Merge "fastboot: bail out if failed to generate fs image" into oc-mr1-dev
diff --git a/CleanSpec.mk b/CleanSpec.mk
index 5b5eff4..d5b7554 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -60,3 +60,13 @@
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/lib64/hw/gatekeeper.$(TARGET_DEVICE).so)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/vendor)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/init.rc)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/lib/libtrusty.so)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/lib64/libtrusty.so)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/lib/hw/keystore.trusty.so)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/lib64/hw/keystore.trusty.so)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/lib/hw/gatekeeper.trusty.so)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/lib64/hw/gatekeeper.trusty.so)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/bin/secure-storage-unit-test)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/bin/storageproxyd)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/bin/tipc-test)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/bin/trusty_keymaster_tipc)
diff --git a/adb/Android.mk b/adb/Android.mk
index 5913d94..d5b069a 100644
--- a/adb/Android.mk
+++ b/adb/Android.mk
@@ -360,8 +360,6 @@
LOCAL_MODULE := adbd
LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT_SBIN)
-LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_SBIN_UNSTRIPPED)
LOCAL_SANITIZE := $(adb_target_sanitize)
LOCAL_STRIP_MODULE := keep_symbols
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index 35a29ef..5f2267c 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -93,6 +93,9 @@
static unsigned second_offset = 0x00f00000;
static unsigned tags_offset = 0x00000100;
+static bool g_disable_verity = false;
+static bool g_disable_verification = false;
+
static const std::string convert_fbe_marker_filename("convert_fbe");
enum fb_buffer_type {
@@ -419,6 +422,10 @@
" --skip-reboot Will not reboot the device when\n"
" performing commands that normally\n"
" trigger a reboot.\n"
+ " --disable-verity Set the disable-verity flag in the\n"
+ " the vbmeta image being flashed.\n"
+ " --disable-verification Set the disable-verification flag in"
+ " the vbmeta image being flashed.\n"
#if !defined(_WIN32)
" --wipe-and-use-fbe On devices which support it,\n"
" erase userdata and cache, and\n"
@@ -858,10 +865,55 @@
return load_buf_fd(transport, fd.release(), buf);
}
+static void rewrite_vbmeta_buffer(struct fastboot_buffer* buf) {
+ // Buffer needs to be at least the size of the VBMeta struct which
+ // is 256 bytes.
+ if (buf->sz < 256) {
+ return;
+ }
+
+ int fd = make_temporary_fd();
+ if (fd == -1) {
+ die("Failed to create temporary file for vbmeta rewriting");
+ }
+
+ std::string data;
+ if (!android::base::ReadFdToString(buf->fd, &data)) {
+ die("Failed reading from vbmeta");
+ }
+
+ // There's a 32-bit big endian |flags| field at offset 120 where
+ // bit 0 corresponds to disable-verity and bit 1 corresponds to
+ // disable-verification.
+ //
+ // See external/avb/libavb/avb_vbmeta_image.h for the layout of
+ // the VBMeta struct.
+ if (g_disable_verity) {
+ data[123] |= 0x01;
+ }
+ if (g_disable_verification) {
+ data[123] |= 0x02;
+ }
+
+ if (!android::base::WriteStringToFd(data, fd)) {
+ die("Failed writing to modified vbmeta");
+ }
+ close(buf->fd);
+ buf->fd = fd;
+ lseek(fd, 0, SEEK_SET);
+}
+
static void flash_buf(const char *pname, struct fastboot_buffer *buf)
{
sparse_file** s;
+ // Rewrite vbmeta if that's what we're flashing and modification has been requested.
