The two new debugging images adds additional files based on
boot.img and ramdisk.img/ramdisk-recovery.img, respectively.
File /force_debuggable is to trigger special logic in /init to load an
userdebug version of sepolicy and an additional property file from this
ramdisk to allow adb root, if the device is unlocked.
It's intentional to skip signing for boot-debug.img, as it can
only be used if the device is unlocked, where verification error
is allowed.
Those debugging images allows adb root on user build
system.img, vendor.img, product.img, etc. This can facilitate more
automated testings on user builds and is helpful to narrow down the
delta between what's being tested v.s. what's being shipped.
Bug: 126493225
Test: `make dist`, checks both boot-debug.img and ramdisk-debug.img
are in $OUT/ and out/dist.
Test: `make dist`, checks installed-files-ramdisk-debug.{json,txt} are
in out/dist.
Test: `system/core/mkbootimg/unpack_bootimg.py --boot_img $OUT/boot-debug.img`,
checks the extracted out/ramdisk is as expected
Test: Run `gunzip -c ramdisk | cpio -idm` for the ramdisk extracted from
$OUT/boot-debug.img and $OUT/boot.img, respectively.
Then compare the root dirs of both, e.g.,
`diff -rq --no-dereference ./ramdisk ./ramdisk-debug`
Test: `make ramdisk_debug-nodeps` and `make bootimage_debug-nodeps`
Change-Id: I30137c3caef91805d9143d404e5e4d06c0fccc30
Merged-In: I30137c3caef91805d9143d404e5e4d06c0fccc30
(cherry picked from commit 0013f55ef4)
The boot-debug.img should NOT be release signed and can only be used
if the device is unlocked. Adding a check to prevent the tool from
signing this debuggable boot.img.
See the following for more details about boot-debug.img:
https://android-review.googlesource.com/c/platform/build/+/947857
Bug: 126493225
Test: put a file /force_debuggable into boot.img, checks the following
command fails:
./build/tools/releasetools/sign_target_files_apks \
out/dist/*-target_files-*.zip signed-target_files.zip
Change-Id: Ia5232949cb9582d2b4eaa171d9e9f3fe7317d418
Merged-In: Ia5232949cb9582d2b4eaa171d9e9f3fe7317d418
(cherry picked from commit 78369ebbc1)
With the support of enabling AVB on standalone partitions in libfs_avb,
devices can boot GSI with dm-verity. No need to disable AVB anymore.
Devices still can use the following command to disable AVB on
device-specific vbmeta.img if needed:
`fastboot flash --disable-verification vbmeta vbmeta.img`
Bug: 130595457
Test: Tree Hugger
Change-Id: I067dcda15f14f04428e0b60ce1f49227d61e4349
This reverts commit a280a66b5a.
/init now switched to read adb_debug.prop from debug ramdisk instead
of GSI or other system.img. No need to keep the file in GSI.
See the following for more details:
https://android-review.googlesource.com/c/platform/system/core/+/946517
Bug: 126493225
Test: tree hugger
Change-Id: I981db8e13216fbe0f066f4d3684ee149b1177d22
Merged-In: I981db8e13216fbe0f066f4d3684ee149b1177d22
(cherry picked from commit 8966070431)
am: 19ecb76b7b -s ours
am skip reason: change_id I8413b9b5b2ac24ac62b6cf22a5f14393420927f5 with SHA1 7e9f49c73c is in history
Change-Id: I9c2fc396c2c998539d89cdfb7a8e3a1fe75d5fdc
The boot-debug.img should NOT be release signed and can only be used
if the device is unlocked. Adding a check to prevent the tool from
signing this debuggable boot.img.
See the following for more details about boot-debug.img:
https://android-review.googlesource.com/c/platform/build/+/947857
Bug: 126493225
Test: put a file /force_debuggable into boot.img, checks the following
command fails:
./build/tools/releasetools/sign_target_files_apks \
out/dist/*-target_files-*.zip signed-target_files.zip
Change-Id: Ia5232949cb9582d2b4eaa171d9e9f3fe7317d418
It's a vendor-specific property, which was historically included into
/system/build.prop prior to this change.
Whether a target uses A/B OTA shouldn't affect anything on the system
image, including the `ro.build_ab_update` property. Moving it to vendor
partition will also make it consistent with other A/B specific configs,
such as the `slotselect` flag in device fstab
(/vendor/etc/fstab.$(PRODUCT_PLATFORM)).
Bug: 130516531
Test: Build and flash crosshatch-userdebug. Check /system/build.prop,
/vendor/build.prop and the runtime property.
Change-Id: I927625fbcc02c4a875a1f39850b51576f5ff6c66
So that it can be overridden by PRODUCT_PROPERTY_OVERRIDES.
Test: native bridge property is overridden when requested
Bug: 130825973
Bug: 130564502
Change-Id: I8413b9b5b2ac24ac62b6cf22a5f14393420927f5
Merged-In: I8413b9b5b2ac24ac62b6cf22a5f14393420927f5
(cherry-picked from 7e9f49c73c)
This is to migrate sepolicy Makefiles into Soong. For the first part,
file_contexts, hwservice_contexts, property_contexts, and
service_contexts are migrated. Build-time tests for contexts files are
still in Makefile; they will also be done with Soong after porting the
module sepolicy.
The motivation of migrating is based on generating property_contexts
dynamically: if we were to amend contexts files at build time in the
future, it would be nicer to manage them in Soong. To do that, building
contexts files with Soong can be very helpful.
Bug: 127949646
Bug: 129377144
Test: 1) Build blueline-userdebug, flash, and boot.
Test: 2) Build blueline-userdebug with TARGET_FLATTEN_APEX=true, flash,
and boot.
Test: 3) Build aosp_arm-userdebug.
Change-Id: I486f7065207468697320776f726b732077656c6c
am: dc47df6439 -s ours
am skip reason: change_id Ie748d1963ff6f525f8d9e551b73846c3e1c7f9a2 with SHA1 d60401a59b is in history
Change-Id: I7c3116a2791de1b86a63206f80b83062ef3cb564
am: 5180722c5e -s ours
am skip reason: change_id I24621b41860ce1fd1c3ba067430c8d62b49d03cb with SHA1 50bf3127d9 is in history
Change-Id: Ia19d6788e7da059b0cb335fc108863bc62b75693
Non-installable, non-library modules can still have notice files
attached if they are bundled in an apex module, in which case the
current make setting would generate an error. This change makes it just
ignore them silently if the module is ETC. Other classes will still
trigger an error.
Test: manual build + TreeHugger
Change-Id: Ic7931f990369f744c8de62956a1a0a9c0451d6ab
Use codename.fingerprint format for targetSdkVersion if it is unset
in the manifest and UNBUNDLED_BUILD_TARGET_SDK_WITH_API_FINGERPRINT=true.
Test: manual
Bug: 130541924
Change-Id: Ie748d1963ff6f525f8d9e551b73846c3e1c7f9a2
Merged-In: Ie748d1963ff6f525f8d9e551b73846c3e1c7f9a2
(cherry picked from commit d60401a59b)
The two new debugging images adds additional files based on
boot.img and ramdisk.img/ramdisk-recovery.img, respectively.
File /force_debuggable is to trigger special logic in /init to load an
userdebug version of sepolicy and an additional property file from this
ramdisk to allow adb root, if the device is unlocked.
It's intentional to skip signing for boot-debug.img, as it can
only be used if the device is unlocked, where verification error
is allowed.
Those debugging images allows adb root on user build
system.img, vendor.img, product.img, etc. This can facilitate more
automated testings on user builds and is helpful to narrow down the
delta between what's being tested v.s. what's being shipped.
Bug: 126493225
Test: `make dist`, checks both boot-debug.img and ramdisk-debug.img
are in $OUT/ and out/dist.
Test: `make dist`, checks installed-files-ramdisk-debug.{json,txt} are
in out/dist.
Test: `system/core/mkbootimg/unpack_bootimg.py --boot_img $OUT/boot-debug.img`,
checks the extracted out/ramdisk is as expected
Test: Run `gunzip -c ramdisk | cpio -idm` for the ramdisk extracted from
$OUT/boot-debug.img and $OUT/boot.img, respectively.
Then compare the root dirs of both, e.g.,
`diff -rq --no-dereference ./ramdisk ./ramdisk-debug`
Test: `make ramdisk_debug-nodeps` and `make bootimage_debug-nodeps`
Change-Id: I30137c3caef91805d9143d404e5e4d06c0fccc30
This reverts commit a280a66b5a.
/init now switched to read adb_debug.prop from debug ramdisk instead
of GSI or other system.img. No need to keep the file in GSI.
See the following for more details:
https://android-review.googlesource.com/c/platform/system/core/+/946517
Bug: 126493225
Test: tree hugger
Change-Id: I981db8e13216fbe0f066f4d3684ee149b1177d22
The extensions is for OEM. To avoid AOSP code using OEM
extensions mistakenly. GSI denys product to use the extensions
by enabling the following property:
ro.nnapi.extensions.deny_on_product=true
Bug: 129900377
Test: make gsi_arm64-userdebug, check /system/build.prop
Change-Id: Ia679f1f9c108bd5a164c8cdeb1d73f57da755608
am: 5873a854a4 -s ours
am skip reason: change_id I5abeb2da441fb3e3231e094063c2383eb3807852 with SHA1 4986e81160 is in history
Change-Id: I387cac7c1b0e0cbae248ad08a267131ef2aa92c8
This allows update_engine listing the file as a required module,
regardless of the value in AB_OTA_UPDATER.
Bug: 130516531
Test: Build aosp_arm64-userdebug w/o setting AB_OTA_UPDATER. Check that
/system/etc/update_engine/update-payload-key.pub.pem is available.
Change-Id: Ied041aca750e7260402ae8dbf65ff740d0b87205
Bug: 30414428
Test: `m -j dist` with aosp_taimen-userdebug. Check
/system/etc/security/otacerts.zip available under system and
recovery images.
Change-Id: I5abeb2da441fb3e3231e094063c2383eb3807852
Merged-In: I5abeb2da441fb3e3231e094063c2383eb3807852
