Merge "Re-raise exceptions instead of sys.exit"
diff --git a/banchanHelp.sh b/banchanHelp.sh
new file mode 100755
index 0000000..af7294c
--- /dev/null
+++ b/banchanHelp.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# locate some directories
+cd "$(dirname $0)"
+SCRIPT_DIR="${PWD}"
+cd ../..
+TOP="${PWD}"
+
+message='usage: banchan <module> ... [arm|x86|arm64|x86_64] [eng|userdebug|user]
+
+banchan selects individual APEX modules to be built by the Android build system.
+Like "tapas", "banchan" does not request the building of images for a device but
+instead configures it for an unbundled build of the given modules, suitable for
+installing on any api-compatible device.
+
+The difference from "tapas" is that "banchan" sets the appropriate products etc
+for building APEX modules rather than apps (APKs).
+
+The module names should match apex{} modules in Android.bp files, typically
+starting with "com.android.".
+
+The usage of the other arguments matches that of the rest of the platform
+build system and can be found by running `m help`'
+
+echo "$message"
diff --git a/core/Makefile b/core/Makefile
index eb08355..f1e5947 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -211,9 +211,27 @@
$(hide) mv $@.tmp $@
# -----------------------------------------------------------------
+# declare recovery ramdisk files
+ifeq ($(BUILDING_RECOVERY_IMAGE),true)
+INTERNAL_RECOVERY_RAMDISK_FILES_TIMESTAMP := $(call intermediates-dir-for,PACKAGING,recovery)/ramdisk_files-timestamp
+endif
+
+# -----------------------------------------------------------------
# Declare vendor ramdisk fragments
INTERNAL_VENDOR_RAMDISK_FRAGMENTS :=
+ifeq (true,$(BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT))
+ ifneq (,$(filter recovery,$(BOARD_VENDOR_RAMDISK_FRAGMENTS)))
+ $(error BOARD_VENDOR_RAMDISK_FRAGMENTS must not contain "recovery" if \
+ BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT is set)
+ endif
+ INTERNAL_VENDOR_RAMDISK_FRAGMENTS += recovery
+ VENDOR_RAMDISK_FRAGMENT.recovery.STAGING_DIR := $(TARGET_RECOVERY_ROOT_OUT)
+ VENDOR_RAMDISK_FRAGMENT.recovery.FILES := $(INTERNAL_RECOVERY_RAMDISK_FILES_TIMESTAMP)
+ BOARD_VENDOR_RAMDISK_FRAGMENT.recovery.MKBOOTIMG_ARGS += --ramdisk_type RECOVERY
+ .KATI_READONLY := VENDOR_RAMDISK_FRAGMENT.recovery.STAGING_DIR
+endif
+
# Validation check and assign default --ramdisk_type.
$(foreach vendor_ramdisk_fragment,$(BOARD_VENDOR_RAMDISK_FRAGMENTS), \
$(if $(and $(BOARD_VENDOR_RAMDISK_FRAGMENT.$(vendor_ramdisk_fragment).KERNEL_MODULE_DIRS), \
@@ -1033,12 +1051,6 @@
my_installed_prebuilt_gki_apex :=
# -----------------------------------------------------------------
-# declare recovery ramdisk files
-ifeq ($(BUILDING_RECOVERY_IMAGE),true)
-INTERNAL_RECOVERY_RAMDISK_FILES_TIMESTAMP := $(call intermediates-dir-for,PACKAGING,recovery)/ramdisk_files-timestamp
-endif
-
-# -----------------------------------------------------------------
# vendor boot image
ifeq ($(BUILDING_VENDOR_BOOT_IMAGE),true)
@@ -1052,10 +1064,14 @@
INTERNAL_VENDOR_RAMDISK_TARGET := $(call intermediates-dir-for,PACKAGING,vendor_boot)/vendor_ramdisk.cpio$(RAMDISK_EXT)
+# Exclude recovery files in the default vendor ramdisk if including a standalone
+# recovery ramdisk in vendor_boot.
