Merge changes from topic "init_boot_img"
* changes:
Update releasetools for new init_boot.img
Build a new init_boot.img that contains the boot ramdisk
diff --git a/core/Makefile b/core/Makefile
index 09efca5..4c1ae51 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -2786,6 +2786,19 @@
INTERNAL_SYSTEMIMAGE_FILES += $(call create-partition-compat-symlink,$(TARGET_OUT)/system_ext,/system_ext,system_ext.img)
endif
+# -----------------------------------------------------------------
+# system_dlkm partition image
+
+# Create symlinks for system_dlkm on devices with a system_dlkm partition:
+# /system/lib/modules -> /system_dlkm/lib/modules
+#
+# On devices with a system_dlkm partition,
+# - /system/lib/modules is a symlink to a directory that stores system DLKMs.
+# - The system_dlkm partition is mounted at /system_dlkm at runtime.
+ifdef BOARD_USES_SYSTEM_DLKM_PARTITION
+ INTERNAL_SYSTEMIMAGE_FILES += $(call create-partition-compat-symlink,$(TARGET_OUT)/lib/modules,/system_dlkm/lib/modules,system_dlkm.img)
+endif
+
FULL_SYSTEMIMAGE_DEPS := $(INTERNAL_SYSTEMIMAGE_FILES) $(INTERNAL_USERIMAGES_DEPS)
# ASAN libraries in the system image - add dependency.
diff --git a/core/android_soong_config_vars.mk b/core/android_soong_config_vars.mk
index d24449b..d4bdbbd 100644
--- a/core/android_soong_config_vars.mk
+++ b/core/android_soong_config_vars.mk
@@ -27,6 +27,10 @@
# Add variables to the namespace below:
$(call add_soong_config_var,ANDROID,TARGET_ENABLE_MEDIADRM_64)
+$(call add_soong_config_var,ANDROID,IS_TARGET_MIXED_SEPOLICY)
+ifeq ($(IS_TARGET_MIXED_SEPOLICY),true)
+$(call add_soong_config_var_value,ANDROID,MIXED_SEPOLICY_VERSION,$(BOARD_SEPOLICY_VERS))
+endif
$(call add_soong_config_var,ANDROID,BOARD_USES_ODMIMAGE)
$(call add_soong_config_var,ANDROID,BOARD_USES_RECOVERY_AS_BOOT)
$(call add_soong_config_var,ANDROID,BOARD_BUILD_SYSTEM_ROOT_IMAGE)
diff --git a/core/base_rules.mk b/core/base_rules.mk
index 134cb8f..8a5440f 100644
--- a/core/base_rules.mk
+++ b/core/base_rules.mk
@@ -1055,7 +1055,9 @@
endif
ALL_MODULES.$(my_register_name).FOR_HOST_CROSS := $(my_host_cross)
ALL_MODULES.$(my_register_name).MODULE_NAME := $(LOCAL_MODULE)
-ALL_MODULES.$(my_register_name).COMPATIBILITY_SUITES := $(LOCAL_COMPATIBILITY_SUITE)
+ALL_MODULES.$(my_register_name).COMPATIBILITY_SUITES := \
+ $(ALL_MODULES.$(my_register_name).COMPATIBILITY_SUITES) \
+ $(filter-out $(ALL_MODULES.$(my_register_name).COMPATIBILITY_SUITES),$(LOCAL_COMPATIBILITY_SUITE))
ALL_MODULES.$(my_register_name).TEST_CONFIG := $(test_config)
ALL_MODULES.$(my_register_name).EXTRA_TEST_CONFIGS := $(LOCAL_EXTRA_FULL_TEST_CONFIGS)
ALL_MODULES.$(my_register_name).TEST_MAINLINE_MODULES := $(LOCAL_TEST_MAINLINE_MODULES)
diff --git a/core/config.mk b/core/config.mk
index bfff84e..e146f64 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -840,6 +840,14 @@
BOARD_SEPOLICY_VERS := $(PLATFORM_SEPOLICY_VERSION)
endif
+ifeq ($(BOARD_SEPOLICY_VERS),$(PLATFORM_SEPOLICY_VERSION))
