| package { |
| default_applicable_licenses: ["Android-Apache-2.0"], |
| } |
| |
| microdroid_shell_and_utilities = [ |
| "reboot", |
| "sh", |
| "strace", |
| "toolbox", |
| "toybox", |
| ] |
| |
| microdroid_rootdirs = [ |
| "dev", |
| "proc", |
| "sys", |
| |
| "system", |
| "debug_ramdisk", |
| "mnt", |
| "data", |
| |
| "apex", |
| "linkerconfig", |
| "second_stage_resources", |
| |
| // Ideally we should only create the /vendor for Microdroid VMs that will mount /vendor, but |
| // for the time being we will just create it unconditionally. |
| "vendor", |
| ] |
| |
| microdroid_symlinks = [ |
| { |
| target: "/sys/kernel/debug", |
| name: "d", |
| }, |
| { |
| target: "/system/etc", |
| name: "etc", |
| }, |
| { |
| target: "/system/bin", |
| name: "bin", |
| }, |
| ] |
| |
| soong_config_module_type { |
| name: "flag_aware_microdroid_system_image", |
| module_type: "android_system_image", |
| config_namespace: "ANDROID", |
| bool_variables: [ |
| "release_avf_enable_multi_tenant_microdroid_vm", |
| ], |
| properties: [ |
| "deps", |
| ], |
| } |
| |
| flag_aware_microdroid_system_image { |
| name: "microdroid", |
| use_avb: true, |
| avb_private_key: ":microdroid_sign_key", |
| avb_algorithm: "SHA256_RSA4096", |
| avb_hash_algorithm: "sha256", |
| partition_name: "system", |
| deps: [ |
| "init_second_stage.microdroid", |
| "microdroid_build_prop", |
| "microdroid_init_debug_policy", |
| "microdroid_init_rc", |
| "microdroid_ueventd_rc", |
| "microdroid_launcher", |
| |
| "libbinder_ndk", |
| "libstdc++", |
| |
| // "com.android.adbd" requires these, |
| "libadbd_auth", |
| "libadbd_fs", |
| |
| // "com.android.art" requires |
| "heapprofd_client_api", |
| "libartpalette-system", |
| |
| "apexd.microdroid", |
| "debuggerd", |
| "linker", |
| "cgroups.json", |
| "task_profiles.json", |
| "public.libraries.android.txt", |
| |
| "microdroid_event-log-tags", |
| "microdroid_file_contexts", |
| "microdroid_manifest", |
| "microdroid_property_contexts", |
| "mke2fs.microdroid", |
| "microdroid_fstab", |
| |
| "libvm_payload", // used by payload to interact with microdroid manager |
| |
| "prng_seeder_microdroid", |
| |
| // Binaries required to capture traces in Microdroid. |
| "atrace", |
| "traced", |
| "traced_probes", |
| "perfetto", |
| ] + microdroid_shell_and_utilities, |
| multilib: { |
| common: { |
| deps: [ |
| // non-updatable & mandatory apexes |
| "com.android.runtime", |
| |
| "microdroid_crashdump_initrd", |
| "microdroid_precompiled_sepolicy", |
| ], |
| }, |
| lib64: { |
| deps: [ |
| "apkdmverity", |
| "authfs", |
| "authfs_service", |
| "encryptedstore", |
| "microdroid_kexec", |
| "microdroid_manager", |
| "zipfuse", |
| ], |
| }, |
| }, |
| arch: { |
| // b/273792258: These could be in multilib.lib64 except that |
| // microdroid_crashdump_kernel doesn't exist for riscv64 yet |
| arm64: { |
| deps: [ |
| "microdroid_crashdump_kernel", |
| ], |
| }, |
| x86_64: { |
| deps: [ |
| "microdroid_crashdump_kernel", |
| ], |
| }, |
| }, |
| linker_config_src: "linker.config.json", |
| base_dir: "system", |
| dirs: microdroid_rootdirs, |
| symlinks: microdroid_symlinks, |
