Merge "Revert "Set an empty persist.sys.dalvik.vm.lib.2 to simplify debug apex testing.""
diff --git a/core/Makefile b/core/Makefile
index 030b3fe..e65e949 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -901,9 +901,11 @@
INTERNAL_INIT_BOOT_IMAGE_ARGS :=
+INTERNAL_BOOT_HAS_RAMDISK :=
ifneq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true)
ifneq ($(BUILDING_INIT_BOOT_IMAGE),true)
INTERNAL_BOOTIMAGE_ARGS += --ramdisk $(INSTALLED_RAMDISK_TARGET)
+ INTERNAL_BOOT_HAS_RAMDISK := true
else
INTERNAL_INIT_BOOT_IMAGE_ARGS += --ramdisk $(INSTALLED_RAMDISK_TARGET)
endif
@@ -952,21 +954,48 @@
--os_version $(PLATFORM_VERSION_LAST_STABLE) \
--os_patch_level $(PLATFORM_SECURITY_PATCH)
-ifdef BOARD_GKI_SIGNING_KEY_PATH
-ifndef BOARD_GKI_SIGNING_ALGORITHM
-$(error BOARD_GKI_SIGNING_ALGORITHM should be defined with BOARD_GKI_SIGNING_KEY_PATH)
-endif
-INTERNAL_MKBOOTIMG_GKI_SINGING_ARGS := \
- --gki_signing_key $(BOARD_GKI_SIGNING_KEY_PATH) \
- --gki_signing_algorithm $(BOARD_GKI_SIGNING_ALGORITHM) \
- --gki_signing_avbtool_path $(AVBTOOL)
-endif
+# $(1): image target to certify
+# $(2): out certificate target
+# $(3): image name
+# $(4): additional AVB arguments
+define generate_generic_boot_image_certificate
+ rm -rf "$(2)"
+ mkdir -p "$(dir $(2))"
+ $(GENERATE_GKI_CERTIFICATE) $(INTERNAL_GKI_CERTIFICATE_ARGS) \
+ --additional_avb_args "$(4)" \
+ --name "$(3)" --output "$(2)" "$(1)"
+endef
-# Using double quote to pass BOARD_GKI_SIGNING_SIGNATURE_ARGS as a single string
-# to MKBOOTIMG, although it may contain multiple args.
-ifdef BOARD_GKI_SIGNING_SIGNATURE_ARGS
-INTERNAL_MKBOOTIMG_GKI_SINGING_ARGS += \
- --gki_signing_signature_args "$(BOARD_GKI_SIGNING_SIGNATURE_ARGS)"
+INTERNAL_GKI_CERTIFICATE_ARGS :=
+INTERNAL_GKI_CERTIFICATE_DEPS :=
+INTERNAL_GENERIC_RAMDISK_BOOT_SIGNATURE :=
+ifdef BOARD_GKI_SIGNING_KEY_PATH
+ ifndef BOARD_GKI_SIGNING_ALGORITHM
+ $(error BOARD_GKI_SIGNING_ALGORITHM should be defined with BOARD_GKI_SIGNING_KEY_PATH)
+ endif
+
+ INTERNAL_GKI_CERTIFICATE_ARGS := \
+ --key "$(BOARD_GKI_SIGNING_KEY_PATH)" \
+ --algorithm "$(BOARD_GKI_SIGNING_ALGORITHM)" \
+ --avbtool "$(AVBTOOL)"
+
+ # Quote and pass BOARD_GKI_SIGNING_SIGNATURE_ARGS as a single string argument.
+ ifdef BOARD_GKI_SIGNING_SIGNATURE_ARGS
+ INTERNAL_GKI_CERTIFICATE_ARGS += --additional_avb_args "$(BOARD_GKI_SIGNING_SIGNATURE_ARGS)"
+ endif
+
+ INTERNAL_GKI_CERTIFICATE_DEPS := \
+ $(GENERATE_GKI_CERTIFICATE) \
+ $(BOARD_GKI_SIGNING_KEY_PATH) \
+ $(AVBTOOL)
+
+ ifdef INSTALLED_RAMDISK_TARGET
+ INTERNAL_GENERIC_RAMDISK_BOOT_SIGNATURE := \
+ $(call intermediates-dir-for,PACKAGING,generic_ramdisk)/boot_signature
+
+ $(INTERNAL_GENERIC_RAMDISK_BOOT_SIGNATURE): $(INSTALLED_RAMDISK_TARGET) $(INTERNAL_GKI_CERTIFICATE_DEPS)
+ $(call generate_generic_boot_image_certificate,$(INSTALLED_RAMDISK_TARGET),$@,generic_ramdisk,$(BOARD_AVB_INIT_BOOT_ADD_HASH_FOOTER_ARGS))
+ endif
endif
# Define these only if we are building boot
@@ -983,8 +1012,15 @@
# $1: boot image target
define build_boot_board_avb_enabled
- $(MKBOOTIMG) --kernel $(call bootimage-to-kernel,$(1)) $(INTERNAL_BOOTIMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) \
- $(INTERNAL_MKBOOTIMG_GKI_SINGING_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $(1)
+ $(eval kernel := $(call bootimage-to-kernel,$(1)))
+ $(if $(BOARD_GKI_SIGNING_KEY_PATH), \
+ $(eval kernel_signature := $(call intermediates-dir-for,PACKAGING,generic_kernel)/$(notdir $(kernel)).boot_signature) \
+ $(call generate_generic_boot_image_certificate,$(kernel),$(kernel_signature),generic_kernel,$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)) $(newline) \
+ $(if $(INTERNAL_BOOT_HAS_RAMDISK), \
+ cat $(INTERNAL_GENERIC_RAMDISK_BOOT_SIGNATURE) >> $(kernel_signature) $(newline)))
+ $(MKBOOTIMG) --kernel $(kernel) $(INTERNAL_BOOTIMAGE_ARGS) \
+ $(if $(BOARD_GKI_SIGNING_KEY_PATH),--boot_signature "$(kernel_signature)",$(INTERNAL_MKBOOTIMG_VERSION_ARGS)) \
+ $(BOARD_MKBOOTIMG_ARGS) --output $(1)
$(call assert-max-image-size,$(1),$(call get-hash-image-max-size,$(call get-bootimage-partition-size,$(1),boot)))
$(AVBTOOL) add_hash_footer \
--image $(1) \
@@ -993,12 +1029,15 @@
$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)
endef
-$(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(AVBTOOL) $(INTERNAL_BOOTIMAGE_FILES) $(BOARD_AVB_BOOT_KEY_PATH) $(BOARD_GKI_SIGNING_KEY_PATH)
+ifdef INTERNAL_BOOT_HAS_RAMDISK
+$(INSTALLED_BOOTIMAGE_TARGET): $(INTERNAL_GENERIC_RAMDISK_BOOT_SIGNATURE)
+endif
+$(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(AVBTOOL) $(INTERNAL_BOOTIMAGE_FILES) $(BOARD_AVB_BOOT_KEY_PATH) $(INTERNAL_GKI_CERTIFICATE_DEPS)
$(call pretty,"Target boot image: $@")
$(call build_boot_board_avb_enabled,$@)
.PHONY: bootimage-nodeps
-bootimage-nodeps: $(MKBOOTIMG) $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH) $(BOARD_GKI_SIGNING_KEY_PATH)
+bootimage-nodeps: $(MKBOOTIMG) $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH) $(INTERNAL_GKI_CERTIFICATE_DEPS)
@echo "make $@: ignoring dependencies"
$(foreach b,$(INSTALLED_BOOTIMAGE_TARGET),$(call build_boot_board_avb_enabled,$(b)))
@@ -1097,9 +1136,12 @@
endif
ifeq ($(BOARD_AVB_ENABLE),true)
+$(INSTALLED_INIT_BOOT_IMAGE_TARGET): $(INTERNAL_GENERIC_RAMDISK_BOOT_SIGNATURE)
$(INSTALLED_INIT_BOOT_IMAGE_TARGET): $(AVBTOOL) $(BOARD_AVB_INIT_BOOT_KEY_PATH)
$(call pretty,"Target init_boot image: $@")
- $(MKBOOTIMG) $(INTERNAL_INIT_BOOT_IMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_MKBOOTIMG_INIT_ARGS) --output $@
+ $(MKBOOTIMG) $(INTERNAL_INIT_BOOT_IMAGE_ARGS) \
+ $(if $(BOARD_GKI_SIGNING_KEY_PATH),--boot_signature "$(INTERNAL_GENERIC_RAMDISK_BOOT_SIGNATURE)",$(INTERNAL_MKBOOTIMG_VERSION_ARGS)) \
+ $(BOARD_MKBOOTIMG_INIT_ARGS) --output "$@"
$(call assert-max-image-size,$@,$(BOARD_INIT_BOOT_IMAGE_PARTITION_SIZE))
$(AVBTOOL) add_hash_footer \
--image $@ \
@@ -1137,6 +1179,49 @@
endif # BOARD_PREBUILT_INIT_BOOT_IMAGE
endif # BUILDING_INIT_BOOT_IMAGE is not true
+
+# -----------------------------------------------------------------
+# system dlkm image
+ifeq ($(BUILDING_SYSTEM_DLKM_IMAGE),true)
+
+INSTALLED_SYSTEM_DLKM_IMAGE_TARGET := $(PRODUCT_OUT)/system_dlkm.img
+
+ifeq ($(BOARD_AVB_ENABLE),true)
+$(INSTALLED_SYSTEM_DLKM_IMAGE_TARGET): $(TARGET_SYSTEM_DLKM_SRC) $(MKEROFS) $(AVBTOOL)
+ $(call pretty,"Target system_dlkm image: $@")
+ rsync -rupE $(TARGET_SYSTEM_DLKM_SRC)/ $(TARGET_SYSTEM_DLKM_OUT)
+ $(MKEROFS) "-zlz4hc" $@ $(TARGET_SYSTEM_DLKM_OUT)
+ $(call assert-max-image-size,$@,$(BOARD_SYSTEM_DLKM_PARTITION_SIZE))
+ $(AVBTOOL) add_hash_footer \
+ --partition_name system_dlkm \
+ --partition_size $(BOARD_SYSTEM_DLKM_PARTITION_SIZE) \
+ --image $@
+else
+$(INSTALLED_SYSTEM_DLKM_IMAGE_TARGET): $(TARGET_SYSTEM_DLKM_SRC) $(MKEROFS)
+ $(call pretty,"Target system_dlkm image: $@")
+ rsync -rupE $(TARGET_SYSTEM_DLKM_SRC)/ $(TARGET_SYSTEM_DLKM_OUT)
+ $(MKEROFS) "-zlz4hc" $@ $(TARGET_SYSTEM_DLKM_OUT)
+ $(call assert-max-image-size,$@,$(BOARD_SYSTEM_DLKM_PARTITION_SIZE))
+endif # BOARD_AVB_ENABLE
+
+else # BUILDING_SYSTEM_DLKM_IMAGE is not true
+
+ifdef BOARD_PREBUILT_SYSTEM_DLKM_IMAGE
+
+INTERNAL_PREBUILT_SYSTEM_DLKM_IMAGE := $(BOARD_PREBUILT_SYSTEM_DLKM_IMAGE)
+INSTALLED_SYSTEM_DLKM_IMAGE_TARGET := $(PRODUCT_OUT)/system_dlkm.img
+$(INSTALLED_SYSTEM_DLKM_IMAGE_TARGET): $(INTERNAL_PREBUILT_SYSTEM_DLKM_IMAGE)
+ $(call pretty,"Using prebuilt system_dlkm image: $@")
+ cp $(INTERNAL_PREBUILT_SYSTEM_DLKM_IMAGE) $@
+
+else # BOARD_PREBUILT_SYSTEM_DLKM_IMAGE not defined
+
+INSTALLED_SYSTEM_DLKM_IMAGE_TARGET :=
+
+endif # BOARD_PREBUILT_SYSTEM_DLKM_IMAGE
+
+endif # BUILDING_SYSTEM_DLKM_IMAGE is not true
+
# -----------------------------------------------------------------
# vendor boot image
ifeq ($(BUILDING_VENDOR_BOOT_IMAGE),true)
@@ -2117,6 +2202,9 @@
ifdef TARGET_RECOVERY_FSTAB
recovery_fstab := $(TARGET_RECOVERY_FSTAB)
+else ifdef TARGET_RECOVERY_FSTAB_GENRULE
+# Specifies a soong genrule module that generates an fstab.
