Commit graph

30 commits

Author SHA1 Message Date
Roland Levillain
5ca32dfec5 Fix typo in error message in tools/fs_config/fs_config_generator.py.
Test: n/a
Change-Id: I46682483803e1c7c71fb07157d0ef9c990152d93
2019-08-07 15:51:01 +01:00
Tom Cherry
fb303a5903 Generate /etc/{passwd,group} for all partitions
Bug: 73062966
Test: can load AIDs from partitions other than vendor
Test: bionic-unit-tests
Merged-In: Ia85abbeefe5a945369970f2aef42692e07ab8c09
Change-Id: Ia85abbeefe5a945369970f2aef42692e07ab8c09
2019-07-22 21:41:17 +00:00
Felix
8453f02c65 fs_config: Fix cases without vendor/oem partition
If the device has neither an OEM nor a vendor partiton,
$PRIVATE_PARTITION_LIST will be empty, causing the fsconfig tool to fail
because the "--all-partitions" argument will be empty.

Quote the comma-substituted "$(PRIVATE_PARTITION_LIST)" - which may be
empty - to appease argparse, which will then populate "_all_partitions"
with an empty "str" object.

Checking _all_partitions against None is superfluous since either
argparse will catch the empty argument and fail early, or the argument
will be a string, in which case it will not be None.

Signed-off-by: Felix <google@ix5.org>
Change-Id: I236e30445b303b4945467b5dc4387d54b5d984f9
2019-05-29 22:24:05 +02:00
Tom Cherry
9d924f67d3 Use fs_config_generator.py to generate fs_config_files/dirs directly
We want to remove target specific host tools and since
fs_config_generate is compiled with a target specific header file, we
instead remove fs_config_generate entirely and allow python to build
the fs_config_files/dirs files directly from config.fs files and
parsed C headers.

Test: associated unit tests and new end to end test
Test: aosp_sailfish, aosp_crosshatch build produces valid fs_config files
Test: aosp_cf_x86_phone build correctly produces empty fs_config files
Change-Id: Idbc63ff56c0979e1e4c17721371de9d9d02dc8ff
2019-02-15 09:44:09 -08:00
Tom Cherry
766adc9cbc Fix failing test_fs_config_generator.py tests
Also run pylint and yapf to fix the style issues.

Test: these same tests
Change-Id: I0a783f7a6f08a90f615d94e9d16da0f314b7813f
2019-02-13 14:34:42 -08:00
Joe Onorato
2afb6eb22e Add a print command to fs_config_generator.py
This prints the uid map in a very simple format, with
AID_CONSTANT<space>uid
on each line.  This is super easy for other tools to
parse, and generate their own mappings, without requiring
edits to fs_config_generator.py itself.

Test: make, treehugger
Change-Id: I10e24ac29d440a24d43580880343d122ae1cdf02
2018-12-13 11:38:07 -08:00
Mark Salyzyn
640816eb42 fs_config: remove empty fs_config_* automation.
The code to manage citing empty <partition>/etc/fs_config_{files|dirs}
content by specifically setting the file(s) to access mode 00000 is
bitrotted and ill-suited for multiple partitions and was written for
a more paranoid time when DAC and MAC rules were not nearly as mature.

Striking out the complications as it affected deterministic results.

Test: compile and boot
Bug: 119310326
Change-Id: Iec02e0c1194eaa799ab95adff4ff0951a24652a4
2018-12-12 08:40:19 -08:00
Vic Yang
5b3a7c0069 Move android_ids from .data.rel.ro to .rodata
Pages in .data.rel.ro are always dirty.  Move whatever we can to
.rodata so that we reduce memory pressure.

The size of rodata, text, and data.rel.ro sections of libc on cuttlefish
before/after this change:
    rodata: 0xfd70 -> 0x101d0 (+1120 bytes)
    text: 0xb5715 -> 0xb56e5 (-48 bytes)
    data.rel.ro: 0x57e0 -> 0x5230 (-1456 bytes)

While this change alone doesn't reduce the number of dirty pages
from data.rel.ro on cuttlefish, it is a step in that direction.

