package { default_applicable_licenses: ["Android-Apache-2.0"], } microdroid_shell_and_utilities = [ "reboot", "sh", "strace", "toolbox", "toybox", ] microdroid_rootdirs = [ "dev", "proc", "sys", "system", "vendor", "debug_ramdisk", "mnt", "data", "apex", "linkerconfig", "second_stage_resources", ] microdroid_symlinks = [ { target: "/sys/kernel/debug", name: "d", }, { target: "/system/etc", name: "etc", }, { target: "/system/bin", name: "bin", }, ] android_system_image { name: "microdroid", use_avb: true, avb_private_key: ":microdroid_sign_key", avb_algorithm: "SHA256_RSA4096", partition_name: "system", deps: [ "init_second_stage", "microdroid_build_prop", "microdroid_init_rc", "microdroid_ueventd_rc", "microdroid_launcher", "libbinder", "libbinder_ndk", "libstdc++", "secilc", // "com.android.adbd" requires these, "libadbd_auth", "libadbd_fs", // "com.android.art" requires "heapprofd_client_api", "libartpalette-system", "apexd", "atrace", "debuggerd", "linker", "linkerconfig", "tombstoned.microdroid", "tombstone_transmit.microdroid", "cgroups.json", "task_profiles.json", "public.libraries.android.txt", "microdroid_event-log-tags", "microdroid_file_contexts", "microdroid_manifest", "microdroid_plat_sepolicy_and_mapping.sha256", "microdroid_property_contexts", "mke2fs", // TODO(b/195425111) these should be added automatically "libcrypto", // used by many (init_second_stage, microdroid_manager, toybox, etc) "liblzma", // used by init_second_stage "libvm_payload", // used by payload to interact with microdroid manager ] + microdroid_shell_and_utilities, multilib: { common: { deps: [ // non-updatable & mandatory apexes "com.android.runtime", "microdroid_plat_sepolicy.cil", "microdroid_plat_mapping_file", "microdroid_crashdump_initrd", ], }, lib64: { deps: [ "apkdmverity", "authfs", "authfs_service", "encryptedstore", "microdroid_crashdump_kernel", "microdroid_kexec", "microdroid_manager", "zipfuse", ], }, }, linker_config_src: "linker.config.json", base_dir: "system", dirs: microdroid_rootdirs, symlinks: microdroid_symlinks, file_contexts: ":microdroid_file_contexts.gen", // For deterministic output, use fake_timestamp, hard-coded uuid fake_timestamp: "1611569676", // python -c "import uuid; print(uuid.uuid5(uuid.NAMESPACE_URL, 'www.android.com/avf/microdroid/system'))" uuid: "5fe079c6-f01a-52be-87d3-d415231a72ad", } prebuilt_etc { name: "microdroid_init_rc", filename: "init.rc", src: "init.rc", relative_install_path: "init/hw", installable: false, // avoid collision with system partition's init.rc } prebuilt_etc { name: "microdroid_ueventd_rc", filename: "ueventd.rc", src: "ueventd.rc", installable: false, // avoid collision with system partition's ueventd.rc } prebuilt_root { name: "microdroid_build_prop", filename: "build.prop", src: "build.prop", arch: { x86_64: { src: ":microdroid_build_prop_gen_x86_64", }, arm64: { src: ":microdroid_build_prop_gen_arm64", }, }, installable: false, } genrule { name: "microdroid_build_prop_gen_x86_64", srcs: [ "build.prop", ":buildinfo.prop", ], out: ["build.prop.out"], cmd: "(echo '# build properties from buildinfo.prop module' && " + "grep ro\\.build\\.version\\.codename= $(location :buildinfo.prop) && " + "grep ro\\.build\\.version\\.release= $(location :buildinfo.prop) && " + "grep ro\\.build\\.version\\.sdk= $(location :buildinfo.prop) && " + "grep ro\\.build\\.version\\.security_patch= $(location :buildinfo.prop) && " + "grep ro\\.build\\.version\\.known_codenames= $(location :buildinfo.prop) && " + "cat $(location build.prop) && " + "echo ro.product.cpu.abilist=x86_64 && " + "echo ro.product.cpu.abi=x86_64) > $(out)", } genrule { name: "microdroid_build_prop_gen_arm64", srcs: [ "build.prop", ":buildinfo.prop", ], out: ["build.prop.out"], cmd: "(echo '# build properties from buildinfo.prop module' && " + "grep ro\\.build\\.version\\.codename= $(location :buildinfo.prop) && " + "grep ro\\.build\\.version\\.release= $(location :buildinfo.prop) && " + "grep ro\\.build\\.version\\.sdk= $(location :buildinfo.prop) && " + "grep ro\\.build\\.version\\.security_patch= $(location :buildinfo.prop) && " + "grep ro\\.build\\.version\\.known_codenames= $(location :buildinfo.prop) && " + "cat $(location build.prop) && " + "echo ro.product.cpu.abilist=arm64-v8a && " + "echo ro.product.cpu.abi=arm64-v8a) > $(out)", } android_filesystem { name: "microdroid_vendor", partition_name: "vendor", use_avb: true, deps: [ "microdroid_fstab", "microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256", "microdroid_vendor_manifest", "microdroid_vendor_compatibility_matrix", ], multilib: { common: { deps: [ "microdroid_vendor_sepolicy.cil", "microdroid_plat_pub_versioned.cil", "microdroid_plat_sepolicy_vers.txt", "microdroid_precompiled_sepolicy", ], }, }, avb_private_key: ":microdroid_sign_key", avb_algorithm: "SHA256_RSA4096", file_contexts: ":microdroid_vendor_file_contexts.gen", // For deterministic output, use fake_timestamp, hard-coded uuid fake_timestamp: "1611569676", // python -c "import uuid; print(uuid.uuid5(uuid.NAMESPACE_URL, 'www.android.com/avf/microdroid/vendor'))" uuid: "156d40d7-8d8e-5c99-8913-ec82de549a70", } logical_partition { name: "microdroid_super", sparse: true, size: "auto", default_group: [ { name: "system_a", filesystem: ":microdroid", }, { name: "vendor_a", filesystem: ":microdroid_vendor", }, ], } bootimg { name: "microdroid_boot", // We don't have kernel for arm and x86. But Soong demands one when it builds for // arm or x86 target. Satisfy that by providing an empty file as the kernel. kernel_prebuilt: "empty_kernel", arch: { arm64: { kernel_prebuilt: ":microdroid_kernel_prebuilts-5.15-arm64", }, x86_64: { kernel_prebuilt: ":microdroid_kernel_prebuilts-5.15-x86_64", }, }, dtb_prebuilt: "dummy_dtb.img", header_version: "4", partition_name: "boot", use_avb: true, avb_private_key: ":microdroid_sign_key", } bootimg { name: "microdroid_init_boot", ramdisk_module: "microdroid_ramdisk", kernel_prebuilt: "empty_kernel", header_version: "4", partition_name: "init_boot", use_avb: true, avb_private_key: ":microdroid_sign_key", } android_filesystem { name: "microdroid_ramdisk", deps: [ "init_first_stage", ], dirs: [ "dev", "proc", "sys", // TODO(jiyong): remove these "mnt", "debug_ramdisk", "second_stage_resources", ], type: "compressed_cpio", } bootimg { name: "microdroid_vendor_boot", ramdisk_module: "microdroid_vendor_ramdisk", dtb_prebuilt: "dummy_dtb.img", header_version: "4", vendor_boot: true, arch: { arm64: { bootconfig: ":microdroid_bootconfig_arm64_gen", }, x86_64: { bootconfig: ":microdroid_bootconfig_x86_64_gen", }, }, partition_name: "vendor_boot", use_avb: true, avb_private_key: ":microdroid_sign_key", } android_filesystem { name: "microdroid_vendor_ramdisk", deps: [ "microdroid_fstab", ], base_dir: "first_stage_ramdisk", type: "compressed_cpio", symlinks: [ { target: "etc/fstab.microdroid", name: "first_stage_ramdisk/fstab.microdroid", }, { target: "first_stage_ramdisk/lib", name: "lib", }, ], } genrule { name: "microdroid_bootconfig_arm64_gen", srcs: [ "bootconfig.common", "bootconfig.arm64", ], out: ["bootconfig"], cmd: "cat $(in) > $(out)", } genrule { name: "microdroid_bootconfig_x86_64_gen", srcs: [ "bootconfig.common", "bootconfig.x86_64", ], out: ["bootconfig"], cmd: "cat $(in) > $(out)", } vbmeta { name: "microdroid_vbmeta_bootconfig", partition_name: "vbmeta", private_key: ":microdroid_sign_key", chained_partitions: [ { name: "bootconfig", private_key: ":microdroid_sign_key", }, { name: "uboot_env", private_key: ":microdroid_sign_key", }, ], } // python -c "import hashlib; print(hashlib.sha256(b'bootconfig').hexdigest())" bootconfig_salt = "e158851fbebb402e1f18ea9372ea2f76b4dea23eceb5c4b92e5b27ade8537f5b" avb_add_hash_footer { name: "microdroid_bootconfig_normal", src: "bootconfig.normal", filename: "microdroid_bootconfig.normal", partition_name: "bootconfig", private_key: ":microdroid_sign_key", salt: bootconfig_salt, } avb_add_hash_footer { name: "microdroid_bootconfig_app_debuggable", src: "bootconfig.app_debuggable", filename: "microdroid_bootconfig.app_debuggable", partition_name: "bootconfig", private_key: ":microdroid_sign_key", salt: bootconfig_salt, } avb_add_hash_footer { name: "microdroid_bootconfig_full_debuggable", src: "bootconfig.full_debuggable", filename: "microdroid_bootconfig.full_debuggable", partition_name: "bootconfig", private_key: ":microdroid_sign_key", salt: bootconfig_salt, } prebuilt_etc { name: "microdroid_fstab", src: "fstab.microdroid", filename: "fstab.microdroid", installable: false, } prebuilt_etc { name: "microdroid_bootloader", src: ":microdroid_bootloader_signed", arch: { x86_64: { // For unknown reason, the signed bootloader doesn't work on x86_64. Until the problem // is fixed, let's use the unsigned bootloader for the architecture. // TODO(b/185115783): remove this src: ":microdroid_bootloader_pubkey_replaced", }, }, relative_install_path: "fs", filename: "microdroid_bootloader", } // python -c "import hashlib; print(hashlib.sha256(b'bootloader').hexdigest())" bootloader_salt = "3b4a12881d11f33cff968a24d7c53723a8232cde9a8d91e29fdbd6a95ae6adf0" avb_add_hash_footer { name: "microdroid_bootloader_signed", src: ":microdroid_bootloader_pubkey_replaced", filename: "microdroid_bootloader", partition_name: "bootloader", private_key: ":microdroid_sign_key", salt: bootloader_salt, } // Replace avbpubkey of prebuilt bootloader with the avbpubkey of the signing key genrule { name: "microdroid_bootloader_pubkey_replaced", tools: ["replace_bytes"], srcs: [ ":microdroid_crosvm_bootloader", // input (bootloader) ":microdroid_crosvm_bootloader.avbpubkey", // old bytes (old pubkey) ":microdroid_bootloader_avbpubkey_gen", // new bytes (new pubkey) ], out: ["bootloader-pubkey-replaced"], // 1. Copy the input to the output (replace_bytes modifies the file in-place) // 2. Replace embedded pubkey with new one. cmd: "cp $(location :microdroid_crosvm_bootloader) $(out) && " + "$(location replace_bytes) $(out) " + "$(location :microdroid_crosvm_bootloader.avbpubkey) " + "$(location :microdroid_bootloader_avbpubkey_gen)", } // Apex keeps a copy of avbpubkey embedded in bootloader so that embedded avbpubkey can be replaced // while re-signing bootloader. prebuilt_etc { name: "microdroid_bootloader.avbpubkey", src: ":microdroid_bootloader_avbpubkey_gen", } // Generate avbpukey from the signing key genrule { name: "microdroid_bootloader_avbpubkey_gen", tools: ["avbtool"], srcs: [":microdroid_sign_key"], out: ["bootloader.pubkey"], cmd: "$(location avbtool) extract_public_key " + "--key $(location :microdroid_sign_key) " + "--output $(out)", } // python -c "import hashlib; print(hashlib.sha256(b'uboot_env').hexdigest())" uboot_env_salt = "cbf2d76827ece5ca8d176a40c94ac6355edcf6511b4b887364a8c0e05850df10" avb_add_hash_footer { name: "microdroid_uboot_env", src: ":microdroid_uboot_env_gen", filename: "uboot_env.img", partition_name: "uboot_env", private_key: ":microdroid_sign_key", salt: uboot_env_salt, } genrule { name: "microdroid_uboot_env_gen", tools: ["mkenvimage_slim"], srcs: ["uboot-env.txt"], out: ["output.img"], cmd: "$(location mkenvimage_slim) -output_path $(out) -input_path $(location uboot-env.txt)", } // Note that keys can be different for filesystem images even though we're using the same key // for microdroid. However, the key signing VBmeta should match with the pubkey embedded in // bootloader. filegroup { name: "microdroid_sign_key", srcs: [":avb_testkey_rsa4096"], } vbmeta { name: "microdroid_vbmeta", partition_name: "vbmeta", private_key: ":microdroid_sign_key", partitions: [ "microdroid_vendor", "microdroid", ], } prebuilt_etc { name: "microdroid.json", src: "microdroid.json", } prebuilt_etc { name: "microdroid_vendor_manifest", src: "microdroid_vendor_manifest.xml", filename: "manifest.xml", relative_install_path: "vintf", installable: false, } prebuilt_etc { name: "microdroid_vendor_compatibility_matrix", src: "microdroid_vendor_compatibility_matrix.xml", filename: "compatibility_matrix.xml", relative_install_path: "vintf", installable: false, } prebuilt_etc { name: "microdroid_manifest", src: "microdroid_manifest.xml", filename: "manifest.xml", relative_install_path: "vintf", installable: false, } prebuilt_etc { name: "microdroid_event-log-tags", src: "microdroid_event-log-tags", filename: "event-log-tags", installable: false, } filegroup { name: "microdroid_bootconfig_full_debuggable_src", srcs: ["bootconfig.full_debuggable"], } filegroup { name: "microdroid_bootconfig_app_debuggable_src", srcs: ["bootconfig.app_debuggable"], } filegroup { name: "microdroid_bootconfig_normal_src", srcs: ["bootconfig.normal"], } avb_add_hash_footer { name: "microdroid_kernel_signed", src: "empty_kernel", filename: "microdroid_kernel", partition_name: "bootloader", private_key: ":microdroid_sign_key", salt: bootloader_salt, enabled: false, arch: { arm64: { src: ":microdroid_kernel_prebuilts-5.15-arm64", enabled: true, }, x86_64: { src: ":microdroid_kernel_prebuilts-5.15-x86_64", enabled: true, }, }, props: [ { name: "trusted_ramdisk", file: ":microdroid_initrd_hashes", }, ], } prebuilt_etc { name: "microdroid_kernel", src: "empty_kernel", relative_install_path: "fs", arch: { arm64: { src: ":microdroid_kernel_signed", }, x86_64: { src: ":microdroid_kernel_signed", }, }, }