Merge "Update check_elf_file.py for clang-r353983"
diff --git a/CleanSpec.mk b/CleanSpec.mk
index 51139ed..3d9a1ef 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -610,6 +610,9 @@
$(call add-clean-step, rm -rf $(TARGET_OUT_DATA)/*)
$(call add-clean-step, rm -rf $(HOST_OUT)/vts/*)
$(call add-clean-step, rm -rf $(HOST_OUT)/framework/vts-tradefed.jar)
+
+# Clean up old location of system_other.avbpubkey
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/security/avb/)
# ************************************************
# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
# ************************************************
diff --git a/core/Makefile b/core/Makefile
index 811282d..69c75ca 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -222,10 +222,22 @@
BUILDINFO_SH := build/make/tools/buildinfo.sh
BUILDINFO_COMMON_SH := build/make/tools/buildinfo_common.sh
-# Generates a set of common build system properties to a file.
+
+# Generates a set of sysprops common to all partitions to a file.
# $(1): Partition name
# $(2): Output file name
define generate-common-build-props
+ PRODUCT_BRAND="$(PRODUCT_BRAND)" \
+ PRODUCT_DEVICE="$(TARGET_DEVICE)" \
+ PRODUCT_MANUFACTURER="$(PRODUCT_MANUFACTURER)" \
+ PRODUCT_MODEL="$(PRODUCT_MODEL)" \
+ PRODUCT_NAME="$(TARGET_PRODUCT)" \
+ $(call generate-common-build-props-with-product-vars-set,$(1),$(2))
+endef
+
+# Like the above macro, but requiring the relevant PRODUCT_ environment
+# variables to be set when called.
+define generate-common-build-props-with-product-vars-set
BUILD_FINGERPRINT="$(BUILD_FINGERPRINT_FROM_FILE)" \
BUILD_ID="$(BUILD_ID)" \
BUILD_NUMBER="$(BUILD_NUMBER_FROM_FILE)" \
@@ -233,12 +245,7 @@
DATE="$(DATE_FROM_FILE)" \
PLATFORM_SDK_VERSION="$(PLATFORM_SDK_VERSION)" \
PLATFORM_VERSION="$(PLATFORM_VERSION)" \
- PRODUCT_BRAND="$(PRODUCT_BRAND)" \
- PRODUCT_MANUFACTURER="$(PRODUCT_MANUFACTURER)" \
- PRODUCT_MODEL="$(PRODUCT_MODEL)" \
- PRODUCT_NAME="$(TARGET_PRODUCT)" \
TARGET_BUILD_TYPE="$(TARGET_BUILD_VARIANT)" \
- TARGET_DEVICE="$(TARGET_DEVICE)" \
bash $(BUILDINFO_COMMON_SH) "$(1)" >> $(2)
endef
@@ -426,7 +433,12 @@
$(hide) $(foreach prop,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_OEM_PROPERTIES), \
echo "import /oem/oem.prop $(prop)" >> $@;)
endif
- $(hide) $(call generate-common-build-props,system,$@)
+ $(hide) PRODUCT_BRAND="$(PRODUCT_SYSTEM_BRAND)" \
+ PRODUCT_MANUFACTURER="$(PRODUCT_SYSTEM_MANUFACTURER)" \
+ PRODUCT_MODEL="$(PRODUCT_SYSTEM_MODEL)" \
+ PRODUCT_NAME="$(PRODUCT_SYSTEM_NAME)" \
+ PRODUCT_DEVICE="$(PRODUCT_SYSTEM_DEVICE)" \
+ $(call generate-common-build-props-with-product-vars-set,system,$@)
$(hide) TARGET_BUILD_TYPE="$(TARGET_BUILD_VARIANT)" \
TARGET_BUILD_FLAVOR="$(TARGET_BUILD_FLAVOR)" \
TARGET_DEVICE="$(TARGET_DEVICE)" \
@@ -718,6 +730,15 @@
$(call dist-for-goals,droidcore,$(BUILD_SYSTEM_STATS))
# -----------------------------------------------------------------
+# build /product/etc/security/avb/system_other.avbpubkey if needed
+ifdef BUILDING_SYSTEM_OTHER_IMAGE
+ifeq ($(BOARD_AVB_ENABLE),true)
+INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET := $(TARGET_OUT_PRODUCT_ETC)/security/avb/system_other.avbpubkey
+ALL_DEFAULT_INSTALLED_MODULES += $(INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET)
+endif # BOARD_AVB_ENABLE
+endif # BUILDING_SYSTEM_OTHER_IMAGE
+
+# -----------------------------------------------------------------
# Modules ready to be converted to Soong, ordered by how many
# modules depend on them.
SOONG_CONV := $(sort $(SOONG_CONV))
@@ -1451,8 +1472,7 @@
$(if $(BOARD_AVB_ENABLE),\
$(if $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH),\
$(hide) echo "avb_system_other_key_path=$(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)" >> $(1)
- $(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1)
- $(hide) echo "avb_system_extract_system_other_key=true" >> $(1)))
+ $(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1)))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
$(if $(BOARD_AVB_ENABLE),\
@@ -2968,9 +2988,11 @@
BOARD_AVB_SYSTEM_OTHER_ALGORITHM := $(BOARD_AVB_ALGORITHM)
endif
-# To extract the public key of SYSTEM_OTHER_KEY_PATH will into system.img:
-# /system/etc/security/avb/system_other.avbpubkey.
-FULL_SYSTEMIMAGE_DEPS += $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)
+$(INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET): $(AVBTOOL) $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)
+ @echo Extracting system_other avb key: $@
+ @rm -f $@
+ @mkdir -p $(dir $@)
+ $(AVBTOOL) extract_public_key --key $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH) --output $@
ifndef BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX
BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
diff --git a/core/base_rules.mk b/core/base_rules.mk
index 742119f..7e7d6dc 100644
--- a/core/base_rules.mk
+++ b/core/base_rules.mk
@@ -776,6 +776,10 @@
$(ALL_MODULES.$(my_register_name).CHECKED) $(my_checked_module)
ALL_MODULES.$(my_register_name).BUILT := \
$(ALL_MODULES.$(my_register_name).BUILT) $(LOCAL_BUILT_MODULE)
+ifndef LOCAL_IS_HOST_MODULE
+ALL_MODULES.$(my_register_name).TARGET_BUILT := \
+ $(ALL_MODULES.$(my_register_name).TARGET_BUILT) $(LOCAL_BUILT_MODULE)
+endif
ifneq (true,$(LOCAL_UNINSTALLABLE_MODULE))
ALL_MODULES.$(my_register_name).INSTALLED := \
$(strip $(ALL_MODULES.$(my_register_name).INSTALLED) \
diff --git a/core/binary.mk b/core/binary.mk
index ad3d76b..da188ae 100644
--- a/core/binary.mk
+++ b/core/binary.mk
@@ -1214,17 +1214,17 @@
# with vendor_available: false
my_link_type := native:vendor
my_warn_types :=
- my_allowed_types := native:vendor native:vndk
+ my_allowed_types := native:vendor native:vndk native:platform_vndk
endif
else ifneq ($(filter $(TARGET_RECOVERY_OUT)/%,$(call get_non_asan_path,$(LOCAL_MODULE_PATH))),)
my_link_type := native:recovery
my_warn_types :=
# TODO(b/113303515) remove native:platform and my_allowed_ndk_types
-my_allowed_types := native:recovery native:platform $(my_allowed_ndk_types)
+my_allowed_types := native:recovery native:platform native:platform_vndk $(my_allowed_ndk_types)
else
my_link_type := native:platform
my_warn_types := $(my_warn_ndk_types)
-my_allowed_types := $(my_allowed_ndk_types) native:platform
+my_allowed_types := $(my_allowed_ndk_types) native:platform native:platform_vndk
endif
my_link_deps := $(addprefix STATIC_LIBRARIES:,$(my_whole_static_libraries) $(my_static_libraries))
diff --git a/core/clear_vars.mk b/core/clear_vars.mk
index 1883743..444612f 100644
--- a/core/clear_vars.mk
+++ b/core/clear_vars.mk
@@ -296,6 +296,7 @@
LOCAL_USES_LIBRARIES:=
LOCAL_VENDOR_MODULE:=
LOCAL_VINTF_FRAGMENTS:=
+LOCAL_VNDK_DEPEND_ON_CORE_VARIANT:=
LOCAL_VTSC_FLAGS:=
LOCAL_VTS_INCLUDES:=
LOCAL_VTS_MODE:=
diff --git a/core/definitions.mk b/core/definitions.mk
index e880fa5..02b737c 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -651,6 +651,18 @@
###########################################################
## Convert a list of short modules names (e.g., "framework", "Browser")
+## into the list of files that are built *for the target* for those modules.
+## NOTE: this won't return reliable results until after all
+## sub-makefiles have been included.
+## $(1): target list
+###########################################################
+
+define module-target-built-files
+$(foreach module,$(1),$(ALL_MODULES.$(module).TARGET_BUILT))
+endef
+
+###########################################################
+## Convert a list of short modules names (e.g., "framework", "Browser")
## into the list of files that should be used when linking
## against that module as a public API.
## TODO: Allow this for more than JAVA_LIBRARIES modules
@@ -3318,9 +3330,8 @@
$(eval enforce_rro_source_manifest_package_info := $(word 3,$(_o))) \
$(eval enforce_rro_use_res_lib := $(word 4,$(_o))) \
$(eval enforce_rro_source_overlays := $(subst :, ,$(word 5,$(_o)))) \
- $(eval enforce_rro_module := $(enforce_rro_source_module)__auto_generated_rro) \
$(eval include $(BUILD_SYSTEM)/generate_enforce_rro.mk) \
- $(eval ALL_MODULES.$(enforce_rro_source_module).REQUIRED += $(enforce_rro_module)) \
+ $(eval ALL_MODULES.$$(enforce_rro_source_module).REQUIRED += $$(LOCAL_PACKAGE_NAME)) \
)
endef
@@ -3387,3 +3398,19 @@
initialize-package-file \
add-jni-shared-libs-to-package,\
These functions have been removed)
+
+###########################################################
+## Verify the variants of a VNDK library are identical
+##
+## $(1): Path to the core variant shared library file.
+## $(2): Path to the vendor variant shared library file.
+## $(3): TOOLS_PREFIX
+###########################################################
+LIBRARY_IDENTITY_CHECK_SCRIPT := build/make/tools/check_identical_lib.sh
+define verify-vndk-libs-identical
+@echo "Checking VNDK vendor variant: $(2)"
+$(hide) CLANG_BIN="$(LLVM_PREBUILTS_PATH)" \
+ CROSS_COMPILE="$(strip $(3))" \
+ XZ="$(XZ)" \
+ $(LIBRARY_IDENTITY_CHECK_SCRIPT) $(SOONG_STRIP_PATH) $(1) $(2)
+endef
diff --git a/core/dpi_specific_apk.mk b/core/dpi_specific_apk.mk
index ad734b5..ad073c7 100644
--- a/core/dpi_specific_apk.mk
+++ b/core/dpi_specific_apk.mk
@@ -67,6 +67,7 @@
ALL_MODULES += $(dpi_apk_name)
ALL_MODULES.$(dpi_apk_name).CLASS := APPS
ALL_MODULES.$(dpi_apk_name).BUILT := $(built_dpi_apk)
+ALL_MODULES.$(dpi_apk_name).TARGET_BUILT := $(built_dpi_apk)
PACKAGES := $(PACKAGES) $(dpi_apk_name)
PACKAGES.$(dpi_apk_name).PRIVATE_KEY := $(private_key)
PACKAGES.$(dpi_apk_name).CERTIFICATE := $(certificate)
diff --git a/core/generate_enforce_rro.mk b/core/generate_enforce_rro.mk
index 6c95983..6124a4f 100644
--- a/core/generate_enforce_rro.mk
+++ b/core/generate_enforce_rro.mk
@@ -1,24 +1,29 @@
include $(CLEAR_VARS)
+enforce_rro_module := $(enforce_rro_source_module)__auto_generated_rro
LOCAL_PACKAGE_NAME := $(enforce_rro_module)
intermediates := $(call intermediates-dir-for,APPS,$(LOCAL_PACKAGE_NAME),,COMMON)
rro_android_manifest_file := $(intermediates)/AndroidManifest.xml
ifeq (true,$(enforce_rro_source_is_manifest_package_name))
-$(rro_android_manifest_file): PRIVATE_PACKAGE_NAME := $(enforce_rro_source_manifest_package_info)
-$(rro_android_manifest_file): build/make/tools/generate-enforce-rro-android-manifest.py
- $(hide) build/make/tools/generate-enforce-rro-android-manifest.py -u -p $(PRIVATE_PACKAGE_NAME) -o $@
+ use_package_name_arg := --use-package-name
else
-$(rro_android_manifest_file): PRIVATE_SOURCE_MANIFEST_FILE := $(enforce_rro_source_manifest_package_info)
-$(rro_android_manifest_file): $(enforce_rro_source_manifest_package_info) build/make/tools/generate-enforce-rro-android-manifest.py
- $(hide) build/make/tools/generate-enforce-rro-android-manifest.py -p $(PRIVATE_SOURCE_MANIFEST_FILE) -o $@
+ use_package_name_arg :=
+$(rro_android_manifest_file): $(enforce_rro_source_manifest_package_info)
endif
+$(rro_android_manifest_file): PRIVATE_PACKAGE_INFO := $(enforce_rro_source_manifest_package_info)
+$(rro_android_manifest_file): build/make/tools/generate-enforce-rro-android-manifest.py
+ $(hide) build/make/tools/generate-enforce-rro-android-manifest.py \
+ --package-info $(PRIVATE_PACKAGE_INFO) \
+ $(use_package_name_arg) \
+ -o $@
+
LOCAL_PATH:= $(intermediates)
ifeq ($(enforce_rro_use_res_lib),true)
-LOCAL_RES_LIBRARIES := $(enforce_rro_source_module)
+ LOCAL_RES_LIBRARIES := $(enforce_rro_source_module)
endif
LOCAL_FULL_MANIFEST_FILE := $(rro_android_manifest_file)
@@ -32,7 +37,7 @@
# Technically we are linking against the app (if only to grab its resources),
# and because it's potentially not building against the SDK, we can't either.
LOCAL_PRIVATE_PLATFORM_APIS := true
-else ifeq (framework-res__auto_generated_rro,$(enforce_rro_module))
+else ifeq (framework-res,$(enforce_rro_source_module))
LOCAL_PRIVATE_PLATFORM_APIS := true
else
LOCAL_SDK_VERSION := current
diff --git a/core/install_jni_libs_internal.mk b/core/install_jni_libs_internal.mk
index e0f1ad4..a79a49a 100644
--- a/core/install_jni_libs_internal.mk
+++ b/core/install_jni_libs_internal.mk
@@ -113,12 +113,12 @@
my_warn_types := native:platform $(my_warn_ndk_types)
my_allowed_types := $(my_allowed_ndk_types)
ifneq (,$(filter true,$(LOCAL_VENDOR_MODULE) $(LOCAL_ODM_MODULE) $(LOCAL_PROPRIETARY_MODULE)))
- my_allowed_types += native:vendor native:vndk
+ my_allowed_types += native:vendor native:vndk native:platform_vndk
endif
else
my_link_type := app:platform
my_warn_types := $(my_warn_ndk_types)
-my_allowed_types := $(my_allowed_ndk_types) native:platform native:vendor native:vndk native:vndk_private
+my_allowed_types := $(my_allowed_ndk_types) native:platform native:vendor native:vndk native:vndk_private native:platform_vndk
endif
my_link_deps := $(addprefix SHARED_LIBRARIES:,$(LOCAL_JNI_SHARED_LIBRARIES))
diff --git a/core/main.mk b/core/main.mk
index 605b265..43c80ee 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -501,6 +501,10 @@
subdir_makefiles_total := $(words init post finish)
endif
+droid_targets: no_vendor_variant_vndk_check
+.PHONY: no_vendor_variant_vndk_check
+no_vendor_variant_vndk_check:
+
$(info [$(call inc_and_print,subdir_makefiles_inc)/$(subdir_makefiles_total)] finishing build rules ...)
# -------------------------------------------------------------------
@@ -1144,27 +1148,28 @@
)
endef
-ifeq (true|,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ENFORCE_PACKAGES_EXIST)|$(filter true,$(ALLOW_MISSING_DEPENDENCIES)))
- _whitelist := $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST)
- _modules := $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGES)
- # Sanity check all modules in PRODUCT_PACKAGES exist. We check for the
- # existence if either <module> or the <module>_32 variant.
- _nonexistant_modules := $(filter-out $(ALL_MODULES),$(_modules))
- _nonexistant_modules := $(foreach m,$(_nonexistant_modules),\
- $(if $(call get-32-bit-modules,$(m)),,$(m)))
- $(call maybe-print-list-and-error,$(filter-out $(_whitelist),$(_nonexistant_modules)),\
- $(INTERNAL_PRODUCT) includes non-existant modules in PRODUCT_PACKAGES)
- $(call maybe-print-list-and-error,$(filter-out $(_nonexistant_modules),$(_whitelist)),\
- $(INTERNAL_PRODUCT) includes redundant whitelist entries for nonexistant PRODUCT_PACKAGES)
-endif
-
ifdef FULL_BUILD
- # Check to ensure that all modules in PRODUCT_HOST_PACKAGES exist
- #
- # Many host modules are Linux-only, so skip this check on Mac. If we ever have Mac-only modules,
- # maybe it would make sense to have PRODUCT_HOST_PACKAGES_LINUX/_DARWIN?
- ifneq ($(HOST_OS),darwin)
- ifneq (true,$(ALLOW_MISSING_DEPENDENCIES))
+ ifneq (true,$(ALLOW_MISSING_DEPENDENCIES))
+ # Check to ensure that all modules in PRODUCT_PACKAGES exist (opt in per product)
+ ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ENFORCE_PACKAGES_EXIST))
+ _whitelist := $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ENFORCE_PACKAGES_EXIST_WHITELIST)
+ _modules := $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGES)
+ # Sanity check all modules in PRODUCT_PACKAGES exist. We check for the
+ # existence if either <module> or the <module>_32 variant.
+ _nonexistant_modules := $(filter-out $(ALL_MODULES),$(_modules))
+ _nonexistant_modules := $(foreach m,$(_nonexistant_modules),\
+ $(if $(call get-32-bit-modules,$(m)),,$(m)))
+ $(call maybe-print-list-and-error,$(filter-out $(_whitelist),$(_nonexistant_modules)),\
+ $(INTERNAL_PRODUCT) includes non-existant modules in PRODUCT_PACKAGES)
+ $(call maybe-print-list-and-error,$(filter-out $(_nonexistant_modules),$(_whitelist)),\
+ $(INTERNAL_PRODUCT) includes redundant whitelist entries for nonexistant PRODUCT_PACKAGES)
+ endif
+
+ # Check to ensure that all modules in PRODUCT_HOST_PACKAGES exist
+ #
+ # Many host modules are Linux-only, so skip this check on Mac. If we ever have Mac-only modules,
+ # maybe it would make sense to have PRODUCT_HOST_PACKAGES_LINUX/_DARWIN?
+ ifneq ($(HOST_OS),darwin)
_modules := $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_HOST_PACKAGES)
_nonexistant_modules := $(foreach m,$(_modules),\
$(if $(filter FAKE,$(ALL_MODULES.$(m).CLASS))$(filter $(HOST_OUT_ROOT)/%,$(ALL_MODULES.$(m).INSTALLED)),,$(m)))
diff --git a/core/package_internal.mk b/core/package_internal.mk
index 3be4635..89296e6 100644
--- a/core/package_internal.mk
+++ b/core/package_internal.mk
@@ -109,56 +109,50 @@
# Process Support Library dependencies.
include $(BUILD_SYSTEM)/support_libraries.mk
-package_resource_overlays := $(strip \
+# Determine whether auto-RRO is enabled for this package.
+enforce_rro_enabled :=
+ifeq ($(PRODUCT_ENFORCE_RRO_TARGETS),*)
+ # * means all system APKs, so enable conditionally based on module path.
+
+ # Note that base_rules.mk has not yet been included, so it's likely that only
+ # one of LOCAL_MODULE_PATH and the LOCAL_X_MODULE flags has been set.
+ ifeq (,$(LOCAL_MODULE_PATH))
+ non_system_module := $(filter true,\
+ $(LOCAL_ODM_MODULE) \
+ $(LOCAL_OEM_MODULE) \
+ $(LOCAL_PRODUCT_MODULE) \
+ $(LOCAL_PRODUCT_SERVICES_MODULE) \
+ $(LOCAL_PROPRIETARY_MODULE) \
+ $(LOCAL_VENDOR_MODULE))
+ enforce_rro_enabled := $(if $(non_system_module),,true)
+ else ifneq ($(filter $(TARGET_OUT)/%,$(LOCAL_MODULE_PATH)),)
+ enforce_rro_enabled := true
+ endif
+else ifneq (,$(filter $(LOCAL_PACKAGE_NAME), $(PRODUCT_ENFORCE_RRO_TARGETS)))
+ enforce_rro_enabled := true
+endif
+
+all_package_resource_overlays := $(strip \
$(wildcard $(foreach dir, $(PRODUCT_PACKAGE_OVERLAYS), \
$(addprefix $(dir)/, $(LOCAL_RESOURCE_DIR)))) \
$(wildcard $(foreach dir, $(DEVICE_PACKAGE_OVERLAYS), \
$(addprefix $(dir)/, $(LOCAL_RESOURCE_DIR)))))
-enforce_rro_enabled :=
-ifneq ($(PRODUCT_ENFORCE_RRO_TARGETS),)
- ifneq ($(package_resource_overlays),)
- ifeq ($(PRODUCT_ENFORCE_RRO_TARGETS),*)
- enforce_rro_enabled := true
- else ifneq (,$(filter $(LOCAL_PACKAGE_NAME), $(PRODUCT_ENFORCE_RRO_TARGETS)))
- enforce_rro_enabled := true
- endif
- endif
-
- ifdef enforce_rro_enabled
- ifeq (,$(LOCAL_MODULE_PATH))
- ifeq (true,$(LOCAL_PROPRIETARY_MODULE))
- enforce_rro_enabled :=
- else ifeq (true,$(LOCAL_OEM_MODULE))
- enforce_rro_enabled :=
- else ifeq (true,$(LOCAL_ODM_MODULE))
- enforce_rro_enabled :=
- else ifeq (true,$(LOCAL_PRODUCT_MODULE))
- enforce_rro_enabled :=
- else ifeq (true,$(LOCAL_PRODUCT_SERVICES_MODULE))
- enforce_rro_enabled :=
- endif
- else ifeq ($(filter $(TARGET_OUT)/%,$(LOCAL_MODULE_PATH)),)
- enforce_rro_enabled :=
- endif
- endif
-endif
-
+static_resource_overlays :=
+runtime_resource_overlays :=
ifdef enforce_rro_enabled
ifneq ($(PRODUCT_ENFORCE_RRO_EXCLUDED_OVERLAYS),)
- static_only_resource_overlays := $(filter $(addsuffix %,$(PRODUCT_ENFORCE_RRO_EXCLUDED_OVERLAYS)),$(package_resource_overlays))
- ifneq ($(static_only_resource_overlays),)
- package_resource_overlays := $(filter-out $(static_only_resource_overlays),$(package_resource_overlays))
- LOCAL_RESOURCE_DIR := $(static_only_resource_overlays) $(LOCAL_RESOURCE_DIR)
- ifeq ($(package_resource_overlays),)
- enforce_rro_enabled :=
- endif
- endif
+ static_resource_overlays += $(filter $(addsuffix %,$(PRODUCT_ENFORCE_RRO_EXCLUDED_OVERLAYS)),$(all_package_resource_overlays))
endif
+ runtime_resource_overlays := $(filter-out $(static_resource_overlays),$(all_package_resource_overlays))
else
-LOCAL_RESOURCE_DIR := $(package_resource_overlays) $(LOCAL_RESOURCE_DIR)
+ static_resource_overlays := $(all_package_resource_overlays)
endif
+# Add the static overlays. Auto-RRO is created later, as it depends on
+# other logic in this file.
+LOCAL_RESOURCE_DIR := $(static_resource_overlays) $(LOCAL_RESOURCE_DIR)
+
all_assets := $(strip \
$(foreach dir, $(LOCAL_ASSET_DIR), \
$(addprefix $(dir)/, \
@@ -796,7 +790,7 @@
# Reset internal variables.
all_res_assets :=
-ifdef enforce_rro_enabled
+ifdef runtime_resource_overlays
ifdef LOCAL_EXPORT_PACKAGE_RESOURCES
enforce_rro_use_res_lib := true
else
@@ -811,11 +805,11 @@
enforce_rro_manifest_package_info := $(full_android_manifest)
endif
-$(call append_enforce_rro_sources, \
- $(my_register_name), \
- $(enforce_rro_is_manifest_package_name), \
- $(enforce_rro_manifest_package_info), \
- $(enforce_rro_use_res_lib), \
- $(package_resource_overlays) \
- )
-endif # enforce_rro_enabled
+ $(call append_enforce_rro_sources, \
+ $(my_register_name), \
+ $(enforce_rro_is_manifest_package_name), \
+ $(enforce_rro_manifest_package_info), \
+ $(enforce_rro_use_res_lib), \
+ $(runtime_resource_overlays) \
+ )
+endif
diff --git a/core/product-graph.mk b/core/product-graph.mk
index 1efc687..a114b65 100644
--- a/core/product-graph.mk
+++ b/core/product-graph.mk
@@ -36,8 +36,6 @@
this_makefile := build/make/core/product-graph.mk
-products_svg := $(OUT_DIR)/products.svg
-products_pdf := $(OUT_DIR)/products.pdf
products_graph := $(OUT_DIR)/products.dot
ifeq ($(strip $(ANDROID_PRODUCT_GRAPH)),)
products_list := $(INTERNAL_PRODUCT)
@@ -137,13 +135,8 @@
$(eval product_debug_files += $(call product-debug-filename, $(p))) \
)
-$(products_pdf): $(products_graph)
- @echo Product graph PDF: $@
- dot -Tpdf -Nshape=box -o $@ $<
-
-$(products_svg): $(products_graph) $(product_debug_files)
- @echo Product graph SVG: $@
- dot -Tsvg -Nshape=box -o $@ $<
-
-product-graph: $(products_pdf) $(products_svg)
.PHONY: product-graph
+product-graph: $(products_graph)
+ @echo Product graph .dot file: $(products_graph)
+ @echo Command to convert to pdf: dot -Tpdf -Nshape=box -o $(OUT_DIR)/products.pdf $(products_graph)
+ @echo Command to convert to svg: dot -Tsvg -Nshape=box -o $(OUT_DIR)/products.svg $(products_graph)
diff --git a/core/product.mk b/core/product.mk
index a367a6b..bb63ab8 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -126,6 +126,11 @@
PRODUCT_DEVICE \
PRODUCT_MANUFACTURER \
PRODUCT_BRAND \
+ PRODUCT_SYSTEM_NAME \
+ PRODUCT_SYSTEM_MODEL \
+ PRODUCT_SYSTEM_DEVICE \
+ PRODUCT_SYSTEM_BRAND \
+ PRODUCT_SYSTEM_MANUFACTURER \
PRODUCT_PROPERTY_OVERRIDES \
PRODUCT_DEFAULT_PROPERTY_OVERRIDES \
PRODUCT_PRODUCT_PROPERTIES \
diff --git a/core/product_config.mk b/core/product_config.mk
index cff42db..7ab1d6d 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -299,18 +299,39 @@
PRODUCT_AAPT_CONFIG := \
$(subst $(space),$(comma),$(strip $(PRODUCT_AAPT_CONFIG)))
+PRODUCT_SYSTEM_NAME := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_NAME))
+ifndef PRODUCT_SYSTEM_NAME
+ PRODUCT_SYSTEM_NAME := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_NAME))
+endif
+
+PRODUCT_SYSTEM_DEVICE := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_DEVICE))
+ifndef PRODUCT_SYSTEM_DEVICE
+ PRODUCT_SYSTEM_DEVICE := $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEVICE)
+endif
+
PRODUCT_BRAND := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_BRAND))
+PRODUCT_SYSTEM_BRAND := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_BRAND))
+ifndef PRODUCT_SYSTEM_BRAND
+ PRODUCT_SYSTEM_BRAND := $(PRODUCT_BRAND)
+endif
PRODUCT_MODEL := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_MODEL))
ifndef PRODUCT_MODEL
PRODUCT_MODEL := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_NAME))
endif
+PRODUCT_SYSTEM_MODEL := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_MODEL))
+ifndef PRODUCT_SYSTEM_MODEL
+ PRODUCT_SYSTEM_MODEL := $(PRODUCT_MODEL)
+endif
-PRODUCT_MANUFACTURER := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_MANUFACTURER))
+PRODUCT_MANUFACTURER := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_MANUFACTURER))
ifndef PRODUCT_MANUFACTURER
PRODUCT_MANUFACTURER := unknown
endif
+PRODUCT_SYSTEM_MANUFACTURER := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_MANUFACTURER))
+ifndef PRODUCT_SYSTEM_MANUFACTURER
+ PRODUCT_SYSTEM_MANUFACTURER := $(PRODUCT_MANUFACTURER)
+endif
ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CHARACTERISTICS),)
TARGET_AAPT_CHARACTERISTICS := default
diff --git a/core/soong_cc_prebuilt.mk b/core/soong_cc_prebuilt.mk
index 8d248af..679d5b8 100644
--- a/core/soong_cc_prebuilt.mk
+++ b/core/soong_cc_prebuilt.mk
@@ -86,11 +86,13 @@
endif
ifdef LOCAL_USE_VNDK
- name_without_suffix := $(patsubst %.vendor,%,$(LOCAL_MODULE))
- ifneq ($(name_without_suffix),$(LOCAL_MODULE)
- SPLIT_VENDOR.$(LOCAL_MODULE_CLASS).$(name_without_suffix) := 1
+ ifneq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
+ name_without_suffix := $(patsubst %.vendor,%,$(LOCAL_MODULE))
+ ifneq ($(name_without_suffix),$(LOCAL_MODULE)
+ SPLIT_VENDOR.$(LOCAL_MODULE_CLASS).$(name_without_suffix) := 1
+ endif
+ name_without_suffix :=
endif
- name_without_suffix :=
endif
# Check prebuilt ELF binaries.
@@ -113,27 +115,52 @@
endif
endif
+ifeq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
+ # Add $(LOCAL_BUILT_MODULE) as a dependency to no_vendor_variant_vndk_check so
+ # that the vendor variant will be built and checked against the core variant.
+ no_vendor_variant_vndk_check: $(LOCAL_BUILT_MODULE)
+
+ my_core_register_name := $(subst .vendor,,$(my_register_name))
+ my_core_variant_files := $(call module-target-built-files,$(my_core_register_name))
+ my_core_shared_lib := $(sort $(filter %.so,$(my_core_variant_files)))
+ $(LOCAL_BUILT_MODULE): PRIVATE_CORE_VARIANT := $(my_core_shared_lib)
+
+ # The built vendor variant library needs to depend on the built core variant
+ # so that we can perform identity check against the core variant.
