Merge "Dedupe packages in mk's that inherit core_minimal.mk"
diff --git a/Changes.md b/Changes.md
index 7519096..b92342e 100644
--- a/Changes.md
+++ b/Changes.md
@@ -1,5 +1,16 @@
# Build System Changes for Android.mk Writers
+## Valid Module Names {#name}
+
+We've adopted lexical requirements very similar to [Bazel's
+requirements](https://docs.bazel.build/versions/master/build-ref.html#name) for
+target names. Valid characters are `a-z`, `A-Z`, `0-9`, and the special
+characters `_.+-=,@~/`. This currently applies to `LOCAL_PACKAGE_NAME`,
+`LOCAL_MODULE`, and `LOCAL_MODULE_SUFFIX`, and `LOCAL_MODULE_STEM*`.
+
+Many other characters already caused problems if you used them, so we don't
+expect this to have a large effect.
+
## PATH Tools {#PATH_Tools}
The build has started restricting the external host tools usable inside the
diff --git a/core/Makefile b/core/Makefile
index a7fd73c..7635e19 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -1396,10 +1396,6 @@
>> $(TARGET_RECOVERY_ROOT_OUT)/prop.default
$(hide) ln -sf prop.default $(TARGET_RECOVERY_ROOT_OUT)/default.prop
$(BOARD_RECOVERY_IMAGE_PREPARE)
- $(if $(filter true,$(BOARD_BUILD_SYSTEM_ROOT_IMAGE)), \
- $(hide) mkdir -p $(TARGET_RECOVERY_ROOT_OUT)/system_root; \
- rm -rf $(TARGET_RECOVERY_ROOT_OUT)/system; \
- ln -sf /system_root/system $(TARGET_RECOVERY_ROOT_OUT)/system) # Mount the system_root_image to /system_root and symlink /system.
$(hide) $(MKBOOTFS) -d $(TARGET_OUT) $(TARGET_RECOVERY_ROOT_OUT) | $(MINIGZIP) > $(recovery_ramdisk)
$(if $(filter true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT)), \
$(hide) $(MKBOOTIMG) $(INTERNAL_RECOVERYIMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $(1).unsigned, \
diff --git a/core/base_rules.mk b/core/base_rules.mk
index 63c6c52..41af27b 100644
--- a/core/base_rules.mk
+++ b/core/base_rules.mk
@@ -31,6 +31,7 @@
ifeq ($(LOCAL_MODULE),)
$(error $(LOCAL_PATH): LOCAL_MODULE is not defined)
endif
+$(call verify-module-name)
LOCAL_IS_HOST_MODULE := $(strip $(LOCAL_IS_HOST_MODULE))
LOCAL_IS_AUX_MODULE := $(strip $(LOCAL_IS_AUX_MODULE))
diff --git a/core/binary.mk b/core/binary.mk
index 6067615..2899d4d 100644
--- a/core/binary.mk
+++ b/core/binary.mk
@@ -407,7 +407,7 @@
# Extra cflags for projects under external/ directory
ifeq ($(my_clang),true)
-ifeq ($(filter external/%,$(LOCAL_PATH)),)
+ifneq ($(filter external/%,$(LOCAL_PATH)),)
my_cflags += $(CLANG_EXTERNAL_CFLAGS)
endif
endif
diff --git a/core/configure_module_stem.mk b/core/configure_module_stem.mk
index 48b7787..30df8ea 100644
--- a/core/configure_module_stem.mk
+++ b/core/configure_module_stem.mk
@@ -1,20 +1,26 @@
my_multilib_stem := $(LOCAL_MODULE_STEM_$(if $($(LOCAL_2ND_ARCH_VAR_PREFIX)$(my_prefix)IS_64_BIT),64,32))
ifdef my_multilib_stem
my_module_stem := $(my_multilib_stem)
+ $(call verify-module-stem,my_multilib_stem)
else ifdef LOCAL_MODULE_STEM
my_module_stem := $(LOCAL_MODULE_STEM)
+ $(call verify-module-stem,LOCAL_MODULE_STEM)
else
my_module_stem := $(LOCAL_MODULE)
endif
ifdef LOCAL_BUILT_MODULE_STEM
my_built_module_stem := $(LOCAL_BUILT_MODULE_STEM)
+ $(call verify-module-stem,LOCAL_BUILT_MODULE_STEM)
else
my_built_module_stem := $(my_module_stem)$(LOCAL_MODULE_SUFFIX)
+ $(call verify-module-stem,LOCAL_MODULE_SUFFIX)
endif
ifdef LOCAL_INSTALLED_MODULE_STEM
my_installed_module_stem := $(LOCAL_INSTALLED_MODULE_STEM)
+ $(call verify-module-stem,LOCAL_INSTALLED_MODULE_STEM)
else
my_installed_module_stem := $(my_module_stem)$(LOCAL_MODULE_SUFFIX)
+ $(call verify-module-stem,LOCAL_MODULE_SUFFIX)
endif
diff --git a/core/definitions.mk b/core/definitions.mk
index 8679714..07576f9 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -3456,10 +3456,18 @@
$(if $(call has-system-sdk-version,$(1)),$(patsubst system_%,%,$(1)),$(1)))
endef
-# Convert to lower case without requiring a shell, which isn't cacheable.
