PlatformSepolicyVersion and BoardSepolicyVers haven't assigned correctly
so far. Below is the reason why it hasn't been discovered yet.
DeviceConfig.PlatformSepolicyVersion() was added to support mixed
sepolicy build (setting BOARD_SEPOLICY_VERS and building vendor sepolicy
with old plat policy files). Soong compares PlatformSepolicyVersion()
and BoardSepolicyVers(), and used old vendor sources if both are
different. Back then, the only place where such logic played a role was
selinux contexts. Test codes were running as intended: after setting
BOARD_SEPOLICY_VERS the context files were built against old policies.
But there were two mistakes:
1) PlatformSepolicyVersion() was not added to soong_config.mk, so it was
always empty.
2) BOARD_SEPOLICY_VERS was set to default in system/sepolicy/Android.mk,
which was processed after soong_config. So if BOARD_SEPOLICY_VERS was
not set in BoardConfig.mk, BoardSepolicyVers() was empty, not
PLATFORM_SEPOLICY_VERSION.
And there were no issues as Soong only checked equality.
To fix the issue correctly, this commit adds the variable
PlatformSepolicyVersion, and then handles BoardSepolicyVers correctly by
returning PlatformSepolicyVersion if it's empty.
Test: set BOARD_SEPOLICY_VERS and see vendor_file_contexts changes
Change-Id: I4e306ec1f5225094a39f0c8d94f5e7683d70d60e
These images are never used by GSI. Building them is a waste of resource
and a potential source of confusion, for they are packaged into the
*-img-*.zip of GSI. Skip building them.
Bug: 183068624
Test: "m dist" on GSI and check the build artifacts under OUT and DIST
directories, and check the contents of *-img-*.zip
Change-Id: Ic14cfdd10ed26d975b369ce128e4b284378219ef
If system and vendor are built separately, none of the two
builds contained kernel information. The process of extracting
kernel information shouldn't depend on system and vendor
builds, but on the existance of the kernel image.
With this change, one of system or vendor build may have
INSTALLED_KERNEL_IMAGE defined and the other has
PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS defined. The one
with INSTALLED_KERNEL_IMAGE defined will contain kernel information
in target files.
After target files are merged, check_target_files_vintf will kick
in to do the checks properly.
Test: forrest
Bug: 180475190
Change-Id: I8d887dd94e1171ab277f02f25534caf098e3faae
Compatibility library "android.hidl.manager-V1.0-java" should go
before "android.hidl.base-V1.0-java" in class loader context for
dexpreopt, because this is the order used by PackageManager when it
constructs class loader context on device.
This allows to avoid "ClassLoaderContext classpath element mismatch"
errors on first boot for Calendar and messaging apps, which have old
enough targetSdkVersion to need HIDL compatibility libraries. Previously
the errors were masked because these apps used the deprecated
&-classpath hack.
Bug: 132357300
Test: lunch aosp_cf_x86_64_phone-userdebug && m && launch_cvd \
adb wait-for-device && adb root && adb logcat \
| grep -E 'ClassLoaderContext [a-z ]+ mismatch'
# empty grep output, no errors
Change-Id: Ibde9a4578cd86b85a9e7f11d8752716b6567e51e
Java modules that are defined in makefiles are not processed in
topological order, so it is necessary to communicate information from
dependencies via dexpreopt.config files. This has already been done in
make/core/dex_preopt_config_merger.py, and now manifest_check.py also
needs to get library names from their dexpreopt.config files.
This is to accommodate Java libraries which name differs from their
modules name. Soong properties `uses_libs`/`optional_uses_libs` and
makefile vars `LOCAL_USES_LIBRARIES`/`LOCAL_OPTIONAL_USES_LIBRARIES`
contain module names, not library names, so it is necessary to translate
them when comparing against library names in the manifest.
Bug: 132357300
Test: lunch cf_x86_64_phone-userdebug && m
Change-Id: I769b508a927d87a5ffbabf9aa45eebfb954b8bd2
Move manifest_check (a.k.a. verify_uses_libraries check) from makefiles
for specific module types to common makefile dex_preopt_odex_install.mk,
which is included by all Java modules that may require dexpreopt. If a
modules locally disables dexpreopt, it still goes through manifest_check
(unless dexpreopt is globally disabled or the module has no Java code).
This CL allows to have manifest_check and dexpreopt in the same makefile
(which is needed for a follow-up CL that will reuse dexpreopt variables
for manifest_check).
Bug: 132357300
Test: lunch cf_x86_64_phone-userdebug && m
Change-Id: Ia217cfc247ae43d8fc716bfc1fe9dcce1d00aa7f
Commit I9967d06bde0e18a12b84b5b0b568db09765fe305 supports adding a
generic boot_signature into boot.img v4. This change allows replacing
the boot_signture signing key with a release key during the release
process.
The default GKI signing key can be specified in a BoardConfig.mk via:
BOARD_GKI_SIGNING_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
BOARD_GKI_SIGNING_ALGORITHM := SHA256_RSA2048
BOARD_GKI_SIGNING_SIGNATURE_ARGS := --prop foo:bar
The release signing key/algorithm can be specified by the following options
when invoking sign_target_files_apks:
--gki_signing_key=external/avb/test/data/testkey_rsa4096.pem
--gki_signing_algorithm=SHA256_RSA4096
Additional arguments for generating the GKI signature can be
specified as below:
--gki_signing_extra_args="--prop gki:prop1 --prop gki:prop2"
Bug: 177862434
Test: make dist
Test: sign_target_files_apks \
--gki_signing_key=external/avb/test/data/testkey_rsa4096.pem \
--gki_signing_algorithm=SHA256_RSA4096 \
--gki_signing_extra_args="--prop gki:prop1 --prop gki:prop2" \
./out/dist/*-target_files-eng.*.zip signed.zip
Test: Checks GKI boot_signature is expected after signing:
`unzip signed.zip IMAGES/boot.img`
`unpack_bootimg --boot_img IMAGES/boot.img --out unpack`
`avbtool info_image --image unpack/boot_signature`
Test: unit test: releasetools_test and releasetools_py3_test
Change-Id: I61dadbc242360e4cab3dc70295931b4a5b9422a9
Update the size limit for madvising (MADV_WILLNEED)
odex and vdex files to 100MB.
Art file continues to be madvised fully, with a UINT_MAX limit.
Test: presubmit
Bug: 178853586
Change-Id: Ie46a0658bf30a6a9908ab30b28ce097e434e7e2d
The missing dependency on AAPT did not cause build failures in AOSP,
because the build order happens to be such that AAPT is always built by
the time it's needed. But this is accidental and needs to be fixed.
Bug: 183010666
Bug: 132357300
Test: treehugger
Change-Id: I170e878bf36aafbdb93e9ba54faffd455d3e33c2
Merged-In: I8c78e48345bee5b77de41af03bdac77c402d04a1
verity_utils.py gets an entry point and becomes a host binary. This is
to support signing images from the "bootimg" module type. Previously
this was done by directly invoking "avbtool" from the soong module, but
that required people to know the partition_size priori. The partition
size may not be known before actually building the partition image
especially when the partition is not for a physical partition but for a
partition in a composite image.
verity_utils.py, when the partition_size is not given, is capable of
calculating the mininum required partition size based on the size of the
unsigned input image file.
Bug: 180676957
Test: m microdroid_boot-5.10
Change-Id: I7bef292fb141c90899b7bdc0748895f95f964829
When a device define BOARD_SHIPPING_API_LEVEL with an API level, it
sets a vendor property ro.board.first_api_level in vendor/build.prop.
This is for the GRF devices. Non-GRF devices must not define this
property.
Bug: 176950752
Test: getprop ro.board.first_api_level
Change-Id: I6921d7fe6acca3f73a5fd0fbaa3d4f1e9394541b
The maximum size of all dynamic partition groups should not exceed
the super size - DAP metadata size. Today the configuration of
some devices don't take the metadata into acount. So turn the CheckLe
into CheckLt.
Also, display a warning if the reserved size for DAP metadata is less
than 1M.
Bug: 182431975
Test: mm -j32 check-all-partition-sizes
Change-Id: Ie278f224321083e457d68da000c2b22ec8a54085
New ktgrep is added and sgrep/treegrep also scan *.kt files.
Test: kgrep/sgrep/treegrep for Kotlin files.
Signed-off-by: Taesu Lee <taesu82.lee@samsung.com>
Change-Id: Ie615aa86c4958310785392f18ee7bddaf64706a9
The MTE ELF note is intended to be added to all aarch64 test binaries.
This is already implemented for cc_test in soong, but we should also add
it to makefile-generated tests.
Bug: 156029370
Bug: 181133973
Test: atest CtsBionicTestCases on QEMU+MTE, observe previously-failing
tests will now succeed.
Test: m camera_client_test; readelf -t <snip>/camera_client_test | grep
memtag, make sure there's the elf note.
Change-Id: I2e7c4d1379ccdef04f05dd7aff675e6834d4799b
Previously there were two different scripts that did similar things:
1) build/soong/scripts/manifest_check.py
2) build/make/core/verify_uses_libraries.sh
Both scripts extracted <uses-library> tags and `targetSdkVersion` from
the manifests of Java modules, but 1) worked for XML manifests, and 2)
worked for APKs. This CL reimplements the functionality from 2) in 1),
so that one script can handle both XML manifests and APKs.
Bug: 132357300
Test: lunch cf_x86_64_phone-userdebug && m && launch_cvd \
adb wait-for-device && adb root && adb logcat \
| grep -E 'ClassLoaderContext [a-z ]+ mismatch'
# empty grep output, no errors
Change-Id: I386aa1a37699182cdf6f3f94ef8aa7b96a4017d3
__ANDROID_VNDK__ is defined for the modules that are able to use the
VNDK libraries. As both product and vendor variants define
__ANDROID_VNDK__, we don't know if a module is built for vendor or
product on build time.
__ANDROID_VENDOR__ and __ANDROID_PRODUCT__ macros can be used to
specify the image-variant-dependent codes.
Bug: 180646847
Test: m nothing
Change-Id: I9a37607b1e1e4e16eab02fb6c96d1a92158c96b8
Enable madvsing odex, vdex and art files to MADV_WILLNEED by setting the
size limits to UINT32_MAX.
Test: presubmit
Bug: 178853586
Change-Id: I7647a4be214dcd43341f216aba0a7791f877e379