Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ae74c848 authored by Joman Chu's avatar Joman Chu Committed by Ricardo Cerqueira
Browse files

Add APIs to allow Device Admins to change SELinux settings 

These calls, added to the Device Admin API, will allow Device Admin apps
to change various SELinux settings, including:
* Toggling SELinux enforcing and permissive modes
* Toggle SELinux booleans
* Load a new SELinux policy file (sepolicy)
* Load new SELinux context files ({property,file,seapp}_contexts)

In order to use these APIs, a Device Admin must first request
USES_POLICY_ENFORCE_SELINUX, then become a SELinux Admin by calling
setSELinuxAdmin(). All other set* calls relevant to SELinux are guarded
by a check against whether the admin is a SELinux Admin.

Otherwise, the style of the set* calls are very similar to the other
calls setting device policy in the Device Admin API. That is, these
calls change the Admin's internal state and then call a sync method to
update the device's state to the Admin's state.

Change-Id: I01f2a9084dfe7886087b1497070b0d7f2ad8476e
parent 88aeb650
Expand all Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment