product_services partition is designed for the test purpose only. It
must not be included in the target devices.
Bug: 134359158
Test: Build configuration for product_services partition must return
error message.
Change-Id: I6f8cdf73d18ad3174c7b31edb5d5ee10df75a776
This CL changes the condition for building super_empty.img from
PRODUCT_BUILD_SUPER_PARTITION to PRODUCT_USE_DYNAMIC_PARTITIONS, as a
follow-up to the change in [1].
With the CL in [1], it skips building super.img and super_empty.img both
when turning off PRODUCT_BUILD_SUPER_PARTITION. However, the latter
should be mandatory whenever dynamic partitions is enabled. Because
fastboot relies on this file to properly flash dynamic partitions. Plus,
the cost for building super_empty.img is much lower than the one for
super.img.
As part of the change, it'll write group info into target_files when
building with PRODUCT_BUILD_SUPER_PARTITION == false. It's the work for
target_files merging script to determine the values to be picked up. The
current logic in merge_target_files.py always uses the one from vendor
target_files. This CL adds a testcase to ensure the behavior.
[1] https://android-review.googlesource.com/c/platform/build/+/928756
Bug: 135752763
Test: `m dist` with a target that sets PRODUCT_BUILD_SUPER_PARTITION to
false. Check the built artifacts contain super_empty.img. Verify
that the build can be flashed properly.
Change-Id: I277f087eab45663a6c3b33333d16e9e576c1c25c
Merged-In: I277f087eab45663a6c3b33333d16e9e576c1c25c
(cherry picked from commit 48a2feb670)
Previously, setting PRODUCT_BUILD_SUPER_PARTITION to false for a partial
build (with PRODUCT_USE_DYNAMIC_PARTITIONS == true) would fail to
include necessary keys in misc_info.txt that are required when merging
two partial builds to create a dynamic-partition-enabled mixed build.
This change ensures these necessary keys are included even when
PRODUCT_BUILD_SUPER_PARTITION is false. Setting
PRODUCT_BUILD_SUPER_PARTITION to false causes partial builds to skip
building super.img and super_empty.img, instead relying on these images
to come from the final merged build.
Bug: 135752763
Bug: 134764140
Test: Building & booting a dynamic-partition-enabled mixed build, and
inspecting partial builds' logs / out folder to ensure that
super.img/super_empty.img were not created.
Change-Id: I99431a9a342e9b0617510e250597f3024ef39322
Merged-In: I99431a9a342e9b0617510e250597f3024ef39322
(cherry picked from commit 0bf940cace)
BOARD_SUPER_PARTITION_ERROR_LIMIT can be set by OEMs to cause a
build failure when the sum of sizes of logical partitions exceeds the same.
It is set to BOARD_SUPER_PARTITION_SIZE by default.
Bug: 133329143
Test: mmm -j32
Change-Id: Ief85c9ab3e3b9d071cd22b70e13b5c64bb784b9c
Merged-In: Ief85c9ab3e3b9d071cd22b70e13b5c64bb784b9c
(cherry picked from commit 219b6294dc)
BOARD_SUPER_PARTITION_WARN_LIMIT can be set by OEMs to print
a warning when the sum of sizes of logical partitions exceed the same.
It is set to 95% of BOARD_SUPER_PARTITION_SIZE by default.
Bug: 133329143
Test: mmm -j32
Change-Id: I7d3bedd970a92be60991898e436f63d914359301
Merged-In: I7d3bedd970a92be60991898e436f63d914359301
(cherry picked from commit 6fab18a7eb)
When using Verified Boot 2.0, releasetools specifies a salt value based
on build fingerprint, so that to give idempotent images.
However, the change that removed static `ro.build.fingerprint` [1] broke
the behavior, as common.LoadInfoDict still relies on fingerprints.
Without a fixed salt, the first call to make_recovery_patch.py and the
second one (which writes IMAGES/{boot,recovery}.img) will see different
images, which leads to install-recovery.sh failure.
Note that currently there's a dependency that requires getting bootable
images through two separate calls. make_recovery_patch.py has to happen
first to get (placeholder) files in the system image. We then generate
canned fs_config files, and finally use add_img_to_target_files.py to
write the images.
This CL adds a quick workaround to force rebuilding the
recovery-from-boot patch while calling add_img_to_target_files.py.
[1] https://android-review.googlesource.com/c/platform/build/+/892933
Bug: 134123803
Bug: 134525174
Test: TreeHugger
Test: Build a non-A/B target that uses AVB. Run validate_target_files.py
on the generated target_files.zip.
Change-Id: I5859e30be63bfd54398cf41fd2d907f15285f560
Merged-In: I5859e30be63bfd54398cf41fd2d907f15285f560
(cherry picked from commit 4978fa99d1)
The current solution expects BOARD_PREBUILT_DTBIMAGE_DIR to
contain prebuilt DTB files that are concatenated by the build system
to create $OUT/dtb.img. In order to accommodate devices that build
the dtb image locally, when BOARD_PREBUILT_DTBIMAGE_DIR is undefined,
make boot.img creation depend only on $OUT/dtb.img.
Bug: 133161451
Test: Build with BOARD_PREBUILT_DTBIMAGE_DIR undefined and verify
using unpack_bootimg.py that $OUT/dtb.img was included in boot.img.
Change-Id: Iae2c634ccdc1d83589b26d382882f75fb8565a31
Merged-In: Iae2c634ccdc1d83589b26d382882f75fb8565a31
In device root directory, we have the following symlinks:
- /odm/app -> /vendor/odm/app
- /odm/bin -> /vendor/odm/bin
- /odm/etc -> /vendor/odm/etc
...
This allows the Generic System Image (GSI) to be used on both devices:
1) Has a physical odm partition, where those symlink will be hidden
when /odm is used as the mount point
2) Has no physical odm partition and fallback to /vendor/odm/.
We can't just have the symlink /odm -> /vendor/odm, because the former
devices won't have /vendor/odm directory, which leads to mount failure
when the mount point /odm is resolved to /vendor/odm.
The existing /vendor/odm/build.prop won't be loaded in the latter
devices, because there is no symlink:
- /odm/build.prop -> /vendor/odm/build.prop.
Note that init blocks reading through direct symlinks (O_NOFOLLOW) so
the above symlink won't work either. This CL moves the odm build.prop
to /odm/etc/build.prop for init to load it (symlinks in earlier
components of the path will still be followed by O_NOFOLLOW).
Bug: 132128501
Test: boot a device and checks /odm/etc/build.prop is loaded
Test: make dist with an odm.img, checks $OUT/odm/etc/build.prop is loaded
Change-Id: I6f88763db755c9ec6068bfdd9cee81c19d72e9d7
Merged-In: I6f88763db755c9ec6068bfdd9cee81c19d72e9d7
(cherry picked from commit 6c62884000)
os_version is important for keymaster version binding, where it
refuses to perform operations with a key that is bound to an old
system version. This ensures that an attacker who discovers a
weakness in an old version of system or TEE software cannot roll a
device back to the vulnerable version and use keys created with the
newer version.
Previously, os_version for system.img is added into boot.img header
for bootloader to read the value then pass to TEE before booting the
HLOS. However, with project Treble to modularize each partition, all
images are now in the trajectory to be built independently (still
on-going). Also, in the Generic System Image (GSI) compliance test,
the os_version in OEM's boot.img cannot reflect the actual version of
GSI.
This CL adds per-partition os_versions into AVB metadata, which is
readable by bootloader via libavb without file system dependency. It's
still unclear for how os_version in non-system partition should be used.
We just add them for completeness here.
See more details in:
https://source.android.com/security/keystore/version-binding
Bug: 132233601
Test: build and avbtool info_image $OUT/vbmeta.img
- Prop: com.android.build.boot.os_version -> '10'
- Prop: com.android.build.system.os_version -> '10'
- Prop: com.android.build.system.security_patch -> '2019-06-05'
- Prop: com.android.build.vendor.os_version -> '10'
- Prop: com.android.build.vendor.security_patch -> '2019-06-05'
- Prop: com.android.build.product.os_version -> '10'
- Prop: com.android.build.product.security_patch -> '2019-06-05'
Change-Id: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
Merged-In: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
(cherry picked from commit 9b54801b58)
Should be in product_config.mk, before the variables are readonly'd, or
the default will fail to work.
(cherry picked from commit 269dd013a5)
Bug: 131576555
Test: set PRODUCT_SHIPPING_API_LEVEL := 29 in mainline_arm64.mk && lunch
Change-Id: I25faee7ec0a3fff17e1d08b834d868834effda36
Merged-In: I25faee7ec0a3fff17e1d08b834d868834effda36
This reverts commit 842119ab3a.
Reason for revert: Rolling forward for Q-Finalization
Bug: 129975435
Bug: 129943426
Test: Build
Change-Id: I651e3ec68a765d3867be5341751cd536ccbe604a
Bug: 132197773
Test: property present in vendor/build.prop
Currently, the property resides in product partition which gets
overwritten by the GSI image. Moving it to vendor will ensure
that the property is set even when a GSI image is flashed on the device.
Change-Id: I4d4a3c473194e15ba124a121f89bbb3ec1a73d19
Merged-In: I4d4a3c473194e15ba124a121f89bbb3ec1a73d19
TARGET_FLATTEN_APEX and ro.apex.updatable cannot be independently set.
For a device where updating APEXes is not supported, ro.apex.updatable
should not be set (or set to false) and TARGET_FLATTEN_APEX should be
set to true. For APEX-supporting devices, it is the opposite;
ro.apex.updatable == true and TARGET_FLATTEN_APEX is false (or not set).
To ensure this relationship, TARGET_FLATTEN_APEX is by default set to
true, and overridden to false when updatable_apex.mk is inherited.
Bug: 130623080
Test: choosecombo to Pixels 2 and later; get_build_var
TARGET_FLATTEN_APEX returns false.
choosecombo to the original Pixel and other non-Pixel targets;
get_build_var TARGET_FLATTEN_APEX returns true.
choosecombo to the cuttlefish; get_build_var TARGET_FLATTEN_APEX
returns false
Change-Id: Id73a594dd9838457e68e2793122592c11a84fc83
When /boot partition is chained in AVB signing, libavb will try to
read AVB footer from the end of /boot partition, even if the device is
unlocked. However, this makes device unbootable when the unsigned
boot-debug.img is flashed on /boot partition. This CL uses a test key
from external/avb to sign the boot-debug.img if /boot partition is
chained.
Bug: 126493225
Bug: 129508966
Test: Enables chain partition for boot.img, `make bootimage_debug` then
checks `avbtool info_image --image $OUT/boot-debug.img`
Test: `make bootimage_debug-nodeps`
Test: boot a device with a chained boot-debug.img
Change-Id: I870cb70c70b7d4d7a30b77bed58cbca6e007d5e3
Merged-In: I870cb70c70b7d4d7a30b77bed58cbca6e007d5e3
(cherry picked from commit 26b0a26e3e)
This reverts commit 5e0226b816.
Reason for revert: QT SDK Finalization. Will be merged again on/after May 13th
Bug: 129975435
Change-Id: Ia3693b2a4907c4ca9be56cfe18fda35b8545abba
Non-installable, non-library modules can still have notice files
attached if they are bundled in an apex module, in which case the
current make setting would generate an error. This change makes it just
ignore them silently if the module is ETC. Other classes will still
trigger an error.
Bug: 130138217
Test: manual build + TreeHugger
Merged-In: Ic7931f990369f744c8de62956a1a0a9c0451d6ab
Change-Id: Ic7931f990369f744c8de62956a1a0a9c0451d6ab
(cherry picked from commit dca3186b84)
The only copy needed is the one in the Conscrypt APEX.
Bug: 123925742
Test: m
Change-Id: Ieea8549d047750cf3580d6fe0204fdf55b6b8394
Merged-In: Ieea8549d047750cf3580d6fe0204fdf55b6b8394
When set, product-img-tag.zip contains super.img instead of individual
user images from target files. For virtual devices, super.img is needed
to boot the device, but individual user images aren't needed.
Test: on A/B DAP, with flag set:
- m updatepackage and look at img.zip
- img_from_target_files
both have super.img and not system / vendor / system_other
Test: on non-A/B DAP, with the flag set:
- m updatepackage and look at img.zip
- img_from_target_files
both have super.img and not system / vendor
Test: on A/B retrofit, with the flag set:
- m updatepackage and look at img.zip
- img_from_target_files
both have super_*.img and system_other.img, but not system / vendor
Bug: 113175337
Change-Id: I94e33091d0c837cae40776176b4dcfdd338aba90
(cherry picked from commit 0e97dbb8ca)
Merged-In: I94e33091d0c837cae40776176b4dcfdd338aba90
If set to true,
- super.img is built from images in $PRODUCT_OUT
- super.img is built to $PRODUCT_OUT
- super.img is built when 'make'.
'make dist' still builds super image from images in target files to
intermediates directory.
This flag is useful for virtual devices, but isn't intended to be set for
actual devices. For actual devices, userspace fastboot should flash
super_empty.img and individual user images separately.
Test: on cuttlefish (flag is set),
make # generates $OUT/super.img
make superimage # generates $OUT/super.img
Test: on real non-retrofit DAP device (flag is not set)
make # no super.img is generated
make superimage # generates $OUT/obj/PACKAGING/.../super.img
make dist # generates out/dist/super.img
Bug: 113175337
Change-Id: Ieb81e4fbb663bb4b69e9962c3fa9f16b03aeb907
(cherry picked from commit acd862aed3)
Merged-In: Ieb81e4fbb663bb4b69e9962c3fa9f16b03aeb907
For enabling per product configuration of resolving startup
const strings.
Bug: 130217075
Bug: 131310042
Test: make
Change-Id: I51cb8931b915a710ab584f954b7a99c7a651d914
These were added as part of http://r.android.com/731514, but
most of these properties make no sense for the bootimage. Revert
to only defining date, date.utc and fingerprint.
Bug: 131066061
Test: inspect vendor/build.prop
Test: boot, no SELinux warnings for removed props
Change-Id: Ibbeff9870a5b71e83c2cceeb1327b12600077b23
Merged-In: Ibbeff9870a5b71e83c2cceeb1327b12600077b23
- Rename framework_manifest.xml to system_manifest.xml since that's more accurate.
- Add product_manifest.xml to base_product.mk
- Add product_manifest.xml to verified_assembled_framework_manifest.xml to check
it at build time.
Bug: 126770403
Bug: 130714844
Bug: 80547152
Test: build and inspect output
Test: lshal
Change-Id: I1b447d8c36f72768e28e9bcaa4d06afdeba08c2a
Merged-In: I1b447d8c36f72768e28e9bcaa4d06afdeba08c2a
Some targets have ramdisk.img but no boot.img, howerver,
ramdisk-debug.img only depends on boot.img. Fix this by making
ramdisk-debug.img depends on ramdisk.img.
Bug: 126493225
Test: make ramdisk_debug
Change-Id: I65120a3b3372712fafc26442354ee031eede0bd3
Merged-In: I65120a3b3372712fafc26442354ee031eede0bd3
(cherry picked from commit c3e8cc9bd1)
In some build targets, e.g., aosp_arm64_ab, $OUT/ramdisk is an empty
dir, and leads to rsync $OUT/ramdisk/* failure. Removing the trailing
asterisk to avoid throwing an error if it's empty. Note that the
trailing slash still needs to be kept to avoid creating an additional
directory level at the destination.
Bug: 126493225
Test: `make ramdisk_debug` on aosp_arm64_ab
Test: flash boot-debug.img on crosshatch still can adb root
Change-Id: I44937324379fa78fc26a4471ba94eb7694911c2d
(cherry picked from commit 85f292939647fb9bd659a6a5deebd3f07dd3a079)
The two new debugging images adds additional files based on
boot.img and ramdisk.img/ramdisk-recovery.img, respectively.
File /force_debuggable is to trigger special logic in /init to load an
userdebug version of sepolicy and an additional property file from this
ramdisk to allow adb root, if the device is unlocked.
It's intentional to skip signing for boot-debug.img, as it can
only be used if the device is unlocked, where verification error
is allowed.
Those debugging images allows adb root on user build
system.img, vendor.img, product.img, etc. This can facilitate more
automated testings on user builds and is helpful to narrow down the
delta between what's being tested v.s. what's being shipped.
Bug: 126493225
Test: `make dist`, checks both boot-debug.img and ramdisk-debug.img
are in $OUT/ and out/dist.
Test: `make dist`, checks installed-files-ramdisk-debug.{json,txt} are
in out/dist.
Test: `system/core/mkbootimg/unpack_bootimg.py --boot_img $OUT/boot-debug.img`,
checks the extracted out/ramdisk is as expected
Test: Run `gunzip -c ramdisk | cpio -idm` for the ramdisk extracted from
$OUT/boot-debug.img and $OUT/boot.img, respectively.
Then compare the root dirs of both, e.g.,
`diff -rq --no-dereference ./ramdisk ./ramdisk-debug`
Test: `make ramdisk_debug-nodeps` and `make bootimage_debug-nodeps`
Change-Id: I30137c3caef91805d9143d404e5e4d06c0fccc30
Merged-In: I30137c3caef91805d9143d404e5e4d06c0fccc30
(cherry picked from commit 0013f55ef4)
Use codename.fingerprint format for targetSdkVersion if it is unset
in the manifest and UNBUNDLED_BUILD_TARGET_SDK_WITH_API_FINGERPRINT=true.
Test: manual
Bug: 130541924
Change-Id: Ie748d1963ff6f525f8d9e551b73846c3e1c7f9a2
Merged-In: Ie748d1963ff6f525f8d9e551b73846c3e1c7f9a2
(cherry picked from commit d60401a59b)
Add all the boot image files necessary of offline inspection and
compilation in a single zip file (boot.zip).
This replaces the previous boot_profiles_jars.zip which contained only the
jar files.
Bug: 130376456
Test: m dist
Change-Id: I25b0c03ee9e7a2c2ff25db406656ce79baff5a46
Merged-In: Ib71c4fcc0d451570d0bb0584745487c54f884fd9
(cherry picked from commit 3dfae3f149)
Bug: 130787336
Test: m oemaids_header_gen oemaids_headers passwd group
Test: Set TARGET_FS_CONFIG_GEN to a list of paths
Change-Id: I5186b378fea8865f46cfd891420ba576f36e2565
Merged-In: I5186b378fea8865f46cfd891420ba576f36e2565
(cherry picked from commit 7f25f2aed9)
Running appcompat is missing a dependency on aapt/aapt2. There
is no need to switch between aapt and aapt2, so always use aapt2
and add the missing dependency.
Fixes: 130575935
Test: treehugger
Change-Id: If32c03410fbdb3945bf20f7405de13dc8cd83038
Merged-In: If32c03410fbdb3945bf20f7405de13dc8cd83038
(cherry picked from commit a0d89b994f)
Core platform API violation reporting is disabled by default and can be
enabled by setting the persist.debug.dalvik.vm.core_platform_api_policy
property. Set it to "just-warn" for non-user builds and leave disabled
on user builds.
