blob: d1a93c3343b27a2d72f8839b9ca2ba36a6b6865d [file] [log] [blame]
package {
default_applicable_licenses: ["Android-Apache-2.0"],
}
microdroid_shell_and_utilities = [
"reboot",
"sh",
"strace",
"toolbox",
"toybox",
]
microdroid_rootdirs = [
"dev",
"proc",
"sys",
"system",
"vendor",
"debug_ramdisk",
"mnt",
"data",
"apex",
"linkerconfig",
"second_stage_resources",
]
microdroid_symlinks = [
{
target: "/sys/kernel/debug",
name: "d",
},
{
target: "/system/etc",
name: "etc",
},
{
target: "/system/bin",
name: "bin",
},
]
android_system_image {
name: "microdroid",
use_avb: true,
avb_private_key: ":microdroid_sign_key",
avb_algorithm: "SHA256_RSA4096",
avb_hash_algorithm: "sha256",
partition_name: "system",
deps: [
"init_second_stage",
"microdroid_build_prop",
"microdroid_init_rc",
"microdroid_ueventd_rc",
"microdroid_launcher",
"libbinder",
"libbinder_ndk",
"libstdc++",
"logcat",
"logd",
"secilc",
// "com.android.adbd" requires these,
"libadbd_auth",
"libadbd_fs",
// "com.android.art" requires
"heapprofd_client_api",
"libartpalette-system",
"apexd",
"atrace",
"debuggerd",
"diced.microdroid",
"linker",
"linkerconfig",
"servicemanager.microdroid",
"tombstoned",
"tombstone_transmit.microdroid",
"cgroups.json",
"task_profiles.json",
"public.libraries.android.txt",
"microdroid_compatibility_matrix",
"microdroid_event-log-tags",
"microdroid_file_contexts",
"microdroid_manifest",
"microdroid_plat_sepolicy_and_mapping.sha256",
"microdroid_property_contexts",
"microdroid_service_contexts",
// TODO(b/195425111) these should be added automatically
"libcrypto", // used by many (init_second_stage, microdroid_manager, toybox, etc)
"liblzma", // used by init_second_stage
] + microdroid_shell_and_utilities,
multilib: {
common: {
deps: [
// non-updatable & mandatory apexes
"com.android.runtime",
"microdroid_plat_sepolicy.cil",
"microdroid_plat_mapping_file",
],
},
lib64: {
deps: [
"apkdmverity",
"authfs",
"authfs_service",
"microdroid_manager",
"zipfuse",
],
},
},
linker_config_src: "linker.config.json",
base_dir: "system",
dirs: microdroid_rootdirs,
symlinks: microdroid_symlinks,
file_contexts: ":microdroid_file_contexts.gen",
}
prebuilt_etc {
name: "microdroid_init_rc",
filename: "init.rc",
src: "init.rc",
relative_install_path: "init/hw",
installable: false, // avoid collision with system partition's init.rc
}
prebuilt_etc {
name: "microdroid_ueventd_rc",
filename: "ueventd.rc",
src: "ueventd.rc",
installable: false, // avoid collision with system partition's ueventd.rc
}
prebuilt_root {
name: "microdroid_build_prop",
filename: "build.prop",
src: "build.prop",
arch: {
x86_64: {
src: ":microdroid_build_prop_gen_x86_64",
},
arm64: {
src: ":microdroid_build_prop_gen_arm64",
},
},
installable: false,
}
genrule {
name: "microdroid_build_prop_gen_x86_64",
srcs: [
"build.prop",
":buildinfo.prop",
],
out: ["build.prop.out"],
cmd: "(echo '# build properties from buildinfo.prop module' && " +
"grep ro\\.build\\.version\\.codename= $(location :buildinfo.prop) && " +
"grep ro\\.build\\.version\\.release= $(location :buildinfo.prop) && " +
"grep ro\\.build\\.version\\.sdk= $(location :buildinfo.prop) && " +
"grep ro\\.build\\.version\\.security_patch= $(location :buildinfo.prop) && " +
"cat $(location build.prop) && " +
"echo ro.product.cpu.abilist=x86_64) > $(out)",
}
genrule {
name: "microdroid_build_prop_gen_arm64",
srcs: [
"build.prop",
":buildinfo.prop",
],
out: ["build.prop.out"],
cmd: "(echo '# build properties from buildinfo.prop module' && " +
"grep ro\\.build\\.version\\.codename= $(location :buildinfo.prop) && " +
"grep ro\\.build\\.version\\.release= $(location :buildinfo.prop) && " +
