This temporariliy turns off treble sysprop neverallow rules which
enforces marking the owner and accessibility to each system property.
Bug: 131162102
Bug: 142684203
Test: m sepolicy_tests
Change-Id: Ie9de9576fcf28c432543ab8f8971c1d048c55819
BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW is meant to be set depending on
targets, not devices. This allows that value to be set outside
BoardConfig.mk.
Bug: 131162102
Bug: 142684203
Test: m sepolicy_tests
Change-Id: I14f7cd06dcbaf1b5354c648079a815d7b6cc6f3a
A new sysprop neverallow rules are mandatory only for devices launching
with R or later. For devices already launched, neverallow rules can be
relaxed with adding following line to BoardConfig.mk:
BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
Bug: 131162102
Test: Set PRODUCT_SHIPPING_API_LEVEL := 30 and try building with
changing some system_public_prop to system_internal_prop
Test: m cts sepolicy_tests
Change-Id: I44a83af19b18b4116f83a3d5dc929f28bb8870ce
Merged-In: I44a83af19b18b4116f83a3d5dc929f28bb8870ce
(cherry picked from commit 06fb4554f4)
VNDK APEX replaces VNDK libs under /system/libs/vndk[-sp].
For current VNDK (vndk_package), com.android.vndk.current APEX is
installed instead of VNDK libraries.
For older versions of VNDK (vndk_snapshot_package),
com.android.vndk.v## APEXes are installed along with prebuilt VNDK libs.
The reason why phony targets of VNDK prebuilts are still installed is
that phony targets install the required *.libraries.##.txt files to
/system/etc.
After those .txt files are moved to APEXes, then we can remove those phony
targets.(b/141450808)
Bug: 141451661
Test: m && boot (tested with cuttlefish)
Change-Id: Ibfa06d42ec0081fa7010091ef097bb940bacf8d6
The signature size is needed during payload hashing and signing.
We used to sign the update_engine's payload with RSA keys only. In
this case, the signature size always equals the key size. But the
assumption is no longer true for EC keys, whose DER-encoded signature
size is a variant with a maximum size.
Therefore, we always give the maximum signature size to the delta
generator, who then add paddings to the real signature if necessary.
The maximum signature size is calculated by calling the delta_generator
with the new option '--calculate_signature_size'. For custom payload
signers, we also deprecate the '--payload_signer_key_size' and replace
it with '--payload_signer_maximum_signature_size'.
The EC key in the test is generated with:
The EC key in the unittest is generated with the command:
openssl ecparam -name prime256v1 -genkey -noout -out prime256v1-key.pem
openssl pkey -in prime256v1-key.pem -out testkey_EC.key
Bug: 141244025
Test: sign and verify a payload
Change-Id: Ife6e269d8aa3d870405aca20086330f1795e167f
This will let us quickly check the system image build type,
and modify *.rc behavior based on that.
Bug: 142430632
Test: adb shell getprop ro.sanitize.hwaddress in hwasan build
Change-Id: If2eb99dee93f0652cada5cb2e02fda963d00a7eb
We used to mimic the behavior of build system, to find the default
search path based on OUT_DIR_COMMON_BASE or OUT_DIR. These variables
should be internal to build system.
Since we've switched releasetools script to hermetic Python executables
(e.g. `m -j ota_from_target_files`, then run the binary at
`out/host/linux-x86/bin/ota_from_target_files`), we can set the search
path in relative to the path of the current executable.
Bug: 133126366
Test: TreeHugger
Test: 1. Build aosp_x86, by "lunch aosp_x86; m -j"
2. Inject errors to the executables under out/host/linux-x86/bin,
e.g. to `lpmake`.
3. Set up OUT_DIR (e.g., to /tmp/out) and build the same product
again by "export OUT_DIR=/tmp/out; lunch aosp_x86; m -j". Check
that the second run finishes successfully (with the binaries at
/tmp/out as opposed to out/; otherwise it would fail the build
due to the invalid binaries from step 2).
Test: lunch a target;
`atest --host releasetools_test releasetools_py3_test`
Change-Id: I366099c3dfd5fa4282745ef258a8cf35338e1e42
