Loading core/Makefile +102 −47 Original line number Diff line number Diff line Loading @@ -599,8 +599,16 @@ $(APKCERTS_FILE): $(if $(PACKAGES.$(p).EXTERNAL_KEY),\ $(call _apkcerts_write_line,$(PACKAGES.$(p).STEM),EXTERNAL,,$(PACKAGES.$(p).COMPRESSED),$(PACKAGES.$(p).PARTITION),$@),\ $(call _apkcerts_write_line,$(PACKAGES.$(p).STEM),$(PACKAGES.$(p).CERTIFICATE),$(PACKAGES.$(p).PRIVATE_KEY),$(PACKAGES.$(p).COMPRESSED),$(PACKAGES.$(p).PARTITION),$@)))) $(if $(filter true,$(PRODUCT_SYSTEM_FSVERITY_GENERATE_METADATA)),\ $(call _apkcerts_write_line,$(notdir $(basename $(FSVERITY_APK_OUT))),$(FSVERITY_APK_KEY_PATH).x509.pem,$(FSVERITY_APK_KEY_PATH).pk8,,system,$@)) $(if $(filter true,$(PRODUCT_FSVERITY_GENERATE_METADATA)),\ $(call _apkcerts_write_line,BuildManifest,$(FSVERITY_APK_KEY_PATH).x509.pem,$(FSVERITY_APK_KEY_PATH).pk8,,system,$@) \ $(if $(filter true,$(BUILDING_SYSTEM_EXT_IMAGE)),\ $(call _apkcerts_write_line,BuildManifestSystemExt,$(FSVERITY_APK_KEY_PATH).x509.pem,$(FSVERITY_APK_KEY_PATH).pk8,,system_ext,$@)) \ $(if $(filter true,$(BUILDING_VENDOR_IMAGE)),\ $(call _apkcerts_write_line,BuildManifestVendor,$(FSVERITY_APK_KEY_PATH).x509.pem,$(FSVERITY_APK_KEY_PATH).pk8,,vendor,$@)) \ $(if $(filter true,$(BUILDING_ODM_IMAGE)),\ $(call _apkcerts_write_line,BuildManifestOdm,$(FSVERITY_APK_KEY_PATH).x509.pem,$(FSVERITY_APK_KEY_PATH).pk8,,odm,$@)) \ $(if $(filter true,$(BUILDING_PRODUCT_IMAGE)),\ $(call _apkcerts_write_line,BuildManifestProduct,$(FSVERITY_APK_KEY_PATH).x509.pem,$(FSVERITY_APK_KEY_PATH).pk8,,product,$@))) # In case value of PACKAGES is empty. $(hide) touch $@ Loading Loading @@ -2933,21 +2941,35 @@ $1 endef # ----------------------------------------------------------------- # system image # FSVerity metadata generation # Generate fsverity metadata files (.fsv_meta) and build manifest # (system/etc/security/fsverity/BuildManifest.apk) BEFORE filtering systemimage files below ifeq ($(PRODUCT_SYSTEM_FSVERITY_GENERATE_METADATA),true) # (<partition>/etc/security/fsverity/BuildManifest<suffix>.apk) BEFORE filtering systemimage, # vendorimage, odmimage, productimage files below. ifeq ($(PRODUCT_FSVERITY_GENERATE_METADATA),true) # Generate fsv_meta fsverity-metadata-targets := $(sort $(filter \ fsverity-metadata-targets-patterns := \ $(TARGET_OUT)/framework/% \ $(TARGET_OUT)/etc/boot-image.prof \ $(TARGET_OUT)/etc/dirty-image-objects \ $(TARGET_OUT)/etc/preloaded-classes \ $(TARGET_OUT)/etc/classpaths/%.pb, \ $(TARGET_OUT)/etc/classpaths/%.pb \ ifdef BUILDING_SYSTEM_EXT_IMAGE fsverity-metadata-targets-patterns += $(TARGET_OUT_SYSTEM_EXT)/framework/% endif ifdef BUILDING_VENDOR_IMAGE fsverity-metadata-targets-patterns += $(TARGET_OUT_VENDOR)/framework/% endif ifdef BUILDING_ODM_IMAGE fsverity-metadata-targets-patterns += $(TARGET_OUT_ODM)/framework/% endif ifdef BUILDING_PRODUCT_IMAGE