Merge "Add LOCAL_SOONG_SYMBOL_PATH"
diff --git a/OWNERS b/OWNERS
index 9f621d8..77496f1 100644
--- a/OWNERS
+++ b/OWNERS
@@ -5,7 +5,5 @@
# To expedite LON reviews
hansson@google.com
-per-file * = ccross@android.com,dwillemsen@google.com,hansson@google.com
-
# For version updates
per-file version_defaults.mk = aseaton@google.com,elisapascual@google.com
diff --git a/core/Makefile b/core/Makefile
index 8a73f4e..811282d 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -4317,6 +4317,13 @@
# BOARD_SUPER_PARTITION_SIZE must be defined to build super image.
ifneq ($(BOARD_SUPER_PARTITION_SIZE),)
+# Dump variables used by build_super_image.py.
+define dump-super-image-info
+ $(call dump-dynamic-partitions-info,$(1))
+ $(if $(filter true,$(AB_OTA_UPDATER)), \
+ echo "ab_update=true" >> $(1))
+endef
+
ifneq (true,$(PRODUCT_RETROFIT_DYNAMIC_PARTITIONS))
INSTALLED_SUPERIMAGE_TARGET := $(PRODUCT_OUT)/super.img
$(INSTALLED_SUPERIMAGE_TARGET): extracted_input_target_files := $(patsubst %.zip,%,$(BUILT_TARGET_FILES_PACKAGE))
@@ -4324,7 +4331,22 @@
$(call pretty,"Target super fs image: $@")
PATH=$(dir $(LPMAKE)):$$PATH \
$(BUILD_SUPER_IMAGE) -v $(extracted_input_target_files) $@
-endif
+
+# supernod uses images in the $(PRODUCT_OUT) directory instead of images from target files package.
+.PHONY: superimage-nodeps supernod
+superimage-nodeps supernod: intermediates := $(call intermediates-dir-for,PACKAGING,superimage-nodeps)
+superimage-nodeps supernod: | $(LPMAKE) $(BUILD_SUPER_IMAGE) \
+ $(foreach p, $(BOARD_SUPER_PARTITION_PARTITION_LIST), $(INSTALLED_$(call to-upper,$(p))IMAGE_TARGET))
+ $(call pretty,"make $(INSTALLED_SUPERIMAGE_TARGET): ignoring dependencies")
+ mkdir -p $(intermediates)
+ rm -rf $(intermediates)/misc_info.txt
+ $(call dump-super-image-info,$(intermediates)/misc_info.txt)
+ $(foreach p,$(BOARD_SUPER_PARTITION_PARTITION_LIST), \
+ echo "$(p)_image=$(INSTALLED_$(call to-upper,$(p))IMAGE_TARGET)" >> $(intermediates)/misc_info.txt;)
+ PATH=$(dir $(LPMAKE)):$$PATH \
+ $(BUILD_SUPER_IMAGE) -v $(intermediates)/misc_info.txt $(INSTALLED_SUPERIMAGE_TARGET)
+
+endif # PRODUCT_RETROFIT_DYNAMIC_PARTITIONS != "true"
$(call dist-for-goals,dist_files,$(INSTALLED_SUPERIMAGE_TARGET))
@@ -4334,10 +4356,7 @@
$(call pretty,"Target empty super fs image: $@")
mkdir -p $(intermediates)
rm -rf $(intermediates)/misc_info.txt
- $(call dump-dynamic-partitions-info,$(intermediates)/misc_info.txt)
-ifeq ($(AB_OTA_UPDATER),true)
- echo "ab_update=true" >> $(intermediates)/misc_info.txt
-endif
+ $(call dump-super-image-info,$(intermediates)/misc_info.txt)
PATH=$(dir $(LPMAKE)):$$PATH \
$(BUILD_SUPER_IMAGE) -v $(intermediates)/misc_info.txt $@
diff --git a/core/app_prebuilt_internal.mk b/core/app_prebuilt_internal.mk
new file mode 100644
index 0000000..b429dca
--- /dev/null
+++ b/core/app_prebuilt_internal.mk
@@ -0,0 +1,280 @@
+#
+# Copyright (C) 2019 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+############################################################
+# Internal build rules for APPS prebuilt modules
+############################################################
+
+ifneq (APPS,$(LOCAL_MODULE_CLASS))
+$(call pretty-error,app_prebuilt_internal.mk is for APPS modules only)
+endif
+
+ifdef LOCAL_COMPRESSED_MODULE
+ ifneq (true,$(LOCAL_COMPRESSED_MODULE))
+ $(call pretty-error, Unknown value for LOCAL_COMPRESSED_MODULE $(LOCAL_COMPRESSED_MODULE))
+ endif
+ LOCAL_BUILT_MODULE_STEM := package.apk.gz
+ ifndef LOCAL_INSTALLED_MODULE_STEM
+ PACKAGES.$(LOCAL_MODULE).COMPRESSED := gz
+ LOCAL_INSTALLED_MODULE_STEM := $(LOCAL_MODULE).apk.gz
+ endif
+else # LOCAL_COMPRESSED_MODULE
+ LOCAL_BUILT_MODULE_STEM := package.apk
+ ifndef LOCAL_INSTALLED_MODULE_STEM
+ LOCAL_INSTALLED_MODULE_STEM := $(LOCAL_MODULE).apk
+ endif
+endif # LOCAL_COMPRESSED_MODULE
+
+include $(BUILD_SYSTEM)/base_rules.mk
+built_module := $(LOCAL_BUILT_MODULE)
+
+# Run veridex on product, product_services and vendor modules.
+# We skip it for unbundled app builds where we cannot build veridex.
+module_run_appcompat :=
+ifeq (true,$(non_system_module))
+ifeq (,$(TARGET_BUILD_APPS)$(filter true,$(TARGET_BUILD_PDK))) # ! unbundled app build
+ifneq ($(UNSAFE_DISABLE_HIDDENAPI_FLAGS),true)
+ module_run_appcompat := true
+endif
+endif
+endif
+
+PACKAGES.$(LOCAL_MODULE).OVERRIDES := $(strip $(LOCAL_OVERRIDES_PACKAGES))
+
+my_extract_apk := $(strip $(LOCAL_EXTRACT_APK))
+
+# Select dpi-specific source
+ifdef LOCAL_DPI_VARIANTS
+my_dpi := $(firstword $(filter $(LOCAL_DPI_VARIANTS),$(PRODUCT_AAPT_PREF_CONFIG) $(PRODUCT_AAPT_PREBUILT_DPI)))
+ifdef my_dpi
+ifdef LOCAL_DPI_FILE_STEM
+my_prebuilt_dpi_file_stem := $(LOCAL_DPI_FILE_STEM)
+else
+my_prebuilt_dpi_file_stem := $(LOCAL_MODULE)_%.apk
+endif
+my_prebuilt_src_file := $(dir $(my_prebuilt_src_file))$(subst %,$(my_dpi),$(my_prebuilt_dpi_file_stem))
+
+ifneq ($(strip $(LOCAL_EXTRACT_DPI_APK)),)
+my_extract_apk := $(subst %,$(my_dpi),$(LOCAL_EXTRACT_DPI_APK))
+endif # LOCAL_EXTRACT_DPI_APK
+endif # my_dpi
+endif # LOCAL_DPI_VARIANTS
+
+ifdef my_extract_apk
+my_extracted_apk := $(intermediates)/extracted.apk
+
+$(my_extracted_apk): PRIVATE_EXTRACT := $(my_extract_apk)
+$(my_extracted_apk): $(my_prebuilt_src_file)
+ @echo Extract APK: $@
+ $(hide) mkdir -p $(dir $@) && rm -f $@
+ $(hide) unzip -p $< $(PRIVATE_EXTRACT) >$@
+
+my_prebuilt_src_file := $(my_extracted_apk)
+my_extracted_apk :=
+my_extract_apk :=
+ifeq ($(PRODUCT_ALWAYS_PREOPT_EXTRACTED_APK),true)
+# If the product property is set, always preopt for extracted modules to prevent executing out of
+# the APK.
+my_preopt_for_extracted_apk := true
+endif
+endif
+
+dex_preopt_profile_src_file := $(my_prebuilt_src_file)
+
+rs_compatibility_jni_libs :=
+include $(BUILD_SYSTEM)/install_jni_libs.mk
+
+ifeq ($(LOCAL_CERTIFICATE),EXTERNAL)
+ # The magic string "EXTERNAL" means this package will be signed with
+ # the default dev key throughout the build process, but we expect
+ # the final package to be signed with a different key.
+ #
+ # This can be used for packages where we don't have access to the
+ # keys, but want the package to be predexopt'ed.
+ LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
+ PACKAGES.$(LOCAL_MODULE).EXTERNAL_KEY := 1
+
+ $(built_module) : $(LOCAL_CERTIFICATE).pk8 $(LOCAL_CERTIFICATE).x509.pem
+ $(built_module) : PRIVATE_PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
+ $(built_module) : PRIVATE_CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem
+endif
+ifeq ($(LOCAL_CERTIFICATE),)
+ # It is now a build error to add a prebuilt .apk without
+ # specifying a key for it.
+ $(error No LOCAL_CERTIFICATE specified for prebuilt "$(my_prebuilt_src_file)")
+else ifeq ($(LOCAL_CERTIFICATE),PRESIGNED)
+ # The magic string "PRESIGNED" means this package is already checked
+ # signed with its release key.
+ #
+ # By setting .CERTIFICATE but not .PRIVATE_KEY, this package will be
+ # mentioned in apkcerts.txt (with certificate set to "PRESIGNED")
+ # but the dexpreopt process will not try to re-sign the app.
+ PACKAGES.$(LOCAL_MODULE).CERTIFICATE := PRESIGNED
+ PACKAGES := $(PACKAGES) $(LOCAL_MODULE)
+else
+ # If this is not an absolute certificate, assign it to a generic one.
+ ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./)
+ LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE)
+ endif
+
+ PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
+ PACKAGES.$(LOCAL_MODULE).CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem
+ PACKAGES := $(PACKAGES) $(LOCAL_MODULE)
+
+ $(built_module) : $(LOCAL_CERTIFICATE).pk8 $(LOCAL_CERTIFICATE).x509.pem
+ $(built_module) : PRIVATE_PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
+ $(built_module) : PRIVATE_CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem
+endif
+
+include $(BUILD_SYSTEM)/app_certificate_validate.mk
+
+# Disable dex-preopt of prebuilts to save space, if requested.
+ifndef LOCAL_DEX_PREOPT
+ifeq ($(DONT_DEXPREOPT_PREBUILTS),true)
+LOCAL_DEX_PREOPT := false
+endif
+endif
+
+# If the module is a compressed module, we don't pre-opt it because its final
+# installation location will be the data partition.
+ifdef LOCAL_COMPRESSED_MODULE
+LOCAL_DEX_PREOPT := false
+endif
+
+my_dex_jar := $(my_prebuilt_src_file)
+
+#######################################
+# defines built_odex along with rule to install odex
+include $(BUILD_SYSTEM)/dex_preopt_odex_install.mk
+#######################################
+ifneq ($(LOCAL_REPLACE_PREBUILT_APK_INSTALLED),)
+# There is a replacement for the prebuilt .apk we can install without any processing.
+$(built_module) : $(LOCAL_REPLACE_PREBUILT_APK_INSTALLED)
+ $(transform-prebuilt-to-target)
+
+else # ! LOCAL_REPLACE_PREBUILT_APK_INSTALLED
+# Sign and align non-presigned .apks.
+# The embedded prebuilt jni to uncompress.
+ifeq ($(LOCAL_CERTIFICATE),PRESIGNED)
+# For PRESIGNED apks we must uncompress every .so file:
+# even if the .so file isn't for the current TARGET_ARCH,
+# we can't strip the file.
+embedded_prebuilt_jni_libs :=
+endif
+ifndef embedded_prebuilt_jni_libs
+# No LOCAL_PREBUILT_JNI_LIBS, uncompress all.
+embedded_prebuilt_jni_libs :=
+endif
+$(built_module): PRIVATE_EMBEDDED_JNI_LIBS := $(embedded_prebuilt_jni_libs)
+
+ifdef LOCAL_COMPRESSED_MODULE
+$(built_module) : $(MINIGZIP)
+endif
+
+ifeq ($(module_run_appcompat),true)
+$(built_module) : $(appcompat-files)
+$(LOCAL_BUILT_MODULE): PRIVATE_INSTALLED_MODULE := $(LOCAL_INSTALLED_MODULE)
+endif
+
+ifneq ($(BUILD_PLATFORM_ZIP),)
+$(built_module) : .KATI_IMPLICIT_OUTPUTS := $(dir $(LOCAL_BUILT_MODULE))package.dex.apk
+endif
+ifneq ($(LOCAL_CERTIFICATE),PRESIGNED)
+ifdef LOCAL_DEX_PREOPT
+$(built_module) : PRIVATE_STRIP_SCRIPT := $(intermediates)/strip.sh
+$(built_module) : $(intermediates)/strip.sh
+$(built_module) : | $(DEXPREOPT_STRIP_DEPS)
+$(built_module) : .KATI_DEPFILE := $(built_module).d
+endif
+endif
+$(built_module) : $(my_prebuilt_src_file) | $(ZIPALIGN) $(ZIP2ZIP) $(SIGNAPK_JAR)
+ $(transform-prebuilt-to-target)
+ $(uncompress-prebuilt-embedded-jni-libs)
+ifeq (true, $(LOCAL_UNCOMPRESS_DEX))
+ $(uncompress-dexs)
+endif # LOCAL_UNCOMPRESS_DEX
+ifdef LOCAL_DEX_PREOPT
+ifneq ($(BUILD_PLATFORM_ZIP),)
+ @# Keep a copy of apk with classes.dex unstripped
+ $(hide) cp -f $@ $(dir $@)package.dex.apk
+endif # BUILD_PLATFORM_ZIP
+endif # LOCAL_DEX_PREOPT
+ifneq ($(LOCAL_CERTIFICATE),PRESIGNED)
+ @# Only strip out files if we can re-sign the package.
+# Run appcompat before stripping the classes.dex file.
+ifeq ($(module_run_appcompat),true)
+ifeq ($(LOCAL_USE_AAPT2),true)
+ $(call appcompat-header, aapt2)
+else
+ $(appcompat-header)
+endif
+ $(run-appcompat)
+endif # module_run_appcompat
+ifdef LOCAL_DEX_PREOPT
+ mv -f $@ $@.tmp
+ $(PRIVATE_STRIP_SCRIPT) $@.tmp $@
+endif # LOCAL_DEX_PREOPT
+ $(sign-package)
+ # No need for align-package because sign-package takes care of alignment
+else # LOCAL_CERTIFICATE == PRESIGNED
+ $(align-package)
+endif # LOCAL_CERTIFICATE
+ifdef LOCAL_COMPRESSED_MODULE
+ $(compress-package)
+endif # LOCAL_COMPRESSED_MODULE
+endif # ! LOCAL_REPLACE_PREBUILT_APK_INSTALLED
+
+
+###############################
+## Install split apks.
+ifdef LOCAL_PACKAGE_SPLITS
+ifdef LOCAL_COMPRESSED_MODULE
+$(error $(LOCAL_MODULE): LOCAL_COMPRESSED_MODULE is not currently supported for split installs)
+endif # LOCAL_COMPRESSED_MODULE
+
+# LOCAL_PACKAGE_SPLITS is a list of apks to be installed.
+built_apk_splits := $(addprefix $(intermediates)/,$(notdir $(LOCAL_PACKAGE_SPLITS)))
+installed_apk_splits := $(addprefix $(my_module_path)/,$(notdir $(LOCAL_PACKAGE_SPLITS)))
+
+# Rules to sign the split apks.
