Merge "Support GKI boot.img v4 signing"
diff --git a/core/Makefile b/core/Makefile
index 2416616..99df084 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -3907,24 +3907,6 @@
endif # check_vintf_vendor_deps
check_vintf_vendor_deps :=
-# -- Check VINTF compatibility of build.
-# Skip partial builds; only check full builds. Only check if:
-# - PRODUCT_ENFORCE_VINTF_MANIFEST is true
-# - system / vendor VINTF metadata exists
-# - Building product / system_ext / odm images if board has product / system_ext / odm images
-ifeq ($(PRODUCT_ENFORCE_VINTF_MANIFEST),true)
-ifeq ($(check_vintf_has_system),true)
-ifeq ($(check_vintf_has_vendor),true)
-ifeq ($(filter true,$(BUILDING_ODM_IMAGE)),$(filter true,$(BOARD_USES_ODMIMAGE)))
-ifeq ($(filter true,$(BUILDING_PRODUCT_IMAGE)),$(filter true,$(BOARD_USES_PRODUCTIMAGE)))
-ifeq ($(filter true,$(BUILDING_SYSTEM_EXT_IMAGE)),$(filter true,$(BOARD_USES_SYSTEM_EXTIMAGE)))
-
-check_vintf_compatible_log := $(intermediates)/check_vintf_compatible.log
-check_vintf_all_deps += $(check_vintf_compatible_log)
-
-check_vintf_compatible_args :=
-check_vintf_compatible_deps := $(check_vintf_common_srcs)
-
# -- Kernel version and configurations.
ifeq ($(PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS),true)
@@ -3978,9 +3960,29 @@
endif # INSTALLED_KERNEL_TARGET
+endif # PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS
+
+# -- Check VINTF compatibility of build.
+# Skip partial builds; only check full builds. Only check if:
+# - PRODUCT_ENFORCE_VINTF_MANIFEST is true
+# - system / vendor VINTF metadata exists
+# - Building product / system_ext / odm images if board has product / system_ext / odm images
+ifeq ($(PRODUCT_ENFORCE_VINTF_MANIFEST),true)
+ifeq ($(check_vintf_has_system),true)
+ifeq ($(check_vintf_has_vendor),true)
+ifeq ($(filter true,$(BUILDING_ODM_IMAGE)),$(filter true,$(BOARD_USES_ODMIMAGE)))
+ifeq ($(filter true,$(BUILDING_PRODUCT_IMAGE)),$(filter true,$(BOARD_USES_PRODUCTIMAGE)))
+ifeq ($(filter true,$(BUILDING_SYSTEM_EXT_IMAGE)),$(filter true,$(BOARD_USES_SYSTEM_EXTIMAGE)))
+
+check_vintf_compatible_log := $(intermediates)/check_vintf_compatible.log
+check_vintf_all_deps += $(check_vintf_compatible_log)
+
+check_vintf_compatible_args :=
+check_vintf_compatible_deps := $(check_vintf_common_srcs)
+
+ifeq ($(PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS),true)
check_vintf_compatible_args += --kernel $(BUILT_KERNEL_VERSION_FILE):$(BUILT_KERNEL_CONFIGS_FILE)
check_vintf_compatible_deps += $(BUILT_KERNEL_CONFIGS_FILE) $(BUILT_KERNEL_VERSION_FILE)
-
endif # PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS
check_vintf_compatible_args += \
@@ -4011,7 +4013,8 @@
$(if $(DEVICE_MANIFEST_SKUS),,EMPTY_VENDOR_SKU_PLACEHOLDER)) \
$(DEVICE_MANIFEST_SKUS)
$(check_vintf_compatible_log): $(HOST_OUT_EXECUTABLES)/checkvintf $(check_vintf_compatible_deps)
- @echo -n -e 'Deps: \n ' > $@
+ @echo "PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS=$(PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS)" > $@
+ @echo -n -e 'Deps: \n ' >> $@
@sed 's/ /\n /g' <<< "$(PRIVATE_CHECK_VINTF_DEPS)" >> $@
@echo -n -e 'Args: \n ' >> $@
@cat <<< "$(PRIVATE_CHECK_VINTF_ARGS)" >> $@
diff --git a/core/app_prebuilt_internal.mk b/core/app_prebuilt_internal.mk
index d47930c..fe04b84 100644
--- a/core/app_prebuilt_internal.mk
+++ b/core/app_prebuilt_internal.mk
@@ -92,45 +92,6 @@
endif
endif
-# Verify LOCAL_USES_LIBRARIES/LOCAL_OPTIONAL_USES_LIBRARIES
-# If LOCAL_ENFORCE_USES_LIBRARIES is not set, default to true if either of LOCAL_USES_LIBRARIES or
-# LOCAL_OPTIONAL_USES_LIBRARIES are specified.
-# Will change the default to true unconditionally in the future.
-ifndef LOCAL_ENFORCE_USES_LIBRARIES
- ifneq (,$(strip $(LOCAL_USES_LIBRARIES)$(LOCAL_OPTIONAL_USES_LIBRARIES)))
- LOCAL_ENFORCE_USES_LIBRARIES := true
- endif
-endif
-
-# Disable verify_uses_libraries check if dexpreopt is globally disabled.
-# Without dexpreopt the check is not necessary, and although it is good to have,
-# it is difficult to maintain on non-linux build platforms where dexpreopt is
-# generally disabled (the check may fail due to various unrelated reasons, such
-# as a failure to get manifest from an APK).
