Merge "[Bugfix][Coredump] Fix coredump_enable() in envsetup.sh"
diff --git a/core/soong_cc_rust_prebuilt.mk b/core/soong_cc_rust_prebuilt.mk
index 07e577a..05b4b6b 100644
--- a/core/soong_cc_rust_prebuilt.mk
+++ b/core/soong_cc_rust_prebuilt.mk
@@ -50,6 +50,28 @@
# to avoid checkbuilds making an extra copy of every module.
LOCAL_CHECKED_MODULE := $(LOCAL_PREBUILT_MODULE_FILE)
+my_check_same_vndk_variants :=
+same_vndk_variants_stamp :=
+ifeq ($(LOCAL_CHECK_SAME_VNDK_VARIANTS),true)
+ ifeq ($(filter hwaddress address, $(SANITIZE_TARGET)),)
+ ifneq ($(CLANG_COVERAGE),true)
+ # Do not compare VNDK variant for special cases e.g. coverage builds.
+ ifneq ($(SKIP_VNDK_VARIANTS_CHECK),true)
+ my_check_same_vndk_variants := true
+ same_vndk_variants_stamp := $(call local-intermediates-dir,,$(LOCAL_2ND_ARCH_VAR_PREFIX))/same_vndk_variants.timestamp
+ endif
+ endif
+ endif
+endif
+
+ifeq ($(my_check_same_vndk_variants),true)
+ # Add the timestamp to the CHECKED list so that `checkbuild` can run it.
+ # Note that because `checkbuild` doesn't check LOCAL_BUILT_MODULE for soong-built modules adding
+ # the timestamp to LOCAL_BUILT_MODULE isn't enough. It is skipped when the vendor variant
+ # isn't used at all and it may break in the downstream trees.
+ LOCAL_ADDITIONAL_CHECKED_MODULE := $(same_vndk_variants_stamp)
+endif
+
#######################################
include $(BUILD_SYSTEM)/base_rules.mk
#######################################
@@ -125,21 +147,7 @@
endif
endif
-my_check_same_vndk_variants :=
-ifeq ($(LOCAL_CHECK_SAME_VNDK_VARIANTS),true)
- ifeq ($(filter hwaddress address, $(SANITIZE_TARGET)),)
- ifneq ($(CLANG_COVERAGE),true)
- # Do not compare VNDK variant for special cases e.g. coverage builds.
- ifneq ($(SKIP_VNDK_VARIANTS_CHECK),true)
- my_check_same_vndk_variants := true
- endif
- endif
- endif
-endif
-
ifeq ($(my_check_same_vndk_variants),true)
- same_vndk_variants_stamp := $(intermediates)/same_vndk_variants.timestamp
-
my_core_register_name := $(subst .vendor,,$(subst .product,,$(my_register_name)))
my_core_variant_files := $(call module-target-built-files,$(my_core_register_name))
my_core_shared_lib := $(sort $(filter %.so,$(my_core_variant_files)))
diff --git a/envsetup.sh b/envsetup.sh
index 979848d..c9b1b54 100644
--- a/envsetup.sh
+++ b/envsetup.sh
@@ -880,7 +880,7 @@
fi
if [ -z "$product" ]; then
- product=arm
+ product=arm64
elif [ $(echo $product | wc -w) -gt 1 ]; then
echo "banchan: Error: Multiple build archs or products supplied: $products"
return
diff --git a/orchestrator/README b/orchestrator/README
index ce6f5c3..9a1e302 100644
--- a/orchestrator/README
+++ b/orchestrator/README
@@ -2,6 +2,7 @@
from the root of the workspace
-ln -fs ../build/build/orchestrator/inner_build/inner_build_demo.py master/.inner_build
-ln -fs ../build/build/orchestrator/inner_build/inner_build_demo.py sc-mainline-prod/.inner_build
+multitree_lunch build/build/make/orchestrator/test_workspace/combo.mcombo eng
+
+rm -rf out && multitree_build && echo "==== Files ====" && find out -type f
diff --git a/orchestrator/core/api_assembly.py b/orchestrator/core/api_assembly.py
index bd1c440..d7abef7 100644
--- a/orchestrator/core/api_assembly.py
+++ b/orchestrator/core/api_assembly.py
@@ -34,7 +34,7 @@
contributions = []
for tree_key, filenames in contribution_files_dict.items():
for filename in filenames:
- json_data = load_contribution_file(filename)
+ json_data = load_contribution_file(context, filename)
if not json_data:
continue
# TODO: Validate the configs, especially that the domains match what we asked for
@@ -76,13 +76,14 @@
return result
-def load_contribution_file(filename):
+def load_contribution_file(context, filename):
"Load and return the API contribution at filename. On error report error and return None."
with open(filename) as f:
try:
return json.load(f)
except json.decoder.JSONDecodeError as ex:
# TODO: Error reporting
+ context.errors.error(ex.msg, filename, ex.lineno, ex.colno)
raise ex
diff --git a/orchestrator/core/api_assembly_cc.py b/orchestrator/core/api_assembly_cc.py
index 15bc98a..ca9b2a4 100644
--- a/orchestrator/core/api_assembly_cc.py
+++ b/orchestrator/core/api_assembly_cc.py
@@ -17,17 +17,10 @@
import os
def assemble_cc_api_library(context, ninja, build_file, stub_library):
- print("\nassembling cc_api_library %s-%s %s from:" % (stub_library.api_surface,
- stub_library.api_surface_version, stub_library.name))
- for contrib in stub_library.contributions:
- print(" %s %s" % (contrib.api_domain, contrib.library_contribution))
-
staging_dir = context.out.api_library_dir(stub_library.api_surface,
stub_library.api_surface_version, stub_library.name)
work_dir = context.out.api_library_work_dir(stub_library.api_surface,
stub_library.api_surface_version, stub_library.name)
- print("staging_dir=%s" % (staging_dir))
- print("work_dir=%s" % (work_dir))
# Generate rules to copy headers
includes = []
diff --git a/orchestrator/core/final_packaging.py b/orchestrator/core/final_packaging.py
index 693a716..03fe890 100644
--- a/orchestrator/core/final_packaging.py
+++ b/orchestrator/core/final_packaging.py
@@ -13,10 +13,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+import json
+import os
+import sys
+
import ninja_tools
import ninja_syntax # Has to be after ninja_tools because of the path hack
-def final_packaging(context):
+def final_packaging(context, inner_trees):
"""Pull together all of the previously defined rules into the final build stems."""
with open(context.out.outer_ninja_file(), "w") as ninja_file:
@@ -25,5 +29,89 @@
# Add the api surfaces file
ninja.add_subninja(ninja_syntax.Subninja(context.out.api_ninja_file(), chDir=None))
+ # For each inner tree
+ for tree in inner_trees.keys():
+ # TODO: Verify that inner_tree.ninja was generated
+
+ # Read and verify file
+ build_targets = read_build_targets_json(context, tree)
+ if not build_targets:
+ continue
+
+ # Generate the ninja and build files for this inner tree
+ generate_cross_domain_build_rules(context, ninja, tree, build_targets)
+
# Finish writing the ninja file
ninja.write()
+
+
+def read_build_targets_json(context, tree):
+ """Read and validate the build_targets.json file for the given tree."""
