Merge changes from topic "revert-2625691-VFGNHGHBMX" am: 2fa3dd0149
Original change: https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/2626914
Change-Id: If50325257fe737b640e575b4658057adf52425c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/apex/sign_virt_apex.py b/apex/sign_virt_apex.py
index a42f5ec..3f3600d 100644
--- a/apex/sign_virt_apex.py
+++ b/apex/sign_virt_apex.py
@@ -427,21 +427,23 @@
# unpacked files (will be unpacked from super.img below)
system_a_img = os.path.join(unpack_dir.name, 'system_a.img')
+ vendor_a_img = os.path.join(unpack_dir.name, 'vendor_a.img')
# re-sign super.img
# 1. unpack super.img
- # 2. resign system
- # 3. repack super.img out of resigned system
+ # 2. resign system and vendor
+ # 3. repack super.img out of resigned system and vendor
UnpackSuperImg(args, files['super.img'], unpack_dir.name)
system_a_f = Async(AddHashTreeFooter, args, key, system_a_img)
- partitions = {"system_a": system_a_img}
+ vendor_a_f = Async(AddHashTreeFooter, args, key, vendor_a_img)
+ partitions = {"system_a": system_a_img, "vendor_a": vendor_a_img}
Async(MakeSuperImage, args, partitions,
- files['super.img'], wait=[system_a_f])
+ files['super.img'], wait=[system_a_f, vendor_a_f])
- # re-generate vbmeta from re-signed system_a.img
+ # re-generate vbmeta from re-signed {system_a, vendor_a}.img
vbmeta_f = Async(MakeVbmetaImage, args, key, files['vbmeta.img'],
- images=[system_a_img],
- wait=[system_a_f])
+ images=[system_a_img, vendor_a_img],
+ wait=[system_a_f, vendor_a_f])
vbmeta_bc_f = None
if not args.do_not_update_bootconfigs:
@@ -473,6 +475,7 @@
# unpacked files
UnpackSuperImg(args, files['super.img'], unpack_dir.name)
system_a_img = os.path.join(unpack_dir.name, 'system_a.img')
+ vendor_a_img = os.path.join(unpack_dir.name, 'vendor_a.img')
# Read pubkey digest from the input key
with tempfile.NamedTemporaryFile() as pubkey_file:
@@ -492,6 +495,7 @@
continue
if f == files['super.img']:
Async(check_avb_pubkey, system_a_img)
+ Async(check_avb_pubkey, vendor_a_img)
else:
# Check pubkey for other files using avbtool
Async(check_avb_pubkey, f)
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 1395d30..f3045b7 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -16,6 +16,7 @@
"sys",
"system",
+ "vendor",
"debug_ramdisk",
"mnt",
"data",
@@ -78,9 +79,9 @@
"microdroid_event-log-tags",
"microdroid_file_contexts",
"microdroid_manifest",
+ "microdroid_plat_sepolicy_and_mapping.sha256",
"microdroid_property_contexts",
"mke2fs.microdroid",
- "microdroid_fstab",
"libvm_payload", // used by payload to interact with microdroid manager
@@ -98,8 +99,9 @@
// non-updatable & mandatory apexes
"com.android.runtime",
+ "microdroid_plat_sepolicy.cil",
+ "microdroid_plat_mapping_file",
"microdroid_crashdump_initrd",
- "microdroid_precompiled_sepolicy",
],
},
lib64: {
@@ -205,6 +207,36 @@
"echo ro.product.cpu.abi=arm64-v8a) > $(out)",
}
+android_filesystem {
+ name: "microdroid_vendor",
+ partition_name: "vendor",
+ use_avb: true,
+ deps: [
+ "microdroid_fstab",
+ "microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
+ "microdroid_vendor_manifest",