"grep ro\\.build\\.version\\.sdk= $(location :buildinfo.prop) && " +
"grep ro\\.build\\.version\\.security_patch= $(location :buildinfo.prop) && " +
"cat $(location build.prop) && " +
"echo ro.product.cpu.abilist=arm64-v8a) > $(out)",
}
android_filesystem {
name: "microdroid_vendor",
partition_name: "vendor",
use_avb: true,
deps: [
"android.hardware.security.dice-service.microdroid",
"microdroid_fstab",
"microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
"microdroid_vendor_manifest",
"microdroid_vendor_compatibility_matrix",
],
multilib: {
common: {
deps: [
"microdroid_vendor_sepolicy.cil",
"microdroid_plat_pub_versioned.cil",
"microdroid_plat_sepolicy_vers.txt",
"microdroid_precompiled_sepolicy",
],
},
},
avb_private_key: ":microdroid_sign_key",
avb_algorithm: "SHA256_RSA4096",
avb_hash_algorithm: "sha256",
file_contexts: ":microdroid_vendor_file_contexts.gen",
}
logical_partition {
name: "microdroid_super",
sparse: true,
size: "auto",
default_group: [
{
name: "system_a",
filesystem: ":microdroid",
},
{
name: "vendor_a",
filesystem: ":microdroid_vendor",
},
],
}
microdroid_boot_cmdline = [
"panic=-1",
"bootconfig",
"ioremap_guard",
]
bootimg {
name: "microdroid_boot-5.10",
// We don't have kernel for arm and x86. But Soong demands one when it builds for
// arm or x86 target. Satisfy that by providing an empty file as the kernel.
kernel_prebuilt: "empty_kernel",
arch: {
arm64: {
kernel_prebuilt: ":kernel_prebuilts-5.10-arm64",
cmdline: microdroid_boot_cmdline,
},
x86_64: {
kernel_prebuilt: ":kernel_prebuilts-5.10-x86_64",
cmdline: microdroid_boot_cmdline + [
// console=none is to work around the x86 specific u-boot behavior which when
// console= option is not found in the kernel commandline console=ttyS0 is
// automatically added. By adding console=none, we can prevent u-boot from doing
// that. Note that console is set to hvc0 by bootconfig if the VM is configured as
// debuggable.
"console=none",
"acpi=noirq",
],
},
},
dtb_prebuilt: "dummy_dtb.img",
header_version: "4",
partition_name: "boot",
use_avb: true,
avb_private_key: ":microdroid_sign_key",
}
bootimg {
name: "microdroid_init_boot",
ramdisk_module: "microdroid_ramdisk-5.10",
kernel_prebuilt: "empty_kernel",
header_version: "4",
partition_name: "init_boot",
use_avb: true,
avb_private_key: ":microdroid_sign_key",
}
android_filesystem {
name: "microdroid_ramdisk-5.10",
deps: [
"init_first_stage",
],
dirs: [
"dev",
"proc",
"sys",
// TODO(jiyong): remove these
"mnt",
"debug_ramdisk",
"second_stage_resources",
],
type: "compressed_cpio",
}
bootimg {
name: "microdroid_vendor_boot-5.10",
ramdisk_module: "microdroid_vendor_ramdisk-5.10",
dtb_prebuilt: "dummy_dtb.img",
header_version: "4",
vendor_boot: true,
arch: {
arm64: {
bootconfig: ":microdroid_bootconfig_arm64_gen",
},
x86_64: {
bootconfig: ":microdroid_bootconfig_x86_64_gen",
},
},
partition_name: "vendor_boot",
use_avb: true,
avb_private_key: ":microdroid_sign_key",
}
prebuilt_kernel_modules {
name: "microdroid_kernel_modules",
arch: {
arm64: {
srcs: [":virt_device_prebuilts_kernel_modules_microdroid-5.10-arm64"],
},
x86_64: {
srcs: [":virt_device_prebuilts_kernel_modules_microdroid-5.10-x86_64"],
},
},
kernel_version: "5.10",
}
android_filesystem {
name: "microdroid_vendor_ramdisk-5.10",
deps: [
"microdroid_fstab",
"microdroid_kernel_modules",
],
base_dir: "first_stage_ramdisk",
type: "compressed_cpio",
symlinks: [
{
target: "etc/fstab.microdroid",
name: "first_stage_ramdisk/fstab.microdroid",
},
{
target: "first_stage_ramdisk/lib",
name: "lib",
},
],
}
genrule {
name: "microdroid_bootconfig_arm64_gen",
srcs: [
