StrixOS/build_soong
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "vendor apex: label apex_manifest as vendor_apex_metadata_file"

Browse Source
This commit is contained in:
Jooyung Han
2023-06-07 23:59:59 +00:00
committed by Gerrit Code Review
parent 226354ab1d be95390729
commit 4137756d2d
2 changed files with 25 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
apex/apex_test.go
View File

@@ -786,18 +786,16 @@ func TestApexManifestMinSdkVersion(t *testing.T) {
} }
func TestFileContexts(t *testing.T) { func TestFileContexts(t *testing.T) {
for _, useFileContextsAsIs := range []bool{true, false} { for _, vendor := range []bool{true, false} {
prop := "" prop := ""
if useFileContextsAsIs { if vendor {
prop = "use_file_contexts_as_is: true,\n" prop = "vendor: true,\n"
} }
ctx := testApex(t, ` ctx := testApex(t, `
apex { apex {
name: "myapex", name: "myapex",
key: "myapex.key", key: "myapex.key",
file_contexts: "file_contexts",
updatable: false, updatable: false,
vendor: true,
`+prop+` `+prop+`
} }
@@ -806,18 +804,17 @@ func TestFileContexts(t *testing.T) {
public_key: "testkey.avbpubkey", public_key: "testkey.avbpubkey",
private_key: "testkey.pem", private_key: "testkey.pem",
} }
`, withFiles(map[string][]byte{ `)
"file_contexts": nil,
}))
rule := ctx.ModuleForTests("myapex", "android_common_myapex_image").Output("file_contexts") rule := ctx.ModuleForTests("myapex", "android_common_myapex_image").Output("file_contexts")
forceLabellingCommand := "apex_manifest\\\\.pb u:object_r:system_file:s0" if vendor {
if useFileContextsAsIs { android.AssertStringDoesContain(t, "should force-label as vendor_apex_metadata_file",
android.AssertStringDoesNotContain(t, "should force-label", rule.RuleParams.Command,
rule.RuleParams.Command, forceLabellingCommand) "apex_manifest\\\\.pb u:object_r:vendor_apex_metadata_file:s0")
} else { } else {
android.AssertStringDoesContain(t, "shouldn't force-label", android.AssertStringDoesContain(t, "should force-label as system_file",
rule.RuleParams.Command, forceLabellingCommand) rule.RuleParams.Command,
"apex_manifest\\\\.pb u:object_r:system_file:s0")
} }
} }
} }

21
apex/builder.go
View File

@@ -330,7 +330,7 @@ func (a *apexBundle) buildManifest(ctx android.ModuleContext, provideNativeLibs,
// buildFileContexts create build rules to append an entry for apex_manifest.pb to the file_contexts // buildFileContexts create build rules to append an entry for apex_manifest.pb to the file_contexts
// file for this APEX which is either from /systme/sepolicy/apex/<apexname>-file_contexts or from // file for this APEX which is either from /systme/sepolicy/apex/<apexname>-file_contexts or from
// the file_contexts property of this APEX. This is to make sure that the manifest file is correctly // the file_contexts property of this APEX. This is to make sure that the manifest file is correctly
// labeled as system_file. // labeled as system_file or vendor_apex_metadata_file.
func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) android.OutputPath { func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) android.OutputPath {
var fileContexts android.Path var fileContexts android.Path
var fileContextsDir string var fileContextsDir string
@@ -362,6 +362,13 @@ func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) android.Output
output := android.PathForModuleOut(ctx, "file_contexts") output := android.PathForModuleOut(ctx, "file_contexts")
rule := android.NewRuleBuilder(pctx, ctx) rule := android.NewRuleBuilder(pctx, ctx)
forceLabel := "u:object_r:system_file:s0"
if a.SocSpecific() && !a.vndkApex {
// APEX on /vendor should label ./ and ./apex_manifest.pb as vendor_apex_metadata_file.
// The reason why we skip VNDK APEX is that aosp_{pixel device} targets install VNDK APEX on /vendor
// even though VNDK APEX is supposed to be installed on /system. (See com.android.vndk.current.on_vendor)
forceLabel = "u:object_r:vendor_apex_metadata_file:s0"
}
switch a.properties.ApexType { switch a.properties.ApexType {
case imageApex: case imageApex:
// remove old file // remove old file
@@ -371,9 +378,9 @@ func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) android.Output
// new line // new line
rule.Command().Text("echo").Text(">>").Output(output) rule.Command().Text("echo").Text(">>").Output(output)
if !useFileContextsAsIs { if !useFileContextsAsIs {
// force-label /apex_manifest.pb and / as system_file so that apexd can read them // force-label /apex_manifest.pb and /
rule.Command().Text("echo").Flag("/apex_manifest\\\\.pb u:object_r:system_file:s0").Text(">>").Output(output) rule.Command().Text("echo").Text("/apex_manifest\\\\.pb").Text(forceLabel).Text(">>").Output(output)
rule.Command().Text("echo").Flag("/ u:object_r:system_file:s0").Text(">>").Output(output) rule.Command().Text("echo").Text("/").Text(forceLabel).Text(">>").Output(output)
} }
case flattenedApex: case flattenedApex:
// For flattened apexes, install path should be prepended. // For flattened apexes, install path should be prepended.
@@ -388,9 +395,9 @@ func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) android.Output
// new line // new line
rule.Command().Text("echo").Text(">>").Output(output) rule.Command().Text("echo").Text(">>").Output(output)
if !useFileContextsAsIs { if !useFileContextsAsIs {
// force-label /apex_manifest.pb and / as system_file so that apexd can read them // force-label /apex_manifest.pb and /
rule.Command().Text("echo").Flag(apexPath + `/apex_manifest\\.pb u:object_r:system_file:s0`).Text(">>").Output(output) rule.Command().Text("echo").Text(apexPath + "/apex_manifest\\\\.pb").Text(forceLabel).Text(">>").Output(output)
rule.Command().Text("echo").Flag(apexPath + "/ u:object_r:system_file:s0").Text(">>").Output(output) rule.Command().Text("echo").Text(apexPath + "/").Text(forceLabel).Text(">>").Output(output)
} }
default: default:
panic(fmt.Errorf("unsupported type %v", a.properties.ApexType)) panic(fmt.Errorf("unsupported type %v", a.properties.ApexType))