Merge "sign_target_files_apks: adding --allow_gsi_debug_sepolicy" into sc-v2-dev

commit: 782fece23d1e114d8445214e0d94ca50b96bec90 [log] [tgz]
author: Yi-yo Chiang <yochiang@google.com> Fri Dec 10 04:05:11 2021 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Fri Dec 10 04:05:11 2021 +0000
tree: 6aa5378105425ff9a8019c1229124d5a25a26524
parent: a03f18f45d8ac02cbd0bfeee3d890166a483fa54 [diff]
parent: 702b8fdfe00cfd34b6effe76fc71eeaef2cf4dd4 [diff]
diff --git a/core/android_soong_config_vars.mk b/core/android_soong_config_vars.mk
index 5e63a25..1b4aeb5 100644
--- a/core/android_soong_config_vars.mk
+++ b/core/android_soong_config_vars.mk

@@ -28,6 +28,7 @@
 
 $(call add_soong_config_var,ANDROID,TARGET_ENABLE_MEDIADRM_64)
 $(call add_soong_config_var,ANDROID,BOARD_USES_ODMIMAGE)
+$(call add_soong_config_var,ANDROID,PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT)
 
 ifeq (,$(findstring com.google.android.conscrypt,$(PRODUCT_PACKAGES)))
   # Prebuilt module SDKs require prebuilt modules to work, and currently

diff --git a/core/product.mk b/core/product.mk
index 015fe44..21fc06e 100644
--- a/core/product.mk
+++ b/core/product.mk

@@ -427,6 +427,11 @@
 
 _product_single_value_vars += PRODUCT_INSTALL_EXTRA_FLATTENED_APEXES
 
+# Install a copy of the debug policy to the system_ext partition, and allow
+# init-second-stage to load debug policy from system_ext.
+# This option is only meant to be set by GSI products.
+_product_single_value_vars += PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT
+
 .KATI_READONLY := _product_single_value_vars _product_list_vars
 _product_var_list :=$= $(_product_single_value_vars) $(_product_list_vars)
 

diff --git a/core/product_config.mk b/core/product_config.mk
index 5c85fb8..679453e 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk

@@ -350,6 +350,12 @@
   $(error Only one file may be in PRODUCT_ADB_KEYS: $(PRODUCT_ADB_KEYS))
 endif
 
+ifdef PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT
+  ifeq (,$(filter gsi_arm gsi_arm64 gsi_x86 gsi_x86_64,$(PRODUCT_NAME)))
+    $(error Only GSI products are allowed to set PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT)
+  endif
+endif
+
 ifndef PRODUCT_USE_DYNAMIC_PARTITIONS
   PRODUCT_USE_DYNAMIC_PARTITIONS := $(PRODUCT_RETROFIT_DYNAMIC_PARTITIONS)
 endif

diff --git a/core/version_defaults.mk b/core/version_defaults.mk
index 1c193ee..40c506c 100644
--- a/core/version_defaults.mk
+++ b/core/version_defaults.mk

@@ -240,7 +240,7 @@
     #  It must be of the form "YYYY-MM-DD" on production devices.
     #  It must match one of the Android Security Patch Level strings of the Public Security Bulletins.
     #  If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
-    PLATFORM_SECURITY_PATCH := 2021-12-05
+    PLATFORM_SECURITY_PATCH := 2022-01-05
 endif
 .KATI_READONLY := PLATFORM_SECURITY_PATCH
commit	782fece23d1e114d8445214e0d94ca50b96bec90	[log] [tgz]
author	Yi-yo Chiang <yochiang@google.com>	Fri Dec 10 04:05:11 2021 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Fri Dec 10 04:05:11 2021 +0000
tree	6aa5378105425ff9a8019c1229124d5a25a26524
parent	a03f18f45d8ac02cbd0bfeee3d890166a483fa54 [diff]
parent	702b8fdfe00cfd34b6effe76fc71eeaef2cf4dd4 [diff]