+ if ((g_disable_verity || g_disable_verification) &&
+ (strcmp(pname, "vbmeta") == 0 || strcmp(pname, "vbmeta_a") == 0 ||
+ strcmp(pname, "vbmeta_b") == 0)) {
+ rewrite_vbmeta_buffer(buf);
+ }
+
switch (buf->type) {
case FB_BUFFER_SPARSE: {
std::vector<std::pair<sparse_file*, int64_t>> sparse_files;
@@ -1470,6 +1522,8 @@
{"set-active", optional_argument, 0, 'a'},
{"skip-secondary", no_argument, 0, 0},
{"skip-reboot", no_argument, 0, 0},
+ {"disable-verity", no_argument, 0, 0},
+ {"disable-verification", no_argument, 0, 0},
#if !defined(_WIN32)
{"wipe-and-use-fbe", no_argument, 0, 0},
#endif
@@ -1555,6 +1609,10 @@
skip_secondary = true;
} else if (strcmp("skip-reboot", longopts[longindex].name) == 0 ) {
skip_reboot = true;
+ } else if (strcmp("disable-verity", longopts[longindex].name) == 0 ) {
+ g_disable_verity = true;
+ } else if (strcmp("disable-verification", longopts[longindex].name) == 0 ) {
+ g_disable_verification = true;
#if !defined(_WIN32)
} else if (strcmp("wipe-and-use-fbe", longopts[longindex].name) == 0) {
wants_wipe = true;
diff --git a/gatekeeperd/SoftGateKeeper.h b/gatekeeperd/SoftGateKeeper.h
index 92d1752..2f4f4d7 100644
--- a/gatekeeperd/SoftGateKeeper.h
+++ b/gatekeeperd/SoftGateKeeper.h
@@ -27,10 +27,10 @@
#include <android-base/memory.h>
#include <gatekeeper/gatekeeper.h>
-#include <nativehelper/UniquePtr.h>
#include <iostream>
#include <unordered_map>
+#include <memory>
namespace gatekeeper {
@@ -173,7 +173,7 @@
typedef std::unordered_map<uint32_t, failure_record_t> FailureRecordMap;
typedef std::unordered_map<uint64_t, fast_hash_t> FastHashMap;
- UniquePtr<uint8_t[]> key_;
+ std::unique_ptr<uint8_t[]> key_;
FailureRecordMap failure_map_;
FastHashMap fast_hash_map_;
};
diff --git a/gatekeeperd/SoftGateKeeperDevice.h b/gatekeeperd/SoftGateKeeperDevice.h
index 229f9a9..e3dc068 100644
--- a/gatekeeperd/SoftGateKeeperDevice.h
+++ b/gatekeeperd/SoftGateKeeperDevice.h
@@ -19,7 +19,7 @@
#include "SoftGateKeeper.h"
-#include <nativehelper/UniquePtr.h>
+#include <memory>
using namespace gatekeeper;
@@ -68,7 +68,7 @@
const uint8_t *provided_password, uint32_t provided_password_length,
uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll);
private:
- UniquePtr<SoftGateKeeper> impl_;
+ std::unique_ptr<SoftGateKeeper> impl_;
};
} // namespace gatekeeper
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index 184c6d2..61c8804 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -23,6 +23,7 @@
#include <inttypes.h>
#include <stdint.h>
#include <unistd.h>
+#include <memory>
#include <binder/IPCThreadState.h>
#include <binder/IServiceManager.h>
@@ -383,7 +384,7 @@
private:
sp<IGatekeeper> hw_device;
- UniquePtr<SoftGateKeeperDevice> soft_device;
+ std::unique_ptr<SoftGateKeeperDevice> soft_device;
bool clear_state_if_needed_done;
};
diff --git a/gatekeeperd/tests/gatekeeper_test.cpp b/gatekeeperd/tests/gatekeeper_test.cpp
index b3aea7b..100375f 100644
--- a/gatekeeperd/tests/gatekeeper_test.cpp
+++ b/gatekeeperd/tests/gatekeeper_test.cpp
@@ -19,7 +19,6 @@
#include <gtest/gtest.h>
#include <hardware/hw_auth_token.h>
-#include <nativehelper/UniquePtr.h>
#include "../SoftGateKeeper.h"
diff --git a/init/init.cpp b/init/init.cpp
index 715dd72..9671560 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -807,13 +807,15 @@
return false;
}
std::string mapping_file("/system/etc/selinux/mapping/" + vend_plat_vers + ".cil");
+ const std::string version_as_string = std::to_string(max_policy_version);
+
// clang-format off
const char* compile_args[] = {
"/system/bin/secilc",
plat_policy_cil_file,
"-M", "true", "-G", "-N",
// Target the highest policy language version supported by the kernel
- "-c", std::to_string(max_policy_version).c_str(),
+ "-c", version_as_string.c_str(),
mapping_file.c_str(),
"/vendor/etc/selinux/nonplat_sepolicy.cil",
"-o", compiled_sepolicy,
