diff options
author | Nick Kralevich <nnk@google.com> | 2015-03-13 18:02:46 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2015-03-13 18:02:47 +0000 |
commit | 30fcd2aa8a87ca97e1d6dbc3203c3a485a56dac9 (patch) | |
tree | 313f7f7130b7cb38be750f88c861c4a2f495b372 | |
parent | f1654c6015dbf30b7dae3575d787ca141ae84028 (diff) | |
parent | 16d1cce8ffe632c1283375beb4c82c67c43e13dd (diff) | |
download | frameworks_base-30fcd2aa8a87ca97e1d6dbc3203c3a485a56dac9.zip frameworks_base-30fcd2aa8a87ca97e1d6dbc3203c3a485a56dac9.tar.gz frameworks_base-30fcd2aa8a87ca97e1d6dbc3203c3a485a56dac9.tar.bz2 |
Merge "Drop unusable SELinux APIs."
-rw-r--r-- | core/java/android/os/SELinux.java | 28 | ||||
-rw-r--r-- | core/jni/android_os_SELinux.cpp | 107 |
2 files changed, 0 insertions, 135 deletions
diff --git a/core/java/android/os/SELinux.java b/core/java/android/os/SELinux.java index 84aa427..2773da5 100644 --- a/core/java/android/os/SELinux.java +++ b/core/java/android/os/SELinux.java @@ -50,13 +50,6 @@ public class SELinux { public static final native boolean isSELinuxEnforced(); /** - * Set whether SELinux is permissive or enforcing. - * @param value representing whether to set SELinux to enforcing - * @return a boolean representing whether the desired mode was set - */ - public static final native boolean setSELinuxEnforce(boolean value); - - /** * Sets the security context for newly created file objects. * @param context a security context given as a String. * @return a boolean indicating whether the operation succeeded. @@ -99,27 +92,6 @@ public class SELinux { public static final native String getPidContext(int pid); /** - * Gets a list of the SELinux boolean names. - * @return an array of strings containing the SELinux boolean names. - */ - public static final native String[] getBooleanNames(); - - /** - * Gets the value for the given SELinux boolean name. - * @param name The name of the SELinux boolean. - * @return a boolean indicating whether the SELinux boolean is set. - */ - public static final native boolean getBooleanValue(String name); - - /** - * Sets the value for the given SELinux boolean name. - * @param name The name of the SELinux boolean. - * @param value The new value of the SELinux boolean. - * @return a boolean indicating whether or not the operation succeeded. - */ - public static final native boolean setBooleanValue(String name, boolean value); - - /** * Check permissions between two security contexts. * @param scon The source or subject security context. * @param tcon The target or object security context. diff --git a/core/jni/android_os_SELinux.cpp b/core/jni/android_os_SELinux.cpp index 136e758..762b88f 100644 --- a/core/jni/android_os_SELinux.cpp +++ b/core/jni/android_os_SELinux.cpp @@ -61,23 +61,6 @@ static jboolean isSELinuxEnforced(JNIEnv *env, jobject) { } /* - * Function: setSELinuxEnforce - * Purpose: set the SE Linux enforcing mode - * Parameters: true (enforcing) or false (permissive) - * Return value: true (success) or false (fail) - * Exceptions: none - */ -static jboolean setSELinuxEnforce(JNIEnv *env, jobject, jboolean value) { - if (isSELinuxDisabled) { - return false; - } - - int enforce = value ? 