Make change and version bump to aml_tz4_331910000 for mainline module file: Noneaml_tz4_331910000android13-mainline-tzdata4-release

Snap for 10102166 from 2d5ebe745ee407b619c744d62a68e3a651dd1df8 to mainline-tzdata4-release

Change-Id: I0c39c06084f90aaf0b194cb3dabe60a9fb9e3f1b

10 files changed, 55 insertions, 33 deletions

diff --git a/core/OWNERS b/core/OWNERS
index 8794434f7b..8d612e02d5 100644
--- a/core/OWNERS
+++ b/core/OWNERS
@@ -2,5 +2,5 @@ per-file dex_preopt*.mk = ngeoffray@google.com,calin@google.com,mathewi@google.c
 per-file verify_uses_libraries.sh = ngeoffray@google.com,calin@google.com,skvadrik@google.com
 
 # For version updates
-per-file version_defaults.mk = aseaton@google.com,elisapascual@google.com,lubomir@google.com,pscovanner@google.com
+per-file version_defaults.mk = aseaton@google.com,lubomir@google.com,pscovanner@google.com,bkhalife@google.com,jainne@google.com
 
diff --git a/core/build_id.mk b/core/build_id.mk
index 58f5ceb66b..6707398a8b 100644
--- a/core/build_id.mk
+++ b/core/build_id.mk
@@ -18,4 +18,4 @@
 # (like "CRB01").  It must be a single word, and is
 # capitalized by convention.
 
-BUILD_ID=331314000
+BUILD_ID=331910000
diff --git a/core/tasks/sts-lite.mk b/core/tasks/sts-lite.mk
index dee25d4802..65c65c3dc6 100644
--- a/core/tasks/sts-lite.mk
+++ b/core/tasks/sts-lite.mk
@@ -29,7 +29,8 @@ $(sts_sdk_zip): $(MERGE_ZIPS) $(ZIP2ZIP) $(compatibility_zip) $(sts_sdk_samples)
 	$(ZIP2ZIP) -i $(STS_LITE_ZIP) -o $(STS_LITE_ZIP)_filtered \
 		-x android-sts-lite/tools/sts-tradefed-tests.jar \
 		'android-sts-lite/tools/*:sts-test/libs/' \
-		'android-sts-lite/testcases/*:sts-test/utils/'
+		'android-sts-lite/testcases/*:sts-test/utils/' \
+		'android-sts-lite/jdk/**/*:sts-test/jdk/'
 	$(MERGE_ZIPS) $@ $(STS_LITE_ZIP)_filtered $(STS_SDK_SAMPLES)
 	rm -f $(STS_LITE_ZIP)_filtered
 
diff --git a/core/tasks/tools/compatibility.mk b/core/tasks/tools/compatibility.mk
index 4b8bd16c2e..cfae490c30 100644
--- a/core/tasks/tools/compatibility.mk
+++ b/core/tasks/tools/compatibility.mk
@@ -30,7 +30,6 @@ test_suite_subdir := android-$(test_suite_name)
 out_dir := $(HOST_OUT)/$(test_suite_name)/$(test_suite_subdir)
 test_artifacts := $(COMPATIBILITY.$(test_suite_name).FILES)
 test_tools := $(HOST_OUT_JAVA_LIBRARIES)/tradefed.jar \
-  $(HOST_OUT_JAVA_LIBRARIES)/tradefed-no-fwk.jar \
   $(HOST_OUT_JAVA_LIBRARIES)/tradefed-test-framework.jar \
   $(HOST_OUT_JAVA_LIBRARIES)/loganalysis.jar \
   $(HOST_OUT_JAVA_LIBRARIES)/compatibility-host-util.jar \
diff --git a/core/version_defaults.mk b/core/version_defaults.mk
index c7aa309ffb..e54c2d7ea0 100644
--- a/core/version_defaults.mk
+++ b/core/version_defaults.mk
@@ -78,7 +78,7 @@ endif
 .KATI_READONLY := PLATFORM_SDK_VERSION
 
 # This is the sdk extension version of this tree.
-PLATFORM_SDK_EXTENSION_VERSION := 5
+PLATFORM_SDK_EXTENSION_VERSION := 6
 .KATI_READONLY := PLATFORM_SDK_EXTENSION_VERSION
 
 # This is the sdk extension version that PLATFORM_SDK_VERSION ships with.
@@ -103,7 +103,7 @@ ifndef PLATFORM_SECURITY_PATCH
     #  It must be of the form "YYYY-MM-DD" on production devices.
     #  It must match one of the Android Security Patch Level strings of the Public Security Bulletins.
     #  If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
-    PLATFORM_SECURITY_PATCH := 2022-12-01
+    PLATFORM_SECURITY_PATCH := 2023-06-01
 endif
 
 include $(BUILD_SYSTEM)/version_util.mk
diff --git a/target/product/module_common.mk b/target/product/module_common.mk
index 54f3949965..ec670ee4c9 100644
--- a/target/product/module_common.mk
+++ b/target/product/module_common.mk
@@ -25,3 +25,8 @@ PRODUCT_SHIPPING_API_LEVEL := 29
 # Builds using a module product should build modules from source, even if
 # BRANCH_DEFAULT_MODULE_BUILD_FROM_SOURCE says otherwise.
 PRODUCT_MODULE_BUILD_FROM_SOURCE := true
+
+# Build sdk from source if the branch is not using slim manifests.
+ifneq (,$(strip $(wildcard frameworks/base/Android.bp)))
+  UNBUNDLED_BUILD_SDKS_FROM_SOURCE := true
+endif
diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py
index fbe90abace..c3f7203b60 100644
--- a/tools/releasetools/apex_utils.py
+++ b/tools/releasetools/apex_utils.py
@@ -65,6 +65,8 @@ class ApexApkSigner(object):
         OPTIONS.search_path, "bin", "debugfs_static")
     self.fsckerofs_path = os.path.join(
         OPTIONS.search_path, "bin", "fsck.erofs")
+    self.blkid_path = os.path.join(
+        OPTIONS.search_path, "bin", "blkid_static")
     self.avbtool = avbtool if avbtool else "avbtool"
     self.sign_tool = sign_tool
 
@@ -82,13 +84,8 @@ class ApexApkSigner(object):
           "Couldn't find location of debugfs_static: " +
           "Path {} does not exist. ".format(self.debugfs_path) +
           "Make sure bin/debugfs_static can be found in -p <path>")
-    if not os.path.exists(self.fsckerofs_path):
-      raise ApexSigningError(
-          "Couldn't find location of fsck.erofs: " +
-          "Path {} does not exist. ".format(self.fsckerofs_path) +
-          "Make sure bin/fsck.erofs can be found in -p <path>")
     list_cmd = ['deapexer', '--debugfs_path', self.debugfs_path,
-                '--fsckerofs_path', self.fsckerofs_path, 'list', self.apex_path]
+                'list', self.apex_path]
     entries_names = common.RunAndCheckOutput(list_cmd).split()
     apk_entries = [name for name in entries_names if name.endswith('.apk')]
 
@@ -128,9 +125,15 @@ class ApexApkSigner(object):
           "Couldn't find location of fsck.erofs: " +
           "Path {} does not exist. ".format(self.fsckerofs_path) +
           "Make sure bin/fsck.erofs can be found in -p <path>")
+    if not os.path.exists(self.blkid_path):
+      raise ApexSigningError(
+          "Couldn't find location of blkid: " +
+          "Path {} does not exist. ".format(self.blkid_path) +
+          "Make sure bin/blkid can be found in -p <path>")
     payload_dir = common.MakeTempDir()
     extract_cmd = ['deapexer', '--debugfs_path', self.debugfs_path,
-                   '--fsckerofs_path', self.fsckerofs_path, 'extract',
+                   '--fsckerofs_path', self.fsckerofs_path,
+                   '--blkid_path', self.blkid_path, 'extract',
                    self.apex_path, payload_dir]
     common.RunAndCheckOutput(extract_cmd)
 
