Merge "Pipe bazel() note text to stderr."
diff --git a/core/Makefile b/core/Makefile
index 30a41d1..e6bc69d 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -547,6 +547,12 @@
$(call dist-for-goals,droidcore,$(PGO_PROFILE_MISSING))
+CERTIFICATE_VIOLATION_MODULES_FILENAME := $(PRODUCT_OUT)/certificate_violation_modules.txt
+$(CERTIFICATE_VIOLATION_MODULES_FILENAME):
+ rm -f $@
+ $(foreach m,$(sort $(CERTIFICATE_VIOLATION_MODULES)), echo $(m) >> $@;)
+$(call dist-for-goals,droidcore,$(CERTIFICATE_VIOLATION_MODULES_FILENAME))
+
# -----------------------------------------------------------------
# The dev key is used to sign this package, and as the key required
# for future OTA packages installed by this system. Actual product
@@ -1394,6 +1400,8 @@
$(if $(BOARD_SYSTEMIMAGE_PARTITION_SIZE),$(hide) echo "system_size=$(BOARD_SYSTEMIMAGE_PARTITION_SIZE)" >> $(1))
$(if $(INTERNAL_SYSTEM_OTHER_PARTITION_SIZE),$(hide) echo "system_other_size=$(INTERNAL_SYSTEM_OTHER_PARTITION_SIZE)" >> $(1))
$(if $(BOARD_SYSTEMIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "system_fs_type=$(BOARD_SYSTEMIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
+ $(if $(BOARD_SYSTEMIMAGE_FILE_SYSTEM_COMPRESS),$(hide) echo "system_fs_compress=$(BOARD_SYSTEMIMAGE_FILE_SYSTEM_COMPRESS)" >> $(1))
+ $(if $(BOARD_SYSTEMIMAGE_F2FS_SLOAD_COMPRESS_FLAGS),$(hide) echo "system_f2fs_sldc_flags=$(BOARD_SYSTEMIMAGE_F2FS_SLOAD_COMPRESS_FLAGS)" >> $(1))
$(if $(BOARD_SYSTEMIMAGE_EXTFS_INODE_COUNT),$(hide) echo "system_extfs_inode_count=$(BOARD_SYSTEMIMAGE_EXTFS_INODE_COUNT)" >> $(1))
$(if $(BOARD_SYSTEMIMAGE_EXTFS_RSV_PCT),$(hide) echo "system_extfs_rsv_pct=$(BOARD_SYSTEMIMAGE_EXTFS_RSV_PCT)" >> $(1))
$(if $(BOARD_SYSTEMIMAGE_JOURNAL_SIZE),$(hide) echo "system_journal_size=$(BOARD_SYSTEMIMAGE_JOURNAL_SIZE)" >> $(1))
@@ -3153,6 +3161,26 @@
endif # BOARD_PREBUILT_DTBOIMAGE
+# -----------------------------------------------------------------
+# Protected VM firmware image
+ifdef BOARD_PREBUILT_PVMFWIMAGE
+INSTALLED_PVMFWIMAGE_TARGET := $(PRODUCT_OUT)/pvmfw.img
+
+ifeq ($(BOARD_AVB_ENABLE),true)
+$(INSTALLED_PVMFWIMAGE_TARGET): $(BOARD_PREBUILT_PVMFWIMAGE) $(AVBTOOL) $(BOARD_AVB_PVMFW_KEY_PATH)
+ cp $(BOARD_PREBUILT_PVMFWIMAGE) $@
+ $(AVBTOOL) add_hash_footer \
+ --image $@ \
+ --partition_size $(BOARD_PVMFWIMG_PARTITION_SIZE) \
+ --partition_name pvmfw $(INTERNAL_AVB_PVMFW_SIGNING_ARGS) \
+ $(BOARD_AVB_PVMFW_ADD_HASH_FOOTER_ARGS)
+else
+$(INSTALLED_PVMFWIMAGE_TARGET): $(BOARD_PREBUILT_PVMFWIMAGE)
+ cp $(BOARD_PREBUILT_PVMFWIMAGE) $@
+endif
+
+endif # BOARD_PREBUILT_PVMFWIMAGE
+
# Returns a list of image targets corresponding to the given list of partitions. For example, it
# returns "$(INSTALLED_PRODUCTIMAGE_TARGET)" for "product", or "$(INSTALLED_SYSTEMIMAGE_TARGET)
# $(INSTALLED_VENDORIMAGE_TARGET)" for "system vendor".
@@ -3300,6 +3328,9 @@
BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS += \
--prop com.android.build.dtbo.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE)
+BOARD_AVB_PVMFW_ADD_HASH_FOOTER_ARGS += \
+ --prop com.android.build.pvmfw.fingerprint:$(BUILD_FINGERPRINT_FROM_FILE)
