[automerger skipped] Empty merge of sc-v2-dev-plus-aosp-without-vendor@8433047 am: fc75ee3331 -s ours am: 91d612a73b -s ours
am skip reason: Merged-In I4ba36a79abd13c42b986e3ba0d6d599c1cc73cb0 with SHA-1 824608c33d is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/build/+/17805725
Change-Id: Ib2f0ba87c60358cd8037f2a0fc216c5c9e11af97
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/core/Makefile b/core/Makefile
index 2244453..5fdaa3e 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -6819,8 +6819,6 @@
sdk_atree_files += $(atree_dir)/sdk.atree
endif
-include $(BUILD_SYSTEM)/sdk_font.mk
-
deps := \
$(target_notice_file_txt) \
$(OUT_DOCS)/offline-sdk-timestamp \
@@ -6840,8 +6838,7 @@
$(ATREE_FILES) \
$(sdk_atree_files) \
$(HOST_OUT_EXECUTABLES)/atree \
- $(HOST_OUT_EXECUTABLES)/line_endings \
- $(SDK_FONT_DEPS)
+ $(HOST_OUT_EXECUTABLES)/line_endings
INTERNAL_SDK_TARGET := $(sdk_dir)/$(sdk_name).zip
$(INTERNAL_SDK_TARGET): PRIVATE_NAME := $(sdk_name)
@@ -6864,7 +6861,6 @@
fi; \
done; \
if [ $$FAIL ]; then exit 1; fi
- $(hide) echo $(notdir $(SDK_FONT_DEPS)) | tr " " "\n" > $(SDK_FONT_TEMP)/fontsInSdk.txt
$(hide) ( \
ATREE_STRIP="$(HOST_STRIP) -x" \
$(HOST_OUT_EXECUTABLES)/atree \
@@ -6880,7 +6876,6 @@
-v "TARGET_ARCH=$(TARGET_ARCH)" \
-v "TARGET_CPU_ABI=$(TARGET_CPU_ABI)" \
-v "DLL_EXTENSION=$(HOST_SHLIB_SUFFIX)" \
- -v "FONT_OUT=$(SDK_FONT_TEMP)" \
-o $(PRIVATE_DIR) && \
cp -f $(target_notice_file_txt) \
$(PRIVATE_DIR)/system-images/android-$(PLATFORM_VERSION)/$(TARGET_CPU_ABI)/NOTICE.txt && \
@@ -6971,6 +6966,10 @@
haiku-rust: $(SOONG_RUST_FUZZ_PACKAGING_ARCH_MODULES) $(ALL_RUST_FUZZ_TARGETS)
$(call dist-for-goals,haiku-rust,$(SOONG_RUST_FUZZ_PACKAGING_ARCH_MODULES))
+# -----------------------------------------------------------------
+# Extract platform fonts used in Layoutlib
+include $(BUILD_SYSTEM)/layoutlib_fonts.mk
+
# -----------------------------------------------------------------
# OS Licensing
diff --git a/core/android_soong_config_vars.mk b/core/android_soong_config_vars.mk
index 6c32da4..329847f 100644
--- a/core/android_soong_config_vars.mk
+++ b/core/android_soong_config_vars.mk
@@ -91,3 +91,11 @@
# TODO(b/196084106): Remove when Java optimizations enabled by default for
# system packages.
$(call add_soong_config_var,ANDROID,SYSTEM_OPTIMIZE_JAVA)
+
+# Check for SupplementalApi module.
+ifeq ($(wildcard packages/modules/SupplementalApi),)
+$(call add_soong_config_var_value,ANDROID,include_nonpublic_framework_api,false)
+else
+$(call add_soong_config_var_value,ANDROID,include_nonpublic_framework_api,true)
+endif
+
diff --git a/core/app_prebuilt_internal.mk b/core/app_prebuilt_internal.mk
index 79639a8..4586f35 100644
--- a/core/app_prebuilt_internal.mk
+++ b/core/app_prebuilt_internal.mk
@@ -128,6 +128,9 @@
LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE)
endif
+ # NOTE(ruperts): Consider moving the logic below out of a conditional,
+ # to avoid the possibility of silently ignoring user settings.
+
PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
PACKAGES.$(LOCAL_MODULE).CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem
PACKAGES := $(PACKAGES) $(LOCAL_MODULE)
@@ -142,6 +145,8 @@
$(built_module): $(LOCAL_CERTIFICATE_LINEAGE)
$(built_module): PRIVATE_CERTIFICATE_LINEAGE := $(LOCAL_CERTIFICATE_LINEAGE)
+
+ $(built_module): PRIVATE_ROTATION_MIN_SDK_VERSION := $(LOCAL_ROTATION_MIN_SDK_VERSION)
endif
ifneq ($(LOCAL_MODULE_STEM),)
diff --git a/core/build_id.mk b/core/build_id.mk
index 2f9c3f3..a489788 100644
--- a/core/build_id.mk
+++ b/core/build_id.mk
@@ -18,4 +18,4 @@
# (like "CRB01"). It must be a single word, and is
# capitalized by convention.
-BUILD_ID=MASTER
+BUILD_ID=TM
diff --git a/core/config.mk b/core/config.mk
index 7af600f..400e29a 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -836,7 +836,7 @@
# is made which breaks compatibility with the previous platform sepolicy version,
# not just on every increase in PLATFORM_SDK_VERSION. The minor version should
# be reset to 0 on every bump of the PLATFORM_SDK_VERSION.
-sepolicy_major_vers := 32
+sepolicy_major_vers := 33
sepolicy_minor_vers := 0
ifneq ($(sepolicy_major_vers), $(PLATFORM_SDK_VERSION))
diff --git a/core/definitions.mk b/core/definitions.mk
index 0d72473..0c46de9 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -2696,6 +2696,7 @@
$(hide) mv $(1) $(1).unsigned
$(hide) $(JAVA) -Djava.library.path=$$(dirname $(SIGNAPK_JNI_LIBRARY_PATH)) -jar $(SIGNAPK_JAR) \
$(if $(strip $(PRIVATE_CERTIFICATE_LINEAGE)), --lineage $(PRIVATE_CERTIFICATE_LINEAGE)) \
+ $(if $(strip $(PRIVATE_ROTATION_MIN_SDK_VERSION)), --rotation-min-sdk-version $(PRIVATE_ROTATION_MIN_SDK_VERSION)) \
$(PRIVATE_CERTIFICATE) $(PRIVATE_PRIVATE_KEY) \
$(PRIVATE_ADDITIONAL_CERTIFICATES) $(1).unsigned $(1).signed
$(hide) mv $(1).signed $(1)
diff --git a/core/layoutlib_fonts.mk b/core/layoutlib_fonts.mk
new file mode 100644
index 0000000..d2a814f
--- /dev/null
+++ b/core/layoutlib_fonts.mk
@@ -0,0 +1,35 @@
+# Fonts for layoutlib
+
+FONT_TEMP := $(call intermediates-dir-for,PACKAGING,fonts,HOST,COMMON)
+
+# The font configuration files - system_fonts.xml, fallback_fonts.xml etc.
+font_config := $(sort $(wildcard frameworks/base/data/fonts/*.xml))
+font_config := $(addprefix $(FONT_TEMP)/, $(notdir $(font_config)))
+
+$(font_config): $(FONT_TEMP)/%.xml: \
+ frameworks/base/data/fonts/%.xml
+ $(hide) mkdir -p $(dir $@)
+ $(hide) cp -vf $< $@
+
+# List of fonts on the device that we want to ship. This is all .ttf, .ttc and .otf fonts.
+fonts_device := $(filter $(TARGET_OUT)/fonts/%.ttf $(TARGET_OUT)/fonts/%.ttc $(TARGET_OUT)/fonts/%.otf, $(INTERNAL_SYSTEMIMAGE_FILES))
+fonts_device := $(addprefix $(FONT_TEMP)/, $(notdir $(fonts_device)))
+
+# TODO: If the font file is a symlink, reuse the font renamed from the symlink
+# target.
+$(fonts_device): $(FONT_TEMP)/%: $(TARGET_OUT)/fonts/%
+ $(hide) mkdir -p $(dir $@)
+ $(hide) cp -vf $< $@
+
+# List of all dependencies - all fonts and configuration files.
+FONT_FILES := $(fonts_device) $(font_config)
+
+.PHONY: layoutlib layoutlib-tests
+layoutlib layoutlib-tests: $(FONT_FILES)
+
+$(call dist-for-goals, layoutlib, $(foreach m,$(FONT_FILES), $(m):layoutlib_native/fonts/$(notdir $(m))))
+
+FONT_TEMP :=
+font_config :=
+fonts_device :=
+FONT_FILES :=
diff --git a/core/package_internal.mk b/core/package_internal.mk
index 8199ad2..c7a173b 100644
--- a/core/package_internal.mk
+++ b/core/package_internal.mk
@@ -481,6 +481,8 @@
$(LOCAL_BUILT_MODULE): $(LOCAL_CERTIFICATE_LINEAGE)
$(LOCAL_BUILT_MODULE): PRIVATE_CERTIFICATE_LINEAGE := $(LOCAL_CERTIFICATE_LINEAGE)
+$(LOCAL_BUILT_MODULE): PRIVATE_ROTATION_MIN_SDK_VERSION := $(LOCAL_ROTATION_MIN_SDK_VERSION)
+
# Set a actual_partition_tag (calculated in base_rules.mk) for the package.
PACKAGES.$(LOCAL_PACKAGE_NAME).PARTITION := $(actual_partition_tag)
diff --git a/core/product_config.mk b/core/product_config.mk
index 1e74fa9..37146d3 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -433,7 +433,7 @@
# Show a warning wall of text if non-compliance-GSI products set this option.
ifdef PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT
- ifeq (,$(filter gsi_arm gsi_arm64 gsi_x86 gsi_x86_64 gsi_car_arm64 gsi_car_x86_64,$(PRODUCT_NAME)))
+ ifeq (,$(filter gsi_arm gsi_arm64 gsi_x86 gsi_x86_64 gsi_car_arm64 gsi_car_x86_64 gsi_tv_arm gsi_tv_arm64,$(PRODUCT_NAME)))
$(warning PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT is set but \
PRODUCT_NAME ($(PRODUCT_NAME)) doesn't look like a GSI for compliance \
testing. This is a special configuration for compliance GSI, so do make \
diff --git a/core/rbe.mk b/core/rbe.mk
index e399ec1..6d68881 100644
--- a/core/rbe.mk
+++ b/core/rbe.mk
@@ -50,12 +50,6 @@
cxx_compare := false
endif
- ifdef RBE_CXX_COMPARE
- cxx_compare := $(RBE_CXX_COMPARE)
- else
- cxx_compare := "false"
- endif
-
ifdef RBE_JAVAC_EXEC_STRATEGY
javac_exec_strategy := $(RBE_JAVAC_EXEC_STRATEGY)
else
diff --git a/core/sdk_font.mk b/core/sdk_font.mk
deleted file mode 100644
index 1742925..0000000
--- a/core/sdk_font.mk
+++ /dev/null
@@ -1,66 +0,0 @@
-###############################################################################
-# Fonts shipped with the SDK need to be renamed for Java to handle them
-# properly. Hence, a special script is used to rename the fonts. We bundle all
-# the fonts that are shipped on a newer non-space-constrained device. However,
-# OpenType fonts used on these devices are not supported by Java. Their
-# replacements are added separately.
-###############################################################################
-
-
-# The script that renames the font.
-sdk_font_rename_script := frameworks/layoutlib/rename_font/build_font_single.py
-
-# Location of the fonttools library that the above script depends on.
-fonttools_lib := external/fonttools/Lib
-
-# A temporary location to store the renamed fonts. atree picks all files in
-# this directory and bundles it with the SDK.
-SDK_FONT_TEMP := $(call intermediates-dir-for,PACKAGING,sdk-fonts,HOST,COMMON)
-
-# The font configuration files - system_fonts.xml, fallback_fonts.xml etc.
-sdk_font_config := $(sort $(wildcard frameworks/base/data/fonts/*.xml))
-sdk_font_config := $(addprefix $(SDK_FONT_TEMP)/standard/, $(notdir $(sdk_font_config)))
-
-$(sdk_font_config): $(SDK_FONT_TEMP)/standard/%.xml: \
- frameworks/base/data/fonts/%.xml
- $(hide) mkdir -p $(dir $@)
- $(hide) cp -vf $< $@
-
-# List of fonts on the device that we want to ship. This is all .ttf fonts.
-sdk_fonts_device := $(filter $(TARGET_OUT)/fonts/%.ttf, $(INTERNAL_SYSTEMIMAGE_FILES))
-sdk_fonts_device := $(addprefix $(SDK_FONT_TEMP)/, $(notdir $(sdk_fonts_device)))
-
-# Macro to rename the font.
-sdk_rename_font = PYTHONPATH=$$PYTHONPATH:$(fonttools_lib) $(sdk_font_rename_script) \
- $1 $2
-
-# TODO: If the font file is a symlink, reuse the font renamed from the symlink
-# target.
-$(sdk_fonts_device): $(SDK_FONT_TEMP)/%.ttf: $(TARGET_OUT)/fonts/%.ttf \
- $(sdk_font_rename_script)
- $(hide) mkdir -p $(dir $@)
- $(hide) $(call sdk_rename_font,$<,$@)
-
-# List of all dependencies - all fonts and configuration files.
-SDK_FONT_DEPS := $(sdk_fonts_device) $(sdk_font_config)
-
-# Define a macro to create rule for addititional fonts that we want to include
-# in the SDK.
-# $1 Output font name
-# $2 Source font path
-define sdk-extra-font-rule
-fontfullname := $$(SDK_FONT_TEMP)/$1
-ifeq ($$(filter $$(fontfullname),$$(sdk_fonts_device)),)
-SDK_FONT_DEPS += $$(fontfullname)
-$$(fontfullname): $2 $$(sdk_font_rename_script)
- $$(hide) mkdir -p $$(dir $$@)
- $$(hide) $$(call sdk_rename_font,$$<,$$@)
-endif
-fontfullname :=
-endef
-
-# These extra fonts are used as a replacement for OpenType fonts.
-$(eval $(call sdk-extra-font-rule,NanumGothic.ttf,external/naver-fonts/NanumGothic.ttf))
-$(eval $(call sdk-extra-font-rule,DroidSansFallback.ttf,frameworks/base/data/fonts/DroidSansFallbackFull.ttf))
-
-sdk-extra-font-rule :=
diff --git a/core/version_defaults.mk b/core/version_defaults.mk
index d00efd3..4e3f2a8 100644
--- a/core/version_defaults.mk
+++ b/core/version_defaults.mk
@@ -48,7 +48,7 @@
# The last stable version name of the platform that was released. During
# development, this stays at that previous version, while the codename indicates
# further work based on the previous version.
-PLATFORM_VERSION_LAST_STABLE := 12
+PLATFORM_VERSION_LAST_STABLE := 13
.KATI_READONLY := PLATFORM_VERSION_LAST_STABLE
# These are the current development codenames, if the build is not a final
@@ -58,7 +58,7 @@
# This is the user-visible version. In a final release build it should
# be empty to use PLATFORM_VERSION as the user-visible version. For
# a preview release it can be set to a user-friendly value like `12 Preview 1`
-PLATFORM_DISPLAY_VERSION :=
+PLATFORM_DISPLAY_VERSION := 13
ifndef PLATFORM_SDK_VERSION
# This is the canonical definition of the SDK version, which defines
@@ -73,20 +73,25 @@
# When you increment the PLATFORM_SDK_VERSION please ensure you also
# clear out the following text file of all older PLATFORM_VERSION's:
# cts/tests/tests/os/assets/platform_versions.txt
- PLATFORM_SDK_VERSION := 32
+ PLATFORM_SDK_VERSION := 33
endif
.KATI_READONLY := PLATFORM_SDK_VERSION
# This is the sdk extension version of this tree.
-PLATFORM_SDK_EXTENSION_VERSION := 1
+PLATFORM_SDK_EXTENSION_VERSION := 3
.KATI_READONLY := PLATFORM_SDK_EXTENSION_VERSION
# This is the sdk extension version that PLATFORM_SDK_VERSION ships with.
-PLATFORM_BASE_SDK_EXTENSION_VERSION := 1
+PLATFORM_BASE_SDK_EXTENSION_VERSION := 3
.KATI_READONLY := PLATFORM_BASE_SDK_EXTENSION_VERSION
-# This is are all known codenames starting from Q.
-PLATFORM_VERSION_KNOWN_CODENAMES := Q R S Sv2 Tiramisu
+# This are all known codenames.
+PLATFORM_VERSION_KNOWN_CODENAMES := \
+Base Base11 Cupcake Donut Eclair Eclair01 EclairMr1 Froyo Gingerbread GingerbreadMr1 \
+Honeycomb HoneycombMr1 HoneycombMr2 IceCreamSandwich IceCreamSandwichMr1 \
+JellyBean JellyBeanMr1 JellyBeanMr2 Kitkat KitkatWatch Lollipop LollipopMr1 M N NMr1 O OMr1 P \
+Q R S Sv2 Tiramisu
+
# Convert from space separated list to comma separated
PLATFORM_VERSION_KNOWN_CODENAMES := \
$(call normalize-comma-list,$(PLATFORM_VERSION_KNOWN_CODENAMES))
@@ -100,7 +105,5 @@
# If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
PLATFORM_SECURITY_PATCH := 2022-06-05
endif
-.KATI_READONLY := PLATFORM_SECURITY_PATCH
include $(BUILD_SYSTEM)/version_util.mk
-
diff --git a/envsetup.sh b/envsetup.sh
index ff6f61e..be6061d 100644
--- a/envsetup.sh
+++ b/envsetup.sh
@@ -786,6 +786,10 @@
set_stuff_for_environment
[[ -n "${ANDROID_QUIET_BUILD:-}" ]] || printconfig
destroy_build_var_cache
+
+ if [[ -n "${CHECK_MU_CONFIG:-}" ]]; then
+ check_mu_config
+ fi
}
unset COMMON_LUNCH_CHOICES_CACHE
diff --git a/target/board/BoardConfigPixelCommon.mk b/target/board/BoardConfigPixelCommon.mk
index a970fec..22521b5 100644
--- a/target/board/BoardConfigPixelCommon.mk
+++ b/target/board/BoardConfigPixelCommon.mk
@@ -5,6 +5,7 @@
# Using sha256 for dm-verity partitions. b/156162446
# system, system_other, system_ext and product.
BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+BOARD_AVB_SYSTEM_DLKM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
BOARD_AVB_SYSTEM_OTHER_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
BOARD_AVB_SYSTEM_EXT_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
BOARD_AVB_PRODUCT_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
diff --git a/target/product/base_system.mk b/target/product/base_system.mk
index 05ddfe5..83ca224 100644
--- a/target/product/base_system.mk
+++ b/target/product/base_system.mk
@@ -50,7 +50,9 @@
charger \
cmd \
com.android.adbd \
+ com.android.adservices \
com.android.appsearch \
+ com.android.bluetooth \
com.android.conscrypt \
com.android.cronet \
com.android.extservices \
@@ -60,15 +62,16 @@
com.android.media \
com.android.media.swcodec \
com.android.mediaprovider \
+ com.android.ondevicepersonalization \
com.android.os.statsd \
com.android.permission \
com.android.resolv \
com.android.neuralnetworks \
com.android.scheduling \
com.android.sdkext \
- com.android.sepolicy \
com.android.tethering \
com.android.tzdata \
+ com.android.uwb \
com.android.wifi \
ContactsProvider \
content \
@@ -118,6 +121,7 @@
init_system \
input \
installd \
+ IntentResolver \
ip \
iptables \
ip-up-vpn \
@@ -368,7 +372,6 @@
PRODUCT_PACKAGES_DEBUG := \
adb_keys \
arping \
- com.android.sepolicy.cert-debug.der \
dmuserd \
idlcli \
init-debug.rc \
diff --git a/target/product/default_art_config.mk b/target/product/default_art_config.mk
index 851a2cb..993edf3 100644
--- a/target/product/default_art_config.mk
+++ b/target/product/default_art_config.mk
@@ -51,12 +51,16 @@
# Note: core-icu4j is moved back to PRODUCT_BOOT_JARS in product_config.mk at a later stage.
# Note: For modules available in Q, DO NOT add new entries here.
PRODUCT_APEX_BOOT_JARS := \
+ com.android.adservices:framework-adservices \
+ com.android.adservices:framework-sdksandbox \
com.android.appsearch:framework-appsearch \
+ com.android.bluetooth:framework-bluetooth \
com.android.conscrypt:conscrypt \
com.android.i18n:core-icu4j \
com.android.ipsec:android.net.ipsec.ike \
com.android.media:updatable-media \
com.android.mediaprovider:framework-mediaprovider \
+ com.android.ondevicepersonalization:framework-ondevicepersonalization \
com.android.os.statsd:framework-statsd \
com.android.permission:framework-permission \
com.android.permission:framework-permission-s \
@@ -65,12 +69,15 @@
com.android.tethering:framework-connectivity \
com.android.tethering:framework-connectivity-t \
com.android.tethering:framework-tethering \
- com.android.wifi:framework-wifi
+ com.android.uwb:framework-uwb \
+ com.android.wifi:framework-wifi \
# List of system_server classpath jars delivered via apex.
# Keep the list sorted by module names and then library names.
# Note: For modules available in Q, DO NOT add new entries here.
PRODUCT_APEX_SYSTEM_SERVER_JARS := \
+ com.android.adservices:service-adservices \
+ com.android.adservices:service-sdksandbox \
com.android.appsearch:service-appsearch \
com.android.art:service-art \
com.android.media:service-media-s \
@@ -86,9 +93,11 @@
# Keep the list sorted by module names and then library names.
# Note: For modules available in Q, DO NOT add new entries here.
PRODUCT_APEX_STANDALONE_SYSTEM_SERVER_JARS := \
+ com.android.bluetooth:service-bluetooth \
com.android.os.statsd:service-statsd \
com.android.scheduling:service-scheduling \
com.android.tethering:service-connectivity \
+ com.android.uwb:service-uwb \
com.android.wifi:service-wifi \
# Minimal configuration for running dex2oat (default argument values).
diff --git a/target/product/full_base.mk b/target/product/full_base.mk
index a8e1e91..39c66da3 100644
--- a/target/product/full_base.mk
+++ b/target/product/full_base.mk
@@ -28,12 +28,6 @@
PhotoTable \
preinstalled-packages-platform-full-base.xml
-# Bluetooth:
-# audio.a2dp.default is a system module. Generic system image includes
-# audio.a2dp.default to support A2DP if board has the capability.
-PRODUCT_PACKAGES += \
- audio.a2dp.default
-
# Net:
# Vendors can use the platform-provided network configuration utilities (ip,
# iptable, etc.) to configure the Linux networking stack, but these utilities
diff --git a/target/product/generic_system.mk b/target/product/generic_system.mk
index f13c9db..1a639ef 100644
--- a/target/product/generic_system.mk
+++ b/target/product/generic_system.mk
@@ -52,11 +52,6 @@
cppreopts.sh \
otapreopt_script \
-# Bluetooth libraries
-PRODUCT_PACKAGES += \
- audio.a2dp.default \
- audio.hearing_aid.default \
-
# For ringtones that rely on forward lock encryption
PRODUCT_PACKAGES += libfwdlockengine
diff --git a/target/product/gsi/33.txt b/target/product/gsi/33.txt
new file mode 100644
index 0000000..ae80b37
--- /dev/null
+++ b/target/product/gsi/33.txt
@@ -0,0 +1,254 @@
+LLNDK: libEGL.so
+LLNDK: libGLESv1_CM.so
+LLNDK: libGLESv2.so
+LLNDK: libGLESv3.so
+LLNDK: libRS.so
+LLNDK: libandroid_net.so
+LLNDK: libbinder_ndk.so
+LLNDK: libc.so
+LLNDK: libcgrouprc.so
+LLNDK: libdl.so
+LLNDK: libft2.so
+LLNDK: liblog.so
+LLNDK: libm.so
+LLNDK: libmediandk.so
+LLNDK: libnativewindow.so
+LLNDK: libneuralnetworks.so
+LLNDK: libselinux.so
+LLNDK: libsync.so
+LLNDK: libvndksupport.so
+LLNDK: libvulkan.so
+VNDK-SP: android.hardware.common-V2-ndk.so
+VNDK-SP: android.hardware.common.fmq-V1-ndk.so
+VNDK-SP: android.hardware.graphics.allocator-V1-ndk.so
+VNDK-SP: android.hardware.graphics.common-V3-ndk.so
+VNDK-SP: android.hardware.graphics.common@1.0.so
+VNDK-SP: android.hardware.graphics.common@1.1.so
+VNDK-SP: android.hardware.graphics.common@1.2.so
+VNDK-SP: android.hardware.graphics.composer3-V1-ndk.so
+VNDK-SP: android.hardware.graphics.mapper@2.0.so
+VNDK-SP: android.hardware.graphics.mapper@2.1.so
+VNDK-SP: android.hardware.graphics.mapper@3.0.so
+VNDK-SP: android.hardware.graphics.mapper@4.0.so
+VNDK-SP: android.hardware.renderscript@1.0.so
+VNDK-SP: android.hidl.memory.token@1.0.so
+VNDK-SP: android.hidl.memory@1.0-impl.so
+VNDK-SP: android.hidl.memory@1.0.so
+VNDK-SP: android.hidl.safe_union@1.0.so
+VNDK-SP: libRSCpuRef.so
+VNDK-SP: libRSDriver.so
+VNDK-SP: libRS_internal.so
+VNDK-SP: libbacktrace.so
+VNDK-SP: libbase.so
+VNDK-SP: libbcinfo.so
+VNDK-SP: libblas.so
+VNDK-SP: libc++.so
+VNDK-SP: libcompiler_rt.so
+VNDK-SP: libcutils.so
+VNDK-SP: libdmabufheap.so
+VNDK-SP: libgralloctypes.so
+VNDK-SP: libhardware.so
+VNDK-SP: libhidlbase.so
+VNDK-SP: libhidlmemory.so
+VNDK-SP: libion.so
+VNDK-SP: libjsoncpp.so
+VNDK-SP: liblzma.so
+VNDK-SP: libprocessgroup.so
+VNDK-SP: libunwindstack.so
+VNDK-SP: libutils.so
+VNDK-SP: libutilscallstack.so
+VNDK-SP: libz.so
+VNDK-core: android.hardware.audio.common-V1-ndk.so
+VNDK-core: android.hardware.audio.common@2.0.so
+VNDK-core: android.hardware.authsecret-V1-ndk.so
+VNDK-core: android.hardware.automotive.occupant_awareness-V1-ndk.so
+VNDK-core: android.hardware.bluetooth.audio-V1-ndk.so
+VNDK-core: android.hardware.camera.common-V1-ndk.so
+VNDK-core: android.hardware.camera.device-V1-ndk.so
+VNDK-core: android.hardware.camera.metadata-V1-ndk.so
+VNDK-core: android.hardware.camera.provider-V1-ndk.so
+VNDK-core: android.hardware.configstore-utils.so
+VNDK-core: android.hardware.configstore@1.0.so
+VNDK-core: android.hardware.configstore@1.1.so
+VNDK-core: android.hardware.confirmationui-support-lib.so
+VNDK-core: android.hardware.drm-V1-ndk.so
+VNDK-core: android.hardware.dumpstate-V1-ndk.so
+VNDK-core: android.hardware.gnss-V2-ndk.so
+VNDK-core: android.hardware.graphics.allocator@2.0.so
+VNDK-core: android.hardware.graphics.allocator@3.0.so
+VNDK-core: android.hardware.graphics.allocator@4.0.so
+VNDK-core: android.hardware.graphics.bufferqueue@1.0.so
+VNDK-core: android.hardware.graphics.bufferqueue@2.0.so
+VNDK-core: android.hardware.health-V1-ndk.so
+VNDK-core: android.hardware.health.storage-V1-ndk.so
+VNDK-core: android.hardware.identity-V4-ndk.so
+VNDK-core: android.hardware.ir-V1-ndk.so
+VNDK-core: android.hardware.keymaster-V3-ndk.so
+VNDK-core: android.hardware.light-V1-ndk.so
+VNDK-core: android.hardware.media.bufferpool@2.0.so
+VNDK-core: android.hardware.media.omx@1.0.so
+VNDK-core: android.hardware.media@1.0.so
+VNDK-core: android.hardware.memtrack-V1-ndk.so
+VNDK-core: android.hardware.memtrack@1.0.so
+VNDK-core: android.hardware.nfc-V1-ndk.so
+VNDK-core: android.hardware.oemlock-V1-ndk.so
+VNDK-core: android.hardware.power-V2-ndk.so
+VNDK-core: android.hardware.power.stats-V1-ndk.so
+VNDK-core: android.hardware.radio-V1-ndk.so
+VNDK-core: android.hardware.radio.config-V1-ndk.so
+VNDK-core: android.hardware.radio.data-V1-ndk.so
+VNDK-core: android.hardware.radio.messaging-V1-ndk.so
+VNDK-core: android.hardware.radio.modem-V1-ndk.so
+VNDK-core: android.hardware.radio.network-V1-ndk.so
+VNDK-core: android.hardware.radio.sim-V1-ndk.so
+VNDK-core: android.hardware.radio.voice-V1-ndk.so
+VNDK-core: android.hardware.rebootescrow-V1-ndk.so
+VNDK-core: android.hardware.security.dice-V1-ndk.so
+VNDK-core: android.hardware.security.keymint-V2-ndk.so
+VNDK-core: android.hardware.security.secureclock-V1-ndk.so
