diff --git a/core/Makefile b/core/Makefile index 7b3e46134..39e61a56f 100644 --- a/core/Makefile +++ b/core/Makefile @@ -1329,14 +1329,17 @@ $(if $(filter $(2),system),\ $(if $(PRODUCT_SYSTEM_BASE_FS_PATH),$(hide) echo "system_base_fs_file=$(PRODUCT_SYSTEM_BASE_FS_PATH)" >> $(1)) $(if $(PRODUCT_SYSTEM_HEADROOM),$(hide) echo "system_headroom=$(PRODUCT_SYSTEM_HEADROOM)" >> $(1)) $(if $(BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE),$(hide) echo "system_reserved_size=$(BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE)" >> $(1)) + $(hide) echo "system_selinux_fc=$(SELINUX_FC)" >> $(1) ) $(if $(filter $(2),userdata),\ $(if $(BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "userdata_fs_type=$(BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE)" >> $(1)) $(if $(BOARD_USERDATAIMAGE_PARTITION_SIZE),$(hide) echo "userdata_size=$(BOARD_USERDATAIMAGE_PARTITION_SIZE)" >> $(1)) + $(hide) echo "userdata_selinux_fc=$(SELINUX_FC)" >> $(1) ) $(if $(filter $(2),cache),\ $(if $(BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "cache_fs_type=$(BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE)" >> $(1)) $(if $(BOARD_CACHEIMAGE_PARTITION_SIZE),$(hide) echo "cache_size=$(BOARD_CACHEIMAGE_PARTITION_SIZE)" >> $(1)) + $(hide) echo "cache_selinux_fc=$(SELINUX_FC)" >> $(1) ) $(if $(filter $(2),vendor),\ $(if $(BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "vendor_fs_type=$(BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE)" >> $(1)) @@ -1350,6 +1353,7 @@ $(if $(filter $(2),vendor),\ $(if $(BOARD_VENDORIMAGE_SQUASHFS_DISABLE_4K_ALIGN),$(hide) echo "vendor_squashfs_disable_4k_align=$(BOARD_VENDORIMAGE_SQUASHFS_DISABLE_4K_ALIGN)" >> $(1)) $(if $(PRODUCT_VENDOR_BASE_FS_PATH),$(hide) echo "vendor_base_fs_file=$(PRODUCT_VENDOR_BASE_FS_PATH)" >> $(1)) $(if $(BOARD_VENDORIMAGE_PARTITION_RESERVED_SIZE),$(hide) echo "vendor_reserved_size=$(BOARD_VENDORIMAGE_PARTITION_RESERVED_SIZE)" >> $(1)) + $(hide) echo "vendor_selinux_fc=$(SELINUX_FC)" >> $(1) ) $(if $(filter $(2),product),\ $(if $(BOARD_PRODUCTIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "product_fs_type=$(BOARD_PRODUCTIMAGE_FILE_SYSTEM_TYPE)" >> $(1)) @@ -1363,6 +1367,7 @@ $(if $(filter $(2),product),\ $(if $(BOARD_PRODUCTIMAGE_SQUASHFS_DISABLE_4K_ALIGN),$(hide) echo "product_squashfs_disable_4k_align=$(BOARD_PRODUCTIMAGE_SQUASHFS_DISABLE_4K_ALIGN)" >> $(1)) $(if $(PRODUCT_PRODUCT_BASE_FS_PATH),$(hide) echo "product_base_fs_file=$(PRODUCT_PRODUCT_BASE_FS_PATH)" >> $(1)) $(if $(BOARD_PRODUCTIMAGE_PARTITION_RESERVED_SIZE),$(hide) echo "product_reserved_size=$(BOARD_PRODUCTIMAGE_PARTITION_RESERVED_SIZE)" >> $(1)) + $(hide) echo "product_selinux_fc=$(SELINUX_FC)" >> $(1) ) $(if $(filter $(2),product_services),\ $(if $(BOARD_PRODUCT_SERVICESIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "product_services_fs_type=$(BOARD_PRODUCT_SERVICESIMAGE_FILE_SYSTEM_TYPE)" >> $(1)) @@ -1375,6 +1380,7 @@ $(if $(filter $(2),product_services),\ $(if $(BOARD_PRODUCT_SERVICESIMAGE_SQUASHFS_BLOCK_SIZE),$(hide) echo "product_services_squashfs_block_size=$(BOARD_PRODUCT_SERVICESIMAGE_SQUASHFS_BLOCK_SIZE)" >> $(1)) $(if $(BOARD_PRODUCT_SERVICESIMAGE_SQUASHFS_DISABLE_4K_ALIGN),$(hide) echo "product_services_squashfs_disable_4k_align=$(BOARD_PRODUCT_SERVICESIMAGE_SQUASHFS_DISABLE_4K_ALIGN)" >> $(1)) $(if $(BOARD_PRODUCT_SERVICESIMAGE_PARTITION_RESERVED_SIZE),$(hide) echo "product_services_reserved_size=$(BOARD_PRODUCT_SERVICESIMAGE_PARTITION_RESERVED_SIZE)" >> $(1)) + $(hide) echo "product_services_selinux_fc=$(SELINUX_FC)" >> $(1) ) $(if $(filter $(2),odm),\ $(if $(BOARD_ODMIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "odm_fs_type=$(BOARD_ODMIMAGE_FILE_SYSTEM_TYPE)" >> $(1)) @@ -1388,12 +1394,14 @@ $(if $(filter $(2),odm),\ $(if $(BOARD_ODMIMAGE_SQUASHFS_DISABLE_4K_ALIGN),$(hide) echo "odm_squashfs_disable_4k_align=$(BOARD_ODMIMAGE_SQUASHFS_DISABLE_4K_ALIGN)" >> $(1)) $(if $(PRODUCT_ODM_BASE_FS_PATH),$(hide) echo "odm_base_fs_file=$(PRODUCT_ODM_BASE_FS_PATH)" >> $(1)) $(if $(BOARD_ODMIMAGE_PARTITION_RESERVED_SIZE),$(hide) echo "odm_reserved_size=$(BOARD_ODMIMAGE_PARTITION_RESERVED_SIZE)" >> $(1)) + $(hide) echo "odm_selinux_fc=$(SELINUX_FC)" >> $(1) ) $(if $(filter $(2),oem),\ $(if $(BOARD_OEMIMAGE_PARTITION_SIZE),$(hide) echo "oem_size=$(BOARD_OEMIMAGE_PARTITION_SIZE)" >> $(1)) $(if $(BOARD_OEMIMAGE_JOURNAL_SIZE),$(hide) echo "oem_journal_size=$(BOARD_OEMIMAGE_JOURNAL_SIZE)" >> $(1)) $(if $(BOARD_OEMIMAGE_EXTFS_INODE_COUNT),$(hide) echo "oem_extfs_inode_count=$(BOARD_OEMIMAGE_EXTFS_INODE_COUNT)" >> $(1)) $(if $(BOARD_OEMIMAGE_EXTFS_RSV_PCT),$(hide) echo "oem_extfs_rsv_pct=$(BOARD_OEMIMAGE_EXTFS_RSV_PCT)" >> $(1)) + $(hide) echo "oem_selinux_fc=$(SELINUX_FC)" >> $(1) ) $(hide) echo "ext_mkuserimg=$(notdir $(MKEXTUSERIMG))" >> $(1) @@ -1403,7 +1411,6 @@ $(if $(INTERNAL_USERIMAGES_SPARSE_SQUASHFS_FLAG),$(hide) echo "squashfs_sparse_f $(if $(BOARD_EXT4_SHARE_DUP_BLOCKS),$(hide) echo "ext4_share_dup_blocks=$(BOARD_EXT4_SHARE_DUP_BLOCKS)" >> $(1)) $(if $(BOARD_FLASH_LOGICAL_BLOCK_SIZE), $(hide) echo "flash_logical_block_size=$(BOARD_FLASH_LOGICAL_BLOCK_SIZE)" >> $(1)) $(if $(BOARD_FLASH_ERASE_BLOCK_SIZE), $(hide) echo "flash_erase_block_size=$(BOARD_FLASH_ERASE_BLOCK_SIZE)" >> $(1)) -$(hide) echo "selinux_fc=$(SELINUX_FC)" >> $(1) $(if $(PRODUCT_SUPPORTS_BOOT_SIGNER),$(hide) echo "boot_signer=$(PRODUCT_SUPPORTS_BOOT_SIGNER)" >> $(1)) $(if $(PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity=$(PRODUCT_SUPPORTS_VERITY)" >> $(1)) $(if $(PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_key=$(PRODUCT_VERITY_SIGNING_KEY)" >> $(1)) @@ -1473,8 +1480,30 @@ endef # $(1): the path of the output dictionary file # $(2): additional "key=value" pairs to append to the dictionary file. +PROP_DICTIONARY_IMAGES := oem +ifdef BUILDING_CACHE_IMAGE + PROP_DICTIONARY_IMAGES += cache +endif +ifdef BUILDING_SYSTEM_IMAGE + PROP_DICTIONARY_IMAGES += system +endif +ifdef BUILDING_USERDATA_IMAGE + PROP_DICTIONARY_IMAGES += userdata +endif +ifdef BUILDING_VENDOR_IMAGE + PROP_DICTIONARY_IMAGES += vendor +endif +ifdef BUILDING_PRODUCT_IMAGE + PROP_DICTIONARY_IMAGES += product +endif +ifdef BUILDING_PRODUCT_SERVICES_IMAGE + PROP_DICTIONARY_IMAGES += product_services +endif +ifdef BUILDING_ODM_IMAGE + PROP_DICTIONARY_IMAGES += odm +endif define generate-userimage-prop-dictionary -$(call generate-image-prop-dictionary,$(1),system vendor cache userdata product product_services oem odm,$(2)) + $(call generate-image-prop-dictionary,$(1),$(PROP_DICTIONARY_IMAGES),$(2)) endef # $(1): the path of the input dictionary file, where each line has the format key=value diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py index 4136ed432..ba0465151 100755 --- a/tools/releasetools/build_image.py +++ b/tools/releasetools/build_image.py @@ -519,7 +519,6 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): common_props = ( "extfs_sparse_flag", "squashfs_sparse_flag", - "selinux_fc", "skip_fsck", "ext_mkuserimg", "verity", @@ -564,6 +563,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): if not copy_prop("system_extfs_rsv_pct", "extfs_rsv_pct"): d["extfs_rsv_pct"] = "0" copy_prop("system_reserved_size", "partition_reserved_size") + copy_prop("system_selinux_fc", "selinux_fc") elif