+recovery_fstab := $(call intermediates-dir-for,ETC,$(TARGET_RECOVERY_FSTAB_GENRULE))/$(TARGET_RECOVERY_FSTAB_GENRULE)
else
recovery_fstab := $(strip $(wildcard $(TARGET_DEVICE_DIR)/recovery.fstab))
endif
@@ -2757,12 +2845,10 @@
# Generate fsv_meta
fsverity-metadata-targets := $(sort $(filter \
- $(TARGET_OUT)/framework/%.jar \
- $(foreach arch,$(TARGET_ARCH) $(TARGET_2ND_ARCH),$(foreach ext,oat vdex art, \
- $(TARGET_OUT)/framework/oat/$(arch)/%.$(ext))) \
+ $(TARGET_OUT)/framework/% \
$(TARGET_OUT)/etc/boot-image.prof \
$(TARGET_OUT)/etc/dirty-image-objects \
- $(TARGET_OUT)/etc/updatable-bcp-packages.txt, \
+ $(TARGET_OUT)/etc/classpaths/%.pb, \
$(ALL_GENERATED_SOURCES) $(ALL_DEFAULT_INSTALLED_MODULES)))
define fsverity-generate-metadata
@@ -3773,6 +3859,13 @@
--prop com.android.build.pvmfw.security_patch:$(PVMFW_SECURITY_PATCH)
endif
+# For upgrading devices without a init_boot partition, the init_boot footer args
+# should fallback to boot partition footer.
+ifndef INSTALLED_INIT_BOOT_IMAGE_TARGET
+BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS += \
+ $(BOARD_AVB_INIT_BOOT_ADD_HASH_FOOTER_ARGS)
+endif
+
BOOT_FOOTER_ARGS := BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS
INIT_BOOT_FOOTER_ARGS := BOARD_AVB_INIT_BOOT_ADD_HASH_FOOTER_ARGS
VENDOR_BOOT_FOOTER_ARGS := BOARD_AVB_VENDOR_BOOT_ADD_HASH_FOOTER_ARGS
@@ -4484,6 +4577,7 @@
fec \
fsck.f2fs \
fs_config \
+ generate_gki_certificate \
generate_verity_key \
host_init_verifier \
img2simg \
@@ -6292,6 +6386,10 @@
haiku: $(SOONG_FUZZ_PACKAGING_ARCH_MODULES) $(ALL_FUZZ_TARGETS)
$(call dist-for-goals,haiku,$(SOONG_FUZZ_PACKAGING_ARCH_MODULES))
+.PHONY: haiku-java
+haiku-java: $(SOONG_JAVA_FUZZ_PACKAGING_ARCH_MODULES) $(ALL_JAVA_FUZZ_TARGETS)
+$(call dist-for-goals,haiku-java,$(SOONG_JAVA_FUZZ_PACKAGING_ARCH_MODULES))
+
.PHONY: haiku-rust
haiku-rust: $(SOONG_RUST_FUZZ_PACKAGING_ARCH_MODULES) $(ALL_RUST_FUZZ_TARGETS)
$(call dist-for-goals,haiku-rust,$(SOONG_RUST_FUZZ_PACKAGING_ARCH_MODULES))
diff --git a/core/board_config.mk b/core/board_config.mk
index 95cbe3d..ad71951 100644
--- a/core/board_config.mk
+++ b/core/board_config.mk
@@ -77,6 +77,8 @@
_board_strip_readonly_list += BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE
_board_strip_readonly_list += BOARD_PRODUCTIMAGE_PARTITION_SIZE
_board_strip_readonly_list += BOARD_PRODUCTIMAGE_FILE_SYSTEM_TYPE
+_board_strip_readonly_list += BOARD_SYSTEM_DLKM_PARTITION_SIZE
+_board_strip_readonly_list += BOARD_SYSTEM_DLKM_FILE_SYSTEM_TYPE
_board_strip_readonly_list += BOARD_SYSTEM_EXTIMAGE_PARTITION_SIZE
_board_strip_readonly_list += BOARD_SYSTEM_EXTIMAGE_FILE_SYSTEM_TYPE
_board_strip_readonly_list += BOARD_ODMIMAGE_PARTITION_SIZE
@@ -125,6 +127,7 @@
# Prebuilt image variables
_board_strip_readonly_list += BOARD_PREBUILT_INIT_BOOT_IMAGE
+_board_strip_readonly_list += BOARD_PREBUILT_SYSTEM_DLKM_IMAGE
# Defines the list of logical vendor ramdisk names to build or include in vendor_boot.
_board_strip_readonly_list += BOARD_VENDOR_RAMDISK_FRAGMENTS
@@ -502,6 +505,35 @@
endif
.KATI_READONLY := BUILDING_RECOVERY_IMAGE
+# Are we building a system_dlkm image for system_dlkm partition ?
+#
+# Two choices:
+# 1. Use kernel prebuilt system_dlkm.img BOARD_PREBUILT_SYSTEM_DLKM_IMAGE to point image
+# 2. Build from kernel prebuilt system_dlkm_staging set PRODUCT_BUILD_SYSTEM_DLKM_IMAGE
+#
+# Both requires: BOARD_SYSTEM_DLKM_PARTITION_SIZE and must be 64MB or higher (vts).
+#
+BUILDING_SYSTEM_DLKM_IMAGE :=
+ifeq ($(PRODUCT_BUILD_SYSTEM_DLKM_IMAGE),)
+ ifdef BOARD_USES_SYSTEM_DLKM_PARTITION
+ BUILDING_SYSTEM_DLKM_IMAGE := true
+ endif
+endif
+ifeq ($(PRODUCT_BUILD_SYSTEM_DLKM_IMAGE),true)
+ BUILDING_SYSTEM_DLKM_IMAGE := true
+endif
+.KATI_READONLY := BUILDING_SYSTEM_DLKM_IMAGE
+TARGET_SYSTEM_DLKM_SRC :=
+ifeq ($(BUILDING_SYSTEM_DLKM_IMAGE),true)
+ # Make sure we know the partition size; or warn for default to 64MB
+ ifndef BOARD_SYSTEM_DLKM_PARTITION_SIZE
+ $(error BOARD_SYSTEM_DLKM_PARTITION_SIZE is not defined; must be defined as 64MB or higher.)