ifeq (true,$(BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT))
+ifneq (true,$(BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT))
$(INTERNAL_VENDOR_RAMDISK_TARGET): $(INTERNAL_RECOVERY_RAMDISK_FILES_TIMESTAMP)
$(INTERNAL_VENDOR_RAMDISK_TARGET): PRIVATE_ADDITIONAL_DIR := $(TARGET_RECOVERY_ROOT_OUT)
endif
+endif
$(INTERNAL_VENDOR_RAMDISK_TARGET): $(MKBOOTFS) $(INTERNAL_VENDOR_RAMDISK_FILES) | $(COMPRESSION_COMMAND_DEPS)
$(MKBOOTFS) -d $(TARGET_OUT) $(TARGET_VENDOR_RAMDISK_OUT) $(PRIVATE_ADDITIONAL_DIR) | $(COMPRESSION_COMMAND) > $@
@@ -2448,9 +2464,14 @@
$(INTERNAL_VENDOR_DEBUG_RAMDISK_TARGET): DEBUG_RAMDISK_FILES := $(INTERNAL_DEBUG_RAMDISK_FILES)
$(INTERNAL_VENDOR_DEBUG_RAMDISK_TARGET): VENDOR_RAMDISK_DIR := $(TARGET_VENDOR_RAMDISK_OUT)
+# Exclude recovery files in the default vendor ramdisk if including a standalone
+# recovery ramdisk in vendor_boot.
ifeq (true,$(BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT))
+ifneq (true,$(BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT))
+$(INTERNAL_VENDOR_DEBUG_RAMDISK_TARGET): $(INTERNAL_RECOVERY_RAMDISK_FILES_TIMESTAMP)
$(INTERNAL_VENDOR_DEBUG_RAMDISK_TARGET): PRIVATE_ADDITIONAL_DIR := $(TARGET_RECOVERY_ROOT_OUT)
endif
+endif
INTERNAL_VENDOR_DEBUG_RAMDISK_FILES := $(filter $(TARGET_VENDOR_DEBUG_RAMDISK_OUT)/%, \
$(ALL_GENERATED_SOURCES) \
@@ -4850,8 +4871,12 @@
ifneq (,$(INSTALLED_RECOVERYIMAGE_TARGET)$(filter true,$(BOARD_USES_RECOVERY_AS_BOOT))$(filter true,$(BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT)))
@# Components of the recovery image
$(hide) mkdir -p $(zip_root)/$(PRIVATE_RECOVERY_OUT)
+# Exclude recovery files in the default vendor ramdisk if including a standalone
+# recovery ramdisk in vendor_boot.
+ifneq (true,$(BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT))
$(hide) $(call package_files-copy-root, \
$(TARGET_RECOVERY_ROOT_OUT),$(zip_root)/$(PRIVATE_RECOVERY_OUT)/RAMDISK)
+endif
ifdef INSTALLED_KERNEL_TARGET
ifneq (,$(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)))
cp $(INSTALLED_KERNEL_TARGET) $(zip_root)/$(PRIVATE_RECOVERY_OUT)/
diff --git a/core/app_prebuilt_internal.mk b/core/app_prebuilt_internal.mk
index 6335728..86a4adf 100644
--- a/core/app_prebuilt_internal.mk
+++ b/core/app_prebuilt_internal.mk
@@ -209,7 +209,7 @@
ifeq ($(module_run_appcompat),true)
$(built_module) : $(AAPT2)
endif
-$(built_module) : $(my_prebuilt_src_file) | $(ZIPALIGN) $(ZIP2ZIP) $(SIGNAPK_JAR)
+$(built_module) : $(my_prebuilt_src_file) | $(ZIPALIGN) $(ZIP2ZIP) $(SIGNAPK_JAR) $(SIGNAPK_JNI_LIBRARY_PATH)
$(transform-prebuilt-to-target)
$(uncompress-prebuilt-embedded-jni-libs)
$(remove-unwanted-prebuilt-embedded-jni-libs)
diff --git a/core/board_config.mk b/core/board_config.mk
index 9ae597e..be37292 100644
--- a/core/board_config.mk
+++ b/core/board_config.mk
@@ -108,6 +108,8 @@
# contains a kernel or not.
# - BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT controls whether ramdisk
# recovery resources are built to vendor_boot.
+# - BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT controls whether recovery
+# resources are built as a standalone recovery ramdisk in vendor_boot.
# - BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT controls whether GSI AVB keys are
# built to vendor_boot.
# - BOARD_COPY_BOOT_IMAGE_TO_TARGET_FILES controls whether boot images in $OUT are added
@@ -115,6 +117,7 @@
_board_strip_readonly_list += BOARD_USES_GENERIC_KERNEL_IMAGE
_board_strip_readonly_list += BOARD_EXCLUDE_KERNEL_FROM_RECOVERY_IMAGE
_board_strip_readonly_list += BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT
+_board_strip_readonly_list += BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT
_board_strip_readonly_list += BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT
_board_strip_readonly_list += BOARD_COPY_BOOT_IMAGE_TO_TARGET_FILES
@@ -835,6 +838,10 @@
$(error Should not set BOARD_VENDOR_RAMDISK_FRAGMENTS if \
BOARD_BOOT_HEADER_VERSION is less than 4)
endif
+ ifeq (true,$(BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT))
+ $(error Should not set BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT if \
+ BOARD_BOOT_HEADER_VERSION is less than 4)
+ endif
endif
endif # BUILDING_VENDOR_BOOT_IMAGE
@@ -842,6 +849,13 @@
$(error BOARD_VENDOR_RAMDISK_FRAGMENTS has duplicate entries: $(BOARD_VENDOR_RAMDISK_FRAGMENTS))
endif
+ifeq (true,$(BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT))
+ ifneq (true,$(BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT))
+ $(error Should not set BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT if \
+ BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT is not set)
