Merge "apex: add apex_manifest.pb in file_contexts" am: dd85fd89b0 am: 5b811c02e2

Original change: https://android-review.googlesource.com/c/platform/build/soong/+/1348942

Change-Id: I558889c69e09e79455b75c4399826fcaab9101fc
This commit is contained in:
Jooyung Han
2020-06-25 06:54:28 +00:00
committed by Automerger Merge Worker
3 changed files with 109 additions and 97 deletions

View File

@@ -16,7 +16,6 @@ package apex
import ( import (
"fmt" "fmt"
"path"
"path/filepath" "path/filepath"
"sort" "sort"
"strings" "strings"
@@ -1344,7 +1343,7 @@ type apexBundle struct {
container_certificate_file android.Path container_certificate_file android.Path
container_private_key_file android.Path container_private_key_file android.Path
fileContexts android.Path fileContexts android.WritablePath
// list of files to be included in this apex // list of files to be included in this apex
filesInfo []apexFile filesInfo []apexFile
@@ -2290,22 +2289,6 @@ func (a *apexBundle) GenerateAndroidBuildActions(ctx android.ModuleContext) {
a.installDir = android.PathForModuleInstall(ctx, "apex") a.installDir = android.PathForModuleInstall(ctx, "apex")
a.filesInfo = filesInfo a.filesInfo = filesInfo
if a.properties.ApexType != zipApex {
if a.properties.File_contexts == nil {
a.fileContexts = android.PathForSource(ctx, "system/sepolicy/apex", ctx.ModuleName()+"-file_contexts")
} else {
a.fileContexts = android.PathForModuleSrc(ctx, *a.properties.File_contexts)
if a.Platform() {
if matched, err := path.Match("system/sepolicy/**/*", a.fileContexts.String()); err != nil || !matched {
ctx.PropertyErrorf("file_contexts", "should be under system/sepolicy, but %q", a.fileContexts)
}
}
}
if !android.ExistentPathForSource(ctx, a.fileContexts.String()).Valid() {
ctx.PropertyErrorf("file_contexts", "cannot find file_contexts file: %q", a.fileContexts)
return
}
}
// Optimization. If we are building bundled APEX, for the files that are gathered due to the // Optimization. If we are building bundled APEX, for the files that are gathered due to the
// transitive dependencies, don't place them inside the APEX, but place a symlink pointing // transitive dependencies, don't place them inside the APEX, but place a symlink pointing
// the same library in the system partition, thus effectively sharing the same libraries // the same library in the system partition, thus effectively sharing the same libraries
@@ -2329,6 +2312,8 @@ func (a *apexBundle) GenerateAndroidBuildActions(ctx android.ModuleContext) {
// prepare apex_manifest.json // prepare apex_manifest.json
a.buildManifest(ctx, provideNativeLibs, requireNativeLibs) a.buildManifest(ctx, provideNativeLibs, requireNativeLibs)
a.buildFileContexts(ctx)
a.setCertificateAndPrivateKey(ctx) a.setCertificateAndPrivateKey(ctx)
if a.properties.ApexType == flattenedApex { if a.properties.ApexType == flattenedApex {
a.buildFlattenedApex(ctx) a.buildFlattenedApex(ctx)

View File

@@ -3480,110 +3480,104 @@ func TestApexInVariousPartition(t *testing.T) {
} }
} }
func TestFileContexts(t *testing.T) { func TestFileContexts_FindInDefaultLocationIfNotSet(t *testing.T) {
ctx, _ := testApex(t, ` ctx, _ := testApex(t, `
apex { apex {
name: "myapex", name: "myapex",
key: "myapex.key", key: "myapex.key",
} }
apex_key { apex_key {
name: "myapex.key", name: "myapex.key",
public_key: "testkey.avbpubkey", public_key: "testkey.avbpubkey",
private_key: "testkey.pem", private_key: "testkey.pem",
} }
`) `)
module := ctx.ModuleForTests("myapex", "android_common_myapex_image") module := ctx.ModuleForTests("myapex", "android_common_myapex_image")
apexRule := module.Rule("apexRule") rule := module.Output("file_contexts")
actual := apexRule.Args["file_contexts"] ensureContains(t, rule.RuleParams.Command, "cat system/sepolicy/apex/myapex-file_contexts")
expected := "system/sepolicy/apex/myapex-file_contexts" }
if actual != expected {
t.Errorf("wrong file_contexts. expected %q. actual %q", expected, actual)
}
func TestFileContexts_ShouldBeUnderSystemSepolicyForSystemApexes(t *testing.T) {
testApexError(t, `"myapex" .*: file_contexts: should be under system/sepolicy`, ` testApexError(t, `"myapex" .*: file_contexts: should be under system/sepolicy`, `
apex { apex {
name: "myapex", name: "myapex",
key: "myapex.key", key: "myapex.key",
file_contexts: "my_own_file_contexts", file_contexts: "my_own_file_contexts",
} }
apex_key { apex_key {
name: "myapex.key", name: "myapex.key",
public_key: "testkey.avbpubkey", public_key: "testkey.avbpubkey",
private_key: "testkey.pem", private_key: "testkey.pem",
} }
`, withFiles(map[string][]byte{ `, withFiles(map[string][]byte{
"my_own_file_contexts": nil, "my_own_file_contexts": nil,
})) }))
}
func TestFileContexts_ProductSpecificApexes(t *testing.T) {
testApexError(t, `"myapex" .*: file_contexts: cannot find`, ` testApexError(t, `"myapex" .*: file_contexts: cannot find`, `
apex { apex {
name: "myapex", name: "myapex",
key: "myapex.key", key: "myapex.key",
product_specific: true, product_specific: true,
file_contexts: "product_specific_file_contexts", file_contexts: "product_specific_file_contexts",
} }
apex_key { apex_key {
name: "myapex.key", name: "myapex.key",
public_key: "testkey.avbpubkey", public_key: "testkey.avbpubkey",
private_key: "testkey.pem", private_key: "testkey.pem",
} }
`) `)
ctx, _ = testApex(t, ` ctx, _ := testApex(t, `
apex { apex {
name: "myapex", name: "myapex",
key: "myapex.key", key: "myapex.key",
product_specific: true, product_specific: true,
file_contexts: "product_specific_file_contexts", file_contexts: "product_specific_file_contexts",
} }
apex_key { apex_key {
name: "myapex.key", name: "myapex.key",
public_key: "testkey.avbpubkey", public_key: "testkey.avbpubkey",
private_key: "testkey.pem", private_key: "testkey.pem",
} }
`, withFiles(map[string][]byte{ `, withFiles(map[string][]byte{
"product_specific_file_contexts": nil, "product_specific_file_contexts": nil,
})) }))
module = ctx.ModuleForTests("myapex", "android_common_myapex_image") module := ctx.ModuleForTests("myapex", "android_common_myapex_image")
apexRule = module.Rule("apexRule") rule := module.Output("file_contexts")
actual = apexRule.Args["file_contexts"] ensureContains(t, rule.RuleParams.Command, "cat product_specific_file_contexts")
expected = "product_specific_file_contexts" }
if actual != expected {
t.Errorf("wrong file_contexts. expected %q. actual %q", expected, actual)
}
ctx, _ = testApex(t, ` func TestFileContexts_SetViaFileGroup(t *testing.T) {
apex { ctx, _ := testApex(t, `
name: "myapex", apex {
key: "myapex.key", name: "myapex",
product_specific: true, key: "myapex.key",
file_contexts: ":my-file-contexts", product_specific: true,
} file_contexts: ":my-file-contexts",
}
apex_key { apex_key {
name: "myapex.key", name: "myapex.key",
public_key: "testkey.avbpubkey", public_key: "testkey.avbpubkey",
private_key: "testkey.pem", private_key: "testkey.pem",
} }
filegroup { filegroup {
name: "my-file-contexts", name: "my-file-contexts",
srcs: ["product_specific_file_contexts"], srcs: ["product_specific_file_contexts"],
} }
`, withFiles(map[string][]byte{ `, withFiles(map[string][]byte{
"product_specific_file_contexts": nil, "product_specific_file_contexts": nil,
})) }))
module = ctx.ModuleForTests("myapex", "android_common_myapex_image") module := ctx.ModuleForTests("myapex", "android_common_myapex_image")
apexRule = module.Rule("apexRule") rule := module.Output("file_contexts")
actual = apexRule.Args["file_contexts"] ensureContains(t, rule.RuleParams.Command, "cat product_specific_file_contexts")
expected = "product_specific_file_contexts"
if actual != expected {
t.Errorf("wrong file_contexts. expected %q. actual %q", expected, actual)
}
} }
func TestApexKeyFromOtherModule(t *testing.T) { func TestApexKeyFromOtherModule(t *testing.T) {

View File

@@ -17,6 +17,7 @@ package apex
import ( import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"path"
"path/filepath" "path/filepath"
"runtime" "runtime"
"sort" "sort"
@@ -231,6 +232,38 @@ func (a *apexBundle) buildManifest(ctx android.ModuleContext, provideNativeLibs,
}) })
} }
func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) {
if a.properties.ApexType == zipApex {
return
}
var fileContexts android.Path
if a.properties.File_contexts == nil {
fileContexts = android.PathForSource(ctx, "system/sepolicy/apex", ctx.ModuleName()+"-file_contexts")
} else {
fileContexts = android.PathForModuleSrc(ctx, *a.properties.File_contexts)
}
if a.Platform() {
if matched, err := path.Match("system/sepolicy/**/*", fileContexts.String()); err != nil || !matched {
ctx.PropertyErrorf("file_contexts", "should be under system/sepolicy, but %q", fileContexts)
return
}
}
if !android.ExistentPathForSource(ctx, fileContexts.String()).Valid() {
ctx.PropertyErrorf("file_contexts", "cannot find file_contexts file: %q", a.fileContexts)
return
}
output := android.PathForModuleOut(ctx, "file_contexts")
rule := android.NewRuleBuilder()
rule.Command().Text("rm").FlagWithOutput("-f ", output)
rule.Command().Text("cat").Input(fileContexts).Text(">>").Output(output)
rule.Command().Text("echo").Text(">>").Output(output)
rule.Command().Text("echo").Flag("/apex_manifest\\\\.pb u:object_r:system_file:s0").Text(">>").Output(output)
rule.Build(pctx, ctx, "file_contexts."+a.Name(), "Generate file_contexts")
a.fileContexts = output.OutputPath
}
func (a *apexBundle) buildNoticeFiles(ctx android.ModuleContext, apexFileName string) android.NoticeOutputs { func (a *apexBundle) buildNoticeFiles(ctx android.ModuleContext, apexFileName string) android.NoticeOutputs {
var noticeFiles android.Paths var noticeFiles android.Paths