Merge changes Icc298256,I9268cb11,I446a0b16,I347447eb,Iaae39e4c, ...
* changes:
Remove HashTreeInfo from verity_utils.py
Remove verity keys from info_dict
Remove replace verity key args
Remove unused args from common.py
Clean up unused code for VB in verity_utils.py
Remove verity related props from build_image.py
diff --git a/Changes.md b/Changes.md
index e3ec0f8..d834803 100644
--- a/Changes.md
+++ b/Changes.md
@@ -816,6 +816,16 @@
Clang is the default and only supported Android compiler, so there is no reason
for this option to exist.
+### Stop using clang property
+
+Clang has been deleted from Soong. To fix any build errors, remove the clang
+property from affected Android.bp files using bpmodify.
+
+
+``` make
+go run bpmodify.go -w -m=module_name -remove-property=true -property=clang filepath
+```
+
### Other envsetup.sh variables {#other_envsetup_variables}
* ANDROID_TOOLCHAIN
diff --git a/core/Makefile b/core/Makefile
index f28935b..171dbde 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -5021,7 +5021,7 @@
INTERNAL_OTATOOLS_PACKAGE_FILES += \
$(sort $(shell find build/make/target/product/security -type f -name "*.x509.pem" -o \
- -name "*.pk8" -o -name verity_key))
+ -name "*.pk8"))
ifneq (,$(wildcard device))
INTERNAL_OTATOOLS_PACKAGE_FILES += \
diff --git a/core/base_rules.mk b/core/base_rules.mk
index 355a22e..9bb6c47 100644
--- a/core/base_rules.mk
+++ b/core/base_rules.mk
@@ -1121,6 +1121,9 @@
ifdef LOCAL_IS_UNIT_TEST
ALL_MODULES.$(my_register_name).IS_UNIT_TEST := $(LOCAL_IS_UNIT_TEST)
endif
+ifdef LOCAL_TEST_OPTIONS_TAGS
+ALL_MODULES.$(my_register_name).TEST_OPTIONS_TAGS := $(LOCAL_TEST_OPTIONS_TAGS)
+endif
test_config :=
INSTALLABLE_FILES.$(LOCAL_INSTALLED_MODULE).MODULE := $(my_register_name)
diff --git a/core/clear_vars.mk b/core/clear_vars.mk
index b5b371c..8fe5214 100644
--- a/core/clear_vars.mk
+++ b/core/clear_vars.mk
@@ -134,6 +134,7 @@
LOCAL_IS_HOST_MODULE:=
LOCAL_IS_RUNTIME_RESOURCE_OVERLAY:=
LOCAL_IS_UNIT_TEST:=
+LOCAL_TEST_OPTIONS_TAGS:=
LOCAL_JACK_CLASSPATH:=
LOCAL_JACK_COVERAGE_EXCLUDE_FILTER:=
LOCAL_JACK_COVERAGE_INCLUDE_FILTER:=
diff --git a/core/config.mk b/core/config.mk
index 6b322b0..9e4b93a 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -712,27 +712,11 @@
BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED ?= true
endif
-# If PRODUCT_USE_VNDK is true and BOARD_VNDK_VERSION is not defined yet,
-# BOARD_VNDK_VERSION will be set to "current" as default.
-# PRODUCT_USE_VNDK will be true in Android-P or later launching devices.
-PRODUCT_USE_VNDK := false
-ifneq ($(PRODUCT_USE_VNDK_OVERRIDE),)
- PRODUCT_USE_VNDK := $(PRODUCT_USE_VNDK_OVERRIDE)
-else ifeq ($(PRODUCT_SHIPPING_API_LEVEL),)
- # No shipping level defined
-else ifeq ($(call math_gt,$(PRODUCT_SHIPPING_API_LEVEL),27),true)
- PRODUCT_USE_VNDK := $(PRODUCT_FULL_TREBLE)
+# Starting in Android U, non-VNDK devices not supported
+ifndef BOARD_VNDK_VERSION
+BOARD_VNDK_VERSION := current
endif
-ifeq ($(PRODUCT_USE_VNDK),true)
- ifndef BOARD_VNDK_VERSION
- BOARD_VNDK_VERSION := current
- endif
-endif
-
-$(KATI_obsolete_var PRODUCT_USE_VNDK,Use BOARD_VNDK_VERSION instead)
-$(KATI_obsolete_var PRODUCT_USE_VNDK_OVERRIDE,Use BOARD_VNDK_VERSION instead)
-
ifdef PRODUCT_PRODUCT_VNDK_VERSION
ifndef BOARD_VNDK_VERSION
# VNDK for product partition is not available unless BOARD_VNDK_VERSION
diff --git a/core/definitions.mk b/core/definitions.mk
index d3eab95..cd36011 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -3836,6 +3836,10 @@
-include $(TOPDIR)vendor/*/build/core/definitions.mk
-include $(TOPDIR)device/*/build/core/definitions.mk
-include $(TOPDIR)product/*/build/core/definitions.mk
+# Also the project-specific definitions.mk file
+-include $(TOPDIR)vendor/*/*/build/core/definitions.mk
+-include $(TOPDIR)device/*/*/build/core/definitions.mk
+-include $(TOPDIR)product/*/*/build/core/definitions.mk
# broken:
# $(foreach file,$^,$(if $(findstring,.a,$(suffix $file)),-l$(file),$(file)))
diff --git a/core/tasks/module-info.mk b/core/tasks/module-info.mk
index 4ef6eb8..0b93a9e 100644
--- a/core/tasks/module-info.mk
+++ b/core/tasks/module-info.mk
@@ -24,6 +24,7 @@
'"classes_jar": [$(foreach w,$(sort $(ALL_MODULES.$(m).CLASSES_JAR)),"$(w)", )], ' \
'"test_mainline_modules": [$(foreach w,$(sort $(ALL_MODULES.$(m).TEST_MAINLINE_MODULES)),"$(w)", )], ' \
'"is_unit_test": "$(ALL_MODULES.$(m).IS_UNIT_TEST)", ' \
+ '"test_options_tags": [$(foreach w,$(sort $(ALL_MODULES.$(m).TEST_OPTIONS_TAGS)),"$(w)", )], ' \
'"data": [$(foreach w,$(sort $(ALL_MODULES.$(m).TEST_DATA)),"$(w)", )], ' \
'"runtime_dependencies": [$(foreach w,$(sort $(ALL_MODULES.$(m).LOCAL_RUNTIME_LIBRARIES)),"$(w)", )], ' \
'"data_dependencies": [$(foreach w,$(sort $(ALL_MODULES.$(m).TEST_DATA_BINS)),"$(w)", )], ' \
diff --git a/envsetup.sh b/envsetup.sh
index 5c95479..b534f77 100644
--- a/envsetup.sh
+++ b/envsetup.sh
@@ -1069,7 +1069,7 @@
# Easy way to make system.img/etc writable
function syswrite() {
adb wait-for-device && adb root || return 1
- if [[ $(adb disable-verity | grep "reboot") ]]; then
+ if [[ $(adb disable-verity | grep -i "reboot") ]]; then
echo "rebooting"
adb reboot && adb wait-for-device && adb root || return 1
fi
@@ -1838,15 +1838,41 @@
# Convenience entry point (like m) to use Bazel in AOSP.
function b()
(
+ # Look for the --run-soong-tests flag and skip passing --skip-soong-tests to Soong if present
+ local run_tests=$(echo "$@" | grep -ow -- "--run-soong-tests")
+ local bazel_args=(${@/--run-soong-tests})
+ local skip_tests="--skip-soong-tests"
+ if [[ -n $run_tests ]]; then
+ skip_tests=""
