StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge master@5406228 into git_qt-dev-plus-aosp.

Browse Source 
Change-Id: I535a555e659ba80e2dc839324b3d4672e8918661
BUG: 129345239
This commit is contained in:
Bill Rassieur
2019-03-29 04:13:27 +00:00
parent 59b25b4dec de01f0fdfe
commit 99ae566b45
31 changed files with 540 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CleanSpec.mk
View File

@@ -610,6 +610,9 @@ $(call add-clean-step, rm -rf $(HOST_CROSS_OUT_TESTCASES)/*)
$(call add-clean-step, rm -rf $(TARGET_OUT_DATA)/*)
$(call add-clean-step, rm -rf $(HOST_OUT)/vts/*)
$(call add-clean-step, rm -rf $(HOST_OUT)/framework/vts-tradefed.jar)
# Clean up old location of system_other.avbpubkey
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/security/avb/)
# ************************************************
# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
# ************************************************

92
core/Makefile
View File

@@ -733,6 +733,15 @@ $(BUILD_SYSTEM_STATS):
@$(foreach s,$(STATS.SOONG_MODULE_TYPE),echo "modules_type_soong,$(s),$(STATS.SOONG_MODULE_TYPE.$(s))" >>$@;)
$(call dist-for-goals,droidcore,$(BUILD_SYSTEM_STATS))
# -----------------------------------------------------------------
# build /product/etc/security/avb/system_other.avbpubkey if needed
ifdef BUILDING_SYSTEM_OTHER_IMAGE
ifeq ($(BOARD_AVB_ENABLE),true)
INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET := $(TARGET_OUT_PRODUCT_ETC)/security/avb/system_other.avbpubkey
ALL_DEFAULT_INSTALLED_MODULES += $(INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET)
endif # BOARD_AVB_ENABLE
endif # BUILDING_SYSTEM_OTHER_IMAGE
# -----------------------------------------------------------------
# Modules ready to be converted to Soong, ordered by how many
# modules depend on them.
@@ -1467,8 +1476,7 @@ $(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_system_other_add_hashtree_footer_args
$(if $(BOARD_AVB_ENABLE),\
$(if $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH),\
$(hide) echo "avb_system_other_key_path=$(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)" >> $(1)
$(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1)
$(hide) echo "avb_system_extract_system_other_key=true" >> $(1)))
$(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1)))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
$(if $(BOARD_AVB_ENABLE),\
@@ -2139,12 +2147,80 @@ define create-vendor-odm-symlink
endef
endif
# Check that libraries that should only be in APEXes don't end up in the system
# image. For the Runtime APEX this complements the checks in
# art/build/apex/art_apex_test.py.
# TODO(b/128708192): Implement this restriction in Soong instead.
# TODO(b/124293228): Fix remaining bugs and add these libraries to the list:
# libart-compiler.so
# libart-dexlayout.so
# libart.so
# libartbase.so
# libartpalette.so
# libdexfile.so
# libdexfile_external.so - aosp_marlin-userdebug gets this in a vndk-sp-Q subdirectory.
# libicui18n.so
# libicuuc.so
# libnativehelper.so - cf_x86_phone-userdebug builds get this in system/lib/arm
# libprofile.so
# libsigchain.so
# libtombstoned_client.so
APEX_MODULE_LIBS= \
libadbconnection.so \
libandroidicu.so \
libdt_fd_forward.so \
libdt_socket.so \
libjavacore.so \
libjdwp.so \
libnativebridge.so \
libnativeloader.so \
libnpt.so \
libopenjdk.so \
libopenjdkjvm.so \
libopenjdkjvmti.so \
libpac.so \
# If the check below fails, some library has ended up in system/lib or
# system/lib64 that is intended to only go into some APEX package. The likely
# cause is that a library or binary in /system has grown a dependency that
# directly or indirectly pulls in the prohibited library.
#
# To resolve this, look for the APEX package that the library belong to - search
# for it in 'native_shared_lib' properties in 'apex' build modules (see
# art/build/apex/Android.bp for an example). Then check if there is an exported
# library in that APEX package that should be used instead, i.e. one listed in
# its 'native_shared_lib' property for which the corresponding 'cc_library'
# module has a 'stubs' clause (like libdexfile_external in
# art/libdexfile/Android.bp).
#
# If you cannot find an APEX exported library that fits your needs, or you think
# that the library you want to depend on should be allowed in /system, then
# please contact the owners of the APEX package containing the library.
#
# If you get this error for a library that is exported in an APEX, then the APEX
# might be misconfigured or something is wrong in the build system. Please reach
# out to the APEX package owners and/or soong-team@, or
# android-building@googlegroups.com externally.
define check-apex-libs-absence
$(hide) ( \
cd $(TARGET_OUT); \
findres=$$(find lib* -type f \( -false $(foreach lib,$(APEX_MODULE_LIBS),-o -name $(lib)) \) -print) || exit 1; \
if [ -n "$$findres" ]; then \
echo "APEX libraries found in system image (see comment in this makefile for details):" 1>&2; \
echo "$$findres" | sort 1>&2; \
false; \
fi; \
)
endef
# $(1): output file
define build-systemimage-target
@echo "Target system fs image: $(1)"
$(call create-system-vendor-symlink)
$(call create-system-product-symlink)
$(call create-system-product_services-symlink)
$(call check-apex-libs-absence)
@mkdir -p $(dir $(1)) $(systemimage_intermediates) && rm -rf $(systemimage_intermediates)/system_image_info.txt
$(call generate-image-prop-dictionary, $(systemimage_intermediates)/system_image_info.txt,system, \
skip_fsck=true)
@@ -2979,9 +3055,11 @@ BOARD_AVB_SYSTEM_OTHER_KEY_PATH := $(BOARD_AVB_KEY_PATH)
BOARD_AVB_SYSTEM_OTHER_ALGORITHM := $(BOARD_AVB_ALGORITHM)
endif
# To extract the public key of SYSTEM_OTHER_KEY_PATH will into system.img:
# /system/etc/security/avb/system_other.avbpubkey.
FULL_SYSTEMIMAGE_DEPS += $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)
$(INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET): $(AVBTOOL) $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)
@echo Extracting system_other avb key: $@
@rm -f $@
@mkdir -p $(dir $@)
$(AVBTOOL) extract_public_key --key $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH) --output $@
ifndef BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX
BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
@@ -3937,8 +4015,10 @@ ifdef BOARD_BPT_DISK_SIZE
endif
$(call generate-userimage-prop-dictionary, $(zip_root)/META/misc_info.txt)
ifneq ($(INSTALLED_RECOVERYIMAGE_TARGET),)
ifdef BUILDING_SYSTEM_IMAGE
$(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH MKBOOTIMG=$(MKBOOTIMG) \
build/make/tools/releasetools/make_recovery_patch $(zip_root) $(zip_root)
endif # BUILDING_SYSTEM_IMAGE
endif
ifeq ($(AB_OTA_UPDATER),true)
@# When using the A/B updater, include the updater config files in the zip.
@@ -4225,7 +4305,7 @@ $(SYMBOLS_ZIP): $(SOONG_ZIP)
@echo "Package symbols: $@"
$(hide) rm -rf $@ $(PRIVATE_LIST_FILE)
$(hide) mkdir -p $(dir $@) $(TARGET_OUT_UNSTRIPPED) $(dir $(PRIVATE_LIST_FILE))
$(hide) find $(TARGET_OUT_UNSTRIPPED) | sort >$(PRIVATE_LIST_FILE)
$(hide) find -L $(TARGET_OUT_UNSTRIPPED) -type f | sort >$(PRIVATE_LIST_FILE)
$(hide) $(SOONG_ZIP) -d -o $@ -C $(OUT_DIR)/.. -l $(PRIVATE_LIST_FILE)
# -----------------------------------------------------------------
# A zip of the coverage directory.

