2019-11-15 08:59:12 +08:00
|
|
|
// Copyright 2020 The Android Open Source Project
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
package cc
|
|
|
|
|
2020-12-02 12:14:28 +08:00
|
|
|
// This file contains singletons to capture vendor and recovery snapshot. They consist of prebuilt
|
|
|
|
// modules under AOSP so older vendor and recovery can be built with a newer system in a single
|
|
|
|
// source tree.
|
|
|
|
|
2019-11-15 08:59:12 +08:00
|
|
|
import (
|
|
|
|
"encoding/json"
|
|
|
|
"path/filepath"
|
|
|
|
"sort"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"android/soong/android"
|
|
|
|
)
|
|
|
|
|
2020-11-14 04:07:36 +08:00
|
|
|
var vendorSnapshotSingleton = snapshotSingleton{
|
|
|
|
"vendor",
|
|
|
|
"SOONG_VENDOR_SNAPSHOT_ZIP",
|
|
|
|
android.OptionalPath{},
|
|
|
|
true,
|
2020-12-02 12:14:28 +08:00
|
|
|
vendorSnapshotImageSingleton,
|
2021-01-05 19:03:22 +08:00
|
|
|
false, /* fake */
|
|
|
|
}
|
|
|
|
|
|
|
|
var vendorFakeSnapshotSingleton = snapshotSingleton{
|
|
|
|
"vendor",
|
|
|
|
"SOONG_VENDOR_FAKE_SNAPSHOT_ZIP",
|
|
|
|
android.OptionalPath{},
|
|
|
|
true,
|
|
|
|
vendorSnapshotImageSingleton,
|
|
|
|
true, /* fake */
|
2020-11-14 04:07:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
var recoverySnapshotSingleton = snapshotSingleton{
|
|
|
|
"recovery",
|
|
|
|
"SOONG_RECOVERY_SNAPSHOT_ZIP",
|
|
|
|
android.OptionalPath{},
|
|
|
|
false,
|
2020-12-02 12:14:28 +08:00
|
|
|
recoverySnapshotImageSingleton,
|
2021-01-05 19:03:22 +08:00
|
|
|
false, /* fake */
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
func VendorSnapshotSingleton() android.Singleton {
|
2020-11-14 04:07:36 +08:00
|
|
|
return &vendorSnapshotSingleton
|
|
|
|
}
|
|
|
|
|
2021-01-05 19:03:22 +08:00
|
|
|
func VendorFakeSnapshotSingleton() android.Singleton {
|
|
|
|
return &vendorFakeSnapshotSingleton
|
|
|
|
}
|
|
|
|
|
2020-11-14 04:07:36 +08:00
|
|
|
func RecoverySnapshotSingleton() android.Singleton {
|
|
|
|
return &recoverySnapshotSingleton
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
|
2020-11-14 04:07:36 +08:00
|
|
|
type snapshotSingleton struct {
|
|
|
|
// Name, e.g., "vendor", "recovery", "ramdisk".
|
|
|
|
name string
|
|
|
|
|
|
|
|
// Make variable that points to the snapshot file, e.g.,
|
|
|
|
// "SOONG_RECOVERY_SNAPSHOT_ZIP".
|
|
|
|
makeVar string
|
|
|
|
|
|
|
|
// Path to the snapshot zip file.
|
|
|
|
snapshotZipFile android.OptionalPath
|
|
|
|
|
|
|
|
// Whether the image supports VNDK extension modules.
|
|
|
|
supportsVndkExt bool
|
|
|
|
|
|
|
|
// Implementation of the image interface specific to the image
|
|
|
|
// associated with this snapshot (e.g., specific to the vendor image,
|
|
|
|
// recovery image, etc.).
|
2020-12-02 12:14:28 +08:00
|
|
|
image snapshotImage
|
2021-01-05 19:03:22 +08:00
|
|
|
|
|
|
|
// Whether this singleton is for fake snapshot or not.
|
|
|
|
// Fake snapshot is a snapshot whose prebuilt binaries and headers are empty.
|
|
|
|
// It is much faster to generate, and can be used to inspect dependencies.
|
|
|
|
fake bool
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
|
2021-02-25 02:49:43 +08:00
|
|
|
// Determine if a dir under source tree is an SoC-owned proprietary directory based
|
|
|
|
// on vendor snapshot configuration
|
|
|
|
// Examples: device/, vendor/
|
|
|
|
func isVendorProprietaryPath(dir string, deviceConfig android.DeviceConfig) bool {
|
|
|
|
return VendorSnapshotSingleton().(*snapshotSingleton).image.isProprietaryPath(dir, deviceConfig)
|
2020-11-14 04:07:36 +08:00
|
|
|
}
|
|
|
|
|
2021-02-25 02:49:43 +08:00
|
|
|
// Determine if a dir under source tree is an SoC-owned proprietary directory based
|
|
|
|
// on recovery snapshot configuration
|
|
|
|
// Examples: device/, vendor/
|
|
|
|
func isRecoveryProprietaryPath(dir string, deviceConfig android.DeviceConfig) bool {
|
|
|
|
return RecoverySnapshotSingleton().(*snapshotSingleton).image.isProprietaryPath(dir, deviceConfig)
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
|
2020-09-01 07:07:58 +08:00
|
|
|
func isVendorProprietaryModule(ctx android.BaseModuleContext) bool {
|
|
|
|
// Any module in a vendor proprietary path is a vendor proprietary
|
|
|
|
// module.
