1package { 2 default_applicable_licenses: ["Android-Apache-2.0"], 3} 4 5microdroid_shell_and_utilities = [ 6 "reboot", 7 "sh", 8 "strace", 9 "toolbox", 10 "toybox", 11] 12 13microdroid_rootdirs = [ 14 "dev", 15 "proc", 16 "sys", 17 18 "system", 19 "debug_ramdisk", 20 "mnt", 21 "data", 22 23 "apex", 24 "linkerconfig", 25 "second_stage_resources", 26 27 // Ideally we should only create the /vendor for Microdroid VMs that will mount /vendor, but 28 // for the time being we will just create it unconditionally. 29 "vendor", 30] 31 32microdroid_symlinks = [ 33 { 34 target: "/sys/kernel/debug", 35 name: "d", 36 }, 37 { 38 target: "/system/etc", 39 name: "etc", 40 }, 41 { 42 target: "/system/bin", 43 name: "bin", 44 }, 45] 46 47soong_config_module_type { 48 name: "flag_aware_microdroid_system_image", 49 module_type: "android_system_image", 50 config_namespace: "ANDROID", 51 bool_variables: [ 52 "release_avf_enable_dice_changes", 53 "release_avf_enable_multi_tenant_microdroid_vm", 54 ], 55 properties: [ 56 "deps", 57 "dirs", 58 "multilib", 59 ], 60} 61 62flag_aware_microdroid_system_image { 63 name: "microdroid", 64 use_avb: true, 65 avb_private_key: ":microdroid_sign_key", 66 avb_algorithm: "SHA256_RSA4096", 67 avb_hash_algorithm: "sha256", 68 partition_name: "system", 69 deps: [ 70 "init_second_stage.microdroid", 71 "microdroid_build_prop", 72 "microdroid_init_debug_policy", 73 "microdroid_init_rc", 74 "microdroid_ueventd_rc", 75 "microdroid_launcher", 76 77 "libbinder_ndk", 78 "libstdc++", 79 80 // "com.android.adbd" requires these, 81 "libadbd_auth", 82 "libadbd_fs", 83 84 // "com.android.art" requires 85 "heapprofd_client_api", 86 "libartpalette-system", 87 88 "apexd.microdroid", 89 "debuggerd", 90 "linker", 91 "cgroups.json", 92 "task_profiles.json", 93 "public.libraries.android.txt", 94 95 "microdroid_event-log-tags", 96 "microdroid_file_contexts", 97 "microdroid_manifest", 98 "microdroid_property_contexts", 99 "mke2fs.microdroid", 100 "microdroid_fstab", 101 102 "libvm_payload", // used by payload to interact with microdroid manager 103 104 "prng_seeder_microdroid", 105 106 // Binaries required to capture traces in Microdroid. 107 "atrace", 108 "traced", 109 "traced_probes", 110 "perfetto", 111 ] + microdroid_shell_and_utilities, 112 multilib: { 113 common: { 114 deps: [ 115 // non-updatable & mandatory apexes 116 "com.android.runtime", 117 118 "microdroid_crashdump_initrd", 119 "microdroid_precompiled_sepolicy", 120 ], 121 }, 122 lib64: { 123 deps: [ 124 "apkdmverity", 125 "authfs", 126 "authfs_service", 127 "encryptedstore", 128 "microdroid_kexec", 129 "microdroid_manager", 130 "zipfuse", 131 ], 132 }, 133 }, 134 arch: { 135 // b/273792258: These could be in multilib.lib64 except that 136 // microdroid_crashdump_kernel doesn't exist for riscv64 yet 137 arm64: { 138 deps: [ 139 "microdroid_crashdump_kernel", 140 ], 141 }, 142 x86_64: { 143 deps: [ 144 "microdroid_crashdump_kernel", 145 ], 146 }, 147 }, 148 linker_config_src: "linker.config.json", 149 base_dir: "system", 150 dirs: microdroid_rootdirs, 151 symlinks: microdroid_symlinks, 152 file_contexts: ":microdroid_file_contexts.gen", 153 // For deterministic output, use fake_timestamp, hard-coded uuid 154 fake_timestamp: "1611569676", 155 // python -c "import uuid; print(uuid.uuid5(uuid.NAMESPACE_URL, 'www.android.com/avf/microdroid/system'))" 156 uuid: "5fe079c6-f01a-52be-87d3-d415231a72ad", 157 158 // Below are dependencies that are conditionally enabled depending on value of build flags. 