+ endif
+ # Point to the source for signed module by kernel; if we are building system_dlkm
+ TARGET_SYSTEM_DLKM_SRC := kernel/prebuilts/$(TARGET_KERNEL_USE)/$(TARGET_ARCH)/system_dlkm_staging
+endif
+.KATI_READONLY := TARGET_SYSTEM_DLKM_SRC
+
# Are we building a vendor boot image
BUILDING_VENDOR_BOOT_IMAGE :=
ifdef BOARD_BOOT_HEADER_VERSION
diff --git a/core/config.mk b/core/config.mk
index 3c7c5ce..6f22b7c 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -331,22 +331,6 @@
JAVA_TMPDIR_ARG :=
endif
-# http://b/210012154 Set BIONIC_COVERAGE if coverage is enabled for bionic. This
-# disable continuous coverage and removes '%c' from init.environ.rc:LLVM_PROFILE_FILE
-ifeq ($(NATIVE_COVERAGE_PATHS),*)
- ifeq ($(filter bionic%,$(NATIVE_COVERAGE_EXCLUDE_PATHS)),)
- BIONIC_COVERAGE := true
- else
- BIONIC_COVERAGE := false
- endif
-else
- ifeq ($(filter bionic%,$(NATIVE_COVERAGE_PATHS)),)
- BIONIC_COVERAGE := false
- else
- BIONIC_COVERAGE := true
- endif
-endif
-
# ###############################################################
# Include sub-configuration files
# ###############################################################
@@ -593,6 +577,7 @@
MKBOOTFS := $(HOST_OUT_EXECUTABLES)/mkbootfs$(HOST_EXECUTABLE_SUFFIX)
MINIGZIP := $(HOST_OUT_EXECUTABLES)/minigzip$(HOST_EXECUTABLE_SUFFIX)
LZ4 := $(HOST_OUT_EXECUTABLES)/lz4$(HOST_EXECUTABLE_SUFFIX)
+GENERATE_GKI_CERTIFICATE := $(HOST_OUT_EXECUTABLES)/generate_gki_certificate$(HOST_EXECUTABLE_SUFFIX)
ifeq (,$(strip $(BOARD_CUSTOM_MKBOOTIMG)))
MKBOOTIMG := $(HOST_OUT_EXECUTABLES)/mkbootimg$(HOST_EXECUTABLE_SUFFIX)
else
@@ -612,6 +597,7 @@
FS_GET_STATS := $(HOST_OUT_EXECUTABLES)/fs_get_stats$(HOST_EXECUTABLE_SUFFIX)
MKEXTUSERIMG := $(HOST_OUT_EXECUTABLES)/mkuserimg_mke2fs
MKE2FS_CONF := system/extras/ext4_utils/mke2fs.conf
+MKEROFS := $(HOST_OUT_EXECUTABLES)/mkfs.erofs
MKEROFSUSERIMG := $(HOST_OUT_EXECUTABLES)/mkerofsimage.sh
MKSQUASHFSUSERIMG := $(HOST_OUT_EXECUTABLES)/mksquashfsimage.sh
MKF2FSUSERIMG := $(HOST_OUT_EXECUTABLES)/mkf2fsuserimg.sh
diff --git a/core/envsetup.mk b/core/envsetup.mk
index b673050..e730c3a 100644
--- a/core/envsetup.mk
+++ b/core/envsetup.mk
@@ -259,6 +259,7 @@
# TARGET_COPY_OUT_* are all relative to the staging directory, ie PRODUCT_OUT.
# Define them here so they can be used in product config files.
TARGET_COPY_OUT_SYSTEM := system
+TARGET_COPY_OUT_SYSTEM_DLKM := system_dlkm
TARGET_COPY_OUT_SYSTEM_OTHER := system_other
TARGET_COPY_OUT_DATA := data
TARGET_COPY_OUT_ASAN := $(TARGET_COPY_OUT_DATA)/asan
@@ -317,11 +318,17 @@
# Dumps all variables that match [A-Z][A-Z0-9_]* (with a few exceptions)
# to the file at $(1). It is used to print only the variables that are
# likely to be relevant to the product or board configuration.
+# Soong config variables are dumped as $(call soong_config_set) calls
+# instead of the raw variable values, because mk2rbc can't read the
+# raw ones.
define dump-variables-rbc
$(file >$(OUT_DIR)/dump-variables-rbc-temp.txt,$(subst $(space),$(newline),$(.VARIABLES)))\
$(file >$(1),\
$(foreach v, $(shell grep -he "^[A-Z][A-Z0-9_]*$$" $(OUT_DIR)/dump-variables-rbc-temp.txt | grep -vhE "^(SOONG_.*|LOCAL_PATH|TOPDIR|PRODUCT_COPY_OUT_.*)$$"),\
-$(v) := $(strip $($(v)))$(newline)))
+$(v) := $(strip $($(v)))$(newline))\
+$(foreach ns,$(SOONG_CONFIG_NAMESPACES),\
+$(foreach v,$(SOONG_CONFIG_$(ns)),\
+$$(call soong_config_set,$(ns),$(v),$(SOONG_CONFIG_$(ns)_$(v)))$(newline))))
endef
# Read the product specs so we can get TARGET_DEVICE and other
@@ -945,6 +952,9 @@
TARGET_VENDOR_DEBUG_RAMDISK_OUT := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_VENDOR_DEBUG_RAMDISK)
TARGET_TEST_HARNESS_RAMDISK_OUT := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_TEST_HARNESS_RAMDISK)
+TARGET_SYSTEM_DLKM_OUT := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_SYSTEM_DLKM)
+.KATI_READONLY := TARGET_SYSTEM_DLKM_OUT
+
TARGET_VENDOR_RAMDISK_OUT := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_VENDOR_RAMDISK)
TARGET_ROOT_OUT := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_ROOT)
diff --git a/core/main.mk b/core/main.mk
index d17f0cb..32ea2da 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -1606,6 +1606,9 @@
.PHONY: initbootimage
bootimage: $(INSTALLED_INIT_BOOT_IMAGE_TARGET)
+.PHONY: system_dlkm_image
+system_dlkm_image: $(INSTALLED_SYSTEM_DLKM_IMAGE_TARGET)
+
ifeq (true,$(PRODUCT_EXPORT_BOOT_IMAGE_TO_DIST))
$(call dist-for-goals, bootimage, $(INSTALLED_BOOTIMAGE_TARGET))
endif
@@ -1630,6 +1633,7 @@
.PHONY: droidcore-unbundled
droidcore-unbundled: $(filter $(HOST_OUT_ROOT)/%,$(modules_to_install)) \
$(INSTALLED_SYSTEMIMAGE_TARGET) \
+ $(INSTALLED_SYSTEM_DLKM_IMAGE_TARGET) \
$(INSTALLED_RAMDISK_TARGET) \
$(INSTALLED_BOOTIMAGE_TARGET) \
$(INSTALLED_INIT_BOOT_IMAGE_TARGET) \
@@ -1877,6 +1881,10 @@
)
endif
+ ifeq ($(PRODUCT_EXPORT_BOOT_IMAGE_TO_DIST),true)
+ $(call dist-for-goals, droidcore-unbundled, $(INSTALLED_BOOTIMAGE_TARGET))
+ endif
+
ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
$(call dist-for-goals, droidcore-unbundled, \
$(recovery_ramdisk) \
diff --git a/core/product.mk b/core/product.mk
index 7192226..21db81e 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -384,6 +384,7 @@
# Controls for whether different partitions are built for the current product.
_product_single_value_vars += PRODUCT_BUILD_SYSTEM_IMAGE
+_product_single_value_vars += PRODUCT_BUILD_SYSTEM_DLKM_IMAGE
_product_single_value_vars += PRODUCT_BUILD_SYSTEM_OTHER_IMAGE
_product_single_value_vars += PRODUCT_BUILD_VENDOR_IMAGE
_product_single_value_vars += PRODUCT_BUILD_PRODUCT_IMAGE
diff --git a/core/proguard.flags b/core/proguard.flags
index 50049cb..185275e 100644
--- a/core/proguard.flags
+++ b/core/proguard.flags
@@ -15,35 +15,24 @@
@**.VisibleForTesting *;
}
-# Understand the @Keep support annotation.
--keep class android.support.annotation.Keep
--keep class androidx.annotation.Keep
+# Understand the common @Keep annotation from various Android packages:
+# * android.support.annotation
+# * androidx.annotation
+# * com.android.internal.annotations
+-keep class **android**.annotation*.Keep
--keep @android.support.annotation.Keep class * {*;}
--keep @androidx.annotation.Keep class * {*;}
+-keep @**android**.annotation*.Keep class * { *; }
-keepclasseswithmembers class * {
- @android.support.annotation.Keep <methods>;
+ @**android**.annotation*.Keep <methods>;
}
-keepclasseswithmembers class * {
- @androidx.annotation.Keep <methods>;
+ @**android**.annotation*.Keep <fields>;
}
-keepclasseswithmembers class * {
- @android.support.annotation.Keep <fields>;
-}
-
--keepclasseswithmembers class * {
- @androidx.annotation.Keep <fields>;
-}
-
--keepclasseswithmembers class * {
- @android.support.annotation.Keep <init>(...);
-}
-
--keepclasseswithmembers class * {
- @androidx.annotation.Keep <init>(...);
+ @**android**.annotation*.Keep <init>(...);
}
-include proguard_basic_keeps.flags
diff --git a/target/product/default_art_config.mk b/target/product/default_art_config.mk
index 1a0fc76..3223002 100644
--- a/target/product/default_art_config.mk
+++ b/target/product/default_art_config.mk
@@ -63,6 +63,7 @@
com.android.scheduling:framework-scheduling \
com.android.sdkext:framework-sdkextensions \
com.android.tethering:framework-connectivity \
+ com.android.tethering:framework-connectivity-tiramisu \
com.android.tethering:framework-tethering \
com.android.wifi:framework-wifi
diff --git a/target/product/gsi/current.txt b/target/product/gsi/current.txt
index 3cad6f1..f9c1f3d 100644
--- a/target/product/gsi/current.txt
+++ b/target/product/gsi/current.txt
@@ -82,6 +82,7 @@
VNDK-core: android.hardware.media@1.0.so
VNDK-core: android.hardware.memtrack-V1-ndk.so
VNDK-core: android.hardware.memtrack@1.0.so
+VNDK-core: android.hardware.nfc-V1-ndk.so
VNDK-core: android.hardware.oemlock-V1-ndk.so
VNDK-core: android.hardware.power-V2-ndk.so
VNDK-core: android.hardware.power.stats-V1-ndk.so
diff --git a/target/product/handheld_system.mk b/target/product/handheld_system.mk
index b7a2d0d..3a59f6c 100644
--- a/target/product/handheld_system.mk
+++ b/target/product/handheld_system.mk
