Commit Graph

67414 Commits

Author SHA1 Message Date
Inseob Kim 84a8be3c52 Add WithDexpreopt soong variable
Test: m selinux_policy on sc-arc
Change-Id: Ieae24f65d74179d0604040a95f8aff4b027a2949
2021-03-23 23:21:24 +00:00
SzuWei Lin ebb3176268 Merge "Update OWNERS for GSI files" 2021-03-23 03:53:33 +00:00
Treehugger Robot fc6c0b8c67 Merge "Add PlatformSepolicyVersion to soong_config" 2021-03-23 03:53:18 +00:00
Treehugger Robot 30f09a1a2e Merge "Support GKI boot.img v4 signing" 2021-03-23 00:24:33 +00:00
Inseob Kim 232f6ac676 Add PlatformSepolicyVersion to soong_config
PlatformSepolicyVersion and BoardSepolicyVers haven't assigned correctly
so far. Below is the reason why it hasn't been discovered yet.

DeviceConfig.PlatformSepolicyVersion() was added to support mixed
sepolicy build (setting BOARD_SEPOLICY_VERS and building vendor sepolicy
with old plat policy files). Soong compares PlatformSepolicyVersion()
and BoardSepolicyVers(), and used old vendor sources if both are
different. Back then, the only place where such logic played a role was
selinux contexts. Test codes were running as intended: after setting
BOARD_SEPOLICY_VERS the context files were built against old policies.

But there were two mistakes:

1) PlatformSepolicyVersion() was not added to soong_config.mk, so it was
always empty.
2) BOARD_SEPOLICY_VERS was set to default in system/sepolicy/Android.mk,
which was processed after soong_config. So if BOARD_SEPOLICY_VERS was
not set in BoardConfig.mk, BoardSepolicyVers() was empty, not
PLATFORM_SEPOLICY_VERSION.

And there were no issues as Soong only checked equality.

To fix the issue correctly, this commit adds the variable
PlatformSepolicyVersion, and then handles BoardSepolicyVers correctly by
returning PlatformSepolicyVersion if it's empty.

Test: set BOARD_SEPOLICY_VERS and see vendor_file_contexts changes
Change-Id: I4e306ec1f5225094a39f0c8d94f5e7683d70d60e
2021-03-22 22:34:40 +09:00
satayev b90b546567 Merge "Move allowed_deps.txt to packages/modules/common." 2021-03-22 10:48:45 +00:00
Yo Chiang 680a642645 Merge "Nextgen release: Don't build images that GSI don't need" 2021-03-22 05:41:31 +00:00
Yi-Yo Chiang a88d2da587 Nextgen release: Don't build images that GSI don't need
These images are never used by GSI. Building them is a waste of resource
and a potential source of confusion, for they are packaged into the
*-img-*.zip of GSI. Skip building them.

Bug: 183068624
Test: "m dist" on GSI and check the build artifacts under OUT and DIST
  directories, and check the contents of *-img-*.zip
Change-Id: Ic14cfdd10ed26d975b369ce128e4b284378219ef
2021-03-22 05:41:23 +00:00
SzuWei Lin 76d96ae6b6 Update OWNERS for GSI files
Bug: 183342911
Test: n/a
Change-Id: Ia3faa182266a8203391884d79dae56f3212a3b7e
2021-03-22 12:13:55 +08:00
Treehugger Robot fd4844272c Merge "Reorder compatibility libraries used in class loader context." 2021-03-21 11:14:08 +00:00
Treehugger Robot 389f95dcbe Merge "manifest_check.py: translate library names using dexpreopt configs." 2021-03-20 12:12:52 +00:00
Yifan Hong 93ccefb210 Merge "Extracting kernel should not depend on system/vendor build." 2021-03-19 22:00:15 +00:00
Yifan Hong c0f904e069 Extracting kernel should not depend on system/vendor build.
If system and vendor are built separately, none of the two
builds contained kernel information. The process of extracting
kernel information shouldn't depend on system and vendor
builds, but on the existance of the kernel image.

With this change, one of system or vendor build may have
INSTALLED_KERNEL_IMAGE defined and the other has
PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS defined. The one
with INSTALLED_KERNEL_IMAGE defined will contain kernel information
in target files.

After target files are merged, check_target_files_vintf will kick
in to do the checks properly.

Test: forrest
Bug: 180475190
Change-Id: I8d887dd94e1171ab277f02f25534caf098e3faae
2021-03-19 12:50:38 -07:00
Treehugger Robot 98dba54385 Merge "Consolidate manifest_check for different module types." 2021-03-19 16:59:35 +00:00
Treehugger Robot 306a6d1fcc Merge "Keystore 2.0: Enable keystore2 by default" 2021-03-19 16:06:00 +00:00
Ulya Trafimovich 413be716ab Reorder compatibility libraries used in class loader context.
Compatibility library "android.hidl.manager-V1.0-java" should go
before "android.hidl.base-V1.0-java" in class loader context for
dexpreopt, because this is the order used by PackageManager when it
constructs class loader context on device.

This allows to avoid "ClassLoaderContext classpath element mismatch"
errors on first boot for Calendar and messaging apps, which have old
enough targetSdkVersion to need HIDL compatibility libraries. Previously
the errors were masked because these apps used the deprecated
&-classpath hack.

Bug: 132357300

Test: lunch aosp_cf_x86_64_phone-userdebug && m && launch_cvd \
      adb wait-for-device && adb root && adb logcat \
      | grep -E 'ClassLoaderContext [a-z ]+ mismatch'
      # empty grep output, no errors
Change-Id: Ibde9a4578cd86b85a9e7f11d8752716b6567e51e
2021-03-19 11:01:53 +00:00
Ulya Trafimovich 928fc2c1ef manifest_check.py: translate library names using dexpreopt configs.
Java modules that are defined in makefiles are not processed in
topological order, so it is necessary to communicate information from
dependencies via dexpreopt.config files. This has already been done in
make/core/dex_preopt_config_merger.py, and now manifest_check.py also
needs to get library names from their dexpreopt.config files.

This is to accommodate Java libraries which name differs from their
modules name. Soong properties `uses_libs`/`optional_uses_libs` and
makefile vars `LOCAL_USES_LIBRARIES`/`LOCAL_OPTIONAL_USES_LIBRARIES`
contain module names, not library names, so it is necessary to translate
them when comparing against library names in the manifest.

Bug: 132357300
Test: lunch cf_x86_64_phone-userdebug && m
Change-Id: I769b508a927d87a5ffbabf9aa45eebfb954b8bd2
2021-03-19 11:01:39 +00:00
Ulya Trafimovich 2bf587713b Consolidate manifest_check for different module types.
Move manifest_check (a.k.a. verify_uses_libraries check) from makefiles
for specific module types to common makefile dex_preopt_odex_install.mk,
which is included by all Java modules that may require dexpreopt. If a
modules locally disables dexpreopt, it still goes through manifest_check
(unless dexpreopt is globally disabled or the module has no Java code).

This CL allows to have manifest_check and dexpreopt in the same makefile
(which is needed for a follow-up CL that will reuse dexpreopt variables
for manifest_check).

Bug: 132357300
Test: lunch cf_x86_64_phone-userdebug && m
Change-Id: Ia217cfc247ae43d8fc716bfc1fe9dcce1d00aa7f
2021-03-19 11:00:51 +00:00
Bowgo Tsai 27c39b0af2 Support GKI boot.img v4 signing
Commit I9967d06bde0e18a12b84b5b0b568db09765fe305 supports adding a
generic boot_signature into boot.img v4. This change allows replacing
the boot_signture signing key with a release key during the release
process.

The default GKI signing key can be specified in a BoardConfig.mk via:

  BOARD_GKI_SIGNING_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
  BOARD_GKI_SIGNING_ALGORITHM := SHA256_RSA2048
  BOARD_GKI_SIGNING_SIGNATURE_ARGS := --prop foo:bar

The release signing key/algorithm can be specified by the following options
when invoking sign_target_files_apks:

  --gki_signing_key=external/avb/test/data/testkey_rsa4096.pem
  --gki_signing_algorithm=SHA256_RSA4096

Additional arguments for generating the GKI signature can be
specified as below:

  --gki_signing_extra_args="--prop gki:prop1 --prop gki:prop2"

Bug: 177862434
Test: make dist
Test: sign_target_files_apks \
        --gki_signing_key=external/avb/test/data/testkey_rsa4096.pem \
        --gki_signing_algorithm=SHA256_RSA4096 \
        --gki_signing_extra_args="--prop gki:prop1 --prop gki:prop2" \
        ./out/dist/*-target_files-eng.*.zip signed.zip
Test: Checks GKI boot_signature is expected after signing:
      `unzip signed.zip IMAGES/boot.img`
      `unpack_bootimg --boot_img IMAGES/boot.img --out unpack`
      `avbtool info_image --image unpack/boot_signature`
Test: unit test: releasetools_test and releasetools_py3_test

Change-Id: I61dadbc242360e4cab3dc70295931b4a5b9422a9
2021-03-19 17:11:04 +08:00
Treehugger Robot 5dcd959a90 Merge "Define ro.board.first_api_level property" 2021-03-19 08:50:36 +00:00
Treehugger Robot 6a1722dddd Merge "Update size limit for madvising odex, vdex files" 2021-03-19 08:48:33 +00:00
Inseob Kim 19b0ef8949 Merge "Add sepolicy related variables" 2021-03-19 00:07:58 +00:00
Justin Yun 25dc5ea096 Merge "Define __ANDROID_VENDOR__ and __ANDROID_PRODUCT__" 2021-03-18 23:33:43 +00:00
Jagadeesh Pakaravoor 3a10cc5c11 Update size limit for madvising odex, vdex files
Update the size limit for madvising (MADV_WILLNEED)
odex and vdex files to 100MB.

