aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYongqin Liu <yongqin.liu@linaro.org>2014-07-30 19:32:42 +0800
committerLinaro Code Review <review@review.linaro.org>2014-08-18 13:24:56 +0000
commitf651059612d7fe9e0da95106ec92e36686cf56c8 (patch)
treee26ca734b752940f360b12814fc610ad0547bf50
parentc4ccbb650e1921ceea71b47378f083769ea9df91 (diff)
unpack_binary_tarball.py: add --selinux option for tar command
to support selinux for android with tarball files, we need to use the --selinux option of tar command to retain the security label information to filesystem from tarball files. and here we pass the --selinux option only when the tar command in the OS supports it except the --selinux option for tar command, changed the method to populate content for system/userdata partition. since with the move method, it can not keep the security information for the root directory of that partition. Change-Id: I1beef41042a883f31abd2a658c8368a15fa08247 Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
-rwxr-xr-xlinaro-android-media-create16
-rw-r--r--linaro_image_tools/media_create/unpack_binary_tarball.py54
2 files changed, 54 insertions, 16 deletions
diff --git a/linaro-android-media-create b/linaro-android-media-create
index 30efa31..60dc5a5 100755
--- a/linaro-android-media-create
+++ b/linaro-android-media-create
@@ -53,9 +53,7 @@ from linaro_image_tools.utils import (
# Just define the global variables
TMP_DIR = None
BOOT_DISK = None
-SYSTEM_DISK = None
CACHE_DISK = None
-DATA_DISK = None
SDCARD_DISK = None
@@ -69,7 +67,7 @@ def cleanup_tempdir():
"""
devnull = open('/dev/null', 'w')
# ignore non-zero return codes
- for disk in BOOT_DISK, SYSTEM_DISK, CACHE_DISK, DATA_DISK, \
+ for disk in BOOT_DISK, CACHE_DISK, \
SDCARD_DISK:
if disk is not None:
try:
@@ -107,9 +105,7 @@ if __name__ == '__main__':
DATA_DIR = os.path.join(TMP_DIR, 'data')
BOOT_DISK = os.path.join(TMP_DIR, 'boot-disc')
- SYSTEM_DISK = os.path.join(TMP_DIR, 'system-disc')
CACHE_DISK = os.path.join(TMP_DIR, 'cache-disc')
- DATA_DISK = os.path.join(TMP_DIR, 'userdata-disc')
SDCARD_DISK = os.path.join(TMP_DIR, 'sdcard-disc')
if args.dev == 'iMX53':
@@ -136,10 +132,6 @@ if __name__ == '__main__':
cmd_runner.run(['mkdir', '-p', DATA_DIR]).wait()
unpack_android_binary_tarball(args.boot, BOOT_DIR)
- if args.system:
- unpack_android_binary_tarball(args.system, SYSTEM_DIR)
- if args.userdata:
- unpack_android_binary_tarball(args.userdata, DATA_DIR)
board_config = get_board_config(args.dev)
@@ -171,7 +163,8 @@ if __name__ == '__main__':
board_config.install_boot_loader(args.device, BOOT_DISK)
if args.system:
- populate_partition(SYSTEM_DIR + "/system", SYSTEM_DISK, system_partition)
+ with partition_mounted(system_partition, SYSTEM_DIR):
+ unpack_android_binary_tarball(args.system, TMP_DIR)
elif args.systemimage :
cmd_runner.run( [ 'e2label', args.systemimage, "system"],
stderr=open('/dev/null', 'w'),
@@ -185,7 +178,8 @@ if __name__ == '__main__':
pass
if args.userdata:
- populate_partition(DATA_DIR + "/data", DATA_DISK, data_partition)
+ with partition_mounted(system_partition, DATA_DIR):
+ unpack_android_binary_tarball(args.userdata, TMP_DIR)
elif args.userdataimage:
cmd_runner.run( [ 'e2label', args.userdataimage, "userdata"],
stderr=open('/dev/null', 'w'),
diff --git a/linaro_image_tools/media_create/unpack_binary_tarball.py b/linaro_image_tools/media_create/unpack_binary_tarball.py
index 8dcdef8..b7c5527 100644
--- a/linaro_image_tools/media_create/unpack_binary_tarball.py
+++ b/linaro_image_tools/media_create/unpack_binary_tarball.py
@@ -16,15 +16,42 @@
#
# You should have received a copy of the GNU General Public License
# along with Linaro Image Tools. If not, see <http://www.gnu.org/licenses/>.
-
+import re
+import subprocess
from linaro_image_tools import cmd_runner
def unpack_android_binary_tarball(tarball, unpack_dir, as_root=True):
- proc = cmd_runner.run(
- ['tar', '--numeric-owner', '-C', unpack_dir, '-jxf', tarball],
- as_root=as_root)
- proc.wait()
+ if is_tar_support_selinux():
+ tar_cmd = ['tar', '--selinux', '--numeric-owner', '-C', unpack_dir,
+ '-jxf', tarball]
+ else:
+ tar_cmd = ['tar', '--numeric-owner', '-C', unpack_dir,
+ '-jxf', tarball]
+ proc = cmd_runner.run(tar_cmd, as_root=as_root,
+ stderr=subprocess.PIPE)
+ stderr = proc.communicate()[1]
+ selinux_warn_outputted = False
+ selinux_warn1 = "tar: Ignoring unknown extended header keyword"
+ selinux_warn2 = "tar: setfileconat: Cannot set SELinux context"
+ for line in stderr.splitlines():
+ # following 2 messages will not occur at the same time
+ index = line.find(selinux_warn1)
+ index2 = line.find(selinux_warn2)
+ if index == -1 and index2 == -1:
+ print line
+ continue
+ elif not selinux_warn_outputted:
+ # either index != -1 or index2 != -1
+ print line
+ print ("WARNING: selinux will not work correctly since the\n"
+ " --selinux option of tar command in this OS\n"
+ " is not fully supported\n")
+ selinux_warn_outputted = True
+ else:
+ # same line of selinux_warn1 or selinux_warn2
+ continue
+
return proc.returncode
@@ -37,3 +64,20 @@ def unpack_binary_tarball(tarball, unpack_dir, as_root=True):
as_root=as_root)
proc.wait()
return proc.returncode
+
+
+def is_tar_support_selinux():
+ try:
+ tar_help, _ = cmd_runner.Popen(
+ ['tar', '--help'],
+ stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT,
+ ).communicate()
+ except cmd_runner.SubcommandNonZeroReturnValue as inst:
+ return False
+
+ for line in tar_help.splitlines():
+ selinux_support = re.search('--selinux', line)
+ if selinux_support:
+ return True
+ return False