4
core/base_rules.mk
View File

@@ -776,6 +776,10 @@ ALL_MODULES.$(my_register_name).CHECKED := \
$(ALL_MODULES.$(my_register_name).CHECKED) $(my_checked_module)
ALL_MODULES.$(my_register_name).BUILT := \
$(ALL_MODULES.$(my_register_name).BUILT) $(LOCAL_BUILT_MODULE)
ifndef LOCAL_IS_HOST_MODULE
ALL_MODULES.$(my_register_name).TARGET_BUILT := \
$(ALL_MODULES.$(my_register_name).TARGET_BUILT) $(LOCAL_BUILT_MODULE)
endif
ifneq (true,$(LOCAL_UNINSTALLABLE_MODULE))
ALL_MODULES.$(my_register_name).INSTALLED := \
$(strip $(ALL_MODULES.$(my_register_name).INSTALLED) \

6
core/binary.mk
View File

@@ -1214,17 +1214,17 @@ else ifdef LOCAL_USE_VNDK
# with vendor_available: false
my_link_type := native:vendor
my_warn_types :=
my_allowed_types := native:vendor native:vndk
my_allowed_types := native:vendor native:vndk native:platform_vndk
endif
else ifneq ($(filter $(TARGET_RECOVERY_OUT)/%,$(call get_non_asan_path,$(LOCAL_MODULE_PATH))),)
my_link_type := native:recovery
my_warn_types :=
# TODO(b/113303515) remove native:platform and my_allowed_ndk_types
my_allowed_types := native:recovery native:platform $(my_allowed_ndk_types)
my_allowed_types := native:recovery native:platform native:platform_vndk $(my_allowed_ndk_types)
else
my_link_type := native:platform
my_warn_types := $(my_warn_ndk_types)
my_allowed_types := $(my_allowed_ndk_types) native:platform
my_allowed_types := $(my_allowed_ndk_types) native:platform native:platform_vndk
endif
my_link_deps := $(addprefix STATIC_LIBRARIES:,$(my_whole_static_libraries) $(my_static_libraries))

4
core/clear_vars.mk
View File

@@ -263,7 +263,8 @@ LOCAL_SOONG_JACOCO_REPORT_CLASSES_JAR :=
LOCAL_SOONG_LINK_TYPE :=
LOCAL_SOONG_PROGUARD_DICT :=
LOCAL_SOONG_RESOURCE_EXPORT_PACKAGE :=
LOCAL_SOONG_RRO_DIRS :=
LOCAL_SOONG_DEVICE_RRO_DIRS :=
LOCAL_SOONG_PRODUCT_RRO_DIRS :=
LOCAL_SOONG_STATIC_LIBRARY_EXTRA_PACKAGES :=
LOCAL_SOONG_SYMBOL_PATH :=
LOCAL_SOONG_TOC :=
@@ -296,6 +297,7 @@ LOCAL_USE_VNDK:=
LOCAL_USES_LIBRARIES:=
LOCAL_VENDOR_MODULE:=
LOCAL_VINTF_FRAGMENTS:=
LOCAL_VNDK_DEPEND_ON_CORE_VARIANT:=
LOCAL_VTSC_FLAGS:=
LOCAL_VTS_INCLUDES:=
LOCAL_VTS_MODE:=

33
core/definitions.mk
View File

@@ -649,6 +649,18 @@ define module-installed-files
$(foreach module,$(1),$(ALL_MODULES.$(module).INSTALLED))
endef
###########################################################
## Convert a list of short modules names (e.g., "framework", "Browser")
## into the list of files that are built *for the target* for those modules.
## NOTE: this won't return reliable results until after all
## sub-makefiles have been included.
## $(1): target list
###########################################################
define module-target-built-files
$(foreach module,$(1),$(ALL_MODULES.$(module).TARGET_BUILT))
endef
###########################################################
## Convert a list of short modules names (e.g., "framework", "Browser")
## into the list of files that should be used when linking
@@ -3300,10 +3312,12 @@ include $(BUILD_SYSTEM)/distdir.mk
# $(4): Whether LOCAL_EXPORT_PACKAGE_RESOURCES is set or
# not for the source module.
# $(5): Resource overlay list.
# $(6): Target partition
###########################################################
define append_enforce_rro_sources
$(eval ENFORCE_RRO_SOURCES += \
$(strip $(1))||$(strip $(2))||$(strip $(3))||$(strip $(4))||$(call normalize-path-list, $(strip $(5))))
$(strip $(1))||$(strip $(2))||$(strip $(3))||$(strip $(4))||$(call normalize-path-list, $(strip $(5)))||$(strip $(6)) \
)
endef
###########################################################
@@ -3318,6 +3332,7 @@ $(foreach source,$(ENFORCE_RRO_SOURCES), \
$(eval enforce_rro_source_manifest_package_info := $(word 3,$(_o))) \
$(eval enforce_rro_use_res_lib := $(word 4,$(_o))) \
$(eval enforce_rro_source_overlays := $(subst :, ,$(word 5,$(_o)))) \
$(eval enforce_rro_partition := $(word 6,$(_o))) \
$(eval include $(BUILD_SYSTEM)/generate_enforce_rro.mk) \
$(eval ALL_MODULES.$$(enforce_rro_source_module).REQUIRED += $$(LOCAL_PACKAGE_NAME)) \
)
@@ -3386,3 +3401,19 @@ $(KATI_obsolete_var \
initialize-package-file \
add-jni-shared-libs-to-package,\
These functions have been removed)
###########################################################
## Verify the variants of a VNDK library are identical
##
## $(1): Path to the core variant shared library file.
## $(2): Path to the vendor variant shared library file.
## $(3): TOOLS_PREFIX
###########################################################
LIBRARY_IDENTITY_CHECK_SCRIPT := build/make/tools/check_identical_lib.sh
define verify-vndk-libs-identical
@echo "Checking VNDK vendor variant: $(2)"
$(hide) CLANG_BIN="$(LLVM_PREBUILTS_PATH)" \
CROSS_COMPILE="$(strip $(3))" \
XZ="$(XZ)" \
$(LIBRARY_IDENTITY_CHECK_SCRIPT) $(SOONG_STRIP_PATH) $(1) $(2)
endef

1
core/dpi_specific_apk.mk
View File

@@ -67,6 +67,7 @@ endif
ALL_MODULES += $(dpi_apk_name)
ALL_MODULES.$(dpi_apk_name).CLASS := APPS
ALL_MODULES.$(dpi_apk_name).BUILT := $(built_dpi_apk)
ALL_MODULES.$(dpi_apk_name).TARGET_BUILT := $(built_dpi_apk)
PACKAGES := $(PACKAGES) $(dpi_apk_name)
PACKAGES.$(dpi_apk_name).PRIVATE_KEY := $(private_key)
PACKAGES.$(dpi_apk_name).CERTIFICATE := $(certificate)

