Commit 87413643 authored by Matt Mower's avatar Matt Mower Committed by Ethan Yonker

SELinux can be assumed for Android 4.4+

Change-Id: I7410a0c8e439eec90a955ee9201efd9a92bb9635
parent a0cd91d3
......@@ -159,25 +159,16 @@ ifeq ($(TARGET_USERIMAGES_USE_EXT4), true)
#LOCAL_STATIC_LIBRARIES += liblz4
endif
endif
ifneq ($(wildcard external/libselinux/Android.mk),)
TWHAVE_SELINUX := true
endif
ifeq ($(TWHAVE_SELINUX), true)
#LOCAL_C_INCLUDES += external/libselinux/include
#LOCAL_STATIC_LIBRARIES += libselinux
#LOCAL_CFLAGS += -DHAVE_SELINUX -g
endif # HAVE_SELINUX
ifeq ($(TWHAVE_SELINUX), true)
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_SHARED_LIBRARIES += libselinux
LOCAL_CFLAGS += -DHAVE_SELINUX
ifneq ($(TARGET_USERIMAGES_USE_EXT4), true)
LOCAL_CFLAGS += -DUSE_EXT4
LOCAL_C_INCLUDES += system/extras/ext4_utils
LOCAL_SHARED_LIBRARIES += libext4_utils
ifneq ($(wildcard external/lz4/Android.mk),)
LOCAL_STATIC_LIBRARIES += liblz4
endif
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_SHARED_LIBRARIES += libselinux
LOCAL_CFLAGS += -g
ifneq ($(TARGET_USERIMAGES_USE_EXT4), true)
LOCAL_CFLAGS += -DUSE_EXT4
LOCAL_C_INCLUDES += system/extras/ext4_utils
LOCAL_SHARED_LIBRARIES += libext4_utils
ifneq ($(wildcard external/lz4/Android.mk),)
LOCAL_STATIC_LIBRARIES += liblz4
endif
endif
......@@ -509,10 +500,8 @@ endif
# If busybox does not have restorecon, assume it does not have SELinux support.
# Then, let toolbox provide 'ls' so -Z is available to list SELinux contexts.
ifeq ($(TWHAVE_SELINUX), true)
ifeq ($(filter restorecon, $(notdir $(BUSYBOX_LINKS))),)
exclude += ls
endif
ifeq ($(filter restorecon, $(notdir $(BUSYBOX_LINKS))),)
exclude += ls
endif
RECOVERY_BUSYBOX_TOOLS := $(filter-out $(exclude), $(notdir $(BUSYBOX_LINKS)))
......
......@@ -25,16 +25,13 @@
#include "fixContexts.hpp"
#include "twrp-functions.hpp"
#include "twcommon.h"
#ifdef HAVE_SELINUX
#include "selinux/selinux.h"
#include "selinux/label.h"
#include "selinux/android.h"
#include "selinux/label.h"
#endif
#include <selinux/selinux.h>
#include <selinux/label.h>
#include <selinux/android.h>
#include <selinux/label.h>
using namespace std;
#ifdef HAVE_SELINUX
struct selabel_handle *sehandle;
struct selinux_opt selinux_options[] = {
{ SELABEL_OPT_PATH, "/file_contexts" }
......@@ -146,18 +143,3 @@ int fixContexts::fixDataMediaContexts(string Mount_Point) {
selabel_close(sehandle);
return 0;
}
#else
int fixContexts::restorecon(string entry __unused, struct stat *sb __unused) {
return -1;
}
int fixContexts::fixContextsRecursively(string name __unused, int level __unused) {
return -1;
}
int fixContexts::fixDataMediaContexts(string Mount_Point __unused) {
return -1;
}
#endif
......@@ -55,9 +55,6 @@ endif
ifneq ($(TW_NO_SCREEN_TIMEOUT),)
LOCAL_CFLAGS += -DTW_NO_SCREEN_TIMEOUT
endif
ifeq ($(HAVE_SELINUX), true)
LOCAL_CFLAGS += -DHAVE_SELINUX
endif
ifeq ($(TW_OEM_BUILD), true)
LOCAL_CFLAGS += -DTW_OEM_BUILD
endif
......
