1# 2# Copyright (C) 2018-2019 The Android Open Source Project 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15 16# This file contains the definitions needed for a _really_ minimal system 17# image to be run under emulation under upstream QEMU (www.qemu.org), once 18# it supports a few Android virtual devices. Note that this is _not_ the 19# same as running under the Android emulator. 20 21$(call inherit-product, $(SRC_TARGET_DIR)/product/default_art_config.mk) 22$(call inherit-product, $(SRC_TARGET_DIR)/product/updatable_apex.mk) 23 24$(call inherit-product, packages/modules/Virtualization/apex/product_packages.mk) 25 26PRODUCT_SOONG_NAMESPACES += \ 27 device/generic/goldfish \ 28 device/generic/trusty \ 29 30# select minimal set of services from build/make/target/product/base_system.mk 31PRODUCT_PACKAGES += \ 32 aconfigd-system \ 33 adbd_system_api \ 34 aflags \ 35 com.android.adbd \ 36 com.android.virt \ 37 adbd_system_api \ 38 android.hardware.confirmationui@1.0-service.trusty \ 39 android.hardware.trusty.hwcryptohal-service \ 40 android.hidl.allocator@1.0-service \ 41 android.system.suspend-service \ 42 apexd \ 43 atrace \ 44 awk \ 45 cgroups.json \ 46 com.android.art \ 47 com.android.i18n \ 48 com.android.os.statsd \ 49 com.android.runtime \ 50 com.android.sdkext \ 51 dhcpclient \ 52 etc_hosts \ 53 gatekeeperd \ 54 hwservicemanager \ 55 init_system \ 56 init_vendor \ 57 init.environ.rc \ 58 keymaster_soft_wrapped_attestation_keys.xml \ 59 keystore2 \ 60 libandroid_servers \ 61 libc.bootstrap \ 62 libdl.bootstrap \ 63 libdl_android.bootstrap \ 64 libm.bootstrap \ 65 linker \ 66 linker64 \ 67 logcat \ 68 logd \ 69 logwrapper \ 70 mediaserver \ 71 mdnsd \ 72 microdroid_vendor_trusty \ 73 odsign \ 74 perfetto \ 75 perfetto-extras \ 76 reboot \ 77 securedpud \ 78 servicemanager \ 79 sh \ 80 su \ 81 strace \ 82 system-build.prop \ 83 toolbox \ 84 toybox \ 85 traced \ 86 traced_probes \ 87 vdc \ 88 vndservicemanager \ 89 vold \ 90 sanitizer.libraries.txt \ 91 92# VINTF stuff for system and vendor (no product / odm / system_ext / etc.) 93PRODUCT_PACKAGES += \ 94 system_compatibility_matrix.xml \ 95 system_manifest.xml \ 96 vendor_compatibility_matrix.xml \ 97 vendor_manifest.xml \ 98 android.hardware.security.see.storage-service.trusty.xml \ 99 android.hardware.security.see.authmgr.xml \ 100 101PRODUCT_USE_DYNAMIC_PARTITIONS := true 102TARGET_COPY_OUT_SYSTEM_EXT := system/system_ext 103BOARD_SYSTEM_EXTIMAGE_FILE_SYSTEM_TYPE := 104SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/generic/trusty/sepolicy/system_ext/private 105 106# Creates metadata partition mount point under root for 107# the devices with metadata partition 108BOARD_USES_METADATA_PARTITION := true 109 110# Devices that inherit from build/make/target/product/base.mk always have 111# /system/system_ext/etc/vintf/manifest.xml generated. And build-time VINTF 112# checks assume that. Since we don't inherit from base.mk, add the dependency 113# here manually. 114PRODUCT_PACKAGES += \ 115 system_ext_manifest.xml \ 116 117# Skip VINTF checks for kernel configs 118PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false 119 120# Ensure boringssl NIAP check won't reboot us 121PRODUCT_PACKAGES += \ 122 com.android.conscrypt \ 123 boringssl_self_test \ 124 125# SELinux packages are added as dependencies of the selinux_policy 126# phony package. 