+###########################################################
+## Convert to lower case without requiring a shell, which isn't cacheable.
+##
+## $(1): string
+###########################################################
to-lower=$(subst A,a,$(subst B,b,$(subst C,c,$(subst D,d,$(subst E,e,$(subst F,f,$(subst G,g,$(subst H,h,$(subst I,i,$(subst J,j,$(subst K,k,$(subst L,l,$(subst M,m,$(subst N,n,$(subst O,o,$(subst P,p,$(subst Q,q,$(subst R,r,$(subst S,s,$(subst T,t,$(subst U,u,$(subst V,v,$(subst W,w,$(subst X,x,$(subst Y,y,$(subst Z,z,$1))))))))))))))))))))))))))
-# Convert to upper case without requiring a shell, which isn't cacheable.
+###########################################################
+## Convert to upper case without requiring a shell, which isn't cacheable.
+##
+## $(1): string
+###########################################################
to-upper=$(subst a,A,$(subst b,B,$(subst c,C,$(subst d,D,$(subst e,E,$(subst f,F,$(subst g,G,$(subst h,H,$(subst i,I,$(subst j,J,$(subst k,K,$(subst l,L,$(subst m,M,$(subst n,N,$(subst o,O,$(subst p,P,$(subst q,Q,$(subst r,R,$(subst s,S,$(subst t,T,$(subst u,U,$(subst v,V,$(subst w,W,$(subst x,X,$(subst y,Y,$(subst z,Z,$1))))))))))))))))))))))))))
# Sanity-check to-lower and to-upper
@@ -3476,3 +3484,36 @@
lower :=
upper :=
+
+###########################################################
+## Verify module name meets character requirements:
+## a-z A-Z 0-9
+## _.+-=,@~/
+##
+## This is equivalent to bazel's target name restrictions:
+## https://docs.bazel.build/versions/master/build-ref.html#name
+###########################################################
+define verify-module-name
+$(if $(call _invalid-name-chars,$(LOCAL_MODULE)), \
+ $(call pretty-error,Invalid characters in module name: $(call _invalid-name-chars,$(LOCAL_MODULE))))
+endef
+define _invalid-name-chars
+$(subst /,,$(subst _,,$(subst .,,$(subst +,,$(subst -,,$(subst =,,$(subst $(comma),,$(subst @,,$(subst ~,,$(subst 0,,$(subst 1,,$(subst 2,,$(subst 3,,$(subst 4,,$(subst 5,,$(subst 6,,$(subst 7,,$(subst 8,,$(subst 9,,$(subst a,,$(subst b,,$(subst c,,$(subst d,,$(subst e,,$(subst f,,$(subst g,,$(subst h,,$(subst i,,$(subst j,,$(subst k,,$(subst l,,$(subst m,,$(subst n,,$(subst o,,$(subst p,,$(subst q,,$(subst r,,$(subst s,,$(subst t,,$(subst u,,$(subst v,,$(subst w,,$(subst x,,$(subst y,,$(subst z,,$(call to-lower,$(1)))))))))))))))))))))))))))))))))))))))))))))))
+endef
+.KATI_READONLY := verify-module-name _invalid-name-chars
+
+###########################################################
+## Verify module stem meets character requirements:
+## a-z A-Z 0-9
+## _.+-=,@~/
+##
+## This is a subset of bazel's target name restrictions:
+## https://docs.bazel.build/versions/master/build-ref.html#name
+##
+## $(1): The module stem variable to check
+###########################################################
+define verify-module-stem
+$(if $(call _invalid-name-chars,$($(1))), \
+ $(call pretty-error,Invalid characters in module stem ($(1)): $(call _invalid-name-chars,$($(1)))))
+endef
+.KATI_READONLY := verify-module-stem
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 3f1fb66..355f414 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -102,7 +102,7 @@
$(call add_json_list, CFIIncludePaths, $(CFI_INCLUDE_PATHS) $(PRODUCT_CFI_INCLUDE_PATHS))
$(call add_json_list, IntegerOverflowExcludePaths, $(INTEGER_OVERFLOW_EXCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))
-$(call add_json_bool, UseClangLld, $(filter 1 true,$(USE_CLANG_LLD)))
+$(call add_json_bool, UseClangLld, $(call invert_bool,$(filter 0 false,$(USE_CLANG_LLD))))
$(call add_json_bool, ClangTidy, $(filter 1 true,$(WITH_TIDY)))
$(call add_json_str, TidyChecks, $(WITH_TIDY_CHECKS))
diff --git a/core/use_lld_setup.mk b/core/use_lld_setup.mk
index 17a9e27..d00a5d3 100644
--- a/core/use_lld_setup.mk
+++ b/core/use_lld_setup.mk
@@ -4,12 +4,17 @@
## Output variables: my_use_clang_lld
#############################################################
-# Use LLD only if it's not disabled by LOCAL_USE_CLANG_LLD,
-# and enabled by LOCAL_USE_CLANG_LLD or USE_CLANG_LLD.
-my_use_clang_lld := false
-ifeq (,$(filter 0 false,$(LOCAL_USE_CLANG_LLD)))
- ifneq (,$(filter 1 true,$(LOCAL_USE_CLANG_LLD) $(USE_CLANG_LLD)))
- my_use_clang_lld := true
+# Use LLD by default.
+# Do not use LLD if LOCAL_USE_CLANG_LLD is false or 0,
+# of if LOCAL_USE_CLANG_LLD is not set and USE_CLANG_LLD is 0 or false.
+my_use_clang_lld := true
+ifneq (,$(LOCAL_USE_CLANG_LLD))
+ ifneq (,$(filter 0 false,$(LOCAL_USE_CLANG_LLD)))
+ my_use_clang_lld := false
+ endif
+else
+ ifneq (,$(filter 0 false,$(USE_CLANG_LLD)))
+ my_use_clang_lld := false
endif
endif
diff --git a/envsetup.sh b/envsetup.sh
index bad16e2..5a55679 100644
--- a/envsetup.sh
+++ b/envsetup.sh
@@ -742,6 +742,7 @@
\cd ..
done
\cd $HERE
+ return 1
}
function mm()
@@ -869,7 +870,7 @@
echo "Couldn't locate the top of the tree. Try setting TOP."
return 1
fi
- local M=$(findmakefile)
+ local M=$(findmakefile || echo $(realpath $PWD)/Android.mk)
# Remove the path to top as the makefilepath needs to be relative
local M=`echo $M|sed 's:'$T'/::'`
local MODULES_IN_PATHS=MODULES-IN-$(dirname ${M})
diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk
index ee1bde5..580ca10 100644
--- a/target/board/generic/BoardConfig.mk
+++ b/target/board/generic/BoardConfig.mk
@@ -56,13 +56,13 @@
TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
DEVICE_MATRIX_FILE := device/generic/goldfish/compatibility_matrix.xml
-BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
+BOARD_SEPOLICY_DIRS += device/generic/goldfish/sepolicy/common
BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
# GSI is always userdebug and needs a couple of properties taking precedence
# over those set by the vendor.
-TARGET_SYSTEM_PROP := build/make/target/board/treble_system.prop
+TARGET_SYSTEM_PROP := build/make/target/board/gsi_system.prop
endif
BOARD_VNDK_VERSION := current
diff --git a/target/board/generic/sepolicy/OWNERS b/target/board/generic/sepolicy/OWNERS
deleted file mode 100644
index ff29677..0000000
--- a/target/board/generic/sepolicy/OWNERS
+++ /dev/null
@@ -1,8 +0,0 @@
-alanstokes@google.com
-bowgotsai@google.com
-jbires@google.com
-jeffv@google.com
-jgalenson@google.com
-sspatil@google.com
-tomcherry@google.com
-trong@google.com
diff --git a/target/board/generic/sepolicy/adbd.te b/target/board/generic/sepolicy/adbd.te
deleted file mode 100644
index 9546c1a..0000000
--- a/target/board/generic/sepolicy/adbd.te
+++ /dev/null
@@ -1 +0,0 @@
-set_prop(adbd, ctl_mdnsd_prop);
diff --git a/target/board/generic/sepolicy/audioserver.te b/target/board/generic/sepolicy/audioserver.te
deleted file mode 100644
index c3c4a3a..0000000
--- a/target/board/generic/sepolicy/audioserver.te
+++ /dev/null
@@ -1 +0,0 @@
-allow audioserver bootanim:binder call;
diff --git a/target/board/generic/sepolicy/bootanim.te b/target/board/generic/sepolicy/bootanim.te
deleted file mode 100644
index bc84ee7..0000000
--- a/target/board/generic/sepolicy/bootanim.te
+++ /dev/null
@@ -1,9 +0,0 @@
-allow bootanim self:process execmem;
-allow bootanim ashmem_device:chr_file execute;
-#TODO: This can safely be ignored until b/62954877 is fixed
-dontaudit bootanim system_data_file:dir read;
-
-allow bootanim graphics_device:chr_file { read ioctl open };
-
-typeattribute bootanim system_writes_vendor_properties_violators;
-set_prop(bootanim, qemu_prop)
diff --git a/target/board/generic/sepolicy/cameraserver.te b/target/board/generic/sepolicy/cameraserver.te
deleted file mode 100644
index 6cf5d6a..0000000
--- a/target/board/generic/sepolicy/cameraserver.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow cameraserver system_file:dir { open read };
-allow cameraserver hal_allocator:fd use;
diff --git a/target/board/generic/sepolicy/device.te b/target/board/generic/sepolicy/device.te
deleted file mode 100644
index d129441..0000000
--- a/target/board/generic/sepolicy/device.te
+++ /dev/null
@@ -1 +0,0 @@
-type qemu_device, dev_type, mlstrustedobject;
diff --git a/target/board/generic/sepolicy/domain.te b/target/board/generic/sepolicy/domain.te
deleted file mode 100644
index 3706dba..0000000
--- a/target/board/generic/sepolicy/domain.te
+++ /dev/null
@@ -1,3 +0,0 @@
-allow domain qemu_device:chr_file rw_file_perms;
-
-get_prop(domain, qemu_prop)
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
deleted file mode 100644
index 521c65e..0000000
--- a/target/board/generic/sepolicy/file_contexts
+++ /dev/null
@@ -1,35 +0,0 @@
-# goldfish
-/dev/block/mtdblock0 u:object_r:system_block_device:s0
-/dev/block/mtdblock1 u:object_r:userdata_block_device:s0
-/dev/block/mtdblock2 u:object_r:cache_block_device:s0
-
-# ranchu
-/dev/block/vda u:object_r:system_block_device:s0
-/dev/block/vdb u:object_r:cache_block_device:s0
-/dev/block/vdc u:object_r:userdata_block_device:s0
-/dev/block/vdd u:object_r:metadata_block_device:s0
-/dev/block/vde u:object_r:system_block_device:s0
-
-/dev/goldfish_pipe u:object_r:qemu_device:s0
-/dev/goldfish_sync u:object_r:qemu_device:s0
-/dev/qemu_.* u:object_r:qemu_device:s0
-/dev/ttyGF[0-9]* u:object_r:serial_device:s0
-/dev/ttyS2 u:object_r:console_device:s0
-/vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0
-/vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0
-/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0
-
-/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0
-
-/vendor/lib(64)?/hw/gralloc\.ranchu\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/hw/gralloc\.goldfish\.default\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libEGL_emulation\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libGLESv1_CM_emulation\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libGLESv2_emulation\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libEGL_swiftshader\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libGLESv1_CM_swiftshader\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libGLESv2_swiftshader\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libOpenglSystemCommon\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/lib_renderControl_enc\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libGLESv1_enc\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libGLESv2_enc\.so u:object_r:same_process_hal_file:s0
diff --git a/target/board/generic/sepolicy/genfs_contexts b/target/board/generic/sepolicy/genfs_contexts
deleted file mode 100644
index 91cedf1..0000000
--- a/target/board/generic/sepolicy/genfs_contexts
+++ /dev/null
@@ -1,17 +0,0 @@
-# On the emulator, device tree dir is configured to be
-# /sys/bus/platform/devices/ANDR0001:00/properties/android/ which is a symlink to
-# /sys/devices/platform/ANDR0001:00/properties/android/
-genfscon sysfs /devices/platform/ANDR0001:00/properties/android u:object_r:sysfs_dt_firmware_android:s0
-
-# We expect /sys/class/power_supply/* and everything it links to to be labeled
-# as sysfs_batteryinfo.
-genfscon sysfs /devices/platform/GFSH0001:00/power_supply u:object_r:sysfs_batteryinfo:s0
-
-# /sys/class/rtc
-genfscon sysfs /devices/pnp0/00:00/rtc u:object_r:sysfs_rtc:s0
-genfscon sysfs /devices/platform/GFSH0007:00/rtc u:object_r:sysfs_rtc:s0
-
-# /sys/class/net
-genfscon sysfs /devices/pci0000:00/0000:00:08.0/virtio5/net u:object_r:sysfs_net:s0
-genfscon sysfs /devices/virtual/mac80211_hwsim/hwsim0/net u:object_r:sysfs_net:s0
-genfscon sysfs /devices/virtual/mac80211_hwsim/hwsim1/net u:object_r:sysfs_net:s0
diff --git a/target/board/generic/sepolicy/goldfish_setup.te b/target/board/generic/sepolicy/goldfish_setup.te
deleted file mode 100644
index eb913e9..0000000
--- a/target/board/generic/sepolicy/goldfish_setup.te
+++ /dev/null
@@ -1,13 +0,0 @@
-# goldfish-setup service: runs init.goldfish.sh script
-type goldfish_setup, domain;
-type goldfish_setup_exec, vendor_file_type, exec_type, file_type;
-
-init_daemon_domain(goldfish_setup)
-
-set_prop(goldfish_setup, debug_prop);
-allow goldfish_setup self:capability { net_admin net_raw };
-allow goldfish_setup self:udp_socket { create ioctl };
-allow goldfish_setup vendor_toolbox_exec:file execute_no_trans;
-allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
-wakelock_use(goldfish_setup);
-allow goldfish_setup vendor_shell_exec:file { rx_file_perms };
diff --git a/target/board/generic/sepolicy/hal_camera_default.te b/target/board/generic/sepolicy/hal_camera_default.te
deleted file mode 100644
index eb88c36..0000000
--- a/target/board/generic/sepolicy/hal_camera_default.te
+++ /dev/null
@@ -1,3 +0,0 @@
-vndbinder_use(hal_camera_default);
-allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
-hal_client_domain(hal_camera_default, hal_graphics_composer)
diff --git a/target/board/generic/sepolicy/hal_cas_default.te b/target/board/generic/sepolicy/hal_cas_default.te
deleted file mode 100644
index 3ed3bee..0000000
--- a/target/board/generic/sepolicy/hal_cas_default.te
+++ /dev/null
@@ -1 +0,0 @@
-vndbinder_use(hal_cas_default);
diff --git a/target/board/generic/sepolicy/hal_drm_default.te b/target/board/generic/sepolicy/hal_drm_default.te
deleted file mode 100644
index 5a07433..0000000
--- a/target/board/generic/sepolicy/hal_drm_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-vndbinder_use(hal_drm_default);
-hal_client_domain(hal_drm_default, hal_graphics_composer)
diff --git a/target/board/generic/sepolicy/hal_drm_widevine.te b/target/board/generic/sepolicy/hal_drm_widevine.te
deleted file mode 100644
index 42d462a..0000000
--- a/target/board/generic/sepolicy/hal_drm_widevine.te
+++ /dev/null
@@ -1,12 +0,0 @@
-# define SELinux domain
-type hal_drm_widevine, domain;
-hal_server_domain(hal_drm_widevine, hal_drm)
-
-type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_drm_widevine)
-
-allow hal_drm mediacodec:fd use;
-allow hal_drm { appdomain -isolated_app }:fd use;
-
-vndbinder_use(hal_drm_widevine);
-hal_client_domain(hal_drm_widevine, hal_graphics_composer);
diff --git a/target/board/generic/sepolicy/hal_fingerprint_default.te b/target/board/generic/sepolicy/hal_fingerprint_default.te
deleted file mode 100644
index e5b06f1..0000000
--- a/target/board/generic/sepolicy/hal_fingerprint_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# TODO(b/36644492): Remove data_between_core_and_vendor_violators once
-# hal_fingerprint no longer directly accesses fingerprintd_data_file.
-typeattribute hal_fingerprint_default data_between_core_and_vendor_violators;
-allow hal_fingerprint_default fingerprintd_data_file:file create_file_perms;
-allow hal_fingerprint_default fingerprintd_data_file:dir rw_dir_perms;
diff --git a/target/board/generic/sepolicy/hal_gnss_default.te b/target/board/generic/sepolicy/hal_gnss_default.te
deleted file mode 100644
index ddc68cc..0000000
--- a/target/board/generic/sepolicy/hal_gnss_default.te
+++ /dev/null
@@ -1 +0,0 @@
-vndbinder_use(hal_gnss_default);
diff --git a/target/board/generic/sepolicy/hal_graphics_allocator_default.te b/target/board/generic/sepolicy/hal_graphics_allocator_default.te
deleted file mode 100644
index 0c8e27d..0000000
--- a/target/board/generic/sepolicy/hal_graphics_allocator_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow hal_graphics_allocator_default graphics_device:dir search;
-allow hal_graphics_allocator_default graphics_device:chr_file { ioctl open read write };
diff --git a/target/board/generic/sepolicy/hal_graphics_composer_default.te b/target/board/generic/sepolicy/hal_graphics_composer_default.te
deleted file mode 100644
index 40ecda6..0000000
--- a/target/board/generic/sepolicy/hal_graphics_composer_default.te
+++ /dev/null
@@ -1 +0,0 @@
-vndbinder_use(hal_graphics_composer_default);
diff --git a/target/board/generic/sepolicy/healthd.te b/target/board/generic/sepolicy/healthd.te
deleted file mode 100644
index ced6704..0000000
--- a/target/board/generic/sepolicy/healthd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# Allow to read /sys/class/power_supply directory
-allow healthd sysfs:dir r_dir_perms;
diff --git a/target/board/generic/sepolicy/init.te b/target/board/generic/sepolicy/init.te
deleted file mode 100644
index 84a4e8d..0000000
--- a/target/board/generic/sepolicy/init.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow init tmpfs:lnk_file create_file_perms;
-dontaudit init kernel:system module_request;
diff --git a/target/board/generic/sepolicy/logpersist.te b/target/board/generic/sepolicy/logpersist.te
deleted file mode 100644
index 3fc0250..0000000
--- a/target/board/generic/sepolicy/logpersist.te
+++ /dev/null
@@ -1,13 +0,0 @@
-# goldfish logcat service: runs logcat -Q in logpersist domain
-
-# See global logcat.te/logpersist.te, only set for eng & userdebug,
-# allow for all builds in a non-conflicting manner.
