diff options
| author | Inseob Kim <inseob@google.com> | 2021-02-03 14:05:24 +0900 |
|---|---|---|
| committer | Inseob Kim <inseob@google.com> | 2021-02-04 13:28:20 +0900 |
| commit | cc8e536a15ce377e34f56b6cf4f490700b2fe6c6 (patch) | |
| tree | 2e884efd8a883344d2dc8f04bef06b506a2ab1ec /filesystem/filesystem.go | |
| parent | 7a1c2b181cc15756dc4bdc5727413d15f1ccb7ca (diff) | |
Add file_contexts property to filesystem
Filesystems like ext4 can store file contexts itself. This supports
passing file_contexts file to build_image.
Bug: 178993690
Test: boot and see selinux denials are gone
Change-Id: I97d4a981e4b9c89434ea2f1303173ae91cce94e3
Diffstat (limited to 'filesystem/filesystem.go')
| -rw-r--r-- | filesystem/filesystem.go | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go index 5092ad06e..177296cb2 100644 --- a/filesystem/filesystem.go +++ b/filesystem/filesystem.go @@ -51,6 +51,9 @@ type filesystemProperties struct { // Type of the filesystem. Currently, ext4 and compressed_cpio are supported. Default is // ext4. Type *string + + // file_contexts file to make image. Currently, only ext4 is supported. + File_contexts *string `android:"path"` } // android_filesystem packages a set of modules and their transitive dependencies into a filesystem @@ -142,6 +145,16 @@ func (f *filesystem) buildImageUsingBuildImage(ctx android.ModuleContext) androi return output } +func (f *filesystem) buildFileContexts(ctx android.ModuleContext) android.OutputPath { + builder := android.NewRuleBuilder(pctx, ctx) + fcBin := android.PathForModuleOut(ctx, "file_contexts.bin") + builder.Command().BuiltTool("sefcontext_compile"). + FlagWithOutput("-o ", fcBin). + Input(android.PathForModuleSrc(ctx, proptools.String(f.properties.File_contexts))) + builder.Build("build_filesystem_file_contexts", fmt.Sprintf("Creating filesystem file contexts for %s", f.BaseModuleName())) + return fcBin.OutputPath +} + func (f *filesystem) buildPropFile(ctx android.ModuleContext) (propFile android.OutputPath, toolDeps android.Paths) { type prop struct { name string @@ -188,6 +201,10 @@ func (f *filesystem) buildPropFile(ctx android.ModuleContext) (propFile android. addStr("partition_name", f.Name()) } + if proptools.String(f.properties.File_contexts) != "" { + addPath("selinux_fc", f.buildFileContexts(ctx)) + } + propFile = android.PathForModuleOut(ctx, "prop").OutputPath builder := android.NewRuleBuilder(pctx, ctx) builder.Command().Text("rm").Flag("-rf").Output(propFile) @@ -207,6 +224,10 @@ func (f *filesystem) buildCompressedCpioImage(ctx android.ModuleContext) android "Consider adding this to bootimg module and signing the entire boot image.") } + if proptools.String(f.properties.File_contexts) != "" { + ctx.PropertyErrorf("file_contexts", "file_contexts is not supported for compressed cpio image.") + } + zipFile := android.PathForModuleOut(ctx, "temp.zip").OutputPath f.CopyDepsToZip(ctx, zipFile) |