mount_point == "system_other": # We inherit the selinux policies of /system since we contain some of its # files. @@ -587,6 +587,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): if not copy_prop("system_extfs_rsv_pct", "extfs_rsv_pct"): d["extfs_rsv_pct"] = "0" copy_prop("system_reserved_size", "partition_reserved_size") + copy_prop("system_selinux_fc", "selinux_fc") elif mount_point == "data": # Copy the generic fs type first, override with specific one if available. copy_prop("fs_type", "fs_type") @@ -594,9 +595,11 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): copy_prop("userdata_size", "partition_size") copy_prop("flash_logical_block_size", "flash_logical_block_size") copy_prop("flash_erase_block_size", "flash_erase_block_size") + copy_prop("userdata_selinux_fc", "selinux_fc") elif mount_point == "cache": copy_prop("cache_fs_type", "fs_type") copy_prop("cache_size", "partition_size") + copy_prop("cache_selinux_fc", "selinux_fc") elif mount_point == "vendor": copy_prop("avb_vendor_hashtree_enable", "avb_hashtree_enable") copy_prop("avb_vendor_add_hashtree_footer_args", @@ -618,6 +621,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): if not copy_prop("vendor_extfs_rsv_pct", "extfs_rsv_pct"): d["extfs_rsv_pct"] = "0" copy_prop("vendor_reserved_size", "partition_reserved_size") + copy_prop("vendor_selinux_fc", "selinux_fc") elif mount_point == "product": copy_prop("avb_product_hashtree_enable", "avb_hashtree_enable") copy_prop("avb_product_add_hashtree_footer_args", @@ -639,6 +643,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): if not copy_prop("product_extfs_rsv_pct", "extfs_rsv_pct"): d["extfs_rsv_pct"] = "0" copy_prop("product_reserved_size", "partition_reserved_size") + copy_prop("product_selinux_fc", "selinux_fc") elif mount_point == "product_services": copy_prop("avb_product_services_hashtree_enable", "avb_hashtree_enable") copy_prop("avb_product_services_add_hashtree_footer_args", @@ -662,6 +667,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): if not copy_prop("product_services_extfs_rsv_pct", "extfs_rsv_pct"): d["extfs_rsv_pct"] = "0" copy_prop("product_services_reserved_size", "partition_reserved_size") + copy_prop("product_services_selinux_fc", "selinux_fc") elif mount_point == "odm": copy_prop("avb_odm_hashtree_enable", "avb_hashtree_enable") copy_prop("avb_odm_add_hashtree_footer_args", @@ -683,6 +689,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): if not copy_prop("odm_extfs_rsv_pct", "extfs_rsv_pct"): d["extfs_rsv_pct"] = "0" copy_prop("odm_reserved_size", "partition_reserved_size") + copy_prop("odm_selinux_fc", "selinux_fc") elif mount_point == "oem": copy_prop("fs_type", "fs_type") copy_prop("oem_size", "partition_size") @@ -692,6 +699,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): copy_prop("ext4_share_dup_blocks", "ext4_share_dup_blocks") if not copy_prop("oem_extfs_rsv_pct", "extfs_rsv_pct"): d["extfs_rsv_pct"] = "0" + copy_prop("oem_selinux_fc", "selinux_fc") d["partition_name"] = mount_point return d diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py index e6422978d..5bdb2a70f 100644 --- a/tools/releasetools/common.py +++ b/tools/releasetools/common.py @@ -332,13 +332,15 @@ def LoadInfoDict(input_file, repacking=False): raise ValueError("Failed to find 'fstab_version'") if repacking: - # "selinux_fc" should point to the file_contexts file (file_contexts.bin) - # under META/. - fc_basename = os.path.basename(d.get("selinux_fc", "file_contexts")) - fc_config = os.path.join(input_file, "META", fc_basename) - assert os.path.exists(fc_config) + # "selinux_fc" properties should point to the file_contexts files + # (file_contexts.bin) under META/. + for key in d: + if key.endswith("selinux_fc"): + fc_basename = os.path.basename(d[key]) + fc_config = os.path.join(input_file, "META", fc_basename) + assert os.path.exists(fc_config) - d["selinux_fc"] = fc_config + d[key] = fc_config # Similarly we need to redirect "root_dir", and "root_fs_config". d["root_dir"] = os.path.join(input_file, "ROOT") diff --git a/tools/releasetools/merge_target_files.py b/tools/releasetools/merge_target_files.py index 2a722c524..e8c3cf7ef 100755 --- a/tools/releasetools/merge_target_files.py +++ b/tools/releasetools/merge_target_files.py @@ -160,7 +160,6 @@ default_system_misc_info_keys = [ default_other_item_list = [ 'META/boot_filesystem_config.txt', - 'META/file_contexts.bin', 'META/otakeys.txt', 'META/releasetools.py', 'META/vendor_filesystem_config.txt', @@ -501,6 +500,18 @@ def process_misc_info_txt(system_target_files_temp_dir, list_suffix='_partition_list') merged_info_dict.update(merged_dynamic_partitions_dict) + # Replace _selinux_fc values with system or other file_contexts.bin + # depending on which dictionary the key came from. + # Only the file basename is required because all selinux_fc properties are + # replaced with the full path to the file under META/ when misc_info.txt is + # loaded from target files for repacking. See common.py LoadInfoDict(). + for key in merged_info_dict: + if key.endswith('_selinux_fc'): + merged_info_dict[key] = 'other_file_contexts.bin' + for key in system_info_dict: + if key.endswith('_selinux_fc'): + merged_info_dict[key] = 'system_file_contexts.bin' + output_misc_info_txt = os.path.join(output_target_files_temp_dir, 'META', 'misc_info.txt') write_sorted_data(data=merged_info_dict, path=output_misc_info_txt) @@ -605,6 +616,28 @@ def process_apex_keys_apk_certs_common(system_target_files_dir, write_sorted_data(data=other_dict.values(), path=output_file) +def copy_file_contexts(system_target_files_dir, other_target_files_dir, + output_target_files_dir): + """Creates named copies of each build's file_contexts.bin in output META/.""" + system_fc_path = os.path.join(system_target_files_dir, 'META', 'system_file_contexts.bin') + if not os.path.exists(system_fc_path): + system_fc_path = os.path.join(system_target_files_dir, 'META', 'file_contexts.bin') + if not os.path.exists(system_fc_path): + raise ValueError('Missing system file_contexts.bin.') + shutil.copyfile( + system_fc_path, + os.path.join(output_target_files_dir, 'META', 'system_file_contexts.bin')) + + other_fc_path = os.path.join(other_target_files_dir, 'META', 'other_file_contexts.bin') + if not os.path.exists(other_fc_path): + other_fc_path = os.path.join(other_target_files_dir, 'META', 'file_contexts.bin') + if not os.path.exists(other_fc_path): + raise ValueError('Missing other file_contexts.bin.') + shutil.copyfile( + other_fc_path, + os.path.join(output_target_files_dir, 'META', 'other_file_contexts.bin')) + + def process_special_cases(system_target_files_temp_dir, other_target_files_temp_dir, output_target_files_temp_dir, system_misc_info_keys, @@ -638,6 +671,11 @@ def process_special_cases(system_target_files_temp_dir, append_recovery_to_filesystem_config( output_target_files_temp_dir=output_target_files_temp_dir) + copy_file_contexts( + system_target_files_dir=system_target_files_temp_dir, + other_target_files_dir=other_target_files_temp_dir, + output_target_files_dir=output_target_files_temp_dir) + process_misc_info_txt( system_target_files_temp_dir=system_target_files_temp_dir, other_target_files_temp_dir=other_target_files_temp_dir,