-
-domain_auto_trans(init, logcat_exec, logpersist)
-
-# Read from logd.
-unix_socket_connect(logpersist, logdr, logd)
-
-# Write to /dev/ttyS2 and /dev/ttyGF2.
-allow logpersist serial_device:chr_file { write open };
-get_prop(logpersist, qemu_cmdline)
diff --git a/target/board/generic/sepolicy/mediacodec.te b/target/board/generic/sepolicy/mediacodec.te
deleted file mode 100644
index acf4e59..0000000
--- a/target/board/generic/sepolicy/mediacodec.te
+++ /dev/null
@@ -1 +0,0 @@
-allow mediacodec system_file:dir { open read };
diff --git a/target/board/generic/sepolicy/netd.te b/target/board/generic/sepolicy/netd.te
deleted file mode 100644
index 09a28b9..0000000
--- a/target/board/generic/sepolicy/netd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-dontaudit netd self:capability sys_module;
-#TODO: This can safely be ignored until b/62954877 is fixed
-dontaudit netd kernel:system module_request;
diff --git a/target/board/generic/sepolicy/priv_app.te b/target/board/generic/sepolicy/priv_app.te
deleted file mode 100644
index 3d16f32..0000000
--- a/target/board/generic/sepolicy/priv_app.te
+++ /dev/null
@@ -1,5 +0,0 @@
-#TODO: b/62908025
-dontaudit priv_app firstboot_prop:file { getattr open };
-dontaudit priv_app device:dir { open read };
-dontaudit priv_app proc_interrupts:file { getattr open read };
-dontaudit priv_app proc_modules:file { getattr open read };
diff --git a/target/board/generic/sepolicy/property.te b/target/board/generic/sepolicy/property.te
deleted file mode 100644
index 56e02ef..0000000
--- a/target/board/generic/sepolicy/property.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type qemu_prop, property_type;
-type qemu_cmdline, property_type;
-type radio_noril_prop, property_type;
diff --git a/target/board/generic/sepolicy/property_contexts b/target/board/generic/sepolicy/property_contexts
deleted file mode 100644
index 3a61b6b..0000000
--- a/target/board/generic/sepolicy/property_contexts
+++ /dev/null
@@ -1,5 +0,0 @@
-qemu. u:object_r:qemu_prop:s0
-qemu.cmdline u:object_r:qemu_cmdline:s0
-ro.emu. u:object_r:qemu_prop:s0
-ro.emulator. u:object_r:qemu_prop:s0
-ro.radio.noril u:object_r:radio_noril_prop:s0
diff --git a/target/board/generic/sepolicy/qemu_props.te b/target/board/generic/sepolicy/qemu_props.te
deleted file mode 100644
index 0f5ec8c..0000000
--- a/target/board/generic/sepolicy/qemu_props.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# qemu-props service: Sets system properties on boot.
-type qemu_props, domain;
-type qemu_props_exec, vendor_file_type, exec_type, file_type;
-
-init_daemon_domain(qemu_props)
-
-set_prop(qemu_props, qemu_prop)
-set_prop(qemu_props, dalvik_prop)
-set_prop(qemu_props, qemu_cmdline)
diff --git a/target/board/generic/sepolicy/shell.te b/target/board/generic/sepolicy/shell.te
deleted file mode 100644
index b246d7e..0000000
--- a/target/board/generic/sepolicy/shell.te
+++ /dev/null
@@ -1 +0,0 @@
-allow shell serial_device:chr_file rw_file_perms;
diff --git a/target/board/generic/sepolicy/surfaceflinger.te b/target/board/generic/sepolicy/surfaceflinger.te
deleted file mode 100644
index 2bba8a7..0000000
--- a/target/board/generic/sepolicy/surfaceflinger.te
+++ /dev/null
@@ -1,5 +0,0 @@
-allow surfaceflinger self:process execmem;
-allow surfaceflinger ashmem_device:chr_file execute;
-
-typeattribute surfaceflinger system_writes_vendor_properties_violators;
-set_prop(surfaceflinger, qemu_prop)
diff --git a/target/board/generic/sepolicy/system_server.te b/target/board/generic/sepolicy/system_server.te
deleted file mode 100644
index dd70b12..0000000
--- a/target/board/generic/sepolicy/system_server.te
+++ /dev/null
@@ -1 +0,0 @@
-get_prop(system_server, radio_noril_prop)
diff --git a/target/board/generic/sepolicy/vold.te b/target/board/generic/sepolicy/vold.te
deleted file mode 100644
index 5f3bdd4..0000000
--- a/target/board/generic/sepolicy/vold.te
+++ /dev/null
@@ -1 +0,0 @@
-dontaudit vold kernel:system module_request;
diff --git a/target/board/generic/sepolicy/zygote.te b/target/board/generic/sepolicy/zygote.te
deleted file mode 100644
index da403b5..0000000
--- a/target/board/generic/sepolicy/zygote.te
+++ /dev/null
@@ -1,5 +0,0 @@
-typeattribute zygote system_writes_vendor_properties_violators;
-set_prop(zygote, qemu_prop)
-# TODO (b/63631799) fix this access
-# Suppress denials to storage. Webview zygote should not be accessing.
