diff options
author | Yongqin Liu <yongqin.liu@linaro.org> | 2014-07-30 19:32:42 +0800 |
---|---|---|
committer | Linaro Code Review <review@review.linaro.org> | 2014-08-18 13:24:56 +0000 |
commit | f651059612d7fe9e0da95106ec92e36686cf56c8 (patch) | |
tree | e26ca734b752940f360b12814fc610ad0547bf50 | |
parent | c4ccbb650e1921ceea71b47378f083769ea9df91 (diff) |
unpack_binary_tarball.py: add --selinux option for tar command
to support selinux for android with tarball files,
we need to use the --selinux option of tar command
to retain the security label information to filesystem from tarball files.
and here we pass the --selinux option only when the tar command in the OS supports it
except the --selinux option for tar command, changed the method
to populate content for system/userdata partition.
since with the move method, it can not keep the security information
for the root directory of that partition.
Change-Id: I1beef41042a883f31abd2a658c8368a15fa08247
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
-rwxr-xr-x | linaro-android-media-create | 16 | ||||
-rw-r--r-- | linaro_image_tools/media_create/unpack_binary_tarball.py | 54 |
2 files changed, 54 insertions, 16 deletions
diff --git a/linaro-android-media-create b/linaro-android-media-create index 30efa31..60dc5a5 100755 --- a/linaro-android-media-create +++ b/linaro-android-media-create @@ -53,9 +53,7 @@ from linaro_image_tools.utils import ( # Just define the global variables TMP_DIR = None BOOT_DISK = None -SYSTEM_DISK = None CACHE_DISK = None -DATA_DISK = None SDCARD_DISK = None @@ -69,7 +67,7 @@ def cleanup_tempdir(): """ devnull = open('/dev/null', 'w') # ignore non-zero return codes - for disk in BOOT_DISK, SYSTEM_DISK, CACHE_DISK, DATA_DISK, \ + for disk in BOOT_DISK, CACHE_DISK, \ SDCARD_DISK: if disk is not None: try: @@ -107,9 +105,7 @@ if __name__ == '__main__': DATA_DIR = os.path.join(TMP_DIR, 'data') BOOT_DISK = os.path.join(TMP_DIR, 'boot-disc') - SYSTEM_DISK = os.path.join(TMP_DIR, 'system-disc') CACHE_DISK = os.path.join(TMP_DIR, 'cache-disc') - DATA_DISK = os.path.join(TMP_DIR, 'userdata-disc') SDCARD_DISK = os.path.join(TMP_DIR, 'sdcard-disc') if args.dev == 'iMX53': @@ -136,10 +132,6 @@ if __name__ == '__main__': cmd_runner.run(['mkdir', '-p', DATA_DIR]).wait() unpack_android_binary_tarball(args.boot, BOOT_DIR) - if args.system: - unpack_android_binary_tarball(args.system, SYSTEM_DIR) - if args.userdata: - unpack_android_binary_tarball(args.userdata, DATA_DIR) board_config = get_board_config(args.dev) @@ -171,7 +163,8 @@ if __name__ == '__main__': board_config.install_boot_loader(args.device, BOOT_DISK) if args.system: - populate_partition(SYSTEM_DIR + "/system", SYSTEM_DISK, system_partition) + with partition_mounted(system_partition, SYSTEM_DIR): + unpack_android_binary_tarball(args.system, TMP_DIR) elif args.systemimage : cmd_runner.run( [ 'e2label', args.systemimage, "system"], stderr=open('/dev/null', 'w'), @@ -185,7 +178,8 @@ if __name__ == '__main__': pass if args.userdata: - populate_partition(DATA_DIR + "/data", DATA_DISK, data_partition) + with partition_mounted(system_partition, DATA_DIR): + unpack_android_binary_tarball(args.userdata, TMP_DIR) elif args.userdataimage: cmd_runner.run( [ 'e2label', args.userdataimage, "userdata"], stderr=open('/dev/null', 'w'), diff --git a/linaro_image_tools/media_create/unpack_binary_tarball.py b/linaro_image_tools/media_create/unpack_binary_tarball.py index 8dcdef8..b7c5527 100644 --- a/linaro_image_tools/media_create/unpack_binary_tarball.py +++ b/linaro_image_tools/media_create/unpack_binary_tarball.py @@ -16,15 +16,42 @@ # # You should have received a copy of the GNU General Public License # along with Linaro Image Tools. If not, see <http://www.gnu.org/licenses/>. - +import re +import subprocess from linaro_image_tools import cmd_runner def unpack_android_binary_tarball(tarball, unpack_dir, as_root=True): - proc = cmd_runner.run( - ['tar', '--numeric-owner', '-C', unpack_dir, '-jxf', tarball], - as_root=as_root) - proc.wait() + if is_tar_support_selinux(): + tar_cmd = ['tar', '--selinux', '--numeric-owner', '-C', unpack_dir, + '-jxf', tarball] + else: + tar_cmd = ['tar', '--numeric-owner', '-C', unpack_dir, + '-jxf', tarball] + proc = cmd_runner.run(tar_cmd, as_root=as_root, + stderr=subprocess.PIPE) + stderr = proc.communicate()[1] + selinux_warn_outputted = False + selinux_warn1 = "tar: Ignoring unknown extended header keyword" + selinux_warn2 = "tar: setfileconat: Cannot set SELinux context" + for line in stderr.splitlines(): + # following 2 messages will not occur at the same time + index = line.find(selinux_warn1) + index2 = line.find(selinux_warn2) + if index == -1 and index2 == -1: + print line + continue + elif not selinux_warn_outputted: + # either index != -1 or index2 != -1 + print line + print ("WARNING: selinux will not work correctly since the\n" + " --selinux option of tar command in this OS\n" + " is not fully supported\n") + selinux_warn_outputted = True + else: + # same line of selinux_warn1 or selinux_warn2 + continue + return proc.returncode @@ -37,3 +64,20 @@ def unpack_binary_tarball(tarball, unpack_dir, as_root=True): as_root=as_root) proc.wait() return proc.returncode + + +def is_tar_support_selinux(): + try: + tar_help, _ = cmd_runner.Popen( + ['tar', '--help'], + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, + ).communicate() + except cmd_runner.SubcommandNonZeroReturnValue as inst: + return False + + for line in tar_help.splitlines(): + selinux_support = re.search('--selinux', line) + if selinux_support: + return True + return False |