forked from openkylin/platform_build
Adds image-specific selinux_fc props to allow different file_contexts.
This enables mixed builds to use the file_contexts.bin from the system build when regenerating images that come from system target files, and similarly for file_contexts.bin from the other build when regenerating images from other target files. In monolithic (non-mixed) builds all image-specific selinux_fc props point to the same file_contexts. Bug: 132108151 Test: Built and booted mixed build devices. Change-Id: Id51ed6d96ea6337879f1ab21d47c93c67bc25312
This commit is contained in:
Daniel Norman
parent
0c45b0d982
commit
72c626f017
|
|
@ -1329,14 +1329,17 @@ $(if $(filter $(2),system),\
|
|||
$(if $(PRODUCT_SYSTEM_BASE_FS_PATH),$(hide) echo "system_base_fs_file=$(PRODUCT_SYSTEM_BASE_FS_PATH)" >> $(1))
|
||||
$(if $(PRODUCT_SYSTEM_HEADROOM),$(hide) echo "system_headroom=$(PRODUCT_SYSTEM_HEADROOM)" >> $(1))
|
||||
$(if $(BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE),$(hide) echo "system_reserved_size=$(BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE)" >> $(1))
|
||||
$(hide) echo "system_selinux_fc=$(SELINUX_FC)" >> $(1)
|
||||
)
|
||||
$(if $(filter $(2),userdata),\
|
||||
$(if $(BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "userdata_fs_type=$(BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
|
||||
$(if $(BOARD_USERDATAIMAGE_PARTITION_SIZE),$(hide) echo "userdata_size=$(BOARD_USERDATAIMAGE_PARTITION_SIZE)" >> $(1))
|
||||
$(hide) echo "userdata_selinux_fc=$(SELINUX_FC)" >> $(1)
|
||||
)
|
||||
$(if $(filter $(2),cache),\
|
||||
$(if $(BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "cache_fs_type=$(BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
|
||||
$(if $(BOARD_CACHEIMAGE_PARTITION_SIZE),$(hide) echo "cache_size=$(BOARD_CACHEIMAGE_PARTITION_SIZE)" >> $(1))
|
||||
$(hide) echo "cache_selinux_fc=$(SELINUX_FC)" >> $(1)
|
||||
)
|
||||
$(if $(filter $(2),vendor),\
|
||||
$(if $(BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "vendor_fs_type=$(BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
|
||||
|
|
@ -1350,6 +1353,7 @@ $(if $(filter $(2),vendor),\
|
|||
$(if $(BOARD_VENDORIMAGE_SQUASHFS_DISABLE_4K_ALIGN),$(hide) echo "vendor_squashfs_disable_4k_align=$(BOARD_VENDORIMAGE_SQUASHFS_DISABLE_4K_ALIGN)" >> $(1))
|
||||
$(if $(PRODUCT_VENDOR_BASE_FS_PATH),$(hide) echo "vendor_base_fs_file=$(PRODUCT_VENDOR_BASE_FS_PATH)" >> $(1))
|
||||
$(if $(BOARD_VENDORIMAGE_PARTITION_RESERVED_SIZE),$(hide) echo "vendor_reserved_size=$(BOARD_VENDORIMAGE_PARTITION_RESERVED_SIZE)" >> $(1))
|
||||
$(hide) echo "vendor_selinux_fc=$(SELINUX_FC)" >> $(1)
|
||||
)
|
||||
$(if $(filter $(2),product),\
|
||||
$(if $(BOARD_PRODUCTIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "product_fs_type=$(BOARD_PRODUCTIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
|
||||
|
|
@ -1363,6 +1367,7 @@ $(if $(filter $(2),product),\
|
|||
$(if $(BOARD_PRODUCTIMAGE_SQUASHFS_DISABLE_4K_ALIGN),$(hide) echo "product_squashfs_disable_4k_align=$(BOARD_PRODUCTIMAGE_SQUASHFS_DISABLE_4K_ALIGN)" >> $(1))
|
||||
$(if $(PRODUCT_PRODUCT_BASE_FS_PATH),$(hide) echo "product_base_fs_file=$(PRODUCT_PRODUCT_BASE_FS_PATH)" >> $(1))
|
||||
$(if $(BOARD_PRODUCTIMAGE_PARTITION_RESERVED_SIZE),$(hide) echo "product_reserved_size=$(BOARD_PRODUCTIMAGE_PARTITION_RESERVED_SIZE)" >> $(1))
