diff options
| author | Jooyung Han <jooyung@google.com> | 2023-03-02 09:14:35 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2023-03-02 09:14:35 +0000 |
| commit | 7861e65b4811dd51dafad520f2723bca99af56e0 (patch) | |
| tree | 196d4dcea353a693e97f0cd47ed9b6f510ef134b /apex | |
| parent | ba3a44dd1ceb1f10215a091ee89c23891c57f65a (diff) | |
| parent | af73095979facd1e2b5a5bb4e4c8e485f1d2f204 (diff) | |
| download | soong-7861e65b4811dd51dafad520f2723bca99af56e0.tar.gz | |
Merge "Add apex.use_file_contexts_as_is property"
Diffstat (limited to 'apex')
| -rw-r--r-- | apex/apex.go | 4 | ||||
| -rw-r--r-- | apex/apex_test.go | 37 | ||||
| -rw-r--r-- | apex/builder.go | 18 |
3 files changed, 53 insertions, 6 deletions
diff --git a/apex/apex.go b/apex/apex.go index d7d76d1b4..88eb72fef 100644 --- a/apex/apex.go +++ b/apex/apex.go @@ -99,6 +99,10 @@ type apexBundleProperties struct { // /system/sepolicy/apex/<module_name>_file_contexts. File_contexts *string `android:"path"` + // By default, file_contexts is amended by force-labelling / and /apex_manifest.pb as system_file + // to avoid mistakes. When set as true, no force-labelling. + Use_file_contexts_as_is *bool + // Path to the canned fs config file for customizing file's uid/gid/mod/capabilities. The // format is /<path_or_glob> <uid> <gid> <mode> [capabilities=0x<cap>], where path_or_glob is a // path or glob pattern for a file or set of files, uid/gid are numerial values of user ID diff --git a/apex/apex_test.go b/apex/apex_test.go index 53e922cd3..c94bbbb32 100644 --- a/apex/apex_test.go +++ b/apex/apex_test.go @@ -784,6 +784,43 @@ func TestApexManifestMinSdkVersion(t *testing.T) { } } +func TestFileContexts(t *testing.T) { + for _, useFileContextsAsIs := range []bool{true, false} { + prop := "" + if useFileContextsAsIs { + prop = "use_file_contexts_as_is: true,\n" + } + ctx := testApex(t, ` + apex { + name: "myapex", + key: "myapex.key", + file_contexts: "file_contexts", + updatable: false, + vendor: true, + `+prop+` + } + + apex_key { + name: "myapex.key", + public_key: "testkey.avbpubkey", + private_key: "testkey.pem", + } + `, withFiles(map[string][]byte{ + "file_contexts": nil, + })) + + rule := ctx.ModuleForTests("myapex", "android_common_myapex_image").Output("file_contexts") + forceLabellingCommand := "apex_manifest\\\\.pb u:object_r:system_file:s0" + if useFileContextsAsIs { + android.AssertStringDoesNotContain(t, "should force-label", + rule.RuleParams.Command, forceLabellingCommand) + } else { + android.AssertStringDoesContain(t, "shouldn't force-label", + rule.RuleParams.Command, forceLabellingCommand) + } + } +} + func TestBasicZipApex(t *testing.T) { ctx := testApex(t, ` apex { diff --git a/apex/builder.go b/apex/builder.go index 7248d9788..ee6c473bd 100644 --- a/apex/builder.go +++ b/apex/builder.go @@ -333,6 +333,8 @@ func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) android.Output ctx.PropertyErrorf("file_contexts", "cannot find file_contexts file: %q", fileContexts.String()) } + useFileContextsAsIs := proptools.Bool(a.properties.Use_file_contexts_as_is) + output := android.PathForModuleOut(ctx, "file_contexts") rule := android.NewRuleBuilder(pctx, ctx) @@ -344,9 +346,11 @@ func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) android.Output rule.Command().Text("cat").Input(fileContexts).Text(">>").Output(output) // new line rule.Command().Text("echo").Text(">>").Output(output) - // force-label /apex_manifest.pb and / as system_file so that apexd can read them - rule.Command().Text("echo").Flag("/apex_manifest\\\\.pb u:object_r:system_file:s0").Text(">>").Output(output) - rule.Command().Text("echo").Flag("/ u:object_r:system_file:s0").Text(">>").Output(output) + if !useFileContextsAsIs { + // force-label /apex_manifest.pb and / as system_file so that apexd can read them + rule.Command().Text("echo").Flag("/apex_manifest\\\\.pb u:object_r:system_file:s0").Text(">>").Output(output) + rule.Command().Text("echo").Flag("/ u:object_r:system_file:s0").Text(">>").Output(output) + } case flattenedApex: // For flattened apexes, install path should be prepended. // File_contexts file should be emiited to make via LOCAL_FILE_CONTEXTS @@ -359,9 +363,11 @@ func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) android.Output rule.Command().Text("awk").Text(`'/object_r/{printf("` + apexPath + `%s\n", $0)}'`).Input(fileContexts).Text(">").Output(output) // new line rule.Command().Text("echo").Text(">>").Output(output) - // force-label /apex_manifest.pb and / as system_file so that apexd can read them - rule.Command().Text("echo").Flag(apexPath + `/apex_manifest\\.pb u:object_r:system_file:s0`).Text(">>").Output(output) - rule.Command().Text("echo").Flag(apexPath + "/ u:object_r:system_file:s0").Text(">>").Output(output) + if !useFileContextsAsIs { + // force-label /apex_manifest.pb and / as system_file so that apexd can read them + rule.Command().Text("echo").Flag(apexPath + `/apex_manifest\\.pb u:object_r:system_file:s0`).Text(">>").Output(output) + rule.Command().Text("echo").Flag(apexPath + "/ u:object_r:system_file:s0").Text(">>").Output(output) + } default: panic(fmt.Errorf("unsupported type %v", a.properties.ApexType)) } |