@@ -43,7 +43,6 @@
CameraExtensionsProxy \
CaptivePortalLogin \
CertInstaller \
- clatd \
DocumentsUI \
DownloadProviderUi \
EasterEgg \
diff --git a/tools/BUILD.bazel b/tools/BUILD.bazel
index 75b0de6..3170820 100644
--- a/tools/BUILD.bazel
+++ b/tools/BUILD.bazel
@@ -8,7 +8,7 @@
srcs=["java-event-log-tags.py"],
deps=[":event_log_tags"],
visibility = ["//visibility:public"],
- python_version = "PY2",
+ python_version = "PY3",
)
py_binary(
@@ -16,5 +16,5 @@
srcs=["merge-event-log-tags.py"],
deps=[":event_log_tags"],
visibility = ["//visibility:public"],
- python_version = "PY2",
+ python_version = "PY3",
)
diff --git a/tools/compliance/cmd/listshare_test.go b/tools/compliance/cmd/listshare_test.go
index 2ee249d..71a0be6 100644
--- a/tools/compliance/cmd/listshare_test.go
+++ b/tools/compliance/cmd/listshare_test.go
@@ -357,6 +357,98 @@
roots: []string{"lib/libd.so.meta_lic"},
expectedOut: []projectShare{},
},
+ {
+ condition: "regressgpl1",
+ name: "container",
+ roots: []string{"container.zip.meta_lic"},
+ expectedOut: []projectShare{
+ {
+ project: "bin/threelibraries",
+ conditions: []string{"restricted"},
+ },
+ {
+ project: "container/zip",
+ conditions: []string{"restricted"},
+ },
+ },
+ },
+ {
+ condition: "regressgpl1",
+ name: "containerplus",
+ roots: []string{"container.zip.meta_lic", "lib/libapache.so.meta_lic", "lib/libc++.so.meta_lic"},
+ expectedOut: []projectShare{
+ {
+ project: "bin/threelibraries",
+ conditions: []string{"restricted"},
+ },
+ {
+ project: "container/zip",
+ conditions: []string{"restricted"},
+ },
+ {
+ project: "lib/apache",
+ conditions: []string{"restricted"},
+ },
+ {
+ project: "lib/c++",
+ conditions: []string{"restricted"},
+ },
+ },
+ },
+ {
+ condition: "regressgpl2",
+ name: "container",
+ roots: []string{"container.zip.meta_lic"},
+ expectedOut: []projectShare{
+ {
+ project: "bin/threelibraries",
+ conditions: []string{"restricted"},
+ },
+ {
+ project: "container/zip",
+ conditions: []string{"restricted"},
+ },
+ {
+ project: "lib/apache",
+ conditions: []string{"restricted"},
+ },
+ {
+ project: "lib/c++",
+ conditions: []string{"restricted"},
+ },
+ {
+ project: "lib/gpl",
+ conditions: []string{"restricted"},
+ },
+ },
+ },
+ {
+ condition: "regressgpl2",
+ name: "containerplus",
+ roots: []string{"container.zip.meta_lic", "lib/libapache.so.meta_lic", "lib/libc++.so.meta_lic"},
+ expectedOut: []projectShare{
+ {
+ project: "bin/threelibraries",
+ conditions: []string{"restricted"},
+ },
+ {
+ project: "container/zip",
+ conditions: []string{"restricted"},
+ },
+ {
+ project: "lib/apache",
+ conditions: []string{"restricted"},
+ },
+ {
+ project: "lib/c++",
+ conditions: []string{"restricted"},
+ },
+ {
+ project: "lib/gpl",
+ conditions: []string{"restricted"},
+ },
+ },
+ },
}
for _, tt := range tests {
t.Run(tt.condition+" "+tt.name, func(t *testing.T) {
diff --git a/tools/compliance/cmd/testdata/README.md b/tools/compliance/cmd/testdata/README.md
index 9872c04..07564c2 100644
--- a/tools/compliance/cmd/testdata/README.md
+++ b/tools/compliance/cmd/testdata/README.md
@@ -1,9 +1,12 @@
## Test data
-Each directory under testdata/ defines a similar build graph.
+Each non-regression directory under testdata/ defines a similar build graph.
All have the same structure, but different versions of the graph have different
license metadata.
+The regression* directories can have whatever structure is required for the
+specific test case.
+
### Testdata build graph structure:
The structure is meant to simulate some common scenarios:
@@ -70,6 +73,7 @@
#### a pure aggregation `container.zip` that merely bundles files together
+```dot
strict digraph {
rankdir=LR;
bin1 [label="bin/bin1.meta_lic"];
@@ -89,6 +93,7 @@
container -> libb [label="static"];
{rank=same; container}
}
+```
#### an apex file (more like an apk file) with some binaries and libraries
diff --git a/tools/compliance/cmd/testdata/regressgpl1/README.md b/tools/compliance/cmd/testdata/regressgpl1/README.md
new file mode 100644
index 0000000..6ab872d
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl1/README.md
@@ -0,0 +1,32 @@
+## Shipped versus non-shipped libraries with restricted license
+
+### Testdata build graph structure:
+
+A restricted licensed library sandwiched between a notice library and a notice
+binary. The source-code for the libraries only needs to be shared if shipped
+alongside the container with the binaries.
+
+```dot
+strict digraph {
+ rankdir=LR;
+ bin1 [label="bin/bin1.meta_lic\nnotice"];
+ bin2 [label="bin/bin2.meta_lic\nnotice"];
+ bin3 [label="bin/bin3.meta_lic\nnotice"];
+ container [label="container.zip.meta_lic\nnotice"];
+ libapache [label="lib/libapache.so.meta_lic\nnotice"];
+ libcxx [label="lib/libc++.so.meta_lic\nnotice"];
+ libgpl [label="lib/libgpl.so.meta_lic\nrestricted"];
+ container -> bin1[label="static"];
+ container -> bin2 [label="static"];
+ container -> bin3 [label="static"];
+ bin1 -> libcxx [label="dynamic"];
+ bin2 -> libapache [label="dynamic"];
+ bin2 -> libcxx [label="dynamic"];
+ bin3 -> libapache [label="dynamic"];
+ bin3 -> libcxx [label="dynamic"];
+ bin3 -> libgpl [label="dynamic"];
+ libapache -> libcxx [label="dynamic"];
+ libgpl -> libcxx [label="dynamic"];
+ {rank=same; container}
+}
+```
diff --git a/tools/compliance/cmd/testdata/regressgpl1/bin/bin1.meta_lic b/tools/compliance/cmd/testdata/regressgpl1/bin/bin1.meta_lic
new file mode 100644
index 0000000..4afd240
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl1/bin/bin1.meta_lic
@@ -0,0 +1,14 @@
+package_name: "Android"
+module_classes: "EXECUTABLES"
+projects: "bin/onelibrary"
+license_kinds: "SPDX-license-identifier-Apache-2.0"
+license_conditions: "notice"
+license_texts: "build/soong/licenses/LICENSE"
+is_container: false
+built: "out/target/product/fictional/obj/EXECUTABLES/bin_intermediates/bin1"
+installed: "out/target/product/fictional/system/bin/bin1"
+sources: "out/target/product/fictional/system/lib/libc++.so"
+deps: {
+ file: "testdata/regressgpl1/lib/libc++.so.meta_lic"
+ annotations: "dynamic"
+}
diff --git a/tools/compliance/cmd/testdata/regressgpl1/bin/bin2.meta_lic b/tools/compliance/cmd/testdata/regressgpl1/bin/bin2.meta_lic
new file mode 100644
index 0000000..4e56fa3
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl1/bin/bin2.meta_lic
@@ -0,0 +1,19 @@
+package_name: "Android"
+module_classes: "EXECUTABLES"
+projects: "bin/twolibraries"
+license_kinds: "SPDX-license-identifier-Apache-2.0"
+license_conditions: "notice"
+license_texts: "build/soong/licenses/LICENSE"
+is_container: false
+built: "out/target/product/fictional/obj/EXECUTABLES/bin_intermediates/bin2"
+installed: "out/target/product/fictional/system/bin/bin2"
+sources: "out/target/product/fictional/system/lib/libc++.so"
+sources: "out/target/product/fictional/system/lib/libapache.so"
+deps: {
+ file: "testdata/regressgpl1/lib/libc++.so.meta_lic"
+ annotations: "dynamic"
+}
+deps: {
+ file: "testdata/regressgpl1/lib/libapache.so.meta_lic"
+ annotations: "dynamic"
+}
diff --git a/tools/compliance/cmd/testdata/regressgpl1/bin/bin3.meta_lic b/tools/compliance/cmd/testdata/regressgpl1/bin/bin3.meta_lic
new file mode 100644
index 0000000..16290d3
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl1/bin/bin3.meta_lic
@@ -0,0 +1,23 @@
+package_name: "Compiler"
+module_classes: "EXECUTABLES"
+projects: "bin/threelibraries"
+license_kinds: "SPDX-license-identifier-NCSA"
+license_conditions: "notice"
+is_container: false
+built: "out/target/product/fictional/obj/EXECUTABLES/bin_intermediates/bin3"
+installed: "out/target/product/fictional/system/bin/bin3"
+sources: "out/target/product/fictional/system/lib/libc++.so"
+sources: "out/target/product/fictional/system/lib/libapache.so"
+sources: "out/target/product/fictional/system/lib/libgpl.so"
+deps: {
+ file: "testdata/regressgpl1/lib/libc++.so.meta_lic"
+ annotations: "dynamic"
+}
+deps: {
+ file: "testdata/regressgpl1/lib/libapache.so.meta_lic"
+ annotations: "dynamic"
+}
+deps: {
+ file: "testdata/regressgpl1/lib/libgpl.so.meta_lic"
+ annotations: "dynamic"
+}
