Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Drop unusable SELinux APIs."

Browse Source
This commit is contained in:
Nick Kralevich
2015-03-13 18:02:46 +00:00
committed by Gerrit Code Review
parent f1654c6015 16d1cce8ff
commit 30fcd2aa8a
2 changed files with 0 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
core/java/android/os/SELinux.java
View File

@@ -49,13 +49,6 @@ public class SELinux {
*/
public static final native boolean isSELinuxEnforced();
/**
* Set whether SELinux is permissive or enforcing.
* @param value representing whether to set SELinux to enforcing
* @return a boolean representing whether the desired mode was set
*/
public static final native boolean setSELinuxEnforce(boolean value);
/**
* Sets the security context for newly created file objects.
* @param context a security context given as a String.
@@ -98,27 +91,6 @@ public class SELinux {
*/
public static final native String getPidContext(int pid);
/**
* Gets a list of the SELinux boolean names.
* @return an array of strings containing the SELinux boolean names.
*/
public static final native String[] getBooleanNames();
/**
* Gets the value for the given SELinux boolean name.
* @param name The name of the SELinux boolean.
* @return a boolean indicating whether the SELinux boolean is set.
*/
public static final native boolean getBooleanValue(String name);
/**
* Sets the value for the given SELinux boolean name.
* @param name The name of the SELinux boolean.
* @param value The new value of the SELinux boolean.
* @return a boolean indicating whether or not the operation succeeded.
*/
public static final native boolean setBooleanValue(String name, boolean value);
/**
* Check permissions between two security contexts.
* @param scon The source or subject security context.

107
core/jni/android_os_SELinux.cpp
View File

@@ -60,23 +60,6 @@ static jboolean isSELinuxEnforced(JNIEnv *env, jobject) {
return (security_getenforce() == 1) ? true : false;
}
/*
* Function: setSELinuxEnforce
* Purpose: set the SE Linux enforcing mode
* Parameters: true (enforcing) or false (permissive)
* Return value: true (success) or false (fail)
* Exceptions: none
*/
static jboolean setSELinuxEnforce(JNIEnv *env, jobject, jboolean value) {
if (isSELinuxDisabled) {
return false;
}
int enforce = value ? 1 : 0;
return (security_setenforce(enforce) != -1) ? true : false;
}
/*
* Function: getPeerCon
* Purpose: retrieves security context of peer socket
@@ -264,92 +247,6 @@ static jstring getPidCon(JNIEnv *env, jobject, jint pid) {
return securityString.release();
}
/*
* Function: getBooleanNames
* Purpose: Gets a list of the SELinux boolean names.
* Parameters: None
* Returns: an array of strings containing the SELinux boolean names.
* returns NULL string on error
* Exceptions: None
*/
static jobjectArray getBooleanNames(JNIEnv *env, JNIEnv) {
if (isSELinuxDisabled) {
return NULL;
}
char **list;
int len;
if (security_get_boolean_names(&list, &len) == -1) {
return NULL;
}
jclass stringClass = env->FindClass("java/lang/String");
jobjectArray stringArray = env->NewObjectArray(len, stringClass, NULL);
for (int i = 0; i < len; i++) {
ScopedLocalRef<jstring> obj(env, env->NewStringUTF(list[i]));
env->SetObjectArrayElement(stringArray, i, obj.get());
free(list[i]);
}
free(list);
return stringArray;
}
/*
* Function: getBooleanValue
* Purpose: Gets the value for the given SELinux boolean name.
* Parameters:
* String: The name of the SELinux boolean.
* Returns: a boolean: (true) boolean is set or (false) it is not.
* Exceptions: None
*/
static jboolean getBooleanValue(JNIEnv *env, jobject, jstring nameStr) {
if (isSELinuxDisabled) {
return false;
}
if (nameStr == NULL) {
return false;
}
ScopedUtfChars name(env, nameStr);
int ret = security_get_boolean_active(name.c_str());
ALOGV("getBooleanValue(%s) => %d", name.c_str(), ret);
return (ret == 1) ? true : false;
}
/*
* Function: setBooleanNames
* Purpose: Sets the value for the given SELinux boolean name.
* Parameters:
* String: The name of the SELinux boolean.
* Boolean: The new value of the SELinux boolean.
* Returns: a boolean indicating whether or not the operation succeeded.
* Exceptions: None
*/
static jboolean setBooleanValue(JNIEnv *env, jobject, jstring nameStr, jboolean value) {
if (isSELinuxDisabled) {
return false;
}
if (nameStr == NULL) {
return false;
}
ScopedUtfChars name(env, nameStr);
int ret = security_set_boolean(name.c_str(), value ? 1 : 0);
if (ret) {
return false;
}
if (security_commit_booleans() == -1) {
return false;
}
return true;
}
/*
* Function: checkSELinuxAccess
* Purpose: Check permissions between two security contexts.
@@ -426,8 +323,6 @@ static jboolean native_restorecon(JNIEnv *env, jobject, jstring pathnameStr, jin
static JNINativeMethod method_table[] = {
/* name, signature, funcPtr */
{ "checkSELinuxAccess" , "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Z" , (void*)checkSELinuxAccess },
{ "getBooleanNames" , "()[Ljava/lang/String;" , (void*)getBooleanNames },
{ "getBooleanValue" , "(Ljava/lang/String;)Z" , (void*)getBooleanValue },
{ "getContext" , "()Ljava/lang/String;" , (void*)getCon },
{ "getFileContext" , "(Ljava/lang/String;)Ljava/lang/String;" , (void*)getFileCon },
{ "getPeerContext" , "(Ljava/io/FileDescriptor;)Ljava/lang/String;" , (void*)getPeerCon },
@@ -435,10 +330,8 @@ static JNINativeMethod method_table[] = {
{ "isSELinuxEnforced" , "()Z" , (void*)isSELinuxEnforced},
{ "isSELinuxEnabled" , "()Z" , (void*)isSELinuxEnabled },
{ "native_restorecon" , "(Ljava/lang/String;I)Z" , (void*)native_restorecon},
{ "setBooleanValue" , "(Ljava/lang/String;Z)Z" , (void*)setBooleanValue },
{ "setFileContext" , "(Ljava/lang/String;Ljava/lang/String;)Z" , (void*)setFileCon },
{ "setFSCreateContext" , "(Ljava/lang/String;)Z" , (void*)setFSCreateCon },
{ "setSELinuxEnforce" , "(Z)Z" , (void*)setSELinuxEnforce},
};
static int log_callback(int type, const char *fmt, ...) {