-ifneq ($(WITH_DEXPREOPT),true)
- LOCAL_ENFORCE_USES_LIBRARIES :=
-endif
-
-my_enforced_uses_libraries :=
-ifdef LOCAL_ENFORCE_USES_LIBRARIES
- my_enforced_uses_libraries := $(intermediates.COMMON)/enforce_uses_libraries.status
- $(my_enforced_uses_libraries): PRIVATE_USES_LIBRARIES := $(LOCAL_USES_LIBRARIES)
- $(my_enforced_uses_libraries): PRIVATE_OPTIONAL_USES_LIBRARIES := $(LOCAL_OPTIONAL_USES_LIBRARIES)
- $(my_enforced_uses_libraries): PRIVATE_RELAX_CHECK := $(RELAX_USES_LIBRARY_CHECK)
- $(my_enforced_uses_libraries): $(BUILD_SYSTEM)/verify_uses_libraries.sh $(AAPT)
- $(my_enforced_uses_libraries): $(my_prebuilt_src_file)
- @echo Verifying uses-libraries: $<
- rm -f $@
- aapt_binary=$(AAPT) \
- uses_library_names="$(strip $(PRIVATE_USES_LIBRARIES))" \
- optional_uses_library_names="$(strip $(PRIVATE_OPTIONAL_USES_LIBRARIES))" \
- relax_check="$(strip $(PRIVATE_RELAX_CHECK))" \
- $(BUILD_SYSTEM)/verify_uses_libraries.sh $< $@
- $(built_module) : $(my_enforced_uses_libraries)
-endif
-
-dex_preopt_profile_src_file := $(my_prebuilt_src_file)
-
rs_compatibility_jni_libs :=
include $(BUILD_SYSTEM)/install_jni_libs.mk
@@ -208,6 +169,8 @@
endif
my_dex_jar := $(my_prebuilt_src_file)
+my_manifest_or_apk := $(my_prebuilt_src_file)
+dex_preopt_profile_src_file := $(my_prebuilt_src_file)
#######################################
# defines built_odex along with rule to install odex
diff --git a/core/binary.mk b/core/binary.mk
index fa36d64..2c20eed 100644
--- a/core/binary.mk
+++ b/core/binary.mk
@@ -311,6 +311,15 @@
my_api_level := $(call codename-or-sdk-to-sdk,$(BOARD_VNDK_VERSION))
endif
my_cflags += -D__ANDROID_VNDK__
+ ifneq ($(LOCAL_USE_VNDK_VENDOR),)
+ # Vendor modules have LOCAL_USE_VNDK_VENDOR when
+ # BOARD_VNDK_VERSION is defined.
+ my_cflags += -D__ANDROID_VENDOR__
+ else ifneq ($(LOCAL_USE_VNDK_PRODUCT),)
+ # Product modules have LOCAL_USE_VNDK_PRODUCT when
+ # PRODUCT_PRODUCT_VNDK_VERSION is defined.
+ my_cflags += -D__ANDROID_PRODUCT__
+ endif
endif
ifndef LOCAL_IS_HOST_MODULE
diff --git a/core/dex_preopt_odex_install.mk b/core/dex_preopt_odex_install.mk
index cbd3069..560a555 100644
--- a/core/dex_preopt_odex_install.mk
+++ b/core/dex_preopt_odex_install.mk
@@ -1,5 +1,6 @@
# dexpreopt_odex_install.mk is used to define odex creation rules for JARs and APKs
# This file depends on variables set in base_rules.mk
+# Input variables: my_manifest_or_apk
# Output variables: LOCAL_DEX_PREOPT, LOCAL_UNCOMPRESS_DEX
ifeq (true,$(LOCAL_USE_EMBEDDED_DEX))
@@ -30,8 +31,9 @@
LOCAL_DEX_PREOPT :=
endif
-# Only enable preopt for non tests.
+# Disable <uses-library> checks and preopt for tests.
ifneq (,$(filter $(LOCAL_MODULE_TAGS),tests))
+ LOCAL_ENFORCE_USES_LIBRARIES := false
LOCAL_DEX_PREOPT :=
endif
@@ -45,8 +47,14 @@
LOCAL_DEX_PREOPT :=
endif
-# Disable preopt if not WITH_DEXPREOPT
+# Disable <uses-library> checks and preopt if not WITH_DEXPREOPT
+#
+# Without dexpreopt the check is not necessary, and although it is good to have,
+# it is difficult to maintain on non-linux build platforms where dexpreopt is
+# generally disabled (the check may fail due to various unrelated reasons, such
+# as a failure to get manifest from an APK).
ifneq (true,$(WITH_DEXPREOPT))
+ LOCAL_ENFORCE_USES_LIBRARIES := false
LOCAL_DEX_PREOPT :=
endif
@@ -54,7 +62,9 @@
LOCAL_DEX_PREOPT :=
endif
-ifeq (,$(strip $(built_dex)$(my_prebuilt_src_file)$(LOCAL_SOONG_DEX_JAR))) # contains no java code
+# Disable <uses-library> checks and preopt if the app contains no java code.
+ifeq (,$(strip $(built_dex)$(my_prebuilt_src_file)$(LOCAL_SOONG_DEX_JAR)))
+ LOCAL_ENFORCE_USES_LIBRARIES := false
LOCAL_DEX_PREOPT :=
endif
@@ -108,6 +118,137 @@
endif
endif
+################################################################################
+# Local module variables and functions used in dexpreopt and manifest_check.
+################################################################################
+
+my_filtered_optional_uses_libraries := $(filter-out $(INTERNAL_PLATFORM_MISSING_USES_LIBRARIES), \
+ $(LOCAL_OPTIONAL_USES_LIBRARIES))
+
+# TODO(b/132357300): This may filter out too much, as PRODUCT_PACKAGES doesn't
+# include all packages (the full list is unknown until reading all Android.mk
+# makefiles). As a consequence, a library may be present but not included in
+# dexpreopt, which will result in class loader context mismatch and a failure
+# to load dexpreopt code on device. We should fix this, either by deferring
+# dependency computation until the full list of product packages is known, or
+# by adding product-specific lists of missing libraries.
