Update security string to 2022-03-01 am: 389f21950c am: eb389ab195 am: da539453f8 am: 0c1d6c0f4e
Original change: https://googleplex-android-review.googlesource.com/c/platform/build/+/16579523
Change-Id: I6587646279387e16f46698d11b28b36ad887e286
diff --git a/core/Makefile b/core/Makefile
index 45ad60f..3e748eb 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -420,13 +420,6 @@
@echo Target buildinfo: $@
@mkdir -p $(dir $@)
$(hide) echo > $@
-ifneq ($(PRODUCT_OEM_PROPERTIES),)
- $(hide) echo "#" >> $@; \
- echo "# PRODUCT_OEM_PROPERTIES" >> $@; \
- echo "#" >> $@;
- $(hide) $(foreach prop,$(PRODUCT_OEM_PROPERTIES), \
- echo "import /oem/oem.prop $(prop)" >> $@;)
-endif
$(hide) PRODUCT_BRAND="$(PRODUCT_SYSTEM_BRAND)" \
PRODUCT_MANUFACTURER="$(PRODUCT_SYSTEM_MANUFACTURER)" \
PRODUCT_MODEL="$(PRODUCT_SYSTEM_MODEL)" \
@@ -605,6 +598,13 @@
$(hide) $(foreach line,$(FINAL_PRODUCT_PROPERTIES), \
echo "$(line)" >> $@;)
$(hide) $(POST_PROCESS_PROPS) $@
+ifneq ($(PRODUCT_OEM_PROPERTIES),)
+ $(hide) echo "#" >> $@; \
+ echo "# PRODUCT_OEM_PROPERTIES" >> $@; \
+ echo "#" >> $@;
+ $(hide) $(foreach prop,$(PRODUCT_OEM_PROPERTIES), \
+ echo "import /oem/oem.prop $(prop)" >> $@;)
+endif
# ----------------------------------------------------------------
# odm build.prop
diff --git a/core/binary.mk b/core/binary.mk
index 23a201c..db476c0 100644
--- a/core/binary.mk
+++ b/core/binary.mk
@@ -64,10 +64,64 @@
my_export_c_include_deps := $(LOCAL_EXPORT_C_INCLUDE_DEPS)
my_arflags :=
+# Disable clang-tidy if it is not found.
+ifeq ($(PATH_TO_CLANG_TIDY),)
+ my_tidy_enabled := false
+else
+ # If LOCAL_TIDY is not defined, use global WITH_TIDY
+ my_tidy_enabled := $(LOCAL_TIDY)
+ ifeq ($(my_tidy_enabled),)
+ my_tidy_enabled := $(WITH_TIDY)
+ endif
+endif
+
+# my_tidy_checks is empty if clang-tidy is disabled.
+my_tidy_checks :=
+my_tidy_flags :=
+ifneq (,$(filter 1 true,$(my_tidy_enabled)))
+ # Set up global default checks
+ my_tidy_checks := $(WITH_TIDY_CHECKS)
+ ifeq ($(my_tidy_checks),)
+ my_tidy_checks := $(call default_global_tidy_checks,$(LOCAL_PATH))
+ endif
+ # Append local clang-tidy checks.
+ ifneq ($(LOCAL_TIDY_CHECKS),)
+ my_tidy_checks := $(my_tidy_checks),$(LOCAL_TIDY_CHECKS)
+ endif
+ my_tidy_flags := $(strip $(WITH_TIDY_FLAGS) $(LOCAL_TIDY_FLAGS))
+ # If tidy flags are not specified, default to check all header files.
+ ifeq ($(my_tidy_flags),)
+ my_tidy_flags := $(call default_tidy_header_filter,$(LOCAL_PATH))
+ endif
+ # If clang-tidy is not enabled globally, add the -quiet flag.
+ ifeq (,$(filter 1 true,$(WITH_TIDY)))
+ my_tidy_flags += -quiet -extra-arg-before=-fno-caret-diagnostics
+ endif
+
+ ifneq ($(my_tidy_checks),)
+ # We might be using the static analyzer through clang-tidy.
+ # https://bugs.llvm.org/show_bug.cgi?id=32914
+ my_tidy_flags += -extra-arg-before=-D__clang_analyzer__
+
+ # A recent change in clang-tidy (r328258) enabled destructor inlining,
+ # which appears to cause a number of false positives. Until that's
+ # resolved, this turns off the effects of r328258.
