commit e111203c75d34af00f9c2631e6ece44c5972fec5
author Nikita Ioffe <ioffe@google.com> Mon Nov 13 15:09:39 2023 +0000
committer Nikita Ioffe <ioffe@google.com> Tue Nov 14 11:51:06 2023 +0000
tree 9585e0226a822300083b71547b9504469cf28c2e
parent 9e24218dafb46d233976e966dd51be155fb9c38e

Flag guard removal of the vendor partition from Microdroid super

The
MicrodroidHostTests#testBootFailsWhenVbMetaDigestDoesNotMatchBootconfig
test built as part of Android UDC CTS binary will fail when running
against the -next targets, since that test expects existence of the
vendor partition.

This patch partially reverts commit baf578de569c8d07c3978dcf3cc8d8ed8968651f, by making removal of the vendor partition conditional on the value of the RELEASE_AVF_ENABLE_VENDOR_MODULES flag
(on -next builds flag is disabled, hence the vendor partition will still be present). Note that the /vendor still
won't be mounted, since that change is not flag-guarded. I think this
should be ok, because in Android U the /vendor partition was effectively empty.

Bug: 307904471
Test: atest MicrodroidHostTestCases
Change-Id: I40fa72f1343c881bdda546f7539303f2ff971e55

apex/sign_virt_apex.py

diff --git a/apex/sign_virt_apex.py b/apex/sign_virt_apex.py
index 8257aae..029ac76 100644
--- a/apex/sign_virt_apex.py
+++ b/apex/sign_virt_apex.py
@@ -27,6 +27,7 @@
 - lpmake, lpunpack, simg2img, img2simg, initrd_bootconfig
 """
 import argparse
+import builtins
 import hashlib
 import os
 import re
@@ -282,7 +283,7 @@
         avb_version_bc = re.search(
             r"androidboot.vbmeta.avb_version = \"([^\"]*)\"", bootconfigs).group(1)
         if avb_version_curr != avb_version_bc:
-            raise Exception(f'AVB version mismatch between current & one & \
+            raise builtins.Exception(f'AVB version mismatch between current & one & \
                 used to build bootconfigs:{avb_version_curr}&{avb_version_bc}')
 
     def calc_vbmeta_digest():
@@ -430,21 +431,32 @@
 
     # unpacked files (will be unpacked from super.img below)
     system_a_img = os.path.join(unpack_dir.name, 'system_a.img')
+    vendor_a_img = os.path.join(unpack_dir.name, 'vendor_a.img')
 
     # re-sign super.img
     # 1. unpack super.img
-    # 2. resign system
-    # 3. repack super.img out of resigned system
+    # 2. resign system and vendor (if exists)
+    # 3. repack super.img out of resigned system and vendor (if exists)
     UnpackSuperImg(args, files['super.img'], unpack_dir.name)
     system_a_f = Async(AddHashTreeFooter, args, key, system_a_img)
     partitions = {"system_a": system_a_img}
+    images = [system_a_img]
+    images_f = [system_a_f]
+
+    # if vendor_a.img exists, resign it
+    if os.path.exists(vendor_a_img):
+        partitions.update({'vendor_a': vendor_a_img})
+        images.append(vendor_a_img)
+        vendor_a_f = Async(AddHashTreeFooter, args, key, vendor_a_img)
+        images_f.append(vendor_a_f)
+
     Async(MakeSuperImage, args, partitions,
-          files['super.img'], wait=[system_a_f])
+          files['super.img'], wait=images_f)
 
     # re-generate vbmeta from re-signed system_a.img
     vbmeta_f = Async(MakeVbmetaImage, args, key, files['vbmeta.img'],
-                     images=[system_a_img],
-                     wait=[system_a_f])
+                     images=images,
+                     wait=images_f)
 
     vbmeta_bc_f = None
     if not args.do_not_update_bootconfigs:

microdroid/Android.bp

diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 42ff4b0..4e735e6 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -243,7 +243,35 @@
         "echo ro.product.cpu.abi=arm64-v8a) > $(out)",
 }
 
-logical_partition {
+// Need to keep microdroid_vendor for the release configurations that don't
+// have RELEASE_AVF_ENABLE_VENDOR_MODULES build flag enabled.
+android_filesystem {
+    name: "microdroid_vendor",
+    partition_name: "vendor",
+    use_avb: true,
+    avb_private_key: ":microdroid_sign_key",
+    avb_algorithm: "SHA256_RSA4096",
+    avb_hash_algorithm: "sha256",
+    file_contexts: ":microdroid_vendor_file_contexts.gen",
+    // For deterministic output, use fake_timestamp, hard-coded uuid
+    fake_timestamp: "1611569676",
+    // python -c "import uuid; print(uuid.uuid5(uuid.NAMESPACE_URL, 'www.android.com/avf/microdroid/vendor'))"
+    uuid: "156d40d7-8d8e-5c99-8913-ec82de549a70",
+}
+
+soong_config_module_type {
+    name: "flag_aware_microdroid_super_partition",
+    module_type: "logical_partition",
+    config_namespace: "ANDROID",
+    bool_variables: [
+        "release_avf_enable_vendor_modules",
+    ],
+    properties: [
+        "default_group",
+    ],
+}
+
+flag_aware_microdroid_super_partition {
     name: "microdroid_super",
     sparse: true,
     size: "auto",
@@ -253,6 +281,16 @@
             filesystem: ":microdroid",
         },
     ],
+    soong_config_variables: {
+        release_avf_enable_vendor_modules: {
+            default_group: [
+                {
+                    name: "vendor_a",
+                    filesystem: ":microdroid_vendor",
+                },
+            ],
+        },
+    },
 }
 
 android_filesystem {
@@ -330,13 +368,30 @@
     srcs: [":avb_testkey_rsa4096"],
 }
 
-vbmeta {
+soong_config_module_type {
+    name: "flag_aware_microdroid_vbmeta",
+    module_type: "vbmeta",
+    config_namespace: "ANDROID",
+    bool_variables: [
+        "release_avf_enable_vendor_modules",
+    ],
+    properties: [
+        "partitions",
+    ],
+}
+
+flag_aware_microdroid_vbmeta {
     name: "microdroid_vbmeta",
     partition_name: "vbmeta",
     private_key: ":microdroid_sign_key",
     partitions: [
         "microdroid",
     ],
+    soong_config_variables: {
+        release_avf_enable_vendor_modules: {
+            partitions: ["microdroid_vendor"],
+        },
+    },
 }
 
 prebuilt_etc {