Merge changes Ifbcde7da,Icee659ff,I267da2d5

INTERNAL_BOOTIMAGE_FILES := $(filter-out --%,$(INTERNAL_BOOTIMAGE_ARGS))

ifeq ($(PRODUCT_SUPPORTS_VERITY),true)

ifeq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true)

VERITY_KEYID := veritykeyid=id:`openssl x509 -in $(PRODUCT_VERITY_SIGNING_KEY).x509.pem -text \

                | grep keyid | sed 's/://g' | tr -d '[:space:]' | tr '[:upper:]' '[:lower:]' | sed 's/keyid//g'`

endif

endif

INTERNAL_KERNEL_CMDLINE := $(strip $(INTERNAL_KERNEL_CMDLINE) buildvariant=$(TARGET_BUILD_VARIANT) $(VERITY_KEYID))

# TODO(b/241346584) Remove this when BOARD_BUILD_SYSTEM_ROOT_IMAGE is deprecated

INTERNAL_KERNEL_CMDLINE := $(strip $(INTERNAL_KERNEL_CMDLINE) buildvariant=$(TARGET_BUILD_VARIANT))

# kernel cmdline/base/pagesize in boot.

# - If using GKI, use GENERIC_KERNEL_CMDLINE. Remove kernel base and pagesize because they are

	@echo "make $@: ignoring dependencies"

	$(foreach b,$(INSTALLED_BOOTIMAGE_TARGET),$(call build_boot_board_avb_enabled,$(b)))

else ifeq (true,$(PRODUCT_SUPPORTS_BOOT_SIGNER)) # BOARD_AVB_ENABLE != true

# $1: boot image target

define build_boot_supports_boot_signer

  $(MKBOOTIMG) --kernel $(call bootimage-to-kernel,$(1)) $(INTERNAL_BOOTIMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $(1)

  $(BOOT_SIGNER) /boot $@ $(PRODUCT_VERITY_SIGNING_KEY).pk8 $(PRODUCT_VERITY_SIGNING_KEY).x509.pem $(1)

  $(call assert-max-image-size,$(1),$(call get-bootimage-partition-size,$(1),boot))

endef

$(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(INTERNAL_BOOTIMAGE_FILES) $(BOOT_SIGNER)

	$(call pretty,"Target boot image: $@")

	$(call build_boot_supports_boot_signer,$@)

$(call declare-1p-container,$(INSTALLED_BOOTIMAGE_TARGET),)

$(call declare-container-license-deps,$(INSTALLED_BOOTIMAGE_TARGET),$(INTERNAL_BOOTIMAGE_FILES),$(PRODUCT_OUT)/:/)

UNMOUNTED_NOTICE_DEPS += $(INSTALLED_BOOTIMAGE_TARGET)

.PHONY: bootimage-nodeps

bootimage-nodeps: $(MKBOOTIMG) $(BOOT_SIGNER)

	@echo "make $@: ignoring dependencies"

	$(foreach b,$(INSTALLED_BOOTIMAGE_TARGET),$(call build_boot_supports_boot_signer,$(b)))

else ifeq (true,$(PRODUCT_SUPPORTS_VBOOT)) # PRODUCT_SUPPORTS_BOOT_SIGNER != true

else ifeq (true,$(PRODUCT_SUPPORTS_VBOOT)) # BOARD_AVB_ENABLE != true

# $1: boot image target

define build_boot_supports_vboot

INSTALLED_FILES_OUTSIDE_IMAGES := $(filter-out $(TARGET_VENDOR_RAMDISK_OUT)/%, $(INSTALLED_FILES_OUTSIDE_IMAGES))

ifeq ($(BUILDING_VENDOR_BOOT_IMAGE),true)

ifeq ($(PRODUCT_SUPPORTS_VERITY),true)

  $(error vboot 1.0 does not support vendor_boot partition)

endif

INTERNAL_VENDOR_RAMDISK_FILES := $(filter $(TARGET_VENDOR_RAMDISK_OUT)/%, \

    $(ALL_DEFAULT_INSTALLED_MODULES))

