Google Git
Sign in
android / platform / docs / source.android.com / e55b3193405187e091a4ac7730ef04360ec04504 / . / en / devices / bootloader / product-partitions.html
blob: 55f7df4513a5345104890b9a10bf3f8924cdb277 [file] [log] [blame]
<html devsite>
<head>
<title>Building Product Partitions</title>
<meta name="project_path" value="/_project.yaml">
<meta name="book_path" value="/_book.yaml">
</head>
{% include "_versions.html" %}
<body>
<!--
Copyright 2018 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<p>
Android {{ androidPVersionNumber }}​ includes support for building
<code>/product</code> partitions using the Android build system. Previously,
Android 8.x enforced the separation of System-on-Chip (SoC)-specific
components from the <code>/system</code> partition to the <code>/vendor</code>
partition without dedicating space for OEM-specific components built from
Android build system.
</p>
<h2 id="product-partitions">About product partitions</h2>
<p>
Many OEMs customize the AOSP system image to implement their own features
and requirements from carriers. However, such customizations make it
impossible to use a single system image for multiple software SKUs as each
image must be different to support a different locale, carrier, etc. Using a
separate <code>/product</code> partition to contain customizations makes it
possible to use a single system image for multiple software SKUs (the
<code>/system</code> partition hosts generic code that can be shared among
many software SKUs). The <code>/vendor</code> partition continues to host
SoC-specific Board-Specific (BSP) code that can be shared among multiple
devices based on the given SoC.
</p>
<p>
Using separate partitions has some disadvantages, such as difficulties in
managing disk space (a limited amount of space should be reserved for future
growth) and in <a href="/devices/architecture/vndk/abi-stability">maintaining
stable Application Binary Interface (ABI)</a> between partitions. Before
deciding to use <code>/product</code> partitions, take time to consider your
unique AOSP implementation and possible mitigation tactics (such as
repartitioning a device during an <a href="/devices/tech/ota/">Over-the-Air
(OTA) update</a>, which is not done by Google but is done by some OEMs).
</p>
<h3 id="legacy-oem">Legacy /oem vs /product</h3>
<p>
The new <code>/product</code> partition is incompatible with the legacy
<code>/oem</code> partition:
</p>
<table>
<tr>
<th>Partition</th>
<th>Attributes</th>
</tr>
<tr>
<td><code>/oem</code></td>
<td>
<ul>
<li>Not updateable; usually flashed once at factory.</li>
<li>Built per small variations such as branding and color. Different
<code>/oem</code> partition contents do not make them different product
software.</li>
<li>System partition does not depend on <code>/oem</code> (it uses the
partition only when a specific file is found there).</li>
<li>Does not use API on system other than public API.</li>
</ul>
</td>
</tr>
<tr>
<td><code>/product</code></td>
<td>
<ul>
<li>Updateable</li>
<li>Coupled with the system image (they update together)</li>
<li>Built per product or product families.</li>
<li>System partition can depend on <code>/product</code> partition.</li>
<li>Can use non-public APIs since they are updated simultaneously.</li>
</ul>
</td>
</tr>
</table>
<p>
For these reasons, Android {{ androidPVersionNumber }} supports the new
<code>/product</code> partition and also retains support for the legacy
<code>/oem</code> partition for devices that depend on it.
</p>
<h3 id="product-components">/product components</h3>
<p>
The <code>/product</code> partition contains the following components:
</p>
<ul>
<li>Product-specific system properties (<code>/product/build.prop</code>)</li>
<li>Product-specific RROs (<code>/product/overlay/*.apk</code>)</li>
<li>Product-specific apps (<code>/product/app/*.apk</code>)</li>
<li>Product-specific priv-apps (<code>/product/priv-app/*.apk</code>)</li>
<li>Product-specific libraries (<code>/product/lib/*</code>)</li>
<li>Product-specific java libraries (<code>/product/framework/*.jar</code>)
</li>
<li>Product-specific Android Framework system configs
(<code>/product/etc/sysconfig/*</code> and
<code>/product/etc/permissions/*</code>)</li>
<li>Product-specific media files (<code>/product/media/audio/*</code>)</li>
<li>Product-specific <code>bootanimation</code> files</li>
</ul>
<h3 id="custom-images">No custom_images</h3>
<p>
You cannot use <code>custom_images</code> as they lack support for the
following:
</p>
<ul>
<li><strong>Installing modules into a specific target</strong>.
<code>custom_images</code> support copying artifacts into an image but
cannot install a module into a specific partition by specifying its target
partition as a part of a build rule.</li>
<li><strong>Soong support</strong>. <code>custom_images</code> cannot be
built using the Soong build system.</li>
<li>OTA update support</a>. <code>custom_images</code> are used as factory ROM
images that cannot be OTA-ed.</li>
</ul>
<h3 id="maintaining-abis">Maintaining ABIs between partitions</h3>
<p>
The <code>/product</code> partition in Android {{ androidPVersionNumber }}
is an extension of the <code>/system</code> partition. As there is weak ABI
between <code>/product</code> and <code>/system</code> partitions, both must
be upgraded at the same time and the ABI should be System SDK-based. If the
System SDK doesn't cover all API surfaces between <code>/product</code> and
<code>/system</code>, it is up to the OEM to maintain their own ABI between
the two partitions.
</p>
<p>The <code>/product</code> and <code>/system</code> partitions can have
dependency on each other. However, tests with the
<a href="/setup/build/gsi">Generic System Image (GSI)</a> must work properly
without the <code>/product</code> partition.
</p>
<p>The <code>/product</code> partition must not have any dependency on
<code>/vendor</code> partition and no direct interaction between the
<code>/product</code> partition and the <code>/vendor</code> is permitted
(enforced by SEpolicy).
</p>
<h2 id="implementing-product-partitions">Implementing product partitions</h2>
<p>
Before implementing a new product partition, review the
<a href="https://android-review.googlesource.com/q/topic:product_partition+(status:open+OR+status:merged)" class="external">related
product partition changes in AOSP</a>. Then, to set up <code>/product</code>,
include the following board or product build flags.
</p>
<ul>
<li><code>BOARD_USES_PRODUCTIMAGE</code></li>
<li><code>BOARD_PRODUCTIMAGE_PARTITION_SIZE</code></li>
<li><code>BOARD_PRODUCTIMAGE_FILE_SYSTEM_TYPE</code></li>
<li><code>PRODUCT_PRODUCT_PROPERTIES for /product/build.prop</code>.
Should be within a <code>$(call inherit-product path/to/device.mk)</code>,
e.g., <code>PRODUCT_PRODUCT_PROPERTIES += product.abc=ok</code>.
</li>
</ul>
<h3 id="enabling-verified-boot">Enabling verified boot</h3>
<p>
To prevent the <code>/product</code> partition from being tampered with by
malicious software, you should enable
<a href="https://android.googlesource.com/platform/external/avb/" class="external">Android
Verified Boot (AVB)</a> for that partition (just as you do for
<code>/vendor</code> and <code>/system</code> partitions). To enable AVB,
include the following build flags:
<code>BOARD_AVB_PRODUCT_ADD_HASHTREE_FOOTER_ARGS</code>
</p>
</body>
</html>