diff options
24 files changed, 245 insertions, 212 deletions
diff --git a/core/base_rules.mk b/core/base_rules.mk index 7147f6df69..b40616db05 100644 --- a/core/base_rules.mk +++ b/core/base_rules.mk @@ -115,12 +115,6 @@ my_module_tags := $(LOCAL_MODULE_TAGS) ifeq ($(my_host_cross),true) my_module_tags := endif -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) -ifdef LOCAL_2ND_ARCH_VAR_PREFIX -# Don't pull in modules by tags if this is for translation TARGET_2ND_ARCH. - my_module_tags := -endif -endif # Ninja has an implicit dependency on the command being run, and kati will # regenerate the ninja manifest if any read makefile changes, so there is no @@ -204,17 +198,7 @@ endif my_32_64_bit_suffix := $(if $($(LOCAL_2ND_ARCH_VAR_PREFIX)$(my_prefix)IS_64_BIT),64,32) ifneq (true,$(LOCAL_UNINSTALLABLE_MODULE)) -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) -# When in TARGET_TRANSLATE_2ND_ARCH both TARGET_ARCH and TARGET_2ND_ARCH are 32-bit, -# to avoid path conflict we force using LOCAL_MODULE_PATH_64 for the first arch. -ifdef LOCAL_2ND_ARCH_VAR_PREFIX -my_multilib_module_path := $(LOCAL_MODULE_PATH_32) -else # ! LOCAL_2ND_ARCH_VAR_PREFIX -my_multilib_module_path := $(LOCAL_MODULE_PATH_64) -endif # ! LOCAL_2ND_ARCH_VAR_PREFIX -else # ! TARGET_TRANSLATE_2ND_ARCH my_multilib_module_path := $(strip $(LOCAL_MODULE_PATH_$(my_32_64_bit_suffix))) -endif # ! TARGET_TRANSLATE_2ND_ARCH ifdef my_multilib_module_path my_module_path := $(my_multilib_module_path) else @@ -716,6 +700,18 @@ ifneq (,$(filter $(SOONG_OUT_DIR)%,$(LOCAL_FULL_TEST_CONFIG))) endif endif + +ifeq ($(use_testcase_folder),true) +ifneq ($(my_test_data_file_pairs),) +$(foreach pair, $(my_test_data_file_pairs), \ + $(eval parts := $(subst :,$(space),$(pair))) \ + $(eval src_path := $(word 1,$(parts))) \ + $(eval file := $(word 2,$(parts))) \ + $(foreach suite, $(LOCAL_COMPATIBILITY_SUITE), \ + $(eval my_compat_dist_$(suite) += $(foreach dir, $(call compatibility_suite_dirs,$(suite),$(arch_dir)), \ + $(call filter-copy-pair,$(src_path),$(call append-path,$(dir),$(file)),$(my_installed_test_data)))))) +endif +else ifneq ($(my_test_data_file_pairs),) $(foreach pair, $(my_test_data_file_pairs), \ $(eval parts := $(subst :,$(space),$(pair))) \ @@ -725,6 +721,7 @@ $(foreach pair, $(my_test_data_file_pairs), \ $(eval my_compat_dist_$(suite) += $(foreach dir, $(call compatibility_suite_dirs,$(suite),$(arch_dir)), \ $(src_path):$(call append-path,$(dir),$(file)))))) endif +endif diff --git a/core/definitions.mk b/core/definitions.mk index 381a2a70bc..a442bc0e0c 100644 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -2419,6 +2419,16 @@ define compat-copy-pair $(if $(filter-out $(2), $(LOCAL_INSTALLED_MODULE)), $(1):$(2)) endef +# Create copy pair for $(1) $(2) +# If $(2) is substring of $(3) do nothing. +# $(1): source path +# $(2): destination path +# $(3): filter-out target +# The format of copy pair is src:dst +define filter-copy-pair +$(if $(findstring $(2), $(3)),,$(1):$(2)) +endef + # Copies many files. # $(1): The files to copy. Each entry is a ':' separated src:dst pair # $(2): An optional directory to prepend to the destination diff --git a/core/dex_preopt_libart.mk b/core/dex_preopt_libart.mk index 85f2f3b2d0..79d5f8cd8b 100644 --- a/core/dex_preopt_libart.mk +++ b/core/dex_preopt_libart.mk @@ -21,10 +21,8 @@ $(my_installed): $(my_installed_vdex_dir)% : $(my_built_vdex_dir)% mkdir -p $(dir $@)/$(TARGET_ARCH) ln -sfn ../$(notdir $@) $(dir $@)/$(TARGET_ARCH) ifdef TARGET_2ND_ARCH - ifneq ($(TARGET_TRANSLATE_2ND_ARCH),true) mkdir -p $(dir $@)/$(TARGET_2ND_ARCH) ln -sfn ../$(notdir $@) $(dir $@)/$(TARGET_2ND_ARCH) - endif endif my_dexpreopt_image_extra_deps := $(firstword $(my_installed)) @@ -33,10 +31,8 @@ my_2nd_arch_prefix := include $(BUILD_SYSTEM)/dex_preopt_libart_boot.mk ifdef TARGET_2ND_ARCH - ifneq ($(TARGET_TRANSLATE_2ND_ARCH),true) - my_2nd_arch_prefix := $(TARGET_2ND_ARCH_VAR_PREFIX) - include $(BUILD_SYSTEM)/dex_preopt_libart_boot.mk - endif + my_2nd_arch_prefix := $(TARGET_2ND_ARCH_VAR_PREFIX) + include $(BUILD_SYSTEM)/dex_preopt_libart_boot.mk endif my_2nd_arch_prefix := diff --git a/core/envsetup.mk b/core/envsetup.mk index 88bf352c76..9901ee1743 100644 --- a/core/envsetup.mk +++ b/core/envsetup.mk @@ -500,12 +500,7 @@ endif .KATI_READONLY := TARGET_OUT_SYSTEM_OTHER # Out for TARGET_2ND_ARCH -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) -# With this you can reference the arm binary translation library with libfoo_arm in PRODUCT_PACKAGES. -TARGET_2ND_ARCH_MODULE_SUFFIX := _$(TARGET_2ND_ARCH) -else TARGET_2ND_ARCH_MODULE_SUFFIX := $(HOST_2ND_ARCH_MODULE_SUFFIX) -endif .KATI_READONLY := TARGET_2ND_ARCH_MODULE_SUFFIX ifneq ($(filter address,$(SANITIZE_TARGET)),) @@ -513,11 +508,7 @@ ifneq ($(filter address,$(SANITIZE_TARGET)),) else $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_INTERMEDIATES := $(PRODUCT_OUT)/obj_$(TARGET_2ND_ARCH) endif -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) -$(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_SHARED_LIBRARIES := $(target_out_shared_libraries_base)/lib/$(TARGET_2ND_ARCH) -else $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_SHARED_LIBRARIES := $(target_out_shared_libraries_base)/lib -endif $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_RENDERSCRIPT_BITCODE := $($(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_SHARED_LIBRARIES) $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_EXECUTABLES := $(TARGET_OUT_EXECUTABLES) $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_APPS := $(TARGET_OUT_APPS) @@ -582,17 +573,10 @@ TARGET_OUT_DATA_FAKE := $(TARGET_OUT_DATA)/fake_packages $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_DATA_EXECUTABLES := $(TARGET_OUT_DATA_EXECUTABLES) $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_DATA_SHARED_LIBRARIES := $($(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_SHARED_LIBRARIES) $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_DATA_APPS := $(TARGET_OUT_DATA_APPS) -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) -$(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_DATA_NATIVE_TESTS := $(TARGET_OUT_DATA)/nativetest/$(TARGET_2ND_ARCH) -$(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_DATA_METRIC_TESTS := $(TARGET_OUT_DATA)/benchmarktest/$(TARGET_2ND_ARCH) -$(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_VENDOR_NATIVE_TESTS := $(TARGET_OUT_DATA)/nativetest/$(TARGET_2ND_ARCH)$(TARGET_VENDOR_TEST_SUFFIX) -$(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_VENDOR_METRIC_TESTS := $(TARGET_OUT_DATA)/benchmarktest/$(TARGET_2ND_ARCH)$(TARGET_VENDOR_TEST_SUFFIX) -else $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_DATA_NATIVE_TESTS := $(TARGET_OUT_DATA)/nativetest $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_DATA_METRIC_TESTS := $(TARGET_OUT_DATA)/benchmarktest $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_VENDOR_NATIVE_TESTS := $(TARGET_OUT_DATA)/nativetest$(TARGET_VENDOR_TEST_SUFFIX) $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_VENDOR_METRIC_TESTS := $(TARGET_OUT_DATA)/benchmarktest$(TARGET_VENDOR_TEST_SUFFIX) -endif .KATI_READONLY := \ $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_DATA_EXECUTABLES \ $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_DATA_SHARED_LIBRARIES \ @@ -644,11 +628,7 @@ TARGET_OUT_VENDOR_ETC := $(TARGET_OUT_VENDOR)/etc TARGET_OUT_VENDOR_ETC $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_VENDOR_EXECUTABLES := $(TARGET_OUT_VENDOR_EXECUTABLES) -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) -$(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_VENDOR_SHARED_LIBRARIES := $(target_out_vendor_shared_libraries_base)/lib/$(TARGET_2ND_ARCH) -else $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_VENDOR_SHARED_LIBRARIES := $(target_out_vendor_shared_libraries_base)/lib -endif $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_VENDOR_RENDERSCRIPT_BITCODE := $($(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_VENDOR_SHARED_LIBRARIES) $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_VENDOR_APPS := $(TARGET_OUT_VENDOR_APPS) $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_VENDOR_APPS_PRIVILEGED := $(TARGET_OUT_VENDOR_APPS_PRIVILEGED) @@ -678,11 +658,7 @@ TARGET_OUT_OEM_ETC := $(TARGET_OUT_OEM)/etc TARGET_OUT_OEM_ETC $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_OEM_EXECUTABLES := $(TARGET_OUT_OEM_EXECUTABLES) -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) -$(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_OEM_SHARED_LIBRARIES := $(TARGET_OUT_OEM)/lib/$(TARGET_2ND_ARCH) -else $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_OEM_SHARED_LIBRARIES := $(TARGET_OUT_OEM)/lib -endif $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_OEM_APPS := $(TARGET_OUT_OEM_APPS) .KATI_READONLY := \ $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_OEM_EXECUTABLES \ @@ -728,11 +704,7 @@ TARGET_OUT_ODM_ETC := $(TARGET_OUT_ODM)/etc TARGET_OUT_ODM_ETC $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_ODM_EXECUTABLES := $(TARGET_OUT_ODM_EXECUTABLES) -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) -$(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_ODM_SHARED_LIBRARIES := $(target_out_odm_shared_libraries_base)/lib/$(TARGET_2ND_ARCH) -else $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_ODM_SHARED_LIBRARIES := $(target_out_odm_shared_libraries_base)/lib -endif $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_ODM_RENDERSCRIPT_BITCODE := $($(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_ODM_SHARED_LIBRARIES) $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_ODM_APPS := $(TARGET_OUT_ODM_APPS) $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_ODM_APPS_PRIVILEGED := $(TARGET_OUT_ODM_APPS_PRIVILEGED) @@ -778,11 +750,7 @@ TARGET_OUT_PRODUCT_ETC := $(TARGET_OUT_PRODUCT)/etc TARGET_OUT_PRODUCT_ETC $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_PRODUCT_EXECUTABLES := $(TARGET_OUT_PRODUCT_EXECUTABLES) -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) -$(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_PRODUCT_SHARED_LIBRARIES := $(target_out_product_shared_libraries_base)/lib/$(TARGET_2ND_ARCH) -else $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_PRODUCT_SHARED_LIBRARIES := $(target_out_product_shared_libraries_base)/lib -endif $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_PRODUCT_APPS := $(TARGET_OUT_PRODUCT_APPS) $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_PRODUCT_APPS_PRIVILEGED := $(TARGET_OUT_PRODUCT_APPS_PRIVILEGED) .KATI_READONLY := \ @@ -825,11 +793,7 @@ TARGET_OUT_SYSTEM_EXT_EXECUTABLES := $(TARGET_OUT_SYSTEM_EXT)/bin TARGET_OUT_SYSTEM_EXT_ETC $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_SYSTEM_EXT_EXECUTABLES := $(TARGET_OUT_SYSTEM_EXT_EXECUTABLES) -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) -$(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_SYSTEM_EXT_SHARED_LIBRARIES := $(target_out_system_ext_shared_libraries_base)/lib/$(TARGET_2ND_ARCH) -else $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_SYSTEM_EXT_SHARED_LIBRARIES := $(target_out_system_ext_shared_libraries_base)/lib -endif $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_SYSTEM_EXT_APPS := $(TARGET_OUT_SYSTEM_EXT_APPS) $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_SYSTEM_EXT_APPS_PRIVILEGED := $(TARGET_OUT_SYSTEM_EXT_APPS_PRIVILEGED) .KATI_READONLY := \ diff --git a/core/executable.mk b/core/executable.mk index e71ff339b8..c8d9272627 100644 --- a/core/executable.mk +++ b/core/executable.mk @@ -20,15 +20,6 @@ endif ifneq (true,$(my_skip_this_target)) $(call record-module-type,EXECUTABLE) -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) -# If a native test explicity specifies to build only for the translation arch, -# we'll still need LOCAL_MULTILIB=both and let module_arch_supported.mk choose -# to build only for TARGET_2ND_ARCH. -ifneq (1,$(words $(LOCAL_MODULE_TARGET_ARCH))) -LOCAL_MULTILIB := first -endif -endif - my_prefix := TARGET_ include $(BUILD_SYSTEM)/multilib.mk diff --git a/core/main.mk b/core/main.mk index b91770b08b..1b2b3e6e78 100644 --- a/core/main.mk +++ b/core/main.mk @@ -490,7 +490,6 @@ CUSTOM_MODULES := \ # # Resolve the required module name to 32-bit or 64-bit variant. # Get a list of corresponding 32-bit module names, if one exists. -ifneq ($(TARGET_TRANSLATE_2ND_ARCH),true) define get-32-bit-modules $(sort $(foreach m,$(1),\ $(if $(ALL_MODULES.$(m)$(TARGET_2ND_ARCH_MODULE_SUFFIX).CLASS),\ @@ -504,15 +503,6 @@ $(sort $(foreach m,$(1),\ $(m)$(TARGET_2ND_ARCH_MODULE_SUFFIX), \ $(m)))) endef -else # TARGET_TRANSLATE_2ND_ARCH -# For binary translation config, by default only install the first arch. -define get-32-bit-modules -endef - -define get-32-bit-modules-if-we-can -$(strip $(1)) -endef -endif # TARGET_TRANSLATE_2ND_ARCH # TODO: we can probably check to see if these modules are actually host # modules @@ -1494,7 +1484,7 @@ files: $(modules_to_install) \ # ------------------------------------------------------------------- .PHONY: checkbuild -checkbuild: $(modules_to_check) droid_targets +checkbuild: $(modules_to_check) droid_targets check-elf-files ifeq (true,$(ANDROID_BUILD_EVERYTHING_BY_DEFAULT)) droid: checkbuild diff --git a/core/package.mk b/core/package.mk index 854e0093c6..6bde48553d 100644 --- a/core/package.mk +++ b/core/package.mk @@ -7,14 +7,6 @@ $(call record-module-type,PACKAGE) my_prefix := TARGET_ include $(BUILD_SYSTEM)/multilib.mk -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) - ifeq ($(TARGET_SUPPORTS_64_BIT_APPS),true) - my_module_multilib := first - else ifneq ($(my_module_multilib),64) - my_module_multilib := first - endif -endif - ifeq ($(TARGET_SUPPORTS_32_BIT_APPS)|$(TARGET_SUPPORTS_64_BIT_APPS),true|true) # packages default to building for either architecture, # the preferred if its supported, otherwise the non-preferred. diff --git a/core/prebuilt.mk b/core/prebuilt.mk index 9d284fb53c..4512cd9e8a 100644 --- a/core/prebuilt.mk +++ b/core/prebuilt.mk @@ -12,13 +12,6 @@ ifdef LOCAL_IS_HOST_MODULE LOCAL_HOST_PREFIX := else my_prefix := TARGET_ - - ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) - # Only support prebuilt shared and static libraries for translated arch - ifeq ($(filter SHARED_LIBRARIES STATIC_LIBRARIES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),) - LOCAL_MULTILIB := first - endif - endif endif include $(BUILD_SYSTEM)/multilib.mk diff --git a/core/soong_cc_prebuilt.mk b/core/soong_cc_prebuilt.mk index 34dd3e8d80..09eb419a12 100644 --- a/core/soong_cc_prebuilt.mk +++ b/core/soong_cc_prebuilt.mk @@ -31,20 +31,6 @@ else $(call pretty-error,Unsupported LOCAL_MODULE_$(my_prefix)ARCH=$(LOCAL_MODULE_$(my_prefix)ARCH)) endif -skip_module := -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) - ifndef LOCAL_IS_HOST_MODULE - ifdef LOCAL_2ND_ARCH_VAR_PREFIX - # Only support shared and static libraries and tests for translated arch - ifeq ($(filter SHARED_LIBRARIES STATIC_LIBRARIES HEADER_LIBRARIES