| file_contexts: ":microdroid_file_contexts.gen", |
| // For deterministic output, use fake_timestamp, hard-coded uuid |
| fake_timestamp: "1611569676", |
| // python -c "import uuid; print(uuid.uuid5(uuid.NAMESPACE_URL, 'www.android.com/avf/microdroid/system'))" |
| uuid: "5fe079c6-f01a-52be-87d3-d415231a72ad", |
| |
| // Below are dependencies that are conditionally enabled depending on value of build flags. |
| soong_config_variables: { |
| release_avf_enable_multi_tenant_microdroid_vm: { |
| deps: [ |
| "microdroid_etc_passwd", |
| "microdroid_etc_group", |
| ], |
| }, |
| }, |
| } |
| |
| prebuilt_etc { |
| name: "microdroid_init_rc", |
| filename: "init.rc", |
| src: "init.rc", |
| relative_install_path: "init/hw", |
| installable: false, // avoid collision with system partition's init.rc |
| } |
| |
| prebuilt_etc { |
| name: "microdroid_ueventd_rc", |
| filename: "ueventd.rc", |
| src: "ueventd.rc", |
| installable: false, // avoid collision with system partition's ueventd.rc |
| } |
| |
| prebuilt_etc { |
| name: "microdroid_etc_passwd", |
| src: "microdroid_passwd", |
| filename: "passwd", |
| installable: false, |
| } |
| |
| prebuilt_etc { |
| name: "microdroid_etc_group", |
| src: "microdroid_group", |
| filename: "group", |
| installable: false, |
| } |
| |
| prebuilt_root { |
| name: "microdroid_build_prop", |
| filename: "build.prop", |
| src: "build.prop", |
| arch: { |
| x86_64: { |
| src: ":microdroid_build_prop_gen_x86_64", |
| }, |
| arm64: { |
| src: ":microdroid_build_prop_gen_arm64", |
| }, |
| }, |
| installable: false, |
| } |
| |
| genrule { |
| name: "microdroid_build_prop_gen_x86_64", |
| srcs: [ |
| "build.prop", |
| ":buildinfo.prop", |
| ], |
| out: ["build.prop.out"], |
| cmd: "(echo '# build properties from buildinfo.prop module' && " + |
| "grep ro\\.build\\.version\\.codename= $(location :buildinfo.prop) && " + |
| "grep ro\\.build\\.version\\.release= $(location :buildinfo.prop) && " + |
| "grep ro\\.build\\.version\\.sdk= $(location :buildinfo.prop) && " + |
| "grep ro\\.build\\.version\\.security_patch= $(location :buildinfo.prop) && " + |
| "grep ro\\.build\\.version\\.known_codenames= $(location :buildinfo.prop) && " + |
| "cat $(location build.prop) && " + |
| "echo ro.product.cpu.abilist=x86_64 && " + |
| "echo ro.product.cpu.abi=x86_64) > $(out)", |
| } |
| |
| genrule { |
| name: "microdroid_build_prop_gen_arm64", |
| srcs: [ |
| "build.prop", |
| ":buildinfo.prop", |
| ], |
| out: ["build.prop.out"], |
| cmd: "(echo '# build properties from buildinfo.prop module' && " + |
| "grep ro\\.build\\.version\\.codename= $(location :buildinfo.prop) && " + |
| "grep ro\\.build\\.version\\.release= $(location :buildinfo.prop) && " + |
| "grep ro\\.build\\.version\\.sdk= $(location :buildinfo.prop) && " + |
| "grep ro\\.build\\.version\\.security_patch= $(location :buildinfo.prop) && " + |
| "grep ro\\.build\\.version\\.known_codenames= $(location :buildinfo.prop) && " + |
| "cat $(location build.prop) && " + |
| "echo ro.product.cpu.abilist=arm64-v8a && " + |
| "echo ro.product.cpu.abi=arm64-v8a) > $(out)", |
| } |
| |
| logical_partition { |