|
||||
$(hide) echo "product_selinux_fc=$(SELINUX_FC)" >> $(1)
|
||||
)
|
||||
$(if $(filter $(2),product_services),\
|
||||
$(if $(BOARD_PRODUCT_SERVICESIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "product_services_fs_type=$(BOARD_PRODUCT_SERVICESIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
|
||||
|
|
@ -1375,6 +1380,7 @@ $(if $(filter $(2),product_services),\
|
|||
$(if $(BOARD_PRODUCT_SERVICESIMAGE_SQUASHFS_BLOCK_SIZE),$(hide) echo "product_services_squashfs_block_size=$(BOARD_PRODUCT_SERVICESIMAGE_SQUASHFS_BLOCK_SIZE)" >> $(1))
|
||||
$(if $(BOARD_PRODUCT_SERVICESIMAGE_SQUASHFS_DISABLE_4K_ALIGN),$(hide) echo "product_services_squashfs_disable_4k_align=$(BOARD_PRODUCT_SERVICESIMAGE_SQUASHFS_DISABLE_4K_ALIGN)" >> $(1))
|
||||
$(if $(BOARD_PRODUCT_SERVICESIMAGE_PARTITION_RESERVED_SIZE),$(hide) echo "product_services_reserved_size=$(BOARD_PRODUCT_SERVICESIMAGE_PARTITION_RESERVED_SIZE)" >> $(1))
|
||||
$(hide) echo "product_services_selinux_fc=$(SELINUX_FC)" >> $(1)
|
||||
)
|
||||
$(if $(filter $(2),odm),\
|
||||
$(if $(BOARD_ODMIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "odm_fs_type=$(BOARD_ODMIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
|
||||
|
|
@ -1388,12 +1394,14 @@ $(if $(filter $(2),odm),\
|
|||
$(if $(BOARD_ODMIMAGE_SQUASHFS_DISABLE_4K_ALIGN),$(hide) echo "odm_squashfs_disable_4k_align=$(BOARD_ODMIMAGE_SQUASHFS_DISABLE_4K_ALIGN)" >> $(1))
|
||||
$(if $(PRODUCT_ODM_BASE_FS_PATH),$(hide) echo "odm_base_fs_file=$(PRODUCT_ODM_BASE_FS_PATH)" >> $(1))
|
||||
$(if $(BOARD_ODMIMAGE_PARTITION_RESERVED_SIZE),$(hide) echo "odm_reserved_size=$(BOARD_ODMIMAGE_PARTITION_RESERVED_SIZE)" >> $(1))
|
||||
$(hide) echo "odm_selinux_fc=$(SELINUX_FC)" >> $(1)
|
||||
)
|
||||
$(if $(filter $(2),oem),\
|
||||
$(if $(BOARD_OEMIMAGE_PARTITION_SIZE),$(hide) echo "oem_size=$(BOARD_OEMIMAGE_PARTITION_SIZE)" >> $(1))
|
||||
$(if $(BOARD_OEMIMAGE_JOURNAL_SIZE),$(hide) echo "oem_journal_size=$(BOARD_OEMIMAGE_JOURNAL_SIZE)" >> $(1))
|
||||
$(if $(BOARD_OEMIMAGE_EXTFS_INODE_COUNT),$(hide) echo "oem_extfs_inode_count=$(BOARD_OEMIMAGE_EXTFS_INODE_COUNT)" >> $(1))
|
||||
$(if $(BOARD_OEMIMAGE_EXTFS_RSV_PCT),$(hide) echo "oem_extfs_rsv_pct=$(BOARD_OEMIMAGE_EXTFS_RSV_PCT)" >> $(1))
|
||||
$(hide) echo "oem_selinux_fc=$(SELINUX_FC)" >> $(1)
|
||||
)
|
||||
$(hide) echo "ext_mkuserimg=$(notdir $(MKEXTUSERIMG))" >> $(1)
|
||||
|
||||
|
|
@ -1403,7 +1411,6 @@ $(if $(INTERNAL_USERIMAGES_SPARSE_SQUASHFS_FLAG),$(hide) echo "squashfs_sparse_f
|
|||
$(if $(BOARD_EXT4_SHARE_DUP_BLOCKS),$(hide) echo "ext4_share_dup_blocks=$(BOARD_EXT4_SHARE_DUP_BLOCKS)" >> $(1))
|
||||
$(if $(BOARD_FLASH_LOGICAL_BLOCK_SIZE), $(hide) echo "flash_logical_block_size=$(BOARD_FLASH_LOGICAL_BLOCK_SIZE)" >> $(1))
|
||||
$(if $(BOARD_FLASH_ERASE_BLOCK_SIZE), $(hide) echo "flash_erase_block_size=$(BOARD_FLASH_ERASE_BLOCK_SIZE)" >> $(1))
|
||||
$(hide) echo "selinux_fc=$(SELINUX_FC)" >> $(1)
|
||||
$(if $(PRODUCT_SUPPORTS_BOOT_SIGNER),$(hide) echo "boot_signer=$(PRODUCT_SUPPORTS_BOOT_SIGNER)" >> $(1))
|
||||
$(if $(PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity=$(PRODUCT_SUPPORTS_VERITY)" >> $(1))
|
||||
$(if $(PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_key=$(PRODUCT_VERITY_SIGNING_KEY)" >> $(1))
|
||||
|
|
@ -1473,8 +1480,30 @@ endef
|
|||
|
||||
# $(1): the path of the output dictionary file
|
||||
# $(2): additional "key=value" pairs to append to the dictionary file.
|
||||
PROP_DICTIONARY_IMAGES := oem
|
||||
ifdef BUILDING_CACHE_IMAGE
|
||||
PROP_DICTIONARY_IMAGES += cache
|
||||
endif
|
||||
ifdef BUILDING_SYSTEM_IMAGE
|
||||
PROP_DICTIONARY_IMAGES += system
|
||||
endif
|
||||
ifdef BUILDING_USERDATA_IMAGE
|
||||
PROP_DICTIONARY_IMAGES += userdata
|
||||
endif
|
||||
ifdef BUILDING_VENDOR_IMAGE
|
||||
PROP_DICTIONARY_IMAGES += vendor
|
||||
endif
|
||||
ifdef BUILDING_PRODUCT_IMAGE
|
||||
PROP_DICTIONARY_IMAGES += product
|
||||
endif
|
||||
ifdef BUILDING_PRODUCT_SERVICES_IMAGE
|
||||
PROP_DICTIONARY_IMAGES += product_services
|
||||
endif
|
||||
ifdef BUILDING_ODM_IMAGE
|
||||
PROP_DICTIONARY_IMAGES += odm
|
||||
endif
|
||||
define generate-userimage-prop-dictionary
|
||||
$(call generate-image-prop-dictionary,$(1),system vendor cache userdata product product_services oem odm,$(2))
|
||||
$(call generate-image-prop-dictionary,$(1),$(PROP_DICTIONARY_IMAGES),$(2))
|
||||
endef
|
||||
|
||||
# $(1): the path of the input dictionary file, where each line has the format key=value
|
||||
|
|
|
|||
|
|
@ -519,7 +519,6 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
|
|||
common_props = (
|
||||
"extfs_sparse_flag",
|
||||
"squashfs_sparse_flag",
|
||||
"selinux_fc",
|
||||
"skip_fsck",
|
||||
"ext_mkuserimg",
|
||||
"verity",
|
||||
|
|
@ -564,6 +563,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
|
|||
if not copy_prop("system_extfs_rsv_pct", "extfs_rsv_pct"):
|
||||
d["extfs_rsv_pct"] = "0"
|
||||
copy_prop("system_reserved_size", "partition_reserved_size")
|
||||
copy_prop("system_selinux_fc", "selinux_fc")
|
||||
elif mount_point == "system_other":
|
||||
# We inherit the selinux policies of /system since we contain some of its
|
||||
# files.
|
||||
|
|
@ -587,6 +587,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
|
|||
if not copy_prop("system_extfs_rsv_pct", "extfs_rsv_pct"):
|
||||
d["extfs_rsv_pct"] = "0"
|
||||
copy_prop("system_reserved_size", "partition_reserved_size")
|
||||
copy_prop("system_selinux_fc", "selinux_fc")
|
||||
elif mount_point == "data":