Test: Build and boot cuttlefish
Change-Id: Iff8203940495109dd01c40f31b034cfb2882e7f4
2018-12-05 00:10:19 -08:00
Wei Wang
77e329a6a6 fs_config_generator: use vendor shell for vendor AID
Bug: 109748241
Test: Build and check generated file
Change-Id: Ib6bca77aa906a1aa9ed41c51bddb2871ecb66e1a
2018-06-06 15:14:42 -07:00
Wei Wang
3b5d3b1525 Remove comment line in generated passwd file
The man page for the password file (man 5 passwd) does not mention any
provisions for comment line other than comment field

Bug: 109748241
Test: Build and check generated file
Change-Id: I2912d0844cf3f077184129d1a0121b50b09ef1e3
2018-06-05 15:34:58 -07:00
Tom Cherry
2d197a1e19 Require a vendor_ prefix for users/groups in /vendor/etc/{passwd,group}
Bug: 79528966
Test: successful build with vendor_ prefixed users/groups
Test: expected build failure when not using vendor_ prefixed users/groups
Change-Id: If006c70178aa5bdcc9521a06ef8df2500f70bbb9
2018-05-14 13:16:50 -07:00
Tom Cherry
ee0610e86c Add compile time check that friendly AID names are < 32 characters
There is an internal buffer in bionic for user/group names that is 32
characters long including the trailing null, so we must restrict the
length of these names during compile time.

Bug: 27999086
Test: Successfully compile a valid config.fs
Test: Fail to compile a config.fs with AID name > 31 characters
Change-Id: I7fe887c630dd4d1033b86a5d8332480eb3b0fa07
2018-02-09 18:46:13 +00:00
doheon1.lee
5cd3bcab86 fsconfig: Use defined macro for masking
Mask opeation with CAP_ prefixed name can be wrapped with
CAP_MASK_LONG macro.

Change-Id: Ide31ad62fac0d28e7a02e45059fe6d2461da7e27
2017-04-03 15:17:06 +09:00
William Roberts
4165c635b8 fsconfig: fix pylint warning
Fix pylint warning:
W:292,47: Cell variable lineno defined in loop (cell-var-from-loop)

For the closure function that prints the error message, we actually
want the value of modified lineno within the closure.

Test: run unit tests

Change-Id: I7d08184563d347c826ca1af7558fb8e378f151e1
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2017-01-04 18:22:05 +00:00
William Roberts
820421c9b5 fsconfig: fix style formating with yapf
A few changes got introduced that yapf re-styles. To make it easy,
keep this file formated to:

yapf -i --style=google fs_config_generator.py

Test: run unit tests

Change-Id: I3160b92d7fd07a4d315dde59f1d20fe4c7587da1
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2017-01-04 18:21:28 +00:00
Johan Redestig
1552a28e5f fs_config: Fix oem range parsing
Addresses the following build error:
  "value" not in valid range [], got: 2901 for: "AID_ABC" file:\
  "device/somc/abc/config.fs"

that happens when parsing device/somc/abc/config.fs:
  [AID_ABC]
  value: 2901

The problem is that the AID.PREFIX is 'AID_' so the _OEM_RANGE
expression is searching for AID__OEM_RESERVED, which never
exists. Drop the extra '_'.

Change-Id: I8a1556731e14e49cef66e3e91121e4be23a308e0
Test: ./build/tools/fs_config/fs_config_generator.py fsconfig --aid-header=system/core/include/private/android_filesystem_config.h device/somc/abc/config.fs
2017-01-03 09:45:33 +01:00
Elliott Hughes
2d7c86dfea Revert "Revert "Merge changes from topic 'fsconfig-2'""
This reverts commit fad4b4b715.

Incorporating the following fixes:

1.

fsconfig: fix fs_config_* build for discovered headers

When android_file system_config.h is picked up from the device
directory, neither TARGET_FS_CONFIG_GEN or TARGET_ANDROID_FILESYSTEM_CONFIG_H
are specified. Thus, the build is not generating the required fs_config_files
and fs_config_dirs.

