-
SELinux
-
TAG: String
-
SELINUX_ANDROID_RESTORECON_NOCHANGE: int
-
SELINUX_ANDROID_RESTORECON_VERBOSE: int
-
SELINUX_ANDROID_RESTORECON_RECURSE: int
-
SELINUX_ANDROID_RESTORECON_FORCE: int
-
SELINUX_ANDROID_RESTORECON_DATADATA: int
-
isSELinuxEnabled(): boolean
-
isSELinuxEnforced(): boolean
-
setFSCreateContext(String): boolean
-
setFileContext(String, String): boolean
-
getFileContext(String): String
-
getPeerContext(FileDescriptor): String
-
getContext(): String
-
getPidContext(int): String
-
checkSELinuxAccess(String, String, String, String): boolean
-
restorecon(String): boolean
-
native_restorecon(String, int): boolean
-
restorecon(File): boolean
-
restoreconRecursive(File): boolean
-
/*
* Copyright (C) 2012 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.os;
import android.util.Slog;
import java.io.IOException;
import java.io.File;
import java.io.FileDescriptor;
This class provides access to the centralized jni bindings for
SELinux interaction.
{@hide}
/**
* This class provides access to the centralized jni bindings for
* SELinux interaction.
* {@hide}
*/
public class SELinux {
private static final String TAG = "SELinux";
Keep in sync with ./external/libselinux/include/selinux/android.h /** Keep in sync with ./external/libselinux/include/selinux/android.h */
private static final int SELINUX_ANDROID_RESTORECON_NOCHANGE = 1;
private static final int SELINUX_ANDROID_RESTORECON_VERBOSE = 2;
private static final int SELINUX_ANDROID_RESTORECON_RECURSE = 4;
private static final int SELINUX_ANDROID_RESTORECON_FORCE = 8;
private static final int SELINUX_ANDROID_RESTORECON_DATADATA = 16;
Determine whether SELinux is disabled or enabled.
Returns: a boolean indicating whether SELinux is enabled.
/**
* Determine whether SELinux is disabled or enabled.
* @return a boolean indicating whether SELinux is enabled.
*/
public static final native boolean isSELinuxEnabled();
Determine whether SELinux is permissive or enforcing.
Returns: a boolean indicating whether SELinux is enforcing.
/**
* Determine whether SELinux is permissive or enforcing.
* @return a boolean indicating whether SELinux is enforcing.
*/
public static final native boolean isSELinuxEnforced();
Sets the security context for newly created file objects.
Params: - context – a security context given as a String.
Returns: a boolean indicating whether the operation succeeded.
/**
* Sets the security context for newly created file objects.
* @param context a security context given as a String.
* @return a boolean indicating whether the operation succeeded.
*/
public static final native boolean setFSCreateContext(String context);
Change the security context of an existing file object.
Params: - path – representing the path of file object to relabel.
- context – new security context given as a String.
Returns: a boolean indicating whether the operation succeeded.
/**
* Change the security context of an existing file object.
* @param path representing the path of file object to relabel.
* @param context new security context given as a String.
* @return a boolean indicating whether the operation succeeded.
*/
public static final native boolean setFileContext(String path, String context);
Get the security context of a file object.
Params: - path – the pathname of the file object.
Returns: a security context given as a String.
/**
* Get the security context of a file object.
* @param path the pathname of the file object.
* @return a security context given as a String.
*/
public static final native String getFileContext(String path);
Get the security context of a peer socket.
Params: - fd – FileDescriptor class of the peer socket.
Returns: a String representing the peer socket security context.
/**
* Get the security context of a peer socket.
* @param fd FileDescriptor class of the peer socket.
* @return a String representing the peer socket security context.
*/
public static final native String getPeerContext(FileDescriptor fd);
Gets the security context of the current process.
Returns: a String representing the security context of the current process.
/**
* Gets the security context of the current process.
* @return a String representing the security context of the current process.
*/
public static final native String getContext();
Gets the security context of a given process id.
Params: - pid – an int representing the process id to check.
Returns: a String representing the security context of the given pid.
