From 31bb5f4be2da789438a8377a4b653e63355c0422 Mon Sep 17 00:00:00 2001 From: Steve Berbary Date: Fri, 11 Nov 2022 18:08:33 +0000 Subject: Update Security String to 2023-01-01 Bug: 258811679 Change-Id: Ib180e17a864c5fea9801c43db7bbafc27dd1c5d1 Merged-In: Ib180e17a864c5fea9801c43db7bbafc27dd1c5d1 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 7cd0c586ec..75754ef9b2 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -250,7 +250,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2022-12-01 + PLATFORM_SECURITY_PATCH := 2023-01-01 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH -- cgit v1.2.3 From 26c214ebb80698fd65cb3b876d40f009773415ba Mon Sep 17 00:00:00 2001 From: Steve Berbary Date: Sat, 12 Nov 2022 01:19:29 +0000 Subject: Update Security String to 2023-01-01 Bug: 258811679 Change-Id: Ib180e17a864c5fea9801c43db7bbafc27dd1c5d1 Merged-In: Ib180e17a864c5fea9801c43db7bbafc27dd1c5d1 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 465d181613..de5f5bdc23 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2022-12-01 + PLATFORM_SECURITY_PATCH := 2023-01-01 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH -- cgit v1.2.3 From bee7473f301aac98bad893dd7ea0bea9e3e5510b Mon Sep 17 00:00:00 2001 From: Dennis Shen Date: Mon, 7 Nov 2022 21:37:06 +0000 Subject: Update deapexer call to explictly use blkid To support erofs apex extract via deapexer, we need blkid to tell the filesystem type of underlying payload image. If it is ext4, debugfs_static will be used, if it is erofs, then we should use fsck.erofs. Thus we now need explicit blkid input. Also, remove dependency on fsck.erofs for other deapexer calls. Only extract deapexer call needs blkid and fsck.erofs. BUG: b/255963179, b/240288941 Change-Id: I8cea0f2def664f9cabf8b14c9a7ecc47bbddfbdd (cherry picked from commit a8d1143beb13a9f3cbe802d626d7eb9b12fbdc5e) --- tools/releasetools/apex_utils.py | 26 ++++++++++---------------- tools/releasetools/merge/merge_dexopt.py | 4 ++++ 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py index fbe90abace..ea099149dc 100644 --- a/tools/releasetools/apex_utils.py +++ b/tools/releasetools/apex_utils.py @@ -65,6 +65,8 @@ class ApexApkSigner(object): OPTIONS.search_path, "bin", "debugfs_static") self.fsckerofs_path = os.path.join( OPTIONS.search_path, "bin", "fsck.erofs") + self.blkid_path = os.path.join( + OPTIONS.search_path, "bin", "blkid") self.avbtool = avbtool if avbtool else "avbtool" self.sign_tool = sign_tool @@ -82,13 +84,8 @@ class ApexApkSigner(object): "Couldn't find location of debugfs_static: " + "Path {} does not exist. ".format(self.debugfs_path) + "Make sure bin/debugfs_static can be found in -p ") - if not os.path.exists(self.fsckerofs_path): - raise ApexSigningError( - "Couldn't find location of fsck.erofs: " + - "Path {} does not exist. ".format(self.fsckerofs_path) + - "Make sure bin/fsck.erofs can be found in -p ") list_cmd = ['deapexer', '--debugfs_path', self.debugfs_path, - '--fsckerofs_path', self.fsckerofs_path, 'list', self.apex_path] + 'list', self.apex_path] entries_names = common.RunAndCheckOutput(list_cmd).split() apk_entries = [name for name in entries_names if name.endswith('.apk')] @@ -128,9 +125,15 @@ class ApexApkSigner(object): "Couldn't find location of fsck.erofs: " + "Path {} does not exist. ".format(self.fsckerofs_path) + "Make sure bin/fsck.erofs can be found in -p ") + if not os.path.exists(self.blkid_path): + raise ApexSigningError( + "Couldn't find location of blkid: " + + "Path {} does not exist. ".format(self.blkid_path) + + "Make sure bin/blkid can be found in -p ") payload_dir = common.MakeTempDir() extract_cmd = ['deapexer', '--debugfs_path', self.debugfs_path, - '--fsckerofs_path', self.fsckerofs_path, 'extract', + '--fsckerofs_path', self.fsckerofs_path, + '--blkid_path', self.blkid_path, 'extract', self.apex_path, payload_dir] common.RunAndCheckOutput(extract_cmd) @@ -430,7 +433,6 @@ def SignCompressedApex(avbtool, apex_file, payload_key, container_key, The path to the signed APEX file. """ debugfs_path = os.path.join(OPTIONS.search_path, 'bin', 'debugfs_static') - fsckerofs_path = os.path.join(OPTIONS.search_path, 'bin', 'fsck.erofs') # 1. Decompress original_apex inside compressed apex. original_apex_file = common.MakeTempFile(prefix='original-apex-', @@ -438,7 +440,6 @@ def SignCompressedApex(avbtool, apex_file, payload_key, container_key, # Decompression target path should not exist os.remove(original_apex_file) common.RunAndCheckOutput(['deapexer', '--debugfs_path', debugfs_path, - '--fsckerofs_path', fsckerofs_path, 'decompress', '--input', apex_file, '--output', original_apex_file]) @@ -502,9 +503,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw, output_fp.write(apex_data) debugfs_path = os.path.join(OPTIONS.search_path, 'bin', 'debugfs_static') - fsckerofs_path = os.path.join(OPTIONS.search_path, 'bin', 'fsck.erofs') cmd = ['deapexer', '--debugfs_path', debugfs_path, - '--fsckerofs_path', fsckerofs_path, 'info', '--print-type', apex_file] try: @@ -577,10 +576,6 @@ def GetApexInfoFromTargetFiles(input_file, partition, compressed_only=True): if OPTIONS.search_path: debugfs_path = os.path.join(OPTIONS.search_path, "bin", "debugfs_static") - fsckerofs_path = "fsck.erofs" - if OPTIONS.search_path: - fsckerofs_path = os.path.join(OPTIONS.search_path, "bin", "fsck.erofs") - deapexer = 'deapexer' if OPTIONS.search_path: deapexer_path = os.path.join(OPTIONS.search_path, "bin", "deapexer") @@ -601,7 +596,6 @@ def GetApexInfoFromTargetFiles(input_file, partition, compressed_only=True): # Check if the file is compressed or not apex_type = RunAndCheckOutput([ deapexer, "--debugfs_path", debugfs_path, - "--fsckerofs_path", fsckerofs_path, 'info', '--print-type', apex_filepath]).rstrip() if apex_type == 'COMPRESSED': apex_info.is_compressed = True diff --git a/tools/releasetools/merge/merge_dexopt.py b/tools/releasetools/merge/merge_dexopt.py index 7bf9bd4b17..16182b5cbb 100644 --- a/tools/releasetools/merge/merge_dexopt.py +++ b/tools/releasetools/merge/merge_dexopt.py @@ -164,6 +164,10 @@ def MergeDexopt(temp_dir, output_target_files_dir): 'deapexer', '--debugfs_path', 'debugfs_static', + '--blkid_path', + 'blkid', + '--fsckerofs_path', + 'fsck.erofs', 'extract', apex, apex_extract_dir, -- cgit v1.2.3 From 425f7d1cb3fc5c1adc740db546c5b18227ea3c82 Mon Sep 17 00:00:00 2001 From: Hongguang Chen Date: Mon, 7 Nov 2022 13:36:38 -0800 Subject: Support chained init_boot partition signing Bug: 256048561 Bug: 256237041 Test: sign_target_files_apks -d certs --avb_init_boot_algorithm \ SHA256_RSA4096 --avb_init_boot_key init_boot_rsa4096.pem \ xxx.zip signed.zip (Check signed.zip/META/misc_info.txt) Change-Id: I65fc7913089ae318d90df55a533d3e2ebd93b029 (cherry picked from commit 0d6b727e03efd49a77e864077a01837e993f600f) Merged-In: I65fc7913089ae318d90df55a533d3e2ebd93b029 (cherry picked from commit acf1b3afe28f03a4816575960c9e903293a80d76) --- tools/releasetools/sign_target_files_apks.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py index 6f96d8f6a6..837eaf9c1e 100755 --- a/tools/releasetools/sign_target_files_apks.py +++ b/tools/releasetools/sign_target_files_apks.py @@ -99,14 +99,14 @@ Usage: sign_target_files_apks [flags] input_target_files output_target_files The second dir will be used for lookup if BOARD_USES_RECOVERY_AS_BOOT is set to true. - --avb_{boot,recovery,system,system_other,vendor,dtbo,vbmeta,vbmeta_system, - vbmeta_vendor}_algorithm - --avb_{boot,recovery,system,system_other,vendor,dtbo,vbmeta,vbmeta_system, - vbmeta_vendor}_key + --avb_{boot,init_boot,recovery,system,system_other,vendor,dtbo,vbmeta, + vbmeta_system,vbmeta_vendor}_algorithm + --avb_{boot,init_boot,recovery,system,system_other,vendor,dtbo,vbmeta, + vbmeta_system,vbmeta_vendor}_key Use the specified algorithm (e.g. SHA256_RSA4096) and the key to AVB-sign the specified image. Otherwise it uses the existing values in info dict. - --avb_{apex,boot,recovery,system,system_other,vendor,dtbo,vbmeta, + --avb_{apex,init_boot,boot,recovery,system,system_other,vendor,dtbo,vbmeta, vbmeta_system,vbmeta_vendor}_extra_args Specify any additional args that are needed to AVB-sign the image (e.g. "--signing_helper /path/to/helper"). The args will be appended to @@ -1427,6 +1427,12 @@ def main(argv): OPTIONS.avb_algorithms['dtbo'] = a elif o == "--avb_dtbo_extra_args": OPTIONS.avb_extra_args['dtbo'] = a + elif o == "--avb_init_boot_key": + OPTIONS.avb_keys['init_boot'] = a + elif o == "--avb_init_boot_algorithm": + OPTIONS.avb_algorithms['init_boot'] = a + elif o == "--avb_init_boot_extra_args": + OPTIONS.avb_extra_args['init_boot'] = a elif o == "--avb_recovery_key": OPTIONS.avb_keys['recovery'] = a elif o == "--avb_recovery_algorithm": @@ -1518,6 +1524,9 @@ def main(argv): "avb_dtbo_algorithm=", "avb_dtbo_key=", "avb_dtbo_extra_args=", + "avb_init_boot_algorithm=", + "avb_init_boot_key=", + "avb_init_boot_extra_args=", "avb_recovery_algorithm=", "avb_recovery_key=", "avb_recovery_extra_args=", -- cgit v1.2.3 From b601ce96db0d09cc2085495e2e0ec17e4a04b388 Mon Sep 17 00:00:00 2001 From: Steve Berbary Date: Wed, 7 Dec 2022 19:21:38 +0000 Subject: Update Security String to 2023-02-01 Bug: 261738635 Change-Id: Ifcca8fadc558099b223a39e8b2f98bcb8db40c6f Merged-In: Ifcca8fadc558099b223a39e8b2f98bcb8db40c6f --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 75754ef9b2..3da8fb1a9d 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -250,7 +250,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-01-01 + PLATFORM_SECURITY_PATCH := 2023-02-01 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH -- cgit v1.2.3 From d0a709ffca1e54e4fdad728c962832c941e02afb Mon Sep 17 00:00:00 2001 From: Steve Berbary Date: Thu, 8 Dec 2022 18:37:43 +0000 Subject: Update Security String to 2023-02-01 Bug: 261738635 Change-Id: Ifcca8fadc558099b223a39e8b2f98bcb8db40c6f Merged-In: Ifcca8fadc558099b223a39e8b2f98bcb8db40c6f --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index de5f5bdc23..75de1976ca 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-01-01 + PLATFORM_SECURITY_PATCH := 2023-02-01 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH -- cgit v1.2.3 From