Test: builds, boots
Bug: 125701194
Change-Id: I2f4be42373de9fdbc71c3178de6d34e07809f13a
Merged-In: I2f4be42373de9fdbc71c3178de6d34e07809f13a
(cherry picked from commit f5b3fc854f)
Export more config values to Soong that will be use dto generate
robolectric's build.prop.
Bug: 122331577
Test: m checkbuild
Change-Id: I1e9dd165772a071cf78927b3bf1e29e01290a42e
assert-max-image-size doesn't make sense for
dynamic partitions, as build_image.py always find the
right size for the output image. Hence:
- build_image.py no longer need to write generated_*_info.txt
(which contains the size of the image).
- assert-max-image-size on the static BOARD_*IMAGE_PARTITION_SIZE. If
a partition is dynamic, that variable isn't set, and
assert-max-image-size becomes a no-op. If the partition is static,
assert-max-image-size checks the static partition size as it used
to be.
- Fix read-size-of-partitions to use the size of the partition by
reading the image directly (instead of using generated_*_info.txt).
For devices without AVB, with DAP enabled, and does not have
RESERVED_SIZE for partitions, because of right sizing, the original
code always warns about approaching size limits. Since such checks
doesn't make sense for dynamic partitions, remove them.
Test: builds on device with dynamic partitions
Test: builds on cuttlefish with DAP enabled (without AVB), no
more size limit warnings:
WARNING: out/target/product/vsoc_x86/vendor.img approaching size limit (X now; limit X)
This reverts commit 6e099095d1.
Reason for revert: reland the CL
Bug: 122377935
Test: build blueline_mainline
Change-Id: Iee594b64e687decff186c0fa60f82b88608febe9
Merged-In: Iee594b64e687decff186c0fa60f82b88608febe9
Reason for revert: size check is removed for devices
with dynamic partitions because it doesn't make sense.
Bug: 122377935
Bug: 120043292
Bug: 124489494
Test: build cuttlefish
This reverts commit accf09b2e0.
Change-Id: I289faf11a08acbcef36924eb747a15f55124ce79
Merged-In: I289faf11a08acbcef36924eb747a15f55124ce79
So that we actually respect different LOCAL_REQUIRED_MODULES for the
host and device versions instead of unioning them. That got particularly
problematic when LOCAL_SHARED_LIBRARIES is implicitly added to
LOCAL_REQUIRED_MODULES. We also used to walk through device-only modules
when filling out the list of required modules, which triggered even more
extra installations.
This also changes the requirements for PRODUCT_HOST_PACKAGES so that it
no longer accepts target-only phony modules (since we can now
differentiate them). They were all removed in previous patches.
Bug: 123925742
Fixes: 129719937
Test: treehugger; diff resulting builds
Test: diff list of product_target_FILES and product_host_FILES
Change-Id: I2ed8950320d31f5693323ad8cef6ec5b6780b7d4
Merged-In: I2ed8950320d31f5693323ad8cef6ec5b6780b7d4
(cherry picked from commit 8e96a794ac)
This change moves the ro.build.require.* props extracted from
TARGET_BOARD_INFO_FILE to vendor/build.prop as opposed to
system/build.prop. These typically contain what bootloader and
baseband the build requires, which are very device-specific.
Bug: 130025216
Test: make, inspect props
Test: flash blueline
Change-Id: I48642485bdc853884d465d1fe00f2ceae69a4736
Merged-In: I48642485bdc853884d465d1fe00f2ceae69a4736
Some people apparently still talk to the network during their build.
Allow this temporarily with a BUILD_BROKEN_USES_NETWORK check.
Bug: 129992021
Test: attempt to talk to the network during the build with and without
this flag
Change-Id: I45612ad6165f92f123847b4057338c0dfc3424ee
Merged-In: I45612ad6165f92f123847b4057338c0dfc3424ee
(cherry picked from commit 0586c65780)