+ "microdroid_vendor_compatibility_matrix",
+ ],
+ multilib: {
+ common: {
+ deps: [
+ "microdroid_vendor_sepolicy.cil",
+ "microdroid_plat_pub_versioned.cil",
+ "microdroid_plat_sepolicy_vers.txt",
+ "microdroid_precompiled_sepolicy",
+ ],
+ },
+ },
+ avb_private_key: ":microdroid_sign_key",
+ avb_algorithm: "SHA256_RSA4096",
+ avb_hash_algorithm: "sha256",
+ file_contexts: ":microdroid_vendor_file_contexts.gen",
+ // For deterministic output, use fake_timestamp, hard-coded uuid
+ fake_timestamp: "1611569676",
+ // python -c "import uuid; print(uuid.uuid5(uuid.NAMESPACE_URL, 'www.android.com/avf/microdroid/vendor'))"
+ uuid: "156d40d7-8d8e-5c99-8913-ec82de549a70",
+}
+
logical_partition {
name: "microdroid_super",
sparse: true,
@@ -214,6 +246,10 @@
name: "system_a",
filesystem: ":microdroid",
},
+ {
+ name: "vendor_a",
+ filesystem: ":microdroid_vendor",
+ },
],
}
@@ -236,7 +272,7 @@
}
android_filesystem {
- name: "microdroid_fstab_ramdisk",
+ name: "microdroid_vendor_ramdisk",
deps: [
"microdroid_fstab",
],
@@ -297,6 +333,7 @@
partition_name: "vbmeta",
private_key: ":microdroid_sign_key",
partitions: [
+ "microdroid_vendor",
"microdroid",
],
}
@@ -307,6 +344,22 @@
}
prebuilt_etc {
+ name: "microdroid_vendor_manifest",
+ src: "microdroid_vendor_manifest.xml",
+ filename: "manifest.xml",
+ relative_install_path: "vintf",
+ installable: false,
+}
+
+prebuilt_etc {
+ name: "microdroid_vendor_compatibility_matrix",
+ src: "microdroid_vendor_compatibility_matrix.xml",
+ filename: "compatibility_matrix.xml",
+ relative_install_path: "vintf",
+ installable: false,
+}
+
+prebuilt_etc {
name: "microdroid_manifest",
src: "microdroid_manifest.xml",
filename: "manifest.xml",
diff --git a/microdroid/fstab.microdroid b/microdroid/fstab.microdroid
index 9478c7c..25d82cc 100644
--- a/microdroid/fstab.microdroid
+++ b/microdroid/fstab.microdroid
@@ -1 +1,2 @@
system /system ext4 noatime,ro,errors=panic wait,slotselect,avb=vbmeta,first_stage_mount,logical
+vendor /vendor ext4 noatime,ro,errors=panic wait,slotselect,avb=vbmeta,first_stage_mount,logical
diff --git a/microdroid/initrd/Android.bp b/microdroid/initrd/Android.bp
index 699a28a..22a06e1 100644
--- a/microdroid/initrd/Android.bp
+++ b/microdroid/initrd/Android.bp
@@ -32,7 +32,7 @@
name: "microdroid_initrd_gen",
srcs: [
":microdroid_ramdisk",
- ":microdroid_fstab_ramdisk",
+ ":microdroid_vendor_ramdisk",
],
out: ["microdroid_initrd.img"],
cmd: "cat $(in) > $(out)",
diff --git a/microdroid/microdroid_vendor_compatibility_matrix.xml b/microdroid/microdroid_vendor_compatibility_matrix.xml
new file mode 100644
index 0000000..44735d8
--- /dev/null
+++ b/microdroid/microdroid_vendor_compatibility_matrix.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<compatibility-matrix version="1.0" type="device">
+ <!-- empty -->
+</compatibility-matrix>
diff --git a/microdroid/microdroid_vendor_manifest.xml b/microdroid/microdroid_vendor_manifest.xml
new file mode 100644
index 0000000..a48e695
--- /dev/null
+++ b/microdroid/microdroid_vendor_manifest.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<manifest version="1.0" type="device" />