+my_src_dir := $(sort $(dir $(LOCAL_PACKAGE_SPLITS)))
+ifneq (1,$(words $(my_src_dir)))
+$(error You must put all the split source apks in the same folder: $(LOCAL_PACKAGE_SPLITS))
+endif
+my_src_dir := $(LOCAL_PATH)/$(my_src_dir)
+
+$(built_apk_splits) : $(LOCAL_CERTIFICATE).pk8 $(LOCAL_CERTIFICATE).x509.pem
+$(built_apk_splits) : PRIVATE_PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
+$(built_apk_splits) : PRIVATE_CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem
+$(built_apk_splits) : $(intermediates)/%.apk : $(my_src_dir)/%.apk
+ $(copy-file-to-new-target)
+ $(sign-package)
+
+# Rules to install the split apks.
+$(installed_apk_splits) : $(my_module_path)/%.apk : $(intermediates)/%.apk
+ @echo "Install: $@"
+ $(copy-file-to-new-target)
+
+# Register the additional built and installed files.
+ALL_MODULES.$(my_register_name).INSTALLED += $(installed_apk_splits)
+ALL_MODULES.$(my_register_name).BUILT_INSTALLED += \
+ $(foreach s,$(LOCAL_PACKAGE_SPLITS),$(intermediates)/$(notdir $(s)):$(my_module_path)/$(notdir $(s)))
+
+# Make sure to install the splits when you run "make <module_name>".
+$(my_all_targets): $(installed_apk_splits)
+
+endif # LOCAL_PACKAGE_SPLITS
+
diff --git a/core/base_rules.mk b/core/base_rules.mk
index b2bbe46..742119f 100644
--- a/core/base_rules.mk
+++ b/core/base_rules.mk
@@ -477,8 +477,6 @@
ifneq (true,$(LOCAL_UNINSTALLABLE_MODULE))
ifneq ($(LOCAL_INSTALLED_MODULE),$(my_default_test_module))
-# Install into the testcase folder
-$(LOCAL_INSTALLED_MODULE) : $(my_default_test_module)
$(LOCAL_INSTALLED_MODULE): PRIVATE_POST_INSTALL_CMD := $(LOCAL_POST_INSTALL_CMD)
$(LOCAL_INSTALLED_MODULE): $(LOCAL_BUILT_MODULE)
@echo "Install: $@"
@@ -622,6 +620,13 @@
multi_arch :=
+my_default_test_module :=
+my_default_test_module := $($(my_prefix)OUT_TESTCASES)/$(LOCAL_MODULE)$(arch_dir)/$(my_installed_module_stem)
+ifneq ($(LOCAL_INSTALLED_MODULE),$(my_default_test_module))
+# Install into the testcase folder
+$(LOCAL_INSTALLED_MODULE) : $(my_default_test_module)
+endif
+
# The module itself.
$(foreach suite, $(LOCAL_COMPATIBILITY_SUITE), \
$(eval my_compat_dist_$(suite) := $(foreach dir, $(call compatibility_suite_dirs,$(suite),$(arch_dir)), \
diff --git a/core/check_elf_file.mk b/core/check_elf_file.mk
index 8f2eafb..0faaadd 100644
--- a/core/check_elf_file.mk
+++ b/core/check_elf_file.mk
@@ -13,14 +13,18 @@
# - intermediates
# - my_installed_module_stem
# - my_prebuilt_src_file
+# - my_check_elf_file_shared_lib_files
ifndef LOCAL_IS_HOST_MODULE
ifneq ($(filter $(LOCAL_MODULE_CLASS),SHARED_LIBRARIES EXECUTABLES NATIVE_TESTS),)
check_elf_files_stamp := $(intermediates)/check_elf_files.timestamp
$(check_elf_files_stamp): PRIVATE_SONAME := $(if $(filter $(LOCAL_MODULE_CLASS),SHARED_LIBRARIES),$(my_installed_module_stem))
$(check_elf_files_stamp): PRIVATE_ALLOW_UNDEFINED_SYMBOLS := $(LOCAL_ALLOW_UNDEFINED_SYMBOLS)
-$(check_elf_files_stamp): PRIVATE_SHARED_LIBRARY_FILES := # This variable will be set by `core/main.mk`
-$(check_elf_files_stamp): $(my_prebuilt_src_file) $(CHECK_ELF_FILE) $(LLVM_READOBJ)
+# PRIVATE_SHARED_LIBRARY_FILES are file paths to built shared libraries.
+# In addition to $(my_check_elf_file_shared_lib_files), some file paths are
+# added by `resolve-shared-libs-for-elf-file-check` from `core/main.mk`.
+$(check_elf_files_stamp): PRIVATE_SHARED_LIBRARY_FILES := $(my_check_elf_file_shared_lib_files)
+$(check_elf_files_stamp): $(my_prebuilt_src_file) $(my_check_elf_file_shared_lib_files) $(CHECK_ELF_FILE) $(LLVM_READOBJ)
@echo Check prebuilt ELF binary: $<
$(hide) mkdir -p $(dir $@)
$(hide) rm -f $@
diff --git a/core/config.mk b/core/config.mk
index 0bc460e..cca6200 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -836,17 +836,18 @@
ifeq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true)
$(error BOARD_BUILD_SYSTEM_ROOT_IMAGE cannot be true for devices with dynamic partitions)
endif
-
- requirements := \
- PRODUCT_USE_DYNAMIC_PARTITION_SIZE \
- PRODUCT_BUILD_SUPER_PARTITION \
-
- $(foreach req,$(requirements),$(if $(filter false,$($(req))),\
- $(error PRODUCT_USE_DYNAMIC_PARTITIONS requires $(req) to be true)))
-
- requirements :=
+ ifneq ($(PRODUCT_USE_DYNAMIC_PARTITION_SIZE),true)
+ $(error PRODUCT_USE_DYNAMIC_PARTITION_SIZE must be true for devices with dynamic partitions)
+ endif
endif
+ifeq ($(PRODUCT_BUILD_SUPER_PARTITION),true)
+ ifneq ($(PRODUCT_USE_DYNAMIC_PARTITIONS),true)
+ $(error Can only build super partition for devices with dynamic partitions)
+ endif
+endif
+
+
ifeq ($(PRODUCT_USE_DYNAMIC_PARTITION_SIZE),true)
ifneq ($(BOARD_SYSTEMIMAGE_PARTITION_SIZE),)
@@ -886,7 +887,7 @@
endif # PRODUCT_USE_DYNAMIC_PARTITION_SIZE
-ifeq ($(PRODUCT_BUILD_SUPER_PARTITION),true)
+ifeq ($(PRODUCT_USE_DYNAMIC_PARTITIONS),true)
# BOARD_SUPER_PARTITION_GROUPS defines a list of "updatable groups". Each updatable group is a
# group of partitions that share the same pool of free spaces.
@@ -897,12 +898,16 @@
# - BOARD_{GROUP}_PARTITION_PARTITION_LIST: the list of partitions that belongs to this group.
# If empty, no partitions belong to this group, and the sum of sizes is effectively 0.
$(foreach group,$(call to-upper,$(BOARD_SUPER_PARTITION_GROUPS)), \
- $(eval BOARD_$(group)_SIZE := $(strip $(BOARD_$(group)_SIZE))) \
- $(if $(BOARD_$(group)_SIZE),,$(error BOARD_$(group)_SIZE must not be empty)) \
- $(eval .KATI_READONLY := BOARD_$(group)_SIZE) \
$(eval BOARD_$(group)_PARTITION_LIST ?=) \
$(eval .KATI_READONLY := BOARD_$(group)_PARTITION_LIST) \
)
+ifeq ($(PRODUCT_BUILD_SUPER_PARTITION),true)
+$(foreach group,$(call to-upper,$(BOARD_SUPER_PARTITION_GROUPS)), \
+ $(eval BOARD_$(group)_SIZE := $(strip $(BOARD_$(group)_SIZE))) \
+ $(if $(BOARD_$(group)_SIZE),,$(error BOARD_$(group)_SIZE must not be empty)) \
+ $(eval .KATI_READONLY := BOARD_$(group)_SIZE) \
+)
+endif # PRODUCT_BUILD_SUPER_PARTITION
# BOARD_*_PARTITION_LIST: a list of the following tokens
valid_super_partition_list := system vendor product product_services odm
@@ -924,6 +929,10 @@
$(BOARD_$(group)_PARTITION_LIST))
.KATI_READONLY := BOARD_SUPER_PARTITION_PARTITION_LIST
+endif # PRODUCT_USE_DYNAMIC_PARTITIONS
+
+ifeq ($(PRODUCT_BUILD_SUPER_PARTITION),true)
+
ifneq ($(BOARD_SUPER_PARTITION_SIZE),)
ifeq ($(PRODUCT_RETROFIT_DYNAMIC_PARTITIONS),true)
diff --git a/core/main.mk b/core/main.mk
index 5d97027..605b265 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -257,6 +257,15 @@
ADDITIONAL_PRODUCT_PROPERTIES += dalvik.vm.systemservercompilerfilter=$(PRODUCT_SYSTEM_SERVER_COMPILER_FILTER)
endif
+# Sets the default value of ro.postinstall.fstab.prefix to /system.
