apex: emit file_contexts for flattened apex
Flattened APEXes are installed in /<partition>/apex/<name>, so its file_contexts file should be amended accordingly. For example, file_contexts of an apex "com.android.foo" with should be modified by prepending actual install path to the path regex. /bin/foo <sepolicy label> => /system/apex/com\.android\.foo/bin/foo <sepolicy label> File_contexts file is emitted to "make" via LOCAL_FILE_CONTEXTS variable for apex_manifest.pb module. Make collects these files and use them to build file_contexts.bin. Also removed global state which is used to keep the list of all flattened apexes. Bug: 166518492 Test: m file_contexts.bin check intermediate file_contexts.modules.tmp file in $OUT/obj/ETC/file_contexts.bin_intermediates/ Change-Id: I780370b6e576964a5c09f9477f3361f341dd576b
This commit is contained in:
parent
a9a99bc6d2
commit
7f146c0da1
|
@ -263,6 +263,10 @@ func (a *apexBundle) androidMkForFiles(w io.Writer, apexBundleName, apexName, mo
|
|||
postInstallCommands = append(postInstallCommands, a.compatSymlinks...)
|
||||
}
|
||||
}
|
||||
|
||||
// File_contexts of flattened APEXes should be merged into file_contexts.bin
|
||||
fmt.Fprintln(w, "LOCAL_FILE_CONTEXTS :=", a.fileContexts)
|
||||
|
||||
if len(postInstallCommands) > 0 {
|
||||
fmt.Fprintln(w, "LOCAL_POST_INSTALL_CMD :=", strings.Join(postInstallCommands, " && "))
|
||||
}
|
||||
|
|
25
apex/apex.go
25
apex/apex.go
|
@ -19,7 +19,6 @@ import (
|
|||
"path/filepath"
|
||||
"sort"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/google/blueprint"
|
||||
"github.com/google/blueprint/bootstrap"
|
||||
|
@ -744,12 +743,6 @@ func init() {
|
|||
android.PreDepsMutators(RegisterPreDepsMutators)
|
||||
android.PostDepsMutators(RegisterPostDepsMutators)
|
||||
|
||||
android.RegisterMakeVarsProvider(pctx, func(ctx android.MakeVarsContext) {
|
||||
apexFileContextsInfos := apexFileContextsInfos(ctx.Config())
|
||||
sort.Strings(*apexFileContextsInfos)
|
||||
ctx.Strict("APEX_FILE_CONTEXTS_INFOS", strings.Join(*apexFileContextsInfos, " "))
|
||||
})
|
||||
|
||||
android.AddNeverAllowRules(createApexPermittedPackagesRules(qModulesPackages())...)
|
||||
android.AddNeverAllowRules(createApexPermittedPackagesRules(rModulesPackages())...)
|
||||
}
|
||||
|
@ -917,24 +910,6 @@ func apexMutator(mctx android.BottomUpMutatorContext) {
|
|||
|
||||
}
|
||||
|
||||
var (
|
||||
apexFileContextsInfosKey = android.NewOnceKey("apexFileContextsInfosKey")
|
||||
apexFileContextsInfosMutex sync.Mutex
|
||||
)
|
||||
|
||||
func apexFileContextsInfos(config android.Config) *[]string {
|
||||
return config.Once(apexFileContextsInfosKey, func() interface{} {
|
||||
return &[]string{}
|
||||
}).(*[]string)
|
||||
}
|
||||
|
||||
func addFlattenedFileContextsInfos(ctx android.BaseModuleContext, fileContextsInfo string) {
|
||||
apexFileContextsInfosMutex.Lock()
|
||||
defer apexFileContextsInfosMutex.Unlock()
|
||||
apexFileContextsInfos := apexFileContextsInfos(ctx.Config())
|
||||
*apexFileContextsInfos = append(*apexFileContextsInfos, fileContextsInfo)
|
||||
}
|
||||
|
||||
func apexFlattenedMutator(mctx android.BottomUpMutatorContext) {
|
||||
if !mctx.Module().Enabled() {
|
||||
return
|
||||
|
|
|
@ -257,6 +257,8 @@ func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) {
|
|||
|
||||
output := android.PathForModuleOut(ctx, "file_contexts")
|
||||
rule := android.NewRuleBuilder()
|
||||
|
||||
if a.properties.ApexType == imageApex {
|
||||
// remove old file
|
||||
rule.Command().Text("rm").FlagWithOutput("-f ", output)
|
||||
// copy file_contexts
|
||||
|
@ -266,6 +268,23 @@ func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) {
|
|||
// force-label /apex_manifest.pb and / as system_file so that apexd can read them
|
||||
rule.Command().Text("echo").Flag("/apex_manifest\\\\.pb u:object_r:system_file:s0").Text(">>").Output(output)
|
||||
rule.Command().Text("echo").Flag("/ u:object_r:system_file:s0").Text(">>").Output(output)
|
||||
} else {
|
||||
// For flattened apexes, install path should be prepended.
|
||||
// File_contexts file should be emiited to make via LOCAL_FILE_CONTEXTS
|
||||
// so that it can be merged into file_contexts.bin
|
||||
apexPath := android.InstallPathToOnDevicePath(ctx, a.installDir.Join(ctx, a.Name()))
|
||||
apexPath = strings.ReplaceAll(apexPath, ".", `\\.`)
|
||||
// remove old file
|
||||
rule.Command().Text("rm").FlagWithOutput("-f ", output)
|
||||
// copy file_contexts
|
||||
rule.Command().Text("awk").Text(`'/object_r/{printf("` + apexPath + `%s\n", $0)}'`).Input(fileContexts).Text(">").Output(output)
|
||||
// new line
|
||||
rule.Command().Text("echo").Text(">>").Output(output)
|
||||
// force-label /apex_manifest.pb and / as system_file so that apexd can read them
|
||||
rule.Command().Text("echo").Flag(apexPath + `/apex_manifest\\.pb u:object_r:system_file:s0`).Text(">>").Output(output)
|
||||
rule.Command().Text("echo").Flag(apexPath + "/ u:object_r:system_file:s0").Text(">>").Output(output)
|
||||
}
|
||||
|
||||
rule.Build(pctx, ctx, "file_contexts."+a.Name(), "Generate file_contexts")
|
||||
|
||||
a.fileContexts = output.OutputPath
|
||||
|
@ -687,14 +706,7 @@ func (a *apexBundle) buildFlattenedApex(ctx android.ModuleContext) {
|
|||
// instead of `android.PathForOutput`) to return the correct path to the flattened
|
||||
// APEX (as its contents is installed by Make, not Soong).
|
||||
factx := flattenedApexContext{ctx}
|
||||
apexBundleName := a.Name()
|
||||
a.outputFile = android.PathForModuleInstall(&factx, "apex", apexBundleName)
|
||||
|
||||
if a.installable() {
|
||||
installPath := android.PathForModuleInstall(ctx, "apex", apexBundleName)
|
||||
devicePath := android.InstallPathToOnDevicePath(ctx, installPath)
|
||||
addFlattenedFileContextsInfos(ctx, apexBundleName+":"+devicePath+":"+a.fileContexts.String())
|
||||
}
|
||||
a.outputFile = android.PathForModuleInstall(&factx, "apex", a.Name())
|
||||
a.buildFilesInfo(ctx)
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue