Commit graph

261 commits

Author SHA1 Message Date
Peter Collingbourne
3478bb2a7f Teach soong not to duplicate the HWASAN runtime into each APEX.
When HWASAN is enabled, the runtime is conceptually part of Bionic (and
mutually depends on it), so it needs to be treated in the same way as the
Bionic libs.

Now there are only two copies of the runtime: the one in
/system/lib64/bootstrap (which won't be used by ordinary processes) and the
one in the runtime APEX.

This reduces the size of the HWASAN system image and fixes an issue where
multiple copies of the HWASAN runtime were being loaded into 64-bit binaries in
APEXes because the linker namespace for the binary is different from the one
for its dependent libraries outside of APEXes. HWASAN only supports loading
one copy of the runtime per process, so this was causing such binaries to
crash on startup.

Change-Id: I228896e193a035e6dfba9f6e28d0b2e12fc163ea
2019-05-17 10:00:39 -07:00
Yi Kong
acee27cd72 Strip libgcc to only keep fallback symbols
We use libgcc as fallback for symbols not present in libclang_rt
builtins, however we didn't know what exact symbols were being used,
some may not be intended to fallback.

Create libgcc_stripped, which only contains unwind symbols from libgcc.

Bug: 29275768
Test: bionic-unit-tests
Change-Id: I5b349fa6138e51663bf3b67109b880b4356da8e8
2019-04-30 10:07:00 -07:00
Treehugger Robot
1341942d86 Merge "Prebuilt APEXes are recoreded in apexkeys.txt" 2019-04-30 03:14:01 +00:00
Jiyong Park
4d27704da0 Prebuilt APEXes are recoreded in apexkeys.txt
apexkeys.txt now correctly lists prebuilt APEXes with keys specified as
PRESIGNED.

This change also fixes a bug that non-installable APEXes are listed in
the file.

Bug: 131130235
Test: m out/soong/apexkeys.txt and check that
com.android.apex.cts.shim.apex is listed there with PRESIGNED keys.

Merged-In: Ib6d391a82864714743a1cc59cd655bea917b5073
Change-Id: Ib6d391a82864714743a1cc59cd655bea917b5073
(cherry picked from commit a41f12a6fa)
2019-04-29 09:21:23 +09:00
Logan Chien
41eabe63e8 Support opt-in ABI checks
This commit allows a module to opt in for ABI checks even when it is
not an LLNDK/VNDK module.

Bug: 131421213
Test: Add `header_abi_checker { enabled: true, }` to some module
Change-Id: Ie09d262e651cbb44d7d0eba652f55dc1e1e52962
2019-04-27 01:55:50 +08:00
Jiyong Park
71b519d6ce Set default target SDK version for APEX
Target SDK version is used for targeting an APEX to a specific set of
platform builds. Usually, the targeting is unrestricted (in case the
APEX can run on all platforms), or based on platform SDK version (e.g.
28 for P). However, when the platform is under development and SDK is
not finalized, the targeting should be much more fine-grained; the
APEX should be targeted to a very specific build that supports the same
set of APIs that the APEX was built against.

To support that, target sdk version is automatically set by the build
system. When the platform is released or SDK is finalized, the target sdk
version set to the SDK version number. If not, it is set to
<version_code>.<fingerprint> (e.g., Q.123456).
Note that the target sdk version set by the build system is used only
when the target sdk version is not explicitly set in
AndroidManifest.xml.

Bug: 130541924
Test: UNBUNDLED_BUILD_SDKS_FROM_SOURCE=true \
UNBUNDLED_BUILD_TARGET_SDK_WITH_API_FINGERPRINT=true \
TARGET_BUILD_APPS=com.android.tzdata m
build.ninja has --target_sdk_version Q.$$(cat out/soong/api_fingerprint.txt)

Test: aapt dump badging out/dist/com.android.tzdata.apex | grep \
targetSdkVersion shows:
targetSdkVersion:'Q.6ee443d9ad5f0cca7a43cfa97b7fc62a'

Change-Id: I086230d787f01075c28fc3f0163550300fa00212
2019-04-19 14:45:41 +09:00
dimitry
f807167023 Make apex_key HostAndDeviceDefault
Since apex_key is used in number of apex_test host_supported modules it
is no longer a device only module.

Test: add new device target and check that the build does not fail
Change-Id: I6402e3b622d22ee0ca0e6af71dfd71a690938e49
2019-04-12 09:26:00 +00:00
Dan Willemsen
412160e1c9 Stop using build/target -> build/make/target symlink
Instead, fully specify build/make/target/... everywhere

Test: treehugger
Change-Id: I07ba0e9b0604919a271afd5133070616e1f404fc
2019-04-09 21:36:26 -07:00
Nikita Ioffe
89ecd590ea Make prebuilt_apex be usable via :modulename syntax
Test: m
Bug: 127789981
Bug: 128677967
Change-Id: Ie1a1147c1d5570cd7eda48e274faabf95566d53f
2019-04-06 16:57:57 +01:00
Nikita Ioffe
7a41ebdf5f Add filename property to prebuilt_apex
* Makes it more inline with prebuilt_etc;
* For shim apexes, prebuilt_apex modules have pattern of
  com.android.apex.cts.shim.v1_prebuilt, but I would prefer
  pre-installed shim to be: /system/apex/com.android.apex.cts.shim.apex

Bug: 128677967
Bug: 127789981
Test: m
Change-Id: I34e3e078733420b5cf777fd6e3ce4d8c5796b19b
2019-04-06 11:39:22 +01:00
Nikita Ioffe
dd53e8be18 Add installable property for prebuilt_apex
In case of shim apexes, we prebuilt all of them, but only need to
install v1 to a system partition.

Bug: 128677967
Test: manually checked that non-installable prebuilts don't end in /system
Change-Id: I112432abfd8f03cc7d7379ea3cab3f5491ace49c
2019-04-05 22:07:10 +01:00
Colin Cross
cc0ce80ed5 Fix package path of android/soong/android pctx
android/soong/common was renamed to android/soong/android long
ago, but the pctx package path was still "android/soong/common".
This required all users of rules defined in android/soong/android
to import "android/soong/android" and then
pctx.Import("android/soong/common").

Test: m checkbuild
Change-Id: I20d096522760538f7cfc2bec3d4bfeba99b275d4
2019-04-04 03:59:34 +00:00
Jiyong Park
c320e8262a Key property is removed from prebuilt_apex
The property is not needed as key is embedded in the apex.

Bug: 128344735
Test: m
Change-Id: Iae671994fc271593dd9319f6262279736ea34ad1
2019-04-01 19:25:08 +09:00
Jiyong Park
42cca6c951 Always bundle the public key for APEX
The public key associated with an APEX is always included in the APEX.

Obviously, the public keys are no longer installed to
/system/etc/security/apex

Bug: 128344735
Test: m
Change-Id: I1e1aef1d32597a447b57d49ab80bbfb921fa8178
2019-04-01 19:24:31 +09:00
Jiyong Park
c95714ed0d Arch-specific source for prebuilt_apex
Arch-specific source can be specified for prebuilt_apex as follows.

arch: {
    arm64: {
        src: "myapex-arm64.apex",
    },
},

A note on the implementation. The Src property was not tagged as
`android:"arch_variant"` as usual. Instead, multiple Src properties are
explicitly declared like

struct Arch {
    struct Arm {
        struct Src *string
    }
    ...
}

Corresponding Src property is manually selected according to the
MultiTargets()[0].

This is because prebuilt_apex is mutated only for android_common, in
order to have the same arch variant with the apex module type.
Therefore, we can't rely on the arch_variant tag.

