1// Copyright (C) 2020 The Android Open Source Project 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15package filesystem 16 17import ( 18 "crypto/sha256" 19 "fmt" 20 "io" 21 "path/filepath" 22 "strings" 23 24 "android/soong/android" 25 "android/soong/cc" 26 27 "github.com/google/blueprint" 28 "github.com/google/blueprint/proptools" 29) 30 31func init() { 32 registerBuildComponents(android.InitRegistrationContext) 33} 34 35func registerBuildComponents(ctx android.RegistrationContext) { 36 ctx.RegisterModuleType("android_filesystem", filesystemFactory) 37 ctx.RegisterModuleType("android_system_image", systemImageFactory) 38 ctx.RegisterModuleType("avb_add_hash_footer", avbAddHashFooterFactory) 39 ctx.RegisterModuleType("avb_gen_vbmeta_image", avbGenVbmetaImageFactory) 40} 41 42type filesystem struct { 43 android.ModuleBase 44 android.PackagingBase 45 46 properties filesystemProperties 47 48 // Function that builds extra files under the root directory and returns the files 49 buildExtraFiles func(ctx android.ModuleContext, root android.OutputPath) android.OutputPaths 50 51 // Function that filters PackagingSpecs returned by PackagingBase.GatherPackagingSpecs() 52 filterPackagingSpecs func(specs map[string]android.PackagingSpec) 53 54 output android.OutputPath 55 installDir android.InstallPath 56 57 // For testing. Keeps the result of CopyDepsToZip() 58 entries []string 59} 60 61type symlinkDefinition struct { 62 Target *string 63 Name *string 64} 65 66type filesystemProperties struct { 67 // When set to true, sign the image with avbtool. Default is false. 68 Use_avb *bool 69 70 // Path to the private key that avbtool will use to sign this filesystem image. 71 // TODO(jiyong): allow apex_key to be specified here 72 Avb_private_key *string `android:"path"` 73 74 // Signing algorithm for avbtool. Default is SHA256_RSA4096. 75 Avb_algorithm *string 76 77 // Hash algorithm used for avbtool (for descriptors). This is passed as hash_algorithm to 78 // avbtool. Default used by avbtool is sha1. 79 Avb_hash_algorithm *string 80 81 // Name of the partition stored in vbmeta desc. Defaults to the name of this module. 82 Partition_name *string 83 84 // Type of the filesystem. Currently, ext4, cpio, and compressed_cpio are supported. Default 85 // is ext4. 86 Type *string 87 88 // file_contexts file to make image. Currently, only ext4 is supported. 89 File_contexts *string `android:"path"` 90 91 // Base directory relative to root, to which deps are installed, e.g. "system". Default is "." 92 // (root). 93 Base_dir *string 94 95 // Directories to be created under root. e.g. /dev, /proc, etc. 96 Dirs []string 97 98 // Symbolic links to be created under root with "ln -sf <target> <name>". 99 Symlinks []symlinkDefinition 100 101 // Seconds since unix epoch to override timestamps of file entries 102 Fake_timestamp *string 103 104 // When set, passed to mkuserimg_mke2fs --mke2fs_uuid & --mke2fs_hash_seed. 105 // Otherwise, they'll be set as random which might cause indeterministic build output. 106 Uuid *string 107} 108 109// android_filesystem packages a set of modules and their transitive dependencies into a filesystem 110// image. The filesystem images are expected to be mounted in the target device, which means the 111// modules in the filesystem image are built for the target device (i.e. Android, not Linux host). 112// The modules are placed in the filesystem image just like they are installed to the ordinary 113// partitions like system.img. For example, cc_library modules are placed under ./lib[64] directory. 114func filesystemFactory() android.Module { 115 module := &filesystem{} 116 initFilesystemModule(module) 117 return module 118} 119 120func initFilesystemModule(module *filesystem) { 121 module.AddProperties(&module.properties) 122 android.InitPackageModule(module) 123 android.InitAndroidMultiTargetsArchModule(module, android.DeviceSupported, android.MultilibCommon) 124} 125 126var dependencyTag = struct { 127 blueprint.BaseDependencyTag 128 android.PackagingItemAlwaysDepTag 129}{} 130 131func (f *filesystem) DepsMutator(ctx android.BottomUpMutatorContext) { 132 f.AddDeps(ctx, dependencyTag) 133} 134 135type fsType int 136 137const ( 138 ext4Type fsType = iota 139 compressedCpioType 140 cpioType // uncompressed 141 unknown 142) 143 144func (f *filesystem) fsType(ctx android.ModuleContext) fsType { 145 typeStr := proptools.StringDefault(f.properties.Type, "ext4") 146 switch typeStr { 147 case "ext4": 148 return ext4Type 149 case "compressed_cpio": 150 return compressedCpioType 151 case "cpio": 152 return cpioType 153 default: 154 ctx.PropertyErrorf("type", "%q not supported", typeStr) 155 return unknown 156 } 157} 158 159func (f *filesystem) installFileName() string { 160 return f.BaseModuleName() + ".img" 161} 162 163var pctx = android.NewPackageContext("android/soong/filesystem") 164 165func (f *filesystem) GenerateAndroidBuildActions(ctx android.ModuleContext) { 166 switch f.fsType(ctx) { 167 case ext4Type: 168 f.output = f.buildImageUsingBuildImage(ctx) 169 case compressedCpioType: 170 f.output = f.buildCpioImage(ctx, true) 171 case cpioType: 172 f.output = f.buildCpioImage(ctx, false) 173 default: 174 return 175 } 176 177 f.installDir = android.PathForModuleInstall(ctx, "etc") 178 ctx.InstallFile(f.installDir, f.installFileName(), f.output) 179} 180 181// root zip will contain extra files/dirs that are not from the `deps` property. 182func (f *filesystem) buildRootZip(ctx android.ModuleContext) android.OutputPath { 183 rootDir := android.PathForModuleGen(ctx, "root").OutputPath 184 builder := android.NewRuleBuilder(pctx, ctx) 185 builder.Command().Text("rm -rf").Text(rootDir.String()) 186 builder.Command().Text("mkdir -p").Text(rootDir.String()) 187 188 // create dirs and symlinks 189 for _, dir := range f.properties.Dirs { 190 // OutputPath.Join verifies dir 191 builder.Command().Text("mkdir -p").Text(rootDir.Join(ctx, dir).String()) 192 } 193 194 for _, symlink := range f.properties.Symlinks { 195 name := strings.TrimSpace(proptools.String(symlink.Name)) 196 target := strings.TrimSpace(proptools.String(symlink.Target)) 197 198 if name == "" { 199 ctx.PropertyErrorf("symlinks", "Name can't be empty") 200 continue 201 } 202 203 if target == "" { 204 ctx.PropertyErrorf("symlinks", "Target can't be empty") 205 continue 206 } 207 208 // OutputPath.Join verifies name. don't need to verify target. 209 dst := rootDir.Join(ctx, name) 210 211 builder.Command().Text("mkdir -p").Text(filepath.Dir(dst.String())) 212 builder.Command().Text("ln -sf").Text(proptools.ShellEscape(target)).Text(dst.String()) 213 } 214 215 // create extra files if there's any 216 rootForExtraFiles := android.PathForModuleGen(ctx, "root-extra").OutputPath 217 var extraFiles android.OutputPaths 218 if f.buildExtraFiles != nil { 219 extraFiles = f.buildExtraFiles(ctx, rootForExtraFiles) 220 for _, f := range extraFiles { 221 rel, _ := filepath.Rel(rootForExtraFiles.String(), f.String()) 222 if strings.HasPrefix(rel, "..") { 223 panic(fmt.Errorf("%q is not under %q\n", f, rootForExtraFiles)) 224 } 225 } 226 } 227 228 // Zip them all 229 zipOut := android.PathForModuleGen(ctx, "root.zip").OutputPath 230 zipCommand := builder.Command().BuiltTool("soong_zip") 231 zipCommand.FlagWithOutput("-o ", zipOut). 232 FlagWithArg("-C ", rootDir.String()). 233 Flag("-L 0"). // no compression because this will be unzipped soon 234 FlagWithArg("-D ", rootDir.String()). 235 Flag("-d") // include empty directories 236 if len(extraFiles) > 0 { 237 zipCommand.FlagWithArg("-C ", rootForExtraFiles.String()) 238 for _, f := range extraFiles { 239 zipCommand.FlagWithInput("-f ", f) 240 } 241 } 242 243 builder.Command().Text("rm -rf").Text(rootDir.String()) 244 245 builder.Build("zip_root", fmt.Sprintf("zipping root contents for %s", ctx.ModuleName())) 246 return zipOut 247} 248 249func (f *filesystem) buildImageUsingBuildImage(ctx android.ModuleContext) android.OutputPath { 250 depsZipFile := android.PathForModuleOut(ctx, "deps.zip").OutputPath 251 f.entries = f.CopyDepsToZip(ctx, f.gatherFilteredPackagingSpecs(ctx), depsZipFile) 252 253 builder := android.NewRuleBuilder(pctx, ctx) 254 depsBase := proptools.StringDefault(f.properties.Base_dir, ".") 255 rebasedDepsZip := android.PathForModuleOut(ctx, "rebased_deps.zip").OutputPath 256 builder.Command(). 257 BuiltTool("zip2zip"). 258 FlagWithInput("-i ", depsZipFile). 259 FlagWithOutput("-o ", rebasedDepsZip). 260 Text("**/*:" + proptools.ShellEscape(depsBase)) // zip2zip verifies depsBase 261 262 rootDir := android.PathForModuleOut(ctx, "root").OutputPath 263 rootZip := f.buildRootZip(ctx) 264 builder.Command(). 265 BuiltTool("zipsync"). 266 FlagWithArg("-d ", rootDir.String()). // zipsync wipes this. No need to clear. 267 Input(rootZip). 268 Input(rebasedDepsZip) 269 270 // run host_init_verifier 271 // Ideally we should have a concept of pluggable linters that verify the generated image. 272 // While such concept is not implement this will do. 273 // TODO(b/263574231): substitute with pluggable linter. 274 builder.Command(). 275 BuiltTool("host_init_verifier"). 276 FlagWithArg("--out_system=", rootDir.String()+"/system") 277 278 propFile, toolDeps := f.buildPropFile(ctx) 279 output := android.PathForModuleOut(ctx, f.installFileName()).OutputPath 280 builder.Command().BuiltTool("build_image"). 281 Text(rootDir.String()). // input directory 282 Input(propFile). 283 Implicits(toolDeps). 284 Output(output). 285 Text(rootDir.String()) // directory where to find fs_config_files|dirs 286 287 // rootDir is not deleted. Might be useful for quick inspection. 288 builder.Build("build_filesystem_image", fmt.Sprintf("Creating filesystem %s", f.BaseModuleName())) 289 290 return output 291} 292 293func (f *filesystem) buildFileContexts(ctx android.ModuleContext) android.OutputPath { 294 builder := android.NewRuleBuilder(pctx, ctx) 295 fcBin := android.PathForModuleOut(ctx, "file_contexts.bin") 296 builder.Command().BuiltTool("sefcontext_compile"). 297 FlagWithOutput("-o ", fcBin). 298 Input(android.PathForModuleSrc(ctx, proptools.String(f.properties.File_contexts))) 299 builder.Build("build_filesystem_file_contexts", fmt.Sprintf("Creating filesystem file contexts for %s", f.BaseModuleName())) 300 return fcBin.OutputPath 301} 302 303// Calculates avb_salt from entry list (sorted) for deterministic output. 304func (f *filesystem) salt() string { 305 return sha1sum(f.entries) 306} 307 308func (f *filesystem) buildPropFile(ctx android.ModuleContext) (propFile android.OutputPath, toolDeps android.Paths) { 309 type prop struct { 310 name string 311 value string 312 } 313 314 var props []prop 315 var deps android.Paths 316 addStr := func(name string, value string) { 317 props = append(props, prop{name, value}) 318 } 319 addPath := func(name string, path android.Path) { 320 props = append(props, prop{name, path.String()}) 321 deps = append(deps, path) 322 } 323 324 // Type string that build_image.py accepts. 325 fsTypeStr := func(t fsType) string { 326 switch t { 327 // TODO(jiyong): add more types like f2fs, erofs, etc. 328 case ext4Type: 329 return "ext4" 330 } 331 panic(fmt.Errorf("unsupported fs type %v", t)) 332 } 333 334 addStr("fs_type", fsTypeStr(f.fsType(ctx))) 335 addStr("mount_point", "/") 336 addStr("use_dynamic_partition_size", "true") 337 addPath("ext_mkuserimg", ctx.Config().HostToolPath(ctx, "mkuserimg_mke2fs")) 338 // b/177813163 deps of the host tools have to be added. Remove this. 339 for _, t := range []string{"mke2fs", "e2fsdroid", "tune2fs"} { 340 deps = append(deps, ctx.Config().HostToolPath(ctx, t)) 341 } 342 343 if proptools.Bool(f.properties.Use_avb) { 344 addStr("avb_hashtree_enable", "true") 345 addPath("avb_avbtool", ctx.Config().HostToolPath(ctx, "avbtool")) 346 algorithm := proptools.StringDefault(f.properties.Avb_algorithm, "SHA256_RSA4096") 347 addStr("avb_algorithm", algorithm) 348 key := android.PathForModuleSrc(ctx, proptools.String(f.properties.Avb_private_key)) 349 addPath("avb_key_path", key) 350 avb_add_hashtree_footer_args := "--do_not_generate_fec" 351 if hashAlgorithm := proptools.String(f.properties.Avb_hash_algorithm); hashAlgorithm != "" { 352 avb_add_hashtree_footer_args += " --hash_algorithm " + hashAlgorithm 353 } 354 addStr("avb_add_hashtree_footer_args", avb_add_hashtree_footer_args) 355 partitionName := proptools.StringDefault(f.properties.Partition_name, f.Name()) 356 addStr("partition_name", partitionName) 357 addStr("avb_salt", f.salt()) 358 } 359 360 if proptools.String(f.properties.File_contexts) != "" { 361 addPath("selinux_fc", f.buildFileContexts(ctx)) 362 } 363 if timestamp := proptools.String(f.properties.Fake_timestamp); timestamp != "" { 364 addStr("timestamp", timestamp) 365 } 366 if uuid := proptools.String(f.properties.Uuid); uuid != "" { 367 addStr("uuid", uuid) 368 addStr("hash_seed", uuid) 369 } 370 propFile = android.PathForModuleOut(ctx, "prop").OutputPath 371 builder := android.NewRuleBuilder(pctx, ctx) 372 builder.Command().Text("rm").Flag("-rf").Output(propFile) 373 for _, p := range props { 374 builder.Command(). 375 Text("echo"). 376 Flag(`"` + p.name + "=" + p.value + `"`). 377 Text(">>").Output(propFile) 378 } 379 builder.Build("build_filesystem_prop", fmt.Sprintf("Creating filesystem props for %s", f.BaseModuleName())) 380 return propFile, deps 381} 382 383func (f *filesystem) buildCpioImage(ctx android.ModuleContext, compressed bool) android.OutputPath { 384 if proptools.Bool(f.properties.Use_avb) { 385 ctx.PropertyErrorf("use_avb", "signing compresed cpio image using avbtool is not supported."+ 386 "Consider adding this to bootimg module and signing the entire boot image.") 387 } 388 389 if proptools.String(f.properties.File_contexts) != "" { 390 ctx.PropertyErrorf("file_contexts", "file_contexts is not supported for compressed cpio image.") 391 } 392 393 depsZipFile := android.PathForModuleOut(ctx, "deps.zip").OutputPath 394 f.entries = f.CopyDepsToZip(ctx, f.gatherFilteredPackagingSpecs(ctx), depsZipFile) 395 396 builder := android.NewRuleBuilder(pctx, ctx) 397 depsBase := proptools.StringDefault(f.properties.Base_dir, ".") 398 rebasedDepsZip := android.PathForModuleOut(ctx, "rebased_deps.zip").OutputPath 399 builder.Command(). 400 BuiltTool("zip2zip"). 401 FlagWithInput("-i ", depsZipFile). 402 FlagWithOutput("-o ", rebasedDepsZip). 