@@ -430,7 +433,6 @@ def SignCompressedApex(avbtool, apex_file, payload_key, container_key,
     The path to the signed APEX file.
   """
   debugfs_path = os.path.join(OPTIONS.search_path, 'bin', 'debugfs_static')
-  fsckerofs_path = os.path.join(OPTIONS.search_path, 'bin', 'fsck.erofs')
 
   # 1. Decompress original_apex inside compressed apex.
   original_apex_file = common.MakeTempFile(prefix='original-apex-',
@@ -438,7 +440,6 @@ def SignCompressedApex(avbtool, apex_file, payload_key, container_key,
   # Decompression target path should not exist
   os.remove(original_apex_file)
   common.RunAndCheckOutput(['deapexer', '--debugfs_path', debugfs_path,
-                            '--fsckerofs_path', fsckerofs_path,
                             'decompress', '--input', apex_file,
                             '--output', original_apex_file])
 
@@ -502,9 +503,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw,
     output_fp.write(apex_data)
 
   debugfs_path = os.path.join(OPTIONS.search_path, 'bin', 'debugfs_static')
-  fsckerofs_path = os.path.join(OPTIONS.search_path, 'bin', 'fsck.erofs')
   cmd = ['deapexer', '--debugfs_path', debugfs_path,
-         '--fsckerofs_path', fsckerofs_path,
          'info', '--print-type', apex_file]
 
   try:
@@ -577,10 +576,6 @@ def GetApexInfoFromTargetFiles(input_file, partition, compressed_only=True):
   if OPTIONS.search_path:
     debugfs_path = os.path.join(OPTIONS.search_path, "bin", "debugfs_static")
 
-  fsckerofs_path = "fsck.erofs"
-  if OPTIONS.search_path:
-    fsckerofs_path = os.path.join(OPTIONS.search_path, "bin", "fsck.erofs")
-
   deapexer = 'deapexer'
   if OPTIONS.search_path:
     deapexer_path = os.path.join(OPTIONS.search_path, "bin", "deapexer")
@@ -601,7 +596,6 @@ def GetApexInfoFromTargetFiles(input_file, partition, compressed_only=True):
     # Check if the file is compressed or not
     apex_type = RunAndCheckOutput([
         deapexer, "--debugfs_path", debugfs_path,
-        "--fsckerofs_path", fsckerofs_path,
         'info', '--print-type', apex_filepath]).rstrip()
     if apex_type == 'COMPRESSED':
       apex_info.is_compressed = True
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 418d8daa85..ec49b0d36f 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -2309,12 +2309,22 @@ def GetMinSdkVersionInt(apk_name, codename_to_api_level_map):
   try:
     return int(version)
   except ValueError:
-    # Not a decimal number. Codename?
-    if version in codename_to_api_level_map:
-      return codename_to_api_level_map[version]
+    # Not a decimal number.
+    #
+    # It could be either a straight codename, e.g.
+    #     UpsideDownCake
+    #
+    # Or a codename with API fingerprint SHA, e.g.
+    #     UpsideDownCake.e7d3947f14eb9dc4fec25ff6c5f8563e
+    #
+    # Extract the codename and try and map it to a version number.
+    split = version.split(".")
+    codename = split[0]
+    if codename in codename_to_api_level_map:
+      return codename_to_api_level_map[codename]
     raise ExternalError(
-        "Unknown minSdkVersion: '{}'. Known codenames: {}".format(
-            version, codename_to_api_level_map))
+        "Unknown codename: '{}' from minSdkVersion: '{}'. Known codenames: {}".format(
+            codename, version, codename_to_api_level_map))
 
 
 def SignFile(input_name, output_name, key, password, min_api_level=None,
diff --git a/tools/releasetools/merge/merge_dexopt.py b/tools/releasetools/merge/merge_dexopt.py
index 7bf9bd4b17..16182b5cbb 100644
--- a/tools/releasetools/merge/merge_dexopt.py
+++ b/tools/releasetools/merge/merge_dexopt.py
@@ -164,6 +164,10 @@ def MergeDexopt(temp_dir, output_target_files_dir):
           'deapexer',
           '--debugfs_path',
           'debugfs_static',
+          '--blkid_path',
+          'blkid',
+          '--fsckerofs_path',
+          'fsck.erofs',
           'extract',
           apex,
           apex_extract_dir,
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 6f96d8f6a6..09d0b10a42 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -99,14 +99,14 @@ Usage:  sign_target_files_apks [flags] input_target_files output_target_files
       The second dir will be used for lookup if BOARD_USES_RECOVERY_AS_BOOT is
       set to true.
 
-  --avb_{boot,recovery,system,system_other,vendor,dtbo,vbmeta,vbmeta_system,
-         vbmeta_vendor}_algorithm <algorithm>
-  --avb_{boot,recovery,system,system_other,vendor,dtbo,vbmeta,vbmeta_system,
-         vbmeta_vendor}_key <key>
+  --avb_{boot,init_boot,recovery,system,system_other,vendor,dtbo,vbmeta,
+         vbmeta_system,vbmeta_vendor}_algorithm <algorithm>
+  --avb_{boot,init_boot,recovery,system,system_other,vendor,dtbo,vbmeta,
+         vbmeta_system,vbmeta_vendor}_key <key>
       Use the specified algorithm (e.g. SHA256_RSA4096) and the key to AVB-sign
       the specified image. Otherwise it uses the existing values in info dict.
 
-  --avb_{apex,boot,recovery,system,system_other,vendor,dtbo,vbmeta,
+  --avb_{apex,init_boot,boot,recovery,system,system_other,vendor,dtbo,vbmeta,
          vbmeta_system,vbmeta_vendor}_extra_args <args>
       Specify any additional args that are needed to AVB-sign the image
       (e.g. "--signing_helper /path/to/helper"). The args will be appended to
@@ -1032,7 +1032,7 @@ def ReplaceVerityKeyId(input_zip, output_zip, key_path):
     keyid, stderr = p.communicate()
     assert p.returncode == 0, "Failed to dump certificate: {}".format(stderr)
     keyid = re.search(
-        r'keyid:([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower()
+            r'Authority Key Identifier:\s*(?:keyid:)?([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower()
     print("Replacing verity keyid with {}".format(keyid))
     out_buffer.append("veritykeyid=id:%s" % (keyid,))
 
@@ -1427,6 +1427,12 @@ def main(argv):
       OPTIONS.avb_algorithms['dtbo'] = a
     elif o == "--avb_dtbo_extra_args":
       OPTIONS.avb_extra_args['dtbo'] = a
+    elif o == "--avb_init_boot_key":
+      OPTIONS.avb_keys['init_boot'] = a
+    elif o == "--avb_init_boot_algorithm":
+      OPTIONS.avb_algorithms['init_boot'] = a
+    elif o == "--avb_init_boot_extra_args":
+      OPTIONS.avb_extra_args['init_boot'] = a
     elif o == "--avb_recovery_key":
       OPTIONS.avb_keys['recovery'] = a
     elif o == "--avb_recovery_algorithm":
@@ -1518,6 +1524,9 @@ def main(argv):
           "avb_dtbo_algorithm=",
           "avb_dtbo_key=",
           "avb_dtbo_extra_args=",
+          "avb_init_boot_algorithm=",
+          "avb_init_boot_key=",
+          "avb_init_boot_extra_args=",
           "avb_recovery_algorithm=",
           "avb_recovery_key=",
           "avb_recovery_extra_args=",