Bug: 127789981
Test: m (apex_test amended)

Change-Id: I77dbe626171d8975f549bdb4af3c487232cf05f7
2019-03-30 14:11:37 +09:00
Jaewoong Jung
939ebd5f33 Add prebuilt_apex.
Bug: 127789981
Test: apex_test.go + com.android.tzdata.apex
Change-Id: I09bb0a4b2acf310c55c789569da3c9d755638232
2019-03-28 15:56:22 -07:00
Jiyong Park
6788256d09 :module syntax support properties in apex_key
public_key and private_key properties support :module syntax so that the
key pairs can be dynamically created during the build, which is useful
for one-time keys.

Bug: 128960614
Test: m (apex_test amended)

Change-Id: I249b1d29f247784193b0d733a7b6a20274ece105
2019-03-22 11:41:09 +09:00
Jiyong Park
52818fcde8 Notice support for APEX
Notice file for an APEX is created by merging notice files for the
modules included in it (plus the notice file for the APEX itself if
specified).

Notice files having the same content are not duplicated; it is emitted
only once.

Bug: 128701495
Test: m (apex_test is amended)
Test: m and inspect $(PRODUCT_OUT)/obj/NOTICE.txt to check there are
license entries for /system/apex/*.apex files

Change-Id: I169d91038291a6c71615de97cf5b03174afab5d4
2019-03-21 08:05:50 +09:00
Colin Cross
8a49795df1 Replace ctx.ExpandSources with android.PathsForModuleSrc
Move the logic from ctx.ExpandSources into android.PathsForModuleSrc
and ctx.ExpandSource into android.PathForModuleSrc, and deprecate
them.  When combined with the pathDepsMutator this will let all
properties that take source paths also take filegroups or genrule
outputs, as long as they are tagged with `android:"path"`.

Test: All soong tests
Change-Id: I01625e76b5da19240e9649bf26a014eeeafcab8f
2019-03-20 19:36:13 +00:00
Jiyong Park
05e70ddc60 Fix the symbol file paths for files in APEXes
This change fixes the problem that symbol files for APEXes are installed to
incorrect path when TARGET_FLATTEN_APEX is set to true or the canonical
name of an APEX is different fro the module name of the APEX.

For the case when TARGET_FLATTEN_APEX is true, LOCAL_SOONG_SYMBOL_PATH
is set to point to the runtime path of a file (e.g. /apex/<name>/*).

For the case of the different canonical and module names, apex_name
property is added to explicitly specify the canonical name

Bug: 120846816
Test: m and inspect that symbol files exist under
$(PRODUCT_OUT)/symbols/apex/com.android.runtime/

Change-Id: Idfec88d6a30a18c225b0d87b868b9f1e0a617e38
2019-03-20 11:55:04 +09:00
Jiyong Park
bd13e44610 respect relative_install_path for binaries in APEXes
Bug: 123721777
Test: m (apex_test.go has the test)
Change-Id: I89bc83d4bc6fe8dc374cf36e06e795c75b290844
2019-03-18 14:49:21 +09:00
Jiyong Park
d1e293d11e product_specific support for apex_key
apex_key, when with product_specific: true, is installed to
/product/etc/security/apex.

Bug: 128519063
Test: m (apex_test.go amended)
Change-Id: I39e8ac1c486c734dfe0555cd1874468d75e71f34
2019-03-15 02:15:39 +09:00
Colin Cross
27b922f53e Annotate paths and deprecate ExtractSource(s)Deps
Add `android:"path"` to all properties that take paths to source
files, and remove the calls to ExtractSource(s)Deps, the
pathsDepsMutator will add the necessary SourceDepTag dependency.

Test: All soong tests
Change-Id: I488ba1a5d680aaa50b04fc38acf693e23c6d4d6d
2019-03-07 18:36:35 +00:00
Alex Light
778127a041 Add support for including py_binary and *_go_binary in apexs
These additional binary types are useful for some apexs. Add the
ability to include them. Due to the nature of the resulting artifacts
only py binaries with embedded launchers and host go binaries are
supported.

Test: m com.android.support.apexer
Bug: 119332365
Bug: 119332362
Change-Id: I27c253d3647cf7bbe15896610d7a74a5f93e8bec
2019-03-01 01:56:14 +00:00
Jaewoong Jung
acb6db331b Revert "Add override_module."
This reverts commit aa65e17016.

Reason for revert: Not compatible with PRODUCT_PACKAGES, and so has very limited use.

Change-Id: Ib141d3984a6f12bb50989e66037494c466b066f1
2019-02-28 16:22:30 +00:00
Jaewoong Jung
aa65e17016 Add override_module.
This new module type replaces the inherit-package function in make by
allowing developers to override the name, the certificate, and the
manifest package name of an android_app module.

Bug: 122957760
Fixes: 123640028
Test: app_test.go + BrowserGoogle
Change-Id: Iefe447e7078b25039233221361ef95c83a29973a
2019-02-27 14:35:39 -08:00
Alex Light
f4857cf3dd Include symlinks in flattened apexs
Flattened apexs were not including symlinks. This could cause expected
files not to be present.

Test: lunch aosp_marlin-userdebug
      m droid
      stat $OUT/system/apex/com.android.runtime.debug/bin/dalvikvm
Bug: 124924906

Change-Id: I04e696602b776b383bf7198eb19220353df74192
2019-02-25 10:14:55 -08:00
Alex Light
49ae3d9819 Don't use stubs for host apexs
Host apexs don't have a system-image associated with them so we need
to include all libraries, including those with stubs.

Test: ./art/test/testrunner/run_build_test_target.py -j50 art-linux-bionic-x64-zipapex
Bug: 125417922
Change-Id: Ie76e6a34e8be1057b29e2e005597c3e4b5fb1f9c
2019-02-21 14:02:46 -08:00
Treehugger Robot
1455d47788 Merge "Install external deps of an APEX" 2019-02-21 00:02:08 +00:00
Jiyong Park
37eb8bbb3a Export make vars using MakeVars method
ed023eca73 introduced a new (better) way
of exporting make vars from singletone. apex_keys_text singletone is
switched to the new method.

Test: inspect out/soong/make_vars-<target>.mk
Check SOONG_SOONG_APEX_KEYS_FILE is set

Change-Id: Ia218852ba9ae40070cb6c99340d97e0c77d19841
2019-02-20 22:26:21 +09:00
Jiyong Park
ac2bacd418 Install external deps of an APEX
By default, if a lib is included in an APEX, all its direct and indirect
dependencies are also included in the same APEX. However, when one of
the dependencies have stable API (i.e. has stubs: {...}) then the lib
having stable API and its dependencies are not included in the APEX.

However, the problem here is that the lib having stable API might not be
installed on the system, thus causing error at runtime. This can happen
if there is no other module in the platform that depends on the lib.

This change fixes the problem by adding such libraries as external
dependencies so that they are also installed on the device along with
the APEXes using them.

Bug: 124831003
Test: m installclean; m com.android.resolv
libbinder_ndk, libvndksupport are found under system/lib

Change-Id: I457e03ff3fce37e0890c64d911e6e0ea6d0c6dd6
2019-02-20 22:02:22 +09:00
Jiyong Park
0ca3ce867c build apexkeys.txt
apexkeys.txt is a text file having APEX-to-keys mappings. The file is
included in the target-files package where it is used when re-sign the
APEXes with release keys.

Each line of the file consists of 5 fields:
1) name: file name of the APEX
2) public_key: the public key for the apex_payload.img of the APEX
3) private_key: the private key used to sign the apex_payload.img
4) container_certificate: the certificate used to sign the APEX zip
container
5) container_private_key: the private key used to sign the APEX zip
container

Bug: 124406181
Test: m out/soong/apexkeys.txt and inspect the content
Test: TARGET_BUILD_APPS=com.android.tzdata m dist and make sure
out/dist/apexkeys.txt exists
Change-Id: I1daa13ec50956323b97e15e8df7f1fbe5ea21d63
2019-02-19 14:13:36 +09:00
Jiyong Park
809bb724f5 Add ":name" support for manifest and androidManifest properties in apex
The manifest and androidManifest properties in the apex module type now
supports ":name" syntax.

Bug: 123857186
Test: m (apex_test amended)
Change-Id: Ic4e5a73cf73260d156ec61d07932ad07b2561413
2019-02-14 15:28:58 +09:00
Jiyong Park
f97782b18c Remove prefer_sanitize.* properties
The properties are no longer required as an APEX module is mutated with
required sanitizers which are gathered by scanning the sanitizers that
are enabled for its direct dependencies.

Bug: 124128094
Test: m on marlin
The extractor libs are found under /system/apex/com.android.media

Merged-In: I55961d400dcbac067a5c0dcecb90e399d4991a70
Change-Id: I55961d400dcbac067a5c0dcecb90e399d4991a70
(cherry picked from commit abda0eb76b)
2019-02-14 12:30:49 +09:00
Alex Light
f1801bc0a5 Ensure that make doesn't flatten zipapex files.
Zip apex files are not really installed so should not ever be
flattened. Unfortunately we didn't send this information to make which
would still unzip everything.

Test: ALLOW_MISSING_DEPENDENCIES=true
      ./art/tools/build_linux_bionic_tests.sh com.android.runtime.host
Bug: 124333446

Change-Id: I3eda579f8c40f768f1ef2be867967f436396cd4c
2019-02-13 19:14:15 +00:00
Jiyong Park
b2742fdec9 APEX certificates can be overriden by PRODUCT_CERTIFICATE_OVERRIDES
Test: m (apex_test amended)
Change-Id: I9b66a250c9ca20ad754e12455de2b444cf19b1fa
2019-02-13 19:22:43 +09:00
Jiyong Park
40e26a2a99 Allow each APEX to provide its own AndroidManifest
AndroidManifest.xml file can be specified via the 'androidManifest'
property in the apex module type. It can be used to have a custom
AndroidManifest.xml that have additional tags (such as <uses-sdk> or
<uses-feature>) for precise targeting.

The property is optional; if unspecified, then one is auto-generated as
before.

Bug: 123857186
Test: m apex_test_build_features
Change-Id: Id7ee0471661887cfa11124cbaa3beea8cffcdda4
2019-02-13 16:24:59 +09:00
Alex Light
2a2561f8ac Always build zipapex's unflattened.
Zipapex's cannot be flattened so do not prevent them from being built
even if TARGET_FLATTEN_APEX is set.

Test: lunch aosp_arm-eng;
      ALLOW_MISSING_DEPENDENCIES=true \
      ./art/tools/build_linux_bionic.sh com.android.runtime.host

Bug: 124333446
Change-Id: I4bef65cce100136a8f7852692e841b62ed9e399f
2019-02-12 17:04:47 -08:00
Jiyong Park
235e67c281 Add prefer_sanitize.* properties to apex
It is used to configure an apex to prefere specific sanitizer variants
if available. For example, if a lib is with sanitize: {cfi: true} then
an APEX with prefer_sanitize: {cfi: true} will use the sanitized variant
of the lib.

Bug: 124128094
Test: m on marlin
extractor libraries are found under /system/apex/com.android.media

Change-Id: I858778eef78c5791cdeb497c7c11688cb128b5fe
2019-02-09 12:07:08 +09:00
Alex Light
0851b88eaf Add support for test_apex
Some test and other miscallaneous use-cases need apexs that are
installable but will not affect the installation of other artifacts
onto the device. For this purpose we added a test_apex type. These
test_apex targets create apex files and have all the normal attributes
but are not considered the source of any of their contents for the
device by the rest of the build-system.

Test: build and boot
Test: ALLOW_MISSING_DEPENDENCIES=true \
      DIST_DIR=$ANDROID_BUILD_TOP/out/dist \
      ./art/tools/dist_linux_bionic.sh -j72 showcommands com.android.runtime.host
Bug: 123591866
Bug: 123892969

Change-Id: I7f50be0ac0425cd87868145e18bcee6962d472ef
2019-02-07 16:52:20 -08:00
Jiyong Park
30ca9379e6 add apex_defaults
apex_defaults is the default module for apex.

Bug: 124026431
Test: m (apex_test updated)
Change-Id: I09f63046e909e8eeb52ecec6bb07eb51e5490561
2019-02-08 02:55:28 +09:00
Alex Light
f98087ffce Don't remove non-installable apex deps from the system install
We were marking any libraries included in any apex (including
non-installable apex's like com.android.runtime.host) as
uninstallable. This could cause phones to become unbootable if these
apex's are modified.

Bug: 123892969
Test: m droid && boot device.
Change-Id: Ief9004bbe7b106ee8f52715ce5bd7bb5accec290
2019-02-07 17:05:45 +00:00
Jiyong Park
41229f584a Fix: TARGET_FLATTEN_APEX=true does not install any files to /system/apex
94427265d1 broke the flattened APEX
by not updating moduleNames

Test: TARGET_FLATTEN_APEX=true m
Files are under /system/apex

Change-Id: I14b1a6f8b2244d35e1accdf9888cfef65f4b0a03
2019-02-07 16:48:04 +09:00
Jiyong Park
04480cf35b sh_binary can be included in APEX
Bug: 123891899
Test: m (apex_test amended)

Change-Id: Idebe577b20019fe9cd0fb6617f3b8c52a5b87714
2019-02-06 23:09:30 +09:00
Jiyong Park
94427265d1 Don't emit make rules for APEX files for non-installable APEX
When an APEX is non-installable, the make rules for the APEX files in
the APEX are not emitted as they will never get installed.

androidMkForType() is refactored so that make rules for the APEX files
are created in a separate function androidMkForFiles().

Test: m checkbuild tests
Bug: 123290268
Change-Id: Ibe8817d1e9c6312fb5c6f986dced8aa3e823664a
2019-02-06 22:40:29 +09:00
Jiyong Park
23c52b0eb8 :module syntax is supported for APEX even when TARGET_FLATTEN_APEX
Build rules for both flattened and non-flattend APEXes are created
regardless of TARGET_FLATTEN_APEX. The selection is made in AndroidMk.
This allows other module to reference an APEX via :module syntax
irrespective of TARGET_FLATTEN_APEX.

Bug: 123780484
Test: TARGET_FLATTEN_APEX=true m out/soong/.intermediates/art/build/apex/art-check-debug-apex-gen/gen/art-check-debug-apex-gen.dummy
with aosp/891696 applied
Change-Id: Ia49415ec3d18cfc5081461be76900c73ea803dca
2019-02-06 09:24:39 +09:00
Jiyong Park
b7c24df220 APEX respects relative_install_path
relative_install_path for cc_library is respected by APEX.

relative_install_path for cc_binary is not yet respected because doing
it will break the path to the dynamic linker in the runtime APEX.
That change should be done along with changes in init, bionic, etc.

Bug: 123721777
Test: m (apex_test.go amended)
Change-Id: I855f8eda0d4255d563861ac96d0d3e2c669e9a2a
2019-02-05 21:00:41 +09:00
Colin Cross
5f692ec219 Remove empty DepsMutator methods
Add an empty DepsMutator to ModuleBase so it doesn't have to be
implemented on every module that doesn't need it.

Test: all soong tests
Change-Id: I545a832a0dbf27386d3080377a75ea482cd9ce59
2019-02-01 17:17:58 -08:00
Treehugger Robot
df819e6b0c Merge changes from topic "libc-bionic"
* changes:
  Give a knob to have apex ignore system-lib special cases
  Add limited target-specific configuration to apex.
2019-01-31 22:24:55 +00:00
Dan Willemsen
5e2e3ef846 Expand Jiyong's apex OWNERship
There's more to apex than just apex.go

Change-Id: I6603db10c43148c4f17fb9d3b762400472b32526
2019-01-31 18:57:00 +00:00
Alex Light
fc0bd7c15b Give a knob to have apex ignore system-lib special cases
apex will normally place libc and some other system libraries into a
separate directory. This is to ensure that early startup works
correctly. Some apex targets want to have these libraries at the
normal places however.