20
core/generate_enforce_rro.mk
View File

@@ -1,6 +1,6 @@
include $(CLEAR_VARS)
enforce_rro_module := $(enforce_rro_source_module)__auto_generated_rro
enforce_rro_module := $(enforce_rro_source_module)__auto_generated_rro_$(enforce_rro_partition)
LOCAL_PACKAGE_NAME := $(enforce_rro_module)
intermediates := $(call intermediates-dir-for,APPS,$(LOCAL_PACKAGE_NAME),,COMMON)
@@ -14,10 +14,17 @@ $(rro_android_manifest_file): $(enforce_rro_source_manifest_package_info)
endif
$(rro_android_manifest_file): PRIVATE_PACKAGE_INFO := $(enforce_rro_source_manifest_package_info)
$(rro_android_manifest_file): PRIVATE_USE_PACKAGE_NAME := $(use_package_name_arg)
$(rro_android_manifest_file): PRIVATE_PARTITION := $(enforce_rro_partition)
# There should be no duplicate overrides, but just in case, set the priority of
# /product overlays to be higher than /vendor, to at least get deterministic results.
$(rro_android_manifest_file): PRIVATE_PRIORITY := $(if $(filter product,$(enforce_rro_partition)),1,0)
$(rro_android_manifest_file): build/make/tools/generate-enforce-rro-android-manifest.py
$(hide) build/make/tools/generate-enforce-rro-android-manifest.py \
--package-info $(PRIVATE_PACKAGE_INFO) \
$(use_package_name_arg) \
$(PRIVATE_USE_PACKAGE_NAME) \
--partition $(PRIVATE_PARTITION) \
--priority $(PRIVATE_PRIORITY) \
-o $@
LOCAL_PATH:= $(intermediates)
@@ -31,7 +38,14 @@ LOCAL_CERTIFICATE := platform
LOCAL_AAPT_FLAGS += --auto-add-overlay
LOCAL_RESOURCE_DIR := $(enforce_rro_source_overlays)
LOCAL_PRODUCT_MODULE := true
ifeq (product,$(enforce_rro_partition))
LOCAL_PRODUCT_MODULE := true
else ifeq (vendor,$(enforce_rro_partition))
LOCAL_VENDOR_MODULE := true
else
$(error Unsupported partition. Want: [vendor/product] Got: [$(enforce_rro_partition)])
endif
ifneq (,$(LOCAL_RES_LIBRARIES))
# Technically we are linking against the app (if only to grab its resources),

4
core/install_jni_libs_internal.mk
View File

@@ -113,12 +113,12 @@ my_link_type := app:sdk
my_warn_types := native:platform $(my_warn_ndk_types)
my_allowed_types := $(my_allowed_ndk_types)
ifneq (,$(filter true,$(LOCAL_VENDOR_MODULE) $(LOCAL_ODM_MODULE) $(LOCAL_PROPRIETARY_MODULE)))
my_allowed_types += native:vendor native:vndk
my_allowed_types += native:vendor native:vndk native:platform_vndk
endif
else
my_link_type := app:platform
my_warn_types := $(my_warn_ndk_types)
my_allowed_types := $(my_allowed_ndk_types) native:platform native:vendor native:vndk native:vndk_private
my_allowed_types := $(my_allowed_ndk_types) native:platform native:vendor native:vndk native:vndk_private native:platform_vndk
endif
my_link_deps := $(addprefix SHARED_LIBRARIES:,$(LOCAL_JNI_SHARED_LIBRARIES))

2
core/local_systemsdk.mk
View File

@@ -25,7 +25,7 @@ ifdef BOARD_SYSTEMSDK_VERSIONS
ifneq (,$(filter JAVA_LIBRARIES APPS,$(LOCAL_MODULE_CLASS)))
ifndef LOCAL_SDK_VERSION
ifeq ($(_is_vendor_app),true)
ifeq (,$(filter %__auto_generated_rro,$(LOCAL_MODULE)))
ifeq (,$(filter %__auto_generated_rro_vendor,$(LOCAL_MODULE)))
# Runtime resource overlays are exempted from building against System SDK.
# TODO(b/35859726): remove this exception
LOCAL_SDK_VERSION := system_current

7
core/main.mk
View File

@@ -501,6 +501,10 @@ ifndef subdir_makefiles_total
subdir_makefiles_total := $(words init post finish)
endif
droid_targets: no_vendor_variant_vndk_check
.PHONY: no_vendor_variant_vndk_check
no_vendor_variant_vndk_check:
$(info [$(call inc_and_print,subdir_makefiles_inc)/$(subdir_makefiles_total)] finishing build rules ...)
# -------------------------------------------------------------------
@@ -1202,7 +1206,8 @@ ifdef FULL_BUILD
# Fakes don't get installed, host files are irrelevant, and NDK stubs aren't installed to device.
static_whitelist_patterns := $(TARGET_OUT_FAKE)/% $(HOST_OUT)/% $(SOONG_OUT_DIR)/ndk/%
# RROs become REQUIRED by the source module, but are always placed on the vendor partition.
static_whitelist_patterns += %__auto_generated_rro.apk
static_whitelist_patterns += %__auto_generated_rro_product.apk
static_whitelist_patterns += %__auto_generated_rro_vendor.apk
# Auto-included targets are not considered
static_whitelist_patterns += $(call module-installed-files,$(call auto-included-modules))
# $(PRODUCT_OUT)/apex is where shared libraries in APEXes get installed.

46
core/package_internal.mk
View File

@@ -132,21 +132,26 @@ else ifneq (,$(filter $(LOCAL_PACKAGE_NAME), $(PRODUCT_ENFORCE_RRO_TARGETS)))
enforce_rro_enabled := true
endif
all_package_resource_overlays := $(strip \
product_package_overlays := $(strip \
$(wildcard $(foreach dir, $(PRODUCT_PACKAGE_OVERLAYS), \
$(addprefix $(dir)/, $(LOCAL_RESOURCE_DIR)))) \
$(addprefix $(dir)/, $(LOCAL_RESOURCE_DIR)))))
device_package_overlays := $(strip \
$(wildcard $(foreach dir, $(DEVICE_PACKAGE_OVERLAYS), \
$(addprefix $(dir)/, $(LOCAL_RESOURCE_DIR)))))
static_resource_overlays :=
runtime_resource_overlays :=
runtime_resource_overlays_product :=
runtime_resource_overlays_vendor :=
ifdef enforce_rro_enabled
ifneq ($(PRODUCT_ENFORCE_RRO_EXCLUDED_OVERLAYS),)
static_resource_overlays += $(filter $(addsuffix %,$(PRODUCT_ENFORCE_RRO_EXCLUDED_OVERLAYS)),$(all_package_resource_overlays))
# The PRODUCT_ exclusion variable applies to both inclusion variables..
static_resource_overlays += $(filter $(addsuffix %,$(PRODUCT_ENFORCE_RRO_EXCLUDED_OVERLAYS)),$(product_package_overlays))
static_resource_overlays += $(filter $(addsuffix %,$(PRODUCT_ENFORCE_RRO_EXCLUDED_OVERLAYS)),$(device_package_overlays))
endif
runtime_resource_overlays := $(filter-out $(static_resource_overlays),$(all_package_resource_overlays))
runtime_resource_overlays_product := $(filter-out $(static_resource_overlays),$(product_package_overlays))
runtime_resource_overlays_vendor := $(filter-out $(static_resource_overlays),$(device_package_overlays))
else
static_resource_overlays := $(all_package_resource_overlays)
static_resource_overlays := $(product_package_overlays) $(device_package_overlays)
endif
# Add the static overlays. Auto-RRO is created later, as it depends on
@@ -790,7 +795,7 @@ endif # skip_definition
# Reset internal variables.
all_res_assets :=
ifdef runtime_resource_overlays
ifneq (,$(runtime_resource_overlays_product)$(runtime_resource_overlays_vendor))
ifdef LOCAL_EXPORT_PACKAGE_RESOURCES
enforce_rro_use_res_lib := true
else
@@ -805,11 +810,24 @@ ifdef runtime_resource_overlays
enforce_rro_manifest_package_info := $(full_android_manifest)
endif
$(call append_enforce_rro_sources, \
$(my_register_name), \
$(enforce_rro_is_manifest_package_name), \
$(enforce_rro_manifest_package_info), \
$(enforce_rro_use_res_lib), \
$(runtime_resource_overlays) \
)
ifdef runtime_resource_overlays_product
$(call append_enforce_rro_sources, \
$(my_register_name), \
$(enforce_rro_is_manifest_package_name), \
$(enforce_rro_manifest_package_info), \
$(enforce_rro_use_res_lib), \
$(runtime_resource_overlays_product), \
product \
)
endif
ifdef runtime_resource_overlays_vendor
$(call append_enforce_rro_sources, \
$(my_register_name), \
$(enforce_rro_is_manifest_package_name), \
$(enforce_rro_manifest_package_info), \
$(enforce_rro_use_res_lib), \
$(runtime_resource_overlays_vendor), \
vendor \
)
endif
endif