+
# The following vendor- and odm-specific images needs explicit SPL set per board.
ifdef BOOT_SECURITY_PATCH
BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS += \
@@ -3326,9 +3357,15 @@
--prop com.android.build.odm_dlkm.security_patch:$(ODM_DLKM_SECURITY_PATCH)
endif
+ifdef PVMFW_SECURITY_PATCH
+BOARD_AVB_PVMFW_ADD_HASH_FOOTER_ARGS += \
+ --prop com.android.build.pvmfw.security_patch:$(PVMFW_SECURITY_PATCH)
+endif
+
BOOT_FOOTER_ARGS := BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS
VENDOR_BOOT_FOOTER_ARGS := BOARD_AVB_VENDOR_BOOT_ADD_HASH_FOOTER_ARGS
DTBO_FOOTER_ARGS := BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS
+PVMFW_FOOTER_ARGS := BOARD_AVB_PVMFW_ADD_HASH_FOOTER_ARGS
SYSTEM_FOOTER_ARGS := BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS
VENDOR_FOOTER_ARGS := BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS
RECOVERY_FOOTER_ARGS := BOARD_AVB_RECOVERY_ADD_HASH_FOOTER_ARGS
@@ -3443,6 +3480,10 @@
$(eval $(call check-and-set-avb-args,dtbo))
endif
+ifdef INSTALLED_PVMFWIMAGE_TARGET
+$(eval $(call check-and-set-avb-args,pvmfw))
+endif
+
ifdef INSTALLED_RECOVERYIMAGE_TARGET
$(eval $(call check-and-set-avb-args,recovery))
endif
@@ -3528,6 +3569,9 @@
$(if $(BOARD_AVB_DTBO_KEY_PATH),\
$(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_DTBO_KEY_PATH) \
--output $(1)/dtbo.avbpubkey)
+ $(if $(BOARD_AVB_PVMFW_KEY_PATH),\
+ $(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_PVMFW_KEY_PATH) \
+ --output $(1)/pvmfw.avbpubkey)
$(if $(BOARD_AVB_RECOVERY_KEY_PATH),\
$(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_RECOVERY_KEY_PATH) \
--output $(1)/recovery.avbpubkey)
@@ -3610,6 +3654,7 @@
$(INSTALLED_VENDOR_DLKMIMAGE_TARGET) \
$(INSTALLED_ODM_DLKMIMAGE_TARGET) \
$(INSTALLED_DTBOIMAGE_TARGET) \
+ $(INSTALLED_PVMFWIMAGE_TARGET) \
$(INSTALLED_CUSTOMIMAGES_TARGET) \
$(INSTALLED_RECOVERYIMAGE_TARGET) \
$(INSTALLED_VBMETA_SYSTEMIMAGE_TARGET) \
@@ -4243,6 +4288,18 @@
endif # BOARD_AVB_DTBO_KEY_PATH
endif # BOARD_AVB_ENABLE
endif # BOARD_PREBUILT_DTBOIMAGE
+ifdef BOARD_PREBUILT_PVMFWIMAGE
+ $(hide) echo "has_pvmfw=true" >> $@
+ifeq ($(BOARD_AVB_ENABLE),true)
+ $(hide) echo "pvmfw_size=$(BOARD_PVMFWIMG_PARTITION_SIZE)" >> $@
+ $(hide) echo "avb_pvmfw_add_hash_footer_args=$(BOARD_AVB_PVMFW_ADD_HASH_FOOTER_ARGS)" >> $@
+ifdef BOARD_AVB_PVMFW_KEY_PATH
+ $(hide) echo "avb_pvmfw_key_path=$(BOARD_AVB_PVMFW_KEY_PATH)" >> $@
+ $(hide) echo "avb_pvmfw_algorithm=$(BOARD_AVB_PVMFW_ALGORITHM)" >> $@
+ $(hide) echo "avb_pvmfw_rollback_index_location=$(BOARD_AVB_PVMFW_ROLLBACK_INDEX_LOCATION)" >> $@
+endif # BOARD_AVB_PVMFW_KEY_PATH
+endif # BOARD_AVB_ENABLE
+endif # BOARD_PREBUILT_PVMFWIMAGE
$(call dump-dynamic-partitions-info,$@)
@# VINTF checks
ifeq ($(PRODUCT_ENFORCE_VINTF_MANIFEST),true)
@@ -4512,6 +4569,7 @@
$(INSTALLED_RECOVERYIMAGE_TARGET) \
$(INSTALLED_CACHEIMAGE_TARGET) \
$(INSTALLED_DTBOIMAGE_TARGET) \
+ $(INSTALLED_PVMFWIMAGE_TARGET) \
$(INSTALLED_CUSTOMIMAGES_TARGET) \
$(INSTALLED_ANDROID_INFO_TXT_TARGET) \
$(INSTALLED_KERNEL_TARGET) \
@@ -4794,6 +4852,10 @@
$(hide) mkdir -p $(zip_root)/PREBUILT_IMAGES
$(hide) cp $(INSTALLED_DTBOIMAGE_TARGET) $(zip_root)/PREBUILT_IMAGES/
endif # BOARD_PREBUILT_DTBOIMAGE
+ifdef BOARD_PREBUILT_PVMFWIMAGE
+ $(hide) mkdir -p $(zip_root)/PREBUILT_IMAGES
+ $(hide) cp $(INSTALLED_PVMFWIMAGE_TARGET) $(zip_root)/PREBUILT_IMAGES/
+endif # BOARD_PREBUILT_PVMFWIMAGE
ifdef BOARD_PREBUILT_BOOTLOADER
$(hide) mkdir -p $(zip_root)/IMAGES
$(hide) cp $(INSTALLED_BOOTLOADER_MODULE) $(zip_root)/IMAGES/
@@ -5044,7 +5106,7 @@
$(PROFDATA_ZIP): $(SOONG_ZIP)
$(hide) $(SOONG_ZIP) -d -o $@ -C $(LLVM_PREBUILTS_BASE)/linux-x86/$(LLVM_PREBUILTS_VERSION) -f $(LLVM_PROFDATA) -f $(LIBCXX)
- $(call dist-for-goals,droidcore apps_only,$(PROFDATA_ZIP))
+ $(call dist-for-goals,droidcore,$(PROFDATA_ZIP))
endif
# -----------------------------------------------------------------
diff --git a/core/artifact_path_requirements.mk b/core/artifact_path_requirements.mk
new file mode 100644
index 0000000..ceaefa2
--- /dev/null
+++ b/core/artifact_path_requirements.mk
@@ -0,0 +1,60 @@
+# This file contains logic to enforce artifact path requirements
+# defined in product makefiles.
