If android_filesystem module is used with use_avb, defined
security_patch for the rollback protection.
Bug: 285855436
Test: m
Test: avbtool info_image --image <IMAGE>
Change-Id: I32c6108bb1aca398ced5e46b615d937685e261a7
The motivation is to support vendor images for microdroid, like the real
vendor images having "/vendor" as their mount point. This will help add
vendor_file_contexts easily.
Bug: 306313100
Test: manually build an image with file_contexts
Change-Id: I2e4bbf108eaa1da4f310ebb4099c4d1b42096436
filesystem should have coverage variants with coverage-enabled build.
Otherwise, it would fail to collect dependencies.
Bug: 273238141
Test: m nothing (soong tests)
Test: compare the artifacts
$ SKIP_ABI_CHECKS=true SOONG_COLLECT_JAVA_DEPS=true EMMA_INSTRUMENT=true\
EMMA_INSTRUMENT_FRAMEWORK=true CLANG_COVERAGE=true\
NATIVE_COVERAGE_PATHS='*' m microdroid
$ m microdroid
Change-Id: I792458ace00a63b4b5213898fd3209351a6e00be
This is the reland of the change aosp/2375848. The build of initrd on
linux-x86 that has incorrect format (b/264940248) is disabled in this
cl.
Bug: 260821553
Test: m microdroid_kernel_signed and inspect the output using `avbtool
info_image --image <output>`
Change-Id: I3ad2419b7132cde4b2fc34ddfa09ec5ba2166819
Bug: 260821553
Test: m microdroid_kernel_signed and inspect the output using `avbtool
info_image --image <output>`
Change-Id: Iacdf34aca15f5480766b6d4f971704f85f6bf44b
As part of building Android images we run host_init_verifier to ensure
that .rc files are well-formed. Unfortunately that doesn't cover the
Microdroid image. This change addresses the divergence.
Ideally we should have a concept of pluggable linters that we can run on
the generated image. However, introducing such concept will take some
time, so while we are working on it directly integrate
host_init_verifier into the build system.
Bug: 263486078
Test: m microdroid
Test: add incorrect .rc file and run m microdroid, verify it fails
Change-Id: Id8c9311915e89a10ce3ff7b1f209ebc8cb42211f
Avb_hash_algorithm corresponds to --hash_algorithm of avbtool while
avb_algorithm corresponds to signing algorithm.
Bug: 262892300
Test: Builds
Change-Id: Ief4b0f0fd89ebf64b45b29962a3811698bc922d6
When avb_hash_algorithm is set, for filesystem type build targets,
add_hashtree_footer will be called with the appropriate --hash_algorithm
flag.
Bug: 262892300i
Test: Build succeeds
Change-Id: If2f9c9aa1e98314b3d3e2f8bf25c1bab193f908e
It is used to provide name:value properties to the footer. Value can be
from a text in *.bp file or a binary file referenced via the `file`
prop. e.g.
```
avb_add_hash_footer {
...
props: [
{
name: "string_prop",
value: "string_value",
},
{
name: "binary_prop",
file: "a_binary_file_name",
},
],
}
```
This CL also adds a test for the module type which has been missing.
Bug: 256148237
Test: m nothing
Change-Id: Idf55b308c8ce760387c01a847846b42d1aebe4ea
Adding salt to bootimg/filesystem so that avbtool can produce the same
output with same input.
Adding timestamp/uuid to filesystem so that resulting image can be
deterministic.
Bug: 229784558
Test: m com.android.virt
# remove intermediates and touch some sources
m com.android.virt
# compare two built artifacts
Change-Id: I4e4668fd0ac42a35bea5a33ec3ae8c362b6a6bd2
android_system_image filers packaging items installed outside "system"
partition.
Some packaging items install related items to different partitions but
putting them altogether to android_system_image doesn't make sense.
(android_system_image is suppposed to be "system" partition)
To be specific, this filters out "apex" partition items. "apex"
partition is used by APEX installation to install APEX contents to paths
similar to activated paths on device so that symbol lookup works well
with APEX contents.
Bug: 225121718
Test: atest MicrodroidHostTestCases
Test: debugfs <intermediate>/microdroid.img -R 'ls system'
shows no "com.android.runtime"
Change-Id: Ibc3d85ead2fda99e231132ce8ab9ccf1cc9317b7
This gives a PackageModule a chance to filter/customize the contents of
resulting package.
Bug: 225121718
Test: m (no changes)
Change-Id: I45505e8234dff42201dc40d4f038e7b08eea89f0
android_system_image module type is a specialization of the
android_filesystem module type. Currently, it adds a build rule for
creating linker.config.pb from the information about all the other files
in the filesystem and includes linker.config.pb to the filesystem as
well.
To do so, the filesystem module now provides a function pointer which
subtype modules like android_system_image can implement to pass extra
files that they want to package in the filesystem.
In addition, the linkerconfig package is revised to make it possible to
build linker.config.pb file outside of the package.
Bug: 185391776
Test: m microdroid and inspect etc/linker.config.pb in it.
Change-Id: Id89c40b519213062860d7306029b8413d8d36a2d
CopyDepsToZip() zips direct dependencies with tags implementing
PackagingItem interface.
Previously, it relied on InstallNeededDependencyTag which has a
different meaning.
- InstallNeededDependencyTag tells whether a dependency is required to
be installed together.
- PackagingItem tells whether a dependency (of PackagingBase) is
required to be packaged.
