• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1package {
2    default_applicable_licenses: ["Android-Apache-2.0"],
3}
4
5microdroid_shell_and_utilities = [
6    "reboot",
7    "sh",
8    "strace",
9    "toolbox",
10    "toybox",
11]
12
13microdroid_rootdirs = [
14    "dev",
15    "proc",
16    "sys",
17
18    "system",
19    "vendor",
20    "debug_ramdisk",
21    "mnt",
22    "data",
23
24    "apex",
25    "linkerconfig",
26    "second_stage_resources",
27]
28
29microdroid_symlinks = [
30    {
31        target: "/sys/kernel/debug",
32        name: "d",
33    },
34    {
35        target: "/system/etc",
36        name: "etc",
37    },
38    {
39        target: "/system/bin",
40        name: "bin",
41    },
42]
43
44android_system_image {
45    name: "microdroid",
46    use_avb: true,
47    avb_private_key: ":microdroid_sign_key",
48    avb_algorithm: "SHA256_RSA4096",
49    avb_hash_algorithm: "sha256",
50    partition_name: "system",
51    deps: [
52        "init_second_stage",
53        "microdroid_build_prop",
54        "microdroid_init_rc",
55        "microdroid_ueventd_rc",
56        "microdroid_launcher",
57
58        "libbinder",
59        "libbinder_ndk",
60        "libstdc++",
61        "logcat",
62        "logd",
63        "secilc",
64
65        // "com.android.adbd" requires these,
66        "libadbd_auth",
67        "libadbd_fs",
68
69        // "com.android.art" requires
70        "heapprofd_client_api",
71        "libartpalette-system",
72
73        "apexd",
74        "atrace",
75        "debuggerd",
76        "diced.microdroid",
77        "linker",
78        "linkerconfig",
79        "servicemanager.microdroid",
80        "tombstoned",
81        "tombstone_transmit.microdroid",
82        "cgroups.json",
83        "task_profiles.json",
84        "public.libraries.android.txt",
85
86        "microdroid_compatibility_matrix",
87        "microdroid_event-log-tags",
88        "microdroid_file_contexts",
89        "microdroid_manifest",
90        "microdroid_plat_sepolicy_and_mapping.sha256",
91        "microdroid_property_contexts",
92        "microdroid_service_contexts",
93
94        // TODO(b/195425111) these should be added automatically
95        "libcrypto", // used by many (init_second_stage, microdroid_manager, toybox, etc)
96        "liblzma", // used by init_second_stage
97    ] + microdroid_shell_and_utilities,
98    multilib: {
99        common: {
100            deps: [
101                // non-updatable & mandatory apexes
102                "com.android.runtime",
103
104                "microdroid_plat_sepolicy.cil",
105                "microdroid_plat_mapping_file",
106            ],
107        },
108        lib64: {
109            deps: [
110                "apkdmverity",
111                "authfs",
112                "authfs_service",
113                "microdroid_manager",
114                "zipfuse",
115            ],
116        },
117    },
118    linker_config_src: "linker.config.json",
119    base_dir: "system",
120    dirs: microdroid_rootdirs,
121    symlinks: microdroid_symlinks,
122    file_contexts: ":microdroid_file_contexts.gen",
123}
124
125prebuilt_etc {
126    name: "microdroid_init_rc",
127    filename: "init.rc",
128    src: "init.rc",
129    relative_install_path: "init/hw",
130    installable: false, // avoid collision with system partition's init.rc
131}
132
133prebuilt_etc {
134    name: "microdroid_ueventd_rc",
135    filename: "ueventd.rc",
136    src: "ueventd.rc",
137    installable: false, // avoid collision with system partition's ueventd.rc
138}
139
140prebuilt_root {
141    name: "microdroid_build_prop",
142    filename: "build.prop",
143    src: "build.prop",
144    arch: {
145        x86_64: {
146            src: ":microdroid_build_prop_gen_x86_64",
147        },
148        arm64: {
149            src: ":microdroid_build_prop_gen_arm64",