e04a3f5a35e0ca6475d2a43aaa8b6204c5dd9358 Mon Sep 17 00:00:00 2001 From: Dennis Shen Date: Tue, 13 Dec 2022 13:42:47 +0000 Subject: switch to use blkid_static BUG: b/259003057, b/257933023 Change-Id: I967fc07a25d596aa40489df3f9636bfc94f0848d --- tools/releasetools/apex_utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py index ea099149dc..c3f7203b60 100644 --- a/tools/releasetools/apex_utils.py +++ b/tools/releasetools/apex_utils.py @@ -66,7 +66,7 @@ class ApexApkSigner(object): self.fsckerofs_path = os.path.join( OPTIONS.search_path, "bin", "fsck.erofs") self.blkid_path = os.path.join( - OPTIONS.search_path, "bin", "blkid") + OPTIONS.search_path, "bin", "blkid_static") self.avbtool = avbtool if avbtool else "avbtool" self.sign_tool = sign_tool -- cgit v1.2.3 From 9f0379bd60749b375865bd5875cd1c4e52742922 Mon Sep 17 00:00:00 2001 From: Kelvin Zhang Date: Thu, 22 Dec 2022 10:30:00 -0800 Subject: Fix VB 1.0 failure due to openssl output format change Openssl changed output format, the 'keyid:' prefix is removed, hence old regex is unable to extract key id. Bug: 262902909 Change-Id: Iea5b6fffed7c27855d87e35292f07a56686e4197 Merged-In: I446a0b16e482c43542a1c0e41b24e80eb9fbc8e6 Merged-In: Iea5b6fffed7c27855d87e35292f07a56686e4197 (cherry picked from commit b7d70a2cb114ecbe9c931d59d852f5ada771ab52) --- tools/releasetools/sign_target_files_apks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py index 837eaf9c1e..09d0b10a42 100755 --- a/tools/releasetools/sign_target_files_apks.py +++ b/tools/releasetools/sign_target_files_apks.py @@ -1032,7 +1032,7 @@ def ReplaceVerityKeyId(input_zip, output_zip, key_path): keyid, stderr = p.communicate() assert p.returncode == 0, "Failed to dump certificate: {}".format(stderr) keyid = re.search( - r'keyid:([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower() + r'Authority Key Identifier:\s*(?:keyid:)?([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower() print("Replacing verity keyid with {}".format(keyid)) out_buffer.append("veritykeyid=id:%s" % (keyid,)) -- cgit v1.2.3 From a7e7e0bbf59b51aa9358bf5cef903026ad056a01 Mon Sep 17 00:00:00 2001 From: Kelvin Zhang Date: Thu, 22 Dec 2022 10:30:00 -0800 Subject: Fix VB 1.0 failure due to openssl output format change Openssl changed output format, the 'keyid:' prefix is removed, hence old regex is unable to extract key id. Bug: 262902909 Change-Id: Iea5b6fffed7c27855d87e35292f07a56686e4197 Merged-In: Iea5b6fffed7c27855d87e35292f07a56686e4197 Merged-In: I446a0b16e482c43542a1c0e41b24e80eb9fbc8e6 (cherry picked from commit b7d70a2cb114ecbe9c931d59d852f5ada771ab52) --- tools/releasetools/sign_target_files_apks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py index 47360c9464..6b83a22f9f 100755 --- a/tools/releasetools/sign_target_files_apks.py +++ b/tools/releasetools/sign_target_files_apks.py @@ -924,7 +924,7 @@ def ReplaceVerityKeyId(input_zip, output_zip, key_path): keyid, stderr = p.communicate() assert p.returncode == 0, "Failed to dump certificate: {}".format(stderr) keyid = re.search( - r'keyid:([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower() + r'Authority Key Identifier:\s*(?:keyid:)?([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower() print("Replacing verity keyid with {}".format(keyid)) out_buffer.append("veritykeyid=id:%s" % (keyid,)) -- cgit v1.2.3 From 4904a802474098e945235571a0a7eb7b9707bf38 Mon Sep 17 00:00:00 2001 From: Steve Berbary Date: Fri, 13 Jan 2023 18:20:12 +0000 Subject: Update Security String to 2023-03-01 Bug: 265319238 Change-Id: Ie75a94addbd7fec66397f89baf6e3c18487c72fb Merged-In: Ie75a94addbd7fec66397f89baf6e3c18487c72fb --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 75de1976ca..7493f7f3bc 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-02-01 + PLATFORM_SECURITY_PATCH := 2023-03-01 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH -- cgit v1.2.3 From 663e449fbfdc939057005bdc835c5dd08dd15ee7 Mon Sep 17 00:00:00 2001 From: Steve Berbary Date: Fri, 13 Jan 2023 18:22:27 +0000 Subject: Update Security String to 2023-03-01 Bug: 265319238 Change-Id: Ie75a94addbd7fec66397f89baf6e3c18487c72fb Merged-In: Ie75a94addbd7fec66397f89baf6e3c18487c72fb --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 5537b6727e..70371e8a33 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-02-01 + PLATFORM_SECURITY_PATCH := 2023-03-01 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH -- cgit v1.2.3 From 3c1caa29b8cdbbb91858ecb236f40ebf042b403d Mon Sep 17 00:00:00 2001 From: Duy Truong Date: Wed, 11 Jan 2023 18:21:53 -0800 Subject: Include JDK with STS SDK like the other *TS suites. Bug: 238373261 Test: Build and run STS SDK sample Change-Id: I7378a555393e4194917083197829201320e595b4 --- core/tasks/sts-lite.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/tasks/sts-lite.mk b/core/tasks/sts-lite.mk index dee25d4802..65c65c3dc6 100644 --- a/core/tasks/sts-lite.mk +++ b/core/tasks/sts-lite.mk @@ -29,7 +29,8 @@ $(sts_sdk_zip): $(MERGE_ZIPS) $(ZIP2ZIP) $(compatibility_zip) $(sts_sdk_samples) $(ZIP2ZIP) -i $(STS_LITE_ZIP) -o $(STS_LITE_ZIP)_filtered \ -x android-sts-lite/tools/sts-tradefed-tests.jar \ 'android-sts-lite/tools/*:sts-test/libs/' \ - 'android-sts-lite/testcases/*:sts-test/utils/' + 'android-sts-lite/testcases/*:sts-test/utils/' \ + 'android-sts-lite/jdk/**/*:sts-test/jdk/' $(MERGE_ZIPS) $@ $(STS_LITE_ZIP)_filtered $(STS_SDK_SAMPLES) rm -f $(STS_LITE_ZIP)_filtered -- cgit v1.2.3 From 34ec5ba13e101aa8987853c02805336b2b2d884c Mon Sep 17 00:00:00 2001 From: Bassem Khalife Date: Wed, 20 Apr 2022 21:36:44 +0000 Subject: Add owners for version_defaults.mk Adding members of the RelPgM team to fast track monthly Security SPL update approval Bug: 219813826 Change-Id: I038e0c7aea6d1aefe5b847978838952fa653d11b (cherry picked from commit 5dc6b582bec256f9b19ea748f3013e53ad3a4f77) Merged-In: I038e0c7aea6d1aefe5b847978838952fa653d11b --- core/OWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/OWNERS b/core/OWNERS index 5456d4f064..0592a8e1c5 100644 --- a/core/OWNERS +++ b/core/OWNERS @@ -2,5 +2,5 @@ per-file dex_preopt*.mk = ngeoffray@google.com,calin@google.com,mathewi@google.c per-file verify_uses_libraries.sh = ngeoffray@google.com,calin@google.com,mathieuc@google.com # For version updates -per-file version_defaults.mk = aseaton@google.com,elisapascual@google.com,lubomir@google.com,pscovanner@google.com +per-file version_defaults.mk = aseaton@google.com,lubomir@google.com,pscovanner@google.com,bkhalife@google.com,jainne@google.com -- cgit v1.2.3 From ff6bc088a517b9bb4d57be27268c5d34db43ae86 Mon Sep 17 00:00:00 2001 From: Kun Niu Date: Fri, 16 Dec 2022 10:17:37 -0800 Subject: Set UNBUNDLED_BUILD_SDKS_FROM_SOURCE to true by default in module_common.mk if the branch is not using slim manifests. This makes sure that mainline modules