+ # https://bugs.llvm.org/show_bug.cgi?id=37459
+ my_tidy_flags += -extra-arg-before=-Xclang
+ my_tidy_flags += -extra-arg-before=-analyzer-config
+ my_tidy_flags += -extra-arg-before=-Xclang
+ my_tidy_flags += -extra-arg-before=c++-temp-dtor-inlining=false
+ endif
+endif
+
+my_tidy_checks := $(subst $(space),,$(my_tidy_checks))
+
# Configure the pool to use for clang rules.
# If LOCAL_CC or LOCAL_CXX is set don't use goma or RBE.
+# If clang-tidy is being used, don't use the RBE pool (as clang-tidy runs in
+# the same action, and is not remoted)
my_pool :=
-ifeq (,$(strip $(my_cc))$(strip $(my_cxx)))
+ifeq (,$(strip $(my_cc))$(strip $(my_cxx))$(strip $(my_tidy_checks)))
my_pool := $(GOMA_OR_RBE_POOL)
endif
@@ -1509,61 +1563,10 @@
endif
endif
-# Disable clang-tidy if it is not found.
-ifeq ($(PATH_TO_CLANG_TIDY),)
- my_tidy_enabled := false
-else
- # If LOCAL_TIDY is not defined, use global WITH_TIDY
- my_tidy_enabled := $(LOCAL_TIDY)
- ifeq ($(my_tidy_enabled),)
- my_tidy_enabled := $(WITH_TIDY)
- endif
-endif
-
-# my_tidy_checks is empty if clang-tidy is disabled.
-my_tidy_checks :=
-my_tidy_flags :=
-ifneq (,$(filter 1 true,$(my_tidy_enabled)))
- tidy_only: $(cpp_objects) $(c_objects) $(gen_c_objects) $(gen_cpp_objects)
- # Set up global default checks
- my_tidy_checks := $(WITH_TIDY_CHECKS)
- ifeq ($(my_tidy_checks),)
- my_tidy_checks := $(call default_global_tidy_checks,$(LOCAL_PATH))
- endif
- # Append local clang-tidy checks.
- ifneq ($(LOCAL_TIDY_CHECKS),)
- my_tidy_checks := $(my_tidy_checks),$(LOCAL_TIDY_CHECKS)
- endif
- my_tidy_flags := $(strip $(WITH_TIDY_FLAGS) $(LOCAL_TIDY_FLAGS))
- # If tidy flags are not specified, default to check all header files.
- ifeq ($(my_tidy_flags),)
- my_tidy_flags := $(call default_tidy_header_filter,$(LOCAL_PATH))
- endif
- # If clang-tidy is not enabled globally, add the -quiet flag.
- ifeq (,$(filter 1 true,$(WITH_TIDY)))
- my_tidy_flags += -quiet -extra-arg-before=-fno-caret-diagnostics
- endif
-
- ifneq ($(my_tidy_checks),)
- # We might be using the static analyzer through clang-tidy.
- # https://bugs.llvm.org/show_bug.cgi?id=32914
- my_tidy_flags += -extra-arg-before=-D__clang_analyzer__
-
- # A recent change in clang-tidy (r328258) enabled destructor inlining,
- # which appears to cause a number of false positives. Until that's
- # resolved, this turns off the effects of r328258.
- # https://bugs.llvm.org/show_bug.cgi?id=37459
- my_tidy_flags += -extra-arg-before=-Xclang
- my_tidy_flags += -extra-arg-before=-analyzer-config
- my_tidy_flags += -extra-arg-before=-Xclang
- my_tidy_flags += -extra-arg-before=c++-temp-dtor-inlining=false
- endif
-endif
-
-my_tidy_checks := $(subst $(space),,$(my_tidy_checks))
-
-# Add dependency of clang-tidy and clang-tidy.sh
ifneq ($(my_tidy_checks),)
+ tidy_only: $(cpp_objects) $(c_objects) $(gen_c_objects) $(gen_cpp_objects)
+
+ # Add dependency of clang-tidy and clang-tidy.sh
$(cpp_objects): $(intermediates)/%.o: $(PATH_TO_CLANG_TIDY)
$(c_objects): $(intermediates)/%.o: $(PATH_TO_CLANG_TIDY)
$(gen_cpp_objects): $(intermediates)/%.o: $(PATH_TO_CLANG_TIDY)
diff --git a/core/rbe.mk b/core/rbe.mk
index 91606d4..040ac0b 100644
--- a/core/rbe.mk
+++ b/core/rbe.mk
@@ -25,13 +25,13 @@
ifdef RBE_CXX_EXEC_STRATEGY
cxx_rbe_exec_strategy := $(RBE_CXX_EXEC_STRATEGY)
