SELinux can be assumed for Android 4.4+
Change-Id: I7410a0c8e439eec90a955ee9201efd9a92bb9635
diff --git a/Android.mk b/Android.mk
index 80d7081..dc557f4 100644
--- a/Android.mk
+++ b/Android.mk
@@ -159,25 +159,16 @@
#LOCAL_STATIC_LIBRARIES += liblz4
endif
endif
-ifneq ($(wildcard external/libselinux/Android.mk),)
- TWHAVE_SELINUX := true
-endif
-ifeq ($(TWHAVE_SELINUX), true)
- #LOCAL_C_INCLUDES += external/libselinux/include
- #LOCAL_STATIC_LIBRARIES += libselinux
- #LOCAL_CFLAGS += -DHAVE_SELINUX -g
-endif # HAVE_SELINUX
-ifeq ($(TWHAVE_SELINUX), true)
- LOCAL_C_INCLUDES += external/libselinux/include
- LOCAL_SHARED_LIBRARIES += libselinux
- LOCAL_CFLAGS += -DHAVE_SELINUX
- ifneq ($(TARGET_USERIMAGES_USE_EXT4), true)
- LOCAL_CFLAGS += -DUSE_EXT4
- LOCAL_C_INCLUDES += system/extras/ext4_utils
- LOCAL_SHARED_LIBRARIES += libext4_utils
- ifneq ($(wildcard external/lz4/Android.mk),)
- LOCAL_STATIC_LIBRARIES += liblz4
- endif
+
+LOCAL_C_INCLUDES += external/libselinux/include
+LOCAL_SHARED_LIBRARIES += libselinux
+LOCAL_CFLAGS += -g
+ifneq ($(TARGET_USERIMAGES_USE_EXT4), true)
+ LOCAL_CFLAGS += -DUSE_EXT4
+ LOCAL_C_INCLUDES += system/extras/ext4_utils
+ LOCAL_SHARED_LIBRARIES += libext4_utils
+ ifneq ($(wildcard external/lz4/Android.mk),)
+ LOCAL_STATIC_LIBRARIES += liblz4
endif
endif
@@ -509,10 +500,8 @@
# If busybox does not have restorecon, assume it does not have SELinux support.
# Then, let toolbox provide 'ls' so -Z is available to list SELinux contexts.
-ifeq ($(TWHAVE_SELINUX), true)
- ifeq ($(filter restorecon, $(notdir $(BUSYBOX_LINKS))),)
- exclude += ls
- endif
+ifeq ($(filter restorecon, $(notdir $(BUSYBOX_LINKS))),)
+ exclude += ls
endif
RECOVERY_BUSYBOX_TOOLS := $(filter-out $(exclude), $(notdir $(BUSYBOX_LINKS)))
diff --git a/fixContexts.cpp b/fixContexts.cpp
index 6442944..7e650c2 100644
--- a/fixContexts.cpp
+++ b/fixContexts.cpp
@@ -25,16 +25,13 @@
#include "fixContexts.hpp"
#include "twrp-functions.hpp"
#include "twcommon.h"
-#ifdef HAVE_SELINUX
-#include "selinux/selinux.h"
-#include "selinux/label.h"
-#include "selinux/android.h"
-#include "selinux/label.h"
-#endif
+#include <selinux/selinux.h>
+#include <selinux/label.h>
+#include <selinux/android.h>
+#include <selinux/label.h>
using namespace std;
-#ifdef HAVE_SELINUX
struct selabel_handle *sehandle;
struct selinux_opt selinux_options[] = {
{ SELABEL_OPT_PATH, "/file_contexts" }
@@ -146,18 +143,3 @@
selabel_close(sehandle);
return 0;
}
-
-#else
-
-int fixContexts::restorecon(string entry __unused, struct stat *sb __unused) {
- return -1;
-}
-
-int fixContexts::fixContextsRecursively(string name __unused, int level __unused) {
- return -1;
-}
-
-int fixContexts::fixDataMediaContexts(string Mount_Point __unused) {
- return -1;
-}
-#endif
diff --git a/gui/Android.mk b/gui/Android.mk
index 51b296d..3712bbf 100644
--- a/gui/Android.mk
+++ b/gui/Android.mk
@@ -55,9 +55,6 @@
ifneq ($(TW_NO_SCREEN_TIMEOUT),)
LOCAL_CFLAGS += -DTW_NO_SCREEN_TIMEOUT
endif
-ifeq ($(HAVE_SELINUX), true)
- LOCAL_CFLAGS += -DHAVE_SELINUX
-endif
ifeq ($(TW_OEM_BUILD), true)
LOCAL_CFLAGS += -DTW_OEM_BUILD
endif
diff --git a/libtar/Android.mk b/libtar/Android.mk
index ddf8e05..c8905d9 100644
--- a/libtar/Android.mk
+++ b/libtar/Android.mk
@@ -10,11 +10,8 @@
external/zlib
LOCAL_SHARED_LIBRARIES += libz libc
-ifeq ($(TWHAVE_SELINUX), true)
- LOCAL_C_INCLUDES += external/libselinux/include
- LOCAL_SHARED_LIBRARIES += libselinux
- LOCAL_CFLAGS += -DHAVE_SELINUX
-endif
+LOCAL_C_INCLUDES += external/libselinux/include
+LOCAL_SHARED_LIBRARIES += libselinux
ifeq ($(TW_INCLUDE_CRYPTO_FBE), true)
LOCAL_SHARED_LIBRARIES += libe4crypt
@@ -34,11 +31,8 @@
external/zlib
LOCAL_STATIC_LIBRARIES += libz libc
-ifeq ($(TWHAVE_SELINUX), true)
- LOCAL_C_INCLUDES += external/libselinux/include
- LOCAL_STATIC_LIBRARIES += libselinux
- LOCAL_CFLAGS += -DHAVE_SELINUX
-endif
+LOCAL_C_INCLUDES += external/libselinux/include
+LOCAL_STATIC_LIBRARIES += libselinux
ifeq ($(TW_INCLUDE_CRYPTO_FBE), true)
LOCAL_SHARED_LIBRARIES += libe4crypt
diff --git a/libtar/append.c b/libtar/append.c
index 7c679f6..d8ba3ca 100644
--- a/libtar/append.c
+++ b/libtar/append.c
@@ -35,9 +35,7 @@
# include <unistd.h>
#endif
-#ifdef HAVE_SELINUX
-# include "selinux/selinux.h"
-#endif
+#include <selinux/selinux.h>
#ifdef HAVE_EXT4_CRYPT
# include "ext4crypt_tar.h"
@@ -105,7 +103,6 @@
#endif
th_set_path(t, (savename ? savename : realname));
-#ifdef HAVE_SELINUX
/* get selinux context */
if (t->options & TAR_STORE_SELINUX)
{
@@ -129,7 +126,6 @@
#endif
}
}
-#endif
#ifdef HAVE_EXT4_CRYPT
if (TH_ISDIR(t) && t->options & TAR_STORE_EXT4_POL)
diff --git a/libtar/block.c b/libtar/block.c
index a117857..1b3ba82 100644
--- a/libtar/block.c
+++ b/libtar/block.c
@@ -123,10 +123,8 @@
free(t->th_buf.gnu_longname);
if (t->th_buf.gnu_longlink != NULL)
free(t->th_buf.gnu_longlink);
-#ifdef HAVE_SELINUX
if (t->th_buf.selinux_context != NULL)
free(t->th_buf.selinux_context);
-#endif
#ifdef HAVE_EXT4_CRYPT
if (t->th_buf.e4crypt_policy != NULL) {
free(t->th_buf.e4crypt_policy);
@@ -287,7 +285,7 @@
printf(" th_read(): Posix capabilities detected\n");
#endif
} // end posix capabilities
-#ifdef HAVE_SELINUX // selinux contexts
+ // selinux contexts
start = strstr(buf, SELINUX_TAG);
if(start && start+SELINUX_TAG_LEN < buf+len)
{
@@ -300,8 +298,7 @@
printf(" th_read(): SELinux context xattr detected: %s\n", t->th_buf.selinux_context);
#endif
}
- }
-#endif // HAVE_SELINUX
+ } // end selinux contexts
#ifdef HAVE_EXT4_CRYPT
start = strstr(buf, E4CRYPT_TAG);
if(start && start+E4CRYPT_TAG_LEN < buf+len)
@@ -496,7 +493,7 @@
memset(buf, 0, T_BLOCKSIZE);
ptr = buf;
-#ifdef HAVE_SELINUX
+
if((t->options & TAR_STORE_SELINUX) && t->th_buf.selinux_context != NULL)
{
#ifdef DEBUG
@@ -514,7 +511,6 @@
snprintf(ptr, T_BLOCKSIZE, "%d "SELINUX_TAG"%s\n", (int)sz, t->th_buf.selinux_context);
ptr += sz;
}
-#endif
#ifdef HAVE_EXT4_CRYPT
if((t->options & TAR_STORE_EXT4_POL) && t->th_buf.e4crypt_policy != NULL)
diff --git a/libtar/extract.c b/libtar/extract.c
index 9e24e8e..87ccf24 100644
--- a/libtar/extract.c
+++ b/libtar/extract.c
@@ -32,9 +32,7 @@
# include <unistd.h>
#endif
-#ifdef HAVE_SELINUX
-# include "selinux/selinux.h"
-#endif
+#include <selinux/selinux.h>
#ifdef HAVE_EXT4_CRYPT
# include "ext4crypt_tar.h"
@@ -159,7 +157,6 @@
return i;
}
-#ifdef HAVE_SELINUX
if((t->options & TAR_STORE_SELINUX) && t->th_buf.selinux_context != NULL)
{
#ifdef DEBUG
@@ -168,7 +165,6 @@
if (lsetfilecon(realname, t->th_buf.selinux_context) < 0)
fprintf(stderr, "tar_extract_file(): failed to restore SELinux context %s to file %s !!!\n", t->th_buf.selinux_context, realname);
}
-#endif
if((t->options & TAR_STORE_POSIX_CAP) && t->th_buf.has_cap_data)
{
diff --git a/libtar/libtar.h b/libtar/libtar.h
index 8c42028..4d92124 100644
--- a/libtar/libtar.h
+++ b/libtar/libtar.h
@@ -68,9 +68,7 @@
char padding[12];
char *gnu_longname;
char *gnu_longlink;
-#ifdef HAVE_SELINUX
char *selinux_context;
-#endif
#ifdef HAVE_EXT4_CRYPT
char *e4crypt_policy;
#endif
diff --git a/minzip/Android.mk b/minzip/Android.mk
index 957ab0b..8b52f35 100644
--- a/minzip/Android.mk
+++ b/minzip/Android.mk
@@ -12,11 +12,8 @@
external/zlib \
external/safe-iop/include
-ifeq ($(TWHAVE_SELINUX),true)
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_SHARED_LIBRARIES += libselinux
-LOCAL_CFLAGS += -DHAVE_SELINUX
-endif
LOCAL_CFLAGS += -DPLATFORM_SDK_VERSION=$(PLATFORM_SDK_VERSION)
@@ -44,11 +41,8 @@
external/zlib \
external/safe-iop/include
-ifeq ($(TWHAVE_SELINUX),true)
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_STATIC_LIBRARIES += libselinux
-LOCAL_CFLAGS += -DHAVE_SELINUX
-endif
LOCAL_CFLAGS += -DPLATFORM_SDK_VERSION=$(PLATFORM_SDK_VERSION)
diff --git a/partition.cpp b/partition.cpp
index 359d70c..bbee37d 100644
--- a/partition.cpp
+++ b/partition.cpp
@@ -65,10 +65,8 @@
#define CRYPT_FOOTER_OFFSET 0x4000
#endif
}
-#ifdef HAVE_SELINUX
-#include "selinux/selinux.h"
+#include <selinux/selinux.h>
#include <selinux/label.h>
-#endif
#ifdef HAVE_CAPABILITIES
#include <sys/capability.h>
#include <sys/xattr.h>
@@ -1910,7 +1908,7 @@
if (!UnMount(true))
return false;
-#if defined(HAVE_SELINUX) && defined(USE_EXT4)
+#if defined(USE_EXT4)
int ret;
char *secontext = NULL;
@@ -2619,14 +2617,14 @@
#ifdef TW_INTERNAL_STORAGE_PATH
mkdir(EXPAND(TW_INTERNAL_STORAGE_PATH), 0770);
#endif
-#ifdef HAVE_SELINUX
+
// Afterwards, we will try to set the
// default metadata that we were hopefully able to get during
// early boot.
tw_set_default_metadata(Media_Path.c_str());
if (!Internal_path.empty())
tw_set_default_metadata(Internal_path.c_str());
-#endif
+
// Toggle mount to ensure that "internal sdcard" gets mounted
PartitionManager.UnMount_By_Path(Symlink_Mount_Point, true);
PartitionManager.Mount_By_Path(Symlink_Mount_Point, true);
diff --git a/partitionmanager.cpp b/partitionmanager.cpp
index 0395f17..a772ea4 100644
--- a/partitionmanager.cpp
+++ b/partitionmanager.cpp
@@ -1578,7 +1578,6 @@
}
int TWPartitionManager::Fix_Contexts(void) {
-#ifdef HAVE_SELINUX
std::vector<TWPartition*>::iterator iter;
for (iter = Partitions.begin(); iter != Partitions.end(); iter++) {
if ((*iter)->Has_Data_Media) {
@@ -1591,10 +1590,6 @@
UnMount_Main_Partitions();
gui_msg("done=Done.");
return 0;
-#else
- LOGERR("Cannot fix contexts, no selinux support present.\n");
- return -1;
-#endif
}
TWPartition* TWPartitionManager::Find_Next_Storage(string Path, bool Exclude_Data_Media) {
diff --git a/prebuilt/Android.mk b/prebuilt/Android.mk
index 0356197..2edcfe9 100644
--- a/prebuilt/Android.mk
+++ b/prebuilt/Android.mk
@@ -135,19 +135,12 @@
ifneq ($(TW_EXCLUDE_MTP), true)
RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libtwrpmtp.so
endif
-ifeq ($(TARGET_USERIMAGES_USE_EXT4), true)
- RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libext4_utils.so
-endif
+RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libext4_utils.so
RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libaosprecovery.so
ifneq ($(TW_INCLUDE_JPEG),)
RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libjpeg.so
endif
-ifeq ($(TWHAVE_SELINUX), true)
- RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libselinux.so
- ifneq ($(TARGET_USERIMAGES_USE_EXT4), true)
- RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libext4_utils.so
- endif
-endif
+RELINK_SOURCE_FILES += $(TARGET_OUT_SHARED_LIBRARIES)/libselinux.so
ifeq ($(BUILD_ID), GINGERBREAD)
TW_NO_EXFAT := true
endif
diff --git a/toolbox/Android.mk b/toolbox/Android.mk
index 07e4738..9160802 100644
--- a/toolbox/Android.mk
+++ b/toolbox/Android.mk
@@ -18,28 +18,26 @@
# If busybox does not have SELinux support, provide these tools with toolbox.
# Note that RECOVERY_BUSYBOX_TOOLS will be empty if TW_USE_TOOLBOX == true.
-ifeq ($(TWHAVE_SELINUX), true)
- TOOLS_FOR_SELINUX := \
- ls
+TOOLS_FOR_SELINUX := \
+ ls
- ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0)
- TOOLS_FOR_SELINUX += \
- load_policy \
- getenforce \
- chcon \
- restorecon \
- runcon \
- getsebool \
- setsebool
- endif
+ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0)
+ TOOLS_FOR_SELINUX += \
+ load_policy \
+ getenforce \
+ chcon \
+ restorecon \
+ runcon \
+ getsebool \
+ setsebool
+endif
- OUR_TOOLS += $(filter-out $(RECOVERY_BUSYBOX_TOOLS), $(TOOLS_FOR_SELINUX))
+OUR_TOOLS += $(filter-out $(RECOVERY_BUSYBOX_TOOLS), $(TOOLS_FOR_SELINUX))
- # toolbox setenforce is used during init, so it needs to be included here
- # symlink is omitted at the very end if busybox already provides this
- ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0)
- OUR_TOOLS += setenforce
- endif
+# toolbox setenforce is used during init, so it needs to be included here
+# symlink is omitted at the very end if busybox already provides this
+ifeq ($(shell test $(PLATFORM_SDK_VERSION) -lt 23; echo $$?),0)
+ OUR_TOOLS += setenforce
endif
ifeq ($(TW_USE_TOOLBOX), true)
@@ -153,9 +151,6 @@
vmstat \
watchprops \
wipe
- ifneq ($(TWHAVE_SELINUX), true)
- OUR_TOOLS += ls
- endif
endif
endif
@@ -209,9 +204,7 @@
liblog
endif
-ifeq ($(TWHAVE_SELINUX), true)
- LOCAL_SHARED_LIBRARIES += libselinux
-endif
+LOCAL_SHARED_LIBRARIES += libselinux
ifneq (,$(filter $(PLATFORM_SDK_VERSION), 21 22 23))
