diff --git a/core/Makefile b/core/Makefile index 07064e089..67f274399 100644 --- a/core/Makefile +++ b/core/Makefile @@ -347,9 +347,13 @@ INTERNAL_RAMDISK_FILES := $(filter $(TARGET_ROOT_OUT)/%, \ BUILT_RAMDISK_TARGET := $(PRODUCT_OUT)/ramdisk.img +ifeq ($(HAVE_SELINUX),true) +SELINUX_DEPENDS := sepolicy file_contexts seapp_contexts +endif + # We just build this directly to the install location. INSTALLED_RAMDISK_TARGET := $(BUILT_RAMDISK_TARGET) -$(INSTALLED_RAMDISK_TARGET): $(MKBOOTFS) $(INTERNAL_RAMDISK_FILES) | $(MINIGZIP) +$(INSTALLED_RAMDISK_TARGET): $(MKBOOTFS) $(INTERNAL_RAMDISK_FILES) $(SELINUX_DEPENDS) | $(MINIGZIP) $(call pretty,"Target ram disk: $@") $(hide) $(MKBOOTFS) $(TARGET_ROOT_OUT) | $(MINIGZIP) > $@ @@ -559,6 +563,7 @@ $(if $(BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "cache_fs_type=$(BOARD_CA $(if $(BOARD_CACHEIMAGE_PARTITION_SIZE),$(hide) echo "cache_size=$(BOARD_CACHEIMAGE_PARTITION_SIZE)" >> $(1)) $(if $(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG),$(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(1)) $(if $(mkyaffs2_extra_flags),$(hide) echo "mkyaffs2_extra_flags=$(mkyaffs2_extra_flags)" >> $(1)) +$(if $(filter true, $(strip $(HAVE_SELINUX))), echo "selinux_fc=$(TARGET_ROOT_OUT)/file_contexts" >> $(1)) endef # ----------------------------------------------------------------- @@ -696,7 +701,7 @@ ifdef is_tests_build # $(tests_MODULES)) endif -FULL_SYSTEMIMAGE_DEPS := $(INTERNAL_SYSTEMIMAGE_FILES) $(INTERNAL_USERIMAGES_DEPS) +FULL_SYSTEMIMAGE_DEPS := $(INTERNAL_SYSTEMIMAGE_FILES) $(INTERNAL_USERIMAGES_DEPS) $(SELINUX_DEPENDS) # ----------------------------------------------------------------- # installed file list # Depending on anything that $(BUILT_SYSTEMIMAGE) depends on. @@ -1131,12 +1136,12 @@ INTERNAL_OTA_PACKAGE_TARGET := $(PRODUCT_OUT)/$(name).zip $(INTERNAL_OTA_PACKAGE_TARGET): KEY_CERT_PAIR := $(DEFAULT_KEY_CERT_PAIR) -$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTATOOLS) +$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTATOOLS) $(SELINUX_DEPENDS) @echo "Package OTA: $@" $(hide) ./build/tools/releasetools/ota_from_target_files -v \ -p $(HOST_OUT) \ - -k $(KEY_CERT_PAIR) \ - $(BUILT_TARGET_FILES_PACKAGE) $@ + -k $(KEY_CERT_PAIR) \ + $(BUILT_TARGET_FILES_PACKAGE) $@ .PHONY: otapackage otapackage: $(INTERNAL_OTA_PACKAGE_TARGET) @@ -1159,7 +1164,7 @@ else $(INTERNAL_UPDATE_PACKAGE_TARGET): extensions := $(TARGET_RELEASETOOLS_EXTENSIONS) endif -$(INTERNAL_UPDATE_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTATOOLS) +$(INTERNAL_UPDATE_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTATOOLS) $(SELINUX_DEPENDS) @echo "Package: $@" $(hide) ./build/tools/releasetools/img_from_target_files -v \ -s $(extensions) \ diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py index 15acddc3c..a615d1ac3 100755 --- a/tools/releasetools/build_image.py +++ b/tools/releasetools/build_image.py @@ -46,12 +46,17 @@ def BuildImage(in_dir, prop_dict, out_file): prop_dict["mount_point"]]) if "partition_size" in prop_dict: build_command.append(prop_dict["partition_size"]) + if "selinux_fc" in prop_dict: + build_command.append(prop_dict["selinux_fc"]) else: build_command = ["mkyaffs2image", "-f"] if prop_dict.get("mkyaffs2_extra_flags", None): build_command.extend(prop_dict["mkyaffs2_extra_flags"].split()) build_command.append(in_dir) build_command.append(out_file) + if "selinux_fc" in prop_dict: + build_command.append(prop_dict["selinux_fc"]) + build_command.append(prop_dict["mount_point"]) print "Running: ", " ".join(build_command) p = subprocess.Popen(build_command); @@ -75,6 +80,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): common_props = ( "extfs_sparse_flag", "mkyaffs2_extra_flags", + "selinux_fc", ) for p in common_props: copy_prop(p, p) diff --git a/tools/releasetools/ota_from_target_files b/tools/releasetools/ota_from_target_files index 7e855ce02..3dcfbee40 100755 --- a/tools/releasetools/ota_from_target_files +++ b/tools/releasetools/ota_from_target_files @@ -48,6 +48,10 @@ Usage: ota_from_target_files [flags] input_target_files output_ota_package -e (--extra_script) Insert the contents of file at the end of the update script. + + -a (--aslr_mode) + Specify whether to turn on ASLR for the package (on by default). + """ import sys @@ -381,6 +385,9 @@ def WriteFullOTAPackage(input_zip, output_zip): if OPTIONS.wipe_user_data: script.FormatPartition("/data") + if "selinux_fc" in OPTIONS.info_dict: + WritePolicyConfig(OPTIONS.info_dict["selinux_fc"], output_zip) + script.FormatPartition("/system") script.Mount("/system") script.UnpackPackageDir("recovery", "/system") @@ -415,15 +422,17 @@ def WriteFullOTAPackage(input_zip, output_zip): script.AddToZip(input_zip, output_zip) WriteMetadata(metadata, output_zip) +def WritePolicyConfig(file_context, output_zip): + f = open(file_context, 'r'); + basename = os.path.basename(file_context) + common.ZipWriteStr(output_zip, basename, f.read()) + def WriteMetadata(metadata, output_zip): common.ZipWriteStr(output_zip, "META-INF/com/android/metadata", "".join(["%s=%s\n" % kv for kv in sorted(metadata.iteritems())])) - - - def LoadSystemFiles(z): """Load all the files from SYSTEM/... in a given target-files ZipFile, and return a dict of {filename: File object}."""