else
- cxx_rbe_exec_strategy := local
+ cxx_rbe_exec_strategy := "local"
endif
ifdef RBE_CXX_COMPARE
cxx_compare := $(RBE_CXX_COMPARE)
else
- cxx_compare := false
+ cxx_compare := "false"
endif
ifdef RBE_JAVAC_EXEC_STRATEGY
@@ -52,9 +52,9 @@
d8_exec_strategy := remote_local_fallback
endif
- platform := container-image=docker://gcr.io/androidbuild-re-dockerimage/android-build-remoteexec-image@sha256:582efb38f0c229ea39952fff9e132ccbe183e14869b39888010dacf56b360d62
- cxx_platform := $(platform),Pool=default
- java_r8_d8_platform := $(platform),Pool=java16
+ platform := "container-image=docker://gcr.io/androidbuild-re-dockerimage/android-build-remoteexec-image@sha256:582efb38f0c229ea39952fff9e132ccbe183e14869b39888010dacf56b360d62"
+ cxx_platform := $(platform)",Pool=default"
+ java_r8_d8_platform := $(platform)",Pool=java16"
RBE_WRAPPER := $(rbe_dir)/rewrapper
RBE_CXX := --labels=type=compile,lang=cpp,compiler=clang --env_var_allowlist=PWD --exec_strategy=$(cxx_rbe_exec_strategy) --platform=$(cxx_platform) --compare=$(cxx_compare)
@@ -65,15 +65,15 @@
CXX_WRAPPER := $(strip $(CXX_WRAPPER) $(RBE_WRAPPER) $(RBE_CXX))
ifdef RBE_JAVAC
- JAVAC_WRAPPER := $(strip $(JAVAC_WRAPPER) $(RBE_WRAPPER) --labels=type=compile,lang=java,compiler=javac --exec_strategy=$(javac_exec_strategy) --platform=$(java_r8_d8_platform))
+ JAVAC_WRAPPER := $(strip $(JAVAC_WRAPPER) $(RBE_WRAPPER) --labels=type=compile,lang=java,compiler=javac --exec_strategy=$(javac_exec_strategy) --platform="$(java_r8_d8_platform)")
endif
ifdef RBE_R8
- R8_WRAPPER := $(strip $(RBE_WRAPPER) --labels=type=compile,compiler=r8 --exec_strategy=$(r8_exec_strategy) --platform=$(java_r8_d8_platform) --inputs=out/soong/host/linux-x86/framework/r8-compat-proguard.jar,build/make/core/proguard_basic_keeps.flags --toolchain_inputs=prebuilts/jdk/jdk11/linux-x86/bin/java)
+ R8_WRAPPER := $(strip $(RBE_WRAPPER) --labels=type=compile,compiler=r8 --exec_strategy=$(r8_exec_strategy) --platform="$(java_r8_d8_platform)" --inputs=out/soong/host/linux-x86/framework/r8-compat-proguard.jar,build/make/core/proguard_basic_keeps.flags --toolchain_inputs=prebuilts/jdk/jdk11/linux-x86/bin/java)
endif
ifdef RBE_D8
- D8_WRAPPER := $(strip $(RBE_WRAPPER) --labels=type=compile,compiler=d8 --exec_strategy=$(d8_exec_strategy) --platform=$(java_r8_d8_platform) --inputs=out/soong/host/linux-x86/framework/d8.jar --toolchain_inputs=prebuilts/jdk/jdk11/linux-x86/bin/java)
+ D8_WRAPPER := $(strip $(RBE_WRAPPER) --labels=type=compile,compiler=d8 --exec_strategy=$(d8_exec_strategy) --platform="$(java_r8_d8_platform)" --inputs=out/soong/host/linux-x86/framework/d8.jar --toolchain_inputs=prebuilts/jdk/jdk11/linux-x86/bin/java)
endif
rbe_dir :=
diff --git a/target/board/generic_64bitonly_x86_64/BoardConfig.mk b/target/board/generic_64bitonly_x86_64/BoardConfig.mk
new file mode 100644
index 0000000..71c4357
--- /dev/null
+++ b/target/board/generic_64bitonly_x86_64/BoardConfig.mk
@@ -0,0 +1,45 @@
+# Copyright (C) 2020 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# x86_64 emulator specific definitions
+TARGET_CPU_ABI := x86_64
+TARGET_ARCH := x86_64
+TARGET_ARCH_VARIANT := x86_64
+
+# Keep the following for 32-bit native code support
+# There are a few native services still on 32-bit modes, e.g. media & audio.
+# Remove them in S.
