diff options
| -rw-r--r-- | etc/Android.bp | 1 | ||||
| -rw-r--r-- | etc/avbpubkey.go | 84 | ||||
| -rw-r--r-- | fsgen/filesystem_creator.go | 3 | ||||
| -rw-r--r-- | fsgen/fsgen_mutators.go | 10 | ||||
| -rw-r--r-- | fsgen/prebuilt_etc_modules_gen.go | 25 |
5 files changed, 120 insertions, 3 deletions
diff --git a/etc/Android.bp b/etc/Android.bp index 8e043b86e..e92437e79 100644 --- a/etc/Android.bp +++ b/etc/Android.bp @@ -12,6 +12,7 @@ bootstrap_go_package { ], srcs: [ "adb_keys.go", + "avbpubkey.go", "install_symlink.go", "otacerts_zip.go", "prebuilt_etc.go", diff --git a/etc/avbpubkey.go b/etc/avbpubkey.go new file mode 100644 index 000000000..3f998d487 --- /dev/null +++ b/etc/avbpubkey.go @@ -0,0 +1,84 @@ +// Copyright 2024 Google Inc. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package etc + +import ( + "android/soong/android" + + "github.com/google/blueprint" + "github.com/google/blueprint/proptools" +) + +func init() { + android.RegisterModuleType("avbpubkey", AvbpubkeyModuleFactory) + pctx.HostBinToolVariable("avbtool", "avbtool") +} + +type avbpubkeyProperty struct { + Private_key *string `android:"path"` +} + +type AvbpubkeyModule struct { + android.ModuleBase + + properties avbpubkeyProperty + + outputPath android.WritablePath + installPath android.InstallPath +} + +func AvbpubkeyModuleFactory() android.Module { + module := &AvbpubkeyModule{} + module.AddProperties(&module.properties) + android.InitAndroidArchModule(module, android.DeviceSupported, android.MultilibFirst) + return module +} + +var avbPubKeyRule = pctx.AndroidStaticRule("avbpubkey", + blueprint.RuleParams{ + Command: `${avbtool} extract_public_key --key ${in} --output ${out}.tmp` + + ` && ( if cmp -s ${out}.tmp ${out} ; then rm ${out}.tmp ; else mv ${out}.tmp ${out} ; fi )`, + CommandDeps: []string{"${avbtool}"}, + Description: "Extracting system_other avb key", + }) + +func (m *AvbpubkeyModule) GenerateAndroidBuildActions(ctx android.ModuleContext) { + if !m.ProductSpecific() { + ctx.ModuleErrorf("avbpubkey module type must set product_specific to true") + } + + m.outputPath = android.PathForModuleOut(ctx, ctx.ModuleName(), "system_other.avbpubkey") + + ctx.Build(pctx, android.BuildParams{ + Rule: avbPubKeyRule, + Input: android.PathForModuleSrc(ctx, proptools.String(m.properties.Private_key)), + Output: m.outputPath, + }) + + m.installPath = android.PathForModuleInstall(ctx, "etc/security/avb") + ctx.InstallFile(m.installPath, "system_other.avbpubkey", m.outputPath) +} + +func (m *AvbpubkeyModule) AndroidMkEntries() []android.AndroidMkEntries { + if m.IsSkipInstall() { + return []android.AndroidMkEntries{} + } + + return []android.AndroidMkEntries{ + { + Class: "ETC", + OutputFile: android.OptionalPathForPath(m.outputPath), + }} +} diff --git a/fsgen/filesystem_creator.go b/fsgen/filesystem_creator.go index 0a65c6c38..2b967f7b6 100644 --- a/fsgen/filesystem_creator.go +++ b/fsgen/filesystem_creator.go @@ -62,7 +62,8 @@ func filesystemCreatorFactory() android.Module { module.AddProperties(&module.properties) android.AddLoadHook(module, func(ctx android.LoadHookContext) { generatedPrebuiltEtcModuleNames := createPrebuiltEtcModules(ctx) - createFsGenState(ctx, generatedPrebuiltEtcModuleNames) + avbpubkeyGenerated := createAvbpubkeyModule(ctx) + createFsGenState(ctx, generatedPrebuiltEtcModuleNames, avbpubkeyGenerated) module.createInternalModules(ctx) }) diff --git a/fsgen/fsgen_mutators.go b/fsgen/fsgen_mutators.go index e9fd51351..1253f0dfd 100644 --- a/fsgen/fsgen_mutators.go +++ b/fsgen/fsgen_mutators.go @@ -110,13 +110,13 @@ func generatedPartitions(ctx android.LoadHookContext) []string { return generatedPartitions } -func createFsGenState(ctx android.LoadHookContext, generatedPrebuiltEtcModuleNames []string) *FsGenState { +func createFsGenState(ctx android.LoadHookContext, generatedPrebuiltEtcModuleNames []string, avbpubkeyGenerated bool) *FsGenState { return ctx.Config().Once(fsGenStateOnceKey, func() interface{} { partitionVars := ctx.Config().ProductVariables().PartitionVarsForSoongMigrationOnlyDoNotUse candidates := android.FirstUniqueStrings(android.Concat(partitionVars.ProductPackages, partitionVars.ProductPackagesDebug)) candidates = android.Concat(candidates, generatedPrebuiltEtcModuleNames) - return &FsGenState{ + fsGenState := FsGenState{ depCandidates: candidates, fsDeps: map[string]*multilibDeps{ // These additional deps are added according to the cuttlefish system image bp. @@ -177,6 +177,12 @@ func createFsGenState(ctx android.LoadHookContext, generatedPrebuiltEtcModuleNam fsDepsMutex: sync.Mutex{}, moduleToInstallationProps: map[string]installationProperties{}, } + + if avbpubkeyGenerated { + (*fsGenState.fsDeps["product"])["system_other_avbpubkey"] = defaultDepCandidateProps(ctx.Config()) + } + + return &fsGenState }).(*FsGenState) } diff --git a/fsgen/prebuilt_etc_modules_gen.go b/fsgen/prebuilt_etc_modules_gen.go index 97d5482cb..efbc462e1 100644 --- a/fsgen/prebuilt_etc_modules_gen.go +++ b/fsgen/prebuilt_etc_modules_gen.go @@ -350,3 +350,28 @@ func createPrebuiltEtcModules(ctx android.LoadHookContext) (ret []string) { return ret } + +func createAvbpubkeyModule(ctx android.LoadHookContext) bool { + avbKeyPath := ctx.Config().ProductVariables().PartitionVarsForSoongMigrationOnlyDoNotUse.BoardAvbKeyPath + if avbKeyPath == "" { + return false + } + ctx.CreateModuleInDirectory( + etc.AvbpubkeyModuleFactory, + ".", + &struct { + Name *string + Product_specific *bool + Private_key *string + No_full_install *bool + Visibility []string + }{ + Name: proptools.StringPtr("system_other_avbpubkey"), + Product_specific: proptools.BoolPtr(true), + Private_key: proptools.StringPtr(avbKeyPath), + No_full_install: proptools.BoolPtr(true), + Visibility: []string{"//visibility:public"}, + }, + ) + return true +} |