commit 56882bf9b41dc7f8b98f1dea82633144546450b2
author Stephen Smalley <sds@tycho.nsa.gov> Thu Feb 09 13:36:21 2012 -0500
committer Stephen Smalley <sds@tycho.nsa.gov> Fri Apr 06 15:35:41 2012 -0400
tree 651019e05c18e0cbda08f888ae3cd4c0943739f2
parent 5042392262e891221164ce4afbb1127f26b7d629

Support the setting of file security contexts in OTA and update packages.

Pass the file_contexts configuration to the releasetools scripts
so that the security contexts of files can be properly set for OTA
and update packages.

Requires Ica5fb73d6f2ffb981b74d1896538988dbc4d9b24

Change-Id: I5a63fd61a7e74d386d0803946d06bcf2fa8a857e

tools/releasetools/ota_from_target_files

diff --git a/tools/releasetools/ota_from_target_files b/tools/releasetools/ota_from_target_files
index 1514ea7..f838c22 100755
--- a/tools/releasetools/ota_from_target_files
+++ b/tools/releasetools/ota_from_target_files
@@ -51,6 +51,11 @@
 
   -a  (--aslr_mode)  <on|off>
       Specify whether to turn on ASLR for the package (on by default).
+
+  -S  (--file_context) <file>
+      the file contexts configuration used to assign SELinux file
+      context attributes
+
 """
 
 import sys
@@ -87,6 +92,7 @@
 OPTIONS.extra_script = None
 OPTIONS.aslr_mode = True
 OPTIONS.worker_threads = 3
+OPTIONS.selinux_fc = None
 
 def MostPopularKey(d, default):
   """Given a dict, return the key corresponding to the largest
@@ -388,6 +394,9 @@
   if OPTIONS.wipe_user_data:
     script.FormatPartition("/data")
 
+  if OPTIONS.selinux_fc is not None:
+    WritePolicyConfig(OPTIONS.selinux_fc, output_zip)
+
   script.FormatPartition("/system")
   script.Mount("/system")
   script.UnpackPackageDir("recovery", "/system")
@@ -426,15 +435,17 @@
   script.AddToZip(input_zip, output_zip)
   WriteMetadata(metadata, output_zip)
 
+def WritePolicyConfig(file_context, output_zip):
+  f = open(file_context, 'r');
+  basename = os.path.basename(file_context)
+  common.ZipWriteStr(output_zip, basename, f.read())
+
 
 def WriteMetadata(metadata, output_zip):
   common.ZipWriteStr(output_zip, "META-INF/com/android/metadata",
                      "".join(["%s=%s\n" % kv
                               for kv in sorted(metadata.iteritems())]))
 
-
-
-
 def LoadSystemFiles(z):
   """Load all the files from SYSTEM/... in a given target-files
   ZipFile, and return a dict of {filename: File object}."""
@@ -753,12 +764,14 @@
         OPTIONS.aslr_mode = False
     elif o in ("--worker_threads"):
       OPTIONS.worker_threads = int(a)
+    elif o in ("-S", "--file_context"):
+      OPTIONS.selinux_fc = a
     else:
       return False
     return True
 
   args = common.ParseOptions(argv, __doc__,
-                             extra_opts="b:k:i:d:wne:a:",
+                             extra_opts="b:k:i:d:wne:a:S:",
                              extra_long_opts=["board_config=",
                                               "package_key=",
                                               "incremental_from=",
@@ -767,6 +780,7 @@
                                               "extra_script=",
                                               "worker_threads=",
                                               "aslr_mode=",
+                                              "file_context=",
                                               ],
                              extra_option_handler=option_handler)