build locally are using the build from source sdk. Bug: 262783668 Test: time m atest && time atest-dev CtsNetTestCasesLatestSdk[CaptivePortalLoginGoogle.apk+NetworkStackGoogle.apk+com.google.android.resolv.apex+com.google.android.tethering.apex] --verbose Change-Id: I37b94448a45b0b811ae1815ad8c46589c62e8542 (cherry picked from commit 40e6f9bdcabc6336657a1735cb036e9bfdefd45d) Merged-In: I37b94448a45b0b811ae1815ad8c46589c62e8542 --- target/product/module_common.mk | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/target/product/module_common.mk b/target/product/module_common.mk index 54f3949965..ec670ee4c9 100644 --- a/target/product/module_common.mk +++ b/target/product/module_common.mk @@ -25,3 +25,8 @@ PRODUCT_SHIPPING_API_LEVEL := 29 # Builds using a module product should build modules from source, even if # BRANCH_DEFAULT_MODULE_BUILD_FROM_SOURCE says otherwise. PRODUCT_MODULE_BUILD_FROM_SOURCE := true + +# Build sdk from source if the branch is not using slim manifests. +ifneq (,$(strip $(wildcard frameworks/base/Android.bp))) + UNBUNDLED_BUILD_SDKS_FROM_SOURCE := true +endif -- cgit v1.2.3 From a03f1265fba2756ae0d134cd7833ac7a32b8f8ea Mon Sep 17 00:00:00 2001 From: Paul Duffin Date: Wed, 1 Feb 2023 12:12:51 +0000 Subject: Support SHA minSdkVersion in APK in APEX Bug: 266903788 Test: rm -fr out/dist UNBUNDLED_BUILD_SDKS_FROM_SOURCE=true UNBUNDLED_BUILD_TARGET_SDK_WITH_API_FINGERPRINT=true TARGET_BUILD_APPS="com.google.android.rkpd" vendor/google/build/mainline_modules_bundles.sh # Without this change it fails, with this change it passes at # which point run the following. mkdir contents cd contents unzip ../out/dist/dev_keys_signed/com.google.android.rkpd/com.google.android.rkpd.apks deapexer extract standalones/standalone-x86.apex apex-contents aapt2 dump badging apex-contents/priv-app/rkpdapp.google@*/rkpdapp.google.apk | grep Version # The sdkVersion and targetSdkVersion should both be set to SHA # versions. Change-Id: I9ca54affd30f0a6cf561f1274b991d39e7cf1bce (cherry picked from commit 730d0c437a879bd23c80f82566bab8f8db2418ee) Merged-In: I9ca54affd30f0a6cf561f1274b991d39e7cf1bce --- tools/releasetools/common.py | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py index 418d8daa85..ec49b0d36f 100644 --- a/tools/releasetools/common.py +++ b/tools/releasetools/common.py @@ -2309,12 +2309,22 @@ def GetMinSdkVersionInt(apk_name, codename_to_api_level_map): try: return int(version) except ValueError: - # Not a decimal number. Codename? - if version in codename_to_api_level_map: - return codename_to_api_level_map[version] + # Not a decimal number. + # + # It could be either a straight codename, e.g. + # UpsideDownCake + # + # Or a codename with API fingerprint SHA, e.g. + # UpsideDownCake.e7d3947f14eb9dc4fec25ff6c5f8563e + # + # Extract the codename and try and map it to a version number. + split = version.split(".") + codename = split[0] + if codename in codename_to_api_level_map: + return codename_to_api_level_map[codename] raise ExternalError( - "Unknown minSdkVersion: '{}'. Known codenames: {}".format( - version, codename_to_api_level_map)) + "Unknown codename: '{}' from minSdkVersion: '{}'. Known codenames: {}".format( + codename, version, codename_to_api_level_map)) def SignFile(input_name, output_name, key, password, min_api_level=None, -- cgit v1.2.3 From baf6b726c429ad90b2785e061e710cf5cee0d2b2 Mon Sep 17 00:00:00 