-Wl,-no-undefined is currently disabled for any SANITIZE_TARGET. Limit that to
the sanitizers with a runtime library (i.e. address, thread).
Re-enable the relocation packer for ASan. This has been fixed upstream a long
time ago.
Bug: 27729263
Change-Id: I566df6104de816223dc1c519d41a87629ce9c47c
Only sanitizers that intercept stuff need that. For example,
SafeStack does not, and I think UBSan too.
Bug: 27729263
Change-Id: I413cd46cc6c6914a363a3c53da7954beacd8f0d8
This can be used to selectively disable individual sanitizers on a
target. For example, some parts of libc should be built with
SafeStack (when requested with SANITIZE_TARGET), but never with
AddressSanitizer. Current build rules specify LOCAL_SANITIZE := never
to disable AddressSanitizer; the idea is to change that to
LOCAL_NOSANITIZE := address thread.
Bug: 27729263
Change-Id: I2b770f2ce3faf6ad6798792327e96adb86fe4a4f
add_img_to_target_files.py has an option of "-a" to add missing
images only. Under this option, the script should skip copying
the radio images for A/B devices when given image exists already
under "IMAGES/".
Test: Run the command on an A/B device, the existing radio images under "IMAGES/" don't get overwritten; and missing images are added correctly.
Bug: 29608905
Change-Id: Ie034b85a5d777d53e367f99470cea4d19cb1aaaf
Extracts keyid inline using openssl commands.
The keyid is passed as one of the kernel command line parameters
for the dm-android-verity module to mount root fs(system)
with verity enabled.
(cherry-picked from 3af315aed5https://googleplex-android-review.git.corp.google.com/#/c/1061691/)
BUG: 28384658
Change-Id: I8efbe1b0e415ef1d396f9b51cfa4b3fa01b22484
All instances have disappeared from the build server, so switch this to
error before more turn up.
Change-Id: Iac07526a6e77ebf33733033249f2a108aae3fa7d
Allow exceptions specified by module (VENDOR_EXCEPTION_MODULES) and
path (VENDOR_EXCEPTION_PATHS, not including leading vendor/).
BUG=26968426
Change-Id: I068e43f3eae14f8793c33ae916d46979ab1681d1
system_root_image expects the key at ROOT/verity_key as opposed to
BOOT/verity_key. Also refactor the verity key replacement lines.
Bug: 29397395
Test: 'sign_target_files_apks.py --replace_verity_private_key newkey --replace_verity_public_key newkey.pub target_files.zip signed-target_files.zip' and verify the replaced key in boot.img.
Change-Id: I58a5defff4be008ad55d4b5a5b7148569c3b8d66
(cherry picked from commit e0ee794fa1)
For A/B OTAs, by default it calls 'openssl pkeyutl' to sign the payload
and metadata with the package private key. If the private key cannot be
accessed directly, a payload signer that knows how to do that should be
supplied via "--payload_signer <signer>".
The signer will be called with "-inkey <path_to_private_key>",
"-in <input_file>" and "-out <output_file>" parameters.
Test: Use a dummy signer, call 'ota_from_target_files.py --payload_signer <signer> <target_files.zip> <ota.zip>' and verify the signatures in the generated package.
Bug: 28701652
Change-Id: I26cfdd3fdba6fc90799221741b75426988e46fd3
(cherry picked from commit dea0f8bfed)
Replace verity keyid with the keyid extracted from cert
passed through --replace_verity_keyid. The veritykeyid in the
BOOT/cmdline of input target files is replaced with keyid
extracted from --replace_verity_keyid and written to the
output target files.
BUG: 28384658
Change-Id: Ic683f36f543c4fcd94b6f95e40f01200fbf45ee1
(cherry picked from commit b58d23fe00)
It replaces the package verification key (change of path due to
system_root_image flag), as well as the payload verification key.
Bug: 29397395
Change-Id: I10435072aaf4356f2d8b5e1b6e82eb9cead7ad62
(cherry picked from commit 24a7206430)
* Add expand/collapse-all buttons to expand/collapse all warnings.
* Use HTML styles to reduce output file size.
Change-Id: Ica188cc4f123ce0ab8547f88315325c3e0560a39
Test: Checked output html file with Chrome browser.
This should make it easier to add parameters/options without breaking
existing clients.
Bug: 27461702
Change-Id: Ia4577f78d703a6b91828dd08492c78d5e9afb110
Now that the source trees all use NATIVE_TESTS for intermediate files
and generated sources, make it a requirement.
Change-Id: Id5718fabe63f6e8dde7981a6f0f5bd89e0ec7ee5
Standardize symlinking /system/vendor -> /vendor for aosp_* devices,
since some /vendor binaries still use /system/vendor/... paths.
Support using a prebuilt vendor image and including it into all the
normal packaging steps.
Bug: 28987532
Change-Id: I27040e8a8d1df0777e16cd1e3c3a9f1b28695e96