+
+# Fakes don't get installed, and NDK stubs aren't installed to device.
+static_allowed_patterns := $(TARGET_OUT_FAKE)/% $(SOONG_OUT_DIR)/ndk/%
+# RROs become REQUIRED by the source module, but are always placed on the vendor partition.
+static_allowed_patterns += %__auto_generated_rro_product.apk
+static_allowed_patterns += %__auto_generated_rro_vendor.apk
+# Auto-included targets are not considered
+static_allowed_patterns += $(call product-installed-files,)
+# $(PRODUCT_OUT)/apex is where shared libraries in APEXes get installed.
+# The path can be considered as a fake path, as the shared libraries
+# are installed there just to have symbols files for them under
+# $(PRODUCT_OUT)/symbols/apex for debugging purpose. The /apex directory
+# is never compiled into a filesystem image.
+static_allowed_patterns += $(PRODUCT_OUT)/apex/%
+ifeq (true,$(BOARD_USES_SYSTEM_OTHER_ODEX))
+ # Allow system_other odex space optimization.
+ static_allowed_patterns += \
+ $(TARGET_OUT_SYSTEM_OTHER)/%.odex \
+ $(TARGET_OUT_SYSTEM_OTHER)/%.vdex \
+ $(TARGET_OUT_SYSTEM_OTHER)/%.art
+endif
+
+all_offending_files :=
+$(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\
+ $(eval requirements := $(PRODUCTS.$(makefile).ARTIFACT_PATH_REQUIREMENTS)) \
+ $(eval ### Verify that the product only produces files inside its path requirements.) \
+ $(eval allowed := $(PRODUCTS.$(makefile).ARTIFACT_PATH_ALLOWED_LIST)) \
+ $(eval path_patterns := $(call resolve-product-relative-paths,$(requirements),%)) \
+ $(eval allowed_patterns := $(call resolve-product-relative-paths,$(allowed))) \
+ $(eval files := $(call product-installed-files, $(makefile))) \
+ $(eval offending_files := $(filter-out $(path_patterns) $(allowed_patterns) $(static_allowed_patterns),$(files))) \
+ $(call maybe-print-list-and-error,$(offending_files),\
+ $(makefile) produces files outside its artifact path requirement. \
+ Allowed paths are $(subst $(space),$(comma)$(space),$(addsuffix *,$(requirements)))) \
+ $(eval unused_allowed := $(filter-out $(files),$(allowed_patterns))) \
+ $(if $(PRODUCTS.$(makefile).ARTIFACT_PATH_REQUIREMENT_IS_RELAXED),, \
+ $(call maybe-print-list-and-error,$(unused_allowed),$(makefile) includes redundant allowed entries in its artifact path requirement.) \
+ ) \
+ $(eval ### Optionally verify that nothing else produces files inside this artifact path requirement.) \
+ $(eval extra_files := $(filter-out $(files) $(HOST_OUT)/%,$(product_target_FILES))) \
+ $(eval files_in_requirement := $(filter $(path_patterns),$(extra_files))) \
+ $(eval all_offending_files += $(files_in_requirement)) \
+ $(eval allowed := $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST)) \
+ $(eval allowed_patterns := $(call resolve-product-relative-paths,$(allowed))) \
+ $(eval offending_files := $(filter-out $(allowed_patterns),$(files_in_requirement))) \
+ $(eval enforcement := $(PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS)) \
+ $(if $(enforcement),\
+ $(call maybe-print-list-and-error,$(offending_files),\
+ $(INTERNAL_PRODUCT) produces files inside $(makefile)s artifact path requirement. \
+ $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_HINT)) \
+ $(eval unused_allowed := $(if $(filter true strict,$(enforcement)),\
+ $(foreach p,$(allowed_patterns),$(if $(filter $(p),$(extra_files)),,$(p))))) \
+ $(call maybe-print-list-and-error,$(unused_allowed),$(INTERNAL_PRODUCT) includes redundant artifact path requirement allowed list entries.) \
+ ) \
+)
+$(PRODUCT_OUT)/offending_artifacts.txt:
+ rm -f $@
+ $(foreach f,$(sort $(all_offending_files)),echo $(f) >> $@;)
diff --git a/core/board_config.mk b/core/board_config.mk
index d674d1a..2608869 100644
--- a/core/board_config.mk
+++ b/core/board_config.mk
@@ -310,7 +310,8 @@
###########################################
# Now we can substitute with the real value of TARGET_COPY_OUT_DEBUG_RAMDISK
-ifneq (,$(filter true,$(BOARD_USES_RECOVERY_AS_BOOT) $(BOARD_GKI_NONAB_COMPAT)))
+ifneq (,$(filter true,$(BOARD_USES_RECOVERY_AS_BOOT) \
+ $(BOARD_GKI_NONAB_COMPAT) $(BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT)))
TARGET_COPY_OUT_DEBUG_RAMDISK := debug_ramdisk/first_stage_ramdisk
TARGET_COPY_OUT_VENDOR_DEBUG_RAMDISK := vendor_debug_ramdisk/first_stage_ramdisk
TARGET_COPY_OUT_TEST_HARNESS_RAMDISK := test_harness_ramdisk/first_stage_ramdisk
@@ -720,6 +721,16 @@
TARGET_VENDOR_TEST_SUFFIX :=
endif
+# If PRODUCT_ENFORCE_INTER_PARTITION_JAVA_SDK_LIBRARY is set,
+# BOARD_VNDK_VERSION must be set because PRODUCT_ENFORCE_INTER_PARTITION_JAVA_SDK_LIBRARY
+# is a enforcement of inter-partition dependency, and it doesn't have any meaning
+# when BOARD_VNDK_VERSION isn't set.
+ifeq ($(PRODUCT_ENFORCE_INTER_PARTITION_JAVA_SDK_LIBRARY),true)
+ ifeq ($(BOARD_VNDK_VERSION),)
+ $(error BOARD_VNDK_VERSION must be set when PRODUCT_ENFORCE_INTER_PARTITION_JAVA_SDK_LIBRARY is true)
+ endif
+endif
+
###########################################
# APEXes are by default flattened, i.e. non-updatable.
# It can be unflattened (and updatable) by inheriting from
@@ -776,9 +787,6 @@
ifeq (true,$(BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT))
$(error Should not set BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT if not building vendor_boot image)
endif
- ifeq (true,$(BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT))
- $(error Should not set BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT if not building vendor_boot image)
- endif
endif
# If BOARD_USES_GENERIC_KERNEL_IMAGE is set, BOARD_USES_RECOVERY_AS_BOOT must not be set.
diff --git a/core/main.mk b/core/main.mk
index d8a0443..3cc3690 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -1303,67 +1303,7 @@
# Verify the artifact path requirements made by included products.
is_asan := $(if $(filter address,$(SANITIZE_TARGET)),true)
ifneq (true,$(or $(is_asan),$(DISABLE_ARTIFACT_PATH_REQUIREMENTS)))
- # Fakes don't get installed, and NDK stubs aren't installed to device.
- static_allowed_patterns := $(TARGET_OUT_FAKE)/% $(SOONG_OUT_DIR)/ndk/%
- # RROs become REQUIRED by the source module, but are always placed on the vendor partition.
- static_allowed_patterns += %__auto_generated_rro_product.apk
- static_allowed_patterns += %__auto_generated_rro_vendor.apk
- # Auto-included targets are not considered
- static_allowed_patterns += $(call product-installed-files,)
- # $(PRODUCT_OUT)/apex is where shared libraries in APEXes get installed.
- # The path can be considered as a fake path, as the shared libraries
- # are installed there just to have symbols files for them under
- # $(PRODUCT_OUT)/symbols/apex for debugging purpose. The /apex directory
- # is never compiled into a filesystem image.
- static_allowed_patterns += $(PRODUCT_OUT)/apex/%
- ifeq (true,$(BOARD_USES_SYSTEM_OTHER_ODEX))
- # Allow system_other odex space optimization.
- static_allowed_patterns += \
- $(TARGET_OUT_SYSTEM_OTHER)/%.odex \
- $(TARGET_OUT_SYSTEM_OTHER)/%.vdex \
- $(TARGET_OUT_SYSTEM_OTHER)/%.art
- endif
-
-CERTIFICATE_VIOLATION_MODULES_FILENAME := $(PRODUCT_OUT)/certificate_violation_modules.txt
-$(CERTIFICATE_VIOLATION_MODULES_FILENAME):
- rm -f $@
- $(foreach m,$(sort $(CERTIFICATE_VIOLATION_MODULES)), echo $(m) >> $@;)
-$(call dist-for-goals,droidcore,$(CERTIFICATE_VIOLATION_MODULES_FILENAME))
-
- all_offending_files :=
- $(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\
- $(eval requirements := $(PRODUCTS.$(makefile).ARTIFACT_PATH_REQUIREMENTS)) \
- $(eval ### Verify that the product only produces files inside its path requirements.) \
- $(eval allowed := $(PRODUCTS.$(makefile).ARTIFACT_PATH_ALLOWED_LIST)) \
- $(eval path_patterns := $(call resolve-product-relative-paths,$(requirements),%)) \
- $(eval allowed_patterns := $(call resolve-product-relative-paths,$(allowed))) \
- $(eval files := $(call product-installed-files, $(makefile))) \
- $(eval offending_files := $(filter-out $(path_patterns) $(allowed_patterns) $(static_allowed_patterns),$(files))) \
- $(call maybe-print-list-and-error,$(offending_files),\
- $(makefile) produces files outside its artifact path requirement. \
- Allowed paths are $(subst $(space),$(comma)$(space),$(addsuffix *,$(requirements)))) \
- $(eval unused_allowed := $(filter-out $(files),$(allowed_patterns))) \
- $(call maybe-print-list-and-error,$(unused_allowed),$(makefile) includes redundant allowed entries in its artifact path requirement.) \
- $(eval ### Optionally verify that nothing else produces files inside this artifact path requirement.) \
- $(eval extra_files := $(filter-out $(files) $(HOST_OUT)/%,$(product_target_FILES))) \
- $(eval files_in_requirement := $(filter $(path_patterns),$(extra_files))) \
- $(eval all_offending_files += $(files_in_requirement)) \
- $(eval allowed := $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST)) \
- $(eval allowed_patterns := $(call resolve-product-relative-paths,$(allowed))) \
- $(eval offending_files := $(filter-out $(allowed_patterns),$(files_in_requirement))) \
- $(eval enforcement := $(PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS)) \
- $(if $(enforcement),\
- $(call maybe-print-list-and-error,$(offending_files),\
- $(INTERNAL_PRODUCT) produces files inside $(makefile)s artifact path requirement. \
- $(PRODUCT_ARTIFACT_PATH_REQUIREMENT_HINT)) \
- $(eval unused_allowed := $(if $(filter true strict,$(enforcement)),\
- $(foreach p,$(allowed_patterns),$(if $(filter $(p),$(extra_files)),,$(p))))) \
- $(call maybe-print-list-and-error,$(unused_allowed),$(INTERNAL_PRODUCT) includes redundant artifact path requirement allowed list entries.) \
- ) \
- )
-$(PRODUCT_OUT)/offending_artifacts.txt:
- rm -f $@
- $(foreach f,$(sort $(all_offending_files)),echo $(f) >> $@;)
+ include $(BUILD_SYSTEM)/artifact_path_requirements.mk
endif
else
# We're not doing a full build, and are probably only including
diff --git a/core/product.mk b/core/product.mk
index 5f06141..0c45cbb 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -321,6 +321,9 @@
# List of extra VNDK versions to be included
_product_list_vars += PRODUCT_EXTRA_VNDK_VERSIONS
+# Whether APEX should be compressed or not
+_product_single_value_vars += PRODUCT_COMPRESSED_APEX
+
# VNDK version of product partition. It can be 'current' if the product
# partitions uses PLATFORM_VNDK_VERSION.
_product_single_value_vars += PRODUCT_PRODUCT_VNDK_VERSION
@@ -405,6 +408,20 @@
# If set, Java module in product partition cannot use hidden APIs.
_product_single_value_vars += PRODUCT_ENFORCE_PRODUCT_PARTITION_INTERFACE
+# If set, only java_sdk_library can be used at inter-partition dependency.
+# Note: Build error if BOARD_VNDK_VERSION is not set while
+# PRODUCT_ENFORCE_INTER_PARTITION_JAVA_SDK_LIBRARY is true, because
+# PRODUCT_ENFORCE_INTER_PARTITION_JAVA_SDK_LIBRARY has no meaning if
+# BOARD_VNDK_VERSION is not set.
+# Note: When PRODUCT_ENFORCE_PRODUCT_PARTITION_INTERFACE is not set, there are
+# no restrictions at dependency between system and product partition.
+_product_single_value_vars += PRODUCT_ENFORCE_INTER_PARTITION_JAVA_SDK_LIBRARY
+
+# Allowlist for PRODUCT_ENFORCE_INTER_PARTITION_JAVA_SDK_LIBRARY option.
+# Listed modules are allowed at inter-partition dependency even if it isn't
+# a java_sdk_library module.
+_product_list_vars += PRODUCT_INTER_PARTITION_JAVA_LIBRARY_ALLOWLIST
+
_product_single_value_vars += PRODUCT_INSTALL_EXTRA_FLATTENED_APEXES
.KATI_READONLY := _product_single_value_vars _product_list_vars
@@ -460,6 +477,13 @@
$(sort $(ARTIFACT_PATH_REQUIREMENT_PRODUCTS) $(current_mk)))
endef
+# Like require-artifacts-in-path, but does not require all allow-list entries to
+# have an effect.
+define require-artifacts-in-path-relaxed
+ $(require-artifacts-in-path) \
+ $(eval PRODUCTS.$(current_mk).ARTIFACT_PATH_REQUIREMENT_IS_RELAXED := true)
+endef
+
# Makes including non-existent modules in PRODUCT_PACKAGES an error.
# $(1): list of non-existent modules to allow.
define enforce-product-packages-exist
diff --git a/core/product_config.mk b/core/product_config.mk
index 6170b5b..0bb0962 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -160,15 +160,16 @@
$(call import-products, $(current_product_makefile))
endif # Import all or just the current product makefile
+# Quick check
+$(check-all-products)
+
# Import all the products that have made artifact path requirements, so that we can verify
# the artifacts they produce.
+# These are imported after check-all-products because some of them might not be real products.
$(foreach makefile,$(ARTIFACT_PATH_REQUIREMENT_PRODUCTS),\
$(if $(filter-out $(makefile),$(PRODUCTS)),$(eval $(call import-products,$(makefile))))\
)
-# Quick check
-$(check-all-products)
-
ifneq ($(filter dump-products, $(MAKECMDGOALS)),)
$(dump-products)
endif
@@ -355,6 +356,16 @@
PRODUCT_EXTRA_VNDK_VERSIONS := $(OVERRIDE_PRODUCT_EXTRA_VNDK_VERSIONS)
endif
+###########################################
+# APEXes are by default not compressed
+#
+# APEX compression can be forcibly enabled (resp. disabled) by
+# setting OVERRIDE_PRODUCT_COMPRESSED_APEX to true (resp. false), e.g. by
+# setting the OVERRIDE_PRODUCT_COMPRESSED_APEX environment variable.
+ifdef OVERRIDE_PRODUCT_COMPRESSED_APEX
+ PRODUCT_COMPRESSED_APEX := $(OVERRIDE_PRODUCT_COMPRESSED_APEX)
+endif
+
$(KATI_obsolete_var OVERRIDE_PRODUCT_EXTRA_VNDK_VERSIONS \
,Use PRODUCT_EXTRA_VNDK_VERSIONS instead)
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 250efb2..61c0452 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -215,6 +215,8 @@
$(call add_json_bool, InstallExtraFlattenedApexes, $(PRODUCT_INSTALL_EXTRA_FLATTENED_APEXES))
+$(call add_json_bool, CompressedApex, $(PRODUCT_COMPRESSED_APEX))
+
$(call add_json_bool, BoardUsesRecoveryAsBoot, $(BOARD_USES_RECOVERY_AS_BOOT))
$(call add_json_list, BoardKernelBinaries, $(BOARD_KERNEL_BINARIES))
diff --git a/core/sysprop.mk b/core/sysprop.mk
index 1c66281..bb19dc5 100644
--- a/core/sysprop.mk
+++ b/core/sysprop.mk
@@ -238,7 +238,7 @@
endef
gen_from_buildinfo_sh := $(call intermediates-dir-for,PACKAGING,system_build_prop)/buildinfo.prop
-$(gen_from_buildinfo_sh): $(INTERNAL_BUILD_ID_MAKEFILE) $(API_FINGERPRINT)
+$(gen_from_buildinfo_sh): $(INTERNAL_BUILD_ID_MAKEFILE) $(API_FINGERPRINT) | $(BUILD_DATETIME_FILE) $(BUILD_NUMBER_FILE)
$(hide) TARGET_BUILD_TYPE="$(TARGET_BUILD_VARIANT)" \
TARGET_BUILD_FLAVOR="$(TARGET_BUILD_FLAVOR)" \
TARGET_DEVICE="$(TARGET_DEVICE)" \
diff --git a/core/tasks/tools/compatibility.mk b/core/tasks/tools/compatibility.mk
index 66f3b5b..570a39a 100644
--- a/core/tasks/tools/compatibility.mk
+++ b/core/tasks/tools/compatibility.mk
@@ -34,9 +34,7 @@
$(HOST_OUT_JAVA_LIBRARIES)/tradefed-test-framework.jar \
$(HOST_OUT_JAVA_LIBRARIES)/loganalysis.jar \
$(HOST_OUT_JAVA_LIBRARIES)/compatibility-host-util.jar \
- $(HOST_OUT_JAVA_LIBRARIES)/compatibility-host-util-tests.jar \
- $(HOST_OUT_JAVA_LIBRARIES)/compatibility-common-util-tests.jar \
- $(HOST_OUT_JAVA_LIBRARIES)/compatibility-tradefed-tests.jar \
+ $(HOST_OUT_JAVA_LIBRARIES)/compatibility-tradefed.jar \
$(HOST_OUT_JAVA_LIBRARIES)/$(test_suite_tradefed).jar \
$(HOST_OUT_JAVA_LIBRARIES)/$(test_suite_tradefed)-tests.jar \
$(HOST_OUT_EXECUTABLES)/$(test_suite_tradefed) \
diff --git a/core/version_defaults.mk b/core/version_defaults.mk
index 7362275..22eb1e1 100644
--- a/core/version_defaults.mk
+++ b/core/version_defaults.mk
@@ -240,7 +240,7 @@
# It must be of the form "YYYY-MM-DD" on production devices.
# It must match one of the Android Security Patch Level strings of the Public Security Bulletins.
# If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
- PLATFORM_SECURITY_PATCH := 2020-11-05
+ PLATFORM_SECURITY_PATCH := 2020-12-05
endif
.KATI_READONLY := PLATFORM_SECURITY_PATCH
diff --git a/target/board/BoardConfigPixelCommon.mk b/target/board/BoardConfigPixelCommon.mk
new file mode 100644
index 0000000..a970fec
--- /dev/null
+++ b/target/board/BoardConfigPixelCommon.mk
@@ -0,0 +1,18 @@
+# BoardConfigPixelCommon.mk
+#
+# Common compile-time definitions for Pixel devices.
+
+# Using sha256 for dm-verity partitions. b/156162446
+# system, system_other, system_ext and product.
+BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+BOARD_AVB_SYSTEM_OTHER_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+BOARD_AVB_SYSTEM_EXT_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+BOARD_AVB_PRODUCT_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+
+# vendor and odm.
+BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+BOARD_AVB_ODM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+
+# vendor_dlkm and odm_dlkm.
+BOARD_AVB_VENDOR_DLKM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+BOARD_AVB_ODM_DLKM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
diff --git a/target/board/emulator_arm64/BoardConfig.mk b/target/board/emulator_arm64/BoardConfig.mk
index 95eff4b..9293625 100644
--- a/target/board/emulator_arm64/BoardConfig.mk
+++ b/target/board/emulator_arm64/BoardConfig.mk
@@ -19,10 +19,6 @@
TARGET_CPU_VARIANT := generic
TARGET_CPU_ABI := arm64-v8a
-TARGET_2ND_ARCH := arm
-TARGET_2ND_CPU_ABI := armeabi-v7a
-TARGET_2ND_CPU_ABI2 := armeabi
-
ifneq ($(TARGET_BUILD_APPS)$(filter cts sdk,$(MAKECMDGOALS)),)
# DO NOT USE
# DO NOT USE
diff --git a/target/board/generic_arm64/device.mk b/target/board/generic_arm64/device.mk
index 7b16aea..e64014b 100644
--- a/target/board/generic_arm64/device.mk
+++ b/target/board/generic_arm64/device.mk
@@ -15,7 +15,7 @@
#
PRODUCT_COPY_FILES += \
- kernel/prebuilts/4.19/arm64/Image.gz:kernel-4.19-gz \
+ kernel/prebuilts/4.19/arm64/kernel-4.19-gz:kernel-4.19-gz \
kernel/prebuilts/5.4/arm64/kernel-5.4:kernel-5.4 \
kernel/prebuilts/5.4/arm64/kernel-5.4-gz:kernel-5.4-gz \
kernel/prebuilts/5.4/arm64/kernel-5.4-lz4:kernel-5.4-lz4 \
@@ -30,7 +30,7 @@
kernel/prebuilts/5.4/arm64/kernel-5.4-lz4:kernel-5.4-lz4-allsyms
endif
-PRODUCT_PACKAGES += e2fsck_ramdisk
-
PRODUCT_BUILD_VENDOR_BOOT_IMAGE := false
PRODUCT_BUILD_RECOVERY_IMAGE := false
+
+$(call inherit-product, $(SRC_TARGET_DIR)/product/generic_ramdisk.mk)
diff --git a/target/product/cfi-common.mk b/target/product/cfi-common.mk
index 623a9a8..82f53f6 100644
--- a/target/product/cfi-common.mk
+++ b/target/product/cfi-common.mk
@@ -19,7 +19,6 @@
PRODUCT_CFI_INCLUDE_PATHS := \
device/generic/goldfish/wifi/wpa_supplicant_8_lib \
device/google/cuttlefish/guest/libs/wpa_supplicant_8_lib \
- device/google/wahoo/wifi_offload \
external/tinyxml2 \
external/wpa_supplicant_8 \
frameworks/av/camera \
diff --git a/target/product/emulator_vendor.mk b/target/product/emulator_vendor.mk
index 89c3f3a..4d46358 100644
--- a/target/product/emulator_vendor.mk
+++ b/target/product/emulator_vendor.mk
@@ -26,7 +26,7 @@
PRODUCT_PACKAGES += \
vndk-sp
-PRODUCT_PACKAGE_OVERLAYS := device/generic/goldfish/overlay
+DEVICE_PACKAGE_OVERLAYS := device/generic/goldfish/overlay
PRODUCT_CHARACTERISTICS := emulator
diff --git a/target/product/generic_ramdisk.mk b/target/product/generic_ramdisk.mk
new file mode 100644
index 0000000..61e3a08
--- /dev/null
+++ b/target/product/generic_ramdisk.mk
@@ -0,0 +1,39 @@
+#
+# Copyright (C) 2020 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# This makefile installs contents of the generic ramdisk.
+# Inherit from this makefile to declare that this product uses generic ramdisk.
+# This makefile checks that other makefiles must not install things to the
+# ramdisk.
+
+# Ramdisk
+PRODUCT_PACKAGES += \
+ init_first_stage \
+
+# Debug ramdisk
+PRODUCT_PACKAGES += \
+ userdebug_plat_sepolicy.cil \
+
+_my_paths := \
+ $(TARGET_COPY_OUT_RAMDISK) \
+ $(TARGET_COPY_OUT_DEBUG_RAMDISK) \
+ system/usr/share/zoneinfo/tz_version \
+ system/usr/share/zoneinfo/tzdata \
+
+# We use the "relaxed" version here because tzdata / tz_version is only produced
+# by this makefile on a subset of devices.
+# TODO: remove this
+$(call require-artifacts-in-path-relaxed, $(_my_paths), )
diff --git a/target/product/generic_system.mk b/target/product/generic_system.mk
index 731a450..9580ade 100644
--- a/target/product/generic_system.mk
+++ b/target/product/generic_system.mk
@@ -121,9 +121,6 @@
PRODUCT_ENFORCE_RRO_TARGETS := *
-# TODO(b/150820813) Settings depends on static overlay, remove this after eliminating the dependency.
-PRODUCT_ENFORCE_RRO_EXEMPTED_TARGETS := Settings
-
PRODUCT_NAME := generic_system
PRODUCT_BRAND := generic
diff --git a/target/product/generic_system_arm64.mk b/target/product/generic_system_arm64.mk
index b8b12c3..2c64479 100644
--- a/target/product/generic_system_arm64.mk
+++ b/target/product/generic_system_arm64.mk
@@ -38,9 +38,6 @@
PRODUCT_SHIPPING_API_LEVEL := 29
-# TODO(b/137033385): change this back to "all"
-PRODUCT_RESTRICT_VENDOR_FILES := owner
-
PRODUCT_NAME := generic_system_arm64
PRODUCT_DEVICE := mainline_arm64
PRODUCT_BRAND := generic
diff --git a/target/product/generic_system_x86.mk b/target/product/generic_system_x86.mk
index dddcb7e..cf38a98 100644
--- a/target/product/generic_system_x86.mk
+++ b/target/product/generic_system_x86.mk
@@ -37,9 +37,6 @@
PRODUCT_SHIPPING_API_LEVEL := 29
-# TODO(b/137033385): change this back to "all"
-PRODUCT_RESTRICT_VENDOR_FILES := owner
-
PRODUCT_NAME := generic_system_x86
PRODUCT_DEVICE := mainline_x86
PRODUCT_BRAND := generic
diff --git a/target/product/generic_system_x86_64.mk b/target/product/generic_system_x86_64.mk
index 1ca9678..5f3829b 100644
--- a/target/product/generic_system_x86_64.mk
+++ b/target/product/generic_system_x86_64.mk
@@ -38,8 +38,6 @@
PRODUCT_SHIPPING_API_LEVEL := 29
-PRODUCT_RESTRICT_VENDOR_FILES := all
-
PRODUCT_NAME := generic_system_x86_64
PRODUCT_DEVICE := mainline_x86_64
PRODUCT_BRAND := generic
diff --git a/target/product/generic_system_x86_arm.mk b/target/product/generic_system_x86_arm.mk
index a62fb9b..923f32d 100644
--- a/target/product/generic_system_x86_arm.mk
+++ b/target/product/generic_system_x86_arm.mk
@@ -37,9 +37,6 @@
PRODUCT_SHIPPING_API_LEVEL := 29
-# TODO(b/137033385): change this back to "all"