Test: Ensure that make fs_config_files works, and produces the same output as before
      Build the system image and mount it as a loop back and dump the file system
      capabilities with getcap. Verify that output to the supplied
      android_file system_config.h

From the loopback of the system.img mount, from CWD system/bin:
$ getcap *
cnss-daemon = cap_net_bind_service+ep
hostapd = cap_net_admin,cap_net_raw+ep
imsdatadaemon = cap_net_bind_service+ep
ims_rtp_daemon = cap_net_bind_service+ep
logd = cap_setgid,cap_audit_control,cap_syslog+ep
mm-qcamera-daemon = cap_sys_nice+ep
pm-service = cap_net_bind_service+ep
run-as = cap_setgid,cap_setuid+ep
surfaceflinger = cap_sys_nice+ep
webview_zygote32 = cap_setgid,cap_setuid,cap_setpcap+ep
webview_zygote64 = cap_setgid,cap_setuid,cap_setpcap+ep

Compared to the android_filesystem_config.h:
    { 00700, AID_CAMERA,    AID_SHELL,     (1ULL << CAP_SYS_NICE), "system/bin/mm-qcamera-daemon" },
    { 00755, AID_SYSTEM,    AID_SYSTEM,    (1ULL << CAP_NET_BIND_SERVICE), "system/bin/pm-service" },
    { 00755, AID_SYSTEM,    AID_SYSTEM,    (1ULL << CAP_NET_BIND_SERVICE), "system/bin/imsdatadaemon" },
    { 00755, AID_SYSTEM,    AID_RADIO,     (1ULL << CAP_NET_BIND_SERVICE), "system/bin/ims_rtp_daemon" },
    { 00755, AID_SYSTEM,    AID_SYSTEM,    (1ULL << CAP_NET_BIND_SERVICE), "system/bin/cnss-daemon"},

2.

fsconfig: fix error message for duplicate AID

Fixes:
    raise ValueError('Duplicate aid value "%u" for %s' % value,
TypeError: %u format: a number is required, not str

and

    raise ValueError('Duplicate aid value "%s" for %s' % value,
TypeError: not enough arguments for format string

3.

fsconfig: add test for duplicate ranges

Add a test for duplicate range detection.

4.

fsconfig: skip AID_APP, AID_USER and all ranges

Do not output AID_APP, AID_USER and ranges. A range
is defined as ending with AID_ and ending in _START or
_END.

5.

fsconfig: test for skip AID_APP, AID_USER and all ranges

Test against AIDs that caused the bionic tests to fail.

Change-Id: I95569a9ccc83bd3231f8a6f395532cc2de316bd2
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-12-18 10:55:35 -08:00
Elliott Hughes
fad4b4b715 Revert "Merge changes from topic 'fsconfig-2'"
This reverts commit 1b2de51881, reversing
changes made to 77ea32f378.
2016-12-12 17:28:44 -08:00
William Roberts
92ec0ab5e8 fs_config: add unit tests
Add some initial unit tests.

The unit tests themselves are inlined into the tool and
can be executed by running the "test" commandlet.

Example:
$ python -m unittest test_fs_config_generator.Tests
.............
----------------------------------------------------------------------
Ran 13 tests in 0.004s

OK

Test: run the test commandlet and observe for failures.

Change-Id: I1bada385fa841fd50fa958997d440f1198e15198
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-29 22:05:39 -08:00
William Roberts
1c4721c3c5 fs_config: introduce group generator
Introduce a generator that outputs group files per man(5) group.

Succinctly, the output is a colon delimited string containing the following
fields:
  * group name
  * encrypted password (optional)
  * gid (int)
  * userlist (str,...)

Multiple colon delimited lines may exist, but will not be separated
across lines.

Sample generator output:
foo::2900:
foo_bar::2901:
custom_oem1::2902:

Test: That make group produces the group file.
Change-Id: Idd3fe925a09a227c6e894e1b5d2b3873b01531c6
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-29 16:21:17 -08:00
William Roberts
316f9462af fs_config: introduce passwd generator
Introduce a generator that outputs passwd files per man(5) passwd.

Succinctly, the output is a colon delimited string containing the following
fields:

  * login name
  * encrypted password (optional)
  * uid (int)
  * gid (int)
  * User name or comment field
  * home directory
  * interpreter (optional)

Multiple colon delimited lines may exist, but will not be separated
across lines.

When run, produces:

foo::2900:2900::/:/system/bin/sh
foo_bar::2901:2901::/:/system/bin/sh
custom_oem1::2902:2902::/:/system/bin/sh

Note that this generator allows for 0 or more config.fs files. This allows for:
  * Unconditional inclusion of /system/etc/passwd in the generated image
  * A blank passwd file if no config.fs files are specified.

This ensures that when OEMs add config.fs files, there is no additional steps
for proper functionality (simpler for OEMs).

The one draw back is the additional inode consumption on system for a possible
blank file.

