Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 779701db authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Extend recovery and updater to support setting file security contexts. 

Extend minzip, recovery, and updater to set the security context on
files based on the file_contexts configuration included in the package.

Change-Id: Ied379f266a16c64f2b4dca15dc39b98fcce16f29
parent 1a114494

Android.mk

+2 −1
Original line number Diff line number Diff line
@@ -24,12 +24,13 @@ ifeq ($(TARGET_USERIMAGES_USE_EXT4), true) 
LOCAL_CFLAGS += -DUSE_EXT4

LOCAL_C_INCLUDES += system/extras/ext4_utils

LOCAL_STATIC_LIBRARIES += libext4_utils libz

endif



ifeq ($(HAVE_SELINUX), true)

LOCAL_C_INCLUDES += external/libselinux/include

LOCAL_STATIC_LIBRARIES += libselinux

LOCAL_CFLAGS += -DHAVE_SELINUX

endif # HAVE_SELINUX

endif



# This binary is in the recovery ramdisk, which is otherwise a copy of root.

# It gets copied there in config/Makefile.  LOCAL_MODULE_TAGS suppresses

minzip/Android.mk

+7 −1
Original line number Diff line number Diff line
@@ -12,6 +12,12 @@ LOCAL_C_INCLUDES += \ 
	external/zlib \

	external/safe-iop/include



ifeq ($(HAVE_SELINUX),true)

LOCAL_C_INCLUDES += external/libselinux/include

LOCAL_STATIC_LIBRARIES += libselinux

LOCAL_CFLAGS += -DHAVE_SELINUX

endif



LOCAL_MODULE := libminzip



LOCAL_CFLAGS += -Wall

minzip/DirUtil.c

+20 −1
Original line number Diff line number Diff line
@@ -54,7 +54,8 @@ getPathDirStatus(const char *path) 


int

dirCreateHierarchy(const char *path, int mode,

        const struct utimbuf *timestamp, bool stripFileName)

        const struct utimbuf *timestamp, bool stripFileName,

        struct selabel_handle *sehnd)

{

    DirStatus ds;
@@ -144,7 +145,25 @@ dirCreateHierarchy(const char *path, int mode, 
        } else if (ds == DMISSING) {

            int err;



#ifdef HAVE_SELINUX

            char *secontext = NULL;



            if (sehnd) {

                selabel_lookup(sehnd, &secontext, cpath, mode);

                setfscreatecon(secontext);

            }

#endif



            err = mkdir(cpath, mode);



#ifdef HAVE_SELINUX



            if (secontext) {

                freecon(secontext);

                setfscreatecon(NULL);

            }

#endif



            if (err != 0) {

                free(cpath);

                return -1;

minzip/DirUtil.h

+9 −1
Original line number Diff line number Diff line
@@ -20,6 +20,13 @@ 
#include <stdbool.h>

#include <utime.h>



#ifdef HAVE_SELINUX

#include <selinux/selinux.h>

#include <selinux/label.h>

#else

struct selabel_handle;

#endif



/* Like "mkdir -p", try to guarantee that all directories

 * specified in path are present, creating as many directories

 * as necessary.  The specified mode is passed to all mkdir
@@ -34,7 +41,8 @@ 
 * (usually if some element of path is not a directory).

 */

int dirCreateHierarchy(const char *path, int mode,

        const struct utimbuf *timestamp, bool stripFileName);

        const struct utimbuf *timestamp, bool stripFileName,

        struct selabel_handle* sehnd);



/* rm -rf <path>

 */

minzip/Zip.c

+22 −3
Original line number Diff line number Diff line
@@ -930,7 +930,8 @@ static const char *targetEntryPath(MzPathHelper *helper, ZipEntry *pEntry) 
bool mzExtractRecursive(const ZipArchive *pArchive,

                        const char *zipDir, const char *targetDir,

                        int flags, const struct utimbuf *timestamp,

                        void (*callback)(const char *fn, void *), void *cookie)

                        void (*callback)(const char *fn, void *), void *cookie,

                        struct selabel_handle *sehnd)

{

    if (zipDir[0] == '/') {

        LOGE("mzExtractRecursive(): zipDir must be a relative path.\n");
@@ -1045,7 +1046,7 @@ bool mzExtractRecursive(const ZipArchive *pArchive, 
        if (pEntry->fileName[pEntry->fileNameLen-1] == '/') {

            if (!(flags & MZ_EXTRACT_FILES_ONLY)) {

                int ret = dirCreateHierarchy(

                        targetFile, UNZIP_DIRMODE, timestamp, false);

                        targetFile, UNZIP_DIRMODE, timestamp, false, sehnd);

                if (ret != 0) {

                    LOGE("Can't create containing directory for \"%s\": %s\n",

                            targetFile, strerror(errno));
@@ -1059,7 +1060,7 @@ bool mzExtractRecursive(const ZipArchive *pArchive, 
             * the containing directory exists.

             */

            int ret = dirCreateHierarchy(

                    targetFile, UNZIP_DIRMODE, timestamp, true);

                    targetFile, UNZIP_DIRMODE, timestamp, true, sehnd);

            if (ret != 0) {

                LOGE("Can't create containing directory for \"%s\": %s\n",

                        targetFile, strerror(errno));
@@ -1113,7 +1114,25 @@ bool mzExtractRecursive(const ZipArchive *pArchive, 
                /* The entry is a regular file.

                 * Open the target for writing.

                 */



#ifdef HAVE_SELINUX

                char *secontext = NULL;



                if (sehnd) {

                    selabel_lookup(sehnd, &secontext, targetFile, UNZIP_FILEMODE);

                    setfscreatecon(secontext);

                }

#endif



                int fd = creat(targetFile, UNZIP_FILEMODE);



#ifdef HAVE_SELINUX

                if (secontext) {

                    freecon(secontext);

                    setfscreatecon(NULL);

                }

#endif



                if (fd < 0) {

                    LOGE("Can't create target file \"%s\": %s\n",

                            targetFile, strerror(errno));