+ try:
+ f = open(tree.out.build_targets_file())
+ except FileNotFoundError:
+ # It's allowed not to have any artifacts (e.g. if a tree is a light tree with only APIs)
+ return None
+
+ data = None
+ with f:
+ try:
+ data = json.load(f)
+ except json.decoder.JSONDecodeError as ex:
+ sys.stderr.write("Error parsing file: %s\n" % tree.out.build_targets_file())
+ # TODO: Error reporting
+ raise ex
+
+ # TODO: Better error handling
+ # TODO: Validate json schema
+ return data
+
+
+def generate_cross_domain_build_rules(context, ninja, tree, build_targets):
+ "Generate the ninja and build files for the inner tree."
+ # Include the inner tree's inner_tree.ninja
+ ninja.add_subninja(ninja_syntax.Subninja(tree.out.main_ninja_file(), chDir=tree.root))
+
+ # Generate module rules and files
+ for module in build_targets.get("modules", []):
+ generate_shared_module(context, ninja, tree, module)
+
+ # Generate staging rules
+ staging_dir = context.out.staging_dir()
+ for staged in build_targets.get("staging", []):
+ # TODO: Enforce that dest isn't in disallowed subdir of out or absolute
+ dest = staged["dest"]
+ dest = os.path.join(staging_dir, dest)
+ if "src" in staged and "obj" in staged:
+ context.errors.error("Can't have both \"src\" and \"obj\" tags in \"staging\" entry."
+ ) # TODO: Filename and line if possible
+ if "src" in staged:
+ ninja.add_copy_file(dest, os.path.join(tree.root, staged["src"]))
+ elif "obj" in staged:
+ ninja.add_copy_file(dest, os.path.join(tree.out.root(), staged["obj"]))
+ ninja.add_global_phony("staging", [dest])
+
+ # Generate dist rules
+ dist_dir = context.out.dist_dir()
+ for disted in build_targets.get("dist", []):
+ # TODO: Enforce that dest absolute
+ dest = disted["dest"]
+ dest = os.path.join(dist_dir, dest)
+ ninja.add_copy_file(dest, os.path.join(tree.root, disted["src"]))
+ ninja.add_global_phony("dist", [dest])
+
+
+def generate_shared_module(context, ninja, tree, module):
+ """Generate ninja rules for the given build_targets.json defined module."""
+ module_name = module["name"]
+ module_type = module["type"]
+ share_dir = context.out.module_share_dir(module_type, module_name)
+ src_file = os.path.join(tree.root, module["file"])
+
+ if module_type == "apex":
+ ninja.add_copy_file(os.path.join(share_dir, module_name + ".apex"), src_file)
+ # TODO: Generate build file
+
+ else:
+ # TODO: Better error handling
+ raise Exception("Invalid module type: %s" % module)
diff --git a/orchestrator/core/inner_tree.py b/orchestrator/core/inner_tree.py
index 4383dd8..d348ee7 100644
--- a/orchestrator/core/inner_tree.py
+++ b/orchestrator/core/inner_tree.py
@@ -36,23 +36,38 @@
def __hash__(self):
return hash((self.root, self.product))
+ def _cmp(self, other):
+ if self.root < other.root:
+ return -1
+ if self.root > other.root:
+ return 1
+ if self.product == other.product:
+ return 0
+ if self.product is None:
+ return -1
+ if other.product is None:
+ return 1
+ if self.product < other.product:
+ return -1
+ return 1
+
def __eq__(self, other):
- return (self.root == other.root and self.product == other.product)
+ return self._cmp(other) == 0
def __ne__(self, other):
- return not self.__eq__(other)
+ return self._cmp(other) != 0
def __lt__(self, other):
- return (self.root, self.product) < (other.root, other.product)
+ return self._cmp(other) < 0
def __le__(self, other):
- return (self.root, self.product) <= (other.root, other.product)
+ return self._cmp(other) <= 0
def __gt__(self, other):
- return (self.root, self.product) > (other.root, other.product)
+ return self._cmp(other) > 0
def __ge__(self, other):
- return (self.root, self.product) >= (other.root, other.product)
+ return self._cmp(other) >= 0
class InnerTree(object):
@@ -62,7 +77,12 @@
self.product = product
self.domains = {}
# TODO: Base directory on OUT_DIR
- self.out = OutDirLayout(context.out.inner_tree_dir(root))
+ out_root = context.out.inner_tree_dir(root)
+ if product:
+ out_root += "_" + product
+ else:
+ out_root += "_unbundled"
+ self.out = OutDirLayout(out_root)
def __str__(self):
return "InnerTree(root=%s product=%s domains=[%s])" % (enquote(self.root),
@@ -138,6 +158,11 @@
"""Get an inner tree for tree_key"""
return self.trees.get(tree_key)
+ def keys(self):
+ "Get the keys for the inner trees in name order."
+ return [self.trees[k] for k in sorted(self.trees.keys())]
+
+
class OutDirLayout(object):
"""Encapsulates the logic about the layout of the inner tree out directories.
See also context.OutDir for outer tree out dir contents."""
@@ -155,6 +180,12 @@
def api_contributions_dir(self):
return os.path.join(self._root, "api_contributions")
+ def build_targets_file(self):
+ return os.path.join(self._root, "build_targets.json")
+
+ def main_ninja_file(self):
+ return os.path.join(self._root, "inner_tree.ninja")
+
def enquote(s):
return "None" if s is None else "\"%s\"" % s
diff --git a/orchestrator/core/ninja_runner.py b/orchestrator/core/ninja_runner.py
index 906f1ae..ab81d66 100644
--- a/orchestrator/core/ninja_runner.py
+++ b/orchestrator/core/ninja_runner.py
@@ -14,6 +14,7 @@
# limitations under the License.
import subprocess
+import sys
def run_ninja(context, targets):
"""Run ninja.
diff --git a/orchestrator/core/ninja_tools.py b/orchestrator/core/ninja_tools.py
index c676907..16101ea 100644
--- a/orchestrator/core/ninja_tools.py
+++ b/orchestrator/core/ninja_tools.py
@@ -30,6 +30,7 @@
super(Ninja, self).__init__(file)
self._context = context
self._did_copy_file = False
+ self._phonies = {}
def add_copy_file(self, copy_to, copy_from):
if not self._did_copy_file:
@@ -43,4 +44,16 @@
build_action.add_variable("out_dir", os.path.dirname(copy_to))
self.add_build_action(build_action)
+ def add_global_phony(self, name, deps):
+ """Add a phony target where there are multiple places that will want to add to
+ the same phony. If you can, to save memory, use add_phony instead of this function."""
+ if type(deps) not in (list, tuple):
+ raise Exception("Assertion failed: bad type of deps: %s" % type(deps))
+ self._phonies.setdefault(name, []).extend(deps)
+
+ def write(self):
+ for phony, deps in self._phonies.items():
+ self.add_phony(phony, deps)
+ super(Ninja, self).write()
+
diff --git a/orchestrator/core/orchestrator.py b/orchestrator/core/orchestrator.py
index bb0885d..508f73a 100755
--- a/orchestrator/core/orchestrator.py
+++ b/orchestrator/core/orchestrator.py
@@ -24,6 +24,7 @@
import api_export
import final_packaging
import inner_tree
+import tree_analysis
import interrogate
import lunch
import ninja_runner
@@ -67,14 +68,10 @@
def build():
- #
- # Load lunch combo
- #
-
# Choose the out directory, set up error handling, etc.
context = utils.Context(utils.choose_out_dir(), utils.Errors(sys.stderr))
- # Read the config file
+ # Read the lunch config file
try:
config_file, config, variant = lunch.load_current_config()
except lunch.ConfigException as ex:
@@ -85,44 +82,31 @@
# Construct the trees and domains dicts
inner_trees = process_config(context, config)
- #
# 1. Interrogate the trees
- #
inner_trees.for_each_tree(interrogate.interrogate_tree)
# TODO: Detect bazel-only mode
- #
# 2a. API Export
- #
inner_trees.for_each_tree(api_export.export_apis_from_tree)
- #
# 2b. API Surface Assembly
- #
api_assembly.assemble_apis(context, inner_trees)
- #
- # 3a. API Domain Analysis
- #
+ # 3a. Inner tree analysis
+ tree_analysis.analyze_trees(context, inner_trees)
- #
# 3b. Final Packaging Rules
- #
- final_packaging.final_packaging(context)
+ final_packaging.final_packaging(context, inner_trees)
- #
# 4. Build Execution
- #
# TODO: Decide what we want the UX for selecting targets to be across
# branches... since there are very likely to be conflicting soong short
# names.
print("Running ninja...")
- targets = ["public_api-1-libhwui", "public_api-1-libc"]
+ targets = ["staging", "system"]
ninja_runner.run_ninja(context, targets)
- #
# Success!
- #
return EXIT_STATUS_OK
def main(argv):
diff --git a/orchestrator/core/tree_analysis.py b/orchestrator/core/tree_analysis.py
new file mode 100644
index 0000000..052cad6
--- /dev/null
+++ b/orchestrator/core/tree_analysis.py
@@ -0,0 +1,24 @@
+# Copyright (C) 2022 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+def analyze_trees(context, inner_trees):
+ inner_trees.for_each_tree(run_analysis)
+
+def run_analysis(tree_key, inner_tree, cookie):
+ inner_tree.invoke(["analyze"])
+
+
+
+
diff --git a/orchestrator/core/utils.py b/orchestrator/core/utils.py
index bb7f8ad..41310e0 100644
--- a/orchestrator/core/utils.py
+++ b/orchestrator/core/utils.py
@@ -38,33 +38,42 @@
def __init__(self, root):
"Initialize with the root of the OUT_DIR for the outer tree."
- self._root = root
+ self._out_root = root
self._intermediates = "intermediates"
def root(self):
- return self._root
+ return self._out_root
def inner_tree_dir(self, tree_root):
"""Root directory for inner tree inside the out dir."""
- return os.path.join(self._root, "trees", tree_root)
+ return os.path.join(self._out_root, "trees", tree_root)
def api_ninja_file(self):
"""The ninja file that assembles API surfaces."""
- return os.path.join(self._root, "api_surfaces.ninja")
+ return os.path.join(self._out_root, "api_surfaces.ninja")
def api_library_dir(self, surface, version, library):
"""Directory for all the contents of a library inside an API surface, including
the build files. Any intermediates should go in api_library_work_dir."""
- return os.path.join(self._root, "api_surfaces", surface, str(version), library)
+ return os.path.join(self._out_root, "api_surfaces", surface, str(version), library)
def api_library_work_dir(self, surface, version, library):
"""Intermediates / scratch directory for library inside an API surface."""
- return os.path.join(self._root, self._intermediates, "api_surfaces", surface, str(version),
- library)
+ return os.path.join(self._out_root, self._intermediates, "api_surfaces", surface,
+ str(version), library)
def outer_ninja_file(self):
- return os.path.join(self._root, "multitree.ninja")
+ return os.path.join(self._out_root, "multitree.ninja")
+ def module_share_dir(self, module_type, module_name):
+ return os.path.join(self._out_root, "shared", module_type, module_name)
+
+ def staging_dir(self):
+ return os.path.join(self._out_root, "staging")
+
+ def dist_dir(self):
+ "The DIST_DIR provided or out/dist" # TODO: Look at DIST_DIR
+ return os.path.join(self._out_root, "dist")
class Errors(object):
"""Class for reporting and tracking errors."""
@@ -73,9 +82,21 @@
self._stream = stream
self._all = []
- def error(self, message):
+ def error(self, message, file=None, line=None, col=None):
"""Record the error message."""
- s = str(s)
+ s = ""
+ if file:
+ s += str(file)
+ s += ":"
+ if line:
+ s += str(line)
+ s += ":"
+ if col:
+ s += str(col)
+ s += ":"
+ if s:
+ s += " "
+ s += str(message)
if s[-1] != "\n":
s += "\n"
self._all.append(s)
diff --git a/orchestrator/inner_build/common.py b/orchestrator/inner_build/common.py
index 6919e04..382844b 100644
--- a/orchestrator/inner_build/common.py
+++ b/orchestrator/inner_build/common.py
@@ -40,6 +40,10 @@
export_parser = subparsers.add_parser("export_api_contributions",
help="export the API contributions of this inner tree")
+ # create the parser for the "b" command
+ export_parser = subparsers.add_parser("analyze",
+ help="main build analysis for this inner tree")
+
# Parse the arguments
return parser.parse_args(argv)
diff --git a/orchestrator/inner_build/inner_build_demo.py b/orchestrator/inner_build/inner_build_demo.py
index 9aafb4d..264739b 100755
--- a/orchestrator/inner_build/inner_build_demo.py
+++ b/orchestrator/inner_build/inner_build_demo.py
@@ -44,93 +44,60 @@
mkdirs(contributions_dir)
if "system" in args.api_domain:
- with open(os.path.join(contributions_dir, "public_api-1.json"), "w") as f:
+ with open(os.path.join(contributions_dir, "api_a-1.json"), "w") as f:
# 'name: android' is android.jar
f.write(textwrap.dedent("""\
{
- "name": "public_api",
+ "name": "api_a",
"version": 1,
"api_domain": "system",
"cc_libraries": [
{
- "name": "libhwui",
+ "name": "libhello1",
"headers": [
{
- "root": "frameworks/base/libs/hwui/apex/include",
+ "root": "build/build/make/orchestrator/test_workspace/inner_tree_1",
"files": [
- "android/graphics/jni_runtime.h",
- "android/graphics/paint.h",
- "android/graphics/matrix.h",
- "android/graphics/canvas.h",
- "android/graphics/renderthread.h",
- "android/graphics/bitmap.h",
- "android/graphics/region.h"
+ "hello1.h"
]
}
],
"api": [
- "frameworks/base/libs/hwui/libhwui.map.txt"
- ]
- }
- ],
- "java_libraries": [
- {
- "name": "android",
- "api": [
- "frameworks/base/core/api/current.txt"
- ]
- }
- ],
- "resource_libraries": [
- {
- "name": "android",
- "api": "frameworks/base/core/res/res/values/public.xml"
- }
- ],
- "host_executables": [
- {
- "name": "aapt2",
- "binary": "out/host/bin/aapt2",
- "runfiles": [
- "../lib/todo.so"
- ]
- }
- ]
- }"""))
- elif "com.android.bionic" in args.api_domain:
- with open(os.path.join(contributions_dir, "public_api-1.json"), "w") as f:
- # 'name: android' is android.jar
- f.write(textwrap.dedent("""\
- {
- "name": "public_api",
- "version": 1,
- "api_domain": "system",
- "cc_libraries": [
- {
- "name": "libc",
- "headers": [
- {
- "root": "bionic/libc/include",
- "files": [
- "stdio.h",
- "sys/klog.h"
- ]
- }
- ],
- "api": "bionic/libc/libc.map.txt"
- }
- ],
- "java_libraries": [
- {
- "name": "android",
- "api": [
- "frameworks/base/libs/hwui/api/current.txt"
+ "build/build/make/orchestrator/test_workspace/inner_tree_1/libhello1"
]
}
]
}"""))
-
+ def analyze(self, args):
+ if "system" in args.api_domain:
+ # Nothing to export in this demo
+ # Write a fake inner_tree.ninja; what the inner tree would have generated
+ with open(os.path.join(args.out_dir, "inner_tree.ninja"), "w") as f:
+ # TODO: Note that this uses paths relative to the workspace not the iner tree
+ # for demo purposes until we get the ninja chdir change in.
+ f.write(textwrap.dedent("""\
+ rule compile_c
+ command = mkdir -p ${out_dir} && g++ -c ${cflags} -o ${out} ${in}
+ rule link_so
+ command = mkdir -p ${out_dir} && gcc -shared -o ${out} ${in}
+ build %(OUT_DIR)s/libhello1/hello1.o: compile_c build/build/make/orchestrator/test_workspace/inner_tree_1/libhello1/hello1.c
+ out_dir = %(OUT_DIR)s/libhello1
+ cflags = -Ibuild/build/make/orchestrator/test_workspace/inner_tree_1/libhello1/include
+ build %(OUT_DIR)s/libhello1/libhello1.so: link_so %(OUT_DIR)s/libhello1/hello1.o
+ out_dir = %(OUT_DIR)s/libhello1
+ build system: phony %(OUT_DIR)s/libhello1/libhello1.so
+ """ % { "OUT_DIR": args.out_dir }))
+ with open(os.path.join(args.out_dir, "build_targets.json"), "w") as f:
+ f.write(textwrap.dedent("""\
+ {
+ "staging": [
+ {
+ "dest": "staging/system/lib/libhello1.so",
+ "obj": "libhello1/libhello1.so"
+ }
+ ]
+ }""" % { "OUT_DIR": args.out_dir }))
def main(argv):
return InnerBuildSoong().Run(argv)
diff --git a/orchestrator/test_workspace/combo.mcombo b/orchestrator/test_workspace/combo.mcombo
new file mode 100644
index 0000000..8200dc0
--- /dev/null
+++ b/orchestrator/test_workspace/combo.mcombo
@@ -0,0 +1,17 @@
+{
+ "lunchable": true,
+ "system": {
+ "tree": "build/build/make/orchestrator/test_workspace/inner_tree_1",
+ "product": "test_product1"
+ },
+ "vendor": {
+ "tree": "build/build/make/orchestrator/test_workspace/inner_tree_1",
+ "product": "test_product2"
+ },
+ "modules": {
+ "module_1": {
+ "tree": "build/build/make/orchestrator/test_workspace/inner_tree_1"
+ }
+ }
+}
+
diff --git a/orchestrator/test_workspace/inner_tree_1/.inner_build b/orchestrator/test_workspace/inner_tree_1/.inner_build
new file mode 120000
index 0000000..d8f235f
--- /dev/null
+++ b/orchestrator/test_workspace/inner_tree_1/.inner_build
@@ -0,0 +1 @@
+../../inner_build/inner_build_demo.py
\ No newline at end of file
diff --git a/orchestrator/test_workspace/inner_tree_1/libhello1/hello1.c b/orchestrator/test_workspace/inner_tree_1/libhello1/hello1.c
new file mode 100644
index 0000000..1415082
--- /dev/null
+++ b/orchestrator/test_workspace/inner_tree_1/libhello1/hello1.c
@@ -0,0 +1,8 @@
+#include <stdio.h>
+
+#include "hello1.h"
+
+void hello1(void) {
+ printf("hello1");
+}
+
diff --git a/orchestrator/test_workspace/inner_tree_1/libhello1/include/hello1.h b/orchestrator/test_workspace/inner_tree_1/libhello1/include/hello1.h
new file mode 100644
index 0000000..0309c1c
--- /dev/null
+++ b/orchestrator/test_workspace/inner_tree_1/libhello1/include/hello1.h
@@ -0,0 +1,4 @@
+#pragma once
+
+extern "C" void hello1(void);
+
diff --git a/target/product/generic_ramdisk.mk b/target/product/generic_ramdisk.mk
index 5b58b0a..c7dcd60 100644
--- a/target/product/generic_ramdisk.mk
+++ b/target/product/generic_ramdisk.mk
@@ -22,9 +22,6 @@
# Ramdisk
PRODUCT_PACKAGES += \
init_first_stage \
- e2fsck.ramdisk \
- fsck.f2fs.ramdisk \
- tune2fs.ramdisk \
snapuserd_ramdisk \
# Debug ramdisk
diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py
index 3f13a4a..941edc6 100644
--- a/tools/releasetools/apex_utils.py
+++ b/tools/releasetools/apex_utils.py
@@ -54,7 +54,7 @@
class ApexApkSigner(object):
"""Class to sign the apk files and other files in an apex payload image and repack the apex"""
- def __init__(self, apex_path, key_passwords, codename_to_api_level_map, avbtool=None, sign_tool=None, fsverity_tool=None):
+ def __init__(self, apex_path, key_passwords, codename_to_api_level_map, avbtool=None, sign_tool=None):
self.apex_path = apex_path
if not key_passwords:
self.key_passwords = dict()
@@ -65,9 +65,8 @@
OPTIONS.search_path, "bin", "debugfs_static")
self.avbtool = avbtool if avbtool else "avbtool"
self.sign_tool = sign_tool
- self.fsverity_tool = fsverity_tool if fsverity_tool else "fsverity"
- def ProcessApexFile(self, apk_keys, payload_key, signing_args=None, is_sepolicy=False, sepolicy_key=None, sepolicy_cert=None):
+ def ProcessApexFile(self, apk_keys, payload_key, signing_args=None):
"""Scans and signs the payload files and repack the apex
Args:
@@ -85,14 +84,10 @@
self.debugfs_path, 'list', self.apex_path]
entries_names = common.RunAndCheckOutput(list_cmd).split()
apk_entries = [name for name in entries_names if name.endswith('.apk')]
- sepolicy_entries = []
- if is_sepolicy:
- sepolicy_entries = [name for name in entries_names if
- name.startswith('./etc/SEPolicy') and name.endswith('.zip')]