-dontaudit webview_zygote mnt_expand_file:dir getattr;
diff --git a/target/board/generic_arm64/BoardConfig.mk b/target/board/generic_arm64/BoardConfig.mk
index ee4103d..4f6a10c 100644
--- a/target/board/generic_arm64/BoardConfig.mk
+++ b/target/board/generic_arm64/BoardConfig.mk
@@ -86,12 +86,12 @@
DEVICE_MATRIX_FILE := device/generic/goldfish/compatibility_matrix.xml
BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
-BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
+BOARD_SEPOLICY_DIRS += device/generic/goldfish/sepolicy/common
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
# GSI is always userdebug and needs a couple of properties taking precedence
# over those set by the vendor.
-TARGET_SYSTEM_PROP := build/make/target/board/treble_system.prop
+TARGET_SYSTEM_PROP := build/make/target/board/gsi_system.prop
endif
BOARD_VNDK_VERSION := current
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk
index 3760cc4..f50a84c 100644
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -58,9 +58,14 @@
DEVICE_MATRIX_FILE := device/generic/goldfish/compatibility_matrix.xml
BOARD_SEPOLICY_DIRS += \
- build/target/board/generic/sepolicy \
- build/target/board/generic_x86/sepolicy
+ device/generic/goldfish/sepolicy/common \
+ device/generic/goldfish/sepolicy/x86
+ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+# GSI is always userdebug and needs a couple of properties taking precedence
+# over those set by the vendor.
+TARGET_SYSTEM_PROP := build/make/target/board/gsi_system.prop
+endif
BOARD_VNDK_VERSION := current
BUILD_BROKEN_DUP_RULES := false
diff --git a/target/board/generic_x86/sepolicy/OWNERS b/target/board/generic_x86/sepolicy/OWNERS
deleted file mode 100644
index ff29677..0000000
--- a/target/board/generic_x86/sepolicy/OWNERS
+++ /dev/null
@@ -1,8 +0,0 @@
-alanstokes@google.com
-bowgotsai@google.com
-jbires@google.com
-jeffv@google.com
-jgalenson@google.com
-sspatil@google.com
-tomcherry@google.com
-trong@google.com
diff --git a/target/board/generic_x86/sepolicy/domain.te b/target/board/generic_x86/sepolicy/domain.te
deleted file mode 100644
index 0bc8d87..0000000
--- a/target/board/generic_x86/sepolicy/domain.te
+++ /dev/null
@@ -1 +0,0 @@
-allow domain cpuctl_device:dir search;
diff --git a/target/board/generic_x86/sepolicy/healthd.te b/target/board/generic_x86/sepolicy/healthd.te
deleted file mode 100644
index 95fa807..0000000
--- a/target/board/generic_x86/sepolicy/healthd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow healthd self:capability sys_nice;
diff --git a/target/board/generic_x86/sepolicy/init.te b/target/board/generic_x86/sepolicy/init.te
deleted file mode 100644
index 3aa81d1..0000000
--- a/target/board/generic_x86/sepolicy/init.te
+++ /dev/null
@@ -1 +0,0 @@
-allow init tmpfs:lnk_file create_file_perms;
diff --git a/target/board/generic_x86/sepolicy/installd.te b/target/board/generic_x86/sepolicy/installd.te
deleted file mode 100644
index 7a558b1..0000000
--- a/target/board/generic_x86/sepolicy/installd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow installd self:process execmem;
diff --git a/target/board/generic_x86/sepolicy/zygote.te b/target/board/generic_x86/sepolicy/zygote.te
deleted file mode 100644
index 93993a4..0000000
--- a/target/board/generic_x86/sepolicy/zygote.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow zygote self:process execmem;
-allow zygote self:capability sys_nice;
diff --git a/target/board/generic_x86_64/BoardConfig.mk b/target/board/generic_x86_64/BoardConfig.mk
index ec7a51e..fa9f5ec 100755
--- a/target/board/generic_x86_64/BoardConfig.mk
+++ b/target/board/generic_x86_64/BoardConfig.mk
@@ -57,9 +57,14 @@
DEVICE_MATRIX_FILE := device/generic/goldfish/compatibility_matrix.xml
BOARD_SEPOLICY_DIRS += \
- build/target/board/generic/sepolicy \
- build/target/board/generic_x86/sepolicy
+ device/generic/goldfish/sepolicy/common \
+ device/generic/goldfish/sepolicy/x86
+ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+# GSI is always userdebug and needs a couple of properties taking precedence
+# over those set by the vendor.