+ endif
+endif
+
# If BOARD_USES_GENERIC_KERNEL_IMAGE is set, BOARD_USES_RECOVERY_AS_BOOT must not be set.
# Devices without a dedicated recovery partition uses BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT to
# build recovery into vendor_boot.
diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index 4a94e93..f9042c2 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -120,10 +120,15 @@
ifneq ($(filter arm64,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
combined_include_paths := $(CFI_INCLUDE_PATHS) \
$(PRODUCT_CFI_INCLUDE_PATHS)
+ combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
+ $(PRODUCT_CFI_EXCLUDE_PATHS)
ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
$(filter $(dir)%,$(LOCAL_PATH)))),)
- my_sanitize := cfi $(my_sanitize)
+ ifeq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
+ $(filter $(dir)%,$(LOCAL_PATH)))),)
+ my_sanitize := cfi $(my_sanitize)
+ endif
endif
endif
endif
@@ -135,14 +140,19 @@
$(PRODUCT_MEMTAG_HEAP_SYNC_INCLUDE_PATHS)
combined_async_include_paths := $(MEMTAG_HEAP_ASYNC_INCLUDE_PATHS) \
$(PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS)
+ combined_exclude_paths := $(MEMTAG_HEAP_EXCLUDE_PATHS) \
+ $(PRODUCT_MEMTAG_HEAP_EXCLUDE_PATHS)
- ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_sync_include_paths)),\
- $(filter $(dir)%,$(LOCAL_PATH)))),)
- my_sanitize := memtag_heap $(my_sanitize)
- my_sanitize_diag := memtag_heap $(my_sanitize_diag)
- else ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_async_include_paths)),\
- $(filter $(dir)%,$(LOCAL_PATH)))),)
- my_sanitize := memtag_heap $(my_sanitize)
+ ifeq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_exclude_paths)),\
+ $(filter $(dir)%,$(LOCAL_PATH)))),)
+ ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_sync_include_paths)),\
+ $(filter $(dir)%,$(LOCAL_PATH)))),)
+ my_sanitize := memtag_heap $(my_sanitize)
+ my_sanitize_diag := memtag_heap $(my_sanitize_diag)
+ else ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_async_include_paths)),\
+ $(filter $(dir)%,$(LOCAL_PATH)))),)
+ my_sanitize := memtag_heap $(my_sanitize)
+ endif
endif
endif
endif
diff --git a/core/definitions.mk b/core/definitions.mk
index b15ce84..2951c05 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -2765,7 +2765,7 @@
define _symlink-file
$(3): $(1)
@echo "Symlink: $$@ -> $(2)"
- @mkdir -p $(dir $$@)
+ @mkdir -p $$(dir $$@)
@rm -rf $$@
$(hide) ln -sf $(2) $$@
$(3): .KATI_SYMLINK_OUTPUTS := $(3)
diff --git a/core/dex_preopt_config.mk b/core/dex_preopt_config.mk
index 2762b44..51238a3 100644
--- a/core/dex_preopt_config.mk
+++ b/core/dex_preopt_config.mk
@@ -105,7 +105,7 @@
$(call add_json_str, ProfileDir, $(PRODUCT_DEX_PREOPT_PROFILE_DIR))
$(call add_json_list, BootJars, $(PRODUCT_BOOT_JARS))
$(call add_json_list, UpdatableBootJars, $(PRODUCT_UPDATABLE_BOOT_JARS))
- $(call add_json_list, ArtApexJars, $(ART_APEX_JARS))
+ $(call add_json_list, ArtApexJars, $(filter $(PRODUCT_BOOT_JARS),$(ART_APEX_JARS)))
$(call add_json_list, SystemServerJars, $(PRODUCT_SYSTEM_SERVER_JARS))
$(call add_json_list, SystemServerApps, $(PRODUCT_SYSTEM_SERVER_APPS))
$(call add_json_list, UpdatableSystemServerJars, $(PRODUCT_UPDATABLE_SYSTEM_SERVER_JARS))
diff --git a/core/dex_preopt_odex_install.mk b/core/dex_preopt_odex_install.mk
index 6b05d0d..c6cc60d 100644
--- a/core/dex_preopt_odex_install.mk
+++ b/core/dex_preopt_odex_install.mk
@@ -31,9 +31,8 @@
LOCAL_DEX_PREOPT :=
endif
-# Disable <uses-library> checks and preopt for tests.