Test: ./art/tools/build_linux_bionic.sh com.android.runtime.host
Bug: 123591866
Bug: 120266448
Change-Id: Ib5a67a43fe3eea6188b4df9215e743f1634045f3
2019-01-31 10:53:02 -08:00
Alex Light
9670d332b6 Add limited target-specific configuration to apex.
Some apex targets need to be able to change their contents based on if
they are host or target or what libc they are using. This adds support
for doing this using the standard 'target: {...}' idiom.

Test: m com.android.runtime.host
Test: ./art/tools/build_linux_bionic.sh com.android.runtime.host
Bug: 123591866
Change-Id: If73bee650cdeb277c0e603763aa0b0108656bfdd
2019-01-31 10:52:57 -08:00
Jiyong Park
719b4467aa Reland "Symbols for libs in APEXes are available"
This reverts commit eaebd76656.

Bug: 120846816
Test: build/soong/build_test.bash -dist -products mainline_system_arm64
Test: lunch aosp_cf_x86_pasan-userdebug; m && SANITIZE_TARGET=address m

Change-Id: I0d2f3eba33c2d1d034d13839c1bd23970adb9f85
2019-01-30 12:34:46 +09:00
Alex Light
3d67359f2f Add support for symlink_preferred_arch in apex
Some modules rely on symlink_preferred_arch to have expected files
present. This change makes apexs include these symlinks.

Test: m com.android.runtime.debug
      pushd $(mktemp -d)
      mkdir mnt
      unzip $OUT/apex/system/com.android.runtime.debug.apex
      sudo mount -o loop,ro apex_payload.img mnt
      Ensure that mnt/bin/dalvikvm and mnt/bin/dex2oatd both exist and
      are symlinks to mnt/bin/dalvikvm64 and mnt/bin/dex2oatd32
      respectively.

Bug: 119942078
Bug: 122373634
Bug: 123079311
Change-Id: I47868fbedc5bdd3141a836c488f79e91e0a6ddfe
2019-01-29 03:21:47 +00:00
Treehugger Robot
62f6fcbbb9 Merge "Create sanitizer variants of APEX only when SANITIZE_TARGET is set" 2019-01-29 02:46:31 +00:00
Jiyong Park
7e636d0b98 stubs lib can export headers lib
Add a dependency from a stubs lib to headers libs so that the headers
can be re-exported.

Bug: 122717287
Test: m; a test added to apex_test.go
Change-Id: I8d48c072815c6b02d343ef09cb44dfc6d1af8e64
2019-01-29 07:38:42 +09:00
Jiyong Park
388ef3f5aa Create sanitizer variants of APEX only when SANITIZE_TARGET is set
This fixes a problem that APEX is unconditionally mutated for all
sanitizer types. This can make an APEX to include sanitized version
of a lib even when SANITIZE_TARGET is not set. It can happen when lib X
is directly depended on by an APEX (e.g. via native_shared_libs) and X
has a sanitized variant due to the dependency from another library Y
which is force sanitized (via 'sanitize' property). In that case,
regardless of lib Y is in the APEX or not, the APEX chooses the
sanitized variant of lib X since the dependency from APEX to the lib is
created with AddFarVariationDependency.

Fixing this problem by mutating the APEX for a sanitizer type only when
the device is requested to be sanitized.

Bug: 122717287
Test: add libnetd_client to com.android.runtime APEX.
Inspect build.ninja to verify that libnetd_client.so in the runtime APEX
is not a sanitized one.

Change-Id: I918bc8407137d74c5456142b3a29de13df68c0b3
2019-01-29 07:10:31 +09:00
Jiyong Park
58e364a373 Add __ANDROID_APEX__
A module can be built multiple times when it is referenced from one
or more APEXes. Sometimes, it is required for the module to behave
differently depending on the context; e.g., do A when built form
APEX M, do B when built for APEX N, and do C when built for platform.

The idea is to have a macro __ANDROID_APEX__ which is set to the
name of the apex that the module is built for. It is undefined when
the module is built for platform.

Bug: 122714993
Test: m (apex_test amended)
Change-Id: I11a89c6a0e799f4810194de7ef9ee472a71ca498
2019-01-28 20:02:27 +09:00
Alex Light
16df4e868e Only copy native binaries on native-bridge configs
If native-bridge/ndk translation is supported for a config the build
system will know about 2 copies of binaries, one for each ABI. We only
want to actually install the 'Native' (non-translated) ABI into the
apex in these situations.

Test: lunch aosp_cf_x86_phone-userdebug
      m showcommands com.android.runtime.debug
      examine the command output to make sure only a single copy of
      dex2oat is being installed.

Change-Id: I9480e52855fd9f5564a579099309fb38f1c50367
2019-01-24 12:29:50 -08:00
David Brazdil
91b4e3e78b Disable all-assigned check in hiddenapi on master-art
Master-art configurations do not have frameworks/base and therefore do
not have hidden API flags. Pass --no-force-assign-all to `hiddenapi`
when frameworks/base does not exist to disable the corresponding
assertion. This enables us to enforce the assertion on non-master-art
builds and also get rid of logspam about missing flags on ART buildbots.

Test: art/tools/buildbot-build.sh on master-art
Bug: 123143676
Change-Id: I074d9554fb11dab3eef904016375730520107ec2
2019-01-23 22:55:41 +00:00
Jiyong Park
087b541afd Fix: APEX gets .jar.jar suffix when TARGET_FLATTEN_APEX is true
soong_java_prebuilt.mk sets LOCAL_MODULE_SUFFIX := .jar. Therefore, we
need to remove .jar suffix from LOCAL_MODULE_STEM, otherwise, we
will have .jar.jar suffix.

Bug: 123092860
Test: TARGET_FLATTEN_APEX=true apex.test
Check /system/apex/apex.test/javalib/core-oj.jar is there.

Change-Id: Ie19b20523753ec32ab16266f63d26c4df685cc34
2019-01-20 22:42:33 +09:00
Jaewoong Jung
b9a11518bc Enable arch variant properties in prebuilt_etc.
Bug: 122332178
Test: Soong unit tests + TreeHugger.
Change-Id: Ia8fab0add09478599398e8cbb703debc39f658f6
2019-01-17 09:02:34 -08:00
Jiyong Park
379de2fab0 APEXes can be sanitized
This change first introduces the interface "Sanitizeable" that
module types other than cc.Module can use to be handled by the sanitizer
mutator. APEX module, by implementing the interface, gets sanitizer
variants.

In doing so, sanitizer.go is refactored so that modules have explicit
dependencies to the runtime sanitizer libraries. This allows the runtime
library to be packaged into the APEX when required. This also completes
the dependency graph; updating the prebuilt sanitizer runtime will
trigger rebuilding of modules using the runtime.

Bug: 120894259
Bug: 121038155
Test: SANITIZE_TARGET=hwaddress m apex.test
Test: TARGET_FLATTEN_APEX=true SANITIZE_TARGET=address m
Change-Id: Ia91576ff48cda3c996350308b75bf83fcf7c23d7
2019-01-13 00:48:47 +09:00
Michael Butler
eaebd76656 Revert "Symbols for libs in APEXes are available"
This reverts commit 769e50b3c9.

Reason for revert: Likely causing build failure on aosp_x86_64-eng in aosp_master:

"build/make/core/base_rules.mk:271: error: art/build/apex: MODULE.TARGET.SHARED_LIBRARIES.com.android.runtime.host.libart-compiler already defined by art/build/apex."

