Blame - filesystem/fsverity_metadata.go - android_build_soong

blob: 199c845169f9eb0c84dab1a01cbc5d9e06d03e2a [file] [log] [blame]

Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	1	// Copyright (C) 2024 The Android Open Source Project
				2	//
				3	// Licensed under the Apache License, Version 2.0 (the "License");
				4	// you may not use this file except in compliance with the License.
				5	// You may obtain a copy of the License at
				6	//
				7	// http://www.apache.org/licenses/LICENSE-2.0
				8	//
				9	// Unless required by applicable law or agreed to in writing, software
				10	// distributed under the License is distributed on an "AS IS" BASIS,
				11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				12	// See the License for the specific language governing permissions and
				13	// limitations under the License.
				14
				15	package filesystem
				16
				17	import (
Spandan Das	d86882b	2024-10-17 21:10:48 +0000	[diff] [blame]	18	"fmt"
Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	19	"path/filepath"
				20	"strings"
				21
				22	"android/soong/android"
				23	)
				24
				25	type fsverityProperties struct {
				26	// Patterns of files for fsverity metadata generation. For each matched file, a .fsv_meta file
				27	// will be generated and included to the filesystem image.
				28	// etc/security/fsverity/BuildManifest.apk will also be generated which contains information
				29	// about generated .fsv_meta files.
				30	Inputs []string
Inseob Kim	1e6afed	2024-04-03 17:24:54 +0900	[diff] [blame]	31
				32	// APK libraries to link against, for etc/security/fsverity/BuildManifest.apk
				33	Libs []string `android:"path"`
Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	34	}
				35
				36	func (f *filesystem) writeManifestGeneratorListFile(ctx android.ModuleContext, outputPath android.OutputPath, matchedSpecs []android.PackagingSpec, rebasedDir android.OutputPath) {
				37	var buf strings.Builder
				38	for _, spec := range matchedSpecs {
				39	buf.WriteString(rebasedDir.Join(ctx, spec.RelPathInPackage()).String())
				40	buf.WriteRune('\n')
				41	}
				42	android.WriteFileRuleVerbatim(ctx, outputPath, buf.String())
				43	}
				44
				45	func (f filesystem) buildFsverityMetadataFiles(ctx android.ModuleContext, builder android.RuleBuilder, specs map[string]android.PackagingSpec, rootDir android.OutputPath, rebasedDir android.OutputPath) {
				46	match := func(path string) bool {
				47	for _, pattern := range f.properties.Fsverity.Inputs {
				48	if matched, err := filepath.Match(pattern, path); matched {
				49	return true
				50	} else if err != nil {
				51	ctx.PropertyErrorf("fsverity.inputs", "bad pattern %q", pattern)
				52	return false
				53	}
				54	}
				55	return false
				56	}
				57
				58	var matchedSpecs []android.PackagingSpec
				59	for _, relPath := range android.SortedKeys(specs) {
				60	if match(relPath) {
				61	matchedSpecs = append(matchedSpecs, specs[relPath])
				62	}
				63	}
				64
				65	if len(matchedSpecs) == 0 {
				66	return
				67	}
				68
				69	fsverityBuilderPath := android.PathForModuleOut(ctx, "fsverity_builder.sh")
				70	metadataGeneratorPath := ctx.Config().HostToolPath(ctx, "fsverity_metadata_generator")
				71	fsverityPath := ctx.Config().HostToolPath(ctx, "fsverity")
				72
				73	cmd := builder.Command().Tool(fsverityBuilderPath)
				74
				75	// STEP 1: generate .fsv_meta
				76	var sb strings.Builder
				77	sb.WriteString("set -e\n")
				78	cmd.Implicit(metadataGeneratorPath).Implicit(fsverityPath)
				79	for _, spec := range matchedSpecs {
				80	// srcPath is copied by CopySpecsToDir()
				81	srcPath := rebasedDir.Join(ctx, spec.RelPathInPackage())
				82	destPath := rebasedDir.Join(ctx, spec.RelPathInPackage()+".fsv_meta")
				83	sb.WriteString(metadataGeneratorPath.String())
				84	sb.WriteString(" --fsverity-path ")
				85	sb.WriteString(fsverityPath.String())
				86	sb.WriteString(" --signature none --hash-alg sha256 --output ")
				87	sb.WriteString(destPath.String())
				88	sb.WriteRune(' ')
				89	sb.WriteString(srcPath.String())
				90	sb.WriteRune('\n')
Kiyoung Kim	99a954d	2024-06-21 14:22:20 +0900	[diff] [blame]	91	f.appendToEntry(ctx, destPath)
Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	92	}
				93
				94	// STEP 2: generate signed BuildManifest.apk
				95	// STEP 2-1: generate build_manifest.pb
				96	assetsPath := android.PathForModuleOut(ctx, "fsverity_manifest/assets")
				97	manifestPbPath := assetsPath.Join(ctx, "build_manifest.pb")
				98	manifestGeneratorPath := ctx.Config().HostToolPath(ctx, "fsverity_manifest_generator")
				99	cmd.Implicit(manifestGeneratorPath)
				100	sb.WriteString("rm -rf ")
				101	sb.WriteString(assetsPath.String())
				102	sb.WriteString(" && mkdir -p ")
				103	sb.WriteString(assetsPath.String())
				104	sb.WriteRune('\n')
				105	sb.WriteString(manifestGeneratorPath.String())
				106	sb.WriteString(" --fsverity-path ")
				107	sb.WriteString(fsverityPath.String())
				108	sb.WriteString(" --base-dir ")
				109	sb.WriteString(rootDir.String())
				110	sb.WriteString(" --output ")
				111	sb.WriteString(manifestPbPath.String())
				112	sb.WriteRune(' ')
Kiyoung Kim	99a954d	2024-06-21 14:22:20 +0900	[diff] [blame]	113	f.appendToEntry(ctx, manifestPbPath)
Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	114
				115	manifestGeneratorListPath := android.PathForModuleOut(ctx, "fsverity_manifest.list")
				116	f.writeManifestGeneratorListFile(ctx, manifestGeneratorListPath.OutputPath, matchedSpecs, rebasedDir)
				117	sb.WriteRune('@')
				118	sb.WriteString(manifestGeneratorListPath.String())
				119	sb.WriteRune('\n')
				120	cmd.Implicit(manifestGeneratorListPath)
Kiyoung Kim	99a954d	2024-06-21 14:22:20 +0900	[diff] [blame]	121	f.appendToEntry(ctx, manifestGeneratorListPath.OutputPath)
Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	122
				123	// STEP 2-2: generate BuildManifest.apk (unsigned)
				124	aapt2Path := ctx.Config().HostToolPath(ctx, "aapt2")
Spandan Das	d86882b	2024-10-17 21:10:48 +0000	[diff] [blame]	125	apkNameSuffix := ""
				126	if f.PartitionType() == "system_ext" {
				127	//https://source.corp.google.com/h/googleplex-android/platform/build/+/e392d2b486c2d4187b20a72b1c67cc737ecbcca5:core/Makefile;l=3410;drc=ea8f34bc1d6e63656b4ec32f2391e9d54b3ebb6b;bpv=1;bpt=0
				128	apkNameSuffix = "SystemExt"
				129	}
				130	apkPath := rebasedDir.Join(ctx, "etc", "security", "fsverity", fmt.Sprintf("BuildManifest%s.apk", apkNameSuffix))
				131	idsigPath := rebasedDir.Join(ctx, "etc", "security", "fsverity", fmt.Sprintf("BuildManifest%s.apk.idsig", apkNameSuffix))
Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	132	manifestTemplatePath := android.PathForSource(ctx, "system/security/fsverity/AndroidManifest.xml")
Inseob Kim	1e6afed	2024-04-03 17:24:54 +0900	[diff] [blame]	133	libs := android.PathsForModuleSrc(ctx, f.properties.Fsverity.Libs)
Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	134	cmd.Implicit(aapt2Path)
				135	cmd.Implicit(manifestTemplatePath)
Inseob Kim	1e6afed	2024-04-03 17:24:54 +0900	[diff] [blame]	136	cmd.Implicits(libs)
Kiyoung Kim	99a954d	2024-06-21 14:22:20 +0900	[diff] [blame]	137	cmd.ImplicitOutput(apkPath)
Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	138
				139	sb.WriteString(aapt2Path.String())
				140	sb.WriteString(" link -o ")
				141	sb.WriteString(apkPath.String())
				142	sb.WriteString(" -A ")
				143	sb.WriteString(assetsPath.String())
Inseob Kim	1e6afed	2024-04-03 17:24:54 +0900	[diff] [blame]	144	for _, lib := range libs {
				145	sb.WriteString(" -I ")
				146	sb.WriteString(lib.String())
				147	}
Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	148	minSdkVersion := ctx.Config().PlatformSdkCodename()
				149	if minSdkVersion == "REL" {
				150	minSdkVersion = ctx.Config().PlatformSdkVersion().String()
				151	}
				152	sb.WriteString(" --min-sdk-version ")
				153	sb.WriteString(minSdkVersion)
				154	sb.WriteString(" --version-code ")
				155	sb.WriteString(ctx.Config().PlatformSdkVersion().String())
				156	sb.WriteString(" --version-name ")
				157	sb.WriteString(ctx.Config().AppsDefaultVersionName())
				158	sb.WriteString(" --manifest ")
				159	sb.WriteString(manifestTemplatePath.String())
				160	sb.WriteString(" --rename-manifest-package com.android.security.fsverity_metadata.")
				161	sb.WriteString(f.partitionName())
				162	sb.WriteRune('\n')
				163
Kiyoung Kim	99a954d	2024-06-21 14:22:20 +0900	[diff] [blame]	164	f.appendToEntry(ctx, apkPath)
				165
Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	166	// STEP 2-3: sign BuildManifest.apk
				167	apksignerPath := ctx.Config().HostToolPath(ctx, "apksigner")
				168	pemPath, keyPath := ctx.Config().DefaultAppCertificate(ctx)
				169	cmd.Implicit(apksignerPath)
				170	cmd.Implicit(pemPath)
				171	cmd.Implicit(keyPath)
Kiyoung Kim	99a954d	2024-06-21 14:22:20 +0900	[diff] [blame]	172	cmd.ImplicitOutput(idsigPath)
Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	173	sb.WriteString(apksignerPath.String())
				174	sb.WriteString(" sign --in ")
				175	sb.WriteString(apkPath.String())
				176	sb.WriteString(" --cert ")
				177	sb.WriteString(pemPath.String())
				178	sb.WriteString(" --key ")
				179	sb.WriteString(keyPath.String())
				180	sb.WriteRune('\n')
				181
Kiyoung Kim	99a954d	2024-06-21 14:22:20 +0900	[diff] [blame]	182	f.appendToEntry(ctx, idsigPath)
				183
Inseob Kim	5339184	2024-03-29 17:44:07 +0900	[diff] [blame]	184	android.WriteExecutableFileRuleVerbatim(ctx, fsverityBuilderPath, sb.String())
				185	}