Merge changes I662aab3d,I5e741c27
* changes:
Revert^2 "releasetools: check_target_files_signatures.py checks APEXes."
releasetools: common.UnzipTemp() filters out non-matching patterns.
diff --git a/CleanSpec.mk b/CleanSpec.mk
index 51139ed..3d9a1ef 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -610,6 +610,9 @@
$(call add-clean-step, rm -rf $(TARGET_OUT_DATA)/*)
$(call add-clean-step, rm -rf $(HOST_OUT)/vts/*)
$(call add-clean-step, rm -rf $(HOST_OUT)/framework/vts-tradefed.jar)
+
+# Clean up old location of system_other.avbpubkey
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/security/avb/)
# ************************************************
# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
# ************************************************
diff --git a/core/Makefile b/core/Makefile
index 1b2e6c3..69c75ca 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -730,6 +730,15 @@
$(call dist-for-goals,droidcore,$(BUILD_SYSTEM_STATS))
# -----------------------------------------------------------------
+# build /product/etc/security/avb/system_other.avbpubkey if needed
+ifdef BUILDING_SYSTEM_OTHER_IMAGE
+ifeq ($(BOARD_AVB_ENABLE),true)
+INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET := $(TARGET_OUT_PRODUCT_ETC)/security/avb/system_other.avbpubkey
+ALL_DEFAULT_INSTALLED_MODULES += $(INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET)
+endif # BOARD_AVB_ENABLE
+endif # BUILDING_SYSTEM_OTHER_IMAGE
+
+# -----------------------------------------------------------------
# Modules ready to be converted to Soong, ordered by how many
# modules depend on them.
SOONG_CONV := $(sort $(SOONG_CONV))
@@ -1463,8 +1472,7 @@
$(if $(BOARD_AVB_ENABLE),\
$(if $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH),\
$(hide) echo "avb_system_other_key_path=$(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)" >> $(1)
- $(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1)
- $(hide) echo "avb_system_extract_system_other_key=true" >> $(1)))
+ $(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1)))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
$(if $(BOARD_AVB_ENABLE),\
@@ -2980,9 +2988,11 @@
BOARD_AVB_SYSTEM_OTHER_ALGORITHM := $(BOARD_AVB_ALGORITHM)
endif
-# To extract the public key of SYSTEM_OTHER_KEY_PATH will into system.img:
-# /system/etc/security/avb/system_other.avbpubkey.
-FULL_SYSTEMIMAGE_DEPS += $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)
+$(INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET): $(AVBTOOL) $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)
+ @echo Extracting system_other avb key: $@
+ @rm -f $@
+ @mkdir -p $(dir $@)
+ $(AVBTOOL) extract_public_key --key $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH) --output $@
ifndef BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX
BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
diff --git a/core/base_rules.mk b/core/base_rules.mk
index 742119f..7e7d6dc 100644
--- a/core/base_rules.mk
+++ b/core/base_rules.mk
@@ -776,6 +776,10 @@
$(ALL_MODULES.$(my_register_name).CHECKED) $(my_checked_module)
ALL_MODULES.$(my_register_name).BUILT := \
$(ALL_MODULES.$(my_register_name).BUILT) $(LOCAL_BUILT_MODULE)
+ifndef LOCAL_IS_HOST_MODULE
+ALL_MODULES.$(my_register_name).TARGET_BUILT := \
+ $(ALL_MODULES.$(my_register_name).TARGET_BUILT) $(LOCAL_BUILT_MODULE)
+endif
ifneq (true,$(LOCAL_UNINSTALLABLE_MODULE))
ALL_MODULES.$(my_register_name).INSTALLED := \
$(strip $(ALL_MODULES.$(my_register_name).INSTALLED) \
diff --git a/core/binary.mk b/core/binary.mk
index ad3d76b..da188ae 100644
--- a/core/binary.mk
+++ b/core/binary.mk
@@ -1214,17 +1214,17 @@
# with vendor_available: false
my_link_type := native:vendor
my_warn_types :=
- my_allowed_types := native:vendor native:vndk
+ my_allowed_types := native:vendor native:vndk native:platform_vndk
endif
else ifneq ($(filter $(TARGET_RECOVERY_OUT)/%,$(call get_non_asan_path,$(LOCAL_MODULE_PATH))),)
my_link_type := native:recovery
my_warn_types :=
# TODO(b/113303515) remove native:platform and my_allowed_ndk_types
-my_allowed_types := native:recovery native:platform $(my_allowed_ndk_types)
+my_allowed_types := native:recovery native:platform native:platform_vndk $(my_allowed_ndk_types)
else
my_link_type := native:platform
my_warn_types := $(my_warn_ndk_types)
-my_allowed_types := $(my_allowed_ndk_types) native:platform
+my_allowed_types := $(my_allowed_ndk_types) native:platform native:platform_vndk
endif
my_link_deps := $(addprefix STATIC_LIBRARIES:,$(my_whole_static_libraries) $(my_static_libraries))
diff --git a/core/clear_vars.mk b/core/clear_vars.mk
index 1883743..d67c9f8 100644
--- a/core/clear_vars.mk
+++ b/core/clear_vars.mk
@@ -263,7 +263,8 @@
LOCAL_SOONG_LINK_TYPE :=
LOCAL_SOONG_PROGUARD_DICT :=
LOCAL_SOONG_RESOURCE_EXPORT_PACKAGE :=
-LOCAL_SOONG_RRO_DIRS :=
+LOCAL_SOONG_DEVICE_RRO_DIRS :=
+LOCAL_SOONG_PRODUCT_RRO_DIRS :=
LOCAL_SOONG_STATIC_LIBRARY_EXTRA_PACKAGES :=
LOCAL_SOONG_SYMBOL_PATH :=
LOCAL_SOONG_TOC :=
@@ -296,6 +297,7 @@
LOCAL_USES_LIBRARIES:=
LOCAL_VENDOR_MODULE:=
LOCAL_VINTF_FRAGMENTS:=
+LOCAL_VNDK_DEPEND_ON_CORE_VARIANT:=
LOCAL_VTSC_FLAGS:=
LOCAL_VTS_INCLUDES:=
LOCAL_VTS_MODE:=
diff --git a/core/definitions.mk b/core/definitions.mk
index d2f65eb..02b737c 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -651,6 +651,18 @@
###########################################################
## Convert a list of short modules names (e.g., "framework", "Browser")
+## into the list of files that are built *for the target* for those modules.
+## NOTE: this won't return reliable results until after all
+## sub-makefiles have been included.
+## $(1): target list
+###########################################################
+
+define module-target-built-files
+$(foreach module,$(1),$(ALL_MODULES.$(module).TARGET_BUILT))
+endef
+
+###########################################################
+## Convert a list of short modules names (e.g., "framework", "Browser")
## into the list of files that should be used when linking
## against that module as a public API.
## TODO: Allow this for more than JAVA_LIBRARIES modules
@@ -3386,3 +3398,19 @@
initialize-package-file \
add-jni-shared-libs-to-package,\
These functions have been removed)
+
+###########################################################
+## Verify the variants of a VNDK library are identical
+##
+## $(1): Path to the core variant shared library file.
+## $(2): Path to the vendor variant shared library file.
+## $(3): TOOLS_PREFIX
+###########################################################
+LIBRARY_IDENTITY_CHECK_SCRIPT := build/make/tools/check_identical_lib.sh
+define verify-vndk-libs-identical
+@echo "Checking VNDK vendor variant: $(2)"
+$(hide) CLANG_BIN="$(LLVM_PREBUILTS_PATH)" \
+ CROSS_COMPILE="$(strip $(3))" \
+ XZ="$(XZ)" \
+ $(LIBRARY_IDENTITY_CHECK_SCRIPT) $(SOONG_STRIP_PATH) $(1) $(2)
+endef
diff --git a/core/dpi_specific_apk.mk b/core/dpi_specific_apk.mk
index ad734b5..ad073c7 100644
--- a/core/dpi_specific_apk.mk
+++ b/core/dpi_specific_apk.mk
@@ -67,6 +67,7 @@
ALL_MODULES += $(dpi_apk_name)
ALL_MODULES.$(dpi_apk_name).CLASS := APPS
ALL_MODULES.$(dpi_apk_name).BUILT := $(built_dpi_apk)
+ALL_MODULES.$(dpi_apk_name).TARGET_BUILT := $(built_dpi_apk)
PACKAGES := $(PACKAGES) $(dpi_apk_name)
PACKAGES.$(dpi_apk_name).PRIVATE_KEY := $(private_key)
PACKAGES.$(dpi_apk_name).CERTIFICATE := $(certificate)
diff --git a/core/install_jni_libs_internal.mk b/core/install_jni_libs_internal.mk
index e0f1ad4..a79a49a 100644
--- a/core/install_jni_libs_internal.mk
+++ b/core/install_jni_libs_internal.mk
@@ -113,12 +113,12 @@
my_warn_types := native:platform $(my_warn_ndk_types)
my_allowed_types := $(my_allowed_ndk_types)
ifneq (,$(filter true,$(LOCAL_VENDOR_MODULE) $(LOCAL_ODM_MODULE) $(LOCAL_PROPRIETARY_MODULE)))
- my_allowed_types += native:vendor native:vndk
+ my_allowed_types += native:vendor native:vndk native:platform_vndk
endif
else
my_link_type := app:platform
my_warn_types := $(my_warn_ndk_types)
-my_allowed_types := $(my_allowed_ndk_types) native:platform native:vendor native:vndk native:vndk_private
+my_allowed_types := $(my_allowed_ndk_types) native:platform native:vendor native:vndk native:vndk_private native:platform_vndk
endif
my_link_deps := $(addprefix SHARED_LIBRARIES:,$(LOCAL_JNI_SHARED_LIBRARIES))
diff --git a/core/main.mk b/core/main.mk
index bbe6b38..43c80ee 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -501,6 +501,10 @@
subdir_makefiles_total := $(words init post finish)
endif
+droid_targets: no_vendor_variant_vndk_check
+.PHONY: no_vendor_variant_vndk_check
+no_vendor_variant_vndk_check:
+
$(info [$(call inc_and_print,subdir_makefiles_inc)/$(subdir_makefiles_total)] finishing build rules ...)
# -------------------------------------------------------------------
diff --git a/core/product-graph.mk b/core/product-graph.mk
index 1efc687..a114b65 100644
--- a/core/product-graph.mk
+++ b/core/product-graph.mk
@@ -36,8 +36,6 @@
this_makefile := build/make/core/product-graph.mk
-products_svg := $(OUT_DIR)/products.svg
-products_pdf := $(OUT_DIR)/products.pdf
products_graph := $(OUT_DIR)/products.dot
ifeq ($(strip $(ANDROID_PRODUCT_GRAPH)),)
products_list := $(INTERNAL_PRODUCT)
@@ -137,13 +135,8 @@
$(eval product_debug_files += $(call product-debug-filename, $(p))) \
)
-$(products_pdf): $(products_graph)
- @echo Product graph PDF: $@
- dot -Tpdf -Nshape=box -o $@ $<
-
-$(products_svg): $(products_graph) $(product_debug_files)
- @echo Product graph SVG: $@
- dot -Tsvg -Nshape=box -o $@ $<
-
-product-graph: $(products_pdf) $(products_svg)
.PHONY: product-graph
+product-graph: $(products_graph)
+ @echo Product graph .dot file: $(products_graph)
+ @echo Command to convert to pdf: dot -Tpdf -Nshape=box -o $(OUT_DIR)/products.pdf $(products_graph)
+ @echo Command to convert to svg: dot -Tsvg -Nshape=box -o $(OUT_DIR)/products.svg $(products_graph)
diff --git a/core/soong_app_prebuilt.mk b/core/soong_app_prebuilt.mk
index a9169eb..cfcb0c6 100644
--- a/core/soong_app_prebuilt.mk
+++ b/core/soong_app_prebuilt.mk
@@ -159,13 +159,13 @@
include $(BUILD_SYSTEM)/link_type.mk
endif # !LOCAL_IS_HOST_MODULE
-ifdef LOCAL_SOONG_RRO_DIRS
+ifneq (,$(LOCAL_SOONG_DEVICE_RRO_DIRS)$(LOCAL_SOONG_PRODUCT_RRO_DIRS))
$(call append_enforce_rro_sources, \
$(my_register_name), \
false, \
$(LOCAL_FULL_MANIFEST_FILE), \
$(if $(LOCAL_EXPORT_PACKAGE_RESOURCES),true,false), \
- $(LOCAL_SOONG_RRO_DIRS))
+ $(LOCAL_SOONG_DEVICE_RRO_DIRS) $(LOCAL_SOONG_PRODUCT_RRO_DIRS))
endif
SOONG_ALREADY_CONV := $(SOONG_ALREADY_CONV) $(LOCAL_MODULE)
diff --git a/core/soong_cc_prebuilt.mk b/core/soong_cc_prebuilt.mk
index 8d248af..679d5b8 100644
--- a/core/soong_cc_prebuilt.mk
+++ b/core/soong_cc_prebuilt.mk
@@ -86,11 +86,13 @@
endif
ifdef LOCAL_USE_VNDK
- name_without_suffix := $(patsubst %.vendor,%,$(LOCAL_MODULE))
- ifneq ($(name_without_suffix),$(LOCAL_MODULE)
- SPLIT_VENDOR.$(LOCAL_MODULE_CLASS).$(name_without_suffix) := 1
+ ifneq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
+ name_without_suffix := $(patsubst %.vendor,%,$(LOCAL_MODULE))
+ ifneq ($(name_without_suffix),$(LOCAL_MODULE)
+ SPLIT_VENDOR.$(LOCAL_MODULE_CLASS).$(name_without_suffix) := 1
+ endif
+ name_without_suffix :=
endif
- name_without_suffix :=
endif
# Check prebuilt ELF binaries.
@@ -113,27 +115,52 @@
endif
endif
+ifeq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
+ # Add $(LOCAL_BUILT_MODULE) as a dependency to no_vendor_variant_vndk_check so
+ # that the vendor variant will be built and checked against the core variant.
+ no_vendor_variant_vndk_check: $(LOCAL_BUILT_MODULE)
+
+ my_core_register_name := $(subst .vendor,,$(my_register_name))
+ my_core_variant_files := $(call module-target-built-files,$(my_core_register_name))
+ my_core_shared_lib := $(sort $(filter %.so,$(my_core_variant_files)))
+ $(LOCAL_BUILT_MODULE): PRIVATE_CORE_VARIANT := $(my_core_shared_lib)
+
+ # The built vendor variant library needs to depend on the built core variant
+ # so that we can perform identity check against the core variant.
+ $(LOCAL_BUILT_MODULE): $(my_core_shared_lib)
+endif
+
+ifeq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
+$(LOCAL_BUILT_MODULE): $(LOCAL_PREBUILT_MODULE_FILE) $(LIBRARY_IDENTITY_CHECK_SCRIPT)
+ $(call verify-vndk-libs-identical,\
+ $(PRIVATE_CORE_VARIANT),\
+ $<,\
+ $($(LOCAL_2ND_ARCH_VAR_PREFIX)$(my_prefix)TOOLS_PREFIX))
+ $(copy-file-to-target)
+else
$(LOCAL_BUILT_MODULE): $(LOCAL_PREBUILT_MODULE_FILE)
$(transform-prebuilt-to-target)
+endif
ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),)
$(hide) chmod +x $@
endif
ifndef LOCAL_IS_HOST_MODULE
ifdef LOCAL_SOONG_UNSTRIPPED_BINARY
- my_symbol_path := $(if $(LOCAL_SOONG_SYMBOL_PATH),$(LOCAL_SOONG_SYMBOL_PATH),$(my_module_path))
- # Store a copy with symbols for symbolic debugging
- my_unstripped_path := $(TARGET_OUT_UNSTRIPPED)/$(patsubst $(PRODUCT_OUT)/%,%,$(my_symbol_path))
- # drop /root as /root is mounted as /
- my_unstripped_path := $(patsubst $(TARGET_OUT_UNSTRIPPED)/root/%,$(TARGET_OUT_UNSTRIPPED)/%, $(my_unstripped_path))
- symbolic_output := $(my_unstripped_path)/$(my_installed_module_stem)
- $(eval $(call copy-one-file,$(LOCAL_SOONG_UNSTRIPPED_BINARY),$(symbolic_output)))
- $(call add-dependency,$(LOCAL_BUILT_MODULE),$(symbolic_output))
+ ifneq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
+ my_symbol_path := $(if $(LOCAL_SOONG_SYMBOL_PATH),$(LOCAL_SOONG_SYMBOL_PATH),$(my_module_path))
+ # Store a copy with symbols for symbolic debugging
+ my_unstripped_path := $(TARGET_OUT_UNSTRIPPED)/$(patsubst $(PRODUCT_OUT)/%,%,$(my_symbol_path))
+ # drop /root as /root is mounted as /
+ my_unstripped_path := $(patsubst $(TARGET_OUT_UNSTRIPPED)/root/%,$(TARGET_OUT_UNSTRIPPED)/%, $(my_unstripped_path))
+ symbolic_output := $(my_unstripped_path)/$(my_installed_module_stem)
+ $(eval $(call copy-one-file,$(LOCAL_SOONG_UNSTRIPPED_BINARY),$(symbolic_output)))
+ $(call add-dependency,$(LOCAL_BUILT_MODULE),$(symbolic_output))
- ifeq ($(BREAKPAD_GENERATE_SYMBOLS),true)
- my_breakpad_path := $(TARGET_OUT_BREAKPAD)/$(patsubst $(PRODUCT_OUT)/%,%,$(my_symbol_path))
- breakpad_output := $(my_breakpad_path)/$(my_installed_module_stem).sym
- $(breakpad_output) : $(LOCAL_SOONG_UNSTRIPPED_BINARY) | $(BREAKPAD_DUMP_SYMS) $(PRIVATE_READELF)
+ ifeq ($(BREAKPAD_GENERATE_SYMBOLS),true)
+ my_breakpad_path := $(TARGET_OUT_BREAKPAD)/$(patsubst $(PRODUCT_OUT)/%,%,$(my_symbol_path))
+ breakpad_output := $(my_breakpad_path)/$(my_installed_module_stem).sym
+ $(breakpad_output) : $(LOCAL_SOONG_UNSTRIPPED_BINARY) | $(BREAKPAD_DUMP_SYMS) $(PRIVATE_READELF)
@echo "target breakpad: $(PRIVATE_MODULE) ($@)"
@mkdir -p $(dir $@)
$(hide) if $(PRIVATE_READELF) -S $< > /dev/null 2>&1 ; then \
@@ -142,7 +169,8 @@
echo "skipped for non-elf file."; \
touch $@; \
fi
- $(call add-dependency,$(LOCAL_BUILT_MODULE),$(breakpad_output))
+ $(call add-dependency,$(LOCAL_BUILT_MODULE),$(breakpad_output))
+ endif
endif
endif
endif
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 3c82e88..baba31b 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -61,7 +61,8 @@
$(call add_json_str, CrossHostArch, $(HOST_CROSS_ARCH))
$(call add_json_str, CrossHostSecondaryArch, $(HOST_CROSS_2ND_ARCH))
-$(call add_json_list, ResourceOverlays, $(PRODUCT_PACKAGE_OVERLAYS) $(DEVICE_PACKAGE_OVERLAYS))
+$(call add_json_list, DeviceResourceOverlays, $(DEVICE_PACKAGE_OVERLAYS))
+$(call add_json_list, ProductResourceOverlays, $(PRODUCT_PACKAGE_OVERLAYS))
$(call add_json_list, EnforceRROTargets, $(PRODUCT_ENFORCE_RRO_TARGETS))
$(call add_json_list, EnforceRROExcludedOverlays, $(PRODUCT_ENFORCE_RRO_EXCLUDED_OVERLAYS))
@@ -115,6 +116,8 @@
$(call add_json_list, BootJars, $(PRODUCT_BOOT_JARS))
+$(call add_json_bool, VndkUseCoreVariant, $(TARGET_VNDK_USE_CORE_VARIANT))
+
$(call add_json_bool, Product_is_iot, $(filter true,$(PRODUCT_IOT)))
$(call add_json_bool, Treble_linker_namespaces, $(filter true,$(PRODUCT_TREBLE_LINKER_NAMESPACES)))
diff --git a/target/product/mainline_system.mk b/target/product/mainline_system.mk
index 0ddc3db..ecd5691 100644
--- a/target/product/mainline_system.mk
+++ b/target/product/mainline_system.mk
@@ -81,7 +81,6 @@
libminui \
libnl \
libprotobuf-cpp-full \
- libprotobuf-cpp-full-rtti \
PRODUCT_PACKAGES_DEBUG += \
avbctl \
diff --git a/tools/check_elf_file.py b/tools/check_elf_file.py
index 38c1cf4..de855c6 100755
--- a/tools/check_elf_file.py
+++ b/tools/check_elf_file.py
@@ -260,13 +260,20 @@
_SYMBOL_ENTRY_END_PATTERN = ' }'
- @classmethod
- def _parse_symbol_name(cls, name_with_version):
+ @staticmethod
+ def _parse_symbol_name(name_with_version):
"""Split `name_with_version` into name and version. This function may split
at last occurrence of `@@` or `@`."""
- name, version = name_with_version.rsplit('@', 1)
- if name and name[-1] == '@':
- name = name[:-1]
+ pos = name_with_version.rfind('@')
+ if pos == -1:
+ name = name_with_version
+ version = ''
+ else:
+ if pos > 0 and name_with_version[pos - 1] == '@':
+ name = name_with_version[0:pos - 1]
+ else:
+ name = name_with_version[0:pos]
+ version = name_with_version[pos + 1:]
return (name, version)
diff --git a/tools/check_identical_lib.sh b/tools/check_identical_lib.sh
new file mode 100755
index 0000000..01007c0
--- /dev/null
+++ b/tools/check_identical_lib.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+set -e
+
+STRIP_PATH="${1}"
+CORE="${2}"
+VENDOR="${3}"
+
+stripped_core="${CORE}.vndk_lib_check.stripped"
+stripped_vendor="${VENDOR}.vndk_lib_check.stripped"
+
+function cleanup() {
+ rm -f ${stripped_core} ${stripped_vendor}
+}
+trap cleanup EXIT
+
+function strip_lib() {
+ ${STRIP_PATH} \
+ -i ${1} \
+ -o ${2} \
+ -d /dev/null \
+ --remove-build-id
+}
+
+strip_lib ${CORE} ${stripped_core}
+strip_lib ${VENDOR} ${stripped_vendor}
+if ! cmp -s ${stripped_core} ${stripped_vendor}; then
+ echo "VNDK library not in vndkMustUseVendorVariantList but has different core and vendor variant: $(basename ${CORE})"
+ echo "If the two variants need to have different runtime behavior, consider using libvndksupport."
+ exit 1
+fi
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index bcbc921..d2f4e25 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -740,28 +740,6 @@
f.writelines(["%s=%s" % (key, value) for (key, value) in glob_dict.items()])
-def ExtractSystemOtherAvbKey(in_dir, glob_dict):
- if glob_dict.get("avb_system_extract_system_other_key") != "true":
- return
-
- extract_to = os.path.join(in_dir, "etc/security/avb/system_other.avbpubkey")
- extract_to_dir = os.path.dirname(extract_to)
-
- if os.path.isdir(extract_to_dir):
- shutil.rmtree(extract_to_dir)
- elif os.path.isfile(extract_to_dir):
- os.remove(extract_to_dir)
- os.mkdir(extract_to_dir);
-
- # Extracts the public key used to sign system_other.img, into system.img:
- # /system/etc/security/avb/system_other.avbpubkey.
- avbtool = glob_dict.get("avb_avbtool")
- extract_from = glob_dict.get("avb_system_other_key_path")
- cmd = [avbtool, "extract_public_key", "--key", extract_from,
- "--output", extract_to]
- common.RunAndCheckOutput(cmd, verbose=False)
-
-
def main(argv):
if len(argv) < 4 or len(argv) > 5:
print(__doc__)
@@ -785,7 +763,6 @@
mount_point = ""
if image_filename == "system.img":
mount_point = "system"
- ExtractSystemOtherAvbKey(in_dir, glob_dict)
elif image_filename == "system_other.img":
mount_point = "system_other"
elif image_filename == "userdata.img":
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 71598e3..75a98fd 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -91,12 +91,12 @@
Replace the veritykeyid in BOOT/cmdline of input_target_file_zip
with keyid of the cert pointed by <path_to_X509_PEM_cert_file>.
- --avb_{boot,system,vendor,dtbo,vbmeta}_algorithm <algorithm>
- --avb_{boot,system,vendor,dtbo,vbmeta}_key <key>
+ --avb_{boot,system,system_other,vendor,dtbo,vbmeta}_algorithm <algorithm>
+ --avb_{boot,system,system_other,vendor,dtbo,vbmeta}_key <key>
Use the specified algorithm (e.g. SHA256_RSA4096) and the key to AVB-sign
the specified image. Otherwise it uses the existing values in info dict.
- --avb_{apex,boot,system,vendor,dtbo,vbmeta}_extra_args <args>
+ --avb_{apex,boot,system,system_other,vendor,dtbo,vbmeta}_extra_args <args>
Specify any additional args that are needed to AVB-sign the image
(e.g. "--signing_helper /path/to/helper"). The args will be appended to
the existing ones in info dict.
@@ -584,6 +584,18 @@
elif filename == "META/care_map.pb" or filename == "META/care_map.txt":
pass
+ # Updates system_other.avbpubkey in /product/etc/.
+ elif filename in (
+ "PRODUCT/etc/security/avb/system_other.avbpubkey",
+ "SYSTEM/product/etc/security/avb/system_other.avbpubkey"):
+ # Only update system_other's public key, if the corresponding signing
+ # key is specified via --avb_system_other_key.
+ signing_key = OPTIONS.avb_keys.get("system_other")
+ if signing_key:
+ public_key = common.ExtractAvbPublicKey(signing_key)
+ print(" Rewriting AVB public key of system_other in /product")
+ common.ZipWrite(output_tf_zip, public_key, filename)
+
# A non-APK file; copy it verbatim.
else:
common.ZipWriteStr(output_tf_zip, out_info, data)
@@ -934,6 +946,7 @@
'dtbo' : 'avb_dtbo_add_hash_footer_args',
'recovery' : 'avb_recovery_add_hash_footer_args',
'system' : 'avb_system_add_hashtree_footer_args',
+ 'system_other' : 'avb_system_other_add_hashtree_footer_args',
'vendor' : 'avb_vendor_add_hashtree_footer_args',
'vbmeta' : 'avb_vbmeta_args',
}
@@ -1153,6 +1166,12 @@
OPTIONS.avb_algorithms['system'] = a
elif o == "--avb_system_extra_args":
OPTIONS.avb_extra_args['system'] = a
+ elif o == "--avb_system_other_key":
+ OPTIONS.avb_keys['system_other'] = a
+ elif o == "--avb_system_other_algorithm":
+ OPTIONS.avb_algorithms['system_other'] = a
+ elif o == "--avb_system_other_extra_args":
+ OPTIONS.avb_extra_args['system_other'] = a
elif o == "--avb_vendor_key":
OPTIONS.avb_keys['vendor'] = a
elif o == "--avb_vendor_algorithm":
@@ -1192,6 +1211,9 @@
"avb_system_algorithm=",
"avb_system_key=",
"avb_system_extra_args=",
+ "avb_system_other_algorithm=",
+ "avb_system_other_key=",
+ "avb_system_other_extra_args=",
"avb_vendor_algorithm=",
"avb_vendor_key=",
"avb_vendor_extra_args=",