am b22f6853
: Merge changes I5a63fd61,I7c6f59fe
* commit 'b22f6853d9e6dd45491a20e31a63beda6c0f3717': Support the setting of file security contexts in OTA and update packages. Pass the file_contexts configuration to mkyaffs2image and make_ext4fs.
This commit is contained in:
@@ -342,9 +342,13 @@ INTERNAL_RAMDISK_FILES := $(filter $(TARGET_ROOT_OUT)/%, \
|
|||||||
|
|
||||||
BUILT_RAMDISK_TARGET := $(PRODUCT_OUT)/ramdisk.img
|
BUILT_RAMDISK_TARGET := $(PRODUCT_OUT)/ramdisk.img
|
||||||
|
|
||||||
|
ifeq ($(HAVE_SELINUX),true)
|
||||||
|
SELINUX_DEPENDS := sepolicy file_contexts seapp_contexts
|
||||||
|
endif
|
||||||
|
|
||||||
# We just build this directly to the install location.
|
# We just build this directly to the install location.
|
||||||
INSTALLED_RAMDISK_TARGET := $(BUILT_RAMDISK_TARGET)
|
INSTALLED_RAMDISK_TARGET := $(BUILT_RAMDISK_TARGET)
|
||||||
$(INSTALLED_RAMDISK_TARGET): $(MKBOOTFS) $(INTERNAL_RAMDISK_FILES) | $(MINIGZIP)
|
$(INSTALLED_RAMDISK_TARGET): $(MKBOOTFS) $(INTERNAL_RAMDISK_FILES) $(SELINUX_DEPENDS) | $(MINIGZIP)
|
||||||
$(call pretty,"Target ram disk: $@")
|
$(call pretty,"Target ram disk: $@")
|
||||||
$(hide) $(MKBOOTFS) $(TARGET_ROOT_OUT) | $(MINIGZIP) > $@
|
$(hide) $(MKBOOTFS) $(TARGET_ROOT_OUT) | $(MINIGZIP) > $@
|
||||||
|
|
||||||
@@ -612,8 +616,11 @@ INTERNAL_USERIMAGES_BINARY_PATHS := $(sort $(dir $(INTERNAL_USERIMAGES_DEPS)))
|
|||||||
# $(5): size of the partition
|
# $(5): size of the partition
|
||||||
define build-userimage-ext-target
|
define build-userimage-ext-target
|
||||||
@mkdir -p $(dir $(2))
|
@mkdir -p $(dir $(2))
|
||||||
$(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH \
|
$(if $(filter true, $(strip $(HAVE_SELINUX))), \
|
||||||
$(MKEXTUSERIMG) $(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG) $(1) $(2) $(4) $(3) $(5)
|
$(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH \
|
||||||
|
$(MKEXTUSERIMG) $(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG) $(1) $(2) $(4) $(3) $(5) $(TARGET_ROOT_OUT)/file_contexts, \
|
||||||
|
$(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH \
|
||||||
|
$(MKEXTUSERIMG) $(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG) $(1) $(2) $(4) $(3) $(5))
|
||||||
endef
|
endef
|
||||||
else
|
else
|
||||||
INTERNAL_USERIMAGES_DEPS := $(MKYAFFS2)
|
INTERNAL_USERIMAGES_DEPS := $(MKYAFFS2)
|
||||||
@@ -745,7 +752,7 @@ INTERNAL_SYSTEMIMAGE_FILES := $(filter $(TARGET_OUT)/%, \
|
|||||||
$(ALL_GENERATED_SOURCES) \
|
$(ALL_GENERATED_SOURCES) \
|
||||||
$(ALL_DEFAULT_INSTALLED_MODULES))
|
$(ALL_DEFAULT_INSTALLED_MODULES))
|
||||||
|
|
||||||
FULL_SYSTEMIMAGE_DEPS := $(INTERNAL_SYSTEMIMAGE_FILES) $(INTERNAL_USERIMAGES_DEPS)
|
FULL_SYSTEMIMAGE_DEPS := $(INTERNAL_SYSTEMIMAGE_FILES) $(INTERNAL_USERIMAGES_DEPS) $(SELINUX_DEPENDS)