diff --git a/libvndksupport/linker.c b/libvndksupport/linker.c
index 703b593..d06cafc 100644
--- a/libvndksupport/linker.c
+++ b/libvndksupport/linker.c
@@ -23,23 +23,38 @@
extern struct android_namespace_t* android_get_exported_namespace(const char*);
+static const char* namespace_name = NULL;
+
+static struct android_namespace_t* get_vendor_namespace() {
+ const char* namespace_names[] = {"sphal", "default", NULL};
+ static struct android_namespace_t* vendor_namespace = NULL;
+ if (vendor_namespace == NULL) {
+ int name_idx = 0;
+ while (namespace_names[name_idx] != NULL) {
+ vendor_namespace = android_get_exported_namespace(namespace_names[name_idx]);
+ if (vendor_namespace != NULL) {
+ namespace_name = namespace_names[name_idx];
+ break;
+ }
+ name_idx++;
+ }
+ }
+ return vendor_namespace;
+}
+
void* android_load_sphal_library(const char* name, int flag) {
- struct android_namespace_t* sphal_namespace = android_get_exported_namespace("sphal");
- if (sphal_namespace != NULL) {
+ struct android_namespace_t* vendor_namespace = get_vendor_namespace();
+ if (vendor_namespace != NULL) {
const android_dlextinfo dlextinfo = {
- .flags = ANDROID_DLEXT_USE_NAMESPACE, .library_namespace = sphal_namespace,
+ .flags = ANDROID_DLEXT_USE_NAMESPACE, .library_namespace = vendor_namespace,
};
void* handle = android_dlopen_ext(name, flag, &dlextinfo);
if (!handle) {
- ALOGE(
- "Could not load %s from sphal namespace: %s.",
- name, dlerror());
+ ALOGE("Could not load %s from %s namespace: %s.", name, namespace_name, dlerror());
}
return handle;
} else {
- ALOGD(
- "Loading %s from current namespace instead of sphal namespace.",
- name);
+ ALOGD("Loading %s from current namespace instead of sphal namespace.", name);
return dlopen(name, flag);
}
}
diff --git a/rootdir/Android.mk b/rootdir/Android.mk
index 046557e..07902fc 100644
--- a/rootdir/Android.mk
+++ b/rootdir/Android.mk
@@ -195,7 +195,15 @@
LOCAL_MODULE := ld.config.txt
ifeq ($(PRODUCT_FULL_TREBLE)|$(SANITIZE_TARGET),true|)
+ifdef BOARD_VNDK_VERSION
+ ifeq ($(BOARD_VNDK_RUNTIME_DISABLE),true)
+ LOCAL_SRC_FILES := etc/ld.config.txt
+ else
+ LOCAL_SRC_FILES := etc/ld.config.vndk.txt
+ endif
+else
LOCAL_SRC_FILES := etc/ld.config.txt
+endif
else
LOCAL_SRC_FILES := etc/ld.config.legacy.txt
endif
diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt
index 16db770..57ec518 100644
--- a/rootdir/etc/ld.config.txt
+++ b/rootdir/etc/ld.config.txt
@@ -81,6 +81,7 @@
# to load the compiled *.so file and libmediandk.so can be used here.
###############################################################################
namespace.rs.isolated = true
+namespace.rs.visible = true
namespace.rs.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/vendor/${LIB}
namespace.rs.permitted.paths = /vendor/${LIB}:/data
diff --git a/rootdir/etc/ld.config.vndk.txt b/rootdir/etc/ld.config.vndk.txt
new file mode 100644
index 0000000..c7e2573
--- /dev/null
+++ b/rootdir/etc/ld.config.vndk.txt
@@ -0,0 +1,158 @@
+# Copyright (C) 2017 The Android Open Source Project
+#
+# Bionic loader config file.
+#
+
+# Don't change the order here. The first pattern that matches with the
+# absolution path of an executable is selected.
+dir.system = /system/bin/
+dir.system = /system/xbin/
+dir.vendor = /vendor/bin/
+dir.vendor = /data/nativetest/vendor
+dir.vendor = /data/nativetest64/vendor
+dir.vendor = /data/benchmarktest/vendor
+dir.vendor = /data/benchmarktest64/vendor
+dir.system = /data/nativetest
+dir.system = /data/nativetest64
+dir.system = /data/benchmarktest
+dir.system = /data/benchmarktest64
+
+[system]
+additional.namespaces = sphal,vndk,rs
+
+###############################################################################
+# "default" namespace
+#
+# Framework-side code runs in this namespace. Anything from /vendor partition
+# can't be loaded in this namespace.