+# Device board config should override the value to /product when needed by:
+#
+# PRODUCT_PRODUCT_PROPERTIES += ro.postinstall.fstab.prefix=/product
+#
+# It then uses ${ro.postinstall.fstab.prefix}/etc/fstab.postinstall to
+# mount system_other partition.
+ADDITIONAL_DEFAULT_PROPERTIES += ro.postinstall.fstab.prefix=/system
+
# -----------------------------------------------------------------
###
### In this section we set up the things that are different
@@ -1573,21 +1582,21 @@
ifeq ($(EMMA_INSTRUMENT),true)
$(JACOCO_REPORT_CLASSES_ALL) : $(INSTALLED_SYSTEMIMAGE_TARGET)
$(call dist-for-goals, dist_files, $(JACOCO_REPORT_CLASSES_ALL))
+ endif
- # Put XML formatted API files in the dist dir.
- $(TARGET_OUT_COMMON_INTERMEDIATES)/api.xml: $(call java-lib-header-files,android_stubs_current) $(APICHECK)
- $(TARGET_OUT_COMMON_INTERMEDIATES)/system-api.xml: $(call java-lib-header-files,android_system_stubs_current) $(APICHECK)
- $(TARGET_OUT_COMMON_INTERMEDIATES)/test-api.xml: $(call java-lib-header-files,android_test_stubs_current) $(APICHECK)
+ # Put XML formatted API files in the dist dir.
+ $(TARGET_OUT_COMMON_INTERMEDIATES)/api.xml: $(call java-lib-header-files,android_stubs_current) $(APICHECK)
+ $(TARGET_OUT_COMMON_INTERMEDIATES)/system-api.xml: $(call java-lib-header-files,android_system_stubs_current) $(APICHECK)
+ $(TARGET_OUT_COMMON_INTERMEDIATES)/test-api.xml: $(call java-lib-header-files,android_test_stubs_current) $(APICHECK)
- api_xmls := $(addprefix $(TARGET_OUT_COMMON_INTERMEDIATES)/,api.xml system-api.xml test-api.xml)
- $(api_xmls):
+ api_xmls := $(addprefix $(TARGET_OUT_COMMON_INTERMEDIATES)/,api.xml system-api.xml test-api.xml)
+ $(api_xmls):
$(hide) echo "Converting API file to XML: $@"
$(hide) mkdir -p $(dir $@)
$(hide) $(APICHECK_COMMAND) --input-api-jar $< --api-xml $@
- $(call dist-for-goals, dist_files, $(api_xmls))
- api_xmls :=
- endif
+ $(call dist-for-goals, dist_files, $(api_xmls))
+ api_xmls :=
# Building a full system-- the default is to build droidcore
droid_targets: droidcore dist_files
diff --git a/core/prebuilt_internal.mk b/core/prebuilt_internal.mk
index 49613e9..e505945 100644
--- a/core/prebuilt_internal.mk
+++ b/core/prebuilt_internal.mk
@@ -39,6 +39,13 @@
LOCAL_CHECKED_MODULE := $(my_prebuilt_src_file)
+ifeq (APPS,$(LOCAL_MODULE_CLASS))
+include $(BUILD_SYSTEM)/app_prebuilt_internal.mk
+else
+#
+# Non-APPS prebuilt modules handling almost to the end of the file
+#
+
my_strip_module := $(firstword \
$(LOCAL_STRIP_MODULE_$($(my_prefix)$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)) \
$(LOCAL_STRIP_MODULE))
@@ -69,44 +76,11 @@
prebuilt_module_is_dex_javalib :=
endif
-# Run veridex on product, product_services and vendor modules.
-# We skip it for unbundled app builds where we cannot build veridex.
-module_run_appcompat :=
-ifeq (true,$(non_system_module))
-ifeq (,$(TARGET_BUILD_APPS)$(filter true,$(TARGET_BUILD_PDK))) # ! unbundled app build
-ifneq ($(UNSAFE_DISABLE_HIDDENAPI_FLAGS),true)
- module_run_appcompat := true
-endif
-endif
-endif
-
-ifdef LOCAL_COMPRESSED_MODULE
-ifneq (true,$(LOCAL_COMPRESSED_MODULE))
-$(call pretty-error, Unknown value for LOCAL_COMPRESSED_MODULE $(LOCAL_COMPRESSED_MODULE))
-endif
-endif
-
-ifeq ($(LOCAL_MODULE_CLASS),APPS)
-ifdef LOCAL_COMPRESSED_MODULE
-LOCAL_BUILT_MODULE_STEM := package.apk.gz
-else
-LOCAL_BUILT_MODULE_STEM := package.apk
-endif # LOCAL_COMPRESSED_MODULE
-
-ifndef LOCAL_INSTALLED_MODULE_STEM
-ifdef LOCAL_COMPRESSED_MODULE
-PACKAGES.$(LOCAL_MODULE).COMPRESSED := gz
-LOCAL_INSTALLED_MODULE_STEM := $(LOCAL_MODULE).apk.gz
-else
-LOCAL_INSTALLED_MODULE_STEM := $(LOCAL_MODULE).apk
-endif # LOCAL_COMPRESSED_MODULE
-endif # LOCAL_INSTALLED_MODULE_STEM
-
-else # $(LOCAL_MODULE_CLASS) != APPS)
ifdef LOCAL_COMPRESSED_MODULE
$(error $(LOCAL_MODULE) : LOCAL_COMPRESSED_MODULE can only be defined for module class APPS)
endif # LOCAL_COMPRESSED_MODULE
-endif
+
+my_check_elf_file_shared_lib_files :=
ifneq ($(filter true keep_symbols no_debuglink mini-debug-info,$(my_strip_module)),)
ifdef LOCAL_IS_HOST_MODULE
@@ -123,6 +97,12 @@
include $(BUILD_SYSTEM)/dynamic_binary.mk
built_module := $(linked_module)
+ ifneq ($(LOCAL_SDK_VERSION),)
+ # binary.mk filters out NDK_MIGRATED_LIBS from my_shared_libs, thus those NDK libs are not added
+ # to DEPENDENCIES_ON_SHARED_LIBRARIES. Assign $(my_ndk_shared_libraries_fullpath) to
+ # my_check_elf_file_shared_lib_files so that check_elf_file.py can see those NDK stub libs.
+ my_check_elf_file_shared_lib_files := $(my_ndk_shared_libraries_fullpath)
+ endif
else # my_strip_module not true
include $(BUILD_SYSTEM)/base_rules.mk
built_module := $(LOCAL_BUILT_MODULE)
@@ -239,234 +219,7 @@
endif
endif
-ifeq ($(LOCAL_MODULE_CLASS),APPS)
-PACKAGES.$(LOCAL_MODULE).OVERRIDES := $(strip $(LOCAL_OVERRIDES_PACKAGES))
-
-my_extract_apk := $(strip $(LOCAL_EXTRACT_APK))
-
-# Select dpi-specific source
-ifdef LOCAL_DPI_VARIANTS
-my_dpi := $(firstword $(filter $(LOCAL_DPI_VARIANTS),$(PRODUCT_AAPT_PREF_CONFIG) $(PRODUCT_AAPT_PREBUILT_DPI)))
-ifdef my_dpi
-ifdef LOCAL_DPI_FILE_STEM
-my_prebuilt_dpi_file_stem := $(LOCAL_DPI_FILE_STEM)
-else
-my_prebuilt_dpi_file_stem := $(LOCAL_MODULE)_%.apk
-endif
-my_prebuilt_src_file := $(dir $(my_prebuilt_src_file))$(subst %,$(my_dpi),$(my_prebuilt_dpi_file_stem))
-
-ifneq ($(strip $(LOCAL_EXTRACT_DPI_APK)),)
-my_extract_apk := $(subst %,$(my_dpi),$(LOCAL_EXTRACT_DPI_APK))
-endif # LOCAL_EXTRACT_DPI_APK
-endif # my_dpi
-endif # LOCAL_DPI_VARIANTS
-
-ifdef my_extract_apk
-my_extracted_apk := $(intermediates)/extracted.apk
-
-$(my_extracted_apk): PRIVATE_EXTRACT := $(my_extract_apk)
-$(my_extracted_apk): $(my_prebuilt_src_file)
- @echo Extract APK: $@
- $(hide) mkdir -p $(dir $@) && rm -f $@
- $(hide) unzip -p $< $(PRIVATE_EXTRACT) >$@
-
-my_prebuilt_src_file := $(my_extracted_apk)
-my_extracted_apk :=
-my_extract_apk :=
-ifeq ($(PRODUCT_ALWAYS_PREOPT_EXTRACTED_APK),true)
-# If the product property is set, always preopt for extracted modules to prevent executing out of
-# the APK.
-my_preopt_for_extracted_apk := true
-endif
-endif
-
-dex_preopt_profile_src_file := $(my_prebuilt_src_file)
-
-rs_compatibility_jni_libs :=
-include $(BUILD_SYSTEM)/install_jni_libs.mk
-
-ifeq ($(LOCAL_CERTIFICATE),EXTERNAL)
- # The magic string "EXTERNAL" means this package will be signed with
- # the default dev key throughout the build process, but we expect
- # the final package to be signed with a different key.
- #
- # This can be used for packages where we don't have access to the
- # keys, but want the package to be predexopt'ed.
- LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
- PACKAGES.$(LOCAL_MODULE).EXTERNAL_KEY := 1
-
- $(built_module) : $(LOCAL_CERTIFICATE).pk8 $(LOCAL_CERTIFICATE).x509.pem
- $(built_module) : PRIVATE_PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
- $(built_module) : PRIVATE_CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem
-endif
-ifeq ($(LOCAL_CERTIFICATE),)
- # It is now a build error to add a prebuilt .apk without
- # specifying a key for it.
- $(error No LOCAL_CERTIFICATE specified for prebuilt "$(my_prebuilt_src_file)")
-else ifeq ($(LOCAL_CERTIFICATE),PRESIGNED)
- # The magic string "PRESIGNED" means this package is already checked
- # signed with its release key.
- #
- # By setting .CERTIFICATE but not .PRIVATE_KEY, this package will be
- # mentioned in apkcerts.txt (with certificate set to "PRESIGNED")
- # but the dexpreopt process will not try to re-sign the app.
- PACKAGES.$(LOCAL_MODULE).CERTIFICATE := PRESIGNED
- PACKAGES := $(PACKAGES) $(LOCAL_MODULE)
-else
- # If this is not an absolute certificate, assign it to a generic one.
- ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./)
- LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE)
- endif
-
- PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
- PACKAGES.$(LOCAL_MODULE).CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem
- PACKAGES := $(PACKAGES) $(LOCAL_MODULE)
-
- $(built_module) : $(LOCAL_CERTIFICATE).pk8 $(LOCAL_CERTIFICATE).x509.pem
- $(built_module) : PRIVATE_PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
- $(built_module) : PRIVATE_CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem
-endif
-
-include $(BUILD_SYSTEM)/app_certificate_validate.mk
-
-# Disable dex-preopt of prebuilts to save space, if requested.
-ifndef LOCAL_DEX_PREOPT
-ifeq ($(DONT_DEXPREOPT_PREBUILTS),true)
-LOCAL_DEX_PREOPT := false
-endif
-endif
-
-# If the module is a compressed module, we don't pre-opt it because its final
-# installation location will be the data partition.
-ifdef LOCAL_COMPRESSED_MODULE
-LOCAL_DEX_PREOPT := false
-endif
-
-my_dex_jar := $(my_prebuilt_src_file)
-
-#######################################
-# defines built_odex along with rule to install odex
-include $(BUILD_SYSTEM)/dex_preopt_odex_install.mk
-#######################################
-ifneq ($(LOCAL_REPLACE_PREBUILT_APK_INSTALLED),)
-# There is a replacement for the prebuilt .apk we can install without any processing.
-$(built_module) : $(LOCAL_REPLACE_PREBUILT_APK_INSTALLED)
- $(transform-prebuilt-to-target)
-
-else # ! LOCAL_REPLACE_PREBUILT_APK_INSTALLED
-# Sign and align non-presigned .apks.
-# The embedded prebuilt jni to uncompress.
-ifeq ($(LOCAL_CERTIFICATE),PRESIGNED)
-# For PRESIGNED apks we must uncompress every .so file:
-# even if the .so file isn't for the current TARGET_ARCH,
-# we can't strip the file.
-embedded_prebuilt_jni_libs :=
-endif
-ifndef embedded_prebuilt_jni_libs
-# No LOCAL_PREBUILT_JNI_LIBS, uncompress all.
-embedded_prebuilt_jni_libs :=
-endif
-$(built_module): PRIVATE_EMBEDDED_JNI_LIBS := $(embedded_prebuilt_jni_libs)
-
-ifdef LOCAL_COMPRESSED_MODULE
-$(built_module) : $(MINIGZIP)
-endif
-
-ifeq ($(module_run_appcompat),true)
-$(built_module) : $(appcompat-files)
-$(LOCAL_BUILT_MODULE): PRIVATE_INSTALLED_MODULE := $(LOCAL_INSTALLED_MODULE)
-endif
-
-ifneq ($(BUILD_PLATFORM_ZIP),)
-$(built_module) : .KATI_IMPLICIT_OUTPUTS := $(dir $(LOCAL_BUILT_MODULE))package.dex.apk
-endif
-ifneq ($(LOCAL_CERTIFICATE),PRESIGNED)
-ifdef LOCAL_DEX_PREOPT
-$(built_module) : PRIVATE_STRIP_SCRIPT := $(intermediates)/strip.sh
-$(built_module) : $(intermediates)/strip.sh
-$(built_module) : | $(DEXPREOPT_STRIP_DEPS)
-$(built_module) : .KATI_DEPFILE := $(built_module).d
-endif
-endif
-$(built_module) : $(my_prebuilt_src_file) | $(ZIPALIGN) $(ZIP2ZIP) $(SIGNAPK_JAR)
- $(transform-prebuilt-to-target)
- $(uncompress-prebuilt-embedded-jni-libs)
-ifeq (true, $(LOCAL_UNCOMPRESS_DEX))
- $(uncompress-dexs)
-endif # LOCAL_UNCOMPRESS_DEX
-ifdef LOCAL_DEX_PREOPT
-ifneq ($(BUILD_PLATFORM_ZIP),)
- @# Keep a copy of apk with classes.dex unstripped
- $(hide) cp -f $@ $(dir $@)package.dex.apk
-endif # BUILD_PLATFORM_ZIP
-endif # LOCAL_DEX_PREOPT
-ifneq ($(LOCAL_CERTIFICATE),PRESIGNED)
- @# Only strip out files if we can re-sign the package.
-# Run appcompat before stripping the classes.dex file.
-ifeq ($(module_run_appcompat),true)
-ifeq ($(LOCAL_USE_AAPT2),true)
- $(call appcompat-header, aapt2)
-else
- $(appcompat-header)
-endif
- $(run-appcompat)
-endif # module_run_appcompat
-ifdef LOCAL_DEX_PREOPT
- mv -f $@ $@.tmp
- $(PRIVATE_STRIP_SCRIPT) $@.tmp $@
-endif # LOCAL_DEX_PREOPT
- $(sign-package)
- # No need for align-package because sign-package takes care of alignment
-else # LOCAL_CERTIFICATE == PRESIGNED
- $(align-package)
-endif # LOCAL_CERTIFICATE
-ifdef LOCAL_COMPRESSED_MODULE
- $(compress-package)
-endif # LOCAL_COMPRESSED_MODULE
-endif # ! LOCAL_REPLACE_PREBUILT_APK_INSTALLED
-
-
-###############################
-## Install split apks.
