Merge "Added support for building verified vendor partition" into lmp-dev

$(if $(mkyaffs2_extra_flags),$(hide) echo "mkyaffs2_extra_flags=$(mkyaffs2_extra_flags)" >> $(1))

$(hide) echo "selinux_fc=$(SELINUX_FC)" >> $(1)

$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY)" >> $(1))

$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_PARTITION)" >> $(1))

$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_key=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY)" >> $(1))

$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_signer_cmd=$(VERITY_SIGNER)" >> $(1))

$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_mountpoint=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_MOUNTPOINT)" >> $(1))

$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_VERITY_PARTITION),$(hide) echo "system_verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_VERITY_PARTITION)" >> $(1))

$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VENDOR_VERITY_PARTITION),$(hide) echo "vendor_verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VENDOR_VERITY_PARTITION)" >> $(1))

$(if $(2),$(hide) $(foreach kv,$(2),echo "$(kv)" >> $(1);))

endef

    PRODUCT_SUPPORTS_VERITY \

    PRODUCT_OEM_PROPERTIES \

    PRODUCT_SYSTEM_PROPERTY_BLACKLIST \

    PRODUCT_VERITY_PARTITION \

    PRODUCT_VERITY_SIGNING_KEY \

    PRODUCT_VERITY_MOUNTPOINT

    PRODUCT_SYSTEM_VERITY_PARTITION \

    PRODUCT_VENDOR_VERITY_PARTITION

define dump-product

$(info ==== $(1) ====)\

PRODUCT_SUPPORTS_VERITY := true

PRODUCT_VERITY_SIGNING_KEY := build/target/product/security/verity_private_dev_key

PRODUCT_VERITY_MOUNTPOINT := system

PRODUCT_PACKAGES += \

        verity_key

  fs_type = prop_dict.get("fs_type", "")

  run_fsck = False

  is_verity_partition = prop_dict.get("mount_point") == prop_dict.get("verity_mountpoint")

  is_verity_partition = "verity_block_device" in prop_dict

  verity_supported = prop_dict.get("verity") == "true"

  # adjust the partition size to make room for the hashes if this is to be verified

  if verity_supported and is_verity_partition:

      "selinux_fc",

      "skip_fsck",

      "verity",

      "verity_block_device",

      "verity_key",

      "verity_signer_cmd",

      "verity_mountpoint"

      "verity_signer_cmd"

      )

  for p in common_props:

    copy_prop(p, p)

  if mount_point == "system":

    copy_prop("fs_type", "fs_type")

    copy_prop("system_size", "partition_size")

    copy_prop("system_verity_block_device", "verity_block_device")

  elif mount_point == "data":

    # Copy the generic fs type first, override with specific one if available.

    copy_prop("fs_type", "fs_type")

  elif mount_point == "vendor":

    copy_prop("vendor_fs_type", "fs_type")

    copy_prop("vendor_size", "partition_size")

    copy_prop("vendor_verity_block_device", "verity_block_device")

  elif mount_point == "oem":

    copy_prop("fs_type", "fs_type")

    copy_prop("oem_size", "partition_size")

  makeint("recovery_api_version")

  makeint("blocksize")

  makeint("system_size")

  makeint("vendor_size")

  makeint("userdata_size")

  makeint("cache_size")

  makeint("recovery_size")