Change-Id: I83b7caa04b2648e4e4914aae2fa5878516634eed
2019-01-11 20:23:36 +00:00
Jiyong Park
769e50b3c9 Symbols for libs in APEXes are available
The unstripped file for libraries in APEXes are available via
out/target/product/<device>/symbols/apex/<apex_name>/path_to_lib.

This change make the symbol files available by installing the individual
files in APEXes to the directory where the APEXes will be mounted at
(i.e. runtime directory which is /apex/<apex_name>). Note that the files
are not actually packaged to a filesystem image; they are installed just
to create the symbol files under the out directory where developers can
use them for debugging.

Bug: 120846816
Test: m com.android.runtime.debug
There are unstripped files under
out/target/product/walleye/symbols/apex/com.android.runtime.debug

Change-Id: Ib182e2bf8787b7669ccba13814491db35370f468
2019-01-11 23:45:20 +09:00
Jiyong Park
9335a26cbd APEXes can be signed with devkeys
When PRODUCT_DEFAULT_DEV_CERTIFICATE is set to /vendor/foo/devkeys/test,
then the public/private key pairs for an apex_key is searched at
/vendor/foo/devkeys directory.

To be specific,

/system/timezone/Android.bp:
apex_key {
    name: "timezone.key",
    public_key: "com.android.tzdata.avbpubkey",
    private_key: "com.android.tzdata.pem",
}

When PRODUCT_DEFAULT_DEV_CERTIFICATE isn't set, the keys are searched at
/system/timezone, which is the path where Android.bp is located.

With PRODUCT_DEFAULT_DEV_CERTIFICATE set to /vendor/foo/devkeys/test,
the keys are searched at /vendor/foo/devkeys.

Bug: 121224311
Test: m (apex_test updated)
Test: m with crosshatch (PRODUCT_DEFAULT_DEV_CERTIFICATE is set to
/vendor/google/...)
Test: m with cheets (PRODUCT_DEFAULT_DEV_CERTIFICATE is set, but there
is no apex key there. The product is with TARGET_FLATTEN_APEX := true)

Change-Id: I213bbb96c433d851f9cc982871459fd7fb4fe47d
2019-01-11 13:35:56 +09:00
Jiyong Park
d699cb9cf9 apex manifest is always installed as apex_manifest.json
This change fixes a bug that when built with TARGET_FLATTEN_APEX=true,
apex manifests are installed without being renamed to
apex_manifest.json.

Test: TARGET_FLATTEN_APEX=true
Test: /system/apex/*/apex_mnifest.json exist
Test: device boots to the UI
Change-Id: Ib8baeb475babbf4faf6cc073e266bb3038ac1b2d
2019-01-11 01:25:40 +09:00
Jiyong Park
b07885714c Rename non-stubs variant of a lib if it is included in APEX
If a lib is directly included in an APEX (via native_shared_libs
property) and the lib has stubs (via stubs.versions property), then the
ordinary non-stubs variant of the library is renamed to
<libname>.bootstrap in the makefile. At the same time, the stubs variant
of the lib becomes visible and it's name is <libname>.

This ensures that modules in Android.mk build against the stubs
variant thus preventing them from using private APIs in the lib.

The non-stubs variant, however, is used if the module explicitly has
set the new 'bootstrap' property to true. This is useful for building
some early binaries (such as init and vold) which need to run before
APEXes are activated. Since they can't use the bionic libs from the
runtime APEX, they should use the bionic libs left in the system
partition which is called the boostrap bionic.

Bug: 120266448
Test: m
Test: m with https://android-review.googlesource.com/c/platform/bionic/+/849044

Change-Id: I882b8aeb5b29460f07b4424e4f8eb844d6c9a9b0
2019-01-10 09:57:29 +09:00
Jiyong Park
7f67f48cbb Add PRODUCT_MANIFEST_PACKAGE_NAME_OVERRIDES
It is a list of <module_name>:<manifest_name> pairs. When the module
name of an APK or an APEX matches with <module_name>, then its app
manifest name is overridden to <manifest_name>.

<module_name> and <manifest_name> can be patterns as in
com.android.%:com.mycompany.android.%.release

Note that, in case of APEXes, the manifest name refers to the name of
the zip container. The apex manifest name (which is specified in
apex_manifest.json) is not overridden.

Test: m with PRODUCT_MANIFEST_PACKAGE_NAME_OVERRIDES for
1) an APK in Android.mk
2) an APK in ANdroid.bp
3) an APEX
and check that manifest names are modified as specified

Change-Id: Ie58882d90884695e893944c43d9c8803b283e93d
2019-01-09 21:12:27 +09:00
Jiyong Park
805cbc3ac2 Executables in APEXes have root:shell
Executables under /system/bin are configured as (uid:gid)=(root:shell)
by fs_config.cpp. Therefore, an executable that is moved/copied from
/system/bin to an APEX should be configured as such.

Test: adb shell ls -al /system/bin/linker
/apex/com.android.runtime/bin/linker shows
-rwxr-xr-x 1 root shell 1133528 1970-01-01 09:00 /apex/com.android.runtime/bin/linker
-rwxr-xr-x 1 root shell 1133528 1970-01-01 09:00 /system/bin/linker

Change-Id: Ibb698aab237362fed312da2af809cceead8a1092
2019-01-09 08:41:45 +09:00
Jiyong Park
7c1dc6100a Don't use vendor variant when BOARD_VNDK_VERSION is not set
Vendor variants are not available when BOARD_VNDK_VERSION is not set.

Test: m for aosp_marlin
Change-Id: I5d89a401f5cf98db3f0a9aa553f00b2d6ee9ed1e
2019-01-05 11:17:10 +09:00
Logan Chien
3aeedc9592 Do not add _platform suffix to non-apex variation
This commit renames `_platform` suffix to `` (empty string) so that
non-apex variations are not renamed to `_core_shared_platform` or
`_vendor_shared_platform`.

This commit makes sure that `_core_shared` and `_vendor_shared` is
always under `$OUT_DIR/soong` regardless the usages from apex modules.
Furthermore, this avoids the confusing stale lsdump files (e.g. both
`_core_shared` and `_core_shared_platform exist) while creating
reference ABI dumps for VNDK ABI checks.

Bug: 121986692
Test: lunch aosp_arm64-userdebug; make  # no more _platform variants.
Change-Id: Ic02a60ac45f982580349661c22331d114617fd92
2019-01-04 13:28:01 +08:00
Jiyong Park
67883b3ec6 Fix: stubs lib is installed in APEX
This CL fixes the problem that when a lib is defined with stubs, the
stubs variantof the lib is installed to the APEX. This was happening
because the non-stubs variant is the last variant of the 'version'
variants and addFarVariationDependencies selects the first variant when
the 'version' variant isn't specified.

Fixing the problem by making the non-stubs variant (whose name is "")
the first variant.

Test: m (apex_test)

Change-Id: I1505fd2f29a0d70c916bad51000aa06f2b80b137
2019-01-04 03:37:00 +09:00
Jiyong Park
835d82b73c Bundle public keys with APEX
When an apex key is marked as 'installable: false' and the build is
debuggable, the pubic key file for the apex key is bundled with the APEX
that is signed with the key.

This eliminates the need to install the public keys for the
testing-purpose APEX in the system partition.

Bug: 122047804
Test: m
Change-Id: Ifa5914891463dbf4c21484ea440836521b2f90b1
2019-01-04 03:23:12 +09:00
Jiyong Park
50d99206d5 Add installable property to apex_key
Setting the property to false prevents the key from being installed.
Useful for testing keys.

Bug: 122042717
Test: add 'installable: false' to the apex_key
'com.android.apex.test_package.key'. mma under
/system/apex/apexd/apexd_testdata. The key is not found under
out/target/product/..../system/etc/security/apex

Change-Id: Ibf70e4e8ea5e73432d06b1c4050df531eaafc85e
2019-01-04 03:23:12 +09:00
Colin Cross
189ff9868e Set stem for uninstalled apex modules
Apex modules with installable: false are not installed, so the
dist rule copies from LOCAL_BUILT_MODULE instead of
LOCAL_INSTALLED_MODULE.  If LOCAL_BUILT_MODULE_STEM is unset,
LOCAL_BUILT_MODULE will have the module name as the stem,
resulting in an incorrect file copied to the dist directory.
Set LOCAL_MODULE_STEM instead of LOCAL_INSTALLED_MODULE_STEM,
which also covers LOCAL_BUILT_MODUL_STEM.

Fixes: 122277867
Test: tapas test1_com.android.tzdata && m dist
Change-Id: I0af0c5adcac478a1ce68c4625203fd9bd56bf94d
2019-01-02 22:37:21 -08:00
Jiyong Park
16e91a067d Fix: static dependency across an APEX is lost
This change fixes following problem:

1) a native lib having stubs is defined.
2) the lib is included in an APEX.
3) a static binary is linking the lib from outside of the APEX.
4) then, the dependency from the binary to the lib is vanishing.

This is happening because cc.depsToPaths() mistakely does not
distinguish static lib deps from shared lib deps. For shared lib deps,
it creates two dependencies (one for stubs variant and the other for
non-stubs variant) and choose the stubs variant when the lib and the
current module is not in the same APEX (i.e. dependency to the non-stubs
variant is discarded). However, since we don't have stubs variant for
static library, it ends up having no dependency to the library if the
link is static.

Fixing the issue by skipping the variant selection routine when the link
is static.

Test: m (apex_test added)
Test: build with https://android-review.googlesource.com/c/platform/bionic/+/849044
Change-Id: I21102a31cc5c0b105da2affdd035bd5cc571a6ab
2018-12-21 18:01:39 +09:00
Jiyong Park
da6eb592bf Add use_vendor to APEX module
use_vendor, when set to true, brings vendor variant of the native
libraries and binaries to the APEX.

Bug: 115707625
Test: m (apex_test updated)
Change-Id: Ib4e996f8652f4ce4645a9c22f6914e2ab35edda6
2018-12-20 14:33:02 +09:00
Jiyong Park
5a8320201a Fix a nill pointer dereference when TARGET_FLATTEN_APEX
When TARGET_FLATTEN_APEX is set to true, there is no single output file
for an APEX that other modules can reference via ":module" syntax.
Return nothing in that case.

Bug: 121221006
Test: TARGET_FLATTEN_APEX=true m
Change-Id: I556b55073720b16fd30fd133af58aac229e958c0
2018-12-20 09:54:35 +09:00
Jiyong Park
a88948419a Fix: Flattend APEX is breaking build
When TARGET_FLATTEN_APEX=true, individual files in an APEX are exported
to make. However, because they lack LOCAL_SOONG_CLASSES_JAR,
soong_java_prebuilt.mk get confused and the build breaks.

Fixing the bug by correctly emitting LOCAL_SOONG_CLASSES_JAR and
LOCAL_SOONG_HEADER_JAR.

Test: TARGET_FLATTEN_APEX=true m
out/target/common/obj/JAVA_LIBRARIES/com.android.conscrypt.conscrypt_intermediates/classes.jar

Change-Id: I65ce86ec825f978a43715146bbd5c1d5af513de0
2018-12-19 23:07:23 +09:00
Treehugger Robot
8cc51b5620 Merge changes Idb2b552b,I190bca35
* changes:
  When a stub is built for APEX, it is generated with --apex
  APEX-specific symbols can be tagged as # apex
2018-12-19 06:28:23 +00:00
Treehugger Robot
ace2be498e Merge "Add installable property to apex module type" 2018-12-15 17:59:41 +00:00
Jiyong Park
3fd0baf651 When a stub is built for APEX, it is generated with --apex
Now, symbols that are only to be visible to across APEXes can be tagged
as # vndk. Then when generating the stubs library, the tagged symbol
is included. The symbol is NOT included in other cases; build NDK stubs,
etc.

Bug: 120638081
Test: m (apex_test updated.)
Change-Id: Idb2b552badddfc26af113cc8d4b984788f478813
2018-12-16 02:13:14 +09:00
Jiyong Park
6437995170 Remove -include <file> when compiling stubs.
Otherwise, the force included headers might cause conflicting types
error with the symbols in the generated stubs source code. e.g.

double acos(double); // in header
void acos() {} // in the generated source code

Bug: 120266448
Test: m (apex_test also updated, and passing)
Change-Id: I717df990959d1b24ec515f0f52a4e28b94e92f32
2018-12-15 23:03:47 +09:00
Jiyong Park
92c0f9ce54 Add installable property to apex module type
When set to false, the apex is built but not installed. Useful for not
polluting the system image with test APEXes when doing mma.

Bug: 120960303
Test: add 'installable: false' to apex.test under system/apex/tests/Android.bp
m; check that out/..../system/apex/apex.test.apex does not exist.

Change-Id: I383d5cdcc8aec705b6a5778dbd07233471d289d0
2018-12-15 22:58:14 +09:00
Jiyong Park
0ddfcd1188 Don't create unnecessary APEX variations
This change fixes a problem that APEX variations are created for the
modules that actually shouldn't built for any APEX. For example,
consider this case.

apex { name: "myapex", native_shared_libs: ["mylib"],}

cc_library { name: "mylib", shared_libs: ["libfoo#10"],}
cc_library { name: "libfoo",
             shared_libs: ["libbar"],
             stubs: { versions: ["10"], }, }
cc_library { name: "libbar", ...}

Before this change, both the stubs and non-stubs variations of libfoo
were mutated with apexMuator, which is incorrect for the non-stubs
varia; there is no dependency chain from the apex "myapex" to the
non-stubs variation, but to the stubs variation due to the #10 syntax.

This was happening becauses we used the name of the module to determine
whether it should be built for APEX or not. Both stubs and non-stubs
variations have the same module name "libfoo".

Fixing this issue by recording the list of APEX variations required
directly on the module. So, the stubs variation of libfoo has myapex in
its apex variations list, but the non-stubs variation doesn't, and thus
apexMutator does not pick up the non-stubs variation.

Test: m (apex_test updated and passing)
Test: cherry-pick ag/5747464 and m
Change-Id: I31e618626809a828a55fff513ef5f81f79637afa
2018-12-13 10:48:15 +09:00
Jiyong Park
74e240be03 Output of an apex module type can be included in tests
By implementing SourceFileProducer interface, output of an apex module
can be included in tests (via ':modulename' syntax in 'data' property)

Bug: 120055902
Test: replace apexd_testdata/* with :apex.test in
system/apex/apexd/Android.bp. m apex_file_test.
out/host/linux-x86/nativetest/apex_file_test/ has apex.test.apex in it.

Change-Id: I8b721a68e0edc65a3e674febeed485e06b96bc24
2018-12-12 18:33:30 +09:00
Jiyong Park
28d395a149 Fix: build error when a lib with stubs is included in an APEX
apex { name: "foo", native_shared_libs: ["mylib"] }
cc_library { name: "mylib", shared_libs: ["other_lib"],
             stubs: { versions: ["1"]}, }

This is causing build error due to missing variant for other_lib.
This is happening because the stubs variant of mylib is added to apex
foo instead of the non-stubs variant. Because stubs variant does not
have any further dependencies, other_lib is not included to the APEX and
is not built for it.

Fixing this issue by specifying the version variant when adding a lib to
the dependency of an APEX, so that non-stub variant of the lib is
depended on.

Test: m (apex_test updated)
Change-Id: I972b6dcbce11942f83a76212715ba915534ec3df
2018-12-10 13:33:41 +09:00
Jiyong Park
7c2ee713ec Fix: a module with sub_dir can't be placed in APEX
This change fixes the bug that when a module is defined with sub_dir,
then build breaks when the module is included in an APEX.

