Merge "Reject PKCS#7 SignerInfo with unsupported parameters."
diff --git a/Android.mk b/Android.mk
new file mode 100644
index 0000000..a1455d4
--- /dev/null
+++ b/Android.mk
@@ -0,0 +1,8 @@
+LOCAL_PATH := $(call my-dir)
+
+# We're relocating the build project to a subdirectory, then using symlinks
+# to expose the subdirectories where they used to be. If the manifest hasn't
+# been updated, we need to include all the subdirectories.
+ifeq ($(LOCAL_PATH),build)
+include $(call first-makefiles-under,$(LOCAL_PATH))
+endif
diff --git a/core/binary.mk b/core/binary.mk
index 0c57030..bcf07c2 100644
--- a/core/binary.mk
+++ b/core/binary.mk
@@ -1208,6 +1208,43 @@
$(hide) touch $@
endif
+
+####################################################
+## Verify that NDK-built libraries only link against
+## other NDK-built libraries
+####################################################
+
+my_link_type := $(intermediates)/link_type
+ifdef LOCAL_SDK_VERSION
+$(my_link_type): PRIVATE_LINK_TYPE := ndk
+$(my_link_type): PRIVATE_ALLOWED_TYPES := ndk
+else
+$(my_link_type): PRIVATE_LINK_TYPE := platform
+$(my_link_type): PRIVATE_ALLOWED_TYPES := (ndk|platform)
+endif
+my_link_type_deps := $(strip \
+ $(foreach l,$(my_whole_static_libraries) $(my_static_libraries), \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,$(l),$(LOCAL_IS_HOST_MODULE),,$(LOCAL_2ND_ARCH_VAR_PREFIX),$(my_host_cross))/link_type))
+ifneq ($(LOCAL_MODULE_CLASS),STATIC_LIBRARIES)
+my_link_type_deps += $(strip \
+ $(foreach l,$(my_shared_libraries), \
+ $(call intermediates-dir-for,SHARED_LIBRARIES,$(l),$(LOCAL_IS_HOST_MODULE),,$(LOCAL_2ND_ARCH_VAR_PREFIX),$(my_host_cross))/link_type))
+endif
+$(my_link_type): PRIVATE_DEPS := $(my_link_type_deps)
+$(my_link_type): PRIVATE_MODULE := $(LOCAL_MODULE)
+$(my_link_type): PRIVATE_MAKEFILE := $(LOCAL_MODULE_MAKEFILE)
+$(my_link_type): $(my_link_type_deps)
+ @echo Check module type: $@
+ $(hide) mkdir -p $(dir $@) && rm -f $@
+ifdef my_link_type_deps
+ $(hide) for f in $(PRIVATE_DEPS); do \
+ grep -qE '^$(PRIVATE_ALLOWED_TYPES)$$' $$f || \
+ $(call echo-warning,"$(PRIVATE_MAKEFILE): $(PRIVATE_MODULE) ($(PRIVATE_LINK_TYPE)) should not link to $$(basename $${f%_intermediates/link_type}) ($$(cat $$f))"); \
+ done
+endif
+ $(hide) echo $(PRIVATE_LINK_TYPE) >$@
+
+
###########################################################
## Common object handling.
###########################################################
@@ -1560,4 +1597,4 @@
.KATI_RESTAT: $(export_includes)
# Make sure export_includes gets generated when you are running mm/mmm
-$(LOCAL_BUILT_MODULE) : | $(export_includes)
+$(LOCAL_BUILT_MODULE) : | $(export_includes) $(my_link_type)
diff --git a/core/cxx_stl_setup.mk b/core/cxx_stl_setup.mk
index b4ba7a2..bff4d23 100644
--- a/core/cxx_stl_setup.mk
+++ b/core/cxx_stl_setup.mk
@@ -107,10 +107,8 @@
else ifeq ($(my_cxx_stl),libstdc++)
ifndef LOCAL_IS_HOST_MODULE
$(error $(LOCAL_PATH): $(LOCAL_MODULE): libstdc++ is not supported for device modules)
- else
- # Host builds will use the system C++. libc++ on Darwin, GNU libstdc++ everywhere else
- my_cppflags += $($(my_prefix)SYSTEMCPP_CPPFLAGS)
- my_ldflags += $($(my_prefix)SYSTEMCPP_LDFLAGS)
+ else ifneq ($($(my_prefix)OS),windows)
+ $(error $(LOCAL_PATH): $(LOCAL_MODULE): libstdc++ is not supported on $($(my_prefix)OS))
endif
else ifeq ($(my_cxx_stl),none)
ifdef LOCAL_IS_HOST_MODULE
diff --git a/core/definitions.mk b/core/definitions.mk
index 1b647aa..de1948f 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -835,6 +835,20 @@
###########################################################
+## Color-coded warnings and errors in build rules
+##
+## $(1): message to print
+###########################################################
+define echo-warning
+echo -e "\e[1;35mwarning:\e[0m \e[1m" $(1) "\e[0m\n"
+endef
+
+define echo-error
+echo -e "\e[1;31merror:\e[0m \e[1m" $(1) "\e[0m\n"
+endef
+
+
+###########################################################
## Package filtering
###########################################################
diff --git a/core/install_jni_libs_internal.mk b/core/install_jni_libs_internal.mk
index 27b9697..6136968 100644
--- a/core/install_jni_libs_internal.mk
+++ b/core/install_jni_libs_internal.mk
@@ -98,3 +98,35 @@
endif # my_embed_jni
endif # inner my_prebuilt_jni_libs
endif # outer my_prebuilt_jni_libs
+
+# Verify that all included libraries are built against the NDK
+ifneq ($(strip $(LOCAL_JNI_SHARED_LIBRARIES)),)
+my_link_type := $(call intermediates-dir-for,APPS,$(LOCAL_MODULE))/$(my_2nd_arch_prefix)jni_link_type
+my_link_type_deps := $(strip \
+ $(foreach l,$(LOCAL_JNI_SHARED_LIBRARIES),\
+ $(call intermediates-dir-for,SHARED_LIBRARIES,$(l),,,$(my_2nd_arch_prefix))/link_type))
+ifneq ($(LOCAL_SDK_VERSION),)
+$(my_link_type): PRIVATE_LINK_TYPE := sdk
+$(my_link_type): PRIVATE_ALLOWED_TYPES := ndk
+else
+$(my_link_type): PRIVATE_LINK_TYPE := platform
+$(my_link_type): PRIVATE_ALLOWED_TYPES := (ndk|platform)
+endif
+$(my_link_type): PRIVATE_DEPS := $(my_link_type_deps)
+$(my_link_type): PRIVATE_MODULE := $(LOCAL_MODULE)
+$(my_link_type): PRIVATE_MAKEFILE := $(LOCAL_MODULE_MAKEFILE)
+$(my_link_type): $(my_link_type_deps)
+ @echo Check JNI module types: $@
+ $(hide) mkdir -p $(dir $@)
+ $(hide) rm -f $@
+ $(hide) for f in $(PRIVATE_DEPS); do \
+ grep -qE '^$(PRIVATE_ALLOWED_TYPES)$$' $$f || \
+ $(call echo-warning,"$(PRIVATE_MAKEFILE): $(PRIVATE_MODULE) ($(PRIVATE_LINK_TYPE)) should not link to $$(basename $${f%_intermediates/link_type}) ($$(cat $$f))"); \
+ done
+ $(hide) touch $@
+
+$(LOCAL_BUILT_MODULE): | $(my_link_type)
+
+my_link_type :=
+my_link_type_deps :=
+endif
diff --git a/core/ninja.mk b/core/ninja.mk
index bbd5863..62102ba 100644
--- a/core/ninja.mk
+++ b/core/ninja.mk
@@ -155,7 +155,7 @@
endif
$(KATI_BUILD_NINJA): $(CKATI) $(MAKEPARALLEL) $(DUMMY_OUT_MKS) run_soong FORCE
@echo Running kati to generate build$(KATI_NINJA_SUFFIX).ninja...
