diff options
| author | William Roberts <w.roberts@sta.samsung.com> | 2013-01-23 14:07:08 -0800 |
|---|---|---|
| committer | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-07-18 21:02:23 +0100 |
| commit | a5dfcb45325904879fc3859f3c654469481b5e0a (patch) | |
| tree | 56506414fde276e462c2bf46eecd3184de7be27e /core | |
| parent | 81a56239791c6d8d686171fb51438a82eaf8b9e1 (diff) | |
| download | frameworks_base-a5dfcb45325904879fc3859f3c654469481b5e0a.zip frameworks_base-a5dfcb45325904879fc3859f3c654469481b5e0a.tar.gz frameworks_base-a5dfcb45325904879fc3859f3c654469481b5e0a.tar.bz2 | |
Update location of policy files
The location of policy files has changed from
/data/system to /data/security.
Also, a name change to mmac enforcing property
name to place it under persist.mmac. namesepace.
Adds api's for getting and setting the MMAC
enforcing mode.
Change-Id: I0e9468fe651cd6ec018d5c85d35d693e55479e89
Diffstat (limited to 'core')
| -rw-r--r-- | core/java/android/content/pm/SELinuxMMAC.java | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/core/java/android/content/pm/SELinuxMMAC.java b/core/java/android/content/pm/SELinuxMMAC.java index 38f19b6..5b85adb 100644 --- a/core/java/android/content/pm/SELinuxMMAC.java +++ b/core/java/android/content/pm/SELinuxMMAC.java @@ -49,7 +49,7 @@ public final class SELinuxMMAC { private static final String TAG = "SELinuxMMAC"; private static final String MMAC_DENY = "MMAC_DENIAL:"; - + private static final String MMAC_ENFORCE_PROPERTY = "persist.mmac.enforce"; private static final boolean DEBUG_POLICY = true; private static final boolean DEBUG_POLICY_INSTALL = DEBUG_POLICY || false; @@ -63,7 +63,7 @@ public final class SELinuxMMAC { // Locations of potential install policy files. private static final File[] INSTALL_POLICY_FILE = { - new File(Environment.getDataDirectory(), "system/mac_permissions.xml"), + new File(Environment.getDataDirectory(), "security/mac_permissions.xml"), new File(Environment.getRootDirectory(), "etc/security/mac_permissions.xml"), null}; @@ -83,6 +83,23 @@ public final class SELinuxMMAC { } /** + * Returns the current status of MMAC enforcing mode. + * @param none + * @return boolean indicating whether or not the device is in enforcing mode. + */ + public static boolean getEnforcingMode() { + return SystemProperties.getBoolean(MMAC_ENFORCE_PROPERTY, false); + } + + /** + * Returns the current status of MMAC enforcing mode. + * @param boolean value to set the enforcing state too. + */ + public static void setEnforcingMode(boolean value) { + SystemProperties.set(MMAC_ENFORCE_PROPERTY, value ? "1" : "0"); + } + + /** * Parses an MMAC install policy given as an argument. * @param File object representing the path of the policy. * @return boolean indicating whether the install policy was correctly parsed. @@ -113,7 +130,7 @@ public final class SELinuxMMAC { Slog.d(TAG, "MMAC install enabled using file " + policyFiles[i].getPath()); - boolean enforcing = SystemProperties.getBoolean("persist.mac_enforcing_mode", false); + boolean enforcing = getEnforcingMode(); String mode = enforcing ? "enforcing" : "permissive"; Slog.d(TAG, "MMAC install starting in " + mode + " mode."); |