+###############################################################################
+namespace.default.isolated = false
+namespace.default.search.paths = /system/${LIB}:/vendor/${LIB}
+namespace.default.permitted.paths = /system/${LIB}:/vendor/${LIB}
+
+namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}:/data/asan/vendor/${LIB}:/vendor/${LIB}
+namespace.default.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}:/data/asan/vendor/${LIB}:/vendor/${LIB}
+
+# TODO(b/37013858): remove all dependencies to /vendor/lib from system processes
+# When this is done, comment out following three lines and remove the three
+# lines above
+#namespace.default.isolated = true
+#namespace.default.search.paths = /system/${LIB}
+#namespace.default.permitted.paths = /system/${LIB}
+#
+#namespace.default.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}
+#namespace.default.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}
+
+###############################################################################
+# "sphal" namespace
+#
+# SP-HAL(Sameprocess-HAL)s are the only vendor libraries that are allowed to be
+# loaded inside system processes. libEGL_<chipset>.so, libGLESv2_<chipset>.so,
+# android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs.
+#
+# This namespace is exclusivly for SP-HALs. When the framework tries to dynami-
+# cally load SP-HALs, android_dlopen_ext() is used to explicitly specifying
+# that they should be searched and loaded from this namespace.
+#
+# Note that there is no link from the default namespace to this namespace.
+###############################################################################
+namespace.sphal.isolated = true
+namespace.sphal.visible = true
+namespace.sphal.search.paths = /vendor/${LIB}/egl:/vendor/${LIB}/hw:/vendor/${LIB}
+namespace.sphal.permitted.paths = /vendor/${LIB}:/system/${LIB}/vndk-sp/hw
+
+namespace.sphal.asan.search.paths = /data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl:/data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}:/vendor/${LIB}
+namespace.sphal.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB}
+
+# Once in this namespace, access to libraries in /system/lib is restricted. Only
+# libs listed here can be used.
+namespace.sphal.links = default,vndk,rs
+
+# WARNING: only NDK libs can be listed here.
+namespace.sphal.link.default.shared_libs = libEGL.so:libm.so:libandroid_net.so:libvndksupport.so:libc.so:libGLESv1_CM.so:liblog.so:libsync.so:libnativewindow.so:libGLESv3.so:libdl.so:libGLESv2.so
+
+# WARNING: only VNDK-SP libs can be listed here. DO NOT EDIT this line.
+namespace.sphal.link.vndk.shared_libs = libhardware.so:libc++.so:libhidlbase.so:libhwbinder.so:libhidltransport.so:libbase.so:libhidlmemory.so:libRS.so:libRSDriver.so:libcutils.so:libion.so:libRSCpuRef.so:android.hardware.graphics.common@1.0.so:android.hardware.graphics.mapper@2.0.so:android.hidl.memory@1.0.so:libbcinfo.so:android.hardware.graphics.allocator@2.0.so:android.hardware.renderscript@1.0.so:libutils.so:libz.so
+
+# Renderscript gets separate namespace
+namespace.sphal.link.rs.shared_libs = libRS_internal.so
+
+###############################################################################
+# "rs" namespace
+#
+# This namespace is exclusively for Renderscript internal libraries.
+# This namespace has slightly looser restriction than the vndk namespace because
+# of the genuine characteristics of Renderscript; /data is in the permitted path
+# to load the compiled *.so file and libmediandk.so can be used here.
+###############################################################################
+namespace.rs.isolated = true
+namespace.rs.visible = true
+namespace.rs.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/vendor/${LIB}
+namespace.rs.permitted.paths = /vendor/${LIB}:/data
+
+namespace.rs.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/data/asan/vendor/${LIB}:/vendor/${LIB}
+namespace.rs.asan.permitted.paths = /data/asan/vendor/${LIB}:/vendor/${LIB}:/data
+
+namespace.rs.links = default,vndk
+namespace.rs.link.default.shared_libs = libEGL.so:libm.so:libandroid_net.so:libvndksupport.so:libc.so:libGLESv1_CM.so:liblog.so:libsync.so:libnativewindow.so:libGLESv3.so:libdl.so:libGLESv2.so:libmediandk.so:libft2.so
+namespace.rs.link.vndk.shared_libs = libhardware.so:libc++.so:libhidlbase.so:libhwbinder.so:libhidltransport.so:libbase.so:libhidlmemory.so:libRS.so:libRSDriver.so:libcutils.so:libion.so:libRSCpuRef.so:android.hardware.graphics.common@1.0.so:android.hardware.graphics.mapper@2.0.so:android.hidl.memory@1.0.so:libbcinfo.so:android.hardware.graphics.allocator@2.0.so:android.hardware.renderscript@1.0.so:libutils.so:libz.so
+
+###############################################################################
+# "vndk" namespace
+#
+# This namespace is exclusively for vndk-sp libs.
