Merge "sign_target_files_apks: replacing GKI signing args completely"
diff --git a/core/dex_preopt_odex_install.mk b/core/dex_preopt_odex_install.mk
index c458dbb..d925899 100644
--- a/core/dex_preopt_odex_install.mk
+++ b/core/dex_preopt_odex_install.mk
@@ -389,7 +389,7 @@
$(call end_json_map)
$(call add_json_list, Archs, $(my_dexpreopt_archs))
$(call add_json_list, DexPreoptImages, $(my_dexpreopt_images))
- $(call add_json_list, DexPreoptImageLocations, $(my_dexpreopt_image_locations))
+ $(call add_json_list, DexPreoptImageLocationsOnHost, $(my_dexpreopt_image_locations))
$(call add_json_list, PreoptBootClassPathDexFiles, $(DEXPREOPT_BOOTCLASSPATH_DEX_FILES))
$(call add_json_list, PreoptBootClassPathDexLocations,$(DEXPREOPT_BOOTCLASSPATH_DEX_LOCATIONS))
$(call add_json_bool, PreoptExtractedApk, $(my_preopt_for_extracted_apk))
diff --git a/core/sysprop.mk b/core/sysprop.mk
index daebdd3..0fc96e0 100644
--- a/core/sysprop.mk
+++ b/core/sysprop.mk
@@ -260,6 +260,7 @@
BUILD_HOSTNAME="$(BUILD_HOSTNAME)" \
BUILD_NUMBER="$(BUILD_NUMBER_FROM_FILE)" \
BOARD_BUILD_SYSTEM_ROOT_IMAGE="$(BOARD_BUILD_SYSTEM_ROOT_IMAGE)" \
+ BOARD_USE_VBMETA_DIGTEST_IN_FINGERPRINT="$(BOARD_USE_VBMETA_DIGTEST_IN_FINGERPRINT)" \
PLATFORM_VERSION="$(PLATFORM_VERSION)" \
PLATFORM_VERSION_LAST_STABLE="$(PLATFORM_VERSION_LAST_STABLE)" \
PLATFORM_SECURITY_PATCH="$(PLATFORM_SECURITY_PATCH)" \
diff --git a/core/version_defaults.mk b/core/version_defaults.mk
index 4138277..181ea62 100644
--- a/core/version_defaults.mk
+++ b/core/version_defaults.mk
@@ -240,7 +240,7 @@
# It must be of the form "YYYY-MM-DD" on production devices.
# It must match one of the Android Security Patch Level strings of the Public Security Bulletins.
# If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
- PLATFORM_SECURITY_PATCH := 2021-04-05
+ PLATFORM_SECURITY_PATCH := 2021-05-05
endif
.KATI_READONLY := PLATFORM_SECURITY_PATCH
diff --git a/target/board/generic_arm64/BoardConfig.mk b/target/board/generic_arm64/BoardConfig.mk
index 15c311c..1229327 100644
--- a/target/board/generic_arm64/BoardConfig.mk
+++ b/target/board/generic_arm64/BoardConfig.mk
@@ -98,9 +98,9 @@
BOARD_USES_RECOVERY_AS_BOOT :=
TARGET_NO_KERNEL := false
BOARD_USES_GENERIC_KERNEL_IMAGE := true
+# TODO(b/187432172): Add 5.10-android12-unstable
BOARD_KERNEL_MODULE_INTERFACE_VERSIONS := \
5.4-android12-0 \
- 5.10-android12-0 \
# Copy boot image in $OUT to target files. This is defined for targets where
# the installed GKI APEXes are built from source.
diff --git a/tools/buildinfo.sh b/tools/buildinfo.sh
index f27ed8c..a349cba 100755
--- a/tools/buildinfo.sh
+++ b/tools/buildinfo.sh
@@ -3,7 +3,12 @@
echo "# begin build properties"
echo "# autogenerated by buildinfo.sh"
-echo "ro.build.id=$BUILD_ID"
+# The ro.build.id will be set dynamically by init, by appending the unique vbmeta digest.
+if [ "$BOARD_USE_VBMETA_DIGTEST_IN_FINGERPRINT" = "true" ] ; then
+ echo "ro.build.legacy.id=$BUILD_ID"
+else
+ echo "ro.build.id=$BUILD_ID"
+fi
echo "ro.build.display.id=$BUILD_DISPLAY_ID"
echo "ro.build.version.incremental=$BUILD_NUMBER"
echo "ro.build.version.sdk=$PLATFORM_SDK_VERSION"
diff --git a/tools/releasetools/Android.bp b/tools/releasetools/Android.bp
index 65c035e..687070d 100644
--- a/tools/releasetools/Android.bp
+++ b/tools/releasetools/Android.bp
@@ -114,6 +114,25 @@
},
}
+java_library_static {
+ name: "ota_metadata_proto_java",
+ host_supported: true,
+ proto: {
+ type: "nano",
+ },
+ srcs: ["ota_metadata.proto"],
+ sdk_version: "9",
+ target: {
+ android: {
+ jarjar_rules: "jarjar-rules.txt",
+ },
+ host: {
+ static_libs: ["libprotobuf-java-nano"],
+ },
+ },
+ visibility: ["//frameworks/base:__subpackages__"]
+}
+
python_defaults {
name: "releasetools_ota_from_target_files_defaults",
srcs: [
diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index 00bbb21..2aceb78 100644
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -259,6 +259,7 @@
block_list=block_list)
return img.name
+
def AddOdmDlkm(output_zip):
"""Turn the contents of OdmDlkm into an odm_dlkm image and store it in output_zip."""
@@ -310,6 +311,7 @@
img.Write()
return img.name
+
def AddPvmfw(output_zip):
"""Adds the pvmfw image.
@@ -345,6 +347,7 @@
img.Write()
return img.name
+
def AddCustomImages(output_zip, partition_name):
"""Adds and signs custom images in IMAGES/.
@@ -359,8 +362,6 @@
AssertionError: If image can't be found.
"""
- partition_size = OPTIONS.info_dict.get(
- "avb_{}_partition_size".format(partition_name))
key_path = OPTIONS.info_dict.get("avb_{}_key_path".format(partition_name))
algorithm = OPTIONS.info_dict.get("avb_{}_algorithm".format(partition_name))
extra_args = OPTIONS.info_dict.get(
@@ -955,6 +956,20 @@
with open(pack_radioimages_txt) as f:
AddPackRadioImages(output_zip, f.readlines())
+ # Calculate the vbmeta digest and put the result in to META/
+ boot_images = OPTIONS.info_dict.get("boot_images")
+ # Disable the digest calculation if the target_file is used as a container
+ # for boot images.
+ boot_container = boot_images and len(boot_images.split()) >= 2
+ if (OPTIONS.info_dict.get("avb_enable") == "true" and not boot_container and
+ OPTIONS.info_dict.get("avb_building_vbmeta_image") == "true"):
+ avbtool = OPTIONS.info_dict["avb_avbtool"]
+ digest = verity_utils.CalculateVbmetaDigest(OPTIONS.input_tmp, avbtool)
+ vbmeta_digest_txt = os.path.join(OPTIONS.input_tmp, "META",
+ "vbmeta_digest.txt")
+ with open(vbmeta_digest_txt, 'w') as f:
+ f.write(digest)
+
if output_zip:
common.ZipClose(output_zip)
if OPTIONS.replace_updated_files_list:
diff --git a/tools/releasetools/jarjar-rules.txt b/tools/releasetools/jarjar-rules.txt
new file mode 100644
index 0000000..40043a8
--- /dev/null
+++ b/tools/releasetools/jarjar-rules.txt
@@ -0,0 +1 @@
+rule com.google.protobuf.nano.** com.android.framework.protobuf.nano.@1
diff --git a/tools/releasetools/ota_metadata.proto b/tools/releasetools/ota_metadata.proto
index 7aaca6f..ed9d0c3 100644
--- a/tools/releasetools/ota_metadata.proto
+++ b/tools/releasetools/ota_metadata.proto
@@ -23,6 +23,8 @@
package build.tools.releasetools;
option optimize_for = LITE_RUNTIME;
+option java_package = "android.ota";
+option java_outer_classname = "OtaPackageMetadata";
// The build information of a particular partition on the device.
message PartitionState {
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 0281e27..dd2de36 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -629,6 +629,10 @@
elif OPTIONS.replace_verity_keyid and filename == "BOOT/cmdline":
pass
+ # Skip the vbmeta digest as we will recalculate it.
+ elif filename == "META/vbmeta_digest.txt":
+ pass
+
# Skip the care_map as we will regenerate the system/vendor images.
elif filename in ["META/care_map.pb", "META/care_map.txt"]:
pass
diff --git a/tools/releasetools/test_verity_utils.py b/tools/releasetools/test_verity_utils.py
index a850390..e2a022a 100644
--- a/tools/releasetools/test_verity_utils.py
+++ b/tools/releasetools/test_verity_utils.py
@@ -27,7 +27,8 @@
from test_utils import (
get_testdata_dir, ReleaseToolsTestCase, SkipIfExternalToolsUnavailable)
from verity_utils import (
- CreateHashtreeInfoGenerator, CreateVerityImageBuilder, HashtreeInfo,
+ CalculateVbmetaDigest, CreateHashtreeInfoGenerator,
+ CreateVerityImageBuilder, HashtreeInfo,
VerifiedBootVersion1HashtreeInfoGenerator)
BLOCK_SIZE = common.BLOCK_SIZE
@@ -388,3 +389,31 @@
self.assertLess(
_SizeCalculator(min_partition_size - BLOCK_SIZE),
image_size)
+
+ @SkipIfExternalToolsUnavailable()
+ def test_CalculateVbmetaDigest(self):
+ prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT)
+ verity_image_builder = CreateVerityImageBuilder(prop_dict)
+ self.assertEqual(2, verity_image_builder.version)
+
+ input_dir = common.MakeTempDir()
+ image_dir = common.MakeTempDir()
+ os.mkdir(os.path.join(image_dir, 'IMAGES'))
+ system_image = os.path.join(image_dir, 'IMAGES', 'system.img')
+ system_image_size = verity_image_builder.CalculateMaxImageSize()
+ cmd = ['mkuserimg_mke2fs', input_dir, system_image, 'ext4', '/system',
+ str(system_image_size), '-j', '0', '-s']
+ common.RunAndCheckOutput(cmd)
+ verity_image_builder.Build(system_image)
+
+ # Additionally make vbmeta image
+ vbmeta_image = os.path.join(image_dir, 'IMAGES', 'vbmeta.img')
+ cmd = ['avbtool', 'make_vbmeta_image', '--include_descriptors_from_image',
+ system_image, '--output', vbmeta_image]
+ common.RunAndCheckOutput(cmd)
+
+ # Verify the verity metadata.
+ cmd = ['avbtool', 'verify_image', '--image', vbmeta_image]
+ common.RunAndCheckOutput(cmd)
+ digest = CalculateVbmetaDigest(image_dir, 'avbtool')
+ self.assertIsNotNone(digest)
diff --git a/tools/releasetools/verity_utils.py b/tools/releasetools/verity_utils.py
index 8faa2d1..a08ddbe 100644
--- a/tools/releasetools/verity_utils.py
+++ b/tools/releasetools/verity_utils.py
@@ -26,6 +26,7 @@
import os.path
import shlex
import struct
+import sys
import common
import sparse_img
@@ -739,6 +740,30 @@
return int(output.split()[0]) * 1024
+def CalculateVbmetaDigest(extracted_dir, avbtool):
+ """Calculates the vbmeta digest of the images in the extracted target_file"""
+
+ images_dir = common.MakeTempDir()
+ for name in ("PREBUILT_IMAGES", "RADIO", "IMAGES"):
+ path = os.path.join(extracted_dir, name)
+ if not os.path.exists(path):
+ continue
+
+ # Create symlink for image files under PREBUILT_IMAGES, RADIO and IMAGES,
+ # and put them into one directory.
+ for filename in os.listdir(path):
+ if not filename.endswith(".img"):
+ continue
+ symlink_path = os.path.join(images_dir, filename)
+ # The files in latter directory overwrite the existing links
+ common.RunAndCheckOutput(
+ ['ln', '-sf', os.path.join(path, filename), symlink_path])
+
+ cmd = [avbtool, "calculate_vbmeta_digest", "--image",
+ os.path.join(images_dir, 'vbmeta.img')]
+ return common.RunAndCheckOutput(cmd)
+
+
def main(argv):
if len(argv) != 2:
print(__doc__)