Merge "Add hidden API to get vendor genfs version" into main am: e459c45992 (f39da314) · Commits · e / os / android_frameworks_base

core/java/android/os/SELinux.java

+27 −0

Original line number	Diff line number	Diff line
		@@ -193,4 +193,31 @@ public class SELinux {
		return false;
		}
		}

		/**
		* Gets the genfs labels version of the vendor. The genfs labels version is
		* specified in {@code /vendor/etc/selinux/genfs_labels_version.txt}. The
		* version follows the VINTF version format "YYYYMM" and affects how {@code
		* genfs_contexts} entries are applied.
		*
		* <p>The genfs labels version indicates changes in the SELinux labeling
		* scheme over time. For example:
		* <ul>
		* <li>For version 202504 and later, {@code /sys/class/udc} is labeled as
		* {@code sysfs_udc}.
		* <li>For version 202404 and earlier, {@code /sys/class/udc} is labeled
		* as {@code sysfs}.
		* </ul>
		* Check {@code /system/etc/selinux/plat_sepolicy_genfs_{version}.cil} to
		* see which labels are new in {version}.
		*
		* <p>Older vendors may override {@code genfs_contexts} with vendor-specific
		* extensions. The framework must not break such labellings to maintain
		* compatibility with such vendors, by checking the genfs labels version and
		* implementing a fallback mechanism.
		*
		* @return an integer representing the genfs labels version of /vendor, in
		* the format YYYYMM.
		*/
		public static final native int getGenfsLabelsVersion();
		}

core/jni/Android.bp

+1 −0

Original line number	Diff line number	Diff line
		@@ -290,6 +290,7 @@ cc_library_shared_for_libandroid_runtime {
		"libasync_safe",
		"libbinderthreadstateutils",
		"libdmabufinfo",
		"libgenfslabelsversion.ffi",
		"libgui_window_info_static",
		"libkernelconfigs",
		"libnativehelper_lazy",

core/jni/android_os_SELinux.cpp

+22 −8

Original line number	Diff line number	Diff line
		@@ -18,18 +18,19 @@

		#include <errno.h>
		#include <fcntl.h>

		#include <genfslabelsversion.h>
		#include <nativehelper/JNIPlatformHelp.h>
		#include <nativehelper/ScopedLocalRef.h>
		#include <nativehelper/ScopedUtfChars.h>
		#include <utils/Log.h>

		#include <nativehelper/JNIPlatformHelp.h>
		#include "jni.h"
		#include <atomic>
		#include <memory>

		#include "core_jni_helpers.h"
		#include "selinux/selinux.h"
		#include "jni.h"
		#include "selinux/android.h"
		#include <memory>
		#include <atomic>
		#include <nativehelper/ScopedLocalRef.h>
		#include <nativehelper/ScopedUtfChars.h>
		#include "selinux/selinux.h"

		namespace android {
		namespace {
		@@ -403,9 +404,20 @@ static jboolean native_restorecon(JNIEnv *env, jobject, jstring pathnameStr, jin
		return (ret == 0);
		}

		/*
		* Function: getGenfsLabelsVersion
		* Purpose: get which genfs labels version /vendor uses
		* Returns: int: genfs labels version of /vendor
		* Exceptions: none
		*/
		static jint getGenfsLabelsVersion(JNIEnv *, jclass) {
		return get_genfs_labels_version();
		}

		/*
		* JNI registration.
		*/
		// clang-format off
		static const JNINativeMethod method_table[] = {
		/* name, signature, funcPtr */
		{ "checkSELinuxAccess" , "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Z" , (void*)checkSELinuxAccess },
		@@ -420,7 +432,9 @@ static const JNINativeMethod method_table[] = {
		{ "setFileContext" , "(Ljava/lang/String;Ljava/lang/String;)Z" , (void*)setFileCon },
		{ "setFSCreateContext" , "(Ljava/lang/String;)Z" , (void*)setFSCreateCon },
		{ "fileSelabelLookup" , "(Ljava/lang/String;)Ljava/lang/String;" , (void*)fileSelabelLookup},
		{ "getGenfsLabelsVersion" , "()I" , (void *)getGenfsLabelsVersion},
		};
		// clang-format on

		static int log_callback(int type, const char *fmt, ...) {
		va_list ap;