|
2021-02-25 02:49:43 +08:00
|
|
|
if isVendorProprietaryPath(ctx.ModuleDir(), ctx.DeviceConfig()) {
|
2020-09-01 07:07:58 +08:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// However if the module is not in a vendor proprietary path, it may
|
|
|
|
// still be a vendor proprietary module. This happens for cc modules
|
|
|
|
// that are excluded from the vendor snapshot, and it means that the
|
|
|
|
// vendor has assumed control of the framework-provided module.
|
|
|
|
if c, ok := ctx.Module().(*Module); ok {
|
|
|
|
if c.ExcludeFromVendorSnapshot() {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2020-12-12 05:36:29 +08:00
|
|
|
func isRecoveryProprietaryModule(ctx android.BaseModuleContext) bool {
|
|
|
|
|
2021-01-20 18:49:01 +08:00
|
|
|
// Any module in a recovery proprietary path is a recovery proprietary
|
2020-12-12 05:36:29 +08:00
|
|
|
// module.
|
2021-02-25 02:49:43 +08:00
|
|
|
if isRecoveryProprietaryPath(ctx.ModuleDir(), ctx.DeviceConfig()) {
|
2020-12-12 05:36:29 +08:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2021-01-20 18:49:01 +08:00
|
|
|
// However if the module is not in a recovery proprietary path, it may
|
|
|
|
// still be a recovery proprietary module. This happens for cc modules
|
|
|
|
// that are excluded from the recovery snapshot, and it means that the
|
2020-12-12 05:36:29 +08:00
|
|
|
// vendor has assumed control of the framework-provided module.
|
|
|
|
|
|
|
|
if c, ok := ctx.Module().(*Module); ok {
|
|
|
|
if c.ExcludeFromRecoverySnapshot() {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2020-12-02 12:14:28 +08:00
|
|
|
// Determines if the module is a candidate for snapshot.
|
2021-01-06 22:06:52 +08:00
|
|
|
func isSnapshotAware(cfg android.DeviceConfig, m *Module, inProprietaryPath bool, apexInfo android.ApexInfo, image snapshotImage) bool {
|
2020-06-01 20:53:49 +08:00
|
|
|
if !m.Enabled() || m.Properties.HideFromMake {
|
2019-11-15 08:59:12 +08:00
|
|
|
return false
|
|
|
|
}
|
2020-09-10 08:46:05 +08:00
|
|
|
// When android/prebuilt.go selects between source and prebuilt, it sets
|
2020-12-17 02:20:23 +08:00
|
|
|
// HideFromMake on the other one to avoid duplicate install rules in make.
|
|
|
|
if m.IsHideFromMake() {
|
2020-09-10 08:46:05 +08:00
|
|
|
return false
|
|
|
|
}
|
2020-11-14 04:07:36 +08:00
|
|
|
// skip proprietary modules, but (for the vendor snapshot only)
|
|
|
|
// include all VNDK (static)
|
|
|
|
if inProprietaryPath && (!image.includeVndk() || !m.IsVndk()) {
|
2020-09-01 07:07:58 +08:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
// If the module would be included based on its path, check to see if
|
|
|
|
// the module is marked to be excluded. If so, skip it.
|
2020-12-12 05:36:29 +08:00
|
|
|
if image.excludeFromSnapshot(m) {
|
2019-11-15 08:59:12 +08:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
if m.Target().Os.Class != android.Device {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if m.Target().NativeBridge == android.NativeBridgeEnabled {
|
|
|
|
return false
|
|
|
|
}
|
2020-12-02 12:14:28 +08:00
|
|
|
// the module must be installed in target image
|
2021-03-31 00:19:36 +08:00
|
|
|
if !apexInfo.IsForPlatform() || m.IsSnapshotPrebuilt() || !image.inImage(m)() {
|
2019-11-15 08:59:12 +08:00
|
|
|
return false
|
|
|
|
}
|
2020-06-11 12:55:45 +08:00
|
|
|
// skip kernel_headers which always depend on vendor
|
|
|
|
if _, ok := m.linker.(*kernelHeadersDecorator); ok {
|
|
|
|
return false
|
|
|
|
}
|
2021-04-27 07:53:58 +08:00
|
|
|
// skip LLNDK libraries which are backward compatible
|
2020-12-17 08:46:01 +08:00
|
|
|
if m.IsLlndk() {
|
|
|
|
return false
|
|
|
|
}
|
2019-11-15 08:59:12 +08:00
|
|
|
|
|
|
|
// Libraries
|
|
|
|
if l, ok := m.linker.(snapshotLibraryInterface); ok {
|
2020-06-01 20:53:49 +08:00
|
|
|
if m.sanitize != nil {
|
Add cfi static libraries to vendor snapshot
CFI modules can't link against non-CFI static libraries, and vice versa.
So without capturing both CFI and non-CFI static libraries, vendor
modules won't be able to use CFI, which will be a critical security
hole.
This captures both CFI and non-CFI variants of all static libraries for
vendor snapshot, except for those whose cfi are explicitly disabled.
For example, suppose that "libfoo" is defined as follows.
cc_library_static {
name: "libfoo",
vendor_available: true,
}
As it doesn't have cfi disabled, two libraries "libfoo.a" and
"libfoo.cfi.a" will be captured. When installed, vendor snapshot module
for "libfoo" will look like:
vendor_snapshot_static {
name: "libfoo",
src: "libfoo.a",
cfi: {
src: "libfoo.cfi.a",
},
}
The build system will recognize the "cfi" property, and will create both
CFI and non-CFI variant, allowing any modules to link against "libfoo"
safely, no matter whether CFI is enabled or not.
Two clarification:
1) The reason why we don't create separate modules is that DepsMutator
runs before sanitize mutators. CFI and non-CFI variant of a library
should exist in a single module.
2) We can't capture CFI variant if the source module explicitly disables
cfi variant by specifying the following.
sanitize: {
cfi: false,
}
In this case, only non-CFI variant will be created for the vendor
snapshot module.
Bug: 65377115
Test: m dist vendor-snapshot && install && build against snapshot
Change-Id: Idbf3e3205d581800d6093c8d6cf6152374129ba4
2020-07-29 19:32:10 +08:00
|
|
|
// scs and hwasan export both sanitized and unsanitized variants for static and header
|
2020-06-01 20:53:49 +08:00
|
|
|
// Always use unsanitized variants of them.
|
2021-04-02 02:29:09 +08:00
|
|
|
for _, t := range []SanitizerType{scs, Hwasan} {
|
2020-06-01 20:53:49 +08:00
|
|
|
if !l.shared() && m.sanitize.isSanitizerEnabled(t) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
Add cfi static libraries to vendor snapshot
CFI modules can't link against non-CFI static libraries, and vice versa.
So without capturing both CFI and non-CFI static libraries, vendor
modules won't be able to use CFI, which will be a critical security
hole.
This captures both CFI and non-CFI variants of all static libraries for
vendor snapshot, except for those whose cfi are explicitly disabled.
For example, suppose that "libfoo" is defined as follows.
cc_library_static {
name: "libfoo",
vendor_available: true,
}
As it doesn't have cfi disabled, two libraries "libfoo.a" and
"libfoo.cfi.a" will be captured. When installed, vendor snapshot module
for "libfoo" will look like:
vendor_snapshot_static {
name: "libfoo",
src: "libfoo.a",
cfi: {
src: "libfoo.cfi.a",
},
}
The build system will recognize the "cfi" property, and will create both
CFI and non-CFI variant, allowing any modules to link against "libfoo"
safely, no matter whether CFI is enabled or not.
Two clarification:
1) The reason why we don't create separate modules is that DepsMutator
runs before sanitize mutators. CFI and non-CFI variant of a library
should exist in a single module.
2) We can't capture CFI variant if the source module explicitly disables
cfi variant by specifying the following.
sanitize: {
cfi: false,
}
In this case, only non-CFI variant will be created for the vendor
snapshot module.
Bug: 65377115
Test: m dist vendor-snapshot && install && build against snapshot
Change-Id: Idbf3e3205d581800d6093c8d6cf6152374129ba4
2020-07-29 19:32:10 +08:00
|
|
|
// cfi also exports both variants. But for static, we capture both.
|
2020-12-02 12:14:28 +08:00
|
|
|
// This is because cfi static libraries can't be linked from non-cfi modules,
|
|
|
|
// and vice versa. This isn't the case for scs and hwasan sanitizers.
|
Add cfi static libraries to vendor snapshot
CFI modules can't link against non-CFI static libraries, and vice versa.
So without capturing both CFI and non-CFI static libraries, vendor
modules won't be able to use CFI, which will be a critical security
hole.
This captures both CFI and non-CFI variants of all static libraries for
vendor snapshot, except for those whose cfi are explicitly disabled.
For example, suppose that "libfoo" is defined as follows.
cc_library_static {
name: "libfoo",
vendor_available: true,
}
As it doesn't have cfi disabled, two libraries "libfoo.a" and
"libfoo.cfi.a" will be captured. When installed, vendor snapshot module
for "libfoo" will look like:
vendor_snapshot_static {
name: "libfoo",
src: "libfoo.a",
cfi: {
src: "libfoo.cfi.a",
},
}
The build system will recognize the "cfi" property, and will create both
CFI and non-CFI variant, allowing any modules to link against "libfoo"
safely, no matter whether CFI is enabled or not.
Two clarification:
1) The reason why we don't create separate modules is that DepsMutator
runs before sanitize mutators. CFI and non-CFI variant of a library
should exist in a single module.
2) We can't capture CFI variant if the source module explicitly disables
cfi variant by specifying the following.
sanitize: {
cfi: false,
}
In this case, only non-CFI variant will be created for the vendor
snapshot module.
Bug: 65377115
Test: m dist vendor-snapshot && install && build against snapshot
Change-Id: Idbf3e3205d581800d6093c8d6cf6152374129ba4
2020-07-29 19:32:10 +08:00
|
|
|
if !l.static() && !l.shared() && m.sanitize.isSanitizerEnabled(cfi) {
|
|
|
|
return false
|
|
|
|
}
|
2020-06-01 20:53:49 +08:00
|
|
|
}
|
2019-11-15 08:59:12 +08:00
|
|
|
if l.static() {
|
2021-01-20 18:49:01 +08:00
|
|
|
return m.outputFile.Valid() && !image.private(m)
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
if l.shared() {
|
2020-06-30 07:49:15 +08:00
|
|
|
if !m.outputFile.Valid() {
|
|
|
|
return false
|
|
|
|
}
|
2020-11-14 04:07:36 +08:00
|
|
|
if image.includeVndk() {
|
|
|
|
if !m.IsVndk() {
|
|
|
|
return true
|
|
|
|
}
|
2020-12-02 22:00:51 +08:00
|
|
|
return m.IsVndkExt()
|
2020-06-30 07:49:15 +08:00
|
|
|
}
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2020-06-01 22:23:05 +08:00
|
|
|
// Binaries and Objects
|
|
|
|
if m.binary() || m.object() {
|
2021-01-20 18:49:01 +08:00
|
|
|
return m.outputFile.Valid()
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
2020-06-01 20:53:49 +08:00
|
|
|
|
|
|
|
return false
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
|
2020-12-02 12:14:28 +08:00
|
|
|
// This is to be saved as .json files, which is for development/vendor_snapshot/update.py.
|
|
|
|
// These flags become Android.bp snapshot module properties.
|
|
|
|
type snapshotJsonFlags struct {
|
|
|
|
ModuleName string `json:",omitempty"`
|
|
|
|
RelativeInstallPath string `json:",omitempty"`
|
|
|
|
|
|
|
|
// library flags
|
|
|
|
ExportedDirs []string `json:",omitempty"`
|
|
|
|
ExportedSystemDirs []string `json:",omitempty"`
|
|
|
|
ExportedFlags []string `json:",omitempty"`
|
|
|
|
Sanitize string `json:",omitempty"`
|
|
|
|
SanitizeMinimalDep bool `json:",omitempty"`
|
|
|
|
SanitizeUbsanDep bool `json:",omitempty"`
|
|
|
|
|
|
|
|
// binary flags
|
|
|
|
Symlinks []string `json:",omitempty"`
|
|
|
|
|
|
|
|
// dependencies
|
|
|
|
SharedLibs []string `json:",omitempty"`
|
|
|
|
RuntimeLibs []string `json:",omitempty"`
|
|
|
|
Required []string `json:",omitempty"`
|
|
|
|
|
|
|
|
// extra config files
|
|
|
|
InitRc []string `json:",omitempty"`
|
|
|
|
VintfFragments []string `json:",omitempty"`
|
|
|
|
}
|
|
|
|
|
2020-11-14 04:07:36 +08:00
|
|
|
func (c *snapshotSingleton) GenerateBuildActions(ctx android.SingletonContext) {
|
2020-12-12 05:36:29 +08:00
|
|
|
if !c.image.shouldGenerateSnapshot(ctx) {
|
2019-11-15 08:59:12 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var snapshotOutputs android.Paths
|
|
|
|
|
|
|
|
/*
|
|
|
|
Vendor snapshot zipped artifacts directory structure:
|
|
|
|
{SNAPSHOT_ARCH}/
|
|
|
|
arch-{TARGET_ARCH}-{TARGET_ARCH_VARIANT}/
|
|
|
|
shared/
|
|
|
|
(.so shared libraries)
|
|
|
|
static/
|
|
|
|
(.a static libraries)
|
|
|
|
header/
|
|
|
|
(header only libraries)
|
|
|
|
binary/
|
|
|
|
(executable binaries)
|
2020-06-01 22:23:05 +08:00
|
|
|
object/
|
|
|
|
(.o object files)
|
2019-11-15 08:59:12 +08:00
|
|
|
arch-{TARGET_2ND_ARCH}-{TARGET_2ND_ARCH_VARIANT}/
|
|
|
|
shared/
|
|
|
|
(.so shared libraries)
|
|
|
|
static/
|
|
|
|
(.a static libraries)
|
|
|
|
header/
|
|
|
|
(header only libraries)
|
|
|
|
binary/
|
|
|
|
(executable binaries)
|
2020-06-01 22:23:05 +08:00
|
|
|
object/
|
|
|
|
(.o object files)
|
2019-11-15 08:59:12 +08:00
|
|
|
NOTICE_FILES/
|
|
|
|
(notice files, e.g. libbase.txt)
|
|
|
|
configs/
|
|
|
|
(config files, e.g. init.rc files, vintf_fragments.xml files, etc.)