+my_filtered_optional_uses_libraries := $(filter $(PRODUCT_PACKAGES), \
+ $(my_filtered_optional_uses_libraries))
+
+ifeq ($(LOCAL_MODULE_CLASS),APPS)
+ # compatibility libraries are added to class loader context of an app only if
+ # targetSdkVersion in the app's manifest is lower than the given SDK version
+
+ my_dexpreopt_libs_compat_28 := \
+ org.apache.http.legacy
+
+ my_dexpreopt_libs_compat_29 := \
+ android.hidl.manager-V1.0-java \
+ android.hidl.base-V1.0-java
+
+ my_dexpreopt_libs_compat_30 := \
+ android.test.base \
+ android.test.mock
+
+ my_dexpreopt_libs_compat := \
+ $(my_dexpreopt_libs_compat_28) \
+ $(my_dexpreopt_libs_compat_29) \
+ $(my_dexpreopt_libs_compat_30)
+else
+ my_dexpreopt_libs_compat :=
+endif
+
+my_dexpreopt_libs := \
+ $(LOCAL_USES_LIBRARIES) \
+ $(my_filtered_optional_uses_libraries)
+
+# Module dexpreopt.config depends on dexpreopt.config files of each
+# <uses-library> dependency, because these libraries may be processed after
+# the current module by Make (there's no topological order), so the dependency
+# information (paths, class loader context) may not be ready yet by the time
+# this dexpreopt.config is generated. So it's necessary to add file-level
+# dependencies between dexpreopt.config files.
+my_dexpreopt_dep_configs := $(foreach lib, \
+ $(filter-out $(my_dexpreopt_libs_compat),$(LOCAL_USES_LIBRARIES) $(my_filtered_optional_uses_libraries)), \
+ $(call intermediates-dir-for,JAVA_LIBRARIES,$(lib),,)/dexpreopt.config)
+
+# 1: SDK version
+# 2: list of libraries
+#
+# Make does not process modules in topological order wrt. <uses-library>
+# dependencies, therefore we cannot rely on variables to get the information
+# about dependencies (in particular, their on-device path and class loader
+# context). This information is communicated via dexpreopt.config files: each
+# config depends on configs for <uses-library> dependencies of this module,
+# and the dex_preopt_config_merger.py script reads all configs and inserts the
+# missing bits from dependency configs into the module config.
+#
+# By default on-device path is /system/framework/*.jar, and class loader
+# subcontext is empty. These values are correct for compatibility libraries,
+# which are special and not handled by dex_preopt_config_merger.py.
+#
+add_json_class_loader_context = \
+ $(call add_json_array, $(1)) \
+ $(foreach lib, $(2),\
+ $(call add_json_map_anon) \
+ $(call add_json_str, Name, $(lib)) \
+ $(call add_json_str, Host, $(call intermediates-dir-for,JAVA_LIBRARIES,$(lib),,COMMON)/javalib.jar) \
+ $(call add_json_str, Device, /system/framework/$(lib).jar) \
+ $(call add_json_val, Subcontexts, null) \
+ $(call end_json_map)) \
+ $(call end_json_array)
+
+################################################################################
+# Verify <uses-library> coherence between the build system and the manifest.
+################################################################################
+
+# Verify LOCAL_USES_LIBRARIES/LOCAL_OPTIONAL_USES_LIBRARIES
+# If LOCAL_ENFORCE_USES_LIBRARIES is not set, default to true if either of LOCAL_USES_LIBRARIES or
+# LOCAL_OPTIONAL_USES_LIBRARIES are specified.
+# Will change the default to true unconditionally in the future.
+ifndef LOCAL_ENFORCE_USES_LIBRARIES
+ ifneq (,$(strip $(LOCAL_USES_LIBRARIES)$(LOCAL_OPTIONAL_USES_LIBRARIES)))
+ LOCAL_ENFORCE_USES_LIBRARIES := true
+ endif
+endif
+
+my_enforced_uses_libraries :=
+ifeq (true,$(LOCAL_ENFORCE_USES_LIBRARIES))
+ my_verify_script := build/soong/scripts/manifest_check.py
+ my_uses_libs_args := $(patsubst %,--uses-library %,$(LOCAL_USES_LIBRARIES))
+ my_optional_uses_libs_args := $(patsubst %,--optional-uses-library %, \
+ $(LOCAL_OPTIONAL_USES_LIBRARIES))
+ my_relax_check_arg := $(if $(filter true,$(RELAX_USES_LIBRARY_CHECK)), \
+ --enforce-uses-libraries-relax,)
+ my_dexpreopt_config_args := $(patsubst %,--dexpreopt-config %,$(my_dexpreopt_dep_configs))
+
+ my_enforced_uses_libraries := $(intermediates.COMMON)/enforce_uses_libraries.status
+ $(my_enforced_uses_libraries): PRIVATE_USES_LIBRARIES := $(my_uses_libs_args)
+ $(my_enforced_uses_libraries): PRIVATE_OPTIONAL_USES_LIBRARIES := $(my_optional_uses_libs_args)
+ $(my_enforced_uses_libraries): PRIVATE_DEXPREOPT_CONFIGS := $(my_dexpreopt_config_args)
+ $(my_enforced_uses_libraries): PRIVATE_RELAX_CHECK := $(my_relax_check_arg)
+ $(my_enforced_uses_libraries): $(AAPT)
+ $(my_enforced_uses_libraries): $(my_verify_script)
+ $(my_enforced_uses_libraries): $(my_dexpreopt_dep_configs)
+ $(my_enforced_uses_libraries): $(my_manifest_or_apk)
+ @echo Verifying uses-libraries: $<
+ rm -f $@
+ $(my_verify_script) \
+ --enforce-uses-libraries \
+ --enforce-uses-libraries-status $@ \
+ --aapt $(AAPT) \
+ $(PRIVATE_USES_LIBRARIES) \
+ $(PRIVATE_OPTIONAL_USES_LIBRARIES) \
+ $(PRIVATE_DEXPREOPT_CONFIGS) \
+ $(PRIVATE_RELAX_CHECK) \
+ $<
+ $(built_module) : $(my_enforced_uses_libraries)
+endif
+
+################################################################################
+# Dexpreopt command.