| name: "microdroid_super", |
| sparse: true, |
| size: "auto", |
| default_group: [ |
| { |
| name: "system_a", |
| filesystem: ":microdroid", |
| }, |
| ], |
| } |
| |
| android_filesystem { |
| name: "microdroid_ramdisk", |
| deps: [ |
| "init_first_stage.microdroid", |
| ], |
| dirs: [ |
| "dev", |
| "proc", |
| "sys", |
| |
| // TODO(jiyong): remove these |
| "mnt", |
| "debug_ramdisk", |
| "second_stage_resources", |
| ], |
| type: "compressed_cpio", |
| } |
| |
| android_filesystem { |
| name: "microdroid_fstab_ramdisk", |
| deps: [ |
| "microdroid_fstab", |
| ], |
| base_dir: "first_stage_ramdisk", |
| type: "compressed_cpio", |
| symlinks: [ |
| { |
| target: "etc/fstab.microdroid", |
| name: "first_stage_ramdisk/fstab.microdroid", |
| }, |
| { |
| target: "first_stage_ramdisk/lib", |
| name: "lib", |
| }, |
| ], |
| } |
| |
| genrule { |
| name: "microdroid_bootconfig_arm64_gen", |
| srcs: [ |
| "bootconfig.common", |
| "bootconfig.arm64", |
| ], |
| out: ["bootconfig"], |
| cmd: "cat $(in) > $(out)", |
| } |
| |
| genrule { |
| name: "microdroid_bootconfig_x86_64_gen", |
| srcs: [ |
| "bootconfig.common", |
| "bootconfig.x86_64", |
| ], |
| out: ["bootconfig"], |
| cmd: "cat $(in) > $(out)", |
| } |
| |
| prebuilt_etc { |
| name: "microdroid_fstab", |
| src: "fstab.microdroid", |
| filename: "fstab.microdroid", |
| installable: false, |
| } |
| |
| // python -c "import hashlib; print(hashlib.sha256(b'bootloader').hexdigest())" |
| bootloader_salt = "3b4a12881d11f33cff968a24d7c53723a8232cde9a8d91e29fdbd6a95ae6adf0" |
| |
| // Note that keys can be different for filesystem images even though we're using the same key |
| // for microdroid. However, the key signing VBmeta should match with the pubkey embedded in |
| // bootloader. |
| filegroup { |
| name: "microdroid_sign_key", |
| srcs: [":avb_testkey_rsa4096"], |
| } |
| |
| vbmeta { |
| name: "microdroid_vbmeta", |
| partition_name: "vbmeta", |
| private_key: ":microdroid_sign_key", |
| partitions: [ |
| "microdroid", |
| ], |
| } |
| |
| prebuilt_etc { |
| name: "microdroid.json", |
| src: "microdroid.json", |
| } |
| |
| prebuilt_etc { |
| name: "microdroid_manifest", |
| src: "microdroid_manifest.xml", |
| filename: "manifest.xml", |
| relative_install_path: "vintf", |
| installable: false, |
| } |
| |
| prebuilt_etc { |
| name: "microdroid_event-log-tags", |
| src: "microdroid_event-log-tags", |
| filename: "event-log-tags", |
| installable: false, |
| } |
| |
| filegroup { |
| name: "microdroid_bootconfig_debuggable_src", |
| srcs: ["bootconfig.debuggable"], |
| } |
| |
| filegroup { |
| name: "microdroid_bootconfig_normal_src", |
| srcs: ["bootconfig.normal"], |
| } |
| |
| // python -c "import hashlib; print(hashlib.sha256(b'initrd_normal').hexdigest())" |
| initrd_normal_salt = "8041a07d54ac82290f6d90bac1fa8d7fdbc4db974d101d60faf294749d1ebaf8" |
| |
| avb_gen_vbmeta_image { |
| name: "microdroid_initrd_normal_hashdesc", |
| src: ":microdroid_initrd_normal", |
| partition_name: "initrd_normal", |
| salt: initrd_normal_salt, |
| enabled: false, |
| arch: { |
| // Microdroid kernel is only available in these architectures. |
| arm64: { |
| enabled: true, |
| }, |
| x86_64: { |
| enabled: true, |
| }, |
| }, |
| } |
| |
| // python -c "import hashlib; print(hashlib.sha256(b'initrd_debug').hexdigest())" |
| initrd_debug_salt = "8ab9dc9cb7e6456700ff6ef18c6b4c3acc24c5fa5381b829563f8d7a415d869a" |
| |
| avb_gen_vbmeta_image { |
| name: "microdroid_initrd_debug_hashdesc", |
| src: ":microdroid_initrd_debuggable", |
| partition_name: "initrd_debug", |
| salt: initrd_debug_salt, |
| enabled: false, |
| arch: { |
| // Microdroid kernel is only available in these architectures. |
| arm64: { |
| enabled: true, |
| }, |
| x86_64: { |
| enabled: true, |
| }, |
| }, |
| } |
| |
| soong_config_module_type { |
| name: "flag_aware_avb_add_hash_footer", |
| module_type: "avb_add_hash_footer", |
| config_namespace: "ANDROID", |
| bool_variables: [ |
| "release_avf_enable_llpvm_changes", |
| ], |
| properties: [ |
| "rollback_index", |
| "props", |
| ], |
| } |
| |
| flag_aware_avb_add_hash_footer { |
| name: "microdroid_kernel_signed", |
| src: ":empty_file", |
| filename: "microdroid_kernel", |
| partition_name: "boot", |
| private_key: ":microdroid_sign_key", |
| salt: bootloader_salt, |
| enabled: false, |
| arch: { |
| arm64: { |
| src: ":microdroid_kernel_prebuilts-6.1-arm64", |
| enabled: true, |
| }, |
| x86_64: { |
| src: ":microdroid_kernel_prebuilts-6.1-x86_64", |
| enabled: true, |
| }, |
| }, |
| include_descriptors_from_images: [ |
| ":microdroid_initrd_normal_hashdesc", |
| ":microdroid_initrd_debug_hashdesc", |
| ], |
| // Below are properties that are conditionally set depending on value of build flags. |
| soong_config_variables: { |
| release_avf_enable_llpvm_changes: { |
| rollback_index: 1, |
| props: [ |
| { |
| name: "com.android.virt.cap", |
| value: "secretkeeper_protection", |
| }, |
| ], |
| }, |
| }, |
| } |
| |
| prebuilt_etc { |
| name: "microdroid_kernel", |
| src: ":empty_file", |
| relative_install_path: "fs", |
| arch: { |
| arm64: { |
| src: ":microdroid_kernel_signed", |
| }, |
| x86_64: { |
| src: ":microdroid_kernel_signed", |
| }, |
| }, |
| } |
| |
| flag_aware_avb_add_hash_footer { |
| name: "microdroid_kernel_with_modules_signed", |
| src: ":empty_file", |
| filename: "microdroid_kernel_with_modules", |
| partition_name: "boot", |
| private_key: ":microdroid_sign_key", |
| salt: bootloader_salt, |
| enabled: false, |
| arch: { |
| arm64: { |
| src: ":microdroid_kernel_with_modules_prebuilts-6.1-arm64", |
| enabled: true, |
| }, |
| }, |
| include_descriptors_from_images: [ |
| ":microdroid_initrd_normal_hashdesc", |
| ":microdroid_initrd_debug_hashdesc", |
| ], |
| // Below are properties that are conditionally set depending on value of build flags. |
| soong_config_variables: { |
| release_avf_enable_llpvm_changes: { |
| rollback_index: 1, |
| props: [ |
| { |
| name: "com.android.virt.cap", |
| value: "secretkeeper_protection", |
| }, |
| ], |
| }, |
| }, |
| } |
| |
| prebuilt_etc { |
| name: "microdroid_kernel_with_modules", |
| src: ":empty_file", |
| relative_install_path: "fs", |
| arch: { |
| arm64: { |
| src: ":microdroid_kernel_with_modules_signed", |
| }, |
| }, |
| } |