1 : 0; - - return (security_setenforce(enforce) != -1) ? true : false; -} - -/* * Function: getPeerCon * Purpose: retrieves security context of peer socket * Parameters: @@ -265,92 +248,6 @@ static jstring getPidCon(JNIEnv *env, jobject, jint pid) { } /* - * Function: getBooleanNames - * Purpose: Gets a list of the SELinux boolean names. - * Parameters: None - * Returns: an array of strings containing the SELinux boolean names. - * returns NULL string on error - * Exceptions: None - */ -static jobjectArray getBooleanNames(JNIEnv *env, JNIEnv) { - if (isSELinuxDisabled) { - return NULL; - } - - char **list; - int len; - if (security_get_boolean_names(&list, &len) == -1) { - return NULL; - } - - jclass stringClass = env->FindClass("java/lang/String"); - jobjectArray stringArray = env->NewObjectArray(len, stringClass, NULL); - for (int i = 0; i < len; i++) { - ScopedLocalRef<jstring> obj(env, env->NewStringUTF(list[i])); - env->SetObjectArrayElement(stringArray, i, obj.get()); - free(list[i]); - } - free(list); - - return stringArray; -} - -/* - * Function: getBooleanValue - * Purpose: Gets the value for the given SELinux boolean name. - * Parameters: - * String: The name of the SELinux boolean. - * Returns: a boolean: (true) boolean is set or (false) it is not. - * Exceptions: None - */ -static jboolean getBooleanValue(JNIEnv *env, jobject, jstring nameStr) { - if (isSELinuxDisabled) { - return false; - } - - if (nameStr == NULL) { - return false; - } - - ScopedUtfChars name(env, nameStr); - int ret = security_get_boolean_active(name.c_str()); - - ALOGV("getBooleanValue(%s) => %d", name.c_str(), ret); - return (ret == 1) ? true : false; -} - -/* - * Function: setBooleanNames - * Purpose: Sets the value for the given SELinux boolean name. - * Parameters: - * String: The name of the SELinux boolean. - * Boolean: The new value of the SELinux boolean. - * Returns: a boolean indicating whether or not the operation succeeded. - * Exceptions: None - */ -static jboolean setBooleanValue(JNIEnv *env, jobject, jstring nameStr, jboolean value) { - if (isSELinuxDisabled) { - return false; - } - - if (nameStr == NULL) { - return false; - } - - ScopedUtfChars name(env, nameStr); - int ret = security_set_boolean(name.c_str(), value ? 1 : 0); - if (ret) { - return false; - } - - if (security_commit_booleans() == -1) { - return false; - } - - return true; -} - -/* * Function: checkSELinuxAccess * Purpose: Check permissions between two security contexts. * Parameters: subjectContextStr: subject security context as a string @@ -426,8 +323,6 @@ static jboolean native_restorecon(JNIEnv *env, jobject, jstring pathnameStr, jin static JNINativeMethod method_table[] = { /* name, signature, funcPtr */ { "checkSELinuxAccess" , "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Z" , (void*)checkSELinuxAccess }, - { "getBooleanNames" , "()[Ljava/lang/String;" , (void*)getBooleanNames }, - { "getBooleanValue" , "(Ljava/lang/String;)Z" , (void*)getBooleanValue }, { "getContext" , "()Ljava/lang/String;" , (void*)getCon }, { "getFileContext" , "(Ljava/lang/String;)Ljava/lang/String;" , (void*)getFileCon }, { "getPeerContext" , "(Ljava/io/FileDescriptor;)Ljava/lang/String;" , (void*)getPeerCon }, @@ -435,10 +330,8 @@ static JNINativeMethod method_table[] = { { "isSELinuxEnforced" , "()Z" , (void*)isSELinuxEnforced}, { "isSELinuxEnabled" , "()Z" , (void*)isSELinuxEnabled }, { "native_restorecon" , "(Ljava/lang/String;I)Z" , (void*)native_restorecon}, - { "setBooleanValue" , "(Ljava/lang/String;Z)Z" , (void*)setBooleanValue }, { "setFileContext" , "(Ljava/lang/String;Ljava/lang/String;)Z" , (void*)setFileCon }, { "setFSCreateContext" , "(Ljava/lang/String;)Z" , (void*)setFSCreateCon }, - { "setSELinuxEnforce" , "(Z)Z" , (void*)setSELinuxEnforce}, }; static int log_callback(int type, const char *fmt, ...) { |