17
core/soong_app_prebuilt.mk
View File

@@ -159,13 +159,26 @@ my_common := COMMON
include $(BUILD_SYSTEM)/link_type.mk
endif # !LOCAL_IS_HOST_MODULE
ifdef LOCAL_SOONG_RRO_DIRS
ifdef LOCAL_SOONG_DEVICE_RRO_DIRS
$(call append_enforce_rro_sources, \
$(my_register_name), \
false, \
$(LOCAL_FULL_MANIFEST_FILE), \
$(if $(LOCAL_EXPORT_PACKAGE_RESOURCES),true,false), \
$(LOCAL_SOONG_RRO_DIRS))
$(LOCAL_SOONG_DEVICE_RRO_DIRS), \
vendor \
)
endif
ifdef LOCAL_SOONG_PRODUCT_RRO_DIRS
$(call append_enforce_rro_sources, \
$(my_register_name), \
false, \
$(LOCAL_FULL_MANIFEST_FILE), \
$(if $(LOCAL_EXPORT_PACKAGE_RESOURCES),true,false), \
$(LOCAL_SOONG_PRODUCT_RRO_DIRS), \
product \
)
endif
SOONG_ALREADY_CONV := $(SOONG_ALREADY_CONV) $(LOCAL_MODULE)

62
core/soong_cc_prebuilt.mk
View File

@@ -86,11 +86,13 @@ ifneq ($(filter STATIC_LIBRARIES SHARED_LIBRARIES HEADER_LIBRARIES,$(LOCAL_MODUL
endif
ifdef LOCAL_USE_VNDK
name_without_suffix := $(patsubst %.vendor,%,$(LOCAL_MODULE))
ifneq ($(name_without_suffix),$(LOCAL_MODULE)
SPLIT_VENDOR.$(LOCAL_MODULE_CLASS).$(name_without_suffix) := 1
ifneq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
name_without_suffix := $(patsubst %.vendor,%,$(LOCAL_MODULE))
ifneq ($(name_without_suffix),$(LOCAL_MODULE)
SPLIT_VENDOR.$(LOCAL_MODULE_CLASS).$(name_without_suffix) := 1
endif
name_without_suffix :=
endif
name_without_suffix :=
endif
# Check prebuilt ELF binaries.
@@ -113,27 +115,52 @@ ifdef LOCAL_INSTALLED_MODULE
endif
endif
ifeq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
# Add $(LOCAL_BUILT_MODULE) as a dependency to no_vendor_variant_vndk_check so
# that the vendor variant will be built and checked against the core variant.
no_vendor_variant_vndk_check: $(LOCAL_BUILT_MODULE)
my_core_register_name := $(subst .vendor,,$(my_register_name))
my_core_variant_files := $(call module-target-built-files,$(my_core_register_name))
my_core_shared_lib := $(sort $(filter %.so,$(my_core_variant_files)))
$(LOCAL_BUILT_MODULE): PRIVATE_CORE_VARIANT := $(my_core_shared_lib)
# The built vendor variant library needs to depend on the built core variant
# so that we can perform identity check against the core variant.
$(LOCAL_BUILT_MODULE): $(my_core_shared_lib)
endif
ifeq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
$(LOCAL_BUILT_MODULE): $(LOCAL_PREBUILT_MODULE_FILE) $(LIBRARY_IDENTITY_CHECK_SCRIPT)
$(call verify-vndk-libs-identical,\
$(PRIVATE_CORE_VARIANT),\
$<,\
$($(LOCAL_2ND_ARCH_VAR_PREFIX)$(my_prefix)TOOLS_PREFIX))
$(copy-file-to-target)
else
$(LOCAL_BUILT_MODULE): $(LOCAL_PREBUILT_MODULE_FILE)
$(transform-prebuilt-to-target)
endif
ifneq ($(filter EXECUTABLES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),)
$(hide) chmod +x $@
endif
ifndef LOCAL_IS_HOST_MODULE
ifdef LOCAL_SOONG_UNSTRIPPED_BINARY
my_symbol_path := $(if $(LOCAL_SOONG_SYMBOL_PATH),$(LOCAL_SOONG_SYMBOL_PATH),$(my_module_path))
# Store a copy with symbols for symbolic debugging
my_unstripped_path := $(TARGET_OUT_UNSTRIPPED)/$(patsubst $(PRODUCT_OUT)/%,%,$(my_symbol_path))
# drop /root as /root is mounted as /
my_unstripped_path := $(patsubst $(TARGET_OUT_UNSTRIPPED)/root/%,$(TARGET_OUT_UNSTRIPPED)/%, $(my_unstripped_path))
symbolic_output := $(my_unstripped_path)/$(my_installed_module_stem)
$(eval $(call copy-one-file,$(LOCAL_SOONG_UNSTRIPPED_BINARY),$(symbolic_output)))
$(call add-dependency,$(LOCAL_BUILT_MODULE),$(symbolic_output))
ifneq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
my_symbol_path := $(if $(LOCAL_SOONG_SYMBOL_PATH),$(LOCAL_SOONG_SYMBOL_PATH),$(my_module_path))
# Store a copy with symbols for symbolic debugging
my_unstripped_path := $(TARGET_OUT_UNSTRIPPED)/$(patsubst $(PRODUCT_OUT)/%,%,$(my_symbol_path))
# drop /root as /root is mounted as /
my_unstripped_path := $(patsubst $(TARGET_OUT_UNSTRIPPED)/root/%,$(TARGET_OUT_UNSTRIPPED)/%, $(my_unstripped_path))
symbolic_output := $(my_unstripped_path)/$(my_installed_module_stem)
$(eval $(call copy-one-file,$(LOCAL_SOONG_UNSTRIPPED_BINARY),$(symbolic_output)))
$(call add-dependency,$(LOCAL_BUILT_MODULE),$(symbolic_output))
ifeq ($(BREAKPAD_GENERATE_SYMBOLS),true)
my_breakpad_path := $(TARGET_OUT_BREAKPAD)/$(patsubst $(PRODUCT_OUT)/%,%,$(my_symbol_path))
breakpad_output := $(my_breakpad_path)/$(my_installed_module_stem).sym
$(breakpad_output) : $(LOCAL_SOONG_UNSTRIPPED_BINARY) | $(BREAKPAD_DUMP_SYMS) $(PRIVATE_READELF)
ifeq ($(BREAKPAD_GENERATE_SYMBOLS),true)
my_breakpad_path := $(TARGET_OUT_BREAKPAD)/$(patsubst $(PRODUCT_OUT)/%,%,$(my_symbol_path))
breakpad_output := $(my_breakpad_path)/$(my_installed_module_stem).sym
$(breakpad_output) : $(LOCAL_SOONG_UNSTRIPPED_BINARY) | $(BREAKPAD_DUMP_SYMS) $(PRIVATE_READELF)
@echo "target breakpad: $(PRIVATE_MODULE) ($@)"
@mkdir -p $(dir $@)
$(hide) if $(PRIVATE_READELF) -S $< > /dev/null 2>&1 ; then \
@@ -142,7 +169,8 @@ ifndef LOCAL_IS_HOST_MODULE
echo "skipped for non-elf file."; \
touch $@; \
fi
$(call add-dependency,$(LOCAL_BUILT_MODULE),$(breakpad_output))
$(call add-dependency,$(LOCAL_BUILT_MODULE),$(breakpad_output))
endif
endif
endif
endif