+TARGET_SYSTEM_PROP := build/make/target/board/gsi_system.prop
+endif
BOARD_VNDK_VERSION := current
# Enable A/B update
diff --git a/target/board/generic_x86_arm/BoardConfig.mk b/target/board/generic_x86_arm/BoardConfig.mk
index 131c001..c66aacc 100644
--- a/target/board/generic_x86_arm/BoardConfig.mk
+++ b/target/board/generic_x86_arm/BoardConfig.mk
@@ -61,4 +61,4 @@
BOARD_FLASH_BLOCK_SIZE := 512
TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
-BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
+BOARD_SEPOLICY_DIRS += device/generic/goldfish/sepolicy/common
diff --git a/target/board/gsi_system.prop b/target/board/gsi_system.prop
new file mode 100644
index 0000000..4b54aaf
--- /dev/null
+++ b/target/board/gsi_system.prop
@@ -0,0 +1,5 @@
+# GSI always generate dex pre-opt in system image
+ro.cp_system_other_odex=0
+
+# GSI always disables adb authentication
+ro.adb.secure=0
diff --git a/target/product/base.mk b/target/product/base.mk
index ed95f30..778cabc 100644
--- a/target/product/base.mk
+++ b/target/product/base.mk
@@ -71,6 +71,7 @@
javax.obex \
keystore \
ld.config.txt \
+ ld.config.recovery.txt \
ld.mc \
libaaudio \
libandroid \
diff --git a/target/product/embedded.mk b/target/product/embedded.mk
index bae5486..2a34639 100644
--- a/target/product/embedded.mk
+++ b/target/product/embedded.mk
@@ -71,6 +71,7 @@
libui \
libutils \
linker \
+ linker.recovery \
lmkd \
logcat \
lshal \
diff --git a/tools/fs_config/fs_config_generator.py b/tools/fs_config/fs_config_generator.py
index 4839578..cd534ec 100755
--- a/tools/fs_config/fs_config_generator.py
+++ b/tools/fs_config/fs_config_generator.py
@@ -138,13 +138,13 @@
'media_codec': 'mediacodec'
}
- def __init__(self, identifier, value, found):
+ def __init__(self, identifier, value, found, login_shell):
"""
Args:
identifier: The identifier name for a #define <identifier>.
value: The value of the AID, aka the uid.
found (str): The file found in, not required to be specified.
-
+ login_shell (str): The shell field per man (5) passwd file.
Raises:
ValueError: if the friendly name is longer than 31 characters as
that is bionic's internal buffer size for name.
@@ -154,6 +154,8 @@
self.identifier = identifier
self.value = value
self.found = found
+ self.login_shell = login_shell
+
try:
self.normalized_value = str(int(value, 0))
except ValueException:
@@ -171,7 +173,8 @@
return self.identifier == other.identifier \
and self.value == other.value and self.found == other.found \
- and self.normalized_value == other.normalized_value
+ and self.normalized_value == other.normalized_value \
+ and self.login_shell == other.login_shell
@staticmethod
def is_friendly(name):
@@ -336,7 +339,7 @@
ValueError: With message set to indicate the error.
"""
- aid = AID(identifier, value, self._aid_header)
+ aid = AID(identifier, value, self._aid_header, '/system/bin/sh')
# duplicate name
if aid.friendly in self._aid_name_to_value:
@@ -647,7 +650,7 @@
sys.exit(error_message('Found specified but unset "value"'))
try:
- aid = AID(section_name, value, file_name)
+ aid = AID(section_name, value, file_name, '/vendor/bin/sh')
except ValueError as exception:
sys.exit(error_message(exception))
@@ -1280,7 +1283,7 @@
except ValueError as exception:
sys.exit(exception)
- print "%s::%s:%s::/:/system/bin/sh" % (logon, uid, uid)
+ print "%s::%s:%s::/:%s" % (logon, uid, uid, aid.login_shell)
@generator('group')
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index 968fd77..a8c821f 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -1517,10 +1517,16 @@
common.ZipWriteStr(output_zip, "patch/boot.img.p", d)
+ # TODO(b/110106408): Remove after properly handling the SHA-1 embedded in
+ # the filename argument in updater code. Prior to that, explicitly list
+ # the SHA-1 of the source image, in case the updater tries to find a
+ # matching backup from /cache. Similarly for the call to
+ # script.ApplyPatch() below.
script.PatchCheck("%s:%s:%d:%s:%d:%s" %
(boot_type, boot_device,
source_boot.size, source_boot.sha1,
- target_boot.size, target_boot.sha1))
+ target_boot.size, target_boot.sha1),
+ source_boot.sha1)
size.append(target_boot.size)
if size: