Merge "Remove _API_FILE variables"
diff --git a/core/Makefile b/core/Makefile
index 8e22ff6..83683a0 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -39,6 +39,16 @@
use ODM_MANIFEST_FILES / vintf_fragments instead!)) \
)
endef
+
+# TODO(b/140560012): Flip BUILD_BROKEN_ELF_PREBUILT_PRODUCT_COPY_FILES to default
+# false after all problematic devices are tagged.
+check_elf_prebuilt_product_copy_files :=
+ifneq (,$(filter false,$(BUILD_BROKEN_ELF_PREBUILT_PRODUCT_COPY_FILES)))
+check_elf_prebuilt_product_copy_files := true
+endif
+check_elf_prebuilt_product_copy_files_hint := \
+ found ELF prebuilt in PRODUCT_COPY_FILES, use cc_prebuilt_binary / cc_prebuilt_library_shared instead.
+
# filter out the duplicate <source file>:<dest file> pairs.
unique_product_copy_files_pairs :=
$(foreach cf,$(PRODUCT_COPY_FILES), \
@@ -59,7 +69,10 @@
$(eval $(call copy-and-uncompress-dexs,$(_src),$(_fulldest))), \
$(if $(filter init%rc,$(notdir $(_dest)))$(filter %/etc/init,$(dir $(_dest))),\
$(eval $(call copy-init-script-file-checked,$(_src),$(_fulldest))),\
- $(eval $(call copy-one-file,$(_src),$(_fulldest)))))) \
+ $(if $(and $(filter true,$(check_elf_prebuilt_product_copy_files)), \
+ $(filter bin lib lib64,$(subst /,$(space),$(_dest)))), \
+ $(eval $(call copy-non-elf-file-checked,$(_src),$(_fulldest),$(check_elf_prebuilt_product_copy_files_hint))), \
+ $(eval $(call copy-one-file,$(_src),$(_fulldest))))))) \
$(eval unique_product_copy_files_destinations += $(_dest))))
# Dump a list of overriden (and ignored PRODUCT_COPY_FILES entries)
@@ -2122,8 +2135,7 @@
$(call append-recovery-ui-properties,$(PRIVATE_RECOVERY_UI_PROPERTIES),$@)
ifeq (truetrue,$(strip $(BUILDING_VENDOR_BOOT_IMAGE))$(strip $(AB_OTA_UPDATER)))
- INTERNAL_RECOVERYIMAGE_ARGS := \
- --kernel $(recovery_kernel) --ramdisk $(recovery_ramdisk)
+ INTERNAL_RECOVERYIMAGE_ARGS := --ramdisk $(recovery_ramdisk)
ifdef GENERIC_KERNEL_CMDLINE
INTERNAL_RECOVERYIMAGE_ARGS += --cmdline "$(GENERIC_KERNEL_CMDLINE)"
endif
@@ -2200,10 +2212,10 @@
# $(2): kernel file
define build-recoveryimage-target
$(if $(filter true,$(PRODUCT_SUPPORTS_VBOOT)), \
- $(MKBOOTIMG) --kernel $(2) $(MKBOOTIMG_KERNEL_ARG) $(INTERNAL_RECOVERYIMAGE_ARGS) \
+ $(MKBOOTIMG) --kernel $(2) $(INTERNAL_RECOVERYIMAGE_ARGS) \
$(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_RECOVERY_MKBOOTIMG_ARGS) \
--output $(1).unsigned, \
- $(MKBOOTIMG) --kernel $(2) $(MKBOOTIMG_KERNEL_ARG) $(INTERNAL_RECOVERYIMAGE_ARGS) \
+ $(MKBOOTIMG) --kernel $(2) $(INTERNAL_RECOVERYIMAGE_ARGS) \
$(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_RECOVERY_MKBOOTIMG_ARGS) \
--output $(1))
$(if $(filter true,$(PRODUCT_SUPPORTS_BOOT_SIGNER)),\
diff --git a/core/board_config.mk b/core/board_config.mk
index a329cb1..2279c3f 100644
--- a/core/board_config.mk
+++ b/core/board_config.mk
@@ -87,6 +87,7 @@
_build_broken_var_list := \
BUILD_BROKEN_DUP_RULES \
+ BUILD_BROKEN_ELF_PREBUILT_PRODUCT_COPY_FILES \
BUILD_BROKEN_OUTSIDE_INCLUDE_DIRS \
BUILD_BROKEN_PREBUILT_ELF_FILES \
BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW \
diff --git a/core/definitions.mk b/core/definitions.mk
index b714bdb..6d8cddb 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -2093,7 +2093,7 @@
$(if $(PRIVATE_JAR_EXCLUDE_PACKAGES), $(hide) rm -rf \
$(foreach pkg, $(PRIVATE_JAR_EXCLUDE_PACKAGES), \
$(PRIVATE_CLASS_INTERMEDIATES_DIR)/$(subst .,/,$(pkg))))
-$(hide) $(JAR) -cf $@ $(call jar-args-sorted-files-in-directory,$(PRIVATE_CLASS_INTERMEDIATES_DIR))
+$(hide) $(SOONG_ZIP) -jar -o $@ -C $(PRIVATE_CLASS_INTERMEDIATES_DIR) -D $(PRIVATE_CLASS_INTERMEDIATES_DIR)
$(if $(PRIVATE_EXTRA_JAR_ARGS),$(call add-java-resources-to,$@))
endef
@@ -2552,6 +2552,22 @@
$(_cmf_dest)))
endef
+# Copy the file only if it's not an ELF file. For use via $(eval).
