summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--cmds/installd/Android.mk9
-rw-r--r--cmds/installd/commands.c20
-rw-r--r--core/jni/Android.mk7
-rw-r--r--core/jni/android_os_SELinux.cpp57
4 files changed, 9 insertions, 84 deletions
diff --git a/cmds/installd/Android.mk b/cmds/installd/Android.mk
index 3e722ea..1dd4ee5 100644
--- a/cmds/installd/Android.mk
+++ b/cmds/installd/Android.mk
@@ -29,17 +29,12 @@ LOCAL_SRC_FILES := \
$(common_src_files)
LOCAL_SHARED_LIBRARIES := \
- libcutils
+ libcutils \
+ libselinux
LOCAL_STATIC_LIBRARIES := \
libdiskusage
-ifeq ($(HAVE_SELINUX),true)
-LOCAL_C_INCLUDES += external/libselinux/include
-LOCAL_SHARED_LIBRARIES += libselinux
-LOCAL_CFLAGS := -DHAVE_SELINUX
-endif # HAVE_SELINUX
-
LOCAL_MODULE := installd
LOCAL_MODULE_TAGS := optional
diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c
index a276225..902463d 100644
--- a/cmds/installd/commands.c
+++ b/cmds/installd/commands.c
@@ -17,10 +17,7 @@
#include <linux/capability.h>
#include "installd.h"
#include <diskusage/dirsize.h>
-
-#ifdef HAVE_SELINUX
#include <selinux/android.h>
-#endif
/* Directory records that are used in execution of commands. */
dir_rec_t android_data_dir;
@@ -74,14 +71,12 @@ int install(const char *pkgname, uid_t uid, gid_t gid)
return -1;
}
-#ifdef HAVE_SELINUX
- if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) {
- ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
+ if (selinux_android_setfilecon(libdir, pkgname, uid) < 0) {
+ ALOGE("cannot setfilecon dir '%s': %s\n", libdir, strerror(errno));
unlink(libsymlink);
unlink(pkgdir);
return -1;
}
-#endif
if (chown(pkgdir, uid, gid) < 0) {
ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
@@ -186,19 +181,16 @@ int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
unlink(pkgdir);
return -errno;
}
- if (chown(pkgdir, uid, uid) < 0) {
- ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
+ if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) {
+ ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
unlink(pkgdir);
return -errno;
}
-
-#ifdef HAVE_SELINUX
- if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) {
- ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
+ if (chown(pkgdir, uid, uid) < 0) {
+ ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
unlink(pkgdir);
return -errno;
}
-#endif
return 0;
}
diff --git a/core/jni/Android.mk b/core/jni/Android.mk
index 3ca085b..b159ced 100644
--- a/core/jni/Android.mk
+++ b/core/jni/Android.mk
@@ -200,6 +200,7 @@ LOCAL_SHARED_LIBRARIES := \
libETC1 \
libhardware \
libhardware_legacy \
+ libselinux \
libsonivox \
libcrypto \
libssl \
@@ -213,12 +214,6 @@ LOCAL_SHARED_LIBRARIES := \
libharfbuzz \
libz
-ifeq ($(HAVE_SELINUX),true)
-LOCAL_C_INCLUDES += external/libselinux/include
-LOCAL_SHARED_LIBRARIES += libselinux
-LOCAL_CFLAGS += -DHAVE_SELINUX
-endif # HAVE_SELINUX
-
ifeq ($(USE_OPENGL_RENDERER),true)
LOCAL_SHARED_LIBRARIES += libhwui
endif
diff --git a/core/jni/android_os_SELinux.cpp b/core/jni/android_os_SELinux.cpp
index e813c38..b12fdfc 100644
--- a/core/jni/android_os_SELinux.cpp
+++ b/core/jni/android_os_SELinux.cpp
@@ -20,10 +20,8 @@
#include "JNIHelp.h"
#include "jni.h"
#include "android_runtime/AndroidRuntime.h"
-#ifdef HAVE_SELINUX
#include "selinux/selinux.h"
#include "selinux/android.h"
-#endif
#include <errno.h>
namespace android {
@@ -56,11 +54,7 @@ namespace android {
* Exceptions: none
*/
static jboolean isSELinuxEnforced(JNIEnv *env, jobject clazz) {
-#ifdef HAVE_SELINUX
return (security_getenforce() == 1) ? true : false;
-#else
- return false;
-#endif
}
/*
@@ -71,16 +65,12 @@ namespace android {
* Exceptions: none
*/
static jboolean setSELinuxEnforce(JNIEnv *env, jobject clazz, jboolean value) {
-#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return false;
int enforce = (value) ? 1 : 0;
return (security_setenforce(enforce) != -1) ? true : false;
-#else
- return false;
-#endif
}
/*
@@ -92,7 +82,6 @@ namespace android {
* Exceptions: NullPointerException if fileDescriptor object is NULL
*/
static jstring getPeerCon(JNIEnv *env, jobject clazz, jobject fileDescriptor) {
-#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return NULL;
