Merge "Update generateSPDXNamespace to generate a unique spdx doc namespace"
diff --git a/core/Makefile b/core/Makefile
index 85f33bc..49fbc5e 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -5122,6 +5122,7 @@
check_target_files_signatures \
check_target_files_vintf \
checkvintf \
+ create_brick_ota \
delta_generator \
e2fsck \
e2fsdroid \
diff --git a/core/definitions.mk b/core/definitions.mk
index ce1248e..fcc101d 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -2960,7 +2960,7 @@
$(extract-package) \
echo "Module name in Android tree: $(PRIVATE_MODULE)" >> $(PRODUCT_OUT)/appcompat/$(PRIVATE_MODULE).log && \
echo "Local path in Android tree: $(PRIVATE_PATH)" >> $(PRODUCT_OUT)/appcompat/$(PRIVATE_MODULE).log && \
- echo "Install path on $(TARGET_PRODUCT)-$(TARGET_BUILD_VARIANT): $(PRIVATE_INSTALLED_MODULE)" >> $(PRODUCT_OUT)/appcompat/$(PRIVATE_MODULE).log && \
+ echo "Install path: $(patsubst $(PRODUCT_OUT)/%,%,$(PRIVATE_INSTALLED_MODULE))" >> $(PRODUCT_OUT)/appcompat/$(PRIVATE_MODULE).log && \
echo >> $(PRODUCT_OUT)/appcompat/$(PRIVATE_MODULE).log
endef
ART_VERIDEX_APPCOMPAT_SCRIPT:=$(HOST_OUT)/bin/appcompat.sh
diff --git a/core/main.mk b/core/main.mk
index e84dfaa..09616d0 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -1386,29 +1386,6 @@
$(CUSTOM_MODULES) \
)
-ifdef FULL_BUILD
-#
-# Used by the cleanup logic in soong_ui to remove files that should no longer
-# be installed.
-#
-
-# Include all tests, so that we remove them from the test suites / testcase
-# folders when they are removed.
-test_files := $(foreach ts,$(ALL_COMPATIBILITY_SUITES),$(COMPATIBILITY.$(ts).FILES))
-
-$(shell mkdir -p $(PRODUCT_OUT) $(HOST_OUT))
-
-$(file >$(PRODUCT_OUT)/.installable_files$(if $(filter address,$(SANITIZE_TARGET)),_asan), \
- $(sort $(patsubst $(PRODUCT_OUT)/%,%,$(filter $(PRODUCT_OUT)/%, \
- $(modules_to_install) $(test_files)))))
-
-$(file >$(HOST_OUT)/.installable_test_files,$(sort \
- $(patsubst $(HOST_OUT)/%,%,$(filter $(HOST_OUT)/%, \
- $(test_files)))))
-
-test_files :=
-endif
-
# Dedpulicate compatibility suite dist files across modules and packages before
# copying them to their requested locations. Assign the eval result to an unused
# var to prevent Make from trying to make a sense of it.
@@ -1467,6 +1444,28 @@
modules_to_install := $(sort $(ALL_DEFAULT_INSTALLED_MODULES))
ALL_DEFAULT_INSTALLED_MODULES :=
+ifdef FULL_BUILD
+#
+# Used by the cleanup logic in soong_ui to remove files that should no longer
+# be installed.
+#
+
+# Include all tests, so that we remove them from the test suites / testcase
+# folders when they are removed.
+test_files := $(foreach ts,$(ALL_COMPATIBILITY_SUITES),$(COMPATIBILITY.$(ts).FILES))
+
+$(shell mkdir -p $(PRODUCT_OUT) $(HOST_OUT))
+
+$(file >$(PRODUCT_OUT)/.installable_files$(if $(filter address,$(SANITIZE_TARGET)),_asan), \
+ $(sort $(patsubst $(PRODUCT_OUT)/%,%,$(filter $(PRODUCT_OUT)/%, \
+ $(modules_to_install) $(test_files)))))
+
+$(file >$(HOST_OUT)/.installable_test_files,$(sort \
+ $(patsubst $(HOST_OUT)/%,%,$(filter $(HOST_OUT)/%, \
+ $(test_files)))))
+
+test_files :=
+endif
# Some notice deps refer to module names without prefix or arch suffix where
# only the variants with them get built.
@@ -2197,12 +2196,19 @@
$(call dist-for-goals,droid,$(PRODUCT_OUT)/sbom.spdx.json:sbom/sbom.spdx.json)
else
-apps_only_sbom_files := $(sort $(patsubst %,%.spdx,$(apps_only_installed_files)))
+apps_only_sbom_files := $(sort $(patsubst %,%.spdx.json,$(filter %.apk,$(apps_only_installed_files))))
$(apps_only_sbom_files): $(PRODUCT_OUT)/sbom-metadata.csv $(GEN_SBOM)
rm -rf $@
$(GEN_SBOM) --output_file $@ --metadata $(PRODUCT_OUT)/sbom-metadata.csv --product_out_dir=$(PRODUCT_OUT) --build_version $(BUILD_FINGERPRINT_FROM_FILE) --product_mfr="$(PRODUCT_MANUFACTURER)" --unbundled
sbom: $(apps_only_sbom_files)
+
+$(foreach f,$(apps_only_sbom_files),$(eval $(patsubst %.spdx.json,%-fragment.spdx,$f): $f))
+apps_only_fragment_files := $(patsubst %.spdx.json,%-fragment.spdx,$(apps_only_sbom_files))
+$(foreach f,$(apps_only_fragment_files),$(eval apps_only_fragment_dist_files += :sbom/$(notdir $f)))
+
+$(foreach f,$(apps_only_sbom_files),$(eval apps_only_sbom_dist_files += :sbom/$(notdir $f)))
+$(call dist-for-goals,apps_only,$(join $(apps_only_sbom_files),$(apps_only_sbom_dist_files)) $(join $(apps_only_fragment_files),$(apps_only_fragment_dist_files)))
endif
$(call dist-write-file,$(KATI_PACKAGE_MK_DIR)/dist.mk)
diff --git a/core/product.mk b/core/product.mk
index cdc3d09..1789561 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -41,7 +41,6 @@
_product_list_vars += PRODUCT_PACKAGES_DEBUG_JAVA_COVERAGE
_product_list_vars += PRODUCT_PACKAGES_ENG
_product_list_vars += PRODUCT_PACKAGES_TESTS
-_product_list_vars += PRODUCT_AFDO_PROFILES
# The device that this product maps to.
_product_single_value_vars += PRODUCT_DEVICE
@@ -396,6 +395,8 @@
# supports it
_product_single_value_vars += PRODUCT_ENABLE_UFFD_GC
+_product_list_vars += PRODUCT_AFDO_PROFILES
+
.KATI_READONLY := _product_single_value_vars _product_list_vars
_product_var_list :=$= $(_product_single_value_vars) $(_product_list_vars)
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 6348cf0..346edcf 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -12,6 +12,16 @@
include $(BUILD_SYSTEM)/art_config.mk
include $(BUILD_SYSTEM)/dex_preopt_config.mk
+ifndef AFDO_PROFILES
+# Set AFDO_PROFILES
+-include vendor/google_data/pgo_profile/sampling/afdo_profiles.mk
+else
+$(error AFDO_PROFILES can only be set from soong_config.mk. For product-specific fdo_profiles, please use PRODUCT_AFDO_PROFILES)
+endif
+
+# PRODUCT_AFDO_PROFILES takes precedence over product-agnostic profiles in AFDO_PROFILES
+ALL_AFDO_PROFILES := $(PRODUCT_AFDO_PROFILES) $(AFDO_PROFILES)
+
ifeq ($(WRITE_SOONG_VARIABLES),true)
# Create soong.variables with copies of makefile settings. Runs every build,
@@ -309,7 +319,7 @@
$(call add_json_list, IncludeTags, $(PRODUCT_INCLUDE_TAGS))
$(call add_json_list, SourceRootDirs, $(PRODUCT_SOURCE_ROOT_DIRS))
-$(call add_json_list, AfdoProfiles, $(PRODUCT_AFDO_PROFILES))
+$(call add_json_list, AfdoProfiles, $(ALL_AFDO_PROFILES))
$(call json_end)
diff --git a/target/board/emulator_arm64/device.mk b/target/board/emulator_arm64/device.mk
index dc84192..d221e64 100644
--- a/target/board/emulator_arm64/device.mk
+++ b/target/board/emulator_arm64/device.mk
@@ -17,12 +17,3 @@
PRODUCT_SOONG_NAMESPACES += device/generic/goldfish # for libwifi-hal-emu
PRODUCT_SOONG_NAMESPACES += device/generic/goldfish-opengl # for goldfish deps.
