Android vendor.img中文件执行权问题
问题
Android 9、11往vendor.img增加文件,烧写到设备后发现增加的可执行文件没有执行权限。经过漫长查找,终于找到了问题的根源,谨以此篇献给哪些脚踏实地的人们。
根本原因
system/core/libcutils/fs_config.cpp文件,fs_config函数根据android_dirs、android_files中的配置修改文件的uid、gui、mode(权限)。除了/vendor/bin/、/vendor/xbin/目录下的文件的有执行权限,/vendor目录下的其他文件都没有执行权限。
vendor.img是如何生成的
build/core/Makefile
INSTALLED_VENDORIMAGE_TARGET
3314 # We just build this directly to the install location.
3315 INSTALLED_VENDORIMAGE_TARGET := $(BUILT_VENDORIMAGE_TARGET)
3316 $(INSTALLED_VENDORIMAGE_TARGET): \
3317 $(INTERNAL_USERIMAGES_DEPS) \
3318 $(INTERNAL_VENDORIMAGE_FILES) \
3319 $(INSTALLED_FILES_FILE_VENDOR) \
3320 $(RECOVERY_FROM_BOOT_PATCH)
3321 $(build-vendorimage-target)build-vendorimage-target
BUILT_VENDORIMAGE_TARGET
3294 vendorimage_intermediates := \
3295 $(call intermediates-dir-for,PACKAGING,vendor)
3296 BUILT_VENDORIMAGE_TARGET := $(PRODUCT_OUT)/vendor.img
3297 define build-vendorimage-target
3298 # $(hide) /usr/bin/python build/tools/rcmerge.py $(subst full_,,$(TARGET_PRODUCT)) vnd
3299 $(call pretty,"Target vendor fs image: $(INSTALLED_VENDORIMAGE_TARGET)")
3300 @mkdir -p $(TARGET_OUT_VENDOR)
3301 @rm -rf $(TARGET_OUT_VENDOR)/avm
3302 @mkdir -p $(TARGET_OUT_VENDOR)/avm
3303 $(call create-vendor-odm-symlink)
3304 @mkdir -p $(vendorimage_intermediates) && rm -rf $(vendorimage_intermediates)/vendor_image_info.txt
3305 $(hide) cp -rf $(TOP)/vendor/autochips/proprietary/frameworks/base/avm/file/* $(TARGET_OUT_VENDOR)/avm
3306 $(call generate-image-prop-dictionary, $(vendorimage_intermediates)/vendor_image_info.txt,vendor,skip_fsck=true)
3307 PATH=$(INTERNAL_USERIMAGES_BINARY_PATHS):$$PATH \
3308 $(BUILD_IMAGE) \
3309 $(TARGET_OUT_VENDOR) $(vendorimage_intermediates)/vendor_image_info.txt \
3310 $(INSTALLED_VENDORIMAGE_TARGET) $(TARGET_OUT)
3311 $(call assert-max-image-size,$(INSTALLED_VENDORIMAGE_TARGET) $(RECOVERY_FROM_BOOT_PATCH),$(BOARD_VENDORIMAGE_PARTITION_SIZE))
3312 endefbuild_image
build/core/config.mk
635 BUILD_IMAGE := $(HOST_OUT_EXECUTABLES)/build_image$(HOST_EXECUTABLE_SUFFIX)out/host/linux-x86/bin/build_image
Builds output_image from the given input_directory, properties_file,
and writes the image to target_output_directory.Usage: build_image input_directory properties_file output_image \target_output_directory
build_image.py
build/tools/releasetools/build_image.py
BuildImageMkfs
231 def BuildImageMkfs(in_dir, prop_dict, out_file, target_out, fs_config):
232 """Builds a pure image for the files under in_dir and writes it to out_file.
233
234 Args:
235 in_dir: Path to input directory.
236 prop_dict: A property dict that contains info like partition size. Values
237 will be updated with computed values.
238 out_file: The output image file.
239 target_out: Path to the TARGET_OUT directory as in Makefile. It actually
240 points to the /system directory under PRODUCT_OUT. fs_config (the one
241 under system/core/libcutils) reads device specific FS config files from
242 there.
243 fs_config: The fs_config file that drives the prototype
244
245 Raises:
246 BuildImageError: On build image failures.
247 """
build_command
mkuserimg_mke2fs -s out/target/product/ac8257_64bit/vendor out/target/product/ac8257_64bit/vendor.img ext4 vendor 825540608 -j 0 -D out/target/product/ac8257_64bit/system -L vendor -M 0 --inode_size 256 out/target/product/ac8257_64bit/obj/ETC/file_contexts.bin_intermediates/file_contexts.bin
mkuserimg_mke2fs.py
system/extras/ext4_utils/mkuserimg_mke2fs.py
mke2fs
Usage: mke2fs [-c|-l filename] [-b block-size] [-C cluster-size][-i bytes-per-inode] [-I inode-size] [-J journal-options][-G flex-group-size] [-N number-of-inodes] [-d root-directory][-m reserved-blocks-percentage] [-o creator-os][-g blocks-per-group] [-L volume-label] [-M last-mounted-directory][-O feature[,...]] [-r fs-revision] [-E extended-option[,...]][-t fs-type] [-T usage-type ] [-U UUID] [-e errors_behavior][-z undo_file][-jnqvDFSV] device [blocks-count]MKE2FS_CONFIG=out/soong/.temp/tmpGyRCz5mke2fs -O ^has_journal -L vendor -I 256 -M /vendor -m 0 -E android_sparse -t ext4 -b 4096 out/target/product/ac8257_64bit/vendor.img 201548e2fsdroid
e2fsdroid -p out/target/product/ac8257_64bit/system -S out/target/product/ac8257_64bit/obj/ETC/file_contexts.bin_intermediates/file_contexts.bin -f out/target/product/ac8257_64bit/vendor -a /vendor out/target/product/ac8257_64bit/vendor.imgfile_contexts
obj/ETC/file_contexts.bin_intermediates
system/sepolicy/private/file_contexts
device/autochips/sepolicy/basic/plat_private/file_contexts
device/autochips/sepolicy/bsp/plat_private/file_contextsSetUpInDirAndFsConfig
e2fsdroid源在何处
external/e2fsprogs/contrib/android/e2fsdroid.c
Usage
e2fsdroid [-B block_list] [-D basefs_out] [-T timestamp][-C fs_config] [-S file_contexts] [-p product_out][-a mountpoint] [-d basefs_in] [-f src_dir] [-e] [-s] imageandroid_configure_fs
326 errcode_t android_configure_fs(ext2_filsys fs, char *src_dir, char *target_out,
327 char *mountpoint,
328 struct selinux_opt *seopts EXT2FS_ATTR((unused)),
329 unsigned int nopt EXT2FS_ATTR((unused)),
330 char *fs_config_file, time_t fixed_time,
331 const struct ugid_map* uid_map,
332 const struct ugid_map* gid_map)
333 {359 /* Load the FS config */
360 if (fs_config_file) {
361 retval = load_canned_fs_config(fs_config_file);
362 if (retval < 0) {
363 com_err(__func__, retval,
364 _("while loading fs_config \"%s\""),
365 fs_config_file);
366 return retval;
367 }
368 fs_config_func = canned_fs_config;
369 } else if (mountpoint)
370 fs_config_func = fs_config;
371
372 return __android_configure_fs(fs, src_dir, target_out, mountpoint,
373 fs_config_func, sehnd, fixed_time,
374 uid_map, gid_map);
375 }
fs_config
system/core/libcutils/fs_config.cpp文件,fs_config函数根据android_dirs、android_files中的配置修改文件的uid、gui、mode(权限)。除了/vendor/bin/、/vendor/xbin/目录下的文件的有执行权限,/vendor目录下的其他文件都没有执行权限。
366 for (pc = dir ? android_dirs : android_files; pc->prefix; pc++) {
367 if (fs_config_cmp(dir, pc->prefix, strlen(pc->prefix), path, plen)) {
368 break;
369 }
370 }
371 *uid = pc->uid;
372 *gid = pc->gid;
373 *mode = (*mode & (~07777)) | pc->mode;
374 *capabilities = pc->capabilities;
375 }
android_dirs
59 static const struct fs_path_config android_dirs[] = {60 // clang-format off61 { 00770, AID_SYSTEM, AID_CACHE, 0, "cache" },62 { 00555, AID_ROOT, AID_ROOT, 0, "config" },63 { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app" },64 { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private" },65 { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app-ephemeral" },66 { 00771, AID_ROOT, AID_ROOT, 0, "data/dalvik-cache" },67 { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/data" },68 { 00771, AID_SHELL, AID_SHELL, 0, "data/local/tmp" },69 { 00771, AID_SHELL, AID_SHELL, 0, "data/local" },70 { 00770, AID_DHCP, AID_DHCP, 0, "data/misc/dhcp" },71 { 00771, AID_SHARED_RELRO, AID_SHARED_RELRO, 0, "data/misc/shared_relro" },72 { 01771, AID_SYSTEM, AID_MISC, 0, "data/misc" },73 { 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/Music" },74 { 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media" },75 { 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest" },76 { 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest64" },77 { 00750, AID_ROOT, AID_SHELL, 0, "data/benchmarktest" },78 { 00750, AID_ROOT, AID_SHELL, 0, "data/benchmarktest64" },79 { 00775, AID_ROOT, AID_ROOT, 0, "data/preloads" },80 { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data" },81 { 00755, AID_ROOT, AID_SYSTEM, 0, "mnt" },82 { 00751, AID_ROOT, AID_SHELL, 0, "product/bin" },83 { 00777, AID_ROOT, AID_ROOT, 0, "sdcard" },84 { 00751, AID_ROOT, AID_SDCARD_R, 0, "storage" },85 { 00751, AID_ROOT, AID_SHELL, 0, "system/bin" },86 { 00755, AID_ROOT, AID_ROOT, 0, "system/etc/ppp" },87 { 00755, AID_ROOT, AID_SHELL, 0, "system/vendor" },88 { 00751, AID_ROOT, AID_SHELL, 0, "system/xbin" },89 { 00751, AID_ROOT, AID_SHELL, 0, "system/apex/*/bin" },90 { 00751, AID_ROOT, AID_SHELL, 0, "system_ext/bin" },91 { 00751, AID_ROOT, AID_SHELL, 0, "system_ext/apex/*/bin" },92 { 00751, AID_ROOT, AID_SHELL, 0, "vendor/bin" },93 { 00755, AID_ROOT, AID_SHELL, 0, "vendor" },94 { 00755, AID_ROOT, AID_ROOT, 0, 0 },95 // clang-format on96 };android_files
139 static const struct fs_path_config android_files[] = {
140 // clang-format off
141 { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app/*" },
142 { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-ephemeral/*" },
143 { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private/*" },
144 { 00644, AID_APP, AID_APP, 0, "data/data/*" },
145 { 00644, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/*" },