......@@ -10,11 +10,8 @@ LOCAL_C_INCLUDES += $(LOCAL_PATH) \
external/zlib
LOCAL_SHARED_LIBRARIES += libz libc
ifeq ($(TWHAVE_SELINUX), true)
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_SHARED_LIBRARIES += libselinux
LOCAL_CFLAGS += -DHAVE_SELINUX
endif
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_SHARED_LIBRARIES += libselinux
ifeq ($(TW_INCLUDE_CRYPTO_FBE), true)
LOCAL_SHARED_LIBRARIES += libe4crypt
......@@ -34,11 +31,8 @@ LOCAL_C_INCLUDES += $(LOCAL_PATH) \
external/zlib
LOCAL_STATIC_LIBRARIES += libz libc
ifeq ($(TWHAVE_SELINUX), true)
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_STATIC_LIBRARIES += libselinux
LOCAL_CFLAGS += -DHAVE_SELINUX
endif
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_STATIC_LIBRARIES += libselinux
ifeq ($(TW_INCLUDE_CRYPTO_FBE), true)
LOCAL_SHARED_LIBRARIES += libe4crypt
......
......@@ -35,9 +35,7 @@
# include <unistd.h>
#endif
#ifdef HAVE_SELINUX
# include "selinux/selinux.h"
#endif
#include <selinux/selinux.h>
#ifdef HAVE_EXT4_CRYPT
# include "ext4crypt_tar.h"
......@@ -105,7 +103,6 @@ tar_append_file(TAR *t, const char *realname, const char *savename)
#endif
th_set_path(t, (savename ? savename : realname));
#ifdef HAVE_SELINUX
/* get selinux context */
if (t->options & TAR_STORE_SELINUX)
{
......@@ -129,7 +126,6 @@ tar_append_file(TAR *t, const char *realname, const char *savename)
#endif
}
}
#endif
#ifdef HAVE_EXT4_CRYPT
if (TH_ISDIR(t) && t->options & TAR_STORE_EXT4_POL)
......
......@@ -123,10 +123,8 @@ th_read(TAR *t)
free(t->th_buf.gnu_longname);
if (t->th_buf.gnu_longlink != NULL)
free(t->th_buf.gnu_longlink);
#ifdef HAVE_SELINUX
if (t->th_buf.selinux_context != NULL)
free(t->th_buf.selinux_context);
#endif
#ifdef HAVE_EXT4_CRYPT
if (t->th_buf.e4crypt_policy != NULL) {
free(t->th_buf.e4crypt_policy);
......@@ -287,7 +285,7 @@ th_read(TAR *t)
printf(" th_read(): Posix capabilities detected\n");
#endif
} // end posix capabilities
#ifdef HAVE_SELINUX // selinux contexts
// selinux contexts
start = strstr(buf, SELINUX_TAG);
if(start && start+SELINUX_TAG_LEN < buf+len)
{
......@@ -300,8 +298,7 @@ th_read(TAR *t)
printf(" th_read(): SELinux context xattr detected: %s\n", t->th_buf.selinux_context);
#endif
}
}
#endif // HAVE_SELINUX
} // end selinux contexts
#ifdef HAVE_EXT4_CRYPT
start = strstr(buf, E4CRYPT_TAG);
if(start && start+E4CRYPT_TAG_LEN < buf+len)
......@@ -496,7 +493,7 @@ th_write(TAR *t)
memset(buf, 0, T_BLOCKSIZE);
ptr = buf;
#ifdef HAVE_SELINUX
if((t->options & TAR_STORE_SELINUX) && t->th_buf.selinux_context != NULL)
{
#ifdef DEBUG
......@@ -514,7 +511,6 @@ th_write(TAR *t)
snprintf(ptr, T_BLOCKSIZE, "%d "SELINUX_TAG"%s\n", (int)sz, t->th_buf.selinux_context);
ptr += sz;
}
#endif
#ifdef HAVE_EXT4_CRYPT
if((t->options & TAR_STORE_EXT4_POL) && t->th_buf.e4crypt_policy != NULL)
......
......@@ -32,9 +32,7 @@
# include <unistd.h>
#endif
#ifdef HAVE_SELINUX
# include "selinux/selinux.h"
#endif
#include <selinux/selinux.h>
#ifdef HAVE_EXT4_CRYPT
# include "ext4crypt_tar.h"
......@@ -159,7 +157,6 @@ tar_extract_file(TAR *t, const char *realname, const char *prefix, const int *pr
return i;
}
#ifdef HAVE_SELINUX
if((t->options & TAR_STORE_SELINUX) && t->th_buf.selinux_context != NULL)
{
#ifdef DEBUG
......@@ -168,7 +165,6 @@ tar_extract_file(TAR *t, const char *realname, const char *prefix, const int *pr
if (lsetfilecon(realname, t->th_buf.selinux_context) < 0)
fprintf(stderr, "tar_extract_file(): failed to restore SELinux context %s to file %s !!!\n", t->th_buf.selinux_context, realname);
}
#endif
if((t->options & TAR_STORE_POSIX_CAP) && t->th_buf.has_cap_data)
{
......