"bootconfig.common",
"bootconfig.arm64",
],
out: ["bootconfig"],
cmd: "cat $(in) > $(out)",
}
genrule {
name: "microdroid_bootconfig_x86_64_gen",
srcs: [
"bootconfig.common",
"bootconfig.x86_64",
],
out: ["bootconfig"],
cmd: "cat $(in) > $(out)",
}
vbmeta {
name: "microdroid_vbmeta_bootconfig",
partition_name: "vbmeta",
private_key: ":microdroid_sign_key",
chained_partitions: [
{
name: "bootconfig",
private_key: ":microdroid_sign_key",
},
{
name: "uboot_env",
private_key: ":microdroid_sign_key",
},
],
}
// See external/avb/avbtool.py
// MAX_VBMETA_SIZE=64KB, MAX_FOOTER_SIZE=4KB
avb_hash_footer_kb = "68"
prebuilt_etc {
name: "microdroid_bootconfig_normal",
src: ":microdroid_bootconfig_normal_gen",
filename: "microdroid_bootconfig.normal",
}
prebuilt_etc {
name: "microdroid_bootconfig_app_debuggable",
src: ":microdroid_bootconfig_app_debuggable_gen",
filename: "microdroid_bootconfig.app_debuggable",
}
prebuilt_etc {
name: "microdroid_bootconfig_full_debuggable",
src: ":microdroid_bootconfig_full_debuggable_gen",
filename: "microdroid_bootconfig.full_debuggable",
}
// TODO(jiyong): make a new module type that does the avb signing
genrule {
name: "microdroid_bootconfig_normal_gen",
tools: ["avbtool"],
srcs: [
"bootconfig.normal",
":microdroid_sign_key",
],
out: ["microdroid_bootconfig.normal"],
cmd: "cp $(location bootconfig.normal) $(out) && " +
"$(location avbtool) add_hash_footer " +
"--algorithm SHA256_RSA4096 " +
"--partition_name bootconfig " +
"--key $(location :microdroid_sign_key) " +
"--partition_size $$(( " + avb_hash_footer_kb + " * 1024 + ( $$(stat --format=%s $(out)) + 4096 - 1 ) / 4096 * 4096 )) " +
"--image $(out)",
}
genrule {
name: "microdroid_bootconfig_app_debuggable_gen",
tools: ["avbtool"],
srcs: [
"bootconfig.app_debuggable",
":microdroid_sign_key",
],
out: ["microdroid_bootconfig.app_debuggable"],
cmd: "cp $(location bootconfig.app_debuggable) $(out) && " +
"$(location avbtool) add_hash_footer " +
"--algorithm SHA256_RSA4096 " +
"--partition_name bootconfig " +
"--key $(location :microdroid_sign_key) " +
"--partition_size $$(( " + avb_hash_footer_kb + " * 1024 + ( $$(stat --format=%s $(out)) + 4096 - 1 ) / 4096 * 4096 )) " +
"--image $(out)",
}
genrule {
name: "microdroid_bootconfig_full_debuggable_gen",
tools: ["avbtool"],
srcs: [
"bootconfig.full_debuggable",
":microdroid_sign_key",
],
out: ["microdroid_bootconfig.full_debuggable"],
cmd: "cp $(location bootconfig.full_debuggable) $(out) && " +
"$(location avbtool) add_hash_footer " +
"--algorithm SHA256_RSA4096 " +
"--partition_name bootconfig " +
"--key $(location :microdroid_sign_key) " +
"--partition_size $$(( " + avb_hash_footer_kb + " * 1024 + ( $$(stat --format=%s $(out)) + 4096 - 1 ) / 4096 * 4096 )) " +
"--image $(out)",
}
prebuilt_etc {
name: "microdroid_fstab",
src: "fstab.microdroid",
filename: "fstab.microdroid",
installable: false,
}
prebuilt_etc {
name: "microdroid_bootloader",
src: ":microdroid_bootloader_gen",
arch: {
x86_64: {
// For unknown reason, the signed bootloader doesn't work on x86_64. Until the problem
// is fixed, let's use the unsigned bootloader for the architecture.
// TODO(b/185115783): remove this
src: ":microdroid_bootloader_pubkey_replaced",
},
},
filename: "microdroid_bootloader",
}
genrule {
name: "microdroid_bootloader_gen",
tools: ["avbtool"],
srcs: [
":microdroid_bootloader_pubkey_replaced",
":microdroid_sign_key",
],
out: ["bootloader-signed"],
// 1. Copy the input to the output becaise avbtool modifies --image in
// place.
// 2. Check if the file is big enough. For arm and x86 we have fake
// bootloader file whose size is 1. It can't pass avbtool.
// 3. Add the hash footer. The partition size is set to (image size + 68KB)
// rounded up to 4KB boundary.
cmd: "cp $(location :microdroid_bootloader_pubkey_replaced) $(out) && " +
"if [ $$(stat --format=%s $(out)) -gt 4096 ]; then " +
"$(location avbtool) add_hash_footer " +
"--algorithm SHA256_RSA4096 " +
"--partition_name bootloader " +
"--key $(location :microdroid_sign_key) " +
"--partition_size $$(( " + avb_hash_footer_kb + " * 1024 + ( $$(stat --format=%s $(out)) + 4096 - 1 ) / 4096 * 4096 )) " +
"--image $(out)" +
"; fi",
}
// Replace avbpubkey of prebuilt bootloader with the avbpubkey of the signing key
genrule {
name: "microdroid_bootloader_pubkey_replaced",
tools: ["replace_bytes"],
srcs: [
":microdroid_crosvm_bootloader", // input (bootloader)
":microdroid_crosvm_bootloader.avbpubkey", // old bytes (old pubkey)
":microdroid_bootloader_avbpubkey_gen", // new bytes (new pubkey)
],
out: ["bootloader-pubkey-replaced"],
// 1. Copy the input to the output (replace_bytes modifies the file in-place)
// 2. Check if the file is big enough. For arm and x86 we have fake
// bootloader file whose size is 1. (replace_bytes fails if key not found)
// 3. Replace embedded pubkey with new one.
cmd: "cp $(location :microdroid_crosvm_bootloader) $(out) && " +
"if [ $$(stat --format=%s $(out)) -gt 4096 ]; then " +
"$(location replace_bytes) $(out) " +
"$(location :microdroid_crosvm_bootloader.avbpubkey) " +
"$(location :microdroid_bootloader_avbpubkey_gen)" +
"; fi",
}
// Apex keeps a copy of avbpubkey embedded in bootloader so that embedded avbpubkey can be replaced
// while re-signing bootloader.
prebuilt_etc {
name: "microdroid_bootloader.avbpubkey",
src: ":microdroid_bootloader_avbpubkey_gen",
}
// Generate avbpukey from the signing key
genrule {
name: "microdroid_bootloader_avbpubkey_gen",
tools: ["avbtool"],
srcs: [":microdroid_sign_key"],
out: ["bootloader.pubkey"],
cmd: "$(location avbtool) extract_public_key " +
"--key $(location :microdroid_sign_key) " +
"--output $(out)",
}
prebuilt_etc {
name: "microdroid_uboot_env",
src: ":microdroid_uboot_env_gen",
filename: "uboot_env.img",
}
genrule {
name: "microdroid_uboot_env_gen",
tools: [
"mkenvimage_slim",
"avbtool",
],
srcs: [
"uboot-env.txt",
":microdroid_sign_key",
],
out: ["output.img"],
cmd: "$(location mkenvimage_slim) -output_path $(out) -input_path $(location uboot-env.txt) && " +
"$(location avbtool) add_hash_footer " +
"--algorithm SHA256_RSA4096 " +
"--partition_name uboot_env " +
"--key $(location :microdroid_sign_key) " +
"--partition_size $$(( " + avb_hash_footer_kb + " * 1024 + ( $$(stat --format=%s $(out)) + 4096 - 1 ) / 4096 * 4096 )) " +
"--image $(out)",
}
// Note that keys can be different for filesystem images even though we're using the same key
// for microdroid. However, the key signing VBmeta should match with the pubkey embedded in
// bootloader.
filegroup {
name: "microdroid_sign_key",
srcs: [":avb_testkey_rsa4096"],
}
vbmeta {
name: "microdroid_vbmeta",
partition_name: "vbmeta",
private_key: ":microdroid_sign_key",
partitions: [
"microdroid_vendor",
"microdroid_vendor_boot-5.10",
"microdroid",
"microdroid_boot-5.10",
"microdroid_init_boot",
],
}
prebuilt_etc {
name: "microdroid.json",
src: "microdroid.json",
}
prebuilt_etc {
name: "microdroid_vendor_manifest",
src: "microdroid_vendor_manifest.xml",
filename: "manifest.xml",
relative_install_path: "vintf",
installable: false,
}
prebuilt_etc {
name: "microdroid_vendor_compatibility_matrix",
src: "microdroid_vendor_compatibility_matrix.xml",
filename: "compatibility_matrix.xml",
relative_install_path: "vintf",
installable: false,
}
prebuilt_etc {
name: "microdroid_compatibility_matrix",
src: "microdroid_compatibility_matrix.xml",
filename: "compatibility_matrix.current.xml",
relative_install_path: "vintf",
installable: false,
}
prebuilt_etc {
name: "microdroid_manifest",
src: "microdroid_manifest.xml",
filename: "manifest.xml",
relative_install_path: "vintf",
installable: false,
}
prebuilt_etc {
name: "microdroid_event-log-tags",
src: "microdroid_event-log-tags",
filename: "event-log-tags",
installable: false,
}