-# Cuttlefish has GKI kernel prebuilts, so use those for the GKI boot.img.
-ifeq ($(TARGET_PREBUILT_KERNEL),)
- LOCAL_KERNEL := kernel/prebuilts/5.4/arm64/kernel-5.4-lz4
-else
- LOCAL_KERNEL := $(TARGET_PREBUILT_KERNEL)
-endif
-
-PRODUCT_COPY_FILES += \
- $(LOCAL_KERNEL):kernel
diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index e0bcbb7..ac3271b 100644
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -818,6 +818,9 @@
"""Create a super_empty.img and store it in output_zip."""
img = OutputFile(output_zip, OPTIONS.input_tmp, "IMAGES", "super_empty.img")
+ if os.path.exists(img.name):
+ logger.info("super_empty.img already exists; no need to rebuild...")
+ return
build_super_image.BuildSuperImage(OPTIONS.info_dict, img.name)
img.Write()
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 01bc6e1..699c8b2 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -717,26 +717,46 @@
script.AssertOemProperty(prop, values, oem_no_mount)
-def ReadFromInputFile(input_file, fn):
- """Reads the contents of fn from input zipfile or directory."""
+def DoesInputFileContain(input_file, fn):
+ """Check whether the input target_files.zip contain an entry `fn`"""
if isinstance(input_file, zipfile.ZipFile):
- return input_file.read(fn).decode()
+ return fn in input_file.namelist()
elif zipfile.is_zipfile(input_file):
with zipfile.ZipFile(input_file, "r", allowZip64=True) as zfp:
- return zfp.read(fn).decode()
+ return fn in zfp.namelist()
+ else:
+ if not os.path.isdir(input_file):
+ raise ValueError(
+ "Invalid input_file, accepted inputs are ZipFile object, path to .zip file on disk, or path to extracted directory. Actual: " + input_file)
+ path = os.path.join(input_file, *fn.split("/"))
+ return os.path.exists(path)
+
+
+def ReadBytesFromInputFile(input_file, fn):
+ """Reads the bytes of fn from input zipfile or directory."""
+ if isinstance(input_file, zipfile.ZipFile):
+ return input_file.read(fn)
+ elif zipfile.is_zipfile(input_file):
+ with zipfile.ZipFile(input_file, "r", allowZip64=True) as zfp:
+ return zfp.read(fn)
else:
if not os.path.isdir(input_file):
raise ValueError(
"Invalid input_file, accepted inputs are ZipFile object, path to .zip file on disk, or path to extracted directory. Actual: " + input_file)
path = os.path.join(input_file, *fn.split("/"))
try:
- with open(path) as f:
+ with open(path, "rb") as f:
return f.read()
except IOError as e:
if e.errno == errno.ENOENT:
raise KeyError(fn)
+def ReadFromInputFile(input_file, fn):
+ """Reads the str contents of fn from input zipfile or directory."""
+ return ReadBytesFromInputFile(input_file, fn).decode()
+
+
def ExtractFromInputFile(input_file, fn):
"""Extracts the contents of fn from input zipfile or directory into a file."""
if isinstance(input_file, zipfile.ZipFile):
@@ -1376,11 +1396,7 @@
def AppendAVBSigningArgs(cmd, partition):
"""Append signing arguments for avbtool."""
# e.g., "--key path/to/signing_key --algorithm SHA256_RSA4096"
- key_path = OPTIONS.info_dict.get("avb_" + partition + "_key_path")
- if key_path and not os.path.exists(key_path) and OPTIONS.search_path:
- new_key_path = os.path.join(OPTIONS.search_path, key_path)
- if os.path.exists(new_key_path):
- key_path = new_key_path
+ key_path = ResolveAVBSigningPathArgs(OPTIONS.info_dict.get("avb_" + partition + "_key_path"))
algorithm = OPTIONS.info_dict.get("avb_" + partition + "_algorithm")
if key_path and algorithm:
cmd.extend(["--key", key_path, "--algorithm", algorithm])
@@ -1390,6 +1406,32 @@
cmd.extend(["--salt", avb_salt])
+def ResolveAVBSigningPathArgs(split_args):
+
+ def ResolveBinaryPath(path):
+ if os.path.exists(path):
+ return path
+ new_path = os.path.join(OPTIONS.search_path, path)
+ if os.path.exists(new_path):
+ return new_path
+ raise ExternalError(
+ "Failed to find {}".format(new_path))
+
+ if not split_args:
+ return split_args
+
+ if isinstance(split_args, list):
+ for index, arg in enumerate(split_args[:-1]):
+ if arg == '--signing_helper':
+ signing_helper_path = split_args[index + 1]
+ split_args[index + 1] = ResolveBinaryPath(signing_helper_path)
+ break
+ elif isinstance(split_args, str):
+ split_args = ResolveBinaryPath(split_args)
+
+ return split_args
+
+
def GetAvbPartitionArg(partition, image, info_dict=None):
"""Returns the VBMeta arguments for partition.
@@ -1442,10 +1484,7 @@
"""
if key is None:
key = info_dict["avb_" + partition + "_key_path"]
- if key and not os.path.exists(key) and OPTIONS.search_path:
- new_key_path = os.path.join(OPTIONS.search_path, key)
- if os.path.exists(new_key_path):
- key = new_key_path
+ key = ResolveAVBSigningPathArgs(key)
pubkey_path = ExtractAvbPublicKey(info_dict["avb_avbtool"], key)
rollback_index_location = info_dict[
"avb_" + partition + "_rollback_index_location"]
@@ -1461,10 +1500,7 @@
key_path = OPTIONS.info_dict.get("gki_signing_key_path")
algorithm = OPTIONS.info_dict.get("gki_signing_algorithm")
- if not os.path.exists(key_path) and OPTIONS.search_path:
- new_key_path = os.path.join(OPTIONS.search_path, key_path)
- if os.path.exists(new_key_path):
- key_path = new_key_path
+ key_path = ResolveAVBSigningPathArgs(key_path)
# Checks key_path exists, before processing --gki_signing_* args.
if not os.path.exists(key_path):
@@ -1524,7 +1560,8 @@
custom_partitions = OPTIONS.info_dict.get(
"avb_custom_images_partition_list", "").strip().split()
- custom_avb_partitions = ["vbmeta_" + part for part in OPTIONS.info_dict.get("avb_custom_vbmeta_images_partition_list", "").strip().split()]
+ custom_avb_partitions = ["vbmeta_" + part for part in OPTIONS.info_dict.get(
+ "avb_custom_vbmeta_images_partition_list", "").strip().split()]
for partition, path in partitions.items():
if partition not in needed_partitions:
@@ -1560,6 +1597,8 @@
found = True
break
assert found, 'Failed to find {}'.format(chained_image)
+
+ split_args = ResolveAVBSigningPathArgs(split_args)
cmd.extend(split_args)
RunAndCheckOutput(cmd)
@@ -1770,7 +1809,8 @@
AppendAVBSigningArgs(cmd, partition_name)
args = info_dict.get("avb_" + partition_name + "_add_hash_footer_args")
if args and args.strip():
- cmd.extend(shlex.split(args))
+ split_args = ResolveAVBSigningPathArgs(shlex.split(args))
+ cmd.extend(split_args)
RunAndCheckOutput(cmd)
img.seek(os.SEEK_SET, 0)
@@ -1811,7 +1851,8 @@
AppendAVBSigningArgs(cmd, partition_name)
args = info_dict.get("avb_" + partition_name + "_add_hash_footer_args")
if args and args.strip():
- cmd.extend(shlex.split(args))
+ split_args = ResolveAVBSigningPathArgs(shlex.split(args))
+ cmd.extend(split_args)
RunAndCheckOutput(cmd)
@@ -1886,7 +1927,7 @@
data = _BuildBootableImage(prebuilt_name, os.path.join(unpack_dir, tree_subdir),
os.path.join(unpack_dir, fs_config),
os.path.join(unpack_dir, 'META/ramdisk_node_list')
- if dev_nodes else None,
+ if dev_nodes else None,
info_dict, has_ramdisk, two_step_image)
if data:
return File(name, data)
@@ -1991,7 +2032,8 @@
AppendAVBSigningArgs(cmd, partition_name)
args = info_dict.get(f'avb_{partition_name}_add_hash_footer_args')
if args and args.strip():
- cmd.extend(shlex.split(args))
+ split_args = ResolveAVBSigningPathArgs(shlex.split(args))
+ cmd.extend(split_args)
RunAndCheckOutput(cmd)
img.seek(os.SEEK_SET, 0)
@@ -2945,7 +2987,6 @@
cmd.append(entry)
RunAndCheckOutput(cmd)
-
os.replace(new_zipfile, zip_filename)
@@ -4050,6 +4091,7 @@
# https://source.android.com/devices/bootloader/images
return fp.read(4) == b'\x3A\xFF\x26\xED'
+
def ParseUpdateEngineConfig(path: str):
"""Parse the update_engine config stored in file `path`
Args
@@ -4071,4 +4113,4 @@
if not minor:
raise ValueError(
f"{path} is an invalid update_engine config, missing PAYLOAD_MINOR_VERSION {data}")
- return (int(major.group(1)), int(minor.group(1)))
\ No newline at end of file
+ return (int(major.group(1)), int(minor.group(1)))
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index df283d6..2d49288 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -267,8 +267,8 @@
import common
import ota_utils
from ota_utils import (UNZIP_PATTERN, FinalizeMetadata, GetPackageMetadata,
- PayloadGenerator, SECURITY_PATCH_LEVEL_PROP_NAME)
-from common import IsSparseImage
+ PayloadGenerator, SECURITY_PATCH_LEVEL_PROP_NAME, CopyTargetFilesDir)
+from common import DoesInputFileContain, IsSparseImage
import target_files_diff
from check_target_files_vintf import CheckVintfIfTrebleEnabled
from non_ab_ota import GenerateNonAbOtaPackage
@@ -830,6 +830,12 @@
def GenerateAbOtaPackage(target_file, output_file, source_file=None):
"""Generates an Android OTA package that has A/B update payload."""
+ # If input target_files are directories, create a copy so that we can modify
+ # them directly
+ if os.path.isdir(target_file):
+ target_file = CopyTargetFilesDir(target_file)
+ if source_file is not None and os.path.isdir(source_file):
+ source_file = CopyTargetFilesDir(source_file)
# Stage the output zip package for package signing.
if not OPTIONS.no_signing:
staging_file = common.MakeTempFile(suffix='.zip')
@@ -840,6 +846,7 @@
allowZip64=True)
if source_file is not None:
+ source_file = ota_utils.ExtractTargetFiles(source_file)
assert "ab_partitions" in OPTIONS.source_info_dict, \
"META/ab_partitions.txt is required for ab_update."