Art file continues to be madvised fully, with a UINT_MAX limit.

Test: presubmit
Bug: 178853586
Change-Id: Ie46a0658bf30a6a9908ab30b28ce097e434e7e2d
2021-03-18 15:29:01 -07:00
Tianjie Xu c63bf0ad7a Merge "Check that sum of DAP groups is smaller than super" 2021-03-18 17:33:29 +00:00
Ulyana Trafimovich f0e648688a Merge "Add missing dependency on aapt." 2021-03-18 17:28:12 +00:00
Ulya Trafimovich 78d96e8742 Add missing dependency on aapt.
The missing dependency on AAPT did not cause build failures in AOSP,
because the build order happens to be such that AAPT is always built by
the time it's needed. But this is accidental and needs to be fixed.

Bug: 183010666
Bug: 132357300
Test: treehugger
Change-Id: I170e878bf36aafbdb93e9ba54faffd455d3e33c2
Merged-In: I8c78e48345bee5b77de41af03bdac77c402d04a1
2021-03-18 12:36:15 +00:00
Treehugger Robot 2245dee0d7 Merge "verity_utils.py is a standalone binary" 2021-03-17 23:37:04 +00:00
Yifan Hong 2b4d131e15 Merge "Add PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS to check_vintf_compatible_log" 2021-03-17 18:30:48 +00:00
Artur Satayev 398b995d74 Move allowed_deps.txt to packages/modules/common.
Bug: 179234385
Test: run update-apex-allowed-deps.sh locally
Change-Id: I6866e7a80bce03f991f5b99fb5182c91351cc311
Merged-In: I6866e7a80bce03f991f5b99fb5182c91351cc311
2021-03-17 15:49:01 +00:00
Janis Danisevskis 88a0602582 Keystore 2.0: Enable keystore2 by default
Bug: 170144267
Test: N/A
Merged-In: Id9f39dc5189b7eda4617328c41a4ac4d4e3af578
Change-Id: Id9f39dc5189b7eda4617328c41a4ac4d4e3af578
2021-03-17 08:47:55 -07:00
Inseob Kim a3ae471485 Add sepolicy related variables
Bug: 33691272
Test: build
Change-Id: Ifbcd2c49d6ecf6d7e69d6b95bace168eccd17f13
2021-03-17 18:04:56 +09:00
Jiyong Park b92b8f48fc verity_utils.py is a standalone binary
verity_utils.py gets an entry point and becomes a host binary. This is
to support signing images from the "bootimg" module type. Previously
this was done by directly invoking "avbtool" from the soong module, but
that required people to know the partition_size priori. The partition
size may not be known before actually building the partition image
especially when the partition is not for a physical partition but for a
partition in a composite image.

verity_utils.py, when the partition_size is not given, is capable of
calculating the mininum required partition size based on the size of the
unsigned input image file.

Bug: 180676957
Test: m microdroid_boot-5.10
Change-Id: I7bef292fb141c90899b7bdc0748895f95f964829
2021-03-17 16:28:16 +09:00
Justin Yun f39f080c80 Define ro.board.first_api_level property
When a device define BOARD_SHIPPING_API_LEVEL with an API level, it
sets a vendor property ro.board.first_api_level in vendor/build.prop.
This is for the GRF devices. Non-GRF devices must not define this
property.

Bug: 176950752
Test: getprop ro.board.first_api_level
Change-Id: I6921d7fe6acca3f73a5fd0fbaa3d4f1e9394541b
2021-03-17 15:00:23 +09:00
Tianjie 8ba4270e24 Check that sum of DAP groups is smaller than super
The maximum size of all dynamic partition groups should not exceed
the super size - DAP metadata size. Today the configuration of
some devices don't take the metadata into acount. So turn the CheckLe
into CheckLt.

Also, display a warning if the reserved size for DAP metadata is less
than 1M.