5
core/soong_config.mk
View File

@@ -61,7 +61,8 @@ $(call add_json_str, CrossHost, $(HOST_CROSS_OS))
$(call add_json_str, CrossHostArch, $(HOST_CROSS_ARCH))
$(call add_json_str, CrossHostSecondaryArch, $(HOST_CROSS_2ND_ARCH))
$(call add_json_list, ResourceOverlays, $(PRODUCT_PACKAGE_OVERLAYS) $(DEVICE_PACKAGE_OVERLAYS))
$(call add_json_list, DeviceResourceOverlays, $(DEVICE_PACKAGE_OVERLAYS))
$(call add_json_list, ProductResourceOverlays, $(PRODUCT_PACKAGE_OVERLAYS))
$(call add_json_list, EnforceRROTargets, $(PRODUCT_ENFORCE_RRO_TARGETS))
$(call add_json_list, EnforceRROExcludedOverlays, $(PRODUCT_ENFORCE_RRO_EXCLUDED_OVERLAYS))
@@ -115,6 +116,8 @@ $(call add_json_list, ModulesLoadedByPrivilegedModules, $(PRODUCT_LOADED_BY_PRI
$(call add_json_list, BootJars, $(PRODUCT_BOOT_JARS))
$(call add_json_bool, VndkUseCoreVariant, $(TARGET_VNDK_USE_CORE_VARIANT))
$(call add_json_bool, Product_is_iot, $(filter true,$(PRODUCT_IOT)))
$(call add_json_bool, Treble_linker_namespaces, $(filter true,$(PRODUCT_TREBLE_LINKER_NAMESPACES)))

4
target/board/BoardConfigGsiCommon.mk
View File

@@ -6,9 +6,6 @@
include build/make/target/board/BoardConfigMainlineCommon.mk
# Enable system property split for Treble
BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
# This flag is set by mainline but isn't desired for GSI.
BOARD_USES_SYSTEM_OTHER_ODEX :=
@@ -27,6 +24,7 @@ BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE := 67108864
# GSI forces product packages to /system for now.
TARGET_COPY_OUT_PRODUCT := system/product
BOARD_PRODUCTIMAGE_FILE_SYSTEM_TYPE :=
# Creates metadata partition mount point under root for
# the devices with metadata parition

10
target/board/BoardConfigMainlineCommon.mk
View File

@@ -10,7 +10,10 @@ TARGET_USERIMAGES_USE_EXT4 := true
# Mainline devices must have /vendor and /product partitions.
TARGET_COPY_OUT_VENDOR := vendor
BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE := ext4
TARGET_COPY_OUT_PRODUCT := product
BOARD_PRODUCTIMAGE_FILE_SYSTEM_TYPE := ext4
# system-as-root is mandatory from Android P
TARGET_NO_RECOVERY := true
@@ -39,3 +42,10 @@ BOARD_AVB_ENABLE := true
BOARD_AVB_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
BOARD_CHARGER_ENABLE_SUSPEND := true
# Enable A/B update
AB_OTA_UPDATER := true
AB_OTA_PARTITIONS := system
# Enable system property split for Treble
BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true

2
target/product/base_system.mk
View File

@@ -73,7 +73,7 @@ PRODUCT_PACKAGES += \
dpm \
dumpstate \
dumpsys \
DynamicAndroidInstallationService \
DynamicSystemInstallationService \
e2fsck \
ExtServices \
ExtShared \

12
target/product/gsi/adb_debug.prop Normal file
View File

@@ -0,0 +1,12 @@
# Note: This file will be loaded with highest priority to override
# other system properties, if a special ramdisk with "/force_debuggable"
# is used and the device is unlocked.
# Disable adb authentication to allow test automation on user build GSI
ro.adb.secure=0
# Allow 'adb root' on user build GSI
ro.debuggable=1
# Introduce this property to indicate that init has loaded adb_debug.prop
ro.force.debuggable=1

10
target/product/gsi_common.mk
View File

@@ -51,23 +51,19 @@ PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST += %.odex %.vdex %.art
PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST += \
system/etc/init/config/skip_mount.cfg \
system/etc/init/init.gsi.rc \
system/etc/adb_debug.prop \
# Exclude all files under system/product and system/product_services
PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST += \
system/product/% \
system/product_services/%
# Split selinux policy
PRODUCT_FULL_TREBLE_OVERRIDE := true
# Enable dynamic partition size
PRODUCT_USE_DYNAMIC_PARTITION_SIZE := true
# Enable A/B update
AB_OTA_UPDATER := true
AB_OTA_PARTITIONS := system
# Needed by Pi newly launched device to pass VtsTrebleSysProp on GSI
PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE := true
@@ -97,3 +93,7 @@ PRODUCT_COPY_FILES += \
# Provide a libnfc-nci.conf to GSI product
PRODUCT_COPY_FILES += \
device/generic/common/nfc/libnfc-nci.conf:$(TARGET_COPY_OUT_PRODUCT)/etc/libnfc-nci.conf
# Allow 'adb root' on user build GSI
PRODUCT_COPY_FILES += \
build/make/target/product/gsi/adb_debug.prop:$(TARGET_COPY_OUT_SYSTEM)/etc/adb_debug.prop

10
target/product/mainline_system_arm64.mk
View File

@@ -18,6 +18,16 @@ $(call inherit-product, $(SRC_TARGET_DIR)/product/core_64_bit.mk)
$(call inherit-product, $(SRC_TARGET_DIR)/product/mainline_system.mk)
$(call enforce-product-packages-exist,)
PRODUCT_BUILD_CACHE_IMAGE := false
PRODUCT_BUILD_ODM_IMAGE := false
PRODUCT_BUILD_PRODUCT_IMAGE := false
PRODUCT_BUILD_PRODUCT_SERVICES_IMAGE := false
PRODUCT_BUILD_RAMDISK_IMAGE := false
PRODUCT_BUILD_SYSTEM_IMAGE := true
PRODUCT_BUILD_SYSTEM_OTHER_IMAGE := false
PRODUCT_BUILD_USERDATA_IMAGE := false
PRODUCT_BUILD_VENDOR_IMAGE := false
PRODUCT_NAME := mainline_system_arm64
PRODUCT_DEVICE := mainline_arm64
PRODUCT_BRAND := generic