fsverity-metadata-targets-patterns += $(TARGET_OUT_PRODUCT)/framework/% endif # Generate fsv_meta fsverity-metadata-targets := $(sort $(filter \ $(fsverity-metadata-targets-patterns), \ $(ALL_DEFAULT_INSTALLED_MODULES))) define fsverity-generate-metadata Loading @@ -2961,47 +2983,80 @@ endef $(foreach f,$(fsverity-metadata-targets),$(eval $(call fsverity-generate-metadata,$(f)))) ALL_DEFAULT_INSTALLED_MODULES += $(addsuffix .fsv_meta,$(fsverity-metadata-targets)) # Generate BuildManifest.apk FSVERITY_APK_KEY_PATH := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) FSVERITY_APK_OUT := $(TARGET_OUT)/etc/security/fsverity/BuildManifest.apk FSVERITY_APK_MANIFEST_PATH := system/security/fsverity/AndroidManifest.xml $(FSVERITY_APK_OUT): PRIVATE_FSVERITY := $(HOST_OUT_EXECUTABLES)/fsverity $(FSVERITY_APK_OUT): PRIVATE_AAPT2 := $(HOST_OUT_EXECUTABLES)/aapt2 $(FSVERITY_APK_OUT): PRIVATE_MIN_SDK_VERSION := $(DEFAULT_APP_TARGET_SDK) $(FSVERITY_APK_OUT): PRIVATE_VERSION_CODE := $(PLATFORM_SDK_VERSION) $(FSVERITY_APK_OUT): PRIVATE_VERSION_NAME := $(APPS_DEFAULT_VERSION_NAME) $(FSVERITY_APK_OUT): PRIVATE_APKSIGNER := $(HOST_OUT_EXECUTABLES)/apksigner $(FSVERITY_APK_OUT): PRIVATE_MANIFEST := $(FSVERITY_APK_MANIFEST_PATH) $(FSVERITY_APK_OUT): PRIVATE_FRAMEWORK_RES := $(call intermediates-dir-for,APPS,framework-res,,COMMON)/package-export.apk $(FSVERITY_APK_OUT): PRIVATE_KEY := $(FSVERITY_APK_KEY_PATH) $(FSVERITY_APK_OUT): PRIVATE_INPUTS := $(fsverity-metadata-targets) $(FSVERITY_APK_OUT): PRIVATE_ASSETS := $(call intermediates-dir-for,ETC,build_manifest)/assets $(FSVERITY_APK_OUT): $(HOST_OUT_EXECUTABLES)/fsverity_manifest_generator \ FSVERITY_APK_MANIFEST_TEMPLATE_PATH := system/security/fsverity/AndroidManifest.xml # Generate and install BuildManifest<suffix>.apk for the given partition # $(1): path of the output APK # $(2): partition name define fsverity-generate-and-install-manifest-apk fsverity-metadata-targets-$(2) := $(filter $(PRODUCT_OUT)/$(2)/%,\ $(fsverity-metadata-targets)) $(1): PRIVATE_FSVERITY := $(HOST_OUT_EXECUTABLES)/fsverity $(1): PRIVATE_AAPT2 := $(HOST_OUT_EXECUTABLES)/aapt2 $(1): PRIVATE_MIN_SDK_VERSION := $(DEFAULT_APP_TARGET_SDK) $(1): PRIVATE_VERSION_CODE := $(PLATFORM_SDK_VERSION) $(1): PRIVATE_VERSION_NAME := $(APPS_DEFAULT_VERSION_NAME) $(1): PRIVATE_APKSIGNER := $(HOST_OUT_EXECUTABLES)/apksigner $(1): PRIVATE_MANIFEST := $(FSVERITY_APK_MANIFEST_TEMPLATE_PATH) $(1): PRIVATE_FRAMEWORK_RES := $(call intermediates-dir-for,APPS,framework-res,,COMMON)/package-export.apk $(1): PRIVATE_KEY := $(FSVERITY_APK_KEY_PATH) $(1): PRIVATE_INPUTS := $$(fsverity-metadata-targets-$(2)) $(1): PRIVATE_ASSETS := $(call intermediates-dir-for,ETC,build_manifest-$(2))/assets $(1): $(HOST_OUT_EXECUTABLES)/fsverity_manifest_generator \ $(HOST_OUT_EXECUTABLES)/fsverity $(HOST_OUT_EXECUTABLES)/aapt2 \ $(HOST_OUT_EXECUTABLES)/apksigner $(FSVERITY_APK_MANIFEST_PATH) \ $(HOST_OUT_EXECUTABLES)/apksigner $(FSVERITY_APK_MANIFEST_TEMPLATE_PATH) \ $(FSVERITY_APK_KEY_PATH).x509.pem $(FSVERITY_APK_KEY_PATH).pk8 \ $(call intermediates-dir-for,APPS,framework-res,,COMMON)/package-export.apk \ $(fsverity-metadata-targets) rm -rf $(PRIVATE_ASSETS) mkdir -p $(PRIVATE_ASSETS) $< --fsverity-path $(PRIVATE_FSVERITY) \ --base-dir $(PRODUCT_OUT) \ --output $(PRIVATE_ASSETS)/build_manifest.pb \ $(PRIVATE_INPUTS) $(PRIVATE_AAPT2) link -o $@ \ -A $(PRIVATE_ASSETS) \ -I $(PRIVATE_FRAMEWORK_RES) \ --min-sdk-version $(PRIVATE_MIN_SDK_VERSION) \ --version-code $(PRIVATE_VERSION_CODE) \ --version-name $(PRIVATE_VERSION_NAME) \ --manifest $(PRIVATE_MANIFEST) $(PRIVATE_APKSIGNER) sign --in $@ \ --cert $(PRIVATE_KEY).x509.pem \ --key $(PRIVATE_KEY).pk8 ALL_DEFAULT_INSTALLED_MODULES += $(FSVERITY_APK_OUT) endif # PRODUCT_SYSTEM_FSVERITY_GENERATE_METADATA $$(fsverity-metadata-targets-$(2)) rm -rf $$(PRIVATE_ASSETS) mkdir -p $$(PRIVATE_ASSETS) ifdef fsverity-metadata-targets-$(2) $$< --fsverity-path $$(PRIVATE_FSVERITY) \ --base-dir $$(PRODUCT_OUT) \ --output $$(PRIVATE_ASSETS)/build_manifest.pb \ $$(PRIVATE_INPUTS) endif # fsverity-metadata-targets-$(2) $$(PRIVATE_AAPT2) link -o $$@ \ -A $$(PRIVATE_ASSETS) \ -I $$(PRIVATE_FRAMEWORK_RES) \ --min-sdk-version $$(PRIVATE_MIN_SDK_VERSION) \ --version-code $$(PRIVATE_VERSION_CODE) \ --version-name $$(PRIVATE_VERSION_NAME) \ --manifest $$(PRIVATE_MANIFEST) \ --rename-manifest-package com.android.security.fsverity_metadata.$(2) $$(PRIVATE_APKSIGNER) sign --in $$@ \ --cert $$(PRIVATE_KEY).x509.pem \ --key $$(PRIVATE_KEY).pk8 ALL_DEFAULT_INSTALLED_MODULES += $(1) endef # fsverity-generate-and-install-manifest-apk $(eval $(call fsverity-generate-and-install-manifest-apk, \ $(TARGET_OUT)/etc/security/fsverity/BuildManifest.apk,system)) ifdef BUILDING_SYSTEM_EXT_IMAGE $(eval $(call fsverity-generate-and-install-manifest-apk, \ $(TARGET_OUT_SYSTEM_EXT)/etc/security/fsverity/BuildManifestSystemExt.apk,system_ext)) endif ifdef BUILDING_VENDOR_IMAGE $(eval $(call fsverity-generate-and-install-manifest-apk, \ $(TARGET_OUT_VENDOR)/etc/security/fsverity/BuildManifestVendor.apk,vendor)) endif ifdef BUILDING_ODM_IMAGE $(eval $(call fsverity-generate-and-install-manifest-apk, \ $(TARGET_OUT_ODM)/etc/security/fsverity/BuildManifestOdm.apk,odm)) endif ifdef BUILDING_PRODUCT_IMAGE $(eval $(call fsverity-generate-and-install-manifest-apk, \ $(TARGET_OUT_PRODUCT)/etc/security/fsverity/BuildManifestProduct.apk,product)) endif endif # PRODUCT_FSVERITY_GENERATE_METADATA # ----------------------------------------------------------------- # system image INSTALLED_FILES_OUTSIDE_IMAGES := $(filter-out $(TARGET_OUT)/%, $(INSTALLED_FILES_OUTSIDE_IMAGES)) INTERNAL_SYSTEMIMAGE_FILES := $(sort $(filter $(TARGET_OUT)/%, \ Loading core/product.mk +6 −9 Original line number Diff line number Diff line Loading @@ -356,15 +356,12 @@ _product_single_value_vars += PRODUCT_INSTALL_EXTRA_FLATTENED_APEXES # This option is only meant to be set by compliance GSI targets. _product_single_value_vars += PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT # If set, metadata files for the following artifacts will be generated. # - system/framework/*.jar # - system/framework/oat/<arch>/*.{oat,vdex,art} # - system/etc/boot-image.prof # - system/etc/dirty-image-objects # One fsverity metadata container file per one input file will be generated in # system.img, with a suffix ".fsv_meta". e.g. a container file for # "/system/framework/foo.jar" will be "system/framework/foo.jar.fsv_meta". _product_single_value_vars += PRODUCT_SYSTEM_FSVERITY_GENERATE_METADATA # If set, fsverity metadata files will be generated for each files in the # allowlist, plus an manifest APK per partition. For example, # /system/framework/service.jar will come with service.jar.fsv_meta in the same # directory; the file information will also be included in # /system/etc/security/fsverity/BuildManifest.apk _product_single_value_vars += PRODUCT_FSVERITY_GENERATE_METADATA # If true, sets the default for MODULE_BUILD_FROM_SOURCE. This overrides # BRANCH_DEFAULT_MODULE_BUILD_FROM_SOURCE but not an explicitly set value. Loading Loading
core/Makefile +102 −47 Original line number Diff line number Diff line Loading @@ -599,8 +599,16 @@ $(APKCERTS_FILE): $(if $(PACKAGES.$(p).EXTERNAL_KEY),\ $(call _apkcerts_write_line,$(PACKAGES.$(p).STEM),EXTERNAL,,$(PACKAGES.$(p).COMPRESSED),$(PACKAGES.$(p).PARTITION),$@),\ $(call _apkcerts_write_line,$(PACKAGES.$(p).STEM),$(PACKAGES.$(p).CERTIFICATE),$(PACKAGES.$(p).PRIVATE_KEY),$(PACKAGES.$(p).COMPRESSED),$(PACKAGES.$(p).PARTITION),$@)))) $(if $(filter true,$(PRODUCT_SYSTEM_FSVERITY_GENERATE_METADATA)),\ $(call _apkcerts_write_line,$(notdir $(basename $(FSVERITY_APK_OUT))),$(FSVERITY_APK_KEY_PATH).x509.pem,$(FSVERITY_APK_KEY_PATH).pk8,,system,$@)) $(if $(filter true,$(PRODUCT_FSVERITY_GENERATE_METADATA)),\ $(call _apkcerts_write_line,BuildManifest,$(FSVERITY_APK_KEY_PATH).x509.pem,$(FSVERITY_APK_KEY_PATH).pk8,,system,$@) \ $(if $(filter true,$(BUILDING_SYSTEM_EXT_IMAGE)),\ $(call _apkcerts_write_line,BuildManifestSystemExt,$(FSVERITY_APK_KEY_PATH).x509.pem,$(FSVERITY_APK_KEY_PATH).pk8,,system_ext,$@)) \ $(if $(filter true,$(BUILDING_VENDOR_IMAGE)),\ $(call _apkcerts_write_line,BuildManifestVendor,$(FSVERITY_APK_KEY_PATH).x509.pem,$(FSVERITY_APK_KEY_PATH).pk8,,vendor,$@)) \ $(if $(filter true,$(BUILDING_ODM_IMAGE)),\ $(call _apkcerts_write_line,BuildManifestOdm,$(FSVERITY_APK_KEY_PATH).x509.pem,$(FSVERITY_APK_KEY_PATH).pk8,,odm,$@)) \ $(if $(filter true,$(BUILDING_PRODUCT_IMAGE)),\ $(call _apkcerts_write_line,BuildManifestProduct,$(FSVERITY_APK_KEY_PATH).x509.pem,$(FSVERITY_APK_KEY_PATH).pk8,,product,$@))) # In case value of PACKAGES is empty. $(hide) touch $@ Loading Loading @@ -2933,21 +2941,35 @@ $1 endef # ----------------------------------------------------------------- # system image # FSVerity metadata generation # Generate fsverity metadata files (.fsv_meta) and build manifest # (system/etc/security/fsverity/BuildManifest.apk) BEFORE filtering systemimage files below ifeq ($(PRODUCT_SYSTEM_FSVERITY_GENERATE_METADATA),true) # (<partition>/etc/security/fsverity/BuildManifest<suffix>.apk) BEFORE filtering systemimage, # vendorimage, odmimage, productimage files below. ifeq ($(PRODUCT_FSVERITY_GENERATE_METADATA),true) # Generate fsv_meta fsverity-metadata-targets := $(sort $(filter \ fsverity-metadata-targets-patterns := \ $(TARGET_OUT)/framework/% \ $(TARGET_OUT)/etc/boot-image.prof \ $(TARGET_OUT)/etc/dirty-image-objects \ $(TARGET_OUT)/etc/preloaded-classes \ $(TARGET_OUT)/etc/classpaths/%.pb, \ $(TARGET_OUT)/etc/classpaths/%.pb \ ifdef BUILDING_SYSTEM_EXT_IMAGE fsverity-metadata-targets-patterns += $(TARGET_OUT_SYSTEM_EXT)/framework/% endif ifdef BUILDING_VENDOR_IMAGE fsverity-metadata-targets-patterns += $(TARGET_OUT_VENDOR)/framework/% endif ifdef BUILDING_ODM_IMAGE fsverity-metadata-targets-patterns += $(TARGET_OUT_ODM)/framework/% endif ifdef BUILDING_PRODUCT_IMAGE fsverity-metadata-targets-patterns += $(TARGET_OUT_PRODUCT)/framework/% endif # Generate fsv_meta fsverity-metadata-targets := $(sort $(filter \ $(fsverity-metadata-targets-patterns), \ $(ALL_DEFAULT_INSTALLED_MODULES))) define fsverity-generate-metadata Loading @@ -2961,47 +2983,80 @@ endef $(foreach f,$(fsverity-metadata-targets),$(eval $(call fsverity-generate-metadata,$(f)))) ALL_DEFAULT_INSTALLED_MODULES += $(addsuffix .fsv_meta,$(fsverity-metadata-targets)) # Generate BuildManifest.apk FSVERITY_APK_KEY_PATH := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) FSVERITY_APK_OUT := $(TARGET_OUT)/etc/security/fsverity/BuildManifest.apk FSVERITY_APK_MANIFEST_PATH := system/security/fsverity/AndroidManifest.xml $(FSVERITY_APK_OUT): PRIVATE_FSVERITY := $(HOST_OUT_EXECUTABLES)/fsverity $(FSVERITY_APK_OUT): PRIVATE_AAPT2 := $(HOST_OUT_EXECUTABLES)/aapt2 $(FSVERITY_APK_OUT): PRIVATE_MIN_SDK_VERSION := $(DEFAULT_APP_TARGET_SDK) $(FSVERITY_APK_OUT): PRIVATE_VERSION_CODE := $(PLATFORM_SDK_VERSION) $(FSVERITY_APK_OUT): PRIVATE_VERSION_NAME := $(APPS_DEFAULT_VERSION_NAME) $(FSVERITY_APK_OUT): PRIVATE_APKSIGNER := $(HOST_OUT_EXECUTABLES)/apksigner $(FSVERITY_APK_OUT): PRIVATE_MANIFEST := $(FSVERITY_APK_MANIFEST_PATH) $(FSVERITY_APK_OUT): PRIVATE_FRAMEWORK_RES := $(call intermediates-dir-for,APPS,framework-res,,COMMON)/package-export.apk $(FSVERITY_APK_OUT): PRIVATE_KEY := $(FSVERITY_APK_KEY_PATH) $(FSVERITY_APK_OUT): PRIVATE_INPUTS := $(fsverity-metadata-targets) $(FSVERITY_APK_OUT): PRIVATE_ASSETS := $(call intermediates-dir-for,ETC,build_manifest)/assets $(FSVERITY_APK_OUT): $(HOST_OUT_EXECUTABLES)/fsverity_manifest_generator \ FSVERITY_APK_MANIFEST_TEMPLATE_PATH := system/security/fsverity/AndroidManifest.xml # Generate and install BuildManifest<suffix>.apk for the given partition # $(1): path of the output APK # $(2): partition name define fsverity-generate-and-install-manifest-apk fsverity-metadata-targets-$(2) := $(filter $(PRODUCT_OUT)/$(2)/%,\ $(fsverity-metadata-targets)) $(1): PRIVATE_FSVERITY := $(HOST_OUT_EXECUTABLES)/fsverity $(1): PRIVATE_AAPT2 := $(HOST_OUT_EXECUTABLES)/aapt2 $(1): PRIVATE_MIN_SDK_VERSION := $(DEFAULT_APP_TARGET_SDK) $(1): PRIVATE_VERSION_CODE := $(PLATFORM_SDK_VERSION) $(1): PRIVATE_VERSION_NAME := $(APPS_DEFAULT_VERSION_NAME) $(1): PRIVATE_APKSIGNER := $(HOST_OUT_EXECUTABLES)/apksigner $(1): PRIVATE_MANIFEST := $(FSVERITY_APK_MANIFEST_TEMPLATE_PATH) $(1): PRIVATE_FRAMEWORK_RES := $(call intermediates-dir-for,APPS,framework-res,,COMMON)/package-export.apk $(1): PRIVATE_KEY := $(FSVERITY_APK_KEY_PATH) $(1): PRIVATE_INPUTS := $$(fsverity-metadata-targets-$(2)) $(1): PRIVATE_ASSETS := $(call intermediates-dir-for,ETC,build_manifest-$(2))/assets $(1): $(HOST_OUT_EXECUTABLES)/fsverity_manifest_generator \ $(HOST_OUT_EXECUTABLES)/fsverity $(HOST_OUT_EXECUTABLES)/aapt2 \ $(HOST_OUT_EXECUTABLES)/apksigner $(FSVERITY_APK_MANIFEST_PATH) \ $(HOST_OUT_EXECUTABLES)/apksigner $(FSVERITY_APK_MANIFEST_TEMPLATE_PATH) \ $(FSVERITY_APK_KEY_PATH).x509.pem $(FSVERITY_APK_KEY_PATH).pk8 \ $(call intermediates-dir-for,APPS,framework-res,,COMMON)/package-export.apk \ $(fsverity-metadata-targets) rm -rf $(PRIVATE_ASSETS) mkdir -p $(PRIVATE_ASSETS) $< --fsverity-path $(PRIVATE_FSVERITY) \ --base-dir $(PRODUCT_OUT) \ --output $(PRIVATE_ASSETS)/build_manifest.pb \ $(PRIVATE_INPUTS) $(PRIVATE_AAPT2) link -o $@ \ -A $(PRIVATE_ASSETS) \ -I $(PRIVATE_FRAMEWORK_RES) \ --min-sdk-version $(PRIVATE_MIN_SDK_VERSION) \ --version-code $(PRIVATE_VERSION_CODE) \ --version-name $(PRIVATE_VERSION_NAME) \ --manifest $(PRIVATE_MANIFEST) $(PRIVATE_APKSIGNER) sign --in $@ \ --cert $(PRIVATE_KEY).x509.pem \ --key $(PRIVATE_KEY).pk8 ALL_DEFAULT_INSTALLED_MODULES += $(FSVERITY_APK_OUT) endif # PRODUCT_SYSTEM_FSVERITY_GENERATE_METADATA $$(fsverity-metadata-targets-$(2)) rm -rf $$(PRIVATE_ASSETS) mkdir -p $$(PRIVATE_ASSETS) ifdef fsverity-metadata-targets-$(2) $$< --fsverity-path $$(PRIVATE_FSVERITY) \ --base-dir $$(PRODUCT_OUT) \ --output $$(PRIVATE_ASSETS)/build_manifest.pb \ $$(PRIVATE_INPUTS) endif # fsverity-metadata-targets-$(2) $$(PRIVATE_AAPT2) link -o $$@ \ -A $$(PRIVATE_ASSETS) \ -I $$(PRIVATE_FRAMEWORK_RES) \ --min-sdk-version $$(PRIVATE_MIN_SDK_VERSION) \ --version-code $$(PRIVATE_VERSION_CODE) \ --version-name $$(PRIVATE_VERSION_NAME) \ --manifest $$(PRIVATE_MANIFEST) \ --rename-manifest-package com.android.security.fsverity_metadata.