+IS_TARGET_MIXED_SEPOLICY :=
+else
+IS_TARGET_MIXED_SEPOLICY := true
+endif
+
+.KATI_READONLY := IS_TARGET_MIXED_SEPOLICY
+
# A list of SEPolicy versions, besides PLATFORM_SEPOLICY_VERSION, that the framework supports.
PLATFORM_SEPOLICY_COMPAT_VERSIONS := \
28.0 \
diff --git a/core/product_config.mk b/core/product_config.mk
index 0e969fe..a376f74 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -412,7 +412,7 @@
_psmc_modules :=
# Reset ADB keys for non-debuggable builds
-ifeq (,$(filter eng userdebug,$(TARGET_BUILD_VARIANT)),)
+ifeq (,$(filter eng userdebug,$(TARGET_BUILD_VARIANT)))
PRODUCT_ADB_KEYS :=
endif
ifneq ($(filter-out 0 1,$(words $(PRODUCT_ADB_KEYS))),)
diff --git a/core/product_config.rbc b/core/product_config.rbc
index d47cdc0..1ccffcc 100644
--- a/core/product_config.rbc
+++ b/core/product_config.rbc
@@ -755,4 +755,5 @@
setdefault = _setdefault,
shell = rblf_shell,
warning = _mkwarning,
+ words = __words,
)
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 617abdf..07dafc7 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -191,6 +191,10 @@
$(call add_json_list, BoardPlatVendorPolicy, $(BOARD_PLAT_VENDOR_POLICY))
$(call add_json_list, BoardReqdMaskPolicy, $(BOARD_REQD_MASK_POLICY))
+$(call add_json_list, BoardSystemExtPublicPrebuiltDirs, $(BOARD_SYSTEM_EXT_PUBLIC_PREBUILT_DIRS))
+$(call add_json_list, BoardSystemExtPrivatePrebuiltDirs, $(BOARD_SYSTEM_EXT_PRIVATE_PREBUILT_DIRS))
+$(call add_json_list, BoardProductPublicPrebuiltDirs, $(BOARD_PRODUCT_PUBLIC_PREBUILT_DIRS))
+$(call add_json_list, BoardProductPrivatePrebuiltDirs, $(BOARD_PRODUCT_PRIVATE_PREBUILT_DIRS))
$(call add_json_list, BoardVendorSepolicyDirs, $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_SEPOLICY_DIRS))
$(call add_json_list, BoardOdmSepolicyDirs, $(BOARD_ODM_SEPOLICY_DIRS))
$(call add_json_list, BoardVendorDlkmSepolicyDirs, $(BOARD_VENDOR_DLKM_SEPOLICY_DIRS))
diff --git a/core/version_defaults.mk b/core/version_defaults.mk
index 8432513..bf19c5c 100644
--- a/core/version_defaults.mk
+++ b/core/version_defaults.mk
@@ -85,7 +85,7 @@
# It must be of the form "YYYY-MM-DD" on production devices.
# It must match one of the Android Security Patch Level strings of the Public Security Bulletins.
# If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
- PLATFORM_SECURITY_PATCH := 2021-11-05
+ PLATFORM_SECURITY_PATCH := 2021-12-05
endif
.KATI_READONLY := PLATFORM_SECURITY_PATCH
diff --git a/target/product/default_art_config.mk b/target/product/default_art_config.mk
index f98f7e2..1a0fc76 100644
--- a/target/product/default_art_config.mk
+++ b/target/product/default_art_config.mk
@@ -49,6 +49,7 @@
# APEX boot jars. Keep the list sorted by module names and then library names.
# Note: core-icu4j is moved back to PRODUCT_BOOT_JARS in product_config.mk at a later stage.
+# Note: For modules available in Q, DO NOT add new entries here.
PRODUCT_APEX_BOOT_JARS := \
com.android.appsearch:framework-appsearch \
com.android.conscrypt:conscrypt \
@@ -67,6 +68,7 @@
# List of system_server classpath jars delivered via apex.
# Keep the list sorted by module names and then library names.
+# Note: For modules available in Q, DO NOT add new entries here.
PRODUCT_APEX_SYSTEM_SERVER_JARS := \
com.android.appsearch:service-appsearch \
com.android.art:service-art \
@@ -81,6 +83,7 @@
# List of jars delivered via apex that system_server loads dynamically using separate classloaders.
# Keep the list sorted by module names and then library names.
+# Note: For modules available in Q, DO NOT add new entries here.
PRODUCT_APEX_STANDALONE_SYSTEM_SERVER_JARS := \
com.android.os.statsd:service-statsd \
com.android.scheduling:service-scheduling \
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 8b837b8..3f65df1 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -609,7 +609,7 @@
common.ZipWriteStr(output_tf_zip, out_info, new_data)
# Replace the certs in *mac_permissions.xml (there could be multiple, such
- # as {system,vendor}/etc/selinux/{plat,nonplat}_mac_permissions.xml).
+ # as {system,vendor}/etc/selinux/{plat,vendor}_mac_permissions.xml).
elif filename.endswith("mac_permissions.xml"):
print("Rewriting %s with new keys." % (filename,))
new_data = ReplaceCerts(data.decode())
diff --git a/tools/releasetools/test_apex_utils.py b/tools/releasetools/test_apex_utils.py
index ed920f2..2aa6f6c 100644
--- a/tools/releasetools/test_apex_utils.py
+++ b/tools/releasetools/test_apex_utils.py
@@ -198,8 +198,9 @@
# pass `false` as a sign_tool to see the invocation error
with self.assertRaises(common.ExternalError) as cm:
- signer = apex_utils.ApexApkSigner(apex_path, None, None, sign_tool='false')
- signer.ProcessApexFile(apk_keys, self.payload_key)
+ signer = apex_utils.ApexApkSigner(
+ apex_path, None, None, sign_tool='false')
+ signer.ProcessApexFile(apk_keys, self.payload_key)
the_exception = cm.exception
- self.assertIn('Failed to run command \'[\'false\'', the_exception.message)
+ self.assertIn('Failed to run command \'[\'false\'', str(the_exception))
diff --git a/tools/signapk/src/com/android/signapk/SignApk.java b/tools/signapk/src/com/android/signapk/SignApk.java
index 232e119..c127dbe 100644
--- a/tools/signapk/src/com/android/signapk/SignApk.java
+++ b/tools/signapk/src/com/android/signapk/SignApk.java
@@ -204,26 +204,23 @@
* If a console doesn't exist, reads the password from stdin
* If a console exists, reads the password from console and returns it as a string.
*
- * @param keyFile The file containing the private key. Used to prompt the user.
+ * @param keyFileName Name of the file containing the private key. Used to prompt the user.
*/
- private static String readPassword(File keyFile) {
+ private static char[] readPassword(String keyFileName) {
Console console;
- char[] pwd;
if ((console = System.console()) == null) {
- System.out.print("Enter password for " + keyFile + " (password will not be hidden): ");
+ System.out.print(
+ "Enter password for " + keyFileName + " (password will not be hidden): ");
System.out.flush();
BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in));
try {
- return stdin.readLine();
+ String result = stdin.readLine();
+ return result == null ? null : result.toCharArray();
} catch (IOException ex) {
return null;
}
} else {
- if ((pwd = console.readPassword("[%s]", "Enter password for " + keyFile)) != null) {
- return String.valueOf(pwd);
- } else {
- return null;
- }
+ return console.readPassword("[%s]", "Enter password for " + keyFileName);
}
}
@@ -246,11 +243,8 @@
return null;
}
- char[] password = readPassword(keyFile).toCharArray();
-
SecretKeyFactory skFactory = SecretKeyFactory.getInstance(epkInfo.getAlgName());
- Key key = skFactory.generateSecret(new PBEKeySpec(password));
-
+ Key key = skFactory.generateSecret(new PBEKeySpec(readPassword(keyFile.getPath())));
Cipher cipher = Cipher.getInstance(epkInfo.getAlgName());
cipher.init(Cipher.DECRYPT_MODE, key, epkInfo.getAlgParameters());
@@ -305,10 +299,10 @@
/** Get a PKCS#11 private key from keyStore */
private static PrivateKey loadPrivateKeyFromKeyStore(
- final KeyStore keyStore, final String keyName, final String password)
+ final KeyStore keyStore, final String keyName)
throws CertificateException, KeyStoreException, NoSuchAlgorithmException,
UnrecoverableKeyException, UnrecoverableEntryException {
- final Key key = keyStore.getKey(keyName, password == null ? null : password.toCharArray());
+ final Key key = keyStore.getKey(keyName, readPassword(keyName));
final PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry(keyName, null);
if (privateKeyEntry == null) {
throw new Error(
@@ -1201,10 +1195,8 @@
if (keyStore == null) {
privateKey[i] = readPrivateKey(new File(args[argNum]));
} else {
- String[] splits = args[argNum].split(":", 2);
- final String keyAlias = splits[0];
- final String password = splits.length > 1 ? splits[1] : null;
- privateKey[i] = loadPrivateKeyFromKeyStore(keyStore, keyAlias, password);
+ final String keyAlias = args[argNum];
+ privateKey[i] = loadPrivateKeyFromKeyStore(keyStore, keyAlias);
}
}
inputJar = new JarFile(new File(inputFilename), false); // Don't verify.