17
tools/check_elf_file.py
View File

@@ -260,13 +260,20 @@ class ELFParser(object):
_SYMBOL_ENTRY_END_PATTERN = ' }'
@classmethod
def _parse_symbol_name(cls, name_with_version):
@staticmethod
def _parse_symbol_name(name_with_version):
"""Split `name_with_version` into name and version. This function may split
at last occurrence of `@@` or `@`."""
name, version = name_with_version.rsplit('@', 1)
if name and name[-1] == '@':
name = name[:-1]
pos = name_with_version.rfind('@')
if pos == -1:
name = name_with_version
version = ''
else:
if pos > 0 and name_with_version[pos - 1] == '@':
name = name_with_version[0:pos - 1]
else:
name = name_with_version[0:pos]
version = name_with_version[pos + 1:]
return (name, version)

30
tools/check_identical_lib.sh Executable file
View File

@@ -0,0 +1,30 @@
#!/bin/bash
set -e
STRIP_PATH="${1}"
CORE="${2}"
VENDOR="${3}"
stripped_core="${CORE}.vndk_lib_check.stripped"
stripped_vendor="${VENDOR}.vndk_lib_check.stripped"
function cleanup() {
rm -f ${stripped_core} ${stripped_vendor}
}
trap cleanup EXIT
function strip_lib() {
${STRIP_PATH} \
-i ${1} \
-o ${2} \
-d /dev/null \
--remove-build-id
}
strip_lib ${CORE} ${stripped_core}
strip_lib ${VENDOR} ${stripped_vendor}
if ! cmp -s ${stripped_core} ${stripped_vendor}; then
echo "VNDK library not in vndkMustUseVendorVariantList but has different core and vendor variant: $(basename ${CORE})"
echo "If the two variants need to have different runtime behavior, consider using libvndksupport."
exit 1
fi

14
tools/generate-enforce-rro-android-manifest.py
View File

@@ -23,10 +23,10 @@ import os
import sys
ANDROID_MANIFEST_TEMPLATE="""<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="%s.auto_generated_rro__"
package="%s.auto_generated_rro_%s__"
android:versionCode="1"
android:versionName="1.0">
<overlay android:targetPackage="%s" android:priority="0" android:isStatic="true"/>
<overlay android:targetPackage="%s" android:priority="%s" android:isStatic="true"/>
</manifest>
"""
@@ -39,6 +39,12 @@ def get_args():
parser.add_argument(
'-p', '--package-info', required=True,
help='Manifest package name or manifest file path of source module.')
parser.add_argument(
'--partition', required=True,
help='The partition this RRO package is installed on.')
parser.add_argument(
'--priority', required=True,
help='The priority for the <overlay>.')
parser.add_argument(
'-o', '--output', required=True,
help='Output manifest file path.')
@@ -48,6 +54,8 @@ def get_args():
def main(argv):
args = get_args()
partition = args.partition
priority = args.priority
if args.use_package_name:
package_name = args.package_info
else:
@@ -58,7 +66,7 @@ def main(argv):
package_name = dom.documentElement.getAttribute('package')
with open(args.output, 'w+') as f:
f.write(ANDROID_MANIFEST_TEMPLATE % (package_name, package_name))
f.write(ANDROID_MANIFEST_TEMPLATE % (package_name, partition, package_name, priority))
f.close()

23
tools/releasetools/build_image.py
View File

@@ -740,28 +740,6 @@ def SaveGlobalDict(filename, glob_dict):
f.writelines(["%s=%s" % (key, value) for (key, value) in glob_dict.items()])
def ExtractSystemOtherAvbKey(in_dir, glob_dict):
if glob_dict.get("avb_system_extract_system_other_key") != "true":
return
extract_to = os.path.join(in_dir, "etc/security/avb/system_other.avbpubkey")
extract_to_dir = os.path.dirname(extract_to)
if os.path.isdir(extract_to_dir):
shutil.rmtree(extract_to_dir)
elif os.path.isfile(extract_to_dir):
os.remove(extract_to_dir)
os.mkdir(extract_to_dir);
# Extracts the public key used to sign system_other.img, into system.img:
# /system/etc/security/avb/system_other.avbpubkey.
avbtool = glob_dict.get("avb_avbtool")
extract_from = glob_dict.get("avb_system_other_key_path")
cmd = [avbtool, "extract_public_key", "--key", extract_from,
"--output", extract_to]
common.RunAndCheckOutput(cmd, verbose=False)
def main(argv):
if len(argv) < 4 or len(argv) > 5:
print(__doc__)
@@ -785,7 +763,6 @@ def main(argv):
mount_point = ""
if image_filename == "system.img":
mount_point = "system"
ExtractSystemOtherAvbKey(in_dir, glob_dict)
elif image_filename == "system_other.img":
mount_point = "system_other"
elif image_filename == "userdata.img":

9
tools/releasetools/check_target_files_signatures.py
View File

@@ -168,6 +168,7 @@ def CertFromPKCS7(data, filename):
class APK(object):
def __init__(self, full_filename, filename):
self.filename = filename
self.certs = None
@@ -244,12 +245,12 @@ class TargetFiles(object):
# must decompress them individually before we perform any analysis.
# This is the list of wildcards of files we extract from |filename|.
apk_extensions = ['*.apk']
apk_extensions = ['*.apk', '*.apex']
self.certmap, compressed_extension = common.ReadApkCerts(
zipfile.ZipFile(filename, "r"))
zipfile.ZipFile(filename))
if compressed_extension:
apk_extensions.append("*.apk" + compressed_extension)
apk_extensions.append('*.apk' + compressed_extension)
d = common.UnzipTemp(filename, apk_extensions)
self.apks = {}
@@ -272,7 +273,7 @@ class TargetFiles(object):
os.remove(os.path.join(dirpath, fn))
fn = uncompressed_fn
if fn.endswith(".apk"):
if fn.endswith(('.apk', '.apex')):
fullname = os.path.join(dirpath, fn)
displayname = fullname[len(d)+1:]
apk = APK(fullname, displayname)

