commit e5c393cdae4b688f26bdad001593896ca2e72f8a
author Spandan Das <spandandas@google.com> Thu Dec 12 19:25:07 2024 +0000
committer Spandan Das <spandandas@google.com> Thu Dec 12 22:22:15 2024 +0000
tree 7e5a3f7ab4fc039d78d1da1dbf0a431e251d0d3a
parent c47ccaeabdbe6e8215fe83f5c7dc22a0de409ff3

Make Security_patch an `android_filesystem` property

Make-built partitions use partition specific security_patches for
build_image, but Soong-built partitions currently use the platform
security patch for all partitions (including vendor,odm,...). This CL
introduces a `Security_patch` property to set this value explicity. The
name and description have been copied from `bootimg`.

This CL also updates `fsgen` to set this property on the autogenerated
partitions. The logic has been copied from `build/make/core/Makefile`.
It is currently missing `boot` and `init_boot` (I have not tested
bit-identical for those partitions yet).

Bug: 383357338
Test: lunch aosp_cf_x86_64_phone-trunk_staging-userdebug
Setup
- export COPY_IMAGES_FOR_TARGET_FILES_ZIP=true
- export BUILD_DATETIME=10
- commented out installed_*_notice_xml_gz in build/make/core/Makefile
Test: verified that the following .img files are bit identical in top of
CL stack
odm,system_dlkm,vendor_dlkm,odm_dlkm

Change-Id: I9ae9bf957ffd479c57f12a49864589d285d93a71

filesystem/filesystem.go

diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go
index eea54a9..4b4dc40 100644
--- a/filesystem/filesystem.go
+++ b/filesystem/filesystem.go
@@ -121,6 +121,9 @@
 	// avbtool. Default used by avbtool is sha1.
 	Avb_hash_algorithm *string
 
+	// The security patch passed to as the com.android.build.<type>.security_patch avb property.
+	Security_patch *string
+
 	// Whether or not to use forward-error-correction codes when signing with AVB. Defaults to true.
 	Use_fec *bool
 
@@ -685,7 +688,9 @@
 		}
 		avb_add_hashtree_footer_args += fmt.Sprintf(" --prop com.android.build.%s.os_version:%s", f.partitionName(), ctx.Config().PlatformVersionLastStable())
 		avb_add_hashtree_footer_args += fmt.Sprintf(" --prop com.android.build.%s.fingerprint:{CONTENTS_OF:%s}", f.partitionName(), ctx.Config().BuildFingerprintFile(ctx))
-		avb_add_hashtree_footer_args += fmt.Sprintf(" --prop com.android.build.%s.security_patch:%s", f.partitionName(), ctx.Config().PlatformSecurityPatch())
+		if f.properties.Security_patch != nil && proptools.String(f.properties.Security_patch) != "" {
+			avb_add_hashtree_footer_args += fmt.Sprintf(" --prop com.android.build.%s.security_patch:%s", f.partitionName(), proptools.String(f.properties.Security_patch))
+		}
 		addStr("avb_add_hashtree_footer_args", avb_add_hashtree_footer_args)
 	}