+ fi
# Generate BUILD, bzl files into the synthetic Bazel workspace (out/soong/workspace).
- _trigger_build "all-modules" bp2build USE_BAZEL_ANALYSIS= || return 1
+ _trigger_build "all-modules" bp2build USE_BAZEL_ANALYSIS= $skip_tests || return 1
# Then, run Bazel using the synthetic workspace as the --package_path.
- if [[ -z "$@" ]]; then
+ if [[ -z "$bazel_args" ]]; then
# If there are no args, show help.
bazel help
else
# Else, always run with the bp2build configuration, which sets Bazel's package path to the synthetic workspace.
- bazel "$@" --config=bp2build
+ # Add the --config=bp2build after the first argument that doesn't start with a dash. That should be the bazel
+ # command. (build, test, run, ect) If the --config was added at the end, it wouldn't work with commands like:
+ # b run //foo -- --args-for-foo
+ local pre_config_args=""
+ local post_config_args=""
+ local start_post_config_args=0
+ for arg in $bazel_args;
+ do
+ if [[ $start_post_config_args -eq 0 ]]; then
+ pre_config_args+="$arg "
+ else
+ post_config_args+="$arg "
+ fi
+
+ if [[ $arg != -* ]]; # if $arg doesn't start with a dash
+ then
+ start_post_config_args=1
+ fi
+ done
+ eval "bazel $pre_config_args --config=bp2build $post_config_args"
fi
)
diff --git a/target/product/base_system.mk b/target/product/base_system.mk
index a0627b7..04a5ba2 100644
--- a/target/product/base_system.mk
+++ b/target/product/base_system.mk
@@ -221,6 +221,7 @@
mke2fs \
mkfs.erofs \
monkey \
+ mtectrl \
mtpd \
ndc \
netd \
@@ -316,6 +317,11 @@
endif # EMMA_INSTRUMENT_STATIC
endif # EMMA_INSTRUMENT
+# For testing purposes
+ifeq ($(FORCE_AUDIO_SILENT), true)
+ PRODUCT_SYSTEM_PROPERTIES += ro.audio.silent=1
+endif
+
# Host tools to install
PRODUCT_HOST_PACKAGES += \
BugReport \
diff --git a/target/product/base_vendor.mk b/target/product/base_vendor.mk
index fbc6ccc..8d257bf 100644
--- a/target/product/base_vendor.mk
+++ b/target/product/base_vendor.mk
@@ -29,6 +29,11 @@
shell_and_utilities_recovery \
watchdogd.recovery \
+PRODUCT_VENDOR_PROPERTIES += \
+ ro.recovery.usb.vid?=18D1 \
+ ro.recovery.usb.adb.pid?=D001 \
+ ro.recovery.usb.fastboot.pid?=4EE0 \
+
# These had been pulled in via init_second_stage.recovery, but may not be needed.
PRODUCT_HOST_PACKAGES += \
e2fsdroid \
diff --git a/target/product/gsi_release.mk b/target/product/gsi_release.mk
index 74501cd..9c480b6 100644
--- a/target/product/gsi_release.mk
+++ b/target/product/gsi_release.mk
@@ -64,11 +64,11 @@
# Support additional VNDK snapshots
PRODUCT_EXTRA_VNDK_VERSIONS := \
- 28 \
29 \
30 \
31 \
32 \
+ 33 \
# Do not build non-GSI partition images.
PRODUCT_BUILD_CACHE_IMAGE := false
diff --git a/tools/releasetools/Android.bp b/tools/releasetools/Android.bp
index 122202b..8063ae2 100644
--- a/tools/releasetools/Android.bp
+++ b/tools/releasetools/Android.bp
@@ -151,6 +151,7 @@
"non_ab_ota.py",
"ota_from_target_files.py",
"ota_utils.py",
+ "payload_signer.py",
"target_files_diff.py",
],
libs: [
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index fef6662..56e2c82 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -857,6 +857,10 @@
d["avb_{}_salt".format(partition)] = sha256(
fingerprint.encode()).hexdigest()
+ # Set up the salt for partitions without build.prop
+ if build_info.fingerprint:
+ d["avb_salt"] = sha256(build_info.fingerprint.encode()).hexdigest()
+
# Set the vbmeta digest if exists
try:
d["vbmeta_digest"] = read_helper("META/vbmeta_digest.txt").rstrip()
@@ -2362,6 +2366,7 @@
"""
if OPTIONS.sign_sepolicy_path is None:
+ logger.info("No sign_sepolicy_path specified, %s was not signed", sepolicy)
return False
java_library_path = os.path.join(
@@ -2374,7 +2379,7 @@
cmd.extend([key + OPTIONS.public_key_suffix,
key + OPTIONS.private_key_suffix,
- sepolicy])
+ sepolicy, os.path.dirname(sepolicy)])
proc = Run(cmd, stdin=subprocess.PIPE)
if password is not None:
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index bf98de6..65644e1 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -269,6 +269,7 @@
import target_files_diff
from check_target_files_vintf import CheckVintfIfTrebleEnabled
from non_ab_ota import GenerateNonAbOtaPackage
+from payload_signer import PayloadSigner
if sys.hexversion < 0x02070000:
print("Python 2.7 or newer is required.", file=sys.stderr)
@@ -335,70 +336,6 @@
'vendor', 'vendor_boot']
-class PayloadSigner(object):
- """A class that wraps the payload signing works.
-
- When generating a Payload, hashes of the payload and metadata files will be
- signed with the device key, either by calling an external payload signer or
- by calling openssl with the package key. This class provides a unified
- interface, so that callers can just call PayloadSigner.Sign().
-
- If an external payload signer has been specified (OPTIONS.payload_signer), it
- calls the signer with the provided args (OPTIONS.payload_signer_args). Note
- that the signing key should be provided as part of the payload_signer_args.
- Otherwise without an external signer, it uses the package key
- (OPTIONS.package_key) and calls openssl for the signing works.
- """
-
- def __init__(self):
- if OPTIONS.payload_signer is None:
- # Prepare the payload signing key.
- private_key = OPTIONS.package_key + OPTIONS.private_key_suffix
- pw = OPTIONS.key_passwords[OPTIONS.package_key]
-
- cmd = ["openssl", "pkcs8", "-in", private_key, "-inform", "DER"]
- cmd.extend(["-passin", "pass:" + pw] if pw else ["-nocrypt"])
- signing_key = common.MakeTempFile(prefix="key-", suffix=".key")
- cmd.extend(["-out", signing_key])
- common.RunAndCheckOutput(cmd, verbose=False)
-
- self.signer = "openssl"
- self.signer_args = ["pkeyutl", "-sign", "-inkey", signing_key,
- "-pkeyopt", "digest:sha256"]
- self.maximum_signature_size = self._GetMaximumSignatureSizeInBytes(
- signing_key)
- else:
- self.signer = OPTIONS.payload_signer
- self.signer_args = OPTIONS.payload_signer_args
- if OPTIONS.payload_signer_maximum_signature_size:
- self.maximum_signature_size = int(
- OPTIONS.payload_signer_maximum_signature_size)
- else:
- # The legacy config uses RSA2048 keys.
- logger.warning("The maximum signature size for payload signer is not"
- " set, default to 256 bytes.")
- self.maximum_signature_size = 256
-
- @staticmethod
- def _GetMaximumSignatureSizeInBytes(signing_key):
- out_signature_size_file = common.MakeTempFile("signature_size")
- cmd = ["delta_generator", "--out_maximum_signature_size_file={}".format(
- out_signature_size_file), "--private_key={}".format(signing_key)]
- common.RunAndCheckOutput(cmd)
- with open(out_signature_size_file) as f:
- signature_size = f.read().rstrip()
- logger.info("%s outputs the maximum signature size: %s", cmd[0],
- signature_size)
- return int(signature_size)
-
- def Sign(self, in_file):
- """Signs the given input file. Returns the output filename."""
- out_file = common.MakeTempFile(prefix="signed-", suffix=".bin")
- cmd = [self.signer] + self.signer_args + ['-in', in_file, '-out', out_file]
- common.RunAndCheckOutput(cmd)
- return out_file
-
-
class Payload(object):
"""Manages the creation and the signing of an A/B OTA Payload."""
@@ -1073,7 +1010,7 @@
for part in pre_partition_state:
if part.partition_name in partition_timestamps:
partition_timestamps[part.partition_name] = \
- max(part.version, partition_timestamps[part.partition_name])
+ max(part.version, partition_timestamps[part.partition_name])
return [
"--partition_timestamps",
",".join([key + ":" + val for (key, val)
@@ -1266,7 +1203,8 @@
)
# Sign the payload.
- payload_signer = PayloadSigner()
+ payload_signer = PayloadSigner(
+ OPTIONS.package_key, OPTIONS.private_key_suffix)
payload.Sign(payload_signer)
# Write the payload into output zip.
diff --git a/tools/releasetools/payload_signer.py b/tools/releasetools/payload_signer.py
new file mode 100644
index 0000000..6a643de
--- /dev/null
+++ b/tools/releasetools/payload_signer.py
@@ -0,0 +1,89 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import common
+import logging
+from common import OPTIONS
+
+logger = logging.getLogger(__name__)
+
+
+class PayloadSigner(object):
+ """A class that wraps the payload signing works.
+
+ When generating a Payload, hashes of the payload and metadata files will be
+ signed with the device key, either by calling an external payload signer or
+ by calling openssl with the package key. This class provides a unified
+ interface, so that callers can just call PayloadSigner.Sign().
+
+ If an external payload signer has been specified (OPTIONS.payload_signer), it
+ calls the signer with the provided args (OPTIONS.payload_signer_args). Note
+ that the signing key should be provided as part of the payload_signer_args.
+ Otherwise without an external signer, it uses the package key
+ (OPTIONS.package_key) and calls openssl for the signing works.
+ """
+
+ def __init__(self, package_key=None, private_key_suffix=None, pw=None, payload_signer=None):
+ if package_key is None:
+ package_key = OPTIONS.package_key
+ if private_key_suffix is None:
+ private_key_suffix = OPTIONS.private_key_suffix
+
+ if payload_signer is None:
+ # Prepare the payload signing key.
+ private_key = package_key + private_key_suffix
+
+ cmd = ["openssl", "pkcs8", "-in", private_key, "-inform", "DER"]
+ cmd.extend(["-passin", "pass:" + pw] if pw else ["-nocrypt"])
+ signing_key = common.MakeTempFile(prefix="key-", suffix=".key")
+ cmd.extend(["-out", signing_key])
+ common.RunAndCheckOutput(cmd, verbose=True)
+
+ self.signer = "openssl"
+ self.signer_args = ["pkeyutl", "-sign", "-inkey", signing_key,
+ "-pkeyopt", "digest:sha256"]
+ self.maximum_signature_size = self._GetMaximumSignatureSizeInBytes(
+ signing_key)
+ else:
+ self.signer = payload_signer
+ self.signer_args = OPTIONS.payload_signer_args
+ if OPTIONS.payload_signer_maximum_signature_size:
+ self.maximum_signature_size = int(
+ OPTIONS.payload_signer_maximum_signature_size)
+ else:
+ # The legacy config uses RSA2048 keys.
+ logger.warning("The maximum signature size for payload signer is not"
+ " set, default to 256 bytes.")