+# $(1): source file
+# $(2): destination file
+# $(3): message to print on error
+define copy-non-elf-file-checked
+$(2): $(1) $(LLVM_READOBJ)
+ @echo "Copy non-ELF: $$@"
+ $(hide) \
+ if $(LLVM_READOBJ) -h $$< >/dev/null 2>&1; then \
+ $(call echo-error,$$@,$(3)); \
+ $(call echo-error,$$@,found ELF file: $$<); \
+ false; \
+ fi
+ $$(copy-file-to-target)
+endef
+
# The -t option to acp and the -p option to cp is
# required for OSX. OSX has a ridiculous restriction
# where it's an error for a .a file's modification time
diff --git a/core/host_dalvik_java_library.mk b/core/host_dalvik_java_library.mk
index 5021510..da32978 100644
--- a/core/host_dalvik_java_library.mk
+++ b/core/host_dalvik_java_library.mk
@@ -99,6 +99,7 @@
$(NORMALIZE_PATH) \
$(JAR_ARGS) \
$(ZIPSYNC) \
+ $(SOONG_ZIP) \
| $(SOONG_JAVAC_WRAPPER)
$(transform-host-java-to-dalvik-package)
diff --git a/core/host_java_library.mk b/core/host_java_library.mk
index 8998d52..f9abe9b 100644
--- a/core/host_java_library.mk
+++ b/core/host_java_library.mk
@@ -90,6 +90,7 @@
$(ZIPTIME) \
$(JAR_ARGS) \
$(ZIPSYNC) \
+ $(SOONG_ZIP) \
| $(SOONG_JAVAC_WRAPPER)
$(transform-host-java-to-package)
$(remove-timestamps-from-package)
diff --git a/core/java.mk b/core/java.mk
index 44e005d..6798efa 100644
--- a/core/java.mk
+++ b/core/java.mk
@@ -296,6 +296,7 @@
$(NORMALIZE_PATH) \
$(JAR_ARGS) \
$(ZIPSYNC) \
+ $(SOONG_ZIP) \
| $(SOONG_JAVAC_WRAPPER)
@echo "Target Java: $@
$(call compile-java,$(TARGET_JAVAC),$(PRIVATE_ALL_JAVA_HEADER_LIBRARIES))
diff --git a/core/tasks/vts-core-tests.mk b/core/tasks/vts-core-tests.mk
index 33da020..08663c2 100644
--- a/core/tasks/vts-core-tests.mk
+++ b/core/tasks/vts-core-tests.mk
@@ -28,9 +28,4 @@
vts: $(compatibility_zip)
$(call dist-for-goals, vts, $(compatibility_zip))
-# TODO(b/149249068): Remove vts-core phony target after it's removed from all
-# builders.
-.PHONY: vts-core
-vts-core: vts
-
tests: vts
diff --git a/target/product/base_system.mk b/target/product/base_system.mk
index b017377..3e5d3a3 100644
--- a/target/product/base_system.mk
+++ b/target/product/base_system.mk
@@ -81,6 +81,7 @@
framework-res \
framework-sysconfig.xml \
fsck_msdos \
+ fsverity-release-cert-der \
fs_config_files_system \
fs_config_dirs_system \
group_system \
diff --git a/target/product/security/Android.bp b/target/product/security/Android.bp
index 080706b..5f4f82b 100644
--- a/target/product/security/Android.bp
+++ b/target/product/security/Android.bp
@@ -3,3 +3,11 @@
name: "aosp-testkey",
certificate: "testkey",
}
+
+// Google-owned certificate for CTS testing, since we can't trust arbitrary keys on release devices.
+prebuilt_etc {
+ name: "fsverity-release-cert-der",
+ src: "fsverity-release.x509.der",
+ sub_dir: "security/fsverity",
+ filename_from_src: true,
+}
diff --git a/target/product/security/fsverity-release.x509.der b/target/product/security/fsverity-release.x509.der
new file mode 100644
index 0000000..cd8cd79
--- /dev/null
+++ b/target/product/security/fsverity-release.x509.der
Binary files differ