|
|
|
|
include/
|
|
|
|
(header files of same directory structure with source tree)
|
|
|
|
*/
|
|
|
|
|
2020-11-14 04:07:36 +08:00
|
|
|
snapshotDir := c.name + "-snapshot"
|
2021-01-05 19:03:22 +08:00
|
|
|
if c.fake {
|
|
|
|
// If this is a fake snapshot singleton, place all files under fake/ subdirectory to avoid
|
|
|
|
// collision with real snapshot files
|
|
|
|
snapshotDir = filepath.Join("fake", snapshotDir)
|
|
|
|
}
|
2019-11-15 08:59:12 +08:00
|
|
|
snapshotArchDir := filepath.Join(snapshotDir, ctx.DeviceConfig().DeviceArch())
|
|
|
|
|
|
|
|
includeDir := filepath.Join(snapshotArchDir, "include")
|
|
|
|
configsDir := filepath.Join(snapshotArchDir, "configs")
|
|
|
|
noticeDir := filepath.Join(snapshotArchDir, "NOTICE_FILES")
|
|
|
|
|
|
|
|
installedNotices := make(map[string]bool)
|
|
|
|
installedConfigs := make(map[string]bool)
|
|
|
|
|
|
|
|
var headers android.Paths
|
|
|
|
|
2021-02-04 06:23:15 +08:00
|
|
|
copyFile := func(ctx android.SingletonContext, path android.Path, out string, fake bool) android.OutputPath {
|
|
|
|
if fake {
|
|
|
|
// All prebuilt binaries and headers are installed by copyFile function. This makes a fake
|
|
|
|
// snapshot just touch prebuilts and headers, rather than installing real files.
|
2021-01-05 19:03:22 +08:00
|
|
|
return writeStringToFileRule(ctx, "", out)
|
2021-02-04 06:23:15 +08:00
|
|
|
} else {
|
|
|
|
return copyFileRule(ctx, path, out)
|
2021-01-05 19:03:22 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-12-02 12:14:28 +08:00
|
|
|
// installSnapshot function copies prebuilt file (.so, .a, or executable) and json flag file.
|
|
|
|
// For executables, init_rc and vintf_fragments files are also copied.
|
2021-02-04 06:23:15 +08:00
|
|
|
installSnapshot := func(m *Module, fake bool) android.Paths {
|
2019-11-15 08:59:12 +08:00
|
|
|
targetArch := "arch-" + m.Target().Arch.ArchType.String()
|
|
|
|
if m.Target().Arch.ArchVariant != "" {
|
|
|
|
targetArch += "-" + m.Target().Arch.ArchVariant
|
|
|
|
}
|
|
|
|
|
|
|
|
var ret android.Paths
|
|
|
|
|
2020-12-02 12:14:28 +08:00
|
|
|
prop := snapshotJsonFlags{}
|
2019-11-15 08:59:12 +08:00
|
|
|
|
|
|
|
// Common properties among snapshots.
|
|
|
|
prop.ModuleName = ctx.ModuleName(m)
|
2020-12-02 22:00:51 +08:00
|
|
|
if c.supportsVndkExt && m.IsVndkExt() {
|
2020-06-30 07:49:15 +08:00
|
|
|
// vndk exts are installed to /vendor/lib(64)?/vndk(-sp)?
|
|
|
|
if m.isVndkSp() {
|
|
|
|
prop.RelativeInstallPath = "vndk-sp"
|
|
|
|
} else {
|
|
|
|
prop.RelativeInstallPath = "vndk"
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
prop.RelativeInstallPath = m.RelativeInstallPath()
|
|
|
|
}
|
2019-11-15 08:59:12 +08:00
|
|
|
prop.RuntimeLibs = m.Properties.SnapshotRuntimeLibs
|
|
|
|
prop.Required = m.RequiredModuleNames()
|
|
|
|
for _, path := range m.InitRc() {
|
|
|
|
prop.InitRc = append(prop.InitRc, filepath.Join("configs", path.Base()))
|
|
|
|
}
|
|
|
|
for _, path := range m.VintfFragments() {
|
|
|
|
prop.VintfFragments = append(prop.VintfFragments, filepath.Join("configs", path.Base()))
|
|
|
|
}
|
|
|
|
|
|
|
|
// install config files. ignores any duplicates.
|
|
|
|
for _, path := range append(m.InitRc(), m.VintfFragments()...) {
|
|
|
|
out := filepath.Join(configsDir, path.Base())
|
|
|
|
if !installedConfigs[out] {
|
|
|
|
installedConfigs[out] = true
|
2021-02-04 06:23:15 +08:00
|
|
|
ret = append(ret, copyFile(ctx, path, out, fake))
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var propOut string
|
|
|
|
|
2020-03-03 21:06:32 +08:00
|
|
|
if l, ok := m.linker.(snapshotLibraryInterface); ok {
|
2020-09-19 05:15:30 +08:00
|
|
|
exporterInfo := ctx.ModuleProvider(m, FlagExporterInfoProvider).(FlagExporterInfo)
|
Add cfi static libraries to vendor snapshot
CFI modules can't link against non-CFI static libraries, and vice versa.