# No need to sign and repack, return the original apex path.
- if not apk_entries and not sepolicy_entries and self.sign_tool is None:
- logger.info('No payload (apk or zip) file to sign in %s', self.apex_path)
+ if not apk_entries and self.sign_tool is None:
+ logger.info('No apk file to sign in %s', self.apex_path)
return self.apex_path
for entry in apk_entries:
@@ -106,16 +101,15 @@
logger.warning('Apk path does not contain the intended directory name:'
' %s', entry)
- payload_dir, has_signed_content = self.ExtractApexPayloadAndSignContents(apk_entries,
- apk_keys, payload_key, sepolicy_entries, sepolicy_key, sepolicy_cert, signing_args)
+ payload_dir, has_signed_content = self.ExtractApexPayloadAndSignContents(
+ apk_entries, apk_keys, payload_key, signing_args)
if not has_signed_content:
logger.info('No contents has been signed in %s', self.apex_path)
return self.apex_path
return self.RepackApexPayload(payload_dir, payload_key, signing_args)
- def ExtractApexPayloadAndSignContents(self, apk_entries, apk_keys, payload_key,
- sepolicy_entries, sepolicy_key, sepolicy_cert, signing_args):
+ def ExtractApexPayloadAndSignContents(self, apk_entries, apk_keys, payload_key, signing_args):
"""Extracts the payload image and signs the containing apk files."""
if not os.path.exists(self.debugfs_path):
raise ApexSigningError(
@@ -147,11 +141,6 @@
codename_to_api_level_map=self.codename_to_api_level_map)
has_signed_content = True
- for entry in sepolicy_entries:
- sepolicy_key = sepolicy_key if sepolicy_key else payload_key
- self.SignSePolicy(payload_dir, entry, sepolicy_key, sepolicy_cert)
- has_signed_content = True
-
if self.sign_tool:
logger.info('Signing payload contents in apex %s with %s', self.apex_path, self.sign_tool)
# Pass avbtool to the custom signing tool
@@ -165,36 +154,6 @@
return payload_dir, has_signed_content
- def SignSePolicy(self, payload_dir, sepolicy_zip, sepolicy_key, sepolicy_cert):
- sepolicy_sig = sepolicy_zip + '.sig'
- sepolicy_fsv_sig = sepolicy_zip + '.fsv_sig'
-
- policy_zip_path = os.path.join(payload_dir, sepolicy_zip)
- sig_out_path = os.path.join(payload_dir, sepolicy_sig)
- sig_old = sig_out_path + '.old'
- if os.path.exists(sig_out_path):
- os.rename(sig_out_path, sig_old)
- sign_cmd = ['openssl', 'dgst', '-sign', sepolicy_key, '-keyform', 'PEM', '-sha256',
- '-out', sig_out_path, '-binary', policy_zip_path]
- common.RunAndCheckOutput(sign_cmd)
- if os.path.exists(sig_old):
- os.remove(sig_old)
-
- if not sepolicy_cert:
- logger.info('No cert provided for SEPolicy, skipping fsverity sign')
- return
-
- fsv_sig_out_path = os.path.join(payload_dir, sepolicy_fsv_sig)
- fsv_sig_old = fsv_sig_out_path + '.old'
- if os.path.exists(fsv_sig_out_path):
- os.rename(fsv_sig_out_path, fsv_sig_old)
-
- fsverity_cmd = [self.fsverity_tool, 'sign', policy_zip_path, fsv_sig_out_path,
- '--key=' + sepolicy_key, '--cert=' + sepolicy_cert]
- common.RunAndCheckOutput(fsverity_cmd)
- if os.path.exists(fsv_sig_old):
- os.remove(fsv_sig_old)
-
def RepackApexPayload(self, payload_dir, payload_key, signing_args=None):
"""Rebuilds the apex file with the updated payload directory."""
apex_dir = common.MakeTempDir()
@@ -365,9 +324,7 @@
def SignUncompressedApex(avbtool, apex_file, payload_key, container_key,
container_pw, apk_keys, codename_to_api_level_map,
- no_hashtree, signing_args=None, sign_tool=None,
- is_sepolicy=False, sepolicy_key=None, sepolicy_cert=None,
- fsverity_tool=None):
+ no_hashtree, signing_args=None, sign_tool=None):
"""Signs the current uncompressed APEX with the given payload/container keys.
Args:
@@ -380,10 +337,6 @@
no_hashtree: Don't include hashtree in the signed APEX.
signing_args: Additional args to be passed to the payload signer.
sign_tool: A tool to sign the contents of the APEX.
- is_sepolicy: Indicates if the apex is a sepolicy.apex
- sepolicy_key: Key to sign a sepolicy zip.
- sepolicy_cert: Cert to sign a sepolicy zip.
- fsverity_tool: fsverity path to sign sepolicy zip.
Returns:
The path to the signed APEX file.
@@ -392,9 +345,8 @@
# the apex file after signing.
apk_signer = ApexApkSigner(apex_file, container_pw,
codename_to_api_level_map,
- avbtool, sign_tool, fsverity_tool)
- apex_file = apk_signer.ProcessApexFile(
- apk_keys, payload_key, signing_args, is_sepolicy, sepolicy_key, sepolicy_cert)
+ avbtool, sign_tool)
+ apex_file = apk_signer.ProcessApexFile(apk_keys, payload_key, signing_args)
# 2a. Extract and sign the APEX_PAYLOAD_IMAGE entry with the given
# payload_key.
@@ -448,9 +400,7 @@
def SignCompressedApex(avbtool, apex_file, payload_key, container_key,
container_pw, apk_keys, codename_to_api_level_map,
- no_hashtree, signing_args=None, sign_tool=None,
- is_sepolicy=False, sepolicy_key=None, sepolicy_cert=None,
- fsverity_tool=None):
+ no_hashtree, signing_args=None, sign_tool=None):
"""Signs the current compressed APEX with the given payload/container keys.
Args:
@@ -462,10 +412,6 @@
codename_to_api_level_map: A dict that maps from codename to API level.
no_hashtree: Don't include hashtree in the signed APEX.
signing_args: Additional args to be passed to the payload signer.