|
||||||
# -----------------------------------------------------------------
|
# -----------------------------------------------------------------
|
||||||
# installed file list
|
# installed file list
|
||||||
# Depending on anything that $(BUILT_SYSTEMIMAGE) depends on.
|
# Depending on anything that $(BUILT_SYSTEMIMAGE) depends on.
|
||||||
@@ -787,7 +794,9 @@ else # INTERNAL_USERIMAGES_USE_EXT != true
|
|||||||
define build-systemimage-target
|
define build-systemimage-target
|
||||||
@echo "Target system fs image: $(1)"
|
@echo "Target system fs image: $(1)"
|
||||||
@mkdir -p $(dir $(1))
|
@mkdir -p $(dir $(1))
|
||||||
$(hide) $(MKYAFFS2) -f $(mkyaffs2_extra_flags) $(TARGET_OUT) $(1)
|
$(if $(filter true, $(strip $(HAVE_SELINUX))), \
|
||||||
|
$(hide) $(MKYAFFS2) -f $(mkyaffs2_extra_flags) $(TARGET_OUT) $(1) $(TARGET_ROOT_OUT)/file_contexts /system, \
|
||||||
|
$(hide) $(MKYAFFS2) -f $(mkyaffs2_extra_flags) $(TARGET_OUT) $(1))
|
||||||
endef
|
endef
|
||||||
endif # INTERNAL_USERIMAGES_USE_EXT
|
endif # INTERNAL_USERIMAGES_USE_EXT
|
||||||
|
|
||||||
@@ -911,7 +920,9 @@ else # INTERNAL_USERIMAGES_USE_EXT != true
|
|||||||
define build-userdataimage-target
|
define build-userdataimage-target
|
||||||
$(call pretty,"Target userdata fs image: $(INSTALLED_USERDATAIMAGE_TARGET)")
|
$(call pretty,"Target userdata fs image: $(INSTALLED_USERDATAIMAGE_TARGET)")
|
||||||
@mkdir -p $(TARGET_OUT_DATA)
|
@mkdir -p $(TARGET_OUT_DATA)
|
||||||
$(hide) $(MKYAFFS2) -f $(mkyaffs2_extra_flags) $(TARGET_OUT_DATA) $(INSTALLED_USERDATAIMAGE_TARGET)
|
$(if $(filter true, $(strip $(HAVE_SELINUX))), \
|
||||||
|
$(hide) $(MKYAFFS2) -f $(mkyaffs2_extra_flags) $(TARGET_OUT_DATA) $(INSTALLED_USERDATAIMAGE_TARGET) $(TARGET_ROOT_OUT)/file_contexts /data, \
|
||||||
|
$(hide) $(MKYAFFS2) -f $(mkyaffs2_extra_flags) $(TARGET_OUT_DATA) $(INSTALLED_USERDATAIMAGE_TARGET))
|
||||||
$(hide) $(call assert-max-image-size,$(INSTALLED_USERDATAIMAGE_TARGET),$(BOARD_USERDATAIMAGE_PARTITION_SIZE),yaffs)
|
$(hide) $(call assert-max-image-size,$(INSTALLED_USERDATAIMAGE_TARGET),$(BOARD_USERDATAIMAGE_PARTITION_SIZE),yaffs)
|
||||||
endef
|
endef
|
||||||
endif # INTERNAL_USERIMAGES_USE_EXT
|
endif # INTERNAL_USERIMAGES_USE_EXT
|
||||||
@@ -1153,12 +1164,13 @@ INTERNAL_OTA_PACKAGE_TARGET := $(PRODUCT_OUT)/$(name).zip
|
|||||||
|
|
||||||
$(INTERNAL_OTA_PACKAGE_TARGET): KEY_CERT_PAIR := $(DEFAULT_KEY_CERT_PAIR)
|
$(INTERNAL_OTA_PACKAGE_TARGET): KEY_CERT_PAIR := $(DEFAULT_KEY_CERT_PAIR)
|
||||||
|
|
||||||
$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTATOOLS)
|
$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTATOOLS) $(SELINUX_DEPENDS)
|
||||||
@echo "Package OTA: $@"
|
@echo "Package OTA: $@"
|
||||||
$(hide) ./build/tools/releasetools/ota_from_target_files -v \
|
$(hide) ./build/tools/releasetools/ota_from_target_files -v \
|
||||||
|
$(if $(filter true, $(strip $(HAVE_SELINUX))),-S $(TARGET_ROOT_OUT)/file_contexts) \
|
||||||
-p $(HOST_OUT) \
|
-p $(HOST_OUT) \
|
||||||
-k $(KEY_CERT_PAIR) \
|
-k $(KEY_CERT_PAIR) \
|
||||||
$(BUILT_TARGET_FILES_PACKAGE) $@
|
$(BUILT_TARGET_FILES_PACKAGE) $@
|
||||||
|
|
||||||
.PHONY: otapackage
|
.PHONY: otapackage
|
||||||
otapackage: $(INTERNAL_OTA_PACKAGE_TARGET)
|
otapackage: $(INTERNAL_OTA_PACKAGE_TARGET)
|
||||||
@@ -1181,11 +1193,12 @@ else
|
|||||||
$(INTERNAL_UPDATE_PACKAGE_TARGET): extensions := $(TARGET_RELEASETOOLS_EXTENSIONS)
|
$(INTERNAL_UPDATE_PACKAGE_TARGET): extensions := $(TARGET_RELEASETOOLS_EXTENSIONS)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
$(INTERNAL_UPDATE_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTATOOLS)
|
$(INTERNAL_UPDATE_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTATOOLS) $(SELINUX_DEPENDS)
|
||||||
@echo "Package: $@"
|
@echo "Package: $@"
|
||||||
$(hide) ./build/tools/releasetools/img_from_target_files -v \
|
$(hide) ./build/tools/releasetools/img_from_target_files -v \
|
||||||
-s $(extensions) \
|
-s $(extensions) \
|
||||||
-p $(HOST_OUT) \
|
-p $(HOST_OUT) \
|
||||||
|
$(if $(filter true, $(strip $(HAVE_SELINUX))),-S $(TARGET_ROOT_OUT)/file_contexts) \
|
||||||
$(BUILT_TARGET_FILES_PACKAGE) $@
|
$(BUILT_TARGET_FILES_PACKAGE) $@
|
||||||
|
|
||||||
.PHONY: updatepackage
|
.PHONY: updatepackage
|
||||||
|
@@ -165,9 +165,9 @@ class EdifyGenerator(object):
|
|||||||
fstab = self.info.get("fstab", None)
|
fstab = self.info.get("fstab", None)
|
||||||
if fstab:
|
if fstab:
|
||||||
p = fstab[partition]
|
p = fstab[partition]
|
||||||
self.script.append('format("%s", "%s", "%s", "%s");' %
|
self.script.append('format("%s", "%s", "%s", "%s", "%s");' %
|
||||||
(p.fs_type, common.PARTITION_TYPES[p.fs_type],
|
(p.fs_type, common.PARTITION_TYPES[p.fs_type],
|
||||||
p.device, p.length))
|
p.device, p.length, p.mount_point))
|
||||||
|
|
||||||
def DeleteFiles(self, file_list):
|
def DeleteFiles(self, file_list):
|
||||||
"""Delete all files in file_list."""
|
"""Delete all files in file_list."""
|
||||||
|
@@ -27,6 +27,10 @@ Usage: img_from_target_files [flags] input_target_files output_image_zip
|
|||||||
Include only the bootable images (eg 'boot' and 'recovery') in
|
Include only the bootable images (eg 'boot' and 'recovery') in
|
||||||
the output.
|
the output.
|
||||||
|
|
||||||
|
-S (--file_context) <file>
|
||||||
|
the file contexts configuration used to assign SELinux file
|
||||||
|
context attributes.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
@@ -50,6 +54,7 @@ if not hasattr(os, "SEEK_SET"):
|
|||||||
import common
|
import common
|
||||||
|
|
||||||
OPTIONS = common.OPTIONS
|
OPTIONS = common.OPTIONS
|
||||||
|
OPTIONS.selinux_fc = None
|
||||||
|
|
||||||
def AddUserdata(output_zip):
|
def AddUserdata(output_zip):
|
||||||
"""Create an empty userdata image and store it in output_zip."""
|
"""Create an empty userdata image and store it in output_zip."""
|
||||||
@@ -74,6 +79,8 @@ def AddUserdata(output_zip):
|
|||||||
fstab["/data"].fs_type, "data"])
|
fstab["/data"].fs_type, "data"])
|
||||||
if "userdata_size" in OPTIONS.info_dict:
|
if "userdata_size" in OPTIONS.info_dict:
|
||||||
build_command.append(str(OPTIONS.info_dict["userdata_size"]))
|
build_command.append(str(OPTIONS.info_dict["userdata_size"]))
|
||||||
|
if OPTIONS.selinux_fc is not None:
|
||||||
|
build_command.append(OPTIONS.selinux_fc)
|
||||||
else:
|
else:
|
||||||
build_command = ["mkyaffs2image", "-f"]
|
build_command = ["mkyaffs2image", "-f"]
|
||||||
extra = OPTIONS.info_dict.get("mkyaffs2_extra_flags", None)
|
extra = OPTIONS.info_dict.get("mkyaffs2_extra_flags", None)
|
||||||
@@ -81,6 +88,9 @@ def AddUserdata(output_zip):
|
|||||||
build_command.extend(extra.split())
|
build_command.extend(extra.split())
|
||||||
build_command.append(user_dir)
|
build_command.append(user_dir)
|
||||||
build_command.append(img.name)
|
build_command.append(img.name)
|
||||||
|
if OPTIONS.selinux_fc is not None:
|
||||||
|
build_command.append(OPTIONS.selinux_fc)
|
||||||
|
build_command.append("/data")
|
||||||
|
|
||||||
p = common.Run(build_command);
|
p = common.Run(build_command);
|
||||||
p.communicate()
|
p.communicate()
|
||||||
@@ -126,6 +136,8 @@ def AddSystem(output_zip):
|
|||||||
fstab["/system"].fs_type, "system"])
|
fstab["/system"].fs_type, "system"])
|
||||||
if "system_size" in OPTIONS.info_dict:
|
if "system_size" in OPTIONS.info_dict:
|
||||||
build_command.append(str(OPTIONS.info_dict["system_size"]))
|
build_command.append(str(OPTIONS.info_dict["system_size"]))
|
||||||
|
if OPTIONS.selinux_fc is not None:
|
||||||
|
build_command.append(OPTIONS.selinux_fc)
|
||||||
else:
|
else:
|
||||||
build_command = ["mkyaffs2image", "-f"]
|
build_command = ["mkyaffs2image", "-f"]
|
||||||
extra = OPTIONS.info_dict.get("mkyaffs2_extra_flags", None)
|
extra = OPTIONS.info_dict.get("mkyaffs2_extra_flags", None)
|
||||||
@@ -133,6 +145,9 @@ def AddSystem(output_zip):
|
|||||||
build_command.extend(extra.split())
|
build_command.extend(extra.split())
|
||||||
build_command.append(os.path.join(OPTIONS.input_tmp, "system"))
|
build_command.append(os.path.join(OPTIONS.input_tmp, "system"))
|
||||||
build_command.append(img.name)
|
build_command.append(img.name)
|
||||||
|
if OPTIONS.selinux_fc is not None:
|
||||||
|
build_command.append(OPTIONS.selinux_fc)
|
||||||
|
build_command.append("/system")
|
||||||
|
|
||||||
p = common.Run(build_command)
|
p = common.Run(build_command)
|
||||||
p.communicate()
|
p.communicate()
|
||||||
@@ -160,14 +175,17 @@ def main(argv):
|
|||||||
pass # deprecated
|
pass # deprecated
|
||||||
if o in ("-z", "--bootable_zip"):
|
if o in ("-z", "--bootable_zip"):
|
||||||
bootable_only[0] = True
|
bootable_only[0] = True
|
||||||
|
if o in ("-S", "--file_context"):
|
||||||
|
OPTIONS.selinux_fc = a
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
|
|
||||||
args = common.ParseOptions(argv, __doc__,
|
args = common.ParseOptions(argv, __doc__,
|
||||||
extra_opts="b:z",
|
extra_opts="b:zS:",
|
||||||
extra_long_opts=["board_config=",
|
extra_long_opts=["board_config=",
|
||||||
"bootable_zip"],
|
"bootable_zip",
|
||||||
|
"file_context="],
|
||||||
extra_option_handler=option_handler)
|
extra_option_handler=option_handler)
|
||||||
|
|
||||||
bootable_only = bootable_only[0]
|
bootable_only = bootable_only[0]
|
||||||
|
@@ -51,6 +51,11 @@ Usage: ota_from_target_files [flags] input_target_files output_ota_package
|
|||||||
|
|
||||||
-a (--aslr_mode) <on|off>
|
-a (--aslr_mode) <on|off>
|
||||||
Specify whether to turn on ASLR for the package (on by default).
|
Specify whether to turn on ASLR for the package (on by default).