+################################################################################
+
my_dexpreopt_archs :=
my_dexpreopt_images :=
my_dexpreopt_images_deps :=
@@ -186,72 +327,6 @@
my_dexpreopt_image_locations += $(DEXPREOPT_IMAGE_LOCATIONS_$(my_dexpreopt_infix))
- my_filtered_optional_uses_libraries := $(filter-out $(INTERNAL_PLATFORM_MISSING_USES_LIBRARIES), \
- $(LOCAL_OPTIONAL_USES_LIBRARIES))
-
- # TODO(b/132357300): This may filter out too much, as PRODUCT_PACKAGES doesn't
- # include all packages (the full list is unknown until reading all Android.mk
- # makefiles). As a consequence, a library may be present but not included in
- # dexpreopt, which will result in class loader context mismatch and a failure
- # to load dexpreopt code on device. We should fix this, either by deferring
- # dependency computation until the full list of product packages is known, or
- # by adding product-specific lists of missing libraries.
- my_filtered_optional_uses_libraries := $(filter $(PRODUCT_PACKAGES), \
- $(my_filtered_optional_uses_libraries))
-
- ifeq ($(LOCAL_MODULE_CLASS),APPS)
- # compatibility libraries are added to class loader context of an app only if
- # targetSdkVersion in the app's manifest is lower than the given SDK version
-
- my_dexpreopt_libs_compat_28 := \
- org.apache.http.legacy
-
- my_dexpreopt_libs_compat_29 := \
- android.hidl.base-V1.0-java \
- android.hidl.manager-V1.0-java
-
- my_dexpreopt_libs_compat_30 := \
- android.test.base \
- android.test.mock
-
- my_dexpreopt_libs_compat := \
- $(my_dexpreopt_libs_compat_28) \
- $(my_dexpreopt_libs_compat_29) \
- $(my_dexpreopt_libs_compat_30)
- else
- my_dexpreopt_libs_compat :=
- endif
-
- my_dexpreopt_libs := \
- $(LOCAL_USES_LIBRARIES) \
- $(my_filtered_optional_uses_libraries)
-
- # 1: SDK version
- # 2: list of libraries
- #
- # Make does not process modules in topological order wrt. <uses-library>
- # dependencies, therefore we cannot rely on variables to get the information
- # about dependencies (in particular, their on-device path and class loader
- # context). This information is communicated via dexpreopt.config files: each
- # config depends on configs for <uses-library> dependencies of this module,
- # and the dex_preopt_config_merger.py script reads all configs and inserts the
- # missing bits from dependency configs into the module config.
- #
- # By default on-device path is /system/framework/*.jar, and class loader
- # subcontext is empty. These values are correct for compatibility libraries,
- # which are special and not handled by dex_preopt_config_merger.py.
- #
- add_json_class_loader_context = \
- $(call add_json_array, $(1)) \
- $(foreach lib, $(2),\
- $(call add_json_map_anon) \
- $(call add_json_str, Name, $(lib)) \
- $(call add_json_str, Host, $(call intermediates-dir-for,JAVA_LIBRARIES,$(lib),,COMMON)/javalib.jar) \
- $(call add_json_str, Device, /system/framework/$(lib).jar) \
- $(call add_json_val, Subcontexts, null) \
- $(call end_json_map)) \
- $(call end_json_array)
-
# Record dex-preopt config.
DEXPREOPT.$(LOCAL_MODULE).DEX_PREOPT := $(LOCAL_DEX_PREOPT)
DEXPREOPT.$(LOCAL_MODULE).MULTILIB := $(LOCAL_MULTILIB)
@@ -278,7 +353,7 @@
$(call add_json_list, PreoptFlags, $(LOCAL_DEX_PREOPT_FLAGS))
$(call add_json_str, ProfileClassListing, $(if $(my_process_profile),$(LOCAL_DEX_PREOPT_PROFILE)))
$(call add_json_bool, ProfileIsTextListing, $(my_profile_is_text_listing))
- $(call add_json_str, EnforceUsesLibrariesStatusFile, $(intermediates.COMMON)/enforce_uses_libraries.status)
+ $(call add_json_str, EnforceUsesLibrariesStatusFile, $(my_enforced_uses_libraries))
$(call add_json_bool, EnforceUsesLibraries, $(LOCAL_ENFORCE_USES_LIBRARIES))
$(call add_json_str, ProvidesUsesLibrary, $(firstword $(LOCAL_PROVIDES_USES_LIBRARY) $(LOCAL_MODULE)))
$(call add_json_map, ClassLoaderContexts)
@@ -304,16 +379,6 @@
my_dexpreopt_zip := $(intermediates)/dexpreopt.zip
my_dexpreopt_config_merger := $(BUILD_SYSTEM)/dex_preopt_config_merger.py
- # Module dexpreopt.config depends on dexpreopt.config files of each
- # <uses-library> dependency, because these libraries may be processed after
- # the current module by Make (there's no topological order), so the dependency
- # information (paths, class loader context) may not be ready yet by the time
- # this dexpreopt.config is generated. So it's necessary to add file-level
- # dependencies between dexpreopt.config files.
- my_dexpreopt_dep_configs := $(foreach lib, \
- $(filter-out $(my_dexpreopt_libs_compat),$(LOCAL_USES_LIBRARIES) $(my_filtered_optional_uses_libraries)), \
- $(call intermediates-dir-for,JAVA_LIBRARIES,$(lib),,)/dexpreopt.config)
-
$(my_dexpreopt_config): $(my_dexpreopt_dep_configs) $(my_dexpreopt_config_merger)
$(my_dexpreopt_config): PRIVATE_MODULE := $(LOCAL_MODULE)
$(my_dexpreopt_config): PRIVATE_CONTENTS := $(json_contents)
diff --git a/core/java.mk b/core/java.mk
index d28c0c4..3f147ba 100644
--- a/core/java.mk
+++ b/core/java.mk
@@ -176,7 +176,9 @@
#######################################
# defines built_odex along with rule to install odex
+my_manifest_or_apk := $(full_android_manifest)
include $(BUILD_SYSTEM)/dex_preopt_odex_install.mk
+my_manifest_or_apk :=
#######################################
# Make sure there's something to build.
diff --git a/core/java_prebuilt_internal.mk b/core/java_prebuilt_internal.mk
index 279b0e4..990b7d4 100644
--- a/core/java_prebuilt_internal.mk
+++ b/core/java_prebuilt_internal.mk
@@ -33,6 +33,7 @@
ifeq ($(prebuilt_module_is_dex_javalib),true)
my_dex_jar := $(my_prebuilt_src_file)
+my_manifest_or_apk := $(my_prebuilt_src_file)
# This is a target shared library, i.e. a jar with classes.dex.
$(foreach pair,$(PRODUCT_BOOT_JARS), \
@@ -43,7 +44,9 @@
#######################################
# defines built_odex along with rule to install odex
+my_manifest_or_apk := $(my_prebuilt_src_file)
include $(BUILD_SYSTEM)/dex_preopt_odex_install.mk
+my_manifest_or_apk :=
#######################################
$(built_module) : $(my_prebuilt_src_file)
$(call copy-file-to-target)
diff --git a/core/local_vndk.mk b/core/local_vndk.mk
index b1bd3e6..befbc59 100644
--- a/core/local_vndk.mk
+++ b/core/local_vndk.mk
@@ -5,6 +5,7 @@
ifndef LOCAL_SDK_VERSION
ifneq (,$(filter true,$(LOCAL_VENDOR_MODULE) $(LOCAL_ODM_MODULE) $(LOCAL_OEM_MODULE) $(LOCAL_PROPRIETARY_MODULE)))
LOCAL_USE_VNDK:=true
+ LOCAL_USE_VNDK_VENDOR:=true
# Note: no need to check LOCAL_MODULE_PATH* since LOCAL_[VENDOR|ODM|OEM]_MODULE is already
# set correctly before this is included.
endif
@@ -40,6 +41,7 @@
# If we're not using the VNDK, drop all restrictions
ifndef BOARD_VNDK_VERSION
LOCAL_USE_VNDK:=
+ LOCAL_USE_VNDK_VENDOR:=
LOCAL_USE_VNDK_PRODUCT:=
endif
endif
diff --git a/core/main.mk b/core/main.mk
index 63fac43..56950ec 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -290,6 +290,13 @@
ro.product.first_api_level=$(PRODUCT_SHIPPING_API_LEVEL)
endif
+# Vendors with GRF must define BOARD_SHIPPING_API_LEVEL for the vendor API level.
+# This must not be defined for the non-GRF devices.
+ifdef BOARD_SHIPPING_API_LEVEL
+ADDITIONAL_VENDOR_PROPERTIES += \
+ ro.board.first_api_level=$(BOARD_SHIPPING_API_LEVEL)
+endif
+
ADDITIONAL_VENDOR_PROPERTIES += \
ro.vendor.build.security_patch=$(VENDOR_SECURITY_PATCH) \
ro.product.board=$(TARGET_BOOTLOADER_BOARD_NAME) \
@@ -1863,7 +1870,7 @@
ndk: $(SOONG_OUT_DIR)/ndk.timestamp
.PHONY: ndk
-# Checks that build/soong/apex/allowed_deps.txt remains up to date
+# Checks that allowed_deps.txt remains up to date
ifneq ($(UNSAFE_DISABLE_APEX_ALLOWED_DEPS_CHECK),true)
droidcore: ${APEX_ALLOWED_DEPS_CHECK}
endif
diff --git a/core/package_internal.mk b/core/package_internal.mk
index 346ca24..9f5a599 100644
--- a/core/package_internal.mk
+++ b/core/package_internal.mk
@@ -472,31 +472,6 @@
# Set a actual_partition_tag (calculated in base_rules.mk) for the package.
PACKAGES.$(LOCAL_PACKAGE_NAME).PARTITION := $(actual_partition_tag)
-# Verify LOCAL_USES_LIBRARIES/LOCAL_OPTIONAL_USES_LIBRARIES
-# If LOCAL_ENFORCE_USES_LIBRARIES is not set, default to true if either of LOCAL_USES_LIBRARIES or
-# LOCAL_OPTIONAL_USES_LIBRARIES are specified.
-# Will change the default to true unconditionally in the future.
-ifndef LOCAL_ENFORCE_USES_LIBRARIES
- ifneq (,$(strip $(LOCAL_USES_LIBRARIES)$(LOCAL_OPTIONAL_USES_LIBRARIES)))
- LOCAL_ENFORCE_USES_LIBRARIES := true
- endif
-endif
-
-my_enforced_uses_libraries :=
-ifdef LOCAL_ENFORCE_USES_LIBRARIES
- my_manifest_check := $(intermediates.COMMON)/manifest/AndroidManifest.xml.check
- $(my_manifest_check): $(MANIFEST_CHECK)
- $(my_manifest_check): PRIVATE_USES_LIBRARIES := $(LOCAL_USES_LIBRARIES)
- $(my_manifest_check): PRIVATE_OPTIONAL_USES_LIBRARIES := $(LOCAL_OPTIONAL_USES_LIBRARIES)
- $(my_manifest_check): $(full_android_manifest)
- @echo Checking manifest: $<
- $(MANIFEST_CHECK) --enforce-uses-libraries \
- $(addprefix --uses-library ,$(PRIVATE_USES_LIBRARIES)) \
- $(addprefix --optional-uses-library ,$(PRIVATE_OPTIONAL_USES_LIBRARIES)) \
- $< -o $@
- $(LOCAL_BUILT_MODULE): $(my_manifest_check)
-endif
-
# Define the rule to build the actual package.
# PRIVATE_JNI_SHARED_LIBRARIES is a list of <abi>:<path_of_built_lib>.
$(LOCAL_BUILT_MODULE): PRIVATE_JNI_SHARED_LIBRARIES := $(jni_shared_libraries_with_abis)
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 9fdf7b8..b4992fe 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -158,6 +158,11 @@
$(call add_json_bool,$(module),true))
$(call end_json_map)
+$(call add_json_list, VendorSnapshotDirsIncluded, $(VENDOR_SNAPSHOT_DIRS_INCLUDED))
+$(call add_json_list, VendorSnapshotDirsExcluded, $(VENDOR_SNAPSHOT_DIRS_EXCLUDED))
+$(call add_json_list, RecoverySnapshotDirsIncluded, $(RECOVERY_SNAPSHOT_DIRS_INCLUDED))
+$(call add_json_list, RecoverySnapshotDirsExcluded, $(RECOVERY_SNAPSHOT_DIRS_EXCLUDED))
+
$(call add_json_bool, Treble_linker_namespaces, $(filter true,$(PRODUCT_TREBLE_LINKER_NAMESPACES)))
$(call add_json_bool, Enforce_vintf_manifest, $(filter true,$(PRODUCT_ENFORCE_VINTF_MANIFEST)))
@@ -245,8 +250,16 @@
$(call add_json_str, ShippingApiLevel, $(PRODUCT_SHIPPING_API_LEVEL))
+$(call add_json_bool, BuildBrokenEnforceSyspropOwner, $(BUILD_BROKEN_ENFORCE_SYSPROP_OWNER))
+$(call add_json_bool, BuildBrokenTrebleSyspropNeverallow, $(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW))
$(call add_json_bool, BuildBrokenVendorPropertyNamespace, $(BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE))
+$(call add_json_bool, RequiresInsecureExecmemForSwiftshader, $(PRODUCT_REQUIRES_INSECURE_EXECMEM_FOR_SWIFTSHADER))
+
+$(call add_json_bool, SelinuxIgnoreNeverallows, $(SELINUX_IGNORE_NEVERALLOWS))
+
+$(call add_json_bool, SepolicySplit, $(PRODUCT_SEPOLICY_SPLIT))
+
$(call json_end)
$(file >$(SOONG_VARIABLES).tmp,$(json_contents))
diff --git a/core/verify_uses_libraries.sh b/core/verify_uses_libraries.sh
deleted file mode 100755
index 1bd0a2c..0000000
--- a/core/verify_uses_libraries.sh
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2018 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# apt_binary is $(AAPT) in the build.
-
-# Parse sdk, targetSdk, and uses librares in the APK, then cross reference against build specified ones.
-
-set -e
-local_apk=$1
-status_file=$2
-badging=$(${aapt_binary} dump badging "${local_apk}")
-export sdk_version=$(echo "${badging}" | grep "sdkVersion" | sed -n "s/sdkVersion:'\(.*\)'/\1/p")
-# Export target_sdk_version to the caller.
-export target_sdk_version=$(echo "${badging}" | grep "targetSdkVersion" | sed -n "s/targetSdkVersion:'\(.*\)'/\1/p")
-uses_libraries=$(echo "${badging}" | grep "uses-library" | sed -n "s/uses-library:'\(.*\)'/\1/p")
-optional_uses_libraries=$(echo "${badging}" | grep "uses-library-not-required" | sed -n "s/uses-library-not-required:'\(.*\)'/\1/p")
-
-errmsg=
-
-# Verify that the uses libraries match exactly.
-# Currently we validate the ordering of the libraries since it matters for resolution.
-single_line_libs=$(echo "${uses_libraries}" | tr '\n' ' ' | awk '{$1=$1}1')
-if [[ "${single_line_libs}" != "${uses_library_names}" ]]; then
- errmsg="LOCAL_USES_LIBRARIES (${uses_library_names}) do not match (${single_line_libs}) in manifest for ${local_apk}"
-fi
-
-# Verify that the optional uses libraries match exactly.
-single_line_optional_libs=$(echo "${optional_uses_libraries}" | tr '\n' ' ' | awk '{$1=$1}1')
-if [[ "${single_line_optional_libs}" != "${optional_uses_library_names}" ]]; then
- errmsg="LOCAL_OPTIONAL_USES_LIBRARIES (${optional_uses_library_names}) do not match (${single_line_optional_libs}) in manifest for ${local_apk}"
-fi
-
-if [[ ! -z "${errmsg}" ]]; then
- echo "${errmsg}" > "${status_file}"
- if [[ "${relax_check}" != true ]]; then
- # fail immediately
- echo "${errmsg}"
- exit 1
- fi
-else
- touch "${status_file}"
-fi
diff --git a/envsetup.sh b/envsetup.sh
index 58fcd3b..344a01a 100644
--- a/envsetup.sh
+++ b/envsetup.sh
@@ -23,6 +23,7 @@
- ggrep: Greps on all local Gradle files.
- gogrep: Greps on all local Go files.
- jgrep: Greps on all local Java files.
+- ktgrep: Greps on all local Kotlin files.
- resgrep: Greps on all local res/*.xml files.
- mangrep: Greps on all local AndroidManifest.xml files.
- mgrep: Greps on all local Makefiles and *.bp files.
@@ -1002,7 +1003,7 @@
Darwin)
function sgrep()
{
- find -E . -name .repo -prune -o -name .git -prune -o -type f -iregex '.*\.(c|h|cc|cpp|hpp|S|java|xml|sh|mk|aidl|vts|proto)' \
+ find -E . -name .repo -prune -o -name .git -prune -o -type f -iregex '.*\.(c|h|cc|cpp|hpp|S|java|kt|xml|sh|mk|aidl|vts|proto)' \
-exec grep --color -n "$@" {} +
}
@@ -1010,7 +1011,7 @@
*)
function sgrep()
{
- find . -name .repo -prune -o -name .git -prune -o -type f -iregex '.*\.\(c\|h\|cc\|cpp\|hpp\|S\|java\|xml\|sh\|mk\|aidl\|vts\|proto\)' \
+ find . -name .repo -prune -o -name .git -prune -o -type f -iregex '.*\.\(c\|h\|cc\|cpp\|hpp\|S\|java\|kt\|xml\|sh\|mk\|aidl\|vts\|proto\)' \
-exec grep --color -n "$@" {} +
}
;;
@@ -1045,6 +1046,12 @@
-exec grep --color -n "$@" {} +
}
+function ktgrep()
+{
+ find . -name .repo -prune -o -name .git -prune -o -name out -prune -o -type f -name "*\.kt" \
+ -exec grep --color -n "$@" {} +
+}
+
function cgrep()
{
find . -name .repo -prune -o -name .git -prune -o -name out -prune -o -type f \( -name '*.c' -o -name '*.cc' -o -name '*.cpp' -o -name '*.h' -o -name '*.hpp' \) \
@@ -1093,7 +1100,7 @@
function treegrep()
{
- find -E . -name .repo -prune -o -name .git -prune -o -type f -iregex '.*\.(c|h|cpp|hpp|S|java|xml)' \
+ find -E . -name .repo -prune -o -name .git -prune -o -type f -iregex '.*\.(c|h|cpp|hpp|S|java|kt|xml)' \
-exec grep --color -n -i "$@" {} +
}
@@ -1107,7 +1114,7 @@
function treegrep()
{
- find . -name .repo -prune -o -name .git -prune -o -regextype posix-egrep -iregex '.*\.(c|h|cpp|hpp|S|java|xml)' -type f \
+ find . -name .repo -prune -o -name .git -prune -o -regextype posix-egrep -iregex '.*\.(c|h|cpp|hpp|S|java|kt|xml)' -type f \
-exec grep --color -n -i "$@" {} +
}
diff --git a/target/product/base_system.mk b/target/product/base_system.mk
index 09864bc..c87fb73 100644
--- a/target/product/base_system.mk
+++ b/target/product/base_system.mk
@@ -403,6 +403,6 @@
# This property allows enabling Keystore 2.0 selectively for testing.
# TODO Remove when Keystore 2.0 migration is complete. b/171563717
-PRODUCT_SYSTEM_PROPERTIES += persist.android.security.keystore2.enable=false
+PRODUCT_SYSTEM_PROPERTIES += persist.android.security.keystore2.enable=true
$(call inherit-product, $(SRC_TARGET_DIR)/product/runtime_libart.mk)
diff --git a/target/product/gsi_release.mk b/target/product/gsi_release.mk
index 25716ce..539dbfa 100644
--- a/target/product/gsi_release.mk
+++ b/target/product/gsi_release.mk
@@ -59,3 +59,9 @@
# Support additional P, Q and R VNDK packages
PRODUCT_EXTRA_VNDK_VERSIONS := 28 29 30
+
+# Do not build non-GSI partition images.
+PRODUCT_BUILD_CACHE_IMAGE := false
+PRODUCT_BUILD_USERDATA_IMAGE := false
+PRODUCT_BUILD_VENDOR_IMAGE := false
+PRODUCT_BUILD_SUPER_PARTITION := false
diff --git a/target/product/runtime_libart.mk b/target/product/runtime_libart.mk
index 7092031..4f14ddd 100644
--- a/target/product/runtime_libart.mk
+++ b/target/product/runtime_libart.mk
@@ -142,8 +142,10 @@
# Enable Madvising of the whole art, odex and vdex files to MADV_WILLNEED.
# The size specified here is the size limit of how much of the file
-# (in bytes) is madvised. Setting it to UINT_MAX.
+# (in bytes) is madvised.
+# We madvise the whole .art file to MADV_WILLNEED with UINT_MAX limit.
+# For odex and vdex files, we limit madvising to 100MB.
PRODUCT_SYSTEM_PROPERTIES += \
- dalvik.vm.madvise.vdexfile.size=4294967295 \
- dalvik.vm.madvise.odexfile.size=4294967295 \
+ dalvik.vm.madvise.vdexfile.size=104857600 \
+ dalvik.vm.madvise.odexfile.size=104857600 \
dalvik.vm.madvise.artfile.size=4294967295
diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk
index 83f0a4b..cedad5b 100644
--- a/target/product/security/Android.mk
+++ b/target/product/security/Android.mk
@@ -65,7 +65,7 @@
include $(BUILD_SYSTEM)/base_rules.mk
$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
$(LOCAL_BUILT_MODULE): $(SOONG_ZIP) $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
- $(SOONG_ZIP) -o $@ -j -f $(PRIVATE_CERT)
+ $(SOONG_ZIP) -o $@ -j -symlinks=false -f $(PRIVATE_CERT)
#######################################
@@ -88,5 +88,5 @@
$(SOONG_ZIP) \
$(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem \
$(extra_recovery_keys)
- $(SOONG_ZIP) -o $@ -j \
+ $(SOONG_ZIP) -o $@ -j -symlinks=false \
$(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file))
diff --git a/tools/releasetools/Android.bp b/tools/releasetools/Android.bp
index 6d88249..3b0c070 100644
--- a/tools/releasetools/Android.bp
+++ b/tools/releasetools/Android.bp
@@ -523,6 +523,23 @@
],
}
+python_binary_host {
+ name: "verity_utils",
+ defaults: ["releasetools_binary_defaults"],
+ srcs: [
+ "verity_utils.py",
+ ],
+ libs: [
+ "releasetools_common",
+ ],
+ required: [
+ "append2simg",
+ "build_verity_metadata",
+ "build_verity_tree",
+ "fec",
+ ],
+}
+
//
// Tests.