+ $(LOCAL_BUILT_MODULE): $(my_core_shared_lib)
+endif
+
+ifeq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
+$(LOCAL_BUILT_MODULE): $(LOCAL_PREBUILT_MODULE_FILE) $(LIBRARY_IDENTITY_CHECK_SCRIPT)
+ $(call verify-vndk-libs-identical,\
+ $(PRIVATE_CORE_VARIANT),\
+ $<,\
+ $($(LOCAL_2ND_ARCH_VAR_PREFIX)$(my_prefix)TOOLS_PREFIX))
+ $(copy-file-to-target)
+else
$(LOCAL_BUILT_MODULE): $(LOCAL_PREBUILT_MODULE_FILE)
$(transform-prebuilt-to-target)
+endif
ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),)
$(hide) chmod +x $@
endif
ifndef LOCAL_IS_HOST_MODULE
ifdef LOCAL_SOONG_UNSTRIPPED_BINARY
- my_symbol_path := $(if $(LOCAL_SOONG_SYMBOL_PATH),$(LOCAL_SOONG_SYMBOL_PATH),$(my_module_path))
- # Store a copy with symbols for symbolic debugging
- my_unstripped_path := $(TARGET_OUT_UNSTRIPPED)/$(patsubst $(PRODUCT_OUT)/%,%,$(my_symbol_path))
- # drop /root as /root is mounted as /
- my_unstripped_path := $(patsubst $(TARGET_OUT_UNSTRIPPED)/root/%,$(TARGET_OUT_UNSTRIPPED)/%, $(my_unstripped_path))
- symbolic_output := $(my_unstripped_path)/$(my_installed_module_stem)
- $(eval $(call copy-one-file,$(LOCAL_SOONG_UNSTRIPPED_BINARY),$(symbolic_output)))
- $(call add-dependency,$(LOCAL_BUILT_MODULE),$(symbolic_output))
+ ifneq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
+ my_symbol_path := $(if $(LOCAL_SOONG_SYMBOL_PATH),$(LOCAL_SOONG_SYMBOL_PATH),$(my_module_path))
+ # Store a copy with symbols for symbolic debugging
+ my_unstripped_path := $(TARGET_OUT_UNSTRIPPED)/$(patsubst $(PRODUCT_OUT)/%,%,$(my_symbol_path))
+ # drop /root as /root is mounted as /
+ my_unstripped_path := $(patsubst $(TARGET_OUT_UNSTRIPPED)/root/%,$(TARGET_OUT_UNSTRIPPED)/%, $(my_unstripped_path))
+ symbolic_output := $(my_unstripped_path)/$(my_installed_module_stem)
+ $(eval $(call copy-one-file,$(LOCAL_SOONG_UNSTRIPPED_BINARY),$(symbolic_output)))
+ $(call add-dependency,$(LOCAL_BUILT_MODULE),$(symbolic_output))
- ifeq ($(BREAKPAD_GENERATE_SYMBOLS),true)
- my_breakpad_path := $(TARGET_OUT_BREAKPAD)/$(patsubst $(PRODUCT_OUT)/%,%,$(my_symbol_path))
- breakpad_output := $(my_breakpad_path)/$(my_installed_module_stem).sym
- $(breakpad_output) : $(LOCAL_SOONG_UNSTRIPPED_BINARY) | $(BREAKPAD_DUMP_SYMS) $(PRIVATE_READELF)
+ ifeq ($(BREAKPAD_GENERATE_SYMBOLS),true)
+ my_breakpad_path := $(TARGET_OUT_BREAKPAD)/$(patsubst $(PRODUCT_OUT)/%,%,$(my_symbol_path))
+ breakpad_output := $(my_breakpad_path)/$(my_installed_module_stem).sym
+ $(breakpad_output) : $(LOCAL_SOONG_UNSTRIPPED_BINARY) | $(BREAKPAD_DUMP_SYMS) $(PRIVATE_READELF)
@echo "target breakpad: $(PRIVATE_MODULE) ($@)"
@mkdir -p $(dir $@)
$(hide) if $(PRIVATE_READELF) -S $< > /dev/null 2>&1 ; then \
@@ -142,7 +169,8 @@
echo "skipped for non-elf file."; \
touch $@; \
fi
- $(call add-dependency,$(LOCAL_BUILT_MODULE),$(breakpad_output))
+ $(call add-dependency,$(LOCAL_BUILT_MODULE),$(breakpad_output))
+ endif
endif
endif
endif
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 3c82e88..995fc11 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -115,6 +115,8 @@
$(call add_json_list, BootJars, $(PRODUCT_BOOT_JARS))
+$(call add_json_bool, VndkUseCoreVariant, $(TARGET_VNDK_USE_CORE_VARIANT))
+
$(call add_json_bool, Product_is_iot, $(filter true,$(PRODUCT_IOT)))
$(call add_json_bool, Treble_linker_namespaces, $(filter true,$(PRODUCT_TREBLE_LINKER_NAMESPACES)))
diff --git a/target/product/mainline_system.mk b/target/product/mainline_system.mk
index 0ddc3db..ecd5691 100644
--- a/target/product/mainline_system.mk
+++ b/target/product/mainline_system.mk
@@ -81,7 +81,6 @@
libminui \
libnl \
libprotobuf-cpp-full \
- libprotobuf-cpp-full-rtti \
PRODUCT_PACKAGES_DEBUG += \
avbctl \
diff --git a/tools/buildinfo_common.sh b/tools/buildinfo_common.sh
index f7f798c..6041d79 100755
--- a/tools/buildinfo_common.sh
+++ b/tools/buildinfo_common.sh
@@ -21,7 +21,7 @@
echo "ro.${partition}.build.version.sdk=$PLATFORM_SDK_VERSION"
echo "ro.product.${partition}.brand=$PRODUCT_BRAND"
-echo "ro.product.${partition}.device=$TARGET_DEVICE"
+echo "ro.product.${partition}.device=$PRODUCT_DEVICE"
echo "ro.product.${partition}.manufacturer=$PRODUCT_MANUFACTURER"
echo "ro.product.${partition}.model=$PRODUCT_MODEL"
echo "ro.product.${partition}.name=$PRODUCT_NAME"
diff --git a/tools/check_identical_lib.sh b/tools/check_identical_lib.sh
new file mode 100755
index 0000000..01007c0
--- /dev/null
+++ b/tools/check_identical_lib.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+set -e
+
+STRIP_PATH="${1}"
+CORE="${2}"
+VENDOR="${3}"
+
+stripped_core="${CORE}.vndk_lib_check.stripped"
+stripped_vendor="${VENDOR}.vndk_lib_check.stripped"
+
+function cleanup() {
+ rm -f ${stripped_core} ${stripped_vendor}
+}
+trap cleanup EXIT
+
+function strip_lib() {
+ ${STRIP_PATH} \
+ -i ${1} \
+ -o ${2} \
+ -d /dev/null \
+ --remove-build-id
+}
+
+strip_lib ${CORE} ${stripped_core}
+strip_lib ${VENDOR} ${stripped_vendor}
+if ! cmp -s ${stripped_core} ${stripped_vendor}; then
+ echo "VNDK library not in vndkMustUseVendorVariantList but has different core and vendor variant: $(basename ${CORE})"
+ echo "If the two variants need to have different runtime behavior, consider using libvndksupport."
