diff options
| -rwxr-xr-x | scripts/image_signing/sign_android_image.sh | 56 |
1 files changed, 30 insertions, 26 deletions
diff --git a/scripts/image_signing/sign_android_image.sh b/scripts/image_signing/sign_android_image.sh index b9b10828..28534fca 100755 --- a/scripts/image_signing/sign_android_image.sh +++ b/scripts/image_signing/sign_android_image.sh @@ -228,26 +228,6 @@ replace_ota_cert() { popd > /dev/null } -# Restore SELinux context. This has to run after all file changes, before -# creating the new squashfs image. -reapply_file_security_context() { - local system_mnt=$1 - local root_fs_dir=$2 - - info "Reapplying file security context" - - local selinux_dir="${root_fs_dir}/etc/selinux" - local file_contexts="${selinux_dir}/arc/contexts/files/android_file_contexts" - if [[ ! -f "${file_contexts}" ]]; then - file_contexts="${file_contexts}_vm" - if [[ ! -f "${file_contexts}" ]]; then - die "Can't find Android's file contexts" - fi - fi - - sudo /sbin/setfiles -v -r "${system_mnt}" "${file_contexts}" "${system_mnt}" -} - # Snapshot file properties in a directory recursively. snapshot_file_properties() { local dir=$1 @@ -257,6 +237,29 @@ snapshot_file_properties() { main() { local root_fs_dir=$1 local key_dir=$2 + + # Detect vm/container type and set environment correspondingly. + # Keep this aligned with + # src/private-overlays/project-cheets-private/scripts/board_specific_setup.sh + local system_image="" + local compression_flags="" + local selinux_dir="${root_fs_dir}/etc/selinux" + local file_contexts="" + local vm_candidate="${root_fs_dir}/opt/google/vms/android/system.raw.img" + local container_candidate=( + "${root_fs_dir}/opt/google/containers/android/system.raw.img") + if [[ -f "${vm_candidate}" ]]; then + system_image="${vm_candidate}" + compression_flags="-comp lz4 -Xhc -b 256K" + file_contexts="${selinux_dir}/arc/contexts/files/android_file_contexts_vm" + elif [[ -f "${container_candidate}" ]]; then + system_image="${container_candidate}" + compression_flags="-comp gzip" + file_contexts="${selinux_dir}/arc/contexts/files/android_file_contexts" + else + die "System image does not exist" + fi + local android_system_image="$(echo \ "${root_fs_dir}"/opt/google/*/android/system.raw.img)" local android_dir=$(dirname "${android_system_image}") @@ -284,8 +287,6 @@ main() { local working_dir=$(make_temp_dir) local system_mnt="${working_dir}/mnt" - local compression_method=$(sudo unsquashfs -s "${system_img}" | \ - awk '$1 == "Compression" { print $2 }') info "Unpacking squashfs system image to ${system_mnt}" sudo "${unsquashfs}" -x -f -no-progress -d "${system_mnt}" "${system_img}" @@ -295,7 +296,6 @@ main() { sign_framework_apks "${system_mnt}" "${key_dir}" update_sepolicy "${system_mnt}" "${key_dir}" replace_ota_cert "${system_mnt}" "${key_dir}/releasekey.x509.pem" - reapply_file_security_context "${system_mnt}" "${root_fs_dir}" # Validity check. snapshot_file_properties "${system_mnt}" > "${working_dir}/properties.new" @@ -348,9 +348,13 @@ main() { info "Repacking squashfs image" local old_size=$(stat -c '%s' "${system_img}") - # Overwrite the original image. - sudo "${mksquashfs}" "${system_mnt}" "${system_img}" \ - -no-progress -comp "${compression_method}" -noappend + # Remove old system image to prevent mksquashfs tries to merge both images. + sudo rm -rf "${system_img}" + # Note, compression_flags is a combination of flags. Keep this aligned with + # src/private-overlays/project-cheets-private/scripts/board_specific_setup.sh + sudo mksquashfs "${system_mnt}" "${system_img}" \ + ${compression_flags} -context-file "${file_contexts}" -mount-point "/" \ + -no-progress local new_size=$(stat -c '%s' "${system_img}") info "Android system image size change: ${old_size} -> ${new_size}" } |