apex: emit file_contexts for flattened apex
Flattened APEXes are installed in /<partition>/apex/<name>, so its
file_contexts file should be amended accordingly.
For example, file_contexts of an apex "com.android.foo" with should be
modified by prepending actual install path to the path regex.
/bin/foo <sepolicy label>
=> /system/apex/com\.android\.foo/bin/foo <sepolicy label>
File_contexts file is emitted to "make" via LOCAL_FILE_CONTEXTS variable
for apex_manifest.pb module.
Make collects these files and use them to build file_contexts.bin.
Also removed global state which is used to keep the list of all
flattened apexes.
Bug: 166518492
Test: m file_contexts.bin
check intermediate file_contexts.modules.tmp file
in $OUT/obj/ETC/file_contexts.bin_intermediates/
Change-Id: I780370b6e576964a5c09f9477f3361f341dd576b
diff --git a/apex/androidmk.go b/apex/androidmk.go
index 1b53a67..de15060 100644
--- a/apex/androidmk.go
+++ b/apex/androidmk.go
@@ -263,6 +263,10 @@
postInstallCommands = append(postInstallCommands, a.compatSymlinks...)
}
}
+
+ // File_contexts of flattened APEXes should be merged into file_contexts.bin
+ fmt.Fprintln(w, "LOCAL_FILE_CONTEXTS :=", a.fileContexts)
+
if len(postInstallCommands) > 0 {
fmt.Fprintln(w, "LOCAL_POST_INSTALL_CMD :=", strings.Join(postInstallCommands, " && "))
}
diff --git a/apex/apex.go b/apex/apex.go
index 8e35e07..3f3e378 100644
--- a/apex/apex.go
+++ b/apex/apex.go
@@ -19,7 +19,6 @@
"path/filepath"
"sort"
"strings"
- "sync"
"github.com/google/blueprint"
"github.com/google/blueprint/bootstrap"
@@ -744,12 +743,6 @@
android.PreDepsMutators(RegisterPreDepsMutators)
android.PostDepsMutators(RegisterPostDepsMutators)
- android.RegisterMakeVarsProvider(pctx, func(ctx android.MakeVarsContext) {
- apexFileContextsInfos := apexFileContextsInfos(ctx.Config())
- sort.Strings(*apexFileContextsInfos)
- ctx.Strict("APEX_FILE_CONTEXTS_INFOS", strings.Join(*apexFileContextsInfos, " "))
- })
-
android.AddNeverAllowRules(createApexPermittedPackagesRules(qModulesPackages())...)
android.AddNeverAllowRules(createApexPermittedPackagesRules(rModulesPackages())...)
}
@@ -917,24 +910,6 @@
}
-var (
- apexFileContextsInfosKey = android.NewOnceKey("apexFileContextsInfosKey")
- apexFileContextsInfosMutex sync.Mutex
-)
-
-func apexFileContextsInfos(config android.Config) *[]string {
- return config.Once(apexFileContextsInfosKey, func() interface{} {
- return &[]string{}
- }).(*[]string)
-}
-
-func addFlattenedFileContextsInfos(ctx android.BaseModuleContext, fileContextsInfo string) {
- apexFileContextsInfosMutex.Lock()
- defer apexFileContextsInfosMutex.Unlock()
- apexFileContextsInfos := apexFileContextsInfos(ctx.Config())
- *apexFileContextsInfos = append(*apexFileContextsInfos, fileContextsInfo)
-}
-
func apexFlattenedMutator(mctx android.BottomUpMutatorContext) {
if !mctx.Module().Enabled() {
return
diff --git a/apex/builder.go b/apex/builder.go
index c5680ad..b835379 100644
--- a/apex/builder.go
+++ b/apex/builder.go
@@ -257,15 +257,34 @@
output := android.PathForModuleOut(ctx, "file_contexts")
rule := android.NewRuleBuilder()
- // remove old file
- rule.Command().Text("rm").FlagWithOutput("-f ", output)
- // copy file_contexts
- rule.Command().Text("cat").Input(fileContexts).Text(">>").Output(output)
- // new line
- rule.Command().Text("echo").Text(">>").Output(output)
- // force-label /apex_manifest.pb and / as system_file so that apexd can read them
- rule.Command().Text("echo").Flag("/apex_manifest\\\\.pb u:object_r:system_file:s0").Text(">>").Output(output)
- rule.Command().Text("echo").Flag("/ u:object_r:system_file:s0").Text(">>").Output(output)
+
+ if a.properties.ApexType == imageApex {
+ // remove old file
+ rule.Command().Text("rm").FlagWithOutput("-f ", output)
+ // copy file_contexts
+ rule.Command().Text("cat").Input(fileContexts).Text(">>").Output(output)
+ // new line
+ rule.Command().Text("echo").Text(">>").Output(output)
+ // force-label /apex_manifest.pb and / as system_file so that apexd can read them
+ rule.Command().Text("echo").Flag("/apex_manifest\\\\.pb u:object_r:system_file:s0").Text(">>").Output(output)
+ rule.Command().Text("echo").Flag("/ u:object_r:system_file:s0").Text(">>").Output(output)
+ } else {
+ // For flattened apexes, install path should be prepended.
+ // File_contexts file should be emiited to make via LOCAL_FILE_CONTEXTS
+ // so that it can be merged into file_contexts.bin
+ apexPath := android.InstallPathToOnDevicePath(ctx, a.installDir.Join(ctx, a.Name()))
+ apexPath = strings.ReplaceAll(apexPath, ".", `\\.`)
+ // remove old file
+ rule.Command().Text("rm").FlagWithOutput("-f ", output)
+ // copy file_contexts
+ rule.Command().Text("awk").Text(`'/object_r/{printf("` + apexPath + `%s\n", $0)}'`).Input(fileContexts).Text(">").Output(output)
+ // new line
+ rule.Command().Text("echo").Text(">>").Output(output)
+ // force-label /apex_manifest.pb and / as system_file so that apexd can read them
+ rule.Command().Text("echo").Flag(apexPath + `/apex_manifest\\.pb u:object_r:system_file:s0`).Text(">>").Output(output)
+ rule.Command().Text("echo").Flag(apexPath + "/ u:object_r:system_file:s0").Text(">>").Output(output)
+ }
+
rule.Build(pctx, ctx, "file_contexts."+a.Name(), "Generate file_contexts")
a.fileContexts = output.OutputPath
@@ -687,14 +706,7 @@
// instead of `android.PathForOutput`) to return the correct path to the flattened
// APEX (as its contents is installed by Make, not Soong).
factx := flattenedApexContext{ctx}
- apexBundleName := a.Name()
- a.outputFile = android.PathForModuleInstall(&factx, "apex", apexBundleName)
-
- if a.installable() {
- installPath := android.PathForModuleInstall(ctx, "apex", apexBundleName)
- devicePath := android.InstallPathToOnDevicePath(ctx, installPath)
- addFlattenedFileContextsInfos(ctx, apexBundleName+":"+devicePath+":"+a.fileContexts.String())
- }
+ a.outputFile = android.PathForModuleInstall(&factx, "apex", a.Name())
a.buildFilesInfo(ctx)
}