GitLab

Import v0.12 improvements

See merge request !13

(cherry picked from commit ef900586)

Option to build no boot image

See merge request !12

Implemented:
============
CVE:            References:  Type:  Severity:  Updated AOSP versions:
CVE-2020-0409   A-156997193  EoP    High       8.0, 8.1, 9, 10
CVE-2020-0424   A-161362564  ID     High       9, 10, 11
CVE-2020-0437   A-162741784  DoS    High       8.0, 8.1, 9, 10, 11
CVE-2020-0438   A-161812320  EoP    High       11
                             EoP    Moderate   10
CVE-2020-0439   A-140256621  EoP    High       8.0, 8.1, 9, 10, 11
CVE-2020-0441   A-158304295  DoS    Critical   8.0, 8.1, 9, 10, 11
CVE-2020-0442   A-147358092  DoS    Critical   8.0, 8.1, 9, 10, 11
CVE-2020-0443   A-152410253  DoS    High       8.0, 8.1, 9, 10, 11
CVE-2020-0448   A-153995334  ID     High       8.0, 8.1, 9, 10, 11
CVE-2020-0449   A-162497143  RCE    Critical   8.0, 8.1, 9, 10, 11
CVE-2020-0450   A-157650336  ID     High       8.0, 8.1, 9, 10, 11
CVE-2020-0451   A-158762825  ID     High       10, 11
                             RCE    Critical   8.0, 8.1, 9
CVE-2020-0452   A-159625731  RCE    High       8.0, 8.1, 9, 10, 11
CVE-2020-12856  A-157038281  EoP    High       8.0, 8.1, 9, 10, 11

Previously Implemented:
=======================
CVE:            References:  Type:  Severity:  Updated AOSP versions:
CVE-2020-0418   A-153879813  EoP    High       10

Not Implemented:
================
None

Not Applicable (platform source):
=================================
CVE:            References:  Type:  Severity:  Updated AOSP versions:
CVE-2020-0453   A-159060474  ID     High       8.0, 8.1, 9
CVE-2020-0454   A-161370134  ID     High       9

Change-Id: I7034e2e52168aaa77ed63dd24076b391bd34427c

Get a relative path to out by using $(get_build_var PRODUCT_OUT)
instead of hardcoding it to out/target/product/$TARGET_DEVICE.
That will correctly return the path to the out directory
when setting an external OUT_DIR_COMMON_BASE.

Change-Id: I8a990b710222bc72755c6b6b88fd0c9e80711e14

Implemented:
============
None

Previously Implemented:
=======================
CVE:            References:  Type:  Severity:  Updated AOSP versions:
CVE-2020-0213   A-143464314  ID     High       10, 11
CVE-2020-0215   A-140417248  EoP    High       8.0, 8.1, 9, 10, 11
CVE-2020-0246   A-159062405  ID     High       10, 11
CVE-2020-0377   A-158833854  ID     High       8.0, 8.1, 9, 10, 11
CVE-2020-0378   A-157748906  ID     High       9, 10, 11
CVE-2020-0398   A-154323381  ID     High       10, 11
CVE-2020-0400   A-153356561  ID     High       10, 11
CVE-2020-0408   A-156999009  EoP    High       8.0, 8.1, 9, 10, 11
CVE-2020-0410   A-156021269  ID     High       8.0, 8.1, 9, 10, 11
CVE-2020-0411   A-142641801  ID     High       10, 11
CVE-2020-0412   A-160390416  ID     High       8.0, 8.1, 9, 10, 11
CVE-2020-0413   A-158778659  ID     High       8.0, 8.1, 9, 10, 11
CVE-2020-0414   A-157708122  ID     High       10, 11
CVE-2020-0415   A-156020795  ID     High       8.0, 8.1, 9, 10, 11
CVE-2020-0416   A-155288585  EoP    High       8.0, 8.1, 9, 10, 11
CVE-2020-0419   A-142125338  ID     High       8.1, 9, 10, 11
CVE-2020-0421   A-161894517  EoP    High       8.0, 8.1, 9, 10, 11
CVE-2020-0422   A-161718556  ID     High       8.0, 8.1, 9, 10, 11

Not Implemented:
================
None

Not Applicable (platform source):
=================================
CVE:            References:  Type:  Severity:  Updated AOSP versions:
CVE-2019-2194   A-137284057  EoP    Moderate   9
CVE-2020-0420   A-162383705  EoP    High       11

Change-Id: I9066a7939d1ae32dcb0478766192709cfa2126aa

Keep partitions mapped so users can install addons.

