Merge "Add more product defaults to mainline.mk"
diff --git a/CleanSpec.mk b/CleanSpec.mk
index 3d9a1ef..76bc0c5 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -613,6 +613,8 @@
# Clean up old location of system_other.avbpubkey
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/security/avb/)
+
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/super.img)
# ************************************************
# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
# ************************************************
diff --git a/core/Makefile b/core/Makefile
index 4def109..97bbebe 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -2166,7 +2166,7 @@
# libicuuc.so
# libnativehelper.so - cf_x86_phone-userdebug builds get this in system/lib/arm
# libprofile.so
-# libsigchain.so
+# libsigchain.so - cf_x86_phone-userdebug builds get this in system/lib/arm
# libtombstoned_client.so
APEX_MODULE_LIBS= \
libadbconnection.so \
@@ -4427,7 +4427,7 @@
endef
ifneq (true,$(PRODUCT_RETROFIT_DYNAMIC_PARTITIONS))
-INSTALLED_SUPERIMAGE_TARGET := $(PRODUCT_OUT)/super.img
+INSTALLED_SUPERIMAGE_TARGET := $(call intermediates-dir-for,PACKAGING,super.img)/super.img
$(INSTALLED_SUPERIMAGE_TARGET): extracted_input_target_files := $(patsubst %.zip,%,$(BUILT_TARGET_FILES_PACKAGE))
$(INSTALLED_SUPERIMAGE_TARGET): $(LPMAKE) $(BUILT_TARGET_FILES_PACKAGE) $(BUILD_SUPER_IMAGE)
$(call pretty,"Target super fs image: $@")
diff --git a/target/product/base_system.mk b/target/product/base_system.mk
index 6b9f4b4..a728068 100644
--- a/target/product/base_system.mk
+++ b/target/product/base_system.mk
@@ -165,7 +165,6 @@
libradio_metadata \
librtp_jni \
libsensorservice \
- libsigchain \
libskia \
libsonic \
libsonivox \
@@ -198,7 +197,6 @@
lshal \
mdnsd \
media \
- media_cmd \
mediadrmserver \
mediaextractor \
mediametrics \
@@ -276,7 +274,6 @@
PRODUCT_HOST_PACKAGES += \
BugReport \
adb \
- adbd \
art-tools \
atest \
bcc \
@@ -292,9 +289,7 @@
minigzip \
mke2fs \
resize2fs \
- selinux_policy_system \
sgdisk \
- shell_and_utilities_system \
sqlite3 \
tinyplay \
tune2fs \
@@ -313,11 +308,11 @@
$(error TARGET_CORE_JARS is empty; cannot initialize PRODUCT_BOOT_JARS variable)
endif
-# The order matters
+# The order matters for runtime class lookup performance.
PRODUCT_BOOT_JARS := \
$(TARGET_CORE_JARS) \
- ext \
framework \
+ ext \
telephony-common \
voip-common \
ims-common
diff --git a/target/product/gsi_keys.mk b/target/product/gsi_keys.mk
new file mode 100644
index 0000000..5a814db
--- /dev/null
+++ b/target/product/gsi_keys.mk
@@ -0,0 +1,22 @@
+#
+# Copyright (C) 2019 The Android Open-Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Include GSI keys into first-stage ramdisk, so we can enable verified
+# boot when booting a GSI.
+PRODUCT_PACKAGES += \
+ q-gsi.avbpubkey \
+ r-gsi.avbpubkey \
+ s-gsi.avbpubkey \
diff --git a/tools/releasetools/merge_target_files.py b/tools/releasetools/merge_target_files.py
index 3c6bfbf..3b72551 100755
--- a/tools/releasetools/merge_target_files.py
+++ b/tools/releasetools/merge_target_files.py
@@ -47,6 +47,9 @@
--rebuild_recovery
Rebuild the recovery patch used by non-A/B devices and write it to the
system image.
+
+ --keep-tmp
+ Keep tempoary files for debugging purposes.
"""
from __future__ import print_function
@@ -296,6 +299,37 @@
output.write('%s\n' % partition)
+def append_recovery_to_filesystem_config(output_target_files_temp_dir):
+ """Perform special processing for META/filesystem_config.txt
+
+ This function appends recovery information to META/filesystem_config.txt
+ so that recovery patch regeneration will succeed.
+
+ Args:
+ output_target_files_temp_dir: The name of a directory that will be used
+ to create the output target files package after all the special cases
+ are processed. We find filesystem_config.txt here.
+ """
+
+ filesystem_config_txt = os.path.join(
+ output_target_files_temp_dir,
+ 'META',
+ 'filesystem_config.txt')
+
+ with open(filesystem_config_txt, 'a') as f:
+ # TODO(bpeckham) this data is hard coded. It should be generated
+ # programmatically.
+ f.write(
+ 'system/bin/install-recovery.sh 0 0 750 '
+ 'selabel=u:object_r:install_recovery_exec:s0 capabilities=0x0\n')
+ f.write(
+ 'system/recovery-from-boot.p 0 0 644 '
+ 'selabel=u:object_r:system_file:s0 capabilities=0x0\n')
+ f.write(
+ 'system/etc/recovery.img 0 0 440 '
+ 'selabel=u:object_r:install_recovery_exec:s0 capabilities=0x0\n')
+
+
def process_misc_info_txt(
system_target_files_temp_dir,
other_target_files_temp_dir,
@@ -454,7 +488,9 @@
system_target_files_temp_dir,
other_target_files_temp_dir,
output_target_files_temp_dir,
- system_misc_info_keys):
+ system_misc_info_keys,
+ rebuild_recovery
+):
"""Perform special-case processing for certain target files items.
Certain files in the output target files package require special-case
@@ -476,12 +512,20 @@
system_misc_info_keys: A list of keys to obtain from the system instance
of META/misc_info.txt. The remaining keys from the other instance.
+
+ rebuild_recovery: If true, rebuild the recovery patch used by non-A/B
+ devices and write it to the system image.
"""
- process_ab_partitions_txt(
- system_target_files_temp_dir=system_target_files_temp_dir,
- other_target_files_temp_dir=other_target_files_temp_dir,
- output_target_files_temp_dir=output_target_files_temp_dir)
+ if 'ab_update' in system_misc_info_keys:
+ process_ab_partitions_txt(
+ system_target_files_temp_dir=system_target_files_temp_dir,
+ other_target_files_temp_dir=other_target_files_temp_dir,
+ output_target_files_temp_dir=output_target_files_temp_dir)
+
+ if rebuild_recovery:
+ append_recovery_to_filesystem_config(
+ output_target_files_temp_dir=output_target_files_temp_dir)
process_misc_info_txt(
system_target_files_temp_dir=system_target_files_temp_dir,
@@ -599,7 +643,8 @@
system_target_files_temp_dir=system_target_files_temp_dir,
other_target_files_temp_dir=other_target_files_temp_dir,
output_target_files_temp_dir=output_target_files_temp_dir,
- system_misc_info_keys=system_misc_info_keys)
+ system_misc_info_keys=system_misc_info_keys,
+ rebuild_recovery=rebuild_recovery)
# Regenerate IMAGES in the temporary directory.
@@ -704,7 +749,7 @@
OPTIONS.output_target_files = a
elif o == '--rebuild_recovery':
OPTIONS.rebuild_recovery = True
- elif o == '--keep_tmp':
+ elif o == '--keep-tmp':
OPTIONS.keep_tmp = True
else:
return False
@@ -720,7 +765,7 @@
'other-item-list=',
'output-target-files=',
'rebuild_recovery',
- "keep_tmp",
+ 'keep-tmp',
],
extra_option_handler=option_handler)
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index d3e9ea1..c482a49 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -383,24 +383,24 @@
Args:
apex_data: Raw APEX data.
- payload_key: The path to payload signing key (w/o extension).
+ payload_key: The path to payload signing key (w/ extension).
container_key: The path to container signing key (w/o extension).
container_pw: The matching password of the container_key, or None.
codename_to_api_level_map: A dict that maps from codename to API level.
signing_args: Additional args to be passed to the payload signer.
Returns:
- (signed_apex, payload_key_name): signed_apex is the path to the signed APEX
- file; payload_key_name is a str of the payload signing key name (e.g.
- com.android.tzdata).
+ The path to the signed APEX file.
"""
apex_file = common.MakeTempFile(prefix='apex-', suffix='.apex')
with open(apex_file, 'wb') as apex_fp:
apex_fp.write(apex_data)
APEX_PAYLOAD_IMAGE = 'apex_payload.img'
+ APEX_PUBKEY = 'apex_pubkey'
- # 1. Extract and sign the APEX_PAYLOAD_IMAGE entry with the given payload_key.
+ # 1a. Extract and sign the APEX_PAYLOAD_IMAGE entry with the given
+ # payload_key.
payload_dir = common.MakeTempDir(prefix='apex-payload-')
with zipfile.ZipFile(apex_file) as apex_fd:
payload_file = apex_fd.extract(APEX_PAYLOAD_IMAGE, payload_dir)
@@ -414,9 +414,14 @@
payload_info['Salt'],
signing_args)
+ # 1b. Update the embedded payload public key.
+ payload_public_key = common.ExtractAvbPublicKey(payload_key)
+
common.ZipDelete(apex_file, APEX_PAYLOAD_IMAGE)
+ common.ZipDelete(apex_file, APEX_PUBKEY)
apex_zip = zipfile.ZipFile(apex_file, 'a')
common.ZipWrite(apex_zip, payload_file, arcname=APEX_PAYLOAD_IMAGE)
+ common.ZipWrite(apex_zip, payload_public_key, arcname=APEX_PUBKEY)
common.ZipClose(apex_zip)
# 2. Align the files at page boundary (same as in apexer).
@@ -440,7 +445,7 @@
codename_to_api_level_map=codename_to_api_level_map,
extra_signapk_args=extra_signapk_args)
- return (signed_apex, payload_info['apex.key'])
+ return signed_apex
def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
@@ -454,10 +459,6 @@
if GetApkFileInfo(i.filename, compressed_extension, [])[0]])
system_root_image = misc_info.get("system_root_image") == "true"
- # A dict of APEX payload public keys that should be updated, i.e. the files
- # under '/system/etc/security/apex/'.
- updated_apex_payload_keys = {}
-
for info in input_tf_zip.infolist():
filename = info.filename
if filename.startswith("IMAGES/"):
@@ -511,7 +512,7 @@
print(" : %-*s payload (%s)" % (
maxsize, name, payload_key))
- (signed_apex, payload_key_name) = SignApex(
+ signed_apex = SignApex(
data,
payload_key,
container_key,
@@ -519,7 +520,6 @@
codename_to_api_level_map,
OPTIONS.avb_extra_args.get('apex'))
common.ZipWrite(output_tf_zip, signed_apex, filename)
- updated_apex_payload_keys[payload_key_name] = payload_key
else:
print(
@@ -606,34 +606,6 @@
else:
common.ZipWriteStr(output_tf_zip, out_info, data)
- # Copy or update APEX payload public keys.
- for info in input_tf_zip.infolist():
- filename = info.filename
- if (os.path.dirname(filename) != 'SYSTEM/etc/security/apex' or
- filename == 'SYSTEM/etc/security/apex/'):
- continue
-
- name = os.path.basename(filename)
-
- # Copy the keys for PRESIGNED APEXes.
- if name not in updated_apex_payload_keys:
- data = input_tf_zip.read(filename)
- common.ZipWriteStr(output_tf_zip, info, data)
- continue
-
- key_path = updated_apex_payload_keys[name]
- if not os.path.exists(key_path) and not key_path.endswith('.pem'):
- key_path = '{}.pem'.format(key_path)
- assert os.path.exists(key_path), \
- 'Failed to find public key file {} for APEX {}'.format(
- updated_apex_payload_keys[name], name)
-
- print('Replacing APEX payload public key for {} with {}'.format(
- name, key_path))
-
- public_key = common.ExtractAvbPublicKey(key_path)
- common.ZipWrite(output_tf_zip, public_key, arcname=filename)
-
if OPTIONS.replace_ota_keys:
ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info)