files = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.writestr('META/apexkeys.txt', apex_keys)
 
-    with zipfile.ZipFile(target_files) as target_files_zip:
+    with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
       self.assertRaises(ValueError, ReadApexKeysInfo, target_files_zip)
 
   def test_ReadApexKeysInfo_missingPayloadPrivateKey(self):
@@ -505,10 +505,10 @@
         'container_certificate="build/make/target/product/security/testkey.x509.pem" '
         'container_private_key="build/make/target/product/security/testkey.pk8"')
     target_files = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.writestr('META/apexkeys.txt', apex_keys)
 
-    with zipfile.ZipFile(target_files) as target_files_zip:
+    with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
       keys_info = ReadApexKeysInfo(target_files_zip)
 
     self.assertEqual({
@@ -528,10 +528,10 @@
         'container_certificate="build/make/target/product/security/testkey.x509.pem" '
         'container_private_key="build/make/target/product/security/testkey.pk8"')
     target_files = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.writestr('META/apexkeys.txt', apex_keys)
 
-    with zipfile.ZipFile(target_files) as target_files_zip:
+    with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
       keys_info = ReadApexKeysInfo(target_files_zip)
 
     self.assertEqual({
@@ -551,10 +551,10 @@
         'container_certificate="PRESIGNED" '
         'container_private_key="PRESIGNED"')
     target_files = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.writestr('META/apexkeys.txt', apex_keys)
 
-    with zipfile.ZipFile(target_files) as target_files_zip:
+    with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
       keys_info = ReadApexKeysInfo(target_files_zip)
 
     self.assertEqual({
@@ -574,10 +574,10 @@
         'container_certificate="PRESIGNED" '
         'container_private_key="PRESIGNED"')
     target_files = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
       target_files_zip.writestr('META/apexkeys.txt', apex_keys)
 
-    with zipfile.ZipFile(target_files) as target_files_zip:
+    with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
       keys_info = ReadApexKeysInfo(target_files_zip)
 
     self.assertEqual({

tools/releasetools/test_utils.py

diff --git a/tools/releasetools/test_utils.py b/tools/releasetools/test_utils.py
index 7b7f22a..ccd97a9 100755
--- a/tools/releasetools/test_utils.py
+++ b/tools/releasetools/test_utils.py
@@ -199,7 +199,7 @@
   @staticmethod
   def construct_zip_package(entries):
     zip_file = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(zip_file, 'w') as zip_fp:
+    with zipfile.ZipFile(zip_file, 'w', allowZip64=True) as zip_fp:
       for entry in entries:
         zip_fp.writestr(
             entry,

tools/releasetools/test_validate_target_files.py

diff --git a/tools/releasetools/test_validate_target_files.py b/tools/releasetools/test_validate_target_files.py
index ca70ca8..e9896ae 100644
--- a/tools/releasetools/test_validate_target_files.py
+++ b/tools/releasetools/test_validate_target_files.py
@@ -272,7 +272,7 @@
     input_file = common.MakeTempFile()
     all_entries = ['SYSTEM/', 'SYSTEM/b', 'SYSTEM/a', 'IMAGES/',
                    'IMAGES/system.map', 'IMAGES/system.img']
-    with zipfile.ZipFile(input_file, 'w') as input_zip:
+    with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
       for name in all_entries:
         input_zip.write(os.path.join(input_tmp, name), arcname=name)
 
@@ -321,7 +321,7 @@
     input_file = common.MakeTempFile()
     all_entries = ['SYSTEM/', 'SYSTEM/abc', 'IMAGES/',
                    'IMAGES/system.map', 'IMAGES/system.img']
-    with zipfile.ZipFile(input_file, 'w') as input_zip:
+    with zipfile.ZipFile(input_file, 'w', allowZip64=True) as input_zip:
       for name in all_entries:
         input_zip.write(os.path.join(input_tmp, name), arcname=name)
 

tools/releasetools/validate_target_files.py

diff --git a/tools/releasetools/validate_target_files.py b/tools/releasetools/validate_target_files.py
index 2e3aa74..d2178b2 100755
--- a/tools/releasetools/validate_target_files.py
+++ b/tools/releasetools/validate_target_files.py
@@ -487,7 +487,7 @@
   input_tmp = common.UnzipTemp(args.target_files)
 
   info_dict = common.LoadInfoDict(input_tmp)
-  with zipfile.ZipFile(args.target_files, 'r') as input_zip:
+  with zipfile.ZipFile(args.target_files, 'r', allowZip64=True) as input_zip:
     ValidateFileConsistency(input_zip, input_tmp, info_dict)
 
   CheckBuildPropDuplicity(input_tmp)