+###############################################################################
+namespace.vndk.isolated = true
+namespace.vndk.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp
+namespace.vndk.permitted.paths = /vendor/${LIB}/hw:/vendor/${LIB}/egl
+
+namespace.vndk.asan.search.paths = /data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp
+namespace.vndk.asan.permitted.paths = /data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl
+
+# When these NDK libs are required inside this namespace, then it is redirected
+# to the default namespace. This is possible since their ABI is stable across
+# Android releases.
+namespace.vndk.links = default
+namespace.vndk.link.default.shared_libs = libEGL.so:libm.so:libandroid_net.so:libvndksupport.so:libc.so:libGLESv1_CM.so:liblog.so:libsync.so:libnativewindow.so:libGLESv3.so:libdl.so:libGLESv2.so
+
+###############################################################################
+# Namespace config for vendor processes. In O, no restriction is enforced for
+# them. However, in O-MR1, access to /system/${LIB} will not be allowed to
+# the default namespace. 'system' namespace will be added to give limited
+# (LL-NDK only) access.
+###############################################################################
+[vendor]
+additional.namespaces = system
+
+###############################################################################
+# "default" namespace
+#
+# Vendor-side code runs in this namespace.
+###############################################################################
+namespace.default.isolated = true
+namespace.default.visible = true
+
+namespace.default.search.paths = /vendor/${LIB}/hw:/vendor/${LIB}/egl:/vendor/${LIB}:/system/${LIB}/vndk:/vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp
+namespace.default.permitted.paths = /vendor:/system/${LIB}/vndk:/system/${LIB}/vndk-sp
+
+namespace.default.asan.search.paths = /data/asan/vendor/${LIB}/hw:/vendor/${LIB}/hw:/data/asan/vendor/${LIB}/egl:/vendor/${LIB}/egl:/data/asan/vendor/${LIB}:/vendor/${LIB}:/data/asan/system/${LIB}/vndk:/system/${LIB}/vndk:/data/asan/vendor/${LIB}/vndk-sp:/vendor/${LIB}/vndk-sp:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp
+namespace.default.asan.permitted.paths = /data/asan/vendor:/vendor:/data/asan/system/${LIB}/vndk:/system/${LIB}/vndk:/data/asan/system/${LIB}/vndk-sp:/system/${LIB}/vndk-sp
+
+namespace.default.links = system
+namespace.default.link.system.shared_libs = libEGL.so:libm.so:libandroid_net.so:libvndksupport.so:libc.so:libGLESv1_CM.so:liblog.so:libsync.so:libnativewindow.so:libGLESv3.so:libdl.so:libGLESv2.so:libpowermanager.so:libmedia.so:libandroid_runtime.so
+# libpowermanager.so must be removed after we have fix for libsdm-color.so (b/64732165)
+# libmedia.so must be removed after we have fix for lib-dplmedia.so (b/64427765)
+# libandroid_runtime.so must be removed after we have a fix for qseeproxydaemon (b/64820887)
+
+###############################################################################
+# "system" namespace
+#
+# This is for vendor process to use LL-NDK in system partition.
+###############################################################################
+namespace.system.isolated = false
+namespace.system.search.paths = /system/${LIB}
+namespace.system.permitted.paths = /system/${LIB}
+
+namespace.system.asan.search.paths = /data/asan/system/${LIB}:/system/${LIB}
+namespace.system.asan.permitted.paths = /data/asan/system/${LIB}:/system/${LIB}
+
diff --git a/rootdir/init.usb.rc b/rootdir/init.usb.rc
index 915d159..3168f40 100644
--- a/rootdir/init.usb.rc
+++ b/rootdir/init.usb.rc
@@ -12,7 +12,7 @@
mkdir /data/adb 0700 root root
# adbd is controlled via property triggers in init.<platform>.usb.rc
-service adbd /sbin/adbd --root_seclabel=u:r:su:s0
+service adbd /system/bin/adbd --root_seclabel=u:r:su:s0
class core
socket adbd stream 660 system system
disabled
diff --git a/trusty/gatekeeper/Android.bp b/trusty/gatekeeper/Android.bp
index a9566a1..65b271a 100644
--- a/trusty/gatekeeper/Android.bp
+++ b/trusty/gatekeeper/Android.bp
@@ -22,6 +22,7 @@
cc_library_shared {
name: "gatekeeper.trusty",
+ vendor: true,
relative_install_path: "hw",
@@ -43,4 +44,5 @@
"libcutils",
"libtrusty",
],
+ header_libs: ["libhardware_headers"],
}
diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp
index 6b9d723..0820fa0 100644
--- a/trusty/keymaster/Android.bp
+++ b/trusty/keymaster/Android.bp
@@ -25,6 +25,7 @@
// and ECDSA keys.