With the separation of InstallNeededDependencyTag and PackagingItem,
PackagingBase module can distinguish cases which were not available
before.(I = InstallNeededDependencyTag, P = PackagingItem)
a (PackagingBase module)
|
|`--(I)--> b
|
|`--(P)--> c --(I)--> d
|
`--(I/P)--> e
a's CopyDepsToZip(): [c, d, e]
Test: m nothing (packaging_test)
Change-Id: I71fce29b19b0f00dc394981bcf4240e9c1041c7a
The module type is to create vbmeta image out of other partitions.
Bug: 180676957
Test: m microdroid_vbmeta microdroid_vbmeta_system
Inspect the built image using `avbtool info_image --image <image>`
Change-Id: Iac92e9ab1640dcd488af69842e09850a91262bf1
Previously, bootimg signed the image using avbtool. This didn't work
because avbtool always requires that the partition size is given via
'--partition_size' parameter. The partition size is hard to estimate
especially when the image is not for a real physical partition, but for
a logical partition in a composite image.
With this change, the signing of bootimg is done by verity_utils.py
which internally uses avbtool. The python script is capable of
calculating the minimum required partition size when the partition size
is not given.
In addition, this change adds 'partition_name' property to the
`android_filesystem` module type so that we can customize the partition
name field in the vbmeta descriptor.
Bug: 180676957
Test: m microdroid-boot-5.10
Change-Id: I2e4aa626cf06a2177b4a8d90ff9b9006d2927ae4
Add a ctx parameter to AndroidMkExtraEntriesFunc to allow them to
access providers.
Test: m checkbuild
Change-Id: Id6becc1e425c3c3d8519248f8c0ce80777fac7cc
Merged-In: Id6becc1e425c3c3d8519248f8c0ce80777fac7cc
Dirs and symlinks will be created under the root of the filesystem.
Basic essential directories like "dev", "proc", "sys" and symlinks like
"bin -> /system/bin", "init -> /system/bin/init" can be created with
these properties.
Bug: 179652970
Test: boot with aosp_cf_x86_64_only_phone, see adb works
Change-Id: Ie06dc5a93635ea8b1e18be517ed8615b6c82fee6
Deps have been installed to "system/" because of hard-coded mount point
"system". Now they are installed to base_dir, and mount point is set to
root.
Bug: 179652970
Test: see contents of microdroid.img
Change-Id: Ie03b539a1688db7002bb178823b39017a83ce840
... to be able to reference the module in data property of test modules.
Bug: N/A
Test: m VirtualizationHostTestCases
Change-Id: I199f070e811011cea6189ef24c0b2d8a683f79d0
Filesystems like ext4 can store file contexts itself. This supports
passing file_contexts file to build_image.
Bug: 178993690
Test: boot and see selinux denials are gone
Change-Id: I97d4a981e4b9c89434ea2f1303173ae91cce94e3
The format is used to create ramdisk image. Building ramdisk image in
Soong is required to have vendor_boot.img in the virt APEX.
vendor_boot.img consists of ramdisk and dtb.
Bug: 178980227
Test: m
Change-Id: Ie4e90cef8407b6e4bdf7f03f93724cdc3cd45c20
We don't need to escape backslashes when generating the prop file. In
addition, the "-e" option doesn't seem to be supported in some build
environments.
Bug: 178443594
Test: watch presubmit tests
Change-Id: I167b25255a68b62a75b433f31c5e7c9d57f2579d
Use_avb and other avb_* properties allows us to sign an
android_filesystem module with avbtool.
Bug: 172415113
Test: m
Change-Id: Ifa1ed8ded1b10170aaca9b34e6a14f0179dbab5d
android_filesystem modules can be included in APEX via the new
`filesystems` property. The filesystem images are placed at
./etc/fs/<modulename>.img.
Bug: 172413888
Test: m nothing
Change-Id: I215ca7a32ff1988a0de4e1f71397684e189839ea
Enable the RuleBuilder and RuleBuilderCommand methods to access
the BuilderContext by passing it to NewRuleBuilder instead of
RuleBuilder.Build.
Test: genrule_test.go
Test: rule_builder_test.go
Test: m checkbuild
Change-Id: I63e6597e19167393876dc2259d6f521363b7dabc
Previously, the dep tag used by PackagingBase was fixed, which prevented
some of its clients (e.g. cvd-host-package) from opting in to
android.InstallAlwaysNeededDependencyTag. Now, PackagingBase.AddDeps
accepts the dependency tag to use.
Also, dependencies toward rust dylib, rlib, and proc_macro are
configured to return true on InstallDepNeeded. This is required to
install shared_lib dependencies of the rust modules when they are
depended on by a rust binary.
Exempt-From-Owner-Approval: a trivial change after +2 from the owner.
This has to land ASAP as many users are affected by acloud being
unavailable.
Bug: N/A
Test: m
Test: acloud create --local-instance --local-image
Change-Id: If22aee7c6f314fcb03b9d4fe6901a2557f1e899c
android_filesystem is a module type that can be used to create filesystem
images out of binaries built for Android. Its initial use will be for
creating an Android-like OS image to run on virtual machines, but the
use is not limited to it.
The module type currently lacks a lot of features like the support for
other filesystem types, and the ability to do something like signing the
image using avbtool, etc. Those will be added in follow-up CLs as we
have actual demands.
Bug: 172414391
Test: m
Change-Id: I4b779d4586e04d9a960688e73b711166708558ab