-ifdef LOCAL_PACKAGE_SPLITS
-ifdef LOCAL_COMPRESSED_MODULE
-$(error $(LOCAL_MODULE): LOCAL_COMPRESSED_MODULE is not currently supported for split installs)
-endif # LOCAL_COMPRESSED_MODULE
-
-# LOCAL_PACKAGE_SPLITS is a list of apks to be installed.
-built_apk_splits := $(addprefix $(intermediates)/,$(notdir $(LOCAL_PACKAGE_SPLITS)))
-installed_apk_splits := $(addprefix $(my_module_path)/,$(notdir $(LOCAL_PACKAGE_SPLITS)))
-
-# Rules to sign the split apks.
-my_src_dir := $(sort $(dir $(LOCAL_PACKAGE_SPLITS)))
-ifneq (1,$(words $(my_src_dir)))
-$(error You must put all the split source apks in the same folder: $(LOCAL_PACKAGE_SPLITS))
-endif
-my_src_dir := $(LOCAL_PATH)/$(my_src_dir)
-
-$(built_apk_splits) : $(LOCAL_CERTIFICATE).pk8 $(LOCAL_CERTIFICATE).x509.pem
-$(built_apk_splits) : PRIVATE_PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
-$(built_apk_splits) : PRIVATE_CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem
-$(built_apk_splits) : $(intermediates)/%.apk : $(my_src_dir)/%.apk
- $(copy-file-to-new-target)
- $(sign-package)
-
-# Rules to install the split apks.
-$(installed_apk_splits) : $(my_module_path)/%.apk : $(intermediates)/%.apk
- @echo "Install: $@"
- $(copy-file-to-new-target)
-
-# Register the additional built and installed files.
-ALL_MODULES.$(my_register_name).INSTALLED += $(installed_apk_splits)
-ALL_MODULES.$(my_register_name).BUILT_INSTALLED += \
- $(foreach s,$(LOCAL_PACKAGE_SPLITS),$(intermediates)/$(notdir $(s)):$(my_module_path)/$(notdir $(s)))
-
-# Make sure to install the splits when you run "make <module_name>".
-$(my_all_targets): $(installed_apk_splits)
-
-endif # LOCAL_PACKAGE_SPLITS
-
-else ifeq ($(prebuilt_module_is_dex_javalib),true) # ! LOCAL_MODULE_CLASS != APPS
+ifeq ($(prebuilt_module_is_dex_javalib),true)
my_dex_jar := $(my_prebuilt_src_file)
# This is a target shared library, i.e. a jar with classes.dex.
@@ -693,6 +446,8 @@
endif # JAVA_LIBRARIES
+endif # APPS
+
$(built_module) : $(LOCAL_ADDITIONAL_DEPENDENCIES)
my_prebuilt_src_file :=
diff --git a/core/soong_java_prebuilt.mk b/core/soong_java_prebuilt.mk
index 6214ac6..9692a99 100644
--- a/core/soong_java_prebuilt.mk
+++ b/core/soong_java_prebuilt.mk
@@ -94,6 +94,8 @@
ALL_MODULES.$(my_register_name).INSTALLED += $(installed_odex)
# Make sure to install the .odex and .vdex when you run "make <module_name>"
$(my_all_targets): $(installed_odex)
+ # Copy $(LOCAL_BUILT_MODULE) and its dependencies when installing boot.art
+ $(DEFAULT_DEX_PREOPT_INSTALLED_IMAGE): $(LOCAL_BUILT_MODULE)
endif
endif # is_boot_jar
diff --git a/target/board/gsi_system.prop b/target/board/gsi_system.prop
index 0c04a95..d768c83 100644
--- a/target/board/gsi_system.prop
+++ b/target/board/gsi_system.prop
@@ -4,5 +4,8 @@
# GSI always disables adb authentication
ro.adb.secure=0
+# TODO(b/120679683): disable RescueParty before all problem apps solved
+persist.sys.disable_rescue=true
+
# TODO(b/78105955): disable privapp_permissions checking before the bug solved
ro.control_privapp_permissions=disable
diff --git a/target/board/gsi_system_user.prop b/target/board/gsi_system_user.prop
index 1aa553b..becb783 100644
--- a/target/board/gsi_system_user.prop
+++ b/target/board/gsi_system_user.prop
@@ -1,5 +1,8 @@
# GSI always generate dex pre-opt in system image
ro.cp_system_other_odex=0
+# TODO(b/120679683): disable RescueParty before all problem apps solved
+persist.sys.disable_rescue=true
+
# TODO(b/78105955): disable privapp_permissions checking before the bug solved
ro.control_privapp_permissions=disable
diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index 5132ae7..10aecf9 100755
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -146,11 +146,12 @@
ofile.write(data)
ofile.close()
- arc_name = "SYSTEM/" + fn
- if arc_name in output_zip.namelist():
- OPTIONS.replace_updated_files_list.append(arc_name)
- else:
- common.ZipWrite(output_zip, ofile.name, arc_name)
+ if output_zip:
+ arc_name = "SYSTEM/" + fn
+ if arc_name in output_zip.namelist():
+ OPTIONS.replace_updated_files_list.append(arc_name)
+ else:
+ common.ZipWrite(output_zip, ofile.name, arc_name)
if OPTIONS.rebuild_recovery:
logger.info("Building new recovery patch")
@@ -260,7 +261,7 @@
# AVB-sign the image as needed.
if OPTIONS.info_dict.get("avb_enable") == "true":
- avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
+ avbtool = OPTIONS.info_dict["avb_avbtool"]
part_size = OPTIONS.info_dict["dtbo_size"]
# The AVB hash footer will be replaced if already present.
cmd = [avbtool, "add_hash_footer", "--image", img.name,
@@ -428,7 +429,7 @@
logger.info("%s.img already exists; not rebuilding...", name)
return img.name
- avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
+ avbtool = OPTIONS.info_dict["avb_avbtool"]
cmd = [avbtool, "make_vbmeta_image", "--output", img.name]
common.AppendAVBSigningArgs(cmd, name)
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index 5e3d68a..bcbc921 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -739,6 +739,7 @@
with open(filename, "w") as f:
f.writelines(["%s=%s" % (key, value) for (key, value) in glob_dict.items()])
+
def ExtractSystemOtherAvbKey(in_dir, glob_dict):
if glob_dict.get("avb_system_extract_system_other_key") != "true":
return
@@ -754,12 +755,13 @@
# Extracts the public key used to sign system_other.img, into system.img:
# /system/etc/security/avb/system_other.avbpubkey.
- avbtool = os.getenv('AVBTOOL') or glob_dict.get("avb_avbtool")
+ avbtool = glob_dict.get("avb_avbtool")
extract_from = glob_dict.get("avb_system_other_key_path")
cmd = [avbtool, "extract_public_key", "--key", extract_from,
"--output", extract_to]
common.RunAndCheckOutput(cmd, verbose=False)
+
def main(argv):
if len(argv) < 4 or len(argv) > 5:
print(__doc__)
diff --git a/tools/releasetools/build_super_image.py b/tools/releasetools/build_super_image.py
index bb0e641..38ea3d6 100755
--- a/tools/releasetools/build_super_image.py
+++ b/tools/releasetools/build_super_image.py
@@ -24,9 +24,8 @@
- target files package. Same as above, but extracts the archive before
building super image.
- a dictionary file containing input arguments to build. Check
- `dump_dynamic_partitions_info' for details.
+ `dump-super-image-info' for details.
In addition:
- - "ab_update" needs to be true for A/B devices.