|
||||
# Copy the generic fs type first, override with specific one if available.
|
||||
copy_prop("fs_type", "fs_type")
|
||||
|
|
@ -594,9 +595,11 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
|
|||
copy_prop("userdata_size", "partition_size")
|
||||
copy_prop("flash_logical_block_size", "flash_logical_block_size")
|
||||
copy_prop("flash_erase_block_size", "flash_erase_block_size")
|
||||
copy_prop("userdata_selinux_fc", "selinux_fc")
|
||||
elif mount_point == "cache":
|
||||
copy_prop("cache_fs_type", "fs_type")
|
||||
copy_prop("cache_size", "partition_size")
|
||||
copy_prop("cache_selinux_fc", "selinux_fc")
|
||||
elif mount_point == "vendor":
|
||||
copy_prop("avb_vendor_hashtree_enable", "avb_hashtree_enable")
|
||||
copy_prop("avb_vendor_add_hashtree_footer_args",
|
||||
|
|
@ -618,6 +621,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
|
|||
if not copy_prop("vendor_extfs_rsv_pct", "extfs_rsv_pct"):
|
||||
d["extfs_rsv_pct"] = "0"
|
||||
copy_prop("vendor_reserved_size", "partition_reserved_size")
|
||||
copy_prop("vendor_selinux_fc", "selinux_fc")
|
||||
elif mount_point == "product":
|
||||
copy_prop("avb_product_hashtree_enable", "avb_hashtree_enable")
|
||||
copy_prop("avb_product_add_hashtree_footer_args",
|
||||
|
|
@ -639,6 +643,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
|
|||
if not copy_prop("product_extfs_rsv_pct", "extfs_rsv_pct"):
|
||||
d["extfs_rsv_pct"] = "0"
|
||||
copy_prop("product_reserved_size", "partition_reserved_size")
|
||||
copy_prop("product_selinux_fc", "selinux_fc")
|
||||
elif mount_point == "product_services":
|
||||
copy_prop("avb_product_services_hashtree_enable", "avb_hashtree_enable")
|
||||
copy_prop("avb_product_services_add_hashtree_footer_args",
|
||||
|
|
@ -662,6 +667,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
|
|||
if not copy_prop("product_services_extfs_rsv_pct", "extfs_rsv_pct"):
|
||||
d["extfs_rsv_pct"] = "0"
|
||||
copy_prop("product_services_reserved_size", "partition_reserved_size")
|
||||
copy_prop("product_services_selinux_fc", "selinux_fc")
|
||||
elif mount_point == "odm":
|
||||
copy_prop("avb_odm_hashtree_enable", "avb_hashtree_enable")
|
||||
copy_prop("avb_odm_add_hashtree_footer_args",
|
||||
|
|
@ -683,6 +689,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
|
|||
if not copy_prop("odm_extfs_rsv_pct", "extfs_rsv_pct"):
|
||||
d["extfs_rsv_pct"] = "0"
|
||||
copy_prop("odm_reserved_size", "partition_reserved_size")
|
||||
copy_prop("odm_selinux_fc", "selinux_fc")
|
||||
elif mount_point == "oem":
|
||||
copy_prop("fs_type", "fs_type")
|
||||
copy_prop("oem_size", "partition_size")
|
||||
|
|
@ -692,6 +699,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
|
|||
copy_prop("ext4_share_dup_blocks", "ext4_share_dup_blocks")
|
||||
if not copy_prop("oem_extfs_rsv_pct", "extfs_rsv_pct"):
|
||||
d["extfs_rsv_pct"] = "0"
|
||||
copy_prop("oem_selinux_fc", "selinux_fc")
|
||||
d["partition_name"] = mount_point
|
||||
return d
|
||||
|
||||
|
|
|
|||
|
|
@ -332,13 +332,15 @@ def LoadInfoDict(input_file, repacking=False):
|
|||
raise ValueError("Failed to find 'fstab_version'")
|
||||
|
||||
if repacking:
|
||||
# "selinux_fc" should point to the file_contexts file (file_contexts.bin)
|
||||
# under META/.
|
||||
fc_basename = os.path.basename(d.get("selinux_fc", "file_contexts"))
|
||||
fc_config = os.path.join(input_file, "META", fc_basename)
|
||||
assert os.path.exists(fc_config)
|
||||
# "selinux_fc" properties should point to the file_contexts files
|
||||
# (file_contexts.bin) under META/.
|
||||
for key in d:
|
||||
if key.endswith("selinux_fc"):
|
||||
fc_basename = os.path.basename(d[key])
|
||||
fc_config = os.path.join(input_file, "META", fc_basename)
|
||||
assert os.path.exists(fc_config)
|
||||
|
||||
d["selinux_fc"] = fc_config
|
||||
d[key] = fc_config
|
||||
|
||||
# Similarly we need to redirect "root_dir", and "root_fs_config".
|
||||
d["root_dir"] = os.path.join(input_file, "ROOT")
|
||||
|
|
|
|||
|
|
@ -160,7 +160,6 @@ default_system_misc_info_keys = [
|
|||
|
||||
default_other_item_list = [
|
||||
'META/boot_filesystem_config.txt',
|
||||
'META/file_contexts.bin',
|
||||
'META/otakeys.txt',
|
||||
'META/releasetools.py',
|
||||
'META/vendor_filesystem_config.txt',
|
||||
|
|
@ -501,6 +500,18 @@ def process_misc_info_txt(system_target_files_temp_dir,
|
|||
list_suffix='_partition_list')
|
||||
merged_info_dict.update(merged_dynamic_partitions_dict)
|
||||
|
||||
# Replace <image>_selinux_fc values with system or other file_contexts.bin
|
||||
# depending on which dictionary the key came from.
|
||||
# Only the file basename is required because all selinux_fc properties are
|
||||
# replaced with the full path to the file under META/ when misc_info.txt is
|
||||
# loaded from target files for repacking. See common.py LoadInfoDict().
|
||||
for key in merged_info_dict:
|
||||
if key.endswith('_selinux_fc'):
|
||||
merged_info_dict[key] = 'other_file_contexts.bin'
|
||||
for key in system_info_dict:
|
||||
if key.endswith('_selinux_fc'):
|
||||
merged_info_dict[key] = 'system_file_contexts.bin'
|
||||
|
||||
output_misc_info_txt = os.path.join(output_target_files_temp_dir, 'META',
|
||||
'misc_info.txt')
|
||||
write_sorted_data(data=merged_info_dict, path=output_misc_info_txt)
|
||||
|
|
@ -605,6 +616,28 @@ def process_apex_keys_apk_certs_common(system_target_files_dir,
|
|||
write_sorted_data(data=other_dict.values(), path=output_file)
|
||||
|
||||
|
||||
def copy_file_contexts(system_target_files_dir, other_target_files_dir,
|
||||
output_target_files_dir):
|
||||
"""Creates named copies of each build's file_contexts.bin in output META/."""
|
||||
system_fc_path = os.path.join(system_target_files_dir, 'META', 'system_file_contexts.bin')
|
||||
if not os.path.exists(system_fc_path):
|
||||
system_fc_path = os.path.join(system_target_files_dir, 'META', 'file_contexts.bin')
|
||||
if not os.path.exists(system_fc_path):
|
||||
raise ValueError('Missing system file_contexts.bin.')
|
||||
shutil.copyfile(
|
||||
system_fc_path,
|
||||
os.path.join(output_target_files_dir, 'META', 'system_file_contexts.bin'))
|
||||
|
||||
other_fc_path = os.path.join(other_target_files_dir, 'META', 'other_file_contexts.bin')
|
||||
if not os.path.exists(other_fc_path):
|
||||
other_fc_path = os.path.join(other_target_files_dir, 'META', 'file_contexts.bin')
|
||||
if not os.path.exists(other_fc_path):
|
||||
raise ValueError('Missing other file_contexts.bin.')
|
||||
shutil.copyfile(
|
||||
other_fc_path,
|
||||
os.path.join(output_target_files_dir, 'META', 'other_file_contexts.bin'))
|
||||
|
||||
|
||||
def process_special_cases(system_target_files_temp_dir,
|
||||
other_target_files_temp_dir,
|
||||
output_target_files_temp_dir, system_misc_info_keys,
|
||||
|
|
@ -638,6 +671,11 @@ def process_special_cases(system_target_files_temp_dir,
|
|||
append_recovery_to_filesystem_config(
|
||||
output_target_files_temp_dir=output_target_files_temp_dir)
|
||||
|
||||
copy_file_contexts(
|
||||
system_target_files_dir=system_target_files_temp_dir,
|
||||
other_target_files_dir=other_target_files_temp_dir,
|
||||
output_target_files_dir=output_target_files_temp_dir)
|
||||
|
||||
process_misc_info_txt(
|
||||
system_target_files_temp_dir=system_target_files_temp_dir,
|
||||
other_target_files_temp_dir=other_target_files_temp_dir,
|
||||
|
|
|
|||
Loading…
Reference in New Issue