Drop unusable SELinux APIs. (16d1cce8) · Commits · e / os / android_frameworks_base

core/java/android/os/SELinux.java

+0 −28

Original line number	Diff line number	Diff line
		@@ -49,13 +49,6 @@ public class SELinux {
		*/
		public static final native boolean isSELinuxEnforced();

		/**
		* Set whether SELinux is permissive or enforcing.
		* @param value representing whether to set SELinux to enforcing
		* @return a boolean representing whether the desired mode was set
		*/
		public static final native boolean setSELinuxEnforce(boolean value);

		/**
		* Sets the security context for newly created file objects.
		* @param context a security context given as a String.
		@@ -98,27 +91,6 @@ public class SELinux {
		*/
		public static final native String getPidContext(int pid);

		/**
		* Gets a list of the SELinux boolean names.
		* @return an array of strings containing the SELinux boolean names.
		*/
		public static final native String[] getBooleanNames();

		/**
		* Gets the value for the given SELinux boolean name.
		* @param name The name of the SELinux boolean.
		* @return a boolean indicating whether the SELinux boolean is set.
		*/
		public static final native boolean getBooleanValue(String name);

		/**
		* Sets the value for the given SELinux boolean name.
		* @param name The name of the SELinux boolean.
		* @param value The new value of the SELinux boolean.
		* @return a boolean indicating whether or not the operation succeeded.
		*/
		public static final native boolean setBooleanValue(String name, boolean value);

		/**
		* Check permissions between two security contexts.
		* @param scon The source or subject security context.

core/jni/android_os_SELinux.cpp

+0 −107

Original line number	Diff line number	Diff line
		@@ -60,23 +60,6 @@ static jboolean isSELinuxEnforced(JNIEnv *env, jobject) {
		return (security_getenforce() == 1) ? true : false;
		}

		/*
		* Function: setSELinuxEnforce
		* Purpose: set the SE Linux enforcing mode
		* Parameters: true (enforcing) or false (permissive)
		* Return value: true (success) or false (fail)
		* Exceptions: none
		*/
		static jboolean setSELinuxEnforce(JNIEnv *env, jobject, jboolean value) {
		if (isSELinuxDisabled) {
		return false;
		}

		int enforce = value ? 1 : 0;

		return (security_setenforce(enforce) != -1) ? true : false;
		}

		/*
		* Function: getPeerCon
		* Purpose: retrieves security context of peer socket
		@@ -264,92 +247,6 @@ static jstring getPidCon(JNIEnv *env, jobject, jint pid) {
		return securityString.release();
		}

		/*
		* Function: getBooleanNames
		* Purpose: Gets a list of the SELinux boolean names.
		* Parameters: None
		* Returns: an array of strings containing the SELinux boolean names.
		* returns NULL string on error
		* Exceptions: None
		*/
		static jobjectArray getBooleanNames(JNIEnv *env, JNIEnv) {
		if (isSELinuxDisabled) {
		return NULL;
		}

		char **list;
		int len;
		if (security_get_boolean_names(&list, &len) == -1) {
		return NULL;
		}

		jclass stringClass = env->FindClass("java/lang/String");
		jobjectArray stringArray = env->NewObjectArray(len, stringClass, NULL);
		for (int i = 0; i < len; i++) {
		ScopedLocalRef<jstring> obj(env, env->NewStringUTF(list[i]));
		env->SetObjectArrayElement(stringArray, i, obj.get());
		free(list[i]);
		}
		free(list);

		return stringArray;
		}

		/*
		* Function: getBooleanValue
		* Purpose: Gets the value for the given SELinux boolean name.
		* Parameters:
		* String: The name of the SELinux boolean.
		* Returns: a boolean: (true) boolean is set or (false) it is not.
		* Exceptions: None
		*/
		static jboolean getBooleanValue(JNIEnv *env, jobject, jstring nameStr) {
		if (isSELinuxDisabled) {
		return false;
		}

		if (nameStr == NULL) {
		return false;
		}

		ScopedUtfChars name(env, nameStr);
		int ret = security_get_boolean_active(name.c_str());

		ALOGV("getBooleanValue(%s) => %d", name.c_str(), ret);
		return (ret == 1) ? true : false;
		}

		/*
		* Function: setBooleanNames
		* Purpose: Sets the value for the given SELinux boolean name.
		* Parameters:
		* String: The name of the SELinux boolean.
		* Boolean: The new value of the SELinux boolean.
		* Returns: a boolean indicating whether or not the operation succeeded.
		* Exceptions: None
		*/
		static jboolean setBooleanValue(JNIEnv *env, jobject, jstring nameStr, jboolean value) {
		if (isSELinuxDisabled) {
		return false;
		}

		if (nameStr == NULL) {
		return false;
		}

		ScopedUtfChars name(env, nameStr);
		int ret = security_set_boolean(name.c_str(), value ? 1 : 0);
		if (ret) {
		return false;
		}

		if (security_commit_booleans() == -1) {
		return false;
		}

		return true;
		}

		/*
		* Function: checkSELinuxAccess
		* Purpose: Check permissions between two security contexts.
		@@ -426,8 +323,6 @@ static jboolean native_restorecon(JNIEnv *env, jobject, jstring pathnameStr, jin
		static JNINativeMethod method_table[] = {
		/* name, signature, funcPtr */
		{ "checkSELinuxAccess" , "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Z" , (void*)checkSELinuxAccess },
		{ "getBooleanNames" , "()[Ljava/lang/String;" , (void*)getBooleanNames },
		{ "getBooleanValue" , "(Ljava/lang/String;)Z" , (void*)getBooleanValue },
		{ "getContext" , "()Ljava/lang/String;" , (void*)getCon },
		{ "getFileContext" , "(Ljava/lang/String;)Ljava/lang/String;" , (void*)getFileCon },
		{ "getPeerContext" , "(Ljava/io/FileDescriptor;)Ljava/lang/String;" , (void*)getPeerCon },
		@@ -435,10 +330,8 @@ static JNINativeMethod method_table[] = {
		{ "isSELinuxEnforced" , "()Z" , (void*)isSELinuxEnforced},
		{ "isSELinuxEnabled" , "()Z" , (void*)isSELinuxEnabled },
		{ "native_restorecon" , "(Ljava/lang/String;I)Z" , (void*)native_restorecon},
		{ "setBooleanValue" , "(Ljava/lang/String;Z)Z" , (void*)setBooleanValue },
		{ "setFileContext" , "(Ljava/lang/String;Ljava/lang/String;)Z" , (void*)setFileCon },
		{ "setFSCreateContext" , "(Ljava/lang/String;)Z" , (void*)setFSCreateCon },
		{ "setSELinuxEnforce" , "(Z)Z" , (void*)setSELinuxEnforce},
		};

		static int log_callback(int type, const char *fmt, ...) {