+VNDK-core: android.hardware.security.sharedsecret-V1-ndk.so
+VNDK-core: android.hardware.sensors-V1-ndk.so
+VNDK-core: android.hardware.soundtrigger3-V1-ndk.so
+VNDK-core: android.hardware.soundtrigger@2.0-core.so
+VNDK-core: android.hardware.soundtrigger@2.0.so
+VNDK-core: android.hardware.usb-V1-ndk.so
+VNDK-core: android.hardware.uwb-V1-ndk.so
+VNDK-core: android.hardware.vibrator-V2-ndk.so
+VNDK-core: android.hardware.weaver-V1-ndk.so
+VNDK-core: android.hardware.wifi.hostapd-V1-ndk.so
+VNDK-core: android.hardware.wifi.supplicant-V1-ndk.so
+VNDK-core: android.hidl.token@1.0-utils.so
+VNDK-core: android.hidl.token@1.0.so
+VNDK-core: android.media.audio.common.types-V1-ndk.so
+VNDK-core: android.media.soundtrigger.types-V1-ndk.so
+VNDK-core: android.system.keystore2-V2-ndk.so
+VNDK-core: android.system.suspend-V1-ndk.so
+VNDK-core: android.system.suspend@1.0.so
+VNDK-core: libaudioroute.so
+VNDK-core: libaudioutils.so
+VNDK-core: libbinder.so
+VNDK-core: libbufferqueueconverter.so
+VNDK-core: libcamera_metadata.so
+VNDK-core: libcap.so
+VNDK-core: libcn-cbor.so
+VNDK-core: libcodec2.so
+VNDK-core: libcrypto.so
+VNDK-core: libcrypto_utils.so
+VNDK-core: libcurl.so
+VNDK-core: libdiskconfig.so
+VNDK-core: libdumpstateutil.so
+VNDK-core: libevent.so
+VNDK-core: libexif.so
+VNDK-core: libexpat.so
+VNDK-core: libfmq.so
+VNDK-core: libgatekeeper.so
+VNDK-core: libgui.so
+VNDK-core: libhardware_legacy.so
+VNDK-core: libhidlallocatorutils.so
+VNDK-core: libjpeg.so
+VNDK-core: libldacBT_abr.so
+VNDK-core: libldacBT_enc.so
+VNDK-core: liblz4.so
+VNDK-core: libmedia_helper.so
+VNDK-core: libmedia_omx.so
+VNDK-core: libmemtrack.so
+VNDK-core: libminijail.so
+VNDK-core: libmkbootimg_abi_check.so
+VNDK-core: libnetutils.so
+VNDK-core: libnl.so
+VNDK-core: libpcre2.so
+VNDK-core: libpiex.so
+VNDK-core: libpng.so
+VNDK-core: libpower.so
+VNDK-core: libprocinfo.so
+VNDK-core: libradio_metadata.so
+VNDK-core: libspeexresampler.so
+VNDK-core: libsqlite.so
+VNDK-core: libssl.so
+VNDK-core: libstagefright_bufferpool@2.0.so
+VNDK-core: libstagefright_bufferqueue_helper.so
+VNDK-core: libstagefright_foundation.so
+VNDK-core: libstagefright_omx.so
+VNDK-core: libstagefright_omx_utils.so
+VNDK-core: libstagefright_xmlparser.so
+VNDK-core: libsysutils.so
+VNDK-core: libtinyalsa.so
+VNDK-core: libtinyxml2.so
+VNDK-core: libui.so
+VNDK-core: libusbhost.so
+VNDK-core: libwifi-system-iface.so
+VNDK-core: libxml2.so
+VNDK-core: libyuv.so
+VNDK-core: libziparchive.so
+VNDK-private: libbacktrace.so
+VNDK-private: libblas.so
+VNDK-private: libcompiler_rt.so
+VNDK-private: libft2.so
+VNDK-private: libgui.so
+VNDK-product: android.hardware.audio.common@2.0.so
+VNDK-product: android.hardware.configstore@1.0.so
+VNDK-product: android.hardware.configstore@1.1.so
+VNDK-product: android.hardware.graphics.allocator@2.0.so
+VNDK-product: android.hardware.graphics.allocator@3.0.so
+VNDK-product: android.hardware.graphics.allocator@4.0.so
+VNDK-product: android.hardware.graphics.bufferqueue@1.0.so
+VNDK-product: android.hardware.graphics.bufferqueue@2.0.so
+VNDK-product: android.hardware.graphics.common@1.0.so
+VNDK-product: android.hardware.graphics.common@1.1.so
+VNDK-product: android.hardware.graphics.common@1.2.so
+VNDK-product: android.hardware.graphics.mapper@2.0.so
+VNDK-product: android.hardware.graphics.mapper@2.1.so
+VNDK-product: android.hardware.graphics.mapper@3.0.so
+VNDK-product: android.hardware.graphics.mapper@4.0.so
+VNDK-product: android.hardware.media.bufferpool@2.0.so
+VNDK-product: android.hardware.media.omx@1.0.so
+VNDK-product: android.hardware.media@1.0.so
+VNDK-product: android.hardware.memtrack@1.0.so
+VNDK-product: android.hardware.renderscript@1.0.so
+VNDK-product: android.hardware.soundtrigger@2.0.so
+VNDK-product: android.hidl.memory.token@1.0.so
+VNDK-product: android.hidl.memory@1.0.so
+VNDK-product: android.hidl.safe_union@1.0.so
+VNDK-product: android.hidl.token@1.0.so
+VNDK-product: android.system.suspend@1.0.so
+VNDK-product: libaudioutils.so
+VNDK-product: libbacktrace.so
+VNDK-product: libbase.so
+VNDK-product: libc++.so
+VNDK-product: libcamera_metadata.so
+VNDK-product: libcap.so
+VNDK-product: libcompiler_rt.so
+VNDK-product: libcrypto.so
+VNDK-product: libcurl.so
+VNDK-product: libcutils.so
+VNDK-product: libevent.so
+VNDK-product: libexpat.so
+VNDK-product: libfmq.so
+VNDK-product: libhidlbase.so
+VNDK-product: libhidlmemory.so
+VNDK-product: libion.so
+VNDK-product: libjpeg.so
+VNDK-product: libjsoncpp.so
+VNDK-product: libldacBT_abr.so
+VNDK-product: libldacBT_enc.so
+VNDK-product: liblz4.so
+VNDK-product: liblzma.so
+VNDK-product: libminijail.so
+VNDK-product: libnl.so
+VNDK-product: libpcre2.so
+VNDK-product: libpiex.so
+VNDK-product: libpng.so
+VNDK-product: libprocessgroup.so
+VNDK-product: libprocinfo.so
+VNDK-product: libspeexresampler.so
+VNDK-product: libssl.so
+VNDK-product: libtinyalsa.so
+VNDK-product: libtinyxml2.so
+VNDK-product: libunwindstack.so
+VNDK-product: libutils.so
+VNDK-product: libutilscallstack.so
+VNDK-product: libwifi-system-iface.so
+VNDK-product: libxml2.so
+VNDK-product: libyuv.so
+VNDK-product: libz.so
+VNDK-product: libziparchive.so
diff --git a/target/product/gsi/current.txt b/target/product/gsi/current.txt
index f9c1f3d..ae80b37 100644
--- a/target/product/gsi/current.txt
+++ b/target/product/gsi/current.txt
@@ -20,19 +20,21 @@
LLNDK: libvulkan.so
VNDK-SP: android.hardware.common-V2-ndk.so
VNDK-SP: android.hardware.common.fmq-V1-ndk.so
-VNDK-SP: android.hardware.graphics.common-V2-ndk.so
+VNDK-SP: android.hardware.graphics.allocator-V1-ndk.so
+VNDK-SP: android.hardware.graphics.common-V3-ndk.so
VNDK-SP: android.hardware.graphics.common@1.0.so
VNDK-SP: android.hardware.graphics.common@1.1.so
VNDK-SP: android.hardware.graphics.common@1.2.so
+VNDK-SP: android.hardware.graphics.composer3-V1-ndk.so
VNDK-SP: android.hardware.graphics.mapper@2.0.so
VNDK-SP: android.hardware.graphics.mapper@2.1.so
VNDK-SP: android.hardware.graphics.mapper@3.0.so
VNDK-SP: android.hardware.graphics.mapper@4.0.so
VNDK-SP: android.hardware.renderscript@1.0.so
-VNDK-SP: android.hidl.safe_union@1.0.so
VNDK-SP: android.hidl.memory.token@1.0.so
VNDK-SP: android.hidl.memory@1.0-impl.so
VNDK-SP: android.hidl.memory@1.0.so
+VNDK-SP: android.hidl.safe_union@1.0.so
VNDK-SP: libRSCpuRef.so
VNDK-SP: libRSDriver.so
VNDK-SP: libRS_internal.so
@@ -61,12 +63,17 @@
VNDK-core: android.hardware.authsecret-V1-ndk.so
VNDK-core: android.hardware.automotive.occupant_awareness-V1-ndk.so
VNDK-core: android.hardware.bluetooth.audio-V1-ndk.so
+VNDK-core: android.hardware.camera.common-V1-ndk.so
+VNDK-core: android.hardware.camera.device-V1-ndk.so
+VNDK-core: android.hardware.camera.metadata-V1-ndk.so
+VNDK-core: android.hardware.camera.provider-V1-ndk.so
VNDK-core: android.hardware.configstore-utils.so
VNDK-core: android.hardware.configstore@1.0.so
VNDK-core: android.hardware.configstore@1.1.so
VNDK-core: android.hardware.confirmationui-support-lib.so
+VNDK-core: android.hardware.drm-V1-ndk.so
VNDK-core: android.hardware.dumpstate-V1-ndk.so
-VNDK-core: android.hardware.gnss-V1-ndk.so
+VNDK-core: android.hardware.gnss-V2-ndk.so
VNDK-core: android.hardware.graphics.allocator@2.0.so
VNDK-core: android.hardware.graphics.allocator@3.0.so
VNDK-core: android.hardware.graphics.allocator@4.0.so
@@ -74,7 +81,8 @@
VNDK-core: android.hardware.graphics.bufferqueue@2.0.so
VNDK-core: android.hardware.health-V1-ndk.so
VNDK-core: android.hardware.health.storage-V1-ndk.so
-VNDK-core: android.hardware.identity-V3-ndk.so
+VNDK-core: android.hardware.identity-V4-ndk.so