Change-Id: Ic70621986bf136775e686dc8cc690ce076485907
Signed-off-by: Jesse Chan <jc@lineageos.org>

Implemented:
============
CVE:            References:  Type:  Severity:  Updated AOSP versions:
CVE-2020-0074   A-146204120  EoP    High       8.0, 8.1, 9, 10
CVE-2020-0379   A-150156492  ID     High       8.0, 8.1, 9, 10
CVE-2020-0380   A-146398979  RCE    Critical   8.0, 8.1, 9, 10
CVE-2020-0381   A-150159669  ID     High       8.0, 8.1, 9, 10
CVE-2020-0382   A-152944488  ID     High       10
CVE-2020-0383   A-150160279  ID     High       8.0, 8.1, 9, 10
CVE-2020-0384   A-150159906  ID     High       8.0, 8.1, 9, 10
CVE-2020-0385   A-150160041  ID     High       8.0, 8.1, 9, 10
CVE-2020-0386   A-155650356  EoP    High       8.0, 8.1, 9, 10
CVE-2020-0388   A-156123285  EoP    High       10
CVE-2020-0389   A-156959408  ID     High       10
CVE-2020-0390   A-157598026  ID     High       10
CVE-2020-0391   A-158570769  EoP    High       9, 10
CVE-2020-0392   A-150226608  EoP    High       9, 10
CVE-2020-0393   A-154123412  ID     High       9, 10
CVE-2020-0394   A-155648639  EoP    High       8.0, 8.1, 9, 10
CVE-2020-0395   A-154124307  ID     High       8.0, 8.1, 9, 10
CVE-2020-0396   A-155094269  ID     Critical   8.0, 8.1, 9, 10
CVE-2020-0397   A-155092443  ID     High       8.0, 8.1, 9, 10
CVE-2020-0399   A-153993591  ID     High       8.0, 8.1, 9, 10
CVE-2020-0401   A-150857253  EoP    High       8.0, 8.1, 9, 10

Previously Implemented:
=======================
CVE:            References:  Type:  Severity:  Updated AOSP versions:
CVE-2020-0245   A-152496149  ID     High       10
                             RCE    Critical   8.0, 8.1, 9

Not Implemented:
================
None

Not Applicable (platform source):
=================================
None

Change-Id: I22fe42aa77ffb92f8dababcaf9ca1c6893fad606

Change-Id: Id0e5f59ae7b93ffa3135ac687b785f0ee2ebe607

Build number without Lineage prefix(Q)

See merge request !8

This allows us to skip custom inode count calculation by setting
BOARD_*IMAGE_EXTFS_INODE_COUNT to -1, this will end up letting
mke2fs calculate appropriate inode count on its own.

While build_image only allocates exact number of needed inodes
plus 4% spare with .2% margin, mke2fs will allocate as many
inodes as it thinks is appropriate given the filesystem size.

Change-Id: If03d5edae8378be3b305346176067b01163f6f3d

Signed-off-by: Sumit Pundir <pundirsumit11@gmail.com>

Android 10.0.0 Release 41 (QQ3A.200805.001)

* tag 'android-10.0.0_r41':
  Update Security String to 2020-08-05
  Update Security String to 2020-08-01

Change-Id: I5476fbc81bed331f0853fa1fb7fbeda48bba8930

Android 10.0.0 release 40

* tag 'android-10.0.0_r40':
  Version bump to QQ3A.200705.002 [core/build_id.mk]
  Update Security String to 2020-07-05
  Update Security String to 2020-07-01
  Version bump to QQ3A.200605.002 [core/build_id.mk]

Change-Id: I6a65fdca31714e051e3fbf83be9e78d94200defc

Change-Id: I4a04e52f64e307a9852d786aabf17975a020b4b8
Signed-off-by: Jesse Chan <jc@lineageos.org>

Currently only the system and vendor partitions are updated in the
generic block based OTA generation script. Since the product partition
is quite large and consist most of APK files, it would be beneficial to
update it similar to system. Handle the odm and system_ext partitions in
the same way as well.

Bug: 132683080
Test: Run unit tests, generate full and incremental OTA with product partitions.
Change-Id: I13478cf9bd32137c6729b8c9cb102080147093f2

Unlike the previous performance patches, this does change the ninja
file, shrinking build-aosp_crosshatch.ninja on aosp-master from 393MB to
387MB, while reducing kati runtime from 28.6s to 27.7s.

Previously, MODULES-IN-art would depend on every target defined under
art/***. After this change, it only depends on the modules names that
were directly defined under it, and depends on the MODULES-IN-art-*
for its subfolders.

Bug: 158488548
Test: mmma system/core/adb
Test: mmma system/core
Change-Id: Idfe80f707738faae4777e0d6dc9fd08014775696

A few more misc improvements that I found while analyzing the
performance of base_rules.mk.

This brings an aosp-master/aosp_crosshatch-userdebug kati run from 33.3s
to 28.6s

Bug: 158488548
Test: build-aosp_crosshatch.ninja is the same before/after
Change-Id: If99c31cc7b5d7133d70eb644c6095f19060b71e5

The current test suite rule implementation has a bug where test data
files are excluded from the final suite zip files when a suite doesn't
have a designated testcases output directory, which is represented by
COMPATIBILITY_TESTCASES_OUT_$(suite_name).

Specifically, the rule that collects test data files for each suite
filters out suite output paths that conflict with module output paths,
which happens when a suite doesn't have its own testcases output
directory. It seems to have been done this way just to avoid make rule
conflict errors, but it ended up causing missing test data files.

This change fixes it by adding an indexing purpose only test suit file
variable.

Fixes: 140761783
Test: m general-tests
Test: Compared before vs after, no meaningful differences.
Test: Changed bc-tests to a device test and built general-tests.
Test: Before - data files missing, after - data files present
Change-Id: I2008992f4144c6ee115f4b4e4ac9caa4312bbe34

These are a (partial) list of files that we'd install with a default
build. The idea is that if something is removed from this list, soong_ui
can remove it from the installed location before running ninja.

It's okay if there are things missing from this list, it's not intended
to be a 100% solution replacing installclean / CleanSpec.mk, just
something that handles 80% of the cases without user involvement.

In particular, if something is removed from PRODUCT_PACKAGES, we'll
remove it from disk, but not necessarily rebuild the image files. That's
the same as most use cases of CleanSpec.mk today, and often some other
change will trigger the necessary images to be rebuilt.

We should be able to fix that by changing all of the image creation
rules to depend on the (partial) list of files they care about, or by
fixing ninja to rebuild things when their list of dependencies change.
(Other tools run into this same problem)

The list of test files is also included so that we can remove obsolete
tests from their "installed" locations within test suites and the
testcases folders.

Test: remove a module from PRODUCT_PACKAGES, see the print and file removed
Test: change the name of a cts test, see the old one removed from cts
Change-Id: I67f270a6713369099ca523aaf991ee3beb815c0a

In the case of building a multilib library that defines LOCAL_VINTF_FRAGMENTS,
the previous code would create duplicate rules for the fragment. This change
uses the my_vintf_new_installed variable (which may be empty) to avoid the
duplication.

Bug: 139268165
Test: Verify that build warnings are gone, yet VINTF fragment still installed.
Change-Id: I579ec650019a29a6a105118ad5e5ae9376e8d9bc
(cherry picked from commit 6733381f)

* Backuptool is not exclusively used for GApps but
  also used by other things (i.e. Magisk), hence
  it shouldn't be disabled on all GMS builds.

Change-Id: Ia95c6fed21d7bed5e2e0610aa94264edc1d02c80

Change-Id: I57ef3ce33fc2f1703c5ac57f9c1659c1e0a215a1

Bug: 158587413
Change-Id: I5f0b271fb5302e8c72024b49fb1a2ae5120821e0
(cherry picked from commit d4b7f4de)

Change-Id: I0fcced4f8703a7586e092298ea0fef6b3f5db8d1

Bug: 158587413
Change-Id: I21b16ed52ef9c7c26a671692c66b06855b147b16
(cherry picked from commit a4d5641a)

It turns out we have a few tests with thousands of test data files,
which this logic does not handle very well. Just switching from `x :=
$(x) ...` to `x += ...` accomplishes the majority of these gains, but I
rewrote the logic to be less function-call+eval based to hopefully make
it easier to understand.

For an aosp-master/aosp_coral-eng build, this brings the time spent in
this logic from 7.6s to 0.3s (total kati runtime of 54s to 46s). Kati's
peak memory use (maxrss) also shrunk from 6.1GB to 3.8GB.

Bug: 158488548
Test: build-aosp_coral.ninja is the same before/after
Change-Id: Ia2ec8b29b5c1dd12fa7ea10b4f80fe802c692725

Instead of using `x := $(x) foo`, make sure `x` is initialized first,
then use `x += foo`.

For a aosp-master/aosp_crosshatch-userdebug build, this takes the build
from 49s to 33s (no significant difference in peak memory)

Bug: 158488548
Test: build-aosp_crosshatch.ninja is the same before/after
Change-Id: I41fb7611030dd3ba824f896a9c9eadbdd218f464

common.GetCareMap() may return an empty list on unavailable care_map
since the change in commit 8bdfb990.
Caller needs to handle such a case accordingly. This CL fixes the caller
in add_img_to_target_files.py, and changes the return value to None to
break legacy callers loudly.

Fixes: 131794385
Test: `atest releasetools_test`
Change-Id: I7c94f456064199237e84ef75732bdd10ebe31736
(cherry picked from commit 77a4aa0c)

Test: `atest --host releasetools_test`
Test: `m dist` with a target that uses non-sparse images.
Test: Run UpdateVerifierTest on blueline.
Change-Id: I8fdebee42fcaac78c2d1be2a84ddb69f46ec701d
(cherry picked from commit 8bdfb990)