NATIVE_TESTS,$(LOCAL_MODULE_CLASS)),) - skip_module := true - endif - endif - endif -endif - -ifndef skip_module - # Don't install static libraries by default. ifndef LOCAL_UNINSTALLABLE_MODULE ifeq (STATIC_LIBRARIES,$(LOCAL_MODULE_CLASS)) @@ -233,7 +219,3 @@ installed_static_library_notice_file_targets := \ $(notice_target): | $(installed_static_library_notice_file_targets) $(LOCAL_INSTALLED_MODULE): | $(notice_target) - -endif # !skip_module - -skip_module := diff --git a/core/soong_rust_prebuilt.mk b/core/soong_rust_prebuilt.mk index ea43078457..23d18c4c1f 100644 --- a/core/soong_rust_prebuilt.mk +++ b/core/soong_rust_prebuilt.mk @@ -28,21 +28,6 @@ else $(call pretty-error,Unsupported LOCAL_MODULE_$(my_prefix)ARCH=$(LOCAL_MODULE_$(my_prefix)ARCH)) endif -skip_module := -ifeq ($(TARGET_TRANSLATE_2ND_ARCH),true) - ifndef LOCAL_IS_HOST_MODULE - ifdef LOCAL_2ND_ARCH_VAR_PREFIX - # Only support rlib and dylib libraries for translated arch - ifeq ($(filter RLIB_LIBRARIES DYLIB_LIBRARIES PROC_MACRO_LIBRARIES,$(LOCAL_MODULE_CLASS)),) - skip_module := true - endif - endif - endif -endif - - -ifndef skip_module - # Don't install rlib/proc_macro libraries. ifndef LOCAL_UNINSTALLABLE_MODULE ifneq ($(filter RLIB_LIBRARIES PROC_MACRO_LIBRARIES,$(LOCAL_MODULE_CLASS)),) @@ -121,7 +106,3 @@ installed_static_library_notice_file_targets += \ $(notice_target): | $(installed_static_library_notice_file_targets) $(LOCAL_INSTALLED_MODULE): | $(notice_target) -endif # !skip_module - -skip_module := - diff --git a/target/board/BoardConfigEmuCommon.mk b/target/board/BoardConfigEmuCommon.mk index f941918e36..d11f9d2ff1 100644 --- a/target/board/BoardConfigEmuCommon.mk +++ b/target/board/BoardConfigEmuCommon.mk @@ -7,6 +7,9 @@ HAVE_HTC_AUDIO_DRIVER := true BOARD_USES_GENERIC_AUDIO := true TARGET_BOOTLOADER_BOARD_NAME := goldfish_$(TARGET_ARCH) +# No Kernel +TARGET_NO_KERNEL := true + # no hardware camera USE_CAMERA_STUB := true @@ -48,6 +51,8 @@ ifeq ($(PRODUCT_USE_DYNAMIC_PARTITIONS),true) TARGET_COPY_OUT_SYSTEM_EXT := system_ext BOARD_SYSTEM_EXTIMAGE_FILE_SYSTEM_TYPE := ext4 else + TARGET_COPY_OUT_PRODUCT := system/product + TARGET_COPY_OUT_SYSTEM_EXT := system/system_ext BOARD_EMULATOR_DYNAMIC_PARTITIONS_PARTITION_LIST := \ system \ vendor @@ -69,6 +74,12 @@ else BOARD_VENDORIMAGE_PARTITION_SIZE := 146800640 endif +# Enable chain partition for system. +BOARD_AVB_SYSTEM_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem +BOARD_AVB_SYSTEM_ALGORITHM := SHA256_RSA2048 +BOARD_AVB_SYSTEM_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP) +BOARD_AVB_SYSTEM_ROLLBACK_INDEX_LOCATION := 1 + BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE := ext4 BOARD_FLASH_BLOCK_SIZE := 512 DEVICE_MATRIX_FILE := device/generic/goldfish/compatibility_matrix.xml diff --git a/target/board/BoardConfigGsiCommon.mk b/target/board/BoardConfigGsiCommon.mk index 4c783c0f3a..61aa67cd7d 100644 --- a/target/board/BoardConfigGsiCommon.mk +++ b/target/board/BoardConfigGsiCommon.mk @@ -33,12 +33,6 @@ BOARD_USES_METADATA_PARTITION := true # updating the last seen rollback index in the tamper-evident storage. BOARD_AVB_ROLLBACK_INDEX := 0 -# Enable chain partition for system. -BOARD_AVB_SYSTEM_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem -BOARD_AVB_SYSTEM_ALGORITHM := SHA256_RSA2048 -BOARD_AVB_SYSTEM_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP) -BOARD_AVB_SYSTEM_ROLLBACK_INDEX_LOCATION := 1 - # GSI specific System Properties ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) TARGET_SYSTEM_EXT_PROP := build/make/target/board/gsi_system_ext.prop diff --git a/target/board/generic_x86_arm/BoardConfig.mk b/target/board/generic_x86_arm/BoardConfig.mk index e879001580..3fbf79bd61 100644 --- a/target/board/generic_x86_arm/BoardConfig.mk +++ b/target/board/generic_x86_arm/BoardConfig.mk @@ -25,10 +25,18 @@ TARGET_NATIVE_BRIDGE_ABI := armeabi-v7a armeabi BUILD_BROKEN_DUP_RULES := true - -include build/make/target/board/BoardConfigGsiCommon.mk +# +# The inclusion order below is important. +# The settings in latter makefiles overwrite those in the former. +# +include build/make/target/board/BoardConfigMainlineCommon.mk include build/make/target/board/BoardConfigEmuCommon.mk +# the settings differ from BoardConfigMainlineCommon.mk +BOARD_USES_SYSTEM_OTHER_ODEX := +BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE := ext4 +BOARD_CACHEIMAGE_PARTITION_SIZE := 16777216 + # Resize to 4G to accomodate ASAN and CTS BOARD_USERDATAIMAGE_PARTITION_SIZE := 4294967296 diff --git a/target/board/generic_x86_arm/device.mk b/target/board/generic_x86_arm/device.mk index 0a3241511a..fa1eb67f61 100644 --- a/target/board/generic_x86_arm/device.mk +++ b/target/board/generic_x86_arm/device.mk @@ -13,12 +13,3 @@ # See the License for the specific language governing permissions and # limitations under the License. # - -# NFC: -# Provide default libnfc-nci.conf file for devices that does not have one in -# vendor/etc because aosp system image (of aosp_$arch products) is going to -# be