commit e5c393cdae4b688f26bdad001593896ca2e72f8a
author Spandan Das <spandandas@google.com> Thu Dec 12 19:25:07 2024 +0000
committer Spandan Das <spandandas@google.com> Thu Dec 12 22:22:15 2024 +0000
tree 7e5a3f7ab4fc039d78d1da1dbf0a431e251d0d3a
parent c47ccaeabdbe6e8215fe83f5c7dc22a0de409ff3

Make Security_patch an `android_filesystem` property

Make-built partitions use partition specific security_patches for
build_image, but Soong-built partitions currently use the platform
security patch for all partitions (including vendor,odm,...). This CL
introduces a `Security_patch` property to set this value explicity. The
name and description have been copied from `bootimg`.

This CL also updates `fsgen` to set this property on the autogenerated
partitions. The logic has been copied from `build/make/core/Makefile`.
It is currently missing `boot` and `init_boot` (I have not tested
bit-identical for those partitions yet).

Bug: 383357338
Test: lunch aosp_cf_x86_64_phone-trunk_staging-userdebug
Setup
- export COPY_IMAGES_FOR_TARGET_FILES_ZIP=true
- export BUILD_DATETIME=10
- commented out installed_*_notice_xml_gz in build/make/core/Makefile
Test: verified that the following .img files are bit identical in top of
CL stack
odm,system_dlkm,vendor_dlkm,odm_dlkm

Change-Id: I9ae9bf957ffd479c57f12a49864589d285d93a71

fsgen/filesystem_creator.go

diff --git a/fsgen/filesystem_creator.go b/fsgen/filesystem_creator.go
index 2dc5077..918e7d0 100644
--- a/fsgen/filesystem_creator.go
+++ b/fsgen/filesystem_creator.go
@@ -266,6 +266,7 @@
 		)
 		fsProps.Base_dir = proptools.StringPtr("system")
 		fsProps.Dirs = proptools.NewSimpleConfigurable(commonPartitionDirs)
+		fsProps.Security_patch = proptools.StringPtr(ctx.Config().PlatformSecurityPatch())
 	case "system_ext":
 		if partitionVars.ProductFsverityGenerateMetadata {
 			fsProps.Fsverity.Inputs = []string{
@@ -275,12 +276,14 @@
 			}
 			fsProps.Fsverity.Libs = []string{":framework-res{.export-package.apk}"}
 		}
+		fsProps.Security_patch = proptools.StringPtr(ctx.Config().PlatformSecurityPatch())
 	case "product":
 		fsProps.Gen_aconfig_flags_pb = proptools.BoolPtr(true)
 		fsProps.Android_filesystem_deps.System = proptools.StringPtr(generatedModuleNameForPartition(ctx.Config(), "system"))
 		if ctx.DeviceConfig().SystemExtPath() == "system_ext" {
 			fsProps.Android_filesystem_deps.System_ext = proptools.StringPtr(generatedModuleNameForPartition(ctx.Config(), "system_ext"))
 		}
+		fsProps.Security_patch = proptools.StringPtr(ctx.Config().PlatformSecurityPatch())
 	case "vendor":
 		fsProps.Gen_aconfig_flags_pb = proptools.BoolPtr(true)
 		fsProps.Symlinks = []filesystem.SymlinkDefinition{
@@ -297,6 +300,7 @@
 		if ctx.DeviceConfig().SystemExtPath() == "system_ext" {
 			fsProps.Android_filesystem_deps.System_ext = proptools.StringPtr(generatedModuleNameForPartition(ctx.Config(), "system_ext"))
 		}
+		fsProps.Security_patch = proptools.StringPtr(partitionVars.VendorSecurityPatch)
 	case "odm":
 		fsProps.Symlinks = []filesystem.SymlinkDefinition{
 			filesystem.SymlinkDefinition{
@@ -304,6 +308,7 @@
 				Name:   proptools.StringPtr("lib/modules"),
 			},
 		}
+		fsProps.Security_patch = proptools.StringPtr(partitionVars.OdmSecurityPatch)
 	case "userdata":
 		fsProps.Base_dir = proptools.StringPtr("data")
 	case "ramdisk":
@@ -358,6 +363,12 @@
 			Target: proptools.StringPtr("prop.default"),
 			Name:   proptools.StringPtr("default.prop"),
 		}), "root")
+	case "system_dlkm":
+		fsProps.Security_patch = proptools.StringPtr(partitionVars.SystemDlkmSecurityPatch)
+	case "vendor_dlkm":
+		fsProps.Security_patch = proptools.StringPtr(partitionVars.VendorDlkmSecurityPatch)
+	case "odm_dlkm":
+		fsProps.Security_patch = proptools.StringPtr(partitionVars.OdmDlkmSecurityPatch)
 	}
 }