150        },
151    },
152    installable: false,
153}
154
155genrule {
156    name: "microdroid_build_prop_gen_x86_64",
157    srcs: [
158        "build.prop",
159        ":buildinfo.prop",
160    ],
161    out: ["build.prop.out"],
162    cmd: "(echo '# build properties from buildinfo.prop module' && " +
163        "grep ro\\.build\\.version\\.codename= $(location :buildinfo.prop) && " +
164        "grep ro\\.build\\.version\\.release= $(location :buildinfo.prop) && " +
165        "grep ro\\.build\\.version\\.sdk= $(location :buildinfo.prop) && " +
166        "grep ro\\.build\\.version\\.security_patch= $(location :buildinfo.prop) && " +
167        "cat $(location build.prop) && " +
168        "echo ro.product.cpu.abilist=x86_64) > $(out)",
169}
170
171genrule {
172    name: "microdroid_build_prop_gen_arm64",
173    srcs: [
174        "build.prop",
175        ":buildinfo.prop",
176    ],
177    out: ["build.prop.out"],
178    cmd: "(echo '# build properties from buildinfo.prop module' && " +
179        "grep ro\\.build\\.version\\.codename= $(location :buildinfo.prop) && " +
180        "grep ro\\.build\\.version\\.release= $(location :buildinfo.prop) && " +
181        "grep ro\\.build\\.version\\.sdk= $(location :buildinfo.prop) && " +
182        "grep ro\\.build\\.version\\.security_patch= $(location :buildinfo.prop) && " +
183        "cat $(location build.prop) && " +
184        "echo ro.product.cpu.abilist=arm64-v8a) > $(out)",
185}
186
187android_filesystem {
188    name: "microdroid_vendor",
189    partition_name: "vendor",
190    use_avb: true,
191    deps: [
192        "android.hardware.security.dice-service.microdroid",
193        "microdroid_fstab",
194        "microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
195        "microdroid_vendor_manifest",
196        "microdroid_vendor_compatibility_matrix",
197    ],
198    multilib: {
199        common: {
200            deps: [
201                "microdroid_vendor_sepolicy.cil",
202                "microdroid_plat_pub_versioned.cil",
203                "microdroid_plat_sepolicy_vers.txt",
204                "microdroid_precompiled_sepolicy",
205            ],
206        },
207    },
208    avb_private_key: ":microdroid_sign_key",
209    avb_algorithm: "SHA256_RSA4096",
210    avb_hash_algorithm: "sha256",
211    file_contexts: ":microdroid_vendor_file_contexts.gen",
212}
213
214logical_partition {
215    name: "microdroid_super",
216    sparse: true,
217    size: "auto",
218    default_group: [
219        {
220            name: "system_a",
221            filesystem: ":microdroid",
222        },
223        {
224            name: "vendor_a",
225            filesystem: ":microdroid_vendor",
226        },
227    ],
228}
229
230microdroid_boot_cmdline = [
231    "panic=-1",
232    "bootconfig",
233    "ioremap_guard",
234]
235
236bootimg {
237    name: "microdroid_boot-5.10",
238    // We don't have kernel for arm and x86. But Soong demands one when it builds for
239    // arm or x86 target. Satisfy that by providing an empty file as the kernel.
240    kernel_prebuilt: "empty_kernel",
241    arch: {
242        arm64: {
243            kernel_prebuilt: ":kernel_prebuilts-5.10-arm64",
244            cmdline: microdroid_boot_cmdline,
245        },
246        x86_64: {
247            kernel_prebuilt: ":kernel_prebuilts-5.10-x86_64",
248            cmdline: microdroid_boot_cmdline + [
249                // console=none is to work around the x86 specific u-boot behavior which when
250                // console= option is not found in the kernel commandline console=ttyS0 is
251                // automatically added. By adding console=none, we can prevent u-boot from doing
252                // that. Note that console is set to hvc0 by bootconfig if the VM is configured as
253                // debuggable.
254                "console=none",
255                "acpi=noirq",
256            ],
257        },
258    },
259
260    dtb_prebuilt: "dummy_dtb.img",
261    header_version: "4",
262    partition_name: "boot",
263    use_avb: true,
264    avb_private_key: ":microdroid_sign_key",
265}
266
267bootimg {
268    name: "microdroid_init_boot",
269    ramdisk_module: "microdroid_ramdisk-5.10",
270    kernel_prebuilt: "empty_kernel",
271    header_version: "4",
272    partition_name: "init_boot",
273    use_avb: true,
274    avb_private_key: ":microdroid_sign_key",
275}
276
277android_filesystem {
278    name: "microdroid_ramdisk-5.10",
279    deps: [
280        "init_first_stage",
281    ],
282    dirs: [
283        "dev",
284        "proc",
285        "sys",
286
287        // TODO(jiyong): remove these
288        "mnt",
289        "debug_ramdisk",
290        "second_stage_resources",
291    ],
292    type: "compressed_cpio",
293}
294
295bootimg {
296    name: "microdroid_vendor_boot-5.10",
297    ramdisk_module: "microdroid_vendor_ramdisk-5.10",
298    dtb_prebuilt: "dummy_dtb.img",
299    header_version: "4",
300    vendor_boot: true,
301    arch: {
302        arm64: {
303            bootconfig: ":microdroid_bootconfig_arm64_gen",
304        },
305        x86_64: {
306            bootconfig: ":microdroid_bootconfig_x86_64_gen",
307        },
308    },
309    partition_name: "vendor_boot",
310    use_avb: true,
311    avb_private_key: ":microdroid_sign_key",
312}
313
314prebuilt_kernel_modules {
315    name: "microdroid_kernel_modules",
316    arch: {
317        arm64: {
318            srcs: [":virt_device_prebuilts_kernel_modules_microdroid-5.10-arm64"],
319        },
320        x86_64: {
321            srcs: [":virt_device_prebuilts_kernel_modules_microdroid-5.10-x86_64"],
322        },
323    },
324    kernel_version: "5.10",
325}
326
327android_filesystem {
328    name: "microdroid_vendor_ramdisk-5.10",
329    deps: [
330        "microdroid_fstab",
331        "microdroid_kernel_modules",
332    ],
333    base_dir: "first_stage_ramdisk",
334    type: "compressed_cpio",
335    symlinks: [
336        {
337            target: "etc/fstab.microdroid",
338            name: "first_stage_ramdisk/fstab.microdroid",
339        },
340        {
341            target: "first_stage_ramdisk/lib",
342            name: "lib",
343        },
344    ],
345}
346
347genrule {
348    name: "microdroid_bootconfig_arm64_gen",
349    srcs: [
350        "bootconfig.common",
351        "bootconfig.arm64",
352    ],
353    out: ["bootconfig"],
354    cmd: "cat $(in) > $(out)",
355}
356
357genrule {
358    name: "microdroid_bootconfig_x86_64_gen",
359    srcs: [
360        "bootconfig.common",
361        "bootconfig.x86_64",
362    ],
363    out: ["bootconfig"],
364    cmd: "cat $(in) > $(out)",
365}
366
367vbmeta {
368    name: "microdroid_vbmeta_bootconfig",
369    partition_name: "vbmeta",
370    private_key: ":microdroid_sign_key",
371    chained_partitions: [
372        {
373            name: "bootconfig",
374            private_key: ":microdroid_sign_key",
375        },
376        {
377            name: "uboot_env",
378            private_key: ":microdroid_sign_key",
379        },
380    ],
381}
382
383// See external/avb/avbtool.py
384// MAX_VBMETA_SIZE=64KB, MAX_FOOTER_SIZE=4KB
385avb_hash_footer_kb = "68"
386
387prebuilt_etc {
388    name: "microdroid_bootconfig_normal",
389    src: ":microdroid_bootconfig_normal_gen",
390    filename: "microdroid_bootconfig.normal",
391}
392
393prebuilt_etc {
394    name: "microdroid_bootconfig_app_debuggable",
395    src: ":microdroid_bootconfig_app_debuggable_gen",
396    filename: "microdroid_bootconfig.app_debuggable",
397}
398
399prebuilt_etc {
400    name: "microdroid_bootconfig_full_debuggable",
401    src: ":microdroid_bootconfig_full_debuggable_gen",
402    filename: "microdroid_bootconfig.full_debuggable",
403}
404
405// TODO(jiyong): make a new module type that does the avb signing
406genrule {
407    name: "microdroid_bootconfig_normal_gen",
408    tools: ["avbtool"],
409    srcs: [
410        "bootconfig.normal",
411        ":microdroid_sign_key",
412    ],
413    out: ["microdroid_bootconfig.normal"],
414    cmd: "cp $(location bootconfig.normal) $(out) && " +
415        "$(location avbtool) add_hash_footer " +
416        "--algorithm SHA256_RSA4096 " +
417        "--partition_name bootconfig " +
418        "--key $(location :microdroid_sign_key) " +
419        "--partition_size $$(( " + avb_hash_footer_kb + " * 1024 + ( $$(stat --format=%s $(out)) + 4096 - 1 ) / 4096 * 4096 )) " +
420        "--image $(out)",
421}
422
423genrule {
424    name: "microdroid_bootconfig_app_debuggable_gen",
425    tools: ["avbtool"],
426    srcs: [
427        "bootconfig.app_debuggable",
428        ":microdroid_sign_key",
429    ],
430    out: ["microdroid_bootconfig.app_debuggable"],
431    cmd: "cp $(location bootconfig.app_debuggable) $(out) && " +
432        "$(location avbtool) add_hash_footer " +
433        "--algorithm SHA256_RSA4096 " +
434        "--partition_name bootconfig " +
435        "--key $(location :microdroid_sign_key) " +
436        "--partition_size $$(( " + avb_hash_footer_kb + " * 1024 + ( $$(stat --format=%s $(out)) + 4096 - 1 ) / 4096 * 4096 )) " +
437        "--image $(out)",
438}
439
440genrule {
441    name: "microdroid_bootconfig_full_debuggable_gen",
442    tools: ["avbtool"],
443    srcs: [
444        "bootconfig.full_debuggable",
445        ":microdroid_sign_key",
446    ],
447    out: ["microdroid_bootconfig.full_debuggable"],
448    cmd: "cp $(location bootconfig.full_debuggable) $(out) && " +
449        "$(location avbtool) add_hash_footer " +
450        "--algorithm SHA256_RSA4096 " +
451        "--partition_name bootconfig " +
452        "--key $(location :microdroid_sign_key) " +
453        "--partition_size $$(( " + avb_hash_footer_kb + " * 1024 + ( $$(stat --format=%s $(out)) + 4096 - 1 ) / 4096 * 4096 )) " +
454        "--image $(out)",
455}
456
457prebuilt_etc {
458    name: "microdroid_fstab",
459    src: "fstab.microdroid",
460    filename: "fstab.microdroid",
461    installable: false,
462}
463
464prebuilt_etc {
465    name: "microdroid_bootloader",
466    src: ":microdroid_bootloader_gen",
467    arch: {
468        x86_64: {
469            // For unknown reason, the signed bootloader doesn't work on x86_64. Until the problem
470            // is fixed, let's use the unsigned bootloader for the architecture.
471            // TODO(b/185115783): remove this
472            src: ":microdroid_bootloader_pubkey_replaced",
473        },
474    },
475    filename: "microdroid_bootloader",
476}
477
478genrule {
479    name: "microdroid_bootloader_gen",
480    tools: ["avbtool"],
481    srcs: [
482        ":microdroid_bootloader_pubkey_replaced",
483        ":microdroid_sign_key",
484    ],
485    out: ["bootloader-signed"],
486    // 1. Copy the input to the output becaise avbtool modifies --image in
487    // place.
488    // 2. Check if the file is big enough. For arm and x86 we have fake
489    // bootloader file whose size is 1. It can't pass avbtool.
490    // 3. Add the hash footer. The partition size is set to (image size + 68KB)
491    // rounded up to 4KB boundary.
492    cmd: "cp $(location :microdroid_bootloader_pubkey_replaced) $(out) && " +
493        "if [ $$(stat --format=%s $(out)) -gt 4096 ]; then " +
494        "$(location avbtool) add_hash_footer " +
495        "--algorithm SHA256_RSA4096 " +
496        "--partition_name bootloader " +
497        "--key $(location :microdroid_sign_key) " +
498        "--partition_size $$(( " + avb_hash_footer_kb + " * 1024 + ( $$(stat --format=%s $(out)) + 4096 - 1 ) / 4096 * 4096 )) " +
499        "--image $(out)" +
500        "; fi",
501}
502
503// Replace avbpubkey of prebuilt bootloader with the avbpubkey of the signing key
504genrule {
505    name: "microdroid_bootloader_pubkey_replaced",
506    tools: ["replace_bytes"],
507    srcs: [
508        ":microdroid_crosvm_bootloader", // input (bootloader)
509        ":microdroid_crosvm_bootloader.avbpubkey", // old bytes (old pubkey)
510        ":microdroid_bootloader_avbpubkey_gen", // new bytes (new pubkey)
511    ],
512    out: ["bootloader-pubkey-replaced"],
513    // 1. Copy the input to the output (replace_bytes modifies the file in-place)
514    // 2. Check if the file is big enough. For arm and x86 we have fake
515    // bootloader file whose size is 1. (replace_bytes fails if key not found)
516    // 3. Replace embedded pubkey with new one.
517    cmd: "cp $(location :microdroid_crosvm_bootloader) $(out) && " +
518        "if [ $$(stat --format=%s $(out)) -gt 4096 ]; then " +
519        "$(location replace_bytes) $(out) " +
520        "$(location :microdroid_crosvm_bootloader.avbpubkey) " +
521        "$(location :microdroid_bootloader_avbpubkey_gen)" +
522        "; fi",
523}
524
525// Apex keeps a copy of avbpubkey embedded in bootloader so that embedded avbpubkey can be replaced
526// while re-signing bootloader.
527prebuilt_etc {
528    name: "microdroid_bootloader.avbpubkey",
529    src: ":microdroid_bootloader_avbpubkey_gen",
530}
531
532// Generate avbpukey from the signing key
533genrule {
534    name: "microdroid_bootloader_avbpubkey_gen",
535    tools: ["avbtool"],
536    srcs: [":microdroid_sign_key"],
537    out: ["bootloader.pubkey"],
538    cmd: "$(location avbtool) extract_public_key " +
539        "--key $(location :microdroid_sign_key) " +
540        "--output $(out)",
541}
542
543prebuilt_etc {
544    name: "microdroid_uboot_env",
545    src: ":microdroid_uboot_env_gen",
546    filename: "uboot_env.img",
547}
548
549genrule {
550    name: "microdroid_uboot_env_gen",
551    tools: [
552        "mkenvimage_slim",
553        "avbtool",
554    ],
555    srcs: [
556        "uboot-env.txt",
557        ":microdroid_sign_key",
558    ],
559    out: ["output.img"],
560    cmd: "$(location mkenvimage_slim) -output_path $(out) -input_path $(location uboot-env.txt) && " +
561        "$(location avbtool) add_hash_footer " +
562        "--algorithm SHA256_RSA4096 " +
563        "--partition_name uboot_env " +
564        "--key $(location :microdroid_sign_key) " +
565        "--partition_size $$(( " + avb_hash_footer_kb + " * 1024 + ( $$(stat --format=%s $(out)) + 4096 - 1 ) / 4096 * 4096 )) " +
566        "--image $(out)",
567}
568
569// Note that keys can be different for filesystem images even though we're using the same key
570// for microdroid. However, the key signing VBmeta should match with the pubkey embedded in
571// bootloader.
572filegroup {
573    name: "microdroid_sign_key",
574    srcs: [":avb_testkey_rsa4096"],
575}
576
577vbmeta {
578    name: "microdroid_vbmeta",
579    partition_name: "vbmeta",
580    private_key: ":microdroid_sign_key",
581    partitions: [
582        "microdroid_vendor",
583        "microdroid_vendor_boot-5.10",
584        "microdroid",
585        "microdroid_boot-5.10",
586        "microdroid_init_boot",
587    ],
588}
589
590prebuilt_etc {
591    name: "microdroid.json",
592    src: "microdroid.json",
593}
594
595prebuilt_etc {
596    name: "microdroid_vendor_manifest",
597    src: "microdroid_vendor_manifest.xml",
598    filename: "manifest.xml",
599    relative_install_path: "vintf",
600    installable: false,
601}
602
603prebuilt_etc {
604    name: "microdroid_vendor_compatibility_matrix",
605    src: "microdroid_vendor_compatibility_matrix.xml",
606    filename: "compatibility_matrix.xml",
607    relative_install_path: "vintf",
608    installable: false,
609}
610
611prebuilt_etc {
612    name: "microdroid_compatibility_matrix",
613    src: "microdroid_compatibility_matrix.xml",
614    filename: "compatibility_matrix.current.xml",
615    relative_install_path: "vintf",
616    installable: false,
617}
618
619prebuilt_etc {
620    name: "microdroid_manifest",
621    src: "microdroid_manifest.xml",
622    filename: "manifest.xml",
623    relative_install_path: "vintf",
624    installable: false,
625}
626
627prebuilt_etc {
628    name: "microdroid_event-log-tags",
629    src: "microdroid_event-log-tags",
630    filename: "event-log-tags",
631    installable: false,
632}
633