used as GSI. -# May need to remove the following for newly launched devices in P since this -# NFC configuration file should be in vendor/etc, instead of system/etc -PRODUCT_COPY_FILES += \ - device/generic/common/nfc/libnfc-nci.conf:system/etc/libnfc-nci.conf diff --git a/target/product/aosp_x86_arm.mk b/target/product/aosp_x86_arm.mk index 70aa64ee2d..c0f8f8a02e 100644 --- a/target/product/aosp_x86_arm.mk +++ b/target/product/aosp_x86_arm.mk @@ -16,27 +16,35 @@ PRODUCT_USE_DYNAMIC_PARTITIONS := true -# aosp_x86 with arm libraries needed by binary translation. - -# The system image of aosp_x86-userdebug is a GSI for the devices with: -# - x86 32 bits user space -# - 64 bits binder interface -# - system-as-root -# - VNDK enforcement -# - compatible property override enabled +# +# All components inherited here go to system image +# +$(call inherit-product, $(SRC_TARGET_DIR)/product/mainline_system.mk) --include device/generic/goldfish/x86-vendor.mk +# Enable mainline checking +ifeq (aosp_x86_arm,$(TARGET_PRODUCT)) +PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS := relaxed +endif -include $(SRC_TARGET_DIR)/product/full_x86.mk +# TODO (b/138382074): remove following setting after enable product/system_ext +PRODUCT_ARTIFACT_PATH_REQUIREMENT_WHITELIST += \ + system/product/% \ + system/system_ext/% -# Enable dynamic partition size -PRODUCT_USE_DYNAMIC_PARTITION_SIZE := true +# +# All components inherited here go to product image +# +$(call inherit-product, $(SRC_TARGET_DIR)/product/aosp_product.mk) -# Needed by Pi newly launched device to pass VtsTrebleSysProp on GSI -PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE := true +# +# All components inherited here go to vendor image +# +$(call inherit-product-if-exists, device/generic/goldfish/x86-vendor.mk) +$(call inherit-product, $(SRC_TARGET_DIR)/product/emulator_vendor.mk) +$(call inherit-product, $(SRC_TARGET_DIR)/board/generic_x86_arm/device.mk) -# Support addtional P vendor interface -PRODUCT_EXTRA_VNDK_VERSIONS := 28 PRODUCT_NAME := aosp_x86_arm PRODUCT_DEVICE := generic_x86_arm +PRODUCT_BRAND := Android +PRODUCT_MODEL := AOSP on IA Emulator diff --git a/target/product/base_system.mk b/target/product/base_system.mk index 44fc7e45db..dab84877db 100644 --- a/target/product/base_system.mk +++ b/target/product/base_system.mk @@ -362,6 +362,7 @@ PRODUCT_PACKAGES_DEBUG := \ adb_keys \ arping \ gdbserver \ + idlcli \ init-debug.rc \ iotop \ iperf3 \ diff --git a/target/product/base_vendor.mk b/target/product/base_vendor.mk index f3705ea656..1e1effb538 100644 --- a/target/product/base_vendor.mk +++ b/target/product/base_vendor.mk @@ -75,7 +75,3 @@ PRODUCT_PACKAGES += \ # VINTF data for vendor image PRODUCT_PACKAGES += \ device_compatibility_matrix.xml \ - -PRODUCT_PACKAGES += \ - libprotobuf-cpp-lite-vendorcompat \ - libprotobuf-cpp-full-vendorcompat \ diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk index a0b2d6dc65..3631cfdb27 100644 --- a/target/product/security/Android.mk +++ b/target/product/security/Android.mk @@ -1,7 +1,7 @@ LOCAL_PATH:= $(call my-dir) ####################################### -# verity_key +# verity_key (installed to /, i.e. part of system.img) include $(CLEAR_VARS) LOCAL_MODULE := verity_key @@ -9,9 +9,29 @@ LOCAL_SRC_FILES := $(LOCAL_MODULE) LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) +# For devices using a separate ramdisk, we need a copy there to establish the chain of trust. +ifneq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true) +LOCAL_REQUIRED_MODULES := verity_key_ramdisk +endif + include $(BUILD_PREBUILT) ####################################### +# verity_key (installed to ramdisk) +# +# Enabling the target when using system-as-root would cause build failure, as TARGET_RAMDISK_OUT +# points to the same location as TARGET_ROOT_OUT. +ifneq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true) + include $(CLEAR_VARS) + LOCAL_MODULE := verity_key_ramdisk + LOCAL_MODULE_CLASS := ETC + LOCAL_SRC_FILES := verity_key + LOCAL_MODULE_STEM := verity_key + LOCAL_MODULE_PATH := $(TARGET_RAMDISK_OUT) + include $(BUILD_PREBUILT) +endif + +####################################### # adb key, if configured via PRODUCT_ADB_KEYS ifdef PRODUCT_ADB_KEYS ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),) diff --git a/tools/extract_kernel.py b/tools/extract_kernel.py index 42561cf0c6..8ca11d1cc6 100755 --- a/tools/extract_kernel.py +++ b/tools/extract_kernel.py @@ -100,19 +100,25 @@ def dump_configs(input_bytes): return o -def try_decompress(cmd, search_bytes, input_bytes): - idx = input_bytes.find(search_bytes) - if idx < 0: - return None - - idx = 0 +def try_decompress_bytes(cmd, input_bytes): sp = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - o, _ = sp.communicate(input=input_bytes[idx:]) + o, _ = sp.communicate(input=input_bytes) # ignore errors return o +def try_decompress(cmd, search_bytes, input_bytes): + idx = 0 + while True: + idx = input_bytes.find(search_bytes, idx) + if idx < 0: + raise StopIteration() + + yield