From b5055394a98e26bdf86436956dcacbee014ae2fa Mon Sep 17 00:00:00 2001
From: Cole Faust <colefaust@google.com>
Date: Wed, 27 Sep 2023 13:44:40 -0700
Subject: [PATCH] AVB and selinux support in partitions

Bug: 297269187
Test: m bazel_sandwich (updated partition_inspector to show selinux contexts, but still haven't figured out how to show avb information)
Change-Id: I6911c2fc75495f9722887925d8609c9a171901c6
---
 android/variable.go                 |  8 +++++
 bp2build/bp2build_product_config.go | 49 ++++++++++++++++++++++++++++-
 2 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/android/variable.go b/android/variable.go
index 6af0f18d0..785004b47 100644
--- a/android/variable.go
+++ b/android/variable.go
@@ -512,6 +512,12 @@ type PartitionVariables struct {
 		ProductBaseFsPath           string `json:",omitempty"`
 		ProductHeadroom             string `json:",omitempty"`
 		ProductVerityPartition      string `json:",omitempty"`
+
+		BoardAvbAddHashtreeFooterArgs string `json:",omitempty"`
+		BoardAvbKeyPath               string `json:",omitempty"`
+		BoardAvbAlgorithm             string `json:",omitempty"`
+		BoardAvbRollbackIndex         string `json:",omitempty"`
+		BoardAvbRollbackIndexLocation string `json:",omitempty"`
 	}
 	TargetUserimagesUseExt2 bool `json:",omitempty"`
 	TargetUserimagesUseExt3 bool `json:",omitempty"`
@@ -534,6 +540,8 @@ type PartitionVariables struct {
 	BoardBuildGkiBootImageWithoutRamdisk bool   `json:",omitempty"`
 	ProductUseDynamicPartitionSize       bool   `json:",omitempty"`
 	CopyImagesForTargetFilesZip          bool   `json:",omitempty"`
+
+	BoardAvbEnable bool `json:",omitempty"`
 }
 
 func boolPtr(v bool) *bool {
diff --git a/bp2build/bp2build_product_config.go b/bp2build/bp2build_product_config.go
index 2f9e9cc56..2bcf9337b 100644
--- a/bp2build/bp2build_product_config.go
+++ b/bp2build/bp2build_product_config.go
@@ -326,6 +326,8 @@ func platformMappingSingleProduct(
 		result.WriteString(fmt.Sprintf("    --//build/bazel/product_config:manifest_package_name_overrides=%s\n", strings.Join(productVariables.ManifestPackageNameOverrides, ",")))
 		result.WriteString(fmt.Sprintf("    --//build/bazel/product_config:native_coverage=%t\n", proptools.Bool(productVariables.Native_coverage)))
 		result.WriteString(fmt.Sprintf("    --//build/bazel/product_config:platform_sdk_final=%t\n", proptools.Bool(productVariables.Platform_sdk_final)))
+		result.WriteString(fmt.Sprintf("    --//build/bazel/product_config:platform_security_patch=%s\n", proptools.String(productVariables.Platform_security_patch)))
+		result.WriteString(fmt.Sprintf("    --//build/bazel/product_config:platform_version_last_stable=%s\n", proptools.String(productVariables.Platform_version_last_stable)))
 		result.WriteString(fmt.Sprintf("    --//build/bazel/product_config:platform_version_name=%s\n", proptools.String(productVariables.Platform_version_name)))
 		result.WriteString(fmt.Sprintf("    --//build/bazel/product_config:product_brand=%s\n", productVariables.ProductBrand))
 		result.WriteString(fmt.Sprintf("    --//build/bazel/product_config:product_manufacturer=%s\n", productVariables.ProductManufacturer))
@@ -467,6 +469,7 @@ func starlarkMapToProductVariables(in map[string]starlark.Value) (android.Produc
 
 func createTargets(productLabelsToVariables map[bazelLabel]*android.ProductVariables, res map[string]BazelTargets) {
 	createGeneratedAndroidCertificateDirectories(productLabelsToVariables, res)
+	createAvbKeyFilegroups(productLabelsToVariables, res)
 	for label, variables := range productLabelsToVariables {
 		createSystemPartition(label, &variables.PartitionVarsForBazelMigrationOnlyDoNotUse, res)
 	}
@@ -501,10 +504,39 @@ func createGeneratedAndroidCertificateDirectories(productLabelsToVariables map[b
 	}
 }
 
+func createAvbKeyFilegroups(productLabelsToVariables map[bazelLabel]*android.ProductVariables, targets map[string]BazelTargets) {
+	var allAvbKeys []string
+	for _, productVariables := range productLabelsToVariables {
+		for _, partitionVariables := range productVariables.PartitionVarsForBazelMigrationOnlyDoNotUse.PartitionQualifiedVariables {
+			if partitionVariables.BoardAvbKeyPath != "" {
+				if !android.InList(partitionVariables.BoardAvbKeyPath, allAvbKeys) {
+					allAvbKeys = append(allAvbKeys, partitionVariables.BoardAvbKeyPath)
+				}
+			}
+		}
+	}
+	for _, key := range allAvbKeys {
+		dir := filepath.Dir(key)
+		name := filepath.Base(key)
+		content := fmt.Sprintf(`filegroup(
+    name = "%s_filegroup",
+    srcs = ["%s"],
+    visibility = ["//visibility:public"],
+)`, name, name)
+		targets[dir] = append(targets[dir], BazelTarget{
+			name:        name + "_filegroup",
+			packageName: dir,
+			content:     content,
+			ruleClass:   "filegroup",
+		})
+	}
+}
+
 func createSystemPartition(platformLabel bazelLabel, variables *android.PartitionVariables, targets map[string]BazelTargets) {
 	if !variables.PartitionQualifiedVariables["system"].BuildingImage {
 		return
 	}
+	qualifiedVariables := variables.PartitionQualifiedVariables["system"]
 
 	imageProps := generateImagePropDictionary(variables, "system")
 	imageProps["skip_fsck"] = "true"
@@ -517,6 +549,19 @@ func createSystemPartition(platformLabel bazelLabel, variables *android.Partitio
 		properties.WriteRune('\n')
 	}
 
+	var extraProperties strings.Builder
+	if variables.BoardAvbEnable {
+		extraProperties.WriteString("    avb_enable = True,\n")
+		extraProperties.WriteString(fmt.Sprintf("    avb_add_hashtree_footer_args = %q,\n", qualifiedVariables.BoardAvbAddHashtreeFooterArgs))
+		keypath := qualifiedVariables.BoardAvbKeyPath
+		if keypath != "" {
+			extraProperties.WriteString(fmt.Sprintf("    avb_key = \"//%s:%s\",\n", filepath.Dir(keypath), filepath.Base(keypath)+"_filegroup"))
+			extraProperties.WriteString(fmt.Sprintf("    avb_algorithm = %q,\n", qualifiedVariables.BoardAvbAlgorithm))
+			extraProperties.WriteString(fmt.Sprintf("    avb_rollback_index = %s,\n", qualifiedVariables.BoardAvbRollbackIndex))
+			extraProperties.WriteString(fmt.Sprintf("    avb_rollback_index_location = %s,\n", qualifiedVariables.BoardAvbRollbackIndexLocation))
+		}
+	}
+
 	targets[platformLabel.pkg] = append(targets[platformLabel.pkg], BazelTarget{
 		name:        "system_image",
 		packageName: platformLabel.pkg,
@@ -525,11 +570,13 @@ func createSystemPartition(platformLabel bazelLabel, variables *android.Partitio
     base_staging_dir = "//build/bazel/bazel_sandwich:system_staging_dir",
     base_staging_dir_file_list = "//build/bazel/bazel_sandwich:system_staging_dir_file_list",
     root_dir = "//build/bazel/bazel_sandwich:root_staging_dir",
+    selinux_file_contexts = "//build/bazel/bazel_sandwich:selinux_file_contexts",
     image_properties = """
 %s
 """,
+%s
     type = "system",
-)`, properties.String()),
+)`, properties.String(), extraProperties.String()),
 		ruleClass: "partition",
 		loads: []BazelLoad{{
 			file: "//build/bazel/rules/partitions:partition.bzl",