Support the setting of file security contexts in OTA and update packages.

Pass the file_contexts configuration to the releasetools scripts so that the security contexts of files can be properly set for OTA and update packages. Requires Ica5fb73d6f2ffb981b74d1896538988dbc4d9b24 Change-Id: I5a63fd61a7e74d386d0803946d06bcf2fa8a857e
author: Stephen Smalley <sds@tycho.nsa.gov> 2012-02-09 13:36:21 -0500
committer: Stephen Smalley <sds@tycho.nsa.gov> 2012-04-06 15:35:41 -0400
commit: 56882bf9b41dc7f8b98f1dea82633144546450b2 (patch)
tree: 651019e05c18e0cbda08f888ae3cd4c0943739f2 /tools/releasetools
parent: 5042392262e891221164ce4afbb1127f26b7d629 (diff)
download: build-56882bf9b41dc7f8b98f1dea82633144546450b2.zip
build-56882bf9b41dc7f8b98f1dea82633144546450b2.tar.gz
build-56882bf9b41dc7f8b98f1dea82633144546450b2.tar.bz2
3 files changed, 40 insertions, 8 deletions
diff --git a/tools/releasetools/edify_generator.py b/tools/releasetools/edify_generator.py
index d7b924b..12bb48b 100644
--- a/tools/releasetools/edify_generator.py
+++ b/tools/releasetools/edify_generator.py
@@ -165,9 +165,9 @@ class EdifyGenerator(object):
     fstab = self.info.get("fstab", None)
     if fstab:
       p = fstab[partition]
-      self.script.append('format("%s", "%s", "%s", "%s");' %
+      self.script.append('format("%s", "%s", "%s", "%s", "%s");' %
                          (p.fs_type, common.PARTITION_TYPES[p.fs_type],
-                          p.device, p.length))
+                          p.device, p.length, p.mount_point))
 
   def DeleteFiles(self, file_list):
     """Delete all files in file_list."""
diff --git a/tools/releasetools/img_from_target_files b/tools/releasetools/img_from_target_files
index c5b9886..ad03398 100755
--- a/tools/releasetools/img_from_target_files
+++ b/tools/releasetools/img_from_target_files
@@ -27,6 +27,10 @@ Usage:  img_from_target_files [flags] input_target_files output_image_zip
       Include only the bootable images (eg 'boot' and 'recovery') in
       the output.
 
+  -S  (--file_context) <file>
+      the file contexts configuration used to assign SELinux file
+      context attributes.
+
 """
 
 import sys
@@ -50,6 +54,7 @@ if not hasattr(os, "SEEK_SET"):
 import common
 
 OPTIONS = common.OPTIONS
+OPTIONS.selinux_fc = None
 
 def AddUserdata(output_zip):
   """Create an empty userdata image and store it in output_zip."""
@@ -74,6 +79,8 @@ def AddUserdata(output_zip):
                      fstab["/data"].fs_type, "data"])
     if "userdata_size" in OPTIONS.info_dict:
       build_command.append(str(OPTIONS.info_dict["userdata_size"]))
+    if OPTIONS.selinux_fc is not None:
+      build_command.append(OPTIONS.selinux_fc)
   else:
     build_command = ["mkyaffs2image", "-f"]
     extra = OPTIONS.info_dict.get("mkyaffs2_extra_flags", None)
@@ -81,6 +88,9 @@ def AddUserdata(output_zip):
       build_command.extend(extra.split())
     build_command.append(user_dir)
     build_command.append(img.name)
+    if OPTIONS.selinux_fc is not None:
+      build_command.append(OPTIONS.selinux_fc)
+      build_command.append("/data")
 
   p = common.Run(build_command);
   p.communicate()
@@ -126,6 +136,8 @@ def AddSystem(output_zip):
                      fstab["/system"].fs_type, "system"])
     if "system_size" in OPTIONS.info_dict:
       build_command.append(str(OPTIONS.info_dict["system_size"]))
+    if OPTIONS.selinux_fc is not None:
+      build_command.append(OPTIONS.selinux_fc)
   else:
     build_command = ["mkyaffs2image", "-f"]
     extra = OPTIONS.info_dict.get("mkyaffs2_extra_flags", None)
@@ -133,6 +145,9 @@ def AddSystem(output_zip):
       build_command.extend(extra.split())
     build_command.append(os.path.join(OPTIONS.input_tmp, "system"))
     build_command.append(img.name)
+    if OPTIONS.selinux_fc is not None:
+      build_command.append(OPTIONS.selinux_fc)
+      build_command.append("/system")
 