35
tools/releasetools/common.py
View File

@@ -17,6 +17,7 @@ from __future__ import print_function
import collections
import copy
import errno
import fnmatch
import getopt
import getpass
import gzip
@@ -771,21 +772,29 @@ def Gunzip(in_filename, out_filename):
shutil.copyfileobj(in_file, out_file)
def UnzipToDir(filename, dirname, pattern=None):
def UnzipToDir(filename, dirname, patterns=None):
"""Unzips the archive to the given directory.
Args:
filename: The name of the zip file to unzip.
dirname: Where the unziped files will land.
pattern: Files to unzip from the archive. If omitted, will unzip the entire
archvie.
patterns: Files to unzip from the archive. If omitted, will unzip the entire
archvie. Non-matching patterns will be filtered out. If there's no match
after the filtering, no file will be unzipped.
"""
cmd = ["unzip", "-o", "-q", filename, "-d", dirname]
if pattern is not None:
cmd.extend(pattern)
if patterns is not None:
# Filter out non-matching patterns. unzip will complain otherwise.
with zipfile.ZipFile(filename) as input_zip:
names = input_zip.namelist()
filtered = [
pattern for pattern in patterns if fnmatch.filter(names, pattern)]
# There isn't any matching files. Don't unzip anything.
if not filtered:
return
cmd.extend(filtered)
RunAndCheckOutput(cmd)
@@ -999,7 +1008,8 @@ def GetMinSdkVersionInt(apk_name, codename_to_api_level_map):
def SignFile(input_name, output_name, key, password, min_api_level=None,
codename_to_api_level_map=None, whole_file=False):
codename_to_api_level_map=None, whole_file=False,
extra_signapk_args=None):
"""Sign the input_name zip/jar/apk, producing output_name. Use the
given key and password (the latter may be None if the key does not
have a password.
@@ -1014,9 +1024,14 @@ def SignFile(input_name, output_name, key, password, min_api_level=None,
codename_to_api_level_map is needed to translate the codename which may be
encountered as the APK's minSdkVersion.
Caller may optionally specify extra args to be passed to SignApk, which
defaults to OPTIONS.extra_signapk_args if omitted.
"""
if codename_to_api_level_map is None:
codename_to_api_level_map = {}
if extra_signapk_args is None:
extra_signapk_args = OPTIONS.extra_signapk_args
java_library_path = os.path.join(
OPTIONS.search_path, OPTIONS.signapk_shared_library_path)
@@ -1024,7 +1039,7 @@ def SignFile(input_name, output_name, key, password, min_api_level=None,
cmd = ([OPTIONS.java_path] + OPTIONS.java_args +
["-Djava.library.path=" + java_library_path,
"-jar", os.path.join(OPTIONS.search_path, OPTIONS.signapk_path)] +
OPTIONS.extra_signapk_args)
extra_signapk_args)
if whole_file:
cmd.append("-w")

34
tools/releasetools/merge_target_files.py
View File

@@ -204,13 +204,19 @@ def read_config_list(config_file_path):
return config_file.read().splitlines()
def validate_config_lists(system_item_list, other_item_list):
def validate_config_lists(
system_item_list,
system_misc_info_keys,
other_item_list):
"""Performs validations on the merge config lists.
Args:
system_item_list: The list of items to extract from the partial
system target files package as is.
system_misc_info_keys: A list of keys to obtain from the system instance
of META/misc_info.txt. The remaining keys from the other instance.
other_item_list: The list of items to extract from the partial
other target files package as is.
@@ -233,6 +239,12 @@ def validate_config_lists(system_item_list, other_item_list):
'this script.')
return False
if ('dynamic_partition_list' in system_misc_info_keys) or (
'super_partition_groups' in system_misc_info_keys):
logger.error('Dynamic partition misc info keys should come from '
'the other instance of META/misc_info.txt.')
return False
return True
@@ -331,6 +343,25 @@ def process_misc_info_txt(
for key in system_misc_info_keys:
merged_info_dict[key] = system_info_dict[key]
# Merge misc info keys used for Dynamic Partitions.
if (merged_info_dict.get('use_dynamic_partitions') == 'true') and (
system_info_dict.get('use_dynamic_partitions') == 'true'):
merged_info_dict['dynamic_partition_list'] = '%s %s' % (
system_info_dict.get('dynamic_partition_list', ''),
merged_info_dict.get('dynamic_partition_list', ''))
# Partition groups and group sizes are defined by the other (non-system)
# misc info file because these values may vary for each board that uses
# a shared system image.
for partition_group in merged_info_dict['super_partition_groups'].split(' '):
if ('super_%s_group_size' % partition_group) not in merged_info_dict:
raise common.ExternalError(
'Other META/misc_info.txt does not contain required key '
'super_%s_group_size.' % partition_group)
key = 'super_%s_partition_list' % partition_group
merged_info_dict[key] = '%s %s' % (
system_info_dict.get(key, ''),
merged_info_dict.get(key, ''))
output_misc_info_txt = os.path.join(
output_target_files_temp_dir,
'META', 'misc_info.txt')
@@ -717,6 +748,7 @@ def main():
if not validate_config_lists(
system_item_list=system_item_list,
system_misc_info_keys=system_misc_info_keys,
other_item_list=other_item_list):
sys.exit(1)

9
tools/releasetools/ota_from_target_files.py
View File

@@ -236,7 +236,7 @@ METADATA_NAME = 'META-INF/com/android/metadata'
POSTINSTALL_CONFIG = 'META/postinstall_config.txt'
DYNAMIC_PARTITION_INFO = 'META/dynamic_partitions_info.txt'
AB_PARTITIONS = 'META/ab_partitions.txt'
UNZIP_PATTERN = ['IMAGES/*', 'META/*']
UNZIP_PATTERN = ['IMAGES/*', 'META/*', 'RADIO/*']
RETROFIT_DAP_UNZIP_PATTERN = ['OTA/super_*.img', AB_PARTITIONS]
@@ -1802,12 +1802,7 @@ def GetTargetFilesZipForSecondaryImages(input_file, skip_postinstall=False):
infolist = input_zip.infolist()
namelist = input_zip.namelist()
# Additionally unzip 'RADIO/*' if exists.
unzip_pattern = UNZIP_PATTERN[:]
if any([entry.startswith('RADIO/') for entry in namelist]):
unzip_pattern.append('RADIO/*')
input_tmp = common.UnzipTemp(input_file, unzip_pattern)
input_tmp = common.UnzipTemp(input_file, UNZIP_PATTERN)
for info in infolist:
unzipped_file = os.path.join(input_tmp, *info.filename.split('/'))
if info.filename == 'IMAGES/system_other.img':