-PRODUCT_RESTRICT_VENDOR_FILES := owner
-
PRODUCT_NAME := generic_system_x86_arm
PRODUCT_DEVICE := mainline_x86_arm
PRODUCT_BRAND := generic
diff --git a/target/product/gsi/current.txt b/target/product/gsi/current.txt
index 9c08e5e..2205146 100644
--- a/target/product/gsi/current.txt
+++ b/target/product/gsi/current.txt
@@ -69,14 +69,15 @@
VNDK-core: android.hardware.graphics.bufferqueue@2.0.so
VNDK-core: android.hardware.identity-V2-ndk_platform.so
VNDK-core: android.hardware.keymaster-V2-ndk_platform.so
-VNDK-core: android.hardware.keymint-V1-ndk_platform.so
VNDK-core: android.hardware.light-V1-ndk_platform.so
VNDK-core: android.hardware.media.bufferpool@2.0.so
VNDK-core: android.hardware.media.omx@1.0.so
VNDK-core: android.hardware.media@1.0.so
+VNDK-core: android.hardware.memtrack-V1-ndk_platform.so
VNDK-core: android.hardware.memtrack@1.0.so
VNDK-core: android.hardware.power-V1-ndk_platform.so
VNDK-core: android.hardware.rebootescrow-V1-ndk_platform.so
+VNDK-core: android.hardware.security.keymint-V1-ndk_platform.so
VNDK-core: android.hardware.soundtrigger@2.0-core.so
VNDK-core: android.hardware.soundtrigger@2.0.so
VNDK-core: android.hardware.vibrator-V1-ndk_platform.so
diff --git a/target/product/media_system.mk b/target/product/media_system.mk
index 1004dc5..4ebec51 100644
--- a/target/product/media_system.mk
+++ b/target/product/media_system.mk
@@ -58,7 +58,6 @@
# The values should be of the format <apex name>:<jar name>
PRODUCT_UPDATABLE_SYSTEM_SERVER_JARS := \
com.android.permission:service-permission \
- com.android.wifi:service-wifi \
com.android.ipsec:android.net.ipsec.ike \
PRODUCT_COPY_FILES += \
diff --git a/target/product/runtime_libart.mk b/target/product/runtime_libart.mk
index ec30527..687e9f6 100644
--- a/target/product/runtime_libart.mk
+++ b/target/product/runtime_libart.mk
@@ -70,6 +70,11 @@
# or if it is empty speed-profile is equivalent to (quicken + empty app image).
PRODUCT_SYSTEM_PROPERTIES += \
pm.dexopt.install?=speed-profile \
+ pm.dexopt.install-fast?=skip \
+ pm.dexopt.install-bulk?=speed-profile \
+ pm.dexopt.install-bulk-secondary?=verify \
+ pm.dexopt.install-bulk-downgraded?=verify \
+ pm.dexopt.install-bulk-secondary-downgraded?=extract \
pm.dexopt.bg-dexopt?=speed-profile \
pm.dexopt.ab-ota?=speed-profile \
pm.dexopt.inactive?=verify \
diff --git a/tools/fs_config/OWNERS b/tools/fs_config/OWNERS
index 5599644..7529cb9 100644
--- a/tools/fs_config/OWNERS
+++ b/tools/fs_config/OWNERS
@@ -1,2 +1 @@
-tomcherry@google.com
-salyzyn@google.com
+include platform/system/core:/janitors/OWNERS
diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index d836d65..5f35d78 100644
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -51,6 +51,7 @@
import os
import shlex
import shutil
+import stat
import sys
import uuid
import zipfile
@@ -330,6 +331,9 @@
# AVB-sign the image as needed.
if OPTIONS.info_dict.get("avb_enable") == "true":
+ # Signing requires +w
+ os.chmod(img.name, os.stat(img.name).st_mode | stat.S_IWUSR)
+
avbtool = OPTIONS.info_dict["avb_avbtool"]
part_size = OPTIONS.info_dict["dtbo_size"]
# The AVB hash footer will be replaced if already present.
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index 6487b9b..820c128 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -350,8 +350,17 @@
build_command.append("--prjquota")
if (needs_casefold):
build_command.append("--casefold")
- if (needs_compress):
+ if (needs_compress or prop_dict.get("system_fs_compress") == "true"):
build_command.append("--compression")
+ if (prop_dict.get("system_fs_compress") == "true"):
+ build_command.append("--sldc")
+ if (prop_dict.get("system_f2fs_sldc_flags") == None):
+ build_command.append(str(0))
+ else:
+ sldc_flags_str = prop_dict.get("system_f2fs_sldc_flags")
+ sldc_flags = sldc_flags_str.split()
+ build_command.append(str(len(sldc_flags)))
+ build_command.extend(sldc_flags)
else:
raise BuildImageError(
"Error: unknown filesystem type: {}".format(fs_type))
@@ -417,7 +426,7 @@
fs_type = prop_dict.get("fs_type", "")
fs_spans_partition = True
- if fs_type.startswith("squash"):
+ if fs_type.startswith("squash") or fs_type.startswith("erofs"):
fs_spans_partition = False
# Get a builder for creating an image that's to be verified by Verified Boot,
@@ -427,7 +436,16 @@
if (prop_dict.get("use_dynamic_partition_size") == "true" and
"partition_size" not in prop_dict):
# If partition_size is not defined, use output of `du' + reserved_size.
- size = GetDiskUsage(in_dir)
+ # For compressed file system, it's better to use the compressed size to avoid wasting space.
+ if fs_type.startswith("erofs"):
+ tmp_dict = prop_dict.copy()
+ if "erofs_sparse_flag" in tmp_dict:
+ tmp_dict.pop("erofs_sparse_flag")
+ BuildImageMkfs(in_dir, tmp_dict, out_file, target_out, fs_config)
+ size = GetDiskUsage(out_file)
+ os.remove(out_file)
+ else:
+ size = GetDiskUsage(in_dir)
logger.info(
"The tree size of %s is %d MB.", in_dir, size // BYTES_IN_MB)
# If not specified, give us 16MB margin for GetDiskUsage error ...
@@ -546,6 +564,8 @@
"extfs_sparse_flag",
"erofs_sparse_flag",
"squashfs_sparse_flag",
+ "system_fs_compress",
+ "system_f2fs_sldc_flags",
"f2fs_sparse_flag",
"skip_fsck",
"ext_mkuserimg",
diff --git a/tools/zipalign/Android.bp b/tools/zipalign/Android.bp
index 135cd76..1ebf4eb 100644
--- a/tools/zipalign/Android.bp
+++ b/tools/zipalign/Android.bp
@@ -57,6 +57,9 @@
srcs: [
"tests/src/*_test.cpp",
],
+ test_options: {
+ unit_test: true,
+ },
static_libs: [
"libbase",
"libzipalign",