   p = common.Run(build_command)
   p.communicate()
@@ -160,14 +175,17 @@ def main(argv):
       pass       # deprecated
     if o in ("-z", "--bootable_zip"):
       bootable_only[0] = True
+    if o in ("-S", "--file_context"):
+      OPTIONS.selinux_fc = a
     else:
       return False
     return True
 
   args = common.ParseOptions(argv, __doc__,
-                             extra_opts="b:z",
+                             extra_opts="b:zS:",
                              extra_long_opts=["board_config=",
-                                              "bootable_zip"],
+                                              "bootable_zip",
+                                              "file_context="],
                              extra_option_handler=option_handler)
 
   bootable_only = bootable_only[0]
diff --git a/tools/releasetools/ota_from_target_files b/tools/releasetools/ota_from_target_files
index 1514ea7..f838c22 100755
--- a/tools/releasetools/ota_from_target_files
+++ b/tools/releasetools/ota_from_target_files
@@ -51,6 +51,11 @@ Usage:  ota_from_target_files [flags] input_target_files output_ota_package
 
   -a  (--aslr_mode)  <on|off>
       Specify whether to turn on ASLR for the package (on by default).
+
+  -S  (--file_context) <file>
+      the file contexts configuration used to assign SELinux file
+      context attributes
+
 """
 
 import sys
@@ -87,6 +92,7 @@ OPTIONS.omit_prereq = False
 OPTIONS.extra_script = None
 OPTIONS.aslr_mode = True
 OPTIONS.worker_threads = 3
+OPTIONS.selinux_fc = None
 
 def MostPopularKey(d, default):
   """Given a dict, return the key corresponding to the largest
@@ -388,6 +394,9 @@ def WriteFullOTAPackage(input_zip, output_zip):
   if OPTIONS.wipe_user_data:
     script.FormatPartition("/data")
 
+  if OPTIONS.selinux_fc is not None:
+    WritePolicyConfig(OPTIONS.selinux_fc, output_zip)
+
   script.FormatPartition("/system")
   script.Mount("/system")
   script.UnpackPackageDir("recovery", "/system")
@@ -426,15 +435,17 @@ def WriteFullOTAPackage(input_zip, output_zip):
   script.AddToZip(input_zip, output_zip)
   WriteMetadata(metadata, output_zip)
 
+def WritePolicyConfig(file_context, output_zip):
+  f = open(file_context, 'r');
+  basename = os.path.basename(file_context)
+  common.ZipWriteStr(output_zip, basename, f.read())
+
 
 def WriteMetadata(metadata, output_zip):
   common.ZipWriteStr(output_zip, "META-INF/com/android/metadata",
                      "".join(["%s=%s\n" % kv
                               for kv in sorted(metadata.iteritems())]))
 
-
-
-
 def LoadSystemFiles(z):
   """Load all the files from SYSTEM/... in a given target-files
   ZipFile, and return a dict of {filename: File object}."""
@@ -753,12 +764,14 @@ def main(argv):
         OPTIONS.aslr_mode = False
     elif o in ("--worker_threads"):
       OPTIONS.worker_threads = int(a)
+    elif o in ("-S", "--file_context"):
+      OPTIONS.selinux_fc = a
     else:
       return False
     return True
 
   args = common.ParseOptions(argv, __doc__,
-                             extra_opts="b:k:i:d:wne:a:",
+                             extra_opts="b:k:i:d:wne:a:S:",
                              extra_long_opts=["board_config=",
                                               "package_key=",
                                               "incremental_from=",
@@ -767,6 +780,7 @@ def main(argv):
                                               "extra_script=",
                                               "worker_threads=",
                                               "aslr_mode=",
+                                              "file_context=",
                                               ],
                              extra_option_handler=option_handler)
author	Stephen Smalley <sds@tycho.nsa.gov>	2012-02-09 13:36:21 -0500
committer	Stephen Smalley <sds@tycho.nsa.gov>	2012-04-06 15:35:41 -0400
commit	56882bf9b41dc7f8b98f1dea82633144546450b2 (patch)
tree	651019e05c18e0cbda08f888ae3cd4c0943739f2 /tools/releasetools
parent	5042392262e891221164ce4afbb1127f26b7d629 (diff)
download	build-56882bf9b41dc7f8b98f1dea82633144546450b2.zip build-56882bf9b41dc7f8b98f1dea82633144546450b2.tar.gz build-56882bf9b41dc7f8b98f1dea82633144546450b2.tar.bz2