Test: That it produces a valid passwd file.
Change-Id: I19691c8260f02147ed861f8a319aeab3f5b1738e
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-29 16:21:17 -08:00
William Roberts
8f42ce71ac fs_config: generate friendly in AID class
Generate the friendly name in one location. This prepares
the tool for generatting passwd and group files.

Also support mapping friendly names to identifiers.

Test: That output files stay the same as before.
Change-Id: I12198611126613eae81ca61614ed269c2439b72b
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-29 16:21:17 -08:00
William Roberts
5f059a7691 fs_config: limit characters for AID_<name> sections
When generating files restrict the characters allowed in
AID_<name> to upercase, numbers, and underscores.

This detects errors ahead of time for generated C files as
well as handles seperation characters for passwd/group files.

This also lends itself to automatic detection of collisions
on friendly names, since freindly names are the lowercase
version of <name>.

Test: That invalid aid values result in a build failure.
Test: That the output files are consistent with ones before
this change (hash and diff checks)
Change-Id: Ie8ec44c1157ba9c22100e9169d9187f615e71280
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-29 16:21:17 -08:00
William Roberts
cfc51f5347 fs_config: generate oem AID header file
Generate an OEM AID_<name> header file seperate from fs_config
header file and provide details on how to export this interface
into native code.

Test: That ls, ps, chown and services function for built in
services as before.
Change-Id: Ie8ce6585e0721b52633ee50d62dcfe796e178f65
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-29 16:21:17 -08:00
William Roberts
d7104bca65 fs_config: android_id header generator
Implement an android_id generator that takes the data
acquired from parsing private/android_filesystem_config.h
and generates the android_id friendly name to uid mapping
for consumption in Bionic.

Test: That ls, ps, mkdir, chown, chgrp and services for built
in names work.
Change-Id: I1e55a401be0fca0ad162f8dc1e072e6afde7b927
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-29 16:21:17 -08:00
William Roberts
64edf5bb97 fs_config: support parsing android_filesystem_config.h
Rather than hardcode the OEM ranges, parse and extract
AID values from android_filesystem_config.h.

An AID is defined to the tool as:
  * #define AID_<name>

An OEM Range is defined to the the tool as:
  * AID_OEM_RESERVED_START
  * AID_OEM_RESERVED_END
  or
  * AID_OEM_RESERVED_N_START
  * AID_OEM_RESERVED_N_END

Where N is a number.

While parsing, perform sanity checks such as:
1. AIDs defined in the header cannot be within OEM range
2. OEM Ranges must be valid:
   * Cannot overlap one another.
   * Range START must be less than range END
3. Like the C preproccessor, multiple matching AID_<name> throws
   en error.

The parser introduced here, prepares the tool to output android_ids
consumable for bionic.

Note that some AID_* friendly names were not consistent, thus a small
fixup map had to be placed inside the tool.

Test: tested parsing and dumping the data from android_filesystem_config.h
file.
Change-Id: Ifa4d1c9565d061b60542296fe33c8eba31649e62
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-29 16:21:17 -08:00
William Roberts
11c29283ec fs_config: modularize fs_config_generator
This internally structures fs_config_generator.py to be able
to plug in generators to produce different outputs. This
prepares this tool for group and pwd file outputs.

Test: Checked diff and hash of before and after files.
Change-Id: Ie558518ac227dd946d70ab48027698b72a9bc94a
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-29 16:21:17 -08:00
William Roberts
8cb6a1893e fs_config: move sort to be consistent with other sort
Test: Checked diff and hash of before and after output files, same.
Test: Tested build for basic boot and functionality.
Change-Id: If7806427e3a2a9ddb7a2c9aa14e1e4f9bf696acf
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-17 14:18:38 -08:00
William Roberts
580f2c405d fs_config: include both oem ranges
Support both OEM and OEM2 ranges as defined by
private/android_filesystem_config.h.

Change-Id: I1aef62fa446301bb68b0309b198f3fe8b5eb92c7
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-04-09 08:39:22 -07:00
William Roberts
c950a353c6 fs_config: introduce TARGET_FS_CONFIG_GEN
Introduce TARGET_FS_CONFIG_GEN, an option for generating
android_filesystem_config.h files from multiple intermediate
file formats. See the README for more details.

Change-Id: Ibdb2f65702657802e34b0cec18fb43709d7452bb
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-03-08 13:54:33 -08:00