try_decompress_bytes(cmd, input_bytes[idx:]) + idx += 1 + + def decompress_dump(func, input_bytes): """ Run func(input_bytes) first; and if that fails (returns value evaluates to @@ -122,15 +128,15 @@ def decompress_dump(func, input_bytes): if o: return o for cmd, search_bytes in COMPRESSION_ALGO: - decompressed = try_decompress(cmd, search_bytes, input_bytes) - if decompressed: - o = func(decompressed) - if o: - return o + for decompressed in try_decompress(cmd, search_bytes, input_bytes): + if decompressed: + o = decompress_dump(func, decompressed) + if o: + return o # Force decompress the whole file even if header doesn't match - decompressed = try_decompress(cmd, b"", input_bytes) + decompressed = try_decompress_bytes(cmd, input_bytes) if decompressed: - o = func(decompressed) + o = decompress_dump(func, decompressed) if o: return o diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py index dc75ce2605..de947f329a 100755 --- a/tools/releasetools/ota_from_target_files.py +++ b/tools/releasetools/ota_from_target_files.py @@ -250,7 +250,12 @@ UNZIP_PATTERN = ['IMAGES/*', 'META/*', 'OTA/*', 'RADIO/*'] TARGET_DIFFING_UNZIP_PATTERN = ['BOOT', 'RECOVERY', 'SYSTEM/*', 'VENDOR/*', 'PRODUCT/*', 'SYSTEM_EXT/*', 'ODM/*'] RETROFIT_DAP_UNZIP_PATTERN = ['OTA/super_*.img', AB_PARTITIONS] -SECONDARY_IMAGES_SKIP_PARTITIONS = ['odm', 'product', 'system_ext', 'vendor'] + +# Images to be excluded from secondary payload. We essentially only keep +# 'system_other' and bootloader partitions. +SECONDARY_PAYLOAD_SKIPPED_IMAGES = [ + 'boot', 'dtbo', 'modem', 'odm', 'product', 'radio', 'recovery', + 'system_ext', 'vbmeta', 'vbmeta_system', 'vbmeta_vendor', 'vendor'] class BuildInfo(object): @@ -299,6 +304,9 @@ class BuildInfo(object): that it always uses the first dict to calculate the fingerprint or the device name. The rest would be used for asserting OEM properties only (e.g. one package can be installed on one of these devices). + + Raises: + ValueError: On invalid inputs. """ self.info_dict = info_dict self.oem_dicts = oem_dicts @@ -313,6 +321,13 @@ class BuildInfo(object): self._device = self.GetOemProperty("ro.product.device") self._fingerprint = self.CalculateFingerprint() + # Sanity check the build fingerprint. + if (' ' in self._fingerprint or + any(ord(ch) > 127 for ch in self._fingerprint)): + raise ValueError( + 'Invalid build fingerprint: "{}". See the requirement in Android CDD ' + '3.2.2. Build Parameters.'.format(self._fingerprint)) + @property def is_ab(self): return self._is_ab @@ -1824,7 +1839,7 @@ def GetTargetFilesZipForSecondaryImages(input_file, skip_postinstall=False): if key == 'dynamic_partition_list' or key.endswith(LIST_SUFFIX): partitions = value.split() partitions = [partition for partition in partitions if partition - not in SECONDARY_IMAGES_SKIP_PARTITIONS] + not in SECONDARY_PAYLOAD_SKIPPED_IMAGES] output_list.append('{}={}'.format(key, ' '.join(partitions))) else: output_list.append(line) @@ -1846,10 +1861,13 @@ def GetTargetFilesZipForSecondaryImages(input_file, skip_postinstall=False): elif info.filename in ('IMAGES/system.img', 'IMAGES/system.map'): pass - # Images like vendor and product are not needed in the secondary payload. - elif info.filename in ['IMAGES/{}.img'.format(partition) for partition in - SECONDARY_IMAGES_SKIP_PARTITIONS]: - pass + + # Copy images that are not in SECONDARY_PAYLOAD_SKIPPED_IMAGES. + elif info.filename.startswith(('IMAGES/', 'RADIO/')): + image_name = os.path.basename(info.filename) + if image_name not in ['{}.img'.format(partition) for partition in + SECONDARY_PAYLOAD_SKIPPED_IMAGES]: + common.ZipWrite(target_zip, unzipped_file, arcname=info.filename) # Skip copying the postinstall config if requested. elif skip_postinstall and info.filename == POSTINSTALL_CONFIG: @@ -1862,7 +1880,7 @@ def GetTargetFilesZipForSecondaryImages(input_file, skip_postinstall=False): with open(unzipped_file) as f: partition_list = f.read().splitlines() partition_list = [partition for partition in partition_list if partition - and partition not in SECONDARY_IMAGES_SKIP_PARTITIONS] + and partition not in SECONDARY_PAYLOAD_SKIPPED_IMAGES] common.ZipWriteStr(target_zip, info.filename, '\n'.join(partition_list)) # Remove the unnecessary partitions from the dynamic partitions list. elif (info.filename == 'META/misc_info.txt' or @@ -1871,8 +1889,6 @@ def GetTargetFilesZipForSecondaryImages(input_file, skip_postinstall=False): common.ZipWriteStr(target_zip, info.filename, modified_info) else: common.ZipWrite(target_zip, unzipped_file, arcname=info.filename) - elif info.filename.startswith(('IMAGES/', 'RADIO/')): - common.ZipWrite(target_zip, unzipped_file, arcname=info.filename) common.ZipClose(target_zip) diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py index 3119afa65a..1f41431b78 100755 --- a/tools/releasetools/sign_target_files_apks.py +++ b/tools/releasetools/sign_target_files_apks.py @@ -602,11 +602,16 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, ReplaceVerityPrivateKey(misc_info, OPTIONS.replace_verity_private_key[1]) if