+ exit 1
+fi
diff --git a/tools/generate-enforce-rro-android-manifest.py b/tools/generate-enforce-rro-android-manifest.py
index 68331cf..0d7623f 100755
--- a/tools/generate-enforce-rro-android-manifest.py
+++ b/tools/generate-enforce-rro-android-manifest.py
@@ -48,8 +48,9 @@
def main(argv):
args = get_args()
- package_name = args.package_info
- if not args.use_package_name:
+ if args.use_package_name:
+ package_name = args.package_info
+ else:
with open(args.package_info) as f:
data = f.read()
f.close()
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index bcbc921..d2f4e25 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -740,28 +740,6 @@
f.writelines(["%s=%s" % (key, value) for (key, value) in glob_dict.items()])
-def ExtractSystemOtherAvbKey(in_dir, glob_dict):
- if glob_dict.get("avb_system_extract_system_other_key") != "true":
- return
-
- extract_to = os.path.join(in_dir, "etc/security/avb/system_other.avbpubkey")
- extract_to_dir = os.path.dirname(extract_to)
-
- if os.path.isdir(extract_to_dir):
- shutil.rmtree(extract_to_dir)
- elif os.path.isfile(extract_to_dir):
- os.remove(extract_to_dir)
- os.mkdir(extract_to_dir);
-
- # Extracts the public key used to sign system_other.img, into system.img:
- # /system/etc/security/avb/system_other.avbpubkey.
- avbtool = glob_dict.get("avb_avbtool")
- extract_from = glob_dict.get("avb_system_other_key_path")
- cmd = [avbtool, "extract_public_key", "--key", extract_from,
- "--output", extract_to]
- common.RunAndCheckOutput(cmd, verbose=False)
-
-
def main(argv):
if len(argv) < 4 or len(argv) > 5:
print(__doc__)
@@ -785,7 +763,6 @@
mount_point = ""
if image_filename == "system.img":
mount_point = "system"
- ExtractSystemOtherAvbKey(in_dir, glob_dict)
elif image_filename == "system_other.img":
mount_point = "system_other"
elif image_filename == "userdata.img":
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 71598e3..75a98fd 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -91,12 +91,12 @@
Replace the veritykeyid in BOOT/cmdline of input_target_file_zip
with keyid of the cert pointed by <path_to_X509_PEM_cert_file>.
- --avb_{boot,system,vendor,dtbo,vbmeta}_algorithm <algorithm>
- --avb_{boot,system,vendor,dtbo,vbmeta}_key <key>
+ --avb_{boot,system,system_other,vendor,dtbo,vbmeta}_algorithm <algorithm>
+ --avb_{boot,system,system_other,vendor,dtbo,vbmeta}_key <key>
Use the specified algorithm (e.g. SHA256_RSA4096) and the key to AVB-sign
the specified image. Otherwise it uses the existing values in info dict.
- --avb_{apex,boot,system,vendor,dtbo,vbmeta}_extra_args <args>
+ --avb_{apex,boot,system,system_other,vendor,dtbo,vbmeta}_extra_args <args>
Specify any additional args that are needed to AVB-sign the image
(e.g. "--signing_helper /path/to/helper"). The args will be appended to
the existing ones in info dict.
@@ -584,6 +584,18 @@
elif filename == "META/care_map.pb" or filename == "META/care_map.txt":
pass
+ # Updates system_other.avbpubkey in /product/etc/.
+ elif filename in (
+ "PRODUCT/etc/security/avb/system_other.avbpubkey",
+ "SYSTEM/product/etc/security/avb/system_other.avbpubkey"):
+ # Only update system_other's public key, if the corresponding signing
+ # key is specified via --avb_system_other_key.
+ signing_key = OPTIONS.avb_keys.get("system_other")
+ if signing_key:
+ public_key = common.ExtractAvbPublicKey(signing_key)
+ print(" Rewriting AVB public key of system_other in /product")
+ common.ZipWrite(output_tf_zip, public_key, filename)
+
# A non-APK file; copy it verbatim.
else:
common.ZipWriteStr(output_tf_zip, out_info, data)
@@ -934,6 +946,7 @@
'dtbo' : 'avb_dtbo_add_hash_footer_args',
'recovery' : 'avb_recovery_add_hash_footer_args',
'system' : 'avb_system_add_hashtree_footer_args',
+ 'system_other' : 'avb_system_other_add_hashtree_footer_args',
'vendor' : 'avb_vendor_add_hashtree_footer_args',
'vbmeta' : 'avb_vbmeta_args',
}
@@ -1153,6 +1166,12 @@
OPTIONS.avb_algorithms['system'] = a
elif o == "--avb_system_extra_args":
OPTIONS.avb_extra_args['system'] = a
+ elif o == "--avb_system_other_key":
+ OPTIONS.avb_keys['system_other'] = a
+ elif o == "--avb_system_other_algorithm":
+ OPTIONS.avb_algorithms['system_other'] = a
+ elif o == "--avb_system_other_extra_args":
+ OPTIONS.avb_extra_args['system_other'] = a
elif o == "--avb_vendor_key":
OPTIONS.avb_keys['vendor'] = a
elif o == "--avb_vendor_algorithm":
@@ -1192,6 +1211,9 @@
"avb_system_algorithm=",
"avb_system_key=",
"avb_system_extra_args=",
+ "avb_system_other_algorithm=",
+ "avb_system_other_key=",
+ "avb_system_other_extra_args=",
"avb_vendor_algorithm=",
"avb_vendor_key=",
"avb_vendor_extra_args=",