[automerger skipped] Set __ANDROID_API__ for vendor binaries to vndk version.
am: 05c62fc0f4 -s ours
Change-Id: Ie72125d3135acd9d9d9c33a4f4c3e19469a3ca52
diff --git a/core/Makefile b/core/Makefile
index 7911026..fc1173e 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -1064,7 +1064,7 @@
INTERNAL_USERIMAGES_BINARY_PATHS := $(sort $(dir $(INTERNAL_USERIMAGES_DEPS)))
ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY))
-INTERNAL_USERIMAGES_DEPS += $(BUILD_VERITY_TREE) $(APPEND2SIMG) $(VERITY_SIGNER)
+INTERNAL_USERIMAGES_DEPS += $(BUILD_VERITY_METADATA) $(BUILD_VERITY_TREE) $(APPEND2SIMG) $(VERITY_SIGNER)
ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY_FEC))
INTERNAL_USERIMAGES_DEPS += $(FEC)
endif
@@ -1203,6 +1203,12 @@
$(TARGET_RECOVERY_ROOT_OUT)/plat_property_contexts \
$(TARGET_RECOVERY_ROOT_OUT)/vendor_property_contexts
+ifdef BOARD_ODM_SEPOLICY_DIRS
+recovery_sepolicy += \
+ $(TARGET_RECOVERY_ROOT_OUT)/odm_file_contexts \
+ $(TARGET_RECOVERY_ROOT_OUT)/odm_property_contexts
+endif
+
# Passed into rsync from non-recovery root to recovery root, to avoid overwriting recovery-specific
# SELinux files
IGNORE_RECOVERY_SEPOLICY := $(patsubst $(TARGET_RECOVERY_OUT)/%,--exclude=/%,$(recovery_sepolicy))
@@ -2324,7 +2330,6 @@
$(HOST_OUT_EXECUTABLES)/sload_f2fs \
$(HOST_OUT_EXECUTABLES)/simg2img \
$(HOST_OUT_EXECUTABLES)/e2fsck \
- $(HOST_OUT_EXECUTABLES)/build_verity_tree \
$(HOST_OUT_EXECUTABLES)/generate_verity_key \
$(HOST_OUT_EXECUTABLES)/verity_signer \
$(HOST_OUT_EXECUTABLES)/verity_verifier \
@@ -2337,7 +2342,9 @@
$(HOST_OUT_EXECUTABLES)/delta_generator \
$(AVBTOOL) \
$(BLK_ALLOC_TO_BASE_FS) \
- $(BROTLI)
+ $(BROTLI) \
+ $(BUILD_VERITY_METADATA) \
+ $(BUILD_VERITY_TREE)
ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT))
OTATOOLS += \
@@ -2383,7 +2390,6 @@
$(BUILT_OTATOOLS_PACKAGE): zip_root := $(call intermediates-dir-for,PACKAGING,otatools)/otatools
OTATOOLS_DEPS := \
- system/extras/verity/build_verity_metadata.py \
system/extras/ext4_utils/mke2fs.conf \
external/avb/test/data/testkey_rsa4096.pem \
$(sort $(shell find system/update_engine/scripts -name \*.pyc -prune -o -type f -print)) \
diff --git a/core/clear_vars.mk b/core/clear_vars.mk
index 0c94ac3..c8beb3a 100644
--- a/core/clear_vars.mk
+++ b/core/clear_vars.mk
@@ -240,12 +240,13 @@
LOCAL_SHARED_LIBRARIES:=
LOCAL_SOONG_CLASSES_JAR :=
LOCAL_SOONG_DEX_JAR :=
+LOCAL_SOONG_EXPORT_PROGUARD_FLAGS :=
LOCAL_SOONG_HEADER_JAR :=
LOCAL_SOONG_JACOCO_REPORT_CLASSES_JAR :=
LOCAL_SOONG_PROGUARD_DICT :=
LOCAL_SOONG_RESOURCE_EXPORT_PACKAGE :=
LOCAL_SOONG_RRO_DIRS :=
-LOCAL_DROIDDOC_STUBS_JAR :=
+LOCAL_DROIDDOC_STUBS_SRCJAR :=
LOCAL_DROIDDOC_DOC_ZIP :=
# '',true
LOCAL_SOURCE_FILES_ALL_GENERATED:=
@@ -268,6 +269,7 @@
LOCAL_UNINSTALLABLE_MODULE:=
LOCAL_UNSTRIPPED_PATH:=
LOCAL_USE_AAPT2:=$(USE_AAPT2)
+LOCAL_USE_R8:=
LOCAL_USE_VNDK:=
LOCAL_VENDOR_MODULE:=
LOCAL_VTSC_FLAGS:=
diff --git a/core/config.mk b/core/config.mk
index e4ed107..0944387 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -562,7 +562,7 @@