Bug: 182431975
Test: mm -j32 check-all-partition-sizes
Change-Id: Ie278f224321083e457d68da000c2b22ec8a54085
2021-03-16 22:13:13 -07:00
Treehugger Robot 69973f0aa1 Merge "Add "ktgrep" for Kotlin" 2021-03-16 19:26:42 +00:00
Colin Cross 67f1a24b87 Merge "Do not pack symbolic link instead copying" 2021-03-16 18:14:45 +00:00
Justin DeMartino 0f05976472 Merge "Allow extending of the list of directories to be scanned for VSDK" 2021-03-16 15:12:17 +00:00
Ulyana Trafimovich d3109e2514 Merge "Reimplement verify_uses_libraries.sh in manifest_check.py." 2021-03-16 13:37:03 +00:00
Taesu Lee ea0cecd9e4 Add "ktgrep" for Kotlin
New ktgrep is added and sgrep/treegrep also scan *.kt files.

Test: kgrep/sgrep/treegrep for Kotlin files.

Signed-off-by: Taesu Lee <taesu82.lee@samsung.com>
Change-Id: Ie615aa86c4958310785392f18ee7bddaf64706a9
2021-03-16 15:10:34 +09:00
Mitch Phillips 82a4cfb397 Merge "Add MTE ELF note to makefile-generated native tests." 2021-03-15 21:33:07 +00:00
Mitch Phillips 1a8405f827 Add MTE ELF note to makefile-generated native tests.
The MTE ELF note is intended to be added to all aarch64 test binaries.
This is already implemented for cc_test in soong, but we should also add
it to makefile-generated tests.

Bug: 156029370
Bug: 181133973

Test: atest CtsBionicTestCases on QEMU+MTE, observe previously-failing
      tests will now succeed.
Test: m camera_client_test; readelf -t <snip>/camera_client_test | grep
      memtag, make sure there's the elf note.

Change-Id: I2e7c4d1379ccdef04f05dd7aff675e6834d4799b
2021-03-15 10:45:05 -07:00
Ulya Trafimovich a2404510af Reimplement verify_uses_libraries.sh in manifest_check.py.
Previously there were two different scripts that did similar things:
1) build/soong/scripts/manifest_check.py
2) build/make/core/verify_uses_libraries.sh

Both scripts extracted <uses-library> tags and `targetSdkVersion` from
the manifests of Java modules, but 1) worked for XML manifests, and 2)
worked for APKs. This CL reimplements the functionality from 2) in 1),
so that one script can handle both XML manifests and APKs.

Bug: 132357300

Test: lunch cf_x86_64_phone-userdebug && m && launch_cvd \
      adb wait-for-device && adb root && adb logcat \
      | grep -E 'ClassLoaderContext [a-z ]+ mismatch'
      # empty grep output, no errors

Change-Id: I386aa1a37699182cdf6f3f94ef8aa7b96a4017d3
2021-03-15 13:50:57 +00:00
Justin Yun 69f7191d5d Define __ANDROID_VENDOR__ and __ANDROID_PRODUCT__
__ANDROID_VNDK__ is defined for the modules that are able to use the
VNDK libraries. As both product and vendor variants define
__ANDROID_VNDK__, we don't know if a module is built for vendor or
product on build time.

__ANDROID_VENDOR__ and __ANDROID_PRODUCT__ macros can be used to
specify the image-variant-dependent codes.

Bug: 180646847
Test: m nothing
Change-Id: I9a37607b1e1e4e16eab02fb6c96d1a92158c96b8
2021-03-15 18:17:35 +09:00
goodway.wang_cp 50acc66276 Do not pack symbolic link instead copying
Change-Id: I43f56276541addfd6063655e53f21fe483780bc1
Signed-off-by: goodway.wang_cp <sz755cp2369@gmail.com>
2021-03-15 17:13:50 +08:00
Treehugger Robot 4d71d70496 Merge "Enable madvising of odex, vdex and art files" 2021-03-13 02:13:52 +00:00
Devin Moore a74a5a19bf Merge "Add bootconfig to kernel cmdline when BOARD_BOOTCONFIG not empty" 2021-03-12 22:57:58 +00:00
Jagadeesh Pakaravoor bee9f1d3f7 Enable madvising of odex, vdex and art files
Enable madvsing odex, vdex and art files to MADV_WILLNEED by setting the
size limits to UINT32_MAX.

Test: presubmit
Bug: 178853586
Change-Id: I7647a4be214dcd43341f216aba0a7791f877e379
2021-03-12 13:20:09 -08:00
Justin DeMartino f15053ee39 Allow extending of the list of directories to be scanned for VSDK
Bug: 180925851
Test: m nothing, manually
Change-Id: I499f084f04e45eb719882be97e3a581ff868cc98
2021-03-12 19:38:14 +00:00
Treehugger Robot b7ade64e3f Merge "Trigger data wipe on spl-downgrade as well" 2021-03-12 18:50:38 +00:00