cc_binary {
name: "trusty_keymaster_tipc",
+ vendor: true,
srcs: [
"trusty_keymaster_device.cpp",
"trusty_keymaster_ipc.cpp",
@@ -45,6 +46,7 @@
// keystore.trusty is the HAL used by keystore on Trusty devices.
cc_library_shared {
name: "keystore.trusty",
+ vendor: true,
relative_install_path: "hw",
srcs: [
"module.cpp",
@@ -65,4 +67,5 @@
"liblog",
"libcutils",
],
+ header_libs: ["libhardware_headers"],
}
diff --git a/trusty/libtrusty/Android.bp b/trusty/libtrusty/Android.bp
index f316da2..88d6240 100644
--- a/trusty/libtrusty/Android.bp
+++ b/trusty/libtrusty/Android.bp
@@ -18,6 +18,7 @@
cc_library {
name: "libtrusty",
+ vendor: true,
srcs: ["trusty.c"],
export_include_dirs: ["include"],
diff --git a/trusty/libtrusty/tipc-test/Android.bp b/trusty/libtrusty/tipc-test/Android.bp
index cb00fe7..25a3cb0 100644
--- a/trusty/libtrusty/tipc-test/Android.bp
+++ b/trusty/libtrusty/tipc-test/Android.bp
@@ -14,12 +14,14 @@
cc_test {
name: "tipc-test",
- static_executable: true,
+ vendor: true,
srcs: ["tipc_test.c"],
static_libs: [
- "libc",
"libtrusty",
+ ],
+ shared_libs: [
+ "libc",
"liblog",
],
gtest: false,
diff --git a/trusty/storage/interface/Android.bp b/trusty/storage/interface/Android.bp
index a551c37..18b4a5f 100644
--- a/trusty/storage/interface/Android.bp
+++ b/trusty/storage/interface/Android.bp
@@ -16,5 +16,6 @@
cc_library_static {
name: "libtrustystorageinterface",
+ vendor: true,
export_include_dirs: ["include"],
}
diff --git a/trusty/storage/lib/Android.bp b/trusty/storage/lib/Android.bp
index 5eb3f07..4e41674 100644
--- a/trusty/storage/lib/Android.bp
+++ b/trusty/storage/lib/Android.bp
@@ -16,16 +16,19 @@
cc_library_static {
name: "libtrustystorage",
+ vendor: true,
srcs: ["storage.c"],
export_include_dirs: ["include"],
static_libs: [
- "liblog",
"libtrusty",
"libtrustystorageinterface",
],
+ shared_libs: [
+ "liblog",
+ ],
cflags: [
"-fvisibility=hidden",
diff --git a/trusty/storage/proxy/Android.bp b/trusty/storage/proxy/Android.bp
index eb34df0..da8542d 100644
--- a/trusty/storage/proxy/Android.bp
+++ b/trusty/storage/proxy/Android.bp
@@ -16,6 +16,7 @@
cc_binary {
name: "storageproxyd",
+ vendor: true,
srcs: [
"ipc.c",
@@ -25,6 +26,7 @@
],
shared_libs: ["liblog"],
+ header_libs: ["libcutils_headers"],
static_libs: [
"libtrustystorageinterface",
diff --git a/trusty/storage/proxy/proxy.c b/trusty/storage/proxy/proxy.c
index 27e5891..41263e5 100644
--- a/trusty/storage/proxy/proxy.c
+++ b/trusty/storage/proxy/proxy.c
@@ -24,7 +24,7 @@
#include <sys/stat.h>
#include <unistd.h>
-#include <private/android_filesystem_config.h>
+#include <cutils/android_filesystem_config.h>
#include "ipc.h"
#include "log.h"
diff --git a/trusty/storage/tests/Android.bp b/trusty/storage/tests/Android.bp
index 3eff3f2..1b003e9 100644
--- a/trusty/storage/tests/Android.bp
+++ b/trusty/storage/tests/Android.bp
@@ -16,6 +16,7 @@
cc_test {
name: "secure-storage-unit-test",
+ vendor: true,
cflags: [
"-g",
@@ -29,6 +30,8 @@
"libtrustystorageinterface",
"libtrustystorage",
"libtrusty",
+ ],
+ shared_libs: [
"liblog",
],