- +$(hide) $(KATI_MAKEPARALLEL) $(CKATI) --ninja --ninja_dir=$(OUT_DIR) --ninja_suffix=$(KATI_NINJA_SUFFIX) --regen --ignore_dirty=$(OUT_DIR)/% --no_ignore_dirty=$(SOONG_ANDROID_MK) --no_ignore_dirty=$(SOONG_MAKEVARS_MK) --ignore_optional_include=$(OUT_DIR)/%.P --detect_android_echo $(KATI_FIND_EMULATOR) -f build/core/main.mk $(KATI_GOALS) --gen_all_targets BUILDING_WITH_NINJA=true SOONG_ANDROID_MK=$(SOONG_ANDROID_MK) SOONG_MAKEVARS_MK=$(SOONG_MAKEVARS_MK)
+ +$(hide) $(KATI_MAKEPARALLEL) $(CKATI) --ninja --ninja_dir=$(OUT_DIR) --ninja_suffix=$(KATI_NINJA_SUFFIX) --regen --ignore_dirty=$(OUT_DIR)/% --no_ignore_dirty=$(SOONG_OUT_DIR)/%.mk --ignore_optional_include=$(OUT_DIR)/%.P --detect_android_echo $(KATI_FIND_EMULATOR) -f build/core/main.mk $(KATI_GOALS) --gen_all_targets BUILDING_WITH_NINJA=true SOONG_ANDROID_MK=$(SOONG_ANDROID_MK) SOONG_MAKEVARS_MK=$(SOONG_MAKEVARS_MK)
.PHONY: FORCE
FORCE:
diff --git a/core/prebuilt_internal.mk b/core/prebuilt_internal.mk
index 3f89d80..9c4a98d 100644
--- a/core/prebuilt_internal.mk
+++ b/core/prebuilt_internal.mk
@@ -122,7 +122,14 @@
$(hide) touch $@
endif
-$(LOCAL_BUILT_MODULE) : | $(intermediates)/export_includes
+my_link_type := $(intermediates)/link_type
+$(my_link_type): PRIVATE_LINK_TYPE := $(if $(LOCAL_SDK_VERSION),ndk,platform)
+$(my_link_type):
+ @echo Check module type: $@
+ $(hide) mkdir -p $(dir $@) && rm -f $@
+ $(hide) echo $(PRIVATE_LINK_TYPE) >$@
+
+$(LOCAL_BUILT_MODULE) : | $(export_includes) $(my_link_type)
endif # prebuilt_module_is_a_library
# The real dependency will be added after all Android.mks are loaded and the install paths
diff --git a/libs/host/Android.bp b/tools/libhost/Android.bp
similarity index 100%
rename from libs/host/Android.bp
rename to tools/libhost/Android.bp
diff --git a/libs/host/CopyFile.c b/tools/libhost/CopyFile.c
similarity index 100%
rename from libs/host/CopyFile.c
rename to tools/libhost/CopyFile.c
diff --git a/libs/host/include/host/CopyFile.h b/tools/libhost/include/host/CopyFile.h
similarity index 100%
rename from libs/host/include/host/CopyFile.h
rename to tools/libhost/include/host/CopyFile.h
diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index 9e44263..02e940e 100755
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -184,11 +184,9 @@
print "userdata.img already exists in %s, no need to rebuild..." % (prefix,)
return
+ # Skip userdata.img if no size.
image_props = build_image.ImagePropFromGlobalDict(OPTIONS.info_dict, "data")
- # We only allow yaffs to have a 0/missing partition_size.
- # Extfs, f2fs must have a size. Skip userdata.img if no size.
- if (not image_props.get("fs_type", "").startswith("yaffs") and
- not image_props.get("partition_size")):
+ if not image_props.get("partition_size"):
return
print "creating userdata.img..."
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index abb23d1..69b1ba8 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -390,14 +390,8 @@
build_command = ["mkf2fsuserimg.sh"]
build_command.extend([out_file, prop_dict["partition_size"]])
else:
- build_command = ["mkyaffs2image", "-f"]
- if prop_dict.get("mkyaffs2_extra_flags", None):
- build_command.extend(prop_dict["mkyaffs2_extra_flags"].split())
- build_command.append(in_dir)
- build_command.append(out_file)
- if "selinux_fc" in prop_dict:
- build_command.append(prop_dict["selinux_fc"])
- build_command.append(prop_dict["mount_point"])
+ print("Error: unknown filesystem type '%s'" % (fs_type))
+ return False
if in_dir != origin_in:
# Construct a staging directory of the root file system.
@@ -501,7 +495,6 @@
common_props = (
"extfs_sparse_flag",
"squashfs_sparse_flag",
- "mkyaffs2_extra_flags",
"selinux_fc",
"skip_fsck",
"verity",
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 92af547..9d080d9 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -128,14 +128,6 @@
# files. Look for them, in case we're processing an old
# target_files zip.
- if "mkyaffs2_extra_flags" not in d:
- try:
- d["mkyaffs2_extra_flags"] = read_helper(
- "META/mkyaffs2-extra-flags.txt").strip()
- except KeyError:
- # ok if flags don't exist
- pass
-
if "recovery_api_version" not in d:
try:
d["recovery_api_version"] = read_helper(
@@ -816,10 +808,6 @@
if not fs_type or not limit:
return
- if fs_type == "yaffs2":
- # image size should be increased by 1/64th to account for the
- # spare area (64 bytes per 2k page)
- limit = limit / 2048 * (2048+64)
size = len(data)
pct = float(size) * 100.0 / limit
msg = "%s size (%d) is %.2f%% of limit (%d)" % (target, size, pct, limit)
@@ -1615,8 +1603,6 @@
# map recovery.fstab's fs_types to mount/format "partition types"
PARTITION_TYPES = {
- "yaffs2": "MTD",
- "mtd": "MTD",
"ext4": "EMMC",
"emmc": "EMMC",
"f2fs": "EMMC",
diff --git a/tools/releasetools/edify_generator.py b/tools/releasetools/edify_generator.py
index ecdc167..5c67ba1 100644
--- a/tools/releasetools/edify_generator.py
+++ b/tools/releasetools/edify_generator.py
@@ -167,7 +167,7 @@
self.script.append("set_progress(%f);" % (frac,))
def PatchCheck(self, filename, *sha1):
- """Check that the given file (or MTD reference) has one of the
+ """Check that the given file has one of the
given *sha1 hashes, checking the version saved in cache if the
file does not match."""
self.script.append(
@@ -176,7 +176,7 @@
') || abort("\\"%s\\" has unexpected contents.");' % (filename,))
def Verify(self, filename):
- """Check that the given file (or MTD reference) has one of the
+ """Check that the given file has one of the
given hashes (encoded in the filename)."""
self.script.append(
'apply_patch_check("{filename}") && '
@@ -185,7 +185,7 @@
filename=filename))
def FileCheck(self, filename, *sha1):
- """Check that the given file (or MTD reference) has one of the
+ """Check that the given file has one of the
given *sha1 hashes."""
self.script.append('assert(sha1_check(read_file("%s")' % (filename,) +
"".join([', "%s"' % (i,) for i in sha1]) +
@@ -322,11 +322,7 @@
p = fstab[mount_point]
partition_type = common.PARTITION_TYPES[p.fs_type]
args = {'device': p.device, 'fn': fn}
- if partition_type == "MTD":
- self.script.append(
- 'write_raw_image(package_extract_file("%(fn)s"), "%(device)s");'
- % args)
- elif partition_type == "EMMC":
+ if partition_type == "EMMC":
if mapfn:
args["map"] = mapfn
self.script.append(
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index 546c251..a13bed8 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -1271,6 +1271,11 @@
p1.communicate()
assert p1.returncode == 0, "brillo_update_payload properties failed"
+ if OPTIONS.wipe_user_data:
+ with open(properties_file, "a") as f:
+ f.write("POWERWASH=1\n")
+ metadata["ota-wipe"] = "yes"
+
# Add the signed payload file and properties into the zip.
common.ZipWrite(output_zip, properties_file, arcname="payload_properties.txt")
common.ZipWrite(output_zip, signed_payload_file, arcname="payload.bin",