# Default R8 behavior when USE_R8 is not specified.
ifndef USE_R8
- USE_R8 := false
+ USE_R8 := true
endif
#
@@ -610,6 +610,7 @@
SOONG_ZIP := $(SOONG_HOST_OUT_EXECUTABLES)/soong_zip
MERGE_ZIPS := $(SOONG_HOST_OUT_EXECUTABLES)/merge_zips
XMLLINT := $(SOONG_HOST_OUT_EXECUTABLES)/xmllint
+XZ := $(prebuilt_build_tools)/$(HOST_PREBUILT_TAG)/bin/xz
ZIP2ZIP := $(SOONG_HOST_OUT_EXECUTABLES)/zip2zip
ZIPTIME := $(prebuilt_build_tools_bin)/ziptime
@@ -685,6 +686,7 @@
BUILD_IMAGE_SRCS := $(wildcard build/make/tools/releasetools/*.py)
APPEND2SIMG := $(HOST_OUT_EXECUTABLES)/append2simg
VERITY_SIGNER := $(HOST_OUT_EXECUTABLES)/verity_signer
+BUILD_VERITY_METADATA := $(HOST_OUT_EXECUTABLES)/build_verity_metadata.py
BUILD_VERITY_TREE := $(HOST_OUT_EXECUTABLES)/build_verity_tree
BOOT_SIGNER := $(HOST_OUT_EXECUTABLES)/boot_signer
FUTILITY := $(HOST_OUT_EXECUTABLES)/futility-host
@@ -852,6 +854,11 @@
$(error When PRODUCT_SHIPPING_API_LEVEL >= 28, TARGET_USES_64_BIT_BINDER must be true)
endif
endif
+ ifeq ($(PRODUCT_FULL_TREBLE),true)
+ ifneq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE), true)
+ $(error When PRODUCT_SHIPPING_API_LEVEL >= 28, BOARD_BUILD_SYSTEM_ROOT_IMAGE must be true)
+ endif
+ endif
endif
endif
@@ -978,18 +985,18 @@
TARGET_SDK_VERSIONS_WITHOUT_JAVA_18_SUPPORT := $(call numbers_less_than,24,$(TARGET_AVAILABLE_SDK_VERSIONS))
TARGET_SDK_VERSIONS_WITHOUT_JAVA_19_SUPPORT := $(call numbers_less_than,27,$(TARGET_AVAILABLE_SDK_VERSIONS))
-INTERNAL_PLATFORM_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/public_api.txt
+ifndef INTERNAL_PLATFORM_PRIVATE_API_FILE
INTERNAL_PLATFORM_PRIVATE_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/private.txt
+endif
+ifndef INTERNAL_PLATFORM_PRIVATE_DEX_API_FILE
INTERNAL_PLATFORM_PRIVATE_DEX_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/private-dex.txt
-INTERNAL_PLATFORM_REMOVED_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/removed.txt
-INTERNAL_PLATFORM_SYSTEM_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/system-api.txt
+endif
+ifndef INTERNAL_PLATFORM_SYSTEM_PRIVATE_API_FILE
INTERNAL_PLATFORM_SYSTEM_PRIVATE_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/system-private.txt
+endif
+ifndef INTERNAL_PLATFORM_SYSTEM_PRIVATE_DEX_API_FILE
INTERNAL_PLATFORM_SYSTEM_PRIVATE_DEX_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/system-private-dex.txt
-INTERNAL_PLATFORM_SYSTEM_REMOVED_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/system-removed.txt
-INTERNAL_PLATFORM_SYSTEM_EXACT_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/system-exact.txt
-INTERNAL_PLATFORM_TEST_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/test-api.txt
-INTERNAL_PLATFORM_TEST_REMOVED_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/test-removed.txt
-INTERNAL_PLATFORM_TEST_EXACT_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/test-exact.txt
+endif
INTERNAL_PLATFORM_HIDDENAPI_LIGHT_GREYLIST := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/hiddenapi-light-greylist.txt
INTERNAL_PLATFORM_HIDDENAPI_DARK_GREYLIST := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/hiddenapi-dark-greylist.txt
diff --git a/core/definitions.mk b/core/definitions.mk
index a872550..91e89ed 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -1853,7 +1853,7 @@
$(PRIVATE_OBJCOPY) -S --remove-section .gdb_index --remove-section .comment --keep-symbols=$@.keep_symbols $@.mini_debuginfo && \
$(PRIVATE_OBJCOPY) --rename-section saved_debug_frame=.debug_frame $@.mini_debuginfo && \
rm -f $@.mini_debuginfo.xz && \
- xz $@.mini_debuginfo && \
+ $(XZ) $@.mini_debuginfo && \
$(PRIVATE_OBJCOPY) --add-section .gnu_debugdata=$@.mini_debuginfo.xz $@; \
else \
cp -f $< $@; \
@@ -2292,12 +2292,9 @@
$(JAVA) -jar $(TURBINE) \
--output $@.premerged --temp_dir $(dir $@)/classes-turbine \
--sources \@$(PRIVATE_JAVA_SOURCE_LIST) --source_jars $(PRIVATE_SRCJARS) \
- --javacopts $(PRIVATE_JAVACFLAGS) $(COMMON_JDK_FLAGS) \
- $(addprefix --bootclasspath ,$(strip \
- $(call normalize-path-list,$(PRIVATE_BOOTCLASSPATH)) \
- $(PRIVATE_EMPTY_BOOTCLASSPATH))) \
- $(addprefix --classpath ,$(strip \
- $(call normalize-path-list,$(PRIVATE_ALL_JAVA_HEADER_LIBRARIES)))) \
+ --javacopts $(PRIVATE_JAVACFLAGS) $(COMMON_JDK_FLAGS) -- \
+ $(addprefix --bootclasspath ,$(strip $(PRIVATE_BOOTCLASSPATH))) \
+ $(addprefix --classpath ,$(strip $(PRIVATE_ALL_JAVA_HEADER_LIBRARIES))) \
|| ( rm -rf $(dir $@)/classes-turbine ; exit 41 ) && \
$(MERGE_ZIPS) -j --ignore-duplicates -stripDir META-INF $@.tmp $@.premerged $(call reverse-list,$(PRIVATE_STATIC_JAVA_HEADER_LIBRARIES)) ; \
else \
diff --git a/core/droiddoc.mk b/core/droiddoc.mk
index b174f31..0dbebca 100644
--- a/core/droiddoc.mk
+++ b/core/droiddoc.mk
@@ -216,13 +216,13 @@
$(PRIVATE_ADDITIONAL_HTML_DIR) \
$(addprefix -bootclasspath ,$(PRIVATE_BOOTCLASSPATH)) \
$(addprefix -classpath ,$(PRIVATE_CLASSPATH)) \
- -sourcepath $(PRIVATE_SOURCE_PATH)$(addprefix :,$(PRIVATE_CLASSPATH)) \
+ -sourcepath $(PRIVATE_SOURCE_PATH) \
-d $(PRIVATE_OUT_DIR) \
$(PRIVATE_CURRENT_BUILD) $(PRIVATE_CURRENT_TIME) \
$(PRIVATE_DROIDDOC_OPTIONS) \
$(addprefix -stubs ,$(PRIVATE_STUB_OUT_DIR)) \
&& touch -f $@ \
- ) || (rm -rf $(PRIVATE_OUT_DIR) $(PRIVATE_SRC_LIST_FILE); exit 45)
+ ) || (cat $(PRIVATE_SRC_LIST_FILE) $(PRIVATE_SRCJAR_LIST_FILE) && rm -rf $(PRIVATE_OUT_DIR) $(PRIVATE_SRC_LIST_FILE); exit 45)
@@ -261,7 +261,7 @@
$(PRIVATE_PROFILING_OPTIONS) \
$(addprefix -classpath ,$(PRIVATE_CLASSPATH)) \
$(PRIVATE_BOOTCLASSPATH_ARG) \
- -sourcepath $(PRIVATE_SOURCE_PATH)$(addprefix :,$(PRIVATE_CLASSPATH)) \
+ -sourcepath $(PRIVATE_SOURCE_PATH) \
-d $(PRIVATE_OUT_DIR) \
-quiet \
&& touch -f $@ \
diff --git a/core/dynamic_binary.mk b/core/dynamic_binary.mk
index f44b8a8..ebbe71c 100644
--- a/core/dynamic_binary.mk
+++ b/core/dynamic_binary.mk
@@ -145,15 +145,15 @@
ifeq ($(my_strip_module),mini-debug-info)