60
tools/releasetools/sign_target_files_apks.py
View File

@@ -91,12 +91,12 @@ Usage: sign_target_files_apks [flags] input_target_files output_target_files
Replace the veritykeyid in BOOT/cmdline of input_target_file_zip
with keyid of the cert pointed by <path_to_X509_PEM_cert_file>.
--avb_{boot,system,vendor,dtbo,vbmeta}_algorithm <algorithm>
--avb_{boot,system,vendor,dtbo,vbmeta}_key <key>
--avb_{boot,system,system_other,vendor,dtbo,vbmeta}_algorithm <algorithm>
--avb_{boot,system,system_other,vendor,dtbo,vbmeta}_key <key>
Use the specified algorithm (e.g. SHA256_RSA4096) and the key to AVB-sign
the specified image. Otherwise it uses the existing values in info dict.
--avb_{apex,boot,system,vendor,dtbo,vbmeta}_extra_args <args>
--avb_{apex,boot,system,system_other,vendor,dtbo,vbmeta}_extra_args <args>
Specify any additional args that are needed to AVB-sign the image
(e.g. "--signing_helper /path/to/helper"). The args will be appended to
the existing ones in info dict.
@@ -400,7 +400,6 @@ def SignApex(apex_data, payload_key, container_key, container_pw,
APEX_PAYLOAD_IMAGE = 'apex_payload.img'
# Signing an APEX is a two step process.
# 1. Extract and sign the APEX_PAYLOAD_IMAGE entry with the given payload_key.
payload_dir = common.MakeTempDir(prefix='apex-payload-')
with zipfile.ZipFile(apex_file) as apex_fd:
@@ -420,21 +419,28 @@ def SignApex(apex_data, payload_key, container_key, container_pw,
common.ZipWrite(apex_zip, payload_file, arcname=APEX_PAYLOAD_IMAGE)
common.ZipClose(apex_zip)
# 2. Sign the overall APEX container with container_key.
# 2. Align the files at page boundary (same as in apexer).
aligned_apex = common.MakeTempFile(
prefix='apex-container-', suffix='.apex')
common.RunAndCheckOutput(
['zipalign', '-f', '4096', apex_file, aligned_apex])
# 3. Sign the APEX container with container_key.
signed_apex = common.MakeTempFile(prefix='apex-container-', suffix='.apex')
# Specify the 4K alignment when calling SignApk.
extra_signapk_args = OPTIONS.extra_signapk_args[:]
extra_signapk_args.extend(['-a', '4096'])
common.SignFile(
apex_file,
aligned_apex,
signed_apex,
container_key,
container_pw,
codename_to_api_level_map=codename_to_api_level_map)
codename_to_api_level_map=codename_to_api_level_map,
extra_signapk_args=extra_signapk_args)
signed_and_aligned_apex = common.MakeTempFile(
prefix='apex-container-', suffix='.apex')
common.RunAndCheckOutput(
['zipalign', '-f', '4096', signed_apex, signed_and_aligned_apex])
return (signed_and_aligned_apex, payload_info['apex.key'])
return (signed_apex, payload_info['apex.key'])
def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
@@ -584,11 +590,23 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
elif filename == "META/care_map.pb" or filename == "META/care_map.txt":
pass
# Updates system_other.avbpubkey in /product/etc/.
elif filename in (
"PRODUCT/etc/security/avb/system_other.avbpubkey",
"SYSTEM/product/etc/security/avb/system_other.avbpubkey"):
# Only update system_other's public key, if the corresponding signing
# key is specified via --avb_system_other_key.
signing_key = OPTIONS.avb_keys.get("system_other")
if signing_key:
public_key = common.ExtractAvbPublicKey(signing_key)
print(" Rewriting AVB public key of system_other in /product")
common.ZipWrite(output_tf_zip, public_key, filename)
# A non-APK file; copy it verbatim.
else:
common.ZipWriteStr(output_tf_zip, out_info, data)
# Update APEX payload public keys.
# Copy or update APEX payload public keys.
for info in input_tf_zip.infolist():
filename = info.filename
if (os.path.dirname(filename) != 'SYSTEM/etc/security/apex' or
@@ -597,8 +615,10 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
name = os.path.basename(filename)
# Skip PRESIGNED APEXes.
# Copy the keys for PRESIGNED APEXes.
if name not in updated_apex_payload_keys:
data = input_tf_zip.read(filename)
common.ZipWriteStr(output_tf_zip, info, data)
continue
key_path = updated_apex_payload_keys[name]
@@ -934,6 +954,7 @@ def ReplaceAvbSigningKeys(misc_info):
'dtbo' : 'avb_dtbo_add_hash_footer_args',
'recovery' : 'avb_recovery_add_hash_footer_args',
'system' : 'avb_system_add_hashtree_footer_args',
'system_other' : 'avb_system_other_add_hashtree_footer_args',
'vendor' : 'avb_vendor_add_hashtree_footer_args',
'vbmeta' : 'avb_vbmeta_args',
}
@@ -1153,6 +1174,12 @@ def main(argv):
OPTIONS.avb_algorithms['system'] = a
elif o == "--avb_system_extra_args":
OPTIONS.avb_extra_args['system'] = a
elif o == "--avb_system_other_key":
OPTIONS.avb_keys['system_other'] = a
elif o == "--avb_system_other_algorithm":
OPTIONS.avb_algorithms['system_other'] = a
elif o == "--avb_system_other_extra_args":
OPTIONS.avb_extra_args['system_other'] = a
elif o == "--avb_vendor_key":
OPTIONS.avb_keys['vendor'] = a
elif o == "--avb_vendor_algorithm":
@@ -1192,6 +1219,9 @@ def main(argv):
"avb_system_algorithm=",
"avb_system_key=",
"avb_system_extra_args=",
"avb_system_other_algorithm=",
"avb_system_other_key=",
"avb_system_other_extra_args=",
"avb_vendor_algorithm=",
"avb_vendor_key=",
"avb_vendor_extra_args=",

84
tools/releasetools/test_common.py
View File

@@ -359,6 +359,90 @@ class CommonZipTest(test_utils.ReleaseToolsTestCase):
finally:
os.remove(zip_file.name)
@staticmethod
def _test_UnzipTemp_createZipFile():
zip_file = common.MakeTempFile(suffix='.zip')
output_zip = zipfile.ZipFile(
zip_file, 'w', compression=zipfile.ZIP_DEFLATED)
contents = os.urandom(1024)
with tempfile.NamedTemporaryFile() as entry_file:
entry_file.write(contents)
common.ZipWrite(output_zip, entry_file.name, arcname='Test1')
common.ZipWrite(output_zip, entry_file.name, arcname='Test2')
common.ZipWrite(output_zip, entry_file.name, arcname='Foo3')
common.ZipWrite(output_zip, entry_file.name, arcname='Bar4')
common.ZipWrite(output_zip, entry_file.name, arcname='Dir5/Baz5')
common.ZipClose(output_zip)
common.ZipClose(output_zip)
return zip_file
def test_UnzipTemp(self):
zip_file = self._test_UnzipTemp_createZipFile()
unzipped_dir = common.UnzipTemp(zip_file)
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Test1')))
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Test2')))
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Foo3')))
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Bar4')))
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Dir5/Baz5')))
def test_UnzipTemp_withPatterns(self):
zip_file = self._test_UnzipTemp_createZipFile()
unzipped_dir = common.UnzipTemp(zip_file, ['Test1'])
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Test1')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Test2')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Foo3')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Bar4')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Dir5/Baz5')))
unzipped_dir = common.UnzipTemp(zip_file, ['Test1', 'Foo3'])
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Test1')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Test2')))
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Foo3')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Bar4')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Dir5/Baz5')))
unzipped_dir = common.UnzipTemp(zip_file, ['Test*', 'Foo3*'])
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Test1')))
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Test2')))
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Foo3')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Bar4')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Dir5/Baz5')))
unzipped_dir = common.UnzipTemp(zip_file, ['*Test1', '*Baz*'])
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Test1')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Test2')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Foo3')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Bar4')))
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Dir5/Baz5')))
def test_UnzipTemp_withEmptyPatterns(self):
zip_file = self._test_UnzipTemp_createZipFile()
unzipped_dir = common.UnzipTemp(zip_file, [])
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Test1')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Test2')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Foo3')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Bar4')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Dir5/Baz5')))
def test_UnzipTemp_withPartiallyMatchingPatterns(self):
zip_file = self._test_UnzipTemp_createZipFile()
unzipped_dir = common.UnzipTemp(zip_file, ['Test*', 'Nonexistent*'])
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Test1')))
self.assertTrue(os.path.exists(os.path.join(unzipped_dir, 'Test2')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Foo3')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Bar4')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Dir5/Baz5')))
def test_UnzipTemp_withNoMatchingPatterns(self):
zip_file = self._test_UnzipTemp_createZipFile()
unzipped_dir = common.UnzipTemp(zip_file, ['Foo4', 'Nonexistent*'])
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Test1')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Test2')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Foo3')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Bar4')))
self.assertFalse(os.path.exists(os.path.join(unzipped_dir, 'Dir5/Baz5')))
class CommonApkUtilsTest(test_utils.ReleaseToolsTestCase):
"""Tests the APK utils related functions."""