$(2) $$(PRIVATE_APKSIGNER) sign --in $$@ \ --cert $$(PRIVATE_KEY).x509.pem \ --key $$(PRIVATE_KEY).pk8 ALL_DEFAULT_INSTALLED_MODULES += $(1) endef # fsverity-generate-and-install-manifest-apk $(eval $(call fsverity-generate-and-install-manifest-apk, \ $(TARGET_OUT)/etc/security/fsverity/BuildManifest.apk,system)) ifdef BUILDING_SYSTEM_EXT_IMAGE $(eval $(call fsverity-generate-and-install-manifest-apk, \ $(TARGET_OUT_SYSTEM_EXT)/etc/security/fsverity/BuildManifestSystemExt.apk,system_ext)) endif ifdef BUILDING_VENDOR_IMAGE $(eval $(call fsverity-generate-and-install-manifest-apk, \ $(TARGET_OUT_VENDOR)/etc/security/fsverity/BuildManifestVendor.apk,vendor)) endif ifdef BUILDING_ODM_IMAGE $(eval $(call fsverity-generate-and-install-manifest-apk, \ $(TARGET_OUT_ODM)/etc/security/fsverity/BuildManifestOdm.apk,odm)) endif ifdef BUILDING_PRODUCT_IMAGE $(eval $(call fsverity-generate-and-install-manifest-apk, \ $(TARGET_OUT_PRODUCT)/etc/security/fsverity/BuildManifestProduct.apk,product)) endif endif # PRODUCT_FSVERITY_GENERATE_METADATA # ----------------------------------------------------------------- # system image INSTALLED_FILES_OUTSIDE_IMAGES := $(filter-out $(TARGET_OUT)/%, $(INSTALLED_FILES_OUTSIDE_IMAGES)) INTERNAL_SYSTEMIMAGE_FILES := $(sort $(filter $(TARGET_OUT)/%, \ Loading
core/product.mk +6 −9 Original line number Diff line number Diff line Loading @@ -356,15 +356,12 @@ _product_single_value_vars += PRODUCT_INSTALL_EXTRA_FLATTENED_APEXES # This option is only meant to be set by compliance GSI targets. _product_single_value_vars += PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT # If set, metadata files for the following artifacts will be generated. # - system/framework/*.jar # - system/framework/oat/<arch>/*.{oat,vdex,art} # - system/etc/boot-image.prof # - system/etc/dirty-image-objects # One fsverity metadata container file per one input file will be generated in # system.img, with a suffix ".fsv_meta". e.g. a container file for # "/system/framework/foo.jar" will be "system/framework/foo.jar.fsv_meta". _product_single_value_vars += PRODUCT_SYSTEM_FSVERITY_GENERATE_METADATA # If set, fsverity metadata files will be generated for each files in the # allowlist, plus an manifest APK per partition. For example, # /system/framework/service.jar will come with service.jar.fsv_meta in the same # directory; the file information will also be included in # /system/etc/security/fsverity/BuildManifest.apk _product_single_value_vars += PRODUCT_FSVERITY_GENERATE_METADATA # If true, sets the default for MODULE_BUILD_FROM_SOURCE. This overrides # BRANCH_DEFAULT_MODULE_BUILD_FROM_SOURCE but not an explicitly set value. Loading