/**
* Gets the security context of a given process id.
* @param pid an int representing the process id to check.
* @return a String representing the security context of the given pid.
*/
public static final native String getPidContext(int pid);
Check permissions between two security contexts.
Params: - scon – The source or subject security context.
- tcon – The target or object security context.
- tclass – The object security class name.
- perm – The permission name.
Returns: a boolean indicating whether permission was granted.
/**
* Check permissions between two security contexts.
* @param scon The source or subject security context.
* @param tcon The target or object security context.
* @param tclass The object security class name.
* @param perm The permission name.
* @return a boolean indicating whether permission was granted.
*/
public static final native boolean checkSELinuxAccess(String scon, String tcon, String tclass, String perm);
Restores a file to its default SELinux security context. If the system is not compiled with SELinux, then true is automatically returned. If SELinux is compiled in, but disabled, then true is returned. Params: - pathname – The pathname of the file to be relabeled.
Throws: - NullPointerException – if the pathname is a null object.
Returns: a boolean indicating whether the relabeling succeeded.
/**
* Restores a file to its default SELinux security context.
* If the system is not compiled with SELinux, then {@code true}
* is automatically returned.
* If SELinux is compiled in, but disabled, then {@code true} is
* returned.
*
* @param pathname The pathname of the file to be relabeled.
* @return a boolean indicating whether the relabeling succeeded.
* @exception NullPointerException if the pathname is a null object.
*/
public static boolean restorecon(String pathname) throws NullPointerException {
if (pathname == null) { throw new NullPointerException(); }
return native_restorecon(pathname, 0);
}
Restores a file to its default SELinux security context. If the system is not compiled with SELinux, then true is automatically returned. If SELinux is compiled in, but disabled, then true is returned. Params: - pathname – The pathname of the file to be relabeled.
Returns: a boolean indicating whether the relabeling succeeded.
/**
* Restores a file to its default SELinux security context.
* If the system is not compiled with SELinux, then {@code true}
* is automatically returned.
* If SELinux is compiled in, but disabled, then {@code true} is
* returned.
*
* @param pathname The pathname of the file to be relabeled.
* @return a boolean indicating whether the relabeling succeeded.
*/
private static native boolean native_restorecon(String pathname, int flags);
Restores a file to its default SELinux security context. If the system is not compiled with SELinux, then true is automatically returned. If SELinux is compiled in, but disabled, then true is returned. Params: - file – The File object representing the path to be relabeled.
Throws: - NullPointerException – if the file is a null object.
Returns: a boolean indicating whether the relabeling succeeded.
/**
* Restores a file to its default SELinux security context.
* If the system is not compiled with SELinux, then {@code true}
* is automatically returned.
* If SELinux is compiled in, but disabled, then {@code true} is
* returned.
*
* @param file The File object representing the path to be relabeled.
* @return a boolean indicating whether the relabeling succeeded.
* @exception NullPointerException if the file is a null object.
*/
public static boolean restorecon(File file) throws NullPointerException {
try {
return native_restorecon(file.getCanonicalPath(), 0);
} catch (IOException e) {
Slog.e(TAG, "Error getting canonical path. Restorecon failed for " +
file.getPath(), e);
return false;
}
}
Recursively restores all files under the given path to their default SELinux security context. If the system is not compiled with SELinux, then true is automatically returned. If SELinux is compiled in, but disabled, then true is returned. Returns: a boolean indicating whether the relabeling succeeded.
/**
* Recursively restores all files under the given path to their default
* SELinux security context. If the system is not compiled with SELinux,
* then {@code true} is automatically returned. If SELinux is compiled in,
* but disabled, then {@code true} is returned.
*
* @return a boolean indicating whether the relabeling succeeded.
*/
public static boolean restoreconRecursive(File file) {
try {
return native_restorecon(file.getCanonicalPath(), SELINUX_ANDROID_RESTORECON_RECURSE);
} catch (IOException e) {
Slog.e(TAG, "Error getting canonical path. Restorecon failed for " +
file.getPath(), e);
return false;
}
}
}