+ self.maximum_signature_size = 256
+
+ @staticmethod
+ def _GetMaximumSignatureSizeInBytes(signing_key):
+ out_signature_size_file = common.MakeTempFile("signature_size")
+ cmd = ["delta_generator", "--out_maximum_signature_size_file={}".format(
+ out_signature_size_file), "--private_key={}".format(signing_key)]
+ common.RunAndCheckOutput(cmd, verbose=True)
+ with open(out_signature_size_file) as f:
+ signature_size = f.read().rstrip()
+ logger.info("%s outputs the maximum signature size: %s", cmd[0],
+ signature_size)
+ return int(signature_size)
+
+ def Sign(self, in_file):
+ """Signs the given input file. Returns the output filename."""
+ out_file = common.MakeTempFile(prefix="signed-", suffix=".bin")
+ cmd = [self.signer] + self.signer_args + ['-in', in_file, '-out', out_file]
+ common.RunAndCheckOutput(cmd)
+ return out_file
diff --git a/tools/releasetools/test_ota_from_target_files.py b/tools/releasetools/test_ota_from_target_files.py
index 11cfee1..c6c4117 100644
--- a/tools/releasetools/test_ota_from_target_files.py
+++ b/tools/releasetools/test_ota_from_target_files.py
@@ -31,10 +31,12 @@
GetTargetFilesZipForPartialUpdates,
GetTargetFilesZipForSecondaryImages,
GetTargetFilesZipWithoutPostinstallConfig,
- Payload, PayloadSigner, POSTINSTALL_CONFIG,
+ Payload, POSTINSTALL_CONFIG,
StreamingPropertyFiles, AB_PARTITIONS)
from apex_utils import GetApexInfoFromTargetFiles
from test_utils import PropertyFilesTestCase
+from common import OPTIONS
+from payload_signer import PayloadSigner
def construct_target_files(secondary=False, compressedApex=False):
@@ -1142,10 +1144,10 @@
self.assertEqual('openssl', payload_signer.signer)
def test_init_withExternalSigner(self):
- common.OPTIONS.payload_signer = 'abc'
common.OPTIONS.payload_signer_args = ['arg1', 'arg2']
common.OPTIONS.payload_signer_maximum_signature_size = '512'
- payload_signer = PayloadSigner()
+ payload_signer = PayloadSigner(
+ OPTIONS.package_key, OPTIONS.private_key_suffix, payload_signer='abc')
self.assertEqual('abc', payload_signer.signer)
self.assertEqual(['arg1', 'arg2'], payload_signer.signer_args)
self.assertEqual(512, payload_signer.maximum_signature_size)
@@ -1175,12 +1177,12 @@
def test_Sign_withExternalSigner_openssl(self):
"""Uses openssl as the external payload signer."""
- common.OPTIONS.payload_signer = 'openssl'
common.OPTIONS.payload_signer_args = [
'pkeyutl', '-sign', '-keyform', 'DER', '-inkey',
os.path.join(self.testdata_dir, 'testkey.pk8'),
'-pkeyopt', 'digest:sha256']
- payload_signer = PayloadSigner()
+ payload_signer = PayloadSigner(
+ OPTIONS.package_key, OPTIONS.private_key_suffix, payload_signer="openssl")
input_file = os.path.join(self.testdata_dir, self.SIGFILE)
signed_file = payload_signer.Sign(input_file)
@@ -1189,12 +1191,13 @@
def test_Sign_withExternalSigner_script(self):
"""Uses testdata/payload_signer.sh as the external payload signer."""
- common.OPTIONS.payload_signer = os.path.join(
+ external_signer = os.path.join(
self.testdata_dir, 'payload_signer.sh')
- os.chmod(common.OPTIONS.payload_signer, 0o700)
+ os.chmod(external_signer, 0o700)
common.OPTIONS.payload_signer_args = [
os.path.join(self.testdata_dir, 'testkey.pk8')]
- payload_signer = PayloadSigner()
+ payload_signer = PayloadSigner(
+ OPTIONS.package_key, OPTIONS.private_key_suffix, payload_signer=external_signer)
input_file = os.path.join(self.testdata_dir, self.SIGFILE)
signed_file = payload_signer.Sign(input_file)