159 soong_config_variables: { 160 release_avf_enable_dice_changes: { 161 multilib: { 162 lib64: { 163 deps: ["derive_microdroid_vendor_dice_node"], 164 }, 165 }, 166 dirs: [ 167 "microdroid_resources", 168 ], 169 }, 170 release_avf_enable_multi_tenant_microdroid_vm: { 171 deps: [ 172 "microdroid_etc_passwd", 173 "microdroid_etc_group", 174 ], 175 }, 176 }, 177} 178 179prebuilt_etc { 180 name: "microdroid_init_rc", 181 filename: "init.rc", 182 src: "init.rc", 183 relative_install_path: "init/hw", 184 no_full_install: true, // avoid collision with system partition's init.rc 185} 186 187prebuilt_etc { 188 name: "microdroid_ueventd_rc", 189 filename: "ueventd.rc", 190 src: "ueventd.rc", 191 no_full_install: true, // avoid collision with system partition's ueventd.rc 192} 193 194prebuilt_etc { 195 name: "microdroid_etc_passwd", 196 src: "microdroid_passwd", 197 filename: "passwd", 198 no_full_install: true, 199} 200 201prebuilt_etc { 202 name: "microdroid_etc_group", 203 src: "microdroid_group", 204 filename: "group", 205 no_full_install: true, 206} 207 208prebuilt_root { 209 name: "microdroid_build_prop", 210 filename: "build.prop", 211 src: "build.prop", 212 arch: { 213 x86_64: { 214 src: ":microdroid_build_prop_gen_x86_64", 215 }, 216 arm64: { 217 src: ":microdroid_build_prop_gen_arm64", 218 }, 219 }, 220 no_full_install: true, 221} 222 223genrule { 224 name: "microdroid_build_prop_gen_x86_64", 225 srcs: [ 226 "build.prop", 227 ":buildinfo.prop", 228 ], 229 out: ["build.prop.out"], 230 cmd: "(echo '# build properties from buildinfo.prop module' && " + 231 "grep ro\\.build\\.version\\.codename= $(location :buildinfo.prop) && " + 232 "grep ro\\.build\\.version\\.release= $(location :buildinfo.prop) && " + 233 "grep ro\\.build\\.version\\.sdk= $(location :buildinfo.prop) && " + 234 "grep ro\\.build\\.version\\.security_patch= $(location :buildinfo.prop) && " + 235 "grep ro\\.build\\.version\\.known_codenames= $(location :buildinfo.prop) && " + 236 "cat $(location build.prop) && " + 237 "echo ro.product.cpu.abilist=x86_64 && " + 238 "echo ro.product.cpu.abi=x86_64) > $(out)", 239} 240 241genrule { 242 name: "microdroid_build_prop_gen_arm64", 243 srcs: [ 244 "build.prop", 245 ":buildinfo.prop", 246 ], 247 out: ["build.prop.out"], 248 cmd: "(echo '# build properties from buildinfo.prop module' && " + 249 "grep ro\\.build\\.version\\.codename= $(location :buildinfo.prop) && " + 250 "grep ro\\.build\\.version\\.release= $(location :buildinfo.prop) && " + 251 "grep ro\\.build\\.version\\.sdk= $(location :buildinfo.prop) && " + 252 "grep ro\\.build\\.version\\.security_patch= $(location :buildinfo.prop) && " + 253 "grep ro\\.build\\.version\\.known_codenames= $(location :buildinfo.prop) && " + 254 "cat $(location build.prop) && " + 255 "echo ro.product.cpu.abilist=arm64-v8a && " + 256 "echo ro.product.cpu.abi=arm64-v8a) > $(out)", 257} 258 259// Need to keep microdroid_vendor for the release configurations that don't 260// have RELEASE_AVF_ENABLE_VENDOR_MODULES build flag enabled. 261android_filesystem { 262 name: "microdroid_vendor", 263 partition_name: "vendor", 264 use_avb: true, 265 avb_private_key: ":microdroid_sign_key", 266 avb_algorithm: "SHA256_RSA4096", 267 avb_hash_algorithm: "sha256", 268 file_contexts: ":microdroid_vendor_file_contexts.gen", 269 // For deterministic output, use fake_timestamp, hard-coded uuid 270 fake_timestamp: "1611569676", 271 // python -c "import uuid; print(uuid.uuid5(uuid.NAMESPACE_URL, 'www.android.com/avf/microdroid/vendor'))" 272 uuid: "156d40d7-8d8e-5c99-8913-ec82de549a70", 273} 274 275soong_config_module_type { 276 name: "flag_aware_microdroid_super_partition", 277 module_type: "logical_partition", 278 config_namespace: "ANDROID", 279 bool_variables: [ 280 "release_avf_enable_vendor_modules", 281 ], 282 properties: [ 283 "default_group", 284 ], 285} 286 287flag_aware_microdroid_super_partition { 288 name: "microdroid_super", 289 sparse: true, 290 size: "auto", 291 default_group: [ 292 { 293 name: "system_a", 294 filesystem: ":microdroid", 295 }, 296 ], 297 soong_config_variables: { 298 release_avf_enable_vendor_modules: { 299 conditions_default: { 300 default_group: [ 301 { 302 name: "vendor_a", 303 filesystem: ":microdroid_vendor", 304 }, 305 ], 306 }, 307 }, 308 }, 309} 310 311soong_config_module_type { 312 name: "flag_aware_microdroid_filesystem", 313 module_type: "android_filesystem", 314 config_namespace: "ANDROID", 315 bool_variables: [ 316 "release_avf_enable_dice_changes", 317 ], 318 properties: [ 319 "dirs", 320 ], 321} 322 323flag_aware_microdroid_filesystem { 324 name: "microdroid_ramdisk", 325 deps: [ 326 "init_first_stage.microdroid", 327 ], 328 dirs: [ 329 "dev", 330 "proc", 331 "sys", 332 333 "mnt", 334 "debug_ramdisk", 335 "second_stage_resources", 336 ], 337 type: "compressed_cpio", 338 339 // Below are dependencies that are conditionally enabled depending on value of build flags. 340 soong_config_variables: { 341 release_avf_enable_dice_changes: { 342 dirs: [ 343 "microdroid_resources", 344 ], 345 }, 346 }, 347} 348 349android_filesystem { 350 name: "microdroid_first_stage_ramdisk", 351 deps: [ 352 "microdroid_fstab", 353 ], 354 base_dir: "first_stage_ramdisk", 355 type: "compressed_cpio", 356 symlinks: [ 357 { 358 target: "etc/fstab.microdroid", 359 name: "first_stage_ramdisk/fstab.microdroid", 360 }, 361 { 362 target: "first_stage_ramdisk/lib", 363 name: "lib", 364 }, 365 ], 366} 367 368genrule { 369 name: "microdroid_bootconfig_arm64_gen", 370 srcs: [ 371 "bootconfig.common", 372 "bootconfig.arm64", 373 ], 374 out: ["bootconfig"], 375 cmd: "cat $(in) > $(out)", 376} 377 378genrule { 379 name: "microdroid_bootconfig_x86_64_gen", 380 srcs: [ 381 "bootconfig.common", 382 "bootconfig.x86_64", 383 ], 384 out: ["bootconfig"], 385 cmd: "cat $(in) > $(out)", 386} 387 388prebuilt_etc { 389 name: "microdroid_fstab", 390 src: "fstab.microdroid", 391 filename: "fstab.microdroid", 392 no_full_install: true, 393} 394 395// python -c "import hashlib; print(hashlib.sha256(b'bootloader').hexdigest())" 396bootloader_salt = "3b4a12881d11f33cff968a24d7c53723a8232cde9a8d91e29fdbd6a95ae6adf0" 397 398// Note that keys can be different for filesystem images even though we're using the same key 399// for microdroid. However, the key signing VBmeta should match with the pubkey embedded in 400// bootloader. 401filegroup { 402 name: "microdroid_sign_key", 403 srcs: [":avb_testkey_rsa4096"], 404} 405 406soong_config_module_type { 407 name: "flag_aware_microdroid_vbmeta", 408 module_type: "vbmeta", 409 config_namespace: "ANDROID", 410 bool_variables: [ 411 "release_avf_enable_vendor_modules", 412 ], 413 properties: [ 414 "partitions", 415 ], 416} 417 418flag_aware_microdroid_vbmeta { 419 name: "microdroid_vbmeta", 420 partition_name: "vbmeta", 421 private_key: ":microdroid_sign_key", 422 partitions: [ 423 "microdroid", 424 ], 425 soong_config_variables: { 426 release_avf_enable_vendor_modules: { 427 conditions_default: { 428 partitions: ["microdroid_vendor"], 429 }, 430 }, 431 }, 432} 433 434prebuilt_etc { 435 name: "microdroid.json", 436 src: "microdroid.json", 437} 438 439prebuilt_etc { 440 name: "microdroid_manifest", 441 src: "microdroid_manifest.xml", 442 filename: "manifest.xml", 443 relative_install_path: "vintf", 444 no_full_install: true, 445} 446 447prebuilt_etc { 448 name: "microdroid_event-log-tags", 449 src: "microdroid_event-log-tags", 450 filename: "event-log-tags", 451 no_full_install: true, 452} 453 454filegroup { 455 name: "microdroid_bootconfig_debuggable_src", 456 srcs: ["bootconfig.debuggable"], 457} 458 459filegroup { 460 name: "microdroid_bootconfig_normal_src", 461 srcs: ["bootconfig.normal"], 462} 463 464// python -c "import hashlib; print(hashlib.sha256(b'initrd_normal').hexdigest())" 465initrd_normal_salt = "8041a07d54ac82290f6d90bac1fa8d7fdbc4db974d101d60faf294749d1ebaf8" 466 467avb_gen_vbmeta_image_defaults { 468 name: "microdroid_initrd_defaults", 469 enabled: false, 470 arch: { 471 // Microdroid kernel is only available in these architectures. 472 arm64: { 473 enabled: true, 474 }, 475 x86_64: { 476 enabled: true, 477 }, 478 }, 479} 480 481avb_gen_vbmeta_image_defaults { 482 name: "microdroid_initrd_normal_defaults", 483 defaults: ["microdroid_initrd_defaults"], 484 partition_name: "initrd_normal", 485 salt: initrd_normal_salt, 486} 487 488avb_gen_vbmeta_image { 489 name: "microdroid_initrd_normal_hashdesc", 490 defaults: ["microdroid_initrd_normal_defaults"], 491 src: ":microdroid_initrd_normal", 492} 493 494// python -c "import hashlib; print(hashlib.sha256(b'initrd_debug').hexdigest())" 495initrd_debug_salt = "8ab9dc9cb7e6456700ff6ef18c6b4c3acc24c5fa5381b829563f8d7a415d869a" 496 497avb_gen_vbmeta_image_defaults { 498 name: "microdroid_initrd_debug_defaults", 499 defaults: ["microdroid_initrd_defaults"], 500 partition_name: "initrd_debug", 501 salt: initrd_debug_salt, 502} 503 504avb_gen_vbmeta_image { 505 name: "microdroid_initrd_debug_hashdesc", 506 defaults: ["microdroid_initrd_debug_defaults"], 507 src: ":microdroid_initrd_debuggable", 508} 509 510soong_config_module_type { 511 name: "flag_aware_avb_add_hash_footer_defaults", 512 module_type: "avb_add_hash_footer_defaults", 513 config_namespace: "ANDROID", 514 bool_variables: [ 515 "release_avf_enable_llpvm_changes", 516 ], 517 properties: [ 518 "rollback_index", 519 "props", 520 ], 521} 522 523flag_aware_avb_add_hash_footer_defaults { 524 name: "microdroid_kernel_signed_defaults", 525 src: ":empty_file", 526 partition_name: "boot", 527 private_key: ":microdroid_sign_key", 528 salt: bootloader_salt, 529 enabled: false, 530 arch: { 531 arm64: { 532 enabled: true, 533 }, 534 x86_64: { 535 enabled: true, 536 }, 537 }, 538 // Below are properties that are conditionally set depending on value of build flags. 539 soong_config_variables: { 540 release_avf_enable_llpvm_changes: { 541 rollback_index: 1, 542 props: [ 543 { 544 name: "com.android.virt.cap", 545 value: "secretkeeper_protection", 546 }, 547 ], 548 }, 549 }, 550} 551 552avb_add_hash_footer { 553 name: "microdroid_kernel_signed", 554 defaults: ["microdroid_kernel_signed_defaults"], 555 filename: "microdroid_kernel", 556 arch: { 557 arm64: { 558 src: ":microdroid_kernel_prebuilt-arm64", 559 }, 560 x86_64: { 561 src: ":microdroid_kernel_prebuilt-x86_64", 562 }, 563 }, 564 include_descriptors_from_images: [ 565 ":microdroid_initrd_normal_hashdesc", 566 ":microdroid_initrd_debug_hashdesc", 567 ], 568} 569 570prebuilt_etc { 571 name: "microdroid_kernel", 572 src: ":empty_file", 573 relative_install_path: "fs", 574 arch: { 575 arm64: { 576 src: ":microdroid_kernel_signed", 577 }, 578 x86_64: { 579 src: ":microdroid_kernel_signed", 580 }, 581 }, 582} 583 584/////////////////////////////////////// 585// GKI-android14-6.1-pkvm_experimental modules 586/////////////////////////////////////// 587prebuilt_etc { 588 name: "microdroid_gki-android14-6.1-pkvm_experimental.json", 589 src: "microdroid_gki-android14-6.1-pkvm_experimental.json", 590} 591 592avb_add_hash_footer { 593 name: "microdroid_gki-android14-6.1-pkvm_experimental_kernel_signed", 594 defaults: ["microdroid_kernel_signed_defaults"], 595 filename: "microdroid_gki-android14-6.1-pkvm_experimental_kernel_signed", 596 arch: { 597 arm64: { 598 src: ":microdroid_gki_kernel_prebuilts-6.1-pkvm_experimental-arm64", 599 }, 600 x86_64: { 601 src: ":microdroid_gki_kernel_prebuilts-6.1-pkvm_experimental-x86_64", 602 }, 603 }, 604 include_descriptors_from_images: [ 605 ":microdroid_gki-android14-6.1-pkvm_experimental_initrd_normal_hashdesc", 606 ":microdroid_gki-android14-6.1-pkvm_experimental_initrd_debug_hashdesc", 607 ], 608} 609 610// HACK: use cc_genrule for arch-specific properties 611cc_genrule { 612 name: "microdroid_gki-android14-6.1-pkvm_experimental_kernel_signed-lz4", 613 out: ["microdroid_gki-android14-6.1-pkvm_experimental_kernel_signed-lz4"], 614 srcs: [":empty_file"], 615 arch: { 616 arm64: { 617 srcs: [":microdroid_gki-android14-6.1-pkvm_experimental_kernel_signed"], 618 exclude_srcs: [":empty_file"], 619 }, 620 }, 621 tools: ["lz4"], 622 cmd: "$(location lz4) -9 $(in) $(out)", 623} 624 625prebuilt_etc { 626 name: "microdroid_gki-android14-6.1-pkvm_experimental_kernel", 627 filename: "microdroid_gki-android14-6.1-pkvm_experimental_kernel", 628 src: ":empty_file", 629 relative_install_path: "fs", 630 arch: { 631 arm64: { 632 src: ":microdroid_gki-android14-6.1-pkvm_experimental_kernel_signed-lz4", 633 }, 634 x86_64: { 635 src: ":microdroid_gki-android14-6.1-pkvm_experimental_kernel_signed", 636 }, 637 }, 638} 639 640avb_gen_vbmeta_image { 641 name: "microdroid_gki-android14-6.1-pkvm_experimental_initrd_normal_hashdesc", 642 defaults: ["microdroid_initrd_normal_defaults"], 643 src: ":microdroid_gki-android14-6.1-pkvm_experimental_initrd_normal", 644} 645 646avb_gen_vbmeta_image { 647 name: "microdroid_gki-android14-6.1-pkvm_experimental_initrd_debug_hashdesc", 648 defaults: ["microdroid_initrd_debug_defaults"], 649 src: ":microdroid_gki-android14-6.1-pkvm_experimental_initrd_debuggable", 650} 651 652python_binary_host { 653 name: "extract_microdroid_kernel_hashes", 654 srcs: ["extract_microdroid_kernel_hashes.py"], 655} 656 657// HACK: use cc_genrule for arch-specific properties 658cc_genrule { 659 name: "microdroid_kernel_hashes_rs", 660 srcs: [":microdroid_kernel"], 661 arch: { 662 arm64: { 663 srcs: [":microdroid_gki-android14-6.1-pkvm_experimental_kernel_signed"], 664 }, 665 x86_64: { 666 srcs: [":microdroid_gki-android14-6.1-pkvm_experimental_kernel_signed"], 667 }, 668 }, 669 out: ["lib.rs"], 670 tools: [ 671 "extract_microdroid_kernel_hashes", 672 "avbtool", 673 ], 674 cmd: "$(location extract_microdroid_kernel_hashes) --avbtool $(location avbtool) " + 675 "--kernel $(in) > $(out)", 676} 677 678rust_library_rlib { 679 name: "libmicrodroid_kernel_hashes", 680 srcs: [":microdroid_kernel_hashes_rs"], 681 crate_name: "microdroid_kernel_hashes", 682 prefer_rlib: true, 683 no_stdlibs: true, 684 stdlibs: [ 685 "libcompiler_builtins.rust_sysroot", 686 "libcore.rust_sysroot", 687 ], 688} 689