1package { 2 default_applicable_licenses: ["Android-Apache-2.0"], 3} 4 5microdroid_shell_and_utilities = [ 6 "reboot", 7 "sh", 8 "strace", 9 "toolbox", 10 "toybox", 11] 12 13microdroid_rootdirs = [ 14 "dev", 15 "proc", 16 "sys", 17 18 "system", 19 "debug_ramdisk", 20 "mnt", 21 "data", 22 23 "apex", 24 "linkerconfig", 25 "second_stage_resources", 26 27 // Ideally we should only create the /vendor for Microdroid VMs that will mount /vendor, but 28 // for the time being we will just create it unconditionally. 29 "vendor", 30] 31 32microdroid_symlinks = [ 33 { 34 target: "/sys/kernel/debug", 35 name: "d", 36 }, 37 { 38 target: "/system/etc", 39 name: "etc", 40 }, 41 { 42 target: "/system/bin", 43 name: "bin", 44 }, 45] 46 47android_system_image { 48 name: "microdroid", 49 use_avb: true, 50 avb_private_key: ":microdroid_sign_key", 51 avb_algorithm: "SHA256_RSA4096", 52 avb_hash_algorithm: "sha256", 53 use_fec: false, 54 partition_name: "system", 55 deps: [ 56 "init_second_stage.microdroid", 57 "microdroid_build_prop", 58 "microdroid_init_debug_policy", 59 "microdroid_init_rc", 60 "microdroid_ueventd_rc", 61 "microdroid_launcher", 62 63 "libbinder_ndk", 64 "libstdc++", 65 66 // "com.android.adbd" requires these, 67 "libadbd_auth", 68 "libadbd_fs", 69 70 // "com.android.art" requires 71 "heapprofd_client_api", 72 "libartpalette-system", 73 74 "apexd.microdroid", 75 "debuggerd", 76 "linker", 77 "cgroups.json", 78 "task_profiles.json", 79 "public.libraries.android.txt", 80 81 "microdroid_event-log-tags", 82 "microdroid_file_contexts", 83 "microdroid_manifest", 84 "microdroid_property_contexts", 85 "mke2fs.microdroid", 86 "microdroid_fstab", 87 88 "libvm_payload", // used by payload to interact with microdroid manager 89 90 "prng_seeder_microdroid", 91 92 // Binaries required to capture traces in Microdroid. 93 "atrace", 94 "traced", 95 "traced_probes", 96 "perfetto", 97 ] + select(release_flag("RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM"), { 98 true: [ 99 "microdroid_etc_passwd", 100 "microdroid_etc_group", 101 ], 102 default: [], 103 }) + microdroid_shell_and_utilities, 104 multilib: { 105 common: { 106 deps: [ 107 // non-updatable & mandatory apexes 108 "com.android.runtime", 109 110 "microdroid_crashdump_initrd", 111 "microdroid_precompiled_sepolicy", 112 ], 113 }, 114 lib64: { 115 deps: [ 116 "apkdmverity", 117 "authfs", 118 "authfs_service", 119 "encryptedstore", 120 "microdroid_kexec", 121 "microdroid_manager", 122 "zipfuse", 123 ] + select(release_flag("RELEASE_AVF_ENABLE_DICE_CHANGES"), { 124 true: ["derive_microdroid_vendor_dice_node"], 125 default: [], 126 }), 127 }, 128 }, 129 arch: { 130 // b/273792258: These could be in multilib.lib64 except that 131 // microdroid_crashdump_kernel doesn't exist for riscv64 yet 132 arm64: { 133 deps: [ 134 "microdroid_crashdump_kernel", 135 ], 136 }, 137 x86_64: { 138 deps: [ 139 "microdroid_crashdump_kernel", 140 ], 141 }, 142 }, 143 linker_config: { 144 gen_linker_config: true, 145 linker_config_srcs: ["linker.config.json"], 146 }, 147 base_dir: "system", 148 dirs: microdroid_rootdirs + select(release_flag("RELEASE_AVF_ENABLE_DICE_CHANGES"), { 149 true: ["microdroid_resources"], 150 default: [], 151 }), 152 symlinks: microdroid_symlinks, 153 file_contexts: ":microdroid_file_contexts.gen", 154 // For deterministic output, use fake_timestamp, hard-coded uuid 155 fake_timestamp: "1611569676", 156 // python -c "import uuid; print(uuid.uuid5(uuid.NAMESPACE_URL, 'www.android.com/avf/microdroid/system'))" 157 uuid: "5fe079c6-f01a-52be-87d3-d415231a72ad", 158} 159 160prebuilt_etc { 161 name: "microdroid_init_rc", 162 filename: "init.rc", 163 src: "init.rc", 164 relative_install_path: "init/hw", 165 no_full_install: true, // avoid collision with system partition's init.rc 166} 167 168prebuilt_etc { 169 name: "microdroid_ueventd_rc", 170 filename: "ueventd.rc", 171 src: "ueventd.rc", 172 no_full_install: true, // avoid collision with system partition's ueventd.rc 173} 174 175prebuilt_etc { 176 name: "microdroid_etc_passwd", 177 src: "microdroid_passwd", 178 filename: "passwd", 179 no_full_install: true, 180} 181 182prebuilt_etc { 183 name: "microdroid_etc_group", 184 src: "microdroid_group", 185 filename: "group", 186 no_full_install: true, 187} 188 189prebuilt_root { 190 name: "microdroid_build_prop", 191 filename: "build.prop", 192 src: "build.prop", 193 arch: { 194 x86_64: { 195 src: ":microdroid_build_prop_gen_x86_64", 196 }, 197 arm64: { 198 src: ":microdroid_build_prop_gen_arm64", 199 }, 200 }, 201 no_full_install: true, 202} 203 204java_genrule { 205 name: "microdroid_build_prop_gen_x86_64", 206 srcs: [ 207 "build.prop", 208 ":system-build.prop", 209 ], 210 out: ["build.prop.out"], 211 cmd: "(echo '# build properties from system/build.prop' && " + 212 "grep ro\\.build\\.version\\.codename= $(location :system-build.prop) && " + 213 "grep ro\\.build\\.version\\.release= $(location :system-build.prop) && " + 214 "grep ro\\.build\\.version\\.sdk= $(location :system-build.prop) && " + 215 "grep ro\\.build\\.version\\.security_patch= $(location :system-build.prop) && " + 216 "grep ro\\.build\\.version\\.known_codenames= $(location :system-build.prop) && " + 217 "cat $(location build.prop) && " + 218 "echo ro.product.cpu.abilist=x86_64 && " + 219 "echo ro.product.cpu.abi=x86_64) > $(out)", 220} 221 222java_genrule { 223 name: "microdroid_build_prop_gen_arm64", 224 srcs: [ 225 "build.prop", 226 ":system-build.prop", 227 ], 228 out: ["build.prop.out"], 229 cmd: "(echo '# build properties from system/build.prop' && " + 230 "grep ro\\.build\\.version\\.codename= $(location :system-build.prop) && " + 231 "grep ro\\.build\\.version\\.release= $(location :system-build.prop) && " + 232 "grep ro\\.build\\.version\\.sdk= $(location :system-build.prop) && " + 233 "grep ro\\.build\\.version\\.security_patch= $(location :system-build.prop) && " + 234 "grep ro\\.build\\.version\\.known_codenames= $(location :system-build.prop) && " + 235 "cat $(location build.prop) && " + 236 "echo ro.product.cpu.abilist=arm64-v8a && " + 237 "echo ro.product.cpu.abi=arm64-v8a) > $(out)", 238} 239 240// Need to keep microdroid_vendor for the release configurations that don't 241// have RELEASE_AVF_ENABLE_VENDOR_MODULES build flag enabled. 242android_filesystem { 243 name: "microdroid_vendor", 244 partition_name: "vendor", 245 use_avb: true, 246 avb_private_key: ":microdroid_sign_key", 247 avb_algorithm: "SHA256_RSA4096", 248 avb_hash_algorithm: "sha256", 249 use_fec: false, 250 file_contexts: ":microdroid_vendor_file_contexts.gen", 251 // For deterministic output, use fake_timestamp, hard-coded uuid 252 fake_timestamp: "1611569676", 253 // python -c "import uuid; print(uuid.uuid5(uuid.NAMESPACE_URL, 'www.android.com/avf/microdroid/vendor'))" 254 uuid: "156d40d7-8d8e-5c99-8913-ec82de549a70", 255} 256 257soong_config_module_type { 258 name: "flag_aware_microdroid_super_partition", 259 module_type: "logical_partition", 260 config_namespace: "ANDROID", 261 bool_variables: [ 262 "release_avf_enable_vendor_modules", 263 ], 264 properties: [ 265 "default_group", 266 ], 267} 268 269flag_aware_microdroid_super_partition { 270 name: "microdroid_super", 271 sparse: true, 272 size: "auto", 273 default_group: [ 274 { 275 name: "system_a", 276 filesystem: ":microdroid", 277 }, 278 ], 279 soong_config_variables: { 280 release_avf_enable_vendor_modules: { 281 conditions_default: { 282 default_group: [ 283 { 284 name: "vendor_a", 285 filesystem: ":microdroid_vendor", 286 }, 287 ], 288 }, 289 }, 290 }, 291} 292 293android_filesystem { 294 name: "microdroid_ramdisk", 295 deps: [ 296 "init_first_stage.microdroid", 297 ], 298 dirs: [ 299 "dev", 300 "proc", 301 "sys", 302 303 "mnt", 304 "debug_ramdisk", 305 "second_stage_resources", 306 ] + select(release_flag("RELEASE_AVF_ENABLE_DICE_CHANGES"), { 307 true: ["microdroid_resources"], 308 default: [], 309 }), 310 type: "compressed_cpio", 311} 312 313android_filesystem { 314 name: "microdroid_first_stage_ramdisk", 315 deps: [ 316 "microdroid_fstab", 317 ], 318 base_dir: "first_stage_ramdisk", 319 type: "compressed_cpio", 320 symlinks: [ 321 { 322 target: "etc/fstab.microdroid", 323 name: "first_stage_ramdisk/fstab.microdroid", 324 }, 325 { 326 target: "first_stage_ramdisk/lib", 327 name: "lib", 328 }, 329 ], 330} 331 332genrule { 333 name: "microdroid_bootconfig_arm64_gen", 334 srcs: [ 335 "bootconfig.common", 336 "bootconfig.arm64", 337 ], 338 out: ["bootconfig"], 339 cmd: "cat $(in) > $(out)", 340} 341 342genrule { 343 name: "microdroid_bootconfig_x86_64_gen", 344 srcs: [ 345 "bootconfig.common", 346 "bootconfig.x86_64", 347 ], 348 out: ["bootconfig"], 349 cmd: "cat $(in) > $(out)", 350} 351 352filegroup { 353 name: "microdroid_16k_bootconfig_x86_64_gen", 354 srcs: ["bootconfig.x86_64_16k"], 355} 356 357prebuilt_etc { 358 name: "microdroid_fstab", 359 src: "fstab.microdroid", 360 filename: "fstab.microdroid", 361 no_full_install: true, 362} 363 364// python -c "import hashlib; print(hashlib.sha256(b'bootloader').hexdigest())" 365bootloader_salt = "3b4a12881d11f33cff968a24d7c53723a8232cde9a8d91e29fdbd6a95ae6adf0" 366 367filegroup { 368 name: "microdroid_sign_key", 369 srcs: [":pvmfw_embedded_key"], 370} 371 372vbmeta { 373 name: "microdroid_vbmeta", 374 partition_name: "vbmeta", 375 private_key: ":microdroid_sign_key", 376 partitions: [ 377 "microdroid", 378 ] + select(release_flag("RELEASE_AVF_ENABLE_VENDOR_MODULES"), { 379 true: [], 380 default: ["microdroid_vendor"], 381 }), 382} 383 384prebuilt_etc { 385 name: "microdroid.json", 386 src: "microdroid.json", 387} 388 389prebuilt_etc { 390 name: "microdroid_16k.json", 391 src: "microdroid_16k.json", 392} 393 394prebuilt_etc { 395 name: "microdroid_manifest", 396 src: "microdroid_manifest.xml", 397 filename: "manifest.xml", 398 relative_install_path: "vintf", 399 no_full_install: true, 400} 401 402prebuilt_etc { 403 name: "microdroid_event-log-tags", 404 src: "microdroid_event-log-tags", 405 filename: "event-log-tags", 406 no_full_install: true, 407} 408 409filegroup { 410 name: "microdroid_bootconfig_debuggable_src", 411 srcs: ["bootconfig.debuggable"], 412} 413 414filegroup { 415 name: "microdroid_bootconfig_normal_src", 416 srcs: ["bootconfig.normal"], 417} 418 419// python -c "import hashlib; print(hashlib.sha256(b'initrd_normal').hexdigest())" 420initrd_normal_salt = "8041a07d54ac82290f6d90bac1fa8d7fdbc4db974d101d60faf294749d1ebaf8" 421 422avb_gen_vbmeta_image_defaults { 423 name: "microdroid_initrd_defaults", 424 enabled: false, 425 arch: { 426 // Microdroid kernel is only available in these architectures. 427 arm64: { 428 enabled: true, 429 }, 430 x86_64: { 431 enabled: true, 432 }, 433 }, 434} 435 436avb_gen_vbmeta_image_defaults { 437 name: "microdroid_initrd_normal_defaults", 438 defaults: ["microdroid_initrd_defaults"], 439 partition_name: "initrd_normal", 440 salt: initrd_normal_salt, 441} 442 443avb_gen_vbmeta_image { 444 name: "microdroid_initrd_normal_hashdesc", 445 defaults: ["microdroid_initrd_normal_defaults"], 446 src: ":microdroid_initrd_normal", 447} 448 449avb_gen_vbmeta_image { 450 name: "microdroid_16k_initrd_normal_hashdesc", 451 defaults: ["microdroid_initrd_normal_defaults"], 452 src: ":microdroid_16k_initrd_normal", 453} 454 455// python -c "import hashlib; print(hashlib.sha256(b'initrd_debug').hexdigest())" 456initrd_debug_salt = "8ab9dc9cb7e6456700ff6ef18c6b4c3acc24c5fa5381b829563f8d7a415d869a" 457 458avb_gen_vbmeta_image_defaults { 459 name: "microdroid_initrd_debug_defaults", 460 defaults: ["microdroid_initrd_defaults"], 461 partition_name: "initrd_debug", 462 salt: initrd_debug_salt, 463} 464 465avb_gen_vbmeta_image { 466 name: "microdroid_initrd_debug_hashdesc", 467 defaults: ["microdroid_initrd_debug_defaults"], 468 src: ":microdroid_initrd_debuggable", 469} 470 471avb_gen_vbmeta_image { 472 name: "microdroid_16k_initrd_debug_hashdesc", 473 defaults: ["microdroid_initrd_debug_defaults"], 474 src: ":microdroid_16k_initrd_debuggable", 475} 476 477soong_config_module_type { 478 name: "flag_aware_avb_add_hash_footer_defaults", 479 module_type: "avb_add_hash_footer_defaults", 480 config_namespace: "ANDROID", 481 bool_variables: [ 482 "release_avf_enable_llpvm_changes", 483 ], 484 properties: [ 485 "rollback_index", 486 "props", 487 ], 488} 489 490avb_add_hash_footer_defaults { 491 name: "microdroid_kernel_signed_defaults", 492 src: ":empty_file", 493 partition_name: "boot", 494 private_key: ":microdroid_sign_key", 495 salt: bootloader_salt, 496 enabled: false, 497 arch: { 498 arm64: { 499 enabled: true, 500 }, 501 x86_64: { 502 enabled: true, 503 }, 504 }, 505} 506 507MICRODROID_GKI_ROLLBACK_INDEX = 1 508 509flag_aware_avb_add_hash_footer_defaults { 510 name: "microdroid_kernel_cap_defaults", 511 // Below are properties that are conditionally set depending on value of build flags. 512 soong_config_variables: { 513 release_avf_enable_llpvm_changes: { 514 rollback_index: MICRODROID_GKI_ROLLBACK_INDEX, 515 props: [ 516 { 517 name: "com.android.virt.cap", 518 value: "secretkeeper_protection", 519 }, 520 ], 521 }, 522 }, 523} 524 525flag_aware_avb_add_hash_footer_defaults { 526 name: "microdroid_kernel_cap_with_uefi_defaults", 527 // Below are properties that are conditionally set depending on value of build flags. 528 soong_config_variables: { 529 release_avf_enable_llpvm_changes: { 530 rollback_index: MICRODROID_GKI_ROLLBACK_INDEX, 531 props: [ 532 { 533 name: "com.android.virt.cap", 534 value: "secretkeeper_protection|supports_uefi_boot", 535 }, 536 ], 537 conditions_default: { 538 props: [ 539 { 540 name: "com.android.virt.cap", 541 value: "supports_uefi_boot", 542 }, 543 ], 544 }, 545 }, 546 }, 547} 548 549avb_add_hash_footer { 550 name: "microdroid_kernel_signed", 551 defaults: [ 552 "microdroid_kernel_signed_defaults", 553 "microdroid_kernel_cap_defaults", 554 ], 555 filename: "microdroid_kernel", 556 arch: { 557 arm64: { 558 src: ":microdroid_kernel_prebuilt-arm64", 559 }, 560 x86_64: { 561 src: ":microdroid_kernel_prebuilt-x86_64", 562 }, 563 }, 564 include_descriptors_from_images: [ 565 ":microdroid_initrd_normal_hashdesc", 566 ":microdroid_initrd_debug_hashdesc", 567 ], 568} 569 570prebuilt_etc { 571 name: "microdroid_kernel", 572 src: ":empty_file", 573 relative_install_path: "fs", 574 arch: { 575 arm64: { 576 src: ":microdroid_kernel_signed", 577 }, 578 x86_64: { 579 src: ":microdroid_kernel_signed", 580 }, 581 }, 582} 583 584avb_add_hash_footer { 585 name: "microdroid_kernel_16k_signed", 586 defaults: [ 587 "microdroid_kernel_signed_defaults", 588 "microdroid_kernel_cap_defaults", 589 ], 590 filename: "microdroid_kernel_16k", 591 arch: { 592 arm64: { 593 src: ":microdroid_kernel_16k_prebuilt-arm64", 594 }, 595 // There is no 16k x86_64 kernel. Instead the 16k emulation is triggered by adding 596 // `page_shift=14` to the kernel cmdline or bootconfig. 597 x86_64: { 598 src: ":microdroid_kernel_prebuilt-x86_64", 599 }, 600 }, 601 include_descriptors_from_images: [ 602 ":microdroid_16k_initrd_normal_hashdesc", 603 ":microdroid_16k_initrd_debug_hashdesc", 604 ], 605} 606 607prebuilt_etc { 608 name: "microdroid_kernel_16k", 609 src: ":empty_file", 610 relative_install_path: "fs", 611 arch: { 612 arm64: { 613 src: ":microdroid_kernel_16k_signed", 614 }, 615 x86_64: { 616 src: ":microdroid_kernel_16k_signed", 617 }, 618 }, 619} 620 621/////////////////////////////////////// 622// GKI-android15-6.6 623/////////////////////////////////////// 624prebuilt_etc { 625 name: "microdroid_gki-android15-6.6.json", 626 src: "microdroid_gki-android15-6.6.json", 627} 628 629avb_add_hash_footer_defaults { 630 name: "microdroid_gki_kernel_signed_defaults", 631 defaults: ["microdroid_kernel_signed_defaults"], 632 arch: { 633 arm64: { 634 src: ":microdroid_gki_kernel_prebuilts-android15-6.6-arm64", 635 }, 636 x86_64: { 637 src: ":microdroid_gki_kernel_prebuilts-android15-6.6-x86_64", 638 }, 639 }, 640 include_descriptors_from_images: [ 641 ":microdroid_gki-android15-6.6_initrd_normal_hashdesc", 642 ":microdroid_gki-android15-6.6_initrd_debug_hashdesc", 643 ], 644} 645 646avb_add_hash_footer { 647 name: "microdroid_gki-android15-6.6_kernel_signed", 648 defaults: [ 649 "microdroid_gki_kernel_signed_defaults", 650 "microdroid_kernel_cap_defaults", 651 ], 652 filename: "microdroid_gki-android15-6.6_kernel_signed", 653} 654 655avb_add_hash_footer { 656 name: "microdroid_gki-android15-6.6_kernel_signed_supports_uefi_boot", 657 defaults: [ 658 "microdroid_gki_kernel_signed_defaults", 659 "microdroid_kernel_cap_with_uefi_defaults", 660 ], 661 filename: "microdroid_gki-android15-6.6_kernel_signed_supports_uefi_boot", 662} 663 664// HACK: use cc_genrule for arch-specific properties 665cc_genrule { 666 name: "microdroid_gki-android15-6.6_kernel_signed-lz4", 667 out: ["microdroid_gki-android15-6.6_kernel_signed-lz4"], 668 srcs: [":empty_file"], 669 arch: { 670 arm64: { 671 srcs: [":microdroid_gki-android15-6.6_kernel_signed"], 672 exclude_srcs: [":empty_file"], 673 }, 674 }, 675 tools: ["lz4"], 676 cmd: "$(location lz4) -9 $(in) $(out)", 677} 678 679prebuilt_etc { 680 name: "microdroid_gki-android15-6.6_kernel", 681 filename: "microdroid_gki-android15-6.6_kernel", 682 src: ":empty_file", 683 relative_install_path: "fs", 684 arch: { 685 arm64: { 686 src: ":microdroid_gki-android15-6.6_kernel_signed", 687 }, 688 x86_64: { 689 src: ":microdroid_gki-android15-6.6_kernel_signed", 690 }, 691 }, 692} 693 694avb_gen_vbmeta_image { 695 name: "microdroid_gki-android15-6.6_initrd_normal_hashdesc", 696 defaults: ["microdroid_initrd_normal_defaults"], 697 src: ":microdroid_gki-android15-6.6_initrd_normal", 698} 699 700avb_gen_vbmeta_image { 701 name: "microdroid_gki-android15-6.6_initrd_debug_hashdesc", 702 defaults: ["microdroid_initrd_debug_defaults"], 703 src: ":microdroid_gki-android15-6.6_initrd_debuggable", 704} 705 706python_binary_host { 707 name: "extract_microdroid_kernel_hashes", 708 srcs: ["extract_microdroid_kernel_hashes.py"], 709} 710 711// HACK: use cc_genrule for arch-specific properties 712cc_genrule { 713 name: "microdroid_kernel_hashes_rs", 714 compile_multilib: "first", 715 srcs: [":microdroid_kernel"], 716 arch: { 717 arm64: { 718 srcs: [ 719 ":microdroid_gki-android15-6.6_kernel_signed", 720 ], 721 }, 722 x86_64: { 723 srcs: [ 724 ":microdroid_gki-android15-6.6_kernel_signed", 725 ], 726 }, 727 }, 728 out: ["lib.rs"], 729 tools: [ 730 "extract_microdroid_kernel_hashes", 731 "avbtool", 732 ], 733 cmd: "$(location extract_microdroid_kernel_hashes) --avbtool $(location avbtool) " + 734 "--kernel $(in) > $(out)", 735} 736 737rust_library_rlib { 738 name: "libmicrodroid_kernel_hashes", 739 compile_multilib: "first", 740 srcs: [":microdroid_kernel_hashes_rs"], 741 crate_name: "microdroid_kernel_hashes", 742 prefer_rlib: true, 743 no_stdlibs: true, 744 stdlibs: [ 745 "libcompiler_builtins.rust_sysroot", 746 "libcore.rust_sysroot", 747 ], 748} 749