Add apex.use_file_contexts_as_is property
When set true, use file_contexts file as is and do not force-label / and /apex_manifest.pb Bug: 268439003 Test: m (soong tests) Change-Id: I252eef9569deeac87bb71a3425a8eb07bab3c634
This commit is contained in:
Jooyung Han
parent
b6de89a232
commit
af73095979
3 changed files with 53 additions and 6 deletions
|
|
@ -99,6 +99,10 @@ type apexBundleProperties struct {
|
|||
// /system/sepolicy/apex/<module_name>_file_contexts.
|
||||
File_contexts *string `android:"path"`
|
||||
|
||||
// By default, file_contexts is amended by force-labelling / and /apex_manifest.pb as system_file
|
||||
// to avoid mistakes. When set as true, no force-labelling.
|
||||
Use_file_contexts_as_is *bool
|
||||
|
||||
// Path to the canned fs config file for customizing file's uid/gid/mod/capabilities. The
|
||||
// format is /<path_or_glob> <uid> <gid> <mode> [capabilities=0x<cap>], where path_or_glob is a
|
||||
// path or glob pattern for a file or set of files, uid/gid are numerial values of user ID
|
||||
|
|
|
|||
|
|
@ -784,6 +784,43 @@ func TestApexManifestMinSdkVersion(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestFileContexts(t *testing.T) {
|
||||
for _, useFileContextsAsIs := range []bool{true, false} {
|
||||
prop := ""
|
||||
if useFileContextsAsIs {
|
||||
prop = "use_file_contexts_as_is: true,\n"
|
||||
}
|
||||
ctx := testApex(t, `
|
||||
apex {
|
||||
name: "myapex",
|
||||
key: "myapex.key",
|
||||
file_contexts: "file_contexts",
|
||||
updatable: false,
|
||||
vendor: true,
|
||||
`+prop+`
|
||||
}
|
||||
|
||||
apex_key {
|
||||
name: "myapex.key",
|
||||
public_key: "testkey.avbpubkey",
|
||||
private_key: "testkey.pem",
|
||||
}
|
||||
`, withFiles(map[string][]byte{
|
||||
"file_contexts": nil,
|
||||
}))
|
||||
|
||||
rule := ctx.ModuleForTests("myapex", "android_common_myapex_image").Output("file_contexts")
|
||||
forceLabellingCommand := "apex_manifest\\\\.pb u:object_r:system_file:s0"
|
||||
if useFileContextsAsIs {
|
||||
android.AssertStringDoesNotContain(t, "should force-label",
|
||||
rule.RuleParams.Command, forceLabellingCommand)
|
||||
} else {
|
||||
android.AssertStringDoesContain(t, "shouldn't force-label",
|
||||
rule.RuleParams.Command, forceLabellingCommand)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestBasicZipApex(t *testing.T) {
|
||||
ctx := testApex(t, `
|
||||
apex {
|
||||
|
|
|
|||
|
|
@ -333,6 +333,8 @@ func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) android.Output
|
|||
ctx.PropertyErrorf("file_contexts", "cannot find file_contexts file: %q", fileContexts.String())
|
||||
}
|
||||
|
||||
useFileContextsAsIs := proptools.Bool(a.properties.Use_file_contexts_as_is)
|
||||
|
||||
output := android.PathForModuleOut(ctx, "file_contexts")
|
||||
rule := android.NewRuleBuilder(pctx, ctx)
|
||||
|
||||
|
|
@ -344,9 +346,11 @@ func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) android.Output
|
|||
rule.Command().Text("cat").Input(fileContexts).Text(">>").Output(output)
|
||||
// new line
|
||||
rule.Command().Text("echo").Text(">>").Output(output)
|
||||
// force-label /apex_manifest.pb and / as system_file so that apexd can read them
|
||||
rule.Command().Text("echo").Flag("/apex_manifest\\\\.pb u:object_r:system_file:s0").Text(">>").Output(output)
|
||||
rule.Command().Text("echo").Flag("/ u:object_r:system_file:s0").Text(">>").Output(output)
|
||||
if !useFileContextsAsIs {
|
||||
// force-label /apex_manifest.pb and / as system_file so that apexd can read them
|
||||
rule.Command().Text("echo").Flag("/apex_manifest\\\\.pb u:object_r:system_file:s0").Text(">>").Output(output)
|
||||
rule.Command().Text("echo").Flag("/ u:object_r:system_file:s0").Text(">>").Output(output)
|
||||
}
|
||||
case flattenedApex:
|
||||
// For flattened apexes, install path should be prepended.
|
||||
// File_contexts file should be emiited to make via LOCAL_FILE_CONTEXTS
|
||||
|
|
@ -359,9 +363,11 @@ func (a *apexBundle) buildFileContexts(ctx android.ModuleContext) android.Output
|
|||
rule.Command().Text("awk").Text(`'/object_r/{printf("` + apexPath + `%s\n", $0)}'`).Input(fileContexts).Text(">").Output(output)
|
||||
// new line
|
||||
rule.Command().Text("echo").Text(">>").Output(output)
|
||||
// force-label /apex_manifest.pb and / as system_file so that apexd can read them
|
||||
rule.Command().Text("echo").Flag(apexPath + `/apex_manifest\\.pb u:object_r:system_file:s0`).Text(">>").Output(output)
|
||||
rule.Command().Text("echo").Flag(apexPath + "/ u:object_r:system_file:s0").Text(">>").Output(output)
|
||||
if !useFileContextsAsIs {
|
||||
// force-label /apex_manifest.pb and / as system_file so that apexd can read them
|
||||
rule.Command().Text("echo").Flag(apexPath + `/apex_manifest\\.pb u:object_r:system_file:s0`).Text(">>").Output(output)
|
||||
rule.Command().Text("echo").Flag(apexPath + "/ u:object_r:system_file:s0").Text(">>").Output(output)
|
||||
}
|
||||
default:
|
||||
panic(fmt.Errorf("unsupported type %v", a.properties.ApexType))
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue