Merge "Remove myself from the OWNER file"
diff --git a/android/config.go b/android/config.go
index b3469a9..f5ea381 100644
--- a/android/config.go
+++ b/android/config.go
@@ -561,6 +561,19 @@
}
}
+func (c *config) ApexKeyDir(ctx ModuleContext) SourcePath {
+ // TODO(b/121224311): define another variable such as TARGET_APEX_KEY_OVERRIDE
+ defaultCert := String(c.productVariables.DefaultAppCertificate)
+ if defaultCert == "" || filepath.Dir(defaultCert) == "build/target/product/security" {
+ // When defaultCert is unset or is set to the testkeys path, use the APEX keys
+ // that is under the module dir
+ return PathForModuleSrc(ctx).SourcePath
+ } else {
+ // If not, APEX keys are under the specified directory
+ return PathForSource(ctx, filepath.Dir(defaultCert))
+ }
+}
+
func (c *config) AllowMissingDependencies() bool {
return Bool(c.productVariables.Allow_missing_dependencies)
}
@@ -736,6 +749,14 @@
return c.productVariables.ModulesLoadedByPrivilegedModules
}
+func (c *config) BootJars() []string {
+ return c.productVariables.BootJars
+}
+
+func (c *config) PreoptBootJars() []string {
+ return c.productVariables.PreoptBootJars
+}
+
func (c *config) DisableDexPreopt(name string) bool {
return Bool(c.productVariables.DisableDexPreopt) || InList(name, c.productVariables.DisableDexPreoptModules)
}
@@ -950,6 +971,14 @@
return Bool(c.productVariables.FlattenApex)
}
+func (c *config) EnforceSystemCertificate() bool {
+ return Bool(c.productVariables.EnforceSystemCertificate)
+}
+
+func (c *config) EnforceSystemCertificateWhitelist() []string {
+ return c.productVariables.EnforceSystemCertificateWhitelist
+}
+
func stringSlice(s *[]string) []string {
if s != nil {
return *s
diff --git a/android/variable.go b/android/variable.go
index 264869a..ddaf166 100644
--- a/android/variable.go
+++ b/android/variable.go
@@ -198,6 +198,9 @@
UncompressPrivAppDex *bool `json:",omitempty"`
ModulesLoadedByPrivilegedModules []string `json:",omitempty"`
+ BootJars []string `json:",omitempty"`
+ PreoptBootJars []string `json:",omitempty"`
+
DisableDexPreopt *bool `json:",omitempty"`
DisableDexPreoptModules []string `json:",omitempty"`
DexPreoptProfileDir *string `json:",omitempty"`
@@ -263,6 +266,9 @@
DexpreoptGlobalConfig *string `json:",omitempty"`
ManifestPackageNameOverrides []string `json:",omitempty"`
+
+ EnforceSystemCertificate *bool `json:",omitempty"`
+ EnforceSystemCertificateWhitelist []string `json:",omitempty"`
}
func boolPtr(v bool) *bool {
diff --git a/apex/apex.go b/apex/apex.go
index b324644..e711c8b 100644
--- a/apex/apex.go
+++ b/apex/apex.go
@@ -448,15 +448,17 @@
{Mutator: "arch", Variation: "android_common"},
}, prebuiltTag, a.properties.Prebuilts...)
- if String(a.properties.Key) == "" {
- ctx.ModuleErrorf("key is missing")
- return
- }
- ctx.AddDependency(ctx.Module(), keyTag, String(a.properties.Key))
+ if !ctx.Config().FlattenApex() || ctx.Config().UnbundledBuild() {
+ if String(a.properties.Key) == "" {
+ ctx.ModuleErrorf("key is missing")
+ return
+ }
+ ctx.AddDependency(ctx.Module(), keyTag, String(a.properties.Key))
- cert := android.SrcIsModule(String(a.properties.Certificate))
- if cert != "" {
- ctx.AddDependency(ctx.Module(), certificateTag, cert)
+ cert := android.SrcIsModule(String(a.properties.Certificate))
+ if cert != "" {
+ ctx.AddDependency(ctx.Module(), certificateTag, cert)
+ }
}
}
@@ -626,7 +628,8 @@
return false
})
- if keyFile == nil {
+ a.flattened = ctx.Config().FlattenApex() && !ctx.Config().UnbundledBuild()
+ if !a.flattened && keyFile == nil {
ctx.PropertyErrorf("key", "private_key for %q could not be found", String(a.properties.Key))
return
}
@@ -656,7 +659,6 @@
filesInfo[i].moduleName = ctx.ModuleName() + "." + filesInfo[i].moduleName
}
- a.flattened = ctx.Config().FlattenApex() && !ctx.Config().UnbundledBuild()
a.installDir = android.PathForModuleInstall(ctx, "apex")
a.filesInfo = filesInfo
@@ -850,7 +852,15 @@
// For flattened APEX, do nothing but make sure that apex_manifest.json file is also copied along
// with other ordinary files.
