From 874136434a6ef13dffec9c6c8c136d2424a32c33 Mon Sep 17 00:00:00 2001 From: Matt Mower Date: Tue, 17 Jan 2017 21:14:46 -0600 Subject: SELinux can be assumed for Android 4.4+ Change-Id: I7410a0c8e439eec90a955ee9201efd9a92bb9635 --- Android.mk | 35 +++++++++++--------------------- fixContexts.cpp | 26 ++++-------------------- gui/Android.mk | 3 --- libtar/Android.mk | 14 ++++--------- libtar/append.c | 6 +----- libtar/block.c | 10 +++------ libtar/extract.c | 6 +----- libtar/libtar.h | 2 -- minzip/Android.mk | 6 ------ partition.cpp | 10 ++++----- partitionmanager.cpp | 5 ----- prebuilt/Android.mk | 11 ++-------- toolbox/Android.mk | 55 +++++++++++++++++++++----------------------------- twrp.cpp | 8 +------- twrpTarMain/Android.mk | 16 ++++++--------- 15 files changed, 61 insertions(+), 152 deletions(-) diff --git a/Android.mk b/Android.mk index 80d708141..dc557f4e8 100644 --- a/Android.mk +++ b/Android.mk @@ -159,25 +159,16 @@ ifeq ($(TARGET_USERIMAGES_USE_EXT4), true) #LOCAL_STATIC_LIBRARIES += liblz4 endif endif -ifneq ($(wildcard external/libselinux/Android.mk),) - TWHAVE_SELINUX := true -endif -ifeq ($(TWHAVE_SELINUX), true) - #LOCAL_C_INCLUDES += external/libselinux/include - #LOCAL_STATIC_LIBRARIES += libselinux - #LOCAL_CFLAGS += -DHAVE_SELINUX -g -endif # HAVE_SELINUX -ifeq ($(TWHAVE_SELINUX), true) - LOCAL_C_INCLUDES += external/libselinux/include - LOCAL_SHARED_LIBRARIES += libselinux - LOCAL_CFLAGS += -DHAVE_SELINUX - ifneq ($(TARGET_USERIMAGES_USE_EXT4), true) - LOCAL_CFLAGS += -DUSE_EXT4 - LOCAL_C_INCLUDES += system/extras/ext4_utils - LOCAL_SHARED_LIBRARIES += libext4_utils - ifneq ($(wildcard external/lz4/Android.mk),) - LOCAL_STATIC_LIBRARIES += liblz4 - endif + +LOCAL_C_INCLUDES += external/libselinux/include +LOCAL_SHARED_LIBRARIES += libselinux +LOCAL_CFLAGS += -g +ifneq ($(TARGET_USERIMAGES_USE_EXT4), true) + LOCAL_CFLAGS += -DUSE_EXT4 + LOCAL_C_INCLUDES += system/extras/ext4_utils + LOCAL_SHARED_LIBRARIES += libext4_utils + ifneq ($(wildcard external/lz4/Android.mk),) + LOCAL_STATIC_LIBRARIES += liblz4 endif endif @@ -509,10 +500,8 @@ endif # If busybox does not have restorecon, assume it does not have SELinux support. # Then, let toolbox provide 'ls' so -Z is available to list SELinux contexts. -ifeq ($(TWHAVE_SELINUX), true) - ifeq ($(filter restorecon, $(notdir $(BUSYBOX_LINKS))),) - exclude += ls - endif +ifeq ($(filter restorecon, $(notdir $(BUSYBOX_LINKS))),) + exclude += ls endif RECOVERY_BUSYBOX_TOOLS := $(filter-out $(exclude), $(notdir $(BUSYBOX_LINKS))) diff --git a/fixContexts.cpp b/fixContexts.cpp index 64429446e..7e650c209 100644 --- a/fixContexts.cpp +++ b/fixContexts.cpp @@ -25,16 +25,13 @@ #include "fixContexts.hpp" #include "twrp-functions.hpp" #include "twcommon.h" -#ifdef HAVE_SELINUX -#include "selinux/selinux.h" -#include "selinux/label.h" -#include "selinux/android.h" -#include "selinux/label.h" -#endif +#include +#include +#include +#include using namespace std; -#ifdef HAVE_SELINUX struct selabel_handle *sehandle; struct selinux_opt selinux_options[] = { { SELABEL_OPT_PATH, "/file_contexts" } @@ -146,18 +143,3 @@ int fixContexts::fixDataMediaContexts(string Mount_Point) { selabel_close(sehandle); return 0; } - -#else - -int fixContexts::restorecon(string entry __unused, struct stat *sb __unused) { - return -1; -} - -int fixContexts::fixContextsRecursively(string name __unused, int level __unused) { - return -1; -} - -int fixContexts::fixDataMediaContexts(string Mount_Point __unused) { - return -1; -} -#endif diff --git a/gui/Android.mk b/gui/Android.mk index 51b296d10..3712bbf74 100644 --- a/gui/Android.mk +++ b/gui/Android.mk @@ -55,9 +55,6 @@ endif ifneq ($(TW_NO_SCREEN_TIMEOUT),) LOCAL_CFLAGS += -DTW_NO_SCREEN_TIMEOUT endif -ifeq ($(HAVE_SELINUX), true) - LOCAL_CFLAGS += -DHAVE_SELINUX -endif ifeq ($(TW_OEM_BUILD), true) LOCAL_CFLAGS += -DTW_OEM_BUILD endif diff --git a/libtar/Android.mk b/libtar/Android.mk index ddf8e058f..c8905d93f 100644 --- a/libtar/Android.mk +++ b/libtar/Android.mk @@ -10,11 +10,8 @@ LOCAL_C_INCLUDES += $(LOCAL_PATH) \ external/zlib LOCAL_SHARED_LIBRARIES += libz libc -ifeq ($(TWHAVE_SELINUX), true) - LOCAL_C_INCLUDES += external/libselinux/include - LOCAL_SHARED_LIBRARIES += libselinux - LOCAL_CFLAGS += -DHAVE_SELINUX -endif +LOCAL_C_INCLUDES += external/libselinux/include +LOCAL_SHARED_LIBRARIES += libselinux ifeq ($(TW_INCLUDE_CRYPTO_FBE), true) LOCAL_SHARED_LIBRARIES += libe4crypt @@ -34,11 +31,8 @@ LOCAL_C_INCLUDES += $(LOCAL_PATH) \ external/zlib LOCAL_STATIC_LIBRARIES += libz libc -ifeq ($(TWHAVE_SELINUX), true) - LOCAL_C_INCLUDES += external/libselinux/include - LOCAL_STATIC_LIBRARIES += libselinux - LOCAL_CFLAGS += -DHAVE_SELINUX -endif +LOCAL_C_INCLUDES += external/libselinux/include +LOCAL_STATIC_LIBRARIES += libselinux ifeq ($(TW_INCLUDE_CRYPTO_FBE), true) LOCAL_SHARED_LIBRARIES += libe4crypt diff --git a/libtar/append.c b/libtar/append.c index 7c679f66d..d8ba3cad5 100644 --- a/libtar/append.c +++ b/libtar/append.c @@ -35,9 +35,7 @@ # include #endif -#ifdef HAVE_SELINUX -# include "selinux/selinux.h" -#endif +#include #ifdef HAVE_EXT4_CRYPT # include "ext4crypt_tar.h" @@ -105,7 +103,6 @@ tar_append_file(TAR *t, const char *realname, const char *savename) #endif th_set_path(t, (savename ? savename : realname)); -#ifdef HAVE_SELINUX /* get selinux context */ if (t->options & TAR_STORE_SELINUX) { @@ -129,7 +126,6 @@ tar_append_file(TAR *t, const char *realname, const char *savename) #endif } } -#endif #ifdef HAVE_EXT4_CRYPT if (TH_ISDIR(t) && t->options & TAR_STORE_EXT4_POL) diff --git a/libtar/block.c b/libtar/block.c index a1178579b..1b3ba8242 100644 --- a/libtar/block.c +++ b/libtar/block.c @@ -123,10 +123,8 @@ th_read(TAR *t) free(t->th_buf.gnu_longname); if (t->th_buf.gnu_longlink != NULL) free(t->th_buf.gnu_longlink); -#ifdef HAVE_SELINUX if (t->th_buf.selinux_context != NULL) free(t->th_buf.selinux_context); -#endif #ifdef HAVE_EXT4_CRYPT if (t->th_buf.e4crypt_policy != NULL) { free(t->th_buf.e4crypt_policy); @@ -287,7 +285,7 @@ th_read(TAR *t) printf(" th_read(): Posix capabilities detected\n"); #endif } // end posix capabilities -#ifdef HAVE_SELINUX // selinux contexts + // selinux contexts start = strstr(buf, SELINUX_TAG); if(start && start+SELINUX_TAG_LEN < buf+len) { @@ -300,8 +298,7 @@ th_read(TAR *t) printf(" th_read(): SELinux context xattr detected: %s\n", t->th_buf.selinux_context); #endif } - } -#endif // HAVE_SELINUX + } // end selinux contexts #ifdef HAVE_EXT4_CRYPT start = strstr(buf, E4CRYPT_TAG); if(start && start+E4CRYPT_TAG_LEN < buf+len) @@ -496,7 +493,7 @@ th_write(TAR *t) memset(buf, 0, T_BLOCKSIZE); ptr = buf; -#ifdef HAVE_SELINUX + if((t->options & TAR_STORE_SELINUX) && t->th_buf.selinux_context != NULL) { #ifdef DEBUG @@ -514,7 +511,6 @@ th_write(TAR *t) snprintf(ptr, T_BLOCKSIZE, "%d "SELINUX_TAG"%s\n", (int)sz, t->th_buf.selinux_context); ptr += sz; } -#endif #ifdef HAVE_EXT4_CRYPT if((t->options & TAR_STORE_EXT4_POL) && t->th_buf.e4crypt_policy != NULL) diff --git a/libtar/extract.c b/libtar/extract.c index 9e24e8ee7..87ccf245f 100644 --- a/libtar/extract.c +++ b/libtar/extract.c @@ -32,9 +32,7 @@ # include #endif -#ifdef HAVE_SELINUX -# include "selinux/selinux.h" -#endif +#include #ifdef HAVE_EXT4_CRYPT # include "ext4crypt_tar.h" @@ -159,7 +157,6 @@ tar_extract_file(TAR *t, const char *realname, const char *prefix, const int *pr return i; } -#ifdef HAVE_SELINUX if((t->options & TAR_STORE_SELINUX) && t->th_buf.selinux_context != NULL) { #ifdef DEBUG @@ -168,7 +165,6 @@ tar_extract_file(TAR *t, const char *realname, const char *prefix, const int *pr if (lsetfilecon(realname, t->th_buf.selinux_context) < 0) fprintf(stderr, "tar_extract_file(): failed to restore SELinux context %s to file %s !!!\n", t->th_buf.selinux_context, realname); } -#endif if((t->options & TAR_STORE_POSIX_CAP) && t->th_buf.has_cap_data) { diff --git a/libtar/libtar.h b/libtar/libtar.h index 8c4202817..4d921247b 100644 --- a/libtar/libtar.h +++ b/libtar/libtar.h @@ -68,9 +68,7 @@ struct tar_header char padding[12]; char *gnu_longname; char *gnu_longlink; -#ifdef HAVE_SELINUX char *selinux_context; -#endif #ifdef HAVE_EXT4_CRYPT char *e4crypt_policy; #endif diff --git a/minzip/Android.mk b/minzip/Android.mk index 957ab0b29..8b52f35dd 100644 --- a/minzip/Android.mk +++ b/minzip/Android.mk @@ -12,11 +12,8 @@ LOCAL_C_INCLUDES := \ external/zlib \ external/safe-iop/include -ifeq ($(TWHAVE_SELINUX),true) LOCAL_C_INCLUDES += external/libselinux/include LOCAL_SHARED_LIBRARIES += libselinux -LOCAL_CFLAGS += -DHAVE_SELINUX -endif LOCAL_CFLAGS += -DPLATFORM_SDK_VERSION=$(PLATFORM_SDK_VERSION) @@ -44,11 +41,8 @@ LOCAL_C_INCLUDES += \ external/zlib \ external/safe-iop/include -ifeq ($(TWHAVE_SELINUX),true) LOCAL_C_INCLUDES += external/libselinux/include LOCAL_STATIC_LIBRARIES += libselinux -LOCAL_CFLAGS += -DHAVE_SELINUX -endif LOCAL_CFLAGS += -DPLATFORM_SDK_VERSION=$(PLATFORM_SDK_VERSION) diff --git a/partition.cpp b/partition.cpp index 359d70c86..bbee37d81 100644 --- a/partition.cpp +++ b/partition.cpp @@ -65,10 +65,8 @@ extern "C" { #define CRYPT_FOOTER_OFFSET 0x4000 #endif } -#ifdef HAVE_SELINUX -#include "selinux/selinux.h" +#include #include -#endif #ifdef HAVE_CAPABILITIES #include #include @@ -1910,7 +1908,7 @@ bool TWPartition::Wipe_EXT4() { if (!UnMount(true)) return false; -#if defined(HAVE_SELINUX) && defined(USE_EXT4) +#if defined(USE_EXT4) int ret; char *secontext = NULL; @@ -2619,14 +2617,14 @@ void TWPartition::Recreate_Media_Folder(void) { #ifdef TW_INTERNAL_STORAGE_PATH mkdir(EXPAND(TW_INTERNAL_STORAGE_PATH), 0770); #endif -#ifdef HAVE_SELINUX + // Afterwards, we will try to set the // default metadata that we were hopefully able to get during // early boot. tw_set_default_metadata(Media_Path.c_str()); if (!Internal_path.empty()) tw_set_default_metadata(Internal_path.c_str()); -#endif + // Toggle mount to ensure that "internal sdcard" gets mounted PartitionManager.UnMount_By_Path(Symlink_Mount_Point, true); PartitionManager.Mount_By_Path(Symlink_Mount_Point, true); diff --git a/partitionmanager.cpp b/partitionmanager.cpp index 0395f1777..a772ea440 100644 --- a/partitionmanager.cpp +++ b/partitionmanager.cpp @@ -1578,7 +1578,6 @@ int TWPartitionManager::Decrypt_Device(string Password) { } int TWPartitionManager::Fix_Contexts(void) { -#ifdef HAVE_SELINUX std::vector::iterator iter; for (iter = Partitions.begin(); iter != Partitions.end(); iter++) { if ((*iter)->Has_Data_Media) { @@ -1591,10 +1590,6 @@ int TWPartitionManager::Fix_Contexts(void) { UnMount_Main_Partitions(); gui_msg("done=Done."); return 0; -#else - LOGERR("Cannot fix contexts, no selinux support present.\n"); - return -1; -#endif } TWPartition* TWPartitionManager::Find_Next_Storage(string Path, bool Exclude_Data_Media) { diff --git a/prebuilt/Android.mk b/prebuilt/Android.mk index 0356197da..2edcfe985 100644 --- a/prebuilt/Android.mk +++ b/prebuilt/Android.mk @@ -135,19 +135,12 @@ endif ifneq ($(TW_EXCLUDE_MTP), true) RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libtwrpmtp.so endif -ifeq ($(TARGET_USERIMAGES_USE_EXT4), true) - RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libext4_utils.so -endif +RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libext4_utils.so RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libaosprecovery.so ifneq ($(TW_INCLUDE_JPEG),) RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libjpeg.so endif -ifeq ($(TWHAVE_SELINUX), true) - RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libselinux.so - ifneq ($(TARGET_USERIMAGES_USE_EXT4), true) - RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libext4_utils.so - endif -endif +RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libselinux.so ifeq ($(BUILD_ID), GINGERBREAD) TW_NO_EXFAT := true endif diff --git a/toolbox/Android.mk b/toolbox/Android.mk index 07e47389d..916080213 100644 --- a/toolbox/Android.mk +++ b/toolbox/Android.mk @@ -18,28 +18,26 @@ endif # If busybox does not have SELinux support, provide these tools with toolbox. # Note that RECOVERY_BUSYBOX_TOOLS will be empty if TW_USE_TOOLBOX == true. -ifeq ($(TWHAVE_SELINUX), true) - TOOLS_FOR_SELINUX := \ - ls +TOOLS_FOR_SELINUX := \ + ls - ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0) - TOOLS_FOR_SELINUX += \ - load_policy \ - getenforce \ - chcon \ - restorecon \ - runcon \ - getsebool \ - setsebool - endif +ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0) + TOOLS_FOR_SELINUX += \ + load_policy \ + getenforce \ + chcon \ + restorecon \ + runcon \ + getsebool \ + setsebool +endif - OUR_TOOLS += $(filter-out $(RECOVERY_BUSYBOX_TOOLS), $(TOOLS_FOR_SELINUX)) +OUR_TOOLS += $(filter-out $(RECOVERY_BUSYBOX_TOOLS), $(TOOLS_FOR_SELINUX)) - # toolbox setenforce is used during init, so it needs to be included here - # symlink is omitted at the very end if busybox already provides this - ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0) - OUR_TOOLS += setenforce - endif +# toolbox setenforce is used during init, so it needs to be included here +# symlink is omitted at the very end if busybox already provides this +ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0) + OUR_TOOLS += setenforce endif ifeq ($(TW_USE_TOOLBOX), true) @@ -153,9 +151,6 @@ ifeq ($(TW_USE_TOOLBOX), true) vmstat \ watchprops \ wipe - ifneq ($(TWHAVE_SELINUX), true) - OUR_TOOLS += ls - endif endif endif @@ -209,9 +204,7 @@ else liblog endif -ifeq ($(TWHAVE_SELINUX), true) - LOCAL_SHARED_LIBRARIES += libselinux -endif +LOCAL_SHARED_LIBRARIES += libselinux ifneq (,$(filter $(PLATFORM_SDK_VERSION), 21 22 23)) # libusbhost is only used by lsusb, and that isn't usually included in toolbox. @@ -265,13 +258,11 @@ $(TOOLS_H): $(LOCAL_PATH)/Android.mk $(TOOLS_H): $(transform-generated-source) -ifeq ($(TWHAVE_SELINUX), true) - # toolbox setenforce is used during init in non-symlink form, so it was - # required to be included as part of the suite above. if busybox already - # provides setenforce, we can omit the toolbox symlink - TEMP_TOOLS := $(filter-out $(RECOVERY_BUSYBOX_TOOLS), $(ALL_TOOLS)) - ALL_TOOLS := $(TEMP_TOOLS) -endif +# toolbox setenforce is used during init in non-symlink form, so it was +# required to be included as part of the suite above. if busybox already +# provides setenforce, we can omit the toolbox symlink +TEMP_TOOLS := $(filter-out $(RECOVERY_BUSYBOX_TOOLS), $(ALL_TOOLS)) +ALL_TOOLS := $(TEMP_TOOLS) # Make /sbin/toolbox launchers for each tool SYMLINKS := $(addprefix $(TARGET_RECOVERY_ROOT_OUT)/sbin/,$(ALL_TOOLS)) diff --git a/twrp.cpp b/twrp.cpp index 5459bd469..ff40eb11c 100644 --- a/twrp.cpp +++ b/twrp.cpp @@ -53,10 +53,8 @@ extern "C" { } #endif -#ifdef HAVE_SELINUX -#include "selinux/label.h" +#include struct selabel_handle *selinux_handle; -#endif extern int adb_server_main(int is_daemon, int server_port, int /* reply_fd */); @@ -133,7 +131,6 @@ int main(int argc, char **argv) { // Load up all the resources gui_loadResources(); -#ifdef HAVE_SELINUX if (TWFunc::Path_Exists("/prebuilt_file_contexts")) { if (TWFunc::Path_Exists("/file_contexts")) { printf("Renaming regular /file_contexts -> /file_contexts.bak\n"); @@ -170,9 +167,6 @@ int main(int argc, char **argv) { gui_msg("full_selinux=Full SELinux support is present."); } } -#else - gui_warn("no_selinux=No SELinux support (no libselinux)."); -#endif PartitionManager.Mount_By_Path("/cache", false); diff --git a/twrpTarMain/Android.mk b/twrpTarMain/Android.mk index f948708d9..a80b4de57 100644 --- a/twrpTarMain/Android.mk +++ b/twrpTarMain/Android.mk @@ -22,11 +22,9 @@ ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0) endif LOCAL_STATIC_LIBRARIES += libstdc++ -ifeq ($(TWHAVE_SELINUX), true) - LOCAL_C_INCLUDES += external/libselinux/include - LOCAL_STATIC_LIBRARIES += libselinux - LOCAL_CFLAGS += -DHAVE_SELINUX -endif +LOCAL_C_INCLUDES += external/libselinux/include +LOCAL_STATIC_LIBRARIES += libselinux + ifneq ($(RECOVERY_SDCARD_ON_DATA),) LOCAL_CFLAGS += -DRECOVERY_SDCARD_ON_DATA endif @@ -65,11 +63,9 @@ ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0) endif LOCAL_SHARED_LIBRARIES += libstdc++ -ifeq ($(TWHAVE_SELINUX), true) - LOCAL_C_INCLUDES += external/libselinux/include - LOCAL_SHARED_LIBRARIES += libselinux - LOCAL_CFLAGS += -DHAVE_SELINUX -endif +LOCAL_C_INCLUDES += external/libselinux/include +LOCAL_SHARED_LIBRARIES += libselinux + ifneq ($(RECOVERY_SDCARD_ON_DATA),) LOCAL_CFLAGS += -DRECOVERY_SDCARD_ON_DATA endif -- cgit v1.2.3