• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#
2# Copyright (C) 2018-2019 The Android Open Source Project
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#      http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16# This file contains the definitions needed for a _really_ minimal system
17# image to be run under emulation under upstream QEMU (www.qemu.org), once
18# it supports a few Android virtual devices. Note that this is _not_ the
19# same as running under the Android emulator.
20
21$(call inherit-product, $(SRC_TARGET_DIR)/product/default_art_config.mk)
22$(call inherit-product, $(SRC_TARGET_DIR)/product/updatable_apex.mk)
23
24$(call inherit-product, packages/modules/Virtualization/apex/product_packages.mk)
25
26PRODUCT_SOONG_NAMESPACES += \
27	device/generic/goldfish \
28	device/generic/trusty \
29
30# select minimal set of services from build/make/target/product/base_system.mk
31PRODUCT_PACKAGES += \
32    aconfigd-system \
33    adbd_system_api \
34    aflags \
35    com.android.adbd \
36    com.android.virt \
37    adbd_system_api \
38    android.hardware.confirmationui@1.0-service.trusty \
39    android.hardware.trusty.hwcryptohal-service \
40    android.hidl.allocator@1.0-service \
41    android.system.suspend-service \
42    apexd \
43    atrace \
44    awk \
45    cgroups.json \
46    com.android.art \
47    com.android.i18n \
48    com.android.os.statsd \
49    com.android.runtime \
50    com.android.sdkext \
51    dhcpclient \
52    etc_hosts \
53    gatekeeperd \
54    hwservicemanager \
55    init_system \
56    init_vendor \
57    init.environ.rc \
58    keymaster_soft_wrapped_attestation_keys.xml \
59    keystore2 \
60    libandroid_servers \
61    libc.bootstrap \
62    libdl.bootstrap \
63    libdl_android.bootstrap \
64    libm.bootstrap \
65    linker \
66    linker64 \
67    logcat \
68    logd \
69    logwrapper \
70    mediaserver \
71    mdnsd \
72    microdroid_vendor_trusty \
73    odsign \
74    perfetto \
75    perfetto-extras \
76    reboot \
77    securedpud \
78    servicemanager \
79    sh \
80    su \
81    strace \
82    system-build.prop \
83    toolbox \
84    toybox \
85    traced \
86    traced_probes \
87    vdc \
88    vndservicemanager \
89    vold \
90    sanitizer.libraries.txt \
91
92# VINTF stuff for system and vendor (no product / odm / system_ext / etc.)
93PRODUCT_PACKAGES += \
94    system_compatibility_matrix.xml \
95    system_manifest.xml \
96    vendor_compatibility_matrix.xml \
97    vendor_manifest.xml \
98    android.hardware.security.see.storage-service.trusty.xml \
99    android.hardware.security.see.authmgr.xml \
100
101PRODUCT_USE_DYNAMIC_PARTITIONS := true
102TARGET_COPY_OUT_SYSTEM_EXT := system/system_ext
103BOARD_SYSTEM_EXTIMAGE_FILE_SYSTEM_TYPE :=
104SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/generic/trusty/sepolicy/system_ext/private
105
106# Creates metadata partition mount point under root for
107# the devices with metadata partition
108BOARD_USES_METADATA_PARTITION := true
109
110# Devices that inherit from build/make/target/product/base.mk always have
111# /system/system_ext/etc/vintf/manifest.xml generated. And build-time VINTF
112# checks assume that. Since we don't inherit from base.mk, add the dependency
113# here manually.
114PRODUCT_PACKAGES += \
115    system_ext_manifest.xml \
116
117# Skip VINTF checks for kernel configs
118PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false
119
120# Ensure boringssl NIAP check won't reboot us
121PRODUCT_PACKAGES += \
122    com.android.conscrypt \
123    boringssl_self_test \
124
125# SELinux packages are added as dependencies of the selinux_policy
126# phony package.