manifest := android.PathForModuleSrc(ctx, proptools.StringDefault(a.properties.Manifest, "apex_manifest.json"))
- a.filesInfo = append(a.filesInfo, apexFile{manifest, ctx.ModuleName() + ".apex_manifest.json", android.Common, ".", etc, nil})
+
+ // rename to apex_manifest.json
+ copiedManifest := android.PathForModuleOut(ctx, "apex_manifest.json")
+ ctx.Build(pctx, android.BuildParams{
+ Rule: android.Cp,
+ Input: manifest,
+ Output: copiedManifest,
+ })
+ a.filesInfo = append(a.filesInfo, apexFile{copiedManifest, ctx.ModuleName() + ".apex_manifest.json", android.Common, ".", etc, nil})
for _, fi := range a.filesInfo {
dir := filepath.Join("apex", ctx.ModuleName(), fi.installDir)
diff --git a/apex/apex_test.go b/apex/apex_test.go
index d4f0f7e..dbc85d9 100644
--- a/apex/apex_test.go
+++ b/apex/apex_test.go
@@ -124,13 +124,15 @@
ctx.MockFileSystem(map[string][]byte{
"Android.bp": []byte(bp),
- "testkey.avbpubkey": nil,
- "testkey.pem": nil,
"build/target/product/security": nil,
"apex_manifest.json": nil,
"system/sepolicy/apex/myapex-file_contexts": nil,
"mylib.cpp": nil,
"myprebuilt": nil,
+ "vendor/foo/devkeys/test.x509.pem": nil,
+ "vendor/foo/devkeys/test.pk8": nil,
+ "vendor/foo/devkeys/testkey.avbpubkey": nil,
+ "vendor/foo/devkeys/testkey.pem": nil,
})
_, errs := ctx.ParseFileList(".", []string{"Android.bp"})
android.FailIfErrored(t, errs)
@@ -148,6 +150,7 @@
config = android.TestArchConfig(buildDir, nil)
config.TestProductVariables.DeviceVndkVersion = proptools.StringPtr("current")
+ config.TestProductVariables.DefaultAppCertificate = proptools.StringPtr("vendor/foo/devkeys/test")
return
}
@@ -683,3 +686,46 @@
// Ensure that not_in_apex is linking with the static variant of mylib
ensureContains(t, ldFlags, "mylib/android_arm64_armv8-a_core_static/mylib.a")
}
+
+func TestKeys(t *testing.T) {
+ ctx := testApex(t, `
+ apex {
+ name: "myapex",
+ key: "myapex.key",
+ native_shared_libs: ["mylib"],
+ }
+
+ cc_library {
+ name: "mylib",
+ srcs: ["mylib.cpp"],
+ system_shared_libs: [],
+ stl: "none",
+ }
+
+ apex_key {
+ name: "myapex.key",
+ public_key: "testkey.avbpubkey",
+ private_key: "testkey.pem",
+ }
+
+ `)
+
+ // check the APEX keys
+ keys := ctx.ModuleForTests("myapex.key", "").Module().(*apexKey)
+
+ if keys.public_key_file.String() != "vendor/foo/devkeys/testkey.avbpubkey" {
+ t.Errorf("public key %q is not %q", keys.public_key_file.String(),
+ "vendor/foo/devkeys/testkey.avbpubkey")
+ }
+ if keys.private_key_file.String() != "vendor/foo/devkeys/testkey.pem" {
+ t.Errorf("private key %q is not %q", keys.private_key_file.String(),
+ "vendor/foo/devkeys/testkey.pem")
+ }
+
+ // check the APK certs
+ certs := ctx.ModuleForTests("myapex", "android_common_myapex").Rule("signapk").Args["certificates"]
+ if certs != "vendor/foo/devkeys/test.x509.pem vendor/foo/devkeys/test.pk8" {
+ t.Errorf("cert and private key %q are not %q", certs,
+ "vendor/foo/devkeys/test.x509.pem vendor/foo/devkeys/test.pk8")
+ }
+}
diff --git a/apex/key.go b/apex/key.go
index 6fbc9b0..7e98d2b 100644
--- a/apex/key.go
+++ b/apex/key.go
@@ -65,8 +65,21 @@
}
func (m *apexKey) GenerateAndroidBuildActions(ctx android.ModuleContext) {
- m.public_key_file = android.PathForModuleSrc(ctx, String(m.properties.Public_key))
- m.private_key_file = android.PathForModuleSrc(ctx, String(m.properties.Private_key))
+ if ctx.Config().FlattenApex() && !ctx.Config().UnbundledBuild() {
+ // Flattened APEXes are not signed
+ return
+ }
+
+ m.public_key_file = ctx.Config().ApexKeyDir(ctx).Join(ctx, String(m.properties.Public_key))
+ m.private_key_file = ctx.Config().ApexKeyDir(ctx).Join(ctx, String(m.properties.Private_key))
+
+ // If not found, fall back to the local key pairs
+ if !android.ExistentPathForSource(ctx, m.public_key_file.String()).Valid() {
+ m.public_key_file = android.PathForModuleSrc(ctx, String(m.properties.Public_key))
+ }
+ if !android.ExistentPathForSource(ctx, m.private_key_file.String()).Valid() {
+ m.private_key_file = android.PathForModuleSrc(ctx, String(m.properties.Private_key))
+ }
pubKeyName := m.public_key_file.Base()[0 : len(m.public_key_file.Base())-len(m.public_key_file.Ext())]
privKeyName := m.private_key_file.Base()[0 : len(m.private_key_file.Base())-len(m.private_key_file.Ext())]
diff --git a/cc/config/clang.go b/cc/config/clang.go
index a0ebd10..832689b 100644
--- a/cc/config/clang.go
+++ b/cc/config/clang.go
@@ -135,10 +135,6 @@
// codebase for it.
"-Wno-inconsistent-missing-override",
- // Bug: http://b/29823425 Disable -Wnull-dereference until the
- // new instances detected by this warning are fixed.
- "-Wno-null-dereference",
-
// Enable clang's thread-safety annotations in libcxx.
// Turn off -Wthread-safety-negative, to avoid breaking projects that use -Weverything.
"-D_LIBCPP_ENABLE_THREAD_SAFETY_ANNOTATIONS",
@@ -187,6 +183,10 @@
// http://b/72331524 Allow null pointer arithmetic until the instances detected by
// this new warning are fixed.
"-Wno-null-pointer-arithmetic",
+
+ // Bug: http://b/29823425 Disable -Wnull-dereference until the
+ // new instances detected by this warning are fixed.
+ "-Wno-null-dereference",
}, " "))
}
diff --git a/cc/config/global.go b/cc/config/global.go
index 13ad27c..5d98d67 100644
--- a/cc/config/global.go
+++ b/cc/config/global.go
@@ -120,8 +120,8 @@
// prebuilts/clang default settings.
ClangDefaultBase = "prebuilts/clang/host"
- ClangDefaultVersion = "clang-r346389b"
- ClangDefaultShortVersion = "8.0.6"
+ ClangDefaultVersion = "clang-r346389c"
+ ClangDefaultShortVersion = "8.0.7"
// Directories with warnings from Android.bp files.
WarningAllowedProjects = []string{
diff --git a/cc/library.go b/cc/library.go
index da223dc..4adb081 100644
--- a/cc/library.go
+++ b/cc/library.go
@@ -646,6 +646,11 @@
linkerDeps = append(linkerDeps, forceWeakSymbols.Path())
}
}
+ if library.buildStubs() {
+ linkerScriptFlags := "-Wl,--version-script," + library.versionScriptPath.String()
+ flags.LdFlags = append(flags.LdFlags, linkerScriptFlags)
+ linkerDeps = append(linkerDeps, library.versionScriptPath)
+ }
fileName := library.getLibName(ctx) + flags.Toolchain.ShlibSuffix()
outputFile := android.PathForModuleOut(ctx, fileName)
diff --git a/dexpreopt/config.go b/dexpreopt/config.go
index 6b5c40d..503af7e 100644
--- a/dexpreopt/config.go
+++ b/dexpreopt/config.go
@@ -36,6 +36,7 @@
PreoptBootClassPathDexLocations []string // virtual locations of boot class path files
BootJars []string // modules for jars that form the boot class path
+ PreoptBootJars []string // modules for jars that form the boot image
SystemServerJars []string // jars that form the system server
SystemServerApps []string // apps that are loaded into system server
SpeedApps []string // apps that should be speed optimized
diff --git a/java/app.go b/java/app.go
index 3b2305f..4bae78a 100644
--- a/java/app.go
+++ b/java/app.go
@@ -263,6 +263,20 @@
packageFile := android.PathForModuleOut(ctx, "package.apk")
CreateAppPackage(ctx, packageFile, a.exportPackage, jniJarFile, dexJarFile, certificates)
+
+ if !a.Module.Platform() {
+ certPath := a.certificate.Pem.String()
+ systemCertPath := ctx.Config().DefaultAppCertificateDir(ctx).String()
+ if strings.HasPrefix(certPath, systemCertPath) {
+ enforceSystemCert := ctx.Config().EnforceSystemCertificate()
+ whitelist := ctx.Config().EnforceSystemCertificateWhitelist()
+
+ if enforceSystemCert && !inList(a.Module.Name(), whitelist) {
+ ctx.PropertyErrorf("certificate", "The module in product partition cannot be signed with certificate in system.")
+ }
+ }
+ }
+
a.outputFile = packageFile
bundleFile := android.PathForModuleOut(ctx, "base.zip")
diff --git a/java/java.go b/java/java.go
index fa4aee4..a23835b 100644
--- a/java/java.go
+++ b/java/java.go
@@ -1364,6 +1364,12 @@
}
func (j *Library) shouldUncompressDex(ctx android.ModuleContext) bool {
+ // Store uncompressed (and do not strip) dex files from boot class path jars that are not
+ // part of the boot image.
+ if inList(ctx.ModuleName(), ctx.Config().BootJars()) &&
+ !inList(ctx.ModuleName(), ctx.Config().PreoptBootJars()) {
+ return true
+ }
return false
}
diff --git a/java/sdk_library.go b/java/sdk_library.go
index 877abe4..55a9590 100644
--- a/java/sdk_library.go
+++ b/java/sdk_library.go
@@ -124,6 +124,12 @@
// This applies to the stubs lib.
Compile_dex *bool
+ // the java library (in classpath) for documentation that provides java srcs and srcjars.
+ Srcs_lib *string
+
+ // the base dirs under srcs_lib will be scanned for java srcs.
+ Srcs_lib_whitelist_dirs []string
+
// the sub dirs under srcs_lib_whitelist_dirs will be scanned for java srcs.
// Defaults to "android.annotation".
Srcs_lib_whitelist_pkgs []string
@@ -541,6 +547,10 @@
} else {
props.Srcs_lib_whitelist_pkgs = []string{"android.annotation"}
}
+ } else {
+ props.Srcs_lib = module.properties.Srcs_lib
+ props.Srcs_lib_whitelist_dirs = module.properties.Srcs_lib_whitelist_dirs
+ props.Srcs_lib_whitelist_pkgs = module.properties.Srcs_lib_whitelist_pkgs
}
if Bool(module.properties.Metalava_enabled) == true {
diff --git a/ui/build/goma.go b/ui/build/goma.go
index d0dc9cf..015a7c7 100644
--- a/ui/build/goma.go
+++ b/ui/build/goma.go
@@ -15,34 +15,65 @@
package build
import (
- "errors"
+ "fmt"
+ "math"
"path/filepath"
+ "strconv"
+ "strings"
"android/soong/ui/metrics"
)
const gomaCtlScript = "goma_ctl.py"
+const gomaLeastNProcs = 2500
+const gomaLeastNFiles = 16000
-var gomaCtlNotFound = errors.New("goma_ctl.py not found")
+// ulimit returns ulimit result for |opt|.
+// if the resource is unlimited, it returns math.MaxInt32 so that a caller do
+// not need special handling of the returned value.
+//
+// Note that since go syscall package do not have RLIMIT_NPROC constant,
+// we use bash ulimit instead.
+func ulimitOrFatal(ctx Context, config Config, opt string) int {
+ commandText := fmt.Sprintf("ulimit %s", opt)
+ cmd := Command(ctx, config, commandText, "bash", "-c", commandText)
+ output := strings.TrimRight(string(cmd.CombinedOutputOrFatal()), "\n")
+ ctx.Verbose(output + "\n")
+ ctx.Verbose("done\n")
-func startGoma(ctx Context, config Config) error {
+ if output == "unlimited" {
+ return math.MaxInt32
+ }
+ num, err := strconv.Atoi(output)
+ if err != nil {
+ ctx.Fatalf("ulimit returned unexpected value: %s: %v\n", opt, err)
+ }
+ return num
+}
+
+func startGoma(ctx Context, config Config) {
ctx.BeginTrace(metrics.RunSetupTool, "goma_ctl")
defer ctx.EndTrace()
+ if u := ulimitOrFatal(ctx, config, "-u"); u < gomaLeastNProcs {
+ ctx.Fatalf("max user processes is insufficient: %d; want >= %d.\n", u, gomaLeastNProcs)
+ }
+ if n := ulimitOrFatal(ctx, config, "-n"); n < gomaLeastNFiles {
+ ctx.Fatalf("max open files is insufficient: %d; want >= %d.\n", n, gomaLeastNFiles)
+ }
+
var gomaCtl string
if gomaDir, ok := config.Environment().Get("GOMA_DIR"); ok {
gomaCtl = filepath.Join(gomaDir, gomaCtlScript)
} else if home, ok := config.Environment().Get("HOME"); ok {
gomaCtl = filepath.Join(home, "goma", gomaCtlScript)
} else {
- return gomaCtlNotFound
+ ctx.Fatalln("goma_ctl.py not found")
}
cmd := Command(ctx, config, "goma_ctl.py ensure_start", gomaCtl, "ensure_start")
if err := cmd.Run(); err != nil {
- ctx.Fatalf("goma_ctl.py ensure_start failed with: %v", err)
+ ctx.Fatalf("goma_ctl.py ensure_start failed with: %v\n", err)
}
-
- return nil
}
diff --git a/ui/build/ninja.go b/ui/build/ninja.go
index e5d6da1..835f820 100644
--- a/ui/build/ninja.go
+++ b/ui/build/ninja.go
@@ -54,7 +54,9 @@
args = append(args, "-f", config.CombinedNinjaFile())
- args = append(args, "-w", "dupbuild=err")
+ args = append(args,
+ "-w", "dupbuild=err",
+ "-w", "missingdepfile=err")
cmd := Command(ctx, config, "ninja", executable, args...)
if config.HasKatiSuffix() {
diff --git a/ui/build/paths/config.go b/ui/build/paths/config.go
index e5e0821..1b80ceb 100644
--- a/ui/build/paths/config.go
+++ b/ui/build/paths/config.go
@@ -85,7 +85,6 @@
"egrep": Allowed,
"find": Allowed,
"fuser": Allowed,
- "getconf": Allowed,
"getopt": Allowed,
"git": Allowed,
"grep": Allowed,
@@ -95,12 +94,9 @@
"jar": Allowed,
"java": Allowed,
"javap": Allowed,
- "ln": Allowed,
- "ls": Allowed,
"lsof": Allowed,
"m4": Allowed,
"md5sum": Allowed,
- "mktemp": Allowed,
"mv": Allowed,
"openssl": Allowed,
"patch": Allowed,
@@ -111,7 +107,6 @@
"python": Allowed,
"python2.7": Allowed,
"python3": Allowed,
- "readlink": Allowed,
"realpath": Allowed,
"rm": Allowed,
"rsync": Allowed,
@@ -121,14 +116,12 @@
"sha256sum": Allowed,
"sha512sum": Allowed,
"sort": Allowed,
- "stat": Allowed,
"tar": Allowed,
"timeout": Allowed,
"tr": Allowed,
"unzip": Allowed,
"wc": Allowed,
"which": Allowed,
- "xargs": Allowed,
"xz": Allowed,
"zip": Allowed,
"zipinfo": Allowed,
@@ -160,14 +153,20 @@
"env": Toybox,
"expr": Toybox,
"head": Toybox,
+ "getconf": Toybox,
"id": Toybox,
+ "ln": Toybox,
+ "ls": Toybox,
"mkdir": Toybox,
+ "mktemp": Toybox,
"od": Toybox,
"paste": Toybox,
"pwd": Toybox,
+ "readlink": Toybox,
"rmdir": Toybox,
"setsid": Toybox,
"sleep": Toybox,
+ "stat": Toybox,
"tail": Toybox,
"tee": Toybox,
"touch": Toybox,
@@ -176,6 +175,7 @@
"uniq": Toybox,
"unix2dos": Toybox,
"whoami": Toybox,
+ "xargs": Toybox,
"xxd": Toybox,
}