# Strip the binary, but keep debug frames and symbol table in a compressed .gnu_debugdata section.
-$(strip_output): $(strip_input) | $($(LOCAL_2ND_ARCH_VAR_PREFIX)TARGET_STRIP) $($(LOCAL_2ND_ARCH_VAR_PREFIX)TARGET_OBJCOPY) $($(LOCAL_2ND_ARCH_VAR_PREFIX)TARGET_NM)
+$(strip_output): $(strip_input) $($(LOCAL_2ND_ARCH_VAR_PREFIX)TARGET_STRIP) $($(LOCAL_2ND_ARCH_VAR_PREFIX)TARGET_OBJCOPY) $($(LOCAL_2ND_ARCH_VAR_PREFIX)TARGET_NM) $(XZ)
$(transform-to-stripped-keep-mini-debug-info)
else ifneq ($(filter true no_debuglink,$(my_strip_module)),)
# Strip the binary
-$(strip_output): $(strip_input) | $($(LOCAL_2ND_ARCH_VAR_PREFIX)TARGET_STRIP)
+$(strip_output): $(strip_input) $($(LOCAL_2ND_ARCH_VAR_PREFIX)TARGET_STRIP)
$(transform-to-stripped)
else ifeq ($(my_strip_module),keep_symbols)
# Strip only the debug frames, but leave the symbol table.
-$(strip_output): $(strip_input) | $($(LOCAL_2ND_ARCH_VAR_PREFIX)TARGET_STRIP)
+$(strip_output): $(strip_input) $($(LOCAL_2ND_ARCH_VAR_PREFIX)TARGET_STRIP)
$(transform-to-stripped-keep-symbols)
# A product may be configured to strip everything in some build variants.
diff --git a/core/java.mk b/core/java.mk
index 3eb9086..80bd5eb 100644
--- a/core/java.mk
+++ b/core/java.mk
@@ -15,6 +15,10 @@
endif # !PDK_JAVA
endif #PDK
+ifndef LOCAL_USE_R8
+LOCAL_USE_R8 := $(USE_R8)
+endif
+
LOCAL_NO_STANDARD_LIBRARIES:=$(strip $(LOCAL_NO_STANDARD_LIBRARIES))
LOCAL_SDK_VERSION:=$(strip $(LOCAL_SDK_VERSION))
@@ -497,9 +501,9 @@
endif # LOCAL_INSTRUMENTATION_FOR
proguard_flag_files := $(addprefix $(LOCAL_PATH)/, $(LOCAL_PROGUARD_FLAG_FILES))
-ifeq ($(USE_R8),true)
+ifeq ($(LOCAL_USE_R8),true)
proguard_flag_files += $(addprefix $(LOCAL_PATH)/, $(LOCAL_R8_FLAG_FILES))
-endif # USE_R8
+endif # LOCAL_USE_R8
LOCAL_PROGUARD_FLAGS += $(addprefix -include , $(proguard_flag_files))
ifdef LOCAL_TEST_MODULE_TO_PROGUARD_WITH
@@ -509,7 +513,7 @@
endif
ifneq ($(filter obfuscation,$(LOCAL_PROGUARD_ENABLED)),)
-ifneq ($(USE_R8),true)
+ifneq ($(LOCAL_USE_R8),true)
$(full_classes_proguard_jar): .KATI_IMPLICIT_OUTPUTS := $(proguard_dictionary)
else
$(built_dex_intermediate): .KATI_IMPLICIT_OUTPUTS := $(proguard_dictionary)
@@ -517,17 +521,17 @@
endif
# If R8 is not enabled run Proguard.
-ifneq ($(USE_R8),true)
+ifneq ($(LOCAL_USE_R8),true)
# Changes to these dependencies need to be replicated below when using R8
# instead of Proguard + dx.
$(full_classes_proguard_jar): PRIVATE_EXTRA_INPUT_JAR := $(extra_input_jar)
$(full_classes_proguard_jar): PRIVATE_PROGUARD_FLAGS := $(legacy_proguard_flags) $(common_proguard_flags) $(LOCAL_PROGUARD_FLAGS)
$(full_classes_proguard_jar) : $(full_classes_pre_proguard_jar) $(extra_input_jar) $(my_proguard_sdk_raise) $(common_proguard_flag_files) $(proguard_flag_files) $(legacy_proguard_lib_deps) | $(PROGUARD)
$(call transform-jar-to-proguard)
-else # !USE_R8
+else # !LOCAL_USE_R8
# Running R8 instead of Proguard, proguarded jar is actually the pre-Proguarded jar.
full_classes_proguard_jar := $(full_classes_pre_proguard_jar)
-endif # !USE_R8
+endif # !LOCAL_USE_R8
else # LOCAL_PROGUARD_ENABLED not defined
proguard_flag_files :=
@@ -539,7 +543,7 @@
my_r8 :=
ifdef LOCAL_PROGUARD_ENABLED
-ifeq ($(USE_R8),true)
+ifeq ($(LOCAL_USE_R8),true)
# These are the dependencies for the proguarded jar when running
# Proguard + dx. They are used for the generated dex when using R8, as
# R8 does Proguard + dx
@@ -548,7 +552,7 @@
$(built_dex_intermediate): PRIVATE_PROGUARD_FLAGS := $(legacy_proguard_flags) $(common_proguard_flags) $(LOCAL_PROGUARD_FLAGS)
$(built_dex_intermediate) : $(full_classes_proguard_jar) $(extra_input_jar) $(my_support_library_sdk_raise) $(common_proguard_flag_files) $(proguard_flag_files) $(legacy_proguard_lib_deps) $(R8_COMPAT_PROGUARD)
$(transform-jar-to-dex-r8)
-endif # USE_R8
+endif # LOCAL_USE_R8
endif # LOCAL_PROGUARD_ENABLED
ifndef my_r8
diff --git a/core/sdk_check.mk b/core/sdk_check.mk
index c09fc7c..49ea2a8 100644
--- a/core/sdk_check.mk
+++ b/core/sdk_check.mk
@@ -8,11 +8,6 @@
whitelisted_modules := framework-res__auto_generated_rro
-
-ifeq (,$(JAVA_SDK_ENFORCEMENT_ERROR))
- JAVA_SDK_ENFORCEMENT_ERROR := APPS
-endif
-
ifeq ($(LOCAL_SDK_VERSION)$(LOCAL_PRIVATE_PLATFORM_APIS),)
ifeq (,$(filter $(LOCAL_MODULE),$(whitelisted_modules)))
ifneq ($(JAVA_SDK_ENFORCEMENT_WARNING)$(JAVA_SDK_ENFORCEMENT_ERROR),)
diff --git a/core/soong_app_prebuilt.mk b/core/soong_app_prebuilt.mk
index f9dbdfa..ae0d196 100644
--- a/core/soong_app_prebuilt.mk
+++ b/core/soong_app_prebuilt.mk
@@ -55,6 +55,7 @@
@echo "Copy: $$@"
$(copy-file-to-target)
touch $(PRIVATE_STAMP)
+$(call add-dependency,$(LOCAL_BUILT_MODULE),$(resource_export_package))
endif # LOCAL_SOONG_RESOURCE_EXPORT_PACKAGE
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 169c62b..d899b32 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -108,7 +108,6 @@
$(call add_json_bool, ArtUseReadBarrier, $(call invert_bool,$(filter false,$(PRODUCT_ART_USE_READ_BARRIER))))
$(call add_json_bool, Binder32bit, $(BINDER32BIT))
-$(call add_json_bool, Brillo, $(BRILLO))
$(call add_json_str, BtConfigIncludeDir, $(BOARD_BLUETOOTH_BDROID_BUILDCFG_INCLUDE_DIR))
$(call add_json_bool, Device_uses_hwc2, $(filter true,$(TARGET_USES_HWC2)))
$(call add_json_list, DeviceKernelHeaders, $(TARGET_PROJECT_SYSTEM_INCLUDES))
diff --git a/core/soong_java_prebuilt.mk b/core/soong_java_prebuilt.mk
index 1fb6d71..63a1e2e 100644
--- a/core/soong_java_prebuilt.mk
+++ b/core/soong_java_prebuilt.mk
@@ -23,13 +23,14 @@
$(eval $(call copy-one-file,$(LOCAL_PREBUILT_MODULE_FILE),$(full_classes_jar)))
$(eval $(call copy-one-file,$(LOCAL_PREBUILT_MODULE_FILE),$(full_classes_pre_proguard_jar)))
-ifdef LOCAL_DROIDDOC_STUBS_JAR
-$(eval $(call copy-one-file,$(LOCAL_DROIDDOC_STUBS_JAR),$(OUT_DOCS)/$(LOCAL_MODULE)-stubs.srcjar))
+ifdef LOCAL_DROIDDOC_STUBS_SRCJAR
+$(eval $(call copy-one-file,$(LOCAL_DROIDDOC_STUBS_SRCJAR),$(OUT_DOCS)/$(LOCAL_MODULE)-stubs.srcjar))
ALL_DOCS += $(OUT_DOCS)/$(LOCAL_MODULE)-stubs.srcjar
endif
ifdef LOCAL_DROIDDOC_DOC_ZIP
$(eval $(call copy-one-file,$(LOCAL_DROIDDOC_DOC_ZIP),$(OUT_DOCS)/$(LOCAL_MODULE)-docs.zip))
+$(call dist-for-goals,docs,$(OUT_DOCS)/$(LOCAL_MODULE)-docs.zip)
endif
ifdef LOCAL_SOONG_JACOCO_REPORT_CLASSES_JAR
@@ -39,6 +40,24 @@
$(intermediates.COMMON)/jacoco-report-classes.jar)
endif
+ifdef LOCAL_SOONG_EXPORT_PROGUARD_FLAGS
+ $(eval $(call copy-one-file,$(LOCAL_SOONG_EXPORT_PROGUARD_FLAGS),\
+ $(intermediates.COMMON)/export_proguard_flags))
+ $(call add-dependency,$(LOCAL_BUILT_MODULE),\
+ $(intermediates.COMMON)/export_proguard_flags)
+endif
+
+ifdef LOCAL_SOONG_RESOURCE_EXPORT_PACKAGE
+my_res_package := $(intermediates.COMMON)/package-res.apk
+
+$(my_res_package): $(LOCAL_SOONG_RESOURCE_EXPORT_PACKAGE)
+ @echo "Copy: $$@"
+ $(copy-file-to-target)
+
+$(call add-dependency,$(LOCAL_BUILT_MODULE),$(my_res_package))
+
+endif # LOCAL_SOONG_RESOURCE_EXPORT_PACKAGE
+
ifneq ($(TURBINE_ENABLED),false)
ifdef LOCAL_SOONG_HEADER_JAR
$(eval $(call copy-one-file,$(LOCAL_SOONG_HEADER_JAR),$(full_classes_header_jar)))
diff --git a/core/tasks/apicheck.mk b/core/tasks/apicheck.mk
index f4aee3f..5042356 100644
--- a/core/tasks/apicheck.mk
+++ b/core/tasks/apicheck.mk
@@ -54,7 +54,7 @@
-error 16 -error 17 -error 18 -error 31, \
cat $(BUILD_SYSTEM)/apicheck_msg_last.txt, \
check-public-api, \
- $(call doc-timestamp-for,api-stubs) \
+ $(OUT_DOCS)/api-stubs-docs-stubs.srcjar \
))
# Check that the API we're building hasn't changed from the not-yet-released
@@ -71,7 +71,7 @@
-error 25 -error 26 -error 27, \
cat $(BUILD_SYSTEM)/apicheck_msg_current.txt, \
check-public-api, \
- $(call doc-timestamp-for,api-stubs) \
+ $(OUT_DOCS)/api-stubs-docs-stubs.srcjar \
))
.PHONY: update-public-api
@@ -100,7 +100,7 @@
-error 16 -error 17 -error 18 -error 31, \
cat $(BUILD_SYSTEM)/apicheck_msg_last.txt, \
check-system-api, \
- $(call doc-timestamp-for,system-api-stubs) \
+ $(OUT_DOCS)/system-api-stubs-docs-stubs.srcjar \
))
# Check that the System API we're building hasn't changed from the not-yet-released
@@ -117,7 +117,7 @@
-error 25 -error 26 -error 27, \
cat $(BUILD_SYSTEM)/apicheck_msg_current.txt, \
check-system-api, \
- $(call doc-timestamp-for,system-api-stubs) \
+ $(OUT_DOCS)/system-api-stubs-docs-stubs.srcjar \
))
.PHONY: update-system-api
@@ -149,7 +149,7 @@
-error 25 -error 26 -error 27, \
cat $(BUILD_SYSTEM)/apicheck_msg_current.txt, \
check-test-api, \
- $(call doc-timestamp-for,test-api-stubs) \
+ $(OUT_DOCS)/test-api-stubs-docs-stubs.srcjar \
))
.PHONY: update-test-api
diff --git a/core/tasks/check_boot_jars/check_boot_jars.py b/core/tasks/check_boot_jars/check_boot_jars.py
index 1b4540c..9d71553 100755
--- a/core/tasks/check_boot_jars/check_boot_jars.py
+++ b/core/tasks/check_boot_jars/check_boot_jars.py
@@ -39,7 +39,7 @@
return True
-def CheckJar(jar):
+def CheckJar(whitelist_path, jar):
"""Check a jar file.