+TARGET_2ND_CPU_ABI := x86
+TARGET_2ND_ARCH := x86
+TARGET_2ND_ARCH_VARIANT := x86_64
+
+TARGET_PRELINK_MODULE := false
+include build/make/target/board/BoardConfigGsiCommon.mk
+include build/make/target/board/BoardConfigEmuCommon.mk
+
+BOARD_USERDATAIMAGE_PARTITION_SIZE := 576716800
+
+BOARD_SEPOLICY_DIRS += device/generic/goldfish/sepolicy/x86
+
+# Wifi.
+BOARD_WLAN_DEVICE := emulator
+BOARD_HOSTAPD_DRIVER := NL80211
+BOARD_WPA_SUPPLICANT_DRIVER := NL80211
+BOARD_HOSTAPD_PRIVATE_LIB := lib_driver_cmd_simulated
+BOARD_WPA_SUPPLICANT_PRIVATE_LIB := lib_driver_cmd_simulated
+WPA_SUPPLICANT_VERSION := VER_0_8_X
+WIFI_DRIVER_FW_PATH_PARAM := "/dev/null"
+WIFI_DRIVER_FW_PATH_STA := "/dev/null"
+WIFI_DRIVER_FW_PATH_AP := "/dev/null"
diff --git a/target/board/generic_64bitonly_x86_64/README.txt b/target/board/generic_64bitonly_x86_64/README.txt
new file mode 100644
index 0000000..dc7efd3
--- /dev/null
+++ b/target/board/generic_64bitonly_x86_64/README.txt
@@ -0,0 +1,7 @@
+The "generic_x86_64_app" product defines a non-hardware-specific IA target
+without a kernel or bootloader.
+
+It can be used to build the entire user-level system, and
+will work with the IA version of the emulator,
+
+This supports 64-bit apps only.
diff --git a/target/board/generic_64bitonly_x86_64/device.mk b/target/board/generic_64bitonly_x86_64/device.mk
new file mode 100644
index 0000000..bb49057
--- /dev/null
+++ b/target/board/generic_64bitonly_x86_64/device.mk
@@ -0,0 +1,24 @@
+#
+# Copyright (C) 2020 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+ifdef NET_ETH0_STARTONBOOT
+ PRODUCT_PROPERTY_OVERRIDES += net.eth0.startonboot=1
+endif
+
+# Ensure we package the BIOS files too.
+PRODUCT_HOST_PACKAGES += \
+ bios.bin \
+ vgabios-cirrus.bin \
diff --git a/target/board/generic_64bitonly_x86_64/system.prop b/target/board/generic_64bitonly_x86_64/system.prop
new file mode 100644
index 0000000..ed9d173
--- /dev/null
+++ b/target/board/generic_64bitonly_x86_64/system.prop
@@ -0,0 +1,5 @@
+#
+# system.prop for generic sdk
+#
+
+rild.libpath=/vendor/lib64/libreference-ril.so
diff --git a/target/product/AndroidProducts.mk b/target/product/AndroidProducts.mk
index 4121bc1..e8231af 100644
--- a/target/product/AndroidProducts.mk
+++ b/target/product/AndroidProducts.mk
@@ -43,6 +43,7 @@
else
PRODUCT_MAKEFILES := \
+ $(LOCAL_DIR)/aosp_64bitonly_x86_64.mk \
$(LOCAL_DIR)/aosp_arm64_ab.mk \
$(LOCAL_DIR)/aosp_arm64.mk \
$(LOCAL_DIR)/aosp_arm_ab.mk \
diff --git a/target/product/aosp_64bitonly_x86_64.mk b/target/product/aosp_64bitonly_x86_64.mk
new file mode 100644
index 0000000..4de4e0c8
--- /dev/null
+++ b/target/product/aosp_64bitonly_x86_64.mk
@@ -0,0 +1,72 @@
+#
+# Copyright 2020 The Android Open-Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+PRODUCT_USE_DYNAMIC_PARTITIONS := true
+
+# The system image of aosp_x86_64_app-userdebug is a GSI for the devices with:
+# - x86 64 bits user space
+# - 64 bits binder interface
+# - system-as-root
+# - VNDK enforcement
+# - compatible property override enabled
+
+# This is a build configuration for a full-featured build of the
+# Open-Source part of the tree. It's geared toward a US-centric
+# build quite specifically for the emulator, and might not be
+# entirely appropriate to inherit from for on-device configurations.
+
+# GSI for system/product & support 64-bit apps only
+$(call inherit-product, $(SRC_TARGET_DIR)/product/core_64_bit_only.mk)
+$(call inherit-product, $(SRC_TARGET_DIR)/product/mainline_system.mk)
+
+# Enable mainline checking for excat this product name
+ifeq (aosp_64bitonly_x86_64,$(TARGET_PRODUCT))
+PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS := relaxed
+endif
+
+#
+# All components inherited here go to system_ext image
+#
+$(call inherit-product, $(SRC_TARGET_DIR)/product/handheld_system_ext.mk)
+$(call inherit-product, $(SRC_TARGET_DIR)/product/telephony_system_ext.mk)
+
+#
+# All components inherited here go to product image
+#
+$(call inherit-product, $(SRC_TARGET_DIR)/product/aosp_product.mk)
+
+#
+# All components inherited here go to vendor image
+#
+$(call inherit-product-if-exists, device/generic/goldfish/x86_64-vendor.mk)
+$(call inherit-product, $(SRC_TARGET_DIR)/product/emulator_vendor.mk)
+$(call inherit-product, $(SRC_TARGET_DIR)/board/generic_x86_64/device.mk)
+
+#
+# Special settings for GSI releasing
+#
+ifeq (aosp_64bitonly_x86_64,$(TARGET_PRODUCT))
+$(call inherit-product, $(SRC_TARGET_DIR)/product/gsi_release.mk)
+endif
+
+PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \
+ root/init.zygote64.rc
+
+# This build configuration supports 64-bit apps only
+PRODUCT_NAME := aosp_64bitonly_x86_64
+PRODUCT_DEVICE := generic_64bitonly_x86_64
+PRODUCT_BRAND := Android
+PRODUCT_MODEL := AOSP on x86_64 App
diff --git a/target/product/cfi-common.mk b/target/product/cfi-common.mk
index 42edd92..fe62f74 100644
--- a/target/product/cfi-common.mk
+++ b/target/product/cfi-common.mk
@@ -18,7 +18,6 @@
# compatible product configs)
PRODUCT_CFI_INCLUDE_PATHS := \
device/google/cuttlefish/guest/libs/wpa_supplicant_8_lib \
- device/google/wahoo/wifi_offload \
external/tinyxml2 \
external/wpa_supplicant_8 \
frameworks/av/camera \
diff --git a/target/product/media_system.mk b/target/product/media_system.mk
index 26fb7f3..4d507b5 100644
--- a/target/product/media_system.mk
+++ b/target/product/media_system.mk
@@ -58,7 +58,6 @@
# The values should be of the format <apex name>:<jar name>
PRODUCT_UPDATABLE_SYSTEM_SERVER_JARS := \
com.android.permission:service-permission \
- com.android.wifi:service-wifi \
com.android.ipsec:android.net.ipsec.ike \
PRODUCT_COPY_FILES += \
diff --git a/target/product/runtime_libart.mk b/target/product/runtime_libart.mk
index ad361dc..693b686 100644
--- a/target/product/runtime_libart.mk
+++ b/target/product/runtime_libart.mk
@@ -92,8 +92,9 @@
dalvik.vm.minidebuginfo=true \
dalvik.vm.dex2oat-minidebuginfo=true
-# Enable iorapd by default
-PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
- ro.iorapd.enable=true
-
PRODUCT_USES_DEFAULT_ART_CONFIG := true
+
+# Disable iorapd by default
+PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
+ ro.iorapd.enable=false
+
diff --git a/tools/releasetools/validate_target_files.py b/tools/releasetools/validate_target_files.py
index ac469eb..c260ace 100755
--- a/tools/releasetools/validate_target_files.py
+++ b/tools/releasetools/validate_target_files.py
@@ -236,6 +236,15 @@
logging.info('Done checking %s', script_path)
+# Symlink files in `src` to `dst`, if the files do not
+# already exists in `dst` directory.
+def symlinkIfNotExists(src, dst):
+ if not os.path.isdir(src):
+ return
+ for filename in os.listdir(src):
+ if os.path.exists(os.path.join(dst, filename)):
+ continue
+ os.symlink(os.path.join(src, filename), os.path.join(dst, filename))
def ValidateVerifiedBootImages(input_tmp, info_dict, options):
"""Validates the Verified Boot related images.
@@ -257,6 +266,12 @@
Raises:
AssertionError: On any verification failure.
"""
+ # See bug 159299583
+ # After commit 5277d1015, some images (e.g. acpio.img and tos.img) are no
+ # longer copied from RADIO to the IMAGES folder. But avbtool assumes that
+ # images are in IMAGES folder. So we symlink them.
+ symlinkIfNotExists(os.path.join(input_tmp, "RADIO"),
+ os.path.join(input_tmp, "IMAGES"))
# Verified boot 1.0 (images signed with boot_signer and verity_signer).
if info_dict.get('boot_signer') == 'true':
logging.info('Verifying Verified Boot images...')