- If source images should be included in the output image (for super.img
and super split images), a list of "*_image" should be paths of each
source images.
diff --git a/tools/releasetools/check_target_files_signatures.py b/tools/releasetools/check_target_files_signatures.py
index 4b0d4c7..9b76954 100755
--- a/tools/releasetools/check_target_files_signatures.py
+++ b/tools/releasetools/check_target_files_signatures.py
@@ -168,7 +168,6 @@
class APK(object):
-
def __init__(self, full_filename, filename):
self.filename = filename
self.certs = None
@@ -245,12 +244,12 @@
# must decompress them individually before we perform any analysis.
# This is the list of wildcards of files we extract from |filename|.
- apk_extensions = ['*.apk', '*.apex']
+ apk_extensions = ['*.apk']
self.certmap, compressed_extension = common.ReadApkCerts(
- zipfile.ZipFile(filename))
+ zipfile.ZipFile(filename, "r"))
if compressed_extension:
- apk_extensions.append('*.apk' + compressed_extension)
+ apk_extensions.append("*.apk" + compressed_extension)
d = common.UnzipTemp(filename, apk_extensions)
self.apks = {}
@@ -273,7 +272,7 @@
os.remove(os.path.join(dirpath, fn))
fn = uncompressed_fn
- if fn.endswith(('.apk', '.apex')):
+ if fn.endswith(".apk"):
fullname = os.path.join(dirpath, fn)
displayname = fullname[len(d)+1:]
apk = APK(fullname, displayname)
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index e71667b..780b9c1 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -704,7 +704,7 @@
# AVB: if enabled, calculate and add hash to boot.img or recovery.img.
if info_dict.get("avb_enable") == "true":
- avbtool = os.getenv('AVBTOOL') or info_dict["avb_avbtool"]
+ avbtool = info_dict["avb_avbtool"]
part_size = info_dict[partition_name + "_size"]
cmd = [avbtool, "add_hash_footer", "--image", img.name,
"--partition_size", str(part_size), "--partition_name",
diff --git a/tools/releasetools/merge_target_files.py b/tools/releasetools/merge_target_files.py
index 5014516..1d62e3b 100755
--- a/tools/releasetools/merge_target_files.py
+++ b/tools/releasetools/merge_target_files.py
@@ -43,6 +43,10 @@
--output-target-files output-target-files-package
The output merged target files package. Also a zip archive.
+
+ --rebuild_recovery
+ Rebuild the recovery patch used by non-A/B devices and write it to the
+ system image.
"""
from __future__ import print_function
@@ -65,6 +69,7 @@
OPTIONS.other_target_files = None
OPTIONS.other_item_list = None
OPTIONS.output_target_files = None
+OPTIONS.rebuild_recovery = False
OPTIONS.keep_tmp = False
# default_system_item_list is a list of items to extract from the partial
@@ -199,6 +204,38 @@
return config_file.read().splitlines()
+def validate_config_lists(system_item_list, other_item_list):
+ """Performs validations on the merge config lists.
+
+ Args:
+ system_item_list: The list of items to extract from the partial
+ system target files package as is.
+
+ other_item_list: The list of items to extract from the partial
+ other target files package as is.
+
+ Returns:
+ False if a validation fails, otherwise true.
+ """
+ default_combined_item_set = set(default_system_item_list)
+ default_combined_item_set.update(default_other_item_list)
+
+ combined_item_set = set(system_item_list)
+ combined_item_set.update(other_item_list)
+
+ # Check that the merge config lists are not missing any item specified
+ # by the default config lists.
+ difference = default_combined_item_set.difference(combined_item_set)
+ if difference:
+ logger.error('Missing merge config items: %s' % list(difference))
+ logger.error('Please ensure missing items are in either the '
+ 'system-item-list or other-item-list files provided to '
+ 'this script.')
+ return False
+
+ return True
+
+
def process_ab_partitions_txt(
system_target_files_temp_dir,
other_target_files_temp_dir,
@@ -433,7 +470,8 @@
system_misc_info_keys,
other_target_files,
other_item_list,
- output_target_files):
+ output_target_files,
+ rebuild_recovery):
"""Merge two target files packages together.
This function takes system and other target files packages as input, performs
@@ -466,6 +504,9 @@
output_target_files: The name of the output zip archive target files
package created by merging system and other.
+
+ rebuild_recovery: If true, rebuild the recovery patch used by non-A/B
+ devices and write it to the system image.
"""
logger.info(
@@ -531,10 +572,10 @@
# Regenerate IMAGES in the temporary directory.
- add_img_args = [
- '--verbose',
- output_target_files_temp_dir,
- ]
+ add_img_args = ['--verbose']
+ if rebuild_recovery:
+ add_img_args.append('--rebuild_recovery')
+ add_img_args.append(output_target_files_temp_dir)
add_img_to_target_files.main(add_img_args)
@@ -630,6 +671,8 @@
OPTIONS.other_item_list = a
elif o == '--output-target-files':
OPTIONS.output_target_files = a
+ elif o == '--rebuild_recovery':
+ OPTIONS.rebuild_recovery = True
elif o == '--keep_tmp':
OPTIONS.keep_tmp = True
else:
@@ -645,6 +688,7 @@
'other-target-files=',
'other-item-list=',
'output-target-files=',
+ 'rebuild_recovery',
"keep_tmp",
],
extra_option_handler=option_handler)
@@ -671,6 +715,11 @@
else:
other_item_list = default_other_item_list
+ if not validate_config_lists(
+ system_item_list=system_item_list,
+ other_item_list=other_item_list):
+ sys.exit(1)
+
call_func_with_temp_dir(
lambda temp_dir: merge_target_files(
temp_dir=temp_dir,
@@ -679,7 +728,8 @@
system_misc_info_keys=system_misc_info_keys,
other_target_files=OPTIONS.other_target_files,
other_item_list=other_item_list,
- output_target_files=OPTIONS.output_target_files),
+ output_target_files=OPTIONS.output_target_files,
+ rebuild_recovery=OPTIONS.rebuild_recovery),
OPTIONS.keep_tmp)
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index a9d2218..71598e3 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -166,7 +166,7 @@
def GetApexKeys(keys_info, key_map):
"""Gets APEX payload and container signing keys by applying the mapping rules.
- We currently don't allow PRESIGNED payload / container keys.
+ Presigned payload / container keys will be set accordingly.
Args:
keys_info: A dict that maps from APEX filenames to a tuple of (payload_key,
@@ -180,7 +180,8 @@
# Apply all the --extra_apex_payload_key options to override the payload
# signing keys in the given keys_info.
for apex, key in OPTIONS.extra_apex_payload_keys.items():
- assert key, 'Presigned APEX payload for {} is not allowed'.format(apex)
+ if not key:
+ key = 'PRESIGNED'
keys_info[apex] = (key, keys_info[apex][1])
# Apply the key remapping to container keys.
@@ -192,8 +193,9 @@
# Skip non-APEX containers.
if apex not in keys_info:
continue
- assert key, 'Presigned APEX container for {} is not allowed'.format(apex)
- keys_info[apex][1] = key_map.get(key, key)
+ if not key:
+ key = 'PRESIGNED'
+ keys_info[apex] = (keys_info[apex][0], key_map.get(key, key))
return keys_info
@@ -245,7 +247,7 @@
def CheckApkAndApexKeysAvailable(input_tf_zip, known_keys,
- compressed_extension):
+ compressed_extension, apex_keys):
"""Checks that all the APKs and APEXes have keys specified.
Args:
@@ -253,6 +255,8 @@
known_keys: A set of APKs and APEXes that have known signing keys.
compressed_extension: The extension string of compressed APKs, such as
'.gz', or None if there's no compressed APKs.
+ apex_keys: A dict that contains the key mapping from APEX name to
+ (payload_key, container_key).
Raises:
AssertionError: On finding unknown APKs and APEXes.
@@ -284,6 +288,31 @@
"Use '-e <apkname>=' to specify a key (which may be an empty string to "
"not sign this apk).".format("\n ".join(unknown_files)))
+ # For all the APEXes, double check that we won't have an APEX that has only
+ # one of the payload / container keys set.