|
||||||
|
|
||||||
|
-S (--file_context) <file>
|
||||||
|
the file contexts configuration used to assign SELinux file
|
||||||
|
context attributes
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
@@ -87,6 +92,7 @@ OPTIONS.omit_prereq = False
|
|||||||
OPTIONS.extra_script = None
|
OPTIONS.extra_script = None
|
||||||
OPTIONS.aslr_mode = True
|
OPTIONS.aslr_mode = True
|
||||||
OPTIONS.worker_threads = 3
|
OPTIONS.worker_threads = 3
|
||||||
|
OPTIONS.selinux_fc = None
|
||||||
|
|
||||||
def MostPopularKey(d, default):
|
def MostPopularKey(d, default):
|
||||||
"""Given a dict, return the key corresponding to the largest
|
"""Given a dict, return the key corresponding to the largest
|
||||||
@@ -388,6 +394,9 @@ def WriteFullOTAPackage(input_zip, output_zip):
|
|||||||
if OPTIONS.wipe_user_data:
|
if OPTIONS.wipe_user_data:
|
||||||
script.FormatPartition("/data")
|
script.FormatPartition("/data")
|
||||||
|
|
||||||
|
if OPTIONS.selinux_fc is not None:
|
||||||
|
WritePolicyConfig(OPTIONS.selinux_fc, output_zip)
|
||||||
|
|
||||||
script.FormatPartition("/system")
|
script.FormatPartition("/system")
|
||||||
script.Mount("/system")
|
script.Mount("/system")
|
||||||
script.UnpackPackageDir("recovery", "/system")
|
script.UnpackPackageDir("recovery", "/system")
|
||||||
@@ -426,15 +435,17 @@ def WriteFullOTAPackage(input_zip, output_zip):
|
|||||||
script.AddToZip(input_zip, output_zip)
|
script.AddToZip(input_zip, output_zip)
|
||||||
WriteMetadata(metadata, output_zip)
|
WriteMetadata(metadata, output_zip)
|
||||||
|
|
||||||
|
def WritePolicyConfig(file_context, output_zip):
|
||||||
|
f = open(file_context, 'r');
|
||||||
|
basename = os.path.basename(file_context)
|
||||||
|
common.ZipWriteStr(output_zip, basename, f.read())
|
||||||
|
|
||||||
|
|
||||||
def WriteMetadata(metadata, output_zip):
|
def WriteMetadata(metadata, output_zip):
|
||||||
common.ZipWriteStr(output_zip, "META-INF/com/android/metadata",
|
common.ZipWriteStr(output_zip, "META-INF/com/android/metadata",
|
||||||
"".join(["%s=%s\n" % kv
|
"".join(["%s=%s\n" % kv
|
||||||
for kv in sorted(metadata.iteritems())]))
|
for kv in sorted(metadata.iteritems())]))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def LoadSystemFiles(z):
|
def LoadSystemFiles(z):
|
||||||
"""Load all the files from SYSTEM/... in a given target-files
|
"""Load all the files from SYSTEM/... in a given target-files
|
||||||
ZipFile, and return a dict of {filename: File object}."""
|
ZipFile, and return a dict of {filename: File object}."""
|
||||||
@@ -753,12 +764,14 @@ def main(argv):
|
|||||||
OPTIONS.aslr_mode = False
|
OPTIONS.aslr_mode = False
|
||||||
elif o in ("--worker_threads"):
|
elif o in ("--worker_threads"):
|
||||||
OPTIONS.worker_threads = int(a)
|
OPTIONS.worker_threads = int(a)
|
||||||
|
elif o in ("-S", "--file_context"):
|
||||||
|
OPTIONS.selinux_fc = a
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
|
|
||||||
args = common.ParseOptions(argv, __doc__,
|
args = common.ParseOptions(argv, __doc__,
|
||||||
extra_opts="b:k:i:d:wne:a:",
|
extra_opts="b:k:i:d:wne:a:S:",
|
||||||
extra_long_opts=["board_config=",
|
extra_long_opts=["board_config=",
|
||||||
"package_key=",
|
"package_key=",
|
||||||
"incremental_from=",
|
"incremental_from=",
|
||||||
@@ -767,6 +780,7 @@ def main(argv):
|
|||||||
"extra_script=",
|
"extra_script=",
|
||||||
"worker_threads=",
|
"worker_threads=",
|
||||||
"aslr_mode=",
|
"aslr_mode=",
|
||||||
|
"file_context=",
|
||||||
],
|
],
|
||||||
extra_option_handler=option_handler)
|
extra_option_handler=option_handler)
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user