Loading core/java/android/os/SELinux.java +8 −1 Original line number Diff line number Diff line Loading @@ -18,9 +18,9 @@ package android.os; import android.util.Slog; import java.io.IOException; import java.io.File; import java.io.FileDescriptor; import java.io.IOException; /** * This class provides access to the centralized jni bindings for Loading Loading @@ -78,6 +78,13 @@ public class SELinux { */ public static final native String getPeerContext(FileDescriptor fd); /** * Get the security context of a file descriptor of a file. * @param fd FileDescriptor of a file. * @return a String representing the file descriptor security context. */ public static final native String getFileContext(FileDescriptor fd); /** * Gets the security context of the current process. * @return a String representing the security context of the current process. Loading core/java/com/android/internal/os/BatteryStatsHelper.java +5 −0 Original line number Diff line number Diff line Loading @@ -31,6 +31,7 @@ import android.os.Parcel; import android.os.ParcelFileDescriptor; import android.os.Process; import android.os.RemoteException; import android.os.SELinux; import android.os.ServiceManager; import android.os.SystemClock; import android.os.UserHandle; Loading Loading @@ -1031,6 +1032,10 @@ public class BatteryStatsHelper { try { ParcelFileDescriptor pfd = service.getStatisticsStream(); if (pfd != null) { if (false) { Log.d(TAG, "selinux context: " + SELinux.getFileContext(pfd.getFileDescriptor())); } try (FileInputStream fis = new ParcelFileDescriptor.AutoCloseInputStream(pfd)) { byte[] data = readFully(fis, MemoryFile.getSize(pfd.getFileDescriptor())); Parcel parcel = Parcel.obtain(); Loading core/jni/android_os_SELinux.cpp +35 −13 Original line number Diff line number Diff line Loading @@ -60,33 +60,30 @@ static jboolean isSELinuxEnforced(JNIEnv *env, jobject) { return (security_getenforce() == 1) ? true : false; } /* * Function: getPeerCon * Purpose: retrieves security context of peer socket * Parameters: * fileDescriptor: peer socket file as a FileDescriptor object * Returns: jstring representing the security_context of socket or NULL if error * Exceptions: NullPointerException if fileDescriptor object is NULL */ static jstring getPeerCon(JNIEnv *env, jobject, jobject fileDescriptor) { static jstring getFdConInner(JNIEnv *env, jobject fileDescriptor, bool isSocket) { if (isSELinuxDisabled) { return NULL; } if (fileDescriptor == NULL) { jniThrowNullPointerException(env, "Trying to check security context of a null peer socket."); "Trying to check security context of a null FileDescriptor."); return NULL; } int fd = jniGetFDFromFileDescriptor(env, fileDescriptor); if (env->ExceptionCheck()) { ALOGE("getPeerCon => getFD for %p failed", fileDescriptor); ALOGE("getFdCon => getFD for %p failed", fileDescriptor); return NULL; } security_context_t tmp = NULL; int ret = getpeercon(fd, &tmp); int ret; if (isSocket) { ret = getpeercon(fd, &tmp); } else{ ret = fgetfilecon(fd, &tmp); } Unique_SecurityContext context(tmp); ScopedLocalRef<jstring> contextStr(env, NULL); Loading @@ -94,10 +91,34 @@ static jstring getPeerCon(JNIEnv *env, jobject, jobject fileDescriptor) { contextStr.reset(env->NewStringUTF(context.get())); } ALOGV("getPeerCon(%d) => %s", fd, context.get()); ALOGV("getFdCon(%d) => %s", fd, context.get()); return contextStr.release(); } /* * Function: getPeerCon * Purpose: retrieves security context of peer socket * Parameters: * fileDescriptor: peer socket file as a FileDescriptor object * Returns: jstring representing the security_context of socket or NULL if error * Exceptions: NullPointerException if fileDescriptor object is NULL */ static jstring getPeerCon(JNIEnv *env, jobject, jobject fileDescriptor) { return getFdConInner(env, fileDescriptor, true); } /* * Function: getFdCon * Purpose: retrieves security context of a file descriptor. * Parameters: * fileDescriptor: a FileDescriptor object * Returns: jstring representing the security_context of socket or NULL if error * Exceptions: NullPointerException if fileDescriptor object is NULL */ static jstring getFdCon(JNIEnv *env, jobject, jobject fileDescriptor) { return getFdConInner(env, fileDescriptor, false); } /* * Function: setFSCreateCon * Purpose: set security context used for creating a new file system object Loading Loading @@ -326,6 +347,7 @@ static const JNINativeMethod method_table[] = { { "getContext" , "()Ljava/lang/String;" , (void*)getCon }, { "getFileContext" , "(Ljava/lang/String;)Ljava/lang/String;" , (void*)getFileCon }, { "getPeerContext" , "(Ljava/io/FileDescriptor;)Ljava/lang/String;" , (void*)getPeerCon }, { "getFileContext" , "(Ljava/io/FileDescriptor;)Ljava/lang/String;" , (void*)getFdCon }, { "getPidContext" , "(I)Ljava/lang/String;" , (void*)getPidCon }, { "isSELinuxEnforced" , "()Z" , (void*)isSELinuxEnforced}, { "isSELinuxEnabled" , "()Z" , (void*)isSELinuxEnabled }, Loading Loading
core/java/android/os/SELinux.java +8 −1 Original line number Diff line number Diff line Loading @@ -18,9 +18,9 @@ package android.os; import android.util.Slog; import java.io.IOException; import java.io.File; import java.io.FileDescriptor; import java.io.IOException; /** * This class provides access to the centralized jni bindings for Loading Loading @@ -78,6 +78,13 @@ public class SELinux { */ public static final native String getPeerContext(FileDescriptor fd); /** * Get the security context of a file descriptor of a file. * @param fd FileDescriptor of a file. * @return a String representing the file descriptor security context. */ public static final native String getFileContext(FileDescriptor fd); /** * Gets the security context of the current process. * @return a String representing the security context of the current process. Loading
core/java/com/android/internal/os/BatteryStatsHelper.java +5 −0 Original line number Diff line number Diff line Loading @@ -31,6 +31,7 @@ import android.os.Parcel; import android.os.ParcelFileDescriptor; import android.os.Process; import android.os.RemoteException; import android.os.SELinux; import android.os.ServiceManager; import android.os.SystemClock; import android.os.UserHandle; Loading Loading @@ -1031,6 +1032,10 @@ public class BatteryStatsHelper { try { ParcelFileDescriptor pfd = service.getStatisticsStream(); if (pfd != null) { if (false) { Log.d(TAG, "selinux context: " + SELinux.getFileContext(pfd.getFileDescriptor())); } try (FileInputStream fis = new ParcelFileDescriptor.AutoCloseInputStream(pfd)) { byte[] data = readFully(fis, MemoryFile.getSize(pfd.getFileDescriptor())); Parcel parcel = Parcel.obtain(); Loading
core/jni/android_os_SELinux.cpp +35 −13 Original line number Diff line number Diff line Loading @@ -60,33 +60,30 @@ static jboolean isSELinuxEnforced(JNIEnv *env, jobject) { return (security_getenforce() == 1) ? true : false; } /* * Function: getPeerCon * Purpose: retrieves security context of peer socket * Parameters: * fileDescriptor: peer socket file as a FileDescriptor object * Returns: jstring representing the security_context of socket or NULL if error * Exceptions: NullPointerException if fileDescriptor object is NULL */ static jstring getPeerCon(JNIEnv *env, jobject, jobject fileDescriptor) { static jstring getFdConInner(JNIEnv *env, jobject fileDescriptor, bool isSocket) { if (isSELinuxDisabled) { return NULL; } if (fileDescriptor == NULL) { jniThrowNullPointerException(env, "Trying to check security context of a null peer socket."); "Trying to check security context of a null FileDescriptor."); return NULL; } int fd = jniGetFDFromFileDescriptor(env, fileDescriptor); if (env->ExceptionCheck()) { ALOGE("getPeerCon => getFD for %p failed", fileDescriptor); ALOGE("getFdCon => getFD for %p failed", fileDescriptor); return NULL; } security_context_t tmp = NULL; int ret = getpeercon(fd, &tmp); int ret; if (isSocket) { ret = getpeercon(fd, &tmp); } else{ ret = fgetfilecon(fd, &tmp); } Unique_SecurityContext context(tmp); ScopedLocalRef<jstring> contextStr(env, NULL); Loading @@ -94,10 +91,34 @@ static jstring getPeerCon(JNIEnv *env, jobject, jobject fileDescriptor) { contextStr.reset(env->NewStringUTF(context.get())); } ALOGV("getPeerCon(%d) => %s", fd, context.get()); ALOGV("getFdCon(%d) => %s", fd, context.get()); return contextStr.release(); } /* * Function: getPeerCon * Purpose: retrieves security context of peer socket * Parameters: * fileDescriptor: peer socket file as a FileDescriptor object * Returns: jstring representing the security_context of socket or NULL if error * Exceptions: NullPointerException if fileDescriptor object is NULL */ static jstring getPeerCon(JNIEnv *env, jobject, jobject fileDescriptor) { return getFdConInner(env, fileDescriptor, true); } /* * Function: getFdCon * Purpose: retrieves security context of a file descriptor. * Parameters: * fileDescriptor: a FileDescriptor object * Returns: jstring representing the security_context of socket or NULL if error * Exceptions: NullPointerException if fileDescriptor object is NULL */ static jstring getFdCon(JNIEnv *env, jobject, jobject fileDescriptor) { return getFdConInner(env, fileDescriptor, false); } /* * Function: setFSCreateCon * Purpose: set security context used for creating a new file system object Loading Loading @@ -326,6 +347,7 @@ static const JNINativeMethod method_table[] = { { "getContext" , "()Ljava/lang/String;" , (void*)getCon }, { "getFileContext" , "(Ljava/lang/String;)Ljava/lang/String;" , (void*)getFileCon }, { "getPeerContext" , "(Ljava/io/FileDescriptor;)Ljava/lang/String;" , (void*)getPeerCon }, { "getFileContext" , "(Ljava/io/FileDescriptor;)Ljava/lang/String;" , (void*)getFdCon }, { "getPidContext" , "(I)Ljava/lang/String;" , (void*)getPidCon }, { "isSELinuxEnforced" , "()Z" , (void*)isSELinuxEnforced}, { "isSELinuxEnabled" , "()Z" , (void*)isSELinuxEnabled }, Loading