+VNDK-core: android.hardware.ir-V1-ndk.so
VNDK-core: android.hardware.keymaster-V3-ndk.so
VNDK-core: android.hardware.light-V1-ndk.so
VNDK-core: android.hardware.media.bufferpool@2.0.so
@@ -96,11 +104,15 @@
VNDK-core: android.hardware.radio.voice-V1-ndk.so
VNDK-core: android.hardware.rebootescrow-V1-ndk.so
VNDK-core: android.hardware.security.dice-V1-ndk.so
-VNDK-core: android.hardware.security.keymint-V1-ndk.so
+VNDK-core: android.hardware.security.keymint-V2-ndk.so
VNDK-core: android.hardware.security.secureclock-V1-ndk.so
VNDK-core: android.hardware.security.sharedsecret-V1-ndk.so
+VNDK-core: android.hardware.sensors-V1-ndk.so
+VNDK-core: android.hardware.soundtrigger3-V1-ndk.so
VNDK-core: android.hardware.soundtrigger@2.0-core.so
VNDK-core: android.hardware.soundtrigger@2.0.so
+VNDK-core: android.hardware.usb-V1-ndk.so
+VNDK-core: android.hardware.uwb-V1-ndk.so
VNDK-core: android.hardware.vibrator-V2-ndk.so
VNDK-core: android.hardware.weaver-V1-ndk.so
VNDK-core: android.hardware.wifi.hostapd-V1-ndk.so
@@ -108,7 +120,8 @@
VNDK-core: android.hidl.token@1.0-utils.so
VNDK-core: android.hidl.token@1.0.so
VNDK-core: android.media.audio.common.types-V1-ndk.so
-VNDK-core: android.system.keystore2-V1-ndk.so
+VNDK-core: android.media.soundtrigger.types-V1-ndk.so
+VNDK-core: android.system.keystore2-V2-ndk.so
VNDK-core: android.system.suspend-V1-ndk.so
VNDK-core: android.system.suspend@1.0.so
VNDK-core: libaudioroute.so
diff --git a/target/product/handheld_system.mk b/target/product/handheld_system.mk
index 3a59f6c..41233b2 100644
--- a/target/product/handheld_system.mk
+++ b/target/product/handheld_system.mk
@@ -34,7 +34,6 @@
PRODUCT_PACKAGES += \
BasicDreams \
BlockedNumberProvider \
- Bluetooth \
BluetoothMidiService \
BookmarkProvider \
BuiltInPrintService \
diff --git a/target/product/iorap_large_memory_config.mk b/target/product/iorap_large_memory_config.mk
deleted file mode 100644
index 0c6c89a..0000000
--- a/target/product/iorap_large_memory_config.mk
+++ /dev/null
@@ -1,14 +0,0 @@
-# Copyright (C) 2020 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
diff --git a/target/product/security/bluetooth.pk8 b/target/product/security/bluetooth.pk8
new file mode 100644
index 0000000..c6ea434
--- /dev/null
+++ b/target/product/security/bluetooth.pk8
Binary files differ
diff --git a/target/product/security/bluetooth.x509.pem b/target/product/security/bluetooth.x509.pem
new file mode 100644
index 0000000..396d7c9
--- /dev/null
+++ b/target/product/security/bluetooth.x509.pem
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGOzCCBCOgAwIBAgIUEiZapaWZVSter06CJMf2kHi8PIswDQYJKoZIhvcNAQEL
+BQAwgasxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
+DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYDVQQLDAdBbmRy
+b2lkMScwJQYDVQQDDB5jb20uYW5kcm9pZC5ibHVldG9vdGguc2VydmljZXMxIjAg
+BgkqhkiG9w0BCQEWE2FuZHJvaWRAYW5kcm9pZC5jb20wIBcNMjIwMzE1MDAzNjAz
+WhgPNDc2MDAyMDkwMDM2MDNaMIGrMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2Fs
+aWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHQW5kcm9p
+ZDEQMA4GA1UECwwHQW5kcm9pZDEnMCUGA1UEAwweY29tLmFuZHJvaWQuYmx1ZXRv
+b3RoLnNlcnZpY2VzMSIwIAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFuZHJvaWQuY29t
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsVlq9pozUREGlb8u8Y0A
+fYwPs5OuavNx/EsX03aTjmAXUfSOMAewqzUXDIRjw8UQvOW63utaZ0go9osDPzNf
+VEftmGxW/AUC+HWGaLDQfCYO3ficPPOS7xpEhGZERNbnhvh5qX0NBt6mJygsfpOm
+RPThbi6Ig2Brxh1eqVYqRkTjhNFKD6gCd1PdMmUSF88xEYaZWvTkET89Zh38lLza
+2x/wfNZmCSAVurNw1Kf9NQfYsaGHwMsjrvTyhG93TTYXzRBFzAO2WlBiw6R0tQr8
+ZW5XCM9Yo6AS0KXiU0ZWwOXxhGdr38rNd7j9nZtpFwWmN1kgeb/vpEfq0Ylua9By
+uURnfJZu2K4TbFamuyjihItra2ZKOtFNPDeuggKMCkuZz6WU8FCoMEpnq5P2agxN
+OGAa7ynXdNzek98N3TGX8qtfEgCv6vyuM0gakJ6D9nM43nsCm1LkB/JA0CacWyRz
+ljaLL1C4S43azEOYyOOb94ITnkZCQGtH33kxzamyPLIZ37VF4+v6yTXySLBzOnhe
+Os5uBIDohVJuI838bLhZf8e5mIrnjiKwsmExXiQvgidbwvZKCz9n8YT4iUhWPx4F
+W+GPcivZsvsECcnJ2QURK1zhir5QuLS7ZbAth4kiEUxJ6ujF5jftE+L/ClK2LiY0
+2IXWRCct8J1hfJZZx8lm3PUCAwEAAaNTMFEwHQYDVR0OBBYEFO5CgtQzKbTEd/Q9
+rxK14a9BBwFZMB8GA1UdIwQYMBaAFO5CgtQzKbTEd/Q9rxK14a9BBwFZMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGrGS1zmaoARVq7qhoY+xzSc
+1I/Tzf6vG6aHBC+CcIoSM2oqr6TGH+ADHAY6jhu/qzv1ij3gtoInAkBtkWvYsCIV
+eISPj8Qomcd8EIeW77p+ArKzS4HY5m1c/O4D/5rkl6c0exFq4Pdw9V8xyM98QtLd
+oj4xzzXUTPOIwkROHkj8otcML28m/MC0l/4b+flHnPqKFuLBjhxi9b/ZfwaXfjkx
+TcXpM3nPH8zN7kaJpS1fPW1IJyxJYvT022uK+afpezTmyS/50aOncUGjDJRw8CcO
+B88O8lpizDD3tD7P6jVOpRRJS4SnkVErbIn1xdWER6ubhnnycH7UmDVIx+vNd/t6
+YDa377au8Za+LnbDPfV1+Og+RaJSEIjJgfYyqnjBxGdRGN21VbqJdRzo/eO4ZFd2
+mGVtMosVr0jw4O8r60o9oMMWBTbFpxOI929QdcV+X1Lz8A8BZz0faXfZ2Z9usctu
+W2FtZge3tsJ07z7kuhNdbnm2yQVfd0FqiJsapUjlhgcdFVoDWPuqOfWAoG31ble6
+eiNnxfjiCckPWyciIE6lw97nvavGjlUacH5qVG86hOWU7xyBgeQ0PH4e+Nxr50yU
+A0GMxni1gefZFG8qEPdNRuDT1QdqDGh/8Ea11GEUMXdAxk0UzqyAtLDr6MbwK6lV
+mqmeueFdogdjvQ3mXe94
+-----END CERTIFICATE-----
diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py
index 3f13a4a..941edc6 100644
--- a/tools/releasetools/apex_utils.py
+++ b/tools/releasetools/apex_utils.py
@@ -54,7 +54,7 @@
class ApexApkSigner(object):
"""Class to sign the apk files and other files in an apex payload image and repack the apex"""
- def __init__(self, apex_path, key_passwords, codename_to_api_level_map, avbtool=None, sign_tool=None, fsverity_tool=None):
+ def __init__(self, apex_path, key_passwords, codename_to_api_level_map, avbtool=None, sign_tool=None):
self.apex_path = apex_path
if not key_passwords:
self.key_passwords = dict()
@@ -65,9 +65,8 @@
OPTIONS.search_path, "bin", "debugfs_static")
self.avbtool = avbtool if avbtool else "avbtool"
self.sign_tool = sign_tool
- self.fsverity_tool = fsverity_tool if fsverity_tool else "fsverity"
- def ProcessApexFile(self, apk_keys, payload_key, signing_args=None, is_sepolicy=False, sepolicy_key=None, sepolicy_cert=None):
+ def ProcessApexFile(self, apk_keys, payload_key, signing_args=None):
"""Scans and signs the payload files and repack the apex
Args:
@@ -85,14 +84,10 @@
self.debugfs_path, 'list', self.apex_path]
entries_names = common.RunAndCheckOutput(list_cmd).split()
apk_entries = [name for name in entries_names if name.endswith('.apk')]
- sepolicy_entries = []
- if is_sepolicy:
- sepolicy_entries = [name for name in entries_names if
- name.startswith('./etc/SEPolicy') and name.endswith('.zip')]
# No need to sign and repack, return the original apex path.
- if not apk_entries and not sepolicy_entries and self.sign_tool is None:
- logger.info('No payload (apk or zip) file to sign in %s', self.apex_path)
+ if not apk_entries and self.sign_tool is None:
+ logger.info('No apk file to sign in %s', self.apex_path)
return self.apex_path
for entry in apk_entries:
@@ -106,16 +101,15 @@
logger.warning('Apk path does not contain the intended directory name:'
' %s', entry)
- payload_dir, has_signed_content = self.ExtractApexPayloadAndSignContents(apk_entries,
- apk_keys, payload_key, sepolicy_entries, sepolicy_key, sepolicy_cert, signing_args)
+ payload_dir, has_signed_content = self.ExtractApexPayloadAndSignContents(
+ apk_entries, apk_keys, payload_key, signing_args)
if not has_signed_content:
logger.info('No contents has been signed in %s', self.apex_path)
return self.apex_path
return self.RepackApexPayload(payload_dir, payload_key, signing_args)
- def ExtractApexPayloadAndSignContents(self, apk_entries, apk_keys, payload_key,
- sepolicy_entries, sepolicy_key, sepolicy_cert, signing_args):
+ def ExtractApexPayloadAndSignContents(self, apk_entries, apk_keys, payload_key, signing_args):
"""Extracts the payload image and signs the containing apk files."""
if not os.path.exists(self.debugfs_path):
raise ApexSigningError(
@@ -147,11 +141,6 @@
codename_to_api_level_map=self.codename_to_api_level_map)
has_signed_content = True
- for entry in sepolicy_entries:
- sepolicy_key = sepolicy_key if sepolicy_key else payload_key
- self.SignSePolicy(payload_dir, entry, sepolicy_key, sepolicy_cert)
- has_signed_content = True
-
if self.sign_tool:
logger.info('Signing payload contents in apex %s with %s', self.apex_path, self.sign_tool)
# Pass avbtool to the custom signing tool
@@ -165,36 +154,6 @@
return payload_dir, has_signed_content
- def SignSePolicy(self, payload_dir, sepolicy_zip, sepolicy_key, sepolicy_cert):
- sepolicy_sig = sepolicy_zip + '.sig'
- sepolicy_fsv_sig = sepolicy_zip + '.fsv_sig'
-
- policy_zip_path = os.path.join(payload_dir, sepolicy_zip)
- sig_out_path = os.path.join(payload_dir, sepolicy_sig)
- sig_old = sig_out_path + '.old'
- if os.path.exists(sig_out_path):
- os.rename(sig_out_path, sig_old)
- sign_cmd = ['openssl', 'dgst', '-sign', sepolicy_key, '-keyform', 'PEM', '-sha256',
- '-out', sig_out_path, '-binary', policy_zip_path]
- common.RunAndCheckOutput(sign_cmd)
- if os.path.exists(sig_old):
- os.remove(sig_old)
-
- if not sepolicy_cert:
- logger.info('No cert provided for SEPolicy, skipping fsverity sign')
- return
-
- fsv_sig_out_path = os.path.join(payload_dir, sepolicy_fsv_sig)
- fsv_sig_old = fsv_sig_out_path + '.old'
- if os.path.exists(fsv_sig_out_path):
- os.rename(fsv_sig_out_path, fsv_sig_old)
-
- fsverity_cmd = [self.fsverity_tool, 'sign', policy_zip_path, fsv_sig_out_path,
- '--key=' + sepolicy_key, '--cert=' + sepolicy_cert]
- common.RunAndCheckOutput(fsverity_cmd)
- if os.path.exists(fsv_sig_old):
- os.remove(fsv_sig_old)
-
def RepackApexPayload(self, payload_dir, payload_key, signing_args=None):
"""Rebuilds the apex file with the updated payload directory."""
apex_dir = common.MakeTempDir()
@@ -365,9 +324,7 @@
def SignUncompressedApex(avbtool, apex_file, payload_key, container_key,
container_pw, apk_keys, codename_to_api_level_map,
- no_hashtree, signing_args=None, sign_tool=None,
- is_sepolicy=False, sepolicy_key=None, sepolicy_cert=None,
- fsverity_tool=None):
+ no_hashtree, signing_args=None, sign_tool=None):
"""Signs the current uncompressed APEX with the given payload/container keys.
Args:
@@ -380,10 +337,6 @@
no_hashtree: Don't include hashtree in the signed APEX.
signing_args: Additional args to be passed to the payload signer.
sign_tool: A tool to sign the contents of the APEX.
- is_sepolicy: Indicates if the apex is a sepolicy.apex
- sepolicy_key: Key to sign a sepolicy zip.
- sepolicy_cert: Cert to sign a sepolicy zip.
- fsverity_tool: fsverity path to sign sepolicy zip.
Returns:
The path to the signed APEX file.
@@ -392,9 +345,8 @@
# the apex file after signing.
apk_signer = ApexApkSigner(apex_file, container_pw,
codename_to_api_level_map,
- avbtool, sign_tool, fsverity_tool)
- apex_file = apk_signer.ProcessApexFile(
- apk_keys, payload_key, signing_args, is_sepolicy, sepolicy_key, sepolicy_cert)
+ avbtool, sign_tool)
+ apex_file = apk_signer.ProcessApexFile(apk_keys, payload_key, signing_args)
# 2a. Extract and sign the APEX_PAYLOAD_IMAGE entry with the given
# payload_key.
@@ -448,9 +400,7 @@
def SignCompressedApex(avbtool, apex_file, payload_key, container_key,
container_pw, apk_keys, codename_to_api_level_map,
- no_hashtree, signing_args=None, sign_tool=None,
- is_sepolicy=False, sepolicy_key=None, sepolicy_cert=None,
- fsverity_tool=None):
+ no_hashtree, signing_args=None, sign_tool=None):
"""Signs the current compressed APEX with the given payload/container keys.
Args:
@@ -462,10 +412,6 @@
codename_to_api_level_map: A dict that maps from codename to API level.
no_hashtree: Don't include hashtree in the signed APEX.
signing_args: Additional args to be passed to the payload signer.
- is_sepolicy: Indicates if the apex is a sepolicy.apex
- sepolicy_key: Key to sign a sepolicy zip.
- sepolicy_cert: Cert to sign a sepolicy zip.
- fsverity_tool: fsverity path to sign sepolicy zip.
Returns:
The path to the signed APEX file.
@@ -492,11 +438,7 @@
codename_to_api_level_map,
no_hashtree,
signing_args,
- sign_tool,
- is_sepolicy,
- sepolicy_key,
- sepolicy_cert,
- fsverity_tool)
+ sign_tool)
# 3. Compress signed original apex.
compressed_apex_file = common.MakeTempFile(prefix='apex-container-',
@@ -524,8 +466,7 @@
def SignApex(avbtool, apex_data, payload_key, container_key, container_pw,
apk_keys, codename_to_api_level_map,
- no_hashtree, signing_args=None, sign_tool=None,
- is_sepolicy=False, sepolicy_key=None, sepolicy_cert=None, fsverity_tool=None):
+ no_hashtree, signing_args=None, sign_tool=None):
"""Signs the current APEX with the given payload/container keys.
Args:
@@ -537,9 +478,6 @@
codename_to_api_level_map: A dict that maps from codename to API level.
no_hashtree: Don't include hashtree in the signed APEX.
signing_args: Additional args to be passed to the payload signer.
- sepolicy_key: Key to sign a sepolicy zip.
- sepolicy_cert: Cert to sign a sepolicy zip.
- fsverity_tool: fsverity path to sign sepolicy zip.
Returns:
The path to the signed APEX file.
@@ -565,11 +503,7 @@
no_hashtree=no_hashtree,
apk_keys=apk_keys,
signing_args=signing_args,
- sign_tool=sign_tool,
- is_sepolicy=is_sepolicy,
- sepolicy_key=sepolicy_key,
- sepolicy_cert=sepolicy_cert,
- fsverity_tool=fsverity_tool)
+ sign_tool=sign_tool)
elif apex_type == 'COMPRESSED':
return SignCompressedApex(
avbtool,
@@ -581,11 +515,7 @@
no_hashtree=no_hashtree,
apk_keys=apk_keys,
signing_args=signing_args,
- sign_tool=sign_tool,
- is_sepolicy=is_sepolicy,
- sepolicy_key=sepolicy_key,
- sepolicy_cert=sepolicy_cert,
- fsverity_tool=fsverity_tool)
+ sign_tool=sign_tool)
else:
# TODO(b/172912232): support signing compressed apex
raise ApexInfoError('Unsupported apex type {}'.format(apex_type))
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index bd3af68..c2c6df1 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -97,7 +97,6 @@
self.stash_threshold = 0.8
self.logfile = None
self.host_tools = {}
- self.sepolicy_name = 'sepolicy.apex'
OPTIONS = Options()
diff --git a/tools/releasetools/sign_apex.py b/tools/releasetools/sign_apex.py
index a68f1ec..6926467 100755
--- a/tools/releasetools/sign_apex.py
+++ b/tools/releasetools/sign_apex.py
@@ -42,15 +42,6 @@
--sign_tool <sign_tool>
Optional flag that specifies a custom signing tool for the contents of the apex.
-
- --sepolicy_key <key>
- Optional flag that specifies the sepolicy signing key, defaults to payload_key.
-
- --sepolicy_cert <cert>
- Optional flag that specifies the sepolicy signing cert.
-
- --fsverity_tool <path>
- Optional flag that specifies the path to fsverity tool to sign SEPolicy, defaults to fsverity.
"""
import logging
@@ -61,12 +52,10 @@
import common
logger = logging.getLogger(__name__)
-OPTIONS = common.OPTIONS
def SignApexFile(avbtool, apex_file, payload_key, container_key, no_hashtree,
- apk_keys=None, signing_args=None, codename_to_api_level_map=None, sign_tool=None,
- sepolicy_key=None, sepolicy_cert=None, fsverity_tool=None):
+ apk_keys=None, signing_args=None, codename_to_api_level_map=None, sign_tool=None):
"""Signs the given apex file."""
with open(apex_file, 'rb') as input_fp:
apex_data = input_fp.read()
@@ -81,11 +70,7 @@
no_hashtree=no_hashtree,
apk_keys=apk_keys,
signing_args=signing_args,
- sign_tool=sign_tool,
- is_sepolicy=apex_file.endswith(OPTIONS.sepolicy_name),
- sepolicy_key=sepolicy_key,
- sepolicy_cert=sepolicy_cert,
- fsverity_tool=fsverity_tool)
+ sign_tool=sign_tool)
def main(argv):
@@ -121,12 +106,6 @@
options['extra_apks'].update({n: key})
elif o == '--sign_tool':
options['sign_tool'] = a
- elif o == '--sepolicy_key':
- options['sepolicy_key'] = a
- elif o == '--sepolicy_cert':
- options['sepolicy_cert'] = a
- elif o == '--fsverity_tool':
- options['fsverity_tool'] = a
else:
return False
return True
@@ -142,9 +121,6 @@
'payload_key=',
'extra_apks=',
'sign_tool=',
- 'sepolicy_key=',
- 'sepolicy_cert=',
- 'fsverity_tool='
],
extra_option_handler=option_handler)
@@ -165,10 +141,7 @@
signing_args=options.get('payload_extra_args'),
codename_to_api_level_map=options.get(
'codename_to_api_level_map', {}),
- sign_tool=options.get('sign_tool', None),
- sepolicy_key=options.get('sepolicy_key', None),
- sepolicy_cert=options.get('sepolicy_cert', None),
- fsverity_tool=options.get('fsverity_tool', None))
+ sign_tool=options.get('sign_tool', None))
shutil.copyfile(signed_apex, args[1])
logger.info("done.")
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index c803340..fc6afb1 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -99,15 +99,15 @@
The second dir will be used for lookup if BOARD_USES_RECOVERY_AS_BOOT is
set to true.
- --avb_{boot,system,system_other,vendor,dtbo,vbmeta,vbmeta_system,
+ --avb_{boot,recovery,system,system_other,vendor,dtbo,vbmeta,vbmeta_system,
vbmeta_vendor}_algorithm <algorithm>
- --avb_{boot,system,system_other,vendor,dtbo,vbmeta,vbmeta_system,
+ --avb_{boot,recovery,system,system_other,vendor,dtbo,vbmeta,vbmeta_system,
vbmeta_vendor}_key <key>
Use the specified algorithm (e.g. SHA256_RSA4096) and the key to AVB-sign
the specified image. Otherwise it uses the existing values in info dict.
- --avb_{apex,boot,system,system_other,vendor,dtbo,vbmeta,vbmeta_system,
- vbmeta_vendor}_extra_args <args>
+ --avb_{apex,boot,recovery,system,system_other,vendor,dtbo,vbmeta,
+ vbmeta_system,vbmeta_vendor}_extra_args <args>
Specify any additional args that are needed to AVB-sign the image
(e.g. "--signing_helper /path/to/helper"). The args will be appended to
the existing ones in info dict.
@@ -137,15 +137,6 @@
--android_jar_path <path>
Path to the android.jar to repack the apex file.
- --sepolicy_key <key>
- Optional flag that specifies the sepolicy signing key, defaults to payload_key for the sepolicy.apex.
-
- --sepolicy_cert <cert>
- Optional flag that specifies the sepolicy signing cert.
-
- --fsverity_tool <path>
- Optional flag that specifies the path to fsverity tool to sign SEPolicy, defaults to fsverity.
-
--allow_gsi_debug_sepolicy
Allow the existence of the file 'userdebug_plat_sepolicy.cil' under
(/system/system_ext|/system_ext)/etc/selinux.
@@ -205,9 +196,6 @@
OPTIONS.android_jar_path = None
OPTIONS.vendor_partitions = set()
OPTIONS.vendor_otatools = None
-OPTIONS.sepolicy_key = None
-OPTIONS.sepolicy_cert = None
-OPTIONS.fsverity_tool = None
OPTIONS.allow_gsi_debug_sepolicy = False
@@ -246,8 +234,6 @@
def IsApexFile(filename):
return filename.endswith(".apex") or filename.endswith(".capex")
-def IsSepolicyApex(filename):
- return filename.endswith(OPTIONS.sepolicy_name)
def GetApexFilename(filename):
name = os.path.basename(filename)
@@ -270,24 +256,6 @@
return certmap
-def GetSepolicyKeys(keys_info):
- """Gets SEPolicy signing keys applying overrides from command line options.
-
- Args:
- keys_info: A dict that maps from the SEPolicy APEX filename to a tuple of
- (sepolicy_key, sepolicy_cert, fsverity_tool).
-
- Returns:
- A dict that contains the updated APEX key mapping, which should be used for
- the current signing.
- """
- for name in keys_info:
- (sepolicy_key, sepolicy_cert, fsverity_tool) = keys_info[name]
- sepolicy_key = OPTIONS.sepolicy_key if OPTIONS.sepolicy_key else sepolicy_key
- sepolicy_cert = OPTIONS.sepolicy_cert if OPTIONS.sepolicy_cert else sepolicy_cert
- fsverity_tool = OPTIONS.fsverity_tool if OPTIONS.fsverity_tool else fsverity_tool
- keys_info[name] = (sepolicy_key, sepolicy_cert, fsverity_tool)
- return keys_info
def GetApexKeys(keys_info, key_map):
"""Gets APEX payload and container signing keys by applying the mapping rules.
@@ -550,7 +518,7 @@
def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
apk_keys, apex_keys, key_passwords,
platform_api_level, codename_to_api_level_map,
- compressed_extension, sepolicy_keys):
+ compressed_extension):
# maxsize measures the maximum filename length, including the ones to be
# skipped.
try:
@@ -618,17 +586,6 @@
print(" : %-*s payload (%s)" % (
maxsize, name, payload_key))
- sepolicy_key = None
- sepolicy_cert = None
- fsverity_tool = None
-
- if IsSepolicyApex(name):
- (sepolicy_key, sepolicy_cert, fsverity_tool) = sepolicy_keys[name]
- print(" : %-*s sepolicy key (%s)" % (
- maxsize, name, sepolicy_key))
- print(" : %-*s sepolicy cert (%s)" % (
- maxsize, name, sepolicy_cert))
-
signed_apex = apex_utils.SignApex(
misc_info['avb_avbtool'],
data,
@@ -639,11 +596,7 @@
codename_to_api_level_map,
no_hashtree=None, # Let apex_util determine if hash tree is needed
signing_args=OPTIONS.avb_extra_args.get('apex'),
- sign_tool=sign_tool,
- is_sepolicy=IsSepolicyApex(name),
- sepolicy_key=sepolicy_key,
- sepolicy_cert=sepolicy_cert,
- fsverity_tool=fsverity_tool)
+ sign_tool=sign_tool)
common.ZipWrite(output_tf_zip, signed_apex, filename)
else:
@@ -1253,24 +1206,20 @@
def ReadApexKeysInfo(tf_zip):
"""Parses the APEX keys info from a given target-files zip.
- Given a target-files ZipFile, parses the META/apexkeys.txt entry and returns
- two dicts, the first one contains the mapping from APEX names
- (e.g. com.android.tzdata) to a tuple of (payload_key, container_key,
- sign_tool). The second one maps the sepolicy APEX name to a tuple containing
- (sepolicy_key, sepolicy_cert, fsverity_tool).
+ Given a target-files ZipFile, parses the META/apexkeys.txt entry and returns a
+ dict that contains the mapping from APEX names (e.g. com.android.tzdata) to a
+ tuple of (payload_key, container_key, sign_tool).
Args:
tf_zip: The input target_files ZipFile (already open).
Returns:
- name : (payload_key, container_key, sign_tool)
+ (payload_key, container_key, sign_tool):
- payload_key contains the path to the payload signing key
- container_key contains the path to the container signing key
- sign_tool is an apex-specific signing tool for its payload contents
- name : (sepolicy_key, sepolicy_cert, fsverity_tool)
"""
keys = {}
- sepolicy_keys = {}
for line in tf_zip.read('META/apexkeys.txt').decode().split('\n'):
line = line.strip()
if not line:
@@ -1281,9 +1230,6 @@
r'private_key="(?P<PAYLOAD_PRIVATE_KEY>.*)"\s+'
r'container_certificate="(?P<CONTAINER_CERT>.*)"\s+'
r'container_private_key="(?P<CONTAINER_PRIVATE_KEY>.*?)"'
- r'(\s+sepolicy_key="(?P<SEPOLICY_KEY>.*?)")?'
- r'(\s+sepolicy_certificate="(?P<SEPOLICY_CERT>.*?)")?'
- r'(\s+fsverity_tool="(?P<FSVERITY_TOOL>.*?)")?'
r'(\s+partition="(?P<PARTITION>.*?)")?'
r'(\s+sign_tool="(?P<SIGN_TOOL>.*?)")?$',
line)
@@ -1312,18 +1258,12 @@
container_private_key, OPTIONS.private_key_suffix):
container_key = container_cert[:-len(OPTIONS.public_key_suffix)]
else:
- raise ValueError("Failed to parse container keys: \n{} **** {}".format(container_cert, container_private_key))
+ raise ValueError("Failed to parse container keys: \n{}".format(line))
sign_tool = matches.group("SIGN_TOOL")
keys[name] = (payload_private_key, container_key, sign_tool)
- if IsSepolicyApex(name):
- sepolicy_key = matches.group('SEPOLICY_KEY')
- sepolicy_cert = matches.group('SEPOLICY_CERT')
- fsverity_tool = matches.group('FSVERITY_TOOL')
- sepolicy_keys[name] = (sepolicy_key, sepolicy_cert, fsverity_tool)
-
- return keys, sepolicy_keys
+ return keys
def BuildVendorPartitions(output_zip_path):
@@ -1481,6 +1421,12 @@
OPTIONS.avb_algorithms['dtbo'] = a
elif o == "--avb_dtbo_extra_args":
OPTIONS.avb_extra_args['dtbo'] = a
+ elif o == "--avb_recovery_key":
+ OPTIONS.avb_keys['recovery'] = a
+ elif o == "--avb_recovery_algorithm":
+ OPTIONS.avb_algorithms['recovery'] = a
+ elif o == "--avb_recovery_extra_args":
+ OPTIONS.avb_extra_args['recovery'] = a
elif o == "--avb_system_key":
OPTIONS.avb_keys['system'] = a
elif o == "--avb_system_algorithm":
@@ -1535,12 +1481,6 @@
OPTIONS.vendor_otatools = a
elif o == "--vendor_partitions":
OPTIONS.vendor_partitions = set(a.split(","))
- elif o == '--sepolicy_key':
- OPTIONS.sepolicy_key = a
- elif o == '--sepolicy_cert':
- OPTIONS.sepolicy_cert = a
- elif o == '--fsverity_tool':
- OPTIONS.fsverity_tool = a
elif o == "--allow_gsi_debug_sepolicy":
OPTIONS.allow_gsi_debug_sepolicy = True
else:
@@ -1572,6 +1512,9 @@
"avb_dtbo_algorithm=",
"avb_dtbo_key=",
"avb_dtbo_extra_args=",
+ "avb_recovery_algorithm=",
+ "avb_recovery_key=",
+ "avb_recovery_extra_args=",
"avb_system_algorithm=",
"avb_system_key=",
"avb_system_extra_args=",
@@ -1595,9 +1538,6 @@
"gki_signing_extra_args=",
"vendor_partitions=",
"vendor_otatools=",
- "sepolicy_key=",
- "sepolicy_cert=",
- "fsverity_tool=",
"allow_gsi_debug_sepolicy",
],
extra_option_handler=option_handler)
@@ -1620,9 +1560,8 @@
apk_keys_info, compressed_extension = common.ReadApkCerts(input_zip)
apk_keys = GetApkCerts(apk_keys_info)
- apex_keys_info, sepolicy_keys_info = ReadApexKeysInfo(input_zip)
+ apex_keys_info = ReadApexKeysInfo(input_zip)
apex_keys = GetApexKeys(apex_keys_info, apk_keys)
- sepolicy_keys = GetSepolicyKeys(sepolicy_keys_info)
# TODO(xunchang) check for the apks inside the apex files, and abort early if
# the keys are not available.
@@ -1640,7 +1579,7 @@
ProcessTargetFiles(input_zip, output_zip, misc_info,
apk_keys, apex_keys, key_passwords,
platform_api_level, codename_to_api_level_map,
- compressed_extension, sepolicy_keys)
+ compressed_extension)
common.ZipClose(input_zip)
common.ZipClose(output_zip)
diff --git a/tools/releasetools/test_sign_apex.py b/tools/releasetools/test_sign_apex.py
index c344e22..8470f20 100644
--- a/tools/releasetools/test_sign_apex.py
+++ b/tools/releasetools/test_sign_apex.py
@@ -71,21 +71,3 @@
False,
codename_to_api_level_map={'S': 31, 'Tiramisu' : 32})
self.assertTrue(os.path.exists(signed_apex))
-
- @test_utils.SkipIfExternalToolsUnavailable()
- def test_SignApexWithSepolicy(self):
- test_apex = os.path.join(self.testdata_dir, 'sepolicy.apex')
- payload_key = os.path.join(self.testdata_dir, 'testkey_RSA4096.key')
- container_key = os.path.join(self.testdata_dir, 'testkey')
- sepolicy_key = os.path.join(self.testdata_dir, 'testkey_RSA4096.key')
- sepolicy_cert = os.path.join(self.testdata_dir, 'testkey.x509.pem')
- signed_test_apex = sign_apex.SignApexFile(
- 'avbtool',
- test_apex,
- payload_key,
- container_key,
- False,
- None,
- sepolicy_key=sepolicy_key,
- sepolicy_cert=sepolicy_cert)
- self.assertTrue(os.path.exists(signed_test_apex))
diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py
index 144a3cd..0f13add 100644
--- a/tools/releasetools/test_sign_target_files_apks.py
+++ b/tools/releasetools/test_sign_target_files_apks.py
@@ -476,7 +476,7 @@
target_files_zip.writestr('META/apexkeys.txt', self.APEX_KEYS_TXT)
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+ keys_info = ReadApexKeysInfo(target_files_zip)
self.assertEqual({
'apex.apexd_test.apex': (
@@ -486,7 +486,6 @@
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
'build/make/target/product/security/testkey', None),
}, keys_info)
- self.assertEqual({}, sepolicy_keys_info)
def test_ReadApexKeysInfo_mismatchingContainerKeys(self):
# Mismatching payload public / private keys.
@@ -516,7 +515,7 @@
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+ keys_info = ReadApexKeysInfo(target_files_zip)
self.assertEqual({
'apex.apexd_test.apex': (
@@ -526,7 +525,6 @@
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
'build/make/target/product/security/testkey', None),
}, keys_info)
- self.assertEqual({}, sepolicy_keys_info)
def test_ReadApexKeysInfo_missingPayloadPublicKey(self):
# Invalid lines will be skipped.
@@ -540,7 +538,7 @@
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+ keys_info = ReadApexKeysInfo(target_files_zip)
self.assertEqual({
'apex.apexd_test.apex': (
@@ -550,7 +548,6 @@
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
'build/make/target/product/security/testkey', None),
}, keys_info)
- self.assertEqual({}, sepolicy_keys_info)
def test_ReadApexKeysInfo_presignedKeys(self):
apex_keys = self.APEX_KEYS_TXT + (
@@ -564,7 +561,7 @@
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+ keys_info = ReadApexKeysInfo(target_files_zip)
self.assertEqual({
'apex.apexd_test.apex': (
@@ -574,7 +571,6 @@
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
'build/make/target/product/security/testkey', None),
}, keys_info)
- self.assertEqual({}, sepolicy_keys_info)
def test_ReadApexKeysInfo_presignedKeys(self):
apex_keys = self.APEX_KEYS_TXT + (
@@ -588,7 +584,7 @@
target_files_zip.writestr('META/apexkeys.txt', apex_keys)
with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+ keys_info = ReadApexKeysInfo(target_files_zip)
self.assertEqual({
'apex.apexd_test.apex': (
@@ -598,72 +594,6 @@
'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
'build/make/target/product/security/testkey', None),
}, keys_info)
- self.assertEqual({}, sepolicy_keys_info)
-
- def test_ReadApexKeysInfo_withSepolicyKeys(self):
- apex_keys = self.APEX_KEYS_TXT + (
- 'name="sepolicy.apex" '
- 'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
- 'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
- 'container_certificate="build/make/target/product/security/testkey.x509.pem" '
- 'container_private_key="build/make/target/product/security/testkey.pk8" '
- 'sepolicy_key="build/make/target/product/security/testkey.key" '
- 'sepolicy_certificate="build/make/target/product/security/testkey.x509.pem" '
- 'fsverity_tool="fsverity"')
- target_files = common.MakeTempFile(suffix='.zip')
- with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
- target_files_zip.writestr('META/apexkeys.txt', apex_keys)
-
- with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
-
- self.assertEqual({
- 'apex.apexd_test.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
- 'build/make/target/product/security/testkey', None),
- 'apex.apexd_test_different_app.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
- 'build/make/target/product/security/testkey', None),
- 'sepolicy.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
- 'build/make/target/product/security/testkey', None),
- }, keys_info)
- self.assertEqual({'sepolicy.apex': (
- 'build/make/target/product/security/testkey.key',
- 'build/make/target/product/security/testkey.x509.pem',
- 'fsverity'),
- }, sepolicy_keys_info)
-
- def test_ReadApexKeysInfo_withSepolicyApex(self):
- apex_keys = self.APEX_KEYS_TXT + (
- 'name="sepolicy.apex" '
- 'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
- 'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
- 'container_certificate="build/make/target/product/security/testkey.x509.pem" '
- 'container_private_key="build/make/target/product/security/testkey.pk8" ')
- target_files = common.MakeTempFile(suffix='.zip')
- with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
- target_files_zip.writestr('META/apexkeys.txt', apex_keys)
-
- with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
- keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
-
- self.assertEqual({
- 'apex.apexd_test.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
- 'build/make/target/product/security/testkey', None),
- 'apex.apexd_test_different_app.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
- 'build/make/target/product/security/testkey', None),
- 'sepolicy.apex': (
- 'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
- 'build/make/target/product/security/testkey', None),
- }, keys_info)
- self.assertEqual({'sepolicy.apex': (
- None,
- None,
- None),
- }, sepolicy_keys_info)
def test_ReplaceGkiSigningKey(self):
common.OPTIONS.gki_signing_key = 'release_gki_key'
diff --git a/tools/releasetools/testdata/sepolicy.apex b/tools/releasetools/testdata/sepolicy.apex
deleted file mode 100644
index f7d267d..0000000
--- a/tools/releasetools/testdata/sepolicy.apex
+++ /dev/null
Binary files differ
diff --git a/tools/signapk/src/com/android/signapk/SignApk.java b/tools/signapk/src/com/android/signapk/SignApk.java
index c127dbe..b0c792c 100644
--- a/tools/signapk/src/com/android/signapk/SignApk.java
+++ b/tools/signapk/src/com/android/signapk/SignApk.java
@@ -1081,6 +1081,7 @@
boolean signUsingApkSignatureSchemeV2 = true;
boolean signUsingApkSignatureSchemeV4 = false;
SigningCertificateLineage certLineage = null;
+ Integer rotationMinSdkVersion = null;
int argstart = 0;
while (argstart < args.length && args[argstart].startsWith("-")) {
@@ -1135,6 +1136,15 @@
"Error reading lineage file: " + e.getMessage());
}
++argstart;
+ } else if ("--rotation-min-sdk-version".equals(args[argstart])) {
+ String rotationMinSdkVersionString = args[++argstart];
+ try {
+ rotationMinSdkVersion = Integer.parseInt(rotationMinSdkVersionString);
+ } catch (NumberFormatException e) {
+ throw new IllegalArgumentException(
+ "--rotation-min-sdk-version must be a decimal number: " + rotationMinSdkVersionString);
+ }
+ ++argstart;
} else {
usage();
}
@@ -1226,15 +1236,22 @@
}
}
- try (ApkSignerEngine apkSigner =
- new DefaultApkSignerEngine.Builder(
- createSignerConfigs(privateKey, publicKey), minSdkVersion)
- .setV1SigningEnabled(true)
- .setV2SigningEnabled(signUsingApkSignatureSchemeV2)
- .setOtherSignersSignaturesPreserved(false)
- .setCreatedBy("1.0 (Android SignApk)")
- .setSigningCertificateLineage(certLineage)
- .build()) {
+ DefaultApkSignerEngine.Builder builder = new DefaultApkSignerEngine.Builder(
+ createSignerConfigs(privateKey, publicKey), minSdkVersion)
+ .setV1SigningEnabled(true)
+ .setV2SigningEnabled(signUsingApkSignatureSchemeV2)
+ .setOtherSignersSignaturesPreserved(false)
+ .setCreatedBy("1.0 (Android SignApk)");
+
+ if (certLineage != null) {
+ builder = builder.setSigningCertificateLineage(certLineage);
+ }
+
+ if (rotationMinSdkVersion != null) {
+ builder = builder.setMinSdkVersionForRotation(rotationMinSdkVersion);
+ }
+
+ try (ApkSignerEngine apkSigner = builder.build()) {
// We don't preserve the input APK's APK Signing Block (which contains v2
// signatures)
apkSigner.inputApkSigningBlock(null);