+# Disable preopt for tests.
ifneq (,$(filter $(LOCAL_MODULE_TAGS),tests))
- LOCAL_ENFORCE_USES_LIBRARIES := false
LOCAL_DEX_PREOPT :=
endif
@@ -52,25 +51,12 @@
LOCAL_DEX_PREOPT :=
endif
-# Disable <uses-library> checks if dexpreopt is globally disabled.
-# Without dexpreopt the check is not necessary, and although it is good to have,
-# it is difficult to maintain on non-linux build platforms where dexpreopt is
-# generally disabled (the check may fail due to various unrelated reasons, such
-# as a failure to get manifest from an APK).
-ifneq (true,$(WITH_DEXPREOPT))
- LOCAL_ENFORCE_USES_LIBRARIES := false
-endif
-ifeq (true,$(WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY))
- LOCAL_ENFORCE_USES_LIBRARIES := false
-endif
-
ifdef LOCAL_UNINSTALLABLE_MODULE
LOCAL_DEX_PREOPT :=
endif
-# Disable <uses-library> checks and preopt if the app contains no java code.
+# Disable preopt if the app contains no java code.
ifeq (,$(strip $(built_dex)$(my_prebuilt_src_file)$(LOCAL_SOONG_DEX_JAR)))
- LOCAL_ENFORCE_USES_LIBRARIES := false
LOCAL_DEX_PREOPT :=
endif
@@ -219,6 +205,27 @@
endif
endif
+# Disable the check for tests.
+ifneq (,$(filter $(LOCAL_MODULE_TAGS),tests))
+ LOCAL_ENFORCE_USES_LIBRARIES := false
+endif
+
+# Disable the check if the app contains no java code.
+ifeq (,$(strip $(built_dex)$(my_prebuilt_src_file)$(LOCAL_SOONG_DEX_JAR)))
+ LOCAL_ENFORCE_USES_LIBRARIES := false
+endif
+
+# Disable <uses-library> checks if dexpreopt is globally disabled.
+# Without dexpreopt the check is not necessary, and although it is good to have,
+# it is difficult to maintain on non-linux build platforms where dexpreopt is
+# generally disabled (the check may fail due to various unrelated reasons, such
+# as a failure to get manifest from an APK).
+ifneq (true,$(WITH_DEXPREOPT))
+ LOCAL_ENFORCE_USES_LIBRARIES := false
+else ifeq (true,$(WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY))
+ LOCAL_ENFORCE_USES_LIBRARIES := false
+endif
+
# Verify LOCAL_USES_LIBRARIES/LOCAL_OPTIONAL_USES_LIBRARIES
# If LOCAL_ENFORCE_USES_LIBRARIES is not set, default to true if either of LOCAL_USES_LIBRARIES or
# LOCAL_OPTIONAL_USES_LIBRARIES are specified.
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 17176df..ec67560 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -240,7 +240,7 @@
$(call add_json_bool, InstallExtraFlattenedApexes, $(PRODUCT_INSTALL_EXTRA_FLATTENED_APEXES))
-$(call add_json_bool, CompressedApex, $(PRODUCT_COMPRESSED_APEX))
+$(call add_json_bool, CompressedApex, $(filter true,$(PRODUCT_COMPRESSED_APEX)))
$(call add_json_bool, BoardUsesRecoveryAsBoot, $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)))
diff --git a/core/soong_rust_prebuilt.mk b/core/soong_rust_prebuilt.mk
index 4cfb01f..c382f6a 100644
--- a/core/soong_rust_prebuilt.mk
+++ b/core/soong_rust_prebuilt.mk
@@ -40,17 +40,58 @@
include $(BUILD_SYSTEM)/base_rules.mk
#######################################
+ifneq ($(filter STATIC_LIBRARIES SHARED_LIBRARIES RLIB_LIBRARIES DYLIB_LIBRARIES,$(LOCAL_MODULE_CLASS)),)
+ # Soong module is a static or shared library
+ EXPORTS_LIST += $(intermediates)
+ EXPORTS.$(intermediates).FLAGS := $(LOCAL_EXPORT_CFLAGS)
+ EXPORTS.$(intermediates).DEPS := $(LOCAL_EXPORT_C_INCLUDE_DEPS)
+
+ SOONG_ALREADY_CONV += $(LOCAL_MODULE)
+
+ my_link_type := $(LOCAL_SOONG_LINK_TYPE)
+ my_warn_types :=
+ my_allowed_types :=
+ my_link_deps :=
+ my_2nd_arch_prefix := $(LOCAL_2ND_ARCH_VAR_PREFIX)
+ my_common :=
+ include $(BUILD_SYSTEM)/link_type.mk
+endif
+
+
+ifdef LOCAL_USE_VNDK
+ ifneq ($(LOCAL_VNDK_DEPEND_ON_CORE_VARIANT),true)
+ name_without_suffix := $(patsubst %.vendor,%,$(LOCAL_MODULE))
+ ifneq ($(name_without_suffix),$(LOCAL_MODULE))
+ SPLIT_VENDOR.$(LOCAL_MODULE_CLASS).$(name_without_suffix) := 1
+ else
+ name_without_suffix := $(patsubst %.product,%,$(LOCAL_MODULE))
+ ifneq ($(name_without_suffix),$(LOCAL_MODULE))
