diff options
| author | Yongqin Liu <yongqin.liu@linaro.org> | 2014-07-30 19:32:42 +0800 |
|---|---|---|
| committer | Linaro Code Review <review@review.linaro.org> | 2014-08-18 13:24:56 +0000 |
| commit | f651059612d7fe9e0da95106ec92e36686cf56c8 (patch) | |
| tree | e26ca734b752940f360b12814fc610ad0547bf50 /linaro_image_tools | |
| parent | c4ccbb650e1921ceea71b47378f083769ea9df91 (diff) | |
unpack_binary_tarball.py: add --selinux option for tar command
to support selinux for android with tarball files,
we need to use the --selinux option of tar command
to retain the security label information to filesystem from tarball files.
and here we pass the --selinux option only when the tar command in the OS supports it
except the --selinux option for tar command, changed the method
to populate content for system/userdata partition.
since with the move method, it can not keep the security information
for the root directory of that partition.
Change-Id: I1beef41042a883f31abd2a658c8368a15fa08247
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Diffstat (limited to 'linaro_image_tools')
| -rw-r--r-- | linaro_image_tools/media_create/unpack_binary_tarball.py | 54 |
1 files changed, 49 insertions, 5 deletions
diff --git a/linaro_image_tools/media_create/unpack_binary_tarball.py b/linaro_image_tools/media_create/unpack_binary_tarball.py index 8dcdef8..b7c5527 100644 --- a/linaro_image_tools/media_create/unpack_binary_tarball.py +++ b/linaro_image_tools/media_create/unpack_binary_tarball.py @@ -16,15 +16,42 @@ # # You should have received a copy of the GNU General Public License # along with Linaro Image Tools. If not, see <http://www.gnu.org/licenses/>. - +import re +import subprocess from linaro_image_tools import cmd_runner def unpack_android_binary_tarball(tarball, unpack_dir, as_root=True): - proc = cmd_runner.run( - ['tar', '--numeric-owner', '-C', unpack_dir, '-jxf', tarball], - as_root=as_root) - proc.wait() + if is_tar_support_selinux(): + tar_cmd = ['tar', '--selinux', '--numeric-owner', '-C', unpack_dir, + '-jxf', tarball] + else: + tar_cmd = ['tar', '--numeric-owner', '-C', unpack_dir, + '-jxf', tarball] + proc = cmd_runner.run(tar_cmd, as_root=as_root, + stderr=subprocess.PIPE) + stderr = proc.communicate()[1] + selinux_warn_outputted = False + selinux_warn1 = "tar: Ignoring unknown extended header keyword" + selinux_warn2 = "tar: setfileconat: Cannot set SELinux context" + for line in stderr.splitlines(): + # following 2 messages will not occur at the same time + index = line.find(selinux_warn1) + index2 = line.find(selinux_warn2) + if index == -1 and index2 == -1: + print line + continue + elif not selinux_warn_outputted: + # either index != -1 or index2 != -1 + print line + print ("WARNING: selinux will not work correctly since the\n" + " --selinux option of tar command in this OS\n" + " is not fully supported\n") + selinux_warn_outputted = True + else: + # same line of selinux_warn1 or selinux_warn2 + continue + return proc.returncode @@ -37,3 +64,20 @@ def unpack_binary_tarball(tarball, unpack_dir, as_root=True): as_root=as_root) proc.wait() return proc.returncode + + +def is_tar_support_selinux(): + try: + tar_help, _ = cmd_runner.Popen( + ['tar', '--help'], + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, + ).communicate() + except cmd_runner.SubcommandNonZeroReturnValue as inst: + return False + + for line in tar_help.splitlines(): + selinux_support = re.search('--selinux', line) + if selinux_support: + return True + return False |