This was happening because, for example when we have a prebuilt_etc
module having sub_dir set to "foo/bar", then only etc/foo/bar is added
to the canned_fs_config file and other intermediate directories (etc,
etc/foo) are not added. e2fsdroid however expects that every directories
to be listed.

Fixing the problem by adding parent directories when adding a directory
to canned_fs_config.

Bug: 120600179
Test: m (a new test case added to apex_test)
Change-Id: If712ff65761a7e1e3216371bb2eb7acf9cb5dc9e
2018-12-07 14:29:59 +09:00
Alex Light
ee25072e35 Make apex.ApexBundleFactory public
Art needs to be able to create an ApexBundle with a LoadHook to
support art testing using the HOST_PREFER_32_BIT=true hack.

Bug: 120617876
Test: HOST_PREFER_32_BIT=true m nothing
Change-Id: Ia11e61a92094dfbc013c6c53a6edff33371ed8e1
2018-12-06 14:02:16 -08:00
Alex Light
5098a612fc Add zip-apex
This adds support for an apex-like file where the payload is a zip
file instead of a FS image. This makes it easier to examine and use
without root. These can also be built for the host.

This can be controlled using the 'type' modifier in the apex build
rule. 'type' may be "image" to build an apex file called {name}.apex
with an FS image payload, "zip" to build an apex with called
{name}.zipapex with a zip-file payload or "both" to build both. By
default we will use "image".

This also adds support for setting apex rules to
"host_supported: true".

Test: cd art/build/apex; mma; examine the com.android.runtime.host.zipapex
      artifact.
Test: go test android/soong/apex -v
Bug: 120436895

Change-Id: I534d330672211ac5ccc3bd5a0c89b9fc507bf51e
2018-12-04 13:10:17 -08:00
Jiyong Park
25fc6a9cc9 Stubs variant is used when building for APEX
When a native module is built for an APEX and is depending on a native
library having stubs (i.e. stubs.versions property is set), the stubs
variant is used unless the dependent lib is directly included in the
same APEX with the depending module.

Example:

apex {
    name: "myapex",
    native_shared_libs: ["libX", "libY"],
}

cc_library {
    name: "libX",
    shared_libs: ["libY", "libZ"],
}

cc_library {
    name: "libY",
    stubs: { versions: ["1", "2"], },
}

cc_library {
    name: "libZ",
    stubs: { versions: ["1", "2"], },
}

In this case, libX is linking to the impl variant of libY (that provides
private APIs) while libY is linking to the version 2 stubs of libZ. This is
because libY is directly included in the same apex via
native_shared_libs property, but libZ isn't.

Bug: 112672359
Test: apex_test added
Change-Id: If9871b70dc74a06bd828dd4cd1aeebd2e68b837c
2018-12-04 17:46:22 +09:00
Shahar Amitai
328b077e20 Revert "Add resources.pb to the apex bundle"
This reverts commit 1ed0fc532d.

Reason for revert: resources.pb not needed, version code is taken from AndroidManifest.xml

Bug: 117295826
Test: tapas com.android.runtime.debug; m dist
$ unzip -l com.android.runtime.debug-base.zip
Archive:  out/dist/com.android.runtime.debug-base.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
 29618176  1980-01-01 09:00   apex/armeabi-v7a.img
       52  1980-01-01 09:00   root/apex_manifest.json
      464  1980-01-01 09:00   manifest/AndroidManifest.xml
---------                     -------
 29618692                     3 files

Change-Id: I677b9e70726087aa3ecc2949648976a0dfcd57dd
2018-11-27 18:12:09 +09:00
Dario Freni
4abb1dc10b Rename manifest and image files.
manifest.json -> apex_manifest.json
image.img -> apex_payload.img

Bug: 119672727
Test: m, installed on device, boots.
Change-Id: Id79c6a1ac8f5d306f534477d94b76f8ed0e7d7a7
2018-11-24 16:31:59 +00:00
Jiyong Park
1ed0fc532d Add resources.pb to the apex bundle
The file was missing.

Bug: 117295826
Test: tapas com.android.runtime.debug; m dist
$ unzip -l com.android.runtime.debug-base.zip
Archive:  com.android.runtime.debug-base.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
 29614080  1980-01-01 09:00   apex/armeabi-v7a.img
       52  1980-01-01 09:00   root/manifest.json
      379  1980-01-01 09:00   manifest/AndroidManifest.xml
       59  1980-01-01 09:00   resources.pb
---------                     -------
 29614570                     4 files

Change-Id: I916ad5ba479c952a106b055c0e71e7e6556b6101
2018-11-23 13:33:11 +09:00
Jiyong Park
bfe64a1a59 Align entries in APEX at 4K boundary
Use -a option of signapk to specify the alignment to 4K. The default is
4.

Test: m apex.test; zipalign -c -v 4096 $(OUT)/system/apex/apex.test.apex
shows ok

Change-Id: I7b1a3d442b69b89838cf09451939cd23d5646bde
2018-11-22 03:09:40 +09:00
Jiyong Park
25560152c3 Remove buildspam from apexer
Turning --verbose off.

Bug: 119768180
Test: m apex.test
[ 99% 5758/5761] //system/apex:apex.test apex [common]
[100% 5761/5761] Install: out/target/product/walleye/system/apex/apex.test.apex

Change-Id: Iddebbbc6a6ad1bc8145abc7878bc310eac4d2792
2018-11-20 09:58:50 +09:00
Colin Cross
a49259071a Convert apex modules to app bundle modules
Convert .apex files to base.zip files suitable for bundletool.
They will be copied to the dist directory when built with
TARGET_BUILD_APPS and dist.

Also fix up apex.go to use Build instead of the deprecated ModuleBuild,
and ctx.ModuleName() instead of module.ModuleBase.Name().

Bug: 117295826
Test: tapas com.android.runtime && m dist
Change-Id: I7919c8d3da280e87c624a6628a1715e8060852dc
2018-11-16 12:25:28 -08:00
Jiyong Park
02196574a9 Rename APEX file_contexts as <name>-file_context
It was <name>_file_context before. Changing for better readability.

Bug: 119034475
Test: m apex.test com.android.tzdata com.android.runtime
Change-Id: I0d3d3319370cdbb366d06626c8ac978ca8d875c3
2018-11-15 07:25:08 +09:00
Jiyong Park
8fd6192480 APEX can be flattened
When TARGET_FLATTEN_APEX is set to true, APEXes are flattened, which
means files in an APEX is not packaged into the mini file system image,
but instead directly copied to the system partition.

This option is for devices where kernel does not support loopback
devices or the maximum number of loopback devices is too small (though
the threshold is TBD as of now).

This CL also fixes a bug that jars having bytecode are installed instead
of those having dex.

Bug: 118485880
Test: TARGET_FLATTEN_APEX=true m apex.test; tree
out/target/product/.../system/apex/apex.test shows list of files in it.

Test; m apex.test, then a file out/target/product/.../system/apex/apex
.test.apex exists.

Change-Id: I5a3d62d392d05f2779c4925388afe4f6e460059b
2018-11-14 13:41:54 +09:00
Jiyong Park
d0a65bae17 Move file_contexts file for APEXes to under /system/sepolicy
For centralized development of sepolices, file_contexts files for APEXes
are all moved to under /system/seplicy.

The meaning of the existing file_contexts has been changed; when it is
set to <value>, then /system/sepolicy/apex/<value>_file_contexts is
used. When unset, it defaults to the name of the module. The property is
not removed in order to support creating multiple versions of the same
apex (for testing purpose) built with same file_contexts file.

Bug: 119034475
Test: m apex.test com.android.tzdata com.android.runtime
Change-Id: I7d14a9e37baea9ab78d9e15e1164cce54d256f56
2018-11-13 10:59:40 +09:00
Jiyong Park
fa0a37365b Fail gracefully when apek_key is not found
When the private key file can not be obtained, e.g., due to missing git
project where the apex_key module is defined, fail gracefully with an
error message instead of panicing.

Bug: 119256776
Test: modify the key property in /systme/apex/Android.bp to
apex.test.key2 and run `ALLOW_MISSING_DEPENDENCIES=true m apex.test`
The build fails with

error: system/apex/Android.bp:32:8: module "apex.test" variant "android_common_apex.test": key: private_key for "apex.test.key2" could not be found

Change-Id: I2cd5fed0f046de1f0b380fbdac5f8b82816b0e24
2018-11-09 05:55:32 +09:00
Roland Levillain
2b11f74130 Fix ext4 image's root directory permissions of APEX packages.
The generateFsConfig rule used to not give execution
permissions (0111) to the root (`/`) directory of the ext4 image
stored in an APEX package. This change add these bits, turning the
permissions from 0644 (drw-r--r--) to 0755 (drwxr-xr-x).

Previously, not having the execution permissions on the ext4 image's
root directory meant that the contents of the top-level directory of
the mounted image could not be listed.

Test: `adb shell ls /apex/<apex-package>` works
Bug: 117580281
Bug: 112672359
Bug: 113373927
Change-Id: I96f859de6022e04c0b82ccdf1db683887643e588
2018-11-02 19:22:45 +00:00
Jiyong Park
c00cbd9e7b APEXs are signed with apk signer
The entire APEX (which is a zip file) is signed with the apk signer.
Certificate can be specified via the 'certificate' property just like
ordinary apps. Note: multiple additional certificates are not supported.

Bug: 115721587
Test: m apex.test
Test: jarsigner -verify -verbose -certs .../apex.test.apex shows the
certificate info

Change-Id: Ia4c898d3427779a3809fdc683b85d7661ca65137
2018-10-31 10:13:54 +09:00
Roland Levillain
54bdfda21c Use SDK prebuilt 'aapt2' in 'apexer' in source trees without "frameworks/base".
Test: system/apex/apexer/runtests.sh on a master source tree
Test: system/apex/apexer/runtests.sh on a master-art source tree
Bug: 113373927
Bug: 112458021
Change-Id: Ie23eab3f7e4961ebbe011b1fe25ce819f99767a2
2018-10-30 14:35:40 +00:00
Jiyong Park
397e55e0cf binaries and native_shared_libraires are multilib-aware props
The properties 'binaries' and 'native_shared_libraries' can be
multilib-aware, i.e, can be under multilib.type where type can be either
first, both, lib32, lib64, or prefer32.

Native modules listed in multilib.first are installed only for the first
ABI of the device. Similarily, multilib.both are for both of the ABIs,
while multilib.lib32 and multilib.lib64 are 32 and 64-bit ABI only,
respectively. multilib.prefer32 is for 32-bit only when 32-bit ABI is
available.

Another change is that the binaries property, when not within multilib,
targets only the first ABI.

Test: m apex.test on ...
1) aosp_arm64 without TARGET_PREFER_32_BIT_EXECUTABLES=true
2) aosp_arm64 with TARGET_PREFER_32_BIT_EXECUTABLES=true
3) aosp_arm
in all cases, vold, surfaceflinger and drmserver are all intalled under
./bin directory of the APEX. And native libraries are installed under
both ./lib and ./lib64 directories in the case of 1) and 2).

Change-Id: Idd7f8526a61bceca89d43c0c69ccedb471b67d31
2018-10-26 15:47:53 +09:00
Jiyong Park
678529ef29 arch-specific dependencies are correctly handled in apex
The change fixes the problem that multiple APEXs having native component
(shared lib or executable) can't be built with an error similar to this:

error: bionic/linker/Android.bp:298:1: failed to find variation "com.android.art" for module "libclang_rt.builtins-aarch64-android" needed by "ld-android"

This is happening because the dependency to the built-in library is
arch-specific but apex.go ignores it. Specifically, let's assume that
32-bit variant of libFoo depends on libX while 64-bit variant of libFoo
depends on libY. Also assume that libFoo is included in two APEXs: apex1
(which is 64-bit) and apex2 (which is 32-bit). Then apexDepsMutator
records that libFoo shall be split into apex1 and apex2, while libX will
be only split into apex1 and libY will be split into apex2.

The problem is that, during apexMutator, both 32 and 64-bit varants of
libFoo are split into apex1 and apex2. As a result, a dependency to
apex2 variant of libX and a dependency to apex1 variant of libY are
requested, which don't exist.

Fixing this issue by using module's name AND target string as the key.
So, only the 32-bit variant of libFoo is split into apex1 and 64-bit
variant of libFoo is split into apex2.

Test: have following module somewhere. `m` is successful.

  apex {
      name: "com.android.art",
      manifest: "manifest.json",
      file_contexts: "file_contexts",
      binaries: ["dex2oat"],
      key: "apex.test.key",

      target: {
          android: {
              // Prefer the 32-bit versions of these binaries.
              compile_multilib: "prefer32",
          },
      },
  }
Change-Id: I562b7be8e7c0325bd8d728dbee2ddcae608c181a
2018-10-25 00:02:18 +09:00
Jiyong Park
ff1458f670 APEX can be signed with different keys
A new module type 'apex_key' is defined to specify public and private
key pair for APEXs. An APEX can refer to the module via the property
'key'. When building the APEX, the private key from the key module is
used to sign it. In addition, the public key from the key module is
automatically installed to /system/etc/security/apex.

Bug: 115721587
Test: m apex.test; m
/apex/com.android.example.apex@1 exists

Change-Id: I82666db095bd7a09f6c1b9cbea2db57ebc076cbf
2018-10-16 09:53:11 +09:00
Jiyong Park
92905d6b4b Directories and executables files in an APEX have x bit set
Files under /bin and all directories in an APEX now have x (executable)
bit set correctly.

Bug: 117580281
Test: m apex.test, push it to /data/apex and reboot.
adb shell ls -al /apex/com.android.example.apex@1 shows that the
directories have x bit set

Change-Id: I76e4188d86dc9cdf65e9f8e52be1981e25441a6e
2018-10-11 14:24:32 +09:00
Jiyong Park
ab3ceb3855 Make APEX build rules consistent
Don't directly iterate over the copyManifest map to generate the copy
commands. Iterating over a map in golang isn't guaranteed to give
consistent order. This causes the apex build rules to be executed even
when there is no source file change.

Fix the issue by creating a sorted list of the key and then iterate over
the list.

Bug: 117453592
Test: m apex.test; m.apex.test   nothing is built during the second
build

Change-Id: I329a91ec0b6a34cbe745bf9a9ceb0843b63c200c
2018-10-11 14:24:32 +09:00
Jiyong Park
48ca7dc535 Add apex variants
Now, APEX-aware modules (the ones implementing android.ApexModule
interface) are created with multiple variants for each APEX that they
are included.

For example, if a module is included (either directly or indirectly -
via static linking) to two APEXs, the module is built separately for the
two APEXs (and of course separately for platform). This is a first step
to limit the symbol visibility to the modules built for APEXs; platform
private symbols and libs shouldn't be allowed for them.

In addition, the build system now tracks transitive dependencies of
the modules in APEXs. For example, if
native_shared_lib_modules:["libFoo"] then libFoo and its dependencies
are all automatically included to the APEX.

Bug: 112672359
Test: m apex.test; the built apex has additional libs (such as liblog,
libc++, ...) that are dependencies of the ones specified in Android.bp

Change-Id: Id9e3fc486dd4e7e36f8b6799dfb041868c5198d5
2018-10-11 14:24:18 +09:00