//
diff --git a/tools/releasetools/check_partition_sizes.py b/tools/releasetools/check_partition_sizes.py
index 745c136..3047ddb 100644
--- a/tools/releasetools/check_partition_sizes.py
+++ b/tools/releasetools/check_partition_sizes.py
@@ -40,6 +40,7 @@
logger = logging.getLogger(__name__)
+
class Expression(object):
def __init__(self, desc, expr, value=None):
# Human-readable description
@@ -62,6 +63,20 @@
else:
logger.log(level, msg)
+ def CheckLt(self, other, level=logging.ERROR):
+ format_args = (self.desc, other.desc, self.expr, self.value,
+ other.expr, other.value)
+ if self.value < other.value:
+ logger.info("%s is less than %s:\n%s == %d < %s == %d",
+ *format_args)
+ else:
+ msg = "{} is greater than or equal to {}:\n{} == {} >= {} == {}".format(
+ *format_args)
+ if level == logging.ERROR:
+ raise RuntimeError(msg)
+ else:
+ logger.log(level, msg)
+
def CheckEq(self, other):
format_args = (self.desc, other.desc, self.expr, self.value,
other.expr, other.value)
@@ -116,7 +131,6 @@
int(info_dict["super_partition_size"])
self.info_dict = info_dict
-
def _ReadSizeOfPartition(self, name):
# Tests uses *_image_size instead (to avoid creating empty sparse images
# on disk)
@@ -124,7 +138,6 @@
return int(self.info_dict[name + "_image_size"])
return sparse_img.GetImagePartitionSize(self.info_dict[name + "_image"])
-
# Round result to BOARD_SUPER_PARTITION_ALIGNMENT
def _RoundPartitionSize(self, size):
alignment = self.info_dict.get("super_partition_alignment")
@@ -132,7 +145,6 @@
return size
return (size + alignment - 1) // alignment * alignment
-
def _CheckSuperPartitionSize(self):
info_dict = self.info_dict
super_block_devices = \
@@ -239,7 +251,20 @@
max_size = Expression(
"BOARD_SUPER_PARTITION_SIZE{}".format(size_limit_suffix),
int(info_dict["super_partition_size"]) // num_slots)
- sum_size.CheckLe(max_size)
+ # Retrofit DAP will build metadata as part of super image.
+ if Dap.Get(info_dict) == Dap.RDAP:
+ sum_size.CheckLe(max_size)
+ return
+
+ sum_size.CheckLt(max_size)
+ # Display a warning if group size + 1M >= super size
+ minimal_metadata_size = 1024 * 1024 # 1MiB
+ sum_size_plus_metadata = Expression(
+ "sum of sizes of {} plus 1M metadata".format(groups),
+ "+".join(str(size) for size in
+ group_size_list + [minimal_metadata_size]),
+ sum(group_size_list) + minimal_metadata_size)
+ sum_size_plus_metadata.CheckLe(max_size, level=logging.WARNING)
def Run(self):
self._CheckAllPartitionSizes()
diff --git a/tools/releasetools/test_check_partition_sizes.py b/tools/releasetools/test_check_partition_sizes.py
index ed20873..073d229 100644
--- a/tools/releasetools/test_check_partition_sizes.py
+++ b/tools/releasetools/test_check_partition_sizes.py
@@ -27,8 +27,8 @@
dynamic_partition_list=system vendor product
super_partition_groups=group
super_group_partition_list=system vendor product
- super_partition_size=200
- super_super_device_size=200
+ super_partition_size=202
+ super_super_device_size=202
super_group_group_size=100
system_image_size=50
vendor_image_size=20
@@ -41,8 +41,8 @@
def test_non_ab(self):
self.info_dict.update(common.LoadDictionaryFromLines("""
ab_update=false
- super_partition_size=100
- super_super_device_size=100
+ super_partition_size=101
+ super_super_device_size=101
""".split("\n")))
CheckPartitionSizes(self.info_dict)
@@ -112,8 +112,8 @@
def test_vab(self):
self.info_dict.update(common.LoadDictionaryFromLines("""
virtual_ab=true
- super_partition_size=100
- super_super_device_size=100
+ super_partition_size=101
+ super_super_device_size=101
""".split("\n")))
CheckPartitionSizes(self.info_dict)
diff --git a/tools/releasetools/verity_utils.py b/tools/releasetools/verity_utils.py
index fc83689..8faa2d1 100644
--- a/tools/releasetools/verity_utils.py
+++ b/tools/releasetools/verity_utils.py
@@ -14,6 +14,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+"""
+Signs a given image using avbtool
+
+Usage: verity_utils properties_file output_image
+"""
+
from __future__ import print_function
import logging
@@ -31,6 +37,9 @@
BLOCK_SIZE = common.BLOCK_SIZE
FIXED_SALT = "aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7"
+# From external/avb/avbtool.py
+MAX_VBMETA_SIZE = 64 * 1024
+MAX_FOOTER_SIZE = 4096
class BuildVerityImageError(Exception):
"""An Exception raised during verity image building."""
@@ -714,3 +723,55 @@
signing_args)
return builder
+
+
+def GetDiskUsage(path):
+ """Returns the number of bytes that "path" occupies on host.
+
+ Args:
+ path: The directory or file to calculate size on.
+
+ Returns:
+ The number of bytes based on a 1K block_size.
+ """
+ cmd = ["du", "-b", "-k", "-s", path]
+ output = common.RunAndCheckOutput(cmd, verbose=False)
+ return int(output.split()[0]) * 1024
+
+
+def main(argv):
+ if len(argv) != 2:
+ print(__doc__)
+ sys.exit(1)
+
+ common.InitLogging()
+
+ dict_file = argv[0]
+ out_file = argv[1]
+
+ prop_dict = {}
+ with open(dict_file, 'r') as f:
+ for line in f:
+ line = line.strip()
+ if not line or line.startswith("#"):
+ continue
+ k, v = line.split("=", 1)
+ prop_dict[k] = v
+
+ builder = CreateVerityImageBuilder(prop_dict)
+
+ if "partition_size" not in prop_dict:
+ image_size = GetDiskUsage(out_file)
+ # make sure that the image is big enough to hold vbmeta and footer
+ image_size = image_size + (MAX_VBMETA_SIZE + MAX_FOOTER_SIZE)
+ size = builder.CalculateDynamicPartitionSize(image_size)
+ prop_dict["partition_size"] = size
+
+ builder.Build(out_file)
+
+
+if __name__ == '__main__':
+ try:
+ main(sys.argv[1:])
+ finally:
+ common.Cleanup()