+ SPLIT_PRODUCT.$(LOCAL_MODULE_CLASS).$(name_without_suffix) := 1
+ endif
+ endif
+ name_without_suffix :=
+ endif
+endif
+
# The real dependency will be added after all Android.mks are loaded and the install paths
# of the shared libraries are determined.
ifdef LOCAL_INSTALLED_MODULE
ifdef LOCAL_SHARED_LIBRARIES
my_shared_libraries := $(LOCAL_SHARED_LIBRARIES)
+ ifdef LOCAL_USE_VNDK
+ my_shared_libraries := $(foreach l,$(my_shared_libraries),\
+ $(if $(SPLIT_VENDOR.SHARED_LIBRARIES.$(l)),$(l).vendor,$(l)))
+ endif
$(LOCAL_2ND_ARCH_VAR_PREFIX)$(my_prefix)DEPENDENCIES_ON_SHARED_LIBRARIES += \
$(my_register_name):$(LOCAL_INSTALLED_MODULE):$(subst $(space),$(comma),$(my_shared_libraries))
endif
ifdef LOCAL_DYLIB_LIBRARIES
my_dylibs := $(LOCAL_DYLIB_LIBRARIES)
# Treat these as shared library dependencies for installation purposes.
+ ifdef LOCAL_USE_VNDK
+ my_dylibs := $(foreach l,$(my_dylibs),\
+ $(if $(SPLIT_VENDOR.SHARED_LIBRARIES.$(l)),$(l).vendor,$(l)))
+ endif
$(LOCAL_2ND_ARCH_VAR_PREFIX)$(my_prefix)DEPENDENCIES_ON_SHARED_LIBRARIES += \
$(my_register_name):$(LOCAL_INSTALLED_MODULE):$(subst $(space),$(comma),$(my_dylibs))
endif
diff --git a/envsetup.sh b/envsetup.sh
index 344a01a..f4e5f4e 100644
--- a/envsetup.sh
+++ b/envsetup.sh
@@ -9,6 +9,9 @@
build, and stores those selections in the environment to be read by subsequent
invocations of 'm' etc.
- tapas: tapas [<App1> <App2> ...] [arm|x86|arm64|x86_64] [eng|userdebug|user]
+ Sets up the build environment for building unbundled apps (APKs).
+- banchan: banchan <module1> [<module2> ...] [arm|x86|arm64|x86_64] [eng|userdebug|user]
+ Sets up the build environment for building unbundled modules (APEXes).
- croot: Changes directory to the top of the tree, or a subdirectory thereof.
- m: Makes from the top of the tree.
- mm: Builds and installs all of the modules in the current directory, and their
@@ -791,6 +794,58 @@
destroy_build_var_cache
}
+# Configures the build to build unbundled Android modules (APEXes).
+# Run banchan with one or more module names (from apex{} modules).
+function banchan()
+{
+ local showHelp="$(echo $* | xargs -n 1 echo | \grep -E '^(help)$' | xargs)"
+ local arch="$(echo $* | xargs -n 1 echo | \grep -E '^(arm|x86|arm64|x86_64)$' | xargs)"
+ local variant="$(echo $* | xargs -n 1 echo | \grep -E '^(user|userdebug|eng)$' | xargs)"
+ local apps="$(echo $* | xargs -n 1 echo | \grep -E -v '^(user|userdebug|eng|arm|x86|arm64|x86_64)$' | xargs)"
+
+ if [ "$showHelp" != "" ]; then
+ $(gettop)/build/make/banchanHelp.sh
+ return
+ fi
+
+ if [ $(echo $arch | wc -w) -gt 1 ]; then
+ echo "banchan: Error: Multiple build archs supplied: $arch"
+ return
+ fi
+ if [ $(echo $variant | wc -w) -gt 1 ]; then
+ echo "banchan: Error: Multiple build variants supplied: $variant"
+ return
+ fi
+ if [ -z "$apps" ]; then
+ echo "banchan: Error: No modules supplied"
+ return
+ fi
+
+ local product=module_arm
+ case $arch in
+ x86) product=module_x86;;
+ arm64) product=module_arm64;;
+ x86_64) product=module_x86_64;;
+ esac
+ if [ -z "$variant" ]; then
+ variant=eng
+ fi
+
+ export TARGET_PRODUCT=$product
+ export TARGET_BUILD_VARIANT=$variant
+ export TARGET_BUILD_DENSITY=alldpi
+ export TARGET_BUILD_TYPE=release
+
+ # This setup currently uses TARGET_BUILD_APPS just like tapas, but the use
+ # case is different and it may diverge in the future.
+ export TARGET_BUILD_APPS=$apps
+
+ build_build_var_cache
+ set_stuff_for_environment
+ printconfig
+ destroy_build_var_cache
+}
+
function gettop
{
local TOPFILE=build/make/core/envsetup.mk
diff --git a/target/board/BoardConfigEmuCommon.mk b/target/board/BoardConfigEmuCommon.mk
index 342abd7..845225d 100644
--- a/target/board/BoardConfigEmuCommon.mk
+++ b/target/board/BoardConfigEmuCommon.mk
@@ -74,7 +74,7 @@
#vendor boot
BOARD_INCLUDE_DTB_IN_BOOTIMG := false
-BOARD_BOOT_HEADER_VERSION := 3
+BOARD_BOOT_HEADER_VERSION := 4
BOARD_MKBOOTIMG_ARGS += --header_version $(BOARD_BOOT_HEADER_VERSION)
BOARD_VENDOR_BOOTIMAGE_PARTITION_SIZE := 0x06000000
BOARD_RAMDISK_USE_LZ4 := true
diff --git a/target/board/emulator_arm64/BoardConfig.mk b/target/board/emulator_arm64/BoardConfig.mk
index 9293625..963e558 100644
--- a/target/board/emulator_arm64/BoardConfig.mk
+++ b/target/board/emulator_arm64/BoardConfig.mk
@@ -57,9 +57,6 @@
BOARD_BOOTIMAGE_PARTITION_SIZE := 0x02000000
BOARD_USERDATAIMAGE_PARTITION_SIZE := 576716800
-BOARD_BOOT_HEADER_VERSION := 3
-BOARD_MKBOOTIMG_ARGS += --header_version $(BOARD_BOOT_HEADER_VERSION)
-
# Wifi.
BOARD_WLAN_DEVICE := emulator
BOARD_HOSTAPD_DRIVER := NL80211
diff --git a/target/board/generic_arm64/BoardConfig.mk b/target/board/generic_arm64/BoardConfig.mk
index 30c033d..15c311c 100644
--- a/target/board/generic_arm64/BoardConfig.mk
+++ b/target/board/generic_arm64/BoardConfig.mk
@@ -74,9 +74,13 @@
BOARD_USERDATAIMAGE_PARTITION_SIZE := 576716800
BOARD_RAMDISK_USE_LZ4 := true
-BOARD_BOOT_HEADER_VERSION := 3
+BOARD_BOOT_HEADER_VERSION := 4
BOARD_MKBOOTIMG_ARGS += --header_version $(BOARD_BOOT_HEADER_VERSION)
+# Enable GKI 2.0 signing.
+BOARD_GKI_SIGNING_KEY_PATH := build/make/target/product/gsi/testkey_rsa2048.pem
+BOARD_GKI_SIGNING_ALGORITHM := SHA256_RSA2048
+
BOARD_KERNEL_BINARIES := \
kernel-4.19-gz \
kernel-5.4 kernel-5.4-gz kernel-5.4-lz4 \
diff --git a/target/product/gsi/testkey_rsa2048.pem b/target/product/gsi/testkey_rsa2048.pem
new file mode 100644
index 0000000..64de31c
--- /dev/null
+++ b/target/product/gsi/testkey_rsa2048.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA3fDgwU4JKVRHhAfofi/g8daTNplB2mTJCX9fIMy9FnZDXNij
+1zijRQ8HKbt3bAGImQvb3GxSV4M5eIdiLDUF7RsUpE7K+s939i/AaTtcuyqimQbJ
+QjP9emTsgngHzuKWMg1mwlRZYDfdv62zIQmZcbM9a0CZE36hAYvEBiDB8qT4ob++
+godGAx3rpF2Wi7mhIYDINvkCw8/16Qi9CZgvOUrEolt3mz8Sps41z9j7YAsPbAa8
+fg7dUu61s6NkZEykl4G67loOaf7h+SyP//LpFZ0gV+STZ+EMGofL0SXb8A+hdIYE
+QxsnKUYo8e+GaQg92FLxVZqcfyG3AZuMB04R1QIDAQABAoIBAQDGj3/1UaSepjlJ
+ZW3an2lH1Cpm2ZxyEGNQLPVluead1vaTdXq3zYM9AKHu8zp3lbOpAVQVk4/jnZJo
+Q+9QD6waonTIP3oYBE+WIMirHSHsjctkzw52PV9VBkAWxd5ueIfZheXejGpdy/2H
+RJcTQqxWbf7QGr4ZE9xmLq4UsW/zbXwy8qGEp9eMQIIaWBua43FkqmWYLSnVFVJI
+Gl8mfVJctLNSZHhS3tKiV8up6NxZlDjO8o7kYVFCkv0xJ9yzQNBc3P2MEmvfZ06D
+QnimHBqSxr0M9X6hqP43CnqtCbpsHS8A12Dm4l6fkXfkrAY0UNrEaCSDb8aN7TEc
+7bc1MB4NAoGBAPK7xSuvQE9CH05Iy+G6mEQTtNmpfcQosqhi6dF60h4bqlkeGzUu
+gF/PKHwwffHAxQSv4V831P3A/IoJFa9IFkg218mYPNfzpj4vJA4aNCDp+SYZAIYm
+h6hMOmuByI97wds2yCBGt4mP0eow5B3A1b3UQeqW6LVSuobZ22QVlSk/AoGBAOoS
+L82yda9hUa7vuXtqTraf9EGjSXhyjoPqWxa+a1ooI9l24f7mokS5Iof+a/SLfPUj
+pwj8eOeOZksjAaWJIdrRb3TaYLaqhDkWQeV5N5XxYbn3+TvVJQyR+OSBfGoEpVP/
+IS6fusvpT3eULJDax10By+gDcoLT5M1FNs4rBIvrAoGBAM8yJP5DHDwLjzl9vjsy
+0iLaR3e8zBQTQV2nATvFAXKd3u0vW74rsX0XEdHgesFP8V0s3M4wlGj+wRL66j2y
+5QJDfjMg9l7IJlHSX46CI5ks33X7xYy9evLYDs4R/Kct1q5OtsmGU8jisSadETus
+jUb61kFvC7krovjVIgbuvWJ1AoGAVikzp4gVgeVU6AwePqu3JcpjYvX0SX4Br9VI
+imq1oY49BAOa1PWYratoZp7kpjPiX2osRkaJStNEHExagtCjwaRuXpk0GIlT+p+S
+yiGAsJUV4BrDh57B8IqbD6IKZgwnv2+ei0cIv562PdIxRXEDCd1rbZA3SqktA9KC
+hgmXttkCgYBPU1lqRpwoHP9lpOBTDa6/Xi6WaDEWrG/tUF/wMlvrZ4hEVMDJRs1d
+9JCXBxL/O4TMvpmyVKBZW15iZOcLM3EpiZ00UD+ChcAaFstup+oYKrs8gL9hgyTd
+cvWMxGQm13KwSj2CLzEQpPAN5xG14njXaee5ksshxkzBz9z3MVWiiw==
+-----END RSA PRIVATE KEY-----
diff --git a/target/product/security/Android.bp b/target/product/security/Android.bp
index 98698c5..99f7742 100644
--- a/target/product/security/Android.bp
+++ b/target/product/security/Android.bp
@@ -13,7 +13,16 @@
certificate: "testkey",
}
-// Google-owned certificate for CTS testing, since we can't trust arbitrary keys on release devices.
+// Certificate for CTS tests that rely on UICC hardware conforming to the
+// updated CTS UICC card specification introduced in 2021. See
+// //cts/tests/tests/carrierapi/Android.bp for more details.
+android_app_certificate {
+ name: "cts-uicc-2021-testkey",
+ certificate: "cts_uicc_2021",
+}
+
+// Google-owned certificate for CTS testing, since we can't trust arbitrary keys
+// on release devices.
prebuilt_etc {
name: "fsverity-release-cert-der",
src: "fsverity-release.x509.der",
diff --git a/target/product/security/README b/target/product/security/README
index 6e75e4d..2b161bb 100644
--- a/target/product/security/README
+++ b/target/product/security/README
@@ -11,10 +11,11 @@
The following commands were used to generate the test key pairs:
- development/tools/make_key testkey '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
- development/tools/make_key platform '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
- development/tools/make_key shared '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
- development/tools/make_key media '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
+ development/tools/make_key testkey '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
+ development/tools/make_key platform '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
+ development/tools/make_key shared '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
+ development/tools/make_key media '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
+ development/tools/make_key cts_uicc_2021 '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
signing using the openssl commandline (for boot/system images)
--------------------------------------------------------------
diff --git a/target/product/security/cts_uicc_2021.pk8 b/target/product/security/cts_uicc_2021.pk8
new file mode 100644
index 0000000..3b2a7fa
--- /dev/null
+++ b/target/product/security/cts_uicc_2021.pk8
Binary files differ
diff --git a/target/product/security/cts_uicc_2021.x509.pem b/target/product/security/cts_uicc_2021.x509.pem
new file mode 100644
index 0000000..744afea
--- /dev/null
+++ b/target/product/security/cts_uicc_2021.x509.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECzCCAvOgAwIBAgIUHYLIIL60vWPD6aOBwZUcdbsae+cwDQYJKoZIhvcNAQEL
+BQAwgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
+DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYDVQQLDAdBbmRy
+b2lkMRAwDgYDVQQDDAdBbmRyb2lkMSIwIAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFu
+ZHJvaWQuY29tMB4XDTIxMDEyNjAwMjAyMVoXDTQ4MDYxMzAwMjAyMVowgZQxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFp
+biBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYDVQQLDAdBbmRyb2lkMRAwDgYD
+VQQDDAdBbmRyb2lkMSIwIAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFuZHJvaWQuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOMSHqBu0ihUDfFgwMfO
+pJtpyxHe0KKfHRndUQcYU/1v6/auy2YqkgKv+AraoukuU3gJeOiWoaqaWFNcm6md
+WfGRNT4oABhhNS43n5PI4NlLjI4yeUJJppZn5LPpc/8vZ0P8ZFE9CJmtckCh+hES
+BzqnxkCnq1PoxlcF3S/f8lOtd6ymaMDf3sYcePaoU8yTWFksl7EWRVwhBUIf7/r8
+epbNiV14/aH2cQfHVfpf54TIdk7s0/ehVA70A5gQp7Utn6mY2zEJlMrTKWRqA/a5
+oYiob3y+v2JWNcljHY6twwDOGwW7G0NWJVtaWj76Z3o9RpIhAglivhOrHTflIU3+
+2QIDAQABo1MwUTAdBgNVHQ4EFgQUZJ1oGb33n/OY+Mm8ykci4I6c9OcwHwYDVR0j
+BBgwFoAUZJ1oGb33n/OY+Mm8ykci4I6c9OcwDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAQEASajvU0KCN2kfATPV95LQVE3N/URPi/lX9MfQptE54E+R
+6dHwHQIwU/fBFapAHfGgrpwUZftJO+Bad2iu5s1IhTJ0Q5v0yHdvWfo4EzVeMzPV
++/DWU786pPEomFkb9ZKhgVkFNPcbXlkUm/9HxRHPRTm8x+BE/75PKI+kh+pDmM+P
+5v4W0qDKPgFzIY/D4F++gVyPZ3O+/GhunjsJozO+dvN+50FH6o/kBHm2+QqQNYPW
+f232F3CYtH4uWI0TkbwmSvVGW8iOqh330Cef5zqwSdOkzybUirXFsHUu1Zad1aLT
+t0mu6RgNEmX8efOQCcz2Z/on8lkIAxCBwLX7wkH5JA==
+-----END CERTIFICATE-----
diff --git a/target/product/updatable_apex.mk b/target/product/updatable_apex.mk
index c8dc8b0..d606e00 100644
--- a/target/product/updatable_apex.mk
+++ b/target/product/updatable_apex.mk
@@ -22,4 +22,9 @@
PRODUCT_PACKAGES += com.android.apex.cts.shim.v1_prebuilt
PRODUCT_VENDOR_PROPERTIES := ro.apex.updatable=true
TARGET_FLATTEN_APEX := false
+ # Use compressed apexes in pre-installed partitions.
+ # Note: this doesn't mean that all pre-installed apexes will be compressed.
+ # Whether an apex is compressed or not is controlled at apex Soong module
+ # via compresible property.
+ PRODUCT_COMPRESSED_APEX := true
endif
diff --git a/tools/build-license-metadata.sh b/tools/build-license-metadata.sh
index 3bad358..a138dbe 100755
--- a/tools/build-license-metadata.sh
+++ b/tools/build-license-metadata.sh
@@ -201,6 +201,7 @@
for d in ${depfiles}; do
if cat "${d}" | egrep -q 'effective_condition\s*:.*restricted' ; then
lconditions="${lconditions}${lconditions:+ }restricted"
+ break
fi
done
;;