127PRODUCT_PACKAGES += \ 128 selinux_policy \ 129 130PRODUCT_HOST_PACKAGES += \ 131 adb \ 132 e2fsdroid \ 133 make_f2fs \ 134 mke2fs \ 135 sload_f2fs \ 136 toybox \ 137 138PRODUCT_PACKAGES += init.usb.rc init.usb.configfs.rc 139 140PRODUCT_FULL_TREBLE_OVERRIDE := true 141 142PRODUCT_AVF_MICRODROID_GUEST_GKI_VERSION := android16_612 143MICRODROID_VENDOR_IMAGE_MODULE := microdroid_vendor_trusty 144 145PRODUCT_COPY_FILES += \ 146 device/generic/trusty/fstab.trusty:$(TARGET_COPY_OUT_RAMDISK)/fstab.qemu_trusty \ 147 device/generic/trusty/fstab.trusty:$(TARGET_COPY_OUT_VENDOR)/etc/fstab.qemu_trusty \ 148 device/generic/trusty/init.qemu_trusty.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.qemu_trusty.rc \ 149 device/generic/trusty/ueventd.qemu_trusty.rc:$(TARGET_COPY_OUT_VENDOR)/etc/ueventd.rc \ 150 system/core/libprocessgroup/profiles/task_profiles.json:$(TARGET_COPY_OUT_VENDOR)/etc/task_profiles.json \ 151 152PRODUCT_COPY_FILES += \ 153 device/generic/goldfish/data/etc/config.ini:config.ini \ 154 device/generic/trusty/advancedFeatures.ini:advancedFeatures.ini \ 155 156# Set Vendor SPL to match platform 157# needed for properly provisioning keymint (HAL info) 158VENDOR_SECURITY_PATCH = $(PLATFORM_SECURITY_PATCH) 159 160########################## 161# Trusty VM/TEE products # 162########################## 163 164# TODO(b/393850980): enable TRUSTY_SYSTEM_VM_USE_PVMFW when 165# necessary dependencied are available on QEMU (e.g. ARM TRNG supported in TF-A) 166TRUSTY_SYSTEM_VM_USE_PVMFW := false 167ifeq ($(TRUSTY_SYSTEM_VM_USE_PVMFW),true) 168PRODUCT_PACKAGES += \ 169 pvmfw_test_img.img \ 170 171PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \ 172 hypervisor.pvmfw.path=/vendor/etc/pvmfw/pvmfw_test_img.img \ 173 174else 175PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \ 176 hypervisor.pvmfw.path=none \ 177 178endif 179 180KEYMINT_HAL_VENDOR_APEX_SELECT ?= true 181TRUSTY_KEYMINT_IMPL ?= rust 182# TODO(b/390206831): remove placeholder_trusted_hal when VM2TZ is supported 183TRUSTY_SYSTEM_VM ?= enabled_with_placeholder_trusted_hal 184ifeq ($(TRUSTY_SYSTEM_VM), enabled_with_placeholder_trusted_hal) 185 $(call soong_config_set_bool, trusty_system_vm, placeholder_trusted_hal, true) 186endif 187$(call soong_config_set_bool, trusty_system_vm, enabled, true) 188$(call soong_config_set, trusty_system_vm, buildtype, $(TARGET_BUILD_VARIANT)) 189$(call soong_config_set_bool, trusty_tee, enabled, true) 190 191$(call inherit-product, packages/modules/Virtualization/guest/trusty/security_vm/security_vm.mk) 192 193$(call inherit-product, device/generic/trusty/apex/com.android.hardware.keymint/trusty-apex.mk) 194$(call inherit-product, system/core/trusty/trusty-base.mk) 195$(call inherit-product, system/core/trusty/trusty-storage.mk) 196$(call inherit-product, system/core/trusty/trusty-test.mk) 197$(call inherit-product-if-exists, trusty/vendor/google/proprietary/device/device.mk) 198 199# Test Utilities 200PRODUCT_PACKAGES += \ 201 binderRpcToTrustyTest \ 202 tipc-test \ 203 trusty-coverage-controller \ 204 trusty-ut-ctrl \ 205 trusty_stats_test \ 206 VtsAidlKeyMintTargetTest \ 207 VtsHalConfirmationUIV1_0TargetTest \ 208 VtsHalGatekeeperTargetTest \ 209 VtsHalGatekeeperV1_0TargetTest \ 210 VtsHalKeymasterV3_0TargetTest \ 211 VtsHalKeymasterV4_0TargetTest \ 212 VtsHalRemotelyProvisionedComponentTargetTest \ 213 214PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \ 215 ro.adb.secure=0 \ 216 ro.boot.vendor.apex.com.android.hardware.keymint=com.android.hardware.keymint.trusty_tee \ 217