assert "ab_partitions" in OPTIONS.target_info_dict, \
@@ -942,9 +949,8 @@
elif OPTIONS.skip_postinstall:
target_file = GetTargetFilesZipWithoutPostinstallConfig(target_file)
# Target_file may have been modified, reparse ab_partitions
- with zipfile.ZipFile(target_file, allowZip64=True) as zfp:
- target_info.info_dict['ab_partitions'] = zfp.read(
- AB_PARTITIONS).decode().strip().split("\n")
+ target_info.info_dict['ab_partitions'] = common.ReadFromInputFile(target_file,
+ AB_PARTITIONS).strip().split("\n")
CheckVintfIfTrebleEnabled(target_file, target_info)
@@ -1042,15 +1048,13 @@
# If dm-verity is supported for the device, copy contents of care_map
# into A/B OTA package.
- target_zip = zipfile.ZipFile(target_file, "r", allowZip64=True)
if target_info.get("avb_enable") == "true":
- care_map_list = [x for x in ["care_map.pb", "care_map.txt"] if
- "META/" + x in target_zip.namelist()]
-
# Adds care_map if either the protobuf format or the plain text one exists.
- if care_map_list:
- care_map_name = care_map_list[0]
- care_map_data = target_zip.read("META/" + care_map_name)
+ for care_map_name in ["care_map.pb", "care_map.txt"]:
+ if not DoesInputFileContain(target_file, "META/" + care_map_name):
+ continue
+ care_map_data = common.ReadBytesFromInputFile(
+ target_file, "META/" + care_map_name)
# In order to support streaming, care_map needs to be packed as
# ZIP_STORED.
common.ZipWriteStr(output_zip, care_map_name, care_map_data,
@@ -1060,13 +1064,11 @@
# Add the source apex version for incremental ota updates, and write the
# result apex info to the ota package.
- ota_apex_info = ota_utils.ConstructOtaApexInfo(target_zip, source_file)
+ ota_apex_info = ota_utils.ConstructOtaApexInfo(target_file, source_file)
if ota_apex_info is not None:
common.ZipWriteStr(output_zip, "apex_info.pb", ota_apex_info,
compress_type=zipfile.ZIP_STORED)
- common.ZipClose(target_zip)
-
# We haven't written the metadata entry yet, which will be handled in
# FinalizeMetadata().
common.ZipClose(output_zip)
@@ -1257,7 +1259,7 @@
if OPTIONS.extracted_input is not None:
OPTIONS.info_dict = common.LoadInfoDict(OPTIONS.extracted_input)
else:
- OPTIONS.info_dict = ParseInfoDict(args[0])
+ OPTIONS.info_dict = common.LoadInfoDict(args[0])
if OPTIONS.wipe_user_data:
if not OPTIONS.vabc_downgrade:
diff --git a/tools/releasetools/ota_utils.py b/tools/releasetools/ota_utils.py
index 985aeda..80a6c7a 100644
--- a/tools/releasetools/ota_utils.py
+++ b/tools/releasetools/ota_utils.py
@@ -22,7 +22,8 @@
import ota_metadata_pb2
import common
-from common import (ZipDelete, ZipClose, OPTIONS, MakeTempFile,
+import fnmatch
+from common import (ZipDelete, DoesInputFileContain, ReadBytesFromInputFile, OPTIONS, MakeTempFile,
ZipWriteStr, BuildInfo, LoadDictionaryFromFile,
SignFile, PARTITIONS_WITH_BUILD_PROP, PartitionBuildProps,
GetRamdiskFormat, ParseUpdateEngineConfig)
@@ -44,7 +45,8 @@
METADATA_NAME = 'META-INF/com/android/metadata'
METADATA_PROTO_NAME = 'META-INF/com/android/metadata.pb'
-UNZIP_PATTERN = ['IMAGES/*', 'META/*', 'OTA/*', 'RADIO/*']
+UNZIP_PATTERN = ['IMAGES/*', 'META/*', 'OTA/*',
+ 'RADIO/*', '*/build.prop', '*/default.prop', '*/build.default', "*/etc/vintf/*"]
SECURITY_PATCH_LEVEL_PROP_NAME = "ro.build.version.security_patch"
@@ -626,12 +628,10 @@
"""If applicable, add the source version to the apex info."""
def _ReadApexInfo(input_zip):
- if "META/apex_info.pb" not in input_zip.namelist():
+ if not DoesInputFileContain(input_zip, "META/apex_info.pb"):
logger.warning("target_file doesn't contain apex_info.pb %s", input_zip)
return None
-
- with input_zip.open("META/apex_info.pb", "r") as zfp:
- return zfp.read()
+ return ReadBytesFromInputFile(input_zip, "META/apex_info.pb")
target_apex_string = _ReadApexInfo(target_zip)
# Return early if the target apex info doesn't exist or is empty.
@@ -727,7 +727,7 @@
logger.info("target files %s is already extracted", path)
return path
extracted_dir = common.MakeTempDir("target_files")
- common.UnzipToDir(path, extracted_dir, UNZIP_PATTERN)
+ common.UnzipToDir(path, extracted_dir, UNZIP_PATTERN + [""])
return extracted_dir
@@ -1040,3 +1040,27 @@
assert metadata_total <= payload_size
return (payload_offset, metadata_total)
+
+
+def Fnmatch(filename, pattersn):
+ return any([fnmatch.fnmatch(filename, pat) for pat in pattersn])
+
+
+def CopyTargetFilesDir(input_dir):
+ output_dir = common.MakeTempDir("target_files")
+ shutil.copytree(os.path.join(input_dir, "IMAGES"), os.path.join(
+ output_dir, "IMAGES"), dirs_exist_ok=True)
+ shutil.copytree(os.path.join(input_dir, "META"), os.path.join(
+ output_dir, "META"), dirs_exist_ok=True)
+ for (dirpath, _, filenames) in os.walk(input_dir):
+ for filename in filenames:
+ path = os.path.join(dirpath, filename)
+ relative_path = path.removeprefix(input_dir).removeprefix("/")
+ if not Fnmatch(relative_path, UNZIP_PATTERN):
+ continue
+ if filename.endswith(".prop") or filename == "prop.default" or "/etc/vintf/" in relative_path:
+ target_path = os.path.join(
+ output_dir, relative_path)
+ os.makedirs(os.path.dirname(target_path), exist_ok=True)
+ shutil.copy(path, target_path)
+ return output_dir
diff --git a/tools/releasetools/verity_utils.py b/tools/releasetools/verity_utils.py
index 755241d..dddb7f4 100644
--- a/tools/releasetools/verity_utils.py
+++ b/tools/releasetools/verity_utils.py
@@ -141,11 +141,7 @@
self.footer_type = footer_type
self.avbtool = avbtool
self.algorithm = algorithm
- self.key_path = key_path
- if key_path and not os.path.exists(key_path) and OPTIONS.search_path:
- new_key_path = os.path.join(OPTIONS.search_path, key_path)
- if os.path.exists(new_key_path):
- self.key_path = new_key_path
+ self.key_path = common.ResolveAVBSigningPathArgs(key_path)
self.salt = salt
self.signing_args = signing_args
diff --git a/tools/sbom/Android.bp b/tools/sbom/Android.bp
index f6c0190..4837dde 100644
--- a/tools/sbom/Android.bp
+++ b/tools/sbom/Android.bp
@@ -12,6 +12,10 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
python_binary_host {
name: "generate-sbom",
srcs: [
diff --git a/tools/sbom/generate-sbom.py b/tools/sbom/generate-sbom.py
index 192061e..56509c9 100755
--- a/tools/sbom/generate-sbom.py
+++ b/tools/sbom/generate-sbom.py
@@ -51,6 +51,38 @@
ISSUE_INSTALLED_FILE_NOT_EXIST = 'Non-exist installed files:'
INFO_METADATA_FOUND_FOR_PACKAGE = 'METADATA file found for packages:'
+SOONG_PREBUILT_MODULE_TYPES = [
+ 'android_app_import',
+ 'android_library_import',
+ 'cc_prebuilt_binary',
+ 'cc_prebuilt_library',
+ 'cc_prebuilt_library_headers',
+ 'cc_prebuilt_library_shared',
+ 'cc_prebuilt_library_static',
+ 'cc_prebuilt_object',
+ 'dex_import',
+ 'java_import',
+ 'java_sdk_library_import',
+ 'java_system_modules_import',
+ 'libclang_rt_prebuilt_library_static',
+ 'libclang_rt_prebuilt_library_shared',
+ 'llvm_prebuilt_library_static',
+ 'ndk_prebuilt_object',
+ 'ndk_prebuilt_shared_stl',
+ 'nkd_prebuilt_static_stl',
+ 'prebuilt_apex',
+ 'prebuilt_bootclasspath_fragment',
+ 'prebuilt_dsp',
+ 'prebuilt_firmware',
+ 'prebuilt_kernel_modules',
+ 'prebuilt_rfsa',
+ 'prebuilt_root',
+ 'rust_prebuilt_dylib',
+ 'rust_prebuilt_library',
+ 'rust_prebuilt_rlib',
+ 'vndk_prebuilt_shared',
+]
+
def get_args():
parser = argparse.ArgumentParser()
@@ -106,35 +138,8 @@
def is_soong_prebuilt_module(file_metadata):
- return file_metadata['soong_module_type'] and file_metadata['soong_module_type'] in [
- 'android_app_import', 'android_library_import', 'cc_prebuilt_binary', 'cc_prebuilt_library',
- 'cc_prebuilt_library_headers', 'cc_prebuilt_library_shared', 'cc_prebuilt_library_static', 'cc_prebuilt_object',
- 'dex_import', 'java_import', 'java_sdk_library_import', 'java_system_modules_import',
- 'libclang_rt_prebuilt_library_static', 'libclang_rt_prebuilt_library_shared', 'llvm_prebuilt_library_static',
- 'ndk_prebuilt_object', 'ndk_prebuilt_shared_stl', 'nkd_prebuilt_static_stl', 'prebuilt_apex',
- 'prebuilt_bootclasspath_fragment', 'prebuilt_dsp', 'prebuilt_firmware', 'prebuilt_kernel_modules',
- 'prebuilt_rfsa', 'prebuilt_root', 'rust_prebuilt_dylib', 'rust_prebuilt_library', 'rust_prebuilt_rlib',
- 'vndk_prebuilt_shared',
-
- # 'android_test_import',
- # 'cc_prebuilt_test_library_shared',
- # 'java_import_host',
- # 'java_test_import',
- # 'llvm_host_prebuilt_library_shared',
- # 'prebuilt_apis',
- # 'prebuilt_build_tool',
- # 'prebuilt_defaults',
- # 'prebuilt_etc',
- # 'prebuilt_etc_host',
- # 'prebuilt_etc_xml',
- # 'prebuilt_font',
- # 'prebuilt_hidl_interfaces',
- # 'prebuilt_platform_compat_config',
- # 'prebuilt_stubs_sources',
- # 'prebuilt_usr_share',
- # 'prebuilt_usr_share_host',
- # 'soong_config_module_type_import',
- ]
+ return (file_metadata['soong_module_type'] and
+ file_metadata['soong_module_type'] in SOONG_PREBUILT_MODULE_TYPES)
def is_source_package(file_metadata):
@@ -397,7 +402,7 @@
creators=['Organization: ' + args.product_mfr])
for installed_file_metadata in reader:
installed_file = installed_file_metadata['installed_file']
- if args.output_file != args.product_out_dir + installed_file + ".spdx":
+ if args.output_file != args.product_out_dir + installed_file + '.spdx.json':
continue
module_path = installed_file_metadata['module_path']
@@ -418,7 +423,10 @@
doc.created = datetime.datetime.now(tz=datetime.timezone.utc).strftime('%Y-%m-%dT%H:%M:%SZ')
break
- with open(args.output_file, 'w', encoding="utf-8") as file:
+ with open(args.output_file, 'w', encoding='utf-8') as file:
+ sbom_writers.JSONWriter.write(doc, file)
+ fragment_file = args.output_file.removesuffix('.spdx.json') + '-fragment.spdx'
+ with open(fragment_file, 'w', encoding='utf-8') as file:
sbom_writers.TagValueWriter.write(doc, file, fragment=True)