Merge "Revert "ARM: compile everything with relro / bind_now.""
diff --git a/core/Makefile b/core/Makefile
index 07064e0..cf09b36 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -347,9 +347,13 @@
BUILT_RAMDISK_TARGET := $(PRODUCT_OUT)/ramdisk.img
+ifeq ($(HAVE_SELINUX),true)
+SELINUX_DEPENDS := sepolicy file_contexts seapp_contexts
+endif
+
# We just build this directly to the install location.
INSTALLED_RAMDISK_TARGET := $(BUILT_RAMDISK_TARGET)
-$(INSTALLED_RAMDISK_TARGET): $(MKBOOTFS) $(INTERNAL_RAMDISK_FILES) | $(MINIGZIP)
+$(INSTALLED_RAMDISK_TARGET): $(MKBOOTFS) $(INTERNAL_RAMDISK_FILES) $(SELINUX_DEPENDS) | $(MINIGZIP)
$(call pretty,"Target ram disk: $@")
$(hide) $(MKBOOTFS) $(TARGET_ROOT_OUT) | $(MINIGZIP) > $@
@@ -460,13 +464,14 @@
tools_notice_file_html := $(HOST_OUT_INTERMEDIATES)/NOTICE.html
kernel_notice_file := $(TARGET_OUT_NOTICE_FILES)/src/kernel.txt
+pdk_fusion_notice_files := $(filter $(TARGET_OUT_NOTICE_FILES)/%, $(ALL_PDK_FUSION_FILES))
$(eval $(call combine-notice-files, \
$(target_notice_file_txt), \
$(target_notice_file_html), \
"Notices for files contained in the filesystem images in this directory:", \
$(TARGET_OUT_NOTICE_FILES), \
- $(ALL_DEFAULT_INSTALLED_MODULES) $(kernel_notice_file)))
+ $(ALL_DEFAULT_INSTALLED_MODULES) $(kernel_notice_file) $(pdk_fusion_notice_files)))
$(eval $(call combine-notice-files, \
$(tools_notice_file_txt), \
@@ -559,6 +564,7 @@
$(if $(BOARD_CACHEIMAGE_PARTITION_SIZE),$(hide) echo "cache_size=$(BOARD_CACHEIMAGE_PARTITION_SIZE)" >> $(1))
$(if $(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG),$(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(1))
$(if $(mkyaffs2_extra_flags),$(hide) echo "mkyaffs2_extra_flags=$(mkyaffs2_extra_flags)" >> $(1))
+$(if $(filter true, $(strip $(HAVE_SELINUX))), echo "selinux_fc=$(TARGET_ROOT_OUT)/file_contexts" >> $(1))
endef
# -----------------------------------------------------------------
@@ -696,7 +702,7 @@
# $(tests_MODULES))
endif
-FULL_SYSTEMIMAGE_DEPS := $(INTERNAL_SYSTEMIMAGE_FILES) $(INTERNAL_USERIMAGES_DEPS)
+FULL_SYSTEMIMAGE_DEPS := $(INTERNAL_SYSTEMIMAGE_FILES) $(INTERNAL_USERIMAGES_DEPS) $(SELINUX_DEPENDS)
# -----------------------------------------------------------------
# installed file list
# Depending on anything that $(BUILT_SYSTEMIMAGE) depends on.
@@ -805,12 +811,15 @@
stnod: systemtarball-nodeps
#######
-## platform.zip: system in a zip file
+## platform.zip: system, plus other files to be used in PDK fusion build,
+## in a zip file
INSTALLED_PLATFROM_ZIP := $(PRODUCT_OUT)/platform.zip
$(INSTALLED_PLATFROM_ZIP) : $(INTERNAL_SYSTEMIMAGE_FILES)
$(call pretty,"Platform zip package: $(INSTALLED_PLATFROM_ZIP)")
$(hide) rm -f $@
- $(hide) cd $(dir $@) && zip -qry $(notdir $@) system
+ $(hide) cd $(dir $@) && zip -qry $(notdir $@) \
+ $(TARGET_COPY_OUT_SYSTEM) \
+ $(patsubst $(PRODUCT_OUT)/%, %, $(TARGET_OUT_NOTICE_FILES))
.PHONY: platform
platform: $(INSTALLED_PLATFROM_ZIP)
@@ -1131,12 +1140,12 @@
$(INTERNAL_OTA_PACKAGE_TARGET): KEY_CERT_PAIR := $(DEFAULT_KEY_CERT_PAIR)
-$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTATOOLS)
+$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTATOOLS) $(SELINUX_DEPENDS)
@echo "Package OTA: $@"
$(hide) ./build/tools/releasetools/ota_from_target_files -v \
-p $(HOST_OUT) \
- -k $(KEY_CERT_PAIR) \
- $(BUILT_TARGET_FILES_PACKAGE) $@
+ -k $(KEY_CERT_PAIR) \
+ $(BUILT_TARGET_FILES_PACKAGE) $@
.PHONY: otapackage
otapackage: $(INTERNAL_OTA_PACKAGE_TARGET)
@@ -1159,7 +1168,7 @@
$(INTERNAL_UPDATE_PACKAGE_TARGET): extensions := $(TARGET_RELEASETOOLS_EXTENSIONS)
endif
-$(INTERNAL_UPDATE_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTATOOLS)
+$(INTERNAL_UPDATE_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(OTATOOLS) $(SELINUX_DEPENDS)
@echo "Package: $@"
$(hide) ./build/tools/releasetools/img_from_target_files -v \
-s $(extensions) \
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index 15acddc..a615d1a 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -46,12 +46,17 @@
prop_dict["mount_point"]])
if "partition_size" in prop_dict:
build_command.append(prop_dict["partition_size"])
+ if "selinux_fc" in prop_dict:
+ build_command.append(prop_dict["selinux_fc"])
else:
build_command = ["mkyaffs2image", "-f"]
if prop_dict.get("mkyaffs2_extra_flags", None):
build_command.extend(prop_dict["mkyaffs2_extra_flags"].split())
build_command.append(in_dir)
build_command.append(out_file)
+ if "selinux_fc" in prop_dict:
+ build_command.append(prop_dict["selinux_fc"])
+ build_command.append(prop_dict["mount_point"])
print "Running: ", " ".join(build_command)
p = subprocess.Popen(build_command);
@@ -75,6 +80,7 @@
common_props = (
"extfs_sparse_flag",
"mkyaffs2_extra_flags",
+ "selinux_fc",
)
for p in common_props:
copy_prop(p, p)
diff --git a/tools/releasetools/ota_from_target_files b/tools/releasetools/ota_from_target_files
index 7e855ce..3dcfbee 100755
--- a/tools/releasetools/ota_from_target_files
+++ b/tools/releasetools/ota_from_target_files
@@ -48,6 +48,10 @@
-e (--extra_script) <file>
Insert the contents of file at the end of the update script.
+
+ -a (--aslr_mode) <on|off>
+ Specify whether to turn on ASLR for the package (on by default).
+
"""
import sys
@@ -381,6 +385,9 @@
if OPTIONS.wipe_user_data:
script.FormatPartition("/data")
+ if "selinux_fc" in OPTIONS.info_dict:
+ WritePolicyConfig(OPTIONS.info_dict["selinux_fc"], output_zip)
+
script.FormatPartition("/system")
script.Mount("/system")
script.UnpackPackageDir("recovery", "/system")
@@ -415,15 +422,17 @@
script.AddToZip(input_zip, output_zip)
WriteMetadata(metadata, output_zip)
+def WritePolicyConfig(file_context, output_zip):
+ f = open(file_context, 'r');
+ basename = os.path.basename(file_context)
+ common.ZipWriteStr(output_zip, basename, f.read())
+
def WriteMetadata(metadata, output_zip):
common.ZipWriteStr(output_zip, "META-INF/com/android/metadata",
"".join(["%s=%s\n" % kv
for kv in sorted(metadata.iteritems())]))
-
-
-
def LoadSystemFiles(z):
"""Load all the files from SYSTEM/... in a given target-files
ZipFile, and return a dict of {filename: File object}."""