+ if not apex_keys:
+ return
+
+ invalid_apexes = []
+ for info in input_tf_zip.infolist():
+ if (not info.filename.startswith('SYSTEM/apex') or
+ not info.filename.endswith('.apex')):
+ continue
+
+ name = os.path.basename(info.filename)
+ (payload_key, container_key) = apex_keys[name]
+ if ((payload_key in common.SPECIAL_CERT_STRINGS and
+ container_key not in common.SPECIAL_CERT_STRINGS) or
+ (payload_key not in common.SPECIAL_CERT_STRINGS and
+ container_key in common.SPECIAL_CERT_STRINGS)):
+ invalid_apexes.append(
+ "{}: payload_key {}, container_key {}".format(
+ name, payload_key, container_key))
+
+ assert not invalid_apexes, \
+ "Invalid APEX keys specified:\n {}\n".format(
+ "\n ".join(invalid_apexes))
+
def SignApk(data, keyname, pw, platform_api_level, codename_to_api_level_map,
is_compressed):
@@ -468,19 +497,29 @@
name = os.path.basename(filename)
payload_key, container_key = apex_keys[name]
- print(" signing: %-*s container (%s)" % (maxsize, name, container_key))
- print(" : %-*s payload (%s)" % (maxsize, name, payload_key))
+ # We've asserted not having a case with only one of them PRESIGNED.
+ if (payload_key not in common.SPECIAL_CERT_STRINGS and
+ container_key not in common.SPECIAL_CERT_STRINGS):
+ print(" signing: %-*s container (%s)" % (
+ maxsize, name, container_key))
+ print(" : %-*s payload (%s)" % (
+ maxsize, name, payload_key))
- (signed_apex, payload_key_name) = SignApex(
- data,
- payload_key,
- container_key,
- key_passwords[container_key],
- codename_to_api_level_map,
- OPTIONS.avb_extra_args.get('apex'))
- common.ZipWrite(output_tf_zip, signed_apex, filename)
+ (signed_apex, payload_key_name) = SignApex(
+ data,
+ payload_key,
+ container_key,
+ key_passwords[container_key],
+ codename_to_api_level_map,
+ OPTIONS.avb_extra_args.get('apex'))
+ common.ZipWrite(output_tf_zip, signed_apex, filename)
+ updated_apex_payload_keys[payload_key_name] = payload_key
- updated_apex_payload_keys[payload_key_name] = payload_key
+ else:
+ print(
+ "NOT signing: %s\n"
+ " (skipped due to special cert string)" % (name,))
+ common.ZipWriteStr(output_tf_zip, out_info, data)
# AVB public keys for the installed APEXes, which will be updated later.
elif (os.path.dirname(filename) == 'SYSTEM/etc/security/apex' and
@@ -557,8 +596,10 @@
continue
name = os.path.basename(filename)
- assert name in updated_apex_payload_keys, \
- 'Unsigned APEX payload key: {}'.format(filename)
+
+ # Skip PRESIGNED APEXes.
+ if name not in updated_apex_payload_keys:
+ continue
key_path = updated_apex_payload_keys[name]
if not os.path.exists(key_path) and not key_path.endswith('.pem'):
@@ -1181,7 +1222,8 @@
CheckApkAndApexKeysAvailable(
input_zip,
set(apk_keys.keys()) | set(apex_keys.keys()),
- compressed_extension)
+ compressed_extension,
+ apex_keys)
key_passwords = common.GetKeyPasswords(
set(apk_keys.values()) | set(itertools.chain(*apex_keys.values())))
diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py
index 9d21429..6082baf 100644
--- a/tools/releasetools/test_sign_target_files_apks.py
+++ b/tools/releasetools/test_sign_target_files_apks.py
@@ -33,6 +33,7 @@
<signer signature="{}"><seinfo value="media"/></signer>
</policy>"""
+ # pylint: disable=line-too-long
APEX_KEYS_TXT = """name="apex.apexd_test.apex" public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package.avbpubkey" private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem" container_certificate="build/target/product/security/testkey.x509.pem" container_private_key="build/target/product/security/testkey.pk8"
name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" container_certificate="build/target/product/security/testkey.x509.pem" container_private_key="build/target/product/security/testkey.pk8"
"""
@@ -223,17 +224,50 @@
'App3.apk' : 'key3',
}
with zipfile.ZipFile(input_file) as input_zip:
- CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None)
- CheckApkAndApexKeysAvailable(input_zip, apk_key_map, '.gz')
+ CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, {})
+ CheckApkAndApexKeysAvailable(input_zip, apk_key_map, '.gz', {})
# 'App2.apk.gz' won't be considered as an APK.
- CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None)
- CheckApkAndApexKeysAvailable(input_zip, apk_key_map, '.xz')
+ CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, {})
+ CheckApkAndApexKeysAvailable(input_zip, apk_key_map, '.xz', {})
del apk_key_map['App2.apk']
self.assertRaises(
AssertionError, CheckApkAndApexKeysAvailable, input_zip, apk_key_map,
- '.gz')
+ '.gz', {})
+
+ def test_CheckApkAndApexKeysAvailable_invalidApexKeys(self):
+ input_file = common.MakeTempFile(suffix='.zip')
+ with zipfile.ZipFile(input_file, 'w') as input_zip:
+ input_zip.writestr('SYSTEM/apex/Apex1.apex', "Apex1-content")
+ input_zip.writestr('SYSTEM/apex/Apex2.apex', "Apex2-content")
+
+ apk_key_map = {
+ 'Apex1.apex' : 'key1',
+ 'Apex2.apex' : 'key2',
+ 'Apex3.apex' : 'key3',
+ }
+ apex_keys = {
+ 'Apex1.apex' : ('payload-key1', 'container-key1'),
+ 'Apex2.apex' : ('payload-key2', 'container-key2'),
+ }
+ with zipfile.ZipFile(input_file) as input_zip:
+ CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, apex_keys)
+
+ # Fine to have both keys as PRESIGNED.
+ apex_keys['Apex2.apex'] = ('PRESIGNED', 'PRESIGNED')
+ CheckApkAndApexKeysAvailable(input_zip, apk_key_map, None, apex_keys)
+
+ # Having only one of them as PRESIGNED is not allowed.
+ apex_keys['Apex2.apex'] = ('payload-key2', 'PRESIGNED')
+ self.assertRaises(
+ AssertionError, CheckApkAndApexKeysAvailable, input_zip, apk_key_map,
+ None, apex_keys)
+
+ apex_keys['Apex2.apex'] = ('PRESIGNED', 'container-key1')
+ self.assertRaises(
+ AssertionError, CheckApkAndApexKeysAvailable, input_zip, apk_key_map,
+ None, apex_keys)
def test_GetApkFileInfo(self):
(is_apk, is_compressed, should_be_skipped) = GetApkFileInfo(
@@ -358,16 +392,14 @@
with zipfile.ZipFile(target_files) as target_files_zip:
keys_info = ReadApexKeysInfo(target_files_zip)
- self.assertEqual(
- {
- 'apex.apexd_test.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
- 'build/target/product/security/testkey'),
- 'apex.apexd_test_different_app.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
- 'build/target/product/security/testkey'),
- },
- keys_info)
+ self.assertEqual({
+ 'apex.apexd_test.apex': (
+ 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
+ 'build/target/product/security/testkey'),
+ 'apex.apexd_test_different_app.apex': (
+ 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
+ 'build/target/product/security/testkey'),
+ }, keys_info)
def test_ReadApexKeysInfo_mismatchingKeys(self):
# Mismatching payload public / private keys.
@@ -398,13 +430,11 @@
with zipfile.ZipFile(target_files) as target_files_zip:
keys_info = ReadApexKeysInfo(target_files_zip)
- self.assertEqual(
- {
- 'apex.apexd_test.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
- 'build/target/product/security/testkey'),
- 'apex.apexd_test_different_app.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
- 'build/target/product/security/testkey'),
- },
- keys_info)
+ self.assertEqual({
+ 'apex.apexd_test.apex': (
+ 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
+ 'build/target/product/security/testkey'),
+ 'apex.apexd_test_different_app.apex': (
+ 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
+ 'build/target/product/security/testkey'),
+ }, keys_info)