127PRODUCT_PACKAGES += \
128    selinux_policy \
129
130PRODUCT_HOST_PACKAGES += \
131    adb \
132    e2fsdroid \
133    make_f2fs \
134    mke2fs \
135    sload_f2fs \
136    toybox \
137
138PRODUCT_PACKAGES += init.usb.rc init.usb.configfs.rc
139
140PRODUCT_FULL_TREBLE_OVERRIDE := true
141
142PRODUCT_AVF_MICRODROID_GUEST_GKI_VERSION := android16_612
143MICRODROID_VENDOR_IMAGE_MODULE := microdroid_vendor_trusty
144
145PRODUCT_COPY_FILES += \
146    device/generic/trusty/fstab.trusty:$(TARGET_COPY_OUT_RAMDISK)/fstab.qemu_trusty \
147    device/generic/trusty/fstab.trusty:$(TARGET_COPY_OUT_VENDOR)/etc/fstab.qemu_trusty \
148    device/generic/trusty/init.qemu_trusty.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.qemu_trusty.rc \
149    device/generic/trusty/ueventd.qemu_trusty.rc:$(TARGET_COPY_OUT_VENDOR)/etc/ueventd.rc \
150    system/core/libprocessgroup/profiles/task_profiles.json:$(TARGET_COPY_OUT_VENDOR)/etc/task_profiles.json \
151
152PRODUCT_COPY_FILES += \
153    device/generic/goldfish/data/etc/config.ini:config.ini \
154    device/generic/trusty/advancedFeatures.ini:advancedFeatures.ini \
155
156# Set Vendor SPL to match platform
157# needed for properly provisioning keymint (HAL info)
158VENDOR_SECURITY_PATCH = $(PLATFORM_SECURITY_PATCH)
159
160##########################
161# Trusty VM/TEE products #
162##########################
163
164# TODO(b/393850980): enable TRUSTY_SYSTEM_VM_USE_PVMFW when
165# necessary dependencied are available on QEMU (e.g. ARM TRNG supported in TF-A)
166TRUSTY_SYSTEM_VM_USE_PVMFW := false
167ifeq ($(TRUSTY_SYSTEM_VM_USE_PVMFW),true)
168PRODUCT_PACKAGES += \
169      pvmfw_test_img.img \
170
171PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
172    hypervisor.pvmfw.path=/vendor/etc/pvmfw/pvmfw_test_img.img \
173
174else
175PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
176    hypervisor.pvmfw.path=none \
177
178endif
179
180KEYMINT_HAL_VENDOR_APEX_SELECT ?= true
181TRUSTY_KEYMINT_IMPL ?= rust
182# TODO(b/390206831): remove placeholder_trusted_hal when VM2TZ is supported
183TRUSTY_SYSTEM_VM ?= enabled_with_placeholder_trusted_hal
184ifeq ($(TRUSTY_SYSTEM_VM), enabled_with_placeholder_trusted_hal)
185    $(call soong_config_set_bool, trusty_system_vm, placeholder_trusted_hal, true)
186endif
187$(call soong_config_set_bool, trusty_system_vm, enabled, true)
188$(call soong_config_set, trusty_system_vm, buildtype, $(TARGET_BUILD_VARIANT))
189$(call soong_config_set_bool, trusty_tee, enabled, true)
190
191$(call inherit-product, packages/modules/Virtualization/guest/trusty/security_vm/security_vm.mk)
192
193$(call inherit-product, device/generic/trusty/apex/com.android.hardware.keymint/trusty-apex.mk)
194$(call inherit-product, system/core/trusty/trusty-base.mk)
195$(call inherit-product, system/core/trusty/trusty-storage.mk)
196$(call inherit-product, system/core/trusty/trusty-test.mk)
197$(call inherit-product-if-exists, trusty/vendor/google/proprietary/device/device.mk)
198
199# Test Utilities
200PRODUCT_PACKAGES += \
201    binderRpcToTrustyTest \
202    tipc-test \
203    trusty-coverage-controller \
204    trusty-ut-ctrl \
205    trusty_stats_test \
206    VtsAidlKeyMintTargetTest \
207    VtsHalConfirmationUIV1_0TargetTest \
208    VtsHalGatekeeperTargetTest \
209    VtsHalGatekeeperV1_0TargetTest \
210    VtsHalKeymasterV3_0TargetTest \
211    VtsHalKeymasterV4_0TargetTest \
212    VtsHalRemotelyProvisionedComponentTargetTest \
213
214PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
215    ro.adb.secure=0 \
216    ro.boot.vendor.apex.com.android.hardware.keymint=com.android.hardware.keymint.trusty_tee \
217