INTERNAL_USERIMAGES_DEPS += $(MKSQUASHFSUSERIMG)

endif

ifeq (true,$(PRODUCT_SUPPORTS_VERITY))

INTERNAL_USERIMAGES_DEPS += $(BUILD_VERITY_METADATA) $(BUILD_VERITY_TREE) $(APPEND2SIMG) $(VERITY_SIGNER)

ifeq (true,$(PRODUCT_SUPPORTS_VERITY_FEC))

INTERNAL_USERIMAGES_DEPS += $(FEC)

endif

endif

ifeq ($(BOARD_AVB_ENABLE),true)

INTERNAL_USERIMAGES_DEPS += $(AVBTOOL)

endif

INTERNAL_USERIMAGES_DEPS += $(SELINUX_FC)

ifeq (true,$(PRODUCT_USE_DYNAMIC_PARTITIONS))

ifeq ($(PRODUCT_SUPPORTS_VERITY),true)

  $(error vboot 1.0 doesn't support logical partition)

endif

endif # PRODUCT_USE_DYNAMIC_PARTITIONS

# $(1) the partition name (eg system)

# $(2) the image prop file

define add-common-flags-to-image-props

$(if $(BOARD_EXT4_SHARE_DUP_BLOCKS),$(hide) echo "ext4_share_dup_blocks=$(BOARD_EXT4_SHARE_DUP_BLOCKS)" >> $(1))

$(if $(BOARD_FLASH_LOGICAL_BLOCK_SIZE), $(hide) echo "flash_logical_block_size=$(BOARD_FLASH_LOGICAL_BLOCK_SIZE)" >> $(1))

$(if $(BOARD_FLASH_ERASE_BLOCK_SIZE), $(hide) echo "flash_erase_block_size=$(BOARD_FLASH_ERASE_BLOCK_SIZE)" >> $(1))

$(if $(PRODUCT_SUPPORTS_BOOT_SIGNER),$(hide) echo "boot_signer=$(PRODUCT_SUPPORTS_BOOT_SIGNER)" >> $(1))

$(if $(PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity=$(PRODUCT_SUPPORTS_VERITY)" >> $(1))

$(if $(PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_key=$(PRODUCT_VERITY_SIGNING_KEY)" >> $(1))

$(if $(PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_signer_cmd=$(notdir $(VERITY_SIGNER))" >> $(1))

$(if $(PRODUCT_SUPPORTS_VERITY_FEC),$(hide) echo "verity_fec=$(PRODUCT_SUPPORTS_VERITY_FEC)" >> $(1))

$(if $(filter eng, $(TARGET_BUILD_VARIANT)),$(hide) echo "verity_disable=true" >> $(1))

$(if $(PRODUCT_SYSTEM_VERITY_PARTITION),$(hide) echo "system_verity_block_device=$(PRODUCT_SYSTEM_VERITY_PARTITION)" >> $(1))

$(if $(PRODUCT_VENDOR_VERITY_PARTITION),$(hide) echo "vendor_verity_block_device=$(PRODUCT_VENDOR_VERITY_PARTITION)" >> $(1))

    $(MKBOOTIMG) $(if $(strip $(2)),--kernel $(strip $(2))) $(INTERNAL_RECOVERYIMAGE_ARGS) \

                 $(INTERNAL_MKBOOTIMG_VERSION_ARGS) \

                 $(BOARD_RECOVERY_MKBOOTIMG_ARGS) --output $(1))

  $(if $(filter true,$(PRODUCT_SUPPORTS_BOOT_SIGNER)),\

    $(if $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)),\

      $(BOOT_SIGNER) /boot $(1) $(PRODUCT_VERITY_SIGNING_KEY).pk8 $(PRODUCT_VERITY_SIGNING_KEY).x509.pem $(1),\

      $(BOOT_SIGNER) /recovery $(1) $(PRODUCT_VERITY_SIGNING_KEY).pk8 $(PRODUCT_VERITY_SIGNING_KEY).x509.pem $(1)\