OPTIONS.replace_verity_public_key: - dest = "ROOT/verity_key" if system_root_image else "BOOT/RAMDISK/verity_key" - # We are replacing the one in boot image only, since the one under - # recovery won't ever be needed. + # Replace the one in root dir in system.img. ReplaceVerityPublicKey( - output_tf_zip, dest, OPTIONS.replace_verity_public_key[1]) + output_tf_zip, 'ROOT/verity_key', OPTIONS.replace_verity_public_key[1]) + + if not system_root_image: + # Additionally replace the copy in ramdisk if not using system-as-root. + ReplaceVerityPublicKey( + output_tf_zip, + 'BOOT/RAMDISK/verity_key', + OPTIONS.replace_verity_public_key[1]) # Replace the keyid string in BOOT/cmdline. if OPTIONS.replace_verity_keyid: diff --git a/tools/releasetools/test_ota_from_target_files.py b/tools/releasetools/test_ota_from_target_files.py index 0846d87156..9825a5ea13 100644 --- a/tools/releasetools/test_ota_from_target_files.py +++ b/tools/releasetools/test_ota_from_target_files.py @@ -174,6 +174,14 @@ class BuildInfoTest(test_utils.ReleaseToolsTestCase): self.assertRaises(AssertionError, BuildInfo, self.TEST_INFO_DICT_USES_OEM_PROPS, None) + def test_init_badFingerprint(self): + info_dict = copy.deepcopy(self.TEST_INFO_DICT) + info_dict['build.prop']['ro.build.fingerprint'] = 'bad fingerprint' + self.assertRaises(ValueError, BuildInfo, info_dict, None) + + info_dict['build.prop']['ro.build.fingerprint'] = 'bad\x80fingerprint' + self.assertRaises(ValueError, BuildInfo, info_dict, None) + def test___getitem__(self): target_info = BuildInfo(self.TEST_INFO_DICT, None) self.assertEqual('value1', target_info['property1']) @@ -591,16 +599,16 @@ class OtaFromTargetFilesTest(test_utils.ReleaseToolsTestCase): ab_partitions = verify_zip.read('META/ab_partitions.txt') self.assertIn('META/ab_partitions.txt', namelist) - self.assertIn('IMAGES/boot.img', namelist) self.assertIn('IMAGES/system.img', namelist) self.assertIn('RADIO/bootloader.img', namelist) - self.assertIn('RADIO/modem.img', namelist) self.assertIn(POSTINSTALL_CONFIG, namelist) + self.assertNotIn('IMAGES/boot.img', namelist) self.assertNotIn('IMAGES/system_other.img', namelist) self.assertNotIn('IMAGES/system.map', namelist) + self.assertNotIn('RADIO/modem.img', namelist) - expected_ab_partitions = ['boot', 'system', 'bootloader', 'modem'] + expected_ab_partitions = ['system', 'bootloader'] self.assertEqual('\n'.join(expected_ab_partitions), ab_partitions) @test_utils.SkipIfExternalToolsUnavailable() @@ -613,13 +621,13 @@ class OtaFromTargetFilesTest(test_utils.ReleaseToolsTestCase): namelist = verify_zip.namelist() self.assertIn('META/ab_partitions.txt', namelist) - self.assertIn('IMAGES/boot.img', namelist) self.assertIn('IMAGES/system.img', namelist) self.assertIn('RADIO/bootloader.img', namelist) - self.assertIn('RADIO/modem.img', namelist) + self.assertNotIn('IMAGES/boot.img', namelist) self.assertNotIn('IMAGES/system_other.img', namelist) self.assertNotIn('IMAGES/system.map', namelist) + self.assertNotIn('RADIO/modem.img', namelist) self.assertNotIn(POSTINSTALL_CONFIG, namelist) @test_utils.SkipIfExternalToolsUnavailable() @@ -633,10 +641,10 @@ class OtaFromTargetFilesTest(test_utils.ReleaseToolsTestCase): namelist = verify_zip.namelist() self.assertIn('META/ab_partitions.txt', namelist) - self.assertIn('IMAGES/boot.img', namelist) self.assertIn('IMAGES/system.img', namelist) self.assertIn(POSTINSTALL_CONFIG, namelist) + self.assertNotIn('IMAGES/boot.img', namelist) self.assertNotIn('IMAGES/system_other.img', namelist) self.assertNotIn('IMAGES/system.map', namelist) self.assertNotIn('RADIO/bootloader.img', namelist) @@ -673,12 +681,12 @@ class OtaFromTargetFilesTest(test_utils.ReleaseToolsTestCase): 'META/dynamic_partitions_info.txt') self.assertIn('META/ab_partitions.txt', namelist) - self.assertIn('IMAGES/boot.img', namelist) self.assertIn('IMAGES/system.img', namelist) self.assertIn(POSTINSTALL_CONFIG, namelist) self.assertIn('META/misc_info.txt', namelist) self.assertIn('META/dynamic_partitions_info.txt', namelist) + self.assertNotIn('IMAGES/boot.img', namelist) self.assertNotIn('IMAGES/system_other.img', namelist) self.assertNotIn('IMAGES/system.map', namelist) diff --git a/tools/releasetools/test_validate_target_files.py b/tools/releasetools/test_validate_target_files.py index 0f0d773c6a..9c816eb416 100644 --- a/tools/releasetools/test_validate_target_files.py +++ b/tools/releasetools/test_validate_target_files.py @@ -143,21 +143,52 @@ class ValidateTargetFilesTest(test_utils.ReleaseToolsTestCase): verity_image_builder.Build(output_file) @test_utils.SkipIfExternalToolsUnavailable() - def test_ValidateVerifiedBootImages_systemImage(self): + def test_ValidateVerifiedBootImages_systemRootImage(self): input_tmp = common.MakeTempDir() os.mkdir(os.path.join(input_tmp, 'IMAGES')) system_image = os.path.join(input_tmp, 'IMAGES', 'system.img') self._generate_system_image(system_image) # Pack the verity key. - verity_key_mincrypt = os.path.join( - input_tmp, 'BOOT', 'RAMDISK', 'verity_key') + verity_key_mincrypt = os.path.join(input_tmp, 'ROOT', 'verity_key') os.makedirs(os.path.dirname(verity_key_mincrypt)) shutil.copyfile( os.path.join(self.testdata_dir, 'testkey_mincrypt'), verity_key_mincrypt) info_dict = { + 'system_root_image' : 'true', + 'verity' : 'true', + } + options = { + 'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'), + 'verity_key_mincrypt' : verity_key_mincrypt, + } + ValidateVerifiedBootImages(input_tmp, info_dict, options) + + @test_utils.SkipIfExternalToolsUnavailable() + def test_ValidateVerifiedBootImages_nonSystemRootImage(self): + input_tmp = common.MakeTempDir() + os.mkdir(os.path.join(input_tmp, 'IMAGES')) + system_image = os.path.join(input_tmp, 'IMAGES', 'system.img') + self._generate_system_image(system_image) + + # Pack the verity key into the root dir in system.img. + verity_key_mincrypt = os.path.join(input_tmp, 'ROOT', 'verity_key') + os.makedirs(os.path.dirname(verity_key_mincrypt)) + shutil.copyfile( + os.path.join(self.testdata_dir, 'testkey_mincrypt'), + verity_key_mincrypt) + + # And a copy in ramdisk. + verity_key_ramdisk = os.path.join( + input_tmp, 'BOOT', 'RAMDISK', 'verity_key') + os.makedirs(os.path.dirname(verity_key_ramdisk)) + shutil.copyfile( + os.path.join(self.testdata_dir, 'testkey_mincrypt'), + verity_key_ramdisk) + + info_dict = { 'verity' : 'true', } options = { @@ -167,6 +198,39 @@ class ValidateTargetFilesTest(test_utils.ReleaseToolsTestCase): ValidateVerifiedBootImages(input_tmp, info_dict, options) @test_utils.SkipIfExternalToolsUnavailable() + def test_ValidateVerifiedBootImages_nonSystemRootImage_mismatchingKeys(self): + input_tmp = common.MakeTempDir() + os.mkdir(os.path.join(input_tmp, 'IMAGES')) + system_image = os.path.join(input_tmp, 'IMAGES', 'system.img') + self._generate_system_image(system_image) + + # Pack the verity key into the root dir in system.img. + verity_key_mincrypt = os.path.join(input_tmp, 'ROOT', 'verity_key') + os.makedirs(os.path.dirname(verity_key_mincrypt)) + shutil.copyfile( + os.path.join(self.testdata_dir, 'testkey_mincrypt'), + verity_key_mincrypt) + + # And an invalid copy in ramdisk. + verity_key_ramdisk = os.path.join( + input_tmp, 'BOOT', 'RAMDISK', 'verity_key') + os.makedirs(os.path.dirname(verity_key_ramdisk)) + shutil.copyfile( + os.path.join(self.testdata_dir, 'verity_mincrypt'), + verity_key_ramdisk) + + info_dict = { + 'verity' : 'true', + } + options = { + 'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'), + 'verity_key_mincrypt' : verity_key_mincrypt, + } + self.assertRaises( + AssertionError, ValidateVerifiedBootImages, input_tmp, info_dict, + options) + + @test_utils.SkipIfExternalToolsUnavailable() def test_ValidateFileConsistency_incompleteRange(self): input_tmp = common.MakeTempDir() os.mkdir(os.path.join(input_tmp, 'IMAGES')) diff --git a/tools/releasetools/validate_target_files.py b/tools/releasetools/validate_target_files.py index d189499dc3..c299a488ae 100755 --- a/tools/releasetools/validate_target_files.py +++ b/tools/releasetools/validate_target_files.py @@ -276,15 +276,12 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options): # Verify verity signed system images in Verified Boot 1.0. Note that not using # 'elif' here, since 'boot_signer' and 'verity' are not bundled in VB 1.0. if info_dict.get('verity') == 'true': - # First verify that the verity key that's built into the root image (as - # /verity_key) matches the one given via command line, if any. - if info_dict.get("system_root_image") == "true": - verity_key_mincrypt = os.path.join(input_tmp, 'ROOT', 'verity_key') - else: - verity_key_mincrypt = os.path.join( - input_tmp, 'BOOT', 'RAMDISK', 'verity_key') + # First verify that the verity key is built into the root image (regardless + # of system-as-root). + verity_key_mincrypt = os.path.join(input_tmp, 'ROOT', 'verity_key') assert os.path.exists(verity_key_mincrypt), 'Missing verity_key' + # Verify /verity_key matches the one given via command line, if any. if options['verity_key_mincrypt'] is None: logging.warn( 'Skipped checking the content of /verity_key, as the key file not ' @@ -295,6 +292,18 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options): "Mismatching mincrypt verity key files" logging.info('Verified the content of /verity_key') + # For devices with a separate ramdisk (i.e. non-system-as-root), there must + # be a copy in ramdisk. + if info_dict.get("system_root_image") != "true": + verity_key_ramdisk = os.path.join( + input_tmp, 'BOOT', 'RAMDISK', 'verity_key') + assert os.path.exists(verity_key_ramdisk), 'Missing verity_key in ramdisk' + + assert filecmp.cmp( + verity_key_mincrypt, verity_key_ramdisk, shallow=False), \ + 'Mismatching verity_key files in root and ramdisk' + logging.info('Verified the content of /verity_key in ramdisk') + # Then verify the verity signed system/vendor/product images, against the # verity pubkey in mincrypt format. for image in ('system.img', 'vendor.img', 'product.img'): |