2001 From: Steve Berbary Date: Fri, 10 Feb 2023 03:23:54 +0000 Subject: Update Security String to 2023-04-01 Bug: 268558932 Change-Id: I5e3d5a90a927f9f4ddd6708c3bbadc89c8821075 Merged-In: I5e3d5a90a927f9f4ddd6708c3bbadc89c8821075 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 7493f7f3bc..8806df6120 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-03-01 + PLATFORM_SECURITY_PATCH := 2023-04-01 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH -- cgit v1.2.3 From 641c8e9c6b6fe864da23fc08c10420349e715a13 Mon Sep 17 00:00:00 2001 From: Steve Berbary Date: Fri, 10 Feb 2023 03:26:13 +0000 Subject: Update Security String to 2023-04-01 Bug: 268558932 Change-Id: I5e3d5a90a927f9f4ddd6708c3bbadc89c8821075 Merged-In: I5e3d5a90a927f9f4ddd6708c3bbadc89c8821075 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 70371e8a33..73ff4f56ec 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-03-01 + PLATFORM_SECURITY_PATCH := 2023-04-01 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH -- cgit v1.2.3 From b3b72e8910f123a0708752ed9d1dfb08dc57b966 Mon Sep 17 00:00:00 2001 From: Roberto Gil Date: Wed, 1 Mar 2023 11:08:13 +0000 Subject: Bump SDK Extension version to 6 This bump includes Adservices Bug: 271242945 Test: The build passes Ignore-AOSP-first: Finalization is not perform in AOSP Change-Id: I0a9b2f9329a176732f9567a5602e902958555304 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 649032b60f..3df3fb3663 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -78,7 +78,7 @@ endif .KATI_READONLY := PLATFORM_SDK_VERSION # This is the sdk extension version of this tree. -PLATFORM_SDK_EXTENSION_VERSION := 5 +PLATFORM_SDK_EXTENSION_VERSION := 6 .KATI_READONLY := PLATFORM_SDK_EXTENSION_VERSION # This is the sdk extension version that PLATFORM_SDK_VERSION ships with. -- cgit v1.2.3 From ca46df57839ffd4c602cc4692271d9658ffe904a Mon Sep 17 00:00:00 2001 From: Julien Desprez Date: Thu, 15 Dec 2022 18:56:49 -0800 Subject: Remove tradefed-no-fwk from suites Test: presubmit Ignore-AOSP-First: Cherry pick Bug: 262597958 Change-Id: I672533c475362f4438b5aefc108749be4cfc97df (cherry picked from commit 917acd67c736894551537c52f8eebc4ab8f96b95) --- core/tasks/tools/compatibility.mk | 1 - 1 file changed, 1 deletion(-) diff --git a/core/tasks/tools/compatibility.mk b/core/tasks/tools/compatibility.mk index 7d08a2f2e7..f640d7e3e0 100644 --- a/core/tasks/tools/compatibility.mk +++ b/core/tasks/tools/compatibility.mk @@ -30,7 +30,6 @@ test_suite_subdir := android-$(test_suite_name) out_dir := $(HOST_OUT)/$(test_suite_name)/$(test_suite_subdir) test_artifacts := $(COMPATIBILITY.$(test_suite_name).FILES) test_tools := $(HOST_OUT_JAVA_LIBRARIES)/tradefed.jar \ - $(HOST_OUT_JAVA_LIBRARIES)/tradefed-no-fwk.jar \ $(HOST_OUT_JAVA_LIBRARIES)/tradefed-test-framework.jar \ $(HOST_OUT_JAVA_LIBRARIES)/loganalysis.jar \ $(HOST_OUT_JAVA_LIBRARIES)/compatibility-host-util.jar \ -- cgit v1.2.3 From 2130534b73bcabf2e4c098dbbc91dfaedb57f1a1 Mon Sep 17 00:00:00 2001 From: Steve Berbary Date: Sat, 11 Mar 2023 02:50:43 +0000 Subject: Update Security String to 2023-05-01 Bug: 272844037 Change-Id: Ie855a8ad67670fbe18f509e1ae5a348889f5bcb9 Merged-In: Ie855a8ad67670fbe18f509e1ae5a348889f5bcb9 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 8806df6120..13226cdbd5 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-04-01 + PLATFORM_SECURITY_PATCH := 2023-05-01 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH -- cgit v1.2.3 From 6a3344db86ef487d7e714b76f51453da5f5c0b20 Mon Sep 17 00:00:00 2001 From: Steve Berbary Date: Sat, 11 Mar 2023 02:51:58 +0000 Subject: Update Security String to 2023-05-01 Bug: 272844037 Change-Id: Ie855a8ad67670fbe18f509e1ae5a348889f5bcb9 Merged-In: Ie855a8ad67670fbe18f509e1ae5a348889f5bcb9 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 73ff4f56ec..2118257e1a 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-04-01 + PLATFORM_SECURITY_PATCH := 2023-05-01 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH -- cgit v1.2.3 From 44f6963cb06706d854a155435eb52ffddb04ae4d Mon Sep 17 00:00:00 2001 From: Roberto Gil Del Sol Date: Mon, 13 Mar 2023 08:33:02 +0000 Subject: Revert "Bump SDK Extension version to 6" This reverts commit b3b72e8910f123a0708752ed9d1dfb08dc57b966. Reason for revert: Due to lack of testing extServices needs to deboard M-05 train and sdk finalization needs to be reverted Change-Id: I278a499b5c30f13617c134ce27a43a8ffa32e099 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 3df3fb3663..649032b60f 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -78,7 +78,7 @@ endif .KATI_READONLY := PLATFORM_SDK_VERSION # This is the sdk extension version of this tree. -PLATFORM_SDK_EXTENSION_VERSION := 6 +PLATFORM_SDK_EXTENSION_VERSION := 5 .KATI_READONLY := PLATFORM_SDK_EXTENSION_VERSION # This is the sdk extension version that PLATFORM_SDK_VERSION ships with. -- cgit v1.2.3 From b3300a79f60d3d9d1b228286a9554ad194632691 Mon Sep 17 00:00:00 2001 From: Roberto Gil Date: Tue, 4 Apr 2023 11:53:45 +0000 Subject: Bump SDK Extension version to 6 This bump includes Adservices, Extservices Bug: 276851559 Test: The build passes Ignore-AOSP-first: Finalization is not perform in AOSP Change-Id: I3b087f0d98212a62728d78b10e4c520ca6745cca --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index afdc61f40b..de01c3ac7e 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -78,7 +78,7 @@ endif .KATI_READONLY := PLATFORM_SDK_VERSION # This is the sdk extension version of this tree. -PLATFORM_SDK_EXTENSION_VERSION := 5 +PLATFORM_SDK_EXTENSION_VERSION := 6 .KATI_READONLY := PLATFORM_SDK_EXTENSION_VERSION # This is the sdk extension version that PLATFORM_SDK_VERSION ships with. -- cgit v1.2.3 From 8c6ca0a1e63093b4cbd8b4940ead2b535f73d1d9 Mon Sep 17 00:00:00 2001 From: Steve Berbary Date: Tue, 11 Apr 2023 01:58:13 +0000 Subject: Update Security String to 2023-06-01 Bug: 277078610 Change-Id: I4b2ea3956c34aa56cc6f54bab7148f116c34759e Merged-In: I4b2ea3956c34aa56cc6f54bab7148f116c34759e --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 13226cdbd5..b10856da66 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-05-01 + PLATFORM_SECURITY_PATCH := 2023-06-01 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH -- cgit v1.2.3 From 333b59fd7f93dc1e3d71d36a2ffa24523407f270 Mon Sep 17 00:00:00 2001 From: Steve Berbary Date: Tue, 11 Apr 2023 01:59:48 +0000 Subject: Update Security String to 2023-06-01 Bug: 277078610 Change-Id: I4b2ea3956c34aa56cc6f54bab7148f116c34759e Merged-In: I4b2ea3956c34aa56cc6f54bab7148f116c34759e --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 2118257e1a..cfedb3f0b7 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-05-01 + PLATFORM_SECURITY_PATCH := 2023-06-01 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH -- cgit v1.2.3