    )\

  )

  $(if $(filter true,$(PRODUCT_SUPPORTS_VBOOT)), \

    $(VBOOT_SIGNER) $(FUTILITY) $(1).unsigned $(PRODUCT_VBOOT_SIGNING_KEY).vbpubk $(PRODUCT_VBOOT_SIGNING_KEY).vbprivk $(PRODUCT_VBOOT_SIGNING_SUBKEY).vbprivk $(1).keyblock $(1))

  $(if $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)), \

endef

recoveryimage-deps := $(MKBOOTIMG) $(recovery_ramdisk) $(recovery_kernel)

ifeq (true,$(PRODUCT_SUPPORTS_BOOT_SIGNER))

  recoveryimage-deps += $(BOOT_SIGNER)

endif

ifeq (true,$(PRODUCT_SUPPORTS_VBOOT))

  recoveryimage-deps += $(VBOOT_SIGNER)

endif

$(KATI_obsolete_var PRODUCT_CHECK_ELF_FILES,Use BUILD_BROKEN_PREBUILT_ELF_FILES instead)

$(KATI_obsolete_var ALL_GENERATED_SOURCES,ALL_GENERATED_SOURCES is no longer used)

$(KATI_obsolete_var ALL_ORIGINAL_DYNAMIC_BINARIES,ALL_ORIGINAL_DYNAMIC_BINARIES is no longer used)

$(KATI_obsolete_var PRODUCT_SUPPORTS_VERITY,VB 1.0 and related variables are no longer supported)

$(KATI_obsolete_var PRODUCT_SUPPORTS_VERITY_FEC,VB 1.0 and related variables are no longer supported)

$(KATI_obsolete_var PRODUCT_SUPPORTS_BOOT_SIGNER,VB 1.0 and related variables are no longer supported)

$(KATI_obsolete_var PRODUCT_VERITY_SIGNING_KEY,VB 1.0 and related variables are no longer supported)

# Used to force goals to build.  Only use for conditionally defined goals.

.PHONY: FORCE

FORCE:

VERITY_SIGNER := $(HOST_OUT_EXECUTABLES)/verity_signer

BUILD_VERITY_METADATA := $(HOST_OUT_EXECUTABLES)/build_verity_metadata

BUILD_VERITY_TREE := $(HOST_OUT_EXECUTABLES)/build_verity_tree

BOOT_SIGNER := $(HOST_OUT_EXECUTABLES)/boot_signer

FUTILITY := $(HOST_OUT_EXECUTABLES)/futility-host

VBOOT_SIGNER := $(HOST_OUT_EXECUTABLES)/vboot_signer

FEC := $(HOST_OUT_EXECUTABLES)/fec

DEXDUMP := $(HOST_OUT_EXECUTABLES)/dexdump$(BUILD_EXECUTABLE_SUFFIX)

