diff options
| author | Joman Chu <jcchu@tycho.ncsc.mil> | 2012-11-16 13:09:27 -0500 |
|---|---|---|
| committer | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-07-18 20:56:46 +0100 |
| commit | ae74c84819ce2a174d3df98d9888206938b0ebee (patch) | |
| tree | 9367007db64a5744f7966f6d18f5262df20b7c2c /api | |
| parent | 88aeb650afb72aeff6335ebfc9bfee59ed5751c8 (diff) | |
| download | frameworks_base-ae74c84819ce2a174d3df98d9888206938b0ebee.zip frameworks_base-ae74c84819ce2a174d3df98d9888206938b0ebee.tar.gz frameworks_base-ae74c84819ce2a174d3df98d9888206938b0ebee.tar.bz2 | |
Add APIs to allow Device Admins to change SELinux settings
These calls, added to the Device Admin API, will allow Device Admin apps
to change various SELinux settings, including:
* Toggling SELinux enforcing and permissive modes
* Toggle SELinux booleans
* Load a new SELinux policy file (sepolicy)
* Load new SELinux context files ({property,file,seapp}_contexts)
In order to use these APIs, a Device Admin must first request
USES_POLICY_ENFORCE_SELINUX, then become a SELinux Admin by calling
setSELinuxAdmin(). All other set* calls relevant to SELinux are guarded
by a check against whether the admin is a SELinux Admin.
Otherwise, the style of the set* calls are very similar to the other
calls setting device policy in the Device Admin API. That is, these
calls change the Admin's internal state and then call a sync method to
update the device's state to the Admin's state.
Change-Id: I01f2a9084dfe7886087b1497070b0d7f2ad8476e
Diffstat (limited to 'api')
| -rw-r--r-- | api/current.txt | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/api/current.txt b/api/current.txt index 0ff0fbc..e188121 100644 --- a/api/current.txt +++ b/api/current.txt @@ -4220,6 +4220,7 @@ package android.app.admin { field public static final int USES_ENCRYPTED_STORAGE = 7; // 0x7 field public static final int USES_POLICY_DISABLE_CAMERA = 8; // 0x8 field public static final int USES_POLICY_DISABLE_KEYGUARD_FEATURES = 9; // 0x9 + field public static final int USES_POLICY_ENFORCE_SELINUX = 10; // 0xa field public static final int USES_POLICY_EXPIRE_PASSWORD = 6; // 0x6 field public static final int USES_POLICY_FORCE_LOCK = 3; // 0x3 field public static final int USES_POLICY_LIMIT_PASSWORD = 0; // 0x0 @@ -4270,15 +4271,21 @@ package android.app.admin { method public int getPasswordMinimumSymbols(android.content.ComponentName); method public int getPasswordMinimumUpperCase(android.content.ComponentName); method public int getPasswordQuality(android.content.ComponentName); + method public java.util.List<java.lang.String> getSELinuxBooleanNames(android.content.ComponentName); + method public boolean getSELinuxBooleanValue(android.content.ComponentName, java.lang.String); + method public boolean getSELinuxEnforcing(android.content.ComponentName); method public boolean getStorageEncryption(android.content.ComponentName); method public int getStorageEncryptionStatus(); method public boolean hasGrantedPolicy(android.content.ComponentName, int); method public boolean isActivePasswordSufficient(); method public boolean isAdminActive(android.content.ComponentName); + method public boolean isCustomPolicyFile(android.content.ComponentName, int); + method public boolean isSELinuxAdmin(android.content.ComponentName); method public void lockNow(); method public void removeActiveAdmin(android.content.ComponentName); method public boolean resetPassword(java.lang.String, int); method public void setCameraDisabled(android.content.ComponentName, boolean); + method public boolean setCustomPolicyFile(android.content.ComponentName, int, byte[]); method public void setKeyguardDisabledFeatures(android.content.ComponentName, int); method public void setMaximumFailedPasswordsForWipe(android.content.ComponentName, int); method public void setMaximumTimeToLock(android.content.ComponentName, long); @@ -4292,6 +4299,9 @@ package android.app.admin { method public void setPasswordMinimumSymbols(android.content.ComponentName, int); method public void setPasswordMinimumUpperCase(android.content.ComponentName, int); method public void setPasswordQuality(android.content.ComponentName, int); + method public boolean setSELinuxAdmin(android.content.ComponentName, boolean); + method public boolean setSELinuxBooleanValue(android.content.ComponentName, java.lang.String, boolean); + method public boolean setSELinuxEnforcing(android.content.ComponentName, boolean); method public int setStorageEncryption(android.content.ComponentName, boolean); method public void wipeData(int); field public static final java.lang.String ACTION_ADD_DEVICE_ADMIN = "android.app.action.ADD_DEVICE_ADMIN"; @@ -4315,6 +4325,11 @@ package android.app.admin { field public static final int PASSWORD_QUALITY_SOMETHING = 65536; // 0x10000 field public static final int PASSWORD_QUALITY_UNSPECIFIED = 0; // 0x0 field public static final int RESET_PASSWORD_REQUIRE_ENTRY = 1; // 0x1 + field public static final int SEPOLICY_FILE_COUNT = 4; // 0x4 + field public static final int SEPOLICY_FILE_FILECTXS = 2; // 0x2 + field public static final int SEPOLICY_FILE_PROPCTXS = 1; // 0x1 + field public static final int SEPOLICY_FILE_SEAPPCTXS = 3; // 0x3 + field public static final int SEPOLICY_FILE_SEPOLICY = 0; // 0x0 field public static final int WIPE_EXTERNAL_STORAGE = 1; // 0x1 } |