This enables verification of APKs which are served to a specific
range of Android platform versions, or to replicate behavior of
particular platform versions.
Bug: 27461702
Change-Id: I44ab4c99419eb97d72c4ccd109137fe1efda577d
We're moving the platform/build repository down a level, then symlinking
the directories and necessary files back into build/. So if we're still
in build/, keep searching for Android.mk files, otherwise stop, since
they'll be found through the symlinks.
Bug: 28001743
Change-Id: Ieea6e3b1fca265b548395c6af148ebb4efa43b0f
There's only a single library, libhost, and it's only used by acp and
atree in build/tools, move it there.
Bug: 28001743
Change-Id: Ie404d2793710de4e265a6fa95d462c32d4042623
This addresses the TODO to mimic the behavior of Android when
verifying APK JAR signatures. Unfortunately, the behavior of Android
kept changing in interesting ways between different platform versions.
This is hard-coded as a big lookup.
Bug: 27461702
Change-Id: I49bc181ee05f774ef8ee041af870385b35212c23
update_engine now accepts POWERWASH=1 to schedule a factory reset in
the post-install phase. Hook up with the --wipe_user_data flag in the
OTA script.
Bug: 28700985
Change-Id: Ie73876a61db90d124d2af588d674757376e9aabc
(cherry picked from commit 38ca0be399)
Modules built against the NDK should only link against modules also
built against the NDK (or link to the NDK prebuilts). This patch
attempts to catch these cases, and prints a large warning when this is
violated. Once the tree is cleaned up, this will change to an error.
Change-Id: Ib6ffcc38d9161abdbe45a58af26ba429fb6f1876
Kati only supports a single use of --no_ignore_dirty, so we were
ignoring the SOONG_ANDROID_MK file, and only detecting changes to
SOONG_MAKEVARS_MK. Fix this by using a pattern that should apply to both
of those makefiles.
Change-Id: I46390f9887f95f1db0efe4e93339667f35ebc67c
Instead of specifying character encoding by name, the faster, cleaner,
and safer way is to use StandardCharsets.UTF_8.
Bug: 27461702
Change-Id: I897284d3ceeb44a21cc74de09a9b25f6aec8c205
For acp, we've been using an old prebuilt in prebuilts/sdk, but it's not
part of the SDK. Instead, we'll use a prebuilt in the build-tools
repository.
For ijar, we've been using the host libstdc++ to workaround the lack of
libc++ on some unbundled branches. Instead, use a prebuilt that can use
libc++.
For ziptime, we've been disabling it on unbundled branches, due to the
lack of libc++. Instead, use a prebuilt version of ziptime that can use
the prebuilt libc++.
Change-Id: If80f845ea06f76e3fe6765964e77c864eaf303d0
This switches PKCS#7 SignedData generation code from Bouncy Castle to
OpenJDK's proprietary internal API. This is to avoid depending on a
huge library that's not really needed. In the longer term, it's best
to add our own implementation of PKCS#7 SignedData building, parsing,
and verification. This will give the code more power to mimic what the
Android platform does.
Bug: 27461702
Change-Id: I29f1ceea1293e35424fde69c0f2969d551345100
This replaces the less general DataSink which outputs into a
ByteArrayOutputStream with a more general DataSink which outputs into
an OutputStream.
Bug: 27461702
Change-Id: I9467f38c41f586b71f35edb3602fd6e57153184f
We recently moved Brillo verified boot from system/bvb to external/bvb
so update the path accordingly.
TEST=Build with 'BOARD_BVB_ENABLE := true' succeeds.
BUG=29099910
Change-Id: I66f3b90e23d6b2afc09f81af571ede7b573325e9
26f00cda4b introduced a bug where an
APK entry's extra field is padded for alignment purposes when no
padding is necessary because the entry is aligned without any padding
bytes.
Bug: 27461702
Change-Id: Icb164dbaa26d9686412e2920318a9f40c5ce9751
This patch uses subprocess.communicate instead of subprocess.wait to
prevent deadlock if any of the child processes outputs too much data,
and redirects the subprocess output to stdout when running in verbose
mode.
With this patch `ota_from_target_files -v` prints the delta_generator
output in stdout, and no output if '-v' is not passed.
Bug: None
TEST=ota_from_target_files -v ...
Change-Id: Id66e4f3360a6f91d61a3ce96d53afbccdaa19da5
The goldfish_setup shell script needs the ability to execute
the shell script interpreter. Allow it.
Addresses the following denial:
avc: denied { getattr } for pid=1220 comm="init.goldfish.s"
path="/system/bin/sh" dev="vda" ino=442 scontext=u:r:goldfish_setup:s0
tcontext=u:object_r:shell_exec:s0 tclass=file permissive=0
(cherrypicked from commit 501c88c029)
Bug: 28941573
Change-Id: I22d26e90f107c8d801229354a5e0513c37e6c31d
This adds the ApkVerifier class which verifies APKs using APK
Signature Scheme v2 only. In a follow-up commit this class will be
extended to verify APKs using JAR signature scheme when necessary.
The APK verifier is designed to not just verify an APK, but also
report errors, warnings, and information about signers in a structured
way, to enable tools to surface this information to users in various
ways.
Bug: 27461702
Change-Id: I10c6ba436021d86b6dbf6d3cf44494652adacb66
LOCAL_LDLIBS was the only correct way to use NDK libraries, but few used
it correctly. It also often got confused with LOCAL_LDFLAGS, so move the
flags to the correct variable.
For binaries that weren't using the NDK (empty LOCAL_SDK_VERSION), it
was never valid to use LOCAL_LDLIBS, as dependencies would not be
properly set up, and could lead to random build failures. So convert any
-l linker flags to using LOCAL_SHARED_LIBRARIES automatically.
For binaries built using the NDK (LOCAL_SDK_VERSION set), they were
required to use LOCAL_LDLIBS for prebuilt NDK libraries, otherwise they
would get headers and dependencies to the platform versions. Any
non-prebuilt LOCAL_LDLIBS would miss dependencies. So move the NDK
prebuilt libraries to LDLIBS from SHARED_LIBRARIES, and move everything
else to SHARED_LIBRARIES.
So now, for device modules, LOCAL_SHARED_LIBRARIES should always be
used, and we'll do the right thing. LOCAL_LDLIBS should only be used for
host libraries from the system.
Change-Id: Ide34c7afdcfb6507a378d45a42471729e489a9e0