PROFMAN := $(HOST_OUT_EXECUTABLES)/profman

# PRODUCT_BOOT_JARS, so that device-specific jars go after common jars.

_product_list_vars += PRODUCT_BOOT_JARS_EXTRA

_product_single_value_vars += PRODUCT_SUPPORTS_BOOT_SIGNER

_product_single_value_vars += PRODUCT_SUPPORTS_VBOOT

_product_single_value_vars += PRODUCT_SUPPORTS_VERITY

_product_single_value_vars += PRODUCT_SUPPORTS_VERITY_FEC

_product_list_vars += PRODUCT_SYSTEM_SERVER_APPS

# List of system_server classpath jars on the platform.

_product_list_vars += PRODUCT_SYSTEM_SERVER_JARS

_product_list_vars += PRODUCT_LOADED_BY_PRIVILEGED_MODULES

_product_single_value_vars += PRODUCT_VBOOT_SIGNING_KEY

_product_single_value_vars += PRODUCT_VBOOT_SIGNING_SUBKEY

_product_single_value_vars += PRODUCT_VERITY_SIGNING_KEY

_product_single_value_vars += PRODUCT_SYSTEM_VERITY_PARTITION

_product_single_value_vars += PRODUCT_VENDOR_VERITY_PARTITION

_product_single_value_vars += PRODUCT_PRODUCT_VERITY_PARTITION

  CUSTOM_IMAGE_MODULES \

  CUSTOM_IMAGE_COPY_FILES \

  CUSTOM_IMAGE_SELINUX \

  CUSTOM_IMAGE_SUPPORT_VERITY \

  CUSTOM_IMAGE_SUPPORT_VERITY_FEC \

  CUSTOM_IMAGE_VERITY_BLOCK_DEVICE \

  CUSTOM_IMAGE_AVB_HASH_ENABLE \

  CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS \

$(my_built_custom_image): PRIVATE_COPY_PAIRS := $(my_copy_pairs)

$(my_built_custom_image): PRIVATE_PICKUP_FILES := $(my_pickup_files)

$(my_built_custom_image): PRIVATE_SELINUX := $(CUSTOM_IMAGE_SELINUX)

$(my_built_custom_image): PRIVATE_SUPPORT_VERITY := $(CUSTOM_IMAGE_SUPPORT_VERITY)

$(my_built_custom_image): PRIVATE_SUPPORT_VERITY_FEC := $(CUSTOM_IMAGE_SUPPORT_VERITY_FEC)

$(my_built_custom_image): PRIVATE_VERITY_KEY := $(PRODUCT_VERITY_SIGNING_KEY)

$(my_built_custom_image): PRIVATE_VERITY_BLOCK_DEVICE := $(CUSTOM_IMAGE_VERITY_BLOCK_DEVICE)

$(my_built_custom_image): PRIVATE_DICT_FILE := $(CUSTOM_IMAGE_DICT_FILE)

$(my_built_custom_image): PRIVATE_AVB_AVBTOOL := $(AVBTOOL)

else ifneq (,$(filter true, $(CUSTOM_IMAGE_AVB_HASH_ENABLE) $(CUSTOM_IMAGE_AVB_HASHTREE_ENABLE)))

  $(error Cannot set both CUSTOM_IMAGE_AVB_HASH_ENABLE and CUSTOM_IMAGE_AVB_HASHTREE_ENABLE to true)

endif

ifeq (true,$(CUSTOM_IMAGE_SUPPORT_VERITY_FEC))

  $(my_built_custom_image): $(FEC)

endif

$(my_built_custom_image): $(INTERNAL_USERIMAGES_DEPS) $(my_built_modules) $(my_image_copy_files) $(my_custom_image_modules_dep) \

  $(CUSTOM_IMAGE_DICT_FILE)

	@echo "Build image $@"

	$(hide) echo "partition_size=$(PRIVATE_PARTITION_SIZE)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt

	$(hide) echo "ext_mkuserimg=$(notdir $(MKEXTUSERIMG))" >> $(PRIVATE_INTERMEDIATES)/image_info.txt

	$(if $(PRIVATE_SELINUX),$(hide) echo "selinux_fc=$(SELINUX_FC)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt)

	$(if $(PRIVATE_SUPPORT_VERITY),\

	  $(hide) echo "verity=$(PRIVATE_SUPPORT_VERITY)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\

	    echo "verity_key=$(PRIVATE_VERITY_KEY)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\

	    echo "verity_signer_cmd=$(VERITY_SIGNER)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\

	    echo "verity_block_device=$(PRIVATE_VERITY_BLOCK_DEVICE)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt)

	$(if $(PRIVATE_SUPPORT_VERITY_FEC),\

	  $(hide) echo "verity_fec=$(PRIVATE_SUPPORT_VERITY_FEC)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt)

	$(if $(filter eng, $(TARGET_BUILD_VARIANT)),$(hide) echo "verity_disable=true" >> $(PRIVATE_INTERMEDIATES)/image_info.txt)

	$(hide) echo "avb_avbtool=$(PRIVATE_AVB_AVBTOOL)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt

	$(if $(PRIVATE_AVB_KEY_PATH),\