@@ -123,9 +112,6 @@ namespace android {
freecon(context);
return securityString;
-#else
- return NULL;
-#endif
}
/*
@@ -138,7 +124,6 @@ namespace android {
* Exception: none
*/
static jboolean setFSCreateCon(JNIEnv *env, jobject clazz, jstring context) {
-#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return false;
@@ -163,9 +148,6 @@ namespace android {
env->ReleaseStringUTFChars(context, constant_securityContext);
return (ret == 0) ? true : false;
-#else
- return false;
-#endif
}
/*
@@ -178,7 +160,6 @@ namespace android {
* Exception: NullPointerException is thrown if either path or context strign are NULL
*/
static jboolean setFileCon(JNIEnv *env, jobject clazz, jstring path, jstring con) {
-#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return false;
@@ -208,9 +189,6 @@ namespace android {
env->ReleaseStringUTFChars(path, objectPath);
env->ReleaseStringUTFChars(con, constant_con);
return (ret == 0) ? true : false;
-#else
- return false;
-#endif
}
/*
@@ -224,7 +202,6 @@ namespace android {
* Exceptions: NullPointerException if the path object is null
*/
static jstring getFileCon(JNIEnv *env, jobject clazz, jstring path) {
-#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return NULL;
@@ -252,9 +229,6 @@ namespace android {
env->ReleaseStringUTFChars(path, objectPath);
return securityString;
-#else
- return NULL;
-#endif
}
/*
@@ -266,7 +240,6 @@ namespace android {
* Exceptions: none
*/
static jstring getCon(JNIEnv *env, jobject clazz) {
-#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return NULL;
@@ -285,9 +258,6 @@ namespace android {
freecon(context);
return securityString;
-#else
- return NULL;
-#endif
}
/*
@@ -300,7 +270,6 @@ namespace android {
* Exceptions: none
*/
static jstring getPidCon(JNIEnv *env, jobject clazz, jint pid) {
-#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return NULL;
@@ -321,9 +290,6 @@ namespace android {
freecon(context);
return securityString;
-#else
- return NULL;
-#endif
}
/*
@@ -335,7 +301,6 @@ namespace android {
* Exceptions: None
*/
static jobjectArray getBooleanNames(JNIEnv *env, JNIEnv clazz) {
-#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return NULL;
@@ -359,9 +324,6 @@ namespace android {
free(list);
return stringArray;
-#else
- return NULL;
-#endif
}
/*
@@ -373,7 +335,6 @@ namespace android {
* Exceptions: None
*/
static jboolean getBooleanValue(JNIEnv *env, jobject clazz, jstring name) {
-#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return false;
@@ -386,9 +347,6 @@ namespace android {
ret = security_get_boolean_active(boolean_name);
env->ReleaseStringUTFChars(name, boolean_name);
return (ret == 1) ? true : false;
-#else
- return false;
-#endif
}
/*
@@ -401,7 +359,6 @@ namespace android {
* Exceptions: None
*/
static jboolean setBooleanValue(JNIEnv *env, jobject clazz, jstring name, jboolean value) {
-#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return false;
@@ -420,9 +377,6 @@ namespace android {
return false;
return true;
-#else
- return false;
-#endif
}
/*
@@ -436,7 +390,6 @@ namespace android {
* Exceptions: None
*/
static jboolean checkSELinuxAccess(JNIEnv *env, jobject clazz, jstring scon, jstring tcon, jstring tclass, jstring perm) {
-#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return true;
@@ -468,10 +421,6 @@ namespace android {
bail:
return (accessGranted == 0) ? true : false;
-
-#else
- return true;
-#endif
}
/*
@@ -482,7 +431,6 @@ namespace android {
* Exceptions: none
*/
static jboolean native_restorecon(JNIEnv *env, jobject clazz, jstring pathname) {
-#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return true;
@@ -490,9 +438,6 @@ namespace android {
int ret = selinux_android_restorecon(file);
env->ReleaseStringUTFChars(pathname, file);
return (ret == 0);
-#else
- return true;
-#endif
}
/*
@@ -526,14 +471,12 @@ namespace android {
}
int register_android_os_SELinux(JNIEnv *env) {
-#ifdef HAVE_SELINUX
union selinux_callback cb;
cb.func_log = log_callback;
selinux_set_callback(SELINUX_CB_LOG, cb);
isSELinuxDisabled = (is_selinux_enabled() != 1) ? true : false;
-#endif
return AndroidRuntime::registerNativeMethods(
env, "android/os/SELinux",
method_table, NELEM(method_table));