146 { 00640, AID_ROOT, AID_SHELL, 0, "data/nativetest/tests.txt" },
147 { 00640, AID_ROOT, AID_SHELL, 0, "data/nativetest64/tests.txt" },
148 { 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest/*" },
149 { 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest64/*" },
150 { 00750, AID_ROOT, AID_SHELL, 0, "data/benchmarktest/*" },
151 { 00750, AID_ROOT, AID_SHELL, 0, "data/benchmarktest64/*" },
152 { 00600, AID_ROOT, AID_ROOT, 0, "default.prop" }, // legacy
153 { 00600, AID_ROOT, AID_ROOT, 0, "system/etc/prop.default" },
154 { 00600, AID_ROOT, AID_ROOT, 0, "odm/build.prop" }, // legacy; only for P release
155 { 00600, AID_ROOT, AID_ROOT, 0, "odm/default.prop" }, // legacy; only for P release
156 { 00600, AID_ROOT, AID_ROOT, 0, "odm/etc/build.prop" },
157 { 00444, AID_ROOT, AID_ROOT, 0, odm_conf_dir + 1 },
158 { 00444, AID_ROOT, AID_ROOT, 0, odm_conf_file + 1 },
159 { 00444, AID_ROOT, AID_ROOT, 0, oem_conf_dir + 1 },
160 { 00444, AID_ROOT, AID_ROOT, 0, oem_conf_file + 1 },
161 { 00600, AID_ROOT, AID_ROOT, 0, "product/build.prop" },
162 { 00444, AID_ROOT, AID_ROOT, 0, product_conf_dir + 1 },
163 { 00444, AID_ROOT, AID_ROOT, 0, product_conf_file + 1 },
164 { 00600, AID_ROOT, AID_ROOT, 0, "system_ext/build.prop" },
165 { 00444, AID_ROOT, AID_ROOT, 0, system_ext_conf_dir + 1 },
166 { 00444, AID_ROOT, AID_ROOT, 0, system_ext_conf_file + 1 },
167 { 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump32" },
168 { 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump64" },
169 { 00755, AID_ROOT, AID_SHELL, 0, "system/bin/debuggerd" },
170 { 00550, AID_LOGD, AID_LOGD, 0, "system/bin/logd" },
171 { 00700, AID_ROOT, AID_ROOT, 0, "system/bin/secilc" },
172 { 00750, AID_ROOT, AID_ROOT, 0, "system/bin/uncrypt" },
173 { 00600, AID_ROOT, AID_ROOT, 0, "system/build.prop" },
174 { 00444, AID_ROOT, AID_ROOT, 0, sys_conf_dir + 1 },
175 { 00444, AID_ROOT, AID_ROOT, 0, sys_conf_file + 1 },
176 { 00440, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.rc" },
177 { 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.sh" },
178 { 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.ril" },
179 { 00555, AID_ROOT, AID_ROOT, 0, "system/etc/ppp/*" },
180 { 00555, AID_ROOT, AID_ROOT, 0, "system/etc/rc.*" },
181 { 00750, AID_ROOT, AID_ROOT, 0, "vendor/bin/install-recovery.sh" },
182 { 00600, AID_ROOT, AID_ROOT, 0, "vendor/build.prop" },
183 { 00600, AID_ROOT, AID_ROOT, 0, "vendor/default.prop" },
184 { 00440, AID_ROOT, AID_ROOT, 0, "vendor/etc/recovery.img" },
185 { 00444, AID_ROOT, AID_ROOT, 0, ven_conf_dir + 1 },
186 { 00444, AID_ROOT, AID_ROOT, 0, ven_conf_file + 1 },
187
188 // the following two files are INTENTIONALLY set-uid, but they
189 // are NOT included on user builds.
190 { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
191 { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
192
193 // the following files have enhanced capabilities and ARE included
194 // in user builds.
195 { 00700, AID_SYSTEM, AID_SHELL, CAP_MASK_LONG(CAP_BLOCK_SUSPEND),
196 "system/bin/inputflinger" },
197 { 00750, AID_ROOT, AID_SHELL, CAP_MASK_LONG(CAP_SETUID) |
198 CAP_MASK_LONG(CAP_SETGID),
199 "system/bin/run-as" },
200 { 00750, AID_ROOT, AID_SHELL, CAP_MASK_LONG(CAP_SETUID) |
201 CAP_MASK_LONG(CAP_SETGID),
202 "system/bin/simpleperf_app_runner" },
203 { 00755, AID_ROOT, AID_ROOT, 0, "first_stage_ramdisk/system/bin/e2fsck" },
204 { 00755, AID_ROOT, AID_ROOT, 0, "first_stage_ramdisk/system/bin/tune2fs" },
205 { 00755, AID_ROOT, AID_ROOT, 0, "first_stage_ramdisk/system/bin/resize2fs" },
206 // generic defaults
207 { 00755, AID_ROOT, AID_ROOT, 0, "bin/*" },
208 { 00640, AID_ROOT, AID_SHELL, 0, "fstab.*" },
209 { 00750, AID_ROOT, AID_SHELL, 0, "init*" },
210 { 00755, AID_ROOT, AID_SHELL, 0, "odm/bin/*" },
211 { 00755, AID_ROOT, AID_SHELL, 0, "product/bin/*" },
212 { 00755, AID_ROOT, AID_SHELL, 0, "system/bin/*" },
213 { 00755, AID_ROOT, AID_SHELL, 0, "system/xbin/*" },
214 { 00755, AID_ROOT, AID_SHELL, 0, "system/apex/*/bin/*" },
215 { 00755, AID_ROOT, AID_SHELL, 0, "system_ext/bin/*" },
216 { 00755, AID_ROOT, AID_SHELL, 0, "system_ext/apex/*/bin/*" },
217 { 00755, AID_ROOT, AID_SHELL, 0, "vendor/bin/*" },
218 { 00755, AID_ROOT, AID_SHELL, 0, "vendor/xbin/*" },
219 { 00771, AID_ROOT, AID_SYSTEM, 0, "avm/*" },
220 { 00644, AID_ROOT, AID_ROOT, 0, 0 },
221 // clang-format on
222 };如何调试
build_image.py
build/core
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -341,8 +341,12 @@ def BuildImageMkfs(in_dir, prop_dict, out_file, target_out, fs_config):raise BuildImageError("Error: unknown filesystem type: {}".format(fs_type))+ if "vendor" == prop_dict["mount_point"]:
+ print("build_command: %s" % (build_command))try:mkfs_output = common.RunAndCheckOutput(build_command)
+ if "vendor" == prop_dict["mount_point"]:
+ print("mkfs_output: %s" % mkfs_output)except:try:du = GetDiskUsage(in_dir)mkuserimg_mke2fs.py
system/extras
--- a/ext4_utils/mkuserimg_mke2fs.py
+++ b/ext4_utils/mkuserimg_mke2fs.py
@@ -223,6 +223,7 @@ def main(argv):if args.timestamp:mke2fs_env["E2FSPROGS_FAKE_TIME"] = args.timestamp+ print("mke2fs_cmd: %s, mke2fs_env: %s\n" % (mke2fs_cmd, mke2fs_env))output, ret = RunCommand(mke2fs_cmd, mke2fs_env)print(output)if ret != 0:
@@ -234,6 +235,7 @@ def main(argv):if args.timestamp:e2fsdroid_env["E2FSPROGS_FAKE_TIME"] = args.timestamp+ print("e2fsdroid_cmd: %s, e2fsdroid_env: %s\n" % (e2fsdroid_cmd, e2fsdroid_env))output, ret = RunCommand(e2fsdroid_cmd, e2fsdroid_env)# The build script is parsing the raw output of e2fsdroid; keep the pattern# unchanged for now.fs_config.cpp
system/core
--- a/libcutils/fs_config.cpp
+++ b/libcutils/fs_config.cpp
@@ -367,6 +367,7 @@ void fs_config(const char* path, int dir, const char* target_out_path, unsigned*break;}}
+ printf("%s %s, prefix: %s %o\n", path, target_out_path, pc->prefix, pc->mode);*uid = pc->uid;*gid = pc->gid;*mode = (*mode & (~07777)) | pc->mode;