- is_sepolicy: Indicates if the apex is a sepolicy.apex
- sepolicy_key: Key to sign a sepolicy zip.
- sepolicy_cert: Cert to sign a sepolicy zip.
- fsverity_tool: fsverity path to sign sepolicy zip.
Returns:
The path to the signed APEX file.
@@ -492,11 +438,7 @@
codename_to_api_level_map,
no_hashtree,
signing_args,
- sign_tool,
- is_sepolicy,
- sepolicy_key,
- sepolicy_cert,
- fsverity_tool)
+ sign_tool)
# 3. Compress signed original apex.
compressed_apex_file = common.MakeTempFile(prefix='apex-container-',
@@ -524,8 +466,7 @@
def SignApex(avbtool, apex_data, payload_key, container_key, container_pw,
apk_keys, codename_to_api_level_map,
- no_hashtree, signing_args=None, sign_tool=None,
- is_sepolicy=False, sepolicy_key=None, sepolicy_cert=None, fsverity_tool=None):
+ no_hashtree, signing_args=None, sign_tool=None):
"""Signs the current APEX with the given payload/container keys.
Args:
@@ -537,9 +478,6 @@
codename_to_api_level_map: A dict that maps from codename to API level.
no_hashtree: Don't include hashtree in the signed APEX.
signing_args: Additional args to be passed to the payload signer.
- sepolicy_key: Key to sign a sepolicy zip.
- sepolicy_cert: Cert to sign a sepolicy zip.
- fsverity_tool: fsverity path to sign sepolicy zip.
Returns:
The path to the signed APEX file.
@@ -565,11 +503,7 @@
no_hashtree=no_hashtree,
apk_keys=apk_keys,
signing_args=signing_args,
- sign_tool=sign_tool,
- is_sepolicy=is_sepolicy,
- sepolicy_key=sepolicy_key,
- sepolicy_cert=sepolicy_cert,
- fsverity_tool=fsverity_tool)
+ sign_tool=sign_tool)
elif apex_type == 'COMPRESSED':
return SignCompressedApex(
avbtool,
@@ -581,11 +515,7 @@
no_hashtree=no_hashtree,
apk_keys=apk_keys,
signing_args=signing_args,
- sign_tool=sign_tool,
- is_sepolicy=is_sepolicy,
- sepolicy_key=sepolicy_key,
- sepolicy_cert=sepolicy_cert,
- fsverity_tool=fsverity_tool)
+ sign_tool=sign_tool)
else:
# TODO(b/172912232): support signing compressed apex
raise ApexInfoError('Unsupported apex type {}'.format(apex_type))
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index cff7542..caa4641 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -97,7 +97,6 @@
self.stash_threshold = 0.8
self.logfile = None
self.host_tools = {}
- self.sepolicy_name = 'sepolicy.apex'
OPTIONS = Options()
diff --git a/tools/releasetools/sign_apex.py b/tools/releasetools/sign_apex.py
index a68f1ec..6926467 100755
--- a/tools/releasetools/sign_apex.py
+++ b/tools/releasetools/sign_apex.py
@@ -42,15 +42,6 @@
--sign_tool <sign_tool>
Optional flag that specifies a custom signing tool for the contents of the apex.
-
- --sepolicy_key <key>
- Optional flag that specifies the sepolicy signing key, defaults to payload_key.
-
- --sepolicy_cert <cert>
- Optional flag that specifies the sepolicy signing cert.
-
- --fsverity_tool <path>
- Optional flag that specifies the path to fsverity tool to sign SEPolicy, defaults to fsverity.
"""
import logging
@@ -61,12 +52,10 @@
import common
logger = logging.getLogger(__name__)
-OPTIONS = common.OPTIONS
def SignApexFile(avbtool, apex_file, payload_key, container_key, no_hashtree,
- apk_keys=None, signing_args=None, codename_to_api_level_map=None, sign_tool=None,
- sepolicy_key=None, sepolicy_cert=None, fsverity_tool=None):
+ apk_keys=None, signing_args=None, codename_to_api_level_map=None, sign_tool=None):
"""Signs the given apex file."""
with open(apex_file, 'rb') as input_fp:
apex_data = input_fp.read()
@@ -81,11 +70,7 @@
no_hashtree=no_hashtree,
apk_keys=apk_keys,
signing_args=signing_args,
- sign_tool=sign_tool,
- is_sepolicy=apex_file.endswith(OPTIONS.sepolicy_name),
- sepolicy_key=sepolicy_key,
- sepolicy_cert=sepolicy_cert,
- fsverity_tool=fsverity_tool)
+ sign_tool=sign_tool)
def main(argv):
@@ -121,12 +106,6 @@
options['extra_apks'].update({n: key})
elif o == '--sign_tool':
options['sign_tool'] = a
- elif o == '--sepolicy_key':
- options['sepolicy_key'] = a
- elif o == '--sepolicy_cert':
- options['sepolicy_cert'] = a
- elif o == '--fsverity_tool':
- options['fsverity_tool'] = a
else:
return False
return True
@@ -142,9 +121,6 @@
'payload_key=',
'extra_apks=',
'sign_tool=',
- 'sepolicy_key=',
- 'sepolicy_cert=',
- 'fsverity_tool='
],
extra_option_handler=option_handler)
@@ -165,10 +141,7 @@
signing_args=options.get('payload_extra_args'),
codename_to_api_level_map=options.get(
'codename_to_api_level_map', {}),
- sign_tool=options.get('sign_tool', None),
- sepolicy_key=options.get('sepolicy_key', None),
- sepolicy_cert=options.get('sepolicy_cert', None),
- fsverity_tool=options.get('fsverity_tool', None))
+ sign_tool=options.get('sign_tool', None))
shutil.copyfile(signed_apex, args[1])
logger.info("done.")
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index f363afd..78fc886 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -137,15 +137,6 @@
--android_jar_path <path>
Path to the android.jar to repack the apex file.
- --sepolicy_key <key>
- Optional flag that specifies the sepolicy signing key, defaults to payload_key for the sepolicy.apex.
-
- --sepolicy_cert <cert>
- Optional flag that specifies the sepolicy signing cert.
-
- --fsverity_tool <path>
- Optional flag that specifies the path to fsverity tool to sign SEPolicy, defaults to fsverity.
-
--allow_gsi_debug_sepolicy
Allow the existence of the file 'userdebug_plat_sepolicy.cil' under
(/system/system_ext|/system_ext)/etc/selinux.
@@ -205,9 +196,6 @@
OPTIONS.android_jar_path = None
OPTIONS.vendor_partitions = set()
OPTIONS.vendor_otatools = None
-OPTIONS.sepolicy_key = None
-OPTIONS.sepolicy_cert = None
-OPTIONS.fsverity_tool = None
OPTIONS.allow_gsi_debug_sepolicy = False
@@ -247,8 +235,6 @@
def IsApexFile(filename):
return filename.endswith(".apex") or filename.endswith(".capex")
-def IsSepolicyApex(filename):
- return filename.endswith(OPTIONS.sepolicy_name)
def GetApexFilename(filename):
name = os.path.basename(filename)
@@ -271,24 +257,6 @@
return certmap
-def GetSepolicyKeys(keys_info):
- """Gets SEPolicy signing keys applying overrides from command line options.