# libusbhost is only used by lsusb, and that isn't usually included in toolbox.
@@ -265,13 +258,11 @@
$(TOOLS_H):
$(transform-generated-source)
-ifeq ($(TWHAVE_SELINUX), true)
- # toolbox setenforce is used during init in non-symlink form, so it was
- # required to be included as part of the suite above. if busybox already
- # provides setenforce, we can omit the toolbox symlink
- TEMP_TOOLS := $(filter-out $(RECOVERY_BUSYBOX_TOOLS), $(ALL_TOOLS))
- ALL_TOOLS := $(TEMP_TOOLS)
-endif
+# toolbox setenforce is used during init in non-symlink form, so it was
+# required to be included as part of the suite above. if busybox already
+# provides setenforce, we can omit the toolbox symlink
+TEMP_TOOLS := $(filter-out $(RECOVERY_BUSYBOX_TOOLS), $(ALL_TOOLS))
+ALL_TOOLS := $(TEMP_TOOLS)
# Make /sbin/toolbox launchers for each tool
SYMLINKS := $(addprefix $(TARGET_RECOVERY_ROOT_OUT)/sbin/,$(ALL_TOOLS))
diff --git a/twrp.cpp b/twrp.cpp
index 5459bd4..ff40eb1 100644
--- a/twrp.cpp
+++ b/twrp.cpp
@@ -53,10 +53,8 @@
}
#endif
-#ifdef HAVE_SELINUX
-#include "selinux/label.h"
+#include <selinux/label.h>
struct selabel_handle *selinux_handle;
-#endif
extern int adb_server_main(int is_daemon, int server_port, int /* reply_fd */);
@@ -133,7 +131,6 @@
// Load up all the resources
gui_loadResources();
-#ifdef HAVE_SELINUX
if (TWFunc::Path_Exists("/prebuilt_file_contexts")) {
if (TWFunc::Path_Exists("/file_contexts")) {
printf("Renaming regular /file_contexts -> /file_contexts.bak\n");
@@ -170,9 +167,6 @@
gui_msg("full_selinux=Full SELinux support is present.");
}
}
-#else
- gui_warn("no_selinux=No SELinux support (no libselinux).");
-#endif
PartitionManager.Mount_By_Path("/cache", false);
diff --git a/twrpTarMain/Android.mk b/twrpTarMain/Android.mk
index f948708..a80b4de 100644
--- a/twrpTarMain/Android.mk
+++ b/twrpTarMain/Android.mk
@@ -22,11 +22,9 @@
endif
LOCAL_STATIC_LIBRARIES += libstdc++
-ifeq ($(TWHAVE_SELINUX), true)
- LOCAL_C_INCLUDES += external/libselinux/include
- LOCAL_STATIC_LIBRARIES += libselinux
- LOCAL_CFLAGS += -DHAVE_SELINUX
-endif
+LOCAL_C_INCLUDES += external/libselinux/include
+LOCAL_STATIC_LIBRARIES += libselinux
+
ifneq ($(RECOVERY_SDCARD_ON_DATA),)
LOCAL_CFLAGS += -DRECOVERY_SDCARD_ON_DATA
endif
@@ -65,11 +63,9 @@
endif
LOCAL_SHARED_LIBRARIES += libstdc++
-ifeq ($(TWHAVE_SELINUX), true)
- LOCAL_C_INCLUDES += external/libselinux/include
- LOCAL_SHARED_LIBRARIES += libselinux
- LOCAL_CFLAGS += -DHAVE_SELINUX
-endif
+LOCAL_C_INCLUDES += external/libselinux/include
+LOCAL_SHARED_LIBRARIES += libselinux
+
ifneq ($(RECOVERY_SDCARD_ON_DATA),)
LOCAL_CFLAGS += -DRECOVERY_SDCARD_ON_DATA
endif