403 Text("**/*:" + proptools.ShellEscape(depsBase)) // zip2zip verifies depsBase 404 405 rootDir := android.PathForModuleOut(ctx, "root").OutputPath 406 rootZip := f.buildRootZip(ctx) 407 builder.Command(). 408 BuiltTool("zipsync"). 409 FlagWithArg("-d ", rootDir.String()). // zipsync wipes this. No need to clear. 410 Input(rootZip). 411 Input(rebasedDepsZip) 412 413 output := android.PathForModuleOut(ctx, f.installFileName()).OutputPath 414 cmd := builder.Command(). 415 BuiltTool("mkbootfs"). 416 Text(rootDir.String()) // input directory 417 if compressed { 418 cmd.Text("|"). 419 BuiltTool("lz4"). 420 Flag("--favor-decSpeed"). // for faster boot 421 Flag("-12"). // maximum compression level 422 Flag("-l"). // legacy format for kernel 423 Text(">").Output(output) 424 } else { 425 cmd.Text(">").Output(output) 426 } 427 428 // rootDir is not deleted. Might be useful for quick inspection. 429 builder.Build("build_cpio_image", fmt.Sprintf("Creating filesystem %s", f.BaseModuleName())) 430 431 return output 432} 433 434var _ android.AndroidMkEntriesProvider = (*filesystem)(nil) 435 436// Implements android.AndroidMkEntriesProvider 437func (f *filesystem) AndroidMkEntries() []android.AndroidMkEntries { 438 return []android.AndroidMkEntries{android.AndroidMkEntries{ 439 Class: "ETC", 440 OutputFile: android.OptionalPathForPath(f.output), 441 ExtraEntries: []android.AndroidMkExtraEntriesFunc{ 442 func(ctx android.AndroidMkExtraEntriesContext, entries *android.AndroidMkEntries) { 443 entries.SetString("LOCAL_MODULE_PATH", f.installDir.String()) 444 entries.SetString("LOCAL_INSTALLED_MODULE_STEM", f.installFileName()) 445 }, 446 }, 447 }} 448} 449 450var _ android.OutputFileProducer = (*filesystem)(nil) 451 452// Implements android.OutputFileProducer 453func (f *filesystem) OutputFiles(tag string) (android.Paths, error) { 454 if tag == "" { 455 return []android.Path{f.output}, nil 456 } 457 return nil, fmt.Errorf("unsupported module reference tag %q", tag) 458} 459 460// Filesystem is the public interface for the filesystem struct. Currently, it's only for the apex 461// package to have access to the output file. 462type Filesystem interface { 463 android.Module 464 OutputPath() android.Path 465 466 // Returns the output file that is signed by avbtool. If this module is not signed, returns 467 // nil. 468 SignedOutputPath() android.Path 469} 470 471var _ Filesystem = (*filesystem)(nil) 472 473func (f *filesystem) OutputPath() android.Path { 474 return f.output 475} 476 477func (f *filesystem) SignedOutputPath() android.Path { 478 if proptools.Bool(f.properties.Use_avb) { 479 return f.OutputPath() 480 } 481 return nil 482} 483 484// Filter the result of GatherPackagingSpecs to discard items targeting outside "system" partition. 485// Note that "apex" module installs its contents to "apex"(fake partition) as well 486// for symbol lookup by imitating "activated" paths. 487func (f *filesystem) gatherFilteredPackagingSpecs(ctx android.ModuleContext) map[string]android.PackagingSpec { 488 specs := f.PackagingBase.GatherPackagingSpecs(ctx) 489 if f.filterPackagingSpecs != nil { 490 f.filterPackagingSpecs(specs) 491 } 492 return specs 493} 494 495func sha1sum(values []string) string { 496 h := sha256.New() 497 for _, value := range values { 498 io.WriteString(h, value) 499 } 500 return fmt.Sprintf("%x", h.Sum(nil)) 501} 502 503// Base cc.UseCoverage 504 505var _ cc.UseCoverage = (*filesystem)(nil) 506 507func (*filesystem) IsNativeCoverageNeeded(ctx android.BaseModuleContext) bool { 508 return ctx.Device() && ctx.DeviceConfig().NativeCoverageEnabled() 509} 510