-
- Args:
- keys_info: A dict that maps from the SEPolicy APEX filename to a tuple of
- (sepolicy_key, sepolicy_cert, fsverity_tool).
-
- Returns:
- A dict that contains the updated APEX key mapping, which should be used for
- the current signing.
- """
- for name in keys_info:
- (sepolicy_key, sepolicy_cert, fsverity_tool) = keys_info[name]
- sepolicy_key = OPTIONS.sepolicy_key if OPTIONS.sepolicy_key else sepolicy_key
- sepolicy_cert = OPTIONS.sepolicy_cert if OPTIONS.sepolicy_cert else sepolicy_cert
- fsverity_tool = OPTIONS.fsverity_tool if OPTIONS.fsverity_tool else fsverity_tool
- keys_info[name] = (sepolicy_key, sepolicy_cert, fsverity_tool)
- return keys_info
def GetApexKeys(keys_info, key_map):
"""Gets APEX payload and container signing keys by applying the mapping rules.
@@ -551,7 +519,7 @@
def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
apk_keys, apex_keys, key_passwords,
platform_api_level, codename_to_api_level_map,
- compressed_extension, sepolicy_keys):
+ compressed_extension):
# maxsize measures the maximum filename length, including the ones to be
# skipped.
try:
@@ -619,17 +587,6 @@
print(" : %-*s payload (%s)" % (
maxsize, name, payload_key))
- sepolicy_key = None
- sepolicy_cert = None
- fsverity_tool = None
-
- if IsSepolicyApex(name):
- (sepolicy_key, sepolicy_cert, fsverity_tool) = sepolicy_keys[name]
- print(" : %-*s sepolicy key (%s)" % (
- maxsize, name, sepolicy_key))
- print(" : %-*s sepolicy cert (%s)" % (
- maxsize, name, sepolicy_cert))
-
signed_apex = apex_utils.SignApex(
misc_info['avb_avbtool'],
data,
@@ -640,11 +597,7 @@
codename_to_api_level_map,
no_hashtree=None, # Let apex_util determine if hash tree is needed
signing_args=OPTIONS.avb_extra_args.get('apex'),
- sign_tool=sign_tool,
- is_sepolicy=IsSepolicyApex(name),
- sepolicy_key=sepolicy_key,
- sepolicy_cert=sepolicy_cert,
- fsverity_tool=fsverity_tool)
+ sign_tool=sign_tool)
common.ZipWrite(output_tf_zip, signed_apex, filename)
else:
@@ -1254,24 +1207,20 @@
def ReadApexKeysInfo(tf_zip):
"""Parses the APEX keys info from a given target-files zip.
- Given a target-files ZipFile, parses the META/apexkeys.txt entry and returns
- two dicts, the first one contains the mapping from APEX names
- (e.g. com.android.tzdata) to a tuple of (payload_key, container_key,
- sign_tool). The second one maps the sepolicy APEX name to a tuple containing
- (sepolicy_key, sepolicy_cert, fsverity_tool).
+ Given a target-files ZipFile, parses the META/apexkeys.txt entry and returns a
+ dict that contains the mapping from APEX names (e.g. com.android.tzdata) to a
+ tuple of (payload_key, container_key, sign_tool).
Args:
tf_zip: The input target_files ZipFile (already open).
Returns:
- name : (payload_key, container_key, sign_tool)
+ (payload_key, container_key, sign_tool):
- payload_key contains the path to the payload signing key
- container_key contains the path to the container signing key
- sign_tool is an apex-specific signing tool for its payload contents
- name : (sepolicy_key, sepolicy_cert, fsverity_tool)
"""
keys = {}
- sepolicy_keys = {}
for line in tf_zip.read('META/apexkeys.txt').decode().split('\n'):
line = line.strip()
if not line:
@@ -1282,9 +1231,6 @@
r'private_key="(?P<PAYLOAD_PRIVATE_KEY>.*)"\s+'
r'container_certificate="(?P<CONTAINER_CERT>.*)"\s+'
r'container_private_key="(?P<CONTAINER_PRIVATE_KEY>.*?)"'
- r'(\s+sepolicy_key="(?P<SEPOLICY_KEY>.*?)")?'
- r'(\s+sepolicy_certificate="(?P<SEPOLICY_CERT>.*?)")?'
- r'(\s+fsverity_tool="(?P<FSVERITY_TOOL>.*?)")?'
r'(\s+partition="(?P<PARTITION>.*?)")?'
r'(\s+sign_tool="(?P<SIGN_TOOL>.*?)")?$',
line)
@@ -1313,18 +1259,12 @@
container_private_key, OPTIONS.private_key_suffix):
container_key = container_cert[:-len(OPTIONS.public_key_suffix)]
else:
- raise ValueError("Failed to parse container keys: \n{} **** {}".format(container_cert, container_private_key))
+ raise ValueError("Failed to parse container keys: \n{}".format(line))
sign_tool = matches.group("SIGN_TOOL")
keys[name] = (payload_private_key, container_key, sign_tool)
- if IsSepolicyApex(name):
- sepolicy_key = matches.group('SEPOLICY_KEY')
- sepolicy_cert = matches.group('SEPOLICY_CERT')
- fsverity_tool = matches.group('FSVERITY_TOOL')
- sepolicy_keys[name] = (sepolicy_key, sepolicy_cert, fsverity_tool)
-
- return keys, sepolicy_keys
+ return keys
def BuildVendorPartitions(output_zip_path):
@@ -1541,12 +1481,6 @@
OPTIONS.vendor_otatools = a
elif o == "--vendor_partitions":
OPTIONS.vendor_partitions = set(a.split(","))
- elif o == '--sepolicy_key':
- OPTIONS.sepolicy_key = a
- elif o == '--sepolicy_cert':
- OPTIONS.sepolicy_cert = a
- elif o == '--fsverity_tool':
- OPTIONS.fsverity_tool = a
elif o == "--allow_gsi_debug_sepolicy":
OPTIONS.allow_gsi_debug_sepolicy = True
else:
@@ -1601,9 +1535,6 @@
"gki_signing_extra_args=",
"vendor_partitions=",
"vendor_otatools=",
- "sepolicy_key=",
- "sepolicy_cert=",
- "fsverity_tool=",
"allow_gsi_debug_sepolicy",
],
extra_option_handler=option_handler)
@@ -1626,9 +1557,8 @@
apk_keys_info, compressed_extension = common.ReadApkCerts(input_zip)
apk_keys = GetApkCerts(apk_keys_info)
- apex_keys_info, sepolicy_keys_info = ReadApexKeysInfo(input_zip)
+ apex_keys_info = ReadApexKeysInfo(input_zip)
apex_keys = GetApexKeys(apex_keys_info, apk_keys)
- sepolicy_keys = GetSepolicyKeys(sepolicy_keys_info)
