From a65637d2303b4fda01ceafe3dbbd091064f0c7ca Mon Sep 17 00:00:00 2001
From: Richard Haines <richard_c_haines@btinternet.com>
Date: Mon, 8 Jun 2015 16:27:31 +0100
Subject: [PATCH 1/2] Update embedded.mk to support file_contexts.bin

This change supports external/libselinux changes to implement
a PCRE formatted binary file_contexts file.

Change-Id: I75a781100082c23536f70ce3603f7de42408b5ba
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
 target/product/embedded.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/product/embedded.mk b/target/product/embedded.mk
index c40de4f8a5..7590eac6d7 100644
--- a/target/product/embedded.mk
+++ b/target/product/embedded.mk
@@ -76,6 +76,7 @@ PRODUCT_PACKAGES += \
 PRODUCT_PACKAGES += \
     sepolicy \
     file_contexts \
+    file_contexts.bin \
     seapp_contexts \
     property_contexts \
     mac_permissions.xml \

From d3a803e6680e86f7b4960d51ab0b620728b793ca Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 4 Aug 2015 14:59:06 -0400
Subject: [PATCH 2/2] build: switch over to file_contexts.bin only

Change all uses of the file_contexts file to use the
file_contexts.bin file instead.

Depends on
   I75a781100082c23536f70ce3603f7de42408b5ba
   I43806d564b83d57f05f5c36c8eba7b1ff4831b04
   Id560d093440a2aba99cef28c20133b35feebf950
   I15660f4b3e4c5cb8ae0ec1498c74d6fcbb9a0400

Change-Id: Iaf8c4b2e420f610425a07f48db7af32bda3f5b3a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 core/Makefile                               | 4 ++--
 target/product/embedded.mk                  | 1 -
 tools/releasetools/common.py                | 8 ++++----
 tools/releasetools/ota_from_target_files.py | 4 ++--
 4 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/core/Makefile b/core/Makefile
index d43cb789a7..5168e7f247 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -695,7 +695,7 @@ ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY))
 INTERNAL_USERIMAGES_DEPS += $(BUILD_VERITY_TREE) $(APPEND2SIMG) $(VERITY_SIGNER)
 endif
 
-SELINUX_FC := $(TARGET_ROOT_OUT)/file_contexts
+SELINUX_FC := $(TARGET_ROOT_OUT)/file_contexts.bin
 INTERNAL_USERIMAGES_DEPS += $(SELINUX_FC)
 
 # $(1): the path of the output dictionary file
@@ -1477,7 +1477,7 @@ endif
 	$(hide) $(ACP) $(APKCERTS_FILE) $(zip_root)/META/apkcerts.txt
 	$(hide) if test -e $(tool_extensions)/releasetools.py; then $(ACP) $(tool_extensions)/releasetools.py $(zip_root)/META/; fi
 	$(hide) echo "$(PRODUCT_OTA_PUBLIC_KEYS)" > $(zip_root)/META/otakeys.txt
-	$(hide) $(ACP) $(SELINUX_FC) $(zip_root)/META/file_contexts
+	$(hide) $(ACP) $(SELINUX_FC) $(zip_root)/META/file_contexts.bin
 	$(hide) echo "recovery_api_version=$(PRIVATE_RECOVERY_API_VERSION)" > $(zip_root)/META/misc_info.txt
 	$(hide) echo "fstab_version=$(PRIVATE_RECOVERY_FSTAB_VERSION)" >> $(zip_root)/META/misc_info.txt
 ifdef BOARD_FLASH_BLOCK_SIZE
diff --git a/target/product/embedded.mk b/target/product/embedded.mk
index 7590eac6d7..468fbe5431 100644
--- a/target/product/embedded.mk
+++ b/target/product/embedded.mk
@@ -75,7 +75,6 @@ PRODUCT_PACKAGES += \
 # SELinux packages
 PRODUCT_PACKAGES += \
     sepolicy \
-    file_contexts \
     file_contexts.bin \
     seapp_contexts \
     property_contexts \
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 91121089fa..f484c131f1 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -151,16 +151,16 @@ def LoadInfoDict(input_file, input_dir=None):
   # are doing repacking. Redirect those properties to the actual files in the
   # unzipped directory.
   if input_dir is not None:
-    # We carry a copy of file_contexts under META/. If not available, search
-    # BOOT/RAMDISK/. Note that sometimes we may need a different file_contexts
+    # We carry a copy of file_contexts.bin under META/. If not available,
+    # search BOOT/RAMDISK/. Note that sometimes we may need a different file
     # to build images than the one running on device, such as when enabling
     # system_root_image. In that case, we must have the one for image
     # generation copied to META/.
-    fc_config = os.path.join(input_dir, "META", "file_contexts")
+    fc_config = os.path.join(input_dir, "META", "file_contexts.bin")
     if d.get("system_root_image") == "true":
       assert os.path.exists(fc_config)
     if not os.path.exists(fc_config):
-      fc_config = os.path.join(input_dir, "BOOT", "RAMDISK", "file_contexts")
+      fc_config = os.path.join(input_dir, "BOOT", "RAMDISK", "file_contexts.bin")
       if not os.path.exists(fc_config):
         fc_config = None
 
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index 69987ab479..9080159e93 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -588,8 +588,8 @@ else if get_stage("%(bcb_dev)s") == "3/3" then
   if HasVendorPartition(input_zip):
     system_progress -= 0.1
 
-  # Place a copy of file_contexts into the OTA package which will be used by
-  # the recovery program.
+  # Place a copy of file_contexts.bin into the OTA package which will be used
+  # by the recovery program.
   if "selinux_fc" in OPTIONS.info_dict:
     WritePolicyConfig(OPTIONS.info_dict["selinux_fc"], output_zip)