"""
# Get the list of files inside the jar file.
@@ -55,8 +55,9 @@
package_name = package_name.replace('/', '.')
# Skip class without a package name
if package_name and not whitelist_re.match(package_name):
- print >> sys.stderr, ('Error: %s contains class file %s, which is not in the whitelist'
- % (jar, f))
+ print >> sys.stderr, ('Error: %s contains class file %s, whose package name %s is not '
+ 'in the whitelist %s of packages allowed on the bootclasspath.'
+ % (jar, f, package_name, whitelist_path))
return False
return True
@@ -65,13 +66,14 @@
if len(argv) < 2:
print __doc__
return 1
+ whitelist_path = argv[0]
- if not LoadWhitelist(argv[0]):
+ if not LoadWhitelist(whitelist_path):
return 1
passed = True
for jar in argv[1:]:
- if not CheckJar(jar):
+ if not CheckJar(whitelist_path, jar):
passed = False
if not passed:
return 1
diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk
index 7ab9021..f38c4d8 100644
--- a/target/board/generic/BoardConfig.mk
+++ b/target/board/generic/BoardConfig.mk
@@ -79,3 +79,5 @@
# Enable A/B update
TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
+
+BOARD_VNDK_VERSION := current
\ No newline at end of file
diff --git a/target/board/generic_arm64/BoardConfig.mk b/target/board/generic_arm64/BoardConfig.mk
index d5f79f4..d605e6b 100644
--- a/target/board/generic_arm64/BoardConfig.mk
+++ b/target/board/generic_arm64/BoardConfig.mk
@@ -110,3 +110,5 @@
# Enable A/B update
TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
+
+BOARD_VNDK_VERSION := current
diff --git a/target/product/emulator.mk b/target/product/emulator.mk
index 11466b8..0005cfa 100644
--- a/target/product/emulator.mk
+++ b/target/product/emulator.mk
@@ -134,10 +134,9 @@
device/generic/goldfish/init.ranchu-core.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-core.sh \
device/generic/goldfish/init.ranchu-net.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-net.sh \
device/generic/goldfish/wifi/init.wifi.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.wifi.sh \
- device/generic/goldfish/init.ranchu.rc:root/init.ranchu.rc \
- device/generic/goldfish/fstab.ranchu:root/fstab.ranchu \
- device/generic/goldfish/fstab.ranchu.early:root/fstab.ranchu.early \
- device/generic/goldfish/ueventd.ranchu.rc:root/ueventd.ranchu.rc \
+ device/generic/goldfish/init.ranchu.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.ranchu.rc \
+ device/generic/goldfish/fstab.ranchu:$(TARGET_COPY_OUT_VENDOR)/etc/fstab.ranchu \
+ device/generic/goldfish/ueventd.ranchu.rc:$(TARGET_COPY_OUT_VENDOR)/ueventd.rc \
device/generic/goldfish/input/goldfish_rotary.idc:$(TARGET_COPY_OUT_VENDOR)/usr/idc/goldfish_rotary.idc \
device/generic/goldfish/manifest.xml:$(TARGET_COPY_OUT_VENDOR)/manifest.xml \
device/generic/goldfish/data/etc/permissions/privapp-permissions-goldfish.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/privapp-permissions-goldfish.xml \
diff --git a/target/product/treble_common.mk b/target/product/treble_common.mk
index cd5442f..8fa2974 100644
--- a/target/product/treble_common.mk
+++ b/target/product/treble_common.mk
@@ -66,6 +66,12 @@
PRODUCT_COPY_FILES += \
device/generic/goldfish/data/etc/apns-conf.xml:system/etc/apns-conf.xml
+# NFC:
+# Provide default libnfc-nci.conf file for devices that does not have one in
+# vendor/etc
+PRODUCT_COPY_FILES += \
+ device/generic/common/nfc/libnfc-nci.conf:system/etc/libnfc-nci.conf
+
# Support for the devices with no VNDK enforcing
PRODUCT_COPY_FILES += \
build/make/target/product/vndk/init.gsi.rc:system/etc/init/init.gsi.rc \
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index 123ec7c..2e2e088 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -80,8 +80,7 @@
def GetVerityMetadataSize(partition_size):
- cmd = ["system/extras/verity/build_verity_metadata.py", "size",
- str(partition_size)]
+ cmd = ["build_verity_metadata.py", "size", str(partition_size)]
output, exit_code = RunCommand(cmd, False)
if exit_code != 0:
return False, 0
@@ -250,9 +249,8 @@
def BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt,
block_device, signer_path, key, signer_args,
verity_disable):
- cmd = ["system/extras/verity/build_verity_metadata.py", "build",
- str(image_size), verity_metadata_path, root_hash, salt, block_device,
- signer_path, key]
+ cmd = ["build_verity_metadata.py", "build", str(image_size),
+ verity_metadata_path, root_hash, salt, block_device, signer_path, key]
if signer_args:
cmd.append("--signer_args=\"%s\"" % (' '.join(signer_args),))
if verity_disable:
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 787de98..b5f69a5 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -109,6 +109,7 @@
TUNE_PARTITION_FAILURE = 3007
APPLY_PATCH_FAILURE = 3008
+
class ExternalError(RuntimeError):
pass
@@ -591,11 +592,12 @@
cmd = ["unzip", "-o", "-q", filename, "-d", dirname]
if pattern is not None:
cmd.extend(pattern)
- p = Run(cmd, stdout=subprocess.PIPE)
- p.communicate()
+ p = Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ stdoutdata, _ = p.communicate()
if p.returncode != 0:
- raise ExternalError("failed to unzip input target-files \"%s\"" %
- (filename,))
+ raise ExternalError(
+ "Failed to unzip input target-files \"{}\":\n{}".format(
+ filename, stdoutdata))
tmp = MakeTempDir(prefix="targetfiles-")
m = re.match(r"^(.*[.]zip)\+(.*[.]zip)$", filename, re.IGNORECASE)
@@ -718,18 +720,31 @@
def GetMinSdkVersion(apk_name):
- """Get the minSdkVersion delared in the APK. This can be both a decimal number
- (API Level) or a codename.
+ """Gets the minSdkVersion declared in the APK.
+
+ It calls 'aapt' to query the embedded minSdkVersion from the given APK file.
+ This can be both a decimal number (API Level) or a codename.
+
+ Args:
+ apk_name: The APK filename.
+
+ Returns:
+ The parsed SDK version string.
+
+ Raises:
+ ExternalError: On failing to obtain the min SDK version.
"""
+ proc = Run(
+ ["aapt", "dump", "badging", apk_name], stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+ stdoutdata, stderrdata = proc.communicate()
+ if proc.returncode != 0:
+ raise ExternalError(
+ "Failed to obtain minSdkVersion: aapt return code {}:\n{}\n{}".format(
+ proc.returncode, stdoutdata, stderrdata))
- p = Run(["aapt", "dump", "badging", apk_name], stdout=subprocess.PIPE)
- output, err = p.communicate()
- if err:
- raise ExternalError("Failed to obtain minSdkVersion: aapt return code %s"
- % (p.returncode,))
-
- for line in output.split("\n"):
- # Looking for lines such as sdkVersion:'23' or sdkVersion:'M'
+ for line in stdoutdata.split("\n"):
+ # Looking for lines such as sdkVersion:'23' or sdkVersion:'M'.
m = re.match(r'sdkVersion:\'([^\']*)\'', line)
if m:
return m.group(1)
@@ -737,11 +752,20 @@
def GetMinSdkVersionInt(apk_name, codename_to_api_level_map):
- """Get the minSdkVersion declared in the APK as a number (API Level). If
- minSdkVersion is set to a codename, it is translated to a number using the
- provided map.
- """
+ """Returns the minSdkVersion declared in the APK as a number (API Level).
+ If minSdkVersion is set to a codename, it is translated to a number using the
+ provided map.
+
+ Args:
+ apk_name: The APK filename.
+
+ Returns:
+ The parsed SDK version number.
+
+ Raises:
+ ExternalError: On failing to get the min SDK version number.
+ """
version = GetMinSdkVersion(apk_name)
try:
return int(version)
@@ -750,8 +774,9 @@
if version in codename_to_api_level_map:
return codename_to_api_level_map[version]
else:
- raise ExternalError("Unknown minSdkVersion: '%s'. Known codenames: %s"
- % (version, codename_to_api_level_map))
+ raise ExternalError(
+ "Unknown minSdkVersion: '{}'. Known codenames: {}".format(
+ version, codename_to_api_level_map))
def SignFile(input_name, output_name, key, password, min_api_level=None,
@@ -795,12 +820,15 @@
key + OPTIONS.private_key_suffix,
input_name, output_name])
- p = Run(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
+ p = Run(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT)
if password is not None:
password += "\n"
- p.communicate(password)
+ stdoutdata, _ = p.communicate(password)
if p.returncode != 0:
- raise ExternalError("signapk.jar failed: return code %s" % (p.returncode,))
+ raise ExternalError(
+ "Failed to run signapk.jar: return code {}:\n{}".format(
+ p.returncode, stdoutdata))
def CheckSize(data, target, info_dict):
@@ -1711,10 +1739,11 @@
'--output={}.new.dat.br'.format(self.path),
'{}.new.dat'.format(self.path)]
print("Compressing {}.new.dat with brotli".format(self.partition))
- p = Run(brotli_cmd, stdout=subprocess.PIPE)
- p.communicate()
- assert p.returncode == 0,\
- 'compression of {}.new.dat failed'.format(self.partition)
+ p = Run(brotli_cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ stdoutdata, _ = p.communicate()
+ assert p.returncode == 0, \
+ 'Failed to compress {}.new.dat with brotli:\n{}'.format(
+ self.partition, stdoutdata)
new_data_name = '{}.new.dat.br'.format(self.partition)
ZipWrite(output_zip,
diff --git a/tools/releasetools/test_common.py b/tools/releasetools/test_common.py
index fb26b66..f211b03 100644
--- a/tools/releasetools/test_common.py
+++ b/tools/releasetools/test_common.py
@@ -504,6 +504,23 @@
actual = common.ParseCertificate(cert_fp.read())
self.assertEqual(expected, actual)
+ def test_GetMinSdkVersion(self):
+ test_app = os.path.join(self.testdata_dir, 'TestApp.apk')
+ self.assertEqual('24', common.GetMinSdkVersion(test_app))
+
+ def test_GetMinSdkVersion_invalidInput(self):
+ self.assertRaises(
+ common.ExternalError, common.GetMinSdkVersion, 'does-not-exist.apk')
+
+ def test_GetMinSdkVersionInt(self):
+ test_app = os.path.join(self.testdata_dir, 'TestApp.apk')
+ self.assertEqual(24, common.GetMinSdkVersionInt(test_app, {}))
+
+ def test_GetMinSdkVersionInt_invalidInput(self):
+ self.assertRaises(
+ common.ExternalError, common.GetMinSdkVersionInt, 'does-not-exist.apk',
+ {})
+
class CommonUtilsTest(unittest.TestCase):
diff --git a/tools/releasetools/test_validate_target_files.py b/tools/releasetools/test_validate_target_files.py
new file mode 100644
index 0000000..d62ea95
--- /dev/null
+++ b/tools/releasetools/test_validate_target_files.py
@@ -0,0 +1,166 @@
+#
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+"""Unittests for validate_target_files.py."""
+
+from __future__ import print_function
+
+import os
+import os.path
+import shutil
+import subprocess
+import unittest
+
+import build_image
+import common
+import test_utils
+from validate_target_files import ValidateVerifiedBootImages
+
+
+class ValidateTargetFilesTest(unittest.TestCase):
+
+ def setUp(self):
+ self.testdata_dir = test_utils.get_testdata_dir()
+
+ def tearDown(self):
+ common.Cleanup()
+
+ def _generate_boot_image(self, output_file):
+ kernel = common.MakeTempFile(prefix='kernel-')
+ with open(kernel, 'wb') as kernel_fp:
+ kernel_fp.write(os.urandom(10))
+
+ cmd = ['mkbootimg', '--kernel', kernel, '-o', output_file]
+ proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ stdoutdata, _ = proc.communicate()
+ self.assertEqual(
+ 0, proc.returncode,
+ "Failed to run mkbootimg: {}".format(stdoutdata))
+
+ cmd = ['boot_signer', '/boot', output_file,
+ os.path.join(self.testdata_dir, 'testkey.pk8'),
+ os.path.join(self.testdata_dir, 'testkey.x509.pem'), output_file]
+ proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ stdoutdata, _ = proc.communicate()
+ self.assertEqual(
+ 0, proc.returncode,
+ "Failed to sign boot image with boot_signer: {}".format(stdoutdata))
+
+ def test_ValidateVerifiedBootImages_bootImage(self):
+ input_tmp = common.MakeTempDir()
+ os.mkdir(os.path.join(input_tmp, 'IMAGES'))
+ boot_image = os.path.join(input_tmp, 'IMAGES', 'boot.img')
+ self._generate_boot_image(boot_image)
+
+ info_dict = {
+ 'boot_signer' : 'true',
+ }
+ options = {
+ 'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'),
+ }
+ ValidateVerifiedBootImages(input_tmp, info_dict, options)
+
+ def test_ValidateVerifiedBootImages_bootImage_wrongKey(self):
+ input_tmp = common.MakeTempDir()
+ os.mkdir(os.path.join(input_tmp, 'IMAGES'))
+ boot_image = os.path.join(input_tmp, 'IMAGES', 'boot.img')
+ self._generate_boot_image(boot_image)
+
+ info_dict = {
+ 'boot_signer' : 'true',
+ }
+ options = {
+ 'verity_key' : os.path.join(self.testdata_dir, 'verity.x509.pem'),
+ }
+ self.assertRaises(
+ AssertionError, ValidateVerifiedBootImages, input_tmp, info_dict,
+ options)
+
+ def test_ValidateVerifiedBootImages_bootImage_corrupted(self):
+ input_tmp = common.MakeTempDir()
+ os.mkdir(os.path.join(input_tmp, 'IMAGES'))
+ boot_image = os.path.join(input_tmp, 'IMAGES', 'boot.img')
+ self._generate_boot_image(boot_image)
+
+ # Corrupt the late byte of the image.
+ with open(boot_image, 'r+b') as boot_fp:
+ boot_fp.seek(-1, os.SEEK_END)
+ last_byte = boot_fp.read(1)
+ last_byte = chr(255 - ord(last_byte))
+ boot_fp.seek(-1, os.SEEK_END)
+ boot_fp.write(last_byte)
+
+ info_dict = {
+ 'boot_signer' : 'true',
+ }
+ options = {
+ 'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'),
+ }
+ self.assertRaises(
+ AssertionError, ValidateVerifiedBootImages, input_tmp, info_dict,
+ options)
+
+ def _generate_system_image(self, output_file):
+ verity_fec = True
+ partition_size = 1024 * 1024
+ adjusted_size, verity_size = build_image.AdjustPartitionSizeForVerity(
+ partition_size, verity_fec)
+
+ # Use an empty root directory.
+ system_root = common.MakeTempDir()
+ cmd = ['mkuserimg_mke2fs.sh', '-s', system_root, output_file, 'ext4',
+ '/system', str(adjusted_size), '-j', '0']
+ proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ stdoutdata, _ = proc.communicate()
+ self.assertEqual(
+ 0, proc.returncode,
+ "Failed to create system image with mkuserimg_mke2fs.sh: {}".format(
+ stdoutdata))
+
+ # Append the verity metadata.
+ prop_dict = {
+ 'original_partition_size' : str(partition_size),
+ 'partition_size' : str(adjusted_size),
+ 'verity_block_device' : '/dev/block/system',
+ 'verity_key' : os.path.join(self.testdata_dir, 'testkey'),
+ 'verity_signer_cmd' : 'verity_signer',
+ 'verity_size' : str(verity_size),
+ }
+ self.assertTrue(
+ build_image.MakeVerityEnabledImage(output_file, verity_fec, prop_dict))
+
+ def test_ValidateVerifiedBootImages_systemImage(self):
+ input_tmp = common.MakeTempDir()
+ os.mkdir(os.path.join(input_tmp, 'IMAGES'))
+ system_image = os.path.join(input_tmp, 'IMAGES', 'system.img')
+ self._generate_system_image(system_image)
+
+ # Pack the verity key.
+ verity_key_mincrypt = os.path.join(
+ input_tmp, 'BOOT', 'RAMDISK', 'verity_key')
+ os.makedirs(os.path.dirname(verity_key_mincrypt))
+ shutil.copyfile(
+ os.path.join(self.testdata_dir, 'testkey_mincrypt'),
+ verity_key_mincrypt)
+
+ info_dict = {
+ 'verity' : 'true',
+ }
+ options = {
+ 'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'),
+ 'verity_key_mincrypt' : verity_key_mincrypt,
+ }
+ ValidateVerifiedBootImages(input_tmp, info_dict, options)
diff --git a/tools/releasetools/testdata/TestApp.apk b/tools/releasetools/testdata/TestApp.apk
new file mode 100644
index 0000000..a911603
--- /dev/null
+++ b/tools/releasetools/testdata/TestApp.apk
Binary files differ
diff --git a/tools/releasetools/testdata/testkey_mincrypt b/tools/releasetools/testdata/testkey_mincrypt
new file mode 100644
index 0000000..7f5d31b
--- /dev/null
+++ b/tools/releasetools/testdata/testkey_mincrypt
Binary files differ
diff --git a/tools/releasetools/validate_target_files.py b/tools/releasetools/validate_target_files.py
index db1ba2e..e8cea29 100755
--- a/tools/releasetools/validate_target_files.py
+++ b/tools/releasetools/validate_target_files.py
@@ -17,16 +17,25 @@
"""
Validate a given (signed) target_files.zip.
-It performs checks to ensure the integrity of the input zip.
+It performs the following checks to assert the integrity of the input zip.
+
- It verifies the file consistency between the ones in IMAGES/system.img (read
via IMAGES/system.map) and the ones under unpacked folder of SYSTEM/. The
same check also applies to the vendor image if present.
+
+ - It verifies the install-recovery script consistency, by comparing the
+ checksums in the script against the ones of IMAGES/{boot,recovery}.img.
+
+ - It verifies the signed Verified Boot related images, for both of Verified
+ Boot 1.0 and 2.0 (aka AVB).
"""
+import argparse
+import filecmp
import logging
import os.path
import re
-import sys
+import subprocess
import zipfile
import common
@@ -177,33 +186,152 @@
logging.info('Done checking %s', script_path)
-def main(argv):
- def option_handler():
- return True
+def ValidateVerifiedBootImages(input_tmp, info_dict, options):
+ """Validates the Verified Boot related images.
- args = common.ParseOptions(
- argv, __doc__, extra_opts="",
- extra_long_opts=[],
- extra_option_handler=option_handler)
+ For Verified Boot 1.0, it verifies the signatures of the bootable images
+ (boot/recovery etc), as well as the dm-verity metadata in system images
+ (system/vendor/product). For Verified Boot 2.0, it calls avbtool to verify
+ vbmeta.img, which in turn verifies all the descriptors listed in vbmeta.
- if len(args) != 1:
- common.Usage(__doc__)
- sys.exit(1)
+ Args:
+ input_tmp: The top-level directory of unpacked target-files.zip.
+ info_dict: The loaded info dict.
+ options: A dict that contains the user-supplied public keys to be used for
+ image verification. In particular, 'verity_key' is used to verify the
+ bootable images in VB 1.0, and the vbmeta image in VB 2.0, where
+ applicable. 'verity_key_mincrypt' will be used to verify the system
+ images in VB 1.0.
+
+ Raises:
+ AssertionError: On any verification failure.
+ """
+ # Verified boot 1.0 (images signed with boot_signer and verity_signer).
+ if info_dict.get('boot_signer') == 'true':
+ logging.info('Verifying Verified Boot images...')
+
+ # Verify the boot/recovery images (signed with boot_signer), against the
+ # given X.509 encoded pubkey (or falling back to the one in the info_dict if
+ # none given).
+ verity_key = options['verity_key']
+ if verity_key is None:
+ verity_key = info_dict['verity_key'] + '.x509.pem'
+ for image in ('boot.img', 'recovery.img', 'recovery-two-step.img'):
+ image_path = os.path.join(input_tmp, 'IMAGES', image)
+ if not os.path.exists(image_path):
+ continue
+
+ cmd = ['boot_signer', '-verify', image_path, '-certificate', verity_key]
+ proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ stdoutdata, _ = proc.communicate()
+ assert proc.returncode == 0, \
+ 'Failed to verify {} with boot_signer:\n{}'.format(image, stdoutdata)
+ logging.info(
+ 'Verified %s with boot_signer (key: %s):\n%s', image, verity_key,
+ stdoutdata.rstrip())
+
+ # Verify verity signed system images in Verified Boot 1.0. Note that not using
+ # 'elif' here, since 'boot_signer' and 'verity' are not bundled in VB 1.0.
+ if info_dict.get('verity') == 'true':
+ # First verify that the verity key that's built into the root image (as
+ # /verity_key) matches the one given via command line, if any.
+ if info_dict.get("system_root_image") == "true":
+ verity_key_mincrypt = os.path.join(input_tmp, 'ROOT', 'verity_key')
+ else:
+ verity_key_mincrypt = os.path.join(
+ input_tmp, 'BOOT', 'RAMDISK', 'verity_key')
+ assert os.path.exists(verity_key_mincrypt), 'Missing verity_key'
+
+ if options['verity_key_mincrypt'] is None:
+ logging.warn(
+ 'Skipped checking the content of /verity_key, as the key file not '
+ 'provided. Use --verity_key_mincrypt to specify.')
+ else:
+ expected_key = options['verity_key_mincrypt']
+ assert filecmp.cmp(expected_key, verity_key_mincrypt, shallow=False), \
+ "Mismatching mincrypt verity key files"
+ logging.info('Verified the content of /verity_key')
+
+ # Then verify the verity signed system/vendor/product images, against the
+ # verity pubkey in mincrypt format.
+ for image in ('system.img', 'vendor.img', 'product.img'):
+ image_path = os.path.join(input_tmp, 'IMAGES', image)
+
+ # We are not checking if the image is actually enabled via info_dict (e.g.
+ # 'system_verity_block_device=...'). Because it's most likely a bug that
+ # skips signing some of the images in signed target-files.zip, while
+ # having the top-level verity flag enabled.
+ if not os.path.exists(image_path):
+ continue
+
+ cmd = ['verity_verifier', image_path, '-mincrypt', verity_key_mincrypt]
+ proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ stdoutdata, _ = proc.communicate()
+ assert proc.returncode == 0, \
+ 'Failed to verify {} with verity_verifier (key: {}):\n{}'.format(
+ image, verity_key_mincrypt, stdoutdata)
+ logging.info(
+ 'Verified %s with verity_verifier (key: %s):\n%s', image,
+ verity_key_mincrypt, stdoutdata.rstrip())
+
+ # Handle the case of Verified Boot 2.0 (AVB).
+ if info_dict.get("avb_enable") == "true":
+ logging.info('Verifying Verified Boot 2.0 (AVB) images...')
+
+ key = options['verity_key']
+ if key is None:
+ key = info_dict['avb_vbmeta_key_path']
+ # avbtool verifies all the images that have descriptors listed in vbmeta.
+ image = os.path.join(input_tmp, 'IMAGES', 'vbmeta.img')
+ cmd = ['avbtool', 'verify_image', '--image', image, '--key', key]
+ proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ stdoutdata, _ = proc.communicate()
+ assert proc.returncode == 0, \
+ 'Failed to verify {} with verity_verifier (key: {}):\n{}'.format(
+ image, key, stdoutdata)
+
+ logging.info(
+ 'Verified %s with avbtool (key: %s):\n%s', image, key,
+ stdoutdata.rstrip())
+
+
+def main():
+ parser = argparse.ArgumentParser(
+ description=__doc__,
+ formatter_class=argparse.RawDescriptionHelpFormatter)
+ parser.add_argument(
+ 'target_files',
+ help='the input target_files.zip to be validated')
+ parser.add_argument(
+ '--verity_key',
+ help='the verity public key to verify the bootable images (Verified '
+ 'Boot 1.0), or the vbmeta image (Verified Boot 2.0), where '
+ 'applicable')
+ parser.add_argument(
+ '--verity_key_mincrypt',
+ help='the verity public key in mincrypt format to verify the system '
+ 'images, if target using Verified Boot 1.0')
+ args = parser.parse_args()
+
+ # Unprovided args will have 'None' as the value.
+ options = vars(args)
logging_format = '%(asctime)s - %(filename)s - %(levelname)-8s: %(message)s'
date_format = '%Y/%m/%d %H:%M:%S'
logging.basicConfig(level=logging.INFO, format=logging_format,
datefmt=date_format)
- logging.info("Unzipping the input target_files.zip: %s", args[0])
- input_tmp = common.UnzipTemp(args[0])
+ logging.info("Unzipping the input target_files.zip: %s", args.target_files)
+ input_tmp = common.UnzipTemp(args.target_files)
- with zipfile.ZipFile(args[0], 'r') as input_zip:
+ with zipfile.ZipFile(args.target_files, 'r') as input_zip:
ValidateFileConsistency(input_zip, input_tmp)
info_dict = common.LoadInfoDict(input_tmp)
ValidateInstallRecoveryScript(input_tmp, info_dict)
+ ValidateVerifiedBootImages(input_tmp, info_dict, options)
+
# TODO: Check if the OTA keys have been properly updated (the ones on /system,
# in recovery image).
@@ -212,6 +340,6 @@
if __name__ == '__main__':
try:
- main(sys.argv[1:])
+ main()
finally:
common.Cleanup()