# TODO(xunchang) check for the apks inside the apex files, and abort early if
# the keys are not available.
@@ -1646,7 +1576,7 @@
ProcessTargetFiles(input_zip, output_zip, misc_info,
apk_keys, apex_keys, key_passwords,
platform_api_level, codename_to_api_level_map,
- compressed_extension, sepolicy_keys)
+ compressed_extension)
common.ZipClose(input_zip)
common.ZipClose(output_zip)
diff --git a/tools/releasetools/test_sign_apex.py b/tools/releasetools/test_sign_apex.py
index c344e22..8470f20 100644
--- a/tools/releasetools/test_sign_apex.py
+++ b/tools/releasetools/test_sign_apex.py
@@ -71,21 +71,3 @@
False,
codename_to_api_level_map={'S': 31, 'Tiramisu' : 32})
self.assertTrue(os.path.exists(signed_apex))
-
- @test_utils.SkipIfExternalToolsUnavailable()
- def test_SignApexWithSepolicy(self):
- test_apex = os.path.join(self.testdata_dir, 'sepolicy.apex')
- payload_key = os.path.join(self.testdata_dir, 'testkey_RSA4096.key')
- container_key = os.path.join(self.testdata_dir, 'testkey')
- sepolicy_key = os.path.join(self.testdata_dir, 'testkey_RSA4096.key')
- sepolicy_cert = os.path.join(self.testdata_dir, 'testkey.x509.pem')
- signed_test_apex = sign_apex.SignApexFile(
- 'avbtool',
- test_apex,
- payload_key,
- container_key,
- False,
- None,
- sepolicy_key=sepolicy_key,
- sepolicy_cert=sepolicy_cert)
- self.assertTrue(os.path.exists(signed_test_apex))
diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py
index 144a3cd..0f13add 100644
--- a/tools/releasetools/test_sign_target_files_apks.py
+++ b/tools/releasetools/test_sign_target_files_apks.py
@@ -476,7 +476,7 @@
target_files_zip.writestr('META/apexkeys.txt', self.APEX_KEYS_TXT)
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+ keys_info = ReadApexKeysInfo(target_files_zip)
self.assertEqual({
'apex.apexd_test.apex': (
@@ -486,7 +486,6 @@
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
'build/make/target/product/security/testkey', None),
}, keys_info)
- self.assertEqual({}, sepolicy_keys_info)
def test_ReadApexKeysInfo_mismatchingContainerKeys(self):
# Mismatching payload public / private keys.
@@ -516,7 +515,7 @@
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+ keys_info = ReadApexKeysInfo(target_files_zip)
self.assertEqual({
'apex.apexd_test.apex': (
@@ -526,7 +525,6 @@
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
'build/make/target/product/security/testkey', None),
}, keys_info)
- self.assertEqual({}, sepolicy_keys_info)
def test_ReadApexKeysInfo_missingPayloadPublicKey(self):
# Invalid lines will be skipped.
@@ -540,7 +538,7 @@
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+ keys_info = ReadApexKeysInfo(target_files_zip)
self.assertEqual({
'apex.apexd_test.apex': (
@@ -550,7 +548,6 @@
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
'build/make/target/product/security/testkey', None),
}, keys_info)
- self.assertEqual({}, sepolicy_keys_info)
def test_ReadApexKeysInfo_presignedKeys(self):
apex_keys = self.APEX_KEYS_TXT + (
@@ -564,7 +561,7 @@
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+ keys_info = ReadApexKeysInfo(target_files_zip)
self.assertEqual({
'apex.apexd_test.apex': (
@@ -574,7 +571,6 @@
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
'build/make/target/product/security/testkey', None),
}, keys_info)
- self.assertEqual({}, sepolicy_keys_info)
def test_ReadApexKeysInfo_presignedKeys(self):
apex_keys = self.APEX_KEYS_TXT + (
@@ -588,7 +584,7 @@
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+ keys_info = ReadApexKeysInfo(target_files_zip)
self.assertEqual({
'apex.apexd_test.apex': (
@@ -598,72 +594,6 @@
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
'build/make/target/product/security/testkey', None),
}, keys_info)
- self.assertEqual({}, sepolicy_keys_info)
-
- def test_ReadApexKeysInfo_withSepolicyKeys(self):
- apex_keys = self.APEX_KEYS_TXT + (
- 'name="sepolicy.apex" '
- 'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
- 'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
- 'container_certificate="build/make/target/product/security/testkey.x509.pem" '
- 'container_private_key="build/make/target/product/security/testkey.pk8" '
- 'sepolicy_key="build/make/target/product/security/testkey.key" '
- 'sepolicy_certificate="build/make/target/product/security/testkey.x509.pem" '
- 'fsverity_tool="fsverity"')
- target_files = common.MakeTempFile(suffix='.zip')
- with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
- target_files_zip.writestr('META/apexkeys.txt', apex_keys)
-
- with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
-
- self.assertEqual({
- 'apex.apexd_test.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
- 'build/make/target/product/security/testkey', None),
- 'apex.apexd_test_different_app.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
- 'build/make/target/product/security/testkey', None),
- 'sepolicy.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
- 'build/make/target/product/security/testkey', None),
- }, keys_info)
- self.assertEqual({'sepolicy.apex': (
- 'build/make/target/product/security/testkey.key',
- 'build/make/target/product/security/testkey.x509.pem',
- 'fsverity'),
- }, sepolicy_keys_info)
-
- def test_ReadApexKeysInfo_withSepolicyApex(self):
- apex_keys = self.APEX_KEYS_TXT + (
- 'name="sepolicy.apex" '
- 'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
- 'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
- 'container_certificate="build/make/target/product/security/testkey.x509.pem" '
- 'container_private_key="build/make/target/product/security/testkey.pk8" ')
- target_files = common.MakeTempFile(suffix='.zip')
- with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
- target_files_zip.writestr('META/apexkeys.txt', apex_keys)
-
- with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
-
- self.assertEqual({
- 'apex.apexd_test.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
- 'build/make/target/product/security/testkey', None),
- 'apex.apexd_test_different_app.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
- 'build/make/target/product/security/testkey', None),
- 'sepolicy.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
- 'build/make/target/product/security/testkey', None),
- }, keys_info)
- self.assertEqual({'sepolicy.apex': (
- None,
- None,
- None),
- }, sepolicy_keys_info)
def test_ReplaceGkiSigningKey(self):
common.OPTIONS.gki_signing_key = 'release_gki_key'
diff --git a/tools/releasetools/testdata/sepolicy.apex b/tools/releasetools/testdata/sepolicy.apex
deleted file mode 100644
index f7d267d..0000000
--- a/tools/releasetools/testdata/sepolicy.apex
+++ /dev/null
Binary files differ