So without capturing both CFI and non-CFI static libraries, vendor
modules won't be able to use CFI, which will be a critical security
hole.
This captures both CFI and non-CFI variants of all static libraries for
vendor snapshot, except for those whose cfi are explicitly disabled.
For example, suppose that "libfoo" is defined as follows.
cc_library_static {
name: "libfoo",
vendor_available: true,
}
As it doesn't have cfi disabled, two libraries "libfoo.a" and
"libfoo.cfi.a" will be captured. When installed, vendor snapshot module
for "libfoo" will look like:
vendor_snapshot_static {
name: "libfoo",
src: "libfoo.a",
cfi: {
src: "libfoo.cfi.a",
},
}
The build system will recognize the "cfi" property, and will create both
CFI and non-CFI variant, allowing any modules to link against "libfoo"
safely, no matter whether CFI is enabled or not.
Two clarification:
1) The reason why we don't create separate modules is that DepsMutator
runs before sanitize mutators. CFI and non-CFI variant of a library
should exist in a single module.
2) We can't capture CFI variant if the source module explicitly disables
cfi variant by specifying the following.
sanitize: {
cfi: false,
}
In this case, only non-CFI variant will be created for the vendor
snapshot module.
Bug: 65377115
Test: m dist vendor-snapshot && install && build against snapshot
Change-Id: Idbf3e3205d581800d6093c8d6cf6152374129ba4
2020-07-29 19:32:10 +08:00
|
|
|
|
2019-11-15 08:59:12 +08:00
|
|
|
// library flags
|
2020-09-19 05:15:30 +08:00
|
|
|
prop.ExportedFlags = exporterInfo.Flags
|
|
|
|
for _, dir := range exporterInfo.IncludeDirs {
|
2019-11-15 08:59:12 +08:00
|
|
|
prop.ExportedDirs = append(prop.ExportedDirs, filepath.Join("include", dir.String()))
|
|
|
|
}
|
2020-09-19 05:15:30 +08:00
|
|
|
for _, dir := range exporterInfo.SystemIncludeDirs {
|
2019-11-15 08:59:12 +08:00
|
|
|
prop.ExportedSystemDirs = append(prop.ExportedSystemDirs, filepath.Join("include", dir.String()))
|
|
|
|
}
|
|
|
|
// shared libs dependencies aren't meaningful on static or header libs
|
|
|
|
if l.shared() {
|
|
|
|
prop.SharedLibs = m.Properties.SnapshotSharedLibs
|
|
|
|
}
|
|
|
|
if l.static() && m.sanitize != nil {
|
|
|
|
prop.SanitizeMinimalDep = m.sanitize.Properties.MinimalRuntimeDep || enableMinimalRuntime(m.sanitize)
|
|
|
|
prop.SanitizeUbsanDep = m.sanitize.Properties.UbsanRuntimeDep || enableUbsanRuntime(m.sanitize)
|
|
|
|
}
|
|
|
|
|
|
|
|
var libType string
|
|
|
|
if l.static() {
|
|
|
|
libType = "static"
|
|
|
|
} else if l.shared() {
|
|
|
|
libType = "shared"
|
|
|
|
} else {
|
|
|
|
libType = "header"
|
|
|
|
}
|
|
|
|
|
|
|
|
var stem string
|
|
|
|
|
|
|
|
// install .a or .so
|
|
|
|
if libType != "header" {
|
|
|
|
libPath := m.outputFile.Path()
|
|
|
|
stem = libPath.Base()
|
Add cfi static libraries to vendor snapshot
CFI modules can't link against non-CFI static libraries, and vice versa.
So without capturing both CFI and non-CFI static libraries, vendor
modules won't be able to use CFI, which will be a critical security
hole.
This captures both CFI and non-CFI variants of all static libraries for
vendor snapshot, except for those whose cfi are explicitly disabled.
For example, suppose that "libfoo" is defined as follows.
cc_library_static {
name: "libfoo",
vendor_available: true,
}
As it doesn't have cfi disabled, two libraries "libfoo.a" and
"libfoo.cfi.a" will be captured. When installed, vendor snapshot module
for "libfoo" will look like:
vendor_snapshot_static {
name: "libfoo",
src: "libfoo.a",
cfi: {
src: "libfoo.cfi.a",
},
}
The build system will recognize the "cfi" property, and will create both
CFI and non-CFI variant, allowing any modules to link against "libfoo"
safely, no matter whether CFI is enabled or not.
Two clarification:
1) The reason why we don't create separate modules is that DepsMutator
runs before sanitize mutators. CFI and non-CFI variant of a library
should exist in a single module.
2) We can't capture CFI variant if the source module explicitly disables
cfi variant by specifying the following.
sanitize: {
cfi: false,
}
In this case, only non-CFI variant will be created for the vendor
snapshot module.
Bug: 65377115
Test: m dist vendor-snapshot && install && build against snapshot
Change-Id: Idbf3e3205d581800d6093c8d6cf6152374129ba4
2020-07-29 19:32:10 +08:00
|
|
|
if l.static() && m.sanitize != nil && m.sanitize.isSanitizerEnabled(cfi) {
|
|
|
|
// both cfi and non-cfi variant for static libraries can exist.
|
|
|
|
// attach .cfi to distinguish between cfi and non-cfi.
|
|
|
|
// e.g. libbase.a -> libbase.cfi.a
|
|
|
|
ext := filepath.Ext(stem)
|
|
|
|
stem = strings.TrimSuffix(stem, ext) + ".cfi" + ext
|
|
|
|
prop.Sanitize = "cfi"
|
|
|
|
prop.ModuleName += ".cfi"
|
|
|
|
}
|
2019-11-15 08:59:12 +08:00
|
|
|
snapshotLibOut := filepath.Join(snapshotArchDir, targetArch, libType, stem)
|
2021-02-04 06:23:15 +08:00
|
|
|
ret = append(ret, copyFile(ctx, libPath, snapshotLibOut, fake))
|
2019-11-15 08:59:12 +08:00
|
|
|
} else {
|
|
|
|
stem = ctx.ModuleName(m)
|
|
|
|
}
|
|
|
|
|
|
|
|
propOut = filepath.Join(snapshotArchDir, targetArch, libType, stem+".json")
|
2020-06-01 20:53:49 +08:00
|
|
|
} else if m.binary() {
|
2019-11-15 08:59:12 +08:00
|
|
|
// binary flags
|
|
|
|
prop.Symlinks = m.Symlinks()
|
|
|
|
prop.SharedLibs = m.Properties.SnapshotSharedLibs
|
|
|
|
|
|
|
|
// install bin
|
|
|
|
binPath := m.outputFile.Path()
|
|
|
|
snapshotBinOut := filepath.Join(snapshotArchDir, targetArch, "binary", binPath.Base())
|
2021-02-04 06:23:15 +08:00
|
|
|
ret = append(ret, copyFile(ctx, binPath, snapshotBinOut, fake))
|
2019-11-15 08:59:12 +08:00
|
|
|
propOut = snapshotBinOut + ".json"
|
2020-06-01 22:23:05 +08:00
|
|
|
} else if m.object() {
|
|
|
|
// object files aren't installed to the device, so their names can conflict.
|
|
|
|
// Use module name as stem.
|
|
|
|
objPath := m.outputFile.Path()
|
|
|
|
snapshotObjOut := filepath.Join(snapshotArchDir, targetArch, "object",
|
|
|
|
ctx.ModuleName(m)+filepath.Ext(objPath.Base()))
|
2021-02-04 06:23:15 +08:00
|
|
|
ret = append(ret, copyFile(ctx, objPath, snapshotObjOut, fake))
|
2020-06-01 22:23:05 +08:00
|
|
|
propOut = snapshotObjOut + ".json"
|
2020-06-01 20:53:49 +08:00
|
|
|
} else {
|
|
|
|
ctx.Errorf("unknown module %q in vendor snapshot", m.String())
|
|
|
|
return nil
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
j, err := json.Marshal(prop)
|
|
|
|
if err != nil {
|
|
|
|
ctx.Errorf("json marshal to %q failed: %#v", propOut, err)
|
|
|
|
return nil
|
|
|
|
}
|
2020-12-02 12:14:28 +08:00
|
|
|
ret = append(ret, writeStringToFileRule(ctx, string(j), propOut))
|
2019-11-15 08:59:12 +08:00
|
|
|
|
|
|
|
return ret
|
|
|
|
}
|
|
|
|
|
|
|
|
ctx.VisitAllModules(func(module android.Module) {
|
|
|
|
m, ok := module.(*Module)
|
2020-03-03 21:06:32 +08:00
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
moduleDir := ctx.ModuleDir(module)
|
2021-02-25 02:49:43 +08:00
|
|
|
inProprietaryPath := c.image.isProprietaryPath(moduleDir, ctx.DeviceConfig())
|
2020-09-16 09:30:11 +08:00
|
|
|
apexInfo := ctx.ModuleProvider(module, android.ApexInfoProvider).(android.ApexInfo)
|
2020-09-01 07:07:58 +08:00
|
|
|
|
2020-12-12 05:36:29 +08:00
|
|
|
if c.image.excludeFromSnapshot(m) {
|
2020-11-14 04:07:36 +08:00
|
|
|
if inProprietaryPath {
|
2020-09-01 07:07:58 +08:00
|
|
|
// Error: exclude_from_vendor_snapshot applies
|
|
|
|
// to framework-path modules only.
|
|
|
|
ctx.Errorf("module %q in vendor proprietary path %q may not use \"exclude_from_vendor_snapshot: true\"", m.String(), moduleDir)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-06 22:06:52 +08:00
|
|
|
if !isSnapshotAware(ctx.DeviceConfig(), m, inProprietaryPath, apexInfo, c.image) {
|
2019-11-15 08:59:12 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-02-04 06:23:15 +08:00
|
|
|
// If we are using directed snapshot and a module is not included in the
|
|
|
|
// list, we will still include the module as if it was a fake module.
|
|
|
|
// The reason is that soong needs all the dependencies to be present, even
|
|
|
|
// if they are not using during the build.
|
|
|
|
installAsFake := c.fake
|
|
|
|
if c.image.excludeFromDirectedSnapshot(ctx.DeviceConfig(), m.BaseModuleName()) {
|
|
|
|
installAsFake = true
|
|
|
|
}
|
2020-12-02 12:14:28 +08:00
|
|
|
|
2021-02-04 06:23:15 +08:00
|
|
|
// installSnapshot installs prebuilts and json flag files
|
|
|
|
snapshotOutputs = append(snapshotOutputs, installSnapshot(m, installAsFake)...)
|
2020-12-02 12:14:28 +08:00
|
|
|
// just gather headers and notice files here, because they are to be deduplicated
|
2020-03-03 21:06:32 +08:00
|
|
|
if l, ok := m.linker.(snapshotLibraryInterface); ok {
|
|
|
|
headers = append(headers, l.snapshotHeaders()...)
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
|
2020-02-19 12:21:55 +08:00
|
|
|
if len(m.NoticeFiles()) > 0 {
|
2019-11-15 08:59:12 +08:00
|
|
|
noticeName := ctx.ModuleName(m) + ".txt"
|
|
|
|
noticeOut := filepath.Join(noticeDir, noticeName)
|
|
|
|
// skip already copied notice file
|
|
|
|
if !installedNotices[noticeOut] {
|
|
|
|
installedNotices[noticeOut] = true
|
2021-01-05 19:03:22 +08:00
|
|
|
snapshotOutputs = append(snapshotOutputs, combineNoticesRule(ctx, m.NoticeFiles(), noticeOut))
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
// install all headers after removing duplicates
|
|
|
|
for _, header := range android.FirstUniquePaths(headers) {
|
2021-02-04 06:23:15 +08:00
|
|
|
snapshotOutputs = append(snapshotOutputs, copyFile(ctx, header, filepath.Join(includeDir, header.String()), c.fake))
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// All artifacts are ready. Sort them to normalize ninja and then zip.
|
|
|
|
sort.Slice(snapshotOutputs, func(i, j int) bool {
|
|
|
|
return snapshotOutputs[i].String() < snapshotOutputs[j].String()
|
|
|
|
})
|
|
|
|
|
2020-11-14 04:07:36 +08:00
|
|
|
zipPath := android.PathForOutput(
|
|
|
|
ctx,
|
|
|
|
snapshotDir,
|
|
|
|
c.name+"-"+ctx.Config().DeviceName()+".zip")
|
2020-11-17 09:32:30 +08:00
|
|
|
zipRule := android.NewRuleBuilder(pctx, ctx)
|
2019-11-15 08:59:12 +08:00
|
|
|
|
|
|
|
// filenames in rspfile from FlagWithRspFileInputList might be single-quoted. Remove it with tr
|
2020-11-14 04:07:36 +08:00
|
|
|
snapshotOutputList := android.PathForOutput(
|
|
|
|
ctx,
|
|
|
|
snapshotDir,
|
|
|
|
c.name+"-"+ctx.Config().DeviceName()+"_list")
|
2021-03-13 09:48:14 +08:00
|
|
|
rspFile := snapshotOutputList.ReplaceExtension(ctx, "rsp")
|
2019-11-15 08:59:12 +08:00
|
|
|
zipRule.Command().
|
|
|
|
Text("tr").
|
|
|
|
FlagWithArg("-d ", "\\'").
|
2021-03-13 09:48:14 +08:00
|
|
|
FlagWithRspFileInputList("< ", rspFile, snapshotOutputs).
|
2019-11-15 08:59:12 +08:00
|
|
|
FlagWithOutput("> ", snapshotOutputList)
|
|
|
|
|
|
|
|
zipRule.Temporary(snapshotOutputList)
|
|
|
|
|
|
|
|
zipRule.Command().
|
2020-11-17 09:32:30 +08:00
|
|
|
BuiltTool("soong_zip").
|
2019-11-15 08:59:12 +08:00
|
|
|
FlagWithOutput("-o ", zipPath).
|
|
|
|
FlagWithArg("-C ", android.PathForOutput(ctx, snapshotDir).String()).
|
|
|
|
FlagWithInput("-l ", snapshotOutputList)
|
|
|
|
|
2020-11-17 09:32:30 +08:00
|
|
|
zipRule.Build(zipPath.String(), c.name+" snapshot "+zipPath.String())
|
2019-11-15 08:59:12 +08:00
|
|
|
zipRule.DeleteTemporaryFiles()
|
2020-11-14 04:07:36 +08:00
|
|
|
c.snapshotZipFile = android.OptionalPathForPath(zipPath)
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|
|
|
|
|
2020-11-14 04:07:36 +08:00
|
|
|
func (c *snapshotSingleton) MakeVars(ctx android.MakeVarsContext) {
|
|
|
|
ctx.Strict(
|
|
|
|
c.makeVar,
|
|
|
|
c.snapshotZipFile.String())
|
2019-11-15 08:59:12 +08:00
|
|
|
}
|