diff --git a/tools/compliance/cmd/testdata/regressgpl1/container.zip.meta_lic b/tools/compliance/cmd/testdata/regressgpl1/container.zip.meta_lic
new file mode 100644
index 0000000..295bcdb
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl1/container.zip.meta_lic
@@ -0,0 +1,32 @@
+package_name: "Android"
+projects: "container/zip"
+license_kinds: "SPDX-license-identifier-Apache-2.0"
+license_conditions: "notice"
+license_texts: "build/soong/licenses/LICENSE"
+is_container: true
+built: "out/target/product/fictional/obj/ETC/container_intermediates/container.zip"
+installed: "out/target/product/fictional/data/container.zip"
+install_map {
+ from_path: "out/target/product/fictional/system/lib/"
+ container_path: ""
+}
+install_map {
+ from_path: "out/target/product/fictional/system/bin/"
+ container_path: ""
+}
+sources: "out/target/product/fictional/system/bin/bin1"
+sources: "out/target/product/fictional/system/bin/bin2"
+sources: "out/target/product/fictional/system/bin/bin3"
+sources: "out/target/product/fictional/system/lib/libapache.so"
+deps: {
+ file: "testdata/regressgpl1/bin/bin1.meta_lic"
+ annotations: "static"
+}
+deps: {
+ file: "testdata/regressgpl1/bin/bin2.meta_lic"
+ annotations: "static"
+}
+deps: {
+ file: "testdata/regressgpl1/bin/bin3.meta_lic"
+ annotations: "static"
+}
diff --git a/tools/compliance/cmd/testdata/regressgpl1/lib/libapache.so.meta_lic b/tools/compliance/cmd/testdata/regressgpl1/lib/libapache.so.meta_lic
new file mode 100644
index 0000000..9184501
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl1/lib/libapache.so.meta_lic
@@ -0,0 +1,14 @@
+package_name: "Android"
+projects: "lib/apache"
+license_kinds: "SPDX-license-identifier-Apache-2.0"
+license_conditions: "notice"
+license_texts: "build/soong/licenses/LICENSE"
+is_container: false
+built: "out/target/product/fictional/obj/SHARED_LIBRARIES/lib_intermediates/libapache.so"
+built: "out/target/product/fictional/obj/SHARED_LIBRARIES/lib_intermediates/libapache.a"
+installed: "out/target/product/fictional/system/lib/libapache.so"
+sources: "out/target/product/fictional/system/lib/libc++.so"
+deps: {
+ file: "testdata/regressgpl1/lib/libc++.so.meta_lic"
+ annotations: "dynamic"
+}
diff --git a/tools/compliance/cmd/testdata/regressgpl1/lib/libc++.so.meta_lic b/tools/compliance/cmd/testdata/regressgpl1/lib/libc++.so.meta_lic
new file mode 100644
index 0000000..b789377
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl1/lib/libc++.so.meta_lic
@@ -0,0 +1,8 @@
+package_name: "Device"
+projects: "lib/c++"
+license_kinds: "SPDX-license-identifier-BSD"
+license_conditions: "notice"
+is_container: false
+built: "out/target/product/fictional/obj/SHARED_LIBRARIES/lib_intermediates/libc++.so"
+built: "out/target/product/fictional/obj/SHARED_LIBRARIES/lib_intermediates/libc++.a"
+installed: "out/target/product/fictional/system/lib/libc++.so"
diff --git a/tools/compliance/cmd/testdata/regressgpl1/lib/libgpl.so.meta_lic b/tools/compliance/cmd/testdata/regressgpl1/lib/libgpl.so.meta_lic
new file mode 100644
index 0000000..a3afa2b
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl1/lib/libgpl.so.meta_lic
@@ -0,0 +1,12 @@
+package_name: "External"
+projects: "lib/gpl"
+license_kinds: "SPDX-license-identifier-GPL-2.0"
+license_conditions: "restricted"
+is_container: false
+built: "out/target/product/fictional/obj/SHARED_LIBRARIES/lib_intermediates/libgpl.so"
+installed: "out/target/product/fictional/system/lib/libgpl.so"
+sources: "out/target/product/fictional/system/lib/libc++.so"
+deps: {
+ file: "testdata/regressgpl1/lib/libc++.so.meta_lic"
+ annotations: "dynamic"
+}
diff --git a/tools/compliance/cmd/testdata/regressgpl2/README.md b/tools/compliance/cmd/testdata/regressgpl2/README.md
new file mode 100644
index 0000000..9da0f4d
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl2/README.md
@@ -0,0 +1,35 @@
+## Libraries shipped inside container with restricted license
+
+### Testdata build graph structure:
+
+A restricted licensed library sandwiched between a notice library and a notice
+binary. The source-code for the libraries needs to be shared when shipped as
+part of the container with the binaries.
+
+```dot
+strict digraph {
+ rankdir=LR;
+ bin1 [label="bin/bin1.meta_lic\nnotice"];
+ bin2 [label="bin/bin2.meta_lic\nnotice"];
+ bin3 [label="bin/bin3.meta_lic\nnotice"];
+ container [label="container.zip.meta_lic\nnotice"];
+ libapache [label="lib/libapache.so.meta_lic\nnotice"];
+ libcxx [label="lib/libc++.so.meta_lic\nnotice"];
+ libgpl [label="lib/libgpl.so.meta_lic\nrestricted"];
+ container -> bin1[label="static"];
+ container -> bin2 [label="static"];
+ container -> bin3 [label="static"];
+ container -> libapache [label="static"];
+ container -> libcxx [label="static"];
+ container -> libgpl [label="static"];
+ bin1 -> libcxx [label="dynamic"];
+ bin2 -> libapache [label="dynamic"];
+ bin2 -> libcxx [label="dynamic"];
+ bin3 -> libapache [label="dynamic"];
+ bin3 -> libcxx [label="dynamic"];
+ bin3 -> libgpl [label="dynamic"];
+ libapache -> libcxx [label="dynamic"];
+ libgpl -> libcxx [label="dynamic"];
+ {rank=same; container}
+}
+```
diff --git a/tools/compliance/cmd/testdata/regressgpl2/bin/bin1.meta_lic b/tools/compliance/cmd/testdata/regressgpl2/bin/bin1.meta_lic
new file mode 100644
index 0000000..839fd9c
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl2/bin/bin1.meta_lic
@@ -0,0 +1,14 @@
+package_name: "Android"
+module_classes: "EXECUTABLES"
+projects: "bin/onelibrary"
+license_kinds: "SPDX-license-identifier-Apache-2.0"
+license_conditions: "notice"
+license_texts: "build/soong/licenses/LICENSE"
+is_container: false
+built: "out/target/product/fictional/obj/EXECUTABLES/bin_intermediates/bin1"
+installed: "out/target/product/fictional/system/bin/bin1"
+sources: "out/target/product/fictional/system/lib/libc++.so"
+deps: {
+ file: "testdata/regressgpl2/lib/libc++.so.meta_lic"
+ annotations: "dynamic"
+}
diff --git a/tools/compliance/cmd/testdata/regressgpl2/bin/bin2.meta_lic b/tools/compliance/cmd/testdata/regressgpl2/bin/bin2.meta_lic
new file mode 100644
index 0000000..96baaae
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl2/bin/bin2.meta_lic
@@ -0,0 +1,19 @@
+package_name: "Android"
+module_classes: "EXECUTABLES"
+projects: "bin/twolibraries"
+license_kinds: "SPDX-license-identifier-Apache-2.0"
+license_conditions: "notice"
+license_texts: "build/soong/licenses/LICENSE"
+is_container: false
+built: "out/target/product/fictional/obj/EXECUTABLES/bin_intermediates/bin2"
+installed: "out/target/product/fictional/system/bin/bin2"
+sources: "out/target/product/fictional/system/lib/libc++.so"
+sources: "out/target/product/fictional/system/lib/libapache.so"
+deps: {
+ file: "testdata/regressgpl2/lib/libc++.so.meta_lic"
+ annotations: "dynamic"
+}
+deps: {
+ file: "testdata/regressgpl2/lib/libapache.so.meta_lic"
+ annotations: "dynamic"
+}
diff --git a/tools/compliance/cmd/testdata/regressgpl2/bin/bin3.meta_lic b/tools/compliance/cmd/testdata/regressgpl2/bin/bin3.meta_lic
new file mode 100644
index 0000000..3cd8602
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl2/bin/bin3.meta_lic
@@ -0,0 +1,23 @@
+package_name: "Compiler"
+module_classes: "EXECUTABLES"
+projects: "bin/threelibraries"
+license_kinds: "SPDX-license-identifier-NCSA"
+license_conditions: "notice"
+is_container: false
+built: "out/target/product/fictional/obj/EXECUTABLES/bin_intermediates/bin3"
+installed: "out/target/product/fictional/system/bin/bin3"
+sources: "out/target/product/fictional/system/lib/libc++.so"
+sources: "out/target/product/fictional/system/lib/libapache.so"
+sources: "out/target/product/fictional/system/lib/libgpl.so"
+deps: {
+ file: "testdata/regressgpl2/lib/libc++.so.meta_lic"
+ annotations: "dynamic"
+}
+deps: {
+ file: "testdata/regressgpl2/lib/libapache.so.meta_lic"
+ annotations: "dynamic"
+}
+deps: {
+ file: "testdata/regressgpl2/lib/libgpl.so.meta_lic"
+ annotations: "dynamic"
+}
diff --git a/tools/compliance/cmd/testdata/regressgpl2/container.zip.meta_lic b/tools/compliance/cmd/testdata/regressgpl2/container.zip.meta_lic
new file mode 100644
index 0000000..71b68cd
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl2/container.zip.meta_lic
@@ -0,0 +1,44 @@
+package_name: "Android"
+projects: "container/zip"
+license_kinds: "SPDX-license-identifier-Apache-2.0"
+license_conditions: "notice"
+license_texts: "build/soong/licenses/LICENSE"
+is_container: true
+built: "out/target/product/fictional/obj/ETC/container_intermediates/container.zip"
+installed: "out/target/product/fictional/data/container.zip"
+install_map {
+ from_path: "out/target/product/fictional/system/lib/"
+ container_path: ""
+}
+install_map {
+ from_path: "out/target/product/fictional/system/bin/"
+ container_path: ""
+}
+sources: "out/target/product/fictional/system/bin/bin1"
+sources: "out/target/product/fictional/system/bin/bin2"
+sources: "out/target/product/fictional/system/bin/bin3"
+sources: "out/target/product/fictional/system/lib/libapache.so"
+deps: {
+ file: "testdata/regressgpl2/bin/bin1.meta_lic"
+ annotations: "static"
+}
+deps: {
+ file: "testdata/regressgpl2/bin/bin2.meta_lic"
+ annotations: "static"
+}
+deps: {
+ file: "testdata/regressgpl2/bin/bin3.meta_lic"
+ annotations: "static"
+}
+deps: {
+ file: "testdata/regressgpl2/lib/libapache.so.meta_lic"
+ annotations: "static"
+}
+deps: {
+ file: "testdata/regressgpl2/lib/libc++.so.meta_lic"
+ annotations: "static"
+}
+deps: {
+ file: "testdata/regressgpl2/lib/libgpl.so.meta_lic"
+ annotations: "static"
+}
diff --git a/tools/compliance/cmd/testdata/regressgpl2/lib/libapache.so.meta_lic b/tools/compliance/cmd/testdata/regressgpl2/lib/libapache.so.meta_lic
new file mode 100644
index 0000000..ae47340
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl2/lib/libapache.so.meta_lic
@@ -0,0 +1,14 @@
+package_name: "Android"
+projects: "lib/apache"
+license_kinds: "SPDX-license-identifier-Apache-2.0"
+license_conditions: "notice"
+license_texts: "build/soong/licenses/LICENSE"
+is_container: false
+built: "out/target/product/fictional/obj/SHARED_LIBRARIES/lib_intermediates/libapache.so"
+built: "out/target/product/fictional/obj/SHARED_LIBRARIES/lib_intermediates/libapache.a"
+installed: "out/target/product/fictional/system/lib/libapache.so"
+sources: "out/target/product/fictional/system/lib/libc++.so"
+deps: {
+ file: "testdata/regressgpl2/lib/libc++.so.meta_lic"
+ annotations: "dynamic"
+}
diff --git a/tools/compliance/cmd/testdata/regressgpl2/lib/libc++.so.meta_lic b/tools/compliance/cmd/testdata/regressgpl2/lib/libc++.so.meta_lic
new file mode 100644
index 0000000..b789377
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl2/lib/libc++.so.meta_lic
@@ -0,0 +1,8 @@
+package_name: "Device"
+projects: "lib/c++"
+license_kinds: "SPDX-license-identifier-BSD"
+license_conditions: "notice"
+is_container: false
+built: "out/target/product/fictional/obj/SHARED_LIBRARIES/lib_intermediates/libc++.so"
+built: "out/target/product/fictional/obj/SHARED_LIBRARIES/lib_intermediates/libc++.a"
+installed: "out/target/product/fictional/system/lib/libc++.so"
diff --git a/tools/compliance/cmd/testdata/regressgpl2/lib/libgpl.so.meta_lic b/tools/compliance/cmd/testdata/regressgpl2/lib/libgpl.so.meta_lic
new file mode 100644
index 0000000..4e78697
--- /dev/null
+++ b/tools/compliance/cmd/testdata/regressgpl2/lib/libgpl.so.meta_lic
@@ -0,0 +1,12 @@
+package_name: "External"
+projects: "lib/gpl"
+license_kinds: "SPDX-license-identifier-GPL-2.0"
+license_conditions: "restricted"
+is_container: false
+built: "out/target/product/fictional/obj/SHARED_LIBRARIES/lib_intermediates/libgpl.so"
+installed: "out/target/product/fictional/system/lib/libgpl.so"
+sources: "out/target/product/fictional/system/lib/libc++.so"
+deps: {
+ file: "testdata/regressgpl2/lib/libc++.so.meta_lic"
+ annotations: "dynamic"
+}
diff --git a/tools/event_log_tags.py b/tools/event_log_tags.py
index 35b2de0..a6ae9f1 100644
--- a/tools/event_log_tags.py
+++ b/tools/event_log_tags.py
@@ -55,12 +55,13 @@
if file_object is None:
try:
file_object = open(filename, "rb")
- except (IOError, OSError), e:
+ except (IOError, OSError) as e:
self.AddError(str(e))
return
try:
for self.linenum, line in enumerate(file_object):
+ line = line.decode('utf-8')
self.linenum += 1
line = re.sub('#.*$', '', line) # strip trailing comments
line = line.strip()
@@ -100,7 +101,7 @@
self.tags.append(Tag(tag, tagname, description,
self.filename, self.linenum))
- except (IOError, OSError), e:
+ except (IOError, OSError) as e:
self.AddError(str(e))
@@ -128,8 +129,8 @@
output_file = "<stdout>"
else:
out = open(output_file, "wb")
- out.write(data)
+ out.write(str.encode(data))
out.close()
- except (IOError, OSError), e:
- print >> sys.stderr, "failed to write %s: %s" % (output_file, e)
+ except (IOError, OSError) as e:
+ print("failed to write %s: %s" % (output_file, e), file=sys.stderr)
sys.exit(1)
diff --git a/tools/java-event-log-tags.py b/tools/java-event-log-tags.py
index 37cd712..4bd6d2b 100755
--- a/tools/java-event-log-tags.py
+++ b/tools/java-event-log-tags.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
#
# Copyright (C) 2009 The Android Open Source Project
#
@@ -23,7 +23,7 @@
-h to display this usage message and exit.
"""
-import cStringIO
+from io import StringIO
import getopt
import os
import os.path
@@ -36,24 +36,24 @@
try:
opts, args = getopt.getopt(sys.argv[1:], "ho:")
-except getopt.GetoptError, err:
- print str(err)
- print __doc__
+except getopt.GetoptError as err:
+ print(str(err))
+ print(__doc__)
sys.exit(2)
for o, a in opts:
if o == "-h":
- print __doc__
+ print(__doc__)
sys.exit(2)
elif o == "-o":
output_file = a
else:
- print >> sys.stderr, "unhandled option %s" % (o,)
+ print("unhandled option %s" % (o,), file=sys.stderr)
sys.exit(1)
if len(args) != 1 and len(args) != 2:
- print "need one or two input files, not %d" % (len(args),)
- print __doc__
+ print("need one or two input files, not %d" % (len(args),))
+ print(__doc__)
sys.exit(1)
fn = args[0]
@@ -92,10 +92,10 @@
if tagfile.errors:
for fn, ln, msg in tagfile.errors:
- print >> sys.stderr, "%s:%d: error: %s" % (fn, ln, msg)
+ print("%s:%d: error: %s" % (fn, ln, msg), file=sys.stderr)
sys.exit(1)
-buffer = cStringIO.StringIO()
+buffer = StringIO()
buffer.write("/* This file is auto-generated. DO NOT MODIFY.\n"
" * Source file: %s\n"
" */\n\n" % (fn,))
diff --git a/tools/merge-event-log-tags.py b/tools/merge-event-log-tags.py
index 64bad3f..292604c 100755
--- a/tools/merge-event-log-tags.py
+++ b/tools/merge-event-log-tags.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
#
# Copyright (C) 2009 The Android Open Source Project
#
@@ -24,7 +24,7 @@
-h to display this usage message and exit.
"""
-import cStringIO
+from io import StringIO
import getopt
try:
import hashlib
@@ -48,21 +48,21 @@
try:
opts, args = getopt.getopt(sys.argv[1:], "ho:m:")
-except getopt.GetoptError, err:
- print str(err)
- print __doc__
+except getopt.GetoptError as err:
+ print(str(err))
+ print(__doc__)
sys.exit(2)
for o, a in opts:
if o == "-h":
- print __doc__
+ print(__doc__)
sys.exit(2)
elif o == "-o":
output_file = a
elif o == "-m":
pre_merged_file = a
else:
- print >> sys.stderr, "unhandled option %s" % (o,)
+ print("unhandled option %s" % (o,), file=sys.stderr)
sys.exit(1)
# Restrictions on tags:
@@ -133,12 +133,12 @@
if errors:
for fn, ln, msg in errors:
- print >> sys.stderr, "%s:%d: error: %s" % (fn, ln, msg)
+ print("%s:%d: error: %s" % (fn, ln, msg), file=sys.stderr)
sys.exit(1)
if warnings:
for fn, ln, msg in warnings:
- print >> sys.stderr, "%s:%d: warning: %s" % (fn, ln, msg)
+ print("%s:%d: warning: %s" % (fn, ln, msg), file=sys.stderr)
# Python's hash function (a) isn't great and (b) varies between
# versions of python. Using md5 is overkill here but is the same from
@@ -154,14 +154,14 @@
# If we were provided pre-merged tags (w/ the -m option), then don't
# ever try to allocate one, just fail if we don't have a number
-for name, t in sorted(by_tagname.iteritems()):
+for name, t in sorted(by_tagname.items()):
if t.tagnum is None:
if pre_merged_tags:
try:
t.tagnum = pre_merged_tags[t.tagname]
except KeyError:
- print >> sys.stderr, ("Error: Tag number not defined for tag `%s'."
- +" Have you done a full build?") % t.tagname
+ print("Error: Tag number not defined for tag `%s'. Have you done a full build?" % t.tagname,
+ file=sys.stderr)
sys.exit(1)
else:
while True:
@@ -174,8 +174,8 @@
# by_tagnum should be complete now; we've assigned numbers to all tags.
-buffer = cStringIO.StringIO()
-for n, t in sorted(by_tagnum.iteritems()):
+buffer = StringIO()
+for n, t in sorted(by_tagnum.items()):
if t.description:
buffer.write("%d %s %s\n" % (t.tagnum, t.tagname, t.description))
else:
diff --git a/tools/releasetools/Android.bp b/tools/releasetools/Android.bp
index f3123b2..7b2c290 100644
--- a/tools/releasetools/Android.bp
+++ b/tools/releasetools/Android.bp
@@ -162,6 +162,7 @@
required: [
"brillo_update_payload",
"checkvintf",
+ "generate_gki_certificate",
"minigzip",
"lz4",
"toybox",
@@ -236,6 +237,7 @@
"boot_signer",
"brotli",
"bsdiff",
+ "generate_gki_certificate",
"imgdiff",
"minigzip",
"lz4",
@@ -301,6 +303,7 @@
"brotli",
"bsdiff",
"deapexer",
+ "generate_gki_certificate",
"imgdiff",
"minigzip",
"lz4",
diff --git a/tools/releasetools/check_target_files_signatures.py b/tools/releasetools/check_target_files_signatures.py
index 6e02e4d..0f56fb9 100755
--- a/tools/releasetools/check_target_files_signatures.py
+++ b/tools/releasetools/check_target_files_signatures.py
@@ -65,10 +65,13 @@
# extra field anyway).
# Issue #14315: https://bugs.python.org/issue14315, fixed in Python 2.7.8 and
# Python 3.5.0 alpha 1.
+
+
class MyZipInfo(zipfile.ZipInfo):
def _decodeExtra(self):
pass
+
zipfile.ZipInfo = MyZipInfo
@@ -83,6 +86,7 @@
def AddProblem(msg):
+ logger.error(msg)
PROBLEMS.append(" ".join(PROBLEM_PREFIX) + " " + msg)
@@ -204,7 +208,7 @@
for info in apk.infolist():
filename = info.filename
if (filename.startswith("META-INF/") and
- info.filename.endswith((".DSA", ".RSA"))):
+ info.filename.endswith((".DSA", ".RSA"))):
pkcs7 = apk.read(filename)
cert = CertFromPKCS7(pkcs7, filename)
if not cert:
@@ -266,7 +270,7 @@
stdout=subprocess.PIPE)
manifest, err = p.communicate()
if err:
- AddProblem("failed to read manifest")
+ AddProblem("failed to read manifest " + full_filename)
return
self.shared_uid = None
@@ -279,15 +283,15 @@
name = m.group(1)
if name == "android:sharedUserId":
if self.shared_uid is not None:
- AddProblem("multiple sharedUserId declarations")
+ AddProblem("multiple sharedUserId declarations " + full_filename)
self.shared_uid = m.group(2)
elif name == "package":
if self.package is not None:
- AddProblem("multiple package declarations")
+ AddProblem("multiple package declarations " + full_filename)
self.package = m.group(2)
if self.package is None:
- AddProblem("no package declaration")
+ AddProblem("no package declaration " + full_filename)
class TargetFiles(object):
@@ -400,7 +404,12 @@
for _, digest in order:
print("%s:" % (ALL_CERTS.Get(digest),))
apks = by_digest[digest]
- apks.sort()
+ apks.sort(key=lambda x: x[0])
+ for i in range(1, len(apks)):
+ pkgname, apk = apks[i]
+ if pkgname == apks[i-1][0]:
+ print("Both {} and {} have same package name {}".format(
+ apk.filename, apks[i-1][1].filename, pkgname))
for _, apk in apks:
if apk.shared_uid:
print(" %-*s %-*s [%s]" % (self.max_fn_len, apk.filename,
@@ -527,8 +536,5 @@
try:
r = main(sys.argv[1:])
sys.exit(r)
- except common.ExternalError as e:
- print("\n ERROR: %s\n" % (e,))
- sys.exit(1)
finally:
common.Cleanup()
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 30dcf5b..e5c68bc 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -1396,34 +1396,52 @@
return "{}:{}:{}".format(partition, rollback_index_location, pubkey_path)
-def AppendGkiSigningArgs(cmd):
- """Append GKI signing arguments for mkbootimg."""
- # e.g., --gki_signing_key path/to/signing_key
- # --gki_signing_algorithm SHA256_RSA4096"
+def _HasGkiCertificationArgs():
+ return ("gki_signing_key_path" in OPTIONS.info_dict and
+ "gki_signing_algorithm" in OPTIONS.info_dict)
+
+def _GenerateGkiCertificate(image, image_name, partition_name):
key_path = OPTIONS.info_dict.get("gki_signing_key_path")
- # It's fine that a non-GKI boot.img has no gki_signing_key_path.
- if not key_path:
- return
+ algorithm = OPTIONS.info_dict.get("gki_signing_algorithm")
if not os.path.exists(key_path) and OPTIONS.search_path:
new_key_path = os.path.join(OPTIONS.search_path, key_path)
if os.path.exists(new_key_path):
key_path = new_key_path
- # Checks key_path exists, before appending --gki_signing_* args.
+ # Checks key_path exists, before processing --gki_signing_* args.
if not os.path.exists(key_path):
raise ExternalError(
'gki_signing_key_path: "{}" not found'.format(key_path))
- algorithm = OPTIONS.info_dict.get("gki_signing_algorithm")
- if key_path and algorithm:
- cmd.extend(["--gki_signing_key", key_path,
- "--gki_signing_algorithm", algorithm])
+ output_certificate = tempfile.NamedTemporaryFile()
+ cmd = [
+ "generate_gki_certificate",
+ "--name", image_name,
+ "--algorithm", algorithm,
+ "--key", key_path,
+ "--output", output_certificate.name,
+ image,
+ ]
- signature_args = OPTIONS.info_dict.get("gki_signing_signature_args")
- if signature_args:
- cmd.extend(["--gki_signing_signature_args", signature_args])
+ signature_args = OPTIONS.info_dict.get("gki_signing_signature_args", "")
+ signature_args = signature_args.strip()
+ if signature_args:
+ cmd.extend(["--additional_avb_args", signature_args])
+
+ args = OPTIONS.info_dict.get(
+ "avb_" + partition_name + "_add_hash_footer_args", "")
+ args = args.strip()
+ if args:
+ cmd.extend(["--additional_avb_args", args])
+
+ RunAndCheckOutput(cmd)
+
+ output_certificate.seek(os.SEEK_SET, 0)
+ data = output_certificate.read()
+ output_certificate.close()
+ return data
def BuildVBMeta(image_path, partitions, name, needed_partitions):
@@ -1549,6 +1567,8 @@
if kernel and not os.access(os.path.join(sourcedir, kernel), os.F_OK):
return None
+ kernel_path = os.path.join(sourcedir, kernel) if kernel else None
+
if has_ramdisk and not os.access(os.path.join(sourcedir, "RAMDISK"), os.F_OK):
return None
@@ -1563,8 +1583,8 @@
mkbootimg = os.getenv('MKBOOTIMG') or "mkbootimg"
cmd = [mkbootimg]
- if kernel:
- cmd += ["--kernel", os.path.join(sourcedir, kernel)]
+ if kernel_path is not None:
+ cmd.extend(["--kernel", kernel_path])
fn = os.path.join(sourcedir, "second")
if os.access(fn, os.F_OK):
@@ -1604,15 +1624,31 @@
if args and args.strip():
cmd.extend(shlex.split(args))
- args = info_dict.get("mkbootimg_version_args")
- if args and args.strip():
- cmd.extend(shlex.split(args))
+ boot_signature = None
+ if _HasGkiCertificationArgs():
+ # Certify GKI images.
+ boot_signature_bytes = b''
+ if kernel_path is not None:
+ boot_signature_bytes += _GenerateGkiCertificate(
+ kernel_path, "generic_kernel", "boot")
+ if has_ramdisk:
+ boot_signature_bytes += _GenerateGkiCertificate(
+ ramdisk_img.name, "generic_ramdisk", "init_boot")
+
+ if len(boot_signature_bytes) > 0:
+ boot_signature = tempfile.NamedTemporaryFile()
+ boot_signature.write(boot_signature_bytes)
+ boot_signature.flush()
+ cmd.extend(["--boot_signature", boot_signature.name])
+ else:
+ # Certified GKI boot/init_boot image mustn't set 'mkbootimg_version_args'.
+ args = info_dict.get("mkbootimg_version_args")
+ if args and args.strip():
+ cmd.extend(shlex.split(args))
if has_ramdisk:
cmd.extend(["--ramdisk", ramdisk_img.name])
- AppendGkiSigningArgs(cmd)
-
img_unsigned = None
if info_dict.get("vboot"):
img_unsigned = tempfile.NamedTemporaryFile()
@@ -1690,6 +1726,9 @@
ramdisk_img.close()
img.close()
+ if boot_signature is not None:
+ boot_signature.close()
+
return data
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index 58f0e85..9b9422c 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -233,6 +233,10 @@
--enable_zucchini
Whether to enable to zucchini feature. Will generate smaller OTA but uses more memory.
+
+ --enable_lz4diff
+ Whether to enable lz4diff feature. Will generate smaller OTA for EROFS but
+ uses more memory.
"""
from __future__ import print_function
@@ -302,7 +306,8 @@
OPTIONS.enable_vabc_xor = True
OPTIONS.force_minor_version = None
OPTIONS.compressor_types = None
-OPTIONS.enable_zucchini = None
+OPTIONS.enable_zucchini = True
+OPTIONS.enable_lz4diff = False
POSTINSTALL_CONFIG = 'META/postinstall_config.txt'
DYNAMIC_PARTITION_INFO = 'META/dynamic_partitions_info.txt'
@@ -1145,13 +1150,31 @@
partition_timestamps_flags = GeneratePartitionTimestampFlags(
metadata.postcondition.partition_state)
- # Auto-check for compatibility only if --enable_zucchini omitted. Otherwise
- # let user override zucchini settings. This is useful for testing.
- if OPTIONS.enable_zucchini is None:
- if not ota_utils.IsZucchiniCompatible(source_file, target_file):
- additional_args += ["--enable_zucchini", "false"]
- else:
- additional_args += ["--enable_zucchini", str(OPTIONS.enable_zucchini).lower()]
+ if not ota_utils.IsZucchiniCompatible(source_file, target_file):
+ OPTIONS.enable_zucchini = False
+
+ additional_args += ["--enable_zucchini",
+ str(OPTIONS.enable_zucchini).lower()]
+
+ if not ota_utils.IsLz4diffCompatible(source_file, target_file):
+ logger.warn(
+ "Source build doesn't support lz4diff, or source/target don't have compatible lz4diff versions. Disabling lz4diff.")
+ OPTIONS.enable_lz4diff = False
+
+ additional_args += ["--enable_lz4diff",
+ str(OPTIONS.enable_lz4diff).lower()]
+
+ if source_file and OPTIONS.enable_lz4diff:
+ input_tmp = common.UnzipTemp(source_file, ["META/liblz4.so"])
+ liblz4_path = os.path.join(input_tmp, "META", "liblz4.so")
+ assert os.path.exists(
+ liblz4_path), "liblz4.so not found in META/ dir of target file {}".format(liblz4_path)
+ logger.info("Enabling lz4diff %s", liblz4_path)
+ additional_args += ["--liblz4_path", liblz4_path]
+ erofs_compression_param = OPTIONS.target_info_dict.get(
+ "erofs_default_compressor")
+ assert erofs_compression_param is not None, "'erofs_default_compressor' not found in META/misc_info.txt of target build. This is required to enable lz4diff."
+ additional_args += ["--erofs_compression_param", erofs_compression_param]
if OPTIONS.disable_vabc:
additional_args += ["--disable_vabc", "true"]
@@ -1333,13 +1356,18 @@
elif o == "--vabc_downgrade":
OPTIONS.vabc_downgrade = True
elif o == "--enable_vabc_xor":
+ assert a.lower() in ["true", "false"]
OPTIONS.enable_vabc_xor = a.lower() != "false"
elif o == "--force_minor_version":
OPTIONS.force_minor_version = a
elif o == "--compressor_types":
OPTIONS.compressor_types = a
elif o == "--enable_zucchini":
+ assert a.lower() in ["true", "false"]
OPTIONS.enable_zucchini = a.lower() != "false"
+ elif o == "--enable_lz4diff":
+ assert a.lower() in ["true", "false"]
+ OPTIONS.enable_lz4diff = a.lower() != "false"
else:
return False
return True
@@ -1388,6 +1416,7 @@
"force_minor_version=",
"compressor_types=",
"enable_zucchin=",
+ "enable_lz4diff=",
], extra_option_handler=option_handler)
if len(args) != 2:
diff --git a/tools/releasetools/ota_utils.py b/tools/releasetools/ota_utils.py
index a4ec9e2..6896f83 100644
--- a/tools/releasetools/ota_utils.py
+++ b/tools/releasetools/ota_utils.py
@@ -640,6 +640,28 @@
return target_apex_proto.SerializeToString()
+def IsLz4diffCompatible(source_file: str, target_file: str):
+ """Check whether lz4diff versions in two builds are compatible
+
+ Args:
+ source_file: Path to source build's target_file.zip
+ target_file: Path to target build's target_file.zip
+
+ Returns:
+ bool true if and only if lz4diff versions are compatible
+ """
+ if source_file is None or target_file is None:
+ return False
+ # Right now we enable lz4diff as long as source build has liblz4.so.
+ # In the future we might introduce version system to lz4diff as well.
+ if zipfile.is_zipfile(source_file):
+ with zipfile.ZipFile(source_file, "r") as zfp:
+ return "META/liblz4.so" in zfp.namelist()
+ else:
+ assert os.path.isdir(source_file)
+ return os.path.exists(os.path.join(source_file, "META", "liblz4.so"))
+
+
def IsZucchiniCompatible(source_file: str, target_file: str):
"""Check whether zucchini versions in two builds are compatible
diff --git a/tools/releasetools/test_common.py b/tools/releasetools/test_common.py
index e42d417..7dd365f 100644
--- a/tools/releasetools/test_common.py
+++ b/tools/releasetools/test_common.py
@@ -1631,66 +1631,7 @@
self.assertEqual('3', chained_partition_args[1])
self.assertTrue(os.path.exists(chained_partition_args[2]))
- @test_utils.SkipIfExternalToolsUnavailable()
- def test_AppendGkiSigningArgs_NoSigningKeyPath(self):
- # A non-GKI boot.img has no gki_signing_key_path.
- common.OPTIONS.info_dict = {
- # 'gki_signing_key_path': pubkey,
- 'gki_signing_algorithm': 'SHA256_RSA4096',
- 'gki_signing_signature_args': '--prop foo:bar',
- }
-
- # Tests no --gki_signing_* args are appended if there is no
- # gki_signing_key_path.
- cmd = ['mkbootimg', '--header_version', '4']
- expected_cmd = ['mkbootimg', '--header_version', '4']
- common.AppendGkiSigningArgs(cmd)
- self.assertEqual(cmd, expected_cmd)
-
- def test_AppendGkiSigningArgs_NoSigningAlgorithm(self):
- pubkey = os.path.join(self.testdata_dir, 'testkey_gki.pem')
- with open(pubkey, 'wb') as f:
- f.write(b'\x00' * 100)
- self.assertTrue(os.path.exists(pubkey))
-
- # Tests no --gki_signing_* args are appended if there is no
- # gki_signing_algorithm.
- common.OPTIONS.info_dict = {
- 'gki_signing_key_path': pubkey,
- # 'gki_signing_algorithm': 'SHA256_RSA4096',
- 'gki_signing_signature_args': '--prop foo:bar',
- }
-
- cmd = ['mkbootimg', '--header_version', '4']
- expected_cmd = ['mkbootimg', '--header_version', '4']
- common.AppendGkiSigningArgs(cmd)
- self.assertEqual(cmd, expected_cmd)
-
- @test_utils.SkipIfExternalToolsUnavailable()
- def test_AppendGkiSigningArgs(self):
- pubkey = os.path.join(self.testdata_dir, 'testkey_gki.pem')
- with open(pubkey, 'wb') as f:
- f.write(b'\x00' * 100)
- self.assertTrue(os.path.exists(pubkey))
-
- common.OPTIONS.info_dict = {
- 'gki_signing_key_path': pubkey,
- 'gki_signing_algorithm': 'SHA256_RSA4096',
- 'gki_signing_signature_args': '--prop foo:bar',
- }
- cmd = ['mkbootimg', '--header_version', '4']
- common.AppendGkiSigningArgs(cmd)
-
- expected_cmd = [
- 'mkbootimg', '--header_version', '4',
- '--gki_signing_key', pubkey,
- '--gki_signing_algorithm', 'SHA256_RSA4096',
- '--gki_signing_signature_args', '--prop foo:bar'
- ]
- self.assertEqual(cmd, expected_cmd)
-
- @test_utils.SkipIfExternalToolsUnavailable()
- def test_AppendGkiSigningArgs_KeyPathNotFound(self):
+ def test_GenerateGkiCertificate_KeyPathNotFound(self):
pubkey = os.path.join(self.testdata_dir, 'no_testkey_gki.pem')
self.assertFalse(os.path.exists(pubkey))
@@ -1699,41 +1640,11 @@
'gki_signing_algorithm': 'SHA256_RSA4096',
'gki_signing_signature_args': '--prop foo:bar',
}
- cmd = ['mkbootimg', '--header_version', '4']
- self.assertRaises(common.ExternalError, common.AppendGkiSigningArgs, cmd)
+ test_file = tempfile.NamedTemporaryFile()
+ self.assertRaises(common.ExternalError, common._GenerateGkiCertificate,
+ test_file.name, 'generic_kernel', 'boot')
- @test_utils.SkipIfExternalToolsUnavailable()
- def test_AppendGkiSigningArgs_SearchKeyPath(self):
- pubkey = 'testkey_gki.pem'
- self.assertFalse(os.path.exists(pubkey))
-
- # Tests it should replace the pubkey with an existed key under
- # OPTIONS.search_path, i.e., os.path.join(OPTIONS.search_path, pubkey).
- search_path_dir = common.MakeTempDir()
- search_pubkey = os.path.join(search_path_dir, pubkey)
- with open(search_pubkey, 'wb') as f:
- f.write(b'\x00' * 100)
- self.assertTrue(os.path.exists(search_pubkey))
-
- common.OPTIONS.search_path = search_path_dir
- common.OPTIONS.info_dict = {
- 'gki_signing_key_path': pubkey,
- 'gki_signing_algorithm': 'SHA256_RSA4096',
- 'gki_signing_signature_args': '--prop foo:bar',
- }
- cmd = ['mkbootimg', '--header_version', '4']
- common.AppendGkiSigningArgs(cmd)
-
- expected_cmd = [
- 'mkbootimg', '--header_version', '4',
- '--gki_signing_key', search_pubkey,
- '--gki_signing_algorithm', 'SHA256_RSA4096',
- '--gki_signing_signature_args', '--prop foo:bar'
- ]
- self.assertEqual(cmd, expected_cmd)
-
- @test_utils.SkipIfExternalToolsUnavailable()
- def test_AppendGkiSigningArgs_SearchKeyPathNotFound(self):
+ def test_GenerateGkiCertificate_SearchKeyPathNotFound(self):
pubkey = 'no_testkey_gki.pem'
self.assertFalse(os.path.exists(pubkey))
@@ -1749,9 +1660,9 @@
'gki_signing_algorithm': 'SHA256_RSA4096',
'gki_signing_signature_args': '--prop foo:bar',
}
- cmd = ['mkbootimg', '--header_version', '4']
- self.assertRaises(common.ExternalError, common.AppendGkiSigningArgs, cmd)
-
+ test_file = tempfile.NamedTemporaryFile()
+ self.assertRaises(common.ExternalError, common._GenerateGkiCertificate,
+ test_file.name, 'generic_kernel', 'boot')
class InstallRecoveryScriptFormatTest(test_utils.ReleaseToolsTestCase):
"""Checks the format of install-recovery.sh.
diff --git a/tools/warn/tidy_warn_patterns.py b/tools/warn/tidy_warn_patterns.py
index a5842ea..c138f1c 100644
--- a/tools/warn/tidy_warn_patterns.py
+++ b/tools/warn/tidy_warn_patterns.py
@@ -224,6 +224,9 @@
analyzer_warn_check('clang-analyzer-valist.Unterminated'),
analyzer_group_check('clang-analyzer-core.uninitialized'),
analyzer_group_check('clang-analyzer-deadcode'),
+ analyzer_warn_check('clang-analyzer-security.insecureAPI.bcmp'),
+ analyzer_warn_check('clang-analyzer-security.insecureAPI.bcopy'),
+ analyzer_warn_check('clang-analyzer-security.insecureAPI.bzero'),
analyzer_warn_check('clang-analyzer-security.insecureAPI.strcpy'),
analyzer_group_high('clang-analyzer-security.insecureAPI'),
analyzer_group_high('clang-analyzer-security'),