......@@ -68,9 +68,7 @@ struct tar_header
char padding[12];
char *gnu_longname;
char *gnu_longlink;
#ifdef HAVE_SELINUX
char *selinux_context;
#endif
#ifdef HAVE_EXT4_CRYPT
char *e4crypt_policy;
#endif
......
......@@ -12,11 +12,8 @@ LOCAL_C_INCLUDES := \
external/zlib \
external/safe-iop/include
ifeq ($(TWHAVE_SELINUX),true)
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_SHARED_LIBRARIES += libselinux
LOCAL_CFLAGS += -DHAVE_SELINUX
endif
LOCAL_CFLAGS += -DPLATFORM_SDK_VERSION=$(PLATFORM_SDK_VERSION)
......@@ -44,11 +41,8 @@ LOCAL_C_INCLUDES += \
external/zlib \
external/safe-iop/include
ifeq ($(TWHAVE_SELINUX),true)
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_STATIC_LIBRARIES += libselinux
LOCAL_CFLAGS += -DHAVE_SELINUX
endif
LOCAL_CFLAGS += -DPLATFORM_SDK_VERSION=$(PLATFORM_SDK_VERSION)
......
......@@ -65,10 +65,8 @@ extern "C" {
#define CRYPT_FOOTER_OFFSET 0x4000
#endif
}
#ifdef HAVE_SELINUX
#include "selinux/selinux.h"
#include <selinux/selinux.h>
#include <selinux/label.h>
#endif
#ifdef HAVE_CAPABILITIES
#include <sys/capability.h>
#include <sys/xattr.h>
......@@ -1910,7 +1908,7 @@ bool TWPartition::Wipe_EXT4() {
if (!UnMount(true))
return false;
#if defined(HAVE_SELINUX) && defined(USE_EXT4)
#if defined(USE_EXT4)
int ret;
char *secontext = NULL;
......@@ -2619,14 +2617,14 @@ void TWPartition::Recreate_Media_Folder(void) {
#ifdef TW_INTERNAL_STORAGE_PATH
mkdir(EXPAND(TW_INTERNAL_STORAGE_PATH), 0770);
#endif
#ifdef HAVE_SELINUX
// Afterwards, we will try to set the
// default metadata that we were hopefully able to get during
// early boot.
tw_set_default_metadata(Media_Path.c_str());
if (!Internal_path.empty())
tw_set_default_metadata(Internal_path.c_str());
#endif
// Toggle mount to ensure that "internal sdcard" gets mounted
PartitionManager.UnMount_By_Path(Symlink_Mount_Point, true);
PartitionManager.Mount_By_Path(Symlink_Mount_Point, true);
......
......@@ -1578,7 +1578,6 @@ int TWPartitionManager::Decrypt_Device(string Password) {
}
int TWPartitionManager::Fix_Contexts(void) {
#ifdef HAVE_SELINUX
std::vector<TWPartition*>::iterator iter;
for (iter = Partitions.begin(); iter != Partitions.end(); iter++) {
if ((*iter)->Has_Data_Media) {
......@@ -1591,10 +1590,6 @@ int TWPartitionManager::Fix_Contexts(void) {
UnMount_Main_Partitions();
gui_msg("done=Done.");
return 0;
#else
LOGERR("Cannot fix contexts, no selinux support present.\n");
return -1;
#endif
}
TWPartition* TWPartitionManager::Find_Next_Storage(string Path, bool Exclude_Data_Media) {
......
......@@ -135,19 +135,12 @@ endif
ifneq ($(TW_EXCLUDE_MTP), true)
RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libtwrpmtp.so
endif
ifeq ($(TARGET_USERIMAGES_USE_EXT4), true)
RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libext4_utils.so
endif
RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libext4_utils.so
RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libaosprecovery.so
ifneq ($(TW_INCLUDE_JPEG),)
RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libjpeg.so
endif
ifeq ($(TWHAVE_SELINUX), true)
RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libselinux.so
ifneq ($(TARGET_USERIMAGES_USE_EXT4), true)
RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libext4_utils.so
endif
endif
RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libselinux.so
ifeq ($(BUILD_ID), GINGERBREAD)
TW_NO_EXFAT := true
endif
......
......@@ -18,28 +18,26 @@ endif
# If busybox does not have SELinux support, provide these tools with toolbox.
# Note that RECOVERY_BUSYBOX_TOOLS will be empty if TW_USE_TOOLBOX == true.
ifeq ($(TWHAVE_SELINUX), true)
TOOLS_FOR_SELINUX := \
ls
TOOLS_FOR_SELINUX := \
ls
ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0)
TOOLS_FOR_SELINUX += \
load_policy \
getenforce \
chcon \
restorecon \
runcon \
getsebool \
setsebool
endif
ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0)
TOOLS_FOR_SELINUX += \
load_policy \
getenforce \
chcon \
restorecon \
runcon \
getsebool \
setsebool
endif
OUR_TOOLS += $(filter-out $(RECOVERY_BUSYBOX_TOOLS), $(TOOLS_FOR_SELINUX))
OUR_TOOLS += $(filter-out $(RECOVERY_BUSYBOX_TOOLS), $(TOOLS_FOR_SELINUX))
# toolbox setenforce is used during init, so it needs to be included here
# symlink is omitted at the very end if busybox already provides this
ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0)
OUR_TOOLS += setenforce
endif
# toolbox setenforce is used during init, so it needs to be included here
# symlink is omitted at the very end if busybox already provides this
ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0)
OUR_TOOLS += setenforce
endif
ifeq ($(TW_USE_TOOLBOX), true)
......@@ -153,9 +151,6 @@ ifeq ($(TW_USE_TOOLBOX), true)
vmstat \
watchprops \
wipe
ifneq ($(TWHAVE_SELINUX), true)
OUR_TOOLS += ls
endif
endif
endif
......@@ -209,9 +204,7 @@ else
liblog
endif
ifeq ($(TWHAVE_SELINUX), true)
LOCAL_SHARED_LIBRARIES += libselinux
endif
LOCAL_SHARED_LIBRARIES += libselinux
ifneq (,$(filter $(PLATFORM_SDK_VERSION), 21 22 23))
# libusbhost is only used by lsusb, and that isn't usually included in toolbox.
......@@ -265,13 +258,11 @@ $(TOOLS_H): $(LOCAL_PATH)/Android.mk
$(TOOLS_H):
$(transform-generated-source)
ifeq ($(TWHAVE_SELINUX), true)
# toolbox setenforce is used during init in non-symlink form, so it was
# required to be included as part of the suite above. if busybox already
# provides setenforce, we can omit the toolbox symlink
TEMP_TOOLS := $(filter-out $(RECOVERY_BUSYBOX_TOOLS), $(ALL_TOOLS))
ALL_TOOLS := $(TEMP_TOOLS)
endif
# toolbox setenforce is used during init in non-symlink form, so it was
# required to be included as part of the suite above. if busybox already
# provides setenforce, we can omit the toolbox symlink
TEMP_TOOLS := $(filter-out $(RECOVERY_BUSYBOX_TOOLS), $(ALL_TOOLS))
ALL_TOOLS := $(TEMP_TOOLS)
# Make /sbin/toolbox launchers for each tool
SYMLINKS := $(addprefix $(TARGET_RECOVERY_ROOT_OUT)/sbin/,$(ALL_TOOLS))
......
......@@ -53,10 +53,8 @@ extern "C" {
}
#endif
#ifdef HAVE_SELINUX
#include "selinux/label.h"
#include <selinux/label.h>
struct selabel_handle *selinux_handle;
#endif
extern int adb_server_main(int is_daemon, int server_port, int /* reply_fd */);
......@@ -133,7 +131,6 @@ int main(int argc, char **argv) {
// Load up all the resources
gui_loadResources();
#ifdef HAVE_SELINUX
if (TWFunc::Path_Exists("/prebuilt_file_contexts")) {
if (TWFunc::Path_Exists("/file_contexts")) {
printf("Renaming regular /file_contexts -> /file_contexts.bak\n");
......@@ -170,9 +167,6 @@ int main(int argc, char **argv) {
gui_msg("full_selinux=Full SELinux support is present.");
}
}
#else
gui_warn("no_selinux=No SELinux support (no libselinux).");
#endif
PartitionManager.Mount_By_Path("/cache", false);
......
......@@ -22,11 +22,9 @@ ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0)
endif
LOCAL_STATIC_LIBRARIES += libstdc++
ifeq ($(TWHAVE_SELINUX), true)
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_STATIC_LIBRARIES += libselinux
LOCAL_CFLAGS += -DHAVE_SELINUX
endif
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_STATIC_LIBRARIES += libselinux
ifneq ($(RECOVERY_SDCARD_ON_DATA),)
LOCAL_CFLAGS += -DRECOVERY_SDCARD_ON_DATA
endif
......@@ -65,11 +63,9 @@ ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0)
endif
LOCAL_SHARED_LIBRARIES += libstdc++
ifeq ($(TWHAVE_SELINUX), true)
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_SHARED_LIBRARIES += libselinux
LOCAL_CFLAGS += -DHAVE_SELINUX
endif
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_SHARED_LIBRARIES += libselinux
ifneq ($(RECOVERY_SDCARD_ON_DATA),)
LOCAL_CFLAGS += -DRECOVERY_SDCARD_ON_DATA
endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment