Add selinux contexts to autogenerated partitions
Filesystems had a selinux_contexts property that then compiled the
selinux contexts. But in make, it uses the result of the
file_contexts_bin_gen module, which already runs the compilation step.
Add a precompiled_file_contexts property to accept that compiled
file.
Also add 2 missing symlinks to the system partition.
Bug: 381120092
Test: diff'd make and soong build_image prop files
Change-Id: Ia0681fa4afe43675b730eaf0857dc6b15771534e
diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go
index b6b4cb7..35c1b94 100644
--- a/filesystem/filesystem.go
+++ b/filesystem/filesystem.go
@@ -130,9 +130,13 @@
// checks, and will be used in the future for API surface checks.
Partition_type *string
- // file_contexts file to make image. Currently, only ext4 is supported.
+ // file_contexts file to make image. Currently, only ext4 is supported. These file contexts
+ // will be compiled with sefcontext_compile
File_contexts *string `android:"path"`
+ // The selinux file contexts, after having already run them through sefcontext_compile
+ Precompiled_file_contexts *string `android:"path"`
+
// Base directory relative to root, to which deps are installed, e.g. "system". Default is "."
// (root).
Base_dir *string
@@ -679,8 +683,15 @@
addStr("avb_salt", f.salt())
}
- if proptools.String(f.properties.File_contexts) != "" {
+ if f.properties.File_contexts != nil && f.properties.Precompiled_file_contexts != nil {
+ ctx.ModuleErrorf("file_contexts and precompiled_file_contexts cannot both be set")
+ } else if f.properties.File_contexts != nil {
addPath("selinux_fc", f.buildFileContexts(ctx))
+ } else if f.properties.Precompiled_file_contexts != nil {
+ src := android.PathForModuleSrc(ctx, *f.properties.Precompiled_file_contexts)
+ if src != nil {
+ addPath("selinux_fc", src)
+ }
}
if timestamp := proptools.String(f.properties.Fake_timestamp); timestamp != "" {
addStr("timestamp", timestamp)
diff --git a/fsgen/filesystem_creator.go b/fsgen/filesystem_creator.go
index 6ded3aa..a914578 100644
--- a/fsgen/filesystem_creator.go
+++ b/fsgen/filesystem_creator.go
@@ -322,6 +322,20 @@
Target: proptools.StringPtr("/data/cache"),
Name: proptools.StringPtr("cache"),
},
+ // For Treble Generic System Image (GSI), system-as-root GSI needs to work on
+ // both devices with and without /odm_dlkm partition. Those symlinks are for
+ // devices without /odm_dlkm partition. For devices with /odm_dlkm
+ // partition, mount odm_dlkm.img under /odm_dlkm will hide those symlinks.
+ // Note that /odm_dlkm/lib is omitted because odm DLKMs should be accessed
+ // via /odm/lib/modules directly. All of this also applies to the vendor_dlkm symlink
+ filesystem.SymlinkDefinition{
+ Target: proptools.StringPtr("/odm/odm_dlkm/etc"),
+ Name: proptools.StringPtr("odm_dlkm/etc"),
+ },
+ filesystem.SymlinkDefinition{
+ Target: proptools.StringPtr("/vendor/vendor_dlkm/etc"),
+ Name: proptools.StringPtr("vendor_dlkm/etc"),
+ },
}
fsProps.Dirs = proptools.NewSimpleConfigurable([]string{
// From generic_rootdirs in build/make/target/product/generic/Android.bp
@@ -771,6 +785,13 @@
fsProps.Partition_name = proptools.StringPtr(partitionType)
+ switch partitionType {
+ // The partitions that support file_contexts came from here:
+ // https://cs.android.com/android/platform/superproject/main/+/main:build/make/core/Makefile;l=2270;drc=ad7cfb56010cb22c3aa0e70cf71c804352553526
+ case "system", "userdata", "cache", "vendor", "product", "system_ext", "odm", "vendor_dlkm", "odm_dlkm", "system_dlkm", "oem":
+ fsProps.Precompiled_file_contexts = proptools.StringPtr(":file_contexts_bin_gen")
+ }
+
if !strings.Contains(partitionType, "ramdisk") {
fsProps.Base_dir = proptools.StringPtr(partitionType)
}
@@ -779,18 +800,6 @@
partitionSpecificFsProps(ctx, fsProps, partitionVars, partitionType)
- // system_image properties that are not set:
- // - filesystemProperties.Avb_hash_algorithm
- // - filesystemProperties.File_contexts
- // - filesystemProperties.Dirs
- // - filesystemProperties.Symlinks
- // - filesystemProperties.Fake_timestamp
- // - filesystemProperties.Uuid
- // - filesystemProperties.Mount_point
- // - filesystemProperties.Include_make_built_files
- // - filesystemProperties.Build_logtags
- // - systemImageProperties.Linker_config_src
-
return fsProps, true
}